{"version":"https://jsonfeed.org/version/1","title":"BSD Now","home_page_url":"https://www.bsdnow.tv","feed_url":"https://www.bsdnow.tv/json","description":"Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros.\r\n\r\nThe show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day. ","_fireside":{"subtitle":"A weekly podcast and the place to B...SD","pubdate":"2025-12-18T10:00:00.000-05:00","explicit":false,"copyright":"CC Attribution + Noncommercial + ShareAlike (BY-NC-SA) by JT Pennington","owner":"JT Pennington","image":"https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"},"items":[{"id":"2615a8d2-831a-4ec6-b20b-69cb71bbe763","title":"642: Look Harder","url":"https://www.bsdnow.tv/642","content_text":"NOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nIs DWPD Still a Useful SSD Spec?\n\n\n\nMoving From Windows To FreeBSD As The Linux Chaos Alternative\n\n\n\nComputer Chronicles Revisited 131 - Open Look, OSF/Motif, Macintosh IIcx and A/UX -  Submitted by listener S.M. Oliva\n\n\n\nNews Roundup\n\nWe haven't seen ZFS checksum failures for a couple of years\n\n\n\nUsing FreeBSD to make self-hosting fun again\n\n\n\nThe usability of open source operating systems\n\n\n\nPhoenix AZ timezone issue\n\n\n\nThe only existing copy of UNIX v4\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n\n\nIs DWPD Still a Useful SSD Spec?\n\n\n\nMoving From Windows To FreeBSD As The Linux Chaos Alternative\n\n\n\nComputer Chronicles Revisited 131 - Open Look, OSF/Motif, Macintosh IIcx and A/UX -  Submitted by listener S.M. Oliva\n\n\n\nNews Roundup\n\nWe haven't seen ZFS checksum failures for a couple of years\n\n\n\nUsing FreeBSD to make self-hosting fun again\n\n\n\nThe usability of open source operating systems\n\n\n\nPhoenix AZ timezone issue\n\n\n\nThe only existing copy of UNIX v4\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/is-dwpd-still-useful-ssd-spec/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eIs DWPD Still a Useful SSD Spec?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://hackaday.com/2025/11/11/moving-from-windows-to-freebsd-as-the-linux-chaos-alternative/\" rel=\"nofollow\"\u003eMoving From Windows To FreeBSD As The Linux Chaos Alternative\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://computerchronicles.blog/post/computer-chronicles-revisited-131-open-look-osf-motif-macintosh-iicx-aux/\" rel=\"nofollow\"\u003eComputer Chronicles Revisited 131 - Open Look, OSF/Motif, Macintosh IIcx and A/UX\u003c/a\u003e -  Submitted by listener S.M. Oliva\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSOurRareChecksumFailuresII\" rel=\"nofollow\"\u003eWe haven\u0026#39;t seen ZFS checksum failures for a couple of years\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jsteuernagel.de/posts/using-freebsd-to-make-self-hosting-fun-again/\" rel=\"nofollow\"\u003eUsing FreeBSD to make self-hosting fun again\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://posixcafe.org/blogs/2025/11/24/0/\" rel=\"nofollow\"\u003eThe usability of open source operating systems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.iana.org/hyperkitty/list/tz@iana.org/thread/JZTH2RBARV4YFNTNFAXBGOACAN65JPIX/\" rel=\"nofollow\"\u003ePhoenix AZ timezone issue\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://oldbytes.space/@bitsavers/115505135441862982\" rel=\"nofollow\"\u003eThe only existing copy of UNIX v4\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/is-dwpd-still-useful-ssd-spec/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eIs DWPD Still a Useful SSD Spec?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://hackaday.com/2025/11/11/moving-from-windows-to-freebsd-as-the-linux-chaos-alternative/\" rel=\"nofollow\"\u003eMoving From Windows To FreeBSD As The Linux Chaos Alternative\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://computerchronicles.blog/post/computer-chronicles-revisited-131-open-look-osf-motif-macintosh-iicx-aux/\" rel=\"nofollow\"\u003eComputer Chronicles Revisited 131 - Open Look, OSF/Motif, Macintosh IIcx and A/UX\u003c/a\u003e -  Submitted by listener S.M. Oliva\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSOurRareChecksumFailuresII\" rel=\"nofollow\"\u003eWe haven\u0026#39;t seen ZFS checksum failures for a couple of years\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jsteuernagel.de/posts/using-freebsd-to-make-self-hosting-fun-again/\" rel=\"nofollow\"\u003eUsing FreeBSD to make self-hosting fun again\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://posixcafe.org/blogs/2025/11/24/0/\" rel=\"nofollow\"\u003eThe usability of open source operating systems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.iana.org/hyperkitty/list/tz@iana.org/thread/JZTH2RBARV4YFNTNFAXBGOACAN65JPIX/\" rel=\"nofollow\"\u003ePhoenix AZ timezone issue\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://oldbytes.space/@bitsavers/115505135441862982\" rel=\"nofollow\"\u003eThe only existing copy of UNIX v4\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"DWPD, Moving from Windows to FreeBSD, Computer Chronicles revisited, ZFs checksums, and more ...","date_published":"2025-12-18T10:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2615a8d2-831a-4ec6-b20b-69cb71bbe763.mp3","mime_type":"audio/mpeg","size_in_bytes":74003712,"duration_in_seconds":4625}]},{"id":"3bf79b4d-817f-40a1-bcc7-73de9e2ba74c","title":"641: Open to Free","url":"https://www.bsdnow.tv/641","content_text":"FreeBSD 15 release, moving from OpenBSD to FreeBSD, ZFS Boot Environments explained, and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWelcome to the world FreeBSD 15.0-RELEASE Announcement and Release Notes\n\n\n\nWe're (now) moving from OpenBSD to FreeBSD for Firewalls - Submitted by listener Gary\n\nNews Roundup\n\nZFS Boot Environments Explained\n\n\n\nWhy I (still) love Linux\n\n\n\nrocinante - A configuration management tool by the BastilleBSD team\n\n\n\nA Grown-up ZFS Data Corruption Bug and YouTube\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nClaudio - A Silent Reflection\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD 15 release, moving from OpenBSD to FreeBSD, ZFS Boot Environments explained, and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003eWelcome to the world FreeBSD 15.0-RELEASE \u003ca href=\"https://www.freebsd.org/releases/15.0R/announce/\" rel=\"nofollow\"\u003eAnnouncement\u003c/a\u003e and \u003ca href=\"https://www.freebsd.org/releases/15.0R/relnotes/\" rel=\"nofollow\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/OpenBSDToFreeBSDMove\" rel=\"nofollow\"\u003eWe\u0026#39;re (now) moving from OpenBSD to FreeBSD for Firewalls\u003c/a\u003e - Submitted by listener Gary\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://vermaden.wordpress.com/2025/11/25/zfs-boot-environments-explained/\" rel=\"nofollow\"\u003eZFS Boot Environments Explained\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2025/11/24/why-i-still-love-linux/\" rel=\"nofollow\"\u003eWhy I (still) love Linux\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BastilleBSD/rocinante\" rel=\"nofollow\"\u003erocinante - A configuration management tool by the BastilleBSD team\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/oxidecomputer/oxide-and-friends/blob/master/2025_11_24.md\" rel=\"nofollow\"\u003eA Grown-up ZFS Data Corruption Bug\u003c/a\u003e and \u003ca href=\"https://www.youtube.com/watch?v=srKYxF66A0c\" rel=\"nofollow\"\u003eYouTube\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/641/feedback/Claudio%20-%20Reflection.md\" rel=\"nofollow\"\u003eClaudio - A Silent Reflection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD 15 release, moving from OpenBSD to FreeBSD, ZFS Boot Environments explained, and more...","date_published":"2025-12-11T11:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3bf79b4d-817f-40a1-bcc7-73de9e2ba74c.mp3","mime_type":"audio/mpeg","size_in_bytes":53275776,"duration_in_seconds":3329}]},{"id":"1d2c509f-a511-47cb-ac2b-7ee57373dc6e","title":"640: Cleaning up Hammer","url":"https://www.bsdnow.tv/640","content_text":"FreeBSD is an OCI runtime, ZFS Disaster Recovery, Cleaning up Hammer, and some historical information, and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Officially Supported in OCI Runtime Specification v1.3\n\n\n\nZFS Enabled Disaster Recovery for Virtualization\n\nNews Roundup\n\nHow I think OpenZFS's 'written' and 'written@' dataset properties work\n\n\n\nMake sure your Hammer cleanup cleans up\n\n\n\n[TUHS] David C Brock of CHM: 2024 oral history with Ken Thompson + Doug McIlroy\n\n\n\nSpecial Issue “Celebrating 60 Years of ELIZA? Critical Pasts and Futures of AI”\n\n\n\nSource and state limiters introduced in pf\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nGöran - grafana\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD is an OCI runtime, ZFS Disaster Recovery, Cleaning up Hammer, and some historical information, and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-officially-supported-in-oci-runtime-specification-v1-3\" rel=\"nofollow\"\u003eFreeBSD Officially Supported in OCI Runtime Specification v1.3\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-enabled-disaster-recovery-virtualization?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eZFS Enabled Disaster Recovery for Virtualization\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSWrittenPropertyHowItWorks\" rel=\"nofollow\"\u003eHow I think OpenZFS\u0026#39;s \u0026#39;written\u0026#39; and \u0026#39;written@\u003csnap\u003e\u0026#39; dataset properties work\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2025/11/13/make-sure-your-hammer-cleanup-cleans-up\" rel=\"nofollow\"\u003eMake sure your Hammer cleanup cleans up\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2025-November/032751.html\" rel=\"nofollow\"\u003e[TUHS] David C Brock of CHM: 2024 oral history with Ken Thompson + Doug McIlroy\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://ojs.weizenbaum-institut.de/index.php/wjds/announcement/view/8\" rel=\"nofollow\"\u003eSpecial Issue “Celebrating 60 Years of ELIZA? Critical Pasts and Futures of AI”\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20251112132639\" rel=\"nofollow\"\u003eSource and state limiters introduced in pf\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/640/feedback/G%C3%B6ran%20-%20grafana.md\" rel=\"nofollow\"\u003eGöran - grafana\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD is an OCI runtime, ZFS Disaster Recovery, Cleaning up Hammer, and some historical information, and more...","date_published":"2025-12-04T09:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1d2c509f-a511-47cb-ac2b-7ee57373dc6e.mp3","mime_type":"audio/mpeg","size_in_bytes":34664448,"duration_in_seconds":2166}]},{"id":"60c20296-3ef2-4105-ae81-5d6f29044152","title":"639: Reproducible Builds","url":"https://www.bsdnow.tv/639","content_text":"Reproducible builds, Highly available ZFS Pools, Self Hosting on a Framework Laptop, and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD now builds reproducibly and without root privilege\n\n\n\nHow to Set Up a Highly Available ZFS Pool Using Mirroring and iSCSI\n\n\n\nNews Roundup\n\nSelf hosting 10TB in S3 on a framework laptop + disks\n\n\n\nCrucial FreeBSD Toolkit\n\n\n\nSome notes on OpenZFS's 'written' dataset property\n\n\n\nvi improvements on Dragonfly\n\n\n\nBig news for small /usr partitions\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nPatrick - Feedback\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eReproducible builds, Highly available ZFS Pools, Self Hosting on a Framework Laptop, and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-now-builds-reproducibly-and-without-root-privilege\" rel=\"nofollow\"\u003eFreeBSD now builds reproducibly and without root privilege\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/highly-available-zfs-pool-setup-with-iscsi-mirroring?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eHow to Set Up a Highly Available ZFS Pool Using Mirroring and iSCSI\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://jamesoclaire.com/2025/10/05/self-hosting-10tb-in-s3-on-a-framework-laptop-disks/\" rel=\"nofollow\"\u003eSelf hosting 10TB in S3 on a framework laptop + disks\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vermaden.wordpress.com/2025/07/08/crucial-freebsd-toolkit/\" rel=\"nofollow\"\u003eCrucial FreeBSD Toolkit\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSSnapshotWrittenProperty\" rel=\"nofollow\"\u003eSome notes on OpenZFS\u0026#39;s \u0026#39;written\u0026#39; dataset property\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2025/10/28/vi-improvements\" rel=\"nofollow\"\u003evi improvements on Dragonfly\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20251112121631\" rel=\"nofollow\"\u003eBig news for small /usr partitions\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/639/feedback/patrick%20-%20notes.md\" rel=\"nofollow\"\u003ePatrick - Feedback\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Reproducible builds, Highly available ZFS Pools, Self Hosting on a Framework Laptop, and more...","date_published":"2025-11-27T09:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/60c20296-3ef2-4105-ae81-5d6f29044152.mp3","mime_type":"audio/mpeg","size_in_bytes":57835776,"duration_in_seconds":3614}]},{"id":"b4c03ea3-b78b-491f-9d8a-4e8e6688bb69","title":"638: Hipsters want their distribution back","url":"https://www.bsdnow.tv/638","content_text":"New Open Indiana Release, Understanding Storage Performance, a Unix OS for the TI99, FreeBSD Tribal knowledge, and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nSignifier flotation devices\n\n\n\nOpen Indiana Hipster Announcement\n\n\n\nUnderstanding Storage Performance Metrics\n\n\n\nNews Roundup\n\nUNIX99, a UNIX-like OS for the TI-99/4A\n\n\n\nMaking the veb(4) virtual Ethernet bridge VLAN aware\n\n\n\nFreeBSD tribal knowledge: minor version upgrades\n\n\n\nIt's been 10 years since ZFS's 10th aniversary its integration into Solaris - A Reflection\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\nSponsored By:Tarsnap Promo Code: bsdnow","content_html":"\u003cp\u003eNew Open Indiana Release, Understanding Storage Performance, a Unix OS for the TI99, FreeBSD Tribal knowledge, and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://davidyat.es/2025/09/27/signifier-flotation-devices\" rel=\"nofollow\"\u003eSignifier flotation devices\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://openindiana.org/announcements/openindiana-hipster-2025-10-announcement/\" rel=\"nofollow\"\u003eOpen Indiana Hipster Announcement\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/understanding-storage-performance-metrics?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eUnderstanding Storage Performance Metrics\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.atariage.com/topic/380883-unix99-a-unix-like-os-for-the-ti-994a\" rel=\"nofollow\"\u003eUNIX99, a UNIX-like OS for the TI-99/4A\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20251029114507\" rel=\"nofollow\"\u003eMaking the veb(4) virtual Ethernet bridge VLAN aware\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vulcanridr.mataroa.blog/blog/freebsd-tribal-knowledge-minor-version-upgrades\" rel=\"nofollow\"\u003eFreeBSD tribal knowledge: minor version upgrades\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blogs.oracle.com/oracle-systems/post/happy-10th-birthday-zfs\" rel=\"nofollow\"\u003eIt\u0026#39;s been 10 years since ZFS\u0026#39;s 10th aniversary its integration into Solaris - A Reflection\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSponsored By:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca rel=\"nofollow\" href=\"https://www.tarsnap.com/bsdnow\"\u003eTarsnap\u003c/a\u003e Promo Code: bsdnow\u003c/li\u003e\u003c/ul\u003e","summary":"New Open Indiana Release, Understanding Storage Performance, a Unix OS for the TI99, FreeBSD Tribal knowledge, and more...","date_published":"2025-11-20T09:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b4c03ea3-b78b-491f-9d8a-4e8e6688bb69.mp3","mime_type":"audio/mpeg","size_in_bytes":65509632,"duration_in_seconds":4094}]},{"id":"f5743595-bf79-4d27-8579-9df212432d09","title":"637: /etc/hosts","url":"https://www.bsdnow.tv/637","content_text":"Time to update our /etc/hosts file...\n\nNOTES*\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nShow updates\n\nIntro Ruben\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eTime to update our /etc/hosts file...\u003c/p\u003e\n\n\u003cp\u003e\u003cem\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/em\u003e*\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eShow updates\u003c/h2\u003e\n\n\u003ch2\u003eIntro Ruben\u003c/h2\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Time to update our /etc/hosts file...","date_published":"2025-11-13T09:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f5743595-bf79-4d27-8579-9df212432d09.mp3","mime_type":"audio/mpeg","size_in_bytes":65100288,"duration_in_seconds":4068}]},{"id":"298cf02b-9f85-4fe2-bb2f-da047df5149b","title":"636: Thunder Bolts","url":"https://www.bsdnow.tv/636","content_text":"Thunderbolt on FreeBSD, ZFS on Illumos and Linux and FreeBSD, ZFS Compression, Home networking monitoring, LibreSSH and OpenSSH releases and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThunderbolt on FreeBSD\n\n\n\nThe broad state of ZFS on Illumos, Linux, and FreeBSD (as I understand it)\n\n\n\nNews Roundup\n\nzfs: setting compression and adding new vdevs\n\n\n\nThe hunt for a home network monitoring solution\n\n\n\nLibreSSL 4.2.0 Released\n\n\n\nOpenSSH 10.2 released\n\n\nRelated to 10.x versions : Post-Quantum Cryptography\n\n\n\n\nCheck your IP infos using nginx\n\n\n\nExperimenting with Compression\n\n(just given an overview, I dont exepect you to read the all three writeups fully)\n\n\nExperimenting with compression off\nExperimenting with compression=lz4\nExperimenting with compression=zstd\nCompression results \n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nAnton - Boxybsd\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThunderbolt on FreeBSD, ZFS on Illumos and Linux and FreeBSD, ZFS Compression, Home networking monitoring, LibreSSH and OpenSSH releases and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.feld.me/posts/2025/10/thunderbolt-on-freebsd\" rel=\"nofollow\"\u003eThunderbolt on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSOnIllumosLinuxAndFreeBSD\" rel=\"nofollow\"\u003eThe broad state of ZFS on Illumos, Linux, and FreeBSD (as I understand it)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2025/10/18/zfs-setting-compression-and-adding-new-vdevs\" rel=\"nofollow\"\u003ezfs: setting compression and adding new vdevs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vulcanridr.mataroa.blog/blog/the-hunt-for-a-home-network-monitoring-solution\" rel=\"nofollow\"\u003eThe hunt for a home network monitoring solution\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20251015043527\" rel=\"nofollow\"\u003eLibreSSL 4.2.0 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20251010131052\" rel=\"nofollow\"\u003eOpenSSH 10.2 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRelated to 10.x versions : \u003ca href=\"https://www.openssh.com/pq.html\" rel=\"nofollow\"\u003ePost-Quantum Cryptography\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2025/check-your-ip-infos-using-nginx\" rel=\"nofollow\"\u003eCheck your IP infos using nginx\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eExperimenting with Compression\u003c/h3\u003e\n\n\u003cp\u003e(just given an overview, I dont exepect you to read the all three writeups fully)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://dan.langille.org/2025/10/06/experimenting-with-compression-off/\" rel=\"nofollow\"\u003eExperimenting with compression off\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dan.langille.org/2025/10/06/experimenting-with-compressionlz4/\" rel=\"nofollow\"\u003eExperimenting with compression=lz4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dan.langille.org/2025/10/06/experimenting-with-compressionzstd/\" rel=\"nofollow\"\u003eExperimenting with compression=zstd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dan.langille.org/2025/10/06/compression-results\" rel=\"nofollow\"\u003eCompression results\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/636/feedback/anton%20-%20boxybsd.md\" rel=\"nofollow\"\u003eAnton - Boxybsd\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Thunderbolt on FreeBSD, ZFS on Illumos and Linux and FreeBSD, ZFS Compression, Home networking monitoring, LibreSSH and OpenSSH releases and more...","date_published":"2025-11-06T09:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/298cf02b-9f85-4fe2-bb2f-da047df5149b.mp3","mime_type":"audio/mpeg","size_in_bytes":60890112,"duration_in_seconds":3805}]},{"id":"8b8ffd0a-14ca-45b0-8d80-b1c9ab198b57","title":"635: Guess who's back?","url":"https://www.bsdnow.tv/635","content_text":"OpenBSD 7.8, Building Enterprise Storage with Proxmox, SSD performance, Virtual Machines and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD 7.8 Released also (https://undeadly.org/cgi?action=article;sid=20251022025822) and (https://bsd.network/@brynet/115403567146395679)\n\n\n\nBuilding Enterprise-Grade Storage on Proxmox with ZFS\n\n\n\nNews Roundup\n\n[TUHS] Was artifacts, now ethernet\n\n\n\nI wish SSDs gave you CPU performance style metrics about their activity\n\n\n\nMigrate a KVM virtual machine to OmniOS bhyve\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nbrad - bhyve\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenBSD 7.8, Building Enterprise Storage with Proxmox, SSD performance, Virtual Machines and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.openbsd.org/78.html\" rel=\"nofollow\"\u003eOpenBSD 7.8 Released\u003c/a\u003e also (\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20251022025822\" rel=\"nofollow\"\u003ehttps://undeadly.org/cgi?action=article;sid=20251022025822\u003c/a\u003e) and (\u003ca href=\"https://bsd.network/@brynet/115403567146395679\" rel=\"nofollow\"\u003ehttps://bsd.network/@brynet/115403567146395679\u003c/a\u003e)\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/building-enterprise-grade-storage-on-proxmox-with-zfs\" rel=\"nofollow\"\u003eBuilding Enterprise-Grade Storage on Proxmox with ZFS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2025-July/032268.html\" rel=\"nofollow\"\u003e[TUHS] Was artifacts, now ethernet\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/SSDWritePerfMetricsWish\" rel=\"nofollow\"\u003eI wish SSDs gave you CPU performance style metrics about their activity\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2025/migrate-a-kvm-virtual-machine-to-omnios-bhyve\" rel=\"nofollow\"\u003eMigrate a KVM virtual machine to OmniOS bhyve\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/635/feedback/brad%20-%20bhyve.md\" rel=\"nofollow\"\u003ebrad - bhyve\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenBSD 7.8, Building Enterprise Storage with Proxmox, SSD performance, Virtual Machines and more...","date_published":"2025-10-30T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8b8ffd0a-14ca-45b0-8d80-b1c9ab198b57.mp3","mime_type":"audio/mpeg","size_in_bytes":74451456,"duration_in_seconds":4653}]},{"id":"32188a5f-bff5-4a8f-97bd-b1c19705b7a9","title":"634: Why Self-Host?","url":"https://www.bsdnow.tv/634","content_text":"Why Self-host?, Advanced ZFS Dataset Management, Building a Simple Router with OpenBSD, Minimal pkgbase jails / chroots, WSL-For-FreeBSD, Yubico yubikey 5 nfc on FreeBSD, The Q3 2025 Issue of the FreeBSD Journal, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhy Self-host?\n\n\n\nAdvanced ZFS Dataset Management: Snapshots, Clones, and Bookmarks\n\n\n\nNews Roundup\n\nBuilding a Simple Router with OpenBSD\n\n\n\nMinimal pkgbase jails / chroots\n\n\n\nWSL-For-FreeBSD\n\n\n\nYubico yubikey 5 nfc on FreeBSD\n\n\n\nThe Q3 2025 Issue of the FreeBSD Journal is Now Available\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eWhy Self-host?, Advanced ZFS Dataset Management, Building a Simple Router with OpenBSD, Minimal pkgbase jails / chroots, WSL-For-FreeBSD, Yubico yubikey 5 nfc on FreeBSD, The Q3 2025 Issue of the FreeBSD Journal, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://romanzipp.com/blog/why-a-homelab-why-self-host\" rel=\"nofollow\"\u003eWhy Self-host?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/advanced-zfs-dataset-management/\" rel=\"nofollow\"\u003eAdvanced ZFS Dataset Management: Snapshots, Clones, and Bookmarks\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://btxx.org/posts/openbsd-router/\" rel=\"nofollow\"\u003eBuilding a Simple Router with OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/minimal-pkgbase-jails-chroots-docker-oci-like.99512/\" rel=\"nofollow\"\u003eMinimal pkgbase jails / chroots\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BalajeS/WSL-For-FreeBSD\" rel=\"nofollow\"\u003eWSL-For-FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.freebsd.org/threads/yubico-yubikey-5-nfc-on-freebsd.99529\" rel=\"nofollow\"\u003eYubico yubikey 5 nfc on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/the-q3-2025-issue-of-the-freebsd-journal-is-now-available/\" rel=\"nofollow\"\u003eThe Q3 2025 Issue of the FreeBSD Journal is Now Available\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Why Self-host?, Advanced ZFS Dataset Management, Building a Simple Router with OpenBSD, Minimal pkgbase jails / chroots, WSL-For-FreeBSD, Yubico yubikey 5 nfc on FreeBSD, The Q3 2025 Issue of the FreeBSD Journal, and more","date_published":"2025-10-23T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/32188a5f-bff5-4a8f-97bd-b1c19705b7a9.mp3","mime_type":"audio/mpeg","size_in_bytes":59177472,"duration_in_seconds":3698}]},{"id":"4d736424-c75d-48e7-bd89-87f4b4a6fa41","title":"633: Magical Systems Thinking","url":"https://www.bsdnow.tv/633","content_text":"ZFS Features, Roadmap, and Innovations, Magical systems thinking, How VMware’s Debt-Fueled Acquisition Is Killing Open Source, OpenSSH 10.1 Released, KDE Plasma 6 Wayland on FreeBSD, Unix Co-Creator Brian Kernighan on Rust, Distros and NixOS, Balkanization of the Internet, GhostBSD 25.02 adds 'Gershwin' desktop for a Mac-like twist, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhat the Future Brings – ZFS Features, Roadmap, and Innovations\n\n\n\nMagical systems thinking\n\n\n\nThe $69 Billion Domino Effect: How VMware’s Debt-Fueled Acquisition Is Killing Open Source, One Repository at a Time\n\n\n\nNews Roundup\n\nOpenSSH 10.1 Released\n\n\n\nKDE Plasma 6 Wayland on FreeBSD\n\n\n\nUnix Co-Creator Brian Kernighan on Rust, Distros and NixOS\n\n\n\nGhostBSD 25.02 adds 'Gershwin' desktop for a Mac-like twist\n\n\n\nBeastie Bits\n\n\nAdventures in porting a Wayland Compositor to NetBSD and OpenBSD by Jeff Frasca\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nKylen - CVEs\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eZFS Features, Roadmap, and Innovations, Magical systems thinking, How VMware’s Debt-Fueled Acquisition Is Killing Open Source, OpenSSH 10.1 Released, KDE Plasma 6 Wayland on FreeBSD, Unix Co-Creator Brian Kernighan on Rust, Distros and NixOS, Balkanization of the Internet, GhostBSD 25.02 adds \u0026#39;Gershwin\u0026#39; desktop for a Mac-like twist, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-new-features-roadmap-innovations?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eWhat the Future Brings – ZFS Features, Roadmap, and Innovations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://worksinprogress.co/issue/magical-systems-thinking\" rel=\"nofollow\"\u003eMagical systems thinking\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://fastcode.io/2025/08/30/the-69-billion-domino-effect-how-vmwares-debt-fueled-acquisition-is-killing-open-source-one-repository-at-a-time\" rel=\"nofollow\"\u003eThe $69 Billion Domino Effect: How VMware’s Debt-Fueled Acquisition Is Killing Open Source, One Repository at a Time\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.openssh.com/txt/release-10.1\" rel=\"nofollow\"\u003eOpenSSH 10.1 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://euroquis.nl/kde/2025/09/07/wayland.html\" rel=\"nofollow\"\u003eKDE Plasma 6 Wayland on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://thenewstack.io/unix-co-creator-brian-kernighan-on-rust-distros-and-nixos\" rel=\"nofollow\"\u003eUnix Co-Creator Brian Kernighan on Rust, Distros and NixOS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2025/08/27/ghostbsd_2502/\" rel=\"nofollow\"\u003eGhostBSD 25.02 adds \u0026#39;Gershwin\u0026#39; desktop for a Mac-like twist\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=oo_8gnWQ4xo\" rel=\"nofollow\"\u003eAdventures in porting a Wayland Compositor to NetBSD and OpenBSD by Jeff Frasca\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/633/feedback/Kylen%20-%20CVEs.md\" rel=\"nofollow\"\u003eKylen - CVEs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"ZFS Features, Roadmap, and Innovations, Magical systems thinking, How VMware’s Debt-Fueled Acquisition Is Killing Open Source, OpenSSH 10.1 Released, KDE Plasma 6 Wayland on FreeBSD, Unix Co-Creator Brian Kernighan on Rust, Distros and NixOS, Balkanization of the Internet, GhostBSD 25.02 adds 'Gershwin' desktop for a Mac-like twist, and more","date_published":"2025-10-16T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4d736424-c75d-48e7-bd89-87f4b4a6fa41.mp3","mime_type":"audio/mpeg","size_in_bytes":64108416,"duration_in_seconds":4006}]},{"id":"4d8e2a9b-ebf7-4dcc-bbda-93121e1ab789","title":"632: Zipbomb defeated","url":"https://www.bsdnow.tv/632","content_text":"zipbomb defeated, Optimizing ZFS for High-Throughput Storage Workloads, Open Source is one person, Omada SDN Controller on FreeBSD, Building a Simple Router with OpenBSD, Back to the origins, Enhancing Support for NAT64 Protocol Translation in NetBSD, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nzipbomb defeated\n\n\n\nOptimizing ZFS for High-Throughput Storage Workloads\n\n\n\nNews Roundup\n\nOpen Source is one person\n\n\n\nOmada SDN Controller on FreeBSD\n\n\n\nBack to the origins\n\n\n\nGoogle Summer of Code 2025 Reports: Enhancing Support for NAT64 Protocol Translation in NetBSD\n\n\n\nUndeadly Bits\n\n\nj2k25 - OpenBSD Hackathon Japan 2025\nOpenSSH will now adapt IP QoS to actual sessions and traffic\nPreliminary support for Raspberry Pi 5\nOpenBSD enters 7.8-beta\nFull BSDCan 2025 video playlist(s) available\nOpenBGPD 8.9 released\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nBrad - a few things\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003ezipbomb defeated, Optimizing ZFS for High-Throughput Storage Workloads, Open Source is one person, Omada SDN Controller on FreeBSD, Building a Simple Router with OpenBSD, Back to the origins, Enhancing Support for NAT64 Protocol Translation in NetBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.reddit.com/r/openzfs/comments/1niu6h7/when_a_decompression_zip_bomb_meets_zfs_19_pb/\" rel=\"nofollow\"\u003ezipbomb defeated\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/optimizing-zfs-for-high-throughput-storage-workloads?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eOptimizing ZFS for High-Throughput Storage Workloads\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://opensourcesecurity.io/2025/08-oss-one-person\" rel=\"nofollow\"\u003eOpen Source is one person\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.feld.me/posts/2025/08/omada-on-freebsd\" rel=\"nofollow\"\u003eOmada SDN Controller on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://failsafe.monster/posts/another-world/\" rel=\"nofollow\"\u003eBack to the origins\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/gsoc2025_nat64_protocol_translation\" rel=\"nofollow\"\u003eGoogle Summer of Code 2025 Reports: Enhancing Support for NAT64 Protocol Translation in NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eUndeadly Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250601104254\" rel=\"nofollow\"\u003ej2k25 - OpenBSD Hackathon Japan 2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250818113047\" rel=\"nofollow\"\u003eOpenSSH will now adapt IP QoS to actual sessions and traffic\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20250903064251\" rel=\"nofollow\"\u003ePreliminary support for Raspberry Pi 5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20250911045955\" rel=\"nofollow\"\u003eOpenBSD enters 7.8-beta\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20250912124932\" rel=\"nofollow\"\u003eFull BSDCan 2025 video playlist(s) available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20250926141610\" rel=\"nofollow\"\u003eOpenBGPD 8.9 released\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/632/feedback/Brad%20-%20a%20few%20things.md\" rel=\"nofollow\"\u003eBrad - a few things\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"zipbomb defeated, Optimizing ZFS for High-Throughput Storage Workloads, Open Source is one person, Omada SDN Controller on FreeBSD, Building a Simple Router with OpenBSD, Back to the origins, Enhancing Support for NAT64 Protocol Translation in NetBSD, and more","date_published":"2025-10-09T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4d8e2a9b-ebf7-4dcc-bbda-93121e1ab789.mp3","mime_type":"audio/mpeg","size_in_bytes":50827776,"duration_in_seconds":3176}]},{"id":"95129bfb-90c7-481b-a15f-9d2af6dae342","title":"630: Bhyve Management UI","url":"https://www.bsdnow.tv/630","content_text":"FreeBSD Foundation Q2 2025 Status Update, Keeping Data Safe with OpenZFS, Ollama on FreeBSD Using GPU Passthrough, ClonOS, Preliminary support for Raspberry Pi 5, Sylve: Manage bhyve VMs and Clusters on FreeBSD, Preventing Systemd DHCP RELEASE Behavior, Call for testing - Samba 4.22, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Foundation Q2 2025 Status Update\n\n\n\nKeeping Data Safe with OpenZFS: Security, Encryption, and Delegation\n\n\n\nNews Roundup\n\nOllama on FreeBSD Using GPU Passthrough\n\n\n\nClonOS\n\n\n\nPreliminary support for Raspberry Pi 5\n\n\n\nSylve: Manage bhyve VMs and Clusters on FreeBSD\n\n\n\n\nPreventing Systemd DHCP RELEASE Behavior\n\n\n\nCall for testing - Samba 4.22 in 0mp's ports tree\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n-Vincent - Ollama on FreeBSD\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD Foundation Q2 2025 Status Update, Keeping Data Safe with OpenZFS, Ollama on FreeBSD Using GPU Passthrough, ClonOS, Preliminary support for Raspberry Pi 5, Sylve: Manage bhyve VMs and Clusters on FreeBSD, Preventing Systemd DHCP RELEASE Behavior, Call for testing - Samba 4.22, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-foundation-q2-2025-status-update\" rel=\"nofollow\"\u003eFreeBSD Foundation Q2 2025 Status Update\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/keeping-data-safe-with-openzfs-security-encryption-delegation?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eKeeping Data Safe with OpenZFS: Security, Encryption, and Delegation\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://evolving-architecture.eu/ollama-freebsd-gpu-passthrough/\" rel=\"nofollow\"\u003eOllama on FreeBSD Using GPU Passthrough\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://clonos.convectix.com/\" rel=\"nofollow\"\u003eClonOS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250903064251\" rel=\"nofollow\"\u003ePreliminary support for Raspberry Pi 5\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://gyptazy.com/blog/sylve-a-proxmox-alike-webui-for-bhyve-on-freebsd/\" rel=\"nofollow\"\u003eSylve: Manage bhyve VMs and Clusters on FreeBSD\u003cbr\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.feld.me/posts/2025/09/systemd-networkd-dhcp-release/\" rel=\"nofollow\"\u003ePreventing Systemd DHCP RELEASE Behavior\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/0mp/freebsd-ports/tree/0mp/samba422\" rel=\"nofollow\"\u003eCall for testing - Samba 4.22 in 0mp\u0026#39;s ports tree\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e-\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/630/feedback/vincent-ollama.md\" rel=\"nofollow\"\u003eVincent - Ollama on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD Foundation Q2 2025 Status Update, Keeping Data Safe with OpenZFS, Ollama on FreeBSD Using GPU Passthrough, ClonOS, Preliminary support for Raspberry Pi 5, Sylve: Manage bhyve VMs and Clusters on FreeBSD, Preventing Systemd DHCP RELEASE Behavior, Call for testing - Samba 4.22, and more","date_published":"2025-10-02T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/95129bfb-90c7-481b-a15f-9d2af6dae342.mp3","mime_type":"audio/mpeg","size_in_bytes":34300800,"duration_in_seconds":2143}]},{"id":"76f80a10-4420-444a-801e-d3655c962851","title":"631: Endorphin Rush","url":"https://www.bsdnow.tv/631","content_text":"Secure Boot for FreeBSD, Systems lie about their proper functioning, Teching the tech and rushing the endorphins, Passing a Device Into A FreeBSD Jail With A Stable Name, ZFS snapshots aren't as immutable as I thought, due to snapshot metadata, Let's write a peephole optimizer for QBE's arm64 backend, Migrate a Peertube instance from Debian to FreeBSD, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nSecure Boot for FreeBSD\n\n\n\nThe Fundamental Failure-Mode Theorem: Systems lie about their proper functioning\n\n\n\nNews Roundup\n\nTeching the tech and rushing the endorphins\n\n\n\nPassing a Device Into A FreeBSD Jail With A Stable Name\n\n\n\nZFS snapshots aren't as immutable as I thought, due to snapshot metadata\n\n\n\nLet's write a peephole optimizer for QBE's arm64 backend\n\n\n\nMigrate a Peertube instance from Debian to FreeBSD\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n-Steve - Interviews\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eSecure Boot for FreeBSD, Systems lie about their proper functioning, Teching the tech and rushing the endorphins, Passing a Device Into A FreeBSD Jail With A Stable Name, ZFS snapshots aren\u0026#39;t as immutable as I thought, due to snapshot metadata, Let\u0026#39;s write a peephole optimizer for QBE\u0026#39;s arm64 backend, Migrate a Peertube instance from Debian to FreeBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/how-to-set-up-secure-boot-for-freebsd.99169/\" rel=\"nofollow\"\u003eSecure Boot for FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://devblogs.microsoft.com/oldnewthing/20250716-00/?p=111383\" rel=\"nofollow\"\u003eThe Fundamental Failure-Mode Theorem: Systems lie about their proper functioning\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://vulcanridr.mataroa.blog/blog/teching-the-tech-and-rushing-the-endorphins\" rel=\"nofollow\"\u003eTeching the tech and rushing the endorphins\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.feld.me/posts/2025/09/passing-device-freebsd-jail-with-stable-name/\" rel=\"nofollow\"\u003ePassing a Device Into A FreeBSD Jail With A Stable Name\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSSnapshotsNotFullyImmutable\" rel=\"nofollow\"\u003eZFS snapshots aren\u0026#39;t as immutable as I thought, due to snapshot metadata\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/20250901.html\" rel=\"nofollow\"\u003eLet\u0026#39;s write a peephole optimizer for QBE\u0026#39;s arm64 backend\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2025/migrate-a-peertube-instance-from-debian-to-freebsd\" rel=\"nofollow\"\u003eMigrate a Peertube instance from Debian to FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e-\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/631/feedback/Steve%20-%20Interviews.md\" rel=\"nofollow\"\u003eSteve - Interviews\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Secure Boot for FreeBSD, Systems lie about their proper functioning, Teching the tech and rushing the endorphins, Passing a Device Into A FreeBSD Jail With A Stable Name, ZFS snapshots aren't as immutable as I thought, due to snapshot metadata, Let's write a peephole optimizer for QBE's arm64 backend, Migrate a Peertube instance from Debian to FreeBSD, and more","date_published":"2025-09-25T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/76f80a10-4420-444a-801e-d3655c962851.mp3","mime_type":"audio/mpeg","size_in_bytes":88556160,"duration_in_seconds":2213}]},{"id":"95debf62-27d2-44db-9362-3e6c9f6d1fd3","title":"629: Host Naming Conventions","url":"https://www.bsdnow.tv/629","content_text":"The Death of Industrial Design, Host naming Convensions, Symbian reflections, bash timeouts, nvme vs ssds, a system to organize your life, and more.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe Death Of Industrial Design And The Era Of Dull Electronics\n\n\n\nHost Naming Convention\n\n\n\nNews Roundup\n\nOpen, free, and completely ignored: The strange afterlife of Symbian\n\n\n\nTIL: timeout in Bash scripts\n\n\n\nIt seems like NVMe SSDs have overtaken SATA SSDs for high capacities\n\n\n\nA system to organise your life\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n- Nelson - Books\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe Death of Industrial Design, Host naming Convensions, Symbian reflections, bash timeouts, nvme vs ssds, a system to organize your life, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://hackaday.com/2025/07/23/the-death-of-industrial-design-and-the-era-of-dull-electronics\" rel=\"nofollow\"\u003eThe Death Of Industrial Design And The Era Of Dull Electronics\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vulcanridr.mataroa.blog/blog/host-naming-convention\" rel=\"nofollow\"\u003eHost Naming Convention\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2025/07/17/symbian_forgotten_foss_phone_os/\" rel=\"nofollow\"\u003eOpen, free, and completely ignored: The strange afterlife of Symbian\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://heitorpb.github.io/bla/timeout/\" rel=\"nofollow\"\u003eTIL: timeout in Bash scripts\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/NVMeOvertakingSATAForSSDs\" rel=\"nofollow\"\u003eIt seems like NVMe SSDs have overtaken SATA SSDs for high capacities\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://johnnydecimal.com\" rel=\"nofollow\"\u003eA system to organise your life\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003ch2\u003e- \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/629/feedback/Nelson%20-%20books.md\" rel=\"nofollow\"\u003eNelson - Books\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The Death of Industrial Design, Host naming Convensions, Symbian reflections, bash timeouts, nvme vs ssds, a system to organize your life, and more.\r\n","date_published":"2025-09-18T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/95debf62-27d2-44db-9362-3e6c9f6d1fd3.mp3","mime_type":"audio/mpeg","size_in_bytes":98209516,"duration_in_seconds":4091}]},{"id":"f3c4b62d-2f65-49c1-9e51-121e0e549d22","title":"628: Product Hype","url":"https://www.bsdnow.tv/628","content_text":"The Hype is the Product, Programmers Aren’t So Humble Anymore—Maybe Because Nobody Codes in Perl, Is OpenBSD 10x faster than Linux?, How to install FreeBSD on providers that don't support it with mfsBSD, SSHX, Zvault Status Update, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe Hype is the Product\n\n\n\nProgrammers Aren’t So Humble Anymore—Maybe Because Nobody Codes in Perl\n\n\n\nNews Roundup\n\nIs OpenBSD 10x faster than Linux?\n\n\n\nHow to install FreeBSD on providers that don't support it with mfsBSD\n\n\n\nSSHX\n\n\n\nZvault Status Update\n\n\n\nUndeadly Bits\n\n\n4096 colours and flashing text on the console!\nFont caching no longer runs as root\nOpenSSH will now adapt IP QoS to actual sessions and traffic\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe Hype is the Product, Programmers Aren’t So Humble Anymore—Maybe Because Nobody Codes in Perl, Is OpenBSD 10x faster than Linux?, How to install FreeBSD on providers that don\u0026#39;t support it with mfsBSD, SSHX, Zvault Status Update, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://rys.io/en/180.html\" rel=\"nofollow\"\u003eThe Hype is the Product\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.wired.com/story/programmers-arent-humble-anymore-nobody-codes-in-perl\" rel=\"nofollow\"\u003eProgrammers Aren’t So Humble Anymore—Maybe Because Nobody Codes in Perl\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://flak.tedunangst.com/post/is-OpenBSD-10x-faster-than-Linux\" rel=\"nofollow\"\u003eIs OpenBSD 10x faster than Linux?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2025/07/02/install_freebsd_providers_mfsbsd/\" rel=\"nofollow\"\u003eHow to install FreeBSD on providers that don\u0026#39;t support it with mfsBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/ekzhang/sshx\" rel=\"nofollow\"\u003eSSHX\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/zvaultio/Community/blob/main/posts/2025-07-13.md\" rel=\"nofollow\"\u003eZvault Status Update\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eUndeadly Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250705081315\" rel=\"nofollow\"\u003e4096 colours and flashing text on the console!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250717061920\" rel=\"nofollow\"\u003eFont caching no longer runs as root\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250818113047\" rel=\"nofollow\"\u003eOpenSSH will now adapt IP QoS to actual sessions and traffic\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The Hype is the Product, Programmers Aren’t So Humble Anymore—Maybe Because Nobody Codes in Perl, Is OpenBSD 10x faster than Linux?, How to install FreeBSD on providers that don't support it with mfsBSD, SSHX, Zvault Status Update, and more","date_published":"2025-09-11T00:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f3c4b62d-2f65-49c1-9e51-121e0e549d22.mp3","mime_type":"audio/mpeg","size_in_bytes":118079040,"duration_in_seconds":2951}]},{"id":"cc9023da-d33f-4b3d-8478-1c72c3b02aad","title":"627: Catastrophic OpenZFS bug","url":"https://www.bsdnow.tv/627","content_text":"An (almost) catastrophic OpenZFS bug, crawler plague and the fragility of the web, Classic CDE (Common Desktop Environment) coming to OpenBSD, Some notes on DMARC policy inheritance and a gotcha, GNAT (Ada) is in fact fully supported on illumos, Eighteen Years of Greytrapping, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nAn (almost) catastrophic OpenZFS bug and the humans that made it (and Rust is here too)\n\n\n\nThe current (2025) crawler plague and the fragility of the web\n\n\n\nNews Roundup\n\nClassic CDE (Common Desktop Environment) coming to OpenBSD\n\n\n\nSome notes on DMARC policy inheritance and a gotcha\n\n\n\nDespite thoughts to the contrary, GNAT (Ada) is in fact fully supported on illumos\n\n\n\nEighteen Years of Greytrapping - Is the Weirdness Finally Paying Off?\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eAn (almost) catastrophic OpenZFS bug, crawler plague and the fragility of the web, Classic CDE (Common Desktop Environment) coming to OpenBSD, Some notes on DMARC policy inheritance and a gotcha, GNAT (Ada) is in fact fully supported on illumos, Eighteen Years of Greytrapping, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://despairlabs.com/blog/posts/2025-07-10-an-openzfs-bug-and-the-humans-that-made-it\" rel=\"nofollow\"\u003eAn (almost) catastrophic OpenZFS bug and the humans that made it (and Rust is here too)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/web/WebIsKindOfFragile\" rel=\"nofollow\"\u003eThe current (2025) crawler plague and the fragility of the web\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20250730080301\" rel=\"nofollow\"\u003eClassic CDE (Common Desktop Environment) coming to OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/spam/DMARCPolicyInheritanceNotes\" rel=\"nofollow\"\u003eSome notes on DMARC policy inheritance and a gotcha\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/20250817.html\" rel=\"nofollow\"\u003eDespite thoughts to the contrary, GNAT (Ada) is in fact fully supported on illumos\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html\" rel=\"nofollow\"\u003eEighteen Years of Greytrapping - Is the Weirdness Finally Paying Off?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"An (almost) catastrophic OpenZFS bug, crawler plague and the fragility of the web, Classic CDE (Common Desktop Environment) coming to OpenBSD, Some notes on DMARC policy inheritance and a gotcha, GNAT (Ada) is in fact fully supported on illumos, Eighteen Years of Greytrapping, and more","date_published":"2025-09-04T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cc9023da-d33f-4b3d-8478-1c72c3b02aad.mp3","mime_type":"audio/mpeg","size_in_bytes":133652160,"duration_in_seconds":3341}]},{"id":"7aa38aab-5259-4707-991b-6514fd537e38","title":"626: USB webcam testing","url":"https://www.bsdnow.tv/626","content_text":"FreeBSD Journal Summer 2025 Edition, Java hiding in plain sight, BSDCan 2025 Trip report, Call for testing OpenBSD webcams, recent new features in OpenSSH, Improved 802.11g AP compatibility check, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Journal April/May/June 2025 Edition\n\n\n\nBSDCan 2025 Trip Report – Chuck Tuffli\n\nNews Roundup\n\nCall for testing: USB webcams\n\n\n\nFrom Minecraft to Markets: Java Hiding in Plain Sight\n\n\n\nRecent new features in OpenSSH\n\n\n\nNetBSD 11.0 release process underway\n\n\n\nInterview: Nico Cartron\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\nSpecial Guest: Nico Cartron.","content_html":"\u003cp\u003eFreeBSD Journal Summer 2025 Edition, Java hiding in plain sight, BSDCan 2025 Trip report, Call for testing OpenBSD webcams, recent new features in OpenSSH, Improved 802.11g AP compatibility check, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/our-work/journal/browser-based-edition/networking-3/\" rel=\"nofollow\"\u003eFreeBSD Journal April/May/June 2025 Edition\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/bsdcan-2025-trip-report-chuck-tuffli/\" rel=\"nofollow\"\u003eBSDCan 2025 Trip Report – Chuck Tuffli\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250808083341\" rel=\"nofollow\"\u003eCall for testing: USB webcams\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/from-minecraft-to-markets-java-hiding-in-plain-sight/\" rel=\"nofollow\"\u003eFrom Minecraft to Markets: Java Hiding in Plain Sight\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250802084523\" rel=\"nofollow\"\u003eRecent new features in OpenSSH\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_11_0_release_process\" rel=\"nofollow\"\u003eNetBSD 11.0 release process underway\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview: Nico Cartron\u003c/h2\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSpecial Guest: Nico Cartron.\u003c/p\u003e","summary":"FreeBSD Journal Summer 2025 Edition, Java hiding in plain sight, BSDCan 2025 Trip report, Call for testing OpenBSD webcams, recent new features in OpenSSH, Improved 802.11g AP compatibility check, and more","date_published":"2025-08-28T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7aa38aab-5259-4707-991b-6514fd537e38.mp3","mime_type":"audio/mpeg","size_in_bytes":134819520,"duration_in_seconds":3370}]},{"id":"79be3516-806f-4077-8f6c-b7434141a851","title":"625: Build Cluster Speedup","url":"https://www.bsdnow.tv/625","content_text":"Why FreeBSD is the Right Choice for Embedded Devices, The Day GlusterFS Tried to Kill My Career, DragonFly DRM updated, NetBSD on Raspberry Pi, Speed up suspend/resume for FreeBSD, Revisiting ZFS's ZIL, separate log devices, and writes, One of my blog articles featured on the BSD Now podcast episode, New build cluster speeds up daily autobuilds, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhy FreeBSD is the Right Choice for Embedded Devices\n\n\n\nThe Day GlusterFS Tried to Kill My Career\n\n\n\nNews Roundup\n\nDragonFly DRM updated\n\n\n\nNetBSD on Raspberry Pi!\n\n\n\nSpeed up suspend/resume for FreeBSD\n\n\n\nRevisiting ZFS's ZIL, separate log devices, and writes\n\n\n\nOne of my blog articles featured on the BSD Now podcast episode!\n\n\n\nNew build cluster speeds up daily autobuilds\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eWhy FreeBSD is the Right Choice for Embedded Devices, The Day GlusterFS Tried to Kill My Career, DragonFly DRM updated, NetBSD on Raspberry Pi, Speed up suspend/resume for FreeBSD, Revisiting ZFS\u0026#39;s ZIL, separate log devices, and writes, One of my blog articles featured on the BSD Now podcast episode, New build cluster speeds up daily autobuilds, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/why-freebsd-is-the-right-choice-for-embedded-devices/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eWhy FreeBSD is the Right Choice for Embedded Devices\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2025/05/21/the_day_glusterfs_tried_to_kill_my_career/\" rel=\"nofollow\"\u003eThe Day GlusterFS Tried to Kill My Career\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2025/07/31/dragonfly-drm-updated/\" rel=\"nofollow\"\u003eDragonFly DRM updated\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ncartron.org/netbsd-on-raspberry-pi.html\" rel=\"nofollow\"\u003eNetBSD on Raspberry Pi!\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://eugene-andrienko.com/en/it/2025/07/28/speed-up-suspend-resume-freebsd.html\" rel=\"nofollow\"\u003eSpeed up suspend/resume for FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSWritesAndZILIII\" rel=\"nofollow\"\u003eRevisiting ZFS\u0026#39;s ZIL, separate log devices, and writes\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ncartron.org/one-of-my-blog-articles-featured-on-the-bsd-now-podcast-episode.html\" rel=\"nofollow\"\u003eOne of my blog articles featured on the BSD Now podcast episode!\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/new_build_cluster_speeds_up\" rel=\"nofollow\"\u003eNew build cluster speeds up daily autobuilds\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Why FreeBSD is the Right Choice for Embedded Devices, The Day GlusterFS Tried to Kill My Career, DragonFly DRM updated, NetBSD on Raspberry Pi, Speed up suspend/resume for FreeBSD, Revisiting ZFS's ZIL, separate log devices, and writes, One of my blog articles featured on the BSD Now podcast episode, New build cluster speeds up daily autobuilds, and more","date_published":"2025-08-21T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/79be3516-806f-4077-8f6c-b7434141a851.mp3","mime_type":"audio/mpeg","size_in_bytes":121440960,"duration_in_seconds":3036}]},{"id":"befb1e6f-ad13-476b-8755-7602f9061390","title":"624: OpenBSD Innovations","url":"https://www.bsdnow.tv/624","content_text":"OpenBSD chflags vs. Log Tampering, How to Defend Against Aggressive Web Scrapers With Anubis on FreeBSD 14, OpenBSD Innovations, Full Ada programming toolchain NOW on FreeBSD, Compute GPUs can have odd failures under Linux (still), A handy collection of shell aliases from my bash startup, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhen Root Meets Immutable: OpenBSD chflags vs. Log Tampering\n\n\n\nHow to Defend Against Aggressive Web Scrapers With Anubis on FreeBSD 14\n\n\n\nNews Roundup\n\nOpenBSD Innovations\n\n\n\nFull Ada programming toolchain NOW on FreeBSD\n\n\n\nCompute GPUs can have odd failures under Linux (still)\n\n\n\nA handy collection of shell aliases from my bash startup\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nFeedback/Questions\n\n\nEfraim - modernizing\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenBSD chflags vs. Log Tampering, How to Defend Against Aggressive Web Scrapers With Anubis on FreeBSD 14, OpenBSD Innovations, Full Ada programming toolchain NOW on FreeBSD, Compute GPUs can have odd failures under Linux (still), A handy collection of shell aliases from my bash startup, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://rsadowski.de/posts/2025/openbsd-immutable-system-logs/\" rel=\"nofollow\"\u003eWhen Root Meets Immutable: OpenBSD chflags vs. Log Tampering\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://herrbischoff.com/2025/07/how-to-defend-against-aggressive-web-scrapers-with-anubis-on-freebsd-14/\" rel=\"nofollow\"\u003eHow to Defend Against Aggressive Web Scrapers With Anubis on FreeBSD 14\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.openbsd.org/innovations.html\" rel=\"nofollow\"\u003eOpenBSD Innovations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/1m21t7o/ann_full_ada_programming_toolchain_now_on_freebsd/\" rel=\"nofollow\"\u003eFull Ada programming toolchain NOW on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ComputeGPUsStillFinicky\" rel=\"nofollow\"\u003eCompute GPUs can have odd failures under Linux (still)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.petdance.com/2020/02/03/handy-collection-of-shell-aliases/\" rel=\"nofollow\"\u003eA handy collection of shell aliases from my bash startup\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/624/feedback/Efraim%20-%20modernizing.md\" rel=\"nofollow\"\u003eEfraim - modernizing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenBSD chflags vs. Log Tampering, How to Defend Against Aggressive Web Scrapers With Anubis on FreeBSD 14, OpenBSD Innovations, Full Ada programming toolchain NOW on FreeBSD, Compute GPUs can have odd failures under Linux (still), A handy collection of shell aliases from my bash startup, and more","date_published":"2025-08-14T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/befb1e6f-ad13-476b-8755-7602f9061390.mp3","mime_type":"audio/mpeg","size_in_bytes":147046080,"duration_in_seconds":3676}]},{"id":"3d5f1033-4fa2-473f-9e01-8a11cbf7f147","title":"623: Two's interview","url":"https://www.bsdnow.tv/623","content_text":"Software Bill of Materials (SBOM) for FreeBSD Project, Your Guide to Lock-In Free Infrastructure, and we interview David Gwynne from the University of Queensland and developer on the OpenBSD project.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nSoftware Bill of Materials (SBOM) for FreeBSD Project\n\n\n\nFreeBSD Summer 2025 Roundup: Your Guide to Lock-In Free Infrastructure\n\n\n\nInterview\n\n\nDavid Gwynne from the University of Queensland and developer on the OpenBSD project.\n\n\nInterview thoughts from Benedict and Jason\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\nSpecial Guest: David Gwynne.","content_html":"\u003cp\u003eSoftware Bill of Materials (SBOM) for FreeBSD Project, Your Guide to Lock-In Free Infrastructure, and we interview David Gwynne from the University of Queensland and developer on the OpenBSD project.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/software-bill-of-materials-sbom-for-freebsd-project/\" rel=\"nofollow\"\u003eSoftware Bill of Materials (SBOM) for FreeBSD Project\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-guide-to-lock-in-free-infrastructure\" rel=\"nofollow\"\u003eFreeBSD Summer 2025 Roundup: Your Guide to Lock-In Free Infrastructure\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDavid Gwynne from the University of Queensland and developer on the OpenBSD project.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview thoughts from Benedict and Jason\u003c/h2\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSpecial Guest: David Gwynne.\u003c/p\u003e","summary":"Software Bill of Materials (SBOM) for FreeBSD Project, Your Guide to Lock-In Free Infrastructure, and we interview David Gwynne from the University of Queensland and developer on the OpenBSD project.","date_published":"2025-08-07T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3d5f1033-4fa2-473f-9e01-8a11cbf7f147.mp3","mime_type":"audio/mpeg","size_in_bytes":145169280,"duration_in_seconds":3629}]},{"id":"ab7c57fb-4b07-45c4-bbba-ea08fd8724d9","title":"622: Interview with Mark Phillips - Technical Marketing Manager at the FreeBSD Foundation ","url":"https://www.bsdnow.tv/622","content_text":"This week Benedict interviews Mark Phillips , the Technical Marketing Manager at the FreeBSD Foundation, while they both are at a Hackathon in Germany. \n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nInterview\n\nMark Phillips - Technical Marketing Manager at the FreeBSD Foundation\n\n\nPersonal website\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\nSpecial Guest: Mark Phillips.","content_html":"\u003cp\u003eThis week Benedict interviews Mark Phillips , the Technical Marketing Manager at the FreeBSD Foundation, while they both are at a Hackathon in Germany. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview\u003c/h2\u003e\n\n\u003cp\u003eMark Phillips - \u003ca href=\"https://freebsdfoundation.org/about-us/our-team\" rel=\"nofollow\"\u003eTechnical Marketing Manager at the FreeBSD Foundation\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://probably.co.uk/\" rel=\"nofollow\"\u003ePersonal website\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSpecial Guest: Mark Phillips.\u003c/p\u003e","summary":"This week Benedict interviews Mark Phillips , the Technical Marketing Manager at the FreeBSD Foundation, while they both are at a Hackathon in Germany. ","date_published":"2025-07-31T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ab7c57fb-4b07-45c4-bbba-ea08fd8724d9.mp3","mime_type":"audio/mpeg","size_in_bytes":132422400,"duration_in_seconds":3310}]},{"id":"e45aa34d-ee5d-4999-bbc6-5ce609a2db4c","title":"621: Exaggerated Death Report","url":"https://www.bsdnow.tv/621","content_text":"Designing a Storage Pool, The Report of My Death Was an Exaggeration, Generic BSD installations on ARM64 UEFI, dm_target_crypt_ng - Add next-generation implementation, The X Window System didn't immediately have X terminals, The Book of PF 4th Edition Is Coming Soon, Periodical 20 Localized Computing, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDesigning a Storage Pool: RAIDZ, Mirrors, and Hybrid Configurations\n\n\n\nThe Report of My Death Was an Exaggeration\n\n\n\nNews Roundup\n\nGeneric BSD installations on ARM64 UEFI: results and first impressions\n\n\n\ndm_target_crypt_ng - Add next-generation implementation\n\n\n\nThe X Window System didn't immediately have X terminals\n\n\n\nYes, The Book of PF, 4th Edition Is Coming Soon\n\n\n\nPeriodical 20 — Localized Computing\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n-Aleksej - RockPro64\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eDesigning a Storage Pool, The Report of My Death Was an Exaggeration, Generic BSD installations on ARM64 UEFI, dm_target_crypt_ng - Add next-generation implementation, The X Window System didn\u0026#39;t immediately have X terminals, The Book of PF 4th Edition Is Coming Soon, Periodical 20 Localized Computing, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/designing-storage-pool-raidz-mirrors-hybrid-configurations/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eDesigning a Storage Pool: RAIDZ, Mirrors, and Hybrid Configurations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/the-report-of-my-death-was-an-exaggeration/\" rel=\"nofollow\"\u003eThe Report of My Death Was an Exaggeration\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://mekboy.ru/post/bsd-uefi-arm64/\" rel=\"nofollow\"\u003eGeneric BSD installations on ARM64 UEFI: results and first impressions\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://gitweb.dragonflybsd.org/dragonfly.git/commit/14e6c73d4c479e4ab26571490758da27da5cbbad\" rel=\"nofollow\"\u003edm_target_crypt_ng - Add next-generation implementation\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/XTerminalsNotImmediate\" rel=\"nofollow\"\u003eThe X Window System didn\u0026#39;t immediately have X terminals\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html\" rel=\"nofollow\"\u003eYes, The Book of PF, 4th Edition Is Coming Soon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.chrbutler.com/2024-10-16\" rel=\"nofollow\"\u003ePeriodical 20 — Localized Computing\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e-\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/621/feedback/Aleksej%20-%20RockPro64.md\" rel=\"nofollow\"\u003eAleksej - RockPro64\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Designing a Storage Pool, The Report of My Death Was an Exaggeration, Generic BSD installations on ARM64 UEFI, dm_target_crypt_ng - Add next-generation implementation, The X Window System didn't immediately have X terminals, The Book of PF 4th Edition Is Coming Soon, Periodical 20 Localized Computing, and more","date_published":"2025-07-24T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e45aa34d-ee5d-4999-bbc6-5ce609a2db4c.mp3","mime_type":"audio/mpeg","size_in_bytes":120302400,"duration_in_seconds":3007}]},{"id":"5750c48e-f7ce-4af7-a722-55d35ebd2366","title":"620: Postmortem for jemalloc","url":"https://www.bsdnow.tv/620","content_text":"The Server That Wasn't Meant to Exist, ZFS Performance Tuning – Optimizing for your Workload, what would a multi-user web server look like, That Grumpy BSD Guy: A Short Reading List, rsync's defaults are not always enough, jemalloc Postmortem, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n\n\nThe Server That Wasn't Meant to Exist\n\n\n\nZFS Performance Tuning – Optimizing for your Workload\n\n\n\nNews Roundup\n\nWhat would a multi-user web server look like? (A thought experiment)\n\n\n\nThat Grumpy BSD Guy: A Short Reading List\n\n\n\nrsync's defaults are not always enough\n\n\n\njemalloc Postmortem\n\n\n\nBeastie Bits\n\n\nIPv6 and proxying on DragonFly\nBoxyBSD\nSysctltui\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe Server That Wasn\u0026#39;t Meant to Exist, ZFS Performance Tuning – Optimizing for your Workload, what would a multi-user web server look like, That Grumpy BSD Guy: A Short Reading List, rsync\u0026#39;s defaults are not always enough, jemalloc Postmortem, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2025/05/13/the_server_that_wasnt_meant_to_exist/\" rel=\"nofollow\"\u003eThe Server That Wasn\u0026#39;t Meant to Exist\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-performance-tuning-optimizing-for-your-workload/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eZFS Performance Tuning – Optimizing for your Workload\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/web/MultiUserWebServerWildIdea\" rel=\"nofollow\"\u003eWhat would a multi-user web server look like? (A thought experiment)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://bsdly.blogspot.com/2025/05/that-grumpy-bsd-guy-short-reading-list.html\" rel=\"nofollow\"\u003eThat Grumpy BSD Guy: A Short Reading List\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://rachelbythebay.com/w/2025/05/31/sync/\" rel=\"nofollow\"\u003ersync\u0026#39;s defaults are not always enough\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jasone.github.io/2025/06/12/jemalloc-postmortem/\" rel=\"nofollow\"\u003ejemalloc Postmortem\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2025/06/25/ipv6-and-proxying-on-dragonfly/\" rel=\"nofollow\"\u003eIPv6 and proxying on DragonFly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://boxybsd.com\" rel=\"nofollow\"\u003eBoxyBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://alfonsosiciliano.gitlab.io/posts/2025-05-29-sysctltui.html\" rel=\"nofollow\"\u003eSysctltui\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The Server That Wasn't Meant to Exist, ZFS Performance Tuning – Optimizing for your Workload, what would a multi-user web server look like, That Grumpy BSD Guy: A Short Reading List, rsync's defaults are not always enough, jemalloc Postmortem, and more","date_published":"2025-07-17T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5750c48e-f7ce-4af7-a722-55d35ebd2366.mp3","mime_type":"audio/mpeg","size_in_bytes":129342720,"duration_in_seconds":3233}]},{"id":"666d7cce-94c7-48bb-97b8-067a21892442","title":"619: Happy Tooling","url":"https://www.bsdnow.tv/619","content_text":"Disaster Recovery with ZFS: A Practical Guide, The best interfaces we never built, Choose Tools That Make You Happy, open source has turned into two worlds, TrueNAS CORE is Dead – Long Live zVault, You should start a computer club in the place that you live, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDisaster Recovery with ZFS: A Practical Guide\n\n\n\nThe best interfaces we never built\n\n\n\nNews Roundup\n\nYou Can Choose Tools That Make You Happy\n\n\n\nI feel open source has turned into two worlds\n\n\n\nUPDATE 2 – TrueNAS CORE is Dead – Long Live zVault\n\n\n\nYou should start a computer club in the place that you live\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nBrad - syslogng issue\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eDisaster Recovery with ZFS: A Practical Guide, The best interfaces we never built, Choose Tools That Make You Happy, open source has turned into two worlds, TrueNAS CORE is Dead – Long Live zVault, You should start a computer club in the place that you live, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/disaster-recovery-with-zfs-practical-guide/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eDisaster Recovery with ZFS: A Practical Guide\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.chrbutler.com/the-best-interfaces-we-never-built\" rel=\"nofollow\"\u003eThe best interfaces we never built\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://borretti.me/article/you-can-choose-tools-that-make-you-happy\" rel=\"nofollow\"\u003eYou Can Choose Tools That Make You Happy\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/OpenSourceTwoWorlds\" rel=\"nofollow\"\u003eI feel open source has turned into two worlds\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vermaden.wordpress.com/2024/04/20/truenas-core-versus-truenas-scale/#truenas-core-dead-long-live-zvault\" rel=\"nofollow\"\u003eUPDATE 2 – TrueNAS CORE is Dead – Long Live zVault\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://startacomputer.club\" rel=\"nofollow\"\u003eYou should start a computer club in the place that you live\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/618/feedback/Brad%20-%20syslogng%20issue.md\" rel=\"nofollow\"\u003eBrad - syslogng issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Disaster Recovery with ZFS: A Practical Guide, The best interfaces we never built, Choose Tools That Make You Happy, open source has turned into two worlds, TrueNAS CORE is Dead – Long Live zVault, You should start a computer club in the place that you live, and more","date_published":"2025-07-10T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/666d7cce-94c7-48bb-97b8-067a21892442.mp3","mime_type":"audio/mpeg","size_in_bytes":110312640,"duration_in_seconds":2757}]},{"id":"4f1ff264-7f3d-4a92-8972-310e7fb9c640","title":"618: Funding BSD projects","url":"https://www.bsdnow.tv/618","content_text":"A year of funded FreeBSD, ZFS Performance Tuning – Optimizing for your Workload, Three Ways to Try FreeBSD in Under Five Minutes, FFS optimizations with dirhash, j2k25 hackathon report from kn@, NetBSD welcomes Google Summer of Code contributors, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nA year of funded FreeBSD\n\n\n\nZFS Performance Tuning – Optimizing for your Workload\n\n\n\nNews Roundup\n\nThree Ways to Try FreeBSD in Under Five Minutes\n\n\n\nFFS optimizations with dirhash\n\n\n\nj2k25 hackathon report from kn@: installer, low battery, and more\n\n\n\nNetBSD welcomes Google Summer of Code contributors\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eA year of funded FreeBSD, ZFS Performance Tuning – Optimizing for your Workload, Three Ways to Try FreeBSD in Under Five Minutes, FFS optimizations with dirhash, j2k25 hackathon report from kn@, NetBSD welcomes Google Summer of Code contributors, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.daemonology.net/blog/2025-06-06-A-year-of-funded-FreeBSD.html\" rel=\"nofollow\"\u003eA year of funded FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-performance-tuning-optimizing-for-your-workload/\" rel=\"nofollow\"\u003eZFS Performance Tuning – Optimizing for your Workload\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/three-ways-to-try-freebsd-in-under-five-minutes/\" rel=\"nofollow\"\u003eThree Ways to Try FreeBSD in Under Five Minutes\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://rsadowski.de/posts/2025/ffs-optimizations-dirhash/\" rel=\"nofollow\"\u003eFFS optimizations with dirhash\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20250616082212\" rel=\"nofollow\"\u003ej2k25 hackathon report from kn@: installer, low battery, and more\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc2025_welcome_contributors\" rel=\"nofollow\"\u003eNetBSD welcomes Google Summer of Code contributors\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"A year of funded FreeBSD, ZFS Performance Tuning – Optimizing for your Workload, Three Ways to Try FreeBSD in Under Five Minutes, FFS optimizations with dirhash, j2k25 hackathon report from kn@, NetBSD welcomes Google Summer of Code contributors, and more","date_published":"2025-07-03T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4f1ff264-7f3d-4a92-8972-310e7fb9c640.mp3","mime_type":"audio/mpeg","size_in_bytes":129594240,"duration_in_seconds":3239}]},{"id":"3a420df4-8a63-484a-bb55-180f9cabd36f","title":"617: FreeBSD 14.3","url":"https://www.bsdnow.tv/617","content_text":"FreeBSD version 14.3 is available, Reliable ZFS Storage on Commodity Hardware, My website is ugly because I made it, Semi distributed filesystems with ZFS and Sanoid, April 2025 Laptop Support and Usability Project Update, UDP sockets instead of BPF in dhcpd(8), and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD 14.3 released\n\n\n\nReliable ZFS Storage on Commodity Hardware\n\n\n\nNews Roundup\n\nMy website is ugly because I made it\n\n\n\nSemi distributed filesystems with ZFS and Sanoid\n\n\n\nApril 2025 Laptop Support and Usability Project Update\n\n\n\ndhcpd(8): use UDP sockets instead of BPF\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nNo feedback this week. Send more...\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD version 14.3 is available, Reliable ZFS Storage on Commodity Hardware, My website is ugly because I made it, Semi distributed filesystems with ZFS and Sanoid, April 2025 Laptop Support and Usability Project Update, UDP sockets instead of BPF in dhcpd(8), and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/releases/14.3R/announce/\" rel=\"nofollow\"\u003eFreeBSD 14.3 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/cost-efficient-storage-commodity-hardware/\" rel=\"nofollow\"\u003eReliable ZFS Storage on Commodity Hardware\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://goodinternetmagazine.com/my-website-is-ugly-because-i-made-it/\" rel=\"nofollow\"\u003eMy website is ugly because I made it\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://anil.recoil.org/notes/syncoid-sanoid-zfs\" rel=\"nofollow\"\u003eSemi distributed filesystems with ZFS and Sanoid\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/april-2025-laptop-support-and-usability-project-update/\" rel=\"nofollow\"\u003eApril 2025 Laptop Support and Usability Project Update\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20250613111800\" rel=\"nofollow\"\u003edhcpd(8): use UDP sockets instead of BPF\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eNo feedback this week. Send more...\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD version 14.3 is available, Reliable ZFS Storage on Commodity Hardware, My website is ugly because I made it, Semi distributed filesystems with ZFS and Sanoid, April 2025 Laptop Support and Usability Project Update, UDP sockets instead of BPF in dhcpd(8), and more","date_published":"2025-06-26T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3a420df4-8a63-484a-bb55-180f9cabd36f.mp3","mime_type":"audio/mpeg","size_in_bytes":153288960,"duration_in_seconds":3832}]},{"id":"8e73261c-3aa9-4348-a5be-b04fb445ef97","title":"616: FreeBSD Foundation Interview","url":"https://www.bsdnow.tv/616","content_text":"This week on the show Tom interview Deb Goodkin and Justin Gibbs from the FreeBSD Foundation.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nGuests\n\n\nDeb Goodkin\nJustin Gibbs\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\nSpecial Guests: Deb Goodkin and Justin Gibbs.","content_html":"\u003cp\u003eThis week on the show Tom interview Deb Goodkin and Justin Gibbs from the FreeBSD Foundation.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eGuests\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.linkedin.com/in/deb-goodkin-b282924a/\" rel=\"nofollow\"\u003eDeb Goodkin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.linkedin.com/in/justin-gibbs-3974671/\" rel=\"nofollow\"\u003eJustin Gibbs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSpecial Guests: Deb Goodkin and Justin Gibbs.\u003c/p\u003e","summary":"This week on the show Tom interview Deb Goodkin and Justin Gibbs from the FreeBSD Foundation.","date_published":"2025-06-19T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8e73261c-3aa9-4348-a5be-b04fb445ef97.mp3","mime_type":"audio/mpeg","size_in_bytes":45669504,"duration_in_seconds":2854}]},{"id":"ccd118f7-9bad-4c9c-8389-c7a992b81f86","title":"615: Wifi Brakes Unlocked","url":"https://www.bsdnow.tv/615","content_text":"How to unlock high speed Wi-Fi on FreeBSD 14, What We’ve Learned Supporting FreeBSD in Production, rsync replaced with openrsync on macOS Sequoia, Framework 13 AMD Setup with FreeBSD, FreeBSD on Dell Latitude 7280, Backup MX with OpenSMTPD, Notes on caddy as QUIC reverse proxy with mac_portacl, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nHow to unlock high speed Wi-Fi on FreeBSD\n14\n\n\n\nWhat We’ve Learned Supporting FreeBSD in Production\n\n\n\nNews Roundup\n\nrsync replaced with openrsync on macOS Sequoia\n\n\n\nFramework 13 AMD Setup with FreeBSD\n\n\n\nFreeBSD on Dell Latitude 7280\n\n\n\nBackup MX with OpenSMTPD\n\n\n\nNotes on caddy as QUIC reverse proxy with mac_portacl\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\nNo feedback this week.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eHow to unlock high speed Wi-Fi on FreeBSD 14, What We’ve Learned Supporting FreeBSD in Production, rsync replaced with openrsync on macOS Sequoia, Framework 13 AMD Setup with FreeBSD, FreeBSD on Dell Latitude 7280, Backup MX with OpenSMTPD, Notes on caddy as QUIC reverse proxy with mac_portacl, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/how-to-unlock-high-speed-wi-fi-on-freebsd-14/\" rel=\"nofollow\"\u003eHow to unlock high speed Wi-Fi on FreeBSD\u003cbr\u003e\n14\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/what-weve-learned-supporing-freebsd-production/\" rel=\"nofollow\"\u003eWhat We’ve Learned Supporting FreeBSD in Production\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://derflounder.wordpress.com/2025/04/06/rsync-replaced-with-openrsync-on-macos-sequoia/\" rel=\"nofollow\"\u003ersync replaced with openrsync on macOS Sequoia\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://euroquis.nl/freebsd/2025/03/16/framework.html\" rel=\"nofollow\"\u003eFramework 13 AMD Setup with FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://adventurist.me/posts/00352\" rel=\"nofollow\"\u003eFreeBSD on Dell Latitude 7280\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.feld.me/posts/2025/05/backup-mx-with-opensmtpd/\" rel=\"nofollow\"\u003eBackup MX with OpenSMTPD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://mwl.io/archives/24097\" rel=\"nofollow\"\u003eNotes on caddy as QUIC reverse proxy with mac_portacl\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003eNo feedback this week.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"How to unlock high speed Wi-Fi on FreeBSD 14, What We’ve Learned Supporting FreeBSD in Production, rsync replaced with openrsync on macOS Sequoia, Framework 13 AMD Setup with FreeBSD, FreeBSD on Dell Latitude 7280, Backup MX with OpenSMTPD, Notes on caddy as QUIC reverse proxy with mac_portacl, and more","date_published":"2025-06-12T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ccd118f7-9bad-4c9c-8389-c7a992b81f86.mp3","mime_type":"audio/mpeg","size_in_bytes":42283008,"duration_in_seconds":2642}]},{"id":"6d579b5c-33f7-4a12-adcb-0db2f77ea9a3","title":"614: Upstream Contributions Matter","url":"https://www.bsdnow.tv/614","content_text":"The Hidden Costs of Stagnation: Why Running EOL Software is a Ticking Time Bomb, Maintaining FreeBSD in a Commercial Product – Why Upstream Contributions Matter, LLMs ('AI') are coming for our jobs whether or not they work, Implement Anubis to give the bots a harder time, erspan(4): ERSPAN Type II collection, Just my memory here is how I've configure OpenBSD and FreeBSD for a IPv6 Wifi, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe Hidden Costs of Stagnation: Why Running EOL Software is a Ticking Time Bomb\n\n\n\nMaintaining FreeBSD in a Commercial Product – Why Upstream Contributions\nMatter\n\n\n\nNews Roundup\n\nLLMs ('AI') are coming for our jobs whether or not they work\n\n\n\nImplement Anubis to give the bots a harder time\n\n\n\nerspan(4): ERSPAN Type II collection\n\n\n\nJust my memory here is how I've configure OpenBSD and FreeBSD for a IPv6 Wifi\n\n\n\nBeastie Bits\n\nSome Interesting pieces of history\n\n\nNetnews History\nHistory of Solaris\nNuclear Wall Charts\n[TUHS] The Case of UNIX vs. The UNIX System\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nPaul - my setup\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe Hidden Costs of Stagnation: Why Running EOL Software is a Ticking Time Bomb, Maintaining FreeBSD in a Commercial Product – Why Upstream Contributions Matter, LLMs (\u0026#39;AI\u0026#39;) are coming for our jobs whether or not they work, Implement Anubis to give the bots a harder time, erspan(4): ERSPAN Type II collection, Just my memory here is how I\u0026#39;ve configure OpenBSD and FreeBSD for a IPv6 Wifi, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/the-hidden-costs-of-stagnation-why-running-eol-software-is-a-ticking-time-bomb/\" rel=\"nofollow\"\u003eThe Hidden Costs of Stagnation: Why Running EOL Software is a Ticking Time Bomb\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/maintaining-freebsd-commercial-product-why-upstream-contributions-matter/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eMaintaining FreeBSD in a Commercial Product – Why Upstream Contributions\u003cbr\u003e\nMatter\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/LLMsVersusOurJobs\" rel=\"nofollow\"\u003eLLMs (\u0026#39;AI\u0026#39;) are coming for our jobs whether or not they work\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2025/05/03/implement-anubis-to-give-the-bots-a-harder-time/\" rel=\"nofollow\"\u003eImplement Anubis to give the bots a harder time\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20250512100219\" rel=\"nofollow\"\u003eerspan(4): ERSPAN Type II collection\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vincentdelft.be/post/post_20250208\" rel=\"nofollow\"\u003eJust my memory here is how I\u0026#39;ve configure OpenBSD and FreeBSD for a IPv6 Wifi\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003eSome Interesting pieces of history\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.cs.columbia.edu/%7Esmb/papers/netnews-hist.pdf\" rel=\"nofollow\"\u003eNetnews History\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cse.unl.edu/%7Ewitty/class/csce351/howto/history_of_solaris.pdf\" rel=\"nofollow\"\u003eHistory of Solaris\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://econtent.unm.edu/digital/collection/nuceng/search\" rel=\"nofollow\"\u003eNuclear Wall Charts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2025-February/031403.html\" rel=\"nofollow\"\u003e[TUHS] The Case of UNIX vs. The UNIX System\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/614/feedback/Paul%20-%20my%20setup.md\" rel=\"nofollow\"\u003ePaul - my setup\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The Hidden Costs of Stagnation: Why Running EOL Software is a Ticking Time Bomb, Maintaining FreeBSD in a Commercial Product – Why Upstream Contributions Matter, LLMs ('AI') are coming for our jobs whether or not they work, Implement Anubis to give the bots a harder time, erspan(4): ERSPAN Type II collection, Just my memory here is how I've configure OpenBSD and FreeBSD for a IPv6 Wifi, and more","date_published":"2025-06-05T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6d579b5c-33f7-4a12-adcb-0db2f77ea9a3.mp3","mime_type":"audio/mpeg","size_in_bytes":61354368,"duration_in_seconds":3834}]},{"id":"efcbb139-39d9-4ae5-a0ab-8f1166709787","title":"613: DragonflyBSD 6.4.2","url":"https://www.bsdnow.tv/613","content_text":"Isolating Containers with ZFS and Linux Namespaces, DragonFly BSD 6.4.2, FreeBSD fans rally round zVault upstart, For Upcoming PF Tutorials, We Welcome Your Questions, Using ~/.ssh/authorized keys to decide what the incoming connection can do, PDF bruteforce tool to recover locked files, How and why typical (SaaS) pricing is too high for university departments, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nIsolating Containers with ZFS and Linux Namespaces\n\n\n\nDragonFly BSD 6.4.2\n\n\n\nFreeBSD fans rally round zVault upstart\n\n\n\nNews Roundup\n\nFor Upcoming PF Tutorials, We Welcome Your Questions\n\n\n\nUsing ~/.ssh/authorized keys to decide what the incoming connection can do\n\n\n\nPDF bruteforce tool to recover locked files\n\n\n\nHow and why typical (SaaS) pricing is too high for university departments\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nNils - CFP\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eIsolating Containers with ZFS and Linux Namespaces, DragonFly BSD 6.4.2, FreeBSD fans rally round zVault upstart, For Upcoming PF Tutorials, We Welcome Your Questions, Using ~/.ssh/authorized keys to decide what the incoming connection can do, PDF bruteforce tool to recover locked files, How and why typical (SaaS) pricing is too high for university departments, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/isolating-containers-with-zfs-and-linux-namespaces/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eIsolating Containers with ZFS and Linux Namespaces\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.dragonflybsd.org/release64/\" rel=\"nofollow\"\u003eDragonFly BSD 6.4.2\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2025/05/12/second_preview_zvault/\" rel=\"nofollow\"\u003eFreeBSD fans rally round zVault upstart\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://bsdly.blogspot.com/2025/05/for-upcoming-pf-tutorials-we-welcome.html\" rel=\"nofollow\"\u003eFor Upcoming PF Tutorials, We Welcome Your Questions\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2025/04/17/using-ssh-authorized-keys-to-decide-what-the-incoming-connection-can-do/\" rel=\"nofollow\"\u003eUsing ~/.ssh/authorized keys to decide what the incoming connection can do\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2025-03-09-test-pdf-passwords.html\" rel=\"nofollow\"\u003ePDF bruteforce tool to recover locked files\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/UniversityTypicalPricingTooHigh\" rel=\"nofollow\"\u003eHow and why typical (SaaS) pricing is too high for university departments\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/612/feedback/nils%20-%20CFP.md\" rel=\"nofollow\"\u003eNils - CFP\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Isolating Containers with ZFS and Linux Namespaces, DragonFly BSD 6.4.2, FreeBSD fans rally round zVault upstart, For Upcoming PF Tutorials, We Welcome Your Questions, Using ~/.ssh/authorized keys to decide what the incoming connection can do, PDF bruteforce tool to recover locked files, How and why typical (SaaS) pricing is too high for university departments, and more","date_published":"2025-05-29T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/efcbb139-39d9-4ae5-a0ab-8f1166709787.mp3","mime_type":"audio/mpeg","size_in_bytes":51264768,"duration_in_seconds":3204}]},{"id":"445e8ddd-cc74-4299-aa42-c8ba5e8d2d93","title":"612: Zip Bomb Protection","url":"https://www.bsdnow.tv/612","content_text":"I use Zip Bombs to Protect my Server, Owning the Stack: Infrastructure Independence with FreeBSD and ZFS, Optimisation of parallel TCP input, Chosing between \"it works for now\" and \"it works in the long term\", Losing one of my evenings after an OpenBSD upgrade, What drive did I just remove from the system?, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nI use Zip Bombs to Protect my Server\n\n\n\nOwning the Stack: Infrastructure Independence with FreeBSD and ZFS\n\n\n\n\nNews Roundup\n\nOptimisation of parallel TCP input\n\n\n\nChosing between \"it works for now\" and \"it works in the long term\"\n\n\n\nLosing one of my evenings after an OpenBSD upgrade\n\n\n\nWhat drive did I just remove from the system?\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nBenjamin - Street PCs\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eI use Zip Bombs to Protect my Server, Owning the Stack: Infrastructure Independence with FreeBSD and ZFS, Optimisation of parallel TCP input, Chosing between \u0026quot;it works for now\u0026quot; and \u0026quot;it works in the long term\u0026quot;, Losing one of my evenings after an OpenBSD upgrade, What drive did I just remove from the system?, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://idiallo.com/blog/zipbomb-protection\" rel=\"nofollow\"\u003eI use Zip Bombs to Protect my Server\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/owning-the-stack-infrastructure-independence-with-freebsd-zfs/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eOwning the Stack: Infrastructure Independence with FreeBSD and ZFS\u003cbr\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20250508122430\" rel=\"nofollow\"\u003eOptimisation of parallel TCP input\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/WorksNowVsWorksGenerally\" rel=\"nofollow\"\u003eChosing between \u0026quot;it works for now\u0026quot; and \u0026quot;it works in the long term\u0026quot;\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ncartron.org/losing-one-of-my-evenings-after-an-openbsd-upgrade.html\" rel=\"nofollow\"\u003eLosing one of my evenings after an OpenBSD upgrade\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2025/04/21/what-drive-did-i-just-remove-from-the-system/\" rel=\"nofollow\"\u003eWhat drive did I just remove from the system?\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/613/feedback/Benjamin%20-%20street%20pcs.md\" rel=\"nofollow\"\u003eBenjamin - Street PCs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"I use Zip Bombs to Protect my Server, Owning the Stack: Infrastructure Independence with FreeBSD and ZFS, Optimisation of parallel TCP input, Chosing between \"it works for now\" and \"it works in the long term\", Losing one of my evenings after an OpenBSD upgrade, What drive did I just remove from the system?, and more\r\n","date_published":"2025-05-22T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/445e8ddd-cc74-4299-aa42-c8ba5e8d2d93.mp3","mime_type":"audio/mpeg","size_in_bytes":36056832,"duration_in_seconds":2253}]},{"id":"3436e540-2590-4a5e-9caa-5762b7c159bd","title":"611: Ghosty Things","url":"https://www.bsdnow.tv/611","content_text":"GhostBSD: From Usability to Struggle and Renewal, Why You Can’t Trust AI to Tune ZFS, Introducing bpflogd(8): capture packets via BPF to log files, What I'd do as a College Freshman in 2025, FreeBSD and KDE Plasma generations, Improvements to the FreeBSD CI/CD systems, FreeBSD as a Workstation, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nGhostBSD: From Usability to Struggle and Renewal\n\n\n\nWhy You Can’t Trust AI to Tune ZFS\n\n\n\nNews Roundup\n\nIntroducing bpflogd(8): capture packets via BPF to log files\n\n\n\nWhat I'd do as a College Freshman in 2025\n\n\n\nFreeBSD and KDE Plasma generations\n\n\n\nImprovements to the FreeBSD CI/CD systems\n\n\n\nFreeBSD as a Workstation\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\nEffie - FreeBSD as a Workstation\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eGhostBSD: From Usability to Struggle and Renewal, Why You Can’t Trust AI to Tune ZFS, Introducing bpflogd(8): capture packets via BPF to log files, What I\u0026#39;d do as a College Freshman in 2025, FreeBSD and KDE Plasma generations, Improvements to the FreeBSD CI/CD systems, FreeBSD as a Workstation, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/our-work/journal/browser-based-edition/downstreams/ghostbsd-from-usability-to-struggle-and-renewal/\" rel=\"nofollow\"\u003eGhostBSD: From Usability to Struggle and Renewal\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/why-you-cant-trust-ai-to-tune-zfs/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eWhy You Can’t Trust AI to Tune ZFS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250425074505\" rel=\"nofollow\"\u003eIntroducing bpflogd(8): capture packets via BPF to log files\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://muratbuffalo.blogspot.com/2025/04/what-id-do-as-college-freshman.html\" rel=\"nofollow\"\u003eWhat I\u0026#39;d do as a College Freshman in 2025\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://euroquis.nl//freebsd/2025/03/02/kde5.html\" rel=\"nofollow\"\u003eFreeBSD and KDE Plasma generations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/improvements-to-the-freebsd-ci-cd-systems/\" rel=\"nofollow\"\u003eImprovements to the FreeBSD CI/CD systems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://darknet.sytes.net/wordpress/index.php/2025/03/16/freebsd-as-a-workstation/\" rel=\"nofollow\"\u003eFreeBSD as a Workstation\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/611/feedback/effie%20-%20freebsd%20as%20a%20workstation.md\" rel=\"nofollow\"\u003eEffie - FreeBSD as a Workstation\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"GhostBSD: From Usability to Struggle and Renewal, Why You Can’t Trust AI to Tune ZFS, Introducing bpflogd(8): capture packets via BPF to log files, What I'd do as a College Freshman in 2025, FreeBSD and KDE Plasma generations, Improvements to the FreeBSD CI/CD systems, FreeBSD as a Workstation, and more","date_published":"2025-05-15T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3436e540-2590-4a5e-9caa-5762b7c159bd.mp3","mime_type":"audio/mpeg","size_in_bytes":47079552,"duration_in_seconds":2942}]},{"id":"c5685d50-e22b-4162-a0e6-e95482c79364","title":"610: OpenBSD 7.7","url":"https://www.bsdnow.tv/610","content_text":"OpenBSD 7.7, ZFS Orchestration Tools – Part 2: Replication, Switching customers from Linux to BSD because boring is good, Graphed and measured: running TCP input in parallel, Introducing an OpenBSD LLDP daemon, Hardware discovery: ACPI \u0026amp; Device Tree, The 2025 FreeBSD Community Survey is Here, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD 7.7\n\n\n\nZFS Orchestration Tools – Part 2: Replication\n\n\n\nNews Roundup\n\nSwitching customers from Linux to BSD because boring is good\n\n\n\nGraphed and measured: running TCP input in parallel\n\n\n\nIntroducing an OpenBSD LLDP daemon\n\n\n\nHardware discovery: ACPI \u0026amp; Device Tree\n\n\n\nThe 2025 FreeBSD Community Survey is Here\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nBrad - new users\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenBSD 7.7, ZFS Orchestration Tools – Part 2: Replication, Switching customers from Linux to BSD because boring is good, Graphed and measured: running TCP input in parallel, Introducing an OpenBSD LLDP daemon, Hardware discovery: ACPI \u0026amp; Device Tree, The 2025 FreeBSD Community Survey is Here, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://OpenBSD.org/77.html\" rel=\"nofollow\"\u003eOpenBSD 7.7\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-orchestration-tools-part-2-replication/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eZFS Orchestration Tools – Part 2: Replication\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2024/10/08/switching_from_linux_to_bsd/\" rel=\"nofollow\"\u003eSwitching customers from Linux to BSD because boring is good\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250418114827\" rel=\"nofollow\"\u003eGraphed and measured: running TCP input in parallel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250425082010\" rel=\"nofollow\"\u003eIntroducing an OpenBSD LLDP daemon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blogsystem5.substack.com/p/hardware-autoconfiguration\" rel=\"nofollow\"\u003eHardware discovery: ACPI \u0026amp; Device Tree\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/the-2025-freebsd-community-survey-is-here/\" rel=\"nofollow\"\u003eThe 2025 FreeBSD Community Survey is Here\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/610/feedback/brad%20-%20new%20users.md\" rel=\"nofollow\"\u003eBrad - new users\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenBSD 7.7, ZFS Orchestration Tools – Part 2: Replication, Switching customers from Linux to BSD because boring is good, Graphed and measured: running TCP input in parallel, Introducing an OpenBSD LLDP daemon, Hardware discovery: ACPI \u0026 Device Tree, The 2025 FreeBSD Community Survey is Here, and more","date_published":"2025-05-08T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c5685d50-e22b-4162-a0e6-e95482c79364.mp3","mime_type":"audio/mpeg","size_in_bytes":59646336,"duration_in_seconds":3727}]},{"id":"6ea22d34-c89b-4ee8-9c3a-b85dcf18e5b1","title":"609: Toe-Dipping in Amsterdam","url":"https://www.bsdnow.tv/609","content_text":"Inside FreeBSD Netgraph: Behind the Curtain of Advanced Networking, Launching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator, OpenZFS Cheat Sheet, Dipping my toes in OpenBSD in Amsterdam, SSH keys from a command: sshd's AuthorizedKeysCommand directive, How to move bhyve VM and Jail container from one host to another host, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nInside FreeBSD Netgraph: Behind the Curtain of Advanced Networking\n\n\n\nLaunching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator\n\n\n\nNews Roundup\n\nOpenZFS Cheat Sheet\n\n\n\nDipping my toes in OpenBSD, in Amsterdam\n\n\n\nSSH keys from a command: sshd's AuthorizedKeysCommand directive\n\n\n\nHow to move bhyve VM and Jail container from one host to another host ?\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nDave - Webstack\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eInside FreeBSD Netgraph: Behind the Curtain of Advanced Networking, Launching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator, OpenZFS Cheat Sheet, Dipping my toes in OpenBSD in Amsterdam, SSH keys from a command: sshd\u0026#39;s AuthorizedKeysCommand directive, How to move bhyve VM and Jail container from one host to another host, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/inside-freebsd-netgraph-advanced-networking/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eInside FreeBSD Netgraph: Behind the Curtain of Advanced Networking\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2025/04/07/launching-bssg-my-journey-from-dynamic-cms-to-bash-static-site-generator/\" rel=\"nofollow\"\u003eLaunching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/openzfs-cheat-sheet/\" rel=\"nofollow\"\u003eOpenZFS Cheat Sheet\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://ewintr.nl/posts/2025/dipping-my-toes-in-openbsd-in-amsterdam/\" rel=\"nofollow\"\u003eDipping my toes in OpenBSD, in Amsterdam\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jpmens.net/2025/03/25/authorizedkeyscommand-in-sshd/\" rel=\"nofollow\"\u003eSSH keys from a command: sshd\u0026#39;s AuthorizedKeysCommand directive\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vincentdelft.be/post/post_20250215\" rel=\"nofollow\"\u003eHow to move bhyve VM and Jail container from one host to another host ?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/tree/master/episodes/609/feedback\" rel=\"nofollow\"\u003eDave - Webstack\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Inside FreeBSD Netgraph: Behind the Curtain of Advanced Networking, Launching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator, OpenZFS Cheat Sheet, Dipping my toes in OpenBSD in Amsterdam, SSH keys from a command: sshd's AuthorizedKeysCommand directive, How to move bhyve VM and Jail container from one host to another host, and more","date_published":"2025-05-01T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6ea22d34-c89b-4ee8-9c3a-b85dcf18e5b1.mp3","mime_type":"audio/mpeg","size_in_bytes":52603008,"duration_in_seconds":3287}]},{"id":"2c8bb44d-bc8c-468c-8556-74ec308bbc46","title":"608: Reboot required","url":"https://www.bsdnow.tv/608","content_text":"Robust \u0026amp; Reliable Backup Solutions with OpenZFS, Why I Maintain a 17 Year Old Thinkpad, Motivations, Tinker Writer Deck, How to tell if FreeBSD needs a Reboot using kernel version check, Techie pulled an all-nighter that one mistake turned into an all-weekender, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWorld Backup Day 2025: Robust \u0026amp; Reliable Backup Solutions with OpenZFS\n\n\n\nWhy I Maintain a 17 Year Old Thinkpad\n\n\n\nNews Roundup\n\nMotivations\n\n\n\nTinker Writer Deck\n\n\n\nHow to tell if FreeBSD needs a Reboot using kernel version check\n\n\n\nTechie pulled an all-nighter that one mistake turned into an all-weekender\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nIan - Personal Web Stack\nBrendan - Storage Backends\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eRobust \u0026amp; Reliable Backup Solutions with OpenZFS, Why I Maintain a 17 Year Old Thinkpad, Motivations, Tinker Writer Deck, How to tell if FreeBSD needs a Reboot using kernel version check, Techie pulled an all-nighter that one mistake turned into an all-weekender, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/world-backup-day-2025-robust-reliable-backup-solutions-with-openzfs/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eWorld Backup Day 2025: Robust \u0026amp; Reliable Backup Solutions with OpenZFS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://pilledtexts.com/why-i-use-a-17-year-old-thinkpad/\" rel=\"nofollow\"\u003eWhy I Maintain a 17 Year Old Thinkpad\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://stevengharms.com/longform/my-first-freebsd/motivations/\" rel=\"nofollow\"\u003eMotivations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://tinker.sh/\" rel=\"nofollow\"\u003eTinker Writer Deck\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.cyberciti.biz/faq/freebsd-determine-if-a-system-reboot-is-necessary/\" rel=\"nofollow\"\u003eHow to tell if FreeBSD needs a Reboot using kernel version check\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2025/03/03/who_me/\" rel=\"nofollow\"\u003eTechie pulled an all-nighter that one mistake turned into an all-weekender\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/608/feedback/ian%20-%20personal%20stack.md\" rel=\"nofollow\"\u003eIan - Personal Web Stack\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/608/feedback/brendan%20-%20storage%20backends.md\" rel=\"nofollow\"\u003eBrendan - Storage Backends\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Robust \u0026 Reliable Backup Solutions with OpenZFS, Why I Maintain a 17 Year Old Thinkpad, Motivations, Tinker Writer Deck, How to tell if FreeBSD needs a Reboot using kernel version check, Techie pulled an all-nighter that one mistake turned into an all-weekender, and more","date_published":"2025-04-24T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2c8bb44d-bc8c-468c-8556-74ec308bbc46.mp3","mime_type":"audio/mpeg","size_in_bytes":46584192,"duration_in_seconds":2911}]},{"id":"8c8a9cb9-441e-40a7-9655-ee7d148ef6eb","title":"607: Sign those commits","url":"https://www.bsdnow.tv/607","content_text":"We should improve libzfs somewhat, Accurate Effective Storage Performance Benchmark, Debugging aids for pf firewall rules on FreeBSD, OpenBSD and Thunderbolt issue on ThinkPad T480s, Signing Git Commits with an SSH key, Pgrep, LibreOffice downloads on the rise, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWe should improve libzfs somewhat\n\n\n\nAccurate Effective Storage Performance Benchmark\n\n\n\nNews Roundup\n\nDebugging aids for pf firewall rules on FreeBSD\n\n\n\nOpenBSD and Thunderbolt issue on ThinkPad T480s\n\n\n\nSigning Git Commits with an SSH key\n\n\n\nPgrep\n\n\n\nLibreOffice downloads on the rise as users look to avoid subscription costs\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nFelix - Bhyve and NVME\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eWe should improve libzfs somewhat, Accurate Effective Storage Performance Benchmark, Debugging aids for pf firewall rules on FreeBSD, OpenBSD and Thunderbolt issue on ThinkPad T480s, Signing Git Commits with an SSH key, Pgrep, LibreOffice downloads on the rise, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://despairlabs.com/blog/posts/2025-03-12-we-should-improve-libzfs-somewhat/\" rel=\"nofollow\"\u003eWe should improve libzfs somewhat\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/accurate-effective-storage-performance-benchmark/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eAccurate Effective Storage Performance Benchmark\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2025/02/24/debugging-aids-for-pf-firewall-rules-on-freebsd/\" rel=\"nofollow\"\u003eDebugging aids for pf firewall rules on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2025/openbsd-and-thunderbolt-issue-on-thinkpad-t480s/\" rel=\"nofollow\"\u003eOpenBSD and Thunderbolt issue on ThinkPad T480s\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jpmens.net/2025/02/26/signing-git-commits-with-an-ssh-key/\" rel=\"nofollow\"\u003eSigning Git Commits with an SSH key\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.c0t0d0s0.org/blog/pgrep-z-r.html\" rel=\"nofollow\"\u003ePgrep\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.computerworld.com/article/3840480/libreoffice-downloads-on-the-rise-as-users-look-to-avoid-subscription-costs.html\" rel=\"nofollow\"\u003eLibreOffice downloads on the rise as users look to avoid subscription costs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/607/feedback/Felix%20-%20bhyve%20and%20nvme.md\" rel=\"nofollow\"\u003eFelix - Bhyve and NVME\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"We should improve libzfs somewhat, Accurate Effective Storage Performance Benchmark, Debugging aids for pf firewall rules on FreeBSD, OpenBSD and Thunderbolt issue on ThinkPad T480s, Signing Git Commits with an SSH key, Pgrep, LibreOffice downloads on the rise, and more","date_published":"2025-04-17T18:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8c8a9cb9-441e-40a7-9655-ee7d148ef6eb.mp3","mime_type":"audio/mpeg","size_in_bytes":54202368,"duration_in_seconds":3387}]},{"id":"36cf0e74-8983-4d33-a8ae-2a44c5c62f5b","title":"606: Tackling 7k bugs","url":"https://www.bsdnow.tv/606","content_text":"FreeBSD 13.5-RELEASE Now Available, From Chaos to Clarity: How We Tackled FreeBSD’s 7,000 Bug Backlog, zfs-2.3.1, Complications of funding an open source operating system, Why Choose to Use the BSDs in 2025, First Use on GhostBSD, Better Shell History Search, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD 13.5-RELEASE Now Available\n\n\n\nFrom Chaos to Clarity: How We Tackled FreeBSD’s 7,000 Bug Backlog\n\n\n\nNews Roundup\n\nzfs-2.3.1\n\n\n\nComplications of funding an open source operating system\n\n\n\nWhy Choose to Use the BSDs in 2025\n\n\n\nFirst Use on GhostBSD\n\n\n\nBetter Shell History Search\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nRussell - Questions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD 13.5-RELEASE Now Available, From Chaos to Clarity: How We Tackled FreeBSD’s 7,000 Bug Backlog, zfs-2.3.1, Complications of funding an open source operating system, Why Choose to Use the BSDs in 2025, First Use on GhostBSD, Better Shell History Search, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-announce/2025-March/000181.html\" rel=\"nofollow\"\u003eFreeBSD 13.5-RELEASE Now Available\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/from-chaos-to-clarity-how-we-tackled-freebsds-7000-bug-backlog/\" rel=\"nofollow\"\u003eFrom Chaos to Clarity: How We Tackled FreeBSD’s 7,000 Bug Backlog\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/openzfs/zfs/releases/tag/zfs-2.3.1\" rel=\"nofollow\"\u003ezfs-2.3.1\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://posixcafe.org/blogs/2025/03/11/0/\" rel=\"nofollow\"\u003eComplications of funding an open source operating system\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2025/03/23/osday-2025-why-choose-bsd-in-2025/\" rel=\"nofollow\"\u003eWhy Choose to Use the BSDs in 2025\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://technophobeconfessions.wordpress.com/2025/03/18/first-use-on-ghostbsd/\" rel=\"nofollow\"\u003eFirst Use on GhostBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://tratt.net/laurie/blog/2025/better_shell_history_search.html\" rel=\"nofollow\"\u003eBetter Shell History Search\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/606/feedback/russell%20-%20questions.md\" rel=\"nofollow\"\u003eRussell - Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD 13.5-RELEASE Now Available, From Chaos to Clarity: How We Tackled FreeBSD’s 7,000 Bug Backlog, zfs-2.3.1, Complications of funding an open source operating system, Why Choose to Use the BSDs in 2025, First Use on GhostBSD, Better Shell History Search, and more","date_published":"2025-04-10T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/36cf0e74-8983-4d33-a8ae-2a44c5c62f5b.mp3","mime_type":"audio/mpeg","size_in_bytes":68451456,"duration_in_seconds":4278}]},{"id":"0d283001-f1dc-4ca1-9d48-f10bf0e58d6e","title":"605: Fediverse Weather Service","url":"https://www.bsdnow.tv/605","content_text":"FediMeteo: How a Tiny €4 FreeBSD VPS Became a Global Weather Service for Thousands, Core Infrastructure: Why You Need to Control Your NTP, Automatic Display switch for OpenBSD laptop, Using a 2013 Mac Pro as a FreeBSD Desktop, Some terminal frustrations, Copying all files of a directory, including hidden ones, with cp, You Should Use /tmp/ More, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFediMeteo: How a Tiny €4 FreeBSD VPS Became a Global Weather Service for Thousands\n\n\n\nCore Infrastructure: Why You Need to Control Your NTP\n\n\n\nNews Roundup\n\nAutomatic Display switch for OpenBSD laptop\n\n\n\nUsing a 2013 Mac Pro as a FreeBSD Desktop\n\n\n\nSome terminal frustrations\n\n\n\nCopying all files of a directory, including hidden ones, with cp\n\n\n\nYou Should Use /tmp/ More\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nTyler - Toms request\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFediMeteo: How a Tiny €4 FreeBSD VPS Became a Global Weather Service for Thousands, Core Infrastructure: Why You Need to Control Your NTP, Automatic Display switch for OpenBSD laptop, Using a 2013 Mac Pro as a FreeBSD Desktop, Some terminal frustrations, Copying all files of a directory, including hidden ones, with cp, You Should Use /tmp/ More, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2025/02/26/fedimeteo-how-a-tiny-freebsd-vps-became-a-global-weather-service-for-thousands/\" rel=\"nofollow\"\u003eFediMeteo: How a Tiny €4 FreeBSD VPS Became a Global Weather Service for Thousands\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/core-infrastructure-why-you-need-to-control-your-ntp/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eCore Infrastructure: Why You Need to Control Your NTP\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/automatic-display-switch-for-openbsd-laptop/\" rel=\"nofollow\"\u003eAutomatic Display switch for OpenBSD laptop\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/using-a-2013-mac-pro-as-a-freebsd-desktop.96805/\" rel=\"nofollow\"\u003eUsing a 2013 Mac Pro as a FreeBSD Desktop\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jvns.ca/blog/2025/02/05/some-terminal-frustrations/\" rel=\"nofollow\"\u003eSome terminal frustrations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://bhoot.dev/2025/cp-dot-copies-everything/\" rel=\"nofollow\"\u003eCopying all files of a directory, including hidden ones, with cp\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://atthis.link/blog/2025/58671.html\" rel=\"nofollow\"\u003eYou Should Use /tmp/ More\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/605/feedback/Tyler%20-%20Toms%20request.md\" rel=\"nofollow\"\u003eTyler - Toms request\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FediMeteo: How a Tiny €4 FreeBSD VPS Became a Global Weather Service for Thousands, Core Infrastructure: Why You Need to Control Your NTP, Automatic Display switch for OpenBSD laptop, Using a 2013 Mac Pro as a FreeBSD Desktop, Some terminal frustrations, Copying all files of a directory, including hidden ones, with cp, You Should Use /tmp/ More, and more","date_published":"2025-04-03T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0d283001-f1dc-4ca1-9d48-f10bf0e58d6e.mp3","mime_type":"audio/mpeg","size_in_bytes":56369664,"duration_in_seconds":3523}]},{"id":"a942703c-56b7-4c72-a047-bb79bc5d23ff","title":"604: Future looks back","url":"https://www.bsdnow.tv/604","content_text":"The Future Looking Back At Us: Joanne McNeil on Cyberpunk, Why ZFS reports less available space, We are destroying software, FreeBSD 13.5 Overcomes UFS Y2038 Problem To Push It Out To Year 2106, 1972 UNIX V2 \"Beta\" Resurrected, Some thoughts on why 'inetd activation' didn't catch on, If you believe in “Artificial Intelligence”, take five minutes to ask it about stuff you know well, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe Future Looking Back At Us: Joanne McNeil on Cyberpunk\n\n\n\nWhy ZFS reports less available space space accounting explained/\n\n\n\nWe are destroying software\n\n\n\nNews Roundup\n\nFreeBSD 13.5 Overcomes UFS Y2038 Problem To Push It Out To Year 2106\n\n\n\nTUHS: 1972 UNIX V2 \"Beta\" Resurrected\n\n\n\nSome thoughts on why 'inetd activation' didn't catch on\n\n\n\nIf you believe in “Artificial Intelligence”, take five minutes to ask it about stuff you know well\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nNelson - gcc puzzlement\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe Future Looking Back At Us: Joanne McNeil on Cyberpunk, Why ZFS reports less available space, We are destroying software, FreeBSD 13.5 Overcomes UFS Y2038 Problem To Push It Out To Year 2106, 1972 UNIX V2 \u0026quot;Beta\u0026quot; Resurrected, Some thoughts on why \u0026#39;inetd activation\u0026#39; didn\u0026#39;t catch on, If you believe in “Artificial Intelligence”, take five minutes to ask it about stuff you know well, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://filmmakermagazine.com/127295-joanne-mcneil-cyberpunk/\" rel=\"nofollow\"\u003eThe Future Looking Back At Us: Joanne McNeil on Cyberpunk\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/why-zfs-reports-less-available-space-space-accounting-explained/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eWhy ZFS reports less available space space accounting explained/\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://antirez.com/news/145\" rel=\"nofollow\"\u003eWe are destroying software\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.phoronix.com/news/FreeBSD-13.5-Beta-2\" rel=\"nofollow\"\u003eFreeBSD 13.5 Overcomes UFS Y2038 Problem To Push It Out To Year 2106\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2025-February/031420.html\" rel=\"nofollow\"\u003eTUHS: 1972 UNIX V2 \u0026quot;Beta\u0026quot; Resurrected\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/InetdActivationWhyNot\" rel=\"nofollow\"\u003eSome thoughts on why \u0026#39;inetd activation\u0026#39; didn\u0026#39;t catch on\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://svpow.com/2025/02/14/if-you-believe-in-artificial-intelligence-take-five-minutes-to-ask-it-about-stuff-you-know-well/\" rel=\"nofollow\"\u003eIf you believe in “Artificial Intelligence”, take five minutes to ask it about stuff you know well\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/604/feedback/Nelson%20-%20gcc%20puzzlement.md\" rel=\"nofollow\"\u003eNelson - gcc puzzlement\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The Future Looking Back At Us: Joanne McNeil on Cyberpunk, Why ZFS reports less available space, We are destroying software, FreeBSD 13.5 Overcomes UFS Y2038 Problem To Push It Out To Year 2106, 1972 UNIX V2 \"Beta\" Resurrected, Some thoughts on why 'inetd activation' didn't catch on, If you believe in “Artificial Intelligence”, take five minutes to ask it about stuff you know well, and more","date_published":"2025-03-27T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a942703c-56b7-4c72-a047-bb79bc5d23ff.mp3","mime_type":"audio/mpeg","size_in_bytes":47195136,"duration_in_seconds":2949}]},{"id":"b363b18d-79bf-4cdb-bb98-d22bb66a99be","title":"603: Expanding the RAID-Z","url":"https://www.bsdnow.tv/603","content_text":"OpenZFS RAID-Z Expansion: A New Era in Storage Flexibility, ZFS Orchestration Tools – Part 1: Snapshots, The Case of UNIX vs. The UNIX System, OpenBGPD 8.8 released, OPNsense 25.1, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenZFS RAID-Z Expansion: A New Era in Storage Flexibility\n\n\n\nZFS Orchestration Tools – Part 1: Snapshots\n\n\n\nNews Roundup\n\nManage OpenBSD with AWS Systems Manager\n\n\n\nTUHS:The Case of UNIX vs. The UNIX System\n\n\n\nOpenBGPD 8.8 released\n\n\n\nOPNsense 25.1\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenZFS RAID-Z Expansion: A New Era in Storage Flexibility, ZFS Orchestration Tools – Part 1: Snapshots, The Case of UNIX vs. The UNIX System, OpenBGPD 8.8 released, OPNsense 25.1, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/openzfs-raid-z-expansion-a-new-era-in-storage-flexibility/\" rel=\"nofollow\"\u003eOpenZFS RAID-Z Expansion: A New Era in Storage Flexibility\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-orchestration-part-1-zfs-snapshots-tools/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eZFS Orchestration Tools – Part 1: Snapshots\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://rsadowski.de/posts/2025-01-23-manage-openbsd-with-ssm/\" rel=\"nofollow\"\u003eManage OpenBSD with AWS Systems Manager\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2025-February/031403.html\" rel=\"nofollow\"\u003eTUHS:The Case of UNIX vs. The UNIX System\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20250207192657\" rel=\"nofollow\"\u003eOpenBGPD 8.8 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=45460.msg227323\" rel=\"nofollow\"\u003eOPNsense 25.1\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenZFS RAID-Z Expansion: A New Era in Storage Flexibility, ZFS Orchestration Tools – Part 1: Snapshots, The Case of UNIX vs. The UNIX System, OpenBGPD 8.8 released, OPNsense 25.1, and more","date_published":"2025-03-20T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b363b18d-79bf-4cdb-bb98-d22bb66a99be.mp3","mime_type":"audio/mpeg","size_in_bytes":34948992,"duration_in_seconds":2184}]},{"id":"047f1a53-de88-41b8-bff2-c25e006dd164","title":"602: Wildcard Gotchas","url":"https://www.bsdnow.tv/602","content_text":"I Tried FreeBSD as a Desktop in 2025. Here's How It Went, Cray 1 Supercomputer Performance Comparisons With Home Computers Phones and Tablets, The first perfect computer, Find Name Wildcard Gotcha, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nI Tried FreeBSD as a Desktop in 2025. Here's How It Went\n\n\n\nCray 1 Supercomputer Performance Comparisons With Home Computers Phones and Tablets\n\n\n\nNews Roundup\n\nState of virtualizing the BSDs on Apple Silicon\n\n\n\nThe first perfect computer\n\n\n\nFind Name Wildcard Gotcha\n\n\n\nNew Patreon Levels\n\nLevel 1 - user memory (Tip Jar) @ $1 / month\nShow your support for the show\n\nLevel 2 - virtual memory (Ad-Free Episodes) @ $5 / month\nAd-free episodes\n\nLevel 3 - kmem (VIP Patron) @ $10 / month\nEverything in higher memory levels \u0026amp;\nYour feedback and questions jump the queue and go in the next episode.\nPersonal shout outs (with your consent) for recommending articles we cover.\n\nLevel 4 - physical memory @ $20 / month\nWhat's included:\nEverything in higher memory levels \u0026amp;\nYou can send in audio/video questions and we'll air your audio in the show feedback section (if the quality of your recording is decent)\nBehind-the-scenes content - Raw Video from Recording sessions with intro/outro discussion not included in the show\nAdditional Content when we all make it\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eI Tried FreeBSD as a Desktop in 2025. Here\u0026#39;s How It Went, Cray 1 Supercomputer Performance Comparisons With Home Computers Phones and Tablets, The first perfect computer, Find Name Wildcard Gotcha, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.howtogeek.com/i-tried-freebsd-as-a-desktop-heres-how-it-went/\" rel=\"nofollow\"\u003eI Tried FreeBSD as a Desktop in 2025. Here\u0026#39;s How It Went\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.roylongbottom.org.uk/Cray%201%20Supercomputer%20Performance%20Comparisons%20With%20Home%20Computers%20Phones%20and%20Tablets.htm\" rel=\"nofollow\"\u003eCray 1 Supercomputer Performance Comparisons With Home Computers Phones and Tablets\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/20250222.html\" rel=\"nofollow\"\u003eState of virtualizing the BSDs on Apple Silicon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://celso.io/posts/2025/01/26/the-first-perfect-computer/\" rel=\"nofollow\"\u003eThe first perfect computer\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/FindNameWildcardGotcha\" rel=\"nofollow\"\u003eFind Name Wildcard Gotcha\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNew Patreon Levels\u003c/h2\u003e\n\n\u003cp\u003eLevel 1 - user memory (Tip Jar) @ $1 / month\u003cbr\u003e\nShow your support for the show\u003c/p\u003e\n\n\u003cp\u003eLevel 2 - virtual memory (Ad-Free Episodes) @ $5 / month\u003cbr\u003e\nAd-free episodes\u003c/p\u003e\n\n\u003cp\u003eLevel 3 - kmem (VIP Patron) @ $10 / month\u003cbr\u003e\nEverything in higher memory levels \u0026amp;\u003cbr\u003e\nYour feedback and questions jump the queue and go in the next episode.\u003cbr\u003e\nPersonal shout outs (with your consent) for recommending articles we cover.\u003c/p\u003e\n\n\u003cp\u003eLevel 4 - physical memory @ $20 / month\u003cbr\u003e\nWhat\u0026#39;s included:\u003cbr\u003e\nEverything in higher memory levels \u0026amp;\u003cbr\u003e\nYou can send in audio/video questions and we\u0026#39;ll air your audio in the show feedback section (if the quality of your recording is decent)\u003cbr\u003e\nBehind-the-scenes content - Raw Video from Recording sessions with intro/outro discussion not included in the show\u003cbr\u003e\nAdditional Content when we all make it\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"I Tried FreeBSD as a Desktop in 2025. Here's How It Went, Cray 1 Supercomputer Performance Comparisons With Home Computers Phones and Tablets, The first perfect computer, Find Name Wildcard Gotcha, and more","date_published":"2025-03-13T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/047f1a53-de88-41b8-bff2-c25e006dd164.mp3","mime_type":"audio/mpeg","size_in_bytes":54905088,"duration_in_seconds":3431}]},{"id":"56687453-cb0c-4a65-9235-68a9816b22e2","title":"601: The Monospace Web","url":"https://www.bsdnow.tv/601","content_text":"The PC is Dead: It’s Time to Make Computing Personal Again, The Biggest Unix Security Loophole, The monospace Web, What a FreeBSD kernel message about your bridge means, Installing FreeBSD on a HP 250 G9, Networking for System Administrators, and more.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe PC is Dead: It’s Time to Make Computing Personal Again\n\n\n\nThe Biggest Unix Security Loophole\n\n\n\nNews Roundup\n\nThe monospace Web\n\n\n\nWhat a FreeBSD kernel message about your bridge means\n\n\n\nInstalling FreeBSD on a HP 250 G9\n\n\n\nNetworking for System Administrators\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe PC is Dead: It’s Time to Make Computing Personal Again, The Biggest Unix Security Loophole, The monospace Web, What a FreeBSD kernel message about your bridge means, Installing FreeBSD on a HP 250 G9, Networking for System Administrators, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.vintagecomputing.com/index.php/archives/3292/the-pc-is-dead-its-time-to-make-computing-personal-again\" rel=\"nofollow\"\u003eThe PC is Dead: It’s Time to Make Computing Personal Again\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tuhs.org/Archive/Documentation/TechReports/Bell_Labs/ReedsShellHoles.pdf\" rel=\"nofollow\"\u003eThe Biggest Unix Security Loophole\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://owickstrom.github.io/the-monospace-web/\" rel=\"nofollow\"\u003eThe monospace Web\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/FreeBSDBridgeMacMovedMessage\" rel=\"nofollow\"\u003eWhat a FreeBSD kernel message about your bridge means\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://brunopacheco1.github.io/posts/installing-freebsd-on-hp-250-g9/\" rel=\"nofollow\"\u003eInstalling FreeBSD on a HP 250 G9\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://mwl.io/nonfiction/networking#n4sa\" rel=\"nofollow\"\u003eNetworking for System Administrators\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The PC is Dead: It’s Time to Make Computing Personal Again, The Biggest Unix Security Loophole, The monospace Web, What a FreeBSD kernel message about your bridge means, Installing FreeBSD on a HP 250 G9, Networking for System Administrators, and more.","date_published":"2025-03-06T09:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/56687453-cb0c-4a65-9235-68a9816b22e2.mp3","mime_type":"audio/mpeg","size_in_bytes":46028928,"duration_in_seconds":2876}]},{"id":"f0d54c0d-d906-41d5-bd19-01d14030d46c","title":"600: The big 600","url":"https://www.bsdnow.tv/600","content_text":"Lead Asahi Developer stands down, moderators reminiscing about joining the podcast, Support for the Radxa Orian O6 board in OpenBSD, FreeBSD and hi-fi audio setup: bit-perfect, equalizer, real-time, OpenBGPD 8.8 released, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nTopics\n\n\nHector Martin stands down as lead developer on Asahi Linux\n\n\nNo forward progress for Rust to be given first class status in the kernel\nHaving to maintain a thousand plus patches against a fast moving upstream\nproject (Linux Kernel)\nDwindling funds\nWhat does this mean for sister projects like OpenBSD?\n\n\n\n600th episode flash back\n\n\nWhen did you come across BSDNow?\nWhat are some of your highlights?\nWhere are we going in the future...?\nWhat would we like to do for the show as hosts. Pie in the sky thinking and discussion.\n\n\nRound Up\n\n\nSupport for the Radxa Orian O6 board in\nOpenBSD\n\n\nAs well, the NetBSD project is trying to bring up this board\nConversation around the state of ARM64 SoC and options\n\nLibreSSL is not affected by the OpenSSL\nvulnerabilities\nannounced today.\nFreeBSD and hi-fi audio setup: bit-perfect, equalizer,\nreal-time\nOpenBGPD 8.8\nreleased\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nThe Most Important Question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eLead Asahi Developer stands down, moderators reminiscing about joining the podcast, Support for the Radxa Orian O6 board in OpenBSD, FreeBSD and hi-fi audio setup: bit-perfect, equalizer, real-time, OpenBGPD 8.8 released, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eTopics\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://asahilinux.org/2025/02/passing-the-torch/\" rel=\"nofollow\"\u003eHector Martin stands down as lead developer on Asahi Linux\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eNo forward progress for Rust to be given first class status in the kernel\u003c/li\u003e\n\u003cli\u003eHaving to maintain a thousand plus patches against a fast moving upstream\nproject (Linux Kernel)\u003c/li\u003e\n\u003cli\u003eDwindling funds\u003c/li\u003e\n\u003cli\u003eWhat does this mean for sister projects like OpenBSD?\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003e600th episode flash back\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhen did you come across BSDNow?\u003c/li\u003e\n\u003cli\u003eWhat are some of your highlights?\u003c/li\u003e\n\u003cli\u003eWhere are we going in the future...?\u003c/li\u003e\n\u003cli\u003eWhat would we like to do for the show as hosts. Pie in the sky thinking and discussion.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eRound Up\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-arm\u0026m=173823317816570\u0026w=2\" rel=\"nofollow\"\u003eSupport for the Radxa Orian O6 board in\nOpenBSD\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs well, the NetBSD project is trying to bring up this board\u003c/li\u003e\n\u003cli\u003eConversation around the state of ARM64 SoC and options\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLibreSSL is not affected by the \u003ca href=\"https://www.securityweek.com/high-severity-openssl-vulnerability-found-by-apple-allows-mitm-attacks/\" rel=\"nofollow\"\u003eOpenSSL\nvulnerabilities\u003c/a\u003e\nannounced today.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://m4c.pl/blog/freebsd-audio-setup-bitperfect-equalizer-realtime/\" rel=\"nofollow\"\u003eFreeBSD and hi-fi audio setup: bit-perfect, equalizer,\nreal-time\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20250207192657\" rel=\"nofollow\"\u003eOpenBGPD 8.8\nreleased\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/600/feedback/jt%20-%20the_most_important_question.md\" rel=\"nofollow\"\u003eThe Most Important Question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Lead Asahi Developer stands down, moderators reminiscing about joining the podcast, Support for the Radxa Orian O6 board in OpenBSD, FreeBSD and hi-fi audio setup: bit-perfect, equalizer, real-time, OpenBGPD 8.8 released, and more","date_published":"2025-02-27T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f0d54c0d-d906-41d5-bd19-01d14030d46c.mp3","mime_type":"audio/mpeg","size_in_bytes":71599488,"duration_in_seconds":4474}]},{"id":"c85482cc-e352-4131-8f1b-3d3bbc73567f","title":"599: Core Infrastructure Control","url":"https://www.bsdnow.tv/599","content_text":"Controlling Your Core Infrastructure: DNS, Laptop Support and Usability Project Update, FreeBSD at FOSDEM 2025, Uploading a message to an IMAP server using curl, The Death of Email Forwarding, Cruising a VPS at OpenBSD Amsterdam, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nControlling Your Core Infrastructure: DNS\n\n\n\nLaptop Support and Usability Project Update: First Monthly Report \u0026amp; Community Initiatives\n\n\n\nNews Roundup\n\nFreeBSD at FOSDEM 2025\n\n\n\nUploading a message to an IMAP server using curl\n\n\n\nThe Death of Email Forwarding\n\n\n\nCruising a VPS at OpenBSD Amsterdam\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eControlling Your Core Infrastructure: DNS, Laptop Support and Usability Project Update, FreeBSD at FOSDEM 2025, Uploading a message to an IMAP server using curl, The Death of Email Forwarding, Cruising a VPS at OpenBSD Amsterdam, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/controlling-core-infrastructure-dns-server-setup/\" rel=\"nofollow\"\u003eControlling Your Core Infrastructure: DNS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/laptop-support-and-usability-project-update-first-monthly-report-community-initiatives/\" rel=\"nofollow\"\u003eLaptop Support and Usability Project Update: First Monthly Report \u0026amp; Community Initiatives\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-at-fosdem-2025/\" rel=\"nofollow\"\u003eFreeBSD at FOSDEM 2025\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jpmens.net/2025/01/23/uploading-a-message-to-an-imap-server-using-curl/\" rel=\"nofollow\"\u003eUploading a message to an IMAP server using curl\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.mythic-beasts.com/blog/2025/01/29/the-death-of-email-forwarding/\" rel=\"nofollow\"\u003eThe Death of Email Forwarding\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2025/cruising-a-vps-at-openbsd-amsterdam/\" rel=\"nofollow\"\u003eCruising a VPS at OpenBSD Amsterdam\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Controlling Your Core Infrastructure: DNS, Laptop Support and Usability Project Update, FreeBSD at FOSDEM 2025, Uploading a message to an IMAP server using curl, The Death of Email Forwarding, Cruising a VPS at OpenBSD Amsterdam, and more","date_published":"2025-02-20T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c85482cc-e352-4131-8f1b-3d3bbc73567f.mp3","mime_type":"audio/mpeg","size_in_bytes":58889472,"duration_in_seconds":3680}]},{"id":"19a5739c-2755-4cee-a0e0-8803f3bc9cbc","title":"598: UFS1 up-to-date","url":"https://www.bsdnow.tv/598","content_text":"Key Considerations for Benchmarking Network Storage Performance, OpenZFS 2.3.0 available, Updates on AsiaBSDcon, GhostBSD Desktop Conference, Recovering from external zroot, Create a new issue in a Github repository with Ansible, Stories I refuse to believe, date limit in UFS1 filesystem extended, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nKey Considerations for Benchmarking Network Storage Performance\n\n\n\nOpenZFS 2.3.0 available\n\nNews Roundup\n\nUpdates on AsiaBSDCon 2025 - Cancelled - \n\n\n\nGhostBSD Desktop Conference\n\n\n\nRecovering from external zroot\n\n\n\nCreate a new issue in a Github repository with Ansible\n\n\n\nStories I refuse to believe\n\n\n\nDefer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\nFeedback - Nelson - Ada/GCC\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eKey Considerations for Benchmarking Network Storage Performance, OpenZFS 2.3.0 available, Updates on AsiaBSDcon, GhostBSD Desktop Conference, Recovering from external zroot, Create a new issue in a Github repository with Ansible, Stories I refuse to believe, date limit in UFS1 filesystem extended, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/considerations-benchmarking-network-storage-performance/\" rel=\"nofollow\"\u003eKey Considerations for Benchmarking Network Storage Performance\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/openzfs/zfs/releases/tag/zfs-2.3.0\" rel=\"nofollow\"\u003eOpenZFS 2.3.0 available\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.asiabsdcon.org/pipermail/announce/2025-January/000046.html\" rel=\"nofollow\"\u003eUpdates on AsiaBSDCon 2025 - Cancelled - \u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.phoronix.com/news/BSD-Desktop-Conference-GhostBSD\" rel=\"nofollow\"\u003eGhostBSD Desktop Conference\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://adventurist.me/posts/00350\" rel=\"nofollow\"\u003eRecovering from external zroot\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jpmens.net/2025/01/25/create-a-new-issue-in-a-github-repository/\" rel=\"nofollow\"\u003eCreate a new issue in a Github repository with Ansible\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://flak.tedunangst.com/post/stories-i-refuse-to-believe\" rel=\"nofollow\"\u003eStories I refuse to believe\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://cgit.freebsd.org/src/commit/?id=1111a44301da39d7b7459c784230e1405e8980f8\" rel=\"nofollow\"\u003eDefer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/598/feedback/Nelson%20Feedback.md\" rel=\"nofollow\"\u003eFeedback - Nelson - Ada/GCC\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Key Considerations for Benchmarking Network Storage Performance, OpenZFS 2.3.0 available, Updates on AsiaBSDcon, GhostBSD Desktop Conference, Recovering from external zroot, Create a new issue in a Github repository with Ansible, Stories I refuse to believe, date limit in UFS1 filesystem extended, and more","date_published":"2025-02-13T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/19a5739c-2755-4cee-a0e0-8803f3bc9cbc.mp3","mime_type":"audio/mpeg","size_in_bytes":63105024,"duration_in_seconds":3944}]},{"id":"d45f0603-f1a4-4fe7-b5c7-f1fac7e618cf","title":"597: OpenBSD FRAME sockets","url":"https://www.bsdnow.tv/597","content_text":"The Do-Not-Stab flag in the HTTP Header, FreeBSD jail host with multiple local networks, Generative AI is for the idea guys, Static dual stack networking on OmniOS Solaris Zones, FRAME sockets added to OpenBSD, The problem with combining DNS CNAME records and anything else, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n(due to excessive use of the F-bomb, perhaps we should somewhat censor it... You can do so in words... or I can use Tom's favorite Frequency tone to do it in post). You decide and let me know what you think would be funnier.)\nAlso I'm hoping for some good commentary from you guys on this one. :P\n\nThe Do-Not-Stab flag in the HTTP Header\n\n\n\nFreeBSD jail host with multiple local networks\n\n\n\nNews Roundup\n\nGenerative AI is for the idea guys\n\n\n\nStatic dual stack networking on OmniOS Solaris Zones\n\n\n\nFRAME sockets added to OpenBSD\n\n\n\nThe problem with combining DNS CNAME records and anything else\n\n\n\nConference Bits\n\n\nBSD-NL\nBSDCan\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe Do-Not-Stab flag in the HTTP Header, FreeBSD jail host with multiple local networks, Generative AI is for the idea guys, Static dual stack networking on OmniOS Solaris Zones, FRAME sockets added to OpenBSD, The problem with combining DNS CNAME records and anything else, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e(due to excessive use of the F-bomb, perhaps we should somewhat censor it... You can do so in words... or I can use Tom\u0026#39;s favorite Frequency tone to do it in post). You decide and let me know what you think would be funnier.)\u003cbr\u003e\nAlso I\u0026#39;m hoping for some good commentary from you guys on this one. :P\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.5snb.club/posts/2023/do-not-stab/\" rel=\"nofollow\"\u003eThe Do-Not-Stab flag in the HTTP Header\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://savagedlight.me/2014/03/07/freebsd-jail-host-with-multiple-local-networks/\" rel=\"nofollow\"\u003eFreeBSD jail host with multiple local networks\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://rachsmith.com/ai-is-for-the-idea-guys/\" rel=\"nofollow\"\u003eGenerative AI is for the idea guys\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/static-dual-stack-networking-on-omnios-solaris-zones/\" rel=\"nofollow\"\u003eStatic dual stack networking on OmniOS Solaris Zones\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20241219080430\" rel=\"nofollow\"\u003eFRAME sockets added to OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/DNSCNAMEAndOthersWhyNot\" rel=\"nofollow\"\u003eThe problem with combining DNS CNAME records and anything else\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eConference Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bsdnl.nl/\" rel=\"nofollow\"\u003eBSD-NL\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdcan.org/2025/\" rel=\"nofollow\"\u003eBSDCan\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The Do-Not-Stab flag in the HTTP Header, FreeBSD jail host with multiple local networks, Generative AI is for the idea guys, Static dual stack networking on OmniOS Solaris Zones, FRAME sockets added to OpenBSD, The problem with combining DNS CNAME records and anything else, and more","date_published":"2025-02-06T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d45f0603-f1a4-4fe7-b5c7-f1fac7e618cf.mp3","mime_type":"audio/mpeg","size_in_bytes":49006464,"duration_in_seconds":3062}]},{"id":"d8a12e80-5354-4428-9f66-d7d401df7ddd","title":"596: Globbing /etc","url":"https://www.bsdnow.tv/596","content_text":"Ridding my home network of IP addresses, Tools for Identifying and Resolving Storage Bottlenecks, OpenBGPD 8.7 released, Let's port the GNAT Ada compiler to macOS/aarch64, Modify an OmniOS service parameters, The history and use of /etc/glob in early Unixes, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nRidding my home network of IP addresses\n\n\n\nTools for Identifying and Resolving Storage Bottlenecks\n\n\n\nNews Roundup\n\nOpenBGPD 8.7 released\n\n\n\nLet's port the GNAT Ada compiler to macOS/aarch64\n\n\n\nModify an OmniOS service parameters\n\n\n\nThe history and use of /etc/glob in early Unixes\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nNelson - TUHS \n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eRidding my home network of IP addresses, Tools for Identifying and Resolving Storage Bottlenecks, OpenBGPD 8.7 released, Let\u0026#39;s port the GNAT Ada compiler to macOS/aarch64, Modify an OmniOS service parameters, The history and use of /etc/glob in early Unixes, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://gist.github.com/jmason/aabd9d3acc86d9098654e8559e93b707\" rel=\"nofollow\"\u003eRidding my home network of IP addresses\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/managing-tracking-storage-performance-openzfs-bottlenecks/\" rel=\"nofollow\"\u003eTools for Identifying and Resolving Storage Bottlenecks\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20241218195732\" rel=\"nofollow\"\u003eOpenBGPD 8.7 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/20250112.html\" rel=\"nofollow\"\u003eLet\u0026#39;s port the GNAT Ada compiler to macOS/aarch64\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2025/modify-an-omnios-service-parameters/\" rel=\"nofollow\"\u003eModify an OmniOS service parameters\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/EtcGlobHistory\" rel=\"nofollow\"\u003eThe history and use of /etc/glob in early Unixes\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/596/feedback/nelson-tuhs.md\" rel=\"nofollow\"\u003eNelson - TUHS \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Ridding my home network of IP addresses, Tools for Identifying and Resolving Storage Bottlenecks, OpenBGPD 8.7 released, Let's port the GNAT Ada compiler to macOS/aarch64, Modify an OmniOS service parameters, The history and use of /etc/glob in early Unixes, and more","date_published":"2025-01-30T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d8a12e80-5354-4428-9f66-d7d401df7ddd.mp3","mime_type":"audio/mpeg","size_in_bytes":49622784,"duration_in_seconds":3101}]},{"id":"2773a8f7-f763-4055-a36b-f722e1b273e6","title":"595: Arc: the Triumph","url":"https://www.bsdnow.tv/595","content_text":"Applying the ARC Algorithm to the ARC, Advancing Cloud Native Containers on FreeBSD: Podman Testing Highlights, Running Web Browsers in FreeBSD Jail, Fixing pf not allowing IPv6 traffic on FreeBSD, Minitel: The Online World France Built Before the Web, Why Google Stores Billions of Lines of Code in a Single Repository, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nApplying the ARC Algorithm to the ARC\n\n\n\nAdvancing Cloud Native Containers on FreeBSD: Podman Testing Highlights\n\n\n\nNews Roundup\n\nRunning Web Browsers in FreeBSD Jail\n\n\n\nFixing pf not allowing IPv6 traffic on FreeBSD\n\n\n\nMinitel: The Online World France Built Before the Web\n\n\n\nWhy Google Stores Billions of Lines of Code in a Single Repository\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nSam - EDR Support\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eApplying the ARC Algorithm to the ARC, Advancing Cloud Native Containers on FreeBSD: Podman Testing Highlights, Running Web Browsers in FreeBSD Jail, Fixing pf not allowing IPv6 traffic on FreeBSD, Minitel: The Online World France Built Before the Web, Why Google Stores Billions of Lines of Code in a Single Repository, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/applying-the-arc-algorithm-to-the-arc/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eApplying the ARC Algorithm to the ARC\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/advancing-cloud-native-containers-on-freebsd-podman-testing-highlights/\" rel=\"nofollow\"\u003eAdvancing Cloud Native Containers on FreeBSD: Podman Testing Highlights\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://tumfatig.net/2024/running-web-browsers-in-freebsd-jail/\" rel=\"nofollow\"\u003eRunning Web Browsers in FreeBSD Jail\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ncartron.org/fixing-pf-not-allowing-ipv6-traffic-on-freebsd.html\" rel=\"nofollow\"\u003eFixing pf not allowing IPv6 traffic on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://spectrum.ieee.org/minitel-the-online-world-france-built-before-the-web\" rel=\"nofollow\"\u003eMinitel: The Online World France Built Before the Web\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://cacm.acm.org/research/why-google-stores-billions-of-lines-of-code-in-a-single-repository/\" rel=\"nofollow\"\u003eWhy Google Stores Billions of Lines of Code in a Single Repository\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/595/feedback/Sam%20-%20EDR%20Support.md\" rel=\"nofollow\"\u003eSam - EDR Support\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Applying the ARC Algorithm to the ARC, Advancing Cloud Native Containers on FreeBSD: Podman Testing Highlights, Running Web Browsers in FreeBSD Jail, Fixing pf not allowing IPv6 traffic on FreeBSD, Minitel: The Online World France Built Before the Web, Why Google Stores Billions of Lines of Code in a Single Repository, and more","date_published":"2025-01-23T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2773a8f7-f763-4055-a36b-f722e1b273e6.mp3","mime_type":"audio/mpeg","size_in_bytes":104050944,"duration_in_seconds":6503}]},{"id":"d9d3402b-e9ab-4a53-8865-04a1bb8ae732","title":"594: Name that Domain","url":"https://www.bsdnow.tv/594","content_text":"Security Audit of the Capsicum and bhyve Subsystems, ZFS on Linux and block IO limits show some limits of being out of the kernel, NetBSD on a ROCK64 Board, Domain Naming, BSDCan 2025 CFP, The Internet Gopher from Minnesota, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nRoundup Storage and Network Diagnostics\n\n\n\nSecurity Audit of the\nCapsicum and bhyve\nSubsystems\n\n\n\nNews Roundup\n\nZFS on Linux and block IO limits show some limits of being out of the kernel\n\n\n\nNetBSD on a ROCK64 Board\n\n\n\nDomain Naming\n\n\n\nBSDCan 2025 CFP\n\n\n\nThe Internet Gopher from Minnesota\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nBrendan - MinIO\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eSecurity Audit of the Capsicum and bhyve Subsystems, ZFS on Linux and block IO limits show some limits of being out of the kernel, NetBSD on a ROCK64 Board, Domain Naming, BSDCan 2025 CFP, The Internet Gopher from Minnesota, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/winter_2024_roundup_storage_and_network_diagnostics/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eRoundup Storage and Network Diagnostics\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/wp-content/uploads/2024/11/2024_Code_Audit_Capsicum_Bhyve_FreeBSD_Foundation.pdf\" rel=\"nofollow\"\u003eSecurity Audit of the\u003cbr\u003e\nCapsicum and bhyve\u003cbr\u003e\nSubsystems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxVersusBlockIOLimits\" rel=\"nofollow\"\u003eZFS on Linux and block IO limits show some limits of being out of the kernel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://simonevellei.com/blog/posts/netbsd-on-a-rock64-board/\" rel=\"nofollow\"\u003eNetBSD on a ROCK64 Board\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://ambient.institute/domain-naming/\" rel=\"nofollow\"\u003eDomain Naming\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.bsdcan.org/2025/papers.html\" rel=\"nofollow\"\u003eBSDCan 2025 CFP\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.abortretry.fail/p/the-internet-gopher-from-minnesota\" rel=\"nofollow\"\u003eThe Internet Gopher from Minnesota\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/594/feedback/Brendan%20-%20minio.md\" rel=\"nofollow\"\u003eBrendan - MinIO\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Security Audit of the Capsicum and bhyve Subsystems, ZFS on Linux and block IO limits show some limits of being out of the kernel, NetBSD on a ROCK64 Board, Domain Naming, BSDCan 2025 CFP, The Internet Gopher from Minnesota, and more","date_published":"2025-01-16T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d9d3402b-e9ab-4a53-8865-04a1bb8ae732.mp3","mime_type":"audio/mpeg","size_in_bytes":67824384,"duration_in_seconds":4239}]},{"id":"883c889f-8d16-4519-9be7-b863d68902e4","title":"593: rc.conf Validator","url":"https://www.bsdnow.tv/593","content_text":"FreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO’s Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD replaces sendmail with dma\n\n\n\nWhy We Use FreeBSD Over Linux: A CTO’s Perspective\n\n\n\nNews Roundup\n\nHow I fell in love with OpenBSD\n\n\n\nA GDC package for macOS/aarch64\n\n\n\nValidate Your FreeBSD rc.conf\n\n\n\nReplacing Proxmox with FreeBSD and Bhyve\n\n\n\nOPNsense 24.7.10 released\n\n\n\nPrinting With FreeBSD\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nChristian - Deprecated vs Depreciated\n\n\n\n\nProducer Note\n\n\nOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that.\nAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO’s Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd14-replaces-sendmail-with-dma/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eFreeBSD replaces sendmail with dma\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dzone.com/articles/why-we-use-freebsd-over-linux-a-ctos-perspective\" rel=\"nofollow\"\u003eWhy We Use FreeBSD Over Linux: A CTO’s Perspective\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://h3artbl33d.nl/blog/how-i-fell-in-love-with-openbsd\" rel=\"nofollow\"\u003eHow I fell in love with OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/\" rel=\"nofollow\"\u003eA GDC package for macOS/aarch64\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dev.to/scovl/validate-your-freebsd-rcconf-e94\" rel=\"nofollow\"\u003eValidate Your FreeBSD rc.conf\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://abnml.com/blog/2024/11/26/replacing-proxmox-with-freebsd-and-bhyve/\" rel=\"nofollow\"\u003eReplacing Proxmox with FreeBSD and Bhyve\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=44413.0\" rel=\"nofollow\"\u003eOPNsense 24.7.10 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.smithfamily.org.uk/posts/2024/11/freebsd_print/\" rel=\"nofollow\"\u003ePrinting With FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/593/feedback/Christian%20-%20Deprecated%20vs%20Depreciated.md\" rel=\"nofollow\"\u003eChristian - Deprecated vs Depreciated\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eProducer Note\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there\u0026#39;s nothing I can do about that, but I wanted everyone to be aware that.\u003c/li\u003e\n\u003cli\u003eAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO’s Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more","date_published":"2025-01-09T11:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/883c889f-8d16-4519-9be7-b863d68902e4.mp3","mime_type":"audio/mpeg","size_in_bytes":55485696,"duration_in_seconds":3467}]},{"id":"2ecb01c8-6c1f-4c02-a29f-0cd773b80736","title":"592: Wohoo, FreeBSD 14.2","url":"https://www.bsdnow.tv/592","content_text":"ZFS Storage Fault Management, FreeBSD 14.2-RELEASE Announcement, I feel that NAT is inevitable even with IPv6, Spell checking in Vim, OpenBSD Memory Conflict Messages, The Biggest Shell Programs in the World, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nZFS Storage Fault Management\n\n\n\nFreeBSD 14.2-RELEASE Announcement\n\n\n\nNews Roundup\n\nI feel that NAT is inevitable even with IPv6\n\n\n\nSpell checking in Vim\n\n\n\nOpenBSD Memory Conflict Messages\n\n\n\nThe Biggest Shell Programs in the World\n\n\n\nBeastie Bits\n\n\nThe Connectivity of Things: Network Cultures since 1832\nInitial list of 21 EuroBSDcon 2024 videos released\n-current now has more flexible performance policy\nOpenBSD 5.1 on Sun Ultra 5\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nhttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/592/feedback/Phillip%20-%20regressions.md\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eZFS Storage Fault Management, FreeBSD 14.2-RELEASE Announcement, I feel that NAT is inevitable even with IPv6, Spell checking in Vim, OpenBSD Memory Conflict Messages, The Biggest Shell Programs in the World, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-storage-fault-management-linux/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eZFS Storage Fault Management\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/releases/14.2R/announce/\" rel=\"nofollow\"\u003eFreeBSD 14.2-RELEASE Announcement\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/IPv6AndStillHavingNAT\" rel=\"nofollow\"\u003eI feel that NAT is inevitable even with IPv6\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/spell-checking-in-vim/\" rel=\"nofollow\"\u003eSpell checking in Vim\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/OpenBSDMemoryConflictMessages\" rel=\"nofollow\"\u003eOpenBSD Memory Conflict Messages\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/oils-for-unix/oils/wiki/The-Biggest-Shell-Programs-in-the-World\" rel=\"nofollow\"\u003eThe Biggest Shell Programs in the World\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://direct.mit.edu/books/oa-monograph/5866/The-Connectivity-of-ThingsNetwork-Cultures-since\" rel=\"nofollow\"\u003eThe Connectivity of Things: Network Cultures since 1832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20241130184249\" rel=\"nofollow\"\u003eInitial list of 21 EuroBSDcon 2024 videos released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20241129093132\" rel=\"nofollow\"\u003e-current now has more flexible performance policy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eggflix.foolbazar.eu/w/fa211a4f-6984-4c03-a6d2-b8c329d9459d\" rel=\"nofollow\"\u003eOpenBSD 5.1 on Sun Ultra 5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/592/feedback/Phillip%20-%20regressions.md\" rel=\"nofollow\"\u003ehttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/592/feedback/Phillip%20-%20regressions.md\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"ZFS Storage Fault Management, FreeBSD 14.2-RELEASE Announcement, I feel that NAT is inevitable even with IPv6, Spell checking in Vim, OpenBSD Memory Conflict Messages, The Biggest Shell Programs in the World, and more","date_published":"2025-01-02T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2ecb01c8-6c1f-4c02-a29f-0cd773b80736.mp3","mime_type":"audio/mpeg","size_in_bytes":59144448,"duration_in_seconds":3696}]},{"id":"4e0204d7-a10a-49be-9941-f68ea53c06c1","title":"591: The Three Wise Men (hosts)","url":"https://www.bsdnow.tv/591","content_text":"In this special episode, we are interviewing ourselves with the questions that out audience asked us many moons ago. Stay tuned for some insights about hobbies, all things computers, projects, and a whole lot more. Have fun and happy holidays!\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nProducer Note\n\n\nOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that.\nAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eIn this special episode, we are interviewing ourselves with the questions that out audience asked us many moons ago. Stay tuned for some insights about hobbies, all things computers, projects, and a whole lot more. Have fun and happy holidays!\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eProducer Note\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there\u0026#39;s nothing I can do about that, but I wanted everyone to be aware that.\u003c/li\u003e\n\u003cli\u003eAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"In this special episode, we are interviewing ourselves with the questions that out audience asked us many moons ago. Stay tuned for some insights about hobbies, all things computers, projects, and a whole lot more. Have fun and happy holidays!","date_published":"2024-12-26T00:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4e0204d7-a10a-49be-9941-f68ea53c06c1.mp3","mime_type":"audio/mpeg","size_in_bytes":68937600,"duration_in_seconds":4308}]},{"id":"9d9a5838-ecb8-4f3d-b67e-d31a358ea5e4","title":"590: Single, not sorry","url":"https://www.bsdnow.tv/590","content_text":"In this episode, Benedict shows some of the tools he loves to use including Markdown (producing PDFs and other docs using Pandoc), AWK, and Graphviz. A lot of tutorials and getting-started links in this practical-oriented episode for you.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n\n\n\nThe Markdown Guide\nThe Pandoc Website\nUsing Pandoc and Typst to Produce\nPDFs\nEisvogel LaTeX Pandoc template\n\n\n\n\nNews Roundup\n\n\nAwk in 20 Minutes\nAwk by Example\n\n\n\n\n\nW3 Schools Tutorials\n\n\n\n\n\nThe dot Guide\nIntroduction to Graphviz\nBrowser-based Graphviz Editor SketchViz\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nProducer Note\n\n\nOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that.\nAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eIn this episode, Benedict shows some of the tools he loves to use including Markdown (producing PDFs and other docs using Pandoc), AWK, and Graphviz. A lot of tutorials and getting-started links in this practical-oriented episode for you.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.markdownguide.org/basic-syntax/\" rel=\"nofollow\"\u003eThe Markdown Guide\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://pandoc.org\" rel=\"nofollow\"\u003eThe Pandoc Website\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://imaginarytext.ca/posts/2024/pandoc-typst-tutorial\" rel=\"nofollow\"\u003eUsing Pandoc and Typst to Produce\u003cbr\u003e\nPDFs\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/enhuiz/eisvogel\" rel=\"nofollow\"\u003eEisvogel LaTeX Pandoc template\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ferd.ca/awk-in-20-minutes.html\" rel=\"nofollow\"\u003eAwk in 20 Minutes\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://developer.ibm.com/tutorials/l-awk1/\" rel=\"nofollow\"\u003eAwk by Example\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.w3schools.com\" rel=\"nofollow\"\u003eW3 Schools Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://graphviz.org/pdf/dotguide.pdf\" rel=\"nofollow\"\u003eThe dot Guide\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ncona.com/2020/06/create-diagrams-with-code-using-graphviz/\" rel=\"nofollow\"\u003eIntroduction to Graphviz\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://sketchviz.com/\" rel=\"nofollow\"\u003eBrowser-based Graphviz Editor SketchViz\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eProducer Note\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there\u0026#39;s nothing I can do about that, but I wanted everyone to be aware that.\u003c/li\u003e\n\u003cli\u003eAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"In this episode, Benedict shows some of the tools he loves to use including Markdown (producing PDFs and other docs using Pandoc), AWK, and Graphviz. A lot of tutorials and getting-started links in this practical-oriented episode for you.","date_published":"2024-12-19T00:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9d9a5838-ecb8-4f3d-b67e-d31a358ea5e4.mp3","mime_type":"audio/mpeg","size_in_bytes":47339520,"duration_in_seconds":2958}]},{"id":"e30d8935-1e67-4f45-8ff5-00690f626b49","title":"589: The buffering pipe","url":"https://www.bsdnow.tv/589","content_text":"Open-Source Software Is in Crisis, A Brief History of Cyrix, Userland Disk I/O, OPNsense 24.7.9 released, GhostBSD 24.10.1 Is Now Available, Why pipes sometimes get \"stuck\": buffering, Keep your OmniOS server time synced, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpen-Source Software Is in Crisis\n\n\n\nA Brief History of Cyrix\n\n\n\nNews Roundup\n\nUserland Disk I/O\n\n\n\nOPNsense 24.7.9 released\n\n\n\nGhostBSD 24.10.1 Is Now Available\n\n\n\nWhy pipes sometimes get \"stuck\": buffering\n\n\n\nKeep your OmniOS server time synced\n\n\n\nBeastie Bits\n\n\n\"I'll take 2\" - Solidigm introduces a 122TB Drive, the World’s Highest Capacity PCIe SSDs\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nIan - Thoughts\n\n\n\n\nProducer Note\n\n\nOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that.\nAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpen-Source Software Is in Crisis, A Brief History of Cyrix, Userland Disk I/O, OPNsense 24.7.9 released, GhostBSD 24.10.1 Is Now Available, Why pipes sometimes get \u0026quot;stuck\u0026quot;: buffering, Keep your OmniOS server time synced, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://spectrum.ieee.org/open-source-crisis\" rel=\"nofollow\"\u003eOpen-Source Software Is in Crisis\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.abortretry.fail/p/a-brief-history-of-cyrix\" rel=\"nofollow\"\u003eA Brief History of Cyrix\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://transactional.blog/how-to-learn/disk-io\" rel=\"nofollow\"\u003eUserland Disk I/O\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=44133.0\" rel=\"nofollow\"\u003eOPNsense 24.7.9 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://ghostbsd.org/news/GhostBSD_24.10.1_Is_Now_Available\" rel=\"nofollow\"\u003eGhostBSD 24.10.1 Is Now Available\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jvns.ca/blog/2024/11/29/why-pipes-get-stuck-buffering/\" rel=\"nofollow\"\u003eWhy pipes sometimes get \u0026quot;stuck\u0026quot;: buffering\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://tumfatig.net/2024/keep-your-omnios-server-time-synced/\" rel=\"nofollow\"\u003eKeep your OmniOS server time synced\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://news.solidigm.com/en-WW/243441-solidigm-122tb-drive\" rel=\"nofollow\"\u003e\u0026quot;I\u0026#39;ll take 2\u0026quot; - Solidigm introduces a 122TB Drive, the World’s Highest Capacity PCIe SSDs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/589/feedback/ian%20-%20toughts.md\" rel=\"nofollow\"\u003eIan - Thoughts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eProducer Note\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eOnce we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there\u0026#39;s nothing I can do about that, but I wanted everyone to be aware that.\u003c/li\u003e\n\u003cli\u003eAlso once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Open-Source Software Is in Crisis, A Brief History of Cyrix, Userland Disk I/O, OPNsense 24.7.9 released, GhostBSD 24.10.1 Is Now Available, Why pipes sometimes get \"stuck\": buffering, Keep your OmniOS server time synced, and more","date_published":"2024-12-12T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e30d8935-1e67-4f45-8ff5-00690f626b49.mp3","mime_type":"audio/mpeg","size_in_bytes":56143488,"duration_in_seconds":3508}]},{"id":"786b8b40-5218-4ab8-b02c-65265b026e4e","title":"588: PGP Alternatives","url":"https://www.bsdnow.tv/588","content_text":"Deploying pNFS file sharing with FreeBSD, What To Use Instead of PGP, The slow evaporation of the FOSS surplus, I feel that NAT is inevitable even with IPv6, Spell checking in Vim, Iconic consoles of the IBM System/360 mainframes, 55 years old, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDeploying pNFS file sharing with FreeBSD\n\n\n\nWhat To Use Instead of PGP\n\n\n\nThe slow evaporation of the FOSS surplus\n\n\n\nNews Roundup\n\nFreeBSD 14 on the Desktop\n\n\n\nIconic consoles of the IBM System/360 mainframes, 55 years old\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eDeploying pNFS file sharing with FreeBSD, What To Use Instead of PGP, The slow evaporation of the FOSS surplus, I feel that NAT is inevitable even with IPv6, Spell checking in Vim, Iconic consoles of the IBM System/360 mainframes, 55 years old, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/deploying-pnfs-file-sharing-with-freebsd/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eDeploying pNFS file sharing with FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/\" rel=\"nofollow\"\u003eWhat To Use Instead of PGP\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.baldurbjarnason.com/2024/the-slow-evaporation-of-the-foss-surplus/\" rel=\"nofollow\"\u003eThe slow evaporation of the FOSS surplus\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.sacredheartsc.com/blog/freebsd-14-on-the-desktop/\" rel=\"nofollow\"\u003eFreeBSD 14 on the Desktop\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.righto.com/2019/04/iconic-consoles-of-ibm-system360.html\" rel=\"nofollow\"\u003eIconic consoles of the IBM System/360 mainframes, 55 years old\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Deploying pNFS file sharing with FreeBSD, What To Use Instead of PGP, The slow evaporation of the FOSS surplus, I feel that NAT is inevitable even with IPv6, Spell checking in Vim, Iconic consoles of the IBM System/360 mainframes, 55 years old, and more","date_published":"2024-12-05T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/786b8b40-5218-4ab8-b02c-65265b026e4e.mp3","mime_type":"audio/mpeg","size_in_bytes":61724928,"duration_in_seconds":3857}]},{"id":"ef2e89d1-2439-428c-a7f3-70121d454af6","title":"587: New filesystems category","url":"https://www.bsdnow.tv/587","content_text":"FreeBSD Quarterly Report, Welcome to the new category: filesystems, BSD Misconceptions, Notes on the compatibility of crypted passwords across Unixes in late 2024, Automating ZFS Snapshots for Peace of Mind, A few nice things in OpenZFS 2.3, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Quarterly Report\n\n\n\nNews Roundup\n\nWelcome to the new category: filesystems\n\n\n\nBSD Misconceptions\n\n\n\nNotes on the compatibility of crypted passwords across Unixes in late 2024\n\n\n\nAutomating ZFS Snapshots for Peace of Mind\n\n\n\nA few nice things in OpenZFS 2.3\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nIzzy - Misconceptions\nJohn - UNIX Graphical Desktops\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD Quarterly Report, Welcome to the new category: filesystems, BSD Misconceptions, Notes on the compatibility of crypted passwords across Unixes in late 2024, Automating ZFS Snapshots for Peace of Mind, A few nice things in OpenZFS 2.3, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/status/report-2024-07-2024-09/\" rel=\"nofollow\"\u003eFreeBSD Quarterly Report\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://news.freshports.org/2024/11/06/welcome-to-the-new-category-filesystems/\" rel=\"nofollow\"\u003eWelcome to the new category: filesystems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://izder456.tumblr.com/post/759376596551483392/bsd-misconceptions\" rel=\"nofollow\"\u003eBSD Misconceptions\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/CryptedPasswordCompatibility2024\" rel=\"nofollow\"\u003eNotes on the compatibility of crypted passwords across Unixes in late 2024\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/08/21/automating-zfs-snapshots-for-peace-of-mind/\" rel=\"nofollow\"\u003eAutomating ZFS Snapshots for Peace of Mind\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://despairlabs.com/blog/posts/2024-10-05-nice-things-in-openzfs-23/\" rel=\"nofollow\"\u003eA few nice things in OpenZFS 2.3\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/587/feedback/izzy%20-%20misconceptions.md\" rel=\"nofollow\"\u003eIzzy - Misconceptions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/587/feedback/John-UNIXGraphicalDesktops.md\" rel=\"nofollow\"\u003eJohn - UNIX Graphical Desktops\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD Quarterly Report, Welcome to the new category: filesystems, BSD Misconceptions, Notes on the compatibility of crypted passwords across Unixes in late 2024, Automating ZFS Snapshots for Peace of Mind, A few nice things in OpenZFS 2.3, and more","date_published":"2024-11-28T09:30:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ef2e89d1-2439-428c-a7f3-70121d454af6.mp3","mime_type":"audio/mpeg","size_in_bytes":48872832,"duration_in_seconds":3054}]},{"id":"7d2743e5-551b-40e8-9e97-f75d720b1ce9","title":"586: Cloud Exit Savings","url":"https://www.bsdnow.tv/586","content_text":"Our Cloud Exit Savings will not top ten million over five years, 5 Reasons Why Your ZFS Storage Benchmarks Are Wrong, The history of inetd is more interesting than I expected, OpenBSD is Hard to Show Off, bhyve on FreeBSD and VM Live Migration – Quo vadis?, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOur Cloud Exit Savings will not top ten million over five years\n\n\n\n5 Reasons Why Your ZFS Storage Benchmarks Are Wrong\n\n\n\nNews Roundup\n\nThe history of inetd is more interesting than I expected\n\n\n\nOpenBSD is Hard to Show Off\n\n\n\nbhyve on FreeBSD and VM Live Migration – Quo vadis?\n\n\n\nBeastie Bits\n\n\nGame of Trees 0.104\nNetworking for System Administrators\nFall 2024 FreeBSD Summit Day 1\nFall 2024 FreeBSD Summit Day 2\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nChris - Truenas\nBrendan - NextCloud\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOur Cloud Exit Savings will not top ten million over five years, 5 Reasons Why Your ZFS Storage Benchmarks Are Wrong, The history of inetd is more interesting than I expected, OpenBSD is Hard to Show Off, bhyve on FreeBSD and VM Live Migration – Quo vadis?, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://world.hey.com/dhh/our-cloud-exit-savings-will-now-top-ten-million-over-five-years-c7d9b5bd\" rel=\"nofollow\"\u003eOur Cloud Exit Savings will not top ten million over five years\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/5-reasons-why-your-zfs-storage-benchmarks-are-wrong/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003e5 Reasons Why Your ZFS Storage Benchmarks Are Wrong\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/InetdInterestingHistory\" rel=\"nofollow\"\u003eThe history of inetd is more interesting than I expected\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://atthis.link/blog/2024/16379.html\" rel=\"nofollow\"\u003eOpenBSD is Hard to Show Off\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://gyptazy.com/bhyve-on-freebsd-and-vm-live-migration-quo-vadis/\" rel=\"nofollow\"\u003ebhyve on FreeBSD and VM Live Migration – Quo vadis?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20241023071210\" rel=\"nofollow\"\u003eGame of Trees 0.104\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/nonfiction/networking#n4sa\" rel=\"nofollow\"\u003eNetworking for System Administrators\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jZ3mjJZEqs0\" rel=\"nofollow\"\u003eFall 2024 FreeBSD Summit Day 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/live/qCNpuK2v248\" rel=\"nofollow\"\u003eFall 2024 FreeBSD Summit Day 2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/586/feedback/chris-truenas.md\" rel=\"nofollow\"\u003eChris - Truenas\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/586/feedback/brendan-nextcloud.md\" rel=\"nofollow\"\u003eBrendan - NextCloud\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Our Cloud Exit Savings will not top ten million over five years, 5 Reasons Why Your ZFS Storage Benchmarks Are Wrong, The history of inetd is more interesting than I expected, OpenBSD is Hard to Show Off, bhyve on FreeBSD and VM Live Migration – Quo vadis?, and more","date_published":"2024-11-21T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7d2743e5-551b-40e8-9e97-f75d720b1ce9.mp3","mime_type":"audio/mpeg","size_in_bytes":62734848,"duration_in_seconds":3920}]},{"id":"137023c9-3a8f-495e-8b66-8db48e5b1ee7","title":"585: Infrastructure Administration Workstation","url":"https://www.bsdnow.tv/585","content_text":"From Proxmox to FreeBSD - Story of a Migration, FreeBSD At 30: The History And Future Of The Most Popular BSD-Based OS, Using a dedicated administration workstation for my infrastructure, LibreSSL 4.0.0 Released, Plasma6 and FreeBSD 14, Replace gnu diff, diff3, and sdiff with BSD versions, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFrom Proxmox to FreeBSD - Story of a Migration\n\n\n\nFreeBSD At 30: The History And Future Of The Most Popular BSD-Based OS\n\n\n\nNews Roundup\n\nUsing a dedicated administration workstation for my infrastructure\n\n\n\nLibreSSL 4.0.0 Released\n\n\n\nPlasma6 and FreeBSD 14\n\n\n\ngit: world - Replace gnu diff, diff3, and sdiff with BSD versions\n\n\n\n\n\nBeastie Bits\n\n- How to Upgrade FreeBSD KDE 5 to KDE 6\n\n\n***\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFrom Proxmox to FreeBSD - Story of a Migration, FreeBSD At 30: The History And Future Of The Most Popular BSD-Based OS, Using a dedicated administration workstation for my infrastructure, LibreSSL 4.0.0 Released, Plasma6 and FreeBSD 14, Replace gnu diff, diff3, and sdiff with BSD versions, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/10/21/from-proxmox-to-freebsd-story-of-a-migration/\" rel=\"nofollow\"\u003eFrom Proxmox to FreeBSD - Story of a Migration\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://hackaday.com/2024/10/28/freebsd-at-30-the-history-and-future-of-the-most-popular-bsd-based-os/\" rel=\"nofollow\"\u003eFreeBSD At 30: The History And Future Of The Most Popular BSD-Based OS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-10-19-my-admin-workstation.html\" rel=\"nofollow\"\u003eUsing a dedicated administration workstation for my infrastructure\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20241015084629\" rel=\"nofollow\"\u003eLibreSSL 4.0.0 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://euroquis.nl//kde/2024/10/08/freebsd14.html\" rel=\"nofollow\"\u003ePlasma6 and FreeBSD 14\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.dragonflybsd.org/pipermail/commits/2024-October/923274.html\" rel=\"nofollow\"\u003egit: world - Replace gnu diff, diff3, and sdiff with BSD versions\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003ch2\u003e- \u003ca href=\"https://www.youtube.com/watch?v=2OZtnqK3iMU\" rel=\"nofollow\"\u003eHow to Upgrade FreeBSD KDE 5 to KDE 6\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"From Proxmox to FreeBSD - Story of a Migration, FreeBSD At 30: The History And Future Of The Most Popular BSD-Based OS, Using a dedicated administration workstation for my infrastructure, LibreSSL 4.0.0 Released, Plasma6 and FreeBSD 14, Replace gnu diff, diff3, and sdiff with BSD versions, and more","date_published":"2024-11-14T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/137023c9-3a8f-495e-8b66-8db48e5b1ee7.mp3","mime_type":"audio/mpeg","size_in_bytes":47151744,"duration_in_seconds":2946}]},{"id":"ba88ee59-1fde-4f54-a013-b0a8b34ae9b3","title":"584: ZFS Copy Offloading","url":"https://www.bsdnow.tv/584","content_text":"New CIS® FreeBSD 14 Benchmark: Secure Your Systems with Expert-Guided Best Practices, Accelerating ZFS with Copy Offloading: BRT, The uncertain possible futures of Unix graphical desktops, Jailfox - Firefox in a Freebsd Jail, Make Your Own Read-Only Device With NetBSD, ex/vi/nvi editor: .exrc advanced,\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nNew CIS® FreeBSD 14 Benchmark: Secure Your Systems with Expert-Guided Best Practices\n\n\n\nAccelerating ZFS with Copy Offloading: BRT\n\n\n\nNews Roundup\n\nThe uncertain possible futures of Unix graphical desktops\n\n\n\nJailfox - Firefox in a Freebsd Jail\n\n\n\nMake Your Own Read-Only Device With NetBSD\n\n\n\nex/vi/nvi editor: .exrc file (config file) advanced topics (undocumented?): Adding comments, escaping the pipe, mapping key combinations\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nMatthew - CI CD\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eNew CIS® FreeBSD 14 Benchmark: Secure Your Systems with Expert-Guided Best Practices, Accelerating ZFS with Copy Offloading: BRT, The uncertain possible futures of Unix graphical desktops, Jailfox - Firefox in a Freebsd Jail, Make Your Own Read-Only Device With NetBSD, ex/vi/nvi editor: .exrc advanced,\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/new-cis-freebsd-14-benchmark-secure-your-systems-with-expert-guided-best-practices/\" rel=\"nofollow\"\u003eNew CIS® FreeBSD 14 Benchmark: Secure Your Systems with Expert-Guided Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/accelerating-zfs-with-copy-offloading-brt/\" rel=\"nofollow\"\u003eAccelerating ZFS with Copy Offloading: BRT\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/UnixDesktopFutures\" rel=\"nofollow\"\u003eThe uncertain possible futures of Unix graphical desktops\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/jailfox-firefox-ingithub-a-freebsd-jail.94848/\" rel=\"nofollow\"\u003eJailfox - Firefox in a Freebsd Jail\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/09/10/make-your-own-readonly-device-with-netbsd/\" rel=\"nofollow\"\u003eMake Your Own Read-Only Device With NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/ex-vi-nvi-editor-exrc-file-config-file-advanced-topics-undocumented-adding-comments-escaping-the-pipe-mapping-key-combinations.95095/\" rel=\"nofollow\"\u003eex/vi/nvi editor: .exrc file (config file) advanced topics (undocumented?): Adding comments, escaping the pipe, mapping key combinations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/584/feedback/matthew%20-%20cicd.md\" rel=\"nofollow\"\u003eMatthew - CI CD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"New CIS® FreeBSD 14 Benchmark: Secure Your Systems with Expert-Guided Best Practices, Accelerating ZFS with Copy Offloading: BRT, The uncertain possible futures of Unix graphical desktops, Jailfox - Firefox in a Freebsd Jail, Make Your Own Read-Only Device With NetBSD, ex/vi/nvi editor: .exrc advanced,","date_published":"2024-11-07T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ba88ee59-1fde-4f54-a013-b0a8b34ae9b3.mp3","mime_type":"audio/mpeg","size_in_bytes":55618176,"duration_in_seconds":3476}]},{"id":"523b42f8-cd1e-4919-a5ad-d6de0bb137a2","title":"583: A host of self-hosters","url":"https://www.bsdnow.tv/583","content_text":"Run Linux Containers on FreeBSD 14 with Podman, Open Source FreeBSD NAS: Maintenance Best Practices, Self-hosting Bitwarden / VaultWarden on FreeBSD, I most definitely should (self-host)!, My 71 TiB ZFS NAS After 10 Years and Zero Drive Failures, Make Your Own CDN With OpenBSD Base and Just 2 Packages, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD 7.6 Released\n\n\n\nOpen Source FreeBSD NAS: Maintenance Best Practices\n\n\n\nNews Roundup\n\nSelf-hosting Bitwarden / VaultWarden on FreeBSD\n\n\n\nI most definitely should (self-host)!\n\n\n\nMy 71 TiB ZFS NAS After 10 Years and Zero Drive Failures\n\n\n\nMake Your Own CDN With OpenBSD Base and Just 2 Packages\n\n\n\nBeastie Bits\n\n- BSD History archive\n\n\n***\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nMischa - feedback\nlars - feedback\nMessage from JT... the problem is spam, sometimes real messages get lost in flood of spam, if we don't cover your email within a few weeks, please email back in.\n\n\nAnd now... for some laughs, I shall share with you all, some of the delightful spam we have gotten for your entertainment.\n\n\nKim\nAlexander\nLee\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eRun Linux Containers on FreeBSD 14 with Podman, Open Source FreeBSD NAS: Maintenance Best Practices, Self-hosting Bitwarden / VaultWarden on FreeBSD, I most definitely should (self-host)!, My 71 TiB ZFS NAS After 10 Years and Zero Drive Failures, Make Your Own CDN With OpenBSD Base and Just 2 Packages, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20241007204213\" rel=\"nofollow\"\u003eOpenBSD 7.6 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/open-source-freebsd-nas-maintenance-best-practices/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eOpen Source FreeBSD NAS: Maintenance Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2024/09/30/self-hosting-bitwarden-vaultwarden-on-freebsd/\" rel=\"nofollow\"\u003eSelf-hosting Bitwarden / VaultWarden on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://michal.sapka.me/blog/2024/i-will-self-host-this-site/\" rel=\"nofollow\"\u003eI most definitely should (self-host)!\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://louwrentius.com/my-71-tib-zfs-nas-after-10-years-and-zero-drive-failures.html\" rel=\"nofollow\"\u003eMy 71 TiB ZFS NAS After 10 Years and Zero Drive Failures\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/08/29/make-your-own-cdn-openbsd/\" rel=\"nofollow\"\u003eMake Your Own CDN With OpenBSD Base and Just 2 Packages\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003ch2\u003e- \u003ca href=\"https://m.youtube.com/watch?v=a3f889FXuGw\" rel=\"nofollow\"\u003eBSD History archive\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/583/feedback/Mischa%20-%20Feedback.md\" rel=\"nofollow\"\u003eMischa - feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/tree/master/episodes/583/feedback\" rel=\"nofollow\"\u003elars - feedback\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMessage from JT... the problem is spam, sometimes real messages get lost in flood of spam, if we don\u0026#39;t cover your email within a few weeks, please email back in.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAnd now... for some laughs, I shall share with you all, some of the delightful spam we have gotten for your entertainment.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/583/feedback/kim%20-%20spam.md\" rel=\"nofollow\"\u003eKim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/583/feedback/Alexander%20-%20spam.md\" rel=\"nofollow\"\u003eAlexander\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/583/feedback/Lee%20-%20spam.md\" rel=\"nofollow\"\u003eLee\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Run Linux Containers on FreeBSD 14 with Podman, Open Source FreeBSD NAS: Maintenance Best Practices, Self-hosting Bitwarden / VaultWarden on FreeBSD, I most definitely should (self-host)!, My 71 TiB ZFS NAS After 10 Years and Zero Drive Failures, Make Your Own CDN With OpenBSD Base and Just 2 Packages, and more","date_published":"2024-10-31T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/523b42f8-cd1e-4919-a5ad-d6de0bb137a2.mp3","mime_type":"audio/mpeg","size_in_bytes":66302976,"duration_in_seconds":4143}]},{"id":"e95e7d3d-6bca-4594-a5ee-2155c7bc98ef","title":"582: Introducing ZBM","url":"https://www.bsdnow.tv/582","content_text":"Why laptop support, why now: FreeBSD’s strategic move toward broader adoption, ZBM 101: Introduction to ZFSBootMenu, How I batch apply and save one-liners, Moving an Entire FreeBSD Installation to a New Host or VM in a Few Easy Steps, How to install \"standard\" TTF Microsoft fonts, We need more zero config tools, Reasons I still love the fish shell, You Have Installed OpenBSD. Now For The Daily Tasks, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhy laptop support, why now: FreeBSD’s strategic move toward broader adoption\n\n\n\nZBM 101: Introduction to ZFSBootMenu\n\n\n\nNews Roundup\n\nHow I batch apply and save one-liners\n\n\n\nMoving an Entire FreeBSD Installation to a New Host or VM in a Few Easy Steps\n\n\n\nHow to install \"standard\" TTF Microsoft fonts\n\n\n\nWe need more zero config tools\n\n\n\nReasons I still love the fish shell\n\n\n\nYou Have Installed OpenBSD. Now For The Daily Tasks.\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nChris - choosing show items\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eWhy laptop support, why now: FreeBSD’s strategic move toward broader adoption, ZBM 101: Introduction to ZFSBootMenu, How I batch apply and save one-liners, Moving an Entire FreeBSD Installation to a New Host or VM in a Few Easy Steps, How to install \u0026quot;standard\u0026quot; TTF Microsoft fonts, We need more zero config tools, Reasons I still love the fish shell, You Have Installed OpenBSD. Now For The Daily Tasks, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/why-laptop-support-why-now-freebsds-strategic-move-toward-broader-adoption/\" rel=\"nofollow\"\u003eWhy laptop support, why now: FreeBSD’s strategic move toward broader adoption\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zbm-101-introduction-to-zfsbootmenu/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eZBM 101: Introduction to ZFSBootMenu\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://lmno.lol/alvaro/how-i-batch-apply-and-save-one-liners\" rel=\"nofollow\"\u003eHow I batch apply and save one-liners\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/09/16/moving-freebsd-installation-new-host-vm/\" rel=\"nofollow\"\u003eMoving an Entire FreeBSD Installation to a New Host or VM in a Few Easy Steps\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/how-to-install-standard-ttf-microsoft-fonts.95009/\" rel=\"nofollow\"\u003eHow to install \u0026quot;standard\u0026quot; TTF Microsoft fonts\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://arne.me/blog/we-need-more-zero-config-tools\" rel=\"nofollow\"\u003eWe need more zero config tools\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jvns.ca/blog/2024/09/12/reasons-i--still--love-fish/\" rel=\"nofollow\"\u003eReasons I still love the fish shell\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://bsdly.blogspot.com/2024/09/you-have-installed-openbsd-now-for.html\" rel=\"nofollow\"\u003eYou Have Installed OpenBSD. Now For The Daily Tasks.\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/582/feedback/Chris%20-%20choosing%20show%20items.md\" rel=\"nofollow\"\u003eChris - choosing show items\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Why laptop support, why now: FreeBSD’s strategic move toward broader adoption, ZBM 101: Introduction to ZFSBootMenu, How I batch apply and save one-liners, Moving an Entire FreeBSD Installation to a New Host or VM in a Few Easy Steps, How to install \"standard\" TTF Microsoft fonts, We need more zero config tools, Reasons I still love the fish shell, You Have Installed OpenBSD. Now For The Daily Tasks, and more","date_published":"2024-10-24T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e95e7d3d-6bca-4594-a5ee-2155c7bc98ef.mp3","mime_type":"audio/mpeg","size_in_bytes":55983744,"duration_in_seconds":3498}]},{"id":"c6329e3b-eb96-4db0-9bb0-27d65a4ecddc","title":"581: Releasing more BSDs","url":"https://www.bsdnow.tv/581","content_text":"Debunking Common Myths About FreeBSD - Part 2, FreeBSD 13.4-RELEASE Announcement, OpenBSD -current has moved to version 7.6, acpidumping,Install snac2 on FreeBSD – An ActivityPub Instance for the Fediverse, Managing dotfiles with chezmoi, Podman testing on FreeBSD, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDebunking Common Myths About FreeBSD - Part 2\n\n\n\nFreeBSD 13.4-RELEASE Announcement\nFreeBSD 14.0 end-of-life - You should have upgraded to 14.1 by now\n\n\n\nOpenBSD -current has moved to version 7.6\n\n\n\nNews Roundup\n\nacpidumping\n\n\n\nInstall snac2 on FreeBSD – An ActivityPub Instance for the Fediverse\n\n\n\nInstalling Uptime-Kuma on a FreeBSD Jail\n\n\n\nManaging dotfiles with chezmoi\n\n\n\nPodman testing on FreeBSD\n\n\n\nUndeadly Bits\n\n\nOpenSSH 9.9 released!\nOpenBSD now enforcing no invalid NUL characters in shell scripts\nEuroBSDCon 2024 presentations are now up\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nrel4x - Secure by default\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eDebunking Common Myths About FreeBSD - Part 2, FreeBSD 13.4-RELEASE Announcement, OpenBSD -current has moved to version 7.6, acpidumping,Install snac2 on FreeBSD – An ActivityPub Instance for the Fediverse, Managing dotfiles with chezmoi, Podman testing on FreeBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/debunking-common-myths-about-freebsd-2/?utm_source=BSD%20Now\u0026utm_medium=Podcast\" rel=\"nofollow\"\u003eDebunking Common Myths About FreeBSD - Part 2\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/releases/13.4R/announce/\" rel=\"nofollow\"\u003eFreeBSD 13.4-RELEASE Announcement\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://bsdsec.net/articles/freebsd-14-0-end-of-life\" rel=\"nofollow\"\u003eFreeBSD 14.0 end-of-life\u003c/a\u003e - You should have upgraded to 14.1 by now\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20240918052239\" rel=\"nofollow\"\u003eOpenBSD -current has moved to version 7.6\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://adventurist.me/posts/00325\" rel=\"nofollow\"\u003eacpidumping\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://gyptazy.com/install-snac2-on-freebsd-an-activitypub-instance-for-the-fediverse/\" rel=\"nofollow\"\u003eInstall snac2 on FreeBSD – An ActivityPub Instance for the Fediverse\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/07/22/install-uptime-kuma-freebsd-jail/\" rel=\"nofollow\"\u003eInstalling Uptime-Kuma on a FreeBSD Jail\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://stoddart.github.io/2024/09/08/managing-dotfiles-with-chezmoi.html\" rel=\"nofollow\"\u003eManaging dotfiles with chezmoi\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/oci-playground/freebsd-podman-testing\" rel=\"nofollow\"\u003ePodman testing on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eUndeadly Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240921181110\" rel=\"nofollow\"\u003eOpenSSH 9.9 released!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240924105732\" rel=\"nofollow\"\u003eOpenBSD now enforcing no invalid NUL characters in shell scripts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240924092154\" rel=\"nofollow\"\u003eEuroBSDCon 2024 presentations are now up\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/581/feedback/rel4x%20-%20Secure%20by%20default.md\" rel=\"nofollow\"\u003erel4x - Secure by default\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Debunking Common Myths About FreeBSD - Part 2, FreeBSD 13.4-RELEASE Announcement, OpenBSD -current has moved to version 7.6, acpidumping,Install snac2 on FreeBSD – An ActivityPub Instance for the Fediverse, Managing dotfiles with chezmoi, Podman testing on FreeBSD, and more","date_published":"2024-10-17T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c6329e3b-eb96-4db0-9bb0-27d65a4ecddc.mp3","mime_type":"audio/mpeg","size_in_bytes":77142272,"duration_in_seconds":3214}]},{"id":"a994539c-8d64-4bca-904d-9e2a5c7e07ae","title":"580: EuroBSDcon 2024 - Part 2","url":"https://www.bsdnow.tv/580","content_text":"Jason is still on location at EuroBSDcon getting interviews with those in the BSD Community.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nInterviews\n\nColin Percival\n\nAndrew Hewus\n\nWolfgang\n\nLiam Proven\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eJason is still on location at EuroBSDcon getting interviews with those in the BSD Community.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterviews\u003c/h2\u003e\n\n\u003ch3\u003eColin Percival\u003c/h3\u003e\n\n\u003ch3\u003eAndrew Hewus\u003c/h3\u003e\n\n\u003ch3\u003eWolfgang\u003c/h3\u003e\n\n\u003ch3\u003eLiam Proven\u003c/h3\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Jason is still on location at EuroBSDcon getting interviews with those in the BSD Community.","date_published":"2024-10-10T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a994539c-8d64-4bca-904d-9e2a5c7e07ae.mp3","mime_type":"audio/mpeg","size_in_bytes":58487040,"duration_in_seconds":3655}]},{"id":"22c6b8d0-ef8b-4925-b6a7-ea8a666dec26","title":"579: EuroBSDcon 2024","url":"https://www.bsdnow.tv/579","content_text":"Jason is on location at EuroBSDcon getting interviews with those in the BSD Community.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nInterviews\n\nVanja Cvelbar\n\nStefano Marinelli\n\nDave Cottlehuber\n\nChristos Margiolis\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n\n\nJason is on location at EuroBSDcon getting interviews with those in the BSD Community.","content_html":"\u003cp\u003eJason is on location at EuroBSDcon getting interviews with those in the BSD Community.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterviews\u003c/h2\u003e\n\n\u003ch3\u003eVanja Cvelbar\u003c/h3\u003e\n\n\u003ch3\u003eStefano Marinelli\u003c/h3\u003e\n\n\u003ch3\u003eDave Cottlehuber\u003c/h3\u003e\n\n\u003ch3\u003eChristos Margiolis\u003c/h3\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003eJason is on location at EuroBSDcon getting interviews with those in the BSD Community.\u003c/p\u003e","summary":"Jason is on location at EuroBSDcon getting interviews with those in the BSD Community.","date_published":"2024-10-03T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/22c6b8d0-ef8b-4925-b6a7-ea8a666dec26.mp3","mime_type":"audio/mpeg","size_in_bytes":54336384,"duration_in_seconds":3396}]},{"id":"9ccb83c4-7aca-44f6-85bd-8e3e3487f781","title":"578: KVM, but Smol","url":"https://www.bsdnow.tv/578","content_text":"Limiting Process Priority in a FreeBSD Jail, Why You Should Use FreeBSD, The web fun fact that domains can end in dots and canonicalization failures, Replacing postfix with dma + auth, modern unix tool list, Smol KVM, The Computers of Voyager\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Tips and Tricks: Limiting Process Priority in a FreeBSD Jail\n\n\n\nWhy You Should Use FreeBSD\n\n\n\nNews Roundup\n\nThe web fun fact that domains can end in dots and canonicalization failures\n\n\n\nReplacing postfix with dma + auth\n\n\n\nmodern unix tool list\n\n\n\nSmol KVM\n\n\n\nThe Computers of Voyager\n\n\n\nBeastie Bits\n\n\nNo unmodified files remain from original import of OpenBSD\nThe BSDCan 2024 Playlist is now complete\nUDP parallel input committed to -current\nYour browser is your Computer\nFor the member-berries\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eLimiting Process Priority in a FreeBSD Jail, Why You Should Use FreeBSD, The web fun fact that domains can end in dots and canonicalization failures, Replacing postfix with dma + auth, modern unix tool list, Smol KVM, The Computers of Voyager\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/07/11/limiting-process-priority-in-freebsd-jail/\" rel=\"nofollow\"\u003eFreeBSD Tips and Tricks: Limiting Process Priority in a FreeBSD Jail\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/why-you-should-use-freebsd/\" rel=\"nofollow\"\u003eWhy You Should Use FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/web/DomainDotsAndCanonicalization\" rel=\"nofollow\"\u003eThe web fun fact that domains can end in dots and canonicalization failures\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2024/08/02/replacing-postfix-with-dma-auth/\" rel=\"nofollow\"\u003eReplacing postfix with dma + auth\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://notes.billmill.org/computer_usage/cli_tips_and_tools/modern_unix_tool_list.html\" rel=\"nofollow\"\u003emodern unix tool list\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://adventurist.me/posts/00324\" rel=\"nofollow\"\u003eSmol KVM\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://hackaday.com/2024/05/06/the-computers-of-voyager/\" rel=\"nofollow\"\u003eThe Computers of Voyager\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20240824114631\" rel=\"nofollow\"\u003eNo unmodified files remain from original import of OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20240814053159\" rel=\"nofollow\"\u003eThe BSDCan 2024 Playlist is now complete\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240727110501\" rel=\"nofollow\"\u003eUDP parallel input committed to -current\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.exaequos.com\" rel=\"nofollow\"\u003eYour browser is your Computer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://defrag98.com\" rel=\"nofollow\"\u003eFor the member-berries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Limiting Process Priority in a FreeBSD Jail, Why You Should Use FreeBSD, The web fun fact that domains can end in dots and canonicalization failures, Replacing postfix with dma + auth, modern unix tool list, Smol KVM, The Computers of Voyager","date_published":"2024-09-26T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9ccb83c4-7aca-44f6-85bd-8e3e3487f781.mp3","mime_type":"audio/mpeg","size_in_bytes":55824384,"duration_in_seconds":3489}]},{"id":"ceb7dc79-e714-4083-b2c3-51e9e247b8ea","title":"577: Multi-Threaded LZ4","url":"https://www.bsdnow.tv/577","content_text":"New Host Introduction 🤭, From Bridging to Routing With FreeBSD, Sovereign Tech Fund to Invest €686,400 in FreeBSD Infrastructure Modernization, The Dying Computer Museum, In practice, abstractions hide their underlying details, LZ4 Compression Algorithm Gets Multi-Threaded Update, Using Windows or Linux on FreeBSD's vm-bhyve, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n[New Host Introduction]\n\n\n\nEvolving the BSD Cafe Network Setup: From Bridging to Routing With FreeBSD\n\n\n\nSovereign Tech Fund to Invest €686,400 in FreeBSD Infrastructure Modernization\n\n\n\nNews Roundup\n\nThe Dying Computer Museum\n\n\n\nIn practice, abstractions hide their underlying details\n\n\n\nLZ4 Compression Algorithm Gets Multi-Threaded Update\n\n\n\nUsing Windows or Linux on FreeBSD's vm-bhyve\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nhttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/577/feedback/Derek%20-%20Thanks.md\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eNew Host Introduction 🤭, From Bridging to Routing With FreeBSD, Sovereign Tech Fund to Invest €686,400 in FreeBSD Infrastructure Modernization, The Dying Computer Museum, In practice, abstractions hide their underlying details, LZ4 Compression Algorithm Gets Multi-Threaded Update, Using Windows or Linux on FreeBSD\u0026#39;s vm-bhyve, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e[New Host Introduction]\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/08/01/evolving-bsd-cafe-from-bridging-to-routing/\" rel=\"nofollow\"\u003eEvolving the BSD Cafe Network Setup: From Bridging to Routing With FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/sovereign-tech-fund-to-invest-e686400-in-freebsd-infrastructure-modernization/\" rel=\"nofollow\"\u003eSovereign Tech Fund to Invest €686,400 in FreeBSD Infrastructure Modernization\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://ascii.textfiles.com/archives/5672\" rel=\"nofollow\"\u003eThe Dying Computer Museum\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/AbstractionsHideUnderlyingDetails\" rel=\"nofollow\"\u003eIn practice, abstractions hide their underlying details\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://hardware.slashdot.org/story/24/07/28/0057247/lz4-compression-algorithm-gets-multi-threaded-update\" rel=\"nofollow\"\u003eLZ4 Compression Algorithm Gets Multi-Threaded Update\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://srobb.net/vm-bhyve.html\" rel=\"nofollow\"\u003eUsing Windows or Linux on FreeBSD\u0026#39;s vm-bhyve\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/577/feedback/Derek%20-%20Thanks.md\" rel=\"nofollow\"\u003ehttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/577/feedback/Derek%20-%20Thanks.md\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"New Host Introduction 🤭, From Bridging to Routing With FreeBSD, Sovereign Tech Fund to Invest €686,400 in FreeBSD Infrastructure Modernization, The Dying Computer Museum, In practice, abstractions hide their underlying details, LZ4 Compression Algorithm Gets Multi-Threaded Update, Using Windows or Linux on FreeBSD's vm-bhyve, and more","date_published":"2024-09-19T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ceb7dc79-e714-4083-b2c3-51e9e247b8ea.mp3","mime_type":"audio/mpeg","size_in_bytes":57201024,"duration_in_seconds":3575}]},{"id":"d7fcf7cf-acc7-48a6-955f-7eaf8ebe4f52","title":"576: The Forever Workaround","url":"https://www.bsdnow.tv/576","content_text":"From Cloud Chaos to FreeBSD Efficiency, August 2024 Foundation Update, Email encryption at rest on OpenBSD using dovecot and GPG, Workarounds are often forever (unless you work to make them otherwise), Remote Desktop using RDP and VNC, Iconography of the X Window System: The Boot Stipple, Plan 9 is a Uniquely Complete Operating System, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFrom Cloud Chaos to FreeBSD Efficiency\n\n\n\nAugust 2024 Foundation Update\n\n\n\nNews Roundup\n\nEmails encryption at rest on OpenBSD using dovecot and GPG\n\n\n\nWorkarounds are often forever (unless you work to make them otherwise)\n\n\n\nRemote Desktop using RDP and VNC\n\n\n\nIconography of the X Window System: The Boot Stipple\n\n\n\nPlan 9 is a Uniquely Complete Operating System\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFrom Cloud Chaos to FreeBSD Efficiency, August 2024 Foundation Update, Email encryption at rest on OpenBSD using dovecot and GPG, Workarounds are often forever (unless you work to make them otherwise), Remote Desktop using RDP and VNC, Iconography of the X Window System: The Boot Stipple, Plan 9 is a Uniquely Complete Operating System, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/07/04/from-cloud-chaos-to-freebsd-efficiency/\" rel=\"nofollow\"\u003eFrom Cloud Chaos to FreeBSD Efficiency\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/news-and-events/newsletter/august-2024-foundation-update/\" rel=\"nofollow\"\u003eAugust 2024 Foundation Update\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-08-14-automatic-emails-gpg-encryption-at-rest.html\" rel=\"nofollow\"\u003eEmails encryption at rest on OpenBSD using dovecot and GPG\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/WorkaroundsAreForeverByDefault\" rel=\"nofollow\"\u003eWorkarounds are often forever (unless you work to make them otherwise)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/remote-desktop-using-rdp-and-vnc/\" rel=\"nofollow\"\u003eRemote Desktop using RDP and VNC\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://matttproud.com/blog/posts/x-window-system-boot-stipple.html\" rel=\"nofollow\"\u003eIconography of the X Window System: The Boot Stipple\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://posixcafe.org/blogs/2024/07/27/0/\" rel=\"nofollow\"\u003ePlan 9 is a Uniquely Complete Operating System\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"From Cloud Chaos to FreeBSD Efficiency, August 2024 Foundation Update, Email encryption at rest on OpenBSD using dovecot and GPG, Workarounds are often forever (unless you work to make them otherwise), Remote Desktop using RDP and VNC, Iconography of the X Window System: The Boot Stipple, Plan 9 is a Uniquely Complete Operating System, and more","date_published":"2024-09-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d7fcf7cf-acc7-48a6-955f-7eaf8ebe4f52.mp3","mime_type":"audio/mpeg","size_in_bytes":59358336,"duration_in_seconds":3709}]},{"id":"3c950f6d-fcf3-4fdf-a58b-df606f01192c","title":"575: Missing BSD/Linux","url":"https://www.bsdnow.tv/575","content_text":"X Window System At 40, Lessons from Ancient File Systems, HardenedBSD July 2024 Status Report, FreeBSD's 'root on ZFS' is appealing, I Miss BSD/Linux, Simple automated deployments using git\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nX Window System At 40\n\n\n\nLessons from Ancient File Systems\n\n\n\nNews Roundup\n\nHardenedBSD July 2024 Status Report\n\n\n\nFreeBSD's 'root on ZFS' default appeals to me for an odd reason\n\n\n\nI Miss BSD/Linux\n\n\n\nSimple automated deployments using git push\n\n\n\nBeastie Bits\n\n\nEuroBSDCon 2024\nEbook of “Run Your Own Mail Server” off to early backers\nInteractive UNIX\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eX Window System At 40, Lessons from Ancient File Systems, HardenedBSD July 2024 Status Report, FreeBSD\u0026#39;s \u0026#39;root on ZFS\u0026#39; is appealing, I Miss BSD/Linux, Simple automated deployments using git\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.dshr.org/2024/07/x-window-system-at-40.html\" rel=\"nofollow\"\u003eX Window System At 40\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://madcompiler.blogspot.com/2024/02/lessons-from-ancient-file-systems.html\" rel=\"nofollow\"\u003eLessons from Ancient File Systems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2024-08-03/hardenedbsd-july-2024-status-report\" rel=\"nofollow\"\u003eHardenedBSD July 2024 Status Report\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/FreeBSDZFSRootAppeal\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s \u0026#39;root on ZFS\u0026#39; default appeals to me for an odd reason\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://brainbaking.com/post/2024/05/i-miss-bsd-linux/\" rel=\"nofollow\"\u003eI Miss BSD/Linux\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://garrido.io/notes/simple-automated-deployments-git-push/\" rel=\"nofollow\"\u003eSimple automated deployments using git push\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://2024.eurobsdcon.org\" rel=\"nofollow\"\u003eEuroBSDCon 2024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/23731\" rel=\"nofollow\"\u003eEbook of “Run Your Own Mail Server” off to early backers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://computeradsfromthepast.substack.com/p/interactive-unix\" rel=\"nofollow\"\u003eInteractive UNIX\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"X Window System At 40, Lessons from Ancient File Systems, HardenedBSD July 2024 Status Report, FreeBSD's 'root on ZFS' is appealing, I Miss BSD/Linux, Simple automated deployments using git","date_published":"2024-09-05T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3c950f6d-fcf3-4fdf-a58b-df606f01192c.mp3","mime_type":"audio/mpeg","size_in_bytes":49908864,"duration_in_seconds":3119}]},{"id":"915df8c4-be34-4de6-b7ad-7c756f7e835f","title":"574: Hypervisor Determination","url":"https://www.bsdnow.tv/574","content_text":"Antithesis: Pioneering Deterministic Hypervisors with FreeBSD and Bhyve, Our slowly growing Unix monoculture, The six dumbest ideas in computer security (2005), Video Edition notes on OpenBSD, Full-featured email server running OpenBSD, ever heard of teaching a case study of Initial Unix?, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nAntithesis: Pioneering Deterministic Hypervisors with FreeBSD and Bhyve\n\n\n\nOur slowly growing Unix monoculture\n\n\n\nNews Roundup\n\nThe six dumbest ideas in computer security (2005) + HN Thread\n\n\n\nVideo Edition notes on OpenBSD\n\n\n\nFull-featured email server running OpenBSD\n\n\n\nAnyone ever heard of teaching a case study of Initial Unix?\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n574 - extrowerk - dumb ideas in computer security\n\n574 - Ep 569: on deprecation and support\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eAntithesis: Pioneering Deterministic Hypervisors with FreeBSD and Bhyve, Our slowly growing Unix monoculture, The six dumbest ideas in computer security (2005), Video Edition notes on OpenBSD, Full-featured email server running OpenBSD, ever heard of teaching a case study of Initial Unix?, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/antithesis-pioneering-deterministic-hypervisors-with-freebsd-and-bhyve/\" rel=\"nofollow\"\u003eAntithesis: Pioneering Deterministic Hypervisors with FreeBSD and Bhyve\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/OurGrowingUnixMonoculture\" rel=\"nofollow\"\u003eOur slowly growing Unix monoculture\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://ranum.com/security/computer_security/editorials/dumb/index.html\" rel=\"nofollow\"\u003eThe six dumbest ideas in computer security (2005)\u003c/a\u003e + \u003ca href=\"https://news.ycombinator.com/item?id=34513806\" rel=\"nofollow\"\u003eHN Thread\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/video-edition-notes-on-openbsd/\" rel=\"nofollow\"\u003eVideo Edition notes on OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-07-24-openbsd-email-server-setup.html\" rel=\"nofollow\"\u003eFull-featured email server running OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2024-July/030407.html\" rel=\"nofollow\"\u003eAnyone ever heard of teaching a case study of Initial Unix?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003ch2\u003e574 - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/574/feedback/extrowerk%20-%20dumb%20ideas%20in%20computer%20security.md\" rel=\"nofollow\"\u003eextrowerk - dumb ideas in computer security\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch2\u003e574 - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/574/feedback/Ep%20569%3A%20on%20deprecation%20and%20support\" rel=\"nofollow\"\u003eEp 569: on deprecation and support\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Antithesis: Pioneering Deterministic Hypervisors with FreeBSD and Bhyve, Our slowly growing Unix monoculture, The six dumbest ideas in computer security (2005), Video Edition notes on OpenBSD, Full-featured email server running OpenBSD, ever heard of teaching a case study of Initial Unix?, and more","date_published":"2024-08-29T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/915df8c4-be34-4de6-b7ad-7c756f7e835f.mp3","mime_type":"audio/mpeg","size_in_bytes":58220928,"duration_in_seconds":3638}]},{"id":"aec16048-9802-4728-a4b9-33cacc3e00c3","title":"573: Kyua Graduation","url":"https://www.bsdnow.tv/573","content_text":"What Would It Take to Recreate Bell Labs?, Human Scale Software vs Open Source, How to run Visual Studio (VS) Code Remote over SSH on FreeBSD 13 and 14, Why are some emails from Charlie Root and others are from root?, Backward compatibility has real costs even for settings, Kyua graduates, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhat Would It Take to Recreate Bell Labs?\n\n\n\nHuman Scale Software vs Open Source\n\n\n\nNews Roundup\n\nHow to run Visual Studio (VS) Code Remote over SSH on FreeBSD 13 and 14\n\n\n\nWhy are some emails from Charlie Root and others are from root?\n\n\n\nBackward compatibility, even for settings, has real costs\n\n\n\nKyua graduates\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n573 - Vedran - linuxulator\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eWhat Would It Take to Recreate Bell Labs?, Human Scale Software vs Open Source, How to run Visual Studio (VS) Code Remote over SSH on FreeBSD 13 and 14, Why are some emails from Charlie Root and others are from root?, Backward compatibility has real costs even for settings, Kyua graduates, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.construction-physics.com/p/what-would-it-take-to-recreate-bell\" rel=\"nofollow\"\u003eWhat Would It Take to Recreate Bell Labs?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://posixcafe.org/blogs/2024/07/31/0/\" rel=\"nofollow\"\u003eHuman Scale Software vs Open Source\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://group.miletic.net/en/blog/2024-06-14-how-to-run-visual-studio-vs-code-remote-over-ssh-on-freebsd-13-and-14\" rel=\"nofollow\"\u003eHow to run Visual Studio (VS) Code Remote over SSH on FreeBSD 13 and 14\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2024/07/27/why-are-some-emails-from-charlie-root-and-others-are-from-root/\" rel=\"nofollow\"\u003eWhy are some emails from Charlie Root and others are from root?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/programming/BackwardCompatibilityHasCosts\" rel=\"nofollow\"\u003eBackward compatibility, even for settings, has real costs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jmmv.dev/2024/08/kyua-graduates.html\" rel=\"nofollow\"\u003eKyua graduates\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e573 - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/573/feedback/Vedran%20-%20linuxulator\" rel=\"nofollow\"\u003eVedran - linuxulator\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"What Would It Take to Recreate Bell Labs?, Human Scale Software vs Open Source, How to run Visual Studio (VS) Code Remote over SSH on FreeBSD 13 and 14, Why are some emails from Charlie Root and others are from root?, Backward compatibility has real costs even for settings, Kyua graduates, and more","date_published":"2024-08-22T08:30:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/aec16048-9802-4728-a4b9-33cacc3e00c3.mp3","mime_type":"audio/mpeg","size_in_bytes":52131072,"duration_in_seconds":3258}]},{"id":"a12099e3-91b5-4c50-bfd6-6c4e80cbbefb","title":"572: Where's my backup?","url":"https://www.bsdnow.tv/572","content_text":"OpenBSD Workstation for the People, Bridging Networks Across VPS With Wireguard and VXLAN on FreeBSD, Updating FreeBSD the Manual Way, Part of (computer) security is convincing people that it works, Where’s my backup?, Vi and Vim: A Brief Overview, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD Workstation for the People\n\n\n\nBridging Networks Across VPS With Wireguard and VXLAN on FreeBSD\n\n\n\nNews Roundup\n\nUpdating FreeBSD the Manual Way\n\n\n\nPart of (computer) security is convincing people that it works\n\n\n\nWhere’s my backup?\n\n\n\nVi and Vim: A Brief Overview\n\n\n\nHello FreeBSD\n\n\n\nBeastie Bits\n\n\nDeadBSD #5 EnigmOS\nTHE WORKSTATION YOU WANTED IN 1990, IN YOUR POCKET\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\nJohnny - Nyxt\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenBSD Workstation for the People, Bridging Networks Across VPS With Wireguard and VXLAN on FreeBSD, Updating FreeBSD the Manual Way, Part of (computer) security is convincing people that it works, Where’s my backup?, Vi and Vim: A Brief Overview, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/openbsd-workstation-for-the-people/\" rel=\"nofollow\"\u003eOpenBSD Workstation for the People\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/07/15/bridging-networks-across-vps-wireguard-vxlan-freebsd/?utm_source=bsdweekly\" rel=\"nofollow\"\u003eBridging Networks Across VPS With Wireguard and VXLAN on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.feld.me/posts/2024/07/updating-freebsd-the-manual-way/\" rel=\"nofollow\"\u003eUpdating FreeBSD the Manual Way\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/SecurityNeedsToConvince\" rel=\"nofollow\"\u003ePart of (computer) security is convincing people that it works\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2024/07/16/wheres-my-backup/\" rel=\"nofollow\"\u003eWhere’s my backup?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://machaddr.substack.com/p/vi-and-vim-a-brief-overview\" rel=\"nofollow\"\u003eVi and Vim: A Brief Overview\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://garrido.io/posts/2024/07/21/hello-freebsd/\" rel=\"nofollow\"\u003eHello FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=bPkX5UypCAQ\" rel=\"nofollow\"\u003eDeadBSD #5 EnigmOS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackaday.com/2024/07/03/the-workstation-you-wanted-in-1990-in-your-pocket/\" rel=\"nofollow\"\u003eTHE WORKSTATION YOU WANTED IN 1990, IN YOUR POCKET\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/572/feedback/Johnny%20-%20Nyxt.md\" rel=\"nofollow\"\u003eJohnny - Nyxt\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenBSD Workstation for the People, Bridging Networks Across VPS With Wireguard and VXLAN on FreeBSD, Updating FreeBSD the Manual Way, Part of (computer) security is convincing people that it works, Where’s my backup?, Vi and Vim: A Brief Overview, and more","date_published":"2024-08-15T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a12099e3-91b5-4c50-bfd6-6c4e80cbbefb.mp3","mime_type":"audio/mpeg","size_in_bytes":57835776,"duration_in_seconds":3614}]},{"id":"84f1031b-d3b0-4f29-ab3e-baec15d00f33","title":"571: Cloud Chaos","url":"https://www.bsdnow.tv/571","content_text":"Navigating FreeBSD’s New Quarterly and Biennial Release Schedule, EuroBSDCon 2024 Schedule, From Cloud Chaos to FreeBSD Efficiency, Local-to-anchors tables in PF rules, CloudBSD, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nNavigating FreeBSD’s New Quarterly and Biennial Release Schedule\n\n\n\nhttps://mccd.space/posts/netbsd-review/\n\n\n\nEuroBSDCon 2024 Schedule\n\n\n\nNews Roundup\n\nFrom Cloud Chaos to FreeBSD Efficiency\n\n\n\nEnable local-to-anchors tables in PF rules\n\n\n\nCloudBSD\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\nRick - Feedback about Docs Bugs\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eNavigating FreeBSD’s New Quarterly and Biennial Release Schedule, EuroBSDCon 2024 Schedule, From Cloud Chaos to FreeBSD Efficiency, Local-to-anchors tables in PF rules, CloudBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/navigating-freebsds-new-quarterly-and-biennial-release-schedule/\" rel=\"nofollow\"\u003eNavigating FreeBSD’s New Quarterly and Biennial Release Schedule\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://mccd.space/posts/netbsd-review/\" rel=\"nofollow\"\u003ehttps://mccd.space/posts/netbsd-review/\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://events.eurobsdcon.org/2024/schedule/\" rel=\"nofollow\"\u003eEuroBSDCon 2024 Schedule\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/07/04/from-cloud-chaos-to-freebsd-efficiency/\" rel=\"nofollow\"\u003eFrom Cloud Chaos to FreeBSD Efficiency\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240714154257\" rel=\"nofollow\"\u003eEnable local-to-anchors tables in PF rules\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://cloudbsd.xyz/\" rel=\"nofollow\"\u003eCloudBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/571/feedback/Rick%20-%20Feedback%20about%20Docs%20Bugs.md\" rel=\"nofollow\"\u003eRick - Feedback about Docs Bugs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Navigating FreeBSD’s New Quarterly and Biennial Release Schedule, EuroBSDCon 2024 Schedule, From Cloud Chaos to FreeBSD Efficiency, Local-to-anchors tables in PF rules, CloudBSD, and more","date_published":"2024-08-08T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/84f1031b-d3b0-4f29-ab3e-baec15d00f33.mp3","mime_type":"audio/mpeg","size_in_bytes":66814464,"duration_in_seconds":4175}]},{"id":"4654582b-5a43-46d1-ac04-0be04cf72754","title":"570: RIP dhclient","url":"https://www.bsdnow.tv/570","content_text":"The FreeBSD-native-ish home lab and network, FreeBSD 14.1: What’s new, and how did we get here?, The Old Computer Challenge v4 (Olympics edition), MicroMac, a Macintosh for under £5, Adding a USB Port to the ThinkPad X1 Nano (the Hard Way), Reasons to use your shell's job control, RIP dhclient(8)\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe FreeBSD-native-ish home lab and network\n\n\n\nFreeBSD 14.1: What’s new, and how did we get here?\n\n\n\nNews Roundup\n\nThe Old Computer Challenge v4 (Olympics edition)\n\n\n\nMicroMac, a Macintosh for under £5\n\n\n\nAdding a USB Port to the ThinkPad X1 Nano (the Hard Way)\n\n\n\nReasons to use your shell's job control\n\n\n\nRIP dhclient(8)\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\nSpecial Guest: Brad Alexander.","content_html":"\u003cp\u003eThe FreeBSD-native-ish home lab and network, FreeBSD 14.1: What’s new, and how did we get here?, The Old Computer Challenge v4 (Olympics edition), MicroMac, a Macintosh for under £5, Adding a USB Port to the ThinkPad X1 Nano (the Hard Way), Reasons to use your shell\u0026#39;s job control, RIP dhclient(8)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://antranigv.am/posts/2024/06/freebsd-server-network-homelab/\" rel=\"nofollow\"\u003eThe FreeBSD-native-ish home lab and network\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-14-1-whats-new-and-how-did-we-get-here/\" rel=\"nofollow\"\u003eFreeBSD 14.1: What’s new, and how did we get here?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-06-24-old-computer-challenge-v4-announce.html\" rel=\"nofollow\"\u003eThe Old Computer Challenge v4 (Olympics edition)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://axio.ms/projects/2024/06/16/MicroMac.html\" rel=\"nofollow\"\u003eMicroMac, a Macintosh for under £5\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jcs.org/2024/05/29/x1usb\" rel=\"nofollow\"\u003eAdding a USB Port to the ThinkPad X1 Nano (the Hard Way)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jvns.ca/blog/2024/07/03/reasons-to-use-job-control/\" rel=\"nofollow\"\u003eReasons to use your shell\u0026#39;s job control\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240701055457\" rel=\"nofollow\"\u003eRIP dhclient(8)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSpecial Guest: Brad Alexander.\u003c/p\u003e","summary":"The FreeBSD-native-ish home lab and network, FreeBSD 14.1: What’s new, and how did we get here?, The Old Computer Challenge v4 (Olympics edition), MicroMac, a Macintosh for under £5, Adding a USB Port to the ThinkPad X1 Nano (the Hard Way), Reasons to use your shell's job control, RIP dhclient(8)","date_published":"2024-08-01T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4654582b-5a43-46d1-ac04-0be04cf72754.mp3","mime_type":"audio/mpeg","size_in_bytes":56421504,"duration_in_seconds":3526}]},{"id":"766ceaa1-9d99-40fc-8a8c-b640d050e19e","title":"569: The ZFS Pi","url":"https://www.bsdnow.tv/569","content_text":"Enhancing FreeBSD Stability With ZFS Pool Checkpoints, Plaintext is not a great format for (system) logs, Initial playlist of 28 BSDCan Videos released, Installing FreeBSD 14 on Raspberry Pi 4B with ZFS root, A practical guide to VPNs, IPv6, routing domains and IPSEC, How to mount ISO or file disk images on OpenBSD, and\nmore\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nEnhancing FreeBSD Stability With ZFS Pool Checkpoints\n\n\n\nPlaintext is not a great format for (system) logs\n\n\n\nNews Roundup\n\nInitial playlist of 28 BSDCan Videos released\n\n\n\nInstalling FreeBSD 14 on Raspberry Pi 4B with ZFS root\n\n\nThe following components make up my setup:\n\n\nRaspberry Pi 4B, 8 GB RAM\nOfficial Raspberry Pi 4 Power Supply\nGeekworm Raspberry Pi 4 11mm Embedded Heatsink (P165-B)\nGeekworm for Raspberry Pi 4, X862 V2.0 M.2 NGFF SATA SSD Storage Expansion Board with USB 3.1 Connector Support Key-B 2280 SSD\nWD Blue SA510 SATA SSD 2 TB M.2 2280\n4K 60Hz Micro HDMI to HDMI Adapter (to connect to a monitor, can also run headless with just power and network cable connected)\n\n\n\n\n\nA practical guide to VPNs, IPv6, routing domains and IPSEC\n\n\n\nHow to mount ISO or file disk images on OpenBSD\n\n\n\nBeastie Bits\n\n\nDeadBSD Series - There have been a few FreeBSD derived OS’s over the years, some stay, many others fade away. In this series, DeadBSD’s, we will be revisiting those long gone BSD’s and see what we missed out on.\nFury\nCultBSD\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n569 - RobN - A Thanks\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eEnhancing FreeBSD Stability With ZFS Pool Checkpoints, Plaintext is not a great format for (system) logs, Initial playlist of 28 BSDCan Videos released, Installing FreeBSD 14 on Raspberry Pi 4B with ZFS root, A practical guide to VPNs, IPv6, routing domains and IPSEC, How to mount ISO or file disk images on OpenBSD, and\u003cbr\u003e\nmore\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/07/01/enhancing-freebsd-stability-with-zfs-pool-checkpoints/\" rel=\"nofollow\"\u003eEnhancing FreeBSD Stability With ZFS Pool Checkpoints\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/PlaintextNotGreatLogFormat\" rel=\"nofollow\"\u003ePlaintext is not a great format for (system) logs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240630100913\" rel=\"nofollow\"\u003eInitial playlist of 28 BSDCan Videos released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://axcella.com/blog/2024/02/03/installing-freebsd-14-on-raspberry-pi-4b-with-zfs-root/\" rel=\"nofollow\"\u003eInstalling FreeBSD 14 on Raspberry Pi 4B with ZFS root\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe following components make up my setup:\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.raspberrypi.com/products/raspberry-pi-4-model-b/\" rel=\"nofollow\"\u003eRaspberry Pi 4B, 8 GB RAM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.raspberrypi.com/products/power-supply/\" rel=\"nofollow\"\u003eOfficial Raspberry Pi 4 Power Supply\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://geekworm.com/products/raspberry-pi-4-11mm-embedded-heatsink-p165-b\" rel=\"nofollow\"\u003eGeekworm Raspberry Pi 4 11mm Embedded Heatsink (P165-B)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://geekworm.com/products/x862\" rel=\"nofollow\"\u003eGeekworm for Raspberry Pi 4, X862 V2.0 M.2 NGFF SATA SSD Storage Expansion Board with USB 3.1 Connector Support Key-B 2280 SSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.westerndigital.com/products/internal-drives/wd-blue-sa510-sata-m-2-ssd?sku=WDS200T3B0B\" rel=\"nofollow\"\u003eWD Blue SA510 SATA SSD 2 TB M.2 2280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e4K 60Hz Micro HDMI to HDMI Adapter (to connect to a monitor, can also run headless with just power and network cable connected)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240706084626\" rel=\"nofollow\"\u003eA practical guide to VPNs, IPv6, routing domains and IPSEC\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-06-15-mount-iso-file-openbsd.html\" rel=\"nofollow\"\u003eHow to mount ISO or file disk images on OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDeadBSD Series - There have been a few FreeBSD derived OS’s over the years, some stay, many others fade away. In this series, DeadBSD’s, we will be revisiting those long gone BSD’s and see what we missed out on.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=3xl2BdlBjg0\" rel=\"nofollow\"\u003eFury\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=hmT1fXuOyos\" rel=\"nofollow\"\u003eCultBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e569 - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/569/feedback/Rob%20-%20A%20Thanks.md\" rel=\"nofollow\"\u003eRobN - A Thanks\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Enhancing FreeBSD Stability With ZFS Pool Checkpoints, Plaintext is not a great format for (system) logs, Initial playlist of 28 BSDCan Videos released, Installing FreeBSD 14 on Raspberry Pi 4B with ZFS root, A practical guide to VPNs, IPv6, routing domains and IPSEC, How to mount ISO or file disk images on OpenBSD, and more","date_published":"2024-07-25T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/766ceaa1-9d99-40fc-8a8c-b640d050e19e.mp3","mime_type":"audio/mpeg","size_in_bytes":45727104,"duration_in_seconds":2857}]},{"id":"a0464306-5fee-4eba-a81c-b26393ebd0f2","title":"568: regreSSHion","url":"https://www.bsdnow.tv/568","content_text":"regreSSHion vulnerability, Improving and debugging FreeBSDs Intel wifi support, FreeBSD adds an implementation of the 9P filesystem, FreeBSD Zero to Desktop Speedrun Challenge, Why and how to run your own FreeBSD package cache, Game of Trees Hub, Why Does FreeBSD Default to Csh/Tcsh, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nregreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems and OpenBSD 9.8\n\n\n\nImproving and debugging FreeBSDs Intel wifi support\n\n\n\nFreeBSD adds an implementation of the 9P filesystem\n\n\n\nNews Roundup\n\nFreeBSD Zero to Desktop Speedrun Challenge\n\n\n\nWhy and how to run your own FreeBSD package cache\n\n\n\nGame of Trees Hub: A Git Repository Hosting Service Based on OpenBSD\n\n\n\nWhy Does FreeBSD Default to Csh/Tcsh? Exploring Its Advantages\n\n\n\nAI-assisted computer interfaces of the future\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eregreSSHion vulnerability, Improving and debugging FreeBSDs Intel wifi support, FreeBSD adds an implementation of the 9P filesystem, FreeBSD Zero to Desktop Speedrun Challenge, Why and how to run your own FreeBSD package cache, Game of Trees Hub, Why Does FreeBSD Default to Csh/Tcsh, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt\" rel=\"nofollow\"\u003eregreSSHion: RCE in OpenSSH\u0026#39;s server, on glibc-based Linux systems\u003c/a\u003e and \u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240701102851\" rel=\"nofollow\"\u003eOpenBSD 9.8\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/improving-and-debugging-freebsds-intel-wi-fi-support-cheng-cuis-key-role-in-the-iwlwifi-project/\" rel=\"nofollow\"\u003eImproving and debugging FreeBSDs Intel wifi support\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://cgit.freebsd.org/src/commit/?id=e97ad33a89a78f55280b0485b3249ee9b907a718\" rel=\"nofollow\"\u003eFreeBSD adds an implementation of the 9P filesystem\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://vermaden.wordpress.com/2024/04/05/freebsd-zero-to-desktop-speedrun-challenge/\" rel=\"nofollow\"\u003eFreeBSD Zero to Desktop Speedrun Challenge\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.rlwinm.de/why-and-how-to-run-your-own-freebsd-package-cache-3wbg\" rel=\"nofollow\"\u003eWhy and how to run your own FreeBSD package cache\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240621074337\" rel=\"nofollow\"\u003eGame of Trees Hub: A Git Repository Hosting Service Based on OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://lobste.rs/s/iuzuge/why_does_freebsd_default_csh_tcsh\" rel=\"nofollow\"\u003eWhy Does FreeBSD Default to Csh/Tcsh? Exploring Its Advantages\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://whynothugo.nl/journal/2023/03/23/ai-assisted-computer-interfaces-of-the-future/\" rel=\"nofollow\"\u003eAI-assisted computer interfaces of the future\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"regreSSHion vulnerability, Improving and debugging FreeBSDs Intel wifi support, FreeBSD adds an implementation of the 9P filesystem, FreeBSD Zero to Desktop Speedrun Challenge, Why and how to run your own FreeBSD package cache, Game of Trees Hub, Why Does FreeBSD Default to Csh/Tcsh, and more","date_published":"2024-07-18T12:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a0464306-5fee-4eba-a81c-b26393ebd0f2.mp3","mime_type":"audio/mpeg","size_in_bytes":78023565,"duration_in_seconds":3250}]},{"id":"d7de607e-7822-486f-8649-0053e89207a6","title":"567: To the Core","url":"https://www.bsdnow.tv/567","content_text":"SSH as a sudo replacement, Core.13 is Now In Office, Running GoToSocial on NetBSD, A DMD package for OpenIndiana, Adding more swap space to Omnios, OpenBSD adds initial support for Qualcomm Snapdragon Elite X after 1 day, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nSSH as a sudo replacement\n\n\n\nCore.13 is Now In Office\n\n\n\nNews Roundup\n\nRunning GoToSocial on NetBSD\n\n\n\nA DMD package for OpenIndiana\n\n\n\nAdding more swap space to Omnios\n\n\n\nOpenBSD added initial support for Qualcomm Snapdragon Elite X after 1 day\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nIsa - Pinebook Question.md\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eSSH as a sudo replacement, Core.13 is Now In Office, Running GoToSocial on NetBSD, A DMD package for OpenIndiana, Adding more swap space to Omnios, OpenBSD adds initial support for Qualcomm Snapdragon Elite X after 1 day, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://whynothugo.nl/journal/2024/06/13/ssh-as-a-sudo-replacement/\" rel=\"nofollow\"\u003eSSH as a sudo replacement\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-announce/2024-June/000136.html\" rel=\"nofollow\"\u003eCore.13 is Now In Office\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/running-gotosocial-on-netbsd/\" rel=\"nofollow\"\u003eRunning GoToSocial on NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/20240609.html\" rel=\"nofollow\"\u003eA DMD package for OpenIndiana\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://neirac.srht.site/posts/omnios-add-swap.html\" rel=\"nofollow\"\u003eAdding more swap space to Omnios\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240620105457\" rel=\"nofollow\"\u003eOpenBSD added initial support for Qualcomm Snapdragon Elite X after 1 day\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/567/feedback/Isa%20-%20Pinebook%20Question.md\" rel=\"nofollow\"\u003eIsa - Pinebook Question.md\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"SSH as a sudo replacement, Core.13 is Now In Office, Running GoToSocial on NetBSD, A DMD package for OpenIndiana, Adding more swap space to Omnios, OpenBSD adds initial support for Qualcomm Snapdragon Elite X after 1 day, and more","date_published":"2024-07-11T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d7de607e-7822-486f-8649-0053e89207a6.mp3","mime_type":"audio/mpeg","size_in_bytes":60410304,"duration_in_seconds":2517}]},{"id":"6d99d221-b4fa-4373-b5df-1a36548bfd9e","title":"566: Open Source Excellence","url":"https://www.bsdnow.tv/566","content_text":"A Journey Through 31 Years of Open Source Excellence, Proxmox vs FreeBSD: Which Virtualization Host Performs Better?, Upstreaming FreeBSD Code to the Linux Vector Packet Processor Project, FreeBSD Tips and Tricks: Creating Snapshots With UFS, My Concern With Rust, or a Case for the BSD's, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nCelebrating FreeBSD Day: A Journey Through 31 Years of Open Source Excellence\n\n\n\nProxmox vs FreeBSD: Which Virtualization Host Performs Better?\n\n\n\nNews Roundup\n\nUpstreaming FreeBSD Code to the Linux Vector Packet Processor Project\n\n\n\nFreeBSD Tips and Tricks: Creating Snapshots With UFS\n\n\n\nMy Concern With Rust, or a Case for the BSD's\n\n\n\nBeastie Bits\n\n\nInstall FreeBSD 14.1 and KDE Plasma 6 in QEMU VM tutorial - June 2024 - 2da0c933\nLet's Try BSD, Part 1 of 7: Introduction\nOpenBSD, the computer appliance maker's secret weapon\nFreeBSD Day: Interview with Deb Goodkin\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nJohnny - Thanks\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eA Journey Through 31 Years of Open Source Excellence, Proxmox vs FreeBSD: Which Virtualization Host Performs Better?, Upstreaming FreeBSD Code to the Linux Vector Packet Processor Project, FreeBSD Tips and Tricks: Creating Snapshots With UFS, My Concern With Rust, or a Case for the BSD\u0026#39;s, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://hamradio.my/2024/06/celebrating-freebsd-day-a-journey-through-31-years-of-open-source-excellence/\" rel=\"nofollow\"\u003eCelebrating FreeBSD Day: A Journey Through 31 Years of Open Source Excellence\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/06/10/proxmox-vs-freebsd-which-virtualization-host-performs-better/\" rel=\"nofollow\"\u003eProxmox vs FreeBSD: Which Virtualization Host Performs Better?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://thenewstack.io/upstreaming-the-linux-vector-packet-processor-vpp-to-freebsd/\" rel=\"nofollow\"\u003eUpstreaming FreeBSD Code to the Linux Vector Packet Processor Project\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/06/04/freebsd-tips-and-tricks-creating-snapshots-with-ufs/\" rel=\"nofollow\"\u003eFreeBSD Tips and Tricks: Creating Snapshots With UFS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://superserverhero.com/reports/my-concern-with-rust\" rel=\"nofollow\"\u003eMy Concern With Rust, or a Case for the BSD\u0026#39;s\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=mmjYuDjWXto\u0026t=1s\" rel=\"nofollow\"\u003eInstall FreeBSD 14.1 and KDE Plasma 6 in QEMU VM tutorial - June 2024 - 2da0c933\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://lowendbox.com/blog/lets-try-bsd-part-1-of-7-introduction-freebsd-openbsd-netbsd-dragonflybsd/\" rel=\"nofollow\"\u003eLet\u0026#39;s Try BSD, Part 1 of 7: Introduction\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://hiandrewquinn.github.io/til-site/posts/openbsd-the-computer-appliance-maker-s-secret-weapon/\" rel=\"nofollow\"\u003eOpenBSD, the computer appliance maker\u0026#39;s secret weapon\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://youtu.be/xuYBsRAMvA8\" rel=\"nofollow\"\u003eFreeBSD Day: Interview with Deb Goodkin\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/566/feedback/johnny%20-%20thanks.md\" rel=\"nofollow\"\u003eJohnny - Thanks\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"A Journey Through 31 Years of Open Source Excellence, Proxmox vs FreeBSD: Which Virtualization Host Performs Better?, Upstreaming FreeBSD Code to the Linux Vector Packet Processor Project, FreeBSD Tips and Tricks: Creating Snapshots With UFS, My Concern With Rust, or a Case for the BSD's, and more","date_published":"2024-07-04T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6d99d221-b4fa-4373-b5df-1a36548bfd9e.mp3","mime_type":"audio/mpeg","size_in_bytes":80745408,"duration_in_seconds":3364}]},{"id":"0e1b5cea-6e44-44e4-ac3a-f6f0fe49814c","title":"565: Secure by default","url":"https://www.bsdnow.tv/565","content_text":"NetBSD 10 on a Pinebook Pro, OpenBSD extreme privacy setup, Version 256 of systemd boasts '42% less Unix philosophy', Posix.1 2024 is out, Blocking Access From or to Specific Countries Using FreeBSD and Pf, and more.\nDate: 2024.06.17\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nNetBSD 10 on a Pinebook Pro\n\n\n\nOpenBSD extreme privacy setup\n\n\n\nNews Roundup\n\nVersion 256 of systemd boasts '42% less Unix philosophy'\n\n\n\nPosix.1 2024 is out\n\n\n\nBlocking Access From or to Specific Countries Using FreeBSD and Pf\n\n\n\nBeastie Bits\n\n\nBSD User Group Düsseldorf Juli 2024\nAnother cool UNIX workstation, that was never released\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eNetBSD 10 on a Pinebook Pro, OpenBSD extreme privacy setup, Version 256 of systemd boasts \u0026#39;42% less Unix philosophy\u0026#39;, Posix.1 2024 is out, Blocking Access From or to Specific Countries Using FreeBSD and Pf, and more.\u003cbr\u003e\nDate: 2024.06.17\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.idatum.net/netbsd-10-on-a-pinebook-pro-laptop.html\" rel=\"nofollow\"\u003eNetBSD 10 on a Pinebook Pro\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-06-08-openbsd-privacy-setup.html\" rel=\"nofollow\"\u003eOpenBSD extreme privacy setup\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2024/06/13/version_256_systemd/\" rel=\"nofollow\"\u003eVersion 256 of systemd boasts \u0026#39;42% less Unix philosophy\u0026#39;\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://ieeexplore.ieee.org/document/10555529\" rel=\"nofollow\"\u003ePosix.1 2024 is out\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/06/16/freebsd-blocking-country-access/\" rel=\"nofollow\"\u003eBlocking Access From or to Specific Countries Using FreeBSD and Pf\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/de-DE/bsd-user-group-dusseldorf-bsd-nrw/events/301557512/\" rel=\"nofollow\"\u003eBSD User Group Düsseldorf Juli 2024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/unix/comments/1dd60re/another_cool_unix_workstation_that_was_never/\" rel=\"nofollow\"\u003eAnother cool UNIX workstation, that was never released\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"NetBSD 10 on a Pinebook Pro, OpenBSD extreme privacy setup, Version 256 of systemd boasts '42% less Unix philosophy', Posix.1 2024 is out, Blocking Access From or to Specific Countries Using FreeBSD and Pf, and more.\r\nDate: 2024.06.17","date_published":"2024-06-27T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0e1b5cea-6e44-44e4-ac3a-f6f0fe49814c.mp3","mime_type":"audio/mpeg","size_in_bytes":74142504,"duration_in_seconds":3089}]},{"id":"75f62433-2e69-4de9-ad72-000a03d75e16","title":"564: Computation Poems","url":"https://www.bsdnow.tv/564","content_text":"Results from the 2024 FreeBSD Community Survey Report, What is Computer Science? ~1967, Computation Poems, Old Info, but still good -- HOWTO: Set up and configure security/sshguard-pf, observium-freebsd-install, FreeBSD Tips and Tricks: Native Read-Only Root File System, OpenSSH introduces options to penalize undesirable behavior, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nResults from the 2024 FreeBSD Community Survey Report\n\n\n\nWhat is Computer Science? ~1967\n\n\n\nNews Roundup\n\nComputation Poems\n\n\n\nOld Info, but still good -- HOWTO: Set up and configure security/sshguard-pf\n\n\n\nobservium-freebsd-install\n\n\n\nFreeBSD Tips and Tricks: Native Read-Only Root File System\n\n\n\nOpenSSH introduces options to penalize undesirable behavior\n\n\n\nBeastie Bits\n\n\nA Unix* Primer\nRunning Xvnc through the INETD\nifconfig\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eResults from the 2024 FreeBSD Community Survey Report, What is Computer Science? ~1967, Computation Poems, Old Info, but still good -- HOWTO: Set up and configure security/sshguard-pf, observium-freebsd-install, FreeBSD Tips and Tricks: Native Read-Only Root File System, OpenSSH introduces options to penalize undesirable behavior, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/results-from-the-2024-freebsd-community-survey-report/\" rel=\"nofollow\"\u003eResults from the 2024 FreeBSD Community Survey Report\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.cs.cmu.edu/%7Echoset/whatiscs.html\" rel=\"nofollow\"\u003eWhat is Computer Science? ~1967\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://nickm.com/poems/\" rel=\"nofollow\"\u003eComputation Poems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/howto-set-up-and-configure-security-sshguard-pf.39196/\" rel=\"nofollow\"\u003eOld Info, but still good -- HOWTO: Set up and configure security/sshguard-pf\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/pmhausen/observium-freebsd-install\" rel=\"nofollow\"\u003eobservium-freebsd-install\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/05/31/freebsd-tips-and-tricks-native-ro-rootfs/\" rel=\"nofollow\"\u003eFreeBSD Tips and Tricks: Native Read-Only Root File System\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240607042157\" rel=\"nofollow\"\u003eOpenSSH introduces options to penalize undesirable behavior\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://archive.org/details/unixprimer0000lomu/mode/2up\" rel=\"nofollow\"\u003eA Unix* Primer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bugs.dragonflybsd.org/issues/3300#change-14548\" rel=\"nofollow\"\u003eRunning Xvnc through the INETD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://man.ifconfig.se/\" rel=\"nofollow\"\u003eifconfig\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Results from the 2024 FreeBSD Community Survey Report, What is Computer Science? ~1967, Computation Poems, Old Info, but still good -- HOWTO: Set up and configure security/sshguard-pf, observium-freebsd-install, FreeBSD Tips and Tricks: Native Read-Only Root File System, OpenSSH introduces options to penalize undesirable behavior, and more","date_published":"2024-06-20T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/75f62433-2e69-4de9-ad72-000a03d75e16.mp3","mime_type":"audio/mpeg","size_in_bytes":74329664,"duration_in_seconds":3096}]},{"id":"6f802912-a29d-4285-ac35-22bd8efcebeb","title":"563: 14.1","url":"https://www.bsdnow.tv/563","content_text":"FreeBSD 14.1-RELEASE Announcement, Automatic dark mode with OpenBSD and dwm, dhcp6leased(8) imported to -current, DHCPv6-PD - First steps by florian@, Replacing my OPNsense gateway hardware by a Protectli appliance, How to alter file owernship and permissions with a feedback information, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD 14.1-RELEASE Announcement\n\n\n\nNews Roundup\n\nAutomatic dark mode with OpenBSD and dwm\n\n\n\ndhcp6leased(8) imported to -current\n\nDHCPv6-PD - First steps by florian@\n\n\n\nReplacing my OPNsense gateway hardware by a Protectli appliance\n\n\n\nHow to alter file owernship and permissions with a feedback information\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nSad News\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD 14.1-RELEASE Announcement, Automatic dark mode with OpenBSD and dwm, dhcp6leased(8) imported to -current, DHCPv6-PD - First steps by florian@, Replacing my OPNsense gateway hardware by a Protectli appliance, How to alter file owernship and permissions with a feedback information, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/releases/14.1R/announce/\" rel=\"nofollow\"\u003eFreeBSD 14.1-RELEASE Announcement\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://plexwave.org/blog/auto-dark-mode\" rel=\"nofollow\"\u003eAutomatic dark mode with OpenBSD and dwm\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20240604085042\u0026utm_source=bsdweekly\" rel=\"nofollow\"\u003edhcp6leased(8) imported to -current\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240606180535\" rel=\"nofollow\"\u003eDHCPv6-PD - First steps by florian@\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ncartron.org/replacing-my-opnsense-gateway-hardware-by-a-protectli-appliance.html\" rel=\"nofollow\"\u003eReplacing my OPNsense gateway hardware by a Protectli appliance\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://sleeplessbeastie.eu/2024/04/18/how-to-alter-file-ownership-and-permissions-with-a-feedback-information/\" rel=\"nofollow\"\u003eHow to alter file owernship and permissions with a feedback information\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/563/feedback/sad_news.md\" rel=\"nofollow\"\u003eSad News\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD 14.1-RELEASE Announcement, Automatic dark mode with OpenBSD and dwm, dhcp6leased(8) imported to -current, DHCPv6-PD - First steps by florian@, Replacing my OPNsense gateway hardware by a Protectli appliance, How to alter file owernship and permissions with a feedback information, and more","date_published":"2024-06-13T12:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6f802912-a29d-4285-ac35-22bd8efcebeb.mp3","mime_type":"audio/mpeg","size_in_bytes":47132160,"duration_in_seconds":2945}]},{"id":"fc1d93fb-8b7a-40cd-8141-6a2a676e6545","title":"562: All by myself","url":"https://www.bsdnow.tv/562","content_text":"My personal BSDCan Devsummit and Schedule, Syncthing, Paperless-ngx, neovim, Things we always remind ourselves while coding, and more.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n\n\nFreeBSD Devsummit 2024 Schedule\n\nBSDCan 2024 Schedule\n\n\n\nNews Roundup\n\nA list of things I was drawn deeper into, got excited about, and wanted to tell you more about.\n\n\n\nSyncthing\n\n\n\nPaperless-ngx\n\n\nFreeBSD ports man page\n\n\n\n\nNeovim\n\n\nList of popular plugins and themes\nNeovim for Newbs (by the Typecraft guy)\nJosean Martinez does a step by step tutorial\nBlog post about the setup\nTJ DeVries (Neovim developer) reads the entire manual in 9:27:42\n\n\n\n\nThings we always remind ourselves while coding\n\n\n\nBeastie Bits\n\n\nMe giving a ZFS intro talk, Sci-fi style (German)\nGulaschprogrammiernacht (GPN) 22 (some English talks, but most in German)\nA RAM-disk based workflow\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eMy personal BSDCan Devsummit and Schedule, Syncthing, Paperless-ngx, neovim, Things we always remind ourselves while coding, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/news-and-events/event-calendar/may-2024-freebsd-developer-summit/\" rel=\"nofollow\"\u003eFreeBSD Devsummit 2024 Schedule\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://indico.bsdcan.org/event/1/timetable/?#20240531.detailed\" rel=\"nofollow\"\u003eBSDCan 2024 Schedule\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003eA list of things I was drawn deeper into, got excited about, and wanted to tell you more about.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://syncthing.net\" rel=\"nofollow\"\u003eSyncthing\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://docs.paperless-ngx.com\" rel=\"nofollow\"\u003ePaperless-ngx\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://man.freebsd.org/cgi/man.cgi?query=paperless\u0026apropos=0\u0026sektion=0\u0026manpath=FreeBSD+14.0-RELEASE+and+Ports\u0026arch=default\u0026format=html\" rel=\"nofollow\"\u003eFreeBSD ports man page\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://neovim.io\" rel=\"nofollow\"\u003eNeovim\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://neovimcraft.com\" rel=\"nofollow\"\u003eList of popular plugins and themes\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLsz00TDipIffreIaUNk64KxTIkQaGguqn\" rel=\"nofollow\"\u003eNeovim for Newbs (by the Typecraft guy)\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=6pAG3BHurdM\u0026list=PLnu5gT9QrFg36OehOdECFvxFFeMHhb_07\u0026index=11\u0026pp=iAQB\" rel=\"nofollow\"\u003eJosean Martinez does a step by step tutorial\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.josean.com/posts/how-to-setup-neovim-2024\" rel=\"nofollow\"\u003eBlog post about the setup\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=rT-fbLFOCy0\" rel=\"nofollow\"\u003eTJ DeVries (Neovim developer) reads the entire manual in 9:27:42\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://changelog.com/posts/things-we-always-remind-ourselves-while-coding\" rel=\"nofollow\"\u003eThings we always remind ourselves while coding\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://media.ccc.de/v/fsck-2024-66-disk-space-the-final-frontier-\" rel=\"nofollow\"\u003eMe giving a ZFS intro talk, Sci-fi style (German)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cfp.gulas.ch/gpn22/schedule/\" rel=\"nofollow\"\u003eGulaschprogrammiernacht (GPN) 22 (some English talks, but most in German)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://people.freebsd.org/%7Edch/posts/2014-09-05-a-ramdisk-based-workflow/\" rel=\"nofollow\"\u003eA RAM-disk based workflow\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"My personal BSDCan Devsummit and Schedule, Syncthing, Paperless-ngx, neovim, Things we always remind ourselves while coding, and more.","date_published":"2024-06-06T00:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fc1d93fb-8b7a-40cd-8141-6a2a676e6545.mp3","mime_type":"audio/mpeg","size_in_bytes":70874112,"duration_in_seconds":4429}]},{"id":"499e2b62-bfa6-43ac-95b3-3b9962a113de","title":"561: Kicked off ARPANET","url":"https://www.bsdnow.tv/561","content_text":"Why FreeBSD Continues to Innovate and Thrive, Why BSD, A BSD person tries Alpine Linux, This message does not exist, Demise of Nagle's algorithm, How Jerry Pournelle Got Kicked Off the ARPANET, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhy FreeBSD Continues to Innovate and Thrive\n\n\n\nWhy BSD\n\n\n\nNews Roundup\n\nA BSD person tries Alpine Linux\n\n\n\nThis message does not exist\n\n\n\nDemise of Nagle's algorithm (RFC 896 - Congestion Control) predicted via sysctl\n\n\n\nHow Jerry Pournelle Got Kicked Off the ARPANET\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eWhy FreeBSD Continues to Innovate and Thrive, Why BSD, A BSD person tries Alpine Linux, This message does not exist, Demise of Nagle\u0026#39;s algorithm, How Jerry Pournelle Got Kicked Off the ARPANET, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/why-freebsd-continues-to-innovate-and-thrive/\" rel=\"nofollow\"\u003eWhy FreeBSD Continues to Innovate and Thrive\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://michal.sapka.me/bsd/why-bsd/\" rel=\"nofollow\"\u003eWhy BSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://rubenerd.com/a-bsd-pserson-trying-alpine-linux/\" rel=\"nofollow\"\u003eA BSD person tries Alpine Linux\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.kmjn.org/notes/message_existence.html\" rel=\"nofollow\"\u003eThis message does not exist\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240514075024\" rel=\"nofollow\"\u003eDemise of Nagle\u0026#39;s algorithm (RFC 896 - Congestion Control) predicted via sysctl\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://delong.typepad.com/sdj/2013/07/how-jerry-pournelle-got-kicked-off-the-arpanet.html\" rel=\"nofollow\"\u003eHow Jerry Pournelle Got Kicked Off the ARPANET\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Why FreeBSD Continues to Innovate and Thrive, Why BSD, A BSD person tries Alpine Linux, This message does not exist, Demise of Nagle's algorithm, How Jerry Pournelle Got Kicked Off the ARPANET, and more","date_published":"2024-05-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/499e2b62-bfa6-43ac-95b3-3b9962a113de.mp3","mime_type":"audio/mpeg","size_in_bytes":59200128,"duration_in_seconds":3700}]},{"id":"9822ee64-8eaf-48cf-8603-d583f258fc4f","title":"560: Why not BSD","url":"https://www.bsdnow.tv/560","content_text":"FreeBSD Status Report First Quarter 2024, Why not BSD, LibreSSL version 3.9.2 released, Running NetBSD on OmniOS using bhyve, X.Org on NetBSD, Unix version control lore: what, ident, How I search in 2024, sshd split into multiple binaries, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Status Report First Quarter 2024\n\n\n\nWhy not BSD + Sequel next week\n\n\n\nNews Roundup\n\nLibreSSL version 3.9.2 released\n\n\n\nRunning NetBSD on OmniOS using bhyve\n\n\n\nX.Org on NetBSD - the state of things\n\n\n\nUnix version control lore: what, ident\n\n\n\nHow I search in 2024\n\n\n\nsshd(8) split into multiple binaries\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD Status Report First Quarter 2024, Why not BSD, LibreSSL version 3.9.2 released, Running NetBSD on OmniOS using bhyve, X.Org on NetBSD, Unix version control lore: what, ident, How I search in 2024, sshd split into multiple binaries, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/status/report-2024-01-2024-03/\" rel=\"nofollow\"\u003eFreeBSD Status Report First Quarter 2024\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://michal.sapka.me/bsd/why-not-bsd/\" rel=\"nofollow\"\u003eWhy not BSD\u003c/a\u003e + Sequel next week\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240512115958\" rel=\"nofollow\"\u003eLibreSSL version 3.9.2 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/running-netbsd-on-omnios-using-bhyve/\" rel=\"nofollow\"\u003eRunning NetBSD on OmniOS using bhyve\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/x_org_on_netbsd_the\" rel=\"nofollow\"\u003eX.Org on NetBSD - the state of things\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dotat.at/@/2024-05-13-what-ident.html\" rel=\"nofollow\"\u003eUnix version control lore: what, ident\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vickiboykis.com/2024/04/25/how-i-search-in-2024/\" rel=\"nofollow\"\u003eHow I search in 2024\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240517092416\" rel=\"nofollow\"\u003esshd(8) split into multiple binaries\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD Status Report First Quarter 2024, Why not BSD, LibreSSL version 3.9.2 released, Running NetBSD on OmniOS using bhyve, X.Org on NetBSD, Unix version control lore: what, ident, How I search in 2024, sshd split into multiple binaries, and more","date_published":"2024-05-23T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9822ee64-8eaf-48cf-8603-d583f258fc4f.mp3","mime_type":"audio/mpeg","size_in_bytes":59353728,"duration_in_seconds":3709}]},{"id":"9e7884ae-e36e-4f7f-8c73-96cd70d35b45","title":"559: Rainy WiFi Days","url":"https://www.bsdnow.tv/559","content_text":"An RNG that runs in your brain, Going Stateless, SmolBSD, The Wi-Fi only works when it's raining, Wayland, where are we in 2024?, Omnios pxe booting, OpenBSD scripts to convert wg-quick VPN files, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nAn RNG that runs in your brain\n\n\n\nGoing Stateless\n\n\n\nNews Roundup\n\nSmolBSD\n\n\n\nThe Wi-Fi only works when it's raining\n\n\n\nWayland, where are we in 2024? Any good for being the default?\n\n\n\nOmnios pxe booting\n\n\n\nOpenBSD scripts to convert wg-quick VPN files\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eAn RNG that runs in your brain, Going Stateless, SmolBSD, The Wi-Fi only works when it\u0026#39;s raining, Wayland, where are we in 2024?, Omnios pxe booting, OpenBSD scripts to convert wg-quick VPN files, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.hillelwayne.com/post/randomness/\" rel=\"nofollow\"\u003eAn RNG that runs in your brain\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-04-20-workstation-going-stateless.html\" rel=\"nofollow\"\u003eGoing Stateless\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://smolbsd.org\" rel=\"nofollow\"\u003eSmolBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://predr.ag/blog/wifi-only-works-when-its-raining/\" rel=\"nofollow\"\u003eThe Wi-Fi only works when it\u0026#39;s raining\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.dedoimedo.com/computers/wayland-2024.html\" rel=\"nofollow\"\u003eWayland, where are we in 2024? Any good for being the default?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://neirac.srht.site/posts/ipxe_boot.html\" rel=\"nofollow\"\u003eOmnios pxe booting\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-04-27-openbsd-wg-quick-converter.html\" rel=\"nofollow\"\u003eOpenBSD scripts to convert wg-quick VPN files\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"An RNG that runs in your brain, Going Stateless, SmolBSD, The Wi-Fi only works when it's raining, Wayland, where are we in 2024?, Omnios pxe booting, OpenBSD scripts to convert wg-quick VPN files, and more","date_published":"2024-05-16T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9e7884ae-e36e-4f7f-8c73-96cd70d35b45.mp3","mime_type":"audio/mpeg","size_in_bytes":54996864,"duration_in_seconds":3437}]},{"id":"813adc0b-a4ca-4810-9cac-ef64a1dafccd","title":"558: Worlds of telnet","url":"https://www.bsdnow.tv/558","content_text":"NetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs.  Plus a special interview with the organizers of BSDCAN 2024.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nNetBSD 9.4\n\n\n\nFreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance\n\n\n\nNews Roundup\n\nThe Lost Worlds of Telnet\n\n\n\nHow to alter file ownership and permissions with a feedback information\n\n\n\nComing soon to a -current system near you: parallel raw IP input\n\n\n\nOpenBSD routers on AliExpress mini PCs\n\n\n\nFreeBSD for Devs\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nFeedback/Questions\n\n\nDaniel - jail issue\nRick - ZFS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eNetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs.  Plus a special interview with the organizers of BSDCAN 2024.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.netbsd.org/releases/formal-9/NetBSD-9.4.html\" rel=\"nofollow\"\u003eNetBSD 9.4\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/\" rel=\"nofollow\"\u003eFreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://thenewstack.io/the-lost-worlds-of-telnet/\" rel=\"nofollow\"\u003eThe Lost Worlds of Telnet\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://sleeplessbeastie.eu/2024/04/18/how-to-alter-file-ownership-and-permissions-with-a-feedback-information/\" rel=\"nofollow\"\u003eHow to alter file ownership and permissions with a feedback information\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20240418050520\" rel=\"nofollow\"\u003eComing soon to a -current system near you: parallel raw IP input\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.srcbeat.com/2024/02/aliexpress-openbsd-router/\" rel=\"nofollow\"\u003eOpenBSD routers on AliExpress mini PCs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dev.to/scovl/freebsd-for-devs-3n0k\" rel=\"nofollow\"\u003eFreeBSD for Devs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/556/feedback/Daniel%20-%20jail%20issue.md\" rel=\"nofollow\"\u003eDaniel - jail issue\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/556/feedback/Rick%20-%20ZFS.md\" rel=\"nofollow\"\u003eRick - ZFS\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"NetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs.  Plus a special interview with the organizers of BSDCAN 2024.","date_published":"2024-05-09T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/813adc0b-a4ca-4810-9cac-ef64a1dafccd.mp3","mime_type":"audio/mpeg","size_in_bytes":87563520,"duration_in_seconds":5472}]},{"id":"e7b7b0ae-86ba-4f1e-849b-e46741b63ebd","title":"557: 17h per frame","url":"https://www.bsdnow.tv/557","content_text":"Open Source Software: The $9 Trillion Resource Companies Take for Granted, Tinkering with Manjaro and NetBSD on the Pinebook Pro: a crumbs-in-the-forest tutorial \u0026amp; review, OpenSMTPD 7.5.0p0 Released, OpenBSD 7.5 locks down with improved disk encryption support and syscall limitations, Book 8088, Custom Prometheus dashboards using Console templates, FreeBSD Foundation March 2024 Partnerships Update, Ray tracing made possible on 42-year-old ZX Spectrum: 'reasonably fast, if you consider 17 hours per frame to be reasonably fast', and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpen Source Software: The $9 Trillion Resource Companies Take for Granted\n\n\n\nTinkering with Manjaro and NetBSD on the Pinebook Pro: a crumbs-in-the-forest tutorial \u0026amp; review\n\n\n\nNews Roundup\n\nOpenSMTPD 7.5.0p0 Released\n\n\n\nOpenBSD 7.5 locks down with improved disk encryption support and syscall limitations\n\n\n\nBook 8088\n\n\n\nCustom Prometheus dashboards using Console templates\n\n\n\nFreeBSD Foundation March 2024 Partnerships Update\n\n\n\nRay tracing made possible on 42-year-old ZX Spectrum: 'reasonably fast, if you consider 17 hours per frame to be reasonably fast'\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpen Source Software: The $9 Trillion Resource Companies Take for Granted, Tinkering with Manjaro and NetBSD on the Pinebook Pro: a crumbs-in-the-forest tutorial \u0026amp; review, OpenSMTPD 7.5.0p0 Released, OpenBSD 7.5 locks down with improved disk encryption support and syscall limitations, Book 8088, Custom Prometheus dashboards using Console templates, FreeBSD Foundation March 2024 Partnerships Update, Ray tracing made possible on 42-year-old ZX Spectrum: \u0026#39;reasonably fast, if you consider 17 hours per frame to be reasonably fast\u0026#39;, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://hbswk.hbs.edu/item/open-source-software-the-nine-trillion-resource-companies-take-for-granted\" rel=\"nofollow\"\u003eOpen Source Software: The $9 Trillion Resource Companies Take for Granted\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.autodidacts.io/pinebook-pro-linux-bsd-laptop-review-tutorial/\" rel=\"nofollow\"\u003eTinkering with Manjaro and NetBSD on the Pinebook Pro: a crumbs-in-the-forest tutorial \u0026amp; review\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240410185045\" rel=\"nofollow\"\u003eOpenSMTPD 7.5.0p0 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2024/04/12/openbsd_75_disk_encryption/\" rel=\"nofollow\"\u003eOpenBSD 7.5 locks down with improved disk encryption support and syscall limitations\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://liliputing.com/version-2-0-of-the-book-8088-retro-mini-laptop-adds-vga-graphics-card-and-serial-ports/\" rel=\"nofollow\"\u003eBook 8088\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://tumfatig.net/2024/custom-prometheus-dashboards-using-console-templates/\" rel=\"nofollow\"\u003eCustom Prometheus dashboards using Console templates\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/march-2024-partnerships-update/\" rel=\"nofollow\"\u003eFreeBSD Foundation March 2024 Partnerships Update\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.pcgamer.com/ray-tracing-made-possible-on-42-year-old-zx-spectrum-reasonably-fast-if-you-consider-17-hours-per-frame-to-be-reasonably-fast/\" rel=\"nofollow\"\u003eRay tracing made possible on 42-year-old ZX Spectrum: \u0026#39;reasonably fast, if you consider 17 hours per frame to be reasonably fast\u0026#39;\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Open Source Software: The $9 Trillion Resource Companies Take for Granted, Tinkering with Manjaro and NetBSD on the Pinebook Pro: a crumbs-in-the-forest tutorial \u0026 review, OpenSMTPD 7.5.0p0 Released, OpenBSD 7.5 locks down with improved disk encryption support and syscall limitations, Book 8088, Custom Prometheus dashboards using Console templates, FreeBSD Foundation March 2024 Partnerships Update, Ray tracing made possible on 42-year-old ZX Spectrum: 'reasonably fast, if you consider 17 hours per frame to be reasonably fast', and more","date_published":"2024-05-02T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e7b7b0ae-86ba-4f1e-849b-e46741b63ebd.mp3","mime_type":"audio/mpeg","size_in_bytes":44994816,"duration_in_seconds":2812}]},{"id":"92703554-9e85-425e-ac8a-a5d5aa0cc9c4","title":"556: Cozy OpenBSD","url":"https://www.bsdnow.tv/556","content_text":"OpenBSD is a Cozy Operating System, Lichee Console 4A - RISC-V mini laptop, Lessons learned with XZ vulnerability, Techies vs spies: the xz backdoor debate, Not Not Porting 9front to Power64, One less Un*xy option for 32-bit PowerPC, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD is a Cozy Operating System\n\n\n\nLichee Console 4A - RISC-V mini laptop\n\n\n\nNews Roundup\n\nLessons learned with XZ vulnerability\n\n\n\nTechies vs spies: the xz backdoor debate\n\n\n\nNot Not Porting 9front to Power64\n\n\n\nOne less Un*xy option for 32-bit PowerPC\n\n\n\nBeastie Bits\n\n\n20 years since...\nJails PDFs\nNixOS BSD\nrigg - run indie games on OpenBSD\npkgsrc 2024Q1\nPackMule\nAcephalOS - A new FreeBSD image build tool\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenBSD is a Cozy Operating System, Lichee Console 4A - RISC-V mini laptop, Lessons learned with XZ vulnerability, Techies vs spies: the xz backdoor debate, Not Not Porting 9front to Power64, One less Un*xy option for 32-bit PowerPC, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://btxx.org/posts/OpenBSD_is_a_Cozy_Operating_System/\" rel=\"nofollow\"\u003eOpenBSD is a Cozy Operating System\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://3.14.by/en/read/RISC-V-Sipeed-Lichee-Console-4A-Alibaba-T-Head-TH1520-review\" rel=\"nofollow\"\u003eLichee Console 4A - RISC-V mini laptop\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-03-30-lessons-learned-xz-vuln.html\" rel=\"nofollow\"\u003eLessons learned with XZ vulnerability\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor\" rel=\"nofollow\"\u003eTechies vs spies: the xz backdoor debate\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://posixcafe.org/blogs/2024/04/03/0/\" rel=\"nofollow\"\u003eNot Not Porting 9front to Power64\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://tenfourfox.blogspot.com/2024/02/one-less-unxy-option-for-32-bit-powerpc.html\" rel=\"nofollow\"\u003eOne less Un*xy option for 32-bit PowerPC\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240409044953\" rel=\"nofollow\"\u003e20 years since...\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.gyptazy.ch/files/docs/freebsd/jails/\" rel=\"nofollow\"\u003eJails PDFs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nixos-bsd/nixbsd\" rel=\"nofollow\"\u003eNixOS BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/openbsd_gaming/comments/1bb9wle/rigg_10_released_a_new_way_to_run_indie_games_on/\" rel=\"nofollow\"\u003erigg - run indie games on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-announce/2024/04/04/msg000370.html\" rel=\"nofollow\"\u003epkgsrc 2024Q1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://badland.io/packmule.md\" rel=\"nofollow\"\u003ePackMule\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://codeberg.org/San_Bernadino_Operation/AcephalOS_image_build_system\" rel=\"nofollow\"\u003eAcephalOS - A new FreeBSD image build tool\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenBSD is a Cozy Operating System, Lichee Console 4A - RISC-V mini laptop, Lessons learned with XZ vulnerability, Techies vs spies: the xz backdoor debate, Not Not Porting 9front to Power64, One less Un\\*xy option for 32-bit PowerPC, and more","date_published":"2024-04-25T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/92703554-9e85-425e-ac8a-a5d5aa0cc9c4.mp3","mime_type":"audio/mpeg","size_in_bytes":51666816,"duration_in_seconds":3229}]},{"id":"629f2e08-41a4-4551-b8e4-446706cd16a6","title":"555: Poudriereing Apple Silicon","url":"https://www.bsdnow.tv/555","content_text":"Kubernetes and back - Why I don't run distributed systems, NetApp’s strategic contributions to FreeBSD: a deep dive into upstreaming efforts, Make your own E-Mail server - Part 2 - Adding Webmail and More with Nextcloud, Poudriere on Apple Silicon, One less Un*xy option for 32-bit PowerPC, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nKubernetes and back - Why I don't run distributed systems\n\n\n\nNetApp’s strategic contributions to FreeBSD: a deep dive into upstreaming efforts\n\n\n\nNews Roundup\n\nMake your own E-Mail server - Part 2 - Adding Webmail and More with Nextcloud\n\n\n\nPoudriere on Apple Silicon\n\n\n\nOne less Un*xy option for 32-bit PowerPC\n\n\n\nBeastie Bits\n\n\nPowering up the future: the new FreeBSD cluster in Chicago\nDragonflybsd 6.5 Snapshot Release on Acer Nitro AN515-51/58-XXX Series Laptops\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eKubernetes and back - Why I don\u0026#39;t run distributed systems, NetApp’s strategic contributions to FreeBSD: a deep dive into upstreaming efforts, Make your own E-Mail server - Part 2 - Adding Webmail and More with Nextcloud, Poudriere on Apple Silicon, One less Un*xy option for 32-bit PowerPC, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.davd.io/posts/2024-03-20-kubernetes-and-back-why-i-dont-run-distributed-systems/\" rel=\"nofollow\"\u003eKubernetes and back - Why I don\u0026#39;t run distributed systems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/netapps-strategic-contributions-to-freebsd-a-deep-dive-into-upstreaming-efforts/\" rel=\"nofollow\"\u003eNetApp’s strategic contributions to FreeBSD: a deep dive into upstreaming efforts\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/03/21/make-your-own-email-server-freebsd-adding-nextcloud-part2/\" rel=\"nofollow\"\u003eMake your own E-Mail server - Part 2 - Adding Webmail and More with Nextcloud\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://oliver-epper.de/posts/poudriere-on-m1-mac/\" rel=\"nofollow\"\u003ePoudriere on Apple Silicon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"http://tenfourfox.blogspot.com/2024/02/one-less-unxy-option-for-32-bit-powerpc.html\" rel=\"nofollow\"\u003eOne less Un*xy option for 32-bit PowerPC\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/powering-up-the-future-the-new-freebsd-cluster-in-chicago/\" rel=\"nofollow\"\u003ePowering up the future: the new FreeBSD cluster in Chicago\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/catfacedck/Dragonflybsd-Acer-Nitro-Laptops-AN515-5158-XXX\" rel=\"nofollow\"\u003eDragonflybsd 6.5 Snapshot Release on Acer Nitro AN515-51/58-XXX Series Laptops\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Kubernetes and back - Why I don't run distributed systems, NetApp’s strategic contributions to FreeBSD: a deep dive into upstreaming efforts, Make your own E-Mail server - Part 2 - Adding Webmail and More with Nextcloud, Poudriere on Apple Silicon, One less Un\\*xy option for 32-bit PowerPC, and more","date_published":"2024-04-18T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/629f2e08-41a4-4551-b8e4-446706cd16a6.mp3","mime_type":"audio/mpeg","size_in_bytes":55516800,"duration_in_seconds":3469}]},{"id":"8c49ca38-53e5-49cb-93f4-dcf4eae69f08","title":"554: NetBSD Double Digit","url":"https://www.bsdnow.tv/554","content_text":"The XZ Backdoor, NetBSD 10.0, iX announces that they will put out a release of TrueNAS 13.3, State of the Terminal, LibreSSL 3.8.4 and 3.9.1 released and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nPeople have no doubt heard of this by now, but are not aware of the BSD side of\nthings since its mostly been Linux getting all the news. It'd be nice if we\ncould give a summary of the issue and then address how it does/doesn't affect\nthe BSDs.\nThe XZ Backdoor\n\n\n\nNetBSD's statement\nFreeBSD's statement\nOpenBSD?\n\n\n\n\nNetBSD 10.0\n\n\n\nNews Roundup\n\niX announces that they will put out a release of TrueNAS 13.3\n\n\nA community fork has been announced\n\n\n\n\nState of the Terminal\n\n\n\nLibreSSL 3.8.4 and 3.9.1 released\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nDerek via feedback has asked for some discussion around this NetBSD security advisory\n-- Advisory Link\nBen - Nextcloud Installation\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThe XZ Backdoor, NetBSD 10.0, iX announces that they will put out a release of TrueNAS 13.3, State of the Terminal, LibreSSL 3.8.4 and 3.9.1 released and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003ePeople have no doubt heard of this by now, but are not aware of the BSD side of\u003cbr\u003e\nthings since its mostly been Linux getting all the news. It\u0026#39;d be nice if we\u003cbr\u003e\ncould give a summary of the issue and then address how it does/doesn\u0026#39;t affect\u003cbr\u003e\nthe BSDs.\u003cbr\u003e\n\u003ca href=\"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\" rel=\"nofollow\"\u003eThe XZ Backdoor\u003cbr\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz\" rel=\"nofollow\"\u003eNetBSD\u0026#39;s statement\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s statement\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOpenBSD?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://netbsd.org/releases/formal-10/NetBSD-10.0.html\" rel=\"nofollow\"\u003eNetBSD 10.0\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.truenas.com/blog/truenas-core-13-3-plans/\" rel=\"nofollow\"\u003eiX announces that they will put out a release of TrueNAS 13.3\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.zvault.io\" rel=\"nofollow\"\u003eA community fork has been announced\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://gpanders.com/blog/state-of-the-terminal/\" rel=\"nofollow\"\u003eState of the Terminal\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20240328181819\" rel=\"nofollow\"\u003eLibreSSL 3.8.4 and 3.9.1 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/554/feedback/Derek%20-%20NetBSD%20Security%20Advisory.md\" rel=\"nofollow\"\u003eDerek via feedback has asked for some discussion around this NetBSD security advisory\u003c/a\u003e\u003cbr\u003e\n-- \u003ca href=\"https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-001.txt.asc\" rel=\"nofollow\"\u003eAdvisory Link\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/554/feedback/Ben%20-%20nexcloud%20installation.md\" rel=\"nofollow\"\u003eBen - Nextcloud Installation\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The XZ Backdoor, NetBSD 10.0, iX announces that they will put out a release of TrueNAS 13.3, State of the Terminal, LibreSSL 3.8.4 and 3.9.1 released and more","date_published":"2024-04-11T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8c49ca38-53e5-49cb-93f4-dcf4eae69f08.mp3","mime_type":"audio/mpeg","size_in_bytes":60370176,"duration_in_seconds":3773}]},{"id":"fb2a50e1-0c95-4f05-844b-9c69c5aa90bf","title":"553: Terminal Latency","url":"https://www.bsdnow.tv/553","content_text":"Using Git offline, Make your own E-mail server, quiz: a tool for rapid OpenZFS development, Configuring openzfs for nvme databases, Mirroring OmniOS: The Complete Guide part 1, Installing OpenBSD 7.4 on a VisionFive 2 rev, and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nUsing Git offline\n\n\n\nMake your own E-Mail server - FreeBSD, OpenSMTPD, Rspamd and Dovecot included - Part 1\n\n\n\nNews Roundup\n\nquiz: a tool for rapid OpenZFS development\n\n\n\nConfiguring openzfs for nvme databases\n\n\n\nMirroring OmniOS: The Complete Guide; Part One\n\n\n\nInstalling OpenBSD 7.4 on a VisionFive 2 rev 1.2a\n\n\n\nTerminal Latency\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eUsing Git offline, Make your own E-mail server, quiz: a tool for rapid OpenZFS development, Configuring openzfs for nvme databases, Mirroring OmniOS: The Complete Guide part 1, Installing OpenBSD 7.4 on a VisionFive 2 rev, and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.gibbard.me/using_git_offline/\" rel=\"nofollow\"\u003eUsing Git offline\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/03/08/make-your-own-email-server-freebsd-opensmptd-rspamd-dovecot-part1/\" rel=\"nofollow\"\u003eMake your own E-Mail server - FreeBSD, OpenSMTPD, Rspamd and Dovecot included - Part 1\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://despairlabs.com/blog/posts/2024-03-04-quiz-rapid-openzfs-development/\" rel=\"nofollow\"\u003equiz: a tool for rapid OpenZFS development\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/letsencrypt/openzfs-nvme-databases\" rel=\"nofollow\"\u003eConfiguring openzfs for nvme databases\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://antranigv.am/posts/2024/02/omnios-mirror-one/\" rel=\"nofollow\"\u003eMirroring OmniOS: The Complete Guide; Part One\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://quozul.dev/riscv/2023/12/22/installing-openbsd-on-visionfive-2.html\" rel=\"nofollow\"\u003eInstalling OpenBSD 7.4 on a VisionFive 2 rev 1.2a\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://beuke.org/terminal-latency/\" rel=\"nofollow\"\u003eTerminal Latency\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Using Git offline, Make your own E-mail server, quiz: a tool for\r\nrapid OpenZFS development, Configuring openzfs for nvme databases, Mirroring\r\nOmniOS: The Complete Guide part 1, Installing OpenBSD 7.4 on a VisionFive 2 rev","date_published":"2024-04-04T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fb2a50e1-0c95-4f05-844b-9c69c5aa90bf.mp3","mime_type":"audio/mpeg","size_in_bytes":51366912,"duration_in_seconds":3210}]},{"id":"f27f7361-6588-4bf1-9e95-a65379200ab4","title":"552: The Laptop Sparc","url":"https://www.bsdnow.tv/552","content_text":"Setup diskless booting of Raspberry Pi, TrueNAS abandons FreeBSD, SPARCbook 3000ST: The coolest 90s laptop, Sparkbook Teardown, SSH over HTTPS, Keycloak Identity and Access Management on FreeBSD, Ford Aerospace and BSD Unix, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nHOWTO: Setup diskless booting of Raspberry Pi (running RPi OS) via TFTP \u0026amp; NFSv4 from a FreeBSD ZFS server\n\n\n\nTrueNAS abandons FreeBSD\n\n\nNo one needs to panic, we're aware of plans that have already been in the works.  But more on that later.\n\n\n\n\nNews Roundup\n\nSPARCbook 3000ST: The coolest 90s laptop\nSparkbook Teardown\nAuthor Comment\n\n\n\nSSH over HTTPS\n\n\n\nKeycloak Identity and Access Management on FreeBSD\n\n\n\nFord Aerospace and BSD Unix.\n\n\n\nBeastie Bits\n\n\nOpenBGPD 8.4 released\nSolene games  Context: https://bsd.network/@solene/112115442072927484\nHow I backup\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eSetup diskless booting of Raspberry Pi, TrueNAS abandons FreeBSD, SPARCbook 3000ST: The coolest 90s laptop, Sparkbook Teardown, SSH over HTTPS, Keycloak Identity and Access Management on FreeBSD, Ford Aerospace and BSD Unix, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.freebsd.org/threads/howto-setup-diskless-booting-of-raspberry-pi-running-rpi-os-via-tftp-nfsv4-from-a-freebsd-zfs-server.92717/\" rel=\"nofollow\"\u003eHOWTO: Setup diskless booting of Raspberry Pi (running RPi OS) via TFTP \u0026amp; NFSv4 from a FreeBSD ZFS server\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.theregister.com/2024/03/18/truenas_abandons_freebsd/\" rel=\"nofollow\"\u003eTrueNAS abandons FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNo one needs to panic, we\u0026#39;re aware of plans that have already been in the works.  But more on that later.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://jasoneckert.github.io/myblog/sparcbook3000st-the-coolest-90s-laptop/\" rel=\"nofollow\"\u003eSPARCbook 3000ST: The coolest 90s laptop\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://jasoneckert.github.io/myblog/sparcbook-teardown/\" rel=\"nofollow\"\u003eSparkbook Teardown\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://news.ycombinator.com/item?id=39037510\" rel=\"nofollow\"\u003eAuthor Comment\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://trofi.github.io/posts/295-ssh-over-https.html\" rel=\"nofollow\"\u003eSSH over HTTPS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://vermaden.wordpress.com/2024/03/10/keycloak-on-freebsd/\" rel=\"nofollow\"\u003eKeycloak Identity and Access Management on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://news.ycombinator.com/item?id=39636035\" rel=\"nofollow\"\u003eFord Aerospace and BSD Unix.\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240308064655\" rel=\"nofollow\"\u003eOpenBGPD 8.4 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://rsolene.itch.io/\" rel=\"nofollow\"\u003eSolene games\u003c/a\u003e  Context: \u003ca href=\"https://bsd.network/@solene/112115442072927484\" rel=\"nofollow\"\u003ehttps://bsd.network/@solene/112115442072927484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://sive.rs/backup\" rel=\"nofollow\"\u003eHow I backup\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Setup diskless booting of Raspberry Pi, TrueNAS abandons FreeBSD, SPARCbook 3000ST: The coolest 90s laptop, Sparkbook Teardown, SSH over HTTPS, Keycloak Identity and Access Management on FreeBSD, Ford Aerospace and BSD Unix, and more","date_published":"2024-03-28T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f27f7361-6588-4bf1-9e95-a65379200ab4.mp3","mime_type":"audio/mpeg","size_in_bytes":57181056,"duration_in_seconds":3573}]},{"id":"26a0d9ff-b867-40d3-8479-5cd7d63cbeb9","title":"551: SSH Port Story","url":"https://www.bsdnow.tv/551","content_text":"This week on the show, The story of SSH getting port 22, GGC using Clang, AuxRunner, Stabweek, Using a Kensington SlimBladePro on OpenBSD, and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe story of getting SSH port 22\n\n\n\nCan GCC use Clang as its assembler?\n\n\n\nNews Roundup\n\nAUXrunner: a macOS QEMU-based app for running A/UX\n\n\n\nStabweek\n\n\n\nUsing the Kensington SlimBlade Pro TrackBall with OpenBSD\n\n\n\nRunning 9front on an emulated SGI Indy via MAME\n\n\n\nBeastie Bits\n\nHuffman Codes – How Do They Work?\nNetBSD 10.0_RC5\nNew code for SIGILL faults help identify misbranches\nNew Illumos telegram channel\nThe Jan Feb issues of the FreeBSD Journal is here\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThis week on the show, The story of SSH getting port 22, GGC using Clang, AuxRunner, Stabweek, Using a Kensington SlimBladePro on OpenBSD, and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ssh.com/academy/ssh/port#the-story-of-getting-ssh-port-22\" rel=\"nofollow\"\u003eThe story of getting SSH port 22\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/20240122.html\" rel=\"nofollow\"\u003eCan GCC use Clang as its assembler?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://mendelson.org/auxrunner.html\" rel=\"nofollow\"\u003eAUXrunner: a macOS QEMU-based app for running A/UX\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-current/2024-February/005657.html\" rel=\"nofollow\"\u003eStabweek\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/using-the-kensington-slimblade-pro-trackball-with-openbsd/\" rel=\"nofollow\"\u003eUsing the Kensington SlimBlade Pro TrackBall with OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://posixcafe.org/blogs/2024/01/01/0/\" rel=\"nofollow\"\u003eRunning 9front on an emulated SGI Indy via MAME\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://two-wrongs.com/huffman-codes-how-do-they-work\" rel=\"nofollow\"\u003eHuffman Codes – How Do They Work?\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mail-index.netbsd.org/source-changes/2024/02/27/msg150156.html\" rel=\"nofollow\"\u003eNetBSD 10.0_RC5\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20240222183703\" rel=\"nofollow\"\u003eNew code for SIGILL faults help identify misbranches\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://t.me/illumosDistroes\" rel=\"nofollow\"\u003eNew Illumos telegram channel\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://freebsdfoundation.org/blog/the-january-february-2024-issue-of-the-freebsd-journal-is-here/\" rel=\"nofollow\"\u003eThe Jan Feb issues of the FreeBSD Journal is here\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"This week on the show, The story of SSH getting port 22, GGC using Clang, AuxRunner, Stabweek, Using a Kensington SlimBladePro on OpenBSD, and more...","date_published":"2024-03-21T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/26a0d9ff-b867-40d3-8479-5cd7d63cbeb9.mp3","mime_type":"audio/mpeg","size_in_bytes":50259072,"duration_in_seconds":3141}]},{"id":"16bc5c0c-304f-4b45-bd6e-979f5ce042bc","title":"550: Netware and Netmap","url":"https://www.bsdnow.tv/550","content_text":"This week on the show, you're not too late to develop the future, netmap on czgbe, OpenZFS 2.2.3, SSH Brute Forcing, some unknown OpenBSD Features, Release notes for the latest Omni OS, and more...\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhen the Power Macintosh ran NetWare (featuring Wormhole and Cyberpunk)\n\n\n\nYou are not too late\n\n\n\nNews Roundup\n\nnetmap on cxgbe interfaces\n\n\n\nOpenZFS 2.2.3\n\n\n\nA recent abrupt change in Internet SSH brute force attacks against us\n\n\n\nSome OpenBSD features that aren't widely known\n\n\n\nRelease Notes for OmniOS v11 r151048\n\n\n\nThe Making of RP2040 Doom\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nBrendan - Log Files\nMischa - EuroBSDcon\nSebastiano - Sed\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eThis week on the show, you\u0026#39;re not too late to develop the future, netmap on czgbe, OpenZFS 2.2.3, SSH Brute Forcing, some unknown OpenBSD Features, Release notes for the latest Omni OS, and more...\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://oldvcr.blogspot.com/2023/12/when-power-macintosh-ran-netware.html\" rel=\"nofollow\"\u003eWhen the Power Macintosh ran NetWare (featuring Wormhole and Cyberpunk)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://kk.org/thetechnium/you-are-not-late/\" rel=\"nofollow\"\u003eYou are not too late\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://adventurist.me/posts/00318\" rel=\"nofollow\"\u003enetmap on cxgbe interfaces\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/openzfs/zfs/releases/tag/zfs-2.2.3\" rel=\"nofollow\"\u003eOpenZFS 2.2.3\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/SSHBruteForceAttacksAbruptlyDown\" rel=\"nofollow\"\u003eA recent abrupt change in Internet SSH brute force attacks against us\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-02-20-rarely-known-openbsd-features.html\" rel=\"nofollow\"\u003eSome OpenBSD features that aren\u0026#39;t widely known\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/omniosorg/omnios-build/blob/44731424e67c8aaafe5c4e500fe7c4544a22f0f6/doc/ReleaseNotes.md#r151048o-2024-02-15\" rel=\"nofollow\"\u003eRelease Notes for OmniOS v11 r151048\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://kilograham.github.io/rp2040-doom/\" rel=\"nofollow\"\u003eThe Making of RP2040 Doom\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/550/feedback/Brendan%20-%20Log%20Files.md\" rel=\"nofollow\"\u003eBrendan - Log Files\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/550/feedback/Mischa%20-%20EuroBSDcon.md\" rel=\"nofollow\"\u003eMischa - EuroBSDcon\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/550/feedback/Sebastiano%20-%20Sed.md\" rel=\"nofollow\"\u003eSebastiano - Sed\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"This week on the show, you're not too late to develop the future, netmap on czgbe, OpenZFS 2.2.3, SSH Brute Forcing, some unknown OpenBSD Features, Release notes for the latest Omni OS, and more...","date_published":"2024-03-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/16bc5c0c-304f-4b45-bd6e-979f5ce042bc.mp3","mime_type":"audio/mpeg","size_in_bytes":51137664,"duration_in_seconds":3196}]},{"id":"09b0aba7-84c8-48f6-8901-4bd391e42348","title":"549: htop Tetris","url":"https://www.bsdnow.tv/549","content_text":"FreeBSD Foundation Statement on the European Union Cyber Resiliency Act, DragonFly BSD on a Thinkpad T480s, How FreeBSD \n Employs Ampere Arm64 Servers in the Data Center, FreeBSD Yubikey authentication, that time I almost added Tetris to htop, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Foundation Statement on the European Union Cyber Resiliency Act\n\n\n\nDragonFly BSD on a Thinkpad T480s\n\n\n\nNews Roundup\n\nAmpere in the Wild: How FreeBSD Employs Ampere Arm64 Servers in the Data Center\n\n\n\nFreeBSD Yubikey authentication\n\n\n\nThat time I almost added Tetris to htop\n\n\n\nBeastie Bits\n\nMail Software Projects for You\nAt long last: the MWL Title Index\nFreeBSD on a RPi\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD Foundation Statement on the European Union Cyber Resiliency Act, DragonFly BSD on a Thinkpad T480s, How FreeBSD \u003cbr\u003e\n Employs Ampere Arm64 Servers in the Data Center, FreeBSD Yubikey authentication, that time I almost added Tetris to htop, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-foundation-statement-on-the-european-union-cyber-resiliency-act/?utm_source=bsdweekly\" rel=\"nofollow\"\u003eFreeBSD Foundation Statement on the European Union Cyber Resiliency Act\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://git.sr.ht/%7Etomh/dragonflybsd-on-a-laptop/tree/master/item/README.md\" rel=\"nofollow\"\u003eDragonFly BSD on a Thinkpad T480s\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://amperecomputing.com/blogs/ampere-in-the-wild\" rel=\"nofollow\"\u003eAmpere in the Wild: How FreeBSD Employs Ampere Arm64 Servers in the Data Center\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://gist.github.com/daemonhorn/bdd77a7bc0ff5842e5a31d999b96e1f1\" rel=\"nofollow\"\u003eFreeBSD Yubikey authentication\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://hisham.hm/2024/02/12/that-time-i-almost-added-tetris-to-htop/\" rel=\"nofollow\"\u003eThat time I almost added Tetris to htop\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://mwl.io/archives/23419\" rel=\"nofollow\"\u003eMail Software Projects for You\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mwl.io/archives/23401\" rel=\"nofollow\"\u003eAt long last: the MWL Title Index\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://linux.slashdot.org/story/24/01/07/0327229/how-does-freebsd-compare-to-linux-on-a-raspberry-pi\" rel=\"nofollow\"\u003eFreeBSD on a RPi\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD Foundation Statement on the European Union Cyber Resiliency Act, DragonFly BSD on a Thinkpad T480s, How FreeBSD \r\n Employs Ampere Arm64 Servers in the Data Center, FreeBSD Yubikey authentication, that time I almost added Tetris to htop, and more","date_published":"2024-03-07T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/09b0aba7-84c8-48f6-8901-4bd391e42348.mp3","mime_type":"audio/mpeg","size_in_bytes":54510336,"duration_in_seconds":3406}]},{"id":"9fc45182-53da-4b7a-8fa2-a408b12d8a5b","title":"548: NTP - In Memoriam","url":"https://www.bsdnow.tv/548","content_text":"FreeBSD Status Report Q4 2023, In Memorium of the NTP inventor, Migrate a FreeBSD bhyve virtual machine to OmniOS, AI-free blog, Hard disk LEDs and Noisy Machines, SSH based comment system, NetBSD 10 RC.4 is available, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Status Report Fourth Quarter 2023\n\n\n\nIn Memoriam : Inventor of NTP protocol that keeps time on billions of devices dies at age 85\n\n\n\nNews Roundup\n\nMigrate a FreeBSD bhyve virtual machine to OmniOS\n\n\n\nThis blog is AI free\n\n\n\nHard disk LEDs and Noisy Machines\n\n\n\nSSH based comment system\n\n\n\nNetBSD 10 RC.4 is available\n\n\n\nBeastie Bits\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD Status Report Q4 2023, In Memorium of the NTP inventor, Migrate a FreeBSD bhyve virtual machine to OmniOS, AI-free blog, Hard disk LEDs and Noisy Machines, SSH based comment system, NetBSD 10 RC.4 is available, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/status/report-2023-10-2023-12/\" rel=\"nofollow\"\u003eFreeBSD Status Report Fourth Quarter 2023\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://arstechnica.com/gadgets/2024/01/inventor-of-ntp-protocol-that-keeps-time-on-billions-of-devices-dies-at-age-85/\" rel=\"nofollow\"\u003eIn Memoriam : Inventor of NTP protocol that keeps time on billions of devices dies at age 85\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/migrate-a-freebsd-bhyve-virtual-machine-to-omnios/?utm_source=bsdweekly\" rel=\"nofollow\"\u003eMigrate a FreeBSD bhyve virtual machine to OmniOS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-01-18-no-ai.html\" rel=\"nofollow\"\u003eThis blog is AI free\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://jmmv.dev/2023/12/hard-disk-leds-and-noisy-machines.html\" rel=\"nofollow\"\u003eHard disk LEDs and Noisy Machines\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.haschek.at/2023/ssh-based-comment-system.html\" rel=\"nofollow\"\u003eSSH based comment system\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_10_0_rc4_available\" rel=\"nofollow\"\u003eNetBSD 10 RC.4 is available\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"FreeBSD Status Report Q4 2023, In Memorium of the NTP inventor, Migrate a FreeBSD bhyve virtual machine to OmniOS, AI-free blog, Hard disk LEDs and Noisy Machines, SSH based comment system, NetBSD 10 RC.4 is available, and more","date_published":"2024-02-29T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9fc45182-53da-4b7a-8fa2-a408b12d8a5b.mp3","mime_type":"audio/mpeg","size_in_bytes":54708480,"duration_in_seconds":3419}]},{"id":"6800295d-3150-40ed-be3a-5c0aa3f787d3","title":"547: IT Impostor Syndrome","url":"https://www.bsdnow.tv/547","content_text":"Overcoming imposter syndrome in IT, A Practical Guide to GNU sed With Examples, Early computer art by Barbara Nessim, Don't prefill config files, Trapping Spambots Based on Target Domain Only, You cannot cURL under pressure, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOvercoming imposter syndrome in IT\n\n\n\nA Practical Guide to GNU sed With Examples\n\n\n\nNews Roundup\n\nEarly computer art by Barbara Nessim (1984)\n\n\n\nDon't prefill config files\n\n\n\nA Simpler Life: Trapping Spambots Based on Target Domain Only\n\n\n\nYou cannot cURL under pressure\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\nMarcus - Linux Compat Layer\n\nDaniel - FreeBSD Nostalgia\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOvercoming imposter syndrome in IT, A Practical Guide to GNU sed With Examples, Early computer art by Barbara Nessim, Don\u0026#39;t prefill config files, Trapping Spambots Based on Target Domain Only, You cannot cURL under pressure, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-01-10-dealing-with-imposter-syndrome.html\" rel=\"nofollow\"\u003eOvercoming imposter syndrome in IT\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://thevaluable.dev/sed-cli-practical-guide-examples/\" rel=\"nofollow\"\u003eA Practical Guide to GNU sed With Examples\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.gingerbeardman.com/2023/11/09/early-computer-art-by-barbara-nessim/\" rel=\"nofollow\"\u003eEarly computer art by Barbara Nessim (1984)\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.makeworld.space/2024/02/no_prefill_config.html\" rel=\"nofollow\"\u003eDon\u0026#39;t prefill config files\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://bsdly.blogspot.com/2024/01/a-simpler-life-trapping-spambots-based.html\" rel=\"nofollow\"\u003eA Simpler Life: Trapping Spambots Based on Target Domain Only\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.benjojo.co.uk/post/you-cant-curl-under-pressure\" rel=\"nofollow\"\u003eYou cannot cURL under pressure\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/547/feedback/Marcus%20-%20linux%20compat%20layer.md\" rel=\"nofollow\"\u003eMarcus - Linux Compat Layer\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/547/feedback/Daniel%20-%20FreeBSD%20Nostalgia.md\" rel=\"nofollow\"\u003eDaniel - FreeBSD Nostalgia\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Overcoming imposter syndrome in IT, A Practical Guide to GNU sed With Examples, Early computer art by Barbara Nessim, Don't prefill config files, Trapping Spambots Based on Target Domain Only, You cannot cURL under pressure, and more","date_published":"2024-02-22T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6800295d-3150-40ed-be3a-5c0aa3f787d3.mp3","mime_type":"audio/mpeg","size_in_bytes":42274944,"duration_in_seconds":2642}]},{"id":"c7cb0c2d-cc60-4bf8-8323-088db1bd3e41","title":"546: Debunking FreeBSD Myths","url":"https://www.bsdnow.tv/546","content_text":"Debunking Common Myths About FreeBSD, Please, don’t force me to log in, Exploring FreeBSD service(8) basics, Failed Product Designs: A Laptop with Seven Screens, What’s a Permissive License – and Why Should I Care?, Beginning of the year Laugh\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDebunking Common Myths About FreeBSD\n\n\n\nPlease, don’t force me to log in\n\n\n\nNews Roundup\n\nExploring FreeBSD service(8) basics\n\n\n\nFailed Product Designs: A Laptop with Seven Screens\nThe Expanscape Aurora 7\n\n\n\n“What’s a Permissive License – and Why Should I Care?”\n\n\n\nBeginning of the year Laugh\n\n\n\n\n\nBeastie Bits\n\nNetBSD 10: Thirty Years, Still Going Strong!\nDracula theme using bash shell\npinsyscalls(2) working in anger\nFirst bits of a Haiku compatibility layer for NetBSD\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eDebunking Common Myths About FreeBSD, Please, don’t force me to log in, Exploring FreeBSD service(8) basics, Failed Product Designs: A Laptop with Seven Screens, What’s a Permissive License – and Why Should I Care?, Beginning of the year Laugh\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/debunking-common-myths-about-freebsd/\" rel=\"nofollow\"\u003eDebunking Common Myths About FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://hamatti.org/posts/please-dont-force-me-to-log-in/\" rel=\"nofollow\"\u003ePlease, don’t force me to log in\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://rubenerd.com/basics-of-freebsd-services/\" rel=\"nofollow\"\u003eExploring FreeBSD service(8) basics\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.core77.com/posts/127288/Failed-Product-Designs-A-Laptop-with-Seven-Screens\" rel=\"nofollow\"\u003eFailed Product Designs: A Laptop with Seven Screens\u003cbr\u003e\nThe Expanscape Aurora 7\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/whats-a-permissive-license-and-why-should-i-care/\" rel=\"nofollow\"\u003e“What’s a Permissive License – and Why Should I Care?”\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://saagarjha.com/blog/2020/05/10/why-we-at-famous-company-switched-to-hyped-technology/\" rel=\"nofollow\"\u003eBeginning of the year Laugh\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://bentsukun.ch/talks/fosdem2024/\" rel=\"nofollow\"\u003eNetBSD 10: Thirty Years, Still Going Strong!\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://forums.freebsd.org/threads/dracula-theme-using-bash-shell.92052/\" rel=\"nofollow\"\u003eDracula theme using bash shell\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20240118080752\" rel=\"nofollow\"\u003epinsyscalls(2) working in anger\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.osnews.com/story/137961/first-bits-of-a-haiku-compatibility-layer-for-netbsd/\" rel=\"nofollow\"\u003eFirst bits of a Haiku compatibility layer for NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Debunking Common Myths About FreeBSD, Please, don’t force me to log in, Exploring FreeBSD service(8) basics, Failed Product Designs: A Laptop with Seven Screens, What’s a Permissive License – and Why Should I Care?, Beginning of the year Laugh","date_published":"2024-02-15T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c7cb0c2d-cc60-4bf8-8323-088db1bd3e41.mp3","mime_type":"audio/mpeg","size_in_bytes":51679488,"duration_in_seconds":3229}]},{"id":"efbf773e-fa58-4991-87a2-c1dd17e44ddd","title":"545: BSD Audio Enhancements","url":"https://www.bsdnow.tv/545","content_text":"ZFS High Availability with Asynchronous Replication and zrep, Stop\nBlogging and start documenting, 2023 in Review: Infrastructure, NovaCustom NV41\nlaptop review, OpenBSD Video Audio Screen Recording, HDMI Audio sound patches\ninto GhostBSD source code, DSA removal from OpenSSH, NetBSD/evbppc 10.99.10 on\nthe Nintendo Wii, NetBSD/amd64 current performance patch\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nZFS High Availability with\nAsynchronous Replication and zrep\n\n\n\nStop Blogging and start documenting\n\n\n\nNews Roundup\n\n2023 in Review: Infrastructure\n\n\n\nNovaCustom NV41 laptop review\n\n\n\nOpenBSD Video Audio Screen Recording\n\n\n\nHDMI Audio sound patches into GhostBSD source code /usr/ghost14/ghostbsd-src SOLVED Jan20 2024\n\n\n\nBeastie Bits\n\nDSA removal from OpenSSH\n\nNetBSD/evbppc 10.99.10 on the Nintendo Wii\n\nNetBSD/amd64 current performance patch\n\nNovember/December 2023 FreeBSD Journal Issue\n\nFeedback\n\n\nRick - Questions\n\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eZFS High Availability with Asynchronous Replication and zrep, Stop\u003cbr\u003e\nBlogging and start documenting, 2023 in Review: Infrastructure, NovaCustom NV41\u003cbr\u003e\nlaptop review, OpenBSD Video Audio Screen Recording, HDMI Audio sound patches\u003cbr\u003e\ninto GhostBSD source code, DSA removal from OpenSSH, NetBSD/evbppc 10.99.10 on\u003cbr\u003e\nthe Nintendo Wii, NetBSD/amd64 current performance patch\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-high-availability-with-asynchronous-replication-and-zrep/\" rel=\"nofollow\"\u003eZFS High Availability with\u003cbr\u003e\nAsynchronous Replication and zrep\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://callfortesting.org/stopblogging/\" rel=\"nofollow\"\u003eStop Blogging and start documenting\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2023-in-review-infrastructure/\" rel=\"nofollow\"\u003e2023 in Review: Infrastructure\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-01-03-laptop-review-novacustom-nv41.html\" rel=\"nofollow\"\u003eNovaCustom NV41 laptop review\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://rsadowski.de/posts/2024-01-14-openbsd-video-audio-screen-recording/\" rel=\"nofollow\"\u003eOpenBSD Video Audio Screen Recording\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://ghostbsd-arm64.blogspot.com/2024/01/hdmi-audio-sound-patches-into-ghostbsd.html\" rel=\"nofollow\"\u003eHDMI Audio sound patches into GhostBSD source code /usr/ghost14/ghostbsd-src SOLVED Jan20 2024\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20240111105900\" rel=\"nofollow\"\u003eDSA removal from OpenSSH\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://youtu.be/n-MShCcFm_w?si=-bl2725c1WwT8PBg\" rel=\"nofollow\"\u003eNetBSD/evbppc 10.99.10 on the Nintendo Wii\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://mail-index.netbsd.org/tech-kern/2024/01/23/msg029450.html\" rel=\"nofollow\"\u003eNetBSD/amd64 current performance patch\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/past-issues/freebsd-14-0/\" rel=\"nofollow\"\u003eNovember/December 2023 FreeBSD Journal Issue\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/545/feedback/rick%20-%20questions.md\" rel=\"nofollow\"\u003eRick - Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"ZFS High Availability with Asynchronous Replication and zrep, Stop\r\nBlogging and start documenting, 2023 in Review: Infrastructure, NovaCustom NV41\r\nlaptop review, OpenBSD Video Audio Screen Recording, HDMI Audio sound patches\r\ninto GhostBSD source code, DSA removal from OpenSSH, NetBSD/evbppc 10.99.10 on\r\nthe Nintendo Wii, NetBSD/amd64 current performance patch","date_published":"2024-02-08T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/efbf773e-fa58-4991-87a2-c1dd17e44ddd.mp3","mime_type":"audio/mpeg","size_in_bytes":60848256,"duration_in_seconds":3803}]},{"id":"2f3344c6-0c9e-459a-9035-970e84c6d131","title":"544: Geeky weather check","url":"https://www.bsdnow.tv/544","content_text":"GPL 3: The Controversial Licensing Model and Potential Solutions,\nThe Geeks way of checking what the outside weather is like, Alpine on a\nFreeBSD Jail, DragonFly BSD on a Thinkpad T480s, Dealing with USB Storage\ndevices on OmniOS, Creating a Time Capsule instance using Samba, FreeBSD, and\nZFS\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nGPL 3: The Controversial Licensing Model and Potential Solutions\n\n\n\nThe Geeks way of checking what the outside wheather is like\n\n\n\nNews Roundup\n\nAlpine on a FreeBSD Jail\n\n\n\nDragonFly BSD on a Thinkpad T480s\n\n\n\nDealing with USB Storage devices on OmniOS\n\n\n\nCreating a Time Capsule instance using Samba, FreeBSD, and ZFS\n\n\n\nConferences\n\nFOSDEM\n\nAsiaBSDCon\n\nBSDCan\n\nEuroBSDcon\n\nSoutheast Linuxfest\n\n\nDont let the name fool you, SELF is BSD friendly and they'd love to have BSD/Unix Talks if you're in the area. JT is staff at SELF, so he can put in a good word for you. ;)\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eGPL 3: The Controversial Licensing Model and Potential Solutions,\u003cbr\u003e\nThe Geeks way of checking what the outside weather is like, Alpine on a\u003cbr\u003e\nFreeBSD Jail, DragonFly BSD on a Thinkpad T480s, Dealing with USB Storage\u003cbr\u003e\ndevices on OmniOS, Creating a Time Capsule instance using Samba, FreeBSD, and\u003cbr\u003e\nZFS\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/gpl-3-the-controversial-licensing-model-and-potential-solutions/\" rel=\"nofollow\"\u003eGPL 3: The Controversial Licensing Model and Potential Solutions\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_geeks_way_of_checking\" rel=\"nofollow\"\u003eThe Geeks way of checking what the outside wheather is like\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://it-notes.dragas.net/2024/01/18/installing-alpine-linux-on-a-freebsd-jail/\" rel=\"nofollow\"\u003eAlpine on a FreeBSD Jail\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://git.sr.ht/%7Etomh/dragonflybsd-on-a-laptop/tree/master/item/README.md\" rel=\"nofollow\"\u003eDragonFly BSD on a Thinkpad T480s\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/dealing-with-usb-storage-devices-on-omnios/\" rel=\"nofollow\"\u003eDealing with USB Storage devices on OmniOS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2024/01/06/creating-a-time-capsule-instance-using-samba-freebsd-and-zfs-2/\" rel=\"nofollow\"\u003eCreating a Time Capsule instance using Samba, FreeBSD, and ZFS\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eConferences\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://fosdem.org/2024/\" rel=\"nofollow\"\u003eFOSDEM\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://2024.asiabsdcon.org/program.html\" rel=\"nofollow\"\u003eAsiaBSDCon\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.bsdcan.org/2024/papers.php\" rel=\"nofollow\"\u003eBSDCan\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://2024.eurobsdcon.org/\" rel=\"nofollow\"\u003eEuroBSDcon\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://southeastlinuxfest.org/2024/01/self-2024-call-for-participation/\" rel=\"nofollow\"\u003eSoutheast Linuxfest\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eDont let the name fool you, SELF is BSD friendly and they\u0026#39;d love to have BSD/Unix Talks if you\u0026#39;re in the area. JT is staff at SELF, so he can put in a good word for you. ;)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"GPL 3: The Controversial Licensing Model and Potential Solutions,\r\nThe Geeks way of checking what the outside weather is like, Alpine on a\r\nFreeBSD Jail, DragonFly BSD on a Thinkpad T480s, Dealing with USB Storage\r\ndevices on OmniOS, Creating a Time Capsule instance using Samba, FreeBSD, and\r\nZFS","date_published":"2024-02-01T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2f3344c6-0c9e-459a-9035-970e84c6d131.mp3","mime_type":"audio/mpeg","size_in_bytes":64449792,"duration_in_seconds":4028}]},{"id":"caf89436-cf84-432e-a1cd-a88fc3385198","title":"543: OpenBSD Workstation Hardening","url":"https://www.bsdnow.tv/543","content_text":"OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs\n\n\n\n2023 in Review: Continuous Integration and Workflow Improvement\n\n\n\nNews Roundup\n\nRunning OpenBSD on OmniOS using bhyve\n\n\n\nFreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?\n\n\n\nOpenBSD workstation hardening\n\n\n\nKDE Plasma now linked to packages build on -current\n\n\n\nMidnightBSD 3.1.3 release\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\nFeedback/Questions\n\n\nKieran - Feedback\nAlbin - links inquires questions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/\" rel=\"nofollow\"\u003eOpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/blog/continuous-integration-and-workflow-improvement/\" rel=\"nofollow\"\u003e2023 in Review: Continuous Integration and Workflow Improvement\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tumfatig.net/2024/running-openbsd-on-omnios-using-bhyve/\" rel=\"nofollow\"\u003eRunning OpenBSD on OmniOS using bhyve\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dan.langille.org/2023/12/25/freebsd-jailed-zfs-datasets-how-do-i-find-the-zfs-snapshot-directory/\" rel=\"nofollow\"\u003eFreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-12-31-hardened-openbsd-workstation.html\" rel=\"nofollow\"\u003eOpenBSD workstation hardening\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20231227120851\u0026utm_source=bsdweekly\" rel=\"nofollow\"\u003eKDE Plasma now linked to packages build on -current\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-3-release\" rel=\"nofollow\"\u003eMidnightBSD 3.1.3 release\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Kieran%20-%20Feedback.md\" rel=\"nofollow\"\u003eKieran - Feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Albin%20-%20links%20inquires%20questions.md\" rel=\"nofollow\"\u003eAlbin - links inquires questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release","date_published":"2024-01-25T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/caf89436-cf84-432e-a1cd-a88fc3385198.mp3","mime_type":"audio/mpeg","size_in_bytes":56984832,"duration_in_seconds":3561}]},{"id":"3bd8cfd6-d858-4eb9-951b-64cfe52da80f","title":"542: Retro and Futuro","url":"https://www.bsdnow.tv/542","content_text":"8 Open Source Trends to Keep an Eye Out for in 2024, System Design\nfor Advanced Beginners, 2024 plans and 2023 retrospective, Upgrading from NetBSD 5.1 to 10*RC1, FreeBSD has a new C compiler: Oracle Developer Studio 12.6, Ctrl+Alt Museum\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n8 Open Source Trends to Keep an Eye Out for in 2024\n\n\n\nSystem Design for Advanced Beginners\n\n\n\nNews Roundup\n\n2024 plans and 2023 retrospective\n\n\n\nUpgrading from NetBSD 5.1 to 10_RC1\n\n\n\nFreeBSD has a new C compiler: Oracle Developer Studio 12.6\n\n\n\nCtrl+Alt Museum\n\n\n\nBeastie Bits\n\n\nTaylor's Hackerstation\nAn Empirical Study of the Reliability of UNIX Utilities\nBSD on Windows: Things I wish I knew existed\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003e8 Open Source Trends to Keep an Eye Out for in 2024, System Design\u003cbr\u003e\nfor Advanced Beginners, 2024 plans and 2023 retrospective, Upgrading from NetBSD 5.1 to 10*RC1, FreeBSD has a new C compiler: Oracle Developer Studio 12.6, Ctrl+Alt Museum\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://klarasystems.com/articles/8-open-source-trends-to-keep-an-eye-out-for-in-2024/\" rel=\"nofollow\"\u003e8 Open Source Trends to Keep an Eye Out for in 2024\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://robertheaton.com/2020/04/06/systems-design-for-advanced-beginners/\" rel=\"nofollow\"\u003eSystem Design for Advanced Beginners\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2024-01-09-plans-for-2024.html\" rel=\"nofollow\"\u003e2024 plans and 2023 retrospective\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.idatum.net/upgrading-from-netbsd-51-to-10_rc1.html\" rel=\"nofollow\"\u003eUpgrading from NetBSD 5.1 to 10_RC1\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://briancallahan.net/blog/20240101.html\" rel=\"nofollow\"\u003eFreeBSD has a new C compiler: Oracle Developer Studio 12.6\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://photos.google.com/share/AF1QipMTsm7-LbZ-EiFh4xctppvVbBg_IhOPLTu4ej3fc7gWNgg6nHAUlBEK67-AD_tTsA?pli=1\u0026key=N3dLRWlWVUpUY0RfNU1nb2VxYWUzRDdNek5DU2hn\" rel=\"nofollow\"\u003eCtrl+Alt Museum\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://hackerstations.com/setups/taylor_town/\" rel=\"nofollow\"\u003eTaylor\u0026#39;s Hackerstation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://sigwait.org/%7Ealex/blog/2022/09/11/fuzz.pdf\" rel=\"nofollow\"\u003eAn Empirical Study of the Reliability of UNIX Utilities\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://virtuallyfun.com/2023/12/08/bsd-on-windows-things-i-wish-i-knew-existed/\" rel=\"nofollow\"\u003eBSD on Windows: Things I wish I knew existed\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTarsnap\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"8 Open Source Trends to Keep an Eye Out for in 2024","date_published":"2024-01-18T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3bd8cfd6-d858-4eb9-951b-64cfe52da80f.mp3","mime_type":"audio/mpeg","size_in_bytes":51057024,"duration_in_seconds":3191}]},{"id":"f5a7d325-6881-48ae-8f15-27943f5b09af","title":"541: Learning and Teaching","url":"https://www.bsdnow.tv/541","content_text":"Security, Performance, and Interoperability; Introducing FreeBSD 14, HardenedBSD November 2023 Status Report, How to create a FreeBSD Jail hosting a remote desktop, A sneak Peak, Programming FreeBSD Reading Process Information, Why Unix kernels have grown caches for directory entries 'name caches', Always learning, Always Teaching\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nSecurity, Performance, and Interoperability; Introducing FreeBSD 14\n\n\n\nHardenedBSD November 2023 Status Report\n\n\n\n\n\nNews Roundup\n\nHow to create a FreeBSD Jail hosting a remote desktop\n\n\n\nA sneak Peak\n\n\n\nProgramming FreeBSD Reading Process Information\n\n\n\nWhy Unix kernels have grown caches for directory entries 'name caches'\n\n\n\nAlways learning, Always Teaching\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eSecurity, Performance, and Interoperability; Introducing FreeBSD 14, HardenedBSD November 2023 Status Report, How to create a FreeBSD Jail hosting a remote desktop, A sneak Peak, Programming FreeBSD Reading Process Information, Why Unix kernels have grown caches for directory entries \u0026#39;name caches\u0026#39;, Always learning, Always Teaching\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/security-performance-and-interoperability-introducing-freebsd-14/\" rel=\"nofollow\"\u003eSecurity, Performance, and Interoperability; Introducing FreeBSD 14\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2023-12-01/hardenedbsd-november-2023-status-report\" rel=\"nofollow\"\u003eHardenedBSD November 2023 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://it-notes.dragas.net/2023/12/13/how-to-create-a-freebsd-jail-hosting-xrdp-and-xfce-remote-access-desktop/\" rel=\"nofollow\"\u003eHow to create a FreeBSD Jail hosting a remote desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/a-sneak-peek-simd-enhanced-string-functions-for-amd64/\" rel=\"nofollow\"\u003eA sneak Peak\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://patmaddox.com/doc/trunk/www/programming-freebsd-reading-process-information/\" rel=\"nofollow\"\u003eProgramming FreeBSD Reading Process Information\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/KernelNameCachesWhy\" rel=\"nofollow\"\u003eWhy Unix kernels have grown caches for directory entries \u0026#39;name caches\u0026#39;\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://stephango.com/always-learning-always-teaching\" rel=\"nofollow\"\u003eAlways learning, Always Teaching\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Security, Performance, and Interoperability; Introducing FreeBSD 14, HardenedBSD November 2023 Status Report, How to create a FreeBSD Jail hosting a remote desktop, A sneak Peak, Programming FreeBSD Reading Process Information, Why Unix kernels have grown caches for directory entries 'name caches', Always learning, Always Teaching","date_published":"2024-01-11T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f5a7d325-6881-48ae-8f15-27943f5b09af.mp3","mime_type":"audio/mpeg","size_in_bytes":53020800,"duration_in_seconds":3313}]},{"id":"4f2e9d92-a578-459d-a42d-5d8e1d83db1c","title":"540: Terrapin Attacks SSH","url":"https://www.bsdnow.tv/540","content_text":"Terrapin Attack, SSH Hardening with ssh-audit, MidnightBSD 3.1.2, syscall(2) removed from -current, 2024 FreeBSD Community Survey is Here\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nTerrapin Attack\n\n\nOpenSSH 9.6 is out\nOpenBSD Patches\nFreeBSD Patches\nIf anyone is aware of NetBSD Patches, please send them into the show so I can update the show notes\n\n\n\n\nSSH Hardening with ssh-audit\n\n\n\n\n\nNews Roundup\n\nMidnightBSD 3.1.2\n\n\n\nsyscall(2) removed from -current\n\n\n\n2024 FreeBSD Community Survey is Here\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n(Markus - how to verify FreeBSD deliverables](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/Markus%20-%20how%20to%20verify%20FreeBSD%20deliverables.md)\n(neb - tui](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/neb%20-%20tui.md)\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eTerrapin Attack, SSH Hardening with ssh-audit, MidnightBSD 3.1.2, syscall(2) removed from -current, 2024 FreeBSD Community Survey is Here\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://terrapin-attack.com\" rel=\"nofollow\"\u003eTerrapin Attack\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20231219122431\" rel=\"nofollow\"\u003eOpenSSH 9.6 is out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/011_ssh.patch.sig\" rel=\"nofollow\"\u003eOpenBSD Patches\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\" rel=\"nofollow\"\u003eFreeBSD Patches\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cem\u003eIf anyone is aware of NetBSD Patches, please send them into the show so I can update the show notes\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://thoughts.greyh.at/posts/ssh-audit/\" rel=\"nofollow\"\u003eSSH Hardening with ssh-audit\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-2\" rel=\"nofollow\"\u003eMidnightBSD 3.1.2\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20231213062827\" rel=\"nofollow\"\u003esyscall(2) removed from -current\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2024-freebsd-community-survey-is-here/\" rel=\"nofollow\"\u003e2024 FreeBSD Community Survey is Here\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e(Markus - how to verify FreeBSD deliverables](\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/Markus%20-%20how%20to%20verify%20FreeBSD%20deliverables.md\" rel=\"nofollow\"\u003ehttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/Markus%20-%20how%20to%20verify%20FreeBSD%20deliverables.md\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e(neb - tui](\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/neb%20-%20tui.md\" rel=\"nofollow\"\u003ehttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/neb%20-%20tui.md\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Terrapin Attack, SSH Hardening with ssh-audit, MidnightBSD 3.1.2, syscall(2) removed from -current, 2024 FreeBSD Community Survey is Here","date_published":"2024-01-04T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4f2e9d92-a578-459d-a42d-5d8e1d83db1c.mp3","mime_type":"audio/mpeg","size_in_bytes":51090432,"duration_in_seconds":3193}]},{"id":"c8786993-f9f3-4b3d-814f-b7396ee2b050","title":"539: Query all hosts","url":"https://www.bsdnow.tv/539","content_text":"In this special holiday episode, we, the BSDNow hosts, get together to answer questions that listeners have sent us over time. We give you updates on our gear, books we read, favorite places, and a whole lot more. Enjoy!\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eIn this special holiday episode, we, the BSDNow hosts, get together to answer questions that listeners have sent us over time. We give you updates on our gear, books we read, favorite places, and a whole lot more. Enjoy!\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"In this special holiday episode, we, the BSDNow hosts, get together to answer questions that listeners have sent us over time. We give you updates on our gear, books we read, favorite places, and a whole lot more. Enjoy!","date_published":"2023-12-28T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c8786993-f9f3-4b3d-814f-b7396ee2b050.mp3","mime_type":"audio/mpeg","size_in_bytes":57280128,"duration_in_seconds":3580}]},{"id":"52d8cc20-79da-4a6e-969c-84b4cc973a56","title":"538: Gadget Catalog Age","url":"https://www.bsdnow.tv/538","content_text":"DAK and the Golden Age of Gadget Catalogs, FreeBSD 13.2 upgrade to 14.0, Running OpenBSD on Raspberry Pi Zero 2 W, Netgate Releases pfSense CE Software Version 2.7.1, SSH agent forwarding and tmux done right, Some explanations about OpenBSD memory usage, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDAK and the Golden Age of Gadget Catalogs\n\n\n\nFreeBSD 13.2 upgrade to 14.0 – properly detailed and (hopefully) correct way\n\n\n\nNews Roundup\n\nRunning OpenBSD on Raspberry Pi Zero 2 W\n\n\n\nNetgate Releases pfSense CE Software Version 2.7.1\n\n\n\nSSH agent forwarding and tmux done right\n\n\n\nSome explanations about OpenBSD memory usage\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eDAK and the Golden Age of Gadget Catalogs, FreeBSD 13.2 upgrade to 14.0, Running OpenBSD on Raspberry Pi Zero 2 W, Netgate Releases pfSense CE Software Version 2.7.1, SSH agent forwarding and tmux done right, Some explanations about OpenBSD memory usage, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cabel.com/2023/11/06/dak-and-the-golden-age-of-gadget-catalogs/\" rel=\"nofollow\"\u003eDAK and the Golden Age of Gadget Catalogs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ozgurkazancci.com/freebsd-13-2-upgrade-to-14-0-proper-and-correct-way/\" rel=\"nofollow\"\u003eFreeBSD 13.2 upgrade to 14.0 – properly detailed and (hopefully) correct way\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2023/running-openbsd-on-raspberry-pi-zero-2-w/\" rel=\"nofollow\"\u003eRunning OpenBSD on Raspberry Pi Zero 2 W\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netgate.com/blog/netgate-releases-pfsense-ce-software-version-2.7.1\" rel=\"nofollow\"\u003eNetgate Releases pfSense CE Software Version 2.7.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2023/11/ssh-agent-forwarding-and-tmux-done.html\" rel=\"nofollow\"\u003eSSH agent forwarding and tmux done right\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-08-11-openbsd-understand-memory-usage.html\" rel=\"nofollow\"\u003eSome explanations about OpenBSD memory usage\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"DAK and the Golden Age of Gadget Catalogs, FreeBSD 13.2 upgrade to 14.0, Running OpenBSD on Raspberry Pi Zero 2 W, Netgate Releases pfSense CE Software Version 2.7.1, SSH agent forwarding and tmux done right, Some explanations about OpenBSD memory usage, and more","date_published":"2023-12-21T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/52d8cc20-79da-4a6e-969c-84b4cc973a56.mp3","mime_type":"audio/mpeg","size_in_bytes":39395712,"duration_in_seconds":2462}]},{"id":"e7c69b69-7499-4f5f-bc76-c7c76b266218","title":"537: Authentic SSH Host","url":"https://www.bsdnow.tv/537","content_text":"OpenZFS Storage Best Practices and Use Cases pt 2,  MNT Reform – almost a year on, Why do I know shell, and how can you, Authenticate the SSH servers you are connecting to, dsynth in DragonFly, Navigating around in shell, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenZFS Storage Best Practices and Use Cases – Part 2: File Serving and SANs\n\n\n\nMy MNT Reform – almost a year on\n\n\n\nNews Roundup\n\nWhy do I know shell, and how can you?\n\n\n\nAuthenticate the SSH servers you are connecting to\n\n\n\ndsynth in DragonFly\n\n\n\nNavigating around in shell\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - jail manager questions\nJail manager comparison: https://appjail.readthedocs.io/en/latest/compare/\nnixbytes - sharing a link.md\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenZFS Storage Best Practices and Use Cases pt 2,  MNT Reform – almost a year on, Why do I know shell, and how can you, Authenticate the SSH servers you are connecting to, dsynth in DragonFly, Navigating around in shell, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-2-file-serving-and-sans/\" rel=\"nofollow\"\u003eOpenZFS Storage Best Practices and Use Cases – Part 2: File Serving and SANs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.geeklan.co.uk/?p=3215\" rel=\"nofollow\"\u003eMy MNT Reform – almost a year on\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2023/11/why-do-i-know-shell-and-how-can-you.html\" rel=\"nofollow\"\u003eWhy do I know shell, and how can you?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-08-05-sshfp-dns-entries.html\" rel=\"nofollow\"\u003eAuthenticate the SSH servers you are connecting to\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2023/11/30/dsynth-in-dragonfly/\" rel=\"nofollow\"\u003edsynth in DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.meain.io/2023/navigating-around-in-shell/\" rel=\"nofollow\"\u003eNavigating around in shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/537/feedback/Brad%20-%20jail%20manager%20questions.md\" rel=\"nofollow\"\u003eBrad - jail manager questions\u003c/a\u003e\nJail manager comparison: \u003ca href=\"https://appjail.readthedocs.io/en/latest/compare/\" rel=\"nofollow\"\u003ehttps://appjail.readthedocs.io/en/latest/compare/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/537/feedback/nixbytes%20-%20sharing%20a%20link.md\" rel=\"nofollow\"\u003enixbytes - sharing a link.md\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenZFS Storage Best Practices and Use Cases pt 2,  MNT Reform – almost a year on, Why do I know shell, and how can you, Authenticate the SSH servers you are connecting to, dsynth in DragonFly, Navigating around in shell, and more","date_published":"2023-12-14T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e7c69b69-7499-4f5f-bc76-c7c76b266218.mp3","mime_type":"audio/mpeg","size_in_bytes":51144960,"duration_in_seconds":3196}]},{"id":"73f0f425-12a1-4b7c-91c4-fa43cb3c7f12","title":"536: Pot-flavored Jails","url":"https://www.bsdnow.tv/536","content_text":"OpenZFS Storage Best Practices and Use Cases, EuroBSDcon trip report, Disks from the Perspective of a File System, Creating Jails using flavours in pot, OpenIKED 7.3 released, OpenSMTPD 7.4.0p1 Released, FreeBSD can now boot in 25 milliseconds, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenZFS Storage Best Practices and Use Cases - Part 1: Snapshots and Backups\n\n\n\nEuroBSDCon 2023 report (1/2) – arrival \u0026amp; tutorial days\n\nEuroBSDCon 2023 report (2/2) – Main conference, social event \u0026amp; conclusion\n\n\n\nNews Roundup\n\nDisks from the Perspective of a File System\n\n\n\nOpenIKED 7.3 released\n\n\n\nOpenSMTPD 7.4.0p1 Released\n\n\n\nFreeBSD – Creating Jails using flavours in pot\n\n\n\nFreeBSD can now boot in 25 milliseconds\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenZFS Storage Best Practices and Use Cases, EuroBSDcon trip report, Disks from the Perspective of a File System, Creating Jails using flavours in pot, OpenIKED 7.3 released, OpenSMTPD 7.4.0p1 Released, FreeBSD can now boot in 25 milliseconds, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-1-snapshots-and-backups/\" rel=\"nofollow\"\u003eOpenZFS Storage Best Practices and Use Cases - Part 1: Snapshots and Backups\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2023/09/20/eurobsdcon-2023-report-1-2-arrival-tutorial-days/\" rel=\"nofollow\"\u003eEuroBSDCon 2023 report (1/2) – arrival \u0026amp; tutorial days\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2023/10/15/eurobsdcon-2023-report-2-2-main-conference-social-event-conclusion/\" rel=\"nofollow\"\u003eEuroBSDCon 2023 report (2/2) – Main conference, social event \u0026amp; conclusion\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dl.acm.org/doi/10.1145/2367376.2367378\" rel=\"nofollow\"\u003eDisks from the Perspective of a File System\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=170042964022226\u0026w=2\" rel=\"nofollow\"\u003eOpenIKED 7.3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=170012963318854\u0026w=2\" rel=\"nofollow\"\u003eOpenSMTPD 7.4.0p1 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte-sized.de/linux-unix/freebsd-jails-mithilfe-von-flavours-in-pot-erstellen/#english\" rel=\"nofollow\"\u003eFreeBSD – Creating Jails using flavours in pot\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.theregister.com/2023/08/29/freebsd_boots_in_25ms/\" rel=\"nofollow\"\u003eFreeBSD can now boot in 25 milliseconds\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenZFS Storage Best Practices and Use Cases, EuroBSDcon trip report, Disks from the Perspective of a File System, Creating Jails using flavours in pot, OpenIKED 7.3 released, OpenSMTPD 7.4.0p1 Released, FreeBSD can now boot in 25 milliseconds, and more","date_published":"2023-12-07T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/73f0f425-12a1-4b7c-91c4-fa43cb3c7f12.mp3","mime_type":"audio/mpeg","size_in_bytes":49751808,"duration_in_seconds":3109}]},{"id":"610bc47e-40b5-420b-bfd1-343fadf60a04","title":"535: Untitled Episode","url":"https://www.bsdnow.tv/535","content_text":"FreeBSD 14 has been released, Reading your RSS feed on FreeBSD, Manipulate PDF files easily with pdftk, clang(1)/llvm updated to version 16 in OpenBSD, NetBSD Security Advisory: multiple vulnerabilities in ftpd(8), and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD 14\n\n• [Quick update](https://www.daemonology.net/blog/2023-11-21-late-breaking-FreeBSD-14-breakage.html)\n• [Vermaden’s FreeBSD 14 valuable news] (https://vermaden.wordpress.com/2023/11/17/valuable-freebsd-14-0-release-updates)\n\n\n\n\nNews Roundup\n\nReading your RSS feed on FreeBSD\n\n\n\nManipulate PDF files easily with pdftk\n\n\n\nclang(1)/llvm updated to version 16\n\n\n\nNetBSD Security Advisory 2023-007: multiple vulnerabilities in ftpd(8)\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - zpool disk allocation questions\nKevin - shell question\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD 14 has been released, Reading your RSS feed on FreeBSD, Manipulate PDF files easily with pdftk, clang(1)/llvm updated to version 16 in OpenBSD, NetBSD Security Advisory: multiple vulnerabilities in ftpd(8), and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/14.0R/relnotes/\" rel=\"nofollow\"\u003eFreeBSD 14\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Quick update](https://www.daemonology.net/blog/2023-11-21-late-breaking-FreeBSD-14-breakage.html)\n• [Vermaden’s FreeBSD 14 valuable news] (https://vermaden.wordpress.com/2023/11/17/valuable-freebsd-14-0-release-updates)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ncartron.org/reading-your-rss-feed-on-freebsd.html\" rel=\"nofollow\"\u003eReading your RSS feed on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-08-19-pdftk-guide.html\" rel=\"nofollow\"\u003eManipulate PDF files easily with pdftk\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20231113160314\u0026utm_source=bsdweekly\" rel=\"nofollow\"\u003eclang(1)/llvm updated to version 16\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdsec.net/articles/netbsd-security-advisory-2023-007-multiple-vulnerabilities-in-ftpd-8\" rel=\"nofollow\"\u003eNetBSD Security Advisory 2023-007: multiple vulnerabilities in ftpd(8)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/535/feedback/Brad%20-%20zpool%20disk%20allocation%20questions.md\" rel=\"nofollow\"\u003eBrad - zpool disk allocation questions\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/535/feedback/Kevin%20-%20shell%20question.md\" rel=\"nofollow\"\u003eKevin - shell question\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 14 has been released, Reading your RSS feed on FreeBSD, Manipulate PDF files easily with pdftk, clang(1)/llvm updated to version 16 in OpenBSD, NetBSD Security Advisory: multiple vulnerabilities in ftpd(8), and more","date_published":"2023-11-30T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/610bc47e-40b5-420b-bfd1-343fadf60a04.mp3","mime_type":"audio/mpeg","size_in_bytes":54371712,"duration_in_seconds":3398}]},{"id":"fe2b5c7a-0dfd-4dfa-8cfd-3bbac48369f0","title":"534: Narrow Waisted Internet","url":"https://www.bsdnow.tv/534","content_text":"Migrating from an Old Linux Server to a New FreeBSD Machine, The Internet Was Designed With a Narrow Waist, The Worst New Guys In History, FreeBSD Jails vs. Docker: A Comparison, Oracle Developer Studio 12.6 on Illumos\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nMigrating from an Old Linux Server to a New FreeBSD Machine\n\n\n\nThe Internet Was Designed With a Narrow Waist\n\n\n\nThe Worst New Guys In History\n\n\n\nNews Roundup\n\nFreeBSD Jails vs. Docker: A Comparison\n\n\n\nInstalling Oracle Developer Studio 12.6 on Illumos\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - Detective work on zpool history\nExtrowerk - End of the world type stuff\nMike - principle of least astonishment\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eMigrating from an Old Linux Server to a New FreeBSD Machine, The Internet Was Designed With a Narrow Waist, The Worst New Guys In History, FreeBSD Jails vs. Docker: A Comparison, Oracle Developer Studio 12.6 on Illumos\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://it-notes.dragas.net/2023/10/25/migrating-from-an-old-linux-server-to-a-new-freebsd-machine/\" rel=\"nofollow\"\u003eMigrating from an Old Linux Server to a New FreeBSD Machine\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.oilshell.org/blog/2022/02/diagrams.html\" rel=\"nofollow\"\u003eThe Internet Was Designed With a Narrow Waist\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.vito.nyc/posts/on-programming/\" rel=\"nofollow\"\u003eThe Worst New Guys In History\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://justanerds.site/freebsd-jails-vs-docker/\" rel=\"nofollow\"\u003eFreeBSD Jails vs. Docker: A Comparison\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://briancallahan.net/blog/20230703.html\" rel=\"nofollow\"\u003eInstalling Oracle Developer Studio 12.6 on Illumos\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/534/feedback/Brad%20-%20Detective%20work%20on%20zpool%20history.md\" rel=\"nofollow\"\u003eBrad - Detective work on zpool history\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/534/feedback/Extrowerk%20-%20End%20of%20the%20world%20type%20stuff.md\" rel=\"nofollow\"\u003eExtrowerk - End of the world type stuff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/534/feedback/Mike%20-%20principle%20of%20least%20astonishment.md\" rel=\"nofollow\"\u003eMike - principle of least astonishment\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Migrating from an Old Linux Server to a New FreeBSD Machine, The Internet Was Designed With a Narrow Waist, The Worst New Guys In History, FreeBSD Jails vs. Docker: A Comparison, Oracle Developer Studio 12.6 on Illumos","date_published":"2023-11-23T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fe2b5c7a-0dfd-4dfa-8cfd-3bbac48369f0.mp3","mime_type":"audio/mpeg","size_in_bytes":60482304,"duration_in_seconds":3780}]},{"id":"932df15a-6bff-4f3d-b9d8-6c477d8da3a7","title":"533: Package the Base","url":"https://www.bsdnow.tv/533","content_text":"FreeBSD on the RISC-V Architecture, A bit of XENIX history, pkgbase: Official packages, recover lost text by coredumping firefox, FuguIta 7.4 has been released, LibreSSL 3.8.2 Released, OpenSMTPD 7.4.0p0 Released\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nLooking Towards the Future: FreeBSD on the RISC-V Architecture\n\n\n\nA bit of XENIX history\n\n\n\nNews Roundup\n\nOfficial packages\n\n\n\nrecover lost text by coredumping firefox\n\n\n\nFuguIta 7.4 has been released\n\n\n\nLibreSSL 3.8.2 Released\n\n\n\nOpenSMTPD 7.4.0p0 Released\n\n\n\nConference News\n\nAsiaBSDCon 2024\n\n\n\nBSDCan 2024\n\n\n\nEuroBSDCon 2024\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eFreeBSD on the RISC-V Architecture, A bit of XENIX history, pkgbase: Official packages, recover lost text by coredumping firefox, FuguIta 7.4 has been released, LibreSSL 3.8.2 Released, OpenSMTPD 7.4.0p0 Released\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/looking-towards-the-future-freebsd-on-the-risc-v-architecture/\" rel=\"nofollow\"\u003eLooking Towards the Future: FreeBSD on the RISC-V Architecture\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://seefigure1.com/2014/04/15/xenixtime.html\" rel=\"nofollow\"\u003eA bit of XENIX history\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-pkgbase/2023-October/000221.html\" rel=\"nofollow\"\u003eOfficial packages\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://j3s.sh/thought/recover-lost-text-by-coredumping-firefox.html\" rel=\"nofollow\"\u003erecover lost text by coredumping firefox\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fuguita.org/?FuguIta/7.4\u0026utm_source=bsdweekly\" rel=\"nofollow\"\u003eFuguIta 7.4 has been released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20231103065952\" rel=\"nofollow\"\u003eLibreSSL 3.8.2 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20231026121132\" rel=\"nofollow\"\u003eOpenSMTPD 7.4.0p0 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eConference News\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2024.asiabsdcon.org\" rel=\"nofollow\"\u003eAsiaBSDCon 2024\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org\" rel=\"nofollow\"\u003eBSDCan 2024\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2024.eurobsdcon.org\" rel=\"nofollow\"\u003eEuroBSDCon 2024\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD on the RISC-V Architecture, A bit of XENIX history, pkgbase: Official packages, recover lost text by coredumping firefox, FuguIta 7.4 has been released, LibreSSL 3.8.2 Released, OpenSMTPD 7.4.0p0 Released","date_published":"2023-11-16T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/932df15a-6bff-4f3d-b9d8-6c477d8da3a7.mp3","mime_type":"audio/mpeg","size_in_bytes":42418944,"duration_in_seconds":2651}]},{"id":"fb3e426c-683d-4307-9059-e6770baccf3a","title":"532:  2^18 dollars sponsorship","url":"https://www.bsdnow.tv/532","content_text":"218 dollars to open source, EuroBSDCon 2023 Trip Report, FreeBSD vs Linux (Debian), Introduction to sysclean8, Run your own Syncthing discovery server on OpenBSD, FreeBSD years: 2000-2005, Using OpenBSD relayd(8) as an Application Layer Gateway, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n218 dollars to open source\n\n\nSpecial Thanks to Colin for supporting BSD Now for over 10 years!\n***\n### EuroBSDCon 2023 Trip Report – Bojan Novković\n***\n### FreeBSD vs Linux (Debian)\n***\n\n\nNews Roundup\n\nIntroduction to sysclean8\n\n\n\nRun your own Syncthing discovery server on OpenBSD\n\n\n\nMy FreeBSD years: 2000-2005\n\n\n\nUsing OpenBSD relayd(8) as an Application Layer Gateway\n\n\n\nBeastie Bits\n\n\nHow to send syslog messages using command-line utilities\nA Practical Guide of GNU grep With Examples\nFreeBSD Container VM for Podman\nUser Certbot to create SSL certificates on FreeBSD\nOpenBSD's built-in memory leak detection\nOpenBSD Webzine Issue #15\nFreeBSD OpenSSL 3.0 ported\nHarden FreeBSD Script\nSomething odd happened...\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003e2\u003csup\u003e18\u003c/sup\u003e dollars to open source, EuroBSDCon 2023 Trip Report, FreeBSD vs Linux (Debian), Introduction to sysclean8, Run your own Syncthing discovery server on OpenBSD, FreeBSD years: 2000-2005, Using OpenBSD relayd(8) as an Application Layer Gateway, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.daemonology.net/blog/2023-10-25-2%5E18-dollars-to-open-source.html\" rel=\"nofollow\"\u003e2\u003csup\u003e18\u003c/sup\u003e dollars to open source\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks to Colin for supporting BSD Now for over 10 years!\n***\n### \u003ca href=\"https://freebsdfoundation.org/blog/eurobsdcon-2023-trip-report-bojan-novkovic/\" rel=\"nofollow\"\u003eEuroBSDCon 2023 Trip Report – Bojan Novković\u003c/a\u003e\n***\n### \u003ca href=\"https://markmcb.com/freebsd/vs_linux/\" rel=\"nofollow\"\u003eFreeBSD vs Linux (Debian)\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.osnews.com/story/137266/introduction-to-sysclean8-on-openbsd/\" rel=\"nofollow\"\u003eIntroduction to sysclean8\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-10-18-syncthing-discovery-server.html\" rel=\"nofollow\"\u003eRun your own Syncthing discovery server on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/my-freebsd-years-2000-2005/\" rel=\"nofollow\"\u003eMy FreeBSD years: 2000-2005\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2023/using-openbsd-relayd8-as-an-application-layer-gateway/\" rel=\"nofollow\"\u003eUsing OpenBSD relayd(8) as an Application Layer Gateway\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://sleeplessbeastie.eu/2023/09/11/how-to-send-syslog-messages-using-command-line-utilities/\" rel=\"nofollow\"\u003eHow to send syslog messages using command-line utilities\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://thevaluable.dev/grep-cli-guide-examples/\" rel=\"nofollow\"\u003eA Practical Guide of GNU grep With Examples\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidchisnall/container-vm-scripts\" rel=\"nofollow\"\u003eFreeBSD Container VM for Podman\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.sharpwriting.net/project/use-certbot-to-create-ssl-certificates-on-freebsd/\" rel=\"nofollow\"\u003eUser Certbot to create SSL certificates on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20231024064619\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s built-in memory leak detection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://webzine.puffy.cafe/issue-15.html\" rel=\"nofollow\"\u003eOpenBSD Webzine Issue #15\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FreeBSD/freebsd-ports/commit/d5ec2e12f399b7813994564b77a0915821a0ac42\" rel=\"nofollow\"\u003eFreeBSD OpenSSL 3.0 ported\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wravoc/harden-freebsd\" rel=\"nofollow\"\u003eHarden FreeBSD Script\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mastodon.bsd.cafe/@stefano/111257154132788711\" rel=\"nofollow\"\u003eSomething odd happened...\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"2^18 dollars to open source, EuroBSDCon 2023 Trip Report, FreeBSD vs Linux (Debian), Introduction to sysclean8, Run your own Syncthing discovery server on OpenBSD, FreeBSD years: 2000-2005, Using OpenBSD relayd(8) as an Application Layer Gateway, and more","date_published":"2023-11-09T10:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fb3e426c-683d-4307-9059-e6770baccf3a.mp3","mime_type":"audio/mpeg","size_in_bytes":52249728,"duration_in_seconds":3265}]},{"id":"99479afb-bb6c-4471-9eaf-a76999dd513c","title":"531: Everlasting Software","url":"https://www.bsdnow.tv/531","content_text":"OpenBSD 7.4, Making Software Last Forever, DragonFlyBSD Per-process capability-based restrictions, HardenedBSD September 2023 Status Report, NetBSD as a Kubernetes Pod, Firefox hardening with Arkenfox, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD 7.4\n\n\n\nMaking Software Last Forever\n\n\n\nNews Roundup\n\nDragonFlyBSD Per-process capability-based restrictions\n\n\n\nHardenedBSD September 2023 Status Report\n\n\n\nNetBSD as a Kubernetes Pod\n\n\n\nFirefox hardening with Arkenfox\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nA Random Listener - Other Podcasts\nDante - Thanks\nLars - WEI DRM\nYKLA - transcripts\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eOpenBSD 7.4, Making Software Last Forever, DragonFlyBSD Per-process capability-based restrictions, HardenedBSD September 2023 Status Report, NetBSD as a Kubernetes Pod, Firefox hardening with Arkenfox, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/74.html\" rel=\"nofollow\"\u003eOpenBSD 7.4\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.danstroot.com/posts/2023-05-25-making_software_last_forever\" rel=\"nofollow\"\u003eMaking Software Last Forever\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.dragonflybsd.org/pipermail/commits/2023-October/922780.html\" rel=\"nofollow\"\u003eDragonFlyBSD Per-process capability-based restrictions\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2023-10-10/hardenedbsd-september-2023-status-report\" rel=\"nofollow\"\u003eHardenedBSD September 2023 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://imil.net/blog/posts/2023/netbsd-as-a-k8s-pod/\" rel=\"nofollow\"\u003eNetBSD as a Kubernetes Pod\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-09-24-harden-firefox-with-arkenfox.html\" rel=\"nofollow\"\u003eFirefox hardening with Arkenfox\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/531/feedback/A%20Random%20Listener%20-%20Other%20Podcasts.md\" rel=\"nofollow\"\u003eA Random Listener - Other Podcasts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/531/feedback/Dante%20-%20Thanks.md\" rel=\"nofollow\"\u003eDante - Thanks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/531/feedback/Lars%20-%20WEI%20DRM.md\" rel=\"nofollow\"\u003eLars - WEI DRM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/531/feedback/YKLA%20-%20transcripts.md\" rel=\"nofollow\"\u003eYKLA - transcripts\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD 7.4, Making Software Last Forever, DragonFlyBSD Per-process capability-based restrictions, HardenedBSD September 2023 Status Report, NetBSD as a Kubernetes Pod, Firefox hardening with Arkenfox, and more","date_published":"2023-11-02T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/99479afb-bb6c-4471-9eaf-a76999dd513c.mp3","mime_type":"audio/mpeg","size_in_bytes":60355584,"duration_in_seconds":3772}]},{"id":"f52a06e2-8680-4641-9d49-6157118d4556","title":"530: Old Computer Rescue","url":"https://www.bsdnow.tv/530","content_text":"Implementing a system call for OpenBSD, Self-Hosted Email services on OpenBSD, First 5 Minutes on a New FreeBSD Server, OLD COMPUTER RESCUE - X201, sec(4) for Route Based IPSec VPNs, send syslog messages using command-line utilities, Keeping email sorted (the hard way), and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nImplementing a system call for OpenBSD\n\n\n\nSelf-Hosted Email services on OpenBSD\n\n\n\nThe First 5 Minutes on a New FreeBSD Server\n\n\n\nNews Roundup\n\nOLD COMPUTER RESCUE - X201\n\n\n\n[CFT] sec(4) for Route Based IPSec VPNs\n\n\n\nHow to send syslog messages using command-line utilities\n\n\n\nKeeping my email sorted (the hard way)\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAlbin - Links\nDouglas - Best practices\nPatrick - Ideas Feedback\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eImplementing a system call for OpenBSD, Self-Hosted Email services on OpenBSD, First 5 Minutes on a New FreeBSD Server, OLD COMPUTER RESCUE - X201, sec(4) for Route Based IPSec VPNs, send syslog messages using command-line utilities, Keeping email sorted (the hard way), and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://poolp.org/posts/2023-07-05/implementing-a-system-call-for-openbsd/\" rel=\"nofollow\"\u003eImplementing a system call for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2023/self-hosted-email-services-on-openbsd/\" rel=\"nofollow\"\u003eSelf-Hosted Email services on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://herrbischoff.com/2022/12/the-first-5-minutes-on-a-new-freebsd-server/\" rel=\"nofollow\"\u003eThe First 5 Minutes on a New FreeBSD Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://triapul.cz/automa/old-computer-rescue-x201/\" rel=\"nofollow\"\u003eOLD COMPUTER RESCUE - X201\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230704094238\" rel=\"nofollow\"\u003e[CFT] sec(4) for Route Based IPSec VPNs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sleeplessbeastie.eu/2023/09/11/how-to-send-syslog-messages-using-command-line-utilities/\" rel=\"nofollow\"\u003eHow to send syslog messages using command-line utilities\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sebastiano.tronto.net/blog/2022-10-19-email-setup/\" rel=\"nofollow\"\u003eKeeping my email sorted (the hard way)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/530/feedback/Albin%20-%20Links.md\" rel=\"nofollow\"\u003eAlbin - Links\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/530/feedback/Douglas%20-%20Best%20practices.md\" rel=\"nofollow\"\u003eDouglas - Best practices\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/530/feedback/Patrick%20-%20Ideas%20Feedback.md\" rel=\"nofollow\"\u003ePatrick - Ideas Feedback\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Implementing a system call for OpenBSD, Self-Hosted Email services on OpenBSD, First 5 Minutes on a New FreeBSD Server, OLD COMPUTER RESCUE - X201, sec(4) for Route Based IPSec VPNs, send syslog messages using command-line utilities, Keeping email sorted (the hard way), and more","date_published":"2023-10-26T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f52a06e2-8680-4641-9d49-6157118d4556.mp3","mime_type":"audio/mpeg","size_in_bytes":52091136,"duration_in_seconds":3255}]},{"id":"cf9c4493-9570-487d-bd01-4c21bef585cd","title":"529: Adapt, adopt, diffuse","url":"https://www.bsdnow.tv/529","content_text":"Adopting FreeBSD as Your Open Source Operating System, How Hard is it to Adapt a Memory Allocator to CHERI, Running Stable Diffusion on FreeBSD, Self-hosting Pixelfed on OpenBSD, Time Capsule instance using Samba, FreeBSD, and ZFS, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nAdopting FreeBSD as Your Open Source Operating System: Benefits \u0026amp; Considerations\n\n\n\nHow Hard is it to Adapt a Memory Allocator to CHERI\n\n\n\nNews Roundup\n\n[Running Stable Diffusion on FreeBSD)[https://github.com/verm/freebsd-stable-diffusion)\n\n\n\nSelf-hosting Pixelfed on OpenBSD\n\n\n\nCreating a Time Capsule instance using Samba, FreeBSD, and ZFS\n\n\n\nBeastie Bits\n\n• [OpenZFS on Twitter](https://x.com/openzfs/status/1704212154558324827?s=12\u0026amp;t=-_bfM_adaiX8Ri_3lN9OYw)\n• [EuroBSDcon 2023, Portugal](https://m.youtube.com/playlist?list=PLskKNopggjc7s6nAMxKF0tAO77ZIowZdx\u0026amp;cbrd=1)\n• [The lost history if Emoticons](https://x.com/rainmaker1973/status/1704006098909352016?s=12\u0026amp;t=-_bfM_adaiX8Ri_3lN9OYw)\n• [Solving the same problem](https://blog.fredrb.com/2023/09/08/same-problem-multiple-times/)\n• [http://vihart.com/fifty-fizzbuzzes/](50 Fizz buzzes)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nEric - German Question\nJohn Baldwin - Ep 520 question\nPat - 3d Printing\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eAdopting FreeBSD as Your Open Source Operating System, How Hard is it to Adapt a Memory Allocator to CHERI, Running Stable Diffusion on FreeBSD, Self-hosting Pixelfed on OpenBSD, Time Capsule instance using Samba, FreeBSD, and ZFS, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.javacodegeeks.com/2023/09/adopting-freebsd-as-your-open-source-operating-system-benefits-considerations.html\" rel=\"nofollow\"\u003eAdopting FreeBSD as Your Open Source Operating System: Benefits \u0026amp; Considerations\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://tratt.net/laurie/blog/2023/how_hard_is_it_to_adapt_a_memory_allocator_to_cheri.html\" rel=\"nofollow\"\u003eHow Hard is it to Adapt a Memory Allocator to CHERI\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e[Running Stable Diffusion on FreeBSD)[\u003ca href=\"https://github.com/verm/freebsd-stable-diffusion\" rel=\"nofollow\"\u003ehttps://github.com/verm/freebsd-stable-diffusion\u003c/a\u003e)\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2023/self-hosting-pixelfed-on-openbsd/\" rel=\"nofollow\"\u003eSelf-hosting Pixelfed on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2023/09/28/creating-a-time-capsule-instance-using-samba-freebsd-and-zfs/\" rel=\"nofollow\"\u003eCreating a Time Capsule instance using Samba, FreeBSD, and ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [OpenZFS on Twitter](https://x.com/openzfs/status/1704212154558324827?s=12\u0026amp;t=-_bfM_adaiX8Ri_3lN9OYw)\n• [EuroBSDcon 2023, Portugal](https://m.youtube.com/playlist?list=PLskKNopggjc7s6nAMxKF0tAO77ZIowZdx\u0026amp;cbrd=1)\n• [The lost history if Emoticons](https://x.com/rainmaker1973/status/1704006098909352016?s=12\u0026amp;t=-_bfM_adaiX8Ri_3lN9OYw)\n• [Solving the same problem](https://blog.fredrb.com/2023/09/08/same-problem-multiple-times/)\n• [http://vihart.com/fifty-fizzbuzzes/](50 Fizz buzzes)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/529/feedback/Eric%20-%20German%20Question.md\" rel=\"nofollow\"\u003eEric - German Question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/529/feedback/John%20Baldwin%20-%20Ep%20520%20question.md\" rel=\"nofollow\"\u003eJohn Baldwin - Ep 520 question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/529/feedback/Pat%20-%203d%20Printing.md\" rel=\"nofollow\"\u003ePat - 3d Printing\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Adopting FreeBSD as Your Open Source Operating System, How Hard is it to Adapt a Memory Allocator to CHERI, Running Stable Diffusion on FreeBSD, Self-hosting Pixelfed on OpenBSD, Time Capsule instance using Samba, FreeBSD, and ZFS, and more","date_published":"2023-10-19T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cf9c4493-9570-487d-bd01-4c21bef585cd.mp3","mime_type":"audio/mpeg","size_in_bytes":59623680,"duration_in_seconds":3726}]},{"id":"adf32193-69d6-48d0-bb39-452d36512660","title":"528: Pledge the Program","url":"https://www.bsdnow.tv/528","content_text":"If you can use Open Source you can build hardware, Good performance is not just big O, Proof You Should Not Run MWL Code, How to add pledge to a program in OpenBSD, 3D printing on OpenBSD, Getting the right type of certificate, Jenny’s Daily Drivers, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nIf you can use Open Source you can build hardware\n\n\n\nGood performance is not just big O\n\n\n\nNews Roundup\n\nHow to add pledge to a program in OpenBSD\n\n\n\nProof You Should Not Run My Code\n\n\n\n3D printing on OpenBSD? Yes, that’s a thing!\n\n\n\nGetting the right type of certificate\n\n\n\nJenny’s Daily Drivers\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eIf you can use Open Source you can build hardware, Good performance is not just big O, Proof You Should Not Run MWL Code, How to add pledge to a program in OpenBSD, 3D printing on OpenBSD, Getting the right type of certificate, Jenny’s Daily Drivers, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://redeem-tomorrow.com/if-you-can-use-open-source-you-can-build-hardware\" rel=\"nofollow\"\u003eIf you can use Open Source you can build hardware\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2023/09/performance-is-not-big-o.html\" rel=\"nofollow\"\u003eGood performance is not just big O\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-09-08-openbsd-how-to-pledge-a-program.html\" rel=\"nofollow\"\u003eHow to add pledge to a program in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/23082\" rel=\"nofollow\"\u003eProof You Should Not Run My Code\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20230914075444\" rel=\"nofollow\"\u003e3D printing on OpenBSD? Yes, that’s a thing!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2023/09/09/getting-the-right-type-of-certificate/\" rel=\"nofollow\"\u003eGetting the right type of certificate\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hackaday.com/2023/08/01/jennys-daily-drivers-freebsd-13-2/\" rel=\"nofollow\"\u003eJenny’s Daily Drivers\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"If you can use Open Source you can build hardware, Good performance is not just big O, Proof You Should Not Run MWL Code, How to add pledge to a program in OpenBSD, 3D printing on OpenBSD, Getting the right type of certificate, Jenny’s Daily Drivers, and more","date_published":"2023-10-12T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/adf32193-69d6-48d0-bb39-452d36512660.mp3","mime_type":"audio/mpeg","size_in_bytes":51518976,"duration_in_seconds":3219}]},{"id":"0a272a48-0c9a-4f75-a363-5263d9f7a342","title":"527: Reports are in","url":"https://www.bsdnow.tv/527","content_text":"Unlocking Infrastructure Sovereignty, first meeting of the FreeBSD Enterprise Working Group, HardenedBSD August 2023 Status Report, GhostBSD August 2023 donation report, MidnightBSD 3.1 Released, OpenBSD Webzine ISSUE #14, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nUnlocking Infrastructure Sovereignty: Harnessing the Power of Open Source Solutions for Business Flexibility and Cost-Effectiveness\n\n\n\nRecap of first meeting of the FreeBSD Enterprise Working Group\n\n\n\nNews Roundup\n\nHardenedBSD August 2023 Status Report\n\n• [HardenedBSD 14-STABLE Now Available](https://hardenedbsd.org/article/shawn-webb/2023-09-11/hardenedbsd-14-stable-now-available)\n\n\n\n\nAugust 2023 donation report\n\n• [Late on the announcement but... GhostBSD 23.06.01 ISO is now available](http://ghostbsd.org/23.06.01_iso_is_now_available)\n\n\n\n\nMidnightBSD 3.1 Released\n\n\n\nOpenBSD Webzine ISSUE #14 is out\n\n\n\nBeastie Bits\n\n• [ZFS for Dummies](https://ikrima.dev/dev-notes/homelab/zfs-for-dummies/)\n• [The Switch runs FreeBSD](https://www.reddit.com/r/NintendoSwitch/comments/5xbe5a/the_switch_runs_freebsd_making_it_nintendos_first/)\n• [KDE on OpenBSD](https://marc.info/?l=openbsd-ports\u0026amp;m=169391479324962)\n• [(Kubernetes v1.28.0) for illumos, FreeBSD and OpenBSD](https://medium.com/@norlin.t/by-the-way-planternetes-kubernetes-v1-28-0-for-illumos-freebsd-and-openbsd-5d57026d6a25)\n• [Video: C Programming on System 6 - VCF Midwest, Wi-Fi DA](https://jcs.org/2023/09/20/vcfmw)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eUnlocking Infrastructure Sovereignty, first meeting of the FreeBSD Enterprise Working Group, HardenedBSD August 2023 Status Report, GhostBSD August 2023 donation report, MidnightBSD 3.1 Released, OpenBSD Webzine ISSUE #14, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/unlocking-infrastructure-sovereignty-harnessing-the-power-of-open-source-solutions/\" rel=\"nofollow\"\u003eUnlocking Infrastructure Sovereignty: Harnessing the Power of Open Source Solutions for Business Flexibility and Cost-Effectiveness\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/recap-of-first-meeting-of-the-freebsd-enterprise-working-group/\" rel=\"nofollow\"\u003eRecap of first meeting of the FreeBSD Enterprise Working Group\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2023-09-01/hardenedbsd-august-2023-status-report\" rel=\"nofollow\"\u003eHardenedBSD August 2023 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [HardenedBSD 14-STABLE Now Available](https://hardenedbsd.org/article/shawn-webb/2023-09-11/hardenedbsd-14-stable-now-available)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ghostbsd.org/news/August_2023_donation_report\" rel=\"nofollow\"\u003eAugust 2023 donation report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Late on the announcement but... GhostBSD 23.06.01 ISO is now available](http://ghostbsd.org/23.06.01_iso_is_now_available)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/news/MidnightBSD-3.1\" rel=\"nofollow\"\u003eMidnightBSD 3.1 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://webzine.puffy.cafe/issue-14.html\" rel=\"nofollow\"\u003eOpenBSD Webzine ISSUE #14 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [ZFS for Dummies](https://ikrima.dev/dev-notes/homelab/zfs-for-dummies/)\n• [The Switch runs FreeBSD](https://www.reddit.com/r/NintendoSwitch/comments/5xbe5a/the_switch_runs_freebsd_making_it_nintendos_first/)\n• [KDE on OpenBSD](https://marc.info/?l=openbsd-ports\u0026amp;m=169391479324962)\n• [(Kubernetes v1.28.0) for illumos, FreeBSD and OpenBSD](https://medium.com/@norlin.t/by-the-way-planternetes-kubernetes-v1-28-0-for-illumos-freebsd-and-openbsd-5d57026d6a25)\n• [Video: C Programming on System 6 - VCF Midwest, Wi-Fi DA](https://jcs.org/2023/09/20/vcfmw)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Unlocking Infrastructure Sovereignty, first meeting of the FreeBSD Enterprise Working Group, HardenedBSD August 2023 Status Report, GhostBSD August 2023 donation report, MidnightBSD 3.1 Released, OpenBSD Webzine ISSUE #14, and more","date_published":"2023-10-05T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0a272a48-0c9a-4f75-a363-5263d9f7a342.mp3","mime_type":"audio/mpeg","size_in_bytes":58297728,"duration_in_seconds":3643}]},{"id":"d499d953-6d8f-4990-b7af-a8fca573f5c3","title":"526: ZFS Replication Tools","url":"https://www.bsdnow.tv/526","content_text":"Why DNS is still hard to learn, Unix support 50 years ago, ZFS Replication tools, Between ISA and PCI, PCs had EISA and VLB, Old Computer Challenge v3, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhy DNS is still hard to learn\n\n\n\nUnix support 50 years ago: “your only source of information is a 2-man operation an ocean away”\n\n\n\nNews Roundup\n\nZFS Replication tools\n\n\n\nBetween ISA and PCI, PCs had EISA and VLB\n\n\n\nOld Computer Challenge v3: postmortem\n\n\n\nBeastie Bits\n\n• [Installing and Using Research Unix Version 7 on the OpenSIMH PDP-11 Emulator](https://decuser.github.io/unix/research-unix/v7/videos/2023/07/14/installing-and-using-research-unix-v7-in-open-simh-video.html)\n• [Cheat Sheets](https://github.com/cheat/cheatsheets/tree/master)\n• [Introducing BSD Cafe](https://www.reddit.com/r/BSD/comments/15rt7em/introducing_the_bsdcafe/)\n• [Keystroke timing obfuscation added to ssh(1)](http://undeadly.org/cgi?action=article;sid=20230829051257)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDaniel - Fav episode\nSam - Fav episode\nQuestion from JT - to Tom and Benedict, what has your fav episode been?\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eWhy DNS is still hard to learn, Unix support 50 years ago, ZFS Replication tools, Between ISA and PCI, PCs had EISA and VLB, Old Computer Challenge v3, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jvns.ca/blog/2023/07/28/why-is-dns-still-hard-to-learn/\" rel=\"nofollow\"\u003eWhy DNS is still hard to learn\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cs.auckland.ac.nz/%7Ebrian/LetterFromRitchie.pdf\" rel=\"nofollow\"\u003eUnix support 50 years ago: “your only source of information is a 2-man operation an ocean away”\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://evilham.com/en/blog/2023-ZFS-replication-tools/\" rel=\"nofollow\"\u003eZFS Replication tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/between-isa-and-pci-we-had-vlb/\" rel=\"nofollow\"\u003eBetween ISA and PCI, PCs had EISA and VLB\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-07-17-old-computer-challenge-v3-part2.html\" rel=\"nofollow\"\u003eOld Computer Challenge v3: postmortem\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Installing and Using Research Unix Version 7 on the OpenSIMH PDP-11 Emulator](https://decuser.github.io/unix/research-unix/v7/videos/2023/07/14/installing-and-using-research-unix-v7-in-open-simh-video.html)\n• [Cheat Sheets](https://github.com/cheat/cheatsheets/tree/master)\n• [Introducing BSD Cafe](https://www.reddit.com/r/BSD/comments/15rt7em/introducing_the_bsdcafe/)\n• [Keystroke timing obfuscation added to ssh(1)](http://undeadly.org/cgi?action=article;sid=20230829051257)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/526/feedback/Daniel%20-%20Fav%20episode.md\" rel=\"nofollow\"\u003eDaniel - Fav episode\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/526/feedback/Sam%20-%20Fav%20episode.md\" rel=\"nofollow\"\u003eSam - Fav episode\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eQuestion from JT - to Tom and Benedict, what has your fav episode been?\n***\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Why DNS is still hard to learn, Unix support 50 years ago, ZFS Replication tools, Between ISA and PCI, PCs had EISA and VLB, Old Computer Challenge v3, and more","date_published":"2023-09-28T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d499d953-6d8f-4990-b7af-a8fca573f5c3.mp3","mime_type":"audio/mpeg","size_in_bytes":44952960,"duration_in_seconds":2809}]},{"id":"77bb2c15-7149-4511-a582-7ce5ce3096cd","title":"525: Old NetBSD Server","url":"https://www.bsdnow.tv/525","content_text":"Do one thing and do it well, Turning a 15 years old laptop into a children proof retrogaming station, Old Computer Challenge v3: day 1, It Takes 6 Days to Change 1 Line of Code, Rejected GitHub Profile Achievements, that old netbsd server, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDo one thing and do it well\n\n\n\nTurning a 15 years old laptop into a children proof retrogaming station\n\nand a rereview of\n\n\n\nNews Roundup\n\nOld Computer Challenge v3: day 1\n\n\n\nIt Takes 6 Days to Change 1 Line of Code\n\n\n\nRejected GitHub Profile Achievements\n\n\n\nThat old netbsd server\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nFelix - questions\nFrancis - Episode 511\nIan - CDN\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n\n\n","content_html":"\u003cp\u003eDo one thing and do it well, Turning a 15 years old laptop into a children proof retrogaming station, Old Computer Challenge v3: day 1, It Takes 6 Days to Change 1 Line of Code, Rejected GitHub Profile Achievements, that old netbsd server, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/source-and-buggy/do-one-thing-and-do-it-well-886b11a5d21\" rel=\"nofollow\"\u003eDo one thing and do it well\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-07-24-childproof-retrogaming-station.html\" rel=\"nofollow\"\u003eTurning a 15 years old laptop into a children proof retrogaming station\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-06-04-old-computer-challenge-v3.html\" rel=\"nofollow\"\u003eand a rereview of\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-07-10-old-computer-challenge-v3-part1.html\" rel=\"nofollow\"\u003eOld Computer Challenge v3: day 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://edw519.posthaven.com/it-takes-6-days-to-change-1-line-of-code\" rel=\"nofollow\"\u003eIt Takes 6 Days to Change 1 Line of Code\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/Flet/rejected-github-profile-achievements\" rel=\"nofollow\"\u003eRejected GitHub Profile Achievements\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://it-notes.dragas.net/2023/08/27/that-old-netbsd-server-running-since-2010/\" rel=\"nofollow\"\u003eThat old netbsd server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/525/feedback/Felix%20-%20questions.md\" rel=\"nofollow\"\u003eFelix - questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/525/feedback/Francis%20-%20Episode%20511.md\" rel=\"nofollow\"\u003eFrancis - Episode 511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/525/feedback/Ian%20-%20CDN.md\" rel=\"nofollow\"\u003eIan - CDN\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Do one thing and do it well, Turning a 15 years old laptop into a children proof retrogaming station, Old Computer Challenge v3: day 1, It Takes 6 Days to Change 1 Line of Code, Rejected GitHub Profile Achievements, that old netbsd server, and more","date_published":"2023-09-21T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/77bb2c15-7149-4511-a582-7ce5ce3096cd.mp3","mime_type":"audio/mpeg","size_in_bytes":42549120,"duration_in_seconds":2659}]},{"id":"ce877f80-4e1c-4029-adbe-4b5893efef2d","title":"524: Legendary Unix Recovery","url":"https://www.bsdnow.tv/524","content_text":"On the Loss and Preservation of Knowledge, Unix Recovery Legend, Useful Unix commands for data science, Tarsnap outage post-mortem, OpenBSD 7.3 on a twenty year old IBM ThinkPad R31, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOn the Loss and Preservation of Knowledge\n\n\n\nUnix Recovery Legend\n\n\n\nNews Roundup\n\nUseful Unix commands for data science\n\n\n\nWhy we like Tarsnap = Transparency : Tarsnap outage post-mortem\n\n\n\nOpenBSD 7.3 on a twenty year old IBM ThinkPad R31\n\n\n\nBeastie Bits\n\n\nQuick and dirty IMAP(-UW) server\nJENNY’S DAILY DRIVERS: FREEBSD 13.2\nElvish\nxroach\nDid hell freeze over?\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nNelson - Bell Labs Memoranda\npatrick - audio switching\ntim - appjail\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOn the Loss and Preservation of Knowledge, Unix Recovery Legend, Useful Unix commands for data science, Tarsnap outage post-mortem, OpenBSD 7.3 on a twenty year old IBM ThinkPad R31, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://samoburja.com/on-the-loss-and-preservation-of-knowledge/\" rel=\"nofollow\"\u003eOn the Loss and Preservation of Knowledge\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ecb.torontomu.ca/%7Eelf/hack/recovery.html\" rel=\"nofollow\"\u003eUnix Recovery Legend\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gregreda.com/2013/07/15/unix-commands-for-data-science/\" rel=\"nofollow\"\u003eUseful Unix commands for data science\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail.tarsnap.com/tarsnap-announce/msg00050.html\" rel=\"nofollow\"\u003eWhy we like Tarsnap = Transparency : Tarsnap outage post-mortem\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://box.matto.nl/openbsd-73-on-a-twenty-year-old-ibm-thinkpad-r31.html\" rel=\"nofollow\"\u003eOpenBSD 7.3 on a twenty year old IBM ThinkPad R31\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://forums.freebsd.org/threads/quick-and-dirty-imap-uw-server.89877/\" rel=\"nofollow\"\u003eQuick and dirty IMAP(-UW) server\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackaday.com/2023/08/01/jennys-daily-drivers-freebsd-13-2/\" rel=\"nofollow\"\u003eJENNY’S DAILY DRIVERS: FREEBSD 13.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://elv.sh/\" rel=\"nofollow\"\u003eElvish\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://infosec.exchange/@paco/110772422266480371\" rel=\"nofollow\"\u003exroach\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://soc.feditime.com/notice/AXo6xXlSrfdfjNPdRI\" rel=\"nofollow\"\u003eDid hell freeze over?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/523/feedback/Nelson%20-%20Bell%20Labs%20Memoranda.md\" rel=\"nofollow\"\u003eNelson - Bell Labs Memoranda\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/523/feedback/patrick%20-%20audio%20switching.md\" rel=\"nofollow\"\u003epatrick - audio switching\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/523/feedback/tim%20-%20appjail.md\" rel=\"nofollow\"\u003etim - appjail\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On the Loss and Preservation of Knowledge, Unix Recovery Legend, Useful Unix commands for data science, Tarsnap outage post-mortem, OpenBSD 7.3 on a twenty year old IBM ThinkPad R31, and more","date_published":"2023-09-14T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ce877f80-4e1c-4029-adbe-4b5893efef2d.mp3","mime_type":"audio/mpeg","size_in_bytes":55404288,"duration_in_seconds":3462}]},{"id":"e03effe5-46f6-4cc7-8c19-4f549f78415c","title":"523: Literally Unix","url":"https://www.bsdnow.tv/523","content_text":"The Elements Of Style: UNIX As Literature, The shell and its crappy handling of whitespace, Theo de Raadt on Zenbleed, OPNsense 23.7 released, illumos gets a new C compiler, fixing Thinkpad X1 WIFI on FreeBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe Elements Of Style: UNIX As Literature\n\n\n\nThe shell and its crappy handling of whitespace\n\n\n\nNews Roundup\n\nTheo de Raadt on Zenbleed\n\n\n\nOPNsense 23.7 “Restless Roadrunner” Released\n\n\n\n[ILLUMOS GETS A NEW C COMPILER](https://briancallahan.net/blog/20230705.html\n\n)\n\n\n\nFIXING THINKPAD X1 WIFI ON FREEBSD\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n\n","content_html":"\u003cp\u003eThe Elements Of Style: UNIX As Literature, The shell and its crappy handling of whitespace, Theo de Raadt on Zenbleed, OPNsense 23.7 released, illumos gets a new C compiler, fixing Thinkpad X1 WIFI on FreeBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://theody.net/elements.html\" rel=\"nofollow\"\u003eThe Elements Of Style: UNIX As Literature\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.plover.com/Unix/whitespace.html\" rel=\"nofollow\"\u003eThe shell and its crappy handling of whitespace\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20230724224011\" rel=\"nofollow\"\u003eTheo de Raadt on Zenbleed\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-23-7-released/\" rel=\"nofollow\"\u003eOPNsense 23.7 “Restless Roadrunner” Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e[ILLUMOS GETS A NEW C COMPILER](\u003ca href=\"https://briancallahan.net/blog/20230705.html\" rel=\"nofollow\"\u003ehttps://briancallahan.net/blog/20230705.html\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e)\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://michal.sapka.me/2023/fixing-thinkpad-x1-wifi-on-freebsd/\" rel=\"nofollow\"\u003eFIXING THINKPAD X1 WIFI ON FREEBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"The Elements Of Style: UNIX As Literature, The shell and its crappy handling of whitespace, Theo de Raadt on Zenbleed, OPNsense 23.7 released, illumos gets a new C compiler, fixing Thinkpad X1 WIFI on FreeBSD, and more","date_published":"2023-09-07T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e03effe5-46f6-4cc7-8c19-4f549f78415c.mp3","mime_type":"audio/mpeg","size_in_bytes":38576256,"duration_in_seconds":2411}]},{"id":"eb9e39c2-564c-4286-b1dd-e1d57a331f87","title":"522: Zenbleed Foot Shooting","url":"https://www.bsdnow.tv/522","content_text":"Top Ten Reasons to Upgrade to FreeBSD 13.2, History never repeats but sometimes it rhymes, Wayland on OpenBSD, OpenBGPD 8.1 released, Shoot yourself in the foot, Zenbleed: aka: The new fun for a while, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nTop Ten Reasons to Upgrade to FreeBSD 13.2\n\n\n\nHistory never repeats but sometimes it rhymes\n\n\n\nNews Roundup\n\nWayland on OpenBSD\n\n\n\nOpenBGPD 8.1 released\n\n\n\nShoot yourself in the foot\n\n\n\nZenbleed: aka : The new fun for a while\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nIan - about dozing off when listening\nNixbytes  - news on netbsd\nPhillip - Questions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\nJoin us and other BSD Fans in our BSD Now Telegram channel\n***\n","content_html":"\u003cp\u003eTop Ten Reasons to Upgrade to FreeBSD 13.2, History never repeats but sometimes it rhymes, Wayland on OpenBSD, OpenBGPD 8.1 released, Shoot yourself in the foot, Zenbleed: aka: The new fun for a while, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/top-ten-reasons-to-upgrade-to-freebsd-13-2/\" rel=\"nofollow\"\u003eTop Ten Reasons to Upgrade to FreeBSD 13.2\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ciq.com/blog/history-never-repeats-but-sometimes-it-rhymes/\" rel=\"nofollow\"\u003eHistory never repeats but sometimes it rhymes\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://xenocara.org/Wayland_on_OpenBSD.html\" rel=\"nofollow\"\u003eWayland on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230713110230\" rel=\"nofollow\"\u003eOpenBGPD 8.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://g-w1.github.io/blog/observation/2023/07/08/shoot-yourself-in-the-foot.html\" rel=\"nofollow\"\u003eShoot yourself in the foot\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20230724224011\" rel=\"nofollow\"\u003eZenbleed: aka : The new fun for a while\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/522/feedback/Ian%20-%20about%20dozing%20off%20when%20listening.md\" rel=\"nofollow\"\u003eIan - about dozing off when listening\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/522/feedback/Nixbytes%20%20-%20news%20on%20netbsd.md\" rel=\"nofollow\"\u003eNixbytes  - news on netbsd\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/522/feedback/Phillip%20-%20Questions.md\" rel=\"nofollow\"\u003ePhillip - Questions\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJoin us and other BSD Fans in our \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003eBSD Now Telegram channel\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Top Ten Reasons to Upgrade to FreeBSD 13.2, History never repeats but sometimes it rhymes, Wayland on OpenBSD, OpenBGPD 8.1 released, Shoot yourself in the foot, Zenbleed: aka: The new fun for a while, and more","date_published":"2023-08-31T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/eb9e39c2-564c-4286-b1dd-e1d57a331f87.mp3","mime_type":"audio/mpeg","size_in_bytes":46507008,"duration_in_seconds":2906}]},{"id":"533fcb2a-376e-4f26-9d0d-4fa57da1ced4","title":"521: BSD Summer Reading","url":"https://www.bsdnow.tv/521","content_text":"FreeBSD Status Report Q2 2023, Klara Systems Recommended Summer Reads 2023, install Kanboard on OpenBSD howto, A bit of Unix history on 'su -', hints for splitting commits, Live from OpenBSD in Amsterdam, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Status Report Second Quarter 2023\n\n\n\nOur 2023 Recommended Summer Reads 2023\n\n\n\nNews Roundup\n\nHow to install Kanboard on OpenBSD\n\n\n\nA bit of Unix history on 'su -'\n\n\n\nSome hints for splitting commits\n\n\n\nLive from OpenBSD in Amsterdam\n\n\n\nIn memoriam\n\nIn Memoriam: Hans Petter William Sirevåg Selasky\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAgbo - Using BSD for a business\nChris - Desktop BSD systems\nDane - Use another OS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Status Report Q2 2023, Klara Systems Recommended Summer Reads 2023, install Kanboard on OpenBSD howto, A bit of Unix history on \u0026#39;su -\u0026#39;, hints for splitting commits, Live from OpenBSD in Amsterdam, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2023-04-2023-06/\" rel=\"nofollow\"\u003eFreeBSD Status Report Second Quarter 2023\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/our-2023-recommended-summer-reads-freebsd-and-linux/\" rel=\"nofollow\"\u003eOur 2023 Recommended Summer Reads 2023\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-07-07-kanboard-on-openbsd.html\" rel=\"nofollow\"\u003eHow to install Kanboard on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/SuDashHistory\" rel=\"nofollow\"\u003eA bit of Unix history on \u0026#39;su -\u0026#39;\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdimp.blogspot.com/2023/07/some-hints-for-splitting-commits.html\" rel=\"nofollow\"\u003eSome hints for splitting commits\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://michal.sapka.me/2023/moved-to-openbsd/\" rel=\"nofollow\"\u003eLive from OpenBSD in Amsterdam\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eIn memoriam\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.freebsd.org/threads/in-memoriam-hans-petter-william-sirevag-selasky.89697/#post-616627\" rel=\"nofollow\"\u003eIn Memoriam: Hans Petter William Sirevåg Selasky\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/521/feedback/Agbo%20-%20Using%20BSD%20for%20a%20business.md\" rel=\"nofollow\"\u003eAgbo - Using BSD for a business\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/521/feedback/Chris%20-%20Desktop%20BSD%20systems.md\" rel=\"nofollow\"\u003eChris - Desktop BSD systems\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/521/feedback/Dane%20-%20Use%20another%20OS.md\" rel=\"nofollow\"\u003eDane - Use another OS\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Status Report Q2 2023, Klara Systems Recommended Summer Reads 2023, install Kanboard on OpenBSD howto, A bit of Unix history on 'su -', hints for splitting commits, Live from OpenBSD in Amsterdam, and more","date_published":"2023-08-24T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/533fcb2a-376e-4f26-9d0d-4fa57da1ced4.mp3","mime_type":"audio/mpeg","size_in_bytes":54731520,"duration_in_seconds":3420}]},{"id":"c4abf3ee-9d63-4f0a-bc8d-ea10b203a9e0","title":"520: 4 months BSD","url":"https://www.bsdnow.tv/520","content_text":"4 Months of BSD, Self Hosted Calendar and address Book, Ban scanners IPs from OpenSMTP logs, Self-hosted git page, Bastille template example, Restrict nginx Access by Geographical Location on FreeBSD, and more.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n4 Months of BSD\n\n\n\nSelf Hosted Calendar and address Book\n\n\n\nNews Roundup\n\nBan scanners IPs from OpenSMTP logs\n\n\n\nSelf-hosted git page with stagit (featuring ed, the standard editor)\n\n\n\nBastille template example\n\n\n\nNginx: How to Restrict Access by Geographical Location on FreeBSD\n\n\n\nBeastie Bits\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nChris - ARM\nMatthew - Groups\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003e4 Months of BSD, Self Hosted Calendar and address Book, Ban scanners IPs from OpenSMTP logs, Self-hosted git page, Bastille template example, Restrict nginx Access by Geographical Location on FreeBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://danterobinson.dev/BSD/4MonthsofBSD\" rel=\"nofollow\"\u003e4 Months of BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2023/self-hosted-calendar-and-addressbook-services-on-openbsd/\" rel=\"nofollow\"\u003eSelf Hosted Calendar and address Book\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-06-22-opensmtpd-block-attempts.html\" rel=\"nofollow\"\u003eBan scanners IPs from OpenSMTP logs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sebastiano.tronto.net/blog/2022-11-23-git-host/\" rel=\"nofollow\"\u003eSelf-hosted git page with stagit (featuring ed, the standard editor)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bastillebsd.org/blog/2022/01/03/bastille-template-examples-adguardhome/\" rel=\"nofollow\"\u003eBastille template example\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/\" rel=\"nofollow\"\u003eNginx: How to Restrict Access by Geographical Location on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/520/feedback/Chris%20-%20arm.md\" rel=\"nofollow\"\u003eChris - ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/520/feedback/matthew%20-%20groups.md\" rel=\"nofollow\"\u003eMatthew - Groups\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"4 Months of BSD, Self Hosted Calendar and address Book, Ban scanners IPs from OpenSMTP logs, Self-hosted git page, Bastille template example, Restrict nginx Access by Geographical Location on FreeBSD, and more.","date_published":"2023-08-17T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c4abf3ee-9d63-4f0a-bc8d-ea10b203a9e0.mp3","mime_type":"audio/mpeg","size_in_bytes":41702784,"duration_in_seconds":2606}]},{"id":"5d5025dc-47c7-48f4-9da6-d5fee456b1de","title":"519: Telegram from BSDNow","url":"https://www.bsdnow.tv/519","content_text":"3 Advantages to Running FreeBSD as Your Server OS, FreeBSD 14 Release Schedule, Stream your OpenBSD desktop audio, DOD KSOS Secure UNIX Operating System Manual, How to limit bandwidth usage with SCP transfers, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n3 Advantages to Running FreeBSD as Your Server Operating System\n\n\n\nFreeBSD 14 Release Schedule\n\n\n\nNews Roundup\n\nStream your OpenBSD desktop audio to other devices\n\n\n\nDOD KSOS Secure UNIX Operating System Manual and Final Report\n\n\n\nHow to limit bandwidth usage with SCP transfers\n\n\n\nBeastie Bits\n\n\nOpenSolaris 11.4 running in a VM\nCelebrating 30 Years of FreeBSD – FreeBSD Journal Special Edition\nSome ways you can contribute to open source software without writing code\n\n\nScreenCapture if you don't have a twitter account\n\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nNew BSD Now Telegram Channel\n\n\nWe now have a new BSD Now Telegram channel that anyone can join.  Conversations don’t have to just be about the show, anything BSD, Unix, or *nix in general is fair game. https://t.me/bsdnow\n\n\nFeedback/Questions\n\n\nJohnny - 512\nMatthew - 512\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003e3 Advantages to Running FreeBSD as Your Server OS, FreeBSD 14 Release Schedule, Stream your OpenBSD desktop audio, DOD KSOS Secure UNIX Operating System Manual, How to limit bandwidth usage with SCP transfers, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-3-advantages-to-running-freebsd-as-your-server-operating-system/\" rel=\"nofollow\"\u003e3 Advantages to Running FreeBSD as Your Server Operating System\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/14.0R/\" rel=\"nofollow\"\u003eFreeBSD 14 Release Schedule\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-05-05-openbsd-sound-streaming.html\" rel=\"nofollow\"\u003eStream your OpenBSD desktop audio to other devices\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2023-June/028441.html\" rel=\"nofollow\"\u003eDOD KSOS Secure UNIX Operating System Manual and Final Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://herrbischoff.com/2023/03/how-to-limit-bandwidth-usage-for-scp-transfers/\" rel=\"nofollow\"\u003eHow to limit bandwidth usage with SCP transfers\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/unix/comments/14m90v2/oracle_solaris_114_running_in_a_virtual_machine/\" rel=\"nofollow\"\u003eOpenSolaris 11.4 running in a VM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/celebrating-30-years-of-freebsd-freebsd-journal-special-edition/\" rel=\"nofollow\"\u003eCelebrating 30 Years of FreeBSD – FreeBSD Journal Special Edition\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/cperciva/status/1673215499365384194?s=52\u0026t=-_bfM_adaiX8Ri_3lN9OYw\" rel=\"nofollow\"\u003eSome ways you can contribute to open source software without writing code\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://i.imgur.com/5AlqBlO.png\" rel=\"nofollow\"\u003eScreenCapture if you don\u0026#39;t have a twitter account\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eNew BSD Now Telegram Channel\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe now have a new BSD Now Telegram channel that anyone can join.  Conversations don’t have to just be about the show, anything BSD, Unix, or *nix in general is fair game. \u003ca href=\"https://t.me/bsdnow\" rel=\"nofollow\"\u003ehttps://t.me/bsdnow\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/519/feedback/Johnny%20-%20512.md\" rel=\"nofollow\"\u003eJohnny - 512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/519/feedback/Matthew%20-%20512.md\" rel=\"nofollow\"\u003eMatthew - 512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"3 Advantages to Running FreeBSD as Your Server OS, FreeBSD 14 Release Schedule, Stream your OpenBSD desktop audio, DOD KSOS Secure UNIX Operating System Manual, How to limit bandwidth usage with SCP transfers, and more.","date_published":"2023-08-10T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5d5025dc-47c7-48f4-9da6-d5fee456b1de.mp3","mime_type":"audio/mpeg","size_in_bytes":35925120,"duration_in_seconds":2245}]},{"id":"a8dc2e06-ce32-4c8c-a282-35950bee26fc","title":"518: Unix Edition Zero","url":"https://www.bsdnow.tv/518","content_text":"A Guide to Problem-Solving for Software Developers with Examples, making 20% time work, Long Live Netbooks, OpenBSD Router on Sg105w, Set Up a Simple and Actually Working Wireguard Server, Unix Edition Zero, how to be a -10x engineer, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nA Guide to Problem-Solving for Software Developers with Examples\n\n\n\nMaking 20% time work\n\n\n\nNews Roundup\n\nLong live netbooks!\n\n\n\nOpenBSD Router on Sg105w\n\n\n\nFreeBSD: How to Set Up a Simple and Actually Working Wireguard Server\n\n\n\nHow to be a -10x Engineer\n\n\n\nUnix Edition Zero\n\n\n\nBeastie Bits\n\n\nGame of Trees 0.90 released\nZFSp\n\n\n\nTarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eA Guide to Problem-Solving for Software Developers with Examples, making 20% time work, Long Live Netbooks, OpenBSD Router on Sg105w, Set Up a Simple and Actually Working Wireguard Server, Unix Edition Zero, how to be a -10x engineer, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://thevaluable.dev/problem_solving_guide_software_developer\" rel=\"nofollow\"\u003eA Guide to Problem-Solving for Software Developers with Examples\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://begriffs.com/posts/2016-01-29-making-twenty-percent-time-work.html\" rel=\"nofollow\"\u003eMaking 20% time work\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sebastiano.tronto.net/blog/2022-09-10-netbooks/\" rel=\"nofollow\"\u003eLong live netbooks!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://evolving-architecture.eu/openbsd-router-sg105w/\" rel=\"nofollow\"\u003eOpenBSD Router on Sg105w\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://herrbischoff.com/2023/04/freebsd-how-to-set-up-a-simple-and-actually-working-wireguard-server/\" rel=\"nofollow\"\u003eFreeBSD: How to Set Up a Simple and Actually Working Wireguard Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://taylor.town/-10x\" rel=\"nofollow\"\u003eHow to be a -10x Engineer\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://doc.cat-v.org/unix/v0/\" rel=\"nofollow\"\u003eUnix Edition Zero\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20230624054334\" rel=\"nofollow\"\u003eGame of Trees 0.90 released\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/alcarithemad/zfsp\" rel=\"nofollow\"\u003eZFSp\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"A Guide to Problem-Solving for Software Developers with Examples, making 20% time work, Long Live Netbooks, OpenBSD Router on Sg105w, Set Up a Simple and Actually Working Wireguard Server, Unix Edition Zero, how to be a -10x engineer, and more","date_published":"2023-08-03T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a8dc2e06-ce32-4c8c-a282-35950bee26fc.mp3","mime_type":"audio/mpeg","size_in_bytes":54445440,"duration_in_seconds":3402}]},{"id":"d8d9cac6-5c23-4f07-b6ad-253890b79d72","title":"517: Huge pfsync rewrite","url":"https://www.bsdnow.tv/517","content_text":"Linux and FreeBSD Firewalls Comparison Part 2, 27 Years with the Perfect OS, Top 20 OpenSSH Server Best Security Practices, Huge pfsync rewrite, OpenSMTPD 7.3.0p1 release, Running OpenBSD 7.3 on your laptop is really hard (not), and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nLinux and FreeBSD Firewalls – The Ultimate Guide - Part 2\n\n\n\n27 Years with the Perfect OS\n\n\n\n\n\nNews Roundup\n\nTop 20 OpenSSH Server Best Security Practices\n\n\n\nHuge pfsync rewrite\n\n\n\nOpenSMTPD 7.3.0p1 released\n\n\n\nRunning OpenBSD 7.3 on your laptop is really hard (not)\n\n\n\nQuicSSH\n\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eLinux and FreeBSD Firewalls Comparison Part 2, 27 Years with the Perfect OS, Top 20 OpenSSH Server Best Security Practices, Huge pfsync rewrite, OpenSMTPD 7.3.0p1 release, Running OpenBSD 7.3 on your laptop is really hard (not), and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-linux-and-freebsd-firewalls-part-2/\" rel=\"nofollow\"\u003eLinux and FreeBSD Firewalls – The Ultimate Guide - Part 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://peter.czanik.hu/posts/freebsd-the-perfect-os/\" rel=\"nofollow\"\u003e27 Years with the Perfect OS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html\" rel=\"nofollow\"\u003eTop 20 OpenSSH Server Best Security Practices\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=168732121711177\u0026w=2\" rel=\"nofollow\"\u003eHuge pfsync rewrite\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.mail-archive.com/misc@opensmtpd.org/msg05909.html\" rel=\"nofollow\"\u003eOpenSMTPD 7.3.0p1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sohcahtoa.org.uk/openbsd.html\" rel=\"nofollow\"\u003eRunning OpenBSD 7.3 on your laptop is really hard (not)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/moul/quicssh\" rel=\"nofollow\"\u003eQuicSSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Linux and FreeBSD Firewalls Comparison Part 2, 27 Years with the Perfect OS, Top 20 OpenSSH Server Best Security Practices, Huge pfsync rewrite, OpenSMTPD 7.3.0p1 release, Running OpenBSD 7.3 on your laptop is really hard (not), and more","date_published":"2023-07-27T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d8d9cac6-5c23-4f07-b6ad-253890b79d72.mp3","mime_type":"audio/mpeg","size_in_bytes":44959104,"duration_in_seconds":2809}]},{"id":"c8e97371-fb6b-48dc-97fe-8de45cd0e49c","title":"516: Computer Time Origins","url":"https://www.bsdnow.tv/516","content_text":"Linux and FreeBSD Firewalls Part 1, Why Netflix Chose NGINX as the Heart of Its CDN, Protect your web servers against PHP shells and malwares, Installing and running Gitlab howto, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nLinux vs. FreeBSD : Linux and FreeBSD Firewalls – The Ultimate Guide : Part 1\n\n\n\nWhy Netflix Chose NGINX as the Heart of Its CDN\n\n\n\nNews Roundup\n\nFreeBSD: Protect your web servers against PHP shells and malwares\n\n\n\nHowTo: Installing and running Gitlab\n\n\n\nBeastie Bits\n\n• [World built in 36 hours on a Pentium 4!](https://www.reddit.com/r/freebsd/comments/13undl9/world_built_in_36_hours_on_a_pentium_4/)\n• [Fart init](https://x61.sh/log/2023/05/23052023153621-fart-init.html](https://x61.sh/log/2023/05/23052023153621-fart-init.html)\n• [Organized Freebies](https://mwl.io/archives/22832)\n• [OpenSMTPD 7.3.0p0 released](http://undeadly.org/cgi?action=article;sid=20230617111340)\n• [shutdown/reboot now require membership of group _shutdown](http://undeadly.org/cgi?action=article;sid=20230620064255)\n• [Where does my computer get the time from?](https://dotat.at/@/2023-05-26-whence-time.html)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\n\n\nFeedback/Questions\n\n\nsam - fav episodes\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eLinux and FreeBSD Firewalls Part 1, Why Netflix Chose NGINX as the Heart of Its CDN, Protect your web servers against PHP shells and malwares, Installing and running Gitlab howto, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-linux-and-freebsd-firewalls/\" rel=\"nofollow\"\u003eLinux vs. FreeBSD : Linux and FreeBSD Firewalls – The Ultimate Guide : Part 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.nginx.com/blog/why-netflix-chose-nginx-as-the-heart-of-its-cdn/\" rel=\"nofollow\"\u003eWhy Netflix Chose NGINX as the Heart of Its CDN\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ozgurkazancci.com/freebsd-protect-your-web-server-against-php-shells-and-malwares/\" rel=\"nofollow\"\u003eFreeBSD: Protect your web servers against PHP shells and malwares\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/howto-installing-and-running-gitlab.89436/\" rel=\"nofollow\"\u003eHowTo: Installing and running Gitlab\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [World built in 36 hours on a Pentium 4!](https://www.reddit.com/r/freebsd/comments/13undl9/world_built_in_36_hours_on_a_pentium_4/)\n• [Fart init](https://x61.sh/log/2023/05/23052023153621-fart-init.html](https://x61.sh/log/2023/05/23052023153621-fart-init.html)\n• [Organized Freebies](https://mwl.io/archives/22832)\n• [OpenSMTPD 7.3.0p0 released](http://undeadly.org/cgi?action=article;sid=20230617111340)\n• [shutdown/reboot now require membership of group _shutdown](http://undeadly.org/cgi?action=article;sid=20230620064255)\n• [Where does my computer get the time from?](https://dotat.at/@/2023-05-26-whence-time.html)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/515/feedback/sam%20-%20fav%20episodes.md\" rel=\"nofollow\"\u003esam - fav episodes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Linux and FreeBSD Firewalls Part 1, Why Netflix Chose NGINX as the Heart of Its CDN, Protect your web servers against PHP shells and malwares, Installing and running Gitlab howto, and more","date_published":"2023-07-20T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c8e97371-fb6b-48dc-97fe-8de45cd0e49c.mp3","mime_type":"audio/mpeg","size_in_bytes":44272128,"duration_in_seconds":2767}]},{"id":"cfdb4845-82f8-4698-8b0a-0eddc33e66a8","title":"515: ChatGPT writing pf.conf","url":"https://www.bsdnow.tv/515","content_text":"FreeBSD or Linux – A Choice Without OS Wars, The Computer Scientist Who Can’t Stop Telling Stories, ChatGPT was asked to write a pf.conf to spec, GhostBSD 23.06.1 is now available, OPNsense 23.1.9 released, Running VSCode in Chromium on OpenBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nLinux vs. FreeBSD : FreeBSD or Linux – A Choice Without OS Wars\n\n\n\nThe Computer Scientist Who Can’t Stop Telling Stories\n\n\n\nI asked ChatGPT to write a pf.conf to spec, 2023-06-07 version\n\n\n\nNews Roundup\n\nGhostBSD 23.06.1 is now available\n\n\n\nOPNsense 23.1.9 released\n\n\n\nRunning VSCode in Chromium on OpenBSD\n\n\n\nCOFF: Bell Labs vs \"East Coast\" Management style of AT\u0026amp;T\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nMatt - Wireguard\nOscar - ISC.md\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD or Linux – A Choice Without OS Wars, The Computer Scientist Who Can’t Stop Telling Stories, ChatGPT was asked to write a pf.conf to spec, GhostBSD 23.06.1 is now available, OPNsense 23.1.9 released, Running VSCode in Chromium on OpenBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/choosing-between-freebsd-and-linux-a-choice-without-os-wars/\" rel=\"nofollow\"\u003eLinux vs. FreeBSD : FreeBSD or Linux – A Choice Without OS Wars\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.quantamagazine.org/computer-scientist-donald-knuth-cant-stop-telling-stories-20200416/\" rel=\"nofollow\"\u003eThe Computer Scientist Who Can’t Stop Telling Stories\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdly.blogspot.com/2023/06/i-asked-chatgpt-to-write-pfconf-to-spec.html\" rel=\"nofollow\"\u003eI asked ChatGPT to write a pf.conf to spec, 2023-06-07 version\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ghostbsd.org/23.06.01_iso_is_now_available\" rel=\"nofollow\"\u003eGhostBSD 23.06.1 is now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=34282.0\" rel=\"nofollow\"\u003eOPNsense 23.1.9 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bt.ht/vscode/\" rel=\"nofollow\"\u003eRunning VSCode in Chromium on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tuhs.org/pipermail/coff/2023-May/001556.html\" rel=\"nofollow\"\u003eCOFF: Bell Labs vs \u0026quot;East Coast\u0026quot; Management style of AT\u0026amp;T\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/515/feedback/Matt%20-%20Wiregaurd.md\" rel=\"nofollow\"\u003eMatt - Wireguard\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/515/feedback/Oscar%20-%20ISC.md\" rel=\"nofollow\"\u003eOscar - ISC.md\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD or Linux – A Choice Without OS Wars, The Computer Scientist Who Can’t Stop Telling Stories, ChatGPT was asked to write a pf.conf to spec, GhostBSD 23.06.1 is now available, OPNsense 23.1.9 released, Running VSCode in Chromium on OpenBSD, and more","date_published":"2023-07-13T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cfdb4845-82f8-4698-8b0a-0eddc33e66a8.mp3","mime_type":"audio/mpeg","size_in_bytes":38652288,"duration_in_seconds":2415}]},{"id":"1ad867e2-c191-48e0-88e0-8c42831d40c7","title":"514: Infecting Public Keys","url":"https://www.bsdnow.tv/514","content_text":"OpenZFS, Your Data and the Challenge of Ransomware, I Didn’t Learn Unix By Reading All The Manpages, I try to answer \"how to become a systems engineer\", Writing shell scripts in Nushell, Sudo and signal propagation, infecting SSH Public Keys with backdoors, OpenBSD Thinkpad, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenZFS, Your Data and the Challenge of Ransomware\n\n\n\nI Didn’t Learn Unix By Reading All The Manpages\n\n\n\nNews Roundup\n\nFeedback: I try to answer \"how to become a systems engineer\"\n\n\n\nWriting shell scripts in Nushell\n\n\n\nSudo and signal propagation\n\n\n\nInfecting SSH Public Keys with backdoors\n\n\n\nOpenBSD Thinkpad\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenZFS, Your Data and the Challenge of Ransomware, I Didn’t Learn Unix By Reading All The Manpages, I try to answer \u0026quot;how to become a systems engineer\u0026quot;, Writing shell scripts in Nushell, Sudo and signal propagation, infecting SSH Public Keys with backdoors, OpenBSD Thinkpad, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-openzfs-your-data-and-the-challenge-of-ransomware/\" rel=\"nofollow\"\u003eOpenZFS, Your Data and the Challenge of Ransomware\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.owlfolio.org/research/i-didnt-learn-unix-by-reading-all-the-manpages/\" rel=\"nofollow\"\u003eI Didn’t Learn Unix By Reading All The Manpages\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rachelbythebay.com/w/2023/05/30/eng/\" rel=\"nofollow\"\u003eFeedback: I try to answer \u0026quot;how to become a systems engineer\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jpospisil.com/2023/05/25/writing-shell-scripts-in-nushell\" rel=\"nofollow\"\u003eWriting shell scripts in Nushell\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dxuuu.xyz/sudo.html\" rel=\"nofollow\"\u003eSudo and signal propagation\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.thc.org/infecting-ssh-public-keys-with-backdoors\" rel=\"nofollow\"\u003eInfecting SSH Public Keys with backdoors\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://douglasrumbaugh.com/post/openbsd-thinkpad-good/\" rel=\"nofollow\"\u003eOpenBSD Thinkpad\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenZFS, Your Data and the Challenge of Ransomware, I Didn’t Learn Unix By Reading All The Manpages, I try to answer \"how to become a systems engineer\", Writing shell scripts in Nushell, Sudo and signal propagation, infecting SSH Public Keys with backdoors, OpenBSD Thinkpad, and more","date_published":"2023-07-06T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1ad867e2-c191-48e0-88e0-8c42831d40c7.mp3","mime_type":"audio/mpeg","size_in_bytes":46575744,"duration_in_seconds":2910}]},{"id":"46ee8a53-e46a-4e48-a99e-bb347c35e8e0","title":"513: New Host Interview","url":"https://www.bsdnow.tv/513","content_text":"We have a new show host, Understanding ZFS vdev Types, Don't abuse su for dropping user privileges, Dynamic Tracing on OpenBSD 7.3, new Libressl, Manual Jails on FreeBSD 12, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHost Introductions - Jason Tubnor - https://www.tubsta.com / @tubsta / @Tubsta@soc.feditime.com\n\n\n\nHeadlines\n\nUnderstanding ZFS vdev Types\n\n\n\nDon't abuse su for dropping user privileges\n\n\n\nNews Roundup\n\nDynamic Tracing on OpenBSD 7.3\n\n\n\nnew Libressl\n\n\n\nManual Jails on FreeBSD 12\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nChris - questions\nDan - zfs questions\nPablo - Jail question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWe have a new show host, Understanding ZFS vdev Types, Don\u0026#39;t abuse su for dropping user privileges, Dynamic Tracing on OpenBSD 7.3, new Libressl, Manual Jails on FreeBSD 12, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHost Introductions - Jason Tubnor - \u003ca href=\"https://www.tubsta.com\" rel=\"nofollow\"\u003ehttps://www.tubsta.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/tubsta\" rel=\"nofollow\"\u003e@tubsta\u003c/a\u003e / \u003ca href=\"https://soc.feditime.com\" rel=\"nofollow\"\u003e@Tubsta@soc.feditime.com\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-understanding-zfs-vdev-types/\" rel=\"nofollow\"\u003eUnderstanding ZFS vdev Types\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jdebp.uk/FGA/dont-abuse-su-for-dropping-privileges.html\" rel=\"nofollow\"\u003eDon\u0026#39;t abuse su for dropping user privileges\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.lambda.cx/posts/openbsd-dynamic-tracing/\" rel=\"nofollow\"\u003eDynamic Tracing on OpenBSD 7.3\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20230528115900\" rel=\"nofollow\"\u003enew Libressl\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ogris.de/howtos/freebsd-jails.html\" rel=\"nofollow\"\u003eManual Jails on FreeBSD 12\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/513/feedback/Chris%20-%20questions.md\" rel=\"nofollow\"\u003eChris - questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/513/feedback/Dan%20-%20zfs%20questions.md\" rel=\"nofollow\"\u003eDan - zfs questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/513/feedback/Pablo%20-%20Jail%20question.md\" rel=\"nofollow\"\u003ePablo - Jail question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We have a new show host, Understanding ZFS vdev Types, Don't abuse su for dropping user privileges, Dynamic Tracing on OpenBSD 7.3, new Libressl, Manual Jails on FreeBSD 12, and more","date_published":"2023-06-29T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/46ee8a53-e46a-4e48-a99e-bb347c35e8e0.mp3","mime_type":"audio/mpeg","size_in_bytes":51267072,"duration_in_seconds":3204}]},{"id":"0c162628-7d5f-4c53-9637-be1b27ddafe2","title":"512: BSDNow Live! 9 bits of BSDNow - Just speak into the goat","url":"https://www.bsdnow.tv/512","content_text":"Recorded at BSDCan 2023\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nBSDNow - The early years\n\n\n\nBSDNow - Production Process\n\n\n\nNews Roundup\n\nFreeBSD Devsummit\n\n\n\nBSDCan\n\n\n\nBeastie Bits\n\n\n How you can help the show!\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nCorey asks - what is the status of netbsd 10?\nHow have things changed in the bsds over the history of the show?\n\n\nAnnouncement\n\nAs a final thing Allan would like to make an announcement:\n\n\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n","content_html":"\u003cp\u003eRecorded at BSDCan 2023\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eBSDNow - The early years\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBSDNow - Production Process\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003eFreeBSD Devsummit\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eBSDCan\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e How you can help the show!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eCorey asks - what is the status of netbsd 10?\u003c/li\u003e\n\u003cli\u003eHow have things changed in the bsds over the history of the show?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eAnnouncement\u003c/h2\u003e\n\n\u003cp\u003eAs a final thing Allan would like to make an announcement:\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003e- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e","summary":"Recorded at BSDCan 2023","date_published":"2023-06-22T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0c162628-7d5f-4c53-9637-be1b27ddafe2.mp3","mime_type":"audio/mpeg","size_in_bytes":38973696,"duration_in_seconds":2435}]},{"id":"6b99d11c-2ee7-450e-8446-d0ceed9be7b1","title":"511: Against Innovation","url":"https://www.bsdnow.tv/511","content_text":"Sun Ray laptops, MIPS and getting root on them, OpenZFS for HPC Clusters, Self-Hosted Bookmarks using DAV and httpd on OpenBSD, Terraform + Proxmox + OpenBSD = \u0026lt;3, WOL Plex Server, Against innovation, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOf Sun Ray laptops, MIPS and getting root on them\n\n\n\nOpenZFS for HPC Clusters\n\n\n\nNews Roundup\n\nSelf-Hosted Bookmarks using DAV and httpd on OpenBSD\n\n\n\nTerraform + Proxmox + OpenBSD = \u0026lt;3\n\n\n\nWOL Plex Server\n\n\n\nAgainst Innovation\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eSun Ray laptops, MIPS and getting root on them, OpenZFS for HPC Clusters, Self-Hosted Bookmarks using DAV and httpd on OpenBSD, Terraform + Proxmox + OpenBSD = \u0026lt;3, WOL Plex Server, Against innovation, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://oldvcr.blogspot.com/2023/04/of-sun-ray-laptops-mips-and-getting.html\" rel=\"nofollow\"\u003eOf Sun Ray laptops, MIPS and getting root on them\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-openzfs-for-hpc-clusters/\" rel=\"nofollow\"\u003eOpenZFS for HPC Clusters\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2023/self-hosted-bookmarks-using-dav-and-httpd-on-openbsd/\" rel=\"nofollow\"\u003eSelf-Hosted Bookmarks using DAV and httpd on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://x61.sh/log/2023/05/19052023172439-terraform_proxmox_openbsd.html\" rel=\"nofollow\"\u003eTerraform + Proxmox + OpenBSD = \u0026lt;3\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://maximiliangolla.com/blog/2022-10-wol-plex-server/\" rel=\"nofollow\"\u003eWOL Plex Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dadadrummer.substack.com/p/against-innovation\" rel=\"nofollow\"\u003eAgainst Innovation\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Sun Ray laptops, MIPS and getting root on them, OpenZFS for HPC Clusters, Self-Hosted Bookmarks using DAV and httpd on OpenBSD, Terraform + Proxmox + OpenBSD = \u003c3, WOL Plex Server, Against innovation, and more","date_published":"2023-06-15T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6b99d11c-2ee7-450e-8446-d0ceed9be7b1.mp3","mime_type":"audio/mpeg","size_in_bytes":48869760,"duration_in_seconds":3054}]},{"id":"41751de6-aa32-4cde-8fde-ea62d98b6a4d","title":"510: The BSD Slabtop","url":"https://www.bsdnow.tv/510","content_text":"AsiaBSDCon 2023 Trip Report, Converting My X201 ThinkPad into a Slabtop, Stream your OpenBSD desktop audio to other devices, The Gnome and Its \"Secret Place\", ttyload, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nAsiaBSDCon 2023 Trip Report\n\n\n\nConverting My X201 ThinkPad into a Slabtop\n\n\n\nNews Roundup\n\nStream your OpenBSD desktop audio to other devices\n\n\n\nThe Gnome and Its \"Secret Place\"\n\n\n\nttyload - Linux/Unix color-coded graphical tracking tool for load average in a terminal\n\n\n\nBeastie Bits\n\n• [OpenIndiana with a Sun Microsystems 22\" LCD monitor. Running on a 1.8GHz quad core AMD Phenom 9100e processor, 4Gb RAM, nVidia GEForce GT630.](https://www.reddit.com/r/unix/comments/13otjnt/openindiana_with_a_sun_microsystems_22_lcd/)\n• [cron(8) now supports random ranges with steps](https://www.undeadly.org/cgi?action=article;sid=20230507122935\u0026amp;utm_source=bsdweekly)\n• [BSDCan 2024 Reorganization](https://mwl.io/archives/22799)\n• [Depenguin me](https://depenguin.me/)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eAsiaBSDCon 2023 Trip Report, Converting My X201 ThinkPad into a Slabtop, Stream your OpenBSD desktop audio to other devices, The Gnome and Its \u0026quot;Secret Place\u0026quot;, ttyload, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/asiabsdcon-2023-trip-report/\" rel=\"nofollow\"\u003eAsiaBSDCon 2023 Trip Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bt.ht/slabtop/\" rel=\"nofollow\"\u003eConverting My X201 ThinkPad into a Slabtop\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-05-05-openbsd-sound-streaming.html\" rel=\"nofollow\"\u003eStream your OpenBSD desktop audio to other devices\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tuhs.org/pipermail/tuhs/2023-May/028363.html\" rel=\"nofollow\"\u003eThe Gnome and Its \u0026quot;Secret Place\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/open-source/command-line-hacks/ttyload-color-coded-graphical-tracking-tool-for-unixlinux-load-average-in-a-terminal/\" rel=\"nofollow\"\u003ettyload - Linux/Unix color-coded graphical tracking tool for load average in a terminal\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [OpenIndiana with a Sun Microsystems 22\u0026quot; LCD monitor. Running on a 1.8GHz quad core AMD Phenom 9100e processor, 4Gb RAM, nVidia GEForce GT630.](https://www.reddit.com/r/unix/comments/13otjnt/openindiana_with_a_sun_microsystems_22_lcd/)\n• [cron(8) now supports random ranges with steps](https://www.undeadly.org/cgi?action=article;sid=20230507122935\u0026amp;utm_source=bsdweekly)\n• [BSDCan 2024 Reorganization](https://mwl.io/archives/22799)\n• [Depenguin me](https://depenguin.me/)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"AsiaBSDCon 2023 Trip Report, Converting My X201 ThinkPad into a Slabtop, Stream your OpenBSD desktop audio to other devices, The Gnome and Its \"Secret Place\", ttyload, and more","date_published":"2023-06-08T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/41751de6-aa32-4cde-8fde-ea62d98b6a4d.mp3","mime_type":"audio/mpeg","size_in_bytes":44800896,"duration_in_seconds":2800}]},{"id":"6676cfbb-7251-455d-846c-94eb3e6e5c32","title":"509: Dot File Naming","url":"https://www.bsdnow.tv/509","content_text":"Leveraging OpenZFS to Build Your Own Storage Appliance, Install OpenBSD as a VM, Set up your own CalDAV and CardDAV servers on OpenBSD, display basic computer information using DMI table decoder, Gpart CheatSheet, Rob Pike on the Origin of Unix Dot File Names, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenZFS – Leveraging OpenZFS to Build Your Own Storage Appliance\n\n\n\nInstall OpenBSD as a VM\n\n\n\nNews Roundup\n\nSet up your own CalDAV and CardDAV servers on OpenBSD\n\n\n\nHow to display basic computer information using DMI table decoder\n\n\n\nGpart CheatSheet - wiping drives, partitioning, \u0026amp; formating\n\n\n\nRob Pike on the Origin of Unix Dot File Names\n\n\n\nBeastie Bits\n\n\nHackerstations\n\n\nMike McQuaid's clean, ergonomic setup in Edinburgh, Scotland\nDaniel Stenberg and the home of curl in Stockholm, Sweden\n\nviogpu(4), a VirtIO GPU driver, added to -current\nOpenBGPD 8.0 released\ncron(8) now supports random ranges with steps\nmalloc leak detection available in -current\nvmd(8) moves to a multi-process model\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eLeveraging OpenZFS to Build Your Own Storage Appliance, Install OpenBSD as a VM, Set up your own CalDAV and CardDAV servers on OpenBSD, display basic computer information using DMI table decoder, Gpart CheatSheet, Rob Pike on the Origin of Unix Dot File Names, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-leveraging-openzfs-to-build-your-own-storage-appliance/\" rel=\"nofollow\"\u003eOpenZFS – Leveraging OpenZFS to Build Your Own Storage Appliance\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte-sized.de/linux-unix/openbsd-als-vm-installieren/#english\" rel=\"nofollow\"\u003eInstall OpenBSD as a VM\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2023-04-23-calendar-and-contacts-with-radicale.html\" rel=\"nofollow\"\u003eSet up your own CalDAV and CardDAV servers on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sleeplessbeastie.eu/2023/03/31/how-to-display-basic-computer-information-using-dmi-table-decoder/\" rel=\"nofollow\"\u003eHow to display basic computer information using DMI table decoder\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/gpart-cheatsheet-wiping-drives-partitioning-formating.45411\" rel=\"nofollow\"\u003eGpart CheatSheet - wiping drives, partitioning, \u0026amp; formating\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://xahlee.info/UnixResource_dir/writ/unix_origin_of_dot_filename.html\" rel=\"nofollow\"\u003eRob Pike on the Origin of Unix Dot File Names\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eHackerstations\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://hackerstations.com/setups/mike_mcquaid/\" rel=\"nofollow\"\u003eMike McQuaid\u0026#39;s clean, ergonomic setup in Edinburgh, Scotland\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackerstations.com/setups/daniel_stenberg/\" rel=\"nofollow\"\u003eDaniel Stenberg and the home of curl in Stockholm, Sweden\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230421124221\" rel=\"nofollow\"\u003eviogpu(4), a VirtIO GPU driver, added to -current\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230505054214\" rel=\"nofollow\"\u003eOpenBGPD 8.0 released\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230507122935\" rel=\"nofollow\"\u003ecron(8) now supports random ranges with steps\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230417074903\" rel=\"nofollow\"\u003emalloc leak detection available in -current\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20230430051250\" rel=\"nofollow\"\u003evmd(8) moves to a multi-process model\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Leveraging OpenZFS to Build Your Own Storage Appliance, Install OpenBSD as a VM, Set up your own CalDAV and CardDAV servers on OpenBSD, display basic computer information using DMI table decoder, Gpart CheatSheet, Rob Pike on the Origin of Unix Dot File Names, and more","date_published":"2023-06-01T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6676cfbb-7251-455d-846c-94eb3e6e5c32.mp3","mime_type":"audio/mpeg","size_in_bytes":39585792,"duration_in_seconds":2474}]},{"id":"def7d8d8-31e8-4874-bbe5-dd25729dd001","title":"508: Foundational Proceedings","url":"https://www.bsdnow.tv/508","content_text":"FreeBSD Foundation Welcomes New Team Members, OpenZFS the Ideal Storage Solution for University Environments, SCaLE20X Conference Report, 916 days of Emacs, XTerm: It's Better Than You Thought, NetBSD Annual General Meeting 2023, and more\n\nNOTES**\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Foundation Welcomes New Team Members\n\n\n\nWhat Makes OpenZFS the Ideal Storage Solution for University Environments\n\n\n\nNews Roundup\n\nSCaLE20X Conference Report\n\n\n\n916 days of Emacs\n\n\n\nXTerm: It's Better Than You Thought\n\n\n\nNetBSD AGM2023: Annual General Meeting, May 13, 21:00 UTC\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAdrian - Tilde\nDan - Root Shell\nFlorian - Salt Extension\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Foundation Welcomes New Team Members, OpenZFS the Ideal Storage Solution for University Environments, SCaLE20X Conference Report, 916 days of Emacs, XTerm: It\u0026#39;s Better Than You Thought, NetBSD Annual General Meeting 2023, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cem\u003eNOTES\u003c/em\u003e**\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-foundation-welcomes-new-team-members/\" rel=\"nofollow\"\u003eFreeBSD Foundation Welcomes New Team Members\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-what-makes-openzfs-the-ideal-storage-solution-for-university-environments//\" rel=\"nofollow\"\u003eWhat Makes OpenZFS the Ideal Storage Solution for University Environments\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/scale20x-conference-report/\" rel=\"nofollow\"\u003eSCaLE20X Conference Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sqrtminusone.xyz/posts/2023-04-13-emacs/\" rel=\"nofollow\"\u003e916 days of Emacs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://aduros.com/blog/xterm-its-better-than-you-thought/\" rel=\"nofollow\"\u003eXTerm: It\u0026#39;s Better Than You Thought\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-announce/2023/05/05/msg000348.html\" rel=\"nofollow\"\u003eNetBSD AGM2023: Annual General Meeting, May 13, 21:00 UTC\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/508/feedback/Adrian%20-%20Tilde.md\" rel=\"nofollow\"\u003eAdrian - Tilde\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/508/feedback/Dan%20-%20Root%20Shell.md\" rel=\"nofollow\"\u003eDan - Root Shell\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/508/feedback/Florian%20-%20Salt%20Extension.md\" rel=\"nofollow\"\u003eFlorian - Salt Extension\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Foundation Welcomes New Team Members, OpenZFS the Ideal Storage Solution for University Environments, SCaLE20X Conference Report, 916 days of Emacs, XTerm: It's Better Than You Thought, NetBSD Annual General Meeting 2023, and more","date_published":"2023-05-25T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/def7d8d8-31e8-4874-bbe5-dd25729dd001.mp3","mime_type":"audio/mpeg","size_in_bytes":39443712,"duration_in_seconds":2465}]},{"id":"188e3b3f-dc07-43ba-aa49-de8223858ead","title":"507: Michael W. Lucas Interview","url":"https://www.bsdnow.tv/507","content_text":"Author Michael W. Lucas joins us in this interview to talk about his latest book projects. Find out what he’s up to regarding mail servers, conferences, his views on ChatGPT, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nInterview - Michael W. Lucas - mwl@mwl.io\n\nOpenBSD Mastery Filesystems\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\nSpecial Guest: Michael W Lucas.","content_html":"\u003cp\u003eAuthor Michael W. Lucas joins us in this interview to talk about his latest book projects. Find out what he’s up to regarding mail servers, conferences, his views on ChatGPT, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview - Michael W. Lucas - \u003ca href=\"mailto:mwl@mwl.io\" rel=\"nofollow\"\u003emwl@mwl.io\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD Mastery Filesystems\u003c/p\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003e- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\u003cp\u003eSpecial Guest: Michael W Lucas.\u003c/p\u003e","summary":"Author Michael W. Lucas joins us in this interview to talk about his latest book projects. Find out what he’s up to regarding mail servers, conferences, his views on ChatGPT, and more.","date_published":"2023-05-18T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/188e3b3f-dc07-43ba-aa49-de8223858ead.mp3","mime_type":"audio/mpeg","size_in_bytes":56347776,"duration_in_seconds":3521}]},{"id":"a130428b-d80d-45a3-a07b-e7b6ce4b3565","title":"506: A greener BSD","url":"https://www.bsdnow.tv/506","content_text":"Comparing Modern Open-Source Storage Solutions, FreeBSD Q1 Status Report, Hello Systems 0.8.1 Release, OpenBSD: Managing an inverter/converter with NUT, Tips for Running a Greener FreeBSD, BSDCAN Registration open\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nComparing Modern Open-Source Storage Solutions OpenZFS vs. The Rest\n\n\n\nFreeBSD Q1 Status Report\n\n\n\nNews Roundup\n\nHello Systems 0.8.1 Release\n\n\n\nOpenBSD: Managing an inverter/converter with NUT\n\n\n\nCelebrating Earth Day: Tips for Running a Greener FreeBSD\n\n\n\nBSDCAN Registration\n\n\n\nBeastie Bits\n\n• [SimCity 2000 running on OpenBSD 7.3 via DOSBox 0.74-3](https://www.reddit.com/r/openbsd_gaming/comments/12k9zt2/simcity_2000_running_on_openbsd_73_via_dosbox_0743/)\n• [OpenBSD Webzine #13](https://webzine.puffy.cafe/issue-13.html)\n• [AWS Gazo bot](https://github.com/csaltos/aws-gazo-bot)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eComparing Modern Open-Source Storage Solutions, FreeBSD Q1 Status Report, Hello Systems 0.8.1 Release, OpenBSD: Managing an inverter/converter with NUT, Tips for Running a Greener FreeBSD, BSDCAN Registration open\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-comparing-modern-open-source-storage-solutions/\" rel=\"nofollow\"\u003eComparing Modern Open-Source Storage Solutions OpenZFS vs. The Rest\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2023-01-2023-03/\" rel=\"nofollow\"\u003eFreeBSD Q1 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/helloSystem/ISO/releases/tag/r0.8.1\" rel=\"nofollow\"\u003eHello Systems 0.8.1 Release\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://doc.huc.fr.eu.org/en/sys/openbsd/nut/\" rel=\"nofollow\"\u003eOpenBSD: Managing an inverter/converter with NUT\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/celebrating-earth-day-tips-for-running-a-greener-freebsd/\" rel=\"nofollow\"\u003eCelebrating Earth Day: Tips for Running a Greener FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2023/registration.php\" rel=\"nofollow\"\u003eBSDCAN Registration\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [SimCity 2000 running on OpenBSD 7.3 via DOSBox 0.74-3](https://www.reddit.com/r/openbsd_gaming/comments/12k9zt2/simcity_2000_running_on_openbsd_73_via_dosbox_0743/)\n• [OpenBSD Webzine #13](https://webzine.puffy.cafe/issue-13.html)\n• [AWS Gazo bot](https://github.com/csaltos/aws-gazo-bot)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Comparing Modern Open-Source Storage Solutions, FreeBSD Q1 Status Report, Hello Systems 0.8.1 Release, OpenBSD: Managing an inverter/converter with NUT, Tips for Running a Greener FreeBSD, BSDCAN Registration open","date_published":"2023-05-11T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a130428b-d80d-45a3-a07b-e7b6ce4b3565.mp3","mime_type":"audio/mpeg","size_in_bytes":20222232,"duration_in_seconds":1924}]},{"id":"8f610dd8-0956-4f99-a9a6-e8c04036ad85","title":"505:  BSD Desktop Setup","url":"https://www.bsdnow.tv/505","content_text":"OpenBSD 7.3 released, Accelerating Datacenter Energy Efficiency by Leveraging FreeBSD as Your Server OS, install Cinnamon as a Desktop environment, xmonad FreeBSD set up from scratch, Burgr books in your terminal, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD 7.3 released\n\n\n\nBSDCan 2023 Schedule posted\n\n\n\nAccelerating Datacenter Energy Efficiency by Leveraging FreeBSD as Your Server OS\n\n\n\nNews Roundup\n\nFreeBSD – How to install Cinnamon as a Desktop environment\n\n\n\nxmonad FreeBSD set up from scratch\n\n\n\nBurgr books in your terminal\n\n\n\nPros and Cons of FreeBSD for virtual Servers\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nReese - Dans Interview\njj - looking for help\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenBSD 7.3 released, Accelerating Datacenter Energy Efficiency by Leveraging FreeBSD as Your Server OS, install Cinnamon as a Desktop environment, xmonad FreeBSD set up from scratch, Burgr books in your terminal, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230410140049\" rel=\"nofollow\"\u003eOpenBSD 7.3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/events/bsdcan_2023/schedule/\" rel=\"nofollow\"\u003eBSDCan 2023 Schedule posted\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/accelerating-datacenter-energy-efficiency-by-leveraging-freebsd-as-your-server-os/\" rel=\"nofollow\"\u003eAccelerating Datacenter Energy Efficiency by Leveraging FreeBSD as Your Server OS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte-sized.de/linux-unix/freebsd-cinnamon-als-gui-installieren/#english\" rel=\"nofollow\"\u003eFreeBSD – How to install Cinnamon as a Desktop environment\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/xmonad-freebsd-set-up-from-scratch.75911/\" rel=\"nofollow\"\u003exmonad FreeBSD set up from scratch\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blubsblog.bearblog.dev/burgr-books-in-your-terminal/\" rel=\"nofollow\"\u003eBurgr books in your terminal\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.hostzealot.com/blog/about-vps/pros-and-cons-of-freebsd-for-virtual-servers\" rel=\"nofollow\"\u003ePros and Cons of FreeBSD for virtual Servers\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/505/feedback/Reese%20-%20Dans%20Interview.md\" rel=\"nofollow\"\u003eReese - Dans Interview\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/505/feedback/jj%20-%20looking%20for%20help.md\" rel=\"nofollow\"\u003ejj - looking for help\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD 7.3 released, Accelerating Datacenter Energy Efficiency by Leveraging FreeBSD as Your Server OS, install Cinnamon as a Desktop environment, xmonad FreeBSD set up from scratch, Burgr books in your terminal, and more","date_published":"2023-05-04T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8f610dd8-0956-4f99-a9a6-e8c04036ad85.mp3","mime_type":"audio/mpeg","size_in_bytes":28271616,"duration_in_seconds":1766}]},{"id":"2d02bfb1-4e33-4be1-8424-a707ddbeac55","title":"504: Release the BSD","url":"https://www.bsdnow.tv/504","content_text":"FreeBSD 13.2 Release, Using DTrace to find block sizes of ZFS, NFS, and iSCSI, Midnight BSD 3.0.1, Closing a stale SSH connection, How to automatically add identity to the SSH authentication agent, Pros and Cons of FreeBSD for virtual Servers, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD 13.2 Release Announcement\n\n\n\nUsing DTrace to find block sizes of ZFS, NFS, and iSCSI\n\n\n\nNews Roundup\n\nMidnight BSD 3.0.1\n\n\n\nClosing a stale SSH connection\n\n\n\nHow to automatically add identity to the SSH authentication agent\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDan - ZFS question\nMatt - Thanks\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD 13.2 Release, Using DTrace to find block sizes of ZFS, NFS, and iSCSI, Midnight BSD 3.0.1, Closing a stale SSH connection, How to automatically add identity to the SSH authentication agent, Pros and Cons of FreeBSD for virtual Servers, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/13.2R/announce/\" rel=\"nofollow\"\u003eFreeBSD 13.2 Release Announcement\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://axcient.com/blog/using-dtrace-to-find-block-sizes-of-zfs-nfs-and-iscsi/\" rel=\"nofollow\"\u003eUsing DTrace to find block sizes of ZFS, NFS, and iSCSI\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/news/MidnightBSD-3.0.1\" rel=\"nofollow\"\u003eMidnight BSD 3.0.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://davidisaksson.dev/posts/closing-stale-ssh-connections/\" rel=\"nofollow\"\u003eClosing a stale SSH connection\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sleeplessbeastie.eu/2023/04/10/how-to-automatically-add-identity-to-the-ssh-authentication-agent/\" rel=\"nofollow\"\u003eHow to automatically add identity to the SSH authentication agent\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/504/feedback/Dan%20-%20ZFS%20question.md\" rel=\"nofollow\"\u003eDan - ZFS question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/504/feedback/Matt%20-%20Thanks.md\" rel=\"nofollow\"\u003eMatt - Thanks\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 13.2 Release, Using DTrace to find block sizes of ZFS, NFS, and iSCSI, Midnight BSD 3.0.1, Closing a stale SSH connection, How to automatically add identity to the SSH authentication agent, Pros and Cons of FreeBSD for virtual Servers, and more","date_published":"2023-04-27T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2d02bfb1-4e33-4be1-8424-a707ddbeac55.mp3","mime_type":"audio/mpeg","size_in_bytes":34665600,"duration_in_seconds":2166}]},{"id":"4e4d0c93-21ee-44e3-9255-c64e7772ac5e","title":"503: Fast Unix Commands","url":"https://www.bsdnow.tv/503","content_text":"ZFS Optimization Success Stories, Linux Namespaces Are a Poor Man's Plan 9 Namespaces, better support for SSH host certificates, Fast Unix Commands, Fascination with AWK, and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nZFS Optimization Success Stories\n\n\n\nLinux Namespaces Are a Poor Man's Plan 9 Namespaces\n\n\n\nNews Roundup\n\nWe need better support for SSH host certificates\n\n\n\nFast Unix Commands\n\n\n\nFascination with AWK\n\n\n\nBeastie Bits\n\n\n[Development environment updated and working])https://twitter.com/sweordbora/status/1618603990463438851?s=52\u0026amp;t=GHrPlL6qZhIWo6u2Y5ie3g)\n[WIP] feat: add basic FreeBSD support on Kubelet](https://github.com/kubernetes/kubernetes/pull/115870)\nJar of Fortunes\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n","content_html":"\u003cp\u003eZFS Optimization Success Stories, Linux Namespaces Are a Poor Man\u0026#39;s Plan 9 Namespaces, better support for SSH host certificates, Fast Unix Commands, Fascination with AWK, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/zfs-optimization-success-stories/\" rel=\"nofollow\"\u003eZFS Optimization Success Stories\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://yotam.net/posts/linux-namespaces-are-a-poor-mans-plan9-namespaces/\" rel=\"nofollow\"\u003eLinux Namespaces Are a Poor Man\u0026#39;s Plan 9 Namespaces\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mjg59.dreamwidth.org/65874.html\" rel=\"nofollow\"\u003eWe need better support for SSH host certificates\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://alexsaveau.dev/blog/projects/performance/files/fuc/fast-unix-commands\" rel=\"nofollow\"\u003eFast Unix Commands\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://maximullaris.com/awk.html\" rel=\"nofollow\"\u003eFascination with AWK\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e[Development environment updated and working])\u003ca href=\"https://twitter.com/sweordbora/status/1618603990463438851?s=52\u0026t=GHrPlL6qZhIWo6u2Y5ie3g\" rel=\"nofollow\"\u003ehttps://twitter.com/sweordbora/status/1618603990463438851?s=52\u0026amp;t=GHrPlL6qZhIWo6u2Y5ie3g\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[WIP] feat: add basic FreeBSD support on Kubelet](\u003ca href=\"https://github.com/kubernetes/kubernetes/pull/115870\" rel=\"nofollow\"\u003ehttps://github.com/kubernetes/kubernetes/pull/115870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://fortunes.cat-v.org/\" rel=\"nofollow\"\u003eJar of Fortunes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003e- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e","summary":"ZFS Optimization Success Stories, Linux Namespaces Are a Poor Man's Plan 9 Namespaces, better support for SSH host certificates, Fast Unix Commands, Fascination with AWK, and more","date_published":"2023-04-20T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4e4d0c93-21ee-44e3-9255-c64e7772ac5e.mp3","mime_type":"audio/mpeg","size_in_bytes":35430144,"duration_in_seconds":2214}]},{"id":"f36dbdc3-d907-4d0e-8ee2-4b83780799cb","title":"502: Ping from Hell","url":"https://www.bsdnow.tv/502","content_text":"5 Key reasons for a OpenZFS Performance Audit, The Ping from Hell, OpenBGPD 7.9 released, Setting the clock ahead to see what breaks, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n5 Key reasons why you need a OpenZFS Performance Audit\n\n\n\nMusings on Mobility : The Ping from Hell\n\n\n\nNews Roundup\n\nOpenBGPD 7.9 released\n\n\n\nSetting the clock ahead to see what breaks\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nEsteban - pot\nTim - BSD Talk at SCALE\nFred - Networking\n\n\n\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n","content_html":"\u003cp\u003e5 Key reasons for a OpenZFS Performance Audit, The Ping from Hell, OpenBGPD 7.9 released, Setting the clock ahead to see what breaks, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/5-key-reasons-why-you-need-an-openzfs-performance-audit/\" rel=\"nofollow\"\u003e5 Key reasons why you need a OpenZFS Performance Audit\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bastian.rieck.me/blog/posts/2023/mobility/\" rel=\"nofollow\"\u003eMusings on Mobility : The Ping from Hell\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230323152353\" rel=\"nofollow\"\u003eOpenBGPD 7.9 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rachelbythebay.com/w/2023/01/19/time/\" rel=\"nofollow\"\u003eSetting the clock ahead to see what breaks\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/502/feedback/Esteban%20-%20pot.md\" rel=\"nofollow\"\u003eEsteban - pot\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/502/feedback/Tim%20-%20BSD%20Talk%20at%20SCALE.md\" rel=\"nofollow\"\u003eTim - BSD Talk at SCALE\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/502/feedback/Fred%20-%20Networking.md\" rel=\"nofollow\"\u003eFred - Networking\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003e- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e","summary":"5 Key reasons for a OpenZFS Performance Audit, The Ping from Hell, OpenBGPD 7.9 released, Setting the clock ahead to see what breaks, and more","date_published":"2023-04-13T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f36dbdc3-d907-4d0e-8ee2-4b83780799cb.mp3","mime_type":"audio/mpeg","size_in_bytes":34267776,"duration_in_seconds":2141}]},{"id":"d498dc0c-a1f0-4c32-b783-7a39bbafa43a","title":"501: Boot that Snapshot","url":"https://www.bsdnow.tv/501","content_text":"Nextcloud + OpenBSD = \u0026lt;3, Understanding the Origins of DTrace, Bastille Templates for FreeBSD Jails, Initial support for guided disk encryption in the OpenBSD installer, Dynamic host configuration please, OpenBSD Storage Management tutorial at BSDCan 2023, Jan/Feb 2023 Column Out in the FreeBSD Journal, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nNextcloud + OpenBSD = \u0026lt;3\n\n\n\nFreeBSD History Series - Understanding the Origins of DTrace\n\n\n\nNews Roundup\n\nBastille Templates for FreeBSD Jails\n\n\n\nInitial support for guided disk encryption in the installer\n\n\n\nDynamic host configuration, please\n\n\n\nBSDCan 2023 Tutorial: OpenBSD Storage Management\n\n\n\nJan/Feb 2023 Column Out in the FreeBSD Journal\n\n\n\nloader: Add support for booting from a ZFS snapshot\n\n\n\nTarsnap\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n","content_html":"\u003cp\u003eNextcloud + OpenBSD = \u0026lt;3, Understanding the Origins of DTrace, Bastille Templates for FreeBSD Jails, Initial support for guided disk encryption in the OpenBSD installer, Dynamic host configuration please, OpenBSD Storage Management tutorial at BSDCan 2023, Jan/Feb 2023 Column Out in the FreeBSD Journal, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://x61.sh/log/2023/02/20230217T112354-nextcloud_openbsd.html\" rel=\"nofollow\"\u003eNextcloud + OpenBSD = \u0026lt;3\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-history-understanding-the-origins-of-dtrace/\" rel=\"nofollow\"\u003eFreeBSD History Series - Understanding the Origins of DTrace\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte--sized-de.translate.goog/linux-unix/bastille-templates-fuer-freebsd-jails/?_x_tr_sl=de\u0026_x_tr_tl=en\u0026_x_tr_hl=en\u0026_x_tr_pto=wapp\" rel=\"nofollow\"\u003eBastille Templates for FreeBSD Jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230308063109\" rel=\"nofollow\"\u003eInitial support for guided disk encryption in the installer\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230308060219\" rel=\"nofollow\"\u003eDynamic host configuration, please\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/22621\" rel=\"nofollow\"\u003eBSDCan 2023 Tutorial: OpenBSD Storage Management\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/22619\" rel=\"nofollow\"\u003eJan/Feb 2023 Column Out in the FreeBSD Journal\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cgit.freebsd.org/src/commit/?id=a849842f510af48717e35ff709623e0dd1b80b20\" rel=\"nofollow\"\u003eloader: Add support for booting from a ZFS snapshot\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e","summary":"Nextcloud + OpenBSD = \u003c3, Understanding the Origins of DTrace, Bastille Templates for FreeBSD Jails, Initial support for guided disk encryption in the OpenBSD installer, Dynamic host configuration please, OpenBSD Storage Management tutorial at BSDCan 2023, Jan/Feb 2023 Column Out in the FreeBSD Journal, and more","date_published":"2023-04-06T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d498dc0c-a1f0-4c32-b783-7a39bbafa43a.mp3","mime_type":"audio/mpeg","size_in_bytes":36514176,"duration_in_seconds":2282}]},{"id":"f813165b-a60b-4d4c-80fa-910b048b3dba","title":"500: Guarding the Wire","url":"https://www.bsdnow.tv/500","content_text":"Wireguard VPN Server with Unbound on OpenBSD, Auditing for OpenZFS Storage Performance, OpenBSD 7.2 on a Thinkpad X201, Practical Guides to fzf, Replacing postfix with dma, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nHow To Set Up a Wireguard VPN Server with Unbound on OpenBSD\n\n\n\nAuditing for OpenZFS Storage Performance\n\n\n\nNews Roundup\n\nSome notes on OpenBSD 7.2 on a Thinkpad X201\n\n\n\nfzf\n\n\nA Practical Guide to fzf: Building a File Explorer\nA Practical Guide to fzf: Shell Integration\n\n***\n\n\nReplacing postfix with dma\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDennis - Thanks\nLuna - Trillian\nLyubomir - ipfw question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWireguard VPN Server with Unbound on OpenBSD, Auditing for OpenZFS Storage Performance, OpenBSD 7.2 on a Thinkpad X201, Practical Guides to fzf, Replacing postfix with dma, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marcocetica.com/posts/wireguard_openbsd/\" rel=\"nofollow\"\u003eHow To Set Up a Wireguard VPN Server with Unbound on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-auditing-for-storage-performance/\" rel=\"nofollow\"\u003eAuditing for OpenZFS Storage Performance\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://box.matto.nl/some-notes-on-openbsd-72-on-a-thinkpad-x201.html\" rel=\"nofollow\"\u003eSome notes on OpenBSD 7.2 on a Thinkpad X201\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003efzf\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://thevaluable.dev/practical-guide-fzf-example/\" rel=\"nofollow\"\u003eA Practical Guide to fzf: Building a File Explorer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://thevaluable.dev/fzf-shell-integration/\" rel=\"nofollow\"\u003eA Practical Guide to fzf: Shell Integration\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2023/02/28/replacing-postfix-with-dma/\" rel=\"nofollow\"\u003eReplacing postfix with dma\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/500/feedback/Dennis%20-%20Thanks.md\" rel=\"nofollow\"\u003eDennis - Thanks\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/500/feedback/Luna%20-%20trillian.md\" rel=\"nofollow\"\u003eLuna - Trillian\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/500/feedback/Lyubomir%20-%20ipfw%20question.md\" rel=\"nofollow\"\u003eLyubomir - ipfw question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Wireguard VPN Server with Unbound on OpenBSD, Auditing for OpenZFS Storage Performance, OpenBSD 7.2 on a Thinkpad X201, Practical Guides to fzf, Replacing postfix with dma, and more","date_published":"2023-03-30T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f813165b-a60b-4d4c-80fa-910b048b3dba.mp3","mime_type":"audio/mpeg","size_in_bytes":34851456,"duration_in_seconds":2178}]},{"id":"b57b3e71-4395-4296-98ea-9eea94bffd1a","title":"499: Dan Langille Interview","url":"https://www.bsdnow.tv/499","content_text":"We’re interviewing Dan Langille about his new server project. He’ll talk to us about the things he’s building, some of which are a bit out of the ordinary. We’re also talking about BSDCan 2023 and what to expect after returning to an in-presence conference format. Enjoy!\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nInterview - Dan Langille - dan@langille.org / @twitter\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSpecial Guest: Dan Langille.","content_html":"\u003cp\u003eWe’re interviewing Dan Langille about his new server project. He’ll talk to us about the things he’s building, some of which are a bit out of the ordinary. We’re also talking about BSDCan 2023 and what to expect after returning to an in-presence conference format. Enjoy!\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview - Dan Langille - \u003ca href=\"mailto:dan@langille.org\" rel=\"nofollow\"\u003edan@langille.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/dlangille\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Dan Langille.\u003c/p\u003e","summary":"We’re interviewing Dan Langille about his new server project. He’ll talk to us about the things he’s building, some of which are a bit out of the ordinary. We’re also talking about BSDCan 2023 and what to expect after returning to an in-presence conference format. Enjoy!","date_published":"2023-03-23T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b57b3e71-4395-4296-98ea-9eea94bffd1a.mp3","mime_type":"audio/mpeg","size_in_bytes":38735616,"duration_in_seconds":2420}]},{"id":"34def0f7-bb67-4f62-a94c-6ff7ac8576f9","title":"498: Dropping Privileges","url":"https://www.bsdnow.tv/498","content_text":"OpenZFS auditing for storage Performance, Privilege drop; privilege separation; and restricted-service operating mode in OpenBSD, OPNsense 23.1.1 release, Cloning a System with Ansible, FOSDEM 2023, BSDCan 2023 Travel Grants\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenZFS auditing for storage Performance\n\n\n\nPrivilege drop, privilege separation, and restricted-service operating mode in OpenBSD\n\n\n\nNews Roundup\n\nOPNsense 23.1.1 released\n\n\n\nCloning a System with Ansible\n\n\n\nFOSDEM 2023\n\n\n\nBSDCan 2023 Travel Grant Application Now Open\n\n\n\nThe Undeadly Bits\n\nGame of Trees milestone\nGame of Trees Daemon - video and slides (May make the older game of trees obsolete)\namd64 execute-only committed to -current\nUsing /bin/eject with USB flash drives\nTunneling vxlan(4) over WireGuard wg(4)\nConsole screendumps\nExecute-only status report\nOpenBSD in Canada\nPrivilege drop, privilege separation, and restricted-service operating mode in OpenBSD\nTheo de Raadt on pinsyscall(2)\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nKevin - PLUG\nLuna - FOSDEM\n***\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n\n","content_html":"\u003cp\u003eOpenZFS auditing for storage Performance, Privilege drop; privilege separation; and restricted-service operating mode in OpenBSD, OPNsense 23.1.1 release, Cloning a System with Ansible, FOSDEM 2023, BSDCan 2023 Travel Grants\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-auditing-for-storage-performance/\" rel=\"nofollow\"\u003eOpenZFS auditing for storage Performance\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sha256.net/privsep.html\" rel=\"nofollow\"\u003ePrivilege drop, privilege separation, and restricted-service operating mode in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=32484.0\" rel=\"nofollow\"\u003eOPNsense 23.1.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kernelpanic.life/software/cloning-a-system-with-ansible.html\" rel=\"nofollow\"\u003eCloning a System with Ansible\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/fosdem_2023\" rel=\"nofollow\"\u003eFOSDEM 2023\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/bsdcan-2023-travel-grant-application-now-open/\" rel=\"nofollow\"\u003eBSDCan 2023 Travel Grant Application Now Open\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eThe Undeadly Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230120073530\" rel=\"nofollow\"\u003eGame of Trees milestone\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230210065830\" rel=\"nofollow\"\u003eGame of Trees Daemon - video and slides (May make the older game of trees obsolete)\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230121125423\" rel=\"nofollow\"\u003eamd64 execute-only committed to -current\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230214061952\" rel=\"nofollow\"\u003eUsing /bin/eject with USB flash drives\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230214061330\" rel=\"nofollow\"\u003eTunneling vxlan(4) over WireGuard wg(4)\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230128183032\" rel=\"nofollow\"\u003eConsole screendumps\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230130061324\" rel=\"nofollow\"\u003eExecute-only status report\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230226065006\" rel=\"nofollow\"\u003eOpenBSD in Canada\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230219234206\" rel=\"nofollow\"\u003ePrivilege drop, privilege separation, and restricted-service operating mode in OpenBSD\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230222064027\" rel=\"nofollow\"\u003eTheo de Raadt on pinsyscall(2)\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/498/feedback/Kevin%20-%20PLUG.md\" rel=\"nofollow\"\u003eKevin - PLUG\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/498/feedback/Luna%20-%20FOSDEM.md\" rel=\"nofollow\"\u003eLuna - FOSDEM\u003c/a\u003e\n***\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenZFS auditing for storage Performance, Privilege drop; privilege separation; and restricted-service operating mode in OpenBSD, OPNsense 23.1.1 release, Cloning a System with Ansible, FOSDEM 2023, BSDCan 2023 Travel Grants","date_published":"2023-03-16T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/34def0f7-bb67-4f62-a94c-6ff7ac8576f9.mp3","mime_type":"audio/mpeg","size_in_bytes":41248128,"duration_in_seconds":2578}]},{"id":"ce12be7b-8931-4d43-be2e-6260b5a41aff","title":"497: Random Relinking SSHD","url":"https://www.bsdnow.tv/497","content_text":"How to Catch a Bitcoin Miner, A Call For More Collaboration, zstd updates, hating hackathons, How to monitor multiple log files at once, KeePassXC, sshd random relinking at boot, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nSysadmin Series - How to Catch a Bitcoin Miner\n\n\n\nA Call For More Collaboration \u0026amp; Harmony Among BSD Hardware Drivers\n\n• [Slides](https://fosdem.org/2023/schedule/event/bsd_driver_harmony/attachments/slides/5976/export/events/attachments/bsd_driver_harmony/slides/5976/BSD_Driver_Harmony_FOSDEM.pdf)\n• Video is embedded on the schedule event page\n\n\n\n\nPrinting on FreeBSD\n\n\n\nNews Roundup\n\nzstd updates\n\n\n\nI hate hackathons\n\n\n\nHow to monitor multiple log files at once\n\n\n\nNotes to self: KeePassXC\n\n\n\nsshd random relinking at boot\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nNelson - aix.md\nAdrian - vbsdcon\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eHow to Catch a Bitcoin Miner, A Call For More Collaboration, zstd updates, hating hackathons, How to monitor multiple log files at once, KeePassXC, sshd random relinking at boot, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/sysadmin-series-how-to-catch-a-bitcoin-miner/\" rel=\"nofollow\"\u003eSysadmin Series - How to Catch a Bitcoin Miner\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fosdem.org/2023/schedule/event/bsd_driver_harmony/\" rel=\"nofollow\"\u003eA Call For More Collaboration \u0026amp; Harmony Among BSD Hardware Drivers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Slides](https://fosdem.org/2023/schedule/event/bsd_driver_harmony/attachments/slides/5976/export/events/attachments/bsd_driver_harmony/slides/5976/BSD_Driver_Harmony_FOSDEM.pdf)\n• Video is embedded on the schedule event page\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vermaden.wordpress.com/2023/02/07/print-on-freebsd/\" rel=\"nofollow\"\u003ePrinting on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/facebook/zstd/releases/tag/v1.5.4\" rel=\"nofollow\"\u003ezstd updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://pgpt.substack.com/p/i-hate-hackathons\" rel=\"nofollow\"\u003eI hate hackathons\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sleeplessbeastie.eu/2023/02/01/how-to-monitor-multiple-log-files-at-once/\" rel=\"nofollow\"\u003eHow to monitor multiple log files at once\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jpmens.net/2023/01/22/notes-to-self-keepassxc/\" rel=\"nofollow\"\u003eNotes to self: KeePassXC\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20230119075627\" rel=\"nofollow\"\u003esshd random relinking at boot\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/497/feedback/Nelson%20-%20aix.md\" rel=\"nofollow\"\u003eNelson - aix.md\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/497/feedback/Adrian%20-%20vbsdcon.md\" rel=\"nofollow\"\u003eAdrian - vbsdcon\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"How to Catch a Bitcoin Miner, A Call For More Collaboration, zstd updates, hating hackathons, How to monitor multiple log files at once, KeePassXC, sshd random relinking at boot, and more","date_published":"2023-03-09T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ce12be7b-8931-4d43-be2e-6260b5a41aff.mp3","mime_type":"audio/mpeg","size_in_bytes":40798848,"duration_in_seconds":2549}]},{"id":"2c0b464e-375e-42af-b44a-62ca75b4b31a","title":"496: Hacking the CLI","url":"https://www.bsdnow.tv/496","content_text":"Automation and Hacking Your FreeBSD CLI, Run your own instant messaging service on FreeBSD, Watch Netflix on FreeBSD, HardenedBSD January 2023 Status Report, How To Set Up SSH Keys With YubiKey as two-factor authentication, OpenSSH fixes double-free memory bug that’s pokable over the network, A late announcement, but better late than never, Next NYC*BUG and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nAutomation and Hacking Your FreeBSD CLI\n\n\n\nRun your own instant messaging service on FreeBSD\n\n\n\nNews Roundup\n\nWatch Netflix on FreeBSD\n\n\n\nHardenedBSD January 2023 Status Report\n\n\n\nHow To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)\n\n\n\nOpenSSH fixes double-free memory bug that’s pokable over the network\n\n\n\nA late announcement, but better late than never\n\n\n\nNext NYC*BUG: March? April? Certainly May!\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDaniel - Plan 9 lives\nJason - nvd driver\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eAutomation and Hacking Your FreeBSD CLI, Run your own instant messaging service on FreeBSD, Watch Netflix on FreeBSD, HardenedBSD January 2023 Status Report, How To Set Up SSH Keys With YubiKey as two-factor authentication, OpenSSH fixes double-free memory bug that’s pokable over the network, A late announcement, but better late than never, Next NYC*BUG and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/automation-and-hacking-your-freebsd-cli/\" rel=\"nofollow\"\u003eAutomation and Hacking Your FreeBSD CLI\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://xn--gckvb8fzb.com/run-your-own-instant-messaging-service-on-freebsd/\" rel=\"nofollow\"\u003eRun your own instant messaging service on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte--sized-de.translate.goog/linux-unix/netflix-auf-freebsd-schauen/?_x_tr_sl=de\u0026_x_tr_tl=en\u0026_x_tr_hl=en\u0026_x_tr_pto=wapp\" rel=\"nofollow\"\u003eWatch Netflix on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2023-01-31/hardenedbsd-january-2023-status-report\" rel=\"nofollow\"\u003eHardenedBSD January 2023 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/security/how-to-set-up-ssh-keys-with-yubikey-as-two-factor-authentication-u2f-fido2/\" rel=\"nofollow\"\u003eHow To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nakedsecurity.sophos.com/2023/02/03/openssh-fixes-double-free-memory-bug-thats-pokable-over-the-network/\" rel=\"nofollow\"\u003eOpenSSH fixes double-free memory bug that’s pokable over the network\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/chettrick/discobsd/releases/tag/DISCOBSD_2_0\" rel=\"nofollow\"\u003eA late announcement, but better late than never\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.nycbug.org:8443/pipermail/talk/2023-February/018550.html\" rel=\"nofollow\"\u003eNext NYC*BUG: March? April? Certainly May!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/496/feedback/Daniel%20-%20Plan%209%20lives.md\" rel=\"nofollow\"\u003eDaniel - Plan 9 lives\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/496/feedback/Jason%20-%20nvd%20driver.md\" rel=\"nofollow\"\u003eJason - nvd driver\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Automation and Hacking Your FreeBSD CLI, Run your own instant messaging service on FreeBSD, Watch Netflix on FreeBSD, HardenedBSD January 2023 Status Report, How To Set Up SSH Keys With YubiKey as two-factor authentication, OpenSSH fixes double-free memory bug that’s pokable over the network, A late announcement, but better late than never, Next NYC*BUG and more","date_published":"2023-03-02T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2c0b464e-375e-42af-b44a-62ca75b4b31a.mp3","mime_type":"audio/mpeg","size_in_bytes":43280256,"duration_in_seconds":2705}]},{"id":"3a14bc16-5c33-4eb2-970e-fba476718e64","title":"495: Limited Jail Time","url":"https://www.bsdnow.tv/495","content_text":"FreeBSD Status Report Fourth Quarter 2022, How to limit a jail, the parallel port, Hello System 0.8, Solbournes in space, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Status Report Fourth Quarter 2022\n\n\n\nHow to limit a jail\n\n\n\nNews Roundup\n\nThe parallel port\n\n\n\nHello System 0.8 is out\n\n\n\nSolbournes in space\n\n\n\nBeastie Bits\n\n\nCollecting notes for future “historians” was: Earliest UNIX Workstations?\nNew Open Position: FreeBSD Userland Software Developer\nThe One Lone Audiobook now exclusive on my store\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eFreeBSD Status Report Fourth Quarter 2022, How to limit a jail, the parallel port, Hello System 0.8, Solbournes in space, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2022-10-2022-12/\" rel=\"nofollow\"\u003eFreeBSD Status Report Fourth Quarter 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2023/01/16/how-to-limit-a-jail/\" rel=\"nofollow\"\u003eHow to limit a jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://computer.rip/2023-01-29-the-parallel-port.html\" rel=\"nofollow\"\u003eThe parallel port\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/helloSystem/ISO/releases/tag/r0.8.0\" rel=\"nofollow\"\u003eHello System 0.8 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://oldvcr.blogspot.com/2023/01/solbournes-in-space.html\" rel=\"nofollow\"\u003eSolbournes in space\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://minnie.tuhs.org/pipermail/tuhs/2023-January/027495.html\" rel=\"nofollow\"\u003eCollecting notes for future “historians” was: Earliest UNIX Workstations?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/new-open-position-freebsd-userland-software-developer/\" rel=\"nofollow\"\u003eNew Open Position: FreeBSD Userland Software Developer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/22539\" rel=\"nofollow\"\u003eThe One Lone Audiobook now exclusive on my store\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Status Report Fourth Quarter 2022, How to limit a jail, the parallel port, Hello System 0.8, Solbournes in space, and more","date_published":"2023-02-23T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3a14bc16-5c33-4eb2-970e-fba476718e64.mp3","mime_type":"audio/mpeg","size_in_bytes":29095680,"duration_in_seconds":1818}]},{"id":"b6bd08a9-8d1d-4bc9-8024-a8153fe7b304","title":"494: Unix workstation extinction","url":"https://www.bsdnow.tv/494","content_text":"Mass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe mass extinction of UNIX workstations\n\n\n\nwhoarethey: Determine Who Can Log In to an SSH Server\n\n\n\nNews Roundup\n\nFreeBSD vs. Linux 5 Factors When Considering FreeBSD vs. Linux: Packages\n\n\n\nA Visual Guide to SSH Tunnels: Local and Remote Port Forwarding\n\n\n\nHarvesting the Noise While it’s Fresh, Revisited\n\n\n\nBastille - The Jail Manager on FreeBSD\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eMass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.osnews.com/story/135605/the-mass-extinction-of-unix-workstations/\" rel=\"nofollow\"\u003eThe mass extinction of UNIX workstations\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.agwa.name/blog/post/whoarethey\" rel=\"nofollow\"\u003ewhoarethey: Determine Who Can Log In to an SSH Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-vs-linux-5-factors-when-considering-freebsd-vs-linux-package-management/\" rel=\"nofollow\"\u003eFreeBSD vs. Linux 5 Factors When Considering FreeBSD vs. Linux: Packages\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://iximiuz.com/en/posts/ssh-tunnels/\" rel=\"nofollow\"\u003eA Visual Guide to SSH Tunnels: Local and Remote Port Forwarding\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@peter.hansteen/harvesting-the-noise-while-its-fresh-revisited-3da1894cc8a7\" rel=\"nofollow\"\u003eHarvesting the Noise While it’s Fresh, Revisited\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte--sized-de.translate.goog/linux-unix/bastille-der-jail-manager-unter-freebsd/?_x_tr_sl=de\u0026_x_tr_tl=en\u0026_x_tr_hl=en\u0026_x_tr_pto=wapp\" rel=\"nofollow\"\u003eBastille - The Jail Manager on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Mass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more","date_published":"2023-02-16T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b6bd08a9-8d1d-4bc9-8024-a8153fe7b304.mp3","mime_type":"audio/mpeg","size_in_bytes":44895744,"duration_in_seconds":2805}]},{"id":"ef98d63f-3086-456f-9297-d17503684aec","title":"493: Dotfile Management","url":"https://www.bsdnow.tv/493","content_text":"Write Admin tools from Day One, Differentiating between Data Security and Data Integrity, 45 year-old Unix tool is finally getting an upgrade, OpenBSD 7.2 on an ODROID-HC4, Dotfiles Management, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWrite Admin tools from Day One\n\n\n\nDifferentiating between Data Security and Data Integrity\n\n\n\nNews Roundup\n\nThis 45 year-old Unix tool is finally getting an upgrade\n\n\n\nInstalling OpenBSD 7.2 on an ODROID-HC4\n\n\n\nDotfiles Management\n\n\n\nBeastie Bits\n\nFreeBSD Journal - November/December 2022 - Observability and Metrics\nHAMMER2 file system for NetBSD\nRunning OpenBSD 7.2 on your laptop is really hard (not)\nMinIO on OpenBSD 7.2: Install\nWireGuard VPN on OpenBSD\nA tool for glamorous shell scripts\nVisualize your git commits with a heat map in the terminal\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWrite Admin tools from Day One, Differentiating between Data Security and Data Integrity, 45 year-old Unix tool is finally getting an upgrade, OpenBSD 7.2 on an ODROID-HC4, Dotfiles Management, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://milwaukeemaven.blogspot.com/2022/08/write-admin-tools-from-day-one.html\" rel=\"nofollow\"\u003eWrite Admin tools from Day One\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-data-security-vs-integrity/\" rel=\"nofollow\"\u003eDifferentiating between Data Security and Data Integrity\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.techradar.com/news/45-year-old-unix-tool-finally-gets-an-upgrade\" rel=\"nofollow\"\u003eThis 45 year-old Unix tool is finally getting an upgrade\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2022/install-openbsd-odroid-hc4/\" rel=\"nofollow\"\u003eInstalling OpenBSD 7.2 on an ODROID-HC4\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mitxela.com/projects/dotfiles_management\" rel=\"nofollow\"\u003eDotfiles Management\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://freebsdfoundation.org/past-issues/observability-and-metrics/\" rel=\"nofollow\"\u003eFreeBSD Journal - November/December 2022 - Observability and Metrics\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/kusumi/netbsd_hammer2\" rel=\"nofollow\"\u003eHAMMER2 file system for NetBSD\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://sohcahtoa.org.uk/openbsd.html\" rel=\"nofollow\"\u003eRunning OpenBSD 7.2 on your laptop is really hard (not)\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://dev.to/nabbisen/minio-on-openbsd-72-install-3b3h\" rel=\"nofollow\"\u003eMinIO on OpenBSD 7.2: Install\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.adrianobarbosa.xyz/blog/openbsd-wireguard.html\" rel=\"nofollow\"\u003eWireGuard VPN on OpenBSD\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/charmbracelet/gum\" rel=\"nofollow\"\u003eA tool for glamorous shell scripts\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/james-stoup/heatwave\" rel=\"nofollow\"\u003eVisualize your git commits with a heat map in the terminal\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Write Admin tools from Day One, Differentiating between Data Security and Data Integrity, 45 year-old Unix tool is finally getting an upgrade, OpenBSD 7.2 on an ODROID-HC4, Dotfiles Management, and more","date_published":"2023-02-09T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ef98d63f-3086-456f-9297-d17503684aec.mp3","mime_type":"audio/mpeg","size_in_bytes":40797696,"duration_in_seconds":2549}]},{"id":"2bb426c2-2403-431d-8816-4a3cd7ce8662","title":"492: Feeling for NetBSD","url":"https://www.bsdnow.tv/492","content_text":"Writing your own operating system, Continuous Integration and Quality Assurance Update, feeling for the NetBSD community, Testing wanted: execute-only on amd64, GCC uses Modula-2 and Rust, do they work on OpenBSD, Unix is dead; long live Unix, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nPart 1: Writing your own operating system\n\n\n\n2022 in Review: Continuous Integration and Quality Assurance Update\n\n\n\nNews Roundup\n\nI feel for the NetBSD community\n\n\n\nTesting wanted: execute-only on amd64\n\n\n\nGCC now includes Modula-2 and Rust. Do they work on OpenBSD?\n\n\n\nUnix is dead. Long live Unix!\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n• [Kevin - Advent of Computing podcast covers BSD](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/492/feedback/Kevin%20-%20Advent%20of%20Computing%20podcast%20covers%20BSD.md)\n• [ilo - thanks](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/492/feedback/ilo%20-%20thanks.md)\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWriting your own operating system, Continuous Integration and Quality Assurance Update, feeling for the NetBSD community, Testing wanted: execute-only on amd64, GCC uses Modula-2 and Rust, do they work on OpenBSD, Unix is dead; long live Unix, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://o-oconnell.github.io/2023/01/12/p1os.html\" rel=\"nofollow\"\u003ePart 1: Writing your own operating system\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2022-in-review-continuous-integration-and-quality-assurance-update/\" rel=\"nofollow\"\u003e2022 in Review: Continuous Integration and Quality Assurance Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/i-feel-for-the-netbsd-community/\" rel=\"nofollow\"\u003eI feel for the NetBSD community\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20230115095258\" rel=\"nofollow\"\u003eTesting wanted: execute-only on amd64\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://briancallahan.net/blog/\" rel=\"nofollow\"\u003eGCC now includes Modula-2 and Rust. Do they work on OpenBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.theregister.com/2023/01/17/unix_is_dead/\" rel=\"nofollow\"\u003eUnix is dead. Long live Unix!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Kevin - Advent of Computing podcast covers BSD](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/492/feedback/Kevin%20-%20Advent%20of%20Computing%20podcast%20covers%20BSD.md)\n• [ilo - thanks](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/492/feedback/ilo%20-%20thanks.md)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Writing your own operating system, Continuous Integration and Quality Assurance Update, feeling for the NetBSD community, Testing wanted: execute-only on amd64, GCC uses Modula-2 and Rust, do they work on OpenBSD, Unix is dead; long live Unix, and more","date_published":"2023-02-02T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2bb426c2-2403-431d-8816-4a3cd7ce8662.mp3","mime_type":"audio/mpeg","size_in_bytes":37183104,"duration_in_seconds":2323}]},{"id":"26dff077-f214-46c7-9ba3-a577e3c443df","title":"491: Catch the Spammers","url":"https://www.bsdnow.tv/491","content_text":"Dragonfly BSD 6.4 is out, Running OpenZFS – Choosing Between FreeBSD and Linux, OpenBSD Mastery: Filesystems ebook leaks, catching 71% spam, crazy unix shell prompts, Linux Binary Compatibility: Ubuntu on FreeBSD, Reproducible Builds Summit Venice 2022, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDragonfly BSD 6.4 is out\n\n\n\nRunning OpenZFS – Choosing Between FreeBSD and Linux\n\n\n\nNews Roundup\n\n“OpenBSD Mastery: Filesystems” ebook leaking out\n\n\n\nCan Your Spam-eater Manage to Catch Seventy-one Percent Like This Other Service?\n\n\n\nCrazy unix shell prompts\n\n\n\nLinux Binary Compatibility: Ubuntu on FreeBSD\n\n\n\nReproducible Builds Summit Venice 2022\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nFelix - Managing Jails with ansible\nJohn Baldwin - bhyve networking setup article\nWelton - bhyve webadmin\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eDragonfly BSD 6.4 is out, Running OpenZFS – Choosing Between FreeBSD and Linux, OpenBSD Mastery: Filesystems ebook leaks, catching 71% spam, crazy unix shell prompts, Linux Binary Compatibility: Ubuntu on FreeBSD, Reproducible Builds Summit Venice 2022, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release64/\" rel=\"nofollow\"\u003eDragonfly BSD 6.4 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/running-openzfs-choosing-between-freebsd-and-linux/\" rel=\"nofollow\"\u003eRunning OpenZFS – Choosing Between FreeBSD and Linux\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/22462\" rel=\"nofollow\"\u003e“OpenBSD Mastery: Filesystems” ebook leaking out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdly.blogspot.com/2022/12/can-your-spam-eater-manage-to-catch.html\" rel=\"nofollow\"\u003eCan Your Spam-eater Manage to Catch Seventy-one Percent Like This Other Service?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.nycbug.org:8443/pipermail/semibug/2022-December/000775.html\" rel=\"nofollow\"\u003eCrazy unix shell prompts\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte--sized-de.translate.goog/linux-unix/linux-binary-compatibility-ubuntu-unter-freebsd/?_x_tr_sl=auto\u0026_x_tr_tl=en\u0026_x_tr_hl=en\u0026_x_tr_pto=wapp\" rel=\"nofollow\"\u003eLinux Binary Compatibility: Ubuntu on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/reproducible_builds_summit_venice_2022\" rel=\"nofollow\"\u003eReproducible Builds Summit Venice 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/491/feedback/Felix%20-%20Managing%20Jails%20with%20ansible.md\" rel=\"nofollow\"\u003eFelix - Managing Jails with ansible\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/491/feedback/John%20Baldwin%20-%20bhyve%20networking%20setup%20article.md\" rel=\"nofollow\"\u003eJohn Baldwin - bhyve networking setup article\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/491/feedback/Welton%20-%20bhyve%20webadmin.md\" rel=\"nofollow\"\u003eWelton - bhyve webadmin\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Dragonfly BSD 6.4 is out, Running OpenZFS – Choosing Between FreeBSD and Linux, OpenBSD Mastery: Filesystems ebook leaks, catching 71% spam, crazy unix shell prompts, Linux Binary Compatibility: Ubuntu on FreeBSD, Reproducible Builds Summit Venice 2022, and more","date_published":"2023-01-26T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/26dff077-f214-46c7-9ba3-a577e3c443df.mp3","mime_type":"audio/mpeg","size_in_bytes":40619520,"duration_in_seconds":2538}]},{"id":"ae658daa-12a6-4e03-b688-5970278fb273","title":"490: New Year’s Plan9’ing","url":"https://www.bsdnow.tv/490","content_text":"FreeBSD Foundation’s Software Development review of 2022, what can we learn from Vintage Computing, OpenBSD KDE Status Report 2022, a Decade of HardenedBSD, In Praise of Plan9, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n2022 in Review: Software Development\n\n\n\nWhat can we learn from Vintage Computing\n\n\n\nNews Roundup\n\nOpenBSD KDE Status Report 2022\n\n\n\nA Decade of HardenedBSD\n\n\n\nIn Praise of Plan9\n\n\n\nBeastie Bits\n\nLibreSSL 3.7.0 Released\nOPNsense 22.7.10 released\nBSDCan 2023 call for papers\nHow to lock OpenSSH authentication agent\nOnce upon a time long ago, I was sitting alone in the UCLA ARPANET site...\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Foundation’s Software Development review of 2022, what can we learn from Vintage Computing, OpenBSD KDE Status Report 2022, a Decade of HardenedBSD, In Praise of Plan9, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2022-in-review-software-development/\" rel=\"nofollow\"\u003e2022 in Review: Software Development\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/readme/featured/vintage-computing\" rel=\"nofollow\"\u003eWhat can we learn from Vintage Computing\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.sizeofvoid.org/posts/2022-26-12-openbsd-kde-status-report-2022/\" rel=\"nofollow\"\u003eOpenBSD KDE Status Report 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://git.hardenedbsd.org/shawn.webb/articles/-/blob/master/hardenedbsd/2023-01_decade/article.md\" rel=\"nofollow\"\u003eA Decade of HardenedBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://drewdevault.com/2022/11/12/In-praise-of-Plan-9.html\" rel=\"nofollow\"\u003eIn Praise of Plan9\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20221212183516\" rel=\"nofollow\"\u003eLibreSSL 3.7.0 Released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://opnsense.org/opnsense-22-7-10-released/\" rel=\"nofollow\"\u003eOPNsense 22.7.10 released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://lists.bsdcan.org/pipermail/bsdcan-announce/2022-December/000194.html\" rel=\"nofollow\"\u003eBSDCan 2023 call for papers\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://sleeplessbeastie.eu/2022/12/28/how-to-lock-openssh-authentication-agent/\" rel=\"nofollow\"\u003eHow to lock OpenSSH authentication agent\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mastodon.laurenweinstein.org/@lauren/109588605178700335\" rel=\"nofollow\"\u003eOnce upon a time long ago, I was sitting alone in the UCLA ARPANET site...\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Foundation’s Software Development review of 2022, what can we learn from Vintage Computing, OpenBSD KDE Status Report 2022, a Decade of HardenedBSD, In Praise of Plan9, and more","date_published":"2023-01-19T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ae658daa-12a6-4e03-b688-5970278fb273.mp3","mime_type":"audio/mpeg","size_in_bytes":44370432,"duration_in_seconds":2773}]},{"id":"f53ef4ed-7907-4da2-8402-7154f773f79e","title":"489: Refreshing Perspective","url":"https://www.bsdnow.tv/489","content_text":"FreeBSD vs. Linux – Networking, HDMI sound output through TV speakers on FreeBSD 13, Getting started with tmux, Samba Active Directory, OpenIKED 7.2 released, FreeBSD Plasma 5 GUI Install, DHCP server howto in German, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD vs. Linux – Networking\n\n\n\n(Solved), HDMI sound output through TV speakers Freebsd 13 or @4 plus VCHIQ audio patch - Raspberry Pi Forums\n\n\n\nNews Roundup\n\nGetting started with tmux\n\n\n\nSamba Active Directory\n\n\n\nOpenIKED 7.2 released\n\n\n\nFreeBSD Plasma 5 GUI Install\n\n\nOriginal German Article\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD vs. Linux – Networking, HDMI sound output through TV speakers on FreeBSD 13, Getting started with tmux, Samba Active Directory, OpenIKED 7.2 released, FreeBSD Plasma 5 GUI Install, DHCP server howto in German, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-vs-linux-networking/\" rel=\"nofollow\"\u003eFreeBSD vs. Linux – Networking\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.raspberrypi.com/viewtopic.php?t=343233\" rel=\"nofollow\"\u003e(Solved), HDMI sound output through TV speakers Freebsd 13 or @4 plus VCHIQ audio patch - Raspberry Pi Forums\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ittavern.com/getting-started-with-tmux/\" rel=\"nofollow\"\u003eGetting started with tmux\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cromwell-intl.com/open-source/samba-active-directory/freebsd-raspberry-pi.html\" rel=\"nofollow\"\u003eSamba Active Directory\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20221202230711\" rel=\"nofollow\"\u003eOpenIKED 7.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://byte--sized-de.translate.goog/linux-unix/freebsd-kde-plasma-5-als-gui-installieren/?_x_tr_sl=auto\u0026_x_tr_tl=en\u0026_x_tr_hl=en-US\u0026_x_tr_pto=wapp\" rel=\"nofollow\"\u003eFreeBSD Plasma 5 GUI Install\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://byte-sized.de/linux-unix/freebsd-kde-plasma-5-als-gui-installieren/\" rel=\"nofollow\"\u003eOriginal German Article\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD vs. Linux – Networking, HDMI sound output through TV speakers on FreeBSD 13, Getting started with tmux, Samba Active Directory, OpenIKED 7.2 released, FreeBSD Plasma 5 GUI Install, DHCP server howto in German, and more","date_published":"2023-01-12T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f53ef4ed-7907-4da2-8402-7154f773f79e.mp3","mime_type":"audio/mpeg","size_in_bytes":34737024,"duration_in_seconds":2171}]},{"id":"0ebed5dc-4761-4816-b5e6-9c17f80612b6","title":"488: Old ping(8) bug","url":"https://www.bsdnow.tv/488","content_text":"Finding a 24 year old bug in ping(8), The Role of Operating Systems in IOT, Authentication gateway with SSH on OpenBSD, FreeBSD 12.4 is out, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFuzzing ping(8) … and finding a 24 year old bug\n\n\n\nThe Role of Operating Systems in IOT\n\n\n\nNews Roundup\n\nAuthentication gateway with SSH on OpenBSD\n\n\n\nFreeBSD 12.4 is out\n\n\n\nBeastie Bits\n\nVagrant FreeBSD Boxbuilder\nLibreSSL 3.7.0 Released\nOPNsense 22.7.9 released\nBIOS Memory Map for vmd(8) Rewrite in Progress\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFinding a 24 year old bug in ping(8), The Role of Operating Systems in IOT, Authentication gateway with SSH on OpenBSD, FreeBSD 12.4 is out, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://tlakh.xyz/fuzzing-ping.html\" rel=\"nofollow\"\u003eFuzzing ping(8) … and finding a 24 year old bug\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/the-role-of-operating-systems-in-iot/\" rel=\"nofollow\"\u003eThe Role of Operating Systems in IOT\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-12-01-openbsd-authpf.html\" rel=\"nofollow\"\u003eAuthentication gateway with SSH on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-announce/2022-December/000059.html\" rel=\"nofollow\"\u003eFreeBSD 12.4 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/punktDe/vagrant-freebsd-boxbuilder\" rel=\"nofollow\"\u003eVagrant FreeBSD Boxbuilder\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20221212183516\" rel=\"nofollow\"\u003eLibreSSL 3.7.0 Released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://opnsense.org/opnsense-22-7-9-released\" rel=\"nofollow\"\u003eOPNsense 22.7.9 released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20221211164822\" rel=\"nofollow\"\u003eBIOS Memory Map for vmd(8) Rewrite in Progress\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Finding a 24 year old bug in ping(8), The Role of Operating Systems in IOT, Authentication gateway with SSH on OpenBSD, FreeBSD 12.4 is out, and more","date_published":"2023-01-05T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0ebed5dc-4761-4816-b5e6-9c17f80612b6.mp3","mime_type":"audio/mpeg","size_in_bytes":34010112,"duration_in_seconds":2125}]},{"id":"0aac59a7-37df-4c7b-85fc-68c0d657cd47","title":"487: EuroBSDcon Interviews Pt. 2","url":"https://www.bsdnow.tv/487","content_text":"This year end episode of BSDNow features a trip report to EuroBSDcon by Mr. BSD.tv, as well as an interview with FreeBSD committer John Baldwin. Happy New Year, 2023!\n\nNOTES***\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nEuroBSDCon 2022 Trip Report\n\n\n\nInterview 3 - John Baldwin - email@email / @twitter\n\nInterview topic\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThis year end episode of BSDNow features a trip report to EuroBSDcon by Mr. BSD.tv, as well as an interview with FreeBSD committer John Baldwin. Happy New Year, 2023!\u003c/p\u003e\n\n\u003cp\u003eNOTES***\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/eurobsdcon-2022-trip-report-patrick-mcevoy/\" rel=\"nofollow\"\u003eEuroBSDCon 2022 Trip Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview 3 - John Baldwin - \u003ca href=\"mailto:email@email\" rel=\"nofollow\"\u003eemail@email\u003c/a\u003e / \u003ca href=\"https://twitter.com/user\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eInterview topic\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This year end episode of BSDNow features a trip report to EuroBSDcon by Mr. BSD.tv, as well as an interview with FreeBSD committer John Baldwin. Happy New Year, 2023!","date_published":"2022-12-29T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0aac59a7-37df-4c7b-85fc-68c0d657cd47.mp3","mime_type":"audio/mpeg","size_in_bytes":32956800,"duration_in_seconds":2059}]},{"id":"5876d0bf-0a23-4dc7-b582-fed2ae43bd85","title":"486: EuroBSDcon interviews","url":"https://www.bsdnow.tv/486","content_text":"This special episode features two interviews we did at EuroBSDcon in Vienna this year. We talk with FreeBSD developers about how they got started, their current projects and more. Also, consider donating to your favorite BSD Foundation to keep the projects going. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHelp the OpenBSD Foundation Reach Its 2022 Funding Goal\n\n• [FreeBSD Foundation Donation Link](https://freebsdfoundation.org/donate/)\n• [NetBSD Foundation Donation Link](http://www.netbsd.org/donations/#how-to-donate)\n\n\n\n\nInterview 1 - Brooks Davis - email@email / @twitter\n\nInterview topic\n\n\n\nInterview 2 - Olivier Cochard-Labbe - email@email / @twitter\n\nInterview topic\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\n\n\nFeedback/Questions\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThis special episode features two interviews we did at EuroBSDcon in Vienna this year. We talk with FreeBSD developers about how they got started, their current projects and more. Also, consider donating to your favorite BSD Foundation to keep the projects going. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20221202062601\" rel=\"nofollow\"\u003eHelp the OpenBSD Foundation Reach Its 2022 Funding Goal\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [FreeBSD Foundation Donation Link](https://freebsdfoundation.org/donate/)\n• [NetBSD Foundation Donation Link](http://www.netbsd.org/donations/#how-to-donate)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview 1 - Brooks Davis - \u003ca href=\"mailto:email@email\" rel=\"nofollow\"\u003eemail@email\u003c/a\u003e / \u003ca href=\"https://twitter.com/user\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eInterview topic\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview 2 - Olivier Cochard-Labbe - \u003ca href=\"mailto:email@email\" rel=\"nofollow\"\u003eemail@email\u003c/a\u003e / \u003ca href=\"https://twitter.com/user\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eInterview topic\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This special episode features two interviews we did at EuroBSDcon in Vienna this year. We talk with FreeBSD developers about how they got started, their current projects and more. Also, consider donating to your favorite BSD Foundation to keep the projects going. ","date_published":"2022-12-22T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5876d0bf-0a23-4dc7-b582-fed2ae43bd85.mp3","mime_type":"audio/mpeg","size_in_bytes":37461120,"duration_in_seconds":2341}]},{"id":"b7197ea6-5468-43f4-bd01-fa80aeecc72e","title":"485: FreeBSD Home Assistant","url":"https://www.bsdnow.tv/485","content_text":"Tails of the M1 GPU, Getting Home Assistant running in a FreeBSD 13.1 jail, interview with AWK creator Dr. Brian Kernighan, Next steps toward mimmutable, Unix's (technical) history is mostly old now, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nTails of the M1 GPU\n\n\n\nGetting Home Assistant running in a FreeBSD 13.1 jail\n\n\n\nNews Roundup\n\nA brief interview with AWK creator Dr. Brian Kernighan\n\n\n\nNext steps toward mimmutable, from deraadt@\n\n\n\nUnix's (technical) history is mostly old now\n\n\n\nMWL Update\n\n\nFediverse Servers, plus mac_portacl on FreeBSD\nFifty Books. Thirty Years. What Next?\nMailing List Freebies\n\n\n\n\nBeastie Bits\n\n\nMore #FreeBSD Power Saving Notes\nHacker Stations\nThe Cult of DD\nRavynOS\n\n\nravynOS (previously called airyxOS) is an open-source operating system based on FreeBSD, CMU Mach, and Apple open-source code that aims to be compatible with macOS applications and has no hardware restrictions.\n\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eTails of the M1 GPU, Getting Home Assistant running in a FreeBSD 13.1 jail, interview with AWK creator Dr. Brian Kernighan, Next steps toward mimmutable, Unix\u0026#39;s (technical) history is mostly old now, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://asahilinux.org/2022/11/tales-of-the-m1-gpu/\" rel=\"nofollow\"\u003eTails of the M1 GPU\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2022/08/27/getting-home-assistant-running-in-a-freebsd-13-1-jail/\" rel=\"nofollow\"\u003eGetting Home Assistant running in a FreeBSD 13.1 jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://pldb.com/posts/brianKernighan.html\" rel=\"nofollow\"\u003eA brief interview with AWK creator Dr. Brian Kernighan\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20221120115616\" rel=\"nofollow\"\u003eNext steps toward mimmutable, from deraadt@\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/UnixHistoryMostlyOldNow\" rel=\"nofollow\"\u003eUnix\u0026#39;s (technical) history is mostly old now\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eMWL Update\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/22392\" rel=\"nofollow\"\u003eFediverse Servers, plus mac_portacl on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/22399\" rel=\"nofollow\"\u003eFifty Books. Thirty Years. What Next?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/22423\" rel=\"nofollow\"\u003eMailing List Freebies\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://blog.ignoranthack.me/?p=686\" rel=\"nofollow\"\u003eMore #FreeBSD Power Saving Notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackerstations.com/\" rel=\"nofollow\"\u003eHacker Stations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eklitzke.org/the-cult-of-dd\" rel=\"nofollow\"\u003eThe Cult of DD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://airyx.org/\" rel=\"nofollow\"\u003eRavynOS\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eravynOS (previously called airyxOS) is an open-source operating system based on FreeBSD, CMU Mach, and Apple open-source code that aims to be compatible with macOS applications and has no hardware restrictions.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Tails of the M1 GPU, Getting Home Assistant running in a FreeBSD 13.1 jail, interview with AWK creator Dr. Brian Kernighan, Next steps toward mimmutable, Unix's (technical) history is mostly old now, and more","date_published":"2022-12-15T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b7197ea6-5468-43f4-bd01-fa80aeecc72e.mp3","mime_type":"audio/mpeg","size_in_bytes":41792256,"duration_in_seconds":2612}]},{"id":"4f095d18-aa8c-465b-956d-03ca0f1f16f8","title":"484: Birth of stderr","url":"https://www.bsdnow.tv/484","content_text":"Virtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nVirtualization showdown – FreeBSD’s bhyve vs. Linux’s KVM\n\n\n\nThe Birth of Standard Error\n\n\n\nNews Roundup\n\nInvestigating why Steam started picking a random font\n\n\n\nCurious Case of Maintaining Sufficient Free Space with ZFS\n\n\n\nCall for testing on updated Apple M1/M2 bootloader code\n\n\n\nFreeBSD on my workstation\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - Initial Setup\nJoseph - openbsd and postgresql\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eVirtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/virtualization-showdown-freebsd-bhyve-linux-kvm/\" rel=\"nofollow\"\u003eVirtualization showdown – FreeBSD’s bhyve vs. Linux’s KVM\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.spinellis.gr/blog/20131211/\" rel=\"nofollow\"\u003eThe Birth of Standard Error\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pkh.me/p/35-investigating-why-steam-started-picking-a-random-font.html\" rel=\"nofollow\"\u003eInvestigating why Steam started picking a random font\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://taras.glek.net/post/curious-case-of-maintaining-sufficient-free-space-with-zfs/\" rel=\"nofollow\"\u003eCurious Case of Maintaining Sufficient Free Space with ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20221120113149\" rel=\"nofollow\"\u003eCall for testing on updated Apple M1/M2 bootloader code\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://camandro.org/blog/2022-09-30-freebsd-on-my-workstation.html\" rel=\"nofollow\"\u003eFreeBSD on my workstation\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/Brad%20-%20Initial%20Setup.md\" rel=\"nofollow\"\u003eBrad - Initial Setup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/joseph%20-%20openbsd%20and%20postgresql.md\" rel=\"nofollow\"\u003eJoseph - openbsd and postgresql\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Virtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more ","date_published":"2022-12-08T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4f095d18-aa8c-465b-956d-03ca0f1f16f8.mp3","mime_type":"audio/mpeg","size_in_bytes":34985472,"duration_in_seconds":2186}]},{"id":"a6421b51-580d-42b5-8668-9703082f861b","title":"483: ZFS Time Machine","url":"https://www.bsdnow.tv/483","content_text":"Research Unix Version 6 in the Open SIMH PDP-11 Emulator, The Hot Tub Time Machine is Your ZFS Turn-Back-Time Method, NFS on NetBSD: server and client side, HardenedBSD October 2022 Status Report, Nushell : Introduction, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nInstalling and Using Research Unix Version 6 in the Open SIMH PDP-11 Emulator\n\n\n\nhttm – The Hot Tub Time Machine is Your ZFS Turn-Back-Time Method\n\n\n\nNews Roundup\n\nNFS on NetBSD: server and client side\n\n\n\nHardenedBSD October 2022 Status Report\n\n\n\nNushell : Introduction\n\n\n\nBeastie Bits\n\nUnix Pipe Game\nSlides - The “other” FreeBSD optimizations used by Netflix to serve video at 800Gb/s from a single server\nMy FreeBSD Friday Lecture: The Writing Scholar’s Guide to FreeBSD\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDan - Response to Hans\nJohnny - bhyve question\nManuel - EuroBSDcon social event\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eResearch Unix Version 6 in the Open SIMH PDP-11 Emulator, The Hot Tub Time Machine is Your ZFS Turn-Back-Time Method, NFS on NetBSD: server and client side, HardenedBSD October 2022 Status Report, Nushell : Introduction, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://decuser.blogspot.com/2022/10/installing-and-using-research-unix.html\" rel=\"nofollow\"\u003eInstalling and Using Research Unix Version 6 in the Open SIMH PDP-11 Emulator\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/httm-is-a-zfs-based-time-machine/\" rel=\"nofollow\"\u003ehttm – The Hot Tub Time Machine is Your ZFS Turn-Back-Time Method\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unitedbsd.com/d/959-nfs-on-netbsd-server-and-client-side\" rel=\"nofollow\"\u003eNFS on NetBSD: server and client side\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2022-10-31/hardenedbsd-october-2022-status-report\" rel=\"nofollow\"\u003eHardenedBSD October 2022 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-10-31-nushell.html\" rel=\"nofollow\"\u003eNushell : Introduction\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://hackaday.com/2022/10/18/if-only-the-kids-knew-about-pipes/\" rel=\"nofollow\"\u003eUnix Pipe Game\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://people.freebsd.org/%7Egallatin/talks/euro2022.pdf\" rel=\"nofollow\"\u003eSlides - The “other” FreeBSD optimizations used by Netflix to serve video at 800Gb/s from a single server\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.coreystephan.com/freebsd-friday/\" rel=\"nofollow\"\u003eMy FreeBSD Friday Lecture: The Writing Scholar’s Guide to FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/483/feedback/Dan%20-%20Response%20to%20Hans.md\" rel=\"nofollow\"\u003eDan - Response to Hans\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/483/feedback/Johnny%20-%20bhyve%20question.md\" rel=\"nofollow\"\u003eJohnny - bhyve question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/483/feedback/Manuel%20-%20EuroBSDcon%20social%20event.md\" rel=\"nofollow\"\u003eManuel - EuroBSDcon social event\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Research Unix Version 6 in the Open SIMH PDP-11 Emulator, The Hot Tub Time Machine is Your ZFS Turn-Back-Time Method, NFS on NetBSD: server and client side, HardenedBSD October 2022 Status Report, Nushell : Introduction, and more","date_published":"2022-12-01T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a6421b51-580d-42b5-8668-9703082f861b.mp3","mime_type":"audio/mpeg","size_in_bytes":48744192,"duration_in_seconds":3046}]},{"id":"b4733d68-58d9-429a-b80d-d7a4522e3e33","title":"482: BSD XFCE Desktop","url":"https://www.bsdnow.tv/482","content_text":"5 Key Reasons to Consider Open Source Storage, OpenBSD Minimalist Desktop, BSD XFCE, Alpine Linux VM on bhyve - with root on ZFS, FreeBSD Jail Quick Setup with Networking, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\n5 Key Reasons to Consider Open Source Storage Over Commercial Offerings\n\n\n\nOpenBSD Minimalist Desktop\n\n\n\nNews Roundup\n\nBSD-XFCE\n\n\n\nCreating an Alpine Linux VM on bhyve - with root on ZFS (optionally encrypted)\n\n\n\nFreeBSD Jail Quick Setup with Networking (2022)\n\n\n\nBeastie Bits\n\nEuroBSDcon videos are now up\nLibreSSL 3.6.1 released\nRaspberry Pi 4 with FreeBSD 13-RELEASE: A Perfect Miniature Homelab\n\nAsiaBSDcon 2023 CfP\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nJohn - Allan's meetup\nMatthew - atime and a question\nValentin - Becoming a FreeBSD Developer\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003e5 Key Reasons to Consider Open Source Storage, OpenBSD Minimalist Desktop, BSD XFCE, Alpine Linux VM on bhyve - with root on ZFS, FreeBSD Jail Quick Setup with Networking, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/open-source-storage-over-commercial-offerings/\" rel=\"nofollow\"\u003e5 Key Reasons to Consider Open Source Storage Over Commercial Offerings\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nechtan.io/articles/openbsd_minimalist_desktop.html\" rel=\"nofollow\"\u003eOpenBSD Minimalist Desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/Wamphyre/BSD-XFCE\" rel=\"nofollow\"\u003eBSD-XFCE\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://it-notes.dragas.net/2022/11/01/creating-an-alpine-vm-on-bhyve-with-root-on-zfs-optionally-encrypted/\" rel=\"nofollow\"\u003eCreating an Alpine Linux VM on bhyve - with root on ZFS (optionally encrypted)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.shaka.today/freebsd-jail-quick-setup-with-networking-2022/\" rel=\"nofollow\"\u003eFreeBSD Jail Quick Setup with Networking (2022)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.youtube.com/c/EuroBSDcon/videos\" rel=\"nofollow\"\u003eEuroBSDcon videos are now up\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20221104064712\" rel=\"nofollow\"\u003eLibreSSL 3.6.1 released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.coreystephan.com/pi4-freebsd/\" rel=\"nofollow\"\u003eRaspberry Pi 4 with FreeBSD 13-RELEASE: A Perfect Miniature Homelab\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://2023.asiabsdcon.org/cfp.html.en\" rel=\"nofollow\"\u003eAsiaBSDcon 2023 CfP\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/482/feedback/John%20-%20Allan\u0026#x27;s%20meetup.md\" rel=\"nofollow\"\u003eJohn - Allan\u0026#39;s meetup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/482/feedback/Matthew%20-%20atime%20and%20a%20question.md\" rel=\"nofollow\"\u003eMatthew - atime and a question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/482/feedback/Valentin%20-%20Becoming%20a%20FreeBSD%20Developer.md\" rel=\"nofollow\"\u003eValentin - Becoming a FreeBSD Developer\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"5 Key Reasons to Consider Open Source Storage, OpenBSD Minimalist Desktop, BSD XFCE, Alpine Linux VM on bhyve - with root on ZFS, FreeBSD Jail Quick Setup with Networking, and more.","date_published":"2022-11-24T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b4733d68-58d9-429a-b80d-d7a4522e3e33.mp3","mime_type":"audio/mpeg","size_in_bytes":37766784,"duration_in_seconds":2360}]},{"id":"f0df0143-84f7-40aa-9802-be21a870c0c1","title":"481: Fiery Crackers","url":"https://www.bsdnow.tv/481","content_text":"FreeBSD Q3 2022 status report, Leveraging MinIO and OpenZFS to avoid vendor lock in, FreeBSD on Firecracker platform, How Much Faster Is Making A Tar Archive Without Gzip, Postgres from packages on OpenBSD, Upgrading an NVMe zpool from 222G to 1TB drives, Don't use Reddit for Linux or BSD related questions, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Quarterly Status Report Third Quarter 2022\n\n\n\nAvoid Infrastructure Vendor Lock-in by leveraging MinIO and OpenZFS\n\n\n\nAnnouncing the FreeBSD/Firecracker platform\n\n\n\nNews Roundup\n\nHow Much Faster Is Making A Tar Archive Without Gzip?\n\n\n\nPostgreSQL from packages on OpenBSD\n\n\n\nUpgrading an NVMe zpool from 222G to 1TB drives\n\n\n\nPSA: Don't use Reddit for Linux or BSD related questions\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nHinnerk - vnet jails\nTom’s response example: https://adventurist.me/posts/00304\nHugo - Apple M2\nkevin - emacs backspace\n)\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eFreeBSD Q3 2022 status report, Leveraging MinIO and OpenZFS to avoid vendor lock in, FreeBSD on Firecracker platform, How Much Faster Is Making A Tar Archive Without Gzip, Postgres from packages on OpenBSD, Upgrading an NVMe zpool from 222G to 1TB drives, Don\u0026#39;t use Reddit for Linux or BSD related questions, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2022-07-2022-09/\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report Third Quarter 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/avoid-vendor-lock-in-with-minio-and-openzfs/\" rel=\"nofollow\"\u003eAvoid Infrastructure Vendor Lock-in by leveraging MinIO and OpenZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.daemonology.net/blog/2022-10-18-FreeBSD-Firecracker.html\" rel=\"nofollow\"\u003eAnnouncing the FreeBSD/Firecracker platform\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lowendbox.com/blog/how-much-faster-is-making-a-tar-archive-without-gzip/\" rel=\"nofollow\"\u003eHow Much Faster Is Making A Tar Archive Without Gzip?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dbi-services.com/blog/postgresql-from-packages-on-openbsd/\" rel=\"nofollow\"\u003ePostgreSQL from packages on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2022/10/18/upgrading-an-nvme-zpool-from-222g-to-1tb-drives/\" rel=\"nofollow\"\u003eUpgrading an NVMe zpool from 222G to 1TB drives\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://unixsheikh.com/articles/dont-use-reddit-for-linux-or-bsd-related-questions.html\" rel=\"nofollow\"\u003ePSA: Don\u0026#39;t use Reddit for Linux or BSD related questions\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/481/feedback/Hinnerk%20-%20vnet%20jails.md\" rel=\"nofollow\"\u003eHinnerk - vnet jails\u003c/a\u003e\u003cbr\u003e\nTom’s response example: \u003ca href=\"https://adventurist.me/posts/00304\" rel=\"nofollow\"\u003ehttps://adventurist.me/posts/00304\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/481/feedback/Hugo%20-%20Apple%20M2.md\" rel=\"nofollow\"\u003eHugo - Apple M2\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/481/feedback/kevin%20-%20emacs%20backspace.md\" rel=\"nofollow\"\u003ekevin - emacs backspace\u003c/a\u003e\u003cbr\u003e\n)\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Q3 2022 status report, Leveraging MinIO and OpenZFS to avoid vendor lock in, FreeBSD on Firecracker platform, How Much Faster Is Making A Tar Archive Without Gzip, Postgres from packages on OpenBSD, Upgrading an NVMe zpool from 222G to 1TB drives, Don't use Reddit for Linux or BSD related questions, and more.","date_published":"2022-11-17T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f0df0143-84f7-40aa-9802-be21a870c0c1.mp3","mime_type":"audio/mpeg","size_in_bytes":50564656,"duration_in_seconds":2874}]},{"id":"304e9711-6a86-42b7-a144-191aa1f900b7","title":"480: OpenBSD 7.2","url":"https://www.bsdnow.tv/480","content_text":"OpenBSD 7.2 and FuguIta have been released, Learn the Whys and Hows with the FreeBSD Sec Team, how to get notified about FreeBSD updates, using unbound for ad blocking on OpenBSD, further memory protections on OpenBSD current, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD 7.2 has been released\n\n\nFuguIta 7.2 is out as well\n***\n### Keeping FreeBSD Secure: Learn the Whys and Hows with the FreeBSD Sec Team\n\n\n\n\nNews Roundup\n\nHowto: be notified of FreeBSD upgrades, security updates and package updates at login\n\n\n\nAds blocking with OpenBSD unbound(8)\n\n\n\nFurther memory protections committed to -current\n\n\n\nBeastie Bits\n\n• [“OpenBSD Mastery: Filesystems” Print/Ebook Bundle Preorder](https://mwl.io/archives/22352)\n• [Klara is hiring a FreeBSD Kernel Developer](https://klarasystems.com/careers/freebsd-kernel-developer/)\n• [FreeBSD 12.4-BETA1 Now Available](https://lists.freebsd.org/archives/freebsd-stable/2022-October/000920.html)\n• [Hunting kernel lock and interrupt latency](https://mail-index.netbsd.org/tech-kern/2022/10/30/msg028499.html)\n• [EuroBSDcon 2022 videos available](https://undeadly.org/cgi?action=article;sid=20221027232308)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nCharles - BSD Now Bingo\nJake - FreeBSD Security defaults\nSam - FreeBSD and SSDs\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenBSD 7.2 and FuguIta have been released, Learn the Whys and Hows with the FreeBSD Sec Team, how to get notified about FreeBSD updates, using unbound for ad blocking on OpenBSD, further memory protections on OpenBSD current, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/72.html\" rel=\"nofollow\"\u003eOpenBSD 7.2 has been released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://fuguita.org/index.php?FuguIta%2F7.2=\" rel=\"nofollow\"\u003eFuguIta 7.2 is out as well\u003c/a\u003e\n***\n### \u003ca href=\"https://freebsdfoundation.org/blog/keeping-freebsd-secure-learn-the-whys-and-hows-with-the-freebsd-sec-team/\" rel=\"nofollow\"\u003eKeeping FreeBSD Secure: Learn the Whys and Hows with the FreeBSD Sec Team\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.freebsd.org/threads/howto-be-notified-of-freebsd-upgrades-security-updates-and-package-updates-at-login.86660/\" rel=\"nofollow\"\u003eHowto: be notified of FreeBSD upgrades, security updates and package updates at login\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2022/ads-blocking-with-openbsd-unbound8/\" rel=\"nofollow\"\u003eAds blocking with OpenBSD unbound(8)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20221008100649\" rel=\"nofollow\"\u003eFurther memory protections committed to -current\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [“OpenBSD Mastery: Filesystems” Print/Ebook Bundle Preorder](https://mwl.io/archives/22352)\n• [Klara is hiring a FreeBSD Kernel Developer](https://klarasystems.com/careers/freebsd-kernel-developer/)\n• [FreeBSD 12.4-BETA1 Now Available](https://lists.freebsd.org/archives/freebsd-stable/2022-October/000920.html)\n• [Hunting kernel lock and interrupt latency](https://mail-index.netbsd.org/tech-kern/2022/10/30/msg028499.html)\n• [EuroBSDcon 2022 videos available](https://undeadly.org/cgi?action=article;sid=20221027232308)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/480/feedback/Charles%20-%20BSD%20Now%20Bingo.md\" rel=\"nofollow\"\u003eCharles - BSD Now Bingo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/480/feedback/Jake%20-%20FreeBSD%20Security%20defaults.md\" rel=\"nofollow\"\u003eJake - FreeBSD Security defaults\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/480/feedback/Sam%20-%20FreeBSD%20and%20SSDs.md\" rel=\"nofollow\"\u003eSam - FreeBSD and SSDs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD 7.2 and FuguIta have been released, Learn the Whys and Hows with the FreeBSD Sec Team, how to get notified about FreeBSD updates, using unbound for ad blocking on OpenBSD, further memory protections on OpenBSD current, and more. ","date_published":"2022-11-10T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/304e9711-6a86-42b7-a144-191aa1f900b7.mp3","mime_type":"audio/mpeg","size_in_bytes":46963584,"duration_in_seconds":2935}]},{"id":"1f8daae0-ec33-4016-b70d-b6a31783eeea","title":"479: OpenBSD Docker Host","url":"https://www.bsdnow.tv/479","content_text":"EuroBSDcon 2022 as first BSD conference, Red Hat’s OpenShift vs FreeBSD Jails, Running a Docker Host under OpenBSD using vmd(8), history of sending signals to Unix process groups, Toolchains adventures - Q3 2022, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nEuroBSDCon 2022, my first BSD conference (and how they are different)\n\n\n\nRed Hat’s OpenShift vs FreeBSD Jails\n\n\n\nNews Roundup\n\nThe history of sending signals to Unix process groups\n\n\n\nRunning a Docker Host under OpenBSD using vmd(8)\n\n\n\nToolchains adventures - Q3 2022\n\n\n\nBeastie Bits\n\n-current has moved to 7.2\nSeveral /sbin daemons are now dynamically-linked\nAnnouncing the pkgsrc 2022Q3 branch\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nHans - datacenters and dust\nTim - Boot issue\naaron- dwm tiling\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eEuroBSDcon 2022 as first BSD conference, Red Hat’s OpenShift vs FreeBSD Jails, Running a Docker Host under OpenBSD using vmd(8), history of sending signals to Unix process groups, Toolchains adventures - Q3 2022, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2022/09/25/eurobsdcon-2022-my-first-bsd-conference-and-how-they-are-different/\" rel=\"nofollow\"\u003eEuroBSDCon 2022, my first BSD conference (and how they are different)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/red-hats-openshift-vs-freebsd-jails/\" rel=\"nofollow\"\u003eRed Hat’s OpenShift vs FreeBSD Jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ProcessGroupsAndSignals\" rel=\"nofollow\"\u003eThe history of sending signals to Unix process groups\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2022/running-docker-host-openbsd-vmd/\" rel=\"nofollow\"\u003eRunning a Docker Host under OpenBSD using vmd(8)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/toolchains-adventures-q3-2022/\" rel=\"nofollow\"\u003eToolchains adventures - Q3 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220912055003\" rel=\"nofollow\"\u003e-current has moved to 7.2\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220830052924\" rel=\"nofollow\"\u003eSeveral /sbin daemons are now dynamically-linked\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mail-index.netbsd.org/netbsd-announce/2022/09/29/msg000341.html\" rel=\"nofollow\"\u003eAnnouncing the pkgsrc 2022Q3 branch\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/476/feedback/Hans%20-%20datacenters%20and%20dust.md\" rel=\"nofollow\"\u003eHans - datacenters and dust\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/476/feedback/Tim%20-%20Boot%20issue.md\" rel=\"nofollow\"\u003eTim - Boot issue\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/476/feedback/aaron-%20dwm%20tiling%20.md\" rel=\"nofollow\"\u003eaaron- dwm tiling\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"EuroBSDcon 2022 as first BSD conference, Red Hat’s OpenShift vs FreeBSD Jails, Running a Docker Host under OpenBSD using vmd(8), history of sending signals to Unix process groups, Toolchains adventures - Q3 2022, and more","date_published":"2022-11-03T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1f8daae0-ec33-4016-b70d-b6a31783eeea.mp3","mime_type":"audio/mpeg","size_in_bytes":40382208,"duration_in_seconds":2523}]},{"id":"1cacdcc7-e6f6-4193-b76d-f99ab20f08fc","title":"478: Debunking sudo myths ","url":"https://www.bsdnow.tv/478","content_text":"Open Source in Enterprise Environments, Your Comprehensive Guide to rc(8): FreeBSD Services and Automation, How Rob Pike got hired by Dennis Richie, what FreeBSD machines rubenerd uses, new debugbreak command, 7 sudo myths debunked\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpen Source in Enterprise Environments - Where Are We Now and What Is Our Way Forward?\n\n\n\nYour Comprehensive Guide to rc(8): FreeBSD Services and Automation\n\n\n\nNews Roundup\n\nHow Rob Pike got hired by Dennis Richie\n\n\n\nCartron asks what FreeBSD machines I use\n\n\n\nMy new debugbreak command\n\n\n\n7 sudo myths debunked\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAndy - sharing and acls\nReptilicus Rex - boot environments\ni3luefire - byhve issue\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpen Source in Enterprise Environments, Your Comprehensive Guide to rc(8): FreeBSD Services and Automation, How Rob Pike got hired by Dennis Richie, what FreeBSD machines rubenerd uses, new debugbreak command, 7 sudo myths debunked\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdly.blogspot.com/2022/09/open-source-in-enterprise-environments.html\" rel=\"nofollow\"\u003eOpen Source in Enterprise Environments - Where Are We Now and What Is Our Way Forward?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/rc8-freebsd-services-and-automation/\" rel=\"nofollow\"\u003eYour Comprehensive Guide to rc(8): FreeBSD Services and Automation\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://minnie.tuhs.org/pipermail/tuhs/2022-September/026506.html\" rel=\"nofollow\"\u003eHow Rob Pike got hired by Dennis Richie\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/cartron-asks-what-freebsd-machines-i-use/\" rel=\"nofollow\"\u003eCartron asks what FreeBSD machines I use\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nullprogram.com/blog/2022/07/31/\" rel=\"nofollow\"\u003eMy new debugbreak command\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opensource.com/article/22/8/debunk-sudo-myths\" rel=\"nofollow\"\u003e7 sudo myths debunked\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/478/feedback/Andy%20-%20sharing%20and%20acls.md\" rel=\"nofollow\"\u003eAndy - sharing and acls\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/478/feedback/Reptilicus%20Rex%20-%20boot%20environments.md\" rel=\"nofollow\"\u003eReptilicus Rex - boot environments\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/478/feedback/i3luefire%20-%20byhve%20issue.md\" rel=\"nofollow\"\u003ei3luefire - byhve issue\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Open Source in Enterprise Environments, Your Comprehensive Guide to rc(8): FreeBSD Services and Automation, How Rob Pike got hired by Dennis Richie, what FreeBSD machines rubenerd uses, new debugbreak command, 7 sudo myths debunked","date_published":"2022-10-27T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1cacdcc7-e6f6-4193-b76d-f99ab20f08fc.mp3","mime_type":"audio/mpeg","size_in_bytes":66564288,"duration_in_seconds":2773}]},{"id":"58511dab-5dc9-4024-9373-30c152784856","title":"477: Uninitialized Memory Disclosures","url":"https://www.bsdnow.tv/477","content_text":"Analyzing BSD Kernels for Uninitialized Memory Disclosures Using Binary Ninja, Sharing Dual-Licensed Drivers between Linux and FreeBSD, favorite Things About The OpenBSD Packet Filter Tools, How to trigger services restart after OpenBSD update, Gems from the Man Page Trenches, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nMindshare: Analyzing Bsd Kernels for Uninitialized Memory Disclosures Using Binary Ninja\n\n\n\nSharing Dual-Licensed Drivers between Linux and FreeBSD\n\n\n\nNews Roundup\n\nA Few of My Favorite Things About The OpenBSD Packet Filter Tools\n\n\n\nHow to trigger services restart after OpenBSD update\n\n\n\nGems from the Man Page Trenches\n\n\n\nBeastie Bits\n\nThe MIPS ThinkPad\nNix Gems\nRunning PalmOS without PalmOS\n\"OpenBSD Mastery: Filesystems\" draft done!\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - zfs and databases\nKevin - EMACS\nMichal - virtual OSS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eAnalyzing BSD Kernels for Uninitialized Memory Disclosures Using Binary Ninja, Sharing Dual-Licensed Drivers between Linux and FreeBSD, favorite Things About The OpenBSD Packet Filter Tools, How to trigger services restart after OpenBSD update, Gems from the Man Page Trenches, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.zerodayinitiative.com/blog/2022/9/19/mindshare-analyzing-bsd-kernels-with-binary-ninja\" rel=\"nofollow\"\u003eMindshare: Analyzing Bsd Kernels for Uninitialized Memory Disclosures Using Binary Ninja\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/sharing-dual-licensed-drivers-between-linux-and-freebsd/\" rel=\"nofollow\"\u003eSharing Dual-Licensed Drivers between Linux and FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nxdomain.no/%7Epeter/better_off_with_pf.html\" rel=\"nofollow\"\u003eA Few of My Favorite Things About The OpenBSD Packet Filter Tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-09-25-openbsd-reboot-syspatch.html\" rel=\"nofollow\"\u003eHow to trigger services restart after OpenBSD update\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.saminiir.com/gems-from-man-page-trenches/\" rel=\"nofollow\"\u003eGems from the Man Page Trenches\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://oldvcr.blogspot.com/2022/09/the-mips-thinkpad-kind-of.html\" rel=\"nofollow\"\u003eThe MIPS ThinkPad\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://gitlab.com/DeaDSouL/NixGems\" rel=\"nofollow\"\u003eNix Gems\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://pmig96.wordpress.com/2022/09/18/running-palmos-without-palmos/\" rel=\"nofollow\"\u003eRunning PalmOS without PalmOS\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mwl.io/archives/22303\" rel=\"nofollow\"\u003e\u0026quot;OpenBSD Mastery: Filesystems\u0026quot; draft done!\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/477/feedback/Brad%20-%20zfs%20and%20databases.md\" rel=\"nofollow\"\u003eBrad - zfs and databases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/477/feedback/Kevin%20-%20EMACS.md\" rel=\"nofollow\"\u003eKevin - EMACS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/477/feedback/Michal%20-%20virtual%20OSS.md\" rel=\"nofollow\"\u003eMichal - virtual OSS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Analyzing BSD Kernels for Uninitialized Memory Disclosures Using Binary Ninja, Sharing Dual-Licensed Drivers between Linux and FreeBSD, favorite Things About The OpenBSD Packet Filter Tools, How to trigger services restart after OpenBSD update, Gems from the Man Page Trenches, and more.","date_published":"2022-10-20T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/58511dab-5dc9-4024-9373-30c152784856.mp3","mime_type":"audio/mpeg","size_in_bytes":67616640,"duration_in_seconds":2817}]},{"id":"64bc3a0c-43cf-4e97-af97-b31d799c1154","title":"476: Warren Toomey interview","url":"https://www.bsdnow.tv/476","content_text":"In this special episode, we interview Warren Toomey from the Unix Historical Society. We chat about his involvement in preserving old Unix systems and why that is important.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\n\n\nInterview - Warren Toomey - wkt@tuhs.org\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Warren Toomey.","content_html":"\u003cp\u003eIn this special episode, we interview Warren Toomey from the Unix Historical Society. We chat about his involvement in preserving old Unix systems and why that is important.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Warren Toomey - \u003ca href=\"mailto:wkt@tuhs.org\" rel=\"nofollow\"\u003ewkt@tuhs.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Warren Toomey.\u003c/p\u003e","summary":"In this special episode, we interview Warren Toomey from the Unix Historical Society. We chat about his involvement in preserving old Unix systems and why that is important.","date_published":"2022-10-13T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/64bc3a0c-43cf-4e97-af97-b31d799c1154.mp3","mime_type":"audio/mpeg","size_in_bytes":64196352,"duration_in_seconds":2674}]},{"id":"8308672c-2f88-4a7b-9619-ed61184f731d","title":"475: Prompt Injection Attacks","url":"https://www.bsdnow.tv/475","content_text":"Prompt injection attacks against GPT-3, the History of Package Management on FreeBSD, A fresh look at FreeBSD, File Management Tools for Your Favorite Shell, Quick Guide about Video Playback on FreeBSD, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nPrompt injection attacks against GPT-3\n\n\n\nA Quick Look at the History of Package Management on FreeBSD\n\n\n\nNews Roundup\n\nA fresh look at FreeBSD\n\n\n\nFile Management Tools for Your Favorite Shell\n\n\n\nVideo Playback on FreeBSD – Quick Guide\n\n\n\nBeastie Bits\n\nps(1) gains support for tree-like display of processes\n... interesting old-timey UNIXes ...\nA retro style online SSH client to play Nethack\nThe Good, the Bad, and the Ugly: The Unix! Legacy\nGame of Trees 0.75 released\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nKen - HPR\nKevin - FreeBSD and EMACS\nNathan - Handbook contribution Question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003ePrompt injection attacks against GPT-3, the History of Package Management on FreeBSD, A fresh look at FreeBSD, File Management Tools for Your Favorite Shell, Quick Guide about Video Playback on FreeBSD, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://simonwillison.net/2022/Sep/12/prompt-injection/\" rel=\"nofollow\"\u003ePrompt injection attacks against GPT-3\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/a-quick-look-at-the-history-of-package-management-on-freebsd/\" rel=\"nofollow\"\u003eA Quick Look at the History of Package Management on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://liam-on-linux.dreamwidth.org/86277.html\" rel=\"nofollow\"\u003eA fresh look at FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://thevaluable.dev/file-management-tools-linux-shell/\" rel=\"nofollow\"\u003eFile Management Tools for Your Favorite Shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/resource/video-playback-on-freebsd-quick-guide/\" rel=\"nofollow\"\u003eVideo Playback on FreeBSD – Quick Guide\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220902085038\" rel=\"nofollow\"\u003eps(1) gains support for tree-like display of processes\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://minnie.tuhs.org/pipermail/tuhs/2022-September/026393.html\" rel=\"nofollow\"\u003e... interesting old-timey UNIXes ...\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://nethack.glitch.me/?retro=true\" rel=\"nofollow\"\u003eA retro style online SSH client to play Nethack\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://herpolhode.com/rob/ugly.pdf\" rel=\"nofollow\"\u003eThe Good, the Bad, and the Ugly: The Unix! Legacy\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220910120430\" rel=\"nofollow\"\u003eGame of Trees 0.75 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/475/feedback/Ken%20-%20HPR.md\" rel=\"nofollow\"\u003eKen - HPR\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/475/feedback/Kevin%20-%20FreeBSD%20and%20EMACS.md\" rel=\"nofollow\"\u003eKevin - FreeBSD and EMACS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/475/feedback/Nathan%20-%20Handbook%20contribution%20Question.md\" rel=\"nofollow\"\u003eNathan - Handbook contribution Question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Prompt injection attacks against GPT-3, the History of Package Management on FreeBSD, A fresh look at FreeBSD, File Management Tools for Your Favorite Shell, Quick Guide about Video Playback on FreeBSD, and more. ","date_published":"2022-10-06T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8308672c-2f88-4a7b-9619-ed61184f731d.mp3","mime_type":"audio/mpeg","size_in_bytes":68584320,"duration_in_seconds":2857}]},{"id":"7b0f6fc2-b232-4eb6-87e8-d945c7a02f25","title":"474: EuroBSDcon 2022","url":"https://www.bsdnow.tv/474","content_text":"Deploying FreeBSD on Oracle Cloud, A Tale of 300,000 Imaginary Friends, EuroBSDcon 2022 recap, OpenBSD Mastery: Filesystems” Status Report, OpenBGPD 7.6 Released, immutable userland mappings, Portable OpenSSH commits now SSH-signed, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDeploying FreeBSD on Oracle Cloud\n\n\n\nThe Things Spammers Believe - A Tale of 300,000 Imaginary Friends\n\n\n\nEuroBSDcon 2022\n\n\n\nNews Roundup\n\n“OpenBSD Mastery: Filesystems” Status Report\n\n\n\nOpenBGPD 7.6 Released\n\n\n\nOpenBSD may soon gain further memory protections: immutable userland mappings\n\n\n\nPortable OpenSSH commits now SSH-signed\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eDeploying FreeBSD on Oracle Cloud, A Tale of 300,000 Imaginary Friends, EuroBSDcon 2022 recap, OpenBSD Mastery: Filesystems” Status Report, OpenBGPD 7.6 Released, immutable userland mappings, Portable OpenSSH commits now SSH-signed, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/deploying-freebsd-on-oracle-cloud/\" rel=\"nofollow\"\u003eDeploying FreeBSD on Oracle Cloud\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdly.blogspot.com/2022/09/the-things-spammers-believe-tale-of.html\" rel=\"nofollow\"\u003eThe Things Spammers Believe - A Tale of 300,000 Imaginary Friends\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://peter.czanik.hu/posts/eurobsdcon2022/\" rel=\"nofollow\"\u003eEuroBSDcon 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/22031\" rel=\"nofollow\"\u003e“OpenBSD Mastery: Filesystems” Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220916051806\" rel=\"nofollow\"\u003eOpenBGPD 7.6 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220902100648\" rel=\"nofollow\"\u003eOpenBSD may soon gain further memory protections: immutable userland mappings\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220902045137\" rel=\"nofollow\"\u003ePortable OpenSSH commits now SSH-signed\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Deploying FreeBSD on Oracle Cloud, A Tale of 300,000 Imaginary Friends, EuroBSDcon 2022 recap, OpenBSD Mastery: Filesystems” Status Report, OpenBGPD 7.6 Released, immutable userland mappings, Portable OpenSSH commits now SSH-signed, and more.","date_published":"2022-09-29T03:15:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7b0f6fc2-b232-4eb6-87e8-d945c7a02f25.mp3","mime_type":"audio/mpeg","size_in_bytes":66559680,"duration_in_seconds":2773}]},{"id":"3adcda1d-0fbb-4a3a-a4cb-b63c6268b837","title":"473: Rusty Kernel Modules","url":"https://www.bsdnow.tv/473","content_text":"Writing FreeBSD kernel modules in Rust, Details behind the FreeBSD aio LPE, Linux subsystem for FreeBSD, FreeBSD Journal: Science, Systems, and FreeBSD, NetBSD improves Amiga support, OpenBSD on Scaleway Elastic Metal, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWriting FreeBSD Kernel modules in Rust\n\n\n\nDetails behind the FreeBSD aio LPE\n\n\n\nNews Roundup\n\nLinux Subsystem for FreeBSD\n\n\n\nFreeBSD Journal: Science, Systems, and FreeBSD \n\n\n\nNetBSD improves its support for the Commodore Amiga\n\n\n\nInstalling OpenBSD on Scaleway Elastic Metal\n\n\n\nBeastie Bits\n\n\n/usr/games removed from the default $PATH\nHow to install and configure mDNSResponder\nHow to use consistent exit codes in shell scripts\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n[TheHolm - zfs question)[https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/469/feedback/TheHolm%20-%20zfs%20question.md]\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWriting FreeBSD kernel modules in Rust, Details behind the FreeBSD aio LPE, Linux subsystem for FreeBSD, FreeBSD Journal: Science, Systems, and FreeBSD, NetBSD improves Amiga support, OpenBSD on Scaleway Elastic Metal, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://research.nccgroup.com/2022/08/31/writing-freebsd-kernel-modules-in-rust/\" rel=\"nofollow\"\u003eWriting FreeBSD Kernel modules in Rust\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://accessvector.net/2022/freebsd-aio-lpe\" rel=\"nofollow\"\u003eDetails behind the FreeBSD aio LPE\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/nttlabs/linux-subsystem-for-freebsd-500b9a88fda4\" rel=\"nofollow\"\u003eLinux Subsystem for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/wp-content/uploads/2022/08/03ae2705ab4362602a6bb90c5b9628c595d8b4fa.2.pdf\" rel=\"nofollow\"\u003eFreeBSD Journal: Science, Systems, and FreeBSD \u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://thenewstrace.com/netbsd-an-operating-system-that-is-serious-about-being-cross-platform-now-improves-its-support-for-the-commodore-amiga-1985/243892/\" rel=\"nofollow\"\u003eNetBSD improves its support for the Commodore Amiga\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.senzilla.io/blog/2022/08/10/installing-openbsd-scaleway-elastic-metal/\" rel=\"nofollow\"\u003eInstalling OpenBSD on Scaleway Elastic Metal\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220810120423\" rel=\"nofollow\"\u003e/usr/games removed from the default $PATH\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/how-to-install-and-configure-mdnsresponder.70713/\" rel=\"nofollow\"\u003eHow to install and configure mDNSResponder\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://sleeplessbeastie.eu/2022/08/12/how-to-use-consistent-exit-codes-in-shell-scripts\" rel=\"nofollow\"\u003eHow to use consistent exit codes in shell scripts\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e[TheHolm - zfs question)[\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/469/feedback/TheHolm%20-%20zfs%20question.md\" rel=\"nofollow\"\u003ehttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/469/feedback/TheHolm%20-%20zfs%20question.md\u003c/a\u003e]\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Writing FreeBSD kernel modules in Rust, Details behind the FreeBSD aio LPE, Linux subsystem for FreeBSD, FreeBSD Journal: Science, Systems, and FreeBSD, NetBSD improves Amiga support, OpenBSD on Scaleway Elastic Metal, and more","date_published":"2022-09-22T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3adcda1d-0fbb-4a3a-a4cb-b63c6268b837.mp3","mime_type":"audio/mpeg","size_in_bytes":66747456,"duration_in_seconds":2781}]},{"id":"8d63b5c4-f59c-4142-a030-f0791de6b56a","title":"472: Consistent Exit Code","url":"https://www.bsdnow.tv/472","content_text":"FreeBSD on the Framework Laptop, Win32 is the only stable ABI on Linux, why OpenBSD’s documentation is so good, configure dma for mail delivery in jails on internet hosts, introducing muxfs, RAID1C boot support, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD on the Framework laptop\n\n\n\nWin32 is the only stable ABI on Linux\n\n\n\nNews Roundup\n\nWhy is the OpenBSD documentation so good?\n\n\n\nHow I configure dma for mail delivery in jails on my internet hosts\n\n\n\nIntroducing muxfs\n\n\n\nRAID 1C boot support added\n\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n[Oliver - shell tip)[https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/469/feedback/Oliver%20-%20shell%20tip.md]\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD on the Framework Laptop, Win32 is the only stable ABI on Linux, why OpenBSD’s documentation is so good, configure dma for mail delivery in jails on internet hosts, introducing muxfs, RAID1C boot support, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://xyinn.org/md/freebsd/framework_laptop\" rel=\"nofollow\"\u003eFreeBSD on the Framework laptop\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.hiler.eu/win32-the-only-stable-abi/\" rel=\"nofollow\"\u003eWin32 is the only stable ABI on Linux\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-08-18-why-openbsd-documentation-is-good.html\" rel=\"nofollow\"\u003eWhy is the OpenBSD documentation so good?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2022/08/15/how-i-configure-dma-for-mail-delivery-in-jails-on-my-internet-hosts/\" rel=\"nofollow\"\u003eHow I configure dma for mail delivery in jails on my internet hosts\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sdadams.org/blog/introducing-muxfs/\" rel=\"nofollow\"\u003eIntroducing muxfs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220813110021\" rel=\"nofollow\"\u003eRAID 1C boot support added\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e[Oliver - shell tip)[\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/469/feedback/Oliver%20-%20shell%20tip.md\" rel=\"nofollow\"\u003ehttps://github.com/BSDNow/bsdnow.tv/blob/master/episodes/469/feedback/Oliver%20-%20shell%20tip.md\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD on the Framework Laptop, Win32 is the only stable ABI on Linux, why OpenBSD’s documentation is so good, configure dma for mail delivery in jails on internet hosts, introducing muxfs, RAID1C boot support, and more","date_published":"2022-09-15T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8d63b5c4-f59c-4142-a030-f0791de6b56a.mp3","mime_type":"audio/mpeg","size_in_bytes":65335680,"duration_in_seconds":2722}]},{"id":"6550223a-8916-4ffc-ab29-30b5caa18d2c","title":"471: De-Penguinization","url":"https://www.bsdnow.tv/471","content_text":"Ten Things To Do After Installing FreeBSD, BSD for Linux users, r2k22 Hackathon Report on rpki-client, Configuring OpenIKED, De-Penguin Me, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nTen Things To Do After Installing FreeBSD\n\n\n\nNews Roundup\n\nhpr3655 :: BSD for Linux users\n\n\n\nr2k22 Hackathon Report: Job Snijders (job@) on rpki-client and more\n\n\n\nConfiguring OpenIKED\n\n\n\nDe-Penguin Me\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eTen Things To Do After Installing FreeBSD, BSD for Linux users, r2k22 Hackathon Report on rpki-client, Configuring OpenIKED, De-Penguin Me, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bastillebsd.org/blog/2022/07/14/ten-things-to-do-after-installing-freebsd/\" rel=\"nofollow\"\u003eTen Things To Do After Installing FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hackerpublicradio.org/eps.php?id=3655\" rel=\"nofollow\"\u003ehpr3655 :: BSD for Linux users\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220701171631\" rel=\"nofollow\"\u003er2k22 Hackathon Report: Job Snijders (job@) on rpki-client and more\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.ircnow.org/index.php?n=Iked.Configure\" rel=\"nofollow\"\u003eConfiguring OpenIKED\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://depenguin.me/\" rel=\"nofollow\"\u003eDe-Penguin Me\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Ten Things To Do After Installing FreeBSD, BSD for Linux users, r2k22 Hackathon Report on rpki-client, Configuring OpenIKED, De-Penguin Me, and more ","date_published":"2022-09-08T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6550223a-8916-4ffc-ab29-30b5caa18d2c.mp3","mime_type":"audio/mpeg","size_in_bytes":70774272,"duration_in_seconds":2948}]},{"id":"3f9451dd-059e-44da-9055-d7e119765d55","title":"470: 0mp interview","url":"https://www.bsdnow.tv/470","content_text":"In this special episode, we are interviewing Mateusz Piotrowski about his various roles in the FreeBSD project, his ports work, and a few other interesting things he’s involved with. Enjoy this interview episode, we’ll be back with a regular episode next week.  \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nInterview - Mateusz Piotrowski - 0mp@freebsd.org / @0mpts\n\nInterview\n\n\nBR: Welcome Mateusz. Can you tell our audience a bit about yourself and how you got started with Unix/BSD?\nTJ: What can we blame you for (prior/current work, planned projects)?\nBR: You served as the first doceng secretary and joined the FreeBSD core team in this term. What interested you in these roles and what do you want to accomplish in this term?\nTJ: You are also busy with maintaining some FreeBSD ports. What ports are those?\nBR: Can you tell us a bit about your thesis work?\nTJ: What does open source work mean for you?\nBR: Do you have a cool Unix/BSD tip for us?\nTJ: Is there anything else that you'd like to mention before we let you go?\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Mateusz Piotrowski.","content_html":"\u003cp\u003eIn this special episode, we are interviewing Mateusz Piotrowski about his various roles in the FreeBSD project, his ports work, and a few other interesting things he’s involved with. Enjoy this interview episode, we’ll be back with a regular episode next week.  \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch2\u003eInterview - Mateusz Piotrowski - \u003ca href=\"mailto:0mp@freebsd.org\" rel=\"nofollow\"\u003e0mp@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/0mpts\" rel=\"nofollow\"\u003e@0mpts\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eInterview\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBR: Welcome Mateusz. Can you tell our audience a bit about yourself and how you got started with Unix/BSD?\u003c/li\u003e\n\u003cli\u003eTJ: What can we blame you for (prior/current work, planned projects)?\u003c/li\u003e\n\u003cli\u003eBR: You served as the first doceng secretary and joined the FreeBSD core team in this term. What interested you in these roles and what do you want to accomplish in this term?\u003c/li\u003e\n\u003cli\u003eTJ: You are also busy with maintaining some FreeBSD ports. What ports are those?\u003c/li\u003e\n\u003cli\u003eBR: Can you tell us a bit about your thesis work?\u003c/li\u003e\n\u003cli\u003eTJ: What does open source work mean for you?\u003c/li\u003e\n\u003cli\u003eBR: Do you have a cool Unix/BSD tip for us?\u003c/li\u003e\n\u003cli\u003eTJ: Is there anything else that you\u0026#39;d like to mention before we let you go?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Mateusz Piotrowski.\u003c/p\u003e","summary":"In this special episode, we are interviewing Mateusz Piotrowski about his various roles in the FreeBSD project, his ports work, and a few other interesting things he’s involved with. Enjoy this interview episode, we’ll be back with a regular episode next week.  ","date_published":"2022-09-01T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3f9451dd-059e-44da-9055-d7e119765d55.mp3","mime_type":"audio/mpeg","size_in_bytes":75793536,"duration_in_seconds":3158}]},{"id":"7c5cb6f6-6eba-4430-9347-89e87c1e230b","title":"469: Ctrl-C Reset","url":"https://www.bsdnow.tv/469","content_text":"FreeBSD Q2 2022 Status Report, FreeBSD in Science, fastest yes(1) in the west, Why Programmers Can’t \"Reset\" Programs With Ctrl-C, Run Slack in FreeBSD’s Linuxulator, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Q2 2022 Status Report\n\n\n\nFreeBSD in Science\n\n\n\nNews Roundup\n\nFastest yes(1) in the west\n\n\n\nCtrl-C: Why Programmers Can’t \"Reset\" Programs With Ctrl-C, but Used to Be Able To, and Why They Should Be Able to Again\n\n\n\nRun Slack in FreeBSD’s Linuxulator\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Q2 2022 Status Report, FreeBSD in Science, fastest yes(1) in the west, Why Programmers Can’t \u0026quot;Reset\u0026quot; Programs With Ctrl-C, Run Slack in FreeBSD’s Linuxulator, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2022-04-2022-06/\" rel=\"nofollow\"\u003eFreeBSD Q2 2022 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/guest-post-freebsd-in-science/\" rel=\"nofollow\"\u003eFreeBSD in Science\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://codegolf.stackexchange.com/questions/199528/fastest-yes-in-the-west/199622#199622\" rel=\"nofollow\"\u003eFastest yes(1) in the west\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kevinlawler.com/ctrl-c\" rel=\"nofollow\"\u003eCtrl-C: Why Programmers Can’t \u0026quot;Reset\u0026quot; Programs With Ctrl-C, but Used to Be Able To, and Why They Should Be Able to Again\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://meka.rs/blog/2022/07/01/freebsd-linuxulator/\" rel=\"nofollow\"\u003eRun Slack in FreeBSD’s Linuxulator\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Q2 2022 Status Report, FreeBSD in Science, fastest yes(1) in the west, Why Programmers Can’t \"Reset\" Programs With Ctrl-C, Run Slack in FreeBSD’s Linuxulator, and more.","date_published":"2022-08-25T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7c5cb6f6-6eba-4430-9347-89e87c1e230b.mp3","mime_type":"audio/mpeg","size_in_bytes":61200576,"duration_in_seconds":2550}]},{"id":"8142f047-532d-4b74-9f4f-45ee6e5f5e57","title":"468: Apples and CHERI","url":"https://www.bsdnow.tv/468","content_text":"Advocating for FreeBSD in 2022 and Beyond, NetBSD 9.3 released, OPNsense 22.7 available, CHERI-based computer runs KDE for the first time, Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac, and more\n\nNotes\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nAdvocating for FreeBSD in 2022 and Beyond\n\n\n\nNetBSD 9.3 released\n\n\n\nNews Roundup\n\nOPNsense 22.7 released\n\n\n\nCHERI-based computer runs KDE for the first time\n\n\n\nGuide: Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac\n\n\n\nBeastie Bits\n\n• [In -current, dhclient(8) now just logs warnings and executes ifconfig(8)](http://undeadly.org/cgi?action=article;sid=20220703114819)\n• [Freshly installed #NetBSD 4.0.1 booting on a 80386 DX40 with 8MB of RAM in 2022](https://twitter.com/lefinnois/status/1553246084675375104)\n• [nerdctl](https://twitter.com/woodsb02/status/1554481441060560898?s=28\u0026amp;t=8K7_A1RiWnCDU_Mme4_Yqw)\n• [Even more Randomness](https://undeadly.org/cgi?action=article;sid=20220731110742)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eAdvocating for FreeBSD in 2022 and Beyond, NetBSD 9.3 released, OPNsense 22.7 available, CHERI-based computer runs KDE for the first time, Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNotes\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/advocating-for-freebsd-in-2022-and-beyond/\" rel=\"nofollow\"\u003eAdvocating for FreeBSD in 2022 and Beyond\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/netbsd_9_3_released\" rel=\"nofollow\"\u003eNetBSD 9.3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=29507.0\" rel=\"nofollow\"\u003eOPNsense 22.7 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.theregister.com/2022/07/26/cheri_computer_runs_kde/\" rel=\"nofollow\"\u003eCHERI-based computer runs KDE for the first time\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gist.github.com/ctsrc/a1f57933a2cde9abc0f07be12889f97f\" rel=\"nofollow\"\u003eGuide: Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [In -current, dhclient(8) now just logs warnings and executes ifconfig(8)](http://undeadly.org/cgi?action=article;sid=20220703114819)\n• [Freshly installed #NetBSD 4.0.1 booting on a 80386 DX40 with 8MB of RAM in 2022](https://twitter.com/lefinnois/status/1553246084675375104)\n• [nerdctl](https://twitter.com/woodsb02/status/1554481441060560898?s=28\u0026amp;t=8K7_A1RiWnCDU_Mme4_Yqw)\n• [Even more Randomness](https://undeadly.org/cgi?action=article;sid=20220731110742)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Advocating for FreeBSD in 2022 and Beyond, NetBSD 9.3 released, OPNsense 22.7 available, CHERI-based computer runs KDE for the first time, Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac, and more","date_published":"2022-08-18T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8142f047-532d-4b74-9f4f-45ee6e5f5e57.mp3","mime_type":"audio/mpeg","size_in_bytes":22136952,"duration_in_seconds":2299}]},{"id":"9b71b507-e030-4903-b7ea-9abf525548cd","title":"467: Minecraft on NetBSD","url":"https://www.bsdnow.tv/467","content_text":"Installing BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the yes Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nInstalling BSDs on Cubieboard1\n\n\n\nSelf-hosting a static site with OpenBSD, httpd, and relayd\n\nNews Roundup\n\nNetBSD can also run a Minecraft server\n\n\n\nA Little Story About the yes Unix Command\n\n\n\nShell History: Unix\n\n\n\nOpenBGPD 7.5 released\n\n\n\nBeastie Bits\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nLudensen - Feedback\nVidar - OpenRGB\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eInstalling BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the \u003ccode\u003eyes\u003c/code\u003e Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mekboy.ru/post/bsd-on-cubieboard1.en/\" rel=\"nofollow\"\u003eInstalling BSDs on Cubieboard1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://citizen428.net/blog/self-hosting-static-site-openbsd-httpd-relayd/\" rel=\"nofollow\"\u003eSelf-hosting a static site with OpenBSD, httpd, and relayd\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/netbsd-can-also-run-a-minecraft-server/\" rel=\"nofollow\"\u003eNetBSD can also run a Minecraft server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://endler.dev/2017/yes/\" rel=\"nofollow\"\u003eA Little Story About the \u003ccode\u003eyes\u003c/code\u003e Unix Command\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://portal.mozz.us/gemini/auragem.space/%7Ekrixano/ShellHistory-Unix.pdf\" rel=\"nofollow\"\u003eShell History: Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220716101930\" rel=\"nofollow\"\u003eOpenBGPD 7.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Ludensen%20-%20Feedback.md\" rel=\"nofollow\"\u003eLudensen - Feedback\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Vidar%20-%20OpenRGB.md\" rel=\"nofollow\"\u003eVidar - OpenRGB\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Installing BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the `yes` Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more","date_published":"2022-08-11T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9b71b507-e030-4903-b7ea-9abf525548cd.mp3","mime_type":"audio/mpeg","size_in_bytes":29179728,"duration_in_seconds":2910}]},{"id":"507205dc-d2f0-4e96-ba40-fea8171e2125","title":"466: cat(1)’s efficiency","url":"https://www.bsdnow.tv/466","content_text":"Contributing to Open Source Beyond Software Development, bringing TLS 1.3 to the Internet of Old Things, How efficient can cat(1) be, boost the speed of Unix shell programs, Running FreeBSD VNET Jails on AWS EC2 with Bastille, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nContributing to Open Source Beyond Software Development\n\n\n\nCrypto Ancienne 2.0 now brings TLS 1.3 to the Internet of Old Things (except BeOS)\n\n\n\nNews Roundup\n\nHow efficient can cat(1) be?\n\n\n\nTechnique significantly boosts the speeds of programs that run in the Unix shell\n\n• [binpa.sh](http://binpa.sh/)\n\n\n\n\nRunning FreeBSD VNET Jails on AWS EC2 with Bastille\n\n\n\nBeastie Bits\n\nGame of Trees 0.74 released\nOpenBSD -current has moved to 7.2-beta\nA Unix Command Line Crash Course\nBSD.DOG vimrc\nFreeBSD Speedruns\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eContributing to Open Source Beyond Software Development, bringing TLS 1.3 to the Internet of Old Things, How efficient can cat(1) be, boost the speed of Unix shell programs, Running FreeBSD VNET Jails on AWS EC2 with Bastille, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/contributing-to-open-source-beyond-software-development/\" rel=\"nofollow\"\u003eContributing to Open Source Beyond Software Development\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://oldvcr.blogspot.com/2022/07/crypto-ancienne-20-now-brings-tls-13-to.html\" rel=\"nofollow\"\u003eCrypto Ancienne 2.0 now brings TLS 1.3 to the Internet of Old Things (except BeOS)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ariadne.space/2022/07/17/how-efficient-can-cat1-be/\" rel=\"nofollow\"\u003eHow efficient can cat(1) be?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://techxplore.com/news/2022-06-technique-significantly-boosts-unix-shell.html\" rel=\"nofollow\"\u003eTechnique significantly boosts the speeds of programs that run in the Unix shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [binpa.sh](http://binpa.sh/)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://pertho.net/posts/bastille-vnet-jails-ec2/\" rel=\"nofollow\"\u003eRunning FreeBSD VNET Jails on AWS EC2 with Bastille\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220720220958\" rel=\"nofollow\"\u003eGame of Trees 0.74 released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220721122727\" rel=\"nofollow\"\u003eOpenBSD -current has moved to 7.2-beta\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://itnext.io/unix-command-line-crash-course-453e409d62f5\" rel=\"nofollow\"\u003eA Unix Command Line Crash Course\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://bsd.dog/project/bsd-dog-vimrc/\" rel=\"nofollow\"\u003eBSD.DOG vimrc\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://wiki.freebsd.org/Speedruns\" rel=\"nofollow\"\u003eFreeBSD Speedruns\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Contributing to Open Source Beyond Software Development, bringing TLS 1.3 to the Internet of Old Things, How efficient can cat(1) be, boost the speed of Unix shell programs, Running FreeBSD VNET Jails on AWS EC2 with Bastille, and more","date_published":"2022-08-04T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/507205dc-d2f0-4e96-ba40-fea8171e2125.mp3","mime_type":"audio/mpeg","size_in_bytes":32073600,"duration_in_seconds":3219}]},{"id":"f6b15e42-bd5a-47de-9df4-b207d0becb33","title":"465: Deep Space Debugging","url":"https://www.bsdnow.tv/465","content_text":"Debugging Lisp in Deep Space, 0 Dependency Websites with OpenBSD \u0026amp; AsciiDoc, Deleting old snapshots on FreeBSD, Full multiprocess support in lldb-server, Basic fix between pf tables and macros, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nNASA Programmer Remembers Debugging Lisp in Deep Space\n\n\n\n0 Dependency Websites with OpenBSD \u0026amp; AsciiDoc\n\n\n\nNews Roundup\n\nFreeBSD - Deleting old snapshots\n\n\n\nFull multiprocess support in lldb-server\n\n\n\nBasic fix between pf tables and macros on FreeBSD\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBen - Jail Question\nMalcolm - encryption\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eDebugging Lisp in Deep Space, 0 Dependency Websites with OpenBSD \u0026amp; AsciiDoc, Deleting old snapshots on FreeBSD, Full multiprocess support in lldb-server, Basic fix between pf tables and macros, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://thenewstack.io/nasa-programmer-remembers-debugging-lisp-in-deep-space/\" rel=\"nofollow\"\u003eNASA Programmer Remembers Debugging Lisp in Deep Space\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.passwordclass.xyz/blogs/2022/06/0-dependency-websites-with-openbsd-asciidoc.html\" rel=\"nofollow\"\u003e0 Dependency Websites with OpenBSD \u0026amp; AsciiDoc\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.jan0sch.de/post/deleting-old-zfs-snapshots/\" rel=\"nofollow\"\u003eFreeBSD - Deleting old snapshots\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.moritz.systems/blog/full-multiprocess-support-in-lldb-server/\" rel=\"nofollow\"\u003eFull multiprocess support in lldb-server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/basic-fix-between-pf-tables-and-macros-on-freebsd/\" rel=\"nofollow\"\u003eBasic fix between pf tables and macros on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/464/feedback/Ben%20-%20Jail%20Question.md\" rel=\"nofollow\"\u003eBen - Jail Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/464/feedback/Malcolm%20-%20encryption.md\" rel=\"nofollow\"\u003eMalcolm - encryption\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Debugging Lisp in Deep Space, 0 Dependency Websites with OpenBSD \u0026 AsciiDoc, Deleting old snapshots on FreeBSD, Full multiprocess support in lldb-server, Basic fix between pf tables and macros, and more","date_published":"2022-07-28T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f6b15e42-bd5a-47de-9df4-b207d0becb33.mp3","mime_type":"audio/mpeg","size_in_bytes":24400296,"duration_in_seconds":2325}]},{"id":"c5e043ce-2ec3-4eef-8d99-0ca38ed1fad5","title":"464: Compiling with kefir","url":"https://www.bsdnow.tv/464","content_text":"From 0 to bhyve on FreeBSD, Analyze OpenBSD’s Kernel with Domain-Specific Knowledge, OpenBSD Webzine: ISSUE #10, HardenedBSD June 2022 Status Report, two new C compilers: chibicc and kefir in OpenBSD, SSD TRIM in NetBSD HEAD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFrom 0 to Bhyve on FreeBSD 13.1\n\n\n\nAnalyze OpenBSD’s Kernel with Domain-Specific Knowledge\n\n\n\nNews Roundup\n\nOpenBSD Webzine: ISSUE #10\n\n\n\nHardenedBSD June 2022 Status Report\n\n\n\nOpenBSD has two new C compilers: chibicc and kefir\n\n\n\nSSD TRIM in NetBSD HEAD (-current)\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFrom 0 to bhyve on FreeBSD, Analyze OpenBSD’s Kernel with Domain-Specific Knowledge, OpenBSD Webzine: ISSUE #10, HardenedBSD June 2022 Status Report, two new C compilers: chibicc and kefir in OpenBSD, SSD TRIM in NetBSD HEAD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/from-0-to-bhyve-on-freebsd-13-1/\" rel=\"nofollow\"\u003eFrom 0 to Bhyve on FreeBSD 13.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@chrissicool/analyze-openbsds-kernel-with-domain-specific-knowledge-ca665d92eebb\" rel=\"nofollow\"\u003eAnalyze OpenBSD’s Kernel with Domain-Specific Knowledge\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://webzine.puffy.cafe/issue-10.html\" rel=\"nofollow\"\u003eOpenBSD Webzine: ISSUE #10\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2022-06-28/hardenedbsd-june-2022-status-report\" rel=\"nofollow\"\u003eHardenedBSD June 2022 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://briancallahan.net/blog/20220629.html\" rel=\"nofollow\"\u003eOpenBSD has two new C compilers: chibicc and kefir\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unitedbsd.com/d/859-ssd-trim-in-netbsd-head-current\" rel=\"nofollow\"\u003eSSD TRIM in NetBSD HEAD (-current)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"From 0 to bhyve on FreeBSD, Analyze OpenBSD’s Kernel with Domain-Specific Knowledge, OpenBSD Webzine: ISSUE #10, HardenedBSD June 2022 Status Report, two new C compilers: chibicc and kefir in OpenBSD, SSD TRIM in NetBSD HEAD, and more","date_published":"2022-07-21T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c5e043ce-2ec3-4eef-8d99-0ca38ed1fad5.mp3","mime_type":"audio/mpeg","size_in_bytes":23780520,"duration_in_seconds":2360}]},{"id":"3131f5d6-8a20-474b-94c3-1da8ebac50ce","title":"463: The 1.0 Legend","url":"https://www.bsdnow.tv/463","content_text":"Differences between base and ports LLVM in OpenBSD, Netgraph for FreeBSD’s bhyve Networking, Audio on FreeBSD – Quick Guide, FreeBSD’s Legend starts at 1.0, Hacker News running by FreeBSD, TrueNAS 13, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nDifferences between base and ports LLVM in OpenBSD\n\n\n\nUsing Netgraph for FreeBSD’s bhyve Networking\n\n\n\nNews Roundup\n\nAudio on FreeBSD – Quick Guide\n\n[Legends start at 1.0! – FreeBSD in 1993]\n\n\nPart 1\nPart 2\n***\n### Hacker News running by FreeBSD. Take that, Linux!\n***\n### TrueNAS 13\n***\n\n\nBeastie Bits\n\n\nNotable OpenBSD news you may have missed, 2022-06-28 edition\nrEFInd design for all the BSDs\nOpenBGPD 7.4 released\nHotfix GhostBSD 22.06.18 ISO is now available\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - Jails Question\nFreezr - A few questions\nA different Brad - Drive question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eDifferences between base and ports LLVM in OpenBSD, Netgraph for FreeBSD’s bhyve Networking, Audio on FreeBSD – Quick Guide, FreeBSD’s Legend starts at 1.0, Hacker News running by FreeBSD, TrueNAS 13, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/differences-between-base-and-ports-llvm-in-openbsd/\" rel=\"nofollow\"\u003eDifferences between base and ports LLVM in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/using-netgraph-for-freebsds-bhyve-networking/?utm_source=bsdweekly\" rel=\"nofollow\"\u003eUsing Netgraph for FreeBSD’s bhyve Networking\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/freebsd-project/resources/audio-on-freebsd/\" rel=\"nofollow\"\u003eAudio on FreeBSD – Quick Guide\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e[Legends start at 1.0! – FreeBSD in 1993]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2022/06/18/legends-start-at-1-0-freebsd-in-1993-pt-1/\" rel=\"nofollow\"\u003ePart 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2022/06/19/legends-start-at-1-0-freebsd-in-1993-pt-2/\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e\n***\n### \u003ca href=\"https://news.ycombinator.com/item?id=16076041\" rel=\"nofollow\"\u003eHacker News running by FreeBSD. Take that, Linux!\u003c/a\u003e\n***\n### \u003ca href=\"https://www.theregister.com/2022/05/11/truenas_13_released/\" rel=\"nofollow\"\u003eTrueNAS 13\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220628135253\" rel=\"nofollow\"\u003eNotable OpenBSD news you may have missed, 2022-06-28 edition\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indgy/refind-bsd-black\" rel=\"nofollow\"\u003erEFInd design for all the BSDs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220619185920\" rel=\"nofollow\"\u003eOpenBGPD 7.4 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://ghostbsd.org/22.06.18_iso_is_now_available\" rel=\"nofollow\"\u003eHotfix GhostBSD 22.06.18 ISO is now available\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Brad%20-%20Jails%20Question.md\" rel=\"nofollow\"\u003eBrad - Jails Question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Freezr%20-%20A%20few%20questions.md\" rel=\"nofollow\"\u003eFreezr - A few questions\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/A%20different%20Brad%20-%20Drive%20question.md\" rel=\"nofollow\"\u003eA different Brad - Drive question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Differences between base and ports LLVM in OpenBSD, Netgraph for FreeBSD’s bhyve Networking, Audio on FreeBSD – Quick Guide, FreeBSD’s Legend starts at 1.0, Hacker News running by FreeBSD, TrueNAS 13, and more","date_published":"2022-07-14T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3131f5d6-8a20-474b-94c3-1da8ebac50ce.mp3","mime_type":"audio/mpeg","size_in_bytes":32116704,"duration_in_seconds":3311}]},{"id":"6db1831f-5ad9-4b9b-a29d-6acb2e5399c6","title":"462: OpenBSD Sales Pitch","url":"https://www.bsdnow.tv/462","content_text":"The Design and Implementation of the NetBSD rc.d system, selling OpenBSD as a salesperson, Speeding up autoconf with caching, Allowing non-root execution of a jailed application, Configure login(1) and sshd(8) for YubiKey on OpenBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe Design and Implementation of the NetBSD rc.d system\n\n\n\nHow I would sell OpenBSD as a salesperson\n\n\n\nNews Roundup\n\nSpeeding up autoconf with caching\n\n\n\nAllowing non-root execution of a jailed application\n\n\n\nConfigure login(1) and sshd(8) for YubiKey on OpenBSD\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nGlen - Thanks Todd\nKarl - Memory Question\nalejandro - Tom's laptop\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThe Design and Implementation of the NetBSD rc.d system, selling OpenBSD as a salesperson, Speeding up autoconf with caching, Allowing non-root execution of a jailed application, Configure login(1) and sshd(8) for YubiKey on OpenBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.mewburn.net/luke/papers/rc.d.pdf\" rel=\"nofollow\"\u003eThe Design and Implementation of the NetBSD rc.d system\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-06-22-openbsd-selling-arguments.html\" rel=\"nofollow\"\u003eHow I would sell OpenBSD as a salesperson\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2022/06/autoconf-caching.html\" rel=\"nofollow\"\u003eSpeeding up autoconf with caching\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.freebsd.org/threads/allowing-non-root-execution-of-a-jailed-application.85532/\" rel=\"nofollow\"\u003eAllowing non-root execution of a jailed application\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://romanzolotarev.com/openbsd/yubikey.html\" rel=\"nofollow\"\u003eConfigure login(1) and sshd(8) for YubiKey on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/462/feedback/Glen%20-%20Thanks%20Todd.md\" rel=\"nofollow\"\u003eGlen - Thanks Todd\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/462/feedback/Karl%20-%20Memory%20Question.md\" rel=\"nofollow\"\u003eKarl - Memory Question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/462/feedback/alejandro%20-%20Tom\u0026#x27;s%20laptop.md\" rel=\"nofollow\"\u003ealejandro - Tom\u0026#39;s laptop\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The Design and Implementation of the NetBSD rc.d system, selling OpenBSD as a salesperson, Speeding up autoconf with caching, Allowing non-root execution of a jailed application, Configure login(1) and sshd(8) for YubiKey on OpenBSD, and more.","date_published":"2022-07-07T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6db1831f-5ad9-4b9b-a29d-6acb2e5399c6.mp3","mime_type":"audio/mpeg","size_in_bytes":31027704,"duration_in_seconds":3229}]},{"id":"8809dc88-c752-4733-9f19-4bcd7e2ca683","title":"461: Persistent Memory Allocation","url":"https://www.bsdnow.tv/461","content_text":"Q1 FreeBSD Quarterly Status Report 2022, Nginx on OpenBSD 7.1, Persistent Memory Allocation, Colorize your BSD shell, cgit With Gitolite and Nginx on FreeBSD 13, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Quarterly Status Report First Quarter 2022\n\n\n\nInstalling Nginx on OpenBSD 7.1\n\n\n\nNews Roundup\n\nLive Webinar: Open-source Virtualization: Getting started with bhyve \n\n\nHosted by Jim Salter and Allan Jude\nLive July 12th at 13:00 ET\nAvailable on-demand a few days later\n\n\n\n\nPersistent Memory Allocation\n\n\n\nColorize your BSD shell\n\n\n\nHow to Install cgit With Gitolite and Nginx on FreeBSD 13\n\n\n\nEuroBSDCon 2022 (Austria) Program announced\n\n\nCome to Austria and learn about the latest happenings in the BSDs\n2 days of tutorials, and 2 days of 3 concurrent tracks of talks\nRegistration is open now. See you there!\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - Drive question\nCarl - Wiring question\nJon - Jails question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eQ1 FreeBSD Quarterly Status Report 2022, Nginx on OpenBSD 7.1, Persistent Memory Allocation, Colorize your BSD shell, cgit With Gitolite and Nginx on FreeBSD 13, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2022-01-2022-03/\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report First Quarter 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://unixcop.com/installing-nginx-on-openbsd-7-1/\" rel=\"nofollow\"\u003eInstalling Nginx on OpenBSD 7.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/webinars/live-sessions-singup/webinar-open-source-virtualization-getting-started-with-bhyve/\" rel=\"nofollow\"\u003eLive Webinar: Open-source Virtualization: Getting started with bhyve \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHosted by Jim Salter and Allan Jude\u003c/li\u003e\n\u003cli\u003eLive July 12th at 13:00 ET\u003c/li\u003e\n\u003cli\u003eAvailable on-demand a few days later\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://queue.acm.org/detail.cfm?id=3534855\" rel=\"nofollow\"\u003ePersistent Memory Allocation\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/colorize-your-bsd-shell.85458/\" rel=\"nofollow\"\u003eColorize your BSD shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://herrbischoff.com/2021/10/how-to-install-cgit-with-gitolite-and-nginx-on-freebsd-13\" rel=\"nofollow\"\u003eHow to Install cgit With Gitolite and Nginx on FreeBSD 13\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2022.eurobsdcon.org/program/\" rel=\"nofollow\"\u003eEuroBSDCon 2022 (Austria) Program announced\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCome to Austria and learn about the latest happenings in the BSDs\u003c/li\u003e\n\u003cli\u003e2 days of tutorials, and 2 days of 3 concurrent tracks of talks\u003c/li\u003e\n\u003cli\u003eRegistration is open now. See you there!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/461/feedback/Brad%20-%20Drive%20question.md\" rel=\"nofollow\"\u003eBrad - Drive question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/461/feedback/Carl%20-%20Wiring%20question.md\" rel=\"nofollow\"\u003eCarl - Wiring question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/461/feedback/Jon%20-%20Jails%20question.md\" rel=\"nofollow\"\u003eJon - Jails question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Q1 FreeBSD Quarterly Status Report 2022, Nginx on OpenBSD 7.1, Persistent Memory Allocation, Colorize your BSD shell, cgit With Gitolite and Nginx on FreeBSD 13, and more","date_published":"2022-06-30T03:45:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8809dc88-c752-4733-9f19-4bcd7e2ca683.mp3","mime_type":"audio/mpeg","size_in_bytes":28160232,"duration_in_seconds":2980}]},{"id":"9c05a38c-a1d1-467b-aac4-a360bedcb20f","title":"460: OpenBSD airport folklore","url":"https://www.bsdnow.tv/460","content_text":"Containerd gains support for launching Linux containers on FreeBSD, OpenBSD 7.1 on PINE64 RockPro64, true minimalistic window manager does not exist, OpenBSD folklore, HardenedBSD May 2022 Status Report, DragonFlyBSD 6.2.2 out, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nContainerd gains support for launching Linux containers on FreeBSD\n\n\nUses Linux compat and the Linux Jails concept to deploy a full Linux container userland on FreeBSD\n\n\n\n\nOpenBSD 7.1 on PINE64 RockPro64\n\n\n\nNews Roundup\n\nLive Webinar: Open-source Virtualization: Getting started with bhyve \n\n\nHosted by Jim Salter and Allan Jude\nLive July 12th at 13:00 ET\nAvailable on-demand a few days later\n\n\n\n\nThe True Minimalistic Window Manager Does Not Exist\n\n\n\nOpenBSD folklore and share/misc/airport\n\n\n\nHardenedBSD May 2022 Status Report\n\n\n\nDragonFlyBSD 6.2.2 out\n\n\nChangelog\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nNorbert - question\nPaulo - network question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eContainerd gains support for launching Linux containers on FreeBSD, OpenBSD 7.1 on PINE64 RockPro64, true minimalistic window manager does not exist, OpenBSD folklore, HardenedBSD May 2022 Status Report, DragonFlyBSD 6.2.2 out, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/containerd/containerd/pull/7000\" rel=\"nofollow\"\u003eContainerd gains support for launching Linux containers on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUses Linux compat and the Linux Jails concept to deploy a full Linux container userland on FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsandro.tech/posts/openbsd-7.1-on-pine64-rockpro64/\" rel=\"nofollow\"\u003eOpenBSD 7.1 on PINE64 RockPro64\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/webinars/live-sessions-singup/webinar-open-source-virtualization-getting-started-with-bhyve/\" rel=\"nofollow\"\u003eLive Webinar: Open-source Virtualization: Getting started with bhyve \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHosted by Jim Salter and Allan Jude\u003c/li\u003e\n\u003cli\u003eLive July 12th at 13:00 ET\u003c/li\u003e\n\u003cli\u003eAvailable on-demand a few days later\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://serhanekici.com/ttmwm.html\" rel=\"nofollow\"\u003eThe True Minimalistic Window Manager Does Not Exist\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/openbsd-folklore-and-share-misc-airport/\" rel=\"nofollow\"\u003eOpenBSD folklore and share/misc/airport\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2022-06-01/hardenedbsd-may-2022-status-report\" rel=\"nofollow\"\u003eHardenedBSD May 2022 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2022/06/10/27047.html\" rel=\"nofollow\"\u003eDragonFlyBSD 6.2.2 out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.dragonflybsd.org/pipermail/commits/2022-June/820953.html\" rel=\"nofollow\"\u003eChangelog\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/460/feedback/Norbert%20-%20question.md\" rel=\"nofollow\"\u003eNorbert - question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/460/feedback/Paulo%20-%20network%20question.md\" rel=\"nofollow\"\u003ePaulo - network question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Containerd gains support for launching Linux containers on FreeBSD, OpenBSD 7.1 on PINE64 RockPro64, true minimalistic window manager does not exist, OpenBSD folklore, HardenedBSD May 2022 Status Report, DragonFlyBSD 6.2.2 out, and more","date_published":"2022-06-23T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9c05a38c-a1d1-467b-aac4-a360bedcb20f.mp3","mime_type":"audio/mpeg","size_in_bytes":23500632,"duration_in_seconds":2258}]},{"id":"111c15bd-3906-4d2b-aaec-9d29bc06672a","title":"459: NetBSD Kernel benchmark","url":"https://www.bsdnow.tv/459","content_text":"Evaluating FreeBSD CURRENT for Production Use, Time Machine-like Backups on OpenBSD, FreeBSD on the Graviton 3, Compiling the NetBSD kernel as a benchmark, Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022, Hardware Detection \u0026amp; Diagnostics for New FreeBSD Users, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nEvaluating FreeBSD CURRENT for Production Use\n\n\n\nTime Machine like Backups on OpenBSD\n\n\n\nNews Roundup\n\nFreeBSD on the Graviton 3\n\n\n\nCompiling the NetBSD kernel as a benchmark\n\n\n\nNetwork Management with the OpenBSD Packet Filter Toolset from BSDCan 2022\n\n\n\nHardware Detection \u0026amp; Diagnostics for New FreeBSD Users \u0026amp; PCs\n\n\n\nBeastie Bits\n\n• [NetBSD - Announcing Google Summer of Code 2022 projects](https://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code3)\n• [Welcome FreeBSD Google Summer of Code Participants](https://freebsdfoundation.org/blog/welcome-freebsd-google-summer-of-code-participants/)\n• [Network from Scratch](https://www.networksfromscratch.com)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eEvaluating FreeBSD CURRENT for Production Use, Time Machine-like Backups on OpenBSD, FreeBSD on the Graviton 3, Compiling the NetBSD kernel as a benchmark, Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022, Hardware Detection \u0026amp; Diagnostics for New FreeBSD Users, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/evaluating-freebsd-current-for-production-use/\" rel=\"nofollow\"\u003eEvaluating FreeBSD CURRENT for Production Use\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://xosc.org/timemachine.html\" rel=\"nofollow\"\u003eTime Machine like Backups on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.daemonology.net/blog/2022-05-23-FreeBSD-Graviton-3.html\" rel=\"nofollow\"\u003eFreeBSD on the Graviton 3\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.anotherhomepage.org/post/2022/05/25/Compiling-the-NetBSD-kernel-as-a-benchmark/\" rel=\"nofollow\"\u003eCompiling the NetBSD kernel as a benchmark\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220607112236\" rel=\"nofollow\"\u003eNetwork Management with the OpenBSD Packet Filter Toolset from BSDCan 2022\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/hardware-detection-diagnostics-for-new-freebsd-users-pcs.84596/\" rel=\"nofollow\"\u003eHardware Detection \u0026amp; Diagnostics for New FreeBSD Users \u0026amp; PCs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [NetBSD - Announcing Google Summer of Code 2022 projects](https://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code3)\n• [Welcome FreeBSD Google Summer of Code Participants](https://freebsdfoundation.org/blog/welcome-freebsd-google-summer-of-code-participants/)\n• [Network from Scratch](https://www.networksfromscratch.com)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Evaluating FreeBSD CURRENT for Production Use, Time Machine-like Backups on OpenBSD, FreeBSD on the Graviton 3, Compiling the NetBSD kernel as a benchmark, Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022, Hardware Detection \u0026 Diagnostics for New FreeBSD Users, and more","date_published":"2022-06-16T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/111c15bd-3906-4d2b-aaec-9d29bc06672a.mp3","mime_type":"audio/mpeg","size_in_bytes":32577552,"duration_in_seconds":3245}]},{"id":"a8dc34c4-e5aa-4409-bc38-28b891bf97a4","title":"458: Traceroute interpretation","url":"https://www.bsdnow.tv/458","content_text":"Fundamentals of the FreeBSD Shell, Spammers in the Public Cloud, locking user accounts properly, overgrowth on NetBSD, moreutils, ctwm \u0026amp; spleen, interpreting a traceroute, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFundamentals of the FreeBSD Shell\n\n\n\nSpammers in the Public Cloud, Protected by SPF; Intensified Password Groping Still Ongoing; Spamware Hawked to Spamtraps\n\n\n\nNews Roundup\n\nA cautionary tale about locking Linux \u0026amp; FreeBSD user accounts\n\n\n\nOvergrowth runs on NetBSD\n\n\n\nmoreutils\n\n\n\nNetBSD, CTWM, and Spleen\n\n\n\nHow to properly interpret a traceroute or mtr\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\nLets talk a bit about some of the events happening this year, BSDCan in virtual this weekend, emfcamp is this weekend too and in person, MCH is this summer and eurobsdcon is in september. How were the postgres conferences benedict?\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFundamentals of the FreeBSD Shell, Spammers in the Public Cloud, locking user accounts properly, overgrowth on NetBSD, moreutils, ctwm \u0026amp; spleen, interpreting a traceroute, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/interacting-with-freebsd-learning-the-fundamentals-of-the-freebsd-shell-2/\" rel=\"nofollow\"\u003eFundamentals of the FreeBSD Shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdly.blogspot.com/2022/04/spammers-in-public-cloud-protected-by.html\" rel=\"nofollow\"\u003eSpammers in the Public Cloud, Protected by SPF; Intensified Password Groping Still Ongoing; Spamware Hawked to Spamtraps\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/networking/a-cautionary-tale-about-locking-linux-freebsd-user-accounts/\" rel=\"nofollow\"\u003eA cautionary tale about locking Linux \u0026amp; FreeBSD user accounts\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/openbsd_gaming/comments/ucgavg/i_was_able_to_build_overgrowth_on_netbsd/\" rel=\"nofollow\"\u003eOvergrowth runs on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://joeyh.name/code/moreutils/\" rel=\"nofollow\"\u003emoreutils\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/netbsd-ctwm-and-spleen/\" rel=\"nofollow\"\u003eNetBSD, CTWM, and Spleen\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://phil.lavin.me.uk/2022/03/how-to-properly-interpret-a-traceroute-or-mtr/\" rel=\"nofollow\"\u003eHow to properly interpret a traceroute or mtr\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003eLets talk a bit about some of the events happening this year, BSDCan in virtual this weekend, emfcamp is this weekend too and in person, MCH is this summer and eurobsdcon is in september. How were the postgres conferences benedict?\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Fundamentals of the FreeBSD Shell, Spammers in the Public Cloud, locking user accounts properly, overgrowth on NetBSD, moreutils, ctwm \u0026 spleen, interpreting a traceroute, and more","date_published":"2022-06-09T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a8dc34c4-e5aa-4409-bc38-28b891bf97a4.mp3","mime_type":"audio/mpeg","size_in_bytes":28773216,"duration_in_seconds":2921}]},{"id":"4cb3f0eb-514d-4a26-9173-15d6eab282c0","title":"457: The NetBSD Wheelbarrow","url":"https://www.bsdnow.tv/457","content_text":"Journey to ZFS RAIDZ1 on NetBSD, FreeBSD networking basics: WiFi and Bluetooth, smuggling code into the playstation via NetBSD driver hole, KDE FreeBSD CI, remembering buildtool, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe journey to ZFS raidz1 with different sized disks (On NetBSD) (Wheelbarrow optional)\n\n\n\nFreeBSD Networking Basics: WiFi and Bluetooth\n\n\n\nNews Roundup\n\nPlaystation: Hole in NetBSD driver could allow code smuggling\n\n\nArchive link if the page is down (no images)\nOriginal Announcment\nGerman Article\n\n\n\n\nKDE-FreeBSD CI\n\n\n\nRemembering Buildtool\n\n\n\nBeastie Bits\n\nBy the Way... Kubernetes for FreeBSD\nFreeBSD Games Directory\nCandlelit Console patch set to the framebuffer console\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDan - A couple things\nPaul - BSD Business Justifications\nTodd - Feedback to prior feedback\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eJourney to ZFS RAIDZ1 on NetBSD, FreeBSD networking basics: WiFi and Bluetooth, smuggling code into the playstation via NetBSD driver hole, KDE FreeBSD CI, remembering buildtool, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://netbsd0.blogspot.com/2022/05/the-journey-to-zfs-raidz1-with.html\" rel=\"nofollow\"\u003eThe journey to ZFS raidz1 with different sized disks (On NetBSD) (Wheelbarrow optional)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/freebsd-project/resources/networking-basics-wifi-and-bluetooth/\" rel=\"nofollow\"\u003eFreeBSD Networking Basics: WiFi and Bluetooth\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.kiratas.com/playstation-hole-in-netbsd-driver-could-allow-code-smuggling-2/\" rel=\"nofollow\"\u003ePlaystation: Hole in NetBSD driver could allow code smuggling\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://web.archive.org/web/20220519162432/https://www.kiratas.com/playstation-hole-in-netbsd-driver-could-allow-code-smuggling-2/\" rel=\"nofollow\"\u003eArchive link if the page is down (no images)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackerone.com/reports/1350653\" rel=\"nofollow\"\u003eOriginal Announcment\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.heise.de/news/Playstation-Luecke-in-NetBSD-Treiber-koennte-Codeschmuggel-ermoeglichen-7091153.html\" rel=\"nofollow\"\u003eGerman Article\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl//kde/2022/04/26/freebsd-ci.html\" rel=\"nofollow\"\u003eKDE-FreeBSD CI\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2022/05/remembering-buildtool.html\" rel=\"nofollow\"\u003eRemembering Buildtool\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://medium.com/@norlin.t/by-the-way-kubernetes-for-freebsd-d0ba4dab8d8e\" rel=\"nofollow\"\u003eBy the Way... Kubernetes for FreeBSD\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/tigersharke/FreeBSD-Games-Directory\" rel=\"nofollow\"\u003eFreeBSD Games Directory\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220516093712\" rel=\"nofollow\"\u003eCandlelit Console patch set to the framebuffer console\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/457/feedback/Dan%20-%20A%20couple%20things.md\" rel=\"nofollow\"\u003eDan - A couple things\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/457/feedback/Paul%20-%20BSD%20Business%20Justifications.md\" rel=\"nofollow\"\u003ePaul - BSD Business Justifications\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/457/feedback/Todd%20-%20Feedback%20to%20prior%20feedback.md\" rel=\"nofollow\"\u003eTodd - Feedback to prior feedback\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Journey to ZFS RAIDZ1 on NetBSD, FreeBSD networking basics: WiFi and Bluetooth, smuggling code into the playstation via NetBSD driver hole, KDE FreeBSD CI, remembering buildtool, and more","date_published":"2022-06-02T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4cb3f0eb-514d-4a26-9173-15d6eab282c0.mp3","mime_type":"audio/mpeg","size_in_bytes":27225288,"duration_in_seconds":2823}]},{"id":"634c66ea-7d91-4d0d-bb47-5d55f50b7029","title":"456: FreeBSD 13.1","url":"https://www.bsdnow.tv/456","content_text":"FreeBSD 13.1 is released, Unix command line conventions over time, Branching for NetBSD 10, Microbhyve, Own your Calendar and Contacts with OpenBSD, the PSARC case for ZFS, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD 13.1 Release is available\n\nUnix command line conventions over time\n\n\n\nNews Roundup\n\nBranching for NetBSD 10\n\n\n\nMicrobyhve\n\n\n\nOwn Your Calendar \u0026amp; Contacts With OpenBSD, Baïkal, and FOSS Android\n\n\n\nTwenty years ago today, Jeff filed the PSARC case for the ZFS filesystem\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nScott - FreeBSD and supercomputing\nNick - Thanks and some shout outs\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD 13.1 is released, Unix command line conventions over time, Branching for NetBSD 10, Microbhyve, Own your Calendar and Contacts with OpenBSD, the PSARC case for ZFS, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/13.1R/announce/\" rel=\"nofollow\"\u003eFreeBSD 13.1 Release is available\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.liw.fi/posts/2022/05/07/unix-cli/\" rel=\"nofollow\"\u003eUnix command line conventions over time\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/current-users/2022/05/02/msg042278.html\" rel=\"nofollow\"\u003eBranching for NetBSD 10\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/cbsd/microbhyve\" rel=\"nofollow\"\u003eMicrobyhve\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://baak6.com/baikal-openbsd-fossdroid/\" rel=\"nofollow\"\u003eOwn Your Calendar \u0026amp; Contacts With OpenBSD, Baïkal, and FOSS Android\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/mmusante/status/1518947283626246145?t=tzR6KeMx2mhjJfeoOqrHIw\u0026s=03\" rel=\"nofollow\"\u003eTwenty years ago today, Jeff filed the PSARC case for the ZFS filesystem\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Scott%20-%20FreeBSD%20and%20supercomputing.md\" rel=\"nofollow\"\u003eScott - FreeBSD and supercomputing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Nick%20-%20Thanks%20and%20some%20shout%20outs.md\" rel=\"nofollow\"\u003eNick - Thanks and some shout outs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 13.1 is released, Unix command line conventions over time, Branching for NetBSD 10, Microbhyve, Own your Calendar and Contacts with OpenBSD, the PSARC case for ZFS, and more","date_published":"2022-05-26T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/634c66ea-7d91-4d0d-bb47-5d55f50b7029.mp3","mime_type":"audio/mpeg","size_in_bytes":29382912,"duration_in_seconds":3079}]},{"id":"9b545f6d-5e83-47f1-93c0-9be7f81b9cee","title":"455: Ken Thompson Singularity","url":"https://www.bsdnow.tv/455","content_text":"OpenBSD is the Perfect OS post Nuclear Apocalypse, Multiprocess support for LLDB, porting the new Hare compiler to OpenBSD, Writing my first OpenBSD game using Godot, FreeBSD 13 on Thinkpad T460s, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD is the Perfect OS post Nuclear Apocalypse\n\n\n\nMultiprocess support for LLDB\n\n\n\nNews Roundup\n\nI ported the new Hare compiler to OpenBSD\n\n\n\nWriting my first OpenBSD game using Godot\n\n\n\nFreeBSD 13 on Thinkpad T460s\n\n\n\nBeastie Bits\n\nOpen Source Voices interview with Deb Goodkin\nTachyum Successfully Runs FreeBSD in Prodigy Ecosystem, Expands Open-Source OS Support\nMidnightBSD Minor Update 2.1.7\nLibreSSL 3.5.2 Released\nOpenBGPD 7.3 is out\nPlaying the game Bottomless on OpenBSD\nWindows Central: OpenBSD already has a version for Apple Silicon\nOpenBSD Webzine #9 is out\nIn the \"Everone makes mistakes catagory\" : I forgot to enable compression on ZFS\n\"Ken Thompson is a singularity\" ~Brian Kernighan\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBen - Securing FreeBSD\nDave - BSD certifications\nSam - maintaining a port\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenBSD is the Perfect OS post Nuclear Apocalypse, Multiprocess support for LLDB, porting the new Hare compiler to OpenBSD, Writing my first OpenBSD game using Godot, FreeBSD 13 on Thinkpad T460s, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://confuzeus.com/shorts/openbsd-nuclear-apocalypse/\" rel=\"nofollow\"\u003eOpenBSD is the Perfect OS post Nuclear Apocalypse\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.moritz.systems/blog/multiprocess-support-for-lldb/\" rel=\"nofollow\"\u003eMultiprocess support for LLDB\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://briancallahan.net/blog/20220427.html\" rel=\"nofollow\"\u003eI ported the new Hare compiler to OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-04-28-writing-a-game-with-godot.html\" rel=\"nofollow\"\u003eWriting my first OpenBSD game using Godot\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2022/freebsd-13-on-thinkpad-t460s/\" rel=\"nofollow\"\u003eFreeBSD 13 on Thinkpad T460s\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.opensourcevoices.org/29\" rel=\"nofollow\"\u003eOpen Source Voices interview with Deb Goodkin\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.hpcwire.com/off-the-wire/tachyum-successfully-runs-freebsd-in-prodigy-ecosystem-expands-open-source-os-support/\" rel=\"nofollow\"\u003eTachyum Successfully Runs FreeBSD in Prodigy Ecosystem, Expands Open-Source OS Support\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://midnightbsd.org/security/index.html#a20220404\" rel=\"nofollow\"\u003eMidnightBSD Minor Update 2.1.7\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://bsdsec.net/articles/libressl-3-5-2-released\" rel=\"nofollow\"\u003eLibreSSL 3.5.2 Released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220414091532\" rel=\"nofollow\"\u003eOpenBGPD 7.3 is out\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://videos.pair2jeux.tube/w/jheVDTPmBTQzkmSpNSvk8J\" rel=\"nofollow\"\u003ePlaying the game Bottomless on OpenBSD\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://windows11central.com/en/openbsd-already-has-a-version-for-apple-silicon/\" rel=\"nofollow\"\u003eWindows Central: OpenBSD already has a version for Apple Silicon\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://webzine.puffy.cafe/issue-9.html\" rel=\"nofollow\"\u003eOpenBSD Webzine #9 is out\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://dan.langille.org/2022/04/28/i-forgot-to-enable-compression-on-zfs/\" rel=\"nofollow\"\u003eIn the \u0026quot;Everone makes mistakes catagory\u0026quot; : I forgot to enable compression on ZFS\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.youtube.com/watch?v=fL2QwyxcJ5s\" rel=\"nofollow\"\u003e\u0026quot;Ken Thompson is a singularity\u0026quot; ~Brian Kernighan\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/455/feedback/Ben%20-%20Securing%20FreeBSD.md\" rel=\"nofollow\"\u003eBen - Securing FreeBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/455/feedback/Dave%20-%20BSD%20certifications.md\" rel=\"nofollow\"\u003eDave - BSD certifications\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/455/feedback/Sam%20-%20maintaining%20a%20port.md\" rel=\"nofollow\"\u003eSam - maintaining a port\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD is the Perfect OS post Nuclear Apocalypse, Multiprocess support for LLDB, porting the new Hare compiler to OpenBSD, Writing my first OpenBSD game using Godot, FreeBSD 13 on Thinkpad T460s, and more.","date_published":"2022-05-19T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9b545f6d-5e83-47f1-93c0-9be7f81b9cee.mp3","mime_type":"audio/mpeg","size_in_bytes":27344184,"duration_in_seconds":2721}]},{"id":"4bfd5be2-a833-45ee-b097-a68a8af6b122","title":"454: Compiling 50% faster","url":"https://www.bsdnow.tv/454","content_text":"OpenBSD 7.1 is out, Building Your Own FreeBSD-based NAS with ZFS Part 2, Let's try V on OpenBSD, Waiting for Randot, Compiling an OpenBSD kernel 50% faster, A Salute for 10+ years of service, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nOpenBSD 7.1 is out\n\n\n\nBuilding Your Own FreeBSD-based NAS with ZFS Part 2\n\n\n\nNews Roundup\n\nLet's try V on OpenBSD\n\n\n\nWaiting for Randot (or: nia and maya were right and I was wrong)\n\n\n\nCompiling an openbsd kernel 50% faster\n\n\n\nA Salute for 10+ years of service  https://archive.ph/JL5hf (if the site is down)\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nGlenn - Toms Home Lab\nI_am_chunky_pie - unix tool writing\nMike - Making Routers\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenBSD 7.1 is out, Building Your Own FreeBSD-based NAS with ZFS Part 2, Let\u0026#39;s try V on OpenBSD, Waiting for Randot, Compiling an OpenBSD kernel 50% faster, A Salute for 10+ years of service, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/71.html\" rel=\"nofollow\"\u003eOpenBSD 7.1 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/part-2-tuning-your-freebsd-configuration-for-your-nas/\" rel=\"nofollow\"\u003eBuilding Your Own FreeBSD-based NAS with ZFS Part 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://briancallahan.net/blog/20220426.html\" rel=\"nofollow\"\u003eLet\u0026#39;s try V on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/tech-security/2021/01/11/msg001100.html\" rel=\"nofollow\"\u003eWaiting for Randot (or: nia and maya were right and I was wrong)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://flak.tedunangst.com/post/compiling-an-openbsd-kernel-50-faster\" rel=\"nofollow\"\u003eCompiling an openbsd kernel 50% faster\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://aboutbsd.net/?page_id=26661\" rel=\"nofollow\"\u003eA Salute for 10+ years of service\u003c/a\u003e  \u003ca href=\"https://archive.ph/JL5hf\" rel=\"nofollow\"\u003ehttps://archive.ph/JL5hf\u003c/a\u003e (if the site is down)\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/454/feedback/Glenn%20-%20Toms%20Home%20Lab.md\" rel=\"nofollow\"\u003eGlenn - Toms Home Lab\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/454/feedback/I_am_chunky_pie%20-%20unix%20tool%20writing.md\" rel=\"nofollow\"\u003eI_am_chunky_pie - unix tool writing\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/454/feedback/Mike%20-%20Making%20Routers.md\" rel=\"nofollow\"\u003eMike - Making Routers\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD 7.1 is out, Building Your Own FreeBSD-based NAS with ZFS Part 2, Let's try V on OpenBSD, Waiting for Randot, Compiling an OpenBSD kernel 50% faster, A Salute for 10+ years of service, and more","date_published":"2022-05-12T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4bfd5be2-a833-45ee-b097-a68a8af6b122.mp3","mime_type":"audio/mpeg","size_in_bytes":28305048,"duration_in_seconds":2930}]},{"id":"ddb0b2b0-a944-41a5-96c2-63fc5c3b43f1","title":"453: TwinCat/BSD Hypervisor","url":"https://www.bsdnow.tv/453","content_text":"Building Your Own FreeBSD-based NAS, Writing a device driver for Unix V6, EC2: What Colin Percival’s been up to, Beckhoff releases TwinCAT/BSD Hypervisor, Writing a NetBSD kernel module, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nBuilding Your Own FreeBSD-based NAS\n\n\n\nWriting a device driver for Unix V6\n\n\n\nNews Roundup\n\nFreeBSD/EC2: What I've been up to\n\n\n\nBeckhoff has released its TwinCAT/BSD Hypervisor\n\n\n\nWriting a NetBSD kernel module\n\n\n\nBenedicts Git Finds\n\n\nProjects\n\n\nRun anything (like full blown GTK apps) under Capsicum\nTwitter client for UEFI\nn³ The unorthodox terminal file manager\nOpenVi: Portable OpenBSD vi for UNIX systems\n\nGists and Articles\n\n\nStep-by-step instructions on installing the latest NVIDIA drivers on FreeBSD 13.0 and above\nFreeBSD SSH Hardening\nGTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems\n\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\nBen - Backing Up\n\nEthan - Thanks\n\nMaxi - question about note taking\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eBuilding Your Own FreeBSD-based NAS, Writing a device driver for Unix V6, EC2: What Colin Percival’s been up to, Beckhoff releases TwinCAT/BSD Hypervisor, Writing a NetBSD kernel module, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/building-your-own-freebsd-based-nas-with-zfs/\" rel=\"nofollow\"\u003eBuilding Your Own FreeBSD-based NAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mveg.es/posts/writing-a-device-driver-for-unix-v6/\" rel=\"nofollow\"\u003eWriting a device driver for Unix V6\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.daemonology.net/blog/2022-03-29-FreeBSD-EC2-report.html\" rel=\"nofollow\"\u003eFreeBSD/EC2: What I\u0026#39;ve been up to\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.automationworld.com/control/article/22144694/beckhoff-hypervisor-enables-virtual-machines-for-control-applications\" rel=\"nofollow\"\u003eBeckhoff has released its TwinCAT/BSD Hypervisor\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://saurvs.github.io/post/writing-netbsd-kern-mod/\" rel=\"nofollow\"\u003eWriting a NetBSD kernel module\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBenedicts Git Finds\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eProjects\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unrelentingtech/capsicumizer\" rel=\"nofollow\"\u003eRun anything (like full blown GTK apps) under Capsicum\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/arata-nvm/mitnal\" rel=\"nofollow\"\u003eTwitter client for UEFI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jarun/nnn\" rel=\"nofollow\"\u003en³ The unorthodox terminal file manager\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/johnsonjh/OpenVi\" rel=\"nofollow\"\u003eOpenVi: Portable OpenBSD vi for UNIX systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eGists and Articles\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/Mostly-BSD/4d3cacc0ee2f045ed8505005fd664c6e\" rel=\"nofollow\"\u003eStep-by-step instructions on installing the latest NVIDIA drivers on FreeBSD 13.0 and above\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/koobs/e01cf8869484a095605404cd0051eb11\" rel=\"nofollow\"\u003eFreeBSD SSH Hardening\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gtfobins.github.io\" rel=\"nofollow\"\u003eGTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/453/feedback/Ben%20-%20Backing%20Up.md\" rel=\"nofollow\"\u003eBen - Backing Up\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/453/feedback/Ethan%20-%20Thanks.md\" rel=\"nofollow\"\u003eEthan - Thanks\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/453/feedback/Maxi%20%20-%20question%20about%20note%20taking.md\" rel=\"nofollow\"\u003eMaxi - question about note taking\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Building Your Own FreeBSD-based NAS, Writing a device driver for Unix V6, EC2: What Colin Percival’s been up to, Beckhoff releases TwinCAT/BSD Hypervisor, Writing a NetBSD kernel module, and more.","date_published":"2022-05-05T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ddb0b2b0-a944-41a5-96c2-63fc5c3b43f1.mp3","mime_type":"audio/mpeg","size_in_bytes":26501664,"duration_in_seconds":2713}]},{"id":"115f6a28-dc39-4136-bed4-7f3dc1e13aa7","title":"452: The unknown hackers","url":"https://www.bsdnow.tv/452","content_text":"The unknown hackers, Papers we love to read, Dual Boot Homelab in The Bedroom by the bed testbed, OpenSSH 9.0 released, OS battle: OpenBSD vs. NixOS, and more \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe unknown hackers\n\n\nBill Jolitz passed away in March 2022\n***\n\n\nFreeBSD Documentation: Papers We Love To Read\n\n\n\n\n\nNews Roundup\n\nFreeBSD/Ubuntu Dual Boot Homelab in The Bedroom by the bed testbed\n\n\n\nOpenSSH 9.0 has been released\n\n\n\nOperating systems battle: OpenBSD vs NixOS\n\n\n\nBeastie Bits\n\nCelebrating 50 years of the Unix Operating System\nKickstarter Campaign Results\nFreeBSD Virtualization Series\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\nJeff - ZFS checksum repair\n\nNelson - General Thanks\n\nSam - FOSS Power Support\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThe unknown hackers, Papers we love to read, Dual Boot Homelab in The Bedroom by the bed testbed, OpenSSH 9.0 released, OS battle: OpenBSD vs. NixOS, and more \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.salon.com/2000/05/17/386bsd/\" rel=\"nofollow\"\u003eThe unknown hackers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://minnie.tuhs.org/pipermail/tuhs/2022-April/025643.html\" rel=\"nofollow\"\u003eBill Jolitz passed away in March 2022\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-documentation-papers-we-love-to-read/\" rel=\"nofollow\"\u003eFreeBSD Documentation: Papers We Love To Read\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adventurist.me/posts/00307\" rel=\"nofollow\"\u003eFreeBSD/Ubuntu Dual Boot Homelab in The Bedroom by the bed testbed\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openssh.com/txt/release-9.0\" rel=\"nofollow\"\u003eOpenSSH 9.0 has been released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-04-18-openbsd-vs-nixos.html\" rel=\"nofollow\"\u003eOperating systems battle: OpenBSD vs NixOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.reddit.com/r/BSD/comments/u4t25c/celebrating_50_years_of_the_unix_operating_system/\" rel=\"nofollow\"\u003eCelebrating 50 years of the Unix Operating System\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mwl.io/archives/13627\" rel=\"nofollow\"\u003eKickstarter Campaign Results\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://productionwithscissors.run/freebsd-virtualization-series/\" rel=\"nofollow\"\u003eFreeBSD Virtualization Series\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/452/feedback/Jeff%20-%20ZFS%20checksum%20repair.md\" rel=\"nofollow\"\u003eJeff - ZFS checksum repair\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/452/feedback/Nelson%20-%20General%20Thanks.md\" rel=\"nofollow\"\u003eNelson - General Thanks\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/452/feedback/Sam%20-%20FOSS%20Power%20Support.md\" rel=\"nofollow\"\u003eSam - FOSS Power Support\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The unknown hackers, Papers we love to read, Dual Boot Homelab in The Bedroom by the bed testbed, OpenSSH 9.0 released, OS battle: OpenBSD vs. NixOS, and more ","date_published":"2022-04-28T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/115f6a28-dc39-4136-bed4-7f3dc1e13aa7.mp3","mime_type":"audio/mpeg","size_in_bytes":27640824,"duration_in_seconds":2789}]},{"id":"e05f4b5e-9285-42ae-87ba-151ec71f80b7","title":"451: Tuning ZFS recordsize","url":"https://www.bsdnow.tv/451","content_text":"Full system backups with FFS snapshots, ZFS and dump(8), tuning recordsize in OpenZFS, Optimizing FreeBSD Power Consumption on Modern Intel Laptops, remember to check for ZFS filesystems being mounted, Use tcpdump to save wireless bridge, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFull system backups with FFS snapshots, ZFS and dump(8)\n\n\n\nTuning Recordsize in OpenZFS\n\n\n\nNews Roundup\n\nOptimizing FreeBSD Power Consumption on Modern Intel Laptops\n\n\n\nI need to remember to check for ZFS filesystems being mounted\n\n\n\nUse tcpdump to save wireless bridge\n\n\n\nBeastie Bits\n\n• [FreeBSD on the Vortex86DX CPU](https://www.cambus.net/freebsd-on-the-vortex86dx-cpu/)\n• [HAMMER2 vs USB stick pulls](https://www.dragonflydigest.com/2022/03/22/26800.html)\n• [New US mirror for DragonFly](https://www.dragonflydigest.com/2022/03/09/26742.html)\n• [HelloSystem 13.1 RC1](https://github.com/helloSystem/ISO/releases/tag/experimental-13.1-RC1)\n• [Video introduction to OpenBSD 7.0](https://www.youtube.com/watch?v=KeUsE-3nSes)\n• [Losses in the community](https://minnie.tuhs.org/pipermail/tuhs/2022-April/025643.html)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nSam - BSD Laptops\nReese - Electric Groff\nAlexandra - New to BSD\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFull system backups with FFS snapshots, ZFS and dump(8), tuning recordsize in OpenZFS, Optimizing FreeBSD Power Consumption on Modern Intel Laptops, remember to check for ZFS filesystems being mounted, Use tcpdump to save wireless bridge, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unitedbsd.com/d/705-full-system-backups-with-ffs-snapshots-zfs-and-dump8\" rel=\"nofollow\"\u003eFull system backups with FFS snapshots, ZFS and dump(8)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/tuning-recordsize-in-openzfs/\" rel=\"nofollow\"\u003eTuning Recordsize in OpenZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.neelc.org/posts/optimize-freebsd-for-intel-tigerlake/\" rel=\"nofollow\"\u003eOptimizing FreeBSD Power Consumption on Modern Intel Laptops\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSCheckForMounted\" rel=\"nofollow\"\u003eI need to remember to check for ZFS filesystems being mounted\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adventurist.me/posts/0027\" rel=\"nofollow\"\u003eUse tcpdump to save wireless bridge\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [FreeBSD on the Vortex86DX CPU](https://www.cambus.net/freebsd-on-the-vortex86dx-cpu/)\n• [HAMMER2 vs USB stick pulls](https://www.dragonflydigest.com/2022/03/22/26800.html)\n• [New US mirror for DragonFly](https://www.dragonflydigest.com/2022/03/09/26742.html)\n• [HelloSystem 13.1 RC1](https://github.com/helloSystem/ISO/releases/tag/experimental-13.1-RC1)\n• [Video introduction to OpenBSD 7.0](https://www.youtube.com/watch?v=KeUsE-3nSes)\n• [Losses in the community](https://minnie.tuhs.org/pipermail/tuhs/2022-April/025643.html)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/451/feedback/Sam%20-%20BSD%20Laptops.md\" rel=\"nofollow\"\u003eSam - BSD Laptops\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/451/feedback/Reese%20-%20Electric%20Groff.md\" rel=\"nofollow\"\u003eReese - Electric Groff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/451/feedback/Alexandra%20-%20New%20to%20BSD.md\" rel=\"nofollow\"\u003eAlexandra - New to BSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Full system backups with FFS snapshots, ZFS and dump(8), tuning recordsize in OpenZFS, Optimizing FreeBSD Power Consumption on Modern Intel Laptops, remember to check for ZFS filesystems being mounted, Use tcpdump to save wireless bridge, and more","date_published":"2022-04-21T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e05f4b5e-9285-42ae-87ba-151ec71f80b7.mp3","mime_type":"audio/mpeg","size_in_bytes":35683176,"duration_in_seconds":3645}]},{"id":"d267be2a-c2ba-4bbc-a520-cfa5153a7683","title":"450: Unix Tool Writing","url":"https://www.bsdnow.tv/450","content_text":"The ideas that made Unix, hints for writing Unix tools, cron best practices, three different sorts of filesystem errors, LibreSSL 3.5.1 released, taskwarrior to manage tasks, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nUnix Philosophy: A Quick Look at the Ideas that Made Unix\n\n\n\nHints for writing Unix Tools\n\n\n\nNews Roundup\n\nCron best practices\n\n\n\nFilesystems can experience at least three different sorts of errors\n\n\n\nLibreSSL 3.5.1 development branch as well as 3.4.3 (stable) and 3.3.6 released\n\n\n\nTaskwarrior to manage tasks\n\n\n\nBeastie Bits\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAndrew - virtualization\nBrad - jails applications and interoperability\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThe ideas that made Unix, hints for writing Unix tools, cron best practices, three different sorts of filesystem errors, LibreSSL 3.5.1 released, taskwarrior to manage tasks, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/unix-philosophy-a-quick-look-at-the-ideas-that-made-unix/\" rel=\"nofollow\"\u003eUnix Philosophy: A Quick Look at the Ideas that Made Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://monkey.org/%7Emarius/unix-tools-hints.html\" rel=\"nofollow\"\u003eHints for writing Unix Tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.sanctum.geek.nz/cron-best-practices/\" rel=\"nofollow\"\u003eCron best practices\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/tech/FilesystemsThreeErrorTypes\" rel=\"nofollow\"\u003eFilesystems can experience at least three different sorts of errors\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220318065203\" rel=\"nofollow\"\u003eLibreSSL 3.5.1 development branch as well as 3.4.3 (stable) and 3.3.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adventurist.me/posts/0165\" rel=\"nofollow\"\u003eTaskwarrior to manage tasks\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/450/feedback/Andrew%20-%20virtualization.md\" rel=\"nofollow\"\u003eAndrew - virtualization\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/450/feedback/brad%20-%20jails%20applications%20and%20interoperability.md\" rel=\"nofollow\"\u003eBrad - jails applications and interoperability\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The ideas that made Unix, hints for writing Unix tools, cron best practices, three different sorts of filesystem errors, LibreSSL 3.5.1 released, taskwarrior to manage tasks, and more.","date_published":"2022-04-14T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d267be2a-c2ba-4bbc-a520-cfa5153a7683.mp3","mime_type":"audio/mpeg","size_in_bytes":34318152,"duration_in_seconds":3533}]},{"id":"8b30bba3-3ef0-454a-ad6d-1984c90575a5","title":"449: Reproducible clean $HOME","url":"https://www.bsdnow.tv/449","content_text":"FreeBSD Status Report 4th Quarter 2021, Reproducible clean $HOME in OpenBSD using impermanence, Making RockPro64 a NetBSD Server, helloSystem 0.7.0 is out,  lazy approach to FreeBSD dual-booting, going to jail, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Quarterly Status Report 4th Quarter 2021\n\n\n\nReproducible clean $HOME in OpenBSD using impermanence\n\n\n\nNews Roundup\n\nMaking RockPro64 a NetBSD Server\n\n\n\nhelloSystem 0.7.0 is out\n\n\n\nMy lazy approach to FreeBSD dual-booting\n\n\n\nGoing to jail\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n• No Feedback emails this week, so instead we can have “Story Time with Allan” and he can regale us with an entertaining BSD story.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Status Report 4th Quarter 2021, Reproducible clean $HOME in OpenBSD using impermanence, Making RockPro64 a NetBSD Server, helloSystem 0.7.0 is out,  lazy approach to FreeBSD dual-booting, going to jail, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2021-10-2021-12/\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report 4th Quarter 2021\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2022-03-15-openbsd-impermanence.html\" rel=\"nofollow\"\u003eReproducible clean $HOME in OpenBSD using impermanence\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/making_rockpro64_a_netbsd_server\" rel=\"nofollow\"\u003eMaking RockPro64 a NetBSD Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/helloSystem/ISO/releases/tag/r0.7.0\" rel=\"nofollow\"\u003ehelloSystem 0.7.0 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/my-lazy-approach-to-freebsd-dual-booting/\" rel=\"nofollow\"\u003eMy lazy approach to FreeBSD dual-booting\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opekkt.tech/docs/vps_migration/going2jail/\" rel=\"nofollow\"\u003eGoing to jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• No Feedback emails this week, so instead we can have “Story Time with Allan” and he can regale us with an entertaining BSD story.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Status Report 4th Quarter 2021, Reproducible clean $HOME in OpenBSD using impermanence, Making RockPro64 a NetBSD Server, helloSystem 0.7.0 is out,  lazy approach to FreeBSD dual-booting, going to jail, and more.","date_published":"2022-04-07T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8b30bba3-3ef0-454a-ad6d-1984c90575a5.mp3","mime_type":"audio/mpeg","size_in_bytes":29224896,"duration_in_seconds":3017}]},{"id":"8590bd30-1871-4f8d-a3f8-34cb04d9a17f","title":"448: Controlling Resource Limits","url":"https://www.bsdnow.tv/448","content_text":"Controlling Resource Limits with rctl in FreeBSD, It’s always DNS, Google Summer of Code in BSD Projects, Rsync Technical Notes - Q4 2021, Userland CPU frequency scheduling for OpenBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nControlling Resource Limits with rctl in FreeBSD\n\n\n\nIt's DNS. Of course it's DNS, it's always DNS.\n\n\n\nNews Roundup\n\nGSOC\n\n• [Work with FreeBSD in Google Summer of Code](https://freebsdfoundation.org/blog/work-with-freebsd-in-google-summer-of-code/)\n• [The NetBSD Foundation is a mentoring organization at Google Summer of Code 2022](https://blog.netbsd.org/tnf/entry/the_netbsd_foundation_is_a)\n\n\n\n\nRsync Technical Notes - Q4 2021\n\n\n\nUserland CPU frequency scheduling for OpenBSD\n\n\n\nBeastie Bits\n\n\nUnofficial HardenedBSD liveCD\nThe eurobsdcon 2022 CFP is open\nTesting parallel forwarding\nOpenBSD iwx(4) gains 11ac 80MHz channel support\nOpenBSD/arm64 on Apple M1 systems\nFreeBSD on the CubieBoard2\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\nEric - periodic notifications\nKevin - no question\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eControlling Resource Limits with rctl in FreeBSD, It’s always DNS, Google Summer of Code in BSD Projects, Rsync Technical Notes - Q4 2021, Userland CPU frequency scheduling for OpenBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/controlling-resource-limits-with-rctl-in-freebsd/\" rel=\"nofollow\"\u003eControlling Resource Limits with rctl in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/DNSVariabilityProblems\" rel=\"nofollow\"\u003eIt\u0026#39;s DNS. Of course it\u0026#39;s DNS, it\u0026#39;s always DNS.\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003eGSOC\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Work with FreeBSD in Google Summer of Code](https://freebsdfoundation.org/blog/work-with-freebsd-in-google-summer-of-code/)\n• [The NetBSD Foundation is a mentoring organization at Google Summer of Code 2022](https://blog.netbsd.org/tnf/entry/the_netbsd_foundation_is_a)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.rsync.net/resources/notes/2021-q4-rsync.net_technotes.html\" rel=\"nofollow\"\u003eRsync Technical Notes - Q4 2021\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://tildegit.org/solene/obsdfreqd\" rel=\"nofollow\"\u003eUserland CPU frequency scheduling for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://groups.google.com/a/hardenedbsd.org/g/users/c/QUTUJfm30Dg/m/0VNKUeVhHgAJ\" rel=\"nofollow\"\u003eUnofficial HardenedBSD liveCD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2022.eurobsdcon.org/the-call-for-talk-and-presentation-proposals-for-eurobsdcon-2022-is-now-open/\" rel=\"nofollow\"\u003eThe eurobsdcon 2022 CFP is open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20220319123157\" rel=\"nofollow\"\u003eTesting parallel forwarding\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20220315070043\" rel=\"nofollow\"\u003eOpenBSD iwx(4) gains 11ac 80MHz channel support\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220320115932\" rel=\"nofollow\"\u003eOpenBSD/arm64 on Apple M1 systems\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.cambus.net/freebsd-on-the-cubieboard2/\" rel=\"nofollow\"\u003eFreeBSD on the CubieBoard2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/448/feedback/Eric%20-%20periodic%20notifications.md\" rel=\"nofollow\"\u003eEric - periodic notifications\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/448/feedback/Kevin%20-%20no%20question.md\" rel=\"nofollow\"\u003eKevin - no question\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Controlling Resource Limits with rctl in FreeBSD, It’s always DNS, Google Summer of Code in BSD Projects, Rsync Technical Notes - Q4 2021, Userland CPU frequency scheduling for OpenBSD, and more.","date_published":"2022-03-31T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8590bd30-1871-4f8d-a3f8-34cb04d9a17f.mp3","mime_type":"audio/mpeg","size_in_bytes":26155080,"duration_in_seconds":2722}]},{"id":"ab14e67f-b3b7-4ce0-8ce4-b2035c16745a","title":"447: Path to BSD","url":"https://www.bsdnow.tv/447","content_text":"FreeBSD Foundation Proposals, UNIX: On the Path to BSD, Fujitsu ends its mainframe and Unix services, Install burpsuite on FreeBSD using Linuxulator, new OpenBSD Webzine is out, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nProject Proposal Overview\n\n\n\nUNIX: On the Path to BSD\n\n\n\nNews Roundup\n\nFujitsu is ending its mainframe and Unix services\n\n\n\nTUTORIAL: Install burpsuite on FreeBSD using Linuxulator\n\n\n\nOpenBSD Webzine\n\n\n\nBeastie Bits\n\n\nA Trio if OPNsense releases:\n\n\n21.7.8\n21.10.3\n22.1.1\n\nFreeBSD 12.2 end-of-life\nDragonFly as a KVM guest\nRIP Lorinda Cherry\nPrecursor: From Boot to Root\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nNo Feedback emails this week, so instead Tom can regale us with an entertaining BSD story.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n\n","content_html":"\u003cp\u003eFreeBSD Foundation Proposals, UNIX: On the Path to BSD, Fujitsu ends its mainframe and Unix services, Install burpsuite on FreeBSD using Linuxulator, new OpenBSD Webzine is out, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/get-involved/project-proposal-overview/\" rel=\"nofollow\"\u003eProject Proposal Overview\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/unix-on-the-path-to-bsd/\" rel=\"nofollow\"\u003eUNIX: On the Path to BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.techradar.com/in/news/fujitsu-is-ending-its-mainframe-and-unix-services\" rel=\"nofollow\"\u003eFujitsu is ending its mainframe and Unix services\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.FreeBSD.org/threads/tutorial-install-burpsuite-on-freebsd-using-linuxulator.84310/\" rel=\"nofollow\"\u003eTUTORIAL: Install burpsuite on FreeBSD using Linuxulator\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://webzine.puffy.cafe/issue-7.html\" rel=\"nofollow\"\u003eOpenBSD Webzine\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Trio if OPNsense releases:\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-21-7-8-released/\" rel=\"nofollow\"\u003e21.7.8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-business-edition-21-10-3-released/\" rel=\"nofollow\"\u003e21.10.3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-22-1-1-released-2\" rel=\"nofollow\"\u003e22.1.1\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-announce/2022-March/000018.html\" rel=\"nofollow\"\u003eFreeBSD 12.2 end-of-life\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflybsd.org/docs/howtos/HowToKvmGuest/\" rel=\"nofollow\"\u003eDragonFly as a KVM guest\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lwn.net/ml/tuhs/CAKH6PiVi+JoxDG7ACMG5G+qnTkxTMsohGx6Wq3UNVkogO4N0Vg@mail.gmail.com/\" rel=\"nofollow\"\u003eRIP Lorinda Cherry\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bunniestudios.com/blog/?p=6336\" rel=\"nofollow\"\u003ePrecursor: From Boot to Root\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eNo Feedback emails this week, so instead Tom can regale us with an entertaining BSD story.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Foundation Proposals, UNIX: On the Path to BSD, Fujitsu ends its mainframe and Unix services, Install burpsuite on FreeBSD using Linuxulator, new OpenBSD Webzine is out, and more.","date_published":"2022-03-24T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ab14e67f-b3b7-4ce0-8ce4-b2035c16745a.mp3","mime_type":"audio/mpeg","size_in_bytes":33494808,"duration_in_seconds":3234}]},{"id":"b8932853-588e-4ed2-8bd3-b8d3552b820d","title":"446: Debugging ioctl problems ","url":"https://www.bsdnow.tv/446","content_text":"Restoring a Tadpole SPARCbook 3, The FreeBSD Boot Process, Debugging an ioctl Problem on OpenBSD, Why my game PC runs FreeBSD and Kubuntu, DNSSEC, Badgers, and Orcs, Oh My, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nRestoring a Tadpole SPARCbook 3 Part 1: Introduction\n\n\n\nThe FreeBSD Boot Process\n\n\n\nNews Roundup\n\nDebugging an ioctl Problem on OpenBSD\n\n\n\nWhy my game PC runs FreeBSD and Kubuntu\n\n\n\nDNSSEC, Badgers, and Orcs, Oh My!\n\n\n\nBeastie Bits\n\n• [LibreSSL 3.5.0 development branch released](https://undeadly.org/cgi?action=article;sid=20220301063844)\n• [OpenSSH updated to 8.9](https://undeadly.org/cgi?action=article;sid=20220301063428)\n• [Recent developments in OpenBSD, 2022-02-21 summary](https://undeadly.org/cgi?action=article;sid=20220221060700)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\nJonathan - X-Wing and Tie Fighter\nJoshontech - pool options\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eRestoring a Tadpole SPARCbook 3, The FreeBSD Boot Process, Debugging an ioctl Problem on OpenBSD, Why my game PC runs FreeBSD and Kubuntu, DNSSEC, Badgers, and Orcs, Oh My, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.rs-online.com/designspark/restoring-a-tadpole-sparcbook-3-part-1-introduction\" rel=\"nofollow\"\u003eRestoring a Tadpole SPARCbook 3 Part 1: Introduction\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/the-freebsd-boot-process/\" rel=\"nofollow\"\u003eThe FreeBSD Boot Process\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2022/02/16/ioctl\" rel=\"nofollow\"\u003eDebugging an ioctl Problem on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/why-my-game-pc-also-runs-freebsd/\" rel=\"nofollow\"\u003eWhy my game PC runs FreeBSD and Kubuntu\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/14708\" rel=\"nofollow\"\u003eDNSSEC, Badgers, and Orcs, Oh My!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [LibreSSL 3.5.0 development branch released](https://undeadly.org/cgi?action=article;sid=20220301063844)\n• [OpenSSH updated to 8.9](https://undeadly.org/cgi?action=article;sid=20220301063428)\n• [Recent developments in OpenBSD, 2022-02-21 summary](https://undeadly.org/cgi?action=article;sid=20220221060700)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/446/Jonathan%20-%20X-Wing%20and%20Tie%20Fighter.md\" rel=\"nofollow\"\u003eJonathan - X-Wing and Tie Fighter\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/446/joshontech%20-%20pool%20options.md\" rel=\"nofollow\"\u003eJoshontech - pool options\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Restoring a Tadpole SPARCbook 3, The FreeBSD Boot Process, Debugging an ioctl Problem on OpenBSD, Why my game PC runs FreeBSD and Kubuntu, DNSSEC, Badgers, and Orcs, Oh My, and more.","date_published":"2022-03-17T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b8932853-588e-4ed2-8bd3-b8d3552b820d.mp3","mime_type":"audio/mpeg","size_in_bytes":29044560,"duration_in_seconds":2904}]},{"id":"a4bbf2bd-8191-4faa-9dec-2b8a2f9de7fd","title":"445: Journey to BSD","url":"https://www.bsdnow.tv/445","content_text":"Idiot's guide to OpenBSD on the Pinebook Pro, FreeBSD Periodic Scripts, history of service management in Unix, journey from macOS to FreeBSD, Unix processes “infecting” each other, navidrom music server on FreeBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe complete idiot's guide to OpenBSD on the Pinebook Pro\n\n\n\nFreeBSD Periodic Scripts\n\n\n\nNews Roundup\n\nThe history (sort of) of service management in Unix\n\n\n\nMy journey from macOS to FreeBSD\n\n\n\nA nice story about Unix processes \"infecting\" each other\n\n\n\nNavidrome music server on FreeBSD\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nTyler - Is this enough for VMs\nKevin - BSD from RAMdisk\nMalcolm - wired headset in FreeBSD\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eIdiot\u0026#39;s guide to OpenBSD on the Pinebook Pro, FreeBSD Periodic Scripts, history of service management in Unix, journey from macOS to FreeBSD, Unix processes “infecting” each other, navidrom music server on FreeBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://tomscii.sig7.se/2022/02/Guide-to-OpenBSD-on-the-PinebookPro\" rel=\"nofollow\"\u003eThe complete idiot\u0026#39;s guide to OpenBSD on the Pinebook Pro\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-periodic-scripts/\" rel=\"nofollow\"\u003eFreeBSD Periodic Scripts\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ServiceManagementHistory\" rel=\"nofollow\"\u003eThe history (sort of) of service management in Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.boucek.me/blog/from-mac-to-freebsd/\" rel=\"nofollow\"\u003eMy journey from macOS to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rachelbythebay.com/w/2022/02/09/nice/\" rel=\"nofollow\"\u003eA nice story about Unix processes \u0026quot;infecting\u0026quot; each other\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://web.archive.org/web/20220101220446/https://www.danschmid.me/article/install-navidrome-music-server-on-freebsd\" rel=\"nofollow\"\u003eNavidrome music server on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/444/feedback/Tyler%20-%20Is%20this%20enough%20for%20VMs.md\" rel=\"nofollow\"\u003eTyler - Is this enough for VMs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/445/feedback/Kevin%20-%20BSD%20from%20RAMdisk.md\" rel=\"nofollow\"\u003eKevin - BSD from RAMdisk\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/445/feedback/Malcolm%20-%20wired%20headset%20in%20FreeBSD.md\" rel=\"nofollow\"\u003eMalcolm - wired headset in FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Idiot's guide to OpenBSD on the Pinebook Pro, FreeBSD Periodic Scripts, history of service management in Unix, journey from macOS to FreeBSD, Unix processes “infecting” each other, navidrom music server on FreeBSD, and more.","date_published":"2022-03-10T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a4bbf2bd-8191-4faa-9dec-2b8a2f9de7fd.mp3","mime_type":"audio/mpeg","size_in_bytes":28948800,"duration_in_seconds":2832}]},{"id":"859e26d8-a3d7-4df6-8ea2-eb22ab8babb5","title":"444: Historic Developments","url":"https://www.bsdnow.tv/444","content_text":"The History of Berkeley DB, modern inetd in FreeBSD, the Unix argv[0] issue, retrocomputing can be more than games, read section 8 of the Unix users manual, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nA Conversation with Margo Seltzer and Mike Olson: The history of Berkeley DB\n\n\n\nModern inetd in FreeBSD\n\n\n\nNews Roundup\n\nThe reason Unix has the argv[0] issue (and API)\n\n\n\nRetrocomputing can be more than games\n\n\n\nYou should read Section 8 of the Unix User's Manual\n\n\n\nBeastie Bits\n\n\nNew 'Reckless guide to OpenBSD' published\nGhostBSD Online Meetup\nHAMBug online meeting, March 8th @ 18:30 ET\nHardenedBSD 12-STABLE support will be dropped in May 2022\nOption options for getopt\nNew Tarsnap version is out\n pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nKarst - replacing disks\nTheHolm - zfs and booting\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThe History of Berkeley DB, modern inetd in FreeBSD, the Unix argv[0] issue, retrocomputing can be more than games, read section 8 of the Unix users manual, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://queue.acm.org/detail.cfm?id=3501713\" rel=\"nofollow\"\u003eA Conversation with Margo Seltzer and Mike Olson: The history of Berkeley DB\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/modern-inetd-in-freebsd/\" rel=\"nofollow\"\u003eModern inetd in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/Argv0IsEasy\" rel=\"nofollow\"\u003eThe reason Unix has the argv[0] issue (and API)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/retrocomputing-is-more-than-games/\" rel=\"nofollow\"\u003eRetrocomputing can be more than games\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.theregister.com/2022/02/09/section_8_unix_user_manual/\" rel=\"nofollow\"\u003eYou should read Section 8 of the Unix User\u0026#39;s Manual\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20220214061716\" rel=\"nofollow\"\u003eNew \u0026#39;Reckless guide to OpenBSD\u0026#39; published\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://ghostbsd.org/node/243\" rel=\"nofollow\"\u003eGhostBSD Online Meetup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://hambug.ca/\" rel=\"nofollow\"\u003eHAMBug online meeting, March 8th @ 18:30 ET\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/HardenedBSD/status/1492249763193970689\" rel=\"nofollow\"\u003eHardenedBSD 12-STABLE support will be dropped in May 2022\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2022/02/16/26684.html\" rel=\"nofollow\"\u003eOption options for getopt\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail.tarsnap.com/tarsnap-announce/msg00046.html\" rel=\"nofollow\"\u003eNew Tarsnap version is out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e \u003ca href=\"https://www.netgate.com/blog/pfsense-plus-software-version-22.01-and-ce-2.6.0-are-now-available\" rel=\"nofollow\"\u003epfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/444/feedback/Karst%20-%20replacing%20disks.md\" rel=\"nofollow\"\u003eKarst - replacing disks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/444/feedback/TheHolm%20-%20zfs%20and%20booting.md\" rel=\"nofollow\"\u003eTheHolm - zfs and booting\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"The History of Berkeley DB, modern inetd in FreeBSD, the Unix argv[0] issue, retrocomputing can be more than games, read section 8 of the Unix users manual, and more.","date_published":"2022-03-03T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/859e26d8-a3d7-4df6-8ea2-eb22ab8babb5.mp3","mime_type":"audio/mpeg","size_in_bytes":31350552,"duration_in_seconds":3216}]},{"id":"07a074a7-cfc0-4058-a637-3c58c89a919a","title":"443: Certified Unix Compliant","url":"https://www.bsdnow.tv/443","content_text":"Certifying an OS Unix compliant, 2021 FreeBSD Foundation Impact Report, Netflix, Disney, and other widevine content on FreeBSD, file hashes updated for NetBSD 8.1, Playing with CD-RWs on FreeBSD, Why \"process substitution\" is a late feature in Unix shells, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhat goes into making an OS to be Unix compliant certified?\n\n\n\n2021 FreeBSD Foundation Impact Report\n\n\n\nNews Roundup\n\nPlay Netflix, Disney, and other widevine content on FreeBSD\n\n\n\nNote: two files changed and hashes/signatures updated for NetBSD 8.1\n\n\n\nPlaying with CD-RWs on FreeBSD\n\n\n\nWhy \"process substitution\" is a late feature in Unix shells\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nMarty - shell communities\nNate - Helping Mike Out\nTom - convincing others to switch\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eCertifying an OS Unix compliant, 2021 FreeBSD Foundation Impact Report, Netflix, Disney, and other widevine content on FreeBSD, file hashes updated for NetBSD 8.1, Playing with CD-RWs on FreeBSD, Why \u0026quot;process substitution\u0026quot; is a late feature in Unix shells, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.quora.com/What-goes-into-making-an-OS-to-be-Unix-compliant-certified\" rel=\"nofollow\"\u003eWhat goes into making an OS to be Unix compliant certified?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2021-freebsd-foundation-impact-report/\" rel=\"nofollow\"\u003e2021 FreeBSD Foundation Impact Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://danschmid.de/article/play-netflix-disney-and-other-widevine-content-on-freebsd\" rel=\"nofollow\"\u003ePlay Netflix, Disney, and other widevine content on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdsec.net/articles/note-two-files-changed-and-hashes-signatures-updated-for-netbsd-8-1\" rel=\"nofollow\"\u003eNote: two files changed and hashes/signatures updated for NetBSD 8.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/playing-with-cd-rws-on-freebsd/\" rel=\"nofollow\"\u003ePlaying with CD-RWs on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ProcessSubstitutionWhyLate\" rel=\"nofollow\"\u003eWhy \u0026quot;process substitution\u0026quot; is a late feature in Unix shells\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/443/feedback/Marty%20-%20shell%20communities.md\" rel=\"nofollow\"\u003eMarty - shell communities\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/443/feedback/Nate%20-%20Helping%20Mike%20Out.md\" rel=\"nofollow\"\u003eNate - Helping Mike Out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/443/feedback/Tom%20-%20convincing%20others%20to%20switch.md\" rel=\"nofollow\"\u003eTom - convincing others to switch\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Certifying an OS Unix compliant, 2021 FreeBSD Foundation Impact Report, Netflix, Disney, and other widevine content on FreeBSD, file hashes updated for NetBSD 8.1, Playing with CD-RWs on FreeBSD, Why \"process substitution\" is a late feature in Unix shells, and more.","date_published":"2022-02-24T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/07a074a7-cfc0-4058-a637-3c58c89a919a.mp3","mime_type":"audio/mpeg","size_in_bytes":30076104,"duration_in_seconds":2789}]},{"id":"6c41b9bf-54fb-42e4-88de-6df0daca6ad1","title":"442: Birthing Unix","url":"https://www.bsdnow.tv/442","content_text":"The Birth of Unix, Help request for three big Lumina items, FreeBSD 13 on Thinkpad T460s, HardenedBSD January 2022 Status Report, OPNsense 22.1 \"Observant Owl\" released, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nThe Birth of Unix\n\n\n\nHelp requested for three big items for Lumina\n\n\n\nNews Roundup\n\nFreeBSD 13 on Thinkpad T460s\n\n\n\nHardenedBSD January 2022 Status Report\n\n\n\nOPNsense 22.1 \"Observant Owl\" released\n\n\n\nBeastie Bits\n\n\nThe early days of Unix at Bell Labs - Brian Kernighan (LCA 2022 Online)\nBastilleBSD User Survey\nSmallest desktop of the day with BSD: Raspberry Pi 400\nReminder BSDCan 2022 - online only\nJoshua Stein Video: Q\u0026amp;A\nDNSSEC Mastery, second edition, creeping out\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAlec - Playstation FreeBSD-Linux question\nNelson - Interesting Interview\nOscar - Omni OS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThe Birth of Unix, Help request for three big Lumina items, FreeBSD 13 on Thinkpad T460s, HardenedBSD January 2022 Status Report, OPNsense 22.1 \u0026quot;Observant Owl\u0026quot; released, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/the-birth-of-unix/\" rel=\"nofollow\"\u003eThe Birth of Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/post/2022-02-08/\" rel=\"nofollow\"\u003eHelp requested for three big items for Lumina\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/2022/freebsd-13-on-thinkpad-t460s/\" rel=\"nofollow\"\u003eFreeBSD 13 on Thinkpad T460s\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2022-01-30/hardenedbsd-january-2022-status-report\" rel=\"nofollow\"\u003eHardenedBSD January 2022 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-22-1-released/\" rel=\"nofollow\"\u003eOPNsense 22.1 \u0026quot;Observant Owl\u0026quot; released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=ECCr_KFl41E\" rel=\"nofollow\"\u003eThe early days of Unix at Bell Labs - Brian Kernighan (LCA 2022 Online)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.google.com/forms/d/e/1FAIpQLSddMMIFW9mHMnpMjMQZfFVCubVywmCXZHI7lqE2tS4k503uPw/viewform\" rel=\"nofollow\"\u003eBastilleBSD User Survey\u003c/a\u003e\n\u003ca href=\"https://www.reddit.com/r/BSD/comments/sgk5y0/smallest_desktop_of_the_day_with_bsd_raspberry_pi/\" rel=\"nofollow\"\u003eSmallest desktop of the day with BSD: Raspberry Pi 400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.bsdcan.org/pipermail/bsdcan-announce/2022-January/000191.html\" rel=\"nofollow\"\u003eReminder BSDCan 2022 - online only\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://jcs.org/2022/01/14/q\u0026a\" rel=\"nofollow\"\u003eJoshua Stein Video: Q\u0026amp;A\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/14427\" rel=\"nofollow\"\u003eDNSSEC Mastery, second edition, creeping out\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/442/feedback/Alec%20-%20Playstation%20FreeBSD-Linux%20question.md\" rel=\"nofollow\"\u003eAlec - Playstation FreeBSD-Linux question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/442/feedback/Nelson%20-%20Interesting%20Interview.md\" rel=\"nofollow\"\u003eNelson - Interesting Interview\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/442/feedback/Oscar%20-%20Omni%20OS.md\" rel=\"nofollow\"\u003eOscar - Omni OS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The Birth of Unix, Help request for three big Lumina items, FreeBSD 13 on Thinkpad T460s, HardenedBSD January 2022 Status Report, OPNsense 22.1 \"Observant Owl\" released, and more.","date_published":"2022-02-17T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6c41b9bf-54fb-42e4-88de-6df0daca6ad1.mp3","mime_type":"audio/mpeg","size_in_bytes":28180392,"duration_in_seconds":2779}]},{"id":"9b36f236-73a8-4846-af4e-cd774790c11b","title":"441: Migration to BSD","url":"https://www.bsdnow.tv/441","content_text":"Migrating our servers from Linux to FreeBSD, Cluster provisioning with Nomad and Pot on FreeBSD, LibBSDDialog, FreeBSD 13.0 Base Jails with ZFS and VNET, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhy we're migrating (many of) our servers from Linux to FreeBSD\n\n\n\nCluster provisioning with Nomad and Pot on FreeBSD\n\n\n\nNews Roundup\n\nLibBSDDialog\n\n\n\nFreeBSD 13.0 Base Jails with ZFS and VNET\n\n\n\nBeastie Bits\n\n\nOpenBSD on the Pinephone\nFreeBSD SSH Hardening\nMaking the ZFS file system\nA Linux Users Experience Switching To OpenBSD\nAdd Nix, a purely functional package manager to FreeBSD\nioztat is a storage load analysis tool for OpenZFS\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nScott - esxi\nThe Holm - noob question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eMigrating our servers from Linux to FreeBSD, Cluster provisioning with Nomad and Pot on FreeBSD, LibBSDDialog, FreeBSD 13.0 Base Jails with ZFS and VNET, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://it-notes.dragas.net/2022/01/24/why-were-migrating-many-of-our-servers-from-linux-to-freebsd/\" rel=\"nofollow\"\u003eWhy we\u0026#39;re migrating (many of) our servers from Linux to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/cluster-provisioning-with-nomad-and-pot-on-freebsd/\" rel=\"nofollow\"\u003eCluster provisioning with Nomad and Pot on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://alfonsosiciliano.gitlab.io/posts/2022-01-16-libbsddialog.html\" rel=\"nofollow\"\u003eLibBSDDialog\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://randomnixfix.wordpress.com/2022/01/15/freebsd-13-0-base-jails-with-zfs-and-vnet/\" rel=\"nofollow\"\u003eFreeBSD 13.0 Base Jails with ZFS and VNET\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.exoticsilicon.com/crystal/pinephone_openbsd\" rel=\"nofollow\"\u003eOpenBSD on the Pinephone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/koobs/e01cf8869484a095605404cd0051eb11\" rel=\"nofollow\"\u003eFreeBSD SSH Hardening\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://changelog.com/podcast/475\" rel=\"nofollow\"\u003eMaking the ZFS file system\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=ukTOfcu1e0w\" rel=\"nofollow\"\u003eA Linux Users Experience Switching To OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=550026\" rel=\"nofollow\"\u003eAdd Nix, a purely functional package manager to FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimsalterjrs/ioztat\" rel=\"nofollow\"\u003eioztat is a storage load analysis tool for OpenZFS\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/441/feedback/Scott%20-%20esxi.md\" rel=\"nofollow\"\u003eScott - esxi\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/441/feedback/The%20Holm%20-%20noob%20question.md\" rel=\"nofollow\"\u003eThe Holm - noob question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Migrating our servers from Linux to FreeBSD, Cluster provisioning with Nomad and Pot on FreeBSD, LibBSDDialog, FreeBSD 13.0 Base Jails with ZFS and VNET, and more.","date_published":"2022-02-10T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9b36f236-73a8-4846-af4e-cd774790c11b.mp3","mime_type":"audio/mpeg","size_in_bytes":31052040,"duration_in_seconds":3013}]},{"id":"ff88573d-93b8-4efc-bf5c-5acd4ac555af","title":"440: BSD Inside Zone","url":"https://www.bsdnow.tv/440","content_text":"GhostBSD 22.01 is available, Packet Scheduling with Dummynet and FreeBSD, Inside zone installation, Why the FreeBSD Desktop and my Linux Rant, How to install Gnome on OpenBSD, The important Unix idea of the \"virtual filesystem switch\", and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nGhostBSD 22.01 is available\n\n\n\nPacket Scheduling with Dummynet and FreeBSD\n\n\n\nNews Roundup\n\nInside zone installation\n\n\n\nWhy the FreeBSD Desktop and my Linux Rant\n\n\n\nHow to install Gnome on OpenBSD\n\n\n\nThe important Unix idea of the \"virtual filesystem switch\"\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nPaul - A Plug\nRollniak - Bhyve Questions\nRussell - pf pointers\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eGhostBSD 22.01 is available, Packet Scheduling with Dummynet and FreeBSD, Inside zone installation, Why the FreeBSD Desktop and my Linux Rant, How to install Gnome on OpenBSD, The important Unix idea of the \u0026quot;virtual filesystem switch\u0026quot;, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ghostbsd.org/ghostbsd_22.01.12_iso_is_now_available\" rel=\"nofollow\"\u003eGhostBSD 22.01 is available\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/packet-scheduling-with-dummynet-and-freebsd/\" rel=\"nofollow\"\u003ePacket Scheduling with Dummynet and FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ptribble.blogspot.com/2022/01/inside-zone-installation.html\" rel=\"nofollow\"\u003eInside zone installation\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://randomnixfix.wordpress.com/2021/10/23/why-the-freebsd-desktop-and-my-linux-rant/\" rel=\"nofollow\"\u003eWhy the FreeBSD Desktop and my Linux Rant\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-05-07-openbsd-gnome.html\" rel=\"nofollow\"\u003eHow to install Gnome on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/VFSImportance\" rel=\"nofollow\"\u003eThe important Unix idea of the \u0026quot;virtual filesystem switch\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/440/feedback/Paul%20-%20A%20Plug.md\" rel=\"nofollow\"\u003ePaul - A Plug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/440/feedback/Rollniak%20-%20Bhyve%20Questions.md\" rel=\"nofollow\"\u003eRollniak - Bhyve Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/440/feedback/Russell%20-%20pf%20pointers.md\" rel=\"nofollow\"\u003eRussell - pf pointers\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"GhostBSD 22.01 is available, Packet Scheduling with Dummynet and FreeBSD, Inside zone installation, Why the FreeBSD Desktop and my Linux Rant, How to install Gnome on OpenBSD, The important Unix idea of the \"virtual filesystem switch\", and more.","date_published":"2022-02-03T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ff88573d-93b8-4efc-bf5c-5acd4ac555af.mp3","mime_type":"audio/mpeg","size_in_bytes":26393592,"duration_in_seconds":2697}]},{"id":"56286ede-3bd4-47f7-8002-c09a26263c44","title":"439: Browser Tab Unix","url":"https://www.bsdnow.tv/439","content_text":"ACM: It takes a community, Don’t use discord for OSS projects, Unix in a browser tab, OpenIndiana Hipster 2021.10 available, Omni OS CE v11 is out, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nIt takes a community - ACM\n\n\n\nPSA: Dont use Discord for Open Source Projects\n\n\nJeffrey Paul - Discord Is Not An Acceptable Choice For Free Software Projects\nDrew deVault - Dont use Discord for FOSS\n\n\n\n\nNews Roundup\n\n\n\nUnix in your Browser Tab\n\n\n\nOpenIndiana Hipster 2021.10 is here\n\n\n\nOmni OS CE v11 r151040 is out\n\n\n\nBeastie Bits\n\n\nDeb from the FreeBSD Foundation on FLOSS Weekly\nJailfox - BastilleBSD template to bootstrap Firefox.\nFreeBSD Journal Nov/Dec 2021\nFirst call through the 3ESS\nOpenBSD for minimalists\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDale - two zfs questions\nJohnny - home question\nMike - GhostBSD in a VM\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eACM: It takes a community, Don’t use discord for OSS projects, Unix in a browser tab, OpenIndiana Hipster 2021.10 available, Omni OS CE v11 is out, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://queue.acm.org/detail.cfm?id=3501361\" rel=\"nofollow\"\u003eIt takes a community - ACM\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003ePSA: Dont use Discord for Open Source Projects\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://sneak.berlin/20200220/discord-is-not-an-acceptable-choice-for-free-software-projects/\" rel=\"nofollow\"\u003eJeffrey Paul - Discord Is Not An Acceptable Choice For Free Software Projects\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://drewdevault.com/2021/12/28/Dont-use-Discord-for-FOSS.html\" rel=\"nofollow\"\u003eDrew deVault - Dont use Discord for FOSS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://browsix.org/\" rel=\"nofollow\"\u003eUnix in your Browser Tab\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openindiana.org/2021/12/05/openindiana-hipster-2021-10-is-here/\" rel=\"nofollow\"\u003eOpenIndiana Hipster 2021.10 is here\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/omniosorg/omnios-build/blob/r151040/doc/ReleaseNotes.md\" rel=\"nofollow\"\u003eOmni OS CE v11 r151040 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twit.tv/shows/floss-weekly/episodes/662?autostart=false\" rel=\"nofollow\"\u003eDeb from the FreeBSD Foundation on FLOSS Weekly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ddowse/jailfox\" rel=\"nofollow\"\u003eJailfox - BastilleBSD template to bootstrap Firefox.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/past-issues/storage-2/\" rel=\"nofollow\"\u003eFreeBSD Journal Nov/Dec 2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=WUUsAK21f20\" rel=\"nofollow\"\u003eFirst call through the 3ESS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krzysztofengineer/openbsd\" rel=\"nofollow\"\u003eOpenBSD for minimalists\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/439/feedback/Dale%20-%20two%20zfs%20questions.md\" rel=\"nofollow\"\u003eDale - two zfs questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/439/feedback/Johnny%20-%20home%20question.md\" rel=\"nofollow\"\u003eJohnny - home question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/439/feedback/Mike%20-%20GhostBSD%20in%20a%20VM.md\" rel=\"nofollow\"\u003eMike - GhostBSD in a VM\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"ACM: It takes a community, Don’t use discord for OSS projects, Unix in a browser tab, OpenIndiana Hipster 2021.10 available, Omni OS CE v11 is out, and more.","date_published":"2022-01-27T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/56286ede-3bd4-47f7-8002-c09a26263c44.mp3","mime_type":"audio/mpeg","size_in_bytes":25965648,"duration_in_seconds":2368}]},{"id":"7df88bb7-d7e9-4dbf-945e-7c15b4d4d963","title":"438: Toolchain Adventures","url":"https://www.bsdnow.tv/438","content_text":"FreeBSD Foundation reviews 2021 activities, DragonflyBSD 6.2.1 is here, Lumina Desktop 1.6.2 available, toolchain adventures, The OpenBSD BASED Challenge Day 7, Bastille Template: AdGuard Home, setting up ZSH on FreeBSD and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Foundation 2021 in Review\n\n\nSoftware Development\nYear End Fundraising Report\nInfrastructure Support\nAdvocacy\nFreeBSD 2022 CfP\n\n\n\n\nDragonFlyBSD 6.2.1 is out\n\n\n\nNews Roundup\n\nLumina Desktop 1.6.2 is out\n\n\n\nToolchain Adventures\n\n\n\nThe OpenBSD BASED Challenge Day 7\n\n\n\nBastille Template: AdGuard Home\n\n\n\nSetting up ZSH on FreeBSD\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n• Producers Note:  We did get some Christmas AMA questions in after we recorded that episode (since we recorded it early) but don't worry, I’ve made a note of them and we’ll save them for our next AMA episode. \n\n\n\nPatrick - Volume\nReptilicus Rex - FreeBSD Docs Team\nmichael - question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Foundation reviews 2021 activities, DragonflyBSD 6.2.1 is here, Lumina Desktop 1.6.2 available, toolchain adventures, The OpenBSD BASED Challenge Day 7, Bastille Template: AdGuard Home, setting up ZSH on FreeBSD and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eFreeBSD Foundation 2021 in Review\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2021-in-review-software-development/\" rel=\"nofollow\"\u003eSoftware Development\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2021-year-end-fundraising-report/\" rel=\"nofollow\"\u003eYear End Fundraising Report\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2021-in-review-infrastructure-support/\" rel=\"nofollow\"\u003eInfrastructure Support\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/2021-in-review-advocacy/\" rel=\"nofollow\"\u003eAdvocacy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-foundation-2022-call-for-proposals/\" rel=\"nofollow\"\u003eFreeBSD 2022 CfP\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release62/\" rel=\"nofollow\"\u003eDragonFlyBSD 6.2.1 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/post/2021-12-25/\" rel=\"nofollow\"\u003eLumina Desktop 1.6.2 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/toolchains-adventures-q4-2021/\" rel=\"nofollow\"\u003eToolchain Adventures\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://write.as/adventures-in-bsd/\" rel=\"nofollow\"\u003eThe OpenBSD BASED Challenge Day 7\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bastillebsd.org/blog/2022/01/03/bastille-template-examples-adguardhome/\" rel=\"nofollow\"\u003eBastille Template: AdGuard Home\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.danschmid.me/article/setting-up-zsh-on-freebsd\" rel=\"nofollow\"\u003eSetting up ZSH on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• Producers Note:  We did get some Christmas AMA questions in after we recorded that episode (since we recorded it early) but don\u0026#39;t worry, I’ve made a note of them and we’ll save them for our next AMA episode. \n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/438/feedback/Patrick%20-%20Volume.md\" rel=\"nofollow\"\u003ePatrick - Volume\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/438/feedback/Reptilicus%20Rex%20-%20FreeBSD%20Docs%20Team.md\" rel=\"nofollow\"\u003eReptilicus Rex - FreeBSD Docs Team\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/438/feedback/michael%20-%20question.md\" rel=\"nofollow\"\u003emichael - question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Foundation reviews 2021 activities, DragonflyBSD 6.2.1 is here, Lumina Desktop 1.6.2 available, toolchain adventures, The OpenBSD BASED Challenge Day 7, Bastille Template: AdGuard Home, setting up ZSH on FreeBSD and more.","date_published":"2022-01-20T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7df88bb7-d7e9-4dbf-945e-7c15b4d4d963.mp3","mime_type":"audio/mpeg","size_in_bytes":29848512,"duration_in_seconds":2795}]},{"id":"3e7f064f-6f8f-49ee-a2e6-6300007b7a88","title":"437: Audit that package","url":"https://www.bsdnow.tv/437","content_text":"Using FreeBSD’s pkg-audit, 20 year old bug that went to Mars, FreeBSD on Slimbook, LLDB FreeBSD kernel core dump support, Steam on OpenBSD, Cool but obscure X11 tools, and more \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nUsing FreeBSD’s pkg-audit\n\n\n\nThe 20 year old bug that went to Mars\n\n\nIt's rare that you come across a bug so subtle that it can last for two decades. But, that's exactly what has happened with the Lempel-Ziv-Oberhumer (LZO) algorithm. Initially written in 1994, Markus Oberhumer designed a sophisticated and extremely efficient compression algorithm so elegant and well architected that it outperforms zlib and bzip by four or five times their decompression speed.\n\nI was impressed to find out that his LZO algorithm has gone to the planet Mars on NASA devices multiple times! Most recently, LZO has touched down on the red planet within the Mars Curiosity Rover, which just celebrated its first martian anniversary on Tuesday.\n\nIn the past few years, LZO has gained traction in file systems as well. LZO can be used in the Linux kernel within btrfs, squashfs, jffs2, and ubifs. A recent variant of the algorithm, LZ4, is used for compression in ZFS for Solaris, Illumos, and FreeBSD.\n\nWith its popularity increasing, Lempel-Ziv-Oberhumer has been rewritten by many engineering firms for both closed and open systems. These rewrites, however, have always been based on Oberhumer's core open source implementation. As a result, they all inherited a subtle integer overflow. Even LZ4 has the same exact bug, but changed very slightly.\n\nBecause the LZO algorithm is considered a library function, each specific implementation must be evaluated for risk, regardless of whether the algorithm used has been patched. Why? We are talking about code that has existed in the wild for two decades. The scope of this algorithm touches everything from embedded microcontrollers on the Mars Rover, mainframe operating systems, modern day desktops, and mobile phones. Engineers that have used LZO must evaluate the use case to identify whether or not the implementation is vulnerable, and in what format.\n\n\n\n\nNews Roundup\n\nFreeBSD on Slimbook -- 14 months of updates\n\n\n\nLLDB FreeBSD kernel core dump support\n\n\n\nSteam on OpenBSD\n\n\n\nBeastie Bits\n\n• [OpenSSH Agent Restriction](http://undeadly.org/cgi?action=article;sid=20211220061017)\n• [OpenBSD’s Clang upgraded to version 13](http://undeadly.org/cgi?action=article;sid=20211220060327)\n• [Cool, but obscure X11 tools](http://cyber.dabamos.de/unix/x11/)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eUsing FreeBSD’s pkg-audit, 20 year old bug that went to Mars, FreeBSD on Slimbook, LLDB FreeBSD kernel core dump support, Steam on OpenBSD, Cool but obscure X11 tools, and more \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/using-freebsds-pkg-audit-to-investigate-known-security-issues/\" rel=\"nofollow\"\u003eUsing FreeBSD’s pkg-audit\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html\" rel=\"nofollow\"\u003eThe 20 year old bug that went to Mars\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt\u0026#39;s rare that you come across a bug so subtle that it can last for two decades. But, that\u0026#39;s exactly what has happened with the Lempel-Ziv-Oberhumer (LZO) algorithm. Initially written in 1994, Markus Oberhumer designed a sophisticated and extremely efficient compression algorithm so elegant and well architected that it outperforms zlib and bzip by four or five times their decompression speed.\u003c/p\u003e\n\n\u003cp\u003eI was impressed to find out that his LZO algorithm has gone to the planet Mars on NASA devices multiple times! Most recently, LZO has touched down on the red planet within the Mars Curiosity Rover, which just celebrated its first martian anniversary on Tuesday.\u003c/p\u003e\n\n\u003cp\u003eIn the past few years, LZO has gained traction in file systems as well. LZO can be used in the Linux kernel within btrfs, squashfs, jffs2, and ubifs. A recent variant of the algorithm, LZ4, is used for compression in ZFS for Solaris, Illumos, and FreeBSD.\u003c/p\u003e\n\n\u003cp\u003eWith its popularity increasing, Lempel-Ziv-Oberhumer has been rewritten by many engineering firms for both closed and open systems. These rewrites, however, have always been based on Oberhumer\u0026#39;s core open source implementation. As a result, they all inherited a subtle integer overflow. Even LZ4 has the same exact bug, but changed very slightly.\u003c/p\u003e\n\n\u003cp\u003eBecause the LZO algorithm is considered a library function, each specific implementation must be evaluated for risk, regardless of whether the algorithm used has been patched. Why? We are talking about code that has existed in the wild for two decades. The scope of this algorithm touches everything from embedded microcontrollers on the Mars Rover, mainframe operating systems, modern day desktops, and mobile phones. Engineers that have used LZO must evaluate the use case to identify whether or not the implementation is vulnerable, and in what format.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/freebsd/2021/12/11/slimbook.html\" rel=\"nofollow\"\u003eFreeBSD on Slimbook -- 14 months of updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.moritz.systems/blog/lldb-freebsd-kernel-core-dump-support/\" rel=\"nofollow\"\u003eLLDB FreeBSD kernel core dump support\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-12-01-openbsd-steam.html\" rel=\"nofollow\"\u003eSteam on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [OpenSSH Agent Restriction](http://undeadly.org/cgi?action=article;sid=20211220061017)\n• [OpenBSD’s Clang upgraded to version 13](http://undeadly.org/cgi?action=article;sid=20211220060327)\n• [Cool, but obscure X11 tools](http://cyber.dabamos.de/unix/x11/)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Using FreeBSD’s pkg-audit, 20 year old bug that went to Mars, FreeBSD on Slimbook, LLDB FreeBSD kernel core dump support, Steam on OpenBSD, Cool but obscure X11 tools, and more \r\n","date_published":"2022-01-13T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3e7f064f-6f8f-49ee-a2e6-6300007b7a88.mp3","mime_type":"audio/mpeg","size_in_bytes":24973752,"duration_in_seconds":2463}]},{"id":"5603c389-e7e5-4b55-ae6e-9ba425abfb2b","title":"436: Unix Standards Battle","url":"https://www.bsdnow.tv/436","content_text":"UNIX Wars, What every IT person needs to know about OpenBSD Part 3, FreeBSD 12.3 is here, TrueNAS 13 begins, what Unix pre-boot envs looked liked, run Unix on Microcontrollers with PDP-11 emulators and more.\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nUNIX Wars – The Battle for Standards\n\n\n\nWhat every IT person needs to know about OpenBSD Part 3: That packet filter\n\n\n\nFreeBSD 12.3-RELEASE Release Notes\n\n\n\nNews Roundup\n\nTrueNAS 12.0-U7 is Released \u0026amp; TrueNAS 13.0 Begins\n\n\n\nA bit on what Unix system pre-boot environments used to look like\n\n\n\nRUN UNIX ON MICROCONTROLLERS WITH PDP-11 EMULATOR\n\n\n\nBeastie Bits\n\n• [BSDCan 2022 is a go.](https://www.bsdcan.org/2022/)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eUNIX Wars, What every IT person needs to know about OpenBSD Part 3, FreeBSD 12.3 is here, TrueNAS 13 begins, what Unix pre-boot envs looked liked, run Unix on Microcontrollers with PDP-11 emulators and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/unix-wars-the-battle-for-standards/\" rel=\"nofollow\"\u003eUNIX Wars – The Battle for Standards\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.apnic.net/2021/11/11/openbsd-part-3-that-packet-filter/\" rel=\"nofollow\"\u003eWhat every IT person needs to know about OpenBSD Part 3: That packet filter\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/12.3R/relnotes/\" rel=\"nofollow\"\u003eFreeBSD 12.3-RELEASE Release Notes\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-12-0-u7-is-released-truenas-13-0-begins/\" rel=\"nofollow\"\u003eTrueNAS 12.0-U7 is Released \u0026amp; TrueNAS 13.0 Begins\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/UnixPreBootEnvironments\" rel=\"nofollow\"\u003eA bit on what Unix system pre-boot environments used to look like\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hackaday.com/2021/11/19/run-unix-on-microcontrollers-with-pdp-11-emulator/\" rel=\"nofollow\"\u003eRUN UNIX ON MICROCONTROLLERS WITH PDP-11 EMULATOR\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [BSDCan 2022 is a go.](https://www.bsdcan.org/2022/)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"UNIX Wars, What every IT person needs to know about OpenBSD Part 3, FreeBSD 12.3 is here, TrueNAS 13 begins, what Unix pre-boot envs looked liked, run Unix on Microcontrollers with PDP-11 emulators and more.","date_published":"2022-01-06T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5603c389-e7e5-4b55-ae6e-9ba425abfb2b.mp3","mime_type":"audio/mpeg","size_in_bytes":27911640,"duration_in_seconds":2612}]},{"id":"96e38cf0-0975-4dd8-8eb3-c7626c45369a","title":"435: Year End Interview","url":"https://www.bsdnow.tv/435","content_text":"In this last episode of 2021, we interview Solene from OpenBSD. She’s blogging about her experiences with OpenBSD on dataswamp.org, the webzine she created, how she got involved and other topics. Enjoy and best wishes for 2022! \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nInterview - Solene Rapenne - solene+www@dataswamp.org / [@solene@bsd.network](@solene@bsd.network (mastodon))\n\nhttps://dataswamp.org/~solene/2021-07-26-old-computer-challenge-after.html\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Solène Rapenne.","content_html":"\u003cp\u003eIn this last episode of 2021, we interview Solene from OpenBSD. She’s blogging about her experiences with OpenBSD on dataswamp.org, the webzine she created, how she got involved and other topics. Enjoy and best wishes for 2022! \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview - Solene Rapenne - \u003ca href=\"mailto:solene+www@dataswamp.org\" rel=\"nofollow\"\u003esolene+www@dataswamp.org\u003c/a\u003e / [@\u003ca href=\"mailto:solene@bsd.network\" rel=\"nofollow\"\u003esolene@bsd.network\u003c/a\u003e](@\u003ca href=\"mailto:solene@bsd.network\" rel=\"nofollow\"\u003esolene@bsd.network\u003c/a\u003e (mastodon))\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-07-26-old-computer-challenge-after.html\" rel=\"nofollow\"\u003ehttps://dataswamp.org/~solene/2021-07-26-old-computer-challenge-after.html\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Solène Rapenne.\u003c/p\u003e","summary":"In this last episode of 2021, we interview Solene from OpenBSD. She’s blogging about her experiences with OpenBSD on dataswamp.org, the webzine she created, how she got involved and other topics. Enjoy and best wishes for 2022! ","date_published":"2021-12-30T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/96e38cf0-0975-4dd8-8eb3-c7626c45369a.mp3","mime_type":"audio/mpeg","size_in_bytes":20684232,"duration_in_seconds":2031}]},{"id":"40afa2c2-e5e7-4c5c-b505-9c02dcc8953a","title":"434: It’s Quiz-mas time","url":"https://www.bsdnow.tv/434","content_text":"In this special xmas episode we let the audience interview us using questions they sent us and we’ll answer now. Tom, Allan, JT, and I are all here, so stay tuned for some interesting answers to your questions.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nInterview\n\nAllan - allanjude@freebsd.org / Twitter : @allanjude\n\nBenedict - bcr@freebsd.org / Twitter : @bsdbcr\n\nTom - thj@freebsd.org / Twitter : @adventureloop\n\nJT - jt@obs-sec.com / Twitter : @q5sys\n\n\n\nTarsnap\n\n\nThis week’s episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eIn this special xmas episode we let the audience interview us using questions they sent us and we’ll answer now. Tom, Allan, JT, and I are all here, so stay tuned for some interesting answers to your questions.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview\u003c/h2\u003e\n\n\u003ch3\u003eAllan - \u003ca href=\"mailto:allanjude@freebsd.org\" rel=\"nofollow\"\u003eallanjude@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/allanjude\" rel=\"nofollow\"\u003eTwitter : @allanjude\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003eBenedict - \u003ca href=\"mailto:bcr@freebsd.org\" rel=\"nofollow\"\u003ebcr@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdbcr\" rel=\"nofollow\"\u003eTwitter : @bsdbcr\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003eTom - \u003ca href=\"mailto:thj@freebsd.org\" rel=\"nofollow\"\u003ethj@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/adventureloop\" rel=\"nofollow\"\u003eTwitter : @adventureloop\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003eJT - \u003ca href=\"mailto:jt@obs-sec.com\" rel=\"nofollow\"\u003ejt@obs-sec.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/q5sys\" rel=\"nofollow\"\u003eTwitter : @q5sys\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis week’s episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"In this special xmas episode we let the audience interview us using questions they sent us and we’ll answer now. Tom, Allan, JT, and I are all here, so stay tuned for some interesting answers to your questions.","date_published":"2021-12-23T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/40afa2c2-e5e7-4c5c-b505-9c02dcc8953a.mp3","mime_type":"audio/mpeg","size_in_bytes":35359104,"duration_in_seconds":3510}]},{"id":"a47d75e2-ee2d-4fea-af03-c7e8cab86efc","title":"433:  GhostBSD of Christmas","url":"https://www.bsdnow.tv/433","content_text":"GhostBSD 21.11.24 ISO available, why v7 matters so much, OpenBSD on VIA Eden X2 powered HP t510 Thin Client, OctoPkg GUI Package Manager, chdir(2) support in posix_spawn(3), install doas on FreeBSD, Access Modem's Web Interface with OPNsense, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nGhostBSD 21.11.24 ISO is now available\n\n\n\nWhy v7 matters so much\n\n\n\nNews Roundup\n\nOpenBSD on the VIA Eden X2 powered HP t510 Thin Client\n\n\n\nOctoPkg: A Great GUI Package Manager In FreeBSD\n\n\n\nProject Report: Add support for chdir(2) support in posix_spawn(3)\n\n\n\nHow To Install doas in FreeBSD 13\n\n\n\nHow to Access Your Modem's Web Interface with OPNsense\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\nNo feedback for this episode because no one sent any in. :(\nI guess we’ve answered every BSD and Unix question that everyone has.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eGhostBSD 21.11.24 ISO available, why v7 matters so much, OpenBSD on VIA Eden X2 powered HP t510 Thin Client, OctoPkg GUI Package Manager, chdir(2) support in posix_spawn(3), install doas on FreeBSD, Access Modem\u0026#39;s Web Interface with OPNsense, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ghostbsd.org/ghostbsd_21.11.24_iso_is_now_available\" rel=\"nofollow\"\u003eGhostBSD 21.11.24 ISO is now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/V7WhyItMattersSoMuch\" rel=\"nofollow\"\u003eWhy v7 matters so much\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/openbsd-on-the-via-eden-x2-powered-hp-t510-thin-client/\" rel=\"nofollow\"\u003eOpenBSD on the VIA Eden X2 powered HP t510 Thin Client\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nudesystems.com/octopkg-a-great-gui-package-manager-in-freebsd/\" rel=\"nofollow\"\u003eOctoPkg: A Great GUI Package Manager In FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/project_report_add_support_for\" rel=\"nofollow\"\u003eProject Report: Add support for chdir(2) support in posix_spawn(3)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nudesystems.com/how-to-install-doas-in-freebsd-13/\" rel=\"nofollow\"\u003eHow To Install doas in FreeBSD 13\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://homenetworkguy.com/how-to/access-your-modem-web-interface-with-opnsense/\" rel=\"nofollow\"\u003eHow to Access Your Modem\u0026#39;s Web Interface with OPNsense\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003eNo feedback for this episode because no one sent any in. :(\u003cbr\u003e\nI guess we’ve answered every BSD and Unix question that everyone has.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"GhostBSD 21.11.24 ISO available, why v7 matters so much, OpenBSD on VIA Eden X2 powered HP t510 Thin Client, OctoPkg GUI Package Manager, chdir(2) support in posix_spawn(3), install doas on FreeBSD, Access Modem's Web Interface with OPNsense, and more","date_published":"2021-12-16T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a47d75e2-ee2d-4fea-af03-c7e8cab86efc.mp3","mime_type":"audio/mpeg","size_in_bytes":17996472,"duration_in_seconds":1758}]},{"id":"754bd5bc-3e7d-4431-8afb-5d1bbed709f8","title":"432: Introducing OpenZFS 3.0 - Yeah","url":"https://www.bsdnow.tv/432","content_text":"HAMBug hybrid meeting, Demystifying OpenZFS 2.0, OpenZFS 3.0 introduced at Dev Summit, HardenedBSD Home Infrastructure Status, Running Awk in parallel, FreeBSD Announces Wayland 1.19.91, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nHAMBug hybrid meeting\n\n\nHoping to squeeze in an in-person meeting incase the pandemic situation regresses\n***\n### Demystifying OpenZFS 2.0\nDo you like the articles we post? We are looking for authors (or even just your ideas) to keep providing these high quality articles.\nJob Posting\n***\n### OpenZFS 3.0 Introduced at Dev Summit\n***\n### OpenZFS vdev properties feature has been merged\n***\n\n\nNews Roundup\n\nOctober 2021 Home Infrastructure Status\n\n\n\nRunning Awk in parallel to process 256M records\n\n\n\nFreeBSD Announce wayland 1.19.91\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - running linux binaries under FreeBSD\nLars - Finding BSD Topics via search engine\nMarc - Your views on this question on Reddit\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eHAMBug hybrid meeting, Demystifying OpenZFS 2.0, OpenZFS 3.0 introduced at Dev Summit, HardenedBSD Home Infrastructure Status, Running Awk in parallel, FreeBSD Announces Wayland 1.19.91, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hambug.ca/\" rel=\"nofollow\"\u003eHAMBug hybrid meeting\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHoping to squeeze in an in-person meeting incase the pandemic situation regresses\n***\n### \u003ca href=\"https://klarasystems.com/articles/demystifying-openzfs-2-0/\" rel=\"nofollow\"\u003eDemystifying OpenZFS 2.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo you like the articles we post? We are looking for authors (or even just your ideas) to keep providing these high quality articles.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/archives/freebsd-jobs/2021-November/000003.html\" rel=\"nofollow\"\u003eJob Posting\u003c/a\u003e\n***\n### \u003ca href=\"https://www.ixsystems.com/blog/openzfs-3-0-introduced-at-developer-summit/\" rel=\"nofollow\"\u003eOpenZFS 3.0 Introduced at Dev Summit\u003c/a\u003e\n***\n### \u003ca href=\"https://github.com/openzfs/zfs/pull/11711\" rel=\"nofollow\"\u003eOpenZFS vdev properties feature has been merged\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://git.hardenedbsd.org/shawn.webb/articles/-/blob/master/personal/2021-10-20_home_infra/article.md\" rel=\"nofollow\"\u003eOctober 2021 Home Infrastructure Status\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ketancmaheshwari.github.io/posts/2020/05/24/SMC18-Data-Challenge-4.html\" rel=\"nofollow\"\u003eRunning Awk in parallel to process 256M records\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freedesktop.org/archives/wayland-devel/2021-November/042026.html\" rel=\"nofollow\"\u003eFreeBSD Announce wayland 1.19.91\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/432/feedback/Brad%20-%20running%20linux%20binaries%20under%20FreeBSD.md\" rel=\"nofollow\"\u003eBrad - running linux binaries under FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/432/feedback/Lars%20-%20Finding%20BSD%20Topics%20via%20search%20engine.md\" rel=\"nofollow\"\u003eLars - Finding BSD Topics via search engine\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/432/feedback/Marc%20-%20Your%20views%20on%20this%20question%20on%20Reddit.md\" rel=\"nofollow\"\u003eMarc - Your views on this question on Reddit\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"HAMBug hybrid meeting, Demystifying OpenZFS 2.0, OpenZFS 3.0 introduced at Dev Summit, HardenedBSD Home Infrastructure Status, Running Awk in parallel, FreeBSD Announces Wayland 1.19.91, and more","date_published":"2021-12-09T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/754bd5bc-3e7d-4431-8afb-5d1bbed709f8.mp3","mime_type":"audio/mpeg","size_in_bytes":33615312,"duration_in_seconds":3283}]},{"id":"3b2d65ab-f8a0-4e12-b6d1-6a257aef7511","title":"431: FreeBSD EC2 Agents","url":"https://www.bsdnow.tv/431","content_text":"Why use OpenBSD part 2, FreeBSD on the RISC-V Architecture, OpenBSD Webzine Issue 4, Ending up liking GNOME, OPNsense 21.7.5 released, Jenkins with FreeBSD Agents in EC2, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhat every IT person needs to know about OpenBSD Part 2: Why use OpenBSD?\n\n\n\nLooking Towards the Future: FreeBSD on the RISC-V Architecture\n\n\n\n\n\nNews Roundup\n\nOpenBSD Webzine Issue 4\n\n\n\nHow I ended up liking GNOME\n\n\n\nOPNsense 21.7.5 released\n\n\n\nJenkins with FreeBSD Agents in ec2\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAndreas - ZFS and Trim\nHamza - swift on the BSDs\nKendall - how many mirror\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWhy use OpenBSD part 2, FreeBSD on the RISC-V Architecture, OpenBSD Webzine Issue 4, Ending up liking GNOME, OPNsense 21.7.5 released, Jenkins with FreeBSD Agents in EC2, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.apnic.net/2021/11/05/openbsd-part-2-why-use-openbsd/\" rel=\"nofollow\"\u003eWhat every IT person needs to know about OpenBSD Part 2: Why use OpenBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/looking-towards-the-future-freebsd-on-the-risc-v-architecture/\" rel=\"nofollow\"\u003eLooking Towards the Future: FreeBSD on the RISC-V Architecture\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://webzine.puffy.cafe/issue-4.html\" rel=\"nofollow\"\u003eOpenBSD Webzine Issue 4\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-11-10-how-I-ended-liking-gnome.html\" rel=\"nofollow\"\u003eHow I ended up liking GNOME\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-21-7-5-released/\" rel=\"nofollow\"\u003eOPNsense 21.7.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://beerdy.io/2021/10/jenkins-with-freebsd-agents-in-ec2/\" rel=\"nofollow\"\u003eJenkins with FreeBSD Agents in ec2\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/431/feedback/Andreas%20-%20ZFS%20and%20Trim.md\" rel=\"nofollow\"\u003eAndreas - ZFS and Trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/431/feedback/Hamza%20-%20swift%20on%20the%20BSDs.md\" rel=\"nofollow\"\u003eHamza - swift on the BSDs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/431/feedback/Kendall%20-%20how%20many%20mirrors.md\" rel=\"nofollow\"\u003eKendall - how many mirror\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Why use OpenBSD part 2, FreeBSD on the RISC-V Architecture, OpenBSD Webzine Issue 4, Ending up liking GNOME, OPNsense 21.7.5 released, Jenkins with FreeBSD Agents in EC2, and more","date_published":"2021-12-02T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3b2d65ab-f8a0-4e12-b6d1-6a257aef7511.mp3","mime_type":"audio/mpeg","size_in_bytes":26124072,"duration_in_seconds":2637}]},{"id":"a211d686-fe47-4d60-9f0d-41d44cb4af80","title":"430: OpenBSD Onwards","url":"https://www.bsdnow.tv/430","content_text":"Manipulate a ZFS pool from Rescue System, FreeBSD 3rd Quarter Report, Monitoring FreeBSD jails form the host, OpenBSD on RPI4 with Full Disk Encryption, Onwards with OpenBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nGoing From Recovery Mode to Normal Operations with OpenZFS Manipulating a Pool from the Rescue System\n\n\n\nMonitoring FreeBSD jails from the host\n\n\n\nNews Roundup\n\nFreeBSD Quarterly Status Report 3rd Quarter 2021\n\n\n\nOpenBSD on Raspberry Pi 4 with Full-Disk Encryption\n\n\n\nCatchup 2021-11-03\n\n\n\nBeastie Bits\n\n• [Manage Kubernetes cluster from FreeBSD with kubectl](https://www.youtube.com/watch?v=iUxJIXKtK7c)\n• [amdgpu support in DragonFly](https://www.dragonflydigest.com/2021/11/08/26343.html)\n• [Today is the 50th Anniversary of the 1st Edition of Unix...](https://twitter.com/bsdimp/status/1456019089466421248?s=20)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nEfraim - response to IPFS and an overlay filesystem\nPaul - FS Send question\nsev - Freebsd \u0026amp; IPA\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eManipulate a ZFS pool from Rescue System, FreeBSD 3rd Quarter Report, Monitoring FreeBSD jails form the host, OpenBSD on RPI4 with Full Disk Encryption, Onwards with OpenBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/manipulating-a-pool-from-the-rescue-system/\" rel=\"nofollow\"\u003eGoing From Recovery Mode to Normal Operations with OpenZFS Manipulating a Pool from the Rescue System\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2021/10/31/monitoring-freebsd-jails-from-the-host/\" rel=\"nofollow\"\u003eMonitoring FreeBSD jails from the host\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/status/report-2021-07-2021-09/\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report 3rd Quarter 2021\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://matecha.net/posts/openbsd-on-pi-4-with-full-disk-encryption/\" rel=\"nofollow\"\u003eOpenBSD on Raspberry Pi 4 with Full-Disk Encryption\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20211103080052\" rel=\"nofollow\"\u003eCatchup 2021-11-03\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Manage Kubernetes cluster from FreeBSD with kubectl](https://www.youtube.com/watch?v=iUxJIXKtK7c)\n• [amdgpu support in DragonFly](https://www.dragonflydigest.com/2021/11/08/26343.html)\n• [Today is the 50th Anniversary of the 1st Edition of Unix...](https://twitter.com/bsdimp/status/1456019089466421248?s=20)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/430/feedback/Efraim%20-%20response%20to%20IPFS%20and%20an%20overlay%20filesystem.md\" rel=\"nofollow\"\u003eEfraim - response to IPFS and an overlay filesystem\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/430/feedback/Paul%20-%20FS%20Send%20question.md\" rel=\"nofollow\"\u003ePaul - FS Send question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/430/feedback/sev%20-%20Freebsd%20%26%20IPA.md\" rel=\"nofollow\"\u003esev - Freebsd \u0026amp; IPA\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Manipulate a ZFS pool from Rescue System, FreeBSD 3rd Quarter Report, Monitoring FreeBSD jails form the host, OpenBSD on RPI4 with Full Disk Encryption, Onwards with OpenBSD, and more","date_published":"2021-11-25T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a211d686-fe47-4d60-9f0d-41d44cb4af80.mp3","mime_type":"audio/mpeg","size_in_bytes":27077856,"duration_in_seconds":2746}]},{"id":"1f4cdc97-493b-4460-a6c0-a334cc96ff50","title":"429: Advanced ZFS Snapshots","url":"https://www.bsdnow.tv/429","content_text":"FreeBSD Foundation October Fundraising Update, Advanced ZFS Snapshots, Full WireGuard setup with OpenBSD, MidnightBSD a Linux Alternative, FreeBSD Audio, Tuning Power Consumption on FreeBSD Laptops, Thoughts on Spelling Fixes, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nFreeBSD Foundation October 2021 Fundraising Update\n\n\n\nAdvanced ZFS Snapshots\n\n\n\nNews Roundup\n\nFull WireGuard setup with OpenBSD\n\n\n\nMidnightBSD a Linux Alternative\n\n\n\nFreeBSD Audio\n\n\n\nTuning Power Consumption on FreeBSD Laptops and Intel Speed Shift (6th Gen and Later)\n\n\n\nSome Thoughts on Spelling Fixes\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBens feedback to Benedict's feedback to Bens question about zpoolboy\nhcddbz - Old Technical Books\njason - a jails question\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Foundation October Fundraising Update, Advanced ZFS Snapshots, Full WireGuard setup with OpenBSD, MidnightBSD a Linux Alternative, FreeBSD Audio, Tuning Power Consumption on FreeBSD Laptops, Thoughts on Spelling Fixes, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-foundation-october-2021-fundraising-update/\" rel=\"nofollow\"\u003eFreeBSD Foundation October 2021 Fundraising Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/advanced-zfs-snapshots/\" rel=\"nofollow\"\u003eAdvanced ZFS Snapshots\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-10-09-openbsd-wireguard-exit.html\" rel=\"nofollow\"\u003eFull WireGuard setup with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.makeuseof.com/midnightbsd-linux-desktop-alternative/\" rel=\"nofollow\"\u003eMidnightBSD a Linux Alternative\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://meka.rs/blog/2021/10/12/freebsd-audio/\" rel=\"nofollow\"\u003eFreeBSD Audio\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.neelc.org/posts/freebsd-speed-shift-laptop/\" rel=\"nofollow\"\u003eTuning Power Consumption on FreeBSD Laptops and Intel Speed Shift (6th Gen and Later)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdimp.blogspot.com/2021/10/spelling-fixes-some-advice.html\" rel=\"nofollow\"\u003eSome Thoughts on Spelling Fixes\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/429/feedback/Bens%20feedback%20to%20Benedicts%20feedback%20to%20Bens%20question%20about%20zpoolboy.md\" rel=\"nofollow\"\u003eBens feedback to Benedict\u0026#39;s feedback to Bens question about zpoolboy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/429/feedback/hcddbz%20-%20Old%20Technical%20Books.md\" rel=\"nofollow\"\u003ehcddbz - Old Technical Books\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/429/feedback/jason%20-%20a%20jails%20question.md\" rel=\"nofollow\"\u003ejason - a jails question\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Foundation October Fundraising Update, Advanced ZFS Snapshots, Full WireGuard setup with OpenBSD, MidnightBSD a Linux Alternative, FreeBSD Audio, Tuning Power Consumption on FreeBSD Laptops, Thoughts on Spelling Fixes, and more.","date_published":"2021-11-18T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1f4cdc97-493b-4460-a6c0-a334cc96ff50.mp3","mime_type":"audio/mpeg","size_in_bytes":22911048,"duration_in_seconds":2344}]},{"id":"1d7be1ab-6939-4fcf-80da-698e14ce721d","title":"428: Cult of BSD","url":"https://www.bsdnow.tv/428","content_text":"OpenBSD Part 1: How it all started, Explaining top(1) on FreeBSD, Measuring power efficiency of a CPU frequency scheduler on OpenBSD, CultBSD, a whole lot of BSD bits, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon\n\nHeadlines\n\nWhat every IT person needs to know about OpenBSD Part 1: How it all started\n\n\n\nExplaining top(1) on FreeBSD\n\n\n\nNews Roundup\n\nMeasuring power efficiency of a CPU frequency scheduler on OpenBSD\n\n\n\nCultBSD\n\n\n\nBeastie Bits\n\n• [OpenBSD on the HiFive Unmatched](https://kernelpanic.life/hardware/hifive-unmatched.html)\n• [Advanced Documentation Retrieval on FreeBSD](https://adventurist.me/posts/00306)\n• [OpenBSD Webzine Issue 3 is out](https://webzine.puffy.cafe/issue-3.html)\n• [How to connect and use Bluetooth headphones on FreeBSD](https://forums.freebsd.org/threads/bluetooth-audio-how-to-connect-and-use-bluetooth-headphones-on-freebsd.82671/)\n• [How To: Execute Firefox in a jail using iocage and ssh/jailme](https://forums.freebsd.org/threads/how-to-execute-firefox-in-a-jail-using-iocage-and-ssh-jailme.53362/)\n• [Understanding AWK](https://earthly.dev/blog/awk-examples/)\n• [“Domesticate Your Badgers” Kickstarter Opens](https://mwl.io/archives/13297)\n• [Bootstrap an OPNsense development environment in Vagrant](https://github.com/punktDe/vagrant-opnsense)\n• [VLANs Bridges and LAG Interface best practice questions](https://www.truenas.com/community/threads/vlans-bridges-and-lag-interface-best-practice-questions.93275/)\n• [A Console Desktop](https://pspodcasting.net/dan/blog/2018/console_desktop.html)\n• [CharmBUG Casual BSD Meetup and Games (Online)](https://www.meetup.com/CharmBUG/events/281822524)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDan - ZFS question\nLars - Thanks for the interview\njesse - migrating data from old laptop\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenBSD Part 1: How it all started, Explaining top(1) on FreeBSD, Measuring power efficiency of a CPU frequency scheduler on OpenBSD, CultBSD, a whole lot of BSD bits, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e and the \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003eBSDNow Patreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.apnic.net/2021/10/28/openbsd-part-1-how-it-all-started/\" rel=\"nofollow\"\u003eWhat every IT person needs to know about OpenBSD Part 1: How it all started\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/explaining-top1-on-freebsd/\" rel=\"nofollow\"\u003eExplaining top(1) on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-09-26-openbsd-power-usage.html\" rel=\"nofollow\"\u003eMeasuring power efficiency of a CPU frequency scheduler on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sourceforge.net/projects/cult-bsd/\" rel=\"nofollow\"\u003eCultBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [OpenBSD on the HiFive Unmatched](https://kernelpanic.life/hardware/hifive-unmatched.html)\n• [Advanced Documentation Retrieval on FreeBSD](https://adventurist.me/posts/00306)\n• [OpenBSD Webzine Issue 3 is out](https://webzine.puffy.cafe/issue-3.html)\n• [How to connect and use Bluetooth headphones on FreeBSD](https://forums.freebsd.org/threads/bluetooth-audio-how-to-connect-and-use-bluetooth-headphones-on-freebsd.82671/)\n• [How To: Execute Firefox in a jail using iocage and ssh/jailme](https://forums.freebsd.org/threads/how-to-execute-firefox-in-a-jail-using-iocage-and-ssh-jailme.53362/)\n• [Understanding AWK](https://earthly.dev/blog/awk-examples/)\n• [“Domesticate Your Badgers” Kickstarter Opens](https://mwl.io/archives/13297)\n• [Bootstrap an OPNsense development environment in Vagrant](https://github.com/punktDe/vagrant-opnsense)\n• [VLANs Bridges and LAG Interface best practice questions](https://www.truenas.com/community/threads/vlans-bridges-and-lag-interface-best-practice-questions.93275/)\n• [A Console Desktop](https://pspodcasting.net/dan/blog/2018/console_desktop.html)\n• [CharmBUG Casual BSD Meetup and Games (Online)](https://www.meetup.com/CharmBUG/events/281822524)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/428/feedback/Dan%20-%20ZFS%20question.md\" rel=\"nofollow\"\u003eDan - ZFS question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/428/feedback/Lars%20-%20Thanks%20for%20the%20interview.md\" rel=\"nofollow\"\u003eLars - Thanks for the interview\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/428/feedback/jesse%20-%20migrating%20data%20from%20old%20laptop.md\" rel=\"nofollow\"\u003ejesse - migrating data from old laptop\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD Part 1: How it all started, Explaining top(1) on FreeBSD, Measuring power efficiency of a CPU frequency scheduler on OpenBSD, CultBSD, a whole lot of BSD bits, and more. ","date_published":"2021-11-11T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1d7be1ab-6939-4fcf-80da-698e14ce721d.mp3","mime_type":"audio/mpeg","size_in_bytes":30685968,"duration_in_seconds":3261}]},{"id":"e0be5e06-7a29-4e22-9828-6a34074a48e5","title":"427: Logging is important","url":"https://www.bsdnow.tv/427","content_text":"Build Your FreeBSD Developer Workstation, logging is important, how BSD authentication works, pfSense turns 15 years old, OPNsense Business Edition 21.10 released,  getting started with pot, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\nIf you like BSDNow, consider supporting us on Patreon\n\nHeadlines\n\nBuilding Your FreeBSD Developer Workstation Setup\n\n\n\nWhat I learned from Russian students: logging is important\n\n\n\nNews Roundup\n\nHow BSD Authentication works\n\n\n\npfSense Software is 15 Today!\n\n\n\nOPNsense® Business Edition 21.10 released\n\n\n\nGetting started with pot\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n## Feedback/Questions\nBenjamin - Question for Benedict\nNelson - Episode 419 correction\nPeter - state machines\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eBuild Your FreeBSD Developer Workstation, logging is important, how BSD authentication works, pfSense turns 15 years old, OPNsense Business Edition 21.10 released,  getting started with pot, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003cbr\u003e\nIf you like BSDNow, consider supporting us on \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003ePatreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-developer-workstation-setup/\" rel=\"nofollow\"\u003eBuilding Your FreeBSD Developer Workstation Setup\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://peter.czanik.hu/posts/russian_students_logging\" rel=\"nofollow\"\u003eWhat I learned from Russian students: logging is important\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.lambda.cx/posts/how-bsd-authentication-works/\" rel=\"nofollow\"\u003eHow BSD Authentication works\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netgate.com/blog/pfsense-software-is-15-today\" rel=\"nofollow\"\u003epfSense Software is 15 Today!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-business-edition-21-10-released/\" rel=\"nofollow\"\u003eOPNsense® Business Edition 21.10 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://pot.pizzamig.dev/Getting/\" rel=\"nofollow\"\u003eGetting started with pot\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n## Feedback/Questions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/427/feedback/Benjamin%20-%20Question%20for%20Benedict.md\" rel=\"nofollow\"\u003eBenjamin - Question for Benedict\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/427/feedback/Nelson%20-%20Episode%20419%20correction.md\" rel=\"nofollow\"\u003eNelson - Episode 419 correction\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/427/feedback/Peter%20-%20state%20machines.md\" rel=\"nofollow\"\u003ePeter - state machines\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Build Your FreeBSD Developer Workstation, logging is important, how BSD authentication works, pfSense turns 15 years old, OPNsense Business Edition 21.10 released,  getting started with pot, and more","date_published":"2021-11-04T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e0be5e06-7a29-4e22-9828-6a34074a48e5.mp3","mime_type":"audio/mpeg","size_in_bytes":27413712,"duration_in_seconds":2625}]},{"id":"8a560bbe-5ee6-4ac7-96a4-2b2ec958f138","title":"426: OpenBSD 7.0 Hero","url":"https://www.bsdnow.tv/426","content_text":"A Good Time to Use OpenZFS Slog, OpenBSD 7.0 is out, OpenBSD and Wayland, UVM faults yield significant performance boost, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nIf you like BSDNow, consider supporting us on Patreon\n\nWhat Makes a Good Time to Use OpenZFS Slog and When Should You Avoid It\n\n\n\nOpenBSD 7.0 is out\n\n\n\nNews Roundup\n\nOpenBSD and Wayland\n\n\n\nUnlocking UVM faults yields significant performance boost\n\n\n\nBeastie Bits\n\nPLAN 9 DESKTOP GUIDE\nlibvirt and DragonFly\nEuroBSDCon 2021 videos are available\nIssue#1 of OpenBSD Webzine\nThe Beastie has landed.\nIt’s 1998 and you are Sun Microsystems...\n\n\nReply link that's down\nRSA/SHA1 signature type disabled by default in OpenSSH\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDan - IPFS\nJack - IPFS\nJohnny - AdvanceBSD\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eA Good Time to Use OpenZFS Slog, OpenBSD 7.0 is out, OpenBSD and Wayland, UVM faults yield significant performance boost, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003eIf you like BSDNow, consider supporting us on \u003ca href=\"https://www.patreon.com/bsdnow\" rel=\"nofollow\"\u003ePatreon\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/what-makes-a-good-time-to-use-openzfs-slog-and-when-should-you-avoid-it/\" rel=\"nofollow\"\u003eWhat Makes a Good Time to Use OpenZFS Slog and When Should You Avoid It\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/70.html\" rel=\"nofollow\"\u003eOpenBSD 7.0 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.sizeofvoid.org/posts/2021-09-26-openbsd-wayland-report/\" rel=\"nofollow\"\u003eOpenBSD and Wayland\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210908084117\" rel=\"nofollow\"\u003eUnlocking UVM faults yields significant performance boost\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://pspodcasting.net/dan/blog/2019/plan9_desktop.html\" rel=\"nofollow\"\u003ePLAN 9 DESKTOP GUIDE\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.dragonflydigest.com/2021/10/04/26234.html\" rel=\"nofollow\"\u003elibvirt and DragonFly\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210928192806\" rel=\"nofollow\"\u003eEuroBSDCon 2021 videos are available\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://twitter.com/lcheylus/status/1446553240707993600?s=28\" rel=\"nofollow\"\u003eIssue#1 of OpenBSD Webzine\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://twitter.com/ed_maste/status/1446846780663123968?s=28\" rel=\"nofollow\"\u003eThe Beastie has landed.\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://twitter.com/knaversr/status/1443778072113602562\" rel=\"nofollow\"\u003eIt’s 1998 and you are Sun Microsystems...\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://web.archive.org/web/20211011003830/https://www.landley.net/history/mirror/unix/srcos.html\" rel=\"nofollow\"\u003eReply link that\u0026#39;s down\u003c/a\u003e\n\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210830113413\" rel=\"nofollow\"\u003eRSA/SHA1 signature type disabled by default in OpenSSH\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/426/feedback/Dan%20-%20IPFS.md\" rel=\"nofollow\"\u003eDan - IPFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/426/feedback/Jack%20-%20IPFS.md\" rel=\"nofollow\"\u003eJack - IPFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/426/feedback/Johnny%20-%20AdvanceBSD.md\" rel=\"nofollow\"\u003eJohnny - AdvanceBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"A Good Time to Use OpenZFS Slog, OpenBSD 7.0 is out, OpenBSD and Wayland, UVM faults yield significant performance boost, and more.","date_published":"2021-10-28T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8a560bbe-5ee6-4ac7-96a4-2b2ec958f138.mp3","mime_type":"audio/mpeg","size_in_bytes":35371176,"duration_in_seconds":3552}]},{"id":"af8c08aa-71ac-4c87-8145-6a672a9d7e5d","title":"425: Releases galore","url":"https://www.bsdnow.tv/425","content_text":"The New Architecture on the Block, OpenBSD on Vortex86DX CPU, lots of new releases, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nRISC-V: The New Architecture on the Block\n\n\nIf you want more RISC-V, check out JT's interview with Mark Himelstein the CTO of RISC-V International\n***\n### OpenBSD on the Vortex86DX CPU\n***\n## News Roundup aka there’s been lots of releases recently so lets go through them:\n### Lumina 1.6.1\n### opnsense 21.7.3\n### LibreSSL patches\n### OpenBGPD 7.2\n### Midnight BSD 2.1.0\n### GhostBSD 21.09 ISO\n### helloSystemv0.6\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrandon - FreeBSD question\nBruce - Fixing a weird Apache Bug\nDan - zfs question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThe New Architecture on the Block, OpenBSD on Vortex86DX CPU, lots of new releases, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/risc-v-the-new-architecture-on-the-block/\" rel=\"nofollow\"\u003eRISC-V: The New Architecture on the Block\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you want more RISC-V, check out \u003ca href=\"https://www.opensourcevoices.org/20\" rel=\"nofollow\"\u003eJT\u0026#39;s interview with Mark Himelstein the CTO of RISC-V International\u003c/a\u003e\n***\n### \u003ca href=\"https://www.cambus.net/openbsd-on-the-vortex86dx-cpu/\" rel=\"nofollow\"\u003eOpenBSD on the Vortex86DX CPU\u003c/a\u003e\n***\n## News Roundup aka there’s been lots of releases recently so lets go through them:\n### \u003ca href=\"http://lumina-desktop.org/post/2021-10-05/\" rel=\"nofollow\"\u003eLumina 1.6.1\u003c/a\u003e\n### \u003ca href=\"https://opnsense.org/opnsense-21-7-3-released/\" rel=\"nofollow\"\u003eopnsense 21.7.3\u003c/a\u003e\n### \u003ca href=\"https://bsdsec.net/articles/openbsd-errata-september-27-2021-libressl\" rel=\"nofollow\"\u003eLibreSSL patches\u003c/a\u003e\n### \u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=163239274430211\u0026w=2\" rel=\"nofollow\"\u003eOpenBGPD 7.2\u003c/a\u003e\n### \u003ca href=\"https://www.midnightbsd.org/notes/\" rel=\"nofollow\"\u003eMidnight BSD 2.1.0\u003c/a\u003e\n### \u003ca href=\"http://ghostbsd.org/ghostbsd_21.09.29_iso_now_available\" rel=\"nofollow\"\u003eGhostBSD 21.09 ISO\u003c/a\u003e\n### \u003ca href=\"https://github.com/helloSystem/ISO/releases/tag/r0.6.0\" rel=\"nofollow\"\u003ehelloSystemv0.6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/425/feedback/Brandon%20-%20FreeBSD%20question.md\" rel=\"nofollow\"\u003eBrandon - FreeBSD question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/425/feedback/Bruce%20-%20Fixing%20a%20weird%20Apache%20Bug.md\" rel=\"nofollow\"\u003eBruce - Fixing a weird Apache Bug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/425/feedback/Dan%20-%20zfs%20question.md\" rel=\"nofollow\"\u003eDan - zfs question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The New Architecture on the Block, OpenBSD on Vortex86DX CPU, lots of new releases, and more.","date_published":"2021-10-21T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/af8c08aa-71ac-4c87-8145-6a672a9d7e5d.mp3","mime_type":"audio/mpeg","size_in_bytes":25604952,"duration_in_seconds":2517}]},{"id":"6f778bcb-d4a7-469d-9ec2-8fed7fbe93a1","title":"424: Unveiling OpenBSD’s pledge","url":"https://www.bsdnow.tv/424","content_text":"J language working on OpenBSD, Comparing FreeBSD GELI and OpenZFS encrypted pools, What is FreeBSD, actually?, OpenBSD's pledge and unveil from Python, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nI got the J language working on OpenBSD\n\n\n\nRubenerd: Comparing FreeBSD GELI and OpenZFS encrypted pools with keys\n\n\n\nNews Roundup\n\nWhat is FreeBSD, actually? Think again.\n\n\n\nOpenBSD's pledge and unveil from Python\n\n\n\nBeastie Bits\n\n• [Hibernate time reduced](http://undeadly.org/cgi?action=article;sid=20210831050932)\n• [(open)rsync gains include/exclude support](http://undeadly.org/cgi?action=article;sid=20210830081715)\n• [Producer JT's latest ancient find that he needs help with](https://twitter.com/q5sys/status/1440105555754848257)\n• [Doas comes to MidnightBSD](https://github.com/slicer69/doas)\n• [FreeBSD SSH Hardening](https://gist.github.com/koobs/e01cf8869484a095605404cd0051eb11)\n• [OpenBSD 6.8 and you](https://home.nuug.no/~peter/openbsd_and_you/#1)\n• [By default, scp(1) now uses SFTP protocol](https://undeadly.org/cgi?action=article;sid=20210910074941)\n• [FreeBSD 11.4 end-of-life](https://lists.freebsd.org/pipermail/freebsd-announce/2021-September/002060.html)\n• [sched_ule(4): Improve long-term load balancer](https://cgit.freebsd.org/src/commit/?id=e745d729be60a47b49eb19c02a6864a747fb2744)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eJ language working on OpenBSD, Comparing FreeBSD GELI and OpenZFS encrypted pools, What is FreeBSD, actually?, OpenBSD\u0026#39;s pledge and unveil from Python, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://briancallahan.net/blog/20210911.html\" rel=\"nofollow\"\u003eI got the J language working on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/my-first-prod-encrypted-openzfs-pool/\" rel=\"nofollow\"\u003eRubenerd: Comparing FreeBSD GELI and OpenZFS encrypted pools with keys\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@probonopd/what-is-freebsd-actually-think-again-200c2752d026\" rel=\"nofollow\"\u003eWhat is FreeBSD, actually? Think again.\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nullprogram.com/blog/2021/09/15/\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s pledge and unveil from Python\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Hibernate time reduced](http://undeadly.org/cgi?action=article;sid=20210831050932)\n• [(open)rsync gains include/exclude support](http://undeadly.org/cgi?action=article;sid=20210830081715)\n• [Producer JT\u0026#39;s latest ancient find that he needs help with](https://twitter.com/q5sys/status/1440105555754848257)\n• [Doas comes to MidnightBSD](https://github.com/slicer69/doas)\n• [FreeBSD SSH Hardening](https://gist.github.com/koobs/e01cf8869484a095605404cd0051eb11)\n• [OpenBSD 6.8 and you](https://home.nuug.no/~peter/openbsd_and_you/#1)\n• [By default, scp(1) now uses SFTP protocol](https://undeadly.org/cgi?action=article;sid=20210910074941)\n• [FreeBSD 11.4 end-of-life](https://lists.freebsd.org/pipermail/freebsd-announce/2021-September/002060.html)\n• [sched_ule(4): Improve long-term load balancer](https://cgit.freebsd.org/src/commit/?id=e745d729be60a47b49eb19c02a6864a747fb2744)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"J language working on OpenBSD, Comparing FreeBSD GELI and OpenZFS encrypted pools, What is FreeBSD, actually?, OpenBSD's pledge and unveil from Python, and more.","date_published":"2021-10-14T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6f778bcb-d4a7-469d-9ec2-8fed7fbe93a1.mp3","mime_type":"audio/mpeg","size_in_bytes":30778248,"duration_in_seconds":2981}]},{"id":"4773f65c-58e5-4661-8a0e-cd636e3a9997","title":"423: RACK the Stack ","url":"https://www.bsdnow.tv/423","content_text":"FreeBSD serves Netflix Video at 400Gb/s, Using the RACK TCP stack, an OpenBSD script to update packages fast, Plasma System Monitor and FreeBSD, TrueNAS vs FreeNAS (and why you should upgrade!), auto lock screen on OpenBSD using xidle and xlock, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nServing Netflix Video at 400Gb/s on FreeBSD\n\n\n\nUsing the FreeBSD RACK TCP Stack\n\n\n\nNews Roundup\n\npkgupdate, an OpenBSD script to update packages fast\n\n\n\nPlasma System Monitor and FreeBSD\n\n\n\nTrueNAS vs FreeNAS (and why you should upgrade!)\n\n\n\nAutomatically lock screen on OpenBSD using xidle and xlock\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBen - LightDM with Slick-Greeter.md\nDave - Cloned Interface.md\nMJ Rodriguez - Sony.md\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD serves Netflix Video at 400Gb/s, Using the RACK TCP stack, an OpenBSD script to update packages fast, Plasma System Monitor and FreeBSD, TrueNAS vs FreeNAS (and why you should upgrade!), auto lock screen on OpenBSD using xidle and xlock, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://people.freebsd.org/%7Egallatin/talks/euro2021.pdf\" rel=\"nofollow\"\u003eServing Netflix Video at 400Gb/s on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/using-the-freebsd-rack-tcp-stack/\" rel=\"nofollow\"\u003eUsing the FreeBSD RACK TCP Stack\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-08-15-openbsd-pkgupdate.html\" rel=\"nofollow\"\u003epkgupdate, an OpenBSD script to update packages fast\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl//kde/2021/09/15/systemmonitor.html\" rel=\"nofollow\"\u003ePlasma System Monitor and FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-vs-freenas-and-why-you-should-upgrade/\" rel=\"nofollow\"\u003eTrueNAS vs FreeNAS (and why you should upgrade!)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-07-30-openbsd-xidle-xlock.html\" rel=\"nofollow\"\u003eAutomatically lock screen on OpenBSD using xidle and xlock\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/423/feedback/Ben%20-%20LightDM%20with%20Slick-Greeter.md\" rel=\"nofollow\"\u003eBen - LightDM with Slick-Greeter.md\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/423/feedback/Dave%20-%20Cloned%20Interface.md\" rel=\"nofollow\"\u003eDave - Cloned Interface.md\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/423/feedback/MJ%20Rodriguez%20-%20Sony.md\" rel=\"nofollow\"\u003eMJ Rodriguez - Sony.md\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD serves Netflix Video at 400Gb/s, Using the RACK TCP stack, an OpenBSD script to update packages fast, Plasma System Monitor and FreeBSD, TrueNAS vs FreeNAS (and why you should upgrade!), auto lock screen on OpenBSD using xidle and xlock, and more","date_published":"2021-10-07T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4773f65c-58e5-4661-8a0e-cd636e3a9997.mp3","mime_type":"audio/mpeg","size_in_bytes":32212584,"duration_in_seconds":3090}]},{"id":"4ca5efbc-d83b-41a2-981c-42c4dacefb05","title":"422: The Brian Callahan Interview","url":"https://www.bsdnow.tv/422","content_text":"We interview Dr. Brian Callahan about his language porting work for OpenBSD, teaching with BSDs and recruiting students into projects, research, and his work at NYC*BUG in this week’s episode of BSDnow.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nInterview - Dr. Brian Robert Callahan - https://briancallahan.net/ / bcallah@bsdnetwork\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Brian Callahan.","content_html":"\u003cp\u003eWe interview Dr. Brian Callahan about his language porting work for OpenBSD, teaching with BSDs and recruiting students into projects, research, and his work at NYC*BUG in this week’s episode of BSDnow.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview - Dr. Brian Robert Callahan - \u003ca href=\"https://briancallahan.net/\" rel=\"nofollow\"\u003ehttps://briancallahan.net/\u003c/a\u003e / \u003ca href=\"https://mastodon.com/bcallah@bsdnetwork\" rel=\"nofollow\"\u003ebcallah@bsdnetwork\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Brian Callahan.\u003c/p\u003e","summary":"We interview Dr. Brian Callahan about his language porting work for OpenBSD, teaching with BSDs and recruiting students into projects, research, and his work at NYC*BUG in this week’s episode of BSDnow.","date_published":"2021-09-30T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4ca5efbc-d83b-41a2-981c-42c4dacefb05.mp3","mime_type":"audio/mpeg","size_in_bytes":30162984,"duration_in_seconds":2999}]},{"id":"626e101a-a6c2-43ce-ad87-018474d78971","title":"421: ZFS eats CPU","url":"https://www.bsdnow.tv/421","content_text":"Useless use of GNU, Meet the 2021 FreeBSD GSoC Students, historical note on Unix portability, vm86-based venix emulator, ZFS Mysteriously Eating CPU, traceroute gets speed boost, and more \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nUseless use of GNU\n\n\n\nMeet the 2021 FreeBSD Google Summer of Code Students\n\n\n\nNews Roundup\n\nLarge Unix programs were historically not all that portable between Unixes\n\n\nReferences this article: I’m not sure that UNIX won\n***\n### A new path: vm86-based venix emulator\n***\n### ZFS Is Mysteriously Eating My CPU\n***\n### traceroute(8) gets speed boost\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAl - TransAtlantic Cables\nChristopher - NVMe\nJohnnyK - Vivaldi\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eUseless use of GNU, Meet the 2021 FreeBSD GSoC Students, historical note on Unix portability, vm86-based venix emulator, ZFS Mysteriously Eating CPU, traceroute gets speed boost, and more \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2021/08/useless-use-of-gnu.html\" rel=\"nofollow\"\u003eUseless use of GNU\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/meet-the-2021-freebsd-google-summer-of-code-students/\" rel=\"nofollow\"\u003eMeet the 2021 FreeBSD Google Summer of Code Students\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ProgramsVsPortability\" rel=\"nofollow\"\u003eLarge Unix programs were historically not all that portable between Unixes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eReferences this article: \u003ca href=\"https://rubenerd.com/im-not-sure-that-unix-won/\" rel=\"nofollow\"\u003eI’m not sure that UNIX won\u003c/a\u003e\n***\n### \u003ca href=\"http://bsdimp.blogspot.com/2021/08/a-new-path-vm86-based-venix-emulator.html\" rel=\"nofollow\"\u003eA new path: vm86-based venix emulator\u003c/a\u003e\n***\n### \u003ca href=\"http://www.brendangregg.com/blog/2021-09-06/zfs-is-mysteriously-eating-my-cpu.html\" rel=\"nofollow\"\u003eZFS Is Mysteriously Eating My CPU\u003c/a\u003e\n***\n### \u003ca href=\"http://undeadly.org/cgi?action=article;sid=20210903094704\" rel=\"nofollow\"\u003etraceroute(8) gets speed boost\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/421/feedback/Al%20-%20TransAtlantic%20Cables.md\" rel=\"nofollow\"\u003eAl - TransAtlantic Cables\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/421/feedback/Christopher%20-%20NVMe.md\" rel=\"nofollow\"\u003eChristopher - NVMe\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/421/feedback/JohnnyK%2-%20Vivaldi.md\" rel=\"nofollow\"\u003eJohnnyK - Vivaldi\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Useless use of GNU, Meet the 2021 FreeBSD GSoC Students, historical note on Unix portability, vm86-based venix emulator, ZFS Mysteriously Eating CPU, traceroute gets speed boost, and more ","date_published":"2021-09-23T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/626e101a-a6c2-43ce-ad87-018474d78971.mp3","mime_type":"audio/mpeg","size_in_bytes":32360040,"duration_in_seconds":3042}]},{"id":"8b8bd7d2-7ac2-4c6b-a33f-fcc39e355be5","title":"420: OpenBSD makes life better","url":"https://www.bsdnow.tv/420","content_text":"Choosing The Right ZFS Pool Layout, changes in OpenBSD that make life better, GhostBSD 21.09.06 ISO's now available, Fair Internet bandwidth management with OpenBSD, NetBSD wifi router project update, NetBSD on the Apple M1, HardenedBSD August Status Report, FreeBSD Journal on Wireless and Desktop, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nChoosing The Right ZFS Pool Layout\n\n\n\nRecent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too)\n\n\n\nNews Roundup\n\nGhostBSD 21.09.06 ISO's now available\n\n\n\nFair Internet bandwidth management on a network using OpenBSD\n\n\n\nNetBSD wifi router project update\n\n\nBonus NetBSD Recent Developments: NetBSD on the Apple M1\n***\n### HardenedBSD August 2021 Status Report\n### FreeBSD Journal July/August 2021: Desktop/Wireless\n***\n### Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nJames - backup question\nJonathon - certifications\nMarty - RPG CLI\n*** \nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eChoosing The Right ZFS Pool Layout, changes in OpenBSD that make life better, GhostBSD 21.09.06 ISO\u0026#39;s now available, Fair Internet bandwidth management with OpenBSD, NetBSD wifi router project update, NetBSD on the Apple M1, HardenedBSD August Status Report, FreeBSD Journal on Wireless and Desktop, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/choosing-the-right-zfs-pool-layout/\" rel=\"nofollow\"\u003eChoosing The Right ZFS Pool Layout\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdly.blogspot.com/2021/08/recent-and-not-so-recent-changes-in.html\" rel=\"nofollow\"\u003eRecent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ghostbsd.org/ghostbsd_21.09.06_iso_now_available\" rel=\"nofollow\"\u003eGhostBSD 21.09.06 ISO\u0026#39;s now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-08-30-openbsd-qos-lan.html\" rel=\"nofollow\"\u003eFair Internet bandwidth management on a network using OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/wifi_project_status_update\" rel=\"nofollow\"\u003eNetBSD wifi router project update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBonus NetBSD Recent Developments: \u003ca href=\"https://mobile.twitter.com/jmcwhatever/status/1431575270436319235\" rel=\"nofollow\"\u003eNetBSD on the Apple M1\u003c/a\u003e\n***\n### \u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2021-08-31/hardenedbsd-august-2021-status-report\" rel=\"nofollow\"\u003eHardenedBSD August 2021 Status Report\u003c/a\u003e\n### \u003ca href=\"https://freebsdfoundation.org/past-issues/desktop-wireless/\" rel=\"nofollow\"\u003eFreeBSD Journal July/August 2021: Desktop/Wireless\u003c/a\u003e\n***\n### Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/420/feedback/James%20-%20backup%20question.md\" rel=\"nofollow\"\u003eJames - backup question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/420/feedback/Jonathon%20-%20certifications.md\" rel=\"nofollow\"\u003eJonathon - certifications\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/420/feedback/Marty%20-%20RPG%20CLI.md\" rel=\"nofollow\"\u003eMarty - RPG CLI\u003c/a\u003e\n*** \u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Choosing The Right ZFS Pool Layout, changes in OpenBSD that make life better, GhostBSD 21.09.06 ISO's now available, Fair Internet bandwidth management with OpenBSD, NetBSD wifi router project update, NetBSD on the Apple M1, HardenedBSD August Status Report, FreeBSD Journal on Wireless and Desktop, and more.\r\n","date_published":"2021-09-16T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8b8bd7d2-7ac2-4c6b-a33f-fcc39e355be5.mp3","mime_type":"audio/mpeg","size_in_bytes":32538960,"duration_in_seconds":2958}]},{"id":"4fb1ef2f-3915-403b-9687-47451b3339a9","title":"419: Rethinking OS installs","url":"https://www.bsdnow.tv/419","content_text":"Reviewing a first OpenBSD port, NetBSD 9.2 on a DEC Alpha CPU in QEMU with X11, FreeBSD Experiment Rethinks the OS Install, GhostBSD switching to FreeBSD rc.d, Irix gets LLVM, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nReviewing my first OpenBSD port, and what I'd do differently 10 years later\n\n\n\nInstall NetBSD 9.2 on a DEC Alpha CPU in QEMU with X11\n\n\n\nNews Roundup\n\nFreeBSD Experiment Rethinks the OS Install\n\n\n\nThe switch to FreeBSD rc.d is coming\n\n\n\nIrix gets LLVM\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nMiceal - a few questions\nNelson - dummynet\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eReviewing a first OpenBSD port, NetBSD 9.2 on a DEC Alpha CPU in QEMU with X11, FreeBSD Experiment Rethinks the OS Install, GhostBSD switching to FreeBSD rc.d, Irix gets LLVM, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://briancallahan.net/blog/20210802.html\" rel=\"nofollow\"\u003eReviewing my first OpenBSD port, and what I\u0026#39;d do differently 10 years later\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://raymii.org/s/articles/NetBSD_on_QEMU_Alpha.html\" rel=\"nofollow\"\u003eInstall NetBSD 9.2 on a DEC Alpha CPU in QEMU with X11\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hackaday.com/2021/08/10/freebsd-experiment-rethinks-the-os-install/\" rel=\"nofollow\"\u003eFreeBSD Experiment Rethinks the OS Install\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ghostbsd.org/rc_switch\" rel=\"nofollow\"\u003eThe switch to FreeBSD rc.d is coming\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.irixnet.org/thread-3043.html\" rel=\"nofollow\"\u003eIrix gets LLVM\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/419/feedback/Miceal%20-%20a%20few%20questions.md\" rel=\"nofollow\"\u003eMiceal - a few questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/419/feedback/Nelson%20-%20dummynet.md\" rel=\"nofollow\"\u003eNelson - dummynet\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Reviewing a first OpenBSD port, NetBSD 9.2 on a DEC Alpha CPU in QEMU with X11, FreeBSD Experiment Rethinks the OS Install, GhostBSD switching to FreeBSD rc.d, Irix gets LLVM, and more.","date_published":"2021-09-09T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4fb1ef2f-3915-403b-9687-47451b3339a9.mp3","mime_type":"audio/mpeg","size_in_bytes":33694320,"duration_in_seconds":3099}]},{"id":"5b0aa0e0-4435-47d3-841a-91793cf37806","title":"418: The greatest time in history to be a creator","url":"https://www.bsdnow.tv/418","content_text":"In this episode, we interview Michael W. Lucas about his latest book projects including Git sync murder, TLS Mastery, getting paid for creative work, writing tools and techniques, and more.\n\nNOTES\n\nInterview - Michael W. Lucas - mwl@mwl.io / @mwlauthor\n\n\nCashflow for Creators\nCharity Auction Against Human Trafficking\nThis is the rfc about what to not do.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\nSpecial Guest: Michael W Lucas.","content_html":"\u003cp\u003eIn this episode, we interview Michael W. Lucas about his latest book projects including Git sync murder, TLS Mastery, getting paid for creative work, writing tools and techniques, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview - Michael W. Lucas - \u003ca href=\"mailto:mwl@mwl.io\" rel=\"nofollow\"\u003emwl@mwl.io\u003c/a\u003e / \u003ca href=\"https://twitter.com/mwlauthor\" rel=\"nofollow\"\u003e@mwlauthor\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/nonfiction/biz-craft\" rel=\"nofollow\"\u003eCashflow for Creators\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/12526\" rel=\"nofollow\"\u003eCharity Auction Against Human Trafficking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://datatracker.ietf.org/doc/html/rfc9049\" rel=\"nofollow\"\u003eThis is the rfc about what to not do.\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSpecial Guest: Michael W Lucas.\u003c/p\u003e","summary":"In this episode, we interview Michael W. Lucas about his latest book projects including Git sync murder, TLS Mastery, getting paid for creative work, writing tools and techniques, and more.","date_published":"2021-09-02T03:45:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5b0aa0e0-4435-47d3-841a-91793cf37806.mp3","mime_type":"audio/mpeg","size_in_bytes":32985120,"duration_in_seconds":3145}]},{"id":"63b2639c-ad67-45db-9581-8053963313c2","title":"417: bhyve private cloud","url":"https://www.bsdnow.tv/417","content_text":"Achieving RPO/RTO Objectives with ZFS pt 1, FreeBSD Foundation Q2 report, OpenBSD full Tor setup, MyBee - bhyve as private cloud, FreeBSD home fileserver expansion, OpenBSD on Framework Laptop, portable GELI, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nAchieving RPO/RTO Objectives with ZFS - Part 1\n\n\n\nFreeBSD Foundation Q2 Report\n\n\n\nOpenBSD full Tor setup\n\n\n\nNews Roundup\n\nMyBee — FreeBSD OS and hypervisor bhyve as private cloud\n\n\n\nExpanding our FreeBSD home file server\n\n\n\nOpenBSD on the Framework Laptop\n\n\n\nPortable GELI\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nChunky_pie - zfs question\nPaul - several questions\nchris - firewall question\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eAchieving RPO/RTO Objectives with ZFS pt 1, FreeBSD Foundation Q2 report, OpenBSD full Tor setup, MyBee - bhyve as private cloud, FreeBSD home fileserver expansion, OpenBSD on Framework Laptop, portable GELI, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/achieving-rpo-rto-objectives-with-zfs-part-1/\" rel=\"nofollow\"\u003eAchieving RPO/RTO Objectives with ZFS - Part 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/freebsd-foundation-q2-2021-status-update/\" rel=\"nofollow\"\u003eFreeBSD Foundation Q2 Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-07-25-openbsd-full-tor.html\" rel=\"nofollow\"\u003eOpenBSD full Tor setup\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://habr.com/en/post/569226/\" rel=\"nofollow\"\u003eMyBee — FreeBSD OS and hypervisor bhyve as private cloud\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/expanding-our-freebsd-home-file-server/\" rel=\"nofollow\"\u003eExpanding our FreeBSD home file server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2021/08/06/framework\" rel=\"nofollow\"\u003eOpenBSD on the Framework Laptop\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bijanebrahimi.github.io/blog/portable-geli.html\" rel=\"nofollow\"\u003ePortable GELI\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Chunky_pie%20-%20zfs%20question.md\" rel=\"nofollow\"\u003eChunky_pie - zfs question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Paul%20-%20several%20questions.md\" rel=\"nofollow\"\u003ePaul - several questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/chris%20-%20firewall%20question.md\" rel=\"nofollow\"\u003echris - firewall question\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Achieving RPO/RTO Objectives with ZFS pt 1, FreeBSD Foundation Q2 report, OpenBSD full Tor setup, MyBee - bhyve as private cloud, FreeBSD home fileserver expansion, OpenBSD on Framework Laptop, portable GELI, and more.","date_published":"2021-08-26T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/63b2639c-ad67-45db-9581-8053963313c2.mp3","mime_type":"audio/mpeg","size_in_bytes":34928712,"duration_in_seconds":3438}]},{"id":"c6beac7b-f1bf-40bf-aaeb-a25eed202b81","title":"416: netcat printing","url":"https://www.bsdnow.tv/416","content_text":"OpenZFS snapshots, OpenSUSE on Bastille, printing with netcat, new opnsense 21.1.8 released, new pfsense plus software available, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nLets talk OpenZFS snapshots\n\n\n\nOpenSUSE in Bastille\n\n\n\nNews Roundup\n\nCUPS printing with netcat\n\n\n\nOpnsense-21.1.8\n\n\n\npfSense® Plus Software Version 21.05.1 is Now Available\n\n\n\nBeastie Bits\n\n• [MAC Inspired FreeBSD release](https://github.com/mszoek/airyx)\n• [Implement unprivileged chroot](https://cgit.freebsd.org/src/commit/?id=a40cf4175c90142442d0c6515f6c83956336699b)\n• [InitWare: A systemd fork that runs on BSD](https://github.com/InitWare/InitWare)\n• [multics gets a new release](https://multics-wiki.swenson.org/index.php/Main_Page)\n• [Open Source Voices interview with Tom Jones](https://www.opensourcevoices.org/17)\n• [PDP 11/03 Engineering Drawings](https://twitter.com/q5sys/status/1423092689084551171)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nOliver - zfs\nanders - vms\njeff - byhve guests\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenZFS snapshots, OpenSUSE on Bastille, printing with netcat, new opnsense 21.1.8 released, new pfsense plus software available, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/lets-talk-openzfs-snapshots/\" rel=\"nofollow\"\u003eLets talk OpenZFS snapshots\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://peter.czanik.hu/posts/opensuse_in_bastille/\" rel=\"nofollow\"\u003eOpenSUSE in Bastille\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://retrohacker.substack.com/p/bye-cups-printing-with-netcat\" rel=\"nofollow\"\u003eCUPS printing with netcat\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-21-1-8-released/\" rel=\"nofollow\"\u003eOpnsense-21.1.8\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netgate.com/blog/pfsense-plus-software-version-21.05.1-is-now-available-for-upgrades\" rel=\"nofollow\"\u003epfSense® Plus Software Version 21.05.1 is Now Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [MAC Inspired FreeBSD release](https://github.com/mszoek/airyx)\n• [Implement unprivileged chroot](https://cgit.freebsd.org/src/commit/?id=a40cf4175c90142442d0c6515f6c83956336699b)\n• [InitWare: A systemd fork that runs on BSD](https://github.com/InitWare/InitWare)\n• [multics gets a new release](https://multics-wiki.swenson.org/index.php/Main_Page)\n• [Open Source Voices interview with Tom Jones](https://www.opensourcevoices.org/17)\n• [PDP 11/03 Engineering Drawings](https://twitter.com/q5sys/status/1423092689084551171)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/416/feedback/Olvier%20-%20zfs.md\" rel=\"nofollow\"\u003eOliver - zfs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/416/feedback/anders%20-%20vms.md\" rel=\"nofollow\"\u003eanders - vms\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/416/feedback/jeff%20-%20byhve%20guests.md\" rel=\"nofollow\"\u003ejeff - byhve guests\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenZFS snapshots, OpenSUSE on Bastille, printing with netcat, new opnsense 21.1.8 released, new pfsense plus software available, and more.","date_published":"2021-08-19T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c6beac7b-f1bf-40bf-aaeb-a25eed202b81.mp3","mime_type":"audio/mpeg","size_in_bytes":33333456,"duration_in_seconds":3194}]},{"id":"272363c1-3756-4e81-91c6-a373b2104cc6","title":"415: Wrong OS Switch","url":"https://www.bsdnow.tv/415","content_text":"Wrong Way to Switch Server OS, Net/1 and Net/2 – A Path to Freedom, Permissions Two Mistakes, OpenBSD progress in supporting riscv64 platform, I2P intro, git sync murder is out, GhostBSD init system poll, and more  \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nThe Wrong Way to Switch Operating Systems on Your Server\n\n\n\nHistory of FreeBSD Part 5: Net/1 and Net/2 – A Path to Freedom\n\n\n\nNews Roundup\n\nPermissions Two Mistakes\n\n\n\nProgress in support for the riscv64 platform\n\n\n\nI2P Intro\n\n\n\n“$ git sync murder” is out, so: how many books have I written?\n\n\n\nWhat init system would you prefer to use under GhostBSD?\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - Replication\nBenedict writes after the show was over: The tool is called https://github.com/allanjude/zxfer\nTom tweeted right after recording stopped: \nhttps://twitter.com/adventureloop/status/1420478529238622210\nCaleb - Pronunciation of Gemini\nDan - Writeup about a DO FreeBSD Droplet\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWrong Way to Switch Server OS, Net/1 and Net/2 – A Path to Freedom, Permissions Two Mistakes, OpenBSD progress in supporting riscv64 platform, I2P intro, git sync murder is out, GhostBSD init system poll, and more  \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://figbert.com/posts/wrong-way-to-switch-server-os/\" rel=\"nofollow\"\u003eThe Wrong Way to Switch Operating Systems on Your Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/history-of-freebsd-net-1-and-net-2-a-path-to-freedom/\" rel=\"nofollow\"\u003eHistory of FreeBSD Part 5: Net/1 and Net/2 – A Path to Freedom\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/PermissionsTwoMistakes\" rel=\"nofollow\"\u003ePermissions Two Mistakes\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210619161607\" rel=\"nofollow\"\u003eProgress in support for the riscv64 platform\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-06-20-i2p-intro.html\" rel=\"nofollow\"\u003eI2P Intro\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/12105\" rel=\"nofollow\"\u003e“$ git sync murder” is out, so: how many books have I written?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ghostbsd.org/what_init_system_pool\" rel=\"nofollow\"\u003eWhat init system would you prefer to use under GhostBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/415/feedback/Brad%20-%20Replication.md\" rel=\"nofollow\"\u003eBrad - Replication\u003c/a\u003e\nBenedict writes after the show was over: The tool is called \u003ca href=\"https://github.com/allanjude/zxfer\" rel=\"nofollow\"\u003ehttps://github.com/allanjude/zxfer\u003c/a\u003e\nTom tweeted right after recording stopped: \n\u003ca href=\"https://twitter.com/adventureloop/status/1420478529238622210\" rel=\"nofollow\"\u003ehttps://twitter.com/adventureloop/status/1420478529238622210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/415/feedback/Caleb%20-%20Pronounciation%20of%20Gemini.md\" rel=\"nofollow\"\u003eCaleb - Pronunciation of Gemini\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/415/feedback/Dan%20-%20Writeup%20about%20a%20DO%20FreeBSD%20Droplet.md\" rel=\"nofollow\"\u003eDan - Writeup about a DO FreeBSD Droplet\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"","date_published":"2021-08-12T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/272363c1-3756-4e81-91c6-a373b2104cc6.mp3","mime_type":"audio/mpeg","size_in_bytes":33829368,"duration_in_seconds":3257}]},{"id":"8ff1080d-5b31-430b-91ae-f2d5431bb1cb","title":"414: Running online conferences","url":"https://www.bsdnow.tv/414","content_text":"OpenZFS 2.1 is out, FreeBSD TCP Performance System Controls, IPFS OpenBSD, tips for running an online conference, fanless OpenBSD laptop, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nOpenZFS 2.1 is out\n\n\n\nFreeBSD TCP Performance System Controls\n\n\n\nNews Roundup\n\nIPFS OpenBSD\n\n\n\nTips for running an online conference\n\n\n\nMy Fanless OpenBSD Desktop\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBruce - Upgrading\nChris - SMB Followup\ndmilith - kTLS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenZFS 2.1 is out, FreeBSD TCP Performance System Controls, IPFS OpenBSD, tips for running an online conference, fanless OpenBSD laptop, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arstechnica.com/gadgets/2021/07/a-deep-dive-into-openzfs-2-1s-new-distributed-raid-topology/\" rel=\"nofollow\"\u003eOpenZFS 2.1 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-tcp-performance-system-controls/\" rel=\"nofollow\"\u003eFreeBSD TCP Performance System Controls\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-04-17-ipfs-openbsd.html\" rel=\"nofollow\"\u003eIPFS OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2021/07/23/tips-for-running-an-online-conference/\" rel=\"nofollow\"\u003eTips for running an online conference\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2021/07/19/desktop\" rel=\"nofollow\"\u003eMy Fanless OpenBSD Desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/414/feedback/Bruce%20-%20Upgrading.md\" rel=\"nofollow\"\u003eBruce - Upgrading\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/414/feedback/Chris%20-%20SMB%20Followup.md\" rel=\"nofollow\"\u003eChris - SMB Followup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/414/feedback/dmilith%20-%20kTLS.md\" rel=\"nofollow\"\u003edmilith - kTLS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenZFS 2.1 is out, FreeBSD TCP Performance System Controls, IPFS OpenBSD, tips for running an online conference, fanless OpenBSD laptop, and more.","date_published":"2021-08-05T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8ff1080d-5b31-430b-91ae-f2d5431bb1cb.mp3","mime_type":"audio/mpeg","size_in_bytes":41045544,"duration_in_seconds":3791}]},{"id":"e54035b9-3b93-4966-b35f-d6bf7ac2c51c","title":"413: BSD/Linux Chimera","url":"https://www.bsdnow.tv/413","content_text":"Updating GCC GNAT (Ada) in pkgsrc/NetBSD, AdvanceBSD thoughts 2/2, FreeBSD from a NetBSD user’s perspective, FPGA programming and DragonFly, Chimera Linux, EuroBSDcon 2021, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nUpdating GCC GNAT (Ada) in pkgsrc/NetBSD\n\n\n\nAdvance!BSD – thoughts on a not-for-profit project to support *BSD (2/2)\n\n\n\nNews Roundup\n\nFreeBSD from a NetBSD user’s perspective\n\n\n\nFPGA programming and DragonFly\n\n\n\nChimera Linux - A Linux distribution based on FreeBSD userland and LLVM\n\n\n\nEuroBSDcon 2021\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nCharlie - several questions\nDan - kernel driver or module question\nJames - Apple M1\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eUpdating GCC GNAT (Ada) in pkgsrc/NetBSD, AdvanceBSD thoughts 2/2, FreeBSD from a NetBSD user’s perspective, FPGA programming and DragonFly, Chimera Linux, EuroBSDcon 2021, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.irvise.xyz/Projects%20\u0026%20Engineering/updating-gcc-ada-pkgsrc.html\" rel=\"nofollow\"\u003eUpdating GCC GNAT (Ada) in pkgsrc/NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2021/06/20/advancebsd-thoughts-on-a-not-for-profit-project-to-support-bsd-2-2/\" rel=\"nofollow\"\u003eAdvance!BSD – thoughts on a not-for-profit project to support *BSD (2/2)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://washbear.neocities.org/freebsd-netbsd-user.html\" rel=\"nofollow\"\u003eFreeBSD from a NetBSD user’s perspective\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mastodon.sdf.org/@yrabbit/106497663837700420\" rel=\"nofollow\"\u003eFPGA programming and DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://chimera-linux.org/\" rel=\"nofollow\"\u003eChimera Linux - A Linux distribution based on FreeBSD userland and LLVM\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2021.eurobsdcon.org/about/program/\" rel=\"nofollow\"\u003eEuroBSDcon 2021\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/413/feedback/Charlie%20-%20several%20questions.md\" rel=\"nofollow\"\u003eCharlie - several questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/413/feedback/Dan%20-%20kernel%20driver%20or%20module%20question.md\" rel=\"nofollow\"\u003eDan - kernel driver or module question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/413/feedback/James%20-%20Apple%20M1.md\" rel=\"nofollow\"\u003eJames - Apple M1\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Updating GCC GNAT (Ada) in pkgsrc/NetBSD, AdvanceBSD thoughts 2/2, FreeBSD from a NetBSD user’s perspective, FPGA programming and DragonFly, Chimera Linux, EuroBSDcon 2021, and more.","date_published":"2021-07-29T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e54035b9-3b93-4966-b35f-d6bf7ac2c51c.mp3","mime_type":"audio/mpeg","size_in_bytes":29515944,"duration_in_seconds":2781}]},{"id":"f3fe3f12-5ca4-4339-b8e6-b5ca17f067d9","title":"412: Command-line secrets","url":"https://www.bsdnow.tv/412","content_text":"FreeBSD Performance Observability, Advance!BSD thoughts 1/2, Lumina Desktop Maintainership Change, How to Handle Secrets on the Command Line, Like NetBSD DragonFlyBSD Now Has \"COVID\", and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD Performance Observability\n\n\n\nAdvance!BSD – thoughts on a not-for-profit project to support *BSD (1/2)\n\n\n\nNews Roundup\n\nMaintainership Change :: Lumina Desktop Environment\n\nStudy the past if you would define the Future\n\n\n\nHow to Handle Secrets on the Command Line\n\n\n\nFollowing NetBSD, DragonFlyBSD Now Has \"COVID\"\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nJim - freebsd kde\nmichal - zfs question\ntim - lumina and snapshots\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Performance Observability, Advance!BSD thoughts 1/2, Lumina Desktop Maintainership Change, How to Handle Secrets on the Command Line, Like NetBSD DragonFlyBSD Now Has \u0026quot;COVID\u0026quot;, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-performance-observability/\" rel=\"nofollow\"\u003eFreeBSD Performance Observability\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2021/06/20/advancebsd-thoughts-on-a-not-for-profit-project-to-support-bsd-1-2/\" rel=\"nofollow\"\u003eAdvance!BSD – thoughts on a not-for-profit project to support *BSD (1/2)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/post/2021-06-23/\" rel=\"nofollow\"\u003eMaintainership Change :: Lumina Desktop Environment\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/post/2021-07-01/\" rel=\"nofollow\"\u003eStudy the past if you would define the Future\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://smallstep.com/blog/command-line-secrets/\" rel=\"nofollow\"\u003eHow to Handle Secrets on the Command Line\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=DragonFlyBSD-COVID\" rel=\"nofollow\"\u003eFollowing NetBSD, DragonFlyBSD Now Has \u0026quot;COVID\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/412/feedback/Jim%20-%20freebsd%20kde.md\" rel=\"nofollow\"\u003eJim - freebsd kde\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/412/feedback/michal%20-%20zfs%20question.md\" rel=\"nofollow\"\u003emichal - zfs question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/412/feedback/tim%20-%20lumina%20and%20snapshots.md\" rel=\"nofollow\"\u003etim - lumina and snapshots\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Performance Observability, Advance!BSD thoughts 1/2, Lumina Desktop Maintainership Change, How to Handle Secrets on the Command Line, Like NetBSD DragonFlyBSD Now Has \"COVID\", and more.","date_published":"2021-07-22T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f3fe3f12-5ca4-4339-b8e6-b5ca17f067d9.mp3","mime_type":"audio/mpeg","size_in_bytes":31518216,"duration_in_seconds":3046}]},{"id":"fbef1ff0-004b-4e2f-ba8a-60da4d3d818f","title":"411: FreeBSD Deep Dive","url":"https://www.bsdnow.tv/411","content_text":"Unix System Architecture Evolution, Deep Dive into FreeBSD’s Strengths, how developers chose names, OPNsense 21.1.7 released, Support for chdir(2) in posix_spawn(3), vagrant-freebsd-boxbuilder, OpenBSD’s IATA airport code file, and more\n\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nThe Evolution of the Unix System Architecture\n\n• Full IEEE article: https://ieeexplore.ieee.org/document/8704965\n\n\n\n\nDeep Diving Into the Strengths of FreeBSD\n\n\n\n\n\nInteresting read on how Developers choose Names\n\n\n\nNews Roundup\n\nOPNsense 21.1.7 released\n\n\n\nSupport for chdir(2) in posix_spawn(3)\n\n\n\nvagrant-freebsd-boxbuilder\n\n\n\nOpenBSD has a file with 3-letter IATA airport codes\n\nBeastie Bits\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nlyubo - ipfw question\nmichael - a netbsd story\nsven - a dogs garage\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eUnix System Architecture Evolution, Deep Dive into FreeBSD’s Strengths, how developers chose names, OPNsense 21.1.7 released, Support for chdir(2) in posix_spawn(3), vagrant-freebsd-boxbuilder, OpenBSD’s IATA airport code file, and more\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.spinellis.gr/blog/20210618/index.html\" rel=\"nofollow\"\u003eThe Evolution of the Unix System Architecture\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• Full IEEE article: https://ieeexplore.ieee.org/document/8704965\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/deep-diving-into-the-strengths-of-freebsd/\" rel=\"nofollow\"\u003eDeep Diving Into the Strengths of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arxiv.org/abs/2103.07487\" rel=\"nofollow\"\u003eInteresting read on how Developers choose Names\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-21-1-7-released/\" rel=\"nofollow\"\u003eOPNsense 21.1.7 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/support_for_chdir_2_in\" rel=\"nofollow\"\u003eSupport for chdir(2) in posix_spawn(3)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/punktDe/vagrant-freebsd-boxbuilder\" rel=\"nofollow\"\u003evagrant-freebsd-boxbuilder\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/jpmens/status/1408825989174546434?s=28\" rel=\"nofollow\"\u003eOpenBSD has a file with 3-letter IATA airport codes\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/411/feedback/lyubo%20-%20ipfw%20question.md\" rel=\"nofollow\"\u003elyubo - ipfw question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/411/feedback/michael%20-%20a%20netbsd%20story.md\" rel=\"nofollow\"\u003emichael - a netbsd story\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/411/feedback/sven%20-%20a%20dogs%20garage.md\" rel=\"nofollow\"\u003esven - a dogs garage\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Unix System Architecture Evolution, Deep Dive into FreeBSD’s Strengths, how developers chose names, OPNsense 21.1.7 released, Support for chdir(2) in posix_spawn(3), vagrant-freebsd-boxbuilder, OpenBSD’s IATA airport code file, and more","date_published":"2021-07-15T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fbef1ff0-004b-4e2f-ba8a-60da4d3d818f.mp3","mime_type":"audio/mpeg","size_in_bytes":29125920,"duration_in_seconds":2781}]},{"id":"ca24916c-088c-4704-b7e5-617a89307013","title":"410: OpenBSD Consumer Gateway","url":"https://www.bsdnow.tv/410","content_text":"Open Source and Blogging Bubbles, Building Customized FreeBSD Images, Updating Minecraft in FreeBSD, Upgrading FreeBSD jails using mkjail, Dragonfly 6.0 Performance benchmark, OpenBSD Consumer Gateway Launch, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nThe Open-Source Software bubble that is and the blogging bubble that was\n\n\n\nBuilding Customized FreeBSD Images\n\n\n\nNews Roundup\n\nUpdating to Minecraft 1.17 in FreeBSD\n\n\n\nUpgrading a FreeBSD 12.2 jail to FreeBSD 13 using mkjail\n\n\n\nDragonFlyBSD 6.0 Is Performing Very Well Against Ubuntu Linux, FreeBSD 13.0\n\n\n\nAn OpenBSD Consumer Gateway Launch\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nCY - bearssl\nMarc - that tarsnap ad\nnycbug\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpen Source and Blogging Bubbles, Building Customized FreeBSD Images, Updating Minecraft in FreeBSD, Upgrading FreeBSD jails using mkjail, Dragonfly 6.0 Performance benchmark, OpenBSD Consumer Gateway Launch, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.baldurbjarnason.com/2021/the-oss-bubble-and-the-blogging-bubble/\" rel=\"nofollow\"\u003eThe Open-Source Software bubble that is and the blogging bubble that was\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/building-customized-freebsd-images/\" rel=\"nofollow\"\u003eBuilding Customized FreeBSD Images\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/updating-to-minecraft-1-17-in-freebsd/\" rel=\"nofollow\"\u003eUpdating to Minecraft 1.17 in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2021/05/31/upgrading-a-freebsd-12-2-jail-to-freebsd-13-using-mkjail/\" rel=\"nofollow\"\u003eUpgrading a FreeBSD 12.2 jail to FreeBSD 13 using mkjail\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026item=corei9-freebsd13-dfly6\u0026num=1\" rel=\"nofollow\"\u003eDragonFlyBSD 6.0 Is Performing Very Well Against Ubuntu Linux, FreeBSD 13.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.mail-archive.com/misc@openbsd.org/msg178573.html\" rel=\"nofollow\"\u003eAn OpenBSD Consumer Gateway Launch\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/410/feedback/CY%20-%20bearssl.md\" rel=\"nofollow\"\u003eCY - bearssl\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/410/feedback/Marc%20-%20that%20tarsnap%20ad.md\" rel=\"nofollow\"\u003eMarc - that tarsnap ad\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/410/feedback/nycbug.md\" rel=\"nofollow\"\u003enycbug\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Open Source and Blogging Bubbles, Building Customized FreeBSD Images, Updating Minecraft in FreeBSD, Upgrading FreeBSD jails using mkjail, Dragonfly 6.0 Performance benchmark, OpenBSD Consumer Gateway Launch, and more.","date_published":"2021-07-08T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ca24916c-088c-4704-b7e5-617a89307013.mp3","mime_type":"audio/mpeg","size_in_bytes":26231352,"duration_in_seconds":2514}]},{"id":"de8a3516-c307-49bf-8afc-4f880bca5739","title":"409: The Filesystem Dungeon","url":"https://www.bsdnow.tv/409","content_text":"DTrace network probes, next 50 years of shell programming, NetBSD on the Vortex86DX CPU, system CPU time in top, your filesystem as a dungeon, diving into toolchains, and more \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nDTrace Network Probes\n\n\n\nUnix Shell Programming: The Next 50 Years\n\n\n\nNews Roundup\n\nNetBSD on the Vortex86DX CPU\n\n\n\nSystem CPU time – ‘sys’ time in top\n\n\n\nrpg-cli —your filesystem as a dungeon!\n\n\n\nDiving into toolchains\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n• [Alfred - Advice](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/409/feedback/Alfred%20-%20Advice)\n• [CY - Portable Patch Util](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/409/feedback/CY%20-%20Portable%20Patch%20Util)\n• [Denis - State of ZFS Ecosystem](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/409/feedback/Denis%20-%20State%20of%20ZFS%20Ecosystem)\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eDTrace network probes, next 50 years of shell programming, NetBSD on the Vortex86DX CPU, system CPU time in top, your filesystem as a dungeon, diving into toolchains, and more \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/dtrace-network-probes/\" rel=\"nofollow\"\u003eDTrace Network Probes\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sigops.org/s/conferences/hotos/2021/papers/hotos21-s06-greenberg.pdf\" rel=\"nofollow\"\u003eUnix Shell Programming: The Next 50 Years\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/netbsd-on-the-vortex86dx-cpu/\" rel=\"nofollow\"\u003eNetBSD on the Vortex86DX CPU\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.ycrash.io/2020/11/28/system-cpu-time-sys-time-in-top/\" rel=\"nofollow\"\u003eSystem CPU time – ‘sys’ time in top\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/facundoolano/rpg-cli\" rel=\"nofollow\"\u003erpg-cli —your filesystem as a dungeon!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/diving-into-toolchains/\" rel=\"nofollow\"\u003eDiving into toolchains\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Alfred - Advice](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/409/feedback/Alfred%20-%20Advice)\n• [CY - Portable Patch Util](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/409/feedback/CY%20-%20Portable%20Patch%20Util)\n• [Denis - State of ZFS Ecosystem](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/409/feedback/Denis%20-%20State%20of%20ZFS%20Ecosystem)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"DTrace network probes, next 50 years of shell programming, NetBSD on the Vortex86DX CPU, system CPU time in top, your filesystem as a dungeon, diving into toolchains, and more","date_published":"2021-07-01T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/de8a3516-c307-49bf-8afc-4f880bca5739.mp3","mime_type":"audio/mpeg","size_in_bytes":32932752,"duration_in_seconds":3123}]},{"id":"62094053-3e0f-4996-ac35-7d3f3a62572d","title":"408: FreeBSD DevSummit 2021","url":"https://www.bsdnow.tv/408","content_text":"Report from virtual FreeBSD DevSummit 2021, another promising release by FreeBSD Based helloSystem, GearBSD, OpenBGPD release, Let’s Encrypt on OpenBSD, FreeBSD 13 on the Panasonic Let’s Note, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\n2021 FreeBSD Developer Summit\n\n\n\nhelloSystem – FreeBSD Based OS Brings another Promising Release 0.5.0\n\n\n\nNews Roundup\n\nGearBSD: a project to help automating your OpenBSD\n\n\n\nOpenBGPD 7.0 released\n\n\n\nSimple use of Let's Encrypt on OpenBSD is pleasantly straightforward (as of 6.8)\n\n\n\nFreeBSD 13 on the Panasonic Let’s Note CF-RZ6\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n• [Paul - ZFS Questions](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/408/feedback/Paul%20-%20ZFS%20Questions)\n• [Rafael - relic](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/408/feedback/Rafael%20-%20relic)\n• [matthew - sendfile and ktls](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/408/feedback/matthew%20-%20sendfile%20and%20ktls)\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eReport from virtual FreeBSD DevSummit 2021, another promising release by FreeBSD Based helloSystem, GearBSD, OpenBGPD release, Let’s Encrypt on OpenBSD, FreeBSD 13 on the Panasonic Let’s Note, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-developer-summit-2021/\" rel=\"nofollow\"\u003e2021 FreeBSD Developer Summit\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.debugpoint.com/2021/06/hellosystem-0-5-0-release/\" rel=\"nofollow\"\u003ehelloSystem – FreeBSD Based OS Brings another Promising Release 0.5.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-06-01-gearbsd.html\" rel=\"nofollow\"\u003eGearBSD: a project to help automating your OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdsec.net/articles/openbgpd-7-0-released\" rel=\"nofollow\"\u003eOpenBGPD 7.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/OpenBSDNiceLetsEncrypt\" rel=\"nofollow\"\u003eSimple use of Let\u0026#39;s Encrypt on OpenBSD is pleasantly straightforward (as of 6.8)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/freebsd-13-on-the-panasonic-cf-rz6/\" rel=\"nofollow\"\u003eFreeBSD 13 on the Panasonic Let’s Note CF-RZ6\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Paul - ZFS Questions](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/408/feedback/Paul%20-%20ZFS%20Questions)\n• [Rafael - relic](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/408/feedback/Rafael%20-%20relic)\n• [matthew - sendfile and ktls](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/408/feedback/matthew%20-%20sendfile%20and%20ktls)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Report from virtual FreeBSD DevSummit 2021, another promising release by FreeBSD Based helloSystem, GearBSD, OpenBGPD release, Let’s Encrypt on OpenBSD, FreeBSD 13 on the Panasonic Let’s Note, and more\r\n","date_published":"2021-06-24T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/62094053-3e0f-4996-ac35-7d3f3a62572d.mp3","mime_type":"audio/mpeg","size_in_bytes":37936488,"duration_in_seconds":3469}]},{"id":"ffb08bc6-ffde-4b63-bd68-9f70872557ef","title":"407: The jail Detail","url":"https://www.bsdnow.tv/407","content_text":"Confining the omnipotent root, Jails with ZFS and PF on DigitalOcean, NomadBSD 130R is out, KDE Plasma Wayland on FreeBSD, Firefox under FreeBSD with Privacy, Using NetBSD’s pkgsrc everywhere, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nJails: Confining the omnipotent root\n\n\nA dramatic reading of portions of the paper: Papers We Love: FreeBSD Jails and Solaris Zones\n***\n### \nUsing Jails with ZFS and PF on DigitalOcean\n***\n## News Roundup\n### NomadBSD 130R is out\n***\n### KDE Plasma Wayland - a week in FreeBSD\n***\n### Install Firefox under FreeBSD and Set it Up with Privacy\n***\nUsing NetBSD’s pkgsrc everywhere I can\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nMalcolm - restoring a single file\nNathan - wireless support\nbluefire - zfs special vdev\nPush to next show with Allan\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eConfining the omnipotent root, Jails with ZFS and PF on DigitalOcean, NomadBSD 130R is out, KDE Plasma Wayland on FreeBSD, Firefox under FreeBSD with Privacy, Using NetBSD’s pkgsrc everywhere, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://phk.freebsd.dk/pubs/sane2000-jail.pdf\" rel=\"nofollow\"\u003eJails: Confining the omnipotent root\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA dramatic reading of portions of the paper: \u003ca href=\"https://paperswelove.org/2016/video/bryan-cantrill-jails-and-solaris-zones/\" rel=\"nofollow\"\u003ePapers We Love: FreeBSD Jails and Solaris Zones\u003c/a\u003e\n***\n### \n\u003ca href=\"https://medium.com/chris-opperwall/using-jails-with-zfs-and-pf-on-digitalocean-b25b1da82e20\" rel=\"nofollow\"\u003eUsing Jails with ZFS and PF on DigitalOcean\u003c/a\u003e\n***\n## News Roundup\n### \u003ca href=\"https://www.itsfoss.net/nomadbsd-130r-is-now-available-to-download-based-on-freebsd-13-0/\" rel=\"nofollow\"\u003eNomadBSD 130R is out\u003c/a\u003e\n***\n### \u003ca href=\"https://euroquis.nl//kde/2021/05/09/wayland.html\" rel=\"nofollow\"\u003eKDE Plasma Wayland - a week in FreeBSD\u003c/a\u003e\n***\n### \u003ca href=\"https://danschmid.de/en/blog/install-firefox-under-freebsd-and-set-it-up-with-privacy\" rel=\"nofollow\"\u003eInstall Firefox under FreeBSD and Set it Up with Privacy\u003c/a\u003e\n***\n\u003ca href=\"https://rubenerd.com/using-netbsds-pkgsrc-everywhere-i-can/\" rel=\"nofollow\"\u003eUsing NetBSD’s pkgsrc everywhere I can\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/407/feedback/Malcolm%20-%20restoring%20a%20single%20file\" rel=\"nofollow\"\u003eMalcolm - restoring a single file\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/407/feedback/Nathan%20-%20wireless%20support\" rel=\"nofollow\"\u003eNathan - wireless support\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/407/feedback/bluefire%20-%20zfs%20special%20vdev\" rel=\"nofollow\"\u003ebluefire - zfs special vdev\u003c/a\u003e\nPush to next show with Allan\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Confining the omnipotent root, Jails with ZFS and PF on DigitalOcean, NomadBSD 130R is out, KDE Plasma Wayland on FreeBSD, Firefox under FreeBSD with Privacy, Using NetBSD’s pkgsrc everywhere, and more.","date_published":"2021-06-17T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ffb08bc6-ffde-4b63-bd68-9f70872557ef.mp3","mime_type":"audio/mpeg","size_in_bytes":27481848,"duration_in_seconds":2729}]},{"id":"e3529950-4aa4-49f7-833d-0218a912b866","title":"406: Jailed Gemini Capsule","url":"https://www.bsdnow.tv/406","content_text":"Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nGemini Capsule in a FreeBSD Jail\n\n\nWith the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.\nIn particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.\nI also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.\n\n\n\n\nFreeBSD Quarterly status report 2021Q1\n\n\n\nNews Roundup\n\nNetBSD VM on bhyve (on TrueNAS)\n\n\nMy new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.\nTrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).\n\n\n\n\nInterview with Michael Lucas *BSD, Unix, IT and other books author\n\n\nMichael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.\n+\n\n\n\npfSense – WireGuard Returns as Experimental Package\n\n\n\nCGI with Awk on OpenBSD httpd\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questionsing\n\n\nAdam - system state during upgrade\npaul - BSD grep\nsub - feedback\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eGemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ecliptik.com/Gemini-Capsule-in-a-FreeBSD-Jail/\" rel=\"nofollow\"\u003eGemini Capsule in a FreeBSD Jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.\u003cbr\u003e\nIn particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.\u003cbr\u003e\nI also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2021-May/002033.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly status report 2021Q1\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bentsukun.ch/posts/bhyve-netbsd/\" rel=\"nofollow\"\u003eNetBSD VM on bhyve (on TrueNAS)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.\u003cbr\u003e\nTrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/interview/michael-lucas-bsd-unix-it-and-other-books-author/\" rel=\"nofollow\"\u003eInterview with Michael Lucas *BSD, Unix, IT and other books author\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMichael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.\u003cbr\u003e\n+\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netgate.com/blog/pfsense-wireguard-returns-as-an-experimental-package.html\" rel=\"nofollow\"\u003epfSense – WireGuard Returns as Experimental Package\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://box.matto.nl/cgi-with-awk-on-openbsd-httpd.html\" rel=\"nofollow\"\u003eCGI with Awk on OpenBSD httpd\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questionsing\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/Adam%20-%20system%20state%20during%20upgrade\" rel=\"nofollow\"\u003eAdam - system state during upgrade\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/paul%20-%20BSD%20grep\" rel=\"nofollow\"\u003epaul - BSD grep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/sub%20-%20feedback\" rel=\"nofollow\"\u003esub - feedback\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.","date_published":"2021-06-10T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e3529950-4aa4-49f7-833d-0218a912b866.mp3","mime_type":"audio/mpeg","size_in_bytes":33123216,"duration_in_seconds":3241}]},{"id":"6773957b-a891-4528-b317-452e8e5d41fc","title":"405: OOM Killer Feature","url":"https://www.bsdnow.tv/405","content_text":"NetBSD 9.2 released, DragonFly 6.0 is out, Home Network Monitoring using Prometheus, Preventing FreeBSD to kill PostgreSQL, Customizing Emacs for Git Commit Messages, Deleting old FreeBSD boot environments, Always be quitting, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nNetBSD 9.2 Released\n\n\n\nDragonFly 6.0 is out!\n\n\nRelease Notes\n***\n### EuroBSDCon 2021 will be online\n***\n## News Roundup\n### Home Network Monitoring using Prometheus\n\u0026gt; This blog post describes my setup for monitoring various devices on my home network suh as servers, laptops/desktops, networking gear etc. The setup and configuration is squarely geared towards small/medium sized network monitoring. A similar setup might work for large networks, but you will need to plan your compute/storage/bandwidth capacities accordingly. I’m running all the monitoring software on FreeBSD, but you can run it on your choice of OS. Just make sure to install the packages using your OS’s package manager.\n***\n### Preventing FreeBSD to kill PostgreSQL (aka OOM Killer prevention)\n\u0026gt; There are a lot of interesting articles on how to prevent the Out of Memory Killer (OOM killer in short) on Linux to ruin your day, or better your night. One particularly well done explanation about how the OOM Killer works, and how to help PostgreSQL to survive, is, in my humble opinion, the one from Percona Blog.\n***\n### Customizing Emacs for Git Commit Messages\n\u0026gt;I do a lot of commits to the FreeBSD project and elsewhere. It would be nice if I could setup emacs in a custom way for each commit message that I'm editing.\n\u0026gt; Fortunately, GNU Emacs provides a nice way to do just that. While I likely could do some of these things with git commit hooks, I find this to be a little nicer.\n***\n### Deleting old FreeBSD boot environments\n\u0026gt; I like boot environments (BE) on FreeBSD. They were especially handy when building the AWS host for FreshPorts, since I had no serial console. I would create a BE saving the current status, then make some changes. I’d mark the current BE as boot once, so I could boot back in the known good BE. Worst case, I could mount the storage onto a rescue EC2 instance and adjust the bootfs value of the zpool.\n***\n\n\nAlways be quitting\n\n\nA good philosophy to live by at work is to “always be quitting”. No, don’t be constantly thinking of leaving your job.  But act as if you might leave on short notice. Counterintuitively, this will make you a better engineer and open up growth opportunities.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nChristopher - zfs question\nChris - two questions\nVas - zpools and moving to FreeBSD 13\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eNetBSD 9.2 released, DragonFly 6.0 is out, Home Network Monitoring using Prometheus, Preventing FreeBSD to kill PostgreSQL, Customizing Emacs for Git Commit Messages, Deleting old FreeBSD boot environments, Always be quitting, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/netbsd_9_2_released\" rel=\"nofollow\"\u003eNetBSD 9.2 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2021/05/10/25731.html\" rel=\"nofollow\"\u003eDragonFly 6.0 is out!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflybsd.org/release60/\" rel=\"nofollow\"\u003eRelease Notes\u003c/a\u003e\n***\n### \u003ca href=\"https://2021.eurobsdcon.org/\" rel=\"nofollow\"\u003eEuroBSDCon 2021 will be online\u003c/a\u003e\n***\n## News Roundup\n### \u003ca href=\"https://linux-bsd.github.io/post/monitoring/\" rel=\"nofollow\"\u003eHome Network Monitoring using Prometheus\u003c/a\u003e\n\u0026gt; This blog post describes my setup for monitoring various devices on my home network suh as servers, laptops/desktops, networking gear etc. The setup and configuration is squarely geared towards small/medium sized network monitoring. A similar setup might work for large networks, but you will need to plan your compute/storage/bandwidth capacities accordingly. I’m running all the monitoring software on FreeBSD, but you can run it on your choice of OS. Just make sure to install the packages using your OS’s package manager.\n***\n### \u003ca href=\"https://fluca1978.github.io/2021/04/02/OOMKillerFreeBSD.html\" rel=\"nofollow\"\u003ePreventing FreeBSD to kill PostgreSQL (aka OOM Killer prevention)\u003c/a\u003e\n\u0026gt; There are a lot of interesting articles on how to prevent the Out of Memory Killer (OOM killer in short) on Linux to ruin your day, or better your night. One particularly well done explanation about how the OOM Killer works, and how to help PostgreSQL to survive, is, in my humble opinion, the one from Percona Blog.\n***\n### \u003ca href=\"http://bsdimp.blogspot.com/2021/04/customizing-emacs-for-git-commit.html\" rel=\"nofollow\"\u003eCustomizing Emacs for Git Commit Messages\u003c/a\u003e\n\u0026gt;I do a lot of commits to the FreeBSD project and elsewhere. It would be nice if I could setup emacs in a custom way for each commit message that I\u0026#39;m editing.\n\u0026gt; Fortunately, GNU Emacs provides a nice way to do just that. While I likely could do some of these things with git commit hooks, I find this to be a little nicer.\n***\n### \u003ca href=\"https://dan.langille.org/2021/04/15/deleting-old-freebsd-boot-environments/\" rel=\"nofollow\"\u003eDeleting old FreeBSD boot environments\u003c/a\u003e\n\u0026gt; I like boot environments (BE) on FreeBSD. They were especially handy when building the AWS host for FreshPorts, since I had no serial console. I would create a BE saving the current status, then make some changes. I’d mark the current BE as boot once, so I could boot back in the known good BE. Worst case, I could mount the storage onto a rescue EC2 instance and adjust the bootfs value of the zpool.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2021/04/always-be-quitting.html\" rel=\"nofollow\"\u003eAlways be quitting\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA good philosophy to live by at work is to “always be quitting”. No, don’t be constantly thinking of leaving your job.  But act as if you might leave on short notice. Counterintuitively, this will make you a better engineer and open up growth opportunities.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/405/feedback/Christopher%20-%20zfs%20question\" rel=\"nofollow\"\u003eChristopher - zfs question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/405/feedback/Chris%20-%20two%20questions\" rel=\"nofollow\"\u003eChris - two questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/405/feedback/Vas%20-%20zpools%20and%20moving%20to%20FreeBSD%2013\" rel=\"nofollow\"\u003eVas - zpools and moving to FreeBSD 13\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"NetBSD 9.2 released, DragonFly 6.0 is out, Home Network Monitoring using Prometheus, Preventing FreeBSD to kill PostgreSQL, Customizing Emacs for Git Commit Messages, Deleting old FreeBSD boot environments, Always be quitting, and more","date_published":"2021-06-03T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6773957b-a891-4528-b317-452e8e5d41fc.mp3","mime_type":"audio/mpeg","size_in_bytes":34765416,"duration_in_seconds":3429}]},{"id":"b6436b27-8f23-473c-bd4d-6cbac1cc9eef","title":"404: 404 BSD Now Hosts Not Found","url":"https://www.bsdnow.tv/404","content_text":"Allan, Benedict and Tom are MIA, so JT fills in with two friends.\n\nThis episode of BSDNow is brought to you by Tarsnap\nCoHosts this week:\n    • Ash Gokhale: https://twitter.com/xpi\n    • Jeff Propes : CoHost of The Opinion Dominion\n\nThis weeks format follows the format of one of JT's other shows: The Opinion Dominion.\n\nCentralized vs Decentralized Management\n\nAsh’s draid article at Klara\n\nopenbsd’s 50th release + Release Notes\n\nBeastie Bits\n\n•  Interesting dtrace papers I found this week.  The first is unfortunately paywalled by an industry journal but hopefully it’ll be publicly available soon.    \n    ◦ [Using Dtrace for Machine Learning Solutions in Malware Detection](https://ieeexplore.ieee.org/document/9225633)\n    ◦ [Process Monitoring on Sequences of System Call Count Vectors](https://arxiv.org/pdf/1707.03821.pdf)\n    ◦ Sounds Similar to:\n\n\n\nOptimyze Cloud](https://twitter.com/OptimyzeCloud/status/1386424419418099712)\nCADETS that GNN is working on]\n\n•  Practical IOT Hacking book out by no starch press\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nOpen Source Voices episode with Colin Percival\n\n\nRIP Dan kaminski\n\n• https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html\n• https://www.darkreading.com/vulnerabilities---threats/in-appreciation-dan-kaminsky/d/d-id/1340830\n• https://www.securityweek.com/security-researcher-dan-kaminsky-passes-away\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eAllan, Benedict and Tom are MIA, so JT fills in with two friends.\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003cbr\u003e\nCoHosts this week:\u003cbr\u003e\n    • Ash Gokhale: \u003ca href=\"https://twitter.com/xpi\" rel=\"nofollow\"\u003ehttps://twitter.com/xpi\u003c/a\u003e\u003cbr\u003e\n    • Jeff Propes : CoHost of \u003ca href=\"https://www.theopiniondominion.org\" rel=\"nofollow\"\u003eThe Opinion Dominion\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eThis weeks format follows the format of one of JT\u0026#39;s other shows: \u003ca href=\"https://www.theopiniondominion.org\" rel=\"nofollow\"\u003eThe Opinion Dominion\u003c/a\u003e.\u003c/h2\u003e\n\n\u003ch3\u003eCentralized vs Decentralized Management\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-draid-finally/\" rel=\"nofollow\"\u003eAsh’s draid article at Klara\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/openbsd/status/1388289402934333444\" rel=\"nofollow\"\u003eopenbsd’s 50th release\u003c/a\u003e + \u003ca href=\"https://www.openbsd.org/69.html\" rel=\"nofollow\"\u003eRelease Notes\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e•  Interesting dtrace papers I found this week.  The first is unfortunately paywalled by an industry journal but hopefully it’ll be publicly available soon.    \n    ◦ [Using Dtrace for Machine Learning Solutions in Malware Detection](https://ieeexplore.ieee.org/document/9225633)\n    ◦ [Process Monitoring on Sequences of System Call Count Vectors](https://arxiv.org/pdf/1707.03821.pdf)\n    ◦ Sounds Similar to:\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eOptimyze Cloud](\u003ca href=\"https://twitter.com/OptimyzeCloud/status/1386424419418099712\" rel=\"nofollow\"\u003ehttps://twitter.com/OptimyzeCloud/status/1386424419418099712\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://apps.dtic.mil/sti/citations/AD1080643\" rel=\"nofollow\"\u003eCADETS that GNN is working on\u003c/a\u003e]\u003c/p\u003e\n\n\u003cp\u003e•  \u003ca href=\"https://nostarch.com/practical-iot-hacking\" rel=\"nofollow\"\u003ePractical IOT Hacking book out by no starch press\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\u003ca href=\"https://www.opensourcevoices.org/12\" rel=\"nofollow\"\u003eOpen Source Voices episode with Colin Percival\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eRIP Dan kaminski\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html\n• https://www.darkreading.com/vulnerabilities---threats/in-appreciation-dan-kaminsky/d/d-id/1340830\n• https://www.securityweek.com/security-researcher-dan-kaminsky-passes-away\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Allan, Benedict and Tom are MIA, so JT fills in with two friends.","date_published":"2021-05-27T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b6436b27-8f23-473c-bd4d-6cbac1cc9eef.mp3","mime_type":"audio/mpeg","size_in_bytes":29400792,"duration_in_seconds":2979}]},{"id":"7f8330e4-2752-4d4c-b7c6-ca165e78cf57","title":"403: The Linuxulator Investment","url":"https://www.bsdnow.tv/403","content_text":"Why You Should Use BSD Licensing for Your Next Open Source Project or Product, Update on FreeBSD Foundation Investment in Linuxulator, OPNsense 21.1.5 released, FreeBSD meetings on the Desktop, Running FreeBSD jails with containerd 1.5, Markdown, DocBook, and the quest for semantic documentation on NetBSD.org, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nWhy You Should Use BSD Licensing for Your Next Open Source Project or Product\n\n\nThe term “open source” has its origins in the context of software development, designating a specific approach to developing computer programs. Nowadays, however, it stands for a broad set of values – open source means open exchange, transparency, collaborative participation and development for the benefit of the entire community.\n\n\n\nUpdate on FreeBSD Foundation Investment in Linuxulator\n\nDr. Emmett Brown’s similar-sounding Flux Capacitor from the movie Back to the Future bridged the dimension of time, uniting past, present, and future for the McFlys. Similarly, the FreeBSDⓇ Linuxulator project also bridges dimensions – in our case, these are LinuxⓇ and FreeBSD. \n\n\n\nNews Roundup\n\nOPNsense 21.1.5 released\n\nThis is mainly a security and reliablility update.  There are several FreeBSD\nsecurity advisories and updates for third party tools such as curl.\n\n\nOPNsense to rebase on FreeBSD 13\n***\n### FreeBSD meetings on the Desktop\nFreeBSD on the desktop is a whole stack - X11, Qt, KDE Frameworks, KDE Plasma and KDE Gear, and Wayland, and Poppler and GTK - o my!\n***\n### Running FreeBSD jails with containerd 1.5\ncontainerd 1.5.0 was released today and now works on a new operating system: FreeBSD! This new release includes a series of patches (1, 2, 3, 4, 5, 6, 7, 8, 9, 10) which allow containerd to build, enable the native and zfs snapshotters, and use a compatible runtime like runj.\n***\n### Markdown, DocBook, and the quest for semantic documentation on NetBSD.org\nRecently, I’ve been doing a lot of maintenance of the NetBSD website. It contains a boatload of documentation, much of which was originally written in the 2000s. It has some special requirements: it has to work in text-based web browsers like lynx, or maybe even without any working browser installed at all, or just ftp(1) for downloading plain text over HTTP. Naturally, the most important parts are static, suitable for serving from the standard NetBSD http server, which runs from inetd by default.\n***\n\n\n\nBeastie Bits\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAlrekur - An Interesting FreeBSD Find\nThey presented at the FreeBSD Vendor summit last year too: https://www.youtube.com/watch?v=8LUdZseNrpE\nSven - feedback\nRobert - firewalling\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWhy You Should Use BSD Licensing for Your Next Open Source Project or Product, Update on FreeBSD Foundation Investment in Linuxulator, OPNsense 21.1.5 released, FreeBSD meetings on the Desktop, Running FreeBSD jails with containerd 1.5, Markdown, DocBook, and the quest for semantic documentation on NetBSD.org, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/why-you-should-use-bsd-licensing-for-your-next-open-source-project-or-product/\" rel=\"nofollow\"\u003eWhy You Should Use BSD Licensing for Your Next Open Source Project or Product\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe term “open source” has its origins in the context of software development, designating a specific approach to developing computer programs. Nowadays, however, it stands for a broad set of values – open source means open exchange, transparency, collaborative participation and development for the benefit of the entire community.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/update-on-freebsd-foundation-investment-in-linuxulator/\" rel=\"nofollow\"\u003eUpdate on FreeBSD Foundation Investment in Linuxulator\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eDr. Emmett Brown’s similar-sounding Flux Capacitor from the movie Back to the Future bridged the dimension of time, uniting past, present, and future for the McFlys. Similarly, the FreeBSDⓇ Linuxulator project also bridges dimensions – in our case, these are LinuxⓇ and FreeBSD. \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-21-1-5-released/\" rel=\"nofollow\"\u003eOPNsense 21.1.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThis is mainly a security and reliablility update.  There are several FreeBSD\u003cbr\u003e\nsecurity advisories and updates for third party tools such as curl.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=22761.msg108313#msg108313\" rel=\"nofollow\"\u003eOPNsense to rebase on FreeBSD 13\u003c/a\u003e\n***\n### \u003ca href=\"https://euroquis.nl//freebsd/2021/04/20/fbsd-bbb.html\" rel=\"nofollow\"\u003eFreeBSD meetings on the Desktop\u003c/a\u003e\nFreeBSD on the desktop is a whole stack - X11, Qt, KDE Frameworks, KDE Plasma and KDE Gear, and Wayland, and Poppler and GTK - o my!\n***\n### \u003ca href=\"https://samuel.karp.dev/blog/2021/05/running-freebsd-jails-with-containerd-1-5/\" rel=\"nofollow\"\u003eRunning FreeBSD jails with containerd 1.5\u003c/a\u003e\ncontainerd 1.5.0 was released today and now works on a new operating system: FreeBSD! This new release includes a series of patches (1, 2, 3, 4, 5, 6, 7, 8, 9, 10) which allow containerd to build, enable the native and zfs snapshotters, and use a compatible runtime like runj.\n***\n### \u003ca href=\"https://washbear.neocities.org/markdown.html\" rel=\"nofollow\"\u003eMarkdown, DocBook, and the quest for semantic documentation on NetBSD.org\u003c/a\u003e\nRecently, I’ve been doing a lot of maintenance of the NetBSD website. It contains a boatload of documentation, much of which was originally written in the 2000s. It has some special requirements: it has to work in text-based web browsers like lynx, or maybe even without any working browser installed at all, or just ftp(1) for downloading plain text over HTTP. Naturally, the most important parts are static, suitable for serving from the standard NetBSD http server, which runs from inetd by default.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/403/feedback/Alrekur%20-%20An%20Interesting%20FreeBSD%20Find\" rel=\"nofollow\"\u003eAlrekur - An Interesting FreeBSD Find\u003c/a\u003e\nThey presented at the FreeBSD Vendor summit last year too: \u003ca href=\"https://www.youtube.com/watch?v=8LUdZseNrpE\" rel=\"nofollow\"\u003ehttps://www.youtube.com/watch?v=8LUdZseNrpE\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/403/feedback/Sven%20-%20feedback\" rel=\"nofollow\"\u003eSven - feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/403/feedback/Robert%20-%20firewalling\" rel=\"nofollow\"\u003eRobert - firewalling\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Why You Should Use BSD Licensing for Your Next Open Source Project or Product, Update on FreeBSD Foundation Investment in Linuxulator, OPNsense 21.1.5 released, FreeBSD meetings on the Desktop, Running FreeBSD jails with containerd 1.5, Markdown, DocBook, and the quest for semantic documentation on NetBSD.org, and more.","date_published":"2021-05-20T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7f8330e4-2752-4d4c-b7c6-ca165e78cf57.mp3","mime_type":"audio/mpeg","size_in_bytes":31084416,"duration_in_seconds":3052}]},{"id":"8fa4abac-1e15-4f91-8893-ca72a65c95c1","title":"402: Goodbye GPL","url":"https://www.bsdnow.tv/402","content_text":"It's time to say goodbye to the GPL, a new OCI Runtime for FreeBSD Jails, A bit of Xenix history, On Updating QEMU's bsd-user fork, FreeBSD 13 on a 12 year old laptop, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nIt's time to say goodbye to the GPL\n\n\nThe trigger for this post is the reinstating of Richard Stallman, a very problematic character, to the board of the Free Software Foundation (FSF). I am appalled by this move, and join others in the call for his removal.\nThis occasion has caused me to reevaluate the position of the FSF in computing. It is the steward of the GNU project (a part of Linux distributions, loosely speaking), and of a family of software licenses centred around the GNU General Public License (GPL). These efforts are unfortunately tainted by Stallman’s behaviour. However, this is not what I actually want to talk about today.\n\n\n\nrunj: a new OCI Runtime for FreeBSD Jails\n\nToday, I open-sourced runj, a new experimental, proof-of-concept OCI-compatible runtime for FreeBSD jails. For the past 6.5 years I’ve been working on Linux containers, but never really had much experience with FreeBSD jails. runj (pronounced “run jay”) is a vehicle for me to learn more about FreeBSD in general and jails in particular. With my position on the Technical Oversight Board of the Open Containers Initiative, I’m also interested in understanding how the OCI runtime specification can be adapted to other operating systems like FreeBSD.\n\n\n\nNews Roundup\n\nA Bit of Xenix History\n\nFrom 1986 to 1989, I worked in the Xenix1 group at Microsoft. It was my first job out of school, and I was the most junior person on the team. I was hopelessly naive, inexperienced, generally clueless, and borderline incompetent, but my coworkers were kind, supportive and enormously forgiving – just a lovely bunch of folks.\n\n\n\nOn Updating QEMU's bsd-user fork\n\n\n\n\nFreeBSD 13 on a 12 year old laptop\n\n\nMy old (2009) HP laptop now runs FreeBSD 13.0-RELEASE.\n\n\n\n\nBeastie Bits\n\n\nRegistration is now open for the June 2021 #FreeBSD Developers Summit\n6.0RC1 images available\nLexical File Names in Plan 9 or Getting Dot-Dot Right\nThe history of UTF-8 as told by Rob Pike\nInitial Support for the riscv64 Architecture\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nHamza - Congrats on 400\nRenato - DTS and ContainerD\nRob - Music\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eIt\u0026#39;s time to say goodbye to the GPL, a new OCI Runtime for FreeBSD Jails, A bit of Xenix history, On Updating QEMU\u0026#39;s bsd-user fork, FreeBSD 13 on a 12 year old laptop, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://martin.kleppmann.com/2021/04/14/goodbye-gpl.html\" rel=\"nofollow\"\u003eIt\u0026#39;s time to say goodbye to the GPL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe trigger for this post is the reinstating of Richard Stallman, a very problematic character, to the board of the Free Software Foundation (FSF). I am appalled by this move, and join others in the call for his removal.\u003cbr\u003e\nThis occasion has caused me to reevaluate the position of the FSF in computing. It is the steward of the GNU project (a part of Linux distributions, loosely speaking), and of a family of software licenses centred around the GNU General Public License (GPL). These efforts are unfortunately tainted by Stallman’s behaviour. However, this is not what I actually want to talk about today.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://samuel.karp.dev/blog/2021/03/runj-a-new-oci-runtime-for-freebsd-jails/\" rel=\"nofollow\"\u003erunj: a new OCI Runtime for FreeBSD Jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eToday, I open-sourced runj, a new experimental, proof-of-concept OCI-compatible runtime for FreeBSD jails. For the past 6.5 years I’ve been working on Linux containers, but never really had much experience with FreeBSD jails. runj (pronounced “run jay”) is a vehicle for me to learn more about FreeBSD in general and jails in particular. With my position on the Technical Oversight Board of the Open Containers Initiative, I’m also interested in understanding how the OCI runtime specification can be adapted to other operating systems like FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://seefigure1.com/2014/04/15/xenixtime.html\" rel=\"nofollow\"\u003eA Bit of Xenix History\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eFrom 1986 to 1989, I worked in the Xenix1 group at Microsoft. It was my first job out of school, and I was the most junior person on the team. I was hopelessly naive, inexperienced, generally clueless, and borderline incompetent, but my coworkers were kind, supportive and enormously forgiving – just a lovely bunch of folks.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdimp.blogspot.com/2021/05/on-updating-qemus-bsd-user-fork.html\" rel=\"nofollow\"\u003eOn Updating QEMU\u0026#39;s bsd-user fork\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://box.matto.nl/freebsd-13-on-a-12-year-old-laptop.html\" rel=\"nofollow\"\u003eFreeBSD 13 on a 12 year old laptop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy old (2009) HP laptop now runs FreeBSD 13.0-RELEASE.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/i/web/status/1387797859479732227\" rel=\"nofollow\"\u003eRegistration is now open for the June 2021 #FreeBSD Developers Summit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2021/04/22/25663.html\" rel=\"nofollow\"\u003e6.0RC1 images available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://plan9.io/sys/doc/lexnames.pdf\" rel=\"nofollow\"\u003eLexical File Names in Plan 9 or Getting Dot-Dot Right\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://doc.cat-v.org/bell_labs/utf-8_history\" rel=\"nofollow\"\u003eThe history of UTF-8 as told by Rob Pike\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20210423090342\" rel=\"nofollow\"\u003eInitial Support for the riscv64 Architecture\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/402/feedback/Hamza%20-%20Congrats%20on%20400\" rel=\"nofollow\"\u003eHamza - Congrats on 400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/402/feedback/Renato%20-%20DTS%20and%20ContainerD\" rel=\"nofollow\"\u003eRenato - DTS and ContainerD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/402/feedback/Rob%20-%20Music\" rel=\"nofollow\"\u003eRob - Music\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It's time to say goodbye to the GPL, a new OCI Runtime for FreeBSD Jails, A bit of Xenix history, On Updating QEMU's bsd-user fork, FreeBSD 13 on a 12 year old laptop, and more ","date_published":"2021-05-13T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8fa4abac-1e15-4f91-8893-ca72a65c95c1.mp3","mime_type":"audio/mpeg","size_in_bytes":30499968,"duration_in_seconds":2978}]},{"id":"65fbc474-0108-451b-a15c-d5d9bd7ca153","title":"401: OpenBSD Dog Garage","url":"https://www.bsdnow.tv/401","content_text":"Dog's Garage Runs OpenBSD, EuroBSDcon 2021 Call for Papers, FreeBSD’s iostat, The state of toolchains in NetBSD, Bandwidth limiting on OpenBSD 6.8, FreeBSD's ports migration to git and its impact on HardenedBSD, TrueNAS 12.0-U3 has been released, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nMy Dog's Garage Runs OpenBSD\n\n\nI was inspired by the April 2017 article in undeadly.org about getting OpenBSD running on a Raspberry Pi 3B+. My goal was to use a Raspberry Pi running OpenBSD to monitor the temperature in my garage from my home. My dog has his own little \"apartment\" inside the garage, so I want to keep an eye on the temperature. (I don't rely on this device. He sleeps inside the house whenever he wants.)\n\n\n\n\nEuroBSDcon 2021 Call for Papers\n\n\n\nFreeBSD iostat\n\n\n\nThe state of toolchains in NetBSD\n\n\nWhile FreeBSD and OpenBSD both switched to using LLVM/Clang as their base system compiler, NetBSD picked a different path and remained with GCC and binutils regardless of the license change to GPLv3. However, it doesn't mean that the NetBSD project endorses this license, and the NetBSD Foundation's has issued a statement about its position on the subject.\n\n\n\nNetBSD’s statement\n***\n\n\nNews Roundup\n\nBandwidth limiting on OpenBSD 6.8\n\n\nI will explain how to limit bandwidth on OpenBSD using its firewall PF (Packet Filter) queuing capability. It is a very powerful feature but it may be hard to understand at first. What is very important to understand is that it's technically not possible to limit the bandwidth of the whole system, because once data is getting on your network interface, it's already there and got by your router, what is possible is to limit the upload rate to cap the download rate.\n\n\n\nFreeBSD's ports migration to git and its impact on HardenedBSD\n\nFreeBSD completed their ports migration from subversion to git. Prior to the official switch, we used the read-only mirror FreeBSD had at GitHub[1]. The new repo is at [2]. A cursory glance at the new repo will show that the commit hashes changed. This presents an issue with HardenedBSD's ports tree in our merge-based workflow.\n\n\n\n\nTrueNAS 12.0-U3 has been released\n\n\niXsystems is excited to announce TrueNAS 12.0-U3 was released today and marks an important milestone in the transition from FreeNAS to TrueNAS. TrueNAS 12.0 is now considered by iXsystems to be a higher quality release than FreeNAS 11.3-U5, our previous benchmark. The new TrueNAS documentation site has also reached a point where it has more content and capabilities than FreeNAS. TrueNAS 12.0 is ready for mission-critical enterprise deployments.\n\n\n\n\nBeastie Bits\n\n\nJoyent provides pkgsrc for MacOS X\nArchives of old Irix documentation\nFreeBSD Developer/Vendor Summit 2021\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAndre - splitting zfs array\nBruce - Command Change\nDan - Annoyances with ZFS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eDog\u0026#39;s Garage Runs OpenBSD, EuroBSDcon 2021 Call for Papers, FreeBSD’s iostat, The state of toolchains in NetBSD, Bandwidth limiting on OpenBSD 6.8, FreeBSD\u0026#39;s ports migration to git and its impact on HardenedBSD, TrueNAS 12.0-U3 has been released, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210415055717\" rel=\"nofollow\"\u003eMy Dog\u0026#39;s Garage Runs OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was inspired by the April 2017 article in undeadly.org about getting OpenBSD running on a Raspberry Pi 3B+. My goal was to use a Raspberry Pi running OpenBSD to monitor the temperature in my garage from my home. My dog has his own little \u0026quot;apartment\u0026quot; inside the garage, so I want to keep an eye on the temperature. (I don\u0026#39;t rely on this device. He sleeps inside the house whenever he wants.)\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2021.eurobsdcon.org/about/cfp/\" rel=\"nofollow\"\u003eEuroBSDcon 2021 Call for Papers\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-iostat-a-quick-glance/\" rel=\"nofollow\"\u003eFreeBSD iostat\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/the-state-of-toolchains-in-netbsd/\" rel=\"nofollow\"\u003eThe state of toolchains in NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile FreeBSD and OpenBSD both switched to using LLVM/Clang as their base system compiler, NetBSD picked a different path and remained with GCC and binutils regardless of the license change to GPLv3. However, it doesn\u0026#39;t mean that the NetBSD project endorses this license, and the NetBSD Foundation\u0026#39;s has issued a statement about its position on the subject.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://cvsweb.netbsd.org/bsdweb.cgi/src/external/gpl3/README?rev=1.1\" rel=\"nofollow\"\u003eNetBSD’s statement\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-02-07-limit.html\" rel=\"nofollow\"\u003eBandwidth limiting on OpenBSD 6.8\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI will explain how to limit bandwidth on OpenBSD using its firewall PF (Packet Filter) queuing capability. It is a very powerful feature but it may be hard to understand at first. What is very important to understand is that it\u0026#39;s technically not possible to limit the bandwidth of the whole system, because once data is getting on your network interface, it\u0026#39;s already there and got by your router, what is possible is to limit the upload rate to cap the download rate.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2021-04-06/freebsds-ports-migration-git-and-its-impact-hardenedbsd\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s ports migration to git and its impact on HardenedBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eFreeBSD completed their ports migration from subversion to git. Prior to the official switch, we used the read-only mirror FreeBSD had at GitHub[1]. The new repo is at [2]. A cursory glance at the new repo will show that the commit hashes changed. This presents an issue with HardenedBSD\u0026#39;s ports tree in our merge-based workflow.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.truenas.com/docs/releasenotes/core/12.0u3/\" rel=\"nofollow\"\u003eTrueNAS 12.0-U3 has been released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eiXsystems is excited to announce TrueNAS 12.0-U3 was released today and marks an important milestone in the transition from FreeNAS to TrueNAS. TrueNAS 12.0 is now considered by iXsystems to be a higher quality release than FreeNAS 11.3-U5, our previous benchmark. The new TrueNAS documentation site has also reached a point where it has more content and capabilities than FreeNAS. TrueNAS 12.0 is ready for mission-critical enterprise deployments.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pkgsrc.joyent.com/install-on-osx/\" rel=\"nofollow\"\u003eJoyent provides pkgsrc for MacOS X\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://techpubs.jurassic.nl\" rel=\"nofollow\"\u003eArchives of old Irix documentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/DevSummit/202106\" rel=\"nofollow\"\u003eFreeBSD Developer/Vendor Summit 2021\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/401/feedback/Andre%20-%20splitting%20zfs%20array\" rel=\"nofollow\"\u003eAndre - splitting zfs array\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/401/feedback/Bruce%20-%20Command%20Change\" rel=\"nofollow\"\u003eBruce - Command Change\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/401/feedback/Dan%20-%20Annoyances%20with%20ZFS\" rel=\"nofollow\"\u003eDan - Annoyances with ZFS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Dog's Garage Runs OpenBSD, EuroBSDcon 2021 Call for Papers, FreeBSD’s iostat, The state of toolchains in NetBSD, Bandwidth limiting on OpenBSD 6.8, FreeBSD's ports migration to git and its impact on HardenedBSD, TrueNAS 12.0-U3 has been released, and more.","date_published":"2021-05-06T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/65fbc474-0108-451b-a15c-d5d9bd7ca153.mp3","mime_type":"audio/mpeg","size_in_bytes":35418744,"duration_in_seconds":3483}]},{"id":"3117fff6-093a-49a0-b8a2-c8628deb83e5","title":"400: FreeBSD became 13","url":"https://www.bsdnow.tv/400","content_text":"FreeBSD 13 is here, multi-factor authentication on OpenBSD, KDE on FreeBSD 2021o2, NetBSD GSoC report, a working D compiler on OpenBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD 13.0 R Annoucement\n\n• OpenZFS 2.0 (almost 2.1) is included in 13.0\n• Removed support for previously-deprecated algorithms in geli(8).\n• The armv8crypto(4) driver now supports AES-GCM which is used by IPsec and kernel TLS.\n\n\n\n\nEnable multi-factor authentication on OpenBSD\n\n\nIn this article I will explain how to add a bit more security to your OpenBSD system by adding a requirement for user logging into the system, locally or by ssh. I will explain how to setup 2 factor authentication (2FA) using TOTP on OpenBSD\n\n\n\n\nNews Roundup\n\nKDE on FreeBSD 2021o2\n\n\nGosh, second octant already! Well, let’s take a look at the big things that happened in KDE-on-FreeBSD in these six-and-a-half weeks.\n\n\n\n\nGSoC Reports: Make system(3), popen(3) and popenve(3) use posix_spawn(3) internally (Final report)\n\n\nMy code can be found at github.com/teknokatze/src in the gsoc2020 branch, at the time of writing some of it is still missing. The test facilities and logs can be found in github.com/teknokatze/gsoc2020. A diff can be found at github which will later be split into several patches before it is sent to QA for merging.\nThe initial and defined goal of this project was to make system(3) and popen(3) use posix_spawn(3) internally, which had been completed in June. For the second part I was given the task to replace fork+exec calls in our standard shell (sh) in one scenario. Similar to the previous goal we determined through implementation if the initial motivation, to get performance improvements, is correct otherwise we collect metrics for why posix_spawn() in this case should be avoided. This second part meant in practice that I had to add and change code in the kernel, add a new public libc function, and understand shell internals.\n\n\n\n\nA working D compiler on OpenBSD\n\n\nDr. Brian Robert Callahan (bcallah@) blogged about his work in getting D compiler(s) working under OpenBSD.\n\n\nFull Post\n***\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nVasilis - upgrade question\nDennis - zfs questions\nDaniel Dettlaff - KTLS question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD 13 is here, multi-factor authentication on OpenBSD, KDE on FreeBSD 2021o2, NetBSD GSoC report, a working D compiler on OpenBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/13.0R/announce/\" rel=\"nofollow\"\u003eFreeBSD 13.0 R Annoucement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003e• OpenZFS 2.0 (almost 2.1) is included in 13.0\n• Removed support for previously-deprecated algorithms in geli(8).\n• The armv8crypto(4) driver now supports AES-GCM which is used by IPsec and kernel TLS.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-02-06-openbsd-2fa.html\" rel=\"nofollow\"\u003eEnable multi-factor authentication on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this article I will explain how to add a bit more security to your OpenBSD system by adding a requirement for user logging into the system, locally or by ssh. I will explain how to setup 2 factor authentication (2FA) using TOTP on OpenBSD\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/kde/2021/03/26/freebsd2021o2.html\" rel=\"nofollow\"\u003eKDE on FreeBSD 2021o2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGosh, second octant already! Well, let’s take a look at the big things that happened in KDE-on-FreeBSD in these six-and-a-half weeks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/gsoc_reports_make_system_31\" rel=\"nofollow\"\u003eGSoC Reports: Make system(3), popen(3) and popenve(3) use posix_spawn(3) internally (Final report)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy code can be found at github.com/teknokatze/src in the gsoc2020 branch, at the time of writing some of it is still missing. The test facilities and logs can be found in github.com/teknokatze/gsoc2020. A diff can be found at github which will later be split into several patches before it is sent to QA for merging.\u003cbr\u003e\nThe initial and defined goal of this project was to make system(3) and popen(3) use posix_spawn(3) internally, which had been completed in June. For the second part I was given the task to replace fork+exec calls in our standard shell (sh) in one scenario. Similar to the previous goal we determined through implementation if the initial motivation, to get performance improvements, is correct otherwise we collect metrics for why posix_spawn() in this case should be avoided. This second part meant in practice that I had to add and change code in the kernel, add a new public libc function, and understand shell internals.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210322080633\" rel=\"nofollow\"\u003eA working D compiler on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDr. Brian Robert Callahan (bcallah@) blogged about his work in getting D compiler(s) working under OpenBSD.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://briancallahan.net/blog/20210320.html\" rel=\"nofollow\"\u003eFull Post\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/400/feedback/Vasilis%20-%20upgrade%20question\" rel=\"nofollow\"\u003eVasilis - upgrade question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/400/feedback/Dennis%20-%20zfs%20questions\" rel=\"nofollow\"\u003eDennis - zfs questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/400/feedback/dmilith%20-%20KTLS\" rel=\"nofollow\"\u003eDaniel Dettlaff - KTLS question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":" FreeBSD 13 is here, multi-factor authentication on OpenBSD, KDE on FreeBSD 2021o2, NetBSD GSoC report, a working D compiler on OpenBSD, and more","date_published":"2021-04-29T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3117fff6-093a-49a0-b8a2-c8628deb83e5.mp3","mime_type":"audio/mpeg","size_in_bytes":40681968,"duration_in_seconds":3763}]},{"id":"3de2dd50-eca9-4729-9ef6-464aa4ec5795","title":"399: Comparing Sandboxes","url":"https://www.bsdnow.tv/399","content_text":"Comparing sandboxing techniques, Statement on FreeBSD development processes, customizing FreeBSD ports and packages, the quest for a comfortable NetBSD desktop, Nginx as a TCP/UDP relay, HardenedBSD March 2021 Status Report, Detailed Behaviors of Unix Signal, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nComparing sandboxing techniques\n\n\nI had the opportunity to implement a sandbox and I'd like to write about the differences between the various sandboxing techniques available on three different operating systems: FreeBSD, Linux and OpenBSD.\n\n\n\nStatement on FreeBSD development processes\n\nIn light of the recent commentary on FreeBSD's development practices, members of the Core team would like to issue the following statement.\n\n\n\nCustomizing FreeBSD Ports and Packages\n\nA basic intro to building your own packages\n\n\n\n\nNews Roundup\n\nFVWM(3) and the quest for a comfortable NetBSD desktop\n\n\nFVWM substantially allows one to build a fully-fledged lightweight desktop environment from scratch, with an almost unparalleled degree of freedom. Although using FVWM does not require any knowledge of programming languages, it is possible to extend it with M4, C, and Perl preprocessing.\n\n\n\nNginx as a TCP/UDP relay\n\nIn this tutorial I will explain how to use Nginx as a TCP or UDP relay as an alternative to Haproxy or Relayd. This mean nginx will be able to accept requests on a port (TCP/UDP) and relay it to another backend without knowing about the content. It also permits to negociates a TLS session with the client and relay to a non-TLS backend. In this example I will explain how to configure Nginx to accept TLS requests to transmit it to my Gemini server Vger, Gemini protocol has TLS as a requirement.\n\n\n\nHardenedBSD March 2021 Status Report\n\nThis month, I worked on finding and fixing the regression that caused kernel panics on our package builders. I think I found the issue: I made it so that the HARDENEDBSD amd64 kernel just included GENERIC so that we follow FreeBSD's toggling of features. Doing so added QUEUE_MACRO_DEBUG_TRASH to our kernel config. That option is the likely culprit. If the next package build (with the option removed) completes, I will commit the change that removes QUEUE_MACRO_DEBUG_TRASH from the HARDENEDBSD amd64 kernel.\n\n\n\nDetailed Behaviors of Unix Signal\n\nWhen Unix is mentioned in this document it means macOS or Linux as they are the mainly used Unix at this moment. When shell is mentioned it means Bash or Zsh. Most demos are written in C for macOS with Apple libc and Linux with glibc.\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nFeedback/Questions\n\n\nandrew - flatpak\nchris - mac and truenas\nrobert - some questions\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eComparing sandboxing techniques, Statement on FreeBSD development processes, customizing FreeBSD ports and packages, the quest for a comfortable NetBSD desktop, Nginx as a TCP/UDP relay, HardenedBSD March 2021 Status Report, Detailed Behaviors of Unix Signal, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.omarpolo.com/post/gmid-sandbox.html\" rel=\"nofollow\"\u003eComparing sandboxing techniques\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI had the opportunity to implement a sandbox and I\u0026#39;d like to write about the differences between the various sandboxing techniques available on three different operating systems: FreeBSD, Linux and OpenBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2021-March/057127.html\" rel=\"nofollow\"\u003eStatement on FreeBSD development processes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eIn light of the recent commentary on FreeBSD\u0026#39;s development practices, members of the Core team would like to issue the following statement.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/customizing-freebsd-ports-and-packages/\" rel=\"nofollow\"\u003eCustomizing FreeBSD Ports and Packages\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eA basic intro to building your own packages\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unitedbsd.com/d/442-fvwm3-and-the-quest-for-a-comfortable-netbsd-desktop\" rel=\"nofollow\"\u003eFVWM(3) and the quest for a comfortable NetBSD desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFVWM substantially allows one to build a fully-fledged lightweight desktop environment from scratch, with an almost unparalleled degree of freedom. Although using FVWM does not require any knowledge of programming languages, it is possible to extend it with M4, C, and Perl preprocessing.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2021-02-24-nginx-stream.html\" rel=\"nofollow\"\u003eNginx as a TCP/UDP relay\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eIn this tutorial I will explain how to use Nginx as a TCP or UDP relay as an alternative to Haproxy or Relayd. This mean nginx will be able to accept requests on a port (TCP/UDP) and relay it to another backend without knowing about the content. It also permits to negociates a TLS session with the client and relay to a non-TLS backend. In this example I will explain how to configure Nginx to accept TLS requests to transmit it to my Gemini server Vger, Gemini protocol has TLS as a requirement.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2021-03-31/hardenedbsd-march-2021-status-report\" rel=\"nofollow\"\u003eHardenedBSD March 2021 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThis month, I worked on finding and fixing the regression that caused kernel panics on our package builders. I think I found the issue: I made it so that the HARDENEDBSD amd64 kernel just included GENERIC so that we follow FreeBSD\u0026#39;s toggling of features. Doing so added QUEUE_MACRO_DEBUG_TRASH to our kernel config. That option is the likely culprit. If the next package build (with the option removed) completes, I will commit the change that removes QUEUE_MACRO_DEBUG_TRASH from the HARDENEDBSD amd64 kernel.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dyx.name/posts/essays/signal.html\" rel=\"nofollow\"\u003eDetailed Behaviors of Unix Signal\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWhen Unix is mentioned in this document it means macOS or Linux as they are the mainly used Unix at this moment. When shell is mentioned it means Bash or Zsh. Most demos are written in C for macOS with Apple libc and Linux with glibc.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/andrew%20-%20flatpak\" rel=\"nofollow\"\u003eandrew - flatpak\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/chris%20-%20mac%20and%20truenas\" rel=\"nofollow\"\u003echris - mac and truenas\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/399/feedback/robert%20-%20some%20questions\" rel=\"nofollow\"\u003erobert - some questions\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Comparing sandboxing techniques, Statement on FreeBSD development processes, customizing FreeBSD ports and packages, the quest for a comfortable NetBSD desktop, Nginx as a TCP/UDP relay, HardenedBSD March 2021 Status Report, Detailed Behaviors of Unix Signal, and more\r\n","date_published":"2021-04-22T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3de2dd50-eca9-4729-9ef6-464aa4ec5795.mp3","mime_type":"audio/mpeg","size_in_bytes":36616080,"duration_in_seconds":3424}]},{"id":"690f3bec-7d66-4d05-8cee-073e2248cd50","title":"398: Coordinated Mars Time","url":"https://www.bsdnow.tv/398","content_text":"FreeBSD 13.0 Full Desktop Experience, FreeBSD on ARM64 in the Cloud, Plan 9 from Bell Labs in Cyberspace, Inferno is open source as well, NetBSD hits donation milestone, grep returns (standard input) on FreeBSD, Random Programming Challenge, OpenBSD Adds Support for Coordinated Mars Time (MTC) and more\n\nNOTES\n\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD 13.0 – Full Desktop Experience\n\n\nWith the release of FreeBSD 13.0 on the horizon, I wanted to see how it shapes up on my Lenovo T450 laptop.  Previous major releases on this laptop, using it as a workstation, felt very rough around the edges but with 13, it feels like the developers got it right.\n\n\n\nFreeBSD on ARM64 in the Cloud\n\nUntil the end of June, Amazon AWS is offering free ARM64 Graviton instances, learn how to try out FreeBSD to ARMv8 in the cloud\n\n\n\n\nPlan 9 from Bell Labs in Cyberspace!\n\n\nThe releases below represent the historical releases of Plan 9. The two versions of 4th Edition represent the initial release and the final version available from Bell Labs as it was updated and patched. All historical releases of Plan 9 have been re-released under the terms of the MIT license.\n\n\nInferno is open source as well\n***\n## News Roundup\n### Hitting donation milestone, financial report for 2020\nWe nearly hit our 2020 donation milestone set after the release of 9.0 of $50,000.\n***\n\n\n\ngrep returns (standard input) on FreeBSD\n\n\nI was dealing with a bizarre error with grep(1) on FreeBSD, and it soon infected my macOS and NetBSD machines too. It was driving me crazy!\n\n\n\nRandom Programming Challenge\n\n\n\nThis better not be an April Fools Joke… I want to see this actually implemented. I’ll donate $100 to the first BSD that actually implements this for real.  Who’s with me?\n\n\nOpenBSD Adds Support for Coordinated Mars Time (MTC)\n\n\nTo make sure that OpenBSD can be used elsewhere than just earth, this diff introduces Coordinated Mars Time (MTC), the Mars equivalent of earth’s Universal Time (UTC).\nOpenZFS had a good one too\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrandon - router\nLawrence - Is BSD for me\nmiguel - printing\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD 13.0 Full Desktop Experience, FreeBSD on ARM64 in the Cloud, Plan 9 from Bell Labs in Cyberspace, Inferno is open source as well, NetBSD hits donation milestone, grep returns (standard input) on FreeBSD, Random Programming Challenge, OpenBSD Adds Support for Coordinated Mars Time (MTC) and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003eThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tubsta.com/2021/03/freebsd-13-0-full-desktop-experience/\" rel=\"nofollow\"\u003eFreeBSD 13.0 – Full Desktop Experience\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the release of FreeBSD 13.0 on the horizon, I wanted to see how it shapes up on my Lenovo T450 laptop.  Previous major releases on this laptop, using it as a workstation, felt very rough around the edges but with 13, it feels like the developers got it right.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/the-next-level-freebsd-on-arm64-in-the-cloud/\" rel=\"nofollow\"\u003eFreeBSD on ARM64 in the Cloud\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eUntil the end of June, Amazon AWS is offering free ARM64 Graviton instances, learn how to try out FreeBSD to ARMv8 in the cloud\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bell-labs.com/institute/blog/plan-9-bell-labs-cyberspace/\" rel=\"nofollow\"\u003ePlan 9 from Bell Labs in Cyberspace!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"http://p9f.org/dl/index.html\" rel=\"nofollow\"\u003eThe releases below represent the historical releases of Plan 9.\u003c/a\u003e The two versions of 4th Edition represent the initial release and the final version available from Bell Labs as it was updated and patched. All historical releases of Plan 9 have been re-released under the terms of the MIT license.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/inferno-os/inferno64-os/src/master/\" rel=\"nofollow\"\u003eInferno is open source as well\u003c/a\u003e\n***\n## News Roundup\n### \u003ca href=\"http://blog.netbsd.org/tnf/entry/hitting_donation_milestone_financial_report\" rel=\"nofollow\"\u003eHitting donation milestone, financial report for 2020\u003c/a\u003e\nWe nearly hit our 2020 donation milestone set after the release of 9.0 of $50,000.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/grep-returns-standard-input/\" rel=\"nofollow\"\u003egrep returns (standard input) on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was dealing with a bizarre error with grep(1) on FreeBSD, and it soon infected my macOS and NetBSD machines too. It was driving me crazy!\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://projecteuler.net/problem=84\" rel=\"nofollow\"\u003eRandom Programming Challenge\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eThis better not be an April Fools Joke… I want to see this actually implemented. I’ll donate $100 to the first BSD that actually implements this for real.  Who’s with me?\u003c/h3\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=161730046519995\" rel=\"nofollow\"\u003eOpenBSD Adds Support for Coordinated Mars Time (MTC)\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo make sure that OpenBSD can be used elsewhere than just earth, this diff introduces Coordinated Mars Time (MTC), the Mars equivalent of earth’s Universal Time (UTC).\u003cbr\u003e\n\u003ca href=\"https://github.com/openzfs/zfs/pull/11823\" rel=\"nofollow\"\u003eOpenZFS had a good one too\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/398/feedback/Brandon%20-%20router\" rel=\"nofollow\"\u003eBrandon - router\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/398/feedback/Lawrence%20-%20Is%20FreeBSD%20for%20me\" rel=\"nofollow\"\u003eLawrence - Is BSD for me\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/398/feedback/miguel%20-%20printing\" rel=\"nofollow\"\u003emiguel - printing\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 13.0 Full Desktop Experience, FreeBSD on ARM64 in the Cloud, Plan 9 from Bell Labs in Cyberspace, Inferno is open source as well, NetBSD hits donation milestone, grep returns (standard input) on FreeBSD, Random Programming Challenge, OpenBSD Adds Support for Coordinated Mars Time (MTC) and more","date_published":"2021-04-15T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/690f3bec-7d66-4d05-8cee-073e2248cd50.mp3","mime_type":"audio/mpeg","size_in_bytes":30056400,"duration_in_seconds":3014}]},{"id":"c901a741-a25b-4d92-9ce4-03b5f2e18d2f","title":"397: Fresh BSD 2021","url":"https://www.bsdnow.tv/397","content_text":"Customizing the FreeBSD Kernel, OpenBSD/loongson on the Lemote Fuloong, how ZFS on Linux brings up pools and filesystems at boot under systemd, LLDB: FreeBSD Legacy Process Plugin Removed, FreshBSD 2021, gmid, Danschmid’s Poudriere Guide in english, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nCustomizing the FreeBSD Kernel\n\n\nLearn more about customizing the build of the FreeBSD kernel and its loadable modules\n\n\n\nOpenBSD/loongson on the Lemote Fuloong\n\nIn my article about running OpenBSD/loongson on the Lemote Yeeloong back in 2016, I mentioned looking for a Fuloong. All hope seemed lost until the Summer of 2017, when a fellow OpenBSD developer was contacted by a generous user (Thanks again, Lars!) offering to donate two Lemote Fuloong machines, and I was lucky enough to get one of those units.\n\n\n\n\nNews Roundup\n\nHow ZFS on Linux brings up pools and filesystems at boot under systemd\n\n\nOn Solaris and Illumos, how ZFS pools and filesystems were brought up at boot was always a partial mystery to me (and it seemed to involve the kernel knowing a lot about /etc/zfs/zpool.cache). On Linux, additional software RAID arrays are brought up mostly through udev rules, which has its own complications. For a long time I had the general impression that ZFS on Linux also worked through udev rules to recognize vdev components, much like software RAID. However, this turns out to not be the case and the modern ZFS on Linux boot process is quite straightforward on systemd systems.\n\n\n\nLLDB: FreeBSD Legacy Process Plugin Removed\n\nDuring the past month we’ve successfully removed the legacy FreeBSD plugin and continued improving the new one. We have prepared an implementation of hardware breakpoint and watchpoint support for FreeBSD/AArch64, and iterated over all tests that currently fail on that platform. Therefore, we have concluded the second milestone.\n\n\n\nFreshBSD 2021\n\n6 weeks ago I created a branch for a significant rework of FreshBSD. Nearly 300 commits later, and just a week shy of our 15th anniversary, the result is what you’re looking at now. I hope you like it.\n\n\n\ngmid is a gemini server  for unixes.\n\n\n\nDanschmid’s Poudriere Guide now in english\n\nThe ports system is one of FreeBSD's greatest advantages for users who want flexibility and control over their software. It enables administrators to easily create and manage source-based installations using a system that is robust and predictable.\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Tom Jones.","content_html":"\u003cp\u003eCustomizing the FreeBSD Kernel, OpenBSD/loongson on the Lemote Fuloong, how ZFS on Linux brings up pools and filesystems at boot under systemd, LLDB: FreeBSD Legacy Process Plugin Removed, FreshBSD 2021, gmid, Danschmid’s Poudriere Guide in english, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/customizing-the-freebsd-kernel/\" rel=\"nofollow\"\u003eCustomizing the FreeBSD Kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLearn more about customizing the build of the FreeBSD kernel and its loadable modules\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/openbsd-loongson-on-the-lemote-fuloong/\" rel=\"nofollow\"\u003eOpenBSD/loongson on the Lemote Fuloong\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eIn my article about running OpenBSD/loongson on the Lemote Yeeloong back in 2016, I mentioned looking for a Fuloong. All hope seemed lost until the Summer of 2017, when a fellow OpenBSD developer was contacted by a generous user (Thanks again, Lars!) offering to donate two Lemote Fuloong machines, and I was lucky enough to get one of those units.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSBringUpOnBoot\" rel=\"nofollow\"\u003eHow ZFS on Linux brings up pools and filesystems at boot under systemd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn Solaris and Illumos, how ZFS pools and filesystems were brought up at boot was always a partial mystery to me (and it seemed to involve the kernel knowing a lot about /etc/zfs/zpool.cache). On Linux, additional software RAID arrays are brought up mostly through udev rules, which has its own complications. For a long time I had the general impression that ZFS on Linux also worked through udev rules to recognize vdev components, much like software RAID. However, this turns out to not be the case and the modern ZFS on Linux boot process is quite straightforward on systemd systems.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.moritz.systems/blog/freebsd-legacy-process-plugin-removed/\" rel=\"nofollow\"\u003eLLDB: FreeBSD Legacy Process Plugin Removed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eDuring the past month we’ve successfully removed the legacy FreeBSD plugin and continued improving the new one. We have prepared an implementation of hardware breakpoint and watchpoint support for FreeBSD/AArch64, and iterated over all tests that currently fail on that platform. Therefore, we have concluded the second milestone.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freshbsd.org/news/2021/02/28\" rel=\"nofollow\"\u003eFreshBSD 2021\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e6 weeks ago I created a branch for a significant rework of FreshBSD. Nearly 300 commits later, and just a week shy of our 15th anniversary, the result is what you’re looking at now. I hope you like it.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/omar-polo/gmid/\" rel=\"nofollow\"\u003egmid\u003c/a\u003e is a \u003ca href=\"https://gemini.circumlunar.space/\" rel=\"nofollow\"\u003egemini\u003c/a\u003e server  for unixes.\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://danschmid.de/en/blog/poudriere-guide\" rel=\"nofollow\"\u003eDanschmid’s Poudriere Guide now in english\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThe ports system is one of FreeBSD\u0026#39;s greatest advantages for users who want flexibility and control over their software. It enables administrators to easily create and manage source-based installations using a system that is robust and predictable.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Tom Jones.\u003c/p\u003e","summary":"Customizing the FreeBSD Kernel, OpenBSD/loongson on the Lemote Fuloong, how ZFS on Linux brings up pools and filesystems at boot under systemd, LLDB: FreeBSD Legacy Process Plugin Removed, FreshBSD 2021, gmid, Danschmid’s Poudriere Guide in english, and more","date_published":"2021-04-08T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c901a741-a25b-4d92-9ce4-03b5f2e18d2f.mp3","mime_type":"audio/mpeg","size_in_bytes":34526808,"duration_in_seconds":3361}]},{"id":"db1ced31-e2bc-41f2-baca-041c750229f4","title":"396: License to thrill","url":"https://www.bsdnow.tv/396","content_text":"FreeBSD Network Troubleshooting, The State of FreeBSD, dhcpleased, bhyve for Calamares Development, EFS automount and ebsnvme-id, Old Usenix pictures, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD Network Troubleshooting\n\n\nFreeBSD has a full set of debugging features, and the network stack is able to report a ton of information. So much that it can be hard to figure out what is relevant and what is not.\n\n\n\nThe State of FreeBSD\n\nLicense to thrill: Ahead of v13.0, the FreeBSD team talks about Linux and the completed toolchain project that changes everything\n\n\n\n\nNews Roundup\n\ndhcpleased(8) - DHCP client daemon\n\n\nWith the following commit, Florian Obser (florian@) imported dhcpleased(8), DHCP daemon to acquire IPv4 address leases from servers, plus dhcpleasectl(8), a utility to control the daemon:\n\n\n\nbhyve for Calamares Development\n\nbhyve (pronounced “bee hive”) is a hypervisor for BSD systems (and Illumos / openSolaris). It is geared towards server workloads, but does support desktop-oriented operation as well. I spent some time wayyyy back in November wrestling with it in order to replace VirtualBox for Calamares testing on FreeBSD. The “golden hint” as far as I’m concerned came from Karen Bruner and now I have a functioning Calamares test-ground that is more useful than before.\n“Calamares is a free and open-source independent and distro-agnostic system installer for Linux distributions.“\n\n\n\nSome new FreeBSD/EC2 features: EFS automount and ebsnvme-id\n\nAs my regular readers will be aware, I've been working on and gradually improving FreeBSD/EC2 for many years. Recently I've added two new features, which are available in the weekly HEAD and 12-STABLE snapshots and will appear in releases starting from 12.2-RELEASE.\n\n\n\nOld Usenix pictures\n\n\n\nBeastie Bits\n\n[https://2021.eurobsdcon.org/](CFP is open until May 26th, 2021)\n\nEuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 16-19 2021 in Vienna, Austria or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday.\nThe Call for Talk and Presentation proposals period will close on May 26th, 2021.  Prospective speakers will be notified of acceptance or otherwise by June 1st, 2021.\n\n\n\n[https://campgnd.com/](CFP is open until 2021-04-15)\n\ncampgndd will be held May 28th, 29th and 30th 2021, from wherever you happen to be.\nWe're looking for submissions on anything you're enthusiastic and excited about. If you enjoy it, the odds are we will too! You don't need to be an expert to propose anything.\nSome example of things we are looking for are:\n    Talks\n    Walkthroughs\n    Music\n\nFrom the Desk of Michael Lucas…\n\nNew Release: Only Footnotes\nI’ve lost count of the number of people who have told me that they purchase my books only for the footnotes. That’s okay. I don’t care why people buy my books, only that they do buy them. Nevertheless, I am a businessman living under capitalism and feel compelled to respond to my market.\nAllow me to present my latest release: Only Footnotes, a handsome hardcover-only compilation of decades of footnotes. From the back cover:\n-----\nOnly Footnotes. Because that’s why you read his books.\nAcademics hate footnotes. Michael W Lucas loves them. What he does with them wouldn’t pass academic muster, but that doesn’t mean the reader should skip them. The footnotes are the best part! Why not read only the footnotes, and skip all that other junk?\nAfter literal minutes of effort, Only Footnotes collects every single footnote from all of Lucas’ books to date.* Recycle those cumbersome treatises stuffed with irrelevant facts! No more flipping through pages and pages of actual technical knowledge looking for the offhand movie reference or half-formed joke. This slender, elegant volume contains everything the man ever passed off as his dubious, malformed “wisdom.”\nSmart books have footnotes. Smarter books are only footnotes.\n*plus additional annotations from the author. Because sometimes even a footnote needs a footnote.\n----\nWith interior illustrations by OpenBSD’s akoshibe, this distinguished tome would make fine inspirational reading for a system administrator, network engineer, or anyone sentenced to a life in information technology. Available at all fine bookstores, and many mediocre ones!\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n\nSpecial Guest: Tom Jones.","content_html":"\u003cp\u003eFreeBSD Network Troubleshooting, The State of FreeBSD, dhcpleased, bhyve for Calamares Development, EFS automount and ebsnvme-id, Old Usenix pictures, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-network-troubleshooting-understanding-network-performance/\" rel=\"nofollow\"\u003eFreeBSD Network Troubleshooting\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD has a full set of debugging features, and the network stack is able to report a ton of information. So much that it can be hard to figure out what is relevant and what is not.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.theregister.com/2021/03/10/the_state_of_freebsd/\" rel=\"nofollow\"\u003eThe State of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eLicense to thrill: Ahead of v13.0, the FreeBSD team talks about Linux and the completed toolchain project that changes everything\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20210227232424\" rel=\"nofollow\"\u003edhcpleased(8) - DHCP client daemon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the following commit, Florian Obser (florian@) imported dhcpleased(8), DHCP daemon to acquire IPv4 address leases from servers, plus dhcpleasectl(8), a utility to control the daemon:\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl//freebsd/2021/03/05/bhyve.html\" rel=\"nofollow\"\u003ebhyve for Calamares Development\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003ebhyve (pronounced “bee hive”) is a hypervisor for BSD systems (and Illumos / openSolaris). It is geared towards server workloads, but does support desktop-oriented operation as well. I spent some time wayyyy back in November wrestling with it in order to replace VirtualBox for Calamares testing on FreeBSD. The “golden hint” as far as I’m concerned came from Karen Bruner and now I have a functioning Calamares test-ground that is more useful than before.\u003cbr\u003e\n“Calamares is a free and open-source independent and distro-agnostic system installer for Linux distributions.“\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.daemonology.net/blog/2020-05-31-Some-new-FreeBSD-EC2-features.html\" rel=\"nofollow\"\u003eSome new FreeBSD/EC2 features: EFS automount and ebsnvme-id\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eAs my regular readers will be aware, I\u0026#39;ve been working on and gradually improving FreeBSD/EC2 for many years. Recently I\u0026#39;ve added two new features, which are available in the weekly HEAD and 12-STABLE snapshots and will appear in releases starting from 12.2-RELEASE.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2021-February/018304.html\" rel=\"nofollow\"\u003eOld Usenix pictures\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003ch3\u003e[\u003ca href=\"https://2021.eurobsdcon.org/%5D(CFP\" rel=\"nofollow\"\u003ehttps://2021.eurobsdcon.org/](CFP\u003c/a\u003e is open until May 26th, 2021)\u003c/h3\u003e\n\n\u003cp\u003eEuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 16-19 2021 in Vienna, Austria or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday.\u003cbr\u003e\nThe Call for Talk and Presentation proposals period will close on May 26th, 2021.  Prospective speakers will be notified of acceptance or otherwise by June 1st, 2021.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e[\u003ca href=\"https://campgnd.com/%5D(CFP\" rel=\"nofollow\"\u003ehttps://campgnd.com/](CFP\u003c/a\u003e is open until 2021-04-15)\u003c/h3\u003e\n\n\u003cp\u003ecampgndd will be held May 28th, 29th and 30th 2021, from wherever you happen to be.\u003cbr\u003e\nWe\u0026#39;re looking for submissions on anything you\u0026#39;re enthusiastic and excited about. If you enjoy it, the odds are we will too! You don\u0026#39;t need to be an expert to propose anything.\u003cbr\u003e\nSome example of things we are looking for are:\u003cbr\u003e\n    Talks\u003cbr\u003e\n    Walkthroughs\u003cbr\u003e\n    Music\u003c/p\u003e\n\n\u003ch3\u003eFrom the Desk of Michael Lucas…\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003eNew Release: Only Footnotes\nI’ve lost count of the number of people who have told me that they purchase my books only for the footnotes. That’s okay. I don’t care why people buy my books, only that they do buy them. Nevertheless, I am a businessman living under capitalism and feel compelled to respond to my market.\nAllow me to present my latest release: Only Footnotes, a handsome hardcover-only compilation of decades of footnotes. From the back cover:\n-----\nOnly Footnotes. Because that’s why you read his books.\nAcademics hate footnotes. Michael W Lucas loves them. What he does with them wouldn’t pass academic muster, but that doesn’t mean the reader should skip them. The footnotes are the best part! Why not read only the footnotes, and skip all that other junk?\nAfter literal minutes of effort, Only Footnotes collects every single footnote from all of Lucas’ books to date.* Recycle those cumbersome treatises stuffed with irrelevant facts! No more flipping through pages and pages of actual technical knowledge looking for the offhand movie reference or half-formed joke. This slender, elegant volume contains everything the man ever passed off as his dubious, malformed “wisdom.”\nSmart books have footnotes. Smarter books are only footnotes.\n*plus additional annotations from the author. Because sometimes even a footnote needs a footnote.\n----\nWith interior illustrations by OpenBSD’s akoshibe, this distinguished tome would make fine inspirational reading for a system administrator, network engineer, or anyone sentenced to a life in information technology. Available at all fine bookstores, and many mediocre ones!\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\u003cp\u003eSpecial Guest: Tom Jones.\u003c/p\u003e","summary":"Description: FreeBSD Network Troubleshooting, The State of FreeBSD, dhcpleased, bhyve for Calamares Development, EFS automount and ebsnvme-id, Old Usenix pictures, and more.","date_published":"2021-04-01T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/db1ced31-e2bc-41f2-baca-041c750229f4.mp3","mime_type":"audio/mpeg","size_in_bytes":30506976,"duration_in_seconds":3207}]},{"id":"9e4b924f-7f9c-49b4-81b7-b28ade7904b3","title":"395: Tracing ARM’s history","url":"https://www.bsdnow.tv/395","content_text":"Tracing the History of ARM and FreeBSD, Make ‘less’ more friendly, NomadBSD 1.4 Release, Create an Ubuntu Linux jail on FreeBSD 12.2, OPNsense 21.1.2 released, Midnight BSD and BastilleBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nTracing the History of ARM and FreeBSD\n\n\nWhen we think of computers, we generally think of laptops and desktops. Each one of these systems is powered by an Intel or AMD chip based on the x86 architecture. It might feel like you spend all day interacting with these kinds of systems, but you would be wrong.\n\n\n\nUnix Tip: Make ‘less’ more friendly\n\nYou probably know about less: it is a standard tool that allows scrolling up and down in documents that do not fit on a single screen. Less has a very handy feature, which can be turned on by invoking it with the -i flag. This causes less to ignore case when searching. For example, ‘udf’ will find ‘udf’, ‘UDF’, ‘UdF’, and any other combination of upper-case and lower-case. If you’re used to searching in a web browser, this is probably what you want. But less is even more clever than that. If your search pattern contains upper-case letters, the ignore-case feature will be disabled. So if you’re looking for ‘QXml’, you will not be bothered by matches for the lower-case ‘qxml’. (This is equivalent to ignorecase + smartcase in vim.)\n\n\n\n\nNews Roundup\n\nNomadBSD 1.4 Release\n\n\nVersion 1.4 of NomadBSD, a persistent live system for USB flash drives based on FreeBSD and featuring a graphical user interface built around Openbox, has been released: “We are pleased to present the release of NomadBSD 1.4.\n\n\n\nCreate an Ubuntu Linux jail on FreeBSD 12.2\n\n\n\nOPNsense 21.1.2 released\n\nWork has so far been focused on the firmware update process to ensure its safety around edge cases and recovery methods for the worst case. To that end 21.1.3 will likely receive the full revamp including API and GUI changes for a swift transition after thorough testing of the changes now available in the development package of this release.\n\n\n\nMidnight BSD and BastilleBSD\n\nWe recently added a new port, mports/sysutils/bastille that allows you to manage containers. This is a port of a project that originally targetted FreeBSD, but also works on HardenedBSD. \n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nBrad - monitoring with Grafana\nDennis - a few questions\nPaul - FreeBSD 13\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eTracing the History of ARM and FreeBSD, Make ‘less’ more friendly, NomadBSD 1.4 Release, Create an Ubuntu Linux jail on FreeBSD 12.2, OPNsense 21.1.2 released, Midnight BSD and BastilleBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/tracing-the-history-of-arm-and-freebsd/\" rel=\"nofollow\"\u003eTracing the History of ARM and FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen we think of computers, we generally think of laptops and desktops. Each one of these systems is powered by an Intel or AMD chip based on the x86 architecture. It might feel like you spend all day interacting with these kinds of systems, but you would be wrong.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ascending.wordpress.com/2011/02/11/unix-tip-make-less-more-friendly/\" rel=\"nofollow\"\u003eUnix Tip: Make ‘less’ more friendly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eYou probably know about less: it is a standard tool that allows scrolling up and down in documents that do not fit on a single screen. Less has a very handy feature, which can be turned on by invoking it with the -i flag. This causes less to ignore case when searching. For example, ‘udf’ will find ‘udf’, ‘UDF’, ‘UdF’, and any other combination of upper-case and lower-case. If you’re used to searching in a web browser, this is probably what you want. But less is even more clever than that. If your search pattern contains upper-case letters, the ignore-case feature will be disabled. So if you’re looking for ‘QXml’, you will not be bothered by matches for the lower-case ‘qxml’. (This is equivalent to ignorecase + smartcase in vim.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.itsfoss.net/nomadbsd-1-4-release/\" rel=\"nofollow\"\u003eNomadBSD 1.4 Release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eVersion 1.4 of NomadBSD, a persistent live system for USB flash drives based on FreeBSD and featuring a graphical user interface built around Openbox, has been released: “We are pleased to present the release of NomadBSD 1.4.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hackacad.net/post/2021-01-23-create-a-ubuntu-linux-jail-on-freebsd/\" rel=\"nofollow\"\u003eCreate an Ubuntu Linux jail on FreeBSD 12.2\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-21-1-2-released/\" rel=\"nofollow\"\u003eOPNsense 21.1.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWork has so far been focused on the firmware update process to ensure its safety around edge cases and recovery methods for the worst case. To that end 21.1.3 will likely receive the full revamp including API and GUI changes for a swift transition after thorough testing of the changes now available in the development package of this release.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.justjournal.com/users/mbsd/entry/33869\" rel=\"nofollow\"\u003eMidnight BSD and BastilleBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWe recently added a new port, mports/sysutils/bastille that allows you to manage containers. This is a port of a project that originally targetted FreeBSD, but also works on HardenedBSD. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/395/feedback/Brad%20-%20monitoring%20with%20Grafana\" rel=\"nofollow\"\u003eBrad - monitoring with Grafana\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/395/feedback/Dennis%20-%20a%20few%20questions\" rel=\"nofollow\"\u003eDennis - a few questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/395/feedback/Paul%20-%20FreeBSD%2013\" rel=\"nofollow\"\u003ePaul - FreeBSD 13\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Tracing the History of ARM and FreeBSD, Make ‘less’ more friendly, NomadBSD 1.4 Release, Create an Ubuntu Linux jail on FreeBSD 12.2, OPNsense 21.1.2 released, Midnight BSD and BastilleBSD, and more.","date_published":"2021-03-25T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9e4b924f-7f9c-49b4-81b7-b28ade7904b3.mp3","mime_type":"audio/mpeg","size_in_bytes":23944248,"duration_in_seconds":2279}]},{"id":"65a9a52b-9058-4d08-8c38-8a1bffad6c86","title":"394: FreeBSD on Mars","url":"https://www.bsdnow.tv/394","content_text":"Onboard Scheduler for the Mars 2020 Rover, Practical Guide to Storage of Large Amounts of Microscopy Data, OpenBSD guest with bhyve - OmniOS, NextCloud on OpenBSD, MySQL Transactions - the physical side, TrueNAS 12.0-U2.1 is released, HardenedBSD 2021 State of the Hardened Union, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nPrototyping an Onboard Scheduler for the Mars 2020 Rover\n\n\nThe mars rover runs VxWorks, which is based on BSD, and uses the FreeBSD networking stack. While there has been a lot of type about the little helicopter that was inside the rover running Linux, the rover itself runs BSD.\n***\n### Practical Guide to Storage of Large Amounts of Microscopy Data\n\u0026gt; Biological imaging tools continue to increase in speed, scale, and resolution, often resulting in the collection of gigabytes or even terabytes of data in a single experiment. In comparison, the ability of research laboratories to store and manage this data is lagging greatly. This leads to limits on the collection of valuable data and slows data analysis and research progress. Here we review common ways researchers store data and outline the drawbacks and benefits of each method. We also offer a blueprint and budget estimation for a currently deployed data server used to store large datasets from zebrafish brain activity experiments using light-sheet microscopy. Data storage strategy should be carefully considered and different options compared when designing imaging experiments.\n***\n## News Roundup\n### OpenBSD guest with bhyve - OmniOS\n\u0026gt; Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.\n\u0026gt; This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.\n***\n### NextCloud on OpenBSD\n\u0026gt; NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.\n\n\n\n\nMySQL Transactions - the physical side\n\n\nSo you talk to a database, doing transactions. What happens actually, behind the scenes? Let’s have a look.\n\n\n\nTrueNAS 12.0-U2.1 is released\n\n\n\nHardenedBSD 2021 State of the Hardened Union - NYCBUG - 2021-04-07\n\n\n\n\nBeastie Bits\n\n\nFreeBSD Journal: Case Studies\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nAl - BusyNAS\nJeff - ZFS and NFS on FreeBSD\nMichael - remote unlock for encrypted systems\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOnboard Scheduler for the Mars 2020 Rover, Practical Guide to Storage of Large Amounts of Microscopy Data, OpenBSD guest with bhyve - OmniOS, NextCloud on OpenBSD, MySQL Transactions - the physical side, TrueNAS 12.0-U2.1 is released, HardenedBSD 2021 State of the Hardened Union, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ai.jpl.nasa.gov/public/documents/papers/rabideau_iwpss2017_prototyping.pdf\" rel=\"nofollow\"\u003ePrototyping an Onboard Scheduler for the Mars 2020 Rover\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe mars rover runs VxWorks, which is based on BSD, and uses the FreeBSD networking stack. While there has been a lot of type about the little helicopter that was inside the rover running Linux, the rover itself runs BSD.\n***\n### \u003ca href=\"https://www.cambridge.org/core/journals/microscopy-today/article/practical-guide-to-storage-of-large-amounts-of-microscopy-data/D3CE39447BFF5BBF9B3ED8A0C35C6F36\" rel=\"nofollow\"\u003ePractical Guide to Storage of Large Amounts of Microscopy Data\u003c/a\u003e\n\u0026gt; Biological imaging tools continue to increase in speed, scale, and resolution, often resulting in the collection of gigabytes or even terabytes of data in a single experiment. In comparison, the ability of research laboratories to store and manage this data is lagging greatly. This leads to limits on the collection of valuable data and slows data analysis and research progress. Here we review common ways researchers store data and outline the drawbacks and benefits of each method. We also offer a blueprint and budget estimation for a currently deployed data server used to store large datasets from zebrafish brain activity experiments using light-sheet microscopy. Data storage strategy should be carefully considered and different options compared when designing imaging experiments.\n***\n## News Roundup\n### \u003ca href=\"https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html\" rel=\"nofollow\"\u003eOpenBSD guest with bhyve - OmniOS\u003c/a\u003e\n\u0026gt; Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.\n\u0026gt; This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.\n***\n### \u003ca href=\"https://h3artbl33d.nl/blog/nextcloud-on-openbsd\" rel=\"nofollow\"\u003eNextCloud on OpenBSD\u003c/a\u003e\n\u0026gt; NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.koehntopp.info/2020/07/27/mysql-transactions.html\" rel=\"nofollow\"\u003eMySQL Transactions - the physical side\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo you talk to a database, doing transactions. What happens actually, behind the scenes? Let’s have a look.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.truenas.com/docs/hub/intro/release-notes/12.0u2.1/\" rel=\"nofollow\"\u003eTrueNAS 12.0-U2.1 is released\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.nycbug.org/index?action=view\u0026id=10682\" rel=\"nofollow\"\u003eHardenedBSD 2021 State of the Hardened Union - NYCBUG - 2021-04-07\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://freebsdfoundation.org/our-work/journal/\" rel=\"nofollow\"\u003eFreeBSD Journal: Case Studies\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Al%20-%20BusyNAS\" rel=\"nofollow\"\u003eAl - BusyNAS\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Jeff%20-%20ZFS%20and%20NFS%20on%20FreeBSD\" rel=\"nofollow\"\u003eJeff - ZFS and NFS on FreeBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Michael%20-%20remote%20unlock%20for%20encrypted%20systems\" rel=\"nofollow\"\u003eMichael - remote unlock for encrypted systems\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Onboard Scheduler for the Mars 2020 Rover, Practical Guide to Storage of Large Amounts of Microscopy Data, OpenBSD guest with bhyve - OmniOS, NextCloud on OpenBSD, MySQL Transactions - the physical side, TrueNAS 12.0-U2.1 is released, HardenedBSD 2021 State of the Hardened Union, and more","date_published":"2021-03-18T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/65a9a52b-9058-4d08-8c38-8a1bffad6c86.mp3","mime_type":"audio/mpeg","size_in_bytes":45911352,"duration_in_seconds":2611}]},{"id":"edab60b8-425f-45a4-9547-73ca2ca7e341","title":"393: ZFS dRAID","url":"https://www.bsdnow.tv/393","content_text":"Lessons learned from a 27 years old UNIX book, Finally dRAID, Setting up a Signal Proxy using FreeBSD, Annotate your PDF files on OpenBSD, Things You Should Do Now, Just: More unixy than Make, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nLessons learned from a 27 years old UNIX book\n\n\nOne of the Amazon reviewers of \"Sun Performance and Tuning: Java and the Internet\" gave it 3/5 stars. While still a nice introduction, the book by Adrian Cockcroft has become dated — claimed Roland in 2003, which believe it or not was 18 years ago...\n\n\n\ndRAID, Finally!\n\nAdmins will often use wide RAID stripes to maximize usable storage given a number of spindles. RAID-Z deployments with large stripe widths, ten or larger, are subject to poor resilver performance for a number of reasons. Resilvering a full vdev means reading from every healthy disk and continuously writing to the new spare. This will saturate the replacement disk with writes while scattering seeks over the rest of the vdev. For 14 wide RAID-Z2 vdevs using 12TB spindles, rebuilds can take weeks. Resilver I/O activity is deprioritized when the system has not been idle for a minimum period. Full zpools get fragmented and require additional I/O’s to recalculate data during reslivering. A pool can degenerate into a never ending cycle of rebuilds or loss of the pool Aka: the Death Spiral.\n\n\n\nNews Roundup\n\nSetting up a Signal Proxy using FreeBSD\n\nWith the events that the private messaging app Signal has been blocked in Iran, Signal has come up with an “proxy” solution akin to Tor’s Bridges, and have given instructions on how to do it.\nFor people who prefer FreeBSD over Linux like myself, we obviously can’t run Docker, which is what Signal’s instructions focus on.\nFortunately, the Docker image is just a fancy wrapper around nginx, and the configs can be ported to any OS. Here, I’ll show you how to set up a Signal Proxy on FreeBSD.\n\n\n\n\nAnnotate your PDF files on OpenBSD\n\n\nOn my journey to leave macOS, I regularly look to mimic some of the features I use. Namely, annotating (or signing) PDF files is a really simple task using Preview. I couldn’t do it on OpenBSD using Zathura, Xpdf etc. But there is a software in the ports that can achieve this: Xournal.\nXournal is “an application for notetaking, sketching, keeping a journal using a stylus“. And now that my touchscreen is calibrated, highlighting can even be done with the fingers :)\n\n\n\n\nThings You Should Do Now\n\n\nDescribes things you should do now when building software, because the cost to do them increases over time and eventually becomes prohibitive or impossible.\n\n\n\nJust: A command runner. More unixy than Make because it does even less.\n\nI think it's in the do-one-thing-well spirit of Unix, because it's just a command runner, no build system at all. Just has a bunch of nice features:\n\n\n\nCan be invoked from any subdirectory\nArguments can be passed from the command line\nStatic error checking that catches syntax errors and typos\nExcellent error messages with source context\nThe ability to list recipes from the command line\nRecipes can be written in any language\nWorks on Linux, macOS, and Windows\nAnd much more!\n\n\n\nJust doesn't replace Make, or any other build system, but it does replace reverse-searching your command history, telling colleagues the weird flags they need to pass to do the thing, and forgetting how to run old projects.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nMarc - Confused about Snapshots\nDan’s gist: https://gist.github.com/dlangille/3140e60a816226ed75365ba8af185085\nPete - A Question\nRick - ZFS Idea\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Dan Langille.","content_html":"\u003cp\u003eLessons learned from a 27 years old UNIX book, Finally dRAID, Setting up a Signal Proxy using FreeBSD, Annotate your PDF files on OpenBSD, Things You Should Do Now, Just: More unixy than Make, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.linux.it/%7Eema/posts/porsche-book/\" rel=\"nofollow\"\u003eLessons learned from a 27 years old UNIX book\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the Amazon reviewers of \u0026quot;Sun Performance and Tuning: Java and the Internet\u0026quot; gave it 3/5 stars. While still a nice introduction, the book by Adrian Cockcroft has become dated — claimed Roland in 2003, which believe it or not was 18 years ago...\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-draid-finally/\" rel=\"nofollow\"\u003edRAID, Finally!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eAdmins will often use wide RAID stripes to maximize usable storage given a number of spindles. RAID-Z deployments with large stripe widths, ten or larger, are subject to poor resilver performance for a number of reasons. Resilvering a full vdev means reading from every healthy disk and continuously writing to the new spare. This will saturate the replacement disk with writes while scattering seeks over the rest of the vdev. For 14 wide RAID-Z2 vdevs using 12TB spindles, rebuilds can take weeks. Resilver I/O activity is deprioritized when the system has not been idle for a minimum period. Full zpools get fragmented and require additional I/O’s to recalculate data during reslivering. A pool can degenerate into a never ending cycle of rebuilds or loss of the pool Aka: the Death Spiral.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.neelc.org/posts/freebsd-signal-proxy/\" rel=\"nofollow\"\u003eSetting up a Signal Proxy using FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWith the events that the private messaging app Signal has been blocked in Iran, Signal has come up with an “proxy” solution akin to Tor’s Bridges, and have given instructions on how to do it.\u003cbr\u003e\nFor people who prefer FreeBSD over Linux like myself, we obviously can’t run Docker, which is what Signal’s instructions focus on.\u003cbr\u003e\nFortunately, the Docker image is just a fancy wrapper around nginx, and the configs can be ported to any OS. Here, I’ll show you how to set up a Signal Proxy on FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20210126/annotate-your-pdf-files-on-openbsd\" rel=\"nofollow\"\u003eAnnotate your PDF files on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn my journey to leave macOS, I regularly look to mimic some of the features I use. Namely, annotating (or signing) PDF files is a really simple task using Preview. I couldn’t do it on OpenBSD using Zathura, Xpdf etc. But there is a software in the ports that can achieve this: Xournal.\u003cbr\u003e\nXournal is “an application for notetaking, sketching, keeping a journal using a stylus“. And now that my touchscreen is calibrated, highlighting can even be done with the fingers :)\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://secure.phabricator.com/book/phabflavor/article/things_you_should_do_now/\" rel=\"nofollow\"\u003eThings You Should Do Now\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDescribes things you should do now when building software, because the cost to do them increases over time and eventually becomes prohibitive or impossible.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/casey/just/\" rel=\"nofollow\"\u003eJust: A command runner. More unixy than Make because it does even less.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eI think it\u0026#39;s in the do-one-thing-well spirit of Unix, because it\u0026#39;s just a command runner, no build system at all. Just has a bunch of nice features:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCan be invoked from any subdirectory\u003c/li\u003e\n\u003cli\u003eArguments can be passed from the command line\u003c/li\u003e\n\u003cli\u003eStatic error checking that catches syntax errors and typos\u003c/li\u003e\n\u003cli\u003eExcellent error messages with source context\u003c/li\u003e\n\u003cli\u003eThe ability to list recipes from the command line\u003c/li\u003e\n\u003cli\u003eRecipes can be written in any language\u003c/li\u003e\n\u003cli\u003eWorks on Linux, macOS, and Windows\u003c/li\u003e\n\u003cli\u003eAnd much more!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJust doesn\u0026#39;t replace Make, or any other build system, but it does replace reverse-searching your command history, telling colleagues the weird flags they need to pass to do the thing, and forgetting how to run old projects.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/393/feedback/Marc%20-%20Confused%20about%20Snapshots\" rel=\"nofollow\"\u003eMarc - Confused about Snapshots\u003c/a\u003e\nDan’s gist: \u003ca href=\"https://gist.github.com/dlangille/3140e60a816226ed75365ba8af185085\" rel=\"nofollow\"\u003ehttps://gist.github.com/dlangille/3140e60a816226ed75365ba8af185085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/393/feedback/Pete%20-%20A%20Question\" rel=\"nofollow\"\u003ePete - A Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/393/feedback/Rick%20-%20ZFS%20Idea\" rel=\"nofollow\"\u003eRick - ZFS Idea\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Dan Langille.\u003c/p\u003e","summary":"Lessons learned from a 27 years old UNIX book, Finally dRAID, Setting up a Signal Proxy using FreeBSD, Annotate your PDF files on OpenBSD, Things You Should Do Now, Just: More unixy than Make, and more","date_published":"2021-03-11T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/edab60b8-425f-45a4-9547-73ca2ca7e341.mp3","mime_type":"audio/mpeg","size_in_bytes":50412600,"duration_in_seconds":3040}]},{"id":"614ca258-a6e1-4c49-ac79-9e37f3e6057c","title":"392: macOS inspired Desktop","url":"https://www.bsdnow.tv/392","content_text":"FreeBSD 13 BETA Benchmarks, FreeBSD Jails Deep Dive by Klara Systems, FreeBSD Foundation looking for a Senior Arm Kernel Engineer \u0026amp; OSS Project Coordinator, macOS-Inspired BSD Desktop OS by helloSystem, A Trip into FreeBSD and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD 13 BETA Benchmarks - Performance Is Much Better\n\n\n\nFreeBSD Jails – Deep Dive into the Beginning of FreeBSD Containers\n\n\nIn recent years, containers and virtualization have become a buzzword in the Linux community, especially with the rise of Docker and Kubernetes. What many people probably don’t realize is that these ideas have been around for a very long time. Today, we will be looking at Jails and how they became part of FreeBSD.\n\n\n\n\n\n\nNews Roundup\n\nFreeBSD Jobs\n\n\nThe FreeBSD Foundation is looking for a Senior Arm Kernel Engineer\nThe FreeBSD Foundation is also looking for an Open Source Project Coordinator.\n***\n### helloSystem Releases New ISOs For This macOS-Inspired BSD Desktop OS\n\u0026gt; The helloSystem motto is being a \"desktop system for creators with focus on simplicity, elegance, and usability. Based on FreeBSD. Less, but better!\" The desktop utilities are written with PyQt5.\n***\n### A Trip into FreeBSD\n\u0026gt; I normally deal with Linux machines. Linux is what I know and it's what I've been using since I was in college. A friend of mine has been coaxing me into trying out FreeBSD, and I decided to try it out and see what it's like. Here's some details about my experience and what I've learned.\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nBeastie Bits\n\n\nTesting Linux Steam Proton on GhostBSD with BSD linuxulator - NO Audio\nNew Build of DragonFlyBSD 5.8\nInstall OpenBSD 6.8 on PINE64 ROCK64 Media Board\nFOSDEM BSD Track Videos are up\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Dan Langille.","content_html":"\u003cp\u003eFreeBSD 13 BETA Benchmarks, FreeBSD Jails Deep Dive by Klara Systems, FreeBSD Foundation looking for a Senior Arm Kernel Engineer \u0026amp; OSS Project Coordinator, macOS-Inspired BSD Desktop OS by helloSystem, A Trip into FreeBSD and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026item=freebsd-13-beta1\u0026num=6\" rel=\"nofollow\"\u003eFreeBSD 13 BETA Benchmarks - Performance Is Much Better\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/freebsd-jails-the-beginning-of-freebsd-containers/\" rel=\"nofollow\"\u003eFreeBSD Jails – Deep Dive into the Beginning of FreeBSD Containers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn recent years, containers and virtualization have become a buzzword in the Linux community, especially with the rise of Docker and Kubernetes. What many people probably don’t realize is that these ideas have been around for a very long time. Today, we will be looking at Jails and how they became part of FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003eFreeBSD Jobs\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.fossjobs.net/job/10369/senior-arm-kernel-engineer-at-the-freebsd-foundation/\" rel=\"nofollow\"\u003eThe FreeBSD Foundation is looking for a Senior Arm Kernel Engineer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.fossjobs.net/job/10367/freebsd-open-source-project-coordinator-at-freebsd/\" rel=\"nofollow\"\u003eThe FreeBSD Foundation is also looking for an Open Source Project Coordinator.\u003c/a\u003e\n***\n### \u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=helloSystem-New-12.1-Exp-ISOs\" rel=\"nofollow\"\u003ehelloSystem Releases New ISOs For This macOS-Inspired BSD Desktop OS\u003c/a\u003e\n\u0026gt; The helloSystem motto is being a \u0026quot;desktop system for creators with focus on simplicity, elegance, and usability. Based on FreeBSD. Less, but better!\u0026quot; The desktop utilities are written with PyQt5.\n***\n### \u003ca href=\"https://christine.website/blog/a-trip-into-freebsd-2021-02-13\" rel=\"nofollow\"\u003eA Trip into FreeBSD\u003c/a\u003e\n\u0026gt; I normally deal with Linux machines. Linux is what I know and it\u0026#39;s what I\u0026#39;ve been using since I was in college. A friend of mine has been coaxing me into trying out FreeBSD, and I decided to try it out and see what it\u0026#39;s like. Here\u0026#39;s some details about my experience and what I\u0026#39;ve learned.\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=H8ihW0m3bRQ\" rel=\"nofollow\"\u003eTesting Linux Steam Proton on GhostBSD with BSD linuxulator - NO Audio\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2021-February/381550.html\" rel=\"nofollow\"\u003eNew Build of DragonFlyBSD 5.8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krjdev/rock64_openbsd\" rel=\"nofollow\"\u003eInstall OpenBSD 6.8 on PINE64 ROCK64 Media Board\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://fosdem.org/2021/schedule/track/bsd/\" rel=\"nofollow\"\u003eFOSDEM BSD Track Videos are up\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Dan Langille.\u003c/p\u003e","summary":"FreeBSD 13 BETA Benchmarks, FreeBSD Jails Deep Dive by Klara Systems, FreeBSD Foundation looking for a Senior Arm Kernel Engineer \u0026 OSS Project Coordinator, macOS-Inspired BSD Desktop OS by helloSystem, A Trip into FreeBSD and more.","date_published":"2021-03-04T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/614ca258-a6e1-4c49-ac79-9e37f3e6057c.mp3","mime_type":"audio/mpeg","size_in_bytes":46770312,"duration_in_seconds":2846}]},{"id":"3105d37c-fc28-49e0-983d-1ac767b72f76","title":"391:  i386 tear shedding","url":"https://www.bsdnow.tv/391","content_text":"Follow-up about FreeBSD jail advantages, Install Prometheus, Node Exporter and Grafana, Calibrate your touch-screen on OpenBSD, OPNsense 21.1 Marvelous Meerkat Released, NomadBSD 1.4-RC1, Lets all shed a Tear for 386, find mostly doesn't need xargs today on modern Unixes, OpenBSD KDE Status Report, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFollow-up about FreeBSD jail advantages\n\n\nI’ll admit I ran a lot of justifications together into a single paragraph because I wanted to get to configuring the jails themselves. They’re also, by and large, not specific to FreeBSD’s flavour of containerisation, though I still think it’s easily the most elegant implementation. Sometimes the simplest solution really is the best one.\n\n\n\nHistory of FreeBSD part 4: TCP/IP\n\n\nHow TCP/IP evolved and BSDs special contribution to the history of the Internet\n***\n\n\n\nFreeBSD: Install Prometheus, Node Exporter and Grafana\n\n\nFreeBSD comes out of the box with three great tools for monitoring. If you need more info about how these tools work, please read the official documentation. I’ll explain the installation only and creating a simple dashboard.\n\n\n\n\nNews Roundup\n\nCalibrate your touch-screen on OpenBSD\n\n\nI didn’t expected it but my refurbished T460s came with a touch-screen. It is recognized by default on OpenBSD and not well calibrated as-is. But that’s really simple to solve.\n\n\n\nLets all shed a Tear for 386\n\nFreeBSD is designating i386 as a Tier 2 architecture starting with FreeBSD 13.0.  The Project will continue to provide release images, binary updates, and pre-built packages for the 13.x branch.  However, i386-specific issues (including SAs) may not be addressed in 13.x. The i386 platform will remain Tier 1 on FreeBSD 11.x and 12.x.\n\n\n\n\nOPNsense 21.1 Marvelous Meerkat Released\n\n\nFor more than 6 years, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\n\n\n\nNomadBSD 1.4-RC1\n\nWe are pleased to present the first release candidate of NomadBSD 1.4.\n\n\n\n\nfind mostly doesn't need xargs today on modern Unixes\n\n\nI've been using Unix for long enough that 'find | xargs' is a reflex. When I started and for a long time afterward, xargs was your only choice for efficiently executing a command over a bunch of find results.\n\n\n\nOpenBSD KDE Status Report\n\nOpenBSD has managed to drop KDE3 and KDE4 in the 6.8 -\u0026gt; 6.9 release cycle. That makes me very happy because it was a big piece of work and long discussions. This of course brings questions: Kde Plasma 5 package missing.\nAfter half a year of work, I managed to successfully update the Qt5 stack to the last LTS version 5.15.2. On the whole, the most work was updating QtWebengine. What a monster! With my CPU power at home, I can build it 1-2 times a day which makes testing a little bit annoying and time intensive.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nKarl - Firefox webcam audio solution\nMichal - openzfs\nDave - bufferbloat\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFollow-up about FreeBSD jail advantages, Install Prometheus, Node Exporter and Grafana, Calibrate your touch-screen on OpenBSD, OPNsense 21.1 Marvelous Meerkat Released, NomadBSD 1.4-RC1, Lets all shed a Tear for 386, find mostly doesn\u0026#39;t need xargs today on modern Unixes, OpenBSD KDE Status Report, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/follow-up-about-freebsd-jail-advantages/\" rel=\"nofollow\"\u003eFollow-up about FreeBSD jail advantages\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ll admit I ran a lot of justifications together into a single paragraph because I wanted to get to configuring the jails themselves. They’re also, by and large, not specific to FreeBSD’s flavour of containerisation, though I still think it’s easily the most elegant implementation. Sometimes the simplest solution really is the best one.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/history-of-freebsd-part-4-bsd-and-tcp-ip/\" rel=\"nofollow\"\u003eHistory of FreeBSD part 4: TCP/IP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow TCP/IP evolved and BSDs special contribution to the history of the Internet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.andreev.it/?p=5289\" rel=\"nofollow\"\u003eFreeBSD: Install Prometheus, Node Exporter and Grafana\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD comes out of the box with three great tools for monitoring. If you need more info about how these tools work, please read the official documentation. I’ll explain the installation only and creating a simple dashboard.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20210122/calibrate-your-touch-screen-on-openbsd/\" rel=\"nofollow\"\u003eCalibrate your touch-screen on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI didn’t expected it but my refurbished T460s came with a touch-screen. It is recognized by default on OpenBSD and not well calibrated as-is. But that’s really simple to solve.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2021-January/002006.html\" rel=\"nofollow\"\u003eLets all shed a Tear for 386\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eFreeBSD is designating i386 as a Tier 2 architecture starting with FreeBSD 13.0.  The Project will continue to provide release images, binary updates, and pre-built packages for the 13.x branch.  However, i386-specific issues (including SAs) may not be addressed in 13.x. The i386 platform will remain Tier 1 on FreeBSD 11.x and 12.x.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-21-1-marvelous-meerkat-released/\" rel=\"nofollow\"\u003eOPNsense 21.1 Marvelous Meerkat Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor more than 6 years, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nomadbsd.org/index.html#1.4-RC1\" rel=\"nofollow\"\u003eNomadBSD 1.4-RC1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWe are pleased to present the first release candidate of NomadBSD 1.4.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/FindWithoutXargsToday\" rel=\"nofollow\"\u003efind mostly doesn\u0026#39;t need xargs today on modern Unixes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve been using Unix for long enough that \u0026#39;find | xargs\u0026#39; is a reflex. When I started and for a long time afterward, xargs was your only choice for efficiently executing a command over a bunch of find results.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210124113220\" rel=\"nofollow\"\u003eOpenBSD KDE Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eOpenBSD has managed to drop KDE3 and KDE4 in the 6.8 -\u0026gt; 6.9 release cycle. That makes me very happy because it was a big piece of work and long discussions. This of course brings questions: Kde Plasma 5 package missing.\u003cbr\u003e\nAfter half a year of work, I managed to successfully update the Qt5 stack to the last LTS version 5.15.2. On the whole, the most work was updating QtWebengine. What a monster! With my CPU power at home, I can build it 1-2 times a day which makes testing a little bit annoying and time intensive.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/391/feedback/Karl%20-%20Firefox%20webcam%20audio%20solution.md\" rel=\"nofollow\"\u003eKarl - Firefox webcam audio solution\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/391/feedback/Michal%20-%20openzfs.md\" rel=\"nofollow\"\u003eMichal - openzfs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/391/feedback/Dave%20-%20bufferbloat.md\" rel=\"nofollow\"\u003eDave - bufferbloat\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Follow-up about FreeBSD jail advantages, Install Prometheus, Node Exporter and Grafana, Calibrate your touch-screen on OpenBSD, OPNsense 21.1 Marvelous Meerkat Released, NomadBSD 1.4-RC1, Lets all shed a Tear for 386, find mostly doesn't need xargs today on modern Unixes, OpenBSD KDE Status Report, and more.","date_published":"2021-02-25T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3105d37c-fc28-49e0-983d-1ac767b72f76.mp3","mime_type":"audio/mpeg","size_in_bytes":39165456,"duration_in_seconds":2335}]},{"id":"a77e0ca4-6c57-4cd9-ad09-1fbf8292e5d8","title":"390: Commercial Unix Killer","url":"https://www.bsdnow.tv/390","content_text":"Did Linux kill Commercial Unix, three node GlusterFS setup on FreeBSD, OpenBSD on the Lenovo ThinkPad X1 Nano (1st Gen), NetBSD on EdgeRouter Lite, TLS Mastery first draft done\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nDid Linux Kill Commercial Unix?\n\n\nSales of commercial Unix have fallen off a cliff. There has to be something behind this dramatic decline. Has Linux killed its ancestor by becoming a perfectly viable replacement, like an operating system version of Invasion of the Body Snatchers?\n\n\n\nWireguard: Simple and Secure VPN in FreeBSD\n\n\nA great article by Tom Jones about setting up Wireguard on FreeBSD\n***\n\n\n\nSetup a Three Node Replicated GlusterFS Cluster on FreeBSD\n\n\nGlusterFS (GFS) is the open source equivalent to Microsoft's Distributed Filesystem (DFS). It's a service that replicates the contents of a filesystem in real time from one server to another. Clients connect to any server and changes made to a file will replicate automatically. It's similar to something like rsync or syncthing, but much more automatic and transparent. A FreeBSD port has been available since v3.4, and (as of this post) is currently at version 8.0 with 9.0 being released soon.\n\n\n\nNews Roundup\n\nOpenBSD on the Lenovo ThinkPad X1 Nano (1st Gen)\n\nLenovo has finally made a smaller version of its X1 Carbon, something I’ve been looking forward to for years.\n\n\n\nNetBSD on the EdgeRouter Lite\n\nNetBSD-current now has pre-built octeon bootable images (which will appear in NetBSD 10.0) for the evbmips port, so I decided to finally give it a try. I've been happily running OpenBSD/octeon on my EdgeRouter Lite for a few years now, and have previously published some notes including more detail about the CPU.\n\n\n\n“TLS Mastery” first draft done!\n\n\n\n\nBeastie Bits\n\n\nA Thread on a FreeBSD Desktop for PineBook Pro\nFOSSASIA Conference - March 2021(Virtual)\nWireGuard for pfSense Software\nNetBSD logo to going Moon\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n### Producer's Note\n\u0026gt; Hey everybody, it’s JT here.  After our AMA episode where I mentioned I was looking for older BSD Retail Copies, I was contacted by Andrew who hooked me up with a bunch of OpenBSD disks from the 4.x era.  So shout out to him, and since that worked so well, I figured I'd give it another shot and ask that if anyone has any old Unixes that will run on an 8088, 8086, or 286 and you're willing to send me copies of the disks. I've recently dug out an old 286 system and I’d love to get a Unix OS on it.  I know of Minix, Xenix and Microport, but I haven’t been able to find many versions of them.  I've found Microport 1.3.3, and SCO Xenix... but that's about it.  Let me know if you happen to have any other versions, or know where I can get them.\n\n\nFeedback/Questions\n\n\nChristian - ZFS replication and verification\nIain - progress\nPaul - APU2 device\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eDid Linux kill Commercial Unix, three node GlusterFS setup on FreeBSD, OpenBSD on the Lenovo ThinkPad X1 Nano (1st Gen), NetBSD on EdgeRouter Lite, TLS Mastery first draft done\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.howtogeek.com/440147/did-linux-kill-commercial-unix/\" rel=\"nofollow\"\u003eDid Linux Kill Commercial Unix?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSales of commercial Unix have fallen off a cliff. There has to be something behind this dramatic decline. Has Linux killed its ancestor by becoming a perfectly viable replacement, like an operating system version of Invasion of the Body Snatchers?\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/simple-and-secure-vpn-in-freebsd/\" rel=\"nofollow\"\u003eWireguard: Simple and Secure VPN in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA great article by Tom Jones about setting up Wireguard on FreeBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.unibia.com/unibianet/freebsd/setup-three-node-replicated-glusterfs-cluster-freebsd\" rel=\"nofollow\"\u003eSetup a Three Node Replicated GlusterFS Cluster on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGlusterFS (GFS) is the open source equivalent to Microsoft\u0026#39;s Distributed Filesystem (DFS). It\u0026#39;s a service that replicates the contents of a filesystem in real time from one server to another. Clients connect to any server and changes made to a file will replicate automatically. It\u0026#39;s similar to something like rsync or syncthing, but much more automatic and transparent. A FreeBSD port has been available since v3.4, and (as of this post) is currently at version 8.0 with 9.0 being released soon.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2021/01/27/x1nano\" rel=\"nofollow\"\u003eOpenBSD on the Lenovo ThinkPad X1 Nano (1st Gen)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eLenovo has finally made a smaller version of its X1 Carbon, something I’ve been looking forward to for years.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/netbsd-on-the-edgerouter-lite/\" rel=\"nofollow\"\u003eNetBSD on the EdgeRouter Lite\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eNetBSD-current now has pre-built octeon bootable images (which will appear in NetBSD 10.0) for the evbmips port, so I decided to finally give it a try. I\u0026#39;ve been happily running OpenBSD/octeon on my EdgeRouter Lite for a few years now, and have previously published some notes including more detail about the CPU.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/9938\" rel=\"nofollow\"\u003e“TLS Mastery” first draft done!\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://forums.freebsd.org/threads/freebsd-desktop-for-pinebook-pro.78269/\" rel=\"nofollow\"\u003eA Thread on a FreeBSD Desktop for PineBook Pro\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eventyay.com/e/fa96ae2c\" rel=\"nofollow\"\u003eFOSSASIA Conference - March 2021(Virtual)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.netgate.com/blog/wireguard-for-pfsense-software.html\" rel=\"nofollow\"\u003eWireGuard for pfSense Software\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2021/02/07/msg000849.html\" rel=\"nofollow\"\u003eNetBSD logo to going Moon\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n### Producer\u0026#39;s Note\n\u0026gt; Hey everybody, it’s JT here.  After our AMA episode where I mentioned I was looking for older BSD Retail Copies, I was contacted by Andrew who hooked me up with a bunch of OpenBSD disks from the 4.x era.  So shout out to him, and since that worked so well, I figured I\u0026#39;d give it another shot and ask that if anyone has any old Unixes that will run on an 8088, 8086, or 286 and you\u0026#39;re willing to send me copies of the disks. I\u0026#39;ve recently dug out an old 286 system and I’d love to get a Unix OS on it.  I know of Minix, Xenix and Microport, but I haven’t been able to find many versions of them.  I\u0026#39;ve found Microport 1.3.3, and SCO Xenix... but that\u0026#39;s about it.  Let me know if you happen to have any other versions, or know where I can get them.\u003cbr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/390/feedback/Christian%20-%20ZFS%20replication%20and%20verification\" rel=\"nofollow\"\u003eChristian - ZFS replication and verification\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/390/feedback/Iain%20-%20progress\" rel=\"nofollow\"\u003eIain - progress\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/390/feedback/Paul%20-%20APU2%20device\" rel=\"nofollow\"\u003ePaul - APU2 device\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Did Linux kill Commercial Unix, three node GlusterFS setup on FreeBSD, OpenBSD on the Lenovo ThinkPad X1 Nano (1st Gen), NetBSD on EdgeRouter Lite, TLS Mastery first draft done","date_published":"2021-02-18T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a77e0ca4-6c57-4cd9-ad09-1fbf8292e5d8.mp3","mime_type":"audio/mpeg","size_in_bytes":55003992,"duration_in_seconds":3336}]},{"id":"e9e941f3-5d28-4978-9398-058673590033","title":"389: Comfy FreeBSD Jails","url":"https://www.bsdnow.tv/389","content_text":"A week with Plan 9, Exploring Swap on FreeBSD, how to create a FreeBSD pkg mirror using bastille and poudriere, How to set up FreeBSD 12 VNET jail with ZFS, Creating Comfy FreeBSD Jails Using Standard Tools, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nA Week With Plan 9\n\n\nI spent the first week of 2021 learning an OS called Plan 9 from Bell Labs. This is a fringe Operating System, long abandoned by it’s original authors. It's also responsible for a great deal of inspiration elsewhere. If you’ve used the Go language, /proc, UTF-8 or Docker, you’ve used Plan 9-designed features. This issue dives into Operating System internals and some moderately hard computer science topics. If that sort of thing isn’t your bag you might want to skip ahead. Normal service will resume shortly.\n\n\n\nExploring Swap on FreeBSD\n\nOn modern Unix-like systems such as FreeBSD, “swapping” refers to the activity of paging out the contents of memory to a disk and then paging it back in on demand. The page-out activity occurs in response to a lack of free memory in the system: the kernel tries to identify pages of memory that probably will not be accessed in the near future, and copies their contents to a disk for safekeeping until they are needed again. When an application attempts to access memory that has been swapped out, it blocks while the kernel fetches that saved memory from the swap disk, and then resumes execution as if nothing had happened.\n\n\n\n\nNews Roundup\n\nHow to create a FreeBSD pkg mirror using bastille and poudriere\n\n\nThis a short how-to for creating a FreeBSD pkg mirror using BastilleBSD and Poudriere.\n\n\n\nHow to set up FreeBSD 12 VNET jail with ZFS\n\nHow do I install, set up and configure a FreeBSD 12 jail with VNET on ZFS? How can I create FreeBSD 12 VNET jail with /etc/jail.conf to run OpenVPN, Apache, Wireguard and other Internet-facing services securely on my BSD box?\nFreeBSD jail is nothing but operating system-level virtualization that allows partitioning a FreeBSD based Unix server. Such systems have their root user and access rights. Jails can use network subsystem virtualization infrastructure or share an existing network. FreeBSD jails are a powerful way to increase security. Usually, you create jail per services such as an Nginx/Apache webserver with PHP/Perl/Python app, WireGuard/OpeNVPN server, MariaDB/PgSQL server, and more. This page shows how to configure a FreeBSD Jail with vnet and ZFZ on FreeBSD 12.x.\n\n\n\nCreating Comfy FreeBSD Jails Using Standard Tools\n\nDocker has stormed into software development in recent years. While the concepts behind it are powerful and useful, similar tools have been used in systems for decades. FreeBSD’s jails in one of those tools which build upon even older chroot(2) To put it shortly, with these tools, you can make a safe environment separated from the rest of the system.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nChris - USB BSD variant\nJacob - host wifi through a jail\nJordan - new tool vs updating existing tool\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eA week with Plan 9, Exploring Swap on FreeBSD, how to create a FreeBSD pkg mirror using bastille and poudriere, How to set up FreeBSD 12 VNET jail with ZFS, Creating Comfy FreeBSD Jails Using Standard Tools, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://thedorkweb.substack.com/p/a-week-with-plan-9\" rel=\"nofollow\"\u003eA Week With Plan 9\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI spent the first week of 2021 learning an OS called Plan 9 from Bell Labs. This is a fringe Operating System, long abandoned by it’s original authors. It\u0026#39;s also responsible for a great deal of inspiration elsewhere. If you’ve used the Go language, /proc, UTF-8 or Docker, you’ve used Plan 9-designed features. This issue dives into Operating System internals and some moderately hard computer science topics. If that sort of thing isn’t your bag you might want to skip ahead. Normal service will resume shortly.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/exploring-swap-on-freebsd/\" rel=\"nofollow\"\u003eExploring Swap on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eOn modern Unix-like systems such as FreeBSD, “swapping” refers to the activity of paging out the contents of memory to a disk and then paging it back in on demand. The page-out activity occurs in response to a lack of free memory in the system: the kernel tries to identify pages of memory that probably will not be accessed in the near future, and copies their contents to a disk for safekeeping until they are needed again. When an application attempts to access memory that has been swapped out, it blocks while the kernel fetches that saved memory from the swap disk, and then resumes execution as if nothing had happened.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hackacad.net/post/2021-01-13-build-a-freebsd-pkg-mirror-with-bastille-poudriere/\" rel=\"nofollow\"\u003eHow to create a FreeBSD pkg mirror using bastille and poudriere\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis a short how-to for creating a FreeBSD pkg mirror using BastilleBSD and Poudriere.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/faq/configuring-freebsd-12-vnet-jail-using-bridgeepair-zfs/\" rel=\"nofollow\"\u003eHow to set up FreeBSD 12 VNET jail with ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eHow do I install, set up and configure a FreeBSD 12 jail with VNET on ZFS? How can I create FreeBSD 12 VNET jail with /etc/jail.conf to run OpenVPN, Apache, Wireguard and other Internet-facing services securely on my BSD box?\u003cbr\u003e\nFreeBSD jail is nothing but operating system-level virtualization that allows partitioning a FreeBSD based Unix server. Such systems have their root user and access rights. Jails can use network subsystem virtualization infrastructure or share an existing network. FreeBSD jails are a powerful way to increase security. Usually, you create jail per services such as an Nginx/Apache webserver with PHP/Perl/Python app, WireGuard/OpeNVPN server, MariaDB/PgSQL server, and more. This page shows how to configure a FreeBSD Jail with vnet and ZFZ on FreeBSD 12.x.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kettunen.io/post/standard-freebsd-jails/\" rel=\"nofollow\"\u003eCreating Comfy FreeBSD Jails Using Standard Tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eDocker has stormed into software development in recent years. While the concepts behind it are powerful and useful, similar tools have been used in systems for decades. FreeBSD’s jails in one of those tools which build upon even older chroot(2) To put it shortly, with these tools, you can make a safe environment separated from the rest of the system.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/389/feedback/Chris%20-%20USB%20BSD%20variant\" rel=\"nofollow\"\u003eChris - USB BSD variant\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/389/feedback/Jacob%20-%20host%20wifi%20through%20a%20jail\" rel=\"nofollow\"\u003eJacob - host wifi through a jail\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/389/feedback/Jordan%20-%20new%20too%20vs%20updating%20existing%20tool\" rel=\"nofollow\"\u003eJordan - new tool vs updating existing tool\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"A week with Plan 9, Exploring Swap on FreeBSD, how to create a FreeBSD pkg mirror using bastille and poudriere, How to set up FreeBSD 12 VNET jail with ZFS, Creating Comfy FreeBSD Jails Using Standard Tools, and more.","date_published":"2021-02-10T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e9e941f3-5d28-4978-9398-058673590033.mp3","mime_type":"audio/mpeg","size_in_bytes":42044472,"duration_in_seconds":2476}]},{"id":"df800c64-9bac-467b-be5c-088a4cd94882","title":"388: Must-have security tool","url":"https://www.bsdnow.tv/388","content_text":"FreeBSD Q4 2020 Status report, a must-have security tool from OpenBSD, Bastille Port Redirection and Persistence, FreeBSD Wall Display Computer, etymology of command-line tools, GhostBSD 21.01.15 Release Notes, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD quarterly status report for Q4 2020\n\n\n\nBlock spammers/abusive IPs with Pf-badhost in OpenBSD. A 'must have' security tool!\n\n\nPf-badhost is a very practical, robust, stable and lightweight security script for network servers.\nIt's compatible with BSD based operating systems such as {Open,Free,Net,Dragonfly}BSD and MacOS. It prevents potentially-bad IP addresses that could possibly attack your servers (and waste your bandwidth and fill your logfiles), by blocking all those IPs contacting your server, and therefore it makes your server network/resources lighter and the logs of important services running on your server become simpler, more readable and efficient.\n\n\n\n\n\n\nNews Roundup\n\nBastille Port Redirection and Persistence\n\n\nBastille supports redirecting (rdr) ports from the host system into target containers. This port redirection is commonly used when running Internet services such as web servers, dns servers, email and many others. Any service you want to make public outside of your cluster will likely require port redirection (with some exceptions, see below).\n\n\n\nFreeBSD Wall Display Computer\n\nI've recently added a wall mounted 30\" monitor for Grafana in my home. I can highly recommend doing the same, especially in a world where more work from home is becoming the norm.\n\n\n\nThe etymology of command-line tools\n\n\n\nGhostBSD 21.01.15 Release Notes\n\nI am happy to announce the availability of the new ISO 21.01.15. This new ISO comes with a clean-up of packages that include removing LibreOffice and Telegram from the default selection. We did this to bring the zfs RW live file systems to run without problem on 4GB of ram machine. We also removed the UFS full disk option from the installer. Users can still use custom partitions to setup UFS partition, but we discourage it. We also fixed the Next button's restriction in the custom partition related to some bug that people reported. We also fix the missing default locale setup and added the default setup for Linux Steam, not to forget this ISO includes kernel, userland and numerous application updates.\n\n\n\n\nBeastie Bits\n\n\nInterview with Brian Kernighan\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eFreeBSD Q4 2020 Status report, a must-have security tool from OpenBSD, Bastille Port Redirection and Persistence, FreeBSD Wall Display Computer, etymology of command-line tools, GhostBSD 21.01.15 Release Notes, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2020-10-2020-12/\" rel=\"nofollow\"\u003eFreeBSD quarterly status report for Q4 2020\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210119113425\" rel=\"nofollow\"\u003eBlock spammers/abusive IPs with Pf-badhost in OpenBSD. A \u0026#39;must have\u0026#39; security tool!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePf-badhost is a very practical, robust, stable and lightweight security script for network servers.\u003cbr\u003e\nIt\u0026#39;s compatible with BSD based operating systems such as {Open,Free,Net,Dragonfly}BSD and MacOS. It prevents potentially-bad IP addresses that could possibly attack your servers (and waste your bandwidth and fill your logfiles), by blocking all those IPs contacting your server, and therefore it makes your server network/resources lighter and the logs of important services running on your server become simpler, more readable and efficient.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bastillebsd.org/blog/2021/01/13/bastille-port-redirection-and-persistence/\" rel=\"nofollow\"\u003eBastille Port Redirection and Persistence\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBastille supports redirecting (rdr) ports from the host system into target containers. This port redirection is commonly used when running Internet services such as web servers, dns servers, email and many others. Any service you want to make public outside of your cluster will likely require port redirection (with some exceptions, see below).\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.tyk.nu/blog/freebsd-wall-display-computer/\" rel=\"nofollow\"\u003eFreeBSD Wall Display Computer\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eI\u0026#39;ve recently added a wall mounted 30\u0026quot; monitor for Grafana in my home. I can highly recommend doing the same, especially in a world where more work from home is becoming the norm.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://i.redd.it/sni9gaxfj2d61.png\" rel=\"nofollow\"\u003eThe etymology of command-line tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ghostbsd.org/21.01.15_release_notes\" rel=\"nofollow\"\u003eGhostBSD 21.01.15 Release Notes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eI am happy to announce the availability of the new ISO 21.01.15. This new ISO comes with a clean-up of packages that include removing LibreOffice and Telegram from the default selection. We did this to bring the zfs RW live file systems to run without problem on 4GB of ram machine. We also removed the UFS full disk option from the installer. Users can still use custom partitions to setup UFS partition, but we discourage it. We also fixed the Next button\u0026#39;s restriction in the custom partition related to some bug that people reported. We also fix the missing default locale setup and added the default setup for Linux Steam, not to forget this ISO includes kernel, userland and numerous application updates.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://corecursive.com/brian-kernighan-unix-bell-labs1/\" rel=\"nofollow\"\u003eInterview with Brian Kernighan\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Q4 2020 Status report, a must-have security tool from OpenBSD, Bastille Port Redirection and Persistence, FreeBSD Wall Display Computer, etymology of command-line tools, GhostBSD 21.01.15 Release Notes, and more.","date_published":"2021-02-04T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/df800c64-9bac-467b-be5c-088a4cd94882.mp3","mime_type":"audio/mpeg","size_in_bytes":51435504,"duration_in_seconds":2981}]},{"id":"352cdfe3-fbba-46ef-8982-4b4c37d3da22","title":"387: OpenBSD Broadcast Studio","url":"https://www.bsdnow.tv/387","content_text":"GNN's tips for surviving Cabin Fever and Coding from Home, Self-host a password manager on OpenBSD, Preliminary OpenBSD Support added to OBS, Dan's CURL tip of the Day, List of some Shell goodies for OpenBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nGNN's tips for surviving Cabin Fever and Coding from Home\n\n\nForgive me if this seems off topic, but I was wondering if you had any advice for the majority of us who are now KFH (koding from home). I don't know how KV works day to day, but it seems pretty clear that the status quo has changed at most workplaces in the last several months, and it's hard to know if there are things we could be doing to stay productive while we're all at home, ordering delivery, and microwaving our mail. Does KV have any good guidance?\n\n\n\n\nSelf-host a password manager on OpenBSD\n\n\nI’ve been using Rubywarden to store and access my passwords from OpenBSD workstations and iOS toys. But recent redondant failures from the iOS App and rubywarden not being maintained anymore led to the need for a new solution.\nI was investing on pass+pgp+git but it was quite complex.\n\n\nNews Roundup\n\nPreliminary OpenBSD Support added to OBS\n\n\n\nDan's CURL tip of the Day\n\n\n\nList of some Shell goodies for OpenBSD\n\n\nI'm sharing here some practices I'm following and some small tips/tools which facilitate my usage of OpenBSD in my day to day.\nSome are really specific to my usage, others could be re-used.\n\n\n\n\nBeastie Bits\n\n• [Traditional text mode games from BSD](https://github.com/msharov/bsd-games)\n• [FreeBSD Easter Eggs](https://twitter.com/freebsdfrau/status/972893680473317377)\n• [A prehistory and history of Unix Slide Deck](https://docs.google.com/presentation/d/1BxnFiP_Hv3HJbbYRfSxpTym7GzqxJPQlTE6Ur5h1Al8/edit#slide=id.g951f86c343_0_95)\n• [How to use Android USB Tethering to get Internet on FreeBSD](https://www.youtube.com/watch?v=cAEmtrEZlV8)\n• [VPN'Othon #2 for CharmBUG](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/387/charmbug_event.md)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n• [Kev - Ramdisk](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/387/feedback/kev%20-%20ramdisk.md)\n• [John - new to freebsd](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/387/feedback/John%20-%20new%20to%20freebsd)\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eGNN\u0026#39;s tips for surviving Cabin Fever and Coding from Home, Self-host a password manager on OpenBSD, Preliminary OpenBSD Support added to OBS, Dan\u0026#39;s CURL tip of the Day, List of some Shell goodies for OpenBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://queue.acm.org/detail.cfm?id=3437846\" rel=\"nofollow\"\u003eGNN\u0026#39;s tips for surviving Cabin Fever and Coding from Home\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eForgive me if this seems off topic, but I was wondering if you had any advice for the majority of us who are now KFH (koding from home). I don\u0026#39;t know how KV works day to day, but it seems pretty clear that the status quo has changed at most workplaces in the last several months, and it\u0026#39;s hard to know if there are things we could be doing to stay productive while we\u0026#39;re all at home, ordering delivery, and microwaving our mail. Does KV have any good guidance?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20210105/self-host-a-password-manager-on-openbsd/\" rel=\"nofollow\"\u003eSelf-host a password manager on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been using Rubywarden to store and access my passwords from OpenBSD workstations and iOS toys. But recent redondant failures from the iOS App and rubywarden not being maintained anymore led to the need for a new solution.\u003cbr\u003e\nI was investing on pass+pgp+git but it was quite complex.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20210113072623\" rel=\"nofollow\"\u003ePreliminary OpenBSD Support added to OBS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mobile.twitter.com/DLangille/status/1323963716153626626\" rel=\"nofollow\"\u003eDan\u0026#39;s CURL tip of the Day\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.vincentdelft.be/post/post_20210102\" rel=\"nofollow\"\u003eList of some Shell goodies for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;m sharing here some practices I\u0026#39;m following and some small tips/tools which facilitate my usage of OpenBSD in my day to day.\u003cbr\u003e\nSome are really specific to my usage, others could be re-used.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Traditional text mode games from BSD](https://github.com/msharov/bsd-games)\n• [FreeBSD Easter Eggs](https://twitter.com/freebsdfrau/status/972893680473317377)\n• [A prehistory and history of Unix Slide Deck](https://docs.google.com/presentation/d/1BxnFiP_Hv3HJbbYRfSxpTym7GzqxJPQlTE6Ur5h1Al8/edit#slide=id.g951f86c343_0_95)\n• [How to use Android USB Tethering to get Internet on FreeBSD](https://www.youtube.com/watch?v=cAEmtrEZlV8)\n• [VPN\u0026#39;Othon #2 for CharmBUG](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/387/charmbug_event.md)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [Kev - Ramdisk](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/387/feedback/kev%20-%20ramdisk.md)\n• [John - new to freebsd](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/387/feedback/John%20-%20new%20to%20freebsd)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"GNN's tips for surviving Cabin Fever and Coding from Home, Self-host a password manager on OpenBSD, Preliminary OpenBSD Support added to OBS, Dan's CURL tip of the Day, List of some Shell goodies for OpenBSD, and more","date_published":"2021-01-28T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/352cdfe3-fbba-46ef-8982-4b4c37d3da22.mp3","mime_type":"audio/mpeg","size_in_bytes":43820232,"duration_in_seconds":2591}]},{"id":"d5e42030-e15b-444f-b823-a40e34bea5a8","title":"386: Aye, 386!","url":"https://www.bsdnow.tv/386","content_text":"Routing and Firewalling VLANS with FreeBSD, FreeBSD 12 VNET jail with ZFS howto, pkgsrc-2020Q4 released, FreeBSD on Raspberry Pi 4 With 4GB of RAM, HardenedBSD December 2020 Status Report, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nRouting and Firewalling VLANS with FreeBSD\n\n\nIn this article we are going to look at and integrate two network isolation technologies, VLANs and VNET. VLANs are common place, and if you have done some network management or design then you are likely to have interacted with them. The second are FreeBSDs VNET virtual network stacks, a powerful network stack isolation technology that gives FreeBSD jails super powers.\nEthernet VLAN (standardised by IEEE 802.1Q) are an extension to Ethernet and provide an essential method for scaling network deployments. They are used in all environments to enable reuse of common infrastructure by isolating portions of networks from each other. VLANs allow the reuse of common cables, switches and routers to carry completely different networks. It is common to have data that must be separated from different networks carried on common cables until their VLAN tags are finally stripped at a gateway switch or router.\n\n\n\n\nHow to set up FreeBSD 12 VNET jail with ZFS\n\n\nHow do I install, set up and configure a FreeBSD 12 jail with VNET on ZFS? How can I create FreeBSD 12 VNET jail with /etc/jail.conf to run OpenVPN, Apache, Wireguard and other Internet-facing services securely on my BSD box?\nFreeBSD jail is nothing but operating system-level virtualization that allows partitioning a FreeBSD based Unix server. Such systems have their root user and access rights. Jails can use network subsystem virtualization infrastructure or share an existing network. FreeBSD jails are a powerful way to increase security. Usually, you create jail per services such as an Nginx/Apache webserver with PHP/Perl/Python app, WireGuard/OpeNVPN server, MariaDB/PgSQL server, and more. This page shows how to configure a FreeBSD Jail with vnet and ZFS on FreeBSD 12.x.\n\n\n\n\nNews Roundup\n\npkgsrc-2020Q4 released\n\n\nThe pkgsrc developers are proud to announce the 69th quarterly release\nof pkgsrc, the cross-platform packaging system.  pkgsrc is available\nwith more than 24,000 packages, running on 23 separate platforms; more\ninformation on pkgsrc itself is available at https://www.pkgsrc.org/\n\n\n\n\nFreeBSD ON A Raspberry PI 4 With 4GB of RAM\n\n\nThis is the story of how I managed to get FreeBSD running on a Raspberry Pi 4 with 4GB of RAM, though I think the setup story is pretty similar for those with 2GB and 8GB.1\n\n\n\n\nHardenedBSD December 2020 Status Report\n\n\nHappy New Year! On this the last day of 2020, I submit December's status report.\n\n\n\n\nBeastie Bits\n\n\nChristmas Cards The Unix Way - with pic and  troff\nFast RPI3 upgrade from source (cross compile) \n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nRobert - zfs question\nNeb - AMA episode.md\nJoe - puppet\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eRouting and Firewalling VLANS with FreeBSD, FreeBSD 12 VNET jail with ZFS howto, pkgsrc-2020Q4 released, FreeBSD on Raspberry Pi 4 With 4GB of RAM, HardenedBSD December 2020 Status Report, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/routing-and-firewalling-vlans-with-freebsd/\" rel=\"nofollow\"\u003eRouting and Firewalling VLANS with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this article we are going to look at and integrate two network isolation technologies, VLANs and VNET. VLANs are common place, and if you have done some network management or design then you are likely to have interacted with them. The second are FreeBSDs VNET virtual network stacks, a powerful network stack isolation technology that gives FreeBSD jails super powers.\u003cbr\u003e\nEthernet VLAN (standardised by IEEE 802.1Q) are an extension to Ethernet and provide an essential method for scaling network deployments. They are used in all environments to enable reuse of common infrastructure by isolating portions of networks from each other. VLANs allow the reuse of common cables, switches and routers to carry completely different networks. It is common to have data that must be separated from different networks carried on common cables until their VLAN tags are finally stripped at a gateway switch or router.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/faq/configuring-freebsd-12-vnet-jail-using-bridgeepair-zfs/\" rel=\"nofollow\"\u003eHow to set up FreeBSD 12 VNET jail with ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHow do I install, set up and configure a FreeBSD 12 jail with VNET on ZFS? How can I create FreeBSD 12 VNET jail with /etc/jail.conf to run OpenVPN, Apache, Wireguard and other Internet-facing services securely on my BSD box?\u003cbr\u003e\nFreeBSD jail is nothing but operating system-level virtualization that allows partitioning a FreeBSD based Unix server. Such systems have their root user and access rights. Jails can use network subsystem virtualization infrastructure or share an existing network. FreeBSD jails are a powerful way to increase security. Usually, you create jail per services such as an Nginx/Apache webserver with PHP/Perl/Python app, WireGuard/OpeNVPN server, MariaDB/PgSQL server, and more. This page shows how to configure a FreeBSD Jail with vnet and ZFS on FreeBSD 12.x.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-announce/2021/01/08/msg000322.html\" rel=\"nofollow\"\u003epkgsrc-2020Q4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe pkgsrc developers are proud to announce the 69th quarterly release\u003cbr\u003e\nof pkgsrc, the cross-platform packaging system.  pkgsrc is available\u003cbr\u003e\nwith more than 24,000 packages, running on 23 separate platforms; more\u003cbr\u003e\ninformation on pkgsrc itself is available at \u003ca href=\"https://www.pkgsrc.org/\" rel=\"nofollow\"\u003ehttps://www.pkgsrc.org/\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lambdaland.org/posts/2020-12-23_freebsd_rpi4/\" rel=\"nofollow\"\u003eFreeBSD ON A Raspberry PI 4 With 4GB of RAM\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is the story of how I managed to get FreeBSD running on a Raspberry Pi 4 with 4GB of RAM, though I think the setup story is pretty similar for those with 2GB and 8GB.1\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2020-12-31/hardenedbsd-december-2020-status-report\" rel=\"nofollow\"\u003eHardenedBSD December 2020 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHappy New Year! On this the last day of 2020, I submit December\u0026#39;s status report.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=xMijdTWSUEE\u0026feature=youtu.be\" rel=\"nofollow\"\u003eChristmas Cards The Unix Way - with pic and  troff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://forums.freebsd.org/threads/fast-upgrade-raspberry-pi3-from-source.78169/\" rel=\"nofollow\"\u003eFast RPI3 upgrade from source (cross compile)\u003c/a\u003e \n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/386/feedback/robert%20-%20zfs%20question.md\" rel=\"nofollow\"\u003eRobert - zfs question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/386/feedback/neb%20-%20AMA%20episode.md\" rel=\"nofollow\"\u003eNeb - AMA episode.md\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/386/feedback/joe%20-%20puppet.md\" rel=\"nofollow\"\u003eJoe - puppet\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Routing and Firewalling VLANS with FreeBSD, FreeBSD 12 VNET jail with ZFS howto, pkgsrc-2020Q4 released, FreeBSD on Raspberry Pi 4 With 4GB of RAM, HardenedBSD December 2020 Status Report, and more","date_published":"2021-01-21T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d5e42030-e15b-444f-b823-a40e34bea5a8.mp3","mime_type":"audio/mpeg","size_in_bytes":38533008,"duration_in_seconds":2220}]},{"id":"ec8dd4e8-e1f9-41bd-822b-d1a68799470c","title":"385: Wireguard VPN mesh","url":"https://www.bsdnow.tv/385","content_text":"Description: History of FreeBSD: Early Days of FreeBSD, mesh VPN using OpenBSD and WireGuard, FreeBSD Foundation Sponsors LLDB Improvements, Host your Cryptpad web office suite with OpenBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nHistory of FreeBSD - Part 3: Early Days of FreeBSD\n\n\nIn this third part of our series on the history of FreeBSD, we start tracing the early days of FreeBSD and the events that would eventually shape the project and the future of open source software. \n\n\n\n\nA mesh VPN using OpenBSD and WireGuard\n\n\nWireGuard is a new coming to OpenBSD 6.8 and it looks like a simple and efficient way to connect computers.\nI own a few VPS (hello Vultr, hello OpenBSD.amsterdam) that tend to be connected through filtered public services and/or SSH tunnels. And that’s neither efficient nor easy to manage. Here comes the wg(4) era where all those peers will communicate with a bit more privacy and ease of management.\n\n\n\n\nNews Roundup\n\nFoundation Sponsors FreeBSD LLDB Improvements\n\n\nWith FreeBSD Foundation grant, Moritz Systems improved LLDB support for FreeBSD\nThe LLDB project builds on libraries provided by LLVM and Clang to provide a great modern debugger. It uses the Clang ASTs and the expression parser, LLVM JIT, LLVM disassembler, etc so that it provides an experience that “just works”. It is also blazing fast and more permissively licensed than GDB, the GNU Debugger.\nLLDB is the default debugger in Xcode on macOS and supports debugging C, Objective-C, and C++ on the desktop and iOS devices and the simulator.\n\n\n\n\nHost your Cryptpad web office suite with OpenBSD\n\n\nIn this article I will explain how to deploy your own Cryptpad instance with OpenBSD. Cryptpad is a web office suite featuring easy real time collaboration on documents. Cryptpad is written in JavaScript and the daemon acts as a web server.\n\n\n\n\nBeastie Bits\n\n\nOPNsense 20.7.7 Released\nIntroducing OpenZFS 2.0 Webinar - Jan 20th @ noon Eastern  / 17:00 UTC. \nBSD In Die Hard\nManaging jails with Ansible: a showcase for building a container infrastructure on FreeBSD\nBSD Hardware\nNew WINE chapter in FreeBSD handbook\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\n\n\nFeedback/Questions\n\n\nscott- zfs question\nBruce - copy paste on esxi\nJulian - an apology for Allan\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eDescription: History of FreeBSD: Early Days of FreeBSD, mesh VPN using OpenBSD and WireGuard, FreeBSD Foundation Sponsors LLDB Improvements, Host your Cryptpad web office suite with OpenBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/history-of-freebsd-part-3-early-days-of-freebsd/?utm_source=bsdnow\" rel=\"nofollow\"\u003eHistory of FreeBSD - Part 3: Early Days of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this third part of our series on the history of FreeBSD, we start tracing the early days of FreeBSD and the events that would eventually shape the project and the future of open source software. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20201202/a-mesh-vpn-using-openbsd-and-wireguard/?utm_source=bsdnow\" rel=\"nofollow\"\u003eA mesh VPN using OpenBSD and WireGuard\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWireGuard is a new coming to OpenBSD 6.8 and it looks like a simple and efficient way to connect computers.\u003cbr\u003e\nI own a few VPS (hello Vultr, hello OpenBSD.amsterdam) that tend to be connected through filtered public services and/or SSH tunnels. And that’s neither efficient nor easy to manage. Here comes the wg(4) era where all those peers will communicate with a bit more privacy and ease of management.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freebsdfoundation.org/blog/guest-blog-foundation-sponsors-freebsd-lldb-improvements/?utm_source=bsdnow\" rel=\"nofollow\"\u003eFoundation Sponsors FreeBSD LLDB Improvements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith FreeBSD Foundation grant, Moritz Systems improved LLDB support for FreeBSD\u003cbr\u003e\nThe LLDB project builds on libraries provided by LLVM and Clang to provide a great modern debugger. It uses the Clang ASTs and the expression parser, LLVM JIT, LLVM disassembler, etc so that it provides an experience that “just works”. It is also blazing fast and more permissively licensed than GDB, the GNU Debugger.\u003cbr\u003e\nLLDB is the default debugger in Xcode on macOS and supports debugging C, Objective-C, and C++ on the desktop and iOS devices and the simulator.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-12-14-cryptpad-openbsd.html\" rel=\"nofollow\"\u003eHost your Cryptpad web office suite with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this article I will explain how to deploy your own Cryptpad instance with OpenBSD. Cryptpad is a web office suite featuring easy real time collaboration on documents. Cryptpad is written in JavaScript and the daemon acts as a web server.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-20-7-7-released/?utm_source=bsdnow\" rel=\"nofollow\"\u003eOPNsense 20.7.7 Released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://klarasystems.com/learning/webinars/webinar-introducing-openzfs-2-0/?utm_source=bsdnow\" rel=\"nofollow\"\u003eIntroducing OpenZFS 2.0 Webinar - Jan 20th @ noon Eastern  / 17:00 UTC. \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/BSD/comments/kk3c6y/merry_xmas/\" rel=\"nofollow\"\u003eBSD In Die Hard\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://papers.freebsd.org/2019/bsdcan/dengg-managing_jails_with_ansible/\" rel=\"nofollow\"\u003eManaging jails with Ansible: a showcase for building a container infrastructure on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-hardware.info\" rel=\"nofollow\"\u003eBSD Hardware\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/wine.html\" rel=\"nofollow\"\u003eNew WINE chapter in FreeBSD handbook\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/385/feedback/scott-%20zfs%20question\" rel=\"nofollow\"\u003escott- zfs question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/385/feedback/Bruce%20-%20copy%20paste%20on%20esxi\" rel=\"nofollow\"\u003eBruce - copy paste on esxi\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/385/feedback/Julian%20-%20an%20apology%20for%20Allan\" rel=\"nofollow\"\u003eJulian - an apology for Allan\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Description: History of FreeBSD: Early Days of FreeBSD, mesh VPN using OpenBSD and WireGuard, FreeBSD Foundation Sponsors LLDB Improvements, Host your Cryptpad web office suite with OpenBSD, and more.","date_published":"2021-01-14T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ec8dd4e8-e1f9-41bd-822b-d1a68799470c.mp3","mime_type":"audio/mpeg","size_in_bytes":31123128,"duration_in_seconds":2068}]},{"id":"d48d2da1-bf8e-4f78-bfa3-48eaf73fe14a","title":"384: In memoriam","url":"https://www.bsdnow.tv/384","content_text":"Allen K. Briggs Memorial Scholarship, Toward an automated tracking of OpenBSD ports contributions, Trying OpenZFS 2 on FreeBSD 12.2-RELEASE, OpenBSD on TECLAST F7 Plus, Multi-volume support in HAMMER2, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nAllen K. Briggs Memorial Scholarship\n\n\nAllen Briggs was one of the earliest members of the NetBSD community, pursuing his interest in macBSD, and moving to become a NetBSD developer when the two projects merged. Allen was known for his quiet and relaxed manner, and always brought a keen wisdom with him; allied with his acute technical expertise, he was one of the most valued members of the NetBSD community.\nThe Allen K. Briggs Memorial Scholarship is an endowment to provide scholarships in perpetuity for summer programs at the North Carolina School of Science \u0026amp; Math, which Allen considered to be a place that fundamentally shaped him as a person. We would love to invite Allen's friends and colleagues from the BSD community to donate to this cause so that we can provide more scholarships to students with financial need each year. We are approximately halfway to our goal of $50K with aspirations to exceed that target and fund additional scholarships.\n\n\n\n\nToward an automated tracking of OpenBSD ports contributions\n\n\nA first step for the CI service would be to create a database of diffs sent to ports. This would allow people to track what has been sent and not yet committed and what the state of the contribution is (build/don’t build, apply/don’t apply).\n\n\n\n\nNews Roundup\n\nTrying OpenZFS 2 on FreeBSD 12.2-RELEASE\n\n\nOpenZFS 2 is a huge achievement, and makes me bullish about the long term prospects for the world’s most trustworthy and nicest to use storage system. You can even use try it today on FreeBSD 12.2-RELEASE, though I recommend tracking -CURRENT for these sorts of features.\n\n\n\n\nOpenBSD on TECLAST F7 Plus\n\n\nI got myself a TECLAST F7 Plus laptop. It comes preinstalled with Windows 10 but I planned to use it as my daily driver. So I installed OpenBSD 6.8 on it.\n\n\n\n\nMulti-volume support in HAMMER2\n\n\ncommit\n\u0026gt; This commit adds initial multi-volumes support for HAMMER2. Maximum supported volumes is 64. The feature and implementation is similar to multi-volumes support in HAMMER1.\n***\n\n\nBeastie Bits\n\n\nFreeBSD Last SVN Commit\nFreeBSD First git Commit\nIntroducing OpenZFS 2.0 Webinar - Jan 20th @ noon Eastern  / 17:00 UTC. \n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\n\n\nFeedback/Questions\n\n\njay - feedback for ian\nIebluefire - concerns about freebsd\nmike - zfs cluster aware\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eAllen K. Briggs Memorial Scholarship, Toward an automated tracking of OpenBSD ports contributions, Trying OpenZFS 2 on FreeBSD 12.2-RELEASE, OpenBSD on TECLAST F7 Plus, Multi-volume support in HAMMER2, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/allen_k_briggs_memorial_scholarship\" rel=\"nofollow\"\u003eAllen K. Briggs Memorial Scholarship\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAllen Briggs was one of the earliest members of the NetBSD community, pursuing his interest in macBSD, and moving to become a NetBSD developer when the two projects merged. Allen was known for his quiet and relaxed manner, and always brought a keen wisdom with him; allied with his acute technical expertise, he was one of the most valued members of the NetBSD community.\u003cbr\u003e\nThe Allen K. Briggs Memorial Scholarship is an endowment to provide scholarships in perpetuity for summer programs at the North Carolina School of Science \u0026amp; Math, which Allen considered to be a place that fundamentally shaped him as a person. We would love to invite Allen\u0026#39;s friends and colleagues from the BSD community to donate to this cause so that we can provide more scholarships to students with financial need each year. We are approximately halfway to our goal of $50K with aspirations to exceed that target and fund additional scholarships.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-11-15-openbsd-ports-ci.html\" rel=\"nofollow\"\u003eToward an automated tracking of OpenBSD ports contributions\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA first step for the CI service would be to create a database of diffs sent to ports. This would allow people to track what has been sent and not yet committed and what the state of the contribution is (build/don’t build, apply/don’t apply).\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/trying-openzfs-on-freebsd-12-release/?utm_source=bsdnow\" rel=\"nofollow\"\u003eTrying OpenZFS 2 on FreeBSD 12.2-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenZFS 2 is a huge achievement, and makes me bullish about the long term prospects for the world’s most trustworthy and nicest to use storage system. You can even use try it today on FreeBSD 12.2-RELEASE, though I recommend tracking -CURRENT for these sorts of features.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20201215/openbsd-on-teclast-f7-plus/?utm_source=bsdnow\" rel=\"nofollow\"\u003eOpenBSD on TECLAST F7 Plus\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI got myself a TECLAST F7 Plus laptop. It comes preinstalled with Windows 10 but I planned to use it as my daily driver. So I installed OpenBSD 6.8 on it.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/12/28/25287.html\" rel=\"nofollow\"\u003eMulti-volume support in HAMMER2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2020-December/770072.html\" rel=\"nofollow\"\u003ecommit\u003c/a\u003e\n\u0026gt; This commit adds initial multi-volumes support for HAMMER2. Maximum supported volumes is 64. The feature and implementation is similar to multi-volumes support in HAMMER1.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base/head/README?view=markup\u0026pathrev=368820\" rel=\"nofollow\"\u003eFreeBSD Last SVN Commit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cgit.freebsd.org/src/commit/?id=5ef5f51d2bef80b0ede9b10ad5b0e9440b60518c\" rel=\"nofollow\"\u003eFreeBSD First git Commit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://klarasystems.com/learning/webinars/webinar-introducing-openzfs-2-0/?utm_source=bsdnow\" rel=\"nofollow\"\u003eIntroducing OpenZFS 2.0 Webinar - Jan 20th @ noon Eastern  / 17:00 UTC. \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/384/feedback/jay%20-%20feedback%20for%20ian\" rel=\"nofollow\"\u003ejay - feedback for ian\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/384/feedback/Iebluefire%20-%20concerns%20about%20freebsd\" rel=\"nofollow\"\u003eIebluefire - concerns about freebsd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/384/feedback/mike%20-%20zfs%20cluster%20aware\" rel=\"nofollow\"\u003emike - zfs cluster aware\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Allen K. Briggs Memorial Scholarship, Toward an automated tracking of OpenBSD ports contributions, Trying OpenZFS 2 on FreeBSD 12.2-RELEASE, OpenBSD on TECLAST F7 Plus, Multi-volume support in HAMMER2, and more. ","date_published":"2021-01-07T03:45:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d48d2da1-bf8e-4f78-bfa3-48eaf73fe14a.mp3","mime_type":"audio/mpeg","size_in_bytes":32114304,"duration_in_seconds":2100}]},{"id":"b40c441d-f217-4771-b172-a1ce68803431","title":"383: Scale the tail","url":"https://www.bsdnow.tv/383","content_text":"FreeBSD Remote Process Plugin Final Milestone achieved, Tailscale for OpenBSD, macOS to FreeBSD migration, monitoring of our OpenBSD machines, OPNsense 20.7.6 released, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD Remote Process Plugin: Final Milestone Achieved\n\n\nMoritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are working on a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.\n\n\n\nTailscale on OpenBSD\n\nI spent some time setting this up today evening and thought I’d post the steps here. Nothing fancy, just putting together various pieces actually.\nI assume you know what Tailscale is; if not check out their website. Basically it is a mesh network built on top of Wireguard. Using it you can have all your devices both within your LAN(s) and outside be on one overlay network as if they are all on the same LAN and can talk to each other. It’s my new favourite thing!\n\n\n\n\nNews Roundup\n\nmacOS to FreeBSD migration a.k.a why I left macOS\n\n\nThis is not a technical documentation for how I migrated from macOS to FreeBSD. This is a high-level for why I migrated from macOS to FreeBSD.\nNot so long ago, I was using macOS as my daily driver. The main reason why I got a macbook was the underlying BSD Unix and the nice graphics it provides. Also, I have an iPhone. But they were also the same reasons for why I left macOS.\n\n\n\nOur monitoring of our OpenBSD machines, such as it is (as of November 2020\n\nWe have a number of OpenBSD firewalls in service (along with some other OpenBSD servers for things like VPN endpoints), and I was recently asked how we monitor PF and overall network traffic on them. I had to disappoint the person who asked with my answer, because right now we mostly don't (although this is starting to change).\n\n\n\nOPNsense 20.7.6 released\n\nThis update brings the usual mix of reliability fixes, plugin and third party software updates: FreeBSD, HardenedBSD, PHP, OpenSSH, StrongSwan, Suricata and Syslog-ng amongst others.\nPlease note that Let's Encrypt users need to reissue their certificates manually after upgrading to this version to fix the embedded certificate chain issue with the current signing CA switch going on.\n\n\n\nNYC Bug Jan 2021 with Michael W. Lucas\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nFeedback/Questions\n\n\ncy - .so files\nben - mixer volume\nprobono - live cds\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Remote Process Plugin Final Milestone achieved, Tailscale for OpenBSD, macOS to FreeBSD migration, monitoring of our OpenBSD machines, OPNsense 20.7.6 released, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.moritz.systems/blog/freebsd-remote-plugin-final-milestone-achieved/\" rel=\"nofollow\"\u003eFreeBSD Remote Process Plugin: Final Milestone Achieved\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMoritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are working on a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rakhesh.com/linux-bsd/tailscale-on-openbsd/\" rel=\"nofollow\"\u003eTailscale on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eI spent some time setting this up today evening and thought I’d post the steps here. Nothing fancy, just putting together various pieces actually.\u003cbr\u003e\nI assume you know what Tailscale is; if not check out their website. Basically it is a mesh network built on top of Wireguard. Using it you can have all your devices both within your LAN(s) and outside be on one overlay network as if they are all on the same LAN and can talk to each other. It’s my new favourite thing!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://antranigv.am/weblog_en/posts/macos_to_freebsd/\" rel=\"nofollow\"\u003emacOS to FreeBSD migration a.k.a why I left macOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is not a technical documentation for how I migrated from macOS to FreeBSD. This is a high-level for why I migrated from macOS to FreeBSD.\u003cbr\u003e\nNot so long ago, I was using macOS as my daily driver. The main reason why I got a macbook was the underlying BSD Unix and the nice graphics it provides. Also, I have an iPhone. But they were also the same reasons for why I left macOS.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/OurOpenBSDMonitoring\" rel=\"nofollow\"\u003eOur monitoring of our OpenBSD machines, such as it is (as of November 2020\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWe have a number of OpenBSD firewalls in service (along with some other OpenBSD servers for things like VPN endpoints), and I was recently asked how we monitor PF and overall network traffic on them. I had to disappoint the person who asked with my answer, because right now we mostly don\u0026#39;t (although this is starting to change).\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-20-7-6-released/\" rel=\"nofollow\"\u003eOPNsense 20.7.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThis update brings the usual mix of reliability fixes, plugin and third party software updates: FreeBSD, HardenedBSD, PHP, OpenSSH, StrongSwan, Suricata and Syslog-ng amongst others.\u003cbr\u003e\nPlease note that Let\u0026#39;s Encrypt users need to reissue their certificates manually after upgrading to this version to fix the embedded certificate chain issue with the current signing CA switch going on.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/383/nycbug\" rel=\"nofollow\"\u003eNYC Bug Jan 2021 with Michael W. Lucas\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/383/feedback/cy%20-%20.so%20files\" rel=\"nofollow\"\u003ecy - .so files\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/383/feedback/ben%20-%20mixer%20volume\" rel=\"nofollow\"\u003eben - mixer volume\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/383/feedback/probono%20-%20live%20cds\" rel=\"nofollow\"\u003eprobono - live cds\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Remote Process Plugin Final Milestone achieved, Tailscale for OpenBSD, macOS to FreeBSD migration, monitoring of our OpenBSD machines, OPNsense 20.7.6 released, and more","date_published":"2020-12-31T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b40c441d-f217-4771-b172-a1ce68803431.mp3","mime_type":"audio/mpeg","size_in_bytes":43810032,"duration_in_seconds":2592}]},{"id":"34202bd5-f96c-4d8a-9e18-5a8eb3c26e56","title":"382: BSDNow Q\u0026A 2020","url":"https://www.bsdnow.tv/382","content_text":"We asked for it, you answered our call. This episode features you interviewing us with questions that you sent in. JT, Allan, and Benedict answer everything that you ever wanted to know in this week’s special episode of BSDNow.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nInterview - Allan Jude - [Allan.jude@gmail.com](Allan.jude@gmail.com) / @allanjude\n\nInterview - Benedict Reuschling - bcr@freebsd.org / @bsdbcr\n\nInterview - JT Pennington - jt@obs-sec.com / @q5sys\n\nAMA questions\n\nBenedict:  You work at a university right?  Were you already into tech before you started working there?  What do you do there?\nYes, I do work at the University of Applied Sciences, Darmstadt, Germany. I’m a lab engineer there (without a lab, but with a big data cluster). I teach in the winter semester an undergraduate, elective course called “Unix for Developers”. Yes, I was already in tech by that time. Did some previous work at companies before (selling hardware at the call-in hotline and later in the store) and during my CS studies.\nAllan:  What’s the next big FreeBSD Project you plan on doing?\n\nJT:  How did you get involved in BSD?  Weren't you a Linux guy?\n\nAll: Is there any way you can create an entire episode of BSDnow on hardware that runs OpenBSD and FreeBSD?  We see you audacity, etc on a mac.\nBenedict: Not sure about OpenBSD (don’t use it), but FreeBSD should be doable for my part. If we switch from Skype to a different video chat tool, the rest is already there. Production side may be more difficult, but not impossible.\n\nAll: if you could finish up one project right now... what would it be?\nBenedict: Updated ZFS chapter in the FreeBSD handbook.\n\nAll: How did all of you guys meet?\n\nAll: My question is, do you guys use FreeBSD as your main desktop OS?  If not, what do you use?\nBenedict: No, but Mac OS is close enough. Doing a lot of SSHing into FreeBSD from there.\nAll: Can you all give us the best shot of outside of their windows?\nJT’s answer: https://photos.smugmug.com/photos/i-2LSbspL/0/69437dbb/5K/i-2LSbspL-5K.jpg\n    Allan: https://photos.app.goo.gl/UnKXnKMt6cn8FDhNA\n    Benedict: No, it’s dark outside anyway. ;-)\n\nAll: How old were you when you got your first computer and what was that computer?\nAllan: 12 or 13, a 486DX2/66hz with an insane 32mb of RAM, 400 and 500 MB SCSI HDDs, 14400 baud model, and a 1.7x CD rom drive\nBenedict: Around 13 or so. 386DX2, 4 MB RAM, IDE disk drive (no idea how big, but it wasn’t much), 3.5” floppy, DOS, and a lot of games.\nJT: Technically the first was a Atari 1200XL with a 6502 CPU running at 1.79 MHz 64KB RAM.  It had it's own OS and you could load programs off of either cartridges, floppy disks, or cassette tapes. First PC Clone was a Packard Bell with a 386 and 1mb ram which later was upgraded to 4mb and a Dual speed CD-ROM.  My dad got me a Compaq 286 laptop... this one (show)... a year or so later because he got tired of fighting me for the computer.\n\nAll: Can we have a peek at your bookcase and what books are there?\nAllan: No picture handy, but my shelf is pretty small, mostly a collection of autographed FreeBSD books. I have D\u0026amp;I with all 3 autographs (took some travel to acquire), and a copy of my first book (FreeBSD Mastery: ZFS) autographed by Jeff Bonwick and Matt Ahrens, the creators of ZFS, plus a bunch of other big names in ZFS like George Wilson.\nJT’s answer: So... my library is packed away... but here’s about half of it... the rest is still in storage. https://photos.smugmug.com/photos/i-SBG2KDv/0/0b9856b8/4K/i-SBG2KDv-4K.jpg\nSoftware Collection: https://photos.smugmug.com/photos/i-HfTVPN9/0/ad610dd4/O/i-HfTVPN9.jpg\nBenedict: A mix of FreeBSD books (by MWL), the graveyard book, 4 hour work week, the once and future king (took me a long time to finish that one), Total Immersion swimming (still learning to swim) and some books in german language, fiction and tech. Groff lives in there while the pandemic lasts.\n\nAll: What desktop/Window Manager/shell do each of you primarily use?\nBenedict: Mainly Mac OS, when on FreeBSD it’s i3. Zsh with zsh-autosuggestions currently.\nJT: Lumina/zsh\nAllan: Lumina and tcsh, want to learn zsh but never gotten time to change\n\nAll: What spoken languages do you speak?\n    Benedict: German and English (obviously), learning a bit of Spanish via Duolingo at the moment\n    JT: English, Bad English, and some French.\nAll: Do you have Non-Computer hobbies if so what are those?\n    Benedict: Tai Chi Chuan (Yang Style)\nJT: I'd say photography, but that's a job for me.  I have a lot of varied interests, Krav Maga, working on my VW Corrado, working on the old Victorian house I bought, and camping/backpacking. Ive done the northern half of the AT (Appalachian Trail, I want to finish it up and then do the PCT and CDT. (Pacific Crest Trail and Continental Divide Trail).\n\nAll: When COVID passes, when are either of you are coming to BSD pizza night in Portland, OR, USA so I can buy you a beer/wine/whisky or pizza/coffee/tea (or six)\n\nRapid Fire:\n\nAll: What was the first car you ever owned?\n\nAll: Do you own a vehicle and if so what is the make/model?\n\nAll: Favorite Star franchise? Star Wars, Star Trek, Stargate, Battlestar, etc.\n\nJT:  Will you ever host any more BSDNow episodes?\n\nAll: Favorite superhero? Marvel and/or DC.\n\nAll: Favorite game(s) of all time?\n\nAll: Pants or no pants on virtual meetings/presentations?\n\nAll: Do you or have you used alternative operating systems that are not \"main stream or is considered retro\" if so what are those?\n\nAll: Who has more animals at home?\n\nAllan: Does Allan have any batteries for his tetris cubes? Can we see that thing light up?\n\nAllan and Benedict:  Are you guys going to go on JT's new show?\n\nIf you’re wondering what show this is, here are the two shows Im a host of:\n\nhttps://www.opensourcevoices.org \u0026amp; https://www.theopiniondominion.org\n\nAllan and Benedict: Have Allan or Benedict lost anything on the way to and from a conference?\n\nBenedict: Is Benedict going to do his NOEL blocks again?\n\nBenedict: Does Benedict make his bed every Wednesday morning?  It always looks great!\nNot just Wednesdays, but pretty much every day. Here, watch this: https://www.youtube.com/watch?v=GKZRFDCbGTA Nuff said. ;-)\nJT: Are you batman because the episodes are always awesome sir so thank you\nJT’s answer: Can you ever admit to being batman?  If I were batman wouldn't I have to deny it?\n\nAll: What's your Daily Driver Hardware?\n\nAll: Who has more servers or VMs at home?\nBenedict: Allan, easily\nJT: Allan definitely beats me with VMs, but I think I might give him a run on servers.  4x 4u HP DL580s, one HP DL980, three HP C3000 8 bay bladecenters, three HP C7000 16 bay Bladecenters, 2x Sun 280R, bunch of Dell and IBM 1Us… but all my stuff is old.  Allan has all the new and shiny stuff.\nThe Pile in the Kitchen: https://photos.smugmug.com/photos/i-HBScrpk/0/4b058cc5/X2/i-HBScrpk-X2.jpg\nThe other pile: https://photos.smugmug.com/photos/i-wNxFszV/0/e7a4b2d6/X2/i-wNxFszV-X2.jpg\n\nAll: What book(s) are you currently reading?\nBenedict: Antifragile by Nassim Taleb\nJT: Douglas Hofstader - Gödel, Escher, Bach: An Eternal Golden Braid. Douglas Rushkoff - program or be programmed. Also a 4 part book series on the American civil war written in the 1880s, by people in the civil war.\n\nAll: Favorite mechanical keyboard switch? Cherry MX, Kalih, Gateron, etc.\nBenedict: Cherry MX brown currently\n    Allan: Cherry MX Blue (Coolermaster Master Keys Pro-L)\n    JT: I prefer scissor switches, so I use a Logitech K740.\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWe asked for it, you answered our call. This episode features you interviewing us with questions that you sent in. JT, Allan, and Benedict answer everything that you ever wanted to know in this week’s special episode of BSDNow.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview - Allan Jude - [\u003ca href=\"mailto:Allan.jude@gmail.com\" rel=\"nofollow\"\u003eAllan.jude@gmail.com\u003c/a\u003e](\u003ca href=\"mailto:Allan.jude@gmail.com\" rel=\"nofollow\"\u003eAllan.jude@gmail.com\u003c/a\u003e) / \u003ca href=\"https://twitter.com/allanjude\" rel=\"nofollow\"\u003e@allanjude\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch2\u003eInterview - Benedict Reuschling - \u003ca href=\"mailto:bcr@freebsd.org\" rel=\"nofollow\"\u003ebcr@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdbcr\" rel=\"nofollow\"\u003e@bsdbcr\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch2\u003eInterview - JT Pennington - \u003ca href=\"mailto:jt@obs-sec.com\" rel=\"nofollow\"\u003ejt@obs-sec.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/q5sys\" rel=\"nofollow\"\u003e@q5sys\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3\u003eAMA questions\u003c/h3\u003e\n\n\u003cp\u003eBenedict:  You work at a university right?  Were you already into tech before you started working there?  What do you do there?\u003cbr\u003e\nYes, I do work at the University of Applied Sciences, Darmstadt, Germany. I’m a lab engineer there (without a lab, but with a big data cluster). I teach in the winter semester an undergraduate, elective course called “Unix for Developers”. Yes, I was already in tech by that time. Did some previous work at companies before (selling hardware at the call-in hotline and later in the store) and during my CS studies.\u003cbr\u003e\nAllan:  What’s the next big FreeBSD Project you plan on doing?\u003c/p\u003e\n\n\u003cp\u003eJT:  How did you get involved in BSD?  Weren\u0026#39;t you a Linux guy?\u003c/p\u003e\n\n\u003cp\u003eAll: Is there any way you can create an entire episode of BSDnow on hardware that runs OpenBSD and FreeBSD?  We see you audacity, etc on a mac.\u003cbr\u003e\nBenedict: Not sure about OpenBSD (don’t use it), but FreeBSD should be doable for my part. If we switch from Skype to a different video chat tool, the rest is already there. Production side may be more difficult, but not impossible.\u003c/p\u003e\n\n\u003cp\u003eAll: if you could finish up one project right now... what would it be?\u003cbr\u003e\nBenedict: Updated ZFS chapter in the FreeBSD handbook.\u003c/p\u003e\n\n\u003cp\u003eAll: How did all of you guys meet?\u003c/p\u003e\n\n\u003cp\u003eAll: My question is, do you guys use FreeBSD as your main \u003cem\u003edesktop\u003c/em\u003e OS?  If not, what do you use?\u003cbr\u003e\nBenedict: No, but Mac OS is close enough. Doing a lot of SSHing into FreeBSD from there.\u003cbr\u003e\nAll: Can you all give us the best shot of outside of their windows?\u003cbr\u003e\nJT’s answer: \u003ca href=\"https://photos.smugmug.com/photos/i-2LSbspL/0/69437dbb/5K/i-2LSbspL-5K.jpg\" rel=\"nofollow\"\u003ehttps://photos.smugmug.com/photos/i-2LSbspL/0/69437dbb/5K/i-2LSbspL-5K.jpg\u003c/a\u003e\u003cbr\u003e\n    Allan: \u003ca href=\"https://photos.app.goo.gl/UnKXnKMt6cn8FDhNA\" rel=\"nofollow\"\u003ehttps://photos.app.goo.gl/UnKXnKMt6cn8FDhNA\u003c/a\u003e\u003cbr\u003e\n    Benedict: No, it’s dark outside anyway. ;-)\u003c/p\u003e\n\n\u003cp\u003eAll: How old were you when you got your first computer and what was that computer?\u003cbr\u003e\nAllan: 12 or 13, a 486DX2/66hz with an insane 32mb of RAM, 400 and 500 MB SCSI HDDs, 14400 baud model, and a 1.7x CD rom drive\u003cbr\u003e\nBenedict: Around 13 or so. 386DX2, 4 MB RAM, IDE disk drive (no idea how big, but it wasn’t much), 3.5” floppy, DOS, and a lot of games.\u003cbr\u003e\nJT: Technically the first was a Atari 1200XL with a 6502 CPU running at 1.79 MHz 64KB RAM.  It had it\u0026#39;s own OS and you could load programs off of either cartridges, floppy disks, or cassette tapes. First PC Clone was a Packard Bell with a 386 and 1mb ram which later was upgraded to 4mb and a Dual speed CD-ROM.  My dad got me a Compaq 286 laptop... this one (show)... a year or so later because he got tired of fighting me for the computer.\u003c/p\u003e\n\n\u003cp\u003eAll: Can we have a peek at your bookcase and what books are there?\u003cbr\u003e\nAllan: No picture handy, but my shelf is pretty small, mostly a collection of autographed FreeBSD books. I have D\u0026amp;I with all 3 autographs (took some travel to acquire), and a copy of my first book (FreeBSD Mastery: ZFS) autographed by Jeff Bonwick and Matt Ahrens, the creators of ZFS, plus a bunch of other big names in ZFS like George Wilson.\u003cbr\u003e\nJT’s answer: So... my library is packed away... but here’s about half of it... the rest is still in storage. \u003ca href=\"https://photos.smugmug.com/photos/i-SBG2KDv/0/0b9856b8/4K/i-SBG2KDv-4K.jpg\" rel=\"nofollow\"\u003ehttps://photos.smugmug.com/photos/i-SBG2KDv/0/0b9856b8/4K/i-SBG2KDv-4K.jpg\u003c/a\u003e\u003cbr\u003e\nSoftware Collection: \u003ca href=\"https://photos.smugmug.com/photos/i-HfTVPN9/0/ad610dd4/O/i-HfTVPN9.jpg\" rel=\"nofollow\"\u003ehttps://photos.smugmug.com/photos/i-HfTVPN9/0/ad610dd4/O/i-HfTVPN9.jpg\u003c/a\u003e\u003cbr\u003e\nBenedict: A mix of FreeBSD books (by MWL), the graveyard book, 4 hour work week, the once and future king (took me a long time to finish that one), Total Immersion swimming (still learning to swim) and some books in german language, fiction and tech. Groff lives in there while the pandemic lasts.\u003c/p\u003e\n\n\u003cp\u003eAll: What desktop/Window Manager/shell do each of you primarily use?\u003cbr\u003e\nBenedict: Mainly Mac OS, when on FreeBSD it’s i3. Zsh with zsh-autosuggestions currently.\u003cbr\u003e\nJT: Lumina/zsh\u003cbr\u003e\nAllan: Lumina and tcsh, want to learn zsh but never gotten time to change\u003c/p\u003e\n\n\u003cp\u003eAll: What spoken languages do you speak?\u003cbr\u003e\n    Benedict: German and English (obviously), learning a bit of Spanish via Duolingo at the moment\u003cbr\u003e\n    JT: English, Bad English, and some French.\u003cbr\u003e\nAll: Do you have Non-Computer hobbies if so what are those?\u003cbr\u003e\n    Benedict: Tai Chi Chuan (Yang Style)\u003cbr\u003e\nJT: I\u0026#39;d say photography, but that\u0026#39;s a job for me.  I have a lot of varied interests, Krav Maga, working on my VW Corrado, working on the old Victorian house I bought, and camping/backpacking. Ive done the northern half of the AT (Appalachian Trail, I want to finish it up and then do the PCT and CDT. (Pacific Crest Trail and Continental Divide Trail).\u003c/p\u003e\n\n\u003cp\u003eAll: When COVID passes, when are either of you are coming to BSD pizza night in Portland, OR, USA so I can buy you a beer/wine/whisky or pizza/coffee/tea (or six)\u003c/p\u003e\n\n\u003ch3\u003eRapid Fire:\u003c/h3\u003e\n\n\u003cp\u003eAll: What was the first car you ever owned?\u003c/p\u003e\n\n\u003cp\u003eAll: Do you own a vehicle and if so what is the make/model?\u003c/p\u003e\n\n\u003cp\u003eAll: Favorite Star franchise? Star Wars, Star Trek, Stargate, Battlestar, etc.\u003c/p\u003e\n\n\u003cp\u003eJT:  Will you ever host any more BSDNow episodes?\u003c/p\u003e\n\n\u003cp\u003eAll: Favorite superhero? Marvel and/or DC.\u003c/p\u003e\n\n\u003cp\u003eAll: Favorite game(s) of all time?\u003c/p\u003e\n\n\u003cp\u003eAll: Pants or no pants on virtual meetings/presentations?\u003c/p\u003e\n\n\u003cp\u003eAll: Do you or have you used alternative operating systems that are not \u0026quot;main stream or is considered retro\u0026quot; if so what are those?\u003c/p\u003e\n\n\u003cp\u003eAll: Who has more animals at home?\u003c/p\u003e\n\n\u003cp\u003eAllan: Does Allan have any batteries for his tetris cubes? Can we see that thing light up?\u003c/p\u003e\n\n\u003cp\u003eAllan and Benedict:  Are you guys going to go on JT\u0026#39;s new show?\u003c/p\u003e\n\n\u003cp\u003eIf you’re wondering what show this is, here are the two shows Im a host of:\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.opensourcevoices.org\" rel=\"nofollow\"\u003ehttps://www.opensourcevoices.org\u003c/a\u003e \u0026amp; \u003ca href=\"https://www.theopiniondominion.org\" rel=\"nofollow\"\u003ehttps://www.theopiniondominion.org\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eAllan and Benedict: Have Allan or Benedict lost anything on the way to and from a conference?\u003c/p\u003e\n\n\u003cp\u003eBenedict: Is Benedict going to do his NOEL blocks again?\u003c/p\u003e\n\n\u003cp\u003eBenedict: Does Benedict make his bed every Wednesday morning?  It always looks great!\u003cbr\u003e\nNot just Wednesdays, but pretty much every day. Here, watch this: \u003ca href=\"https://www.youtube.com/watch?v=GKZRFDCbGTA\" rel=\"nofollow\"\u003ehttps://www.youtube.com/watch?v=GKZRFDCbGTA\u003c/a\u003e Nuff said. ;-)\u003cbr\u003e\nJT: Are you batman because the episodes are always awesome sir so thank you\u003cbr\u003e\nJT’s answer: Can you ever admit to being batman?  If I were batman wouldn\u0026#39;t I have to deny it?\u003c/p\u003e\n\n\u003cp\u003eAll: What\u0026#39;s your Daily Driver Hardware?\u003c/p\u003e\n\n\u003cp\u003eAll: Who has more servers or VMs at home?\u003cbr\u003e\nBenedict: Allan, easily\u003cbr\u003e\nJT: Allan definitely beats me with VMs, but I think I might give him a run on servers.  4x 4u HP DL580s, one HP DL980, three HP C3000 8 bay bladecenters, three HP C7000 16 bay Bladecenters, 2x Sun 280R, bunch of Dell and IBM 1Us… but all my stuff is old.  Allan has all the new and shiny stuff.\u003cbr\u003e\nThe Pile in the Kitchen: \u003ca href=\"https://photos.smugmug.com/photos/i-HBScrpk/0/4b058cc5/X2/i-HBScrpk-X2.jpg\" rel=\"nofollow\"\u003ehttps://photos.smugmug.com/photos/i-HBScrpk/0/4b058cc5/X2/i-HBScrpk-X2.jpg\u003c/a\u003e\u003cbr\u003e\nThe other pile: \u003ca href=\"https://photos.smugmug.com/photos/i-wNxFszV/0/e7a4b2d6/X2/i-wNxFszV-X2.jpg\" rel=\"nofollow\"\u003ehttps://photos.smugmug.com/photos/i-wNxFszV/0/e7a4b2d6/X2/i-wNxFszV-X2.jpg\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eAll: What book(s) are you currently reading?\u003cbr\u003e\nBenedict: Antifragile by Nassim Taleb\u003cbr\u003e\nJT: Douglas Hofstader - Gödel, Escher, Bach: An Eternal Golden Braid. Douglas Rushkoff - program or be programmed. Also a 4 part book series on the American civil war written in the 1880s, by people in the civil war.\u003c/p\u003e\n\n\u003cp\u003eAll: Favorite mechanical keyboard switch? Cherry MX, Kalih, Gateron, etc.\u003cbr\u003e\nBenedict: Cherry MX brown currently\u003cbr\u003e\n    Allan: Cherry MX Blue (Coolermaster Master Keys Pro-L)\u003cbr\u003e\n    JT: I prefer scissor switches, so I use a Logitech K740.\u003c/p\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"We asked for it, you answered our call. This episode features you interviewing us with questions that you sent in. JT, Allan, and Benedict answer everything that you ever wanted to know in this week’s special episode of BSDNow.","date_published":"2020-12-24T06:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/34202bd5-f96c-4d8a-9e18-5a8eb3c26e56.mp3","mime_type":"audio/mpeg","size_in_bytes":63242832,"duration_in_seconds":4011}]},{"id":"51b9f9e5-6af6-41d0-9e2a-01b51b1c6399","title":"381: Shell origins","url":"https://www.bsdnow.tv/381","content_text":"The Origin of the Shell, Return to Plan 9, ArisbluBSD: Why a new BSD?, OPNsense 20.7.5 released, Midnight BSD 2.0 Release Status, HardenedBSD November 2020 Status Report, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nThe Origin of the Shell\n\n\nCTSS was developed during 1963 and 64. I was at MIT on the computer center staff at that time. After having written dozens of commands for CTSS, I reached the stage where I felt that commands should be usable as building blocks for writing more commands, just like subroutine libraries. Hence, I wrote \"RUNCOM\", a sort of shell driving the execution of command scripts, with argument substitution. The tool became instantly most popular, as it became possible to go home in the evening while leaving behind long runcoms executing overnight. It was quite neat for boring and repetitive tasks such as renaming, moving, updating, compiling, etc. whole directories of files for system and application maintenance and monitoring.\n\n\n\n\nReturn to Plan 9\n\n\nPlan 9 from Bell Labs has held the same charm after my last visit that took a few days. This time I'll keep this operating system in an emulator where I can explore into it when I am distracted.\n\n\n\n\nNews Roundup\n\nWhy a new BSD?\n\n\nThis article is to explain some decisions and plans made by the ArisbluBSD team, why we are making our own thing, and what the plan is for the OS. We mainly want to talk about five things: desktop, package management, software availability, custom software, and the future of the OS. We mostly want to explain what the goal of the OS is, and how we plan to expand in the near future. Without further ado, let's explain ArisbluBSD's plan.\n\n\n\n\nOPNsense 20.7.5 released\n\n\nWe return briefly for a small patch set and plan to pin the 20.1 upgrade path to this particular version to avoid unnecessary stepping stones. We wish you all a healthy Friday. And of course: patch responsibly!\n\n\n\nMidnight BSD 2.0 Release Status\n\nWe identified some issues with the 2.0 ISOs slated for release with the ZFS bootloader not working. \nUntil this issue is resolved, we are unable to build release ISOs. We've left the old ones up as they work fine for anyone using UFS.\n\n\n\nHardenedBSD November 2020 Status Report\n\nWe're getting close to the end of November. My wife and I have plans this weekend, so I thought I'd take the time to write November's status report today.\n\n\n\n\nBeastie Bits\n\n• [rga: ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc.](https://phiresky.github.io/blog/2019/rga--ripgrep-for-zip-targz-docx-odt-epub-jpg/)\n• [exa - A modern replacement for ls](https://the.exa.website/)\n• [The myriad meanings of pwd in Unix systems](https://qmacro.org/2020/11/08/the-meaning-of-pwd-in-unix-systems/)\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nKarl - Camera Help\nAlejandro - domain registrar\nJohnny - thoughts on 372\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThe Origin of the Shell, Return to Plan 9, ArisbluBSD: Why a new BSD?, OPNsense 20.7.5 released, Midnight BSD 2.0 Release Status, HardenedBSD November 2020 Status Report, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://multicians.org/shell.html\" rel=\"nofollow\"\u003eThe Origin of the Shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCTSS was developed during 1963 and 64. I was at MIT on the computer center staff at that time. After having written dozens of commands for CTSS, I reached the stage where I felt that commands should be usable as building blocks for writing more commands, just like subroutine libraries. Hence, I wrote \u0026quot;RUNCOM\u0026quot;, a sort of shell driving the execution of command scripts, with argument substitution. The tool became instantly most popular, as it became possible to go home in the evening while leaving behind long runcoms executing overnight. It was quite neat for boring and repetitive tasks such as renaming, moving, updating, compiling, etc. whole directories of files for system and application maintenance and monitoring.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://boxbase.org/entries/2020/nov/1/return-to-plan9/\" rel=\"nofollow\"\u003eReturn to Plan 9\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePlan 9 from Bell Labs has held the same charm after my last visit that took a few days. This time I\u0026#39;ll keep this operating system in an emulator where I can explore into it when I am distracted.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.fivnex.co/2020/11/arisblubsd-why-new-bsd.html\" rel=\"nofollow\"\u003eWhy a new BSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis article is to explain some decisions and plans made by the ArisbluBSD team, why we are making our own thing, and what the plan is for the OS. We mainly want to talk about five things: desktop, package management, software availability, custom software, and the future of the OS. We mostly want to explain what the goal of the OS is, and how we plan to expand in the near future. Without further ado, let\u0026#39;s explain ArisbluBSD\u0026#39;s plan.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-20-7-5-released/\" rel=\"nofollow\"\u003eOPNsense 20.7.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe return briefly for a small patch set and plan to pin the 20.1 upgrade path to this particular version to avoid unnecessary stepping stones. We wish you all a healthy Friday. And of course: patch responsibly!\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.justjournal.com/users/mbsd/entry/33841\" rel=\"nofollow\"\u003eMidnight BSD 2.0 Release Status\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWe identified some issues with the 2.0 ISOs slated for release with the ZFS bootloader not working. \u003cbr\u003e\nUntil this issue is resolved, we are unable to build release ISOs. We\u0026#39;ve left the old ones up as they work fine for anyone using UFS.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2020-11-25/hardenedbsd-november-2020-status-report\" rel=\"nofollow\"\u003eHardenedBSD November 2020 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWe\u0026#39;re getting close to the end of November. My wife and I have plans this weekend, so I thought I\u0026#39;d take the time to write November\u0026#39;s status report today.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cpre\u003e\u003ccode\u003e• [rga: ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc.](https://phiresky.github.io/blog/2019/rga--ripgrep-for-zip-targz-docx-odt-epub-jpg/)\n• [exa - A modern replacement for ls](https://the.exa.website/)\n• [The myriad meanings of pwd in Unix systems](https://qmacro.org/2020/11/08/the-meaning-of-pwd-in-unix-systems/)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/381/feedback/Karl%20-%20camera%20help.md\" rel=\"nofollow\"\u003eKarl - Camera Help\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/381/feedback/alejandro%20-%20domain%20registrar.md\" rel=\"nofollow\"\u003eAlejandro - domain registrar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/381/feedback/Johnny%20-%20thoughts%20on%20372\" rel=\"nofollow\"\u003eJohnny - thoughts on 372\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The Origin of the Shell, Return to Plan 9, ArisbluBSD: Why a new BSD?, OPNsense 20.7.5 released, Midnight BSD 2.0 Release Status, HardenedBSD November 2020 Status Report, and more.","date_published":"2020-12-17T06:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/51b9f9e5-6af6-41d0-9e2a-01b51b1c6399.mp3","mime_type":"audio/mpeg","size_in_bytes":39764064,"duration_in_seconds":2517}]},{"id":"ee24cdc7-bb47-400d-8be0-968efefa4e15","title":"380: Early ZFS-mas","url":"https://www.bsdnow.tv/380","content_text":"We read FreeBSD’s 3rd quarter status report, OpenZFS 2.0, adding check-hash checks in UFS filesystem, OpenSSL 3.0 /dev/crypto issues on FreeBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\n3rd Quarter FreeBSD Report\n\n\nThe call for submissions for the 4th Quarter is out\n\n\n\n\nOpenZFS 2.0\n\n\nThis Monday, ZFS on Linux lead developer Brian Behlendorf published the OpenZFS 2.0.0 release to GitHub. Along with quite a lot of new features, the announcement brings an end to the former distinction between \"ZFS on Linux\" and ZFS elsewhere (for example, on FreeBSD). This move has been a long time coming—the FreeBSD community laid out its side of the roadmap two years ago—but this is the release that makes it official.\n\n\n\n\nNews Roundup\n\nRevision 367034\n\n\nVarious new check-hash checks have been added to the UFS filesystem\nover various major releases. Superblock check hashes were added for\nthe 12 release and cylinder-group and inode check hashes will appear\nin the 13 release.\n\n\n\nOpenSSL 3.0 /dev/crypto issues on FreeBSD\n\nSo, just learned that the OpenSSL devs decided to break /dev/crypto on FreeBSD.\n\n\n\n\nOS108-9.1 XFCE amd64 released\n\n\nOS108 is a fast, open and Secure Desktop Operating System built on top of NetBSD.\n\u0026gt; Installing OS108 to your hard drive is done by using the sysinst utility, the process is basically the same as installing NetBSD itself.  Please refer to the NetBSD guide for installation details, http://www.netbsd.org/docs/guide/en/part-install.html\nInstallation Video\n***\n\n\nBeastie Bits\n\n\nOpenBGPD 6.8p1 portable: released Nov 5th, 2020\nIRC Awk Bot\nDocker on FreeBSD using bhyve and sshfs\nThe UNIX Command Language (1976)\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nsanti - openrc\ntrond - python2 and mailman\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWe read FreeBSD’s 3rd quarter status report, OpenZFS 2.0, adding check-hash checks in UFS filesystem, OpenSSL 3.0 /dev/crypto issues on FreeBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2020-07-2020-09.html\" rel=\"nofollow\"\u003e3rd Quarter FreeBSD Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-quarterly-calls/2020/000007.html\" rel=\"nofollow\"\u003eThe call for submissions for the 4th Quarter is out\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arstechnica.com/gadgets/2020/12/openzfs-2-0-release-unifies-linux-bsd-and-adds-tons-of-new-features/\" rel=\"nofollow\"\u003eOpenZFS 2.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis Monday, ZFS on Linux lead developer Brian Behlendorf published the OpenZFS 2.0.0 release to GitHub. Along with quite a lot of new features, the announcement brings an end to the former distinction between \u0026quot;ZFS on Linux\u0026quot; and ZFS elsewhere (for example, on FreeBSD). This move has been a long time coming—the FreeBSD community laid out its side of the roadmap two years ago—but this is the release that makes it official.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/367034\" rel=\"nofollow\"\u003eRevision 367034\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eVarious new check-hash checks have been added to the UFS filesystem\u003cbr\u003e\nover various major releases. Superblock check hashes were added for\u003cbr\u003e\nthe 12 release and cylinder-group and inode check hashes will appear\u003cbr\u003e\nin the 13 release.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/openssl-3-written-to-break-on-freebsd/\" rel=\"nofollow\"\u003eOpenSSL 3.0 /dev/crypto issues on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eSo, just learned that the OpenSSL devs decided to break /dev/crypto on FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.os108.org/d/32-os108-91-xfce-amd64-released\" rel=\"nofollow\"\u003eOS108-9.1 XFCE amd64 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOS108 is a fast, open and Secure Desktop Operating System built on top of NetBSD.\n\u0026gt; Installing OS108 to your hard drive is done by using the sysinst utility, the process is basically the same as installing NetBSD itself.  Please refer to the NetBSD guide for installation details, \u003ca href=\"http://www.netbsd.org/docs/guide/en/part-install.html\" rel=\"nofollow\"\u003ehttp://www.netbsd.org/docs/guide/en/part-install.html\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/cgAeY21gXR4\" rel=\"nofollow\"\u003eInstallation Video\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.openbgpd.org/ftp.html\" rel=\"nofollow\"\u003eOpenBGPD 6.8p1 portable: released Nov 5th, 2020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://kflu.github.io/2020/08/15/2020-08-15-awk-irc-bot/\" rel=\"nofollow\"\u003eIRC Awk Bot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=ZVkJZJEdZNY\" rel=\"nofollow\"\u003eDocker on FreeBSD using bhyve and sshfs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susam/tucl\" rel=\"nofollow\"\u003eThe UNIX Command Language (1976)\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/380/feedback/santi%20-%20openrc.md\" rel=\"nofollow\"\u003esanti - openrc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/380/feedback/trond%20-%20python2%20and%20mailmane%20and%20sshfs\" rel=\"nofollow\"\u003etrond - python2 and mailman\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We read FreeBSD’s 3rd quarter status report, OpenZFS 2.0, adding check-hash checks in UFS filesystem, OpenSSL 3.0 /dev/crypto issues on FreeBSD, and more.","date_published":"2020-12-10T06:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ee24cdc7-bb47-400d-8be0-968efefa4e15.mp3","mime_type":"audio/mpeg","size_in_bytes":43761336,"duration_in_seconds":2639}]},{"id":"4957b8e6-e7da-4f6d-8bbb-3b52c33c959f","title":"379: bhyve my guest","url":"https://www.bsdnow.tv/379","content_text":"Adventures in Freebernetes, tracing kernel functions, The better way of building FreeBSD networks, New beginnings: CDBUG virtual meetings, LibreSSL update in DragonFly, Signal-cli with scli on FreeBSD, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nAdventures in Freebernetes: bhyve My Guest\n\n\nPart 2 of experiments in FreeBSD and Kubernetes: Creating your first guest\n\n\n\n\nTracing Kernel Functions: FBT stack() and arg\n\n\nIn my previous post I described how FBT intercepts function calls and vectors them into the DTrace framework. That laid the foundation for what I want to discuss in this post: the implementation of the stack() action and built-in arg variables. These features rely on the precise layout of the stack, the details of which I touched on previously. In this post I hope to illuminate those details a bit more with the help of some visuals, and then guide you through the implementation of these two DTrace features as they relate to the FBT provider.\n\n\n\n\nNews Roundup\n\nDummynet: The Better Way of Building FreeBSD Networks\n\n\nDummynet is the FreeBSD traffic shaper, packet scheduler, and network emulator. Dummynet allows you to emulate a whole set of network environments in a straight-forward way. It has the ability to model delay, packet loss, and can act as a traffic shaper and policer. Dummynet is roughly equivalent to netem in Linux, but we have found that dummynet is easier to integrate and provides much more consistent results.  \n\n\n\n\nNew beginnings: CDBUG virtual meetings\n\n\nI had overwhelmingly positive responses from the broader *BSD community about restarting CDBUG meetings as virtual, at least for now. Hopefully this works well and even when we're back to in-person meetings we can still find a way to bring in virtual attendees.\n\n\n\n\nLibreSSL update in DragonFly\n\n\nDragonFly has a new version of libressl,  noting cause it has a newer TLS1.3 implementation – something that may be necessary for you.\n\n\n\n\nSignal-cli with scli on FreeBSD\n\n\nSo couple of days ago I migrated from macOS on Macbook Pro to FreeBSD on ThinkPad T480s.\n\n\n\n\nBeastie Bits\n\n\nFirefox is not paxctl safe for NetBSD\nFreeBSD 12.2-RELEASE on Microsoft Azure Marketplace\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\ncarlos - BSD Now around the world\npaulo - freebsd on a Bananapi\n\n\npaulo - followup\n\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eAdventures in Freebernetes, tracing kernel functions, The better way of building FreeBSD networks, New beginnings: CDBUG virtual meetings, LibreSSL update in DragonFly, Signal-cli with scli on FreeBSD, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://productionwithscissors.run/2020/10/29/adventures-in-freebernetes-bhyve-my-guest/\" rel=\"nofollow\"\u003eAdventures in Freebernetes: bhyve My Guest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePart 2 of experiments in FreeBSD and Kubernetes: Creating your first guest\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://zinascii.com/2020/fbt-args-and-stack.html?s=03\" rel=\"nofollow\"\u003eTracing Kernel Functions: FBT stack() and arg\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my previous post I described how FBT intercepts function calls and vectors them into the DTrace framework. That laid the foundation for what I want to discuss in this post: the implementation of the stack() action and built-in arg variables. These features rely on the precise layout of the stack, the details of which I touched on previously. In this post I hope to illuminate those details a bit more with the help of some visuals, and then guide you through the implementation of these two DTrace features as they relate to the FBT provider.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/dummynet-the-better-way-of-building-freebsd-networks/\" rel=\"nofollow\"\u003eDummynet: The Better Way of Building FreeBSD Networks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDummynet is the FreeBSD traffic shaper, packet scheduler, and network emulator. Dummynet allows you to emulate a whole set of network environments in a straight-forward way. It has the ability to model delay, packet loss, and can act as a traffic shaper and policer. Dummynet is roughly equivalent to netem in Linux, but we have found that dummynet is easier to integrate and provides much more consistent results.  \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/cdbug-talk/2020-October/000901.html\" rel=\"nofollow\"\u003eNew beginnings: CDBUG virtual meetings\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI had overwhelmingly positive responses from the broader *BSD community about restarting CDBUG meetings as virtual, at least for now. Hopefully this works well and even when we\u0026#39;re back to in-person meetings we can still find a way to bring in virtual attendees.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/11/10/25143.html\" rel=\"nofollow\"\u003eLibreSSL update in DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDragonFly has a new version of libressl,  noting cause it has a newer TLS1.3 implementation – something that may be necessary for you.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://antranigv.am/weblog_en/posts/freebsd-signal-cli-scli/\" rel=\"nofollow\"\u003eSignal-cli with scli on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo couple of days ago I migrated from macOS on Macbook Pro to FreeBSD on ThinkPad T480s.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://anonhg.netbsd.org/pkgsrc/rev/9386adbd052e\" rel=\"nofollow\"\u003eFirefox is not paxctl safe for NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/thefreebsdfoundation.freebsd-12_2?tab=Overview\" rel=\"nofollow\"\u003eFreeBSD 12.2-RELEASE on Microsoft Azure Marketplace\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/379/feedback/carlos%20-%20BSD%20Now%20around%20the%20world.md\" rel=\"nofollow\"\u003ecarlos - BSD Now around the world\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/379/feedback/paulo%20-%20freebsd%20on%20a%20Bananapi.md\" rel=\"nofollow\"\u003epaulo - freebsd on a Bananapi\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/379/feedback/paulo%20-%20followup.md\" rel=\"nofollow\"\u003epaulo - followup\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Adventures in Freebernetes, tracing kernel functions, The better way of building FreeBSD networks, New beginnings: CDBUG virtual meetings, LibreSSL update in DragonFly, Signal-cli with scli on FreeBSD, and more.","date_published":"2020-12-03T06:45:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4957b8e6-e7da-4f6d-8bbb-3b52c33c959f.mp3","mime_type":"audio/mpeg","size_in_bytes":37714488,"duration_in_seconds":2239}]},{"id":"5d96e357-c800-4037-bc9d-3251ca0b1cd0","title":"378: Networknomicon","url":"https://www.bsdnow.tv/378","content_text":"Interview with Michael W. Lucas: SNMP and TLS book, cashflow for creators, book sale and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nInterview with Michael W. Lucas\n\n\nSNMP Book\nThe Networknomicon\nSponsor the TLS Book\nCashflow for creators\nBook sale\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Michael W Lucas.","content_html":"\u003cp\u003eInterview with Michael W. Lucas: SNMP and TLS book, cashflow for creators, book sale and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eInterview with Michael W. Lucas\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"https://mwl.io/nonfiction/networking#snmp\" rel=\"nofollow\"\u003eSNMP Book\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mwl.io/nonfiction/networking#networknomicon\" rel=\"nofollow\"\u003eThe Networknomicon\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.tiltedwindmillpress.com/product-category/sponsor/\" rel=\"nofollow\"\u003eSponsor the TLS Book\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mwl.io/nonfiction/biz-craft\" rel=\"nofollow\"\u003eCashflow for creators\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://mwl.io/blog/9313\" rel=\"nofollow\"\u003eBook sale\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Michael W Lucas.\u003c/p\u003e","summary":"Interview with Michael W. Lucas: SNMP and TLS book, cashflow for creators, book sale and more. ","date_published":"2020-11-26T06:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5d96e357-c800-4037-bc9d-3251ca0b1cd0.mp3","mime_type":"audio/mpeg","size_in_bytes":55682424,"duration_in_seconds":3380}]},{"id":"610cb191-462b-4968-a1ae-01d1aebf93ba","title":"377: Firewall ban-sharing","url":"https://www.bsdnow.tv/377","content_text":"History of FreeBD: BSDi and USL Lawsuits, Building a Website on Google Compute Engine, Firewall ban-sharing across machines, OpenVPN as default gateway on OpenBSD, Sorting out what the Single Unix Specification is, Switching from Apple to a Thinkpad for development, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nHistory of FreeBSD : Part 2 : BSDi and USL Lawsuits\n\n\nIn this second part of our series on the history of FreeBSD, we continue to trace the pre-history of FreeBSD and the events that would eventually shape the project and the future of open source software. \n\n\n\n\nBuilding a Web Site on Google Compute Engine\n\n\nHere's how I deployed a web site to the Google Cloud Platform. I used FreeBSD for good performance, stability, and minimal complexity. I set up HTTPS with free Let's Encrypt TLS certificates for both RSA and ECC. Then I adjusted the Apache configuration for a good score from the authoritative Qualys server analysis.\n\n\n\n\nNews Roundup\n\nFirewall ban-sharing across machines\n\n\nAs described in My infrastructure as of 2019, my machines are located in three different sites and are loosely coupled. Nonetheless, I wanted to set things up so that if an IP address is acting maliciously toward one machine, all my machines block that IP at once so the meanie won't get to try one machine after another.\n\n\n\nOpenVPN as default gateway on OpenBSD\n\nIf you plan to use an OpenVPN tunnel to reach your default gateway, which would make the tun interface in the egress group, and use tun0 in your pf.conf which is loaded before OpenVPN starts?\nHere are the few tips I use to solve the problems.\n\n\n\nSorting out what the Single Unix Specification is and covers\n\nSorting out what the Single Unix Specification is and covers\nOctober 8, 2020\nI've linked to the Single Unix Specification any number of times, for various versions of it (when I first linked to it, it was at issue 6, in 2006; it's now up to a 2018 edition). But I've never been quite clear what it covered and didn't cover, and how it related to POSIX and similar things. After yesterday's entry got me looking at the SuS site again, I decided to try to sort this out once and for all.\n\n\n\nBye-bye, Apple\n\nThe days of Apple products are behind me. I had been developing on a Macbook for over twelve years, but now, I’ve switched to an ever trending setup: OpenBSD on a Thinkpad.\nThe new platform is a winner. Everything is clean, quick, and configurable. When I ps uaxww, I’m not hogging ‘gigs’ of RAM just to have things up and running. There’s no black magic that derails me at every turn. In short, my sanity has been long restored.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nChris - small projects\nJens - ZFS Question\n\n\nOne pool to rule them all\n\nShroyer - Dotnet on FreeBSD for Jellyfin\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eHistory of FreeBD: BSDi and USL Lawsuits, Building a Website on Google Compute Engine, Firewall ban-sharing across machines, OpenVPN as default gateway on OpenBSD, Sorting out what the Single Unix Specification is, Switching from Apple to a Thinkpad for development, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/history-of-freebsd-part-2-bsdi-and-usl-lawsuits/\" rel=\"nofollow\"\u003eHistory of FreeBSD : Part 2 : BSDi and USL Lawsuits\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this second part of our series on the history of FreeBSD, we continue to trace the pre-history of FreeBSD and the events that would eventually shape the project and the future of open source software. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cromwell-intl.com/open-source/google-freebsd-tls/\" rel=\"nofollow\"\u003eBuilding a Web Site on Google Compute Engine\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere\u0026#39;s how I deployed a web site to the Google Cloud Platform. I used FreeBSD for good performance, stability, and minimal complexity. I set up HTTPS with free Let\u0026#39;s Encrypt TLS certificates for both RSA and ECC. Then I adjusted the Apache configuration for a good score from the authoritative Qualys server analysis.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://chown.me/blog/acacia\" rel=\"nofollow\"\u003eFirewall ban-sharing across machines\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs described in My infrastructure as of 2019, my machines are located in three different sites and are loosely coupled. Nonetheless, I wanted to set things up so that if an IP address is acting maliciously toward one machine, all my machines block that IP at once so the meanie won\u0026#39;t get to try one machine after another.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-10-27-openbsd-openvpn.html\" rel=\"nofollow\"\u003eOpenVPN as default gateway on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eIf you plan to use an OpenVPN tunnel to reach your default gateway, which would make the tun interface in the egress group, and use tun0 in your pf.conf which is loaded before OpenVPN starts?\u003cbr\u003e\nHere are the few tips I use to solve the problems.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/SingleUnixSpecificationWhat\" rel=\"nofollow\"\u003eSorting out what the Single Unix Specification is and covers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eSorting out what the Single Unix Specification is and covers\u003cbr\u003e\nOctober 8, 2020\u003cbr\u003e\nI\u0026#39;ve linked to the Single Unix Specification any number of times, for various versions of it (when I first linked to it, it was at issue 6, in 2006; it\u0026#39;s now up to a 2018 edition). But I\u0026#39;ve never been quite clear what it covered and didn\u0026#39;t cover, and how it related to POSIX and similar things. After yesterday\u0026#39;s entry got me looking at the SuS site again, I decided to try to sort this out once and for all.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.cretaria.com/posts/bye-bye-apple.html\" rel=\"nofollow\"\u003eBye-bye, Apple\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThe days of Apple products are behind me. I had been developing on a Macbook for over twelve years, but now, I’ve switched to an ever trending setup: OpenBSD on a Thinkpad.\u003cbr\u003e\nThe new platform is a winner. Everything is clean, quick, and configurable. When I ps uaxww, I’m not hogging ‘gigs’ of RAM just to have things up and running. There’s no black magic that derails me at every turn. In short, my sanity has been long restored.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/377/feedback/Chris%20-%20small%20projects.md\" rel=\"nofollow\"\u003eChris - small projects\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/377/feedback/Jens%20-%20ZFS%20Question.md\" rel=\"nofollow\"\u003eJens - ZFS Question\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://ftfl.ca/blog/2016-09-17-zfs-fde-one-pool-conversion.html\" rel=\"nofollow\"\u003eOne pool to rule them all\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/377/feedback/Shroyer%20-%20Dotnet%20on%20FreeBSD%20for%20Jellyfin.md\" rel=\"nofollow\"\u003eShroyer - Dotnet on FreeBSD for Jellyfin\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"History of FreeBD: BSDi and USL Lawsuits, Building a Website on Google Compute Engine, Firewall ban-sharing across machines, OpenVPN as default gateway on OpenBSD, Sorting out what the Single Unix Specification is, Switching from Apple to a Thinkpad for development, and more","date_published":"2020-11-19T06:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/610cb191-462b-4968-a1ae-01d1aebf93ba.mp3","mime_type":"audio/mpeg","size_in_bytes":46483632,"duration_in_seconds":2887}]},{"id":"f32e4d71-13e3-4cfa-a98d-c3806ac0c665","title":"376: Build stable packages","url":"https://www.bsdnow.tv/376","content_text":"FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD 12.2 Release\n\n\nThe release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.\n\n\n\nZFS Webinar: November 18th\n\nJoin us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS”\nBuilding Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors.\nKeeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation.\nDatasets and Properties – Controlling settings with properties and many other tricks!\n\n\n\n\nNews Roundup\n\nGoogle Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD\n\n\nSys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals.\n\n\n\n\nHow the OpenBSD -stable packages are built\n\n\nIn this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me.\n\n\n\n\nOPNsense 20.7.4 released\n\n\nThis release finally wraps up the recent Netmap kernel changes and tests.\nThe Realtek vendor driver was updated as well as third party software cURL,\nlibxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple\nof them.\n\n\n\n\nBeastie Bits\n\n\nBinutils and linker changes\n28 Years of NetBSD contributions\nBluetooth Audio on OpenBSD\nK8s Bhyve\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nSean - C Flags\nThierry - RPI ZFS question\n\n\nThierry's script\n***\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/12.2R/relnotes.html\" rel=\"nofollow\"\u003eFreeBSD 12.2 Release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/learning/best-practices-for-optimizing-zfs1/\" rel=\"nofollow\"\u003eZFS Webinar: November 18th\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eJoin us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS”\u003cbr\u003e\nBuilding Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors.\u003cbr\u003e\nKeeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation.\u003cbr\u003e\nDatasets and Properties – Controlling settings with properties and many other tricks!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/google_summer_of_code_20202\" rel=\"nofollow\"\u003eGoogle Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-10-29-official-openbsd-stable-architecture.html\" rel=\"nofollow\"\u003eHow the OpenBSD -stable packages are built\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-20-7-4-released/\" rel=\"nofollow\"\u003eOPNsense 20.7.4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis release finally wraps up the recent Netmap kernel changes and tests.\u003cbr\u003e\nThe Realtek vendor driver was updated as well as third party software cURL,\u003cbr\u003e\nlibxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple\u003cbr\u003e\nof them.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/11/03/25120.html\" rel=\"nofollow\"\u003eBinutils and linker changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NetBSD/src/graphs/contributors\" rel=\"nofollow\"\u003e28 Years of NetBSD contributions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ifconfig.se/bluetooth-audio-openbsd.html\" rel=\"nofollow\"\u003eBluetooth Audio on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://k8s-bhyve.convectix.com\" rel=\"nofollow\"\u003eK8s Bhyve\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Sean%20-%20C%20Flags.md\" rel=\"nofollow\"\u003eSean - C Flags\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/Thierry%20-%20RPI%20ZFS%20question.md\" rel=\"nofollow\"\u003eThierry - RPI ZFS question\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/376/feedback/script.md\" rel=\"nofollow\"\u003eThierry\u0026#39;s script\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more","date_published":"2020-11-12T06:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f32e4d71-13e3-4cfa-a98d-c3806ac0c665.mp3","mime_type":"audio/mpeg","size_in_bytes":45514920,"duration_in_seconds":2780}]},{"id":"66a4f529-c2fb-4a8e-83db-9f6cd6ff0809","title":"375: Virtually everything","url":"https://www.bsdnow.tv/375","content_text":"bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nbhyve - The FreeBSD Hypervisor\n\n\nFreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.\n\n\n\nZFS and FreeBSD Support\n\nKlara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. Check it out on our website!\n\n\nudf info leak\n\n\nFreeBSD UDF driver info leak\nAnalysis done on FreeBSD release 11.0 because that's what I had around.\n\n\nFix committed to FreeBSD\n***\n\n\n\nNews Roundup\n\nI'm now a user of Vim, not classical Vi (partly because of windows)\n\n\nIn the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.\n\n\n\nFreeBSD on ESXi ARM Fling: Fixing Virtual Hardware\n\nWith the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.\n\n\n\nIntroduction of a new FreeBSD Remote Process Plugin in LLDB\n\nMoritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.\n\n\n\n\nOpenBSD Laptop\n\n\nHi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nEthan - Linux user wanting to try out OpenBSD\niian - Learning IT\njohnny - bsd swag\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003ebhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/\" rel=\"nofollow\"\u003ebhyve - The FreeBSD Hypervisor\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eZFS and FreeBSD Support\u003c/h3\u003e\n\n\u003cp\u003eKlara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. \u003ca href=\"https://klarasystems.com/support/\" rel=\"nofollow\"\u003eCheck it out on our website!\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b\" rel=\"nofollow\"\u003eudf info leak\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD UDF driver info leak\u003cbr\u003e\nAnalysis done on FreeBSD release 11.0 because that\u0026#39;s what I had around.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/366005\" rel=\"nofollow\"\u003eFix committed to FreeBSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/VimNowAUser\" rel=\"nofollow\"\u003eI\u0026#39;m now a user of Vim, not classical Vi (partly because of windows)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the past I\u0026#39;ve written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/\" rel=\"nofollow\"\u003eFreeBSD on ESXi ARM Fling: Fixing Virtual Hardware\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eWith the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/\" rel=\"nofollow\"\u003eIntroduction of a new FreeBSD Remote Process Plugin in LLDB\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eMoritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2020/10/14/openbsd-laptop/\" rel=\"nofollow\"\u003eOpenBSD Laptop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md\" rel=\"nofollow\"\u003eEthan - Linux user wanting to try out OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md\" rel=\"nofollow\"\u003eiian - Learning IT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md\" rel=\"nofollow\"\u003ejohnny - bsd swag\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":" bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more.","date_published":"2020-11-05T06:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/66a4f529-c2fb-4a8e-83db-9f6cd6ff0809.mp3","mime_type":"audio/mpeg","size_in_bytes":43394088,"duration_in_seconds":2688}]},{"id":"4e2796a1-1895-47bd-81ca-fc3c80f043e6","title":"374: OpenBSD’s 25th anniversary","url":"https://www.bsdnow.tv/374","content_text":"OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nOpenBSD 6.8\n\n\nReleased Oct 18, 2020. (OpenBSD's 25th anniversary)\n\n\n\nNetBSD 9.1 Released\n\nThe NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\n\n\n\n\nOpenZFS Developer Summit 2020\n\n\nAs with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference.\n    • After attending the conference, I wrote up some of my notes from each of the talks\n    • Part 2\n\n\n\n\nZFS and FreeBSD Support\n\nKlara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! Check it out on our website!\n\nNews Roundup\n\nBastilleBSD - native container management for FreeBSD\n\n\nSome time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used.\nOn FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives.\nA quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD.\n\n\n\n\nTarsnap – cleaning up old backups\n\n\nI use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.\n\n\n\n\nMWL - BookSale\n\n\nFor those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while.\nOver at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1.\n\n\n\n\nBeastie Bits\n\n\nBrian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109\nThe UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson -  July 1974\nUsing a 1930 Teletype as a Linux Terminal\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nlars - infosec handbook\nscott - zfs import\nzhong - first episode\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/68.html\" rel=\"nofollow\"\u003eOpenBSD 6.8\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eReleased Oct 18, 2020. (OpenBSD\u0026#39;s 25th anniversary)\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netbsd.org/releases/formal-9/NetBSD-9.1.html\" rel=\"nofollow\"\u003eNetBSD 9.1 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThe NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/openzfs-developer-summit-part-1/\" rel=\"nofollow\"\u003eOpenZFS Developer Summit 2020\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference.\u003cbr\u003e\n    • After attending the conference, I wrote up some of my notes from each of the talks\u003cbr\u003e\n    • \u003ca href=\"https://klarasystems.com/articles/openzfs-developer-summit-part-2/\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eZFS and FreeBSD Support\u003c/h3\u003e\n\n\u003cp\u003eKlara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What\u0026#39;s even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! \u003ca href=\"https://klarasystems.com/support/\" rel=\"nofollow\"\u003eCheck it out on our website!\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fibric.hashnode.dev/bastillebsd-native-container-management-for-freebsd\" rel=\"nofollow\"\u003eBastilleBSD - native container management for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used.\u003cbr\u003e\nOn FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives.\u003cbr\u003e\nA quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2020/09/10/tarsnap-cleaning-up-old-backups/\" rel=\"nofollow\"\u003eTarsnap – cleaning up old backups\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/8009\" rel=\"nofollow\"\u003eMWL - BookSale\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while.\u003cbr\u003e\nOver at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=O9upVbGSBFo\" rel=\"nofollow\"\u003eBrian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://chsasank.github.io/classic_papers/unix-time-sharing-system.html#\" rel=\"nofollow\"\u003eThe UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson -  July 1974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=2XLZ4Z8LpEE\" rel=\"nofollow\"\u003eUsing a 1930 Teletype as a Linux Terminal\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/lars%20-%20infosec%20handbook.md\" rel=\"nofollow\"\u003elars - infosec handbook\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/scott%20-%20zfs%20import.md\" rel=\"nofollow\"\u003escott - zfs import\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/374/feedback/zhong%20-%20first%20episode.md\" rel=\"nofollow\"\u003ezhong - first episode\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.","date_published":"2020-10-29T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4e2796a1-1895-47bd-81ca-fc3c80f043e6.mp3","mime_type":"audio/mpeg","size_in_bytes":52402776,"duration_in_seconds":3280}]},{"id":"acdecc6a-f7b7-4d64-b64d-f7be713b78e2","title":"373: Kyle Evans Interview","url":"https://www.bsdnow.tv/373","content_text":"We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nInterview - Kyle Evans - kevans@freebsd.org / @kaevans91\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWe have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eInterview - Kyle Evans - \u003ca href=\"mailto:kevans@freebsd.org\" rel=\"nofollow\"\u003ekevans@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/kaevans91\" rel=\"nofollow\"\u003e@kaevans91\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.","date_published":"2020-10-22T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/acdecc6a-f7b7-4d64-b64d-f7be713b78e2.mp3","mime_type":"audio/mpeg","size_in_bytes":34011936,"duration_in_seconds":2013}]},{"id":"30f77e86-34d4-4e1a-a1c7-32e62f393980","title":"372: Slow SSD scrubs","url":"https://www.bsdnow.tv/372","content_text":"Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nWayland on BSD\n\n\nAfter I posted about the new default window manager in NetBSD I got a few questions, including \"when is NetBSD switching from X11 to Wayland?\", Wayland being X11's \"new\" rival. In this blog post, hopefully I can explain why we aren't yet!\n\n\n\nMy BSD sucks less than yours\n\nThis paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different \"visions\" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way.\n\nVideo\n\n\nEuroBSDCon 2017 Part 1\nEuroBSDCon 2017 Part 2\n\n\n\n\n\nNews Roundup\n\nEven on SSDs, ongoing activity can slow down ZFS scrubs drastically\n\n\nBack in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn't bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn't matter. Indeed, our SSD pools generally scrub like lightning.\n\n\n\nOpenBSD on the Desktop (Part I)\n\nLet's install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I'm no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice.\n\n\n\nA simple shell status bar for OpenBSD and cwm(1)\n\nThese days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot!\nAs I love scripting, I decided to build my own.\n\n\n\nBeastie Bits\n\nDragonFly v5.8.3 released to address to issues\nOpenSSH 8.4 released\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\nFeedback/Questions\n\n\nDane - FreeBSD vs Linux in Microservices and Containters\nMason - questions.md\nMichael - Tmux License.md\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eWayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/wayland_on_netbsd_trials_and\" rel=\"nofollow\"\u003eWayland on BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter I posted about the new default window manager in NetBSD I got a few questions, including \u0026quot;when is NetBSD switching from X11 to Wayland?\u0026quot;, Wayland being X11\u0026#39;s \u0026quot;new\u0026quot; rival. In this blog post, hopefully I can explain why we aren\u0026#39;t yet!\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-full_paper.pdf\" rel=\"nofollow\"\u003eMy BSD sucks less than yours\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThis paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different \u0026quot;visions\u0026quot; and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way.\u003c/p\u003e\n\n\u003cp\u003eVideo\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=ZhpaKuXKob4\" rel=\"nofollow\"\u003eEuroBSDCon 2017 Part 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=cYp70KWD824\" rel=\"nofollow\"\u003eEuroBSDCon 2017 Part 2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSSSDActivitySlowsScrubs\" rel=\"nofollow\"\u003eEven on SSDs, ongoing activity can slow down ZFS scrubs drastically\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBack in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn\u0026#39;t bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn\u0026#39;t matter. Indeed, our SSD pools generally scrub like lightning.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://paedubucher.ch/articles/2020-09-05-openbsd-on-the-desktop-part-i.html\" rel=\"nofollow\"\u003eOpenBSD on the Desktop (Part I)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eLet\u0026#39;s install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I\u0026#39;m no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20200923/a-simple-shell-status-bar-for-cwm/\" rel=\"nofollow\"\u003eA simple shell status bar for OpenBSD and cwm(1)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThese days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot!\u003cbr\u003e\nAs I love scripting, I decided to build my own.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2020-September/769777.html\" rel=\"nofollow\"\u003eDragonFly v5.8.3 released to address to issues\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://www.openssh.com/txt/release-8.4\" rel=\"nofollow\"\u003eOpenSSH 8.4 released\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Dane%20-%20FreeBSD%20vs%20Linux%20in%20Microservices%20and%20Containters.md\" rel=\"nofollow\"\u003eDane - FreeBSD vs Linux in Microservices and Containters\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Mason%20-%20questions.md\" rel=\"nofollow\"\u003eMason - questions.md\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/372/feedback/Michael%20-%20Tmux%20License.md\" rel=\"nofollow\"\u003eMichael - Tmux License.md\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.","date_published":"2020-10-15T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/30f77e86-34d4-4e1a-a1c7-32e62f393980.mp3","mime_type":"audio/mpeg","size_in_bytes":47975808,"duration_in_seconds":2884}]},{"id":"8f2644a5-d6f7-49ca-bcd6-1a6336110611","title":"371: Wildcards running wild","url":"https://www.bsdnow.tv/371","content_text":"New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nMy New Project: zedfs.com\n\n\nHave you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling.\nOn this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you!\n\n\n\n\nTrueNAS CORE is Ready for Deployment\n\n\nTrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule.\nThe TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60.\n\n\n\n\nNews Roundup\n\nInterprocess Communication in FreeBSD 11: Performance Analysis\n\n\nInterprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments.\n\n\n\n\nBack To The Future: Unix Wildcards Gone Wild\n\n\nFirst of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There...  Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013.\n\n\n\n\nUnix Wars\n\n\nDozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth...\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nChris - installing FreeBSD 13-current\nDane - FreeBSD History Lesson\nMarc - linux compat\nMason - apropos battery\nPaul - a topic idea\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eNew Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.oshogbo.vexillium.org/blog/80/\" rel=\"nofollow\"\u003eMy New Project: zedfs.com\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHave you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling.\u003cbr\u003e\nOn this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-12-rc-1/\" rel=\"nofollow\"\u003eTrueNAS CORE is Ready for Deployment\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule.\u003cbr\u003e\nThe TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arxiv.org/pdf/2008.02145.pdf\" rel=\"nofollow\"\u003eInterprocess Communication in FreeBSD 11: Performance Analysis\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eInterprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt\" rel=\"nofollow\"\u003eBack To The Future: Unix Wildcards Gone Wild\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome\u0026#39;s Chain-14-Different-Bugs-To-Get-There...  Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.livinginternet.com/i/iw_unix_war.htm\" rel=\"nofollow\"\u003eUnix Wars\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth...\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Chris%20-%20installing%20FreeBSD%2013-current.md\" rel=\"nofollow\"\u003eChris - installing FreeBSD 13-current\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Dane%20-%20FreeBSD%20History%20Lesson.md\" rel=\"nofollow\"\u003eDane - FreeBSD History Lesson\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Marc%20-%20linux%20compat.md\" rel=\"nofollow\"\u003eMarc - linux compat\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Mason%20-%20apropos%20battery.md\" rel=\"nofollow\"\u003eMason - apropos battery\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/371/feedback/Paul%20-%20a%20topic%20idea.md\" rel=\"nofollow\"\u003ePaul - a topic idea\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more","date_published":"2020-10-08T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8f2644a5-d6f7-49ca-bcd6-1a6336110611.mp3","mime_type":"audio/mpeg","size_in_bytes":40775352,"duration_in_seconds":2477}]},{"id":"4bc93957-8853-4c7a-b016-604d770c5b71","title":"370: Testing shutdown","url":"https://www.bsdnow.tv/370","content_text":"The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFuryBSD 2020-Q3 The world’s first OpenZFS based live image\n\n\nFuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing.  In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root).\n\n\n\n\nFreeBSD Subversion to Git Migration: Pt 1 Why?\n\n\nFreeBSD moving to Git: Why?  With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with \"why\"?\nVideo from Warner Losh\n\n\n\n\nNews Roundup\n\nFreeBSD Instant-workstation 2020\n\n\nA little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you.\n\n\n\n\nnut – testing the shutdown mechanism\n\n\nFollowing on from my recent nut setup, this is the second in a series of three posts.\nThe next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required.\n\n\n\n\nlogin_ldap added to OpenBSD -current\n\n\nWith this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current\n\n\nhttps://marc.info/?l=openbsd-cvs\u0026amp;m=159992319027593\u0026amp;w=2\n***\n\n\n\nBeastie Bits\n\n\nNetBSD current now has GCC 9.3.0 for x86/ARM\nMidnightBSD 1.2.8\nMidnightBSD 2.0-Current\nRetro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nRick - rcorder\nDan - machiatto bin\nLuis - old episodes\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThe world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.furybsd.org/furybsd-2020-q3-the-worlds-first-openzfs-based-live-image/\" rel=\"nofollow\"\u003eFuryBSD 2020-Q3 The world’s first OpenZFS based live image\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing.  In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root).\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdimp.blogspot.com/2020/09/freebsd-subversion-to-git-migration.html\" rel=\"nofollow\"\u003eFreeBSD Subversion to Git Migration: Pt 1 Why?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD moving to Git: Why?  With luck, I\u0026#39;ll be writing a few blogs on FreeBSD\u0026#39;s move to git later this year. Today, we\u0026#39;ll start with \u0026quot;why\u0026quot;?\u003cbr\u003e\n\u003ca href=\"https://www.youtube.com/watch?v=Lx9lKr_M-DI\" rel=\"nofollow\"\u003eVideo from Warner Losh\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/freebsd/2020/09/17/instant-workstation.html\" rel=\"nofollow\"\u003eFreeBSD Instant-workstation 2020\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2020/09/10/nut-testing-the-shutdown-mechanism/\" rel=\"nofollow\"\u003enut – testing the shutdown mechanism\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFollowing on from my recent nut setup, this is the second in a series of three posts.\u003cbr\u003e\nThe next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200913081040\" rel=\"nofollow\"\u003elogin_ldap added to OpenBSD -current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=159992319027593\u0026w=2\" rel=\"nofollow\"\u003ehttps://marc.info/?l=openbsd-cvs\u0026amp;m=159992319027593\u0026amp;w=2\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/netbsd/status/1305082782457245696\" rel=\"nofollow\"\u003eNetBSD current now has GCC 9.3.0 for x86/ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.justjournal.com/users/mbsd/entry/33802\" rel=\"nofollow\"\u003eMidnightBSD 1.2.8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.justjournal.com/users/mbsd/entry/33806\" rel=\"nofollow\"\u003eMidnightBSD 2.0-Current\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.singlix.com/runix/\" rel=\"nofollow\"\u003eRetro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/Rick%20-%20rcorder.md\" rel=\"nofollow\"\u003eRick - rcorder\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/dan%20-%20machiatto%20bin.md\" rel=\"nofollow\"\u003eDan - machiatto bin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/luis%20-%20old%20episodes.md\" rel=\"nofollow\"\u003eLuis - old episodes\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more","date_published":"2020-10-01T06:15:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4bc93957-8853-4c7a-b016-604d770c5b71.mp3","mime_type":"audio/mpeg","size_in_bytes":43353456,"duration_in_seconds":2712}]},{"id":"3594bb2c-b1c8-4f13-bcb9-6ad5094179a5","title":"369: Where rc.d belongs","url":"https://www.bsdnow.tv/369","content_text":"High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nHigh Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated\n\n\nI have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.\n\n\n\n\nBuilding the Development Version of Emacs on NetBSD\n\n\nI hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.\n\n\n\n\nNews Roundup\n\nrc.d belongs in libexec, not etc\n\n\nLet’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.\nThis misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.\n\n\n\n\nFreeBSD 11.3 EOL\n\n\nAs of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer\nbe supported by the FreeBSD Security Team.  Users of FreeBSD 11.3 are strongly\nencouraged to upgrade to a newer release as soon as possible.\n\n\n\n\nOPNsense 20.7.1 Released\n\n\nOverall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough.  Stay tuned.\n\n\n\n\nMidnightBSD 1.2.7 out\n\n\nMidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.\nIt includes several bug fixes and security updates over the last ISO release and is recommended for new installations.\nUsers who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes\n\n\n\n\nBeastie Bits\n\n\nTarsnap podcast\nNetBSD Tips and Tricks\nFreeBSD mini-git Primer\nGhostBSD Financial Reports\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nDaniel - Documentation Tooling\nFongaboo - Where did the ZFS tutorial Go?\nJohnny - Browser Cold Wars\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eHigh Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/bsdnow\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dzone.com/articles/high-availability-routerfirewall-using-openbsd-car\" rel=\"nofollow\"\u003eHigh Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lars.ingebrigtsen.no/2020/08/25/building-the-development-version-of-emacs-on-netbsd/\" rel=\"nofollow\"\u003eBuilding the Development Version of Emacs on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2020/08/rcd-libexec-etc.html\" rel=\"nofollow\"\u003erc.d belongs in libexec, not etc\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.\u003cbr\u003e\nThis misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2020-September/001982.html\" rel=\"nofollow\"\u003eFreeBSD 11.3 EOL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer\u003cbr\u003e\nbe supported by the FreeBSD Security Team.  Users of FreeBSD 11.3 are strongly\u003cbr\u003e\nencouraged to upgrade to a newer release as soon as possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-20-7-1-released/\" rel=\"nofollow\"\u003eOPNsense 20.7.1 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOverall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough.  Stay tuned.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.justjournal.com/users/mbsd/entry/33801\" rel=\"nofollow\"\u003eMidnightBSD 1.2.7 out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.\u003cbr\u003e\u003cbr\u003e\nIt includes several bug fixes and security updates over the last ISO release and is recommended for new installations.\u003cbr\u003e\u003cbr\u003e\nUsers who don\u0026#39;t want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.firosolutions.com/2020/08/tarsnap-podcast/\" rel=\"nofollow\"\u003eTarsnap podcast\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://students.engr.scu.edu/%7Esschaeck/netbsd/index.html\" rel=\"nofollow\"\u003eNetBSD Tips and Tricks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackmd.io/hJgnfzd5TMK-VHgUzshA2g\" rel=\"nofollow\"\u003eFreeBSD mini-git Primer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ghostbsd.org/financial_reports_from_January_to_June_2020\" rel=\"nofollow\"\u003eGhostBSD Financial Reports\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Daniel%20-%20Documentation%20Tooling.md\" rel=\"nofollow\"\u003eDaniel - Documentation Tooling\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Fongaboo%20-%20Where%20did%20the%20ZFS%20Tutorial%20Go.md\" rel=\"nofollow\"\u003eFongaboo - Where did the ZFS tutorial Go?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Johnny%20-%20Browser%20Cold%20Wars.md\" rel=\"nofollow\"\u003eJohnny - Browser Cold Wars\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.","date_published":"2020-09-24T12:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3594bb2c-b1c8-4f13-bcb9-6ad5094179a5.mp3","mime_type":"audio/mpeg","size_in_bytes":43421016,"duration_in_seconds":2649}]},{"id":"4d186dc4-b8ee-4824-bfcc-3bacf18ba5da","title":"368: Changing OS roles","url":"https://www.bsdnow.tv/368","content_text":"Modernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more. \n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nModernizing the OpenBSD Console\n\n\nAt the beginning were text mode consoles. Traditionally, *BSD and Linux on i386 and amd64 used text mode consoles which by default provided 25 rows of 80 columns, the \"80x25 mode\". This mode uses a 8x16 font stored in the VGA BIOS (which can be slightly different across vendors).\nOpenBSD uses the wscons(4) console framework, inherited from NetBSD\n\n\n\n\nOS roles have changed\n\n\nThough I do wonder sometimes, with just a slight tweak to history, how things might have been different. In another dimension somewhere, I’m using the latest BeOS-powered PowerPC laptop, and a shiny new Palm smartphone. Both of these represented the pinnacle of UI design in the 1990s, and still in the 2020s have yet to be surpassed. People call me an Apple fanboy, but I’d drop all of it in a second for that gear.\n\n\n\n\nNews Roundup\n\nFreeBSD Cluster with Pacemaker and Corosync\n\n\nI always missed ‘proper’ cluster software for FreeBSD systems. Recently I got to run several Pacemaker/Corosync based clusters on Linux systems. I thought how to make similar high availability solutions on FreeBSD and I was really shocked when I figured out that both Pacemaker and Corosync tools are available in the FreeBSD Ports and packages as net/pacemaker2 and net/corosync2 respectively.\n\n\n\n\nWine in a 32-bit sandbox on 64-bit NetBSD\n\n\n\"Mainline pkgsrc\" can't do strange multi-arch Wine builds yet, so a 32-bit sandbox seems like a reasonable way to use 32-bit Wine on amd64 without resorting to running real Windows in NVMM. We'll see if this was a viable alternative to re-reviewing the multi-arch support in pkgsrc-wip...\nWe're using sandboxctl, which is a neat tool for quickly shelling into a different NetBSD userspace. Maybe you also don't trust the Windows applications you're running too much - sandboxctl creates a chroot based on a fresh system image, and chroot on NetBSD is fairly bombproof.\n\n\n\n\nFind package which provides a file in OpenBSD\n\n\nThere is one very handy package on OpenBSD named pkglocatedb which provides the command pkglocate.\nIf you need to find a file or binary/program and you don’t know which package contains it, use pkglocate.\n\n\n\n\nBeastie Bits\n\n\nOpenBSD for 1.5 Years: Confessions of a Linux Heretic\nOpenBSD 6.8 Beta Tagged\nHammer2 and growth\nUnderstanding a FreeBSD kernel vulnerability\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nRob - 7 years\nKurt - Microserver\nRob - Interviews\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eModernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/modernizing-the-openbsd-console/\" rel=\"nofollow\"\u003eModernizing the OpenBSD Console\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt the beginning were text mode consoles. Traditionally, *BSD and Linux on i386 and amd64 used text mode consoles which by default provided 25 rows of 80 columns, the \u0026quot;80x25 mode\u0026quot;. This mode uses a 8x16 font stored in the VGA BIOS (which can be slightly different across vendors).\u003cbr\u003e\nOpenBSD uses the wscons(4) console framework, inherited from NetBSD\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/the-roles-of-oss-have-changed/\" rel=\"nofollow\"\u003eOS roles have changed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThough I do wonder sometimes, with just a slight tweak to history, how things might have been different. In another dimension somewhere, I’m using the latest BeOS-powered PowerPC laptop, and a shiny new Palm smartphone. Both of these represented the pinnacle of UI design in the 1990s, and still in the 2020s have yet to be surpassed. People call me an Apple fanboy, but I’d drop all of it in a second for that gear.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vermaden.wordpress.com/2020/09/03/freebsd-cluster-with-pacemaker-and-corosync/\" rel=\"nofollow\"\u003eFreeBSD Cluster with Pacemaker and Corosync\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI always missed ‘proper’ cluster software for FreeBSD systems. Recently I got to run several Pacemaker/Corosync based clusters on Linux systems. I thought how to make similar high availability solutions on FreeBSD and I was really shocked when I figured out that both Pacemaker and Corosync tools are available in the FreeBSD Ports and packages as net/pacemaker2 and net/corosync2 respectively.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://washbear.neocities.org/wine-sandbox.html\" rel=\"nofollow\"\u003eWine in a 32-bit sandbox on 64-bit NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Mainline pkgsrc\u0026quot; can\u0026#39;t do strange multi-arch Wine builds yet, so a 32-bit sandbox seems like a reasonable way to use 32-bit Wine on amd64 without resorting to running real Windows in NVMM. We\u0026#39;ll see if this was a viable alternative to re-reviewing the multi-arch support in pkgsrc-wip...\u003cbr\u003e\nWe\u0026#39;re using sandboxctl, which is a neat tool for quickly shelling into a different NetBSD userspace. Maybe you also don\u0026#39;t trust the Windows applications you\u0026#39;re running too much - sandboxctl creates a chroot based on a fresh system image, and chroot on NetBSD is fairly bombproof.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-09-04-pkglocate-openbsd.html\" rel=\"nofollow\"\u003eFind package which provides a file in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is one very handy package on OpenBSD named pkglocatedb which provides the command pkglocate.\u003cbr\u003e\nIf you need to find a file or binary/program and you don’t know which package contains it, use pkglocate.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=oTShQIXSdqM\" rel=\"nofollow\"\u003eOpenBSD for 1.5 Years: Confessions of a Linux Heretic\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200831192811\" rel=\"nofollow\"\u003eOpenBSD 6.8 Beta Tagged\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/09/08/24933.html\" rel=\"nofollow\"\u003eHammer2 and growth\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation\" rel=\"nofollow\"\u003eUnderstanding a FreeBSD kernel vulnerability\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Bruce%20-%207%20years.md\" rel=\"nofollow\"\u003eRob - 7 years\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Kurt%20-%20Microserver.md\" rel=\"nofollow\"\u003eKurt - Microserver\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/368/feedback/Rob%20-%20Interviews.md\" rel=\"nofollow\"\u003eRob - Interviews\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Modernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more.","date_published":"2020-09-17T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4d186dc4-b8ee-4824-bfcc-3bacf18ba5da.mp3","mime_type":"audio/mpeg","size_in_bytes":48070680,"duration_in_seconds":2912}]},{"id":"056d15d3-4908-4073-955a-88e7700ba566","title":"367: Changing jail datasets","url":"https://www.bsdnow.tv/367","content_text":"A 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nA 35 Year Old Bug in Patch\n\n\nLarry Wall posted patch 1.3 to mod.sources on May 8, 1985. A number of versions followed over the years. It's been a faithful alley for a long, long time. I've never had a problem with patch until I embarked on the 2.11BSD restoration project. In going over the logs very carefully, I've discovered a bug that bites this effort twice. It's quite interesting to use 27 year old patches to find this bug while restoring a 29 year old OS...\n\n\n\n\nSandbox for FreeBSD\n\n\nA sandbox is a software which artificially limits access to the specific resources on the target according to the assigned policy. The sandbox installs hooks to the kernel syscalls and other sub-systems in order to interrupt the events triggered by the application. From the application point of view, application working as usual, but when it wants to access, for instance, /dev/kmem the sandbox software decides against the assigned sandbox scheme whether to grant or deny access.\nIn our case, the sandbox is a kernel module which uses MAC (Mandatory Access Control) Framework developed by the TrustedBSD team. All necessary hooks were introduced to the FreeBSD kernel.\n\n\n\nSource Code\nDocumentation\n\n\n\n\nNews Roundup\n\nChanging from one dataset to another within a jail\n\n\nZFS has a the ability to share itself within a jail. That gives the jail some autonomy, and I like that.\nI’ve written briefly about that, specifically for iocage. More recently, I started using a zfs snapshot for caching clearing.\nThe purpose of this post is to document the existing configuration of the production FreshPorts webserver and outline the plan on how to modify it for more zfs-snapshot-based cache clearing.\n\n\n\n\nYou don’t need tmux or screen for ZFS\n\n\nBack in January I mentioned how to add redundancy to a ZFS pool by adding a mirrored drive. Someone with a private account on Twitter asked me why FreeBSD—and NetBSD!—doesn’t ship with a tmux or screen equivilent in base in order to daemonise the process and let them run in the background.\nZFS already does this for its internal commands.\n\n\n\n\nHardenedBSD August 2020 Status Report and Call for Donations\n\n\nThis last month has largely been a quiet one. I've restarted work on porting five-year-old work from the Code Pointer Integrity (CPI) project into HardenedBSD. Chiefly, I've started forward-porting the libc and rtld bits from the CPI project and now need to look at llvm compiler/linker enhancements. We need to be able to apply SafeStack to shared objects, not just application binaries. This forward-porting work I'm doing is to support that effort.\nThe infrastructure has settled and is now churning normally and happily. We're still working out bandwidth issues. We hope to have a new fiber line ran by the end of September.\nAs part of this status report, I'm issuing a formal call for donations. I'm aiming for $4,000.00 USD for a newer self-hosted Gitea server. I hope to purchase the new server before the end of 2020.\n\n\n\n\nImportant parts of Unix's history happened before readline support was common\n\n\nUnix and things that run on Unix have been around for a long time now. In particular, GNU Readline was first released in 1989 (as was Bash), which is long enough ago for it (or lookalikes) to become pretty much pervasive, especially in Unix shells. Today it's easy to think of readline support as something that's always been there. But of course this isn't the case. Unix in its modern form dates from V7 in 1979 and 4.2 BSD in 1983, so a lot of Unix was developed before readline and was to some degree shaped by the lack of it.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nMason - mailserver\ncasey - freebsd on decline\ndenis - postgres\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eA 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdimp.blogspot.com/2020/08/a-35-year-old-bug-in-patch-found-in.html\" rel=\"nofollow\"\u003eA 35 Year Old Bug in Patch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLarry Wall posted patch 1.3 to mod.sources on May 8, 1985. A number of versions followed over the years. It\u0026#39;s been a faithful alley for a long, long time. I\u0026#39;ve never had a problem with patch until I embarked on the 2.11BSD restoration project. In going over the logs very carefully, I\u0026#39;ve discovered a bug that bites this effort twice. It\u0026#39;s quite interesting to use 27 year old patches to find this bug while restoring a 29 year old OS...\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.relkom.sk/en/fbsd_sandbox.shtml\" rel=\"nofollow\"\u003eSandbox for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA sandbox is a software which artificially limits access to the specific resources on the target according to the assigned policy. The sandbox installs hooks to the kernel syscalls and other sub-systems in order to interrupt the events triggered by the application. From the application point of view, application working as usual, but when it wants to access, for instance, /dev/kmem the sandbox software decides against the assigned sandbox scheme whether to grant or deny access.\u003cbr\u003e\nIn our case, the sandbox is a kernel module which uses MAC (Mandatory Access Control) Framework developed by the TrustedBSD team. All necessary hooks were introduced to the FreeBSD kernel.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gitlab.com/relkom/sandbox\" rel=\"nofollow\"\u003eSource Code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.relkom.sk/en/fbsd_sandbox_docs.shtml\" rel=\"nofollow\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2020/08/16/changing-from-one-dataset-to-another-within-a-freebsd-iocage-jail/\" rel=\"nofollow\"\u003eChanging from one dataset to another within a jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS has a the ability to share itself within a jail. That gives the jail some autonomy, and I like that.\u003cbr\u003e\nI’ve written briefly about that, specifically for iocage. More recently, I started using a zfs snapshot for caching clearing.\u003cbr\u003e\nThe purpose of this post is to document the existing configuration of the production FreshPorts webserver and outline the plan on how to modify it for more zfs-snapshot-based cache clearing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/you-dont-need-tmux-or-screen-for-zfs/\" rel=\"nofollow\"\u003eYou don’t need tmux or screen for ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBack in January I mentioned how to add redundancy to a ZFS pool by adding a mirrored drive. Someone with a private account on Twitter asked me why FreeBSD—and NetBSD!—doesn’t ship with a tmux or screen equivilent in base in order to daemonise the process and let them run in the background.\u003cbr\u003e\nZFS already does this for its internal commands.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2020-08-15/hardenedbsd-august-2020-status-report-and-call-donations\" rel=\"nofollow\"\u003eHardenedBSD August 2020 Status Report and Call for Donations\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis last month has largely been a quiet one. I\u0026#39;ve restarted work on porting five-year-old work from the Code Pointer Integrity (CPI) project into HardenedBSD. Chiefly, I\u0026#39;ve started forward-porting the libc and rtld bits from the CPI project and now need to look at llvm compiler/linker enhancements. We need to be able to apply SafeStack to shared objects, not just application binaries. This forward-porting work I\u0026#39;m doing is to support that effort.\u003cbr\u003e\nThe infrastructure has settled and is now churning normally and happily. We\u0026#39;re still working out bandwidth issues. We hope to have a new fiber line ran by the end of September.\u003cbr\u003e\nAs part of this status report, I\u0026#39;m issuing a formal call for donations. I\u0026#39;m aiming for $4,000.00 USD for a newer self-hosted Gitea server. I hope to purchase the new server before the end of 2020.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/TimeBeforeReadline\" rel=\"nofollow\"\u003eImportant parts of Unix\u0026#39;s history happened before readline support was common\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnix and things that run on Unix have been around for a long time now. In particular, GNU Readline was first released in 1989 (as was Bash), which is long enough ago for it (or lookalikes) to become pretty much pervasive, especially in Unix shells. Today it\u0026#39;s easy to think of readline support as something that\u0026#39;s always been there. But of course this isn\u0026#39;t the case. Unix in its modern form dates from V7 in 1979 and 4.2 BSD in 1983, so a lot of Unix was developed before readline and was to some degree shaped by the lack of it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/Mason%20-%20mailserver.md\" rel=\"nofollow\"\u003eMason - mailserver\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/casey%20-%20freebsd%20on%20decline.md\" rel=\"nofollow\"\u003ecasey - freebsd on decline\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/367/feedback/denis%20-%20postgres.md\" rel=\"nofollow\"\u003edenis - postgres\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"A 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.","date_published":"2020-09-10T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/056d15d3-4908-4073-955a-88e7700ba566.mp3","mime_type":"audio/mpeg","size_in_bytes":47196984,"duration_in_seconds":2728}]},{"id":"ac66cef0-02a8-44b9-b915-813b8e26c643","title":"366: Bootloader zpool checkpoints","url":"https://www.bsdnow.tv/366","content_text":"OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nOpenZFS with ZSTD land in FreeBSD 13\n\n\nZStandard Compression for OpenZFS\n\u0026gt; The primary benefit is maintaining a completely shared code base with the community allowing FreeBSD to receive new features sooner and with less effort.\n\u0026gt; I would advise against doing 'zpool upgrade' or creating indispensable pools using new features until this change has had a month+ to soak.\nRebasing FreeBSD’s OpenZFS on the new upstream was sponsored by iXsystems\nThe competition of ZSTD support for OpenZFS was sponsored by the FreeBSD Foundation\n***\n\n\nLibreSSL documentation status update\n\n\nMore than six years ago, LibreSSL was forked from OpenSSL, and almost two years ago, i explained the status of LibreSSL documentation during EuroBSDCon 2018 in Bucuresti. So it seems providing an update might be in order.\nNote that this is not an update regarding LibreSSL status in general because i'm not the right person to talk about the big picture of working on the LibreSSL code, my work has been quite focussed on documentation. All the same, it is fair to say that even though the number of developers working on it is somewhat limited, the LibreSSL project is quite alive, typically having a release every few months. Progress continues being made with respect to porting and adding new functionality (for example regarding TLSv1.3, CMS, RSA-PSS, RSA-OAEP, GOST, SM3, SM4, XChaCha20 during the last two years), OpenSSL compatibility improvements (including providing additional OpenSSL-1.1 APIs), and lots of bug fixes and code cleanup.\n\n\n\n\nFreeBSD on SPARC64 (is dead)\n\n\n’m coming pretty late to the party, because SPARC64 support in FreeBSD is apparently doomed: After the POWER platform made the switch to a LLVM/Clang-based toolchain, SPARC64 is one of the last ones that still uses the ancient GCC 4.2-based toolchain that the project wants to finally get rid off (it has already happened as I was writing this – looks like the firm plan was not so firm after all, since they killed it off early). And compared to the other platforms it has seen not too much love in recent times… SPARC64 being a great platform, I’d be quite sad to see it go. But before that happens let’s see what the current status is and what would need to be done if it were to survive, shall we?\n\n\n\n\nNews Roundup\n\nBringing zpool checkpoints to a FreeBSD bootloader\n\n\nAlmost two years ago I wrote a blog post about checkpoints in ZFS. I didn’t hide that I was a big fan of them. That said, after those two years, I still feel that there are underappreciated features in the ZFS world, so I decided to do something about that.\nCurrently, one of the best practices for upgrading your operating system is to use boot environments. They are a great feature for managing multiple kernels and userlands. They are based on juggling which ZFS datasets are mounted. Each dataset has its own version of the system. Unfortunately, boot environments have their limitations. If we, for example, upgrade our ZFS pool, we may not be able to use older versions of the system anymore. \nThe big advantage of boot environments is that they have very good tools. Two main tools are beadm (which was created by vermaden) and bectl (which currently is in the FreeBSD base system). These tools allow us to create and manage boot environments.\n\n\n\n\nBeastie Bits\n\n\nThe First Unix Port\nTLS Mastery updates, August 2020\nWhat is the Oldest BSD Distribution still around today\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nben - zfs send questions\nlars - zfs pool question\nneutron - bectl vs beadm\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=364746\" rel=\"nofollow\"\u003eOpenZFS with ZSTD land in FreeBSD 13\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openzfs/zfs/commit/10b3c7f5e424f54b3ba82dbf1600d866e64ec0a0\" rel=\"nofollow\"\u003eZStandard Compression for OpenZFS\u003c/a\u003e\n\u0026gt; The primary benefit is maintaining a completely shared code base with the community allowing FreeBSD to receive new features sooner and with less effort.\n\u0026gt; I would advise against doing \u0026#39;zpool upgrade\u0026#39; or creating indispensable pools using new features until this change has had a month+ to soak.\u003c/li\u003e\n\u003cli\u003eRebasing FreeBSD’s OpenZFS on the new upstream was sponsored by iXsystems\u003c/li\u003e\n\u003cli\u003eThe competition of ZSTD support for OpenZFS was sponsored by the FreeBSD Foundation\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200817063735\" rel=\"nofollow\"\u003eLibreSSL documentation status update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMore than six years ago, LibreSSL was forked from OpenSSL, and almost two years ago, i explained the status of LibreSSL documentation during EuroBSDCon 2018 in Bucuresti. So it seems providing an update might be in order.\u003cbr\u003e\nNote that this is not an update regarding LibreSSL status in general because i\u0026#39;m not the right person to talk about the big picture of working on the LibreSSL code, my work has been quite focussed on documentation. All the same, it is fair to say that even though the number of developers working on it is somewhat limited, the LibreSSL project is quite alive, typically having a release every few months. Progress continues being made with respect to porting and adding new functionality (for example regarding TLSv1.3, CMS, RSA-PSS, RSA-OAEP, GOST, SM3, SM4, XChaCha20 during the last two years), OpenSSL compatibility improvements (including providing additional OpenSSL-1.1 APIs), and lots of bug fixes and code cleanup.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2020/02/15/freebsd-on-sparc64-is-dead/\" rel=\"nofollow\"\u003eFreeBSD on SPARC64 (is dead)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e’m coming pretty late to the party, because SPARC64 support in FreeBSD is apparently doomed: After the POWER platform made the switch to a LLVM/Clang-based toolchain, SPARC64 is one of the last ones that still uses the ancient GCC 4.2-based toolchain that the project wants to finally get rid off (it has already happened as I was writing this – looks like the firm plan was not so firm after all, since they killed it off early). And compared to the other platforms it has seen not too much love in recent times… SPARC64 being a great platform, I’d be quite sad to see it go. But before that happens let’s see what the current status is and what would need to be done if it were to survive, shall we?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.oshogbo.vexillium.org/blog/79/\" rel=\"nofollow\"\u003eBringing zpool checkpoints to a FreeBSD bootloader\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlmost two years ago I wrote a blog post about checkpoints in ZFS. I didn’t hide that I was a big fan of them. That said, after those two years, I still feel that there are underappreciated features in the ZFS world, so I decided to do something about that.\u003cbr\u003e\nCurrently, one of the best practices for upgrading your operating system is to use boot environments. They are a great feature for managing multiple kernels and userlands. They are based on juggling which ZFS datasets are mounted. Each dataset has its own version of the system. Unfortunately, boot environments have their limitations. If we, for example, upgrade our ZFS pool, we may not be able to use older versions of the system anymore. \u003cbr\u003e\nThe big advantage of boot environments is that they have very good tools. Two main tools are beadm (which was created by vermaden) and bectl (which currently is in the FreeBSD base system). These tools allow us to create and manage boot environments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://documents.uow.edu.au/content/groups/public/@web/@inf/@scsse/documents/doc/uow103747.pdf\" rel=\"nofollow\"\u003eThe First Unix Port\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/7346\" rel=\"nofollow\"\u003eTLS Mastery updates, August 2020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=ww60o940kEk\" rel=\"nofollow\"\u003eWhat is the Oldest BSD Distribution still around today\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/ben%20-%20zfs%20send%20questions.md\" rel=\"nofollow\"\u003eben - zfs send questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/lars%20-%20zfs%20pool%20question.md\" rel=\"nofollow\"\u003elars - zfs pool question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/366/feedback/neutron%20-%20bectl%20vs%20beadm.md\" rel=\"nofollow\"\u003eneutron - bectl vs beadm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more","date_published":"2020-09-03T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ac66cef0-02a8-44b9-b915-813b8e26c643.mp3","mime_type":"audio/mpeg","size_in_bytes":54891512,"duration_in_seconds":3182}]},{"id":"818d1dc0-da99-423a-a552-4ac52474c66c","title":"365: Whole year round","url":"https://www.bsdnow.tv/365","content_text":"FreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD USB Audio\n\n\nI recently got a Behringer UMC22 sound card for video conferencing and DJing. This page documents what I’ve learned about using this sound card, and USB audio in general, on FreeBSD.\ntl;dr: Everything works as long as the sound card follows the USB audio device class specification.\n\n\n\nKyua: An introduction for NetBSD users\n\nKyua's current goal is to reimplement only the ATF tools while maintaining backwards compatibility with the tests written with the ATF libraries (i.e. with the NetBSD test suite).\nBecause Kyua is a replacement of some ATF components, the end goal is to integrate Kyua into the NetBSD base system (just as ATF is) and remove the deprecated ATF components. Removing the deprecated components will allow us to make the above-mentioned improvements to Kyua, as well as many others, without having to deal with the obsolete ATF code base. Discussing how and when this transition might happen is out of the scope of this document at the moment.\n\n\n\n\nNews Roundup\n\nKeeping backup ZFS on Linux kernel modules around\n\n\nI'm a long term user of ZFS on Linux and over pretty much all of the time I've used it, I've built it from the latest development version. Generally this means I update my ZoL build at the same time as I update my Fedora kernel, since a ZoL update requires a kernel reboot anyway. This is a little bit daring, of course, although the ZoL development version has generally been quite solid (and this way I get the latest features and improvements long before I otherwise would).\n\n\n\n\nCommand-line Tools can be 235x Faster than your Hadoop Cluster\n\n\nAs I was browsing the web and catching up on some sites I visit periodically, I found a cool article from Tom Hayden about using Amazon Elastic Map Reduce (EMR) and mrjob in order to compute some statistics on win/loss ratios for chess games he downloaded from the millionbase archive, and generally have fun with EMR. Since the data volume was only about 1.75GB containing around 2 million chess games, I was skeptical of using Hadoop for the task, but I can understand his goal of learning and having fun with mrjob and EMR. Since the problem is basically just to look at the result lines of each file and aggregate the different results, it seems ideally suited to stream processing with shell commands. I tried this out, and for the same amount of data I was able to use my laptop to get the results in about 12 seconds (processing speed of about 270MB/sec), while the Hadoop processing took about 26 minutes (processing speed of about 1.14MB/sec).\n\n\n\n\nFreeBSD Laptop Find Out Battery Life Status Command\n\n\nI know how to find out battery life status using Linux operating system. How do I monitor battery status on a laptop running FreeBSD version 9.x/10.x/11.x/12.x?\nYou can use any one of the following commands to get battery status under FreeBSD laptop including remaining battery life and more.\n\n\n\n\nBeastie Bits\n\nBSD Beer\nAwk for JSON\nDrawing Pictures The Unix Way - with pic and troff\nRefactoring the FreeBSD Kernel with Checked C\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nJason - German Locales\npcwizz - Router Style Device\npredrag - OpenBSD Router Hardware\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.davidschlachter.com/misc/freebsd-usb-audio\" rel=\"nofollow\"\u003eFreeBSD USB Audio\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recently got a Behringer UMC22 sound card for video conferencing and DJing. This page documents what I’ve learned about using this sound card, and USB audio in general, on FreeBSD.\u003cbr\u003e\ntl;dr: Everything works as long as the sound card follows the USB audio device class specification.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.netbsd.org/kyua/\" rel=\"nofollow\"\u003eKyua: An introduction for NetBSD users\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eKyua\u0026#39;s current goal is to reimplement only the ATF tools while maintaining backwards compatibility with the tests written with the ATF libraries (i.e. with the NetBSD test suite).\u003cbr\u003e\nBecause Kyua is a replacement of some ATF components, the end goal is to integrate Kyua into the NetBSD base system (just as ATF is) and remove the deprecated ATF components. Removing the deprecated components will allow us to make the above-mentioned improvements to Kyua, as well as many others, without having to deal with the obsolete ATF code base. Discussing how and when this transition might happen is out of the scope of this document at the moment.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxModuleBackups\" rel=\"nofollow\"\u003eKeeping backup ZFS on Linux kernel modules around\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;m a long term user of ZFS on Linux and over pretty much all of the time I\u0026#39;ve used it, I\u0026#39;ve built it from the latest development version. Generally this means I update my ZoL build at the same time as I update my Fedora kernel, since a ZoL update requires a kernel reboot anyway. This is a little bit daring, of course, although the ZoL development version has generally been quite solid (and this way I get the latest features and improvements long before I otherwise would).\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html\" rel=\"nofollow\"\u003eCommand-line Tools can be 235x Faster than your Hadoop Cluster\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs I was browsing the web and catching up on some sites I visit periodically, I found a cool article from Tom Hayden about using Amazon Elastic Map Reduce (EMR) and mrjob in order to compute some statistics on win/loss ratios for chess games he downloaded from the millionbase archive, and generally have fun with EMR. Since the data volume was only about 1.75GB containing around 2 million chess games, I was skeptical of using Hadoop for the task, but I can understand his goal of learning and having fun with mrjob and EMR. Since the problem is basically just to look at the result lines of each file and aggregate the different results, it seems ideally suited to stream processing with shell commands. I tried this out, and for the same amount of data I was able to use my laptop to get the results in about 12 seconds (processing speed of about 270MB/sec), while the Hadoop processing took about 26 minutes (processing speed of about 1.14MB/sec).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/faq/freebsd-finding-out-battery-life-state-on-laptop/\" rel=\"nofollow\"\u003eFreeBSD Laptop Find Out Battery Life Status Command\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI know how to find out battery life status using Linux operating system. How do I monitor battery status on a laptop running FreeBSD version 9.x/10.x/11.x/12.x?\u003cbr\u003e\nYou can use any one of the following commands to get battery status under FreeBSD laptop including remaining battery life and more.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://i.redd.it/hlh8luidzgg51.jpg\" rel=\"nofollow\"\u003eBSD Beer\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/mohd-akram/jawk\" rel=\"nofollow\"\u003eAwk for JSON\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://youtu.be/oG2A_1vC6aM\" rel=\"nofollow\"\u003eDrawing Pictures The Unix Way - with pic and troff\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.cs.rochester.edu/u/jzhou41/papers/freebsd_checkedc.pdf\" rel=\"nofollow\"\u003eRefactoring the FreeBSD Kernel with Checked C\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/jason%20-%20german%20locale.md\" rel=\"nofollow\"\u003eJason - German Locales\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/pcwizz%20-%20router%20style%20device.md\" rel=\"nofollow\"\u003epcwizz - Router Style Device\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/365/predrag%20-%20openbsd%20router%20hardware.md\" rel=\"nofollow\"\u003epredrag - OpenBSD Router Hardware\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.","date_published":"2020-08-27T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/818d1dc0-da99-423a-a552-4ac52474c66c.mp3","mime_type":"audio/mpeg","size_in_bytes":49050296,"duration_in_seconds":2814}]},{"id":"7581b101-10df-4469-8e37-0ddb82f82696","title":"364: FreeBSD Wireless Grind","url":"https://www.bsdnow.tv/364","content_text":"FreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos's syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD Qt WebEngine GPU Acceleration\n\n\nFreeBSD has a handful of Qt WebEngine-based browsers. Falkon, and Otter-Browser, and qutebrowser and probably others, too. All of them can run into issues on FreeBSD with GPU-accelerated rendering not working. Let’s look at some of the workarounds.\n\n\n\n\nNetBSD on the Nanopi Neo2\n\n\nThe NanoPi NEO2 from FriendlyARM has been serving me well since 2018, being my test machine for OpenBSD/arm64 related things.\nAs NetBSD/evbarm finally gained support for AArch64 in NetBSD 9.0, released back in February, I decided to give it a try on this device. The board only has 512MB of RAM, and this is where NetBSD really shines. Things have become a lot easier since jmcneill@ now provides bootable ARM images for a variety of devices, including the NanoPi NEO2.\n\n\n\n\nI'm back into the grind of FreeBSD's wireless stack and 802.11ac\n\n\nYes, it's been a while since I posted here and yes, it's been a while since I was actively working on FreeBSD's wireless stack. Life's been .. well, life. I started the ath10k port in 2015. I wasn't expecting it to take 5 years, but here we are. My life has changed quite a lot since 2015 and a lot of the things I was doing in 2015 just stopped being fun for a while.\nBut the stars have aligned and it's fun again, so here I am. \n\n\n\n\nNews Roundup\n\nSome thoughts on us overlooking Illumos's syseventadm\n\n\nIn a comment on my praise of ZFS on Linux's ZFS event daemon, Joshua M. Clulow noted that Illumos (and thus OmniOS) has an equivalent in syseventadm, which dates back to Solaris. I hadn't previously known about syseventadm, despite having run Solaris fileservers and OmniOS fileservers for the better part of a decade, and that gives me some tangled feelings.\n\n\n\n\nWhen Unix learned to reboot\n\n\nRecently, a friend asked me the history of halt, and when did we have to stop with the sync / sync / sync dance before running halt or reboot. The two are related, it turns out.\n\n\n\n\nDragonFlyBSD Lands New EXT2/3/4 File-System Driver\n\n\nWhile DragonFlyBSD has its own, original HAMMER2 file-system, for those needing to access data from EXT2/EXT3/EXT4 file-systems, there is a brand new \"ext2fs\" driver implementation for this BSD operating system.\nDragonFlyBSD has long offered an EXT2 file-system driver (that also handles EXT3 and EXT4) while hitting their Git tree this week is a new version. The new sys/vfs/ext2fs driver, which will ultimately replace their existing sys/gnu/vfs/ext2fs driver is based on a port from FreeBSD code. As such, this driver is BSD licensed rather than GPL. But besides the more liberal license to jive with the BSD world, this new driver has various feature/functionality improvements over the prior version. However, there are some known bugs so for the time being both file-system drivers will co-exist.\n\n\n\n\nBeastie Bits\n\n\nLibreOffice 7.0 call for testing\nMore touchpad support\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\nCasey - openbsd wirewall\nDaryl - zfs\nRaymond - hpe microserver\n\n\n\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos\u0026#39;s syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/freebsd/2020/07/21/webengine.html\" rel=\"nofollow\"\u003eFreeBSD Qt WebEngine GPU Acceleration\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD has a handful of Qt WebEngine-based browsers. Falkon, and Otter-Browser, and qutebrowser and probably others, too. All of them can run into issues on FreeBSD with GPU-accelerated rendering not working. Let’s look at some of the workarounds.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cambus.net/netbsd-on-the-nanopi-neo2/\" rel=\"nofollow\"\u003eNetBSD on the Nanopi Neo2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe NanoPi NEO2 from FriendlyARM has been serving me well since 2018, being my test machine for OpenBSD/arm64 related things.\u003cbr\u003e\nAs NetBSD/evbarm finally gained support for AArch64 in NetBSD 9.0, released back in February, I decided to give it a try on this device. The board only has 512MB of RAM, and this is where NetBSD really shines. Things have become a lot easier since jmcneill@ now provides bootable ARM images for a variety of devices, including the NanoPi NEO2.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adrianchadd.blogspot.com/2020/07/im-back-into-grind-of-freebsds-wireless.html\" rel=\"nofollow\"\u003eI\u0026#39;m back into the grind of FreeBSD\u0026#39;s wireless stack and 802.11ac\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYes, it\u0026#39;s been a while since I posted here and yes, it\u0026#39;s been a while since I was actively working on FreeBSD\u0026#39;s wireless stack. Life\u0026#39;s been .. well, life. I started the ath10k port in 2015. I wasn\u0026#39;t expecting it to take 5 years, but here we are. My life has changed quite a lot since 2015 and a lot of the things I was doing in 2015 just stopped being fun for a while.\u003cbr\u003e\nBut the stars have aligned and it\u0026#39;s fun again, so here I am. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/OverlookingSyseventadm\" rel=\"nofollow\"\u003eSome thoughts on us overlooking Illumos\u0026#39;s syseventadm\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn a comment on my praise of ZFS on Linux\u0026#39;s ZFS event daemon, Joshua M. Clulow noted that Illumos (and thus OmniOS) has an equivalent in syseventadm, which dates back to Solaris. I hadn\u0026#39;t previously known about syseventadm, despite having run Solaris fileservers and OmniOS fileservers for the better part of a decade, and that gives me some tangled feelings.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdimp.blogspot.com/2020/07/when-unix-learned-to-reboot2.html\" rel=\"nofollow\"\u003eWhen Unix learned to reboot\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently, a friend asked me the history of halt, and when did we have to stop with the sync / sync / sync dance before running halt or reboot. The two are related, it turns out.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=DragonFlyBSD-New-EXT2FS\" rel=\"nofollow\"\u003eDragonFlyBSD Lands New EXT2/3/4 File-System Driver\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile DragonFlyBSD has its own, original HAMMER2 file-system, for those needing to access data from EXT2/EXT3/EXT4 file-systems, there is a brand new \u0026quot;ext2fs\u0026quot; driver implementation for this BSD operating system.\u003cbr\u003e\nDragonFlyBSD has long offered an EXT2 file-system driver (that also handles EXT3 and EXT4) while hitting their Git tree this week is a new version. The new sys/vfs/ext2fs driver, which will ultimately replace their existing sys/gnu/vfs/ext2fs driver is based on a port from FreeBSD code. As such, this driver is BSD licensed rather than GPL. But besides the more liberal license to jive with the BSD world, this new driver has various feature/functionality improvements over the prior version. However, there are some known bugs so for the time being both file-system drivers will co-exist.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-office/2020-July/005822.html\" rel=\"nofollow\"\u003eLibreOffice 7.0 call for testing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/07/15/24747.html\" rel=\"nofollow\"\u003eMore touchpad support\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/casey%20-%20openbsd%20wirewall.md\" rel=\"nofollow\"\u003eCasey - openbsd wirewall\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/daryl%20-%20zfs.md\" rel=\"nofollow\"\u003eDaryl - zfs\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/364/feedback/raymond%20-%20hpe%20microserver.md\" rel=\"nofollow\"\u003eRaymond - hpe microserver\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003e- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos's syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.","date_published":"2020-08-20T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7581b101-10df-4469-8e37-0ddb82f82696.mp3","mime_type":"audio/mpeg","size_in_bytes":41078792,"duration_in_seconds":2818}]},{"id":"5152316f-4859-4e73-8c1c-18f2b9965f5d","title":"363: Traditional Unix toolchains","url":"https://www.bsdnow.tv/363","content_text":"FreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD Quarterly Report\n\n\nThis report will be covering FreeBSD related projects between April and June, and covers a diverse set of topics ranging from kernel updates over userland and ports, as well to third-party work.\nSome highlights picked with the roll of a d100 include, but are not limited to, the ability to forcibly unmounting UFS when the underlying media becomes inaccessible, added preliminary support for Bluetooth Low Energy, a introduction to the FreeBSD Office Hours, and a repository of software collections called potluck to be installed with the pot utility, as well as many many more things.\nAs a little treat, readers can also get a rare report from the quarterly team.\nFinally, on behalf of the quarterly team, I would like to extend my deepest appreciation and thank you to salvadore@, who decided to take down his shingle. His contributions not just the quarterly reports themselves, but also the surrounding tooling to many-fold ease the work, are immeasurable.\n\n\n\n\nTraditional Unix Toolchains\n\n\nOlder Unix systems tend to be fairly uniform in how they handle the so-called 'toolchain' for creating binaries. This blog will give a quick overview of the toolchain pipeline for Unix systems that follow the V7 tradition (which evolved along with Unix, a topic for a separate blog maybe).\nUnix is a pipeline based system, either physically or logically. One program takes input, process the data and produces output. The input and output have some interface they obey, usually text-based. The Unix toolchain is no different.\n\n\n\n\nNews Roundup\n\nBastille Day 2020 : v0.7 released\n\n\nThis release matures the project from 0.6.x -\u0026gt; 0.7.x. Continued testing and bug fixes are proving Bastille capable for a range of use-cases. New (experimental) features are examples of innovation from community contribution and feedback. Thank you.\n\n\n\n\nBeastie Bits\n\n\nFinding meltdown on DragonFly\nNetBSD Server Outage\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nVincent - Gnome 3 question\nMalcolm - ZFS question\nHassan - Video question \n\n\nFor those that watch on youtube, don’t forget to subscribe to our new YouTube Channel if you want updates when we post them on YT\n\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eFreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2020-04-2020-06.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis report will be covering FreeBSD related projects between April and June, and covers a diverse set of topics ranging from kernel updates over userland and ports, as well to third-party work.\u003cbr\u003e\nSome highlights picked with the roll of a d100 include, but are not limited to, the ability to forcibly unmounting UFS when the underlying media becomes inaccessible, added preliminary support for Bluetooth Low Energy, a introduction to the FreeBSD Office Hours, and a repository of software collections called potluck to be installed with the pot utility, as well as many many more things.\u003cbr\u003e\nAs a little treat, readers can also get a rare report from the quarterly team.\u003cbr\u003e\nFinally, on behalf of the quarterly team, I would like to extend my deepest appreciation and thank you to salvadore@, who decided to take down his shingle. His contributions not just the quarterly reports themselves, but also the surrounding tooling to many-fold ease the work, are immeasurable.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdimp.blogspot.com/2020/07/traditional-unix-toolchains.html?m=1\" rel=\"nofollow\"\u003eTraditional Unix Toolchains\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOlder Unix systems tend to be fairly uniform in how they handle the so-called \u0026#39;toolchain\u0026#39; for creating binaries. This blog will give a quick overview of the toolchain pipeline for Unix systems that follow the V7 tradition (which evolved along with Unix, a topic for a separate blog maybe).\u003cbr\u003e\nUnix is a pipeline based system, either physically or logically. One program takes input, process the data and produces output. The input and output have some interface they obey, usually text-based. The Unix toolchain is no different.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/BastilleBSD/bastille/releases/tag/0.7.20200714\" rel=\"nofollow\"\u003eBastille Day 2020 : v0.7 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis release matures the project from 0.6.x -\u0026gt; 0.7.x. Continued testing and bug fixes are proving Bastille capable for a range of use-cases. New (experimental) features are examples of innovation from community contribution and feedback. Thank you.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/07/28/24787.html\" rel=\"nofollow\"\u003eFinding meltdown on DragonFly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mobile.twitter.com/netbsd/status/1286898183923277829\" rel=\"nofollow\"\u003eNetBSD Server Outage\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/vincent%20-%20gnome3.md\" rel=\"nofollow\"\u003eVincent - Gnome 3 question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/malcolm%20-%20zfs.md\" rel=\"nofollow\"\u003eMalcolm - ZFS question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/hassan%20-%20video.md\" rel=\"nofollow\"\u003eHassan - Video question\u003c/a\u003e \n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/363/feedback/new-bsdnow-youtube-channel.md\" rel=\"nofollow\"\u003eFor those that watch on youtube, don’t forget to subscribe to our new YouTube Channel if you want updates when we post them on YT\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more","date_published":"2020-08-13T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5152316f-4859-4e73-8c1c-18f2b9965f5d.mp3","mime_type":"audio/mpeg","size_in_bytes":36468128,"duration_in_seconds":2085}]},{"id":"5822b2f7-0440-44f4-8f73-70609c960a3d","title":"362: 2.11-BSD restoration","url":"https://www.bsdnow.tv/362","content_text":"Interview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.\n\nInterview - Warner Losh - imp@freebsd.org / @bsdimp\n\nBSD 2.11 restoration project\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\nSpecial Guest: Warner Losh.","content_html":"\u003cp\u003eInterview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.\u003c/p\u003e\n\n\u003ch4\u003eInterview - Warner Losh - \u003ca href=\"mailto:imp@freebsd.org\" rel=\"nofollow\"\u003eimp@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdimp\" rel=\"nofollow\"\u003e@bsdimp\u003c/a\u003e\u003c/h4\u003e\n\n\u003ch2\u003eBSD 2.11 restoration project\u003c/h2\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Warner Losh.\u003c/p\u003e","summary":"Interview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.","date_published":"2020-08-06T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5822b2f7-0440-44f4-8f73-70609c960a3d.mp3","mime_type":"audio/mpeg","size_in_bytes":58166072,"duration_in_seconds":3750}]},{"id":"e7930697-b2c2-4603-b015-19d1070a7c69","title":"361: Function-based MicroVM","url":"https://www.bsdnow.tv/361","content_text":"Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nEmulex: The Cheapest 10gbe for Your Homelab\n\n\nYears ago, the hunt for the cheapest 10gbe NICs resulted in buying Mellanox ConnectX-2 single-port 10gbe network cards from eBay for around $10. Nowadays those cards have increased in cost to around $20-30. While still cheap, not quite the cheapest. There are now alternatives!\nBefore diving into details, let’s get something very clear. If you want the absolute simplest plug-and-play 10gbe LAN for your homelab, pay the extra for Mellanox. If you’re willing to go hands-on, do some simple manual configuration and installation, read on for my experiences with Emulex 10gbe NICs.\nEmulex NICs can often be had for around $15 on eBay, sometimes even cheaper. I recently picked up a set of 4 of these cards, which came bundled with 6 SFP+ 10g-SR modules for a grand total of $47.48. Considering I can usually find SFP+ modules for about $5/ea, these alone were worth $30.\n\n\nI have also tried some Solarflare cards that I found cheap, they work ok, but are pickier about optics, and tend to be focused on low-latency, so often don’t manage to saturate the full 10 gbps, topping out around 8 gbps.\nI have been using fs.com for optics, patch cables, and DACs. I find DACs are usually cheaper if you are just going between a server and a switch in the same rack, or direct between 2 servers.\n***\n\n\n\nIn Search of 2.11BSD, as released\n\n\nAlmost all of the BSD releases have been well preserved. If you want to find 1BSD, or 2BSD or 4.3-TAHOE BSD you can find them online with little fuss. However, if you search for 2.11BSD, you'll find it easily enough, but it won't be the original. You'll find either the latest patched version (2.11BSD pl 469), or one of the earlier popular version (pl 430 is popular). You can even find the RetroBSD project which used 2.11BSD as a starting point to create systems for tiny mips-based PIC controllers. You'll find every single patch that's been issued for the system.\n\n\n\n\nNews Roundup\n\nFakecracker: NetBSD as a Function Based MicroVM\n\n\nIn November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.\nIf you want to learn more on Firecracker‘s internals, here’s a very well put article.\n\n\n\n\nFirst powerpc64 snapshots available for OpenBSD\n\n\nSince we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.\nSo, if you have a POWER9 system idling around, go to your nearest mirror and fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.\n\n\n\n\nOPNsense 20.1.8 released\n\n\nSorry about the delay while we chased a race condition in the updates back to an issue with the latest FreeBSD package manager updates. For now we reverted to our current version but all relevant third party packages have been updated as updates became available over the last weeks, e.g. cURL and Python, and hostapd / wpa_supplicant amongst others.\n\n\n\n\nBeastie Bits\n\n\nOld School Disk Partitioning\nNomad BSD 1.3.2 Released\nChai-Fi\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nPoojan - ZFS Question\ngraceon - supermicro\nzenbum - groff\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\nSpecial Guest: Warner Losh.","content_html":"\u003cp\u003eEmulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vincerants.com/emulex-the-cheapest-10gbe/\" rel=\"nofollow\"\u003eEmulex: The Cheapest 10gbe for Your Homelab\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYears ago, the hunt for the cheapest 10gbe NICs resulted in buying Mellanox ConnectX-2 single-port 10gbe network cards from eBay for around $10. Nowadays those cards have increased in cost to around $20-30. While still cheap, not quite the cheapest. There are now alternatives!\u003cbr\u003e\nBefore diving into details, let’s get something very clear. If you want the absolute simplest plug-and-play 10gbe LAN for your homelab, pay the extra for Mellanox. If you’re willing to go hands-on, do some simple manual configuration and installation, read on for my experiences with Emulex 10gbe NICs.\u003cbr\u003e\nEmulex NICs can often be had for around $15 on eBay, sometimes even cheaper. I recently picked up a set of 4 of these cards, which came bundled with 6 SFP+ 10g-SR modules for a grand total of $47.48. Considering I can usually find SFP+ modules for about $5/ea, these alone were worth $30.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eI have also tried some Solarflare cards that I found cheap, they work ok, but are pickier about optics, and tend to be focused on low-latency, so often don’t manage to saturate the full 10 gbps, topping out around 8 gbps.\u003c/li\u003e\n\u003cli\u003eI have been using fs.com for optics, patch cables, and DACs. I find DACs are usually cheaper if you are just going between a server and a switch in the same rack, or direct between 2 servers.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdimp.blogspot.com/2020/07/211bsd-original-tapes-recreation.html\" rel=\"nofollow\"\u003eIn Search of 2.11BSD, as released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlmost all of the BSD releases have been well preserved. If you want to find 1BSD, or 2BSD or 4.3-TAHOE BSD you can find them online with little fuss. However, if you search for 2.11BSD, you\u0026#39;ll find it easily enough, but it won\u0026#39;t be the original. You\u0026#39;ll find either the latest patched version (2.11BSD pl 469), or one of the earlier popular version (pl 430 is popular). You can even find the RetroBSD project which used 2.11BSD as a starting point to create systems for tiny mips-based PIC controllers. You\u0026#39;ll find every single patch that\u0026#39;s been issued for the system.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://imil.net/blog/posts/2020/fakecracker-netbsd-as-a-function-based-microvm/\" rel=\"nofollow\"\u003eFakecracker: NetBSD as a Function Based MicroVM\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.\u003cbr\u003e\nIf you want to learn more on Firecracker‘s internals, here’s a very well put article.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200707001113\" rel=\"nofollow\"\u003eFirst powerpc64 snapshots available for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.\u003cbr\u003e\nSo, if you have a POWER9 system idling around, go to your nearest mirror and fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-20-1-8-released/\" rel=\"nofollow\"\u003eOPNsense 20.1.8 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSorry about the delay while we chased a race condition in the updates back to an issue with the latest FreeBSD package manager updates. For now we reverted to our current version but all relevant third party packages have been updated as updates became available over the last weeks, e.g. cURL and Python, and hostapd / wpa_supplicant amongst others.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bsdimp.blogspot.com/2020/07/old-school-disk-partitioning.html\" rel=\"nofollow\"\u003eOld School Disk Partitioning\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://nomadbsd.org/index.html#1.3.2\" rel=\"nofollow\"\u003eNomad BSD 1.3.2 Released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gonzoua/chaifi\" rel=\"nofollow\"\u003eChai-Fi\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/Poojan%20-%20ZFS%20question.md\" rel=\"nofollow\"\u003ePoojan - ZFS Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/graceon%20-%20supermicro.md\" rel=\"nofollow\"\u003egraceon - supermicro\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/361/feedback/zenbum%20-%20groff.md\" rel=\"nofollow\"\u003ezenbum - groff\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSpecial Guest: Warner Losh.\u003c/p\u003e","summary":"Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.\r\n","date_published":"2020-07-30T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e7930697-b2c2-4603-b015-19d1070a7c69.mp3","mime_type":"audio/mpeg","size_in_bytes":64248344,"duration_in_seconds":3730}]},{"id":"69d88af7-54da-4612-9fc2-84ffae001c46","title":"360: Full circle","url":"https://www.bsdnow.tv/360","content_text":"Chasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nChasing a bad commit\n\n\nWhile working on a big project where multiple teams merge their feature branches frequently into a release Git branch, developers often run into situations where they find that some of their work have been either removed, modified or affected by someone else's work accidentally. It can happen in smaller teams as well. Two features could have been working perfectly fine until they got merged together and broke something. That's a highly possible case. There are many other cases which could cause such hard to understand and subtle bugs which even continuous integration (CI) systems running the entire test suite of our projects couldn't catch.\nWe are not going to discuss how such subtle bugs can get into our release branch because that's just a wild territory out there. Instead, we can definitely discuss about how to find a commit that deviated from an expected outcome of a certain feature. The deviation could be any behaviour of our code that we can measure distinctively — either good or bad in general.\n\n\n\n\nNew FreeBSD Core Team Elected\n\n\nThe FreeBSD Project is pleased to announce the completion of the 2020 Core Team election. Active committers to the project have elected your Eleventh FreeBSD Core Team.!\n\n\n\nBaptiste Daroussin (bapt)\nEd Maste (emaste)\nGeorge V. Neville-Neil (gnn)\nHiroki Sato (hrs)\nKyle Evans (kevans)\nMark Johnston (markj)\nScott Long (scottl)\nSean Chittenden (seanc)\nWarner Losh (imp)\n***\n\n\nNews Roundup\n\nGetting Started with NetBSD on the Pinebook Pro\n\n\nIf you buy a Pinebook Pro now, it comes with Manjaro Linux on the internal eMMC storage. Let’s install NetBSD instead!\nThe easiest way to get started is to buy a decent micro-SD card (what sort of markings it should have is a science of its own, by the way) and install NetBSD on that. On a warm boot (i.e. when rebooting a running system), the micro-SD card has priority compared to the eMMC, so the system will boot from there.\n\n\nA FreeBSD developer has borrowed some of the NetBSD code to get audio working on RockPro64 and Pinebook Pro: https://twitter.com/kernelnomicon/status/1282790609778905088\n***\n\n\n\nFreeBSD on the Intel 10th Gen i3 NUC\n\n\nI have ended up with some 10th Gen i3 NUC's (NUC10i3FNH to be specific) to put to work in my testbed. These are quite new devices, the build date on the boxes is 13APR2020. Before I figure out what their true role is (one of them might have to run linux) I need to install FreeBSD -CURRENT and see how performance and hardware support is.\n\n\n\n\npf table size check and change\n\n\nDid you know there’s a default size limit to pf’s state table?  I did not, but it makes sense that there is one.  If for some reason you bump into this limit (difficult for home use, I’d think), here’s how you change it\nThere is a table-entries limit specified, you can see current settings with\n'pfctl -s all'.  You can adjust the limits in the /etc/pf.conf file\ncontaining the rules with a line like this near the top:\nset limit table-entries 100000\n\n\nIn the original mail thread, there is mention of the FreeBSD sysctl net.pf.request_maxcount, which controls the maximum number of entries that can be sent as a single ioctl(). This allows the user to adjust the memory limit for how big of a list the kernel is willing to allocate memory for.\n***\n\n\n\nBeastie Bits\n\n\ntmux and bhyve\nAzure and FreeBSD\nGroff Tutorial\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\nTarsnap Mastery\n\n\nFeedback/Questions\n\n\nChris - ZFS Question\nPatrick - Tarsnap\nPin - pkgsrc\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eChasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vishaltelangre.com/chasing-a-bad-commit/\" rel=\"nofollow\"\u003eChasing a bad commit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile working on a big project where multiple teams merge their feature branches frequently into a release Git branch, developers often run into situations where they find that some of their work have been either removed, modified or affected by someone else\u0026#39;s work accidentally. It can happen in smaller teams as well. Two features could have been working perfectly fine until they got merged together and broke something. That\u0026#39;s a highly possible case. There are many other cases which could cause such hard to understand and subtle bugs which even continuous integration (CI) systems running the entire test suite of our projects couldn\u0026#39;t catch.\u003cbr\u003e\nWe are not going to discuss how such subtle bugs can get into our release branch because that\u0026#39;s just a wild territory out there. Instead, we can definitely discuss about how to find a commit that deviated from an expected outcome of a certain feature. The deviation could be any behaviour of our code that we can measure distinctively — either good or bad in general.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdnews.com/2020/07/14/new-freebsd-core-team-elected/\" rel=\"nofollow\"\u003eNew FreeBSD Core Team Elected\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD Project is pleased to announce the completion of the 2020 Core Team election. Active committers to the project have elected your Eleventh FreeBSD Core Team.!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBaptiste Daroussin (bapt)\u003c/li\u003e\n\u003cli\u003eEd Maste (emaste)\u003c/li\u003e\n\u003cli\u003eGeorge V. Neville-Neil (gnn)\u003c/li\u003e\n\u003cli\u003eHiroki Sato (hrs)\u003c/li\u003e\n\u003cli\u003eKyle Evans (kevans)\u003c/li\u003e\n\u003cli\u003eMark Johnston (markj)\u003c/li\u003e\n\u003cli\u003eScott Long (scottl)\u003c/li\u003e\n\u003cli\u003eSean Chittenden (seanc)\u003c/li\u003e\n\u003cli\u003eWarner Losh (imp)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bentsukun.ch/posts/pinebook-pro-netbsd/\" rel=\"nofollow\"\u003eGetting Started with NetBSD on the Pinebook Pro\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you buy a Pinebook Pro now, it comes with Manjaro Linux on the internal eMMC storage. Let’s install NetBSD instead!\u003cbr\u003e\nThe easiest way to get started is to buy a decent micro-SD card (what sort of markings it should have is a science of its own, by the way) and install NetBSD on that. On a warm boot (i.e. when rebooting a running system), the micro-SD card has priority compared to the eMMC, so the system will boot from there.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA FreeBSD developer has borrowed some of the NetBSD code to get audio working on RockPro64 and Pinebook Pro: \u003ca href=\"https://twitter.com/kernelnomicon/status/1282790609778905088\" rel=\"nofollow\"\u003ehttps://twitter.com/kernelnomicon/status/1282790609778905088\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adventurist.me/posts/00300\" rel=\"nofollow\"\u003eFreeBSD on the Intel 10th Gen i3 NUC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have ended up with some 10th Gen i3 NUC\u0026#39;s (NUC10i3FNH to be specific) to put to work in my testbed. These are quite new devices, the build date on the boxes is 13APR2020. Before I figure out what their true role is (one of them might have to run linux) I need to install FreeBSD -CURRENT and see how performance and hardware support is.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/06/29/24698.html\" rel=\"nofollow\"\u003epf table size check and change\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDid you know there’s a default size limit to pf’s state table?  I did not, but it makes sense that there is one.  If for some reason you bump into this limit (difficult for home use, I’d think), \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2020-June/381261.html\" rel=\"nofollow\"\u003ehere’s how you change it\u003c/a\u003e\u003cbr\u003e\nThere is a table-entries limit specified, you can see current settings with\u003cbr\u003e\n\u0026#39;pfctl -s all\u0026#39;.  You can adjust the limits in the /etc/pf.conf file\u003cbr\u003e\ncontaining the rules with a line like this near the top:\u003cbr\u003e\n\u003ccode\u003eset limit table-entries 100000\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the original mail thread, there is mention of the FreeBSD sysctl net.pf.request_maxcount, which controls the maximum number of entries that can be sent as a single ioctl(). This allows the user to adjust the memory limit for how big of a list the kernel is willing to allocate memory for.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://callfortesting.org/tmux/\" rel=\"nofollow\"\u003etmux and bhyve\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/thefreebsdfoundation.freebsd-12_1\" rel=\"nofollow\"\u003eAzure and FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=bvkmnK6-qao\u0026feature=youtu.be\" rel=\"nofollow\"\u003eGroff Tutorial\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\u003ca href=\"https://mwl.io/nonfiction/tools#tarsnap\" rel=\"nofollow\"\u003eTarsnap Mastery\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Chris%20-%20zfs%20question.md\" rel=\"nofollow\"\u003eChris - ZFS Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/Patrick%20-%20Tarsnap.md\" rel=\"nofollow\"\u003ePatrick - Tarsnap\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/360/feedback/pin%20-%20pkgsrc.md\" rel=\"nofollow\"\u003ePin - pkgsrc\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Chasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.","date_published":"2020-07-23T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/69d88af7-54da-4612-9fc2-84ffae001c46.mp3","mime_type":"audio/mpeg","size_in_bytes":42925160,"duration_in_seconds":2547}]},{"id":"b066740d-03a5-423b-9ab9-8936c3246979","title":"359: Throwaway Browser","url":"https://www.bsdnow.tv/359","content_text":"Throw-Away Browser on FreeBSD With \"pot\" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nThrow-Away Browser on FreeBSD With \"pot\" Within 5 Minutes\n\n\npot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).\n\n\n\n\nOpenBSD guest with bhyve - OmniOS\n\n\nToday I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.\nThis post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.\n\n\n\n\nNews Roundup\n\nBSD versus Linux distribution development\n\n\nQ: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?\nDistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.\n\n\n\nMy FreeBSD Laptop Build\n\nI have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.\nSo with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.\n\n\n\nFreeBSD CURRENT Binary Upgrades\n\n\nDisclaimer\nThis proof-of-concept is not a publication of FreeBSD.\nDescription\nup.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.\n\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nKarl - pfsense\nVal - esxi question\nlars - openbsd router hardware\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThrow-Away Browser on FreeBSD With \u0026quot;pot\u0026quot; within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://honeyguide.eu/posts/pot-throwaway-firefox/\" rel=\"nofollow\"\u003eThrow-Away Browser on FreeBSD With \u0026quot;pot\u0026quot; Within 5 Minutes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html\" rel=\"nofollow\"\u003eOpenBSD guest with bhyve - OmniOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.\u003cbr\u003e\nThis post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20200622#qa\" rel=\"nofollow\"\u003eBSD versus Linux distribution development\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eQ: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?\u003cbr\u003e\nDistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://corrupted.io/2020/06/21/my-freebsd-laptop-build.html\" rel=\"nofollow\"\u003eMy FreeBSD Laptop Build\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eI have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.\u003cbr\u003e\nSo with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://up.bsd.lv\" rel=\"nofollow\"\u003eFreeBSD CURRENT Binary Upgrades\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDisclaimer\nThis proof-of-concept is not a publication of FreeBSD.\u003c/li\u003e\n\u003cli\u003eDescription\nup.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Karl%20-%20pfsense.md\" rel=\"nofollow\"\u003eKarl - pfsense\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Val%20-%20esxi%20question.md\" rel=\"nofollow\"\u003eVal - esxi question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/lars%20-%20openbsd%20router%20hardware.md\" rel=\"nofollow\"\u003elars - openbsd router hardware\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Throw-Away Browser on FreeBSD With \"pot\" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.","date_published":"2020-07-16T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b066740d-03a5-423b-9ab9-8936c3246979.mp3","mime_type":"audio/mpeg","size_in_bytes":44787992,"duration_in_seconds":2605}]},{"id":"dd2d31ad-23bc-492d-b813-caf9f661e315","title":"358: OpenBSD Kubernetes Clusters","url":"https://www.bsdnow.tv/358","content_text":"Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nyubikey-agent on FreeBSD\n\n\nSome time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some hacking to make it work but overall it wasn’t hard. Following is the roadmap on how to get it set up on FreeBSD. The actual details depend on your system (as you will see)\n\n\n\n\nManage Kubernetes clusters from OpenBSD\n\n\nThis should work with OpenBSD 6.7. I write this while the source tree is locked for release, so even if I use -current this is as close as -current gets to -release\nUpdate 2020-06-05: we now have a port for kubectl. So, at least in -current things get a bit easier.\n\n\n\n\nNews Roundup\n\nHistory of FreeBSD Part 1: Unix and BSD\n\n\nFreeBSD, a free and open-source Unix-like operating system has been around since 1993. However, its origins are directly linked to that of BSD, and further back, those of Unix. During this History of FreeBSD series, we will talk about how Unix came to be, and how Berkeley’s Unix developed at Bell Labs.\n\n\n\n\nRunning Jitsi-Meet in a FreeBSD Jail\n\n\nDue to the situation with COVID-19 that also lead to people being confined to their homes in South Africa as well, we decided to provide a (freely usable of course) Jitsi Meet instance to the community being hosted in South Africa on our FreeBSD environment.\nThat way, communities in South Africa and beyond have a free alternative to the commercial conferencing solutions with sometimes dubious security and privacy histories and at the same time improved user experience due to the lower latency of local hosting.\n\n\nGrafana for Jitsi-Meet\n***\n\n\n\nCommand Line Bug Hunting in FreeBSD\n\n\nFreeBSD uses bugzilla for tracking bugs, taking feature requests, regressions and issues in the Operating System. The web interface for bugzilla is okay, but if you want to do a lot of batch operations it is slow to deal with. We are planning to run a bugsquash on July 11th and that really needs some tooling to help any hackers that show up process the giant bug list we have.\n\n\n\n\nBeastie Bits\n\n\nGame of Github\n+ Wireguard official merged into OpenBSD\n***\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nFlorian : Lua for $HOME\nKevin : FreeBSD Source Question\nTom : HomeLabs\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eYubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kernelnomicon.org/?p=855\" rel=\"nofollow\"\u003eyubikey-agent on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some hacking to make it work but overall it wasn’t hard. Following is the roadmap on how to get it set up on FreeBSD. The actual details depend on your system (as you will see)\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://e1e0.net/manage-k8s-from-openbsd.html\" rel=\"nofollow\"\u003eManage Kubernetes clusters from OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis should work with OpenBSD 6.7. I write this while the source tree is locked for release, so even if I use -current this is as close as -current gets to -release\u003cbr\u003e\nUpdate 2020-06-05: we now have a port for kubectl. So, at least in -current things get a bit easier.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://klarasystems.com/articles/history-of-freebsd-unix-and-bsd/?utm_source=bsdnow\" rel=\"nofollow\"\u003eHistory of FreeBSD Part 1: Unix and BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD, a free and open-source Unix-like operating system has been around since 1993. However, its origins are directly linked to that of BSD, and further back, those of Unix. During this History of FreeBSD series, we will talk about how Unix came to be, and how Berkeley’s Unix developed at Bell Labs.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://honeyguide.eu/posts/jitsi-freebsd/\" rel=\"nofollow\"\u003eRunning Jitsi-Meet in a FreeBSD Jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDue to the situation with COVID-19 that also lead to people being confined to their homes in South Africa as well, we decided to provide a (freely usable of course) Jitsi Meet instance to the community being hosted in South Africa on our FreeBSD environment.\u003cbr\u003e\nThat way, communities in South Africa and beyond have a free alternative to the commercial conferencing solutions with sometimes dubious security and privacy histories and at the same time improved user experience due to the lower latency of local hosting.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://honeyguide.eu/posts/jitsi-grafana/\" rel=\"nofollow\"\u003eGrafana for Jitsi-Meet\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adventurist.me/posts/00301\" rel=\"nofollow\"\u003eCommand Line Bug Hunting in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD uses bugzilla for tracking bugs, taking feature requests, regressions and issues in the Operating System. The web interface for bugzilla is okay, but if you want to do a lot of batch operations it is slow to deal with. We are planning to run a bugsquash on July 11th and that really needs some tooling to help any hackers that show up process the giant bug list we have.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://glebbahmutov.com/game-of-github/\" rel=\"nofollow\"\u003eGame of Github\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e+ \u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=159274150512676\u0026w=2\" rel=\"nofollow\"\u003eWireguard official merged into OpenBSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Florian%20-%20Lua%20for%20%24HOME\" rel=\"nofollow\"\u003eFlorian : Lua for $HOME\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Kevin%20-%20FreeBSD%20Source%20Question\" rel=\"nofollow\"\u003eKevin : FreeBSD Source Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/358/feedback/Tom%20-%20HomeLabs\" rel=\"nofollow\"\u003eTom : HomeLabs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more","date_published":"2020-07-09T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/dd2d31ad-23bc-492d-b813-caf9f661e315.mp3","mime_type":"audio/mpeg","size_in_bytes":43199240,"duration_in_seconds":2612}]},{"id":"3155c049-a0b4-4449-9ecb-1f820e68f542","title":"357: Study the Code","url":"https://www.bsdnow.tv/357","content_text":"OpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nOpenBSD 6.7 on PC Engines APU4D4\n\n\nI just got myself a PC Engines APU4D4. I miss an OpenBSD box providing home services. It’s quite simple to install and run OpenBSD on this machine. And you can even update the BIOS from OpenBSD.\n\n\n\nNetBSD code study\n\n\n\n\nNews Roundup\n\nBooting FreeBSD off the HPE MicroServer Gen8 ODD SATA port\n\n\nMy small homelab post generated a ton of questions and comments, most of them specific to running FreeBSD on the HP MicroServer. I’ll try and answer these over the coming week.\nJosh Paxton emailed to ask how I got FreeBSD booting on it, given the unconventional booting limitations of the hardware. I thought I wrote about it a few years ago, but maybe it’s on my proverbial draft heap. If you’re impatient, the script is in my lunchbox.\n\n\n\n\n3 ways to multiboot\n\n\nmultiboot installation of a BSD system with other operating systems\n(OSs) on UEFI hardware is not officially supported by any of the\npopular\n\n\n\n\nBeastie Bits\n\n\npfSense2.4.5-Release-p1 now available\nBSDCan 2020 TomSmyth - OpenBSD And OpenBGPD As ISP Controlplane\nOpenBSD DRM Update\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\n James - Apple T2\nMichael - Jordyns ZFS Question\n\n\nNote from JT\n\nRob - FreeBSD Freindly Registrar\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eOpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20200530/openbsd-6-7-on-pc-engines-apu4d4/\" rel=\"nofollow\"\u003eOpenBSD 6.7 on PC Engines APU4D4\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI just got myself a PC Engines APU4D4. I miss an OpenBSD box providing home services. It’s quite simple to install and run OpenBSD on this machine. And you can even update the BIOS from OpenBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://silas.net.br/codereading/netbsd-code.html\" rel=\"nofollow\"\u003eNetBSD code study\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/booting-freebsd-off-the-microserver-odd-sata-port/\" rel=\"nofollow\"\u003eBooting FreeBSD off the HPE MicroServer Gen8 ODD SATA port\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy small homelab post generated a ton of questions and comments, most of them specific to running FreeBSD on the HP MicroServer. I’ll try and answer these over the coming week.\u003cbr\u003e\nJosh Paxton emailed to ask how I got FreeBSD booting on it, given the unconventional booting limitations of the hardware. I thought I wrote about it a few years ago, but maybe it’s on my proverbial draft heap. If you’re impatient, the script is in my lunchbox.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=159146428705118\u0026w=2\" rel=\"nofollow\"\u003e3 ways to multiboot\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003emultiboot installation of a BSD system with other operating systems\u003cbr\u003e\n(OSs) on UEFI hardware is not officially supported by any of the\u003cbr\u003e\npopular\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.netgate.com/blog/pfsense-2-4-5-release-p1-now-available.html\" rel=\"nofollow\"\u003epfSense2.4.5-Release-p1 now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=_eOVlaYWqS8\" rel=\"nofollow\"\u003eBSDCan 2020 TomSmyth - OpenBSD And OpenBGPD As ISP Controlplane\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200608075708\" rel=\"nofollow\"\u003eOpenBSD DRM Update\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/James%20-%20Apple%20T2\" rel=\"nofollow\"\u003e James - Apple T2\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Michael%20-%20Jordyns%20ZFS%20Question\" rel=\"nofollow\"\u003eMichael - Jordyns ZFS Question\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Note%20from%20JT\" rel=\"nofollow\"\u003eNote from JT\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/357/feedback/Rob%20-%20FreeBSD%20Freindly%20Registrar\" rel=\"nofollow\"\u003eRob - FreeBSD Freindly Registrar\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.","date_published":"2020-07-02T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3155c049-a0b4-4449-9ecb-1f820e68f542.mp3","mime_type":"audio/mpeg","size_in_bytes":36249920,"duration_in_seconds":2279}]},{"id":"666c3655-32bf-4341-a986-ab085baa9c10","title":"356: Dig in Deeper","url":"https://www.bsdnow.tv/356","content_text":"TrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nTrueNAS is Multi-OS\n\n\nThere was a time in history where all that mattered was an Operating System (OS) and the hardware it ran on — the “pre-software era”, if you will. Your hardware dictated the OS you used.\nOnce software applications became prominent, your hardware’s OS determined the applications you could run. Application vendors were forced to juggle the burden of “portability” between OS platforms, choosing carefully the operating systems they’d develop their software to. Then, there were the great OS Wars of the 1990s, replete with the rampant competition, licensing battles, and nasty lawsuits, which more or less gave birth to the “open source OS” era.\nThe advent of the hypervisor simultaneously gave way to the “virtual era” which set us on a path of agnosticism toward the OS. Instead of choosing from the applications available for your chosen OS, you could simply install another OS on the same hardware for your chosen application. The OS became nothing but a necessary cog in the stack.\nTrueNAS open storage enables this “post-OS era” with support for storage clients of all UNIX flavors, Linux, FreeBSD, Windows, MacOS, VMware, Citrix, and many others. Containerization has carried that mentality even further. An operating system, like the hardware that runs it, is now just thought of as part of the “infrastructure”.\n\n\n\nEncrypted ZFS on NetBSD 9.0, for a FreeBSD guy\n\nI had one of my other HP Microservers brought back from the office last week to help with this working-from-home world we’re in right now. I was going to wipe an old version of Debian Wheezy/Xen and install FreeBSD to mirror my other machines before thinking: why not NetBSD?\n\n\n\n\nNews Roundup\n\nFreeBSD's New Code of Conduct\n\n\nFreeBSD Announcement Email\n\n\n\n\nGaming on OpenBSD\n\n\nWhile no one would expect this, there are huge efforts from a small team to bring more games into OpenBSD. In fact, now some commercial games works natively now, thanks to Mono or Java. There are no wine or linux emulation layer in OpenBSD.\nHere is a small list of most well known games that run on OpenBSD:\n\n\n\n'dig' a little deeper\n\nI knew the existence of the dig command but didn't exactly know when and how to use it. Then, just recently I encountered an issue that allowed me to learn and make use of it.\n\n\n\nHAMMER2 and periodic snapshots\n\nThe first version of HAMMER took automatic snapshots, set within the config for each filesystem.  HAMMER2 now also takes automatic snapshots, via periodic(8) like most every repeating task on your DragonFly system.\n\n\ngit: Implement periodic hammer2 snapshots\n***\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nCy - OpenSSL relicensing\nChristian - lagg vlans and iocage\nBrad - SMR\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eTrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-multi-os/\" rel=\"nofollow\"\u003eTrueNAS is Multi-OS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere was a time in history where all that mattered was an Operating System (OS) and the hardware it ran on — the “pre-software era”, if you will. Your hardware dictated the OS you used.\u003cbr\u003e\nOnce software applications became prominent, your hardware’s OS determined the applications you could run. Application vendors were forced to juggle the burden of “portability” between OS platforms, choosing carefully the operating systems they’d develop their software to. Then, there were the great OS Wars of the 1990s, replete with the rampant competition, licensing battles, and nasty lawsuits, which more or less gave birth to the “open source OS” era.\u003cbr\u003e\nThe advent of the hypervisor simultaneously gave way to the “virtual era” which set us on a path of agnosticism toward the OS. Instead of choosing from the applications available for your chosen OS, you could simply install another OS on the same hardware for your chosen application. The OS became nothing but a necessary cog in the stack.\u003cbr\u003e\nTrueNAS open storage enables this “post-OS era” with support for storage clients of all UNIX flavors, Linux, FreeBSD, Windows, MacOS, VMware, Citrix, and many others. Containerization has carried that mentality even further. An operating system, like the hardware that runs it, is now just thought of as part of the “infrastructure”.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/encrypted-zfs-on-netbsd-9-for-a-freebsd-guy/\" rel=\"nofollow\"\u003eEncrypted ZFS on NetBSD 9.0, for a FreeBSD guy\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eI had one of my other HP Microservers brought back from the office last week to help with this working-from-home world we’re in right now. I was going to wipe an old version of Debian Wheezy/Xen and install FreeBSD to mirror my other machines before thinking: why not NetBSD?\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/internal/code-of-conduct.html\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s New Code of Conduct\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://raw.githubusercontent.com/BSDNow/bsdnow.tv/master/episodes/356/FBSD-CoC-Email\" rel=\"nofollow\"\u003eFreeBSD Announcement Email\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-06-05-openbsd-gaming.html\" rel=\"nofollow\"\u003eGaming on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile no one would expect this, there are huge efforts from a small team to bring more games into OpenBSD. In fact, now some commercial games works natively now, thanks to Mono or Java. There are no wine or linux emulation layer in OpenBSD.\u003cbr\u003e\nHere is a small list of most well known games that run on OpenBSD:\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vishaltelangre.com/dig-a-little-deeper/\" rel=\"nofollow\"\u003e\u0026#39;dig\u0026#39; a little deeper\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eI knew the existence of the dig command but didn\u0026#39;t exactly know when and how to use it. Then, just recently I encountered an issue that allowed me to learn and make use of it.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/06/15/24635.html\" rel=\"nofollow\"\u003eHAMMER2 and periodic snapshots\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eThe first version of HAMMER took automatic snapshots, set within the config for each filesystem.  HAMMER2 now also takes automatic snapshots, via periodic(8) like most every repeating task on your DragonFly system.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2020-June/769247.html\" rel=\"nofollow\"\u003egit: Implement periodic hammer2 snapshots\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Cy%20-%20OPenSSL%20relicensing.md\" rel=\"nofollow\"\u003eCy - OpenSSL relicensing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Christian%20-%20lagg%20vlans%20and%20iocage\" rel=\"nofollow\"\u003eChristian - lagg vlans and iocage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/356/feedback/Brad%20-%20SMR\" rel=\"nofollow\"\u003eBrad - SMR\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"TrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.","date_published":"2020-06-25T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/666c3655-32bf-4341-a986-ab085baa9c10.mp3","mime_type":"audio/mpeg","size_in_bytes":31946816,"duration_in_seconds":1928}]},{"id":"369decb7-b522-4745-b385-2339d05211d9","title":"355: Man Page Origins","url":"https://www.bsdnow.tv/355","content_text":"Upgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nHow to Upgrade OpenBSD and Build a Kernel\n\n\nLet's see how to upgrade your OpenBSD system. Maybe you are doing this because the latest release just came out. If so, this is pretty simple: back up your data, boot from install media, and select \"Upgrade\" instead of \"Install\". But maybe the latest release has been out for a few months. Why would we go through the trouble of building and installing a new kernel or other core system components? Maybe some patches have been released to improve system security or stability. It is pretty easy to build and install a kernel on OpenBSD, easier and simpler in many ways than it is on Linux.\n\n\n\n\nThe History of man pages\n\n\nWhere do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage authors: where were those economical two- and three-letter instructions developed?\n\n\n\n\nVAX port needs help\n\n\nThe VAX is the oldest machine architecture still supported by NetBSD.\nUnfortunately there is another challenge, totally outside of NetBSD, but affecting the VAX port big time: the compiler support for VAX is ... let's say sub-optimal. It is also risking to be dropped completely by gcc upstream.\nNow here is where people can help: there is a bounty campaign to finance a gcc hacker to fix the hardest and most immediate issue with gcc for VAX. Without this being resolved, gcc will drop support for VAX in a near future version.\n\n\n\n\nMy new FreeBSD Laptop: Dell Latitude 7390\n\n\nAs a FreeBSD developer, I make a point of using FreeBSD whenever I can — including on the desktop. I've been running FreeBSD on laptops since 2004; this hasn't always been easy, but over the years I've found that the situation has generally been improving. One of the things we still lack is adequate documentation, however — so I'm writing this to provide an example for users and also Google bait in case anyone runs into some of the problems I had to address.\n\n\n\n\nPFS tool changes in DragonFly\n\n\nHAMMER2 just became a little more DWIM: the pfs-list and pfs-delete directives will now look across all mounted filesystems, not just the current directory’s mount path.  pfs-delete won’t delete any filesystem name that appears in more than one place, though\n\n\ngit: hammer2 - Enhance pfs-list and pfs-delete\nEnhance pfs-list to list PFSs available across all mounted hammer2 filesystems instead of just the current directory's mount.  A specific mount may be specified via -s mountpt.\nEnhance pfs-delete to look for the PFS name across all mounted hammer2 filesystems instead of just the current directory's mount.\nAs a safety, pfs-delete will refuse to delete PFS names which are duplicated across multiple mounts.  A specific mount may be specified via -s mountpt.\n\n\n\n\n\nBeastie Bits\n\n\nBastilleBSD Templates\nTianocore update\nReminder: FreeBSD Office Hours on June 24, 2020\n***\n###Tarsnap\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\nFeedback/Questions\n\n\nNiclas - Regarding the Lenovo E595 user from Episode 340\nErik - What happened with the video\nIgor - Boot Environments\n***\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eUpgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cromwell-intl.com/open-source/openbsd-kernel.html\" rel=\"nofollow\"\u003eHow to Upgrade OpenBSD and Build a Kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet\u0026#39;s see how to upgrade your OpenBSD system. Maybe you are doing this because the latest release just came out. If so, this is pretty simple: back up your data, boot from install media, and select \u0026quot;Upgrade\u0026quot; instead of \u0026quot;Install\u0026quot;. But maybe the latest release has been out for a few months. Why would we go through the trouble of building and installing a new kernel or other core system components? Maybe some patches have been released to improve system security or stability. It is pretty easy to build and install a kernel on OpenBSD, easier and simpler in many ways than it is on Linux.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://manpages.bsd.lv/history.html\" rel=\"nofollow\"\u003eThe History of man pages\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhere do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage authors: where were those economical two- and three-letter instructions developed?\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/vax_port_needs_help\" rel=\"nofollow\"\u003eVAX port needs help\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe VAX is the oldest machine architecture still supported by NetBSD.\u003cbr\u003e\nUnfortunately there is another challenge, totally outside of NetBSD, but affecting the VAX port big time: the compiler support for VAX is ... let\u0026#39;s say sub-optimal. It is also risking to be dropped completely by gcc upstream.\u003cbr\u003e\nNow here is where people can help: there is a bounty campaign to finance a gcc hacker to fix the hardest and most immediate issue with gcc for VAX. Without this being resolved, gcc will drop support for VAX in a near future version.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2020-05-22-my-new-FreeBSD-laptop-Dell-7390.html\" rel=\"nofollow\"\u003eMy new FreeBSD Laptop: Dell Latitude 7390\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs a FreeBSD developer, I make a point of using FreeBSD whenever I can — including on the desktop. I\u0026#39;ve been running FreeBSD on laptops since 2004; this hasn\u0026#39;t always been easy, but over the years I\u0026#39;ve found that the situation has generally been improving. One of the things we still lack is adequate documentation, however — so I\u0026#39;m writing this to provide an example for users and also Google bait in case anyone runs into some of the problems I had to address.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/06/09/24612.html\" rel=\"nofollow\"\u003ePFS tool changes in DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHAMMER2 just became a little more DWIM: the pfs-list and pfs-delete directives will now look across all mounted filesystems, not just the current directory’s mount path.  pfs-delete won’t delete any filesystem name that appears in more than one place, though\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2020-June/769226.html\" rel=\"nofollow\"\u003egit: hammer2 - Enhance pfs-list and pfs-delete\u003c/a\u003e\nEnhance pfs-list to list PFSs available across all mounted hammer2 filesystems instead of just the current directory\u0026#39;s mount.  A specific mount may be specified via -s mountpt.\nEnhance pfs-delete to look for the PFS name across all mounted hammer2 filesystems instead of just the current directory\u0026#39;s mount.\nAs a safety, pfs-delete will refuse to delete PFS names which are duplicated across multiple mounts.  A specific mount may be specified via -s mountpt.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gitlab.com/bastillebsd-templates\" rel=\"nofollow\"\u003eBastilleBSD Templates\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/06/08/24610.html\" rel=\"nofollow\"\u003eTianocore update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/OfficeHours\" rel=\"nofollow\"\u003eReminder: FreeBSD Office Hours on June 24, 2020\u003c/a\u003e\n***\n###Tarsnap\u003c/li\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Niclas%20-%20Regarding%20the%20Lenovo%20E595%20user%20from%20Episode%20340.md\" rel=\"nofollow\"\u003eNiclas - Regarding the Lenovo E595 user from Episode 340\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Erik%20-%20What%20happened%20with%20the%20video.md\" rel=\"nofollow\"\u003eErik - What happened with the video\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/355/feedback/Igor%20-%20Boot%20Environments.md\" rel=\"nofollow\"\u003eIgor - Boot Environments\u003c/a\u003e\n***\u003c/li\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Upgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.","date_published":"2020-06-18T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/369decb7-b522-4745-b385-2339d05211d9.mp3","mime_type":"audio/mpeg","size_in_bytes":40900704,"duration_in_seconds":2439}]},{"id":"2b93f76f-bbea-49a0-8cf1-80c997d4510e","title":"354: ZFS safekeeps data","url":"https://www.bsdnow.tv/354","content_text":"FreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nFreeBSD 11.4-RC2 Now Available\n\n\nThe second RC build of the 11.4-RELEASE release cycle is now available.\n\n\n11.4-RELEASE notes (still in progress at the time of recording)\n***\n\n\n\nInstall OpenBSD 6.7-current on a PineBook Pro 64\n\n\nThis document is work in progress and I'll update the date above once I change something. If you have something to add, remarks, etc please contact me. Preferably via Mastodon but other means of communication are also fine.\n\n\n\n\nNews Roundup\n\nUnderstanding How OpenZFS Keeps Your Data Safe\n\n\nVeteran technology writer Jim Salter wrote an excellent guide on the ZFS file system’s features and performance that we absolutely had to share. There’s plenty of information in the article for ZFS newbies and advanced users alike. Be sure to check out the article over at Ars Technica to learn more about ZFS concepts including pools, vdevs, datasets, snapshots, and replication, just to name a few. \n\n\n\n\nBringing FreeBSD to ec2\n\n\nColin is the founder of Tarsnap, a secure online backup service which combines the flexibility and scriptability of the standard UNIX \"tar\" utility with strong encryption, deduplication, and the reliability of Amazon S3 storage. Having started work on Tarsnap in 2006, Colin is among the first generation of users of Amazon Web Services, and has written dozens of articles about his experiences with AWS on his blog.\n\n\n\n\nFreeBSD 2020 Community Survey\n\n\nThe FreeBSD Core Team invites you to complete the 2020 FreeBSD Community Survey.  The purpose of this survey is to collect quantitative data from the public in order to help guide the project’s priorities and efforts.  This is only the second time a survey has been conducted by the FreeBSD Project and your input is valued.\nThe survey will remain open for 14 days and will close on June 16th at 17:00 UTC (Tuesday 10am PDT).\n\n\n\n\nBeastie Bits\n\n\nFreeBSD Project Proposals\nTJ Hacking\nScotland Open Source podcast\nNext FreeBSD Office Hours on June 24, 2020\n***\n\n\nFeedback/Questions\n\n\nTom - Writing for LPIrstudio\nLuke - rstudio\nMatt - Vlans and Jails\nMorgan - Can I get some commentary on this issue\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\nSponsored By:Tarsnap Promo Code: bsdnow","content_html":"\u003cp\u003eFreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2020-May/092320.html\" rel=\"nofollow\"\u003eFreeBSD 11.4-RC2 Now Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe second RC build of the 11.4-RELEASE release cycle is now available.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/11.4R/relnotes.html\" rel=\"nofollow\"\u003e11.4-RELEASE notes\u003c/a\u003e (still in progress at the time of recording)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://xosc.org/pinebookpro.html\" rel=\"nofollow\"\u003eInstall OpenBSD 6.7-current on a PineBook Pro 64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis document is work in progress and I\u0026#39;ll update the date above once I change something. If you have something to add, remarks, etc please contact me. Preferably via Mastodon but other means of communication are also fine.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/openzfs-keeps-your-data-safe/\" rel=\"nofollow\"\u003eUnderstanding How OpenZFS Keeps Your Data Safe\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eVeteran technology writer Jim Salter wrote an excellent guide on the ZFS file system’s features and performance that we absolutely had to share. There’s plenty of information in the article for ZFS newbies and advanced users alike. Be sure to check out the article over at Ars Technica to learn more about ZFS concepts including pools, vdevs, datasets, snapshots, and replication, just to name a few. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/bringing-freebsd-to-ec2-with-colin-percival/\" rel=\"nofollow\"\u003eBringing FreeBSD to ec2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eColin is the founder of Tarsnap, a secure online backup service which combines the flexibility and scriptability of the standard UNIX \u0026quot;tar\u0026quot; utility with strong encryption, deduplication, and the reliability of Amazon S3 storage. Having started work on Tarsnap in 2006, Colin is among the first generation of users of Amazon Web Services, and has written dozens of articles about his experiences with AWS on his blog.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.research.net/r/freebsd-2020-community-survey\" rel=\"nofollow\"\u003eFreeBSD 2020 Community Survey\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD Core Team invites you to complete the 2020 FreeBSD Community Survey.  The purpose of this survey is to collect quantitative data from the public in order to help guide the project’s priorities and efforts.  This is only the second time a survey has been conducted by the FreeBSD Project and your input is valued.\u003cbr\u003e\nThe survey will remain open for 14 days and will close on June 16th at 17:00 UTC (Tuesday 10am PDT).\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/submit-your-freebsd-project-proposal\" rel=\"nofollow\"\u003eFreeBSD Project Proposals\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/channel/UCknj_nW8JWcFJOAbgd5_Zgw\" rel=\"nofollow\"\u003eTJ Hacking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/ScotlandOSUM/status/1265987126321188864?s=19\" rel=\"nofollow\"\u003eScotland Open Source podcast\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/OfficeHours\" rel=\"nofollow\"\u003eNext FreeBSD Office Hours on June 24, 2020\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Tom%20-%20Wriitng%20for%20LPI.md\" rel=\"nofollow\"\u003eTom - Writing for LPIrstudio\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Luke%20-%20rstudio.md\" rel=\"nofollow\"\u003eLuke - rstudio\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Matt%20-%20Vlans%20and%20Jails.md\" rel=\"nofollow\"\u003eMatt - Vlans and Jails\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/354/feedback/Morgan%20-%20Can%20I%20get%20some%20commentary%20on%20this%20issue.md\" rel=\"nofollow\"\u003eMorgan - Can I get some commentary on this issue\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSponsored By:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca rel=\"nofollow\" href=\"https://www.tarsnap.com/bsdnow\"\u003eTarsnap\u003c/a\u003e Promo Code: bsdnow\u003c/li\u003e\u003c/ul\u003e","summary":"FreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.","date_published":"2020-06-11T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2b93f76f-bbea-49a0-8cf1-80c997d4510e.mp3","mime_type":"audio/mpeg","size_in_bytes":33544616,"duration_in_seconds":2107}]},{"id":"fe0e809c-411c-4156-bf80-80c98028f1ae","title":"353: ZFS on Ironwolf","url":"https://www.bsdnow.tv/353","content_text":"Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more.\n\nNOTES\nThis episode of BSDNow is brought to you by Tarsnap\n\nHeadlines\n\nScheduling in NetBSD – Part 1\n\n\nIn this blog, we will discuss about the 4.4BSD Thread scheduler one of the two schedulers in NetBSD and a few OS APIs that can be used to control the schedulers and get information while executing.\n\n\n\n\nZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner\n\n\nThis has been a long while in the making—it's test results time. To truly understand the fundamentals of computer storage, it's important to explore the impact of various conventional RAID (Redundant Array of Inexpensive Disks) topologies on performance. It's also important to understand what ZFS is and how it works. But at some point, people (particularly computer enthusiasts on the Internet) want numbers.\n\n\n\nIf you want to hear more from Jim, he has a new bi-weekly podcast with Allan and Joe Ressington over at 2.5admins.com\n\n\n\n\nNews Roundup\n\nOpenBSD on the Microsoft Surface Go 2\n\n\nI used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter.\n\n\n\n\nFreeBSD UNIX for Linux sysadmins\n\n\nIf you’ve ever installed and explored another Linux distro (what Linux sysadmin hasn’t?!?), then exploring FreeBSD is going be somewhat similar with a few key differences.\nWhile there is no graphical installation, the installation process is straightforward and similar to installing a server-based Linux distro. Just make sure you choose the local_unbound package when prompted if you want to cache DNS lookups locally, as FreeBSD doesn’t have a built-in local DNS resolver that does this.\nFollowing installation, the directory structure is almost identical to Linux. Of course, you’ll notice some small differences here and there (e.g. regular user home directories are located under /usr/home instead of /home). Standard UNIX commands such as ls, chmod, find, which, ps, nice, ifconfig, netstat, sockstat (the ss command in Linux) are exactly as you’d expect, but with some different options here and there that you’ll see in the man pages. And yes, reboot and poweroff are there too.\n\n\n\n\nFreeBSD on the Lenovo Thinkpad T480\n\n\nRecently I replaced my 2014 MacBook Air with a Lenovo Thinkpad T480, on which I've installed FreeBSD, currently 12.1-RELEASE. This page documents my set-up along with various configuration tweaks and fixes.\n\n\n\n\nTarsnap\n\n\nThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\n\n\n\n\nFeedback/Questions\n\n\nBenjamin - ZFS Question\nBrad - swap_pager_getswapspace errors\nBrandon - gaming\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\nSponsored By:Tarsnap Promo Code: bsdnow","content_html":"\u003cp\u003eScheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eNOTES\u003c/em\u003e\u003c/strong\u003e\u003cbr\u003e\nThis episode of BSDNow is brought to you by \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://manikishan.wordpress.com/2020/05/10/scheduling-in-netbsd-part-1/\" rel=\"nofollow\"\u003eScheduling in NetBSD – Part 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this blog, we will discuss about the 4.4BSD Thread scheduler one of the two schedulers in NetBSD and a few OS APIs that can be used to control the schedulers and get information while executing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arstechnica.com/gadgets/2020/05/zfs-versus-raid-eight-ironwolf-disks-two-filesystems-one-winner/\" rel=\"nofollow\"\u003eZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis has been a long while in the making—it\u0026#39;s test results time. To truly understand the fundamentals of computer storage, it\u0026#39;s important to explore the impact of various conventional RAID (Redundant Array of Inexpensive Disks) topologies on performance. It\u0026#39;s also important to understand what ZFS is and how it works. But at some point, people (particularly computer enthusiasts on the Internet) want numbers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you want to hear more from Jim, he has a new bi-weekly podcast with Allan and Joe Ressington over at \u003ca href=\"https://2.5admins.com/\" rel=\"nofollow\"\u003e2.5admins.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2020/05/15/surface_go2\" rel=\"nofollow\"\u003eOpenBSD on the Microsoft Surface Go 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://triosdevelopers.com/jason.eckert/blog/Entries/2020/5/2_FreeBSD_UNIX_for_Linux_sysadmins.html\" rel=\"nofollow\"\u003eFreeBSD UNIX for Linux sysadmins\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you’ve ever installed and explored another Linux distro (what Linux sysadmin hasn’t?!?), then exploring FreeBSD is going be somewhat similar with a few key differences.\u003cbr\u003e\nWhile there is no graphical installation, the installation process is straightforward and similar to installing a server-based Linux distro. Just make sure you choose the local_unbound package when prompted if you want to cache DNS lookups locally, as FreeBSD doesn’t have a built-in local DNS resolver that does this.\u003cbr\u003e\nFollowing installation, the directory structure is almost identical to Linux. Of course, you’ll notice some small differences here and there (e.g. regular user home directories are located under /usr/home instead of /home). Standard UNIX commands such as ls, chmod, find, which, ps, nice, ifconfig, netstat, sockstat (the ss command in Linux) are exactly as you’d expect, but with some different options here and there that you’ll see in the man pages. And yes, reboot and poweroff are there too.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.davidschlachter.com/misc/t480-freebsd\" rel=\"nofollow\"\u003eFreeBSD on the Lenovo Thinkpad T480\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently I replaced my 2014 MacBook Air with a Lenovo Thinkpad T480, on which I\u0026#39;ve installed FreeBSD, currently 12.1-RELEASE. This page documents my set-up along with various configuration tweaks and fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eTarsnap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Benjamin%20-%20ZFS%20Question.md\" rel=\"nofollow\"\u003eBenjamin - ZFS Question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brad%20-%20swap_pager_getswapspace%20errors.md\" rel=\"nofollow\"\u003eBrad - swap_pager_getswapspace errors\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/353/feedback/Brandon%20-%20gaming.md\" rel=\"nofollow\"\u003eBrandon - gaming\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\u003cp\u003eSponsored By:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca rel=\"nofollow\" href=\"https://www.tarsnap.com/bsdnow\"\u003eTarsnap\u003c/a\u003e Promo Code: bsdnow\u003c/li\u003e\u003c/ul\u003e","summary":"Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more","date_published":"2020-06-04T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fe0e809c-411c-4156-bf80-80c98028f1ae.mp3","mime_type":"audio/mpeg","size_in_bytes":36491000,"duration_in_seconds":2311}]},{"id":"a4aba73b-ccc0-41d3-bd39-45783e594bd3","title":"352: Introducing Randomness","url":"https://www.bsdnow.tv/352","content_text":"A brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.\n\nHeadlines\n\nEntropy\n\n\n\nA brief introduction to randomness\n\n\n\n\nProblem: Computers are very predictable. This is by design.\n\n\n\nBut what if we want them to act unpredictably? This is very useful if we want to secure our private communications with randomized keys, or not let people cheat at video games, or if we're doing statistical simulations or similar.\n\n\n\n\nLogs grinding Netatalk on FreeBSD to a hault\n\n\n\nI’ve heard it said the cobbler’s children walk barefoot. While posessing the qualities of a famed financial investment strategy, it speaks to how we generally put more effort into things for others than ourselves; at least in business.\nThe HP Microserver I share with Clara is a modest affair compared to what we run at work. It has six spinning rust drives and two SSDs which are ZFS-mirrored; not even in a RAID 10 equivalent. This is underlaid with GELI for encryption, and served to our Macs with Netatalk over gigabit Ethernet with jumbo frames.\n\n\n\n\n\nNews Roundup\n\nNetBSD Core Team Changes\n\n\nMatt Thomas (matt@) has served on the NetBSD core team for over ten years, and has made many contributions, including ELF functionality, being the long-time VAX maintainer, gcc contributor, the generic pmap, and also networking functionality, and platform bring-up over the years.  Matt has stepped down from the NetBSD core team, and we thank him for his many, extensive contributions.\nRobert Elz (kre@), a long time BSD contributor, has kindly accepted the offer to join the core team, and help us out with the benefit of his experience and advice over many years.  Amongst other things, Robert has been maintaining our shell, liaising with the Austin Group, and bringing it up to date with modern functionality.\n\n\n\n\nUsing qemu guest agent on OpenBSD kvm/qemu guests\n\n\nIn a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests.\n\n\n\n\nWireGuard patchset for OpenBSD\n\n\nA while ago I wanted to learn more about OpenBSD development. So I picked a project, in this case WireGuard, to develop a native client for. Over the last two years, with many different iterations, and working closely with the WireGuard's creator (Jason [Jason A. Donenfeld - Ed.], CC'd), it started to become a serious project eventually reaching parity with other official implementations. Finally, we are here and I think it is time for any further development to happen inside the src tree.\n\n\n\n\nFreeBSD 12.1 on a laptop\n\n\nI’m using FreeBSD again on a laptop for some reasons so expect to read more about FreeBSD here. This tutorial explain how to get a graphical desktop using FreeBSD 12.1.\n\n\n\n\nBeastie Bits\n\n\nList of useful FreeBSD Commands\nMaster Your Network With Unix Command Line Tools\nOriginal Unix containers aka FreeBSD jails\nFlashback : 2003 Article : Bill Joy's greatest gift to man – the vi editor\nFreeBSD Journal March/April 2020 Filesystems: ZFS Encryption, FUSE, and more, plus Network Bridges\nHAMBug meeting will be online again in June, so those from all over the world are welcome to join, June 9th (2nd Tuesday of each month) at 18:30 Eastern\n\n\n\n\nFeedback/Questions\n\n\n+ Lyubomir - GELI and ZFS\nPatrick - powerd and powerd++\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eA brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://washbear.neocities.org/entropy.html\" rel=\"nofollow\"\u003eEntropy\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003eA brief introduction to randomness\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eProblem: Computers are very predictable. This is by design.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut what if we want them to act unpredictably? This is very useful if we want to secure our private communications with randomized keys, or not let people cheat at video games, or if we\u0026#39;re doing statistical simulations or similar.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/logs-grinding-netatalk-on-freebsd-to-a-hault/\" rel=\"nofollow\"\u003eLogs grinding Netatalk on FreeBSD to a hault\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003eI’ve heard it said the cobbler’s children walk barefoot. While posessing the qualities of a famed financial investment strategy, it speaks to how we generally put more effort into things for others than ourselves; at least in business.\u003cbr\u003e\nThe HP Microserver I share with Clara is a modest affair compared to what we run at work. It has six spinning rust drives and two SSDs which are ZFS-mirrored; not even in a RAID 10 equivalent. This is underlaid with GELI for encryption, and served to our Macs with Netatalk over gigabit Ethernet with jumbo frames.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-announce/2020/05/07/msg000314.html\" rel=\"nofollow\"\u003eNetBSD Core Team Changes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMatt Thomas (matt@) has served on the NetBSD core team for over ten years, and has made many contributions, including ELF functionality, being the long-time VAX maintainer, gcc contributor, the generic pmap, and also networking functionality, and platform bring-up over the years.  Matt has stepped down from the NetBSD core team, and we thank him for his many, extensive contributions.\u003cbr\u003e\nRobert Elz (kre@), a long time BSD contributor, has kindly accepted the offer to join the core team, and help us out with the benefit of his experience and advice over many years.  Amongst other things, Robert has been maintaining our shell, liaising with the Austin Group, and bringing it up to date with modern functionality.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200514073852\" rel=\"nofollow\"\u003eUsing qemu guest agent on OpenBSD kvm/qemu guests\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200512080047\" rel=\"nofollow\"\u003eWireGuard patchset for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA while ago I wanted to learn more about OpenBSD development. So I picked a project, in this case WireGuard, to develop a native client for. Over the last two years, with many different iterations, and working closely with the WireGuard\u0026#39;s creator (Jason [Jason A. Donenfeld - Ed.], CC\u0026#39;d), it started to become a serious project eventually reaching parity with other official implementations. Finally, we are here and I think it is time for any further development to happen inside the src tree.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-05-11-freebsd-workstation.html\" rel=\"nofollow\"\u003eFreeBSD 12.1 on a laptop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m using FreeBSD again on a laptop for some reasons so expect to read more about FreeBSD here. This tutorial explain how to get a graphical desktop using FreeBSD 12.1.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://medium.com/@tdebarbora/list-of-useful-freebsd-commands-92dffb8f8c57\" rel=\"nofollow\"\u003eList of useful FreeBSD Commands\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://itnext.io/master-your-network-with-unix-command-line-tools-790bdd3b3b87\" rel=\"nofollow\"\u003eMaster Your Network With Unix Command Line Tools\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/nixcraft/status/1257674069387993088\" rel=\"nofollow\"\u003eOriginal Unix containers aka FreeBSD jails\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.theregister.co.uk/2003/09/11/bill_joys_greatest_gift/\" rel=\"nofollow\"\u003eFlashback : 2003 Article : Bill Joy\u0026#39;s greatest gift to man – the vi editor\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/past-issues/filesystems/\" rel=\"nofollow\"\u003eFreeBSD Journal March/April 2020 Filesystems: ZFS Encryption, FUSE, and more, plus Network Bridges\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.hambug.ca/\" rel=\"nofollow\"\u003eHAMBug meeting will be online again in June, so those from all over the world are welcome to join, June 9th (2nd Tuesday of each month) at 18:30 Eastern\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e+ \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Lyubomir%20-%20GELI%20and%20ZFS.md\" rel=\"nofollow\"\u003eLyubomir - GELI and ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/352/feedback/Patrick%20-%20powerd%20and%20powerd%2B%2B.md\" rel=\"nofollow\"\u003ePatrick - powerd and powerd++\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"A brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.","date_published":"2020-05-28T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a4aba73b-ccc0-41d3-bd39-45783e594bd3.mp3","mime_type":"audio/mpeg","size_in_bytes":45132517,"duration_in_seconds":3056}]},{"id":"2a4b866e-d026-416c-9ab7-e0b95bf24043","title":"351: Heaven: OpenBSD 6.7","url":"https://www.bsdnow.tv/351","content_text":"Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.\n\nHeadlines\n\nBackup and Restore on NetBSD\n\n\nPutting together the bits and pieces of a backup and restore concept, while not being rocket science, always seems to be a little bit ungrateful. Most Admin Handbooks handle this topic only within few pages. After replacing my old Mac Mini's OS by NetBSD, I tried to implement an automated backup, allowing me to handle it similarly to the time machine backups I've been using before. Suggestions on how to improve are always welcome.\n\n\n\n\nBSD Release: OpenBSD 6.7\n\n\nThe OpenBSD project produces and operating system which places focus on portability, standardisation, code correctness, proactive security and integrated cryptography. The project's latest release is OpenBSD 6.7 which introduces several new improvements to the cron scheduling daemon, improvements to the web server daemon, and the top command now offers scrollable output. These and many more changes can be found in the project's release announcement: \"This is a partial list of new features and systems included in OpenBSD 6.7. For a comprehensive list, see the changelog leading to 6.7. General improvements and bugfixes: Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk with bioctl(8) from 7 to 15. This can be used to create more partitions than previously. Rewrote the cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the 'options' field in crontab(5) to 'flags'. Added crontab(5) -s flag to the command field, indicating that only a single instance of the job should run concurrently. Added cron(8) support for random time values using the ~ operator. Allowed cwm(1) configuration of window size based on percentage of the master window during horizontal and vertical tiling actions.\"\n\n\n\nRelease Announcement\nRelease Notes\n\n\n\n\nNews Roundup\n\nBuilding a WireGuard Jail with the FreeBSD's Standard Tools\n\n\nRecently, I had an opportunity to build a WireGuard jail on a FreeBSD 12.1 host.\nAs it was really quick and easy to setup and it has been working completely fine for a month, I’d like to share my experience with anyone interested in this topic. \n\n\n\n\nThe Unix divide over who gets to chown things, and (disk space) quotas\n\n\nOne of the famous big splits between the BSD Unix world and the System V world is whether ordinary users can use chown (the command and the system call) to give away their own files. In System V derived Unixes you were generally allowed to; in BSD derived Unixes you weren't. Until I looked it up now to make sure, I thought that BSD changed this behavior from V7 and that V7 had an unrestricted chown. However, this turns out to be wrong; in V7 Unix, chown(2) was restricted to root only.\n\n\n\n\nYou Can Influence the TrueNAS CORE Roadmap!\n\n\nAs many of you know, we’ve historically had three ticket types available in our tracker: Bugs, Features, and Improvements, which are all fairly self-explanatory. After some discussion internally, we’ve decided to implement a new type of ticket, a “Suggestion”. These will be replacing Feature and Improvement requests for the TrueNAS Community, simplifying things down to two options: Bugs and Suggestions. This change also introduces a slightly different workflow than before.\n\n\n\n\nBeastie Bits\n\n\nFreeNAS Spare Parts Build: Testing ZFS With Imbalanced VDEVs and Mismatched Drives\nTLSv1.3 server code enabled in LibreSSL in -current\nInterview with Deb Goodkin\n***\n\n\nFeedback/Questions\n\n\nBostjan - WireGaurd\nChad - ZFS Pool Design\nPedreo - Scale FreeBSD Jails\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eBackup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD\u0026#39;s standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://e17i.github.io/articles-netbsd-backup/\" rel=\"nofollow\"\u003eBackup and Restore on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePutting together the bits and pieces of a backup and restore concept, while not being rocket science, always seems to be a little bit ungrateful. Most Admin Handbooks handle this topic only within few pages. After replacing my old Mac Mini\u0026#39;s OS by NetBSD, I tried to implement an automated backup, allowing me to handle it similarly to the time machine backups I\u0026#39;ve been using before. Suggestions on how to improve are always welcome.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/?newsid=10921\" rel=\"nofollow\"\u003eBSD Release: OpenBSD 6.7\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe OpenBSD project produces and operating system which places focus on portability, standardisation, code correctness, proactive security and integrated cryptography. The project\u0026#39;s latest release is OpenBSD 6.7 which introduces several new improvements to the cron scheduling daemon, improvements to the web server daemon, and the top command now offers scrollable output. These and many more changes can be found in the project\u0026#39;s release announcement: \u0026quot;This is a partial list of new features and systems included in OpenBSD 6.7. For a comprehensive list, see the changelog leading to 6.7. General improvements and bugfixes: Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk with bioctl(8) from 7 to 15. This can be used to create more partitions than previously. Rewrote the cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the \u0026#39;options\u0026#39; field in crontab(5) to \u0026#39;flags\u0026#39;. Added crontab(5) -s flag to the command field, indicating that only a single instance of the job should run concurrently. Added cron(8) support for random time values using the ~ operator. Allowed cwm(1) configuration of window size based on percentage of the master window during horizontal and vertical tiling actions.\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=158989783626149\u0026w=2\" rel=\"nofollow\"\u003eRelease Announcement\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/67.html\" rel=\"nofollow\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-jail/\" rel=\"nofollow\"\u003eBuilding a WireGuard Jail with the FreeBSD\u0026#39;s Standard Tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently, I had an opportunity to build a WireGuard jail on a FreeBSD 12.1 host.\u003cbr\u003e\nAs it was really quick and easy to setup and it has been working completely fine for a month, I’d like to share my experience with anyone interested in this topic. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ChownDivideAndQuotas\" rel=\"nofollow\"\u003eThe Unix divide over who gets to chown things, and (disk space) quotas\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the famous big splits between the BSD Unix world and the System V world is whether ordinary users can use chown (the command and the system call) to give away their own files. In System V derived Unixes you were generally allowed to; in BSD derived Unixes you weren\u0026#39;t. Until I looked it up now to make sure, I thought that BSD changed this behavior from V7 and that V7 had an unrestricted chown. However, this turns out to be wrong; in V7 Unix, chown(2) was restricted to root only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-bugs-and-suggestions/\" rel=\"nofollow\"\u003eYou Can Influence the TrueNAS CORE Roadmap!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs many of you know, we’ve historically had three ticket types available in our tracker: Bugs, Features, and Improvements, which are all fairly self-explanatory. After some discussion internally, we’ve decided to implement a new type of ticket, a “Suggestion”. These will be replacing Feature and Improvement requests for the TrueNAS Community, simplifying things down to two options: Bugs and Suggestions. This change also introduces a slightly different workflow than before.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=EFrlG3CUKFQ\" rel=\"nofollow\"\u003eFreeNAS Spare Parts Build: Testing ZFS With Imbalanced VDEVs and Mismatched Drives\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20200512074150\" rel=\"nofollow\"\u003eTLSv1.3 server code enabled in LibreSSL in -current\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://itsfoss.com/freebsd-interview-deb-goodkin/\" rel=\"nofollow\"\u003eInterview with Deb Goodkin\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Bostjan%20-%20WireGaurd.md\" rel=\"nofollow\"\u003eBostjan - WireGaurd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Chad%20-%20ZFS%20Pool%20Design.md\" rel=\"nofollow\"\u003eChad - ZFS Pool Design\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/351/feedback/Pedreo%20-%20Scale%20FreeBSD%20Jails.md\" rel=\"nofollow\"\u003ePedreo - Scale FreeBSD Jails\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.\r\nDate: 2020-05-20","date_published":"2020-05-21T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2a4b866e-d026-416c-9ab7-e0b95bf24043.mp3","mime_type":"audio/mpeg","size_in_bytes":43675400,"duration_in_seconds":2949}]},{"id":"49114e72-83f1-43b6-ae71-9e608a059b3e","title":"350: Speedy Bridges","url":"https://www.bsdnow.tv/350","content_text":"5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.\n\nHeadlines\n\n5x if_bridge Performance Improvement\n\n\nWith FreeBSD Foundation grant, Kristof Provost harnesses new parallel techniques to uncork performance bottleneck \n\n\nKristof also streamed some of his work, providing an interesting insight into how such development work happens\n\u0026gt; https://www.twitch.tv/provostk/videos\n***\n\n\n\nHow Unix Won\n\n+\u0026gt; Unix has won in every conceivable way. And in true mythic style, it contains the seeds of its own eclipse. This is my subjective historical narrative of how that happened.\n\n\nI’m using the name “Unix” to include the entire family of operating systems descended from it, or that have been heavily influenced by it. That includes Linux, SunOS, Solaris, BSD, Mac OS X, and many, many others.\nBoth major mobile OSs, Android and iOS, have Unix roots. Their billions of users dwarf those using clunky things like laptops and desktops, but even there, Windows is only the non-Unix viable OS. Almost everything running server-side in giant datacenters is Linux.\nHow did Unix win?\n\n\n\n\nNews Roundup\n\nCheck logs of central syslog-ng log host on FreeBSD\n\n\nThis blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!\n\n\n\n\nUnderstanding VLAN Configuration on FreeBSD\n\n\nUntil recently, I’ve never had a chance to use VLANs on FreeBSD hosts, though I sometimes configure them on ethernet switches.\nBut when I was playing with vnet jails, I suddenly got interested in VLAN configuration on FreeBSD and experimented with it for some time.\nI wrote this short article to summarize my current understanding of how to configure VLANs on FreeBSD.\n\n\n\n\nUsing bhyve PCI passthrough on OmniOS\n\n\nSome hardware is not supported in illumos yet, but luckily there is bhyve which supports pci passthrough to any guest operating system. To continue with my OmniOS desktop on \"modern\" hardware I would love wifi support, so why not using a bhyve guest as router zone which provide the required drivers?\n\n\n\n\nTrueNAS 11.3-U2 is Generally Available\n\n\nTrueNAS 11.3-U2.1 is generally available as of 4/22/2020. This update is based on FreeNAS 11.3-U2 which has had over 50k deployments and received excellent community and third party reviews. The Release Notes are available on the iXsystems.com website.\n\n\n\n\nBeastie Bits\n\nHardenedBSD April 2020 Status Report\nNYC Bug’s Mailing List - Listing of open Dev Jobs\n\n\n\nFeedback/Questions\n\n\nGreg - Lenovo\nMatt - BSD Packaging\nMorgan - Performance\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003e5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/500-if_bridge-performance-improvement/\" rel=\"nofollow\"\u003e5x if_bridge Performance Improvement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith FreeBSD Foundation grant, Kristof Provost harnesses new parallel techniques to uncork performance bottleneck \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eKristof also streamed some of his work, providing an interesting insight into how such development work happens\u003c/li\u003e\n\u003cli\u003e\u0026gt; \u003ca href=\"https://www.twitch.tv/provostk/videos\" rel=\"nofollow\"\u003ehttps://www.twitch.tv/provostk/videos\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.vivekhaldar.com/post/617189040564928512/how-unix-won\" rel=\"nofollow\"\u003eHow Unix Won\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e+\u0026gt; Unix has won in every conceivable way. And in true mythic style, it contains the seeds of its own eclipse. This is my subjective historical narrative of how that happened.\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m using the name “Unix” to include the entire family of operating systems descended from it, or that have been heavily influenced by it. That includes Linux, SunOS, Solaris, BSD, Mac OS X, and many, many others.\u003cbr\u003e\nBoth major mobile OSs, Android and iOS, have Unix roots. Their billions of users dwarf those using clunky things like laptops and desktops, but even there, Windows is only the non-Unix viable OS. Almost everything running server-side in giant datacenters is Linux.\u003cbr\u003e\nHow did Unix win?\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html\" rel=\"nofollow\"\u003eCheck logs of central syslog-ng log host on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://genneko.github.io/playing-with-bsd/networking/freebsd-vlan/\" rel=\"nofollow\"\u003eUnderstanding VLAN Configuration on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUntil recently, I’ve never had a chance to use VLANs on FreeBSD hosts, though I sometimes configure them on ethernet switches.\u003cbr\u003e\nBut when I was playing with vnet jails, I suddenly got interested in VLAN configuration on FreeBSD and experimented with it for some time.\u003cbr\u003e\nI wrote this short article to summarize my current understanding of how to configure VLANs on FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyber-tec.org/2019/05/29/using-bhyve-pci-passthrough-on-omnios/\" rel=\"nofollow\"\u003eUsing bhyve PCI passthrough on OmniOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome hardware is not supported in illumos yet, but luckily there is bhyve which supports pci passthrough to any guest operating system. To continue with my OmniOS desktop on \u0026quot;modern\u0026quot; hardware I would love wifi support, so why not using a bhyve guest as router zone which provide the required drivers?\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-11-3-u2-is-available/\" rel=\"nofollow\"\u003eTrueNAS 11.3-U2 is Generally Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueNAS 11.3-U2.1 is generally available as of 4/22/2020. This update is based on FreeNAS 11.3-U2 which has had over 50k deployments and received excellent community and third party reviews. The Release Notes are available on the iXsystems.com website.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2020-04-24/hardenedbsd-april-2020-status-report\" rel=\"nofollow\"\u003eHardenedBSD April 2020 Status Report\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://lists.nycbug.org/pipermail/jobs/2020-April/000553.html\" rel=\"nofollow\"\u003eNYC Bug’s Mailing List - Listing of open Dev Jobs\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eGreg - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Greg%20-%20Lenovos.md\" rel=\"nofollow\"\u003eLenovo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatt - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Matt%20-%20BSD%20Packaging.md\" rel=\"nofollow\"\u003eBSD Packaging\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMorgan - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/350/feedback/Morgan%20-%20Performance.md\" rel=\"nofollow\"\u003ePerformance\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.","date_published":"2020-05-14T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/49114e72-83f1-43b6-ae71-9e608a059b3e.mp3","mime_type":"audio/mpeg","size_in_bytes":37173656,"duration_in_seconds":2080}]},{"id":"468d2fe0-ed8f-4e89-aaae-8aa4a0fbf66f","title":"349: Entropy Overhaul","url":"https://www.bsdnow.tv/349","content_text":"Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.\n\nHeadlines\n\nEKCD - Encrypted Crash Dumps in FreeBSD\n\n\nSome time ago, I was describing how to configure networking crash dumps. In that post, I mentioned that there is also the possibility to encrypt crash dumps. Today we will look into this functionality. Initially, it was implemented during Google Summer of Code 2013 by my friend Konrad Witaszczyk, who made it available in FreeBSD 12. If you can understand Polish, you can also look into his presentation on BSD-PL on which he gave a comprehensive review of all kernel crash dumps features.\n\nThe main issue with crash dumps is that they may include sensitive information available in memory during a crash. They will contain all the data from the kernel and the userland, like passwords, private keys, etc. While dumping them, they are written to unencrypted storage, so if somebody took out the hard drive, they could access sensitive data. If you are sending a crash dump through the network, it may be captured by third parties. Locally the data are written directly to a dump device, skipping the GEOM subsystem. The purpose of that is to allow a kernel to write a crash dump even in case a panic occurs in the GEOM subsystem. It means that a crash dump cannot be automatically encrypted with GELI.\n\n\n\n\nTime on Unix\n\n\nTime, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keeping track of it is important for many activities we do.\n\nOver millennia we’ve developed different ways to calculate it. Most prominently, we’ve relied on the position the sun appears to be at in the sky, what is called apparent solar time.\n\nWe’ve decided to split it as seasons pass, counting one full cycle of the 4 seasons as a year, a full rotation around the sun. We’ve also divided the passing of light to the lack thereof as days, a rotation of the earth on itself. Moving on to more precise clock divisions such as seconds, minutes, and hours, units that meant different things at different points in history. Ultimately, as travel got faster, the different ways of counting time that evolved in multiple places had to converge. People had to agree on what it all meant.\n\n\nSee the article for more\n\n\n\nNews Roundup\n\nImprove ZVOL sync write performance by using a taskq\n\n\n\nA central log host with syslog-ng on FreeBSD - Part 1\n\n\nsyslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.\n\n\n\n\nHEADS UP: NetBSD Entropy Overhaul\n\n\nThis week I committed an overhaul of the kernel entropy system.  Please let me know if you observe any snags!  For the technical background, see the thread on tech-kern a few months ago: https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html.\n\n\n\n\nSetting Up NetBSD Kernel Dev Environment\n\n\nI used T_PAGEFLT’s blog post as a reference for setting my NetBSD kernel development environment since his website is down I’m putting down the steps here so it would be helpful for starters.\n\n\n\n\nBeastie Bits\n\n\nYou can now use ccache to speed up dsynth even more.\nImproving libossaudio, and the future of OSS in NetBSD\nDragonFlyBSD DHCPCD Import dhcpcd-9.0.2 with the following changes\nReminder: watch this space for upcoming FreeBSD Office Hours, next is May 13th at 2pm Eastern, 18:00 UTC\n\n\n\n\nFeedback/Questions\n\n\nGhislain - ZFS Question\nJake - Paypal Donations\nOswin - Hammer tutorial\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eEncrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/74/\" rel=\"nofollow\"\u003eEKCD - Encrypted Crash Dumps in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome time ago, I was describing how to configure networking crash dumps. In that post, I mentioned that there is also the possibility to encrypt crash dumps. Today we will look into this functionality. Initially, it was implemented during Google Summer of Code 2013 by my friend Konrad Witaszczyk, who made it available in FreeBSD 12. If you can understand Polish, you can also look into his presentation on BSD-PL on which he gave a comprehensive review of all kernel crash dumps features.\u003c/p\u003e\n\n\u003cp\u003eThe main issue with crash dumps is that they may include sensitive information available in memory during a crash. They will contain all the data from the kernel and the userland, like passwords, private keys, etc. While dumping them, they are written to unencrypted storage, so if somebody took out the hard drive, they could access sensitive data. If you are sending a crash dump through the network, it may be captured by third parties. Locally the data are written directly to a dump device, skipping the GEOM subsystem. The purpose of that is to allow a kernel to write a crash dump even in case a panic occurs in the GEOM subsystem. It means that a crash dump cannot be automatically encrypted with GELI.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://venam.nixers.net/blog/unix/2020/05/02/time-on-unix.html\" rel=\"nofollow\"\u003eTime on Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTime, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keeping track of it is important for many activities we do.\u003c/p\u003e\n\n\u003cp\u003eOver millennia we’ve developed different ways to calculate it. Most prominently, we’ve relied on the position the sun appears to be at in the sky, what is called apparent solar time.\u003c/p\u003e\n\n\u003cp\u003eWe’ve decided to split it as seasons pass, counting one full cycle of the 4 seasons as a year, a full rotation around the sun. We’ve also divided the passing of light to the lack thereof as days, a rotation of the earth on itself. Moving on to more precise clock divisions such as seconds, minutes, and hours, units that meant different things at different points in history. Ultimately, as travel got faster, the different ways of counting time that evolved in multiple places had to converge. People had to agree on what it all meant.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eSee the article for more\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/openzfs/zfs/commit/0929c4de398606f8305057ca540cf577e6771c30\" rel=\"nofollow\"\u003eImprove ZVOL sync write performance by using a taskq\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html\" rel=\"nofollow\"\u003eA central log host with syslog-ng on FreeBSD - Part 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003esyslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/current-users/2020/05/01/msg038495.html\" rel=\"nofollow\"\u003eHEADS UP: NetBSD Entropy Overhaul\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis week I committed an overhaul of the kernel entropy system.  Please let me know if you observe any snags!  For the technical background, see the thread on tech-kern a few months ago: \u003ca href=\"https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html\" rel=\"nofollow\"\u003ehttps://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adityapadala.com/2020/04/20/Setting-Up-NetBSD-Kernel-Dev-Environment/\" rel=\"nofollow\"\u003eSetting Up NetBSD Kernel Dev Environment\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI used T_PAGEFLT’s blog post as a reference for setting my NetBSD kernel development environment since his website is down I’m putting down the steps here so it would be helpful for starters.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/05/04/24480.html\" rel=\"nofollow\"\u003eYou can now use ccache to speed up dsynth even more.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/improving_libossaudio_and_the_future\" rel=\"nofollow\"\u003eImproving libossaudio, and the future of OSS in NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2020-April/769021.html\" rel=\"nofollow\"\u003eDragonFlyBSD DHCPCD Import dhcpcd-9.0.2 with the following changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/OfficeHours\" rel=\"nofollow\"\u003eReminder: watch this space for upcoming FreeBSD Office Hours, next is May 13th at 2pm Eastern, 18:00 UTC\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eGhislain - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Ghislain%20-%20ZFS%20Question.md\" rel=\"nofollow\"\u003eZFS Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJake - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Jake%20-%20Paypal%20Donations.md\" rel=\"nofollow\"\u003ePaypal Donations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOswin - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/349/feedback/Oswin%20-%20Hammer%20tutorial.md\" rel=\"nofollow\"\u003eHammer tutorial\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.","date_published":"2020-05-07T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/468d2fe0-ed8f-4e89-aaae-8aa4a0fbf66f.mp3","mime_type":"audio/mp3","size_in_bytes":41444019,"duration_in_seconds":3453}]},{"id":"ed288ede-fe94-433f-85a4-6eebb8cb2478","title":"348: BSD Community Collections","url":"https://www.bsdnow.tv/348","content_text":"FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.\n\nHeadlines\n\nFuryBSD 2020Q2 Images Available for XFCE and KDE\n\n\nThe Q2 2020 images are not a visible leap forward but a functional leap forward.  Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support. \n\n\n\n\nTechnical reasons to choose FreeBSD over GNU/Linux\n\n\nSince I wrote my article \"Why you should migrate everything from Linux to BSD\" I have been wanting to write something about the technical reasons to choose FreeBSD over GNU/Linux and while I cannot possibly cover every single reason, I can write about some of the things that I consider worth noting.\n\n\n\n\nNews Roundup\n\n+ Not actually Linux distro review deux: GhostBSD\n\n\nWhen I began work on the FreeBSD 12.1-RELEASE review last week, it didn't take long to figure out that the desktop portion wasn't going very smoothly.\n\nI think it's important for BSD-curious users to know of easier, gentler alternatives, so I did a little looking around and settled on GhostBSD for a follow-up review.\n\nGhostBSD is based on TrueOS, which itself derives from FreeBSD Stable. It was originally a Canadian distro, but—like most successful distributions—it has transcended its country of origin and can now be considered worldwide. Significant GhostBSD development takes place now in Canada, Italy, Germany, and the United States.\n\n\n\n\n“TLS Mastery” sponsorships open\n\n\nMy next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.\n\nThis should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.\n\n\n\n\nJT (our producer) shared his Open Source Retail Box Collection on twitter this past weekend and there was a nice response from a few in the BSD Community showing their collections:\n\n\nJT's post: https://twitter.com/q5sys/status/1251194823589138432\n\n\nHigh Resolution Image to see the bottom shelf better: https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg\nCloseup of the BSD Section: https://twitter.com/q5sys/status/1251294290782928897\n\nOthers jumped in with their collections:\n\n\nDeb Goodkin's collection: https://twitter.com/dgoodkin/status/1251294016139743232 \u0026amp; https://twitter.com/dgoodkin/status/1251298125672660992\nFreeBSD Frau's FreeBSD Collection: https://twitter.com/freebsdfrau/status/1251290430475350018\nJason Tubnor's OpenBSD Collection: https://twitter.com/Tubsta/status/1251265902214918144\n\n\n\nDo you have a nice collection, take a picture and send it in!\n\n\n\nTale of OpenBSD secure memory allocator internals - malloc(3)\n\n\nHi there,\n\nIt's been a very long time I haven't written anything after my last OpenBSD blogs, that is, \n\nOpenBSD Kernel Internals — Creation of process from user-space to kernel space.\n\nOpenBSD: Introduction to execpromises in the pledge(2)\n\npledge(2): OpenBSD's defensive approach to OS Security\n\nSo, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator\n\n\n\n\nHow I learned to stop worrying and love SSDs\n\n\nmy home FreeNAS runs two pools for data. One RAIDZ2 with four spinning disk drives and one mirror with two SSDs. Toying with InfluxDB and Grafana in the last couple of days I found that I seem to have a constant write load of 1 Megabyte (!) per second on the SSDs. What the ...?\n\nSo I run three VMs on the SSDs in total. One with Windows 10, two with Ubuntu running Confluence, A wiki essentially, with files for attachments and MySQL as the backend database. Clearly the writes had to stop when the wikis were not used at all, just sitting idle, right?\n\nWell even with a full query log and quite some experience in the operation of web applications I could not figure out what Confluence is doing (productively, no doubt) but trust me, it writes a couple of hundred kbytes to the database each second just sitting idle.\n\n\n\n\nMy infrastructure as of 2019\n\n\nI've wanted to write about my infrastructure for a while, but I kept thinking, \"I'll wait until after I've done $next_thing_on_my_todo.\" Of course this cycle never ends, so I decided to write about its state at the end of 2019. Maybe I'll write an update on it in a couple of moons; who knows?\n\n\n\n\nFor something different than our usual Beastie Bits… we bring you…\n\nWe're all quarantined so lets install BSD on things!  Install BSD on something this week, write it up and let us know about it, and maybe we'll feature you!\n\n\nInstallation of NetBSD on a Mac Mini\nOpenBSD on the HP Envy 13\nInstall NetBSD on a Vintage Computer\nBSDCan Home Lab Panel recording session: May 5th at 18:00 UTC\nAllan started a series of FreeBSD Office Hours\n\n\n\n\nBSDNow is going Independent\n\n\nAfter being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements.\nWhat does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.\n\n\nFeedback/Questions\n\n\nTodd - LinusTechTips Claims about ZFS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.furybsd.org/furybsd-2020-q2-images-are-available-for-xfce-and-kde/\" rel=\"nofollow\"\u003eFuryBSD 2020Q2 Images Available for XFCE and KDE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Q2 2020 images are not a visible leap forward but a functional leap forward.  Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://unixsheikh.com/articles/technical-reasons-to-choose-freebsd-over-linux.html\" rel=\"nofollow\"\u003eTechnical reasons to choose FreeBSD over GNU/Linux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince I wrote my article \u0026quot;Why you should migrate everything from Linux to BSD\u0026quot; I have been wanting to write something about the technical reasons to choose FreeBSD over GNU/Linux and while I cannot possibly cover every single reason, I can write about some of the things that I consider worth noting.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e+ \u003ca href=\"https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-deux-ghostbsd/\" rel=\"nofollow\"\u003eNot actually Linux distro review deux: GhostBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen I began work on the FreeBSD 12.1-RELEASE review last week, it didn\u0026#39;t take long to figure out that the desktop portion wasn\u0026#39;t going very smoothly.\u003c/p\u003e\n\n\u003cp\u003eI think it\u0026#39;s important for BSD-curious users to know of easier, gentler alternatives, so I did a little looking around and settled on GhostBSD for a follow-up review.\u003c/p\u003e\n\n\u003cp\u003eGhostBSD is based on TrueOS, which itself derives from FreeBSD Stable. It was originally a Canadian distro, but—like most successful distributions—it has transcended its country of origin and can now be considered worldwide. Significant GhostBSD development takes place now in Canada, Italy, Germany, and the United States.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/6265\" rel=\"nofollow\"\u003e“TLS Mastery” sponsorships open\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.\u003c/p\u003e\n\n\u003cp\u003eThis should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eJT (our producer) shared his Open Source Retail Box Collection on twitter this past weekend and there was a nice response from a few in the BSD Community showing their collections:\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eJT\u0026#39;s post: \u003ca href=\"https://twitter.com/q5sys/status/1251194823589138432\" rel=\"nofollow\"\u003ehttps://twitter.com/q5sys/status/1251194823589138432\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eHigh Resolution Image to see the bottom shelf better: \u003ca href=\"https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg\" rel=\"nofollow\"\u003ehttps://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCloseup of the BSD Section: \u003ca href=\"https://twitter.com/q5sys/status/1251294290782928897\" rel=\"nofollow\"\u003ehttps://twitter.com/q5sys/status/1251294290782928897\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOthers jumped in with their collections:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eDeb Goodkin\u0026#39;s collection: \u003ca href=\"https://twitter.com/dgoodkin/status/1251294016139743232\" rel=\"nofollow\"\u003ehttps://twitter.com/dgoodkin/status/1251294016139743232\u003c/a\u003e \u0026amp; \u003ca href=\"https://twitter.com/dgoodkin/status/1251298125672660992\" rel=\"nofollow\"\u003ehttps://twitter.com/dgoodkin/status/1251298125672660992\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeBSD Frau\u0026#39;s FreeBSD Collection: \u003ca href=\"https://twitter.com/freebsdfrau/status/1251290430475350018\" rel=\"nofollow\"\u003ehttps://twitter.com/freebsdfrau/status/1251290430475350018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJason Tubnor\u0026#39;s OpenBSD Collection: \u003ca href=\"https://twitter.com/Tubsta/status/1251265902214918144\" rel=\"nofollow\"\u003ehttps://twitter.com/Tubsta/status/1251265902214918144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eDo you have a nice collection, take a picture and send it in!\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdb0y.github.io/blog/deep-dive-into-the-OpenBSD-malloc-and-friends-internals-part-1.html\" rel=\"nofollow\"\u003eTale of OpenBSD secure memory allocator internals - malloc(3)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHi there,\u003c/p\u003e\n\n\u003cp\u003eIt\u0026#39;s been a very long time I haven\u0026#39;t written anything after my last OpenBSD blogs, that is, \u003c/p\u003e\n\n\u003cp\u003eOpenBSD Kernel Internals — Creation of process from user-space to kernel space.\u003c/p\u003e\n\n\u003cp\u003eOpenBSD: Introduction to \u003ccode\u003eexecpromises\u003c/code\u003e in the pledge(2)\u003c/p\u003e\n\n\u003cp\u003epledge(2): OpenBSD\u0026#39;s defensive approach to OS Security\u003c/p\u003e\n\n\u003cp\u003eSo, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/community/threads/how-i-learned-to-stop-worrying-and-love-ssds.82617/\" rel=\"nofollow\"\u003eHow I learned to stop worrying and love SSDs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003emy home FreeNAS runs two pools for data. One RAIDZ2 with four spinning disk drives and one mirror with two SSDs. Toying with InfluxDB and Grafana in the last couple of days I found that I seem to have a constant write load of 1 Megabyte (!) per second on the SSDs. What the ...?\u003c/p\u003e\n\n\u003cp\u003eSo I run three VMs on the SSDs in total. One with Windows 10, two with Ubuntu running Confluence, A wiki essentially, with files for attachments and MySQL as the backend database. Clearly the writes had to stop when the wikis were not used at all, just sitting idle, right?\u003c/p\u003e\n\n\u003cp\u003eWell even with a full query log and quite some experience in the operation of web applications I could not figure out what Confluence is doing (productively, no doubt) but trust me, it writes a couple of hundred kbytes to the database each second just sitting idle.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://chown.me/blog/infrastructure-2019.html\" rel=\"nofollow\"\u003eMy infrastructure as of 2019\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve wanted to write about my infrastructure for a while, but I kept thinking, \u0026quot;I\u0026#39;ll wait until after I\u0026#39;ve done $next_thing_on_my_todo.\u0026quot; Of course this cycle never ends, so I decided to write about its state at the end of 2019. Maybe I\u0026#39;ll write an update on it in a couple of moons; who knows?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFor something different than our usual Beastie Bits… we bring you…\u003c/h2\u003e\n\n\u003ch2\u003eWe\u0026#39;re all quarantined so lets install BSD on things!  Install BSD on something this week, write it up and let us know about it, and maybe we\u0026#39;ll feature you!\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://e17i.github.io/articles-netbsd-install/\" rel=\"nofollow\"\u003eInstallation of NetBSD on a Mac Mini\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://icyphox.sh/blog/openbsd-hp-envy/\" rel=\"nofollow\"\u003eOpenBSD on the HP Envy 13\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.rs-online.com/designspark/install-netbsd-on-a-vintage-computer\" rel=\"nofollow\"\u003eInstall NetBSD on a Vintage Computer\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/allanjude/status/1251895348836143104\" rel=\"nofollow\"\u003eBSDCan Home Lab Panel recording session: May 5th at 18:00 UTC\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://wiki.freebsd.org/OfficeHours\" rel=\"nofollow\"\u003eAllan started a series of FreeBSD Office Hours\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBSDNow is going Independent\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements.\nWhat does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTodd - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/348/feedback/Todd%20-%20LinusTechTips\u0026#x27;%20claims%20on%20ZFS.md\" rel=\"nofollow\"\u003eLinusTechTips Claims about ZFS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0348.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.","date_published":"2020-04-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ed288ede-fe94-433f-85a4-6eebb8cb2478.mp3","mime_type":"audio/mp3","size_in_bytes":43398814,"duration_in_seconds":3616}]},{"id":"25cb0a70-b178-4702-8e8f-a8e7427a9ae2","title":"347: New Directions","url":"https://www.bsdnow.tv/347","content_text":"Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.\n\nHeadlines\n\nRethinking OpenBSD Security\n\n\nOpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.\nI picked a few errata, not all of them, that were interesting and happened to suit my narrative.\n\n\n\n\nFreeBSD 2020 Q1 Quarterly report\n\n\nWelcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.\n\n\n\n\nNews Roundup\n\nThe Notion of Progress and User Interfaces\n\n\nOne trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.\n\nHow should we think about progress? Both in general and regarding technology?\n\n\n\n\nThomas E. Dickey on NetBSD curses\n\n\nI was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses.  It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match.  I don't want to go through Mr. Dickey's document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious.  Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.\n\n\n\n\nMaking Unix a little more Plan9-like\n\n\nI’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.\n\nA Warning\n\nThe suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.\n\n\n\n\nNot-actually Linux distro review: FreeBSD 12.1-RELEASE\n\n\nThis month's Linux distro review isn't of a Linux distribution at all—instead, we're taking a look at FreeBSD, the original gangster of free Unix-like operating systems.\n\nThe first FreeBSD release was in 1993, but the operating system's roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz's 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.\n\nBefore we get started, I'd like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD's strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We're going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can't imagine readers wouldn't care about it.\n\nFreeBSD does not provide a good desktop experience, to say the least. But if you're hankering for a BSD-based desktop, don't worry—we're already planning a followup review of GhostBSD, a desktop-focused BSD distribution.\n\n\n\n\nBeastie Bits\n\n\nWifi renewal restarted\nHAMMER2 and a quick start for DragonFly\nEngineering NetBSD 9.0\nAntivirus Protection using OPNsense Plugins\nBSDCan Home Lab Panel recording session: May 5th at 18:00 UTC\n\n\n\n\nBSDNow is going Independent\n\n\nAfter being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different. \nWhat does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.\n\n\n\n\nFeedback/Questions\n\n\nJordyn - ZFS Pool Problem\n\n\ndebug - https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eRethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://flak.tedunangst.com/post/rethinking-openbsd-security\" rel=\"nofollow\"\u003eRethinking OpenBSD Security\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.\u003cbr\u003e\nI picked a few errata, not all of them, that were interesting and happened to suit my narrative.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2020-01-2020-03.html\" rel=\"nofollow\"\u003eFreeBSD 2020 Q1 Quarterly report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWelcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://herebeseaswines.net/essays/2020-04-13-the-notion-of-progress-and-user-interfaces\" rel=\"nofollow\"\u003eThe Notion of Progress and User Interfaces\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.\u003c/p\u003e\n\n\u003cp\u003eHow should we think about progress? Both in general and regarding technology?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://implementality.blogspot.com/2020/04/thomas-e-dickey-on-netbsd-curses.html\" rel=\"nofollow\"\u003eThomas E. Dickey on NetBSD curses\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses.  It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match.  I don\u0026#39;t want to go through Mr. Dickey\u0026#39;s document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious.  Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://woozle.org/papers/plan9.html\" rel=\"nofollow\"\u003eMaking Unix a little more Plan9-like\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.\u003c/p\u003e\n\n\u003cp\u003eA Warning\u003c/p\u003e\n\n\u003cp\u003eThe suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arstechnica.com/gadgets/2020/04/not-actually-linux-distro-review-freebsd-12-1-release/\" rel=\"nofollow\"\u003eNot-actually Linux distro review: FreeBSD 12.1-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis month\u0026#39;s Linux distro review isn\u0026#39;t of a Linux distribution at all—instead, we\u0026#39;re taking a look at FreeBSD, the original gangster of free Unix-like operating systems.\u003c/p\u003e\n\n\u003cp\u003eThe first FreeBSD release was in 1993, but the operating system\u0026#39;s roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz\u0026#39;s 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.\u003c/p\u003e\n\n\u003cp\u003eBefore we get started, I\u0026#39;d like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD\u0026#39;s strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We\u0026#39;re going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can\u0026#39;t imagine readers wouldn\u0026#39;t care about it.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD does not provide a good desktop experience, to say the least. But if you\u0026#39;re hankering for a BSD-based desktop, don\u0026#39;t worry—we\u0026#39;re already planning a followup review of GhostBSD, a desktop-focused BSD distribution.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/wifi_renewal_restarted\" rel=\"nofollow\"\u003eWifi renewal restarted\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/04/21/24421.html\" rel=\"nofollow\"\u003eHAMMER2 and a quick start for DragonFly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://netbsd.org/%7Ekamil/AsiaBSDCon/Kamil_Rytarowski_Engineering_NetBSD_9.0.pdf\" rel=\"nofollow\"\u003eEngineering NetBSD 9.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=94vz_-5lAkE\" rel=\"nofollow\"\u003eAntivirus Protection using OPNsense Plugins\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/allanjude/status/1251895348836143104\" rel=\"nofollow\"\u003eBSDCan Home Lab Panel recording session: May 5th at 18:00 UTC\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBSDNow is going Independent\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different. \nWhat does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eJordyn - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/347/feedback/Jordyn%20zfs%20pool%20problem.md\" rel=\"nofollow\"\u003eZFS Pool Problem\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003edebug - \u003ca href=\"https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt\" rel=\"nofollow\"\u003ehttps://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0347.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.","date_published":"2020-04-23T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/25cb0a70-b178-4702-8e8f-a8e7427a9ae2.mp3","mime_type":"audio/mp3","size_in_bytes":43806325,"duration_in_seconds":3650}]},{"id":"8f8d0474-abb5-4b90-955c-8d8cfd6dc489","title":"346: Core File Tales","url":"https://www.bsdnow.tv/346","content_text":"Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.\n\nHeadlines\n\nTales From a Core File - Lessons from the Unix stdio ABI: 40 Years Later\n\n\nOn the side, I’ve been wrapping up some improvements to the classic Unix stdio libraries in illumos. stdio contains the classic functions like fopen(), printf(), and the security nightmare gets(). While working on support for fmemopen() and friends I got to reacquaint myself with some of the joys of the stdio ABI and its history from 7th Edition Unix. With that in mind, let’s dive into this, history, and some mistakes not to repeat. While this is written from the perspective of the C programming language, aspects of it apply to many other languages.\n\n\n\n\nUpdate Lenovo X260 BIOS with OpenBSD\n\n\nMy X260 only runs OpenBSD and has no CD driver. But I still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image.\n\nFirst off all, you need to download the “BIOS Update (Bootable CD)” from the Lenovo Support Website.\n\n\n\n\nNews Roundup\n\nThe problem of Unix iowait and multi-CPU machines\n\n\nVarious Unixes have had a 'iowait' statistic for a long time now (although I can't find a source for where it originated; it's not in 4.x BSD, so it may have come through System V and sar). The traditional and standard definition of iowait is that it's the amount of time the system was idle but had at least one process waiting on disk IO. Rather than count this time as 'idle' (as you would if you had a three-way division of CPU time between user, system, and idle), some Unixes evolved to count this as a new category, 'iowait'.\n\n\n\n\nMy Latest Self Hosted Hugo Workflow using FreeBSD Jails, Caddy, Restic and More\n\n\nAfter hosting with Netlify for a few years, I decided to head back to self hosting. Theres a few reasons for that but the main reasoning was that I had more control over how things worked.\n\nIn this post, i’ll show you my workflow for deploying my Hugo generated site (www.jaredwolff.com). Instead of using what most people would go for, i’ll be doing all of this using a FreeBSD Jails based server. Plus i’ll show you some tricks i’ve learned over the years on bulk image resizing and more.\n\nLet’s get to it.\n\n\n\n\nExtending support for the NetBSD-7 branch\n\n\nTypically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.\n\nWe've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.\n\nSecurity fixes will still be made to the NetBSD-7 branch.\n\nWe hope you're all safe. Stay home.\n\n\n\n\nTale of two hypervisor bugs - Escaping from FreeBSD bhyve\n\n\nVM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT\n\n\n\n\nBeastie Bits\n\n\nGhostBSD 20.02 Overview\nFuryBSD 12.1 Overview\n\u0026gt; Joe Maloney got in touch to say that the issues in the video and other ones found have since been fixed.  Now that's community feedback in action, and an example of a developer who does his best to help the community. A great guy indeed.\nOS108-9.0 amd64 MATE released\nFreeBSD hacking: carp panics \u0026amp; test\nInaugural FreeBSD Office Hours\n\n\n\n\nFeedback/Questions\n\n\nShody - systemd question\nBen - GELI and GPT\nStig - DIY NAS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eTales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fingolfin.org/blog/20200327/stdio-abi.html\" rel=\"nofollow\"\u003eTales From a Core File - Lessons from the Unix stdio ABI: 40 Years Later\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn the side, I’ve been wrapping up some improvements to the classic Unix stdio libraries in illumos. stdio contains the classic functions like fopen(), printf(), and the security nightmare gets(). While working on support for fmemopen() and friends I got to reacquaint myself with some of the joys of the stdio ABI and its history from 7th Edition Unix. With that in mind, let’s dive into this, history, and some mistakes not to repeat. While this is written from the perspective of the C programming language, aspects of it apply to many other languages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20200331/update-lenovo-x260-bios-with-openbsd/\" rel=\"nofollow\"\u003eUpdate Lenovo X260 BIOS with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy X260 only runs OpenBSD and has no CD driver. But I still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image.\u003c/p\u003e\n\n\u003cp\u003eFirst off all, you need to download the “BIOS Update (Bootable CD)” from the Lenovo Support Website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/IowaitAndMultipleCPUs\" rel=\"nofollow\"\u003eThe problem of Unix iowait and multi-CPU machines\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eVarious Unixes have had a \u0026#39;iowait\u0026#39; statistic for a long time now (although I can\u0026#39;t find a source for where it originated; it\u0026#39;s not in 4.x BSD, so it may have come through System V and sar). The traditional and standard definition of iowait is that it\u0026#39;s the amount of time the system was idle but had at least one process waiting on disk IO. Rather than count this time as \u0026#39;idle\u0026#39; (as you would if you had a three-way division of CPU time between user, system, and idle), some Unixes evolved to count this as a new category, \u0026#39;iowait\u0026#39;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.jaredwolff.com/my-latest-self-hosted-hugo-workflow/\" rel=\"nofollow\"\u003eMy Latest Self Hosted Hugo Workflow using FreeBSD Jails, Caddy, Restic and More\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter hosting with Netlify for a few years, I decided to head back to self hosting. Theres a few reasons for that but the main reasoning was that I had more control over how things worked.\u003c/p\u003e\n\n\u003cp\u003eIn this post, i’ll show you my workflow for deploying my Hugo generated site (\u003ca href=\"http://www.jaredwolff.com\" rel=\"nofollow\"\u003ewww.jaredwolff.com\u003c/a\u003e). Instead of using what most people would go for, i’ll be doing all of this using a FreeBSD Jails based server. Plus i’ll show you some tricks i’ve learned over the years on bulk image resizing and more.\u003c/p\u003e\n\n\u003cp\u003eLet’s get to it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/extending_support_for_the_netbsd\" rel=\"nofollow\"\u003eExtending support for the NetBSD-7 branch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTypically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.\u003c/p\u003e\n\n\u003cp\u003eWe\u0026#39;ve decided to hold off on doing that to ensure our users don\u0026#39;t feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.\u003c/p\u003e\n\n\u003cp\u003eSecurity fixes will still be made to the NetBSD-7 branch.\u003c/p\u003e\n\n\u003cp\u003eWe hope you\u0026#39;re all safe. Stay home.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://phrack.org/papers/escaping_from_freebsd_bhyve.html\" rel=\"nofollow\"\u003eTale of two hypervisor bugs - Escaping from FreeBSD bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eVM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=kFG-772WGwg\" rel=\"nofollow\"\u003eGhostBSD 20.02 Overview\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=5V8680uoXxw\" rel=\"nofollow\"\u003eFuryBSD 12.1 Overview\u003c/a\u003e\n\u0026gt; Joe Maloney got in touch to say that the issues in the video and other ones found have since been fixed.  Now that\u0026#39;s community feedback in action, and an example of a developer who does his best to help the community. A great guy indeed.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://forums.os108.org/d/27-os108-9-0-amd64-mate-released\" rel=\"nofollow\"\u003eOS108-9.0 amd64 MATE released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.twitch.tv/videos/584064729\" rel=\"nofollow\"\u003eFreeBSD hacking: carp panics \u0026amp; test\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=6qBm5NM3zTQ\" rel=\"nofollow\"\u003eInaugural FreeBSD Office Hours\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eShody - \u003ca href=\"http://dpaste.com/2SAQDJJ#wrap\" rel=\"nofollow\"\u003esystemd question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBen - \u003ca href=\"http://dpaste.com/1S0DGT3#wrap\" rel=\"nofollow\"\u003eGELI and GPT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStig - \u003ca href=\"http://dpaste.com/2NGNZG5#wrap\" rel=\"nofollow\"\u003eDIY NAS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.","date_published":"2020-04-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8f8d0474-abb5-4b90-955c-8d8cfd6dc489.mp3","mime_type":"audio/mp3","size_in_bytes":40304872,"duration_in_seconds":3358}]},{"id":"c46952e4-8ea3-4506-b4eb-54f2870547ee","title":"345: Switchers to BSD","url":"https://www.bsdnow.tv/345","content_text":"NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.\n\nHeadlines\n\nNetBSD 8.2 is available!\n\n\nThe third release in the NetBSD-8 is now available.\n\nThis release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.\n\n\n\nSome highlights include:\n\n\nx86: fixed regression in booting old CPUs\nx86: Hyper-V Gen.2 VM framebuffer support\nhttpd(8): fixed various security issues\nixg(4): various fixes / improvements\nx86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.\nVarious kernel memory info leaks fixes\nUpdate expat to 2.2.8\nFix ryzen USB issues and support xHCI version 3.10.\nAccept root device specification as NAME=label.\nAdd multiboot 2 support to x86 bootloaders.\nFix for CVE-2019-9506: 'Key Negotiation of Bluetooth' attack.\nnouveau: limit the supported devices and fix firmware loading.\nradeon: fix loading of the TAHITI VCE firmware.\nnamed(8): stop using obsolete dnssec-lookaside.\n\n\n\n\n\nNextCloud on OpenBSD\n\n\nNextCloud and OpenBSD are complementary to one another. NextCloud is an awesome, secure and private alternative for proprietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.\n\n\n\nPreface\n\n\n\nBack when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).\n\nA rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.\n\n\n\n\nNews Roundup\n\nX11 screen locking: a secure and modular approach\n\n\nFor years I’ve been using XScreenSaver as a default, but I recently learned about xsecurelock and re-evaluated my screen-saving requirements\n\n\n\n\nNetBSD and RISC OS running parallel\n\n\nI have been experimenting with running two systems at the same time on the RK3399 SoC.\nIt all begun when I figured out how to switch to the A72 cpu for RISC OS. When the switch was done, the A53 cpu just continued to execute code.\nOK I thought why not give it something to do!\nMy first step was to run some small programs.\nIt worked!\n\n\nThanks to Tom Jones for the pointer to this article\n\n\n\n\n\nSeveral weeks ago we covered a story about switching from Linux to BSD.  Benedict and JT asked for community feedback as to their thoughts on the matter.  Allan was out that week, so this will give him an opportunity to chime in with his thoughts as well.\n\n\nJamie - Dumping Linux for BSD\nMatt - BSD Packaging\nBrad - Linux vs BS\nMJ - Linux vs BSD Feedback\nBen - Feedback for JT\nHenrik - Why you should migrate everything to BSD\n\n\n\n\nBeastie Bits\n\n\nssh-copy-id now included\nOPNsense 20.1.3 released\nA Collection of prebuilt BSD Cloud Images\nInstant terminal sharing\n\n\n\n\nFeedback/Questions\n\n\nAles - Manually verify signature files for pkg package\nShody - Yubikey\nMike - Site for hashes from old disks\n\n\nAnswer: https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing\n\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eNetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/netbsd_8_2_is_available\" rel=\"nofollow\"\u003eNetBSD 8.2 is available!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe third release in the NetBSD-8 is now available.\u003c/p\u003e\n\n\u003cp\u003eThis release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome highlights include:\n\n\u003cul\u003e\n\u003cli\u003ex86: fixed regression in booting old CPUs\u003c/li\u003e\n\u003cli\u003ex86: Hyper-V Gen.2 VM framebuffer support\u003c/li\u003e\n\u003cli\u003ehttpd(8): fixed various security issues\u003c/li\u003e\n\u003cli\u003eixg(4): various fixes / improvements\u003c/li\u003e\n\u003cli\u003ex86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.\u003c/li\u003e\n\u003cli\u003eVarious kernel memory info leaks fixes\u003c/li\u003e\n\u003cli\u003eUpdate expat to 2.2.8\u003c/li\u003e\n\u003cli\u003eFix ryzen USB issues and support xHCI version 3.10.\u003c/li\u003e\n\u003cli\u003eAccept root device specification as NAME=label.\u003c/li\u003e\n\u003cli\u003eAdd multiboot 2 support to x86 bootloaders.\u003c/li\u003e\n\u003cli\u003eFix for CVE-2019-9506: \u0026#39;Key Negotiation of Bluetooth\u0026#39; attack.\u003c/li\u003e\n\u003cli\u003enouveau: limit the supported devices and fix firmware loading.\u003c/li\u003e\n\u003cli\u003eradeon: fix loading of the TAHITI VCE firmware.\u003c/li\u003e\n\u003cli\u003enamed(8): stop using obsolete dnssec-lookaside.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://h3artbl33d.nl/2020-nextcloud.html\" rel=\"nofollow\"\u003eNextCloud on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNextCloud and OpenBSD are complementary to one another. NextCloud is an awesome, secure and private alternative for proprietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePreface\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBack when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).\u003c/p\u003e\n\n\u003cp\u003eA rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://leahneukirchen.org/blog/archive/2020/01/x11-screen-locking-a-secure-and-modular-approach.html\" rel=\"nofollow\"\u003eX11 screen locking: a secure and modular approach\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor years I’ve been using XScreenSaver as a default, but I recently learned about xsecurelock and re-evaluated my screen-saving requirements\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.update.uu.se/%7Emicken/ronetbsd.html\" rel=\"nofollow\"\u003eNetBSD and RISC OS running parallel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been experimenting with running two systems at the same time on the RK3399 SoC.\u003cbr\u003e\nIt all begun when I figured out how to switch to the A72 cpu for RISC OS. When the switch was done, the A53 cpu just continued to execute code.\u003cbr\u003e\nOK I thought why not give it something to do!\u003cbr\u003e\nMy first step was to run some small programs.\u003cbr\u003e\nIt worked!\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThanks to Tom Jones for the pointer to this article\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eSeveral weeks ago we covered a story about switching from Linux to BSD.  Benedict and JT asked for community feedback as to their thoughts on the matter.  Allan was out that week, so this will give him an opportunity to chime in with his thoughts as well.\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJamie - \u003ca href=\"http://dpaste.com/0CH1YXQ#wrap\" rel=\"nofollow\"\u003eDumping Linux for BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatt - \u003ca href=\"http://dpaste.com/2N68YPJ#wrap\" rel=\"nofollow\"\u003eBSD Packaging\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/2SF9V38#wrap\" rel=\"nofollow\"\u003eLinux vs BS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMJ - \u003ca href=\"http://dpaste.com/0Z2ZT4V#wrap\" rel=\"nofollow\"\u003eLinux vs BSD Feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBen - \u003ca href=\"http://dpaste.com/0B3M85X\" rel=\"nofollow\"\u003eFeedback for JT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHenrik - \u003ca href=\"http://dpaste.com/3F36EQE#wrap\" rel=\"nofollow\"\u003eWhy you should migrate everything to BSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/04/06/24367.html\" rel=\"nofollow\"\u003essh-copy-id now included\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-20-1-3-released/\" rel=\"nofollow\"\u003eOPNsense 20.1.3 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-cloud-image.org/\" rel=\"nofollow\"\u003eA Collection of prebuilt BSD Cloud Images\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://tmate.io/\" rel=\"nofollow\"\u003eInstant terminal sharing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAles - \u003ca href=\"http://dpaste.com/1EBWTK5#wrap\" rel=\"nofollow\"\u003eManually verify signature files for pkg package\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShody - \u003ca href=\"http://dpaste.com/340PM9Q#wrap\" rel=\"nofollow\"\u003eYubikey\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMike - \u003ca href=\"http://dpaste.com/13W9SF0\" rel=\"nofollow\"\u003eSite for hashes from old disks\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnswer: \u003ca href=\"https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing\" rel=\"nofollow\"\u003ehttps://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0345.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.","date_published":"2020-04-09T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c46952e4-8ea3-4506-b4eb-54f2870547ee.mp3","mime_type":"audio/mp3","size_in_bytes":34426694,"duration_in_seconds":2868}]},{"id":"e17510a7-48e1-4fa3-9500-222f5e4904ee","title":"344: Grains of Salt","url":"https://www.bsdnow.tv/344","content_text":"Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.\n\nHeadlines\n\nText processing in the shell\n\n\nThis article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!\n\nOne of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.\n\nWhen working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.\n\n\n\n\nRebalancing data on ZFS mirrors\n\n\nOne of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”\n\nIf you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.\n\nDon’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.\n\n\n\n\nNews Roundup\n\nUsing OpenBSD relayd to Add Security Headers\n\n\nI am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.\n\n\n\n\nHow we set up our ZFS filesystem hierarchy in our ZFS pools\n\n\nOur long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.\n\n\n\n\nSpeeding up ZSH\n\nhttps://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh\n\n\nI was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.\n\nIn the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.\n\n\n\n\nHow do Unix Pipes work\n\n\nPipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.\n\n\n\n\nWhat we do to enable us to grow our ZFS pools over time\n\n\nIn my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.\nOur big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.\n\n\n\n\nLinux maintains bugs: The real reason ifconfig on Linux is deprecated\n\n\nIn my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).\n\n\nIn the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.\n\n\n\nClear Your Terminal in Style\n\n\nif you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.\n\nThis post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.\n\n\n\n\nFeedback/Questions\n\n\nGuy - AMD GPU Help\nMLShroyer13 - VLANs and Jails\nMaster One - ZFS Suspend/resume\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eShell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.balthazar-rouberol.com/text-processing-in-the-shell\" rel=\"nofollow\"\u003eText processing in the shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!\u003c/p\u003e\n\n\u003cp\u003eOne of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.\u003c/p\u003e\n\n\u003cp\u003eWhen working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jrs-s.net/2020/03/10/rebalancing-data-on-zfs-mirrors/\" rel=\"nofollow\"\u003eRebalancing data on ZFS mirrors\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”\u003c/p\u003e\n\n\u003cp\u003eIf you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.\u003c/p\u003e\n\n\u003cp\u003eDon’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://web.archive.org/web/20191109121500/https://goblackcat.com/posts/using-openbsd-relayd-to-add-security-headers/\" rel=\"nofollow\"\u003eUsing OpenBSD relayd to Add Security Headers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSOurContainerFilesystems\" rel=\"nofollow\"\u003eHow we set up our ZFS filesystem hierarchy in our ZFS pools\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOur long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call \u0026#39;work directory\u0026#39; (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.jonlu.ca/posts/speeding-up-zsh\" rel=\"nofollow\"\u003eSpeeding up ZSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh\" rel=\"nofollow\"\u003ehttps://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.\u003c/p\u003e\n\n\u003cp\u003eIn the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.vegardstikbakke.com/how-do-pipes-work-sigpipe/\" rel=\"nofollow\"\u003eHow do Unix Pipes work\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSHowWeGrowPools\" rel=\"nofollow\"\u003eWhat we do to enable us to grow our ZFS pools over time\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my entry on why ZFS isn\u0026#39;t good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.\u003cbr\u003e\nOur big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.farhan.codes/2018/06/25/linux-maintains-bugs-the-real-reason-ifconfig-on-linux-is-deprecated/\" rel=\"nofollow\"\u003eLinux maintains bugs: The real reason ifconfig on Linux is deprecated\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eIn the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adammusciano.com/2020/03/04/2020-03-04-clear-your-terminal-in-style/\" rel=\"nofollow\"\u003eClear Your Terminal in Style\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eif you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.\u003c/p\u003e\n\n\u003cp\u003eThis post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eGuy - \u003ca href=\"http://dpaste.com/2NEPDHB\" rel=\"nofollow\"\u003eAMD GPU Help\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMLShroyer13 - \u003ca href=\"http://dpaste.com/31KBNP4#wrap\" rel=\"nofollow\"\u003eVLANs and Jails\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMaster One - \u003ca href=\"http://dpaste.com/0DKM8CF#wrap\" rel=\"nofollow\"\u003eZFS Suspend/resume\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0344.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.","date_published":"2020-04-02T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e17510a7-48e1-4fa3-9500-222f5e4904ee.mp3","mime_type":"audio/mp3","size_in_bytes":40072591,"duration_in_seconds":3339}]},{"id":"1752e8c2-3d6e-40dc-8bd9-5c7654660b15","title":"343: FreeBSD, Corona: Fight!","url":"https://www.bsdnow.tv/343","content_text":"Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.\n\nHeadlines\n\nFighting the Coronavirus with FreeBSD\n\n\nHere is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.\n\nUPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.\n\nPer default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.\n\n\n\n\nHow to configure the Wireguard VPN in OPNsense\n\n\nWireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha's. The gotcha's occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home's Internet connection.\n\nWireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.\n\nThe documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.\n\n\n\n\nNews Roundup\n\nNomadBSD 1.3.1\n\n\nNomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.\n\n\n\n\nGhostBSD 20.02\n\n\nEric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.\n\n\n\n\nNew FuryBSD XFCE and KDE images\n\n\nThis new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.\n\n\n\n\npf-badhost 0.3 Released\n\n\npf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.\n\n\n\n\nBeastie Bits\n\n\nDragonFly i915 drm update\nCShell is punk rock\nThe most surprising Unix programs\n\n\n\n\nFeedback/Questions\n\n\nMaster One - Torn between OpenBSD and FreeBSD\nBrad - Follow up to Linus ZFS story\nFilipe Carvalho - Call for Portuguese BSD User Groups\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.leidinger.net/blog/2020/03/19/fighting-the-coronavirus-with-freebsd-foldinghome/\" rel=\"nofollow\"\u003eFighting the Coronavirus with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.\u003c/p\u003e\n\n\u003cp\u003eUPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.\u003c/p\u003e\n\n\u003cp\u003ePer default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://homenetworkguy.com/how-to/configure-wireguard-opnsense/\" rel=\"nofollow\"\u003eHow to configure the Wireguard VPN in OPNsense\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha\u0026#39;s. The gotcha\u0026#39;s occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home\u0026#39;s Internet connection.\u003c/p\u003e\n\n\u003cp\u003eWireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.\u003c/p\u003e\n\n\u003cp\u003eThe documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nomadbsd.org/index.html#1.3.1\" rel=\"nofollow\"\u003eNomadBSD 1.3.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ghostbsd.org/20.02_release_announcement\" rel=\"nofollow\"\u003eGhostBSD 20.02\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.furybsd.org/new-furybsd-12-1-based-images-are-available-for-xfce-and-kde/\" rel=\"nofollow\"\u003eNew FuryBSD XFCE and KDE images\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.geoghegan.ca/pfbadhost.html\" rel=\"nofollow\"\u003epf-badhost 0.3 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet\u0026#39;s biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/03/23/24324.html\" rel=\"nofollow\"\u003eDragonFly i915 drm update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.snailtext.com/posts/cshell-is-punk-rock.html\" rel=\"nofollow\"\u003eCShell is punk rock\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://minnie.tuhs.org/pipermail/tuhs/2020-March/020664.html\" rel=\"nofollow\"\u003eThe most surprising Unix programs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMaster One - \u003ca href=\"http://dpaste.com/102HKF5#wrap\" rel=\"nofollow\"\u003eTorn between OpenBSD and FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/1VXQA2Y#wrap\" rel=\"nofollow\"\u003eFollow up to Linus ZFS story\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFilipe Carvalho - \u003ca href=\"http://dpaste.com/2H7S8YP\" rel=\"nofollow\"\u003eCall for Portuguese BSD User Groups\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0343.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.","date_published":"2020-03-26T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1752e8c2-3d6e-40dc-8bd9-5c7654660b15.mp3","mime_type":"audio/mp3","size_in_bytes":28131915,"duration_in_seconds":2344}]},{"id":"d6b1fa91-dcee-41e7-9e1c-b0f240d34ea0","title":"342: Layout the DVA","url":"https://www.bsdnow.tv/342","content_text":"OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.\n\nHeadlines\n\nOpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload\n\n\nIt has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out.  I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work.  When I got the laptop, the default BIOS was UEFI and I installed two operating systems.\n\nWindows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)\n\nUbuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption\n\nI purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it.  Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.\n\n\n\nSee article for rest of story\n\n\n\n\nFreeBSD 12.0 EOL\n\n\nDear FreeBSD community,\n\nAs of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team.  Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.\n\n\n\n12.1 Active release\n12.2 Release Schedule\n\n\n\n\nNews Roundup\n\nSome effects of the ZFS DVA format on data layout and growing ZFS pools\n\n\nOne piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we're talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it's talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn't really thought about until the other day.\n\nRight away we can see why ZFS has a problem removing a vdev; the vdev's number is burned into every DVA that refers to data on it. If there's no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it's been removed.\n\n\n\n\nWarning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates.\n\n\nCritical Information for Current FreeNAS and TrueNAS Users\n\n\n\nMicrosoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.\n\nFreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.\n\n\n\n\nFull name of the FreeBSD Root Account\n\n\nNetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....\n\n\n\n\nOpenBSD Go Situation\n\n\nOver in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:\n\nI don't think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.\n\nIf you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don't want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn't guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it's written in.\n\n\n\n\nBeastie Bits\n\n\nTest your TOR\nOPNsense 20.1.1 released\npkg for FreeBSD 1.13\n\n\n\n\nFeedback/Questions\n\n\nBostjan writes in about Wireguard\nCharlie has a followup to wpa_supplicant as lower class citizen\nLars writes about LibreSSL as a positive example\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eOpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2020/03/07/openbsd-full-disk-encryption-with-coreboot-and-tianocore-payload/\" rel=\"nofollow\"\u003eOpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out.  I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work.  When I got the laptop, the default BIOS was UEFI and I installed two operating systems.\u003c/p\u003e\n\n\u003cp\u003eWindows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)\u003c/p\u003e\n\n\u003cp\u003eUbuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption\u003c/p\u003e\n\n\u003cp\u003eI purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it.  Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee article for rest of story\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001930.html\" rel=\"nofollow\"\u003eFreeBSD 12.0 EOL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDear FreeBSD community,\u003c/p\u003e\n\n\u003cp\u003eAs of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team.  Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/12.1R/announce.html\" rel=\"nofollow\"\u003e12.1 Active release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/12.2R/schedule.html\" rel=\"nofollow\"\u003e12.2 Release Schedule\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSDVAFormatAndGrowth\" rel=\"nofollow\"\u003eSome effects of the ZFS DVA format on data layout and growing ZFS pools\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we\u0026#39;re talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it\u0026#39;s talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn\u0026#39;t really thought about until the other day.\u003c/p\u003e\n\n\u003cp\u003eRight away we can see why ZFS has a problem removing a vdev; the vdev\u0026#39;s number is burned into every DVA that refers to data on it. If there\u0026#39;s no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it\u0026#39;s been removed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/active-directory-truenas-and-freenas/\" rel=\"nofollow\"\u003eWarning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCritical Information for Current FreeNAS and TrueNAS Users\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMicrosoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.\u003c/p\u003e\n\n\u003cp\u003eFreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.geeklan.co.uk/?p=2457\" rel=\"nofollow\"\u003eFull name of the FreeBSD Root Account\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/programming/GoOpenBSDSituation\" rel=\"nofollow\"\u003eOpenBSD Go Situation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:\u003c/p\u003e\n\n\u003cp\u003eI don\u0026#39;t think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.\u003c/p\u003e\n\n\u003cp\u003eIf you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don\u0026#39;t want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn\u0026#39;t guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it\u0026#39;s written in.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2020-February/018174.html\" rel=\"nofollow\"\u003eTest your TOR\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-20-1-1-released/\" rel=\"nofollow\"\u003eOPNsense 20.1.1 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=525794\" rel=\"nofollow\"\u003epkg for FreeBSD 1.13\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3WKG09D#wrap\" rel=\"nofollow\"\u003eBostjan writes in about Wireguard\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0DDN99Q#wrap\" rel=\"nofollow\"\u003eCharlie has a followup to wpa_supplicant as lower class citizen\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1N12HFB#wrap\" rel=\"nofollow\"\u003eLars writes about LibreSSL as a positive example\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0342.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.","date_published":"2020-03-19T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d6b1fa91-dcee-41e7-9e1c-b0f240d34ea0.mp3","mime_type":"audio/mp3","size_in_bytes":34437665,"duration_in_seconds":2869}]},{"id":"28217a13-b389-4ab7-bc99-8a6f5d61e5b5","title":"341: U-NAS-ification","url":"https://www.bsdnow.tv/341","content_text":"FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.\n\nHeadlines\n\nFreeBSD on Power\n\n\nThe power and promise of all open source software is freedom. Another way to express freedom is choice — choice of platforms, deployment models, stacks, configurations, etc.\n\nThe FreeBSD Foundation is dedicated to supporting and promoting the FreeBSD Project and community worldwide. But, what does this mean, exactly, you may wonder. The truth is it means many different things, but in all cases the Foundation acts to expand freedom and choice so that FreeBSD users have the power to serve their varied compute needs.\n\nThis blog tells the story of one specific way the Foundation helps a member of the community provide greater hardware choice for all FreeBSD users.\n\n\n\n\nDragonfly 5.8\n\n\nDragonFly version 5.8 brings a new dsynth utility for building your own binary dports packages, plus significant support work to speed up that build - up to and including the entire collection. Additional progress has been made on GPU and signal support.\n\nThe details of all commits between the 5.6 and 5.8 branches are available in the associated commit messages for 5.8.0rc1 and 5.8.0. Also see /usr/src/UPDATING for specific file changes in PAM.\n\n\n\nSee article for rest of information\n\n\n\n\n2nd HamBUG meeting recap\n\n\nThe second meeting of the Hamilton BSD Users Group took place last night\nThe next meeting is scheduled for the 2nd Tuesday of the month, April 14th 2020\n\n\n\n\nNews Roundup\n\nFreeNAS/TrueNAS Brand Unification\n\n\nFreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications. \n\nFrom the beginning at iXsystems, we’ve developed, tested, documented, and released both as separate products, even though the vast majority of code is shared. This was a deliberate technical decision in the beginning but over time became less of a necessity and more of “just how we’ve always done it”. Furthermore, to change it was going to require a serious overhaul to how we build and package both products, among other things, so we continued to kick the can down the road. As we made systematic improvements to development and QA efficiency over the past few years, the redundant release process became almost impossible to ignore as our next major efficiency roadblock to overcome. So, we’ve finally rolled up our sleeves.\n\nWith the recent 11.3 release, TrueNAS gained parity with FreeNAS on features like VMs and Plugins, further homogenizing the code. Today, we announce the next phase of evolution for FreeNAS and TrueNAS. \n\n\n\n\nOpenBSD versus Prometheus (and Go).\n\n\nWe have a decent number of OpenBSD machines that do important things (and that have sometimes experienced problems like running out of disk space), and we have a Prometheus based metrics and monitoring system. The Prometheus host agent has enough support for OpenBSD to be able to report on critical metrics, including things like local disk space. Despite all of this, after some investigation I've determined that it's not really sensible to even try to deploy the host agent on our OpenBSD machines. This is due to a combination of factors that have at their root OpenBSD's lack of ABI stability\n\n\n\n\nFreeBSD removed gcc from base\n\n\nAs described in Warner's email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1's retirement date.  At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports).\n\nGCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825.  GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD.  It does not support modern C and does not support arm64 or RISC-V.\n\n\n\n\nBeastie Bits\n\n\nNew Archive location for Dragonfly 4.x\nA dead simple git cheat sheet\nXorg 1.20.7 on HardenedBSD Comes with IE/RELRO+BIND_NOW/CFI/SafeStack Protections\n\n\n\n\nFeedback/Questions\n\n\nNiclas writes in Regarding the Lenovo E595 user (episode 340)\nLyubomir writes about GELI and ZFS\nPeter writes in about scaling FreeBSD jails\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/power-to-the-people-making-freebsd-a-first-class-citizen-on-power/\" rel=\"nofollow\"\u003eFreeBSD on Power\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe power and promise of all open source software is freedom. Another way to express freedom is choice — choice of platforms, deployment models, stacks, configurations, etc.\u003c/p\u003e\n\n\u003cp\u003eThe FreeBSD Foundation is dedicated to supporting and promoting the FreeBSD Project and community worldwide. But, what does this mean, exactly, you may wonder. The truth is it means many different things, but in all cases the Foundation acts to expand freedom and choice so that FreeBSD users have the power to serve their varied compute needs.\u003c/p\u003e\n\n\u003cp\u003eThis blog tells the story of one specific way the Foundation helps a member of the community provide greater hardware choice for all FreeBSD users.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release58/\" rel=\"nofollow\"\u003eDragonfly 5.8\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDragonFly version 5.8 brings a new dsynth utility for building your own binary dports packages, plus significant support work to speed up that build - up to and including the entire collection. Additional progress has been made on GPU and signal support.\u003c/p\u003e\n\n\u003cp\u003eThe details of all commits between the 5.6 and 5.8 branches are available in the associated commit messages for 5.8.0rc1 and 5.8.0. Also see /usr/src/UPDATING for specific file changes in PAM.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee article for rest of information\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.hambug.ca/\" rel=\"nofollow\"\u003e2nd HamBUG meeting recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe second meeting of the Hamilton BSD Users Group took place last night\u003c/li\u003e\n\u003cli\u003eThe next meeting is scheduled for the 2nd Tuesday of the month, April 14th 2020\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/freenas-truenas-unification/\" rel=\"nofollow\"\u003eFreeNAS/TrueNAS Brand Unification\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications. \u003c/p\u003e\n\n\u003cp\u003eFrom the beginning at iXsystems, we’ve developed, tested, documented, and released both as separate products, even though the vast majority of code is shared. This was a deliberate technical decision in the beginning but over time became less of a necessity and more of “just how we’ve always done it”. Furthermore, to change it was going to require a serious overhaul to how we build and package both products, among other things, so we continued to kick the can down the road. As we made systematic improvements to development and QA efficiency over the past few years, the redundant release process became almost impossible to ignore as our next major efficiency roadblock to overcome. So, we’ve finally rolled up our sleeves.\u003c/p\u003e\n\n\u003cp\u003eWith the recent 11.3 release, TrueNAS gained parity with FreeNAS on features like VMs and Plugins, further homogenizing the code. Today, we announce the next phase of evolution for FreeNAS and TrueNAS. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/OpenBSDVsPrometheusAndGo\" rel=\"nofollow\"\u003eOpenBSD versus Prometheus (and Go).\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe have a decent number of OpenBSD machines that do important things (and that have sometimes experienced problems like running out of disk space), and we have a Prometheus based metrics and monitoring system. The Prometheus host agent has enough support for OpenBSD to be able to report on critical metrics, including things like local disk space. Despite all of this, after some investigation I\u0026#39;ve determined that it\u0026#39;s not really sensible to even try to deploy the host agent on our OpenBSD machines. This is due to a combination of factors that have at their root OpenBSD\u0026#39;s lack of ABI stability\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=358454\" rel=\"nofollow\"\u003eFreeBSD removed gcc from base\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs described in Warner\u0026#39;s email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1\u0026#39;s retirement date.  At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports).\u003c/p\u003e\n\n\u003cp\u003eGCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825.  GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD.  It does not support modern C and does not support arm64 or RISC-V.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2020/03/10/24276.html\" rel=\"nofollow\"\u003eNew Archive location for Dragonfly 4.x\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hub.iwebthings.com/a-dead-simple-git-cheatsheet/\" rel=\"nofollow\"\u003eA dead simple git cheat sheet\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/lattera/status/1233412881569415168\" rel=\"nofollow\"\u003eXorg 1.20.7 on HardenedBSD Comes with IE/RELRO+BIND_NOW/CFI/SafeStack Protections\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2YJ6PFW#wrap\" rel=\"nofollow\"\u003eNiclas writes in Regarding the Lenovo E595 user (episode 340)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1S0DGT3#wrap\" rel=\"nofollow\"\u003eLyubomir writes about GELI and ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2FSZQ8V#wrap\" rel=\"nofollow\"\u003ePeter writes in about scaling FreeBSD jails\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0341.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.","date_published":"2020-03-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/28217a13-b389-4ab7-bc99-8a6f5d61e5b5.mp3","mime_type":"audio/mp3","size_in_bytes":36740725,"duration_in_seconds":3061}]},{"id":"7e026ede-d713-4ed5-993a-9a39cab4aab1","title":"340: Check My Sums","url":"https://www.bsdnow.tv/340","content_text":"Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.\n\nHeadlines\n\nChecksumming in filesystems, and why ZFS is doing it right\n\n\nOne of the best aspects of ZFS is its reliability. This can be accomplished using a few features like copy-on-write approach and checksumming. Today we will look at how ZFS does checksumming and why it does it the proper way. Most of the file systems don’t provide any integrity checking and fail in several scenarios:\n\n\n\nData bit flips - when the data that we wanted to store are bit flipped by the hard drives, or cables, and the wrong data is stored on the hard drive.\nMisdirected writes - when the CPU/cable/hard drive will bit flip a block to which the data should be written.\nMisdirected read - when we miss reading the block when a bit flip occurred.\nPhantom writes - when the write operation never made it to the disk. For example, a disk or kernel may have some bug that it will return success even if the hard drive never made the write. This problem can also occur when data is kept only in the hard drive cache.\n\n\n\nChecksumming may help us detect errors in a few of those situations.\n\n\n\n\nDragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance\n\n\nIt's been a while since last having any new magical optimizations to talk about by DragonFlyBSD lead developer Matthew Dillon, but on Wednesday he landed some significant temporary file-system \"TMPFS\" optimizations for better throughput including with swap.\n\nOf several interesting commits merged tonight, the improved write clustering is a big one. In particular, \"Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure.\"\n\n\n\nhttps://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860\n\n\n\nThere's also a new tunable in the VM space as well as part of his commits on Wednesday night. This follows a lot of recent work on dsynth, improved page-out daemon pipelining, and other routine work.\n\n\n\nhttps://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351\n\n\n\nThis work is building up towards the eventual DragonFlyBSD 5.8 while those wanting to try the latest improvements right away can find their daily snapshots.\n\n\n\n\nNews Roundup\n\nWhy ZFS is not good at growing and reshaping pools (or shrinking them)\n\n\nrecently read Mark McBride's Five Years of Btrfs (via), which has a significant discussion of why McBride chose Btrfs over ZFS that boils down to ZFS not being very good at evolving your pool structure. You might doubt this judgment from a Btrfs user, so let me say as both a fan of ZFS and a long term user of it that this is unfortunately quite true; ZFS is not a good choice if you want to modify your pool disk layout significantly over time. ZFS works best if the only change in your pools that you do is replacing drives with bigger drives. In our ZFS environment we go to quite some lengths to be able to expand pools incrementally over time, and while this works it both leaves us with unbalanced pools and means that we're basically forced to use mirroring instead of RAIDZ.\n\n(An unbalanced pool is one where some vdevs and disks have much more data than others. This is less of an issue for us now that we're using SSDs instead of HDs.)\n\n\n\n\nUsing PKGSRC on Manjaro Linux aarch64 Pinebook-pro\n\n\nI wanted to see how pkgsrc works on aarch64 Linux Manjaro since it is a very mature framework that is very portable and supported by many architectures – pkgsrc (package source) is a package management system for Unix-like operating systems. It was forked from the FreeBSD ports collection in 1997 as the primary package management system for NetBSD.\n\nOne might question why use pkgsrc on Arch based Manjaro, since the pacman package repository is very good on its own. I see alternative pkgsrc as a good automated build framework that offers a way to produce independent build environment /usr/pkg that does not interfere with the current Linux distribution in any way (all libraries are statically built)\n\nI have used the latest Manjaro for Pinebookpro and standard recommended tools as mentioned here https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/\n\n\n\n\nA Central Log Host with syslog-ng on FreeBSD\n\n\nPart 1\n\n\n\nsyslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.\n\n\n\nPart 2\n\n\n\nThis blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not too difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host.\n\n\n\n\nBeastie Bits\n\n\nFreeBSD at Linux Conf 2020 session videos now online\nUnlock your laptop with your phone\nManaging a database of vulnerabilities for a package system: the pkgsrc study\nHamilton BSD User group will meet again on March 10th](http://studybsd.com/)\nCharmBUG Meeting: March 24th 7pm in Severn, MD\n***\n\n\nFeedback/Questions\n\n\nAndrew - ZFS feature Flags\nSam - TwinCat BSD\nDacian - Freebsd + amdgpu + Lenovo E595\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eWhy ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/73/\" rel=\"nofollow\"\u003eChecksumming in filesystems, and why ZFS is doing it right\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the best aspects of ZFS is its reliability. This can be accomplished using a few features like copy-on-write approach and checksumming. Today we will look at how ZFS does checksumming and why it does it the proper way. Most of the file systems don’t provide any integrity checking and fail in several scenarios:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eData bit flips - when the data that we wanted to store are bit flipped by the hard drives, or cables, and the wrong data is stored on the hard drive.\u003c/li\u003e\n\u003cli\u003eMisdirected writes - when the CPU/cable/hard drive will bit flip a block to which the data should be written.\u003c/li\u003e\n\u003cli\u003eMisdirected read - when we miss reading the block when a bit flip occurred.\u003c/li\u003e\n\u003cli\u003ePhantom writes - when the write operation never made it to the disk. For example, a disk or kernel may have some bug that it will return success even if the hard drive never made the write. This problem can also occur when data is kept only in the hard drive cache.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eChecksumming may help us detect errors in a few of those situations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=DragonFlyBSD-TMPFS-Throughput\" rel=\"nofollow\"\u003eDragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt\u0026#39;s been a while since last having any new magical optimizations to talk about by DragonFlyBSD lead developer Matthew Dillon, but on Wednesday he landed some significant temporary file-system \u0026quot;TMPFS\u0026quot; optimizations for better throughput including with swap.\u003c/p\u003e\n\n\u003cp\u003eOf several interesting commits merged tonight, the improved write clustering is a big one. In particular, \u0026quot;Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure.\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860\" rel=\"nofollow\"\u003ehttps://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere\u0026#39;s also a new tunable in the VM space as well as part of his commits on Wednesday night. This follows a lot of recent work on dsynth, improved page-out daemon pipelining, and other routine work.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351\" rel=\"nofollow\"\u003ehttps://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis work is building up towards the eventual DragonFlyBSD 5.8 while those wanting to try the latest improvements right away can find their daily snapshots.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSWhyNoRealReshaping\" rel=\"nofollow\"\u003eWhy ZFS is not good at growing and reshaping pools (or shrinking them)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003erecently read Mark McBride\u0026#39;s Five Years of Btrfs (via), which has a significant discussion of why McBride chose Btrfs over ZFS that boils down to ZFS not being very good at evolving your pool structure. You might doubt this judgment from a Btrfs user, so let me say as both a fan of ZFS and a long term user of it that this is unfortunately quite true; ZFS is not a good choice if you want to modify your pool disk layout significantly over time. ZFS works best if the only change in your pools that you do is replacing drives with bigger drives. In our ZFS environment we go to quite some lengths to be able to expand pools incrementally over time, and while this works it both leaves us with unbalanced pools and means that we\u0026#39;re basically forced to use mirroring instead of RAIDZ.\u003c/p\u003e\n\n\u003cp\u003e(An unbalanced pool is one where some vdevs and disks have much more data than others. This is less of an issue for us now that we\u0026#39;re using SSDs instead of HDs.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://astr0baby.wordpress.com/2020/02/09/using-pkgsrc-on-manjaro-linux-aarch64-pinebook-pro/\" rel=\"nofollow\"\u003eUsing PKGSRC on Manjaro Linux aarch64 Pinebook-pro\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI wanted to see how pkgsrc works on aarch64 Linux Manjaro since it is a very mature framework that is very portable and supported by many architectures – pkgsrc (package source) is a package management system for Unix-like operating systems. It was forked from the FreeBSD ports collection in 1997 as the primary package management system for NetBSD.\u003c/p\u003e\n\n\u003cp\u003eOne might question why use pkgsrc on Arch based Manjaro, since the pacman package repository is very good on its own. I see alternative pkgsrc as a good automated build framework that offers a way to produce independent build environment /usr/pkg that does not interfere with the current Linux distribution in any way (all libraries are statically built)\u003c/p\u003e\n\n\u003cp\u003eI have used the latest Manjaro for Pinebookpro and standard recommended tools as mentioned here \u003ca href=\"https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/\" rel=\"nofollow\"\u003ehttps://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eA Central Log Host with syslog-ng on FreeBSD\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.socruel.nu/freebsd/a-central-log-host-with-syslog-ng-on-freebsd.html\" rel=\"nofollow\"\u003ePart 1\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003esyslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.socruel.nu/freebsd/check-logs-of-syslog-ng-log-host-on-freebsd.html\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not too difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mirror.linux.org.au/pub/linux.conf.au/2020/room_9/Tuesday/\" rel=\"nofollow\"\u003eFreeBSD at Linux Conf 2020 session videos now online\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2020/01/09/freebsd-desktop-part-20-configuration-unlock-your-laptop-with-phone/\" rel=\"nofollow\"\u003eUnlock your laptop with your phone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.netbsd.org/gallery/presentations/leot/itasec20/pkgsrc-security.pdf\" rel=\"nofollow\"\u003eManaging a database of vulnerabilities for a package system: the pkgsrc study\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHamilton BSD User group will meet again on March 10th](\u003ca href=\"http://studybsd.com/\" rel=\"nofollow\"\u003ehttp://studybsd.com/\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/en-AU/CharmBUG/events/268251508/\" rel=\"nofollow\"\u003eCharmBUG Meeting: March 24th 7pm in Severn, MD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAndrew - \u003ca href=\"http://dpaste.com/2YM23C0#wrap\" rel=\"nofollow\"\u003eZFS feature Flags\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSam - \u003ca href=\"http://dpaste.com/0FCZV6R\" rel=\"nofollow\"\u003eTwinCat BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDacian - \u003ca href=\"http://dpaste.com/1R7F1JN#wrap\" rel=\"nofollow\"\u003eFreebsd + amdgpu + Lenovo E595\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0340.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.","date_published":"2020-03-05T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7e026ede-d713-4ed5-993a-9a39cab4aab1.mp3","mime_type":"audio/mp3","size_in_bytes":36478978,"duration_in_seconds":3039}]},{"id":"581b71e1-6a98-41d7-b8d8-477eaaaba8db","title":"339: BSD Fundraising","url":"https://www.bsdnow.tv/339","content_text":"Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.## Headlines\n\nMeet FuryBSD: A New Desktop BSD Distribution\n\n\nAt its heart, FuryBSD is a very simple beast. According to the site, “FuryBSD is a back to basics lightweight desktop distribution based on stock FreeBSD.” It is basically FreeBSD with a desktop environment pre-configured and several apps preinstalled. The goal is to quickly get a FreeBSD-based system running on your computer.\n\nYou might be thinking that this sounds a lot like a couple of other BSDs that are available, such as NomadBSD and GhostBSD. The major difference between those BSDs and FuryBSD is that FuryBSD is much closer to stock FreeBSD. For example, FuryBSD uses the FreeBSD installer, while others have created their own installers and utilities.\n\nAs it states on the site, “Although FuryBSD may resemble past graphical BSD projects like PC-BSD and TrueOS, FuryBSD is created by a different team and takes a different approach focusing on tight integration with FreeBSD. This keeps overhead low and maintains compatibility with upstream.” The lead dev also told me that “One key focus for FuryBSD is for it to be a small live media with a few assistive tools to test drivers for hardware.”\n\nCurrently, you can go to the FuryBSD homepage and download either an XFCE or KDE LiveCD. A GNOME version is in the works.\n\n\n\n\nNetBSD 9.0\n\n\nThe NetBSD Project is pleased to announce NetBSD 9.0, the seventeenth major release of the NetBSD operating system.\n\nThis release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes. Here are some highlights of this new release.\n\n\n\n\nNews Roundup\n\nOpenBSD Foundation 2019 campaign wrapup\n\n\nOur target for 2019 was CDN$300K. Our community's continued generosity combined with our corporate donors exceeded that nicely. In addition we received the largest single donation in our history, CDN$380K from Smartisan. The return of Google was another welcome event. Altogether 2019 was our most successful campaign to date, yielding CDN$692K in total.\n\nWe thank all our donors, Iridium (Smartisan), Platinum (Yandex, Google), Gold (Microsoft, Facebook) Silver (2Keys) and Bronze (genua, Thinkst Canary). But especially our community of smaller donors whose contributions are the bedrock of our support. Thank you all!\n\n\n\nOpenBSD Foundation 2019 Fundraising Goal Exceeded\n\n\n\n\nA retrospective on our OmniOS ZFS-based NFS fileservers\n\n\nOur OmniOS fileservers have now been out of service for about six months, which makes it somewhat past time for a retrospective on them. Our OmniOS fileservers followed on our Solaris fileservers, which I wrote a two part retrospective on (part 1, part 2), and have now been replaced by our Linux fileservers. To be honest, I have been sitting on my hands about writing this retrospective because we have mixed feelings about our OmniOS fileservers.\n\nI will put the summary up front. OmniOS worked reasonably well for us over its lifespan here and looking back I think it was almost certainly the right choice for us at the time we made that choice (which was 2013 and 2014). However it was not without issues that marred our experience with it in practice, although not enough to make me regret that we ran it (and ran it for as long as we did). Part of our issues are likely due to a design mistake in making our fileservers too big, although this design mistake was probably magnified when we were unable to use Intel 10G-T networking in OmniOS.\n\nOn the one hand, our OmniOS fileservers worked, almost always reliably. Like our Solaris fileservers before them, they ran quietly for years without needing much attention, delivering NFS fileservice to our Ubuntu servers; specifically, we ran them for about five years (2014 through 2019, although we started migrating away at the end of 2018). Over this time we had only minor hardware issues and not all that many disk failures, and we suffered no data loss (with ZFS checksums likely saving us several times, and certainly providing good reassurances). Our overall environment was easy to manage and was pretty much problem free in the face of things like failed disks. I'm pretty sure that our users saw a NFS environment that was solid, reliable, and performed well pretty much all of the time, which is the important thing. So OmniOS basically delivered the fileserver environment we wanted.\n\n\n\n\nNetBSD Fundraising 2020 goal\n\n\nIs it really more than 10 years since we last had an official fundraising drive?\n\nLooking at old TNF financial reports I noticed that we have been doing quite well financially over the last years, with a steady stream of small and medium donations, and most of the time only moderate expenditures. The last fundraising drive back in 2009 was a giant success, and we have lived off it until now.\n\n\n\n\nOpenSSH 8.2 released February 14, 2020\n\n\nOpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at https://www.openssh.com/.\n\nOpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.\n\nOnce again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at:\n\n\n\nhttps://www.openssh.com/donations.html\n\n\n\n\nBeastie Bits\n\n\nFreeNAS vs. Unraid: GRUDGE MATCH!\nUnix Toolbox\nRigs of Rods - OpenBSD Physics Game\nNYCBug - Dr Vixie\nHamilton BSD User group will meet again on March 10th](http://studybsd.com/)\nBSD Stockholm - Meetup March 3rd 2020\n\n\n\n\nFeedback/Questions\n\n\nShirkdog - Question\nMaster One - ZFS + Suspend/resume\nMicah Roth - ZFS write caching\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eMeet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.## Headlines\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://itsfoss.com/furybsd/\" rel=\"nofollow\"\u003eMeet FuryBSD: A New Desktop BSD Distribution\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt its heart, FuryBSD is a very simple beast. According to the site, “FuryBSD is a back to basics lightweight desktop distribution based on stock FreeBSD.” It is basically FreeBSD with a desktop environment pre-configured and several apps preinstalled. The goal is to quickly get a FreeBSD-based system running on your computer.\u003c/p\u003e\n\n\u003cp\u003eYou might be thinking that this sounds a lot like a couple of other BSDs that are available, such as NomadBSD and GhostBSD. The major difference between those BSDs and FuryBSD is that FuryBSD is much closer to stock FreeBSD. For example, FuryBSD uses the FreeBSD installer, while others have created their own installers and utilities.\u003c/p\u003e\n\n\u003cp\u003eAs it states on the site, “Although FuryBSD may resemble past graphical BSD projects like PC-BSD and TrueOS, FuryBSD is created by a different team and takes a different approach focusing on tight integration with FreeBSD. This keeps overhead low and maintains compatibility with upstream.” The lead dev also told me that “One key focus for FuryBSD is for it to be a small live media with a few assistive tools to test drivers for hardware.”\u003c/p\u003e\n\n\u003cp\u003eCurrently, you can go to the FuryBSD homepage and download either an XFCE or KDE LiveCD. A GNOME version is in the works.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html\" rel=\"nofollow\"\u003eNetBSD 9.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe NetBSD Project is pleased to announce NetBSD 9.0, the seventeenth major release of the NetBSD operating system.\u003c/p\u003e\n\n\u003cp\u003eThis release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes. Here are some highlights of this new release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20200217001107\" rel=\"nofollow\"\u003eOpenBSD Foundation 2019 campaign wrapup\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOur target for 2019 was CDN$300K. Our community\u0026#39;s continued generosity combined with our corporate donors exceeded that nicely. In addition we received the largest single donation in our history, CDN$380K from Smartisan. The return of Google was another welcome event. Altogether 2019 was our most successful campaign to date, yielding CDN$692K in total.\u003c/p\u003e\n\n\u003cp\u003eWe thank all our donors, Iridium (Smartisan), Platinum (Yandex, Google), Gold (Microsoft, Facebook) Silver (2Keys) and Bronze (genua, Thinkst Canary). But especially our community of smaller donors whose contributions are the bedrock of our support. Thank you all!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsdfoundation.org/campaign2019.html\" rel=\"nofollow\"\u003eOpenBSD Foundation 2019 Fundraising Goal Exceeded\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/OmniOSFileserverRetrospective\" rel=\"nofollow\"\u003eA retrospective on our OmniOS ZFS-based NFS fileservers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOur OmniOS fileservers have now been out of service for about six months, which makes it somewhat past time for a retrospective on them. Our OmniOS fileservers followed on our Solaris fileservers, which I wrote a two part retrospective on (part 1, part 2), and have now been replaced by our Linux fileservers. To be honest, I have been sitting on my hands about writing this retrospective because we have mixed feelings about our OmniOS fileservers.\u003c/p\u003e\n\n\u003cp\u003eI will put the summary up front. OmniOS worked reasonably well for us over its lifespan here and looking back I think it was almost certainly the right choice for us at the time we made that choice (which was 2013 and 2014). However it was not without issues that marred our experience with it in practice, although not enough to make me regret that we ran it (and ran it for as long as we did). Part of our issues are likely due to a design mistake in making our fileservers too big, although this design mistake was probably magnified when we were unable to use Intel 10G-T networking in OmniOS.\u003c/p\u003e\n\n\u003cp\u003eOn the one hand, our OmniOS fileservers worked, almost always reliably. Like our Solaris fileservers before them, they ran quietly for years without needing much attention, delivering NFS fileservice to our Ubuntu servers; specifically, we ran them for about five years (2014 through 2019, although we started migrating away at the end of 2018). Over this time we had only minor hardware issues and not all that many disk failures, and we suffered no data loss (with ZFS checksums likely saving us several times, and certainly providing good reassurances). Our overall environment was easy to manage and was pretty much problem free in the face of things like failed disks. I\u0026#39;m pretty sure that our users saw a NFS environment that was solid, reliable, and performed well pretty much all of the time, which is the important thing. So OmniOS basically delivered the fileserver environment we wanted.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/fundraising_2020\" rel=\"nofollow\"\u003eNetBSD Fundraising 2020 goal\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIs it really more than 10 years since we last had an official fundraising drive?\u003c/p\u003e\n\n\u003cp\u003eLooking at old TNF financial reports I noticed that we have been doing quite well financially over the last years, with a steady stream of small and medium donations, and most of the time only moderate expenditures. The last fundraising drive back in 2009 was a giant success, and we have lived off it until now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openssh.com/txt/release-8.2\" rel=\"nofollow\"\u003eOpenSSH 8.2 released February 14, 2020\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at \u003ca href=\"https://www.openssh.com/\" rel=\"nofollow\"\u003ehttps://www.openssh.com/\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eOpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.\u003c/p\u003e\n\n\u003cp\u003eOnce again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.openssh.com/donations.html\" rel=\"nofollow\"\u003ehttps://www.openssh.com/donations.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=aXsRIrC5bjg\" rel=\"nofollow\"\u003eFreeNAS vs. Unraid: GRUDGE MATCH!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://cb.vu/unixtoolbox.xhtml\" rel=\"nofollow\"\u003eUnix Toolbox\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.rigsofrods.org/\" rel=\"nofollow\"\u003eRigs of Rods - OpenBSD Physics Game\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0V35MAB#wrap\" rel=\"nofollow\"\u003eNYCBug - Dr Vixie\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHamilton BSD User group will meet again on March 10th](\u003ca href=\"http://studybsd.com/\" rel=\"nofollow\"\u003ehttp://studybsd.com/\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/267873938/\" rel=\"nofollow\"\u003eBSD Stockholm - Meetup March 3rd 2020\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eShirkdog - \u003ca href=\"http://dpaste.com/36E2BZ1\" rel=\"nofollow\"\u003eQuestion\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMaster One - \u003ca href=\"http://dpaste.com/3B9M814#wrap\" rel=\"nofollow\"\u003eZFS + Suspend/resume\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicah Roth - \u003ca href=\"http://dpaste.com/0D4GDX1#wrap\" rel=\"nofollow\"\u003eZFS write caching\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0339.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.","date_published":"2020-02-27T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/581b71e1-6a98-41d7-b8d8-477eaaaba8db.mp3","mime_type":"audio/mp3","size_in_bytes":38843791,"duration_in_seconds":3236}]},{"id":"7e9e4cfc-7a05-4ebe-8d45-a7282fe7ab0f","title":"338: iocage in Jail","url":"https://www.bsdnow.tv/338","content_text":"Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.\n\nHeadlines\n\nDistrowatch Fury BSD Review\n\n\nFuryBSD is the most recent addition to the DistroWatch database and provides a live desktop operating system based on FreeBSD. FuryBSD is not entirely different in its goals from NomadBSD, which we discussed recently. I wanted to take this FreeBSD-based project for a test drive and see how it compares to NomadBSD and other desktop-oriented projects in the FreeBSD family.\n\nFuryBSD supplies hybrid ISO/USB images which can be used to run a live desktop. There are two desktop editions currently, both for 64-bit (x86_64) machines: Xfce and KDE Plasma. The Xfce edition is 1.4GB in size and is the flavour I downloaded. The KDE Plasma edition is about 3.0GB in size.\n\nMy fresh install of FuryBSD booted to a graphical login screen. From there I could sign into my account, which brings up the Xfce desktop. The installed version of Xfce is the same as the live version, with a few minor changes. Most of the desktop icons have been removed with just the file manager launchers remaining. The Getting Started and System Information icons have been removed. Otherwise the experience is virtually identical to the live media.\n\nFuryBSD uses a theme that is mostly grey and white with creamy yellow folder icons. The application menu launchers tend to have neutral icons, neither particularly bright and detailed or minimal.\n\n\n\n\nLLDB now works on i386\n\n\nUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\n\nIn February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.\n\nThe original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.\n\n\n\n\nNews Roundup\n\nwpa_supplicant is definitely a lower-class citizen, sorry\n\n\nwpa_supplicant is definitely a lower-class citizen, sorry.\n\nI increasingly wonder why this stuff matters; transit costs are so much lower than the period when eduroam was setup, and their reliance on 802.11x is super weird in a world where, for the most part\n    + entire cities have open wifi in their downtown core\n    + edu vs edu+transit split horizon problems have to be solved anyways\n    + many universities have parallel open wifi\n    + rate limiting / fare-share approaches for the open-net, on unmetered\n    + flat-rate solves the problem\n    + LTE hotspot off a phone isn't a rip off anymore\n    + other open networks exist\n\nessentially no one else feels compelled to do use 802.11x for a so called \"semi-open access network\", so I think they've lost the plot on friction vs benefit.\n\n(we've held hackathons at EDU campus that are locked down like that, and in every case we've said no way, gotten a wire with open net, and built our own wifi.  we will not subject our developers to that extra complexity).\n\n\n\n\nKDE FreeBSD Updates Feb 2020\n\n\nSome bits and bobs from the KDE FreeBSD team in february 2020. We met at the FreeBSD devsummit before FOSDEM, along with other FreeBSD people. Plans were made, schemes were forged, and Groff the Goat was introduced to some new people. \n\n\n\nThe big ticket things:\n\n\n Frameworks are at 5.66\nPlasma is at 5.17.5 (the beta 5.18 hasn’t been tried)\nKDE release service has landed 19.12.2 (same day it was released)\n\nDeveloper-centric:\n\n\nKDevelop is at 5.5.0\nKUserfeedback landed its 1.0.0 release\nCMake is 3.16.3\n\nApplications:\n\n\nMusescore is at 3.4.2\nElisa now part of the KDE release service updates\n\nFuure work:\n\n\nKIO-Fuse probably needs extra real-world testing on FreeBSD. I don’t have that kind of   mounts (just NFS in /etc/fstab) so I’m not the target audience.\nKTextEditor is missing .editorconfig support. That can come in with the next frameworks update, when consumers update anyway. Chasing it in an intermediate release is a bit problematic because it does require some rebuilds of consumers.\n\n\n\n\n\nTravel Grant Application for BSDCan is now open\n\n\nHi everyone,\n\nThe Travel Grant Application for BSDCan 2020 is now open. The Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development. BSDCan 2020 applications are due April 9, 2020. Find out more and apply at: https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/\n\nDid you know the Foundation also provides grants for technical events not specifically focused on BSD? If you feel that your attendance at one of these events will benefit the FreeBSD Project and Community and you need assistance getting there,  please fill out the general travel grant application.  Your application must be received 7 weeks prior to the event. The general application can be found here: https://goo.gl/forms/QzsOMR8Jra0vqFYH2\n\n\n\n\nCreating a ZFS dataset for testing iocage within a jail\n\n\nBe warned, this failed. I’m stalled and I have not completed this.\n\n\n\nI’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version.\n\n\n\nIn this post:\n\n\nFreeBSD 12.1\npy36-iocage-1.2_3\npy36-iocage-1.2_4\n\n\n\n\nThis post includes my errors and mistakes. Perhaps you should proceed carefully and read it all first.\n\n\n\n\nBeastie Bits\n\n\nReminder: the FreeBSD Journal is free! Check out these great articles\nSerenity GUI desktop running on an OpenBSD kernel\nThe Open Source Parts of MacOS\nFOSDEM videos available\n\n\n\n\nFeedback/Questions\n\n\nMichael - Install with ZFS\nMohammad - Server Freeze\nTodd - ZFS Questions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eDistrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20200127#furybsd\" rel=\"nofollow\"\u003eDistrowatch Fury BSD Review\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFuryBSD is the most recent addition to the DistroWatch database and provides a live desktop operating system based on FreeBSD. FuryBSD is not entirely different in its goals from NomadBSD, which we discussed recently. I wanted to take this FreeBSD-based project for a test drive and see how it compares to NomadBSD and other desktop-oriented projects in the FreeBSD family.\u003c/p\u003e\n\n\u003cp\u003eFuryBSD supplies hybrid ISO/USB images which can be used to run a live desktop. There are two desktop editions currently, both for 64-bit (x86_64) machines: Xfce and KDE Plasma. The Xfce edition is 1.4GB in size and is the flavour I downloaded. The KDE Plasma edition is about 3.0GB in size.\u003c/p\u003e\n\n\u003cp\u003eMy fresh install of FuryBSD booted to a graphical login screen. From there I could sign into my account, which brings up the Xfce desktop. The installed version of Xfce is the same as the live version, with a few minor changes. Most of the desktop icons have been removed with just the file manager launchers remaining. The Getting Started and System Information icons have been removed. Otherwise the experience is virtually identical to the live media.\u003c/p\u003e\n\n\u003cp\u003eFuryBSD uses a theme that is mostly grey and white with creamy yellow folder icons. The application menu launchers tend to have neutral icons, neither particularly bright and detailed or minimal.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/lldb_now_works_on_i386\" rel=\"nofollow\"\u003eLLDB now works on i386\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\u003c/p\u003e\n\n\u003cp\u003eIn February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I\u0026#39;ve been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD\u0026#39;s ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.\u003c/p\u003e\n\n\u003cp\u003eThe original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=158068418807352\u0026w=2\" rel=\"nofollow\"\u003ewpa_supplicant is definitely a lower-class citizen, sorry\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ewpa_supplicant is definitely a lower-class citizen, sorry.\u003c/p\u003e\n\n\u003cp\u003eI increasingly wonder why this stuff matters; transit costs are so much lower than the period when eduroam was setup, and their reliance on 802.11x is super weird in a world where, for the most part\u003cbr\u003e\n    + entire cities have open wifi in their downtown core\u003cbr\u003e\n    + edu vs edu+transit split horizon problems have to be solved anyways\u003cbr\u003e\n    + many universities have parallel open wifi\u003cbr\u003e\n    + rate limiting / fare-share approaches for the open-net, on unmetered\u003cbr\u003e\n    + flat-rate solves the problem\u003cbr\u003e\n    + LTE hotspot off a phone isn\u0026#39;t a rip off anymore\u003cbr\u003e\n    + other open networks exist\u003c/p\u003e\n\n\u003cp\u003eessentially no one else feels compelled to do use 802.11x for a so called \u0026quot;semi-open access network\u0026quot;, so I think they\u0026#39;ve lost the plot on friction vs benefit.\u003c/p\u003e\n\n\u003cp\u003e(we\u0026#39;ve held hackathons at EDU campus that are locked down like that, and in every case we\u0026#39;ve said no way, gotten a wire with open net, and built our own wifi.  we will not subject our developers to that extra complexity).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/freebsd/2020/02/08/freebsd.html\" rel=\"nofollow\"\u003eKDE FreeBSD Updates Feb 2020\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome bits and bobs from the KDE FreeBSD team in february 2020. We met at the FreeBSD devsummit before FOSDEM, along with other FreeBSD people. Plans were made, schemes were forged, and Groff the Goat was introduced to some new people. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe big ticket things:\n\n\u003cul\u003e\n\u003cli\u003e Frameworks are at 5.66\u003c/li\u003e\n\u003cli\u003ePlasma is at 5.17.5 (the beta 5.18 hasn’t been tried)\u003c/li\u003e\n\u003cli\u003eKDE release service has landed 19.12.2 (same day it was released)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDeveloper-centric:\n\n\u003cul\u003e\n\u003cli\u003eKDevelop is at 5.5.0\u003c/li\u003e\n\u003cli\u003eKUserfeedback landed its 1.0.0 release\u003c/li\u003e\n\u003cli\u003eCMake is 3.16.3\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eApplications:\n\n\u003cul\u003e\n\u003cli\u003eMusescore is at 3.4.2\u003c/li\u003e\n\u003cli\u003eElisa now part of the KDE release service updates\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eFuure work:\n\n\u003cul\u003e\n\u003cli\u003eKIO-Fuse probably needs extra real-world testing on FreeBSD. I don’t have that kind of   mounts (just NFS in /etc/fstab) so I’m not the target audience.\u003c/li\u003e\n\u003cli\u003eKTextEditor is missing .editorconfig support. That can come in with the next frameworks update, when consumers update anyway. Chasing it in an intermediate release is a bit problematic because it does require some rebuilds of consumers.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2020-February/001929.html\" rel=\"nofollow\"\u003eTravel Grant Application for BSDCan is now open\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHi everyone,\u003c/p\u003e\n\n\u003cp\u003eThe Travel Grant Application for BSDCan 2020 is now open. The Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development. BSDCan 2020 applications are due April 9, 2020. Find out more and apply at: \u003ca href=\"https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/\" rel=\"nofollow\"\u003ehttps://www.freebsdfoundation.org/what-we-do/grants/travel-grants/\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eDid you know the Foundation also provides grants for technical events not specifically focused on BSD? If you feel that your attendance at one of these events will benefit the FreeBSD Project and Community and you need assistance getting there,  please fill out the general travel grant application.  Your application must be received 7 weeks prior to the event. The general application can be found here: \u003ca href=\"https://goo.gl/forms/QzsOMR8Jra0vqFYH2\" rel=\"nofollow\"\u003ehttps://goo.gl/forms/QzsOMR8Jra0vqFYH2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2020/02/01/creating-a-zfs-dataset-for-testing-iocage-within-a-jail/\" rel=\"nofollow\"\u003eCreating a ZFS dataset for testing iocage within a jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBe warned, this failed. I’m stalled and I have not completed this.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this post:\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 12.1\u003c/li\u003e\n\u003cli\u003epy36-iocage-1.2_3\u003c/li\u003e\n\u003cli\u003epy36-iocage-1.2_4\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis post includes my errors and mistakes. Perhaps you should proceed carefully and read it all first.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/journal/browser-based-edition/\" rel=\"nofollow\"\u003eReminder: the FreeBSD Journal is free! Check out these great articles\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/jcs/status/1224205573656322048\" rel=\"nofollow\"\u003eSerenity GUI desktop running on an OpenBSD kernel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apple-open-source/macos\" rel=\"nofollow\"\u003eThe Open Source Parts of MacOS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.fosdem.org/2020/schedule/track/bsd/\" rel=\"nofollow\"\u003eFOSDEM videos available\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/3WRC9CQ#wrap\" rel=\"nofollow\"\u003eInstall with ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMohammad - \u003ca href=\"http://dpaste.com/3BYZKMS#wrap\" rel=\"nofollow\"\u003eServer Freeze\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTodd - \u003ca href=\"http://dpaste.com/2J50HSJ#wrap\" rel=\"nofollow\"\u003eZFS Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0338.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.","date_published":"2020-02-20T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7e9e4cfc-7a05-4ebe-8d45-a7282fe7ab0f.mp3","mime_type":"audio/mp3","size_in_bytes":45174932,"duration_in_seconds":3764}]},{"id":"4a814adb-1ea5-41e3-baee-5645c60315d2","title":"337: Kubernetes on bhyve","url":"https://www.bsdnow.tv/337","content_text":"Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.\n\nHeadlines\n\nThe happinesses and stresses of full-time FOSS work\n\n\nIn the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.\n\nFebruary will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.\n\nThe good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.\n\nThe frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.\n\n\n\n\nBuilding a FreeBSD File Server\n\n\nRecently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.\n\nNow, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!\n\n\n\n\nReport from the first Hamilton BSD Users Group Meeting\n\n\nFebruary 11th was the first meeting of this new user group, founded by John Young and myself\n\n11 people attended, and a lot of good discussions were had\n\nOne of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.\n\nSpecial thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.\n\nThe next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.\n\nWe are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.\n\n\n\n\nNews Roundup\n\nKubernetes on FreeBSD Bhyve\n\n\nThere are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!\n\n\n\n\nNetBSD 9 RC1 Available\n\n\nWe hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).\n\n\n\nHere are a few highlights of the new release:\n\n\nSupport for Arm AArch64 (64-bit Armv8-A) machines, including \"Arm ServerReady\" compliant machines (SBBR+SBSA)\nEnhanced hardware support for Armv7-A\nUpdated GPU drivers (e.g. support for Intel Kabylake)\nEnhanced virtualization support\nSupport for hardware-accelerated virtualization (NVMM)\nSupport for Performance Monitoring Counters\nSupport for Kernel ASLR\nSupport several kernel sanitizers (KLEAK, KASAN, KUBSAN)\nSupport for userland sanitizers\nAudit of the network stack\nMany improvements in NPF\nUpdated ZFS\nReworked error handling and NCQ support in the SATA subsystem\nSupport a common framework for USB Ethernet drivers (usbnet)\n\nYou can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/\n\n\n\n\nOPNsense 20.1 Keen Kingfisher released\n\n\nFor over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\n\n20.1, nicknamed \"Keen Kingfisher\", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.\n\n\n\n\nIdealistic Future for HardenedBSD\n\n\nOver the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!\n\nHardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.\n\nNavigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.\n\n\n\n\nBeastie Bits\n\n\nWarner Losh's FOSDEM talk\nRelational Pipes v0.15\nA reminder for where to find NetBSD ARM images\nNew Safe Memory Reclamation feature in UMA\nBSD Users Stockholm Meetup\n\n\n\n\nFeedback/Questions\n\n\nZFS - Rosetta Stone Document?\nPat - Question\nSigflup - Wayland on the BSDs\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eHappinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://drewdevault.com//2020/01/21/Stress-and-happiness.html\" rel=\"nofollow\"\u003eThe happinesses and stresses of full-time FOSS work\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.\u003c/p\u003e\n\n\u003cp\u003eFebruary will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.\u003c/p\u003e\n\n\u003cp\u003eThe good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.\u003c/p\u003e\n\n\u003cp\u003eThe frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.vmwareblog.org/building-freebsd-file-server/\" rel=\"nofollow\"\u003eBuilding a FreeBSD File Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.\u003c/p\u003e\n\n\u003cp\u003eNow, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/hambug_ca/status/1227664949914349569\" rel=\"nofollow\"\u003eReport from the first Hamilton BSD Users Group Meeting\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFebruary 11th was the first meeting of this new user group, founded by John Young and myself\u003c/p\u003e\n\n\u003cp\u003e11 people attended, and a lot of good discussions were had\u003c/p\u003e\n\n\u003cp\u003eOne of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.\u003c/p\u003e\n\n\u003cp\u003eSpecial thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.\u003c/p\u003e\n\n\u003cp\u003eThe next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.\u003c/p\u003e\n\n\u003cp\u003eWe are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdstore.ru/en/articles/cbsd_k8s_part1.html\" rel=\"nofollow\"\u003eKubernetes on FreeBSD Bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let\u0026#39;s take a FreeBSD here!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd\" rel=\"nofollow\"\u003eNetBSD 9 RC1 Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eHere are a few highlights of the new release:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSupport for Arm AArch64 (64-bit Armv8-A) machines, including \u0026quot;Arm ServerReady\u0026quot; compliant machines (SBBR+SBSA)\u003c/li\u003e\n\u003cli\u003eEnhanced hardware support for Armv7-A\u003c/li\u003e\n\u003cli\u003eUpdated GPU drivers (e.g. support for Intel Kabylake)\u003c/li\u003e\n\u003cli\u003eEnhanced virtualization support\u003c/li\u003e\n\u003cli\u003eSupport for hardware-accelerated virtualization (NVMM)\u003c/li\u003e\n\u003cli\u003eSupport for Performance Monitoring Counters\u003c/li\u003e\n\u003cli\u003eSupport for Kernel ASLR\u003c/li\u003e\n\u003cli\u003eSupport several kernel sanitizers (KLEAK, KASAN, KUBSAN)\u003c/li\u003e\n\u003cli\u003eSupport for userland sanitizers\u003c/li\u003e\n\u003cli\u003eAudit of the network stack\u003c/li\u003e\n\u003cli\u003eMany improvements in NPF\u003c/li\u003e\n\u003cli\u003eUpdated ZFS\u003c/li\u003e\n\u003cli\u003eReworked error handling and NCQ support in the SATA subsystem\u003c/li\u003e\n\u003cli\u003eSupport a common framework for USB Ethernet drivers (usbnet)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eYou can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: \u003ca href=\"https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/\" rel=\"nofollow\"\u003ehttps://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-20-1-keen-kingfisher-released/\" rel=\"nofollow\"\u003eOPNsense 20.1 Keen Kingfisher released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\u003c/p\u003e\n\n\u003cp\u003e20.1, nicknamed \u0026quot;Keen Kingfisher\u0026quot;, is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2020-01-26/idealistic-future-hardenedbsd\" rel=\"nofollow\"\u003eIdealistic Future for HardenedBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year\u0026#39;s death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!\u003c/p\u003e\n\n\u003cp\u003eHardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system\u0026#39;s security posture will increase, especially with our focus on exploit mitigations.\u003c/p\u003e\n\n\u003cp\u003eNavigating the intersection between human rights and information security directly impacts lives. HardenedBSD\u0026#39;s 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://fosdem.org/2020/interviews/warner-losh/\" rel=\"nofollow\"\u003eWarner Losh\u0026#39;s FOSDEM talk\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://relational-pipes.globalcode.info/v_0/release-v0.15.xhtml\" rel=\"nofollow\"\u003eRelational Pipes v0.15\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.armbsd.org/arm/\" rel=\"nofollow\"\u003eA reminder for where to find NetBSD ARM images\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019866.html\" rel=\"nofollow\"\u003eNew Safe Memory Reclamation feature in UMA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/niclaszeising/status/1216667359831842817\" rel=\"nofollow\"\u003eBSD Users Stockholm Meetup\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS - \u003ca href=\"http://dpaste.com/13EK8YH#wrap\" rel=\"nofollow\"\u003eRosetta Stone Document?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePat - \u003ca href=\"http://dpaste.com/2DN5RA4#wrap\" rel=\"nofollow\"\u003eQuestion\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSigflup - \u003ca href=\"http://dpaste.com/03Y4FQ7#wrap\" rel=\"nofollow\"\u003eWayland on the BSDs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0337.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.","date_published":"2020-02-13T11:30:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4a814adb-1ea5-41e3-baee-5645c60315d2.mp3","mime_type":"audio/mp3","size_in_bytes":57168584,"duration_in_seconds":4764}]},{"id":"3f404c97-d972-4734-9152-420ea4263317","title":"336: Archived Knowledge","url":"https://www.bsdnow.tv/336","content_text":"Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.\n\nHeadlines\n\nOpenBSD has to be a BSD Unix and you couldn't duplicate it with Linux\n\n\nOpenBSD has a well deserved reputation for putting security and a clean system (for code, documentation, and so on) first, and everything else second. OpenBSD is of course based on BSD (it's right there in the name) and descends from FreeBSD NetBSD (you can read the history here). But one of the questions you could ask about it is whether it had to be that way, and in particular if you could build something like OpenBSD on top of Linux. I believe that the answer is no.\n\nLinux and the *BSDs have a significantly different model of what they are. BSDs have a 'base system' that provides an integrated and fully operational core Unix, covering the kernel, C library and compiler, and the normal Unix user level programs, all maintained and distributed by the particular BSD. Linux is not a single unit this way, and instead all of the component parts are maintained separately and assembled in various ways by various Linux distributions. Both approaches have their advantages, but one big one for the BSD approach is that it enables global changes.\n\nMaking global changes is an important part of what makes OpenBSD's approach to improving security, code maintenance, and so on work. Because it directly maintains everything as a unit, OpenBSD is in a position to introduce new C library or kernel APIs (or change them) and then immediately update all sorts of things in user level programs to use the new API. This takes a certain amount of work, of course, but it's possible to do it at all. And because OpenBSD can do this sort of ambitious global change, it does.\n\nThis goes further than just the ability to make global changes, because in theory you can patch in global changes on top of a bunch of separate upstream projects. Because OpenBSD is in control of its entire base system, it's not forced to try to reconcile different development priorities or integrate clashing changes. OpenBSD can decide (and has) that only certain sorts of changes will be accepted into its system at all, no matter what people want. If there are features or entire programs that don't fit into what OpenBSD will accept, they just lose out.\n\n\n\n\nFreeBSD Quarterly Status Report 2019Q4\n\n\nHere is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.\n\nIf you thought that the FreeBSD community was less active in the Christmas' quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.\n\nHave a nice read!\n\n\n\n\nNews Roundup\n\nOPNsense 19.7.9 released\n\n\nAs 20.1 nears we will be making adjustments to the scope of the release with an announcement following shortly.\n\nFor now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and a number of prominent third-party software updates we are happy to see included.\n\n\n\n\nArchives are important to retain and pass on knowledge\n\n\nArchives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time.\n\n\n\n\nHardenedBSD Tor Onion Service v3 Nodes\n\n\nI've been working today on deploying Tor Onion Service v3 nodes across our build infrastructure. I'm happy to announce that the public portion of this is now completed. Below you will find various onion service hostnames and their match to our infrastructure.\n\n\n\nhardenedbsd.org: lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion\nci-01.nyi.hardenedbsd.org: qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion\nci-03.md.hardenedbsd.org: eqvnohly4tjrkpwatdhgptftabpesofirnhz5kq7jzn4zd6ernpvnpqd.onion\nci-04.md.hardenedbsd.org: rfqabq2w65nhdkukeqwf27r7h5xfh53h3uns6n74feeyl7s5fbjxczqd.onion\ngit-01.md.hardenedbsd.org: dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion\n\n\n\n\nBeastie Bits\n\n\nThe Missing Semester of Your CS Education (MIT Course)\nAn old Unix Ad\nOpenBSD syscall call-from verification\nOpenBSD/arm64 on Pinebook\nReminder: First Southern Ontario BSD user group meeting, February 11th (this coming Tuesday!) 18:30 at Boston Pizza on Upper James st, Hamilton.\nNYCBUG: March meeting will feature Dr. Paul Vixie and his new talk “Operating Systems as Dumb Pipes”\n8th Meetup of the Stockholm BUG: March 3 at 18:00\nPolish BSD User Group meets on Feb 11, 2020 at 18:15\n\n\n\n\nFeedback/Questions\n\n\nSean - ZFS and Creation Dates\nChristopher - Help on ZFS Disaster Recovery\nMike - Encrypted ZFS Send\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eLinux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/OpenBSDMustBeABSD?showcomments\" rel=\"nofollow\"\u003eOpenBSD has to be a BSD Unix and you couldn\u0026#39;t duplicate it with Linux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD has a well deserved reputation for putting security and a clean system (for code, documentation, and so on) first, and everything else second. OpenBSD is of course based on BSD (it\u0026#39;s right there in the name) and descends from FreeBSD NetBSD (you can read the history here). But one of the questions you could ask about it is whether it had to be that way, and in particular if you could build something like OpenBSD on top of Linux. I believe that the answer is no.\u003c/p\u003e\n\n\u003cp\u003eLinux and the *BSDs have a significantly different model of what they are. BSDs have a \u0026#39;base system\u0026#39; that provides an integrated and fully operational core Unix, covering the kernel, C library and compiler, and the normal Unix user level programs, all maintained and distributed by the particular BSD. Linux is not a single unit this way, and instead all of the component parts are maintained separately and assembled in various ways by various Linux distributions. Both approaches have their advantages, but one big one for the BSD approach is that it enables global changes.\u003c/p\u003e\n\n\u003cp\u003eMaking global changes is an important part of what makes OpenBSD\u0026#39;s approach to improving security, code maintenance, and so on work. Because it directly maintains everything as a unit, OpenBSD is in a position to introduce new C library or kernel APIs (or change them) and then immediately update all sorts of things in user level programs to use the new API. This takes a certain amount of work, of course, but it\u0026#39;s possible to do it at all. And because OpenBSD can do this sort of ambitious global change, it does.\u003c/p\u003e\n\n\u003cp\u003eThis goes further than just the ability to make global changes, because in theory you can patch in global changes on top of a bunch of separate upstream projects. Because OpenBSD is in control of its entire base system, it\u0026#39;s not forced to try to reconcile different development priorities or integrate clashing changes. OpenBSD can decide (and has) that only certain sorts of changes will be accepted into its system at all, no matter what people want. If there are features or entire programs that don\u0026#39;t fit into what OpenBSD will accept, they just lose out.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2020-January/001923.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report 2019Q4\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.\u003c/p\u003e\n\n\u003cp\u003eIf you thought that the FreeBSD community was less active in the Christmas\u0026#39; quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.\u003c/p\u003e\n\n\u003cp\u003eHave a nice read!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-19-7-9-released/\" rel=\"nofollow\"\u003eOPNsense 19.7.9 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs 20.1 nears we will be making adjustments to the scope of the release with an announcement following shortly.\u003c/p\u003e\n\n\u003cp\u003eFor now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and a number of prominent third-party software updates we are happy to see included.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2020/01/07/archives-are-important-to-retain-and-pass-on-knowledge/\" rel=\"nofollow\"\u003eArchives are important to retain and pass on knowledge\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eArchives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2020-01-30/hardenedbsd-tor-onion-service-v3-nodes\" rel=\"nofollow\"\u003eHardenedBSD Tor Onion Service v3 Nodes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve been working today on deploying Tor Onion Service v3 nodes across our build infrastructure. I\u0026#39;m happy to announce that the public portion of this is now completed. Below you will find various onion service hostnames and their match to our infrastructure.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ehardenedbsd.org: lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion\u003c/li\u003e\n\u003cli\u003eci-01.nyi.hardenedbsd.org: qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion\u003c/li\u003e\n\u003cli\u003eci-03.md.hardenedbsd.org: eqvnohly4tjrkpwatdhgptftabpesofirnhz5kq7jzn4zd6ernpvnpqd.onion\u003c/li\u003e\n\u003cli\u003eci-04.md.hardenedbsd.org: rfqabq2w65nhdkukeqwf27r7h5xfh53h3uns6n74feeyl7s5fbjxczqd.onion\u003c/li\u003e\n\u003cli\u003egit-01.md.hardenedbsd.org: dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://missing.csail.mit.edu/\" rel=\"nofollow\"\u003eThe Missing Semester of Your CS Education (MIT Course)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://i.redd.it/503390rf7md41.png\" rel=\"nofollow\"\u003eAn old Unix Ad\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=157488907117170\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD syscall call-from verification\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/bluerise/status/1220963106563579909\" rel=\"nofollow\"\u003eOpenBSD/arm64 on Pinebook\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://studybsd.com/\" rel=\"nofollow\"\u003eReminder: First Southern Ontario BSD user group meeting, February 11th (this coming Tuesday!) 18:30 at Boston Pizza on Upper James st, Hamilton.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.nycbug.org/\" rel=\"nofollow\"\u003eNYCBUG: March meeting will feature Dr. Paul Vixie and his new talk “Operating Systems as Dumb Pipes”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/de-DE/BSD-Users-Stockholm/events/267873938/\" rel=\"nofollow\"\u003e8th Meetup of the Stockholm BUG: March 3 at 18:00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-pl.org/en\" rel=\"nofollow\"\u003ePolish BSD User Group meets on Feb 11, 2020 at 18:15\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSean - \u003ca href=\"http://dpaste.com/3W5WBV0#wrap\" rel=\"nofollow\"\u003eZFS and Creation Dates\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChristopher - \u003ca href=\"http://dpaste.com/3SE43PW\" rel=\"nofollow\"\u003eHelp on ZFS Disaster Recovery\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMike - \u003ca href=\"http://dpaste.com/00J5JZG#wrap\" rel=\"nofollow\"\u003eEncrypted ZFS Send\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0336.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.","date_published":"2020-02-06T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3f404c97-d972-4734-9152-420ea4263317.mp3","mime_type":"audio/mp3","size_in_bytes":41728650,"duration_in_seconds":3477}]},{"id":"12678787-276e-4471-a8a3-115404afed57","title":"335: FreeBSD Down Under","url":"https://www.bsdnow.tv/335","content_text":"Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.\n\nHeadlines\n\nFreeBSD is an amazing operating System\n\n\nUpdate 2020-01-21: Since I wrote this article it got posted on Hacker News, Reddit and Lobster, and a few people have emailed me with comments. I have updated the article with comments where I have found it needed. As an important side note I would like to point out that I am not a FreeBSD developer, there may be things going on in the FreeBSD world that I know absolutely nothing about. I am also not glued to the FreeBSD developer mailing lists. I am not a FreeBSD \"fanboy\". I have been using GNU/Linux a ton more for the past two decades than FreeBSD, mainly due to hardware incompatibility (lacking or buggy drivers), and I love both Debian GNU/Linux and Arch Linux just as much as FreeBSD. However, I am concerned about the development of GNU/Linux as of late. Also this article is not about me trying to make anyone switch from something else to FreeBSD. It's about why I like FreeBSD and that I recommend you try it out if you're into messing with operating systems.\n\nI think the year was late 1999 or mid 2000 when I one day was browsing computer books at my favorite bookshop and I discovered the book The Complete FreeBSD third edition from 1999 by Greg Lehey. With the book came 4 CD Roms with FreeBSD 3.3.\n\nI had already familiarized myself with GNU/Linux in 1998, and I was in the process of migrating every server and desktop operating system away from Microsoft Windows, both at home and at my company, to GNU/Linux, initially Red Hat Linux and then later Debian GNU/Linux, which eventually became my favorite GNU/Linux distribution for many years.\n\nWhen I first saw The Complete FreeBSD book by Greg Lehey I remember noticing the text on the front page that said, \"The Free Version of Berkeley UNIX\" and \"Rock Solid Stability\", and I was immediately intrigued! What was that all about? A free UNIX operating system! And rock solid stability? That sounded amazing.\n\n\n\n\nHyperbola Dev Interview\n\n\nIn late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).\n\nHyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.\n\nTo get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.\n\n\n\n\nNews Roundup\n\nImproving the ptrace(2) API and preparing for LLVM-10.0\n\n\nThis month I have improved the NetBSD ptrace(2) API, removing one legacy interface with a few flaws and replacing it with two new calls with new features, and removing technical debt.\n\nAs LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).\n\n\n\n\nThe first FreeBSD conference in Australia\n\n\nFreeBSD has existed as an operating system, project, and foundation for more than twenty years, and its earlier incantations have exited for far longer. The old guard have been developing code, porting software, and writing documentation for longer than I’ve existed. I’ve been using it for more than a decade for personal projects, and professionally for half that time.\n\nWhile there are many prominent Australian FreeBSD contributors, sysadmins, and users, we’ve always had to venture overseas for conferences. We’re always told Australians are among the most ardent travellers, but I always wondered if we could do a domestic event as well.\n\nAnd on Tuesday, we did! Deb Goodkin and the FreeBSD Foundation graciously organised and chaired a dedicated FreeBSD miniconf at the long-running linux.conf.au event held each year in a different city in Australia and New Zealand.\n\n\n\n\nA practical guide to containers on FreeNAS for a depraved psychopath\n\n\nThis is a simple write-up to setup Docker on FreeNAS 11 or FreeBSD 11.\n\n\nBut muh jails?\n\n\nYou know that jails are dope and you know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years… \n\n\nSo jails are dead then?\n\n\nNo, jails are still dope, but jails lack tools to manage them. Yes, there are a few tools, but they meant for hard-core FreeBSD users who used to suffering. Docker allows you to run applications without deep knowledge of application you’re running. It will also allow you to run applications that are not ported to FreeBSD.\n\n\n\n\nWhy you should migrate everything from Linux to BSD\n\n\nAs an operating system GNU/Linux has become a real mess because of the fragmented nature of the project, the bloatware in the kernel, and because of the jerking around by commercial interests.\n\n\n\nResponse Should you migrate from Linux to BSD? It depends.\n\n\nBeastie Bits\n\n\nUsing the OpenBSD ports tree with dedicated users\nbroot on FreeBSD\nA Trip down Memory Lane\nRunning syslog-ng in BastilleBSD\nNASA : Using Software Packages in pkgsrc\n\n\n\n\nFeedback/Questions\n\n\nAll of our questions this week were pretty technical in nature so I'm going to save those for the next episode so Allan can weigh in on them, since if we cover them now we're basically going to be deferring to Allan anyway.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eHyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unixsheikh.com/articles/freebsd-is-an-amazing-operating-system.html\" rel=\"nofollow\"\u003eFreeBSD is an amazing operating System\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpdate 2020-01-21: Since I wrote this article it got posted on Hacker News, Reddit and Lobster, and a few people have emailed me with comments. I have updated the article with comments where I have found it needed. As an important side note I would like to point out that I am not a FreeBSD developer, there may be things going on in the FreeBSD world that I know absolutely nothing about. I am also not glued to the FreeBSD developer mailing lists. I am not a FreeBSD \u0026quot;fanboy\u0026quot;. I have been using GNU/Linux a ton more for the past two decades than FreeBSD, mainly due to hardware incompatibility (lacking or buggy drivers), and I love both Debian GNU/Linux and Arch Linux just as much as FreeBSD. However, I am concerned about the development of GNU/Linux as of late. Also this article is not about me trying to make anyone switch from something else to FreeBSD. It\u0026#39;s about why I like FreeBSD and that I recommend you try it out if you\u0026#39;re into messing with operating systems.\u003c/p\u003e\n\n\u003cp\u003eI think the year was late 1999 or mid 2000 when I one day was browsing computer books at my favorite bookshop and I discovered the book The Complete FreeBSD third edition from 1999 by Greg Lehey. With the book came 4 CD Roms with FreeBSD 3.3.\u003c/p\u003e\n\n\u003cp\u003eI had already familiarized myself with GNU/Linux in 1998, and I was in the process of migrating every server and desktop operating system away from Microsoft Windows, both at home and at my company, to GNU/Linux, initially Red Hat Linux and then later Debian GNU/Linux, which eventually became my favorite GNU/Linux distribution for many years.\u003c/p\u003e\n\n\u003cp\u003eWhen I first saw The Complete FreeBSD book by Greg Lehey I remember noticing the text on the front page that said, \u0026quot;The Free Version of Berkeley UNIX\u0026quot; and \u0026quot;Rock Solid Stability\u0026quot;, and I was immediately intrigued! What was that all about? A free UNIX operating system! And rock solid stability? That sounded amazing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://itsfoss.com/hyperbola-linux-bsd/\" rel=\"nofollow\"\u003eHyperbola Dev Interview\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).\u003c/p\u003e\n\n\u003cp\u003eHyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.\u003c/p\u003e\n\n\u003cp\u003eTo get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/improving_the_ptrace_2_api\" rel=\"nofollow\"\u003eImproving the ptrace(2) API and preparing for LLVM-10.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis month I have improved the NetBSD ptrace(2) API, removing one legacy interface with a few flaws and replacing it with two new calls with new features, and removing technical debt.\u003c/p\u003e\n\n\u003cp\u003eAs LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://rubenerd.com/the-first-freebsd-conference-in-australia/\" rel=\"nofollow\"\u003eThe first FreeBSD conference in Australia\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD has existed as an operating system, project, and foundation for more than twenty years, and its earlier incantations have exited for far longer. The old guard have been developing code, porting software, and writing documentation for longer than I’ve existed. I’ve been using it for more than a decade for personal projects, and professionally for half that time.\u003c/p\u003e\n\n\u003cp\u003eWhile there are many prominent Australian FreeBSD contributors, sysadmins, and users, we’ve always had to venture overseas for conferences. We’re always told Australians are among the most ardent travellers, but I always wondered if we could do a domestic event as well.\u003c/p\u003e\n\n\u003cp\u003eAnd on Tuesday, we did! Deb Goodkin and the FreeBSD Foundation graciously organised and chaired a dedicated FreeBSD miniconf at the long-running linux.conf.au event held each year in a different city in Australia and New Zealand.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@andoriyu/a-practical-guide-to-containers-on-freenas-for-a-depraved-psychopath-c212203c0394\" rel=\"nofollow\"\u003eA practical guide to containers on FreeNAS for a depraved psychopath\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a simple write-up to setup Docker on FreeNAS 11 or FreeBSD 11.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eBut muh jails?\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou know that jails are dope and you know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years… \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eSo jails are dead then?\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNo, jails are still dope, but jails lack tools to manage them. Yes, there are a few tools, but they meant for hard-core FreeBSD users who used to suffering. Docker allows you to run applications without deep knowledge of application you’re running. It will also allow you to run applications that are not ported to FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd.html\" rel=\"nofollow\"\u003eWhy you should migrate everything from Linux to BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs an operating system GNU/Linux has become a real mess because of the fragmented nature of the project, the bloatware in the kernel, and because of the jerking around by commercial interests.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eResponse \u003ca href=\"https://fediverse.blog/%7E/AllGoodThings/should-you-migrate-from-linux-to-bsd-it-depends\" rel=\"nofollow\"\u003eShould you migrate from Linux to BSD? It depends.\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2020-01-11-privsep.html\" rel=\"nofollow\"\u003eUsing the OpenBSD ports tree with dedicated users\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2020/01/10/run-broot-on-freebsd/\" rel=\"nofollow\"\u003ebroot on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base/head/share/misc/bsd-family-tree?view=co\" rel=\"nofollow\"\u003eA Trip down Memory Lane\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.syslog-ng.com/community/b/blog/posts/running-syslog-ng-in-bastillebsd\" rel=\"nofollow\"\u003eRunning syslog-ng in BastilleBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.nas.nasa.gov/hecc/support/kb/using-software-packages-in-pkgsrc_493.html\" rel=\"nofollow\"\u003eNASA : Using Software Packages in pkgsrc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAll of our questions this week were pretty technical in nature so I\u0026#39;m going to save those for the next episode so Allan can weigh in on them, since if we cover them now we\u0026#39;re basically going to be deferring to Allan anyway.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0335.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.","date_published":"2020-01-30T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/12678787-276e-4471-a8a3-115404afed57.mp3","mime_type":"audio/mp3","size_in_bytes":38818086,"duration_in_seconds":3234}]},{"id":"695d1b03-3bc3-485f-90ba-c6d905189b36","title":"334: Distrowatch Running FreeBSD","url":"https://www.bsdnow.tv/334","content_text":"Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.\n\nHeadlines\n\nUpgrading FreeBSD from 11.3 to 12.1\n\n\nNow here’s something more like what I was originally expecting the content on this blog to look like. I’m in the process of moving all of our FreeBSD servers (about 30 in total) from 11.3 to 12.1. We have our own local build of the OS, and until “packaged base” gets to a state where it’s reliably usable, we’re stuck doing upgrades the old-fashioned way. I created a set of notes for myself while cranking through these upgrades and I wanted to share them since they are not really work-specific and this process isn’t very well documented for people who haven’t been doing this sort of upgrade process for 25 years.\n\nOur source and object trees are read-only exported from the build server over NFS, which causes things to be slow. /etc/make.conf and /etc/src.conf are symbolic links on all of our servers to the master copies in /usr/src so that make installworld can find the configuration parameters the system was built with.\n\n\n\n\nSwitching Distrowatch over to BSD\n\n\nThis may be a little off-topic for this board (forgive me if it is, please). However, I wanted to say that I'm one of the people who works on DistroWatch (distrowatch.com) and this past week we had to deal with a server facing hardware failure. We had a discussion about whether to continue running Debian or switch to something else.\n\nThe primary \"something else\" option turned out to be FreeBSD and it is what we eventually went with. It took a while to convert everything over from working with Debian GNU/Linux to FreeBSD 12 (some script incompatibilities, different paths, some changes to web server configuration, networking IPv6 troubles). But in the end we ended up with a good, FreeBSD-based experience.\n\nSince the transition was successful, though certainly not seamless, I thought people might want to do a Q\u0026amp;A on the migration process. Especially for those thinking of making the same switch.\n\n\n\n\nNews Roundup\n\niked(8) automatic IPv6 blocking removed\n\n\niked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration.\n\nIf you previously used iked(8)'s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.\n\n\n\n\nLinus says dont run ZFS\n\n\n“Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.”\n\nThis is what Linus Torvalds said in a mailing list to once again express his disliking for ZFS filesystem specially over its licensing.\n\nTo avoid unnecessary confusion, this is more intended for Linux distributions, kernel developers and maintainers rather than individual Linux users.\n\n\n\n\nGSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD\n\n\nWe successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.\n\nThe Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.\n\n\n\n\nWorking towards LLDB on i386 NetBSD\n\n\nUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\n\nIn February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.\n\nThroughout December I've continued working on our build bot maintenance, in particular enabling compiler-rt tests. I've revived and finished my old patch for extended register state (XState) in core dumps. I've started working on bringing proper i386 support to LLDB.\n\n\n\n\nBeastie Bits\n\n\nAn open source Civilization V\nBSD Groups in Italy\nWhy is Wednesday, November 17, 1858 the base time for OpenVMS?\nBenchmarking shell pipelines and the Unix “tools” philosophy\nLPI and BSD working together\n\n\n\n\nFeedback/Questions\n\n\nPat - March Meeting\nMadhukar - Overheating Laptop\nWarren - R vs S\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eUpgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.bimajority.org/2020/01/13/upgrading-freebsd-from-11-3-to-12-1/\" rel=\"nofollow\"\u003eUpgrading FreeBSD from 11.3 to 12.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow here’s something more like what I was originally expecting the content on this blog to look like. I’m in the process of moving all of our FreeBSD servers (about 30 in total) from 11.3 to 12.1. We have our own local build of the OS, and until “packaged base” gets to a state where it’s reliably usable, we’re stuck doing upgrades the old-fashioned way. I created a set of notes for myself while cranking through these upgrades and I wanted to share them since they are not really work-specific and this process isn’t very well documented for people who haven’t been doing this sort of upgrade process for 25 years.\u003c/p\u003e\n\n\u003cp\u003eOur source and object trees are read-only exported from the build server over NFS, which causes things to be slow. /etc/make.conf and /etc/src.conf are symbolic links on all of our servers to the master copies in /usr/src so that make installworld can find the configuration parameters the system was built with.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/eodhit/switching_distrowatch_over_to_freebsd_ama/\" rel=\"nofollow\"\u003eSwitching Distrowatch over to BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis may be a little off-topic for this board (forgive me if it is, please). However, I wanted to say that I\u0026#39;m one of the people who works on DistroWatch (distrowatch.com) and this past week we had to deal with a server facing hardware failure. We had a discussion about whether to continue running Debian or switch to something else.\u003c/p\u003e\n\n\u003cp\u003eThe primary \u0026quot;something else\u0026quot; option turned out to be FreeBSD and it is what we eventually went with. It took a while to convert everything over from working with Debian GNU/Linux to FreeBSD 12 (some script incompatibilities, different paths, some changes to web server configuration, networking IPv6 troubles). But in the end we ended up with a good, FreeBSD-based experience.\u003c/p\u003e\n\n\u003cp\u003eSince the transition was successful, though certainly not seamless, I thought people might want to do a Q\u0026amp;A on the migration process. Especially for those thinking of making the same switch.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/faq/current.html#r20200114\" rel=\"nofollow\"\u003eiked(8) automatic IPv6 blocking removed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eiked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration.\u003c/p\u003e\n\n\u003cp\u003eIf you previously used iked(8)\u0026#39;s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://itsfoss.com/linus-torvalds-zfs/\" rel=\"nofollow\"\u003eLinus says dont run ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.”\u003c/p\u003e\n\n\u003cp\u003eThis is what Linus Torvalds said in a mailing list to once again express his disliking for ZFS filesystem specially over its licensing.\u003c/p\u003e\n\n\u003cp\u003eTo avoid unnecessary confusion, this is more intended for Linux distributions, kernel developers and maintainers rather than individual Linux users.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2019_final_report_incorporating\" rel=\"nofollow\"\u003eGSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.\u003c/p\u003e\n\n\u003cp\u003eThe Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/working_towards_lldb_on_i386\" rel=\"nofollow\"\u003eWorking towards LLDB on i386 NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\u003c/p\u003e\n\n\u003cp\u003eIn February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I\u0026#39;ve been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD\u0026#39;s ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.\u003c/p\u003e\n\n\u003cp\u003eThroughout December I\u0026#39;ve continued working on our build bot maintenance, in particular enabling compiler-rt tests. I\u0026#39;ve revived and finished my old patch for extended register state (XState) in core dumps. I\u0026#39;ve started working on bringing proper i386 support to LLDB.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yairm210/UnCiv\" rel=\"nofollow\"\u003eAn open source Civilization V\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdnotizie.blogspot.com/2020/01/gruppi-bsd-in-italia.html\" rel=\"nofollow\"\u003eBSD Groups in Italy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.slac.stanford.edu/%7Erkj/crazytime.txt\" rel=\"nofollow\"\u003eWhy is Wednesday, November 17, 1858 the base time for OpenVMS?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.plover.com/Unix/tools.html\" rel=\"nofollow\"\u003eBenchmarking shell pipelines and the Unix “tools” philosophy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/QItb5aoj7Oc\" rel=\"nofollow\"\u003eLPI and BSD working together\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePat - \u003ca href=\"http://dpaste.com/2BMGZVV#wrap\" rel=\"nofollow\"\u003eMarch Meeting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMadhukar - \u003ca href=\"http://dpaste.com/17WNVM8#wrap\" rel=\"nofollow\"\u003eOverheating Laptop\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarren - \u003ca href=\"http://dpaste.com/3AZYFB1#wrap\" rel=\"nofollow\"\u003eR vs S\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0334.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.","date_published":"2020-01-23T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/695d1b03-3bc3-485f-90ba-c6d905189b36.mp3","mime_type":"audio/mp3","size_in_bytes":34652078,"duration_in_seconds":2887}]},{"id":"9f3dffa3-f888-4af3-8a0a-3a236e130b4f","title":"333: Unix Keyboard Joy","url":"https://www.bsdnow.tv/333","content_text":"Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.\n\nHeadlines\n\nYour Impact on FreeBSD in 2019\n\n\nIt’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there.\n\nIn 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams.\n\nOur advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees.\n\nOur travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund.\n\n\n\n\nWireguard on OpenBSD Router\n\n\nwireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base.\n\nmodern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard.\n\nmy setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg.\n\nrunning : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat'ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules.\n\n\n\n\nNews Roundup\n\nAmazon now has FreeBSD/ARM 12\n\n\nAWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores.\n\nCompared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster.\n\nThe company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage.\n\n\nGeneral-purpose instances (M6g and M6gd)\nCompute-optimized instances (C6g and C6gd)\nMemory-optimized instances (R6g and R6gd)\n\n\nYou can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking.\n\nAnd you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances.\n\nAWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service).\n\n\n\nCoverage of AWS Announcement \n\n\n\n\nAnnouncing the pkgsrc-2019Q4 release\n\n\nThe pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system.  pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at https://www.pkgsrc.org/\n\nIn total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release.  As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110).  This continues pkgsrc's tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users.\n\n\n\n\nThe Joys of UNIX Keyboards\n\n\nI fell in love with a dead keyboard layout.\n\nA decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre.\n\nWe never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed.\n\nI never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me.\n\n\n\n\nOpenBSD on Digital Ocean\n\n\nLast night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.\n\nThey are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn't support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader.\n\nThankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet.\n\n\n\n\nBeastie Bits\n\n\nFreeBSD defaults to LLVM on PPC\nTheo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019\nBastille Poll about what people would like to see in 2020\nNotes on the classic book : The Design of the UNIX Operating System\nMultics History\nFirst meeting of the Hamilton BSD user group, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St\n\n\n\n\nFeedback/Questions\n\n\nBill - 1.1 CDROM\nGreg - More 50 Year anniversary information\nDave - Question time for Allan\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eYour Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/your-impact-on-freebsd-in-2019/\" rel=\"nofollow\"\u003eYour Impact on FreeBSD in 2019\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there.\u003c/p\u003e\n\n\u003cp\u003eIn 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams.\u003c/p\u003e\n\n\u003cp\u003eOur advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees.\u003c/p\u003e\n\n\u003cp\u003eOur travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://obscurity.xyz/bsd/open/wireguard.html\" rel=\"nofollow\"\u003eWireguard on OpenBSD Router\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ewireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base.\u003c/p\u003e\n\n\u003cp\u003emodern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard.\u003c/p\u003e\n\n\u003cp\u003emy setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg.\u003c/p\u003e\n\n\u003cp\u003erunning : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat\u0026#39;ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://aws.amazon.com/marketplace/pp/B081NF7BY7\" rel=\"nofollow\"\u003eAmazon now has FreeBSD/ARM 12\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores.\u003c/p\u003e\n\n\u003cp\u003eCompared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster.\u003c/p\u003e\n\n\u003cp\u003eThe company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eGeneral-purpose instances (M6g and M6gd)\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eCompute-optimized instances (C6g and C6gd)\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMemory-optimized instances (R6g and R6gd)\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eYou can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking.\u003c/p\u003e\n\n\u003cp\u003eAnd you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances.\u003c/p\u003e\n\n\u003cp\u003eAWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://techcrunch.com/2019/12/03/aws-announces-new-arm-based-instances-with-graviton2-processors/\" rel=\"nofollow\"\u003eCoverage of AWS Announcement \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/pkgsrc-users/2020/01/06/msg030130.html\" rel=\"nofollow\"\u003eAnnouncing the pkgsrc-2019Q4 release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system.  pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at \u003ca href=\"https://www.pkgsrc.org/\" rel=\"nofollow\"\u003ehttps://www.pkgsrc.org/\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eIn total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release.  As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110).  This continues pkgsrc\u0026#39;s tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://donatstudios.com/UNIX-Keyboards\" rel=\"nofollow\"\u003eThe Joys of UNIX Keyboards\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI fell in love with a dead keyboard layout.\u003c/p\u003e\n\n\u003cp\u003eA decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre.\u003c/p\u003e\n\n\u003cp\u003eWe never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed.\u003c/p\u003e\n\n\u003cp\u003eI never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.going-flying.com/blog/openbsd-on-digitalocean.html\" rel=\"nofollow\"\u003eOpenBSD on Digital Ocean\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don\u0026#39;t support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.\u003c/p\u003e\n\n\u003cp\u003eThey are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn\u0026#39;t support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader.\u003c/p\u003e\n\n\u003cp\u003eThankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=356111\" rel=\"nofollow\"\u003eFreeBSD defaults to LLVM on PPC\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20191231214356\" rel=\"nofollow\"\u003eTheo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/BastilleBSD/status/1211475103143251968\" rel=\"nofollow\"\u003eBastille Poll about what people would like to see in 2020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/suvratapte/Maurice-Bach-Notes\" rel=\"nofollow\"\u003eNotes on the classic book : The Design of the UNIX Operating System\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.multicians.org/\" rel=\"nofollow\"\u003eMultics History\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://studybsd.com/\" rel=\"nofollow\"\u003eFirst meeting of the Hamilton BSD user group, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBill - \u003ca href=\"http://dpaste.com/2H9CW6R\" rel=\"nofollow\"\u003e1.1 CDROM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGreg - \u003ca href=\"http://dpaste.com/2SGA3KY\" rel=\"nofollow\"\u003eMore 50 Year anniversary information\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDave - \u003ca href=\"http://dpaste.com/3ZAEKHD#wrap\" rel=\"nofollow\"\u003eQuestion time for Allan\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0333.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.","date_published":"2020-01-16T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9f3dffa3-f888-4af3-8a0a-3a236e130b4f.mp3","mime_type":"audio/mp3","size_in_bytes":29159154,"duration_in_seconds":2429}]},{"id":"34cc6ce3-e7ed-41bf-880e-e77f6a27fe3c","title":"332: The BSD Hyperbole","url":"https://www.bsdnow.tv/332","content_text":"Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.\n\nHeadlines\n\nHyperbolaBSD Announcement\n\n\nDue to the Linux kernel rapidly proceeding down an unstable path, we are planning on implementing a completely new OS derived from several BSD implementations.\n\nThis was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom.\n\nThis will not be a \"distro\", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.\n\n\n\nReasons for this include:\n\n\nLinux kernel forcing adaption of DRM, including HDCP.\nLinux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)\nLinux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)\nMany GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies)\nAs such, we will continue to support the Milky Way branch until 2022 when our legacy Linux-libre kernel reaches End of Life.\n\n\n\n\nFuture versions of Hyperbola will be using HyperbolaBSD which will have the new kernel, userspace and not be ABI compatible with previous versions.\n\nHyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.\n\n\n\nForum Post \n\n\n\n\nA simple IPFW In-Kernel NAT setup on FreeBSD\n\n\nAfter graduating college, I am moving from Brooklyn, NY to Redmond, WA (guess where I got a job). I always wanted to re-do my OPNsense firewall (currently a HP T730) with stock FreeBSD and IPFW’s in-kernel NAT.\n\nWhy IPFW? Benchmarks have shown IPFW to be faster which is especially good for my Tor relay, and because I can! However, one downside of IPFW is less documentation vs PF, even less without natd (which we’re not using), and this took me time to figure this out.\n\nBut since my T730 is already packed, I am testing this on a old PC with two NICs, and my laptop [1] as a client with an USB-to-Ethernet adapter.\n\n\n\n\nNews Roundup\n\nHEADS UP: Wayland and WebRTC enabled for NetBSD 9/Linux\n\n\nThis is just a heads up that the Wayland option is now turned on by\n\n\ndefault for NetBSD 9 and Linux in cases where it peacefully coexists\nwith X11. \n\n\nRight now, this effects the following packages: \n\n\ngraphics/MesaLib\ndevel/SDL2\nwww/webkit-gtk\nx11/gtk3\n\n\n\n\nThe WebRTC option has also been enabled by default on NetBSD 9 for two Firefox versions: www/firefox, www/firefox68\n\nPlease keep me informed of any fallout. Hopefully, there will be none.\n\nIf you want to try out Wayland-related things on NetBSD 9, wm/velox/MESSAGE may be interesting for you.\n\n\n\n\nLLDB Threading support now ready for mainline\n\n\nUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\n\nIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.\n\nSo far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.\n\n\n\n\nOpenSSH U2F/FIDO support in base\n\n\nHardware backed keys can be generated using \"ssh-keygen -t ecdsa-sk\" (or \"ed25519-sk\" if your token supports it). Many tokens require to be touched/tapped to confirm this step.\n\nYou'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a \"key handle\" that is used by the security key to derive the real private key at signing time.\n\nSo, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.\n\n\n\n\ndrm/i915: Update to Linux 4.8.17\n\n\n drm/i915: Update to Linux 4.8.17\n\n\nBroxton, Valleyview and Cherryview support improvements\nBroadwell and Gen9/Skylake support improvements\nBroadwell brightness fixes from OpenBSD\nAtomic modesetting improvements\nVarious bug fixes and performance enhancements\n\n\n\n\n\nBeastie Bits\n\n\nVisual Studio Code port for FreeBSD\nOpenBSD syscall call-from verification\nPeertube on OpenBSD\nFuzzing Filesystems on NetBSD via AFL+KCOV by Maciej Grochowski\nTwitter Bot for Prop65\nInteractive vim tutorial\nFirst BSD user group meeting in Hamilton, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St\n***\n\n\nFeedback/Questions\n\n\nSamir - cgit\nRussell - R\nWolfgang - Question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eAnnouncing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/\" rel=\"nofollow\"\u003eHyperbolaBSD Announcement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDue to the Linux kernel rapidly proceeding down an unstable path, we are planning on implementing a completely new OS derived from several BSD implementations.\u003c/p\u003e\n\n\u003cp\u003eThis was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom.\u003c/p\u003e\n\n\u003cp\u003eThis will not be a \u0026quot;distro\u0026quot;, but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eReasons for this include:\n\n\u003cul\u003e\n\u003cli\u003eLinux kernel forcing adaption of DRM, including HDCP.\u003c/li\u003e\n\u003cli\u003eLinux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)\u003c/li\u003e\n\u003cli\u003eLinux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)\u003c/li\u003e\n\u003cli\u003eMany GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies)\u003c/li\u003e\n\u003cli\u003eAs such, we will continue to support the Milky Way branch until 2022 when our legacy Linux-libre kernel reaches End of Life.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFuture versions of Hyperbola will be using HyperbolaBSD which will have the new kernel, userspace and not be ABI compatible with previous versions.\u003c/p\u003e\n\n\u003cp\u003eHyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://forums.hyperbola.info/viewtopic.php?id=315\" rel=\"nofollow\"\u003eForum Post\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.neelc.org/posts/freebsd-ipfw-nat/\" rel=\"nofollow\"\u003eA simple IPFW In-Kernel NAT setup on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter graduating college, I am moving from Brooklyn, NY to Redmond, WA (guess where I got a job). I always wanted to re-do my OPNsense firewall (currently a HP T730) with stock FreeBSD and IPFW’s in-kernel NAT.\u003c/p\u003e\n\n\u003cp\u003eWhy IPFW? Benchmarks have shown IPFW to be faster which is especially good for my Tor relay, and because I can! However, one downside of IPFW is less documentation vs PF, even less without natd (which we’re not using), and this took me time to figure this out.\u003c/p\u003e\n\n\u003cp\u003eBut since my T730 is already packed, I am testing this on a old PC with two NICs, and my laptop [1] as a client with an USB-to-Ethernet adapter.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/pkgsrc-users/2020/01/05/msg030124.html\" rel=\"nofollow\"\u003eHEADS UP: Wayland and WebRTC enabled for NetBSD 9/Linux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is just a heads up that the Wayland option is now turned on by\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003edefault for NetBSD 9 and Linux in cases where it peacefully coexists\u003cbr\u003e\nwith X11. \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRight now, this effects the following packages: \n\n\u003cul\u003e\n\u003cli\u003egraphics/MesaLib\u003c/li\u003e\n\u003cli\u003edevel/SDL2\u003c/li\u003e\n\u003cli\u003ewww/webkit-gtk\u003c/li\u003e\n\u003cli\u003ex11/gtk3\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe WebRTC option has also been enabled by default on NetBSD 9 for two Firefox versions: www/firefox, www/firefox68\u003c/p\u003e\n\n\u003cp\u003ePlease keep me informed of any fallout. Hopefully, there will be none.\u003c/p\u003e\n\n\u003cp\u003eIf you want to try out Wayland-related things on NetBSD 9, wm/velox/MESSAGE may be interesting for you.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready\" rel=\"nofollow\"\u003eLLDB Threading support now ready for mainline\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\u003c/p\u003e\n\n\u003cp\u003eIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I\u0026#39;ve been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD\u0026#39;s ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I\u0026#39;ve started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.\u003c/p\u003e\n\n\u003cp\u003eSo far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I\u0026#39;ve finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20191115064850\" rel=\"nofollow\"\u003eOpenSSH U2F/FIDO support in base\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHardware backed keys can be generated using \u0026quot;ssh-keygen -t ecdsa-sk\u0026quot; (or \u0026quot;ed25519-sk\u0026quot; if your token supports it). Many tokens require to be touched/tapped to confirm this step.\u003c/p\u003e\n\n\u003cp\u003eYou\u0026#39;ll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a \u0026quot;key handle\u0026quot; that is used by the security key to derive the real private key at signing time.\u003c/p\u003e\n\n\u003cp\u003eSo, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-December/720257.html\" rel=\"nofollow\"\u003edrm/i915: Update to Linux 4.8.17\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e drm/i915: Update to Linux 4.8.17\n\n\u003cul\u003e\n\u003cli\u003eBroxton, Valleyview and Cherryview support improvements\u003c/li\u003e\n\u003cli\u003eBroadwell and Gen9/Skylake support improvements\u003c/li\u003e\n\u003cli\u003eBroadwell brightness fixes from OpenBSD\u003c/li\u003e\n\u003cli\u003eAtomic modesetting improvements\u003c/li\u003e\n\u003cli\u003eVarious bug fixes and performance enhancements\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tagattie/FreeBSD-VSCode\" rel=\"nofollow\"\u003eVisual Studio Code port for FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=157488907117170\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD syscall call-from verification\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.22decembre.eu/en/2019/12/09/peertube-14-openbsd/\" rel=\"nofollow\"\u003ePeertube on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=bbNCqFdQEyk\u0026feature=youtu.be\" rel=\"nofollow\"\u003eFuzzing Filesystems on NetBSD via AFL+KCOV by Maciej Grochowski\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/prop65bot/status/1199003319307558912\" rel=\"nofollow\"\u003eTwitter Bot for Prop65\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openvim.com/\" rel=\"nofollow\"\u003eInteractive vim tutorial\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://studybsd.com/\" rel=\"nofollow\"\u003eFirst BSD user group meeting in Hamilton, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSamir - \u003ca href=\"http://dpaste.com/2B22M24#wrap\" rel=\"nofollow\"\u003ecgit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRussell - \u003ca href=\"http://dpaste.com/0J5TYY0#wrap\" rel=\"nofollow\"\u003eR\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWolfgang - \u003ca href=\"http://dpaste.com/3MQAH27#wrap\" rel=\"nofollow\"\u003eQuestion\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0332.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.","date_published":"2020-01-09T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/34cc6ce3-e7ed-41bf-880e-e77f6a27fe3c.mp3","mime_type":"audio/mp3","size_in_bytes":32549325,"duration_in_seconds":2712}]},{"id":"aa8d58dd-a2a5-4c8a-9244-755d523fe855","title":"331: Why Computers Suck","url":"https://www.bsdnow.tv/331","content_text":"How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.\n\nHeadlines\n\nWhy computers suck and how learning from OpenBSD can make them marginally less horrible\n\n\nHow much better could things actually be if we abandoned the enterprise development model? \n\nNext I will compare this enterprise development approach with non-enterprise development - projects such as OpenBSD, which do not hesitate to introduce ABI breaking changes to improve the codebase.\n\nOne of the most commonly referred to pillars of the project's philosophy has long been its emphasis on clean functional code. Any code which makes it into OpenBSD is subject to ongoing aggressive audits for deprecated, or otherwise unmaintained code in order to reduce cruft and attack surface. Additionally the project creator, Theo de Raadt, and his team of core developers engage in ongoing development for proactive mitigations for various attack classes many of which are directly adopted by various multi-platform userland applications as well as the operating systems themselves (Windows, Linux, and the other BSDs). Frequently it is the case that introducing new features (not just deprecating old ones) introduces new incompatibilities against previously functional binaries compiled for OpenBSD. \n\nTo prevent the sort of kernel memory bloat that has plagued so many other operating systems for years, the project enforces a hard ceiling on the number of lines of code that can ever be in ring 0 at a given time. Current estimates guess the number of bugs per line of code in the Linux kernel are around 1 bug per every 10,000 lines of code. Think of this in the context of the scope creep seen in the Linux kernel (which if I recall correctly is currently at around 100,000,000 lines of code), as well as the Windows NT kernel (500,000,000 lines of code) and you quickly begin to understand how adding more and more functionality into the most privileged components of the operating system without first removing old components begins to add up in terms of the drastic difference seen between these systems in the number of zero day exploits caught in the wild respectively.\n\n\n\n\nHow Unix Works: Become a Better Software Engineer\n\n\nUnix is beautiful. Allow me to paint some happy little trees for you. I’m not going to explain a bunch of commands – that’s boring, and there’s a million tutorials on the web doing that already. I’m going to leave you with the ability to reason about the system.\n\nEvery fancy thing you want done is one google search away.\n\nBut understanding why the solution does what you want is not the same.\n\nThat’s what gives you real power, the power to not be afraid.\n\nAnd since it rhymes, it must be true.\n\n\n\n\nNews Roundup\n\nFreeBSD 12.1 Runs Refreshingly Well With AMD Ryzen Threadripper 3970X\n\n\nFor those of you interested in AMD's new Ryzen Threadripper 3960X/3970X processors with TRX40 motherboards for running FreeBSD, the experience in our initial testing has been surprisingly pleasant. In fact, it works out-of-the-box which one could argue is better than the current Linux support that needs the MCE workaround for booting. Here are some benchmarks of FreeBSD 12.1 on the Threadripper 3970X compared to Linux and Windows for this new HEDT platform.\n\nIt was refreshing to see FreeBSD 12.1 booting and running just fine with the Ryzen Threadripper 3970X 32-core/64-thread processor from the ASUS ROG ZENITH II EXTREME motherboard and all core functionality working including the PCIe 4.0 NVMe SSD storage, onboard networking, etc. The system was running with 4 x 16GB DDR4-3600 memory, 1TB Corsair Force MP600 NVMe SSD, and Radeon RX 580 graphics. It was refreshing to see FreeBSD 12.1 running well with this high-end AMD Threadripper system considering Linux even needed a boot workaround.\n\nWhile the FreeBSD 12.1 experience was trouble-free with the ASUS TRX40 motherboard (ROG Zenith II Extreme) and AMD Ryzen Threadripper 3970X, DragonFlyBSD unfortunately was not. Both DragonFlyBSD 5.6.2 stable and the DragonFlyBSD daily development snapshot from last week were yielding a panic on boot. So with that, DragonFlyBSD wasn't tested for this Threadripper 3970X comparison but just FreeBSD 12.1.\n\nFreeBSD 12.1 on the Threadripper 3970X was benchmarked both with its default LLVM Clang 8.0.1 compiler and again with GCC 9.2 from ports for ruling out compiler differences. The FreeBSD 12.1 performance was compared to last week's Windows 10 vs. Linux benchmarks with the same system.\n\n\n\n\nBSDCan 2020 CFP\n\n\nBSDCan 2020 will be held 5-6 (Fri-Sat) June, 2020 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 3-4 June (Wed-Thu).\n\nNOTE the change of month in 2020 back to June Also: do not miss out on the Goat BOF on Tuesday 2 June.\n\nWe are now accepting proposals for talks.  The talks should be designed with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.\n\n\n\nSee http://www.bsdcan.org/2020/\n\n\n\nIf you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience.  People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include:\n\n\n\nHow we manage a giant installation with respect to handling spam.\nand/or sysadmin.\nand/or networking.\nCool new stuff in BSD\nTell us about your project which runs on BSD\nother topics (see next paragraph)\n\n\n\nFrom the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples.\n\nBoth users and developers are encouraged to share their experiences.\n\n\n\n\nHardenedBSD Infrastructure Goals\n\n\n2019 has been an extremely productive year with regards to HardenedBSD's infrastructure. Several opportunities aligned themselves in such a way as to open a door for a near-complete rebuild with a vast expansion.\n\nThe last few months especially have seen a major expansion of our infrastructure. We obtained a number of to-be-retired Dell R410 servers. The crash of our nightly build server provided the opportunity to deploy these R410 servers, doubling our build capacity.\n\nMy available time to spend on HardenedBSD has decreased compared to this time last year. As part of rebuilding our infrastructure, I wanted to enable the community to be able to contribute. I'm structuring the work such that help is just a pull request away. Those in the HardenedBSD community who want to contribute to the infrastructure work can simply open a pull request. I'll review the code, and deploy it after a successful review. Users/contributors don't need access to our servers in order to improve them.\n\nMy primary goal for the rest of 2019 and into 2020 is to become fully self-hosted, with the sole exception of email. I want to transition the source-of-truth git repos to our own infrastructure. We will still provide a read-only mirror on GitHub.\n\nAs I develop this infrastructure, I'm doing so with human rights in mind. HardenedBSD is in a very unique position. In 2020, I plan to provide production Tor Onion Services for the various bits of our infrastructure. HardenedBSD will provide access to its various internal services to its developers and contributors. The entire development lifecycle, going from dev to prod, will be able to happen over Tor.\n\nTransparency will be key moving forward. Logs for the auto-sync script are now published directly to GitHub. Build logs will be, soon, too. Logs of all automated processes, and the code for those processes, will be tracked publicly via git. This will be especially crucial for development over Tor.\n\nIntegrating Tor into our infrastructure so deeply increases risk and maintenance burden. However, I believe that through added transparency, we will be able to mitigate risk. Periodic audits will need to be performed and published.\n\nI hope to migrate HardenedBSD's site away from Drupal to a static site generator. We don't really need the dynamic capabilities Drupal gives us. The many security issues Drupal and PHP both bring also leave much to be desired.\n\nSo, that's about it. I spent the last few months of 2019 laying the foundation for a successful 2020. I'm excited to see how the project grows.\n\n\n\n\nBeastie Bits\n\n\nFuryBSD - KDE plasma flavor now available\nDragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud\nLPI is looking for BSD Specialist learning material writers\nZFS sync/async + ZIL/SLOG, explained\nBSD-Licensed Combinatorics library/utility\nSSL client vs server certificates and bacula-fd\nMaxxDesktop planning to come to FreeBSD  Project Page\n\n\n\n\nFeedback/Questions\n\n\nTom - ZFS Mirror with different speeds\nJeff - Knowledge is power\nJohnny - Episode 324 response to Jacob\nPat - NYC*BUG meeting Jan Meeting Location\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eHow learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://telegra.ph/Why-OpenBSD-is-marginally-less-horrible-12-05\" rel=\"nofollow\"\u003eWhy computers suck and how learning from OpenBSD can make them marginally less horrible\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHow much better could things actually be if we abandoned the enterprise development model? \u003c/p\u003e\n\n\u003cp\u003eNext I will compare this enterprise development approach with non-enterprise development - projects such as OpenBSD, which do not hesitate to introduce ABI breaking changes to improve the codebase.\u003c/p\u003e\n\n\u003cp\u003eOne of the most commonly referred to pillars of the project\u0026#39;s philosophy has long been its emphasis on clean functional code. Any code which makes it into OpenBSD is subject to ongoing aggressive audits for deprecated, or otherwise unmaintained code in order to reduce cruft and attack surface. Additionally the project creator, Theo de Raadt, and his team of core developers engage in ongoing development for proactive mitigations for various attack classes many of which are directly adopted by various multi-platform userland applications as well as the operating systems themselves (Windows, Linux, and the other BSDs). Frequently it is the case that introducing new features (not just deprecating old ones) introduces new incompatibilities against previously functional binaries compiled for OpenBSD. \u003c/p\u003e\n\n\u003cp\u003eTo prevent the sort of kernel memory bloat that has plagued so many other operating systems for years, the project enforces a hard ceiling on the number of lines of code that can ever be in ring 0 at a given time. Current estimates guess the number of bugs per line of code in the Linux kernel are around 1 bug per every 10,000 lines of code. Think of this in the context of the scope creep seen in the Linux kernel (which if I recall correctly is currently at around 100,000,000 lines of code), as well as the Windows NT kernel (500,000,000 lines of code) and you quickly begin to understand how adding more and more functionality into the most privileged components of the operating system without first removing old components begins to add up in terms of the drastic difference seen between these systems in the number of zero day exploits caught in the wild respectively.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://neilkakkar.com/unix.html\" rel=\"nofollow\"\u003eHow Unix Works: Become a Better Software Engineer\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnix is beautiful. Allow me to paint some happy little trees for you. I’m not going to explain a bunch of commands – that’s boring, and there’s a million tutorials on the web doing that already. I’m going to leave you with the ability to reason about the system.\u003c/p\u003e\n\n\u003cp\u003eEvery fancy thing you want done is one google search away.\u003c/p\u003e\n\n\u003cp\u003eBut understanding why the solution does what you want is not the same.\u003c/p\u003e\n\n\u003cp\u003eThat’s what gives you real power, the power to not be afraid.\u003c/p\u003e\n\n\u003cp\u003eAnd since it rhymes, it must be true.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026item=freebsd-amd-3970x\u0026num=1\" rel=\"nofollow\"\u003eFreeBSD 12.1 Runs Refreshingly Well With AMD Ryzen Threadripper 3970X\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor those of you interested in AMD\u0026#39;s new Ryzen Threadripper 3960X/3970X processors with TRX40 motherboards for running FreeBSD, the experience in our initial testing has been surprisingly pleasant. In fact, it works out-of-the-box which one could argue is better than the current Linux support that needs the MCE workaround for booting. Here are some benchmarks of FreeBSD 12.1 on the Threadripper 3970X compared to Linux and Windows for this new HEDT platform.\u003c/p\u003e\n\n\u003cp\u003eIt was refreshing to see FreeBSD 12.1 booting and running just fine with the Ryzen Threadripper 3970X 32-core/64-thread processor from the ASUS ROG ZENITH II EXTREME motherboard and all core functionality working including the PCIe 4.0 NVMe SSD storage, onboard networking, etc. The system was running with 4 x 16GB DDR4-3600 memory, 1TB Corsair Force MP600 NVMe SSD, and Radeon RX 580 graphics. It was refreshing to see FreeBSD 12.1 running well with this high-end AMD Threadripper system considering Linux even needed a boot workaround.\u003c/p\u003e\n\n\u003cp\u003eWhile the FreeBSD 12.1 experience was trouble-free with the ASUS TRX40 motherboard (ROG Zenith II Extreme) and AMD Ryzen Threadripper 3970X, DragonFlyBSD unfortunately was not. Both DragonFlyBSD 5.6.2 stable and the DragonFlyBSD daily development snapshot from last week were yielding a panic on boot. So with that, DragonFlyBSD wasn\u0026#39;t tested for this Threadripper 3970X comparison but just FreeBSD 12.1.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD 12.1 on the Threadripper 3970X was benchmarked both with its default LLVM Clang 8.0.1 compiler and again with GCC 9.2 from ports for ruling out compiler differences. The FreeBSD 12.1 performance was compared to last week\u0026#39;s Windows 10 vs. Linux benchmarks with the same system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.bsdcan.org/pipermail/bsdcan-announce/2019-December/000180.html\" rel=\"nofollow\"\u003eBSDCan 2020 CFP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBSDCan 2020 will be held 5-6 (Fri-Sat) June, 2020 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 3-4 June (Wed-Thu).\u003c/p\u003e\n\n\u003cp\u003eNOTE the change of month in 2020 back to June Also: do not miss out on the Goat BOF on Tuesday 2 June.\u003c/p\u003e\n\n\u003cp\u003eWe are now accepting proposals for talks.  The talks should be designed with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee \u003ca href=\"http://www.bsdcan.org/2020/\" rel=\"nofollow\"\u003ehttp://www.bsdcan.org/2020/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience.  People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow we manage a giant installation with respect to handling spam.\u003c/li\u003e\n\u003cli\u003eand/or sysadmin.\u003c/li\u003e\n\u003cli\u003eand/or networking.\u003c/li\u003e\n\u003cli\u003eCool new stuff in BSD\u003c/li\u003e\n\u003cli\u003eTell us about your project which runs on BSD\u003c/li\u003e\n\u003cli\u003eother topics (see next paragraph)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFrom the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples.\u003c/p\u003e\n\n\u003cp\u003eBoth users and developers are encouraged to share their experiences.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/lattera/articles/blob/master/hardenedbsd/2019-12-01_infrastructure/article.md\" rel=\"nofollow\"\u003eHardenedBSD Infrastructure Goals\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e2019 has been an extremely productive year with regards to HardenedBSD\u0026#39;s infrastructure. Several opportunities aligned themselves in such a way as to open a door for a near-complete rebuild with a vast expansion.\u003c/p\u003e\n\n\u003cp\u003eThe last few months especially have seen a major expansion of our infrastructure. We obtained a number of to-be-retired Dell R410 servers. The crash of our nightly build server provided the opportunity to deploy these R410 servers, doubling our build capacity.\u003c/p\u003e\n\n\u003cp\u003eMy available time to spend on HardenedBSD has decreased compared to this time last year. As part of rebuilding our infrastructure, I wanted to enable the community to be able to contribute. I\u0026#39;m structuring the work such that help is just a pull request away. Those in the HardenedBSD community who want to contribute to the infrastructure work can simply open a pull request. I\u0026#39;ll review the code, and deploy it after a successful review. Users/contributors don\u0026#39;t need access to our servers in order to improve them.\u003c/p\u003e\n\n\u003cp\u003eMy primary goal for the rest of 2019 and into 2020 is to become fully self-hosted, with the sole exception of email. I want to transition the source-of-truth git repos to our own infrastructure. We will still provide a read-only mirror on GitHub.\u003c/p\u003e\n\n\u003cp\u003eAs I develop this infrastructure, I\u0026#39;m doing so with human rights in mind. HardenedBSD is in a very unique position. In 2020, I plan to provide production Tor Onion Services for the various bits of our infrastructure. HardenedBSD will provide access to its various internal services to its developers and contributors. The entire development lifecycle, going from dev to prod, will be able to happen over Tor.\u003c/p\u003e\n\n\u003cp\u003eTransparency will be key moving forward. Logs for the auto-sync script are now published directly to GitHub. Build logs will be, soon, too. Logs of all automated processes, and the code for those processes, will be tracked publicly via git. This will be especially crucial for development over Tor.\u003c/p\u003e\n\n\u003cp\u003eIntegrating Tor into our infrastructure so deeply increases risk and maintenance burden. However, I believe that through added transparency, we will be able to mitigate risk. Periodic audits will need to be performed and published.\u003c/p\u003e\n\n\u003cp\u003eI hope to migrate HardenedBSD\u0026#39;s site away from Drupal to a static site generator. We don\u0026#39;t really need the dynamic capabilities Drupal gives us. The many security issues Drupal and PHP both bring also leave much to be desired.\u003c/p\u003e\n\n\u003cp\u003eSo, that\u0026#39;s about it. I spent the last few months of 2019 laying the foundation for a successful 2020. I\u0026#39;m excited to see how the project grows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.furybsd.org/kde-plasma-flavor-now-available/\" rel=\"nofollow\"\u003eFuryBSD - KDE plasma flavor now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html\" rel=\"nofollow\"\u003eDragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.lpi.org/wiki/BSD_Specialist_Objectives_V1.0\" rel=\"nofollow\"\u003eLPI is looking for BSD Specialist learning material writers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://jrs-s.net/2019/05/02/zfs-sync-async-zil-slog/\" rel=\"nofollow\"\u003eZFS sync/async + ZIL/SLOG, explained\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2019-December/001921.html\" rel=\"nofollow\"\u003eBSD-Licensed Combinatorics library/utility\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dan.langille.org/2019/11/29/ssl-client-vs-server-certificates-and-bacula-fd/\" rel=\"nofollow\"\u003eSSL client vs server certificates and bacula-fd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.facebook.com/maxxdesktop/posts/2761326693888282\" rel=\"nofollow\"\u003eMaxxDesktop planning to come to FreeBSD\u003c/a\u003e  \u003ca href=\"https://www.facebook.com/maxxdesktop/\" rel=\"nofollow\"\u003eProject Page\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTom - \u003ca href=\"http://dpaste.com/3ZGYNS3#wrap\" rel=\"nofollow\"\u003eZFS Mirror with different speeds\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJeff - \u003ca href=\"http://dpaste.com/1H9QDCR#wrap\" rel=\"nofollow\"\u003eKnowledge is power\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohnny - \u003ca href=\"http://dpaste.com/1A7Q9EV\" rel=\"nofollow\"\u003eEpisode 324 response to Jacob\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePat - \u003ca href=\"http://dpaste.com/0QPZ2GC\" rel=\"nofollow\"\u003eNYC*BUG meeting Jan Meeting Location\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0331.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.","date_published":"2020-01-02T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/aa8d58dd-a2a5-4c8a-9244-755d523fe855.mp3","mime_type":"audio/mp3","size_in_bytes":50254703,"duration_in_seconds":4187}]},{"id":"af84425c-c562-4d3b-b28c-cce7a148a3ad","title":"330: Happy Holidays, All(an)","url":"https://www.bsdnow.tv/330","content_text":"Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.\n\nHeadlines\n\nAuthentication vulnerabilities in OpenBSD\n\n\nWe discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.\nFrom the manual page of login.conf:\n\n\n\nOpenBSD uses BSD Authentication, which is made up of a variety of authentication styles.  The authentication styles currently provided are:\n         passwd     Request a password and check it against the password in the master.passwd file.  See login_passwd(8).\n         skey       Send a challenge and request a response, checking it with S/Key (tm) authentication.  See login_skey(8).\n         yubikey    Authenticate using a Yubico YubiKey token.  See login_yubikey(8).\n         For any given style, the program /usr/libexec/auth/login_style is used to\n         perform the authentication.  The synopsis of this program is:\n         /usr/libexec/auth/login_style [-v name=value] [-s service] username class\n\n\n\nThis is the first piece of the puzzle: if an attacker specifies a username of the form \"-option\", they can influence the behavior of the authentication program in unexpected ways.\n\n\n\n login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program.  The allowed protocols are login, challenge, and response.  (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based).\n\n\n\n\nThis is the second piece of the puzzle: if an attacker specifies the username \"-schallenge\" (or \"-schallenge:passwd\" to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed.\nCase study: smtpd\nCase study: ldapd\nCase study: radiusd\nCase study: sshd\nAcknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE's CVE Assignment Team.\n\n\n\n\nFirst release candidate for NetBSD 9.0 available!\n\n\nSince the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed!\nThis includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.\nWe hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).\nHere are a few highlights of the new release:\n\n\nSupport for Arm AArch64 (64-bit Armv8-A) machines, including \"Arm ServerReady\"\ncompliant machines (SBBR+SBSA)\nEnhanced hardware support for Armv7-A\nUpdated GPU drivers (e.g. support for Intel Kabylake)\nEnhanced virtualization support\nSupport for hardware-accelerated virtualization (NVMM)\nSupport for Performance Monitoring Counters\nSupport for Kernel ASLR\nSupport several kernel sanitizers (KLEAK, KASAN, KUBSAN)\nSupport for userland sanitizers\nAudit of the network stack\nMany improvements in NPF\nUpdated ZFS\nReworked error handling and NCQ support in the SATA subsystem\nSupport a common framework for USB Ethernet drivers (usbnet)\n\nMore information on the RC can be found on the NetBSD 9 release page\n\n\n\n\nNews Roundup\n\nRunning FreeNAS on a Digitalocean droplet\n\n\nZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you're here, reading this, you probably know all that already and we can skip ahead.\nI've needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I'm trying to do. Since I'm using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can't. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn't a supported feature, at least not in the traditional way :)\nBefore we begin, here's the gist of what we're going to do:\n\n\n\nBase of a FreeBSD droplet, we'll re-image our boot block device with FreeNAS iso. We'll then install FreeNAS on the second block device. Once done we're going to do the ol' switcheroo: we're going to re-image our original boot block device using the now FreeNAS-installed second block device. \n\n\n\nPart 1: re-image our boot block device to boot FreeNAS install media.\nPart 2: Install FreeNAS on the second block-device\nPart 3: Re-image the boot block device using the FreeNAS-installed block device\n\n\n\n\nNomadBSD 1.3 is now available\n\n\nFrom the release notes:\n\n\n\nThe base system has been changed to FreeBSD 12.1-RELEASE-p1\n Due to a deadlock problem, FreeBSD's unionfs has been replaced by unionfs-fuse\n The GPT layout has been changed to MBR. This prevents problems with Lenovo\n systems that refuse to boot from GPT if \"lenovofix\" is not set, and systems that\n hang on boot if \"lenovofix\" is set.\n Support for ZFS installations has been added to the NomadBSD installer.\n The rc-script for setting up the network interfaces has been fixed and improved.\n Support for setting the country code for the wlan device has been added.\n Auto configuration for running in VirtualBox has been added.\n A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead.\n NVIDIA driver version 440 has been added.\n nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the\ndefault user and autologin has been added.\n nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added.\n Martin Orszulik added Czech translations to the setup and installation wizard.\n The NomadBSD logo, designed by Ian Grindley, has been changed.\n Support for localized error messages has been added.\n Support for localizing the password prompts has been added.\n Some templates for starting other DEs have been added to ~/.xinitrc.\n The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved.\n A script that helps users to configure a multihead systems has been added.\n The Xorg driver for newer Intel GPUs has been changed from \"intel\" to \"modesetting\".\n /proc has been added to /etc/fstab\n A D-Bus session issue has been fixed which prevented thunar from accessing  samba shares.\n DSBBg which allows users to change and manage wallpapers has been added.\n The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed.\n\nSupport for multiple keyboard layouts has been added.\n www/palemoon has been removed.\n mail/thunderbird has been removed.\n audio/audacity has been added.\n deskutils/orage has been added.\n the password manager fpm2 has been replaced by KeePassXC\n mail/sylpheed has been replaced by mail/claws-mail\n multimedia/simplescreenrecorder has been added.\n DSBMC has been changed to DSBMC-Qt\n Many small improvements and bug fixes.\n\n\n\n\nAt e2k19 nobody can hear you scream\n\n\nAfter 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.\nI did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509_STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509_STORE is just not built for such an abuse and so it was no wonder that this was slow.\nLucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACK_OF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACK_OF(3) and sk_pop_free(3) to understand why benno@ and I slowly turned crazy.\nOur next challenge was to only load the necessary certificate revocation list into the X509_STORE_CTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab).\nI did not plan to spend most of my week hacking on rpki-client but in the end I'm happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse.\nIn case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement!\nThanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut.\n\n\n\n\nBeastie Bits\n\n\nFOSDEM 2020 BSD Devroom schedule\nEasy Minecraft Server on FreeBSD Howto\nstats(3) framework in the TCP stack\n4017 days of uptime\nsysget - A front-end for every package manager\nPlayOnBSD’s Cross-BSD Shopping Guide\n\n\n\n\nFeedback/Questions\n\n\nPat asks about the proper disk drive type for ZFS\nBrad asks about a ZFS rosetta stone\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\nSpecial Guest: Mariusz Zaborski.","content_html":"\u003cp\u003eAuthentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openwall.com/lists/oss-security/2019/12/04/5\" rel=\"nofollow\"\u003eAuthentication vulnerabilities in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe discovered an authentication-bypass vulnerability in OpenBSD\u0026#39;s authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.\u003c/li\u003e\n\u003cli\u003eFrom the manual page of login.conf:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD uses BSD Authentication, which is made up of a variety of authentication styles.  The authentication styles currently provided are:\u003cbr\u003e\n         passwd     Request a password and check it against the password in the master.passwd file.  See login_passwd(8).\u003cbr\u003e\n         skey       Send a challenge and request a response, checking it with S/Key (tm) authentication.  See login_skey(8).\u003cbr\u003e\n         yubikey    Authenticate using a Yubico YubiKey token.  See login_yubikey(8).\u003cbr\u003e\n         For any given style, the program /usr/libexec/auth/login_style is used to\u003cbr\u003e\n         perform the authentication.  The synopsis of this program is:\u003cbr\u003e\n         /usr/libexec/auth/login_style [-v name=value] [-s service] username class\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is the first piece of the puzzle: if an attacker specifies a username of the form \u0026quot;-option\u0026quot;, they can influence the behavior of the authentication program in unexpected ways.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cpre\u003e\u003ccode\u003e login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program.  The allowed protocols are login, challenge, and response.  (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based).\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is the second piece of the puzzle: if an attacker specifies the username \u0026quot;-schallenge\u0026quot; (or \u0026quot;-schallenge:passwd\u0026quot; to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed.\u003c/li\u003e\n\u003cli\u003eCase study: smtpd\u003c/li\u003e\n\u003cli\u003eCase study: ldapd\u003c/li\u003e\n\u003cli\u003eCase study: radiusd\u003c/li\u003e\n\u003cli\u003eCase study: sshd\u003c/li\u003e\n\u003cli\u003eAcknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE\u0026#39;s CVE Assignment Team.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd\" rel=\"nofollow\"\u003eFirst release candidate for NetBSD 9.0 available!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSince the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed!\u003c/li\u003e\n\u003cli\u003eThis includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.\u003c/li\u003e\n\u003cli\u003eWe hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHere are a few highlights of the new release:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSupport for Arm AArch64 (64-bit Armv8-A) machines, including \u0026quot;Arm ServerReady\u0026quot;\u003cbr\u003e\ncompliant machines (SBBR+SBSA)\u003cbr\u003e\nEnhanced hardware support for Armv7-A\u003cbr\u003e\nUpdated GPU drivers (e.g. support for Intel Kabylake)\u003cbr\u003e\nEnhanced virtualization support\u003cbr\u003e\nSupport for hardware-accelerated virtualization (NVMM)\u003cbr\u003e\nSupport for Performance Monitoring Counters\u003cbr\u003e\nSupport for Kernel ASLR\u003cbr\u003e\nSupport several kernel sanitizers (KLEAK, KASAN, KUBSAN)\u003cbr\u003e\nSupport for userland sanitizers\u003cbr\u003e\nAudit of the network stack\u003cbr\u003e\nMany improvements in NPF\u003cbr\u003e\nUpdated ZFS\u003cbr\u003e\nReworked error handling and NCQ support in the SATA subsystem\u003cbr\u003e\nSupport a common framework for USB Ethernet drivers (usbnet)\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMore information on the RC can be found on the \u003ca href=\"https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html\" rel=\"nofollow\"\u003eNetBSD 9 release page\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.shlomimarco.com/post/running-freenas-on-a-digitalocean-droplet\" rel=\"nofollow\"\u003eRunning FreeNAS on a Digitalocean droplet\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you\u0026#39;re here, reading this, you probably know all that already and we can skip ahead.\u003c/li\u003e\n\u003cli\u003eI\u0026#39;ve needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I\u0026#39;m trying to do. Since I\u0026#39;m using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can\u0026#39;t. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn\u0026#39;t a supported feature, at least not in the traditional way :)\u003c/li\u003e\n\u003cli\u003eBefore we begin, here\u0026#39;s the gist of what we\u0026#39;re going to do:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBase of a FreeBSD droplet, we\u0026#39;ll re-image our boot block device with FreeNAS iso. We\u0026#39;ll then install FreeNAS on the second block device. Once done we\u0026#39;re going to do the ol\u0026#39; switcheroo: we\u0026#39;re going to re-image our original boot block device using the now FreeNAS-installed second block device. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePart 1: re-image our boot block device to boot FreeNAS install media.\u003c/li\u003e\n\u003cli\u003ePart 2: Install FreeNAS on the second block-device\u003c/li\u003e\n\u003cli\u003ePart 3: Re-image the boot block device using the FreeNAS-installed block device\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nomadbsd.org/\" rel=\"nofollow\"\u003eNomadBSD 1.3 is now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the release notes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe base system has been changed to FreeBSD 12.1-RELEASE-p1\u003cbr\u003e\n Due to a deadlock problem, FreeBSD\u0026#39;s unionfs has been replaced by unionfs-fuse\u003cbr\u003e\n The GPT layout has been changed to MBR. This prevents problems with Lenovo\u003cbr\u003e\n systems that refuse to boot from GPT if \u0026quot;lenovofix\u0026quot; is not set, and systems that\u003cbr\u003e\n hang on boot if \u0026quot;lenovofix\u0026quot; is set.\u003cbr\u003e\n Support for ZFS installations has been added to the NomadBSD installer.\u003cbr\u003e\n The rc-script for setting up the network interfaces has been fixed and improved.\u003cbr\u003e\n Support for setting the country code for the wlan device has been added.\u003cbr\u003e\n Auto configuration for running in VirtualBox has been added.\u003cbr\u003e\n A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead.\u003cbr\u003e\n NVIDIA driver version 440 has been added.\u003cbr\u003e\n nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the\u003cbr\u003e\ndefault user and autologin has been added.\u003cbr\u003e\n nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added.\u003cbr\u003e\n Martin Orszulik added Czech translations to the setup and installation wizard.\u003cbr\u003e\n The NomadBSD logo, designed by Ian Grindley, has been changed.\u003cbr\u003e\n Support for localized error messages has been added.\u003cbr\u003e\n Support for localizing the password prompts has been added.\u003cbr\u003e\n Some templates for starting other DEs have been added to ~/.xinitrc.\u003cbr\u003e\n The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved.\u003cbr\u003e\n A script that helps users to configure a multihead systems has been added.\u003cbr\u003e\n The Xorg driver for newer Intel GPUs has been changed from \u0026quot;intel\u0026quot; to \u0026quot;modesetting\u0026quot;.\u003cbr\u003e\n /proc has been added to /etc/fstab\u003cbr\u003e\n A D-Bus session issue has been fixed which prevented thunar from accessing  samba shares.\u003cbr\u003e\n DSBBg which allows users to change and manage wallpapers has been added.\u003cbr\u003e\n The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed.\u003c/p\u003e\n\n\u003cp\u003eSupport for multiple keyboard layouts has been added.\u003cbr\u003e\n www/palemoon has been removed.\u003cbr\u003e\n mail/thunderbird has been removed.\u003cbr\u003e\n audio/audacity has been added.\u003cbr\u003e\n deskutils/orage has been added.\u003cbr\u003e\n the password manager fpm2 has been replaced by KeePassXC\u003cbr\u003e\n mail/sylpheed has been replaced by mail/claws-mail\u003cbr\u003e\n multimedia/simplescreenrecorder has been added.\u003cbr\u003e\n DSBMC has been changed to DSBMC-Qt\u003cbr\u003e\n Many small improvements and bug fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20191204170908\" rel=\"nofollow\"\u003eAt e2k19 nobody can hear you scream\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.\u003c/li\u003e\n\u003cli\u003eI did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509_STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509_STORE is just not built for such an abuse and so it was no wonder that this was slow.\u003c/li\u003e\n\u003cli\u003eLucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACK_OF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACK_OF(3) and sk_pop_free(3) to understand why benno@ and I slowly turned crazy.\u003c/li\u003e\n\u003cli\u003eOur next challenge was to only load the necessary certificate revocation list into the X509_STORE_CTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab).\u003c/li\u003e\n\u003cli\u003eI did not plan to spend most of my week hacking on rpki-client but in the end I\u0026#39;m happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse.\u003c/li\u003e\n\u003cli\u003eIn case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement!\u003c/li\u003e\n\u003cli\u003eThanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://fosdem.org/2020/schedule/track/bsd/\" rel=\"nofollow\"\u003eFOSDEM 2020 BSD Devroom schedule\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/freebsd/how-to-guides/easy-minecraft-server-on-freebsd/\" rel=\"nofollow\"\u003eEasy Minecraft Server on FreeBSD Howto\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=355304\" rel=\"nofollow\"\u003estats(3) framework in the TCP stack\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/EdwinKremer/status/1203071684535889921\" rel=\"nofollow\"\u003e4017 days of uptime\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/emilengler/sysget\" rel=\"nofollow\"\u003esysget - A front-end for every package manager\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.playonbsd.com/shopping_guide/\" rel=\"nofollow\"\u003ePlayOnBSD’s Cross-BSD Shopping Guide\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2FDN26X#wrap\" rel=\"nofollow\"\u003ePat asks about the proper disk drive type for ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2X8PBMC#wrap\" rel=\"nofollow\"\u003eBrad asks about a ZFS rosetta stone\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0330.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e\u003cp\u003eSpecial Guest: Mariusz Zaborski.\u003c/p\u003e","summary":"Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.","date_published":"2019-12-26T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/af84425c-c562-4d3b-b28c-cce7a148a3ad.mp3","mime_type":"audio/mp3","size_in_bytes":54074955,"duration_in_seconds":4506}]},{"id":"ca9f1431-2af7-48ad-98d6-e68c253ec75b","title":"329: Lucas’ Arts","url":"https://www.bsdnow.tv/329","content_text":"In this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.\n\nInterview - Michael Lucas\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n  \n  Your browser does not support the HTML5 video tag.\nSpecial Guest: Michael W Lucas.","content_html":"\u003cp\u003eIn this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.\u003c/p\u003e\n\n\u003ch3\u003eInterview - Michael Lucas\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n  \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0329.mp4\"\u003e\n  Your browser does not support the HTML5 video tag.\n\u003c/video\u003e\u003cp\u003eSpecial Guest: Michael W Lucas.\u003c/p\u003e","summary":"In this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.","date_published":"2019-12-19T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ca9f1431-2af7-48ad-98d6-e68c253ec75b.mp3","mime_type":"audio/mp3","size_in_bytes":36780535,"duration_in_seconds":3065}]},{"id":"be8ded86-58b0-46af-ba11-af5a748bc3d8","title":"328: EPYC Netflix Stack","url":"https://www.bsdnow.tv/328","content_text":"LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.\n\nHeadlines\n\nLLDB Threading support now ready for mainline\n\n\nUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\n\nIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.\n\nSo far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.\n\n\n\n\nMultiple IPSec VPN tunnels with FreeBSD\n\n\nThe FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html)\n\n\nBut it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.\n\n\nThe requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).\n\nEach location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).\n\nVPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).\n\n\n\n\nNews Roundup\n\nNetflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance\n\n\nDrew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.\n\nNetflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.\n\nFor those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.\n\n\n\n\nunwind(8); \"happy eyeballs\"\n\n\nIn case you are wondering why happy eyeballs: It's a variation on this:\nhttps://en.wikipedia.org/wiki/Happy_Eyeballs\n\nunwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.\n\nThis diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. \n\nOne other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):\n 17 files changed, 385 insertions(+), 1683 deletions(-)\n\nPlease test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.\n\n\n\n\nAmazon now has FreeBSD ARM 12\n\n\nProduct Overview\n\nFreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.\n\nFreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.\n\n\n\n\nOpenSSH U2F/FIDO support in base\n\n\nI just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.\n\nHardware backed keys can be generated using \"ssh-keygen -t ecdsa-sk\" (or \"ed25519-sk\" if your token supports it). Many tokens require to be touched/tapped to confirm this step.\n\nYou'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a \"key handle\" that is used by the security key to derive the real private key at signing time.\n\nSo, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. \n\nOnce you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.\n\nPlease test this thoroughly - it's a big change that we want to have stable before the next release.\n\n\n\n\nBeastie Bits\n\n\nDragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud\nReally fast Markov chains in ~20 lines of sh, grep, cut and awk\nFreeBSD Journal Sept/Oct 2019\nMichael Dexter is raising money for Bhyve development\nsyscall call-from verification\nFreeBSD Forums Howto Section\n\n\n\n\nFeedback/Questions\n\n\nJeroen - Feedback\nSavo - pfsense ports\nTin - I want to learn C\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eLLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD\u0026#39;s Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready\" rel=\"nofollow\"\u003eLLDB Threading support now ready for mainline\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\u003c/p\u003e\n\n\u003cp\u003eIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I\u0026#39;ve been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD\u0026#39;s ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I\u0026#39;ve started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.\u003c/p\u003e\n\n\u003cp\u003eSo far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I\u0026#39;ve finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt\" rel=\"nofollow\"\u003eMultiple IPSec VPN tunnels with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see \u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html\" rel=\"nofollow\"\u003ehttps://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eBut it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).\u003c/p\u003e\n\n\u003cp\u003eEach location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).\u003c/p\u003e\n\n\u003cp\u003eVPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=Netflix-NUMA-FreeBSD-Optimized\" rel=\"nofollow\"\u003eNetflix Optimized FreeBSD\u0026#39;s Network Stack More Than Doubled AMD EPYC Performance\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDrew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company\u0026#39;s network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.\u003c/p\u003e\n\n\u003cp\u003eNetflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.\u003c/p\u003e\n\n\u003cp\u003eFor those just wanting the end result, Netflix\u0026#39;s NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=157475113130337\u0026w=2\" rel=\"nofollow\"\u003eunwind(8); \u0026quot;happy eyeballs\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn case you are wondering why happy eyeballs: It\u0026#39;s a variation on this:\u003cbr\u003e\n\u003ca href=\"https://en.wikipedia.org/wiki/Happy_Eyeballs\" rel=\"nofollow\"\u003ehttps://en.wikipedia.org/wiki/Happy_Eyeballs\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eunwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it\u0026#39;s own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.\u003c/p\u003e\n\n\u003cp\u003eThis diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. \u003c/p\u003e\n\n\u003cp\u003eOne other interesting thing about this is that it gets us past captive portals without a check URL, that\u0026#39;s why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):\u003cbr\u003e\n 17 files changed, 385 insertions(+), 1683 deletions(-)\u003c/p\u003e\n\n\u003cp\u003ePlease test this. I\u0026#39;m particularly interested in reports from people who move between networks and need to get past captive portals.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://aws.amazon.com/marketplace/pp/B081NF7BY7\" rel=\"nofollow\"\u003eAmazon now has FreeBSD ARM 12\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProduct Overview\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD\u0026#39;s networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20191115064850\" rel=\"nofollow\"\u003eOpenSSH U2F/FIDO support in base\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.\u003c/p\u003e\n\n\u003cp\u003eHardware backed keys can be generated using \u0026quot;ssh-keygen -t ecdsa-sk\u0026quot; (or \u0026quot;ed25519-sk\u0026quot; if your token supports it). Many tokens require to be touched/tapped to confirm this step.\u003c/p\u003e\n\n\u003cp\u003eYou\u0026#39;ll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a \u0026quot;key handle\u0026quot; that is used by the security key to derive the real private key at signing time.\u003c/p\u003e\n\n\u003cp\u003eSo, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. \u003c/p\u003e\n\n\u003cp\u003eOnce you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination\u0026#39;s authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.\u003c/p\u003e\n\n\u003cp\u003ePlease test this thoroughly - it\u0026#39;s a big change that we want to have stable before the next release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html\" rel=\"nofollow\"\u003eDragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-%7E20-lines-of-sh-grep-cut-and-awk/\" rel=\"nofollow\"\u003eReally fast Markov chains in ~20 lines of sh, grep, cut and awk\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/past-issues/security-3/\" rel=\"nofollow\"\u003eFreeBSD Journal Sept/Oct 2019\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/michaeldexter/status/1201231729228308480\" rel=\"nofollow\"\u003eMichael Dexter is raising money for Bhyve development\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=157488907117170\" rel=\"nofollow\"\u003esyscall call-from verification\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/\" rel=\"nofollow\"\u003eFreeBSD Forums Howto Section\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJeroen - \u003ca href=\"http://dpaste.com/0PK1EG2#wrap\" rel=\"nofollow\"\u003eFeedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSavo - \u003ca href=\"http://dpaste.com/0PZ03B7#wrap\" rel=\"nofollow\"\u003epfsense ports\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTin - \u003ca href=\"http://dpaste.com/2GVNCYB#wrap\" rel=\"nofollow\"\u003eI want to learn C\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0328.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.","date_published":"2019-12-12T07:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/be8ded86-58b0-46af-ba11-af5a748bc3d8.mp3","mime_type":"audio/mp3","size_in_bytes":41556868,"duration_in_seconds":3463}]},{"id":"18bee756-2b2e-45ed-bcf1-403549bf6a32","title":"327: ZFS Rename Repo","url":"https://www.bsdnow.tv/327","content_text":"We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.\n\nHeadlines\n\nFreeBSD third quarterly status report for 2019\n\n\nThis quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work).\n\nEfficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner.\n\nStarting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter's end. This means that deadlines for submitting reports will be the 1st of January, April, July and October.\n\nNext quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January.\n\n\n\n\nOpenBSD on Sparc64\n\n\nOpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available.\n\nFirst I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release.\n\nVersion 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions.\n\n\n\n\nNews Roundup\n\nZoL repo move to OpenZFS\n\n\nBecause it will contain the ZFS source code for both Linux and FreeBSD, we will rename the \"ZFSonLinux\" code repository to \"OpenZFS\".  Specifically, the repo at http://github.com/ZFSonLinux/zfs will be moved to the OpenZFS organization, at http://github.com/OpenZFS/zfs.\n\nThe next major release of ZFS for Linux and FreeBSD will be \"OpenZFS 2.0\", and is expected to ship in 2020.\n\n\n\n\nMcclure111 Sun Thread\n\n\nA long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn't make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they'd make their comeback.\n\n\n\n\nGEOM NOP\n\n\nSometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device.\n\nGNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks.\n\n\n\n\nKeeping NetBSD up-to-date with pkg_comp 2.0\n\n\nThis is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.\n\nGoals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.\n\nThis tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.\n\n\n\n\nBeastie Bits\n\n\nDragonFly - Radeon Improvements\nNomadBSD review\nSpongebob OpenBSD Security Comic\nForth : The Early Years\nLCM+L PDP-7 booting and running UNIX Version 0\n\n\n\n\nFeedback/Questions\n\n\nChris - Ctrl-T\n\n\nImproved Ctrl+t that shows kernel backtrace\n\nBrian - Migrating NexentaStore to FreeBSD/FreeNAS\nAvery - How to get involved\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eWe read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2019-07-2019-09.html\" rel=\"nofollow\"\u003eFreeBSD third quarterly status report for 2019\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work).\u003c/p\u003e\n\n\u003cp\u003eEfficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner.\u003c/p\u003e\n\n\u003cp\u003eStarting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter\u0026#39;s end. This means that deadlines for submitting reports will be the 1st of January, April, July and October.\u003c/p\u003e\n\n\u003cp\u003eNext quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2019/10/10/openbsd-on-sparc64-6-0-to-6-5/\" rel=\"nofollow\"\u003eOpenBSD on Sparc64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available.\u003c/p\u003e\n\n\u003cp\u003eFirst I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release.\u003c/p\u003e\n\n\u003cp\u003eVersion 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://zfsonlinux.topicbox.com/groups/zfs-discuss/T13eedc32607dab41/zol-repo-move-to-openzfs\" rel=\"nofollow\"\u003eZoL repo move to OpenZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBecause it will contain the ZFS source code for both Linux and FreeBSD, we will rename the \u0026quot;ZFSonLinux\u0026quot; code repository to \u0026quot;OpenZFS\u0026quot;.  Specifically, the repo at \u003ca href=\"http://github.com/ZFSonLinux/zfs\" rel=\"nofollow\"\u003ehttp://github.com/ZFSonLinux/zfs\u003c/a\u003e will be moved to the OpenZFS organization, at \u003ca href=\"http://github.com/OpenZFS/zfs\" rel=\"nofollow\"\u003ehttp://github.com/OpenZFS/zfs\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eThe next major release of ZFS for Linux and FreeBSD will be \u0026quot;OpenZFS 2.0\u0026quot;, and is expected to ship in 2020.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/mcclure111/status/1196557401710837762\" rel=\"nofollow\"\u003eMcclure111 Sun Thread\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn\u0026#39;t make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they\u0026#39;d make their comeback.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/71/\" rel=\"nofollow\"\u003eGEOM NOP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device.\u003c/p\u003e\n\n\u003cp\u003eGNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jmmv.dev/2017/02/pkg_comp-2.0-tutorial-netbsd.html\" rel=\"nofollow\"\u003eKeeping NetBSD up-to-date with pkg_comp 2.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.\u003c/p\u003e\n\n\u003cp\u003eGoals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.\u003c/p\u003e\n\n\u003cp\u003eThis tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-November/720070.html\" rel=\"nofollow\"\u003eDragonFly - Radeon Improvements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=7DglP7SbnlA\u0026feature=share\" rel=\"nofollow\"\u003eNomadBSD review\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://files.yukiisbo.red/openbsd_claim.png\" rel=\"nofollow\"\u003eSpongebob OpenBSD Security Comic\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://colorforth.github.io/HOPL.html\" rel=\"nofollow\"\u003eForth : The Early Years\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=pvaPaWyiuLA\" rel=\"nofollow\"\u003eLCM+L PDP-7 booting and running UNIX Version 0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eChris - \u003ca href=\"http://dpaste.com/284E5BV\" rel=\"nofollow\"\u003eCtrl-T\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://asciinema.org/a/xfSpvPT61Cnd9iRgbfIjT6kYj\" rel=\"nofollow\"\u003eImproved Ctrl+t that shows kernel backtrace\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eBrian - \u003ca href=\"http://dpaste.com/05GDK8H#wrap\" rel=\"nofollow\"\u003eMigrating NexentaStore to FreeBSD/FreeNAS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvery - \u003ca href=\"http://dpaste.com/26KW801#wrap\" rel=\"nofollow\"\u003eHow to get involved\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0327.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.","date_published":"2019-12-05T07:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/18bee756-2b2e-45ed-bcf1-403549bf6a32.mp3","mime_type":"audio/mp3","size_in_bytes":60093881,"duration_in_seconds":5007}]},{"id":"4d6f5084-1255-44ce-a255-5f969e18e44d","title":"326: Certified BSD","url":"https://www.bsdnow.tv/326","content_text":"LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.\n\nHeadlines\n\nLinux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group\n\n\nLinux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.\n\nG. Matthew Rice, the Executive Director of Linux Professional Institute says that \"the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute.  With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”\n\n\n\n\nOpenZFS Trip Report\n\n\nThe seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.\n\n\n\n\nNews Roundup\n\nUsing FreeBSD with Ports (2/2): Tool-assisted updating\n\n\nPart 1 here: https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/\n\n\n\nIn the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.\n\nIn this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.\n\n\n\n\nLLDB Threading support now ready for mainline\n\n\nUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\n\nIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.\n\nSo far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.\n\n\n\n\nLinux VS open source UNIX\n\n\n\nBeastie Bits\n\n\nSupport for Realtek RTL8125 2.5Gb Ethernet controller\nComputer Files Are Going Extinct\nFreeBSD kernel hacking\nModern BSD Computing for Fun on a VAX! Trying to use a VAX in today's world by Jeff Armstrong\nMidnightBSD 1.2 Released\n\n\n\n\nFeedback/Questions\n\n\nPaulo - Zfs snapshots\nPhillip - GCP\nA Listener - Old episodes?\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eLPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.lpi.org/articles/linux-professional-institute-releases-bsd-specialist-certification\" rel=\"nofollow\"\u003eLinux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLinux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.\u003c/p\u003e\n\n\u003cp\u003eG. Matthew Rice, the Executive Director of Linux Professional Institute says that \u0026quot;the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute.  With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/openzfs-dev-summit-2019/\" rel=\"nofollow\"\u003eOpenZFS Trip Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2019/09/12/using-freebsd-with-ports-2-2-tool-assisted-updating/\" rel=\"nofollow\"\u003eUsing FreeBSD with Ports (2/2): Tool-assisted updating\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePart 1 here: \u003ca href=\"https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/\" rel=\"nofollow\"\u003ehttps://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.\u003c/p\u003e\n\n\u003cp\u003eIn this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready\" rel=\"nofollow\"\u003eLLDB Threading support now ready for mainline\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\u003c/p\u003e\n\n\u003cp\u003eIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I\u0026#39;ve been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD\u0026#39;s ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I\u0026#39;ve started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.\u003c/p\u003e\n\n\u003cp\u003eSo far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I\u0026#39;ve finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.adminbyaccident.com/politics/linux-vs-open-source-unix/\" rel=\"nofollow\"\u003eLinux VS open source UNIX\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=157380442230074\u0026w=2\" rel=\"nofollow\"\u003eSupport for Realtek RTL8125 2.5Gb Ethernet controller\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://onezero.medium.com/the-death-of-the-computer-file-doc-43cb028c0506\" rel=\"nofollow\"\u003eComputer Files Are Going Extinct\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=4FUub_UtF3c\" rel=\"nofollow\"\u003eFreeBSD kernel hacking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/e7cJ7v2lYdE\" rel=\"nofollow\"\u003eModern BSD Computing for Fun on a VAX! Trying to use a VAX in today\u0026#39;s world by Jeff Armstrong\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.justjournal.com/users/mbsd/entry/33779\" rel=\"nofollow\"\u003eMidnightBSD 1.2 Released\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePaulo - \u003ca href=\"http://dpaste.com/0WQRP43#wrap\" rel=\"nofollow\"\u003eZfs snapshots\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePhillip - \u003ca href=\"http://dpaste.com/075ZQE1#wrap\" rel=\"nofollow\"\u003eGCP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA Listener - \u003ca href=\"http://dpaste.com/3YJ4119#wrap\" rel=\"nofollow\"\u003eOld episodes?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0326.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.","date_published":"2019-11-28T07:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4d6f5084-1255-44ce-a255-5f969e18e44d.mp3","mime_type":"audio/mp3","size_in_bytes":43280010,"duration_in_seconds":3606}]},{"id":"a971b40e-d33a-44ac-9cf8-dfaf7e4aaff7","title":"325: Cracking Rainbows","url":"https://www.bsdnow.tv/325","content_text":"FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.\n\nHeadlines\n\nFreeBSD 12.1\n\n\nSome of the highlights:\n\n\nBearSSL has been imported to the base system.\nThe clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1.\nOpenSSL has been updated to version 1.1.1d.\nSeveral userland utility updates.\n\nFor a complete list of new features and known problems, please see the online release notes and errata list, available at: https://www.FreeBSD.org/releases/12.1R/relnotes.html\n\n\n\n\nA History of UNIX before Berkeley: UNIX Evolution: 1975-1984.\n\n\nNobody needs to be told that UNIX is popular today. In this article we will show you a little of where it was yesterday and over the past decade. And, without meaning in the least to minimise the incredible contributions of Ken Thompson and Dennis Ritchie, we will bring to light many of the others who worked on early versions, and try to show where some of the key ideas came from, and how they got into the UNIX of today.\n\nOur title says we are talking about UNIX evolution. Evolution means different things to different people. We use the term loosely, to describe the change over time among the many different UNIX variants in use both inside and outside Bell Labs. Ideas, code, and useful programs seem to have made their way back and forth - like mutant genes - among all the many UNIXes living in the phone company over the decade in question.\n\nPart One looks at some of the major components of the current UNIX system - the text formatting tools, the compilers and program development tools, and so on. Most of the work described in Part One took place at Research'', a part of Bell Laboratories (now AT\u0026amp;T Bell Laboratories, then as nowthe Labs''), and the ancestral home of UNIX. In planned (but not written) later parts, we would have looked at some of the myriad versions of UNIX - there are far more than one might suspect. This includes a look at Columbus and USG and at Berkeley Unix. You'll begin to get a glimpse inside the history of the major streams of development of the system during that time.\n\n\n\n\nNews Roundup\n\nMy FreeBSD Development Setup\n\n\nI do my FreeBSD development using git, tmux, vim and cscope.\n\nI keep a FreeBSD fork on my github, I have forked https://github.com/freebsd/freebsd to https://github.com/adventureloop/freebsd\n\n\n\n\nOPNsense 19.7.6 released\n\n\nAs we are experiencing the Suricata community first hand in Amsterdam we thought to release this version a bit earlier than planned. Included is the latest Suricata 5.0.0 release in the development version. That means later this November we will releasing version 5 to the production version as we finish up tweaking the integration and maybe pick up 5.0.1 as it becomes available.\n\nLDAP TLS connectivity is now integrated into the system trust store, which ensures that all required root and intermediate certificates will be seen by the connection setup when they have been added to the authorities section. The same is true for trusting self-signed certificates. On top of this, IPsec now supports public key authentication as contributed by Pascal Mathis.\n\n\n\n\nHardenedBSD November 2019 Status Report.\n\n\nWe at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work. \n\n\n\n\nDNSSEC enabled in default unbound(8) configuration.\n\n\nDNSSEC validation has been enabled in the default unbound.conf(5) in -current. The relevant commits were from Job Snijders (job@)\n\n\n\n\nHow to Install Shopware with NGINX and Let's Encrypt on FreeBSD 12\n\n\nShopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on FreeBSD 12 system by using NGINX as a web server.\n\n\n\nRequirements\n\n\n\nMake sure your system meets the following minimum requirements:\n\n\nLinux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed. \nPHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.\nMySQL 5.5.0 or higher.\nPossibility to set up cron jobs.\nMinimum 4 GB available hard disk space.\nIonCube Loader version 5.0.0 or higher (optional).\n\n\n\n\n\nHow to Compile RainbowCrack on OpenBSD\n\n\nProject RainbowCrack was originally Zhu Shuanglei's implementation, it's not clear to me if the project is still just his or if it's even been maintained for a while. His page seems to have been last updated in August 2007.\n\nThe Project RainbowCrack web page now has just binaries for Windows XP and Linux, both 32-bit and 64-bit versions.\n\nEarlier versions were available as source code. The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn't compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about Linux kernel headers.\n\n\n\nYou might also look at ophcrack, a more modern tool, although it seems to be focused on cracking Windows XP/Vista/7/8/10 password hashes\n\n\n\n\nFeedback/Questions\n\n\nReese - Amature radio info\nChris - VPN\nMalcolm - NAT\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/12.1R/announce.html\" rel=\"nofollow\"\u003eFreeBSD 12.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSome of the highlights:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBearSSL has been imported to the base system.\u003c/li\u003e\n\u003cli\u003eThe clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1.\u003c/li\u003e\n\u003cli\u003eOpenSSL has been updated to version 1.1.1d.\u003c/li\u003e\n\u003cli\u003eSeveral userland utility updates.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFor a complete list of new features and known problems, please see the online release notes and errata list, available at: \u003ca href=\"https://www.FreeBSD.org/releases/12.1R/relnotes.html\" rel=\"nofollow\"\u003ehttps://www.FreeBSD.org/releases/12.1R/relnotes.html\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.darwinsys.com/history/hist.html\" rel=\"nofollow\"\u003eA History of UNIX before Berkeley: UNIX Evolution: 1975-1984.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNobody needs to be told that UNIX is popular today. In this article we will show you a little of where it was yesterday and over the past decade. And, without meaning in the least to minimise the incredible contributions of Ken Thompson and Dennis Ritchie, we will bring to light many of the others who worked on early versions, and try to show where some of the key ideas came from, and how they got into the UNIX of today.\u003c/p\u003e\n\n\u003cp\u003eOur title says we are talking about UNIX evolution. Evolution means different things to different people. We use the term loosely, to describe the change over time among the many different UNIX variants in use both inside and outside Bell Labs. Ideas, code, and useful programs seem to have made their way back and forth - like mutant genes - among all the many UNIXes living in the phone company over the decade in question.\u003c/p\u003e\n\n\u003cp\u003ePart One looks at some of the major components of the current UNIX system - the text formatting tools, the compilers and program development tools, and so on. Most of the work described in Part One took place at \u003ccode\u003eResearch\u0026#39;\u0026#39;, a part of Bell Laboratories (now AT\u0026amp;T Bell Laboratories, then as now\u003c/code\u003ethe Labs\u0026#39;\u0026#39;), and the ancestral home of UNIX. In planned (but not written) later parts, we would have looked at some of the myriad versions of UNIX - there are far more than one might suspect. This includes a look at Columbus and USG and at Berkeley Unix. You\u0026#39;ll begin to get a glimpse inside the history of the major streams of development of the system during that time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adventurist.me/posts/00296\" rel=\"nofollow\"\u003eMy FreeBSD Development Setup\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI do my FreeBSD development using git, tmux, vim and cscope.\u003c/p\u003e\n\n\u003cp\u003eI keep a FreeBSD fork on my github, I have forked \u003ca href=\"https://github.com/freebsd/freebsd\" rel=\"nofollow\"\u003ehttps://github.com/freebsd/freebsd\u003c/a\u003e to \u003ca href=\"https://github.com/adventureloop/freebsd\" rel=\"nofollow\"\u003ehttps://github.com/adventureloop/freebsd\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-19-7-6-released/\" rel=\"nofollow\"\u003eOPNsense 19.7.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs we are experiencing the Suricata community first hand in Amsterdam we thought to release this version a bit earlier than planned. Included is the latest Suricata 5.0.0 release in the development version. That means later this November we will releasing version 5 to the production version as we finish up tweaking the integration and maybe pick up 5.0.1 as it becomes available.\u003c/p\u003e\n\n\u003cp\u003eLDAP TLS connectivity is now integrated into the system trust store, which ensures that all required root and intermediate certificates will be seen by the connection setup when they have been added to the authorities section. The same is true for trusting self-signed certificates. On top of this, IPsec now supports public key authentication as contributed by Pascal Mathis.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2019-11-09/hardenedbsd-status-report\" rel=\"nofollow\"\u003eHardenedBSD November 2019 Status Report.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20191110123908\" rel=\"nofollow\"\u003eDNSSEC enabled in default unbound(8) configuration.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDNSSEC validation has been enabled in the default unbound.conf(5) in -current. The relevant commits were from Job Snijders (job@)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.howtoforge.com/how-to-install-shopware-with-nginx-and-lets-encrypt-on-freebsd-12/\" rel=\"nofollow\"\u003eHow to Install Shopware with NGINX and Let\u0026#39;s Encrypt on FreeBSD 12\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eShopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on FreeBSD 12 system by using NGINX as a web server.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRequirements\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMake sure your system meets the following minimum requirements:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eLinux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed. \u003c/li\u003e\n\u003cli\u003ePHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.\u003c/li\u003e\n\u003cli\u003eMySQL 5.5.0 or higher.\u003c/li\u003e\n\u003cli\u003ePossibility to set up cron jobs.\u003c/li\u003e\n\u003cli\u003eMinimum 4 GB available hard disk space.\u003c/li\u003e\n\u003cli\u003eIonCube Loader version 5.0.0 or higher (optional).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cromwell-intl.com/open-source/compiling-rainbowcrack-on-openbsd.html\" rel=\"nofollow\"\u003eHow to Compile RainbowCrack on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject RainbowCrack was originally Zhu Shuanglei\u0026#39;s implementation, it\u0026#39;s not clear to me if the project is still just his or if it\u0026#39;s even been maintained for a while. His page seems to have been last updated in August 2007.\u003c/p\u003e\n\n\u003cp\u003eThe Project RainbowCrack web page now has just binaries for Windows XP and Linux, both 32-bit and 64-bit versions.\u003c/p\u003e\n\n\u003cp\u003eEarlier versions were available as source code. The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn\u0026#39;t compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about Linux kernel headers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou might also look at ophcrack, a more modern tool, although it seems to be focused on cracking Windows XP/Vista/7/8/10 password hashes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eReese - \u003ca href=\"http://dpaste.com/2RDG9K4#wrap\" rel=\"nofollow\"\u003eAmature radio info\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChris - \u003ca href=\"http://dpaste.com/2K4T2FQ#wrap\" rel=\"nofollow\"\u003eVPN\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/138NEMA\" rel=\"nofollow\"\u003eNAT\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0325.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.","date_published":"2019-11-21T07:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a971b40e-d33a-44ac-9cf8-dfaf7e4aaff7.mp3","mime_type":"audio/mp3","size_in_bytes":41526775,"duration_in_seconds":3460}]},{"id":"e82a766b-37c4-4d16-896b-6fcfcfdef480","title":"324: Emergency Space Mode","url":"https://www.bsdnow.tv/324","content_text":"Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.\n\n\n\nHeadlines\n\nMigrating drives and the zpool from one host to another.\n\n\nToday is the day.\n\nToday I move a zpool from an R710 into an R720. The goal: all services on that zpool start running on the new host.\n\nFortunately, that zpool is dedicated to jails, more or less. I have done some planning about this, including moving a poudriere on the R710 into a jail.\n\nNow it is almost noon on Saturday, I am sitting in the basement (just outside the server room), and I’m typing this up.\n\n\n\nIn this post:\n\n\nFreeBSD 12.0\nDell R710 (r710-01)\nDell R720 (r720-01)\ndrive caddies from eBay and now I know the difference between SATA and SATAu\n\nPLEASE READ THIS first: Migrating ZFS Storage Pools\n\n\n\n\nOpenBSD in 2019\n\n\nI’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.\n\nWhat triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.\n\nI don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.\n\nThat and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.\n\nThis is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment works well. E.g. will gnuradio work? Lack of other-OS VM support may be a problem.\n\n\n\nVerdict\n\n\n\nOuch, that’s a long list of bad stuff. Still, I like it. I’ll continue to run it, and will make sure my stuff continues working on OpenBSD.\n\nAnd maybe in a year I’ll have a review of OpenBSD on a laptop.\n\n\n\n\nNews Roundup\n\nNew zlib, new dhcpcd\n\n\nzlib and dhcpcd are both updated in DragonFly… but my quick perusal of the commits makes it sound like bugfix only; no usage changes needed.\n\n\n\nDHCPCD Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html\nZLIB Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html\n\n\n\n\nBatch renaming images, including image resolution, with awk\n\n\nThe most recent item on my list of “Geeky things I did that made me feel pretty awesome” is an hour’s adventure that culminated in this code:\n\n\n$ file IMG* | awk 'BEGIN{a=0} {print substr($1, 1, length($1)-5),a++\"_\"substr($8,1, length($8)-1)}' | while read fn fr; do echo $(rename -v \"s/$fn/img_$fr/g\" *); done\nIMG_20170808_172653_425.jpg renamed as img_0_4032x3024.jpg\nIMG_20170808_173020_267.jpg renamed as img_1_3024x3506.jpg\nIMG_20170808_173130_616.jpg renamed as img_2_3024x3779.jpg\nIMG_20170808_173221_425.jpg renamed as img_3_3024x3780.jpg\nIMG_20170808_173417_059.jpg renamed as img_4_2956x2980.jpg\nIMG_20170808_173450_971.jpg renamed as img_5_3024x3024.jpg\nIMG_20170808_173536_034.jpg renamed as img_6_4032x3024.jpg\nIMG_20170808_173602_732.jpg renamed as img_7_1617x1617.jpg\nIMG_20170808_173645_339.jpg renamed as img_8_3024x3780.jpg\nIMG_20170909_170146_585.jpg renamed as img_9_3036x3036.jpg\nIMG_20170911_211522_543.jpg renamed as img_10_3036x3036.jpg\nIMG_20170913_071608_288.jpg renamed as img_11_2760x2760.jpg\nIMG_20170913_073205_522.jpg renamed as img_12_2738x2738.jpg\n// ... etc etc\n\n\n\nThe last item on the aforementioned list is “TODO: come up with a shorter title for this list.”\n\n\n\n\nI hate the X11 ICCCM selection system, and you should too - A Rant\n\n\nd00d, that document is devilspawn. I've recently spent my nights in pain\nimplementing the selection mechanism. WHY OH WHY OH WHY? why me?  why did I choose to do this? and what sick evil twisted mind wrote this damn spec? I don't know why I'm working with it, I just wanted to make a useful program.\n\nI didn't know what I was getting myself in to. Nobody knows until they try it. And once you start, you're unable to stop. You can't stop, if you stop then you haven't completed it to spec. You can't fail on this, it's just a few pages of text, how can that be so hard? So what if they use Atoms for everything. So what if there's no explicit correlation between the target type of a SelectionNotify event and the type of the property it indicates?\n\nSo what if the distinction is ambiguous? So what if the document is littered with such atrocities? It's not the spec's fault, the spec is authoritative. It's obviously YOUR (the implementor's) fault for misunderstanding it. If you didn't misunderstand it, you wouldn't be here complaining about it would you?\n\n\n\n\nHAMMER2 emergency space mode\n\n\nAs anyone who has been running HAMMER1 or HAMMER2 has noticed, snapshots and copy on write and infinite history can eat a lot of disk space, even if the actual file volume isn’t changing much.  There’s now an ‘emergency mode‘ for HAMMER2, where disk operations can happen even if there isn’t space for the normal history activity.  It’s dangerous, in that the normal protections against data loss if power is cut go away, and snapshots created while in this mode will be mangled.  So definitely don’t leave it on!\n\n\n\n\nBeastie Bits\n\n\nThe BastilleBSD community has started work on over 100 automation templates\nPAM perturbed\nOpenBSD T-Shirts now available\nFastoCloud (Opensource Media Service) now available on FreeBSD\nUnix: A History and a Memoir by Brian Kernighan now available\nOpenBSD Moonlight game streaming client from a Windows + Nvidia PC\n***\n\n\nFeedback/Questions\n\n\nTim - Release Notes for Lumina 1.5\n\n\nAnswer Here\n\nBrad - vBSDcon Trip Report\nJacob - Using terminfo on FreeBSD\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eMigrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2019/10/26/migrating-drives-and-the-zpool-from-one-host-to-another/\" rel=\"nofollow\"\u003eMigrating drives and the zpool from one host to another.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday is the day.\u003c/p\u003e\n\n\u003cp\u003eToday I move a zpool from an R710 into an R720. The goal: all services on that zpool start running on the new host.\u003c/p\u003e\n\n\u003cp\u003eFortunately, that zpool is dedicated to jails, more or less. I have done some planning about this, including moving a poudriere on the R710 into a jail.\u003c/p\u003e\n\n\u003cp\u003eNow it is almost noon on Saturday, I am sitting in the basement (just outside the server room), and I’m typing this up.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eIn this post:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 12.0\u003c/li\u003e\n\u003cli\u003eDell R710 (r710-01)\u003c/li\u003e\n\u003cli\u003eDell R720 (r720-01)\u003c/li\u003e\n\u003cli\u003edrive caddies from eBay and now I know the difference between SATA and SATAu\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://docs.oracle.com/cd/E19253-01/819-5461/gbchy/index.html\" rel=\"nofollow\"\u003ePLEASE READ THIS first: Migrating ZFS Storage Pools\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.habets.se/2019/10/OpenBSD-in-2019.html\" rel=\"nofollow\"\u003eOpenBSD in 2019\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.\u003c/p\u003e\n\n\u003cp\u003eWhat triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.\u003c/p\u003e\n\n\u003cp\u003eI don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.\u003c/p\u003e\n\n\u003cp\u003eThat and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.\u003c/p\u003e\n\n\u003cp\u003eThis is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment works well. E.g. will gnuradio work? Lack of other-OS VM support may be a problem.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eVerdict\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOuch, that’s a long list of bad stuff. Still, I like it. I’ll continue to run it, and will make sure my stuff continues working on OpenBSD.\u003c/p\u003e\n\n\u003cp\u003eAnd maybe in a year I’ll have a review of OpenBSD on a laptop.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/10/29/23683.html\" rel=\"nofollow\"\u003eNew zlib, new dhcpcd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ezlib and dhcpcd are both updated in DragonFly… but my quick perusal of the commits makes it sound like bugfix only; no usage changes needed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDHCPCD Commit: \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html\" rel=\"nofollow\"\u003ehttp://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZLIB Commit: \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html\" rel=\"nofollow\"\u003ehttp://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://victoria.dev/verbose/batch-renaming-images-including-image-resolution-with-awk/\" rel=\"nofollow\"\u003eBatch renaming images, including image resolution, with awk\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe most recent item on my list of “Geeky things I did that made me feel pretty awesome” is an hour’s adventure that culminated in this code:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ file IMG* | awk \u0026#39;BEGIN{a=0} {print substr($1, 1, length($1)-5),a++\u0026quot;_\u0026quot;substr($8,1, length($8)-1)}\u0026#39; | while read fn fr; do echo $(rename -v \u0026quot;s/$fn/img_$fr/g\u0026quot; *); done\nIMG_20170808_172653_425.jpg renamed as img_0_4032x3024.jpg\nIMG_20170808_173020_267.jpg renamed as img_1_3024x3506.jpg\nIMG_20170808_173130_616.jpg renamed as img_2_3024x3779.jpg\nIMG_20170808_173221_425.jpg renamed as img_3_3024x3780.jpg\nIMG_20170808_173417_059.jpg renamed as img_4_2956x2980.jpg\nIMG_20170808_173450_971.jpg renamed as img_5_3024x3024.jpg\nIMG_20170808_173536_034.jpg renamed as img_6_4032x3024.jpg\nIMG_20170808_173602_732.jpg renamed as img_7_1617x1617.jpg\nIMG_20170808_173645_339.jpg renamed as img_8_3024x3780.jpg\nIMG_20170909_170146_585.jpg renamed as img_9_3036x3036.jpg\nIMG_20170911_211522_543.jpg renamed as img_10_3036x3036.jpg\nIMG_20170913_071608_288.jpg renamed as img_11_2760x2760.jpg\nIMG_20170913_073205_522.jpg renamed as img_12_2738x2738.jpg\n// ... etc etc\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe last item on the aforementioned list is “TODO: come up with a shorter title for this list.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.call-with-current-continuation.org/rants/icccm.txt\" rel=\"nofollow\"\u003eI hate the X11 ICCCM selection system, and you should too - A Rant\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ed00d, that document is devilspawn. I\u0026#39;ve recently spent my nights in pain\u003cbr\u003e\nimplementing the selection mechanism. WHY OH WHY OH WHY? why me?  why did I choose to do this? and what sick evil twisted mind wrote this damn spec? I don\u0026#39;t know why I\u0026#39;m working with it, I just wanted to make a useful program.\u003c/p\u003e\n\n\u003cp\u003eI didn\u0026#39;t know what I was getting myself in to. Nobody knows until they try it. And once you start, you\u0026#39;re unable to stop. You can\u0026#39;t stop, if you stop then you haven\u0026#39;t completed it to spec. You can\u0026#39;t fail on this, it\u0026#39;s just a few pages of text, how can that be so hard? So what if they use Atoms for everything. So what if there\u0026#39;s no explicit correlation between the target type of a SelectionNotify event and the type of the property it indicates?\u003c/p\u003e\n\n\u003cp\u003eSo what if the distinction is ambiguous? So what if the document is littered with such atrocities? It\u0026#39;s not the spec\u0026#39;s fault, the spec is authoritative. It\u0026#39;s obviously YOUR (the implementor\u0026#39;s) fault for misunderstanding it. If you didn\u0026#39;t misunderstand it, you wouldn\u0026#39;t be here complaining about it would you?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/10/22/23652.html\" rel=\"nofollow\"\u003eHAMMER2 emergency space mode\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs anyone who has been running HAMMER1 or HAMMER2 has noticed, snapshots and copy on write and infinite history can eat a lot of disk space, even if the actual file volume isn’t changing much.  There’s now an ‘emergency mode‘ for HAMMER2, where disk operations can happen even if there isn’t space for the normal history activity.  It’s dangerous, in that the normal protections against data loss if power is cut go away, and snapshots created while in this mode will be mangled.  So definitely don’t leave it on!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/BastilleBSD/status/1186659762458501120\" rel=\"nofollow\"\u003eThe BastilleBSD community has started work on over 100 automation templates\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/10/23/23654.html\" rel=\"nofollow\"\u003ePAM perturbed\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://teespring.com/stores/openbsd\" rel=\"nofollow\"\u003eOpenBSD T-Shirts now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/freebsd/comments/dlyqtq/fastocloud_opensource_media_service_now_available/\" rel=\"nofollow\"\u003eFastoCloud (Opensource Media Service) now available on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.cs.princeton.edu/%7Ebwk/\" rel=\"nofollow\"\u003eUnix: A History and a Memoir by Brian Kernighan now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/openbsd_gaming/comments/d6xboo/openbsd_moonlight_game_streaming_client_from_a/\" rel=\"nofollow\"\u003eOpenBSD Moonlight game streaming client from a Windows + Nvidia PC\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTim - \u003ca href=\"http://dpaste.com/38DNSXT#wrap\" rel=\"nofollow\"\u003eRelease Notes for Lumina 1.5\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3QJX8G3#wrap\" rel=\"nofollow\"\u003eAnswer Here\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/316MGVX#wrap\" rel=\"nofollow\"\u003evBSDcon Trip Report\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJacob - \u003ca href=\"http://dpaste.com/131N05J#wrap\" rel=\"nofollow\"\u003eUsing terminfo on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0324.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.","date_published":"2019-11-14T07:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e82a766b-37c4-4d16-896b-6fcfcfdef480.mp3","mime_type":"audio/mp3","size_in_bytes":33490674,"duration_in_seconds":2790}]},{"id":"cf54c1fe-70ba-49a3-9b13-1ceb64ab896a","title":"323: OSI Burrito Guy","url":"https://www.bsdnow.tv/323","content_text":"The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.\n\nHeadlines\n\nThe Earliest Unix Code: An Anniversary Source Code Release\n\n\nWhat is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.\n\n2019 marks the 50th anniversary of the start of Unix. In the summer of 1969, that same summer that saw humankind’s first steps on the surface of the Moon, computer scientists at the Bell Telephone Laboratories—most centrally Ken Thompson and Dennis Ritchie—began the construction of a new operating system, using a then-aging DEC PDP-7 computer at the labs.\n\n\n\n\nThis man sent the first online message 50 years ago\n\n\nAs many of you have heard in the past, the first online message ever sent between two computers was \"lo\", just over 50 years ago, on Oct. 29, 1969. \n\n\n\nIt was supposed to say \"log,\" but the computer sending the message — based at UCLA — crashed before the letter \"g\" was typed. A computer at Stanford 560 kilometres away was supposed to fill in the remaining characters \"in,\" as in \"log in.\"\n\n\n\nThe CBC Radio show, “The Current” has a half-hour interview with the man who sent that message, Leonard Kleinrock, distinguished professor of computer science at UCLA\n\n\n\n\"The idea of the network was you could sit at one computer, log on through the network to a remote computer and use its services there,\"\n\n50 years later, the internet has become so ubiquitous that it has almost been rendered invisible. There's hardly an aspect in our daily lives that hasn't been touched and transformed by it.\n\nQ: Take us back to that day 50 years ago. Did you have the sense that this was going to be something you'd be talking about a half a century later?\n\nA: Well, yes and no. Four months before that message was sent, there was a press release that came out of UCLA in which it quotes me as describing what my vision for this network would become. Basically what it said is that this network would be always on, always available. Anybody with any device could get on at anytime from any location, and it would be invisible.\n\nWell, what I missed ... was that this is going to become a social network. People talking to people. Not computers talking to computers, but [the] human element.\n\nQ: Can you briefly explain what you were working on in that lab? Why were you trying to get computers to actually talk to one another?\n\nA: As an MIT graduate student, years before, I recognized I was surrounded by computers and I realized there was no effective [or efficient] way for them to communicate. I did my dissertation, my research, on establishing a mathematical theory of how these networks would work. But there was no such network existing. AT\u0026amp;T said it won't work and, even if it does, we want nothing to do with it.\n\nSo I had to wait around for years until the Advanced Research Projects Agency within the Department of Defence decided they needed a network to connect together the computer scientists they were supervising and supporting.\n\nQ: For all the promise of the internet, it has also developed some dark sides that I'm guessing pioneers like yourselves never anticipated.\n\nA: We did not. I knew everybody on the internet at that time, and they were all well-behaved and they all believed in an open, shared free network. So we did not put in any security controls.\n\nWhen the first spam email occurred, we began to see the dark side emerge as this network reached nefarious people sitting in basements with a high-speed connection, reaching out to millions of people instantaneously, at no cost in time or money, anonymously until all sorts of unpleasant events occurred, which we called the dark side.\n\nBut in those early days, I considered the network to be going through its teenage years. Hacking to spam, annoying kinds of effects. I thought that one day this network would mature and grow up. Well, in fact, it took a turn for the worse when nation states, organized crime and extremists came in and began to abuse the network in severe ways.\n\nQ: Is there any part of you that regrets giving birth to this?\n\nA: Absolutely not. The greater good is much more important.\n\n\n\n\nNews Roundup\n\nHow to use blacklistd(8) with NPF as a fail2ban replacement\n\n\nblacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.\n\nThe interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf\n\nNow, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.\n\nUnfortunately (dont' ask me why ??) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen.\n\n\n\nFreeBSD’s handbook chapter on blacklistd\n\n\n\n\nOpenBSD crossed 400,000 commits\n\n\nSometime in the last week OpenBSD crossed 400,000 commits (*) upon all our repositories since starting at 1995/10/18 08:37:01 Canada/Mountain. That's a lot of commits by a lot of amazing people.\n\n(*) by one measure.  Since the repository is so large and old, there are a variety of quirks including ChangeLog missing entries and branches not convertible to other repo forms, so measuring is hard.  If you think you've got a great way of measuring, don't be so sure of yourself -- you may have overcounted or undercounted.\n\n\n\nSubject to the notes Theo made about under and over counting, FreeBSD should hit 1 million commits (base + ports + docs) some time in 2020\nNetBSD + pkgsrc are approaching 600,000, but of course pkgsrc covers other operating systems too\n\n\n\n\nHow to Install Bolt CMS with Nginx and Let's Encrypt on FreeBSD 12\n\n\nBolt is a sophisticated, lightweight and simple CMS built with PHP. It is released under the open-source MIT-license and source code is hosted as a public repository on Github. A bolt is a tool for Content Management, which strives to be as simple and straightforward as possible. It is quick to set up, easy to configure, uses elegant templates. Bolt is created using modern open-source libraries and is best suited to build sites in HTML5 with modern markup. In this tutorial, we will go through the Bolt CMS installation on FreeBSD 12 system by using Nginx as a web server, MySQL as a database server, and optionally you can secure the transport layer by using acme.sh client and Let's Encrypt certificate authority to add SSL support.\n\n\n\nRequirements\nThe system requirements for Bolt are modest, and it should run on any fairly modern web server:\n\n\nPHP version 5.5.9 or higher with the following common PHP extensions: pdo, mysqlnd, pgsql, openssl, curl, gd, intl, json, mbstring, opcache, posix, xml, fileinfo, exif, zip.\nAccess to SQLite (which comes bundled with PHP), or MySQL or PostgreSQL.\nApache with mod_rewrite enabled (.htaccess files) or Nginx (virtual host configuration covered below).\nA minimum of 32MB of memory allocated to PHP.\n\n\n\n\n\nhammer2 - Optimize hammer2 support threads and dispatch\n\n\nRefactor the XOP groups in order to be able to queue strategy calls, whenever possible, to the same CPU as the issuer.  This optimizes several cases and reduces unnecessary IPI traffic between cores.  The next best thing to do would be to not queue certain XOPs to an H2 support thread at all, but I would like to keep the threads intact for later clustering work.\nThe best scaling case for this is when one has a large number of user threads doing I/O.  One instance of a single-threaded program on an otherwise idle machine might see a slightly reduction in performance but at the same time we completely avoid unnecessarily spamming all cores in the system on the behalf of a single program, so overhead is also significantly lower.\n\nThis will tend to increase the number of H2 support threads since we need a certain degree of multiplication for domain separation.\n\nThis should significantly increase I/O performance for multi-threaded workloads.\n\n\n\n\nYou know, we might as well just run every network service over HTTPS/2 and build another six layers on top of that to appease the OSI 7-layer burrito guys\n\n\nI've seen the writing on the wall, and while for now you can configure Firefox not to use DoH, I'm not confident enough to think it will remain that way. To that end, I've finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache to run over HTTP/2 (THANK YOU SO VERY XXXXX­XX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXX­XXX DOWN OUR THROATS!—no, I'm not bitter) and write a 150 line script that just queries my own local DNS, because, you know, it's more XXXXX­XX secure or some XXXXX­XXX reason like that.\n\nSigh.\n\n\n\n\nBeastie Bits\n\n\nAn Oral History of Unix\nNUMA Siloing in the FreeBSD Network Stack [pdf]\nEuroBSDCon 2019 videos available\nBarbie knows best\nFor the #OpenBSD #e2k19 attendees.  I did a pre visit today.\nDrawer Find\nSlides - Removing ROP Gadgets from OpenBSD - AsiaBSDCon 2019\n\n\n\n\nFeedback/Questions\n\n\nBostjan - Open source doesn't mean secure\nMalcolm - Allan is Correct.\nMichael - FreeNAS inside a Jail\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eThe earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://computerhistory.org/blog/the-earliest-unix-code-an-anniversary-source-code-release/\" rel=\"nofollow\"\u003eThe Earliest Unix Code: An Anniversary Source Code Release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.\u003c/p\u003e\n\n\u003cp\u003e2019 marks the 50th anniversary of the start of Unix. In the summer of 1969, that same summer that saw humankind’s first steps on the surface of the Moon, computer scientists at the Bell Telephone Laboratories—most centrally Ken Thompson and Dennis Ritchie—began the construction of a new operating system, using a then-aging DEC PDP-7 computer at the labs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cbc.ca/radio/thecurrent/the-current-for-oct-29-2019-1.5339212/this-man-sent-the-first-online-message-50-years-ago-he-s-since-seen-the-web-s-dark-side-emerge-1.5339244\" rel=\"nofollow\"\u003eThis man sent the first online message 50 years ago\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs many of you have heard in the past, the first online message ever sent between two computers was \u0026quot;lo\u0026quot;, just over 50 years ago, on Oct. 29, 1969. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt was supposed to say \u0026quot;log,\u0026quot; but the computer sending the message — based at UCLA — crashed before the letter \u0026quot;g\u0026quot; was typed. A computer at Stanford 560 kilometres away was supposed to fill in the remaining characters \u0026quot;in,\u0026quot; as in \u0026quot;log in.\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe CBC Radio show, “The Current” has a half-hour interview with the man who sent that message, Leonard Kleinrock, distinguished professor of computer science at UCLA\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;The idea of the network was you could sit at one computer, log on through the network to a remote computer and use its services there,\u0026quot;\u003c/p\u003e\n\n\u003cp\u003e50 years later, the internet has become so ubiquitous that it has almost been rendered invisible. There\u0026#39;s hardly an aspect in our daily lives that hasn\u0026#39;t been touched and transformed by it.\u003c/p\u003e\n\n\u003cp\u003eQ: Take us back to that day 50 years ago. Did you have the sense that this was going to be something you\u0026#39;d be talking about a half a century later?\u003c/p\u003e\n\n\u003cp\u003eA: Well, yes and no. Four months before that message was sent, there was a press release that came out of UCLA in which it quotes me as describing what my vision for this network would become. Basically what it said is that this network would be always on, always available. Anybody with any device could get on at anytime from any location, and it would be invisible.\u003c/p\u003e\n\n\u003cp\u003eWell, what I missed ... was that this is going to become a social network. People talking to people. Not computers talking to computers, but [the] human element.\u003c/p\u003e\n\n\u003cp\u003eQ: Can you briefly explain what you were working on in that lab? Why were you trying to get computers to actually talk to one another?\u003c/p\u003e\n\n\u003cp\u003eA: As an MIT graduate student, years before, I recognized I was surrounded by computers and I realized there was no effective [or efficient] way for them to communicate. I did my dissertation, my research, on establishing a mathematical theory of how these networks would work. But there was no such network existing. AT\u0026amp;T said it won\u0026#39;t work and, even if it does, we want nothing to do with it.\u003c/p\u003e\n\n\u003cp\u003eSo I had to wait around for years until the Advanced Research Projects Agency within the Department of Defence decided they needed a network to connect together the computer scientists they were supervising and supporting.\u003c/p\u003e\n\n\u003cp\u003eQ: For all the promise of the internet, it has also developed some dark sides that I\u0026#39;m guessing pioneers like yourselves never anticipated.\u003c/p\u003e\n\n\u003cp\u003eA: We did not. I knew everybody on the internet at that time, and they were all well-behaved and they all believed in an open, shared free network. So we did not put in any security controls.\u003c/p\u003e\n\n\u003cp\u003eWhen the first spam email occurred, we began to see the dark side emerge as this network reached nefarious people sitting in basements with a high-speed connection, reaching out to millions of people instantaneously, at no cost in time or money, anonymously until all sorts of unpleasant events occurred, which we called the dark side.\u003c/p\u003e\n\n\u003cp\u003eBut in those early days, I considered the network to be going through its teenage years. Hacking to spam, annoying kinds of effects. I thought that one day this network would mature and grow up. Well, in fact, it took a turn for the worse when nation states, organized crime and extremists came in and began to abuse the network in severe ways.\u003c/p\u003e\n\n\u003cp\u003eQ: Is there any part of you that regrets giving birth to this?\u003c/p\u003e\n\n\u003cp\u003eA: Absolutely not. The greater good is much more important.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement\" rel=\"nofollow\"\u003eHow to use blacklistd(8) with NPF as a fail2ban replacement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eblacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.\u003c/p\u003e\n\n\u003cp\u003eThe interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf\u003c/p\u003e\n\n\u003cp\u003eNow, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.\u003c/p\u003e\n\n\u003cp\u003eUnfortunately (dont\u0026#39; ask me why ??) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-blacklistd.html\" rel=\"nofollow\"\u003eFreeBSD’s handbook chapter on blacklistd\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=157059352620659\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD crossed 400,000 commits\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSometime in the last week OpenBSD crossed 400,000 commits (*) upon all our repositories since starting at 1995/10/18 08:37:01 Canada/Mountain. That\u0026#39;s a lot of commits by a lot of amazing people.\u003c/p\u003e\n\n\u003cp\u003e(*) by one measure.  Since the repository is so large and old, there are a variety of quirks including ChangeLog missing entries and branches not convertible to other repo forms, so measuring is hard.  If you think you\u0026#39;ve got a great way of measuring, don\u0026#39;t be so sure of yourself -- you may have overcounted or undercounted.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubject to the notes Theo made about under and over counting, FreeBSD should hit 1 million commits (base + ports + docs) some time in 2020\u003c/li\u003e\n\u003cli\u003eNetBSD + pkgsrc are approaching 600,000, but of course pkgsrc covers other operating systems too\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.howtoforge.com/how-to-install-bolt-cms-nginx-ssl-on-freebsd-12/\" rel=\"nofollow\"\u003eHow to Install Bolt CMS with Nginx and Let\u0026#39;s Encrypt on FreeBSD 12\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBolt is a sophisticated, lightweight and simple CMS built with PHP. It is released under the open-source MIT-license and source code is hosted as a public repository on Github. A bolt is a tool for Content Management, which strives to be as simple and straightforward as possible. It is quick to set up, easy to configure, uses elegant templates. Bolt is created using modern open-source libraries and is best suited to build sites in HTML5 with modern markup. In this tutorial, we will go through the Bolt CMS installation on FreeBSD 12 system by using Nginx as a web server, MySQL as a database server, and optionally you can secure the transport layer by using acme.sh client and Let\u0026#39;s Encrypt certificate authority to add SSL support.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRequirements\u003c/li\u003e\n\u003cli\u003eThe system requirements for Bolt are modest, and it should run on any fairly modern web server:\n\n\u003cul\u003e\n\u003cli\u003ePHP version 5.5.9 or higher with the following common PHP extensions: pdo, mysqlnd, pgsql, openssl, curl, gd, intl, json, mbstring, opcache, posix, xml, fileinfo, exif, zip.\u003c/li\u003e\n\u003cli\u003eAccess to SQLite (which comes bundled with PHP), or MySQL or PostgreSQL.\u003c/li\u003e\n\u003cli\u003eApache with mod_rewrite enabled (.htaccess files) or Nginx (virtual host configuration covered below).\u003c/li\u003e\n\u003cli\u003eA minimum of 32MB of memory allocated to PHP.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-September/719632.html\" rel=\"nofollow\"\u003ehammer2 - Optimize hammer2 support threads and dispatch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRefactor the XOP groups in order to be able to queue strategy calls, whenever possible, to the same CPU as the issuer.  This optimizes several cases and reduces unnecessary IPI traffic between cores.  The next best thing to do would be to not queue certain XOPs to an H2 support thread at all, but I would like to keep the threads intact for later clustering work.\u003cbr\u003e\u003cbr\u003e\nThe best scaling case for this is when one has a large number of user threads doing I/O.  One instance of a single-threaded program on an otherwise idle machine might see a slightly reduction in performance but at the same time we completely avoid unnecessarily spamming all cores in the system on the behalf of a single program, so overhead is also significantly lower.\u003c/p\u003e\n\n\u003cp\u003eThis will tend to increase the number of H2 support threads since we need a certain degree of multiplication for domain separation.\u003c/p\u003e\n\n\u003cp\u003eThis should significantly increase I/O performance for multi-threaded workloads.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://boston.conman.org/2019/10/17.1\" rel=\"nofollow\"\u003eYou know, we might as well just run every network service over HTTPS/2 and build another six layers on top of that to appease the OSI 7-layer burrito guys\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve seen the writing on the wall, and while for now you can configure Firefox not to use DoH, I\u0026#39;m not confident enough to think it will remain that way. To that end, I\u0026#39;ve finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache to run over HTTP/2 (THANK YOU SO VERY XXXXX­XX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXX­XXX DOWN OUR THROATS!—no, I\u0026#39;m not bitter) and write a 150 line script that just queries my own local DNS, because, you know, it\u0026#39;s more XXXXX­XX secure or some XXXXX­XXX reason like that.\u003c/p\u003e\n\n\u003cp\u003eSigh.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.princeton.edu/%7Ehos/Mahoney/unixhistory\" rel=\"nofollow\"\u003eAn Oral History of Unix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://people.freebsd.org/%7Egallatin/talks/euro2019.pdf\" rel=\"nofollow\"\u003eNUMA Siloing in the FreeBSD Network Stack [pdf]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLskKNopggjc6NssLc8GEGSiFYJLYdlTQx\" rel=\"nofollow\"\u003eEuroBSDCon 2019 videos available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/eksffa/status/1188638425567682560\" rel=\"nofollow\"\u003eBarbie knows best\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/bob_beck/status/1188226661684301824\" rel=\"nofollow\"\u003eFor the #OpenBSD #e2k19 attendees.  I did a pre visit today.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/pasha_sh/status/1187877745499561985\" rel=\"nofollow\"\u003eDrawer Find\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf\" rel=\"nofollow\"\u003eSlides - Removing ROP Gadgets from OpenBSD - AsiaBSDCon 2019\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/1M5MVCX#wrap\" rel=\"nofollow\"\u003eOpen source doesn\u0026#39;t mean secure\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/2RFNR94\" rel=\"nofollow\"\u003eAllan is Correct.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMichael - \u003ca href=\"http://dpaste.com/28YW3BB#wrap\" rel=\"nofollow\"\u003eFreeNAS inside a Jail\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0323.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.","date_published":"2019-11-07T07:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cf54c1fe-70ba-49a3-9b13-1ceb64ab896a.mp3","mime_type":"audio/mp3","size_in_bytes":35547347,"duration_in_seconds":2962}]},{"id":"9f37f100-02f4-4b71-9eeb-3e9fa09f147c","title":"322: Happy Birthday, Unix","url":"https://www.bsdnow.tv/322","content_text":"Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle  - VPN over SSH, and more.\n\nHeadlines\n\nUnix is 50\n\n\nIn the summer of 1969 computer scientists Ken Thompson and Dennis Ritchie created the first implementation of Unix with the goal of designing an elegant and economical operating system for a little-used PDP-7 minicomputer at Bell Labs. That modest project, however, would have a far-reaching legacy. Unix made large-scale networking of diverse computing systems — and the Internet — practical. The Unix team went on to develop the C language, which brought an unprecedented combination of efficiency and expressiveness to programming. Both made computing more \"portable\". Today, Linux, the most popular descendent of Unix, powers the vast majority of servers, and elements of Unix and Linux are found in most mobile devices. Meanwhile C++ remains one of the most widely used programming languages today. Unix may be a half-century old but its influence is only growing.\n\n\n\n\nHunting down Ken's PDP-7: video footage found\n\n\nIn my prior blog post, I traced Ken's scrounged PDP-7 to SN 34. In this post I'll show that we have actual video footage of that PDP-7 due to an old film from Bell Labs. this gives us almost a minute of footage of the PDP-7 Ken later used to create Unix.\n\n\n\n\nNews Roundup\n\nOpenBSD 6.6 Released\n\n\nAnnounce: https://marc.info/?l=openbsd-tech\u0026amp;m=157132024225971\u0026amp;w=2\nUpgrade Guide: https://openbsd.org/faq/upgrade66.html\nChangelog: https://openbsd.org/plus66.html\n\n\n\n\nOPNsense 19.7.5 released\n\n\nHello friends and followers, Lots of plugin and ports updates this time with a few minor improvements in all core areas. Behind the scenes we are starting to migrate the base system to version\n\n\n12.1 which is supposed to hit the next 20.1 release.  Stay tuned for more infos in the next month or so.\n\nHere are the full patch notes:\n\n\nsystem: show all swap partitions in system information widget\nsystem: flatten services_get() in preparation for removal\nsystem: pin Syslog-ng version to specific package name\nsystem: fix LDAP/StartTLS with user import page\nsystem: fix a PHP warning on authentication server page\nsystem: replace most subprocess.call use\ninterfaces: fix devd handling of carp devices (contributed by stumbaumr)\nfirewall: improve firewall rules inline toggles\nfirewall: only allow TCP flags on TCP protocol\nfirewall: simplify help text for direction setting\nfirewall: make protocol log summary case insensitive\nreporting: ignore malformed flow records\ncaptive portal: fix type mismatch for timeout read\ndhcp: add note for static lease limitation with lease registration (contributed by Northguy)\nipsec: add margintime and rekeyfuzz options\nipsec: clear $dpdline correctly if not set\nui: fix tokenizer reorder on multiple saves\nplugins: os-acme-client 1.26[1]\nplugins: os-bind will reload bind on record change (contributed by blablup)\nplugins: os-etpro-telemetry minor subprocess.call replacement\nplugins: os-freeradius 1.9.4[2]\nplugins: os-frr 1.12[3]\nplugins: os-haproxy 2.19[4]\nplugins: os-mailtrail 1.2[5]\nplugins: os-postfix 1.11[6]\nplugins: os-rspamd 1.8[7]\nplugins: os-sunnyvalley LibreSSL support (contributed by Sunny Valley Networks)\nplugins: os-telegraf 1.7.6[8]\nplugins: os-theme-cicada 1.21 (contributed by Team Rebellion)\nplugins: os-theme-tukan 1.21 (contributed by Team Rebellion)\nplugins: os-tinc minor subprocess.call replacement\nplugins: os-tor 1.8 adds dormant mode disable option (contributed by Fabian Franz)\nplugins: os-virtualbox 1.0 (contributed by andrewhotlab)\n\n\n\n\nDealing with the misunderstandings of what is GhostBSD\n\n\nSince the release of 19.09, I have seen a lot of misunderstandings on what is GhostBSD and the future of GhostBSD. GhostBSD is based on TrueOS with FreeBSD 12 STABLE with our twist to it. We are still continuing to use TrueOS for OpenRC, and the new package's system for the base system that is built from ports. GhostBSD is becoming a slow-moving rolling release base on the latest TrueOS with FreeBSD 12 STABLE. When FreeBSD 13 STABLE gets released, GhostBSD will be upgraded to TrueOS with FreeBSD 13 STABLE.\n\nOur official desktop is MATE, which means that the leading developer of GhostBSD does not officially support XFCE. Community releases are maintained by the community and for the community. GhostBSD project will provide help to build and to host the community release. If anyone wants to have a particular desktop supported, it is up to the community. Sure I will help where I can, answer questions and guide new community members that contribute to community release.\n\nThere is some effort going on for Plasma5 desktop. If anyone is interested in helping with XFCE and Plasma5 or in creating another community release, you are well come to contribute. Also, Contribution to the GhostBSD base system, to ports and new ports, and in house software are welcome. We are mostly active on Telegram https://t.me/ghostbsd, but you can also reach us on the forum.\n\n\n\n\nSHUTTLE – VPN over SSH | VPN Alternative\n\n\nLooking for a lightweight VPN client, but are not ready to spend a monthly recurring amount on a VPN? VPNs can be expensive depending upon the quality of service and amount of privacy you want. A good VPN plan can easily set you back by 10$ a month and even that doesn’t guarantee your privacy. There is no way to be sure whether the VPN is storing your confidential information and traffic logs or not. sshuttle is the answer to your problem it provides VPN over ssh and in this article we’re going to explore this cheap yet powerful alternative to the expensive VPNs. By using open source tools you can control your own privacy.\n\n\n\nVPN over SSH – sshuttle\n\n\n\nsshuttle is an awesome program that allows you to create a VPN connection from your local machine to any remote server that you have ssh access on. The tunnel established over the ssh connection can then be used to route all your traffic from client machine through the remote machine including all the dns traffic. In the bare bones sshuttle is just a proxy server which runs on the client machine and forwards all the traffic to a ssh tunnel. Since its open source it holds quite a lot of major advantages over traditional VPN.\n\n\n\n\nOpenSSH 8.1 Released\n\n\nSecurity\n\n\nssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program.\nssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large \"prekey\" consisting of random data (currently 16KB).\n\nThis release includes a number of changes that may affect existing configurations:\n\n\nssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using \"ssh-keygen -t ssh-rsa -s ...\").\n\nNew Features\n\n\nssh(1): Allow %n to be expanded in ProxyCommand strings\nssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '' character, E.g. \"HostKeyAlgorithms ssh-ed25519\"\nssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).\nssh-keygen(1): print key comment when extracting public key from a private key.\nssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. \"ssh-keygen -vF host\") to print the matching host's random-art signature too.\nAll: support PKCS8 as an optional format for storage of private keys to disk.  The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's.\n\n\n\n\n\nBeastie Bits\n\n\nSay goodbye to the 32 CPU limit in NetBSD/aarch64\nvBSDcon 2019 videos\nBrowse the web in the terminal - W3M\nNetBSD 9 and GSoC\nBSDCan 2019 Videos\nNYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders\nFreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open\nFOSDEM 2020 - BSD Devroom Call for Participation\nUniversity of Cambridge looking for Research Assistants/Associates\n\n\n\n\nFeedback/Questions\n\n\nTrenton - Beeping Thinkpad\nAlex - Per user ZFS Datasets\n\n\nAllan’s old patch from 2015\n\nJavier - FBSD 12.0 + ZFS + encryption\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eUnix is 50, Hunting down Ken\u0026#39;s PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle  - VPN over SSH, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bell-labs.com/unix50/\" rel=\"nofollow\"\u003eUnix is 50\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the summer of 1969 computer scientists Ken Thompson and Dennis Ritchie created the first implementation of Unix with the goal of designing an elegant and economical operating system for a little-used PDP-7 minicomputer at Bell Labs. That modest project, however, would have a far-reaching legacy. Unix made large-scale networking of diverse computing systems — and the Internet — practical. The Unix team went on to develop the C language, which brought an unprecedented combination of efficiency and expressiveness to programming. Both made computing more \u0026quot;portable\u0026quot;. Today, Linux, the most popular descendent of Unix, powers the vast majority of servers, and elements of Unix and Linux are found in most mobile devices. Meanwhile C++ remains one of the most widely used programming languages today. Unix may be a half-century old but its influence is only growing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdimp.blogspot.com/2019/10/video-footage-of-first-pdp-7-to-run-unix.html\" rel=\"nofollow\"\u003eHunting down Ken\u0026#39;s PDP-7: video footage found\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my prior blog post, I traced Ken\u0026#39;s scrounged PDP-7 to SN 34. In this post I\u0026#39;ll show that we have actual video footage of that PDP-7 due to an old film from Bell Labs. this gives us almost a minute of footage of the PDP-7 Ken later used to create Unix.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://openbsd.org/66.html\" rel=\"nofollow\"\u003eOpenBSD 6.6 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnnounce: \u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=157132024225971\u0026w=2\" rel=\"nofollow\"\u003ehttps://marc.info/?l=openbsd-tech\u0026amp;m=157132024225971\u0026amp;w=2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Guide: \u003ca href=\"https://openbsd.org/faq/upgrade66.html\" rel=\"nofollow\"\u003ehttps://openbsd.org/faq/upgrade66.html\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChangelog: \u003ca href=\"https://openbsd.org/plus66.html\" rel=\"nofollow\"\u003ehttps://openbsd.org/plus66.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-19-7-5-released/\" rel=\"nofollow\"\u003eOPNsense 19.7.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHello friends and followers, Lots of plugin and ports updates this time with a few minor improvements in all core areas. Behind the scenes we are starting to migrate the base system to version\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e12.1 which is supposed to hit the next 20.1 release.  Stay tuned for more infos in the next month or so.\u003c/p\u003e\n\n\u003cp\u003eHere are the full patch notes:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003esystem: show all swap partitions in system information widget\u003c/li\u003e\n\u003cli\u003esystem: flatten services_get() in preparation for removal\u003c/li\u003e\n\u003cli\u003esystem: pin Syslog-ng version to specific package name\u003c/li\u003e\n\u003cli\u003esystem: fix LDAP/StartTLS with user import page\u003c/li\u003e\n\u003cli\u003esystem: fix a PHP warning on authentication server page\u003c/li\u003e\n\u003cli\u003esystem: replace most subprocess.call use\u003c/li\u003e\n\u003cli\u003einterfaces: fix devd handling of carp devices (contributed by stumbaumr)\u003c/li\u003e\n\u003cli\u003efirewall: improve firewall rules inline toggles\u003c/li\u003e\n\u003cli\u003efirewall: only allow TCP flags on TCP protocol\u003c/li\u003e\n\u003cli\u003efirewall: simplify help text for direction setting\u003c/li\u003e\n\u003cli\u003efirewall: make protocol log summary case insensitive\u003c/li\u003e\n\u003cli\u003ereporting: ignore malformed flow records\u003c/li\u003e\n\u003cli\u003ecaptive portal: fix type mismatch for timeout read\u003c/li\u003e\n\u003cli\u003edhcp: add note for static lease limitation with lease registration (contributed by Northguy)\u003c/li\u003e\n\u003cli\u003eipsec: add margintime and rekeyfuzz options\u003c/li\u003e\n\u003cli\u003eipsec: clear $dpdline correctly if not set\u003c/li\u003e\n\u003cli\u003eui: fix tokenizer reorder on multiple saves\u003c/li\u003e\n\u003cli\u003eplugins: os-acme-client 1.26[1]\u003c/li\u003e\n\u003cli\u003eplugins: os-bind will reload bind on record change (contributed by blablup)\u003c/li\u003e\n\u003cli\u003eplugins: os-etpro-telemetry minor subprocess.call replacement\u003c/li\u003e\n\u003cli\u003eplugins: os-freeradius 1.9.4[2]\u003c/li\u003e\n\u003cli\u003eplugins: os-frr 1.12[3]\u003c/li\u003e\n\u003cli\u003eplugins: os-haproxy 2.19[4]\u003c/li\u003e\n\u003cli\u003eplugins: os-mailtrail 1.2[5]\u003c/li\u003e\n\u003cli\u003eplugins: os-postfix 1.11[6]\u003c/li\u003e\n\u003cli\u003eplugins: os-rspamd 1.8[7]\u003c/li\u003e\n\u003cli\u003eplugins: os-sunnyvalley LibreSSL support (contributed by Sunny Valley Networks)\u003c/li\u003e\n\u003cli\u003eplugins: os-telegraf 1.7.6[8]\u003c/li\u003e\n\u003cli\u003eplugins: os-theme-cicada 1.21 (contributed by Team Rebellion)\u003c/li\u003e\n\u003cli\u003eplugins: os-theme-tukan 1.21 (contributed by Team Rebellion)\u003c/li\u003e\n\u003cli\u003eplugins: os-tinc minor subprocess.call replacement\u003c/li\u003e\n\u003cli\u003eplugins: os-tor 1.8 adds dormant mode disable option (contributed by Fabian Franz)\u003c/li\u003e\n\u003cli\u003eplugins: os-virtualbox 1.0 (contributed by andrewhotlab)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ghostbsd.org/node/194\" rel=\"nofollow\"\u003eDealing with the misunderstandings of what is GhostBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince the release of 19.09, I have seen a lot of misunderstandings on what is GhostBSD and the future of GhostBSD. GhostBSD is based on TrueOS with FreeBSD 12 STABLE with our twist to it. We are still continuing to use TrueOS for OpenRC, and the new package\u0026#39;s system for the base system that is built from ports. GhostBSD is becoming a slow-moving rolling release base on the latest TrueOS with FreeBSD 12 STABLE. When FreeBSD 13 STABLE gets released, GhostBSD will be upgraded to TrueOS with FreeBSD 13 STABLE.\u003c/p\u003e\n\n\u003cp\u003eOur official desktop is MATE, which means that the leading developer of GhostBSD does not officially support XFCE. Community releases are maintained by the community and for the community. GhostBSD project will provide help to build and to host the community release. If anyone wants to have a particular desktop supported, it is up to the community. Sure I will help where I can, answer questions and guide new community members that contribute to community release.\u003c/p\u003e\n\n\u003cp\u003eThere is some effort going on for Plasma5 desktop. If anyone is interested in helping with XFCE and Plasma5 or in creating another community release, you are well come to contribute. Also, Contribution to the GhostBSD base system, to ports and new ports, and in house software are welcome. We are mostly active on Telegram \u003ca href=\"https://t.me/ghostbsd\" rel=\"nofollow\"\u003ehttps://t.me/ghostbsd\u003c/a\u003e, but you can also reach us on the forum.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.terminalbytes.com/sshuttle-vpn-over-ssh-vpn-alternative/\" rel=\"nofollow\"\u003eSHUTTLE – VPN over SSH | VPN Alternative\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLooking for a lightweight VPN client, but are not ready to spend a monthly recurring amount on a VPN? VPNs can be expensive depending upon the quality of service and amount of privacy you want. A good VPN plan can easily set you back by 10$ a month and even that doesn’t guarantee your privacy. There is no way to be sure whether the VPN is storing your confidential information and traffic logs or not. sshuttle is the answer to your problem it provides VPN over ssh and in this article we’re going to explore this cheap yet powerful alternative to the expensive VPNs. By using open source tools you can control your own privacy.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eVPN over SSH – sshuttle\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003esshuttle is an awesome program that allows you to create a VPN connection from your local machine to any remote server that you have ssh access on. The tunnel established over the ssh connection can then be used to route all your traffic from client machine through the remote machine including all the dns traffic. In the bare bones sshuttle is just a proxy server which runs on the client machine and forwards all the traffic to a ssh tunnel. Since its open source it holds quite a lot of major advantages over traditional VPN.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openssh.com/txt/release-8.1\" rel=\"nofollow\"\u003eOpenSSH 8.1 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSecurity\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003essh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam\u0026#39;s SSD program.\u003c/li\u003e\n\u003cli\u003essh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large \u0026quot;prekey\u0026quot; consisting of random data (currently 16KB).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThis release includes a number of changes that may affect existing configurations:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003essh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using \u0026quot;ssh-keygen -t ssh-rsa -s ...\u0026quot;).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNew Features\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003essh(1): Allow %n to be expanded in ProxyCommand strings\u003c/li\u003e\n\u003cli\u003essh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the \u0026#39;\u003csup\u003e\u0026#39;\u003c/sup\u003e character, E.g. \u0026quot;HostKeyAlgorithms \u003csup\u003essh-ed25519\u0026quot;\u003c/sup\u003e\u003c/li\u003e\n\u003cli\u003essh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).\u003c/li\u003e\n\u003cli\u003essh-keygen(1): print key comment when extracting public key from a private key.\u003c/li\u003e\n\u003cli\u003essh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. \u0026quot;ssh-keygen -vF host\u0026quot;) to print the matching host\u0026#39;s random-art signature too.\u003c/li\u003e\n\u003cli\u003eAll: support PKCS8 as an optional format for storage of private keys to disk.  The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM\u0026#39;s.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/jmcwhatever/status/1185584719183962112\" rel=\"nofollow\"\u003eSay goodbye to the 32 CPU limit in NetBSD/aarch64\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/channel/UCvcdrOSlYOSzOzLjv_n1_GQ/videos\" rel=\"nofollow\"\u003evBSDcon 2019 videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=3Hfda0Tjqsg\u0026feature=youtu.be\" rel=\"nofollow\"\u003eBrowse the web in the terminal - W3M\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://netbsd.org/%7Ekamil/GSoC2019.html#slide1\" rel=\"nofollow\"\u003eNetBSD 9 and GSoC\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLeF8ZihVdpFegPoAKppaDSoYmsBvpnSZv\" rel=\"nofollow\"\u003eBSDCan 2019 Videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.nycbug.org/index?action=view\u0026id=10673\" rel=\"nofollow\"\u003eNYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/\" rel=\"nofollow\"\u003eFreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://people.freebsd.org/%7Erodrigo/fosdem20/\" rel=\"nofollow\"\u003eFOSDEM 2020 - BSD Devroom Call for Participation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/ed_maste/status/1184865668317007874\" rel=\"nofollow\"\u003eUniversity of Cambridge looking for Research Assistants/Associates\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTrenton - \u003ca href=\"http://dpaste.com/0ZEXNM6#wrap\" rel=\"nofollow\"\u003eBeeping Thinkpad\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlex - \u003ca href=\"http://dpaste.com/1K31A65#wrap\" rel=\"nofollow\"\u003ePer user ZFS Datasets\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D2272\" rel=\"nofollow\"\u003eAllan’s old patch from 2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eJavier - \u003ca href=\"http://dpaste.com/1XX4NNA#wrap\" rel=\"nofollow\"\u003eFBSD 12.0 + ZFS + encryption\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0322.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle  - VPN over SSH, and more.","date_published":"2019-10-31T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9f37f100-02f4-4b71-9eeb-3e9fa09f147c.mp3","mime_type":"audio/mp3","size_in_bytes":49383869,"duration_in_seconds":4050}]},{"id":"fca983bf-93c9-460f-8c32-3b32663d463d","title":"321: The Robot OS","url":"https://www.bsdnow.tv/321","content_text":"An interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.\n\nInterview - Trenton Schulz - freenas@norwegianrockcat.com\n\nRobot OS on FreeBSD\n\n\nBR: Welcome to the show. Can you tell us a little bit about yourself and how you got started with BSD?\nAJ: You were working for Trolltech (creators of Qt). Was FreeBSD used there and how?\nBR: Can you tell us more about the work you are doing with Robot OS on FreeBSD?\nAJ: Was EuroBSDcon your first BSD conference? How did you like it?\nBR: Do you have some tips or advice on how to get started with the BSDs?\nAJ: Is there anything else you’d like to tell us before we let you go?\n\n\n\n\nBeastie Bits\n\n\nFreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open\nPortland BSD Pizza Night: Oct 24th, 19:00 @ Rudy’s Gourmet Pizza\nNYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders \nFOSDEM 2020 - BSD Devroom Call for Participation\nUniversity of Cambridge looking for Research Assistants/Associates\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\nSpecial Guest: Trenton Shulz.","content_html":"\u003cp\u003eAn interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.\u003c/p\u003e\n\n\u003ch2\u003eInterview - Trenton Schulz - \u003ca href=\"mailto:freenas@norwegianrockcat.com\" rel=\"nofollow\"\u003efreenas@norwegianrockcat.com\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eRobot OS on FreeBSD\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBR:\u003c/strong\u003e Welcome to the show. Can you tell us a little bit about yourself and how you got started with BSD?\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAJ:\u003c/strong\u003e You were working for Trolltech (creators of Qt). Was FreeBSD used there and how?\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBR:\u003c/strong\u003e Can you tell us more about the work you are doing with Robot OS on FreeBSD?\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAJ:\u003c/strong\u003e Was EuroBSDcon your first BSD conference? How did you like it?\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBR:\u003c/strong\u003e Do you have some tips or advice on how to get started with the BSDs?\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAJ:\u003c/strong\u003e Is there anything else you’d like to tell us before we let you go?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/freebsd-miniconf-at-linux-conf-au-2020-call-for-sessions-now-open/\" rel=\"nofollow\"\u003eFreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://calagator.org/events/1250476319\" rel=\"nofollow\"\u003ePortland BSD Pizza Night: Oct 24th, 19:00 @ Rudy’s Gourmet Pizza\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.nycbug.org/index?action=view\u0026id=10673\" rel=\"nofollow\"\u003eNYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://people.freebsd.org/%7Erodrigo/fosdem20/\" rel=\"nofollow\"\u003eFOSDEM 2020 - BSD Devroom Call for Participation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/ed_maste/status/1184865668317007874\" rel=\"nofollow\"\u003eUniversity of Cambridge looking for Research Assistants/Associates\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0321.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e\u003cp\u003eSpecial Guest: Trenton Shulz.\u003c/p\u003e","summary":"An interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.","date_published":"2019-10-23T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fca983bf-93c9-460f-8c32-3b32663d463d.mp3","mime_type":"audio/mp3","size_in_bytes":39796738,"duration_in_seconds":3316}]},{"id":"11b9f24e-1789-4328-8396-4b9654aa2dfc","title":"320: Codebase: Neck Deep","url":"https://www.bsdnow.tv/320","content_text":"Headlines\n\nFreeBSD and custom firmware on the Google Pixelbook\n\n\nFreeBSD and custom firmware on the Google Pixelbook\n\n\n\nBack in 2015, I jumped on the ThinkPad bandwagon by getting an X240 to run FreeBSD on. Unlike most people in the ThinkPad crowd, I actually liked the clickpad and didn\\u2019t use the trackpoint much. But this summer I\\u2019ve decided that it was time for something newer. I wanted something..\n\n\n\nlighter and thinner (ha, turns out this is actually important, I got tired of carrying a T H I C C laptop - Apple was right all along);\nwith a 3:2 display (why is Lenovo making these Serious Work\\u2122 laptops 16:9 in the first place?? 16:9 is awful in below-13-inch sizes especially);\nwith a HiDPI display (and ideally with a good size for exact 2x scaling instead of fractional);\nwith USB-C ports;\nwithout a dGPU, especially without an NVIDIA GPU;\nassembled with screws and not glue (I don\\u2019t necessarily need expansion and stuff in a laptop all that much, but being able to replace the battery without dealing with a glued chassis is good);\nsupported by FreeBSD of course (\\u201csome development required\\u201d is okay but I\\u2019m not going to write big drivers);\nhow about something with open source firmware, that would be fun.\n\n\n\nI was considering a ThinkPad X1 Carbon from an old generation - the one from the same year as the X230 is corebootable, so that\\u2019s fun. But going back in processor generations just doesn\\u2019t feel great. I want something more efficient, not less!\n\nAnd then I discovered the Pixelbook. Other than the big huge large bezels around the screen, I liked everything about it. Thin aluminum design, a 3:2 HiDPI screen, rubber palm rests (why isn\\u2019t every laptop ever doing that?!), the \\u201cconvertibleness\\u201d (flip the screen around to turn it into.. something rather big for a tablet, but it is useful actually), a Wacom touchscreen that supports a pen, mostly reasonable hardware (Intel Wi-Fi), and that famous coreboot support (Chromebooks\\u2019 stock firmware is coreboot + depthcharge).\n\nSo here it is, my new laptop, a Google Pixelbook.\n\n\n\nConclusion\n\n\n\nPixelbook, FreeBSD, coreboot, EDK2 good.\n\nSeriously, I have no big words to say, other than just recommending this laptop to FOSS enthusiasts :)\n\n\n\n\nPorting NetBSD to the AMD x86-64: a case study in OS portability\n\n\nAbstract\n\n\n\nNetBSD is known as a very portable operating system, currently running on 44 different architectures (12 different types of CPU). This paper takes a look at what has been done to make it portable, and how this has decreased the amount of effort needed to port NetBSD to a new architecture. The new AMD x86-64 architecture, of which the specifications were published at the end of 2000, with hardware to follow in 2002, is used as an example.\n\n\n\nPortability\n\n\n\nSupporting multiple platforms was a primary goal of the NetBSD project from the start. As NetBSD was ported to more and more platforms, the NetBSD kernel code was adapted to become more portable along the way.\n\n\n\nGeneral\n\n\n\nGenerally, code is shared between ports as much as possible. In NetBSD, it should always be considered if the code can be assumed to be useful on other architectures, present or future. If so, it is machine-independent and put it in an appropriate place in the source tree. When writing code that is intended to be machine-independent, and it contains conditional preprocessor statements depending on the architecture, then the code is likely wrong, or an extra abstraction layer is needed to get rid of these statements.\n\n\n\nTypes\n\n\n\nAssumptions about the size of any type are not made. Assumptions made about type sizes on 32-bit platforms were a large problem when 64-bit platforms came around. Most of the problems of this kind had to be dealt with when NetBSD was ported to the DEC Alpha in 1994. A variation on this problem had to be dealt with with the UltraSPARC (sparc64) port in 1998, which is 64-bit, but big endian (vs. the little-endianness of the Alpha). When interacting with datastructures of a fixed size, such as on-disk metadata for filesystems, or datastructures directly interpreted by device hardware, explicitly sized types are used, such as uint32_t, int8_t, etc.\n\n\n\nConclusions and future work\n\n\n\nThe port of NetBSD to AMD's x86-64 architecture was done in six weeks, which confirms NetBSD's reputation as being a very portable operating system. One week was spent setting up the cross-toolchain and reading the x86-64 specifications, three weeks were spent writing the kernel code, one week was spent writing the userspace code, and one week testing and debugging it all. No problems were observed in any of the machine-independent parts of the kernel during test runs; all (simulated) device drivers, file systems, etc, worked without modification.\n\n\n\n\nNews Roundup\n\nZFS performance really does degrade as you approach quota limits\n\n\nEvery so often (currently monthly), there is an \"OpenZFS leadership meeting\". What this really means is 'lead developers from the various ZFS implementations get together to talk about things'. Announcements and meeting notes from these meetings get sent out to various mailing lists, including the ZFS on Linux ones. \n\n\n\nIn the September meeting notes, I read a very interesting (to me) agenda item: \n\n\nRelax quota semantics for improved performance (Allan Jude)\nProblem: As you approach quotas, ZFS performance degrades.\nProposal: Can we have a property like quota-policy=strict or loose, where we can optionally allow ZFS to run over the quota as long as performance is not decreased.\n\n\n\n\nThis is very interesting to me because of two reasons. First, in the past we have definitely seen significant problems on our OmniOS machines, both when an entire pool hits a quota limit and when a single filesystem hits a refquota limit. It's nice to know that this wasn't just our imagination and that there is a real issue here. Even better, it might someday be improved (and perhaps in a way that we can use at least some of the time).\n\nSecond, any number of people here run very close to and sometimes at the quota limits of both filesystems and pools, fundamentally because people aren't willing to buy more space. We have in the past assumed that this was relatively harmless and would only make people run out of space. If this is a known issue that causes serious performance degradation, well, I don't know if there's anything we can do, but at least we're going to have to think about it and maybe push harder at people. The first step will have to be learning the details of what's going on at the ZFS level to cause the slowdown. (It's apparently similar to what happens when the pool is almost full, but I don't know the specifics of that either.)\n\nWith that said, we don't seem to have seen clear adverse effects on our Linux fileservers, and they've definitely run into quota limits (repeatedly). One possible reason for this is that having lots of RAM and SSDs makes the effects mostly go away. Another possible reason is that we haven't been looking closely enough to see that we're experiencing global slowdowns that correlate to filesystems hitting quota limits. We've had issues before with somewhat subtle slowdowns that we didn't understand (cf), so I can't discount that we're having it happen again.\n\n\n\n\nFixing up KA9Q-unix, or \"neck deep in 30 year old codebases..\"\n\n\nI'll preface this by saying - yes, I'm still neck deep in FreeBSD's wifi stack and 802.11ac support, but it turns out it's slow work to fix 15 year old locking related issues that worked fine on 11abg cards, kinda worked ok on 11n cards, and are terrible for these 11ac cards. I'll .. get there.\n\nAnyhoo, I've finally been mucking around with AX.25 packet radio. I've been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn't have my amateur radio licence. But, now I do, and I've done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.\n\nSo yes, I was avoiding hacking on AX.25 stuff because there wasn't a BSD compatible AX.25 stack. I'm 40 now, leave me be.\n\nBut! A few weeks ago I found that someone was still running a packet BBS out of San Francisco. And amazingly, his local node ran on FreeBSD! It turns out Jeremy (KK6JJJ) ported both an old copy of KA9Q and N0ARY-BBS to run on FreeBSD! Cool!\n\nI grabbed my 2m radio (which is already cabled up for digital modes), compiled up his KA9Q port, figured out how to get it to speak to Direwolf, and .. ok. Well, it worked. Kinda.\n\n\n\n\nHAMMER2 and fsck for review\n\n\nHAMMER2 is Copy on Write, meaning changes are made to copies of existing data.  This means operations are generally atomic and can survive a power outage, etc.  (You should read up on it!)  However, there\\u2019s now a fsck command, useful if you want a report of data validity rather than any manual repair process.\n\n\n\n\n[The return of startx(1) for non-root users with some caveats\n\nMark Kettenis (kettenis@) has recently committed changes which restore a certain amount of startx(1)/xinit(1) functionality for non-root users. The commit messages explain the situation:\n\nCVSROOT:    /cvs\nModule name:    src\nChanges by:    kettenis@cvs.openbsd.org    2019/09/15 06:25:41\n\nModified files:\n    etc/etc.amd64  : fbtab \n    etc/etc.arm64  : fbtab \n    etc/etc.hppa   : fbtab \n    etc/etc.i386   : fbtab \n    etc/etc.loongson: fbtab \n    etc/etc.luna88k: fbtab \n    etc/etc.macppc : fbtab \n    etc/etc.octeon : fbtab \n    etc/etc.sgi    : fbtab \n    etc/etc.sparc64: fbtab \n\nLog message:\nAdd ttyC4 to lost of devices to change when logging in on ttyC0 (and in some cases also the serial console) such that X can use it as its VT when running without root privileges.\n\nok jsg@, matthieu@\nCVSROOT:    /cvs\nModule name:    xenocara\nChanges by:    kettenis@cvs.openbsd.org    2019/09/15 06:31:08\n\nModified files:\n    xserver/hw/xfree86/common: xf86AutoConfig.c \n\nLog message:\nAdd modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.\n\nThis makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4).  In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).\n\nok jsg@, matthieu@\n\n\n\n\nBeastie Bits\n\n\nASCII table and history.  Or, why does Ctrl+i insert a Tab in my terminal?\nSourcehut makes BSD software better\nChaosnet for Unx\nThe Vim-Inspired Editor with a Linguistic Twist\nbhyvearm64: CPU and Memory Virtualization on Armv8.0-A\nDefCon25 - Are all BSD created Equally - A Survey of BSD Kernel vulnerabilities\n\n\n\n\nFeedback/Questions\n\n\nTim - GSoC project ideas for pf rule syntax translation\nBrad - Steam on FreeBSD\nRuslan - FreeBSD Quarterly Status Report - Q2 2019\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://unrelenting.technology/articles/FreeBSD-and-custom-firmware-on-the-Google-Pixelbook\" rel=\"nofollow\"\u003eFreeBSD and custom firmware on the Google Pixelbook\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD and custom firmware on the Google Pixelbook\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBack in 2015, I jumped on the ThinkPad bandwagon by getting an X240 to run FreeBSD on. Unlike most people in the ThinkPad crowd, I actually liked the clickpad and didn\\u2019t use the trackpoint much. But this summer I\\u2019ve decided that it was time for something newer. I wanted something..\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003elighter and thinner (ha, turns out this is actually important, I got tired of carrying a T H I C C laptop - Apple was right all along);\u003c/li\u003e\n\u003cli\u003ewith a 3:2 display (why is Lenovo making these Serious Work\\u2122 laptops 16:9 in the first place?? 16:9 is awful in below-13-inch sizes especially);\u003c/li\u003e\n\u003cli\u003ewith a HiDPI display (and ideally with a good size for exact 2x scaling instead of fractional);\u003c/li\u003e\n\u003cli\u003ewith USB-C ports;\u003c/li\u003e\n\u003cli\u003ewithout a dGPU, especially without an NVIDIA GPU;\u003c/li\u003e\n\u003cli\u003eassembled with screws and not glue (I don\\u2019t necessarily need expansion and stuff in a laptop all that much, but being able to replace the battery without dealing with a glued chassis is good);\u003c/li\u003e\n\u003cli\u003esupported by FreeBSD of course (\\u201csome development required\\u201d is okay but I\\u2019m not going to write big drivers);\u003c/li\u003e\n\u003cli\u003ehow about something with open source firmware, that would be fun.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was considering a ThinkPad X1 Carbon from an old generation - the one from the same year as the X230 is corebootable, so that\\u2019s fun. But going back in processor generations just doesn\\u2019t feel great. I want something more efficient, not less!\u003c/p\u003e\n\n\u003cp\u003eAnd then I discovered the Pixelbook. Other than the big huge large bezels around the screen, I liked everything about it. Thin aluminum design, a 3:2 HiDPI screen, rubber palm rests (why isn\\u2019t every laptop ever doing that?!), the \\u201cconvertibleness\\u201d (flip the screen around to turn it into.. something rather big for a tablet, but it is useful actually), a Wacom touchscreen that supports a pen, mostly reasonable hardware (Intel Wi-Fi), and that famous coreboot support (Chromebooks\\u2019 stock firmware is coreboot + depthcharge).\u003c/p\u003e\n\n\u003cp\u003eSo here it is, my new laptop, a Google Pixelbook.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePixelbook, FreeBSD, coreboot, EDK2 good.\u003c/p\u003e\n\n\u003cp\u003eSeriously, I have no big words to say, other than just recommending this laptop to FOSS enthusiasts :)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.usenix.org/legacy/publications/library/proceedings/bsdcon02/full_papers/linden/linden_html/index.html\" rel=\"nofollow\"\u003ePorting NetBSD to the AMD x86-64: a case study in OS portability\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAbstract\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD is known as a very portable operating system, currently running on 44 different architectures (12 different types of CPU). This paper takes a look at what has been done to make it portable, and how this has decreased the amount of effort needed to port NetBSD to a new architecture. The new AMD x86-64 architecture, of which the specifications were published at the end of 2000, with hardware to follow in 2002, is used as an example.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePortability\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSupporting multiple platforms was a primary goal of the NetBSD project from the start. As NetBSD was ported to more and more platforms, the NetBSD kernel code was adapted to become more portable along the way.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGeneral\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGenerally, code is shared between ports as much as possible. In NetBSD, it should always be considered if the code can be assumed to be useful on other architectures, present or future. If so, it is machine-independent and put it in an appropriate place in the source tree. When writing code that is intended to be machine-independent, and it contains conditional preprocessor statements depending on the architecture, then the code is likely wrong, or an extra abstraction layer is needed to get rid of these statements.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTypes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAssumptions about the size of any type are not made. Assumptions made about type sizes on 32-bit platforms were a large problem when 64-bit platforms came around. Most of the problems of this kind had to be dealt with when NetBSD was ported to the DEC Alpha in 1994. A variation on this problem had to be dealt with with the UltraSPARC (sparc64) port in 1998, which is 64-bit, but big endian (vs. the little-endianness of the Alpha). When interacting with datastructures of a fixed size, such as on-disk metadata for filesystems, or datastructures directly interpreted by device hardware, explicitly sized types are used, such as uint32_t, int8_t, etc.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusions and future work\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe port of NetBSD to AMD\u0026#39;s x86-64 architecture was done in six weeks, which confirms NetBSD\u0026#39;s reputation as being a very portable operating system. One week was spent setting up the cross-toolchain and reading the x86-64 specifications, three weeks were spent writing the kernel code, one week was spent writing the userspace code, and one week testing and debugging it all. No problems were observed in any of the machine-independent parts of the kernel during test runs; all (simulated) device drivers, file systems, etc, worked without modification.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/solaris/ZFSFullQuotaPerformanceIssue\" rel=\"nofollow\"\u003eZFS performance really does degrade as you approach quota limits\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEvery so often (currently monthly), there is an \u0026quot;OpenZFS leadership meeting\u0026quot;. What this really means is \u0026#39;lead developers from the various ZFS implementations get together to talk about things\u0026#39;. Announcements and meeting notes from these meetings get sent out to various mailing lists, including the ZFS on Linux ones. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the September meeting notes, I read a very interesting (to me) agenda item: \n\n\u003cul\u003e\n\u003cli\u003eRelax quota semantics for improved performance (Allan Jude)\u003c/li\u003e\n\u003cli\u003eProblem: As you approach quotas, ZFS performance degrades.\u003c/li\u003e\n\u003cli\u003eProposal: Can we have a property like quota-policy=strict or loose, where we can optionally allow ZFS to run over the quota as long as performance is not decreased.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is very interesting to me because of two reasons. First, in the past we have definitely seen significant problems on our OmniOS machines, both when an entire pool hits a quota limit and when a single filesystem hits a refquota limit. It\u0026#39;s nice to know that this wasn\u0026#39;t just our imagination and that there is a real issue here. Even better, it might someday be improved (and perhaps in a way that we can use at least some of the time).\u003c/p\u003e\n\n\u003cp\u003eSecond, any number of people here run very close to and sometimes at the quota limits of both filesystems and pools, fundamentally because people aren\u0026#39;t willing to buy more space. We have in the past assumed that this was relatively harmless and would only make people run out of space. If this is a known issue that causes serious performance degradation, well, I don\u0026#39;t know if there\u0026#39;s anything we can do, but at least we\u0026#39;re going to have to think about it and maybe push harder at people. The first step will have to be learning the details of what\u0026#39;s going on at the ZFS level to cause the slowdown. (It\u0026#39;s apparently similar to what happens when the pool is almost full, but I don\u0026#39;t know the specifics of that either.)\u003c/p\u003e\n\n\u003cp\u003eWith that said, we don\u0026#39;t seem to have seen clear adverse effects on our Linux fileservers, and they\u0026#39;ve definitely run into quota limits (repeatedly). One possible reason for this is that having lots of RAM and SSDs makes the effects mostly go away. Another possible reason is that we haven\u0026#39;t been looking closely enough to see that we\u0026#39;re experiencing global slowdowns that correlate to filesystems hitting quota limits. We\u0026#39;ve had issues before with somewhat subtle slowdowns that we didn\u0026#39;t understand (cf), so I can\u0026#39;t discount that we\u0026#39;re having it happen again.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2019/09/fixing-up-ka9q-unix-or-neck-deep-in-30.html\" rel=\"nofollow\"\u003eFixing up KA9Q-unix, or \u0026quot;neck deep in 30 year old codebases..\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ll preface this by saying - yes, I\u0026#39;m still neck deep in FreeBSD\u0026#39;s wifi stack and 802.11ac support, but it turns out it\u0026#39;s slow work to fix 15 year old locking related issues that worked fine on 11abg cards, kinda worked ok on 11n cards, and are terrible for these 11ac cards. I\u0026#39;ll .. get there.\u003c/p\u003e\n\n\u003cp\u003eAnyhoo, I\u0026#39;ve finally been mucking around with AX.25 packet radio. I\u0026#39;ve been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn\u0026#39;t have my amateur radio licence. But, now I do, and I\u0026#39;ve done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.\u003c/p\u003e\n\n\u003cp\u003eSo yes, I was avoiding hacking on AX.25 stuff because there wasn\u0026#39;t a BSD compatible AX.25 stack. I\u0026#39;m 40 now, leave me be.\u003c/p\u003e\n\n\u003cp\u003eBut! A few weeks ago I found that someone was still running a packet BBS out of San Francisco. And amazingly, his local node ran on FreeBSD! It turns out Jeremy (KK6JJJ) ported both an old copy of KA9Q and N0ARY-BBS to run on FreeBSD! Cool!\u003c/p\u003e\n\n\u003cp\u003eI grabbed my 2m radio (which is already cabled up for digital modes), compiled up his KA9Q port, figured out how to get it to speak to Direwolf, and .. ok. Well, it worked. Kinda.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/09/24/23540.html\" rel=\"nofollow\"\u003eHAMMER2 and fsck for review\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHAMMER2 is Copy on Write, meaning changes are made to copies of existing data.  This means operations are generally atomic and can survive a power outage, etc.  (You should read up on it!)  However, there\\u2019s now a fsck command, useful if you want a report of data validity rather than any manual repair process.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e[The return of startx(1) for non-root users \u003ca href=\"https://undeadly.org/cgi?action=article;sid=20190917091236\" rel=\"nofollow\"\u003ewith some caveats\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eMark Kettenis (kettenis@) has recently committed changes which restore a certain amount of startx(1)/xinit(1) functionality for non-root users. The commit messages explain the situation:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eCVSROOT:    /cvs\nModule name:    src\nChanges by:    kettenis@cvs.openbsd.org    2019/09/15 06:25:41\n\nModified files:\n    etc/etc.amd64  : fbtab \n    etc/etc.arm64  : fbtab \n    etc/etc.hppa   : fbtab \n    etc/etc.i386   : fbtab \n    etc/etc.loongson: fbtab \n    etc/etc.luna88k: fbtab \n    etc/etc.macppc : fbtab \n    etc/etc.octeon : fbtab \n    etc/etc.sgi    : fbtab \n    etc/etc.sparc64: fbtab \n\nLog message:\nAdd ttyC4 to lost of devices to change when logging in on ttyC0 (and in some cases also the serial console) such that X can use it as its VT when running without root privileges.\n\nok jsg@, matthieu@\nCVSROOT:    /cvs\nModule name:    xenocara\nChanges by:    kettenis@cvs.openbsd.org    2019/09/15 06:31:08\n\nModified files:\n    xserver/hw/xfree86/common: xf86AutoConfig.c \n\nLog message:\nAdd modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.\n\nThis makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4).  In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).\n\nok jsg@, matthieu@\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bestasciitable.com/\" rel=\"nofollow\"\u003eASCII table and history.  Or, why does Ctrl+i insert a Tab in my terminal?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://sourcehut.org/blog/2019-09-12-sourcehut-makes-bsd-software-better/\" rel=\"nofollow\"\u003eSourcehut makes BSD software better\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LM-3/chaos\" rel=\"nofollow\"\u003eChaosnet for Unx\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cosine.blue/2019-09-06-kakoune.html\" rel=\"nofollow\"\u003eThe Vim-Inspired Editor with a Linguistic Twist\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://papers.freebsd.org/2019/bsdcan/elisei-bhyvearm64_cpu_and_memory_virtualization_on_armv8.0_a/\" rel=\"nofollow\"\u003ebhyvearm64: CPU and Memory Virtualization on Armv8.0-A\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=a2m56Yq-EIs\" rel=\"nofollow\"\u003eDefCon25 - Are all BSD created Equally - A Survey of BSD Kernel vulnerabilities\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTim - \u003ca href=\"http://dpaste.com/1RCSFK7#wrap\" rel=\"nofollow\"\u003eGSoC project ideas for pf rule syntax translation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/2SKA9YB#wrap\" rel=\"nofollow\"\u003eSteam on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRuslan - \u003ca href=\"http://dpaste.com/0DQM3Q1\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report - Q2 2019\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0320.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD on the Google Pixelbook, Porting NetBSD to the AMD x86-64, ZFS performance really does degrade as you approach quota limits, Fixing up KA9Q-unix, HAMMER2 and fsck for review, the return of startx(1) for non-root users, and more.","date_published":"2019-10-16T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/11b9f24e-1789-4328-8396-4b9654aa2dfc.mp3","mime_type":"audio/mp3","size_in_bytes":40815513,"duration_in_seconds":3401}]},{"id":"19c9942c-0790-4157-af73-31faf1e2b8e4","title":"319: Lack Rack, Jack","url":"https://www.bsdnow.tv/319","content_text":"Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.\n\nHeadlines\n\nCausing ZFS corruption for fun and profit\n\n\nDatto backs up data, a lot of it. At the time of writing Datto has over 500 PB of data stored on ZFS. This count includes both backup appliances that are sent to customer sites, as well as cloud storage servers that are used for secondary and tertiary backup of those appliances. At this scale drive swaps are a daily occurrence, and data corruption is inevitable. How we handle this corruption when it happens determines whether we truly lose data, or successfully restore from secondary backup. In this post we'll be showing you how at Datto we intentionally cause corruption in our testing environments, to ensure we're building software that can properly handle these scenarios.\n\n\n\nCausing Corruption\n\n\n\nSince this is a mirror setup, a naive solution to cause corruption would be to randomly dd the same sectors of both /dev/sdb and /dev/sdc. This works, but is equally likely to just overwrite random unused space, or take down the zpool entirely. What we really want is to corrupt a specific snapshot, or even a specific file in that snapshot, to simulate a more realistic minor corruption event. Luckily we have a tool called zdb that lets us view some low level information about datasets.\n\n\n\nConclusion\n\n\n\nAt the 500 PB scale, it's not a matter of if data corruption will happen but when. Intentionally causing corruption is one of the strategies we use to ensure we're building software that can handle these rare (but inevitable) events.\n\nTo others out there using ZFS: I'm curious to hear how you've solved this problem. We did quite a bit of experimentation with zinject before going with this more brute force method. So I'd be especially interested if you've had luck simply simulating corruption with zinject.\n\n\n\n\nNetBSD Assembly Programming Tutorial\n\n\nA sparc64 version is also being prepared and will be added when done\n\nThis post describes how to write a simple hello world program in pure assembly on NetBSD/amd64. We will not use (nor link against) libc, nor use gcc to compile it. I will be using GNU as (gas), and therefore the AT\u0026amp;T syntax instead of Intel.\n\n\n\nWhy assembly?\n\n\n\nWhy not? Because it's fun to program in assembly directly. Contrary to a popular belief assembly programs aren't always faster than what optimizing compilers produce. Nevertheless it's good to be able to read assembly, especially when debugging C programs\n\n\n\nDue to the nature of the guide, visit the site for the complete breakdown\n\n\n\n\nNews Roundup\n\nThe IKEA Lack Rack for Servers\n\n\nThe LackRack\n\n\n\nFirst occurrence on eth0:2010 Winterlan, the LackRack is the ultimate, low-cost, high shininess solution for your modular datacenter-in-the-living-room. Featuring the LACK (side table) from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It's a little known fact that we have seen Google engineers tinker with Lack tables since way back in 2009.\n\nThe LackRack will certainly make its appearance again this summer at eth0:2010 Summer.\n\n\n\nSummary\n\n\n\nWhen temporarily not in use, multiple LackRacks can be stacked in a space-efficient way without disassembly, unlike competing 19\" server racks.\n\nThe LackRack was first seen on eth0:2010 Winterlan in the no-shoe Lounge area. Its low-cost and perfect fit are great for mounting up to 8 U of 19\" hardware, such as switches (see below), or perhaps other 19\" gear. It's very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19\" switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!\n\n\n\nHowto\n\n\n\nYou can find a howto on buying a LackRack on this page. This includes the proof that a 19\" switch can indeed be placed in the LackRack in its natural habitat!\n\n\n\n\nOmniOS Community Edition r151030 LTS - Published at May 6, 2019\n\n\nThe OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.\n\nOmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.\n\nThis is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.\n\nIf you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.\n\n\n\nFor full relase notes including upgrade instructions;\nrelease notes\nupgrade instructions\n\n\n\n\nList Block Devices on FreeBSD lsblk(8) Style\n\n\nWhen I have to work on Linux systems I usually miss many nice FreeBSD tools such as these for example to name the few: sockstat, gstat, top -b -o res, top -m io -o total, usbconfig, rcorder, beadm/bectl, idprio/rtprio,… but sometimes – which rarely happens – Linux has some very useful tool that is not available on FreeBSD. An example of such tool is lsblk(8) that does one thing and does it quite well – lists block devices and their contents. It has some problems like listing a disk that is entirely used under ZFS pool on which lsblk(8) displays two partitions instead of information about ZFS just being there – but we all know how much in some circles the CDDL licensed ZFS is unloved in that GPL world.\n\n\nExample lsblk(8) output from Linux system:\n\n$ lsblk\nNAME                         MAJ:MIN RM   SIZE RO TYPE   MOUNTPOINT\nsr0                           11:0    1  1024M  0 rom\nsda                            8:0    0 931.5G  0 disk\n|-sda1                         8:1    0   500M  0 part   /boot\n`-sda2                         8:2    0   931G  0 part\n  |-vg_local-lv_root (dm-0)  253:0    0    50G  0 lvm    /\n  |-vg_local-lv_swap (dm-1)  253:1    0  17.7G  0 lvm    [SWAP]\n  `-vg_local-lv_home (dm-2)  253:2    0   1.8T  0 lvm    /home\nsdc                            8:32   0 232.9G  0 disk\n`-sdc1                         8:33   0 232.9G  0 part\n  `-md1                        9:1    0 232.9G  0 raid10 /data\nsdd                            8:48   0 232.9G  0 disk\n`-sdd1                         8:49   0 232.9G  0 part\n  `-md1                        9:1    0 232.9G  0 raid10 /data\n\n\n\nWhat FreeBSD offers in this department? The camcontrol(8) and geom(8) commands are available. You can also use gpart(8) command to list partitions. Below you will find output of these commands from my single disk laptop. Please note that because of WordPress limitations I need to change all \u0026gt; \u0026lt; characters to ] [ ones in the commands outputs.\n\n\n\nSee the article for the rest of the guide\n\n\n\n\nProject Trident 19.10 Now Available\n\n\nThis is a general package update to the CURRENT release repository based upon TrueOS 19.10\n\n\n\nPACKAGE CHANGES FROM 19.08\n\n\nNew Packages: 601\nDeleted Packages: 165\nUpdated Packages: 3341\n\n\n\n\n\nBeastie Bits\n\n\nNetBSD building tools\nSponsorships open for SNMP Mastery\npkgsrc-2019Q3 release announcement (2019-10-03)\npfetch - A simple system information tool written in POSIX sh\nTaking NetBSD kernel bug roast to the next level: Kernel Fuzzers (quick A.D. 2019 overview)\nCracking Ken Thomson’s password\n\n\n\n\nFeedback/Questions\n\n\nEvilham - Couple Questions\nRob - APU2 alternatives and GPT partition types\nTom - FreeBSD journal article by A. Fengler\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eCausing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://datto.engineering/post/causing-zfs-corruption\" rel=\"nofollow\"\u003eCausing ZFS corruption for fun and profit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDatto backs up data, a lot of it. At the time of writing Datto has over 500 PB of data stored on ZFS. This count includes both backup appliances that are sent to customer sites, as well as cloud storage servers that are used for secondary and tertiary backup of those appliances. At this scale drive swaps are a daily occurrence, and data corruption is inevitable. How we handle this corruption when it happens determines whether we truly lose data, or successfully restore from secondary backup. In this post we\u0026#39;ll be showing you how at Datto we intentionally cause corruption in our testing environments, to ensure we\u0026#39;re building software that can properly handle these scenarios.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCausing Corruption\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince this is a mirror setup, a naive solution to cause corruption would be to randomly dd the same sectors of both /dev/sdb and /dev/sdc. This works, but is equally likely to just overwrite random unused space, or take down the zpool entirely. What we really want is to corrupt a specific snapshot, or even a specific file in that snapshot, to simulate a more realistic minor corruption event. Luckily we have a tool called zdb that lets us view some low level information about datasets.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt the 500 PB scale, it\u0026#39;s not a matter of if data corruption will happen but when. Intentionally causing corruption is one of the strategies we use to ensure we\u0026#39;re building software that can handle these rare (but inevitable) events.\u003c/p\u003e\n\n\u003cp\u003eTo others out there using ZFS: I\u0026#39;m curious to hear how you\u0026#39;ve solved this problem. We did quite a bit of experimentation with zinject before going with this more brute force method. So I\u0026#39;d be especially interested if you\u0026#39;ve had luck simply simulating corruption with zinject.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://polprog.net/blog/netbsdasmprog/\" rel=\"nofollow\"\u003eNetBSD Assembly Programming Tutorial\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA sparc64 version is also being prepared and will be added when done\u003c/p\u003e\n\n\u003cp\u003eThis post describes how to write a simple hello world program in pure assembly on NetBSD/amd64. We will not use (nor link against) libc, nor use gcc to compile it. I will be using GNU as (gas), and therefore the AT\u0026amp;T syntax instead of Intel.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy assembly?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhy not? Because it\u0026#39;s fun to program in assembly directly. Contrary to a popular belief assembly programs aren\u0026#39;t always faster than what optimizing compilers produce. Nevertheless it\u0026#39;s good to be able to read assembly, especially when debugging C programs\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDue to the nature of the guide, visit the site for the complete breakdown\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.eth0.nl/index.php/LackRack\" rel=\"nofollow\"\u003eThe IKEA Lack Rack for Servers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe LackRack\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst occurrence on eth0:2010 Winterlan, the LackRack is the ultimate, low-cost, high shininess solution for your modular datacenter-in-the-living-room. Featuring the LACK (side table) from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It\u0026#39;s a little known fact that we have seen Google engineers tinker with Lack tables since way back in 2009.\u003c/p\u003e\n\n\u003cp\u003eThe LackRack will certainly make its appearance again this summer at eth0:2010 Summer.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSummary\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen temporarily not in use, multiple LackRacks can be stacked in a space-efficient way without disassembly, unlike competing 19\u0026quot; server racks.\u003c/p\u003e\n\n\u003cp\u003eThe LackRack was first seen on eth0:2010 Winterlan in the no-shoe Lounge area. Its low-cost and perfect fit are great for mounting up to 8 U of 19\u0026quot; hardware, such as switches (see below), or perhaps other 19\u0026quot; gear. It\u0026#39;s very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19\u0026quot; switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHowto\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou can find a howto on buying a LackRack on this page. This includes the proof that a 19\u0026quot; switch can indeed be placed in the LackRack in its natural habitat!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://omniosce.org/article/release-030\" rel=\"nofollow\"\u003eOmniOS Community Edition r151030 LTS - Published at May 6, 2019\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.\u003c/p\u003e\n\n\u003cp\u003eOmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.\u003c/p\u003e\n\n\u003cp\u003eThis is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.\u003c/p\u003e\n\n\u003cp\u003eIf you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor full relase notes including upgrade instructions;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://omniosce.org/releasenotes.html\" rel=\"nofollow\"\u003erelease notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://omniosce.org/upgrade.html\" rel=\"nofollow\"\u003eupgrade instructions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vermaden.wordpress.com/2019/09/27/list-block-devices-on-freebsd-lsblk8-style/\" rel=\"nofollow\"\u003eList Block Devices on FreeBSD lsblk(8) Style\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen I have to work on Linux systems I usually miss many nice FreeBSD tools such as these for example to name the few: sockstat, gstat, top -b -o res, top -m io -o total, usbconfig, rcorder, beadm/bectl, idprio/rtprio,… but sometimes – which rarely happens – Linux has some very useful tool that is not available on FreeBSD. An example of such tool is lsblk(8) that does one thing and does it quite well – lists block devices and their contents. It has some problems like listing a disk that is entirely used under ZFS pool on which lsblk(8) displays two partitions instead of information about ZFS just being there – but we all know how much in some circles the CDDL licensed ZFS is unloved in that GPL world.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eExample lsblk(8) output from Linux system:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ lsblk\nNAME                         MAJ:MIN RM   SIZE RO TYPE   MOUNTPOINT\nsr0                           11:0    1  1024M  0 rom\nsda                            8:0    0 931.5G  0 disk\n|-sda1                         8:1    0   500M  0 part   /boot\n`-sda2                         8:2    0   931G  0 part\n  |-vg_local-lv_root (dm-0)  253:0    0    50G  0 lvm    /\n  |-vg_local-lv_swap (dm-1)  253:1    0  17.7G  0 lvm    [SWAP]\n  `-vg_local-lv_home (dm-2)  253:2    0   1.8T  0 lvm    /home\nsdc                            8:32   0 232.9G  0 disk\n`-sdc1                         8:33   0 232.9G  0 part\n  `-md1                        9:1    0 232.9G  0 raid10 /data\nsdd                            8:48   0 232.9G  0 disk\n`-sdd1                         8:49   0 232.9G  0 part\n  `-md1                        9:1    0 232.9G  0 raid10 /data\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat FreeBSD offers in this department? The camcontrol(8) and geom(8) commands are available. You can also use gpart(8) command to list partitions. Below you will find output of these commands from my single disk laptop. Please note that because of WordPress limitations I need to change all \u0026gt; \u0026lt; characters to ] [ ones in the commands outputs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest of the guide\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://project-trident.org/post/2019-10-05_19.10_available/\" rel=\"nofollow\"\u003eProject Trident 19.10 Now Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a general package update to the CURRENT release repository based upon TrueOS 19.10\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePACKAGE CHANGES FROM 19.08\n\n\u003cul\u003e\n\u003cli\u003eNew Packages: 601\u003c/li\u003e\n\u003cli\u003eDeleted Packages: 165\u003c/li\u003e\n\u003cli\u003eUpdated Packages: 3341\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://imgur.com/gallery/0sG4b1K\" rel=\"nofollow\"\u003eNetBSD building tools\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/4569\" rel=\"nofollow\"\u003eSponsorships open for SNMP Mastery\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2019/10/03/msg029485.html\" rel=\"nofollow\"\u003epkgsrc-2019Q3 release announcement (2019-10-03)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylanaraps/pfetch\" rel=\"nofollow\"\u003epfetch - A simple system information tool written in POSIX sh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://netbsd.org/%7Ekamil/eurobsdcon2019_fuzzing/presentation.html#slide1\" rel=\"nofollow\"\u003eTaking NetBSD kernel bug roast to the next level: Kernel Fuzzers (quick A.D. 2019 overview)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password.html\" rel=\"nofollow\"\u003eCracking Ken Thomson’s password\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eEvilham - \u003ca href=\"http://dpaste.com/2JC85WV\" rel=\"nofollow\"\u003eCouple Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRob - \u003ca href=\"http://dpaste.com/0SDX9ZX\" rel=\"nofollow\"\u003eAPU2 alternatives and GPT partition types\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTom - \u003ca href=\"http://dpaste.com/2B43MY1#wrap\" rel=\"nofollow\"\u003eFreeBSD journal article by A. Fengler\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0319.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.","date_published":"2019-10-09T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/19c9942c-0790-4157-af73-31faf1e2b8e4.mp3","mime_type":"audio/mp3","size_in_bytes":48841583,"duration_in_seconds":4070}]},{"id":"a53fad97-5df2-4cd3-91a8-e75d5a2f38d7","title":"318: The TrueNAS Library","url":"https://www.bsdnow.tv/318","content_text":"DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.\n\nHeadlines\n\nDragonFlyBSD 5.6 vs. FreeBSD 12 vs. Linux - Ryzen 7 3700X\n\n\nFor those wondering how well FreeBSD and DragonFlyBSD are handling AMD's new Ryzen 3000 series desktop processors, here are some benchmarks on a Ryzen 7 3700X with MSI MEG X570 GODLIKE where both of these popular BSD operating systems were working out-of-the-box. For some fun mid-week benchmarking, here are those results of FreeBSD 12.0 and DragonFlyBSD 5.6.2 up against openSUSE Tumbleweed and Ubuntu 19.04.\n\nBack in July I looked at FreeBSD 12 on the Ryzen 9 3900X but at that time at least DragonFlyBSD had troubles booting on that system. When trying out the Ryzen 7 3700X + MSI GODLIKE X570 motherboard on the latest BIOS, everything \"just worked\" without any compatibility issues for either of these BSDs.\n\nWe've been eager to see how well DragonFlyBSD is performing on these new AMD Zen 2 CPUs with DragonFlyBSD lead developer Matthew Dillon having publicly expressed being impressed by the new AMD Ryzen 3000 series CPUs.\n\nFor comparison to those BSDs, Ubuntu 19.04 and openSUSE Tumbleweed were tested on the same hardware in their out-of-the-box configurations. While Clear Linux is normally the fastest, on this system Clear's power management defaults had caused issues in being unable to detect the Samsung 970 EVO Plus NVMe SSD used for testing and so we left it out this round.\n\nAll of the hardware was the same throughout testing as were the BIOS settings and running the Ryzen 7 3700X at stock speeds. (Any differences in the reported hardware for the system table just come down to differences in what is exposed by each OS for reporting.) All of the BSD/Linux benchmarks on this eight core / sixteen thread processor were run via the Phoronix Test Suite. In the case of FreeBSD 12.0, we benchmarked both with its default LLVM Clang 6.0 compiler as well as with GCC 9.1 so that it would match the GCC compiler being the default on the other operating systems under test.\n\n\n\n\nJFK Presidential Library Chooses iXsystems TrueNAS to Preserve Precious Digital Archives\n\n\niXsystems is honored to have the TrueNAS® M-Series unified storage selected to store, serve, and protect the entire digital archive for the John F. Kennedy Library Foundation. This is in support of the collection at the John F. Kennedy Presidential Library and Museum (JFK Library). Over the next several years, the Foundation hopes to grow the digital collection from hundreds of terabytes today to cover much more of the Archives at the Kennedy Library. Overall there is a total of 25 million documents, audio recordings, photos, and videos once the project is complete.\n\nHaving first deployed the TrueNAS M50-HA earlier in 2019, the JFK Library has now completed the migration of its existing digital collection and is now in the process of digitizing much of the rest of its vast collection. \n\nNot only is the catalog of material vast, it is also diverse, with files being copied to the storage system from a variety of sources in numerous file types. To achieve this ambitious goal, the library required a high-end NAS system capable of sharing with a variety of systems throughout the digitization process.  The digital archive will be served from the TrueNAS M50 and made available to both in-person and online visitors.\n\nWith precious material and information comes robust demands. The highly-available TrueNAS M-Series has multiple layers of protection to help keep data safe, including data scrubs, checksums, unlimited snapshots, replication, and more. TrueNAS is also inherently scalable with data shares only limited by the number of drives connected to the pool. Perfect for archival storage, the deployed TrueNAS M50 will grow with the library’s content, easily expanding its storage capacity over time as needed. Supporting a variety of protocols, multi-petabyte scalability in a single share, and anytime, uninterrupted capacity expansion, the TrueNAS M-Series ticked all the right boxes. \n\n\n\nYoutube Video\n\n\n\n\nNews Roundup\n\nFreeBSD 12.1-beta available\n\n\nFreeBSD 12.0 is already approaching one year old while FreeBSD 12.1 is now on the way as the next installment with various bug/security fixes and other alterations to this BSD operating system.\n\nFreeBSD 12.1 has many security/bug fixes throughout, no longer enables \"-Werror\" by default as a compiler flag (Update: This change is just for the GCC 4.2 compiler), has imported BearSSL into the FreeBSD base system as a lightweight TLS/SSL implementation, bzip2recover has been added, and a variety of mostly lower-level changes. More details can be found via the in-progress release notes.\n\nFor those with time to test this weekend, FreeBSD 12.1 Beta 1 is available for all prominent architectures.\n\nThe FreeBSD release team is planning for at least another beta or two and around three release candidates. If all goes well, FreeBSD 12.1 will be out in early November.\n\n\n\nAnnouncement Link\n\n\n\n\nCool, but obscure X11 tools.  More suggestions in the source link\n\n\nASClock\nFree42\nFSV2\nGLXGears\nGMixer\nGVIM\nMicropolis\nSunclock\nTed\nTiEmu\nX026\nX48\nXAbacus\nXAntfarm\nXArchiver\nXASCII\nXBiff\nXBill\nXBoard\nXCalc\nXCalendar\nXCHM\nXChomp\nXClipboard\nXClock\nXClock/Cat Clock\nXColorSel\nXConsole\nXDiary\nXEarth\nXEdit\nXev\nXEyes\nXFontSel\nXGalaga\nXInvaders 3D\nXKill\nXLennart\nXLoad\nXLock\nXLogo\nXMahjongg\nXMan\nXMessage\nXmGrace\nXMixer\nXmMix\nXMore\nXMosaic\nXMOTD\nXMountains\nXNeko\nXOdometer\nXOSView\nXplore\nXPostIt\nXRoach\nXScreenSaver\nXSnow\nXSpread\nXTerm\nXTide\nXv\nXvkbd\nXWPE\nXZoom\n\n\n\n\nvBSDCon 2019 trip report from iXSystems\n\n\nThe fourth biennial vBSDCon was held in Reston, VA on September 5th through 7th and attracted attendees and presenters from not only the Washington, DC area, but also Canada, Germany, Kenya, and beyond. While MeetBSD caters to Silicon Valley BSD enthusiasts on even years, vBSDcon caters to East Coast and DC area enthusiasts on odd years. Verisign was again the key sponsor of vBSDcon 2019 but this year made a conscious effort to entrust the organization of the event to a team of community members led by Dan Langille, who you probably know as the lead BSDCan organizer. The result of this shift was a low key but professional event that fostered great conversation and brainstorming at every turn.\n\n\n\n\nProject Trident 12-U7 now available\n\n\nPackage Summary\n\n\nNew Packages: 130\nDeleted Packages: 72\nUpdated Packages: 865\n\nStable ISO - https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso\n\n\n\n\nA Couple new Unix Artifacts\n\n\nI fear we're drifting a bit here and the S/N ratio is dropping a bit w.r.t the actual history of Unix. Please no more on the relative merits of version control systems or alternative text processing systems.\n\nSo I'll try to distract you by saying this. I'm sitting on two artifacts that have recently been given to me:\n\n\n\nby two large organisations\nof great significance to Unix history\nwho want me to keep \"mum\" about them\nas they are going to make announcements about them soon*\n\n\n\nand I am going slowly crazy as I wait for them to be offically released. Now you have a new topic to talk about :-)\n\nCheers, Warren\n\n\n* for some definition of \"soon\"\n\n\n\nBeastie Bits\n\n\nNetBSD machines at Open Source Conference 2019 Hiroshima\nHyperbola a GNU/Linux OS is using OpenBSD's Xenocara\nTalos is looking for a FreeBSD Engineer\nGitHub - dylanaraps/pure-sh-bible: A collection of pure POSIX sh alternatives to external processes.\ndsynth: you’re building it\nPercy Ludgate, the missing link between Babbage’s machine and everything else\n\n\n\n\nFeedback/Questions\n\n\nBruce - Down the expect rabbithole\nBruce - Expect (update)\nDavid - Netgraph answer\nMason - Beeps?\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eDragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026item=bsd-linux-3700x\" rel=\"nofollow\"\u003eDragonFlyBSD 5.6 vs. FreeBSD 12 vs. Linux - Ryzen 7 3700X\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor those wondering how well FreeBSD and DragonFlyBSD are handling AMD\u0026#39;s new Ryzen 3000 series desktop processors, here are some benchmarks on a Ryzen 7 3700X with MSI MEG X570 GODLIKE where both of these popular BSD operating systems were working out-of-the-box. For some fun mid-week benchmarking, here are those results of FreeBSD 12.0 and DragonFlyBSD 5.6.2 up against openSUSE Tumbleweed and Ubuntu 19.04.\u003c/p\u003e\n\n\u003cp\u003eBack in July I looked at FreeBSD 12 on the Ryzen 9 3900X but at that time at least DragonFlyBSD had troubles booting on that system. When trying out the Ryzen 7 3700X + MSI GODLIKE X570 motherboard on the latest BIOS, everything \u0026quot;just worked\u0026quot; without any compatibility issues for either of these BSDs.\u003c/p\u003e\n\n\u003cp\u003eWe\u0026#39;ve been eager to see how well DragonFlyBSD is performing on these new AMD Zen 2 CPUs with DragonFlyBSD lead developer Matthew Dillon having publicly expressed being impressed by the new AMD Ryzen 3000 series CPUs.\u003c/p\u003e\n\n\u003cp\u003eFor comparison to those BSDs, Ubuntu 19.04 and openSUSE Tumbleweed were tested on the same hardware in their out-of-the-box configurations. While Clear Linux is normally the fastest, on this system Clear\u0026#39;s power management defaults had caused issues in being unable to detect the Samsung 970 EVO Plus NVMe SSD used for testing and so we left it out this round.\u003c/p\u003e\n\n\u003cp\u003eAll of the hardware was the same throughout testing as were the BIOS settings and running the Ryzen 7 3700X at stock speeds. (Any differences in the reported hardware for the system table just come down to differences in what is exposed by each OS for reporting.) All of the BSD/Linux benchmarks on this eight core / sixteen thread processor were run via the Phoronix Test Suite. In the case of FreeBSD 12.0, we benchmarked both with its default LLVM Clang 6.0 compiler as well as with GCC 9.1 so that it would match the GCC compiler being the default on the other operating systems under test.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/jfk-presidential-library-pr/\" rel=\"nofollow\"\u003eJFK Presidential Library Chooses iXsystems TrueNAS to Preserve Precious Digital Archives\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eiXsystems is honored to have the TrueNAS® M-Series unified storage selected to store, serve, and protect the entire digital archive for the John F. Kennedy Library Foundation. This is in support of the collection at the John F. Kennedy Presidential Library and Museum (JFK Library). Over the next several years, the Foundation hopes to grow the digital collection from hundreds of terabytes today to cover much more of the Archives at the Kennedy Library. Overall there is a total of 25 million documents, audio recordings, photos, and videos once the project is complete.\u003c/p\u003e\n\n\u003cp\u003eHaving first deployed the TrueNAS M50-HA earlier in 2019, the JFK Library has now completed the migration of its existing digital collection and is now in the process of digitizing much of the rest of its vast collection. \u003c/p\u003e\n\n\u003cp\u003eNot only is the catalog of material vast, it is also diverse, with files being copied to the storage system from a variety of sources in numerous file types. To achieve this ambitious goal, the library required a high-end NAS system capable of sharing with a variety of systems throughout the digitization process.  The digital archive will be served from the TrueNAS M50 and made available to both in-person and online visitors.\u003c/p\u003e\n\n\u003cp\u003eWith precious material and information comes robust demands. The highly-available TrueNAS M-Series has multiple layers of protection to help keep data safe, including data scrubs, checksums, unlimited snapshots, replication, and more. TrueNAS is also inherently scalable with data shares only limited by the number of drives connected to the pool. Perfect for archival storage, the deployed TrueNAS M50 will grow with the library’s content, easily expanding its storage capacity over time as needed. Supporting a variety of protocols, multi-petabyte scalability in a single share, and anytime, uninterrupted capacity expansion, the TrueNAS M-Series ticked all the right boxes. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=8rFjH5-0Fiw\" rel=\"nofollow\"\u003eYoutube Video\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=FreeBSD-12.1-Beta-Released\" rel=\"nofollow\"\u003eFreeBSD 12.1-beta available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD 12.0 is already approaching one year old while FreeBSD 12.1 is now on the way as the next installment with various bug/security fixes and other alterations to this BSD operating system.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD 12.1 has many security/bug fixes throughout, no longer enables \u0026quot;-Werror\u0026quot; by default as a compiler flag (Update: This change is just for the GCC 4.2 compiler), has imported BearSSL into the FreeBSD base system as a lightweight TLS/SSL implementation, bzip2recover has been added, and a variety of mostly lower-level changes. More details can be found via the in-progress release notes.\u003c/p\u003e\n\n\u003cp\u003eFor those with time to test this weekend, FreeBSD 12.1 Beta 1 is available for all prominent architectures.\u003c/p\u003e\n\n\u003cp\u003eThe FreeBSD release team is planning for at least another beta or two and around three release candidates. If all goes well, FreeBSD 12.1 will be out in early November.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2019-September/091533.html\" rel=\"nofollow\"\u003eAnnouncement Link\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cyber.dabamos.de/unix/x11/\" rel=\"nofollow\"\u003eCool, but obscure X11 tools.  More suggestions in the source link\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eASClock\u003c/li\u003e\n\u003cli\u003eFree42\u003c/li\u003e\n\u003cli\u003eFSV2\u003c/li\u003e\n\u003cli\u003eGLXGears\u003c/li\u003e\n\u003cli\u003eGMixer\u003c/li\u003e\n\u003cli\u003eGVIM\u003c/li\u003e\n\u003cli\u003eMicropolis\u003c/li\u003e\n\u003cli\u003eSunclock\u003c/li\u003e\n\u003cli\u003eTed\u003c/li\u003e\n\u003cli\u003eTiEmu\u003c/li\u003e\n\u003cli\u003eX026\u003c/li\u003e\n\u003cli\u003eX48\u003c/li\u003e\n\u003cli\u003eXAbacus\u003c/li\u003e\n\u003cli\u003eXAntfarm\u003c/li\u003e\n\u003cli\u003eXArchiver\u003c/li\u003e\n\u003cli\u003eXASCII\u003c/li\u003e\n\u003cli\u003eXBiff\u003c/li\u003e\n\u003cli\u003eXBill\u003c/li\u003e\n\u003cli\u003eXBoard\u003c/li\u003e\n\u003cli\u003eXCalc\u003c/li\u003e\n\u003cli\u003eXCalendar\u003c/li\u003e\n\u003cli\u003eXCHM\u003c/li\u003e\n\u003cli\u003eXChomp\u003c/li\u003e\n\u003cli\u003eXClipboard\u003c/li\u003e\n\u003cli\u003eXClock\u003c/li\u003e\n\u003cli\u003eXClock/Cat Clock\u003c/li\u003e\n\u003cli\u003eXColorSel\u003c/li\u003e\n\u003cli\u003eXConsole\u003c/li\u003e\n\u003cli\u003eXDiary\u003c/li\u003e\n\u003cli\u003eXEarth\u003c/li\u003e\n\u003cli\u003eXEdit\u003c/li\u003e\n\u003cli\u003eXev\u003c/li\u003e\n\u003cli\u003eXEyes\u003c/li\u003e\n\u003cli\u003eXFontSel\u003c/li\u003e\n\u003cli\u003eXGalaga\u003c/li\u003e\n\u003cli\u003eXInvaders 3D\u003c/li\u003e\n\u003cli\u003eXKill\u003c/li\u003e\n\u003cli\u003eXLennart\u003c/li\u003e\n\u003cli\u003eXLoad\u003c/li\u003e\n\u003cli\u003eXLock\u003c/li\u003e\n\u003cli\u003eXLogo\u003c/li\u003e\n\u003cli\u003eXMahjongg\u003c/li\u003e\n\u003cli\u003eXMan\u003c/li\u003e\n\u003cli\u003eXMessage\u003c/li\u003e\n\u003cli\u003eXmGrace\u003c/li\u003e\n\u003cli\u003eXMixer\u003c/li\u003e\n\u003cli\u003eXmMix\u003c/li\u003e\n\u003cli\u003eXMore\u003c/li\u003e\n\u003cli\u003eXMosaic\u003c/li\u003e\n\u003cli\u003eXMOTD\u003c/li\u003e\n\u003cli\u003eXMountains\u003c/li\u003e\n\u003cli\u003eXNeko\u003c/li\u003e\n\u003cli\u003eXOdometer\u003c/li\u003e\n\u003cli\u003eXOSView\u003c/li\u003e\n\u003cli\u003eXplore\u003c/li\u003e\n\u003cli\u003eXPostIt\u003c/li\u003e\n\u003cli\u003eXRoach\u003c/li\u003e\n\u003cli\u003eXScreenSaver\u003c/li\u003e\n\u003cli\u003eXSnow\u003c/li\u003e\n\u003cli\u003eXSpread\u003c/li\u003e\n\u003cli\u003eXTerm\u003c/li\u003e\n\u003cli\u003eXTide\u003c/li\u003e\n\u003cli\u003eXv\u003c/li\u003e\n\u003cli\u003eXvkbd\u003c/li\u003e\n\u003cli\u003eXWPE\u003c/li\u003e\n\u003cli\u003eXZoom\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/vbsdcon-2019/\" rel=\"nofollow\"\u003evBSDCon 2019 trip report from iXSystems\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe fourth biennial vBSDCon was held in Reston, VA on September 5th through 7th and attracted attendees and presenters from not only the Washington, DC area, but also Canada, Germany, Kenya, and beyond. While MeetBSD caters to Silicon Valley BSD enthusiasts on even years, vBSDcon caters to East Coast and DC area enthusiasts on odd years. Verisign was again the key sponsor of vBSDcon 2019 but this year made a conscious effort to entrust the organization of the event to a team of community members led by Dan Langille, who you probably know as the lead BSDCan organizer. The result of this shift was a low key but professional event that fostered great conversation and brainstorming at every turn.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://project-trident.org/post/2019-09-21_stable12-u7_available/\" rel=\"nofollow\"\u003eProject Trident 12-U7 now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePackage Summary\n\n\u003cul\u003e\n\u003cli\u003eNew Packages: 130\u003c/li\u003e\n\u003cli\u003eDeleted Packages: 72\u003c/li\u003e\n\u003cli\u003eUpdated Packages: 865\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eStable ISO - \u003ca href=\"https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso\" rel=\"nofollow\"\u003ehttps://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://minnie.tuhs.org//pipermail/tuhs/2019-September/018685.html\" rel=\"nofollow\"\u003eA Couple new Unix Artifacts\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI fear we\u0026#39;re drifting a bit here and the S/N ratio is dropping a bit w.r.t the actual history of Unix. Please no more on the relative merits of version control systems or alternative text processing systems.\u003c/p\u003e\n\n\u003cp\u003eSo I\u0026#39;ll try to distract you by saying this. I\u0026#39;m sitting on two artifacts that have recently been given to me:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eby two large organisations\u003c/li\u003e\n\u003cli\u003eof great significance to Unix history\u003c/li\u003e\n\u003cli\u003ewho want me to keep \u0026quot;mum\u0026quot; about them\u003c/li\u003e\n\u003cli\u003eas they are going to make announcements about them soon*\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eand I am going slowly crazy as I wait for them to be offically released. Now you have a new topic to talk about :-)\u003c/p\u003e\n\n\u003cp\u003eCheers, Warren\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e* \u003cem\u003efor some definition of \u0026quot;soon\u0026quot;\u003c/em\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2019/09/16/msg000813.html\" rel=\"nofollow\"\u003eNetBSD machines at Open Source Conference 2019 Hiroshima\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.hyperbola.info/news/end-of-xorg-support/\" rel=\"nofollow\"\u003eHyperbola a GNU/Linux OS is using OpenBSD\u0026#39;s Xenocara\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.talosintelligence.com/careers/freebsd_engineer\" rel=\"nofollow\"\u003eTalos is looking for a FreeBSD Engineer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylanaraps/pure-sh-bible\" rel=\"nofollow\"\u003eGitHub - dylanaraps/pure-sh-bible: A collection of pure POSIX sh alternatives to external processes.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/09/23/23523.html\" rel=\"nofollow\"\u003edsynth: you’re building it\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.sigcis.org/pipermail/members-sigcis.org/2019-September/001606.html\" rel=\"nofollow\"\u003ePercy Ludgate, the missing link between Babbage’s machine and everything else\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBruce - \u003ca href=\"http://dpaste.com/147HGP3#wrap\" rel=\"nofollow\"\u003eDown the expect rabbithole\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBruce - \u003ca href=\"http://dpaste.com/37MNVSW#wrap\" rel=\"nofollow\"\u003eExpect (update)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDavid - \u003ca href=\"http://dpaste.com/2SE1YSE\" rel=\"nofollow\"\u003eNetgraph answer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMason - \u003ca href=\"http://dpaste.com/00KKXJM\" rel=\"nofollow\"\u003eBeeps?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0318.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.","date_published":"2019-10-02T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a53fad97-5df2-4cd3-91a8-e75d5a2f38d7.mp3","mime_type":"audio/mp3","size_in_bytes":33605404,"duration_in_seconds":2800}]},{"id":"e26d9711-a9ef-433e-bf8e-90d57030f3e7","title":"317: Bots Building Jails","url":"https://www.bsdnow.tv/317","content_text":"Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.\n\nHeadlines\n\nEuroBSDcon 2019 Recap\n\n\nWe’re back from EuroBSDcon in Lillehammer, Norway. It was a great conference with 212 people attending. 2 days of tutorials, parallel to the FreeBSD Devsummit, followed by two days of talks. Some speakers uploaded their slides to papers.freebsd.org already with more to come.\n\nThe social event was also interesting. We visited an open air museum with building preserved from different time periods. In the older section they had a collection of farm buildings, a church originally built in the 1200s and relocated to the museum, and a school house. In the more modern area, they had houses from 1915, and each decade from 1930 to 1990, plus a “house of the future” as imagined in 2001. Many had open doors to allow you to tour the inside, and some were even “inhabited”. The latter fact gave a much more interactive experience and we could learn additional things about the history of that particular house. The town at the end included a general store, a post office, and more. Then, we all had a nice dinner together in the museum’s restaurant.\n\n\n\nThe opening keynote by Patricia Aas was very good. Her talk on embedded ethics, from her perspective as someone trying to defend the sanctity of Norwegian elections, and a former developer for the Opera web browser, provided a great deal of insight into the issues. Her points about how the tech community has unleashed a very complex digital work upon people with barely any technical literacy were well taken. Her stories of trying to explain the problems with involving computers in the election process to journalists and politicians struck a chord with many of us, who have had to deal with legislation written by those who do not truly understand the issues with technology.\n\n\n\n\nSetting up buildbot in FreeBSD jails\n\n\nIn this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism \"jails\". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.\n\n\n\n\nSetting up a mail server with OpenSMTPD, Dovecot and Rspamd\n\n\nSelf-hosting and encouraging smaller providers is for the greater good\n\n\n\nFirst of all, I was not clear enough about the political consequences of centralizing mail services at Big Mailer Corps.\n\nIt doesn’t make sense for Random Joe, sharing kitten pictures with his family and friends, to build a personal mail infrastructure when multiple Big Mailer Corps offer “for free” an amazing quality of service. They provide him with an e-mail address that is immediately available and which will generally work reliably. It really doesn’t make sense for Random Joe not to go there, and particularly if even techies go there without hesitation, proving it is a sound choice.\n\nThere is nothing wrong with Random Joes using a service that works.\n\nWhat is terribly wrong though is the centralization of a communication protocol in the hands of a few commercial companies, EVERY SINGLE ONE OF THEM coming from the same country (currently led by a lunatic who abuses power and probably suffers from NPD), EVERY SINGLE ONE OF THEM having been in the news and/or in a court for random/assorted “unpleasant” behaviors (privacy abuses, eavesdropping, monopoly abuse, sexual or professional harassment, you just name it…), and EVERY SINGLE ONE OF THEM growing user bases that far exceeds the total population of multiple countries combined.\n\n\n\n\nNews Roundup\n\nThe HamBSD project aims to bring amateur packet radio to OpenBSD\n\n\nThe HamBSD project aims to bring amateur packet radio to OpenBSD, including support for TCP/IP over AX.25 and APRS tracking/digipeating in the base system.\n\nHamBSD will not provide a full AX.25 stack but instead only implement support for UI frames. There will be a focus on simplicity, security and readable code.\n\nThe amateur radio community needs a reliable platform for packet radio for use in both leisure and emergency scenarios. It should be expected that the system is stable and resilient (but as yet it is neither).\n\n\n\n\nDragonFlyBSD's HAMMER2 Gets Basic FSCK Support\n\n\nHAMMER2 is Copy on Write, meaning changes are made to copies of existing data.  This means operations are generally atomic and can survive a power outage, etc.  (You should read up on it!)  However, there’s now a fsck command, useful if you want a report of data validity rather than any manual repair process.\n\n\n\ncommit\n\n\n\nAdd initial fsck support for HAMMER2, although CoW fs doesn't require fsck as a concept. Currently no repairing (no write), just verifying. \n\nKeep this as a separate command for now.\nhttps://i.redd.it/vkdss0mtdpo31.jpg\n\n\n\n\nThe return of startx for users\n\n\nAdd modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.\n\nThis makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4).  In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).\n\n\n\n\nBeastie Bits\n\n\nOri Bernstein will be giving the October talk at NYCBUG\nBSD Pizza Night: 2019/09/26, 7–9PM, Portland, Oregon, USA\nNick Wolff : Home Lab Show \u0026amp; Tell\nInstalling the Lumina Desktop in DragonflyBSD\ndhcpcd 8.0.6 added\n\n\n\n\nFeedback/Questions\n\n\nBruce - FOSDEM videos\nLars - Super Cluster of BSD on Rock64Pr\nMadhukar - Question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eSetting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD\u0026#39;s HAMMER2 gets fsck, return of startx for users.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2019.eurobsdcon.org/\" rel=\"nofollow\"\u003eEuroBSDcon 2019 Recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe’re back from EuroBSDcon in Lillehammer, Norway. It was a great conference with 212 people attending. 2 days of \u003ca href=\"https://2019.eurobsdcon.org/tutorial-speakers/\" rel=\"nofollow\"\u003etutorials\u003c/a\u003e, parallel to the \u003ca href=\"https://wiki.freebsd.org/DevSummit/201909\" rel=\"nofollow\"\u003eFreeBSD Devsummit\u003c/a\u003e, followed by two days of \u003ca href=\"https://2019.eurobsdcon.org/program/\" rel=\"nofollow\"\u003etalks\u003c/a\u003e. Some speakers uploaded their slides to \u003ca href=\"https://papers.freebsd.org/2019/eurobsdcon/\" rel=\"nofollow\"\u003epapers.freebsd.org\u003c/a\u003e already with more to come.\u003c/p\u003e\n\n\u003cp\u003eThe social event was also interesting. We visited an open air museum with building preserved from different time periods. In the older section they had a collection of farm buildings, a church originally built in the 1200s and relocated to the museum, and a school house. In the more modern area, they had houses from 1915, and each decade from 1930 to 1990, plus a “house of the future” as imagined in 2001. Many had open doors to allow you to tour the inside, and some were even “inhabited”. The latter fact gave a much more interactive experience and we could learn additional things about the history of that particular house. The town at the end included a general store, a post office, and more. Then, we all had a nice dinner together in the museum’s restaurant.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe opening keynote by Patricia Aas was very good. Her talk on embedded ethics, from her perspective as someone trying to defend the sanctity of Norwegian elections, and a former developer for the Opera web browser, provided a great deal of insight into the issues. Her points about how the tech community has unleashed a very complex digital work upon people with barely any technical literacy were well taken. Her stories of trying to explain the problems with involving computers in the election process to journalists and politicians struck a chord with many of us, who have had to deal with legislation written by those who do not truly understand the issues with technology.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails\" rel=\"nofollow\"\u003eSetting up buildbot in FreeBSD jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism \u0026quot;jails\u0026quot;. We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/\" rel=\"nofollow\"\u003eSetting up a mail server with OpenSMTPD, Dovecot and Rspamd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSelf-hosting and encouraging smaller providers is for the greater good\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst of all, I was not clear enough about the political consequences of centralizing mail services at Big Mailer Corps.\u003c/p\u003e\n\n\u003cp\u003eIt doesn’t make sense for Random Joe, sharing kitten pictures with his family and friends, to build a personal mail infrastructure when multiple Big Mailer Corps offer “for free” an amazing quality of service. They provide him with an e-mail address that is immediately available and which will generally work reliably. It really doesn’t make sense for Random Joe not to go there, and particularly if even techies go there without hesitation, proving it is a sound choice.\u003c/p\u003e\n\n\u003cp\u003eThere is nothing wrong with Random Joes using a service that works.\u003c/p\u003e\n\n\u003cp\u003eWhat is terribly wrong though is the centralization of a communication protocol in the hands of a few commercial companies, EVERY SINGLE ONE OF THEM coming from the same country (currently led by a lunatic who abuses power and probably suffers from NPD), EVERY SINGLE ONE OF THEM having been in the news and/or in a court for random/assorted “unpleasant” behaviors (privacy abuses, eavesdropping, monopoly abuse, sexual or professional harassment, you just name it…), and EVERY SINGLE ONE OF THEM growing user bases that far exceeds the total population of multiple countries combined.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hambsd.org/\" rel=\"nofollow\"\u003eThe HamBSD project aims to bring amateur packet radio to OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe HamBSD project aims to bring amateur packet radio to OpenBSD, including support for TCP/IP over AX.25 and APRS tracking/digipeating in the base system.\u003c/p\u003e\n\n\u003cp\u003eHamBSD will not provide a full AX.25 stack but instead only implement support for UI frames. There will be a focus on simplicity, security and readable code.\u003c/p\u003e\n\n\u003cp\u003eThe amateur radio community needs a reliable platform for packet radio for use in both leisure and emergency scenarios. It should be expected that the system is stable and resilient (but as yet it is neither).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/09/24/23540.html\" rel=\"nofollow\"\u003eDragonFlyBSD\u0026#39;s HAMMER2 Gets Basic FSCK Support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHAMMER2 is Copy on Write, meaning changes are made to copies of existing data.  This means operations are generally atomic and can survive a power outage, etc.  (You should read up on it!)  However, there’s now a fsck command, useful if you want a report of data validity rather than any manual repair process.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5554cc8b81fbfcfd347f50be3f3b1b9a54b871b\" rel=\"nofollow\"\u003ecommit\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAdd initial fsck support for HAMMER2, although CoW fs doesn\u0026#39;t require fsck as a concept. Currently no repairing (no write), just verifying. \u003c/p\u003e\n\n\u003cp\u003eKeep this as a separate command for now.\u003cbr\u003e\n\u003ca href=\"https://i.redd.it/vkdss0mtdpo31.jpg\" rel=\"nofollow\"\u003ehttps://i.redd.it/vkdss0mtdpo31.jpg\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20190917091236\" rel=\"nofollow\"\u003eThe return of startx for users\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAdd modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.\u003c/p\u003e\n\n\u003cp\u003eThis makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4).  In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.nycbug.org:8080/pipermail/talk/2019-September/018046.html\" rel=\"nofollow\"\u003eOri Bernstein will be giving the October talk at NYCBUG\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://calagator.org/events/1250476200\" rel=\"nofollow\"\u003eBSD Pizza Night: 2019/09/26, 7–9PM, Portland, Oregon, USA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/2019-09-30\" rel=\"nofollow\"\u003eNick Wolff : Home Lab Show \u0026amp; Tell\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=eWkCjj4_xsk\" rel=\"nofollow\"\u003eInstalling the Lumina Desktop in DragonflyBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/09/20/23519.html\" rel=\"nofollow\"\u003edhcpcd 8.0.6 added\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBruce - \u003ca href=\"http://dpaste.com/15ABRRB#wrap\" rel=\"nofollow\"\u003eFOSDEM videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLars - \u003ca href=\"http://dpaste.com/1X9FEJJ\" rel=\"nofollow\"\u003eSuper Cluster of BSD on Rock64Pr\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMadhukar - \u003ca href=\"http://dpaste.com/0TWF1NB#wrap\" rel=\"nofollow\"\u003eQuestion\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0317.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.","date_published":"2019-09-26T02:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e26d9711-a9ef-433e-bf8e-90d57030f3e7.mp3","mime_type":"audio/mp3","size_in_bytes":37879559,"duration_in_seconds":3156}]},{"id":"c6ea44fd-cbae-453a-bd88-a35b2b662859","title":"316: git commit FreeBSD","url":"https://www.bsdnow.tv/316","content_text":"NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.\n\nHeadlines\n\nLLVM santizers and GDB regression test suite.\n\n\nAs NetBSD-9 is branched, I have been asked to finish the LLVM sanitizer integration. This work is now accomplished and with MKLLVM=yes build option (by default off), the distribution will be populated with LLVM files for ASan, TSan, MSan, UBSan, libFuzzer, SafeStack and XRay.\n\nI have also transplanted basesystem GDB patched to my GDB repository and managed to run the GDB regression test-suite.\n\n\n\nNetBSD distribution changes\n\n\n\nI have enhanced and imported my local MKSANITIZER code that makes whole distribution sanitization possible. Few real bugs were fixed and a number of patches were newly written to reflect the current NetBSD sources state. I have also merged another chunk of the fruits of the GSoC-2018 project with fuzzing the userland (by plusun@).\n\n\n\nThe following changes were committed to the sources:\n\n\nab7de18d0283 Cherry-pick upstream compiler-rt patches for LLVM sanitizers\n966c62a34e30 Add LLVM sanitizers in the MKLLVM=yes build\n8367b667adb9 telnetd: Stop defining the same variables concurrently in bss and data\nfe72740f64bf fsck: Stop defining the same variable concurrently in bss and data\n40e89e890d66 Fix build of t_ubsan/t_ubsanxx under MKSANITIZER\nb71326fd7b67 Avoid symbol clashes in tests/usr.bin/id under MKSANITIZER\nc581f2e39fa5 Avoid symbol clashes in fs/nfs/nfsservice under MKSANITIZER\n030a4686a3c6 Avoid symbol clashes in bin/df under MKSANITIZER\nfd9679f6e8b1 Avoid symbol clashes in usr.sbin/ypserv/ypserv under MKSANITIZER\n5df2d7939ce3 Stop defining _rpcsvcdirty in bss and data\n5fafbe8b8f64 Add missing extern declaration of ib_mach_emips in installboot\nd134584be69a Add SANITIZER_RENAME_CLASSES in bsd.prog.mk\n2d00d9b08eae Adapt tests/kernel/t_subr_prf for MKSANITIZER\nce54363fe452 Ship with sanitizer/lsan_interface.h for GCC 7\n7bd5ee95e9a0 Ship with sanitizer/lsan_interface.h for LLVM 7\nd8671fba7a78 Set NODEBUG for LLVM sanitizers\n242cd44890a2 Add PAXCTL_FLAG rules for MKSANITIZER\n5e80ab99d9ce Avoid symbol clashes in test/rump/modautoload/t_modautoload with sanitizers\ne7ce7ecd9c2a sysctl: Add indirection of symbols to remove clash with sanitizers\n231aea846aba traceroute: Add indirection of symbol to remove clash with sanitizers\n8d85053f487c sockstat: Add indirection of symbols to remove clash with sanitizers\n81b333ab151a netstat: Add indirection of symbols to remove clash with sanitizers\na472baefefe8 Correct the memset(3)'s third argument in i386 biosdisk.c\n7e4e92115bc3 Add ATF c and c++ tests for TSan, MSan, libFuzzer\n921ddc9bc97c Set NOSANITIZER in i386 ramdisk image\n64361771c78d Enhance MKSANITIZER support\n3b5608f80a2b Define target_not_supported_body() in TSan, MSan and libFuzzer tests\nc27f4619d513 Avoids signedness bit shift in db_get_value()\n680c5b3cc24f Fix LLVM sanitizer build by GCC (HAVE_LLVM=no)\n4ecfbbba2f2a Rework the LLVM compiler_rt build rules\n748813da5547 Correct the build rules of LLVM sanitizers\n20e223156dee Enhance the support of LLVM sanitizers\n0bb38eb2f20d Register syms.extra in LLVM sanitizer .syms files\nAlmost all of the mentioned commits were backported to NetBSD-9 and will land 9.0.\n\n\n\n\n\nHomura - a Windows Games Launcher for FreeBSD\n\n\nInspired by lutris (a Linux gaming platform), we would like to provide a game launcher to play windows games on FreeBSD.\n\n\n\nMakes it easier to run games on FreeBSD, by providing the tweaks and dependencies for you\nDependencies\n\n\ncurl\nbash\np7zip\nzenity\nwebfonts\nalsa-utils (Optional)\nwinetricks\nvulkan-tools\nmesa-demos\ni386-wine-devel on amd64 or wine-devel on i386\n\n\n\n\n\nNews Roundup\n\nAda—The Language of Cost Savings?\n\n\nMany myths surround the Ada programming language, but it continues to be used and evolve at the same time. And while the increased adoption of Ada and SPARK, its provable subset, is slow, it’s noticeable. Ada already addresses more of the features found in found in heavily used embedded languages like C+ and C#. It also tackles problems addressed by upcoming languages like Rust.\n\nChris concludes, “Development technologies have a profound impact on one of the largest and most variable costs associated with embedded-system engineering—labor. At a time when on-time system deployment can not only impact customer satisfaction, but access to services revenue streams, engineering team efficiency is at a premium. Our research showed that programming language choices can have significant influence in this area, leading to shorter projects, better schedules and, ultimately, lower development costs. While a variety of factors can influence and dictate language choice, our research showed that Ada’s evolution has made it an increasingly compelling option for engineering organizations, providing both technically and financially sound solution.”\n\nIn general, Ada already makes embedded “programming in the large” much easier by handling issues that aren’t even addressed in other languages. Though these features are often provided by third-party software, it results in inconsistent practices among developers. Ada also supports the gamut of embedded platforms from systems like Arm’s Cortex-M through supercomputers. Learning Ada isn’t as hard as one might think and the benefits can be significant.\n\n\n\n\nFreeBSD core team appoints a WG to explore transitioning from Subversion to Git.\n\n\nThe FreeBSD Core Team is the governing body of FreeBSD.\n\n\n\nCore approved source commit bits for Doug Moore (dougm), Chuck Silvers (chs), Brandon Bergren (bdragon), and a vendor commit bit for Scott Phillips (scottph).\n\nThe annual developer survey closed on 2019-04-02. Of the 397 developers, 243 took the survey with an average completion time of 12 minutes. The public survey closed on 2019-05-13. It was taken by 3637 users and had a 79% completion rate. A presentation of the survey results took place at BSDCan 2019.\n\nThe core team voted to appoint a working group to explore transitioning our source code 'source of truth' from Subversion to Git. Core asked Ed Maste to chair the group as Ed has been researching this topic for some time. For example, Ed gave a MeetBSD 2018 talk on the topic.\n\nThere is a variety of viewpoints within core regarding where and how to host a Git repository, however core feels that Git is the prudent path forward.\n\n\n\n\nOpenBSD 6.6 Beta tagged\n\nCVSROOT:    /cvs\nModule name:    src\nChanges by:    deraadt@cvs.openbsd.org    2019/08/09 21:56:02\n\nModified files:\n    etc/root : root.mail\n    share/mk : sys.mk\n    sys/arch/macppc/stand/tbxidata: bsd.tbxi\n    sys/conf : newvers.sh\n    sys/sys : param.h\n    usr.bin/signify: signify.1\n\nLog message:\nmove to 6.6-beta\n\n\nPreliminary release notes\n\nImproved hardware support, including:\n\n\nclang(1) is now provided on powerpc.\nIEEE 802.11 wireless stack improvements:\nGeneric network stack improvements:\nInstaller improvements:\nSecurity improvements:\n  + Routing daemons and other userland network improvements\n  + The ntpd(8) daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.\n  + bgdp(8) improvements\n  + Assorted improvements:\n  + The filesystem buffer cache now more aggressively uses memory outside the DMA region, to improve cache performance on amd64 machines.\nThe BER API previously internal to ldap(1), ldapd(8), ypldap(8), and snmpd(8) has been moved into libutil. See ber_read_elements(3).\nSupport for specifying boot device in vm.conf(5).\nOpenSMTPD 6.6.0\nLibreSSL 3.0.X\nAPI and Documentation Enhancements\nCompleted the port of RSA_METHOD accessors from the OpenSSL 1.1 API.\nDocumented undescribed options and removed unfunctional options description in openssl(1) manual.\nOpenSSH 8.0\n\n\n\n\nProject Trident 12-U5 update now available\n\n\nThis is the fifth general package update to the STABLE release repository based upon TrueOS 12-Stable.\n\n\n\nPackage changes from Stable 12-U4\nPackage Summary\n\n\nNew Packages: 20\nDeleted Packages: 24\nUpdated Packages: 279\n\nNew Packages (20)\n\n\nartemis (biology/artemis) : 17.0.1.11\ncatesc (games/catesc) : 0.6\ndmlc-core (devel/dmlc-core) : 0.3.105\ngo-wtf (sysutils/go-wtf) : 0.20.0_1\ninstead (games/instead) : 3.3.0_1\nlidarr (net-p2p/lidarr) : 0.6.2.883\nminerbold (games/minerbold) : 1.4\nonnx (math/onnx) : 1.5.0\nopenzwave-devel (comms/openzwave-devel) : 1.6.897\npolkit-qt-1 (sysutils/polkit-qt) : 0.113.0_8\npy36-traitsui (graphics/py-traitsui) : 6.1.2\nrubygem-aws-sigv2 (devel/rubygem-aws-sigv2) : 1.0.1\nrubygem-default_value_for32 (devel/rubygem-default_value_for32) : 3.2.0\nrubygem-ffi110 (devel/rubygem-ffi110) : 1.10.0\nrubygem-zeitwerk (devel/rubygem-zeitwerk) : 2.1.9\nsems (net/sems) : 1.7.0.g20190822\nskypat (devel/skypat) : 3.1.1\ntvm (math/tvm) : 0.4.1440\nvavoom (games/vavoom) : 1.33_15\nvavoom-extras (games/vavoom-extras) : 1.30_4\n\nDeleted Packages (24)\n\n\ngeeqie (graphics/geeqie) : Unknown reason\niriverter (multimedia/iriverter) : Unknown reason\nkde5 (x11/kde5) : Unknown reason\nkicad-doc (cad/kicad-doc) : Unknown reason\nos-nozfs-buildworld (os/buildworld) : Unknown reason\nos-nozfs-userland (os/userland) : Unknown reason\nos-nozfs-userland-base (os/userland-base) : Unknown reason\nos-nozfs-userland-base-bootstrap (os/userland-base-bootstrap) : Unknown reason\nos-nozfs-userland-bin (os/userland-bin) : Unknown reason\nos-nozfs-userland-boot (os/userland-boot) : Unknown reason\nos-nozfs-userland-conf (os/userland-conf) : Unknown reason\nos-nozfs-userland-debug (os/userland-debug) : Unknown reason\nos-nozfs-userland-devtools (os/userland-devtools) : Unknown reason\nos-nozfs-userland-docs (os/userland-docs) : Unknown reason\nos-nozfs-userland-lib (os/userland-lib) : Unknown reason\nos-nozfs-userland-lib32 (os/userland-lib32) : Unknown reason\nos-nozfs-userland-lib32-development (os/userland-lib32-development) : Unknown reason\nos-nozfs-userland-rescue (os/userland-rescue) : Unknown reason\nos-nozfs-userland-sbin (os/userland-sbin) : Unknown reason\nos-nozfs-userland-tests (os/userland-tests) : Unknown reason\nphotoprint (print/photoprint) : Unknown reason\nplasma5-plasma (x11/plasma5-plasma) : Unknown reason\npolkit-qt5 (sysutils/polkit-qt) : Unknown reason\nsecpanel (security/secpanel) : Unknown reason\n\n\n\n\n\nBeastie Bits\n\n\nDragonFlyBSD - msdosfs updates\nStand out as a speaker\nNot a review of the 7th Gen X1 Carbon\nFreeBSD Meets Linux At The Open Source Summit\nQEMU VM Escape\nPorting wine to amd64 on NetBSD, third evaluation report.\nOpenBSD disabled DoH by default in Firefox\n\n\n\n\nFeedback/Questions\n\n\nReinis - GELI with UEFI\nMason - Beeping\n\n\n[CHVT feedback]\nDJ - Feedback\nBen - chvt\nHarri - Marc's chvt question\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eNetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/llvm_santizers_and_gdb_regression\" rel=\"nofollow\"\u003eLLVM santizers and GDB regression test suite.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs NetBSD-9 is branched, I have been asked to finish the LLVM sanitizer integration. This work is now accomplished and with MKLLVM=yes build option (by default off), the distribution will be populated with LLVM files for ASan, TSan, MSan, UBSan, libFuzzer, SafeStack and XRay.\u003c/p\u003e\n\n\u003cp\u003eI have also transplanted basesystem GDB patched to my GDB repository and managed to run the GDB regression test-suite.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD distribution changes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have enhanced and imported my local MKSANITIZER code that makes whole distribution sanitization possible. Few real bugs were fixed and a number of patches were newly written to reflect the current NetBSD sources state. I have also merged another chunk of the fruits of the GSoC-2018 project with fuzzing the userland (by plusun@).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe following changes were committed to the sources:\n\n\u003cul\u003e\n\u003cli\u003eab7de18d0283 Cherry-pick upstream compiler-rt patches for LLVM sanitizers\u003c/li\u003e\n\u003cli\u003e966c62a34e30 Add LLVM sanitizers in the MKLLVM=yes build\u003c/li\u003e\n\u003cli\u003e8367b667adb9 telnetd: Stop defining the same variables concurrently in bss and data\u003c/li\u003e\n\u003cli\u003efe72740f64bf fsck: Stop defining the same variable concurrently in bss and data\u003c/li\u003e\n\u003cli\u003e40e89e890d66 Fix build of t_ubsan/t_ubsanxx under MKSANITIZER\u003c/li\u003e\n\u003cli\u003eb71326fd7b67 Avoid symbol clashes in tests/usr.bin/id under MKSANITIZER\u003c/li\u003e\n\u003cli\u003ec581f2e39fa5 Avoid symbol clashes in fs/nfs/nfsservice under MKSANITIZER\u003c/li\u003e\n\u003cli\u003e030a4686a3c6 Avoid symbol clashes in bin/df under MKSANITIZER\u003c/li\u003e\n\u003cli\u003efd9679f6e8b1 Avoid symbol clashes in usr.sbin/ypserv/ypserv under MKSANITIZER\u003c/li\u003e\n\u003cli\u003e5df2d7939ce3 Stop defining _rpcsvcdirty in bss and data\u003c/li\u003e\n\u003cli\u003e5fafbe8b8f64 Add missing extern declaration of ib_mach_emips in installboot\u003c/li\u003e\n\u003cli\u003ed134584be69a Add SANITIZER_RENAME_CLASSES in bsd.prog.mk\u003c/li\u003e\n\u003cli\u003e2d00d9b08eae Adapt tests/kernel/t_subr_prf for MKSANITIZER\u003c/li\u003e\n\u003cli\u003ece54363fe452 Ship with sanitizer/lsan_interface.h for GCC 7\u003c/li\u003e\n\u003cli\u003e7bd5ee95e9a0 Ship with sanitizer/lsan_interface.h for LLVM 7\u003c/li\u003e\n\u003cli\u003ed8671fba7a78 Set NODEBUG for LLVM sanitizers\u003c/li\u003e\n\u003cli\u003e242cd44890a2 Add PAXCTL_FLAG rules for MKSANITIZER\u003c/li\u003e\n\u003cli\u003e5e80ab99d9ce Avoid symbol clashes in test/rump/modautoload/t_modautoload with sanitizers\u003c/li\u003e\n\u003cli\u003ee7ce7ecd9c2a sysctl: Add indirection of symbols to remove clash with sanitizers\u003c/li\u003e\n\u003cli\u003e231aea846aba traceroute: Add indirection of symbol to remove clash with sanitizers\u003c/li\u003e\n\u003cli\u003e8d85053f487c sockstat: Add indirection of symbols to remove clash with sanitizers\u003c/li\u003e\n\u003cli\u003e81b333ab151a netstat: Add indirection of symbols to remove clash with sanitizers\u003c/li\u003e\n\u003cli\u003ea472baefefe8 Correct the memset(3)\u0026#39;s third argument in i386 biosdisk.c\u003c/li\u003e\n\u003cli\u003e7e4e92115bc3 Add ATF c and c++ tests for TSan, MSan, libFuzzer\u003c/li\u003e\n\u003cli\u003e921ddc9bc97c Set NOSANITIZER in i386 ramdisk image\u003c/li\u003e\n\u003cli\u003e64361771c78d Enhance MKSANITIZER support\u003c/li\u003e\n\u003cli\u003e3b5608f80a2b Define target_not_supported_body() in TSan, MSan and libFuzzer tests\u003c/li\u003e\n\u003cli\u003ec27f4619d513 Avoids signedness bit shift in db_get_value()\u003c/li\u003e\n\u003cli\u003e680c5b3cc24f Fix LLVM sanitizer build by GCC (HAVE_LLVM=no)\u003c/li\u003e\n\u003cli\u003e4ecfbbba2f2a Rework the LLVM compiler_rt build rules\u003c/li\u003e\n\u003cli\u003e748813da5547 Correct the build rules of LLVM sanitizers\u003c/li\u003e\n\u003cli\u003e20e223156dee Enhance the support of LLVM sanitizers\u003c/li\u003e\n\u003cli\u003e0bb38eb2f20d Register syms.extra in LLVM sanitizer .syms files\u003c/li\u003e\n\u003cli\u003eAlmost all of the mentioned commits were backported to NetBSD-9 and will land 9.0.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/Alexander88207/Homura\" rel=\"nofollow\"\u003eHomura - a Windows Games Launcher for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eInspired by lutris (a Linux gaming platform), we would like to provide a game launcher to play windows games on FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMakes it easier to run games on FreeBSD, by providing the tweaks and dependencies for you\u003c/li\u003e\n\u003cli\u003eDependencies\n\n\u003cul\u003e\n\u003cli\u003ecurl\u003c/li\u003e\n\u003cli\u003ebash\u003c/li\u003e\n\u003cli\u003ep7zip\u003c/li\u003e\n\u003cli\u003ezenity\u003c/li\u003e\n\u003cli\u003ewebfonts\u003c/li\u003e\n\u003cli\u003ealsa-utils (Optional)\u003c/li\u003e\n\u003cli\u003ewinetricks\u003c/li\u003e\n\u003cli\u003evulkan-tools\u003c/li\u003e\n\u003cli\u003emesa-demos\u003c/li\u003e\n\u003cli\u003ei386-wine-devel on amd64 or wine-devel on i386\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.electronicdesign.com/embedded-revolution/ada-language-cost-savings\" rel=\"nofollow\"\u003eAda—The Language of Cost Savings?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMany myths surround the Ada programming language, but it continues to be used and evolve at the same time. And while the increased adoption of Ada and SPARK, its provable subset, is slow, it’s noticeable. Ada already addresses more of the features found in found in heavily used embedded languages like C+ and C#. It also tackles problems addressed by upcoming languages like Rust.\u003c/p\u003e\n\n\u003cp\u003eChris concludes, “Development technologies have a profound impact on one of the largest and most variable costs associated with embedded-system engineering—labor. At a time when on-time system deployment can not only impact customer satisfaction, but access to services revenue streams, engineering team efficiency is at a premium. Our research showed that programming language choices can have significant influence in this area, leading to shorter projects, better schedules and, ultimately, lower development costs. While a variety of factors can influence and dictate language choice, our research showed that Ada’s evolution has made it an increasingly compelling option for engineering organizations, providing both technically and financially sound solution.”\u003c/p\u003e\n\n\u003cp\u003eIn general, Ada already makes embedded “programming in the large” much easier by handling issues that aren’t even addressed in other languages. Though these features are often provided by third-party software, it results in inconsistent practices among developers. Ada also supports the gamut of embedded platforms from systems like Arm’s Cortex-M through supercomputers. Learning Ada isn’t as hard as one might think and the benefits can be significant.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2019-04-2019-06.html#FreeBSD-Core-Team\" rel=\"nofollow\"\u003eFreeBSD core team appoints a WG to explore transitioning from Subversion to Git.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD Core Team is the governing body of FreeBSD.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCore approved source commit bits for Doug Moore (dougm), Chuck Silvers (chs), Brandon Bergren (bdragon), and a vendor commit bit for Scott Phillips (scottph).\u003c/p\u003e\n\n\u003cp\u003eThe annual developer survey closed on 2019-04-02. Of the 397 developers, 243 took the survey with an average completion time of 12 minutes. The public survey closed on 2019-05-13. It was taken by 3637 users and had a 79% completion rate. A presentation of the survey results took place at BSDCan 2019.\u003c/p\u003e\n\n\u003cp\u003eThe core team voted to appoint a working group to explore transitioning our source code \u0026#39;source of truth\u0026#39; from Subversion to Git. Core asked Ed Maste to chair the group as Ed has been researching this topic for some time. For example, Ed gave a MeetBSD 2018 talk on the topic.\u003c/p\u003e\n\n\u003cp\u003eThere is a variety of viewpoints within core regarding where and how to host a Git repository, however core feels that Git is the prudent path forward.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20190810123243\" rel=\"nofollow\"\u003eOpenBSD 6.6 Beta tagged\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003eCVSROOT:    /cvs\nModule name:    src\nChanges by:    deraadt@cvs.openbsd.org    2019/08/09 21:56:02\n\nModified files:\n    etc/root : root.mail\n    share/mk : sys.mk\n    sys/arch/macppc/stand/tbxidata: bsd.tbxi\n    sys/conf : newvers.sh\n    sys/sys : param.h\n    usr.bin/signify: signify.1\n\nLog message:\nmove to 6.6-beta\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.openbsd.org/66.html\" rel=\"nofollow\"\u003ePreliminary release notes\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eImproved hardware support, including:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eclang(1) is now provided on powerpc.\u003c/li\u003e\n\u003cli\u003eIEEE 802.11 wireless stack improvements:\u003c/li\u003e\n\u003cli\u003eGeneric network stack improvements:\u003c/li\u003e\n\u003cli\u003eInstaller improvements:\u003c/li\u003e\n\u003cli\u003eSecurity improvements:\u003c/li\u003e\n\u003cli\u003e  + Routing daemons and other userland network improvements\u003c/li\u003e\n\u003cli\u003e  + The ntpd(8) daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.\u003c/li\u003e\n\u003cli\u003e  + bgdp(8) improvements\u003c/li\u003e\n\u003cli\u003e  + Assorted improvements:\u003c/li\u003e\n\u003cli\u003e  + The filesystem buffer cache now more aggressively uses memory outside the DMA region, to improve cache performance on amd64 machines.\u003c/li\u003e\n\u003cli\u003eThe BER API previously internal to ldap(1), ldapd(8), ypldap(8), and snmpd(8) has been moved into libutil. See ber_read_elements(3).\u003c/li\u003e\n\u003cli\u003eSupport for specifying boot device in vm.conf(5).\u003c/li\u003e\n\u003cli\u003eOpenSMTPD 6.6.0\u003c/li\u003e\n\u003cli\u003eLibreSSL 3.0.X\u003c/li\u003e\n\u003cli\u003eAPI and Documentation Enhancements\u003c/li\u003e\n\u003cli\u003eCompleted the port of RSA_METHOD accessors from the OpenSSL 1.1 API.\u003c/li\u003e\n\u003cli\u003eDocumented undescribed options and removed unfunctional options description in openssl(1) manual.\u003c/li\u003e\n\u003cli\u003eOpenSSH 8.0\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://project-trident.org/post/2019-09-04_stable12-u5_available/\" rel=\"nofollow\"\u003eProject Trident 12-U5 update now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is the fifth general package update to the STABLE release repository based upon TrueOS 12-Stable.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePackage changes from Stable 12-U4\u003c/li\u003e\n\u003cli\u003e\u003cp\u003ePackage Summary\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew Packages: 20\u003c/li\u003e\n\u003cli\u003eDeleted Packages: 24\u003c/li\u003e\n\u003cli\u003eUpdated Packages: 279\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNew Packages (20)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eartemis (biology/artemis) : 17.0.1.11\u003c/li\u003e\n\u003cli\u003ecatesc (games/catesc) : 0.6\u003c/li\u003e\n\u003cli\u003edmlc-core (devel/dmlc-core) : 0.3.105\u003c/li\u003e\n\u003cli\u003ego-wtf (sysutils/go-wtf) : 0.20.0_1\u003c/li\u003e\n\u003cli\u003einstead (games/instead) : 3.3.0_1\u003c/li\u003e\n\u003cli\u003elidarr (net-p2p/lidarr) : 0.6.2.883\u003c/li\u003e\n\u003cli\u003eminerbold (games/minerbold) : 1.4\u003c/li\u003e\n\u003cli\u003eonnx (math/onnx) : 1.5.0\u003c/li\u003e\n\u003cli\u003eopenzwave-devel (comms/openzwave-devel) : 1.6.897\u003c/li\u003e\n\u003cli\u003epolkit-qt-1 (sysutils/polkit-qt) : 0.113.0_8\u003c/li\u003e\n\u003cli\u003epy36-traitsui (graphics/py-traitsui) : 6.1.2\u003c/li\u003e\n\u003cli\u003erubygem-aws-sigv2 (devel/rubygem-aws-sigv2) : 1.0.1\u003c/li\u003e\n\u003cli\u003erubygem-default_value_for32 (devel/rubygem-default_value_for32) : 3.2.0\u003c/li\u003e\n\u003cli\u003erubygem-ffi110 (devel/rubygem-ffi110) : 1.10.0\u003c/li\u003e\n\u003cli\u003erubygem-zeitwerk (devel/rubygem-zeitwerk) : 2.1.9\u003c/li\u003e\n\u003cli\u003esems (net/sems) : 1.7.0.g20190822\u003c/li\u003e\n\u003cli\u003eskypat (devel/skypat) : 3.1.1\u003c/li\u003e\n\u003cli\u003etvm (math/tvm) : 0.4.1440\u003c/li\u003e\n\u003cli\u003evavoom (games/vavoom) : 1.33_15\u003c/li\u003e\n\u003cli\u003evavoom-extras (games/vavoom-extras) : 1.30_4\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDeleted Packages (24)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003egeeqie (graphics/geeqie) : Unknown reason\u003c/li\u003e\n\u003cli\u003eiriverter (multimedia/iriverter) : Unknown reason\u003c/li\u003e\n\u003cli\u003ekde5 (x11/kde5) : Unknown reason\u003c/li\u003e\n\u003cli\u003ekicad-doc (cad/kicad-doc) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-buildworld (os/buildworld) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland (os/userland) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-base (os/userland-base) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-base-bootstrap (os/userland-base-bootstrap) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-bin (os/userland-bin) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-boot (os/userland-boot) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-conf (os/userland-conf) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-debug (os/userland-debug) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-devtools (os/userland-devtools) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-docs (os/userland-docs) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-lib (os/userland-lib) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-lib32 (os/userland-lib32) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-lib32-development (os/userland-lib32-development) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-rescue (os/userland-rescue) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-sbin (os/userland-sbin) : Unknown reason\u003c/li\u003e\n\u003cli\u003eos-nozfs-userland-tests (os/userland-tests) : Unknown reason\u003c/li\u003e\n\u003cli\u003ephotoprint (print/photoprint) : Unknown reason\u003c/li\u003e\n\u003cli\u003eplasma5-plasma (x11/plasma5-plasma) : Unknown reason\u003c/li\u003e\n\u003cli\u003epolkit-qt5 (sysutils/polkit-qt) : Unknown reason\u003c/li\u003e\n\u003cli\u003esecpanel (security/secpanel) : Unknown reason\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/09/10/23472.html\" rel=\"nofollow\"\u003eDragonFlyBSD - msdosfs updates\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://science.sciencemag.org/content/365/6455/834.full\" rel=\"nofollow\"\u003eStand out as a speaker\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://akpoff.com/archive/2019/not_a_review_of_the_lenovo_x1c7.html\" rel=\"nofollow\"\u003eNot a review of the 7th Gen X1 Carbon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.tfir.io/2019/08/24/freebsd-meets-linux-at-the-open-source-summit/\" rel=\"nofollow\"\u003eFreeBSD Meets Linux At The Open Source Summit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/\" rel=\"nofollow\"\u003eQEMU VM Escape\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on1\" rel=\"nofollow\"\u003ePorting wine to amd64 on NetBSD, third evaluation report.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20190911113856\" rel=\"nofollow\"\u003eOpenBSD disabled DoH by default in Firefox\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eReinis - \u003ca href=\"http://dpaste.com/0SG8630#wrap\" rel=\"nofollow\"\u003eGELI with UEFI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMason - \u003ca href=\"http://dpaste.com/1FQN173\" rel=\"nofollow\"\u003eBeeping\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e[CHVT feedback]\u003cbr\u003e\nDJ - \u003ca href=\"http://dpaste.com/08M3XNH#wrap\" rel=\"nofollow\"\u003eFeedback\u003c/a\u003e\u003cbr\u003e\nBen - \u003ca href=\"http://dpaste.com/274RVCE#wrap\" rel=\"nofollow\"\u003echvt\u003c/a\u003e\u003cbr\u003e\nHarri - \u003ca href=\"http://dpaste.com/23R1YMK#wrap\" rel=\"nofollow\"\u003eMarc\u0026#39;s chvt question\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0316.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.","date_published":"2019-09-18T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c6ea44fd-cbae-453a-bd88-a35b2b662859.mp3","mime_type":"audio/mp3","size_in_bytes":46851680,"duration_in_seconds":3904}]},{"id":"7b9117e9-57d1-48ae-8ceb-d92cabe2a2bd","title":"315: Recapping vBSDcon 2019","url":"https://www.bsdnow.tv/315","content_text":"vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.\n\nHeadlines\n\nvBSDcon Recap\n\nAllan and Benedict attended vBSDcon 2019, which ended last week.\n\nIt was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks.\n\nThe first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails.\n\n\nIf you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week\n\n\nJohn Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” abstract and the recent commit we covered in episode 313.\n\nMeanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs.\n\nDavid Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD.\n\nShawn Webb followed with his overview talk about the “State of the Hardened Union”. \n\nBenedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality.\n\nEntertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale.\n\nPeople formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts. \n\nColin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”.\n\nAllan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads.\n\n“By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms.\n\nConor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”.\n\nTwo OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”.\n\nA dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night.\n\nWe want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees!\n\nhumungus - an hg server\n\n\nFeatures\n\n\nView changes, files, changesets, etc. Some syntax highlighting.\nRead only.\nServes multiple repositories.\nAllows cloning via the obvious URL. Supports go get.\nServes files for downloads.\nOnline documentation via mandoc.\nTerminal based admin interface.\n\n\n\n\n\nNews Roundup\n\nOpenBSD on fan-less Tuxedo InfinityBook 14″ v2.\n\n\nThe InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.).\n\nI’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop.\n\nThe dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta.\n\n\n\nSee Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader\n\n\n\n\nUnix at 50: How the OS that powered smartphones started from failure\n\n\nMaybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey.\n\nIt was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term.\n\nTrying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.”\n\nWithin the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for.\n\nStill, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote.\n\nCancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals.\n\n\n\nSome of Allan’s favourite excerpts:\n\n\n\nIn the early '60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor.\n\nAnd so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics.\n\nWith the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget.\n\nMcIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it.\n\nIt was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.”\n\nEventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document.\n\nOf course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles.\n\nIn August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task.\n\nThompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics.\n\nBy the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer.\n\nIt wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications.\n\nThe computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy.\n\nThe rest has quite literally made tech history.\n\n\n\nSee the link for the rest of the article\n\n\n\n\nHow to configure a network dump in FreeBSD?\n\n\nA network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump.\n\nSo, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0.\n\nNow, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client. \n\n\n\nSee the link for the rest of the article\n\n\n\n\nBeastie Bits\n\n\nSudo Mastery 2nd edition is not out\nEmpirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development\nsoso\nGregKH - OpenBSD was right\nGame of Trees\n\n\n\n\nFeedback/Questions\n\n\nBostJan - Another Question\nTom - PF\nJohnnyK - Changing VT without keys\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003evBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003evBSDcon Recap\u003c/h3\u003e\n\n\u003cp\u003eAllan and Benedict attended vBSDcon 2019, which ended last week.\u003c/p\u003e\n\n\u003cp\u003eIt was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks.\u003c/p\u003e\n\n\u003cp\u003eThe first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eJohn Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” \u003ca href=\"https://www.vbsdcon.com/schedule/2019-09-06.html#talk:132615\" rel=\"nofollow\"\u003eabstract\u003c/a\u003e and the recent commit we covered in episode 313.\u003c/p\u003e\n\n\u003cp\u003eMeanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs.\u003c/p\u003e\n\n\u003cp\u003eDavid Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD.\u003c/p\u003e\n\n\u003cp\u003eShawn Webb followed with his overview talk about the “State of the Hardened Union”. \u003c/p\u003e\n\n\u003cp\u003eBenedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality.\u003c/p\u003e\n\n\u003cp\u003eEntertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale.\u003c/p\u003e\n\n\u003cp\u003ePeople formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts. \u003c/p\u003e\n\n\u003cp\u003eColin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”.\u003c/p\u003e\n\n\u003cp\u003eAllan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads.\u003c/p\u003e\n\n\u003cp\u003e“By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms.\u003c/p\u003e\n\n\u003cp\u003eConor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”.\u003c/p\u003e\n\n\u003cp\u003eTwo OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”.\u003c/p\u003e\n\n\u003cp\u003eA dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night.\u003c/p\u003e\n\n\u003cp\u003eWe want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees!\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://humungus.tedunangst.com/r/humungus\" rel=\"nofollow\"\u003ehumungus - an hg server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFeatures\n\n\u003cul\u003e\n\u003cli\u003eView changes, files, changesets, etc. Some syntax highlighting.\u003c/li\u003e\n\u003cli\u003eRead only.\u003c/li\u003e\n\u003cli\u003eServes multiple repositories.\u003c/li\u003e\n\u003cli\u003eAllows cloning via the obvious URL. Supports go get.\u003c/li\u003e\n\u003cli\u003eServes files for downloads.\u003c/li\u003e\n\u003cli\u003eOnline documentation via mandoc.\u003c/li\u003e\n\u003cli\u003eTerminal based admin interface.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hazardous.org/archive/blog/openbsd/2019/09/02/OpenBSD-on-Infinitybook14\" rel=\"nofollow\"\u003eOpenBSD on fan-less Tuxedo InfinityBook 14″ v2.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.).\u003c/p\u003e\n\n\u003cp\u003eI’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop.\u003c/p\u003e\n\n\u003cp\u003eThe dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arstechnica.com/gadgets/2019/08/unix-at-50-it-starts-with-a-mainframe-a-gator-and-three-dedicated-researchers/\" rel=\"nofollow\"\u003eUnix at 50: How the OS that powered smartphones started from failure\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMaybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey.\u003c/p\u003e\n\n\u003cp\u003eIt was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term.\u003c/p\u003e\n\n\u003cp\u003eTrying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.”\u003c/p\u003e\n\n\u003cp\u003eWithin the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for.\u003c/p\u003e\n\n\u003cp\u003eStill, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote.\u003c/p\u003e\n\n\u003cp\u003eCancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome of Allan’s favourite excerpts:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the early \u0026#39;60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor.\u003c/p\u003e\n\n\u003cp\u003eAnd so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics.\u003c/p\u003e\n\n\u003cp\u003eWith the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget.\u003c/p\u003e\n\n\u003cp\u003eMcIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it.\u003c/p\u003e\n\n\u003cp\u003eIt was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.”\u003c/p\u003e\n\n\u003cp\u003eEventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document.\u003c/p\u003e\n\n\u003cp\u003eOf course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles.\u003c/p\u003e\n\n\u003cp\u003eIn August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task.\u003c/p\u003e\n\n\u003cp\u003eThompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics.\u003c/p\u003e\n\n\u003cp\u003eBy the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer.\u003c/p\u003e\n\n\u003cp\u003eIt wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications.\u003c/p\u003e\n\n\u003cp\u003eThe computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy.\u003c/p\u003e\n\n\u003cp\u003eThe rest has quite literally made tech history.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the link for the rest of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.oshogbo.vexillium.org/blog/68/\" rel=\"nofollow\"\u003eHow to configure a network dump in FreeBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump.\u003c/p\u003e\n\n\u003cp\u003eSo, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0.\u003c/p\u003e\n\n\u003cp\u003eNow, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the link for the rest of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/4530\" rel=\"nofollow\"\u003eSudo Mastery 2nd edition is not out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://users.utu.fi/kakrind/publications/19/vulnfuzz_camera.pdf\" rel=\"nofollow\"\u003eEmpirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozkl/soso\" rel=\"nofollow\"\u003esoso\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/gUqcMs0svNU?t=254\" rel=\"nofollow\"\u003eGregKH - OpenBSD was right\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gameoftrees.org/faq.html\" rel=\"nofollow\"\u003eGame of Trees\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBostJan - \u003ca href=\"http://dpaste.com/1ZPCCQY#wrap\" rel=\"nofollow\"\u003eAnother Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTom - \u003ca href=\"http://dpaste.com/3ZSCB8N#wrap\" rel=\"nofollow\"\u003ePF\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohnnyK - \u003ca href=\"http://dpaste.com/3QZQ7Q5#wrap\" rel=\"nofollow\"\u003eChanging VT without keys\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0315.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.","date_published":"2019-09-12T01:45:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7b9117e9-57d1-48ae-8ceb-d92cabe2a2bd.mp3","mime_type":"audio/mp3","size_in_bytes":55391213,"duration_in_seconds":4615}]},{"id":"a98d492a-7c4f-4f70-b6cf-388387042427","title":"314: Swap that Space","url":"https://www.bsdnow.tv/314","content_text":"Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.\n\nHeadlines\n\nWhat has to happen with Unix virtual memory when you have no swap space\n\n\nRecently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine):\n\nOnce you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I'm not entirely sure why). [...]\n\nI'm afraid I have bad news for the people snickering at Linux here; if you're running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can't on your particular Unix, I'd actually say that your Unix is probably not letting you get full use out of your RAM.\n\nTo simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they're dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program's global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program.\n\n\n\nSee link for the rest of the article\n\n\n\n\nDsynth details on Dragonfly\n\n\nFirst, history: DragonFly has had binaries of dports available for download for quite some time.  These were originally built using poudriere, and then using the synth tool put together by John Marino.  Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load.\n\nMatthew Dillon is working on a new version, called dsynth.  It is available now but not yet part of the build.  He’s been working quickly on it and there’s plenty more commits than what I have linked here.  It’s already led to finding more high-load fixes.\n\n\n\ndsynth\n\n\n\nDSynth is basically synth written in C, from scratch.  It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot's).\n\nThe original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied.\n\n\nThe intent is to make dsynth compatible with synth's configuration files and directory structure.\nThis is a work in progress and not yet ready for prime-time.  Pushing so we can get some more eyeballs.  Most of the directives do not yet work (everything, and build works, and 'cleanup' can be used to clean up any dangling mounts).\n\n\n\n\ndsynth code\n\n\n\n\nNews Roundup\n\nInstant Workstation\n\n\nSome considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly.\n\nSo – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager.\n\nThe tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think.\n\nIn any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around.\n\n\n\nHere is the script in my GitHub repository with notes-for-myself.\n\n\n\n\nNew Servers, new Tech\n\n\nFollowing up on an earlier post, the new servers for DragonFly are in place.   The old 40-core machine used for bulk build, monster, is being retired.  The power efficiency of the new machines is startling.  Incidentally, this is where donations go – infrastructure.\n\n\n\nNew servers in the colo, monster is being retired\n\n\n\nWe have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work.   Monster will be retired.   The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance.   That's at least a 6:1 improvement in performance efficiency.\n\nWith SSD prices down significantly the new machines have all-SSDs.  These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days.  It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner.\n\nMonster, our venerable 48-core quad-socket opteron is being retired.  This was a wonderful dev machine for working on DragonFly's SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high.  If a SMP algorithm wasn't spot-on, you could feel it.  Over the years DragonFly's performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized.  This kept monster relevant far longer than I thought it would be.\n\nBut we are at a point now where improvements in efficiency are just too good to ignore.  Monster's quad-socket opteron (4  x 12 core 6168's) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot.\n\nI would like to thank everyone's generous donations over the last few years!  We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly.\n\n\n\n\nExperimenting with streaming setups on NetBSD\n\n\nEver since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward.\n\nCapturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK.\n\nMy laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen.\n\n\n\n\nNetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support\n\n\nUltimately the goal is to get Valve's Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support.\n\nStudent developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer.\n\nThese interfaces have been tested and working as well as updating the \"suse131\" packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn't yet running on NetBSD with this layer.\n\nThose curious about this DRM ioctl GSoC project can learn more from the NetBSD blog. NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux.\n\n\n\n\nBeastie Bits\n\n\nFreeBSD in Wellington?\nFreeBSD on GFE\nClarification \nDistrotest.net now with BSDs\nLecture: Anykernels meet fuzzing NetBSD\nSun Microsystems business plan from 1982 [pdf]\n\n\n\n\nFeedback/Questions\n\n\nAlan - Questions\nRodriguez - Feedback and a question\nJeff - OpenZFS follow-up, FreeBSD Adventures\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eUnix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/NoSwapConsequence\" rel=\"nofollow\"\u003eWhat has to happen with Unix virtual memory when you have no swap space\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine):\u003c/p\u003e\n\n\u003cp\u003eOnce you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I\u0026#39;m not entirely sure why). [...]\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;m afraid I have bad news for the people snickering at Linux here; if you\u0026#39;re running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can\u0026#39;t on your particular Unix, I\u0026#39;d actually say that your Unix is probably not letting you get full use out of your RAM.\u003c/p\u003e\n\n\u003cp\u003eTo simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they\u0026#39;re dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program\u0026#39;s global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee link for the rest of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/08/27/23398.html\" rel=\"nofollow\"\u003eDsynth details on Dragonfly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst, history: DragonFly has had binaries of dports available for download for quite some time.  These were originally built using poudriere, and then using the synth tool put together by John Marino.  Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load.\u003c/p\u003e\n\n\u003cp\u003eMatthew Dillon is working on a new version, called dsynth.  It is available now but not yet part of the build.  He’s been working quickly on it and there’s plenty more commits than what I have linked here.  It’s already led to finding more high-load fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003edsynth\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDSynth is basically synth written in C, from scratch.  It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot\u0026#39;s).\u003c/p\u003e\n\n\u003cp\u003eThe original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThe intent is to make dsynth compatible with synth\u0026#39;s configuration files and directory structure.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThis is a work in progress and not yet ready for prime-time.  Pushing so we can get some more eyeballs.  Most of the directives do not yet work (everything, and build works, and \u0026#39;cleanup\u0026#39; can be used to clean up any dangling mounts).\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/usr.bin/dsynth/dsynth.1\" rel=\"nofollow\"\u003edsynth code\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/freebsd/2019/08/12/instant-workstation.html\" rel=\"nofollow\"\u003eInstant Workstation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly.\u003c/p\u003e\n\n\u003cp\u003eSo – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager.\u003c/p\u003e\n\n\u003cp\u003eThe tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think.\u003c/p\u003e\n\n\u003cp\u003eIn any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://raw.githubusercontent.com/adriaandegroot/FreeBSDTools/master/bin/instant-workstation\" rel=\"nofollow\"\u003eHere is the script in my GitHub repository with notes-for-myself.\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/08/26/23396.html\" rel=\"nofollow\"\u003eNew Servers, new Tech\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFollowing up on an earlier post, the new servers for DragonFly are in place.   The old 40-core machine used for bulk build, monster, is being retired.  The power efficiency of the new machines is startling.  Incidentally, this is where donations go – infrastructure.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2019-August/358271.html\" rel=\"nofollow\"\u003eNew servers in the colo, monster is being retired\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work.   Monster will be retired.   The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance.   That\u0026#39;s at least a 6:1 improvement in performance efficiency.\u003c/p\u003e\n\n\u003cp\u003eWith SSD prices down significantly the new machines have all-SSDs.  These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days.  It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner.\u003c/p\u003e\n\n\u003cp\u003eMonster, our venerable 48-core quad-socket opteron is being retired.  This was a wonderful dev machine for working on DragonFly\u0026#39;s SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high.  If a SMP algorithm wasn\u0026#39;t spot-on, you could feel it.  Over the years DragonFly\u0026#39;s performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized.  This kept monster relevant far longer than I thought it would be.\u003c/p\u003e\n\n\u003cp\u003eBut we are at a point now where improvements in efficiency are just too good to ignore.  Monster\u0026#39;s quad-socket opteron (4  x 12 core 6168\u0026#39;s) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot.\u003c/p\u003e\n\n\u003cp\u003eI would like to thank everyone\u0026#39;s generous donations over the last few years!  We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dressupgeekout.blogspot.com/2019/08/experimenting-with-streaming-setups-on.html?m=1\" rel=\"nofollow\"\u003eExperimenting with streaming setups on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEver since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward.\u003c/p\u003e\n\n\u003cp\u003eCapturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK.\u003c/p\u003e\n\n\u003cp\u003eMy laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=NetBSD-Linux-DRM-Ioctl-GSoC2019\" rel=\"nofollow\"\u003eNetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUltimately the goal is to get Valve\u0026#39;s Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support.\u003c/p\u003e\n\n\u003cp\u003eStudent developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer.\u003c/p\u003e\n\n\u003cp\u003eThese interfaces have been tested and working as well as updating the \u0026quot;suse131\u0026quot; packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn\u0026#39;t yet running on NetBSD with this layer.\u003c/p\u003e\n\n\u003cp\u003eThose curious about this DRM ioctl GSoC project can learn more from \u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2019_report_implementation_of\" rel=\"nofollow\"\u003ethe NetBSD blog\u003c/a\u003e. NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/MengTangmu/status/1163265206660694016\" rel=\"nofollow\"\u003eFreeBSD in Wellington?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/onewilshire/status/1163792878642114560\" rel=\"nofollow\"\u003eFreeBSD on GFE\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/onewilshire/status/1166323112620826624\" rel=\"nofollow\"\u003eClarification\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://distrotest.net/\" rel=\"nofollow\"\u003eDistrotest.net now with BSDs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10334.html\" rel=\"nofollow\"\u003eLecture: Anykernels meet fuzzing NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.khoslaventures.com/wp-content/uploads/SunMicrosystem_bus_plan.pdf\" rel=\"nofollow\"\u003eSun Microsystems business plan from 1982 [pdf]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlan - \u003ca href=\"http://dpaste.com/1Z8EGTW\" rel=\"nofollow\"\u003eQuestions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodriguez - \u003ca href=\"http://dpaste.com/2PZFP4X#wrap\" rel=\"nofollow\"\u003eFeedback and a question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJeff - \u003ca href=\"http://dpaste.com/02ZM6YE#wrap\" rel=\"nofollow\"\u003eOpenZFS follow-up, FreeBSD Adventures\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0314.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.","date_published":"2019-09-04T20:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a98d492a-7c4f-4f70-b6cf-388387042427.mp3","mime_type":"audio/mp3","size_in_bytes":34897838,"duration_in_seconds":2908}]},{"id":"15bbd7ef-a3c7-4996-9751-d37aa7b5a255","title":"313: In-Kernel TLS","url":"https://www.bsdnow.tv/313","content_text":"OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.\n\nHeadlines\n\nOpenBSD on the Thinkpad X1 Carbon 7th Gen\n\n\nAnother year, another ThinkPad X1 Carbon, this time with a Dolby Atmos sound system and a smaller battery.\nThe seventh generation X1 Carbon isn't much different than the fifth and sixth generations. I opted for the non-vPro Core i5-8265U, 16Gb of RAM, a 512Gb NVMe SSD, and a matte non-touch WQHD display at ~300 nits. A brighter 500-nit 4k display is available, though early reports indicated it severely impacts battery life.\nGone are the microSD card slot on the back and 1mm of overall thickness (from 15.95mm to 14.95mm), but also 6Whr of battery (down to 51Whr) and a little bit of travel in the keyboard and TrackPoint buttons. I still very much like the feel of both of them, so kudos to Lenovo for not going too far down the Apple route of sacrificing performance and usability just for a thinner profile.\nOn my fifth generation X1 Carbon, I used a vinyl plotter to cut out stickers to cover the webcam, \"X1 Carbon\" branding from the bottom of the display, the power button LED, and the \"ThinkPad\" branding from the lower part of the keyboard deck.\n\n\n\nSee link for the rest of the article\n\n\n\n\nHow To Install FreeBSD On A MacBook 1,1 or 2,1\n\n\n FreeBSD Setup For MacBook 1,1 and 2,1\n\n\n\nFreeBSD with some additional setup can be installed on a MacBook 1,1 or 2,1. This article covers how to do so with FreeBSD 10-12.\n\n\n\nInstalling\n\n\n\nFreeBSD can be installed as the only OS on your MacBook if desired. What you should have is:\n\n\n\nA Mac OS X 10.4.6-10.7.5 installer. Unofficial versions modified for these MacBooks such as 10.8 also work.\nA blank CD or DVD to burn the FreeBSD image to. Discs simply work best with these older MacBooks.\nAn ISO file of FreeBSD for x86. The AMD64 ISO does not boot due to the 32 bit EFI of these MacBooks.\nBurn the ISO file to the blank CD or DVD. Once done, make sure it's in your MacBook and then power off the MacBook. Turn it on, and hold down the c key until the FreeBSD disc boots.\n\n\nSee link for the rest of the guide\n\n\n\n\n\nNews Roundup\n\nPatch for review: Kernel portion of in-kernel TLS (KTLS)\n\n\nOne of the projects I have been working on for the past several months in conjunction with several other folks is upstreaming work from Netflix to handle some aspects of Transport Layer Security (TLS) in the kernel. In particular, this lets a web server use sendfile() to send static content on HTTPS connections.  There is a lot more detail in the review itself, so I will spare pasting a big wall of text here.  However, I have posted the patch to add the kernel-side of KTLS for review at the URL below.  KTLS also requires other patches to OpenSSL and nginx, but this review is only for the kernel bits.  Patches and reviews for the other bits will follow later.\n\n\n\nhttps://reviews.freebsd.org/D21277\n\n\n\n\nDragonFly Boot Enviroments\n\n\nThis is a tool inspired by the beadm utility for FreeBSD/Illumos systems that creates and manages ZFS boot environments. This utility in contrast is written from the ground up in C, this should provide better performance, integration, and extensibility than the POSIX sh and awk script it was inspired by. During the time this project has been worked on, beadm has been superseded by bectl on FreeBSD. After hammering out some of the outstanding internal logic issues, I might look at providing a similar interface to the command as bectl.\n\n\n\nSee link for the rest of the details\n\n\n\n\nProject Trident Updates\n\n\n19.08 Available\n\n\n\nThis is a general package update to the CURRENT release repository based upon TrueOS 19.08.\nLegacy boot ISO functional again\nThis update includes the FreeBSD fixes for the “vesa” graphics driver for legacy-boot systems. The system can once again be installed on legacy-boot systems.\n\n\n\nPACKAGE CHANGES FROM 19.07-U1\n\n\nNew Packages: 154\nDeleted Packages: 394\nUpdated Packages: 4926\n\n12-U3 Available\n\n\n\nThis is the third general package update to the STABLE release repository based upon TrueOS 12-Stable.\n\n\n\nPACKAGE CHANGES FROM STABLE 12-U2\n\n\nNew Packages: 105\nDeleted Packages: 386\nUpdated Packages: 1046\n\n\n\n\n\nvBSDcon\n\n\nvBSDcon 2019 will return to the Hyatt Regency in Reston, VA on September 5-7 2019.\n***\n\n\nBeastie Bits\n\n\nThe next NYCBUG meeting will be Sept 4 @ 18:45\n\n\n\n\nFeedback/Questions\n\n\nTom - Questions\nMichael - dfbeadm\nBostjan - Questions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eOpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2019/08/14/x1c7\" rel=\"nofollow\"\u003eOpenBSD on the Thinkpad X1 Carbon 7th Gen\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnother year, another ThinkPad X1 Carbon, this time with a Dolby Atmos sound system and a smaller battery.\u003cbr\u003e\nThe seventh generation X1 Carbon isn\u0026#39;t much different than the fifth and sixth generations. I opted for the non-vPro Core i5-8265U, 16Gb of RAM, a 512Gb NVMe SSD, and a matte non-touch WQHD display at ~300 nits. A brighter 500-nit 4k display is available, though early reports indicated it severely impacts battery life.\u003cbr\u003e\nGone are the microSD card slot on the back and 1mm of overall thickness (from 15.95mm to 14.95mm), but also 6Whr of battery (down to 51Whr) and a little bit of travel in the keyboard and TrackPoint buttons. I still very much like the feel of both of them, so kudos to Lenovo for not going too far down the Apple route of sacrificing performance and usability just for a thinner profile.\u003cbr\u003e\nOn my fifth generation X1 Carbon, I used a vinyl plotter to cut out stickers to cover the webcam, \u0026quot;X1 Carbon\u0026quot; branding from the bottom of the display, the power button LED, and the \u0026quot;ThinkPad\u0026quot; branding from the lower part of the keyboard deck.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee link for the rest of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lexploit.com/freebsdmacbook1-1-2-1/\" rel=\"nofollow\"\u003eHow To Install FreeBSD On A MacBook 1,1 or 2,1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e FreeBSD Setup For MacBook 1,1 and 2,1\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD with some additional setup can be installed on a MacBook 1,1 or 2,1. This article covers how to do so with FreeBSD 10-12.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstalling\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD can be installed as the only OS on your MacBook if desired. What you should have is:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Mac OS X 10.4.6-10.7.5 installer. Unofficial versions modified for these MacBooks such as 10.8 also work.\u003c/li\u003e\n\u003cli\u003eA blank CD or DVD to burn the FreeBSD image to. Discs simply work best with these older MacBooks.\u003c/li\u003e\n\u003cli\u003eAn ISO file of FreeBSD for x86. The AMD64 ISO does not boot due to the 32 bit EFI of these MacBooks.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eBurn the ISO file to the blank CD or DVD. Once done, make sure it\u0026#39;s in your MacBook and then power off the MacBook. Turn it on, and hold down the c key until the FreeBSD disc boots.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee link for the rest of the guide\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=351522\" rel=\"nofollow\"\u003ePatch for review: Kernel portion of in-kernel TLS (KTLS)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the projects I have been working on for the past several months in conjunction with several other folks is upstreaming work from Netflix to handle some aspects of Transport Layer Security (TLS) in the kernel. In particular, this lets a web server use sendfile() to send static content on HTTPS connections.  There is a lot more detail in the review itself, so I will spare pasting a big wall of text here.  However, I have posted the patch to add the kernel-side of KTLS for review at the URL below.  KTLS also requires other patches to OpenSSL and nginx, but this review is only for the kernel bits.  Patches and reviews for the other bits will follow later.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D21277\" rel=\"nofollow\"\u003ehttps://reviews.freebsd.org/D21277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/newnix/dfbeadm\" rel=\"nofollow\"\u003eDragonFly Boot Enviroments\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a tool inspired by the beadm utility for FreeBSD/Illumos systems that creates and manages ZFS boot environments. This utility in contrast is written from the ground up in C, this should provide better performance, integration, and extensibility than the POSIX sh and awk script it was inspired by. During the time this project has been worked on, beadm has been superseded by bectl on FreeBSD. After hammering out some of the outstanding internal logic issues, I might look at providing a similar interface to the command as bectl.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee link for the rest of the details\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eProject Trident Updates\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://project-trident.org/post/2019-08-15_19.08_available/\" rel=\"nofollow\"\u003e19.08 Available\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a general package update to the CURRENT release repository based upon TrueOS 19.08.\u003cbr\u003e\nLegacy boot ISO functional again\u003cbr\u003e\nThis update includes the FreeBSD fixes for the “vesa” graphics driver for legacy-boot systems. The system can once again be installed on legacy-boot systems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003ePACKAGE CHANGES FROM 19.07-U1\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew Packages: 154\u003c/li\u003e\n\u003cli\u003eDeleted Packages: 394\u003c/li\u003e\n\u003cli\u003eUpdated Packages: 4926\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://project-trident.org/post/2019-08-22_stable12-u3_available/\" rel=\"nofollow\"\u003e12-U3 Available\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is the third general package update to the STABLE release repository based upon TrueOS 12-Stable.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePACKAGE CHANGES FROM STABLE 12-U2\n\n\u003cul\u003e\n\u003cli\u003eNew Packages: 105\u003c/li\u003e\n\u003cli\u003eDeleted Packages: 386\u003c/li\u003e\n\u003cli\u003eUpdated Packages: 1046\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.vbsdcon.com/schedule/\" rel=\"nofollow\"\u003evBSDcon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003evBSDcon 2019 will return to the Hyatt Regency in Reston, VA on September 5-7 2019.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.nycbug.org/index?action=view\u0026id=10671\" rel=\"nofollow\"\u003eThe next NYCBUG meeting will be Sept 4 @ 18:45\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTom - \u003ca href=\"http://dpaste.com/1AXXK7G#wrap\" rel=\"nofollow\"\u003eQuestions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/0PNEDYT#wrap\" rel=\"nofollow\"\u003edfbeadm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/1N7T7BR#wrap\" rel=\"nofollow\"\u003eQuestions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0313.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.","date_published":"2019-08-29T00:30:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/15bbd7ef-a3c7-4996-9751-d37aa7b5a255.mp3","mime_type":"audio/mp3","size_in_bytes":39745015,"duration_in_seconds":3312}]},{"id":"6dfbd978-c8a2-45c6-a49a-3a4937d83c69","title":"312: Why Package Managers","url":"https://www.bsdnow.tv/312","content_text":"The UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.\n\nHeadlines\n\nThe UNIX Philosophy in 2019\n\n\nToday, Linux and open source rules the world, and the UNIX philosophy is widely considered compulsory. Organizations are striving to build small, focused applications that work collaboratively in a cloud and microservices environment. We rely on the network, as well as HTTP (text) APIs for storing and referencing data. Moreover, nearly all configuration is stored and communicated using text (e.g. YAML, JSON or XML). And while the UNIX philosophy has changed dramatically over the past 5 decades, it hasn’t strayed too far from Ken Thompson’s original definition in 1973:\n\n\n\nWe write programs that do one thing and do it well\nWe write programs to work together\nAnd we write programs that handle text streams, because that is a universal interface\n\n\n\n\nWhy Use Package Managers?\n\n\nValuable research is often hindered or outright prevented by the inability to install software.  This need not be the case.\n\nSince I began supporting research computing in 1999, I’ve frequently seen researchers struggle for days or weeks trying to install a single open source application.  In most cases, they ultimately failed.\n\nIn many cases, they could have easily installed the software in seconds with one simple command, using a package manager such as Debian packages, FreeBSD ports, MacPorts, or Pkgsrc, just to name a few.\n\nDeveloper websites often contain poorly written instructions for doing “caveman installs”; manually downloading, unpacking, patching, and building the software.  The same laborious process must often be followed for other software packages on which it depends, which can sometimes number in the dozens.  Many researchers are simply unaware that there are easier ways to install the software they need.  Caveman installs are a colossal waste of man-hours.  If 1000 people around the globe spend an average of 20 hours each trying to install the same program that could have been installed with a package manager (this is not uncommon), then 20,000 man-hours have been lost that could have gone toward science.  How many important discoveries are delayed by this?\n\nThe elite research institutions have ample funding and dozens of IT staff dedicated to research computing.  They can churn out publications even if their operation is inefficient.  Most institutions, however, have few or no IT staff dedicated to research, and cannot afford to squander precious man-hours on temporary, one-off software installs.  The wise approach for those of us in that situation is to collaborate on making software deployment easier for everyone.  If we do so, then even the smallest research groups can leverage that work to be more productive and make more frequent contributions to science.\n\nFortunately, the vast majority of open source software installs can be made trivial for anyone to do for themselves.  Modern package managers perform all the same steps as a caveman install, but automatically.  Package managers also install dependencies for us automatically.\n\n\n\n\nNews Roundup\n\nTouchpad, Interrupted\n\n\nFor two years I've been driving myself crazy trying to figure out the source of a driver problem on OpenBSD: interrupts never arrived for certain touchpad devices. A couple weeks ago, I put out a public plea asking for help in case any non-OpenBSD developers recognized the problem, but while debugging an unrelated issue over the weekend, I finally solved it.\n\nIt's been a long journey and it's a technical tale, but here it is.\n\n\n\n\nPorting wine to amd64 on NetBSD, second evaluation report\n\n\nSummary\n\n\n\nPresently, Wine on amd64 is in test phase. It seems to work fine with caveats like LD_LIBRARY_PATH which has to be set as 32-bit Xorg libs don't have ${PREFIX}/emul/netbsd32/lib in its rpath section. The latter is due to us extracting 32-bit libs from tarballs in lieu of building 32-bit Xorg on amd64. As previously stated, pkgsrc doesn't search for pkgconfig files in ${PREFIX}/emul/netbsd32/lib which might have inadvertent effects that I am unaware of as of now. I shall be working on these issues during the final coding period. I would like to thank @leot, @maya and @christos for saving me from shooting myself in the foot many a time. I, admittedly, have had times when multiple approaches, which all seemed right at that time, perplexed me. I believe those are times when having a mentor counts, and I have been lucky enough to have really good ones. Once again, thanks to Google for this wonderful opportunity.\n\n\n\n\nEnhancing Syzkaller Support for NetBSD, Part 2\n\n\nAs a part of Google Summer of Code’19, I am working on improving the support for Syzkaller kernel fuzzer. Syzkaller is an unsupervised coverage-guided kernel fuzzer, that supports a variety of operating systems including NetBSD. This report details the work done during the second coding period.\n\nYou can also take a look at the first report to learn more about the initial support that we added. : https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd\n\n\n\n\nJuly Update: All about the Pinebook Pro\n\n\n\"So I said I won’t be talking about the BSDs, but I feel like I should at the very least give you a general overview of the RK3399 *BSD functionality. I’ll make it quick. I’ve spoken to *BSD devs whom worked on the RockPro64 and from what I’ve gathered (despite the different *BSDs having varying degree of support for the RK3399 SOC) many of the core features are already supported, which bodes well for *BSD on the Pro. That said, some of the things you’d require on a functional laptop – such as the LCD (using eDP) for instance – will not work on the Pinebook Pro using *BSD as of today. So clearly a degree of work is yet needed for a BSD to run on the device. However, keep in mind that *BSD developers will be receiving their units soon and by the time you receive yours some basic functionality may be available.\"\n\n\n\n\nKilling a process and all of its descendants\n\n\nKilling processes in a Unix-like system can be trickier than expected. Last week I was debugging an odd issue related to job stopping on Semaphore. More specifically, an issue related to the killing of a running process in a job. Here are the highlights of what I learned:\n\nUnix-like operating systems have sophisticated process relationships. Parent-child, process groups, sessions, and session leaders. However, the details are not uniform across operating systems like Linux and macOS. POSIX compliant operating systems support sending signals to process groups with a negative PID number.\n\nSending signals to all processes in a session is not trivial with syscalls.\n\nChild processes started with exec inherit their parent signal configuration. If the parent process is ignoring the SIGHUP signal, for example, this configuration is propagated to the children.\n\nThe answer to the “What happens with orphaned process groups” question is not trivial.\n\n\n\n\nFast Software, the Best Software\n\n\nI love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness.\n\nSoftware that’s speedy usually means it’s focused. Like a good tool, it often means that it’s simple, but that’s not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.\n\nBut why is slow bad? Fast software is not always good software, but slow software is rarely able to rise to greatness. Fast software gives the user a chance to “meld” with its toolset. That is, not break flow. When the nerds upon Nerd Hill fight to the death over Vi and Emacs, it’s partly because they have such a strong affinity for the flow of the application and its meldiness. They have invested. The Tool Is Good, so they feel. Not breaking flow is an axiom of great tools.\n\nA typewriter is an excellent tool because, even though it’s slow in a relative sense, every aspect of the machine itself operates as quickly as the user can move. It is focused. There are no delays when making a new line or slamming a key into the paper. Yes, you have to put a new sheet of paper into the machine at the end of a page, but that action becomes part of the flow of using the machine, and the accumulation of paper a visual indication of work completed. It is not wasted work. There are no fundamental mechanical delays in using the machine. The best software inches ever closer to the physical directness of something like a typewriter. (The machine may break down, of course, ribbons need to be changed — but this is maintenance and separate from the use of the tool. I’d be delighted to “maintain” Photoshop if it would lighten it up.)\n\n\n\n\nBeastie Bits\n\n\nRegister for vBSDCon 2019, Sept 5-7 in Reston VA\nRegister for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway\n\n\n\n\nFeedback/Questions\n\n\nPaulo - FreeNAS Question\nMarc - Changing VT without function keys?\nCaleb - Patch, update, and upgrade management\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eThe UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://triosdevelopers.com/jason.eckert/blog/Entries/2019/6/1_Entry_1.html\" rel=\"nofollow\"\u003eThe UNIX Philosophy in 2019\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday, Linux and open source rules the world, and the UNIX philosophy is widely considered compulsory. Organizations are striving to build small, focused applications that work collaboratively in a cloud and microservices environment. We rely on the network, as well as HTTP (text) APIs for storing and referencing data. Moreover, nearly all configuration is stored and communicated using text (e.g. YAML, JSON or XML). And while the UNIX philosophy has changed dramatically over the past 5 decades, it hasn’t strayed too far from Ken Thompson’s original definition in 1973:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe write programs that do one thing and do it well\u003c/li\u003e\n\u003cli\u003eWe write programs to work together\u003c/li\u003e\n\u003cli\u003eAnd we write programs that handle text streams, because that is a universal interface\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://uwm.edu/hpc/software-management/\" rel=\"nofollow\"\u003eWhy Use Package Managers?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eValuable research is often hindered or outright prevented by the inability to install software.  This need not be the case.\u003c/p\u003e\n\n\u003cp\u003eSince I began supporting research computing in 1999, I’ve frequently seen researchers struggle for days or weeks trying to install a single open source application.  In most cases, they ultimately failed.\u003c/p\u003e\n\n\u003cp\u003eIn many cases, they could have easily installed the software in seconds with one simple command, using a package manager such as Debian packages, FreeBSD ports, MacPorts, or Pkgsrc, just to name a few.\u003c/p\u003e\n\n\u003cp\u003eDeveloper websites often contain poorly written instructions for doing “caveman installs”; manually downloading, unpacking, patching, and building the software.  The same laborious process must often be followed for other software packages on which it depends, which can sometimes number in the dozens.  Many researchers are simply unaware that there are easier ways to install the software they need.  Caveman installs are a colossal waste of man-hours.  If 1000 people around the globe spend an average of 20 hours each trying to install the same program that could have been installed with a package manager (this is not uncommon), then 20,000 man-hours have been lost that could have gone toward science.  How many important discoveries are delayed by this?\u003c/p\u003e\n\n\u003cp\u003eThe elite research institutions have ample funding and dozens of IT staff dedicated to research computing.  They can churn out publications even if their operation is inefficient.  Most institutions, however, have few or no IT staff dedicated to research, and cannot afford to squander precious man-hours on temporary, one-off software installs.  The wise approach for those of us in that situation is to collaborate on making software deployment easier for everyone.  If we do so, then even the smallest research groups can leverage that work to be more productive and make more frequent contributions to science.\u003c/p\u003e\n\n\u003cp\u003eFortunately, the vast majority of open source software installs can be made trivial for anyone to do for themselves.  Modern package managers perform all the same steps as a caveman install, but automatically.  Package managers also install dependencies for us automatically.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2019/07/28/ihidev\" rel=\"nofollow\"\u003eTouchpad, Interrupted\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor two years I\u0026#39;ve been driving myself crazy trying to figure out the source of a driver problem on OpenBSD: interrupts never arrived for certain touchpad devices. A couple weeks ago, I put out a public plea asking for help in case any non-OpenBSD developers recognized the problem, but while debugging an unrelated issue over the weekend, I finally solved it.\u003c/p\u003e\n\n\u003cp\u003eIt\u0026#39;s been a long journey and it\u0026#39;s a technical tale, but here it is.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on2\" rel=\"nofollow\"\u003ePorting wine to amd64 on NetBSD, second evaluation report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSummary\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePresently, Wine on amd64 is in test phase. It seems to work fine with caveats like LD_LIBRARY_PATH which has to be set as 32-bit Xorg libs don\u0026#39;t have ${PREFIX}/emul/netbsd32/lib in its rpath section. The latter is due to us extracting 32-bit libs from tarballs in lieu of building 32-bit Xorg on amd64. As previously stated, pkgsrc doesn\u0026#39;t search for pkgconfig files in ${PREFIX}/emul/netbsd32/lib which might have inadvertent effects that I am unaware of as of now. I shall be working on these issues during the final coding period. I would like to thank @leot, @maya and @christos for saving me from shooting myself in the foot many a time. I, admittedly, have had times when multiple approaches, which all seemed right at that time, perplexed me. I believe those are times when having a mentor counts, and I have been lucky enough to have really good ones. Once again, thanks to Google for this wonderful opportunity.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/enchancing_syzkaller_support_for_netbsd\" rel=\"nofollow\"\u003eEnhancing Syzkaller Support for NetBSD, Part 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs a part of Google Summer of Code’19, I am working on improving the support for Syzkaller kernel fuzzer. Syzkaller is an unsupervised coverage-guided kernel fuzzer, that supports a variety of operating systems including NetBSD. This report details the work done during the second coding period.\u003c/p\u003e\n\n\u003cp\u003eYou can also take a look at the first report to learn more about the initial support that we added. : \u003ca href=\"https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd\" rel=\"nofollow\"\u003ehttps://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.pine64.org/2019/07/05/july-update-all-about-the-pinebook-pro/\" rel=\"nofollow\"\u003eJuly Update: All about the Pinebook Pro\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;So I said I won’t be talking about the BSDs, but I feel like I should at the very least give you a general overview of the RK3399 *BSD functionality. I’ll make it quick. I’ve spoken to *BSD devs whom worked on the RockPro64 and from what I’ve gathered (despite the different *BSDs having varying degree of support for the RK3399 SOC) many of the core features are already supported, which bodes well for *BSD on the Pro. That said, some of the things you’d require on a functional laptop – such as the LCD (using eDP) for instance – will not work on the Pinebook Pro using *BSD as of today. So clearly a degree of work is yet needed for a BSD to run on the device. However, keep in mind that *BSD developers will be receiving their units soon and by the time you receive yours some basic functionality may be available.\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://morningcoffee.io/killing-a-process-and-all-of-its-descendants.html\" rel=\"nofollow\"\u003eKilling a process and all of its descendants\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKilling processes in a Unix-like system can be trickier than expected. Last week I was debugging an odd issue related to job stopping on Semaphore. More specifically, an issue related to the killing of a running process in a job. Here are the highlights of what I learned:\u003c/p\u003e\n\n\u003cp\u003eUnix-like operating systems have sophisticated process relationships. Parent-child, process groups, sessions, and session leaders. However, the details are not uniform across operating systems like Linux and macOS. POSIX compliant operating systems support sending signals to process groups with a negative PID number.\u003c/p\u003e\n\n\u003cp\u003eSending signals to all processes in a session is not trivial with syscalls.\u003c/p\u003e\n\n\u003cp\u003eChild processes started with exec inherit their parent signal configuration. If the parent process is ignoring the SIGHUP signal, for example, this configuration is propagated to the children.\u003c/p\u003e\n\n\u003cp\u003eThe answer to the “What happens with orphaned process groups” question is not trivial.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://craigmod.com/essays/fast_software/\" rel=\"nofollow\"\u003eFast Software, the Best Software\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness.\u003c/p\u003e\n\n\u003cp\u003eSoftware that’s speedy usually means it’s focused. Like a good tool, it often means that it’s simple, but that’s not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.\u003c/p\u003e\n\n\u003cp\u003eBut why is slow bad? Fast software is not always good software, but slow software is rarely able to rise to greatness. Fast software gives the user a chance to “meld” with its toolset. That is, not break flow. When the nerds upon Nerd Hill fight to the death over Vi and Emacs, it’s partly because they have such a strong affinity for the flow of the application and its meldiness. They have invested. The Tool Is Good, so they feel. Not breaking flow is an axiom of great tools.\u003c/p\u003e\n\n\u003cp\u003eA typewriter is an excellent tool because, even though it’s slow in a relative sense, every aspect of the machine itself operates as quickly as the user can move. It is focused. There are no delays when making a new line or slamming a key into the paper. Yes, you have to put a new sheet of paper into the machine at the end of a page, but that action becomes part of the flow of using the machine, and the accumulation of paper a visual indication of work completed. It is not wasted work. There are no fundamental mechanical delays in using the machine. The best software inches ever closer to the physical directness of something like a typewriter. (The machine may break down, of course, ribbons need to be changed — but this is maintenance and separate from the use of the tool. I’d be delighted to “maintain” Photoshop if it would lighten it up.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://vbsdcon.com/registration\" rel=\"nofollow\"\u003eRegister for vBSDCon 2019, Sept 5-7 in Reston VA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2019.eurobsdcon.org/registration/\" rel=\"nofollow\"\u003eRegister for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePaulo - \u003ca href=\"http://dpaste.com/2GDG7WR#wrap\" rel=\"nofollow\"\u003eFreeNAS Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMarc - \u003ca href=\"http://dpaste.com/1AKC7A1#wrap\" rel=\"nofollow\"\u003eChanging VT without function keys?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCaleb - \u003ca href=\"http://dpaste.com/2D6J482#wrap\" rel=\"nofollow\"\u003ePatch, update, and upgrade management\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0312.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"The UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.","date_published":"2019-08-21T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6dfbd978-c8a2-45c6-a49a-3a4937d83c69.mp3","mime_type":"audio/mp3","size_in_bytes":51882863,"duration_in_seconds":4323}]},{"id":"1d57e61a-57d9-4d3b-ac9a-c3a4c061da07","title":"311: Conference Gear Breakdown","url":"https://www.bsdnow.tv/311","content_text":"NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.\n\nHeadlines\n\nNetBSD 9.0 release process has started\n\n\nIf you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:\n\n\nNew AArch64 architecture support:\n\n\nSymmetric and asymmetrical multiprocessing support (aka big.LITTLE)\nSupport for running 32-bit binaries\nUEFI and ACPI support\nSupport for SBSA/SBBR (server-class) hardware.\n\nThe FDT-ization of many ARM boards:\n\n\nthe 32-bit GENERIC kernel lists 129 different DTS configurations\nthe 64-bit GENERIC64 kernel lists 74 different DTS configurations\nAll supported by a single kernel, without requiring per-board configuration.\n\nGraphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.\nZFS has been updated to a modern version and seen many bugfixes.\nNew hardware-accelerated virtualization via NVMM.\nNPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.\nNVMe performance improvements\nOptional kernel ASLR support, and partial kernel ASLR for the default configuration.\nKernel sanitizers:\n\n\nKLEAK, detecting memory leaks\nKASAN, detecting memory overruns\nKUBSAN, detecting undefined behaviour\nThese have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.\n\nThe removal of outdated networking components such as ISDN and all of its drivers\nThe installer is now capable of performing GPT UEFI installations.\nDramatically improved support for userland sanitizers, as well as the option to build all of NetBSD's userland using them for bug-finding.\nUpdate to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.\n\n\nWe try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.\n\n\nBinaries are available at https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/\n\n\n\n\n\nxargs wtf\n\n\nxargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.\nI discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.\nxargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.\nIt literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:\nThis is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.\n\n\n\n\nNews Roundup\n\nPkgSrc: A Tale of Two Spellcheckers\n\n\nThis is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.\nThe reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.\n\n\n\n\nAdapting TriforceAFL for NetBSD, Part 2\n\n\nI have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.\nFor work done during the first coding period, check out this post.\n\n\n\nSummary\n\u0026gt; So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation.\n\u0026gt; Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!\n\n\n\n\nExploiting a no-name freebsd kernel vulnerability\n\n\nA new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions.\n\u0026gt; A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.\n\n\n\n\n[Allan and Benedicts Conference Gear Breakdown]\n\n\n\nBenedict’s Gear:\n\n\nGlocalMe G3 Mobile Travel HotSpot and Powerbank\nMogics Power Bagel\nCharby Sense Power Cable\n\nAllan’s Gear:\n\n\nHuawei E5770s-320 4G LTE 150 Mbps Mobile WiFi Pro\nAOW Global Data SIM Card for On-Demand 4G LTE Mobile Data in Over 90 Countries\nAll my devices charge from USB-C, so that is great\nMore USB thumb drives than strictly necessary\nMy Lenovo X270 laptop running FreeBSD 13-current\nMy 2016 Macbook Pro (a prize from the raffle at vBSDCon 2017) that I use for email and video conferencing to preserve battery on my FreeBSD machine for work\n\n\n\n\n\nBeastie Bits\n\n\nReplacing the Unix tradition (Warning may be rage inducing)\nInstalling OpenBSD over remote serial on the AtomicPI\nZen 2 and DragonFly\nImprove Docking on FreeBSD\nRegister for vBSDCon 2019, Sept 5-7 in Reston VA. Early bird ends August 15th.\nRegister for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway\n\n\n\n\nFeedback/Questions\n\n\nJT - Congrats\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eNetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-announce/2019/07/31/msg000301.html\" rel=\"nofollow\"\u003eNetBSD 9.0 release process has started\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew AArch64 architecture support:\n\n\u003cul\u003e\n\u003cli\u003eSymmetric and asymmetrical multiprocessing support (aka big.LITTLE)\u003c/li\u003e\n\u003cli\u003eSupport for running 32-bit binaries\u003c/li\u003e\n\u003cli\u003eUEFI and ACPI support\u003c/li\u003e\n\u003cli\u003eSupport for SBSA/SBBR (server-class) hardware.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe FDT-ization of many ARM boards:\n\n\u003cul\u003e\n\u003cli\u003ethe 32-bit GENERIC kernel lists 129 different DTS configurations\u003c/li\u003e\n\u003cli\u003ethe 64-bit GENERIC64 kernel lists 74 different DTS configurations\u003c/li\u003e\n\u003cli\u003eAll supported by a single kernel, without requiring per-board configuration.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eGraphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.\u003c/li\u003e\n\u003cli\u003eZFS has been updated to a modern version and seen many bugfixes.\u003c/li\u003e\n\u003cli\u003eNew hardware-accelerated virtualization via NVMM.\u003c/li\u003e\n\u003cli\u003eNPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.\u003c/li\u003e\n\u003cli\u003eNVMe performance improvements\u003c/li\u003e\n\u003cli\u003eOptional kernel ASLR support, and partial kernel ASLR for the default configuration.\u003c/li\u003e\n\u003cli\u003eKernel sanitizers:\n\n\u003cul\u003e\n\u003cli\u003eKLEAK, detecting memory leaks\u003c/li\u003e\n\u003cli\u003eKASAN, detecting memory overruns\u003c/li\u003e\n\u003cli\u003eKUBSAN, detecting undefined behaviour\u003c/li\u003e\n\u003cli\u003eThese have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe removal of outdated networking components such as ISDN and all of its drivers\u003c/li\u003e\n\u003cli\u003eThe installer is now capable of performing GPT UEFI installations.\u003c/li\u003e\n\u003cli\u003eDramatically improved support for userland sanitizers, as well as the option to build all of NetBSD\u0026#39;s userland using them for bug-finding.\u003c/li\u003e\n\u003cli\u003eUpdate to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eWe try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinaries are available at \u003ca href=\"https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/\" rel=\"nofollow\"\u003ehttps://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@aarontharris/xargs-wtf-34d2618286b7\" rel=\"nofollow\"\u003exargs wtf\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003exargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.\u003cbr\u003e\nI discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.\u003cbr\u003e\nxargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.\u003cbr\u003e\nIt literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:\u003cbr\u003e\nThis is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bentsukun.ch/posts/pkgsrccon-2019/\" rel=\"nofollow\"\u003ePkgSrc: A Tale of Two Spellcheckers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.\u003cbr\u003e\nThe reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/adapting_triforceafl_for_netbsd_part1\" rel=\"nofollow\"\u003eAdapting TriforceAFL for NetBSD, Part 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.\u003cbr\u003e\nFor work done during the first coding period, check out this post.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSummary\n\u0026gt; So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation.\n\u0026gt; Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.synacktiv.com/posts/exploit/exploiting-a-no-name-freebsd-kernel-vulnerability.html\" rel=\"nofollow\"\u003eExploiting a no-name freebsd kernel vulnerability\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions.\n\u0026gt; A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e[Allan and Benedicts Conference Gear Breakdown]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eBenedict’s Gear:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"https://www.glocalme.com/CA/en-US/cloudsim/g3\" rel=\"nofollow\"\u003eGlocalMe G3 Mobile Travel HotSpot and Powerbank\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://www.mogics.com/3824-2\" rel=\"nofollow\"\u003eMogics Power Bagel\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://charbycharge.com/charby-sense-worlds-smartest-auto-cutoff-cable/\" rel=\"nofollow\"\u003eCharby Sense Power Cable\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAllan’s Gear:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"https://smile.amazon.com/gp/product/B013CEGGKI/\" rel=\"nofollow\"\u003eHuawei E5770s-320 4G LTE 150 Mbps Mobile WiFi Pro\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://smile.amazon.com/dp/B071HJFX27/\" rel=\"nofollow\"\u003eAOW Global Data SIM Card for On-Demand 4G LTE Mobile Data in Over 90 Countries\u003c/a\u003e\u003cbr\u003e\nAll my devices charge from USB-C, so that is great\u003cbr\u003e\nMore USB thumb drives than strictly necessary\u003cbr\u003e\nMy Lenovo X270 laptop running FreeBSD 13-current\u003cbr\u003e\nMy 2016 Macbook Pro (a prize from the raffle at vBSDCon 2017) that I use for email and video conferencing to preserve battery on my FreeBSD machine for work\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=L9v4Mg8wi4U\u0026feature=youtu.be\" rel=\"nofollow\"\u003eReplacing the Unix tradition (Warning may be rage inducing)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.thanassis.space/remoteserial.html#remoteserial\" rel=\"nofollow\"\u003eInstalling OpenBSD over remote serial on the AtomicPI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/08/05/23294.html\" rel=\"nofollow\"\u003eZen 2 and DragonFly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.yukiisbo.red/posts/2019/05/improve-docking-on-freebsd/\" rel=\"nofollow\"\u003eImprove Docking on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vbsdcon.com/registration\" rel=\"nofollow\"\u003eRegister for vBSDCon 2019, Sept 5-7 in Reston VA. Early bird ends August 15th.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2019.eurobsdcon.org/registration/\" rel=\"nofollow\"\u003eRegister for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJT - \u003ca href=\"http://dpaste.com/0D7Y31E#wrap\" rel=\"nofollow\"\u003eCongrats\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0311.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"\nNetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.","date_published":"2019-08-15T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1d57e61a-57d9-4d3b-ac9a-c3a4c061da07.mp3","mime_type":"audio/mp3","size_in_bytes":52868098,"duration_in_seconds":4405}]},{"id":"11bc3886-8630-42e4-8ce6-a97cfce82f4d","title":"310: My New Free NAS","url":"https://www.bsdnow.tv/310","content_text":"OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more. \n\nHeadlines\n\nOPNsense 19.7.1\n\n\nWe do not wish to keep you from enjoying your summer time, but this\nis a recommended security update enriched with reliability fixes for the\nnew 19.7 series.  Of special note are performance improvements as well\nas a fix for a longstanding NAT before IPsec limitation.\n\nFull patch notes:\n\n\n\nsystem: do not create automatic copies of existing gateways\nsystem: do not translate empty tunables descriptions\nsystem: remove unwanted form action tags\nsystem: do not include Syslog-ng in rc.freebsd handler\nsystem: fix manual system log stop/start/restart\nsystem: scoped IPv6 \"%\" could confuse mwexecf(), use plain mwexec() instead\nsystem: allow curl-based downloads to use both trusted and local authorities\nsystem: fix group privilege print and correctly redirect after edit\nsystem: use cached address list in referrer check\nsystem: fix Syslog-ng search stats\nfirewall: HTML-escape dynamic entries to display aliases\nfirewall: display correct IP version in automatic rules\nfirewall: fix a warning while reading empty outbound rules configuration\nfirewall: skip illegal log lines in live log\ninterfaces: performance improvements for configurations with hundreds of interfaces\nreporting: performance improvements for Python 3 NetFlow aggregator rewrite\ndhcp: move advanced router advertisement options to correct config section\nipsec: replace global array access with function to ensure side-effect free boot\nipsec: change DPD action on start to \"dpdaction = restart\"\nipsec: remove already default \"dpdaction = none\" if not set\nipsec: use interface IP address in local ID when doing NAT before IPsec\nweb proxy: fix database reset for Squid 4 by replacing use of ssl_crtd with security_file_certgen\nplugins: os-acme-client 1.24[1]\nplugins: os-bind 1.6[2]\nplugins: os-dnscrypt-proxy 1.5[3]\nplugins: os-frr now restricts characters BGP prefix-list and route-maps[4]\nplugins: os-google-cloud-sdk 1.0[5]\nports: curl 7.65.3[6]\nports: monit 5.26.0[7]\nports: openssh 8.0p1[8]\nports: php 7.2.20[9]\nports: python 3.7.4[10]\nports: sqlite 3.29.0[11]\nports: squid 4.8[12]\n\n\n\nStay safe and hydrated, Your OPNsense team\n\n\n\n\nZFS on Linux still has annoying issues with ARC size\n\nOne of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS's auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.\n\n\nLinux's regular filesystem disk cache is very predictable; if you do disk IO, the cache will relentlessly grow to use all of your free memory. This sometimes disconcerts people when free reports that there's very little memory actually free, but at least you're getting value from your RAM. This is so reliable and regular that we generally don't think about 'is my system going to use all of my RAM as a disk cache', because the answer is always 'yes'. (The general filesystem cache is also called the page cache.)\n\nThis is unfortunately not the case with the ZFS ARC in ZFS on Linux (and it wasn't necessarily the case even on Solaris). ZFS has both a current size and a 'target size' for the ARC (called 'c' in ZFS statistics). When your system boots this target size starts out as the maximum allowed size for the ARC, but various events afterward can cause it to be reduced (which obviously limits the size of your ARC, since that's its purpose). In practice, this reduction in the target size is both pretty sticky and rather mysterious (as ZFS on Linux doesn't currently expose enough statistics to tell why your ARC target size shrunk in any particular case).\n\nThe net effect is that the ZFS ARC is not infrequently quite shy and hesitant about using memory, in stark contrast to Linux's normal filesystem cache. The default maximum ARC size starts out as only half of your RAM (unlike the regular filesystem cache, which will use all of it), and then it shrinks from there, sometimes very significantly, and once shrunk it only recovers slowly (if at all).\n\n\n\n\nNews Roundup\n\nHammer2 is now default\n\ncommit a49112761c919d42d405ec10252eb0553662c824\nAuthor: Matthew Dillon \u0026lt;dillon at apollo.backplane.com\u0026gt;\nDate:   Mon Jun 10 17:53:46 2019 -0700\n\n    installer - Default to HAMMER2\n\n    * Change the installer default from HAMMER1 to HAMMER2.\n\n    * Adjust the nrelease build to print the location of the image files\n      when it finishes.\n\nSummary of changes:\n nrelease/Makefile                          |  2 +-\n usr.sbin/installer/dfuibe_installer/flow.c | 20 ++++++++++----------\n 2 files changed, 11 insertions(+), 11 deletions(-)\n\nhttp://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a49112761c919d42d405ec10252eb0553662c824\n\n\n\n\nNetBSD audio – an application perspective\n\n\nNetBSD audio – an application perspective ... or, \"doing it natively, because we can\"\n\n\n\naudio options for NetBSD in pkgsrc\n\n\nUse NetBSD native audio (sun audio/audioio.h)\nOr OSS emulation layer: Basically a wrapper around sun audio in the kernel. Incomplete and old version, but works for simple stuff\n\nMany many abstraction layers available:\n\n\nOpenAL-Soft\nalsa-lib (config file required)\nlibao, GStreamer (plugins!)\nPortAudio, SDL\nPulseAudio, JACK\n... lots more!? some obsolete stuff (esd, nas?)\n\nAdvantages of using NetBSD audio directly\n\n\nLow latency, low CPU usage: Abstraction layers differ in latency (SDL2 vs ALSA/OpenAL)\nQuery device information: Is /dev/audio1 a USB microphone or another sound card?\nAvoid bugs from excessive layering\nNice API, well documented: [nia note: I had no idea how to write audio code. I read a man page and now I do.]\nYour code might work on illumos too\n\n[nia note: SDL2 seems very sensitive to the blk_ms sysctl being high or low, with other implementations there seems to be a less noticable difference. I don't know why.]\n\n\n\n\nNew FreeNAS Mini\n\n\nTwo new FreeNAS Mini systems join the very popular FreeNAS Mini and Mini XL:\n\nFreeNAS Mini XL+: This powerful 10 Bay platform (8x 3.5” and 1x 2.5” hot-swap, 1x 2.5” internal) includes the latest, compact server technology and provides dual 10GbE ports, 8 CPU cores and 32 GB RAM for high performance workgroups. The Mini XL+ scales beyond 100TB and is ideal for very demanding applications, including hosting virtual machines and multimedia editing. Starting at $1499, the Mini XL+ configured with cache SSD and 80 TB capacity is $4299, and consumes about 100 Watts.\n\nFreeNAS Mini E: This cost-effective 4 Bay platform provides the resources required for SOHO use with quad GbE ports and 8 GB of RAM. The Mini E is ideal for file sharing, streaming and transcoding video at 1080p. Starting at $749, the Mini E configured with 8 TB capacity is $999, and consumes about 36 Watts.\n\n\n\n\nBeastie Bits\n\n\nWelcome to NetBSD 9.99.1!\nBerkeley smorgasbord — part II\ndtracing postgres\nProject Trident 19.07-U1 now available\nNeed a Secure Operating System? Take a Look at OpenBSD\n\n\n\n\nFeedback/Questions\n\n\nJeff - OpenZFS Port Testing Feedback\nMalcolm - Best Practices for Custom Ports\nMichael - Little Correction\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eOPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more. \u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-19-7-1-released/\" rel=\"nofollow\"\u003eOPNsense 19.7.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe do not wish to keep you from enjoying your summer time, but this\u003cbr\u003e\nis a recommended security update enriched with reliability fixes for the\u003cbr\u003e\nnew 19.7 series.  Of special note are performance improvements as well\u003cbr\u003e\nas a fix for a longstanding NAT before IPsec limitation.\u003c/p\u003e\n\n\u003cp\u003eFull patch notes:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003esystem: do not create automatic copies of existing gateways\u003c/li\u003e\n\u003cli\u003esystem: do not translate empty tunables descriptions\u003c/li\u003e\n\u003cli\u003esystem: remove unwanted form action tags\u003c/li\u003e\n\u003cli\u003esystem: do not include Syslog-ng in rc.freebsd handler\u003c/li\u003e\n\u003cli\u003esystem: fix manual system log stop/start/restart\u003c/li\u003e\n\u003cli\u003esystem: scoped IPv6 \u0026quot;%\u0026quot; could confuse mwexecf(), use plain mwexec() instead\u003c/li\u003e\n\u003cli\u003esystem: allow curl-based downloads to use both trusted and local authorities\u003c/li\u003e\n\u003cli\u003esystem: fix group privilege print and correctly redirect after edit\u003c/li\u003e\n\u003cli\u003esystem: use cached address list in referrer check\u003c/li\u003e\n\u003cli\u003esystem: fix Syslog-ng search stats\u003c/li\u003e\n\u003cli\u003efirewall: HTML-escape dynamic entries to display aliases\u003c/li\u003e\n\u003cli\u003efirewall: display correct IP version in automatic rules\u003c/li\u003e\n\u003cli\u003efirewall: fix a warning while reading empty outbound rules configuration\u003c/li\u003e\n\u003cli\u003efirewall: skip illegal log lines in live log\u003c/li\u003e\n\u003cli\u003einterfaces: performance improvements for configurations with hundreds of interfaces\u003c/li\u003e\n\u003cli\u003ereporting: performance improvements for Python 3 NetFlow aggregator rewrite\u003c/li\u003e\n\u003cli\u003edhcp: move advanced router advertisement options to correct config section\u003c/li\u003e\n\u003cli\u003eipsec: replace global array access with function to ensure side-effect free boot\u003c/li\u003e\n\u003cli\u003eipsec: change DPD action on start to \u0026quot;dpdaction = restart\u0026quot;\u003c/li\u003e\n\u003cli\u003eipsec: remove already default \u0026quot;dpdaction = none\u0026quot; if not set\u003c/li\u003e\n\u003cli\u003eipsec: use interface IP address in local ID when doing NAT before IPsec\u003c/li\u003e\n\u003cli\u003eweb proxy: fix database reset for Squid 4 by replacing use of ssl_crtd with security_file_certgen\u003c/li\u003e\n\u003cli\u003eplugins: os-acme-client 1.24[1]\u003c/li\u003e\n\u003cli\u003eplugins: os-bind 1.6[2]\u003c/li\u003e\n\u003cli\u003eplugins: os-dnscrypt-proxy 1.5[3]\u003c/li\u003e\n\u003cli\u003eplugins: os-frr now restricts characters BGP prefix-list and route-maps[4]\u003c/li\u003e\n\u003cli\u003eplugins: os-google-cloud-sdk 1.0[5]\u003c/li\u003e\n\u003cli\u003eports: curl 7.65.3[6]\u003c/li\u003e\n\u003cli\u003eports: monit 5.26.0[7]\u003c/li\u003e\n\u003cli\u003eports: openssh 8.0p1[8]\u003c/li\u003e\n\u003cli\u003eports: php 7.2.20[9]\u003c/li\u003e\n\u003cli\u003eports: python 3.7.4[10]\u003c/li\u003e\n\u003cli\u003eports: sqlite 3.29.0[11]\u003c/li\u003e\n\u003cli\u003eports: squid 4.8[12]\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eStay safe and hydrated, Your OPNsense team\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxARCShrinkage\" rel=\"nofollow\"\u003eZFS on Linux still has annoying issues with ARC size\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ccode\u003eOne of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS\u0026#39;s auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLinux\u0026#39;s regular filesystem disk cache is very predictable; if you do disk IO, the cache will relentlessly grow to use all of your free memory. This sometimes disconcerts people when free reports that there\u0026#39;s very little memory actually free, but at least you\u0026#39;re getting value from your RAM. This is so reliable and regular that we generally don\u0026#39;t think about \u0026#39;is my system going to use all of my RAM as a disk cache\u0026#39;, because the answer is always \u0026#39;yes\u0026#39;. (The general filesystem cache is also called the page cache.)\u003c/p\u003e\n\n\u003cp\u003eThis is unfortunately not the case with the ZFS ARC in ZFS on Linux (and it wasn\u0026#39;t necessarily the case even on Solaris). ZFS has both a current size and a \u0026#39;target size\u0026#39; for the ARC (called \u0026#39;c\u0026#39; in ZFS statistics). When your system boots this target size starts out as the maximum allowed size for the ARC, but various events afterward can cause it to be reduced (which obviously limits the size of your ARC, since that\u0026#39;s its purpose). In practice, this reduction in the target size is both pretty sticky and rather mysterious (as ZFS on Linux doesn\u0026#39;t currently expose enough statistics to tell why your ARC target size shrunk in any particular case).\u003c/p\u003e\n\n\u003cp\u003eThe net effect is that the ZFS ARC is not infrequently quite shy and hesitant about using memory, in stark contrast to Linux\u0026#39;s normal filesystem cache. The default maximum ARC size starts out as only half of your RAM (unlike the regular filesystem cache, which will use all of it), and then it shrinks from there, sometimes very significantly, and once shrunk it only recovers slowly (if at all).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-June/718989.html\" rel=\"nofollow\"\u003eHammer2 is now default\u003c/a\u003e\u003c/h3\u003e\n\n\u003cpre\u003e\u003ccode\u003ecommit a49112761c919d42d405ec10252eb0553662c824\nAuthor: Matthew Dillon \u0026lt;dillon at apollo.backplane.com\u0026gt;\nDate:   Mon Jun 10 17:53:46 2019 -0700\n\n    installer - Default to HAMMER2\n\n    * Change the installer default from HAMMER1 to HAMMER2.\n\n    * Adjust the nrelease build to print the location of the image files\n      when it finishes.\n\nSummary of changes:\n nrelease/Makefile                          |  2 +-\n usr.sbin/installer/dfuibe_installer/flow.c | 20 ++++++++++----------\n 2 files changed, 11 insertions(+), 11 deletions(-)\n\nhttp://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a49112761c919d42d405ec10252eb0553662c824\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://netbsd.org/gallery/presentations/nia/netbsd-audio/\" rel=\"nofollow\"\u003eNetBSD audio – an application perspective\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD audio – an application perspective ... or, \u0026quot;doing it natively, because we can\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eaudio options for NetBSD in pkgsrc\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eUse NetBSD native audio (sun audio/audioio.h)\u003c/li\u003e\n\u003cli\u003eOr OSS emulation layer: Basically a wrapper around sun audio in the kernel. Incomplete and old version, but works for simple stuff\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMany many abstraction layers available:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenAL-Soft\u003c/li\u003e\n\u003cli\u003ealsa-lib (config file required)\u003c/li\u003e\n\u003cli\u003elibao, GStreamer (plugins!)\u003c/li\u003e\n\u003cli\u003ePortAudio, SDL\u003c/li\u003e\n\u003cli\u003ePulseAudio, JACK\u003c/li\u003e\n\u003cli\u003e... lots more!? some obsolete stuff (esd, nas?)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAdvantages of using NetBSD audio directly\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eLow latency, low CPU usage: Abstraction layers differ in latency (SDL2 vs ALSA/OpenAL)\u003c/li\u003e\n\u003cli\u003eQuery device information: Is /dev/audio1 a USB microphone or another sound card?\u003c/li\u003e\n\u003cli\u003eAvoid bugs from excessive layering\u003c/li\u003e\n\u003cli\u003eNice API, well documented: [nia note: I had no idea how to write audio code. I read a man page and now I do.]\u003c/li\u003e\n\u003cli\u003eYour code might work on illumos too\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e[nia note: SDL2 seems very sensitive to the blk_ms sysctl being high or low, with other implementations there seems to be a less noticable difference. I don\u0026#39;t know why.]\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/new-freenas-mini-models-release-pr/\" rel=\"nofollow\"\u003eNew FreeNAS Mini\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTwo new FreeNAS Mini systems join the very popular FreeNAS Mini and Mini XL:\u003c/p\u003e\n\n\u003cp\u003eFreeNAS Mini XL+: This powerful 10 Bay platform (8x 3.5” and 1x 2.5” hot-swap, 1x 2.5” internal) includes the latest, compact server technology and provides dual 10GbE ports, 8 CPU cores and 32 GB RAM for high performance workgroups. The Mini XL+ scales beyond 100TB and is ideal for very demanding applications, including hosting virtual machines and multimedia editing. Starting at $1499, the Mini XL+ configured with cache SSD and 80 TB capacity is $4299, and consumes about 100 Watts.\u003c/p\u003e\n\n\u003cp\u003eFreeNAS Mini E: This cost-effective 4 Bay platform provides the resources required for SOHO use with quad GbE ports and 8 GB of RAM. The Mini E is ideal for file sharing, streaming and transcoding video at 1080p. Starting at $749, the Mini E configured with 8 TB capacity is $999, and consumes about 36 Watts.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/source-changes/2019/07/30/msg107671.html\" rel=\"nofollow\"\u003eWelcome to NetBSD 9.99.1!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.snailtext.com/posts/berkeley-smorgasbord-part-2.html\" rel=\"nofollow\"\u003eBerkeley smorgasbord — part II\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=Brt41xnMZqo\u0026list=PLuJmmKtsV1dOTmlImlD9U5j1P1rLxS2V8\u0026index=20\u0026t=0s\" rel=\"nofollow\"\u003edtracing postgres\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://project-trident.org/post/2019-07-30_19.07-u1_available/\" rel=\"nofollow\"\u003eProject Trident 19.07-U1 now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.devprojournal.com/technology-trends/operating-systems/need-a-secure-operating-system-take-a-look-at-openbsd/\" rel=\"nofollow\"\u003eNeed a Secure Operating System? Take a Look at OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJeff - \u003ca href=\"http://dpaste.com/2AT7JGP#wrap\" rel=\"nofollow\"\u003eOpenZFS Port Testing Feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/1R170D7\" rel=\"nofollow\"\u003eBest Practices for Custom Ports\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/0CERP6R\" rel=\"nofollow\"\u003eLittle Correction\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0310.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"\r\nOPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more. ","date_published":"2019-08-07T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/11bc3886-8630-42e4-8ce6-a97cfce82f4d.mp3","mime_type":"audio/mp3","size_in_bytes":34679977,"duration_in_seconds":2889}]},{"id":"630a645e-fe37-4a56-a2fd-8c51abb5dfe5","title":"Episode 309: Get Your Telnet Fix","url":"https://www.bsdnow.tv/309","content_text":"DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.\n\nHeadlines\n\nDragonFlyBSD Project Update - colo upgrade, future trends\n\n\nFor the last week I've been testing out a replacement for Monster, our 48-core opteron server.  The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.\n\nThe goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.\n\nCurrently we use two blades to do most of the building, plus monster sometimes.  The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours.  But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates.  It just takes too long and its been gnawing at me for a little while.\n\nWell, Zen 2 to the rescue!  These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get. \n\nThe new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home.   The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours.  Monster will be retired.  And the crazy thing about this?  Monster burns 1000W going full bore.  Each of the 3900X servers burns 160W and the Xeon burns 200W.  In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade.  This tell you just how much more power-efficient machines have become in the last 9 years or so. \u0026gt; This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.\n\nFuture trends - DragonFlyBSD has reached a bit of a cross-roads.  With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM  (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.\n\n\n\n\nResuming ZFS send\n\n\nOne of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?\n\nFor a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.\n\nIn this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.\n\n\n\n\nNews Roundup\n\nRealtime bandwidth terminal graph visualization\n\n\nIf for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.\n\nThe following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.\n\n\n\n\nfixing telnet fixes\n\n\nThere’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.\n\n\nThe first line is indented with spaces while the others use tabs.\nThe correct type for string length is size_t not unsigned int.\nsizeof(char) is always one. There’s no need to multiply by it.\nIf you do need to multiply by a size, this is an unsafe pattern.  Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)\nReturn value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.\nReturn value of malloc is not checked for NULL.\nNo reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?\nThe whole operation could be simplified by using asprintf.\nAlthough unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.\n\n\n\n\n\nA Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln\n\n\nEarlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (https://marc.info/?l=openbsd-tech\u0026amp;m=129236621626462 …) Today, I got an interesting but unexpected responsive record: \n\n\n\nFreedom of Information Act: FBI: OpenBSD \nGitHub Repo\n\n\n\n\nBeastie Bits\n\n\n“Sudo Mastery, 2nd Edition” open for tech review\nFreeBSD Journal: FreeBSD for Makers\nOpenBSD and NetBSD machines at Open Source Conference 2019 Nagoya\nFreeBSD 12.0: WINE Gaming\nIntroduction to the Structure and Interpretation of TNF (The NetBSD Foundation)\nvBSDcon speakers announced\n\n\n\n\nFeedback/Questions\n\n\nPat - NYCBug Aug 7th\nTyler - SSH keys vs password\nLars - Tor-Talk\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eDragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2019-July/358226.html\" rel=\"nofollow\"\u003eDragonFlyBSD Project Update - colo upgrade, future trends\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor the last week I\u0026#39;ve been testing out a replacement for Monster, our 48-core opteron server.  The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.\u003c/p\u003e\n\n\u003cp\u003eThe goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.\u003c/p\u003e\n\n\u003cp\u003eCurrently we use two blades to do most of the building, plus monster sometimes.  The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours.  But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates.  It just takes too long and its been gnawing at me for a little while.\u003c/p\u003e\n\n\u003cp\u003eWell, Zen 2 to the rescue!  These new CPUs can take ECC, there\u0026#39;s actually an IPMI mobo available, and they are fast as hell and cheap for what we get. \u003c/p\u003e\n\n\u003cp\u003eThe new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home.   The 3900X\u0026#39;s can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours.  Monster will be retired.  And the crazy thing about this?  Monster burns 1000W going full bore.  Each of the 3900X servers burns 160W and the Xeon burns 200W.  In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade.  This tell you just how much more power-efficient machines have become in the last 9 years or so. \u0026gt; This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.\u003c/p\u003e\n\n\u003cp\u003eFuture trends - DragonFlyBSD has reached a bit of a cross-roads.  With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM  (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.oshogbo.vexillium.org/blog/66/\" rel=\"nofollow\"\u003eResuming ZFS send\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?\u003c/p\u003e\n\n\u003cp\u003eFor a very long time, you didn\u0026#39;t have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.\u003c/p\u003e\n\n\u003cp\u003eIn this short post, I don\u0026#39;t want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2019-07-19-ttyplot-netstat-openbsd.html\" rel=\"nofollow\"\u003eRealtime bandwidth terminal graph visualization\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.\u003c/p\u003e\n\n\u003cp\u003eThe following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://flak.tedunangst.com/post/fixing-telnet-fixes\" rel=\"nofollow\"\u003efixing telnet fixes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.\u003c/p\u003e\n\n\u003col\u003e\n\u003cli\u003e\u003cp\u003eThe first line is indented with spaces while the others use tabs.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe correct type for string length is size_t not unsigned int.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esizeof(char) is always one. There’s no need to multiply by it.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIf you do need to multiply by a size, this is an unsafe pattern.  Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eReturn value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eReturn value of malloc is not checked for NULL.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNo reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe whole operation could be simplified by using asprintf.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAlthough unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.\u003c/p\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/RooneyMcNibNug/status/1152327783055601664\" rel=\"nofollow\"\u003eA Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEarlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=129236621626462\" rel=\"nofollow\"\u003ehttps://marc.info/?l=openbsd-tech\u0026amp;m=129236621626462\u003c/a\u003e …) Today, I got an interesting but unexpected responsive record: \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/\" rel=\"nofollow\"\u003eFreedom of Information Act: FBI: OpenBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RooneyMcNibNug/FOIA/blob/master/Responsive%20Docs/OpenBSD/FBI_OpenBSD_response_OCRd.pdf\" rel=\"nofollow\"\u003eGitHub Repo\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/4378\" rel=\"nofollow\"\u003e“Sudo Mastery, 2nd Edition” open for tech review\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdnews.com/2019/07/12/freebsd-journal-freebsd-for-makers/\" rel=\"nofollow\"\u003eFreeBSD Journal: FreeBSD for Makers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2019/07/19/msg000808.html\" rel=\"nofollow\"\u003eOpenBSD and NetBSD machines at Open Source Conference 2019 Nagoya\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=zuj9pRNR2oM\" rel=\"nofollow\"\u003eFreeBSD 12.0: WINE Gaming\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.netbsd.org/gallery/presentations/wiz/pkgsrccon2019/index.html#/\" rel=\"nofollow\"\u003eIntroduction to the Structure and Interpretation of TNF (The NetBSD Foundation)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.vbsdcon.com/\" rel=\"nofollow\"\u003evBSDcon speakers announced\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePat - \u003ca href=\"http://dpaste.com/21Y1PRM\" rel=\"nofollow\"\u003eNYCBug Aug 7th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTyler - \u003ca href=\"http://dpaste.com/3JEVVEF#wrap\" rel=\"nofollow\"\u003eSSH keys vs password\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLars - \u003ca href=\"http://dpaste.com/0RAFMXZ\" rel=\"nofollow\"\u003eTor-Talk\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0309.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"\r\nDragonFlyBSD Project colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD, an OpenSSH vulnerability, and more.","date_published":"2019-07-31T23:45:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/630a645e-fe37-4a56-a2fd-8c51abb5dfe5.mp3","mime_type":"audio/mp3","size_in_bytes":34856460,"duration_in_seconds":2904}]},{"id":"583db96b-f838-461b-a366-c6d49825c5be","title":"308: Mumbling with OpenBSD","url":"https://www.bsdnow.tv/308","content_text":"Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.\n\nHeadlines\n\nReplacing a (silently) failing disk in a ZFS pool\n\n\nMaybe I can’t read, but I have the feeling that official documentations explain every single corner case for a given tool, except the one you will actually need. My today’s struggle: replacing a disk within a FreeBSD ZFS pool.\nWhat? there’s a shitton of docs on this topic! Are you stupid?\nI don’t know, maybe. Yet none covered the process in a simple, straight and complete manner.\n\n\n\n\nOPNsense 19.7 RC1 released\n\n\nHi there,\nFor four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\nWe thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.\nDownload links, an installation guide[1] and the checksums for the images can be found below as well.\n\n\n\n\nNews Roundup\n\nImplementation of DRM ioctl Support for NetBSD kernel\n\n\nWhat is DRM ioctl ?\n\n\n\nIoctls are input/output control system calls and DRM stands for direct rendering manager The DRM layer provides several services to graphics drivers, many of them driven by the application interfaces it provides through libdrm, the library that wraps most of the DRM ioctls. These include vblank event handling, memory management, output management, framebuffer management, command submission \u0026amp; fencing, suspend/resume support, and DMA services.\n\n\n\nNative DRM ioctl calls\n\n\n\nNetBSD was able to make native DRM ioctl calls with hardware rendering once xorg and proper mesa packages where installed. We used the glxinfo and glxgears applications to test this out.\n\n\n\n\nHigh quality / low latency VOIP server with umurmur/Mumble on OpenBSD\n\n\nDiscord users keep telling about their so called discord server, which is not dedicated to them at all. And Discord has a very bad quality and a lot of voice distorsion.\nWhy not run your very own mumble server with high voice quality and low latency and privacy respect? This is very easy to setup on OpenBSD!\nMumble is an open source voip client, it has a client named Mumble (available on various operating system) and at least Android, the server part is murmur but there is a lightweight server named umurmur. People authentication is done through certificate generated locally and automatically accepted on a server, and the certificate get associated with a nickname. Nobody can pick the same nickname as another person if it’s not the same certificate.\n\n\n\n\nTMWL June’19 — JS Fetch API, scheduling in Spring, thoughts on Unix\n\n\nUnix — going back to the roots\n\n\n\nFrom time to time, I like to review my knowledge in a certain area, even when I feel like I know a lot about it already. I go back to the basics and read tutorials, manuals, books or watch interesting videos.\nI’ve been using macOS for a couple of years now, previously being a linux user for some (relatively short) time. Both these operating systems have a common ancestor — Unix. While I’m definitely not an expert, I feel quite comfortable using linux \u0026amp; macOS — I understand the concepts behind the system architecture, know a lot of command line tools \u0026amp; navigate through the shell without a hassle. So-called unix philosophy is also close to my heart. I always feel like there’s more I could squeeze out of it.\nRecently, I found that book titled “Unix for dummies, 5th edition” which was published back in… 2004. Feels literally like AGES in the computer-related world. However, it was a great shot — the book starts with the basics, providing some brief history of Unix and how it came to life. It talks a lot about the structure of the system and where certain pieces fit (eg. “standard” set of tools), and how to understand permissions and work with files \u0026amp; directories. There’s even a whole chapter about shell-based text editors like Vi and Emacs! Despite the fact that I am familiar with most of these, I could still find some interesting pieces \u0026amp; tools that I either knew existed (but never had a chance to use), or even haven’t ever heard of. And almost all of these are still valid in the modern “incarnations” of Unix’s descendants: Linux and macOS.\nThe book also talks about networking, surfing the web \u0026amp; working with email. It’s cute to see pictures of those old browsers rendering “ancient” Internet websites, but hey — this is how it looked like no more than fifteen years ago!\nI can really recommend this book to anyone working on modern macOS or Linux — you will certainly find some interesting pieces. Especially if you like to go back to the roots from time to time as I do!\n\n\n\n\nThePDP-7 Where Unix Began\n\n\nIn preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.\nV0 Unix could run on only one of the PDP-7s. Of the 99 PDP-7s produced, only two had disks. Serial number 14 had an RA01 listed, presumably a disk, though of a different type. In addition to the PDP-7 being obsolete in 1970, no other PDP-7 could run Unix, limiting its appeal outside of Bell Labs. By porting Unix to the PDP-11 in 1970, the group ensured Unix would live on into the future. The PDP-9 and PDP-15 were both upgrades of the PDP-7, so to be fair, PDP-7 Unix did have a natural upgrade path (the PDP-11 out sold the 18 bit systems though ~600,000 to ~1000). Ken Thompson reports in a private email that there were 2 PDP-9s and 1 PDP-15 at Bell Labs that could run a version of the PDP-7 Unix, though those machines were viewed as born obsolete.\n\n\n\n\nLLDB: watchpoints, XSTATE in ptrace() and core dumps\n\n\nUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\nIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.\nIn June, I have finally finished the remaining ptrace() work for xstate and got it merged both on NetBSD and LLDB end (meaning it's going to make it into NetBSD 9). I have also worked on debug register support in LLDB, effectively fixing watchpoint support. Once again I had to fight some upstream regressions.\n\n\nBeastie Bits\n\n\nProject Trident 19.07 Available\nA list of names from \"Cold Blood\" -- Any familiar?\nfern: a curses-based mastodon client modeled off usenet news readers \u0026amp; pine, with an emphasis on getting to 'timeline zero'\nOpenBSD Community goes Platinum for 2019!\ntcp keepalive and dports on DragonFly\n\n\n\n\nFeedback/Questions\n\n\nPatrick - OpenZFS/ZoL Module from Ports\nBrad - Services not starting\nSimon - Feedback\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eReplacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://imil.net/blog/2019/07/02/Replacing-a-silently-failing-disk-in-a-ZFS-pool/\" rel=\"nofollow\"\u003eReplacing a (silently) failing disk in a ZFS pool\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMaybe I can’t read, but I have the feeling that official documentations explain every single corner case for a given tool, except the one you will actually need. My today’s struggle: replacing a disk within a FreeBSD ZFS pool.\u003cbr\u003e\nWhat? there’s a shitton of docs on this topic! Are you stupid?\u003cbr\u003e\nI don’t know, maybe. Yet none covered the process in a simple, straight and complete manner.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-19-7-rc1-released/\" rel=\"nofollow\"\u003eOPNsense 19.7 RC1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHi there,\u003cbr\u003e\nFor four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\u003cbr\u003e\nWe thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.\u003cbr\u003e\nDownload links, an installation guide[1] and the checksums for the images can be found below as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/implementation_of_drm_ioctl_support\" rel=\"nofollow\"\u003eImplementation of DRM ioctl Support for NetBSD kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is DRM ioctl ?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIoctls are input/output control system calls and DRM stands for direct rendering manager The DRM layer provides several services to graphics drivers, many of them driven by the application interfaces it provides through libdrm, the library that wraps most of the DRM ioctls. These include vblank event handling, memory management, output management, framebuffer management, command submission \u0026amp; fencing, suspend/resume support, and DMA services.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNative DRM ioctl calls\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD was able to make native DRM ioctl calls with hardware rendering once xorg and proper mesa packages where installed. We used the glxinfo and glxgears applications to test this out.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2019-07-04-umurmur.html\" rel=\"nofollow\"\u003eHigh quality / low latency VOIP server with umurmur/Mumble on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDiscord users keep telling about their so called discord server, which is not dedicated to them at all. And Discord has a very bad quality and a lot of voice distorsion.\u003cbr\u003e\nWhy not run your very own mumble server with high voice quality and low latency and privacy respect? This is very easy to setup on OpenBSD!\u003cbr\u003e\nMumble is an open source voip client, it has a client named Mumble (available on various operating system) and at least Android, the server part is murmur but there is a lightweight server named umurmur. People authentication is done through certificate generated locally and automatically accepted on a server, and the certificate get associated with a nickname. Nobody can pick the same nickname as another person if it’s not the same certificate.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.softwaremill.com/tmwl-june19-js-fetch-api-scheduling-in-spring-thoughts-on-unix-fd54f50ecd64\" rel=\"nofollow\"\u003eTMWL June’19 — JS Fetch API, scheduling in Spring, thoughts on Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUnix — going back to the roots\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFrom time to time, I like to review my knowledge in a certain area, even when I feel like I know a lot about it already. I go back to the basics and read tutorials, manuals, books or watch interesting videos.\u003cbr\u003e\nI’ve been using macOS for a couple of years now, previously being a linux user for some (relatively short) time. Both these operating systems have a common ancestor — Unix. While I’m definitely not an expert, I feel quite comfortable using linux \u0026amp; macOS — I understand the concepts behind the system architecture, know a lot of command line tools \u0026amp; navigate through the shell without a hassle. So-called unix philosophy is also close to my heart. I always feel like there’s more I could squeeze out of it.\u003cbr\u003e\nRecently, I found that book titled “Unix for dummies, 5th edition” which was published back in… 2004. Feels literally like AGES in the computer-related world. However, it was a great shot — the book starts with the basics, providing some brief history of Unix and how it came to life. It talks a lot about the structure of the system and where certain pieces fit (eg. “standard” set of tools), and how to understand permissions and work with files \u0026amp; directories. There’s even a whole chapter about shell-based text editors like Vi and Emacs! Despite the fact that I am familiar with most of these, I could still find some interesting pieces \u0026amp; tools that I either knew existed (but never had a chance to use), or even haven’t ever heard of. And almost all of these are still valid in the modern “incarnations” of Unix’s descendants: Linux and macOS.\u003cbr\u003e\nThe book also talks about networking, surfing the web \u0026amp; working with email. It’s cute to see pictures of those old browsers rendering “ancient” Internet websites, but hey — this is how it looked like no more than fifteen years ago!\u003cbr\u003e\nI can really recommend this book to anyone working on modern macOS or Linux — you will certainly find some interesting pieces. Especially if you like to go back to the roots from time to time as I do!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdimp.blogspot.com/2019/07/the-pdp-7-where-unix-began.html\" rel=\"nofollow\"\u003eThePDP-7 Where Unix Began\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.\u003cbr\u003e\nV0 Unix could run on only one of the PDP-7s. Of the 99 PDP-7s produced, only two had disks. Serial number 14 had an RA01 listed, presumably a disk, though of a different type. In addition to the PDP-7 being obsolete in 1970, no other PDP-7 could run Unix, limiting its appeal outside of Bell Labs. By porting Unix to the PDP-11 in 1970, the group ensured Unix would live on into the future. The PDP-9 and PDP-15 were both upgrades of the PDP-7, so to be fair, PDP-7 Unix did have a natural upgrade path (the PDP-11 out sold the 18 bit systems though ~600,000 to ~1000). Ken Thompson reports in a private email that there were 2 PDP-9s and 1 PDP-15 at Bell Labs that could run a version of the PDP-7 Unix, though those machines were viewed as born obsolete.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/lldb_watchpoints_xstate_in_ptrace\" rel=\"nofollow\"\u003eLLDB: watchpoints, XSTATE in ptrace() and core dumps\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\u003cbr\u003e\nIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I\u0026#39;ve been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD\u0026#39;s ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.\u003cbr\u003e\nIn June, I have finally finished the remaining ptrace() work for xstate and got it merged both on NetBSD and LLDB end (meaning it\u0026#39;s going to make it into NetBSD 9). I have also worked on debug register support in LLDB, effectively fixing watchpoint support. Once again I had to fight some upstream regressions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://project-trident.org/post/2019-07-12_19.07_available/\" rel=\"nofollow\"\u003eProject Trident 19.07 Available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.montanalinux.org/cold-blood-list-of-numbers-201907.html\" rel=\"nofollow\"\u003eA list of names from \u0026quot;Cold Blood\u0026quot; -- Any familiar?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/enkiv2/fern\" rel=\"nofollow\"\u003efern: a curses-based mastodon client modeled off usenet news readers \u0026amp; pine, with an emphasis on getting to \u0026#39;timeline zero\u0026#39;\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20190707065226\" rel=\"nofollow\"\u003eOpenBSD Community goes Platinum for 2019!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/07/15/23199.html\" rel=\"nofollow\"\u003etcp keepalive and dports on DragonFly\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePatrick - \u003ca href=\"http://dpaste.com/1W2HJ04\" rel=\"nofollow\"\u003eOpenZFS/ZoL Module from Ports\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/345VM9Y#wrap\" rel=\"nofollow\"\u003eServices not starting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimon - \u003ca href=\"http://dpaste.com/1B4ZKC8#wrap\" rel=\"nofollow\"\u003eFeedback\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0308.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.","date_published":"2019-07-24T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/583db96b-f838-461b-a366-c6d49825c5be.mp3","mime_type":"audio/mp3","size_in_bytes":31984767,"duration_in_seconds":2665}]},{"id":"1bd153c0-be65-44ed-8f12-f73d97e93d8b","title":"307: Twitching with OpenBSD","url":"https://www.bsdnow.tv/307","content_text":"FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.\n\nHeadlines\n\nFreeBSD 11.3-RELEASE Announcement\n\n\nThe FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.\n\n\n\nSome of the highlights:\n\n\nThe clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.\nThe ELF Tool Chain has been updated to version r3614.\nOpenSSL has been updated to version 1.0.2s.\nThe ZFS filesystem has been updated to implement parallel mounting.\nThe loader(8) has been updated to extend geli(8) support to all architectures.\nThe pkg(8) utility has been updated to version 1.10.5.\nThe KDE desktop environment has been updated to version 5.15.3.\nThe GNOME desktop environment has been updated to version 3.28.\nThe kernel will now log the jail(8) ID when logging a process exit.\nSeveral feature additions and updates to userland applications.\nSeveral network driver firmware updates.\nWarnings for features deprecated in future releases will now be printed on all FreeBSD versions.\nWarnings have been added for IPSec algorithms deprecated in RFC 8221.\nDeprecation warnings have been added for weaker algorithms when creating geli(8) providers.\nAnd more...\n\n\n\n\n\nOpenBSD Is Now My Workstation\n\n\nWhy OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).\n\nI will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.\n\nDisclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.\n\n\n\nA Bit About Me and OpenBSD\n\n\n\nI’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.\n\nI just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.\n\n\n\n\nNews Roundup\n\nWrite your own fuzzer for NetBSD kernel! [Part 1]\n\n\nHow Fuzzing works? The dummy Fuzzer.\n\n\n\nThe easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.\n\nThe simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.\n\n\n\nCoverage and Fuzzing\n\n\n\nWhat can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.\n\nHowever, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour.\n\nAdditional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags.\n\nFor open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution\n\n\n\n\nvBSDcon - CFP - Call for Papers ends July 19th\n\n\nYou can submit your proposal at https://easychair.org/conferences/?conf=vbsdcon2019\n\nThe talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.\n\nIf you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience.  People using BSD as a platform for research are also encouraged to submit a proposal.\n\nPossible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD.\n\nBoth users and developers are encouraged to share their experiences.\n\n\n\n\nExploiting FreeBSD-SA-19:02.fd\n\n\nIn February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process.\n\nInside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges.\n\nWhat really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable.\n\nThe advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap.\n\nThe advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors.\n\n\n\nIn the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive.\nAfter that, the bug trigger is addressed.\nIt follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed.\nIn the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too.\nThe last section wraps everything up in a conclusion and points out further steps and challenges.\n\n\n\nThe privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh.\n\n\n\n\nStreaming to Twitch using OpenBSD\n\n\n Introduction\n\n\n\nIf you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters.\n\nThe setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you.\n\nYou will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account.\n\n\n\nThese same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups.\nThere is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application.\n\n\n\n\nBeastie Bits\n\n\nPortland BSD Pizza Night - 2019-07-25 19:00 - Rudy's Gourmet Pizza\nKnoxBUG - Michael W. Lucas : Twenty Years in Jail\nOhio Linuxfest - CFP - Closes August 17th\nMy college (NYU Tandon) is moving their CS department and I saw this on a shelf being moved\n3 different ways of dumping hex contents of a file\n\n\n\n\nFeedback/Questions\n\n\nSebastian - ZFS setup toward ESXi\nChristopher - Questions\nSer - Bhyve and Microsoft SQL\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/11.3R/announce.html\" rel=\"nofollow\"\u003eFreeBSD 11.3-RELEASE Announcement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome of the highlights:\n\n\u003cul\u003e\n\u003cli\u003eThe clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.\u003c/li\u003e\n\u003cli\u003eThe ELF Tool Chain has been updated to version r3614.\u003c/li\u003e\n\u003cli\u003eOpenSSL has been updated to version 1.0.2s.\u003c/li\u003e\n\u003cli\u003eThe ZFS filesystem has been updated to implement parallel mounting.\u003c/li\u003e\n\u003cli\u003eThe loader(8) has been updated to extend geli(8) support to all architectures.\u003c/li\u003e\n\u003cli\u003eThe pkg(8) utility has been updated to version 1.10.5.\u003c/li\u003e\n\u003cli\u003eThe KDE desktop environment has been updated to version 5.15.3.\u003c/li\u003e\n\u003cli\u003eThe GNOME desktop environment has been updated to version 3.28.\u003c/li\u003e\n\u003cli\u003eThe kernel will now log the jail(8) ID when logging a process exit.\u003c/li\u003e\n\u003cli\u003eSeveral feature additions and updates to userland applications.\u003c/li\u003e\n\u003cli\u003eSeveral network driver firmware updates.\u003c/li\u003e\n\u003cli\u003eWarnings for features deprecated in future releases will now be printed on all FreeBSD versions.\u003c/li\u003e\n\u003cli\u003eWarnings have been added for IPSec algorithms deprecated in RFC 8221.\u003c/li\u003e\n\u003cli\u003eDeprecation warnings have been added for weaker algorithms when creating geli(8) providers.\u003c/li\u003e\n\u003cli\u003eAnd more...\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/\" rel=\"nofollow\"\u003eOpenBSD Is Now My Workstation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhy OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).\u003c/p\u003e\n\n\u003cp\u003eI will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.\u003c/p\u003e\n\n\u003cp\u003eDisclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Bit About Me and OpenBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.\u003c/p\u003e\n\n\u003cp\u003eI just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/write_your_own_fuzzer_for\" rel=\"nofollow\"\u003eWrite your own fuzzer for NetBSD kernel! [Part 1]\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow Fuzzing works? The dummy Fuzzer.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.\u003c/p\u003e\n\n\u003cp\u003eThe simplest \u0026#39;fuzzer\u0026#39; can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCoverage and Fuzzing\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.\u003c/p\u003e\n\n\u003cp\u003eHowever, programs usually process different inputs at different speeds, which can give us some insight into the program\u0026#39;s behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program\u0026#39;s behaviour.\u003c/p\u003e\n\n\u003cp\u003eAdditional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags.\u003c/p\u003e\n\n\u003cp\u003eFor open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vbsdcon.com/\" rel=\"nofollow\"\u003evBSDcon - CFP - Call for Papers ends July 19th\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou can submit your proposal at \u003ca href=\"https://easychair.org/conferences/?conf=vbsdcon2019\" rel=\"nofollow\"\u003ehttps://easychair.org/conferences/?conf=vbsdcon2019\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eThe talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.\u003c/p\u003e\n\n\u003cp\u003eIf you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience.  People using BSD as a platform for research are also encouraged to submit a proposal.\u003c/p\u003e\n\n\u003cp\u003ePossible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD.\u003c/p\u003e\n\n\u003cp\u003eBoth users and developers are encouraged to share their experiences.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html\" rel=\"nofollow\"\u003eExploiting FreeBSD-SA-19:02.fd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process.\u003c/p\u003e\n\n\u003cp\u003eInside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges.\u003c/p\u003e\n\n\u003cp\u003eWhat really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable.\u003c/p\u003e\n\n\u003cp\u003eThe advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap.\u003c/p\u003e\n\n\u003cp\u003eThe advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive.\u003c/li\u003e\n\u003cli\u003eAfter that, the bug trigger is addressed.\u003c/li\u003e\n\u003cli\u003eIt follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed.\u003c/li\u003e\n\u003cli\u003eIn the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too.\u003c/li\u003e\n\u003cli\u003eThe last section wraps everything up in a conclusion and points out further steps and challenges.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dataswamp.org/%7Esolene/2019-07-06-twitch.html\" rel=\"nofollow\"\u003eStreaming to Twitch using OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e Introduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters.\u003c/p\u003e\n\n\u003cp\u003eThe setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you.\u003c/p\u003e\n\n\u003cp\u003eYou will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThese same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups.\u003c/li\u003e\n\u003cli\u003eThere is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://calagator.org/events/1250475868\" rel=\"nofollow\"\u003ePortland BSD Pizza Night - 2019-07-25 19:00 - Rudy\u0026#39;s Gourmet Pizza\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/2019-07-29\" rel=\"nofollow\"\u003eKnoxBUG - Michael W. Lucas : Twenty Years in Jail\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ohiolinux.org/call-for-presentations/\" rel=\"nofollow\"\u003eOhio Linuxfest - CFP - Closes August 17th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/freebsd/comments/cdx8fp/my_college_nyu_tandon_is_moving_their_cs/\" rel=\"nofollow\"\u003eMy college (NYU Tandon) is moving their CS department and I saw this on a shelf being moved\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://moopost.blogspot.com/2019/07/3-different-ways-of-dumping-hex.html\" rel=\"nofollow\"\u003e3 different ways of dumping hex contents of a file\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSebastian - \u003ca href=\"http://dpaste.com/0DRKFH6#wrap\" rel=\"nofollow\"\u003eZFS setup toward ESXi\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChristopher - \u003ca href=\"http://dpaste.com/2YNN1SH\" rel=\"nofollow\"\u003eQuestions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSer - \u003ca href=\"http://dpaste.com/1F5TMT0#wrap\" rel=\"nofollow\"\u003eBhyve and Microsoft SQL\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0307.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.","date_published":"2019-07-18T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1bd153c0-be65-44ed-8f12-f73d97e93d8b.mp3","mime_type":"audio/mp3","size_in_bytes":36709691,"duration_in_seconds":3059}]},{"id":"2e907009-f426-4bbd-a592-d91329f11f0f","title":"306: Comparing Hammers","url":"https://www.bsdnow.tv/306","content_text":"Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.\n\n\n\nHeadlines\n\nPolprog's Am5x86 based retro UNIX build log\n\n\nI have recently acquired an Am5x86 computer, in a surprisingly good condition. This is an ongoing project, check this page often for updates!\n\nI began by connecting a front panel. The panel came from a different chassis and is slightly too wide, so I had to attach it with a couple of zip-ties. However, that makes it stick out from the PC front at an angle, allowing easy access when the computer sits at the floor - and thats where it is most of the time. It's not that bad, to be honest, and its way easier to access than it would be, if mounted vertically\n\nThere is a mains switch on the front panel because the computer uses an older style power supply. Those power supplies instead of relying on a PSON signal, like modern ATX supplies, run a 4 wire cable to a mains switch. The cable carries live and neutral both ways, and the switch keys in or out the power. The system powers on as soon as the switch is enabled.\n\nOriginally there was no graphics card in it. Since a PC will not boot with out a GPU, I had to find one. The mainboard only has PCI and ISA slots, and all the GPUs I had were AGP. Fortunately, I bought a PCI GPU hoping it would solve my issue...\n\nHowever the GPU turned out to be faulty. It took me some time to repair it. I had to repair a broken trace leading to one of the EEPROM pins, and replace a contact in the EEPROM's socket. Then I replaced all the electrolytic capacitors on it, and that fixed it for good.\n\nHaving used up only one of the three PCI slots, I populated the remaining pair with two ethernet cards. I still have a bunch of ISA slots available, but I have nothing to install there. Yet.\n\n\n\nSee the article for the rest of the writeup\n\n\n\n\nSetting up services in a FreeNAS Jail\n\n\nThis piece demonstrates the setup of a server service in a FreeNAS jail and how to share files with a jail using Apache 2.4 as an example. Jails are powerful, self-contained FreeBSD environments with separate network settings, package management, and access to thousands of FreeBSD application packages. Popular packages such as Apache, NGINX, LigHTTPD, MySQL, and PHP can be found and installed with the pkg search and pkg install commands. \n\nThis example shows creating a jail, installing an Apache web server, and setting up a simple web page. \n\nNOTE: Do not directly attach FreeNAS to an external network (WAN). Use port forwarding, proper firewalls and DDoS protections when using FreeNAS for external web sites. This example demonstrates expanding the functionality of FreeNAS in an isolated LAN environment.\n\n\n\n\nNews Roundup\n\nFirst taste of DragonflyBSD\n\n\nLast week, I needed to pick a BSD Operating System which supports NUMA to do some testing, so I decided to give Dragonfly BSD a shot. Dragonfly BSDonly can run on X86_64 architecture, which reminds me of Arch Linux, and after some tweaking, I feel Dragonfly BSD may be a “developer-friendly” Operating System, at least for me.\n\nI mainly use Dragonfly BSD as a server, so I don’t care whether GUI is fancy or not. But I have high requirements of developer tools, i.e., compiler and debugger. The default compiler of Dragonfly BSD is gcc 8.3, and I can also install clang 8.0.0 from package. This means I can test state-of-the-art features of compilers, and it is really important for me. gdb‘s version is 7.6.1, a little lag behind, but still OK.\n\nFurthermore, the upgradation of Dragonfly BSD is pretty simple and straightforward. I followed document to upgrade my Operating System to 5.6.0 this morning, just copied and pasted, no single error, booted successfully.\n\n\n\n\nStreaming Netflix on NetBSD\n\n\nHere's a step-by-step guide that allows streaming Netflix media on NetBSD using a intel-haxm accelerated QEMU vm.\n\nHeads-up! Sound doesn't work, but everything else is fine. Please read the rest of this thread for a solution to this!!\n\n\n\n\n“Sudo Mastery 2nd Edition” cover art reveal\n\n\nI’m about halfway through the new edition of Sudo Mastery. Assuming nothing terrible happens, should have a complete first draft in four to six weeks. Enough stuff has changed in sudo that I need to carefully double-check every single feature. (I’m also horrified by the painfully obsolete versions of sudo shipped in the latest versions of CentOS and Debian, but people running those operating systems are already accustomed to their creaky obsolescence.)\n\nBut the reason for this blog post? I have Eddie Sharam’s glorious cover art. My Patronizers saw it last month, so now the rest of you get a turn.\n\n\n\n\nNetBSD on the last G4 Mac mini\n\n\nI'm a big fan of NetBSD. I've run it since 2000 on a Mac IIci (of course it's still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.\n\nRecently I had a need to set up a bridge system that would be fast enough to connect two networks and I happened to have two of the \"secret\" last-of-the-line 1.5GHz G4 Mac minis sitting on the shelf doing nothing. Yes, they're probably outclassed by later Raspberry Pi models, but I don't have to buy anything and I like putting old hardware to good use.\n\n\n\n\nHammer vs Hammer2\n\n\nWith the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it's now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0. \n\nWith a 120GB Toshiba NVMe SSD on an Intel Core i7 8700K system, I ran some benchmarks of DragonFlyBSD 5.6.0 freshly installed with HAMMER2 and then again when returning to the original HAMMER file-system that remains available via its installer. No other changes were made to the setup during testing. \n\nAnd then for the more synthetic workloads it was just a mix. But overall HAMMER2 was performing well during the initial testing and great to see it continuing to offer noticeable leads in real-world workloads compared to the aging HAMMER file-system. HAMMER2 also offers better clustering, online deduplication, snapshots, compression, encryption, and many other modern file-system features.\n\n\n\n\nBeastie Bits\n\n\nUnix CLI relational database\nThe TTY demystified\nRanger, a console file manager with VI keybindings\nSome Unix Humor\nOpenBSD -import vulkan-loader for Vulkan API support\nFreeBSD ZFS without drives\n\n\n\n\nFeedback/Questions\n\n\nMoritz - ARM Builds\nDave - Videos\nChris - Raspberry Pi4\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eAm5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://polprog.net/blog/486/\" rel=\"nofollow\"\u003ePolprog\u0026#39;s Am5x86 based retro UNIX build log\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have recently acquired an Am5x86 computer, in a surprisingly good condition. This is an ongoing project, check this page often for updates!\u003c/p\u003e\n\n\u003cp\u003eI began by connecting a front panel. The panel came from a different chassis and is slightly too wide, so I had to attach it with a couple of zip-ties. However, that makes it stick out from the PC front at an angle, allowing easy access when the computer sits at the floor - and thats where it is most of the time. It\u0026#39;s not that bad, to be honest, and its way easier to access than it would be, if mounted vertically\u003c/p\u003e\n\n\u003cp\u003eThere is a mains switch on the front panel because the computer uses an older style power supply. Those power supplies instead of relying on a PSON signal, like modern ATX supplies, run a 4 wire cable to a mains switch. The cable carries live and neutral both ways, and the switch keys in or out the power. The system powers on as soon as the switch is enabled.\u003c/p\u003e\n\n\u003cp\u003eOriginally there was no graphics card in it. Since a PC will not boot with out a GPU, I had to find one. The mainboard only has PCI and ISA slots, and all the GPUs I had were AGP. Fortunately, I bought a PCI GPU hoping it would solve my issue...\u003c/p\u003e\n\n\u003cp\u003eHowever the GPU turned out to be faulty. It took me some time to repair it. I had to repair a broken trace leading to one of the EEPROM pins, and replace a contact in the EEPROM\u0026#39;s socket. Then I replaced all the electrolytic capacitors on it, and that fixed it for good.\u003c/p\u003e\n\n\u003cp\u003eHaving used up only one of the three PCI slots, I populated the remaining pair with two ethernet cards. I still have a bunch of ISA slots available, but I have nothing to install there. Yet.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest of the writeup\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/services-in-freenas-jail/\" rel=\"nofollow\"\u003eSetting up services in a FreeNAS Jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis piece demonstrates the setup of a server service in a FreeNAS jail and how to share files with a jail using Apache 2.4 as an example. Jails are powerful, self-contained FreeBSD environments with separate network settings, package management, and access to thousands of FreeBSD application packages. Popular packages such as Apache, NGINX, LigHTTPD, MySQL, and PHP can be found and installed with the pkg search and pkg install commands. \u003c/p\u003e\n\n\u003cp\u003eThis example shows creating a jail, installing an Apache web server, and setting up a simple web page. \u003c/p\u003e\n\n\u003cp\u003eNOTE: Do not directly attach FreeNAS to an external network (WAN). Use port forwarding, proper firewalls and DDoS protections when using FreeNAS for external web sites. This example demonstrates expanding the functionality of FreeNAS in an isolated LAN environment.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://nanxiao.me/en/first-taste-of-dragonfly-bsd/\" rel=\"nofollow\"\u003eFirst taste of DragonflyBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast week, I needed to pick a BSD Operating System which supports NUMA to do some testing, so I decided to give Dragonfly BSD a shot. Dragonfly BSDonly can run on X86_64 architecture, which reminds me of Arch Linux, and after some tweaking, I feel Dragonfly BSD may be a “developer-friendly” Operating System, at least for me.\u003c/p\u003e\n\n\u003cp\u003eI mainly use Dragonfly BSD as a server, so I don’t care whether GUI is fancy or not. But I have high requirements of developer tools, i.e., compiler and debugger. The default compiler of Dragonfly BSD is gcc 8.3, and I can also install clang 8.0.0 from package. This means I can test state-of-the-art features of compilers, and it is really important for me. gdb‘s version is 7.6.1, a little lag behind, but still OK.\u003c/p\u003e\n\n\u003cp\u003eFurthermore, the upgradation of Dragonfly BSD is pretty simple and straightforward. I followed document to upgrade my Operating System to 5.6.0 this morning, just copied and pasted, no single error, booted successfully.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unitedbsd.com/d/68-streaming-netflix-on-netbsd\" rel=\"nofollow\"\u003eStreaming Netflix on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere\u0026#39;s a step-by-step guide that allows streaming Netflix media on NetBSD using a intel-haxm accelerated QEMU vm.\u003c/p\u003e\n\n\u003cp\u003eHeads-up! Sound doesn\u0026#39;t work, but everything else is fine. Please read the rest of this thread for a solution to this!!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mwl.io/archives/4320\" rel=\"nofollow\"\u003e“Sudo Mastery 2nd Edition” cover art reveal\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m about halfway through the new edition of Sudo Mastery. Assuming nothing terrible happens, should have a complete first draft in four to six weeks. Enough stuff has changed in sudo that I need to carefully double-check every single feature. (I’m also horrified by the painfully obsolete versions of sudo shipped in the latest versions of CentOS and Debian, but people running those operating systems are already accustomed to their creaky obsolescence.)\u003c/p\u003e\n\n\u003cp\u003eBut the reason for this blog post? I have Eddie Sharam’s glorious cover art. My Patronizers saw it last month, so now the rest of you get a turn.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://tenfourfox.blogspot.com/2019/06/and-now-for-something-completely.html\" rel=\"nofollow\"\u003eNetBSD on the last G4 Mac mini\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;m a big fan of NetBSD. I\u0026#39;ve run it since 2000 on a Mac IIci (of course it\u0026#39;s still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.\u003c/p\u003e\n\n\u003cp\u003eRecently I had a need to set up a bridge system that would be fast enough to connect two networks and I happened to have two of the \u0026quot;secret\u0026quot; last-of-the-line 1.5GHz G4 Mac minis sitting on the shelf doing nothing. Yes, they\u0026#39;re probably outclassed by later Raspberry Pi models, but I don\u0026#39;t have to buy anything and I like putting old hardware to good use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://phoronix.com/scan.php?page=news_item\u0026px=DragonFlyBSD-5.6-HAMMER2-Perf\" rel=\"nofollow\"\u003eHammer vs Hammer2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it\u0026#39;s now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0. \u003c/p\u003e\n\n\u003cp\u003eWith a 120GB Toshiba NVMe SSD on an Intel Core i7 8700K system, I ran some benchmarks of DragonFlyBSD 5.6.0 freshly installed with HAMMER2 and then again when returning to the original HAMMER file-system that remains available via its installer. No other changes were made to the setup during testing. \u003c/p\u003e\n\n\u003cp\u003eAnd then for the more synthetic workloads it was just a mix. But overall HAMMER2 was performing well during the initial testing and great to see it continuing to offer noticeable leads in real-world workloads compared to the aging HAMMER file-system. HAMMER2 also offers better clustering, online deduplication, snapshots, compression, encryption, and many other modern file-system features.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://spin.atomicobject.com/2019/06/16/unix-cli-relational-database/\" rel=\"nofollow\"\u003eUnix CLI relational database\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.linusakesson.net/programming/tty/index.php\" rel=\"nofollow\"\u003eThe TTY demystified\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ranger.github.io/\" rel=\"nofollow\"\u003eRanger, a console file manager with VI keybindings\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/unix/comments/c6o5ze/some_unix_humor/\" rel=\"nofollow\"\u003eSome Unix Humor\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-ports-cvs\u0026m=156121732625604\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD -import vulkan-loader for Vulkan API support\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://savagedlight.me/2019/06/09/freebsd-zfs-without-drives/\" rel=\"nofollow\"\u003eFreeBSD ZFS without drives\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMoritz - \u003ca href=\"http://dpaste.com/175RRAZ\" rel=\"nofollow\"\u003eARM Builds\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDave - \u003ca href=\"http://dpaste.com/2DYK85B\" rel=\"nofollow\"\u003eVideos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChris - \u003ca href=\"http://dpaste.com/1B16QVN\" rel=\"nofollow\"\u003eRaspberry Pi4\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0306.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.","date_published":"2019-07-11T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2e907009-f426-4bbd-a592-d91329f11f0f.mp3","mime_type":"audio/mp3","size_in_bytes":27620333,"duration_in_seconds":2301}]},{"id":"3ad52b9d-03b4-4c00-a16f-cc4be091e6ff","title":"305: Changing face of Unix","url":"https://www.bsdnow.tv/305","content_text":"Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.\n\nHeadlines\n\nWebsite protection with OPNsense\n\n\nwith nginx plugin OPNsense become a strong full featured Web Application Firewall (WAF)\n\n\n\nThe OPNsense security platform can help you to protect your network and your webservers with the nginx plugin addition.\nIn old days, install an open source firewall was a very trick task, but today it can be done with few clicks (or key strokes). In this article I'll not describe the detailed OPNsense installation process, but you can watch this video that was extracted from my OPNsense course available in Udemy. The video is in portuguese language, but with the translation CC Youtube feature you may be able to follow it without problems (if you don't are a portuguese speaker ofcourse) :-)\n\n\nSee the article for the rest of the writeup\n\n\n\n\n\nFreeBSD Support Pull Request against the ZFS-on-Linux repo\n\n\nThis pull request integrates the sysutils/openzfs port’s sources into the upstream ZoL repo\n\u0026gt; Adding FreeBSD support to ZoL will make it easier to move changes back and forth between FreeBSD and Linux\n\u0026gt; Refactor tree to separate out Linux and FreeBSD specific code\n\u0026gt; import FreeBSD's SPL\n\u0026gt; add ifdefs in common code where it made more sense to do so than duplicate the code in separate files\n\u0026gt; Adapted ZFS Test Suite to run on FreeBSD and all tests that pass on ZoL passing on ZoF\nThe plan to officially rename the common repo from ZFSonLinux to OpenZFS was announced at the ZFS Leadership Meeting on June 25th\nVideo of Leadership Meeting\nMeeting Agenda and Notes\nThis will allow improvements made on one OS to be made available more easily (and more quickly) to the other platforms\nFor example, mav@’s recent work:\nAdd wakeup_any(), cheaper version of wakeup_one() for taskqueue(9)\n\u0026gt; As result, on 72-core Xeon v4 machine sequential ZFS write to 12 ZVOLs with 16KB block size spend 34% less time in wakeup_any() and descendants then it was spending in wakeup_one(), and total write throughput increased by ~10% with the same as before CPU usage.\n\n\n\n\nNews Roundup\n\nEpisode 5 Notes - How much has UNIX changed?\n\n\nUNIX-like systems have dominated computing for decades, and with the rise of the internet and mobile devices their reach has become even larger. True, most systems now use more modern OSs like Linux, but how much has the UNIX-like landscape changed since the early days?\nSo, my question was this: how close is a modern *NIX userland to some of the earliest UNIX releases? To do this I'm going to compare a few key points of a modern Linux system with the earliest UNIX documentation I can get my hands on. The doc I am going to be covering(https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf) is from November 1971, predating v1 of the system.\nI think the best place to start this comparison is to look at one of the highest-profile parts of the OS, that being the file system. Under the hood modern EXT file systems are completely different from the early UNIX file systems. However, they are still presented in basically the same way, as a heirerarchicat structure of directories with device files. So paths still look identical, and navigating the file system still functions the same. Often used commands like ls, cp, mv, du, and df function the same. So are mount and umount. But, there are some key differences. For instance, cd didn't exist, yet instead chdir filled its place. Also, chmod is somewhat different. Instead of the usual 3-digit octal codes for permissions, this older version only uses 2 digits. Really, that difference is due to the underlying file system using a different permission set than modern systems. For the most part, all the file handling is actually pretty close to a Linux system from 2019.\n\n\n\nSee the article for the rest of the writeup\n\n\n\n\nPorting Wine to amd64 on NetBSD\n\n\nI have been working on porting Wine to amd64 on NetBSD as a GSoC 2019 project. Wine is a compatibility layer which allows running Microsoft Windows applications on POSIX-complaint operating systems. This report provides an overview of the progress of the project during the first coding period.\nInitially, when I started working on getting Wine-4.4 to build and run on NetBSD i386 the primary issue that I faced was Wine displaying black windows instead of UI, and this applied to any graphical program I tried running with Wine.\nI suspected it , as it is related to graphics, to be an issue with the graphics driver or Xorg. Subsequently, I tried building modular Xorg, and I tried running Wine on it only to realize that Xorg being modular didn't affect it in the least. After having tried a couple of configurations, I realized that trying to hazard out every other probability is going to take an awful lot of time that I didn't have. This motivated me to bisect the repo using git, and find the first version of Wine which failed on NetBSD.\n\n\nSee the article for the rest of the writeup\n\n\n\n\n\nFreeBSD Enterprise 1 PB Storage\n\n\nToday FreeBSD operating system turns 26 years old. 19 June is an International FreeBSD Day. This is why I got something special today :). How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.\nToday I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity.\nThis project is different. How much storage space can you squeeze from a single 4U system? It turns out a lot! Definitely more then 1 PB (1024 TB) of raw storage space.\n\n\n\nSee the article for the rest of the writeup\n\n\n\n\nThe death watch for the X Window System (aka X11) has probably started\n\n\nOnce we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.\nI have no idea how true this is about X.org X server maintenance, either now or in the future, but I definitely think it's a sign that developers have started saying this. If Gnome developers feel that X.org is going to be in hard maintenance mode almost immediately, they're probably pretty likely to also put the Gnome code that deals with X into hard maintenance mode. And public Gnome statements about this (and public action or lack of it) provide implicit support for KDE and any other desktop to move in this direction if they want to (and probably create some pressure to do so). I've known that Wayland was the future for some time, but I would still like it to not arrive any time soon.\n\n\n\n\nBeastie Bits\n\n\nPorting NetBSD to Risc-V -- Video\nFreeBSD 11.3RC3 Available\nOpen Source Could Be a Casualty of the Trade War\nCelebrate UNIX50 and SDF32\ndoas environmental security\n\n\n\n\nFeedback/Questions\n\n\nMatt - BSD or Older Hardware\nMJRodriguez - Some Playstation news\nMoritz - bhyve VT-x passthrough\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eWebsite protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@jccwbb/website-protection-with-opnsense-3586a529d487\" rel=\"nofollow\"\u003eWebsite protection with OPNsense\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ewith nginx plugin OPNsense become a strong full featured Web Application Firewall (WAF)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe OPNsense security platform can help you to protect your network and your webservers with the nginx plugin addition.\u003cbr\u003e\nIn old days, install an open source firewall was a very trick task, but today it can be done with few clicks (or key strokes). In this article I\u0026#39;ll not describe the detailed OPNsense installation process, but you can watch this video that was extracted from my OPNsense course available in Udemy. The video is in portuguese language, but with the translation CC Youtube feature you may be able to follow it without problems (if you don\u0026#39;t are a portuguese speaker ofcourse) :-)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest of the writeup\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/zfsonlinux/zfs/pull/8987\" rel=\"nofollow\"\u003eFreeBSD Support Pull Request against the ZFS-on-Linux repo\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis pull request integrates the sysutils/openzfs port’s sources into the upstream ZoL repo\n\u0026gt; Adding FreeBSD support to ZoL will make it easier to move changes back and forth between FreeBSD and Linux\n\u0026gt; Refactor tree to separate out Linux and FreeBSD specific code\n\u0026gt; import FreeBSD\u0026#39;s SPL\n\u0026gt; add ifdefs in common code where it made more sense to do so than duplicate the code in separate files\n\u0026gt; Adapted ZFS Test Suite to run on FreeBSD and all tests that pass on ZoL passing on ZoF\u003c/li\u003e\n\u003cli\u003eThe plan to officially rename the common repo from ZFSonLinux to OpenZFS was announced at the ZFS Leadership Meeting on June 25th\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=TJwykiJmH0M\" rel=\"nofollow\"\u003eVideo of Leadership Meeting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.google.com/document/d/1w2jv2XVYFmBVvG1EGf-9A5HBVsjAYoLIFZAnWHhV-BM/edit\" rel=\"nofollow\"\u003eMeeting Agenda and Notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis will allow improvements made on one OS to be made available more easily (and more quickly) to the other platforms\u003c/li\u003e\n\u003cli\u003eFor example, mav@’s recent work:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=349220\" rel=\"nofollow\"\u003eAdd wakeup_any(), cheaper version of wakeup_one() for taskqueue(9)\u003c/a\u003e\n\u0026gt; As result, on 72-core Xeon v4 machine sequential ZFS write to 12 ZVOLs with 16KB block size spend 34% less time in wakeup_any() and descendants then it was spending in wakeup_one(), and total write throughput increased by ~10% with the same as before CPU usage.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adventofcomputing.libsyn.com/episode-5-notes-how-much-has-unix-changed\" rel=\"nofollow\"\u003eEpisode 5 Notes - How much has UNIX changed?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUNIX-like systems have dominated computing for decades, and with the rise of the internet and mobile devices their reach has become even larger. True, most systems now use more modern OSs like Linux, but how much has the UNIX-like landscape changed since the early days?\u003cbr\u003e\nSo, my question was this: how close is a modern *NIX userland to some of the earliest UNIX releases? To do this I\u0026#39;m going to compare a few key points of a modern Linux system with the earliest UNIX documentation I can get my hands on. The doc I am going to be covering(\u003ca href=\"https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf\" rel=\"nofollow\"\u003ehttps://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf\u003c/a\u003e) is from November 1971, predating v1 of the system.\u003cbr\u003e\nI think the best place to start this comparison is to look at one of the highest-profile parts of the OS, that being the file system. Under the hood modern EXT file systems are completely different from the early UNIX file systems. However, they are still presented in basically the same way, as a heirerarchicat structure of directories with device files. So paths still look identical, and navigating the file system still functions the same. Often used commands like \u003ccode\u003els\u003c/code\u003e, \u003ccode\u003ecp\u003c/code\u003e, \u003ccode\u003emv\u003c/code\u003e, \u003ccode\u003edu\u003c/code\u003e, and \u003ccode\u003edf\u003c/code\u003e function the same. So are \u003ccode\u003emount\u003c/code\u003e and \u003ccode\u003eumount\u003c/code\u003e. But, there are some key differences. For instance, \u003ccode\u003ecd\u003c/code\u003e didn\u0026#39;t exist, yet instead \u003ccode\u003echdir\u003c/code\u003e filled its place. Also, \u003ccode\u003echmod\u003c/code\u003e is somewhat different. Instead of the usual 3-digit octal codes for permissions, this older version only uses 2 digits. Really, that difference is due to the underlying file system using a different permission set than modern systems. For the most part, all the file handling is actually pretty close to a Linux system from 2019.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest of the writeup\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/porting_wine_to_amd64_on\" rel=\"nofollow\"\u003ePorting Wine to amd64 on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been working on porting Wine to amd64 on NetBSD as a GSoC 2019 project. Wine is a compatibility layer which allows running Microsoft Windows applications on POSIX-complaint operating systems. This report provides an overview of the progress of the project during the first coding period.\u003cbr\u003e\nInitially, when I started working on getting Wine-4.4 to build and run on NetBSD i386 the primary issue that I faced was Wine displaying black windows instead of UI, and this applied to any graphical program I tried running with Wine.\u003cbr\u003e\nI suspected it , as it is related to graphics, to be an issue with the graphics driver or Xorg. Subsequently, I tried building modular Xorg, and I tried running Wine on it only to realize that Xorg being modular didn\u0026#39;t affect it in the least. After having tried a couple of configurations, I realized that trying to hazard out every other probability is going to take an awful lot of time that I didn\u0026#39;t have. This motivated me to bisect the repo using git, and find the first version of Wine which failed on NetBSD.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest of the writeup\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vermaden.wordpress.com/2019/06/19/freebsd-enterprise-1-pb-storage/?utm_source=discoverbsd\" rel=\"nofollow\"\u003eFreeBSD Enterprise 1 PB Storage\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday FreeBSD operating system turns 26 years old. 19 June is an International FreeBSD Day. This is why I got something special today :). How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.\u003cbr\u003e\nToday I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity.\u003cbr\u003e\nThis project is different. How much storage space can you squeeze from a single 4U system? It turns out a lot! Definitely more then 1 PB (1024 TB) of raw storage space.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest of the writeup\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/XDeathwatchStarts\" rel=\"nofollow\"\u003eThe death watch for the X Window System (aka X11) has probably started\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.\u003cbr\u003e\nI have no idea how true this is about X.org X server maintenance, either now or in the future, but I definitely think it\u0026#39;s a sign that developers have started saying this. If Gnome developers feel that X.org is going to be in hard maintenance mode almost immediately, they\u0026#39;re probably pretty likely to also put the Gnome code that deals with X into hard maintenance mode. And public Gnome statements about this (and public action or lack of it) provide implicit support for KDE and any other desktop to move in this direction if they want to (and probably create some pressure to do so). I\u0026#39;ve known that Wayland was the future for some time, but I would still like it to not arrive any time soon.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=2vQXGomKoxA\" rel=\"nofollow\"\u003ePorting NetBSD to Risc-V -- Video\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/newsflash.html#event20190628:01\" rel=\"nofollow\"\u003eFreeBSD 11.3RC3 Available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bunniestudios.com/blog/?p=5590\" rel=\"nofollow\"\u003eOpen Source Could Be a Casualty of the Trade War\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://sdf.org/sdf32/\" rel=\"nofollow\"\u003eCelebrate UNIX50 and SDF32\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20190621104048\" rel=\"nofollow\"\u003edoas environmental security\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMatt - \u003ca href=\"http://dpaste.com/1RP09F0#wrap\" rel=\"nofollow\"\u003eBSD or Older Hardware\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMJRodriguez - \u003ca href=\"http://dpaste.com/046SPPB#wrap\" rel=\"nofollow\"\u003eSome Playstation news\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMoritz - \u003ca href=\"http://dpaste.com/1H4PJXW\" rel=\"nofollow\"\u003ebhyve VT-x passthrough\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0305.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.","date_published":"2019-07-03T22:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3ad52b9d-03b4-4c00-a16f-cc4be091e6ff.mp3","mime_type":"audio/mp3","size_in_bytes":40433394,"duration_in_seconds":3369}]},{"id":"6da25674-3858-4ebc-b4a5-257e1eefcbf4","title":"304: Prospering with Vulkan","url":"https://www.bsdnow.tv/304","content_text":"DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.\n\nHeadlines\n\nDragonflyBSD 5.6 is out\n\n\nVersion 5.6.0 released 17 June 2019\nVersion 5.6.1 released 19 June 2019\nBig-ticket items\nImproved VM\n\n\nInformal test results showing the changes from 5.4 to 5.6 are available.\nReduce stalls in the kernel vm_page_alloc() code (vm_page_list_find()).\nImprove page allocation algorithm to avoid re-iterating the same queues as the search is widened.\nAdd a vm_page_hash*() API that allows the kernel to do heuristical lockless lookups of VM pages.\nChange vm_hold() and vm_unhold() semantics to not require any spin-locks.\nChange vm_page_wakeup() to not require any spin-locks.\nChange wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.\nRefactor the handling of fictitious pages.\nRemove m-\u0026gt;md.pv_list entirely. VM pages in mappings no longer allocate pv_entry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).\nRefactor vm_object shadowing, disconnecting the backing linkages from the vm_object itself and instead organizing the linkages in a new structure called vm_map_backing which hangs off the vm_map_entry.\npmap operations now iterate vm_map_backing structures (rather than spin-locked page lists based on the vm_page and pv_entry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.\nSimplify the collapse code, removing most of the original code and replacing it with simpler per-vm_map_entry optimizations to limit the shadow depth.\n\nDRM\n\n\nMajor updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.\nImprove UEFI framebuffer support.\nA major deadlock has been fixed in the radeon/ttm code.\nRefactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.\nAdd DRM_IOCTL_GET_PCIINFO to improve mesa/libdrm support.\nFix excessive wired memory build-ups.\nFix Linux/DragonFly PAGE_MASK confusion in the DRM code.\nFix idr_*() API bugs.\n\nHAMMER2\n\n\nThe filesystem sync code has been rewritten to significantly improve performance.\nSequential write performance also improved.\nAdd simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.\nRefactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.\nAttempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.\nImprove umount operation.\nFix an allocator race that could lead to corruption.\nNumerous other bugs fixed.\nImprove verbosity of CHECK (CRC error) console messages.\n\n\n\n\n\nOpenBSD Vulkan Support\n\n\nSomewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port. \nThis new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers. \nThis is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source. \n\n\nA note: The BSDs are no longer that far behind.\nFreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)\nOpenBSD -current as of April 2019 uses DRM from Linux 4.19.34\n***\n\n\n\nNews Roundup\n\nBad utmp implementations in glibc and freebsd\n\n\nI recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.\nIn other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).\nI wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.\nThen I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.\n\n\nA good find\nOn FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk.\n***\n\n\n\nOpenSSH gets an update to protect against Side Channel attacks\n\n\nLast week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.\nSSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.\nHowever, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.\nIn an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”\n\n\n\n\nZFS vs OpenZFS\n\n\nYou’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. \nFrom its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS \u0026amp; you should too” or try a completely-graphical ZFS experience with FreeNAS.\nOracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.\n\n\nThere was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available here\n***\n\n\n\nBeastie Bits\n\n\nHow to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR\nKnoxBug Meetup June 27th at 6pm\nBSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR\nDifference between $x and ${x}\nBeware of Software Engineering Media Sites\nHow Verizon and a BGP optimizer knocked large parts of the internet offline today\nDragonflyBSD - MDS mitigation added a while ago\nReminder: Register for EuroBSDcon 2019 in Lillehammer, Norway\n\n\n\n\nFeedback/Questions\n\n\nDave - CheriBSD\nNeb - Hello from Norway\nLars - Ansible tutorial?\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eDragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release56\" rel=\"nofollow\"\u003eDragonflyBSD 5.6 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVersion 5.6.0 released 17 June 2019\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/06/19/23091.html\" rel=\"nofollow\"\u003eVersion 5.6.1 released 19 June 2019\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eBig-ticket items\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eImproved VM\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eInformal test results showing the changes from 5.4 to 5.6 are available.\u003c/li\u003e\n\u003cli\u003eReduce stalls in the kernel vm_page_alloc() code (vm_page_list_find()).\u003c/li\u003e\n\u003cli\u003eImprove page allocation algorithm to avoid re-iterating the same queues as the search is widened.\u003c/li\u003e\n\u003cli\u003eAdd a vm_page_hash*() API that allows the kernel to do heuristical lockless lookups of VM pages.\u003c/li\u003e\n\u003cli\u003eChange vm_hold() and vm_unhold() semantics to not require any spin-locks.\u003c/li\u003e\n\u003cli\u003eChange vm_page_wakeup() to not require any spin-locks.\u003c/li\u003e\n\u003cli\u003eChange wiring vm_page\u0026#39;s no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.\u003c/li\u003e\n\u003cli\u003eRefactor the handling of fictitious pages.\u003c/li\u003e\n\u003cli\u003eRemove m-\u0026gt;md.pv_list entirely. VM pages in mappings no longer allocate pv_entry\u0026#39;s, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).\u003c/li\u003e\n\u003cli\u003eRefactor vm_object shadowing, disconnecting the backing linkages from the vm_object itself and instead organizing the linkages in a new structure called vm_map_backing which hangs off the vm_map_entry.\u003c/li\u003e\n\u003cli\u003epmap operations now iterate vm_map_backing structures (rather than spin-locked page lists based on the vm_page and pv_entry\u0026#39;s), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.\u003c/li\u003e\n\u003cli\u003eSimplify the collapse code, removing most of the original code and replacing it with simpler per-vm_map_entry optimizations to limit the shadow depth.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDRM\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMajor updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.\u003c/li\u003e\n\u003cli\u003eImprove UEFI framebuffer support.\u003c/li\u003e\n\u003cli\u003eA major deadlock has been fixed in the radeon/ttm code.\u003c/li\u003e\n\u003cli\u003eRefactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.\u003c/li\u003e\n\u003cli\u003eAdd DRM_IOCTL_GET_PCIINFO to improve mesa/libdrm support.\u003c/li\u003e\n\u003cli\u003eFix excessive wired memory build-ups.\u003c/li\u003e\n\u003cli\u003eFix Linux/DragonFly PAGE_MASK confusion in the DRM code.\u003c/li\u003e\n\u003cli\u003eFix idr_*() API bugs.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHAMMER2\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe filesystem sync code has been rewritten to significantly improve performance.\u003c/li\u003e\n\u003cli\u003eSequential write performance also improved.\u003c/li\u003e\n\u003cli\u003eAdd simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.\u003c/li\u003e\n\u003cli\u003eRefactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.\u003c/li\u003e\n\u003cli\u003eAttempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.\u003c/li\u003e\n\u003cli\u003eImprove umount operation.\u003c/li\u003e\n\u003cli\u003eFix an allocator race that could lead to corruption.\u003c/li\u003e\n\u003cli\u003eNumerous other bugs fixed.\u003c/li\u003e\n\u003cli\u003eImprove verbosity of CHECK (CRC error) console messages.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=OpenBSD-Vulkan-Support\" rel=\"nofollow\"\u003eOpenBSD Vulkan Support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSomewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port. \u003cbr\u003e\nThis new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn\u0026#39;t enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers. \u003cbr\u003e\nThis is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven\u0026#39;t seen any testing results to know how well they would work if at all currently on OpenBSD, but they\u0026#39;re at least in Mesa and obviously open-source. \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA note: The BSDs are no longer that far behind.\u003c/li\u003e\n\u003cli\u003eFreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)\u003c/li\u003e\n\u003cli\u003eOpenBSD -current as of April 2019 uses DRM from Linux 4.19.34\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://davmac.wordpress.com/2019/05/04/bad-utmp-implementations-in-glibc-and-freebsd/\" rel=\"nofollow\"\u003eBad utmp implementations in glibc and freebsd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.\u003cbr\u003e\nIn other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).\u003cbr\u003e\nI wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.\u003cbr\u003e\nThen I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA good find\u003c/li\u003e\n\u003cli\u003eOn FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://securityboulevard.com/2019/06/openssh-code-gets-an-update-to-protect-against-side-channel-attacks/\" rel=\"nofollow\"\u003eOpenSSH gets an update to protect against Side Channel attacks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.\u003cbr\u003e\nSSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.\u003cbr\u003e\nHowever, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.\u003cbr\u003e\nIn an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/zfs-vs-openzfs/\" rel=\"nofollow\"\u003eZFS vs OpenZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. \u003cbr\u003e\nFrom its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS \u0026amp; you should too” or try a completely-graphical ZFS experience with FreeNAS.\u003cbr\u003e\nOracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available \u003ca href=\"https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/cperciva/status/1141852451756105729?s=03\" rel=\"nofollow\"\u003eHow to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/2019-06-27\" rel=\"nofollow\"\u003eKnoxBug Meetup June 27th at 6pm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.flying-pie.com/locations/lake-oswego/\" rel=\"nofollow\"\u003eBSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://moopost.blogspot.com/2019/06/difference-between-x-and-x.html\" rel=\"nofollow\"\u003eDifference between $x and ${x}\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.nemil.com/on-software-engineering/beware-engineering-media.html\" rel=\"nofollow\"\u003eBeware of Software Engineering Media Sites\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/\" rel=\"nofollow\"\u003eHow Verizon and a BGP optimizer knocked large parts of the internet offline today\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-May/718899.html\" rel=\"nofollow\"\u003eDragonflyBSD - MDS mitigation added a while ago\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eurobsdcon.org\" rel=\"nofollow\"\u003eReminder: Register for EuroBSDcon 2019 in Lillehammer, Norway\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDave - \u003ca href=\"http://dpaste.com/38233JC\" rel=\"nofollow\"\u003eCheriBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNeb - \u003ca href=\"http://dpaste.com/0B8XKXT#wrap\" rel=\"nofollow\"\u003eHello from Norway\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLars - \u003ca href=\"http://dpaste.com/3N85SHR\" rel=\"nofollow\"\u003eAnsible tutorial?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0304.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.","date_published":"2019-06-27T03:45:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6da25674-3858-4ebc-b4a5-257e1eefcbf4.mp3","mime_type":"audio/mp3","size_in_bytes":45762060,"duration_in_seconds":3813}]},{"id":"1ed8b630-10c4-44f6-9a48-2ffcb4a8b6fe","title":"303: OpenZFS in Ports","url":"https://www.bsdnow.tv/303","content_text":"OpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.\n\nHeadlines\n\nZFSonFreeBSD ports renamed OpenZFS\n\n\nThe ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod\nThe new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)\nWith the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf:\n\u0026gt; zfs_load=”YES”\nor\n\u0026gt; openzfs_load=”YES”\nTo load traditional or the newer version of ZFS\nThe kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.\nWe would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)\nFor testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.\nFor extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.\nNote: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.\nPlease test and provide feedback.\n\n\n\n\nHow to use blacklistd(8) with NPF as a fail2ban replacement\n\n\nAbout blacklistd(8)\n\n\n\nblacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.\nThe interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf\nNow, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use. \nUnfortunately (dont' ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen\n\n\n\n\nNews Roundup\n\n[WIP] raidz expansion, alpha preview 1\n\n\nMotivation and Context\n\u0026gt; This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks).\n\u0026gt; For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video\n\n\n\n\nRant: running audio VU-meter increases my CO2 footprint\n\n\nA couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.\nI grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.\nAfter a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.\n\n\nSee the article for the rest...\n\n\n\n\n\nXSAVE and compat32 kernel work for LLDB\n\n\nUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\nIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.\nIn May, I was primarily continuing the work on new ptrace interface. Besides that, I've found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.\n\n\n\n\nSome things about where icons for modern X applications come from\n\n\nIf you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the 'desktop'). Even modern desktop environments that don't iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.\nAlthough I don't know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).\nHow this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the _NET_WM_ICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It's also possible to use some additional magic to read out the raw data from _NET_WM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.\n\n\n\n\nBeastie Bits\n\n\nRecent Security Innovations\nOld Unix books + Solaris\nPro-Desktop - A Tiling Desktop Environment\nThe Tar Pipe\nAt least one vim trick you might not know\n\n\n\n\nFeedback/Questions\n\n\nJohnny - listener feedback\nBrian - Questions\nMark - ZFS Question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eOpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freshports.org/sysutils/openzfs-kmod\" rel=\"nofollow\"\u003eZFSonFreeBSD ports renamed OpenZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod\u003c/li\u003e\n\u003cli\u003eThe new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)\u003c/li\u003e\n\u003cli\u003eWith the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf:\n\u0026gt; zfs_load=”YES”\u003c/li\u003e\n\u003cli\u003eor\n\u0026gt; openzfs_load=”YES”\u003c/li\u003e\n\u003cli\u003eTo load traditional or the newer version of ZFS\u003c/li\u003e\n\u003cli\u003eThe kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.\u003c/li\u003e\n\u003cli\u003eWe would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)\u003c/li\u003e\n\u003cli\u003eFor testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.\u003c/li\u003e\n\u003cli\u003eFor extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.\u003c/li\u003e\n\u003cli\u003eNote: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.\u003c/li\u003e\n\u003cli\u003ePlease test and provide feedback.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.unitedbsd.com/d/63-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement\" rel=\"nofollow\"\u003eHow to use blacklistd(8) with NPF as a fail2ban replacement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAbout blacklistd(8)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eblacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.\u003cbr\u003e\nThe interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf\u003cbr\u003e\nNow, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use. \u003cbr\u003e\nUnfortunately (dont\u0026#39; ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/zfsonlinux/zfs/pull/8853\" rel=\"nofollow\"\u003e[WIP] raidz expansion, alpha preview 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMotivation and Context\n\u0026gt; This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn\u0026#39;t sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks).\n\u0026gt; For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@MartinCracauer/bug-rant-running-audio-vu-meter-increases-my-co2-footprint-871d5c1bee5a\" rel=\"nofollow\"\u003eRant: running audio VU-meter increases my CO2 footprint\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.\u003cbr\u003e\nI grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.\u003cbr\u003e\nAfter a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/xsave_and_compat32_kernel_work\" rel=\"nofollow\"\u003eXSAVE and compat32 kernel work for LLDB\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\u003cbr\u003e\nIn February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I\u0026#39;ve been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD\u0026#39;s ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.\u003cbr\u003e\nIn May, I was primarily continuing the work on new ptrace interface. Besides that, I\u0026#39;ve found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ModernXAppIcons\" rel=\"nofollow\"\u003eSome things about where icons for modern X applications come from\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the \u0026#39;desktop\u0026#39;). Even modern desktop environments that don\u0026#39;t iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.\u003cbr\u003e\nAlthough I don\u0026#39;t know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).\u003cbr\u003e\nHow this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the _NET_WM_ICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It\u0026#39;s also possible to use some additional magic to read out the raw data from _NET_WM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article;sid=20190605110020\" rel=\"nofollow\"\u003eRecent Security Innovations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://imgur.com/a/HbSYtQI\" rel=\"nofollow\"\u003eOld Unix books + Solaris\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitcannon.net/post/pro-desktop/\" rel=\"nofollow\"\u003ePro-Desktop - A Tiling Desktop Environment\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.extracheese.org/2010/05/the-tar-pipe.html\" rel=\"nofollow\"\u003eThe Tar Pipe\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.hillelwayne.com/post/intermediate-vim/\" rel=\"nofollow\"\u003eAt least one vim trick you might not know\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJohnny - \u003ca href=\"http://dpaste.com/0ZQCQ8Y#wrap\" rel=\"nofollow\"\u003elistener feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrian - \u003ca href=\"http://dpaste.com/1843RNX#wrap\" rel=\"nofollow\"\u003eQuestions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark - \u003ca href=\"http://dpaste.com/3M83X9G#wrap\" rel=\"nofollow\"\u003eZFS Question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0303.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"OpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.","date_published":"2019-06-19T22:30:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1ed8b630-10c4-44f6-9a48-2ffcb4a8b6fe.mp3","mime_type":"audio/mp3","size_in_bytes":37840062,"duration_in_seconds":3153}]},{"id":"42938801-0d4a-4cf9-a297-c1eeddac85dc","title":"302: Contention Reduction","url":"https://www.bsdnow.tv/302","content_text":"DragonFlyBSD's kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.\n\nHeadlines\n\nDragonFlyBSD's Kernel Optimizations Are Paying Off\n\n\nDragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.\nThe work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)\nWith Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it's mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it's increasing the competition against FreeBSD 12 and Linux distributions.\n\n\n\n\nWhat are the differences between OpenBSD and Linux?\n\n\nMaybe you have been reading recently about the release of OpenBSD 6.5 and wonder, \"What are the differences between Linux and OpenBSD?\"\nI've also been there at some point in the past and these are my conclusions.\nThey also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.\nThis list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.\nPlease bear with me.\n\n\n\nA terminal is a terminal is a terminal\nPractical differences\nSecurity and system administration\nWhy philosophical differences matter\nSo what do I choose?\nHow to try OpenBSD\n***\n\n\nNews Roundup\n\nNetBSD 2019 Google Summer of Code\n\n\nWe are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:\n\n\n\nAkul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing\nManikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration\nSiddharth Muralee - Enhancing Syzkaller support for NetBSD\nSurya P - Implementation of COMPAT_LINUX and COMPAT_NETBSD32 DRM ioctls support for NetBSD kernel\nJason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD\nSaurav Prakash - Porting NetBSD to HummingBoard Pulse\nNaveen Narayanan - Porting WINE to amd64 architecture on NetBSD\n\n\n\nThe communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.\nPlease welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!\n\n\n\n\nReducing that contention\n\n\nThe opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let's dive into the issue!\n\n\n\nState of affairs\n\n\n\nMost of OpenBSD's kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected \u0026amp; fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).\nI believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI \u0026amp; Network interrupt handlers as well as all Audio \u0026amp; USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.\n\n\n\nNext steps\n\n\n\nIn the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren't performance critical. \n\n\n\nSee the Article for the rest of the post\n\n\n\n\nfnaify 1.3 released - more games are \"fnaify \u0026amp; run\" now\n\n\nThis release finally addresses some of the problems that prevent simple running of several games.\nThis happens for example when an old FNA.dll library comes with the games that doesn't match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no. \n\nAnother blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn't found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.\nThis may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam. \n\n\nvmctl(8): command line syntax changed\n\n\nThe order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax. \nFor example, the old syntax looked like this:\n\n\n# vmctl create disk.qcow2 -s 50G\n\n\nThe new syntax specifies the command options before the argument:\n\n\n# vmctl create -s 50G disk.qcow2\n\n\n\nSomething that Linux distributions should not do when packaging things\n\n\nRight now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.\nFor reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).\nRecently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package 'grafana'. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the 'grafana' package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.\nWhy is this a problem? It's simple. If you're going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don't keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make 'dnf upgrade' into a minefield (because it will frequently try to give me a 'grafana' upgrade that I don't want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the 'grafana' package version on me.\n\n\n\n\nBeastie Bits\n\n\n[talk] ZFS v UFS on APU2 msata SSD with FreeBSD\nNetBSD 8.1 is out\nlazyboi – the laziest possible way to send raw HTTP POST data\nA Keyboard layout that changes by markov frequency\nOpen Source Game Clones\nEuroBSDcon program \u0026amp; registration open\n***\n\n\nFeedback/Questions\n\n\nJohn - A segment idea\nJohnny - Audio only format please don't\nAlex - Thanks and some Linux Snaps vs PBI feedback\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eDragonFlyBSD\u0026#39;s kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026item=dragonfly-55-threadripper\u0026num=1\" rel=\"nofollow\"\u003eDragonFlyBSD\u0026#39;s Kernel Optimizations Are Paying Off\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.\u003cbr\u003e\nThe work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)\u003cbr\u003e\nWith Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it\u0026#39;s mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it\u0026#39;s increasing the competition against FreeBSD 12 and Linux distributions.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cfenollosa.com/blog/what-are-the-differences-between-openbsd-and-linux.html\" rel=\"nofollow\"\u003eWhat are the differences between OpenBSD and Linux?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMaybe you have been reading recently about the release of OpenBSD 6.5 and wonder, \u0026quot;What are the differences between Linux and OpenBSD?\u0026quot;\u003cbr\u003e\nI\u0026#39;ve also been there at some point in the past and these are my conclusions.\u003cbr\u003e\nThey also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.\u003cbr\u003e\nThis list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.\u003cbr\u003e\nPlease bear with me.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA terminal is a terminal is a terminal\u003c/li\u003e\n\u003cli\u003ePractical differences\u003c/li\u003e\n\u003cli\u003eSecurity and system administration\u003c/li\u003e\n\u003cli\u003eWhy philosophical differences matter\u003c/li\u003e\n\u003cli\u003eSo what do I choose?\u003c/li\u003e\n\u003cli\u003eHow to try OpenBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code1\" rel=\"nofollow\"\u003eNetBSD 2019 Google Summer of Code\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAkul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing\u003c/li\u003e\n\u003cli\u003eManikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration\u003c/li\u003e\n\u003cli\u003eSiddharth Muralee - Enhancing Syzkaller support for NetBSD\u003c/li\u003e\n\u003cli\u003eSurya P - Implementation of COMPAT_LINUX and COMPAT_NETBSD32 DRM ioctls support for NetBSD kernel\u003c/li\u003e\n\u003cli\u003eJason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD\u003c/li\u003e\n\u003cli\u003eSaurav Prakash - Porting NetBSD to HummingBoard Pulse\u003c/li\u003e\n\u003cli\u003eNaveen Narayanan - Porting WINE to amd64 architecture on NetBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.\u003cbr\u003e\nPlease welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.grenadille.net/post/2019/05/09/Reducing-that-contention\" rel=\"nofollow\"\u003eReducing that contention\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let\u0026#39;s dive into the issue!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eState of affairs\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMost of OpenBSD\u0026#39;s kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected \u0026amp; fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).\u003cbr\u003e\nI believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI \u0026amp; Network interrupt handlers as well as all Audio \u0026amp; USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext steps\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren\u0026#39;t performance critical. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the Article for the rest of the post\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/openbsd_gaming/comments/btste9/fnaify_13_released_more_games_are_fnaify_run_now/\" rel=\"nofollow\"\u003efnaify 1.3 released - more games are \u0026quot;fnaify \u0026amp; run\u0026quot; now\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis release finally addresses some of the problems that prevent simple running of several games.\u003cbr\u003e\nThis happens for example when an old FNA.dll library comes with the games that doesn\u0026#39;t match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no. \u003c/p\u003e\n\n\u003cp\u003eAnother blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn\u0026#39;t found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.\u003cbr\u003e\nThis may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/faq/current.html#r20190529\" rel=\"nofollow\"\u003evmctl(8): command line syntax changed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax. \u003cbr\u003e\nFor example, the old syntax looked like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# vmctl create disk.qcow2 -s 50G\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe new syntax specifies the command options before the argument:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# vmctl create -s 50G disk.qcow2\u003c/code\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/linux/PackageNameClashProblem\" rel=\"nofollow\"\u003eSomething that Linux distributions should not do when packaging things\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRight now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.\u003cbr\u003e\nFor reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).\u003cbr\u003e\nRecently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package \u0026#39;grafana\u0026#39;. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the \u0026#39;grafana\u0026#39; package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com \u0026#39;grafana-6.1.5-1\u0026#39; package to the Fedora \u0026#39;grafana-6.1.6-1.fc29\u0026#39; one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.\u003cbr\u003e\nWhy is this a problem? It\u0026#39;s simple. If you\u0026#39;re going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don\u0026#39;t keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to \u0026#39;upgrade\u0026#39; it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make \u0026#39;dnf upgrade\u0026#39; into a minefield (because it will frequently try to give me a \u0026#39;grafana\u0026#39; upgrade that I don\u0026#39;t want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the \u0026#39;grafana\u0026#39; package version on me.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.nycbug.org:8080/pipermail/talk/2019-May/017885.html\" rel=\"nofollow\"\u003e[talk] ZFS v UFS on APU2 msata SSD with FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.netbsd.org/releases/formal-8/NetBSD-8.1.html\" rel=\"nofollow\"\u003eNetBSD 8.1 is out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ctsrc/lazyboi\" rel=\"nofollow\"\u003elazyboi – the laziest possible way to send raw HTTP POST data\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shapr/markovkeyboard\" rel=\"nofollow\"\u003eA Keyboard layout that changes by markov frequency\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://osgameclones.com/\" rel=\"nofollow\"\u003eOpen Source Game Clones\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eurobsdcon.org\" rel=\"nofollow\"\u003eEuroBSDcon program \u0026amp; registration open\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJohn - \u003ca href=\"http://dpaste.com/3YTBQTX#wrap\" rel=\"nofollow\"\u003eA segment idea\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohnny - \u003ca href=\"http://dpaste.com/3WD0A25#wrap\" rel=\"nofollow\"\u003eAudio only format please don\u0026#39;t\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlex - \u003ca href=\"http://dpaste.com/1RQF4QM#wrap\" rel=\"nofollow\"\u003eThanks and some Linux Snaps vs PBI feedback\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0302.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"DragonFlyBSD's kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.","date_published":"2019-06-12T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/42938801-0d4a-4cf9-a297-c1eeddac85dc.mp3","mime_type":"audio/mp3","size_in_bytes":50043425,"duration_in_seconds":4170}]},{"id":"d11a1228-2ac2-4e13-9d11-7a4c5a2dc0c1","title":"301: GPU Passthrough","url":"https://www.bsdnow.tv/301","content_text":"GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.\n\nHeadlines\n\nGPU Passthrough Reported Working on Bhyve\n\n\n  Normally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve.\n  For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards.\n  However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11:\n\n\n\nhttps://twitter.com/michael_yuji/status/1127136891365658625\n\n\n\n  All you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start.\n  As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers.\n  The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process.\n  It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings.\n  \n  \n\n\nConfusion with used/free disk space in ZFS\n\n\n  I use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS.\n  \n  The understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it!\n\n\n\n\nNews Roundup\n\nOmniOS Community Edition\n\n\n  The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.\n  OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.\n  This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.\n  If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.\n  The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months.\n\n\n\n\npfSense 2.4.4 Release p3 is available\n\n\n  We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades!\n  pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release.\n  pfSense 2.4.4-RELEASE-p3 updates and installation images are available now!\n  To see a complete list of changes and find more detail, see the Release Notes.\n  We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.\n\n\n\nUpgrade Notes\n\n\n\n  Due to the significant nature of the changes in 2.4.4 and later, \n  warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2.\n  Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.\n  Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.\n  The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.\n\n\n\n\nNetBSD 8.1 RC1 is out\n\n\n  The NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\n  \n  Some highlights of the 8.1 release are:\n\n\n\nx86: Mitigation for INTEL-SA-00233 (MDS)\n\nVarious local user kernel data leaks fixed.\n\nx86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading\n\nVarious network driver fixes and improvements.\n\nFixes for thread local storage (TLS) in position independent executables (PIE).\n\nFixes to reproducible builds.\n\nFixed a performance regression in tmpfs.\n\nDRM/KMS improvements.\n\nbwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added.\n\nVarious sh(1) fixes.\n\nmfii(4) SAS driver added.\n\nhcpcd(8) updated to 7.2.2\n\nhttpd(8) updated.\n\n\n\n\nFreeNAS as your Server OS\n\n\n  What if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS?\n  FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores.\n  FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service.\n  Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring.\n\n\n\n\nBeastie Bits\n\n\nKeep Crashing Daemons Running on FreeBSD\n\nLook what I found today... my first set of BSD CDs...\n\nNetBSD - Intel MDS\n\nFreeBSD 11.3-BETA2 -- Please test!\n\n\n\n\nFeedback/Questions\n\n\nAnthony - Question\n\nGuntbert - Podcast\n\nGuillaume - Another suggestion for Ales from Serbia\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eGPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.\u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"gpupassthroughreportedworkingonbhyvehttpspassthroughpostgpupassthroughreportedworkingonbhyve\"\u003e\u003ca href=\"https://passthroughpo.st/gpu-passthrough-reported-working-on-bhyve/\"\u003eGPU Passthrough Reported Working on Bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eNormally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve.\n  For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards.\n  However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ehttps://twitter.com/michael_yuji/status/1127136891365658625\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAll you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start.\n  As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers.\n  The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process.\n  It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"confusionwithusedfreediskspaceinzfshttpsoshogbovexilliumorgblog65\"\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/65/\"\u003eConfusion with used/free disk space in ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS.\u003c/p\u003e\n  \n  \u003cp\u003eThe understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"omnioscommunityeditionhttpsomniosceorgarticlerelease030html\"\u003e\u003ca href=\"https://omniosce.org/article/release-030.html\"\u003eOmniOS Community Edition\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.\n  OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.\n  This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.\n  If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.\n  The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"pfsense244releasep3isavailablehttpswwwnetgatecomblogpfsense244releasep3nowavailablehtml\"\u003e\u003ca href=\"https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html\"\u003epfSense 2.4.4 Release p3 is available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades!\n  pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release.\n  pfSense 2.4.4-RELEASE-p3 updates and installation images are available now!\n  To see a complete list of changes and find more detail, see the Release Notes.\n  We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpgrade Notes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eDue to the significant nature of the changes in 2.4.4 and later, \n  warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2.\n  Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.\n  Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.\n  The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"netbsd81rc1isouthttpswwwnetbsdorgreleasesformal8netbsd81html\"\u003e\u003ca href=\"https://www.netbsd.org/releases/formal-8/NetBSD-8.1.html\"\u003eNetBSD 8.1 RC1 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\u003c/p\u003e\n  \n  \u003cp\u003eSome highlights of the 8.1 release are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ex86: Mitigation for INTEL-SA-00233 (MDS)\u003c/li\u003e\n\n\u003cli\u003eVarious local user kernel data leaks fixed.\u003c/li\u003e\n\n\u003cli\u003ex86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading\u003c/li\u003e\n\n\u003cli\u003eVarious network driver fixes and improvements.\u003c/li\u003e\n\n\u003cli\u003eFixes for thread local storage (TLS) in position independent executables (PIE).\u003c/li\u003e\n\n\u003cli\u003eFixes to reproducible builds.\u003c/li\u003e\n\n\u003cli\u003eFixed a performance regression in tmpfs.\u003c/li\u003e\n\n\u003cli\u003eDRM/KMS improvements.\u003c/li\u003e\n\n\u003cli\u003ebwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added.\u003c/li\u003e\n\n\u003cli\u003eVarious sh(1) fixes.\u003c/li\u003e\n\n\u003cli\u003emfii(4) SAS driver added.\u003c/li\u003e\n\n\u003cli\u003ehcpcd(8) updated to 7.2.2\u003c/li\u003e\n\n\u003cli\u003ehttpd(8) updated.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"freenasasyourserveroshttpswwwixsystemscomblogfreenasasyourserveros\"\u003e\u003ca href=\"https://www.ixsystems.com/blog/freenas-as-your-server-os/\"\u003eFreeNAS as your Server OS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWhat if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS?\n  FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores.\n  FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service.\n  Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.babaei.net/blog/keep-crashing-daemons-running-on-freebsd/\"\u003eKeep Crashing Daemons Running on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/freebsd/comments/btksgf/look_what_i_found_today_my_first_set_of_bsd_cds/\"\u003eLook what I found today... my first set of BSD CDs...\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://wiki.netbsd.org/security/intel_mds/\"\u003eNetBSD - Intel MDS\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091227.html\"\u003eFreeBSD 11.3-BETA2 -- Please test!\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnthony - \u003ca href=\"http://dpaste.com/33S61HH#wrap\"\u003eQuestion\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eGuntbert - \u003ca href=\"http://dpaste.com/0NDACM2\"\u003ePodcast\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eGuillaume - \u003ca href=\"http://dpaste.com/0N3Q9TN\"\u003eAnother suggestion for Ales from Serbia\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0301.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more.","date_published":"2019-06-05T23:15:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d11a1228-2ac2-4e13-9d11-7a4c5a2dc0c1.mp3","mime_type":"audio/mp3","size_in_bytes":32812013,"duration_in_seconds":2734}]},{"id":"f4d00ce6-8060-4be0-9049-570b73a6adbd","title":"300: The Big Three","url":"https://www.bsdnow.tv/300","content_text":"FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more. \n\nHeadlines\n\nFreeBSD 11.3-b1 is out\n\nBSDCan 2019 Recap\n\n\nWe’re back from BSDCan and it was a packed week as always.\n\nIt started with bhyvecon on Tuesday. Meanwhile, Benedict spent the whole day in productive meetings: annual FreeBSD Foundation board meeting and FreeBSD Journal editorial board meeting.\n\nOn Wednesday, tutorials for BSDCan started as well as the FreeBSD Developer Summit. In the mornings, there were presentations in the big auditorium, while working groups about networking, failsafe bootcode, development web services, swap space management, and testing/CI were held. Friday had a similar format with an update from the FreeBSD core team and the “have, need, want” session for FreeBSD 13. In the afternoon, there were working groups about translation tools, package base, GSoC/Outreachy, or general hacking. Benedict held his Icinga tutorial in the afternoon with about 15 people attending.\nDevsummit presentation slides can be found on the wiki page and video recordings done by ScaleEngine are available on FreeBSD’s youtube channel.\n\nThe conference program was a good mixture of sysadmin and tech talks across the major BSDs. Benedict saw the following talks: How ZFS snapshots really work by Matt Ahrens, 20 years in Jail by Michael W. Lucas, OpenZFS BOF session, the future of OpenZFS and FreeBSD, MQTT for system administrators by Jan-Piet Mens, and spent the rest of the time in between in the hallway track. \n\nPhotos from the event are available on Ollivier Robert’s talegraph\n and Diane Bruce’s website for day 1, day 2, conference day 1, and conference day 2.\n\nThanks to all the sponsors, supporters, organizers, speakers, and attendees for making this yet another great BSDCan. Next year’s BSDCan will be from June 2 - 6, 2020.\n\n\n\n\nOpenIndiana 2019.04 is out\n\n\n  We have released a new OpenIndiana Hipster snapshot 2019.04. The noticeable changes:\n\n\n\nFirefox was updated to 60.6.3 ESR\n\nVirtualbox packages were added (including guest additions)\n\nMate was updated to 1.22\n\nIPS has received updates from OmniOS CE and Oracle IPS repos, including automatic boot environment naming\n\nSome OI-specific applications have been ported from Python 2.7/GTK 2 to Python 3.5/GTK 3\n\nQuick Demo Video: https://www.youtube.com/watch?v=tQ0-fo3XNrg\n\n\n\n\nNews Roundup\n\nOverview of ZFS Pools in FreeNAS\n\n\n  FreeNAS uses the OpenZFS (ZFS) file system, which handles both disk and volume management. ZFS offers RAID options mirror, stripe, and its own parity distribution called RAIDZ that functions like RAID5 on hardware RAID. The file system is extremely flexible and secure, with various drive combinations, checksums, snapshots, and replication all possible. For a deeper dive on ZFS technology, read the ZFS Primer section of the FreeNAS documentation.\n  \n  SUGGEST LAYOUT attempts to balance usable capacity and redundancy by automatically choosing an ideal vdev layout for the number of available disks.\n\n\n\nThe following vdev layout options are available when creating a pool:\n\n\n\nStripe data is shared on two drives, similar to RAID0)\n\nMirror copies data on two drives, similar to RAID1 but not limited to 2 disks)\n\nRAIDZ1 single parity similar to RAID5\n\nRAIDZ2 double parity similar to RAID6\n\nRAIDZ3 which uses triple parity and has no RAID equivalent\n\n\n\n\n\nWhy OpenSource Firmware is Important for Security\n\n\nRoots of Trust\n\n\n\n  The goal of the root of trust should be to verify that the software installed in every component of the hardware is the software that was intended. This way you can know without a doubt and verify if hardware has been hacked. Since we have very little to no visibility into the code running in a lot of places in our hardware it is hard to do this. How do we really know that the firmware in a component is not vulnerable or that is doesn’t have any backdoors? Well we can’t. Not unless it was all open source.\n  Every cloud and vendor seems to have their own way of doing a root of trust. Microsoft has Cerberus, Google has Titan, and Amazon has Nitro. These seem to assume an explicit amount of trust in the proprietary code (the code we cannot see). This leaves me with not a great feeling. Wouldn’t it be better to be able to use all open source code? Then we could verify without a doubt that the code you can read and build yourself is the same code running on hardware for all the various places we have firmware. We could then verify that a machine was in a correct state without a doubt of it being vulnerable or with a backdoor.\n  It makes me wonder what the smaller cloud providers like DigitalOcean or Packet have for a root of trust. Often times we only hear of these projects from the big three or five. \n\n\n\n\nOPNsense\n\n\n  This update addresses several privilege escalation issues in the access control implementation and new memory disclosure issues in Intel CPUs. We would like to thank Arnaud Cordier and Bill Marquette for the top-notch reports and coordination.\n\n\n\nHere are the full patch notes:\n\nsystem: address CVE-2019-11816 privilege escalation bugs[1] (reported by Arnaud Cordier)\n\nsystem: /etc/hosts generation without interfacehasgateway()\n\nsystem: show correct timestamp in config restore save message (contributed by nhirokinet)\n\nsystem: list the commands for the pluginctl utility when n+ argument is given\n\nsystem: introduce and use userIsAdmin() helper function instead of checking for 'page-all' privilege directly\n\nsystem: use absolute path in widget ACLs (reported by Netgate)\n\nsystem: RRD-related cleanups for less code exposure\n\ninterfaces: add EN DUID Generation using OPNsense PEN (contributed by Team Rebellion)\n\ninterfaces: replace legacygetallinterface_addresses() usage\n\nfirewall: fix port validation in aliases with leading / trailing spaces\n\nfirewall: fix outbound NAT translation display in overview page\n\nfirewall: prevent CARP outgoing packets from using the configured gateway\n\nfirewall: use CARP net.inet.carp.demotion to control current demotion in status page\n\nfirewall: stop live log poller on error result\n\ndhcpd: change rule priority to 1 to avoid bogon clash\n\ndnsmasq: only admins may edit custom options field\n\nfirmware: use insecure mode for base and kernel sets when package fingerprints are disabled\n\nfirmware: add optional device support for base and kernel sets\n\nfirmware: add Hostcentral mirror (HTTP, Melbourne, Australia)\n\nipsec: always reset rightallowany to default when writing configuration\n\nlang: say \"hola\" to Spanish as the newest available GUI language\n\nlang: updates for Chinese, Czech, Japanese, German, French, Russian and Portuguese\n\nnetwork time: only admins may edit custom options field\n\nopenvpn: call openvpnrefreshcrls() indirectly via plugin_configure() for less code exposure\n\nopenvpn: only admins may edit custom options field to prevent privilege escalation (reported by Bill Marquette)\n\nopenvpn: remove custom options field from wizard\n\nunbound: only admins may edit custom options field\n\nwizard: translate typehint as well\n\nplugins: os-freeradius 1.9.3 fixes string interpolation in LDAP filters (contributed by theq86)\n\nplugins: os-nginx 1.12[2]\n\nplugins: os-theme-cicada 1.17 (contributed by Team Rebellion)\n\nplugins: os-theme-tukan 1.17 (contributed by Team Rebellion)\n\nsrc: timezone database information update[3]\n\nsrc: install(1) broken with partially matching relative paths[4]\n\nsrc: microarchitectural Data Sampling (MDS) mitigation[5]\n\nports: carootnss 3.44\n\nports: php 7.2.18[6]\n\nports: sqlite 3.28.0[7]\n\nports: strongswan custom XAuth generic patch removed\n\n\n\n\nwiregaurd on OpenBSD\n\n\n  Earlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current.\n  Jason A. Donenfeld (WireGuard author) has worked to support OpenBSD in WireGuard and as such his post on ports@ last year got me interested in WireGuard, since then others have toyed with WireGuard on OpenBSD before and as such I've used Ted's article as a reference. Note however that some of the options mentioned there are no longer valid. Also, I'll be using two OpenBSD peers here.\n  The setup will be as follows: two OpenBSD peers, of which we'll dub wg1 the server and wg2 the client. The WireGuard service on wg1 is listening on 100.64.4.3:51820.\n\n\n\nConclusion\n\n\n\n  WireGuard (cl)aims to be easier to setup and faster than OpenVPN and while I haven't been able to verify the latter, the first is certainly true...once you've figured it out. Most documentation out there is for Linux so I had to figure out the wireguardgo service and the tun parameters. But all in all, sure, it's easier. Especially the client configuration on iOS which I didn't cover here because it's essentially pkgadd libqrencode ; cat client.conf | qrencode -t ansiutf8, scan the code with the WireGuard app and you're good to go. What is particularly neat is that WireGuard on iOS supports Always-on.\n\n\n\n\nBeastie Bits\n\n\nSerenity OS\n\nvkernels vs pmap\n\nBrian Kernighan interviews Ken Thompson\n\nImprovements in forking, threading, and signal code\n\nDragonFly 5.4.3\n\nNetBSD on the Odroid C2\n\n\n\n\nFeedback/Questions\n\n\nPaulo - Laptops\n\nA Listener - Thanks\n\nBostjan - Extend a pool and lower RAM footprint\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more. \u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"freebsd113b1isouthttpslistsfreebsdorgpipermailfreebsdstable2019may091210html\"\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2019-May/091210.html\"\u003eFreeBSD 11.3-b1 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3 id=\"bsdcan2019recaphttpswwwbsdcanorg2019\"\u003e\u003ca href=\"https://www.bsdcan.org/2019/\"\u003eBSDCan 2019 Recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’re back from BSDCan and it was a packed week as always.\u003c/li\u003e\n\n\u003cli\u003eIt started with \u003ca href=\"http://bhyvecon.org/\"\u003ebhyvecon\u003c/a\u003e on Tuesday. Meanwhile, Benedict spent the whole day in productive meetings: annual FreeBSD Foundation board meeting and FreeBSD Journal editorial board meeting.\u003c/li\u003e\n\n\u003cli\u003eOn Wednesday, tutorials for BSDCan started as well as the \u003ca href=\"https://wiki.freebsd.org/DevSummit/201905\"\u003eFreeBSD Developer Summit\u003c/a\u003e. In the mornings, there were presentations in the big auditorium, while working groups about networking, failsafe bootcode, development web services, swap space management, and testing/CI were held. Friday had a similar format with an update from the FreeBSD core team and the “have, need, want” session for FreeBSD 13. In the afternoon, there were working groups about translation tools, package base, GSoC/Outreachy, or general hacking. Benedict held his Icinga tutorial in the afternoon with about 15 people attending.\nDevsummit presentation slides can be found on the wiki page and video recordings done by \u003ca href=\"https://www.scaleengine.com/\"\u003eScaleEngine\u003c/a\u003e are available on \u003ca href=\"https://www.youtube.com/channel/UCxLxR_oW-NAmChIcSkAyZGQ\"\u003eFreeBSD’s youtube channel\u003c/a\u003e.\u003c/li\u003e\n\n\u003cli\u003eThe conference program was a good mixture of sysadmin and tech talks across the major BSDs. Benedict saw the following talks: How ZFS snapshots really work by Matt Ahrens, 20 years in Jail by Michael W. Lucas, OpenZFS BOF session, the future of OpenZFS and FreeBSD, MQTT for system administrators by Jan-Piet Mens, and spent the rest of the time in between in the hallway track. \u003c/li\u003e\n\n\u003cli\u003ePhotos from the event are available on \u003ca href=\"https://www.talegraph.com/tales/Qg446T5bKT\"\u003eOllivier Robert’s talegraph\n\u003c/a\u003e and Diane Bruce’s website for \u003ca href=\"http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web/\"\u003eday 1\u003c/a\u003e, \u003ca href=\"http://www.db.net/gallery/BSDCan/2019_FreeBSD_Dev_Summit_day_2_web\"\u003eday 2\u003c/a\u003e, \u003ca href=\"http://www.db.net/gallery/BSDCan/2019_BSDCan_day_1_web\"\u003econference day 1\u003c/a\u003e, and \u003ca href=\"http://www.db.net/gallery/BSDCan/2019_BSDCan_day_2_web\"\u003econference day 2\u003c/a\u003e.\u003c/li\u003e\n\n\u003cli\u003eThanks to all the sponsors, supporters, organizers, speakers, and attendees for making this yet another great BSDCan. Next year’s BSDCan will be from June 2 - 6, 2020.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"openindiana201904isouthttpswwwopenindianaorg20190512openindianahipster201904ishere\"\u003e\u003ca href=\"https://www.openindiana.org/2019/05/12/openindiana-hipster-2019-04-is-here/\"\u003eOpenIndiana 2019.04 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe have released a new OpenIndiana Hipster snapshot 2019.04. The noticeable changes:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eFirefox was updated to 60.6.3 ESR\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eVirtualbox packages were added (including guest additions)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eMate was updated to 1.22\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eIPS has received updates from OmniOS CE and Oracle IPS repos, including automatic boot environment naming\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eSome OI-specific applications have been ported from Python 2.7/GTK 2 to Python 3.5/GTK 3\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eQuick Demo Video: https://www.youtube.com/watch?v=tQ0-fo3XNrg\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"overviewofzfspoolsinfreenashttpswwwixsystemscomblogzfspoolsinfreenas\"\u003e\u003ca href=\"https://www.ixsystems.com/blog/zfs-pools-in-freenas/\"\u003eOverview of ZFS Pools in FreeNAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eFreeNAS uses the OpenZFS (ZFS) file system, which handles both disk and volume management. ZFS offers RAID options mirror, stripe, and its own parity distribution called RAIDZ that functions like RAID5 on hardware RAID. The file system is extremely flexible and secure, with various drive combinations, checksums, snapshots, and replication all possible. For a deeper dive on ZFS technology, read the ZFS Primer section of the FreeNAS documentation.\u003c/p\u003e\n  \n  \u003cp\u003eSUGGEST LAYOUT attempts to balance usable capacity and redundancy by automatically choosing an ideal vdev layout for the number of available disks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe following vdev layout options are available when creating a pool:\n\n\n\u003cul\u003e\n\u003cli\u003eStripe data is shared on two drives, similar to RAID0)\u003c/li\u003e\n\n\u003cli\u003eMirror copies data on two drives, similar to RAID1 but not limited to 2 disks)\u003c/li\u003e\n\n\u003cli\u003eRAIDZ1 single parity similar to RAID5\u003c/li\u003e\n\n\u003cli\u003eRAIDZ2 double parity similar to RAID6\u003c/li\u003e\n\n\u003cli\u003eRAIDZ3 which uses triple parity and has no RAID equivalent\u003c/li\u003e\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"whyopensourcefirmwareisimportantforsecurityhttpsblogjessfrazcompostwhyopensourcefirmwareisimportantforsecurity\"\u003e\u003ca href=\"https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-security/\"\u003eWhy OpenSource Firmware is Important for Security\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRoots of Trust\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe goal of the root of trust should be to verify that the software installed in every component of the hardware is the software that was intended. This way you can know without a doubt and verify if hardware has been hacked. Since we have very little to no visibility into the code running in a lot of places in our hardware it is hard to do this. How do we really know that the firmware in a component is not vulnerable or that is doesn’t have any backdoors? Well we can’t. Not unless it was all open source.\n  Every cloud and vendor seems to have their own way of doing a root of trust. Microsoft has Cerberus, Google has Titan, and Amazon has Nitro. These seem to assume an explicit amount of trust in the proprietary code (the code we cannot see). This leaves me with not a great feeling. Wouldn’t it be better to be able to use all open source code? Then we could verify without a doubt that the code you can read and build yourself is the same code running on hardware for all the various places we have firmware. We could then verify that a machine was in a correct state without a doubt of it being vulnerable or with a backdoor.\n  It makes me wonder what the smaller cloud providers like DigitalOcean or Packet have for a root of trust. Often times we only hear of these projects from the big three or five. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"opnsensehttpsopnsenseorgopnsense1918released\"\u003e\u003ca href=\"https://opnsense.org/opnsense-19-1-8-released/\"\u003eOPNsense\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThis update addresses several privilege escalation issues in the access control implementation and new memory disclosure issues in Intel CPUs. We would like to thank Arnaud Cordier and Bill Marquette for the top-notch reports and coordination.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eHere are the full patch notes:\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esystem: address CVE-2019-11816 privilege escalation bugs[1] (reported by Arnaud Cordier)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esystem: /etc/hosts generation without interface\u003cem\u003ehas\u003c/em\u003egateway()\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esystem: show correct timestamp in config restore save message (contributed by nhirokinet)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esystem: list the commands for the pluginctl utility when n+ argument is given\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esystem: introduce and use userIsAdmin() helper function instead of checking for 'page-all' privilege directly\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esystem: use absolute path in widget ACLs (reported by Netgate)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esystem: RRD-related cleanups for less code exposure\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003einterfaces: add EN DUID Generation using OPNsense PEN (contributed by Team Rebellion)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003einterfaces: replace legacy\u003cem\u003egetall\u003c/em\u003einterface_addresses() usage\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirewall: fix port validation in aliases with leading / trailing spaces\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirewall: fix outbound NAT translation display in overview page\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirewall: prevent CARP outgoing packets from using the configured gateway\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirewall: use CARP net.inet.carp.demotion to control current demotion in status page\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirewall: stop live log poller on error result\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003edhcpd: change rule priority to 1 to avoid bogon clash\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003ednsmasq: only admins may edit custom options field\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirmware: use insecure mode for base and kernel sets when package fingerprints are disabled\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirmware: add optional device support for base and kernel sets\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003efirmware: add Hostcentral mirror (HTTP, Melbourne, Australia)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eipsec: always reset rightallowany to default when writing configuration\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003elang: say \"hola\" to Spanish as the newest available GUI language\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003elang: updates for Chinese, Czech, Japanese, German, French, Russian and Portuguese\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003enetwork time: only admins may edit custom options field\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eopenvpn: call openvpn\u003cem\u003erefresh\u003c/em\u003ecrls() indirectly via plugin_configure() for less code exposure\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eopenvpn: only admins may edit custom options field to prevent privilege escalation (reported by Bill Marquette)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eopenvpn: remove custom options field from wizard\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eunbound: only admins may edit custom options field\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003ewizard: translate typehint as well\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eplugins: os-freeradius 1.9.3 fixes string interpolation in LDAP filters (contributed by theq86)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eplugins: os-nginx 1.12[2]\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eplugins: os-theme-cicada 1.17 (contributed by Team Rebellion)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eplugins: os-theme-tukan 1.17 (contributed by Team Rebellion)\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esrc: timezone database information update[3]\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esrc: install(1) broken with partially matching relative paths[4]\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003esrc: microarchitectural Data Sampling (MDS) mitigation[5]\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eports: ca\u003cem\u003eroot\u003c/em\u003enss 3.44\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eports: php 7.2.18[6]\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eports: sqlite 3.28.0[7]\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eports: strongswan custom XAuth generic patch removed\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"wiregaurdonopenbsdhttpsblogjasperlawireguardonopenbsdhtml\"\u003e\u003ca href=\"https://blog.jasper.la/wireguard-on-openbsd.html\"\u003ewiregaurd on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eEarlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current.\n  Jason A. Donenfeld (WireGuard author) has worked to support OpenBSD in WireGuard and as such his post on ports@ last year got me interested in WireGuard, since then others have toyed with WireGuard on OpenBSD before and as such I've used Ted's article as a reference. Note however that some of the options mentioned there are no longer valid. Also, I'll be using two OpenBSD peers here.\n  The setup will be as follows: two OpenBSD peers, of which we'll dub wg1 the server and wg2 the client. The WireGuard service on wg1 is listening on 100.64.4.3:51820.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWireGuard (cl)aims to be easier to setup and faster than OpenVPN and while I haven't been able to verify the latter, the first is certainly true...once you've figured it out. Most documentation out there is for Linux so I had to figure out the wireguard\u003cem\u003ego service and the tun parameters. But all in all, sure, it's easier. Especially the client configuration on iOS which I didn't cover here because it's essentially pkg\u003c/em\u003eadd libqrencode ; cat client.conf | qrencode -t ansiutf8, scan the code with the WireGuard app and you're good to go. What is particularly neat is that WireGuard on iOS supports Always-on.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SerenityOS/serenity\"\u003eSerenity OS\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/05/27/22985.html\"\u003evkernels vs pmap\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=EY6q5dv_B-o\"\u003eBrian Kernighan interviews Ken Thompson\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/improvements_in_forking_threading_and\"\u003eImprovements in forking, threading, and signal code\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/05/21/22946.html\"\u003eDragonFly 5.4.3\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://magazine.odroid.com/article/netbsd-for-the-the-odroid-c2/\"\u003eNetBSD on the Odroid C2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePaulo - \u003ca href=\"http://dpaste.com/3VXMGX8\"\u003eLaptops\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eA Listener - \u003ca href=\"http://dpaste.com/0SWJNRX#wrap\"\u003eThanks\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/35NRF40#wrap\"\u003eExtend a pool and lower RAM footprint\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0300.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more. ","date_published":"2019-05-30T12:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f4d00ce6-8060-4be0-9049-570b73a6adbd.mp3","mime_type":"audio/mp3","size_in_bytes":44983170,"duration_in_seconds":4446}]},{"id":"22eb77a0-e162-4fce-bb37-987c1d34c477","title":"299: The NAS Fleet","url":"https://www.bsdnow.tv/299","content_text":"Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.\n\nHeadlines\n\nRunning AiX on QEMU on Linux on Windows\n\n\n  YES it’s real!\n  I’m using the Linux subsystem on Windows, as it’s easier to build this Qemu tree from source. I’m using Debian, but these steps will work on other systems that use Debian as a base.\n  first thing first, you need to get your system with the needed pre-requisites to compile\n  Great with those in place, now clone Artyom Tarasenko’s source repository\n  Since the frame buffer apparently isn’t quite working just yet, I configure for something more like a text mode build.\n  Now for me, GCC 7 didn’t build the source cleanly. I had to make a change to the file config-host.mak and remove all references to -Werror. Also I removed the sound hooks, as we won’t need them.\n  Now you can build Qemu.\n  Okay, all being well you now have a Qemu. Now following the steps from Artyom Tarasenko’s blog post, we can get started on the install!\n\n\n\nSee article for rest of walkthrough.\n\n\n\n\nTake Command of Your NAS Fleet with TrueCommand\n\n\n  Hundreds of thousands of FreeNAS and TrueNAS systems are deployed around the world, with many sites having dozens of systems.  Managing multiple systems individually can be time-consuming. iXsystems has responded to the challenge by creating a “single pane of glass” application to simplify the scaling of data, drive management, and administration of iXsystems NAS platforms. We are proud to introduce TrueCommand.\n  TrueCommand is a ZFS-aware management application that manages TrueNAS and FreeNAS systems. \n  The public Beta of TrueCommand is available for download now. TrueCommand can be used with small iXsystems NAS fleets for free. Licenses can be purchased for large-scale deployments and enterprise support.\n  TrueCommand expands on the ease of use and power of TrueNAS and FreeNAS systems with multi-system management and reporting.\n\n\n\n\nNews Roundup\n\nUnleashed 1.3 Released\n\n\n  This is the fourth release of Unleashed - an operating system fork of illumos.  For more information about Unleashed itself and the download links, see our website.\n  As one might expect, this release removes a few things.\n  The most notable being the removal of ksh93 along with all its libs.\n  As far as libc interfaces are concerned, a number of non-standard functions were removed.  In general, they have been replaced by the standards-compliant versions.  (getgrentr, fgetgrentr, getgrgidr, getgrnamr, ttynamer, getloginr, shmdt, sigwait, gethostname, putmsg, putpmsg, and getaddrinfo)\n  Additionally, wordexp and wordfree have been removed from libc.  Even though they are technically required by POSIX, software doesn't seem to use them. Because of the fragile implementation (shelling out), we took the OpenBSD approach and just removed them.\n  The default compilation environment now includes XOPENSOURCE=700 and EXTENSIONS.  Additionally, all applications now use 64-bit file offsets, making use of LARGEFILESOURCE, LARGEFILE64SOURCE, and FILEOFFSET_BITS unnecessary.\n  Last but not least, nightly.sh is no more.  In short, to build one simply runs 'make'.  (See README for detailed build instructions.)\n\n\n\nWhy Unleashed\n\n\n\n  Why did we decide to fork illumos? After all, there are already many illumos distributions available to choose from. We felt we could do better than any of them by taking a more aggressive stance toward compatibility and reducing cruft from code and community interactions alike.\n\n\n\n\nLLDB: extending CPU register inspection support\n\n\n  Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\n  In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and updating NetBSD distribution to LLVM 8 (which is still stalled by unresolved regressions in inline assembly syntax). You can read more about that in my Mar 2019 report.\n  In April, my main focus was on fixing and enhancing the support for reading and writing CPU registers. In this report, I'd like to shortly summarize what I have done, what I have learned in the process and what I still need to do.\n\n\n\nFuture plans\n\n\n\n  My work continues with the two milestones from last month, plus a third that's closely related:\n  Add support for FPU registers support for NetBSD/i386 and NetBSD/amd64.\n  Support XSAVE, XSAVEOPT, ... registers in core(5) files on NetBSD/amd64.\n  Add support for Debug Registers support for NetBSD/i386 and NetBSD/amd64.\n  The most important point right now is deciding on the format for passing the remaining registers, and implementing the missing ptrace interface kernel-side. The support for core files should follow using the same format then.\n  Userland-side, I will work on adding matching ATF tests for ptrace features and implement LLDB side of support for the new ptrace interface and core file notes. Afterwards, I will start working on improving support for the same things on 32-bit (i386) executables.\n\n\n\n\nV7 Unix programs are often not written the way you would expect\n\n\n  Yesterday I wrote that V7 ed read its terminal input in cooked mode a line at a time, which was an efficient, low-CPU design that was important on V7's small and low-power hardware. Then in comments, frankg pointed out that I was wrong about part of that, namely about how ed read its input.\n\n\n\nSidebar: An interesting undocumented ed feature\n\n\n\n  Reading this section of the source code for ed taught me that it has an interesting, undocumented, and entirely characteristic little behavior. Officially, ed commands that have you enter new text have that new text terminate by a . on a line by itself:\n  \n  In other words, it turns a single line with '.' into an EOF. The consequence of this is that if you type a real EOF at the start of a line, you get the same result, thus saving you one character (you use Control-D instead of '.' plus newline). This is very V7 Unix behavior, including the lack of documentation.\n  \n  This is also a natural behavior in one sense. A proper program has to react to EOF here in some way, and it might as well do so by ending the input mode. It's also natural to go on to try reading from the terminal again for subsequent commands; if this was a real and persistent EOF, for example because the pty closed, you'll just get EOF again and eventually quit. V7 ed is slightly unusual here in that it deliberately converts '.' by itself to EOF, instead of signaling this in a different way, but in a way that's also the simplest approach; if you have to have some signal for each case and you're going to treat them the same, you might as well have the same signal for both cases.\n  \n  Modern versions of ed appear to faithfully reimplement this convenient behavior, although they don't appear to document it. I haven't checked OpenBSD, but both FreeBSD ed and GNU ed work like this in a quick test. I haven't checked their source code to see if they implement it the same way.\n  \n  \n\n\nBeastie Bits\n\n\nCarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD\n\nCFT: FreeBSD Package Base\n\nInitial FUSE support in DragonFly\n\nTwo significant bugfixes for 5.4\n\nLibretto 100ct: 166mhz Pentium, 16gb compactflash, 32mb ram running OpenBSD\n\n\n\n\nFeedback/Questions\n\n\nDJ - Feedback\n\nFabian - ZFS ARC\n\nCaleb - Question\n\nA small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eRunning AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.\u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"runningaixonqemuonlinuxonwindowshttpsvirtuallyfuncomwordpress20190422installingaixonqemu\"\u003e\u003ca href=\"https://virtuallyfun.com/wordpress/2019/04/22/installing-aix-on-qemu/\"\u003eRunning AiX on QEMU on Linux on Windows\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eYES it’s real!\n  I’m using the Linux subsystem on Windows, as it’s easier to build this Qemu tree from source. I’m using Debian, but these steps will work on other systems that use Debian as a base.\n  first thing first, you need to get your system with the needed pre-requisites to compile\n  Great with those in place, now clone Artyom Tarasenko’s source repository\n  Since the frame buffer apparently isn’t quite working just yet, I configure for something more like a text mode build.\n  Now for me, GCC 7 didn’t build the source cleanly. I had to make a change to the file config-host.mak and remove all references to -Werror. Also I removed the sound hooks, as we won’t need them.\n  Now you can build Qemu.\n  Okay, all being well you now have a Qemu. Now following the steps from Artyom Tarasenko’s blog post, we can get started on the install!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee article for rest of walkthrough.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"takecommandofyournasfleetwithtruecommandhttpswwwixsystemscomblogtruecommand\"\u003e\u003ca href=\"https://www.ixsystems.com/blog/truecommand/\"\u003eTake Command of Your NAS Fleet with TrueCommand\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eHundreds of thousands of FreeNAS and TrueNAS systems are deployed around the world, with many sites having dozens of systems.  Managing multiple systems individually can be time-consuming. iXsystems has responded to the challenge by creating a “single pane of glass” application to simplify the scaling of data, drive management, and administration of iXsystems NAS platforms. We are proud to introduce TrueCommand.\n  TrueCommand is a ZFS-aware management application that manages TrueNAS and FreeNAS systems. \n  The public Beta of TrueCommand is available for download now. TrueCommand can be used with small iXsystems NAS fleets for free. Licenses can be purchased for large-scale deployments and enterprise support.\n  TrueCommand expands on the ease of use and power of TrueNAS and FreeNAS systems with multi-system management and reporting.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"unleashed13releasedhttplists31bitsnetarchivesdevel2019april000052html\"\u003e\u003ca href=\"http://lists.31bits.net/archives/devel/2019-April/000052.html\"\u003eUnleashed 1.3 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThis is the fourth release of Unleashed - an operating system fork of illumos.  For more information about Unleashed itself and the download links, see our website.\n  As one might expect, this release removes a few things.\n  The most notable being the removal of ksh93 along with all its libs.\n  As far as libc interfaces are concerned, a number of non-standard functions were removed.  In general, they have been replaced by the standards-compliant versions.  (getgrent\u003cem\u003er, fgetgrent\u003c/em\u003er, getgrgid\u003cem\u003er, getgrnam\u003c/em\u003er, ttyname\u003cem\u003er, getlogin\u003c/em\u003er, shmdt, sigwait, gethostname, putmsg, putpmsg, and getaddrinfo)\n  Additionally, wordexp and wordfree have been removed from libc.  Even though they are technically required by POSIX, software doesn't seem to use them. Because of the fragile implementation (shelling out), we took the OpenBSD approach and just removed them.\n  The default compilation environment now includes \u003cem\u003eXOPEN\u003c/em\u003eSOURCE=700 and \u003cstrong\u003eEXTENSIONS\u003c/strong\u003e.  Additionally, all applications now use 64-bit file offsets, making use of \u003cem\u003eLARGEFILE\u003c/em\u003eSOURCE, \u003cem\u003eLARGEFILE64\u003c/em\u003eSOURCE, and \u003cem\u003eFILE\u003c/em\u003eOFFSET_BITS unnecessary.\n  Last but not least, nightly.sh is no more.  In short, to build one simply runs 'make'.  (See README for detailed build instructions.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.unleashed-os.org/why.html\"\u003eWhy Unleashed\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWhy did we decide to fork illumos? After all, there are already many illumos distributions available to choose from. We felt we could do better than any of them by taking a more aggressive stance toward compatibility and reducing cruft from code and community interactions alike.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"lldbextendingcpuregisterinspectionsupporthttpblognetbsdorgtnfentrylldb_extending_cpu_register_inspection\"\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/lldb_extending_cpu_register_inspection\"\u003eLLDB: extending CPU register inspection support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eUpstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.\n  In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and updating NetBSD distribution to LLVM 8 (which is still stalled by unresolved regressions in inline assembly syntax). You can read more about that in my Mar 2019 report.\n  In April, my main focus was on fixing and enhancing the support for reading and writing CPU registers. In this report, I'd like to shortly summarize what I have done, what I have learned in the process and what I still need to do.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFuture plans\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eMy work continues with the two milestones from last month, plus a third that's closely related:\n  Add support for FPU registers support for NetBSD/i386 and NetBSD/amd64.\n  Support XSAVE, XSAVEOPT, ... registers in core(5) files on NetBSD/amd64.\n  Add support for Debug Registers support for NetBSD/i386 and NetBSD/amd64.\n  The most important point right now is deciding on the format for passing the remaining registers, and implementing the missing ptrace interface kernel-side. The support for core files should follow using the same format then.\n  Userland-side, I will work on adding matching ATF tests for ptrace features and implement LLDB side of support for the new ptrace interface and core file notes. Afterwards, I will start working on improving support for the same things on 32-bit (i386) executables.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"v7unixprogramsareoftennotwrittenthewayyouwouldexpecthttpsutccutorontocatcksspaceblogunixedv7codedunusually\"\u003e\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/unix/EdV7CodedUnusually\"\u003eV7 Unix programs are often not written the way you would expect\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eYesterday I wrote that V7 ed read its terminal input in cooked mode a line at a time, which was an efficient, low-CPU design that was important on V7's small and low-power hardware. Then in comments, frankg pointed out that I was wrong about part of that, namely about how ed read its input.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSidebar: An interesting undocumented ed feature\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eReading this section of the source code for ed taught me that it has an interesting, undocumented, and entirely characteristic little behavior. Officially, ed commands that have you enter new text have that new text terminate by a . on a line by itself:\u003c/p\u003e\n  \n  \u003cp\u003eIn other words, it turns a single line with '.' into an EOF. The consequence of this is that if you type a real EOF at the start of a line, you get the same result, thus saving you one character (you use Control-D instead of '.' plus newline). This is very V7 Unix behavior, including the lack of documentation.\u003c/p\u003e\n  \n  \u003cp\u003eThis is also a natural behavior in one sense. A proper program has to react to EOF here in some way, and it might as well do so by ending the input mode. It's also natural to go on to try reading from the terminal again for subsequent commands; if this was a real and persistent EOF, for example because the pty closed, you'll just get EOF again and eventually quit. V7 ed is slightly unusual here in that it deliberately converts '.' by itself to EOF, instead of signaling this in a different way, but in a way that's also the simplest approach; if you have to have some signal for each case and you're going to treat them the same, you might as well have the same signal for both cases.\u003c/p\u003e\n  \n  \u003cp\u003eModern versions of ed appear to faithfully reimplement this convenient behavior, although they don't appear to document it. I haven't checked OpenBSD, but both FreeBSD ed and GNU ed work like this in a quick test. I haven't checked their source code to see if they implement it the same way.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/\"\u003eCarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pkgbase/2019-April/000396.html\"\u003eCFT: FreeBSD Package Base\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/05/02/22862.html\"\u003eInitial FUSE support in DragonFly\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/05/03/22869.html\"\u003eTwo significant bugfixes for 5.4\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/openbsd/comments/bkb2zk/surprised_this_can_still_run_current/\"\u003eLibretto 100ct: 166mhz Pentium, 16gb compactflash, 32mb ram running OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDJ - \u003ca href=\"http://dpaste.com/0DSYJAH#wrap\"\u003eFeedback\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eFabian - \u003ca href=\"http://dpaste.com/2EC7S10#wrap\"\u003eZFS ARC\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eCaleb - \u003ca href=\"http://dpaste.com/3ZX177B#wrap\"\u003eQuestion\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eA small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0299.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more.","date_published":"2019-05-22T14:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/22eb77a0-e162-4fce-bb37-987c1d34c477.mp3","mime_type":"audio/mp3","size_in_bytes":32188343,"duration_in_seconds":3167}]},{"id":"85a43874-a080-4a57-9fb0-2a0210e9718e","title":"298: BSD On The Road","url":"https://www.bsdnow.tv/298","content_text":"36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more.\n\nHeadlines\n\n36+ year old bug in FFS/UFS discovered and patched \n\n\n  This update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk.\n  \n  \n  When the directory entry is written to disk, it is written as a full 32bit entry, and the unused bytes were not initialized, so could possibly contain sensitive data from the kernel stack\n  It can be viewed by any user with read access to that directory. Up to 3 bytes of kernel stack are disclosed per file entry, depending on the the amount of padding the kernel needs to pad out the entry to a 32 bit boundary. The offset in the kernel stack that is disclosed is a function of the filename size. Furthermore, if the user can create files in a directory, this 3 byte window can be expanded 3 bytes at a time to a 254 byte window with 75% of the data in that window exposed. The additional exposure is done by removing the entry, creating a new entry with a 4-byte longer name, extracting 3 more bytes by reading the directory, and repeating until a 252 byte name is created.\n  This exploit works in part because the area of the kernel stack that is being disclosed is in an area that typically doesn't change that often (perhaps a few times a second on a lightly loaded system), and these file creates and unlinks themselves don't overwrite the area of kernel stack being disclosed.\n  It appears that this bug originated with the creation of the Fast File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and is likely present in every Unix or Unix-like system that uses UFS/FFS. Amazingly, nobody noticed until now.\n  This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running.\n  Submitted by: David G. Lawrence dg@dglawrence.com\n  \n  So a patched kernel will no longer leak this data, and running the fsck_ffs -z command will erase any leaked data that may exist on your system\n  \n  OpenBSD commit with additional detail on mitigations\n  The impact on OpenBSD is very limited:\n  1 - such stack bytes can be found in raw-device reads, from group operator. If you can read the raw disks you can undertake other more powerful actions.\n  2 - read(2) upon directory fd was disabled July 1997 because I didn't like how grep * would display garbage and mess up the tty, and applying vis(3) for just directory reads seemed silly.  read(2) was changed to return 0 (EOF).  Sep 2016 this was further changed to EISDIR, so you still cannot see the bad bytes.\n  3 - In 2013 when guenther adapted the getdents(2) directory-reading system call to 64-bit ino_t, the userland data format changed to 8-byte-alignment, making it incompatible with the 4-byte-alignment UFS on-disk format.  As a result of code refactoring the bad bytes were not copied to userland. Bad bytes will remain in old directories on old filesystems, but nothing makes those bytes user visible.\n  There will be no errata or syspatch issued.  I urge other systems which do expose the information to userland to issue errata quickly, since this is a 254 byte infoleak of the stack which is great for ROP-chain building to attack some other bug. Especially if the kernel has no layout/link-order randomization ...\n  \n  \n  \n\n\nNomadBSD, a BSD for the Road\n\n\n  As regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD.\n  NomadBSD is different than most available BSDs. NomadBSD is a live system based on FreeBSD. It comes with automatic hardware detection and an initial config tool. NomadBSD is designed to “be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD’s hardware compatibility.”\n  This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD.\n  Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list.\n\n\n\nVersion 1.2 Released\n\n\n\n  NomadBSD recently released version 1.2 on April 21, 2019. This means that NomadBSD is now based on FreeBSD 12.0-p3. TRIM is now enabled by default. One of the biggest changes is that the initial command-line setup was replaced with a Qt graphical interface. They also added a Qt5 tool to install NomadBSD to your hard drive. A number of fixes were included to improve graphics support. They also added support for creating 32-bit images.\n\n\n\nThoughts on NomadBSD\n\n\n\n  I first discovered NomadBSD back in January when they released 1.2-RC1. At the time, I had been unable to install Project Trident on my laptop and was very frustrated with BSDs. I downloaded NomadBSD and tried it out. I initially ran into issues reaching the desktop, but RC2 fixed that issue. However, I was unable to get on the internet, even though I had an Ethernet cable plugged in. Luckily, I found the wifi manager in the menu and was able to connect to my wifi.\n  Overall, my experience with NomadBSD was pleasant. Once I figured out a few things, I was good to go. I hope that NomadBSD is the first of a new generation of BSDs that focus on mobility and ease of use. BSD has conquered the server world, it’s about time they figured out how to be more user-friendly.\n  \n  \n\n\nNews Roundup\n\n[OpenBSD automatic\n\nupgrade](https://www.tumfatig.net/20190426/openbsd-automatic-upgrade/)\n\n\n  OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances.\n  I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.\n\n\n\nExtra notes\n\n\n\n  There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually.\n  This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection.\n  I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.\n\n\n\n\nFreeBSD Dtrace ext2fs Support\n\n\nWhich logs were replaced by dtrace-probes:\n\n\nMisc printf's under DEBUG macro in the blocks allocation path.\n\nDifferent on-disk structures validation errors, now the filesystem will silently return EIO's.\n\nMisc checksum errors, same as above.\n\nThe only debug macro, which was leaved is EXT2FSPRINTEXTENTS.\n\nIt is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents.\n\nThe user still be able to see mount errors in the dmesg in case of:\n\n\nFilesystem features incompatibility.\n\nSuperblock checksum error.\n\n\n\n\n\n\nCreate a dedicated user for ssh tunneling only\n\n\n  I use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client.\n  The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports.\n  This is done very easily on OpenBSD.\n  The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding\n  Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config.\n  \n  \n\n\nThat was easy. Some info on upgrading VMM VMs to 6.5\n\n\n  We're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs.\n  OpenBSD 6.5 is released! There are two ways you can upgrade your VM.\n  Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8).\n\n\n\nUpgrade yourself\n\n\n\n  To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host.\n  When this is done you can use vmctl(8) to manage your VM. The options you have are:\n\n\n```$ vmctl start id [-c]```\n\n\n$ vmctl stop id [-fw]```\n\n```-w Wait until the VM has been terminated.```\n\n\n-c Automatically connect to the VM console.```\n\n\nSee the Article for the rest of the guide\n\n\n\n\nBeastie Bits\n\n\npowerpc64 architecture support in FreeBSD ports\n\nGhostBSD 19.04 overview\n\nHardenedBSD will have two user selectable ASLR implementations\n\nNYCBUG 2016 Talk Shell-Fu Uploaded\n\nWhat is ZIL anyway?\n\n\n\n\nFeedback/Questions\n\n\nQuentin - Organize an Ada/BSD interview\n\nDJ - Update\n\nPatrick - Bhyve frontends\n\nA small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003e36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more.\u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"36yearoldbuginffsufsdiscoveredandpatchedhttpssvnwebfreebsdorgbaseviewrevisionrevision347066\"\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=347066\"\u003e36+ year old bug in FFS/UFS discovered and patched \u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThis update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk.\u003c/p\u003e\n  \n  \u003cul\u003e\n  \u003cli\u003eWhen the directory entry is written to disk, it is written as a full 32bit entry, and the unused bytes were not initialized, so could possibly contain sensitive data from the kernel stack\n  It can be viewed by any user with read access to that directory. Up to 3 bytes of kernel stack are disclosed per file entry, depending on the the amount of padding the kernel needs to pad out the entry to a 32 bit boundary. The offset in the kernel stack that is disclosed is a function of the filename size. Furthermore, if the user can create files in a directory, this 3 byte window can be expanded 3 bytes at a time to a 254 byte window with 75% of the data in that window exposed. The additional exposure is done by removing the entry, creating a new entry with a 4-byte longer name, extracting 3 more bytes by reading the directory, and repeating until a 252 byte name is created.\n  This exploit works in part because the area of the kernel stack that is being disclosed is in an area that typically doesn't change that often (perhaps a few times a second on a lightly loaded system), and these file creates and unlinks themselves don't overwrite the area of kernel stack being disclosed.\n  It appears that this bug originated with the creation of the Fast File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and is likely present in every Unix or Unix-like system that uses UFS/FFS. Amazingly, nobody noticed until now.\n  This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running.\n  Submitted by: David G. Lawrence \u003ca href=\"\u0026#109;a\u0026#105;\u0026#108;\u0026#116;\u0026#111;:\u0026#x64;\u0026#x67;\u0026#64;\u0026#100;\u0026#103;\u0026#x6c;\u0026#97;\u0026#x77;\u0026#x72;\u0026#101;n\u0026#x63;\u0026#101;\u0026#x2e;\u0026#x63;\u0026#x6f;\u0026#109;\"\u003e\u0026#x64;\u0026#x67;\u0026#64;\u0026#100;\u0026#103;\u0026#x6c;\u0026#97;\u0026#x77;\u0026#x72;\u0026#101;n\u0026#x63;\u0026#101;\u0026#x2e;\u0026#x63;\u0026#x6f;\u0026#109;\u003c/a\u003e\u003c/li\u003e\n  \n  \u003cli\u003eSo a patched kernel will no longer leak this data, and running the \u003ccode\u003efsck_ffs -z\u003c/code\u003e command will erase any leaked data that may exist on your system\u003c/li\u003e\n  \n  \u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026amp;m=155699268122858\u0026amp;w=2\"\u003eOpenBSD commit with additional detail on mitigations\u003c/a\u003e\n  The impact on OpenBSD is very limited:\n  1 - such stack bytes can be found in raw-device reads, from group operator. If you can read the raw disks you can undertake other more powerful actions.\n  2 - read(2) upon directory fd was disabled July 1997 because I didn't like how grep * would display garbage and mess up the tty, and applying vis(3) for just directory reads seemed silly.  read(2) was changed to return 0 (EOF).  Sep 2016 this was further changed to EISDIR, so you still cannot see the bad bytes.\n  3 - In 2013 when guenther adapted the getdents(2) directory-reading system call to 64-bit ino_t, the userland data format changed to 8-byte-alignment, making it incompatible with the 4-byte-alignment UFS on-disk format.  As a result of code refactoring the bad bytes were not copied to userland. Bad bytes will remain in old directories on old filesystems, but nothing makes those bytes user visible.\n  There will be no errata or syspatch issued.  I urge other systems which do expose the information to userland to issue errata quickly, since this is a 254 byte infoleak of the stack which is great for ROP-chain building to attack some other bug. Especially if the kernel has no layout/link-order randomization ...\u003c/li\u003e\n  \u003c/ul\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"nomadbsdabsdfortheroadhttpsitsfosscomnomadbsd\"\u003e\u003ca href=\"https://itsfoss.com/nomadbsd/\"\u003eNomadBSD, a BSD for the Road\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAs regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD.\n  NomadBSD is different than most available BSDs. NomadBSD is a live system based on FreeBSD. It comes with automatic hardware detection and an initial config tool. NomadBSD is designed to “be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD’s hardware compatibility.”\n  This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD.\n  Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eVersion 1.2 Released\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eNomadBSD recently released version 1.2 on April 21, 2019. This means that NomadBSD is now based on FreeBSD 12.0-p3. TRIM is now enabled by default. One of the biggest changes is that the initial command-line setup was replaced with a Qt graphical interface. They also added a Qt5 tool to install NomadBSD to your hard drive. A number of fixes were included to improve graphics support. They also added support for creating 32-bit images.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThoughts on NomadBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI first discovered NomadBSD back in January when they released 1.2-RC1. At the time, I had been unable to install Project Trident on my laptop and was very frustrated with BSDs. I downloaded NomadBSD and tried it out. I initially ran into issues reaching the desktop, but RC2 fixed that issue. However, I was unable to get on the internet, even though I had an Ethernet cable plugged in. Luckily, I found the wifi manager in the menu and was able to connect to my wifi.\n  Overall, my experience with NomadBSD was pleasant. Once I figured out a few things, I was good to go. I hope that NomadBSD is the first of a new generation of BSDs that focus on mobility and ease of use. BSD has conquered the server world, it’s about time they figured out how to be more user-friendly.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"openbsdautomatic\"\u003e[OpenBSD automatic\u003c/h3\u003e\n\n\u003cp\u003eupgrade](https://www.tumfatig.net/20190426/openbsd-automatic-upgrade/)\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances.\n  I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eExtra notes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThere must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually.\n  This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection.\n  I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"freebsddtraceext2fssupporthttpsreviewsfreebsdorgd19848\"\u003e\u003ca href=\"https://reviews.freebsd.org/D19848\"\u003eFreeBSD Dtrace ext2fs Support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eWhich logs were replaced by dtrace-probes:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMisc printf's under DEBUG macro in the blocks allocation path.\u003c/li\u003e\n\n\u003cli\u003eDifferent on-disk structures validation errors, now the filesystem will silently return EIO's.\u003c/li\u003e\n\n\u003cli\u003eMisc checksum errors, same as above.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eThe only debug macro, which was leaved is EXT2FS\u003cem\u003ePRINT\u003c/em\u003eEXTENTS.\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eIt is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents.\u003c/p\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eThe user still be able to see mount errors in the dmesg in case of:\u003c/p\u003e\n\n\u003cp\u003e\u003cul\u003e\n\u003cli\u003eFilesystem features incompatibility.\u003c/li\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cli\u003eSuperblock checksum error.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/p\u003e\n\n\u003chr /\u003e\n\n\u003ch3 id=\"createadedicateduserforsshtunnelingonlyhttpsdataswamporgtsolene20190417sshtunnelinghtml\"\u003e\u003ca href=\"https://dataswamp.org/~solene/2019-04-17-ssh-tunneling.html\"\u003eCreate a dedicated user for ssh tunneling only\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client.\n  The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports.\n  This is done very easily on OpenBSD.\n  The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding\n  Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"thatwaseasysomeinfoonupgradingvmmvmsto65httpsopenbsdamsterdamupgradehtml\"\u003e\u003ca href=\"https://openbsd.amsterdam/upgrade.html\"\u003eThat was easy. Some info on upgrading VMM VMs to 6.5\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs.\n  OpenBSD 6.5 is released! There are two ways you can upgrade your VM.\n  Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpgrade yourself\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eTo get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host.\n  When this is done you can use vmctl(8) to manage your VM. The options you have are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode class=\"$ vmctl console id``` language-$ vmctl console id```\"\u003e```$ vmctl start id [-c]```\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e$ vmctl stop id [-fw]```\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode class=\"-f Forcefully stop the VM without attempting a graceful shutdown.``` language--f Forcefully stop the VM without attempting a graceful shutdown.```\"\u003e```-w Wait until the VM has been terminated.```\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e-c Automatically connect to the VM console.```\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the Article for the rest of the guide\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://inks.tedunangst.com/l/3791\"\u003epowerpc64 architecture support in FreeBSD ports\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://twitter.com/ribalinux/status/1117856218251517956\"\u003eGhostBSD 19.04 overview\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://twitter.com/lattera/status/1119018409575026688\"\u003eHardenedBSD will have two user selectable ASLR implementations\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=S_aTzXVRRlM\u0026amp;feature=youtu.be\"\u003eNYCBUG 2016 Talk Shell-Fu Uploaded\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"http://blog.zarfhome.com/2019/04/what-is-zil-anyway.html\"\u003eWhat is ZIL anyway?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eQuentin - \u003ca href=\"http://dpaste.com/0K9PQW9#wrap\"\u003eOrganize an Ada/BSD interview\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eDJ - \u003ca href=\"http://dpaste.com/3KTQ45G#wrap\"\u003eUpdate\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003ePatrick - \u003ca href=\"http://dpaste.com/07V6ZJN\"\u003eBhyve frontends\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eA small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0298.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more.","date_published":"2019-05-15T23:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/85a43874-a080-4a57-9fb0-2a0210e9718e.mp3","mime_type":"audio/mp3","size_in_bytes":31937689,"duration_in_seconds":3142}]},{"id":"b83c5930-57a8-4c27-855a-97b6d88f5f00","title":"297: Dragonfly In The Wild","url":"https://www.bsdnow.tv/297","content_text":"FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.\n\nHeadlines\n\nFreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference\n\n\n  With iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS.\n  Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices.\n  FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out.\n  Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape.\n\n\n\n\nDragonFlyBSD 5.4.2 is out\n\nUpgrading guide\n\n\n  Here's the tag commit, for what has changed from 5.4.1 to 5.4.2\n  The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely.  I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon.  This version includes Matt's fix for the HAMMER2 corruption bug he identified recently.\n  If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work.\n\n\n\u0026gt; cd /usr/src\n\u0026gt; git pull\n\u0026gt; make buildworld.\n\u0026gt; make buildkernel.\n\u0026gt; make installkernel.\n\u0026gt; make installworld\n\u0026gt; make upgrade\n\n\n\n  After your next reboot, you can optionally update your rescue system:\n\n\n\u0026gt; cd /usr/src\n\u0026gt; make initrd\n\n\n\n  As always, make sure your packages are up to date:\n\n\n\u0026gt; pkg update\n\u0026gt; pkg upgrade\n\n\n\n\nNews Roundup\n\nContaining web services with iocell\n\n\n  I'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it. 😛 \n  If you're interested in the history behind Jails, there is an excellent talk from Papers We Love on the subject: https://www.youtube.com/watch?v=hgN8pCMLI2U\n\n\n\nGetting started\n\n\n\n  There are plenty of options when it comes to setting up the jail system. Ezjail and Iocage seem popular, or you could do things manually. Iocage was recently rewritten in python, but was originally a set of shell scripts. That version has since been forked under the name Iocell, and I think it's pretty neat, so this tutorial will be using Iocell.\n\n\n\nTo start, you'll need the following:\n\n\n\nA FreeBSD install (we'll be using 11.0)\n\nThe iocell package (available as a package, also in the ports tree)\n\nA ZFS pool for hosting the jails\n\n\n\n\n  Once you have installed iocell and configured your ZFS pool, you'll need to run a few commands before creating your first jail. First, tell iocell which ZFS pool to use by issuing  iocell activate $POOLNAME. Iocell will create a few datasets.\n  \n  As you can imagine, your jails are contained within the /iocell/jails dataset. The  /iocell/releases dataset is used for storing the next command we need to run,  iocell fetch. Iocell will ask you which release you'd like to pull down. Since we're running 11.0 on the host, pick 11.0-RELEASE. Iocell will download the necessary txz files and unpack them in /iocell/releases.\n\n\n\nSee Article for the rest of the walkthrough.\n\n\n\n\nOracle Solaris 11.4 SRU8\n\n\n  Today we are releasing the SRU 8 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.\n  \n  \n  This SRU introduces the following enhancements:\n  \n  \n  \n  Integration of 28060039 introduced an issue where any firmware update/query commands will log eereports and repeated execution of such commands led to faulty/degraded NIC. The issue has been addressed in this SRU.\n  \n  UCB (libucb, librpcsoc, libdbm, libtermcap, and libcurses) libraries have been reinstated for Oracle Solaris 11.4\n  \n  Re-introduction of the service fc-fabric.\n  \n  ibus has been updated to 1.5.19\n  \n  \n\n\n\nThe following components have also been updated to address security issues:\n\n\n\nNTP has been updated to 4.2.8p12\n\nFirefox has been updated to 60.6.0esr\n\nBIND has been updated to 9.11.6\n\nOpenSSL has been updated to 1.0.2r\n\nMySQL has been updated to 5.6.43 \u0026amp; 5.7.25\n\nlibxml2 has been updated to 2.9.9\n\nlibxslt has been updated to 1.1.33\n\nWireshark has been updated to 2.6.7\n\nncurses has been updated to 6.1.0.20190105\n\nApache Web Server has been updated to 2.4.38\n\nperl 5.22\n\npkg.depot\n\n\n\n\n\nThe Problem with SSH Agent Forwarding\n\n\n  After hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding].”\n  Here’s what man ssh_config has to say about ForwardAgent:  \"Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.\"\"\n  Simply put: if your jump box is compromised and you use SSH agent forwarding to connect to another machine through it, then you risk also compromising the target machine!\n  Instead, you should use either ProxyCommand or ProxyJump (added in OpenSSH 7.3). That way, ssh will forward the TCP connection to the target host via the jump box and the actual connection will be made on your workstation. If someone on the jump box tries to MITM your connection, then you will be warned by ssh.\n\n\n\n\n[OpenBSD Upgrade Guide: 6.4 to 6.5\n\n\n  Start by performing the pre-upgrade steps. Next, boot from the install kernel, bsd.rd: use bootable install media, or place the 6.5 version of bsd.rd in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts. Apply the configuration changes and remove the old files. Finish up by upgrading the packages: pkg_add -u.\n  Alternatively, you can use the manual upgrade process.\n  You may wish to check the errata page or upgrade to the stable branch to get any post-release fixes.\n\n\n\nBefore rebooting into the install kernel\n\nConfiguration and syntax changes\n\nFiles to remove\n\nSpecial packages\n\nUpgrade without the install kernel\n\n\n\n\nBeastie Bits\n\n\n2019 FreeBSD Community Survey\n\nSeagate runs Mach.2 demo on FreeBSD\n\nFreeBSD: Resizing and Growing Disks\n\nLoading 4.9 on an old Tandy 4025LX - 386, 16MB, 1GB HD. Good old external SCSI CD\n\nOS108 MATE 20190422 released\n\n\n\n\nFeedback/Questions\n\n\nCasey - Oklahoma City \u0026amp; James\n\nMichael - Question on SAS backplane (camcontrol?)\n\nAles - OpenBSD, FreeNAS, OpenZFS questions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.\u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"freebsdzfsvszolperformanceubuntuzfsonlinuxreferencehttpswwwphoronixcomscanphppagearticleitemfreebsdzolaprilnum1\"\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026amp;item=freebsd-zol-april\u0026amp;num=1\"\u003eFreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWith iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS.\n  Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices.\n  FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out.\n  Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"dragonflybsd542isouthttpswwwdragonflybsdorgrelease54\"\u003e\u003ca href=\"https://www.dragonflybsd.org/release54/\"\u003eDragonFlyBSD 5.4.2 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2019-April/358160.html\"\u003eUpgrading guide\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eHere's the tag commit, for what has changed from \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2019-April/718697.html\"\u003e5.4.1 to 5.4.2\u003c/a\u003e\n  The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely.  I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon.  This version includes Matt's fix for the HAMMER2 corruption bug he identified recently.\n  If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; cd /usr/src\n\u0026gt; git pull\n\u0026gt; make buildworld.\n\u0026gt; make buildkernel.\n\u0026gt; make installkernel.\n\u0026gt; make installworld\n\u0026gt; make upgrade\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAfter your next reboot, you can optionally update your rescue system:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; cd /usr/src\n\u0026gt; make initrd\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAs always, make sure your packages are up to date:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; pkg update\n\u0026gt; pkg upgrade\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"containingwebserviceswithiocellhttpsgioarcme20170305containingwebserviceswithiocell\"\u003e\u003ca href=\"https://gioarc.me/2017/03/05/containing-web-services-with-iocell/\"\u003eContaining web services with iocell\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it. 😛 \n  If you're interested in the history behind Jails, there is an excellent talk from Papers We Love on the subject: https://www.youtube.com/watch?v=hgN8pCMLI2U\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGetting started\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThere are plenty of options when it comes to setting up the jail system. Ezjail and Iocage seem popular, or you could do things manually. Iocage was recently rewritten in python, but was originally a set of shell scripts. That version has since been forked under the name Iocell, and I think it's pretty neat, so this tutorial will be using Iocell.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo start, you'll need the following:\n\n\n\u003cul\u003e\n\u003cli\u003eA FreeBSD install (we'll be using 11.0)\u003c/li\u003e\n\n\u003cli\u003eThe iocell package (available as a package, also in the ports tree)\u003c/li\u003e\n\n\u003cli\u003eA ZFS pool for hosting the jails\u003c/li\u003e\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOnce you have installed iocell and configured your ZFS pool, you'll need to run a few commands before creating your first jail. First, tell iocell which ZFS pool to use by issuing  iocell activate $POOLNAME. Iocell will create a few datasets.\u003c/p\u003e\n  \n  \u003cp\u003eAs you can imagine, your jails are contained within the /iocell/jails dataset. The  /iocell/releases dataset is used for storing the next command we need to run,  iocell fetch. Iocell will ask you which release you'd like to pull down. Since we're running 11.0 on the host, pick 11.0-RELEASE. Iocell will download the necessary txz files and unpack them in /iocell/releases.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee Article for the rest of the walkthrough.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"oraclesolaris114sru8httpsblogsoraclecomsolarisannouncingoraclesolaris114sru8\"\u003e\u003ca href=\"https://blogs.oracle.com/solaris/announcing-oracle-solaris-114-sru8\"\u003eOracle Solaris 11.4 SRU8\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eToday we are releasing the SRU 8 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.\u003c/p\u003e\n  \n  \u003cul\u003e\n  \u003cli\u003eThis SRU introduces the following enhancements:\n  \n  \n  \u003cul\u003e\n  \u003cli\u003eIntegration of 28060039 introduced an issue where any firmware update/query commands will log eereports and repeated execution of such commands led to faulty/degraded NIC. The issue has been addressed in this SRU.\u003c/li\u003e\n  \n  \u003cli\u003eUCB (libucb, librpcsoc, libdbm, libtermcap, and libcurses) libraries have been reinstated for Oracle Solaris 11.4\u003c/li\u003e\n  \n  \u003cli\u003eRe-introduction of the service fc-fabric.\u003c/li\u003e\n  \n  \u003cli\u003eibus has been updated to 1.5.19\u003c/li\u003e\u003c/ul\u003e\n  \u003c/li\u003e\n  \u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe following components have also been updated to address security issues:\n\n\n\u003cul\u003e\n\u003cli\u003eNTP has been updated to 4.2.8p12\u003c/li\u003e\n\n\u003cli\u003eFirefox has been updated to 60.6.0esr\u003c/li\u003e\n\n\u003cli\u003eBIND has been updated to 9.11.6\u003c/li\u003e\n\n\u003cli\u003eOpenSSL has been updated to 1.0.2r\u003c/li\u003e\n\n\u003cli\u003eMySQL has been updated to 5.6.43 \u0026amp; 5.7.25\u003c/li\u003e\n\n\u003cli\u003elibxml2 has been updated to 2.9.9\u003c/li\u003e\n\n\u003cli\u003elibxslt has been updated to 1.1.33\u003c/li\u003e\n\n\u003cli\u003eWireshark has been updated to 2.6.7\u003c/li\u003e\n\n\u003cli\u003encurses has been updated to 6.1.0.20190105\u003c/li\u003e\n\n\u003cli\u003eApache Web Server has been updated to 2.4.38\u003c/li\u003e\n\n\u003cli\u003eperl 5.22\u003c/li\u003e\n\n\u003cli\u003epkg.depot\u003c/li\u003e\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"theproblemwithsshagentforwardinghttpsdefnio20190412sshforwarding\"\u003e\u003ca href=\"https://defn.io/2019/04/12/ssh-forwarding/\"\u003eThe Problem with SSH Agent Forwarding\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAfter hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding].”\n  Here’s what man ssh_config has to say about ForwardAgent:  \"Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.\"\"\n  Simply put: if your jump box is compromised and you use SSH agent forwarding to connect to another machine through it, then you risk also compromising the target machine!\n  Instead, you should use either ProxyCommand or ProxyJump (added in OpenSSH 7.3). That way, ssh will forward the TCP connection to the target host via the jump box and the actual connection will be made on your workstation. If someone on the jump box tries to MITM your connection, then you will be warned by ssh.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"openbsdupgradeguide64to65httpswwwopenbsdorgfaqupgrade65html\"\u003e[\u003ca href=\"https://www.openbsd.org/faq/upgrade65.html\"\u003eOpenBSD Upgrade Guide: 6.4 to 6.5\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eStart by performing the pre-upgrade steps. Next, boot from the install kernel, bsd.rd: use bootable install media, or place the 6.5 version of bsd.rd in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts. Apply the configuration changes and remove the old files. Finish up by upgrading the packages: pkg_add -u.\n  Alternatively, you can use the manual upgrade process.\n  You may wish to check the errata page or upgrade to the stable branch to get any post-release fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBefore rebooting into the install kernel\u003c/li\u003e\n\n\u003cli\u003eConfiguration and syntax changes\u003c/li\u003e\n\n\u003cli\u003eFiles to remove\u003c/li\u003e\n\n\u003cli\u003eSpecial packages\u003c/li\u003e\n\n\u003cli\u003eUpgrade without the install kernel\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2019-April/001873.html\"\u003e2019 FreeBSD Community Survey\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://blog.seagate.com/craftsman-ship/seagate-shows-dual-actuator-speed-gains-in-real-world-setup/\"\u003eSeagate runs Mach.2 demo on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=2KoD-jXjHok\u0026amp;t=7s\"\u003eFreeBSD: Resizing and Growing Disks\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/freebsd/comments/bh1abv/loading_49_on_an_old_tandy_4025lx_386_16mb_1gb_hd/\"\u003eLoading 4.9 on an old Tandy 4025LX - 386, 16MB, 1GB HD. Good old external SCSI CD\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://forums.os108.org/d/6-os108-mate-20190422-released\"\u003eOS108 MATE 20190422 released\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eCasey - \u003ca href=\"http://dpaste.com/39VJ7NH#wrap\"\u003eOklahoma City \u0026amp; James\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/2VSKEGW#wrap\"\u003eQuestion on SAS backplane (camcontrol?)\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eAles - \u003ca href=\"http://dpaste.com/0AD0HBY#wrap\"\u003eOpenBSD, FreeNAS, OpenZFS questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0297.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more.","date_published":"2019-05-09T00:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b83c5930-57a8-4c27-855a-97b6d88f5f00.mp3","mime_type":"audio/mp3","size_in_bytes":24677382,"duration_in_seconds":2416}]},{"id":"81313d3c-40f8-49f3-bc58-f34f5dfcf51d","title":"296: It’s Alive: OpenBSD 6.5","url":"https://www.bsdnow.tv/296","content_text":"OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.\n\nHeadlines\n\nOpenBSD 6.5 Released\n\n\nChangelog\n\nMirrors\n\n6.5 Includes\n\n\n\nOpenSMTPD 6.5.0\n\nLibreSSL 2.9.1\n\nOpenSSH 8.0\n\nMandoc 1.14.5\n\nXenocara\n\nLLVM/Clang 7.0.1 (+ patches)\n\nGCC 4.2.1 (+ patches) and 3.3.6 (+ patches)\n\n\nMany pre-built packages for each architecture:\n\n\n\naarch64: 9654\n\namd64: 10602\n\ni386: 10535\n\n\n\n\n\nMount your ZFS datasets anywhere you want\n\n\n  ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility.\n  When you create zpool maintank, the default mountpoint is /maintank.\n  You might be happy with that, but you don’t have to be content. You can do magical things.\n\n\n\nSome highlights are:\n\n\n\nmount point can be inherited\n\nnot all filesystems in a zpool need to be mounted\n\neach filesystem (directory) can have different ZFS characteristics\n\nIn my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.\n\n\n\n\n\nNews Roundup\n\nBranch for netbsd 9 upcoming, please help and test -current\n\n\n  Folks,\n  once again we are quite late for branching the next NetBSD release (NetBSD 9).\n  Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that.\n  On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later.\n  On the bad side we saw lots of churn in -current recently, and there is quite  some fallout where we not even have a good overview right now. And this is where  you can help:\n  \n  \n  please test -current, on all the various machines you have\n  \n  especially interesting would be test results from uncommon architectures\n  or strange combinations (like the sparc userland on sparc64 kernel issue\n  I ran in yesterday)\n  Please test, report success, and file PRs for failures!\n  We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may.\n  We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go.\n  Our goal is to have an unprecedented short release cycle this time. But..\n  we always say that upfront.\n  \n  \n  \n\n\nLibreSSL 2.9.1 Released\n\n\n  We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL\n  directory of your local OpenBSD mirror soon. This is the first stable release\n  from the 2.9 series, which is also included with OpenBSD 6.5\n  \n  It includes the following changes and improvements from LibreSSL 2.8.x:\n\n\n\nAPI and Documentation Enhancements\n\n\nCRYPTO_LOCK is now automatically initialized, with the legacy\ncallbacks stubbed for compatibility.\n\nAdded the SM3 hash function from the Chinese standard GB/T 32905-2016.\n\nAdded the SM4 block cipher from the Chinese standard GB/T 32907-2016.\n\nAdded more OPENSSLNO* macros for compatibility with OpenSSL.\n\nPartial port of the OpenSSL ECKEYMETHOD API for use by OpenSSH.\n\nImplemented further missing OpenSSL 1.1 API.\n\nAdded support for XChaCha20 and XChaCha20-Poly1305.\n\nAdded support for AES key wrap constructions via the EVP interface.\n\nCompatibility Changes\n\n\nAdded pbkdf2 key derivation support to openssl(1) enc.\n\nChanged the default digest type of openssl(1) enc to sha256.\n\nChanged the default digest type of openssl(1) dgst to sha256.\n\nChanged the default digest type of openssl(1) x509 -fingerprint to sha256.\n\nChanged the default digest type of openssl(1) crl -fingerprint to sha256.\n\nTesting and Proactive Security\n\n\nAdded extensive interoperability tests between LibreSSL and OpenSSL\n1.0 and 1.1.\n\nAdded additional Wycheproof tests and related bug fixes.\n\nInternal Improvements\n\n\nSimplified sigalgs option processing and handshake signing\nalgorithm selection.\n\nAdded the ability to use the RSA PSS algorithm for handshake signatures.\n\nAdded bnrandinterval() and use it in code needing ranges of\nrandom bn values.\n\nAdded functionality to derive early, handshake, and application\nsecrets as per RFC8446.\n\nAdded handshake state machine from RFC8446.\n\nRemoved some ASN.1 related code from libcrypto that had not been\nused since around 2000.\n\nUnexported internal symbols and internalized more record layer structs.\n\nRemoved SHA224 based handshake signatures from consideration for\nuse in a TLS 1.2 handshake.\n\nPortable Improvements\n\n\nAdded support for assembly optimizations on 32-bit ARM ELF targets.\n\nAdded support for assembly optimizations on Mingw-w64 targets.\n\nImproved Android compatibility\n\nBug Fixes\n\n\nImproved protection against timing side channels in ECDSA signature\ngeneration.\n\nCoordinate blinding was added to some elliptic curves. This is the\nlast bit of the work by Brumley et al. to protect against the Portsmash\nvulnerability.\n\nEnsure transcript handshake is always freed with TLS 1.2.\n\n\n\n\n\n  The LibreSSL project continues improvement of the codebase to reflect modern,\n  safe programming practices. We welcome feedback and improvements from the\n  broader community. Thanks to all of the contributors who helped make this\n  release possible.\n  \n  \n\n\nFreeBSD Mastery: Jails – Bail Bond Denied Edition\n\n\n  I had a brilliant, hideous idea: to produce a charity edition of FreeBSD Mastery: Jails featuring the cover art I would use if I was imprisoned and did not have access to a real cover artist. (Never mind that I wouldn’t be permitted to release books while in jail: we creative sorts scoff at mere legal and cultural details.)\n  I originally wanted to produce my own take on the book’s cover art. My first attempt failed spectacularly.\n  I downgraded my expectations and tried again. And again. And again.\n  I’m pleased to reveal the final cover for FreeBSD Mastery: Jails–Bail Bond Edition!\n  This cover represents the very pinnacle of my artistic talents, and is the result of literally hours of effort.\n  But, as this book is available only to the winner of charity fund-raisers, purchase of this tome represents moral supremacy. I recommend flaunting it to your family, coworkers, and all those of lesser character.\n  Get your copy by winning the BSDCan 2019 charity auction… or any other other auction-type event I deem worthwhile.\n  As far as my moral fiber goes: I have learned that art is hard, and that artists are not paid enough.\n  And if I am ever imprisoned, I do hope that you’ll contribute to my bail fund. Otherwise, you’ll get more covers like this one.\n\n\n\n\nOne reason ed(1) was a good editor back in the days of V7 Unix\n\n\n  It is common to describe ed(1) as being line oriented, as opposed to screen oriented editors like vi. This is completely accurate but it is perhaps not a complete enough description for today, because ed is line oriented in a way that is now uncommon. After all, you could say that your shell is line oriented too, and very few people use shells that work and feel the same way ed does.\n  The surface difference between most people's shells and ed is that most people's shells have some version of cursor based interactive editing. The deeper difference is that this requires the shell to run in character by character TTY input mode, also called raw mode. By contrast, ed runs in what Unix usually calls cooked mode, where it reads whole lines from the kernel and the kernel handles things like backspace. All of ed's commands are designed so that they work in this line focused way (including being terminated by the end of the line), and as a whole ed's interface makes this whole line input approach natural. In fact I think ed makes it so natural that it's hard to think of things as being any other way. Ed was designed for line at a time input, not just to not be screen oriented.\n  This input mode difference is not very important today, but in the days of V7 and serial terminals it made a real difference. In cooked mode, V7 ran very little code when you entered each character; almost everything was deferred until it could be processed in bulk by the kernel, and then handed to ed all in a single line which ed could also process all at once. A version of ed that tried to work in raw mode would have been much more resource intensive, even if it still operated on single lines at a time.\n\n\n\n\nBeastie Bits\n\n\nCFT for FreeBSD ZoL\n\nSimple DNS Adblock\n\nAT\u0026amp;T Unix PC in 1985\n\nOpenBSD-current drm at 4.19, includes new support for Intel GPUs like Coffee Lake\n\n\"What are the differences between Linux and OpenBSD?\" - Twitter thread\n\nAnnouncing the pkgsrc-2019Q1 release (2019-04-10)\n\n\n\n\nFeedback/Questions\n\n\nBrad - iocage\n\nFrank - Video from Level1Tech and a question\n\nNiall - Revision Control\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eOpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.\u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"openbsd65releasedhttpswwwopenbsdorg65html\"\u003e\u003ca href=\"https://www.openbsd.org/65.html\"\u003eOpenBSD 6.5 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/plus65.html\"\u003eChangelog\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/ftp.html\"\u003eMirrors\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e6.5 Includes\n\n\n\u003cul\u003e\n\u003cli\u003eOpenSMTPD 6.5.0\u003c/li\u003e\n\n\u003cli\u003eLibreSSL 2.9.1\u003c/li\u003e\n\n\u003cli\u003eOpenSSH 8.0\u003c/li\u003e\n\n\u003cli\u003eMandoc 1.14.5\u003c/li\u003e\n\n\u003cli\u003eXenocara\u003c/li\u003e\n\n\u003cli\u003eLLVM/Clang 7.0.1 (+ patches)\u003c/li\u003e\n\n\u003cli\u003eGCC 4.2.1 (+ patches) and 3.3.6 (+ patches)\u003c/li\u003e\u003c/ul\u003e\n\u003c/li\u003e\n\n\u003cli\u003eMany pre-built packages for each architecture:\n\n\n\u003cul\u003e\n\u003cli\u003eaarch64: 9654\u003c/li\u003e\n\n\u003cli\u003eamd64: 10602\u003c/li\u003e\n\n\u003cli\u003ei386: 10535\u003c/li\u003e\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3 id=\"mountyourzfsdatasetsanywhereyouwanthttpsdanlangilleorg20190422mountyourzfsdatasetsanywhereyouwant\"\u003e\u003ca href=\"https://dan.langille.org/2019/04/22/mount-your-zfs-datasets-anywhere-you-want/\"\u003eMount your ZFS datasets anywhere you want\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eZFS is very flexible about mountpoints, and there are many features available to provide great flexibility.\n  When you create zpool main\u003cem\u003etank, the default mountpoint is /main\u003c/em\u003etank.\n  You might be happy with that, but you don’t have to be content. You can do magical things.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome highlights are:\n\n\n\u003cul\u003e\n\u003cli\u003emount point can be inherited\u003c/li\u003e\n\n\u003cli\u003enot all filesystems in a zpool need to be mounted\u003c/li\u003e\n\n\u003cli\u003eeach filesystem (directory) can have different ZFS characteristics\u003c/li\u003e\n\n\u003cli\u003eIn my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.\u003c/li\u003e\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"branchfornetbsd9upcomingpleasehelpandtestcurrenthttpsmailindexnetbsdorgcurrentusers20190424msg035645html\"\u003e\u003ca href=\"https://mail-index.netbsd.org/current-users/2019/04/24/msg035645.html\"\u003eBranch for netbsd 9 upcoming, please help and test -current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eFolks,\n  once again we are quite late for branching the next NetBSD release (NetBSD 9).\n  Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that.\n  On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later.\n  On the bad side we saw lots of churn in -current recently, and there is quite  some fallout where we not even have a good overview right now. And this is where  you can help:\u003c/p\u003e\n  \n  \u003cul\u003e\n  \u003cli\u003eplease test -current, on all the various machines you have\u003c/li\u003e\n  \n  \u003cli\u003eespecially interesting would be test results from uncommon architectures\n  or strange combinations (like the sparc userland on sparc64 kernel issue\n  I ran in yesterday)\n  Please test, report success, and file PRs for failures!\n  We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may.\n  We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go.\n  Our goal is to have an unprecedented short release cycle this time. But..\n  we always say that upfront.\u003c/li\u003e\n  \u003c/ul\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"libressl291releasedhttpsmarcinfolopenbsdannouncem155590112606279w2\"\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026amp;m=155590112606279\u0026amp;w=2\"\u003eLibreSSL 2.9.1 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe have released LibreSSL 2.9.1, which will be arriving in the LibreSSL\n  directory of your local OpenBSD mirror soon. This is the first stable release\n  from the 2.9 series, which is also included with OpenBSD 6.5\u003c/p\u003e\n  \n  \u003cp\u003eIt includes the following changes and improvements from LibreSSL 2.8.x:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eAPI and Documentation Enhancements\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCRYPTO_LOCK is now automatically initialized, with the legacy\ncallbacks stubbed for compatibility.\u003c/li\u003e\n\n\u003cli\u003eAdded the SM3 hash function from the Chinese standard GB/T 32905-2016.\u003c/li\u003e\n\n\u003cli\u003eAdded the SM4 block cipher from the Chinese standard GB/T 32907-2016.\u003c/li\u003e\n\n\u003cli\u003eAdded more OPENSSL\u003cem\u003eNO\u003c/em\u003e* macros for compatibility with OpenSSL.\u003c/li\u003e\n\n\u003cli\u003ePartial port of the OpenSSL EC\u003cem\u003eKEY\u003c/em\u003eMETHOD API for use by OpenSSH.\u003c/li\u003e\n\n\u003cli\u003eImplemented further missing OpenSSL 1.1 API.\u003c/li\u003e\n\n\u003cli\u003eAdded support for XChaCha20 and XChaCha20-Poly1305.\u003c/li\u003e\n\n\u003cli\u003eAdded support for AES key wrap constructions via the EVP interface.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eCompatibility Changes\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdded pbkdf2 key derivation support to openssl(1) enc.\u003c/li\u003e\n\n\u003cli\u003eChanged the default digest type of openssl(1) enc to sha256.\u003c/li\u003e\n\n\u003cli\u003eChanged the default digest type of openssl(1) dgst to sha256.\u003c/li\u003e\n\n\u003cli\u003eChanged the default digest type of openssl(1) x509 -fingerprint to sha256.\u003c/li\u003e\n\n\u003cli\u003eChanged the default digest type of openssl(1) crl -fingerprint to sha256.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eTesting and Proactive Security\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdded extensive interoperability tests between LibreSSL and OpenSSL\n1.0 and 1.1.\u003c/li\u003e\n\n\u003cli\u003eAdded additional Wycheproof tests and related bug fixes.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eInternal Improvements\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSimplified sigalgs option processing and handshake signing\nalgorithm selection.\u003c/li\u003e\n\n\u003cli\u003eAdded the ability to use the RSA PSS algorithm for handshake signatures.\u003c/li\u003e\n\n\u003cli\u003eAdded bn\u003cem\u003erand\u003c/em\u003einterval() and use it in code needing ranges of\nrandom bn values.\u003c/li\u003e\n\n\u003cli\u003eAdded functionality to derive early, handshake, and application\nsecrets as per RFC8446.\u003c/li\u003e\n\n\u003cli\u003eAdded handshake state machine from RFC8446.\u003c/li\u003e\n\n\u003cli\u003eRemoved some ASN.1 related code from libcrypto that had not been\nused since around 2000.\u003c/li\u003e\n\n\u003cli\u003eUnexported internal symbols and internalized more record layer structs.\u003c/li\u003e\n\n\u003cli\u003eRemoved SHA224 based handshake signatures from consideration for\nuse in a TLS 1.2 handshake.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003ePortable Improvements\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdded support for assembly optimizations on 32-bit ARM ELF targets.\u003c/li\u003e\n\n\u003cli\u003eAdded support for assembly optimizations on Mingw-w64 targets.\u003c/li\u003e\n\n\u003cli\u003eImproved Android compatibility\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003cp\u003eBug Fixes\u003c/p\u003e\n\n\u003cp\u003e\u003cul\u003e\n\u003cli\u003eImproved protection against timing side channels in ECDSA signature\ngeneration.\u003c/li\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cli\u003eCoordinate blinding was added to some elliptic curves. This is the\nlast bit of the work by Brumley et al. to protect against the Portsmash\nvulnerability.\u003c/li\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cli\u003eEnsure transcript handshake is always freed with TLS 1.2.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe LibreSSL project continues improvement of the codebase to reflect modern,\n  safe programming practices. We welcome feedback and improvements from the\n  broader community. Thanks to all of the contributors who helped make this\n  release possible.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"freebsdmasteryjailsbailbonddeniededitionhttpsmwlioarchives4227\"\u003e\u003ca href=\"https://mwl.io/archives/4227\"\u003eFreeBSD Mastery: Jails – Bail Bond Denied Edition\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI had a brilliant, hideous idea: to produce a charity edition of FreeBSD Mastery: Jails featuring the cover art I would use if I was imprisoned and did not have access to a real cover artist. (Never mind that I wouldn’t be permitted to release books while in jail: we creative sorts scoff at mere legal and cultural details.)\n  I originally wanted to produce my own take on the book’s cover art. My first attempt failed spectacularly.\n  I downgraded my expectations and tried again. And again. And again.\n  I’m pleased to reveal the final cover for FreeBSD Mastery: Jails–Bail Bond Edition!\n  This cover represents the very pinnacle of my artistic talents, and is the result of literally hours of effort.\n  But, as this book is available only to the winner of charity fund-raisers, purchase of this tome represents moral supremacy. I recommend flaunting it to your family, coworkers, and all those of lesser character.\n  Get your copy by winning the BSDCan 2019 charity auction… or any other other auction-type event I deem worthwhile.\n  As far as my moral fiber goes: I have learned that art is hard, and that artists are not paid enough.\n  And if I am ever imprisoned, I do hope that you’ll contribute to my bail fund. Otherwise, you’ll get more covers like this one.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\u003ch3 id=\"onereasoned1wasagoodeditorbackinthedaysofv7unixhttpsutccutorontocatcksspaceblogunixeddesignedforcookedinput\"\u003e\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/unix/EdDesignedForCookedInput\"\u003eOne reason ed(1) was a good editor back in the days of V7 Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIt is common to describe ed(1) as being line oriented, as opposed to screen oriented editors like vi. This is completely accurate but it is perhaps not a complete enough description for today, because ed is line oriented in a way that is now uncommon. After all, you could say that your shell is line oriented too, and very few people use shells that work and feel the same way ed does.\n  The surface difference between most people's shells and ed is that most people's shells have some version of cursor based interactive editing. The deeper difference is that this requires the shell to run in character by character TTY input mode, also called raw mode. By contrast, ed runs in what Unix usually calls cooked mode, where it reads whole lines from the kernel and the kernel handles things like backspace. All of ed's commands are designed so that they work in this line focused way (including being terminated by the end of the line), and as a whole ed's interface makes this whole line input approach natural. In fact I think ed makes it so natural that it's hard to think of things as being any other way. Ed was designed for line at a time input, not just to not be screen oriented.\n  This input mode difference is not very important today, but in the days of V7 and serial terminals it made a real difference. In cooked mode, V7 ran very little code when you entered each character; almost everything was deferred until it could be processed in bulk by the kernel, and then handed to ed all in a single line which ed could also process all at once. A version of ed that tried to work in raw mode would have been much more resource intensive, even if it still operated on single lines at a time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-fs/2019-April/027603.html\"\u003eCFT for FreeBSD ZoL\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://github.com/wilyarti/simple-dns-adblock\"\u003eSimple DNS Adblock\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://twitter.com/unix_byte/status/1119904828182781958\"\u003eAT\u0026amp;T Unix PC in 1985\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026amp;m=155523690813457\u0026amp;w=2\"\u003eOpenBSD-current drm at 4.19, includes new support for Intel GPUs like Coffee Lake\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://twitter.com/cfenollosa/status/1122069042083323904\"\u003e\"What are the differences between Linux and OpenBSD?\" - Twitter thread\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2019/04/10/msg028308.html\"\u003eAnnouncing the pkgsrc-2019Q1 release (2019-04-10)\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/0K2QFTM#wrap\"\u003eiocage\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eFrank - \u003ca href=\"http://dpaste.com/3110R96#wrap\"\u003eVideo from Level1Tech and a question\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eNiall - \u003ca href=\"http://dpaste.com/0A32XDK#wrap\"\u003eRevision Control\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0296.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.","date_published":"2019-05-03T13:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/81313d3c-40f8-49f3-bc58-f34f5dfcf51d.mp3","mime_type":"audio/mp3","size_in_bytes":37476669,"duration_in_seconds":3695}]},{"id":"f856e52d-1f51-46e1-9dd9-658045523279","title":"295: Fun with funlinkat()","url":"https://www.bsdnow.tv/295","content_text":"Introducing funlinkat(), an OpenBSD Router with AT\u0026amp;T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.\n\nHeadlines\n\nIntroducing funlinkat\n\n\nIt turns out, every file you have ever deleted on a unix machine was probably susceptible to a race condition\n\n\n\n  One of the first syscalls which was created in Unix-like systems is unlink. In FreeBSD this syscall is number 10 (source) and in Linux, the number is dependent on the architecture but for most of them is also the tenth syscall (source). This indicated that this is one of the primary syscalls. The unlink syscall is very simple and we provide one single path to the file that we want to remove.\n  The “removing file” process itself is very interesting so let’s spend a moment to understand the it. First, by removing the file we are removing a link from the directory to it. In Unix-like systems we can have many links to a single file (hard links). When we remove all links to the file, the file system will mark the blocks used by the file as free (a different file system will behave differently but let’s not jump into a second digression). This is why the process is called unlinking and not “removing file”. While we unlink the file two or three things will happen:\n  \n  \n  We will remove an entry in the directory with the filename.\n  \n  We will decrease a file reference count (in inode).\n  \n  If links go to zero - the file will be removed from the disk (again this doesn't mean that the blocks from the disk will be filled with zeros, though this may happen depending on the file system and configuration. However, in most cases this means that the file system will mark those blocks to as free and use them to write new data later\n  This mostly means that “removing file” from a directory is an operation on the directory and not on the file (inode) itself.\n  Another interesting subject is what happens if our system will perform only first or second step from the list. This depends on the file system and this is also something we will leave for another time.\n  The problem with the unlink and even unlinkat function is that we don’t have any guarantee of which file we really are unlinking.\n  \n  \n  \n  When you delete a file using its name, you have no guarantee that someone has not already deleted the file, or renamed it, and created a new file with the name you are about to delete.\n  We have some stats about the file that we want to unlink. We performed some tests. In the same time another process removed our file and recreated it. When we finally try to remove our file it is no longer the same file. It’s a classic race condition.\n  \n  Many programs will perform checks before trying to remove a file, to make sure it is the correct file, that you have the correct permissions etc. However this exposes the ‘Time-of-Check / Time-of-Use’ class of bugs. I check if the file I am about to remove is the one I created yesterday, it is, so I call unlink() on it. However, between when I checked the date on the file, and when I call unlink, I, some program I am running, might have updated the file. Or a malicious user might have put some other file at that name, so I would be the one who deleted it.\n  In Unix-like operating systems we can get a handle for our file called file - a descriptor. File descriptors guarantee us that all the operations that we will be performing on it are done on the same file (inode). Even if someone was to unlink a number of directories entries, the operating system will not free the structures behind the file descriptor, and we can detect the file that was removed by someone and recreated (or just unlinked). So, for example, we have an alternative functions fstat which allows us to get file status of the given descriptor\n  We already know that the file may have many links on the disk which point to the single inode. What happens when we open the file? Simplifying: kernel creates a memory representation of the inode (the inode itself is stored on the disk) called vnode. This single representation is used by all processes to refer the inode to the disk. If in a process we open the same file (inode) using different names (for example through hard links) all those files will be linked to the single vnode. That means that the pathname is not stored in the kernel.\n  This is basically the reason why we don’t have a funlink function so that instead of the path we are providing just the file descriptor to the file. If we performed the fdunlink syscall, the kernel wouldn’t know which directory entry you would like to remove. Another problem is more architectural: as we discussed earlier unlinking is really an operation on the directory not on the file (inode) itself, so using funlink(fd) may create some confusion because we are not removing the inode corresponding to the file descriptor, we are performing action on the directory which points to the file.\n  After some discussion we decided that the only sensible option for FreeBSD would be to create a funlinkat() function. This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor.\n  int funlinkat(int dfd, const char *path, int fd, int flags);\n  The API above will check if the path opened relative to the dfd points to the same vnode. Thanks to that we removed a race condition because all those sanitary checks are performed in the kernel mode while the file system is locked and there is no possibility to change it.\n  The fd parameter may be set to the FD_NONE value which will mean that the sanitary check should not be performed and funlinkat will behave just like unlinkat.\n  As you can notice I often refer to the unlink syscall but at the end the APIs looks like unlinkat syscall. It is true that the unlink syscall is very old and kind of deprecated. That said I referred to unlink because it’s just simpler. These days unlink simply uses the same code as unlinkat.\n  \n  \n  \n  \n\n\nUsing an OpenBSD Router with AT\u0026amp;T U-Verse\n\n\n  I upgraded to AT\u0026amp;T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over.\n  Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.\n  \n  \n\n\nNews Roundup\n\nHow to use NetBSD on a Raspberry Pi\n\n\n  Do you have an old Raspberry Pi lying around gathering dust, maybe after a recent Pi upgrade? Are you curious about BSD Unix? If you answered \"yes\" to both of these questions, you'll be pleased to know that the first is the solution to the second, because you can run NetBSD, as far back as the very first release, on a Raspberry Pi.\n  BSD is the Berkley Software Distribution of Unix. In fact, it's the only open source Unix with direct lineage back to the original source code written by Dennis Ritchie and Ken Thompson at Bell Labs. Other modern versions are either proprietary (such as AIX and Solaris) or clever re-implementations (such as Minix and GNU/Linux). If you're used to Linux, you'll feel mostly right at home with BSD, but there are plenty of new commands and conventions to discover. If you're still relatively new to open source, trying BSD is a good way to experience a traditional Unix.\n  Admittedly, NetBSD isn't an operating system that's perfectly suited for the Pi. It's a minimal install compared to many Linux distributions designed specifically for the Pi, and not all components of recent Pi models are functional under NetBSD yet. However, it's arguably an ideal OS for the older Pi models, since it's lightweight and lovingly maintained. And if nothing else, it's a lot of fun for any die-hard Unix geek to experience another side of the POSIX world.\n  \n  \n\n\nZFS Encryption is still under development (as of March 2019)\n\n\n  One of the big upcoming features that a bunch of people are looking forward to in ZFS is natively encrypted filesystems. This is already in the main development tree of ZFS On Linux, will likely propagate to FreeBSD (since FreeBSD ZFS will be based on ZoL), and will make it to Illumos if the Illumos people want to pull it in. People are looking forward to native encryption so much, in fact, that some of them have started using it in ZFS On Linux already, using either the development tip or one of the 0.8.0 release candidate pre-releases (ZoL is up to 0.8.0-rc3 as of now). People either doing this or planning to do this show up on the ZoL mailing list every so often.\n  \n  \n  CFT for FreeBSD + ZoL\n  \n  \n  \n\n\nTutorial On Rump Kernel Servers and Clients\n\n\n  The rump anykernel architecture allows to run highly componentized kernel code configurations in userspace processes. Coupled with the rump sysproxy facility it is possible to run loosely distributed client-server \"mini-operating systems\". Since there is minimum configuration and the bootstrap time is measured in milliseconds, these environments are very cheap to set up, use, and tear down on-demand.\n  This document acts as a tutorial on how to configure and use unmodified NetBSD kernel drivers as userspace services with utilities available from the NetBSD base system. As part of this, it presents various use cases. One uses the kernel cryptographic disk driver (cgd) to encrypt a partition. Another one demonstrates how to operate an FFS server for editing the contents of a file system even though your user account does not have privileges to use the host's mount() system call. Additionally, using a userspace TCP/IP server with an unmodified web browser is detailed.\n  \n  \n\n\nInstalling Snort on OpenBSD 6.4\n\n\n  As you may recall from previous posts, I am running an OpenBSD server on an APU2 air-cooled 3 Intel NIC box as my router/firewall for my secure home network.  Given that all of my Internet traffic flows through this box, I thought it would be a cool idea to run an Intrusion Detection System (IDS) on it.  Snort is the big hog of the open source world so I took a peek in the packages directory on one of the mirrors and lo and behold we have the latest \u0026amp; greatest version of Snort available!  Thanks devs!!!\n  I did some quick Googling and didn’t find much “modern” howto help out there so, after some trial and error, I have it up and running.  I thought I’d give back in a small way and share a quickie howto for other Googlers out there who are looking for guidance.  Here’s hoping that my title is good enough “SEO” to get you here! \n  \n  \n\n\nBeastie Bits\n\n\nos108\n\nAT\u0026amp;T Archives: The UNIX Operating System\n\nhttpd(8): Adapt to industry wide current best security practices\n\nQuotes From A Book That Bashes Unix\n\nOpenBSD QA wiki\n\n\n\n\nFeedback/Questions\n\n\nMalcolm - Laptop Experience : Dell XPS 13\n\nDJ - Feedback\n\nAlex - GhostBSD and Wifi : FIXED\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eIntroducing funlinkat(), an OpenBSD Router with AT\u0026amp;T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.\u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"introducingfunlinkathttpsoshogbovexilliumorgblog63\"\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/63/\"\u003eIntroducing funlinkat\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt turns out, every file you have ever deleted on a unix machine was probably susceptible to a race condition\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOne of the first syscalls which was created in Unix-like systems is unlink. In FreeBSD this syscall is number 10 (source) and in Linux, the number is dependent on the architecture but for most of them is also the tenth syscall (source). This indicated that this is one of the primary syscalls. The unlink syscall is very simple and we provide one single path to the file that we want to remove.\n  The “removing file” process itself is very interesting so let’s spend a moment to understand the it. First, by removing the file we are removing a link from the directory to it. In Unix-like systems we can have many links to a single file (hard links). When we remove all links to the file, the file system will mark the blocks used by the file as free (a different file system will behave differently but let’s not jump into a second digression). This is why the process is called unlinking and not “removing file”. While we unlink the file two or three things will happen:\u003c/p\u003e\n  \n  \u003cul\u003e\n  \u003cli\u003eWe will remove an entry in the directory with the filename.\u003c/li\u003e\n  \n  \u003cli\u003eWe will decrease a file reference count (in inode).\u003c/li\u003e\n  \n  \u003cli\u003eIf links go to zero - the file will be removed from the disk (again this doesn't mean that the blocks from the disk will be filled with zeros, though this may happen depending on the file system and configuration. However, in most cases this means that the file system will mark those blocks to as free and use them to write new data later\n  This mostly means that “removing file” from a directory is an operation on the directory and not on the file (inode) itself.\n  Another interesting subject is what happens if our system will perform only first or second step from the list. This depends on the file system and this is also something we will leave for another time.\n  The problem with the unlink and even unlinkat function is that we don’t have any guarantee of which file we really are unlinking.\n  \n  \n  \u003cul\u003e\n  \u003cli\u003eWhen you delete a file using its name, you have no guarantee that someone has not already deleted the file, or renamed it, and created a new file with the name you are about to delete.\n  We have some stats about the file that we want to unlink. We performed some tests. In the same time another process removed our file and recreated it. When we finally try to remove our file it is no longer the same file. It’s a classic race condition.\u003c/li\u003e\n  \n  \u003cli\u003eMany programs will perform checks before trying to remove a file, to make sure it is the correct file, that you have the correct permissions etc. However this exposes the ‘Time-of-Check / Time-of-Use’ class of bugs. I check if the file I am about to remove is the one I created yesterday, it is, so I call unlink() on it. However, between when I checked the date on the file, and when I call unlink, I, some program I am running, might have updated the file. Or a malicious user might have put some other file at that name, so I would be the one who deleted it.\n  In Unix-like operating systems we can get a handle for our file called file - a descriptor. File descriptors guarantee us that all the operations that we will be performing on it are done on the same file (inode). Even if someone was to unlink a number of directories entries, the operating system will not free the structures behind the file descriptor, and we can detect the file that was removed by someone and recreated (or just unlinked). So, for example, we have an alternative functions fstat which allows us to get file status of the given descriptor\n  We already know that the file may have many links on the disk which point to the single inode. What happens when we open the file? Simplifying: kernel creates a memory representation of the inode (the inode itself is stored on the disk) called vnode. This single representation is used by all processes to refer the inode to the disk. If in a process we open the same file (inode) using different names (for example through hard links) all those files will be linked to the single vnode. That means that the pathname is not stored in the kernel.\n  This is basically the reason why we don’t have a funlink function so that instead of the path we are providing just the file descriptor to the file. If we performed the fdunlink syscall, the kernel wouldn’t know which directory entry you would like to remove. Another problem is more architectural: as we discussed earlier unlinking is really an operation on the directory not on the file (inode) itself, so using funlink(fd) may create some confusion because we are not removing the inode corresponding to the file descriptor, we are performing action on the directory which points to the file.\n  After some discussion we decided that the only sensible option for FreeBSD would be to create a funlinkat() function. This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor.\n  int funlinkat(int dfd, const char *path, int fd, int flags);\n  The API above will check if the path opened relative to the dfd points to the same vnode. Thanks to that we removed a race condition because all those sanitary checks are performed in the kernel mode while the file system is locked and there is no possibility to change it.\n  The fd parameter may be set to the FD_NONE value which will mean that the sanitary check should not be performed and funlinkat will behave just like unlinkat.\n  As you can notice I often refer to the unlink syscall but at the end the APIs looks like unlinkat syscall. It is true that the unlink syscall is very old and kind of deprecated. That said I referred to unlink because it’s just simpler. These days unlink simply uses the same code as unlinkat.\u003c/li\u003e\u003c/ul\u003e\n  \u003c/li\u003e\n  \u003c/ul\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"usinganopenbsdrouterwithattuversehttpsjcsorg20190321uverse\"\u003e\u003ca href=\"https://jcs.org/2019/03/21/uverse\"\u003eUsing an OpenBSD Router with AT\u0026amp;T U-Verse\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI upgraded to AT\u0026amp;T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over.\n  Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"howtousenetbsdonaraspberrypihttpsopensourcecomarticle193netbsdraspberrypi\"\u003e\u003ca href=\"https://opensource.com/article/19/3/netbsd-raspberry-pi\"\u003eHow to use NetBSD on a Raspberry Pi\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eDo you have an old Raspberry Pi lying around gathering dust, maybe after a recent Pi upgrade? Are you curious about BSD Unix? If you answered \"yes\" to both of these questions, you'll be pleased to know that the first is the solution to the second, because you can run NetBSD, as far back as the very first release, on a Raspberry Pi.\n  BSD is the Berkley Software Distribution of Unix. In fact, it's the only open source Unix with direct lineage back to the original source code written by Dennis Ritchie and Ken Thompson at Bell Labs. Other modern versions are either proprietary (such as AIX and Solaris) or clever re-implementations (such as Minix and GNU/Linux). If you're used to Linux, you'll feel mostly right at home with BSD, but there are plenty of new commands and conventions to discover. If you're still relatively new to open source, trying BSD is a good way to experience a traditional Unix.\n  Admittedly, NetBSD isn't an operating system that's perfectly suited for the Pi. It's a minimal install compared to many Linux distributions designed specifically for the Pi, and not all components of recent Pi models are functional under NetBSD yet. However, it's arguably an ideal OS for the older Pi models, since it's lightweight and lovingly maintained. And if nothing else, it's a lot of fun for any die-hard Unix geek to experience another side of the POSIX world.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"zfsencryptionisstillunderdevelopmentasofmarch2019httpsutccutorontocatcksspacebloglinuxzfsencryptionnotready\"\u003e\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/linux/ZFSEncryptionNotReady\"\u003eZFS Encryption is still under development (as of March 2019)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOne of the big upcoming features that a bunch of people are looking forward to in ZFS is natively encrypted filesystems. This is already in the main development tree of ZFS On Linux, will likely propagate to FreeBSD (since FreeBSD ZFS will be based on ZoL), and will make it to Illumos if the Illumos people want to pull it in. People are looking forward to native encryption so much, in fact, that some of them have started using it in ZFS On Linux already, using either the development tip or one of the 0.8.0 release candidate pre-releases (ZoL is up to 0.8.0-rc3 as of now). People either doing this or planning to do this show up on the ZoL mailing list every so often.\u003c/p\u003e\n  \n  \u003cul\u003e\n  \u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2019-April/090915.html\"\u003eCFT for FreeBSD + ZoL\u003c/a\u003e\u003c/li\u003e\n  \u003c/ul\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"tutorialonrumpkernelserversandclientshttpswwwnetbsdorgdocsrumpsptuthtml\"\u003e\u003ca href=\"https://www.netbsd.org/docs/rump/sptut.html\"\u003eTutorial On Rump Kernel Servers and Clients\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe rump anykernel architecture allows to run highly componentized kernel code configurations in userspace processes. Coupled with the rump sysproxy facility it is possible to run loosely distributed client-server \"mini-operating systems\". Since there is minimum configuration and the bootstrap time is measured in milliseconds, these environments are very cheap to set up, use, and tear down on-demand.\n  This document acts as a tutorial on how to configure and use unmodified NetBSD kernel drivers as userspace services with utilities available from the NetBSD base system. As part of this, it presents various use cases. One uses the kernel cryptographic disk driver (cgd) to encrypt a partition. Another one demonstrates how to operate an FFS server for editing the contents of a file system even though your user account does not have privileges to use the host's mount() system call. Additionally, using a userspace TCP/IP server with an unmodified web browser is detailed.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"installingsnortonopenbsd64httpsfunctionallyparanoidcom20190318installingsnortonopenbsd64\"\u003e\u003ca href=\"https://functionallyparanoid.com/2019/03/18/installing-snort-on-openbsd-6-4/\"\u003eInstalling Snort on OpenBSD 6.4\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAs you may recall from previous posts, I am running an OpenBSD server on an APU2 air-cooled 3 Intel NIC box as my router/firewall for my secure home network.  Given that all of my Internet traffic flows through this box, I thought it would be a cool idea to run an Intrusion Detection System (IDS) on it.  Snort is the big hog of the open source world so I took a peek in the packages directory on one of the mirrors and lo and behold we have the latest \u0026amp; greatest version of Snort available!  Thanks devs!!!\n  I did some quick Googling and didn’t find much “modern” howto help out there so, after some trial and error, I have it up and running.  I thought I’d give back in a small way and share a quickie howto for other Googlers out there who are looking for guidance.  Here’s hoping that my title is good enough “SEO” to get you here! \u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://os108.org/\"\u003eos108\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=tc4ROCJYbm0\u0026amp;feature=youtu.be\"\u003eAT\u0026amp;T Archives: The UNIX Operating System\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026amp;m=155407864604288\u0026amp;w=2\"\u003ehttpd(8): Adapt to industry wide current best security practices\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://codesmithdev.com/quotes-from-a-book-that-bashes-unix/\"\u003eQuotes From A Book That Bashes Unix\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://github.com/ligurio/openbsd-tests/wiki\"\u003eOpenBSD QA wiki\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/1AFFTNJ\"\u003eLaptop Experience : Dell XPS 13\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eDJ - \u003ca href=\"http://dpaste.com/0V74SZC#wrap\"\u003eFeedback\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eAlex - \u003ca href=\"http://dpaste.com/1WVV1W7\"\u003eGhostBSD and Wifi : FIXED\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0295.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Introducing funlinkat(), an OpenBSD Router with AT\u0026T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.","date_published":"2019-04-25T16:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f856e52d-1f51-46e1-9dd9-658045523279.mp3","mime_type":"audio/mp3","size_in_bytes":37143014,"duration_in_seconds":3662}]},{"id":"b1d75436-414e-48d2-bc93-a09aae8e7d82","title":"294: The SSH Tarpit","url":"https://www.bsdnow.tv/294","content_text":"A PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more.\n\nHeadlines\n\nA Pi-Powered Plan 9 Cluster\n\n\n  Plan 9 from Bell Labs comes from the same stable as the UNIX operating system, which of course Linux was designed after, and Apple’s OS X runs on top of a certified UNIX operating system. Just like UNIX, Plan 9 was developed as a research O/S — a vehicle for trying out new concepts — with it building on key UNIX principles and taking the idea of devices are just files even further.\n  In this post, we take a quick look at the Plan 9 O/S and some of the notable features, before moving on to the construction of a self-contained 4-node Raspberry Pi cluster that will provide a compact platform for experimentation.\n  \n  \n\n\nEndlessh: an SSH Tarpit\n\n\n  I’m a big fan of tarpits: a network service that intentionally inserts delays in its protocol, slowing down clients by forcing them to wait. This arrests the speed at which a bad actor can attack or probe the host system, and it ties up some of the attacker’s resources that might otherwise be spent attacking another host. When done well, a tarpit imposes more cost on the attacker than the defender.\n  The Internet is a very hostile place, and anyone who’s ever stood up an Internet-facing IPv4 host has witnessed the immediate and continuous attacks against their server. I’ve maintained such a server for nearly six years now, and more than 99% of my incoming traffic has ill intent. One part of my defenses has been tarpits in various forms.\n  \n  \n\n\nNews Roundup\n\nrdist(1) – when Ansible is too much\n\n\n  The post written about rdist(1) on johan.huldtgren.com sparked\n  us to write one as well. It's a great, underappreciated, tool. And we wanted to show how we wrapped doas(1) around it.\n  There are two services in our infrastructure for which we were looking to keep the configuration in sync and to reload the process when the configuration had indeed changed. There is a pair of nsd(8)/unbound(8) hosts and a pair of hosts running relayd(8)/httpd(8) with carp(4) between them.\n  We didn't have a requirement to go full configuration management with tools like Ansible or Salt Stack. And there wasn't any interest in building additional logic on top of rsync or repositories. \u0026gt; Enter rdist(1), rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing.\n  \n  \n\n\nFalling in love with OpenBSD again\n\n\n  I was checking the other day and was appalled at how long it has been since I posted here.  I had been working a job during 2018 that had me traveling 3,600 miles by air every week so that is at least a viable excuse.\n  So what is my latest project?  I wanted to get something better than the clunky old T500 “freedom laptop” that I could use as my daily driver.  Some background here.  My first paid gig as a programmer was on SunOS 4 (predecessor to Solaris) and Ultrix (on a DEC MicroVAX).  I went from there to a Commodore Amiga (preemptive multitasking in 1985!).  I went from there to OS/2 (I know, patron saint of lost causes) and then finally decided to “sell out” and move to Windows as the path of least resistance in the mid 90’s.\n  My wife bought me an iPod literally just as they started working with computers other than Macs and I watched with fascination as Apple made the big gamble and moved away from PowerPC chips to Intel.  That was the beginning of the Apple Fan Boi years for me.  My gateway drug was a G4 MacMini and I managed somehow to get in on the pre-production, developer build of an Intel-based Mac.  I was quite happy on the platform until about three years ago.\n  \n  \n\n\nHow I Created My First FreeBSD Port\n\n\n  I created my first FreeBSD port recently. I found that FreeBSD didn't have a port for GoCD, which is a continuous integration and continuous deployment (CI/CD) system. This was a great opportunity to learn how to build a FreeBSD port while also contributing back to the community\n  \n  \n\n\nThe Tilde Institute of OpenBSD Education\n\n\n  Welcome to tilde.institute! This is an OpenBSD machine whose purpose is to provide a space in the tildeverse for experimentation with and education of the OpenBSD operating system. A variety of editors, shells, and compilers are installed to allow for development in a native OpenBSD environment. OpenBSD's httpd(8) is configured with slowcgi(8) as the fastcgi provider and sqlite3 available. This allows users to experiment with web development using compiled CGI in C, aka the BCHS Stack. In addition to php7.0 and mysql (mariadb) by request, this provides an environment where the development of complex web apps is possible.\n  \n  \n\n\nBeastie Bits\n\n\nSoloBSD 19.03-STABLE\n\nWireGuard for NetBSD\n\n[NetBSD - Removing PF](https://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html\n)\n\nWhat does the N in nmake stand for?\n\nA Map of the Internet from May 1973\n\nNSA-B-Gone : A sketchy hardware security device for your x220\n\n\n\n\nFeedback/Questions\n\n\nJake - A single jail as a VPN client\n\nMatt - Surprising BSD Features\n\ncia - Routing and ZFS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eA PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more.\u003c/p\u003e\n\n\u003ch2 id=\"headlines\"\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3 id=\"apipoweredplan9clusterhttpswwwrsonlinecomdesignsparkapipoweredplan9cluster\"\u003e\u003ca href=\"https://www.rs-online.com/designspark/a-pi-powered-plan-9-cluster\"\u003eA Pi-Powered Plan 9 Cluster\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePlan 9 from Bell Labs comes from the same stable as the UNIX operating system, which of course Linux was designed after, and Apple’s OS X runs on top of a certified UNIX operating system. Just like UNIX, Plan 9 was developed as a research O/S — a vehicle for trying out new concepts — with it building on key UNIX principles and taking the idea of devices are just files even further.\n  In this post, we take a quick look at the Plan 9 O/S and some of the notable features, before moving on to the construction of a self-contained 4-node Raspberry Pi cluster that will provide a compact platform for experimentation.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"endlesshansshtarpithttpsnullprogramcomblog20190322\"\u003e\u003ca href=\"https://nullprogram.com/blog/2019/03/22/\"\u003eEndlessh: an SSH Tarpit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI’m a big fan of tarpits: a network service that intentionally inserts delays in its protocol, slowing down clients by forcing them to wait. This arrests the speed at which a bad actor can attack or probe the host system, and it ties up some of the attacker’s resources that might otherwise be spent attacking another host. When done well, a tarpit imposes more cost on the attacker than the defender.\n  The Internet is a very hostile place, and anyone who’s ever stood up an Internet-facing IPv4 host has witnessed the immediate and continuous attacks against their server. I’ve maintained such a server for nearly six years now, and more than 99% of my incoming traffic has ill intent. One part of my defenses has been tarpits in various forms.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2 id=\"newsroundup\"\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3 id=\"rdist1whenansibleistoomuchhttpschargenoneobsdamsrdist1whenansibleistoomuch\"\u003e\u003ca href=\"https://chargen.one/obsdams/rdist-1-when-ansible-is-too-much\"\u003erdist(1) – when Ansible is too much\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe post written about rdist(1) on johan.huldtgren.com sparked\n  us to write one as well. It's a great, underappreciated, tool. And we wanted to show how we wrapped doas(1) around it.\n  There are two services in our infrastructure for which we were looking to keep the configuration in sync and to reload the process when the configuration had indeed changed. There is a pair of nsd(8)/unbound(8) hosts and a pair of hosts running relayd(8)/httpd(8) with carp(4) between them.\n  We didn't have a requirement to go full configuration management with tools like Ansible or Salt Stack. And there wasn't any interest in building additional logic on top of rsync or repositories. \u003e Enter rdist(1), rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"fallinginlovewithopenbsdagainhttpsfunctionallyparanoidcom20190313wellitsbeenawhilefallinginlovewithopenbsdagain\"\u003e\u003ca href=\"https://functionallyparanoid.com/2019/03/13/well-its-been-a-while-falling-in-love-with-openbsd-again/\"\u003eFalling in love with OpenBSD again\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI was checking the other day and was appalled at how long it has been since I posted here.  I had been working a job during 2018 that had me traveling 3,600 miles by air every week so that is at least a viable excuse.\n  So what is my latest project?  I wanted to get something better than the clunky old T500 “freedom laptop” that I could use as my daily driver.  Some background here.  My first paid gig as a programmer was on SunOS 4 (predecessor to Solaris) and Ultrix (on a DEC MicroVAX).  I went from there to a Commodore Amiga (preemptive multitasking in 1985!).  I went from there to OS/2 (I know, patron saint of lost causes) and then finally decided to “sell out” and move to Windows as the path of least resistance in the mid 90’s.\n  My wife bought me an iPod literally just as they started working with computers other than Macs and I watched with fascination as Apple made the big gamble and moved away from PowerPC chips to Intel.  That was the beginning of the Apple Fan Boi years for me.  My gateway drug was a G4 MacMini and I managed somehow to get in on the pre-production, developer build of an Intel-based Mac.  I was quite happy on the platform until about three years ago.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"howicreatedmyfirstfreebsdporthttpsaikchardevbloghowicreatedmyfirstfreebsdporthtml\"\u003e\u003ca href=\"https://aikchar.dev/blog/how-i-created-my-first-freebsd-port.html\"\u003eHow I Created My First FreeBSD Port\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI created my first FreeBSD port recently. I found that FreeBSD didn't have a port for GoCD, which is a continuous integration and continuous deployment (CI/CD) system. This was a great opportunity to learn how to build a FreeBSD port while also contributing back to the community\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3 id=\"thetildeinstituteofopenbsdeducationhttpstildeinstitute\"\u003e\u003ca href=\"https://tilde.institute/\"\u003eThe Tilde Institute of OpenBSD Education\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWelcome to tilde.institute! This is an OpenBSD machine whose purpose is to provide a space in the tildeverse for experimentation with and education of the OpenBSD operating system. A variety of editors, shells, and compilers are installed to allow for development in a native OpenBSD environment. OpenBSD's httpd(8) is configured with slowcgi(8) as the fastcgi provider and sqlite3 available. This allows users to experiment with web development using compiled CGI in C, aka the BCHS Stack. In addition to php7.0 and mysql (mariadb) by request, this provides an environment where the development of complex web apps is possible.\u003c/p\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2 id=\"beastiebits\"\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.solobsd.org/index.php/2019/03/26/solobsd-19-03-stable/\"\u003eSoloBSD 19.03-STABLE\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://docs.google.com/presentation/d/1BbveYtY9IhuPCOLsEafwXMefkiY3REJBYl-opMAKQC0/edit#slide=id.p\"\u003eWireGuard for NetBSD\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e[NetBSD - Removing PF](https://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html\n)\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://devblogs.microsoft.com/oldnewthing/20190325-00/?p=102359\"\u003eWhat does the N in nmake stand for?\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://kottke.org/19/03/a-map-of-the-internet-from-may-1973\"\u003eA Map of the Internet from May 1973\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003e\u003ca href=\"https://hackaday.io/project/164343-nsa-b-gone\"\u003eNSA-B-Gone : A sketchy hardware security device for your x220\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2 id=\"feedbackquestions\"\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJake - \u003ca href=\"http://dpaste.com/1Y22ZJM\"\u003eA single jail as a VPN client\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003eMatt - \u003ca href=\"http://dpaste.com/2FAFC3A#wrap\"\u003eSurprising BSD Features\u003c/a\u003e\u003c/li\u003e\n\n\u003cli\u003ecia - \u003ca href=\"http://dpaste.com/2T4J7G3\"\u003eRouting and ZFS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0294.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"A PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more.","date_published":"2019-04-18T12:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b1d75436-414e-48d2-bc93-a09aae8e7d82.mp3","mime_type":"audio/mp3","size_in_bytes":34751503,"duration_in_seconds":3423}]},{"id":"ca87df46-31a6-4c71-883e-e34d10e4fd2d","title":"293: Booking Jails","url":"https://www.bsdnow.tv/293","content_text":"This week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.\n\n###Interview - Michael W. Lucas  - mwl@mwl.io / @mwlauthor\nFreeBSD Mastery: Jails\n\n\nBR: Welcome back to the show and congratulations on your latest book. How many books did you have to write before you could start on FreeBSD Mastery: Jails?\nAJ: How much research did you have to do about jails?\nBR: The book talks about something called ‘incomplete’ jails. What do you mean by that?\nAJ: There are a lot of jail management frameworks out there. Why did you chose to write about iocage in the book?\nBR: How many jails do you run yourself?\nAJ: Can you tell us a bit about how you handle book sponsorship these days?\nBR: What other books (fiction and non-fiction) are you currently working on?\nAJ: Which talks are you looking forward to attend at the upcoming BSDCan conference?\nBR: How is the BSD user group going?\nAJ: Anything else you’d like to mention before we release you from our interview jail cell?\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eThis week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.\u003c/p\u003e\n\n\u003cp\u003e###Interview - Michael W. Lucas  - \u003ca href=\"mailto:mwl@mwl.io\"\u003emwl@mwl.io\u003c/a\u003e / \u003ca href=\"https://twitter.com/mwlauthor\"\u003e@mwlauthor\u003c/a\u003e\u003cbr\u003e\nFreeBSD Mastery: Jails\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBR: Welcome back to the show and congratulations on your latest book. How many books did you have to write before you could start on FreeBSD Mastery: Jails?\u003c/li\u003e\n\u003cli\u003eAJ: How much research did you have to do about jails?\u003c/li\u003e\n\u003cli\u003eBR: The book talks about something called ‘incomplete’ jails. What do you mean by that?\u003c/li\u003e\n\u003cli\u003eAJ: There are a lot of jail management frameworks out there. Why did you chose to write about iocage in the book?\u003c/li\u003e\n\u003cli\u003eBR: How many jails do you run yourself?\u003c/li\u003e\n\u003cli\u003eAJ: Can you tell us a bit about how you handle book sponsorship these days?\u003c/li\u003e\n\u003cli\u003eBR: What other books (fiction and non-fiction) are you currently working on?\u003c/li\u003e\n\u003cli\u003eAJ: Which talks are you looking forward to attend at the upcoming BSDCan conference?\u003c/li\u003e\n\u003cli\u003eBR: How is the BSD user group going?\u003c/li\u003e\n\u003cli\u003eAJ: Anything else you’d like to mention before we release you from our interview jail cell?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0293.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"This week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.","date_published":"2019-04-11T12:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ca87df46-31a6-4c71-883e-e34d10e4fd2d.mp3","mime_type":"audio/mp3","size_in_bytes":46528143,"duration_in_seconds":4601}]},{"id":"6f743ea3-0e96-445c-a46e-944f1a62450b","title":"292: AsiaBSDcon 2019 Recap","url":"https://www.bsdnow.tv/292","content_text":"FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.\n\n##Headlines\n###AsiaBSDcon 2019 recap\n\n\nBoth Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials.\nBenedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit.\nOn the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests.\nOn the third day, Hiroki Sato officially opened the paper session and then people went into individual talks.\nBenedict attended\n\nAdventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel\nVadot\n\n\n\n\n\npowerpc64 architecture support in FreeBSD ports by Piotr Kubaj\nManaging System Images with ZFS by Allan Jude\nFreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz\nSecurity Fantasies and Realities for the BSDs by George V.\nNeville-Neil\nZRouter: Remote update of firmware by Hiroki Mori\nImproving security of the FreeBSD boot process by Marcin Wojtas\n\n\n\nAllan attended\n\nAdventures in DRMland by Emmanuel Vadot\nIntel HAXM by Kamil Rytarowski\nBSD Solutions in Australian NGOs\nContainer Migration on FreeBSD by Yuhei Takagawa\nSecurity Fantasies and Realities for the BSDs by George Neville-Neil\n\n\n\n\n\nZRouter: Remote update of firmware by Hiroki Mori\nImproving security of the FreeBSD boot process by Marcin Wojtas\n\n\n\nWhen not in talks, time was spent in the hallway track and conversations would often continue over dinner.\nStay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan.\n\n\n###FreeBSD Quarterly Status Report - Fourth Quarter 2018\n\n\nSince we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered:\ni386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves.\nAdditionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group.\nWe would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having.\n\n\n\n\n###GhostBSD: A Solid Linux-Like Open Source Alternative\n\n\nThe subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms.\nGhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface.\nI stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest.\nIn last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux.\nGhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes.\nKeep reading to find out what piqued my excitement about Linux-like GhostBSD.\n\n\n\n\n##News Roundup\n###SPARCbook 3000ST - The coolest 90s laptop\n\n\nA few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s).\nSun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s.\n\n\n\n\n###OpenSSH 8.0 Releasing With Quantum Computing Resistant Keys\n\n\nOpenSSH 7.9 came out with a host of bug fixes  last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems.\n\n\n\nhttps://twitter.com/damienmiller/status/1111416334737244160\n\n\n\nBetter Security\nCopying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway.  OpenSSH advises against it:\n“The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.”\n\n\n\nInteresting new features\n\n\n\nssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.\n\n\n\n\n###Project Trident : 18.12-U8 Available\n\n\nThank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available.\nTo switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release\n\n\n\n\n##Beastie Bits\n\n\nBSD Router Project - Release 1.92\nEuroBSDcon - New Proposals\nFunny UNIX shirt (René Magritte art parody)\n51NB’s Thinkpad X210\nDragonFly: No more gcc50\n“FreeBSD Mastery: Jails” ebook escaping!\nFreeBSD talk at the Augsburger Linux Info Days (german)\n\n\n\n\n##Feedback/Questions\n\n\nDJ - FuguIta Feedback\nMike - Another Good Show\nAlex - GhostBSD and wifi\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://2019.asiabsdcon.org\"\u003eAsiaBSDcon 2019 recap\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBoth Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials.\u003c/li\u003e\n\u003cli\u003eBenedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit.\u003c/li\u003e\n\u003cli\u003eOn the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests.\u003c/li\u003e\n\u003cli\u003eOn the third day, Hiroki Sato officially opened the paper session and then people went into individual talks.\u003c/li\u003e\n\u003cli\u003eBenedict attended\n\u003cblockquote\u003e\n\u003cp\u003eAdventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel\u003cbr\u003e\nVadot\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epowerpc64 architecture support in FreeBSD ports by Piotr Kubaj\u003cbr\u003e\nManaging System Images with ZFS by Allan Jude\u003cbr\u003e\nFreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz\u003cbr\u003e\n\u003ca href=\"https://www.youtube.com/watch?v=7kShjboN6ek\"\u003eSecurity Fantasies and Realities for the BSDs by George V.\u003cbr\u003e\nNeville-Neil\u003c/a\u003e\u003cbr\u003e\nZRouter: Remote update of firmware by Hiroki Mori\u003cbr\u003e\nImproving security of the FreeBSD boot process by Marcin Wojtas\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAllan attended\n\u003cblockquote\u003e\n\u003cp\u003eAdventures in DRMland by Emmanuel Vadot\u003cbr\u003e\nIntel HAXM by Kamil Rytarowski\u003cbr\u003e\nBSD Solutions in Australian NGOs\u003cbr\u003e\nContainer Migration on FreeBSD by Yuhei Takagawa\u003cbr\u003e\nSecurity Fantasies and Realities for the BSDs by George Neville-Neil\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZRouter: Remote update of firmware by Hiroki Mori\u003cbr\u003e\nImproving security of the FreeBSD boot process by Marcin Wojtas\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhen not in talks, time was spent in the hallway track and conversations would often continue over dinner.\u003c/li\u003e\n\u003cli\u003eStay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e###\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2019-March/001871.html\"\u003eFreeBSD Quarterly Status Report - Fourth Quarter 2018\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered:\u003cbr\u003e\ni386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves.\u003cbr\u003e\nAdditionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group.\u003cbr\u003e\nWe would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.linuxinsider.com/story/GhostBSD-A-Solid-Linux-Like-Open-Source-Alternative-85859.html\"\u003eGhostBSD: A Solid Linux-Like Open Source Alternative\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms.\u003cbr\u003e\nGhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface.\u003cbr\u003e\nI stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest.\u003cbr\u003e\nIn last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux.\u003cbr\u003e\nGhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes.\u003cbr\u003e\nKeep reading to find out what piqued my excitement about Linux-like GhostBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"http://triosdevelopers.com/jason.eckert/blog/Entries/2019/3/14_SPARCbook_3000ST_-_The_coolest_90s_laptop.html\"\u003eSPARCbook 3000ST - The coolest 90s laptop\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s).\u003cbr\u003e\nSun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://codesmithdev.com/openssh-8-0-releasing-with-quantum-computing-resistant-keys/\"\u003eOpenSSH 8.0 Releasing With Quantum Computing Resistant Keys\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenSSH 7.9 came out with a host of bug fixes  last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/damienmiller/status/1111416334737244160\"\u003ehttps://twitter.com/damienmiller/status/1111416334737244160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBetter Security\u003cbr\u003e\nCopying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway.  OpenSSH advises against it:\u003cbr\u003e\n“The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInteresting new features\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003essh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://project-trident.org/post/2019-03-29_18.12-u8_available/\"\u003eProject Trident : 18.12-U8 Available\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available.\u003cbr\u003e\nTo switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.92/\"\u003eBSD Router Project - Release 1.92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://registration.eurobsdcon.org/conferences/2019/program/proposals/new\"\u003eEuroBSDcon - New Proposals\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/unix/comments/b1wyde/funny_unix_shirt_ren%C3%A9_magritte_art_parody/\"\u003eFunny UNIX shirt (René Magritte art parody)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://geoff.greer.fm/2019/03/04/thinkpad-x210/\"\u003e51NB’s Thinkpad X210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/03/26/22703.html\"\u003eDragonFly: No more gcc50\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/4139\"\u003e“FreeBSD Mastery: Jails” ebook escaping!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://frab.luga.de/en/LIT2019/public/events/68\"\u003eFreeBSD talk at the Augsburger Linux Info Days (german)\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eDJ - \u003ca href=\"http://dpaste.com/3ZRJ5DA#wrap\"\u003eFuguIta Feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMike - \u003ca href=\"http://dpaste.com/32TSCH4#wrap\"\u003eAnother Good Show\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlex - \u003ca href=\"http://dpaste.com/34ND6BC#wrap\"\u003eGhostBSD and wifi\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0292.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.","date_published":"2019-04-04T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6f743ea3-0e96-445c-a46e-944f1a62450b.mp3","mime_type":"audio/mp3","size_in_bytes":54434181,"duration_in_seconds":5425}]},{"id":"54559ca9-f84f-4e9e-8323-3a5a0919937f","title":"291: Storage Changes Software","url":"https://www.bsdnow.tv/291","content_text":"Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.\n\n##Headlines\n\n###Tracking a storage issue led to software change\n\n\nEarly last year we completed a massive migration that moved our customers’ hosting data off of a legacy datacenter (that we called FR-SD2) onto several new datacenters (that we call FR-SD3, FR-SD5, and FR-SD6) with much more modern, up-to-date infrastructure.\nThis migration required several changes in both the software and hardware we use, including switching the operating system on our storage units to FreeBSD.\nCurrently, we use the NFS protocol to provide storage and export the filesystems on Simple Hosting, our web hosting service, and the FreeBSD kernel includes an NFS server for just this purpose.\n\n\n\nProblem\n\n\n\nWhile migrating virtual disks of Simple Hosting instances from FR-SD2, we noticed high CPU load spikes on the new storage units.\n\n\n\n\n###What Makes Unix Special\n\n\nEver since Unix burst onto the scene within the early '70s, observers within the pc world have been fast to put in writing it off as a unusual working system designed by and for knowledgeable programmers. Regardless of their proclamations, Unix refuses to die. Means again in 1985, Stewart Cheifet puzzled if Unix would turn out to be the usual working system of the longer term on the PBS present “The Laptop Chronicles,” though MS-DOS was effectively in its heyday. In 2018, it is clear that Unix actually is the usual working system, not on desktop PCs, however on smartphones and tablets.\n\n\n\nWhat Makes Unix Special?\n\n\n\nIt is also the usual system for net servers. The actual fact is, hundreds of thousands of individuals all over the world have interacted with Linux and Unix programs daily, most of whom have by no means written a line of code of their lives.\nSo what makes Unix so beloved by programmers and different techie sorts? Let’s check out a few of issues this working system has going for it. (For some background on Unix, try The Historical past of Unix: From Bell Labs to the iPhone.)\n\n\n\n\n##News Roundup\n###What you need may be “pipeline +Unix commands” only\n\n\nI came across Taco Bell Programming recently, and think this article is worthy to read for every software engineer. The post mentions a scenario which you may consider to use Hadoop to solve but actually xargs may be a simpler and better choice. This reminds me a similar experience: last year a client wanted me to process a data file which has 5 million records. After some investigations, no novel technologies, a concise awk script (less than 10 lines) worked like a charm! What surprised me more is that awk is just a single-thread program, no nifty concurrency involved.\nThe IT field never lacks “new” technologies: cloud computing, big data, high concurrency, etc. However, the thinkings behind these “fancy” words may date back to the era when Unix arose. Unix command line tools are invaluable treasure. In many cases, picking the right components and using pipeline to glue them can satisfy your requirement perfectly. So spending some time in reviewing Unixcommand line manual instead of chasing state-of-the-art techniques exhaustedly, you may gain more.\nBTW, if your data set can be disposed by an awk script, it should not be called “big data”.\n\n\n\nTaco Bell Programming\n\n\n\n\n###Running a bakery on Emacs and PostgreSQL\n\n\nJust over a year ago now, I finally opened the bakery I’d been dreaming of for years. It’s been a big change in my life, from spending all my time sat in front of a computer, to spending most of it making actual stuff. And stuff that makes people happy, at that. It’s been a huge change, but I can’t think of a single job change that’s ever made me as happy as this one.\nOne of the big changes that came with going pro was that suddenly I was having to work out how much stuff I needed to mix to fill the orders I needed. On the face of it, this is really simple, just work out how much dough you need, then work out what quantities to mix to make that much dough. Easy. You can do it with a pencil and paper. Or, in traditional bakers’ fashion, by scrawling with your finger on a floured work bench.\nAnd that’s how I coped for a few weeks early on. But I kept making mistakes, which makes for an inconsistent product (bread is very forgiving, you have to work quite hard to make something that isn’t bread, but consistency matters). I needed to automate.\n\n\n\n\n###The Ultimate Guide To Memorable Tech Talks\n\n\nImagine this. You’re a woman in a male-dominated field. English is not your first language. Even though you’re confident in your engineering work, the thought of public speaking and being recorded for the world to see absolutely terrifies you.\nThat was me, five years ago. Since then, I’ve moved into a successful career in Developer Advocacy and spoken at dozens of technical events in the U.S. and worldwide.\nI think everyone has the ability to deliver stellar conference talks, which is why I took the time to write this post.\n\n\n\nThe Ultimate Guide\n1: Introduction\n2: Choosing a Topic\n3: Writing a Conference Proposal (or CFP)\n4: Tools of the Trade\n5: Planning and Time Estimation\n6: Writing a Talk\n7: Practice and Delivery\n\n\n\n\n###Light-weight Contexts: An OS Abstraction for Safety and Performance (2016)\n\n\nAbstract: “We introduce a new OS abstraction—light-weight con-texts (lwCs)—that provides independent units of protection, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state),isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating different user sessions), and privilege separation (in-process reference monitors can arbitrate and control access).\nlwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclusive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll-back, session isolation, sensitive data isolation, and in-process reference monitoring, using Apache, nginx, PHP,and OpenSSL.”\n\n\n\n\n##Beastie Bits\n\n\nMay 7th - BSD Users Stockholm Meetup #6 \nsysutils/docker-freebsd: Searching for people to help\nCat Tax - Ever wonder what Midnight the cat was like?\nFixing Unix/Linux/POSIX Filenames\nMetasploit on OpenBSD\nRun Your @wn Email Server! with NetBSD\nrdist(1)\nWriting a Book with Unix\n7 Unix Commands Every Data Scientist Should Know\nExplaining Code using ASCII Art\nFreeBSD Aberdeen Hackathon\nFreeBSD Vienna Hackathon\n\n\n\n\n##Feedback/Questions\n\n\n\nMike - FreeBSD Update and Erased EFI files\n\n\nCharles - Volunteer work\n\n\nJake - Bhyve Front Ends\n\n\nWe’ve hit that point where we are running low on your questions, so if you have any questions rolling around in your head that you’ve not thought of to ask yet… send them in!\n\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eStorage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://news.gandi.net/en/2019/03/tracking-a-storage-issue-led-to-software-change/\"\u003eTracking a storage issue led to software change\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEarly last year we completed a massive migration that moved our customers’ hosting data off of a legacy datacenter (that we called FR-SD2) onto several new datacenters (that we call FR-SD3, FR-SD5, and FR-SD6) with much more modern, up-to-date infrastructure.\u003cbr\u003e\nThis migration required several changes in both the software and hardware we use, including switching the operating system on our storage units to FreeBSD.\u003cbr\u003e\nCurrently, we use the NFS protocol to provide storage and export the filesystems on Simple Hosting, our web hosting service, and the FreeBSD kernel includes an NFS server for just this purpose.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eProblem\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile migrating virtual disks of Simple Hosting instances from FR-SD2, we noticed high CPU load spikes on the new storage units.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.softwaredevelopment.site/2019/02/what-makes-unix-special.html\"\u003eWhat Makes Unix Special\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEver since Unix burst onto the scene within the early '70s, observers within the pc world have been fast to put in writing it off as a unusual working system designed by and for knowledgeable programmers. Regardless of their proclamations, Unix refuses to die. Means again in 1985, Stewart Cheifet puzzled if Unix would turn out to be the usual working system of the longer term on the PBS present “The Laptop Chronicles,” though MS-DOS was effectively in its heyday. In 2018, it is clear that Unix actually is the usual working system, not on desktop PCs, however on smartphones and tablets.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat Makes Unix Special?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt is also the usual system for net servers. The actual fact is, hundreds of thousands of individuals all over the world have interacted with Linux and Unix programs daily, most of whom have by no means written a line of code of their lives.\u003cbr\u003e\nSo what makes Unix so beloved by programmers and different techie sorts? Let’s check out a few of issues this working system has going for it. (For some background on Unix, try The Historical past of Unix: From Bell Labs to the iPhone.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://nanxiao.me/en/what-you-need-may-be-pipeline-unix-commands-only/\"\u003eWhat you need may be “pipeline +Unix commands” only\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI came across Taco Bell Programming recently, and think this article is worthy to read for every software engineer. The post mentions a scenario which you may consider to use Hadoop to solve but actually xargs may be a simpler and better choice. This reminds me a similar experience: last year a client wanted me to process a data file which has 5 million records. After some investigations, no novel technologies, a concise awk script (less than 10 lines) worked like a charm! What surprised me more is that awk is just a single-thread program, no nifty concurrency involved.\u003cbr\u003e\nThe IT field never lacks “new” technologies: cloud computing, big data, high concurrency, etc. However, the thinkings behind these “fancy” words may date back to the era when Unix arose. Unix command line tools are invaluable treasure. In many cases, picking the right components and using pipeline to glue them can satisfy your requirement perfectly. So spending some time in reviewing Unixcommand line manual instead of chasing state-of-the-art techniques exhaustedly, you may gain more.\u003cbr\u003e\nBTW, if your data set can be disposed by an awk script, it should not be called “big data”.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://widgetsandshit.com/teddziuba/2010/10/taco-bell-programming.html\"\u003eTaco Bell Programming\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://bofh.org.uk/2019/02/25/baking-with-emacs/\"\u003eRunning a bakery on Emacs and PostgreSQL\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJust over a year ago now, I finally opened the bakery I’d been dreaming of for years. It’s been a big change in my life, from spending all my time sat in front of a computer, to spending most of it making actual stuff. And stuff that makes people happy, at that. It’s been a huge change, but I can’t think of a single job change that’s ever made me as happy as this one.\u003cbr\u003e\nOne of the big changes that came with going pro was that suddenly I was having to work out how much stuff I needed to mix to fill the orders I needed. On the face of it, this is really simple, just work out how much dough you need, then work out what quantities to mix to make that much dough. Easy. You can do it with a pencil and paper. Or, in traditional bakers’ fashion, by scrawling with your finger on a floured work bench.\u003cbr\u003e\nAnd that’s how I coped for a few weeks early on. But I kept making mistakes, which makes for an inconsistent product (bread is very forgiving, you have to work quite hard to make something that isn’t bread, but consistency matters). I needed to automate.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://medium.com/@nnja/the-ultimate-guide-to-memorable-tech-talks-e7c350778d4b\"\u003eThe Ultimate Guide To Memorable Tech Talks\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eImagine this. You’re a woman in a male-dominated field. English is not your first language. Even though you’re confident in your engineering work, the thought of public speaking and being recorded for the world to see absolutely terrifies you.\u003cbr\u003e\nThat was me, five years ago. Since then, I’ve moved into a successful career in Developer Advocacy and spoken at dozens of technical events in the U.S. and worldwide.\u003cbr\u003e\nI think everyone has the ability to deliver stellar conference talks, which is why I took the time to write this post.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Ultimate Guide\u003c/li\u003e\n\u003cli\u003e1: Introduction\u003c/li\u003e\n\u003cli\u003e2: Choosing a Topic\u003c/li\u003e\n\u003cli\u003e3: Writing a Conference Proposal (or CFP)\u003c/li\u003e\n\u003cli\u003e4: Tools of the Trade\u003c/li\u003e\n\u003cli\u003e5: Planning and Time Estimation\u003c/li\u003e\n\u003cli\u003e6: Writing a Talk\u003c/li\u003e\n\u003cli\u003e7: Practice and Delivery\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://people.mpi-sws.org/~druschel/publications/osdi16.pdf\"\u003eLight-weight Contexts: An OS Abstraction for Safety and Performance (2016)\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAbstract: “We introduce a new OS abstraction—light-weight con-texts (lwCs)—that provides independent units of protection, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state),isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating different user sessions), and privilege separation (in-process reference monitors can arbitrate and control access).\u003cbr\u003e\nlwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclusive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll-back, session isolation, sensitive data isolation, and in-process reference monitoring, using Apache, nginx, PHP,and OpenSSL.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/259528492/\"\u003eMay 7th - BSD Users Stockholm Meetup #6 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2019-February/007218.html\"\u003esysutils/docker-freebsd: Searching for people to help\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/midnightbsd/status/1104018684748677122\"\u003eCat Tax - Ever wonder what Midnight the cat was like?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dwheeler.com/essays/fixing-unix-linux-filenames.html\"\u003eFixing Unix/Linux/POSIX Filenames\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://chargen.one/h3artbl33d/metasploit-on-openbsd\"\u003eMetasploit on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://schmonz.com/2019/01/25/devopsdays-nyc-run-your-own-email-server/slides/#1\"\u003eRun Your @wn Email Server! with NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://johan.huldtgren.com/posts/2019/rdist\"\u003erdist(1)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://joecmarshall.com/posts/book-writing-environment/\"\u003eWriting a Book with Unix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://neowaylabs.github.io/programming/unix-shell-for-data-scientists/\"\u003e7 Unix Commands Every Data Scientist Should Know\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.regehr.org/archives/1653\"\u003eExplaining Code using ASCII Art\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/Hackathon/201904\"\u003eFreeBSD Aberdeen Hackathon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/Hackathon/201906\"\u003eFreeBSD Vienna Hackathon\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMike - \u003ca href=\"http://dpaste.com/2405MF1#wrap\"\u003eFreeBSD Update and Erased EFI files\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCharles - \u003ca href=\"http://dpaste.com/2WFTXR2#wrap\"\u003eVolunteer work\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eJake - \u003ca href=\"http://dpaste.com/1AA6C55\"\u003eBhyve Front Ends\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe’ve hit that point where we are running low on your questions, so if you have any questions rolling around in your head that you’ve not thought of to ask yet… send them in!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0291.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.","date_published":"2019-03-28T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/54559ca9-f84f-4e9e-8323-3a5a0919937f.mp3","mime_type":"audio/mp3","size_in_bytes":43826319,"duration_in_seconds":4364}]},{"id":"75bc6dda-ec5d-45fe-adf3-2afde9a7f099","title":"290: Timestamped Notes","url":"https://www.bsdnow.tv/290","content_text":"FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.\n\n##Headlines\n###ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64)\n\n\nWhile I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it.\nWhile the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision.\n\n\n\n\n###Looking at NetBSD from an OpenBSD user perspective\n\n\nI use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective.\n\n\n\nWhat I liked (pros)\nThings I didn’t like (cons)\nConclusion\n\n\n\nSo that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD.\nThat said, I’ll keep using my Puffy OS.\n\n\n\n\n##News Roundup\n###Using Vim to take time-stamped notes\n\n\nI frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started.\nMy first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time.\nThis means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing.\n\n\n\nJohn Baldwin’s notes on bhyve meetings\n\n\n\n\n###OpenBSD 6.5-beta has been tagged\n\n\nIt’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.\n\n\nCVSROOT: /cvs\nModule name: src\nChanges by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41\n\nModified files:\netc/root : root.mail\nshare/mk : sys.mk\nsys/conf : newvers.sh\nsys/sys : ktrace.h param.h\nusr.bin/signify: signify.1\nsys/arch/macppc/stand/tbxidata: bsd.tbxi\n\nLog message:\ncrank to 6.5-beta\n\n\n\n\n###The NetBSD Foundation participating in Google Summer of Code 2019\n\n\nFor the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019!\nIf you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage.\nYou can find a list of projects in Google Summer of Code project proposals in the wiki.\nDo not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists!\n\n\n\n\n###SecBSD: an UNIX-like OS for Hackers\n\n\nSecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.\nA security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.\n\n\n\n\n##Beastie Bits\n\n\nWhy OpenBSD Rocks\nRich’s sh (POSIX shell) tricks\nDrinking coffee with AWK\nCivilisational HTTP Error Codes\nMidnightBSD Roadmap\nNetBSD on Nintendo64\nFrom Vimperator to Tridactyl\n\n\n\n\n##Feedback/Questions\n\n\nRussell - BSD Now Question :: ZFS \u0026amp; FreeNAS\nAlan - Tutorial, install ARM *BSD with no other BSD box pls\nJohnny - New section to add to the show\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eFreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://eerielinux.wordpress.com/2019/02/25/armd-and-dangerous-freebsd-on-cavium-thunderx-aarch64/\"\u003eARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64)\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it.\u003cbr\u003e\nWhile the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.tumfatig.net/20190301/looking-at-netbsd-from-an-openbsd-user-perspective/\"\u003eLooking at NetBSD from an OpenBSD user perspective\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat I liked (pros)\u003c/li\u003e\n\u003cli\u003eThings I didn’t like (cons)\u003c/li\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD.\u003cbr\u003e\nThat said, I’ll keep using my Puffy OS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://www.codesections.com/blog/vim-timestamped/\"\u003eUsing Vim to take time-stamped notes\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started.\u003cbr\u003e\nMy first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time.\u003cbr\u003e\nThis means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bsdjhb/meetings\"\u003eJohn Baldwin’s notes on bhyve meetings\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20190228062751\"\u003eOpenBSD 6.5-beta has been tagged\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eCVSROOT: /cvs\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eModule name: src\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eChanges by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eModified files:\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eetc/root : root.mail\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eshare/mk : sys.mk\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003esys/conf : newvers.sh\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003esys/sys : ktrace.h param.h\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eusr.bin/signify: signify.1\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003esys/arch/macppc/stand/tbxidata: bsd.tbxi\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eLog message:\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecrank to 6.5-beta\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_netbsd_foundation_participating_in\"\u003eThe NetBSD Foundation participating in Google Summer of Code 2019\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019!\u003cbr\u003e\nIf you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage.\u003cbr\u003e\nYou can find a list of projects in Google Summer of Code project proposals in the wiki.\u003cbr\u003e\nDo not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://discoverbsd.com/p/d83c2c66dc\"\u003eSecBSD: an UNIX-like OS for Hackers\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.\u003cbr\u003e\nA security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://why-openbsd.rocks/fact/\"\u003eWhy OpenBSD Rocks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.etalabs.net/sh_tricks.html\"\u003eRich’s sh (POSIX shell) tricks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opensource.com/article/19/2/drinking-coffee-awk\"\u003eDrinking coffee with AWK\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AMEE/8XX-rfc\"\u003eCivilisational HTTP Error Codes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.midnightbsd.org/news/\"\u003eMidnightBSD Roadmap\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/murachue/531ed3ca201ab4155d22442272d92ed2#file-201902140007-txt\"\u003eNetBSD on Nintendo64\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nullprogram.com/blog/2018/09/20/\"\u003eFrom Vimperator to Tridactyl\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRussell - \u003ca href=\"http://dpaste.com/3QRYM70#wrap\"\u003eBSD Now Question :: ZFS \u0026amp; FreeNAS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlan - \u003ca href=\"http://dpaste.com/1KQZPN6\"\u003eTutorial, install ARM *BSD with no other BSD box pls\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohnny - \u003ca href=\"http://dpaste.com/2ZKRC2A\"\u003eNew section to add to the show\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0290.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.","date_published":"2019-03-21T10:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/75bc6dda-ec5d-45fe-adf3-2afde9a7f099.mp3","mime_type":"audio/mp3","size_in_bytes":30199731,"duration_in_seconds":3001}]},{"id":"eb6d59df-4b39-453b-93ca-18a6934e4e16","title":"289: Microkernel Failure","url":"https://www.bsdnow.tv/289","content_text":"A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. \n\n##Headlines\n\n###A Kernel Of Failure -\nHow IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it.\n\n\nToday in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created.\n\n\n\n\n###CVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter\n\n\nPacket Filter is OpenBSD’s  service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.\nPacket Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent:  FreeBSD, pfSense, OPNSense, Solaris.\n\n\n\nNote that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product.\n\n\n\nKristof Provost, who maintains the port of pf in FreeBSD added a test for the vulnerability in FreeBSD head.\n\n\n\n\n##News Roundup\n###How I’m still not using GUIs in 2019: A guide to the terminal\n\n\nTL;DR: Here are my dotfiles. Use them and have fun.\n\n\n\nGUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal.\nIDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better.\nIn this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows.\n\n\n\nDon’t forget rule number one.\n\n\n\nWhenever in doubt, read the manual.\n\n\n\n\n###Using a Yubikey as smartcard for SSH public key authentication\n\n\nSSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys.\nYou might have heard of Yubikeys.\nThese are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard.\nIn OpenBSD, you can use them for Login (with login_yubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up.\n\n\n\n\n###The 18 Part FreeBSD Desktop Series by Vermaden\n\n\nFreeBSD Desktop – Part 1 – Simplified Boot\nFreeBSD Desktop – Part 2 – Install (FreeBSD 11)\nFreeBSD Desktop – Part 2.1 – Install FreeBSD 12\nFreeBSD Desktop – Part 3 – X11 Window System\nFreeBSD Desktop – Part 4 – Key Components – Window Manager\nFreeBSD Desktop – Part 5 – Key Components – Status Bar\nFreeBSD Desktop – Part 6 – Key Components – Task Bar\nFreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling\nFreeBSD Desktop – Part 8 – Key Components – Application Launcher\nFreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts\nFreeBSD Desktop – Part 10 – Key Components – Locking Solution\nFreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress\nFreeBSD Desktop – Part 12 – Configuration – Openbox\nFreeBSD Desktop – Part 13 – Configuration – Dzen2\nFreeBSD Desktop – Part 14 – Configuration – Tint2\nFreeBSD Desktop – Part 15 – Configuration – Fonts \u0026amp; Frameworks\nFreeBSD Desktop – Part 16 – Configuration – Pause Any Application\nFreeBSD Desktop – Part 17 – Automount Removable Media\n\n\n\n\n##Beastie Bits\n\n\nDrist with persistent SSH\nARPANET: Celebrating 50 Years Since “LO”\nTermtris - a tetris game for ANSI/VT220 terminals\nPoor Man’s CI - Hosted CI for BSD with shell scripting and duct tape\nWhy I use the IBM Model M keyboard that is older than me?\nA privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon\nGoogle-free Android Setup\nBSD Users Stockholm Meetup #6\n\n\n\n\n##Feedback/Questions\n\n\nSijmen - Hi, and a Sunday afternoon toy project\nClint - Tuning ZFS for NVME\nJames - Show question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eA kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. \u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://tedium.co/2019/02/28/ibm-workplace-os-taligent-history/\"\u003eA Kernel Of Failure -\u003cbr\u003e\nHow IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it.\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf\"\u003eCVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePacket Filter is OpenBSD’s  service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.\u003cbr\u003e\nPacket Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent:  FreeBSD, pfSense, OPNSense, Solaris.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNote that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eKristof Provost, who maintains the port of pf in FreeBSD added a \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=344793\"\u003etest for the vulnerability in FreeBSD head\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://www.lucasfcosta.com/2019/02/10/terminal-guide-2019.html\"\u003eHow I’m still not using GUIs in 2019: A guide to the terminal\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTL;DR: Here are my dotfiles. Use them and have fun.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal.\u003cbr\u003e\nIDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better.\u003cbr\u003e\nIn this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDon’t forget rule number one.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhenever in doubt, read the manual.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20190302235509\"\u003eUsing a Yubikey as smartcard for SSH public key authentication\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys.\u003cbr\u003e\nYou might have heard of Yubikeys.\u003cbr\u003e\nThese are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard.\u003cbr\u003e\nIn OpenBSD, you can use them for Login (with login_yubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###The 18 Part FreeBSD Desktop Series by Vermaden\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/03/29/freebsd-desktop-part-1-simplified-boot/\"\u003eFreeBSD Desktop – Part 1 – Simplified Boot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/04/11/freebsd-desktop-part-2-install/\"\u003eFreeBSD Desktop – Part 2 – Install (FreeBSD 11)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/11/20/freebsd-desktop-part-2-1-install-freebsd-12/\"\u003eFreeBSD Desktop – Part 2.1 – Install FreeBSD 12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/05/22/freebsd-desktop-part-3-x11-window-system/\"\u003eFreeBSD Desktop – Part 3 – X11 Window System\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/15/freebsd-desktop-part-4-key-components-window-manager/\"\u003eFreeBSD Desktop – Part 4 – Key Components – Window Manager\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/16/freebsd-desktop-part-5-key-components-status-bar/\"\u003eFreeBSD Desktop – Part 5 – Key Components – Status Bar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-6-key-components-task-bar/\"\u003eFreeBSD Desktop – Part 6 – Key Components – Task Bar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-7-key-components-wallpaper-handling/\"\u003eFreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/21/freebsd-desktop-part-8-key-components-application-launcher/\"\u003eFreeBSD Desktop – Part 8 – Key Components – Application Launcher\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/22/freebsd-desktop-part-9-key-components-keyboard-mouse-shortcuts/\"\u003eFreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/23/freebsd-desktop-part-10-key-components-locking-solution/\"\u003eFreeBSD Desktop – Part 10 – Key Components – Locking Solution\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/06/28/freebsd-desktop-part-11-key-components-blue-light-spectrum-suppress/\"\u003eFreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/07/01/freebsd-desktop-part-12-configuration-openbox/\"\u003eFreeBSD Desktop – Part 12 – Configuration – Openbox\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/07/05/freebsd-desktop-part-13-configuration-dzen2/\"\u003eFreeBSD Desktop – Part 13 – Configuration – Dzen2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/07/11/freebsd-desktop-part-14-configuration-tint2/\"\u003eFreeBSD Desktop – Part 14 – Configuration – Tint2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/08/18/freebsd-desktop-part-15-configuration-fonts-frameworks/\"\u003eFreeBSD Desktop – Part 15 – Configuration – Fonts \u0026amp; Frameworks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/09/19/freebsd-desktop-part-16-configuration-pause-any-application/\"\u003eFreeBSD Desktop – Part 16 – Configuration – Pause Any Application\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/10/11/freebsd-desktop-part-17-automount-removable-media/\"\u003eFreeBSD Desktop – Part 17 – Automount Removable Media\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://dataswamp.org/~solene/2019-02-18-drist-1.04.html\"\u003eDrist with persistent SSH\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://meetings.aaas.org/arpanet-livestream/\"\u003eARPANET: Celebrating 50 Years Since “LO”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://nuclear.mutantstargoat.com/sw/termtris/\"\u003eTermtris - a tetris game for ANSI/VT220 terminals\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/billziss-gh/pmci\"\u003ePoor Man’s CI - Hosted CI for BSD with shell scripting and duct tape\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://yeokhengmeng.com/2018/07/why-i-use-the-ibm-model-m-keyboard-that-is-older-than-me/\"\u003eWhy I use the IBM Model M keyboard that is older than me?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/papers/florian_slaacd_bsdcan2018.pdf\"\u003eA privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://niftylettuce.com/posts/google-free-android-setup/#google-free-android-setup\"\u003eGoogle-free Android Setup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/259528492/\"\u003eBSD Users Stockholm Meetup #6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSijmen - \u003ca href=\"http://dpaste.com/1K3ZXB2#wrap\"\u003eHi, and a Sunday afternoon toy project\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClint - \u003ca href=\"http://dpaste.com/24QF6J1\"\u003eTuning ZFS for NVME\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJames - \u003ca href=\"http://dpaste.com/04SDXH9\"\u003eShow question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0289.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. ","date_published":"2019-03-14T19:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/eb6d59df-4b39-453b-93ca-18a6934e4e16.mp3","mime_type":"audio/mp3","size_in_bytes":36815600,"duration_in_seconds":3663}]},{"id":"be2ff33e-e797-4fb6-9448-c715d7068e66","title":"288: Turing Complete Sed","url":"https://www.bsdnow.tv/288","content_text":"Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.\n\n##Headlines\n###Google: Software is never going to be able to fix Spectre-type bugs\n\n\nSpectre is here to stay: An analysis of side-channels and speculative execution\n\n\n\nResearchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will impose a high performance cost. And whatever the cost, the researchers continue, the software will be inadequate—some Spectre flaws don’t appear to have any effective software-based defense. As such, Spectre is going to be a continued feature of the computing landscape, with no straightforward resolution.\nThe discovery and development of the Meltdown and Spectre attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries were made throughout the rest of the year. Both attacks rely on discrepancies between the theoretical architectural behavior of a processor—the documented behavior that programmers depend on and write their programs against—and the real behavior of implementations.\nSpecifically, modern processors all perform speculative execution; they make assumptions about, for example, a value being read from memory or whether an if condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it isn’t, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it’s a feature of implementations, and so it’s supposed to be entirely invisible to running programs. When the processor discards the bad speculation, it should be as if the speculation never even happened.\n\n\n\n\n###A proof that Unix utility sed is Turing complete\n\n\nMany people are surprised when they hear that sed is Turing complete. How come a text filtering program is Turing complete, they wonder. Turns out sed is a tiny assembly language that has a comparison operation, a branching operation and a temporary buffer. These operations make sed Turing complete.\nI first learned about this from Christophe Blaess. His proof is by construction – he wrote a Turing machine in sed (download turing.sed). As any programming language that can implement a Turing machine is Turing complete we must conclude that sed is also Turing complete.\nChristophe offers his own introduction to Turing machines and a description of how his sed implementation works in his article Implementation of a Turing Machine as a sed Script.\n\n\n\nChristophe isn’t the first person to realize that sed is almost a general purpose programming language. People have written tetris, sokoban and many other programs in sed. Take a look at these:\n\n\n\nTetris\nSokoban (game)\nCalculator\n\n\n\n\n##News Roundup\n###Bastille helps you quickly create and manage FreeBSD Jails.\n\n\nBastille helps you quickly create and manage FreeBSD Jails.\nJails are extremely lightweight containers that provide a full-featured UNIX-like operating system inside. These containers can be used for software development, rapid testing, and secure production Internet services.\nBastille provides an interface to create, manage and destroy these secure virtualized environments.\n\n\n\nCurrent version: 0.3.20190204-beta.\nShell Script Source here: https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille\n\n\n\n\n###netdata v1.12 released\n\n\nNetdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.\nNetdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring tool chains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).\nNetdata is fast and efficient, designed to permanently run on all systems (physical \u0026amp; virtual servers, containers, IoT devices), without disrupting their core function.\n\n\n\nPatch release 1.12.1 contains 22 bug fixes and 8 improvements.\n\n\n\n\n###Using grep with /dev/null, an old Unix trick\n\n\nEvery so often I will find myself writing a grep invocation like this:\n\n\nfind .... -exec grep \u0026lt;something\u0026gt; /dev/null '{}' '+'\n\n\nThe peculiar presence of /dev/null here is an old Unix trick that is designed to force grep to always print out file names, even if your find only matches one file, by always insuring that grep has at least two files as arguments. You can wind up wanting to do the same thing with a direct use of grep if you’re not certain how many files your wildcard may match.\n\n\n\n\n###USING GMAIL WITH MUTT\n\n\nI recently switched to using mutt for email and while setting up mutt to use imap is pretty straightforward, this tutorial will also document some advanced concepts such as encrypting your account password and sending emails from a different From address.\nThis tutorial assumes that you have some familiarity with using mutt and have installed it with sidebar support (sudo apt-get install mutt-patched for the ubuntu folks) and are comfortable with editing your muttrc.\nIf you would just like to skip to the end, my mutt configuration file can be found here.\n\n\n\n\n##Beastie Bits\n\n\nAn Extensive UNIX Timeline\nGarbage.fm - OEF\nbrk() to sbrk()\nFred models, found again\nKafe: Can OS Kernels Forward Packets Fast Enough for Software Routers?\nARPANET: Celebrating 50 Years Since “LO”\n\n\n\n\n##Feedback/Questions\n\n\nPablo - Topic suggestion: FreeBSD on a Laptop as daily driver\nRon - ZFS on the fly compression and seek\nDave - two zpool, or not two zpool, that is the question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eSoftware will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://arstechnica.com/gadgets/2019/02/google-software-is-never-going-to-be-able-to-fix-spectre-type-bugs/\"\u003eGoogle: Software is never going to be able to fix Spectre-type bugs\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://arxiv.org/pdf/1902.05178.pdf\"\u003eSpectre is here to stay: An analysis of side-channels and speculative execution\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eResearchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will impose a high performance cost. And whatever the cost, the researchers continue, the software will be inadequate—some Spectre flaws don’t appear to have any effective software-based defense. As such, Spectre is going to be a continued feature of the computing landscape, with no straightforward resolution.\u003cbr\u003e\nThe discovery and development of the Meltdown and Spectre attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries were made throughout the rest of the year. Both attacks rely on discrepancies between the theoretical architectural behavior of a processor—the documented behavior that programmers depend on and write their programs against—and the real behavior of implementations.\u003cbr\u003e\nSpecifically, modern processors all perform speculative execution; they make assumptions about, for example, a value being read from memory or whether an if condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it isn’t, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it’s a feature of implementations, and so it’s supposed to be entirely invisible to running programs. When the processor discards the bad speculation, it should be as if the speculation never even happened.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://catonmat.net/proof-that-sed-is-turing-complete\"\u003eA proof that Unix utility sed is Turing complete\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMany people are surprised when they hear that sed is Turing complete. How come a text filtering program is Turing complete, they wonder. Turns out sed is a tiny assembly language that has a comparison operation, a branching operation and a temporary buffer. These operations make sed Turing complete.\u003cbr\u003e\nI first learned about this from Christophe Blaess. His proof is by construction – he wrote a Turing machine in sed (download turing.sed). As any programming language that can implement a Turing machine is Turing complete we must conclude that sed is also Turing complete.\u003cbr\u003e\nChristophe offers his own introduction to Turing machines and a description of how his sed implementation works in his article Implementation of a Turing Machine as a sed Script.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eChristophe isn’t the first person to realize that sed is almost a general purpose programming language. People have written tetris, sokoban and many other programs in sed. Take a look at these:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://catonmat.net/ftp/sed/sedtris.sed\"\u003eTetris\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://catonmat.net/ftp/sed/sokoban.sed\"\u003eSokoban (game)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://catonmat.net/ftp/sed/dc.sed\"\u003eCalculator\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://bastillebsd.org/\"\u003eBastille helps you quickly create and manage FreeBSD Jails.\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBastille helps you quickly create and manage FreeBSD Jails.\u003cbr\u003e\nJails are extremely lightweight containers that provide a full-featured UNIX-like operating system inside. These containers can be used for software development, rapid testing, and secure production Internet services.\u003cbr\u003e\nBastille provides an interface to create, manage and destroy these secure virtualized environments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCurrent version: 0.3.20190204-beta.\u003c/li\u003e\n\u003cli\u003eShell Script Source here: \u003ca href=\"https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille\"\u003ehttps://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://github.com/netdata/netdata/releases\"\u003enetdata v1.12 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.\u003cbr\u003e\nNetdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring tool chains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).\u003cbr\u003e\nNetdata is fast and efficient, designed to permanently run on all systems (physical \u0026amp; virtual servers, containers, IoT devices), without disrupting their core function.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePatch release 1.12.1 contains 22 bug fixes and 8 improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/unix/GrepDevNull\"\u003eUsing grep with /dev/null, an old Unix trick\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEvery so often I will find myself writing a grep invocation like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003efind .... -exec grep \u0026lt;something\u0026gt; /dev/null '{}' '+'\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe peculiar presence of /dev/null here is an old Unix trick that is designed to force grep to always print out file names, even if your find only matches one file, by always insuring that grep has at least two files as arguments. You can wind up wanting to do the same thing with a direct use of grep if you’re not certain how many files your wildcard may match.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://smalldata.tech/blog/2016/09/10/gmail-with-mutt\"\u003eUSING GMAIL WITH MUTT\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recently switched to using mutt for email and while setting up mutt to use imap is pretty straightforward, this tutorial will also document some advanced concepts such as encrypting your account password and sending emails from a different From address.\u003cbr\u003e\nThis tutorial assumes that you have some familiarity with using mutt and have installed it with sidebar support (sudo apt-get install mutt-patched for the ubuntu folks) and are comfortable with editing your muttrc.\u003cbr\u003e\nIf you would just like to skip to the end, my mutt configuration file can be found \u003ca href=\"https://github.com/wheresvic/vic-config/blob/master/mutt/muttrc\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.levenez.com/unix/\"\u003eAn Extensive UNIX Timeline\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://garbage.fm/episodes/47\"\u003eGarbage.fm - OEF\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/02/22/22586.html\"\u003ebrk() to sbrk()\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2019/02/20/22566.html\"\u003eFred models, found again\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ieeexplore.ieee.org/document/8541105\"\u003eKafe: Can OS Kernels Forward Packets Fast Enough for Software Routers?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://meetings.aaas.org/arpanet-livestream/\"\u003eARPANET: Celebrating 50 Years Since “LO”\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePablo - \u003ca href=\"http://dpaste.com/2BXMP7M\"\u003eTopic suggestion: FreeBSD on a Laptop as daily driver\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRon - \u003ca href=\"http://dpaste.com/16Y2HSR#wrap\"\u003eZFS on the fly compression and seek\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDave - \u003ca href=\"http://dpaste.com/123AANV#wrap\"\u003etwo zpool, or not two zpool, that is the question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0288.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.","date_published":"2019-03-07T10:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/be2ff33e-e797-4fb6-9448-c715d7068e66.mp3","mime_type":"audio/mp3","size_in_bytes":35693457,"duration_in_seconds":3550}]},{"id":"e66ab35a-1745-4485-a2c3-142c6c471df0","title":"287: rc.d in NetBSD","url":"https://www.bsdnow.tv/287","content_text":"Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.\n\n##Headlines\n###The Design and Implementation of the NetBSD rc.d system\n\n\nAbstract\n\n\n\nIn this paper I cover the design and implementation of the rc.d system start-up mechanism in NetBSD 1.5, which replaced the monolithic /etc/rc start-up file inherited from 4.4BSD. Topics covered include a history of various UNIX start-up mechanisms (including NetBSD prior to 1.5), design considerations that evolved over six years of discussions, implementation details, an examination of the human issues that occurred during the design and implementation, as well as future directions for the system.\n\n\n\nIntroduction\n\n\n\nNetBSD recently converted from the traditional 4.4BSD monolithic /etc/rc start-up script to an /etc/rc.d mechanism, where there is a separate script to manage each service or daemon, and these scripts are executed in a specific order at system boot.\nThis paper covers the motivation, design and implementation of the rc.d system; from the history of what NetBSD had before to the system that NetBSD 1.5 shipped with in December 2000, as well as future directions.\nThe changes were contentious and generated some of the liveliest discussions about any feature change ever made in NetBSD. Parts of those discussions will be covered to provide insight into some of the design and implementation decisions.\n\n\n\nHistory\n\n\n\nThere is great diversity in the system start-up mechanisms used by various UNIX variants. A few of the more pertinent schemes are detailed below. As NetBSD is derived from 4.4BSD, it follows that a description of the latter’s method is relevant. Solaris’ start-up method is also detailed, as it is the most common System V UNIX variant.\n\n\n\n\n###First impressions of Project Trident 18.12\n\n\nProject Trident (hereafter referred to as Trident) is a desktop operating system based on TrueOS. Trident takes the rolling base platform of TrueOS, which is in turn based on FreeBSD’s development branch, and combines it with the Lumina desktop environment.\n\n\n+Installing\n\n\nThe debut release of Trident is available as a 4.1GB download that can be burned to a disc or transferred to a USB thumb drive. Booting from the Trident media brings up a graphical interface and automatically launches the project’s system installer. Down the left side of the display there are buttons we can click to show hardware information and configuration options. These buttons let us know if our wireless card and video card are compatible with Trident and give us a chance to change our preferred language and keyboard layout. At the bottom of the screen we find buttons that will open a terminal or shutdown the computer.\n\n\n\nEarly impressions\n\n\n\nTrident boots to a graphical login screen where we can sign into the Lumina desktop or a minimal Fluxbox session. Lumina, by default, uses Fluxbox as its window manager. The Lumina desktop places its panel along the bottom of the screen and an application menu sits in the bottom-left corner. On the desktop we find icons for opening the software manager, launching the Falkon web browser, running the VLC media player, opening the Control Panel and adjusting the Lumina theme.\nThe application menu has an unusual and compact layout. The menu shows just a search box and buttons for browsing applications, opening a file manager, accessing desktop settings and signing out. To see what applications are available we can click the Browse Applications entry, which opens a window in the menu where we can scroll through installed programs. This is a bit awkward since the display window is small and only shows a few items at a time.\nEarly on I found it is possible to swap out the default “Start menu” with an alternative “Application menu” through the Panels configuration tool. This alternative menu offers a classic tree-style application menu. I found the latter menu easier to navigate as it expands to show all the applications in a selected category.\n\n\n\nConclusions\n\n\n\nI have a lot of mixed feelings and impressions when it comes to Trident. On the one hand, the operating system has some great technology under the hook. It has cutting edge packages from the FreeBSD ecosystem, we have easy access to ZFS, boot environments, and lots of open source packages. Hardware support, at least on my physical workstation, was solid and the Lumina desktop is flexible.\n\n\n\n\n##News Roundup\n###PXE booting of a FreeBSD disk image\n\n\nI had to set up a regression and network performance lab. This lab will be managed by a Jenkins, but the first step is to understand how to boot a FreeBSD disk by PXE. This article explains a simple way of doing it.\nFor information, all these steps were done using 2 PC Engines APU2 (upgraded with latest BIOS for iPXE support), so it’s a headless (serial port only, this can be IPMI SoL with different hardware) .\n\n\n\nTHE BIG PICTURE\n\n\n\nBefore explaining all steps and command line, here is the full big picture of the final process.\n\n\n\n\n###Why I like middle mouse button paste in xterm so much\n\n\nIn my entry about how touchpads are not mice, I mused that one of the things I should do on my laptop was insure that I had a keyboard binding for paste, since middle mouse button is one of the harder multi-finger gestures to land on a touchpad. Kurt Mosiejczuk recently left a comment there where they said:\nShift-Insert is a keyboard equivalent for paste that is in default xterm (at least OpenBSD xterm, and putty on Windows too). I use that most of the time now as it seems less… trigger-happy than right click paste.\nThis sparked some thoughts, because I can’t imagine giving up middle mouse paste if I have a real choice. I had earlier seen shift-insert mentioned in other commentary on my entry and so have tried a bit to use it on my laptop, and it hasn’t really felt great even there; on my desktops, it’s even less appealing (I tried shift-insert out there to confirm that it did work in my set of wacky X resources).\nIn thinking about why this is, I came to the obvious realization about why all of this is so. I like middle mouse button paste in normal usage because it’s so convenient, because almost all of the time my hand is already on the mouse. And the reason my hand is already on the mouse is because I’ve just used the mouse to shift focus to the window I want to paste into. Even on my laptop, my right hand is usually away from the keyboard as I move the mouse pointer on the touchpad, making shift-Insert at least somewhat awkward.\n\n\n\n\n###NetBSD Gains Hardware Accelerated Virtualization\n\n\nNetBSD Virtual Machine Monitor\n\n\n\nNVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.\n\n\n\n\n##Beastie Bits\n\n\nSoloBSD 19.02-STABLE\nProject Trident 18.12-U5 available\n“Sudo Mastery, Second Edition” and Cover Art\nMKSANITIZER - bug detector software integration with the NetBSD userland\nDarn kids nowadays… back in my day we drew rude symbols like normal people.  {{top two comments}}\nShellCheck\nfinds bugs in your shell scripts.\nOld School Sean - A history of UNIX\n\n\n\n\n##Feedback/Questions\n\n\nAles - OpenBSD, FreeNAS, OpenZFS questions\nMalcolm - Thoughts on Pgsql + ZFS thread?\nBrad - Boot Environments in FreeBSD\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eDesign and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.usenix.org/legacy/events/usenix01/freenix01/full_papers/mewburn/mewburn_html/index.html\"\u003eThe Design and Implementation of the NetBSD rc.d system\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAbstract\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this paper I cover the design and implementation of the rc.d system start-up mechanism in NetBSD 1.5, which replaced the monolithic /etc/rc start-up file inherited from 4.4BSD. Topics covered include a history of various UNIX start-up mechanisms (including NetBSD prior to 1.5), design considerations that evolved over six years of discussions, implementation details, an examination of the human issues that occurred during the design and implementation, as well as future directions for the system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD recently converted from the traditional 4.4BSD monolithic /etc/rc start-up script to an /etc/rc.d mechanism, where there is a separate script to manage each service or daemon, and these scripts are executed in a specific order at system boot.\u003cbr\u003e\nThis paper covers the motivation, design and implementation of the rc.d system; from the history of what NetBSD had before to the system that NetBSD 1.5 shipped with in December 2000, as well as future directions.\u003cbr\u003e\nThe changes were contentious and generated some of the liveliest discussions about any feature change ever made in NetBSD. Parts of those discussions will be covered to provide insight into some of the design and implementation decisions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHistory\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is great diversity in the system start-up mechanisms used by various UNIX variants. A few of the more pertinent schemes are detailed below. As NetBSD is derived from 4.4BSD, it follows that a description of the latter’s method is relevant. Solaris’ start-up method is also detailed, as it is the most common System V UNIX variant.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://distrowatch.com/weekly.php?issue=20190211#trident\"\u003eFirst impressions of Project Trident 18.12\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident (hereafter referred to as Trident) is a desktop operating system based on TrueOS. Trident takes the rolling base platform of TrueOS, which is in turn based on FreeBSD’s development branch, and combines it with the Lumina desktop environment.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e+Installing\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe debut release of Trident is available as a 4.1GB download that can be burned to a disc or transferred to a USB thumb drive. Booting from the Trident media brings up a graphical interface and automatically launches the project’s system installer. Down the left side of the display there are buttons we can click to show hardware information and configuration options. These buttons let us know if our wireless card and video card are compatible with Trident and give us a chance to change our preferred language and keyboard layout. At the bottom of the screen we find buttons that will open a terminal or shutdown the computer.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEarly impressions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrident boots to a graphical login screen where we can sign into the Lumina desktop or a minimal Fluxbox session. Lumina, by default, uses Fluxbox as its window manager. The Lumina desktop places its panel along the bottom of the screen and an application menu sits in the bottom-left corner. On the desktop we find icons for opening the software manager, launching the Falkon web browser, running the VLC media player, opening the Control Panel and adjusting the Lumina theme.\u003cbr\u003e\nThe application menu has an unusual and compact layout. The menu shows just a search box and buttons for browsing applications, opening a file manager, accessing desktop settings and signing out. To see what applications are available we can click the Browse Applications entry, which opens a window in the menu where we can scroll through installed programs. This is a bit awkward since the display window is small and only shows a few items at a time.\u003cbr\u003e\nEarly on I found it is possible to swap out the default “Start menu” with an alternative “Application menu” through the Panels configuration tool. This alternative menu offers a classic tree-style application menu. I found the latter menu easier to navigate as it expands to show all the applications in a selected category.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have a lot of mixed feelings and impressions when it comes to Trident. On the one hand, the operating system has some great technology under the hook. It has cutting edge packages from the FreeBSD ecosystem, we have easy access to ZFS, boot environments, and lots of open source packages. Hardware support, at least on my physical workstation, was solid and the Lumina desktop is flexible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://blog.cochard.me/2019/02/pxe-booting-of-freebsd-disk-image.html\"\u003ePXE booting of a FreeBSD disk image\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI had to set up a regression and network performance lab. This lab will be managed by a Jenkins, but the first step is to understand how to boot a FreeBSD disk by PXE. This article explains a simple way of doing it.\u003cbr\u003e\nFor information, all these steps were done using 2 PC Engines APU2 (upgraded with latest BIOS for iPXE support), so it’s a headless (serial port only, this can be IPMI SoL with different hardware) .\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTHE BIG PICTURE\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBefore explaining all steps and command line, here is the \u003ca href=\"https://1.bp.blogspot.com/-SCUJAjowhYw/XG-b-qWGuXI/AAAAAAAAmXw/SVXHDC9hsMwZNB2P5glsZx0iFoCE9SAXQCLcBGAs/s1600/PXE%2Band%2BFreeBSD%2Bmfs%2Bimage.png\"\u003efull big picture\u003c/a\u003e of the final process.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/unix/MouseMovementAndPaste\"\u003eWhy I like middle mouse button paste in xterm so much\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my entry about how touchpads are not mice, I mused that one of the things I should do on my laptop was insure that I had a keyboard binding for paste, since middle mouse button is one of the harder multi-finger gestures to land on a touchpad. Kurt Mosiejczuk recently left a comment there where they said:\u003cbr\u003e\nShift-Insert is a keyboard equivalent for paste that is in default xterm (at least OpenBSD xterm, and putty on Windows too). I use that most of the time now as it seems less… trigger-happy than right click paste.\u003cbr\u003e\nThis sparked some thoughts, because I can’t imagine giving up middle mouse paste if I have a real choice. I had earlier seen shift-insert mentioned in other commentary on my entry and so have tried a bit to use it on my laptop, and it hasn’t really felt great even there; on my desktops, it’s even less appealing (I tried shift-insert out there to confirm that it did work in my set of wacky X resources).\u003cbr\u003e\nIn thinking about why this is, I came to the obvious realization about why all of this is so. I like middle mouse button paste in normal usage because it’s so convenient, because almost all of the time my hand is already on the mouse. And the reason my hand is already on the mouse is because I’ve just used the mouse to shift focus to the window I want to paste into. Even on my laptop, my right hand is usually away from the keyboard as I move the mouse pointer on the touchpad, making shift-Insert at least somewhat awkward.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html\"\u003eNetBSD Gains Hardware Accelerated Virtualization\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD Virtual Machine Monitor\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.solobsd.org/index.php/2019/02/11/solobsd-19-02-stable/\"\u003eSoloBSD 19.02-STABLE\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://project-trident.org/post/2019-02-20_18.12-u5_available/\"\u003eProject Trident 18.12-U5 available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/4076\"\u003e“Sudo Mastery, Second Edition” and Cover Art\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/mksanitizer_bug_detector_software_integration\"\u003eMKSANITIZER - bug detector software integration with the NetBSD userland\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/unix/comments/aplxjf/darn_kids_nowadays_back_in_my_day_we_drew_rude/\"\u003eDarn kids nowadays… back in my day we drew rude symbols like normal people.\u003c/a\u003e  {{top two comments}}\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.shellcheck.net/\"\u003eShellCheck\u003cbr\u003e\nfinds bugs in your shell scripts.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=JuHpABL46a8\"\u003eOld School Sean - A history of UNIX\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAles - \u003ca href=\"http://dpaste.com/3T8VTDJ\"\u003eOpenBSD, FreeNAS, OpenZFS questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/2X63H8Q\"\u003eThoughts on Pgsql + ZFS thread?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/02DCADV#wrap\"\u003eBoot Environments in FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0287.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.","date_published":"2019-02-28T12:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e66ab35a-1745-4485-a2c3-142c6c471df0.mp3","mime_type":"audio/mp3","size_in_bytes":36387926,"duration_in_seconds":3620}]},{"id":"d6eb1003-7d6d-447e-bd77-68ae1e60c19d","title":"286: Old Machine Revival","url":"https://www.bsdnow.tv/286","content_text":"Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more. \n\n##Headlines\n###Adding Glue To a Desktop Environment\n\n\nIn this article we will put some light on a lot of tools used in the world of Unix desktop environment customization, particularly regarding wmctrl, wmutils, xev, xtruss, xwininfo, xprop, xdotools, xdo, sxhkd, xbindkeys, speckeysd, xchainkeys, alttab, triggerhappy, gTile, gidmgr, keynav, and more. If those don’t make sense then this article will help. Let’s hope this can open your mind to new possibilities.\nWith that in mind we can wonder if what’s actually needed from a window manager, presentation and operation, can be split up and complemented with other tools. We can also start thinking laterally, the communication and interaction between the different components of the environment. We have the freedom to do so because the X protocol is transparent and components usually implement many standards for interfacing between windows. It’s like gluing parts together to create a desktop environment.\n\n\n\nThe tools we’ll talk about fall into one of those categories:\nDebugging\nWindow manipulation\nSimulation of interaction\nExtended manipulation\nHotkey daemon\nLayout manager\n\n\n\n\n###Flashing the BIOS on the PC Engines APU4c4\n\n\nI absolutely love the PC Engines APU devices. I use them for testing HardenedBSD experimental features in more constrained 64-bit environments and firewalls.  Their USB and mSATA ports have a few quirks, and I bumped up against a major quirk that required flashing a different BIOS as a workaround. This article details the hacky way in which I went about doing that.\nWhat prompted this article is that something in either the CAM or GEOM layer in FreeBSD 11.2 caused the mSATA to hang, preventing file writes. OPNsense 18.7 uses FreeBSD 11.1 whereas the recently-released OPNsense 19.1 uses HardenedBSD 11.2 (based on FreeBSD 11.2). I reached out to PC Engines directly, and they let me know that the issue is a known BIOS issue. Flashing the “legacy” BIOS series would provide me with a working system.\nIt also just so happens that a new “legacy” BIOS version was just released which turns on ECC mode for the RAM. So, I get a working OPNsense install AND ECC RAM! I’ll have one bird for dinner, the other for dessert.\nThough I’m using an APU4, these instructions should work for the other APU devices. The BIOS ROM download URLs should be changed to reflect the device you’re targeting along with the BIOS version you wish to deploy.\nSPECIAL NOTE: There be dragons! I’m primarily writing this article to document the procedure for my own purposes. My memory tends to be pretty faulty these days. So, if something goes wrong, please do not hold me responsible. You’re the one at the keyboard. ;)\nVERY SPECIAL NOTE: We’ll use the mSATA drive for swap space, just in case. Should the swap space be used, it will destroy whatever is on the disk.\n\n\n\n\n##News Roundup\n###Revive a Cisco IDS into a capable OpenBSD computer!\n\n\nEven though Cisco equipment is very capable, it tends to become End-of-Life before you can say “planned obsolescence”. Websites become bigger, bandwidths increase, and as a side effect of those “improvements”, routers, firewalls, and in this case, intrusion prevention systems get old quicker and quicker.\nApparently, this was also the case for the Cisco IDS-4215 Intrusion Detection Sensor that I was given a few months ago.\nI’m not too proud to admit that at first, I didn’t care about the machine itself, but rather about the add-on PCI network card with 4 Fast Ethernet interfaces. The sensor has obviously seen better days, as it had a broken front panel and needed some cleaning, but upon a closer inspection under the hood  (which is held closed by the 4 screws on top), this IDS consists of an embedded Celeron PC with two onboard Ethernet cards, a 2.5″ IDE hard disk, a CF card, and 2 PCI expansion slots (more on them later). Oh, and don’t forget the nasty server-grade fan, which pushed very little air for the noise it was making.\n\n\n\n\n###An OpenBSD desktop using WindowMaker\n\n\nSince I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64.\nThis configuration uses the Nord color-scheme, the Adapta-Nokto-Eta GTK theme and the Moblin Unofficial Icons icon set. I did remove applications icons. I just don’t need them on the bottom of the screen as I heavily use “F11” to pop-up the windows list. To be able to do that and keep the dockapps, I tweaked my ~/GNUstep/Defaults/WMWindowAttributes and created a ~/GNUstep/Library/WindowMaker/Themes/Nord.themed/style.\nAnd here it is, the NeXT OpenBSD Desktop!\n\n\n\n\n###RealTime Data Compression\n\n\nIn a previous episode, we’ve seen that it is possible to create opaque types. However, creation and destruction of such type must be delegated to some dedicated functions, which themselves rely on dynamic allocation mechanisms.\nSometimes, it can be convenient to bypass the heap, and all its malloc() / free() shenanigans. Pushing a structure onto the stack, or within thread-local storage, are natural capabilities offered by a normal struct. It can be desirable at times.\nThe previously described opaque type is so secret that it has no size, hence is not suitable for such scenario.\nFortunately, static opaque types are possible.\nThe main idea is to create a “shell type”, with a known size and an alignment, able to host the target (private) structure.\nFor safer maintenance, the shell type and the target structure must be kept in sync, by using typically a static assert. It will ensure that the shell type is always large enough to host the target structure. This check is important to automatically detect future evolution of the target structure.\n\n\n\n\n###For the Love of Pipes\n\n\nMy top used shell command is |. This is called a pipe.\nIn brief, the | allows for the output of one program (on the left) to become the input of another program (on the right). It is a way of connecting two commands together.\nAccording to doc.cat-v.org/unix/pipes/, the origin of pipes came long before Unix. Pipes can be traced back to this note from Doug McIlroy in 1964\n\n\n\n\n##Beastie Bits\n\n\nInstallation Notes for NetBSD/i386 0.9\nPorting Zig to NetBSD - a fun, speedy port\nNNN - Tiny, lightning fast, feature-packed file manager Release v2.3\neta - A tool for monitoring progress and ETA of an arbitrary process\n\nA FreeBSD User Tries Out…NetBSD 8.0\nFaster vlan(4) forwarding?\nFuguIta - OpenBSD 6.4 Live System\nAdding Name-based hosting To Nginx on OpenBSD with Acme-Client\nHOWTO set up QEMU with HAXM acceleration on NetBSD\nREADME: gcc 7 switch coming to a port near you!\n\n\n\n\n##BUG Calendar\n\n\nChiBUG, Chicago, USA: Tuesday, February 26th 18:00 at the Oak Park Library\nCharmBUG, Baltimore, USA: Wednesday, February 27, 2019\n19:30 at Columbia Ale House\nNYC*BUG, New York, USA: Wednesday, March 6, 2019 18:45 at Suspenders\nKnoxBUG, Knoxville, USA: Monday, February 25, 2019 - 18:00 at iX Systems offices \nBSDPL, Warsaw,  Poland: February 28, 2019 18:15 - 21:00 at Wheel Systems Office\n\n\n\n\n##Feedback/Questions\n\n\nSam - Customizing OpenBSD ports source code\nFrank - Rivalry Linux \u0026amp; BSD\nZach - mysql/mariadb tuning\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\n\n    \n    Your browser does not support the HTML5 video tag.\n","content_html":"\u003cp\u003eAdding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more. \u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://venam.nixers.net/blog/unix/2019/01/07/win-automation.html\"\u003eAdding Glue To a Desktop Environment\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this article we will put some light on a lot of tools used in the world of Unix desktop environment customization, particularly regarding wmctrl, wmutils, xev, xtruss, xwininfo, xprop, xdotools, xdo, sxhkd, xbindkeys, speckeysd, xchainkeys, alttab, triggerhappy, gTile, gidmgr, keynav, and more. If those don’t make sense then this article will help. Let’s hope this can open your mind to new possibilities.\u003cbr\u003e\nWith that in mind we can wonder if what’s actually needed from a window manager, presentation and operation, can be split up and complemented with other tools. We can also start thinking laterally, the communication and interaction between the different components of the environment. We have the freedom to do so because the X protocol is transparent and components usually implement many standards for interfacing between windows. It’s like gluing parts together to create a desktop environment.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe tools we’ll talk about fall into one of those categories:\u003c/li\u003e\n\u003cli\u003eDebugging\u003c/li\u003e\n\u003cli\u003eWindow manipulation\u003c/li\u003e\n\u003cli\u003eSimulation of interaction\u003c/li\u003e\n\u003cli\u003eExtended manipulation\u003c/li\u003e\n\u003cli\u003eHotkey daemon\u003c/li\u003e\n\u003cli\u003eLayout manager\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://github.com/lattera/articles/blob/master/hardware/apu/2019-02-05_flashing_bios/article.md\"\u003eFlashing the BIOS on the PC Engines APU4c4\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI absolutely love the PC Engines APU devices. I use them for testing HardenedBSD experimental features in more constrained 64-bit environments and firewalls.  Their USB and mSATA ports have a few quirks, and I bumped up against a major quirk that required flashing a different BIOS as a workaround. This article details the hacky way in which I went about doing that.\u003cbr\u003e\nWhat prompted this article is that something in either the CAM or GEOM layer in FreeBSD 11.2 caused the mSATA to hang, preventing file writes. OPNsense 18.7 uses FreeBSD 11.1 whereas the recently-released OPNsense 19.1 uses HardenedBSD 11.2 (based on FreeBSD 11.2). I reached out to PC Engines directly, and they let me know that the issue is a known BIOS issue. Flashing the “legacy” BIOS series would provide me with a working system.\u003cbr\u003e\nIt also just so happens that a new “legacy” BIOS version was just released which turns on ECC mode for the RAM. So, I get a working OPNsense install AND ECC RAM! I’ll have one bird for dinner, the other for dessert.\u003cbr\u003e\nThough I’m using an APU4, these instructions should work for the other APU devices. The BIOS ROM download URLs should be changed to reflect the device you’re targeting along with the BIOS version you wish to deploy.\u003cbr\u003e\nSPECIAL NOTE: There be dragons! I’m primarily writing this article to document the procedure for my own purposes. My memory tends to be pretty faulty these days. So, if something goes wrong, please do not hold me responsible. You’re the one at the keyboard. ;)\u003cbr\u003e\nVERY SPECIAL NOTE: We’ll use the mSATA drive for swap space, just in case. Should the swap space be used, it will destroy whatever is on the disk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://komlositech.wordpress.com/2018/12/30/revive-a-cisco-ids-into-a-capable-openbsd-firewall/\"\u003eRevive a Cisco IDS into a capable OpenBSD computer!\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEven though Cisco equipment is very capable, it tends to become End-of-Life before you can say “planned obsolescence”. Websites become bigger, bandwidths increase, and as a side effect of those “improvements”, routers, firewalls, and in this case, intrusion prevention systems get old quicker and quicker.\u003cbr\u003e\nApparently, this was also the case for the Cisco IDS-4215 Intrusion Detection Sensor that I was given a few months ago.\u003cbr\u003e\nI’m not too proud to admit that at first, I didn’t care about the machine itself, but rather about the add-on PCI network card with 4 Fast Ethernet interfaces. The sensor has obviously seen better days, as it had a broken front panel and needed some cleaning, but upon a closer inspection under the hood  (which is held closed by the 4 screws on top), this IDS consists of an embedded Celeron PC with two onboard Ethernet cards, a 2.5″ IDE hard disk, a CF card, and 2 PCI expansion slots (more on them later). Oh, and don’t forget the nasty server-grade fan, which pushed very little air for the noise it was making.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.tumfatig.net/20190215/an-openbsd-desktop-using-windowmaker/?utm_source=discoverbsd\"\u003eAn OpenBSD desktop using WindowMaker\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64.\u003cbr\u003e\nThis configuration uses the Nord color-scheme, the Adapta-Nokto-Eta GTK theme and the Moblin Unofficial Icons icon set. I did remove applications icons. I just don’t need them on the bottom of the screen as I heavily use “F11” to pop-up the windows list. To be able to do that and keep the dockapps, I tweaked my ~/GNUstep/Defaults/WMWindowAttributes and created a ~/GNUstep/Library/WindowMaker/Themes/Nord.themed/style.\u003cbr\u003e\nAnd here it is, the NeXT OpenBSD Desktop!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://fastcompression.blogspot.com/2019/01/opaque-types-and-static-allocation.html\"\u003eRealTime Data Compression\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn a previous episode, we’ve seen that it is possible to create opaque types. However, creation and destruction of such type must be delegated to some dedicated functions, which themselves rely on dynamic allocation mechanisms.\u003cbr\u003e\nSometimes, it can be convenient to bypass the heap, and all its malloc() / free() shenanigans. Pushing a structure onto the stack, or within thread-local storage, are natural capabilities offered by a normal struct. It can be desirable at times.\u003cbr\u003e\nThe previously described opaque type is so secret that it has no size, hence is not suitable for such scenario.\u003cbr\u003e\nFortunately, static opaque types are possible.\u003cbr\u003e\nThe main idea is to create a “shell type”, with a known size and an alignment, able to host the target (private) structure.\u003cbr\u003e\nFor safer maintenance, the shell type and the target structure must be kept in sync, by using typically a static assert. It will ensure that the shell type is always large enough to host the target structure. This check is important to automatically detect future evolution of the target structure.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.jessfraz.com/post/for-the-love-of-pipes/\"\u003eFor the Love of Pipes\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy top used shell command is |. This is called a pipe.\u003cbr\u003e\nIn brief, the | allows for the output of one program (on the left) to become the input of another program (on the right). It is a way of connecting two commands together.\u003cbr\u003e\nAccording to \u003ca href=\"http://doc.cat-v.org/unix/pipes/\"\u003edoc.cat-v.org/unix/pipes/\u003c/a\u003e, the origin of pipes came long before Unix. Pipes can be traced back to this note from Doug McIlroy in 1964\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://scontent-iad3-1.xx.fbcdn.net/v/t1.0-9/52532824_10216880223150142_5567720793346932736_n.jpg?_nc_cat=100\u0026amp;_nc_ht=scontent-iad3-1.xx\u0026amp;oh=f4de0999bd268725b39969435c1e2d82\u0026amp;oe=5D23255E\"\u003eInstallation Notes for NetBSD/i386 0.9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://coypu.sdf.org/porting-zig.html\"\u003ePorting Zig to NetBSD - a fun, speedy port\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jarun/nnn/blob/master/README.md\"\u003eNNN - Tiny, lightning fast, feature-packed file manager Release v2.3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aioobe/eta\"\u003eeta - A tool for monitoring progress and ETA of an arbitrary process\u003cbr\u003e\n\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=OxB70pg5Tsg\u0026amp;feature=share\"\u003eA FreeBSD User Tries Out…NetBSD 8.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.grenadille.net/post/2019/02/18/Faster-vlan%284%29-forwarding\"\u003eFaster vlan(4) forwarding?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://fuguita.org/\"\u003eFuguIta - OpenBSD 6.4 Live System\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://chargen.one/steve/adding-name-based-hosting-to-nginx-on-openbsd-with-acme-client\"\u003eAdding Name-based hosting To Nginx on OpenBSD with Acme-Client\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://polprog.net/blog/netbsd-hax/\"\u003eHOWTO set up QEMU with HAXM acceleration on NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/current-users/2019/02/07/msg035054.html\"\u003eREADME: gcc 7 switch coming to a port near you!\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##BUG Calendar\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eChiBUG, Chicago, USA: \u003ca href=\"https://chibug.org/\"\u003eTuesday, February 26th 18:00 at the Oak Park Library\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCharmBUG, Baltimore, USA: \u003ca href=\"https://www.meetup.com/CharmBUG/\"\u003eWednesday, February 27, 2019\u003cbr\u003e\n19:30 at Columbia Ale House\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNYC*BUG, New York, USA: \u003ca href=\"https://www.nycbug.org/index\"\u003eWednesday, March 6, 2019 18:45 at Suspenders\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKnoxBUG, Knoxville, USA: \u003ca href=\"http://knoxbug.org\"\u003eMonday, February 25, 2019 - 18:00 at iX Systems offices \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBSDPL, Warsaw,  Poland: \u003ca href=\"https://bsd-pl.org/en\"\u003eFebruary 28, 2019 18:15 - 21:00 at Wheel Systems Office\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSam - \u003ca href=\"http://dpaste.com/2NP4VGE#wrap\"\u003eCustomizing OpenBSD ports source code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFrank - \u003ca href=\"http://dpaste.com/1EHYHQ1#wrap\"\u003eRivalry Linux \u0026amp; BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZach - \u003ca href=\"http://dpaste.com/13GGAED\"\u003emysql/mariadb tuning\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cvideo controls preload=\"metadata\" style=\" width:426px;  height:240px;\"\u003e\n    \u003csource src=\"http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0286.mp4\" type=\"video/mp4\"\u003e\n    Your browser does not support the HTML5 video tag.\n\u003c/video\u003e","summary":"Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more. ","date_published":"2019-02-21T16:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d6eb1003-7d6d-447e-bd77-68ae1e60c19d.mp3","mime_type":"audio/mp3","size_in_bytes":47545588,"duration_in_seconds":4736}]},{"id":"b54701c7-6556-42b3-804d-79a1bf9c6bbe","title":"285: BSD Strategy","url":"https://www.bsdnow.tv/285","content_text":"Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.\n\n##Headlines\n###Strategic thinking, or what I think what we need to do to keep FreeBSD relevant\n\n\nSince I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.\nSometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay where we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.\nThis discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.\nFreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end‐users as a work‐horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web‐/mail‐/whatever‐server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.\nI have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.\n\n\n\n\n###Reflecting on The Soul of a New Machine\n\n\nLong ago as an undergraduate, I found myself back home on a break from school, bored and with eyes wandering idly across a family bookshelf. At school, I had started to find a calling in computing systems, and now in the den, an old book suddenly caught my eye: Tracy Kidder’s The Soul of a New Machine. Taking it off the shelf, the book grabbed me from its first descriptions of Tom West, captivating me with the epic tale of the development of the Eagle at Data General. I — like so many before and after me — found the book to be life changing: by telling the stories of the people behind the machine, the book showed the creative passion among engineers that might otherwise appear anodyne, inspiring me to chart a course that might one day allow me to make a similar mark.\nSince reading it over two decades ago, I have recommended The Soul of a Machine at essentially every opportunity, believing that it is a part of computing’s literary foundation — that it should be considered our Odyssey. Recently, I suggested it as beach reading to Jess Frazelle, and apparently with perfect timing: when I saw the book at the top of her vacation pile, I knew a fuse had been lit. I was delighted (though not at all surprised) to see Jess livetweet her admiration of the book, starting with the compelling prose, the lucid technical explanations and the visceral anecdotes — but then moving on to the deeper technical inspiration she found in the book. And as she reached the book’s crescendo, Jess felt its full power, causing her to reflect on the nature of engineering motivation.\nExcited to see the effect of the book on Jess, I experienced a kind of reflected recommendation: I was inspired to (re-)read my own recommendation! Shortly after I started reading, I began to realize that (contrary to what I had been telling myself over the years!) I had not re-read the book in full since that first reading so many years ago. Rather, over the years I had merely revisited those sections that I remembered fondly. On the one hand, these sections are singular: the saga of engineers debugging a nasty I-cache data corruption issue; the young engineer who implements the simulator in an impossibly short amount of time because no one wanted to tell him that he was being impossibly ambitious; the engineer who, frustrated with a nanosecond-scale timing problem in the ALU that he designed, moved to a commune in Vermont, claiming a desire to deal with “no unit of time shorter than a season”. But by limiting myself to these passages, I was succumbing to the selection bias of my much younger self; re-reading the book now from start to finish has given new parts depth and meaning. Aspects that were more abstract to me as an undergraduate — from the organizational rivalries and absurdities of the industry to the complexities of West’s character and the tribulations of the team down the stretch — are now deeply evocative of concrete episodes of my own career.\n\n\n\nSee Article for rest…\n\n\n\n\n##News Roundup\n\n###Out-Of-The-Box 10GbE Network Benchmarks On Nine Linux Distributions Plus FreeBSD 12\n\n\nLast week I started running some fresh 10GbE Linux networking performance benchmarks across a few different Linux distributions. That testing has now been extended to cover nine Linux distributions plus FreeBSD 12.0 to compare the out-of-the-box networking performance.\nTested this round alongside FreeBSD 12.0 was Antergos 19.1, CentOS 7, Clear Linux, Debian 9.6, Fedora Server 29, openSUSE Leap 15.0, openSUSE Tumbleweed, Ubuntu 18.04.1 LTS, and Ubuntu 18.10.\nAll of the tests were done with a Tyan S7106 1U server featuring two Intel Xeon Gold 6138 CPUs, 96GB of DDR4 system memory, and Samsung 970 EVO SSD. For the 10GbE connectivity on this server was an add-in HP NC523SFP PCIe adapter providing two 10Gb SPF+ ports using a QLogic 8214 controller.\nOriginally the plan as well was to include Windows Server 2016/2019. Unfortunately the QLogic driver download site was malfunctioning since Cavium’s acquisition of the company and the other Windows Server 2016 driver options not panning out and there not being a Windows Server 2019 option. So sadly that Windows testing was thwarted so I since started testing over with a Mellanox Connectx-2 10GbE NIC, which is well supported on Windows Server and so that testing is ongoing for the next article of Windows vs. Linux 10 Gigabit network performance plus some “tuned” Linux networking results too.\n\n\n\n\n###Integration of the LLVM sanitizers with the NetBSD base system\n\n\nOver the past month I’ve merged the LLVM compiler-rt sanitizers (LLVM svn r350590) with the base system. I’ve also managed to get a functional set of Makefile rules to build all of them, namely:\nASan, UBSan, TSan, MSan, libFuzzer, SafeStack, XRay.\nIn all supported variations and modes that are supported by the original LLVM compiler-rt package.\n\n\n\n\n###Distrowatch FreeNAS 11.2 review\n\n\nThe project’s latest release is FreeNAS 11.2 and, at first, I nearly overlooked the new version because it appeared to be a minor point release. However, a lot of work went into the new version and 11.2 offers a lot of changes when compared next to 11.1, “including a major revamp of the web interface, support for self-encrypting drives, and new, backwards-compatible REST and WebSocket APIs. This update also introduces iocage for improved plugins and jails management and simplified plugin development.”\n\n\n\n\n##Beastie Bits\n\n\nInstructions for installing rEFInd to dual boot a computer with FreeBSD and windows (and possibly other OSes as well).\nNetBSD desktop pt.6: “vi(1) editor, tmux and unicode $TERM”\nUnix flowers\nFreeBSD upgrade procedure using GPT\nPull-based Backups using OpenBSD base*\nDeveloping WireGuard for NetBSD\nOpenZFS User Conference, April 18-19, Norwalk CT\nKnoxBug Feb 25th\n\n\n\n\n##Feedback/Questions\n\n\nJake - C Programming\nFarhan - Explanation of rtadvd\nNelson - Bug Bounties on Open-Source Software\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eStrategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"http://www.leidinger.net/blog/2019/01/27/strategic-thinking-or-what-i-think-what-we-need-to-do-to-keep-freebsd-relevant/\"\u003eStrategic thinking, or what I think what we need to do to keep FreeBSD relevant\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.\u003cbr\u003e\nSometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay where we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.\u003cbr\u003e\nThis discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.\u003cbr\u003e\nFreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end‐users as a work‐horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web‐/mail‐/whatever‐server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.\u003cbr\u003e\nI have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://dtrace.org/blogs/bmc/2019/02/10/reflecting-on-the-soul-of-a-new-machine/\"\u003eReflecting on The Soul of a New Machine\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLong ago as an undergraduate, I found myself back home on a break from school, bored and with eyes wandering idly across a family bookshelf. At school, I had started to find a calling in computing systems, and now in the den, an old book suddenly caught my eye: Tracy Kidder’s The Soul of a New Machine. Taking it off the shelf, the book grabbed me from its first descriptions of Tom West, captivating me with the epic tale of the development of the Eagle at Data General. I — like so many before and after me — found the book to be life changing: by telling the stories of the people behind the machine, the book showed the creative passion among engineers that might otherwise appear anodyne, inspiring me to chart a course that might one day allow me to make a similar mark.\u003cbr\u003e\nSince reading it over two decades ago, I have recommended The Soul of a Machine at essentially every opportunity, believing that it is a part of computing’s literary foundation — that it should be considered our Odyssey. Recently, I suggested it as beach reading to Jess Frazelle, and apparently with perfect timing: when I saw the book at the top of her vacation pile, I knew a fuse had been lit. I was delighted (though not at all surprised) to see Jess livetweet her admiration of the book, starting with the compelling prose, the lucid technical explanations and the visceral anecdotes — but then moving on to the deeper technical inspiration she found in the book. And as she reached the book’s crescendo, Jess felt its full power, causing her to reflect on the nature of engineering motivation.\u003cbr\u003e\nExcited to see the effect of the book on Jess, I experienced a kind of reflected recommendation: I was inspired to (re-)read my own recommendation! Shortly after I started reading, I began to realize that (contrary to what I had been telling myself over the years!) I had not re-read the book in full since that first reading so many years ago. Rather, over the years I had merely revisited those sections that I remembered fondly. On the one hand, these sections are singular: the saga of engineers debugging a nasty I-cache data corruption issue; the young engineer who implements the simulator in an impossibly short amount of time because no one wanted to tell him that he was being impossibly ambitious; the engineer who, frustrated with a nanosecond-scale timing problem in the ALU that he designed, moved to a commune in Vermont, claiming a desire to deal with “no unit of time shorter than a season”. But by limiting myself to these passages, I was succumbing to the selection bias of my much younger self; re-reading the book now from start to finish has given new parts depth and meaning. Aspects that were more abstract to me as an undergraduate — from the organizational rivalries and absurdities of the industry to the complexities of West’s character and the tribulations of the team down the stretch — are now deeply evocative of concrete episodes of my own career.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee Article for rest…\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026amp;item=10gbe-linux-freebsd12\u0026amp;num=1\"\u003eOut-Of-The-Box 10GbE Network Benchmarks On Nine Linux Distributions Plus FreeBSD 12\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast week I started running some fresh 10GbE Linux networking performance benchmarks across a few different Linux distributions. That testing has now been extended to cover nine Linux distributions plus FreeBSD 12.0 to compare the out-of-the-box networking performance.\u003cbr\u003e\nTested this round alongside FreeBSD 12.0 was Antergos 19.1, CentOS 7, Clear Linux, Debian 9.6, Fedora Server 29, openSUSE Leap 15.0, openSUSE Tumbleweed, Ubuntu 18.04.1 LTS, and Ubuntu 18.10.\u003cbr\u003e\nAll of the tests were done with a Tyan S7106 1U server featuring two Intel Xeon Gold 6138 CPUs, 96GB of DDR4 system memory, and Samsung 970 EVO SSD. For the 10GbE connectivity on this server was an add-in HP NC523SFP PCIe adapter providing two 10Gb SPF+ ports using a QLogic 8214 controller.\u003cbr\u003e\nOriginally the plan as well was to include Windows Server 2016/2019. Unfortunately the QLogic driver download site was malfunctioning since Cavium’s acquisition of the company and the other Windows Server 2016 driver options not panning out and there not being a Windows Server 2019 option. So sadly that Windows testing was thwarted so I since started testing over with a Mellanox Connectx-2 10GbE NIC, which is well supported on Windows Server and so that testing is ongoing for the next article of Windows vs. Linux 10 Gigabit network performance plus some “tuned” Linux networking results too.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.netbsd.org/tnf/entry/integration_of_the_llvm_sanitziers\"\u003eIntegration of the LLVM sanitizers with the NetBSD base system\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the past month I’ve merged the LLVM compiler-rt sanitizers (LLVM svn r350590) with the base system. I’ve also managed to get a functional set of Makefile rules to build all of them, namely:\u003cbr\u003e\nASan, UBSan, TSan, MSan, libFuzzer, SafeStack, XRay.\u003cbr\u003e\nIn all supported variations and modes that are supported by the original LLVM compiler-rt package.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://distrowatch.com/weekly.php?issue=20190204#freenas\"\u003eDistrowatch FreeNAS 11.2 review\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe project’s latest release is FreeNAS 11.2 and, at first, I nearly overlooked the new version because it appeared to be a minor point release. However, a lot of work went into the new version and 11.2 offers a lot of changes when compared next to 11.1, “including a major revamp of the web interface, support for self-encrypting drives, and new, backwards-compatible REST and WebSocket APIs. This update also introduces iocage for improved plugins and jails management and simplified plugin development.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/zeising/5d2402d92b4cf421c7402d663b2d9e41\"\u003eInstructions for installing rEFInd to dual boot a computer with FreeBSD and windows (and possibly other OSes as well).\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.unitedbsd.com/d/12-netbsd-desktop-pt-6-vi1-editor-tmux-and-unicode-term\"\u003eNetBSD desktop pt.6: “vi(1) editor, tmux and unicode $TERM”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.geekrant.org/2005/04/01/unix-flowers/\"\u003eUnix flowers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/62/\"\u003eFreeBSD upgrade procedure using GPT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://chargen.one/steve/backups-on-chargen-one\"\u003ePull-based Backups using OpenBSD base*\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozaki-r/netbsd-src/tree/wireguard\"\u003eDeveloping WireGuard for NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://zfs.datto.com/\"\u003eOpenZFS User Conference, April 18-19, Norwalk CT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/2019-02-25\"\u003eKnoxBug Feb 25th\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eJake - \u003ca href=\"http://dpaste.com/3X7KVVX#wrap\"\u003eC Programming\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFarhan - \u003ca href=\"http://dpaste.com/067WW0P\"\u003eExplanation of rtadvd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNelson - \u003ca href=\"http://dpaste.com/2BYGFSV\"\u003eBug Bounties on Open-Source Software\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.","date_published":"2019-02-14T10:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b54701c7-6556-42b3-804d-79a1bf9c6bbe.mp3","mime_type":"audio/mp3","size_in_bytes":41912862,"duration_in_seconds":4172}]},{"id":"9e51096d-3e53-490c-8603-827a76d73758","title":"284: FOSDEM 2019","url":"https://www.bsdnow.tv/284","content_text":"We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.\n\nHeadlines\n\nFOSDEM 2019 Recap\n\n\nAllan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.\nOn the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the notes on the wiki page.\nSaturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch BSDNow.tv every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day BSD devroom, with a variety of talks that were well attended.\nIn the main conference track, Allan held a talk explaining how the ZFS ARC works. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about Netflix and FreeBSD.\nSunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.\nOverall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.\n\n\nFreeBSD Foundation Update, January 2019\n\n\nDear FreeBSD Community Member,\nHappy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans.  Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.\nFinally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!\nHappy reading!!\nDeb\n\n\n\n\nOPNsense 19.1 released\n\n\nFor more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\nThe 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.\n\n\n\n\nThese are the most prominent changes since version 18.7:\n\n\nfully functional firewall alias API\n\n\nPIE firewall shaper support\n\n\nfirewall NAT rule logging support\n\n\n2FA via LDAP-TOTP combination\n\n\nWPAD / PAC and parent proxy support in the web proxy\n\n\nP12 certificate export with custom passwords\n\n\nDpinger is now the default gateway monitor\n\n\nET Pro Telemetry edition plugin[2]\n\n\nextended IPv6 DUID support\n\n\nDnsmasq DNSSEC support\n\n\nOpenVPN client export API\n\n\nRealtek NIC driver version 1.95\n\n\nHardenedBSD 11.2, LibreSSL 2.7\n\n\nUnbound 1.8, Suricata 4.1\n\n\nPhalcon 3.4, Perl 5.28\n\n\nfirmware health check extended to cover all OS files, HTTPS mirror default\n\n\nupdates are browser cache-safe regarding CSS and JavaScript assets\n\n\ncollapsible side bar menu in the default theme\n\n\nlanguage updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian\n\n\nAPI backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins\n\n\nHere are the full changes against version 19.1-RC2:\n\n\nipsec: add firewall interface as soon as phase 1 is enabled\n\n\nipsec: phase 1 selection GUI JavaScript compatibility fix\n\n\nmonit: widget improvements and bug fix (contributed by Frank Brendel)\n\n\nui: fix regression in single host or network subnet select in static pages\n\n\nplugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)\n\n\nplugins: os-telegraf 1.7.4 fixes packet filter input\n\n\nplugins: os-theme-rebellion 1.8.2 adds image colour invert\n\n\nplugins: os-vnstat 1.1[3]\n\n\nplugins: os-zabbix-agent now uses Zabbix version 4.0\n\n\nsrc: revert mmc_calculate_clock() as HS200/HS400 support breaks legacy support\n\n\nsrc: update sqlite3-3.20.0 to sqlite3-3.26.0[4]\n\n\nsrc: import tzdata 2018h, 2018i[5]\n\n\nsrc: avoid unsynchronized updates to kn_status[6]\n\n\nports: ca_root_nss 3.42\n\n\nports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)\n\n\nports: sudo patch to fix listpw=never[7]\n\n\n\n\n\nNews Roundup\n\nThe hardware-assisted virtualization challenge\n\n\nOver two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).\nToday, I am here to report: Mission Accomplished!\nIt’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.\n\n\n\n\nZFS and GPL terror: How much freedom is there in Linux?\n\n\nZFS – the undesirable guest\n\n\n\nZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.\nFor everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.\nThere have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, __kernel_fpu_begin() and __kernel_fpu_end(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:\nThe need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.\n\n\n\n\nClonOS 19.01-RELEASE\n\n\nClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.\nClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.\n\n\n\n\nFeatures:\n\n\neasy management via web UI interface\n\n\nlive Bhyve migration [coming soon, roadmap]\n\n\nBhyve management (create, delete VM)\n\n\nXen management (create, delete VM) [coming soon, roadmap]\n\n\nconnection to the “physical” guest console via VNC from the browser or directly\n\n\nReal time system monitoring\n\n\naccess to load statistics through SQLite3 and beanstalkd\n\n\nsupport for ZFS features (cloning, snapshots)\n\n\nimport/export of virtual environments\n\n\npublic repository with virtual machine templates\n\n\npuppet-based helpers for configuring popular services\n\n\nClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:\n\n\nFreeBSD OS as hoster platform\n\n\nbhyve(8) as hypervisor engine\n\n\nXen as hypervisor engine\n\n\nvale(4) as Virtual Ethernet Switch\n\n\njail(8) as container engine\n\n\nCBSD Project as management tools\n\n\nPuppet as configuration management\n\n\n\n\n\nBeastie Bits\n\n\nFlorian Obser on unwind(8)\nA low tech SMS gateway for fun and no profit\nNetflix and FreeBSD : Using Open Source to Deliver Streaming Video\npowerd++ 0.4.0 release\nIs it time to rewrite the operating system in Rust?\nSmall change, big effect\nSwedish BSD Meetup, Feb 19, 2019\nPolish BSD User Group Meetup, Feb 21, 2019\n\n\n\n\nFeedback/Questions\n\n\nCasey - Cool new Digital Ocean Feature\nMorgan - Jail w/differnet version of FreeBSD\nBrad - FreeBSD Installer\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWe recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.\u003c/p\u003e\n\n\u003ch1\u003eHeadlines\u003c/h1\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fosdem.org/2019/schedule/\"\u003eFOSDEM 2019 Recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAllan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.\u003c/li\u003e\n\u003cli\u003eOn the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the \u003ca href=\"https://wiki.freebsd.org/Devsummit/201902\"\u003enotes on the wiki page\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSaturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch \u003ca href=\"http://BSDNow.tv\"\u003eBSDNow.tv\u003c/a\u003e every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day \u003ca href=\"https://twitter.com/fosdembsd\"\u003eBSD devroom\u003c/a\u003e, with a \u003ca href=\"https://fosdem.org/2019/schedule/track/bsd/\"\u003evariety of talks\u003c/a\u003e that were well attended.\u003c/li\u003e\n\u003cli\u003eIn the main conference track, Allan held a \u003ca href=\"https://fosdem.org/2019/schedule/event/zfs_caching/\"\u003etalk explaining how the ZFS ARC works\u003c/a\u003e. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about \u003ca href=\"https://fosdem.org/2019/schedule/event/netflix_freebsd/\"\u003eNetflix and FreeBSD\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.\u003c/li\u003e\n\u003cli\u003eOverall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-january-2019/\"\u003eFreeBSD Foundation Update, January 2019\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDear FreeBSD Community Member,\u003cbr\u003e\nHappy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans.  Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.\u003cbr\u003e\nFinally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!\u003cbr\u003e\nHappy reading!!\u003cbr\u003e\nDeb\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=11398.0\"\u003eOPNsense 19.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.\u003cbr\u003e\nThe 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThese are the most prominent changes since version 18.7:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efully functional firewall alias API\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePIE firewall shaper support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efirewall NAT rule logging support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e2FA via LDAP-TOTP combination\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWPAD / PAC and parent proxy support in the web proxy\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eP12 certificate export with custom passwords\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDpinger is now the default gateway monitor\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eET Pro Telemetry edition plugin[2]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eextended IPv6 DUID support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDnsmasq DNSSEC support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOpenVPN client export API\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRealtek NIC driver version 1.95\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHardenedBSD 11.2, LibreSSL 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUnbound 1.8, Suricata 4.1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePhalcon 3.4, Perl 5.28\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efirmware health check extended to cover all OS files, HTTPS mirror default\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eupdates are browser cache-safe regarding CSS and JavaScript assets\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecollapsible side bar menu in the default theme\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003elanguage updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAPI backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHere are the full changes against version 19.1-RC2:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eipsec: add firewall interface as soon as phase 1 is enabled\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eipsec: phase 1 selection GUI JavaScript compatibility fix\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emonit: widget improvements and bug fix (contributed by Frank Brendel)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eui: fix regression in single host or network subnet select in static pages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eplugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eplugins: os-telegraf 1.7.4 fixes packet filter input\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eplugins: os-theme-rebellion 1.8.2 adds image colour invert\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eplugins: os-vnstat 1.1[3]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eplugins: os-zabbix-agent now uses Zabbix version 4.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esrc: revert mmc_calculate_clock() as HS200/HS400 support breaks legacy support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esrc: update sqlite3-3.20.0 to sqlite3-3.26.0[4]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esrc: import tzdata 2018h, 2018i[5]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esrc: avoid unsynchronized updates to kn_status[6]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eports: ca_root_nss 3.42\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eports: sudo patch to fix listpw=never[7]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_hardware_assisted_virtualization_challenge\"\u003eThe hardware-assisted virtualization challenge\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).\u003cbr\u003e\nToday, I am here to report: Mission Accomplished!\u003cbr\u003e\nIt’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2019/01/28/zfs-and-gpl-terror-how-much-freedom-is-there-in-linux/\"\u003eZFS and GPL terror: How much freedom is there in Linux?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS – the undesirable guest\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.\u003cbr\u003e\nFor everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.\u003cbr\u003e\nThere have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, __kernel_fpu_begin() and __kernel_fpu_end(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:\u003cbr\u003e\nThe need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://clonos.tekroutine.com/\"\u003eClonOS 19.01-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.\u003cbr\u003e\nClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eeasy management via web UI interface\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003elive Bhyve migration [coming soon, roadmap]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBhyve management (create, delete VM)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eXen management (create, delete VM) [coming soon, roadmap]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003econnection to the “physical” guest console via VNC from the browser or directly\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReal time system monitoring\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eaccess to load statistics through SQLite3 and beanstalkd\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esupport for ZFS features (cloning, snapshots)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimport/export of virtual environments\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003epublic repository with virtual machine templates\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003epuppet-based helpers for configuring popular services\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFreeBSD OS as hoster platform\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ebhyve(8) as hypervisor engine\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eXen as hypervisor engine\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003evale(4) as Virtual Ethernet Switch\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ejail(8) as container engine\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCBSD Project as management tools\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePuppet as configuration management\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.undeadly.org/cgi?action=article;sid=20190128061321\"\u003eFlorian Obser on unwind(8)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/commandline/comments/amq947/a_low_tech_sms_gateway_for_fun_and_no_profit/\"\u003eA low tech SMS gateway for fun and no profit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://fosdem.org/2019/schedule/event/netflix_freebsd/attachments/slides/3103/export/events/attachments/netflix_freebsd/slides/3103/FOSDEM_2019_Netflix_and_FreeBSD.pdf\"\u003eNetflix and FreeBSD : Using Open Source to Deliver Streaming Video\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lonkamikaze/powerdxx/releases/tag/0.4.0\"\u003epowerd++ 0.4.0 release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.infoq.com/presentations/os-rust\"\u003eIs it time to rewrite the operating system in Rust?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/343673\"\u003eSmall change, big effect\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/257281738/\"\u003eSwedish BSD Meetup, Feb 19, 2019\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/en-US/Polish-BSD-User-Group/events/zkhlnqyzdbsb/\"\u003ePolish BSD User Group Meetup, Feb 21, 2019\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eCasey - \u003ca href=\"http://dpaste.com/2MA7HRV#wrap\"\u003eCool new Digital Ocean Feature\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMorgan - \u003ca href=\"http://dpaste.com/1QDAMYJ#wrap\"\u003eJail w/differnet version of FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/2XG5KXN#wrap\"\u003eFreeBSD Installer\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more.","date_published":"2019-02-07T11:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9e51096d-3e53-490c-8603-827a76d73758.mp3","mime_type":"audio/mp3","size_in_bytes":35850359,"duration_in_seconds":3566}]},{"id":"e11d6e25-000c-4424-b4fa-cda93c336f73","title":"283: Graphical Interface-View","url":"https://www.bsdnow.tv/283","content_text":"We’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy. \n\n##Interview - Niclas Zeising - zeising@FreeBSD.org / @niclaszeising\nInterview topic: FreeBSD Graphics Stack\n\n\nBR: Welcome Niclas. Since this is your first time on BSDNow, can you tell us a bit about yourself and how you started with Unix/BSD?\nAJ: What made you start working in the FreeBSD graphics stack?\nBR: What is the current status with the FreeBSD graphics stack?\nAJ: What challenges do you face in the FreeBSD graphics stack?\nBR: How many people are working in the graphics team and what kind of help do you need there?\nAJ: You’re also involved in FreeBSD ports and held a poudriere tutorial at last years EuroBSDcon. What kind of feedback did you get and will you give that tutorial again?\nBR: You’ve been organizing the Stockholm BSD user group meeting. Can you tell us a bit about that, what’s involved, how is it structured?\nAJ: What conferences do you go to where people could talk to you?\nBR: Is there anything else you’d like to mention before we let you go?\n\n\n\n\n##Feedback/Questions\n\n\nCasey - TrueOS\nTroels - zfs send vs zfs send -R\nmatclarke - Orphaned packages\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWe’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy. \u003c/p\u003e\n\n\u003cp\u003e##Interview - Niclas Zeising - \u003ca href=\"mailto:zeising@FreeBSD.org\"\u003ezeising@FreeBSD.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/niclaszeising\"\u003e@niclaszeising\u003c/a\u003e\u003cbr\u003e\nInterview topic: FreeBSD Graphics Stack\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBR: Welcome Niclas. Since this is your first time on BSDNow, can you tell us a bit about yourself and how you started with Unix/BSD?\u003c/li\u003e\n\u003cli\u003eAJ: What made you start working in the FreeBSD graphics stack?\u003c/li\u003e\n\u003cli\u003eBR: What is the current status with the FreeBSD graphics stack?\u003c/li\u003e\n\u003cli\u003eAJ: What challenges do you face in the FreeBSD graphics stack?\u003c/li\u003e\n\u003cli\u003eBR: How many people are working in the graphics team and what kind of help do you need there?\u003c/li\u003e\n\u003cli\u003eAJ: You’re also involved in FreeBSD ports and held a poudriere tutorial at last years EuroBSDcon. What kind of feedback did you get and will you give that tutorial again?\u003c/li\u003e\n\u003cli\u003eBR: You’ve been organizing the Stockholm BSD user group meeting. Can you tell us a bit about that, what’s involved, how is it structured?\u003c/li\u003e\n\u003cli\u003eAJ: What conferences do you go to where people could talk to you?\u003c/li\u003e\n\u003cli\u003eBR: Is there anything else you’d like to mention before we let you go?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCasey - \u003ca href=\"http://dpaste.com/33XCN5X#wrap\"\u003eTrueOS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTroels - \u003ca href=\"http://dpaste.com/31M2SN6\"\u003ezfs send vs zfs send -R\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ematclarke - \u003ca href=\"http://dpaste.com/16WDCW0\"\u003eOrphaned packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"We’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy. ","date_published":"2019-01-31T11:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e11d6e25-000c-4424-b4fa-cda93c336f73.mp3","mime_type":"audio/mp3","size_in_bytes":28233037,"duration_in_seconds":2804}]},{"id":"081a14d7-ba00-43d2-9be7-ea1a189ed2e2","title":"282: Open the Rsync","url":"https://www.bsdnow.tv/282","content_text":"Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.\n\n##Headlines\n\n###AsiaBSDCon 2019 Call for Papers\n\n\nYou have until Jan 30th to submit\nFull paper requirement is relaxed a bit this year (this year ONLY!) due to the short submission window. You don’t need all 10-12 pages, but it is still preferred.\nSend a message to secretary@asiabsdcon.org with your proposal. Could be either for a talk or a tutorial.\nTwo days of tutorials/devsummit and two days of conference during Sakura season in Tokyo, Japan\nThe conference is also looking for sponsors\nIf accepted, flight and hotel is paid for by the conference\n\n\n\n\n###Project Trident 18.12 Released\n\n\nTwitter account if you want to keep up on project news\nScreenshots\nProject Trident Community Telegram Channel\nDistroWatch Page\nLinuxActionNews Review\nRoboNuggie’s in depth review\n\n\n\n\n###Building Spotifyd on NetBSD\n\n\nThese are the steps I went through to build and run Spotifyd (this commit at the time of writing) on NetBSD AMD64. It’s a Spotify Connect client so it means I still need to control Spotify from another device (typically my phone), but the audio is played through my desktop… which is where my speakers and headphones are plugged in - it means I don’t have to unplug stuff and re-plug into my phone, work laptop, etc. This is 100% a “good enough for now solution” for me; I have had a quick play with the Go based microcontroller from spotcontrol and that allows a completely NetBSD only experience (although it is just an example application so doesn’t provide many features - great as a basis to build on though).\n\n\n\n\n##News Roundup\n\n###OPNsense 18.7.10 released\n\n\n2019 means 19.1 is almost here. In the meantime accept this small\nincremental update with goodies such as Suricata 4.1, custom passwords\nfor P12 certificate export as well as fresh fixes in the FreeBSD base.\nA lot of cleanups went into this update to make sure there will be a\nsmooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2\nweeks and the final 19.1 on January 29.\n\n\n\n\n###Introducing the Ultra EPYC AMD Powered Sun Ultra 24 Workstation\n\n\nA few weeks ago, I got an itch to build a workstation with AMD EPYC. There are a few constraints. First, I needed a higher-clock part. Second, I knew the whole build would be focused more on being an ultra high-end workstation rather than simply utilizing gaming components. With that, I decided it was time to hit on a bit of nostalgia for our readers. Mainly, I wanted to do an homage to Sun Microsystems. Sun made the server gear that the industry ran on for years, and as a fun fact, if you go behind the 1 Hacker Way sign at Facebook’s campus, they left the Sun Microsystems logo. Seeing that made me wonder if we could do an ultimate AMD EPYC build in a Sun Microsystems workstation.\n\n\n\n\n###OpenRsync\n\n\nThis is a clean-room implementation of rsync with a BSD (ISC) license. It is designed to be compatible with a modern rsync (3.1.3 is used for testing). It currently compiles and runs only on OpenBSD.\nThis project is still very new and very fast-moving.\nIt’s not ready for wide-spread testing. Or even narrow-spread beyond getting all of the bits to work. It’s not ready for strong attention. Or really any attention but by careful programming.\nMany have asked about portability. We’re just not there yet, folks. But don’t worry, the system is easily portable. The hard part for porters is matching OpenBSD’s pledge and unveil.\n\n\n\n\n###The first report on LLD porting\n\n\nLLD is the link editor (linker) component of Clang toolchain. Its main advantage over GNU ld is much lower memory footprint, and linking speed. It is of specific interest to me since currently 8 GiB of memory are insufficient to link LLVM statically (which is the upstream default).\nThe first goal of LLD porting is to ensure that LLD can produce working NetBSD executables, and be used to build LLVM itself. Then, it is desirable to look into trying to build additional NetBSD components, and eventually into replacing /usr/bin/ld entirely with lld.\nIn this report, I would like to shortly summarize the issues I have found so far trying to use LLD on NetBSD.\n\n\n\n\n###Ring in the new\n\n\nIt’s the second week of 2019 already, which means I’m curious what Nate is going to do with his series This week in usability … reset the numbering from week 1? That series is a great read, to keep up with all the little things that change in KDE source each week — aside from the release notes.\nFor the big ticket items of KDE on FreeBSD, you should read this blog instead.\n\n\n\nIn ports this week (mostly KDE, some unrelated):\nKDE Plasma has been updated to the latest release, 5.14.5.\nKDE Applications 18.12.1 were released today, so we’re right on top of them.\nMarble was fixed for FreeBSD-running-on-Power9.\nMusescore caught up on 18 months of releases.\nPhonon updated to 4.10.1, along with its backends.\nAnd in development, Qt WebEngine 5.12 has been prepared in the incongruously-named plasma-5.13 branch in Area51; that does contain all the latest bits described above, as well.\n\n\n\n\n##Beastie Bits\n\n\nNomadBSD 1.2-RC1 Released\nZFS - The First Enterprise Blockchain\nPowersaving with DragonFly laptop\nNetBSD reaches 100% reproducable builds\nPotential Bhyve Web Interface?\nLibGDX proof of concept on OpenBSD - Video\nLiteCLI is a user-friendly CommandLine client for SQLite database\nIn honor of Donald Knuth’s 81 birthday Stanford uploaded 111 lectures on Youtube\nPortland BSD Pizza Night - 2018-01-31 19:00 - Sweet Heart Pizza\nStockholm BSD February meetup\nPolish BSD User Group: Jan 25 18:15 - 21:00\nAsiaBSDcon 2019 CfP\n\n\n\n\n##Feedback/Questions\n\n\nGreg - VLANs and jails\nTara - ZFS on removable disks\nCasey - Interview with Kirk McKusick\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eProject Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://2019.asiabsdcon.org/cfp.html.en\"\u003eAsiaBSDCon 2019 Call for Papers\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou have until Jan 30th to submit\u003c/li\u003e\n\u003cli\u003eFull paper requirement is relaxed a bit this year (this year ONLY!) due to the short submission window. You don’t need all 10-12 pages, but it is still preferred.\u003c/li\u003e\n\u003cli\u003eSend a message to \u003ca href=\"mailto:secretary@asiabsdcon.org\"\u003esecretary@asiabsdcon.org\u003c/a\u003e with your proposal. Could be either for a talk or a tutorial.\u003c/li\u003e\n\u003cli\u003eTwo days of tutorials/devsummit and two days of conference during Sakura season in Tokyo, Japan\u003c/li\u003e\n\u003cli\u003eThe conference is also looking for sponsors\u003c/li\u003e\n\u003cli\u003eIf accepted, flight and hotel is paid for by the conference\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://project-trident.org/post/2019-01-15_18.12-release_available/\"\u003eProject Trident 18.12 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/tridentproject\"\u003eTwitter account if you want to keep up on project news\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/TridentProject/status/1086010032662237185\"\u003eScreenshots\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://t.me/ProjectTrident\"\u003eProject Trident Community Telegram Channel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://distrowatch.com/?newsid=10442\"\u003eDistroWatch Page\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://linuxactionnews.com/89?t=395\"\u003eLinuxActionNews Review\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=QjiR1KiacrQ\"\u003eRoboNuggie’s in depth review\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://atomicules.co.uk/2019/01/17/Building-Spotifyd-on-NetBSD.html\"\u003eBuilding Spotifyd on NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese are the steps I went through to build and run Spotifyd (this commit at the time of writing) on NetBSD AMD64. It’s a Spotify Connect client so it means I still need to control Spotify from another device (typically my phone), but the audio is played through my desktop… which is where my speakers and headphones are plugged in - it means I don’t have to unplug stuff and re-plug into my phone, work laptop, etc. This is 100% a “good enough for now solution” for me; I have had a quick play with the Go based microcontroller from spotcontrol and that allows a completely NetBSD only experience (although it is just an example application so doesn’t provide many features - great as a basis to build on though).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://opnsense.org/opnsense-18-7-10-released/\"\u003eOPNsense 18.7.10 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e2019 means 19.1 is almost here. In the meantime accept this small\u003cbr\u003e\nincremental update with goodies such as Suricata 4.1, custom passwords\u003cbr\u003e\nfor P12 certificate export as well as fresh fixes in the FreeBSD base.\u003cbr\u003e\nA lot of cleanups went into this update to make sure there will be a\u003cbr\u003e\nsmooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2\u003cbr\u003e\nweeks and the final 19.1 on January 29.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.servethehome.com/introducing-the-ultra-epyc-amd-powered-sun-ultra-24-workstation/\"\u003eIntroducing the Ultra EPYC AMD Powered Sun Ultra 24 Workstation\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few weeks ago, I got an itch to build a workstation with AMD EPYC. There are a few constraints. First, I needed a higher-clock part. Second, I knew the whole build would be focused more on being an ultra high-end workstation rather than simply utilizing gaming components. With that, I decided it was time to hit on a bit of nostalgia for our readers. Mainly, I wanted to do an homage to Sun Microsystems. Sun made the server gear that the industry ran on for years, and as a fun fact, if you go behind the 1 Hacker Way sign at Facebook’s campus, they left the Sun Microsystems logo. Seeing that made me wonder if we could do an ultimate AMD EPYC build in a Sun Microsystems workstation.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://github.com/kristapsdz/openrsync\"\u003eOpenRsync\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a clean-room implementation of rsync with a BSD (ISC) license. It is designed to be compatible with a modern rsync (3.1.3 is used for testing). It currently compiles and runs only on OpenBSD.\u003cbr\u003e\nThis project is still very new and very fast-moving.\u003cbr\u003e\nIt’s not ready for wide-spread testing. Or even narrow-spread beyond getting all of the bits to work. It’s not ready for strong attention. Or really any attention but by careful programming.\u003cbr\u003e\nMany have asked about portability. We’re just not there yet, folks. But don’t worry, the system is easily portable. The hard part for porters is matching OpenBSD’s pledge and unveil.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_first_report_on_lld\"\u003eThe first report on LLD porting\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLLD is the link editor (linker) component of Clang toolchain. Its main advantage over GNU ld is much lower memory footprint, and linking speed. It is of specific interest to me since currently 8 GiB of memory are insufficient to link LLVM statically (which is the upstream default).\u003cbr\u003e\nThe first goal of LLD porting is to ensure that LLD can produce working NetBSD executables, and be used to build LLVM itself. Then, it is desirable to look into trying to build additional NetBSD components, and eventually into replacing /usr/bin/ld entirely with lld.\u003cbr\u003e\nIn this report, I would like to shortly summarize the issues I have found so far trying to use LLD on NetBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://euroquis.nl/bobulate/?p=2044\"\u003eRing in the new\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s the second week of 2019 already, which means I’m curious what Nate is going to do with his series This week in usability … reset the numbering from week 1? That series is a great read, to keep up with all the little things that change in KDE source each week — aside from the release notes.\u003cbr\u003e\nFor the big ticket items of KDE on FreeBSD, you should read this blog instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn ports this week (mostly KDE, some unrelated):\u003c/li\u003e\n\u003cli\u003eKDE Plasma has been updated to the latest release, 5.14.5.\u003c/li\u003e\n\u003cli\u003eKDE Applications 18.12.1 were released today, so we’re right on top of them.\u003c/li\u003e\n\u003cli\u003eMarble was fixed for FreeBSD-running-on-Power9.\u003c/li\u003e\n\u003cli\u003eMusescore caught up on 18 months of releases.\u003c/li\u003e\n\u003cli\u003ePhonon updated to 4.10.1, along with its backends.\u003c/li\u003e\n\u003cli\u003eAnd in development, Qt WebEngine 5.12 has been prepared in the incongruously-named plasma-5.13 branch in Area51; that does contain all the latest bits described above, as well.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://nomadbsd.org/index.html\"\u003eNomadBSD 1.2-RC1 Released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/q5sys/status/1086443533681209350\"\u003eZFS - The First Enterprise Blockchain\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflybsd.org/docs/user/Powersave/?updated\"\u003ePowersaving with DragonFly laptop\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://tests.reproducible-builds.org/netbsd/netbsd.html\"\u003eNetBSD reaches 100% reproducable builds\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/freebsd/comments/ahs53y/bhyve_web_interface/\"\u003ePotential Bhyve Web Interface?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/openbsd_gaming/comments/adi9sm/libgdx_proof_of_concept_on_openbsd_slay_the_spire/\"\u003eLibGDX proof of concept on OpenBSD\u003c/a\u003e - \u003ca href=\"https://youtu.be/F1loBeHKJt4\"\u003eVideo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.pgcli.com/launching-litecli.html\"\u003eLiteCLI is a user-friendly CommandLine client for SQLite database\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PL94E35692EB9D36F3\"\u003eIn honor of Donald Knuth’s 81 birthday Stanford uploaded 111 lectures on Youtube\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3Q4F6C2\"\u003ePortland BSD Pizza Night - 2018-01-31 19:00 - Sweet Heart Pizza\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/257281738/\"\u003eStockholm BSD February meetup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-pl.org/en\"\u003ePolish BSD User Group: Jan 25 18:15 - 21:00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2019.asiabsdcon.org/cfp.html.en\"\u003eAsiaBSDcon 2019 CfP\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eGreg - \u003ca href=\"http://dpaste.com/3A6T4HN\"\u003eVLANs and jails\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTara - \u003ca href=\"http://dpaste.com/1X1E3XS#wrap\"\u003eZFS on removable disks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCasey - \u003ca href=\"http://dpaste.com/08HZ6FP#wrap\"\u003eInterview with Kirk McKusick\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.","date_published":"2019-01-24T11:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/081a14d7-ba00-43d2-9be7-ea1a189ed2e2.mp3","mime_type":"audio/mp3","size_in_bytes":36986923,"duration_in_seconds":3680}]},{"id":"62f301ee-57b8-4f10-8736-3660f78074a8","title":"281: EPYC Server Battle","url":"https://www.bsdnow.tv/281","content_text":"SCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more.\n\n##Headlines\n###scp client multiple vulnerabilities\n\n\nOverview\nSCP clients from multiple vendors are susceptible to a malicious scp server performing\nunauthorized changes to target directory and/or client output manipulation.\nDescription\nMany scp clients fail to verify if the objects returned by the scp server match those\nit asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate\nflaw in the client allows the target directory attributes to be changed arbitrarily.\nFinally, two vulnerabilities in clients may allow server to spoof the client output.\nImpact\nMalicious scp server can write arbitrary files to scp target directory, change the\ntarget directory permissions and to spoof the client output.\nDetails\n\n\n\nThe discovered vulnerabilities, described in more detail below, enables the attack\ndescribed here in brief.\n\n\n\n\n\nThe attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim’s home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:\n\n\n\n\nuser@local:~$ scp user@remote:readme.txt .\nreadme.txt 100% 494 1.6KB/s 00:00\nuser@local:~$\n\n\n\n\nOnce the victim launches a new shell, the malicious commands in .bash_aliases get executed.\n\n\n*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.\n\n\n\n\n###FreeBSD 12.0 vs. DragonFlyBSD 5.4 vs. TrueOS 18.12 vs. Linux On A Tyan EPYC Server\n\n\nLast month when running FreeBSD 12.0 benchmarks on a 2P EPYC server I wasn’t able to run any side-by-side benchmarks with the new DragonFlyBSD 5.4 as this BSD was crashing during the boot process on that board. But fortunately on another AMD EPYC server available, the EPYC 1P TYAN Transport SX TN70A-B8026, DragonFlyBSD 5.4.1 runs fine. So for this first round of BSD benchmarking in 2019 are tests of FreeBSD 11.2, FreeBSD 12.0, DragonFlyBSD 5.4.1, the new TrueOS 18.12, and a few Linux distributions (CentOS 7, Ubuntu 18.04.1 LTS, and Clear Linux) on this EPYC 7601 server in a variety of workloads.\n\n\n\nDragonFlyBSD 5.4.1 ran fine on this Tyan server and could boot fine unlike the issue encountered on the Dell PowerEdge R7425 for this particular BSD. But on the Tyan server, DragonFlyBSD 5.2.2 wouldn’t boot so only this latest DragonFlyBSD release series was used as part of the comparison.\n\n\n\n\nA summary of the operating systems tested for this EPYC 7601 OS benchmark comparison included:\n\n\nDragonFlyBSD 5.4.1 - The latest release of Matthew Dillon’s operating system while using the HAMMER2 file-system and GCC 8.1 compiler that is now the default system compiler for this BSD.\n\n\nFreeBSD 11.2 - The previous stable release of FreeBSD. Installed with a ZFS file-system.\n\n\nFreeBSD 12.0 - The latest stable release of FreeBSD and installed with its ZFS option.\n\n\nTrueOS 18.12 - The latest release of the iX systems’ FreeBSD derivative. TrueOS 18.12 is based on FreeBSD 13.0-CURRENT and uses ZFS by default and was using the Clang 7.0.1 compiler compared to Clang 6.0.1 on FreeBSD 12.0.\n\n\nCentOS Linux 7 - The latest EL7 operating system performance.\n\n\nUbuntu 18.04.1 LTS - The latest Ubuntu Long Term Support release.\n\n\nClear Linux 27120 - The latest rolling release as of testing out of Intel’s Open-Source Technology Center. Clear Linux often reflects as close to the gold standard for performance as possible with its insanely tuned software stack for offering optimal performance on x86_64 performance for generally showing best what the hardware is capable of.\n\n\n\n\nThroughout all of this testing, the Tyan 2U server was kept to its same configuration of an AMD EPYC 7601 (32 cores / 64 threads) at stock speeds, 8 x 16GB DDR4-2666 ECC memory, and 280GB Intel Optane 900p SSD benchmarks.\n\n\n\n\n##News Roundup\n###National Inventors Hall of Fame honors creators of Unix\n\n\nDennis Ritchie (Posthumous) and Ken Thompson: UNIX Operating System\nThompson and Ritchie’s creation of the UNIX operating system and the C programming language were pivotal developments in the progress of computer science. Today, 50 years after its beginnings, UNIX and UNIX-like systems continue to run machinery from supercomputers to smartphones. The UNIX operating system remains the basis of much of the world’s computing infrastructure, and C language – written to simplify the development of UNIX – is one of the most widely used languages today.\n\n\n\n\n###Die IPV4, Die\n\n\nImagine, it is 2019. Easy, ha? Imagine, it is 2019 and you want to turn off IPv4. Like, off off. Really off. Not disabling IPv6, but disabling IPv4.\n\n\n\nTwo steps back\n\n\n\nYou might be coming here wondering, why would anybody want to do what we are asking to be done. Well, it is dead simple: We are running data centers (like Data Center Light) with a lot of IPv6 only equipment. There simply is no need for IPv4. So why would we want to have it enabled?\nAlso, here at ungleich, we defined 2019 as the year to move away from IPv4.\n\n\n\nThe challenge\n\n\n\nDo you like puzzles? Competitions? Challenges? Hacking? Well. If ANY of this is of your interest, here is a real challenge for you:\nWe offer a 100 CHF (roughly 100 USD) for anyone who can give us a detailed description of how to turn IPv4 completely off in an operating system and allowing it to communicate with IPv6 only. This should obviously include a tiny proof that your operating system is really unable to use IPv4 at all. Just flushing IPv4 addresses and keeping the IPv4 stack loaded, does not count.\n\n\n\n\n###GhostBSD 18.12 released\n\n\nGhostBSD 18.12 is an updated iso of GhostBSD 18.10 with some little changes to the live DVD/USB and with updated packages.\n\n\n\nWhat has changed since 18.10\nremoved default call of kernel modules for AMD and Intel\nreplaced octopkg by software-station\nadded back gop hacks to the live system\nadded ghostbsd-drivers and ghostbsd-utils\nwe updated the packages to the latest build\n\n\n\n\n###And Now for a laugh : #unixinpictures\n\n\n\n##Beastie Bits\n\n\nWe are now closer to the Y2038 bug than the Y2K bug\nOpenBSD Enterprise use\nAT\u0026amp;T Unix Books\nProcess title and missing memory space\nThe History of a Security Hole\nunbound-adblock: The ultimate network adblocker!\nFreeBSD’s name/value pairs library\nPid Rollover\nBooting OpenBSD kernels in EFI mode with QEMU\nOpenBSD CVS commit: Make mincore lie\nBSDCan 2019 CfP ending January 19 - Submit!\nOpenZFS User Conference - April 18-19\nFreeBSD Journal is a free publication now\n\n\n\n\n##Feedback/Questions\n\n\nChris - Boot environments and SSDs\nJonathan - Bytes issued during a zpool scrub\nBostjan - ZFS Record Size and my mistakes\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eSCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt\"\u003escp client multiple vulnerabilities\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOverview\u003c/li\u003e\n\u003cli\u003eSCP clients from multiple vendors are susceptible to a malicious scp server performing\u003cbr\u003e\nunauthorized changes to target directory and/or client output manipulation.\u003c/li\u003e\n\u003cli\u003eDescription\u003c/li\u003e\n\u003cli\u003eMany scp clients fail to verify if the objects returned by the scp server match those\u003cbr\u003e\nit asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate\u003cbr\u003e\nflaw in the client allows the target directory attributes to be changed arbitrarily.\u003cbr\u003e\nFinally, two vulnerabilities in clients may allow server to spoof the client output.\u003c/li\u003e\n\u003cli\u003eImpact\u003c/li\u003e\n\u003cli\u003eMalicious scp server can write arbitrary files to scp target directory, change the\u003cbr\u003e\ntarget directory permissions and to spoof the client output.\u003c/li\u003e\n\u003cli\u003eDetails\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe discovered vulnerabilities, described in more detail below, enables the attack\u003cbr\u003e\ndescribed here in brief.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim’s home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003euser@local:~$ scp user@remote:readme.txt .\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ereadme.txt 100% 494 1.6KB/s 00:00\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003euser@local:~$\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003col start=\"2\"\u003e\n\u003cli\u003eOnce the victim launches a new shell, the malicious commands in .bash_aliases get executed.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026amp;item=dfly-freebsd-tyanamd\u0026amp;num=1\"\u003eFreeBSD 12.0 vs. DragonFlyBSD 5.4 vs. TrueOS 18.12 vs. Linux On A Tyan EPYC Server\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast month when running FreeBSD 12.0 benchmarks on a 2P EPYC server I wasn’t able to run any side-by-side benchmarks with the new DragonFlyBSD 5.4 as this BSD was crashing during the boot process on that board. But fortunately on another AMD EPYC server available, the EPYC 1P TYAN Transport SX TN70A-B8026, DragonFlyBSD 5.4.1 runs fine. So for this first round of BSD benchmarking in 2019 are tests of FreeBSD 11.2, FreeBSD 12.0, DragonFlyBSD 5.4.1, the new TrueOS 18.12, and a few Linux distributions (CentOS 7, Ubuntu 18.04.1 LTS, and Clear Linux) on this EPYC 7601 server in a variety of workloads.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDragonFlyBSD 5.4.1 ran fine on this Tyan server and could boot fine unlike the issue encountered on the Dell PowerEdge R7425 for this particular BSD. But on the Tyan server, DragonFlyBSD 5.2.2 wouldn’t boot so only this latest DragonFlyBSD release series was used as part of the comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA summary of the operating systems tested for this EPYC 7601 OS benchmark comparison included:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDragonFlyBSD 5.4.1 - The latest release of Matthew Dillon’s operating system while using the HAMMER2 file-system and GCC 8.1 compiler that is now the default system compiler for this BSD.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFreeBSD 11.2 - The previous stable release of FreeBSD. Installed with a ZFS file-system.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFreeBSD 12.0 - The latest stable release of FreeBSD and installed with its ZFS option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTrueOS 18.12 - The latest release of the iX systems’ FreeBSD derivative. TrueOS 18.12 is based on FreeBSD 13.0-CURRENT and uses ZFS by default and was using the Clang 7.0.1 compiler compared to Clang 6.0.1 on FreeBSD 12.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCentOS Linux 7 - The latest EL7 operating system performance.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUbuntu 18.04.1 LTS - The latest Ubuntu Long Term Support release.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClear Linux 27120 - The latest rolling release as of testing out of Intel’s Open-Source Technology Center. Clear Linux often reflects as close to the gold standard for performance as possible with its insanely tuned software stack for offering optimal performance on x86_64 performance for generally showing best what the hardware is capable of.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThroughout all of this testing, the Tyan 2U server was kept to its same configuration of an AMD EPYC 7601 (32 cores / 64 threads) at stock speeds, 8 x 16GB DDR4-2666 ECC memory, and 280GB Intel Optane 900p SSD benchmarks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://www.engadget.com/2019/01/08/national-inventors-hall-of-fame-class-of-2019/\"\u003eNational Inventors Hall of Fame honors creators of Unix\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDennis Ritchie (Posthumous) and Ken Thompson: UNIX Operating System\u003cbr\u003e\nThompson and Ritchie’s creation of the UNIX operating system and the C programming language were pivotal developments in the progress of computer science. Today, 50 years after its beginnings, UNIX and UNIX-like systems continue to run machinery from supercomputers to smartphones. The UNIX operating system remains the basis of much of the world’s computing infrastructure, and C language – written to simplify the development of UNIX – is one of the most widely used languages today.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://ungleich.ch/en-us/cms/blog/2019/01/09/die-ipv4-die/\"\u003eDie IPV4, Die\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eImagine, it is 2019. Easy, ha? Imagine, it is 2019 and you want to turn off IPv4. Like, off off. Really off. Not disabling IPv6, but disabling IPv4.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTwo steps back\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou might be coming here wondering, why would anybody want to do what we are asking to be done. Well, it is dead simple: We are running data centers (like Data Center Light) with a lot of IPv6 only equipment. There simply is no need for IPv4. So why would we want to have it enabled?\u003cbr\u003e\nAlso, here at ungleich, we defined 2019 as the year to move away from IPv4.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe challenge\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDo you like puzzles? Competitions? Challenges? Hacking? Well. If ANY of this is of your interest, here is a real challenge for you:\u003cbr\u003e\nWe offer a 100 CHF (roughly 100 USD) for anyone who can give us a detailed description of how to turn IPv4 completely off in an operating system and allowing it to communicate with IPv6 only. This should obviously include a tiny proof that your operating system is really unable to use IPv4 at all. Just flushing IPv4 addresses and keeping the IPv4 stack loaded, does not count.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://www.ghostbsd.org/18.12_release_announcement\"\u003eGhostBSD 18.12 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGhostBSD 18.12 is an updated iso of GhostBSD 18.10 with some little changes to the live DVD/USB and with updated packages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat has changed since 18.10\u003c/li\u003e\n\u003cli\u003eremoved default call of kernel modules for AMD and Intel\u003c/li\u003e\n\u003cli\u003ereplaced octopkg by software-station\u003c/li\u003e\n\u003cli\u003eadded back gop hacks to the live system\u003c/li\u003e\n\u003cli\u003eadded ghostbsd-drivers and ghostbsd-utils\u003c/li\u003e\n\u003cli\u003ewe updated the packages to the latest build\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://threader.app/thread/1083054050315243521\"\u003eAnd Now for a laugh : #unixinpictures\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.jwz.org/blog/2019/01/we-are-now-closer-to-the-y2038-bug-than-the-y2k-bug/\"\u003eWe are now closer to the Y2038 bug than the Y2K bug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/openbsd/comments/ae6b77/openbsd_enterprise_use/\"\u003eOpenBSD Enterprise use\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://old.reddit.com/r/unix/comments/af0kij/note_the_whole_book_series_in_the_background/\"\u003eAT\u0026amp;T Unix Books\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/54/\"\u003eProcess title and missing memory space\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.os2museum.com/wp/the-history-of-a-security-hole/\"\u003eThe History of a Security Hole\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.geoghegan.ca/unbound-adblock.html\"\u003eunbound-adblock: The ultimate network adblocker!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wheelsystems/nvlist\"\u003eFreeBSD’s name/value pairs library\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/unix/PidRollover\"\u003ePid Rollover\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.cambus.net/booting-openbsd-kernels-in-efi-mode-with-qemu/\"\u003eBooting OpenBSD kernels in EFI mode with QEMU\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026amp;m=154715734504845\u0026amp;w=2\"\u003eOpenBSD CVS commit: Make mincore lie\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdcan.org/2019/papers.php\"\u003eBSDCan 2019 CfP ending January 19 - Submit!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.eventbrite.com/e/zfs-user-conference-2019-tickets-54530403906\"\u003eOpenZFS User Conference - April 18-19\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/journal/\"\u003eFreeBSD Journal is a free publication now\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eChris - \u003ca href=\"http://dpaste.com/101P5HA\"\u003eBoot environments and SSDs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJonathan - \u003ca href=\"http://dpaste.com/0YTPYV4\"\u003eBytes issued during a zpool scrub\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/0Q97J7H#wrap\"\u003eZFS Record Size and my mistakes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"SCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more.","date_published":"2019-01-17T10:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/62f301ee-57b8-4f10-8736-3660f78074a8.mp3","mime_type":"audio/mp3","size_in_bytes":50507863,"duration_in_seconds":5032}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-3132","title":"Episode 280: FOSS Clothing | BSD Now 280","url":"https://www.bsdnow.tv/280","content_text":"A EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.\n\nHeadlines\n\nA EULA in FOSS clothing?\n\nThere was a tremendous amount of reaction to and discussion about my blog entry on the midlife crisis in open source. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a detailed response — which he shortly thereafter elevated into a blog entry.\n\nLet me be clear that I hold Jay in high regard, as both a software engineer and an entrepreneur — and I appreciate the time he took to write a thoughtful response. That said, there are aspects of his response that I found troubling enough to closely re-read the Confluent Community License — and that in turn has led me to a deeply disturbing realization about what is potentially going on here.\n\nTo GitHub: Assuming that this is in fact a EULA, I think it is perilous to allow EULAs to sit in public repositories. It’s one thing to have one click through to accept a license (though again, that itself is dubious), but to say that a git clone is an implicit acceptance of a contract that happens to be sitting somewhere in the repository beggars belief. With efforts like choosealicense.com, GitHub has been a model in guiding projects with respect to licensing; it would be helpful for GitHub’s counsel to weigh in on their view of this new strain of source-available proprietary software and the degree to which it comes into conflict with GitHub’s own terms of service.\n\nTo foundations concerned with software liberties, including the Apache Foundation, the Linux Foundation, the Free Software Foundation, the Electronic Frontier Foundation, the Open Source Initiative, and the Software Freedom Conservancy: the open source community needs your legal review on this! I don’t think I’m being too alarmist when I say that this is potentially a dangerous new precedent being set; it would be very helpful to have your lawyers offer their perspectives on this, even if they disagree with one another. We seem to be in some terrible new era of frankenlicenses, where the worst of proprietary licenses are bolted on to the goodwill created by open source licenses; we need your legal voices before these creatures destroy the village!\n\n\n\nNetBSD and LLVM\n\nNetBSD entering 2019 with more complete LLVM support\n\nI’m recently helping the NetBSD developers to improve the support for this operating system in various LLVM components. As you can read in my previous report, I’ve been focusing on fixing build and test failures for the purpose of improving the buildbot coverage.\nPreviously, I’ve resolved test failures in LLVM, Clang, LLD, libunwind, openmp and partially libc++. During the remainder of the month, I’ve been working on the remaining libc++ test failures, improving the NetBSD clang driver and helping Kamil Rytarowski with compiler-rt.\n\nThe process of upstreaming support to LLVM sanitizers has been finalized\n\nI’ve finished the process of upstreaming patches to LLVM sanitizers (almost 2000LOC of local code) and submitted to upstream new improvements for the NetBSD support. Today out of the box (in unpatched version) we have support for a variety of compiler-rt LLVM features: ASan (finds unauthorized memory access), UBSan (finds unspecified code semantics), TSan (finds threading bugs), MSan (finds uninitialized memory use), SafeStack (double stack hardening), Profile (code coverage), XRay (dynamic code tracing); while other ones such as Scudo (hardened allocator) or DFSan (generic data flow sanitizer) are not far away from completeness.\nThe NetBSD support is no longer visibly lacking behind Linux in sanitizers, although there are still failing tests on NetBSD that are not observed on Linux. On the other hand there are features working on NetBSD that are not functional on Linux, like sanitizing programs during early initialization process of OS (this is caused by /proc dependency on Linux that is mounted by startup programs, while NetBSD relies on sysctl(3) interfaces that is always available).\n\n\n\nNews Roundup\n\nThoughts on FreeBSD 12.0\n\nPlaying with FreeBSD with past week I don’t feel as though there were any big surprises or changes in this release compared to FreeBSD 11. In typical FreeBSD fashion, progress tends to be evolutionary rather than revolutionary, and this release feels like a polished and improved incremental step forward. I like that the installer handles both UFS and ZFS guided partitioning now and in a friendly manner. In the past I had trouble getting FreeBSD’s boot menu to work with boot environments, but that has been fixed for this release.\nI like the security options in the installer too. These are not new, but I think worth mentioning. FreeBSD, unlike most Linux distributions, offers several low-level security options (like hiding other users’ processes and randomizing PIDs) and I like having these presented at install time. It’s harder for people to attack what they cannot see, or predict, and FreeBSD optionally makes these little adjustment for us.\nSomething which stands out about FreeBSD, compared to most Linux distributions I run, is that FreeBSD rarely holds the user’s hand, but also rarely surprises the user. This means there is more reading to do up front and new users may struggle to get used to editing configuration files in a text editor. But FreeBSD rarely does anything unless told to do it. Updates rarely change the system’s behaviour, working technology rarely gets swapped out for something new, the system and its applications never crashed during my trial. Everything was rock solid. The operating system may seem like a minimal, blank slate to new users, but it’s wonderfully dependable and predictable in my experience.\nI probably wouldn’t recommend FreeBSD for desktop use. It’s close relative, GhostBSD, ships with a friendly desktop and does special work to make end user applications run smoothly. But for people who want to run servers, possible for years without change or issues, FreeBSD is a great option. It’s also an attractive choice, in my opinion, for people who like to build their system from the ground up, like you would with Debian’s server install or Arch Linux. Apart from the base tools and documentation, there is nothing on a FreeBSD system apart from what we put on it.\n\n\n\nFreeBSD 12.0 Performance Against Windows \u0026amp; Linux On An Intel Xeon Server\n\nLast week I posted benchmarks of Windows Server 2019 against various Linux distributions using a Tyan dual socket Intel Xeon server. In this article are some complementary results when adding in the performance of FreeBSD 11.2 against the new FreeBSD 12.0 stable release for this leading BSD operating system. As some fun benchmarks to end out 2018, here are the results of FreeBSD 11.2/12.0 (including an additional run when using GCC rather than Clang) up against Windows Server and several enterprise-ready Linux distributions.\nWhile FreeBSD 12.0 had picked up just one win of the Windows/Linux comparisons run, the FreeBSD performance is moving in the right direction. FreeBSD 12.0 was certainly faster than FreeBSD 11.2 on this dual Intel Xeon Scalable server based on a Tyan 1U platform. Meanwhile, to no surprise given the data last week, Clear Linux was by far the fastest out-of-the-box operating system tested.\nI did run some extra benchmarks on FreeBSD 11.2/12.0 with this hardware: in total I ran 120 benchmarks for these BSD tests. Of the 120 tests, there were just 15 cases where FreeBSD 11.2 was faster than 12.0. Seeing FreeBSD 12.0 faster than 11.2 nearly 90% of the time is an accomplishment and usually with other operating systems we see more of a mixed bag on new releases with not such solidly better performance. It was also great seeing the competitive performance out of FreeBSD when using the Clang compiler for the source-based tests compared to the GCC8 performance. Additional data available via this OpenBenchmarking.org result file.\n\n\n\nHow NetBSD came to be shipped by Microsoft\n\nGoogle cache in case the site is down\n\nIn 2000, Joe Britt, Matt Hershenson and Andy Rubin formed Danger Incorporated. Danger developed the world’s first recognizable smartphone, the Danger HipTop. T-Mobile sold the first HipTop under the brand name Sidekick in October of 2002.\nDanger had a well developed kernel that had been designed and built in house. The kernel came to be viewed as not a core intellectual property and Danger started a search for a replacement. For business reasons, mostly to do with legal concerns over the Gnu Public License, Danger rejected Linux and began to consider BSD Unix as a replacement for the kernel.\nIn 2006 I was hired by Mike Chen, the manager of the kernel development group to investigate the feasibility of replacing the Danger kernel with a BSD kernel, to select the version of BSD to use, to develop a prototype and to develop the plan for adapting BSD to Danger’s requirements.\nNetBSD was easily the best choice among the BSD variations at the time because it had well developed cross development tools. It was easy to use a NetBSD desktop running an Intel release to cross compile a NetBSD kernel and runtime for a device running an ARM processor. (Those interested in mailing list archaeology might be amused to investigate NetBSD technical mailing list for mail from picovex, particularly from Bucky Katz at picovex.)\nWe began product development on the specific prototype of the phone that would become the Sidekick LX2009 in 2007 and contracts for the phone were written with T-Mobile. We were about half way through the two year development cycle when Microsoft purchased Danger in 2008.\nMicrosoft would have preferred to ship the Sidekick running Windows/CE rather than NetBSD, but a schedule analysis performed by me, and another by an independent outside contractor, indicated that doing so would result in unacceptable delay.\n\n\n\nBeastie Bits\n\n\n    Unleashed 1.2 Released\n    35th CCC - Taming the Chaos: Can we build systems that actually work? \n    Potholes to avoid when migrating to IPv6\n    XScreenSaver 5.42\n    SSH Examples and Tunnels\n    Help request - mbuf(9) - request for comment\n    NSA to release free Reverse Engineering Tool\n    Running FreeBSD on a Raspberry Pi3 using a custom image created with crochet and poudriere\n\n\n\n\nFeedback/Questions\n\n\n    Dries - Lets talk a bit about VIMAGE jails\n    ohb - Question About ZFS Root Dataset\n    Micah - Active-Active NAS Sync recommendations\n\n\n\n\n\n    Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eA EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/\"\u003eA EULA in FOSS clothing?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eThere was a tremendous amount of reaction to and discussion about \u003ca href=\"http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/\"\u003emy blog entry on the midlife crisis in open source\u003c/a\u003e. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a \u003ca href=\"https://news.ycombinator.com/item?id=18687498#18689179\"\u003edetailed response\u003c/a\u003e — which he shortly thereafter elevated into a \u003ca href=\"https://medium.com/@jaykreps/a-quick-comment-on-bryan-cantrills-blog-on-licensing-8dccee41d9e6\"\u003eblog entry\u003c/a\u003e.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eLet me be clear that I hold Jay in high regard, as both a software engineer and an entrepreneur — and I appreciate the time he took to write a thoughtful response. That said, there are aspects of his response that I found troubling enough to closely re-read the Confluent Community License — and that in turn has led me to a deeply disturbing realization about what is potentially going on here.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eTo GitHub: Assuming that this is in fact a EULA, I think it is perilous to allow EULAs to sit in public repositories. It’s one thing to have one click through to accept a license (though again, that itself is dubious), but to say that a git clone is an implicit acceptance of a contract that happens to be sitting somewhere in the repository beggars belief. With efforts like \u003ca href=\"http://choosealicense.com\"\u003echoosealicense.com\u003c/a\u003e, GitHub has been a model in guiding projects with respect to licensing; it would be helpful for GitHub’s counsel to weigh in on their view of this new strain of source-available proprietary software and the degree to which it comes into conflict with GitHub’s own terms of service.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eTo foundations concerned with software liberties, including the Apache Foundation, the Linux Foundation, the Free Software Foundation, the Electronic Frontier Foundation, the Open Source Initiative, and the Software Freedom Conservancy: the open source community needs your legal review on this! I don’t think I’m being too alarmist when I say that this is potentially a dangerous new precedent being set; it would be very helpful to have your lawyers offer their perspectives on this, even if they disagree with one another. We seem to be in some terrible new era of frankenlicenses, where the worst of proprietary licenses are bolted on to the goodwill created by open source licenses; we need your legal voices before these creatures destroy the village!\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003eNetBSD and LLVM\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_entering_2019_with_more\"\u003eNetBSD entering 2019 with more complete LLVM support\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003eI’m recently helping the NetBSD developers to improve the support for this operating system in various LLVM components. As you can read in my previous report, I’ve been focusing on fixing build and test failures for the purpose of improving the buildbot coverage.\nPreviously, I’ve resolved test failures in LLVM, Clang, LLD, libunwind, openmp and partially libc++. During the remainder of the month, I’ve been working on the remaining libc++ test failures, improving the NetBSD clang driver and helping Kamil Rytarowski with compiler-rt.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_process_of_upstreaming_support\"\u003eThe process of upstreaming support to LLVM sanitizers has been finalized\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003eI’ve finished the process of upstreaming patches to LLVM sanitizers (almost 2000LOC of local code) and submitted to upstream new improvements for the NetBSD support. Today out of the box (in unpatched version) we have support for a variety of compiler-rt LLVM features: ASan (finds unauthorized memory access), UBSan (finds unspecified code semantics), TSan (finds threading bugs), MSan (finds uninitialized memory use), SafeStack (double stack hardening), Profile (code coverage), XRay (dynamic code tracing); while other ones such as Scudo (hardened allocator) or DFSan (generic data flow sanitizer) are not far away from completeness.\nThe NetBSD support is no longer visibly lacking behind Linux in sanitizers, although there are still failing tests on NetBSD that are not observed on Linux. On the other hand there are features working on NetBSD that are not functional on Linux, like sanitizing programs during early initialization process of OS (this is caused by /proc dependency on Linux that is mounted by startup programs, while NetBSD relies on sysctl(3) interfaces that is always available).\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20190107#freebsd\"\u003eThoughts on FreeBSD 12.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003ePlaying with FreeBSD with past week I don’t feel as though there were any big surprises or changes in this release compared to FreeBSD 11. In typical FreeBSD fashion, progress tends to be evolutionary rather than revolutionary, and this release feels like a polished and improved incremental step forward. I like that the installer handles both UFS and ZFS guided partitioning now and in a friendly manner. In the past I had trouble getting FreeBSD’s boot menu to work with boot environments, but that has been fixed for this release.\nI like the security options in the installer too. These are not new, but I think worth mentioning. FreeBSD, unlike most Linux distributions, offers several low-level security options (like hiding other users’ processes and randomizing PIDs) and I like having these presented at install time. It’s harder for people to attack what they cannot see, or predict, and FreeBSD optionally makes these little adjustment for us.\nSomething which stands out about FreeBSD, compared to most Linux distributions I run, is that FreeBSD rarely holds the user’s hand, but also rarely surprises the user. This means there is more reading to do up front and new users may struggle to get used to editing configuration files in a text editor. But FreeBSD rarely does anything unless told to do it. Updates rarely change the system’s behaviour, working technology rarely gets swapped out for something new, the system and its applications never crashed during my trial. Everything was rock solid. The operating system may seem like a minimal, blank slate to new users, but it’s wonderfully dependable and predictable in my experience.\nI probably wouldn’t recommend FreeBSD for desktop use. It’s close relative, GhostBSD, ships with a friendly desktop and does special work to make end user applications run smoothly. But for people who want to run servers, possible for years without change or issues, FreeBSD is a great option. It’s also an attractive choice, in my opinion, for people who like to build their system from the ground up, like you would with Debian’s server install or Arch Linux. Apart from the base tools and documentation, there is nothing on a FreeBSD system apart from what we put on it.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026amp;item=freebsd-12-windows\u0026amp;num=1\"\u003eFreeBSD 12.0 Performance Against Windows \u0026amp; Linux On An Intel Xeon Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eLast week I posted benchmarks of Windows Server 2019 against various Linux distributions using a Tyan dual socket Intel Xeon server. In this article are some complementary results when adding in the performance of FreeBSD 11.2 against the new FreeBSD 12.0 stable release for this leading BSD operating system. As some fun benchmarks to end out 2018, here are the results of FreeBSD 11.2/12.0 (including an additional run when using GCC rather than Clang) up against Windows Server and several enterprise-ready Linux distributions.\nWhile FreeBSD 12.0 had picked up just one win of the Windows/Linux comparisons run, the FreeBSD performance is moving in the right direction. FreeBSD 12.0 was certainly faster than FreeBSD 11.2 on this dual Intel Xeon Scalable server based on a Tyan 1U platform. Meanwhile, to no surprise given the data last week, Clear Linux was by far the fastest out-of-the-box operating system tested.\nI did run some extra benchmarks on FreeBSD 11.2/12.0 with this hardware: in total I ran 120 benchmarks for these BSD tests. Of the 120 tests, there were just 15 cases where FreeBSD 11.2 was faster than 12.0. Seeing FreeBSD 12.0 faster than 11.2 nearly 90% of the time is an accomplishment and usually with other operating systems we see more of a mixed bag on new releases with not such solidly better performance. It was also great seeing the competitive performance out of FreeBSD when using the Clang compiler for the source-based tests compared to the GCC8 performance. Additional data available via this \u003ca href=\"http://OpenBenchmarking.org\"\u003eOpenBenchmarking.org\u003c/a\u003e result file.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://fogey.com/contemplating/?p=1023\"\u003eHow NetBSD came to be shipped by Microsoft\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://webcache.googleusercontent.com/search?q=cache:5XwAm5tvJ4AJ:fogey.com/contemplating/%3Fp%3D1023+\u0026amp;cd=1\u0026amp;hl=en\u0026amp;ct=clnk\u0026amp;gl=us\"\u003eGoogle cache in case the site is down\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003eIn 2000, Joe Britt, Matt Hershenson and Andy Rubin formed Danger Incorporated. Danger developed the world’s first recognizable smartphone, the Danger HipTop. T-Mobile sold the first HipTop under the brand name Sidekick in October of 2002.\nDanger had a well developed kernel that had been designed and built in house. The kernel came to be viewed as not a core intellectual property and Danger started a search for a replacement. For business reasons, mostly to do with legal concerns over the Gnu Public License, Danger rejected Linux and began to consider BSD Unix as a replacement for the kernel.\nIn 2006 I was hired by Mike Chen, the manager of the kernel development group to investigate the feasibility of replacing the Danger kernel with a BSD kernel, to select the version of BSD to use, to develop a prototype and to develop the plan for adapting BSD to Danger’s requirements.\nNetBSD was easily the best choice among the BSD variations at the time because it had well developed cross development tools. It was easy to use a NetBSD desktop running an Intel release to cross compile a NetBSD kernel and runtime for a device running an ARM processor. (Those interested in mailing list archaeology might be amused to investigate NetBSD technical mailing list for mail from picovex, particularly from Bucky Katz at picovex.)\nWe began product development on the specific prototype of the phone that would become the Sidekick LX2009 in 2007 and contracts for the phone were written with T-Mobile. We were about half way through the two year development cycle when Microsoft purchased Danger in 2008.\nMicrosoft would have preferred to ship the Sidekick running Windows/CE rather than NetBSD, but a schedule analysis performed by me, and another by an independent outside contractor, indicated that doing so would result in unacceptable delay.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n    \u003cli\u003e\u003ca href=\"http://lists.31bits.net/archives/devel/2018-December/000033.html\"\u003eUnleashed 1.2 Released\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://media.ccc.de/v/35c3-9647-taming_the_chaos_can_we_build_systems_that_actually_work\"\u003e35th CCC - Taming the Chaos: Can we build systems that actually work? \u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://rachelbythebay.com/w/2018/12/30/v6/\"\u003ePotholes to avoid when migrating to IPv6\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://www.jwz.org/blog/2018/12/xscreensaver-5-41/\"\u003eXScreenSaver 5.42\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://hackertarget.com/ssh-examples-tunnels/\"\u003eSSH Examples and Tunnels\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://old.reddit.com/r/freebsd/comments/abevqa/mbuf9_request_for_comment/\"\u003eHelp request - mbuf(9) - request for comment\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/\"\u003eNSA to release free Reverse Engineering Tool\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html\"\u003eRunning FreeBSD on a Raspberry Pi3 using a custom image created with crochet and poudriere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n    \u003cli\u003eDries - \u003ca href=\"http://dpaste.com/2DCEJD6#wrap\"\u003eLets talk a bit about VIMAGE jails\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003eohb - \u003ca href=\"http://dpaste.com/1EGDSKQ#wrap\"\u003eQuestion About ZFS Root Dataset\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003eMicah - \u003ca href=\"http://dpaste.com/3TK2JWF#wrap\"\u003eActive-Active NAS Sync recommendations\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n    \u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"A EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.","date_published":"2019-01-10T03:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bad2a854-7f51-4ff6-84a9-7c324c5cf277.mp3","mime_type":"audio/mp3","size_in_bytes":31619268,"duration_in_seconds":3143}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-3093","title":"Episode 279: Future of ZFS | BSD Now 279","url":"https://www.bsdnow.tv/279","content_text":"The future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.\n\nHeadlines\n\nThe future of ZFS in FreeBSD\n\nThe sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: https://www.delphix.com/blog/kickoff-future-eko-2018 This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL https://github.com/zfsonfreebsd/ZoF so that we might all have a single shared code base.\nA port for ZoF can be found at https://github.com/miwi-fbsd/zof-port Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at https://reviews.freebsd.org/D18520\nThis port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements.\n\n\n\nFreeBSD Quarterly Status Update\n\nWith FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution.\nThe things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little.\nPlease have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017.\n—Daniel Ebdrup\n\n\n\nNews Roundup\n\nOne year of flying with the Raven: Ready for the Desktop?\n\nIt has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes.\n\n\n    Ravenports\n\n\nRavenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!).\n\nFor the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions.\n\nAnd for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement.\n\n\n\nModern KDE on FreeBSD\n\nNew stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper.\nWhat this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope).\n\n\n\nThe many ways to launch FreeBSD in EC2\n\nTalking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful):\n\n\n    Launch FreeBSD and SSH in\n    Launch FreeBSD and provide user-data\n    Use the AMI Builder to create a customized FreeBSD AMI\n    Build a FreeBSD AMI from a modified FreeBSD source tree\n    Build your own disk image\n\n\nI hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects.\n\n\n\nUsing the GOG.com installers for Linux, on NetBSD\n\nGOG.com prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer.\nGOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for.\n\n\n    The installers truly are platform-specific:\n    macOS games are distributed in a standard .pkg\n    Windows games are distributed in a setup wizard .exe\n    Linux games are distributed in a goofy shell archive\n\n\nOf course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by GOG.com on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer.\n\nHere’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice.\n\nNow, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point.\n\n\n\nBeastie Bits\n\n\n    Software as a Reflection of Values With Bryan Cantrill\n    Collection of bmc talks, updated 2018\n    wump: incorrect wumpus movement probability\n    Debugging Rust with VSCode on FreeBSD\n    SMB/CIFS on FreeBSD\n    BSD Tattoo\n    pkgsrc-2018Q4 branch announcement\n    toying with wireguard on openbsd\n    new USB audio class v2.0 driver\n    Todd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018\n    OpenBSD 6.5 release page is online\n    shell access to historical Unix versions in your browser\n\n\n\n\nFeedback/Questions\n\n\n    Brad - ZFS Features and Upgrades\n    Andre - Splitting ZFS array\n    Michael - Priority/nice value for Jails?\n\n\n\n\n\n    Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003e\u003cspan style=\"font-weight: 400;\"\u003eThe future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.\u003c/span\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html\"\u003eThe future of ZFS in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eThe sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: \u003ca href=\"https://www.delphix.com/blog/kickoff-future-eko-2018\"\u003ehttps://www.delphix.com/blog/kickoff-future-eko-2018\u003c/a\u003e This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL \u003ca href=\"https://github.com/zfsonfreebsd/ZoF\"\u003ehttps://github.com/zfsonfreebsd/ZoF\u003c/a\u003e so that we might all have a single shared code base.\nA port for ZoF can be found at \u003ca href=\"https://github.com/miwi-fbsd/zof-port\"\u003ehttps://github.com/miwi-fbsd/zof-port\u003c/a\u003e Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at \u003ca href=\"https://reviews.freebsd.org/D18520\"\u003ehttps://reviews.freebsd.org/D18520\u003c/a\u003e\nThis port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2018-01-2018-09.html\"\u003eFreeBSD Quarterly Status Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eWith FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution.\nThe things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little.\nPlease have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017.\n—Daniel Ebdrup\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2018/11/30/one-year-of-flying-with-the-raven-ready-for-the-desktop/\"\u003eOne year of flying with the Raven: Ready for the Desktop?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eIt has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eRavenports\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eRavenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!).\u003c/blockquote\u003e\n\n\u003cblockquote\u003eFor the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eAnd for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=2040\"\u003eModern KDE on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eNew stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper.\nWhat this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope).\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2018-12-26-the-many-ways-to-launch-FreeBSD-in-EC2.html\"\u003eThe many ways to launch FreeBSD in EC2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eTalking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful):\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eLaunch FreeBSD and SSH in\u003c/li\u003e\n    \u003cli\u003eLaunch FreeBSD and provide user-data\u003c/li\u003e\n    \u003cli\u003eUse the AMI Builder to create a customized FreeBSD AMI\u003c/li\u003e\n    \u003cli\u003eBuild a FreeBSD AMI from a modified FreeBSD source tree\u003c/li\u003e\n    \u003cli\u003eBuild your own disk image\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eI hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dressupgeekout.blogspot.com/2018/12/using-gogcom-installers-for-linux-on.html\"\u003eUsing the GOG.com installers for Linux, on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\u003ca href=\"http://GOG.com\"\u003eGOG.com\u003c/a\u003e prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer.\nGOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eThe installers truly are platform-specific:\u003c/li\u003e\n    \u003cli\u003emacOS games are distributed in a standard .pkg\u003c/li\u003e\n    \u003cli\u003eWindows games are distributed in a setup wizard .exe\u003c/li\u003e\n    \u003cli\u003eLinux games are distributed in a goofy shell archive\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eOf course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by \u003ca href=\"http://GOG.com\"\u003eGOG.com\u003c/a\u003e on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eHere’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eNow, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n    \u003cli\u003e\u003ca href=\"https://corecursive.com/024-software-as-a-reflection-of-values-with-bryan-cantrill/\"\u003eSoftware as a Reflection of Values With Bryan Cantrill\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"http://dtrace.org/blogs/bmc/2018/02/03/talks/\"\u003eCollection of bmc talks, updated 2018\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-bugs\u0026amp;m=154529364730319\u0026amp;w=2\"\u003ewump: incorrect wumpus movement probability\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://venshare.com/debugging-rust-with-vscode-on-freebsd/\"\u003eDebugging Rust with VSCode on FreeBSD\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/12/27/smb-cifs-on-freebsd/\"\u003eSMB/CIFS on FreeBSD\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://old.reddit.com/r/freebsd/comments/aaihdk/bsd_tattoo/\"\u003eBSD Tattoo\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/pkgsrc-users/2018/12/30/msg027871.html\"\u003epkgsrc-2018Q4 branch announcement\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://https.www.google.com.tedunangst.com/flak/post/toying-with-wireguard-on-openbsd\"\u003etoying with wireguard on openbsd\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026amp;m=154627230907954\u0026amp;w=2\"\u003enew USB audio class v2.0 driver\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=ZvSSHtRv5Mg\"\u003eTodd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://www.openbsd.org/65.html\"\u003eOpenBSD 6.5 release page is online\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://twitter.com/jschauma/status/1071069217968013313?s=03\"\u003eshell access to historical Unix versions in your browser\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n    \u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/2CVAF1E#wrap\"\u003eZFS Features and Upgrades\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003eAndre - \u003ca href=\"http://dpaste.com/1XXFPHN#wrap\"\u003eSplitting ZFS array\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/2S8GFD0#wrap\"\u003ePriority/nice value for Jails?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n    \u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"\u003cspan style=\"font-weight: 400;\"\u003eThe future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.\u003c/span\u003e","date_published":"2019-01-03T11:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c90e3b38-be68-44fd-97cf-211579e33682.mp3","mime_type":"audio/mp3","size_in_bytes":56197307,"duration_in_seconds":5601}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-3070","title":"Episode 278: The Real McCoy | BSD Now 278","url":"https://www.bsdnow.tv/278","content_text":"We sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.\n\n##Interview - Kirk McKusick - mckusick@mckusick.com\n25 years of FreeBSD\n\n\nHow Kirk got started in BSD, at the very beginning\nPredicting the Future\nHow the code and community grew\nThe leadership of the project, and how it changed over time\nUFS over the years (reading disks from 1982 in 2018)\nConferences\nThe rise and fall of Linux\nThe resurgence of FreeBSD\n\n\n\n\nWe want to extend a big thank you to the entire BSD community for making this show possible, and to all of our viewers for watching and providing the feedback that makes this show successful. We wish you all a happy and prosperous new year, and we’ll see you next week.\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWe sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e##Interview - Kirk McKusick - \u003ca href=\"mailto:mckusick@mckusick.com\"\u003emckusick@mckusick.com\u003c/a\u003e\u003cbr\u003e\n25 years of FreeBSD\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow Kirk got started in BSD, at the very beginning\u003c/li\u003e\n\u003cli\u003ePredicting the Future\u003c/li\u003e\n\u003cli\u003eHow the code and community grew\u003c/li\u003e\n\u003cli\u003eThe leadership of the project, and how it changed over time\u003c/li\u003e\n\u003cli\u003eUFS over the years (reading disks from 1982 in 2018)\u003c/li\u003e\n\u003cli\u003eConferences\u003c/li\u003e\n\u003cli\u003eThe rise and fall of Linux\u003c/li\u003e\n\u003cli\u003eThe resurgence of FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003eWe want to extend a big thank you to the entire BSD community for making this show possible, and to all of our viewers for watching and providing the feedback that makes this show successful. We wish you all a happy and prosperous new year, and we’ll see you next week.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"We sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.","date_published":"2018-12-27T04:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/20a1a3d9-9553-4eb3-a462-eb6f41b4fa5c.mp3","mime_type":"audio/mp3","size_in_bytes":29982521,"duration_in_seconds":2979}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-3058","title":"Episode 277: Nmap Level Up | BSD Now 277","url":"https://www.bsdnow.tv/277","content_text":"The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more.\n\n##Headlines\n###Open Source Confronts its midlife crisis\n\n\nMidlife is tough: the idealism of youth has faded, as has inevitably some of its fitness and vigor. At the same time, the responsibilities of adulthood have grown. Making things more challenging, while you are navigating the turbulence of teenagers, your own parents are likely entering life’s twilight, needing help in new ways from their adult children. By midlife, in addition to the singular joys of life, you have also likely experienced its terrible sorrows: death, heartbreak, betrayal. Taken together, the fading of youth, the growth in responsibility and the endurance of misfortune can lead to cynicism or (worse) drastic and poorly thought-out choices. Add in a little fear of mortality and some existential dread, and you have the stuff of which midlife crises are made…\nI raise this not because of my own adventures at midlife, but because it is clear to me that open source — now several decades old and fully adult — is going through its own midlife crisis. This has long been in the making: for years, I (and others) have been critical of service providers’ parasitic relationship with open source, as cloud service providers turn open source software into a service offering without giving back to the communities upon which they implicitly depend. At the same time, open source has been (rightfully) entirely unsympathetic to the proprietary software models that have been burned to the ground — but also seemingly oblivious as to the larger economic waves that have buoyed them.\nSo it seemed like only a matter of time before the companies built around open source software would have to confront their own crisis of confidence: open source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it — and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source — the community, the positivity, the energy, the adoption, the downloads — but they also want to enjoy the fruits of proprietary software companies in software lock-in and its monopolistic rents. If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others (including CockroachDB’s Community License, MongoDB’s Server Side Public License, and Confluent’s Community License) are little better. And in particular, as it apparently needs to be said: no, “community” is not the opposite of “open source” — please stop sullying its good name by attaching it to licenses that are deliberately not open source! But even if they were more aptly named (e.g. “the restricted clause” or “the controlled use license” or — perhaps most honest of all — “the please-don’t-put-me-out-of-business-during-the-next-reInvent-keynote clause”), these licenses suffer from a serious problem: they are almost certainly asserting rights that the copyright holder doesn’t in fact have.\nIf I sell you a book that I wrote, I can restrict your right to read it aloud for an audience, or sell a translation, or write a sequel; these restrictions are rights afforded the copyright holder. I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine. (Lest you think that last example absurd, that’s almost verbatim the language in the new Confluent Community (sic) License.) I personally think that none of these licenses would withstand a court challenge, but I also don’t think it will come to that: because the vendors behind these licenses will surely fear that they wouldn’t survive litigation, they will deliberately avoid inviting such challenges. In some ways, this netherworld is even worse, as the license becomes a vessel for unverifiable fear of arbitrary liability.\nlet me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort.\nWorse than all of this (and the reason why this madness needs to stop): licenses that are vague with respect to permitted use are corporate toxin. Any company that has been through an acquisition can speak of the peril of the due diligence license audit: the acquiring entity is almost always deep pocketed and (not unrelatedly) risk averse; the last thing that any company wants is for a deal to go sideways because of concern over unbounded liability to some third-party knuckle-head. So companies that engage in license tomfoolery are doing worse than merely not solving their own problem: they are potentially poisoning the wellspring of their own community.\nin the end, open source will survive its midlife questioning just as people in midlife get through theirs: by returning to its core values and by finding rejuvenation in its communities. Indeed, we can all find solace in the fact that while life is finite, our values and our communities survive us — and that our engagement with them is our most important legacy.\n\n\n\nSee the article for the rest\n\n\n\n\n###Donald Knuth - The Yoda of Silicon Valley\n\n\nFor half a century, the Stanford computer scientist Donald Knuth, who bears a slight resemblance to Yoda — albeit standing 6-foot-4 and wearing glasses — has reigned as the spirit-guide of the algorithmic realm.\nHe is the author of “The Art of Computer Programming,” a continuing four-volume opus that is his life’s work. The first volume debuted in 1968, and the collected volumes (sold as a boxed set for about $250) were included by American Scientist in 2013 on its list of books that shaped the last century of science — alongside a special edition of “The Autobiography of Charles Darwin,” Tom Wolfe’s “The Right Stuff,” Rachel Carson’s “Silent Spring” and monographs by Albert Einstein, John von Neumann and Richard Feynman.\nWith more than one million copies in print, “The Art of Computer Programming” is the Bible of its field. “Like an actual bible, it is long and comprehensive; no other book is as comprehensive,” said Peter Norvig, a director of research at Google. After 652 pages, volume one closes with a blurb on the back cover from Bill Gates: “You should definitely send me a résumé if you can read the whole thing.”\nThe volume opens with an excerpt from “McCall’s Cookbook”:\n\n\nHere is your book, the one your thousands of letters have asked us to publish. It has taken us years to do, checking and rechecking countless recipes to bring you only the best, only the interesting, only the perfect.\n\n\nInside are algorithms, the recipes that feed the digital age — although, as Dr. Knuth likes to point out, algorithms can also be found on Babylonian tablets from 3,800 years ago. He is an esteemed algorithmist; his name is attached to some of the field’s most important specimens, such as the Knuth-Morris-Pratt string-searching algorithm. Devised in 1970, it finds all occurrences of a given word or pattern of letters in a text — for instance, when you hit Command+F to search for a keyword in a document.\nNow 80, Dr. Knuth usually dresses like the youthful geek he was when he embarked on this odyssey: long-sleeved T-shirt under a short-sleeved T-shirt, with jeans, at least at this time of year. In those early days, he worked close to the machine, writing “in the raw,” tinkering with the zeros and ones.\n\n\n\nSee the article for the rest\n\n\n\n\n##News Roundup\n###Let’s Encrypt: Certbot For OpenBSD’s httpd\n\n\nIntro\n\n\n\nLet’s Encrypt is “a free, automated, and open Certificate Authority”.\nCertbot is “an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server”, well known as “the official Let’s Encrypt client”.\nI remember well how excited I felt when I read Let’s Encrypt’s “Our First Certificate Is Now Live” in 2015.\nHow wonderful the goal of them is; it’s to “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free” “to create a more secure and privacy-respecting Web”!\nSince this year, they have begun to support even ACME v2 and Wildcard Certificate!\nWell, in OpenBSD as well as other operating systems, it’s easy and comfortable to have their big help 😊\n\n\n\nEnvironment\nOS: OpenBSD 6.4 amd64\nWeb Server: OpenBSD’s httpd\nCertification: Let’s Encrypt with Certbot 0.27\nReference: OpenBSD’s httpd\n\n\n\n\n###FreeBSD 12 released: Here is how to upgrade FreeBSD 11 to 12\n\n\nThe FreeBSD project announces the availability of FreeBSD 12.0-RELEASE. It is the first release of the stable/12 branch. The new version comes with updated software and features for a wild variety of architectures. The latest release provides performance improvements and better support for FreeBSD jails and more. One can benefit greatly using an upgraded version of FreeBSD.\n\n\n\nFreeBSD 12.0 supports amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. One can run it on a standalone server or desktop system. Another option is to run it on Raspberry PI computer. FreeBSD 12 also runs on popular cloud service providers such as AWS EC2/Lightsail or Google compute VM.\n\n\n\n\nNew features and highlights:\n\n\nOpenSSL version 1.1.1a (LTS)\n\n\nOpenSSH server 7.8p1\n\n\nUnbound server 1.8.1\n\n\nClang and co 6.0.1\n\n\nThe FreeBSD installer supports EFI+GELI as an installation option\n\n\nVIMAGE FreeBSD kernel configuration option has been enabled by default. VIMAGE was the main reason I custom compiled FreeBSD for the last few years. No more custom compile for me.\n\n\nGraphics drivers for modern ATI/AMD and Intel graphics cards are now available in the FreeBSD ports collection\n\n\nZFS has been updated to include new sysctl(s), vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool scrub subcommand\n\n\nThe pf packet filter is now usable within a jail using vnet\n\n\nKDE updated to version 5.12.5\n\n\nThe NFS version 4.1 includes pNFS server support\n\n\nPerl 5.26.2\n\n\nThe default PAGER now defaults to less for most commands\n\n\nThe dd utility has been updated to add the status=progress option to match GNU/Linux dd command to show progress bar while running dd\n\n\nFreeBSD now supports ext4 for read/write operation\n\n\nPython 2.7\n\n\nmuch more\n\n\n\n\n\n###Six Ways to Level Up Your nmap Game\n\n\nnmap is a network exploration tool and security / port scanner.\nIf you’ve heard of it, and you’re like me, you’ve most likely used it like this:\nie, you’ve pointed it at an IP address and observed the output which tells you the open ports on a host.\nI used nmap like this for years, but only recently grokked the manual to see what else it could do. Here’s a quick look and some of the more useful things I found out.\n\n\n\n\n\nScan a Network\n\n\n\n\nScan All Ports\n\n\n\n\nGet service versions\n\n\n\n\nUse -A for more data\n\n\n\n\nFind out what nmap is up to\n\n\n\n\nScript your own scans with NSE\n\n\n\n\n\n\n###[NetBSD Desktop]\n\n\nPart 1: Manual NetBSD installation on GPT/UEFI\nNetBSD desktop pt.2: Set up wireless networking on NetBSD with wpa_supplicant and dhcpcd\nPart 3: Simple stateful firewall with NPF\nPart 4: 4: The X Display Manager (XDM)\nPart 5: automounting with Berkeley am-utils\n\n\n\n\n##Beastie Bits\n\n\nCall For Testing: ZFS on FreeBSD Project\nDragonFlyBSD 5.4.1 release within a week\nYou Can’t Opt Out of the Patent System. That’s Why Patent Pandas Was Created!\nAnnouncing Yggdrasil Network v0.3\nOpenBSD Network Engineer Job listing\nFreeBSD 12.0 Stable Version Released!\nLibreSSL 2.9.0 released\nLive stream test: Sgi Octane light bar repair / soldering!\nConfigure a FreeBSD Email Server Using Postfix, Dovecot, MySQL, DAVICAL and SpamAssassin\nBerkeley smorgasbord\nFOSDEM BSD Devroom schedule\n\n\n\n\n##Feedback/Questions\n\n\nWarren - Ep.273: OpenZFS on OS X\ncogoman - tarsnap security and using SSDs in raid\nAndrew - Portland BSD Pizza Night\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThe Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD\u0026#39;s httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/\"\u003eOpen Source Confronts its midlife crisis\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMidlife is tough: the idealism of youth has faded, as has inevitably some of its fitness and vigor. At the same time, the responsibilities of adulthood have grown. Making things more challenging, while you are navigating the turbulence of teenagers, your own parents are likely entering life’s twilight, needing help in new ways from their adult children. By midlife, in addition to the singular joys of life, you have also likely experienced its terrible sorrows: death, heartbreak, betrayal. Taken together, the fading of youth, the growth in responsibility and the endurance of misfortune can lead to cynicism or (worse) drastic and poorly thought-out choices. Add in a little fear of mortality and some existential dread, and you have the stuff of which midlife crises are made…\u003cbr\u003e\nI raise this not because of my own adventures at midlife, but because it is clear to me that open source — now several decades old and fully adult — is going through its own midlife crisis. This has long been in the making: for years, I (and others) have been critical of service providers’ parasitic relationship with open source, as cloud service providers turn open source software into a service offering without giving back to the communities upon which they implicitly depend. At the same time, open source has been (rightfully) entirely unsympathetic to the proprietary software models that have been burned to the ground — but also seemingly oblivious as to the larger economic waves that have buoyed them.\u003cbr\u003e\nSo it seemed like only a matter of time before the companies built around open source software would have to confront their own crisis of confidence: open source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it — and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source — the community, the positivity, the energy, the adoption, the downloads — but they also want to enjoy the fruits of proprietary software companies in software lock-in and its monopolistic rents. If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others (including CockroachDB’s Community License, MongoDB’s Server Side Public License, and Confluent’s Community License) are little better. And in particular, as it apparently needs to be said: no, “community” is not the opposite of “open source” — please stop sullying its good name by attaching it to licenses that are deliberately not open source! But even if they were more aptly named (e.g. “the restricted clause” or “the controlled use license” or — perhaps most honest of all — “the please-don’t-put-me-out-of-business-during-the-next-reInvent-keynote clause”), these licenses suffer from a serious problem: they are almost certainly asserting rights that the copyright holder doesn’t in fact have.\u003cbr\u003e\nIf I sell you a book that I wrote, I can restrict your right to read it aloud for an audience, or sell a translation, or write a sequel; these restrictions are rights afforded the copyright holder. I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine. (Lest you think that last example absurd, that’s almost verbatim the language in the new Confluent Community (sic) License.) I personally think that none of these licenses would withstand a court challenge, but I also don’t think it will come to that: because the vendors behind these licenses will surely fear that they wouldn’t survive litigation, they will deliberately avoid inviting such challenges. In some ways, this netherworld is even worse, as the license becomes a vessel for unverifiable fear of arbitrary liability.\u003cbr\u003e\nlet me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort.\u003cbr\u003e\nWorse than all of this (and the reason why this madness needs to stop): licenses that are vague with respect to permitted use are corporate toxin. Any company that has been through an acquisition can speak of the peril of the due diligence license audit: the acquiring entity is almost always deep pocketed and (not unrelatedly) risk averse; the last thing that any company wants is for a deal to go sideways because of concern over unbounded liability to some third-party knuckle-head. So companies that engage in license tomfoolery are doing worse than merely not solving their own problem: they are potentially poisoning the wellspring of their own community.\u003cbr\u003e\nin the end, open source will survive its midlife questioning just as people in midlife get through theirs: by returning to its core values and by finding rejuvenation in its communities. Indeed, we can all find solace in the fact that while life is finite, our values and our communities survive us — and that our engagement with them is our most important legacy.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.nytimes.com/2018/12/17/science/donald-knuth-computers-algorithms-programming.html\"\u003eDonald Knuth - The Yoda of Silicon Valley\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor half a century, the Stanford computer scientist Donald Knuth, who bears a slight resemblance to Yoda — albeit standing 6-foot-4 and wearing glasses — has reigned as the spirit-guide of the algorithmic realm.\u003cbr\u003e\nHe is the author of “The Art of Computer Programming,” a continuing four-volume opus that is his life’s work. The first volume debuted in 1968, and the collected volumes (sold as a boxed set for about $250) were included by American Scientist in 2013 on its list of books that shaped the last century of science — alongside a special edition of “The Autobiography of Charles Darwin,” Tom Wolfe’s “The Right Stuff,” Rachel Carson’s “Silent Spring” and monographs by Albert Einstein, John von Neumann and Richard Feynman.\u003cbr\u003e\nWith more than one million copies in print, “The Art of Computer Programming” is the Bible of its field. “Like an actual bible, it is long and comprehensive; no other book is as comprehensive,” said Peter Norvig, a director of research at Google. After 652 pages, volume one closes with a blurb on the back cover from Bill Gates: “You should definitely send me a résumé if you can read the whole thing.”\u003cbr\u003e\nThe volume opens with an excerpt from “McCall’s Cookbook”:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eHere is your book, the one your thousands of letters have asked us to publish. It has taken us years to do, checking and rechecking countless recipes to bring you only the best, only the interesting, only the perfect.\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eInside are algorithms, the recipes that feed the digital age — although, as Dr. Knuth likes to point out, algorithms can also be found on Babylonian tablets from 3,800 years ago. He is an esteemed algorithmist; his name is attached to some of the field’s most important specimens, such as the Knuth-Morris-Pratt string-searching algorithm. Devised in 1970, it finds all occurrences of a given word or pattern of letters in a text — for instance, when you hit Command+F to search for a keyword in a document.\u003cbr\u003e\nNow 80, Dr. Knuth usually dresses like the youthful geek he was when he embarked on this odyssey: long-sleeved T-shirt under a short-sleeved T-shirt, with jeans, at least at this time of year. In those early days, he worked close to the machine, writing “in the raw,” tinkering with the zeros and ones.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://dev.to/nabbisen/lets-encrypt-certbot-for-openbsds-httpd-3ofd\"\u003eLet’s Encrypt: Certbot For OpenBSD’s httpd\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntro\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet’s Encrypt is “a free, automated, and open Certificate Authority”.\u003cbr\u003e\nCertbot is “an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server”, well known as “the official Let’s Encrypt client”.\u003cbr\u003e\nI remember well how excited I felt when I read Let’s Encrypt’s “Our First Certificate Is Now Live” in 2015.\u003cbr\u003e\nHow wonderful the goal of them is; it’s to “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free” “to create a more secure and privacy-respecting Web”!\u003cbr\u003e\nSince this year, they have begun to support even ACME v2 and Wildcard Certificate!\u003cbr\u003e\nWell, in OpenBSD as well as other operating systems, it’s easy and comfortable to have their big help \u0026#x1f60a;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEnvironment\u003c/li\u003e\n\u003cli\u003eOS: OpenBSD 6.4 amd64\u003c/li\u003e\n\u003cli\u003eWeb Server: OpenBSD’s httpd\u003c/li\u003e\n\u003cli\u003eCertification: Let’s Encrypt with Certbot 0.27\u003c/li\u003e\n\u003cli\u003eReference: OpenBSD’s httpd\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.cyberciti.biz/open-source/freebsd-12-released-here-is-how-to-upgrade-freebsd/\"\u003eFreeBSD 12 released: Here is how to upgrade FreeBSD 11 to 12\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD project announces the availability of FreeBSD 12.0-RELEASE. It is the first release of the stable/12 branch. The new version comes with updated software and features for a wild variety of architectures. The latest release provides performance improvements and better support for FreeBSD jails and more. One can benefit greatly using an upgraded version of FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD 12.0 supports amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. One can run it on a standalone server or desktop system. Another option is to run it on Raspberry PI computer. FreeBSD 12 also runs on popular cloud service providers such as AWS EC2/Lightsail or Google compute VM.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew features and highlights:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOpenSSL version 1.1.1a (LTS)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOpenSSH server 7.8p1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUnbound server 1.8.1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClang and co 6.0.1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe FreeBSD installer supports EFI+GELI as an installation option\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVIMAGE FreeBSD kernel configuration option has been enabled by default. VIMAGE was the main reason I custom compiled FreeBSD for the last few years. No more custom compile for me.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGraphics drivers for modern ATI/AMD and Intel graphics cards are now available in the FreeBSD ports collection\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eZFS has been updated to include new sysctl(s), vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool scrub subcommand\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe pf packet filter is now usable within a jail using vnet\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eKDE updated to version 5.12.5\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe NFS version 4.1 includes pNFS server support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerl 5.26.2\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default PAGER now defaults to less for most commands\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe dd utility has been updated to add the status=progress option to match GNU/Linux dd command to show progress bar while running dd\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFreeBSD now supports ext4 for read/write operation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePython 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emuch more\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://zwischenzugs.com/2018/11/25/six-ways-to-level-up-your-nmap-game/\"\u003eSix Ways to Level Up Your nmap Game\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003enmap is a network exploration tool and security / port scanner.\u003cbr\u003e\nIf you’ve heard of it, and you’re like me, you’ve most likely used it like this:\u003cbr\u003e\nie, you’ve pointed it at an IP address and observed the output which tells you the open ports on a host.\u003cbr\u003e\nI used nmap like this for years, but only recently grokked the manual to see what else it could do. Here’s a quick look and some of the more useful things I found out.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003col\u003e\n\u003cli\u003eScan a Network\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"2\"\u003e\n\u003cli\u003eScan All Ports\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"3\"\u003e\n\u003cli\u003eGet service versions\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"4\"\u003e\n\u003cli\u003eUse -A for more data\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"5\"\u003e\n\u003cli\u003eFind out what nmap is up to\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"6\"\u003e\n\u003cli\u003eScript your own scans with NSE\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###[NetBSD Desktop]\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://unitedbsd.com/t/netbsd-desktop-part-1-manual-netbsd-installation-on-gpt-uefi/284\"\u003ePart 1: Manual NetBSD installation on GPT/UEFI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://unitedbsd.com/t/netbsd-desktop-pt-2-set-up-wireless-networking-on-netbsd-with-wpa-supplicant-and-dhcpcd/281\"\u003eNetBSD desktop pt.2: Set up wireless networking on NetBSD with wpa_supplicant and dhcpcd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://unitedbsd.com/t/netbsd-desktop-pt-3-simple-stateful-firewall-with-npf/286\"\u003ePart 3: Simple stateful firewall with NPF\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://unitedbsd.com/t/netbsd-desktop-pt-4-the-x-display-manager-xdm/292\"\u003ePart 4: 4: The X Display Manager (XDM)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://unitedbsd.com/t/netbsd-desktop-pt-5-automounting-with-berkeley-am-utils/294/3\"\u003ePart 5: automounting with Berkeley am-utils\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-December/072422.html\"\u003eCall For Testing: ZFS on FreeBSD Project\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2018/12/18/22223.html\"\u003eDragonFlyBSD 5.4.1 release within a week\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bunniestudios.com/blog/?p=5421\"\u003eYou Can’t Opt Out of the Patent System. That’s Why Patent Pandas Was Created!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://yggdrasil-network.github.io/2018/12/12/announcing-v0-3.html\"\u003eAnnouncing Yggdrasil Network v0.3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ziprecruiter.com/c/The-Good-Seed/Job/OpenBSD-Network-Engineer/-in-Los-Angeles,CA?jobid=35a52212-57d4d705\"\u003eOpenBSD Network Engineer Job listing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://itsfoss.com/freebsd-12-release/\"\u003eFreeBSD 12.0 Stable Version Released!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://bsdsec.net/articles/libressl-2-9-0-released\"\u003eLibreSSL 2.9.0 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=Nq8sLqtzCEQ\"\u003eLive stream test: Sgi Octane light bar repair / soldering!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.sophimail.com/configure-freebsd-email-server-using-postfix-dovecot-mysql-spamassassin/\"\u003eConfigure a FreeBSD Email Server Using Postfix, Dovecot, MySQL, DAVICAL and SpamAssassin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.obligd.com/posts/berkeley-smorgasbord.html\"\u003eBerkeley smorgasbord\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://fosdem.org/2019/schedule/track/bsd/\"\u003eFOSDEM BSD Devroom schedule\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWarren - \u003ca href=\"http://dpaste.com/1V1XS01#wrap\"\u003eEp.273: OpenZFS on OS X\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecogoman - \u003ca href=\"http://dpaste.com/0P0MWFC#wrap\"\u003etarsnap security and using SSDs in raid\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAndrew - \u003ca href=\"http://dpaste.com/3H9M5M0\"\u003ePortland BSD Pizza Night\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more.","date_published":"2018-12-24T11:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d08b7671-6fa3-4a12-864e-9a65603b79ee.mp3","mime_type":"audio/mp3","size_in_bytes":46042591,"duration_in_seconds":4585}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-3028","title":"Episode 276: Ho, Ho, Ho - 12.0 | BSD Now 276","url":"https://www.bsdnow.tv/276","content_text":"FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more.\n\n##Headlines\n###FreeBSD 12.0 is available\n\n\nAfter a long release cycle, the wait is over: FreeBSD 12.0 is now officially available.\nWe’ve picked a few interesting things to cover in the show, make sure to read the full Release Notes\n\n\n\nUserland:\nGroup permissions on /dev/acpi have been changed to allow users in the operator GID to invoke acpiconf(8) to suspend the system.\nThe default devfs.rules(5) configuration has been updated to allow mount_fusefs(8) with jail(8).\nThe default PAGER now defaults to less(1) for most commands.\nThe newsyslog(8) utility has been updated to reject configuration entries that specify setuid(2) or executable log files.\nThe WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been enabled by default.\nA new src.conf(5) knob, WITH_RETPOLINE, has been added to enable the retpoline mitigation for userland builds.\nUserland applications:\nThe dtrace(1) utility has been updated to support if and else statements.\nThe legacy gdb(1) utility included in the base system is now installed to /usr/libexec for use with crashinfo(8). The gdbserver and gdbtui utilities are no longer installed. For interactive debugging, lldb(1) or a modern version of gdb(1) from devel/gdb should be used. A new src.conf(5) knob, WITHOUT_GDB_LIBEXEC has been added to disable building gdb(1). The gdb(1) utility is still installed in /usr/bin on sparc64.\nThe setfacl(1) utility has been updated to include a new flag, -R, used to operate recursively on directories.\nThe geli(8) utility has been updated to provide support for initializing multiple providers at once when they use the same passphrase and/or key.\nThe dd(1) utility has been updated to add the status=progress option, which prints the status of its operation on a single line once per second, similar to GNU dd(1).\nThe date(1) utility has been updated to include a new flag, -I, which prints its output in ISO 8601 formatting.\nThe bectl(8) utility has been added, providing an administrative interface for managing ZFS boot environments, similar to sysutils/beadm.\nThe bhyve(8) utility has been updated to add a new subcommand to the -l and -s flags, help, which when used, prints a list of supported LPC and PCI devices, respectively.\nThe tftp(1) utility has been updated to change the default transfer mode from ASCII to binary.\nThe chown(8) utility has been updated to prevent overflow of UID or GID arguments where the argument exceeded UID_MAX or GID_MAX, respectively.\nKernel:\nThe ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems.\nThe amdsmn(4) and amdtemp(4) drivers have been updated to attach to AMD® Ryzen 2™ host bridges.\nThe amdtemp(4) driver has been updated to fix temperature reporting for AMD® 2990WX CPUs.\nKernel Configuration:\nThe VIMAGE kernel configuration option has been enabled by default.\nThe dumpon(8) utility has been updated to add support for compressed kernel crash dumps when the kernel configuration file includes the GZIO option. See rc.conf(5) and dumpon(8) for additional information.\nThe NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations.\nDevice Drivers:\nThe random(4) driver has been updated to remove the Yarrow algorithm. The Fortuna algorithm remains the default, and now only, available algorithm.\nThe vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.\nDeprecated Drivers:\nThe lmc(4) driver has been removed.\nThe ixgb(4) driver has been removed.\nThe nxge(4) driver has been removed.\nThe vxge(4) driver has been removed.\nThe jedec_ts(4) driver has been removed in 12.0-RELEASE, and its functionality replaced by jedec_dimm(4).\nThe DRM driver for modern graphics chipsets has been marked deprecated and marked for removal in FreeBSD 13. The DRM kernel modules are available from graphics/drm-stable-kmod or graphics/drm-legacy-kmod in the Ports Collection as well as via pkg(8). Additionally, the kernel modules have been added to the lua loader.conf(5) module_blacklist, as installation from the Ports Collection or pkg(8) is strongly recommended.\nThe following drivers have been deprecated in FreeBSD 12.0, and not present in FreeBSD 13.0: ae(4), de(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), xe(4)\nStorage:\nThe UFS/FFS filesystem has been updated to support check hashes to cylinder-group maps. Support for check hashes is available only for UFS2.\nThe UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously.\nTRIM consolidation support has been enabled by default in the UFS/FFS filesystem. TRIM consolidation can be disabled by setting the vfs.ffs.dotrimcons sysctl(8) to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf(5).\nNFS:\nThe NFS version 4.1 server has been updated to include pNFS server support.\nZFS:\nZFS has been updated to include new sysctl(8)s, vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool(8) scrub subcommand.\nThe new spacemap_v2 zpool feature has been added. This provides more efficient encoding of spacemaps, especially for full vdev spacemaps.\nThe large_dnode zpool feature been imported, allowing better compatibility with pools created under ZFS-on-Linux 0.7.x\nMany bug fixes have been applied to the device removal feature. This feature allows you to remove a non-redundant or mirror vdev from a pool by relocating its data to other vdevs.\nIncludes the fix for PR 229614 that could cause processes to hang in zil_commit()\nBoot Loader Changes:\nThe lua loader(8) has been updated to detect a list of installed kernels to boot.\nThe loader(8) has been updated to support geli(8) for all architectures and all disk-like devices.\nThe loader(8) has been updated to add support for loading Intel® microcode updates early during the boot process.\nNetworking:\nThe pf(4) packet filter is now usable within a jail(8) using vnet(9).\nThe pf(4) packet filter has been updated to use rmlock(9) instead of rwlock(9), resulting in significant performance improvements.\nThe SO_REUSEPORT_LB option has been added to the network stack, allowing multiple programs or threads to bind to the same port, and incoming connections load balanced using a hash function.\n\n\n\nAgain, read the release notes for a full list, check out the errata notices. A big THANKS to the entire release engineering team and all developers involved in the release, much appreciated!\n\n\n\n\n###Abandon Linux. Move to FreeBSD or Illumos\n\n\nIf you use GNU/Linux and you are only on opensource, you may be doing it wrong. Here’s why.\nIs your company based on opensource based software only? Do you have a bunch of developers hitting some kind of server you have installed for them to “do their thing”? Being it for economical reasons (remember to donate), being it for philosophycal ones, you may have skipped good alternatives. The BSD’s and Illumos.\nI bet you are running some sort of Debian, openSuSE or CentOS. It’s very discouraging having entered into the IT field recently and discover many of the people you meet do not even recognise the name BSD. Naming Solaris seems like naming the evil itself. The problem being many do not know why. They can’t point anything specific other than it’s fading out. This has recently shown strong when Oracle officials have stated development for new features has ceased and almost 90 % of developers for Solaris have been layed off. AIX seems alien to almost everybody unless you have a white beard. And all this is silly.\nAnd here’s why. You are certainly missing two important features that FreeBSD and Illumos derivatives are enjoying. A full virtualization technology, much better and fully developed compared to the LXC containers in the Linux world, such as Jails on BSD, Zones in Solaris/Illumos, and the great ZFS file system which both share.\nYou have probably heard of a new Linux filesystem named Btrfs, which by the way, development has been dropped from the Red Hat side. Trying to emulate ZFS, Oracle started developing Btrfs file system before they acquired Sun (the original developer of ZFS), and SuSE joined the effort as well as Red Hat. It is not as well developed as ZFS and it hasn’t been tested in production environments as extensively as the former has. That leaves some uncertainty on using it or not. Red Hat leaving it aside does add some more. Although some organizations have used it with various grades of success.\nBut why is this anyhow interesting for a sysadmin or any organization? Well… FreeBSD (descendant of Berkeley UNIX) and SmartOS (based on Illumos) aglutinate some features that make administration easier, safer, faster and more reliable. The dream of any systems administrator.\nTo start, the ZFS filesystem combines the typical filesystem with a volume manager. It includes protection against corruption, snapshots and copy-on-write clones, as well as volume manager.\nJails is another interesting piece of technology. Linux folks usually associate this as a sort of chroot. It isn’t. It is somehow inspired by it but as you may know you can escape from a chroot environment with a blink of an eye. Jails are not called jails casually. The name has a purpose. Contain processes and programs within a defined and totally controlled environment. Jails appeared first in FreeBSD in the year 2000. Solaris Zones debuted on 2005 (now called containers) are the now proprietary version of those.\nThere are some other technologies on Linux such as Btrfs or Docker. But they have some caveats. Btrfs hasn’t been fully developed yet and it’s hasn’t been proved as much in production environments as ZFS has. And some problems have arisen recently although the developers are pushing the envelope. At some time they will match ZFS capabilities for sure. Docker is growing exponentially and it’s one of the cool technologies of modern times. The caveat is, as before, the development of this technology hasn’t been fully developed. Unlike other virtualization technologies this is not a kernel playing on top of another kernel. This is virtualization at the OS level, meaning differentiated environments can coexist on a single host, “hitting” the same unique kernel which controls and shares the resources. The problem comes when you put Docker on top of any other virtualization technology such as KVM or Xen. It breaks the purpose of it and has a performance penalty.\nI have arrived into the IT field with very little knowledge, that is true. But what I see strikes me. Working in a bank has allowed me to see a big production environment that needs the highest of the availability and reliability. This is, sometimes, achieved by bruteforce. And it’s legitime and adequate. Redundancy has a reason and a purpose for example. But some other times it looks, it feels, like killing flies with cannons. More hardware, more virtual machines, more people, more of this, more of that. They can afford it, so they try to maintain the cost low but at the end of the day there is a chunky budget to back operations.\nBut here comes reality. You’re not a bank and you need to squeeze your investment as much as possible. By using FreeBSD jails you can avoid the performance penalty of KVM or Xen virtualization. Do you use VMWare or Hyper-V? You can avoid both and gain in performance. Not only that, control and manageability are equal as before, and sometimes easier to administer. There are four ways to operate them which can be divided in two categories. Hardcore and Human Being. For the Hardcore use the FreeBSD handbook and investigate as much as you can. For the Human Being way there are three options to use. Ezjail, Iocage and CBSD which are frameworks or programs as you may call to manage jails. I personally use Iocage but I have also used Ezjail.\nHow can you use jails on your benefit? Ever tried to configure some new software and failed miserably? You can have three different jails running at the same time with different configurations. Want to try a new configuration in a production piece of hardware without applying it on the final users? You can do that with a small jail while the production environment is on in another bigger, chunkier jail.\nWant to divide the hardware as a replica of the division of the team/s you are working with? Want to sell virtual machines with bare metal performance? Do you want to isolate some piece of critical software or even data in a more controlled environment? Do you have different clients and you want to use the same hardware but you want to avoid them seeing each other at the same time you maintain performance and reliability?\nAre you a developer and you have to have reliable and portable snapshots of your work? Do you want to try new options-designs without breaking your previous work, in a timeless fashion? You can work on something, clone the jail and apply the new ideas on the project in a matter of seconds. You can stop there, export the filesystem snapshot containing all the environment and all your work and place it on a thumbdrive to later import it on a big production system. Want to change that image properties such as the network stack interface and ip? This is just one command away from you.\nBut what properties can you assign to a jail and how can I manage them you may be wondering. Hostname, disk quota, i/o, memory, cpu limits, network isolation, network virtualization, snapshots and the manage of those, migration and root privilege isolation to name a few. You can also clone them and import and export them between different systems. Some of these things because of ZFS. Iocage is a python program to manage jails and it takes profit from ZFS advantages.\nBut FreeBSD is not Linux you may say. No it is not. There are no run levels. The systemd factor is out of this equation. This is so since the begginning. Ever wondered where did vi come from? The TCP/IP stack? Your beloved macOS from Apple? All this is coming from the FreeBSD project. If you are used to Linux your adaptation period with any BSD will be short, very short. You will almost feel at home. Used to packaged software using yum or apt-get? No worries. With pkgng, the package management tool used in FreeBSD has almost 27.000 compiled packages for you to use. Almost all software found on any of the important GNU/Linux distros can be found here. Java, Python, C, C++, Clang, GCC, Javascript frameworks, Ruby, PHP, MySQL and the major forks, etc. All this opensource software, and much more, is available at your fingertips.\nI am a developer and… frankly my time is money and I appreciate both much more than dealing with systems configuration, etc. You can set a VM using VMWare or VirtualBox and play with barebones FreeBSD or you can use TrueOS (a derivative) which comes in a server version and a desktop oriented one. The latter will be easier for you to play with. You may be doing this already with Linux. There is a third and very sensible option. FreeNAS, developed by iXSystems. It is FreeBSD based and offers all these technologies with a GUI. VMWare, Hyper-V? Nowadays you can get your hands off the CLI and get a decent, usable, nice GUI.\nYou say you play on the cloud. The major players already include FreeBSD in their offerings. You can find it in Amazon AWS or Azure (with official Microsoft support contracts too!). You can also find it in DigitalOcean and other hosting providers. There is no excuse. You can use it at home, at the office, with old or new hardware and in the cloud as well. You can even pay for a support contract to use it. Joyent, the developers of SmartOS have their own cloud with different locations around the globe. Have a look on them too.\nIf you want the original of ZFS and zones you may think of Solaris. But it’s fading away. But it really isn’t. When Oracle bouth Sun many people ran away in an stampide fashion. Some of the good folks working at Sun founded new projects. One of these is Illumos. Joyent is a company formed by people who developed these technologies. They are a cloud operator, have been recently bought by Samsung and have a very competent team of people providing great tech solutions. They have developed an OS, called SmartOS (based on Illumos) with all these features. The source from this goes back to the early days of UNIX. Do you remember the days of OpenSolaris when Sun opensourced the crown jewels? There you have it. A modern opensource UNIX operating system with the roots in their original place and the head planted on today’s needs.\nIn conclusion. If you are on GNU/Linux and you only use opensource software you may be doing it wrong. And missing goodies you may need and like. Once you put your hands on them, trust me, you won’t look back. And if you have some “old fashioned” admins who know Solaris, you can bring them to a new profitable and exciting life with both systems.\nStill not convinced? Would you have ever imagined Microsoft supporting Linux? Even loving it? They do love now FreeBSD. And not only that, they provide their own image in the Azure Cloud and you can get Microsoft support, payed support if you want to use the platform on Azure. Ain’t it… surprising? Convincing at all?\nPS: I haven’t mentioned both softwares, FreeBSD and SmartOS do have a Linux translation layer. This means you can run Linux binaries on them and the program won’t cough at all. Since the ABI stays stable the only thing you need to run a Linux binary is a translation between the different system calls and the libraries. Remember POSIX? Choose your poison and enjoy it.\n\n\n\n\n###A partly-cloudy IPsec VPN\n\n\nAudience\n\n\n\nI’m assuming that readers have at least a basic knowledge of TCP/IP networking and some UNIX or UNIX-like systems, but not necessarily OpenBSD or FreeBSD. This post will therefore be light on details that aren’t OS specific and are likely to be encountered in normal use (e.g., how to use vi or another text editor.) For more information on these topics, read Absolute FreeBSD (3ed.) by Michael W. Lucas.\n\n\n\nOverview\n\n\n\nI’m redoing my DigitalOcean virtual machines (which they call droplets). My requirements are:\n\n\n\nVPN\nRoad-warrior access, so I can use private network resources from anywhere.\nA site-to-site VPN, extending my home network to my VPSes.\nHosting for public and private network services.\nA proxy service to provide a public IP address to services hosted at home.\n\n\n\nThe last item is on the list because I don’t actually have a public IP address at home; my firewall’s external address is in the RFC 1918 space, and the entire apartment building shares a single public IPv4 address.1 (IPv6? Don’t I wish.) The end-state network will include one OpenBSD droplet providing firewall, router, and VPN services; and one FreeBSD droplet hosting multiple jailed services.\nI’ll be providing access via these droplets to a NextCloud instance at home. A simple NAT on the DO router droplet isn’t going to work, because packets going from home to the internet would exit through the apartment building’s connection and not through the VPN. It’s possible that I could do work around this issue with packet tagging using the pf firewall, but HAProxy is simple to configure and unlikely to result in hard-to-debug problems. relayd is also an option, but doesn’t have the TLS parsing abilities of HAProxy, which I’ll be using later on.\nSince this system includes jails running on a VPS, and they’ve got RFC 1918 addresses, I want them reachable from my home network. Once that’s done, I can access the private address space from anywhere through a VPN connection to the cloudy router.\nThe VPN itself will be of the IPsec variety. IPsec is the traditional enterprise VPN standard, and is even used for classified applications, but has a (somewhat-deserved) reputation for complexity, but recent versions of OpenBSD turn down the difficulty by quite a bit.\n\n\n\nThe end-state network should look like: https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg\n\n\n\nThis VPN both separates internal network traffic from public traffic and uses encryption to prevent interception or tampering.\nOnce traffic has been encrypted, decrypting it without the key would, as Bruce Schneier once put it, require a computer built from something other than matter that occupies something other than space. Dyson spheres and a frakton of causality violation would possibly work, as would mathemagical technology that alters the local calendar such that P=NP.2 Black-bag jobs and/or suborning cloud provider employees doesn’t quite have that guarantee of impossibility, however. If you have serious security requirements, you’ll need to do better than a random blog entry.\n\n\n\n\n##News Roundup\n###KLEAK: Practical Kernel Memory Disclosure Detection\n\n\nModern operating systems such as NetBSD, macOS, and Windows isolate their kernel from userspace programs to increase fault tolerance and to protect against malicious manipulations [10]. User space programs have to call into the kernel to request resources, via system calls or ioctls. This communication between user space and kernel space crosses a security boundary. Kernel memory disclosures - also known as kernel information leaks - denote the inadvertent copying of uninitialized bytes from kernel space to user space.  Such disclosed memory may contain cryptographic keys, information about the kernel memory layout, or other forms of secret data. Even though kernel memory disclosures do not allow direct exploitation of a system, they lay the ground for it.\nWe introduce KLEAK, a simple approach to dynamically detect kernel information leaks. Simply said, KLEAK utilizes a rudimentary form of taint tracking: it taints kernel memory with marker values, lets the data travel through the kernel and scans the buffers exchanged between the kernel and the user space for these marker values. By using compiler instrumentation and rotating the markers at regular intervals, KLEAK significantly reduces the number of false positives, and is able to yield relevant results with little effort.\nOur  approach is practically feasible as we prove with an implementation for the NetBSD kernel. A small performance penalty is introduced, but the system remains usable. In addition to implementing KLEAK in the NetBSD kernel, we applied our approach to FreeBSD 11.2. In total,  we detected 21 previously unknown kernel memory disclosures in NetBSD-current and FreeBSD 11.2, which were fixed subsequently. As a follow-up, the projects’ developers manually audited related kernel areas and identified dozens of other kernel memory disclosures.\nThe remainder of this paper is structured as follows. Section II discusses the bug class of kernel memory disclosures. Section III presents KLEAK to dynamically detect instances of this bug class. Section IV discusses the results of applying KLEAK to NetBSD-current and FreeBSD 11.2. Section V reviews prior research. Finally, Section VI concludes this paper.\n\n\n\n\n###How To Create Official Synth Repo\n\n\n\nSystem Environment\n\n\nMake sure /usr/dports is updated and that it contains no cruft (git pull; git status). Remove any cruft.\n\n\nMake sure your ‘synth’ is up-to-date ‘pkg upgrade synth’. If you already updated your system you may have to build synth from scratch, from /usr/dports/ports-mgmt/synth.\n\n\nMake sure /etc/make.conf is clean.\n\n\nUpdate /usr/src to the current master, make sure there is no cruft in it\n\n\nDo a full buildworld, buildkernel, installkernel and installworld\n\n\nReboot\n\n\nAfter the reboot, before proceeding, run ‘uname -a’ and make sure you are now on the desired release or development kernel.\n\n\nSynth Environment\n\n\n/usr/local/etc/synth/ contains the synth configuration. It should contain a synth.ini file (you may have to rename the template), and you will have to create or edit a LiveSystem-make.conf file.\n\n\nSystem requirements are hefty. Just linking chromium alone eats at least 30GB, for example. Concurrent c++ compiles can eat up to 2GB per process. We recommend at least 100GB of SSD based swap space and 300GB of free space on the filesystem.\n\n\nsynth.ini should contain this. Plus modify the builders and jobs to suit your system. With 128G of ram, 30/30 or 40/25 works well. If you have 32G of ram, maybe 8/8 or less.\n\n\n\n; Take care when hand editing!\n\n[Global Configuration]\nprofile_selected= LiveSystem\n\n[LiveSystem]\nOperating_system= DragonFly\nDirectory_packages= /build/synth/live_packages\nDirectory_repository= /build/synth/live_packages/All\nDirectory_portsdir= /build/synth/dports\nDirectory_options= /build/synth/options\nDirectory_distfiles= /usr/distfiles\nDirectory_buildbase= /build/synth/build\nDirectory_logs= /build/synth/logs\nDirectory_ccache= disabled\nDirectory_system= /\nNumber_of_builders= 30\nMax_jobs_per_builder= 30\nTmpfs_workdir= true\nTmpfs_localbase= true\nDisplay_with_ncurses= true\nleverage_prebuilt= false\n\n\nLiveSystem-make.conf should contain one line to restrict licensing to only what is allowed to be built as a binary package:\n\n\nLICENSES_ACCEPTED= NONE\n\n\n\nMake sure there is no other cruft in /usr/local/etc/synth/\n\n\nIn the example above, the synth working dirs are in “/build/synth”. Make sure the base directories exist. Clean out any cruft for a fresh build from-scratch:\n\n\n\nrm -rf /build/synth/live_packages/*\nrm -rf /build/synth/logs\nmkdir /build/synth/logs\n\n\nRun synth everything. I recommend doing this in a ‘screen’ session in case you lose your ssh session (assuming you are ssh’d into the build machine).\n\n\n(optionally start a screen session)\nsynth everything\n\n\nA full synth build takes over 24 hours to run on a 48-core box, around 12 hours to run on a 64-core box. On a 4-core/8-thread box it will take at least 3 days. There will be times when swap space is heavily used. If you have not run synth before, monitor your memory and swap loads to make sure you have configured the jobs properly. If you are overloading the system, you may have to ^C the synth run, reduce the jobs, and start it again. It will pick up where it left off.\nWhen synth finishes, let it rebuild the database. You then have a working binary repo.\nIt is usually a good idea to run synth several times to pick up any stuff it couldn’t build the first time. Each of these incremental runs may take a few hours, depending on what it tries to build.\n\n\n\n\n###Interview with founder and maintainer of GhostBSD, Eric Turgeon\n\n\nThanks you Eric for taking part. To start off, could you  tell us a little about yourself, just a bit of background?\nHow did you become interested in open source?\nWhen and how did you get interested in the BSD operating systems?\nOn your Twitter profile, you state that you are an automation engineer at iXsystems. Can you share what you do in your day-to-day job?\nYou are the founder and project lead of GhostBSD. Could you describe GhostBSD to those who have never used it or never heard of it?\nDeveloping an operating system is not a small thing. What made you decide to start the GhostBSD project and not join another “desktop FreeBSD” related project, such as PC-BSD and DesktopBSD at the time?\nHow did you get to the name GhostBSD? Did you consider any other names?\nYou recently released GhostBSD 18.10? What’s new in that version and what are the key features? What has changed since GhostBSD 11.1?\nThe current version is 18.10. Will the next version be 19.04 (like Ubuntu’s version numbering), or is a new version released after the next stable TrueOS release\nCan you tell us something about the development team? Is it yourself, or are there other core team members? I think I saw two other developers on your Github project page.\nHow about the relationship with the community? Is it possible for a community member to contribute, and how are those contributions handled?\nWhat was the biggest challenge during development?\nIf you had to pick one feature readers should check out in GhostBSD, what is it and why?\nWhat is the relationship between iXsystems and the GhostBSD project? Or is GhostBSD a hobby project that you run separately from your work at iXsystems?\nWhat is the relationship between GhostBSD and TrueOS? Is GhostBSD TrueOS with the MATE desktop on top, or are there other modifications, additions, and differences?\nWhere does GhostBSD go from here? What are your plans for 2019?\nIs there anything else that wasn’t asked or that you want to share?\n\n\n\n\n##Beastie Bits\n\n\ndialog(1) script to select audio output on FreeBSD\nErlang otp on OpenBSD\nCapsicum\nhttps://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html\nIntroduction to µUBSan - a clean-room reimplementation of the Undefined Behavior Sanitizer runtime\npkgsrcCon 2018 in Berlin - Videos\nGetting started with drm-kmod\n\n\n\n\n##Feedback/Questions\n\n\nMalcolm - Show segment idea\nFraser - Question: FreeBSD official binary package options\nHarri - BSD Magazine\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eFreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.freebsd.org/releases/12.0R/relnotes.html\"\u003eFreeBSD 12.0 is available\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a long release cycle, the wait is over: FreeBSD 12.0 is now officially available.\u003c/li\u003e\n\u003cli\u003eWe’ve picked a few interesting things to cover in the show, make sure to read the full \u003ca href=\"https://www.freebsd.org/releases/12.0R/relnotes.html\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUserland:\u003cbr\u003e\nGroup permissions on /dev/acpi have been changed to allow users in the operator GID to invoke acpiconf(8) to suspend the system.\u003cbr\u003e\nThe default devfs.rules(5) configuration has been updated to allow mount_fusefs(8) with jail(8).\u003cbr\u003e\nThe default PAGER now defaults to less(1) for most commands.\u003cbr\u003e\nThe newsyslog(8) utility has been updated to reject configuration entries that specify setuid(2) or executable log files.\u003cbr\u003e\nThe WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been enabled by default.\u003cbr\u003e\nA new src.conf(5) knob, WITH_RETPOLINE, has been added to enable the retpoline mitigation for userland builds.\u003cbr\u003e\nUserland applications:\u003cbr\u003e\nThe dtrace(1) utility has been updated to support if and else statements.\u003cbr\u003e\nThe legacy gdb(1) utility included in the base system is now installed to /usr/libexec for use with crashinfo(8). The gdbserver and gdbtui utilities are no longer installed. For interactive debugging, lldb(1) or a modern version of gdb(1) from devel/gdb should be used. A new src.conf(5) knob, WITHOUT_GDB_LIBEXEC has been added to disable building gdb(1). The gdb(1) utility is still installed in /usr/bin on sparc64.\u003cbr\u003e\nThe setfacl(1) utility has been updated to include a new flag, -R, used to operate recursively on directories.\u003cbr\u003e\nThe geli(8) utility has been updated to provide support for initializing multiple providers at once when they use the same passphrase and/or key.\u003cbr\u003e\nThe dd(1) utility has been updated to add the status=progress option, which prints the status of its operation on a single line once per second, similar to GNU dd(1).\u003cbr\u003e\nThe date(1) utility has been updated to include a new flag, -I, which prints its output in ISO 8601 formatting.\u003cbr\u003e\nThe bectl(8) utility has been added, providing an administrative interface for managing ZFS boot environments, similar to sysutils/beadm.\u003cbr\u003e\nThe bhyve(8) utility has been updated to add a new subcommand to the -l and -s flags, help, which when used, prints a list of supported LPC and PCI devices, respectively.\u003cbr\u003e\nThe tftp(1) utility has been updated to change the default transfer mode from ASCII to binary.\u003cbr\u003e\nThe chown(8) utility has been updated to prevent overflow of UID or GID arguments where the argument exceeded UID_MAX or GID_MAX, respectively.\u003cbr\u003e\nKernel:\u003cbr\u003e\nThe ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems.\u003cbr\u003e\nThe amdsmn(4) and amdtemp(4) drivers have been updated to attach to AMD® Ryzen 2™ host bridges.\u003cbr\u003e\nThe amdtemp(4) driver has been updated to fix temperature reporting for AMD® 2990WX CPUs.\u003cbr\u003e\nKernel Configuration:\u003cbr\u003e\nThe VIMAGE kernel configuration option has been enabled by default.\u003cbr\u003e\nThe dumpon(8) utility has been updated to add support for compressed kernel crash dumps when the kernel configuration file includes the GZIO option. See rc.conf(5) and dumpon(8) for additional information.\u003cbr\u003e\nThe NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations.\u003cbr\u003e\nDevice Drivers:\u003cbr\u003e\nThe random(4) driver has been updated to remove the Yarrow algorithm. The Fortuna algorithm remains the default, and now only, available algorithm.\u003cbr\u003e\nThe vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.\u003cbr\u003e\nDeprecated Drivers:\u003cbr\u003e\nThe lmc(4) driver has been removed.\u003cbr\u003e\nThe ixgb(4) driver has been removed.\u003cbr\u003e\nThe nxge(4) driver has been removed.\u003cbr\u003e\nThe vxge(4) driver has been removed.\u003cbr\u003e\nThe jedec_ts(4) driver has been removed in 12.0-RELEASE, and its functionality replaced by jedec_dimm(4).\u003cbr\u003e\nThe DRM driver for modern graphics chipsets has been marked deprecated and marked for removal in FreeBSD 13. The DRM kernel modules are available from graphics/drm-stable-kmod or graphics/drm-legacy-kmod in the Ports Collection as well as via pkg(8). Additionally, the kernel modules have been added to the lua loader.conf(5) module_blacklist, as installation from the Ports Collection or pkg(8) is strongly recommended.\u003cbr\u003e\nThe following drivers have been deprecated in FreeBSD 12.0, and not present in FreeBSD 13.0: ae(4), de(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), xe(4)\u003cbr\u003e\nStorage:\u003cbr\u003e\nThe UFS/FFS filesystem has been updated to support check hashes to cylinder-group maps. Support for check hashes is available only for UFS2.\u003cbr\u003e\nThe UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously.\u003cbr\u003e\nTRIM consolidation support has been enabled by default in the UFS/FFS filesystem. TRIM consolidation can be disabled by setting the vfs.ffs.dotrimcons sysctl(8) to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf(5).\u003cbr\u003e\nNFS:\u003cbr\u003e\nThe NFS version 4.1 server has been updated to include pNFS server support.\u003cbr\u003e\nZFS:\u003cbr\u003e\nZFS has been updated to include new sysctl(8)s, vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool(8) scrub subcommand.\u003cbr\u003e\nThe new spacemap_v2 zpool feature has been added. This provides more efficient encoding of spacemaps, especially for full vdev spacemaps.\u003cbr\u003e\nThe large_dnode zpool feature been imported, allowing better compatibility with pools created under ZFS-on-Linux 0.7.x\u003cbr\u003e\nMany bug fixes have been applied to the device removal feature. This feature allows you to remove a non-redundant or mirror vdev from a pool by relocating its data to other vdevs.\u003cbr\u003e\nIncludes the fix for PR 229614 that could cause processes to hang in zil_commit()\u003cbr\u003e\nBoot Loader Changes:\u003cbr\u003e\nThe lua loader(8) has been updated to detect a list of installed kernels to boot.\u003cbr\u003e\nThe loader(8) has been updated to support geli(8) for all architectures and all disk-like devices.\u003cbr\u003e\nThe loader(8) has been updated to add support for loading Intel® microcode updates early during the boot process.\u003c/p\u003e\n\u003cp\u003eNetworking:\u003cbr\u003e\nThe pf(4) packet filter is now usable within a jail(8) using vnet(9).\u003cbr\u003e\nThe pf(4) packet filter has been updated to use rmlock(9) instead of rwlock(9), resulting in significant performance improvements.\u003cbr\u003e\nThe SO_REUSEPORT_LB option has been added to the network stack, allowing multiple programs or threads to bind to the same port, and incoming connections load balanced using a hash function.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAgain, read the release notes for a full list, check out the \u003ca href=\"https://www.freebsd.org/releases/12.0R/errata.html\"\u003eerrata notices\u003c/a\u003e. A big THANKS to the entire release engineering team and all developers involved in the release, much appreciated!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.adminbyaccident.com/politics/abandon-linux-move-freebsd-illumos/\"\u003eAbandon Linux. Move to FreeBSD or Illumos\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you use GNU/Linux and you are only on opensource, you may be doing it wrong. Here’s why.\u003cbr\u003e\nIs your company based on opensource based software only? Do you have a bunch of developers hitting some kind of server you have installed for them to “do their thing”? Being it for economical reasons (remember to donate), being it for philosophycal ones, you may have skipped good alternatives. The BSD’s and Illumos.\u003cbr\u003e\nI bet you are running some sort of Debian, openSuSE or CentOS. It’s very discouraging having entered into the IT field recently and discover many of the people you meet do not even recognise the name BSD. Naming Solaris seems like naming the evil itself. The problem being many do not know why. They can’t point anything specific other than it’s fading out. This has recently shown strong when Oracle officials have stated development for new features has ceased and almost 90 % of developers for Solaris have been layed off. AIX seems alien to almost everybody unless you have a white beard. And all this is silly.\u003cbr\u003e\nAnd here’s why. You are certainly missing two important features that FreeBSD and Illumos derivatives are enjoying. A full virtualization technology, much better and fully developed compared to the LXC containers in the Linux world, such as Jails on BSD, Zones in Solaris/Illumos, and the great ZFS file system which both share.\u003cbr\u003e\nYou have probably heard of a new Linux filesystem named Btrfs, which by the way, development has been dropped from the Red Hat side. Trying to emulate ZFS, Oracle started developing Btrfs file system before they acquired Sun (the original developer of ZFS), and SuSE joined the effort as well as Red Hat. It is not as well developed as ZFS and it hasn’t been tested in production environments as extensively as the former has. That leaves some uncertainty on using it or not. Red Hat leaving it aside does add some more. Although some organizations have used it with various grades of success.\u003cbr\u003e\nBut why is this anyhow interesting for a sysadmin or any organization? Well… FreeBSD (descendant of Berkeley UNIX) and SmartOS (based on Illumos) aglutinate some features that make administration easier, safer, faster and more reliable. The dream of any systems administrator.\u003cbr\u003e\nTo start, the ZFS filesystem combines the typical filesystem with a volume manager. It includes protection against corruption, snapshots and copy-on-write clones, as well as volume manager.\u003cbr\u003e\nJails is another interesting piece of technology. Linux folks usually associate this as a sort of chroot. It isn’t. It is somehow inspired by it but as you may know you can escape from a chroot environment with a blink of an eye. Jails are not called jails casually. The name has a purpose. Contain processes and programs within a defined and totally controlled environment. Jails appeared first in FreeBSD in the year 2000. Solaris Zones debuted on 2005 (now called containers) are the now proprietary version of those.\u003cbr\u003e\nThere are some other technologies on Linux such as Btrfs or Docker. But they have some caveats. Btrfs hasn’t been fully developed yet and it’s hasn’t been proved as much in production environments as ZFS has. And some problems have arisen recently although the developers are pushing the envelope. At some time they will match ZFS capabilities for sure. Docker is growing exponentially and it’s one of the cool technologies of modern times. The caveat is, as before, the development of this technology hasn’t been fully developed. Unlike other virtualization technologies this is not a kernel playing on top of another kernel. This is virtualization at the OS level, meaning differentiated environments can coexist on a single host, “hitting” the same unique kernel which controls and shares the resources. The problem comes when you put Docker on top of any other virtualization technology such as KVM or Xen. It breaks the purpose of it and has a performance penalty.\u003cbr\u003e\nI have arrived into the IT field with very little knowledge, that is true. But what I see strikes me. Working in a bank has allowed me to see a big production environment that needs the highest of the availability and reliability. This is, sometimes, achieved by bruteforce. And it’s legitime and adequate. Redundancy has a reason and a purpose for example. But some other times it looks, it feels, like killing flies with cannons. More hardware, more virtual machines, more people, more of this, more of that. They can afford it, so they try to maintain the cost low but at the end of the day there is a chunky budget to back operations.\u003cbr\u003e\nBut here comes reality. You’re not a bank and you need to squeeze your investment as much as possible. By using FreeBSD jails you can avoid the performance penalty of KVM or Xen virtualization. Do you use VMWare or Hyper-V? You can avoid both and gain in performance. Not only that, control and manageability are equal as before, and sometimes easier to administer. There are four ways to operate them which can be divided in two categories. Hardcore and Human Being. For the Hardcore use the FreeBSD handbook and investigate as much as you can. For the Human Being way there are three options to use. Ezjail, Iocage and CBSD which are frameworks or programs as you may call to manage jails. I personally use Iocage but I have also used Ezjail.\u003cbr\u003e\nHow can you use jails on your benefit? Ever tried to configure some new software and failed miserably? You can have three different jails running at the same time with different configurations. Want to try a new configuration in a production piece of hardware without applying it on the final users? You can do that with a small jail while the production environment is on in another bigger, chunkier jail.\u003cbr\u003e\nWant to divide the hardware as a replica of the division of the team/s you are working with? Want to sell virtual machines with bare metal performance? Do you want to isolate some piece of critical software or even data in a more controlled environment? Do you have different clients and you want to use the same hardware but you want to avoid them seeing each other at the same time you maintain performance and reliability?\u003cbr\u003e\nAre you a developer and you have to have reliable and portable snapshots of your work? Do you want to try new options-designs without breaking your previous work, in a timeless fashion? You can work on something, clone the jail and apply the new ideas on the project in a matter of seconds. You can stop there, export the filesystem snapshot containing all the environment and all your work and place it on a thumbdrive to later import it on a big production system. Want to change that image properties such as the network stack interface and ip? This is just one command away from you.\u003cbr\u003e\nBut what properties can you assign to a jail and how can I manage them you may be wondering. Hostname, disk quota, i/o, memory, cpu limits, network isolation, network virtualization, snapshots and the manage of those, migration and root privilege isolation to name a few. You can also clone them and import and export them between different systems. Some of these things because of ZFS. Iocage is a python program to manage jails and it takes profit from ZFS advantages.\u003cbr\u003e\nBut FreeBSD is not Linux you may say. No it is not. There are no run levels. The systemd factor is out of this equation. This is so since the begginning. Ever wondered where did vi come from? The TCP/IP stack? Your beloved macOS from Apple? All this is coming from the FreeBSD project. If you are used to Linux your adaptation period with any BSD will be short, very short. You will almost feel at home. Used to packaged software using yum or apt-get? No worries. With pkgng, the package management tool used in FreeBSD has almost 27.000 compiled packages for you to use. Almost all software found on any of the important GNU/Linux distros can be found here. Java, Python, C, C++, Clang, GCC, Javascript frameworks, Ruby, PHP, MySQL and the major forks, etc. All this opensource software, and much more, is available at your fingertips.\u003cbr\u003e\nI am a developer and… frankly my time is money and I appreciate both much more than dealing with systems configuration, etc. You can set a VM using VMWare or VirtualBox and play with barebones FreeBSD or you can use TrueOS (a derivative) which comes in a server version and a desktop oriented one. The latter will be easier for you to play with. You may be doing this already with Linux. There is a third and very sensible option. FreeNAS, developed by iXSystems. It is FreeBSD based and offers all these technologies with a GUI. VMWare, Hyper-V? Nowadays you can get your hands off the CLI and get a decent, usable, nice GUI.\u003cbr\u003e\nYou say you play on the cloud. The major players already include FreeBSD in their offerings. You can find it in Amazon AWS or Azure (with official Microsoft support contracts too!). You can also find it in DigitalOcean and other hosting providers. There is no excuse. You can use it at home, at the office, with old or new hardware and in the cloud as well. You can even pay for a support contract to use it. Joyent, the developers of SmartOS have their own cloud with different locations around the globe. Have a look on them too.\u003cbr\u003e\nIf you want the original of ZFS and zones you may think of Solaris. But it’s fading away. But it really isn’t. When Oracle bouth Sun many people ran away in an stampide fashion. Some of the good folks working at Sun founded new projects. One of these is Illumos. Joyent is a company formed by people who developed these technologies. They are a cloud operator, have been recently bought by Samsung and have a very competent team of people providing great tech solutions. They have developed an OS, called SmartOS (based on Illumos) with all these features. The source from this goes back to the early days of UNIX. Do you remember the days of OpenSolaris when Sun opensourced the crown jewels? There you have it. A modern opensource UNIX operating system with the roots in their original place and the head planted on today’s needs.\u003cbr\u003e\nIn conclusion. If you are on GNU/Linux and you only use opensource software you may be doing it wrong. And missing goodies you may need and like. Once you put your hands on them, trust me, you won’t look back. And if you have some “old fashioned” admins who know Solaris, you can bring them to a new profitable and exciting life with both systems.\u003cbr\u003e\nStill not convinced? Would you have ever imagined Microsoft supporting Linux? Even loving it? They do love now FreeBSD. And not only that, they provide their own image in the Azure Cloud and you can get Microsoft support, payed support if you want to use the platform on Azure. Ain’t it… surprising? Convincing at all?\u003cbr\u003e\nPS: I haven’t mentioned both softwares, FreeBSD and SmartOS do have a Linux translation layer. This means you can run Linux binaries on them and the program won’t cough at all. Since the ABI stays stable the only thing you need to run a Linux binary is a translation between the different system calls and the libraries. Remember POSIX? Choose your poison and enjoy it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://bradackerman.com/posts/2018-12-05-bsd-cloudy-vpn/\"\u003eA partly-cloudy IPsec VPN\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAudience\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m assuming that readers have at least a basic knowledge of TCP/IP networking and some UNIX or UNIX-like systems, but not necessarily OpenBSD or FreeBSD. This post will therefore be light on details that aren’t OS specific and are likely to be encountered in normal use (e.g., how to use vi or another text editor.) For more information on these topics, read Absolute FreeBSD (3ed.) by Michael W. Lucas.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOverview\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m redoing my DigitalOcean virtual machines (which they call droplets). My requirements are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eVPN\u003c/li\u003e\n\u003cli\u003eRoad-warrior access, so I can use private network resources from anywhere.\u003c/li\u003e\n\u003cli\u003eA site-to-site VPN, extending my home network to my VPSes.\u003c/li\u003e\n\u003cli\u003eHosting for public and private network services.\u003c/li\u003e\n\u003cli\u003eA proxy service to provide a public IP address to services hosted at home.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe last item is on the list because I don’t actually have a public IP address at home; my firewall’s external address is in the RFC 1918 space, and the entire apartment building shares a single public IPv4 address.1 (IPv6? Don’t I wish.) The end-state network will include one OpenBSD droplet providing firewall, router, and VPN services; and one FreeBSD droplet hosting multiple jailed services.\u003cbr\u003e\nI’ll be providing access via these droplets to a NextCloud instance at home. A simple NAT on the DO router droplet isn’t going to work, because packets going from home to the internet would exit through the apartment building’s connection and not through the VPN. It’s possible that I could do work around this issue with packet tagging using the pf firewall, but HAProxy is simple to configure and unlikely to result in hard-to-debug problems. relayd is also an option, but doesn’t have the TLS parsing abilities of HAProxy, which I’ll be using later on.\u003cbr\u003e\nSince this system includes jails running on a VPS, and they’ve got RFC 1918 addresses, I want them reachable from my home network. Once that’s done, I can access the private address space from anywhere through a VPN connection to the cloudy router.\u003cbr\u003e\nThe VPN itself will be of the IPsec variety. IPsec is the traditional enterprise VPN standard, and is even used for classified applications, but has a (somewhat-deserved) reputation for complexity, but recent versions of OpenBSD turn down the difficulty by quite a bit.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe end-state network should look like: \u003ca href=\"https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg\"\u003ehttps://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis VPN both separates internal network traffic from public traffic and uses encryption to prevent interception or tampering.\u003cbr\u003e\nOnce traffic has been encrypted, decrypting it without the key would, as Bruce Schneier once put it, require a computer built from something other than matter that occupies something other than space. Dyson spheres and a frakton of causality violation would possibly work, as would mathemagical technology that alters the local calendar such that P=NP.2 Black-bag jobs and/or suborning cloud provider employees doesn’t quite have that guarantee of impossibility, however. If you have serious security requirements, you’ll need to do better than a random blog entry.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://netbsd.org/gallery/presentations/maxv/kleak.pdf\"\u003eKLEAK: Practical Kernel Memory Disclosure Detection\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eModern operating systems such as NetBSD, macOS, and Windows isolate their kernel from userspace programs to increase fault tolerance and to protect against malicious manipulations [10]. User space programs have to call into the kernel to request resources, via system calls or ioctls. This communication between user space and kernel space crosses a security boundary. Kernel memory disclosures - also known as kernel information leaks - denote the inadvertent copying of uninitialized bytes from kernel space to user space.  Such disclosed memory may contain cryptographic keys, information about the kernel memory layout, or other forms of secret data. Even though kernel memory disclosures do not allow direct exploitation of a system, they lay the ground for it.\u003cbr\u003e\nWe introduce KLEAK, a simple approach to dynamically detect kernel information leaks. Simply said, KLEAK utilizes a rudimentary form of taint tracking: it taints kernel memory with marker values, lets the data travel through the kernel and scans the buffers exchanged between the kernel and the user space for these marker values. By using compiler instrumentation and rotating the markers at regular intervals, KLEAK significantly reduces the number of false positives, and is able to yield relevant results with little effort.\u003cbr\u003e\nOur  approach is practically feasible as we prove with an implementation for the NetBSD kernel. A small performance penalty is introduced, but the system remains usable. In addition to implementing KLEAK in the NetBSD kernel, we applied our approach to FreeBSD 11.2. In total,  we detected 21 previously unknown kernel memory disclosures in NetBSD-current and FreeBSD 11.2, which were fixed subsequently. As a follow-up, the projects’ developers manually audited related kernel areas and identified dozens of other kernel memory disclosures.\u003cbr\u003e\nThe remainder of this paper is structured as follows. Section II discusses the bug class of kernel memory disclosures. Section III presents KLEAK to dynamically detect instances of this bug class. Section IV discusses the results of applying KLEAK to NetBSD-current and FreeBSD 11.2. Section V reviews prior research. Finally, Section VI concludes this paper.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.dragonflybsd.org/docs/howtos/How_To_Create_Official_Synth_Repo/\"\u003eHow To Create Official Synth Repo\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSystem Environment\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake sure /usr/dports is updated and that it contains no cruft (git pull; git status). Remove any cruft.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake sure your ‘synth’ is up-to-date ‘pkg upgrade synth’. If you already updated your system you may have to build synth from scratch, from /usr/dports/ports-mgmt/synth.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake sure /etc/make.conf is clean.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate /usr/src to the current master, make sure there is no cruft in it\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo a full buildworld, buildkernel, installkernel and installworld\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReboot\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAfter the reboot, before proceeding, run ‘uname -a’ and make sure you are now on the desired release or development kernel.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSynth Environment\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e/usr/local/etc/synth/ contains the synth configuration. It should contain a synth.ini file (you may have to rename the template), and you will have to create or edit a LiveSystem-make.conf file.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSystem requirements are hefty. Just linking chromium alone eats at least 30GB, for example. Concurrent c++ compiles can eat up to 2GB per process. We recommend at least 100GB of SSD based swap space and 300GB of free space on the filesystem.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esynth.ini should contain this. Plus modify the builders and jobs to suit your system. With 128G of ram, 30/30 or 40/25 works well. If you have 32G of ram, maybe 8/8 or less.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e; Take care when hand editing!\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e[Global Configuration]\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eprofile_selected= LiveSystem\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e[LiveSystem]\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eOperating_system= DragonFly\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_packages= /build/synth/live_packages\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_repository= /build/synth/live_packages/All\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_portsdir= /build/synth/dports\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_options= /build/synth/options\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_distfiles= /usr/distfiles\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_buildbase= /build/synth/build\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_logs= /build/synth/logs\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_ccache= disabled\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDirectory_system= /\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eNumber_of_builders= 30\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eMax_jobs_per_builder= 30\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eTmpfs_workdir= true\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eTmpfs_localbase= true\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDisplay_with_ncurses= true\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eleverage_prebuilt= false\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eLiveSystem-make.conf should contain one line to restrict licensing to only what is allowed to be built as a binary package:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003eLICENSES_ACCEPTED= NONE\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMake sure there is no other cruft in /usr/local/etc/synth/\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the example above, the synth working dirs are in “/build/synth”. Make sure the base directories exist. Clean out any cruft for a fresh build from-scratch:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003erm -rf /build/synth/live_packages/*\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003erm -rf /build/synth/logs\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003emkdir /build/synth/logs\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRun synth everything. I recommend doing this in a ‘screen’ session in case you lose your ssh session (assuming you are ssh’d into the build machine).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e(optionally start a screen session)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003esynth everything\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA full synth build takes over 24 hours to run on a 48-core box, around 12 hours to run on a 64-core box. On a 4-core/8-thread box it will take at least 3 days. There will be times when swap space is heavily used. If you have not run synth before, monitor your memory and swap loads to make sure you have configured the jobs properly. If you are overloading the system, you may have to ^C the synth run, reduce the jobs, and start it again. It will pick up where it left off.\u003c/li\u003e\n\u003cli\u003eWhen synth finishes, let it rebuild the database. You then have a working binary repo.\u003c/li\u003e\n\u003cli\u003eIt is usually a good idea to run synth several times to pick up any stuff it couldn’t build the first time. Each of these incremental runs may take a few hours, depending on what it tries to build.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.freebsdbytes.com/2018/11/interview-eric-turgeon-founder-maintainer-ghostbsd/\"\u003eInterview with founder and maintainer of GhostBSD, Eric Turgeon\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThanks you Eric for taking part. To start off, could you  tell us a little about yourself, just a bit of background?\u003c/li\u003e\n\u003cli\u003eHow did you become interested in open source?\u003c/li\u003e\n\u003cli\u003eWhen and how did you get interested in the BSD operating systems?\u003c/li\u003e\n\u003cli\u003eOn your Twitter profile, you state that you are an automation engineer at iXsystems. Can you share what you do in your day-to-day job?\u003c/li\u003e\n\u003cli\u003eYou are the founder and project lead of GhostBSD. Could you describe GhostBSD to those who have never used it or never heard of it?\u003c/li\u003e\n\u003cli\u003eDeveloping an operating system is not a small thing. What made you decide to start the GhostBSD project and not join another “desktop FreeBSD” related project, such as PC-BSD and DesktopBSD at the time?\u003c/li\u003e\n\u003cli\u003eHow did you get to the name GhostBSD? Did you consider any other names?\u003c/li\u003e\n\u003cli\u003eYou recently released GhostBSD 18.10? What’s new in that version and what are the key features? What has changed since GhostBSD 11.1?\u003c/li\u003e\n\u003cli\u003eThe current version is 18.10. Will the next version be 19.04 (like Ubuntu’s version numbering), or is a new version released after the next stable TrueOS release\u003c/li\u003e\n\u003cli\u003eCan you tell us something about the development team? Is it yourself, or are there other core team members? I think I saw two other developers on your Github project page.\u003c/li\u003e\n\u003cli\u003eHow about the relationship with the community? Is it possible for a community member to contribute, and how are those contributions handled?\u003c/li\u003e\n\u003cli\u003eWhat was the biggest challenge during development?\u003c/li\u003e\n\u003cli\u003eIf you had to pick one feature readers should check out in GhostBSD, what is it and why?\u003c/li\u003e\n\u003cli\u003eWhat is the relationship between iXsystems and the GhostBSD project? Or is GhostBSD a hobby project that you run separately from your work at iXsystems?\u003c/li\u003e\n\u003cli\u003eWhat is the relationship between GhostBSD and TrueOS? Is GhostBSD TrueOS with the MATE desktop on top, or are there other modifications, additions, and differences?\u003c/li\u003e\n\u003cli\u003eWhere does GhostBSD go from here? What are your plans for 2019?\u003c/li\u003e\n\u003cli\u003eIs there anything else that wasn’t asked or that you want to share?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/gonzoua/status/1071252700023508993\"\u003edialog(1) script to select audio output on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.obligd.com/posts/erlang-otp-on-openbsd.html\"\u003eErlang otp on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/57/\"\u003eCapsicum\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html\"\u003ehttps://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/introduction_to_%C2%B5ubsan_a_clean\"\u003eIntroduction to µUBSan - a clean-room reimplementation of the Undefined Behavior Sanitizer runtime\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://pkgsrc.org/pkgsrcCon/2018/talks.html\"\u003epkgsrcCon 2018 in Berlin - Videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freebsddesktop.github.io/2018/12/08/drm-kmod-primer.html\"\u003eGetting started with drm-kmod\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/28PYSGK\"\u003eShow segment idea\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFraser - \u003ca href=\"http://dpaste.com/38W3PRB\"\u003eQuestion: FreeBSD official binary package options\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHarri - \u003ca href=\"http://dpaste.com/3SENZ7H#wrap\"\u003eBSD Magazine\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more.","date_published":"2018-12-13T04:15:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9e174552-285e-4d49-9120-830715479ac5.mp3","mime_type":"audio/mp3","size_in_bytes":42596758,"duration_in_seconds":4241}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2997","title":"Episode 275: OpenBSD in Stereo | BSD Now 275","url":"https://www.bsdnow.tv/275","content_text":"DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.\n\nHeadlines\n\nDragonflyBSD 5.4 released\n\nDragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases.\nThe details of all commits between the 5.2 and 5.4 branches are available in the associated commit messages for 5.4.0rc and 5.4.0.\n\n\n    Big-ticket items\n    Much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. In particular, both the memory subsystem and the scheduler now understand the Threadripper 2990WX’s architecture. The scheduler will prioritize CPU nodes with direct-attached memory and the memory subsystem will normalize memory queues for CPU nodes without direct-attached memory (which improves cache locality on those CPUs).\n    Incremental performance work. DragonFly as a whole is very SMP friendly. The type of performance work we are doing now mostly revolves around improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks (i.e. massive use of shared locks on shared resources), and so forth.\n    Major updates to dports brings us to within a week or two of FreeBSD’s ports as of this writing, in particular major updates to chromium, and making the whole mess work with gcc-8.\n    Major rewriting of the tty clist code and the tty locking code, significantly improving concurrency across multiple ttys and ptys.\n    GCC 8\n    DragonFly now ships with GCC 8.0, and runs as the default compiler. It is also now used for building dports.\n    GCC 4.7.4 and GCC 5.4.1 are still installed. 4.7.4 is our backup compiler, and 5.4.1 is still there to ensure a smooth transition, but should generally not be used. buildworld builds all three by default to ensure maximum compatibility.\n    Many passes through world sources were made to address various warnings and errors the new GCC brought with it.\n    HAMMER2\n    HAMMER2 is recommended as the default root filesystem in non-clustered mode.\n    Clustered support is not yet available.\n    Increased bulkfree cache to reduce the number of iterations required.\n    Fixed numerous bugs.\n    Improved support on low-memory machines.\n    Significant pre-work on the XOP API to help support future networked operations.\n    Details\n    Checksums\nMD5 (dfly-x86_64-5.4.0_REL.img) = 7277d7cffc92837c7d1c5dd11a11b98f\nMD5 (dfly-x86_64-5.4.0_REL.iso) = 6da7abf036fe9267479837b3c3078408\nMD5 (dfly-x86_64-5.4.0_REL.img.bz2) = a77a072c864f4b72fd56b4250c983ff1\nMD5 (dfly-x86_64-5.4.0_REL.iso.bz2) = 4dbfec6ccfc1d59c5049455db914d499\n    Downloads Links\n\n\nDragonFly BSD is 64-bit only, as announced during the 3.8 release.\n\n\n    USB: dfly-x86_64-5.4.0_REL.img as bzip2 file\n    ISO: dfly-x86_64-5.4.0_REL.iso as bzip2 file\n    Uncompressed ISO: dfly-x86_64-5.4.0_REL.iso (For use with VPS providers as an install image.)\n\n\n\n\nDown the Gopher hole with OpenBSD, Gophernicus, and TLS\n\nIn the early 2000s I thought I had seen the worst of the web - Java applets, Macromedia (\u0026gt;Adobe) Flash, animated GIFs, javascript snow that kept you warm in the winter by burning out your CPU, and so on. For a time we learned from these mistakes, and started putting the burden on the server-side - then with improvements in javascript engines we started abusing it again with JSON/AJAX and it all went down hill from there.\n\nLike cloud computing, blockchains, machine learning and a tonne of other a la mode technologies around today - most users and service providers don’t need websites that consume 1GB of memory processing JS and downloading 50MB of compressed data just to read Alice’s one-page travel blog or Bob’s notes on porting NetBSD to his blood-pressure monitor.\n\nBefore the HTTP web we relied on Prestel/Minitel style systems, BBS systems, and arguably the most accessible of all - Gopher! Gopher was similar to the locally accessed AmigaGuide format, in that it allowed users to search and retrieve documents interactively, with links and cross-references. Its efficiency and distraction-free nature make it attractive to those who are tired of the invasive, clickbait, ad-filled, javascript-laden web2/3.x. But enough complaining and evangelism - here’s how to get your own Gopher Hole!\n\nGophernicus is a modern gopher daemon which aims to be secure (although it still uses inetd -_-); it’s even in OpenBSD ports so at least we can rely on it to be reasonably audited.\n\nIf you need a starting point with Gopher, SDF-EU’s wiki has a good article here.\n\n\n    https://sdfeu.org/w/tutorials:gopher\n\n\nFinally, if you don’t like gopher(1) - there’s always lynx(1) or NCSA Mosaic!\n\n\n    https://cryogenix.net/NCSA_Mosaic_OpenBSD.html\n\n\nI’ve added TLS support to Gophernicus so you don’t need to use stunnel anymore. The code is ugly and unpolished though so I wouldn’t recommend for production use.\n\n\n    https://github.com/0x16h/gophernicus\n    https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd\n\n\n\n\nNews Roundup\n\nOpenBSD in Stereo with Linux VFIO\n\nI use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker.\nNow, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.\n\n\n    VFIO\n\n\nThe Linux kernel has functionality called VFIO which enables direct access to a physical device (like a PCI card) from userspace, usually passing it to an emulator like QEMU.\nTo my surprise, these days, it seems to be primarily by gamers who boot Linux, then use QEMU to run a game in Windows and use VFIO to pass the computer’s GPU device through to Windows.\nBy using Linux and VFIO, I was able to boot Windows 10 inside of QEMU and pass my laptop’s PCI audio device through to Windows, allowing the Realtek audio drivers to natively control the audio device. Combined with QEMU’s tracing functionality, I was able to get a log of all PCI I/O between Windows and the PCI audio device.\n\n\n    Using VFIO\n\n\nTo use VFIO to pass-through a PCI device, it first needs to be stubbed out so the Linux kernel’s default drivers don’t attach to it. GRUB can be configured to instruct the kernel to ignore the PCI audio device (8086:9d71) and explicitly enable the Intel IOMMU driver by adding the following to /etc/default/grub and running update-grub\nWith the audio device stubbed out, a new VFIO device can be created from it\nThen the VFIO device (00:1f.3) can be passed to QEMU\nI was using my own build of QEMU for this, due to some custom logging I needed (more on that later), but the default QEMU package should work fine. The events.txt was a file of all VFIO events I wanted logged (which was all of them).\nSince I was frequently killing QEMU and restarting it, Windows 10 wanted to go through its unexpected shutdown routine each time (and would sometimes just fail to boot again). To avoid this and to get a consistent set of logs each time, I used qemu-img to take a snapshot of a base image first, then boot QEMU with that snapshot. The snapshot just gets thrown away the next time qemu-img is run and Windows always starts from a consistent state.\nQEMU will now log each VFIO event which gets saved to a debug-output file.\nWith a full log of all PCI I/O activity from Windows, I compared it to the output from OpenBSD and tried to find the magic register writes that enabled the second speaker. After days of combing through the logs and annotating them by looking up hex values in the documentation, diffing runtime register values, and even brute-forcing it by mechanically duplicating all PCI I/O activity in the OpenBSD driver, nothing would activate the right speaker.\nOne strange thing that I noticed was if I booted Windows 10 in QEMU and it activated the speaker, then booted OpenBSD in QEMU without resetting the PCI device’s power in-between (as a normal system reboot would do), both speakers worked in OpenBSD and the configuration that the HDA controller presented was different, even without any changes in OpenBSD.\n\nA Primer on Intel HDA\nMost modern computers with integrated sound chips use an Intel High Definition Audio (HDA) Controller device, with one or more codecs (like the Realtek ALC269) hanging off of it. These codecs do the actual audio processing and communicate with DACs and ADCs to send digital audio to the connected speakers, or read analog audio from a microphone and convert it to a digital input stream. In my Huawei Matebook X, this is done through a Realtek ALC298 codec.\nOn OpenBSD, these HDA controllers are supported by the azalia(4) driver, with all of the per-codec details in the lengthy azalia_codec.c file. This file has grown quite large with lots of codec- and machine-specific quirks to route things properly, toggle various GPIO pins, and unmute speakers that are for some reason muted by default.\nThe azalia driver talks to the HDA controller and sets up various buffers and then walks the list of codecs. Each codec supports a number of widget nodes which can be interconnected in various ways. Some of these nodes can be reconfigured on the fly to do things like turning a microphone port into a headphone port.\nThe newer Huawei Matebook X Pro released a few months ago is also plagued with this speaker problem, although it has four speakers and only two work by default. A fix is being proposed for the Linux kernel which just reconfigures those widget pins in the Intel HDA driver. Unfortunately no pin reconfiguration is enough to fix my Matebook X with its two speakers.\nWhile reading more documentation on the HDA, I realized there was a lot more activity going on than I was able to see through the PCI tracing.\nFor speed and efficiency, HDA controllers use a DMA engine to transfer audio streams as well as the commands from the OS driver to the codecs. In the output above, the CORBWP=0; size=256 and RIRBRP=0, size=256 indicate the setup of the CORB (Command Output Ring Buffer) and RIRB (Response Input Ring Buffer) each with 256 entries. The HDA driver allocates a DMA address and then writes it to the two CORBLBASE and CORBUBASE registers, and again for the RIRB.\nWhen the driver wants to send a command to a codec, such as CORB_GET_PARAMETER with a parameter of COP_VOLUME_KNOB_CAPABILITIES, it encodes the codec address, the node index, the command verb, and the parameter, and then writes that value to the CORB ring at the address it set up with the controller at initialization time (CORBLBASE/CORBUBASE) plus the offset of the ring index. Once the command is on the ring, it does a PCI write to the CORBWP register, advancing it by one. This lets the controller know a new command is queued, which it then acts on and writes the response value on the RIRB ring at the same position as the command (but at the RIRB’s DMA address). It then generates an interrupt, telling the driver to read the new RIRBWP value and process the new results.\nSince the actual command contents and responses are handled through DMA writes and reads, these important values weren’t showing up in the VFIO PCI trace output that I had gathered. Time to hack QEMU.\n\n\n    Logging DMA Memory Values in QEMU\n\n\nSince DMA activity wouldn’t show up through QEMU’s VFIO tracing and I obviously couldn’t get Windows to dump these values like I could in OpenBSD, I could make QEMU recognize the PCI write to the CORBWP register as an indication that a command has just been written to the CORB ring.\nMy custom hack in QEMU adds some HDA awareness to remember the CORB and RIRB DMA addresses as they get programmed in the controller. Then any time a PCI write to the CORBWP register is done, QEMU fetches the new CORB command from DMA memory, decodes it into the codec address, node address, command, and parameter, and prints it out. When a PCI read of the RIRBWP register is requested, QEMU reads the response and prints the corresponding CORB command that it stored earlier.\nWith this hack in place, I now had a full log of all CORB commands and RIRB responses sent to and read from the codec:\nAn early version of this patch left me stumped for a few days because, even after submitting all of the same CORB commands in OpenBSD, the second speaker still didn’t work. It wasn’t until re-reading the HDA spec that I realized the Windows driver was submitting more than one command at a time, writing multiple CORB entries and writing a CORBWP value that was advanced by two. This required turning my CORB/RIRB reading into a for loop, reading each new command and response between the new CORBWP/RIRBWP value and the one previously seen.\nSure enough, the magic commands to enable the second speaker were sent in these periods where it submitted more than one command at a time.\n\n\n    Minimizing the Magic\n\n\nThe full log of VFIO PCI activity from the Windows driver was over 65,000 lines and contained 3,150 CORB commands, which is a lot to sort through. It took me a couple more days to reduce that down to a small subset that was actually required to activate the second speaker, and that could only be done through trial and error:\n\n\n    Boot OpenBSD with the full list of CORB commands in the azalia driver\n    Comment out a group of them\n    Compile kernel and install it, halt the QEMU guest\n    Suspend and wake the laptop, resetting PCI power to the audio device to reset the speaker/Dolby initialization and ensure the previous run isn’t influencing the current test (I’m guessing there is an easier to way to reset PCI power than suspending the laptop, but oh well)\n    Start QEMU, boot OpenBSD with the new kernel\n    Play an MP3 with mpg123 which has alternating left- and right-channel audio and listen for both channels to play\n\n\nThis required a dozen or so iterations because sometimes I’d comment out too many commands and the right speaker would stop working. Other times the combination of commands would hang the controller and it wouldn’t process any further commands. At one point the combination of commands actually flipped the channels around so the right channel audio was playing through the left speaker.\n\n\n    The Result\n\n\nAfter about a week of this routine, I ended up with a list of 662 CORB commands that are needed to get the second speaker working. Based on the number of repeated-but-slightly-different values written with the 0x500 and 0x400 commands, I’m guessing this is some kind of training data and that this is doing the full Dolby/Atmos system initialization, not just turning on the second speaker, but I could be completely wrong.\nIn any case, the stereo sound from OpenBSD is wonderful now and I can finally stop downmixing everything to mono to play from the left speaker. In case you ever need to do this, sndiod can be run with -c 0:0 to reduce the channels to one.\nDue to the massive size of the code needed for this quirk, I’m not sure if I’ll be committing it upstream in OpenBSD or just saving it for my own tree. But at least now the hardware support chart for my Matebook is all yeses for the things I care about.\nI’ve also updated the Linux bug report that I opened before venturing down this path, hoping one of the maintainers of that HDA code that works at Intel or Realtek knew of a solution I could just port to OpenBSD. I’m curious to see what they’ll do with it.\n\n\n\nWhy BSD/OS is the best candidate for being the only tested legally open UNIX\n\n\n    Introduction\n\n\nThe UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed.\n\n\n    Ancient UNIX\n\n\nThe term “Ancient UNIX” refers to the versions of UNIX up to and including Seventh Edition UNIX (1979) including the 32V port to the VAX. Ancient UNIX was created at Bell Laboratories, a subsidiary of AT\u0026amp;T at the time. It was later transferred of the AT\u0026amp;T UNIX Support Group, then AT\u0026amp;T Information Systems and finally the AT\u0026amp;T subsidiary UNIX System Laboratories, Inc. (USL). The legal situation differs between the United States of America and Germany.\nIn a ruling as part of the UNIX System Laboratories, Inc. v. Berkeley Software Design, Inc. (USL v. BSDi) case, a U.S. court found that USL had no copyright to the Seventh Edition UNIX system and 32V – arguably, by extension, all earlier versions of Ancient UNIX as well – because USL/AT\u0026amp;T had failed to affix copyright notices and could not demonstrate a trade secret. Due to the obsessive tendency of U.S. courts to consider themselves bound to precedents (cf. the infamous Pierson v. Post case), it can be reasonably expected that this ruling would be honored and applied in subsequent cases. Thus under U.S. law, Ancient UNIX can be safely assumed to belong in the public domain.\nThe situation differs in Germany. Unlike the U.S., copyright never needed registration in order to exist. Computer programs are works in the sense of the German 1965 Act on Copyright and Related Rights (Copyright Act, henceforth CopyA) as per CopyA § 2(1) no. 1. Even prior to the amendment of CopyA § 2(1) to include computer programs, computer programs have been recognized as copyrightable works by the German Supreme Court (BGHZ 112, 264 Betriebssystem, no. 19); CopyA § 137d(1) rightly clarifies that. The copyright holder at 1979 would still have been USL via Bell Labs and AT\u0026amp;T. Copyright of computer programs is transferred to the employer upon creation under CopyA § 69(1).\nNote that this does not affect expiry (Daniel Kaboth/Benjamin Spies, commentary on CopyA §§ 69a‒69g, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), Urheberrecht: UrhG, KUG, VerlG, VGG, Kommentar, 4th ed., C. H. Beck, 2018, no. 16 ad CopyA § 69b; cf. Bundestag-Drucksache [BT-Drs.] 12/4022, p. 10). Expiry occurs 70 years after the death of the (co-)author that died most recently as per CopyA § 65(1) and 64; this has been the case since at least the 1960s, meaning there is no way for copyright to have expired already (old version, as per Bundesgesetzblatt Part I No. 51 of September 16, 1965, pp. 1273‒1294).\nIn Germany, private international law applies the so-called “Territorialitätsprinzip” for intellectual property rights. This means that the effect of an intellectual property right is limited to the territory of a state (Anne Lauber-Rönsberg, KollisionsR, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), ibid., pp. 2241 et seqq., no. 4). Additionally, the “Schutzlandprinzip” applies; this means that protection of intellectual property follows the lex loci protectionis, i.e. the law of the country for which protection is sought (BGH GRUR 2015, 264 HiHotel II, no. 25; BGH GRUR 2003, 328 Sender Felsberg, no. 24), albeit this is criticized in parts of doctrine (Lauber-Rönsberg, ibid., no. 10). The “Schutzlandprinzip” requires that the existence of an intellectual property right be verified as well (BGH ZUM 2016, 522 Wagenfeld-Leuchte II, no. 19).\nThus, in Germany, copyright on Ancient UNIX is still alive and well. Who has it, though? A ruling by the U.S. Court of Appeals, Tenth Circuit, in the case of The SCO Group, Inc. v. Novell, Inc. (SCO v. Novell) in the U.S. made clear that Novell owns the rights to System V – thus presumably UNIX System III as well – and Ancient UNIX, though SCO acquired enough rights to develop UnixWare/OpenServer (Ruling 10-4122 [D.C. No. 2:04-CV-00139-TS], pp. 19 et seq.). Novell itself was purchased by the Attachmate Group, which was in turn acquired by the COBOL vendor Micro Focus. Therefore, the rights to SVRX and – outside the U.S. – are with Micro Focus right now. If all you care about is the U.S., you can stop reading about Ancient UNIX here.\nSo how does the Caldera license factor into all of this? For some context, the license was issued January 23, 2002 and covers Ancient UNIX (V1 through V7 including 32V), specifically excluding System III and System V. Caldera, Inc. was founded in 1994. The Santa Cruz Operation, Inc. sold its rights to UNIX to Caldera in 2001, renamed itself to Tarantella Inc. and Caldera renamed itself The SCO Group. Nemo plus iuris ad alium transferre potest quam ipse habet; no one can transfer more rights than he has. The question now becomes whether Caldera had the rights to issue the Caldera license.\nI’ve noted it above but it needs restating: Foreign decisions are not necessarily accepted in Germany due to the “Territorialitätsprinzip” and “Schutzlandprinzip” – however, I will be citing a U.S. ruling for its assessment of the facts for the sake of simplicity. As per ruling 10-4122, “The district court found the parties intended for SCO to serve as Novell’s agent with respect to the old SVRX licenses and the only portion of the UNIX business transferred outright under the APA [asset purchase agreement] was the ability to exploit and further develop the newer UnixWare system. SCO was able to protect that business because it was able to copyright its own improvements to the system. The only reason to protect the earlier UNIX code would be to protect the existing SVRX licenses, and the court concluded Novell retained ultimate control over that portion of the business under the APA.” The relevant agreements consist of multiple pieces:\nthe base Asset Purchase Agreement “APA” (Part I)\nthe base Asset Purchase Agreement “APA” (Part II)\nthe Operating Agremeent and Amendment 1 to the APA\nthe Amendment 2 to the APA\nThe APA dates September 19, 1995, from before the Caldera license. Caldera cannot possibly have acquired rights that The Santa Cruz Operation, Inc. itself never had. Furthermore, I’ve failed to find any mention of Ancient UNIX; all that is transferred is rights to SVRX. Overall, I believe that the U.S. courts’ assesment of the facts represents the situation accurately. Thus for all intents and purposes, UNIX up to and including System V remained with Novell/Attachmate/Micro Focus. Caldera therefore never had any rights to Ancient UNIX, which means it never had the rights to issue the Caldera license. The Caldera license is null and void – in the U.S. because the copyright has been lost due to formalities, everywhere else because Caldera never had the rights to issue it.\nThe first step to truly freeing UNIX would this be to get Micro Focus to re-issue the Caldera license for Ancient UNIX, ideally it would now also include System III and System V.\n\n\n    BSD/OS\n\n\nAnother operating system near UNIX is of interest. The USL v. BSDi lawsuit includes two parties: USL, which we have seen above, and Berkeley Software Design, Inc. BSDi sold BSD/386 (later BSD/OS), which was a derivative of 4.4BSD. The software parts of the BSDi company were acquired by Wind River Systems, whereas the hardware parts went to iXsystems. Copyright is not disputed there, though Wind River Systems ceased selling BSD/OS products 15 years ago, in 2003. In addition, Wind River System let their trademark on BSD expire, though this is without consequence for copyright.\nBSD/OS is notable in the sense that it powered much of early internet infrastructure. Traces of its legacy can still be found on Richard Stevens’ FAQ.\nTo truly make UNIX history free, BSD/OS would arguably also need to see a source code release. BSD/OS at least in its earliest releases under BSDi would ship with source code, though under a non-free license, far from BSD or even GPL licensing.\n\n\n    System V\n\n\nThe fate of System V as a whole is difficult to determine. Various licenses have been granted to a number of vendors (Dell UNIX comes to mind; HP for HP-UX, IBM for AIX, SGI UNIX, etc.). Sun released OpenSolaris – notoriously, Oracle closed the source to Solaris again after its release –, which is a System V Release 4 descendant. However, this means nothing for the copyright or licensing status of System V itself. Presumably, the rights with System V still remain with Novell (now Micro Focus): SCO managed to sublicense rights to develop and sell UnixWare/OpenServer, themselves System V/III descendants, to unXis, Inc. (now known as Xinuos, Inc.), which implies that Xinuos is not the copyright holder of System V.\nObviously, to free UNIX, System V and its entire family of descendants would also need to be open sourced. However, I expect tremendous resistance on part of all the companies mentioned. As noted in the “Ancient UNIX” section, Micro Focus alone would probably be sufficient to release System V, though this would mean nothing for the other commercial System V derivatives.\n\n\n    Newer Research UNIX\n\n\nThe fate of Bell Labs would be a different one; it would go on to be purchased by Lucent, now part of Nokia. After commercial UNIX got separated out to USL, Research UNIX would continue to exist inside of Bell Labs. Research UNIX V8, V9 and V10 were not quite released by Alcatel-Lucent USA Inc. and Nokia in 2017.\nHowever, this is merely a notice that the companies involved will not assert their copyrights only with respect to any non-commercial usage of the code. It is still not possible, over 30 years later, to freely use the V8 code.\n\n\n    Conclusion\nIn the U.S., Ancient UNIX is freely available. People located everywhere else, however, are unable to legally obtain UNIX code for any of the systems mentioned above. The exception being BSD/OS, assuming a purchase of a legitimate copy of the source code CD. This is deeply unsatisfying and I implore all involved companies to consider open sourcing (preferably under a BSD-style license) their code older than a decade, if nothing else, then at least for the sake of historical purposes. I would like to encourage everybody reading this to consider reaching out to Micro Focus and Wind River Systems about System V and BSD/OS, respectively. Perhaps the masses can change their minds.\n\n\nA small note about patents: Some technologies used in newer iterations of the UNIX system (in particular the System V derivatives) may be encumbered with software patents. An open source license will not help against patent infringement claims. However, the patents on anything used in the historical operating systems will certainly have expired by now. In addition, European readers can ignore this entirely – software patents just aren’t a thing.\n\n\n\nOpenBGPD - Adding Diversity to the Route Server Landscape\n\n\n    Introduction\n\n\nAs of last year, there was effectively only a single solution in the Route Server vendor market: the BIRD Internet routing daemon. NIC.CZ (the organisation developing BIRD) has done fantastic work on maintaining their BGP-4 implementation, however, it’s not healthy to have virtually every Internet Exchange Point (IXP) in the RIPE NCC service region depend on a single open source project. The current situation can be compared to the state of the DNS root nameservers back in 2002 - their dependence on the BIND nameserver daemon and the resulting development of NSD as an alternative by NLnet, in cooperation with the RIPE NCC.\nOpenBGPD used to be one of the most popular Route Server implementations until the early 2010s. OpenBGPD’s main problem was that its performance couldn’t keep up with the Internet’s growth, so it lost market share. An analysis by Job Snijders suggested that a modernised OpenBGPD distribution would be a most viable option to regain diversity on the Route Server level.\n\n\n    Missing features in OpenBGPD\n\n\nThe following main missing features were identified in OpenBGPD:\n\n\n    Performance\n\n\nIn previous versions of OpenBGPD, the filtering performance didn’t allow proper filtering of all EBGP sessions. Current best practice at IXP Route Servers is to carefully evaluate and validate of all routes learned from EBGP peers. The OpenBGPD ruleset required to do correct filtering (in many deployment scenarios) was simply too lengthy - and negatively impacted service performance during configuration reloads. While filtering performance is the biggest bottleneck, general improvements to the Routing Information Base were also made to improve scalability. IXP Route Servers with a few hundred peering sessions are commonplace and adding new sessions shouldn’t impact the Route Servers’ service to other peers. We found that performance was the most pressing issue that needed to be tackled.\n\n\n    Lack of RPKI Origin Validation\n\n\nAs we’ve seen, Internet operators are moving to adopt RPKI based BGP Origin Validation. While it was theoretically possible to emulate RFC 6811-style Origin Validation in previous versions of OpenBGPD, the required configuration wasn’t optimised for performance and wasn’t user friendly. We believe that BGP Origin Validation should be as easy as possible - this requires BGP-4 vendors to implement native, optimised routines for Origin Validation. Of course, enabling Origin Validation shouldn’t have an impact on performance either when processing BGP updates or when updating the Route Origin Authorisation (ROA) table itself.\n\n\n    Portability\n\n\nOpenBGPD is an integral part of OpenBSD, but IXPs may prefer to run their services infrastructure on an operating system of their choice. Making sure that there’s a portable OpenBGPD version which follows the OpenBSD project release cycle will give IXPs this option.\n\n\n    Development steps\n\n\nBy addressing the issues mentioned above, we could bring back OpenBGPD as a viable Route Server implementation.\nSince I was one of the core OpenBGPD developers, I was asked if I wanted to pick up this project again. Thanks to the funding from the RIPE NCC Project Fund, this was possible. Starting in June 2018, I worked full time on this important community project. Over the last few months, many of the problems are already addressed and are now part of the OpenBSD 6.4 release. So far, 154 commits were made to OpenBGPD during the 6.4 development cycle - around 8% of all commits ever to OpenBGPD! This shows that due to funding and dedicated resources, a lot of work could be pushed into the latest release of OpenBGPD.\n\n\n    OpenBGPD 6.4\n\n\nThe OpenBGPD version, as part of OpenBSD 6.4 release, demonstrates great progress. Even though there have been many changes to the core of OpenBGPD, the released version is as solid and reliable as previous releases and the many bug fixes and improvements make this the best OpenBGPD release so far. The changes in the filter language allow users to write more efficient rulesets while the introduction of RPKI origination validation fixes an important missing feature. For IXPs, OpenBGPD now is an alternative again. There are still open issues, but the gap is closing!\n\n\n    Feature highlights\n\n\nThe following changes should be highlighted:\n\n\n    Introduction of background soft-reconfiguration on config reload. Running the soft-reconfiguration task in the background allows for new updates and withdraws to be processed at the same time. This improves convergence time - one of the key metrics for Route Servers.\n    BGP Origin Validation when a roa-set is configured Every EBGP route announcement is validated against the locally configured VRP table entries. Depending on the validation process’s outcome, the validation state is set to valid, invalid or not found. The filter language has been extended to allow checking for the origin validation state, and thanks to this, it is possible to deny invalid prefixes or regard valid prefixes different to the ones that aren’t found. The roa-set table is read from the configuration file and updated during configuration reloads. On production systems reloading the roa-set and applying it to all prefixes is done in a couple of seconds.\n    Fast prefix-set lookups In OpenBSD 6.3 prefix-sets got introduced in OpenBGPD. A prefix-set combines many prefix lookups into a single filter rule. The original implementation wasn’t optimised but now a fast trie lookup is used. Thanks to this, large IRR DB prefix tables can now be implemented efficiently.\n    Introduction of as-sets Similar to prefix-sets, as-sets help group many AS numbers into a single lookup. Thanks to this, large IRR DB origin AS tables can be implemented efficiently.\nIntroduction of origin-sets\n    Looking at the configurations of Route Servers doing full filtering, it was noticed that a common lookup was binding a prefix to an origin AS - similar to how a roa-set is used for RPKI. These origin-set tables are used to extend the IRR prefix lookup and generated from alternative sources.\n    Improving third party tools\n\n\nUsers can only benefit from the changes introduced in OpenBGPD 6.4 when the surrounding 3rd party tools are adjusted accordingly. Two opensource projects such as bgpq3 and arouteserver are frequently used by network operators and IXPs to generate BGP configurations. Thanks to our contributions to those projects, we were able to get them ready for all the new features in OpenBGPD.\n\n\n    bgpq3 was extended to create as-set and prefix-set tables based on IRR DB entries. This is replacing the old way of doing the same with a large amount of filter rules. Thanks to the quick response from the bgpq3 maintainer, it was possible to ship OpenBSD 6.4 with a bgpq3 package that includes all the new features.\n    arouteserver was adjusted to implement RPKI roa-set, as-set, prefix-set, and origin-set to generate a much better-performing configurations for the 6.4 version. With the v0.20.0 release of arouteserver, IXPs are able to generate an OpenBGPD configuration which is a ton faster but also implements the new functionalities. Looking at YYCIX (the resident IXP in Calgary, Canada) the ruleset generated by arouteserver was reduced from 370,000 rules to well under 6,000 rules. This resulted in the initial convergence time dropping from over 1 hour to less than 2 minutes, and subsequent configuration reloads are hitless and no longer noticeable.\n    What still needs to be done\n\n\nA sizeable chunk of work still left on the table is the rework of the RIB data structures in OpenBGPD - these haven’t been changed since the initial design of OpenBGPD in 2003. There’s currently ongoing work (in small steps, to avoid jeopardising the stability of OpenBGPD) to modernise these data-structures. The goal is to provide better decoupling of the filter step from storing RIB database changes, to pave the way to multi-threaded operations at a later point.\n\n\n    Looking forward\n    Job Snijders oversaw this year’s fundraising and project management, he adds:\n\n\nIt’s been incredibly productive to create an environment where a core developer is allowed to work full time on the OpenBGPD code base. However, it’s important to note there still is room for a number of new features to help improve its operational capabilities (such as BMP, RFC 7313, ADD_PATH, etc). It’d be beneficial to the Internet community at large if we can extend Claudio Jeker’s involvement for another year. Open source software doesn’t grow on trees! Strategic investments are the only way to keep OpenBGPD’s roadmap aligned with Internet growth and operator requirements.\n\n\n\nBeastie Bits\n\n\n    DragonFly - git: annotated tag v5.5.0 created\n    Torchlight 2 on NetBSD\n    Older, but still good USENIX Login Article on Capsicum\n    The Super Capsicumizer 9000\n    Dedicated and Virtual Server PXE provisioning tool\n    Cirrus CI have announced FreeBSD support\n    NetBSD PineBook Gameplay\n    BSDCan 2019 CfP is out\n    Allan’s first ZFS array, Zulu, turned 7 years old on Nov 29th\n\n\n\n\nFeedback/Questions\n\n\n    Malcom - Installing Drivers in Development\n    Samir - Introduction to ZFS\n    Newnix - Drive Failures\n\n\n\n\n\n    Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eDragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release54/\"\u003eDragonflyBSD 5.4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eDragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases.\nThe details of all commits between the 5.2 and 5.4 branches are available in the associated commit messages for 5.4.0rc and 5.4.0.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eBig-ticket items\u003c/li\u003e\n    \u003cli\u003eMuch better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. In particular, both the memory subsystem and the scheduler now understand the Threadripper 2990WX’s architecture. The scheduler will prioritize CPU nodes with direct-attached memory and the memory subsystem will normalize memory queues for CPU nodes without direct-attached memory (which improves cache locality on those CPUs).\u003c/li\u003e\n    \u003cli\u003eIncremental performance work. DragonFly as a whole is very SMP friendly. The type of performance work we are doing now mostly revolves around improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks (i.e. massive use of shared locks on shared resources), and so forth.\u003c/li\u003e\n    \u003cli\u003eMajor updates to dports brings us to within a week or two of FreeBSD’s ports as of this writing, in particular major updates to chromium, and making the whole mess work with gcc-8.\u003c/li\u003e\n    \u003cli\u003eMajor rewriting of the tty clist code and the tty locking code, significantly improving concurrency across multiple ttys and ptys.\u003c/li\u003e\n    \u003cli\u003eGCC 8\u003c/li\u003e\n    \u003cli\u003eDragonFly now ships with GCC 8.0, and runs as the default compiler. It is also now used for building dports.\u003c/li\u003e\n    \u003cli\u003eGCC 4.7.4 and GCC 5.4.1 are still installed. 4.7.4 is our backup compiler, and 5.4.1 is still there to ensure a smooth transition, but should generally not be used. buildworld builds all three by default to ensure maximum compatibility.\u003c/li\u003e\n    \u003cli\u003eMany passes through world sources were made to address various warnings and errors the new GCC brought with it.\u003c/li\u003e\n    \u003cli\u003eHAMMER2\u003c/li\u003e\n    \u003cli\u003eHAMMER2 is recommended as the default root filesystem in non-clustered mode.\u003c/li\u003e\n    \u003cli\u003eClustered support is not yet available.\u003c/li\u003e\n    \u003cli\u003eIncreased bulkfree cache to reduce the number of iterations required.\u003c/li\u003e\n    \u003cli\u003eFixed numerous bugs.\u003c/li\u003e\n    \u003cli\u003eImproved support on low-memory machines.\u003c/li\u003e\n    \u003cli\u003eSignificant pre-work on the XOP API to help support future networked operations.\u003c/li\u003e\n    \u003cli\u003eDetails\u003c/li\u003e\n    \u003cli\u003eChecksums\n\u003ccode\u003eMD5 (dfly-x86_64-5.4.0_REL.img) = 7277d7cffc92837c7d1c5dd11a11b98f\u003c/code\u003e\n\u003ccode\u003eMD5 (dfly-x86_64-5.4.0_REL.iso) = 6da7abf036fe9267479837b3c3078408\u003c/code\u003e\n\u003ccode\u003eMD5 (dfly-x86_64-5.4.0_REL.img.bz2) = a77a072c864f4b72fd56b4250c983ff1\u003c/code\u003e\n\u003ccode\u003eMD5 (dfly-x86_64-5.4.0_REL.iso.bz2) = 4dbfec6ccfc1d59c5049455db914d499\u003c/code\u003e\u003c/li\u003e\n    \u003cli\u003eDownloads Links\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eDragonFly BSD is 64-bit only, as announced during the 3.8 release.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eUSB: dfly-x86_64-5.4.0_REL.img as bzip2 file\u003c/li\u003e\n    \u003cli\u003eISO: dfly-x86_64-5.4.0_REL.iso as bzip2 file\u003c/li\u003e\n    \u003cli\u003eUncompressed ISO: dfly-x86_64-5.4.0_REL.iso (For use with VPS providers as an install image.)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cryogenix.net/gophernicus.html\"\u003eDown the Gopher hole with OpenBSD, Gophernicus, and TLS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eIn the early 2000s I thought I had seen the worst of the web - Java applets, Macromedia (\u0026gt;Adobe) Flash, animated GIFs, javascript snow that kept you warm in the winter by burning out your CPU, and so on. For a time we learned from these mistakes, and started putting the burden on the server-side - then with improvements in javascript engines we started abusing it again with JSON/AJAX and it all went down hill from there.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eLike cloud computing, blockchains, machine learning and a tonne of other a la mode technologies around today - most users and service providers don’t need websites that consume 1GB of memory processing JS and downloading 50MB of compressed data just to read Alice’s one-page travel blog or Bob’s notes on porting NetBSD to his blood-pressure monitor.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eBefore the HTTP web we relied on Prestel/Minitel style systems, BBS systems, and arguably the most accessible of all - Gopher! Gopher was similar to the locally accessed AmigaGuide format, in that it allowed users to search and retrieve documents interactively, with links and cross-references. Its efficiency and distraction-free nature make it attractive to those who are tired of the invasive, clickbait, ad-filled, javascript-laden web2/3.x. But enough complaining and evangelism - here’s how to get your own Gopher Hole!\u003c/blockquote\u003e\n\n\u003cblockquote\u003eGophernicus is a modern gopher daemon which aims to be secure (although it still uses inetd -_-); it’s even in OpenBSD ports so at least we can rely on it to be reasonably audited.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eIf you need a starting point with Gopher, SDF-EU’s wiki has a good article here.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003e\u003ca href=\"https://sdfeu.org/w/tutorials:gopher\"\u003ehttps://sdfeu.org/w/tutorials:gopher\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eFinally, if you don’t like gopher(1) - there’s always lynx(1) or NCSA Mosaic!\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003e\u003ca href=\"https://cryogenix.net/NCSA_Mosaic_OpenBSD.html\"\u003ehttps://cryogenix.net/NCSA_Mosaic_OpenBSD.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eI’ve added TLS support to Gophernicus so you don’t need to use stunnel anymore. The code is ugly and unpolished though so I wouldn’t recommend for production use.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003e\u003ca href=\"https://github.com/0x16h/gophernicus\"\u003ehttps://github.com/0x16h/gophernicus\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd\"\u003ehttps://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2018/11/12/vfio\"\u003eOpenBSD in Stereo with Linux VFIO\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003eI use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker.\nNow, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eVFIO\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe Linux kernel has functionality called VFIO which enables direct access to a physical device (like a PCI card) from userspace, usually passing it to an emulator like QEMU.\nTo my surprise, these days, it seems to be primarily by gamers who boot Linux, then use QEMU to run a game in Windows and use VFIO to pass the computer’s GPU device through to Windows.\nBy using Linux and VFIO, I was able to boot Windows 10 inside of QEMU and pass my laptop’s PCI audio device through to Windows, allowing the Realtek audio drivers to natively control the audio device. Combined with QEMU’s tracing functionality, I was able to get a log of all PCI I/O between Windows and the PCI audio device.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eUsing VFIO\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eTo use VFIO to pass-through a PCI device, it first needs to be stubbed out so the Linux kernel’s default drivers don’t attach to it. GRUB can be configured to instruct the kernel to ignore the PCI audio device (8086:9d71) and explicitly enable the Intel IOMMU driver by adding the following to /etc/default/grub and running update-grub\nWith the audio device stubbed out, a new VFIO device can be created from it\nThen the VFIO device (00:1f.3) can be passed to QEMU\nI was using my own build of QEMU for this, due to some custom logging I needed (more on that later), but the default QEMU package should work fine. The events.txt was a file of all VFIO events I wanted logged (which was all of them).\nSince I was frequently killing QEMU and restarting it, Windows 10 wanted to go through its unexpected shutdown routine each time (and would sometimes just fail to boot again). To avoid this and to get a consistent set of logs each time, I used qemu-img to take a snapshot of a base image first, then boot QEMU with that snapshot. The snapshot just gets thrown away the next time qemu-img is run and Windows always starts from a consistent state.\nQEMU will now log each VFIO event which gets saved to a debug-output file.\nWith a full log of all PCI I/O activity from Windows, I compared it to the output from OpenBSD and tried to find the magic register writes that enabled the second speaker. After days of combing through the logs and annotating them by looking up hex values in the documentation, diffing runtime register values, and even brute-forcing it by mechanically duplicating all PCI I/O activity in the OpenBSD driver, nothing would activate the right speaker.\nOne strange thing that I noticed was if I booted Windows 10 in QEMU and it activated the speaker, then booted OpenBSD in QEMU without resetting the PCI device’s power in-between (as a normal system reboot would do), both speakers worked in OpenBSD and the configuration that the HDA controller presented was different, even without any changes in OpenBSD.\u003c/blockquote\u003e\n\n\u003cblockquote\u003eA Primer on Intel HDA\nMost modern computers with integrated sound chips use an Intel High Definition Audio (HDA) Controller device, with one or more codecs (like the Realtek ALC269) hanging off of it. These codecs do the actual audio processing and communicate with DACs and ADCs to send digital audio to the connected speakers, or read analog audio from a microphone and convert it to a digital input stream. In my Huawei Matebook X, this is done through a Realtek ALC298 codec.\nOn OpenBSD, these HDA controllers are supported by the azalia(4) driver, with all of the per-codec details in the lengthy azalia_codec.c file. This file has grown quite large with lots of codec- and machine-specific quirks to route things properly, toggle various GPIO pins, and unmute speakers that are for some reason muted by default.\nThe azalia driver talks to the HDA controller and sets up various buffers and then walks the list of codecs. Each codec supports a number of widget nodes which can be interconnected in various ways. Some of these nodes can be reconfigured on the fly to do things like turning a microphone port into a headphone port.\nThe newer Huawei Matebook X Pro released a few months ago is also plagued with this speaker problem, although it has four speakers and only two work by default. A fix is being proposed for the Linux kernel which just reconfigures those widget pins in the Intel HDA driver. Unfortunately no pin reconfiguration is enough to fix my Matebook X with its two speakers.\nWhile reading more documentation on the HDA, I realized there was a lot more activity going on than I was able to see through the PCI tracing.\nFor speed and efficiency, HDA controllers use a DMA engine to transfer audio streams as well as the commands from the OS driver to the codecs. In the output above, the CORBWP=0; size=256 and RIRBRP=0, size=256 indicate the setup of the CORB (Command Output Ring Buffer) and RIRB (Response Input Ring Buffer) each with 256 entries. The HDA driver allocates a DMA address and then writes it to the two CORBLBASE and CORBUBASE registers, and again for the RIRB.\nWhen the driver wants to send a command to a codec, such as CORB_GET_PARAMETER with a parameter of COP_VOLUME_KNOB_CAPABILITIES, it encodes the codec address, the node index, the command verb, and the parameter, and then writes that value to the CORB ring at the address it set up with the controller at initialization time (CORBLBASE/CORBUBASE) plus the offset of the ring index. Once the command is on the ring, it does a PCI write to the CORBWP register, advancing it by one. This lets the controller know a new command is queued, which it then acts on and writes the response value on the RIRB ring at the same position as the command (but at the RIRB’s DMA address). It then generates an interrupt, telling the driver to read the new RIRBWP value and process the new results.\nSince the actual command contents and responses are handled through DMA writes and reads, these important values weren’t showing up in the VFIO PCI trace output that I had gathered. Time to hack QEMU.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eLogging DMA Memory Values in QEMU\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eSince DMA activity wouldn’t show up through QEMU’s VFIO tracing and I obviously couldn’t get Windows to dump these values like I could in OpenBSD, I could make QEMU recognize the PCI write to the CORBWP register as an indication that a command has just been written to the CORB ring.\nMy custom hack in QEMU adds some HDA awareness to remember the CORB and RIRB DMA addresses as they get programmed in the controller. Then any time a PCI write to the CORBWP register is done, QEMU fetches the new CORB command from DMA memory, decodes it into the codec address, node address, command, and parameter, and prints it out. When a PCI read of the RIRBWP register is requested, QEMU reads the response and prints the corresponding CORB command that it stored earlier.\nWith this hack in place, I now had a full log of all CORB commands and RIRB responses sent to and read from the codec:\nAn early version of this patch left me stumped for a few days because, even after submitting all of the same CORB commands in OpenBSD, the second speaker still didn’t work. It wasn’t until re-reading the HDA spec that I realized the Windows driver was submitting more than one command at a time, writing multiple CORB entries and writing a CORBWP value that was advanced by two. This required turning my CORB/RIRB reading into a for loop, reading each new command and response between the new CORBWP/RIRBWP value and the one previously seen.\nSure enough, the magic commands to enable the second speaker were sent in these periods where it submitted more than one command at a time.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eMinimizing the Magic\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe full log of VFIO PCI activity from the Windows driver was over 65,000 lines and contained 3,150 CORB commands, which is a lot to sort through. It took me a couple more days to reduce that down to a small subset that was actually required to activate the second speaker, and that could only be done through trial and error:\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eBoot OpenBSD with the full list of CORB commands in the azalia driver\u003c/li\u003e\n    \u003cli\u003eComment out a group of them\u003c/li\u003e\n    \u003cli\u003eCompile kernel and install it, halt the QEMU guest\u003c/li\u003e\n    \u003cli\u003eSuspend and wake the laptop, resetting PCI power to the audio device to reset the speaker/Dolby initialization and ensure the previous run isn’t influencing the current test (I’m guessing there is an easier to way to reset PCI power than suspending the laptop, but oh well)\u003c/li\u003e\n    \u003cli\u003eStart QEMU, boot OpenBSD with the new kernel\u003c/li\u003e\n    \u003cli\u003ePlay an MP3 with mpg123 which has alternating left- and right-channel audio and listen for both channels to play\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThis required a dozen or so iterations because sometimes I’d comment out too many commands and the right speaker would stop working. Other times the combination of commands would hang the controller and it wouldn’t process any further commands. At one point the combination of commands actually flipped the channels around so the right channel audio was playing through the left speaker.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eThe Result\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eAfter about a week of this routine, I ended up with a list of 662 CORB commands that are needed to get the second speaker working. Based on the number of repeated-but-slightly-different values written with the 0x500 and 0x400 commands, I’m guessing this is some kind of training data and that this is doing the full Dolby/Atmos system initialization, not just turning on the second speaker, but I could be completely wrong.\nIn any case, the stereo sound from OpenBSD is wonderful now and I can finally stop downmixing everything to mono to play from the left speaker. In case you ever need to do this, sndiod can be run with -c 0:0 to reduce the channels to one.\nDue to the massive size of the code needed for this quirk, I’m not sure if I’ll be committing it upstream in OpenBSD or just saving it for my own tree. But at least now the hardware support chart for my Matebook is all yeses for the things I care about.\nI’ve also updated the Linux bug report that I opened before venturing down this path, hoping one of the maintainers of that HDA code that works at Intel or Realtek knew of a solution I could just port to OpenBSD. I’m curious to see what they’ll do with it.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://virtuallyfun.com/wordpress/2018/11/26/why-bsd-os-is-the-best-candidate-for-being-the-only-tested-legally-open-unix/\"\u003eWhy BSD/OS is the best candidate for being the only tested legally open UNIX\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n    \u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eAncient UNIX\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe term “Ancient UNIX” refers to the versions of UNIX up to and including Seventh Edition UNIX (1979) including the 32V port to the VAX. Ancient UNIX was created at Bell Laboratories, a subsidiary of AT\u0026amp;T at the time. It was later transferred of the AT\u0026amp;T UNIX Support Group, then AT\u0026amp;T Information Systems and finally the AT\u0026amp;T subsidiary UNIX System Laboratories, Inc. (USL). The legal situation differs between the United States of America and Germany.\nIn a ruling as part of the UNIX System Laboratories, Inc. v. Berkeley Software Design, Inc. (USL v. BSDi) case, a U.S. court found that USL had no copyright to the Seventh Edition UNIX system and 32V – arguably, by extension, all earlier versions of Ancient UNIX as well – because USL/AT\u0026amp;T had failed to affix copyright notices and could not demonstrate a trade secret. Due to the obsessive tendency of U.S. courts to consider themselves bound to precedents (cf. the infamous Pierson v. Post case), it can be reasonably expected that this ruling would be honored and applied in subsequent cases. Thus under U.S. law, Ancient UNIX can be safely assumed to belong in the public domain.\nThe situation differs in Germany. Unlike the U.S., copyright never needed registration in order to exist. Computer programs are works in the sense of the German 1965 Act on Copyright and Related Rights (Copyright Act, henceforth CopyA) as per CopyA § 2(1) no. 1. Even prior to the amendment of CopyA § 2(1) to include computer programs, computer programs have been recognized as copyrightable works by the German Supreme Court (BGHZ 112, 264 Betriebssystem, no. 19); CopyA § 137d(1) rightly clarifies that. The copyright holder at 1979 would still have been USL via Bell Labs and AT\u0026amp;T. Copyright of computer programs is transferred to the employer upon creation under CopyA § 69(1).\nNote that this does not affect expiry (Daniel Kaboth/Benjamin Spies, commentary on CopyA §§ 69a‒69g, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), Urheberrecht: UrhG, KUG, VerlG, VGG, Kommentar, 4th ed., C. H. Beck, 2018, no. 16 ad CopyA § 69b; cf. Bundestag-Drucksache [BT-Drs.] 12/4022, p. 10). Expiry occurs 70 years after the death of the (co-)author that died most recently as per CopyA § 65(1) and 64; this has been the case since at least the 1960s, meaning there is no way for copyright to have expired already (old version, as per Bundesgesetzblatt Part I No. 51 of September 16, 1965, pp. 1273‒1294).\nIn Germany, private international law applies the so-called “Territorialitätsprinzip” for intellectual property rights. This means that the effect of an intellectual property right is limited to the territory of a state (Anne Lauber-Rönsberg, KollisionsR, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), ibid., pp. 2241 et seqq., no. 4). Additionally, the “Schutzlandprinzip” applies; this means that protection of intellectual property follows the lex loci protectionis, i.e. the law of the country for which protection is sought (BGH GRUR 2015, 264 HiHotel II, no. 25; BGH GRUR 2003, 328 Sender Felsberg, no. 24), albeit this is criticized in parts of doctrine (Lauber-Rönsberg, ibid., no. 10). The “Schutzlandprinzip” requires that the existence of an intellectual property right be verified as well (BGH ZUM 2016, 522 Wagenfeld-Leuchte II, no. 19).\nThus, in Germany, copyright on Ancient UNIX is still alive and well. Who has it, though? A ruling by the U.S. Court of Appeals, Tenth Circuit, in the case of The SCO Group, Inc. v. Novell, Inc. (SCO v. Novell) in the U.S. made clear that Novell owns the rights to System V – thus presumably UNIX System III as well – and Ancient UNIX, though SCO acquired enough rights to develop UnixWare/OpenServer (Ruling 10-4122 [D.C. No. 2:04-CV-00139-TS], pp. 19 et seq.). Novell itself was purchased by the Attachmate Group, which was in turn acquired by the COBOL vendor Micro Focus. Therefore, the rights to SVRX and – outside the U.S. – are with Micro Focus right now. If all you care about is the U.S., you can stop reading about Ancient UNIX here.\nSo how does the Caldera license factor into all of this? For some context, the license was issued January 23, 2002 and covers Ancient UNIX (V1 through V7 including 32V), specifically excluding System III and System V. Caldera, Inc. was founded in 1994. The Santa Cruz Operation, Inc. sold its rights to UNIX to Caldera in 2001, renamed itself to Tarantella Inc. and Caldera renamed itself The SCO Group. Nemo plus iuris ad alium transferre potest quam ipse habet; no one can transfer more rights than he has. The question now becomes whether Caldera had the rights to issue the Caldera license.\nI’ve noted it above but it needs restating: Foreign decisions are not necessarily accepted in Germany due to the “Territorialitätsprinzip” and “Schutzlandprinzip” – however, I will be citing a U.S. ruling for its assessment of the facts for the sake of simplicity. As per ruling 10-4122, “The district court found the parties intended for SCO to serve as Novell’s agent with respect to the old SVRX licenses and the only portion of the UNIX business transferred outright under the APA [asset purchase agreement] was the ability to exploit and further develop the newer UnixWare system. SCO was able to protect that business because it was able to copyright its own improvements to the system. The only reason to protect the earlier UNIX code would be to protect the existing SVRX licenses, and the court concluded Novell retained ultimate control over that portion of the business under the APA.” The relevant agreements consist of multiple pieces:\nthe base Asset Purchase Agreement “APA” (Part I)\nthe base Asset Purchase Agreement “APA” (Part II)\nthe Operating Agremeent and Amendment 1 to the APA\nthe Amendment 2 to the APA\nThe APA dates September 19, 1995, from before the Caldera license. Caldera cannot possibly have acquired rights that The Santa Cruz Operation, Inc. itself never had. Furthermore, I’ve failed to find any mention of Ancient UNIX; all that is transferred is rights to SVRX. Overall, I believe that the U.S. courts’ assesment of the facts represents the situation accurately. Thus for all intents and purposes, UNIX up to and including System V remained with Novell/Attachmate/Micro Focus. Caldera therefore never had any rights to Ancient UNIX, which means it never had the rights to issue the Caldera license. The Caldera license is null and void – in the U.S. because the copyright has been lost due to formalities, everywhere else because Caldera never had the rights to issue it.\nThe first step to truly freeing UNIX would this be to get Micro Focus to re-issue the Caldera license for Ancient UNIX, ideally it would now also include System III and System V.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eBSD/OS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eAnother operating system near UNIX is of interest. The USL v. BSDi lawsuit includes two parties: USL, which we have seen above, and Berkeley Software Design, Inc. BSDi sold BSD/386 (later BSD/OS), which was a derivative of 4.4BSD. The software parts of the BSDi company were acquired by Wind River Systems, whereas the hardware parts went to iXsystems. Copyright is not disputed there, though Wind River Systems ceased selling BSD/OS products 15 years ago, in 2003. In addition, Wind River System let their trademark on BSD expire, though this is without consequence for copyright.\nBSD/OS is notable in the sense that it powered much of early internet infrastructure. Traces of its legacy can still be found on Richard Stevens’ FAQ.\nTo truly make UNIX history free, BSD/OS would arguably also need to see a source code release. BSD/OS at least in its earliest releases under BSDi would ship with source code, though under a non-free license, far from BSD or even GPL licensing.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eSystem V\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe fate of System V as a whole is difficult to determine. Various licenses have been granted to a number of vendors (Dell UNIX comes to mind; HP for HP-UX, IBM for AIX, SGI UNIX, etc.). Sun released OpenSolaris – notoriously, Oracle closed the source to Solaris again after its release –, which is a System V Release 4 descendant. However, this means nothing for the copyright or licensing status of System V itself. Presumably, the rights with System V still remain with Novell (now Micro Focus): SCO managed to sublicense rights to develop and sell UnixWare/OpenServer, themselves System V/III descendants, to unXis, Inc. (now known as Xinuos, Inc.), which implies that Xinuos is not the copyright holder of System V.\nObviously, to free UNIX, System V and its entire family of descendants would also need to be open sourced. However, I expect tremendous resistance on part of all the companies mentioned. As noted in the “Ancient UNIX” section, Micro Focus alone would probably be sufficient to release System V, though this would mean nothing for the other commercial System V derivatives.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eNewer Research UNIX\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe fate of Bell Labs would be a different one; it would go on to be purchased by Lucent, now part of Nokia. After commercial UNIX got separated out to USL, Research UNIX would continue to exist inside of Bell Labs. Research UNIX V8, V9 and V10 were not quite released by Alcatel-Lucent USA Inc. and Nokia in 2017.\nHowever, this is merely a notice that the companies involved will not assert their copyrights only with respect to any non-commercial usage of the code. It is still not possible, over 30 years later, to freely use the V8 code.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eConclusion\nIn the U.S., Ancient UNIX is freely available. People located everywhere else, however, are unable to legally obtain UNIX code for any of the systems mentioned above. The exception being BSD/OS, assuming a purchase of a legitimate copy of the source code CD. This is deeply unsatisfying and I implore all involved companies to consider open sourcing (preferably under a BSD-style license) their code older than a decade, if nothing else, then at least for the sake of historical purposes. I would like to encourage everybody reading this to consider reaching out to Micro Focus and Wind River Systems about System V and BSD/OS, respectively. Perhaps the masses can change their minds.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eA small note about patents: Some technologies used in newer iterations of the UNIX system (in particular the System V derivatives) may be encumbered with software patents. An open source license will not help against patent infringement claims. However, the patents on anything used in the historical operating systems will certainly have expired by now. In addition, European readers can ignore this entirely – software patents just aren’t a thing.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape\"\u003eOpenBGPD - Adding Diversity to the Route Server Landscape\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n    \u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eAs of last year, there was effectively only a single solution in the Route Server vendor market: the BIRD Internet routing daemon. \u003ca href=\"http://NIC.CZ\"\u003eNIC.CZ\u003c/a\u003e (the organisation developing BIRD) has done fantastic work on maintaining their BGP-4 implementation, however, it’s not healthy to have virtually every Internet Exchange Point (IXP) in the RIPE NCC service region depend on a single open source project. The current situation can be compared to the state of the DNS root nameservers back in 2002 - their dependence on the BIND nameserver daemon and the resulting development of NSD as an alternative by NLnet, in cooperation with the RIPE NCC.\nOpenBGPD used to be one of the most popular Route Server implementations until the early 2010s. OpenBGPD’s main problem was that its performance couldn’t keep up with the Internet’s growth, so it lost market share. An analysis by Job Snijders suggested that a modernised OpenBGPD distribution would be a most viable option to regain diversity on the Route Server level.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eMissing features in OpenBGPD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe following main missing features were identified in OpenBGPD:\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003ePerformance\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eIn previous versions of OpenBGPD, the filtering performance didn’t allow proper filtering of all EBGP sessions. Current best practice at IXP Route Servers is to carefully evaluate and validate of all routes learned from EBGP peers. The OpenBGPD ruleset required to do correct filtering (in many deployment scenarios) was simply too lengthy - and negatively impacted service performance during configuration reloads. While filtering performance is the biggest bottleneck, general improvements to the Routing Information Base were also made to improve scalability. IXP Route Servers with a few hundred peering sessions are commonplace and adding new sessions shouldn’t impact the Route Servers’ service to other peers. We found that performance was the most pressing issue that needed to be tackled.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eLack of RPKI Origin Validation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eAs we’ve seen, Internet operators are moving to adopt RPKI based BGP Origin Validation. While it was theoretically possible to emulate RFC 6811-style Origin Validation in previous versions of OpenBGPD, the required configuration wasn’t optimised for performance and wasn’t user friendly. We believe that BGP Origin Validation should be as easy as possible - this requires BGP-4 vendors to implement native, optimised routines for Origin Validation. Of course, enabling Origin Validation shouldn’t have an impact on performance either when processing BGP updates or when updating the Route Origin Authorisation (ROA) table itself.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003ePortability\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eOpenBGPD is an integral part of OpenBSD, but IXPs may prefer to run their services infrastructure on an operating system of their choice. Making sure that there’s a portable OpenBGPD version which follows the OpenBSD project release cycle will give IXPs this option.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eDevelopment steps\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eBy addressing the issues mentioned above, we could bring back OpenBGPD as a viable Route Server implementation.\nSince I was one of the core OpenBGPD developers, I was asked if I wanted to pick up this project again. Thanks to the funding from the RIPE NCC Project Fund, this was possible. Starting in June 2018, I worked full time on this important community project. Over the last few months, many of the problems are already addressed and are now part of the OpenBSD 6.4 release. So far, 154 commits were made to OpenBGPD during the 6.4 development cycle - around 8% of all commits ever to OpenBGPD! This shows that due to funding and dedicated resources, a lot of work could be pushed into the latest release of OpenBGPD.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eOpenBGPD 6.4\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe OpenBGPD version, as part of OpenBSD 6.4 release, demonstrates great progress. Even though there have been many changes to the core of OpenBGPD, the released version is as solid and reliable as previous releases and the many bug fixes and improvements make this the best OpenBGPD release so far. The changes in the filter language allow users to write more efficient rulesets while the introduction of RPKI origination validation fixes an important missing feature. For IXPs, OpenBGPD now is an alternative again. There are still open issues, but the gap is closing!\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eFeature highlights\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eThe following changes should be highlighted:\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eIntroduction of background soft-reconfiguration on config reload. Running the soft-reconfiguration task in the background allows for new updates and withdraws to be processed at the same time. This improves convergence time - one of the key metrics for Route Servers.\u003c/li\u003e\n    \u003cli\u003eBGP Origin Validation when a roa-set is configured Every EBGP route announcement is validated against the locally configured VRP table entries. Depending on the validation process’s outcome, the validation state is set to valid, invalid or not found. The filter language has been extended to allow checking for the origin validation state, and thanks to this, it is possible to deny invalid prefixes or regard valid prefixes different to the ones that aren’t found. The roa-set table is read from the configuration file and updated during configuration reloads. On production systems reloading the roa-set and applying it to all prefixes is done in a couple of seconds.\u003c/li\u003e\n    \u003cli\u003eFast prefix-set lookups In OpenBSD 6.3 prefix-sets got introduced in OpenBGPD. A prefix-set combines many prefix lookups into a single filter rule. The original implementation wasn’t optimised but now a fast trie lookup is used. Thanks to this, large IRR DB prefix tables can now be implemented efficiently.\u003c/li\u003e\n    \u003cli\u003eIntroduction of as-sets Similar to prefix-sets, as-sets help group many AS numbers into a single lookup. Thanks to this, large IRR DB origin AS tables can be implemented efficiently.\nIntroduction of origin-sets\u003c/li\u003e\n    \u003cli\u003eLooking at the configurations of Route Servers doing full filtering, it was noticed that a common lookup was binding a prefix to an origin AS - similar to how a roa-set is used for RPKI. These origin-set tables are used to extend the IRR prefix lookup and generated from alternative sources.\u003c/li\u003e\n    \u003cli\u003eImproving third party tools\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eUsers can only benefit from the changes introduced in OpenBGPD 6.4 when the surrounding 3rd party tools are adjusted accordingly. Two opensource projects such as bgpq3 and arouteserver are frequently used by network operators and IXPs to generate BGP configurations. Thanks to our contributions to those projects, we were able to get them ready for all the new features in OpenBGPD.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003ebgpq3 was extended to create as-set and prefix-set tables based on IRR DB entries. This is replacing the old way of doing the same with a large amount of filter rules. Thanks to the quick response from the bgpq3 maintainer, it was possible to ship OpenBSD 6.4 with a bgpq3 package that includes all the new features.\u003c/li\u003e\n    \u003cli\u003earouteserver was adjusted to implement RPKI roa-set, as-set, prefix-set, and origin-set to generate a much better-performing configurations for the 6.4 version. With the v0.20.0 release of arouteserver, IXPs are able to generate an OpenBGPD configuration which is a ton faster but also implements the new functionalities. Looking at YYCIX (the resident IXP in Calgary, Canada) the ruleset generated by arouteserver was reduced from 370,000 rules to well under 6,000 rules. This resulted in the initial convergence time dropping from over 1 hour to less than 2 minutes, and subsequent configuration reloads are hitless and no longer noticeable.\u003c/li\u003e\n    \u003cli\u003eWhat still needs to be done\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eA sizeable chunk of work still left on the table is the rework of the RIB data structures in OpenBGPD - these haven’t been changed since the initial design of OpenBGPD in 2003. There’s currently ongoing work (in small steps, to avoid jeopardising the stability of OpenBGPD) to modernise these data-structures. The goal is to provide better decoupling of the filter step from storing RIB database changes, to pave the way to multi-threaded operations at a later point.\u003c/blockquote\u003e\n\n\u003cul\u003e\n    \u003cli\u003eLooking forward\u003c/li\u003e\n    \u003cli\u003eJob Snijders oversaw this year’s fundraising and project management, he adds:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003eIt’s been incredibly productive to create an environment where a core developer is allowed to work full time on the OpenBGPD code base. However, it’s important to note there still is room for a number of new features to help improve its operational capabilities (such as BMP, RFC 7313, ADD_PATH, etc). It’d be beneficial to the Internet community at large if we can extend Claudio Jeker’s involvement for another year. Open source software doesn’t grow on trees! Strategic investments are the only way to keep OpenBGPD’s roadmap aligned with Internet growth and operator requirements.\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n    \u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2018-November/718130.html\"\u003eDragonFly - git: annotated tag v5.5.0 created\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=Qvj7Mkr13d8\"\u003eTorchlight 2 on NetBSD\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://www.usenix.org/system/files/login/articles/login_dec14_03_dawidek.pdf\"\u003eOlder, but still good USENIX Login Article on Capsicum\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://github.com/myfreeweb/capsicumizer\"\u003eThe Super Capsicumizer 9000\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://www.noc-ps.com/\"\u003eDedicated and Virtual Server PXE provisioning tool\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://cirrus-ci.org/guide/FreeBSD/\"\u003eCirrus CI have announced FreeBSD support\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"https://twitter.com/astr0baby/status/1065353771952336897\"\u003eNetBSD PineBook Gameplay\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"http://www.bsdcan.org/2019/papers.php\"\u003eBSDCan 2019 CfP is out\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003eAllan’s first ZFS array, Zulu, turned 7 years old on Nov 29th\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n    \u003cli\u003eMalcom - \u003ca href=\"http://dpaste.com/35TNNX4\"\u003eInstalling Drivers in Development\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003eSamir - \u003ca href=\"http://dpaste.com/2RCB37Y#wrap\"\u003eIntroduction to ZFS\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003eNewnix - \u003ca href=\"http://dpaste.com/01YJ4EB#wrap\"\u003eDrive Failures\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n    \u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.","date_published":"2018-12-09T04:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/233f4bf5-4bc3-453e-9e99-c78b18a453e0.mp3","mime_type":"audio/mp3","size_in_bytes":51110355,"duration_in_seconds":5092}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2962","title":"Episode 274: Language: Assembly | BSD Now 274","url":"https://www.bsdnow.tv/274","content_text":"Assembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more.\n\n##Headlines\n###Assembly language on OpenBSD amd64+arm64\n\n\nThis is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder.\n\n\n\nOpenBSD, like many UNIX and unix-like operating systems, now uses the Executable and Linkable Format (ELF) for its binary libraries and executables. Although the structure of this format is beyond the scope of this short introduction, it is necessary for me to explain part of one of the headers.\n\n\n\nWithin the program header there are sections known as PT_NOTE that OpenBSD and other systems use to distinguish their ELF executables - OpenBSD looks for this section to check if it should attempt to execute the program or not.\n\n\n\nOur first program: in C!\n\n\n\nIt’s often a good idea to prototype your assembly programs in a high level language such as C - it can then double up as both a set of notes and a working program that you can debug and compile into assembly language to compare with your own asm code.\n\n\n\nSee the article for the rest on:\nOur first program: in x86-64 Asm (AT\u0026amp;T/GAS syntax)\nOur first program: in inline x86-64 assembly\nOur first program: in x86-64 asm (NASM syntax)\nOur first program: in ARMv8 AArch64 assembly\n\n\n\n\n###Using bhyve for FreeBSD Development\n\n\nThe Hypervisor\n\n\n\nThe bhyve hypervisor requires a 64-bit x86 processor with hardware support for virtualization.  This requirement allows for a simple, clean hypervisor implementation, but it does require a fairly recent\nprocessor.  The current hypervisor requires an Intel processor, but there is an active development branch with support for AMD processors.\nThe hypervisor itself contains both user and kernel components.  The kernel driver is contained in the vmm.ko module and can be loaded either at boot from the boot loader or at runtime.  It must\nbe loaded before any guests can be created.  When a guest is created, the kernel driver creates a device file in /dev/vmm which is used by the user programs to interact with the guest.\nThe primary user component is the bhyve(8) program.  It constructs the emulated device tree in the guest and provides the implementation for most of the emulated devices.  It also calls the kernel driver to execute the guest.  Note that the guest always executes inside the driver itself, so guest execution time in the host is counted as system time in the bhyve process.\nCurrently, bhyve does not provide a system firmware interface to the guest (neither BIOS nor UEFI).  Instead, a user program running on the host is used to perform boot time operations including loading the guest operating system kernel into the guest’s memory and setting the initial guest state so that the guest begins execution at the kernel’s entry point.  For FreeBSD guests, the bhyveload(8) program can be used to load the kernel and prepare the guest for execution.  Support for some other operating systems is available via the grub2-bhyve program which is available via the sysutils/grub2-bhyve port or as a prebuilt package.\nThe bhyveload(8) program in FreeBSD 10.0 only supports 64-bit guests.  Support for 32-bit guests will be included in FreeBSD 10.1.\n\n\n\n\nSee the article for the very technical breakdown of the following:\n\n\nNetwork Setup\n\n\nBridged Configuration\n\n\nPrivate Network with NAT\n\n\nUsing dnsmasq with a Private Network\n\n\nRunning Guests via vmrun.sh\n\n\nConfiguring Guests\n\n\nUsing a bhyve Guest as a Target\n\n\nConclusion\n\n\n\n\nThe bhyve hypervisor is a nice addition to a FreeBSD developer’s toolbox.  Guests can be used both to develop new features and to test merges to stable branches.  The hypervisor has a wide variety of uses beyond developing FreeBSD as well.\n\n\n\n\n##News Roundup\n###Games on FreeBSD\n\n\nWhat do all programmers like to do after work? Ok, what do most programers like to do after work? The answer is simple: play a good game! Recently at the Polish BSD User Group meetup mulander was telling us how you can play games on OpenBSD. Today let’s discuss how this looks in the FreeBSD world using the “server only” operating system.\n\n\n\nXNA based games\n\n\n\nOne of the ways of playing natively is to play indie games which use XNA. XNA is a framework from Microsoft which uses .NET, for creating games. Fortunately, in the BSD world we have Mono, an open source implementation of Microsoft’s .NET Framework which you can use to run games. There is also FNA framework which is a reimplementation of XNA which allows you to run the games under Linux. Thomas Frohwein, from OpenBSD, prepared a script, fnaify. Fnaify translate all dependencies used by an FNA game to OpenBSD dependencies.\nI decided to port the script to FreeBSD. The script is using /bin/sh which in the case of OpenBSD is a Korn Shell.\n\n\n\nI didn’t test it with many games, but I don’t see any reason why it shouldn’t work with all the games tested by the OpenBSD guys. For example, with:\n\n\n\n\nCryptark\n\n\nRouge Legacy\n\n\nApotheon\n\n\nEscape Goat\n\n\nBastion\n\n\nCrossCode\n\n\nAtom Zombie Smasher\n\n\nOpen-Source games\n\n\n\n\nIn FreeBSD and OpenBSD we also will find popular games which were open sourced. For example, I spend a lot of time playing in Quake 3 Arena on my FreeBSD machine. You can very simply install it using pkg: # pkg install ioquake3\n\n\n\nThen move the files for the skins and maps to the .ioquake3 directory from your copy of Quake. In the past I also played UrbanTerror which is a fully open source shooter based on the Quake 3 Arena engine. It’s is also very easy to install it from ports: # pkg install iourbanterror\n\n\n\nIn the ports tree in the games directory you can find over 1000 directories, many of them with fully implemented games. I didn’t test many games in this category, but you can find some interesting titles like:\n\n\n\nopenxcom (Open-source re-implementation of the original X-Com)\nopenjazz (Free re-implementation of the Jazz Jackrabbit™ game engine)\ncorsixth (Open source re-implementation of Theme Hospital)\nquake2\nopenra (Red Alert)\nopenrct2 (Open source re-implementation of RollerCoaster Tycoon 2)\nopenmw (Open source engine reimplementation of the game Morrowind)\n\n\n\nAll those titles are simply installed through the packages. In that case I don’t think FreeBSD has any difference from OpenBSD.\n\n\n\nWine\n\n\n\nOne of the big advantages of FreeBSD over OpenBSD is that FreeBSD supports wine. Wine allows you to run Windows applications under other operating systems (including mac). If you are a FreeBSD 11 user, you can simply fetch wine from packages: # pkg install i386-wine\n\n\n\nTo run Windows games, you need to have a 32-bit wine because most of the games on Windows are built on 32-bits (maybe this has changed – I don’t play so much these days). In my case, because I run FreeBSD-CURRENT I needed to build wine from ports. It wasn’t nice, but it also wasn’t unpleasant. The whole step-by-step building process of a wine from ports can be found here.\n\n\n\nSummary\n\n\n\nAs you can see there are many titles available for *BSDs. Thanks to the FNA and fnaify, OpenBSD and FreeBSD can work with indie games which use the XNA framework. There are many interesting games implemented using this framework. Open source is not only for big server machines, and there are many re-implementations of popular games like Theme Hospital or RollerCoaster Tycoon 2. The biggest market is still enabled through wine, although its creates a lot of problems to run the games. Also, if you are an OpenBSD user only this option is not available for you. Please also note that we didn’t discuss any other emulators besides wine. In OpenBSD and FreeBSD there are many of them for GameBoy, SNES, NeoGeo and other games consoles.\n\n\n\n\n###FreeBSD For Thanksgiving\n\n\nI’ve been working on FreeBSD for Intel for almost 6 months now. In the world of programmers, I am considered an old dog, and these 6 months have been all about learning new tricks. Luckily, I’ve found myself in a remarkably inclusive and receptive community whose patience seems plentiful. As I get ready to take some time off for the holidays, and move into that retrospective time of year, I thought I’d beat the rush a bit and update on the progress\nEarlier this year, I decided to move from architect of the Linux graphics driver into a more nebulous role of FreeBSD enabling. I was excited, but also uncertain if I was making the right decision.\nEarlier this half, I decided some general work in power management was highly important and began working there. I attended BSDCam (handsome guy on the right), and led a session on Power Management. I was honored to be able to lead this kind of effort.\nEarlier this quarter, I put the first round of my patches up for review, implementing suspend-to-idle. I have some rougher patches to handle s0ix support when suspending-to-idle. I gave a talk MeetBSD about our team’s work.\nEarlier this month, I noticed that FreeBSD doesn’t have an implementation for Intel Speed Shift (HWPstates), and I started working on that.\nEarlier this week, I was promoted from a lowly mentee committer to a full src committer.\nEarlier today, I decided to relegate my Linux laptop to the role of my backup machine, and I am writing this from my Dell XPS13 running FreeBSD\n\n\nvandamme 13.0-CURRENT FreeBSD 13.0-CURRENT #45 881fee072ff(hwp)-dirty: Mon Nov 19 16:19:32 PST 2018 bwidawsk@vandamme:/usr/home/bwidawsk/usr/obj/usr/home/bwidawsk/usr/src/amd64.amd64/sys/DEVMACHINE amd64\n\n\n6 months later, I feel a lot less uncertain about making the right decision. In fact, I think both opportunities would be great, and I’m thankful this Thanksgiving that this is my life and career. I have more plans and things I want to get done. I’m looking forward to being thankful again next year.\n\n\n\n\n###hammer2: no space left on device on Dragonfly BSD\n\n\nThe Issue\n\n\n\nhammer2 does not actually delete a file when you rm or unlink it. Since recovery of the file is possible (this is the design of hammer2), there will still be an entry taking up data. It’s similar to how git works.\nEven with 75% usage listed here, the filesystem could still have filled up. If you are using it as your root filesystem, then attempts to clean up data may fail. If the kernel panics over this, you will see something like this.\n\n\n\nThe Fix\n\n\n\nIf you have a recent enough version of the rescue ramdisk installed, on bootup you can press ‘r’ and access the rescue ramdisk. Your provider will have to offer some sort of remote interface for interacting with the operating system before it boots, like VNC or IPMI. You can then mount your filesystem using:\n\n\n[root@ ~]# mkdir /tmp/fs\n[root@ ~]# mount_hammer2 -o local /dev/vbd0s1a /tmp/fs\n\n\nIf you receive an error that /sbin/hammer2 is not found, then your rescue ramdisk is not up to date enough. In that scenario, download the latest 5.2 iso from dragonflybsd.org and boot from the cd-rom on your virtual machine or physical device. Just login as root instead of installer.\nIf the mount does succeed, then all you have to do is run the following twice:\n\n\n[root@ ~]# /sbin/hammer2 bulkfree /tmp/fs\n\n\nIf you do not have enough memory on your machine, you may need to mount swap. Add your swap partition to the /etc/fstab and then do:\n\n\n[root@ ~]# swapon -a\n\n\nOnce you have ran the bulkfree command twice, the usage reported by df -h will be correct. However, there is a chance on reboot that a core dump will be placed in /var/crash/ so be prepared to have plenty of space free in case that happens. You should also delete any files you can and run the bulkfree operation twice afterwards to clear up additional space.\n\n\n\n\n##Beastie Bits\n\n\nBSD Pizza Night - Portland\nbsd@35c3: …the place for you…*NIX!\nProject Trident PreRelease Image now available\nPlay Stardew Valley on OpenBSD\nGUI Wrapper for OpenBSD mixerctl\nqtv - QuickTextViewer\n\n\n\n\n##Feedback/Questions\n\n\nRon - Ideas for feedback section\nPaulo - SDIO Firmware\nDan - Some fun ZFS questions about labels\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eAssembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://cryogenix.net/OpenBSD_assembly.html\"\u003eAssembly language on OpenBSD amd64+arm64\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD, like many UNIX and unix-like operating systems, now uses the Executable and Linkable Format (ELF) for its binary libraries and executables. Although the structure of this format is beyond the scope of this short introduction, it is necessary for me to explain part of one of the headers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWithin the program header there are sections known as PT_NOTE that OpenBSD and other systems use to distinguish their ELF executables - OpenBSD looks for this section to check if it should attempt to execute the program or not.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur first program: in C!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s often a good idea to prototype your assembly programs in a high level language such as C - it can then double up as both a set of notes and a working program that you can debug and compile into assembly language to compare with your own asm code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the rest on:\u003c/li\u003e\n\u003cli\u003eOur first program: in x86-64 Asm (AT\u0026amp;T/GAS syntax)\u003c/li\u003e\n\u003cli\u003eOur first program: in inline x86-64 assembly\u003c/li\u003e\n\u003cli\u003eOur first program: in x86-64 asm (NASM syntax)\u003c/li\u003e\n\u003cli\u003eOur first program: in ARMv8 AArch64 assembly\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://bsdjhb.blogspot.com/2018/10/using-bhyve-for-freebsd-development.html\"\u003eUsing bhyve for FreeBSD Development\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Hypervisor\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe bhyve hypervisor requires a 64-bit x86 processor with hardware support for virtualization.  This requirement allows for a simple, clean hypervisor implementation, but it does require a fairly recent\u003cbr\u003e\nprocessor.  The current hypervisor requires an Intel processor, but there is an active development branch with support for AMD processors.\u003cbr\u003e\nThe hypervisor itself contains both user and kernel components.  The kernel driver is contained in the vmm.ko module and can be loaded either at boot from the boot loader or at runtime.  It must\u003cbr\u003e\nbe loaded before any guests can be created.  When a guest is created, the kernel driver creates a device file in /dev/vmm which is used by the user programs to interact with the guest.\u003cbr\u003e\nThe primary user component is the bhyve(8) program.  It constructs the emulated device tree in the guest and provides the implementation for most of the emulated devices.  It also calls the kernel driver to execute the guest.  Note that the guest always executes inside the driver itself, so guest execution time in the host is counted as system time in the bhyve process.\u003cbr\u003e\nCurrently, bhyve does not provide a system firmware interface to the guest (neither BIOS nor UEFI).  Instead, a user program running on the host is used to perform boot time operations including loading the guest operating system kernel into the guest’s memory and setting the initial guest state so that the guest begins execution at the kernel’s entry point.  For FreeBSD guests, the bhyveload(8) program can be used to load the kernel and prepare the guest for execution.  Support for some other operating systems is available via the grub2-bhyve program which is available via the sysutils/grub2-bhyve port or as a prebuilt package.\u003cbr\u003e\nThe bhyveload(8) program in FreeBSD 10.0 only supports 64-bit guests.  Support for 32-bit guests will be included in FreeBSD 10.1.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSee the article for the very technical breakdown of the following:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNetwork Setup\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBridged Configuration\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePrivate Network with NAT\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing dnsmasq with a Private Network\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRunning Guests via \u003ca href=\"http://vmrun.sh\"\u003evmrun.sh\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConfiguring Guests\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing a bhyve Guest as a Target\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConclusion\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe bhyve hypervisor is a nice addition to a FreeBSD developer’s toolbox.  Guests can be used both to develop new features and to test merges to stable branches.  The hypervisor has a wide variety of uses beyond developing FreeBSD as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://oshogbo.vexillium.org/blog/58/\"\u003eGames on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat do all programmers like to do after work? Ok, what do most programers like to do after work? The answer is simple: play a good game! Recently at the Polish BSD User Group meetup mulander was telling us how you can play games on OpenBSD. Today let’s discuss how this looks in the FreeBSD world using the “server only” operating system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eXNA based games\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the ways of playing natively is to play indie games which use XNA. XNA is a framework from Microsoft which uses .NET, for creating games. Fortunately, in the BSD world we have Mono, an open source implementation of Microsoft’s .NET Framework which you can use to run games. There is also FNA framework which is a reimplementation of XNA which allows you to run the games under Linux. Thomas Frohwein, from OpenBSD, prepared a script, fnaify. Fnaify translate all dependencies used by an FNA game to OpenBSD dependencies.\u003cbr\u003e\nI decided to port the script to FreeBSD. The script is using /bin/sh which in the case of OpenBSD is a Korn Shell.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI didn’t test it with many games, but I don’t see any reason why it shouldn’t work with all the games tested by the OpenBSD guys. For example, with:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCryptark\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRouge Legacy\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApotheon\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEscape Goat\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBastion\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCrossCode\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAtom Zombie Smasher\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOpen-Source games\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn FreeBSD and OpenBSD we also will find popular games which were open sourced. For example, I spend a lot of time playing in Quake 3 Arena on my FreeBSD machine. You can very simply install it using pkg: \u003ccode\u003e# pkg install ioquake3\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen move the files for the skins and maps to the .ioquake3 directory from your copy of Quake. In the past I also played UrbanTerror which is a fully open source shooter based on the Quake 3 Arena engine. It’s is also very easy to install it from ports: \u003ccode\u003e# pkg install iourbanterror\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the ports tree in the games directory you can find over 1000 directories, many of them with fully implemented games. I didn’t test many games in this category, but you can find some interesting titles like:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eopenxcom (Open-source re-implementation of the original X-Com)\u003c/li\u003e\n\u003cli\u003eopenjazz (Free re-implementation of the Jazz Jackrabbit™ game engine)\u003c/li\u003e\n\u003cli\u003ecorsixth (Open source re-implementation of Theme Hospital)\u003c/li\u003e\n\u003cli\u003equake2\u003c/li\u003e\n\u003cli\u003eopenra (Red Alert)\u003c/li\u003e\n\u003cli\u003eopenrct2 (Open source re-implementation of RollerCoaster Tycoon 2)\u003c/li\u003e\n\u003cli\u003eopenmw (Open source engine reimplementation of the game Morrowind)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAll those titles are simply installed through the packages. In that case I don’t think FreeBSD has any difference from OpenBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWine\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the big advantages of FreeBSD over OpenBSD is that FreeBSD supports wine. Wine allows you to run Windows applications under other operating systems (including mac). If you are a FreeBSD 11 user, you can simply fetch wine from packages: \u003ccode\u003e# pkg install i386-wine\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo run Windows games, you need to have a 32-bit wine because most of the games on Windows are built on 32-bits (maybe this has changed – I don’t play so much these days). In my case, because I run FreeBSD-CURRENT I needed to build wine from ports. It wasn’t nice, but it also wasn’t unpleasant. The whole step-by-step building process of a wine from ports can be found here.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSummary\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs you can see there are many titles available for *BSDs. Thanks to the FNA and fnaify, OpenBSD and FreeBSD can work with indie games which use the XNA framework. There are many interesting games implemented using this framework. Open source is not only for big server machines, and there are many re-implementations of popular games like Theme Hospital or RollerCoaster Tycoon 2. The biggest market is still enabled through wine, although its creates a lot of problems to run the games. Also, if you are an OpenBSD user only this option is not available for you. Please also note that we didn’t discuss any other emulators besides wine. In OpenBSD and FreeBSD there are many of them for GameBoy, SNES, NeoGeo and other games consoles.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://bwidawsk.net/blog/index.php/2018/11/freebsd-for-thanksgiving/\"\u003eFreeBSD For Thanksgiving\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been working on FreeBSD for Intel for almost 6 months now. In the world of programmers, I am considered an old dog, and these 6 months have been all about learning new tricks. Luckily, I’ve found myself in a remarkably inclusive and receptive community whose patience seems plentiful. As I get ready to take some time off for the holidays, and move into that retrospective time of year, I thought I’d beat the rush a bit and update on the progress\u003cbr\u003e\nEarlier this year, I decided to move from architect of the Linux graphics driver into a more nebulous role of FreeBSD enabling. I was excited, but also uncertain if I was making the right decision.\u003cbr\u003e\nEarlier this half, I decided some general work in power management was highly important and began working there. I attended BSDCam (handsome guy on the right), and led a session on Power Management. I was honored to be able to lead this kind of effort.\u003cbr\u003e\nEarlier this quarter, I put the first round of my patches up for review, implementing suspend-to-idle. I have some rougher patches to handle s0ix support when suspending-to-idle. I gave a talk MeetBSD about our team’s work.\u003cbr\u003e\nEarlier this month, I noticed that FreeBSD doesn’t have an implementation for Intel Speed Shift (HWPstates), and I started working on that.\u003cbr\u003e\nEarlier this week, I was promoted from a lowly mentee committer to a full src committer.\u003cbr\u003e\nEarlier today, I decided to relegate my Linux laptop to the role of my backup machine, and I am writing this from my Dell XPS13 running FreeBSD\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003evandamme 13.0-CURRENT FreeBSD 13.0-CURRENT #45 881fee072ff(hwp)-dirty: Mon Nov 19 16:19:32 PST 2018 bwidawsk@vandamme:/usr/home/bwidawsk/usr/obj/usr/home/bwidawsk/usr/src/amd64.amd64/sys/DEVMACHINE amd64\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e6 months later, I feel a lot less uncertain about making the right decision. In fact, I think both opportunities would be great, and I’m thankful this Thanksgiving that this is my life and career. I have more plans and things I want to get done. I’m looking forward to being thankful again next year.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.garyshood.com/hammer2-space/\"\u003ehammer2: no space left on device on Dragonfly BSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Issue\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ehammer2 does not actually delete a file when you rm or unlink it. Since recovery of the file is possible (this is the design of hammer2), there will still be an entry taking up data. It’s similar to how git works.\u003cbr\u003e\nEven with 75% usage listed here, the filesystem could still have filled up. If you are using it as your root filesystem, then attempts to clean up data may fail. If the kernel panics over this, you will see something like this.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Fix\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you have a recent enough version of the rescue ramdisk installed, on bootup you can press ‘r’ and access the rescue ramdisk. Your provider will have to offer some sort of remote interface for interacting with the operating system before it boots, like VNC or IPMI. You can then mount your filesystem using:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e[root@ ~]# mkdir /tmp/fs\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e[root@ ~]# mount_hammer2 -o local /dev/vbd0s1a /tmp/fs\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you receive an error that /sbin/hammer2 is not found, then your rescue ramdisk is not up to date enough. In that scenario, download the latest 5.2 iso from \u003ca href=\"http://dragonflybsd.org\"\u003edragonflybsd.org\u003c/a\u003e and boot from the cd-rom on your virtual machine or physical device. Just login as root instead of installer.\u003cbr\u003e\nIf the mount does succeed, then all you have to do is run the following twice:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e[root@ ~]# /sbin/hammer2 bulkfree /tmp/fs\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you do not have enough memory on your machine, you may need to mount swap. Add your swap partition to the /etc/fstab and then do:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e[root@ ~]# swapon -a\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce you have ran the bulkfree command twice, the usage reported by df -h will be correct. However, there is a chance on reboot that a core dump will be placed in /var/crash/ so be prepared to have plenty of space free in case that happens. You should also delete any files you can and run the bulkfree operation twice afterwards to clear up additional space.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1S9NMZA\"\u003eBSD Pizza Night - Portland\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3T0AB7M\"\u003ebsd@35c3: …the place for you…*NIX!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://project-trident.org/download/\"\u003eProject Trident PreRelease Image now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dataswamp.org/~solene/2018-11-09-stardew-valley.html\"\u003ePlay Stardew Valley on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charlesdaniels/gmixerctl\"\u003eGUI Wrapper for OpenBSD mixerctl\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/q5sys/qtv/\"\u003eqtv - QuickTextViewer\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRon - \u003ca href=\"http://dpaste.com/16XT6PQ#wrap\"\u003eIdeas for feedback section\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaulo - \u003ca href=\"http://dpaste.com/0BEE730\"\u003eSDIO Firmware\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDan - \u003ca href=\"http://dpaste.com/3Q7DERN#wrap\"\u003eSome fun ZFS questions about labels\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"Assembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more.","date_published":"2018-11-29T02:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/64460b53-258b-484d-be91-f4b60eac299f.mp3","mime_type":"audio/mp3","size_in_bytes":38828711,"duration_in_seconds":3864}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2927","title":"Episode 273: A Thoughtful Episode | BSD Now 273","url":"https://www.bsdnow.tv/273","content_text":"Thoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review.\n\n##Headlines\n###Some thoughts on NetBSD 8.0\n\n\nNetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system’s clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations. While the base operating system is minimal, NetBSD users have access to a large repository of binary packages and a ports tree which I will touch upon later.\nI last tried NetBSD 7.0 about three years ago and decided it was time to test drive the operating system again. In the past three years NetBSD has introduced a few new features, many of them security enhancements. For example, NetBSD now supports write exclusive-or execute (W^X) protection and address space layout randomization (ASLR) to protect programs against common attacks. NetBSD 8.0 also includes USB3 support and the ability to work with ZFS storage volumes.\n\n\n\nEarly impressions\n\n\n\nSince I had set up NetBSD with a Full install and enabled xdm during the setup process, the operating system booted to a graphical login screen. From here we can sign into our account. The login screen does not provide options to shut down or restart the computer. Logging into our account brings up the twm window manager and provides a virtual terminal, courtesy of xterm. There is a panel that provides a method for logging out of the window manager. The twm environment is sparse, fast and devoid of distractions.\n\n\n\nSoftware management\n\n\n\nNetBSD ships with a fairly standard collection of command line tools and manual pages, but otherwise it is a fairly minimal platform. If we want to run network services, have access to a web browser, or use a word processor we are going to need to install more software. There are two main approaches to installing new packages. The first, and easier approach, is to use the pkgin package manager. The pkgin utility works much the same way APT or DNF work in the Linux world, or as pkg works on FreeBSD. We can search for software by name, install or remove items. I found pkgin worked well, though its output can be terse. My only complaint with pkgin is that it does not handle “close enough” package names. For example, if I tried to run “pkgin install vlc” or “pkgin install firefox” I would quickly be told these items did not exist. But a more forgiving package manager will realize items like vlc2 or firefox45 are available and offer to install those.\nThe pkgin tool installs new programs in the /usr/pkg/bin directory. Depending on your configuration and shell, this location may not be in your user’s path, and it will be helpful to adjust your PATH variable accordingly.\nThe other common approach to acquiring new software is to use the pkgsrc framework. I have talked about using pkgsrc before and I will skip the details. Basically, we can download a collection of recipes for building popular open source software and run a command to download and install these items from their source code. Using pkgsrc basically gives us the same software as using pkgin would, but with some added flexibility on the options we use.\nOnce new software has been installed, it may need to be enabled and activated, particularly if it uses (or is) a background service. New items can be enabled in the /etc/rc.conf file and started or stopped using the service command. This works about the same as the service command on FreeBSD and most non-systemd Linux distributions.\n\n\n\nHardware\n\n\n\nI found that, when logged into the twm environment, NetBSD used about 130MB of RAM. This included kernel memory and all active memory. A fresh, Full install used up 1.5GB of disk space. I generally found NetBSD ran well in both VirtualBox and on my desktop computer. The system was quick and stable. I did have trouble getting a higher screen resolution in both environments. NetBSD does not offer VirtualBox add-on modules. There are NetBSD patches for VirtualBox out there, but there is some manual work involved in getting them working. When running on my desktop computer I think the resolution issue was one of finding and dealing with the correct video driver. Screen resolution aside, NetBSD performed well and detected all my hardware.\n\n\n\nPersonal projects\n\n\n\nSince NetBSD provides users with a small, core operating system without many utilities if we want to use NetBSD for something we need to have a project in mind. I had four mini projects in mind I wanted to try this week: install a desktop environment, enable file sharing for computers on the local network, test multimedia (video, audio and YouTube capabilities), and set up a ZFS volume for storage.\nI began with the desktop. Specifically, I followed the same tutorial I used three years ago to try to set up the Xfce desktop. While Xfce and its supporting services installed, I was unable to get a working desktop out of the experience. I could get the Xfce window manager working, but not the entire session. This tutorial worked beautifully with NetBSD 7.0, but not with version 8.0. Undeterred, I switched gears and installed Fluxbox instead. This gave me a slightly more powerful graphical environment than what I had before with twm while maintaining performance. Fluxbox ran without any problems, though its application menu was automatically populated with many programs which were not actually installed.\nNext, I tried installing a few multimedia applications to play audio and video files. Here I ran into a couple of interesting problems. I found the music players I installed would play audio files, but the audio was quite slow. It always sounded like a cassette tape dragging. When I tried to play a video, the entire graphical session would crash, taking me back to the login screen. When I installed Firefox, I found I could play YouTube videos, and the video played smoothly, but again the audio was unusually slow.\nI set up two methods of sharing files on the local network: OpenSSH and FTP. NetBSD basically gives us OpenSSH for free at install time and I added an FTP server through the pkgin package manager which worked beautifully with its default configuration.\nI experimented with ZFS support a little, just enough to confirm I could create and access ZFS volumes. ZFS seems to work on NetBSD just as well, and with the same basic features, as it does on FreeBSD and mainstream Linux distributions. I think this is a good feature for the portable operating system to have since it means we can stick NetBSD on nearly any networked computer and use it as a NAS.\n\n\n\nConclusions\n\n\n\nNetBSD, like its close cousins (FreeBSD and OpenBSD) does not do a lot of hand holding or automation. It offers a foundation that will run on most CPUs and we can choose to build on that foundation. I mention this because, on its own, NetBSD does not do much. If we want to get something out of it, we need to be willing to build on its foundation - we need a project. This is important to keep in mind as I think going into NetBSD and thinking, “Oh I’ll just explore around and expand on this as I go,” will likely lead to disappointment. I recommend figuring out what you want to do before installing NetBSD and making sure the required tools are available in the operating system’s repositories.\nSome of the projects I embarked on this week (using ZFS and setting up file sharing) worked well. Others, like getting multimedia support and a full-featured desktop, did not. Given more time, I’m sure I could find a suitable desktop to install (along with the required documentation to get it and its services running), or customize one based on one of the available window managers. However, any full featured desktop is going to require some manual work. Media support was not great. The right players and codecs were there, but I was not able to get audio to play smoothly.\nMy main complaint with NetBSD relates to my struggle to get some features working to my satisfaction: the documentation is scattered. There are four different sections of the project’s website for documentation (FAQs, The Guide, manual pages and the wiki). Whatever we are looking for is likely to be in one of those, but which one? Or, just as likely, the tutorial we want is not there, but is on a forum or blog somewhere. I found that the documentation provided was often thin, more of a quick reference to remind people how something works rather than a full explanation.\nAs an example, I found a couple of documents relating to setting up a firewall. One dealt with networking NetBSD on a LAN, another explored IPv6 support, but neither gave an overview on syntax or a basic guide to blocking all but one or two ports. It seemed like that information should already be known, or picked up elsewhere.\nNewcomers are likely to be a bit confused by software management guides for the same reason. Some pages refer to using a tool called pkg_add, others use pkgsrc and its make utility, others mention pkgin. Ultimately, these tools each give approximately the same result, but work differently and yet are mentioned almost interchangeably. I have used NetBSD before a few times and could stumble through these guides, but new users are likely to come away confused.\nOne quirk of NetBSD, which may be a security feature or an inconvenience, depending on one’s point of view, is super user programs are not included in regular users’ paths. This means we need to change our path if we want to be able to run programs typically used by root. For example, shutdown and mount are not in regular users’ paths by default. This made checking some things tricky for me.\nUltimately though, NetBSD is not famous for its convenience or features so much as its flexibility. The operating system will run on virtually any processor and should work almost identically across multiple platforms. That gives NetBSD users a good deal of consistency across a range of hardware and the chance to experiment with a member of the Unix family on hardware that might not be compatible with Linux or the other BSDs.\n\n\n\n\n###Showing a Gigabit OpenBSD Firewall Some Monitoring Love\n\n\nI have a pretty long history of running my home servers or firewalls on “exotic” hardware. At first, it was Sun Microsystem hardware, then it moved to the excellent Soekris line, with some cool single board computers thrown in the mix. Recently I’ve been running OpenBSD Octeon on the Ubiquiti Edge Router Lite, an amazing little piece of kit at an amazing price point.\n\n\n\nUpgrade Time!\n\n\n\nThis setup has served me for some time and I’ve been extremely happy with it. But, in the #firstworldproblems category, I recently upgraded the household to the amazing Gigabit fibre offering from Sonic. A great problem to have, but also too much of a problem for the little Edge Router Lite (ERL).\nThe way the OpenBSD PF firewall works, it’s only able to process packets on a single core. Not a problem for the dual-core 500 MHz ERL when you’re pushing under ~200 Mbps, but more of a problem when you’re trying to push 1000 Mbps.\nI needed something that was faster on a per core basis but still satisfied my usual firewall requirements. Loosely:\n\n\n\nsmall form factor\nfan-less\nmultiple Intel Ethernet ports (good driver support)\nlow power consumption\nnot your regular off-the-shelf kit\nrelatively inexpensive\n\n\n\nAfter evaluating a LOT of different options I settled on the Protectli Vault FW2B. With the specs required for the firewall (2 GB RAM and 8 GB drive) it comes in at a mere $239 USD! Installation of OpenBSD 6.4 was pretty straight forward, with the only problem I had was Etcher did not want to recognize the ‘.fs’ extension on the install image as bootable image. I quickly fixed this with good old Unix dd(1) on the Mac. Everything else was incredibly smooth.\nAfter loading the same rulesets on my new install, the results were fantastic!\n\n\n\nMonitoring\n\n\n\nNow that the machine was up and running (and fast!), I wanted to know what it was doing. Over the years, I’ve always relied on the venerable pfstat software to give me an overview of my traffic, blocked packets, etc. It looks like this:\nAs you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.\nI came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.\nA bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!\nAs you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.\nI came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.\nA bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!\n\n\n###The Source History of Cat\n\n\nI once had a debate with members of my extended family about whether a computer science degree is a degree worth pursuing. I was in college at the time and trying to decide whether I should major in computer science. My aunt and a cousin of mine believed that I shouldn’t. They conceded that knowing how to program is of course a useful and lucrative thing, but they argued that the field of computer science advances so quickly that everything I learned would almost immediately be outdated. Better to pick up programming on the side and instead major in a field like economics or physics where the basic principles would be applicable throughout my lifetime.\nI knew that my aunt and cousin were wrong and decided to major in computer science. (Sorry, aunt and cousin!) It is easy to see why the average person might believe that a field like computer science, or a profession like software engineering, completely reinvents itself every few years. We had personal computers, then the web, then phones, then machine learning… technology is always changing, so surely all the underlying principles and techniques change too. Of course, the amazing thing is how little actually changes. Most people, I’m sure, would be stunned to know just how old some of the important software on their computer really is. I’m not talking about flashy application software, admittedly—my copy of Firefox, the program I probably use the most on my computer, is not even two weeks old. But, if you pull up the manual page for something like grep, you will see that it has not been updated since 2010 (at least on MacOS). And the original version of grep was written in 1974, which in the computing world was back when dinosaurs roamed Silicon Valley. People (and programs) still depend on grep every day.\nMy aunt and cousin thought of computer technology as a series of increasingly elaborate sand castles supplanting one another after each high tide clears the beach. The reality, at least in many areas, is that we steadily accumulate programs that have solved problems. We might have to occasionally modify these programs to avoid software rot, but otherwise they can be left alone.  grep is a simple program that solves a still-relevant problem, so it survives. Most application programming is done at a very high level, atop a pyramid of much older code solving much older problems. The ideas and concepts of 30 or 40 years ago, far from being obsolete today, have in many cases been embodied in software that you can still find installed on your laptop.\nI thought it would be interesting to take a look at one such old program and see how much it had changed since it was first written. cat is maybe the simplest of all the Unix utilities, so I’m going to use it as my example. Ken Thompson wrote the original implementation of cat in 1969. If I were to tell somebody that I have a program on my computer from 1969, would that be accurate? How much has cat really evolved over the decades? How old is the software on our computers?\nThanks to repositories like this one, we can see exactly how cat has evolved since 1969. I’m going to focus on implementations of cat that are ancestors of the implementation I have on my Macbook. You will see, as we trace cat from the first versions of Unix down to the cat in MacOS today, that the program has been rewritten more times than you might expect—but it ultimately works more or less the same way it did fifty years ago.\n\n\n\nResearch Unix\n\n\n\nKen Thompson and Dennis Ritchie began writing Unix on a PDP 7. This was in 1969, before C, so all of the early Unix software was written in PDP 7 assembly. The exact flavor of assembly they used was unique to Unix, since Ken Thompson wrote his own assembler that added some features on top of the assembler provided by DEC, the PDP 7’s manufacturer. Thompson’s changes are all documented in the original Unix Programmer’s Manual under the entry for as, the assembler.\nThe first implementation of cat is thus in PDP 7 assembly. I’ve added comments that try to explain what each instruction is doing, but the program is still difficult to follow unless you understand some of the extensions Thompson made while writing his assembler. There are two important ones. First, the ; character can be used to separate multiple statements on the same line. It appears that this was used most often to put system call arguments on the same line as the sys instruction. Second, Thompson added support for “temporary labels” using the digits 0 through 9. These are labels that can be reused throughout a program, thus being, according to the Unix Programmer’s Manual, “less taxing both on the imagination of the programmer and on the symbol space of the assembler.” From any given instruction, you can refer to the next or most recent temporary label n using nf and nb respectively. For example, if you have some code in a block labeled 1:, you can jump back to that block from further down by using the instruction jmp 1b. (But you cannot jump forward to that block from above without using jmp 1f instead.)\nThe most interesting thing about this first version of cat is that it contains two names we should recognize. There is a block of instructions labeled getc and a block of instructions labeled putc, demonstrating that these names are older than the C standard library. The first version of cat actually contained implementations of both functions. The implementations buffered input so that reads and writes were not done a character at a time.\nThe first version of cat did not last long. Ken Thompson and Dennis Ritchie were able to persuade Bell Labs to buy them a PDP 11 so that they could continue to expand and improve Unix. The PDP 11 had a different instruction set, so cat had to be rewritten. I’ve marked up this second version of cat with comments as well. It uses new assembler mnemonics for the new instruction set and takes advantage of the PDP 11’s various addressing modes. (If you are confused by the parentheses and dollar signs in the source code, those are used to indicate different addressing modes.) But it also leverages the  ; character and temporary labels just like the first version of cat, meaning that these features must have been retained when as was adapted for the PDP 11.\nThe second version of cat is significantly simpler than the first. It is also more “Unix-y” in that it doesn’t just expect a list of filename arguments—it will, when given no arguments, read from stdin, which is what cat still does today. You can also give this version of cat an argument of - to indicate that it should read from stdin.\nIn 1973, in preparation for the release of the Fourth Edition of Unix, much of Unix was rewritten in C. But cat does not seem to have been rewritten in C until a while after that. The first C implementation of cat only shows up in the Seventh Edition of Unix. This implementation is really fun to look through because it is so simple. Of all the implementations to follow, this one most resembles the idealized cat used as a pedagogic demonstration in K\u0026amp;R C. The heart of the program is the classic two-liner:\n\n\nwhile ((c = getc(fi)) != EOF)\nputchar(c);\n\n\nThere is of course quite a bit more code than that, but the extra code is mostly there to ensure that you aren’t reading and writing to the same file. The other interesting thing to note is that this implementation of cat only recognized one flag, -u. The -u flag could be used to avoid buffering input and output, which cat would otherwise do in blocks of 512 bytes.\n\n\n\nBSD\n\n\n\nAfter the Seventh Edition, Unix spawned all sorts of derivatives and offshoots. MacOS is built on top of Darwin, which in turn is derived from the Berkeley Software Distribution (BSD), so BSD is the Unix offshoot we are most interested in. BSD was originally just a collection of useful programs and add-ons for Unix, but it eventually became a complete operating system. BSD seems to have relied on the original cat implementation up until the fourth BSD release, known as 4BSD, when support was added for a whole slew of new flags. The 4BSD implementation of cat is clearly derived from the original implementation, though it adds a new function to implement the behavior triggered by the new flags. The naming conventions already used in the file were adhered to—the fflg variable, used to mark whether input was being read from stdin or a file, was joined by nflg, bflg, vflg, sflg, eflg, and  tflg, all there to record whether or not each new flag was supplied in the invocation of the program. These were the last command-line flags added to  cat; the man page for cat today lists these flags and no others, at least on Mac OS. 4BSD was released in 1980, so this set of flags is 38 years old.\ncat would be entirely rewritten a final time for BSD Net/2, which was, among other things, an attempt to avoid licensing issues by replacing all AT\u0026amp;T Unix-derived code with new code. BSD Net/2 was released in 1991. This final rewrite of cat was done by Kevin Fall, who graduated from Berkeley in 1988 and spent the next year working as a staff member at the Computer Systems Research Group (CSRG). Fall told me that a list of Unix utilities still implemented using AT\u0026amp;T code was put up on a wall at CSRG and staff were told to pick the utilities they wanted to reimplement. Fall picked cat and  mknod. The cat implementation bundled with MacOS today is built from a source file that still bears his name at the very top. His version of cat, even though it is a relatively trivial program, is today used by millions.\nFall’s original implementation of cat is much longer than anything we have seen so far. Other than support for a -? help flag, it adds nothing in the way of new functionality. Conceptually, it is very similar to the 4BSD implementation. It is only longer because Fall separates the implementation into a “raw” mode and a “cooked” mode. The “raw” mode is cat classic; it prints a file character for character. The “cooked” mode is cat with all the 4BSD command-line options. The distinction makes sense but it also pads out the implementation so that it seems more complex at first glance than it actually is. There is also a fancy error handling function at the end of the file that further adds to its length.\n\n\n\nMacOS\n\n\n\nThe very first release of Mac OS X thus includes an implementation of cat pulled from the NetBSD project. So the first Mac OS X implementation of cat is Kevin Fall’s cat. The only thing that had changed over the intervening decade was that Fall’s error-handling function err() was removed and the err() function made available by err.h was used in its place. err.h is a BSD extension to the C standard library.\nThe NetBSD implementation of cat was later swapped out for FreeBSD’s implementation of cat. According to Wikipedia, Apple began using FreeBSD instead of NetBSD in Mac OS X 10.3 (Panther). But the Mac OS X implementation of cat, according to Apple’s own open source releases, was not replaced until Mac OS X 10.5 (Leopard) was released in 2007. The FreeBSD implementation that Apple swapped in for the Leopard release is the same implementation on Apple computers today. As of 2018, the implementation has not been updated or changed at all since 2007.\nSo the Mac OS cat is old. As it happens, it is actually two years older than its 2007 appearance in MacOS X would suggest. This 2005 change, which is visible in FreeBSD’s Github mirror, was the last change made to FreeBSD’s cat before Apple pulled it into Mac OS X. So the Mac OS X cat implementation, which has not been kept in sync with FreeBSD’s cat implementation, is officially 13 years old. There’s a larger debate to be had about how much software can change before it really counts as the same software; in this case, the source file has not changed at all since 2005.\nThe cat implementation used by Mac OS today is not that different from the implementation that Fall wrote for the 1991 BSD Net/2 release. The biggest difference is that a whole new function was added to provide Unix domain socket support. At some point, a FreeBSD developer also seems to have decided that Fall’s raw_args() function and cook_args() should be combined into a single function called scanfiles(). Otherwise, the heart of the program is still Fall’s code.\nI asked Fall how he felt about having written the cat implementation now used by millions of Apple users, either directly or indirectly through some program that relies on cat being present. Fall, who is now a consultant and a co-author of the most recent editions of TCP/IP Illustrated, says that he is surprised when people get such a thrill out of learning about his work on cat. Fall has had a long career in computing and has worked on many high-profile projects, but it seems that many people still get most excited about the six months of work he put into rewriting cat in 1989.\n\n\n\nThe Hundred-Year-Old Program\n\n\n\nIn the grand scheme of things, computers are not an old invention. We’re used to hundred-year-old photographs or even hundred-year-old camera footage. But computer programs are in a different category—they’re high-tech and new. At least, they are now. As the computing industry matures, will we someday find ourselves using programs that approach the hundred-year-old mark?\nComputer hardware will presumably change enough that we won’t be able to take an executable compiled today and run it on hardware a century from now. Perhaps advances in programming language design will also mean that nobody will understand C in the future and cat will have long since been rewritten in another language. (Though C has already been around for fifty years, and it doesn’t look like it is about to be replaced any time soon.) But barring all that, why not just keep using the cat we have forever?\nI think the history of cat shows that some ideas in computer science are in fact very durable. Indeed, with cat, both the idea and the program itself are old. It may not be accurate to say that the cat on my computer is from 1969. But I could make a case for saying that the cat on my computer is from 1989, when Fall wrote his implementation of cat. Lots of other software is just as ancient. So maybe we shouldn’t think of computer science and software development primarily as fields that disrupt the status quo and invent new things. Our computer systems are built out of historical artifacts. At some point, we may all spend more time trying to understand and maintain those historical artifacts than we spend writing new code.\n\n\n\n\n##News Roundup\n###Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems\n\n\nA vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment.\nThe flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.\n\n\n\nPrivilege escalation and arbitrary file overwrite\n\n\n\nAn advisory on Thursday describes the problem as an “incorrect command-line parameter validation” that also allows an attacker to overwrite arbitrary files.\nPrivilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the X.org server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.\n\n\n\nBug could have been avoided in OpenBSD 6.4\n\n\n\nOpenBSD, the free and open-source operating system with a strong focus on security, uses xorg. On October 18, the project released version 6.4 of the OS, affected by CVE-2018-14665. This could have been avoided, though.\nTheo de Raadt, founder and leader of the OpenBSD project, says that X maintainer knew about the problem since at least October 11. For some reason, the OpenBSD developers received the message one hour before the public announcement this Thursday, a week after their new OS release.\n“As yet we don’t have answers about why our X maintainer (on the X security team) and his team provided information to other projects (some who don’t even ship with this new X server) but chose to not give us a heads-up which could have saved all the new 6.4 users a lot of grief,” Raadt says.\nHad OpenBSD developers known about the bug before the release, they could have taken steps to mitigate the problem or delay the launch for a week or two.\nTo remedy the problem, the OpenBSD project provides a source code patch, which requires compiling and rebuilding the X server.\nAs a temporary solution, users can disable the Xorg binary by running the following command:\n\n\nchmod u-s /usr/X11R6/bin/Xorg\n\n\nTrivial exploitation\n\n\n\nCVE-2018-14665 does not help compromise systems, but it is useful in the following stages of an attack.\nLeveraging it after gaining access to a vulnerable machine is fairly easy. Matthew Hickey, co-founder, and head of Hacker House security outfit created and published an exploit, saying that it can be triggered from a remote SSH session.\nThree hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line that overwrote shadow files on the system. Hickey did one better and fit the entire local privilege escalation exploit in one line.\nApart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro  Red Hat Enterprise Linux along with its community-supported counterpart CentOS.\n\n\n\n\n###OpenBSD on the Desktop: some thoughts\n\n\nI’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.\nThe OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative.\nYou need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI.\nThat’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS.\nTheir development process is purely based on developers that love to contribute and hack around, just because it’s fun.\nEven the mailing list is a cool place to hang on!\nCode correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.\nI like the idea of a platform that continually evolves.\npledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.\nI like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.\nJust install a browser and you’re ready to go.\nManual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares.\nThey help you understand inner workings of the operating system, no internet connection needed.\nThere are some trade-offs, too.\nPerformance is not first-class, mostly because of all the security mitigations and checks done at runtime3.\nI write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference.\nBrowsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems.\nBut again, trade-offs.\nTo use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.\n\n\n\n\n###Review: NomadBSD 1.1\n\n\nOne of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: “NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.”\nThe latest release of NomadBSD (or simply “Nomad”, as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.\nNomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.\n\n\n\nInitial setup\n\n\n\nBooting from the USB drive brings up a series of text-based menus which ask us to configure key parts of the operating system. We are asked to select our time zone, keyboard layout, keyboard model, keyboard mapping and our preferred language. While we can select options from a list, the options tend to be short and cryptic. Rather than “English (US)”, for example, we might be given “en_US”. We are also asked to create a password for the root user account and another one for a regular user which is called “nomad”. We can then select which shell nomad will use. The default is zsh, but there are plenty of other options, including csh and bash. We have the option of encrypting our user’s home directory.\nI feel it is important to point out that these settings, and nomad’s home directory, are stored on the USB drive. The options and settings we select will not be saved to our local hard drive and our configuration choices will not affect other operating systems already installed on our computer. At the end, the configuration wizard asks if we want to run the BSDstats service. This option is not explained at all, but it contacts BSDstats to provide some basic statistics on BSD users.\nThe system then takes a few minutes to apply its changes to the USB drive and automatically reboots the computer. While running the initial setup wizard, I had nearly identical experiences when running Nomad on a physical computer and running the operating system in a VirtualBox virtual machine. However, after the initial setup process was over, I had quite different experiences depending on the environment so I want to divide my experiences into two different sections.\n\n\n\nPhysical desktop computer\n\n\n\nAt first, Nomad failed to boot on my desktop computer. From the operating system’s boot loader, I enabled Safe Mode which allowed Nomad to boot. At that point, Nomad was able to start up, but would only display a text console. The desktop environment failed to start when running in Safe Mode.\nNetworking was also disabled by default and I had to enable a network interface and DHCP address assignment to connect to the Internet. Instructions for enabling networking can be found in FreeBSD’s Handbook. Once we are on-line we can use the pkg command line package manager to install and update software. Had the desktop environment worked then the Octopkg graphical package manager would also be available to make browsing and installing software a point-n-click experience.\nHad I been able to run the desktop for prolonged amounts of time I could have made use of such pre-installed items as the Firefox web browser, the VLC media player, LibreOffice and Thunderbird. Nomad offers a fairly small collection of desktop applications, but what is there is mostly popular, capable software.\nWhen running the operating system I noted that, with one user logged in, Nomad only runs 15 processes with the default configuration. These processes require less than 100MB of RAM, and the whole system fits comfortably on a 4GB USB drive.\n\n\n\nConclusions\n\n\n\nUltimately using Nomad was not a practical option for me. The operating system did not work well with my hardware, or the virtual environment. In the virtual machine, Nomad crashed consistently after just a few minutes of uptime. On the desktop computer, I could not get a desktop environment to run. The command line tools worked well, and the system performed tasks very quickly, but a command line only environment is not well suited to my workflow.\nI like the idea of what NomadBSD is offering. There are not many live desktop flavours of FreeBSD, apart from GhostBSD. It was nice to see developers trying to make a FreeBSD-based, plug-and-go operating system that would offer a desktop and persistent storage. I suspect the system would work and perform its stated functions on different hardware, but in my case my experiment was necessarily short lived.\n\n\n\n\n##Beastie Bits\n\n\nFreeBSD lockless algorithm - seq\nHappy Bob’s Libtls tutorial\nLocking OpenBSD when it’s sleeping\niio - The OpenBSD Way\nInstalling Hugo and Hosting Website on OpenBSD Server\nFosdem 2019 reminder: BSD devroom CfP\nOpenBGPD, gotta go fast! - Claudio Jeker\nProject Trident RC3 available\nFreeBSD 10.4 EOL\nPlay “Crazy Train” through your APU2 speaker\n\n\n\n\n##Feedback/Questions\n\n\nTobias - Satisfying my storage hunger and wallet pains\nLasse - Question regarding FreeBSD backups\n\nhttps://twitter.com/dlangille\nhttps://dan.langille.org/\n\n\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://distrowatch.com/weekly.php?issue=20181119#netbsd\"\u003eSome thoughts on NetBSD 8.0\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system’s clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations. While the base operating system is minimal, NetBSD users have access to a large repository of binary packages and a ports tree which I will touch upon later.\u003cbr\u003e\nI last tried NetBSD 7.0 about three years ago and decided it was time to test drive the operating system again. In the past three years NetBSD has introduced a few new features, many of them security enhancements. For example, NetBSD now supports write exclusive-or execute (W^X) protection and address space layout randomization (ASLR) to protect programs against common attacks. NetBSD 8.0 also includes USB3 support and the ability to work with ZFS storage volumes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEarly impressions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince I had set up NetBSD with a Full install and enabled xdm during the setup process, the operating system booted to a graphical login screen. From here we can sign into our account. The login screen does not provide options to shut down or restart the computer. Logging into our account brings up the twm window manager and provides a virtual terminal, courtesy of xterm. There is a panel that provides a method for logging out of the window manager. The twm environment is sparse, fast and devoid of distractions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSoftware management\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD ships with a fairly standard collection of command line tools and manual pages, but otherwise it is a fairly minimal platform. If we want to run network services, have access to a web browser, or use a word processor we are going to need to install more software. There are two main approaches to installing new packages. The first, and easier approach, is to use the pkgin package manager. The pkgin utility works much the same way APT or DNF work in the Linux world, or as pkg works on FreeBSD. We can search for software by name, install or remove items. I found pkgin worked well, though its output can be terse. My only complaint with pkgin is that it does not handle “close enough” package names. For example, if I tried to run “pkgin install vlc” or “pkgin install firefox” I would quickly be told these items did not exist. But a more forgiving package manager will realize items like vlc2 or firefox45 are available and offer to install those.\u003cbr\u003e\nThe pkgin tool installs new programs in the /usr/pkg/bin directory. Depending on your configuration and shell, this location may not be in your user’s path, and it will be helpful to adjust your PATH variable accordingly.\u003cbr\u003e\nThe other common approach to acquiring new software is to use the pkgsrc framework. I have talked about using pkgsrc before and I will skip the details. Basically, we can download a collection of recipes for building popular open source software and run a command to download and install these items from their source code. Using pkgsrc basically gives us the same software as using pkgin would, but with some added flexibility on the options we use.\u003cbr\u003e\nOnce new software has been installed, it may need to be enabled and activated, particularly if it uses (or is) a background service. New items can be enabled in the /etc/rc.conf file and started or stopped using the service command. This works about the same as the service command on FreeBSD and most non-systemd Linux distributions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHardware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI found that, when logged into the twm environment, NetBSD used about 130MB of RAM. This included kernel memory and all active memory. A fresh, Full install used up 1.5GB of disk space. I generally found NetBSD ran well in both VirtualBox and on my desktop computer. The system was quick and stable. I did have trouble getting a higher screen resolution in both environments. NetBSD does not offer VirtualBox add-on modules. There are NetBSD patches for VirtualBox out there, but there is some manual work involved in getting them working. When running on my desktop computer I think the resolution issue was one of finding and dealing with the correct video driver. Screen resolution aside, NetBSD performed well and detected all my hardware.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePersonal projects\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince NetBSD provides users with a small, core operating system without many utilities if we want to use NetBSD for something we need to have a project in mind. I had four mini projects in mind I wanted to try this week: install a desktop environment, enable file sharing for computers on the local network, test multimedia (video, audio and YouTube capabilities), and set up a ZFS volume for storage.\u003cbr\u003e\nI began with the desktop. Specifically, I followed the same tutorial I used three years ago to try to set up the Xfce desktop. While Xfce and its supporting services installed, I was unable to get a working desktop out of the experience. I could get the Xfce window manager working, but not the entire session. This tutorial worked beautifully with NetBSD 7.0, but not with version 8.0. Undeterred, I switched gears and installed Fluxbox instead. This gave me a slightly more powerful graphical environment than what I had before with twm while maintaining performance. Fluxbox ran without any problems, though its application menu was automatically populated with many programs which were not actually installed.\u003cbr\u003e\nNext, I tried installing a few multimedia applications to play audio and video files. Here I ran into a couple of interesting problems. I found the music players I installed would play audio files, but the audio was quite slow. It always sounded like a cassette tape dragging. When I tried to play a video, the entire graphical session would crash, taking me back to the login screen. When I installed Firefox, I found I could play YouTube videos, and the video played smoothly, but again the audio was unusually slow.\u003cbr\u003e\nI set up two methods of sharing files on the local network: OpenSSH and FTP. NetBSD basically gives us OpenSSH for free at install time and I added an FTP server through the pkgin package manager which worked beautifully with its default configuration.\u003cbr\u003e\nI experimented with ZFS support a little, just enough to confirm I could create and access ZFS volumes. ZFS seems to work on NetBSD just as well, and with the same basic features, as it does on FreeBSD and mainstream Linux distributions. I think this is a good feature for the portable operating system to have since it means we can stick NetBSD on nearly any networked computer and use it as a NAS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNetBSD, like its close cousins (FreeBSD and OpenBSD) does not do a lot of hand holding or automation. It offers a foundation that will run on most CPUs and we can choose to build on that foundation. I mention this because, on its own, NetBSD does not do much. If we want to get something out of it, we need to be willing to build on its foundation - we need a project. This is important to keep in mind as I think going into NetBSD and thinking, “Oh I’ll just explore around and expand on this as I go,” will likely lead to disappointment. I recommend figuring out what you want to do before installing NetBSD and making sure the required tools are available in the operating system’s repositories.\u003cbr\u003e\nSome of the projects I embarked on this week (using ZFS and setting up file sharing) worked well. Others, like getting multimedia support and a full-featured desktop, did not. Given more time, I’m sure I could find a suitable desktop to install (along with the required documentation to get it and its services running), or customize one based on one of the available window managers. However, any full featured desktop is going to require some manual work. Media support was not great. The right players and codecs were there, but I was not able to get audio to play smoothly.\u003cbr\u003e\nMy main complaint with NetBSD relates to my struggle to get some features working to my satisfaction: the documentation is scattered. There are four different sections of the project’s website for documentation (FAQs, The Guide, manual pages and the wiki). Whatever we are looking for is likely to be in one of those, but which one? Or, just as likely, the tutorial we want is not there, but is on a forum or blog somewhere. I found that the documentation provided was often thin, more of a quick reference to remind people how something works rather than a full explanation.\u003cbr\u003e\nAs an example, I found a couple of documents relating to setting up a firewall. One dealt with networking NetBSD on a LAN, another explored IPv6 support, but neither gave an overview on syntax or a basic guide to blocking all but one or two ports. It seemed like that information should already be known, or picked up elsewhere.\u003cbr\u003e\nNewcomers are likely to be a bit confused by software management guides for the same reason. Some pages refer to using a tool called pkg_add, others use pkgsrc and its make utility, others mention pkgin. Ultimately, these tools each give approximately the same result, but work differently and yet are mentioned almost interchangeably. I have used NetBSD before a few times and could stumble through these guides, but new users are likely to come away confused.\u003cbr\u003e\nOne quirk of NetBSD, which may be a security feature or an inconvenience, depending on one’s point of view, is super user programs are not included in regular users’ paths. This means we need to change our path if we want to be able to run programs typically used by root. For example, shutdown and mount are not in regular users’ paths by default. This made checking some things tricky for me.\u003cbr\u003e\nUltimately though, NetBSD is not famous for its convenience or features so much as its flexibility. The operating system will run on virtually any processor and should work almost identically across multiple platforms. That gives NetBSD users a good deal of consistency across a range of hardware and the chance to experiment with a member of the Unix family on hardware that might not be compatible with Linux or the other BSDs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://tech.mangot.com/blog/2018/11/08/showing-a-gigabit-openbsd-firewall-some-monitoring-love/\"\u003eShowing a Gigabit OpenBSD Firewall Some Monitoring Love\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have a pretty long history of running my home servers or firewalls on “exotic” hardware. At first, it was Sun Microsystem hardware, then it moved to the excellent Soekris line, with some cool single board computers thrown in the mix. Recently I’ve been running OpenBSD Octeon on the Ubiquiti Edge Router Lite, an amazing little piece of kit at an amazing price point.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpgrade Time!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis setup has served me for some time and I’ve been extremely happy with it. But, in the #firstworldproblems category, I recently upgraded the household to the amazing Gigabit fibre offering from Sonic. A great problem to have, but also too much of a problem for the little Edge Router Lite (ERL).\u003cbr\u003e\nThe way the OpenBSD PF firewall works, it’s only able to process packets on a single core. Not a problem for the dual-core 500 MHz ERL when you’re pushing under ~200 Mbps, but more of a problem when you’re trying to push 1000 Mbps.\u003cbr\u003e\nI needed something that was faster on a per core basis but still satisfied my usual firewall requirements. Loosely:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003esmall form factor\u003c/li\u003e\n\u003cli\u003efan-less\u003c/li\u003e\n\u003cli\u003emultiple Intel Ethernet ports (good driver support)\u003c/li\u003e\n\u003cli\u003elow power consumption\u003c/li\u003e\n\u003cli\u003enot your regular off-the-shelf kit\u003c/li\u003e\n\u003cli\u003erelatively inexpensive\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter evaluating a LOT of different options I settled on the Protectli Vault FW2B. With the specs required for the firewall (2 GB RAM and 8 GB drive) it comes in at a mere $239 USD! Installation of OpenBSD 6.4 was pretty straight forward, with the only problem I had was Etcher did not want to recognize the ‘.fs’ extension on the install image as bootable image. I quickly fixed this with good old Unix dd(1) on the Mac. Everything else was incredibly smooth.\u003cbr\u003e\nAfter loading the same rulesets on my new install, the results were fantastic!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMonitoring\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow that the machine was up and running (and fast!), I wanted to know what it was doing. Over the years, I’ve always relied on the venerable pfstat software to give me an overview of my traffic, blocked packets, etc. It looks like this:\u003cbr\u003e\nAs you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.\u003cbr\u003e\nI came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.\u003cbr\u003e\nA bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!\u003cbr\u003e\nAs you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.\u003cbr\u003e\nI came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.\u003cbr\u003e\nA bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e###\u003ca href=\"https://twobithistory.org/2018/11/12/cat.html\"\u003eThe Source History of Cat\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI once had a debate with members of my extended family about whether a computer science degree is a degree worth pursuing. I was in college at the time and trying to decide whether I should major in computer science. My aunt and a cousin of mine believed that I shouldn’t. They conceded that knowing how to program is of course a useful and lucrative thing, but they argued that the field of computer science advances so quickly that everything I learned would almost immediately be outdated. Better to pick up programming on the side and instead major in a field like economics or physics where the basic principles would be applicable throughout my lifetime.\u003cbr\u003e\nI knew that my aunt and cousin were wrong and decided to major in computer science. (Sorry, aunt and cousin!) It is easy to see why the average person might believe that a field like computer science, or a profession like software engineering, completely reinvents itself every few years. We had personal computers, then the web, then phones, then machine learning… technology is always changing, so surely all the underlying principles and techniques change too. Of course, the amazing thing is how little actually changes. Most people, I’m sure, would be stunned to know just how old some of the important software on their computer really is. I’m not talking about flashy application software, admittedly—my copy of Firefox, the program I probably use the most on my computer, is not even two weeks old. But, if you pull up the manual page for something like grep, you will see that it has not been updated since 2010 (at least on MacOS). And the original version of grep was written in 1974, which in the computing world was back when dinosaurs roamed Silicon Valley. People (and programs) still depend on grep every day.\u003cbr\u003e\nMy aunt and cousin thought of computer technology as a series of increasingly elaborate sand castles supplanting one another after each high tide clears the beach. The reality, at least in many areas, is that we steadily accumulate programs that have solved problems. We might have to occasionally modify these programs to avoid software rot, but otherwise they can be left alone.  grep is a simple program that solves a still-relevant problem, so it survives. Most application programming is done at a very high level, atop a pyramid of much older code solving much older problems. The ideas and concepts of 30 or 40 years ago, far from being obsolete today, have in many cases been embodied in software that you can still find installed on your laptop.\u003cbr\u003e\nI thought it would be interesting to take a look at one such old program and see how much it had changed since it was first written. cat is maybe the simplest of all the Unix utilities, so I’m going to use it as my example. Ken Thompson wrote the original implementation of cat in 1969. If I were to tell somebody that I have a program on my computer from 1969, would that be accurate? How much has cat really evolved over the decades? How old is the software on our computers?\u003cbr\u003e\nThanks to repositories like this one, we can see exactly how cat has evolved since 1969. I’m going to focus on implementations of cat that are ancestors of the implementation I have on my Macbook. You will see, as we trace cat from the first versions of Unix down to the cat in MacOS today, that the program has been rewritten more times than you might expect—but it ultimately works more or less the same way it did fifty years ago.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eResearch Unix\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKen Thompson and Dennis Ritchie began writing Unix on a PDP 7. This was in 1969, before C, so all of the early Unix software was written in PDP 7 assembly. The exact flavor of assembly they used was unique to Unix, since Ken Thompson wrote his own assembler that added some features on top of the assembler provided by DEC, the PDP 7’s manufacturer. Thompson’s changes are all documented in the original Unix Programmer’s Manual under the entry for as, the assembler.\u003cbr\u003e\nThe first implementation of cat is thus in PDP 7 assembly. I’ve added comments that try to explain what each instruction is doing, but the program is still difficult to follow unless you understand some of the extensions Thompson made while writing his assembler. There are two important ones. First, the ; character can be used to separate multiple statements on the same line. It appears that this was used most often to put system call arguments on the same line as the sys instruction. Second, Thompson added support for “temporary labels” using the digits 0 through 9. These are labels that can be reused throughout a program, thus being, according to the Unix Programmer’s Manual, “less taxing both on the imagination of the programmer and on the symbol space of the assembler.” From any given instruction, you can refer to the next or most recent temporary label n using nf and nb respectively. For example, if you have some code in a block labeled 1:, you can jump back to that block from further down by using the instruction jmp 1b. (But you cannot jump forward to that block from above without using jmp 1f instead.)\u003cbr\u003e\nThe most interesting thing about this first version of cat is that it contains two names we should recognize. There is a block of instructions labeled getc and a block of instructions labeled putc, demonstrating that these names are older than the C standard library. The first version of cat actually contained implementations of both functions. The implementations buffered input so that reads and writes were not done a character at a time.\u003cbr\u003e\nThe first version of cat did not last long. Ken Thompson and Dennis Ritchie were able to persuade Bell Labs to buy them a PDP 11 so that they could continue to expand and improve Unix. The PDP 11 had a different instruction set, so cat had to be rewritten. I’ve marked up this second version of cat with comments as well. It uses new assembler mnemonics for the new instruction set and takes advantage of the PDP 11’s various addressing modes. (If you are confused by the parentheses and dollar signs in the source code, those are used to indicate different addressing modes.) But it also leverages the  ; character and temporary labels just like the first version of cat, meaning that these features must have been retained when as was adapted for the PDP 11.\u003cbr\u003e\nThe second version of cat is significantly simpler than the first. It is also more “Unix-y” in that it doesn’t just expect a list of filename arguments—it will, when given no arguments, read from stdin, which is what cat still does today. You can also give this version of cat an argument of - to indicate that it should read from stdin.\u003cbr\u003e\nIn 1973, in preparation for the release of the Fourth Edition of Unix, much of Unix was rewritten in C. But cat does not seem to have been rewritten in C until a while after that. The first C implementation of cat only shows up in the Seventh Edition of Unix. This implementation is really fun to look through because it is so simple. Of all the implementations to follow, this one most resembles the idealized cat used as a pedagogic demonstration in K\u0026amp;R C. The heart of the program is the classic two-liner:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ewhile ((c = getc(fi)) != EOF)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eputchar(c);\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is of course quite a bit more code than that, but the extra code is mostly there to ensure that you aren’t reading and writing to the same file. The other interesting thing to note is that this implementation of cat only recognized one flag, -u. The -u flag could be used to avoid buffering input and output, which cat would otherwise do in blocks of 512 bytes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter the Seventh Edition, Unix spawned all sorts of derivatives and offshoots. MacOS is built on top of Darwin, which in turn is derived from the Berkeley Software Distribution (BSD), so BSD is the Unix offshoot we are most interested in. BSD was originally just a collection of useful programs and add-ons for Unix, but it eventually became a complete operating system. BSD seems to have relied on the original cat implementation up until the fourth BSD release, known as 4BSD, when support was added for a whole slew of new flags. The 4BSD implementation of cat is clearly derived from the original implementation, though it adds a new function to implement the behavior triggered by the new flags. The naming conventions already used in the file were adhered to—the fflg variable, used to mark whether input was being read from stdin or a file, was joined by nflg, bflg, vflg, sflg, eflg, and  tflg, all there to record whether or not each new flag was supplied in the invocation of the program. These were the last command-line flags added to  cat; the man page for cat today lists these flags and no others, at least on Mac OS. 4BSD was released in 1980, so this set of flags is 38 years old.\u003cbr\u003e\ncat would be entirely rewritten a final time for BSD Net/2, which was, among other things, an attempt to avoid licensing issues by replacing all AT\u0026amp;T Unix-derived code with new code. BSD Net/2 was released in 1991. This final rewrite of cat was done by Kevin Fall, who graduated from Berkeley in 1988 and spent the next year working as a staff member at the Computer Systems Research Group (CSRG). Fall told me that a list of Unix utilities still implemented using AT\u0026amp;T code was put up on a wall at CSRG and staff were told to pick the utilities they wanted to reimplement. Fall picked cat and  mknod. The cat implementation bundled with MacOS today is built from a source file that still bears his name at the very top. His version of cat, even though it is a relatively trivial program, is today used by millions.\u003cbr\u003e\nFall’s original implementation of cat is much longer than anything we have seen so far. Other than support for a -? help flag, it adds nothing in the way of new functionality. Conceptually, it is very similar to the 4BSD implementation. It is only longer because Fall separates the implementation into a “raw” mode and a “cooked” mode. The “raw” mode is cat classic; it prints a file character for character. The “cooked” mode is cat with all the 4BSD command-line options. The distinction makes sense but it also pads out the implementation so that it seems more complex at first glance than it actually is. There is also a fancy error handling function at the end of the file that further adds to its length.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMacOS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe very first release of Mac OS X thus includes an implementation of cat pulled from the NetBSD project. So the first Mac OS X implementation of cat is Kevin Fall’s cat. The only thing that had changed over the intervening decade was that Fall’s error-handling function err() was removed and the err() function made available by err.h was used in its place. err.h is a BSD extension to the C standard library.\u003cbr\u003e\nThe NetBSD implementation of cat was later swapped out for FreeBSD’s implementation of cat. According to Wikipedia, Apple began using FreeBSD instead of NetBSD in Mac OS X 10.3 (Panther). But the Mac OS X implementation of cat, according to Apple’s own open source releases, was not replaced until Mac OS X 10.5 (Leopard) was released in 2007. The FreeBSD implementation that Apple swapped in for the Leopard release is the same implementation on Apple computers today. As of 2018, the implementation has not been updated or changed at all since 2007.\u003cbr\u003e\nSo the Mac OS cat is old. As it happens, it is actually two years older than its 2007 appearance in MacOS X would suggest. This 2005 change, which is visible in FreeBSD’s Github mirror, was the last change made to FreeBSD’s cat before Apple pulled it into Mac OS X. So the Mac OS X cat implementation, which has not been kept in sync with FreeBSD’s cat implementation, is officially 13 years old. There’s a larger debate to be had about how much software can change before it really counts as the same software; in this case, the source file has not changed at all since 2005.\u003cbr\u003e\nThe cat implementation used by Mac OS today is not that different from the implementation that Fall wrote for the 1991 BSD Net/2 release. The biggest difference is that a whole new function was added to provide Unix domain socket support. At some point, a FreeBSD developer also seems to have decided that Fall’s raw_args() function and cook_args() should be combined into a single function called scanfiles(). Otherwise, the heart of the program is still Fall’s code.\u003cbr\u003e\nI asked Fall how he felt about having written the cat implementation now used by millions of Apple users, either directly or indirectly through some program that relies on cat being present. Fall, who is now a consultant and a co-author of the most recent editions of TCP/IP Illustrated, says that he is surprised when people get such a thrill out of learning about his work on cat. Fall has had a long career in computing and has worked on many high-profile projects, but it seems that many people still get most excited about the six months of work he put into rewriting cat in 1989.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Hundred-Year-Old Program\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the grand scheme of things, computers are not an old invention. We’re used to hundred-year-old photographs or even hundred-year-old camera footage. But computer programs are in a different category—they’re high-tech and new. At least, they are now. As the computing industry matures, will we someday find ourselves using programs that approach the hundred-year-old mark?\u003cbr\u003e\nComputer hardware will presumably change enough that we won’t be able to take an executable compiled today and run it on hardware a century from now. Perhaps advances in programming language design will also mean that nobody will understand C in the future and cat will have long since been rewritten in another language. (Though C has already been around for fifty years, and it doesn’t look like it is about to be replaced any time soon.) But barring all that, why not just keep using the cat we have forever?\u003cbr\u003e\nI think the history of cat shows that some ideas in computer science are in fact very durable. Indeed, with cat, both the idea and the program itself are old. It may not be accurate to say that the cat on my computer is from 1969. But I could make a case for saying that the cat on my computer is from 1989, when Fall wrote his implementation of cat. Lots of other software is just as ancient. So maybe we shouldn’t think of computer science and software development primarily as fields that disrupt the status quo and invent new things. Our computer systems are built out of historical artifacts. At some point, we may all spend more time trying to understand and maintain those historical artifacts than we spend writing new code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/\"\u003eTrivial Bug in X.Org Gives Root Permission on Linux and BSD Systems\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using \u003ca href=\"http://X.Org\"\u003eX.Org\u003c/a\u003e server, the open source implementation of the X Window System that offers the graphical environment.\u003cbr\u003e\nThe flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePrivilege escalation and arbitrary file overwrite\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAn advisory on Thursday describes the problem as an “incorrect command-line parameter validation” that also allows an attacker to overwrite arbitrary files.\u003cbr\u003e\nPrivilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the \u003ca href=\"http://X.org\"\u003eX.org\u003c/a\u003e server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBug could have been avoided in OpenBSD 6.4\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD, the free and open-source operating system with a strong focus on security, uses xorg. On October 18, the project released version 6.4 of the OS, affected by CVE-2018-14665. This could have been avoided, though.\u003cbr\u003e\nTheo de Raadt, founder and leader of the OpenBSD project, says that X maintainer knew about the problem since at least October 11. For some reason, the OpenBSD developers received the message one hour before the public announcement this Thursday, a week after their new OS release.\u003cbr\u003e\n“As yet we don’t have answers about why our X maintainer (on the X security team) and his team provided information to other projects (some who don’t even ship with this new X server) but chose to not give us a heads-up which could have saved all the new 6.4 users a lot of grief,” Raadt says.\u003cbr\u003e\nHad OpenBSD developers known about the bug before the release, they could have taken steps to mitigate the problem or delay the launch for a week or two.\u003cbr\u003e\nTo remedy the problem, the OpenBSD project provides a source code patch, which requires compiling and rebuilding the X server.\u003cbr\u003e\nAs a temporary solution, users can disable the Xorg binary by running the following command:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003echmod u-s /usr/X11R6/bin/Xorg\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTrivial exploitation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCVE-2018-14665 does not help compromise systems, but it is useful in the following stages of an attack.\u003cbr\u003e\nLeveraging it after gaining access to a vulnerable machine is fairly easy. Matthew Hickey, co-founder, and head of Hacker House security outfit created and published an exploit, saying that it can be triggered from a remote SSH session.\u003cbr\u003e\nThree hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line that overwrote shadow files on the system. Hickey did one better and fit the entire local privilege escalation exploit in one line.\u003cbr\u003e\nApart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro  Red Hat Enterprise Linux along with its community-supported counterpart CentOS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/\"\u003eOpenBSD on the Desktop: some thoughts\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.\u003cbr\u003e\nThe OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative.\u003cbr\u003e\nYou need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI.\u003cbr\u003e\nThat’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS.\u003cbr\u003e\nTheir development process is purely based on developers that love to contribute and hack around, just because it’s fun.\u003cbr\u003e\nEven the mailing list is a cool place to hang on!\u003cbr\u003e\nCode correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.\u003cbr\u003e\nI like the idea of a platform that continually evolves.\u003cbr\u003e\npledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.\u003cbr\u003e\nI like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.\u003cbr\u003e\nJust install a browser and you’re ready to go.\u003cbr\u003e\nManual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares.\u003cbr\u003e\nThey help you understand inner workings of the operating system, no internet connection needed.\u003cbr\u003e\nThere are some trade-offs, too.\u003cbr\u003e\nPerformance is not first-class, mostly because of all the security mitigations and checks done at runtime3.\u003cbr\u003e\nI write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference.\u003cbr\u003e\nBrowsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems.\u003cbr\u003e\nBut again, trade-offs.\u003cbr\u003e\nTo use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://distrowatch.com/weekly.php?issue=20180813#nomadbsd\"\u003eReview: NomadBSD 1.1\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: “NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.”\u003cbr\u003e\nThe latest release of NomadBSD (or simply “Nomad”, as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.\u003cbr\u003e\nNomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInitial setup\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBooting from the USB drive brings up a series of text-based menus which ask us to configure key parts of the operating system. We are asked to select our time zone, keyboard layout, keyboard model, keyboard mapping and our preferred language. While we can select options from a list, the options tend to be short and cryptic. Rather than “English (US)”, for example, we might be given “en_US”. We are also asked to create a password for the root user account and another one for a regular user which is called “nomad”. We can then select which shell nomad will use. The default is zsh, but there are plenty of other options, including csh and bash. We have the option of encrypting our user’s home directory.\u003cbr\u003e\nI feel it is important to point out that these settings, and nomad’s home directory, are stored on the USB drive. The options and settings we select will not be saved to our local hard drive and our configuration choices will not affect other operating systems already installed on our computer. At the end, the configuration wizard asks if we want to run the BSDstats service. This option is not explained at all, but it contacts BSDstats to provide some basic statistics on BSD users.\u003cbr\u003e\nThe system then takes a few minutes to apply its changes to the USB drive and automatically reboots the computer. While running the initial setup wizard, I had nearly identical experiences when running Nomad on a physical computer and running the operating system in a VirtualBox virtual machine. However, after the initial setup process was over, I had quite different experiences depending on the environment so I want to divide my experiences into two different sections.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhysical desktop computer\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt first, Nomad failed to boot on my desktop computer. From the operating system’s boot loader, I enabled Safe Mode which allowed Nomad to boot. At that point, Nomad was able to start up, but would only display a text console. The desktop environment failed to start when running in Safe Mode.\u003cbr\u003e\nNetworking was also disabled by default and I had to enable a network interface and DHCP address assignment to connect to the Internet. Instructions for enabling networking can be found in FreeBSD’s Handbook. Once we are on-line we can use the pkg command line package manager to install and update software. Had the desktop environment worked then the Octopkg graphical package manager would also be available to make browsing and installing software a point-n-click experience.\u003cbr\u003e\nHad I been able to run the desktop for prolonged amounts of time I could have made use of such pre-installed items as the Firefox web browser, the VLC media player, LibreOffice and Thunderbird. Nomad offers a fairly small collection of desktop applications, but what is there is mostly popular, capable software.\u003cbr\u003e\nWhen running the operating system I noted that, with one user logged in, Nomad only runs 15 processes with the default configuration. These processes require less than 100MB of RAM, and the whole system fits comfortably on a 4GB USB drive.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUltimately using Nomad was not a practical option for me. The operating system did not work well with my hardware, or the virtual environment. In the virtual machine, Nomad crashed consistently after just a few minutes of uptime. On the desktop computer, I could not get a desktop environment to run. The command line tools worked well, and the system performed tasks very quickly, but a command line only environment is not well suited to my workflow.\u003cbr\u003e\nI like the idea of what NomadBSD is offering. There are not many live desktop flavours of FreeBSD, apart from GhostBSD. It was nice to see developers trying to make a FreeBSD-based, plug-and-go operating system that would offer a desktop and persistent storage. I suspect the system would work and perform its stated functions on different hardware, but in my case my experiment was necessarily short lived.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/50/\"\u003eFreeBSD lockless algorithm - seq\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bob-beck/libtls/blob/master/TUTORIAL.md\"\u003eHappy Bob’s Libtls tutorial\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://chown.me/blog/locking-openbsd-when-sleeping.html\"\u003eLocking OpenBSD when it’s sleeping\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.geoghegan.ca/serviio.html\"\u003eiio - The OpenBSD Way\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdboy.ml/blog/installing-hugo-and-hosting-on-openbsd.html\"\u003eInstalling Hugo and Hosting Website on OpenBSD Server\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.osorio.me/post.php?idpost=1\"\u003eFosdem 2019 reminder: BSD devroom CfP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=4gOoPxGKKjA\u0026amp;feature=youtu.be\"\u003eOpenBGPD, gotta go fast! - Claudio Jeker\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://project-trident.org/post/2018-11-10_rc3-available/\"\u003eProject Trident RC3 available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2018-November/001849.html\"\u003eFreeBSD 10.4 EOL\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd.network/@ephemeris/101073578346815313\"\u003ePlay “Crazy Train” through your APU2 speaker\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTobias - \u003ca href=\"http://dpaste.com/174WGEY#wrap\"\u003eSatisfying my storage hunger and wallet pains\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLasse - \u003ca href=\"http://dpaste.com/1QBMH73\"\u003eQuestion regarding FreeBSD backups\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/dlangille\"\u003ehttps://twitter.com/dlangille\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dan.langille.org/\"\u003ehttps://dan.langille.org/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003c/ul\u003e\u003cbr\u003e\n\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"Thoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review.","date_published":"2018-11-23T02:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/19a116b3-098d-40a2-bf74-28c99f8023e1.mp3","mime_type":"audio/mp3","size_in_bytes":44912747,"duration_in_seconds":4472}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2899","title":"Episode 272: Detain the bhyve | BSD Now 272","url":"https://www.bsdnow.tv/272","content_text":"Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.\n##Headlines ###The byproducts of reading OpenBSD netcat code  When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process. (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff. (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future. (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it. (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part. Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.   ###What I learned from porting my projects to FreeBSD  Introduction   I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.    The Projects   https://github.com/shlomif/shlomif-computer-settings/ (my dotfiles).   https://web-cpan.shlomifish.org/latemp/   https://fc-solve.shlomifish.org/   https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/   https://better-scm.shlomifish.org/source/   http://perl-begin.org/source/   https://www.shlomifish.org/meta/site-source/   Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.   Work fine on several Linux distributions and have https://en.wikipedia.org/wiki/Travis_CI using Ubuntu 14.04 hosts   Some pass builds and tests on AppVeyor/Win64   What I Learned:   FreeBSD on VBox has become very reliable   Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin   make on FreeBSD is not GNU make   m4 on FreeBSD is not compatible with GNU m4   Some CPAN Modules fail to install using local-lib there   DocBook/XSL Does Not Live Under /usr/share/sgml   FreeBSD’s grep does not have a “-P” flag by default   FreeBSD has no “nproc” command   Conclusion:   It is easier to port a shell than a shell script. — Larry Wall   I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.    ##News Roundup ###OpenBSD’s unveil()  One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux. The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job. In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access. Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:  int unveil(const char *path, const char *permissions);  A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path. Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply. Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile. unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source. One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.   ###NetBSD Virtual Machine Monitor (NVVM)  NetBSD Virtual Machine Monitor   The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.   Download   The source code of NVMM, plus the associated tools, can be downloaded here.   Technical details   NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM. Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs. Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism. The host must always be x86_64, but the guest has no constraint on the mode, so it can be x86_32, PAE, real mode, and so on. The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs. When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch. The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.   ###What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)  I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc): I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description. Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem. This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.) In general, there are three different relationships between services that I tend to encounter:    a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.   a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)   an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)    Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later? My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.   (In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)   ###Jailing The bhyve Hypervisor  As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve. You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD. The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.   A Gentle History Lesson   At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict WX are all applied to bhyve, making it an extremely hardened hypervisor. So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAP_GUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.   Initial Setup   We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail. I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail. By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.    We will use the following in our jail, so we will need to set up devfs(8) rules for them:   A ZFS volume   A null-modem device (nmdm(4))   UEFI GOP (no devfs rule, but IP assigned to the jail)   A tap device   Conclusion    The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:   PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement) PaX NOEXEC is fully applied (strict WX) (HardenedBSD enhancement) Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement) Full RELRO (RELRO + BIND_NOW) is fully applied (HardenedBSD enhancement) SafeStack is applied to the application (HardenedBSD enhancement) Jailed (FreeBSD feature written by HardenedBSD) Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD) Capsicum is fully applied (FreeBSD feature)   Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)   ##Beastie Bits  GhostBSD 18.10 has been released Project Trident RC3 has been released The OpenBSD Foundation receives the first Silver contribution from a single individual Monitoring pf logs gource NetBSD on the RISC-V is alive The X hole Announcing the pkgsrc-2018Q3 release (2018-10-05) NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT UNIX (as we know it) might not have existed without Mrs. Thompson Free Pizza for your dev events Portland BSD Pizza Night: Nov 29th 7pm   ##Feedback/Questions  Dennis - Core developers leaving illumOS? Ben - Jumping from snapshot to snapshot Ias - Question about ZFS snapshots    Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv  ","content_html":"\u003cp\u003eByproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what \u0026#39;dependency\u0026#39; means in Unix init systems, jailing bhyve, and more.\u003cbr\u003e\n\u003cp\u003e##Headlines\u003cbr\u003e ###\u003ca href=\"https://nanxiao.me/en/the-byproducts-of-reading-openbsd-netcat-code/\"\u003eThe byproducts of reading OpenBSD netcat code\u003c/a\u003e\u003c/p\u003e \u003cblockquote\u003e \u003cp\u003eWhen I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.\u003cbr\u003e (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.\u003cbr\u003e (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.\u003cbr\u003e (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.\u003cbr\u003e (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.\u003cbr\u003e Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.\u003c/p\u003e \u003c/blockquote\u003e \u003chr\u003e \u003cp\u003e###\u003ca href=\"https://github.com/shlomif/what-i-learned-from-porting-to-freebsd#what-i-learned-from-porting-my-projects-to-freebsd\"\u003eWhat I learned from porting my projects to FreeBSD\u003c/a\u003e\u003c/p\u003e \u003cul\u003e \u003cli\u003eIntroduction\u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eI set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eThe Projects\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e\u003ca href=\"https://github.com/shlomif/shlomif-computer-settings/\"\u003e\u003ca href=\"https://github.com/shlomif/shlomif-computer-settings/\" rel=\"nofollow\"\u003ehttps://github.com/shlomif/shlomif-computer-settings/\u003c/a\u003e\u003c/a\u003e (my dotfiles).\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e\u003ca href=\"https://web-cpan.shlomifish.org/latemp/\"\u003e\u003ca href=\"https://web-cpan.shlomifish.org/latemp/\" rel=\"nofollow\"\u003ehttps://web-cpan.shlomifish.org/latemp/\u003c/a\u003e\u003c/a\u003e\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e\u003ca href=\"https://fc-solve.shlomifish.org/\"\u003e\u003ca href=\"https://fc-solve.shlomifish.org/\" rel=\"nofollow\"\u003ehttps://fc-solve.shlomifish.org/\u003c/a\u003e\u003c/a\u003e\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e\u003ca href=\"https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/\"\u003e\u003ca href=\"https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/\" rel=\"nofollow\"\u003ehttps://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/\u003c/a\u003e\u003c/a\u003e\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e\u003ca href=\"https://better-scm.shlomifish.org/source/\"\u003e\u003ca href=\"https://better-scm.shlomifish.org/source/\" rel=\"nofollow\"\u003ehttps://better-scm.shlomifish.org/source/\u003c/a\u003e\u003c/a\u003e\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e\u003ca href=\"http://perl-begin.org/source/\"\u003e\u003ca href=\"http://perl-begin.org/source/\" rel=\"nofollow\"\u003ehttp://perl-begin.org/source/\u003c/a\u003e\u003c/a\u003e\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e\u003ca href=\"https://www.shlomifish.org/meta/site-source/\"\u003e\u003ca href=\"https://www.shlomifish.org/meta/site-source/\" rel=\"nofollow\"\u003ehttps://www.shlomifish.org/meta/site-source/\u003c/a\u003e\u003c/a\u003e\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eWritten using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eWork fine on several Linux distributions and have \u003ca href=\"https://en.wikipedia.org/wiki/Travis_CI\"\u003e\u003ca href=\"https://en.wikipedia.org/wiki/Travis_CI\" rel=\"nofollow\"\u003ehttps://en.wikipedia.org/wiki/Travis_CI\u003c/a\u003e\u003c/a\u003e using Ubuntu 14.04 hosts\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eSome pass builds and tests on AppVeyor/Win64\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eWhat I Learned:\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eFreeBSD on VBox has become very reliable\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eSome executables on FreeBSD are in /usr/local/bin instead of /usr/bin\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003emake on FreeBSD is not GNU make\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003em4 on FreeBSD is not compatible with GNU m4\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eSome CPAN Modules fail to install using local-lib there\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eDocBook/XSL Does Not Live Under /usr/share/sgml\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eFreeBSD’s grep does not have a “-P” flag by default\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eFreeBSD has no “nproc” command\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eConclusion:\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eIt is easier to port a shell than a shell script. — Larry Wall\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eI ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.\u003c/p\u003e \u003c/li\u003e \u003c/ul\u003e \u003chr\u003e \u003cp\u003e##News Roundup\u003cbr\u003e ###\u003ca href=\"https://lwn.net/Articles/767137/\"\u003eOpenBSD’s unveil()\u003c/a\u003e\u003c/p\u003e \u003cblockquote\u003e \u003cp\u003eOne of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.\u003cbr\u003e The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.\u003cbr\u003e In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.\u003cbr\u003e Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:\u003c/p\u003e \u003c/blockquote\u003e \u003cp\u003e\u003ccode\u003eint unveil(const char *path, const char *permissions);\u003c/code\u003e\u003c/p\u003e \u003cblockquote\u003e \u003cp\u003eA process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.\u003cbr\u003e Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.\u003cbr\u003e Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.\u003cbr\u003e unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.\u003cbr\u003e One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.\u003c/p\u003e \u003c/blockquote\u003e \u003chr\u003e \u003cp\u003e###\u003ca href=\"http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html\"\u003eNetBSD Virtual Machine Monitor (NVVM)\u003c/a\u003e\u003c/p\u003e \u003cul\u003e \u003cli\u003eNetBSD Virtual Machine Monitor\u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eThe NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003eDownload\u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eThe source code of NVMM, plus the associated tools, can be downloaded here.\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003eTechnical details\u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eNVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.\u003cbr\u003e Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.\u003cbr\u003e Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.\u003cbr\u003e The host must always be x86_64, but the guest has no constraint on the mode, so it can be x86_32, PAE, real mode, and so on.\u003cbr\u003e The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.\u003cbr\u003e When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.\u003cbr\u003e The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.\u003c/p\u003e \u003c/blockquote\u003e \u003chr\u003e \u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InitDependencyUnclear\"\u003eWhat ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)\u003c/a\u003e\u003c/p\u003e \u003cblockquote\u003e \u003cp\u003eI was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):\u003cbr\u003e I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.\u003cbr\u003e Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.\u003cbr\u003e This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)\u003cbr\u003e In general, there are three different relationships between services that I tend to encounter:\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003ea hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003ea want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003ean ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)\u003c/p\u003e \u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eGiven these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?\u003cbr\u003e My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003e(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)\u003c/li\u003e \u003c/ul\u003e \u003chr\u003e \u003cp\u003e###\u003ca href=\"https://github.com/lattera/articles/blob/master/freebsd/2018-10-27_jailed_bhyve/article.md\"\u003eJailing The bhyve Hypervisor\u003c/a\u003e\u003c/p\u003e \u003cblockquote\u003e \u003cp\u003eAs FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.\u003cbr\u003e You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.\u003cbr\u003e The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003eA Gentle History Lesson\u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eAt work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W\u003csup\u003eX\u003c/sup\u003e are all applied to bhyve, making it an extremely hardened hypervisor.\u003cbr\u003e So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAP_GUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003eInitial Setup\u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eWe will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.\u003cbr\u003e I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.\u003cbr\u003e By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eWe will use the following in our jail, so we will need to set up devfs(8) rules for them:\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eA ZFS volume\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eA null-modem device (nmdm(4))\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eUEFI GOP (no devfs rule, but IP assigned to the jail)\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eA tap device\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eConclusion\u003c/p\u003e \u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eThe bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:\u003c/p\u003e \u003c/blockquote\u003e \u003cul\u003e \u003cli\u003ePaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)\u003c/li\u003e \u003cli\u003ePaX NOEXEC is fully applied (strict W\u003csup\u003eX)\u003c/sup\u003e (HardenedBSD enhancement)\u003c/li\u003e \u003cli\u003eNon-Cross-DSO CFI is fully applied (HardenedBSD enhancement)\u003c/li\u003e \u003cli\u003eFull RELRO (RELRO + BIND_NOW) is fully applied (HardenedBSD enhancement)\u003c/li\u003e \u003cli\u003eSafeStack is applied to the application (HardenedBSD enhancement)\u003c/li\u003e \u003cli\u003eJailed (FreeBSD feature written by HardenedBSD)\u003c/li\u003e \u003cli\u003eVirtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)\u003c/li\u003e \u003cli\u003eCapsicum is fully applied (FreeBSD feature)\u003c/li\u003e \u003c/ul\u003e \u003cblockquote\u003e \u003cp\u003eBad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)\u003c/p\u003e \u003c/blockquote\u003e \u003chr\u003e \u003cp\u003e##Beastie Bits\u003c/p\u003e \u003cul\u003e \u003cli\u003e\u003ca href=\"https://www.ghostbsd.org/18.10_release_announcement\"\u003eGhostBSD 18.10 has been released\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"http://project-trident.org/post/2018-11-10_rc3-available/\"\u003eProject Trident RC3 has been released\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20181022130631\"\u003eThe OpenBSD Foundation receives the first Silver contribution from a single individual\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"http://www.echothrust.com/blogs/monitoring-pf-logs-gource\"\u003eMonitoring pf logs gource\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://twitter.com/zmcgrew/status/1055682596812730368\"\u003eNetBSD on the RISC-V is alive\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026amp;m=154050351216908\u0026amp;w=2\"\u003eThe X hole\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2018/10/05/msg027525.html\"\u003eAnnouncing the pkgsrc-2018Q3 release (2018-10-05)\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://an.undulating.space/post/180927-er_alternate_firmware_benchmarks/\"\u003eNAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://www.princeton.edu/~hos/mike/transcripts/thompson.htm\"\u003eUNIX (as we know it) might not have existed without Mrs. Thompson\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://www.freepizza.io/\"\u003eFree Pizza for your dev events\u003c/a\u003e\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://calagator.org/events/1250474530\"\u003ePortland BSD Pizza Night: Nov 29th 7pm\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003chr\u003e \u003cp\u003e##Feedback/Questions\u003c/p\u003e \u003cul\u003e \u003cli\u003eDennis - \u003ca href=\"http://dpaste.com/36JB7EC#wrap\"\u003eCore developers leaving illumOS?\u003c/a\u003e\u003c/li\u003e \u003cli\u003eBen - \u003ca href=\"http://dpaste.com/1R36Z32#wrap\"\u003eJumping from snapshot to snapshot\u003c/a\u003e\u003c/li\u003e \u003cli\u003eIas - \u003ca href=\"http://dpaste.com/1CC86MX\"\u003eQuestion about ZFS snapshots\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003chr\u003e \u003cul\u003e \u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003e\u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003chr\u003e\u003c/p\u003e","summary":"Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.","date_published":"2018-11-15T13:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/23422ca9-e188-4755-aaf1-295422643d21.mp3","mime_type":"audio/mp3","size_in_bytes":41375491,"duration_in_seconds":4119}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2867","title":"Episode 271: Automatic Drive Tests | BSD Now 271","url":"https://www.bsdnow.tv/271","content_text":"MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.\n\n##Headlines\n###MidnightBSD 1.0 now available\n\n\nI’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools.\nOf particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD.\nThe 1.0 release is finally available. Still building packages for i386 and plan to do an amd64 package build later in the week. The single largest issue with the release process has been the web server performance. The CPU is overloaded and has been at solid 100% for several days. The server has a core i7 7700 in it. I’m trying to figure out what to buy as an upgrade so that we don’t continue to have this issue going forward. As it’s actually blocked in multiple processes, a 6 or 8 core chip might be an improvement for the workload…\n\n\n\nDownload links: https://www.midnightbsd.org/download/\nhttps://www.youtube.com/watch?time_continue=33\u0026amp;v=-rlk2wFsjJ4\n\n\n\n\n###MeetBSD Review\n\n\nMeetBSD 2018 took place at the sprawling Intel Santa Clara campus. The venue itself felt more like an olive branch than a simple friendly gesture by Intel. In truth it felt like a bit of an apology. You get the subtle sense they feel bad about how the BSD’s were treated with the Meltdown and Specter flaws. In fact, you may be right to think they felt a bit sorry towards the entire open source community.\n\n\n\nMeetBSD 2018\n\n\n\nAt most massive venues the parking is the first concern, not so here - in fact that was rather straightforward. No, the real challenge is navigating the buildings. Luckily I had help from navigator extraordinaire, Hadea, who located the correct building, SC12 quickly. Finding the entrance took a moment or two though. The lobby itself was converted by iXsystems efficiently into the MeetBSD expo hall, clean, efficient and roomy with registration, some seating, and an extra conference room for on-on-one sessions. On day two sponsor booths were also setup. All who showed up on day one were warmly greeted with badges, lanyards and goodies by Denise and her friendly team.\nLike every great BSD event, plenty of food was made available. And as always they make it look effortless. These events showcase iXsystem’s inherent generosity toward its community; with breakfast items in the back of the main auditorium room in the morning, boxed lunches, fruit and cookies at lunch time, and snacks for the rest of the day. But just in case your still hungry, there is a pizza meetup in another Intel room after day one and two.\nMeetBSD leverages it’s realistically small crowd size on day one. The morning starts off with introductions of the entire group, the mic is passed around the room.\nThe group is a good mix of pros in the industry (such as Juniper, Intel, Ebay, Groupon, Cisco, etc), iX staff, and a few enthusiast. Lots of people with a focus or passion for networking. And, of course, some friendly Linux bashing went down for good measure, always followed by a good natured chuckle.\n\n\n\nMeetBSD Gives me The Feels\n\n\n\nI find that I am subtly unnerved at this venue, and at lunch I saw it clearly. I have always had a strong geek radar, allowing me to navigate a new area (like Berkeley for MeetBSD of 2016, or even SCALE earlier this year in Pasadena), and in a glance I can see who is from my conference and who isn’t. This means it is easy, nearly effortless to know who to greet with a smile and a wave. These are MY people. Here at the Intel campus though it is different. The drive in alone reveals behemoth complexes all with well known tech names prominently displayed. This is Silicon Valley, and all of these people look like MY people. So much for knowing who’s from my conference. Thank goodness for those infamous BSD horns. None-the-less I am struck by how massive these tech giants are. And Intel is one of the largest of those giants, and see the physical reminders of this fact brought home the significance that they had opened their doors, wifi, and bathrooms to the BSD community.\n\n\n\n\n###[EuroBSDcon 2018 Trip Reports]\nhttps://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/\nhttps://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/\nhttps://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/\n\n\n\n##News Roundup\n###DNS over TLS in FreeBSD 12\n\n\nWith the arrival of OpenSSL 1.1.1, an upgraded Unbound, and some changes to the setup and init scripts, FreeBSD 12.0, currently in beta, now supports DNS over TLS out of the box.\nDNS over TLS is just what it sounds like: DNS over TCP, but wrapped in a TLS session. It encrypts your requests and the server’s replies, and optionally allows you to verify the identity of the server. The advantages are protection against eavesdropping and manipulation of your DNS traffic; the drawbacks are a slight performance degradation and potential firewall traversal issues, as it runs over a non-standard port (TCP port 853) which may be blocked on some networks. Let’s take a look at how to set it up.\n\n\n\nConclusion\n\n\n\nWe’ve seen how to set up Unbound—specifically, the local_unbound service in FreeBSD 12.0—to use DNS over TLS instead of plain UDP or TCP, using Cloudflare’s public DNS service as an example. We’ve looked at the performance impact, and at how to ensure (and verify) that Unbound validates the server certificate to prevent man-in-the-middle attacks.\nThe question that remains is whether it is all worth it. There is undeniably a performance hit, though this may improve with TLS 1.3. More importantly, there are currently very few DNS-over-TLS providers—only one, really, since Quad9 filter their responses—and you have to weigh the advantage of encrypting your DNS traffic against the disadvantage of sending it all to a single organization. I can’t answer that question for you, but I can tell you that the parameters are evolving quickly, and if your answer is negative today, it may not remain so for long. More providers will appear. Performance will improve with TLS 1.3 and QUIC. Within a year or two, running DNS over TLS may very well become the rule rather than the experimental exception.\n\n\n\n\n###Upgrading OpenBSD with Ansible\n\n\nMy router runs OpenBSD -current\n\n\n\nA few months ago, I needed software that had just hit the ports tree. I didn’t want to wait for the next release, so I upgraded my router to use -current. Since then, I’ve continued running -current, which means upgrading to a newer snapshot every so often. Running -current is great, but the process of updating to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable and then reboot into bsd.rd, hit enter ten times, then reboot, run sysmerge and update packages.\nI eventually switched to upobsd to be able to upgrade without the need for a serial connection. The process was better, but still tiresome. Usually, I would prepare the special version of bsd.rd, boot on bsd.rd, and do something like wash the dishes in the meantime. After about ten minutes, I would dry my hands and then go back to my workstation to see whether the bsd.rd part had finished so I could run sysmerge and pkg_add, and then return to the dishes while it upgraded packages.\nOut of laziness, I thought: “I should automate this,” but what happened instead is that I simply didn’t upgrade that machine very often. (Yes, laziness). With my router out of commission, life is very dull, because it is my gateway to the Internet. Even services hosted at my place (like my Mastodon instance) are not reachable when the router is down because I use multiple VLANs (so I need the router to jump across VLANs).\n\n\n\nAnsible Reboot Module\n\n\n\nI recently got a new job, and one of my first tasks was auditing the Ansible roles written by my predecessors. In one role, the machine rebooted and they used the wait_for_connection module to wait for it to come back up. That sounded quite hackish to me, so out of curiosity, I tried to determine whether there was a better way. I also thought I might be able to use something similar to further automate my OpenBSD upgrades, and wanted to assess the cleanliness of this method. ;-)\nI learned that with the then-upcoming 2.7 Ansible release, a proper reboot module would be included. I went to the docs, which stated that for a certain parameter:\nI took this to mean that there was no support for OpenBSD. I looked at the code and, indeed, there was not. However, I believed that it wouldn’t be too hard to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64 and then submitted it upstream. After a quick back and forth, the module’s author merged it into devel (having a friend working at Red Hat helped the process, merci Cyril !) A couple days later, the release engineer merged it into stable-2.7.\nI proceeded to actually write the playbook, and then I hit a bug. The parameter reboot_timeout was not recognized by Ansible. This feature would definitely be useful on a slow machine (such as the Pine64 and its dying SD card). Again, my fix was merged into master by the module’s author and then merged into stable-2.7. 2.7.1 will be the first release to feature these fixes, but if you use OpenBSD -current, you already have access to them. I backported the patches when I updated ansible.\nFun fact about Ansible and reboots: “The win_reboot module was […] included with Ansible 2.1,” while for unix systems it wasn’t added until 2.7. :D For more details, you can read the module’s author blog article.\n\n\n\nThe explanations\n\n\n\nAnsible runs my script on the remote host to fetch the sets. It creates an answer file from the template and then gives it to upobsd. Once upobsd has created the kernel, Ansible copies it in place of /bsd on the host. The router reboots and boots on /bsd, which is upobsd’s bsd.rd. The installer runs in auto_update mode. Once it comes back from bsd.rd land, it archives the kernel and finishes by upgrading all the packages.\nIt also supports upgrading without fetching the sets ahead of time. For instance, I upgrade this way on my Pine64 because if I cared about speed, I wouldn’t use this weak computer with its dying SD card. For this case, I just comment out the path_sets variable and Ansible instead creates an answer file that will instruct the installer to fetch the sets from the designated mirror.\nI’ve been archiving my kernels for a few years. It’s a nice way to fill up / keep a history of my upgrades. If I spot a regression, I can try a previous kernel … which may not work with the then-desynchronized userland, but that’s another story.\nsysmerge already runs with rc.sysmerge in batch mode and sends the result by email. I don’t think there’s merit to running it again in the playbook. The only perk would be discovering in the terminal whether any files need to be manually merged, rather than reading exactly the same output in the email.\nInitially, I used the openbsd_pkg module, but it doesn’t work on -current just before a release because pkg_add automatically looks for pub/OpenBSD/${release}/packages/${arch} (which is empty). I wrote and tested this playbook while 6.4 was around the corner, so I switched to command to be able to pass the -Dsnap parameter.\n\n\n\nThe result\n\n\n\nI’m very happy with the playbook! It performs the upgrade with as little intervention as possible and minimal downtime. \\o/\n\n\n\n\n###Using smartd to automatically run tests on your drives\n\n\nThose programs can “control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks. In many cases, these utilities will provide advanced warning of disk degradation and failure.” See the smartmontools website for more information.\n\n\n\nNOTE: “Due to OS-specific issues and also depending on the different state of smartmontools development on the platforms, device support is not the same for all OS platforms.” – use the documentation for your OS.\n\n\n\nI first started using smartd in March 2010 (according to that blog post, that’s when I still writing on both The FreeBSD Diary and this blog). Back then, and until recently, all I did was start smartd. As far as I can tell, all it did was send daily status messages via the FreeBSD periodic tools. I would set my drive devices via daily_status_smart_devices in /etc/periodic.conf and the daily status reports would include drive health information.\n\n\n\nTwo types of tests\nMy original abandoned attempt\nHow do you prove it works?\nLooking at the test results\nFailed drive to the rescue\nsmartd.conf I am using\nsupernews\n\n\n\n\n##Beastie Bits\n\n\nDecent Pics of “Relayd \u0026amp; Httpd Mastery” signature\nA Unix Shell poster from 1983\nCambridge UNIX historians (Cambridge, United Kingdom)\nGoals for FreeBSD 13\nSeptember/October 2018 Issue of the FreeBSD Journal Now Available\nUsing acme.sh for Let’s Encrypt certificates on pkgsrc.org servers\nDeploying Anycast DNS Using OpenBSD and BGP\nHow to check your data integrity?\n\n\n\n\n##Feedback/Questions\n\n\nRaymond - MeetBSD California\n\nDev Summit Videos: https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI\nConference Videos: https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b\nConference videos are still being processed, the rest should appear over the next few weeks.\n\n\n\nGreg - Stable vs Release\nMjrodriguez - Open/FreeBSD support for Single Board computers\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eMidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.midnightbsd.org/news/\"\u003eMidnightBSD 1.0 now available\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools.\u003cbr\u003e\nOf particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD.\u003cbr\u003e\nThe 1.0 release is finally available. Still building packages for i386 and plan to do an amd64 package build later in the week. The single largest issue with the release process has been the web server performance. The CPU is overloaded and has been at solid 100% for several days. The server has a core i7 7700 in it. I’m trying to figure out what to buy as an upgrade so that we don’t continue to have this issue going forward. As it’s actually blocked in multiple processes, a 6 or 8 core chip might be an improvement for the workload…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDownload links: \u003ca href=\"https://www.midnightbsd.org/download/\"\u003ehttps://www.midnightbsd.org/download/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?time_continue=33\u0026amp;v=-rlk2wFsjJ4\"\u003ehttps://www.youtube.com/watch?time_continue=33\u0026amp;v=-rlk2wFsjJ4\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://linuxunplugged.com/articles/meetbsd2018\"\u003eMeetBSD Review\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMeetBSD 2018 took place at the sprawling Intel Santa Clara campus. The venue itself felt more like an olive branch than a simple friendly gesture by Intel. In truth it felt like a bit of an apology. You get the subtle sense they feel bad about how the BSD’s were treated with the Meltdown and Specter flaws. In fact, you may be right to think they felt a bit sorry towards the entire open source community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeetBSD 2018\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt most massive venues the parking is the first concern, not so here - in fact that was rather straightforward. No, the real challenge is navigating the buildings. Luckily I had help from navigator extraordinaire, Hadea, who located the correct building, SC12 quickly. Finding the entrance took a moment or two though. The lobby itself was converted by iXsystems efficiently into the MeetBSD expo hall, clean, efficient and roomy with registration, some seating, and an extra conference room for on-on-one sessions. On day two sponsor booths were also setup. All who showed up on day one were warmly greeted with badges, lanyards and goodies by Denise and her friendly team.\u003cbr\u003e\nLike every great BSD event, plenty of food was made available. And as always they make it look effortless. These events showcase iXsystem’s inherent generosity toward its community; with breakfast items in the back of the main auditorium room in the morning, boxed lunches, fruit and cookies at lunch time, and snacks for the rest of the day. But just in case your still hungry, there is a pizza meetup in another Intel room after day one and two.\u003cbr\u003e\nMeetBSD leverages it’s realistically small crowd size on day one. The morning starts off with introductions of the entire group, the mic is passed around the room.\u003cbr\u003e\nThe group is a good mix of pros in the industry (such as Juniper, Intel, Ebay, Groupon, Cisco, etc), iX staff, and a few enthusiast. Lots of people with a focus or passion for networking. And, of course, some friendly Linux bashing went down for good measure, always followed by a good natured chuckle.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeetBSD Gives me The Feels\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI find that I am subtly unnerved at this venue, and at lunch I saw it clearly. I have always had a strong geek radar, allowing me to navigate a new area (like Berkeley for MeetBSD of 2016, or even SCALE earlier this year in Pasadena), and in a glance I can see who is from my conference and who isn’t. This means it is easy, nearly effortless to know who to greet with a smile and a wave. These are MY people. Here at the Intel campus though it is different. The drive in alone reveals behemoth complexes all with well known tech names prominently displayed. This is Silicon Valley, and all of these people look like MY people. So much for knowing who’s from my conference. Thank goodness for those infamous BSD horns. None-the-less I am struck by how massive these tech giants are. And Intel is one of the largest of those giants, and see the physical reminders of this fact brought home the significance that they had opened their doors, wifi, and bathrooms to the BSD community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###[EuroBSDcon 2018 Trip Reports]\u003cbr\u003e\n\u003ca href=\"https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/\"\u003ehttps://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/\"\u003ehttps://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/\"\u003ehttps://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://blog.des.no/2018/10/dns-over-tls-in-freebsd-12/\"\u003eDNS over TLS in FreeBSD 12\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the arrival of OpenSSL 1.1.1, an upgraded Unbound, and some changes to the setup and init scripts, FreeBSD 12.0, currently in beta, now supports DNS over TLS out of the box.\u003cbr\u003e\nDNS over TLS is just what it sounds like: DNS over TCP, but wrapped in a TLS session. It encrypts your requests and the server’s replies, and optionally allows you to verify the identity of the server. The advantages are protection against eavesdropping and manipulation of your DNS traffic; the drawbacks are a slight performance degradation and potential firewall traversal issues, as it runs over a non-standard port (TCP port 853) which may be blocked on some networks. Let’s take a look at how to set it up.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe’ve seen how to set up Unbound—specifically, the local_unbound service in FreeBSD 12.0—to use DNS over TLS instead of plain UDP or TCP, using Cloudflare’s public DNS service as an example. We’ve looked at the performance impact, and at how to ensure (and verify) that Unbound validates the server certificate to prevent man-in-the-middle attacks.\u003cbr\u003e\nThe question that remains is whether it is all worth it. There is undeniably a performance hit, though this may improve with TLS 1.3. More importantly, there are currently very few DNS-over-TLS providers—only one, really, since Quad9 filter their responses—and you have to weigh the advantage of encrypting your DNS traffic against the disadvantage of sending it all to a single organization. I can’t answer that question for you, but I can tell you that the parameters are evolving quickly, and if your answer is negative today, it may not remain so for long. More providers will appear. Performance will improve with TLS 1.3 and QUIC. Within a year or two, running DNS over TLS may very well become the rule rather than the experimental exception.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://chown.me/blog/upgrading-openbsd-with-ansible.html\"\u003eUpgrading OpenBSD with Ansible\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMy router runs OpenBSD -current\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few months ago, I needed software that had just hit the ports tree. I didn’t want to wait for the next release, so I upgraded my router to use -current. Since then, I’ve continued running -current, which means upgrading to a newer snapshot every so often. Running -current is great, but the process of updating to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable and then reboot into bsd.rd, hit enter ten times, then reboot, run sysmerge and update packages.\u003cbr\u003e\nI eventually switched to upobsd to be able to upgrade without the need for a serial connection. The process was better, but still tiresome. Usually, I would prepare the special version of bsd.rd, boot on bsd.rd, and do something like wash the dishes in the meantime. After about ten minutes, I would dry my hands and then go back to my workstation to see whether the bsd.rd part had finished so I could run sysmerge and pkg_add, and then return to the dishes while it upgraded packages.\u003cbr\u003e\nOut of laziness, I thought: “I should automate this,” but what happened instead is that I simply didn’t upgrade that machine very often. (Yes, laziness). With my router out of commission, life is very dull, because it is my gateway to the Internet. Even services hosted at my place (like my Mastodon instance) are not reachable when the router is down because I use multiple VLANs (so I need the router to jump across VLANs).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnsible Reboot Module\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recently got a new job, and one of my first tasks was auditing the Ansible roles written by my predecessors. In one role, the machine rebooted and they used the wait_for_connection module to wait for it to come back up. That sounded quite hackish to me, so out of curiosity, I tried to determine whether there was a better way. I also thought I might be able to use something similar to further automate my OpenBSD upgrades, and wanted to assess the cleanliness of this method. ;-)\u003cbr\u003e\nI learned that with the then-upcoming 2.7 Ansible release, a proper reboot module would be included. I went to the docs, which stated that for a certain parameter:\u003cbr\u003e\nI took this to mean that there was no support for OpenBSD. I looked at the code and, indeed, there was not. However, I believed that it wouldn’t be too hard to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64 and then submitted it upstream. After a quick back and forth, the module’s author merged it into devel (having a friend working at Red Hat helped the process, merci Cyril !) A couple days later, the release engineer merged it into stable-2.7.\u003cbr\u003e\nI proceeded to actually write the playbook, and then I hit a bug. The parameter reboot_timeout was not recognized by Ansible. This feature would definitely be useful on a slow machine (such as the Pine64 and its dying SD card). Again, my fix was merged into master by the module’s author and then merged into stable-2.7. 2.7.1 will be the first release to feature these fixes, but if you use OpenBSD -current, you already have access to them. I backported the patches when I updated ansible.\u003cbr\u003e\nFun fact about Ansible and reboots: “The win_reboot module was […] included with Ansible 2.1,” while for unix systems it wasn’t added until 2.7. :D For more details, you can read the module’s author blog article.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe explanations\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnsible runs my script on the remote host to fetch the sets. It creates an answer file from the template and then gives it to upobsd. Once upobsd has created the kernel, Ansible copies it in place of /bsd on the host. The router reboots and boots on /bsd, which is upobsd’s bsd.rd. The installer runs in auto_update mode. Once it comes back from bsd.rd land, it archives the kernel and finishes by upgrading all the packages.\u003cbr\u003e\nIt also supports upgrading without fetching the sets ahead of time. For instance, I upgrade this way on my Pine64 because if I cared about speed, I wouldn’t use this weak computer with its dying SD card. For this case, I just comment out the path_sets variable and Ansible instead creates an answer file that will instruct the installer to fetch the sets from the designated mirror.\u003cbr\u003e\nI’ve been archiving my kernels for a few years. It’s a nice way to fill up / keep a history of my upgrades. If I spot a regression, I can try a previous kernel … which may not work with the then-desynchronized userland, but that’s another story.\u003cbr\u003e\nsysmerge already runs with rc.sysmerge in batch mode and sends the result by email. I don’t think there’s merit to running it again in the playbook. The only perk would be discovering in the terminal whether any files need to be manually merged, rather than reading exactly the same output in the email.\u003cbr\u003e\nInitially, I used the openbsd_pkg module, but it doesn’t work on -current just before a release because pkg_add automatically looks for pub/OpenBSD/${release}/packages/${arch} (which is empty). I wrote and tested this playbook while 6.4 was around the corner, so I switched to command to be able to pass the -Dsnap parameter.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe result\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m very happy with the playbook! It performs the upgrade with as little intervention as possible and minimal downtime. \\o/\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://dan.langille.org/2018/11/04/using-smartd-to-automatically-run-tests-on-your-drives/\"\u003eUsing smartd to automatically run tests on your drives\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThose programs can “control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks. In many cases, these utilities will provide advanced warning of disk degradation and failure.” See the smartmontools website for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNOTE: “Due to OS-specific issues and also depending on the different state of smartmontools development on the platforms, device support is not the same for all OS platforms.” – use the documentation for your OS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI first started using smartd in March 2010 (according to that blog post, that’s when I still writing on both The FreeBSD Diary and this blog). Back then, and until recently, all I did was start smartd. As far as I can tell, all it did was send daily status messages via the FreeBSD periodic tools. I would set my drive devices via daily_status_smart_devices in /etc/periodic.conf and the daily status reports would include drive health information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTwo types of tests\u003c/li\u003e\n\u003cli\u003eMy original abandoned attempt\u003c/li\u003e\n\u003cli\u003eHow do you prove it works?\u003c/li\u003e\n\u003cli\u003eLooking at the test results\u003c/li\u003e\n\u003cli\u003eFailed drive to the rescue\u003c/li\u003e\n\u003cli\u003esmartd.conf I am using\u003c/li\u003e\n\u003cli\u003esupernews\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3833\"\u003eDecent Pics of “Relayd \u0026amp; Httpd Mastery” signature\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/0xUID/status/1051208357850345472?s=20\"\u003eA Unix Shell poster from 1983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/UNIX-historians/\"\u003eCambridge UNIX historians (Cambridge, United Kingdom)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackmd.io/Yv46aOjTS0eYk0m4YLXOTw#\"\u003eGoals for FreeBSD 13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/september-october-2018-issue-of-the-freebsd-journal-now-available/\"\u003eSeptember/October 2018 Issue of the FreeBSD Journal Now Available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/using_acme_sh_for_let\"\u003eUsing acme.sh for Let’s Encrypt certificates on pkgsrc.org servers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://jonwillia.ms/2018/09/23/anycast-dns-openbsd\"\u003eDeploying Anycast DNS Using OpenBSD and BGP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dataswamp.org/~solene/2017-03-17-integrity.html\"\u003eHow to check your data integrity?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRaymond - \u003ca href=\"http://dpaste.com/0KNXTJF\"\u003eMeetBSD California\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eDev Summit Videos: \u003ca href=\"https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI\"\u003ehttps://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConference Videos: \u003ca href=\"https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b\"\u003ehttps://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConference videos are still being processed, the rest should appear over the next few weeks.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003eGreg - \u003ca href=\"http://dpaste.com/1W29RSK\"\u003eStable vs Release\u003c/a\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003eMjrodriguez - \u003ca href=\"http://dpaste.com/2XKMR6B#wrap\"\u003eOpen/FreeBSD support for Single Board computers\u003c/a\u003e\u003c/li\u003e\u003cbr\u003e\n\u003c/ul\u003e\u003cbr\u003e\n\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.","date_published":"2018-11-08T04:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/79038ba2-cb6e-4b71-8bcb-83141df434c3.mp3","mime_type":"audio/mp3","size_in_bytes":40996081,"duration_in_seconds":4081}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2822","title":"Episode 270: Ghostly Releases | BSD Now 270","url":"https://www.bsdnow.tv/270","content_text":"OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.\n\n##Headlines\n###OpenBSD 6.4 released\n\n\nSee a detailed log of changes between the 6.3 and 6.4 releases.\nSee the information on the FTP page for a list of mirror machines.\nHave a look at the 6.4 errata page for a list of bugs and workarounds.\nsignify(1) pubkeys for this release:\nbase: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA\nfw:   RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97\npkg:  RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA\n\n\n\n\n###GhostBSD 18.10 RC2 Announced\n\n\nThis second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet.\n\n\n\n\nWhat has changed since RC1\n\n\nRemoved drm-stable-kmod and we will let users installed the propper drm-*-kmod\n\n\nDouglas Joachin added libva-intel-driver libva-vdpau-driver  to supports accelerated some video driver for Intel\n\n\nIssues that got fixed\n\n\nBug #70 Cannot run Octopi, missing libgksu error.\n\n\nBug #71 LibreOffice doesn’t start because of missing libcurl.so.4\n\n\nBug #72 libarchive is a missing dependency\n\n\n\n\nAgain thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother.\n\n\n\n\nUpdating from RC1 to RC2:\n\n\nsudo pkg update -f\n\n\nsudo pkg install -f libarchive curl libgksu\n\n\nsudo pkg upgrade\n\n\nWhere to download:\n\n\nAll images checksum, hybrid ISO(DVD, USB) and torrent are available here: https://www.ghostbsd.org/download\n\n\n[ScreenShots]\n\n\nhttps://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png\n\n\nhttps://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png\n\n\n\n\n\n###OpenSSH 7.9 has been released and it has support for OpenSSL 1.1\n\nChanges since OpenSSH 7.8\n=========================\n\nThis is primarily a bugfix release.\n\nNew Features\n------------\n * ssh(1), sshd(8): allow most port numbers to be specified using\n   service names from getservbyname(3) (typically /etc/services).\n * ssh(1): allow the IdentityAgent configuration directive to accept\n   environment variable names. This supports the use of multiple\n   agent sockets without needing to use fixed paths.\n * sshd(8): support signalling sessions via the SSH protocol.\n   A limited subset of signals is supported and only for login or\n   command sessions (i.e. not subsystems) that were not subject to\n   a forced command via authorized_keys or sshd_config. bz#1424\n * ssh(1): support \"ssh -Q sig\" to list supported signature options.\n   Also \"ssh -Q help\" to show the full set of supported queries.\n * ssh(1), sshd(8): add a CASignatureAlgorithms option for the\n   client and server configs to allow control over which signature\n   formats are allowed for CAs to sign certificates. For example,\n   this allows banning CAs that sign certificates using the RSA-SHA1\n   signature algorithm.\n * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to\n   revoke keys specified by SHA256 hash.\n * ssh-keygen(1): allow creation of key revocation lists directly\n   from base64-encoded SHA256 fingerprints. This supports revoking\n   keys using only the information contained in sshd(8)\n   authentication log messages.\n\nBugfixes\n--------\n\n * ssh(1), ssh-keygen(1): avoid spurious \"invalid format\" errors when\n   attempting to load PEM private keys while using an incorrect\n   passphrase. bz#2901\n * sshd(8): when a channel closed message is received from a client,\n   close the stderr file descriptor at the same time stdout is\n   closed. This avoids stuck processes if they were waiting for\n   stderr to close and were insensitive to stdin/out closing. bz#2863\n * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11\n   forwarding timeout and support X11 forwarding indefinitely.\n   Previously the behaviour of ForwardX11Timeout=0 was undefined.\n * sshd(8): when compiled with GSSAPI support, cache supported method\n   OIDs regardless of whether GSSAPI authentication is enabled in the\n   main section of sshd_config. This avoids sandbox violations if\n   GSSAPI authentication was later enabled in a Match block. bz#2107\n * sshd(8): do not fail closed when configured with a text key\n   revocation list that contains a too-short key. bz#2897\n * ssh(1): treat connections with ProxyJump specified the same as\n   ones with a ProxyCommand set with regards to hostname\n   canonicalisation (i.e. don't try to canonicalise the hostname\n   unless CanonicalizeHostname is set to 'always'). bz#2896\n * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-\n   key authentication using certificates hosted in a ssh-agent(1)\n   or against sshd(8) from OpenSSH \u0026lt;7.8.\n\nPortability\n-----------\n\n * All: support building against the openssl-1.1 API (releases 1.1.0g\n   and later). The openssl-1.0 API will remain supported at least\n   until OpenSSL terminates security patch support for that API version.\n * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;\n   apparently required by some glibc/OpenSSL combinations.\n * sshd(8): handle getgrouplist(3) returning more than\n   _SC_NGROUPS_MAX groups. Some platforms consider this limit more\n   as a guideline.\n\n\n\n\n##News Roundup\n\n###MeetBSD 2018: The Ultimate Hallway Track\n\n\nFounded in Poland in 2007 and first hosted in California in 2008, MeetBSD combines formal talks with UnConference activities to provide a level of interactivity not found at any other BSD conference. The character of each MeetBSD is determined largely by its venue, ranging from Hacker Dojo in 2010 to Intel’s Santa Clara headquarters this year. The Intel SC12 building provided a beautiful auditorium and sponsors’ room, plus a cafeteria for the Friday night social event and the Saturday night FreeBSD 25th Anniversary Celebration. The formal nature of the auditorium motivated the formation of MeetBSD’s first independent Program Committee and public Call for Participation. Together these resulted in a backbone of talks presented by speakers from the USA, Canada, and Poland, combined with UnConference activities tailored to the space.\n\n\n\nMeetBSD Day 0\n\n\n\nDay Zero of MeetBSD was a FreeBSD Developer/Vendor Summit hosted in the same auditorium where the talks would take place. Like the conference itself, this event featured a mix of scheduled talks and interactive sessions. The scheduled talks were LWPMFS: LightWeight Persistent Memory Filesystem by Ravi Pokala, Evaluating GIT for FreeBSD by Ed Maste, and NUMA by Mark Johnston. Ed’s overview of the advantages and disadvantages of using Git for FreeBSD development was of the most interest to users and developers, and the discussion continued into the following two days.\n\n\n\nMeetBSD Day 1\n\n\n\nThe first official day of MeetBSD 2018 was kicked off with introductions led by emcee JT Pennington and a keynote, “Using TrueOS to boot-strap your FreeBSD-based project” by Kris Moore. Kris described a new JSON-based release infrastructure that he has exercised with FreeBSD, TrueOS, and FreeNAS. Kris’ talk was followed by “Intel \u0026amp; FreeBSD: Better Together” by Ben Widawsky, the FreeBSD program lead at Intel, who gave an overview of Intel’s past and current efforts supporting FreeBSD. Next came lunch, followed by Kamil Rytarowski’s “Bug detecting software in the NetBSD userland: MKSANITIZER”. This was followed by 5-Minute Lightning Talks, Andrew Fengler’s “FreeBSD: What to (Not) Monitor”, and an OpenZFS Panel Discussion featuring OpenZFS experts Michael W. Lucas, Allan Jude, Alexander Motin, Pawel Dawidek, and Dan Langille. Day one concluded with a social event at the Intel cafeteria where the discussions continued into the night.\n\n\n\nMeetBSD Day 2\n\n\n\nDay Two of MeetBSD 2018 kicked off with a keynote by Michael W. Lucas entitled “Why BSD?”, where Michael detailed what makes the BSD community different and why it attracts us all. This was followed by Dr. Kirk McKusick’s “The Early Days of BSD” talk, which was followed by “DTrace/dwatch in Production” by Devin Teske. After lunch, we enjoyed “A Curmudgeon’s Language Selection Criteria: Why I Don’t Write Everything in Go, Rust, Elixir, etc” by G. Clifford Williams and, “Best practices of sandboxing applications with Capsicum” by Mariusz Zaborski. I then hosted a Virtualization Panel Discussion that featured eight developers from FreeBSD, OpenBSD, and NetBSD. We then split up for Breakout Sessions and the one on Bloomberg’s controversial article on backdoored Supermicro systems was fascinating given the experts present, all of whom were skeptical of the feasibility of the attack. The day wrapped up with a final talk, “Tales of a Daemontown Performance Peddler: Why ‘it depends’ and what you can do about it” by Nick Principe, followed by the FreeBSD 25th Anniversary Celebration.\n\n\n\nPutting the “meet” in MeetBSD\n\n\n\nI confess the other organizers and I were nervous about how well one large auditorium would suit a BSD event but the flexible personal space it gave everyone allowed for countless meetings and heated hacking that often brought about immediate results. I watched people take ideas through several iterations with the help and input of obvious and unexpected experts, all of whom were within reach. Not having to pick up and leave for a talk in another room organically resulted in essentially a series of mini hackathons that none of us anticipated but were delighted to witness, taking the “hallway track” to a whole new level. The mix of formal and UnConference activities at MeetBSD is certain to evolve. Thank you to everyone who participated with questions, Lightning Talks, and Panel participation. A huge thanks to our sponsors, including Intel for both hosting and sponsoring MeetBSD California 2018, Western Digital, Supermicro, Verisign, Jupiter Broadcasting, the FreeBSD Foundation, Bank of America Merrill Lynch, the NetBSD Foundation, and the team at iXsystems.\n\n\n\nSee you at MeetBSD 2020!\n\n\n\n\n###Setup DragonflyBSD with a desktop on real hardware ThinkPad T410\n+Video Demo\n\n\nLinux has become too mainstream and standard BSD is a common thing now? How about DragonflyBSD which was created as a fork of FreeBSD 4.8 in conflict over system internals. This tutorial will show how to install it and set up a user-oriented desktop. It should work with DragonflyBSD, FreeBSD and probably all BSDs.\nSome background: BSD was is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install!\nI did try two BSD distros before called GhostBSD and TrueOS and you can check out my short reviews. DragonflyBSD comes like FreeBSD bare bones and requires some work to get a desktop running.\n\n\n\n\nDownload image file and burn to USB drive or DVD\n\n\nFirst installation\n\n\nSetting up the system and installing a desktop\n\n\nInside the desktop\n\n\nInstall some more programs\n\n\nHow to enable sound?\n\n\nLet’s play some free games\n\n\nSetup WiFi\n\n\nPower mode settings\n\n\nMore to do?\n\n\n\n\nYou can check out this blog post if you want a much more detailed tutorial. If you don’t mind standard BSD, get the GhostBSD distro instead which comes with a ready-made desktop xcfe or mate and many functional presets.\n\n\n\n\nA small summary of what we got on the upside:\n\nFree and open source operating system with a long history\nDrivers worked fine including Ethernet, WiFi, video 2D \u0026amp; 3D, audio, etc\nHammer2 advanced file system\nYou are very unique if you use this OS fork\n\n\n\n\n\nSome downsides:\n\n\n\n\nLess driver and direct app support than Linux\n\n\n\n\nInstaller and desktop have some traps and quirks and require work\n\n\n\n\n\n###Porting Keybase to NetBSD\n\n\nKeybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it’s also hooked up to the network of all other Keybase users, so you don’t have to work very hard to maintain big keychains. Pretty cool!\nSo, this evening, I tried to get it to all work on NetBSD.\nThe Keybase client code base is, in my opinion, not very well architected… there exist many different Keybase clients (command line apps, desktop apps, mobile apps) and for some reason the code for all of them are seemingly in this single repository, without even using Git submodules. Not sure what that’s about.\nAnyway, “go build”-ing the command line program (it’s written in Go) failed immediately because there’s some platform-specific code that just does not seem to recognize that NetBSD exists (but they do for FreeBSD and OpenBSD). Looks like the Keybase developers maintain a Golang wrapper around struct proc, which of course is different from OS to OS. So I literally just copypasted the OpenBSD wrapper, renamed it to “NetBSD”, and the build basically succeeded from there! This is of course super janky and untrustworthy, but it seems to Mostly Just Work…\nI forked the GitHub repo, you can see the diff on top of keybase 2.7.3 here: bccaaf3096a\nEventually I ended up with a ~/go/bin/keybase which launches just fine. Meaning, I can main() okay. But the moment you try to do anything interesting, it looks super scary:\n\n\ncharlotte@sakuracity:~/go/bin ./keybase login\n▶ WARNING Running in devel mode\n▶ INFO Forking background server with pid=12932\n▶ ERROR unexpected error in Login: API network error: doRetry failed,\nattempts: 1, timeout 5s, last err: Get\nhttp://localhost:3000/_/api/1.0/merkle/path.json?last=3784314\u0026amp;load_deleted=1\u0026amp;load_reset_chain=1\u0026amp;poll=10\u0026amp;sig_hints_low=3\u0026amp;uid=38ae1dfa49cd6831ea2fdade5c5d0519:\ndial tcp [::1]:3000: connect: connection refused\n\n\n\nThere’s a few things about this error message that stuck out to me:\n\n\n\nForking a background server? What?\nIt’s trying to connect to localhost? That must be the server that doesn’t work …\n\n\n\nUnfortunately, this nonfunctional “background server” sticks around even when a command as simple as ‘login’ command just failed:\n\n\ncharlotte@sakuracity:~/go/bin ps 12932\n  PID TTY STAT    TIME COMMAND\n  12932 ?   Ssl  0:00.21 ./keybase --debug --log-file\n  /home/charlotte/.cache/keybase.devel/keybase.service.log service --chdir\n  /home/charlotte/.config/keybase.devel --auto-forked \n\n\n\nI’m not exactly sure what the intended purpose of the “background server” even is, but fortunately we can kill it and even tell the keybase command to not even spawn one:\n\n\ncharlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --standalone\n   --standalone                         Use the client without any daemon support.\n\n\n\nAnd then we can fix wanting to connect to localhost by specifying an expected Keybase API server – how about the one hosted at https://keybase.io?\n\n\ncharlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --server\n   --server, -s                         Specify server API.\n\n\n\nBasically, what I’m trying to say is that if you specify both of these options, the keybase command does what I expect on NetBSD:\n\n\ncharlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io login\n▶ WARNING Running in devel mode\nPlease enter the Keybase passphrase for dressupgeekout (6+ characters): \n\ncharlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io id dressupgeekout\n▶ WARNING Running in devel mode\n▶ INFO Identifying dressupgeekout\n✔ public key fingerprint: 7873 DA50 A786 9A3F 1662 3A17 20BD 8739 E82C 7F2F\n✔ \"dressupgeekout\" on github:\nhttps://gist.github.com/0471c7918d254425835bf5e1b4bcda00 [cached 2018-10-11\n20:55:21 PDT]\n✔ \"dressupgeekout\" on reddit:\nhttps://www.reddit.com/r/KeybaseProofs/comments/9ng5qm/my_keybase_proof_redditdressupgeekout/\n[cached 2018-10-11 20:55:21 PDT]\n\n\n\n\n###Initial implementation of draft-ietf-6man-ipv6only-flag\n\nThis change defines the RA \"6\" (IPv6-Only) flag which routers\nmay advertise, kernel logic to check if all routers on a link\nhave the flag set and accordingly update a per-interface flag.\n\nIf all routers agree that it is an IPv6-only link, ether_output_frame(),\nbased on the interface flag, will filter out all ETHERTYPE_IP/ARP\nframes, drop them, and return EAFNOSUPPORT to upper layers.\n\nThe change also updates ndp to show the \"6\" flag, ifconfig to\ndisplay the IPV6_ONLY nd6 flag if set, and rtadvd to allow\nannouncing the flag.\n\nFurther changes to tcpdump (contrib code) are availble and will\nbe upstreamed.\n\nTested the code (slightly earlier version) with 2 FreeBSD\nIPv6 routers, a FreeBSD laptop on ethernet as well as wifi,\nand with Win10 and OSX clients (which did not fall over with\nthe \"6\" flag set but not understood).\n\nWe may also want to (a) implement and RX filter, and (b) over\ntime enahnce user space to, say, stop dhclient from running\nwhen the interface flag is set.  Also we might want to start\nIPv6 before IPv4 in the future.\n\nAll the code is hidden under the EXPERIMENTAL option and not\ncompiled by default as the draft is a work-in-progress and\nwe cannot rely on the fact that IANA will assign the bits\nas requested by the draft and hence they may change.\n\nDear 6man, you have running code.\n\nDiscussed with: Bob Hinden, Brian E Carpenter\n\n\n##Beastie Bits\n\n\nRunning FreeBSD on macOS via xhyve\nAuction Winners\nOpenSSH Principals\nOpenBSD Foundation gets a second Iridium donation from Handshake\nNetBSD machines at Open Source Conference 2018 Kagawa\nAbsolute FreeBSD now shipping!\nNextCloud on OpenBSD\nFreeBSD 12.0-BETA2 Available\nDTrace on Windows ported from FreeBSD\nHELBUG fall 2018 meeting scheduled - Thursday the 15th of November\n35C3 pre-sale has started\nStockholm BSD User Meeting: Tuesday Nov 13, 18:00 - 21:30  \nPolish BSD User Group: Thursday Nov 15, 18:30 - 21:00 \n\n\n\n\n##Feedback/Questions\n\n\nGreg - Interview suggestion for the show\nNelson - Ghostscript vulnerabilities\nAllison - Ports and GCC\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.openbsd.org/64.html\"\u003eOpenBSD 6.4 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/plus64.html\"\u003eSee a detailed log of changes between the 6.3 and 6.4 releases.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/ftp.html\"\u003eSee the information on the FTP page for a list of mirror machines.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/errata64.html\"\u003eHave a look at the 6.4 errata page for a list of bugs and workarounds.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esignify(1) pubkeys for this release:\u003c/li\u003e\n\u003cli\u003ebase: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA\u003c/li\u003e\n\u003cli\u003efw:   RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97\u003c/li\u003e\n\u003cli\u003epkg:  RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.ghostbsd.org/18.10_RC2_release_announcement\"\u003eGhostBSD 18.10 RC2 Announced\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWhat has changed since RC1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved drm-stable-kmod and we will let users installed the propper drm-*-kmod\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDouglas Joachin added libva-intel-driver libva-vdpau-driver  to supports accelerated some video driver for Intel\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssues that got fixed\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBug #70 Cannot run Octopi, missing libgksu error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBug #71 LibreOffice doesn’t start because of missing libcurl.so.4\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBug #72 libarchive is a missing dependency\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAgain thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdating from RC1 to RC2:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esudo pkg update -f\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esudo pkg install -f libarchive curl libgksu\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esudo pkg upgrade\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhere to download:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAll images checksum, hybrid ISO(DVD, USB) and torrent are available here: \u003ca href=\"https://www.ghostbsd.org/download\"\u003ehttps://www.ghostbsd.org/download\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e[ScreenShots]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png\"\u003ehttps://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png\"\u003ehttps://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.openssh.com/txt/release-7.9\"\u003eOpenSSH 7.9 has been released and it has support for OpenSSL 1.1\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eChanges since OpenSSH 7.8\n=========================\n\nThis is primarily a bugfix release.\n\nNew Features\n------------\n * ssh(1), sshd(8): allow most port numbers to be specified using\n   service names from getservbyname(3) (typically /etc/services).\n * ssh(1): allow the IdentityAgent configuration directive to accept\n   environment variable names. This supports the use of multiple\n   agent sockets without needing to use fixed paths.\n * sshd(8): support signalling sessions via the SSH protocol.\n   A limited subset of signals is supported and only for login or\n   command sessions (i.e. not subsystems) that were not subject to\n   a forced command via authorized_keys or sshd_config. bz#1424\n * ssh(1): support \u0026quot;ssh -Q sig\u0026quot; to list supported signature options.\n   Also \u0026quot;ssh -Q help\u0026quot; to show the full set of supported queries.\n * ssh(1), sshd(8): add a CASignatureAlgorithms option for the\n   client and server configs to allow control over which signature\n   formats are allowed for CAs to sign certificates. For example,\n   this allows banning CAs that sign certificates using the RSA-SHA1\n   signature algorithm.\n * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to\n   revoke keys specified by SHA256 hash.\n * ssh-keygen(1): allow creation of key revocation lists directly\n   from base64-encoded SHA256 fingerprints. This supports revoking\n   keys using only the information contained in sshd(8)\n   authentication log messages.\n\nBugfixes\n--------\n\n * ssh(1), ssh-keygen(1): avoid spurious \u0026quot;invalid format\u0026quot; errors when\n   attempting to load PEM private keys while using an incorrect\n   passphrase. bz#2901\n * sshd(8): when a channel closed message is received from a client,\n   close the stderr file descriptor at the same time stdout is\n   closed. This avoids stuck processes if they were waiting for\n   stderr to close and were insensitive to stdin/out closing. bz#2863\n * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11\n   forwarding timeout and support X11 forwarding indefinitely.\n   Previously the behaviour of ForwardX11Timeout=0 was undefined.\n * sshd(8): when compiled with GSSAPI support, cache supported method\n   OIDs regardless of whether GSSAPI authentication is enabled in the\n   main section of sshd_config. This avoids sandbox violations if\n   GSSAPI authentication was later enabled in a Match block. bz#2107\n * sshd(8): do not fail closed when configured with a text key\n   revocation list that contains a too-short key. bz#2897\n * ssh(1): treat connections with ProxyJump specified the same as\n   ones with a ProxyCommand set with regards to hostname\n   canonicalisation (i.e. don't try to canonicalise the hostname\n   unless CanonicalizeHostname is set to 'always'). bz#2896\n * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-\n   key authentication using certificates hosted in a ssh-agent(1)\n   or against sshd(8) from OpenSSH \u0026lt;7.8.\n\nPortability\n-----------\n\n * All: support building against the openssl-1.1 API (releases 1.1.0g\n   and later). The openssl-1.0 API will remain supported at least\n   until OpenSSL terminates security patch support for that API version.\n * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;\n   apparently required by some glibc/OpenSSL combinations.\n * sshd(8): handle getgrouplist(3) returning more than\n   _SC_NGROUPS_MAX groups. Some platforms consider this limit more\n   as a guideline.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.ixsystems.com/blog/meetbsd-2018/\"\u003eMeetBSD 2018: The Ultimate Hallway Track\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFounded in Poland in 2007 and first hosted in California in 2008, MeetBSD combines formal talks with UnConference activities to provide a level of interactivity not found at any other BSD conference. The character of each MeetBSD is determined largely by its venue, ranging from Hacker Dojo in 2010 to Intel’s Santa Clara headquarters this year. The Intel SC12 building provided a beautiful auditorium and sponsors’ room, plus a cafeteria for the Friday night social event and the Saturday night FreeBSD 25th Anniversary Celebration. The formal nature of the auditorium motivated the formation of MeetBSD’s first independent Program Committee and public Call for Participation. Together these resulted in a backbone of talks presented by speakers from the USA, Canada, and Poland, combined with UnConference activities tailored to the space.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeetBSD Day 0\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDay Zero of MeetBSD was a FreeBSD Developer/Vendor Summit hosted in the same auditorium where the talks would take place. Like the conference itself, this event featured a mix of scheduled talks and interactive sessions. The scheduled talks were LWPMFS: LightWeight Persistent Memory Filesystem by Ravi Pokala, Evaluating GIT for FreeBSD by Ed Maste, and NUMA by Mark Johnston. Ed’s overview of the advantages and disadvantages of using Git for FreeBSD development was of the most interest to users and developers, and the discussion continued into the following two days.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeetBSD Day 1\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first official day of MeetBSD 2018 was kicked off with introductions led by emcee JT Pennington and a keynote, “Using TrueOS to boot-strap your FreeBSD-based project” by Kris Moore. Kris described a new JSON-based release infrastructure that he has exercised with FreeBSD, TrueOS, and FreeNAS. Kris’ talk was followed by “Intel \u0026amp; FreeBSD: Better Together” by Ben Widawsky, the FreeBSD program lead at Intel, who gave an overview of Intel’s past and current efforts supporting FreeBSD. Next came lunch, followed by Kamil Rytarowski’s “Bug detecting software in the NetBSD userland: MKSANITIZER”. This was followed by 5-Minute Lightning Talks, Andrew Fengler’s “FreeBSD: What to (Not) Monitor”, and an OpenZFS Panel Discussion featuring OpenZFS experts Michael W. Lucas, Allan Jude, Alexander Motin, Pawel Dawidek, and Dan Langille. Day one concluded with a social event at the Intel cafeteria where the discussions continued into the night.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeetBSD Day 2\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDay Two of MeetBSD 2018 kicked off with a keynote by Michael W. Lucas entitled “Why BSD?”, where Michael detailed what makes the BSD community different and why it attracts us all. This was followed by Dr. Kirk McKusick’s “The Early Days of BSD” talk, which was followed by “DTrace/dwatch in Production” by Devin Teske. After lunch, we enjoyed “A Curmudgeon’s Language Selection Criteria: Why I Don’t Write Everything in Go, Rust, Elixir, etc” by G. Clifford Williams and, “Best practices of sandboxing applications with Capsicum” by Mariusz Zaborski. I then hosted a Virtualization Panel Discussion that featured eight developers from FreeBSD, OpenBSD, and NetBSD. We then split up for Breakout Sessions and the one on Bloomberg’s controversial article on backdoored Supermicro systems was fascinating given the experts present, all of whom were skeptical of the feasibility of the attack. The day wrapped up with a final talk, “Tales of a Daemontown Performance Peddler: Why ‘it depends’ and what you can do about it” by Nick Principe, followed by the FreeBSD 25th Anniversary Celebration.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePutting the “meet” in MeetBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI confess the other organizers and I were nervous about how well one large auditorium would suit a BSD event but the flexible personal space it gave everyone allowed for countless meetings and heated hacking that often brought about immediate results. I watched people take ideas through several iterations with the help and input of obvious and unexpected experts, all of whom were within reach. Not having to pick up and leave for a talk in another room organically resulted in essentially a series of mini hackathons that none of us anticipated but were delighted to witness, taking the “hallway track” to a whole new level. The mix of formal and UnConference activities at MeetBSD is certain to evolve. Thank you to everyone who participated with questions, Lightning Talks, and Panel participation. A huge thanks to our sponsors, including Intel for both hosting and sponsoring MeetBSD California 2018, Western Digital, Supermicro, Verisign, Jupiter Broadcasting, the FreeBSD Foundation, Bank of America Merrill Lynch, the NetBSD Foundation, and the team at iXsystems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSee you at MeetBSD 2020!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://panoramacircle.com/2018/10/07/setup-dragonflybsd-with-a-desktop-on-real-hardware-thinkpad-t410/\"\u003eSetup DragonflyBSD with a desktop on real hardware ThinkPad T410\u003c/a\u003e\u003cbr\u003e\n+\u003ca href=\"https://youtu.be/p4KwssNY82Q\"\u003eVideo Demo\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLinux has become too mainstream and standard BSD is a common thing now? How about DragonflyBSD which was created as a fork of FreeBSD 4.8 in conflict over system internals. This tutorial will show how to install it and set up a user-oriented desktop. It should work with DragonflyBSD, FreeBSD and probably all BSDs.\u003cbr\u003e\nSome background: BSD was is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install!\u003cbr\u003e\nI did try two BSD distros before called GhostBSD and TrueOS and you can check out my short reviews. DragonflyBSD comes like FreeBSD bare bones and requires some work to get a desktop running.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDownload image file and burn to USB drive or DVD\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFirst installation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSetting up the system and installing a desktop\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInside the desktop\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInstall some more programs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHow to enable sound?\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLet’s play some free games\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSetup WiFi\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePower mode settings\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMore to do?\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou can check out this blog post if you want a much more detailed tutorial. If you don’t mind standard BSD, get the GhostBSD distro instead which comes with a ready-made desktop xcfe or mate and many functional presets.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA small summary of what we got on the upside:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFree and open source operating system with a long history\u003c/li\u003e\n\u003cli\u003eDrivers worked fine including Ethernet, WiFi, video 2D \u0026amp; 3D, audio, etc\u003c/li\u003e\n\u003cli\u003eHammer2 advanced file system\u003c/li\u003e\n\u003cli\u003eYou are very unique if you use this OS fork\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003eSome downsides:\u003c/p\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003eLess driver and direct app support than Linux\u003c/p\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003eInstaller and desktop have some traps and quirks and require work\u003c/p\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003c/ul\u003e\u003cbr\u003e\n\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://dressupgeekout.blogspot.com/2018/10/porting-keybase-to-netbsd.html\"\u003ePorting Keybase to NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKeybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it’s also hooked up to the network of all other Keybase users, so you don’t have to work very hard to maintain big keychains. Pretty cool!\u003cbr\u003e\nSo, this evening, I tried to get it to all work on NetBSD.\u003cbr\u003e\nThe Keybase client code base is, in my opinion, not very well architected… there exist many different Keybase clients (command line apps, desktop apps, mobile apps) and for some reason the code for all of them are seemingly in this single repository, without even using Git submodules. Not sure what that’s about.\u003cbr\u003e\nAnyway, “go build”-ing the command line program (it’s written in Go) failed immediately because there’s some platform-specific code that just does not seem to recognize that NetBSD exists (but they do for FreeBSD and OpenBSD). Looks like the Keybase developers maintain a Golang wrapper around struct proc, which of course is different from OS to OS. So I literally just copypasted the OpenBSD wrapper, renamed it to “NetBSD”, and the build basically succeeded from there! This is of course super janky and untrustworthy, but it seems to Mostly Just Work…\u003cbr\u003e\nI forked the GitHub repo, you can see the diff on top of keybase 2.7.3 here: bccaaf3096a\u003cbr\u003e\nEventually I ended up with a ~/go/bin/keybase which launches just fine. Meaning, I can main() okay. But the moment you try to do anything interesting, it looks super scary:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003echarlotte@sakuracity:~/go/bin ./keybase login\n▶ WARNING Running in devel mode\n▶ INFO Forking background server with pid=12932\n▶ ERROR unexpected error in Login: API network error: doRetry failed,\nattempts: 1, timeout 5s, last err: Get\nhttp://localhost:3000/_/api/1.0/merkle/path.json?last=3784314\u0026amp;load_deleted=1\u0026amp;load_reset_chain=1\u0026amp;poll=10\u0026amp;sig_hints_low=3\u0026amp;uid=38ae1dfa49cd6831ea2fdade5c5d0519:\ndial tcp [::1]:3000: connect: connection refused\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere’s a few things about this error message that stuck out to me:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eForking a background server? What?\u003c/li\u003e\n\u003cli\u003eIt’s trying to connect to localhost? That must be the server that doesn’t work …\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnfortunately, this nonfunctional “background server” sticks around even when a command as simple as ‘login’ command just failed:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003echarlotte@sakuracity:~/go/bin ps 12932\n  PID TTY STAT    TIME COMMAND\n  12932 ?   Ssl  0:00.21 ./keybase --debug --log-file\n  /home/charlotte/.cache/keybase.devel/keybase.service.log service --chdir\n  /home/charlotte/.config/keybase.devel --auto-forked \n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m not exactly sure what the intended purpose of the “background server” even is, but fortunately we can kill it and even tell the keybase command to not even spawn one:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003echarlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --standalone\n   --standalone                         Use the client without any daemon support.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd then we can fix wanting to connect to localhost by specifying an expected Keybase API server – how about the one hosted at \u003ca href=\"https://keybase.io\"\u003ehttps://keybase.io\u003c/a\u003e?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003echarlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --server\n   --server, -s                         Specify server API.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBasically, what I’m trying to say is that if you specify both of these options, the keybase command does what I expect on NetBSD:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003echarlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io login\n▶ WARNING Running in devel mode\nPlease enter the Keybase passphrase for dressupgeekout (6+ characters): \n\ncharlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io id dressupgeekout\n▶ WARNING Running in devel mode\n▶ INFO Identifying dressupgeekout\n✔ public key fingerprint: 7873 DA50 A786 9A3F 1662 3A17 20BD 8739 E82C 7F2F\n✔ \u0026quot;dressupgeekout\u0026quot; on github:\nhttps://gist.github.com/0471c7918d254425835bf5e1b4bcda00 [cached 2018-10-11\n20:55:21 PDT]\n✔ \u0026quot;dressupgeekout\u0026quot; on reddit:\nhttps://www.reddit.com/r/KeybaseProofs/comments/9ng5qm/my_keybase_proof_redditdressupgeekout/\n[cached 2018-10-11 20:55:21 PDT]\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=339929\"\u003eInitial implementation of draft-ietf-6man-ipv6only-flag\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eThis change defines the RA \u0026quot;6\u0026quot; (IPv6-Only) flag which routers\nmay advertise, kernel logic to check if all routers on a link\nhave the flag set and accordingly update a per-interface flag.\n\nIf all routers agree that it is an IPv6-only link, ether_output_frame(),\nbased on the interface flag, will filter out all ETHERTYPE_IP/ARP\nframes, drop them, and return EAFNOSUPPORT to upper layers.\n\nThe change also updates ndp to show the \u0026quot;6\u0026quot; flag, ifconfig to\ndisplay the IPV6_ONLY nd6 flag if set, and rtadvd to allow\nannouncing the flag.\n\nFurther changes to tcpdump (contrib code) are availble and will\nbe upstreamed.\n\nTested the code (slightly earlier version) with 2 FreeBSD\nIPv6 routers, a FreeBSD laptop on ethernet as well as wifi,\nand with Win10 and OSX clients (which did not fall over with\nthe \u0026quot;6\u0026quot; flag set but not understood).\n\nWe may also want to (a) implement and RX filter, and (b) over\ntime enahnce user space to, say, stop dhclient from running\nwhen the interface flag is set.  Also we might want to start\nIPv6 before IPv4 in the future.\n\nAll the code is hidden under the EXPERIMENTAL option and not\ncompiled by default as the draft is a work-in-progress and\nwe cannot rely on the fact that IANA will assign the bits\nas requested by the draft and hence they may change.\n\nDear 6man, you have running code.\n\nDiscussed with: Bob Hinden, Brian E Carpenter\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://dan.langille.org/2018/10/02/running-freebsd-on-osx-using-xhyve-a-port-of-bhyve/\"\u003eRunning FreeBSD on macOS via xhyve\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3841\"\u003eAuction Winners\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vedetta-com/vedetta/blob/master/src/usr/local/share/doc/vedetta/OpenSSH_Principals.md\"\u003eOpenSSH Principals\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20181018160645\"\u003eOpenBSD Foundation gets a second Iridium donation from Handshake\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2018/10/10/msg000786.html\"\u003eNetBSD machines at Open Source Conference 2018 Kagawa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3818\"\u003eAbsolute FreeBSD now shipping!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://h3artbl33d.nl/blog/nextcloud-on-openbsd\"\u003eNextCloud on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/newsflash.html#event20181027:01\"\u003eFreeBSD 12.0-BETA2 Available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/gvnn3/status/1049347862541344771\"\u003eDTrace on Windows ported from FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/36DFQ1S\"\u003eHELBUG fall 2018 meeting scheduled - Thursday the 15th of November\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://translate.google.com/translate?hl=de\u0026amp;sl=de\u0026amp;tl=en\u0026amp;u=https%3A%2F%2Ftickets.events.ccc.de%2F35c3%2Fintro%2F\"\u003e35C3 pre-sale has started\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/254235663/\"\u003eStockholm BSD User Meeting: Tuesday Nov 13, 18:00 - 21:30  \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-pl.org/en\"\u003ePolish BSD User Group: Thursday Nov 15, 18:30 - 21:00 \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eGreg - \u003ca href=\"http://dpaste.com/1WA54CC\"\u003eInterview suggestion for the show\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNelson - \u003ca href=\"http://dpaste.com/21KKF7Q#wrap\"\u003eGhostscript vulnerabilities\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllison - \u003ca href=\"http://dpaste.com/3K6D7ST\"\u003ePorts and GCC\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.","date_published":"2018-11-01T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/83e21562-2f8c-4810-b4c6-0e8f3e36f95b.mp3","mime_type":"audio/mp3","size_in_bytes":41653876,"duration_in_seconds":4147}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2747","title":"Episode 269: Tiny Daemon Lib | BSD Now 269","url":"https://www.bsdnow.tv/269","content_text":"FreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress.\n\n##Headlines\n###FreeBSD Foundation Update, September 2018\n\n\nMESSAGE FROM THE EXECUTIVE DIRECTOR\n\n\n\nDear FreeBSD Community Member, It is hard to believe that September is over. The Foundation team had a busy month promoting FreeBSD all over the globe, bug fixing in preparation for 12.0, and setting plans in motion to kick off our 4th quarter fundraising and advocacy efforts. Take a minute to see what we’ve been up to and please consider making a donation to help us continue our efforts supporting FreeBSD!\n\n\n\nSeptember 2018 Development Projects Update\n\n\n\nIn preparation for the release of FreeBSD 12.0, I have been working on investigating and fixing a backlog of kernel bug reports.  Of course, this kind of work is never finished, and we will continue to make progress after the release.  In the past couple of months I have fixed a combination of long-standing issues and recent regressions.  Of note are a pair of UNIX domain socket bugs which had been affecting various applications for years.  In particular, Chromium tabs would frequently hang unless a workaround was manually applied to the system, and the bug had started affecting recent versions of Firefox as well.  Fixing these issues gave me an opportunity to revisit and extend our regression testing for UNIX sockets, which, in turn, resulted in some related bugs being identified and fixed.\nOf late I have also been investigating reports of issues with ZFS, particularly, those reported on FreeBSD 11.2.  A number of regressions, including a kernel memory leak and issues with ARC reclamation, have already been fixed for 12.0; investigation of other reports is ongoing. Those who closely follow FreeBSD-CURRENT know that some exciting work to improve memory usage on NUMA systems is now enabled by default.  As is usually the case when new code is deployed in a diverse array of systems and workloads, a number of problems since have been identified. We are working on resolving them as soon as possible to ensure the quality of the release.\nI’m passionate about maintaining FreeBSD’s stability and dependability as it continues to expand and grow new features, and I’m grateful to the FreeBSD Foundation for sponsoring this work.  We depend on users to report problems to the mailing lists and via the bug tracker, so please try running the 12.0 candidate builds and help us make 12.0 a great release.\n\n\n\nFundraising Update: Supporting the Project\n\n\n\nIt’s officially Fall here at Foundation headquarters and we’re heading full-steam into our final fundraising campaign of the year. We couldn’t even have begun to reach our funding goal of $1.25 million dollars without the support from the companies who have partnered with us this year. Thank you to Verisign for becoming a Silver Partner. They now join a growing list of companies like Xiplink, NetApp, Microsoft, Tarsnap, VMware, and NeoSmart Technologies that are stepping up and showing their commitment to FreeBSD!\nFunding from commercial users like these and individual users like yourself, help us continue our efforts of supporting critical areas of FreeBSD such as:\n\n\n\nOperating System Improvements: Providing staff to immediately respond to urgent problems and implement new features and functionality allowing for the innovation and stability you’ve come to rely on.\nSecurity: Providing engineering resources to bolster the capacity and responsiveness of the Security team providing your users with piece of mind when security issues arise.\nRelease Engineering: Continue providing a full-time release engineer, resulting in timely and reliable releases you can plan around.\nQuality Assurance: Improving and increasing test coverage, continuous integration, and automated testing with a full-time software engineer to ensure you receive the highest quality, secure, and reliable operating system.\nNew User Experience: Improving the process and documentation for getting new people involved with FreeBSD, and supporting those people as they become integrated into the FreeBSD Community providing the resources you may need to get new folks up to speed.\nTraining: Supporting more FreeBSD training for undergraduates, graduates, and postgraduates. Growing the community means reaching people and catching their interest in systems software as early as possible and providing you with a bigger pool of candidates with the FreeBSD skills you’re looking for.\nFace-to-Face Opportunities: Facilitating collaboration among members of the community, and building connections throughout the industry to support a healthy and growing ecosystem and make it easier for you to find resources when questions emerge .\n\n\n\nWe can continue the above work, if we meet our goal this year!\nIf your company uses FreeBSD, please consider joining our growing list of 2018 partners. If you haven’t made your donation yet, please consider donating today. We are indebted to the individual donors, and companies listed above who have already shown their commitment to open source.\nThank you for supporting FreeBSD and the Foundation!\n\n\n\nSeptember 2018 Release Engineering Update\n\n\n\nThe FreeBSD Release Engineering team continued working on the upcoming 12.0 RELEASE.  At present, the 12.0 schedule had been adjusted by one week to allow for necessary works-in-progress to be completed.\nOf note, one of the works-in-progress includes updating OpenSSL from 1.0.2 to 1.1.1, in order to avoid breaking the application binary interface (ABI) on an established stable branch.\nDue to the level of non-trivial intrusiveness that had already been discovered and addressed in a project branch of the repository, it is possible (but not yet definite) that the schedule will need to be adjusted by another week to allow more time for larger and related updates for this particular update.\nShould the 12.0-RELEASE schedule need to be adjusted at any time during the release cycle, the schedule on the FreeBSD project website will be updated accordingly.  The current schedule is available at:\nhttps://www.freebsd.org/releases/12.0R/schedule.html\n\n\n\nBSDCam 2018 Trip Report: Marie Helene Kvello-Aune\n\n\n\nI’d like to start by thanking the FreeBSD Foundation for sponsoring my trip to BSDCam(bridge) 2018. I wouldn’t have managed to attend otherwise. I’ve used FreeBSD in both personal and professional deployments since the year 2000, and over the last few years I have become more involved with development and documentation.\nI arrived in Gatwick, London at midnight. On Monday, August 13,  I took the train to Cambridge, and decided to do some touristy activities as I walked from the train station to Churchill College. I ran into Allan outside the hotel right before the sky decided it was time for a heavy rainfall. Monday was mostly spent settling in, recouping after travel, and hanging out with Allan, Brad, Will and Andy later in the afternoon/evening. Read more…\n\n\n\nContinuous Integration Update\n\n\n\nThe FreeBSD Foundation has sponsored the development of the Project’s continuous integration system, available at https://ci.FreeBSD.org, since June. Over the summer, we improved both the software and hardware infrastructure, and also added some new jobs for extending test coverage of the -CURRENT and -STABLE branches. Following are some highlights.\n\n\n\nNew Hardware\n\n\n\nThe Foundation purchased 4 new build machines for scaling up the computation power for the various test jobs. These newer, faster machines substantially speed up the time it takes to test amd64 builds, so that failing changes can be identified more quickly. Also, in August, we received a donation of 2 PINE A64-LTS boards from PINE64.org, which will be put in the hardware test lab as one part of the continuous tests.\n\n\n\nCI Staging Environment\n\n\n\nWe used hardware from a previous generation CI system to build a staging environment for the CI infrastructure, which is available at\nhttps://ci-dev.freebsd.org. It executes the configurations and scripts from the “staging” branch of the FreeBSD-CI repository, and the development feature branches. We also use it to experiment with the new version of the jenkins server and plugins. Having a staging environment avoids affecting the production CI environment, reducing downtime.\n\n\n\nMail Notification\n\n\n\nIn July, we turned on failure notification for all the kernel and world build jobs. Committers will receive email containing the build information and failure log to inform them of possible problems with their modification on certain architectures. For amd64 of the -CURRENT branch, we also enabled the notification on failing regression test cases. Currently mail is sent only to the individual committers, but with help from postmaster team, we have created a dev-ci mailing list and will soon be also sending notifications there.\n\n\n\nNew Test Job\n\n\n\nIn August, we updated the embedded script of the virtual machine image. Originally it only executed pre-defined tests, but now this behavior can be modified by the data on the attached disk. This mechanism is used for adding new ZFS tests jobs. We are also working on analyzing and fixing the failing and skipped test cases.\n\n\n\nWork in Progress\n\n\n\nIn August and September, we had two developer summits, one in Cambridge, UK and one in Bucharest, Romania. In these meetings, we discussed running special tests, such as ztest,  which need a longer run time. We also planned the network testing for TCP/IP stack\n\n\n\n\n###Daemonize - a Tiny C Library for Programming the UNIX Daemons\n\n\nWhatever they say, writing System-V style UNIX daemons is hard. One has to follow many rules to make a daemon process behave correctly on diverse UNIX flavours. Moreover, debugging such a code might be somewhat tricky. On the other hand, the process of daemon initialisation is rigid and well defined so the corresponding code has to be written and debugged once and later can be reused countless number of times.\nDevelopers of BSD UNIX were very aware of this, as there a C library function daemon() was available starting from version 4.4. The function, although non-standard, is present on many UNIXes. Unfortunately, it does not follow all the required steps to reliably run a process in the background on systems which follow System-V semantics (e.g. Linux). The details are available at the corresponding Linux man page. The main problem here, as I understand it, is that daemon() does not use the double-forking technique to avoid the situation when zombie processes appear.\nWhenever I encounter a problem like this one, I know it is time to write a tiny C library which solves it. This is exactly how ‘daemonize’ was born (GitHub mirror). The library consists of only two files which are meant to be integrated into the source tree of your project. Recently I have updated the library and realised that it would be good to describe how to use it on this site.\nIf for some reason you want to make a Windows service, I have a battle tested template code for you as well.\n\n\n\nSystem-V Daemon Initialisation Procedure\n\n\n\nTo make discussion clear we shall quote the steps which have to be performed during a daemon initialisation (according to daemon(7) manual page on Linux). I do it to demonstrate that this task is more tricky than one might expect.\n\n\n\n\nSo, here we go:\n\n\nClose all open file descriptors except standard input, output, and error (i.e. the first three file descriptors 0, 1, 2). This ensures that no accidentally passed file descriptor stays around in the daemon process. On Linux, this is best implemented by iterating through /proc/self/fd, with a fallback of iterating from file descriptor 3 to the value returned by getrlimit() for RLIMIT_NOFILE.\n\n\nReset all signal handlers to their default. This is best done by iterating through the available signals up to the limit of _NSIG and resetting them to SIG_DFL.\n\n\nReset the signal mask using sigprocmask().\n\n\nSanitize the environment block, removing or resetting environment variables that might negatively impact daemon runtime.\n\n\nCall fork(), to create a background process.\n\n\nIn the child, call setsid() to detach from any terminal and create an independent session.\n\n\nIn the child, call fork() again, to ensure that the daemon can never re-acquire a terminal again.\n\n\nCall exit() in the first child, so that only the second child (the actual daemon process) stays around. This ensures that the daemon process is re-parented to init/PID 1, as all daemons should be.\n\n\nIn the daemon process, connect /dev/null to standard input, output, and error.\n\n\nIn the daemon process, reset the umask to 0, so that the file modes passed to open(), mkdir() and suchlike directly control the access mode of the created files and directories.\n\n\nIn the daemon process, change the current directory to the root directory (/), in order to avoid that the daemon involuntarily blocks mount points from being unmounted.\n\n\nIn the daemon process, write the daemon PID (as returned by getpid()) to a PID file, for example /run/foobar.pid (for a hypothetical daemon “foobar”) to ensure that the daemon cannot be started more than once. This must be implemented in race-free fashion so that the PID file is only updated when it is verified at the same time that the PID previously stored in the PID file no longer exists or belongs to a foreign process.\n\n\nIn the daemon process, drop privileges, if possible and applicable.\n\n\nFrom the daemon process, notify the original process started that initialization is complete. This can be implemented via an unnamed pipe or similar communication channel that is created before the first fork() and hence available in both the original and the daemon process.\n\n\nCall exit() in the original process. The process that invoked the daemon must be able to rely on that this exit() happens after initialization is complete and all external communication channels are established and accessible.\n\n\n\n\nThe discussed library does most of the above-mentioned initialisation steps as it becomes immediately evident that implementation details for some of them heavily dependent on the internal logic of an application itself, so it is not possible to implement them in a universal library. I believe it is not a flaw, though, as the missed parts are safe to implement in an application code.\n\n\n\nThe Library’s Application Programming Interface\n\n\n\nThe generic programming interface was loosely modelled after above-mentioned BSD’s daemon() function. The library provides two user available functions (one is, in fact, implemented on top of the other) as well as a set of flags to control a daemon creation behaviour.\n\n\n\nConclusion\n\n\n\nThe objective of the library is to hide all the trickery of programming a daemon so you could concentrate on the more creative parts of your application. I hope it does this well.\nIf you are not only interested in writing a daemon, but also want to make yourself familiar with the techniques which are used to accomplish that, the source code is available. Moreover, I would advise anyone, who starts developing for a UNIX environment to do that, as it shows many intricacies of programming for these platforms.\n\n\n\n\n##News Roundup\n###EuroBSDCon 2018 travel report and obligatory pics\n\n\nThis was my first big BSD conference. We also planned - planned might be a big word - thought about doing a devsummit on Friday. Since the people who were in charge of that had a change of plans, I was sure it’d go horribly wrong.\nThe day before the devsummit and still in the wrong country, I mentioned the hours and venue on the wiki, and booked a reservation for a restaurant.\nIt turns out that everything was totally fine, and since the devsummit was at the conference venue (that was having tutorials that day), they even had signs pointing at the room we were given. Thanks EuroBSDCon conference organizers!\nAt the devsummit, we spent some time hacking. A few people came with “travel laptops” without access to anything, like Riastradh, so I gave him access to my own laptop. This didn’t hold very long and I kinda forgot about it, but for a few moments he had access to a NetBSD source tree and an 8 thread, 16GB RAM machine with which to build things.\nWe had a short introduction and I suggested we take some pictures, so here’s the ones we got. A few people were concerned about privacy, so they’re not pictured. We had small team to hold the camera :-)\nAt the actual conference days, I stayed at the speaker hotel with the other speakers. I’ve attempted to make conversation with some visibly FreeBSD/OpenBSD people, but didn’t have plans to talk about anything, so there was a lot of just following people silently.\nPerhaps for the next conference I’ll prepare a list of questions to random BSD people and then very obviously grab a piece of paper and ask, “what was…”, read a bit from it, and say, “your latest kernel panic?”, I’m sure it’ll be a great conversation starter.\nAt the conference itself, was pretty cool to have folks like Kirk McKusick give first person accounts of some past events (Kirk gave a talk about governance at FreeBSD), or the second keynote by Ron Broersma.\nMy own talk was hastily prepared, it was difficult to bring the topic together into a coherent talk. Nevertheless, I managed to talk about stuff for a while 40 minutes, though usually I skip over so many details that I have trouble putting together a sufficiently long talk.\nI mentioned some of my coolest bugs to solve (I should probably make a separate article about some!). A few people asked for the slides after the talk, so I guess it wasn’t totally incoherent.\nIt was really fun to meet some of my favourite NetBSD people. I got to show off my now fairly well working laptop (it took a lot of work by all of us!).\nAfter the conference I came back with a conference cold, and it took a few days to recover from it. Hopefully I didn’t infect too many people on the way back.\n\n\n\n\n###GhostBSD tested on real hardware T410 – better than TrueOS?\n\n\nYou might have heard about FreeBSD which is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install and some apps as well!\n\n\n\nNowadays if you want some of that BSD on your personal desktop how to go about? Well there is a full package or distro called GhostBSD which is based on FreeBSD current with a Mate or XFCE desktop preconfigured. I did try another package called TrueOS before and you can check out my blog post as well.\n\n\n\nLet’s give it a try on my Lenovo ThinkPad T410. You can download the latest version from ghostbsd.org. Creating a bootable USB drive was surprisingly difficult as rufus did not work and created a corrupted drive. You have to follow this procedure under Windows: download the 2.5GB .iso file and rename the extension to .img. Download Win32 Disk imager and burn the img file to an USB drive and boot from it. You will be able to start a live session and use the onboard setup to install GhostBSD unto a disk.\n\n\n\nI did encounter some bugs or quirks along the way. The installer failed the first time for some unknown reason but worked on the second attempt. The first boot stopped upon initialization of the USB3 ports (the T410 does not have USB3) but I could use some ‘exit’ command line magic to continue. The second boot worked fine. Audio was only available through headphones, not speakers but that could partially be fixed using the command line again. Lot’s of installed apps did not show up in the start menu and on goes the quirks list.\n\n\n\nOverall it is still better than TrueOS for me because drivers did work very well and I could address most of the existing bugs.\n\n\n\n\nOn the upside:\n\n\nFree and open source FreeBSD package ready to go\n\n\nMate or XFCE desktop (Mate is the only option for daily builds)\n\n\nDrivers work fine including LAN, WiFi, video 2D \u0026amp; 3D, audio, etc\n\n\nUFS or ZFS advanced file systems available\n\n\nSome downsides:\n\n\nLess driver and direct app support than Linux\n\n\nInstaller and desktop have some quirks and bugs\n\n\nApp-store is cumbersome, inferior to TrueOS\n\n\n\n\n\n##Beastie Bits\n\n\nEuroBSDCon 2018 and NetBSD sanitizers\nNew mandoc feature: -T html -O toc\nEuroBSDcon 2018\nPolish BSD User Group\ngarbage[43]: What year is it?\nThe Demo @ 50\nMicrosoft ports DTrace from FreeBSD to Windows 10\nOpenBSD joins Twitter\nNetBSD curses ripoffline improvements\nFCP-0101: Deprecating most 10/100 Ethernet drivers\nAnnouncing the pkgsrc-2018Q3 release\nDebian on OpenBSD vmd (without qemu or another debian system)\nA BSD authentication module for duress passwords (Joshua Stein)\nDisk Price/Performance Analysis\n\n\n\n\n##Feedback/Questions\n\n\nDJ - Zombie ZFS\nJosua - arm tier 1? how to approach it\n-Gamah - 5ghz\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eFreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-september-2018/\"\u003eFreeBSD Foundation Update, September 2018\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMESSAGE FROM THE EXECUTIVE DIRECTOR\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDear FreeBSD Community Member, It is hard to believe that September is over. The Foundation team had a busy month promoting FreeBSD all over the globe, bug fixing in preparation for 12.0, and setting plans in motion to kick off our 4th quarter fundraising and advocacy efforts. Take a minute to see what we’ve been up to and please consider making a donation to help us continue our efforts supporting FreeBSD!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeptember 2018 Development Projects Update\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn preparation for the release of FreeBSD 12.0, I have been working on investigating and fixing a backlog of kernel bug reports.  Of course, this kind of work is never finished, and we will continue to make progress after the release.  In the past couple of months I have fixed a combination of long-standing issues and recent regressions.  Of note are a pair of UNIX domain socket bugs which had been affecting various applications for years.  In particular, Chromium tabs would frequently hang unless a workaround was manually applied to the system, and the bug had started affecting recent versions of Firefox as well.  Fixing these issues gave me an opportunity to revisit and extend our regression testing for UNIX sockets, which, in turn, resulted in some related bugs being identified and fixed.\u003cbr\u003e\nOf late I have also been investigating reports of issues with ZFS, particularly, those reported on FreeBSD 11.2.  A number of regressions, including a kernel memory leak and issues with ARC reclamation, have already been fixed for 12.0; investigation of other reports is ongoing. Those who closely follow FreeBSD-CURRENT know that some exciting work to improve memory usage on NUMA systems is now enabled by default.  As is usually the case when new code is deployed in a diverse array of systems and workloads, a number of problems since have been identified. We are working on resolving them as soon as possible to ensure the quality of the release.\u003cbr\u003e\nI’m passionate about maintaining FreeBSD’s stability and dependability as it continues to expand and grow new features, and I’m grateful to the FreeBSD Foundation for sponsoring this work.  We depend on users to report problems to the mailing lists and via the bug tracker, so please try running the 12.0 candidate builds and help us make 12.0 a great release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFundraising Update: Supporting the Project\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s officially Fall here at Foundation headquarters and we’re heading full-steam into our final fundraising campaign of the year. We couldn’t even have begun to reach our funding goal of $1.25 million dollars without the support from the companies who have partnered with us this year. Thank you to Verisign for becoming a Silver Partner. They now join a growing list of companies like Xiplink, NetApp, Microsoft, Tarsnap, VMware, and NeoSmart Technologies that are stepping up and showing their commitment to FreeBSD!\u003cbr\u003e\nFunding from commercial users like these and individual users like yourself, help us continue our efforts of supporting critical areas of FreeBSD such as:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOperating System Improvements: Providing staff to immediately respond to urgent problems and implement new features and functionality allowing for the innovation and stability you’ve come to rely on.\u003c/li\u003e\n\u003cli\u003eSecurity: Providing engineering resources to bolster the capacity and responsiveness of the Security team providing your users with piece of mind when security issues arise.\u003c/li\u003e\n\u003cli\u003eRelease Engineering: Continue providing a full-time release engineer, resulting in timely and reliable releases you can plan around.\u003c/li\u003e\n\u003cli\u003eQuality Assurance: Improving and increasing test coverage, continuous integration, and automated testing with a full-time software engineer to ensure you receive the highest quality, secure, and reliable operating system.\u003c/li\u003e\n\u003cli\u003eNew User Experience: Improving the process and documentation for getting new people involved with FreeBSD, and supporting those people as they become integrated into the FreeBSD Community providing the resources you may need to get new folks up to speed.\u003c/li\u003e\n\u003cli\u003eTraining: Supporting more FreeBSD training for undergraduates, graduates, and postgraduates. Growing the community means reaching people and catching their interest in systems software as early as possible and providing you with a bigger pool of candidates with the FreeBSD skills you’re looking for.\u003c/li\u003e\n\u003cli\u003eFace-to-Face Opportunities: Facilitating collaboration among members of the community, and building connections throughout the industry to support a healthy and growing ecosystem and make it easier for you to find resources when questions emerge .\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe can continue the above work, if we meet our goal this year!\u003cbr\u003e\nIf your company uses FreeBSD, please consider joining our growing list of 2018 partners. If you haven’t made your donation yet, please consider donating today. We are indebted to the individual donors, and companies listed above who have already shown their commitment to open source.\u003cbr\u003e\nThank you for supporting FreeBSD and the Foundation!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeptember 2018 Release Engineering Update\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD Release Engineering team continued working on the upcoming 12.0 RELEASE.  At present, the 12.0 schedule had been adjusted by one week to allow for necessary works-in-progress to be completed.\u003cbr\u003e\nOf note, one of the works-in-progress includes updating OpenSSL from 1.0.2 to 1.1.1, in order to avoid breaking the application binary interface (ABI) on an established stable branch.\u003cbr\u003e\nDue to the level of non-trivial intrusiveness that had already been discovered and addressed in a project branch of the repository, it is possible (but not yet definite) that the schedule will need to be adjusted by another week to allow more time for larger and related updates for this particular update.\u003cbr\u003e\nShould the 12.0-RELEASE schedule need to be adjusted at any time during the release cycle, the schedule on the FreeBSD project website will be updated accordingly.  The current schedule is available at:\u003cbr\u003e\n\u003ca href=\"https://www.freebsd.org/releases/12.0R/schedule.html\"\u003ehttps://www.freebsd.org/releases/12.0R/schedule.html\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDCam 2018 Trip Report: Marie Helene Kvello-Aune\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’d like to start by thanking the FreeBSD Foundation for sponsoring my trip to BSDCam(bridge) 2018. I wouldn’t have managed to attend otherwise. I’ve used FreeBSD in both personal and professional deployments since the year 2000, and over the last few years I have become more involved with development and documentation.\u003cbr\u003e\nI arrived in Gatwick, London at midnight. On Monday, August 13,  I took the train to Cambridge, and decided to do some touristy activities as I walked from the train station to Churchill College. I ran into Allan outside the hotel right before the sky decided it was time for a heavy rainfall. Monday was mostly spent settling in, recouping after travel, and hanging out with Allan, Brad, Will and Andy later in the afternoon/evening. Read more…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eContinuous Integration Update\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD Foundation has sponsored the development of the Project’s continuous integration system, available at \u003ca href=\"https://ci.FreeBSD.org\"\u003ehttps://ci.FreeBSD.org\u003c/a\u003e, since June. Over the summer, we improved both the software and hardware infrastructure, and also added some new jobs for extending test coverage of the -CURRENT and -STABLE branches. Following are some highlights.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew Hardware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Foundation purchased 4 new build machines for scaling up the computation power for the various test jobs. These newer, faster machines substantially speed up the time it takes to test amd64 builds, so that failing changes can be identified more quickly. Also, in August, we received a donation of 2 PINE A64-LTS boards from \u003ca href=\"http://PINE64.org\"\u003ePINE64.org\u003c/a\u003e, which will be put in the hardware test lab as one part of the continuous tests.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCI Staging Environment\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe used hardware from a previous generation CI system to build a staging environment for the CI infrastructure, which is available at\u003cbr\u003e\n\u003ca href=\"https://ci-dev.freebsd.org\"\u003ehttps://ci-dev.freebsd.org\u003c/a\u003e. It executes the configurations and scripts from the “staging” branch of the FreeBSD-CI repository, and the development feature branches. We also use it to experiment with the new version of the jenkins server and plugins. Having a staging environment avoids affecting the production CI environment, reducing downtime.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMail Notification\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn July, we turned on failure notification for all the kernel and world build jobs. Committers will receive email containing the build information and failure log to inform them of possible problems with their modification on certain architectures. For amd64 of the -CURRENT branch, we also enabled the notification on failing regression test cases. Currently mail is sent only to the individual committers, but with help from postmaster team, we have created a dev-ci mailing list and will soon be also sending notifications there.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew Test Job\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn August, we updated the embedded script of the virtual machine image. Originally it only executed pre-defined tests, but now this behavior can be modified by the data on the attached disk. This mechanism is used for adding new ZFS tests jobs. We are also working on analyzing and fixing the failing and skipped test cases.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWork in Progress\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn August and September, we had two developer summits, one in Cambridge, UK and one in Bucharest, Romania. In these meetings, we discussed running special tests, such as ztest,  which need a longer run time. We also planned the network testing for TCP/IP stack\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://chaoticlab.io/c/c++/unix/2018/10/01/daemonize.html\"\u003eDaemonize - a Tiny C Library for Programming the UNIX Daemons\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhatever they say, writing System-V style UNIX daemons is hard. One has to follow many rules to make a daemon process behave correctly on diverse UNIX flavours. Moreover, debugging such a code might be somewhat tricky. On the other hand, the process of daemon initialisation is rigid and well defined so the corresponding code has to be written and debugged once and later can be reused countless number of times.\u003cbr\u003e\nDevelopers of BSD UNIX were very aware of this, as there a C library function daemon() was available starting from version 4.4. The function, although non-standard, is present on many UNIXes. Unfortunately, it does not follow all the required steps to reliably run a process in the background on systems which follow System-V semantics (e.g. Linux). The details are available at the corresponding Linux man page. The main problem here, as I understand it, is that daemon() does not use the double-forking technique to avoid the situation when zombie processes appear.\u003cbr\u003e\nWhenever I encounter a problem like this one, I know it is time to write a tiny C library which solves it. This is exactly how ‘daemonize’ was born (GitHub mirror). The library consists of only two files which are meant to be integrated into the source tree of your project. Recently I have updated the library and realised that it would be good to describe how to use it on this site.\u003cbr\u003e\nIf for some reason you want to make a Windows service, I have a battle tested template code for you as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSystem-V Daemon Initialisation Procedure\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo make discussion clear we shall quote the steps which have to be performed during a daemon initialisation (according to daemon(7) manual page on Linux). I do it to demonstrate that this task is more tricky than one might expect.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSo, here we go:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClose all open file descriptors except standard input, output, and error (i.e. the first three file descriptors 0, 1, 2). This ensures that no accidentally passed file descriptor stays around in the daemon process. On Linux, this is best implemented by iterating through /proc/self/fd, with a fallback of iterating from file descriptor 3 to the value returned by getrlimit() for RLIMIT_NOFILE.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReset all signal handlers to their default. This is best done by iterating through the available signals up to the limit of _NSIG and resetting them to SIG_DFL.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReset the signal mask using sigprocmask().\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSanitize the environment block, removing or resetting environment variables that might negatively impact daemon runtime.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCall fork(), to create a background process.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the child, call setsid() to detach from any terminal and create an independent session.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the child, call fork() again, to ensure that the daemon can never re-acquire a terminal again.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCall exit() in the first child, so that only the second child (the actual daemon process) stays around. This ensures that the daemon process is re-parented to init/PID 1, as all daemons should be.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the daemon process, connect /dev/null to standard input, output, and error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the daemon process, reset the umask to 0, so that the file modes passed to open(), mkdir() and suchlike directly control the access mode of the created files and directories.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the daemon process, change the current directory to the root directory (/), in order to avoid that the daemon involuntarily blocks mount points from being unmounted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the daemon process, write the daemon PID (as returned by getpid()) to a PID file, for example /run/foobar.pid (for a hypothetical daemon “foobar”) to ensure that the daemon cannot be started more than once. This must be implemented in race-free fashion so that the PID file is only updated when it is verified at the same time that the PID previously stored in the PID file no longer exists or belongs to a foreign process.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the daemon process, drop privileges, if possible and applicable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFrom the daemon process, notify the original process started that initialization is complete. This can be implemented via an unnamed pipe or similar communication channel that is created before the first fork() and hence available in both the original and the daemon process.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCall exit() in the original process. The process that invoked the daemon must be able to rely on that this exit() happens after initialization is complete and all external communication channels are established and accessible.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe discussed library does most of the above-mentioned initialisation steps as it becomes immediately evident that implementation details for some of them heavily dependent on the internal logic of an application itself, so it is not possible to implement them in a universal library. I believe it is not a flaw, though, as the missed parts are safe to implement in an application code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Library’s Application Programming Interface\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe generic programming interface was loosely modelled after above-mentioned BSD’s daemon() function. The library provides two user available functions (one is, in fact, implemented on top of the other) as well as a set of flags to control a daemon creation behaviour.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe objective of the library is to hide all the trickery of programming a daemon so you could concentrate on the more creative parts of your application. I hope it does this well.\u003cbr\u003e\nIf you are not only interested in writing a daemon, but also want to make yourself familiar with the techniques which are used to accomplish that, the source code is available. Moreover, I would advise anyone, who starts developing for a UNIX environment to do that, as it shows many intricacies of programming for these platforms.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://blog.netbsd.org/tnf/entry/eurobsdcon_2018\"\u003eEuroBSDCon 2018 travel report and obligatory pics\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis was my first big BSD conference. We also planned - planned might be a big word - thought about doing a devsummit on Friday. Since the people who were in charge of that had a change of plans, I was sure it’d go horribly wrong.\u003cbr\u003e\nThe day before the devsummit and still in the wrong country, I mentioned the hours and venue on the wiki, and booked a reservation for a restaurant.\u003cbr\u003e\nIt turns out that everything was totally fine, and since the devsummit was at the conference venue (that was having tutorials that day), they even had signs pointing at the room we were given. Thanks EuroBSDCon conference organizers!\u003cbr\u003e\nAt the devsummit, we spent some time hacking. A few people came with “travel laptops” without access to anything, like Riastradh, so I gave him access to my own laptop. This didn’t hold very long and I kinda forgot about it, but for a few moments he had access to a NetBSD source tree and an 8 thread, 16GB RAM machine with which to build things.\u003cbr\u003e\nWe had a short introduction and I suggested we take some pictures, so here’s the ones we got. A few people were concerned about privacy, so they’re not pictured. We had small team to hold the camera :-)\u003cbr\u003e\nAt the actual conference days, I stayed at the speaker hotel with the other speakers. I’ve attempted to make conversation with some visibly FreeBSD/OpenBSD people, but didn’t have plans to talk about anything, so there was a lot of just following people silently.\u003cbr\u003e\nPerhaps for the next conference I’ll prepare a list of questions to random BSD people and then very obviously grab a piece of paper and ask, “what was…”, read a bit from it, and say, “your latest kernel panic?”, I’m sure it’ll be a great conversation starter.\u003cbr\u003e\nAt the conference itself, was pretty cool to have folks like Kirk McKusick give first person accounts of some past events (Kirk gave a talk about governance at FreeBSD), or the second keynote by Ron Broersma.\u003cbr\u003e\nMy own talk was hastily prepared, it was difficult to bring the topic together into a coherent talk. Nevertheless, I managed to talk about stuff for a while 40 minutes, though usually I skip over so many details that I have trouble putting together a sufficiently long talk.\u003cbr\u003e\nI mentioned some of my coolest bugs to solve (I should probably make a separate article about some!). A few people asked for the slides after the talk, so I guess it wasn’t totally incoherent.\u003cbr\u003e\nIt was really fun to meet some of my favourite NetBSD people. I got to show off my now fairly well working laptop (it took a lot of work by all of us!).\u003cbr\u003e\nAfter the conference I came back with a conference cold, and it took a few days to recover from it. Hopefully I didn’t infect too many people on the way back.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://panoramacircle.com/2018/09/23/ghostbsd-tested-on-real-hardware-t410-better-than-trueos/\"\u003eGhostBSD tested on real hardware T410 – better than TrueOS?\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou might have heard about FreeBSD which is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install and some apps as well!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNowadays if you want some of that BSD on your personal desktop how to go about? Well there is a full package or distro called GhostBSD which is based on FreeBSD current with a Mate or XFCE desktop preconfigured. I did try another package called TrueOS before and you can check out my blog post as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet’s give it a try on my Lenovo ThinkPad T410. You can download the latest version from \u003ca href=\"http://ghostbsd.org\"\u003eghostbsd.org\u003c/a\u003e. Creating a bootable USB drive was surprisingly difficult as rufus did not work and created a corrupted drive. You have to follow this procedure under Windows: download the 2.5GB .iso file and rename the extension to .img. Download Win32 Disk imager and burn the img file to an USB drive and boot from it. You will be able to start a live session and use the onboard setup to install GhostBSD unto a disk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI did encounter some bugs or quirks along the way. The installer failed the first time for some unknown reason but worked on the second attempt. The first boot stopped upon initialization of the USB3 ports (the T410 does not have USB3) but I could use some ‘exit’ command line magic to continue. The second boot worked fine. Audio was only available through headphones, not speakers but that could partially be fixed using the command line again. Lot’s of installed apps did not show up in the start menu and on goes the quirks list.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOverall it is still better than TrueOS for me because drivers did work very well and I could address most of the existing bugs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eOn the upside:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFree and open source FreeBSD package ready to go\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMate or XFCE desktop (Mate is the only option for daily builds)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrivers work fine including LAN, WiFi, video 2D \u0026amp; 3D, audio, etc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUFS or ZFS advanced file systems available\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSome downsides:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLess driver and direct app support than Linux\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInstaller and desktop have some quirks and bugs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApp-store is cumbersome, inferior to TrueOS\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/eurobsdcon_2018_and_netbsd_sanitizers\"\u003eEuroBSDCon 2018 and NetBSD sanitizers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20181002175838\"\u003eNew mandoc feature: -T html -O toc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.geeklan.co.uk/?p=2307\"\u003eEuroBSDcon 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/55/\"\u003ePolish BSD User Group\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://garbage.fm/episodes/43\"\u003egarbage[43]: What year is it?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://thedemoat50.org/\"\u003eThe Demo @ 50\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/tG8R5SQGPck?t=660\"\u003eMicrosoft ports DTrace from FreeBSD to Windows 10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/openbsd\"\u003eOpenBSD joins Twitter\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://roy.marples.name/blog/netbsd-curses-ripoffline-improvements\"\u003eNetBSD curses ripoffline improvements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2018-October/089717.html\"\u003eFCP-0101: Deprecating most 10/100 Ethernet drivers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/tech-pkg/2018/10/05/msg020326.html\"\u003eAnnouncing the pkgsrc-2018Q3 release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.netzbasis.de/openbsd/vmd-debian/index.html\"\u003eDebian on OpenBSD vmd (without qemu or another debian system)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jcs/login_duress\"\u003eA BSD authentication module for duress passwords (Joshua Stein)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/oshogbovx/status/1019334534935007232?s=03\"\u003eDisk Price/Performance Analysis\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eDJ - \u003ca href=\"http://dpaste.com/0YV8WC6#wrap\"\u003eZombie ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJosua - \u003ca href=\"http://dpaste.com/25B1EA8\"\u003earm tier 1? how to approach it\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e-Gamah - \u003ca href=\"http://dpaste.com/2SMSGPB\"\u003e5ghz\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"FreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress.","date_published":"2018-10-24T05:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5cd889a3-fdea-4394-a3e4-69aaa37d9ee0.mp3","mime_type":"audio/mp3","size_in_bytes":53176544,"duration_in_seconds":5299}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2721","title":"Episode 268: Netcat Demystified | BSD Now 268","url":"https://www.bsdnow.tv/268","content_text":"6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.\n\n##Headlines\n###Six Metrics for Measuring ZFS Pool Performance Part 1\n\n\nThe layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS pool is far from trivial, it is important for an administrator to understand the mechanics of pool performance when designing a storage system.\n\n\n\nTo quantify pool performance, we will consider six primary metrics:\nRead I/O operations per second (IOPS)\nWrite IOPS\nStreaming read speed\nStreaming write speed\nStorage space efficiency (usable capacity after parity versus total raw capacity)\nFault tolerance (maximum number of drives that can fail before data loss)\nFor the sake of comparison, we’ll use an example system with 12 drives, each one sized at 6TB, and say that each drive does 100MB/s streaming reads and writes and can do 250 read and write IOPS. We will visualize how the data is spread across the drives by writing 12 multi-colored blocks, shown below. The blocks are written to the pool starting with the brown block on the left (number one), and working our way to the pink block on the right (number 12).\n\n\n\nNote that when we calculate data rates and IOPS values for the example system, they are only approximations. Many other factors can impact pool access speeds for better (compression, caching) or worse (poor CPU performance, not enough memory).\nThere is no single configuration that maximizes all six metrics. Like so many things in life, our objective is to find an appropriate balance of the metrics to match a target workload. For example, a cold-storage backup system will likely want a pool configuration that emphasizes usable storage space and fault tolerance over the other data-rate focused metrics.\nLet’s start with a quick review of ZFS storage pools before diving into specific configuration options. ZFS storage pools are comprised of one or more virtual devices, or vdevs. Each vdev is comprised of one or more storage providers, typically physical hard disks. All disk-level redundancy is configured at the vdev level. That is, the RAID layout is set on each vdev as opposed to on the storage pool. Data written to the storage pool is then striped across all the vdevs. Because pool data is striped across the vdevs, the loss of any one vdev means total pool failure. This is perhaps the single most important fact to keep in mind when designing a ZFS storage system. We will circle back to this point in the next post, but keep it in mind as we go through the vdev configuration options.\nBecause storage pools are made up of one or more vdevs with the pool data striped over the top, we’ll take a look at pool configuration in terms of various vdev configurations. There are three basic vdev configurations: striping, mirroring, and RAIDZ (which itself has three different varieties). The first section will cover striped and mirrored vdevs in this post; the second post will cover RAIDZ and some example scenarios.\nA striped vdev is the simplest configuration. Each vdev consists of a single disk with no redundancy. When several of these single-disk, striped vdevs are combined into a single storage pool, the total usable storage space would be the sum of all the drives. When you write data to a pool made of striped vdevs, the data is broken into small chunks called “blocks” and distributed across all the disks in the pool. The blocks are written in “round-robin” sequence, meaning after all the disks receive one row of blocks, called a stripe, it loops back around and writes another stripe under the first. A striped pool has excellent performance and storage space efficiency, but absolutely zero fault tolerance. If even a single drive in the pool fails, the entire pool will fail and all data stored on that pool will be lost.\nThe excellent performance of a striped pool comes from the fact that all of the disks can work independently for all read and write operations. If you have a bunch of small read or write operations (IOPS), each disk can work independently to fetch the next block. For streaming reads and writes, each disk can fetch the next block in line synchronized with its neighbors. For example, if a given disk is fetching block n, its neighbor to the left can be fetching block n-1, and its neighbor to the right can be fetching block n+1. Therefore, the speed of all read and write operations as well as the quantity of read and write operations (IOPS) on a striped pool will scale with the number of vdevs. Note here that I said the speeds and IOPS scale with the number of vdevs rather than the number of drives; there’s a reason for this and we’ll cover it in the next post when we discuss RAID-Z.\nHere’s a summary of the total pool performance (where N is the number of disks in the pool):\n\n\n\nN-wide striped:\nRead IOPS: N * Read IOPS of a single drive\nWrite IOPS: N * Write IOPS of a single drive\nStreaming read speed: N * Streaming read speed of a single drive\nStreaming write speed: N * Streaming write speed of a single drive\nStorage space efficiency: 100%\nFault tolerance: None!\n\n\n\nLet’s apply this to our example system, configured with a 12-wide striped pool:\n\n\n\n12-wide striped:\nRead IOPS: 3000\nWrite IOPS: 3000\nStreaming read speed: 1200 MB/s\nStreaming write speed: 1200 MB/s\nStorage space efficiency: 72 TB\nFault tolerance: None!\nBelow is a visual depiction of our 12 rainbow blocks written to this pool configuration:\n\n\n\nThe blocks are simply striped across the 12 disks in the pool. The LBA column on the left stands for “Logical Block Address”. If we treat each disk as a column in an array, each LBA would be a row. It’s also easy to see that if any single disk fails, we would be missing a color in the rainbow and our data would be incomplete. While this configuration has fantastic read and write speeds and can handle a ton of IOPS, the data stored on the pool is very vulnerable. This configuration is not recommended unless you’re comfortable losing all of your pool’s data whenever any single drive fails.\nA mirrored vdev consists of two or more disks. A mirrored vdev stores an exact copy of all the data written to it on each one of its drives. Traditional RAID-1 mirrors usually only support two drive mirrors, but ZFS allows for more drives per mirror to increase redundancy and fault tolerance. All disks in a mirrored vdev have to fail for the vdev, and thus the whole pool, to fail. Total storage space will be equal to the size of a single drive in the vdev. If you’re using mismatched drive sizes in your mirrors, the total size will be that of the smallest drive in the mirror.\nStreaming read speeds and read IOPS on a mirrored vdev will be faster than write speeds and IOPS. When reading from a mirrored vdev, the drives can “divide and conquer” the operations, similar to what we saw above in the striped pool. This is because each drive in the mirror has an identical copy of the data. For write operations, all of the drives need to write a copy of the data, so the mirrored vdev will be limited to the streaming write speed and IOPS of a single disk.\n\n\n\nHere’s a summary:\n\n\n\n\nN-way mirror:\n\n\nRead IOPS: N * Read IOPS of a single drive\n\n\nWrite IOPS: Write IOPS of a single drive\n\n\nStreaming read speed: N * Streaming read speed of a single drive\n\n\nStreaming write speed: Streaming write speed of a single drive\n\n\nStorage space efficiency: 50% for 2-way, 33% for 3-way, 25% for 4-way, etc. [(N-1)/N]\n\n\nFault tolerance: 1 disk per vdev for 2-way, 2 for 3-way, 3 for 4-way, etc. [N-1]\n\n\nFor our first example configuration, let’s do something ridiculous and create a 12-way mirror. ZFS supports this kind of thing, but your management probably will not.\n\n\n1x 12-way mirror:\n\n\nRead IOPS: 3000\n\n\nWrite IOPS: 250\n\n\nStreaming read speed: 1200 MB/s\n\n\nStreaming write speed: 100 MB/s\n\n\nStorage space efficiency: 8.3% (6 TB)\n\n\nFault tolerance: 11\n\n\n\n\nAs we can clearly see from the diagram, every single disk in the vdev gets a full copy of our rainbow data. The chainlink icons between the disk labels in the column headers indicate the disks are part of a single vdev. We can lose up to 11 disks in this vdev and still have a complete rainbow. Of course, the data takes up far too much room on the pool, occupying a full 12 LBAs in the data array.\n\n\n\nObviously, this is far from the best use of 12 drives. Let’s do something a little more practical and configure the pool with the ZFS equivalent of RAID-10. We’ll configure six 2-way mirror vdevs. ZFS will stripe the data across all 6 of the vdevs. We can use the work we did in the striped vdev section to determine how the pool as a whole will behave. Let’s first calculate the performance per vdev, then we can work on the full pool:\n\n\n\n\n1x 2-way mirror:\n\n\nRead IOPS: 500\n\n\nWrite IOPS: 250\n\n\nStreaming read speed: 200 MB/s\n\n\nStreaming write speed: 100 MB/s\n\n\nStorage space efficiency: 50% (6 TB)\n\n\nFault tolerance: 1\n\n\nNow we can pretend we have 6 drives with the performance statistics listed above and run them through our striped vdev performance calculator to get the total pool’s performance:\n\n\n6x 2-way mirror:\n\n\nRead IOPS: 3000\n\n\nWrite IOPS: 1500\n\n\nStreaming read speed: 3000 MB/s\n\n\nStreaming write speed: 1500 MB/s\n\n\nStorage space efficiency: 50% (36 TB)\n\n\nFault tolerance: 1 per vdev, 6 total\n\n\nAgain, we will examine the configuration from a visual perspective:\n\n\n\n\nEach vdev gets a block of data and ZFS writes that data to all of (or in this case, both of) the disks in the mirror. As long as we have at least one functional disk in each vdev, we can retrieve our rainbow. As before, the chain link icons denote the disks are part of a single vdev. This configuration emphasizes performance over raw capacity but doesn’t totally disregard fault tolerance as our striped pool did. It’s a very popular configuration for systems that need a lot of fast I/O. Let’s look at one more example configuration using four 3-way mirrors. We’ll skip the individual vdev performance calculation and go straight to the full pool:\n\n\n\n4x 3-way mirror:\nRead IOPS: 3000\nWrite IOPS: 1000\nStreaming read speed: 3000 MB/s\nStreaming write speed: 400 MB/s\nStorage space efficiency: 33% (24 TB)\nFault tolerance: 2 per vdev, 8 total\n\n\n\nWhile we have sacrificed some write performance and capacity, the pool is now extremely fault tolerant. This configuration is probably not practical for most applications and it would make more sense to use lower fault tolerance and set up an offsite backup system.\nStriped and mirrored vdevs are fantastic for access speed performance, but they either leave you with no redundancy whatsoever or impose at least a 50% penalty on the total usable space of your pool. In the next post, we will cover RAIDZ, which lets you keep data redundancy without sacrificing as much storage space efficiency. We’ll also look at some example workload scenarios and decide which layout would be the best fit for each.\n\n\n\n\n###2FA with ssh on OpenBSD\n\n\nFive years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there’s no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don’t want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you’d like to use it. You could use a bastion—and use only one yubikey—but I don’t like the SPOF aspect of a bastion. YMMV.\nAfter I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can’t do that using only the tools in base. This article focuses on OpenBSD; if you use another operating system, here are two handy links.\n\n\n\nSEED CONFIGURATION\n\n\n\nThe first thing we need to do is to install the software which will be used to verify the OTPs we submit.\n\n\n# pkg_add login_oath\n\n\nWe need to create a secret - aka, the seed - that will be used to calculate the Time-based One-Time Passwords. We should make sure no one can read or change it.\n\n\n$ openssl rand -hex 20 \u0026gt; ~/.totp-key\n$ chmod 400 ~/.totp-key\n\n\nNow we have a hexadecimal key, but apps usually want a base32 secret. I initially wrote a small script to do the conversion.\nWhile writing this article, I took the opportunity to improve it. When I initially wrote this utility for my use, python-qrcode hadn’t yet been imported to the OpenBSD ports/packages system. It’s easy to install now, so let’s use it.\nHere’s the improved version. It will ask for the hex key and output the secret as a base32-encoded string, both with and without spacing so you can copy-paste it into your password manager or easily retype it. It will then ask for the information needed to generate a QR code. Adding our new OTP secret to any mobile app using the QR code will be super easy!\n\n\n\nSYSTEM CONFIGURATION\n\n\n\nWe can now move to the configuration of the system to put our new TOTP to use. As you might guess, it’s going to be quite close to what we did with the yubikey.\nWe need to tweak login.conf. Be careful and keep a root shell open at all times. The few times I broke my OpenBSD were because I messed with login.conf without showing enough care.\n\n\n\nSSHD CONFIGURATION\n\n\n\nAgain, keeping a root shell around decreases the risk of losing access to the system and being locked outside.\nA good standard is to use PasswordAuthentication no and to use public key only. Except… have a guess what the P stands for in TOTP. Yes, congrats, you guessed it!\nWe need to switch to PasswordAuthentication yes. However, if we made this change alone, sshd would then accept a public key OR a password (which are TOTP because of our login.conf). 2FA uses both at the same time.\nTo inform sshd we intend to use both, we need to set AuthenticationMethods publickey,password. This way, the user trying to login will first need to perform the traditional publickey authentication. Once that’s done, ssh will prompt for a password and the user will need to submit a valid TOTP for the system.\nWe could do this the other way around, but I think bots could try passwords, wasting resources. Evaluated in this order, failing to provide a public key leads to sshd immediately declining your attempt.\n\n\n\nIMPROVING SECURITY WITHOUT IMPACTING UX\n\n\n\nMy phone has a long enough password that most of the time, I fail to type it correctly on the first try. Of course, if I had to unlock my phone, launch my TOTP app and use my keyboard to enter what I see on my phone’s screen, I would quickly disable 2FA.\nTo find a balance, I have whitelisted certain IP addresses and users. If I connect from a particular IP address or as a specific user, I don’t want to go through 2FA. For some users, I might not even enable 2FA.\nTo sum up, we covered how to create a seed, how to perform a hexadecimal to base32 conversion and how to create a QR code for mobile applications. We configured the login system with login.conf so that ssh authentication uses the TOTP login system, and we told sshd to ask for both the public key and the Time-based One-Time Password. Now you should be all set to use two-factor ssh authentication on OpenBSD!\n\n\n\n\n##News Roundup\n###How ZFS maintains file type information in directories\n\n\nAs an aside in yesterday’s history of file type information being available in Unix directories, I mentioned that it was possible for a filesystem to support this even though its Unix didn’t. By supporting it, I mean that the filesystem maintains this information in its on disk format for directories, even though the rest of the kernel will never ask for it. This is what ZFS does.\nThe easiest way to see that ZFS does this is to use zdb to dump a directory. I’m going to do this on an OmniOS machine, to make it more convincing, and it turns out that this has some interesting results. Since this is OmniOS, we don’t have the convenience of just naming a directory in zdb, so let’s find the root directory of a filesystem, starting from dnode 1 (as seen before).\n\n\n# zdb -dddd fs3-corestaff-01/h/281 1\nDataset [....]\n[...]\nmicrozap: 512 bytes, 4 entries\n[...]\nROOT = 3\n\n# zdb -dddd fs3-corestaff-01/h/281 3\nObject lvl iblk dblk dsize lsize %full type\n3 1 16K 1K 8K 1K 100.00 ZFS directory\n[...]\nmicrozap: 1024 bytes, 8 entries\n\nRESTORED = 4396504 (type: Directory)\nckstst = 12017 (type: not specified)\nckstst3 = 25069 (type: Directory)\n.demo-file = 5832188 (type: Regular File)\n.peergroup = 12590 (type: not specified)\ncks = 5 (type: not specified)\ncksimap1 = 5247832 (type: Directory)\n.diskuse = 12016 (type: not specified)\nckstst2 = 12535 (type: not specified)\n\n\nThis is actually an old filesystem (it dates from Solaris 10 and has been transferred around with ‘zfs send | zfs recv’ since then), but various home directories for real and test users have been created in it over time (you can probably guess which one is the oldest one). Sufficiently old directories and files have no file type information, but more recent ones have this information, including .demo-file, which I made just now so this would have an entry that was a regular file with type information.\nOnce I dug into it, this turned out to be a change introduced (or activated) in ZFS filesystem version 2, which is described in ‘zfs upgrade -v’ as ‘enhanced directory entries’. As an actual change in (Open)Solaris, it dates from mid 2007, although I’m not sure what Solaris release it made it into. The upshot is that if you made your ZFS filesystem any time in the last decade, you’ll have this file type information in your directories.\nHow ZFS stores this file type information is interesting and clever, especially when it comes to backwards compatibility. I’ll start by quoting the comment from zfs_znode.h:\n\n\n/*\n* The directory entry has the type (currently unused on\n* Solaris) in the top 4 bits, and the object number in\n* the low 48 bits. The \"middle\" 12 bits are unused.\n*/\n\n\nIn yesterday’s entry I said that Unix directory entries need to store at least the filename and the inode number of the file. What ZFS is doing here is reusing the 64 bit field used for the ‘inode’ (the ZFS dnode number) to also store the file type, because it knows that object numbers have only a limited range. This also makes old directory entries compatible, by making type 0 (all 4 bits 0) mean ‘not specified’. Since old directory entries only stored the object number and the object number is 48 bits or less, the higher bits are guaranteed to be all zero.\nThe reason this needed a new ZFS filesystem version is now clear. If you tried to read directory entries with file type information on a version of ZFS that didn’t know about them, the old version would likely see crazy (and non-existent) object numbers and nothing would work. In order to even read a ‘file type in directory entries’ filesystem, you need to know to only look at the low 48 bits of the object number field in directory entries.\n\n\n\n\n###Everything old is new again\n\n\nJust because KDE4-era software has been deprecated by the KDE-FreeBSD team in the official ports-repository, doesn’t mean we don’t care for it while we still need to. KDE4 was released on January 11th, 2008 — I still have the T-shirt — which was a very different C++ world than what we now live in. Much of the code pre-dates the availability of C11 — certainly the availability of compilers with C11 support. The language has changed a great deal in those ten years since the original release.\nThe platforms we run KDE code on have, too — FreeBSD 12 is a long way from the FreeBSD 6 or 7 that were current at release (although at the time, I was more into OpenSolaris). In particular, since then the FreeBSD world has switched over to Clang, and FreeBSD current is experimenting with Clang 7. So we’re seeing KDE4-era code being built, and running, on FreeBSD 12 with Clang 7. That’s a platform with a very different idea of what constitutes correct code, than what the code was originally written for. (Not quite as big a difference as Helio’s KDE1 efforts, though)\nSo, while we’re counting down to removing KDE4 from the FreeBSD ports tree, we’re also going through and fixing it to work with Clang 7, which defaults to a newer C++ standard and which is quite picky about some things. Some time in the distant past, when pointers were integers and NULL was zero, there was some confusion about booleans. So there’s lots of code that does list.contains(element) \u0026gt; 0 … this must have been a trick before booleans were a supported type in all our compilers. In any case it breaks with Clang 7, since contains() returns a QBool which converts to a nullptr (when false) which isn’t comparable to the integer 0. Suffice to say I’ve spent more time reading KDE4-era code this month, than in the past two years.\nHowever, work is proceeding apace, so if you really really want to, you can still get your old-school kicks on a new platform. Because we care about packaging things right, even when we want to get rid of it.\n\n\n\n\n###OpenBSD netcat demystified\n\n\nOwing to its versatile functionalities, netcat earns the reputation as “TCP/IP Swiss army knife”. For example, you can create a simple chat app using netcat:\n\n\n\n(1) Open a terminal and input following command:\n\n\n# nc -l 3003\n\n\nThis means a netcat process will listen on 3003 port in this machine (the IP address of current machine is 192.168.35.176).\n\n\n\n(2) Connect aforemontioned netcat process in another machine, and send a greeting:\n\n\n# nc 192.168.35.176 3003\nhello\n\n\nThen in the first machine’s terminal, you will see the “hello” text:\n\n\n# nc -l 3003\nhello\n\n\nA primitive chatroom is built successfully. Very cool! Isn’t it? I think many people can’t wait to explore more features of netcatnow. If you are among them, congratulations! This tutorial may be the correct place for you.\nIn the following parts, I will delve into OpenBSD’s netcatcode to give a detailed anatomy of it. The reason of picking OpenBSD’s netcat rather than others’ is because its code repository is small (~2000 lines of code) and neat. Furthermore, I also hope this little book can assist you learn more socket programming knowledge not just grasping usage of netcat.\nWe’re all set. Let’s go!\n\n\n\n\n##Beastie Bits\n\n\nWhat’s in store for NetBSD 9.0\nNetBSD machines at Open Source Conference 2018 Hiroshima\nnmctl adapted with limited privileges: nmctl-0.6.0\nSubmit Your Work: Check out SCALE 17x and FOSDEM ’19 CFPs\nOpenBSD 6.4 site is up! (with a partial list of new features)\nUsing Alpine to Read Your Email on OpenBSD\n\n\n\n\n##Feedback/Questions\n\n\nMorgan - Send/Receive to Manage Fragmentation?\nRyan - ZFS and mmap\nMarcus - Linux Compat\nBen - Multiple Pools\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003e6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.ixsystems.com/blog/zfs-pool-performance-1/\"\u003eSix Metrics for Measuring ZFS Pool Performance Part 1\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS pool is far from trivial, it is important for an administrator to understand the mechanics of pool performance when designing a storage system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo quantify pool performance, we will consider six primary metrics:\u003c/li\u003e\n\u003cli\u003eRead I/O operations per second (IOPS)\u003c/li\u003e\n\u003cli\u003eWrite IOPS\u003c/li\u003e\n\u003cli\u003eStreaming read speed\u003c/li\u003e\n\u003cli\u003eStreaming write speed\u003c/li\u003e\n\u003cli\u003eStorage space efficiency (usable capacity after parity versus total raw capacity)\u003c/li\u003e\n\u003cli\u003eFault tolerance (maximum number of drives that can fail before data loss)\u003c/li\u003e\n\u003cli\u003eFor the sake of comparison, we’ll use an example system with 12 drives, each one sized at 6TB, and say that each drive does 100MB/s streaming reads and writes and can do 250 read and write IOPS. We will visualize how the data is spread across the drives by writing 12 multi-colored blocks, shown below. The blocks are written to the pool starting with the brown block on the left (number one), and working our way to the pink block on the right (number 12).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNote that when we calculate data rates and IOPS values for the example system, they are only approximations. Many other factors can impact pool access speeds for better (compression, caching) or worse (poor CPU performance, not enough memory).\u003cbr\u003e\nThere is no single configuration that maximizes all six metrics. Like so many things in life, our objective is to find an appropriate balance of the metrics to match a target workload. For example, a cold-storage backup system will likely want a pool configuration that emphasizes usable storage space and fault tolerance over the other data-rate focused metrics.\u003cbr\u003e\nLet’s start with a quick review of ZFS storage pools before diving into specific configuration options. ZFS storage pools are comprised of one or more virtual devices, or vdevs. Each vdev is comprised of one or more storage providers, typically physical hard disks. All disk-level redundancy is configured at the vdev level. That is, the RAID layout is set on each vdev as opposed to on the storage pool. Data written to the storage pool is then striped across all the vdevs. Because pool data is striped across the vdevs, the loss of any one vdev means total pool failure. This is perhaps the single most important fact to keep in mind when designing a ZFS storage system. We will circle back to this point in the next post, but keep it in mind as we go through the vdev configuration options.\u003cbr\u003e\nBecause storage pools are made up of one or more vdevs with the pool data striped over the top, we’ll take a look at pool configuration in terms of various vdev configurations. There are three basic vdev configurations: striping, mirroring, and RAIDZ (which itself has three different varieties). The first section will cover striped and mirrored vdevs in this post; the second post will cover RAIDZ and some example scenarios.\u003cbr\u003e\nA striped vdev is the simplest configuration. Each vdev consists of a single disk with no redundancy. When several of these single-disk, striped vdevs are combined into a single storage pool, the total usable storage space would be the sum of all the drives. When you write data to a pool made of striped vdevs, the data is broken into small chunks called “blocks” and distributed across all the disks in the pool. The blocks are written in “round-robin” sequence, meaning after all the disks receive one row of blocks, called a stripe, it loops back around and writes another stripe under the first. A striped pool has excellent performance and storage space efficiency, but absolutely zero fault tolerance. If even a single drive in the pool fails, the entire pool will fail and all data stored on that pool will be lost.\u003cbr\u003e\nThe excellent performance of a striped pool comes from the fact that all of the disks can work independently for all read and write operations. If you have a bunch of small read or write operations (IOPS), each disk can work independently to fetch the next block. For streaming reads and writes, each disk can fetch the next block in line synchronized with its neighbors. For example, if a given disk is fetching block n, its neighbor to the left can be fetching block n-1, and its neighbor to the right can be fetching block n+1. Therefore, the speed of all read and write operations as well as the quantity of read and write operations (IOPS) on a striped pool will scale with the number of vdevs. Note here that I said the speeds and IOPS scale with the number of vdevs rather than the number of drives; there’s a reason for this and we’ll cover it in the next post when we discuss RAID-Z.\u003cbr\u003e\nHere’s a summary of the total pool performance (where N is the number of disks in the pool):\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eN-wide striped:\u003c/li\u003e\n\u003cli\u003eRead IOPS: N * Read IOPS of a single drive\u003c/li\u003e\n\u003cli\u003eWrite IOPS: N * Write IOPS of a single drive\u003c/li\u003e\n\u003cli\u003eStreaming read speed: N * Streaming read speed of a single drive\u003c/li\u003e\n\u003cli\u003eStreaming write speed: N * Streaming write speed of a single drive\u003c/li\u003e\n\u003cli\u003eStorage space efficiency: 100%\u003c/li\u003e\n\u003cli\u003eFault tolerance: None!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet’s apply this to our example system, configured with a 12-wide striped pool:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e12-wide striped:\u003c/li\u003e\n\u003cli\u003eRead IOPS: 3000\u003c/li\u003e\n\u003cli\u003eWrite IOPS: 3000\u003c/li\u003e\n\u003cli\u003eStreaming read speed: 1200 MB/s\u003c/li\u003e\n\u003cli\u003eStreaming write speed: 1200 MB/s\u003c/li\u003e\n\u003cli\u003eStorage space efficiency: 72 TB\u003c/li\u003e\n\u003cli\u003eFault tolerance: None!\u003c/li\u003e\n\u003cli\u003eBelow is a visual depiction of our 12 rainbow blocks written to this pool configuration:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe blocks are simply striped across the 12 disks in the pool. The LBA column on the left stands for “Logical Block Address”. If we treat each disk as a column in an array, each LBA would be a row. It’s also easy to see that if any single disk fails, we would be missing a color in the rainbow and our data would be incomplete. While this configuration has fantastic read and write speeds and can handle a ton of IOPS, the data stored on the pool is very vulnerable. This configuration is not recommended unless you’re comfortable losing all of your pool’s data whenever any single drive fails.\u003cbr\u003e\nA mirrored vdev consists of two or more disks. A mirrored vdev stores an exact copy of all the data written to it on each one of its drives. Traditional RAID-1 mirrors usually only support two drive mirrors, but ZFS allows for more drives per mirror to increase redundancy and fault tolerance. All disks in a mirrored vdev have to fail for the vdev, and thus the whole pool, to fail. Total storage space will be equal to the size of a single drive in the vdev. If you’re using mismatched drive sizes in your mirrors, the total size will be that of the smallest drive in the mirror.\u003cbr\u003e\nStreaming read speeds and read IOPS on a mirrored vdev will be faster than write speeds and IOPS. When reading from a mirrored vdev, the drives can “divide and conquer” the operations, similar to what we saw above in the striped pool. This is because each drive in the mirror has an identical copy of the data. For write operations, all of the drives need to write a copy of the data, so the mirrored vdev will be limited to the streaming write speed and IOPS of a single disk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere’s a summary:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eN-way mirror:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRead IOPS: N * Read IOPS of a single drive\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWrite IOPS: Write IOPS of a single drive\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming read speed: N * Streaming read speed of a single drive\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming write speed: Streaming write speed of a single drive\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStorage space efficiency: 50% for 2-way, 33% for 3-way, 25% for 4-way, etc. [(N-1)/N]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFault tolerance: 1 disk per vdev for 2-way, 2 for 3-way, 3 for 4-way, etc. [N-1]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFor our first example configuration, let’s do something ridiculous and create a 12-way mirror. ZFS supports this kind of thing, but your management probably will not.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e1x 12-way mirror:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRead IOPS: 3000\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWrite IOPS: 250\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming read speed: 1200 MB/s\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming write speed: 100 MB/s\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStorage space efficiency: 8.3% (6 TB)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFault tolerance: 11\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs we can clearly see from the diagram, every single disk in the vdev gets a full copy of our rainbow data. The chainlink icons between the disk labels in the column headers indicate the disks are part of a single vdev. We can lose up to 11 disks in this vdev and still have a complete rainbow. Of course, the data takes up far too much room on the pool, occupying a full 12 LBAs in the data array.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eObviously, this is far from the best use of 12 drives. Let’s do something a little more practical and configure the pool with the ZFS equivalent of RAID-10. We’ll configure six 2-way mirror vdevs. ZFS will stripe the data across all 6 of the vdevs. We can use the work we did in the striped vdev section to determine how the pool as a whole will behave. Let’s first calculate the performance per vdev, then we can work on the full pool:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e1x 2-way mirror:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRead IOPS: 500\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWrite IOPS: 250\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming read speed: 200 MB/s\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming write speed: 100 MB/s\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStorage space efficiency: 50% (6 TB)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFault tolerance: 1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNow we can pretend we have 6 drives with the performance statistics listed above and run them through our striped vdev performance calculator to get the total pool’s performance:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e6x 2-way mirror:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRead IOPS: 3000\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWrite IOPS: 1500\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming read speed: 3000 MB/s\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStreaming write speed: 1500 MB/s\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStorage space efficiency: 50% (36 TB)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFault tolerance: 1 per vdev, 6 total\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAgain, we will examine the configuration from a visual perspective:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEach vdev gets a block of data and ZFS writes that data to all of (or in this case, both of) the disks in the mirror. As long as we have at least one functional disk in each vdev, we can retrieve our rainbow. As before, the chain link icons denote the disks are part of a single vdev. This configuration emphasizes performance over raw capacity but doesn’t totally disregard fault tolerance as our striped pool did. It’s a very popular configuration for systems that need a lot of fast I/O. Let’s look at one more example configuration using four 3-way mirrors. We’ll skip the individual vdev performance calculation and go straight to the full pool:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e4x 3-way mirror:\u003c/li\u003e\n\u003cli\u003eRead IOPS: 3000\u003c/li\u003e\n\u003cli\u003eWrite IOPS: 1000\u003c/li\u003e\n\u003cli\u003eStreaming read speed: 3000 MB/s\u003c/li\u003e\n\u003cli\u003eStreaming write speed: 400 MB/s\u003c/li\u003e\n\u003cli\u003eStorage space efficiency: 33% (24 TB)\u003c/li\u003e\n\u003cli\u003eFault tolerance: 2 per vdev, 8 total\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile we have sacrificed some write performance and capacity, the pool is now extremely fault tolerant. This configuration is probably not practical for most applications and it would make more sense to use lower fault tolerance and set up an offsite backup system.\u003cbr\u003e\nStriped and mirrored vdevs are fantastic for access speed performance, but they either leave you with no redundancy whatsoever or impose at least a 50% penalty on the total usable space of your pool. In the next post, we will cover RAIDZ, which lets you keep data redundancy without sacrificing as much storage space efficiency. We’ll also look at some example workload scenarios and decide which layout would be the best fit for each.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html\"\u003e2FA with ssh on OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFive years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there’s no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don’t want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you’d like to use it. You could use a bastion—and use only one yubikey—but I don’t like the SPOF aspect of a bastion. YMMV.\u003cbr\u003e\nAfter I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can’t do that using only the tools in base. This article focuses on OpenBSD; if you use another operating system, here are two handy links.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSEED CONFIGURATION\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first thing we need to do is to install the software which will be used to verify the OTPs we submit.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# pkg_add login_oath\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe need to create a secret - aka, the seed - that will be used to calculate the Time-based One-Time Passwords. We should make sure no one can read or change it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e$ openssl rand -hex 20 \u0026gt; ~/.totp-key\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e$ chmod 400 ~/.totp-key\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow we have a hexadecimal key, but apps usually want a base32 secret. I initially wrote a small script to do the conversion.\u003cbr\u003e\nWhile writing this article, I took the opportunity to improve it. When I initially wrote this utility for my use, python-qrcode hadn’t yet been imported to the OpenBSD ports/packages system. It’s easy to install now, so let’s use it.\u003cbr\u003e\nHere’s the improved version. It will ask for the hex key and output the secret as a base32-encoded string, both with and without spacing so you can copy-paste it into your password manager or easily retype it. It will then ask for the information needed to generate a QR code. Adding our new OTP secret to any mobile app using the QR code will be super easy!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSYSTEM CONFIGURATION\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe can now move to the configuration of the system to put our new TOTP to use. As you might guess, it’s going to be quite close to what we did with the yubikey.\u003cbr\u003e\nWe need to tweak login.conf. Be careful and keep a root shell open at all times. The few times I broke my OpenBSD were because I messed with login.conf without showing enough care.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSSHD CONFIGURATION\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAgain, keeping a root shell around decreases the risk of losing access to the system and being locked outside.\u003cbr\u003e\nA good standard is to use PasswordAuthentication no and to use public key only. Except… have a guess what the P stands for in TOTP. Yes, congrats, you guessed it!\u003cbr\u003e\nWe need to switch to PasswordAuthentication yes. However, if we made this change alone, sshd would then accept a public key OR a password (which are TOTP because of our login.conf). 2FA uses both at the same time.\u003cbr\u003e\nTo inform sshd we intend to use both, we need to set AuthenticationMethods publickey,password. This way, the user trying to login will first need to perform the traditional publickey authentication. Once that’s done, ssh will prompt for a password and the user will need to submit a valid TOTP for the system.\u003cbr\u003e\nWe could do this the other way around, but I think bots could try passwords, wasting resources. Evaluated in this order, failing to provide a public key leads to sshd immediately declining your attempt.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIMPROVING SECURITY WITHOUT IMPACTING UX\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy phone has a long enough password that most of the time, I fail to type it correctly on the first try. Of course, if I had to unlock my phone, launch my TOTP app and use my keyboard to enter what I see on my phone’s screen, I would quickly disable 2FA.\u003cbr\u003e\nTo find a balance, I have whitelisted certain IP addresses and users. If I connect from a particular IP address or as a specific user, I don’t want to go through 2FA. For some users, I might not even enable 2FA.\u003cbr\u003e\nTo sum up, we covered how to create a seed, how to perform a hexadecimal to base32 conversion and how to create a QR code for mobile applications. We configured the login system with login.conf so that ssh authentication uses the TOTP login system, and we told sshd to ask for both the public key and the Time-based One-Time Password. Now you should be all set to use two-factor ssh authentication on OpenBSD!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSAndDirectoryDType\"\u003eHow ZFS maintains file type information in directories\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs an aside in yesterday’s history of file type information being available in Unix directories, I mentioned that it was possible for a filesystem to support this even though its Unix didn’t. By supporting it, I mean that the filesystem maintains this information in its on disk format for directories, even though the rest of the kernel will never ask for it. This is what ZFS does.\u003cbr\u003e\nThe easiest way to see that ZFS does this is to use zdb to dump a directory. I’m going to do this on an OmniOS machine, to make it more convincing, and it turns out that this has some interesting results. Since this is OmniOS, we don’t have the convenience of just naming a directory in zdb, so let’s find the root directory of a filesystem, starting from dnode 1 (as seen before).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# zdb -dddd fs3-corestaff-01/h/281 1\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eDataset [....]\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e[...]\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003emicrozap: 512 bytes, 4 entries\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e[...]\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eROOT = 3\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e# zdb -dddd fs3-corestaff-01/h/281 3\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eObject lvl iblk dblk dsize lsize %full type\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e3 1 16K 1K 8K 1K 100.00 ZFS directory\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e[...]\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003emicrozap: 1024 bytes, 8 entries\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eRESTORED = 4396504 (type: Directory)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eckstst = 12017 (type: not specified)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eckstst3 = 25069 (type: Directory)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e.demo-file = 5832188 (type: Regular File)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e.peergroup = 12590 (type: not specified)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecks = 5 (type: not specified)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecksimap1 = 5247832 (type: Directory)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e.diskuse = 12016 (type: not specified)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eckstst2 = 12535 (type: not specified)\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is actually an old filesystem (it dates from Solaris 10 and has been transferred around with ‘zfs send | zfs recv’ since then), but various home directories for real and test users have been created in it over time (you can probably guess which one is the oldest one). Sufficiently old directories and files have no file type information, but more recent ones have this information, including .demo-file, which I made just now so this would have an entry that was a regular file with type information.\u003cbr\u003e\nOnce I dug into it, this turned out to be a change introduced (or activated) in ZFS filesystem version 2, which is described in ‘zfs upgrade -v’ as ‘enhanced directory entries’. As an actual change in (Open)Solaris, it dates from mid 2007, although I’m not sure what Solaris release it made it into. The upshot is that if you made your ZFS filesystem any time in the last decade, you’ll have this file type information in your directories.\u003cbr\u003e\nHow ZFS stores this file type information is interesting and clever, especially when it comes to backwards compatibility. I’ll start by quoting the comment from zfs_znode.h:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e/*\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e* The directory entry has the type (currently unused on\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e* Solaris) in the top 4 bits, and the object number in\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e* the low 48 bits. The \u0026quot;middle\u0026quot; 12 bits are unused.\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e*/\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn yesterday’s entry I said that Unix directory entries need to store at least the filename and the inode number of the file. What ZFS is doing here is reusing the 64 bit field used for the ‘inode’ (the ZFS dnode number) to also store the file type, because it knows that object numbers have only a limited range. This also makes old directory entries compatible, by making type 0 (all 4 bits 0) mean ‘not specified’. Since old directory entries only stored the object number and the object number is 48 bits or less, the higher bits are guaranteed to be all zero.\u003cbr\u003e\nThe reason this needed a new ZFS filesystem version is now clear. If you tried to read directory entries with file type information on a version of ZFS that didn’t know about them, the old version would likely see crazy (and non-existent) object numbers and nothing would work. In order to even read a ‘file type in directory entries’ filesystem, you need to know to only look at the low 48 bits of the object number field in directory entries.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://euroquis.nl/bobulate/?p=1976\"\u003eEverything old is new again\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJust because KDE4-era software has been deprecated by the KDE-FreeBSD team in the official ports-repository, doesn’t mean we don’t care for it while we still need to. KDE4 was released on January 11th, 2008 — I still have the T-shirt — which was a very different C++ world than what we now live in. Much of the code pre-dates the availability of C\u003cins\u003e11 — certainly the availability of compilers with C\u003c/ins\u003e11 support. The language has changed a great deal in those ten years since the original release.\u003cbr\u003e\nThe platforms we run KDE code on have, too — FreeBSD 12 is a long way from the FreeBSD 6 or 7 that were current at release (although at the time, I was more into OpenSolaris). In particular, since then the FreeBSD world has switched over to Clang, and FreeBSD current is experimenting with Clang 7. So we’re seeing KDE4-era code being built, and running, on FreeBSD 12 with Clang 7. That’s a platform with a very different idea of what constitutes correct code, than what the code was originally written for. (Not quite as big a difference as Helio’s KDE1 efforts, though)\u003cbr\u003e\nSo, while we’re counting down to removing KDE4 from the FreeBSD ports tree, we’re also going through and fixing it to work with Clang 7, which defaults to a newer C++ standard and which is quite picky about some things. Some time in the distant past, when pointers were integers and NULL was zero, there was some confusion about booleans. So there’s lots of code that does list.contains(element) \u0026gt; 0 … this must have been a trick before booleans were a supported type in all our compilers. In any case it breaks with Clang 7, since contains() returns a QBool which converts to a nullptr (when false) which isn’t comparable to the integer 0. Suffice to say I’ve spent more time reading KDE4-era code this month, than in the past two years.\u003cbr\u003e\nHowever, work is proceeding apace, so if you really really want to, you can still get your old-school kicks on a new platform. Because we care about packaging things right, even when we want to get rid of it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://nanxiao.gitbooks.io/openbsd-netcat-demystified/\"\u003eOpenBSD netcat demystified\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOwing to its versatile functionalities, netcat earns the reputation as “TCP/IP Swiss army knife”. For example, you can create a simple chat app using netcat:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(1) Open a terminal and input following command:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e# nc -l 3003\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis means a netcat process will listen on 3003 port in this machine (the IP address of current machine is 192.168.35.176).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(2) Connect aforemontioned netcat process in another machine, and send a greeting:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e# nc 192.168.35.176 3003\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ehello\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen in the first machine’s terminal, you will see the “hello” text:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# nc -l 3003\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ehello\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA primitive chatroom is built successfully. Very cool! Isn’t it? I think many people can’t wait to explore more features of netcatnow. If you are among them, congratulations! This tutorial may be the correct place for you.\u003cbr\u003e\nIn the following parts, I will delve into OpenBSD’s netcatcode to give a detailed anatomy of it. The reason of picking OpenBSD’s netcat rather than others’ is because its code repository is small (~2000 lines of code) and neat. Furthermore, I also hope this little book can assist you learn more socket programming knowledge not just grasping usage of netcat.\u003cbr\u003e\nWe’re all set. Let’s go!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.geeklan.co.uk/files/eurobsdcon2018.pdf\"\u003eWhat’s in store for NetBSD 9.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2018/09/25/msg000783.html\"\u003eNetBSD machines at Open Source Conference 2018 Hiroshima\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://vincentdelft.be/post/post_20180922\"\u003enmctl adapted with limited privileges: nmctl-0.6.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/submit-your-work-check-out-scale-17x-and-fosdem-19-cfps/\"\u003eSubmit Your Work: Check out SCALE 17x and FOSDEM ’19 CFPs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/64.html\"\u003eOpenBSD 6.4 site is up! (with a partial list of new features)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.blackcatenterprises.us/using-alpine-to-read-your-email/\"\u003eUsing Alpine to Read Your Email on OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMorgan - \u003ca href=\"http://dpaste.com/0EXPWQK#wrap\"\u003eSend/Receive to Manage Fragmentation?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRyan - \u003ca href=\"http://dpaste.com/0B6C0Y0\"\u003eZFS and mmap\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMarcus - \u003ca href=\"http://dpaste.com/1DT26S8#wrap\"\u003eLinux Compat\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBen - \u003ca href=\"http://dpaste.com/20GTHZE#wrap\"\u003eMultiple Pools\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.","date_published":"2018-10-17T01:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/78b4306b-b0ac-4221-b4f4-60d2bde9628e.mp3","mime_type":"audio/mp3","size_in_bytes":40587288,"duration_in_seconds":4040}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2689","title":"Episode 267: Absolute FreeBSD | BSD Now 267","url":"https://www.bsdnow.tv/267","content_text":"We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.\n\n##Headlines\n##Interview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor\n\n\nBR: [Welcome Back]\nAJ: What have you been doing since last we talked to you [ed, ssh, and af3e]\nBR: Tell us more about AF3e\nAJ: How did the first Absolute FreeBSD come about?\nBR: Do you have anything special planned for MeetBSD?\nAJ: What are you working on now? [FM:Jails, Git sync Murder]\nBR: What are your plans for next year?\nAJ: How has SEMIBug been going?\n\n\nAuction at https://mwl.io\nPatreon Link:\n\n\n\n##Feedback/Questions\n\n\nPaul - Recent bhyve related videos (daemon)\nMichael - freebsd-update question\nSigflup - pkg file search\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWe have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n##Interview - Michael W. Lucas - \u003ca href=\"mailto:mwlucas@michaelwlucas.com\"\u003emwlucas@michaelwlucas.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/mwlauthor\"\u003e@mwlauthor\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBR: [Welcome Back]\u003c/li\u003e\n\u003cli\u003eAJ: What have you been doing since last we talked to you [ed, ssh, and af3e]\u003c/li\u003e\n\u003cli\u003eBR: Tell us more about AF3e\u003c/li\u003e\n\u003cli\u003eAJ: How did the first Absolute FreeBSD come about?\u003c/li\u003e\n\u003cli\u003eBR: Do you have anything special planned for MeetBSD?\u003c/li\u003e\n\u003cli\u003eAJ: What are you working on now? [FM:Jails, Git sync Murder]\u003c/li\u003e\n\u003cli\u003eBR: What are your plans for next year?\u003c/li\u003e\n\u003cli\u003eAJ: How has SEMIBug been going?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAuction at \u003ca href=\"https://mwl.io\"\u003ehttps://mwl.io\u003c/a\u003e\u003cbr\u003e\nPatreon Link:\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePaul - \u003ca href=\"http://dpaste.com/0Q6C25T#wrap\"\u003eRecent bhyve related videos (daemon)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/1YTR9FZ\"\u003efreebsd-update question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSigflup - \u003ca href=\"http://dpaste.com/3799BBX#wrap\"\u003epkg file search\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.","date_published":"2018-10-10T06:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/065b608e-9204-46f2-a689-63ccf08c58a2.mp3","mime_type":"audio/mp3","size_in_bytes":40763471,"duration_in_seconds":4058}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2661","title":"Episode 266: File Type History | BSD Now 266","url":"https://www.bsdnow.tv/266","content_text":"Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.\n\n##Headlines\n###OpenBSD/NetBSD on FreeBSD using grub2-bhyve\n\n\nWhen I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!\nThe grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:\n\n\n# pkg install grub2-bhyve\n\n\nTo run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.\n\n\n# grub-bhyve test\nGNU GRUB version 2.00\nMinimal BASH-like line editing is supported. For the first word, TAB lists possible command\ncompletions. Anywhere else TAB lists possible device or file completions.\n\n\ngrub\u0026gt;\n\n\nAfter running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.\n\n\ngrub\u0026gt; ls\n(host)\ngrub\u0026gt; ls (host)/\nlibexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/\ngrub\u0026gt;\n\n\nTo exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL ztank/bhyve/post. On another terminal, we create:\n\n\n# zfs create -V 10G ztank/bhyve/post\n\n\nIf you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.\n\n\n# truncate -s 10G post.img\n\n\nI recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.\n\n\ncat \u0026gt; /tmp/post.map \u0026lt;\u0026lt; EOF\n(hd0) /directory/to/disk/image\n(hd1) /dev/zvol/ztank/bhyve/post\nEOF\n\n\nThe mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.\n\n\n# grub-bhyve -m /tmp/post.map post\ngrub\u0026gt; ls\n(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)\n\n\nThe hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.\n\n\ngrub\u0026gt; ls (hd0,msdos4)/\nboot bsd 6.4/ etc/\n\n\nAnd this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:\n\n\ngrub\u0026gt; set root=(hd0,msdos4)\ngrub\u0026gt; kopenbsd -h com0 -r sd0a /bsd\ngrub\u0026gt; boot\n\n\nAfter that, we can run bhyve virtual machine. In my case it is:\n\n\n# bhyve -c 1 -w -u -H \\\n-s 0,amd_hostbridge \\\n-s 3,ahci-hd,/directory/to/disk/image \\\n-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \\\n-s 31,lpc -l com1,stdio \\\npost\n\n\nUnfortunately explaining the whole bhyve(8)  command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.\n\n\ncat \u0026lt;\u0026lt; EOF | grub-bhyve -m /tmp/post.map -M 512 post\nset root=(hd0,4)\nkopenbsd -h com0 -r sd0a /bsd\nboot\nEOF\n\n\n\n###My FreeBSD Story\n\n\nMy first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.\nBack then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600\nThen I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.\nAt the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.\nAfter ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??\nI do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.\nI always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.\nAfter half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??\nOf course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.\nSomewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent BSDForums.org site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.\nWhy FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.\nAs the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.\nAfter 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t\n\n\n\n\n##News Roundup\n###OpenBSD on the Desktop: some thoughts\n\n\nI’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.\nThe OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.\nI like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.\nI like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.\nJust install a browser and you’re ready to go.\nManual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.\nPerformance is not first-class, mostly because of all the security mitigations and checks done at runtime.\nI write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.\nTo use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.\n\n\n\n\n###The history of file type information being available in Unix directories\n\n\nThe two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:\n[…], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional d_type field that has the directory entry’s type.\nOn Twitter, I recently grumbled about Illumos not having this d_type field. The ensuing conversation wound up with me curious about exactly where d_type came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of d_type.\nOn the kernel side, d_type appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a d_type field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD d_type was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.\n(In FreeBSD, the most convenient history I can find is here, and the d_type field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)\nDocumentation for d_type appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.\nIn Linux, it seems that a dirent structure with a d_type member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the d_type field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented d_type, and probably many years after it was actually available if you peeked at the structure definition.\nAs far as I can tell, d_type is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.\nSidebar: The filesystem also matters on modern Unixes\nEven if your Unix supports d_type in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with d_type support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DT_UNKNOWN.\nIt’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.\n\n\n\n\n###Multiboot Pinebook KDE neon\n\n\nRecently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.\nHere’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.\nBut one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.\nI have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.\nHere’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.\nThe nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.\nSo to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.\n\n\n\n\n##Beastie Bits\n\n\nUnexpected benefit with Ryzen – reducing power for build server\nHappy #CIDRDay!\nAbsolute FreeBSD 3e ship date\nMWL FreeBSD talk @ October 9th 2018 - MUG Meeting\nMeetBSD Oct 19-20\nOctober’s London *BSD meetup - 9th Oct 2018\nNRW BUG Meeting at Trivago Oct. 9\nLars Wittebrood blogs about his visit to EuroBSDCon 2018\nEuroBSDcon 2018 OpenBSD slides available\nEuroBSDCon conference site has most slides as well\n\n\n\n\n##Feedback/Questions\n\n\nBrad - Unmounted ZFS sends\nNiclas - Report from a Meetup\nGhislain - Bhyve not used?\nShane - zpool history and snapshots\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eRunning OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://oshogbo.vexillium.org/blog/53/\"\u003eOpenBSD/NetBSD on FreeBSD using grub2-bhyve\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!\u003cbr\u003e\nThe grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# pkg install grub2-bhyve\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# grub-bhyve test\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eGNU GRUB version 2.00\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eMinimal BASH-like line editing is supported. For the first word, TAB lists possible command\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecompletions. Anywhere else TAB lists possible device or file completions.\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003egrub\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003egrub\u0026gt; ls\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e(host)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003egrub\u0026gt; ls (host)/\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003elibexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003egrub\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL \u003ccode\u003eztank/bhyve/post\u003c/code\u003e. On another terminal, we create:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# zfs create -V 10G ztank/bhyve/post\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# truncate -s 10G post.img\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ecat \u0026gt; /tmp/post.map \u0026lt;\u0026lt; EOF\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e(hd0) /directory/to/disk/image\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e(hd1) /dev/zvol/ztank/bhyve/post\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eEOF\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# grub-bhyve -m /tmp/post.map post\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003egrub\u0026gt; ls\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003egrub\u0026gt; ls (hd0,msdos4)/\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eboot bsd 6.4/ etc/\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003egrub\u0026gt; set root=(hd0,msdos4)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003egrub\u0026gt; kopenbsd -h com0 -r sd0a /bsd\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003egrub\u0026gt; boot\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter that, we can run bhyve virtual machine. In my case it is:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# bhyve -c 1 -w -u -H \\\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e-s 0,amd_hostbridge \\\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e-s 3,ahci-hd,/directory/to/disk/image \\\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \\\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e-s 31,lpc -l com1,stdio \\\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003epost\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnfortunately explaining the whole bhyve(8)  command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ecat \u0026lt;\u0026lt; EOF | grub-bhyve -m /tmp/post.map -M 512 post\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eset root=(hd0,4)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ekopenbsd -h com0 -r sd0a /bsd\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eboot\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eEOF\u003c/code\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://vermaden.wordpress.com/2018/09/07/my-freebsd-story/\"\u003eMy FreeBSD Story\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.\u003cbr\u003e\nBack then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600\u003cbr\u003e\nThen I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.\u003cbr\u003e\nAt the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.\u003cbr\u003e\nAfter ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??\u003cbr\u003e\nI do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.\u003cbr\u003e\nI always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.\u003cbr\u003e\nAfter half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??\u003cbr\u003e\nOf course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.\u003cbr\u003e\nSomewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent \u003ca href=\"http://BSDForums.org\"\u003eBSDForums.org\u003c/a\u003e site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.\u003cbr\u003e\nWhy FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.\u003cbr\u003e\nAs the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.\u003cbr\u003e\nAfter 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/\"\u003eOpenBSD on the Desktop: some thoughts\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.\u003cbr\u003e\nThe OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.\u003cbr\u003e\nI like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.\u003cbr\u003e\nI like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.\u003cbr\u003e\nJust install a browser and you’re ready to go.\u003cbr\u003e\nManual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.\u003cbr\u003e\nPerformance is not first-class, mostly because of all the security mitigations and checks done at runtime.\u003cbr\u003e\nI write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.\u003cbr\u003e\nTo use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/unix/DirectoryDTypeHistory\"\u003eThe history of file type information being available in Unix directories\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:\u003cbr\u003e\n[…], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional d_type field that has the directory entry’s type.\u003cbr\u003e\nOn Twitter, I recently grumbled about Illumos not having this d_type field. The ensuing conversation wound up with me curious about exactly where d_type came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of d_type.\u003cbr\u003e\nOn the kernel side, d_type appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a d_type field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD d_type was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.\u003cbr\u003e\n(In FreeBSD, the most convenient history I can find is here, and the d_type field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)\u003cbr\u003e\nDocumentation for d_type appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.\u003cbr\u003e\nIn Linux, it seems that a dirent structure with a d_type member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the d_type field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented d_type, and probably many years after it was actually available if you peeked at the structure definition.\u003cbr\u003e\nAs far as I can tell, d_type is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.\u003cbr\u003e\nSidebar: The filesystem also matters on modern Unixes\u003cbr\u003e\nEven if your Unix supports d_type in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with d_type support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DT_UNKNOWN.\u003cbr\u003e\nIt’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://euroquis.nl/bobulate/?p=1979\"\u003eMultiboot Pinebook KDE neon\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.\u003cbr\u003e\nHere’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.\u003cbr\u003e\nBut one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.\u003cbr\u003e\nI have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.\u003cbr\u003e\nHere’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.\u003cbr\u003e\nThe nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.\u003cbr\u003e\nSo to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2018-September/357883.html\"\u003eUnexpected benefit with Ryzen – reducing power for build server\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3758\"\u003eHappy #CIDRDay!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3771\"\u003eAbsolute FreeBSD 3e ship date\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.mug.org/\"\u003eMWL FreeBSD talk @ October 9th 2018 - MUG Meeting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/meetbsd-2018-countdown/\"\u003eMeetBSD Oct 19-20\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-September/014218.html\"\u003eOctober’s London *BSD meetup - 9th Oct 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsd.nrw/\"\u003eNRW BUG Meeting at Trivago Oct. 9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.socruel.nu/misc/eurobsdcon-2018.html\"\u003eLars Wittebrood blogs about his visit to EuroBSDCon 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180925075334\"\u003eEuroBSDcon 2018 OpenBSD slides available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/talks-speakers/\"\u003eEuroBSDCon conference site has most slides as well\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/3T9M2QC#wrap\"\u003eUnmounted ZFS sends\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNiclas - \u003ca href=\"http://dpaste.com/11TKDK2\"\u003eReport from a Meetup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGhislain - \u003ca href=\"http://dpaste.com/2790GC6\"\u003eBhyve not used?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShane - \u003ca href=\"http://dpaste.com/1P055SQ\"\u003ezpool history and snapshots\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.","date_published":"2018-10-03T13:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/04e29e6e-69af-4d6a-9e57-2caa87aaeb48.mp3","mime_type":"audio/mp3","size_in_bytes":45192669,"duration_in_seconds":4500}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2631","title":"Episode 265: Software Disenchantment | BSD Now 265","url":"https://www.bsdnow.tv/265","content_text":"We report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync.\n\n##Headlines\n\n###[FreeBSD DevSummit \u0026amp; EuroBSDcon 2018 in Romania]\n\n\nYour hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks.\nAlthough Benedict organized the devsummit in large parts, he did not attend it this year. He held his Ansible tutorial in the morning of the first day, followed by Niclas Zeising’s new ports and poudriere tutorial (which had a record attendance). It was intended for beginners that had never used poudriere before and those who wanted to create their first port. The tutorial was well received and Niclas already has ideas for extending it for future conferences.\nOn the second day, Benedict took Kirk McKusick’s “An Introduction to the FreeBSD Open-Source Operating System” tutorial, held as a one full day class this year. Although it was reduced in content, it went into enough depth of many areas of the kernel and operating system to spark many questions from attendees. Clearly, this is a good start into kernel programming as Kirk provides enough material and backstories to understand why certain things are implemented as they are.\nOlivier Robert took [https://www.talegraph.com/tales/l2o9ltrvsE](pictures from the devsummit) and created a nice gallery out of it.\nDevsummit evenings saw dinners at two restaurants that allowed developers to spend some time talking over food and drinks.\nThe conference opened on the next day with the opening session held by Mihai Carabas. He introduced the first keynote speaker, a colleague of his who presented “Lightweight virtualization with LightVM and Unikraft”.\nBenedict helped out at the FreeBSD Foundation sponsor table and talked to people. He saw the following talks in between:\n\n\n\nSelfhosting as an alternative to the public cloud (by Albert Dengg)\nUsing Boot Environments at Scale (by Allan Jude)\nLivepatching FreeBSD kernel (by Maciej Grochowski)\nFreeBSD: What to (Not) Monitor (by Andrew Fengler)\nFreeBSD Graphics (by Niclas Zeising)\n\n\n\nAllan spent a lot of time talking to people and helping track down issues they were having, in addition to attending many talks:\n\nHacking together a FreeBSD presentation streaming box – For as little as possible (by Tom Jones)\nIntroduction of FreeBSD in new environments (by Baptiste Daroussin)\nKeynote: Some computing and networking historical perspectives (by Ron Broersma)\nLivepatching FreeBSD kernel (by Maciej Grochowski)\nFreeBSD: What to (Not) Monitor (by Andrew Fengler)\nBeing a BSD user (by Roller Angel)\nFrom “Hello World” to the VFS Layer: building a beadm for DragonFly BSD (by Michael Voight)\n\n\nWe also met the winner of our Power Bagel raffle from Episode 2^8. He received the item in the meantime and had it with him at the conference, providing a power outlet to charge other people’s devices.\nDuring the closing session, GroffTheBSDGoat was handed over to Deb Goodkin, who will bring the little guy to the Grace Hopper Celebration of Women in Computing conference and then to MeetBSD later this year. It was also revealed that next year’s EuroBSDcon will be held in Lillehammer, Norway.\nThanks to all the speakers, helpers, sponsors, organizers, and attendees for making it a successful conferences. There were no talks recorded this year, but the slides will be uploaded to the EuroBSDcon website in a couple of weeks. The OpenBSD talks are already available, so check them out.\n\n\n###Software disenchantment\n\n\nI’ve been programming for 15 years now. Recently our industry’s lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general.\nModern cars work, let’s say for the sake of argument, at 98% of what’s physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same.\nOnly in software, it’s fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in “why should we worry, computers are fast enough”:\n@tveastman: I have a Python program I run every day, it takes 1.5 seconds. I spent six hours re-writing it in rust, now it takes 0.06 seconds. That efficiency improvement means I’ll make my time back in 41 years, 24 days :-)\nYou’ve probably heard this mantra: “programmer time is more expensive than computer time”. What it means basically is that we’re wasting computers at an unprecedented scale. Would you buy a car if it eats 100 liters per 100 kilometers? How about 1000 liters? With computers, we do that all the time.\n\n\n\nEverything is unbearably slow\n\n\n\nLook around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?\nGoogle Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails:\nIt also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.\nWindows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.\nPavel Fatin: Typing in editor is a relatively simple process, so even 286 PCs were able to provide a rather fluid typing experience.\nModern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?\nAs a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features. Everything works way below the possible speed. Ever wonder why your phone needs 30 to 60 seconds to boot? Why can’t it boot, say, in one second? There are no physical limitations to that. I would love to see that. I would love to see limits reached and explored, utilizing every last bit of performance we can get for something meaningful in a meaningful way.\n\n\n\nEverything is HUUUUGE\n\n\n\nAnd then there’s bloat. Web apps could open up to 10× faster if you just simply block all ads. Google begs everyone to stop shooting themselves in their feet with AMP initiative—a technology solution to a problem that doesn’t need any technology, just a little bit of common sense. If you remove bloat, the web becomes crazy fast. How smart do you have to be to understand that?\nAndroid system with no apps takes almost 6 Gb. Just think for a second how obscenely HUGE that number is. What’s in there, HD movies? I guess it’s basically code: kernel, drivers. Some string and resources too, sure, but those can’t be big. So, how many drivers do you need for a phone?\nWindows 95 was 30Mb. Today we have web pages heavier than that! Windows 10 is 4Gb, which is 133 times as big. But is it 133 times as superior? I mean, functionally they are basically the same. Yes, we have Cortana, but I doubt it takes 3970 Mb. But whatever Windows 10 is, is Android really 150% of that?\nGoogle keyboard app routinely eats 150 Mb. Is an app that draws 30 keys on a screen really five times more complex than the whole Windows 95? Google app, which is basically just a package for Google Web Search, is 350 Mb! Google Play Services, which I do not use (I don’t buy books, music or videos there)—300 Mb that just sit there and which I’m unable to delete.\nAll that leaves me around 1 Gb for my photos after I install all the essential (social, chats, maps, taxi, banks etc) apps. And that’s with no games and no music at all! Remember times when an OS, apps and all your data fit on a floppy?\nYour desktop todo app is probably written in Electron and thus has userland driver for Xbox 360 controller in it, can render 3d graphics and play audio and take photos with your web camera.\nA simple text chat is notorious for its load speed and memory consumption. Yes, you really have to count Slack in as a resource-heavy application. I mean, chatroom and barebones text editor, those are supposed to be two of the less demanding apps in the whole world. Welcome to 2018.\nAt least it works, you might say. Well, bigger doesn’t imply better. Bigger means someone has lost control. Bigger means we don’t know what’s going on. Bigger means complexity tax, performance tax, reliability tax. This is not the norm and should not become the norm. Overweight apps should mean a red flag. They should mean run away scared.\n\n\n\nBetter world manifesto\n\n\n\nI want to see progress. I want change. I want state-of-the-art in software engineering to improve, not just stand still. I don’t want to reinvent the same stuff over and over, less performant and more bloated each time. I want something to believe in, a worthy end goal, a future better than what we have today, and I want a community of engineers who share that vision.\nWhat we have today is not progress. We barely meet business goals with poor tools applied over the top. We’re stuck in local optima and nobody wants to move out. It’s not even a good place, it’s bloated and inefficient. We just somehow got used to it.\nSo I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!\nI hope I’m not alone at this. I hope there are people out there who want to do the same. I’d appreciate if we at least start talking about how absurdly bad our current situation in the software industry is. And then we maybe figure out how to get out.\n\n\n\n\n##News Roundup\n###[llvm-announce] LLVM 7.0.0 Release\n\nI am pleased to announce that LLVM 7 is now available.\n\nGet it here: https://llvm.org/releases/download.html#7.0.0\n\nThe release contains the work on trunk up to SVN revision 338536 plus\nwork on the release branch. It is the result of the community's work\nover the past six months, including: function multiversioning in Clang\nwith the 'target' attribute for ELF-based x86/x86_64 targets, improved\nPCH support in clang-cl, preliminary DWARF v5 support, basic support\nfor OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray\nand libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer\nsupport for OpenBSD, UBSan checks for implicit conversions, many\nlong-tail compatibility issues fixed in lld which is now production\nready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and\ndiagtool. And as usual, many optimizations, improved diagnostics, and\nbug fixes.\n\nFor more details, see the release notes:\nhttps://llvm.org/releases/7.0.0/docs/ReleaseNotes.html\nhttps://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.html\nhttps://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html\nhttps://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html\n\nThanks to everyone who helped with filing, fixing, and code reviewing\nfor the release-blocking bugs!\n\nSpecial thanks to the release testers and packagers: Bero\nRosenkränzer, Brian Cain, Dimitry Andric, Jonas Hahnfeld, Lei Huang\nMichał Górny, Sylvestre Ledru, Takumi Nakamura, and Vedant Kumar.\n\nFor questions or comments about the release, please contact the\ncommunity on the mailing lists. Onwards to LLVM 8!\n\nCheers,\nHans\n\n\n\n\n###Update your Thinkpad’s bios with Linux or OpenBSD\n\n\nGet your new bios\n\n\n\nAt first, go to the Lenovo website and download your new bios:\n\n\n\nGo to lenovo support\nUse the search bar to find your product (example for me, x270)\nChoose the right product (if necessary) and click search\nOn the right side, click on Update Your System\nClick on BIOS/UEFI\nChoose *BIOS Update (Bootable CD) for Windows *\nDownload\n\n\n\nFor me the file is called like this : r0iuj25wd.iso\n\n\n\nExtract bios update\n\n\n\nNow you will need to install geteltorito.\n\n\n\nWith OpenBSD:\n\n\n$ doas pkg_add geteltorito\nquirks-3.7 signed on 2018-09-09T13:15:19Z\ngeteltorito-0.6: ok\n\n\nWith Debian:\n\n\n$ sudo apt-get install genisoimage\n\n\nNow we will extract the bios update :\n\n\n$ geteltorito -o bios_update.img r0iuj25wd.iso\nBooting catalog starts at sector: 20\nManufacturer of CD: NERO BURNING ROM VER 12\nImage architecture: x86\nBoot media type is: harddisk\nEl Torito image starts at sector 27 and has 43008 sector(s) of 512 Bytes\n\nImage has been written to file \"bios_update.img\".\nThis will create a file called bios_update.img.\n\n\nPut the image on an USB key\nCAREFULL : on my computer, my USB key is sda1 on Linux and sd1 on OpenBSD.\n\n\n\nPlease check twice on your computer the name of your USB key.\n\n\n\nWith OpenBSD :\n\n\n$ doas dd if=bios_update.img of=/dev/rsd1c\n\n\nWith Linux :\n\n\n$ sudo dd if=bios_update.img of=/dev/sda\n\n\nNow all you need is to reboot, to boot on your USB key and follow the instructions. Enjoy 😉\n\n\n\n\n###Announcing The HardenedBSD Foundation\n\n\nIn June of 2018, we announced our intent to become a not-for-profit, tax-exempt 501©(3) organization in the United States. It took a dedicated team months of work behind-the-scenes to make that happen. On 06 September 2018, HardenedBSD Foundation Corp was granted 501©(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.\nWe are grateful for those who contribute to HardenedBSD in whatever way they can. Thank you for making HardenedBSD possible. We look forward to a bright future, driven by a helpful and positive community.\n\n\n\n\n###How you migrate ZFS filesystems matters\n\n\nIf you want to move a ZFS filesystem around from one host to another, you have two general approaches; you can use ‘zfs send’ and ‘zfs receive’, or you can use a user level copying tool such as rsync (or ‘tar -cf | tar -xf’, or any number of similar options). Until recently, I had considered these two approaches to be more or less equivalent apart from their convenience and speed (which generally tilted in favour of ‘zfs send’). It turns out that this is not necessarily the case and there are situations where you will want one instead of the other.\nWe have had two generations of ZFS fileservers so far, the Solaris ones and the OmniOS ones. When we moved from the first generation to the second generation, we migrated filesystems across using ‘zfs send’, including the filesystem with my home directory in it (we did this for various reasons). Recently I discovered that some old things in my filesystem didn’t have file type information in their directory entries. ZFS has been adding file type information to directories for a long time, but not quite as long as my home directory has been on ZFS.\nThis illustrates an important difference between the ‘zfs send’ approach and the rsync approach, which is that zfs send doesn’t update or change at least some ZFS on-disk data structures, in the way that re-writing them from scratch from user level does. There are both positives and negatives to this, and a certain amount of rewriting does happen even in the ‘zfs send’ case (for example, all of the block pointers get changed, and ZFS will re-compress your data as applicable).\nI knew that in theory you had to copy things at the user level if you wanted to make sure that your ZFS filesystem and everything in it was fully up to date with the latest ZFS features. But I didn’t expect to hit a situation where it mattered in practice until, well, I did. Now I suspect that old files on our old filesystems may be partially missing a number of things, and I’m wondering how much of the various changes in ‘zfs upgrade -v’ apply even to old data.\n(I’d run into this sort of general thing before when I looked into ext3 to ext4 conversion on Linux.)\nWith all that said, I doubt this will change our plans for migrating our ZFS filesystems in the future (to our third generation fileservers). ZFS sending and receiving is just too convenient, too fast and too reliable to give up. Rsync isn’t bad, but it’s not the same, and so we only use it when we have to (when we’re moving only some of the people in a filesystem instead of all of them, for example).\nPS: I was going to try to say something about what ‘zfs send’ did and didn’t update, but having looked briefly at the code I’ve concluded that I need to do more research before running my keyboard off. In the mean time, you can read the OpenZFS wiki page on ZFS send and receive, which has plenty of juicy technical details.\nPPS: Since eliminating all-zero blocks is a form of compression, you can turn zero-filled files into sparse files through a ZFS send/receive if the destination has compression enabled. As far as I know, genuine sparse files on the source will stay sparse through a ZFS send/receive even if they’re sent to a destination with compression off.\n\n\n\n\n##Beastie Bits\n\n\nBSD Users Stockholm Meetup #4: Tuesday, November 13, 2018 at 18:00\nBSD Poland User Group: Next Meeting: October 11, 2018, 18:15 - 21:15 at Warsaw University of Technology\nn2k18 Hackathon report: Ken Westerback (krw@) on disklabel(8) work, dhclient(8) progress\nRunning MirageOS Unikernels on OpenBSD in vmm (Now Works)\nvmm(4) gets support for qcow2\nMeetBSD and SecurityBsides\nColin Percival reduced FreeBSD startup time from 10627ms (11.2) to 4738ms (12.0)\nFreeBSD 11.1 end-of-life\nKnoxBug: Monday, October 1, 2018 at 18:00: Real-world Performance Advantages of NVDIMM and NVMe: Case Study with OpenZFS\n\n\n\n\n##Feedback/Questions\n\n\nTodd - 2 Nics, 1 bhyve and a jail cell\nThomas - Deep Dive\nMorgan - Send/Receive to Manage Fragmentation?\nDominik - hierarchical jails -\u0026gt; networking\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eWe report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003c/p\u003e\n\n\u003cp\u003e###[FreeBSD DevSummit \u0026amp; EuroBSDcon 2018 in Romania]\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eYour hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks.\u003c/li\u003e\n\u003cli\u003eAlthough Benedict organized the devsummit in large parts, he did not attend it this year. He held his Ansible tutorial in the morning of the first day, followed by Niclas Zeising’s new ports and poudriere tutorial (which had a record attendance). It was intended for beginners that had never used poudriere before and those who wanted to create their first port. The tutorial was well received and Niclas already has ideas for extending it for future conferences.\u003c/li\u003e\n\u003cli\u003eOn the second day, Benedict took Kirk McKusick’s “An Introduction to the FreeBSD Open-Source Operating System” tutorial, held as a one full day class this year. Although it was reduced in content, it went into enough depth of many areas of the kernel and operating system to spark many questions from attendees. Clearly, this is a good start into kernel programming as Kirk provides enough material and backstories to understand why certain things are implemented as they are.\u003c/li\u003e\n\u003cli\u003eOlivier Robert took [\u003ca href=\"https://www.talegraph.com/tales/l2o9ltrvsE\"\u003ehttps://www.talegraph.com/tales/l2o9ltrvsE\u003c/a\u003e](pictures from the devsummit) and created a nice gallery out of it.\u003c/li\u003e\n\u003cli\u003eDevsummit evenings saw dinners at two restaurants that allowed developers to spend some time talking over food and drinks.\u003c/li\u003e\n\u003cli\u003eThe conference opened on the next day with the opening session held by Mihai Carabas. He introduced the first keynote speaker, a colleague of his who presented “Lightweight virtualization with LightVM and Unikraft”.\u003c/li\u003e\n\u003cli\u003eBenedict helped out at the FreeBSD Foundation sponsor table and talked to people. He saw the following talks in between:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSelfhosting as an alternative to the public cloud (by Albert Dengg)\u003cbr\u003e\nUsing Boot Environments at Scale (by Allan Jude)\u003cbr\u003e\nLivepatching FreeBSD kernel (by Maciej Grochowski)\u003cbr\u003e\nFreeBSD: What to (Not) Monitor (by Andrew Fengler)\u003cbr\u003e\nFreeBSD Graphics (by Niclas Zeising)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAllan spent a lot of time talking to people and helping track down issues they were having, in addition to attending many talks:\n\u003cblockquote\u003e\n\u003cp\u003eHacking together a FreeBSD presentation streaming box – For as little as possible (by Tom Jones)\u003cbr\u003e\nIntroduction of FreeBSD in new environments (by Baptiste Daroussin)\u003cbr\u003e\nKeynote: Some computing and networking historical perspectives (by Ron Broersma)\u003cbr\u003e\nLivepatching FreeBSD kernel (by Maciej Grochowski)\u003cbr\u003e\nFreeBSD: What to (Not) Monitor (by Andrew Fengler)\u003cbr\u003e\nBeing a BSD user (by Roller Angel)\u003cbr\u003e\nFrom “Hello World” to the VFS Layer: building a beadm for DragonFly BSD (by Michael Voight)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/li\u003e\n\u003cli\u003eWe also met the winner of our Power Bagel raffle from \u003ca href=\"http://www.bsdnow.tv/episodes/2018_07_25-2_8_because_computers\"\u003eEpisode 2^8\u003c/a\u003e. He received the item in the meantime and had it with him at the conference, providing a power outlet to charge other people’s devices.\u003c/li\u003e\n\u003cli\u003eDuring the closing session, \u003ca href=\"https://twitter.com/groffthebsdgoat\"\u003eGroffTheBSDGoat\u003c/a\u003e was handed over to Deb Goodkin, who will bring the little guy to the \u003ca href=\"https://ghc.anitab.org/\"\u003eGrace Hopper Celebration of Women in Computing conference\u003c/a\u003e and then to \u003ca href=\"http://meetbsd.com\"\u003eMeetBSD\u003c/a\u003e later this year. It was also revealed that next year’s EuroBSDcon will be held in Lillehammer, Norway.\u003c/li\u003e\n\u003cli\u003eThanks to all the speakers, helpers, sponsors, organizers, and attendees for making it a successful conferences. There were no talks recorded this year, but the slides will be uploaded to the \u003ca href=\"http://eurobsdcon.org\"\u003eEuroBSDcon website\u003c/a\u003e in a couple of weeks. The \u003ca href=\"https://www.openbsd.org/events.html#eurobsdcon2018\"\u003eOpenBSD talks\u003c/a\u003e are already available, so check them out.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e###\u003ca href=\"http://tonsky.me/blog/disenchantment/\"\u003eSoftware disenchantment\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been programming for 15 years now. Recently our industry’s lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general.\u003cbr\u003e\nModern cars work, let’s say for the sake of argument, at 98% of what’s physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same.\u003cbr\u003e\nOnly in software, it’s fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in “why should we worry, computers are fast enough”:\u003cbr\u003e\n@tveastman: I have a Python program I run every day, it takes 1.5 seconds. I spent six hours re-writing it in rust, now it takes 0.06 seconds. That efficiency improvement means I’ll make my time back in 41 years, 24 days :-)\u003cbr\u003e\nYou’ve probably heard this mantra: “programmer time is more expensive than computer time”. What it means basically is that we’re wasting computers at an unprecedented scale. Would you buy a car if it eats 100 liters per 100 kilometers? How about 1000 liters? With computers, we do that all the time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEverything is unbearably slow\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLook around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?\u003cbr\u003e\nGoogle Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails:\u003cbr\u003e\nIt also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.\u003cbr\u003e\nWindows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.\u003cbr\u003e\nPavel Fatin: Typing in editor is a relatively simple process, so even 286 PCs were able to provide a rather fluid typing experience.\u003cbr\u003e\nModern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?\u003cbr\u003e\nAs a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features. Everything works way below the possible speed. Ever wonder why your phone needs 30 to 60 seconds to boot? Why can’t it boot, say, in one second? There are no physical limitations to that. I would love to see that. I would love to see limits reached and explored, utilizing every last bit of performance we can get for something meaningful in a meaningful way.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEverything is HUUUUGE\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd then there’s bloat. Web apps could open up to 10× faster if you just simply block all ads. Google begs everyone to stop shooting themselves in their feet with AMP initiative—a technology solution to a problem that doesn’t need any technology, just a little bit of common sense. If you remove bloat, the web becomes crazy fast. How smart do you have to be to understand that?\u003cbr\u003e\nAndroid system with no apps takes almost 6 Gb. Just think for a second how obscenely HUGE that number is. What’s in there, HD movies? I guess it’s basically code: kernel, drivers. Some string and resources too, sure, but those can’t be big. So, how many drivers do you need for a phone?\u003cbr\u003e\nWindows 95 was 30Mb. Today we have web pages heavier than that! Windows 10 is 4Gb, which is 133 times as big. But is it 133 times as superior? I mean, functionally they are basically the same. Yes, we have Cortana, but I doubt it takes 3970 Mb. But whatever Windows 10 is, is Android really 150% of that?\u003cbr\u003e\nGoogle keyboard app routinely eats 150 Mb. Is an app that draws 30 keys on a screen really five times more complex than the whole Windows 95? Google app, which is basically just a package for Google Web Search, is 350 Mb! Google Play Services, which I do not use (I don’t buy books, music or videos there)—300 Mb that just sit there and which I’m unable to delete.\u003cbr\u003e\nAll that leaves me around 1 Gb for my photos after I install all the essential (social, chats, maps, taxi, banks etc) apps. And that’s with no games and no music at all! Remember times when an OS, apps and all your data fit on a floppy?\u003cbr\u003e\nYour desktop todo app is probably written in Electron and thus has userland driver for Xbox 360 controller in it, can render 3d graphics and play audio and take photos with your web camera.\u003cbr\u003e\nA simple text chat is notorious for its load speed and memory consumption. Yes, you really have to count Slack in as a resource-heavy application. I mean, chatroom and barebones text editor, those are supposed to be two of the less demanding apps in the whole world. Welcome to 2018.\u003cbr\u003e\nAt least it works, you might say. Well, bigger doesn’t imply better. Bigger means someone has lost control. Bigger means we don’t know what’s going on. Bigger means complexity tax, performance tax, reliability tax. This is not the norm and should not become the norm. Overweight apps should mean a red flag. They should mean run away scared.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBetter world manifesto\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI want to see progress. I want change. I want state-of-the-art in software engineering to improve, not just stand still. I don’t want to reinvent the same stuff over and over, less performant and more bloated each time. I want something to believe in, a worthy end goal, a future better than what we have today, and I want a community of engineers who share that vision.\u003cbr\u003e\nWhat we have today is not progress. We barely meet business goals with poor tools applied over the top. We’re stuck in local optima and nobody wants to move out. It’s not even a good place, it’s bloated and inefficient. We just somehow got used to it.\u003cbr\u003e\nSo I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!\u003cbr\u003e\nI hope I’m not alone at this. I hope there are people out there who want to do the same. I’d appreciate if we at least start talking about how absurdly bad our current situation in the software industry is. And then we maybe figure out how to get out.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://lists.llvm.org/pipermail/llvm-announce/2018-September/000080.html\"\u003e[llvm-announce] LLVM 7.0.0 Release\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eI am pleased to announce that LLVM 7 is now available.\n\nGet it here: https://llvm.org/releases/download.html#7.0.0\n\nThe release contains the work on trunk up to SVN revision 338536 plus\nwork on the release branch. It is the result of the community's work\nover the past six months, including: function multiversioning in Clang\nwith the 'target' attribute for ELF-based x86/x86_64 targets, improved\nPCH support in clang-cl, preliminary DWARF v5 support, basic support\nfor OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray\nand libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer\nsupport for OpenBSD, UBSan checks for implicit conversions, many\nlong-tail compatibility issues fixed in lld which is now production\nready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and\ndiagtool. And as usual, many optimizations, improved diagnostics, and\nbug fixes.\n\nFor more details, see the release notes:\nhttps://llvm.org/releases/7.0.0/docs/ReleaseNotes.html\nhttps://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.html\nhttps://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html\nhttps://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html\n\nThanks to everyone who helped with filing, fixing, and code reviewing\nfor the release-blocking bugs!\n\nSpecial thanks to the release testers and packagers: Bero\nRosenkränzer, Brian Cain, Dimitry Andric, Jonas Hahnfeld, Lei Huang\nMichał Górny, Sylvestre Ledru, Takumi Nakamura, and Vedant Kumar.\n\nFor questions or comments about the release, please contact the\ncommunity on the mailing lists. Onwards to LLVM 8!\n\nCheers,\nHans\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.raveland.org/post/thinkpad_update_bios/\"\u003eUpdate your Thinkpad’s bios with Linux or OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eGet your new bios\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt first, go to the Lenovo website and download your new bios:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGo to lenovo support\u003c/li\u003e\n\u003cli\u003eUse the search bar to find your product (example for me, x270)\u003c/li\u003e\n\u003cli\u003eChoose the right product (if necessary) and click search\u003c/li\u003e\n\u003cli\u003eOn the right side, click on Update Your System\u003c/li\u003e\n\u003cli\u003eClick on BIOS/UEFI\u003c/li\u003e\n\u003cli\u003eChoose *BIOS Update (Bootable CD) for Windows *\u003c/li\u003e\n\u003cli\u003eDownload\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor me the file is called like this : r0iuj25wd.iso\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eExtract bios update\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow you will need to install geteltorito.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith OpenBSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e$ doas pkg_add geteltorito\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003equirks-3.7 signed on 2018-09-09T13:15:19Z\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003egeteltorito-0.6: ok\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith Debian:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e$ sudo apt-get install genisoimage\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow we will extract the bios update :\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e$ geteltorito -o bios_update.img r0iuj25wd.iso\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eBooting catalog starts at sector: 20\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eManufacturer of CD: NERO BURNING ROM VER 12\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eImage architecture: x86\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eBoot media type is: harddisk\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eEl Torito image starts at sector 27 and has 43008 sector(s) of 512 Bytes\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eImage has been written to file \u0026quot;bios_update.img\u0026quot;.\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eThis will create a file called bios_update.img.\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePut the image on an USB key\u003c/li\u003e\n\u003cli\u003eCAREFULL : on my computer, my USB key is sda1 on Linux and sd1 on OpenBSD.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePlease check twice on your computer the name of your USB key.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith OpenBSD :\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e$ doas dd if=bios_update.img of=/dev/rsd1c\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith Linux :\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e$ sudo dd if=bios_update.img of=/dev/sda\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow all you need is to reboot, to boot on your USB key and follow the instructions. Enjoy \u0026#x1f609;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2018-09-17/announcing-hardenedbsd-foundation\"\u003eAnnouncing The HardenedBSD Foundation\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn June of 2018, we announced our intent to become a not-for-profit, tax-exempt 501©(3) organization in the United States. It took a dedicated team months of work behind-the-scenes to make that happen. On 06 September 2018, HardenedBSD Foundation Corp was granted 501©(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.\u003cbr\u003e\nWe are grateful for those who contribute to HardenedBSD in whatever way they can. Thank you for making HardenedBSD possible. We look forward to a bright future, driven by a helpful and positive community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSSendRecvVsRsync\"\u003eHow you migrate ZFS filesystems matters\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you want to move a ZFS filesystem around from one host to another, you have two general approaches; you can use ‘zfs send’ and ‘zfs receive’, or you can use a user level copying tool such as rsync (or ‘tar -cf | tar -xf’, or any number of similar options). Until recently, I had considered these two approaches to be more or less equivalent apart from their convenience and speed (which generally tilted in favour of ‘zfs send’). It turns out that this is not necessarily the case and there are situations where you will want one instead of the other.\u003cbr\u003e\nWe have had two generations of ZFS fileservers so far, the Solaris ones and the OmniOS ones. When we moved from the first generation to the second generation, we migrated filesystems across using ‘zfs send’, including the filesystem with my home directory in it (we did this for various reasons). Recently I discovered that some old things in my filesystem didn’t have file type information in their directory entries. ZFS has been adding file type information to directories for a long time, but not quite as long as my home directory has been on ZFS.\u003cbr\u003e\nThis illustrates an important difference between the ‘zfs send’ approach and the rsync approach, which is that zfs send doesn’t update or change at least some ZFS on-disk data structures, in the way that re-writing them from scratch from user level does. There are both positives and negatives to this, and a certain amount of rewriting does happen even in the ‘zfs send’ case (for example, all of the block pointers get changed, and ZFS will re-compress your data as applicable).\u003cbr\u003e\nI knew that in theory you had to copy things at the user level if you wanted to make sure that your ZFS filesystem and everything in it was fully up to date with the latest ZFS features. But I didn’t expect to hit a situation where it mattered in practice until, well, I did. Now I suspect that old files on our old filesystems may be partially missing a number of things, and I’m wondering how much of the various changes in ‘zfs upgrade -v’ apply even to old data.\u003cbr\u003e\n(I’d run into this sort of general thing before when I looked into ext3 to ext4 conversion on Linux.)\u003cbr\u003e\nWith all that said, I doubt this will change our plans for migrating our ZFS filesystems in the future (to our third generation fileservers). ZFS sending and receiving is just too convenient, too fast and too reliable to give up. Rsync isn’t bad, but it’s not the same, and so we only use it when we have to (when we’re moving only some of the people in a filesystem instead of all of them, for example).\u003cbr\u003e\nPS: I was going to try to say something about what ‘zfs send’ did and didn’t update, but having looked briefly at the code I’ve concluded that I need to do more research before running my keyboard off. In the mean time, you can read the OpenZFS wiki page on ZFS send and receive, which has plenty of juicy technical details.\u003cbr\u003e\nPPS: Since eliminating all-zero blocks is a form of compression, you can turn zero-filled files into sparse files through a ZFS send/receive if the destination has compression enabled. As far as I know, genuine sparse files on the source will stay sparse through a ZFS send/receive even if they’re sent to a destination with compression off.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/254235663/\"\u003eBSD Users Stockholm Meetup #4: Tuesday, November 13, 2018 at 18:00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-pl.org/en\"\u003eBSD Poland User Group: Next Meeting: October 11, 2018, 18:15 - 21:15 at Warsaw University of Technology\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180915112028\"\u003en2k18 Hackathon report: Ken Westerback (krw@) on disklabel(8) work, dhclient(8) progress\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.xenproject.org/archives/html/mirageos-devel/2018-09/msg00013.html\"\u003eRunning MirageOS Unikernels on OpenBSD in vmm (Now Works)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180910070407\"\u003evmm(4) gets support for qcow2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://oshogbo.vexillium.org/blog/52/\"\u003eMeetBSD and SecurityBsides\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/cperciva/status/1041433506453155840\"\u003eColin Percival reduced FreeBSD startup time from 10627ms (11.2) to 4738ms (12.0)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2018-September/001842.html\"\u003eFreeBSD 11.1 end-of-life\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/KnoxBUG-BSD-Linux-and-FOSS-Users-Unite/events/254759084\"\u003eKnoxBug: Monday, October 1, 2018 at 18:00: Real-world Performance Advantages of NVDIMM and NVMe: Case Study with OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTodd - \u003ca href=\"http://dpaste.com/2QZEZPA\"\u003e2 Nics, 1 bhyve and a jail cell\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThomas - \u003ca href=\"http://dpaste.com/3SFM1YP#wrap\"\u003eDeep Dive\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMorgan - \u003ca href=\"http://dpaste.com/07EK4RK#wrap\"\u003eSend/Receive to Manage Fragmentation?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDominik - \u003ca href=\"http://dpaste.com/0SZJ0V4#wrap\"\u003ehierarchical jails -\u0026gt; networking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"We report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync.","date_published":"2018-09-27T04:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/01bccaf7-cfe6-48d1-90e8-8fd66badaeb6.mp3","mime_type":"audio/mp3","size_in_bytes":61339126,"duration_in_seconds":6115}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2594","title":"Episode 264: Optimized-out | BSD Now 264","url":"https://www.bsdnow.tv/264","content_text":"FreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.\n\n##Headlines\n###FreeBSD \u0026amp; DragonFlyBSD Put Up A Strong Fight On AMD’s Threadripper 2990WX, Benchmarks Against Linux\n\n\nThe past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows Server. But recently I got around to trying out some of the BSD operating systems on this 32-core / 64-thread processor to see how they would run and to see whether they would have similar scaling issues or not like we’ve seen on the Windows side against Linux. In this article are FreeBSD and DragonFlyBSD benchmarks with the X399 + 2990WX compared to a few Linux distributions.\nThe BSDs I focused my testing on were FreeBSD 11.2-STABLE and 12.0-CURRENT/ALPHA1 (the version in development) as well as iX System’s TrueOS that is tracking FreeBSD 12.0-CURRENT. Also included were DragonFlyBSD, with FreeBSD and DragonFlyBSD being tied as my favorite operating systems when it comes to the BSDs. When it came to FreeBSD 11.2-STABLE and 12.0-ALPHA1 on the Threadripper 2990WX, it worked out surprisingly well. I encountered no real issues during my two days of benchmarking on FreeBSD (and TrueOS). It was a great experience and FreeBSD was happy to exploit the 64 threads on the system.\nDragonFlyBSD was a bit of a different story… Last week when I started this BSD testing I tried DragonFly 5.2.2 as the latest stable release as well as a DragonFlyBSD 5.3 development snapshot from last week: both failed to boot in either BIOS or UEFI modes.\nBut then a few days ago DragonFlyBSD lead developer Matthew Dillon bought himself a 2990WX platform. He made the necessary changes to get DragonFlyBSD 5.3 working and he ended up finding really great performance and potential out of the platform. So I tried the latest DragonFlyBSD 5.3 daily ISO on 22 August and indeed it now booted successfully and we were off to the races. Thus there are some DragonFlyBSD 5.3 benchmarks included in this article too.\nJust hours ago, Matthew Dillon landed some 2990WX topology and scheduler enhancements but that fell out of the scope of when DragonFly was installed on this system. But over the weekend or so I plan to re-test DragonFlyBSD 5.3 and see how those optimizations affect the overall 2990WX performance now on that BSD. DragonFlyBSD 5.4 stable should certainly be an interesting release on several fronts!\nWith FreeBSD 11.2-STABLE and 12.0-ALPHA1 I ran benchmarks when using their stock compiler (LLVM Clang 6.0) as well as GCC 7.3 obtained via GCC 7.3. That was done to rule out compiler differences in benchmarking against the GCC-based Linux distributions. On DragonFlyBSD 5.3 it defaults to the GCC 5.4.1 but via pkg I also did a secondary run when upgraded to GCC 7.3.\nThe hardware and BIOS/UEFI settings were maintained the same throughout the entire benchmarking process. The system was made up of the AMD Ryzen Threadripper 2990WX at stock speeds, the ASUS ROG ZENITH EXTREME motherboard, 4 x 8GB DDR4-3200MHz memory, Samsung 970 EVO 500GB NVMe SSD, and Radeon RX Vega 56 graphics card.\nAll of these Linux vs. BSD benchmarks were carried out in a fully-automated and reproducible manner using the open-source Phoronix Test Suite benchmarking framework.\nWhile for the last of today’s BSD vs. Linux benchmarking on the Threadripper 2990WX, the Linux distributions came out slightly ahead of FreeBSD and DragonFlyBSD with GCC (another test having issues with Clang 6.0 on the BSDs).\nOverall, I was quite taken away by the BSD performance on the Threadripper 2990WX – particularly FreeBSD. In a surprising number of benchmarks, the BSDs were outperforming the tested Linux distributions though often by incredibly thin margins. Still, quite an accomplishment for these BSD operating systems and considering how much better Linux is already doing than Windows 10 / Windows Server on this 32-core / 64-thread processor. Then again, the BSDs like Linux have a long history of running on high core/thread-count systems, super computers, and other HPC environments.\nIt will be interesting to see how much faster DragonFlyBSD can run given today’s commit to its kernel with scheduler and topology improvements for the 2990WX. Those additional DragonFlyBSD benchmarks will be published in the coming days once they are completed.\n\n\n\n\n###NetBSD 7.2 released\n\n\nThe NetBSD Project is pleased to announce NetBSD 7.2, the second feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\n\n\n\nGeneral Security Note\n\n\nThe NetBSD 7.2 release is a maintenance release of the netbsd-7 branch, which had it's first major release, NetBSD 7.0 in September 2015. A lot of security features have been added to later NetBSD versions, and for new installations we highly recommend using our latest release, NetBSD 8.0 instead.\n\n\nSome highlights of the 7.2 release are:\nSupport for USB 3.0.\nEnhancements to the Linux emulation subsystem.\nFixes in binary compatibility for ancient NetBSD executables.\niwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.\nSupport for Raspberry Pi 3 added.\nFix interrupt setup on Hyper-V VMs with Legacy Network Adapter.\nSVR4 and IBCS2 compatibility subsystems have been disabled by default (besides IBCS2 on VAX). These subsystems also do not auto-load their modules any more.\nVarious USB stability enhancements.\nNumerous bug fixes and stability improvements.\n\n\n\nComplete source and binaries for NetBSD 7.2 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at https://www.NetBSD.org/mirrors/. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc\nNetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:\n\n\n\n\n##News Roundup\n###Including optimized-out kernel symbols in dtrace on FreeBSD\n\n\nHave you ever had dtrace(1) on FreeBSD fail to list a probe that should exist in the kernel? This is because Clang will optimize-out some functions. The result is ctfconvert(1) will not generate debugging symbols that dtrace(1) uses to identify probes. I have a quick solution to getting those probes visible to dtrace(1).\n\n\n\nIn my case, I was trying to instrument on ieee80211_ioctl_get80211, whose sister function ieee80211_ioctl_set80211 has a dtrace(1) probe in the generic FreeBSD 11 and 12 kernels. Both functions are located in /usr/src/sys/net80211/ieee80211_ioctl.c.\n\n\n\nMy first attempt was to add to /etc/make.conf as follows and recompile the kernel.\n\n\nCFLAGS+=-O0 and -fno-inline-functions\n\n\nThis failed to produce the dtrace(1) probe. Several other attempts failed and I was getting inconsistent compilation results (Is it me or is ieee80211_ioctl.c compiled with different flags if NO_CLEAN=1 is set?). When I manually compiled the object file by copying the compilation line for the object file and adding -O0 -fno-inline-functions, nm(1) on both the object file and kernel demonstrated that the symbol was present. I installed the kernel, rebooted and it was listed as a dtrace probe. Great!\n\n\n\nBut as I continued to debug my WiFi driver (oh yeah, I’m very slowly extending rtwn(4)), I found myself rebuilding the kernel several times and frequently rebooting. Why not do this across the entire kernel?\n\n\n\nAfter hacking around, my solution was to modify the build scripts. My solution was to edit /usr/src/sys/conf/kern.pre.mk and modify all optimization level 2 to optimization level 0. The following is my diff(1) on FreeBSD 12.0-CURRENT.\n\n\n\nA few thoughts:\n\n\n\nThis seems like a hack rather than a long-term solution. Either the problem is with the hard-coded optimization flags, or the inability to overwrite them in all places in make.conf.\nRemoving optimizations is only something I would do in a non-production kernel, so its as if I have to choose between optimizations for a production kernel or having dtrace probes. But dtrace explicitly markets itself as not impactful on production.\nUsing the dtrace pony as your featured image on WordPress does not render properly and must be rotated and modified. Blame Bryan Cantrill.\nIf you have a better solution, please let me know and I will update the article, but this works for me!\n\n\n\n\n###FreeBSD: UEFI Bootloader stuck on BootCurrent/BootOrder/BootInfo on Asus Motherboards (and fix!)\n\n\nStarting with FreeBSD CURRENT from about a few weeks of posting date, but including FreeBSD 12 alpha releases (not related to DEC Alpha), I noticed one thing: When I boot FreeBSD from UEFI on a homebuilt desktop with a Asus H87M-E motherboard, and have Root on ZFS, the bootloader gets stuck on lines like BootCurrent, BootOrder, and  BootInfo. This issue occurs when I try to boot directly to  efi\\boot\\bootx64.efi.\n\n\n\nOne person had a similar issue on a Asus H87I-PLUS motherboard. This issue may or may not exist on other Asus motherboards, desktops, or laptops. This may be specific to Asus motherboards for Intel’s Haswell, but may also exist on newer systems (e.g. Skylake) or older (e.g. Ivy Bridge) with Asus motherboards, as well as Asus desktops or laptops.\n\n\n\nThere are two solutions to this problem:\nUse Legacy BIOS mode instead of UEFI mode\nInstall a FreeBSD UEFI Boot entry\n\n\n\nKeep in mind that I am not going to talk about this issue and third-party UEFI boot managers such as rEFInd here.\nThe first option is rather straightforward: you need to make sure your computer has “Secure Boot” disabled and “Legacy Boot” or “CSM” enabled. Then, you need to make sure FreeBSD is installed in BIOS mode. However, this solution is (in my opinion) suboptimal. Why? Because:\nYou won’t be able to use hard drives bigger than 2TB\nYou are limited to MBR Partitioning on Asus motherboards with UEFI as Asus motherboards refuse to boot GPT partitioned disks in BIOS mode\nLegacy BIOS mode may not exist on future computers or motherboards (although those systems may not have this issue, and this issue may get fixed by then)\nThe second option, however, is less straightforward, but will let you keep UEFI. Many UEFI systems, including affected Asus motherboards described here, include a boot manager built into the UEFI. FreeBSD includes a tool called efibootmgr to manage this, similar to the similarly-named tool in Linux, but with a different syntax.\n\n\n\n\n###Why ed(1) is not a good editor today\n\n\nI’ll start with my tweet:\n\n\nHeretical Unix opinion time: ed(1) may be the 'standard Unix editor', but it is not a particularly good editor outside of a limited environment that almost never applies today.\n\n\nThere is a certain portion of Unixdom that really likes ed(1), the ‘standard Unix editor’. Having actually used ed for a not insignificant amount of time (although it was the friendlier ‘UofT ed’ variant), I have some reactions to what I feel is sometimes overzealous praise of it. One of these is what I tweeted.\nThe fundamental limitation of ed is that it is what I call an indirect manipulation interface, in contrast to the explicit manipulation interfaces of screen editors like vi and graphical editors like sam (which are generally lumped together as ‘visual’ editors, so called because they actually show you the text you’re editing). When you edit text in ed, you have some problems that you don’t have in visual editors; you have to maintain in your head the context of what the text looks like (and where you are in it), you have to figure out how to address portions of that text in order to modify them, and finally you have to think about how your edit commands will change the context. Copious use of ed’s p command can help with the first problem, but nothing really deals with the other two. In order to use ed, you basically have to simulate parts of ed in your head.\nEd is a great editor in situations where the editor explicitly presenting this context is a very expensive or outright impossible operation. Ed works great on real teletypes, for example, or over extremely slow links where you want to send and receive as little data as possible (and on real teletypes you have some amount of context in the form of an actual printout that you can look back at). Back in the old days of Unix, this described a fairly large number of situations; you had actual teletypes, you had slow dialup links (and later slow, high latency network links), and you had slow and heavily overloaded systems.\nHowever, that’s no longer the situation today (at least almost all of the time). Modern systems and links can easily support visual editors that continually show you the context of the text and generally let you more or less directly manipulate it (whether that is through cursoring around it or using a mouse). Such editors are easier and faster to use, and they leave you with more brainpower free to think about things like the program you’re writing (which is the important thing).\nIf you can use a visual editor, ed is not a particularly good editor to use instead; you will probably spend a lot of effort (and some amount of time) on doing by hand something that the visual editor will do for you. If you are very practiced at ed, maybe this partly goes away, but I maintain that you are still working harder than you need to be.\nThe people who say that ed is a quite powerful editor are correct; ed is quite capable (although sadly limited by only editing a single file). It’s just that it’s also a pain to use.\n(They’re also correct that ed is the foundation of many other things in Unix, including sed and vi. But that doesn’t mean that the best way to learn or understand those things is to learn and use ed.)\nThis doesn’t make ed a useless, vestigial thing on modern Unix, though. There are uses for ed in non-interactive editing, for example. But on modern Unix, ed is a specialized tool, much like dc. It’s worth knowing that ed is there and roughly what it can do, but it’s probably not worth learning how to use it before you need it. And you’re unlikely to ever be in a situation where it’s the best choice for interactive editing (and if you are, something has generally gone wrong).\n(But if you enjoy exploring the obscure corners of Unix, sure, go for it. Learn dc too, because it’s interesting in its own way and, like ed, it’s one of those classical old Unix programs.)\n\n\n\n\n##Beastie Bits\n\n\nIs there any interest in a #BSD user group in #Montreal?\nTell your BSD story\nFinishing leftover tasks from Google Summer of Code\nFuzzing the OpenBSD Kernel\nARM - any Tier-1 *BSD options?\n\n\n\n\n##Feedback/Questions\n\n\nChris - byhve question\nPaulo - Topic suggestion\nBostjan - How data gets to disk\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eFreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026amp;item=bsd-threadripper-2990wx\u0026amp;num=1\"\u003eFreeBSD \u0026amp; DragonFlyBSD Put Up A Strong Fight On AMD’s Threadripper 2990WX, Benchmarks Against Linux\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows Server. But recently I got around to trying out some of the BSD operating systems on this 32-core / 64-thread processor to see how they would run and to see whether they would have similar scaling issues or not like we’ve seen on the Windows side against Linux. In this article are FreeBSD and DragonFlyBSD benchmarks with the X399 + 2990WX compared to a few Linux distributions.\u003cbr\u003e\nThe BSDs I focused my testing on were FreeBSD 11.2-STABLE and 12.0-CURRENT/ALPHA1 (the version in development) as well as iX System’s TrueOS that is tracking FreeBSD 12.0-CURRENT. Also included were DragonFlyBSD, with FreeBSD and DragonFlyBSD being tied as my favorite operating systems when it comes to the BSDs. When it came to FreeBSD 11.2-STABLE and 12.0-ALPHA1 on the Threadripper 2990WX, it worked out surprisingly well. I encountered no real issues during my two days of benchmarking on FreeBSD (and TrueOS). It was a great experience and FreeBSD was happy to exploit the 64 threads on the system.\u003cbr\u003e\nDragonFlyBSD was a bit of a different story… Last week when I started this BSD testing I tried DragonFly 5.2.2 as the latest stable release as well as a DragonFlyBSD 5.3 development snapshot from last week: both failed to boot in either BIOS or UEFI modes.\u003cbr\u003e\nBut then a few days ago DragonFlyBSD lead developer Matthew Dillon bought himself a 2990WX platform. He made the necessary changes to get DragonFlyBSD 5.3 working and he ended up finding really great performance and potential out of the platform. So I tried the latest DragonFlyBSD 5.3 daily ISO on 22 August and indeed it now booted successfully and we were off to the races. Thus there are some DragonFlyBSD 5.3 benchmarks included in this article too.\u003cbr\u003e\nJust hours ago, Matthew Dillon landed some 2990WX topology and scheduler enhancements but that fell out of the scope of when DragonFly was installed on this system. But over the weekend or so I plan to re-test DragonFlyBSD 5.3 and see how those optimizations affect the overall 2990WX performance now on that BSD. DragonFlyBSD 5.4 stable should certainly be an interesting release on several fronts!\u003cbr\u003e\nWith FreeBSD 11.2-STABLE and 12.0-ALPHA1 I ran benchmarks when using their stock compiler (LLVM Clang 6.0) as well as GCC 7.3 obtained via GCC 7.3. That was done to rule out compiler differences in benchmarking against the GCC-based Linux distributions. On DragonFlyBSD 5.3 it defaults to the GCC 5.4.1 but via pkg I also did a secondary run when upgraded to GCC 7.3.\u003cbr\u003e\nThe hardware and BIOS/UEFI settings were maintained the same throughout the entire benchmarking process. The system was made up of the AMD Ryzen Threadripper 2990WX at stock speeds, the ASUS ROG ZENITH EXTREME motherboard, 4 x 8GB DDR4-3200MHz memory, Samsung 970 EVO 500GB NVMe SSD, and Radeon RX Vega 56 graphics card.\u003cbr\u003e\nAll of these Linux vs. BSD benchmarks were carried out in a fully-automated and reproducible manner using the open-source Phoronix Test Suite benchmarking framework.\u003cbr\u003e\nWhile for the last of today’s BSD vs. Linux benchmarking on the Threadripper 2990WX, the Linux distributions came out slightly ahead of FreeBSD and DragonFlyBSD with GCC (another test having issues with Clang 6.0 on the BSDs).\u003cbr\u003e\nOverall, I was quite taken away by the BSD performance on the Threadripper 2990WX – particularly FreeBSD. In a surprising number of benchmarks, the BSDs were outperforming the tested Linux distributions though often by incredibly thin margins. Still, quite an accomplishment for these BSD operating systems and considering how much better Linux is already doing than Windows 10 / Windows Server on this 32-core / 64-thread processor. Then again, the BSDs like Linux have a long history of running on high core/thread-count systems, super computers, and other HPC environments.\u003cbr\u003e\nIt will be interesting to see how much faster DragonFlyBSD can run given today’s commit to its kernel with scheduler and topology improvements for the 2990WX. Those additional DragonFlyBSD benchmarks will be published in the coming days once they are completed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.netbsd.org/releases/formal-7/NetBSD-7.2.html\"\u003eNetBSD 7.2 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe NetBSD Project is pleased to announce NetBSD 7.2, the second feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGeneral Security Note\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003eThe NetBSD 7.2 release is a maintenance release of the netbsd-7 branch, which had it's first major release, NetBSD 7.0 in September 2015. A lot of security features have been added to later NetBSD versions, and for new installations we highly recommend using our latest release, NetBSD 8.0 instead.\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome highlights of the 7.2 release are:\u003c/li\u003e\n\u003cli\u003eSupport for USB 3.0.\u003c/li\u003e\n\u003cli\u003eEnhancements to the Linux emulation subsystem.\u003c/li\u003e\n\u003cli\u003eFixes in binary compatibility for ancient NetBSD executables.\u003c/li\u003e\n\u003cli\u003eiwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.\u003c/li\u003e\n\u003cli\u003eSupport for Raspberry Pi 3 added.\u003c/li\u003e\n\u003cli\u003eFix interrupt setup on Hyper-V VMs with Legacy Network Adapter.\u003c/li\u003e\n\u003cli\u003eSVR4 and IBCS2 compatibility subsystems have been disabled by default (besides IBCS2 on VAX). These subsystems also do not auto-load their modules any more.\u003c/li\u003e\n\u003cli\u003eVarious USB stability enhancements.\u003c/li\u003e\n\u003cli\u003eNumerous bug fixes and stability improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eComplete source and binaries for NetBSD 7.2 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at \u003ca href=\"https://www.NetBSD.org/mirrors/\"\u003ehttps://www.NetBSD.org/mirrors/\u003c/a\u003e. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: \u003ca href=\"https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc\"\u003ehttps://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc\u003c/a\u003e\u003cbr\u003e\nNetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://farhan.codes/2018/08/16/including-optimized-out-kernel-symbols-in-dtrace-on-freebsd/\"\u003eIncluding optimized-out kernel symbols in dtrace on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHave you ever had dtrace(1) on FreeBSD fail to list a probe that should exist in the kernel? This is because Clang will optimize-out some functions. The result is ctfconvert(1) will not generate debugging symbols that dtrace(1) uses to identify probes. I have a quick solution to getting those probes visible to dtrace(1).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my case, I was trying to instrument on ieee80211_ioctl_get80211, whose sister function ieee80211_ioctl_set80211 has a dtrace(1) probe in the generic FreeBSD 11 and 12 kernels. Both functions are located in /usr/src/sys/net80211/ieee80211_ioctl.c.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy first attempt was to add to /etc/make.conf as follows and recompile the kernel.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eCFLAGS+=-O0 and -fno-inline-functions\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis failed to produce the dtrace(1) probe. Several other attempts failed and I was getting inconsistent compilation results (Is it me or is ieee80211_ioctl.c compiled with different flags if NO_CLEAN=1 is set?). When I manually compiled the object file by copying the compilation line for the object file and adding -O0 -fno-inline-functions, nm(1) on both the object file and kernel demonstrated that the symbol was present. I installed the kernel, rebooted and it was listed as a dtrace probe. Great!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut as I continued to debug my WiFi driver (oh yeah, I’m very slowly extending rtwn(4)), I found myself rebuilding the kernel several times and frequently rebooting. Why not do this across the entire kernel?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter hacking around, my solution was to modify the build scripts. My solution was to edit /usr/src/sys/conf/kern.pre.mk and modify all optimization level 2 to optimization level 0. The following is my diff(1) on FreeBSD 12.0-CURRENT.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA few thoughts:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis seems like a hack rather than a long-term solution. Either the problem is with the hard-coded optimization flags, or the inability to overwrite them in all places in make.conf.\u003cbr\u003e\nRemoving optimizations is only something I would do in a non-production kernel, so its as if I have to choose between optimizations for a production kernel or having dtrace probes. But dtrace explicitly markets itself as not impactful on production.\u003cbr\u003e\nUsing the dtrace pony as your featured image on WordPress does not render properly and must be rotated and modified. Blame Bryan Cantrill.\u003cbr\u003e\nIf you have a better solution, please let me know and I will update the article, but this works for me!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.neelc.org/freebsd-uefi-on-asus-motherboards/\"\u003eFreeBSD: UEFI Bootloader stuck on BootCurrent/BootOrder/BootInfo on Asus Motherboards (and fix!)\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eStarting with FreeBSD CURRENT from about a few weeks of posting date, but including FreeBSD 12 alpha releases (not related to DEC Alpha), I noticed one thing: When I boot FreeBSD from UEFI on a homebuilt desktop with a Asus H87M-E motherboard, and have Root on ZFS, the bootloader gets stuck on lines like BootCurrent, BootOrder, and  BootInfo. This issue occurs when I try to boot directly to  efi\\boot\\bootx64.efi.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne person had a similar issue on a Asus H87I-PLUS motherboard. This issue may or may not exist on other Asus motherboards, desktops, or laptops. This may be specific to Asus motherboards for Intel’s Haswell, but may also exist on newer systems (e.g. Skylake) or older (e.g. Ivy Bridge) with Asus motherboards, as well as Asus desktops or laptops.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere are two solutions to this problem:\u003c/li\u003e\n\u003cli\u003eUse Legacy BIOS mode instead of UEFI mode\u003c/li\u003e\n\u003cli\u003eInstall a FreeBSD UEFI Boot entry\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKeep in mind that I am not going to talk about this issue and third-party UEFI boot managers such as rEFInd here.\u003cbr\u003e\nThe first option is rather straightforward: you need to make sure your computer has “Secure Boot” disabled and “Legacy Boot” or “CSM” enabled. Then, you need to make sure FreeBSD is installed in BIOS mode. However, this solution is (in my opinion) suboptimal. Why? Because:\u003cbr\u003e\nYou won’t be able to use hard drives bigger than 2TB\u003cbr\u003e\nYou are limited to MBR Partitioning on Asus motherboards with UEFI as Asus motherboards refuse to boot GPT partitioned disks in BIOS mode\u003cbr\u003e\nLegacy BIOS mode may not exist on future computers or motherboards (although those systems may not have this issue, and this issue may get fixed by then)\u003cbr\u003e\nThe second option, however, is less straightforward, but will let you keep UEFI. Many UEFI systems, including affected Asus motherboards described here, include a boot manager built into the UEFI. FreeBSD includes a tool called efibootmgr to manage this, similar to the similarly-named tool in Linux, but with a different syntax.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/unix/EdNoLongerGoodEditor\"\u003eWhy ed(1) is not a good editor today\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ll start with my tweet:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eHeretical Unix opinion time: ed(1) may be the 'standard Unix editor', but it is not a particularly good editor outside of a limited environment that almost never applies today.\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is a certain portion of Unixdom that really likes ed(1), the ‘standard Unix editor’. Having actually used ed for a not insignificant amount of time (although it was the friendlier ‘UofT ed’ variant), I have some reactions to what I feel is sometimes overzealous praise of it. One of these is what I tweeted.\u003cbr\u003e\nThe fundamental limitation of ed is that it is what I call an indirect manipulation interface, in contrast to the explicit manipulation interfaces of screen editors like vi and graphical editors like sam (which are generally lumped together as ‘visual’ editors, so called because they actually show you the text you’re editing). When you edit text in ed, you have some problems that you don’t have in visual editors; you have to maintain in your head the context of what the text looks like (and where you are in it), you have to figure out how to address portions of that text in order to modify them, and finally you have to think about how your edit commands will change the context. Copious use of ed’s p command can help with the first problem, but nothing really deals with the other two. In order to use ed, you basically have to simulate parts of ed in your head.\u003cbr\u003e\nEd is a great editor in situations where the editor explicitly presenting this context is a very expensive or outright impossible operation. Ed works great on real teletypes, for example, or over extremely slow links where you want to send and receive as little data as possible (and on real teletypes you have some amount of context in the form of an actual printout that you can look back at). Back in the old days of Unix, this described a fairly large number of situations; you had actual teletypes, you had slow dialup links (and later slow, high latency network links), and you had slow and heavily overloaded systems.\u003cbr\u003e\nHowever, that’s no longer the situation today (at least almost all of the time). Modern systems and links can easily support visual editors that continually show you the context of the text and generally let you more or less directly manipulate it (whether that is through cursoring around it or using a mouse). Such editors are easier and faster to use, and they leave you with more brainpower free to think about things like the program you’re writing (which is the important thing).\u003cbr\u003e\nIf you can use a visual editor, ed is not a particularly good editor to use instead; you will probably spend a lot of effort (and some amount of time) on doing by hand something that the visual editor will do for you. If you are very practiced at ed, maybe this partly goes away, but I maintain that you are still working harder than you need to be.\u003cbr\u003e\nThe people who say that ed is a quite powerful editor are correct; ed is quite capable (although sadly limited by only editing a single file). It’s just that it’s also a pain to use.\u003cbr\u003e\n(They’re also correct that ed is the foundation of many other things in Unix, including sed and vi. But that doesn’t mean that the best way to learn or understand those things is to learn and use ed.)\u003cbr\u003e\nThis doesn’t make ed a useless, vestigial thing on modern Unix, though. There are uses for ed in non-interactive editing, for example. But on modern Unix, ed is a specialized tool, much like dc. It’s worth knowing that ed is there and roughly what it can do, but it’s probably not worth learning how to use it before you need it. And you’re unlikely to ever be in a situation where it’s the best choice for interactive editing (and if you are, something has generally gone wrong).\u003cbr\u003e\n(But if you enjoy exploring the obscure corners of Unix, sure, go for it. Learn dc too, because it’s interesting in its own way and, like ed, it’s one of those classical old Unix programs.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/DavieDavieDave/status/1040359656864903169\"\u003eIs there any interest in a #BSD user group in #Montreal?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdjobs.com/people/hi.html\"\u003eTell your BSD story\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/finishing_leftover_tasks_from_google\"\u003eFinishing leftover tasks from Google Summer of Code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180906072459\"\u003eFuzzing the OpenBSD Kernel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2018-August/017692.html\"\u003eARM - any Tier-1 *BSD options?\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eChris - \u003ca href=\"http://dpaste.com/2Y6XBYN\"\u003ebyhve question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaulo - \u003ca href=\"http://dpaste.com/1A88F2W\"\u003eTopic suggestion\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/140ZHZD#wrap\"\u003eHow data gets to disk\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"FreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.","date_published":"2018-09-20T01:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/870be997-e69a-4290-b287-0465a463522d.mp3","mime_type":"audio/mp3","size_in_bytes":43367569,"duration_in_seconds":4318}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2528","title":"Episode 263: Encrypt That Pool | BSD Now 263","url":"https://www.bsdnow.tv/263","content_text":"Mitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more.\n\n\n##Headlines\n###How to mitigate Spectre and Meltdown on an HP Proliant server with FreeBSD\n\n\nAs recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing you’re carrying on for ages) you may take the necessary extra steps to protect your environment. I never planned to do any article on patching anything. Nowadays it’s a no brainer and operating systems have provided the necessary tools for this to be easy and as smooth as possible. So why this article?\nSpectre and Meltdown are both hardware vulnerabilities. Major ones. They are meaningful for several reasons among them the world wide impact since they affect Intel and AMD systems which are ubiquitous. And second because patching hardware is not as easy, for the manufacturer and for the users or administrators in charge of the systems. There is still no known exploit around left out in the open hitting servers or desktops anywhere. The question is not if it will ever happen. The question is when will it happen. And it may be sooner than later. This is why big companies, governments and people in charge of big deployments are patching or have already patched their systems. But have you done it to your system? I know you have a firewall. Have you thought about CVE-2018-3639? This particular one could make your browser being a vector to get into your system. So, no, there is no reason to skip this.\nPatching these set of vulnerabilities implies some more steps and concerns than updating the operating system. If you are a regular Windows user I find rare you to be here and many of the things you will read may be foreign to you. I am not planning to do a guide on Windows systems since I believe someone else has or will do it and will do it better than me since I am not a pro Windows user. However there is one basic and common thing for all OS’s when dealing with Spectre and Meltdown and that is a microcode update is necessary for the OS patches to effectively work.\nWhat is microcode? You can read the Wikipedia article but in short it is basically a layer of code that allows chip manufacturers to deal with modifications on the hardware they’ve produced and the operating systems that will manage that hardware. Since there’s been some issues (namely Spectre and Meltdown) Intel and AMD respectively have released a series of microcode updates to address those problems. First series did come with serious problems and some regressions, to the point GNU/Linux producers stopped releasing the microcode updates through their release channels for updates and placed the ball on Intel’s roof. Patching fast does always include risks, specially when dealing with hardware. OS vendors have resumed their microcode update releases so all seems to be fine now.\nIn order to update the microcode we’re faced with two options. Download the most recent BIOS release from our vendor, provided it patches the Spectre and Meltdown vulnerabilities, or patch it from the OS. If your hardware vendor has decided not to provide support on your hardware you are forced to use the latter solution. Yes, you can still keep your hardware. They usually come accompanied with a “release notes” file where there are some explanatory notes on what is fixed, what is new, etc. To make the search easy for you a news site collected the vendors list and linked the right support pages for anyone to look. In some scenarios it would be desirable not to replace the whole BIOS but just update the microcode from the OS side. In my case I should update an HP Proliant ML110 G7 box and the download link for that would be this.\nInstead of using the full blown BIOS update path we’ll use the inner utilities to patch Spectre and Meltdown on FreeBSD. So let’s put our hands on it\n\n\n\nSee the article for the technical breakdown\n\n\n\n\n###A look beyond the BSD teacup: OmniOS installation\n\n\nFive years ago I wrote a post about taking a look beyond the Linux teacup. I was an Arch Linux user back then and since there were projects like ArchBSD (called PacBSD today) and Arch Hurd, I decided to take a look at and write about them. Things have changed. Today I’m a happy FreeBSD user, but it’s time again to take a look beyond the teacup of operating systems that I’m familiar with.\n\n\n\nWhy Illumos / OmniOS?\n\n\n\nThere are a couple of reasons. The Solaris derivatives are the other big community in the *nix family besides Linux and the BSDs and we hadn’t met so far. Working with ZFS on FreeBSD, I now and then I read messages that contain a reference to Illumos which certainly helps to keep up the awareness. Of course there has also been a bit of curiosity – what might the OS be like that grew ZFS?\nAlso the Ravenports project that I participate in planned to support Solaris/Illumos right from the beginning. I wanted to at least be somewhat “prepared” when support for that platform would finally land. So I did a little research on the various derivatives available and settled on the one that I had heard a talk about at last year’s conference of the German Unix Users Group: “OmniOS – Solaris for the Rest of Us”. I would have chosen SmartOS as I admire what Bryan Cantrill does but for getting to know Illumos I prefer a traditional installation over a run-from-RAM system.\nOf course FreeBSD is not run by corporations, especially when compared to the state of Linux. And when it comes to sponsoring, OpenBSD also takes the money… When it comes to FreeBSD developers, there’s probably some truth to the claim that some of them are using macOS as their desktop systems while OpenBSD devs are more likely to develop on their OS of choice. But then there’s the statement that “every innovation in the past decade comes from Solaris”. Bhyve alone proves this wrong. But let’s be honest: Two of the major technologies that make FreeBSD a great platform today – ZFS and DTrace – actually do come from Solaris. PAM originates there and a more modern way of managing services as well. Also you hear good things about their zones and a lot of small utilities in general.\nIn the end it was a lack of time that made me cheat and go down the easiest road: Create a Vagrantfile and just pull a VM image of the net that someone else had prepared… This worked to just make sure that the Raven packages work on OmniOS. I was determined to return, though – someday. You know how things go: “someday” is a pretty common alias for “probably never, actually.”\nBut then I heard about a forum post on the BSDNow! podcast. The title “Initial OmniOS impressions by a BSD user” caught my attention. I read that it was written by somebody who had used FreeBSD for years but loathed the new Code of Conduct enough to leave. I also oppose the Conduct and have made that pretty clear in my February post [ ! -z ${COC} ] \u0026amp;\u0026amp; exit 1. As stated there, I have stayed with my favorite OS and continue to advocate it. I decided to stop reading the post and try things out on my own instead. Now I’ve finally found the time to do so.\n\n\n\nWhat’s next?\n\n\n\nThat’s it for part one. In part two I’ll try to make the system useful. So far I have run into a problem that I haven’t been able to solve. But I have some time now to figure things out for the next post. Let’s see if I manage to get it working or if I have to report failure!\n\n\n\n\n###What are all these types of memory in top(1)?\n\n\nEarlier this week I convinced Mark Johnston, one of the FreeBSD VM experts to update a page on the FreeBSD wiki that I saw was being referenced on stackoverflow and similar sites\nMark updated the explanations to be more correct, and to include more technical detail for inquiring minds\nHe also added the new type that appeared in FreeBSD somewhat recently\n\n\n\nActive - Contains memory “actively” (recently) being used by applications\nInactive - Contains memory that has not been touched recently, or was released from the Buffer Cache\nLaundry - Contains memory that Inactive but still potentially contains useful data that needs to be stored before this memory can be used again\nWired - Memory that cannot be swapped out, including the kernel, network stack, and the ZFS ARC\nBuf - Buffer Cache, used my UFS and most filesystems except ZFS (which uses the ARC)\nFree - Memory that is immediately available for use by the rest of the system\n\n\n\n\n##News Roundup\n###OpenBSD saves me again! — Debug a memory corruption issue\n\n\nYesterday, I came across a third-part library issue, which crashes at allocating memory:\n\n\nProgram terminated with signal SIGSEGV, Segmentation fault.\n#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6\n(gdb) bt\n#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6\n#1 0x00007f594a5ab503 in malloc () from /usr/lib/libc.so.6\n#2 0x00007f594b13f159 in operator new (sz=5767168) at /build/gcc/src/gcc/libstdc++-v3/libsupc++/new_op.cc:50\n\n\nIt is obvious that the memory tags are corrupted, but who is the murder? Since the library involves a lot of maths computation, it is not an easy task to grasp the code quickly. So I need to find another way:\n(1) Open all warnings during compilation: -Wall. Nothing found.\n(2) Use valgrind, but unfortunately, valgrind crashes itself:\n\n\nvalgrind: the 'impossible' happened:\nKilled by fatal signal\n\nhost stacktrace:\n==43326== at 0x58053139: get_bszB_as_is (m_mallocfree.c:303)\n==43326== by 0x58053139: get_bszB (m_mallocfree.c:315)\n==43326== by 0x58053139: vgPlain_arena_malloc (m_mallocfree.c:1799)\n==43326== by 0x5800BA84: vgMemCheck_new_block (mc_malloc_wrappers.c:372)\n==43326== by 0x5800BD39: vgMemCheck___builtin_vec_new (mc_malloc_wrappers.c:427)\n==43326== by 0x5809F785: do_client_request (scheduler.c:1866)\n==43326== by 0x5809F785: vgPlain_scheduler (scheduler.c:1433)\n==43326== by 0x580AED50: thread_wrapper (syswrap-linux.c:103)\n==43326== by 0x580AED50: run_a_thread_NORETURN (syswrap-linux.c:156)\n\nsched status:\nrunning_tid=1\n\n\n(3) Change compiler, use clang instead of gcc, and hope it can give me some clues. Still no effect.\n(4) Switch Operating System from Linux to OpenBSD, the program crashes again. But this time, it tells me where the memory corruption occurs:\n\n\nProgram terminated with signal SIGSEGV, Segmentation fault.\n#0 0x000014b07f01e52d in addMod (r=\u0026lt;error reading variable\u0026gt;, a=4693443247995522, b=28622907746665631,\n\n\nI figure out the issue quickly, and not bother to understand the whole code. OpenBSD saves me again, thanks!\n\n\n\n\n###Native Encryption for ZFS on FreeBSD (Call for Testing)\n\n\nTo anyone with an interest in native encryption in ZFS please test the projects/zfs-crypto-merge-0820 branch in my freebsd repo: https://github.com/mattmacy/networking.git\n\n\ngit clone https://github.com/mattmacy/networking.git -b projects/zfs-crypto-merge-0820\n\n\nThe UI is quite close to the Oracle Solaris ZFS crypto with minor differences for specifying key location.\nPlease note that once a feature is enabled on a pool it can’t be disabled. This means that if you enable encryption support on a pool you will never be able to import it in to a ZFS without encryption support. For this reason I would strongly advise against using this on any pool that can’t be easily replaced until this change has made its way in to HEAD after the freeze has been lifted.\nBy way of background the original ZoL commit can be found at:\n\n\n\nhttps://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49\n\n\n\n\n###VMworld 2018: Showcasing Hybrid Cloud, Persistent Memory and the Asigra TrueNAS Backup Appliance\n\n\nDuring its last year in Las Vegas before moving back to San Francisco, VMworld was abuzz with all the popular buzzwords, but the key focus was on supporting a more agile approach to hybrid cloud.\nSurveys of IT stakeholders and analysts agree that most businesses have multiple clouds spanning both public cloud providers and private data centers. While the exact numbers vary, well over half of businesses have a hybrid cloud strategy consisting of at least three different clouds.\nThis focus on hybrid cloud provided the perfect timing for our announcement that iXsystems and Asigra are partnering to deliver the Asigra TrueNAS Backup Appliance, which combines Asigra Cloud Backup software backed by TrueNAS storage. Asigra TrueNAS Backup Appliances provide a self-healing and ransomware-resistent OpenZFS backup repository in your private cloud. The appliance can simultaneously be used as general-purpose file, block, and object storage. How does this tie in with the hybrid cloud? The Asigra Cloud Backup software can backup data from public cloud repositories – G Suite, Office 365, Salesforce, etc. – as well as intelligently move backed-up data to the public cloud for long-term retention.\nAnother major theme at the technical sessions was persistent memory, as vSphere 6.7 added support for persistent memory – either as a storage tier or virtualized and presented to a guest OS. As detailed in our blog post from SNIA’s Persistent Memory Summit 2018, persistent memory is rapidly becoming mainstream. Persistent memory bridges the gap between memory and flash storage – providing near-memory latency storage that persists across reboots or power loss. vSphere allows both legacy and persistent memory-aware applications to leverage this ultra-fast storage tier. We were excited to show off our newly-introduced TrueNAS M-Series at VMworld, as all TrueNAS M40 and M50 models leverage NVDIMM persistent memory technology to provide a super-fast write cache, or SLOG, without any of the limitations of Flash technology.\nThe iXsystems booth’s theme was “Enterprise Storage, Open Source Economics”. iXsystems leverages the power of Open Source software, combined with our enterprise-class hardware and support, to provide incredibly low TCO storage for virtualization environments. Our TrueNAS unified storage and server offerings are an ideal solution for your organization’s private cloud infrastructure. Combined with VMware NSX Hybrid Connect – formerly known as VMware Hybrid Cloud Extension – you can seamlessly shift running systems into a public cloud environment for a true hybrid cloud solution.\nAnother special treat at this year’s booth was iXsystems Vice President of Engineering Kris Moore giving demos of an early version of “Project TrueView”, a single-pane of glass management solution for administration of multiple FreeNAS and TrueNAS systems. In addition to simplified administration and enhanced monitoring, Project TrueView will also provide Role-Based Access Control for finer-grained permissions management. A beta version of Project TrueView is expected to be available at the end of this year.\nOverall, we had a great week at VMworld 2018 with lots of good conversations with customers, press, analysts, and future customers about TrueNAS, the Asigra TrueNAS Backup Appliance, iXsystems servers, Project TrueView, and more – our booth was more popular than ever!\n\n\n\n\n###End of life for NetBSD 6.x\n\n\nIn keeping with NetBSD’s policy of supporting only the latest (8.x) and next most recent (7.x) major branches, the recent release of NetBSD 8.0 marks the end of life for NetBSD 6.x. As in the past, a month of overlapping support has been provided in order to ease the migration to newer releases.\n\n\n\n\nAs of now, the following branches are no longer maintained:\n\n\nnetbsd-6-1\n\n\nnetbsd-6-0\n\n\nnetbsd-6\n\n\nThis means:\n\n\nThere will be no more pullups to those branches (even for security issues)\n\n\nThere will be no security advisories made for any those branches\n\n\nThe existing 6.x releases on ftp.NetBSD.org will be moved into /pub/NetBSD-archive/\n\n\nMay NetBSD 8.0 serve you well! (And if it doesn’t, please submit a PR!)\n\n\n\n\n\n##Beastie Bits\n\n\nBlast from the past: OpenBSD 3.7 CD artwork\nPeople are asking about scale of BSD projects. Let’s figure it out…\nTuesday, 21 August 18: me, on ed(1), at SemiBUG\narm64 gains RETGUARD\nCall for participation\nFreeBSD-UPB/bhyvearm64-utils\n\n\n\n\n##Feedback/Questions\n\n\nEric - FreeNAS for Vacation\nPatrick - Long Live Unix\nJason - Jason - Full MP3 Recordings\nBostjan - Question about jails and kernel\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eMitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more.\u003cbr\u003e\n\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-mitigate-spectre-and-meltdown-on-an-hp-proliant-server-with-freebsd/\"\u003eHow to mitigate Spectre and Meltdown on an HP Proliant server with FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing you’re carrying on for ages) you may take the necessary extra steps to protect your environment. I never planned to do any article on patching anything. Nowadays it’s a no brainer and operating systems have provided the necessary tools for this to be easy and as smooth as possible. So why this article?\u003cbr\u003e\nSpectre and Meltdown are both hardware vulnerabilities. Major ones. They are meaningful for several reasons among them the world wide impact since they affect Intel and AMD systems which are ubiquitous. And second because patching hardware is not as easy, for the manufacturer and for the users or administrators in charge of the systems. There is still no known exploit around left out in the open hitting servers or desktops anywhere. The question is not if it will ever happen. The question is when will it happen. And it may be sooner than later. This is why big companies, governments and people in charge of big deployments are patching or have already patched their systems. But have you done it to your system? I know you have a firewall. Have you thought about CVE-2018-3639? This particular one could make your browser being a vector to get into your system. So, no, there is no reason to skip this.\u003cbr\u003e\nPatching these set of vulnerabilities implies some more steps and concerns than updating the operating system. If you are a regular Windows user I find rare you to be here and many of the things you will read may be foreign to you. I am not planning to do a guide on Windows systems since I believe someone else has or will do it and will do it better than me since I am not a pro Windows user. However there is one basic and common thing for all OS’s when dealing with Spectre and Meltdown and that is a microcode update is necessary for the OS patches to effectively work.\u003cbr\u003e\nWhat is microcode? You can read the Wikipedia article but in short it is basically a layer of code that allows chip manufacturers to deal with modifications on the hardware they’ve produced and the operating systems that will manage that hardware. Since there’s been some issues (namely Spectre and Meltdown) Intel and AMD respectively have released a series of microcode updates to address those problems. First series did come with serious problems and some regressions, to the point GNU/Linux producers stopped releasing the microcode updates through their release channels for updates and placed the ball on Intel’s roof. Patching fast does always include risks, specially when dealing with hardware. OS vendors have resumed their microcode update releases so all seems to be fine now.\u003cbr\u003e\nIn order to update the microcode we’re faced with two options. Download the most recent BIOS release from our vendor, provided it patches the Spectre and Meltdown vulnerabilities, or patch it from the OS. If your hardware vendor has decided not to provide support on your hardware you are forced to use the latter solution. Yes, you can still keep your hardware. They usually come accompanied with a “release notes” file where there are some explanatory notes on what is fixed, what is new, etc. To make the search easy for you a news site collected the vendors list and linked the right support pages for anyone to look. In some scenarios it would be desirable not to replace the whole BIOS but just update the microcode from the OS side. In my case I should update an HP Proliant ML110 G7 box and the download link for that would be this.\u003cbr\u003e\nInstead of using the full blown BIOS update path we’ll use the inner utilities to patch Spectre and Meltdown on FreeBSD. So let’s put our hands on it\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the technical breakdown\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://eerielinux.wordpress.com/2018/08/25/a-look-beyond-the-bsd-teacup-omnios-installation/\"\u003eA look beyond the BSD teacup: OmniOS installation\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFive years ago I wrote a post about taking a look beyond the Linux teacup. I was an Arch Linux user back then and since there were projects like ArchBSD (called PacBSD today) and Arch Hurd, I decided to take a look at and write about them. Things have changed. Today I’m a happy FreeBSD user, but it’s time again to take a look beyond the teacup of operating systems that I’m familiar with.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy Illumos / OmniOS?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are a couple of reasons. The Solaris derivatives are the other big community in the *nix family besides Linux and the BSDs and we hadn’t met so far. Working with ZFS on FreeBSD, I now and then I read messages that contain a reference to Illumos which certainly helps to keep up the awareness. Of course there has also been a bit of curiosity – what might the OS be like that grew ZFS?\u003cbr\u003e\nAlso the Ravenports project that I participate in planned to support Solaris/Illumos right from the beginning. I wanted to at least be somewhat “prepared” when support for that platform would finally land. So I did a little research on the various derivatives available and settled on the one that I had heard a talk about at last year’s conference of the German Unix Users Group: “OmniOS – Solaris for the Rest of Us”. I would have chosen SmartOS as I admire what Bryan Cantrill does but for getting to know Illumos I prefer a traditional installation over a run-from-RAM system.\u003cbr\u003e\nOf course FreeBSD is not run by corporations, especially when compared to the state of Linux. And when it comes to sponsoring, OpenBSD also takes the money… When it comes to FreeBSD developers, there’s probably some truth to the claim that some of them are using macOS as their desktop systems while OpenBSD devs are more likely to develop on their OS of choice. But then there’s the statement that “every innovation in the past decade comes from Solaris”. Bhyve alone proves this wrong. But let’s be honest: Two of the major technologies that make FreeBSD a great platform today – ZFS and DTrace – actually do come from Solaris. PAM originates there and a more modern way of managing services as well. Also you hear good things about their zones and a lot of small utilities in general.\u003cbr\u003e\nIn the end it was a lack of time that made me cheat and go down the easiest road: Create a Vagrantfile and just pull a VM image of the net that someone else had prepared… This worked to just make sure that the Raven packages work on OmniOS. I was determined to return, though – someday. You know how things go: “someday” is a pretty common alias for “probably never, actually.”\u003cbr\u003e\nBut then I heard about a forum post on the BSDNow! podcast. The title “Initial OmniOS impressions by a BSD user” caught my attention. I read that it was written by somebody who had used FreeBSD for years but loathed the new Code of Conduct enough to leave. I also oppose the Conduct and have made that pretty clear in my February post [ ! -z ${COC} ] \u0026amp;\u0026amp; exit 1. As stated there, I have stayed with my favorite OS and continue to advocate it. I decided to stop reading the post and try things out on my own instead. Now I’ve finally found the time to do so.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat’s next?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThat’s it for part one. In part two I’ll try to make the system useful. So far I have run into a problem that I haven’t been able to solve. But I have some time now to figure things out for the next post. Let’s see if I manage to get it working or if I have to report failure!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://wiki.freebsd.org/Memory\"\u003eWhat are all these types of memory in top(1)?\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEarlier this week I convinced Mark Johnston, one of the FreeBSD VM experts to update a page on the FreeBSD wiki that I saw was being referenced on stackoverflow and similar sites\u003c/li\u003e\n\u003cli\u003eMark updated the explanations to be more correct, and to include more technical detail for inquiring minds\u003c/li\u003e\n\u003cli\u003eHe also added the new type that appeared in FreeBSD somewhat recently\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eActive - Contains memory “actively” (recently) being used by applications\u003cbr\u003e\nInactive - Contains memory that has not been touched recently, or was released from the Buffer Cache\u003cbr\u003e\nLaundry - Contains memory that Inactive but still potentially contains useful data that needs to be stored before this memory can be used again\u003cbr\u003e\nWired - Memory that cannot be swapped out, including the kernel, network stack, and the ZFS ARC\u003cbr\u003e\nBuf - Buffer Cache, used my UFS and most filesystems except ZFS (which uses the ARC)\u003cbr\u003e\nFree - Memory that is immediately available for use by the rest of the system\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://nanxiao.me/en/openbsd-saves-me-again-debug-a-memory-corruption-issue/\"\u003eOpenBSD saves me again! — Debug a memory corruption issue\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYesterday, I came across a third-part library issue, which crashes at allocating memory:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eProgram terminated with signal SIGSEGV, Segmentation fault.\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e(gdb) bt\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e#0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e#1 0x00007f594a5ab503 in malloc () from /usr/lib/libc.so.6\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e#2 0x00007f594b13f159 in operator new (sz=5767168) at /build/gcc/src/gcc/libstdc++-v3/libsupc++/new_op.cc:50\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt is obvious that the memory tags are corrupted, but who is the murder? Since the library involves a lot of maths computation, it is not an easy task to grasp the code quickly. So I need to find another way:\u003cbr\u003e\n(1) Open all warnings during compilation: -Wall. Nothing found.\u003cbr\u003e\n(2) Use valgrind, but unfortunately, valgrind crashes itself:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003evalgrind: the 'impossible' happened:\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eKilled by fatal signal\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ehost stacktrace:\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== at 0x58053139: get_bszB_as_is (m_mallocfree.c:303)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x58053139: get_bszB (m_mallocfree.c:315)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x58053139: vgPlain_arena_malloc (m_mallocfree.c:1799)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x5800BA84: vgMemCheck_new_block (mc_malloc_wrappers.c:372)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x5800BD39: vgMemCheck___builtin_vec_new (mc_malloc_wrappers.c:427)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x5809F785: do_client_request (scheduler.c:1866)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x5809F785: vgPlain_scheduler (scheduler.c:1433)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x580AED50: thread_wrapper (syswrap-linux.c:103)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e==43326== by 0x580AED50: run_a_thread_NORETURN (syswrap-linux.c:156)\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003esched status:\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003erunning_tid=1\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e(3) Change compiler, use clang instead of gcc, and hope it can give me some clues. Still no effect.\u003cbr\u003e\n(4) Switch Operating System from Linux to OpenBSD, the program crashes again. But this time, it tells me where the memory corruption occurs:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eProgram terminated with signal SIGSEGV, Segmentation fault.\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e#0 0x000014b07f01e52d in addMod (r=\u0026lt;error reading variable\u0026gt;, a=4693443247995522, b=28622907746665631,\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI figure out the issue quickly, and not bother to understand the whole code. OpenBSD saves me again, thanks!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html\"\u003eNative Encryption for ZFS on FreeBSD (Call for Testing)\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo anyone with an interest in native encryption in ZFS please test the projects/zfs-crypto-merge-0820 branch in my freebsd repo: \u003ca href=\"https://github.com/mattmacy/networking.git\"\u003ehttps://github.com/mattmacy/networking.git\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003egit clone https://github.com/mattmacy/networking.git -b projects/zfs-crypto-merge-0820\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe UI is quite close to the Oracle Solaris ZFS crypto with minor differences for specifying key location.\u003cbr\u003e\nPlease note that once a feature is enabled on a pool it can’t be disabled. This means that if you enable encryption support on a pool you will never be able to import it in to a ZFS without encryption support. For this reason I would strongly advise against using this on any pool that can’t be easily replaced until this change has made its way in to HEAD after the freeze has been lifted.\u003cbr\u003e\nBy way of background the original ZoL commit can be found at:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49\"\u003ehttps://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.ixsystems.com/blog/vmworld2018/\"\u003eVMworld 2018: Showcasing Hybrid Cloud, Persistent Memory and the Asigra TrueNAS Backup Appliance\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDuring its last year in Las Vegas before moving back to San Francisco, VMworld was abuzz with all the popular buzzwords, but the key focus was on supporting a more agile approach to hybrid cloud.\u003cbr\u003e\nSurveys of IT stakeholders and analysts agree that most businesses have multiple clouds spanning both public cloud providers and private data centers. While the exact numbers vary, well over half of businesses have a hybrid cloud strategy consisting of at least three different clouds.\u003cbr\u003e\nThis focus on hybrid cloud provided the perfect timing for our announcement that iXsystems and Asigra are partnering to deliver the Asigra TrueNAS Backup Appliance, which combines Asigra Cloud Backup software backed by TrueNAS storage. Asigra TrueNAS Backup Appliances provide a self-healing and ransomware-resistent OpenZFS backup repository in your private cloud. The appliance can simultaneously be used as general-purpose file, block, and object storage. How does this tie in with the hybrid cloud? The Asigra Cloud Backup software can backup data from public cloud repositories – G Suite, Office 365, Salesforce, etc. – as well as intelligently move backed-up data to the public cloud for long-term retention.\u003cbr\u003e\nAnother major theme at the technical sessions was persistent memory, as vSphere 6.7 added support for persistent memory – either as a storage tier or virtualized and presented to a guest OS. As detailed in our blog post from SNIA’s Persistent Memory Summit 2018, persistent memory is rapidly becoming mainstream. Persistent memory bridges the gap between memory and flash storage – providing near-memory latency storage that persists across reboots or power loss. vSphere allows both legacy and persistent memory-aware applications to leverage this ultra-fast storage tier. We were excited to show off our newly-introduced TrueNAS M-Series at VMworld, as all TrueNAS M40 and M50 models leverage NVDIMM persistent memory technology to provide a super-fast write cache, or SLOG, without any of the limitations of Flash technology.\u003cbr\u003e\nThe iXsystems booth’s theme was “Enterprise Storage, Open Source Economics”. iXsystems leverages the power of Open Source software, combined with our enterprise-class hardware and support, to provide incredibly low TCO storage for virtualization environments. Our TrueNAS unified storage and server offerings are an ideal solution for your organization’s private cloud infrastructure. Combined with VMware NSX Hybrid Connect – formerly known as VMware Hybrid Cloud Extension – you can seamlessly shift running systems into a public cloud environment for a true hybrid cloud solution.\u003cbr\u003e\nAnother special treat at this year’s booth was iXsystems Vice President of Engineering Kris Moore giving demos of an early version of “Project TrueView”, a single-pane of glass management solution for administration of multiple FreeNAS and TrueNAS systems. In addition to simplified administration and enhanced monitoring, Project TrueView will also provide Role-Based Access Control for finer-grained permissions management. A beta version of Project TrueView is expected to be available at the end of this year.\u003cbr\u003e\nOverall, we had a great week at VMworld 2018 with lots of good conversations with customers, press, analysts, and future customers about TrueNAS, the Asigra TrueNAS Backup Appliance, iXsystems servers, Project TrueView, and more – our booth was more popular than ever!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.netbsd.org/tnf/entry/end_of_life_for_netbsd1\"\u003eEnd of life for NetBSD 6.x\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn keeping with NetBSD’s policy of supporting only the latest (8.x) and next most recent (7.x) major branches, the recent release of NetBSD 8.0 marks the end of life for NetBSD 6.x. As in the past, a month of overlapping support has been provided in order to ease the migration to newer releases.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAs of now, the following branches are no longer maintained:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003enetbsd-6-1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003enetbsd-6-0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003enetbsd-6\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThis means:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThere will be no more pullups to those branches (even for security issues)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThere will be no security advisories made for any those branches\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe existing 6.x releases on \u003ca href=\"http://ftp.NetBSD.org\"\u003eftp.NetBSD.org\u003c/a\u003e will be moved into /pub/NetBSD-archive/\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMay NetBSD 8.0 serve you well! (And if it doesn’t, please submit a PR!)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://imgur.com/a/fkzTwYm\"\u003eBlast from the past: OpenBSD 3.7 CD artwork\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/romanzolotarev/status/1030345831751270400\"\u003ePeople are asking about scale of BSD projects. Let’s figure it out…\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3642\"\u003eTuesday, 21 August 18: me, on ed(1), at SemiBUG\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180813133939\"\u003earm64 gains RETGUARD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://fosdem.org/2019/news/2018-08-10-call-for-participation/\"\u003eCall for participation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FreeBSD-UPB/bhyvearm64-utils\"\u003eFreeBSD-UPB/bhyvearm64-utils\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEric - \u003ca href=\"http://dpaste.com/2GY2S6T#wrap\"\u003eFreeNAS for Vacation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatrick - \u003ca href=\"http://dpaste.com/347WCR3\"\u003eLong Live Unix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJason - \u003ca href=\"http://dpaste.com/1B7E8F5#wrap\"\u003eJason - Full MP3 Recordings\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/34AQNSE#wrap\"\u003eQuestion about jails and kernel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"Mitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more.","date_published":"2018-09-07T14:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c8edc035-36d5-4699-a081-43c1e08686bf.mp3","mime_type":"audio/mp3","size_in_bytes":38437869,"duration_in_seconds":3825}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2521","title":"Episode 262: OpenBSD Surfacing | BSD Now 262","url":"https://www.bsdnow.tv/262","content_text":"OpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code.\n\n##Headlines\n###OpenBSD on the Microsoft Surface Go\n\n\nFor some reason I like small laptops and the constraints they place on me (as long as they’re still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11\" MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.\n\n\n\nHardware\n\n\n\nThe Surface Go is available in two hardware configurations: one with 4Gb of RAM and a 64Gb eMMC, and another with 8Gb of RAM with a 128Gb NVMe SSD. (I went with the latter.) Both ship with an Intel Pentium Gold 4415Y processor which is not very fast, but it’s certainly usable.\nThe tablet measures 9.65\" across, 6.9\" tall, and 0.3\" thick. Its 10\" diagonal 3:2 touchscreen is covered with Gorilla Glass and has a resolution of 1800x1200. The bezel is quite large, especially for such a small screen, but it makes sense on a device that is meant to be held, to avoid accidental screen touches.\nThe keyboard and touchpad are located on a separate, removable slab called the Surface Go Signature Type Cover which is sold separately. I opted for the “cobalt blue” cover which has a soft, cloth-like alcantara material. The cover attaches magnetically along the bottom edge of the device and presents USB-attached keyboard and touchpad devices. When the cover is folded up against the screen, it sends an ACPI sleep signal and is held to the screen magnetically. During normal use, the cover can be positioned flat on a surface or slightly raised up about 3/4\" near the screen for better ergonomics. When using the device as a tablet, the cover can be rotated behind the screen which causes it to automatically stop sending keyboard and touchpad events until it is rotated back around.\nThe keyboard has a decent amount of key travel and a good layout, with Home/End/Page Up/Page Down being accessible via Fn+Left/Right/Up/Down but also dedicated Home/End/Page Up/Page Down keys on the F9-F12 keys which I find quite useful since the keyboard layout is somewhat small. By default, the F1-F12 keys do not send F1-F12 key codes and Fn must be used, either held down temporarily or Fn pressed by itself to enable Fn-lock which annoyingly keeps the bright Fn LED illuminated. The keys are backlit with three levels of adjustment, handled by the keyboard itself with the F7 key.\nThe touchpad on the Type Cover is a Windows Precision Touchpad connected via USB HID. It has a decent click feel but when the cover is angled up instead of flat on a surface, it sounds a bit hollow and cheap.\n\n\n\nSurface Go Pen\n\n\n\nThe touchscreen is powered by an Elantech chip connected via HID-over-i2c, which also supports pen input. A Surface Pen digitizer is available separately from Microsoft and comes in the same colors as the Type Covers. The pen works without any pairing necessary, though the top button on it works over Bluetooth so it requires pairing to use. Either way, the pen requires an AAAA battery inside it to operate. The Surface Pen can attach magnetically to the left side of the screen when not in use.\nA kickstand can swing out behind the display to use the tablet in a laptop form factor, which can adjust to any angle up to about 170 degrees. The kickstand stays firmly in place wherever it is positioned, which also means it requires a bit of force to pull it out when initially placing the Surface Go on a desk.\nAlong the top of the display are a power button and physical volume rocker buttons. Along the right side are the 3.5mm headphone jack, USB-C port, power port, and microSD card slot located behind the kickstand.\nCharging can be done via USB-C or the dedicated charge port, which accommodates a magnetically-attached, thin barrel similar to Apple’s first generation MagSafe adapter. The charging cable has a white LED that glows when connected, which is kind of annoying since it’s near the mid-line of the screen rather than down by the keyboard. Unlike Apple’s MagSafe, the indicator light does not indicate whether the battery is charged or not. The barrel charger plug can be placed up or down, but in either direction I find it puts an awkward strain on the power cable coming out of it due to the vertical position of the port.\nWireless connectivity is provided by a Qualcomm Atheros QCA6174 802.11ac chip which also provides Bluetooth connectivity.\nMost of the sensors on the device such as the gyroscope and ambient light sensor are connected behind an Intel Sensor Hub PCI device, which provides some power savings as the host CPU doesn’t have to poll the sensors all the time.\n\n\n\nFirmware\n\n\n\nThe Surface Go’s BIOS/firmware menu can be entered by holding down the Volume Up button, then pressing and releasing the Power button, and releasing Volume Up when the menu appears. Secure Boot as well as various hardware components can be disabled in this menu. Boot order can also be adjusted. A temporary boot menu can be brought up the same way but using Volume Down instead.\n\n\n\n\n###FreeBSD Foundation Update, August 2018\n\n\nMESSAGE FROM THE EXECUTIVE DIRECTOR\n\n\n\nDear FreeBSD Community Member,\nIt’s been a busy summer for the Foundation. From traveling around the globe spreading the word about FreeBSD to bringing on new team members to improve the Project’s Continuous Integration work, we’re very excited about what we’ve accomplished. Take a minute to check out the latest updates within our Foundation sponsored projects; read more about our advocacy efforts in Bangladesh and community building in Cambridge; don’t miss upcoming Travel Grant deadlines, and new Developer Summits; and be sure to find out how your support will ensure our progress continues into 2019.\nWe can’t do this without you! Happy reading!! Deb\n\n\n\nAugust 2018 Development Projects Update\nFundraising Update: Supporting the Project\nAugust 2018 Release Engineering Update\nBSDCam 2018 Recap\nOctober 2018 FreeBSD Developer Summit Call for Participation\nSANOG32 and COSCUP 2018 Recap\nMeetBSD 2018 Travel Grant Application Deadline: September 7\n\n\n\n\n##News Roundup\n###Project Trident: What’s taking so long?\n\n\nWhat is taking so long?\n\n\n\nThe short answer is that it’s complicated.\nProject Trident is quite literally a test of the new TrueOS build system. As expected, there have been quite a few bugs, undocumented features, and other optional bits that we discovered we needed that were not initially present. All of these things have to be addressed and retested in a constant back and forth process.\nWhile Ken and JT are both experienced developers, neither has done this kind of release engineering before. JT has done some release engineering back in his Linux days, but the TrueOS and FreeBSD build system is very different. Both Ken and JT are learning a completely new way of building a FreeBSD/TrueOS distribution. Please keep in mind that no one has used this new TrueOS build system before, so Ken and JT want to not only provide a good Trident release, but also provide a model or template for other potential TrueOS distributions too!\n\n\n\nWhere are we now?\n\n\n\nThrough perseverance, trial and error, and a lot of head-scratching we have reached the point of having successful builds. It took a while to get there, but now we are simply working out a few bugs with the new installer that Ken wrote as well as finding and fixing all the new Xorg configuration options which recently landed in FreeBSD. We also found that a number of services have been removed or replaced between TrueOS 18.03 and 18.06 so we are needing to adjust what we consider the “base” services for the desktop. All of these issues are being resolved and we are continually rebuilding and pulling in new patches from TrueOS as soon as they are committed.\nIn the meantime we have made an early BETA release of Trident available to the users in our Telegram Channel for those who want to help out in testing these early versions.\n\n\n\nDo you foresee any other delays?\n\n\n\nAt the moment we are doing many iterations of testing and tweaking the install ISO and package configurations in order to ensure that all the critical functionality works out-of-box (networking, sound, video, basic apps, etc). While we do not foresee any other major delays, sometimes things happen that our outside of our control. For an example, one of the recent delays that hit recently was completely unexpected: we had a hard drive failure on our build server. Up until recently, The aptly named “Poseidon” build server was running a Micron m500dc drive, but that drive is now constantly reporting errors. Despite ordering a replacement Western Digital Blue SSD several weeks ago, we just received it this past week. The drive is now installed with the builder back to full functionality, but we did lose many precious days with the delay.\nThe build server for Project Trident is very similar to the one that JT donated to the TrueOS project. JT had another DL580 G7, so he donated one to the Trident Project for their build server. Poseidon also has 256GB RAM (64 x 4GB sticks) which is a smidge higher than what the TrueOS builder has.\nSince we are talking about hardware, we probably should address another question we get often, “What Hardware are the devs testing on?” So let’s go ahead and answer that one now.\n\n\n\n\nDeveloper Hardware\n\n\nJT: His main test box is a custom-built Intel i7 7700K system running 32GB RAM, dual Intel Optane 900P drives, and an Nvidia 1070 GTX with four 4K Acer Monitors. He also uses a Lenovo x250 ThinkPad alongside a desk full of x230t and x220 ThinkPads. One of which he gave away at SouthEast LinuxFest this year, which you can read about here.  However it’s not done there, being a complete hardware hoarder, JT also tests on several Intel NUCs and his second laptop a Fujitsu t904, not to mention a Plethora of HP DL580 servers, a DL980 server, and a stack of BL485c, BL460c, and BL490c Blades in his HP c7000 and c3000 Bladecenter chassis. (Maybe it’s time for an intervention for his hardware collecting habits)\n\n\nKen: For a laptop, he primarily uses a 3rd generation X1 Carbon, but also has an old Eee PC T101MT Netbook (dual core 1GHz, 2GB of memory) which he uses for verifying how well Trident works on low-end hardware. As far as workstations go, his office computer is an Intel i7 with an NVIDIA Geforce GTX 960 running three 4K monitors and he has a couple other custom-built workstations (1 AMD, 1 Intel+NVIDIA) at his home. Generally he assembled random workstations based on hardware that was given to him or that he could acquire cheap.\n\n\nTim: is using a third gen X1 Carbon and a custom built desktop with an Intel Core i5-4440 CPU, 16 GiB RAM, Nvidia GeForce GTX 750 Ti, and a RealTek 8168 / 8111 network card.\n\n\nRod: Rod uses… No one knows what Rod uses, It’s kinda like how many licks does it take to get to the center of a Tootsie-Roll Tootsie-Pop… the world may just never know.\n\n\n\n\n\n###NetBSD GSoC: pkgsrc config file versioning\n\n\nA series of reports from the course of the summer on this Google Summer of Code project\nThe goal of the project is to integrate with a VCS (Version Control System) to make managing local changes to config files for packages easier\nGSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1\n\n\n\nPackages may install code (both machine executable code and interpreted programs), documentation and manual pages, source headers, shared libraries and other resources such as graphic elements, sounds, fonts, document templates, translations and configuration files, or a combination of them.\nConfiguration files are usually the means through which the behaviour of software without a user interface is specified. This covers parts of the operating systems, network daemons and programs in general that don’t come with an interactive graphical or textual interface as the principal mean for setting options.\nSystem wide configuration for operating system software tends to be kept under /etc, while configuration for software installed via pkgsrc ends up under LOCALBASE/etc (e.g., /usr/pkg/etc).\nSoftware packaged as part of pkgsrc provides example configuration files, if any, which usually get extracted to LOCALBASE/share/examples/PKGBASE/.\nDon’t worry: automatic merging is disabled by default, set $VCSAUTOMERGE to enable it.\nIn order to avoid breakage, installed configuration is backed up first in the VCS, separating user-modified files from files that have been already automatically merged in the past, in order to allow the administrator to easily restore the last manually edited file in case of breakage.\nVCS functionality only applies to configuration files, not to rc.d scripts, and only if the environment variable $NOVCS is unset.\nThe version control system to be used as a backend can be set through $VCS. It default to RCS, the Revision Control System, which works only locally and doesn’t support atomic transactions.\nOther backends such as CVS are supported and more will come; these, being used at the explicit request of the administrator, need to be already installed and placed in a directory part of $PATH.\n\n\n\nGSoC 2018 Reports: Configuration files versioning in pkgsrc, part 2: remote repositories (git and CVS)\n\n\n\npkgsrc is now able to deploy configuration from packages being installed from a remote, site-specific vcs repository.\nUser modified files are always tracked even if automerge functionality is not enabled, and a new tool, pkgconftrack(1), exists to manually store user changes made outside of package upgrade time.\nVersion Control software is executed as the same user running pkg_add or make install, unless the user is “root”. In this case, a separate, unprivileged user, pkgvcsconf, gets created with its own home directory and a working login shell (but no password). The home directory is not strictly necessary, it exists to facilitate migrations betweens repositories and vcs changes; it also serves to store keys used to access remote repositories.\nUsing git instead of rcs is simply done by setting VCS=git in pkg_install.conf\n\n\n\nGSoC 2018 Reports: Configuration files versioning in pkgsrc, part 3: remote repositories (SVN and Mercurial)\nGSoC 2018 Reports: Configuration files versioning in pkgsrc, part 4: configuration deployment, pkgtools and future improvements\n\n\n\nSupport for configuration tracking is in scripts, pkginstall scripts, that get built into binary packages and are run by pkg_add upon installation. The idea behind the proposal suggested that users of the new feature should be able to store revisions of their installed configuration files, and of package-provided default, both in local or remote repositories. With this capability in place, it doesn’t take much to make the scripts “pull” configuration from a VCS repository at installation time.\nThat’s what setting VCSCONFPULL=yes in pkg_install.conf after having enabled VCSTRACK_CONF does: You are free to use official, third party prebuilt packages that have no customization in them, enable these options, and point pkgsrc to a private conf repository. If it contains custom configuration for the software you are installing, an attempt will be made to use it and install it on your system. If it fails, pkginstall will fall back to using the defaults that come inside the package. RC scripts are always deployed from the binary package, if existing and PKG_RCD_SCRIPTS=yes in pkg_install.conf or the environment.\nThis will be part of packages, not a separate solution like configuration management tools. It doesn’t support running scripts on the target system to customize the installation, it doesn’t come with its domain-specific language, it won’t run as a daemon or require remote logins to work. It’s quite limited in scope, but you can define a ROLE for your system in pkg_install.conf or in the environment, and pkgsrc will look for configuration you or your organization crafted for such a role (e.g., public, standalone webserver vs reverse proxy or node in a database cluster)\n\n\n\n\n###A little bit of the one-time MacOS version still lingers in ZFS\n\n\nOnce upon a time, Apple came very close to releasing ZFS as part of MacOS. Apple did this work in its own copy of the ZFS source base (as far as I know), but the people in Sun knew about it and it turns out that even today there is one little lingering sign of this hoped-for and perhaps prepared-for ZFS port in the ZFS source code. Well, sort of, because it’s not quite in code.\nLurking in the function that reads ZFS directories to turn (ZFS) directory entries into the filesystem independent format that the kernel wants is the following comment:\n\n\nobjnum = ZFS_DIRENT_OBJ(zap.za_first_integer);\n/*\n* MacOS X can extract the object type here such as:\n* uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);\n*/\n\n\nSpecifically, this is in zfs_readdir in zfs_vnops.c .\n\n\n\nZFS maintains file type information in directories. This information can’t be used on Solaris (and thus Illumos), where the overall kernel doesn’t have this in its filesystem independent directory entry format, but it could have been on MacOS (‘Darwin’), because MacOS is among the Unixes that support d_type. The comment itself dates all the way back to this 2007 commit, which includes the change ‘reserve bits in directory entry for file type’, which created the whole setup for this.\nI don’t know if this file type support was added specifically to help out Apple’s MacOS X port of ZFS, but it’s certainly possible, and in 2007 it seems likely that this port was at least on the minds of ZFS developers. It’s interesting but understandable that FreeBSD didn’t seem to have influenced them in the same way, at least as far as comments in the source code go; this file type support is equally useful for FreeBSD, and the FreeBSD ZFS port dates to 2007 too (per this announcement).\nRegardless of the exact reason that ZFS picked up maintaining file type information in directory entries, it’s quite useful for people on both FreeBSD and Linux that it does so. File type information is useful for any number of things and ZFS filesystems can (and do) provide this information on those Unixes, which helps make ZFS feel like a truly first class filesystem, one that supports all of the expected general system features.\n\n\n\n\n##Beastie Bits\n\n\nMac-like FreeBSD Laptop\nSyncthing on FreeBSD\nNew ZFS Boot Environments Tool\nMy system’s time was so wrong, that even ntpd didn’t work\nOpenSSH 7.8/7.8p1 (2018-08-24)\nEuroBSD (Sept 20-23rd) registration Early Bird Period is coming to an end\nMeetBSD (Oct 18-20th) is coming up fast, hurry up and register!\nAsiaBSDcon 2019 Dates\n\n\n\n\n##Feedback/Questions\n\n\nWill - Kudos and a Question\nPeter - Fanless Computers\nRon - ZFS disk clone or replace or something\nBostjan - ZFS Record Size\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://jcs.org/2018/08/31/surface_go\"\u003eOpenBSD on the Microsoft Surface Go\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor some reason I like small laptops and the constraints they place on me (as long as they’re still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11\u0026quot; MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHardware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Surface Go is available in two hardware configurations: one with 4Gb of RAM and a 64Gb eMMC, and another with 8Gb of RAM with a 128Gb NVMe SSD. (I went with the latter.) Both ship with an Intel Pentium Gold 4415Y processor which is not very fast, but it’s certainly usable.\u003cbr\u003e\nThe tablet measures 9.65\u0026quot; across, 6.9\u0026quot; tall, and 0.3\u0026quot; thick. Its 10\u0026quot; diagonal 3:2 touchscreen is covered with Gorilla Glass and has a resolution of 1800x1200. The bezel is quite large, especially for such a small screen, but it makes sense on a device that is meant to be held, to avoid accidental screen touches.\u003cbr\u003e\nThe keyboard and touchpad are located on a separate, removable slab called the Surface Go Signature Type Cover which is sold separately. I opted for the “cobalt blue” cover which has a soft, cloth-like alcantara material. The cover attaches magnetically along the bottom edge of the device and presents USB-attached keyboard and touchpad devices. When the cover is folded up against the screen, it sends an ACPI sleep signal and is held to the screen magnetically. During normal use, the cover can be positioned flat on a surface or slightly raised up about 3/4\u0026quot; near the screen for better ergonomics. When using the device as a tablet, the cover can be rotated behind the screen which causes it to automatically stop sending keyboard and touchpad events until it is rotated back around.\u003cbr\u003e\nThe keyboard has a decent amount of key travel and a good layout, with Home/End/Page Up/Page Down being accessible via Fn+Left/Right/Up/Down but also dedicated Home/End/Page Up/Page Down keys on the F9-F12 keys which I find quite useful since the keyboard layout is somewhat small. By default, the F1-F12 keys do not send F1-F12 key codes and Fn must be used, either held down temporarily or Fn pressed by itself to enable Fn-lock which annoyingly keeps the bright Fn LED illuminated. The keys are backlit with three levels of adjustment, handled by the keyboard itself with the F7 key.\u003cbr\u003e\nThe touchpad on the Type Cover is a Windows Precision Touchpad connected via USB HID. It has a decent click feel but when the cover is angled up instead of flat on a surface, it sounds a bit hollow and cheap.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSurface Go Pen\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe touchscreen is powered by an Elantech chip connected via HID-over-i2c, which also supports pen input. A Surface Pen digitizer is available separately from Microsoft and comes in the same colors as the Type Covers. The pen works without any pairing necessary, though the top button on it works over Bluetooth so it requires pairing to use. Either way, the pen requires an AAAA battery inside it to operate. The Surface Pen can attach magnetically to the left side of the screen when not in use.\u003cbr\u003e\nA kickstand can swing out behind the display to use the tablet in a laptop form factor, which can adjust to any angle up to about 170 degrees. The kickstand stays firmly in place wherever it is positioned, which also means it requires a bit of force to pull it out when initially placing the Surface Go on a desk.\u003cbr\u003e\nAlong the top of the display are a power button and physical volume rocker buttons. Along the right side are the 3.5mm headphone jack, USB-C port, power port, and microSD card slot located behind the kickstand.\u003cbr\u003e\nCharging can be done via USB-C or the dedicated charge port, which accommodates a magnetically-attached, thin barrel similar to Apple’s first generation MagSafe adapter. The charging cable has a white LED that glows when connected, which is kind of annoying since it’s near the mid-line of the screen rather than down by the keyboard. Unlike Apple’s MagSafe, the indicator light does not indicate whether the battery is charged or not. The barrel charger plug can be placed up or down, but in either direction I find it puts an awkward strain on the power cable coming out of it due to the vertical position of the port.\u003cbr\u003e\nWireless connectivity is provided by a Qualcomm Atheros QCA6174 802.11ac chip which also provides Bluetooth connectivity.\u003cbr\u003e\nMost of the sensors on the device such as the gyroscope and ambient light sensor are connected behind an Intel Sensor Hub PCI device, which provides some power savings as the host CPU doesn’t have to poll the sensors all the time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirmware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Surface Go’s BIOS/firmware menu can be entered by holding down the Volume Up button, then pressing and releasing the Power button, and releasing Volume Up when the menu appears. Secure Boot as well as various hardware components can be disabled in this menu. Boot order can also be adjusted. A temporary boot menu can be brought up the same way but using Volume Down instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-august-2018/\"\u003eFreeBSD Foundation Update, August 2018\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMESSAGE FROM THE EXECUTIVE DIRECTOR\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDear FreeBSD Community Member,\u003cbr\u003e\nIt’s been a busy summer for the Foundation. From traveling around the globe spreading the word about FreeBSD to bringing on new team members to improve the Project’s Continuous Integration work, we’re very excited about what we’ve accomplished. Take a minute to check out the latest updates within our Foundation sponsored projects; read more about our advocacy efforts in Bangladesh and community building in Cambridge; don’t miss upcoming Travel Grant deadlines, and new Developer Summits; and be sure to find out how your support will ensure our progress continues into 2019.\u003cbr\u003e\nWe can’t do this without you! Happy reading!! Deb\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAugust 2018 Development Projects Update\u003c/li\u003e\n\u003cli\u003eFundraising Update: Supporting the Project\u003c/li\u003e\n\u003cli\u003eAugust 2018 Release Engineering Update\u003c/li\u003e\n\u003cli\u003eBSDCam 2018 Recap\u003c/li\u003e\n\u003cli\u003eOctober 2018 FreeBSD Developer Summit Call for Participation\u003c/li\u003e\n\u003cli\u003eSANOG32 and COSCUP 2018 Recap\u003c/li\u003e\n\u003cli\u003eMeetBSD 2018 Travel Grant Application Deadline: September 7\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"http://project-trident.org/post/2018-09-04_what_is_taking_so_long/\"\u003eProject Trident: What’s taking so long?\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is taking so long?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe short answer is that it’s complicated.\u003cbr\u003e\nProject Trident is quite literally a test of the new TrueOS build system. As expected, there have been quite a few bugs, undocumented features, and other optional bits that we discovered we needed that were not initially present. All of these things have to be addressed and retested in a constant back and forth process.\u003cbr\u003e\nWhile Ken and JT are both experienced developers, neither has done this kind of release engineering before. JT has done some release engineering back in his Linux days, but the TrueOS and FreeBSD build system is very different. Both Ken and JT are learning a completely new way of building a FreeBSD/TrueOS distribution. Please keep in mind that no one has used this new TrueOS build system before, so Ken and JT want to not only provide a good Trident release, but also provide a model or template for other potential TrueOS distributions too!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhere are we now?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThrough perseverance, trial and error, and a lot of head-scratching we have reached the point of having successful builds. It took a while to get there, but now we are simply working out a few bugs with the new installer that Ken wrote as well as finding and fixing all the new Xorg configuration options which recently landed in FreeBSD. We also found that a number of services have been removed or replaced between TrueOS 18.03 and 18.06 so we are needing to adjust what we consider the “base” services for the desktop. All of these issues are being resolved and we are continually rebuilding and pulling in new patches from TrueOS as soon as they are committed.\u003cbr\u003e\nIn the meantime we have made an early BETA release of Trident available to the users in our Telegram Channel for those who want to help out in testing these early versions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDo you foresee any other delays?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt the moment we are doing many iterations of testing and tweaking the install ISO and package configurations in order to ensure that all the critical functionality works out-of-box (networking, sound, video, basic apps, etc). While we do not foresee any other major delays, sometimes things happen that our outside of our control. For an example, one of the recent delays that hit recently was completely unexpected: we had a hard drive failure on our build server. Up until recently, The aptly named “Poseidon” build server was running a Micron m500dc drive, but that drive is now constantly reporting errors. Despite ordering a replacement Western Digital Blue SSD several weeks ago, we just received it this past week. The drive is now installed with the builder back to full functionality, but we did lose many precious days with the delay.\u003cbr\u003e\nThe build server for Project Trident is very similar to the one that JT donated to the TrueOS project. JT had another DL580 G7, so he donated one to the Trident Project for their build server. Poseidon also has 256GB RAM (64 x 4GB sticks) which is a smidge higher than what the TrueOS builder has.\u003cbr\u003e\nSince we are talking about hardware, we probably should address another question we get often, “What Hardware are the devs testing on?” So let’s go ahead and answer that one now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDeveloper Hardware\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eJT: His main test box is a custom-built Intel i7 7700K system running 32GB RAM, dual Intel Optane 900P drives, and an Nvidia 1070 GTX with four 4K Acer Monitors. He also uses a Lenovo x250 ThinkPad alongside a desk full of x230t and x220 ThinkPads. One of which he gave away at SouthEast LinuxFest this year, which you can read about here.  However it’s not done there, being a complete hardware hoarder, JT also tests on several Intel NUCs and his second laptop a Fujitsu t904, not to mention a Plethora of HP DL580 servers, a DL980 server, and a stack of BL485c, BL460c, and BL490c Blades in his HP c7000 and c3000 Bladecenter chassis. (Maybe it’s time for an intervention for his hardware collecting habits)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eKen: For a laptop, he primarily uses a 3rd generation X1 Carbon, but also has an old Eee PC T101MT Netbook (dual core 1GHz, 2GB of memory) which he uses for verifying how well Trident works on low-end hardware. As far as workstations go, his office computer is an Intel i7 with an NVIDIA Geforce GTX 960 running three 4K monitors and he has a couple other custom-built workstations (1 AMD, 1 Intel+NVIDIA) at his home. Generally he assembled random workstations based on hardware that was given to him or that he could acquire cheap.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTim: is using a third gen X1 Carbon and a custom built desktop with an Intel Core i5-4440 CPU, 16 GiB RAM, Nvidia GeForce GTX 750 Ti, and a RealTek 8168 / 8111 network card.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRod: Rod uses… No one knows what Rod uses, It’s kinda like how many licks does it take to get to the center of a Tootsie-Roll Tootsie-Pop… the world may just never know.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###NetBSD GSoC: pkgsrc config file versioning\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA series of reports from the course of the summer on this Google Summer of Code project\u003c/li\u003e\n\u003cli\u003eThe goal of the project is to integrate with a VCS (Version Control System) to make managing local changes to config files for packages easier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files\"\u003eGSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePackages may install code (both machine executable code and interpreted programs), documentation and manual pages, source headers, shared libraries and other resources such as graphic elements, sounds, fonts, document templates, translations and configuration files, or a combination of them.\u003cbr\u003e\nConfiguration files are usually the means through which the behaviour of software without a user interface is specified. This covers parts of the operating systems, network daemons and programs in general that don’t come with an interactive graphical or textual interface as the principal mean for setting options.\u003cbr\u003e\nSystem wide configuration for operating system software tends to be kept under /etc, while configuration for software installed via pkgsrc ends up under LOCALBASE/etc (e.g., /usr/pkg/etc).\u003cbr\u003e\nSoftware packaged as part of pkgsrc provides example configuration files, if any, which usually get extracted to LOCALBASE/share/examples/PKGBASE/.\u003cbr\u003e\nDon’t worry: automatic merging is disabled by default, set $VCSAUTOMERGE to enable it.\u003cbr\u003e\nIn order to avoid breakage, installed configuration is backed up first in the VCS, separating user-modified files from files that have been already automatically merged in the past, in order to allow the administrator to easily restore the last manually edited file in case of breakage.\u003cbr\u003e\nVCS functionality only applies to configuration files, not to rc.d scripts, and only if the environment variable $NOVCS is unset.\u003cbr\u003e\nThe version control system to be used as a backend can be set through $VCS. It default to RCS, the Revision Control System, which works only locally and doesn’t support atomic transactions.\u003cbr\u003e\nOther backends such as CVS are supported and more will come; these, being used at the explicit request of the administrator, need to be already installed and placed in a directory part of $PATH.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files1\"\u003eGSoC 2018 Reports: Configuration files versioning in pkgsrc, part 2: remote repositories (git and CVS)\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epkgsrc is now able to deploy configuration from packages being installed from a remote, site-specific vcs repository.\u003cbr\u003e\nUser modified files are always tracked even if automerge functionality is not enabled, and a new tool, pkgconftrack(1), exists to manually store user changes made outside of package upgrade time.\u003cbr\u003e\nVersion Control software is executed as the same user running pkg_add or make install, unless the user is “root”. In this case, a separate, unprivileged user, pkgvcsconf, gets created with its own home directory and a working login shell (but no password). The home directory is not strictly necessary, it exists to facilitate migrations betweens repositories and vcs changes; it also serves to store keys used to access remote repositories.\u003cbr\u003e\nUsing git instead of rcs is simply done by setting VCS=git in pkg_install.conf\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files2\"\u003eGSoC 2018 Reports: Configuration files versioning in pkgsrc, part 3: remote repositories (SVN and Mercurial)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files3\"\u003eGSoC 2018 Reports: Configuration files versioning in pkgsrc, part 4: configuration deployment, pkgtools and future improvements\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSupport for configuration tracking is in scripts, pkginstall scripts, that get built into binary packages and are run by pkg_add upon installation. The idea behind the proposal suggested that users of the new feature should be able to store revisions of their installed configuration files, and of package-provided default, both in local or remote repositories. With this capability in place, it doesn’t take much to make the scripts “pull” configuration from a VCS repository at installation time.\u003cbr\u003e\nThat’s what setting VCSCONFPULL=yes in pkg_install.conf after having enabled VCSTRACK_CONF does: You are free to use official, third party prebuilt packages that have no customization in them, enable these options, and point pkgsrc to a private conf repository. If it contains custom configuration for the software you are installing, an attempt will be made to use it and install it on your system. If it fails, pkginstall will fall back to using the defaults that come inside the package. RC scripts are always deployed from the binary package, if existing and PKG_RCD_SCRIPTS=yes in pkg_install.conf or the environment.\u003cbr\u003e\nThis will be part of packages, not a separate solution like configuration management tools. It doesn’t support running scripts on the target system to customize the installation, it doesn’t come with its domain-specific language, it won’t run as a daemon or require remote logins to work. It’s quite limited in scope, but you can define a ROLE for your system in pkg_install.conf or in the environment, and pkgsrc will look for configuration you or your organization crafted for such a role (e.g., public, standalone webserver vs reverse proxy or node in a database cluster)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSDTypeAndMacOS\"\u003eA little bit of the one-time MacOS version still lingers in ZFS\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce upon a time, Apple came very close to releasing ZFS as part of MacOS. Apple did this work in its own copy of the ZFS source base (as far as I know), but the people in Sun knew about it and it turns out that even today there is one little lingering sign of this hoped-for and perhaps prepared-for ZFS port in the ZFS source code. Well, sort of, because it’s not quite in code.\u003cbr\u003e\nLurking in the function that reads ZFS directories to turn (ZFS) directory entries into the filesystem independent format that the kernel wants is the following comment:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eobjnum = ZFS_DIRENT_OBJ(zap.za_first_integer);\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e/*\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e* MacOS X can extract the object type here such as:\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e* uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e*/\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpecifically, this is in zfs_readdir in zfs_vnops.c .\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS maintains file type information in directories. This information can’t be used on Solaris (and thus Illumos), where the overall kernel doesn’t have this in its filesystem independent directory entry format, but it could have been on MacOS (‘Darwin’), because MacOS is among the Unixes that support d_type. The comment itself dates all the way back to this 2007 commit, which includes the change ‘reserve bits in directory entry for file type’, which created the whole setup for this.\u003cbr\u003e\nI don’t know if this file type support was added specifically to help out Apple’s MacOS X port of ZFS, but it’s certainly possible, and in 2007 it seems likely that this port was at least on the minds of ZFS developers. It’s interesting but understandable that FreeBSD didn’t seem to have influenced them in the same way, at least as far as comments in the source code go; this file type support is equally useful for FreeBSD, and the FreeBSD ZFS port dates to 2007 too (per this announcement).\u003cbr\u003e\nRegardless of the exact reason that ZFS picked up maintaining file type information in directory entries, it’s quite useful for people on both FreeBSD and Linux that it does so. File type information is useful for any number of things and ZFS filesystems can (and do) provide this information on those Unixes, which helps make ZFS feel like a truly first class filesystem, one that supports all of the expected general system features.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://trafyx.com/?p=2551\"\u003eMac-like FreeBSD Laptop\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/08/21/syncthing-on-freebsd/\"\u003eSyncthing on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/08/24/new-zfs-boot-environments-tool/\"\u003eNew ZFS Boot Environments Tool\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://anadoxin.org/blog/my-systems-time-was-so-wrong-that-even-ntpd-didnt-work.html\"\u003eMy system’s time was so wrong, that even ntpd didn’t work\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openssh.com/releasenotes.html#7.8\"\u003eOpenSSH 7.8/7.8p1 (2018-08-24)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/registration/\"\u003eEuroBSD (Sept 20-23rd) registration Early Bird Period is coming to an end\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetbsd.com/\"\u003eMeetBSD (Oct 18-20th) is coming up fast, hurry up and register!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2019.asiabsdcon.org/\"\u003eAsiaBSDcon 2019 Dates\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWill - \u003ca href=\"http://dpaste.com/2EQMHXV\"\u003eKudos and a Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePeter - \u003ca href=\"http://dpaste.com/2N6DC6P#wrap\"\u003eFanless Computers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRon - \u003ca href=\"http://dpaste.com/0MRG11V#wrap\"\u003eZFS disk clone or replace or something\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/16B1WDB\"\u003eZFS Record Size\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"OpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code.","date_published":"2018-09-06T05:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6aa244ea-c5e6-4c69-b8a9-aac9c652d4e1.mp3","mime_type":"audio/mp3","size_in_bytes":44187309,"duration_in_seconds":4400}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2488","title":"Episode 261: FreeBSDcon Flashback | BSD Now 261","url":"https://www.bsdnow.tv/261","content_text":"Insight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.\n\n##Headlines\n###An Insight into the Future of TrueOS BSD and Project Trident\n\n\nLast month, TrueOS announced that they would be spinning off their desktop offering. The team behind the new project, named Project Trident, have been working furiously towards their first release. They did take a few minutes to answer some of our question about Project Trident and TrueOS. I would like to thank JT and Ken for taking the time to compile these answers.\n\n\n\nIt’s FOSS: What is Project Trident?\n\n\n\nProject Trident: Project Trident is the continuation of the TrueOS Desktop. Essentially, it is the continuation of the primary “TrueOS software” that people have been using for the past 2 years. The continuing evolution of the entire TrueOS project has reached a stage where it became necessary to reorganize the project. To understand this change, it is important to know the history of the TrueOS project.\n\n\n\nOriginally, Kris Moore created PC-BSD. This was a Desktop release of FreeBSD focused on providing a simple and user-friendly graphical experience for FreeBSD. PC-BSD grew and matured over many years. During the evolution of PC-BSD, many users began asking for a server focused version of the software. Kris agreed, and TrueOS was born as a scaled down server version of PC-BSD. In late 2016, more contributors and growth resulted in significant changes to the PC-BSD codebase. Because the new development was so markedly different from the original PC-BSD design, it was decided to rebrand the project.\n\n\n\nTrueOS was chosen as the name for this new direction for PC-BSD as the project had grown beyond providing only a graphical front to FreeBSD and was beginning to make fundamental changes to the FreeBSD operating system. One of these changes was moving PC-BSD from being based on each FreeBSD Release to TrueOS being based on the active and less outdated FreeBSD Current. Other major changes are using OpenRC for service management and being more aggressive about addressing long-standing issues with the FreeBSD release process. TrueOS moved toward a rolling release cycle, twice a year, which tested and merged FreeBSD changes directly from the developer instead of waiting months or even years for the FreeBSD review process to finish. TrueOS also deprecated and removed obsolete technology much more regularly.\n\n\n\nAs the TrueOS Project grew, the developers found these changes were needed by other FreeBSD-based projects. These projects began expressing interest in using TrueOS rather than FreeBSD as the base for their project. This demonstrated that TrueOS needed to again evolve into a distribution framework for any BSD project to use. This allows port maintainers and source developers from any BSD project to pool their resources and use the same source repositories while allowing every distribution to still customize, build, and release their own self-contained project. The result is a natural split of the traditional TrueOS team. There were now naturally two teams in the TrueOS project: those working on the build infrastructure and FreeBSD enhancements – the “core” part of the project, and those working on end-user experience and utility – the “desktop” part of the project.\n\n\n\nWhen the decision was made to formally split the projects, the obvious question that arose was what to call the “Desktop” project. As TrueOS was already positioned to be a BSD distribution platform, the developers agreed the desktop side should pick a new name. There were other considerations too, one notable being that we were concerned that if we continued to call the desktop project “TrueOS Desktop”, it would prevent people from considering TrueOS as the basis for their distribution because of misconceptions that TrueOS was a desktop-focused OS. It also helps to “level the playing field” for other desktop distributions like GhostBSD so that TrueOS is not viewed as having a single “blessed” desktop version.\n\n\n\nIt’s FOSS: What features will TrueOS add to the FreeBSD base?\n\n\n\nProject Trident: TrueOS has already added a number of features to FreeBSD:\nOpenRC replaces rc.d for service management\nLibreSSL in base\nRoot NSS certificates out-of-box\nScriptable installations (pc-sysinstall)\nThe full list of changes can be seen on the TrueOS repository (https://github.com/trueos/trueos/blob/trueos-master/README.md). This list does change quite regularly as FreeBSD development itself changes.\n\n\n\nIt’s FOSS: I understand that TrueOS will have a new feature that will make creating a desktop spin of TrueOS very easy. Could you explain that new feature?\n\n\n\nProject Trident: Historically, one of the biggest hurdles for creating a desktop version of FreeBSD is that the build options for packages are tuned for servers rather than desktops. This means a desktop distribution cannot use the pre-built packages from FreeBSD and must build, use, and maintain a custom package repository. Maintaining a fork of the FreeBSD ports tree is no trivial task. TrueOS has created a full distribution framework so now all it takes to create a custom build of FreeBSD is a single JSON manifest file. There is now a single “source of truth” for the source and ports repositories that is maintained by the TrueOS team and regularly tagged with “stable” build markers. All projects can use this framework, which makes updates trivial.\n\n\n\nIt’s FOSS: Do you think that the new focus of TrueOS will lead to the creation of more desktop-centered BSDs?\n\n\n\nProject Trident: That is the hope. Historically, creating a desktop-centered BSD has required a lot of specialized knowledge. Not only do most people not have this knowledge, but many do not even know what they need to learn until they start troubleshooting. TrueOS is trying to drastically simplify this process to enable the wider Open Source community to experiment, contribute, and enjoy BSD-based projects.\n\n\n\nIt’s FOSS: What is going to happen to TrueOS Pico? Will Project Trident have ARM support?\n\n\n\nProject Trident: Project Trident will be dependent on TrueOS for ARM support. The developers have talked about the possibility of supporting ARM64 and RISC-V architectures, but it is not possible at the current time. If more Open Source contributors want to help develop ARM and RISC-V support, the TrueOS project is definitely willing to help test and integrate that code.\n\n\n\nIt’s FOSS: What does this change (splitting Trus OS into Project Trident) mean for the Lumina desktop environment?\n\n\n\nProject Trident: Long-term, almost nothing. Lumina is still the desktop environment for Project Trident and will continue to be developed and enhanced alongside Project Trident just as it was for TrueOS. Short-term, we will be delaying the release of Lumina 2.0 and will release an updated version of the 1.x branch (1.5.0) instead. This is simply due to all the extra overhead to get Project Trident up and running. When things settle down into a rhythm, the development of Lumina will pick up once again.\n\n\n\nIt’s FOSS: Are you planning on including any desktop environments besides Lumina?\n\n\n\nProject Trident: While Lumina is included by default, all of the other popular desktop environments will be available in the package repo exactly as they had been before.\n\n\n\nIt’s FOSS: Any plans to include Steam to increase the userbase?\n\n\n\nProject Trident: Steam is still unavailable natively on FreeBSD, so we do not have any plans to ship it out of the box currently. In the meantime, we highly recommend installing the Windows version of Steam through the PlayOnBSD utility.\n\n\n\nIt’s FOSS: What will happen to the AppCafe?\n\n\n\nProject Trident: The AppCafe is the name of the graphical interface for the “pkg” utility integrated into the SysAdm client created by TrueOS. This hasn’t changed. SysAdm, the graphical client, and by extension AppCafe are still available for all TrueOS-based distributions to use.\n\n\n\nIt’s FOSS: Does Project Trident have any corporate sponsors lined up? If not, would you be open to it or would you prefer that it be community supported?\n\n\n\nProject Trident: iXsystems is the first corporate sponsor of Project Trident and we are always open to other sponsorships as well. We would prefer smaller individual contributions from the community, but we understand that larger project needs or special-purpose goals are much more difficult to achieve without allowing larger corporate sponsorships as well. In either case, Project Trident is always looking out for the best interests of the community and will not allow intrusive or harmful code to enter the project even if a company or individual tries to make that code part of a sponsorship deal.\n\n\n\nIt’s FOSS: BSD always seems to be lagging in terms of support for newer devices. Will TrueOS be able to remedy that with a quicker release cycle?\n\n\n\nProject Trident: Yes! That was a primary reason for TrueOS to start tracking the CURRENT branch of FreeBSD in 2016. This allows for the changes that FreeBSD developers are making, including new hardware support, to be available much sooner than if we followed the FreeBSD release cycle.\n\n\n\nIt’s FOSS: Do you have any idea when Project Trident will have its first release?\n\n\n\nProject Trident: Right now we are targeting a late August release date. This is because Project Trident is “kicking the wheels” on the new TrueOS distribution system. We want to ensure everything is working smoothly before we release. Going forward, we plan on having regular package updates every week or two for the end-user packages and a new release of Trident with an updated OS version every 6 months. This will follow the TrueOS release schedule with a small time offset.\n\n\n\n\n###pf-badhost: Stop the evil doers in their tracks!\n\n\npf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet’s biggest irritants. Annoyances such as ssh bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.\nFiltering performance is exceptional, as the badhost list is stored in a pf table. To quote the OpenBSD FAQ page regarding tables: “the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses.”\npf-badhost is simple and powerful. The blocklists are pulled from quality, trusted sources. The ‘Firehol’, ‘Emerging Threats’ and ‘Binary Defense’ block lists are used as they are popular, regularly updated lists of the internet’s most egregious offenders. The pf-badhost.sh script can easily be expanded to use additional or alternate blocklists.\npf-badhost works best when used in conjunction with unbound-adblock for the ultimate badhost blocking.\n\n\n\nNotes:\nIf you are trying to run pf-badhost on a LAN or are using NAT, you will want to add a rule to your pf.conf appearing BEFORE the pf-badhost rules allowing traffic to and from your local subnet so that you can still access your gateway and any DNS servers.\nConversely, adding a line to pf-badhost.sh that removes your subnet range from the \u0026lt;pfbadhost\u0026gt; table should also work. Just make sure you choose a subnet range / CIDR block that is actually in the list. 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 are the most common home/office subnet ranges.\n\n\n\n\nDigitalOcean\nhttps://do.co/bsdnow\n\n###FLASHBACK: FreeBSDCon’99: Fans of Linux’s lesser-known sibling gather for the first time\n\n\nFreeBSD, a port of BSD Unix to Intel, has been around almost as long as Linux has – but without the media hype. Its developer and user community recently got a chance to get together for the first time, and they did it in the city where BSD – the Berkeley Software Distribution – was born some 25 years ago.\nOctober 17, 1999 marked a milestone in the history of FreeBSD – the first FreeBSD conference was held in the city where it all began, Berkeley, CA. Over 300 developers, users, and interested parties attended from around the globe.\nThis was easily 50 percent more people than the conference organizers had expected. This first conference was meant to be a gathering mostly for developers and FreeBSD advocates. The turnout was surprisingly (and gratifyingly) large.\nIn fact, attendance exceeded expectations so much that, for instance, Kirk McKusick had to add a second, identical tutorial on FreeBSD internals, because it was impossible for everyone to attend the first!\nBut for a first-ever conference, I was impressed by how smoothly everything seemed to go. Sessions started on time, and the sessions I attended were well-run; nothing seemed to be too cold, dark, loud, late, or off-center.\nOf course, the best part about a conference such as this one is the opportunity to meet with other people who share similar interests. Lunches and breaks were a good time to meet people, as was the Tuesday night beer bash.\nThe Wednesday night reception was of a type unusual for the technical conferences I usually attend – a three-hour Hornblower dinner cruise on San Francisco Bay. Not only did we all enjoy excellent food and company, but we all got to go up on deck and watch the lights of San Francisco and Berkeley as we drifted by. Although it’s nice when a conference attracts thousands of attendees, there are some things that can only be done with smaller groups of people; this was one of them.\nIn short, this was a tiny conference, but a well-run one.\n\n\n\nSessions\n\n\n\nAlthough it was a relatively small conference, the number and quality of the sessions belied the size. Each of the three days of the conference featured a different keynote speaker. In addition to Jordan Hubbard, Jeremy Allison spoke on “Samba Futures” on day two, and Brian Behlendorf gave a talk on “FreeBSD and Apache: A Perfect Combo” to start off the third day.\nThe conference sessions themselves were divided into six tracks: advocacy, business, development, networking, security, and panels. The panels track featured three different panels, made up of three different slices of the community: the FreeBSD core team, a press panel, and a prominent user panel with representatives from such prominent commercial users as Yahoo! and USWest.\nI was especially interested in Apple Computer’s talk in the development track. Wilfredo Sanchez, technical lead for open source projects at Apple (no, that’s not an oxymoron!) spoke about Apple’s Darwin project, the company’s operating system road map, and the role of BSD (and, specifically, FreeBSD) in Apple’s plans.\nApple and Unix have had a long and uneasy history, from the Lisa through the A/UX project to today. Personally, I’m very optimistic about the chances for the Darwin project to succeed. Apple’s core OS kernel team has chosen FreeBSD as its reference platform. I’m looking forward to what this partnership will bring to both sides.\nOther development track sessions included in-depth tutorials on writing device drivers, basics of the Vinum Volume Manager, Fibre Channel, development models (the open repository model), and the FreeBSD Documentation Project (FDP). If you’re interested in contributing to the FreeBSD project, the FDP is a good place to start.\nAdvocacy sessions included “How One Person Can Make a Difference” (a timeless topic that would find a home at any technical conference!) and “Starting and Managing A User Group” (trials and tribulations as well as rewards).\nThe business track featured speakers from three commercial users of FreeBSD: Cybernet, USWest, and Applix. Applix presented its port of Applixware Office for FreeBSD and explained how Applix has taken the core services of Applixware into open source.\nCommercial applications and open source were once a rare combination; we can only hope the trend away from that state of affairs will continue.\n\n\n\nCommercial use of FreeBSD\n\n\n\nThe use of FreeBSD in embedded applications is increasing as well – and it is increasing at the same rate that hardware power is. These days, even inexpensive systems are able to run a BSD kernel.\nThe BSD license and the solid TCP/IP stack prove significant enticements to this market as well. (Unlike the GNU Public License, the BSD license does not require that vendors make derivative works open source.)\nCompanies such as USWest and Verio use FreeBSD for a wide variety of different Internet services.\nYahoo! and Hotmail are examples of companies that use FreeBSD extensively for more specific purposes. Yahoo!, for example, has many hundreds of FreeBSD boxes, and Hotmail has almost 2000 FreeBSD machines at its data center in the San Francisco Bay area.\nHotmail is owned by Microsoft, so the fact that it runs FreeBSD is a secret. Don’t tell anyone…\nWhen asked to comment on the increasing commercial interest in BSD, Hubbard said that FreeBSD is learning the Red Hat lesson. “Walnut Creek and others with business interests in FreeBSD have learned a few things from the Red Hat IPO,” he said, “and nobody is just sitting around now, content with business as usual. It’s clearly business as unusual in the open source world today.”\nHubbard had also singled out some of BSD’s commercial partners, such as Whistle Communications, for praise in his opening day keynote. These partners play a key role in moving the project forward, he said, by contributing various enhancements and major new systems, such as Netgraph, as well as by contributing paid employee time spent on FreeBSD.\nEven short FreeBSD-related contacts can yield good results, Hubbard said. An example of this is the new jail() security code introduced in FreeBSD 3.x and 4.0, which was contributed by R \u0026amp; D Associates. A number of ISPs are also now donating the hardware and bandwidth that allows the project to provide more resource mirrors and experimental development sites.\n\n\n\nSee you next year\n\n\n\nAnd speaking of corporate sponsors, thanks go to Walnut Creek for sponsoring the conference, and to Yahoo! for covering all the expenses involved in bringing the entire FreeBSD core team to Berkeley.\nAs a fan of FreeBSD, I’m happy to see that the project has finally produced a conference. It was time: many of the 16 core team members had been working together on a regular basis for nearly seven years without actually meeting face to face.\nIt’s been an interesting year for open source projects. I’m looking forward to the next year – and the next BSD conference – to be even better.\n\n\n\n\n##News Roundup\n###OpenBSD Recommends: Disable SMT/Hyperthreading in all Intel BIOSes\n\nTwo recently disclosed hardware bugs affected Intel cpus:\n\n     - TLBleed\n\n     - T1TF (the name \"Foreshadow\" refers to 1 of 3 aspects of this\n             bug, more aspects are surely on the way)\n\nSolving these bugs requires new cpu microcode, a coding workaround,\n*AND* the disabling of SMT / Hyperthreading.\n\nSMT is fundamentally broken because it shares resources between the two\ncpu instances and those shared resources lack security differentiators.\nSome of these side channel attacks aren't trivial, but we can expect\nmost of them to eventually work and leak kernel or cross-VM memory in\ncommon usage circumstances, even such as javascript directly in a\nbrowser.\n\nThere will be more hardware bugs and artifacts disclosed.  Due to the\nway SMT interacts with speculative execution on Intel cpus, I expect SMT\nto exacerbate most of the future problems.\n\nA few months back, I urged people to disable hyperthreading on all\nIntel cpus.  I need to repeat that:\n\n    DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.\n\nAlso, update your BIOS firmware, if you can.\n\nOpenBSD -current (and therefore 6.4) will not use hyperthreading if it\nis enabled, and will update the cpu microcode if possible.\n\nBut what about 6.2 and 6.3?\n\nThe situation is very complex, continually evolving, and is taking too\nmuch manpower away from other tasks.  Furthermore, Intel isn't telling\nus what is coming next, and are doing a terrible job by not publically\ndocumenting what operating systems must do to resolve the problems.  We\nare having to do research by reading other operating systems.  There is\nno time left to backport the changes -- we will not be issuing a\ncomplete set of errata and syspatches against 6.2 and 6.3 because it is\nturning into a distraction.\n\nRather than working on every required patch for 6.2/6.3, we will\nre-focus manpower and make sure 6.4 contains the best solutions\npossible.\n\nSo please try take responsibility for your own machines: Disable SMT in\nthe BIOS menu, and upgrade your BIOS if you can.\n\nI'm going to spend my money at a more trustworthy vendor in the future.\n\n\n\n\n###Get Morrowind running on OpenBSD in 5 simple steps\n\n\nThis article contains brief instructions on how to get one of the greatest Western RPGs of all time, The Elder Scrolls III: Morrowind, running on OpenBSD using the OpenMW open source engine recreation. These instructions were tested on a ThinkPad X1 Carbon Gen 3. The information was adapted from this OpenMW forum thread: https://forum.openmw.org/viewtopic.php?t=3510\n\n\n\n\n\nPurchase and download the DRM-free version from GOG (also considered the best version due to the high quality PDF guide that it comes with): https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition\n\n\n\n\nInstall the required packages built from the ports tree as root. openmw is the recreated game engine, and innoextract is how we will get the game data files out of the win32 executable.\n\n\n\n\npkg_add openmw innoextract\n\n\n\n\nMove the file from GOG setup_tes_morrowind_goty_2.0.0.7.exe into its own directory morrowind/ due to innoextract’s default behaviour of extracting into the current directory. Then type:\n\n\n\n\ninnoextract setup_tes_morrowind_goty_2.0.0.7.exe\n\n\n\n\nType openmw-wizard and follow the straightforward instructions. Note that you have a pre-existing installation, and select the morrowind/app/Data Files folder that innoextract extracted.\n\n\n\n\nType in openmw-launcher, toggle the settings to your preferences, and then hit play!\n\n\n\n\n\n\niXsystems\nhttps://twitter.com/allanjude/status/1034647571124367360\n\n###My First Clang Bug\n\n\nPart of the role of being a packager is compiling lots (and lots) of packages. That means compiling lots of code from interesting places and in a variety of styles. In my opinion, being a good packager also means providing feedback to upstream when things are bad. That means filing upstream bugs when possible, and upstreaming patches.\nOne of the “exciting” moments in packaging is when tools change. So each and every major CMake update is an exercise in recompiling 2400 or more packages and adjusting bits and pieces. When a software project was last released in 2013, adjusting it to modern tools can become quite a chore (e.g. Squid Report Generator). CMake is excellent for maintaining backwards compatibility, generally accommodating old software with new policies. The most recent 3.12 release candidate had three issues filed from the FreeBSD side, all from fallout with older software.  I consider the hours put into good bug reports, part of being a good citizen of the Free Software world.\nMy most interesting bug this week, though, came from one line of code somewhere in Kleopatra: Q_UNUSED(gpgagent_data);\nThat one line triggered a really peculiar link error in KDE’s FreeBSD CI system. Yup … telling the compiler something is unused made it fall over. Commenting out that line got rid of the link error, but introduced a warning about an unused function. Working with KDE-PIM’s Volker Krause, we whittled the problem down to a six-line example program — two lines if you don’t care much for coding style. I’m glad, at that point, that I could throw it over the hedge to the LLVM team with some explanatory text. Watching the process on their side reminds me ever-so-strongly of how things work in KDE (or FreeBSD for that matter): Bugzilla, Phabricator, and git combine to be an effective workflow for developers (perhaps less so for end-users).\nToday I got a note saying that the issue had been resolved. So brief a time for a bug. Live fast. Get squashed young.\n\n\n\n\n###DragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance\n\n\nLast week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX. I tested FreeBSD 11, FreeBSD 12, and TrueOS – those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.\n\n\n\nWhen I tried last week, the DragonFlyBSD 5.2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now. So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD.\n\n\n\nIn announcing his success in bringing up the 2990WX under DragonFlyBSD, which required a few minor changes, he shared his performance thoughts and hopes for the rig. “The cpu is a real beast, packing 32 cores and 64 threads. It blows away our dual-core Xeon to the tune of being +50% faster in concurrent compile tests, and it also blows away our older 4-socket Opteron (which we call ‘Monster’) by about the same margin. It’s an impressive CPU. For now the new beast is going to be used to help us improve I/O performance through the filesystem, further SMP work (but DFly scales pretty well to 64 threads already), and perhaps some driver to work to support the 10gbe on the mobo.”\n\n\n\nDillon shared some results on the system as well. \" The Threadripper 2990WX is a beast. It is at least 50% faster than both the quad socket opteron and the dual socket Xeon system I tested against. The primary limitation for the 2990WX is likely its 4 channels of DDR4 memory, and like all Zen and Zen+ CPUs, memory performance matters more than CPU frequency (and costs almost no power to pump up the performance). That said, it still blow away a dual-socket Xeon with 3x the number of memory channels. That is impressive!\"\n\n\n\nThe well known BSD developer also added, “This puts the 2990WX at par efficiency vs a dual-socket Xeon system, and better than the dual-socket Xeon with slower memory and a power cap. This is VERY impressive. I should note that the 2990WX is more specialized with its asymetric NUMA architecture and 32 cores. I think the sweet spot in terms of CPU pricing and efficiency is likely going to be with the 2950X (16-cores/32-threads). It is clear that the 2990WX (32-cores/64-threads) will max out 4-channel memory bandwidth for many workloads, making it a more specialized part. But still awesome…This thing is an incredible beast, I’m glad I got it.”\n\n\n\nWhile I have the FreeBSD vs. Linux benchmarks from a few days ago, it looks like now on my ever growing TODO list will be re-trying out the newest DragonFlyBSD daily snapshot for seeing how the performance compares in the mix. Stay tuned for the numbers that should be in the next day or two.\n\n\n\n\n##Beastie Bits\n\n\nX11 on really small devices\nmandoc-1.14.4 released\nThe pfSense Book is now available to everyone\nMWL: Burn it down! Burn it all down!\nConfiguring OpenBSD: System and user config files for a more pleasant laptop\nFreeBSD Security Advisory: Resource exhaustion in TCP reassembly\nOpenBSD Foundation gets first 2018 Iridium donation\nNew ZFS commit solves issue a few users reported in the feedback segment\nProject Trident should have a beta release by the end of next week\nReminder about Stockholm BUG: September 5, 17:30-22:00\nBSD-PL User Group: September 13, 18:30-21:00\n\n\n\n\nTarsnap\n\n##Feedback/Questions\n\n\nMalcom - Having different routes per interface\nBostjan - ZFS and integrity of data\nMichael - Suggestion for Monitoring\nBarry - Feedback\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eInsight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://itsfoss.com/project-trident-interview/\"\u003eAn Insight into the Future of TrueOS BSD and Project Trident\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast month, TrueOS announced that they would be spinning off their desktop offering. The team behind the new project, named Project Trident, have been working furiously towards their first release. They did take a few minutes to answer some of our question about Project Trident and TrueOS. I would like to thank JT and Ken for taking the time to compile these answers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: What is Project Trident?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: Project Trident is the continuation of the TrueOS Desktop. Essentially, it is the continuation of the primary “TrueOS software” that people have been using for the past 2 years. The continuing evolution of the entire TrueOS project has reached a stage where it became necessary to reorganize the project. To understand this change, it is important to know the history of the TrueOS project.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOriginally, Kris Moore created PC-BSD. This was a Desktop release of FreeBSD focused on providing a simple and user-friendly graphical experience for FreeBSD. PC-BSD grew and matured over many years. During the evolution of PC-BSD, many users began asking for a server focused version of the software. Kris agreed, and TrueOS was born as a scaled down server version of PC-BSD. In late 2016, more contributors and growth resulted in significant changes to the PC-BSD codebase. Because the new development was so markedly different from the original PC-BSD design, it was decided to rebrand the project.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueOS was chosen as the name for this new direction for PC-BSD as the project had grown beyond providing only a graphical front to FreeBSD and was beginning to make fundamental changes to the FreeBSD operating system. One of these changes was moving PC-BSD from being based on each FreeBSD Release to TrueOS being based on the active and less outdated FreeBSD Current. Other major changes are using OpenRC for service management and being more aggressive about addressing long-standing issues with the FreeBSD release process. TrueOS moved toward a rolling release cycle, twice a year, which tested and merged FreeBSD changes directly from the developer instead of waiting months or even years for the FreeBSD review process to finish. TrueOS also deprecated and removed obsolete technology much more regularly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs the TrueOS Project grew, the developers found these changes were needed by other FreeBSD-based projects. These projects began expressing interest in using TrueOS rather than FreeBSD as the base for their project. This demonstrated that TrueOS needed to again evolve into a distribution framework for any BSD project to use. This allows port maintainers and source developers from any BSD project to pool their resources and use the same source repositories while allowing every distribution to still customize, build, and release their own self-contained project. The result is a natural split of the traditional TrueOS team. There were now naturally two teams in the TrueOS project: those working on the build infrastructure and FreeBSD enhancements – the “core” part of the project, and those working on end-user experience and utility – the “desktop” part of the project.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen the decision was made to formally split the projects, the obvious question that arose was what to call the “Desktop” project. As TrueOS was already positioned to be a BSD distribution platform, the developers agreed the desktop side should pick a new name. There were other considerations too, one notable being that we were concerned that if we continued to call the desktop project “TrueOS Desktop”, it would prevent people from considering TrueOS as the basis for their distribution because of misconceptions that TrueOS was a desktop-focused OS. It also helps to “level the playing field” for other desktop distributions like GhostBSD so that TrueOS is not viewed as having a single “blessed” desktop version.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: What features will TrueOS add to the FreeBSD base?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: TrueOS has already added a number of features to FreeBSD:\u003cbr\u003e\nOpenRC replaces rc.d for service management\u003cbr\u003e\nLibreSSL in base\u003cbr\u003e\nRoot NSS certificates out-of-box\u003cbr\u003e\nScriptable installations (pc-sysinstall)\u003cbr\u003e\nThe full list of changes can be seen on the TrueOS repository (\u003ca href=\"https://github.com/trueos/trueos/blob/trueos-master/README.md\"\u003ehttps://github.com/trueos/trueos/blob/trueos-master/README.md\u003c/a\u003e). This list does change quite regularly as FreeBSD development itself changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: I understand that TrueOS will have a new feature that will make creating a desktop spin of TrueOS very easy. Could you explain that new feature?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: Historically, one of the biggest hurdles for creating a desktop version of FreeBSD is that the build options for packages are tuned for servers rather than desktops. This means a desktop distribution cannot use the pre-built packages from FreeBSD and must build, use, and maintain a custom package repository. Maintaining a fork of the FreeBSD ports tree is no trivial task. TrueOS has created a full distribution framework so now all it takes to create a custom build of FreeBSD is a single JSON manifest file. There is now a single “source of truth” for the source and ports repositories that is maintained by the TrueOS team and regularly tagged with “stable” build markers. All projects can use this framework, which makes updates trivial.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: Do you think that the new focus of TrueOS will lead to the creation of more desktop-centered BSDs?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: That is the hope. Historically, creating a desktop-centered BSD has required a lot of specialized knowledge. Not only do most people not have this knowledge, but many do not even know what they need to learn until they start troubleshooting. TrueOS is trying to drastically simplify this process to enable the wider Open Source community to experiment, contribute, and enjoy BSD-based projects.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: What is going to happen to TrueOS Pico? Will Project Trident have ARM support?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: Project Trident will be dependent on TrueOS for ARM support. The developers have talked about the possibility of supporting ARM64 and RISC-V architectures, but it is not possible at the current time. If more Open Source contributors want to help develop ARM and RISC-V support, the TrueOS project is definitely willing to help test and integrate that code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: What does this change (splitting Trus OS into Project Trident) mean for the Lumina desktop environment?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: Long-term, almost nothing. Lumina is still the desktop environment for Project Trident and will continue to be developed and enhanced alongside Project Trident just as it was for TrueOS. Short-term, we will be delaying the release of Lumina 2.0 and will release an updated version of the 1.x branch (1.5.0) instead. This is simply due to all the extra overhead to get Project Trident up and running. When things settle down into a rhythm, the development of Lumina will pick up once again.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: Are you planning on including any desktop environments besides Lumina?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: While Lumina is included by default, all of the other popular desktop environments will be available in the package repo exactly as they had been before.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: Any plans to include Steam to increase the userbase?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: Steam is still unavailable natively on FreeBSD, so we do not have any plans to ship it out of the box currently. In the meantime, we highly recommend installing the Windows version of Steam through the PlayOnBSD utility.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: What will happen to the AppCafe?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: The AppCafe is the name of the graphical interface for the “pkg” utility integrated into the SysAdm client created by TrueOS. This hasn’t changed. SysAdm, the graphical client, and by extension AppCafe are still available for all TrueOS-based distributions to use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: Does Project Trident have any corporate sponsors lined up? If not, would you be open to it or would you prefer that it be community supported?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: iXsystems is the first corporate sponsor of Project Trident and we are always open to other sponsorships as well. We would prefer smaller individual contributions from the community, but we understand that larger project needs or special-purpose goals are much more difficult to achieve without allowing larger corporate sponsorships as well. In either case, Project Trident is always looking out for the best interests of the community and will not allow intrusive or harmful code to enter the project even if a company or individual tries to make that code part of a sponsorship deal.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: BSD always seems to be lagging in terms of support for newer devices. Will TrueOS be able to remedy that with a quicker release cycle?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: Yes! That was a primary reason for TrueOS to start tracking the CURRENT branch of FreeBSD in 2016. This allows for the changes that FreeBSD developers are making, including new hardware support, to be available much sooner than if we followed the FreeBSD release cycle.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s FOSS: Do you have any idea when Project Trident will have its first release?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eProject Trident: Right now we are targeting a late August release date. This is because Project Trident is “kicking the wheels” on the new TrueOS distribution system. We want to ensure everything is working smoothly before we release. Going forward, we plan on having regular package updates every week or two for the end-user packages and a new release of Trident with an updated OS version every 6 months. This will follow the TrueOS release schedule with a small time offset.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.geoghegan.ca/pfbadhost.html\"\u003epf-badhost: Stop the evil doers in their tracks!\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet’s biggest irritants. Annoyances such as ssh bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.\u003cbr\u003e\nFiltering performance is exceptional, as the badhost list is stored in a pf table. To quote the OpenBSD FAQ page regarding tables: “the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses.”\u003cbr\u003e\npf-badhost is simple and powerful. The blocklists are pulled from quality, trusted sources. The ‘Firehol’, ‘Emerging Threats’ and ‘Binary Defense’ block lists are used as they are popular, regularly updated lists of the internet’s most egregious offenders. The \u003ca href=\"http://pf-badhost.sh\"\u003epf-badhost.sh\u003c/a\u003e script can easily be expanded to use additional or alternate blocklists.\u003cbr\u003e\npf-badhost works best when used in conjunction with unbound-adblock for the ultimate badhost blocking.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNotes:\u003c/li\u003e\n\u003cli\u003eIf you are trying to run pf-badhost on a LAN or are using NAT, you will want to add a rule to your pf.conf appearing BEFORE the pf-badhost rules allowing traffic to and from your local subnet so that you can still access your gateway and any DNS servers.\u003c/li\u003e\n\u003cli\u003eConversely, adding a line to \u003ca href=\"http://pf-badhost.sh\"\u003epf-badhost.sh\u003c/a\u003e that removes your subnet range from the \u0026lt;pfbadhost\u0026gt; table should also work. Just make sure you choose a subnet range / CIDR block that is actually in the list. 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 are the most common home/office subnet ranges.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"https://do.co/bsdnow\"\u003ehttps://do.co/bsdnow\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://edition.cnn.com/TECH/computing/9911/01/freebsd.con99.idg/\"\u003eFLASHBACK: FreeBSDCon’99: Fans of Linux’s lesser-known sibling gather for the first time\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD, a port of BSD Unix to Intel, has been around almost as long as Linux has – but without the media hype. Its developer and user community recently got a chance to get together for the first time, and they did it in the city where BSD – the Berkeley Software Distribution – was born some 25 years ago.\u003cbr\u003e\nOctober 17, 1999 marked a milestone in the history of FreeBSD – the first FreeBSD conference was held in the city where it all began, Berkeley, CA. Over 300 developers, users, and interested parties attended from around the globe.\u003cbr\u003e\nThis was easily 50 percent more people than the conference organizers had expected. This first conference was meant to be a gathering mostly for developers and FreeBSD advocates. The turnout was surprisingly (and gratifyingly) large.\u003cbr\u003e\nIn fact, attendance exceeded expectations so much that, for instance, Kirk McKusick had to add a second, identical tutorial on FreeBSD internals, because it was impossible for everyone to attend the first!\u003cbr\u003e\nBut for a first-ever conference, I was impressed by how smoothly everything seemed to go. Sessions started on time, and the sessions I attended were well-run; nothing seemed to be too cold, dark, loud, late, or off-center.\u003cbr\u003e\nOf course, the best part about a conference such as this one is the opportunity to meet with other people who share similar interests. Lunches and breaks were a good time to meet people, as was the Tuesday night beer bash.\u003cbr\u003e\nThe Wednesday night reception was of a type unusual for the technical conferences I usually attend – a three-hour Hornblower dinner cruise on San Francisco Bay. Not only did we all enjoy excellent food and company, but we all got to go up on deck and watch the lights of San Francisco and Berkeley as we drifted by. Although it’s nice when a conference attracts thousands of attendees, there are some things that can only be done with smaller groups of people; this was one of them.\u003cbr\u003e\nIn short, this was a tiny conference, but a well-run one.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSessions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlthough it was a relatively small conference, the number and quality of the sessions belied the size. Each of the three days of the conference featured a different keynote speaker. In addition to Jordan Hubbard, Jeremy Allison spoke on “Samba Futures” on day two, and Brian Behlendorf gave a talk on “FreeBSD and Apache: A Perfect Combo” to start off the third day.\u003cbr\u003e\nThe conference sessions themselves were divided into six tracks: advocacy, business, development, networking, security, and panels. The panels track featured three different panels, made up of three different slices of the community: the FreeBSD core team, a press panel, and a prominent user panel with representatives from such prominent commercial users as Yahoo! and USWest.\u003cbr\u003e\nI was especially interested in Apple Computer’s talk in the development track. Wilfredo Sanchez, technical lead for open source projects at Apple (no, that’s not an oxymoron!) spoke about Apple’s Darwin project, the company’s operating system road map, and the role of BSD (and, specifically, FreeBSD) in Apple’s plans.\u003cbr\u003e\nApple and Unix have had a long and uneasy history, from the Lisa through the A/UX project to today. Personally, I’m very optimistic about the chances for the Darwin project to succeed. Apple’s core OS kernel team has chosen FreeBSD as its reference platform. I’m looking forward to what this partnership will bring to both sides.\u003cbr\u003e\nOther development track sessions included in-depth tutorials on writing device drivers, basics of the Vinum Volume Manager, Fibre Channel, development models (the open repository model), and the FreeBSD Documentation Project (FDP). If you’re interested in contributing to the FreeBSD project, the FDP is a good place to start.\u003cbr\u003e\nAdvocacy sessions included “How One Person Can Make a Difference” (a timeless topic that would find a home at any technical conference!) and “Starting and Managing A User Group” (trials and tribulations as well as rewards).\u003cbr\u003e\nThe business track featured speakers from three commercial users of FreeBSD: Cybernet, USWest, and Applix. Applix presented its port of Applixware Office for FreeBSD and explained how Applix has taken the core services of Applixware into open source.\u003cbr\u003e\nCommercial applications and open source were once a rare combination; we can only hope the trend away from that state of affairs will continue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCommercial use of FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe use of FreeBSD in embedded applications is increasing as well – and it is increasing at the same rate that hardware power is. These days, even inexpensive systems are able to run a BSD kernel.\u003cbr\u003e\nThe BSD license and the solid TCP/IP stack prove significant enticements to this market as well. (Unlike the GNU Public License, the BSD license does not require that vendors make derivative works open source.)\u003cbr\u003e\nCompanies such as USWest and Verio use FreeBSD for a wide variety of different Internet services.\u003cbr\u003e\nYahoo! and Hotmail are examples of companies that use FreeBSD extensively for more specific purposes. Yahoo!, for example, has many hundreds of FreeBSD boxes, and Hotmail has almost 2000 FreeBSD machines at its data center in the San Francisco Bay area.\u003cbr\u003e\nHotmail is owned by Microsoft, so the fact that it runs FreeBSD is a secret. Don’t tell anyone…\u003cbr\u003e\nWhen asked to comment on the increasing commercial interest in BSD, Hubbard said that FreeBSD is learning the Red Hat lesson. “Walnut Creek and others with business interests in FreeBSD have learned a few things from the Red Hat IPO,” he said, “and nobody is just sitting around now, content with business as usual. It’s clearly business as unusual in the open source world today.”\u003cbr\u003e\nHubbard had also singled out some of BSD’s commercial partners, such as Whistle Communications, for praise in his opening day keynote. These partners play a key role in moving the project forward, he said, by contributing various enhancements and major new systems, such as Netgraph, as well as by contributing paid employee time spent on FreeBSD.\u003cbr\u003e\nEven short FreeBSD-related contacts can yield good results, Hubbard said. An example of this is the new jail() security code introduced in FreeBSD 3.x and 4.0, which was contributed by R \u0026amp; D Associates. A number of ISPs are also now donating the hardware and bandwidth that allows the project to provide more resource mirrors and experimental development sites.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee you next year\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd speaking of corporate sponsors, thanks go to Walnut Creek for sponsoring the conference, and to Yahoo! for covering all the expenses involved in bringing the entire FreeBSD core team to Berkeley.\u003cbr\u003e\nAs a fan of FreeBSD, I’m happy to see that the project has finally produced a conference. It was time: many of the 16 core team members had been working together on a regular basis for nearly seven years without actually meeting face to face.\u003cbr\u003e\nIt’s been an interesting year for open source projects. I’m looking forward to the next year – and the next BSD conference – to be even better.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026amp;m=153504937925732\u0026amp;w=2\"\u003eOpenBSD Recommends: Disable SMT/Hyperthreading in all Intel BIOSes\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eTwo recently disclosed hardware bugs affected Intel cpus:\n\n     - TLBleed\n\n     - T1TF (the name \u0026quot;Foreshadow\u0026quot; refers to 1 of 3 aspects of this\n             bug, more aspects are surely on the way)\n\nSolving these bugs requires new cpu microcode, a coding workaround,\n*AND* the disabling of SMT / Hyperthreading.\n\nSMT is fundamentally broken because it shares resources between the two\ncpu instances and those shared resources lack security differentiators.\nSome of these side channel attacks aren't trivial, but we can expect\nmost of them to eventually work and leak kernel or cross-VM memory in\ncommon usage circumstances, even such as javascript directly in a\nbrowser.\n\nThere will be more hardware bugs and artifacts disclosed.  Due to the\nway SMT interacts with speculative execution on Intel cpus, I expect SMT\nto exacerbate most of the future problems.\n\nA few months back, I urged people to disable hyperthreading on all\nIntel cpus.  I need to repeat that:\n\n    DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.\n\nAlso, update your BIOS firmware, if you can.\n\nOpenBSD -current (and therefore 6.4) will not use hyperthreading if it\nis enabled, and will update the cpu microcode if possible.\n\nBut what about 6.2 and 6.3?\n\nThe situation is very complex, continually evolving, and is taking too\nmuch manpower away from other tasks.  Furthermore, Intel isn't telling\nus what is coming next, and are doing a terrible job by not publically\ndocumenting what operating systems must do to resolve the problems.  We\nare having to do research by reading other operating systems.  There is\nno time left to backport the changes -- we will not be issuing a\ncomplete set of errata and syspatches against 6.2 and 6.3 because it is\nturning into a distraction.\n\nRather than working on every required patch for 6.2/6.3, we will\nre-focus manpower and make sure 6.4 contains the best solutions\npossible.\n\nSo please try take responsibility for your own machines: Disable SMT in\nthe BIOS menu, and upgrade your BIOS if you can.\n\nI'm going to spend my money at a more trustworthy vendor in the future.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://medium.com/@enzuru/get-morrowind-running-on-openbsd-in-5-simple-steps-b65e20f3f0c\"\u003eGet Morrowind running on OpenBSD in 5 simple steps\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis article contains brief instructions on how to get one of the greatest Western RPGs of all time, The Elder Scrolls III: Morrowind, running on OpenBSD using the OpenMW open source engine recreation. These instructions were tested on a ThinkPad X1 Carbon Gen 3. The information was adapted from this OpenMW forum thread: \u003ca href=\"https://forum.openmw.org/viewtopic.php?t=3510\"\u003ehttps://forum.openmw.org/viewtopic.php?t=3510\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003col\u003e\n\u003cli\u003ePurchase and download the DRM-free version from GOG (also considered the best version due to the high quality PDF guide that it comes with): \u003ca href=\"https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition\"\u003ehttps://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition\u003c/a\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"2\"\u003e\n\u003cli\u003eInstall the required packages built from the ports tree as root. openmw is the recreated game engine, and innoextract is how we will get the game data files out of the win32 executable.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003epkg_add openmw innoextract\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003col start=\"3\"\u003e\n\u003cli\u003eMove the file from GOG setup_tes_morrowind_goty_2.0.0.7.exe into its own directory morrowind/ due to innoextract’s default behaviour of extracting into the current directory. Then type:\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003einnoextract setup_tes_morrowind_goty_2.0.0.7.exe\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003col start=\"4\"\u003e\n\u003cli\u003eType openmw-wizard and follow the straightforward instructions. Note that you have a pre-existing installation, and select the morrowind/app/Data Files folder that innoextract extracted.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"5\"\u003e\n\u003cli\u003eType in openmw-launcher, toggle the settings to your preferences, and then hit play!\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"https://twitter.com/allanjude/status/1034647571124367360\"\u003ehttps://twitter.com/allanjude/status/1034647571124367360\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://euroquis.nl/bobulate/?p=1937\"\u003eMy First Clang Bug\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePart of the role of being a packager is compiling lots (and lots) of packages. That means compiling lots of code from interesting places and in a variety of styles. In my opinion, being a good packager also means providing feedback to upstream when things are bad. That means filing upstream bugs when possible, and upstreaming patches.\u003cbr\u003e\nOne of the “exciting” moments in packaging is when tools change. So each and every major CMake update is an exercise in recompiling 2400 or more packages and adjusting bits and pieces. When a software project was last released in 2013, adjusting it to modern tools can become quite a chore (e.g. Squid Report Generator). CMake is excellent for maintaining backwards compatibility, generally accommodating old software with new policies. The most recent 3.12 release candidate had three issues filed from the FreeBSD side, all from fallout with older software.  I consider the hours put into good bug reports, part of being a good citizen of the Free Software world.\u003cbr\u003e\nMy most interesting bug this week, though, came from one line of code somewhere in Kleopatra: Q_UNUSED(gpgagent_data);\u003cbr\u003e\nThat one line triggered a really peculiar link error in KDE’s FreeBSD CI system. Yup … telling the compiler something is unused made it fall over. Commenting out that line got rid of the link error, but introduced a warning about an unused function. Working with KDE-PIM’s Volker Krause, we whittled the problem down to a six-line example program — two lines if you don’t care much for coding style. I’m glad, at that point, that I could throw it over the hedge to the LLVM team with some explanatory text. Watching the process on their side reminds me ever-so-strongly of how things work in KDE (or FreeBSD for that matter): Bugzilla, Phabricator, and git combine to be an effective workflow for developers (perhaps less so for end-users).\u003cbr\u003e\nToday I got a note saying that the issue had been resolved. So brief a time for a bug. Live fast. Get squashed young.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026amp;px=Threadripper-2990WX-DragonFly\"\u003eDragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX. I tested FreeBSD 11, FreeBSD 12, and TrueOS – those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen I tried last week, the DragonFlyBSD 5.2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now. So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn announcing his success in bringing up the 2990WX under DragonFlyBSD, which required a few minor changes, he shared his performance thoughts and hopes for the rig. “The cpu is a real beast, packing 32 cores and 64 threads. It blows away our dual-core Xeon to the tune of being +50% faster in concurrent compile tests, and it also blows away our older 4-socket Opteron (which we call ‘Monster’) by about the same margin. It’s an impressive CPU. For now the new beast is going to be used to help us improve I/O performance through the filesystem, further SMP work (but DFly scales pretty well to 64 threads already), and perhaps some driver to work to support the 10gbe on the mobo.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDillon shared some results on the system as well. \u0026quot; The Threadripper 2990WX is a beast. It is at \u003cem\u003eleast\u003c/em\u003e 50% faster than both the quad socket opteron and the dual socket Xeon system I tested against. The primary limitation for the 2990WX is likely its 4 channels of DDR4 memory, and like all Zen and Zen+ CPUs, memory performance matters more than CPU frequency (and costs almost no power to pump up the performance). That said, it still blow away a dual-socket Xeon with 3x the number of memory channels. That is impressive!\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe well known BSD developer also added, “This puts the 2990WX at par efficiency vs a dual-socket Xeon system, and better than the dual-socket Xeon with slower memory and a power cap. This is VERY impressive. I should note that the 2990WX is more specialized with its asymetric NUMA architecture and 32 cores. I think the sweet spot in terms of CPU pricing and efficiency is likely going to be with the 2950X (16-cores/32-threads). It is clear that the 2990WX (32-cores/64-threads) will max out 4-channel memory bandwidth for many workloads, making it a more specialized part. But still awesome…This thing is an incredible beast, I’m glad I got it.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile I have the FreeBSD vs. Linux benchmarks from a few days ago, it looks like now on my ever growing TODO list will be re-trying out the newest DragonFlyBSD daily snapshot for seeing how the performance compares in the mix. Stay tuned for the numbers that should be in the next day or two.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180810075449\"\u003eX11 on really small devices\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180810131231\"\u003emandoc-1.14.4 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.netgate.com/blog/pfSense-book-available-to-everyone.html\"\u003eThe pfSense Book is now available to everyone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3619\"\u003eMWL: Burn it down! Burn it all down!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/begriffs/obsd\"\u003eConfiguring OpenBSD: System and user config files for a more pleasant laptop\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc\"\u003eFreeBSD Security Advisory: Resource exhaustion in TCP reassembly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://discoverbsd.com/p/92d80d1497\"\u003eOpenBSD Foundation gets first 2018 Iridium donation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=337653\"\u003eNew ZFS commit solves issue a few users reported in the feedback segment\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/TridentProject/status/1034620476553867264\"\u003eProject Trident should have a beta release by the end of next week\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/253447019/\"\u003eReminder about Stockholm BUG: September 5, 17:30-22:00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-pl.org/en\"\u003eBSD-PL User Group: September 13, 18:30-21:00\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMalcom - \u003ca href=\"http://dpaste.com/15VVVCP\"\u003eHaving different routes per interface\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/1Q14C6H#wrap\"\u003eZFS and integrity of data\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/2JD17BP#wrap\"\u003eSuggestion for Monitoring\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBarry - \u003ca href=\"http://dpaste.com/2GJ3RMG#wrap\"\u003eFeedback\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Insight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.","date_published":"2018-08-30T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9bf2ff39-f045-4c19-8416-f1a6da6d3f84.mp3","mime_type":"audio/mp3","size_in_bytes":65719133,"duration_in_seconds":6553}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2463","title":"Episode 260: Hacking Tour of Europe | BSD Now 260","url":"https://www.bsdnow.tv/260","content_text":"Trip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more.\n\n##Headlines\n###Essen Hackathon \u0026amp; BSDCam 2018 trip report\n\n\nAllan and Benedict met at FRA airport and then headed to the Air Rail terminal for our train to Essen where the Hackathon would happen over the weekend of Aug 10 - 12, 2018. Once there, we did not have to wait long until other early-arrivals would show up and soon we had about 10 people gathered for lunch. After buying some take-out pizzas and bringing it back to the Linuxhotel (there was a training still going on there so we could not get into our rooms yet), we sat in the sunny park and talked. More and more people arrived and soon, people started hacking on their laptops. Some people would not arrive until a few hours before midnight, but we already had a record appearance of 20 people in total.\nOn Saturday, we gathered everyone in one of the seminar rooms that had rooms and chairs for us. After some organizational infos, we did an introductory round and Benedict wrote down on the whiteboard what people were interested in. It was not long until groups formed to talk about SSL in base, weird ZFS scrubs that would go over 100% completion (fixed now). Other people started working on ports, fixing bugs, or wrote documentation. The day ended in a BBQ in the Linuxhotel park, which was well received by everyone.\nOn Sunday, after attendees packed up their luggage and stored it in the seminar room, we continued hacking until lunchtime. After a quick group picture, we headed to a local restaurant for the social event (which was not open on Saturday, otherwise we would have had it then). In the afternoon, most people departed, a good half of them were heading for BSDCam.\nCommits from the hackathon (the ones from 2018)\nOverall, the hackathon was well received by attendees and a lot of them liked the fact that it was close to another BSD gathering so they could nicely combine the two. Also, people thought about doing their own hackathon in the future, which is an exciting prospect. Thanks to all who attended, helped out here and there when needed. Special Thanks to Netzkommune GmbH for sponsoring the social event and the Linuxhotel for having us.\nBenedict was having a regular work day on Monday after coming back from the hackathon, but flew out to Heathrow on Tuesday. Allan was in London a day earlier and arrived a couple of hours before Benedict in Cambridge. He headed for the Computer Lab even though the main event would not start until Wednesday. Most people gathered at the Maypole pub on Tuesday evening for welcomes, food and drinks.\nOn Wednesday, a lot of people met in the breakfast room of Churchill College where most people were staying and went to the Computer Lab, which served as the main venue for BSDCam, together. The morning was spend with introductions and collecting what most people were interested in talking. This unconference style has worked well in the past and soon we had 10 main sessions together for the rest of this and the following two days (full schedule).\nMost sessions took notes, which you can find on the FreeBSD wiki.\nOn Thursday evening, we had a nice formal dinner at Trinity Hall.\nBSDCam 2018 was a great success with a lot of fruitful discussions and planning sessions. We thank the organizers for BSDCam for making it happen.\nA special mentions goes out to Robert Watson and his family. Even though he was not there, he had a good reason to miss it: they had their first child born at the beginning of the week. Congratulations and best wishes to all three of them!\n\n\n\n\n###Call for Testing: ZFS Native Encryption for FreeBSD\n\n\nA port of the ZoL (ZFS-on-Linux) feature that provides native crypto support for ZFS is ready for testing on FreeBSD\nMost of the porting was done by sef@freebsd.org (Sean Eric Fagan)\nThe original ZoL commit is here: https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49\nFor an overview, see Tom Caputi’s presentation from the OpenZFS Developers Summit in 2016\nVideo: https://youtu.be/frnLiXclAMo\nSlides: https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing\nWARNING: test in VMs or with spare disks etc, pools created with this code, or upgraded to this version, will no longer be importable on systems that do not support this feature. The on-disk format or other things may change before the final version, so you will likely have to ‘zfs send | zfs recv’ the data on to a new pool\nThanks for testing to help this feature land in FreeBSD\n\n\n\n\niXsystems\n\n###Call for Testing: UFS TRIM Consolidation\n\n\nKirk Mckusick posts to the FreeBSD mailing list looking for testers for the new UFS TRIM Consolidation code\n\n\n\nWhen deleting files on filesystems that are stored on flash-memory (solid-state) disk drives, the filesystem notifies the underlying disk of the blocks that it is no longer using. The notification allows the drive to avoid saving these blocks when it needs to flash (zero out) one of its flash pages. These notifications of no-longer-being-used blocks are referred to as TRIM notifications. In FreeBSD these TRIM notifications are sent from the filesystem to the drive using the BIO_DELETE command.\nUntil now, the filesystem would send a separate message to the drive for each block of the file that was deleted. Each Gigabyte of file size resulted in over 3000 TRIM messages being sent to the drive. This burst of messages can overwhelm the drive’s task queue causing multiple second delays for read and write requests.\nThis implementation collects runs of contiguous blocks in the file and then consolodates them into a single BIO_DELETE command to the drive. The BIO_DELETE command describes the run of blocks as a single large block being deleted. Each Gigabyte of file size can result in as few as two BIO_DELETE commands and is typically less than ten.  Though these larger BIO_DELETE commands take longer to run, they do not clog the drive task queue, so read and write commands can intersperse effectively with them.\nThough this new feature has been throughly reviewed and tested, it is being added disabled by default so as to minimize the possibility of disrupting the upcoming 12.0 release. It can be enabled by running ``sysctl vfs.ffs.dotrimcons=1’’. Users are encouraged to test it. If no problems arise, we will consider requesting that it be enabled by default for 12.0.\nThis support is off by default, but I am hoping that I can get enough testing to ensure that it (a) works, and (b) is helpful that it will be reasonable to have it turned on by default in 12.0. The cutoff for turning it on by default in 12.0 is September 19th. So I am requesting your testing feedback in the near-term. Please let me know if you have managed to use it successfully (or not) and also if it provided any performance difference (good or bad).\n\n\n\nTo enable TRIM consolidation use `sysctl vfs.ffs.dotrimcons=1’\nThere is also a diff that adds additional statistics: https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html\nYou can also watch the volume and latency of BIO_DELETE commands by running gstat with the -d flag\n\n\n\n\n##News Roundup\n###ZFS performance\n\n\nAravindh Sampathkumar, a Performance Engineer and Sysadmin posts some simple benchmarks he did on a new ZFS server\n\n\n\nThis is NOT an all-in post about ZFS performance. I built a FreeBSD+ZFS file server recently at work to serve as an offsite backup server. I wanted to run a few synthetic workloads on it and look at how it fares from performance perspective. Mostly for curiosity and learning purposes.\nAs stated in the notes about building this server, performance was not one of the priorities, as this server will never face our active workload. What I care about from this server is its ability to work with rsync and keep the data synchronised with our primary storage server. With that context, I ran a few write tests to see how good our solution is and what to expect from it in terms of performance.\n\n\n\nThe article then uses FIO to do some benchmarks.\nAs the author did, make sure you match the FIO block size to the ZFS record size to avoid write amplification. Either tune FIO or adjust the recordsize property in ZFS\nYou also want to consider compression and cache effects\n\n\n\nWrite Performance: Incompressible: 1600-2600 MB/s, Compressible: 2500-6600 MB/s\nAnother over 1200 MB/s is enough to keep your 10 gigabit network saturated\n\n\n\nThe increased latency that is seen with higher number of writers working, may be the result of the ZFS backpressure system (the write throttle). There is some tuning that can be done there. Specifically, since this machine has 768 GB of ram, you might allow more than 4GB of dirty data, which would mean you’d be able to write larger batches and not have to push back while you wait for a transaction group to flush when dealing with gigabytes/sec of writes\n\n\n\n\n###How to port your OS to EC2\n\n\nColin Percival reflects on his FreeBSD on EC2 maintainership efforts in his blog:\n\n\n\nI’ve been the maintainer of the FreeBSD/EC2 platform for about 7.5 years now, and as far as “running things in virtual machines” goes, that remains the only operating system and the only cloud which I work on. That said, from time to time I get questions from people who want to port other operating systems into EC2, and being a member of the open source community, I do my best to help them. I realized a few days ago that rather than replying to emails one by one it would be more efficient to post something publicly; so — for the benefit of the dozen or so people who want to port operating systems to run in EC2, and the curiosity of maybe a thousand more people who use EC2 but will never build AMIs themselves — here’s a rough guide to building EC2 images.\nBefore we can talk about building images, there are some things you need:\nYour OS needs to run on x86 hardware. 64-bit (“amd64”, “x86-64”) is ideal, but I’ve managed to run 32-bit FreeBSD on “64-bit” EC2 instances so at least in some cases that’s not strictly necessary.\nYou almost certainly want to have drivers for Xen block devices (for all of the pre-Nitro EC2 instances) or for NVMe disks (for the most recent EC2 instances). Theoretically you could make do without these since there’s some ATA emulation available for bootstrapping, but if you want to do any disk I/O after the kernel finishes booting you’ll want to have a disk driver.\nSimilarly, you need support for the Xen network interface (older instances), Intel 10 GbE SR-IOV networking (some newer but pre-Nitro instances), or Amazon’s “ENA” network adapters (on Nitro instances), unless you plan on having instances which don’t communicate over the network. The ENA driver is probably the hardest thing to port, since as far as I know there’s no way to get your hands on the hardware directly, and it’s very difficult to do any debugging in EC2 without having a working network.\nFinally, the obvious: You need to have an AWS account, and appropriate API access keys.\nBuilding a disk image\nBuilding an AMI\nI wrote a simple tool for converting disk images into EC2 instances: bsdec2-image-upload. It uploads a disk image to Amazon S3; makes an API call to import that disk image into an EBS volume; creates a snapshot of that volume; then registers an EC2 AMI using that snapshot.\nTo use bsdec2-image-upload, you’ll first need to create an S3 bucket for it to use as a staging area. You can call it anything you like, but I recommend that you\n\n\n\nCreate it in a “nearby” region (for performance reasons), and\nSet an S3 “lifecycle policy” which deletes objects automatically after 1 day (since bsdec2-image-upload doesn’t clean up the S3 bucket, and those objects are useless once you’ve finished creating an AMI).\n\n\n\nBoot configuration\nOdds are that your instance started booting and got as far as the boot loader launching the kernel, but at some point after that things went sideways. Now we start the iterative process of building disk images, turning them into AMIs, launching said AMIs, and seeing where they break. Some things you’ll probably run into here:\nEC2 instances have two types of console available to them: A serial console and an VGA console. (Or rather, emulated serial and emulated VGA.) If you can have your kernel output go to both consoles, I recommend doing that. If you have to pick one, the serial console (which shows up as the “System Log” in EC2) is probably more useful than the VGA console (which shows up as “instance screenshot”) since it lets you see more than one screen of logs at once; but there’s a catch: Due to some bizarre breakage in EC2 — which I’ve been complaining about for ten years — the serial console is very “laggy”. If you find that you’re not getting any output, wait five minutes and try again.\nYou may need to tell your kernel where to find the root filesystem. On FreeBSD we build our disk images using GPT labels, so we simply need to specify in /etc/fstab that the root filesystem is on /dev/gpt/rootfs; but if you can’t do this, you’ll probably need to have different AMIs for Nitro instances vs. non-Nitro instances since Xen block devices will typically show up with different device names from NVMe disks. On FreeBSD, I also needed to set the vfs.root.mountfrom kernel environment variable for a while; this also is no longer needed on FreeBSD but something similar may be needed on other systems.\nYou’ll need to enable networking, using DHCP. On FreeBSD, this means placing ifconfig_DEFAULT=“SYNCDHCP” into /etc/rc.conf; other systems will have other ways of specifying network parameters, and it may be necessary to specify a setting for the Xen network device, Intel SR-IOV network, and the Amazon ENA interface so that you’ll have the necessary configuration across all EC2 instance types. (On FreeBSD, ifconfig_DEFAULT takes care of specifying the network settings which should apply for whatever network interface the kernel finds at boot time.)\nYou’ll almost certainly want to turn on SSH, so that you can connect into newly launched instances and make use of them. Don’t worry about setting a password or creating a user to SSH into yet — we’ll take care of that later.\nEC2 configuration\nNow it’s time to make the AMI behave like an EC2 instance. To this end, I prepared a set of rc.d scripts for FreeBSD. Most importantly, they\nPrint the SSH host keys to the console, so that you can veriy that they are correct when you first SSH in. (Remember, Verifying SSH host keys is more important than flossing every day.)\nDownload the SSH public key you want to use for logging in, and create an account (by default, “ec2-user”) with that key set up for you.\nFetch EC2 user-data and process it via configinit to allow you to configure the system as part of the process of launching it.\nIf your OS has an rc system derived from NetBSD’s rc.d, you may be able to use these scripts without any changes by simply installing them and enabling them in /etc/rc.conf; otherwise you may need to write your own scripts using mine as a model.\nFirstboot scripts\nA feature I added to FreeBSD a few years ago is the concept of “firstboot” scripts: These startup scripts are only run the first time a system boots. The aforementioned configinit and SSH key fetching scripts are flagged this way — so if your OS doesn’t support the “firstboot” keyword on rc.d scripts you’ll need to hack around that — but EC2 instances also ship with other scripts set to run on the first boot:\nFreeBSD Update will fetch and install security and critical errata updates, and then reboot the system if necessary.\nThe UFS filesystem on the “boot disk” will be automatically expanded to the full size of the disk — this makes it possible to specify a larger size of disk at EC2 instance launch time.\nThird-party packages will be automatically fetched and installed, according to a list in /etc/rc.conf. This is most useful if configinit is used to edit /etc/rc.conf, since it allows you to specify packages to install via the EC2 user-data.\nWhile none of these are strictly necessary, I find them to be extremely useful and highly recommend implementing similar functionality in your systems.\nSupport my work!\nI hope you find this useful, or at very least interesting. Please consider supporting my work in this area; while I’m happy to contribute my time to supporting open source software, it would be nice if I had money coming in which I could use to cover incidental expenses (e.g., conference travel) so that I didn’t end up paying to contribute to FreeBSD.\n\n\n\n\nDigital Ocean\nhttps://do.co/bsdnow\n\n###Traceability, by Vint Cerf\n\n\nA recent article from the August issue of the Communications of the ACM, for your contemplation:\n\n\n\nAt a recent workshop on cybersecurity in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated. The bad behaviors range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills requiring a wide range of technical and legal considerations. That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses.\nIn other columns, I have argued for better software development tools to reduce the common mistakes that lead to vulnerabilities that are exploited. Here, I want to focus on another aspect of response related to law enforcement and tracking down perpetrators. Of course, not all harms are (or perhaps are not yet) illegal, but discovering those who cause them may still be warranted. The recent adoption and implementation of the General Data Protection Regulation (GDPR) in the European Union creates an interesting tension because it highlights the importance and value of privacy while those who do direct or indirect harm must be tracked down and their identities discovered.\nIn passing, I mention that cryptography has sometimes been blamed for protecting the identity or actions of criminals but it is also a tool for protecting privacy. Arguments have been made for “back doors” to cryptographic systems but I am of the opinion that such proposals carry extremely high risk to privacy and safety. It is not my intent to argue this question in this column.\nWhat is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: “Cerfsup”). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.\nIn the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.\nThis suggests to me that the notion of traceability under (internationally?) agreed circumstances (that is, differential traceability) might be a fruitful concept to explore. In most societies today, it is accepted that we must be identifiable to appropriate authorities under certain conditions (consider border crossings, traffic violation stops as examples). While there are conditions under which apparent anonymity is desirable and even justifiable (whistle-blowing, for example) absolute anonymity is actually quite difficult to achieve (another point made at the Ditchley workshop) and might not be absolutely desirable given the misbehaviors apparent anonymity invites. I expect this is a controversial conclusion and I look forward to subsequent discussion.\n\n\n\n\n###Remote Access Console using FreeBSD on an RPi3\n\n\nOur friend, and FOSDEM Booth Neighbour, Jorge, has posted a tutorial on how he created a remote access console for his SmartOS server and other machines in his homelab\nParts:\nRaspberry Pi 3 B+\nNavoLabs micro POE Hat\nFT4232H  based USB-to-RS232 (4x) adapter\nOfficial Raspberry Pi case (optional)\nHeat-sink kit (optional)\nUSB-to-TTL adaptor (optional)\nSandisk 16Gb microSD\n\n\n\nFor the software I ended up using conserver. Below is a very brief tutorial on how to set everything up. I assume you have basic unix skills.\n\n\n\nGet an RPi3 image, make some minor modifications for RPi3+, and write it to the USB stick\nConfigure FreeBSD on the RPi3\n\nLoad the ‘muge’ Ethernet Driver\nLoad USB serial support\nLoad the FTDI driver\nEnable SSHd and Conserver\nConfigure Conserver\nSetup log rotation\nStart Conserver\n\n\n\nAnd you’re good to go\n\n\n\nA small bonus script I wrote to turn on the 2nd LED on the rPI once the system is booted, it will then blink the LED if someone is connected to any of the consoles.\n\n\n\nThere is also a followup post with some additional tips: https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/\n\n\n\n\n##Beastie Bits\n\n\nAnnual Penguin Races\nMscgen - Message Sequence Chart generator\nThis patch makes FreeBSD boot 500 - 800ms faster, please test on your hardware\nFreeBSD’s arc4random() replaced with OpenBSD ChaCha20 implementation\nMeetBSD Devsummit open for registrations\nNew Podcast interview with Michael W. Lucas\n\n\n\n\nTarsnap\n\n##Feedback/Questions\nWe need more feedback emails. Please write to feedback@bsdnow.tv\n\nAdditionally, we are considering a new segment to be added to the end of the show (to make it skippable), where we have a ~15 minute deep dive on a topic. Some initial ideas are on the Virtual Memory subsystem, the Scheduler, Capsicum, and GEOM. What topics would you like to get very detailed explanations of? Many of the explanations may have accompanying graphics, and not be very suitable for audio only listeners, that is why we are planning to put it at the very end of the episode.\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eTrip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://wiki.freebsd.org/DevSummit/201808Hackathon\"\u003eEssen Hackathon \u0026amp; BSDCam 2018 trip report\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAllan and Benedict met at FRA airport and then headed to the Air Rail terminal for our train to Essen where the Hackathon would happen over the weekend of Aug 10 - 12, 2018. Once there, we did not have to wait long until other early-arrivals would show up and soon we had about 10 people gathered for lunch. After buying some take-out pizzas and bringing it back to the Linuxhotel (there was a training still going on there so we could not get into our rooms yet), we sat in the sunny park and talked. More and more people arrived and soon, people started hacking on their laptops. Some people would not arrive until a few hours before midnight, but we already had a record appearance of 20 people in total.\u003c/li\u003e\n\u003cli\u003eOn Saturday, we gathered everyone in one of the seminar rooms that had rooms and chairs for us. After some organizational infos, we did an introductory round and Benedict wrote down on the whiteboard what people were interested in. It was not long until groups formed to talk about SSL in base, weird ZFS scrubs that would go over 100% completion (fixed now). Other people started working on ports, fixing bugs, or wrote documentation. The day ended in a \u003ca href=\"https://twitter.com/bsdbcr\"\u003eBBQ in the Linuxhotel park\u003c/a\u003e, which was well received by everyone.\u003c/li\u003e\n\u003cli\u003eOn Sunday, after attendees packed up their luggage and stored it in the seminar room, we continued hacking until lunchtime. After a quick group picture, we headed to a local restaurant for the social event (which was not open on Saturday, otherwise we would have had it then). In the afternoon, most people departed, a good half of them were heading for BSDCam.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://freshbsd.org/search?q=Essen+hackathon\"\u003eCommits from the hackathon (the ones from 2018)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOverall, the hackathon was well received by attendees and a lot of them liked the fact that it was close to another BSD gathering so they could nicely combine the two. Also, people thought about doing their own hackathon in the future, which is an exciting prospect. Thanks to all who attended, helped out here and there when needed. Special Thanks to \u003ca href=\"https://www.netzkommune.de/\"\u003eNetzkommune GmbH\u003c/a\u003e for sponsoring the social event and the \u003ca href=\"http://linuxhotel.de/\"\u003eLinuxhotel\u003c/a\u003e for having us.\u003c/li\u003e\n\u003cli\u003eBenedict was having a regular work day on Monday after coming back from the hackathon, but flew out to Heathrow on Tuesday. Allan was in London a day earlier and arrived a couple of hours before Benedict in Cambridge. He headed for the Computer Lab even though the main event would not start until Wednesday. Most people gathered at the Maypole pub on Tuesday evening for welcomes, food and drinks.\u003c/li\u003e\n\u003cli\u003eOn Wednesday, a lot of people met in the breakfast room of Churchill College where most people were staying and went to the Computer Lab, which served as the main venue for BSDCam, together. The morning was spend with introductions and collecting what most people were interested in talking. This unconference style has worked well in the past and soon we had 10 main sessions together for the rest of this and the following two days (\u003ca href=\"https://bsdcam.cl.cam.ac.uk/\"\u003efull schedule\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMost sessions took notes, which you can find on the \u003ca href=\"https://wiki.freebsd.org/DevSummit/201808\"\u003eFreeBSD wiki\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eOn Thursday evening, we had a nice formal dinner at Trinity Hall.\u003c/li\u003e\n\u003cli\u003eBSDCam 2018 was a great success with a lot of fruitful discussions and planning sessions. We thank the organizers for BSDCam for making it happen.\u003c/li\u003e\n\u003cli\u003eA special mentions goes out to Robert Watson and his family. Even though he was not there, he had a good reason to miss it: they had their first child born at the beginning of the week. Congratulations and best wishes to all three of them!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070832.html\"\u003eCall for Testing: ZFS Native Encryption for FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA port of the ZoL (ZFS-on-Linux) feature that provides native crypto support for ZFS is ready for testing on FreeBSD\u003c/li\u003e\n\u003cli\u003eMost of the porting was done by \u003ca href=\"mailto:sef@freebsd.org\"\u003esef@freebsd.org\u003c/a\u003e (Sean Eric Fagan)\u003c/li\u003e\n\u003cli\u003eThe original ZoL commit is here: \u003ca href=\"https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49\"\u003ehttps://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor an overview, see Tom Caputi’s presentation from the OpenZFS Developers Summit in 2016\u003c/li\u003e\n\u003cli\u003eVideo: \u003ca href=\"https://youtu.be/frnLiXclAMo\"\u003ehttps://youtu.be/frnLiXclAMo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSlides: \u003ca href=\"https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing\"\u003ehttps://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWARNING: test in VMs or with spare disks etc, pools created with this code, or upgraded to this version, will no longer be importable on systems that do not support this feature. The on-disk format or other things may change before the final version, so you will likely have to ‘zfs send | zfs recv’ the data on to a new pool\u003c/li\u003e\n\u003cli\u003eThanks for testing to help this feature land in FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070797.html\"\u003eCall for Testing: UFS TRIM Consolidation\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eKirk Mckusick posts to the FreeBSD mailing list looking for testers for the new UFS TRIM Consolidation code\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen deleting files on filesystems that are stored on flash-memory (solid-state) disk drives, the filesystem notifies the underlying disk of the blocks that it is no longer using. The notification allows the drive to avoid saving these blocks when it needs to flash (zero out) one of its flash pages. These notifications of no-longer-being-used blocks are referred to as TRIM notifications. In FreeBSD these TRIM notifications are sent from the filesystem to the drive using the BIO_DELETE command.\u003cbr\u003e\nUntil now, the filesystem would send a separate message to the drive for each block of the file that was deleted. Each Gigabyte of file size resulted in over 3000 TRIM messages being sent to the drive. This burst of messages can overwhelm the drive’s task queue causing multiple second delays for read and write requests.\u003cbr\u003e\nThis implementation collects runs of contiguous blocks in the file and then consolodates them into a single BIO_DELETE command to the drive. The BIO_DELETE command describes the run of blocks as a single large block being deleted. Each Gigabyte of file size can result in as few as two BIO_DELETE commands and is typically less than ten.  Though these larger BIO_DELETE commands take longer to run, they do not clog the drive task queue, so read and write commands can intersperse effectively with them.\u003cbr\u003e\nThough this new feature has been throughly reviewed and tested, it is being added disabled by default so as to minimize the possibility of disrupting the upcoming 12.0 release. It can be enabled by running ``sysctl vfs.ffs.dotrimcons=1’’. Users are encouraged to test it. If no problems arise, we will consider requesting that it be enabled by default for 12.0.\u003cbr\u003e\nThis support is off by default, but I am hoping that I can get enough testing to ensure that it (a) works, and (b) is helpful that it will be reasonable to have it turned on by default in 12.0. The cutoff for turning it on by default in 12.0 is September 19th. So I am requesting your testing feedback in the near-term. Please let me know if you have managed to use it successfully (or not) and also if it provided any performance difference (good or bad).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo enable TRIM consolidation use `sysctl vfs.ffs.dotrimcons=1’\u003c/li\u003e\n\u003cli\u003eThere is also a diff that adds additional statistics: \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html\"\u003ehttps://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can also watch the volume and latency of BIO_DELETE commands by running \u003ccode\u003egstat\u003c/code\u003e with the -d flag\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://aravindh.net/post/zfs_performance/\"\u003eZFS performance\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAravindh Sampathkumar, a Performance Engineer and Sysadmin posts some simple benchmarks he did on a new ZFS server\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is NOT an all-in post about ZFS performance. I built a FreeBSD+ZFS file server recently at work to serve as an offsite backup server. I wanted to run a few synthetic workloads on it and look at how it fares from performance perspective. Mostly for curiosity and learning purposes.\u003cbr\u003e\nAs stated in the notes about building this server, performance was not one of the priorities, as this server will never face our active workload. What I care about from this server is its ability to work with rsync and keep the data synchronised with our primary storage server. With that context, I ran a few write tests to see how good our solution is and what to expect from it in terms of performance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article then uses FIO to do some benchmarks.\u003c/li\u003e\n\u003cli\u003eAs the author did, make sure you match the FIO block size to the ZFS record size to avoid write amplification. Either tune FIO or adjust the recordsize property in ZFS\u003c/li\u003e\n\u003cli\u003eYou also want to consider compression and cache effects\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWrite Performance: Incompressible: 1600-2600 MB/s, Compressible: 2500-6600 MB/s\u003cbr\u003e\nAnother over 1200 MB/s is enough to keep your 10 gigabit network saturated\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe increased latency that is seen with higher number of writers working, may be the result of the ZFS backpressure system (the write throttle). There is some tuning that can be done there. Specifically, since this machine has 768 GB of ram, you might allow more than 4GB of dirty data, which would mean you’d be able to write larger batches and not have to push back while you wait for a transaction group to flush when dealing with gigabytes/sec of writes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://www.daemonology.net/blog/2018-07-14-port-OS-to-EC2.html\"\u003eHow to port your OS to EC2\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin Percival reflects on his FreeBSD on EC2 maintainership efforts in his blog:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been the maintainer of the FreeBSD/EC2 platform for about 7.5 years now, and as far as “running things in virtual machines” goes, that remains the only operating system and the only cloud which I work on. That said, from time to time I get questions from people who want to port other operating systems into EC2, and being a member of the open source community, I do my best to help them. I realized a few days ago that rather than replying to emails one by one it would be more efficient to post something publicly; so — for the benefit of the dozen or so people who want to port operating systems to run in EC2, and the curiosity of maybe a thousand more people who use EC2 but will never build AMIs themselves — here’s a rough guide to building EC2 images.\u003cbr\u003e\nBefore we can talk about building images, there are some things you need:\u003cbr\u003e\nYour OS needs to run on x86 hardware. 64-bit (“amd64”, “x86-64”) is ideal, but I’ve managed to run 32-bit FreeBSD on “64-bit” EC2 instances so at least in some cases that’s not strictly necessary.\u003cbr\u003e\nYou almost certainly want to have drivers for Xen block devices (for all of the pre-Nitro EC2 instances) or for NVMe disks (for the most recent EC2 instances). Theoretically you could make do without these since there’s some ATA emulation available for bootstrapping, but if you want to do any disk I/O after the kernel finishes booting you’ll want to have a disk driver.\u003cbr\u003e\nSimilarly, you need support for the Xen network interface (older instances), Intel 10 GbE SR-IOV networking (some newer but pre-Nitro instances), or Amazon’s “ENA” network adapters (on Nitro instances), unless you plan on having instances which don’t communicate over the network. The ENA driver is probably the hardest thing to port, since as far as I know there’s no way to get your hands on the hardware directly, and it’s very difficult to do any debugging in EC2 without having a working network.\u003cbr\u003e\nFinally, the obvious: You need to have an AWS account, and appropriate API access keys.\u003cbr\u003e\nBuilding a disk image\u003c/p\u003e\n\u003cp\u003eBuilding an AMI\u003cbr\u003e\nI wrote a simple tool for converting disk images into EC2 instances: bsdec2-image-upload. It uploads a disk image to Amazon S3; makes an API call to import that disk image into an EBS volume; creates a snapshot of that volume; then registers an EC2 AMI using that snapshot.\u003cbr\u003e\nTo use bsdec2-image-upload, you’ll first need to create an S3 bucket for it to use as a staging area. You can call it anything you like, but I recommend that you\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCreate it in a “nearby” region (for performance reasons), and\u003cbr\u003e\nSet an S3 “lifecycle policy” which deletes objects automatically after 1 day (since bsdec2-image-upload doesn’t clean up the S3 bucket, and those objects are useless once you’ve finished creating an AMI).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBoot configuration\u003cbr\u003e\nOdds are that your instance started booting and got as far as the boot loader launching the kernel, but at some point after that things went sideways. Now we start the iterative process of building disk images, turning them into AMIs, launching said AMIs, and seeing where they break. Some things you’ll probably run into here:\u003cbr\u003e\nEC2 instances have two types of console available to them: A serial console and an VGA console. (Or rather, emulated serial and emulated VGA.) If you can have your kernel output go to both consoles, I recommend doing that. If you have to pick one, the serial console (which shows up as the “System Log” in EC2) is probably more useful than the VGA console (which shows up as “instance screenshot”) since it lets you see more than one screen of logs at once; but there’s a catch: Due to some bizarre breakage in EC2 — which I’ve been complaining about for ten years — the serial console is very “laggy”. If you find that you’re not getting any output, wait five minutes and try again.\u003cbr\u003e\nYou may need to tell your kernel where to find the root filesystem. On FreeBSD we build our disk images using GPT labels, so we simply need to specify in /etc/fstab that the root filesystem is on /dev/gpt/rootfs; but if you can’t do this, you’ll probably need to have different AMIs for Nitro instances vs. non-Nitro instances since Xen block devices will typically show up with different device names from NVMe disks. On FreeBSD, I also needed to set the vfs.root.mountfrom kernel environment variable for a while; this also is no longer needed on FreeBSD but something similar may be needed on other systems.\u003cbr\u003e\nYou’ll need to enable networking, using DHCP. On FreeBSD, this means placing ifconfig_DEFAULT=“SYNCDHCP” into /etc/rc.conf; other systems will have other ways of specifying network parameters, and it may be necessary to specify a setting for the Xen network device, Intel SR-IOV network, and the Amazon ENA interface so that you’ll have the necessary configuration across all EC2 instance types. (On FreeBSD, ifconfig_DEFAULT takes care of specifying the network settings which should apply for whatever network interface the kernel finds at boot time.)\u003cbr\u003e\nYou’ll almost certainly want to turn on SSH, so that you can connect into newly launched instances and make use of them. Don’t worry about setting a password or creating a user to SSH into yet — we’ll take care of that later.\u003cbr\u003e\nEC2 configuration\u003cbr\u003e\nNow it’s time to make the AMI behave like an EC2 instance. To this end, I prepared a set of rc.d scripts for FreeBSD. Most importantly, they\u003cbr\u003e\nPrint the SSH host keys to the console, so that you can veriy that they are correct when you first SSH in. (Remember, Verifying SSH host keys is more important than flossing every day.)\u003cbr\u003e\nDownload the SSH public key you want to use for logging in, and create an account (by default, “ec2-user”) with that key set up for you.\u003cbr\u003e\nFetch EC2 user-data and process it via configinit to allow you to configure the system as part of the process of launching it.\u003cbr\u003e\nIf your OS has an rc system derived from NetBSD’s rc.d, you may be able to use these scripts without any changes by simply installing them and enabling them in /etc/rc.conf; otherwise you may need to write your own scripts using mine as a model.\u003cbr\u003e\nFirstboot scripts\u003cbr\u003e\nA feature I added to FreeBSD a few years ago is the concept of “firstboot” scripts: These startup scripts are only run the first time a system boots. The aforementioned configinit and SSH key fetching scripts are flagged this way — so if your OS doesn’t support the “firstboot” keyword on rc.d scripts you’ll need to hack around that — but EC2 instances also ship with other scripts set to run on the first boot:\u003cbr\u003e\nFreeBSD Update will fetch and install security and critical errata updates, and then reboot the system if necessary.\u003cbr\u003e\nThe UFS filesystem on the “boot disk” will be automatically expanded to the full size of the disk — this makes it possible to specify a larger size of disk at EC2 instance launch time.\u003cbr\u003e\nThird-party packages will be automatically fetched and installed, according to a list in /etc/rc.conf. This is most useful if configinit is used to edit /etc/rc.conf, since it allows you to specify packages to install via the EC2 user-data.\u003cbr\u003e\nWhile none of these are strictly necessary, I find them to be extremely useful and highly recommend implementing similar functionality in your systems.\u003cbr\u003e\nSupport my work!\u003cbr\u003e\nI hope you find this useful, or at very least interesting. Please consider supporting my work in this area; while I’m happy to contribute my time to supporting open source software, it would be nice if I had money coming in which I could use to cover incidental expenses (e.g., conference travel) so that I didn’t end up paying to contribute to FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigital Ocean\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"https://do.co/bsdnow\"\u003ehttps://do.co/bsdnow\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://cacm.acm.org/magazines/2018/8/229771-traceability/fulltext\"\u003eTraceability, by Vint Cerf\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA recent article from the August issue of the Communications of the ACM, for your contemplation:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt a recent workshop on cybersecurity in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated. The bad behaviors range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills requiring a wide range of technical and legal considerations. That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses.\u003cbr\u003e\nIn other columns, I have argued for better software development tools to reduce the common mistakes that lead to vulnerabilities that are exploited. Here, I want to focus on another aspect of response related to law enforcement and tracking down perpetrators. Of course, not all harms are (or perhaps are not yet) illegal, but discovering those who cause them may still be warranted. The recent adoption and implementation of the General Data Protection Regulation (GDPR) in the European Union creates an interesting tension because it highlights the importance and value of privacy while those who do direct or indirect harm must be tracked down and their identities discovered.\u003cbr\u003e\nIn passing, I mention that cryptography has sometimes been blamed for protecting the identity or actions of criminals but it is also a tool for protecting privacy. Arguments have been made for “back doors” to cryptographic systems but I am of the opinion that such proposals carry extremely high risk to privacy and safety. It is not my intent to argue this question in this column.\u003cbr\u003e\nWhat is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: “Cerfsup”). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.\u003cbr\u003e\nIn the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.\u003cbr\u003e\nThis suggests to me that the notion of traceability under (internationally?) agreed circumstances (that is, differential traceability) might be a fruitful concept to explore. In most societies today, it is accepted that we must be identifiable to appropriate authorities under certain conditions (consider border crossings, traffic violation stops as examples). While there are conditions under which apparent anonymity is desirable and even justifiable (whistle-blowing, for example) absolute anonymity is actually quite difficult to achieve (another point made at the Ditchley workshop) and might not be absolutely desirable given the misbehaviors apparent anonymity invites. I expect this is a controversial conclusion and I look forward to subsequent discussion.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blackdot.be/2018/08/remote-access-console-using-raspberry-pi-3b-and-freebsd/\"\u003eRemote Access Console using FreeBSD on an RPi3\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend, and FOSDEM Booth Neighbour, Jorge, has posted a tutorial on how he created a remote access console for his SmartOS server and other machines in his homelab\u003c/li\u003e\n\u003cli\u003eParts:\u003c/li\u003e\n\u003cli\u003eRaspberry Pi 3 B+\u003c/li\u003e\n\u003cli\u003eNavoLabs micro POE Hat\u003c/li\u003e\n\u003cli\u003eFT4232H  based USB-to-RS232 (4x) adapter\u003c/li\u003e\n\u003cli\u003eOfficial Raspberry Pi case (optional)\u003c/li\u003e\n\u003cli\u003eHeat-sink kit (optional)\u003c/li\u003e\n\u003cli\u003eUSB-to-TTL adaptor (optional)\u003c/li\u003e\n\u003cli\u003eSandisk 16Gb microSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor the software I ended up using conserver. Below is a very brief tutorial on how to set everything up. I assume you have basic unix skills.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGet an RPi3 image, make some minor modifications for RPi3+, and write it to the USB stick\u003c/li\u003e\n\u003cli\u003eConfigure FreeBSD on the RPi3\n\u003cul\u003e\n\u003cli\u003eLoad the ‘muge’ Ethernet Driver\u003c/li\u003e\n\u003cli\u003eLoad USB serial support\u003c/li\u003e\n\u003cli\u003eLoad the FTDI driver\u003c/li\u003e\n\u003cli\u003eEnable SSHd and Conserver\u003c/li\u003e\n\u003cli\u003eConfigure Conserver\u003c/li\u003e\n\u003cli\u003eSetup log rotation\u003c/li\u003e\n\u003cli\u003eStart Conserver\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003eAnd you’re good to go\u003c/li\u003e\u003cbr\u003e\n\u003c/ul\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA small bonus script I wrote to turn on the 2nd LED on the rPI once the system is booted, it will then blink the LED if someone is connected to any of the consoles.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is also a followup post with some additional tips: \u003ca href=\"https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/\"\u003ehttps://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/ungleich/status/1031501391792156673\"\u003eAnnual Penguin Races\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.mcternan.me.uk/mscgen/\"\u003eMscgen - Message Sequence Chart generator\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D16723\"\u003eThis patch makes FreeBSD boot 500 - 800ms faster, please test on your hardware\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=338059\"\u003eFreeBSD’s arc4random() replaced with OpenBSD ChaCha20 implementation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/freebsdfndation/status/1031590348768915456\"\u003eMeetBSD Devsummit open for registrations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mwl.io/archives/3654\"\u003eNew Podcast interview with Michael W. Lucas\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003cbr\u003e\nWe need more feedback emails. Please write to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eAdditionally, we are considering a new segment to be added to the end of the show (to make it skippable), where we have a ~15 minute deep dive on a topic. Some initial ideas are on the Virtual Memory subsystem, the Scheduler, Capsicum, and GEOM. What topics would you like to get very detailed explanations of? Many of the explanations may have accompanying graphics, and not be very suitable for audio only listeners, that is why we are planning to put it at the very end of the episode.\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Trip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more.","date_published":"2018-08-23T05:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a3504e6e-2e15-4430-8917-d6a8782b461e.mp3","mime_type":"audio/mp3","size_in_bytes":48332197,"duration_in_seconds":4814}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2433","title":"Episode 259: Long Live Unix | BSD Now 259","url":"https://www.bsdnow.tv/259","content_text":"The strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.\n\nPicking the contest winner\n\n\nVincent\nBostjan\nAndrew\nKlaus-Hendrik\nWill\nToby\nJohnny\nDavid\nmanfrom\nNiclas\nGary\nEddy\nBruce\nLizz\nJim\n\n\nRandom number generator\n\n##Headlines\n###The Strange Birth and Long Life of Unix\n\n\nThey say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it’s actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written.\nA door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone \u0026amp; Telegraph Co., withdrew from a collaborative project with the Massachusetts Institute of Technology and General Electric to create an interactive time-sharing system called Multics, which stood for “Multiplexed Information and Computing Service.” Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e-mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.\nOver five years, AT\u0026amp;T invested millions in the Multics project, purchasing a GE-645 mainframe computer and dedicating to the effort many of the top researchers at the company’s renowned Bell Telephone Laboratories—­including Thompson and Ritchie, Joseph F. Ossanna, Stuart Feldman, M. Douglas McIlroy, and the late Robert Morris. But the new system was too ambitious, and it fell troublingly behind schedule. In the end, AT\u0026amp;T’s corporate leaders decided to pull the plug.\nAfter AT\u0026amp;T’s departure from the Multics project, managers at Bell Labs, in Murray Hill, N.J., became reluctant to allow any further work on computer operating systems, leaving some researchers there very frustrated. Although Multics hadn’t met many of its objectives, it had, as Ritchie later recalled, provided them with a “convenient interactive computing service, a good environment in which to do programming, [and] a system around which a fellowship could form.” Suddenly, it was gone.\nWith heavy hearts, the researchers returned to using their old batch system. At such an inauspicious moment, with management dead set against the idea, it surely would have seemed foolhardy to continue designing computer operating systems. But that’s exactly what Thompson, Ritchie, and many of their Bell Labs colleagues did. Now, some 40 years later, we should be thankful that these programmers ignored their bosses and continued their labor of love, which gave the world Unix, one of the greatest computer operating systems of all time.\nThe rogue project began in earnest when Thompson, Ritchie, and a third Bell Labs colleague, Rudd Canaday, began to sketch out on paper the design for a file system. Thompson then wrote the basics of a new operating system for the lab’s GE-645 mainframe. But with the Multics project ended, so too was the need for the GE-645. Thompson realized that any further programming he did on it was likely to go nowhere, so he dropped the effort.\nThompson had passed some of his time after the demise of Multics writing a computer game called Space Travel, which simulated all the major bodies in the solar system along with a spaceship that could fly around them. Written for the GE-645, Space Travel was clunky to play—and expensive: roughly US $75 a game for the CPU time. Hunting around, Thompson came across a dusty PDP-7, a minicomputer built by Digital Equipment Corp. that some of his Bell Labs colleagues had purchased earlier for a circuit-analysis project. Thompson rewrote Space Travel to run on it.\nAnd with that little programming exercise, a second door cracked ajar. It was to swing wide open during the summer of 1969 when Thompson’s wife, Bonnie, spent a month visiting his parents to show off their newborn son. Thompson took advantage of his temporary bachelor existence to write a good chunk of what would become the Unix operating system for the discarded PDP‑7. The name Unix stems from a joke one of Thompson’s colleagues made: Because the new operating system supported only one user (Thompson), he saw it as an emasculated version of Multics and dubbed it “Un-multiplexed Information and Computing Service,” or Unics. The name later morphed into Unix.\nInitially, Thompson used the GE-645 to compose and compile the software, which he then downloaded to the PDP‑7. But he soon weaned himself from the mainframe, and by the end of 1969 he was able to write operating-system code on the PDP-7 itself. That was a step in the right direction. But Thompson and the others helping him knew that the PDP‑7, which was already obsolete, would not be able to sustain their skunkworks for long. They also knew that the lab’s management wasn’t about to allow any more research on operating systems.\nSo Thompson and Ritchie got crea­tive. They formulated a proposal to their bosses to buy one of DEC’s newer minicomputers, a PDP-11, but couched the request in especially palatable terms. They said they were aiming to create tools for editing and formatting text, what you might call a word-processing system today. The fact that they would also have to write an operating system for the new machine to support the editor and text formatter was almost a footnote.\nManagement took the bait, and an order for a PDP-11 was placed in May 1970. The machine itself arrived soon after, although the disk drives for it took more than six months to appear. During the interim, Thompson, Ritchie, and others continued to develop Unix on the PDP-7. After the PDP-11’s disks were installed, the researchers moved their increasingly complex operating system over to the new machine. Next they brought over the roff text formatter written by Ossanna and derived from the runoff program, which had been used in an earlier time-sharing system.\nUnix was put to its first real-world test within Bell Labs when three typists from AT\u0026amp;T’s patents department began using it to write, edit, and format patent applications. It was a hit. The patent department adopted the system wholeheartedly, which gave the researchers enough credibility to convince management to purchase another machine—a newer and more powerful PDP-11 model—allowing their stealth work on Unix to continue.\nDuring its earliest days, Unix evolved constantly, so the idea of issuing named versions or releases seemed inappropriate. But the researchers did issue new editions of the programmer’s manual periodically, and the early Unix systems were named after each such edition. The first edition of the manual was completed in November 1971.\nSo what did the first edition of Unix offer that made it so great? For one thing, the system provided a hierarchical file system, which allowed something we all now take for granted: Files could be placed in directories—or equivalently, folders—that in turn could be put within other directories. Each file could contain no more than 64 kilobytes, and its name could be no more than six characters long. These restrictions seem awkwardly limiting now, but at the time they appeared perfectly adequate.\nAlthough Unix was ostensibly created for word processing, the only editor available in 1971 was the line-oriented ed. Today, ed is still the only editor guaranteed to be present on all Unix systems. Apart from the text-processing and general system applications, the first edition of Unix included games such as blackjack, chess, and tic-tac-toe. For the system administrator, there were tools to dump and restore disk images to magnetic tape, to read and write paper tapes, and to create, check, mount, and unmount removable disk packs.\nMost important, the system offered an interactive environment that by this time allowed time-sharing, so several people could use a single machine at once. Various programming languages were available to them, including BASIC, Fortran, the scripting of Unix commands, assembly language, and B. The last of these, a descendant of a BCPL (Basic Combined Programming Language), ultimately evolved into the immensely popular C language, which Ritchie created while also working on Unix.\nThe first edition of Unix let programmers call 34 different low-level routines built into the operating system. It’s a testament to the system’s enduring nature that nearly all of these system calls are still available—and still heavily used—on modern Unix and Linux systems four decades on. For its time, first-­edition Unix provided a remarkably powerful environment for software development. Yet it contained just 4200 lines of code at its heart and occupied a measly 16 KB of main memory when it ran.\nUnix’s great influence can be traced in part to its elegant design, simplicity, portability, and serendipitous timing. But perhaps even more important was the devoted user community that soon grew up around it. And that came about only by an accident of its unique history.\nThe story goes like this: For years Unix remained nothing more than a Bell Labs research project, but by 1973 its authors felt the system was mature enough for them to present a paper on its design and implementation at a symposium of the Association for Computing Machinery. That paper was published in 1974 in the Communications of the ACM. Its appearance brought a flurry of requests for copies of the software.\nThis put AT\u0026amp;T in a bind. In 1956, AT\u0026amp;T had agreed to a U.S government consent decree that prevented the company from selling products not directly related to telephones and telecommunications, in return for its legal monopoly status in running the country’s long-distance phone service. So Unix could not be sold as a product. Instead, AT\u0026amp;T released the Unix source code under license to anyone who asked, charging only a nominal fee. The critical wrinkle here was that the consent decree prevented AT\u0026amp;T from supporting Unix. Indeed, for many years Bell Labs researchers proudly displayed their Unix policy at conferences with a slide that read, “No advertising, no support, no bug fixes, payment in advance.”\nWith no other channels of support available to them, early Unix adopters banded together for mutual assistance, forming a loose network of user groups all over the world. They had the source code, which helped. And they didn’t view Unix as a standard software product, because nobody seemed to be looking after it. So these early Unix users themselves set about fixing bugs, writing new tools, and generally improving the system as they saw fit.\nThe Usenix user group acted as a clearinghouse for the exchange of Unix software in the United States. People could send in magnetic tapes with new software or fixes to the system and get back tapes with the software and fixes that Usenix had received from others. In Australia, the University of New South Wales and the University of Sydney produced a more robust version of Unix, the Australian Unix Share Accounting Method, which could cope with larger numbers of concurrent users and offered better performance.\nBy the mid-1970s, the environment of sharing that had sprung up around Unix resembled the open-source movement so prevalent today. Users far and wide were enthusiastically enhancing the system, and many of their improvements were being fed back to Bell Labs for incorporation in future releases. But as Unix became more popular, AT\u0026amp;T’s lawyers began looking harder at what various licensees were doing with their systems.\nOne person who caught their eye was John Lions, a computer scientist then teaching at the University of New South Wales, in Australia. In 1977, he published what was probably the most famous computing book of the time, A Commentary on the Unix Operating System, which contained an annotated listing of the central source code for Unix.\nUnix’s licensing conditions allowed for the exchange of source code, and initially, Lions’s book was sold to licensees. But by 1979, AT\u0026amp;T’s lawyers had clamped down on the book’s distribution and use in academic classes. The anti­authoritarian Unix community reacted as you might expect, and samizdat copies of the book spread like wildfire. Many of us have nearly unreadable nth-­generation photocopies of the original book.\nEnd runs around AT\u0026amp;T’s lawyers indeed became the norm—even at Bell Labs. For example, between the release of the sixth edition of Unix in 1975 and the seventh edition in 1979, Thompson collected dozens of important bug fixes to the system, coming both from within and outside of Bell Labs. He wanted these to filter out to the existing Unix user base, but the company’s lawyers felt that this would constitute a form of support and balked at their release. Nevertheless, those bug fixes soon became widely distributed through unofficial channels. For instance, Lou Katz, the founding president of Usenix, received a phone call one day telling him that if he went down to a certain spot on Mountain Avenue (where Bell Labs was located) at 2 p.m., he would find something of interest. Sure enough, Katz found a magnetic tape with the bug fixes, which were rapidly in the hands of countless users.\nBy the end of the 1970s, Unix, which had started a decade earlier as a reaction against the loss of a comfortable programming environment, was growing like a weed throughout academia and the IT industry. Unix would flower in the early 1980s before reaching the height of its popularity in the early 1990s.\nFor many reasons, Unix has since given way to other commercial and noncommercial systems. But its legacy, that of an elegant, well-designed, comfortable environment for software development, lives on. In recognition of their accomplishment, Thompson and Ritchie were given the Japan Prize earlier this year, adding to a collection of honors that includes the United States’ National Medal of Technology and Innovation and the Association of Computing Machinery’s Turing Award. Many other, often very personal, tributes to Ritchie and his enormous influence on computing were widely shared after his death this past October.\nUnix is indeed one of the most influential operating systems ever invented. Its direct descendants now number in the hundreds. On one side of the family tree are various versions of Unix proper, which began to be commercialized in the 1980s after the Bell System monopoly was broken up, freeing AT\u0026amp;T from the stipulations of the 1956 consent decree. On the other side are various Unix-like operating systems derived from the version of Unix developed at the University of California, Berkeley, including the one Apple uses today on its computers, OS X. I say “Unix-like” because the developers of the Berkeley Software Distribution (BSD) Unix on which these systems were based worked hard to remove all the original AT\u0026amp;T code so that their software and its descendants would be freely distributable.\nThe effectiveness of those efforts were, however, called into question when the AT\u0026amp;T subsidiary Unix System Laboratories filed suit against Berkeley Software Design and the Regents of the University of California in 1992 over intellectual property rights to this software. The university in turn filed a counterclaim against AT\u0026amp;T for breaches to the license it provided AT\u0026amp;T for the use of code developed at Berkeley. The ensuing legal quagmire slowed the development of free Unix-like clones, including 386BSD, which was designed for the Intel 386 chip, the CPU then found in many IBM PCs.\nHad this operating system been available at the time, Linus Torvalds says he probably wouldn’t have created Linux, an open-source Unix-like operating system he developed from scratch for PCs in the early 1990s. Linux has carried the Unix baton forward into the 21st century, powering a wide range of digital gadgets including wireless routers, televisions, desktop PCs, and Android smartphones. It even runs some supercomputers.\nAlthough AT\u0026amp;T quickly settled its legal disputes with Berkeley Software Design and the University of California, legal wrangling over intellectual property claims to various parts of Unix and Linux have continued over the years, often involving byzantine corporate relations. By 2004, no fewer than five major lawsuits had been filed. Just this past August, a software company called the TSG Group (formerly known as the SCO Group), lost a bid in court to claim ownership of Unix copyrights that Novell had acquired when it purchased the Unix System Laboratories from AT\u0026amp;T in 1993.\nAs a programmer and Unix historian, I can’t help but find all this legal sparring a bit sad. From the very start, the authors and users of Unix worked as best they could to build and share, even if that meant defying authority. That outpouring of selflessness stands in sharp contrast to the greed that has driven subsequent legal battles over the ownership of Unix.\nThe world of computer hardware and software moves forward startlingly fast. For IT professionals, the rapid pace of change is typically a wonderful thing. But it makes us susceptible to the loss of our own history, including important lessons from the past. To address this issue in a small way, in 1995 I started a mailing list of old-time Unix ­aficionados. That effort morphed into the Unix Heritage Society. Our goal is not only to save the history of Unix but also to collect and curate these old systems and, where possible, bring them back to life. With help from many talented members of this society, I was able to restore much of the old Unix software to working order, including Ritchie’s first C compiler from 1972 and the first Unix system to be written in C, dating from 1973.\nOne holy grail that eluded us for a long time was the first edition of Unix in any form, electronic or otherwise. Then, in 2006, Al Kossow from the Computer History Museum, in Mountain View, Calif., unearthed a printed study of Unix dated 1972, which not only covered the internal workings of Unix but also included a complete assembly listing of the kernel, the main component of this operating system. This was an amazing find—like discovering an old Ford Model T collecting dust in a corner of a barn. But we didn’t just want to admire the chrome work from afar. We wanted to see the thing run again.\nIn 2008, Tim Newsham, an independent programmer in Hawaii, and I assembled a team of like-minded Unix enthusiasts and set out to bring this ancient system back from the dead. The work was technically arduous and often frustrating, but in the end, we had a copy of the first edition of Unix running on an emulated PDP-11/20. We sent out messages announcing our success to all those we thought would be interested. Thompson, always succinct, simply replied, “Amazing.” Indeed, his brainchild was amazing, and I’ve been happy to do what I can to make it, and the story behind it, better known.\n\n\n\n\nDigital Ocean\nhttp://do.co/bsdnow\n\n###FreeBSD jails with a single public IP address\n\n\nJails in FreeBSD provide a simple yet flexible way to set up a proper server layout. In the most setups the actual server only acts as the host system for the jails while the applications themselves run within those independent containers. Traditionally every jail has it’s own IP for the user to be able to address the individual services. But if you’re still using IPv4 this might get you in trouble as the most hosters don’t offer more than one single public IP address per server.\n\n\n\nCreate the internal network\n\n\n\nIn this case NAT (“Network Address Translation”) is a good way to expose services in different jails using the same IP address.\nFirst, let’s create an internal network (“NAT network”) at 192.168.0.0/24. You could generally use any private IPv4 address space as specified in RFC 1918. Here’s an overview: https://en.wikipedia.org/wiki/Private_network. Using pf, FreeBSD’s firewall, we will map requests on different ports of the same public IP address to our individual jails as well as provide network access to the jails themselves.\nFirst let’s check which network devices are available. In my case there’s em0 which provides connectivity to the internet and lo0, the local loopback device.\n\n\n  options=209b\u0026lt;RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC\u0026gt;\n  [...]\n  inet 172.31.1.100 netmask 0xffffff00 broadcast 172.31.1.255\n  nd6 options=23\u0026lt;PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL\u0026gt;\n  media: Ethernet autoselect (1000baseT \u0026lt;full-duplex\u0026gt;)\n  status: active\n\nlo0: flags=8049\u0026lt;UP,LOOPBACK,RUNNING,MULTICAST\u0026gt; metric 0 mtu 16384\n  options=600003\u0026lt;RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6\u0026gt;\n  inet6 ::1 prefixlen 128\n  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2\n  inet 127.0.0.1 netmask 0xff000000\n  nd6 options=21\u0026lt;PERFORMNUD,AUTO_LINKLOCAL\u0026gt;```\n\n\u0026gt; For our internal network, we create a cloned loopback device called lo1. Therefore we need to customize the /etc/rc.conf file, adding the following two lines:\n\n```cloned_interfaces=\"lo1\"\nipv4_addrs_lo1=\"192.168.0.1-9/29\"```\n\n\u0026gt; This defines a /29 network, offering IP addresses for a maximum of 6 jails:\n\n```ipcalc 192.168.0.1/29\nAddress:   192.168.0.1          11000000.10101000.00000000.00000 001\nNetmask:   255.255.255.248 = 29 11111111.11111111.11111111.11111 000\nWildcard:  0.0.0.7              00000000.00000000.00000000.00000 111\n=\u0026gt;\nNetwork:   192.168.0.0/29       11000000.10101000.00000000.00000 000\nHostMin:   192.168.0.1          11000000.10101000.00000000.00000 001\nHostMax:   192.168.0.6          11000000.10101000.00000000.00000 110\nBroadcast: 192.168.0.7          11000000.10101000.00000000.00000 111\nHosts/Net: 6                     Class C, Private Internet```\n\n\u0026gt; Then we need to restart the network. Please be aware of currently active SSH sessions as they might be dropped during restart. It’s a good moment to ensure you have KVM access to that server ;-)\n\n```service netif restart```\n\n\u0026gt; After reconnecting, our newly created loopback device is active:\n\n```lo1: flags=8049\u0026lt;UP,LOOPBACK,RUNNING,MULTICAST\u0026gt; metric 0 mtu 16384\n  options=600003\u0026lt;RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6\u0026gt;\n  inet 192.168.0.1 netmask 0xfffffff8\n  inet 192.168.0.2 netmask 0xffffffff\n  inet 192.168.0.3 netmask 0xffffffff\n  inet 192.168.0.4 netmask 0xffffffff\n  inet 192.168.0.5 netmask 0xffffffff\n  inet 192.168.0.6 netmask 0xffffffff\n  inet 192.168.0.7 netmask 0xffffffff\n  inet 192.168.0.8 netmask 0xffffffff\n  inet 192.168.0.9 netmask 0xffffffff\n  nd6 options=29\u0026lt;PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL\u0026gt;```\n\n+ Setting up\n\n\u0026gt; pf part of the FreeBSD base system, so we only have to configure and enable it. By this moment you should already have a clue of which services you want to expose. If this is not the case, just fix that file later on. In my example configuration, I have a jail running a webserver and another jail running a mailserver:\n\n +  Public IP address\n```IP_PUB=\"1.2.3.4\"```\n\n +  Packet normalization\n```scrub in all```\n\n +  Allow outbound connections from within the jails\n```nat on em0 from lo1:network to any -\u0026gt; (em0)```\n\n +  webserver jail at 192.168.0.2\n```rdr on em0 proto tcp from any to $IP_PUB port 443 -\u0026gt; 192.168.0.2```\n\n + just an example in case you want to redirect to another port within your jail\n```rdr on em0 proto tcp from any to $IP_PUB port 80 -\u0026gt; 192.168.0.2 port 8080```\n\n + mailserver jail at 192.168.0.3\n```rdr on em0 proto tcp from any to $IP_PUB port 25 -\u0026gt; 192.168.0.3```\n```rdr on em0 proto tcp from any to $IP_PUB port 587 -\u0026gt; 192.168.0.3```\n```rdr on em0 proto tcp from any to $IP_PUB port 143 -\u0026gt; 192.168.0.3```\n```rdr on em0 proto tcp from any to $IP_PUB port 993 -\u0026gt; 192.168.0.3```\n\n\u0026gt; Now just enable pf like this (which is the equivalent of adding pf_enable=YES to /etc/rc.conf):\n\n```sysrc pf_enable=\"YES\"```\n\n\u0026gt; and start it:\n\n```service pf start```\n\n+ Install ezjail\n\n\u0026gt; Ezjail is a collection of scripts by erdgeist that allow you to easily manage your jails.\n\n```pkg install ezjail```\n\n\u0026gt; As an alternative, you could install ezjail from the ports tree. Now we need to set up the basejail which contains the shared base system for our jails. In fact, every jail that you create get’s will use that basejail to symlink directories related to the base system like /bin and /sbin. This can be accomplished by running\n\n```ezjail-admin install```\n\n\u0026gt; In the next step, we’ll copy the /etc/resolv.conf file from our host to the newjail, which is the template for newly created jails (the parts that are not provided by basejail), to ensure that domain resolution will work properly within our jails later on:\n\n```cp /etc/resolv.conf /usr/jails/newjail/etc/```\n\n\u0026gt; Last but not least, we enable ezjail and start it:\n\n```sysrc ezjail_enable=\"YES\"```\n```service ezjail start```\n\n+ Create a jail\n\n\u0026gt; Creating a jail is as easy as it could probably be:\n\n```ezjail-admin create webserver 192.168.0.2```\n```ezjail-admin start webserver```\n\n\u0026gt; Now you can access your jail using:\n\n```ezjail-admin console webserver```\n\n\u0026gt; Each jail contains a vanilla FreeBSD installation.\n\n+ Deploy services\n\n\u0026gt; Now you can spin up as many jails as you want to set up your services like web, mail or file shares. You should take care not to enable sshd within your jails, because that would cause problems with the service’s IP bindings. But this is not a problem, just SSH to the host and enter your jail using ezjail-admin console.\n***\n\n###[EuroBSDcon 2018 Talks \u0026amp; Schedule](https://2018.eurobsdcon.org/talks-schedule/)\n***\n\n\n\n\n##News Roundup\n###[OpenBSD on an iBook G4](https://bobstechsite.com/openbsd-on-an-ibook-g4/)\n\u0026gt; I've mentioned on social media and on the BTS podcast a few times that I wanted to try installing OpenBSD onto an old \"snow white\" iBook G4 I acquired last summer to see if I could make it a useful machine again in the year 2018.  This particular eBay purchase came with a 14\" 1024x768 TFT screen, 1.07GHz PowerPC G4 processor, 1.5GB RAM, 100GB of HDD space and an ATI Radeon 9200 graphics card with 32 MB of SDRAM. The optical drive, ethernet port, battery \u0026amp; USB slots are also fully-functional. The only thing that doesn't work is the CMOS battery, but that's not unexpected for a device that was originally released in 2004.\n\n+ Initial experiments\n\n\u0026gt; This iBook originally arrived at my door running Apple Mac OSX Leopard and came with the original install disk, the iLife \u0026amp; iWork suites for 2008, various instruction manuals, a working power cable and a spare keyboard. As you'll see in the pictures I took for this post the characters on the buttons have started to wear away from 14 years of intensive use, but the replacement needs a very good clean before I decide to swap it in!\n\n\u0026gt; After spending some time exploring the last version of OSX to support the IBM PowerPC processor architecture I tried to see if the hardware was capable of modern computing with Linux. Something I knew ahead of trying this was that the WiFi adapter was unlikely to work because it's a highly proprietary component designed by Apple to work specifically with OSX and nothing else, but I figured I could probably use a wireless USB dongle later to get around this limitation.\n\n\u0026gt; Unfortunately I found that no recent versions of mainstream Linux distributions would boot off this machine. Debian has dropped support 32-bit PowerPC architectures and the PowerPC variants of Ubuntu 16.04 LTS (vanilla, MATE and Lubuntu) wouldn't even boot the installer! The only distribution I could reliably install on the hardware was Lubuntu 14.04 LTS.\n\n\u0026gt; Unfortunately I'm not the biggest fan of the LXDE desktop for regular work and a lot of ported applications were old and broken because it clearly wasn't being maintained by people that use the hardware anymore. Ubuntu 14.04 is also approaching the end of its support life in early 2019, so this limited solution also has a limited shelf-life.\n\n+ Over to BSD\n\n\u0026gt; I discussed this problem with a few people on Mastodon and it was pointed out to me that OSX is built on the Darwin kernel, which happens to be a variant of BSD. NetBSD and OpenBSD fans in particular convinced me that their communities still saw the value of supporting these old pieces of kit and that I should give BSD a try.\n\n\u0026gt; So yesterday evening I finally downloaded the \"macppc\" version of OpenBSD 6.3 with no idea what to expect. I hoped for the best but feared the worst because my last experience with this operating system was trying out PC-BSD in 2008 and discovering with disappointment that it didn't support any of the hardware on my Toshiba laptop.\n\n\u0026gt; When I initially booted OpenBSD I was a little surprised to find the login screen provided no visual feedback when I typed in my password, but I can understand the security reasons for doing that. The initial desktop environment that was loaded was very basic. All I could see was a console output window, a terminal and a desktop switcher in the X11 environment the system had loaded.\n\n\u0026gt; After a little Googling I found this blog post had some fantastic instructions to follow for the post-installation steps: https://sohcahtoa.org.uk/openbsd.html. I did have to adjust them slightly though because my iBook only has 1.5GB RAM and not every package that page suggests is available on macppc by default. You can see a full list here: https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/powerpc/.\n\n+ Final thoughts\n\n\u0026gt; I was really impressed with the performance of OpenBSD's \"macppc\" port. It boots much faster than OSX Leopard on the same hardware and unlike Lubuntu 14.04 it doesn't randomly hang for no reason or crash if you launch something demanding like the GIMP.\n\n\u0026gt; I was pleased to see that the command line tools I'm used to using on Linux have been ported across too. OpenBSD also had no issues with me performing basic desktop tasks on XFCE like browsing the web with NetSurf, playing audio files with VLC and editing images with the GIMP. Limited gaming is also theoretically possible if you're willing to build them (or an emulator) from source with SDL support.\n\n\u0026gt; If I wanted to use this system for heavy duty work then I'd probably be inclined to run key applications like LibreOffice on a Raspberry Pi and then connect my iBook G4 to those using VNC or an SSH connection with X11 forwarding. BSD is UNIX after all, so using my ancient laptop as a dumb terminal should work reasonably well.\n\n\u0026gt; In summary I was impressed with OpenBSD and its ability to breathe new life into this old Apple Mac. I'm genuinely excited about the idea of trying BSD with other devices on my network such as an old Asus Eee PC 900 netbook and at least one of the many Raspberry Pi devices I use. Whether I go the whole hog and replace Fedora on my main production laptop though remains to be seen!\n\n***\n\n###[The template user with PAM and login(1)](http://oshogbo.vexillium.org/blog/48)\n\u0026gt; When you build a new service (or an appliance) you need your users to be able to configure it from the command line. To accomplish this you can create system accounts for all registered users in your service and assign them a special login shell which provides such limited functionality. This can be painful if you have a dynamic user database.\n\u0026gt; Another challenge is authentication via remote services such as RADIUS. How can we implement  services when we authenticate through it and log into it as a different user? Furthermore, imagine a scenario when RADIUS decides on which account we have the right to access by sending an additional attribute.\n\u0026gt; To address these two problems we can use a \"template\" user. Any of the PAM modules can set the value of the PAM_USER item. The value of this item will be used to determine which account we want to login. Only the \"template\" user must exist on the local password database, but the credential check can be omitted by the module.\n\u0026gt; This functionality exists in the login(1) used by FreeBSD, HardenedBSD, DragonFlyBSD and illumos. The functionality doesn't exist in the login(1) used in NetBSD, and OpenBSD doesn't support PAM modules at all. In addition what  is also noteworthy is that such functionality was also in the OpenSSH but they decided to remove it and call it a security vulnerability (CVE 2015-6563). I can see how some people may have seen it that way, that’s why I recommend reading this article from an OpenPAM author and a FreeBSD security officer at the time.\n\u0026gt; Knowing the background let's take a look at an example.\n\n```PAM_EXTERN int\npam_sm_authenticate(pam_handle_t *pamh, int flags __unused,\n    int argc __unused, const char *argv[] __unused)\n{\n        const char *user, *password;\n        int err;\n\n        err = pam_get_user(pamh, \u0026amp;user, NULL);\n        if (err != PAM_SUCCESS)\n                return (err);\n\n        err = pam_get_authtok(pamh, PAM_AUTHTOK, \u0026amp;password, NULL);\n        if (err == PAM_CONV_ERR)\n                return (err);\n        if (err != PAM_SUCCESS)\n                return (PAM_AUTH_ERR);\n\n        err = authenticate(user, password);\n        if (err != PAM_SUCCESS) {\n                return (err);\n        }\n\n        return (pam_set_item(pamh, PAM_USER, \"template\"));\n}\n\n\n\nIn the listing above we have an example of a PAM module. The pam_get_user(3) provides a username. The pam_get_authtok(3) shows us a secret given by the user. Both functions allow us to give an optional prompt which should be shown to the user. The authenticate function is our crafted function which authenticates the user. In our first scenario we wanted to keep all users in an external database. If authentication is successful we then switch to a template user which has  a shell set up for a script allowing us to configure the machine. In our second scenario the authenticate function authenticates the user in RADIUS.\n\n\n\nAnother step is to add our PAM module to the /etc/pam.d/system or to the /etc/pam.d/login configuration:\n\n\nauth sufficient pam_template.so no_warn allow_local\n\n\nUnfortunately the description of all these options goes beyond this article - if you would like to know more about it you can find them in the PAM manual. The last thing we need to do is to add our template user to the system which  you can do by the adduser(8) command or just simply modifying the /etc/master.passwd file and use pwd_mkdb(8) program:\n\n\n$ tail -n /etc/master.passwd\ntemplate:*:1000:1000::0:0:User \u0026amp;:/:/usr/local/bin/templatesh\n$ sudo pwd_mkdb /etc/master.passwd\n\n\nAs you can see,the template user can be locked and we still can use it in our PAM module (the * character after login).\nI would like to thank Dag-Erling Smørgrav for pointing this functionality out to me when I was looking for it some time ago.\n\n\n\n\niXsystems\niXsystems @ VMWorld\n\n###ZFS file server\n\n\nWhat is the need?\n\n\n\nAt work, we run a compute cluster that uses an Isilon cluster as primary NAS storage. Excluding snapshots, we have about 200TB of research data, some of them in compressed formats, and others not. We needed an offsite backup file server that would constantly mirror our primary NAS and serve as a quick recovery source in case of a data loss in the the primary NAS. This offsite file server would be passive - will never face the wrath of the primary cluster workload.\nIn addition to the role of a passive backup server, this solution would take on some passive report generation workloads as an ideal way of offloading some work from the primary NAS. The passive work is read-only.\nThe backup server would keep snapshots in a best effort basis dating back to 10 years. However, this data on this backup server would be archived to tapes periodically.\n\n\n\n\nA simple guidance of priorities:\n\n\nData integrity \u0026gt; Cost of solution \u0026gt; Storage capacity \u0026gt; Performance.\n\n\nWhy not enterprise NAS? NetApp FAS or EMC Isilon or the like?\n\n\n\n\nWe decided that enterprise grade NAS like NetAPP FAS or EMC Isilon are prohibitively expensive and an overkill for our needs.\nAn open source \u0026amp; cheaper alternative to enterprise grade filesystem with the level of durability we expect turned up to be ZFS. We’re already spoilt from using snapshots by a clever Copy-on-Write Filesystem(WAFL) by NetApp. ZFS providing snapshots in almost identical way was a big influence in the choice. This is also why we did not consider just a CentOS box with the default XFS filesystem.\n\n\n\nFreeBSD vs Debian for ZFS\n\n\n\nThis is a backup server, a long-term solution. Stability and reliability are key requirements. ZFS on Linux may be popular at this time, but there is a lot of churn around its development, which means there is a higher probability of bugs like this to occur. We’re not looking for cutting edge features here. Perhaps, Linux would be considered in the future.\n\n\n\nFreeBSD + ZFS\n\n\n\nWe already utilize FreeBSD and OpenBSD for infrastructure services and we have nothing but praises for the stability that the BSDs have provided us. We’d gladly use FreeBSD and OpenBSD wherever possible.\n\n\n\nOkay, ZFS, but why not FreeNAS?\n\n\n\nIMHO, FreeNAS provides a integrated GUI management tool over FreeBSD for a novice user to setup and configure FreeBSD, ZFS, Jails and many other features. But, this user facing abstraction adds an extra layer of complexity to maintain that is just not worth it in simpler use cases like ours. For someone that appreciates the commandline interface, and understands FreeBSD enough to administer it, plain FreeBSD + ZFS is simpler and more robust than FreeNAS.\n\n\n\nSpecifications\nLenovo SR630 Rackserver\n2 X Intel Xeon silver 4110 CPUs\n768 GB of DDR4 ECC 2666 MHz RAM\n4 port SAS card configured in passthrough mode(JBOD)\nIntel network card with 10 Gb SFP+ ports\n128GB M.2 SSD for use as boot drive\n2 X HGST 4U60 JBOD\n120(2 X 60) X 10TB SAS disks\n\n\n\n\n###Reflection on one-year usage of OpenBSD\n\n\nI have used OpenBSD for more than one year, and it is time to give a summary of the experience:\n\n\n\n(1) What do I get from OpenBSD?\n\n\n\na) A good UNIX tutorial. When I am curious about some UNIXcommands’ implementation, I will refer to OpenBSD source code, and I actually gain something every time. E.g., refresh socket programming skills from nc; know how to process file efficiently from cat.\n\n\n\nb) A better test bed. Although my work focus on developing programs on Linux, I will try to compile and run applications on OpenBSD if it is possible. One reason is OpenBSD usually gives more helpful warnings. E.g., hint like this:\n\n\n......\nwarning: sprintf() is often misused, please use snprintf()\n......\n\n\nOr you can refer this post which I wrote before. The other is sometimes program run well on Linux may crash on OpenBSD, and OpenBSD can help you find hidden bugs.\n\n\n\nc) Some handy tools. E.g. I find tcpbench is useful, so I ported it into Linux for my own usage (project is here).\n\n\n\n(2) What I give back to OpenBSD?\n\n\n\na) Patches. Although most of them are trivial modifications, they are still my contributions.\n\n\n\nb) Write blog posts to share experience about using OpenBSD.\n\n\n\nc) Develop programs for OpenBSD/*BSD: lscpu and free.\n\n\n\nd) Porting programs into OpenBSD: E.g., I find google/benchmark is a nifty tool, but lacks OpenBSD support, I submitted PR and it is accepted. So you can use google/benchmark on OpenBSD now.\n\n\n\nGenerally speaking, the time invested on OpenBSD is rewarding. If you are still hesitating, why not give a shot?\n\n\n\n\n##Beastie Bits\n\n\nBSD Users Stockholm Meetup\nBSDCan 2018 Playlist\nOPNsense 18.7 released\nTesting TrueOS (FreeBSD derivative) on real hardware ThinkPad T410\nKernel Hacker Wanted!\nReplace a pair of 8-bit writes to VGA memory with a single 16-bit write\nReduce taskq and context-switch cost of zio pipe\nProposed FreeBSD Memory Management change, expected to improve ZFS ARC interactions\n\n\n\n\nTarsnap\n\n##Feedback/Questions\n\n\nAnian_Z - Question\nRobert - Pool question\nLain - Congratulations\nThomas - L2arc\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThe strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.\u003c/p\u003e\n\n\u003ch3\u003e\u003ca id=\"Picking_the_contest_winner_0\"\u003e\u003c/a\u003ePicking the contest winner\u003c/h3\u003e\n\n\u003col\u003e\n\u003cli\u003eVincent\u003c/li\u003e\n\u003cli\u003eBostjan\u003c/li\u003e\n\u003cli\u003eAndrew\u003c/li\u003e\n\u003cli\u003eKlaus-Hendrik\u003c/li\u003e\n\u003cli\u003eWill\u003c/li\u003e\n\u003cli\u003eToby\u003c/li\u003e\n\u003cli\u003eJohnny\u003c/li\u003e\n\u003cli\u003eDavid\u003c/li\u003e\n\u003cli\u003emanfrom\u003c/li\u003e\n\u003cli\u003eNiclas\u003c/li\u003e\n\u003cli\u003eGary\u003c/li\u003e\n\u003cli\u003eEddy\u003c/li\u003e\n\u003cli\u003eBruce\u003c/li\u003e\n\u003cli\u003eLizz\u003c/li\u003e\n\u003cli\u003eJim\u003c/li\u003e\n\u003c/ol\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.random.org/integers/?num=1\u0026amp;min=0\u0026amp;max=15\u0026amp;col=1\u0026amp;base=10\u0026amp;format=html\u0026amp;rnd=new\"\u003eRandom number generator\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://spectrum.ieee.org/tech-history/cyberspace/the-strange-birth-and-long-life-of-unix\"\u003eThe Strange Birth and Long Life of Unix\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThey say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it’s actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written.\u003cbr\u003e\nA door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone \u0026amp; Telegraph Co., withdrew from a collaborative project with the Massachusetts Institute of Technology and General Electric to create an interactive time-sharing system called Multics, which stood for “Multiplexed Information and Computing Service.” Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e-mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.\u003cbr\u003e\nOver five years, AT\u0026amp;T invested millions in the Multics project, purchasing a GE-645 mainframe computer and dedicating to the effort many of the top researchers at the company’s renowned Bell Telephone Laboratories—­including Thompson and Ritchie, Joseph F. Ossanna, Stuart Feldman, M. Douglas McIlroy, and the late Robert Morris. But the new system was too ambitious, and it fell troublingly behind schedule. In the end, AT\u0026amp;T’s corporate leaders decided to pull the plug.\u003cbr\u003e\nAfter AT\u0026amp;T’s departure from the Multics project, managers at Bell Labs, in Murray Hill, N.J., became reluctant to allow any further work on computer operating systems, leaving some researchers there very frustrated. Although Multics hadn’t met many of its objectives, it had, as Ritchie later recalled, provided them with a “convenient interactive computing service, a good environment in which to do programming, [and] a system around which a fellowship could form.” Suddenly, it was gone.\u003cbr\u003e\nWith heavy hearts, the researchers returned to using their old batch system. At such an inauspicious moment, with management dead set against the idea, it surely would have seemed foolhardy to continue designing computer operating systems. But that’s exactly what Thompson, Ritchie, and many of their Bell Labs colleagues did. Now, some 40 years later, we should be thankful that these programmers ignored their bosses and continued their labor of love, which gave the world Unix, one of the greatest computer operating systems of all time.\u003cbr\u003e\nThe rogue project began in earnest when Thompson, Ritchie, and a third Bell Labs colleague, Rudd Canaday, began to sketch out on paper the design for a file system. Thompson then wrote the basics of a new operating system for the lab’s GE-645 mainframe. But with the Multics project ended, so too was the need for the GE-645. Thompson realized that any further programming he did on it was likely to go nowhere, so he dropped the effort.\u003cbr\u003e\nThompson had passed some of his time after the demise of Multics writing a computer game called Space Travel, which simulated all the major bodies in the solar system along with a spaceship that could fly around them. Written for the GE-645, Space Travel was clunky to play—and expensive: roughly US $75 a game for the CPU time. Hunting around, Thompson came across a dusty PDP-7, a minicomputer built by Digital Equipment Corp. that some of his Bell Labs colleagues had purchased earlier for a circuit-analysis project. Thompson rewrote Space Travel to run on it.\u003cbr\u003e\nAnd with that little programming exercise, a second door cracked ajar. It was to swing wide open during the summer of 1969 when Thompson’s wife, Bonnie, spent a month visiting his parents to show off their newborn son. Thompson took advantage of his temporary bachelor existence to write a good chunk of what would become the Unix operating system for the discarded PDP‑7. The name Unix stems from a joke one of Thompson’s colleagues made: Because the new operating system supported only one user (Thompson), he saw it as an emasculated version of Multics and dubbed it “Un-multiplexed Information and Computing Service,” or Unics. The name later morphed into Unix.\u003cbr\u003e\nInitially, Thompson used the GE-645 to compose and compile the software, which he then downloaded to the PDP‑7. But he soon weaned himself from the mainframe, and by the end of 1969 he was able to write operating-system code on the PDP-7 itself. That was a step in the right direction. But Thompson and the others helping him knew that the PDP‑7, which was already obsolete, would not be able to sustain their skunkworks for long. They also knew that the lab’s management wasn’t about to allow any more research on operating systems.\u003cbr\u003e\nSo Thompson and Ritchie got crea­tive. They formulated a proposal to their bosses to buy one of DEC’s newer minicomputers, a PDP-11, but couched the request in especially palatable terms. They said they were aiming to create tools for editing and formatting text, what you might call a word-processing system today. The fact that they would also have to write an operating system for the new machine to support the editor and text formatter was almost a footnote.\u003cbr\u003e\nManagement took the bait, and an order for a PDP-11 was placed in May 1970. The machine itself arrived soon after, although the disk drives for it took more than six months to appear. During the interim, Thompson, Ritchie, and others continued to develop Unix on the PDP-7. After the PDP-11’s disks were installed, the researchers moved their increasingly complex operating system over to the new machine. Next they brought over the roff text formatter written by Ossanna and derived from the runoff program, which had been used in an earlier time-sharing system.\u003cbr\u003e\nUnix was put to its first real-world test within Bell Labs when three typists from AT\u0026amp;T’s patents department began using it to write, edit, and format patent applications. It was a hit. The patent department adopted the system wholeheartedly, which gave the researchers enough credibility to convince management to purchase another machine—a newer and more powerful PDP-11 model—allowing their stealth work on Unix to continue.\u003cbr\u003e\nDuring its earliest days, Unix evolved constantly, so the idea of issuing named versions or releases seemed inappropriate. But the researchers did issue new editions of the programmer’s manual periodically, and the early Unix systems were named after each such edition. The first edition of the manual was completed in November 1971.\u003cbr\u003e\nSo what did the first edition of Unix offer that made it so great? For one thing, the system provided a hierarchical file system, which allowed something we all now take for granted: Files could be placed in directories—or equivalently, folders—that in turn could be put within other directories. Each file could contain no more than 64 kilobytes, and its name could be no more than six characters long. These restrictions seem awkwardly limiting now, but at the time they appeared perfectly adequate.\u003cbr\u003e\nAlthough Unix was ostensibly created for word processing, the only editor available in 1971 was the line-oriented ed. Today, ed is still the only editor guaranteed to be present on all Unix systems. Apart from the text-processing and general system applications, the first edition of Unix included games such as blackjack, chess, and tic-tac-toe. For the system administrator, there were tools to dump and restore disk images to magnetic tape, to read and write paper tapes, and to create, check, mount, and unmount removable disk packs.\u003cbr\u003e\nMost important, the system offered an interactive environment that by this time allowed time-sharing, so several people could use a single machine at once. Various programming languages were available to them, including BASIC, Fortran, the scripting of Unix commands, assembly language, and B. The last of these, a descendant of a BCPL (Basic Combined Programming Language), ultimately evolved into the immensely popular C language, which Ritchie created while also working on Unix.\u003cbr\u003e\nThe first edition of Unix let programmers call 34 different low-level routines built into the operating system. It’s a testament to the system’s enduring nature that nearly all of these system calls are still available—and still heavily used—on modern Unix and Linux systems four decades on. For its time, first-­edition Unix provided a remarkably powerful environment for software development. Yet it contained just 4200 lines of code at its heart and occupied a measly 16 KB of main memory when it ran.\u003cbr\u003e\nUnix’s great influence can be traced in part to its elegant design, simplicity, portability, and serendipitous timing. But perhaps even more important was the devoted user community that soon grew up around it. And that came about only by an accident of its unique history.\u003cbr\u003e\nThe story goes like this: For years Unix remained nothing more than a Bell Labs research project, but by 1973 its authors felt the system was mature enough for them to present a paper on its design and implementation at a symposium of the Association for Computing Machinery. That paper was published in 1974 in the Communications of the ACM. Its appearance brought a flurry of requests for copies of the software.\u003cbr\u003e\nThis put AT\u0026amp;T in a bind. In 1956, AT\u0026amp;T had agreed to a U.S government consent decree that prevented the company from selling products not directly related to telephones and telecommunications, in return for its legal monopoly status in running the country’s long-distance phone service. So Unix could not be sold as a product. Instead, AT\u0026amp;T released the Unix source code under license to anyone who asked, charging only a nominal fee. The critical wrinkle here was that the consent decree prevented AT\u0026amp;T from supporting Unix. Indeed, for many years Bell Labs researchers proudly displayed their Unix policy at conferences with a slide that read, “No advertising, no support, no bug fixes, payment in advance.”\u003cbr\u003e\nWith no other channels of support available to them, early Unix adopters banded together for mutual assistance, forming a loose network of user groups all over the world. They had the source code, which helped. And they didn’t view Unix as a standard software product, because nobody seemed to be looking after it. So these early Unix users themselves set about fixing bugs, writing new tools, and generally improving the system as they saw fit.\u003cbr\u003e\nThe Usenix user group acted as a clearinghouse for the exchange of Unix software in the United States. People could send in magnetic tapes with new software or fixes to the system and get back tapes with the software and fixes that Usenix had received from others. In Australia, the University of New South Wales and the University of Sydney produced a more robust version of Unix, the Australian Unix Share Accounting Method, which could cope with larger numbers of concurrent users and offered better performance.\u003cbr\u003e\nBy the mid-1970s, the environment of sharing that had sprung up around Unix resembled the open-source movement so prevalent today. Users far and wide were enthusiastically enhancing the system, and many of their improvements were being fed back to Bell Labs for incorporation in future releases. But as Unix became more popular, AT\u0026amp;T’s lawyers began looking harder at what various licensees were doing with their systems.\u003cbr\u003e\nOne person who caught their eye was John Lions, a computer scientist then teaching at the University of New South Wales, in Australia. In 1977, he published what was probably the most famous computing book of the time, A Commentary on the Unix Operating System, which contained an annotated listing of the central source code for Unix.\u003cbr\u003e\nUnix’s licensing conditions allowed for the exchange of source code, and initially, Lions’s book was sold to licensees. But by 1979, AT\u0026amp;T’s lawyers had clamped down on the book’s distribution and use in academic classes. The anti­authoritarian Unix community reacted as you might expect, and samizdat copies of the book spread like wildfire. Many of us have nearly unreadable nth-­generation photocopies of the original book.\u003cbr\u003e\nEnd runs around AT\u0026amp;T’s lawyers indeed became the norm—even at Bell Labs. For example, between the release of the sixth edition of Unix in 1975 and the seventh edition in 1979, Thompson collected dozens of important bug fixes to the system, coming both from within and outside of Bell Labs. He wanted these to filter out to the existing Unix user base, but the company’s lawyers felt that this would constitute a form of support and balked at their release. Nevertheless, those bug fixes soon became widely distributed through unofficial channels. For instance, Lou Katz, the founding president of Usenix, received a phone call one day telling him that if he went down to a certain spot on Mountain Avenue (where Bell Labs was located) at 2 p.m., he would find something of interest. Sure enough, Katz found a magnetic tape with the bug fixes, which were rapidly in the hands of countless users.\u003cbr\u003e\nBy the end of the 1970s, Unix, which had started a decade earlier as a reaction against the loss of a comfortable programming environment, was growing like a weed throughout academia and the IT industry. Unix would flower in the early 1980s before reaching the height of its popularity in the early 1990s.\u003cbr\u003e\nFor many reasons, Unix has since given way to other commercial and noncommercial systems. But its legacy, that of an elegant, well-designed, comfortable environment for software development, lives on. In recognition of their accomplishment, Thompson and Ritchie were given the Japan Prize earlier this year, adding to a collection of honors that includes the United States’ National Medal of Technology and Innovation and the Association of Computing Machinery’s Turing Award. Many other, often very personal, tributes to Ritchie and his enormous influence on computing were widely shared after his death this past October.\u003cbr\u003e\nUnix is indeed one of the most influential operating systems ever invented. Its direct descendants now number in the hundreds. On one side of the family tree are various versions of Unix proper, which began to be commercialized in the 1980s after the Bell System monopoly was broken up, freeing AT\u0026amp;T from the stipulations of the 1956 consent decree. On the other side are various Unix-like operating systems derived from the version of Unix developed at the University of California, Berkeley, including the one Apple uses today on its computers, OS X. I say “Unix-like” because the developers of the Berkeley Software Distribution (BSD) Unix on which these systems were based worked hard to remove all the original AT\u0026amp;T code so that their software and its descendants would be freely distributable.\u003cbr\u003e\nThe effectiveness of those efforts were, however, called into question when the AT\u0026amp;T subsidiary Unix System Laboratories filed suit against Berkeley Software Design and the Regents of the University of California in 1992 over intellectual property rights to this software. The university in turn filed a counterclaim against AT\u0026amp;T for breaches to the license it provided AT\u0026amp;T for the use of code developed at Berkeley. The ensuing legal quagmire slowed the development of free Unix-like clones, including 386BSD, which was designed for the Intel 386 chip, the CPU then found in many IBM PCs.\u003cbr\u003e\nHad this operating system been available at the time, Linus Torvalds says he probably wouldn’t have created Linux, an open-source Unix-like operating system he developed from scratch for PCs in the early 1990s. Linux has carried the Unix baton forward into the 21st century, powering a wide range of digital gadgets including wireless routers, televisions, desktop PCs, and Android smartphones. It even runs some supercomputers.\u003cbr\u003e\nAlthough AT\u0026amp;T quickly settled its legal disputes with Berkeley Software Design and the University of California, legal wrangling over intellectual property claims to various parts of Unix and Linux have continued over the years, often involving byzantine corporate relations. By 2004, no fewer than five major lawsuits had been filed. Just this past August, a software company called the TSG Group (formerly known as the SCO Group), lost a bid in court to claim ownership of Unix copyrights that Novell had acquired when it purchased the Unix System Laboratories from AT\u0026amp;T in 1993.\u003cbr\u003e\nAs a programmer and Unix historian, I can’t help but find all this legal sparring a bit sad. From the very start, the authors and users of Unix worked as best they could to build and share, even if that meant defying authority. That outpouring of selflessness stands in sharp contrast to the greed that has driven subsequent legal battles over the ownership of Unix.\u003cbr\u003e\nThe world of computer hardware and software moves forward startlingly fast. For IT professionals, the rapid pace of change is typically a wonderful thing. But it makes us susceptible to the loss of our own history, including important lessons from the past. To address this issue in a small way, in 1995 I started a mailing list of old-time Unix ­aficionados. That effort morphed into the Unix Heritage Society. Our goal is not only to save the history of Unix but also to collect and curate these old systems and, where possible, bring them back to life. With help from many talented members of this society, I was able to restore much of the old Unix software to working order, including Ritchie’s first C compiler from 1972 and the first Unix system to be written in C, dating from 1973.\u003cbr\u003e\nOne holy grail that eluded us for a long time was the first edition of Unix in any form, electronic or otherwise. Then, in 2006, Al Kossow from the Computer History Museum, in Mountain View, Calif., unearthed a printed study of Unix dated 1972, which not only covered the internal workings of Unix but also included a complete assembly listing of the kernel, the main component of this operating system. This was an amazing find—like discovering an old Ford Model T collecting dust in a corner of a barn. But we didn’t just want to admire the chrome work from afar. We wanted to see the thing run again.\u003cbr\u003e\nIn 2008, Tim Newsham, an independent programmer in Hawaii, and I assembled a team of like-minded Unix enthusiasts and set out to bring this ancient system back from the dead. The work was technically arduous and often frustrating, but in the end, we had a copy of the first edition of Unix running on an emulated PDP-11/20. We sent out messages announcing our success to all those we thought would be interested. Thompson, always succinct, simply replied, “Amazing.” Indeed, his brainchild was amazing, and I’ve been happy to do what I can to make it, and the story behind it, better known.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigital Ocean\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"http://do.co/bsdnow\"\u003ehttp://do.co/bsdnow\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.davd.eu/posts-freebsd-jails-with-a-single-public-ip-address/\"\u003eFreeBSD jails with a single public IP address\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJails in FreeBSD provide a simple yet flexible way to set up a proper server layout. In the most setups the actual server only acts as the host system for the jails while the applications themselves run within those independent containers. Traditionally every jail has it’s own IP for the user to be able to address the individual services. But if you’re still using IPv4 this might get you in trouble as the most hosters don’t offer more than one single public IP address per server.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCreate the internal network\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this case NAT (“Network Address Translation”) is a good way to expose services in different jails using the same IP address.\u003cbr\u003e\nFirst, let’s create an internal network (“NAT network”) at 192.168.0.0/24. You could generally use any private IPv4 address space as specified in RFC 1918. Here’s an overview: \u003ca href=\"https://en.wikipedia.org/wiki/Private_network\"\u003ehttps://en.wikipedia.org/wiki/Private_network\u003c/a\u003e. Using pf, FreeBSD’s firewall, we will map requests on different ports of the same public IP address to our individual jails as well as provide network access to the jails themselves.\u003cbr\u003e\nFirst let’s check which network devices are available. In my case there’s em0 which provides connectivity to the internet and lo0, the local loopback device.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode class=\"language-em0:\"\u003e  options=209b\u0026lt;RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC\u0026gt;\n  [...]\n  inet 172.31.1.100 netmask 0xffffff00 broadcast 172.31.1.255\n  nd6 options=23\u0026lt;PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL\u0026gt;\n  media: Ethernet autoselect (1000baseT \u0026lt;full-duplex\u0026gt;)\n  status: active\n\nlo0: flags=8049\u0026lt;UP,LOOPBACK,RUNNING,MULTICAST\u0026gt; metric 0 mtu 16384\n  options=600003\u0026lt;RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6\u0026gt;\n  inet6 ::1 prefixlen 128\n  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2\n  inet 127.0.0.1 netmask 0xff000000\n  nd6 options=21\u0026lt;PERFORMNUD,AUTO_LINKLOCAL\u0026gt;```\n\n\u0026gt; For our internal network, we create a cloned loopback device called lo1. Therefore we need to customize the /etc/rc.conf file, adding the following two lines:\n\n```cloned_interfaces=\u0026quot;lo1\u0026quot;\nipv4_addrs_lo1=\u0026quot;192.168.0.1-9/29\u0026quot;```\n\n\u0026gt; This defines a /29 network, offering IP addresses for a maximum of 6 jails:\n\n```ipcalc 192.168.0.1/29\nAddress:   192.168.0.1          11000000.10101000.00000000.00000 001\nNetmask:   255.255.255.248 = 29 11111111.11111111.11111111.11111 000\nWildcard:  0.0.0.7              00000000.00000000.00000000.00000 111\n=\u0026gt;\nNetwork:   192.168.0.0/29       11000000.10101000.00000000.00000 000\nHostMin:   192.168.0.1          11000000.10101000.00000000.00000 001\nHostMax:   192.168.0.6          11000000.10101000.00000000.00000 110\nBroadcast: 192.168.0.7          11000000.10101000.00000000.00000 111\nHosts/Net: 6                     Class C, Private Internet```\n\n\u0026gt; Then we need to restart the network. Please be aware of currently active SSH sessions as they might be dropped during restart. It’s a good moment to ensure you have KVM access to that server ;-)\n\n```service netif restart```\n\n\u0026gt; After reconnecting, our newly created loopback device is active:\n\n```lo1: flags=8049\u0026lt;UP,LOOPBACK,RUNNING,MULTICAST\u0026gt; metric 0 mtu 16384\n  options=600003\u0026lt;RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6\u0026gt;\n  inet 192.168.0.1 netmask 0xfffffff8\n  inet 192.168.0.2 netmask 0xffffffff\n  inet 192.168.0.3 netmask 0xffffffff\n  inet 192.168.0.4 netmask 0xffffffff\n  inet 192.168.0.5 netmask 0xffffffff\n  inet 192.168.0.6 netmask 0xffffffff\n  inet 192.168.0.7 netmask 0xffffffff\n  inet 192.168.0.8 netmask 0xffffffff\n  inet 192.168.0.9 netmask 0xffffffff\n  nd6 options=29\u0026lt;PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL\u0026gt;```\n\n+ Setting up\n\n\u0026gt; pf part of the FreeBSD base system, so we only have to configure and enable it. By this moment you should already have a clue of which services you want to expose. If this is not the case, just fix that file later on. In my example configuration, I have a jail running a webserver and another jail running a mailserver:\n\n +  Public IP address\n```IP_PUB=\u0026quot;1.2.3.4\u0026quot;```\n\n +  Packet normalization\n```scrub in all```\n\n +  Allow outbound connections from within the jails\n```nat on em0 from lo1:network to any -\u0026gt; (em0)```\n\n +  webserver jail at 192.168.0.2\n```rdr on em0 proto tcp from any to $IP_PUB port 443 -\u0026gt; 192.168.0.2```\n\n + just an example in case you want to redirect to another port within your jail\n```rdr on em0 proto tcp from any to $IP_PUB port 80 -\u0026gt; 192.168.0.2 port 8080```\n\n + mailserver jail at 192.168.0.3\n```rdr on em0 proto tcp from any to $IP_PUB port 25 -\u0026gt; 192.168.0.3```\n```rdr on em0 proto tcp from any to $IP_PUB port 587 -\u0026gt; 192.168.0.3```\n```rdr on em0 proto tcp from any to $IP_PUB port 143 -\u0026gt; 192.168.0.3```\n```rdr on em0 proto tcp from any to $IP_PUB port 993 -\u0026gt; 192.168.0.3```\n\n\u0026gt; Now just enable pf like this (which is the equivalent of adding pf_enable=YES to /etc/rc.conf):\n\n```sysrc pf_enable=\u0026quot;YES\u0026quot;```\n\n\u0026gt; and start it:\n\n```service pf start```\n\n+ Install ezjail\n\n\u0026gt; Ezjail is a collection of scripts by erdgeist that allow you to easily manage your jails.\n\n```pkg install ezjail```\n\n\u0026gt; As an alternative, you could install ezjail from the ports tree. Now we need to set up the basejail which contains the shared base system for our jails. In fact, every jail that you create get’s will use that basejail to symlink directories related to the base system like /bin and /sbin. This can be accomplished by running\n\n```ezjail-admin install```\n\n\u0026gt; In the next step, we’ll copy the /etc/resolv.conf file from our host to the newjail, which is the template for newly created jails (the parts that are not provided by basejail), to ensure that domain resolution will work properly within our jails later on:\n\n```cp /etc/resolv.conf /usr/jails/newjail/etc/```\n\n\u0026gt; Last but not least, we enable ezjail and start it:\n\n```sysrc ezjail_enable=\u0026quot;YES\u0026quot;```\n```service ezjail start```\n\n+ Create a jail\n\n\u0026gt; Creating a jail is as easy as it could probably be:\n\n```ezjail-admin create webserver 192.168.0.2```\n```ezjail-admin start webserver```\n\n\u0026gt; Now you can access your jail using:\n\n```ezjail-admin console webserver```\n\n\u0026gt; Each jail contains a vanilla FreeBSD installation.\n\n+ Deploy services\n\n\u0026gt; Now you can spin up as many jails as you want to set up your services like web, mail or file shares. You should take care not to enable sshd within your jails, because that would cause problems with the service’s IP bindings. But this is not a problem, just SSH to the host and enter your jail using ezjail-admin console.\n***\n\n###[EuroBSDcon 2018 Talks \u0026amp; Schedule](https://2018.eurobsdcon.org/talks-schedule/)\n***\n\n\n\n\n##News Roundup\n###[OpenBSD on an iBook G4](https://bobstechsite.com/openbsd-on-an-ibook-g4/)\n\u0026gt; I've mentioned on social media and on the BTS podcast a few times that I wanted to try installing OpenBSD onto an old \u0026quot;snow white\u0026quot; iBook G4 I acquired last summer to see if I could make it a useful machine again in the year 2018.  This particular eBay purchase came with a 14\u0026quot; 1024x768 TFT screen, 1.07GHz PowerPC G4 processor, 1.5GB RAM, 100GB of HDD space and an ATI Radeon 9200 graphics card with 32 MB of SDRAM. The optical drive, ethernet port, battery \u0026amp; USB slots are also fully-functional. The only thing that doesn't work is the CMOS battery, but that's not unexpected for a device that was originally released in 2004.\n\n+ Initial experiments\n\n\u0026gt; This iBook originally arrived at my door running Apple Mac OSX Leopard and came with the original install disk, the iLife \u0026amp; iWork suites for 2008, various instruction manuals, a working power cable and a spare keyboard. As you'll see in the pictures I took for this post the characters on the buttons have started to wear away from 14 years of intensive use, but the replacement needs a very good clean before I decide to swap it in!\n\n\u0026gt; After spending some time exploring the last version of OSX to support the IBM PowerPC processor architecture I tried to see if the hardware was capable of modern computing with Linux. Something I knew ahead of trying this was that the WiFi adapter was unlikely to work because it's a highly proprietary component designed by Apple to work specifically with OSX and nothing else, but I figured I could probably use a wireless USB dongle later to get around this limitation.\n\n\u0026gt; Unfortunately I found that no recent versions of mainstream Linux distributions would boot off this machine. Debian has dropped support 32-bit PowerPC architectures and the PowerPC variants of Ubuntu 16.04 LTS (vanilla, MATE and Lubuntu) wouldn't even boot the installer! The only distribution I could reliably install on the hardware was Lubuntu 14.04 LTS.\n\n\u0026gt; Unfortunately I'm not the biggest fan of the LXDE desktop for regular work and a lot of ported applications were old and broken because it clearly wasn't being maintained by people that use the hardware anymore. Ubuntu 14.04 is also approaching the end of its support life in early 2019, so this limited solution also has a limited shelf-life.\n\n+ Over to BSD\n\n\u0026gt; I discussed this problem with a few people on Mastodon and it was pointed out to me that OSX is built on the Darwin kernel, which happens to be a variant of BSD. NetBSD and OpenBSD fans in particular convinced me that their communities still saw the value of supporting these old pieces of kit and that I should give BSD a try.\n\n\u0026gt; So yesterday evening I finally downloaded the \u0026quot;macppc\u0026quot; version of OpenBSD 6.3 with no idea what to expect. I hoped for the best but feared the worst because my last experience with this operating system was trying out PC-BSD in 2008 and discovering with disappointment that it didn't support any of the hardware on my Toshiba laptop.\n\n\u0026gt; When I initially booted OpenBSD I was a little surprised to find the login screen provided no visual feedback when I typed in my password, but I can understand the security reasons for doing that. The initial desktop environment that was loaded was very basic. All I could see was a console output window, a terminal and a desktop switcher in the X11 environment the system had loaded.\n\n\u0026gt; After a little Googling I found this blog post had some fantastic instructions to follow for the post-installation steps: https://sohcahtoa.org.uk/openbsd.html. I did have to adjust them slightly though because my iBook only has 1.5GB RAM and not every package that page suggests is available on macppc by default. You can see a full list here: https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/powerpc/.\n\n+ Final thoughts\n\n\u0026gt; I was really impressed with the performance of OpenBSD's \u0026quot;macppc\u0026quot; port. It boots much faster than OSX Leopard on the same hardware and unlike Lubuntu 14.04 it doesn't randomly hang for no reason or crash if you launch something demanding like the GIMP.\n\n\u0026gt; I was pleased to see that the command line tools I'm used to using on Linux have been ported across too. OpenBSD also had no issues with me performing basic desktop tasks on XFCE like browsing the web with NetSurf, playing audio files with VLC and editing images with the GIMP. Limited gaming is also theoretically possible if you're willing to build them (or an emulator) from source with SDL support.\n\n\u0026gt; If I wanted to use this system for heavy duty work then I'd probably be inclined to run key applications like LibreOffice on a Raspberry Pi and then connect my iBook G4 to those using VNC or an SSH connection with X11 forwarding. BSD is UNIX after all, so using my ancient laptop as a dumb terminal should work reasonably well.\n\n\u0026gt; In summary I was impressed with OpenBSD and its ability to breathe new life into this old Apple Mac. I'm genuinely excited about the idea of trying BSD with other devices on my network such as an old Asus Eee PC 900 netbook and at least one of the many Raspberry Pi devices I use. Whether I go the whole hog and replace Fedora on my main production laptop though remains to be seen!\n\n***\n\n###[The template user with PAM and login(1)](http://oshogbo.vexillium.org/blog/48)\n\u0026gt; When you build a new service (or an appliance) you need your users to be able to configure it from the command line. To accomplish this you can create system accounts for all registered users in your service and assign them a special login shell which provides such limited functionality. This can be painful if you have a dynamic user database.\n\u0026gt; Another challenge is authentication via remote services such as RADIUS. How can we implement  services when we authenticate through it and log into it as a different user? Furthermore, imagine a scenario when RADIUS decides on which account we have the right to access by sending an additional attribute.\n\u0026gt; To address these two problems we can use a \u0026quot;template\u0026quot; user. Any of the PAM modules can set the value of the PAM_USER item. The value of this item will be used to determine which account we want to login. Only the \u0026quot;template\u0026quot; user must exist on the local password database, but the credential check can be omitted by the module.\n\u0026gt; This functionality exists in the login(1) used by FreeBSD, HardenedBSD, DragonFlyBSD and illumos. The functionality doesn't exist in the login(1) used in NetBSD, and OpenBSD doesn't support PAM modules at all. In addition what  is also noteworthy is that such functionality was also in the OpenSSH but they decided to remove it and call it a security vulnerability (CVE 2015-6563). I can see how some people may have seen it that way, that’s why I recommend reading this article from an OpenPAM author and a FreeBSD security officer at the time.\n\u0026gt; Knowing the background let's take a look at an example.\n\n```PAM_EXTERN int\npam_sm_authenticate(pam_handle_t *pamh, int flags __unused,\n    int argc __unused, const char *argv[] __unused)\n{\n        const char *user, *password;\n        int err;\n\n        err = pam_get_user(pamh, \u0026amp;user, NULL);\n        if (err != PAM_SUCCESS)\n                return (err);\n\n        err = pam_get_authtok(pamh, PAM_AUTHTOK, \u0026amp;password, NULL);\n        if (err == PAM_CONV_ERR)\n                return (err);\n        if (err != PAM_SUCCESS)\n                return (PAM_AUTH_ERR);\n\n        err = authenticate(user, password);\n        if (err != PAM_SUCCESS) {\n                return (err);\n        }\n\n        return (pam_set_item(pamh, PAM_USER, \u0026quot;template\u0026quot;));\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the listing above we have an example of a PAM module. The pam_get_user(3) provides a username. The pam_get_authtok(3) shows us a secret given by the user. Both functions allow us to give an optional prompt which should be shown to the user. The authenticate function is our crafted function which authenticates the user. In our first scenario we wanted to keep all users in an external database. If authentication is successful we then switch to a template user which has  a shell set up for a script allowing us to configure the machine. In our second scenario the authenticate function authenticates the user in RADIUS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnother step is to add our PAM module to the /etc/pam.d/system or to the /etc/pam.d/login configuration:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eauth sufficient pam_template.so no_warn allow_local\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnfortunately the description of all these options goes beyond this article - if you would like to know more about it you can find them in the PAM manual. The last thing we need to do is to add our template user to the system which  you can do by the adduser(8) command or just simply modifying the /etc/master.passwd file and use pwd_mkdb(8) program:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e$ tail -n /etc/master.passwd\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003etemplate:*:1000:1000::0:0:User \u0026amp;:/:/usr/local/bin/templatesh\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e$ sudo pwd_mkdb /etc/master.passwd\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs you can see,the template user can be locked and we still can use it in our PAM module (the * character after login).\u003cbr\u003e\nI would like to thank Dag-Erling Smørgrav for pointing this functionality out to me when I was looking for it some time ago.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"https://www.ixsystems.com/blog/vmworld2018-countdown/\"\u003eiXsystems @ VMWorld\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://aravindh.net/posts/zfs_fileserver/\"\u003eZFS file server\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is the need?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt work, we run a compute cluster that uses an Isilon cluster as primary NAS storage. Excluding snapshots, we have about 200TB of research data, some of them in compressed formats, and others not. We needed an offsite backup file server that would constantly mirror our primary NAS and serve as a quick recovery source in case of a data loss in the the primary NAS. This offsite file server would be passive - will never face the wrath of the primary cluster workload.\u003cbr\u003e\nIn addition to the role of a passive backup server, this solution would take on some passive report generation workloads as an ideal way of offloading some work from the primary NAS. The passive work is read-only.\u003cbr\u003e\nThe backup server would keep snapshots in a best effort basis dating back to 10 years. However, this data on this backup server would be archived to tapes periodically.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA simple guidance of priorities:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eData integrity \u0026gt; Cost of solution \u0026gt; Storage capacity \u0026gt; Performance.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhy not enterprise NAS? NetApp FAS or EMC Isilon or the like?\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe decided that enterprise grade NAS like NetAPP FAS or EMC Isilon are prohibitively expensive and an overkill for our needs.\u003cbr\u003e\nAn open source \u0026amp; cheaper alternative to enterprise grade filesystem with the level of durability we expect turned up to be ZFS. We’re already spoilt from using snapshots by a clever Copy-on-Write Filesystem(WAFL) by NetApp. ZFS providing snapshots in almost identical way was a big influence in the choice. This is also why we did not consider just a CentOS box with the default XFS filesystem.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD vs Debian for ZFS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a backup server, a long-term solution. Stability and reliability are key requirements. ZFS on Linux may be popular at this time, but there is a lot of churn around its development, which means there is a higher probability of bugs like this to occur. We’re not looking for cutting edge features here. Perhaps, Linux would be considered in the future.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD + ZFS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe already utilize FreeBSD and OpenBSD for infrastructure services and we have nothing but praises for the stability that the BSDs have provided us. We’d gladly use FreeBSD and OpenBSD wherever possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOkay, ZFS, but why not FreeNAS?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIMHO, FreeNAS provides a integrated GUI management tool over FreeBSD for a novice user to setup and configure FreeBSD, ZFS, Jails and many other features. But, this user facing abstraction adds an extra layer of complexity to maintain that is just not worth it in simpler use cases like ours. For someone that appreciates the commandline interface, and understands FreeBSD enough to administer it, plain FreeBSD + ZFS is simpler and more robust than FreeNAS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpecifications\u003c/li\u003e\n\u003cli\u003eLenovo SR630 Rackserver\u003c/li\u003e\n\u003cli\u003e2 X Intel Xeon silver 4110 CPUs\u003c/li\u003e\n\u003cli\u003e768 GB of DDR4 ECC 2666 MHz RAM\u003c/li\u003e\n\u003cli\u003e4 port SAS card configured in passthrough mode(JBOD)\u003c/li\u003e\n\u003cli\u003eIntel network card with 10 Gb SFP+ ports\u003c/li\u003e\n\u003cli\u003e128GB M.2 SSD for use as boot drive\u003c/li\u003e\n\u003cli\u003e2 X HGST 4U60 JBOD\u003c/li\u003e\n\u003cli\u003e120(2 X 60) X 10TB SAS disks\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://nanxiao.me/en/reflection-on-one-year-usage-of-openbsd/\"\u003eReflection on one-year usage of OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have used OpenBSD for more than one year, and it is time to give a summary of the experience:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(1) What do I get from OpenBSD?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ea) A good UNIX tutorial. When I am curious about some UNIXcommands’ implementation, I will refer to OpenBSD source code, and I actually gain something every time. E.g., refresh socket programming skills from nc; know how to process file efficiently from cat.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eb) A better test bed. Although my work focus on developing programs on Linux, I will try to compile and run applications on OpenBSD if it is possible. One reason is OpenBSD usually gives more helpful warnings. E.g., hint like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e......\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ewarning: sprintf() is often misused, please use snprintf()\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e......\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOr you can refer this post which I wrote before. The other is sometimes program run well on Linux may crash on OpenBSD, and OpenBSD can help you find hidden bugs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ec) Some handy tools. E.g. I find tcpbench is useful, so I ported it into Linux for my own usage (project is here).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(2) What I give back to OpenBSD?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ea) Patches. Although most of them are trivial modifications, they are still my contributions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eb) Write blog posts to share experience about using OpenBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ec) Develop programs for OpenBSD/*BSD: lscpu and free.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ed) Porting programs into OpenBSD: E.g., I find google/benchmark is a nifty tool, but lacks OpenBSD support, I submitted PR and it is accepted. So you can use google/benchmark on OpenBSD now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGenerally speaking, the time invested on OpenBSD is rewarding. If you are still hesitating, why not give a shot?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/253447019/\"\u003eBSD Users Stockholm Meetup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLeF8ZihVdpFfkICtA2HFsZecdC28_mrQh\"\u003eBSDCan 2018 Playlist\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://forum.opnsense.org/index.php?PHPSESSID=hvuv2kg4js2nlfpm73ut5ro8p2\u0026amp;topic=9280.0\"\u003eOPNsense 18.7 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/WLgdJwd5zcQ\"\u003eTesting TrueOS (FreeBSD derivative) on real hardware ThinkPad T410\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-jobs/2018-July/000946.html\"\u003eKernel Hacker Wanted!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/337411\"\u003eReplace a pair of 8-bit writes to VGA memory with a single 16-bit write\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/337229\"\u003eReduce taskq and context-switch cost of zio pipe\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D16606\"\u003eProposed FreeBSD Memory Management change, expected to improve ZFS ARC interactions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnian_Z - \u003ca href=\"http://dpaste.com/093FC8R#wrap\"\u003eQuestion\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRobert - \u003ca href=\"http://dpaste.com/0GG7Q2A#wrap\"\u003ePool question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLain - \u003ca href=\"http://dpaste.com/2BWPX9C\"\u003eCongratulations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThomas - \u003ca href=\"http://dpaste.com/25NGAP3#wrap\"\u003eL2arc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"The strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.","date_published":"2018-08-16T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f1dc9150-bd92-4004-9643-095d9da96886.mp3","mime_type":"audio/mp3","size_in_bytes":64748796,"duration_in_seconds":6456}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2390","title":"Episode 258: OS Foundations | BSD Now 258","url":"https://www.bsdnow.tv/258","content_text":"FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.\n\n##Headlines\n###FreeBSD Foundation Update, July 2018\n\n\nMESSAGE FROM THE EXECUTIVE DIRECTOR\n\n\n\nWe’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration,  spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!\nIn this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.\nYour support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!\n\n\n\nJune 2018 Development Projects Update\nFundraising Update: Supporting the Project\nJuly 2018 Release Engineering Update\nOSCON 2018 Recap\nSubmit Your Work: MeetBSD 2018\nFreeBSD Discount for 2018 SNIA Developer Conference\nEuroBSDcon 2018 Travel Grant Application Deadline: August 2\n\n\n\n\niXsystems\n\n###BSDCan Trip Reports\n\n\nBSDCan 2018 Trip Report: Constantin Stan\nBSDCan 2018 Trip Report: Danilo G. Baio\nBSDCan 2018 Trip Report: Rodrigo Osorio\nBSDCan 2018 Trip Report: Dhananjay Balan\nBSDCan 2018 Trip Report: Kyle Evans\n\n\n\n\n##News Roundup\n###FreeBSD and OSPFd\n\n\nWith FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…\n\n\n\nOSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send \u0026amp; receive.\n\n\n\nIn this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)\n\n\n\nIn this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:\n\n\nServer 1: 172.16.3.0/28\nServer 2: 172.16.3.16/28\nServer 3: 172.16.3.32/28\nServer 4: 172.16.3.48/28\nServer 5: 172.16.3.64/28\n\n\nWhen statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.\n\n\n\n\nTo get started, first we install the Quagga package.\n\n\nThe two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.\n\n\nStarting with zebra.conf, we’ll define the hostname and a management password.\n\n\nSecond, we will populate the ospfd.conf file.\n\n\nTo break this down:\n\n\nservice advanced-vty allows you to skip the en or enable command. Since I’m the only one who uses this service, it’s one less command to type.\n\n\nip ospf authentication message-digest and ip ospf message-diget-key… ignores non-authenticated OSPF communication. This is useful when communicating over the WAN and to prevent a replay attack. Since I’m using a VPN to communicate, I could exclude these.\n\n\npassive-interface default turns off the active communication of OSPF messages on all interfaces except for the interfaces listed as no passive-interface [interface name]. Since my ospf communication needs to leverage the VPNs, this prevents the servers from trying to send ospf data out the WAN interface (a firewall would work too).\n\n\nnetwork 172.16.2.0/23 area 0.0.0.0 lists a supernet of both 172.16.2.0/24 and 172.16.3.0/24. This ensures routes for the jails are advertised along with the P2P links used by OpenVPN. The OpenVPN links are not required but can provide another IP to access your server if one of the links goes down. (See the suggested tasks below).\n\n\nAt this point, we can enable the services in rc.conf.local and start them.\n\n\nWe bind the management interface to 127.0.0.1 so that it’s only accessable to local telnet sessions. If you want to access this service remotely, you can bind to a remotely accessable IP. Remember telnet is not secure. If you need remote access, use a VPN.\n\n\nTo manage the services, you can telnet to your host’s localhost address.\n\n\nUse 2604 for the ospf service.\n\n\nRemember, this is accessible by non-root users so set a good password.\n\n\n\n\n\n###A broad overview of how ZFS is structured on disk\n\n\nWhen I wrote yesterday’s entry, it became clear that I didn’t understand as much about how ZFS is structured on disk (and that this matters, since I thought that ZFS copy on write updates updated a lot more than they do). So today I want to write down my new broad understanding of how this works. (All of this can be dug out of the old, draft ZFS on-disk format specification, but that spec is written in a very detailed way and things aren’t always immediately clear from it.)\n\n\n\nAlmost everything in ZFS is in DMU object. All objects are defined by a dnode, and object dnodes are almost always grouped together in an object set. Object sets are themselves DMU objects; they store dnodes as basically a giant array in a ‘file’, which uses data blocks and indirect blocks and so on, just like anything else. Within a single object set, dnodes have an object number, which is the index of their position in the object set’s array of dnodes. (Because an object number is just the index of the object’s dnode in its object set’s array of dnodes, object numbers are basically always going to be duplicated between object sets (and they’re always relative to an object set). For instance, pretty much every object set is going to have an object number ten, although not all object sets may have enough objects that they have an object number ten thousand. One corollary of this is that if you ask zdb to tell you about a given object number, you have to tell zdb what object set you’re talking about. Usually you do this by telling zdb which ZFS filesystem or dataset you mean.)\n\n\n\nEach ZFS filesystem has its own object set for objects (and thus dnodes) used in the filesystem. As I discovered yesterday, every ZFS filesystem has a directory hierarchy and it may go many levels deep, but all of this directory hierarchy refers to directories and files using their object number.\n\n\n\nZFS organizes and keeps track of filesystems, clones, and snapshots through the DSL (Dataset and Snapshot Layer). The DSL has all sorts of things; DSL directories, DSL datasets, and so on, all of which are objects and many of which refer to object sets (for example, every ZFS filesystem must refer to its current object set somehow). All of these DSL objects are themselves stored as dnodes in another object set, the Meta Object Set, which the uberblock points to. To my surprise, object sets are not stored in the MOS (and as a result do not have ‘object numbers’). Object sets are always referred to directly, without indirection, using a block pointer to the object set’s dnode.  (I think object sets are referred to directly so that snapshots can freeze their object set very simply.)\n\n\n\nThe DSL directories and datasets for your pool’s set of filesystems form a tree themselves (each filesystem has a DSL directory and at least one DSL dataset). However, just like in ZFS filesystems, all of the objects in this second tree refer to each other indirectly, by their MOS object number. Just as with files in ZFS filesystems, this level of indirection limits the amount of copy on write updates that ZFS had to do when something changes.\n\n\n\nPS: If you want to examine MOS objects with zdb, I think you do it with something like ‘zdb -vvv -d ssddata 1’, which will get you object number 1 of the MOS, which is the MOS object directory. If you want to ask zdb about an object in the pool’s root filesystem, use ‘zdb -vvv -d ssddata/ 1’. You can tell which one you’re getting depending on what zdb prints out. If it says ‘Dataset mos [META]’ you’re looking at objects from the MOS; if it says ‘Dataset ssddata [ZPL]’, you’re looking at the pool’s root filesystem (where object number 1 is the ZFS master node).\n\n\n\nPPS: I was going to write up what changed on a filesystem write, but then I realized that I didn’t know how blocks being allocated and freed are reflected in pool structures. So I’ll just say that I think that ignoring free space management, only four DMU objects get updated; the file itself, the filesystem’s object set, the filesystem’s DSL dataset object, and the MOS.\n\n\n\n(As usual, doing the research to write this up taught me things that I didn’t know about ZFS.)\n\n\n\n\nDigital Ocean\n\n###HardenedBSD Foundation Status\n\n\nOn 09 July 2018, the HardenedBSD Foundation Board of Directors held the kick-off meeting to start organizing the Foundation. The following people attended the kick-off meeting:\n\n\n\n\n\nShawn Webb (in person)\n\n\n\n\nGeorge Saylor (in person)\n\n\n\n\nBen Welch (in person)\n\n\n\n\nVirginia Suydan (in person)\n\n\n\n\nBen La Monica (phone)\n\n\n\n\nDean Freeman (phone)\n\n\n\n\nChristian Severt (phone)\n\n\n\n\n\nWe discussed the very first steps that need to be taken to organize the HardenedBSD Foundation as a 501©(3) not-for-profit organization in the US. We determined we could file a 1023EZ instead of the full-blown 1023. This will help speed the process up drastically.\n\n\n\nThe steps are laid out as follows:\nRegister a Post Office Box (PO Box) (completed on 10 Jul 2018).\nRegister The HardenedBSD Foundation as a tax-exempt nonstock corporation in the state of Maryland (started on 10 Jul 2018, submitted on 18 Jul 2018, granted 20 Jul 2018).\nObtain a federal tax ID (obtained 20 Jul 2018).\nClose the current bank account and create a new one using the federal tax ID (completed on 20 Jul 2018).\nFile the 1023EZ paperwork with the federal government (started on 20 Jul 2018).\nHire an attorney to help draft the organization bylaws.\nEach of the steps must be done serially and in order.\n\n\n\nWe added Christian Severt, who is on Emerald Onion’s Board of Directors, to the HardenedBSD Foundation Board of Directors as an advisor. He was foundational in getting Emerald Onion their 501©(3) tax-exempt, not-for-profit status and has really good insight. Additionally, he’s going to help HardenedBSD coordinate hosting services, figuring out the best deals for us.\n\n\n\nWe promoted George Saylor to Vice President and changed Shawn Webb’s title to President and Director. This is to help resolve potential concerns both the state and federal agencies might have with an organization having only a single President role.\n\n\n\nWe hope to be granted our 501©(3) status before the end of the year, though that may be subject to change. We are excited for the formation of the HardenedBSD Foundation, which will open up new opportunities not otherwise available to HardenedBSD.\n\n\n\n\n###More mitigations against speculative execution vulnerabilities\n\n\nPhilip Guenther (guenther@) and Bryan Steele (brynet@) have added more mitigations against speculative execution CPU vulnerabilities on the amd64 platform.\n\n\n\nCVSROOT:    /cvs\nModule name:    src\nChanges by: guenther@cvs.openbsd.org    2018/07/23 11:54:04\n\nModified files:\n    sys/arch/amd64/amd64: locore.S \n    sys/arch/amd64/include: asm.h cpufunc.h frameasm.h \n\nLog message:\nDo \"Return stack refilling\", based on the \"Return stack underflow\" discussion\nand its associated appendix at https://support.google.com/faqs/answer/7625886\nThis should address at least some cases of \"SpectreRSB\" and earlier\nSpectre variants; more commits to follow.\n\nThe refilling is done in the enter-kernel-from-userspace and\nreturn-to-userspace-from-kernel paths, making sure to do it before\nunblocking interrupts so that a successive interrupt can't get the\nCPU to C code without doing this refill.  Per the link above, it\nalso does it immediately after mwait, apparently in case the low-power\nCPU states of idle-via-mwait flush the RSB.\n\nok mlarkin@ deraadt@```\n\n+ and:\n\n```CVSROOT: /cvs\nModule name:    src\nChanges by: guenther@cvs.openbsd.org    2018/07/23 20:42:25\n\nModified files:\n    sys/arch/amd64/amd64: locore.S vector.S vmm_support.S \n    sys/arch/amd64/include: asm.h cpufunc.h \n\nLog message:\nAlso do RSB refilling when context switching, after vmexits, and\nwhen vmlaunch or vmresume fails.\n\nFollow the lead of clang and the intel recommendation and do an lfence\nafter the pause in the speculation-stop path for retpoline, RSB refill,\nand meltover ASM bits.\n\nok kettenis@ deraadt@```\n\n+ \"Mitigation G-2\" for AMD processors:\n\n```CVSROOT: /cvs\nModule name:    src\nChanges by: brynet@cvs.openbsd.org  2018/07/23 17:25:03\n\nModified files:\n    sys/arch/amd64/amd64: identcpu.c \n    sys/arch/amd64/include: specialreg.h \n\nLog message:\nAdd \"Mitigation G-2\" per AMD's Whitepaper \"Software Techniques for\nManaging Speculation on AMD Processors\"\n\nBy setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing\ninstruction.\n\nTested on AMD FX-4100 \"Bulldozer\", and Linux guest in SVM vmd(8)\n\nok deraadt@ mlarkin@```\n***\n\n\n##Beastie Bits\n+ [HardenedBSD will stop supporting 10-STABLE on 10 August 2018](https://groups.google.com/a/hardenedbsd.org/forum/#!topic/users/xvU0g-g1l5U)\n+ [GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2](https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1)\n+ [ZFS Boot Environments at PBUG](https://vermaden.wordpress.com/2018/07/30/zfs-boot-environments-at-pbug/)\n+ [Second Editions versus the Publishing Business](https://blather.michaelwlucas.com/archives/3229)\n+ [Theo de Raadt on \"unveil(2) usage in base\"](https://undeadly.org/cgi?action=article;sid=20180728063716)\n+ [rtadvd(8) has been replaced by rad(8)](https://undeadly.org/cgi?action=article;sid=20180724072205)\n+ [BSD Users Stockholm Meetup #3](https://www.meetup.com/BSD-Users-Stockholm/events/253447019/)\n+ [Changes to NetBSD release support policy](https://blog.netbsd.org/tnf/entry/changes_to_netbsd_release_support)\n+ [The future of HAMMER1](http://lists.dragonflybsd.org/pipermail/users/2018-July/357832.html)\n***\n\n**Tarsnap**\n\n##Feedback/Questions\n+ Rodriguez - [A Question](http://dpaste.com/0Y1B75Q#wrap)\n+ Shane - [About ZFS Mostly](http://dpaste.com/32YGNBY#wrap)\n+ Leif - [ZFS less than 8gb](http://dpaste.com/2GY6HHC#wrap)\n+ Wayne - [ZFS vs EMC](http://dpaste.com/17PSCXC#wrap)\n***\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)\n","content_html":"\u003cp\u003eFreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-update-july-2018/\"\u003eFreeBSD Foundation Update, July 2018\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMESSAGE FROM THE EXECUTIVE DIRECTOR\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration,  spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!\u003cbr\u003e\nIn this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.\u003cbr\u003e\nYour support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eJune 2018 Development Projects Update\u003c/li\u003e\n\u003cli\u003eFundraising Update: Supporting the Project\u003c/li\u003e\n\u003cli\u003eJuly 2018 Release Engineering Update\u003c/li\u003e\n\u003cli\u003eOSCON 2018 Recap\u003c/li\u003e\n\u003cli\u003eSubmit Your Work: MeetBSD 2018\u003c/li\u003e\n\u003cli\u003eFreeBSD Discount for 2018 SNIA Developer Conference\u003c/li\u003e\n\u003cli\u003eEuroBSDcon 2018 Travel Grant Application Deadline: August 2\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###BSDCan Trip Reports\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-constantin-stan/\"\u003eBSDCan 2018 Trip Report: Constantin Stan\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-danilo-g-baio/\"\u003eBSDCan 2018 Trip Report: Danilo G. Baio\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-rodrigo-osorio/\"\u003eBSDCan 2018 Trip Report: Rodrigo Osorio\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-dhananjay-balan/\"\u003eBSDCan 2018 Trip Report: Dhananjay Balan\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-kyle-evans/\"\u003eBSDCan 2018 Trip Report: Kyle Evans\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://blog.haraschak.com/freebsd-and-ospfd/\"\u003eFreeBSD and OSPFd\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send \u0026amp; receive.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eServer 1: 172.16.3.0/28\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eServer 2: 172.16.3.16/28\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eServer 3: 172.16.3.32/28\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eServer 4: 172.16.3.48/28\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003eServer 5: 172.16.3.64/28\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eTo get started, first we install the Quagga package.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStarting with zebra.conf, we’ll define the hostname and a management password.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecond, we will populate the ospfd.conf file.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTo break this down:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eservice advanced-vty allows you to skip the en or enable command. Since I’m the only one who uses this service, it’s one less command to type.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eip ospf authentication message-digest and ip ospf message-diget-key… ignores non-authenticated OSPF communication. This is useful when communicating over the WAN and to prevent a replay attack. Since I’m using a VPN to communicate, I could exclude these.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003epassive-interface default turns off the active communication of OSPF messages on all interfaces except for the interfaces listed as no passive-interface [interface name]. Since my ospf communication needs to leverage the VPNs, this prevents the servers from trying to send ospf data out the WAN interface (a firewall would work too).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003enetwork 172.16.2.0/23 area 0.0.0.0 lists a supernet of both 172.16.2.0/24 and 172.16.3.0/24. This ensures routes for the jails are advertised along with the P2P links used by OpenVPN. The OpenVPN links are not required but can provide another IP to access your server if one of the links goes down. (See the suggested tasks below).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAt this point, we can enable the services in rc.conf.local and start them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe bind the management interface to 127.0.0.1 so that it’s only accessable to local telnet sessions. If you want to access this service remotely, you can bind to a remotely accessable IP. Remember telnet is not secure. If you need remote access, use a VPN.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTo manage the services, you can telnet to your host’s localhost address.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse 2604 for the ospf service.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemember, this is accessible by non-root users so set a good password.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBroadDiskStructure\"\u003eA broad overview of how ZFS is structured on disk\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen I wrote yesterday’s entry, it became clear that I didn’t understand as much about how ZFS is structured on disk (and that this matters, since I thought that ZFS copy on write updates updated a lot more than they do). So today I want to write down my new broad understanding of how this works. (All of this can be dug out of the old, draft ZFS on-disk format specification, but that spec is written in a very detailed way and things aren’t always immediately clear from it.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlmost everything in ZFS is in DMU object. All objects are defined by a dnode, and object dnodes are almost always grouped together in an object set. Object sets are themselves DMU objects; they store dnodes as basically a giant array in a ‘file’, which uses data blocks and indirect blocks and so on, just like anything else. Within a single object set, dnodes have an object number, which is the index of their position in the object set’s array of dnodes. (Because an object number is just the index of the object’s dnode in its object set’s array of dnodes, object numbers are basically always going to be duplicated between object sets (and they’re always relative to an object set). For instance, pretty much every object set is going to have an object number ten, although not all object sets may have enough objects that they have an object number ten thousand. One corollary of this is that if you ask zdb to tell you about a given object number, you have to tell zdb what object set you’re talking about. Usually you do this by telling zdb which ZFS filesystem or dataset you mean.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEach ZFS filesystem has its own object set for objects (and thus dnodes) used in the filesystem. As I discovered yesterday, every ZFS filesystem has a directory hierarchy and it may go many levels deep, but all of this directory hierarchy refers to directories and files using their object number.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS organizes and keeps track of filesystems, clones, and snapshots through the DSL (Dataset and Snapshot Layer). The DSL has all sorts of things; DSL directories, DSL datasets, and so on, all of which are objects and many of which refer to object sets (for example, every ZFS filesystem must refer to its current object set somehow). All of these DSL objects are themselves stored as dnodes in another object set, the Meta Object Set, which the uberblock points to. To my surprise, object sets are not stored in the MOS (and as a result do not have ‘object numbers’). Object sets are always referred to directly, without indirection, using a block pointer to the object set’s dnode.  (I think object sets are referred to directly so that snapshots can freeze their object set very simply.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe DSL directories and datasets for your pool’s set of filesystems form a tree themselves (each filesystem has a DSL directory and at least one DSL dataset). However, just like in ZFS filesystems, all of the objects in this second tree refer to each other indirectly, by their MOS object number. Just as with files in ZFS filesystems, this level of indirection limits the amount of copy on write updates that ZFS had to do when something changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePS: If you want to examine MOS objects with zdb, I think you do it with something like ‘zdb -vvv -d ssddata 1’, which will get you object number 1 of the MOS, which is the MOS object directory. If you want to ask zdb about an object in the pool’s root filesystem, use ‘zdb -vvv -d ssddata/ 1’. You can tell which one you’re getting depending on what zdb prints out. If it says ‘Dataset mos [META]’ you’re looking at objects from the MOS; if it says ‘Dataset ssddata [ZPL]’, you’re looking at the pool’s root filesystem (where object number 1 is the ZFS master node).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePPS: I was going to write up what changed on a filesystem write, but then I realized that I didn’t know how blocks being allocated and freed are reflected in pool structures. So I’ll just say that I think that ignoring free space management, only four DMU objects get updated; the file itself, the filesystem’s object set, the filesystem’s DSL dataset object, and the MOS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(As usual, doing the research to write this up taught me things that I didn’t know about ZFS.)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigital Ocean\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2018-07-11/mid-july-hardenedbsd-foundation-status\"\u003eHardenedBSD Foundation Status\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn 09 July 2018, the HardenedBSD Foundation Board of Directors held the kick-off meeting to start organizing the Foundation. The following people attended the kick-off meeting:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003col\u003e\n\u003cli\u003eShawn Webb (in person)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"2\"\u003e\n\u003cli\u003eGeorge Saylor (in person)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"3\"\u003e\n\u003cli\u003eBen Welch (in person)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"4\"\u003e\n\u003cli\u003eVirginia Suydan (in person)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"5\"\u003e\n\u003cli\u003eBen La Monica (phone)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"6\"\u003e\n\u003cli\u003eDean Freeman (phone)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003col start=\"7\"\u003e\n\u003cli\u003eChristian Severt (phone)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe discussed the very first steps that need to be taken to organize the HardenedBSD Foundation as a 501©(3) not-for-profit organization in the US. We determined we could file a 1023EZ instead of the full-blown 1023. This will help speed the process up drastically.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe steps are laid out as follows:\u003c/li\u003e\n\u003cli\u003eRegister a Post Office Box (PO Box) (completed on 10 Jul 2018).\u003c/li\u003e\n\u003cli\u003eRegister The HardenedBSD Foundation as a tax-exempt nonstock corporation in the state of Maryland (started on 10 Jul 2018, submitted on 18 Jul 2018, granted 20 Jul 2018).\u003c/li\u003e\n\u003cli\u003eObtain a federal tax ID (obtained 20 Jul 2018).\u003c/li\u003e\n\u003cli\u003eClose the current bank account and create a new one using the federal tax ID (completed on 20 Jul 2018).\u003c/li\u003e\n\u003cli\u003eFile the 1023EZ paperwork with the federal government (started on 20 Jul 2018).\u003c/li\u003e\n\u003cli\u003eHire an attorney to help draft the organization bylaws.\u003c/li\u003e\n\u003cli\u003eEach of the steps must be done serially and in order.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe added Christian Severt, who is on Emerald Onion’s Board of Directors, to the HardenedBSD Foundation Board of Directors as an advisor. He was foundational in getting Emerald Onion their 501©(3) tax-exempt, not-for-profit status and has really good insight. Additionally, he’s going to help HardenedBSD coordinate hosting services, figuring out the best deals for us.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe promoted George Saylor to Vice President and changed Shawn Webb’s title to President and Director. This is to help resolve potential concerns both the state and federal agencies might have with an organization having only a single President role.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe hope to be granted our 501©(3) status before the end of the year, though that may be subject to change. We are excited for the formation of the HardenedBSD Foundation, which will open up new opportunities not otherwise available to HardenedBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180724072257\"\u003eMore mitigations against speculative execution vulnerabilities\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePhilip Guenther (guenther@) and Bryan Steele (brynet@) have added more mitigations against speculative execution CPU vulnerabilities on the amd64 platform.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode class=\"language-For\"\u003e\nCVSROOT:    /cvs\nModule name:    src\nChanges by: guenther@cvs.openbsd.org    2018/07/23 11:54:04\n\nModified files:\n    sys/arch/amd64/amd64: locore.S \n    sys/arch/amd64/include: asm.h cpufunc.h frameasm.h \n\nLog message:\nDo \u0026quot;Return stack refilling\u0026quot;, based on the \u0026quot;Return stack underflow\u0026quot; discussion\nand its associated appendix at https://support.google.com/faqs/answer/7625886\nThis should address at least some cases of \u0026quot;SpectreRSB\u0026quot; and earlier\nSpectre variants; more commits to follow.\n\nThe refilling is done in the enter-kernel-from-userspace and\nreturn-to-userspace-from-kernel paths, making sure to do it before\nunblocking interrupts so that a successive interrupt can't get the\nCPU to C code without doing this refill.  Per the link above, it\nalso does it immediately after mwait, apparently in case the low-power\nCPU states of idle-via-mwait flush the RSB.\n\nok mlarkin@ deraadt@```\n\n+ and:\n\n```CVSROOT: /cvs\nModule name:    src\nChanges by: guenther@cvs.openbsd.org    2018/07/23 20:42:25\n\nModified files:\n    sys/arch/amd64/amd64: locore.S vector.S vmm_support.S \n    sys/arch/amd64/include: asm.h cpufunc.h \n\nLog message:\nAlso do RSB refilling when context switching, after vmexits, and\nwhen vmlaunch or vmresume fails.\n\nFollow the lead of clang and the intel recommendation and do an lfence\nafter the pause in the speculation-stop path for retpoline, RSB refill,\nand meltover ASM bits.\n\nok kettenis@ deraadt@```\n\n+ \u0026quot;Mitigation G-2\u0026quot; for AMD processors:\n\n```CVSROOT: /cvs\nModule name:    src\nChanges by: brynet@cvs.openbsd.org  2018/07/23 17:25:03\n\nModified files:\n    sys/arch/amd64/amd64: identcpu.c \n    sys/arch/amd64/include: specialreg.h \n\nLog message:\nAdd \u0026quot;Mitigation G-2\u0026quot; per AMD's Whitepaper \u0026quot;Software Techniques for\nManaging Speculation on AMD Processors\u0026quot;\n\nBy setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing\ninstruction.\n\nTested on AMD FX-4100 \u0026quot;Bulldozer\u0026quot;, and Linux guest in SVM vmd(8)\n\nok deraadt@ mlarkin@```\n***\n\n\n##Beastie Bits\n+ [HardenedBSD will stop supporting 10-STABLE on 10 August 2018](https://groups.google.com/a/hardenedbsd.org/forum/#!topic/users/xvU0g-g1l5U)\n+ [GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2](https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1)\n+ [ZFS Boot Environments at PBUG](https://vermaden.wordpress.com/2018/07/30/zfs-boot-environments-at-pbug/)\n+ [Second Editions versus the Publishing Business](https://blather.michaelwlucas.com/archives/3229)\n+ [Theo de Raadt on \u0026quot;unveil(2) usage in base\u0026quot;](https://undeadly.org/cgi?action=article;sid=20180728063716)\n+ [rtadvd(8) has been replaced by rad(8)](https://undeadly.org/cgi?action=article;sid=20180724072205)\n+ [BSD Users Stockholm Meetup #3](https://www.meetup.com/BSD-Users-Stockholm/events/253447019/)\n+ [Changes to NetBSD release support policy](https://blog.netbsd.org/tnf/entry/changes_to_netbsd_release_support)\n+ [The future of HAMMER1](http://lists.dragonflybsd.org/pipermail/users/2018-July/357832.html)\n***\n\n**Tarsnap**\n\n##Feedback/Questions\n+ Rodriguez - [A Question](http://dpaste.com/0Y1B75Q#wrap)\n+ Shane - [About ZFS Mostly](http://dpaste.com/32YGNBY#wrap)\n+ Leif - [ZFS less than 8gb](http://dpaste.com/2GY6HHC#wrap)\n+ Wayne - [ZFS vs EMC](http://dpaste.com/17PSCXC#wrap)\n***\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)\n\u003c/code\u003e\u003c/pre\u003e","summary":"FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.","date_published":"2018-08-08T01:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2975f51c-21d4-41df-bae9-4e3616147a50.mp3","mime_type":"audio/mp3","size_in_bytes":52903277,"duration_in_seconds":5272}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2354","title":"Episode 257: Great NetBSD 8 | BSD Now 257","url":"https://www.bsdnow.tv/257","content_text":"NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.\n\n\n##Headlines\n###NetBSD v8.0 Released\n\n\nThe NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.\n\n\n\nThis release brings stability improvements, hundreds of bug fixes, and many new features.\n\n\n\n\nSome highlights of the NetBSD 8.0 release are:\n\n\nUSB stack rework, USB3 support added.\n\n\nIn-kernel audio mixer (audio_system(9)).\n\n\nReproducible builds (MKREPRO, see mk.conf(5)).\n\n\nFull userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.\n\n\nPaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.\n\n\nPaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.\n\n\nPosition independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.\n\n\nA new socket layer can(4) has been added for communication of devices on a CAN bus.\n\n\nA special pseudo interface ipsecif(4) for route-based VPNs has been added.\n\n\nParts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.\n\n\nHardening of the network stack in general.\n\n\nVarious WAPBL (the NetBSD file system “log” option) stability and performance improvements.\n\n\nSpecific to i386 and amd64 CPUs:\n\n\nMeltdown mitigation: SVS (Separate Virtual Space), enabled by default.\n\n\nSpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.\n\n\nSpectreV4 mitigations available for Intel and AMD.\n\n\nPopSS workaround: user access to debug registers is turned off by default.\n\n\nLazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).\n\n\nSMAP support.\n\n\nImprovement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.\n\n\n(U)EFI bootloader.\n\n\nMany evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.\n\n\nLots of updates to 3rd party software included:\n\n\nGCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer\n\n\nGDB 7.12\n\n\nGNU binutils 2.27\n\n\nClang/LLVM 3.8.1\n\n\nOpenSSH 7.6\n\n\nOpenSSL 1.0.2k\n\n\nmdocml 1.14.1\n\n\nacpica 20170303\n\n\nntp 4.2.8p11-o\n\n\ndhcpcd 7.0.6\n\n\nLua 5.3.4\n\n\n\n\n\n###Running FreeBSD on the ARM64 VPS from Scaleway\n\n\nI’ve been thinking about this 6 since 2017, but only yesterday signed up for an account and played around with the ARM64 offering.\nTurns out it’s pretty great! KVM boots into UEFI, there’s a local VirtIO disk attached, no NBD junk required. So we can definitely run FreeBSD.\nI managed to “depenguinate” a running instance, the notes are below. Would be great if Scaleway offered an official image instead :wink:\nFor some reason, unlike on x86 4, mounting additional volumes is not allowed 4 on ARM64 instances. So we’ll have to move the running Linux to a ramdisk using pivot_root and then we can do whatever to our one and only disk.\nSpin up an instance with Ubuntu Zesty and ssh in.\n\n\n\nPrepare the system and change the root to a tmpfs:\n\n\napt install gdisk\nmount -t tmpfs tmpfs /tmp\ncp -r /bin /sbin /etc /dev /root /home /lib /run /usr /var /tmp\nmkdir /tmp/proc /tmp/sys /tmp/oldroot\nmount /dev/vda /tmp/oldroot\nmount --make-rprivate /\npivot_root /tmp /tmp/oldroot\nfor i in dev proc sys run; do mount --move /oldroot/$i /$i; done\nsystemctl daemon-reload\nsystemctl restart sshd\n\n\n\nNow reconnect to ssh from a second terminal (note: rm the connection file if you use ControlPersist in ssh config), then exit the old session. Kill the old sshd process, restart or stop the rest of the stuff using the old disk:\n\n\npkill -f notty\nsed -ibak 's/RefuseManualStart.*$//g' /lib/systemd/system/dbus.service\nsystemctl daemon-reload\nsystemctl restart dbus\nsystemctl daemon-reexec\nsystemctl stop user@0 ntp cron systemd-logind\nsystemctl restart systemd-journald systemd-udevd\npkill agetty\npkill rsyslogd\n\n\n\nCheck that nothing is touching /oldroot:\n\n\nlsof | grep oldroot\n\n\n\nThere will probably be an old dbus-daemon, kill it.\nAnd finally, unmount the old root and overwrite the hard disk with a memstick image:\n\n\numount -R /oldroot\nwget https://download.freebsd.org/ftp/snapshots/arm64/aarch64/ISO-IMAGES/12.0/FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz\nxzcat FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz | dd if=/dev/stdin of=/dev/vda bs=1M\n\n\n\n(Look for the newest snapshot, don’t copy paste the July 19 link above if you’re reading this in the future. Actually maybe use a release instead of CURRENT…)\nNow, fix the GPT: move the secondary table to the end of the disk and resize the table.\nIt’s important to resize here, as FreeBSD does not do that and silently creates partitions that won’t persist across reboots\n\n\ngdisk /dev/vda\nx\ne\ns\n4\nw\ny\n\n\nAnd reboot. (You might actually want to hard reboot here: for some reason on the first reboot from Linux, pressing the any-key to enter the prompt in the loader hangs the console for me.)\n\nI didn’t have to go into the ESC menu and choose the local disk in the boot manager, it seems to boot from disk automatically.\n\nNow we’re in the FreeBSD EFI loader.\nFor some reason, the (recently fixed? 2) serial autodetection from EFI is not working correctly. Or something.\nSo you don’t get console output by default.\nTo fix, you have to run these commands in the boot loader command prompt:\n\nset console=comconsole,efi\nboot\n\n\nIgnore the warning about comconsole not being a valid console.\nSince there’s at least one (efi) that the loader thinks is valid, it sets the whole variable.)\n\n(UPD: shouldn’t be necessary in the next snapshot)\n\nNow it’s a regular installation process!\nWhen asked about partitioning, choose Shell, and manually add a partition and set up a root filesystem:\n\ngpart add -t freebsd-zfs -a 4k -l zroot vtbd0\nzpool create -R /mnt -O mountpoint=none -O atime=off zroot /dev/gpt/zroot\nzfs create -o canmount=off -o mountpoint=none zroot/ROOT\nzfs create -o mountpoint=/ zroot/ROOT/default\nzfs create -o mountpoint=/usr zroot/ROOT/default/usr\nzfs create -o mountpoint=/var zroot/ROOT/default/var\nzfs create -o mountpoint=/var/log zroot/ROOT/default/var/log\nzfs create -o mountpoint=/usr/home zroot/home\nzpool set bootfs=zroot/ROOT/default zroot\nexit\n\n\n(In this example, I set up ZFS with a beadm-compatible layout which allows me to use Boot Environments.)\n\nIn the post-install chroot shell, fix some configs like so:\n\necho 'zfs_load=\"YES\"' \u0026gt;\u0026gt; /boot/loader.conf\necho 'console=\"comconsole,efi\"' \u0026gt;\u0026gt; /boot/loader.conf\necho 'vfs.zfs.arc_max=\"512M\"' \u0026gt;\u0026gt; /boot/loader.conf\nsysrc zfs_enable=YES\nexit\n\n\n(Yeah, for some reason, the loader does not load zfs.ko’s dependency opensolaris.ko automatically here. idk what even. It does on my desktop and laptop.)\n\nNow you can reboot into the installed system!!\n\nHere’s how you can set up IPv6 (and root’s ssh key) auto configuration on boot:\n\nPkg bootstrap\npkg install curl\ncurl https://raw.githubusercontent.com/scaleway/image-tools/master/bases/overlay-common/usr/local/bin/scw-metadata \u0026gt; /usr/local/bin/scw-metadata\nchmod +x /usr/local/bin/scw-metadata\necho '#\\!/bin/sh' \u0026gt; /etc/rc.local\necho 'PATH=/usr/local/bin:$PATH' \u0026gt;\u0026gt; /etc/rc.local\necho 'eval $(scw-metadata)' \u0026gt;\u0026gt; /etc/rc.local\necho 'echo $SSH_PUBLIC_KEYS_0_KEY \u0026gt; /root/.ssh/authorized_keys' \u0026gt;\u0026gt; /etc/rc.local\necho 'chmod 0400 /root/.ssh/authorized_keys' \u0026gt;\u0026gt; /etc/rc.local\necho 'ifconfig vtnet0 inet6 $IPV6_ADDRESS/$IPV6_NETMASK' \u0026gt;\u0026gt; /etc/rc.local\necho 'route -6 add default $IPV6_GATEWAY' \u0026gt;\u0026gt; /etc/rc.local\nmkdir /run\nmkdir /root/.ssh\nsh /etc/rc.local\n\n\n\nAnd to fix incoming TCP connections, configure the DHCP client to change the broadcast address:\n\n\necho 'interface \"vtnet0\" { supersede broadcast-address 255.255.255.255; }' \u0026gt;\u0026gt; /etc/dhclient.conf\nkillall dhclient\ndhclient vtnet0\n\n\nOther random notes:\nkeep in mind that -CURRENT snapshots come with a debugging kernel by default, which limits syscall performance by a lot, you might want to build your own 2 with config GENERIC-NODEBUG\nalso disable heavy malloc debugging features by running ln -s ‘abort:false,junk:false’ /etc/malloc.conf (yes that’s storing config in a symlink)\nyou can reuse the installer’s partition for swap\n\n\n\n\n** Digital Ocean **\nhttp://do.co/bsdnow\n\n###Easy encrypted backups on OpenBSD with base tools\n\n\nToday’s topic is “Encrypted backups” using only OpenBSD base tools. I am planning to write a bigger article later about backups but it’s a wide topic with a lot of software to cover and a lot of explanations about the differents uses cases, needs, issues an solutions. Here I will stick on explaining how to make reliable backups for an OpenBSD system (my laptop).\nWhat we need is the dump command (see man 8 dump for its man page). It’s an utility to make a backup for a filesystem, it can only make a backup of one filesystem at a time. On my laptop I only backup /home partition so this solution is suitable for me while still being easy.\nDump can do incremental backups, it means that it will only save what changed since the last backup of lower level. If you do not understand this, please refer to the dump man page.\nWhat is very interesting with dump is that it honors nodump flag which is an extended attribute of a FFS filesystem. One can use the command chflags nodump /home/solene/Downloads to tells dump not do save that folder (under some circumstances). By default, dump will not save thoses files, EXCEPT for a level 0 backup.\n\n\n\nImportant features of this backup solution:\nsave files with attributes, permissions and flags\ncan recreate a partition from a dump, restore files interactively, from a list or from its inode number (useful when you have files in lost+found)\none dump = one file\n\n\n\nMy process is to make a huge dump of level 0 and keep it on a remote server, then, once a week I make a level 1 backup which will contain everything changed since the last dump of level 0, and everyday I do a level 2 backup of my files. The level 2 will contain latest files and the files changing a lot, which are often the most interesting. The level 1 backup is important because it will offload a lot of changes for the level 2.\nLet me explain: let says my full backup is 60 GB, full of pictures, sources files, GUI applications data files etc… A level 1 backup will contain every new picture, new projects, new GUI files etc… since the full backup, which will produce bigger and bigger dump over time, usually it is only 100 MB to 1GB. As I don’t add new pictures everyday or use new software everyday, the level 2 will take care of most littles changes to my data, like source code edited, little works on files etc… The level 2 backup is really small, I try to keep it under 50 MB so I can easily send it on my remote server everyday.\nOne could you more dump level, up to level 9, but keep in mind that those are incremental. In my case, if I need to restore all my partition, I will need to use level 0, 1 and 2 to get up to latest backup state. If you want to restore a file deleted a few days ago, you need to remember in which level its latest version is.\nHistory note: dump was designed to be used with magnetic tapes.\n\n\n\nSee the article for the remainder of the article\n\n\n\n\n##News Roundup\n###Status of DFly server storage upgrades (Matt Dillon)\n\n\nLast month we did some storage upgrades, particularly of internet-facing machines for package and OS distribution.  Yesterday we did a number of additional upgrades, described below.  All using funds generously donated by everyone!\n\n\n\nThe main repository server received a 2TB SSD to replace the HDDs it was using before.  This will improve access to a number of things maintained by this server, including the mail archives, and gives the main repo server more breathing room for repository expansion.  Space was at a premium before.  Now there’s plenty.\n\n\n\nMonster, the quad socket opteron which we currently use as the database builder and repository that we export to our public grok service (grok.dragonflybsd.org) received a 512G SSD to add swap space for swapcache, to help cache the grok meta-data.  It now has 600GB of swapcache configured.  Over the next few weeks we will also be changing the grok updates to ping-pong between the two 4TB data drives it received in the last upgrade so we can do concurrent updates and web accesses without them tripping over each other performance-wise.\n\n\n\nThe main developer box, Leaf, received a 2TB SSD and we are currently in the midst of migrating all the developer accounts in /home and /build from its old HDDs to its new SSD.  This machine serves developer repos, developer web stuff, our home page and wiki, etc, so those will become snappier as well.\n\n\n\nHard drives are becoming real dinosaurs.  We still have a few left from the old days but in terms of active use the only HDDs we feel we really need to keep now are the ones we use for backups and grok data, owing to the amount of storage needed for those functions.\n\n\n\nFive years ago when we received the blade server that now sits in the colo, we had a small 256G SSD for root on every blade, and everything else used HDDs.  To make things operate smoothly, most of that 256G root SSD was assigned to swapcache (200G of it, in fact, in most cases).  Even just 2 years ago replacing all those HDDs with SSDs, even just the ones being used to actively serve data and support developers, would have been cost prohibitive.  But today it isn’t and the only HDDs we really need anywhere are for backups or certain very large bits of bulk data (aka the grok source repository and index).  The way things are going, even the backup drives will probably become SSDs over the next two years.\n\n\n\n\n###iX ad spot\nOSCON 2018 Recap\n\n\n\n###zpool checkpoints\n\n\nIn March, to FreeBSD landed a very interesting feature called ‘zpool checkpoints’. Before we jump straight into the topic, let’s take a step back and look at another ZFS feature called ‘snapshot’. Snapshot allows us to create an image of our single file systems. This gives us the option to modify data on the dataset without the fear of losing some data.\n\n\n\nA very good example of how to use ZFS snapshot is during an upgrade of database schema. Let us consider a situation where we have a few scripts which change our schema. Sometimes we are unable to upgrade in one transaction (for example, when we attempt to alter a table and then update it in single transaction). If our database is on dataset, we can just snapshot it, and if something goes wrong, simply rollback the file system to its previous state.\n\n\n\nThe problem with snapshot is that it works only on a single dataset. If we added some dataset, we wouldn’t then be able to create the snapshot which would rollback that operation. The same with changing the attributes of a dataset. If we change the compression on the dataset, we cannot rollback it. We would need to change that manually.\n\n\n\nAnother interesting problem involves upgrading the whole operating system when we upgrade system with a new ZFS version. What if we start upgrading our dataset and our kernel begins to crash? (If you use FreeBSD, I doubt you will ever have had that experience but still…). If we rollback to the old kernel, there is a chance the dataset will stop working because the new kernel doesn’t know how to use the new features.\n\n\n\nZpool checkpoints is the solution to all those problems. Instead of taking a single snapshot of the dataset, we can now take a snapshot of the whole pool. That means we will not only rollback the data but also all the metadata. If we rewind to the checkpoint, all our ZFS properties will be rolled back; the upgrade will be rolledback, and even the creation/deletion of the dataset, and the snapshot, will be rolledback.\n\n\n\nZpool Checkpoint has introduced a few simple functions:\nFor a creating checkpoint:\n\n\nzpool checkpoint \u0026lt;pool\u0026gt;\n\n\nRollbacks state to checkpoint and remove the checkpoint:\n\n\nzpool import -- rewind-to-checkpoint \u0026lt;pool\u0026gt;\n\n\nMount the pool read only - this does not rollback the data:\n\n\nzpool import --read-only=on --rewind-to-checkpoint\n\n\nRemove the checkpoint\n\n\nzpool checkpoint --discard \u0026lt;pool\u0026gt; or zpool checkpoint -d \u0026lt;pool\u0026gt;\n\n\nWith this powerful feature we need to remember some safety rules:\nScrub will work only on data that isn’t in checkpool.\nYou can’t remove vdev if you have a checkpoint.\nYou can’t split mirror.\nReguid will not work either.\nCreate a checkpoint when one of the disks is removed…\n\n\n\nFor me, this feature is incredibly useful, especially when upgrading an operating system, or when I need to experiment with additional data sets. If you speak Polish, I have some additional information for you. During the first Polish BSD user group meeting, I had the opportunity to give a short talk about this feature. Here you find the video of that talk, and here is the slideshow.\n\n\n\nI would like to offer my thanks to Serapheim Dimitropoulos for developing this feature, and for being so kind in sharing with me so many of its intricacies. If you are interested in knowing more about the technical details of this feature, you should check out Serapheim’s blog, and his video about checkpoints.\n\n\n\n\n###g2k18 Reports\n\n\ng2k18 hackathon report: Ingo Schwarze on sed(1) bugfixing with Martijn van Duren, and about other small userland stuff\ng2k18 hackathon report: Kenneth Westerback on dhcpd(8) fixes, disklabel(8) refactoring and more\ng2k18 Hackathon Report: Marc Espie on ports and packages progress\ng2k18 hackathon report: Antoine Jacoutot on porting\ng2k18 hackathon report: Matthieu Herrb on font caches and xenodm\ng2k18 hackathon report: Florian Obser on rtadvd(8) -\u0026gt; rad(8) progress (actually, rewrite)\ng2k18 Hackathon Report: Klemens Nanni on improvements to route(8), pfctl(8), and mount(2)\ng2k18 hackathon report: Carlos Cardenas on vmm/vmd progress, LACP\ng2k18 hackathon report: Claudio Jeker on OpenBGPD developments\nPicture of the last day of the g2k18 hackathon in Ljubljana, Slovenia\n\n\n\n\n##Beastie Bits\n\n\nSomething blogged (on pkgsrcCon 2018)\nGSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1\nThere should be a global ‘awareness’ week for developers\nPolish BSD User Group – Upcoming Meeting: Aug 9th 2018\nLondon BSD User Group – Upcoming Meeting: Aug 14th 2018\nPhillip Smith’s collection of reasons why ZFS is better so that he does not have to repeat\nhimself all the time\nEuroBSDCon 2018: Sept 20-23rd in Romania – Register NOW!\nMeetBSD 2018: Oct 19-20 in Santa Clara, California. Call for Papers closes on Aug 12\n\n\n\n\nTarsnap\n\n##Feedback/Questions\n\n\nDale - L2ARC recommendations \u0026amp; drive age question\nTodd - ZFS \u0026amp; S3\nefraim - License Poem\nHenrick - Yet another ZFS question\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eNetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.\u003cbr\u003e\n\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.netbsd.org/releases/formal-8/NetBSD-8.0.html\"\u003eNetBSD v8.0 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis release brings stability improvements, hundreds of bug fixes, and many new features.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSome highlights of the NetBSD 8.0 release are:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUSB stack rework, USB3 support added.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn-kernel audio mixer (audio_system(9)).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReproducible builds (MKREPRO, see mk.conf(5)).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFull userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePosition independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA new socket layer can(4) has been added for communication of devices on a CAN bus.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA special pseudo interface ipsecif(4) for route-based VPNs has been added.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eParts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHardening of the network stack in general.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious WAPBL (the NetBSD file system “log” option) stability and performance improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSpecific to i386 and amd64 CPUs:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMeltdown mitigation: SVS (Separate Virtual Space), enabled by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSpectreV4 mitigations available for Intel and AMD.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePopSS workaround: user access to debug registers is turned off by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSMAP support.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprovement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e(U)EFI bootloader.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMany evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLots of updates to 3rd party software included:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGDB 7.12\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGNU binutils 2.27\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClang/LLVM 3.8.1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOpenSSH 7.6\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOpenSSL 1.0.2k\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emdocml 1.14.1\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eacpica 20170303\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003entp 4.2.8p11-o\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003edhcpcd 7.0.6\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLua 5.3.4\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://community.online.net/t/freebsd-on-arm64/6678\"\u003eRunning FreeBSD on the ARM64 VPS from Scaleway\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been thinking about this 6 since 2017, but only yesterday signed up for an account and played around with the ARM64 offering.\u003cbr\u003e\nTurns out it’s pretty great! KVM boots into UEFI, there’s a local VirtIO disk attached, no NBD junk required. So we can definitely run FreeBSD.\u003cbr\u003e\nI managed to “depenguinate” a running instance, the notes are below. Would be great if Scaleway offered an official image instead :wink:\u003cbr\u003e\nFor some reason, unlike on x86 4, mounting additional volumes is not allowed 4 on ARM64 instances. So we’ll have to move the running Linux to a ramdisk using pivot_root and then we can do whatever to our one and only disk.\u003cbr\u003e\nSpin up an instance with Ubuntu Zesty and ssh in.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePrepare the system and change the root to a tmpfs:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003eapt install gdisk\nmount -t tmpfs tmpfs /tmp\ncp -r /bin /sbin /etc /dev /root /home /lib /run /usr /var /tmp\nmkdir /tmp/proc /tmp/sys /tmp/oldroot\nmount /dev/vda /tmp/oldroot\nmount --make-rprivate /\npivot_root /tmp /tmp/oldroot\nfor i in dev proc sys run; do mount --move /oldroot/$i /$i; done\nsystemctl daemon-reload\nsystemctl restart sshd\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow reconnect to ssh from a second terminal (note: rm the connection file if you use ControlPersist in ssh config), then exit the old session. Kill the old sshd process, restart or stop the rest of the stuff using the old disk:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003epkill -f notty\nsed -ibak 's/RefuseManualStart.*$//g' /lib/systemd/system/dbus.service\nsystemctl daemon-reload\nsystemctl restart dbus\nsystemctl daemon-reexec\nsystemctl stop user@0 ntp cron systemd-logind\nsystemctl restart systemd-journald systemd-udevd\npkill agetty\npkill rsyslogd\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCheck that nothing is touching /oldroot:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003elsof | grep oldroot\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere will probably be an old dbus-daemon, kill it.\u003cbr\u003e\nAnd finally, unmount the old root and overwrite the hard disk with a memstick image:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eumount -R /oldroot\nwget https://download.freebsd.org/ftp/snapshots/arm64/aarch64/ISO-IMAGES/12.0/FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz\nxzcat FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz | dd if=/dev/stdin of=/dev/vda bs=1M\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e(Look for the newest snapshot, don’t copy paste the July 19 link above if you’re reading this in the future. Actually maybe use a release instead of CURRENT…)\u003cbr\u003e\nNow, fix the GPT: move the secondary table to the end of the disk and resize the table.\u003cbr\u003e\nIt’s important to resize here, as FreeBSD does not do that and silently creates partitions that won’t persist across reboots\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003egdisk /dev/vda\nx\ne\ns\n4\nw\ny\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eAnd reboot. (You might actually want to hard reboot here: for some reason on the first reboot from Linux, pressing the any-key to enter the prompt in the loader hangs the console for me.)\u003c/p\u003e\n\n\u003cp\u003eI didn’t have to go into the ESC menu and choose the local disk in the boot manager, it seems to boot from disk automatically.\u003c/p\u003e\n\n\u003cp\u003eNow we’re in the FreeBSD EFI loader.\u003cbr\u003e\nFor some reason, the (recently fixed? 2) serial autodetection from EFI is not working correctly. Or something.\u003cbr\u003e\nSo you don’t get console output by default.\u003cbr\u003e\nTo fix, you have to run these commands in the boot loader command prompt:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eset console=comconsole,efi\nboot\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eIgnore the warning about comconsole not being a valid console.\u003cbr\u003e\nSince there’s at least one (efi) that the loader thinks is valid, it sets the whole variable.)\u003c/p\u003e\n\n\u003cp\u003e(UPD: shouldn’t be necessary in the next snapshot)\u003c/p\u003e\n\n\u003cp\u003eNow it’s a regular installation process!\u003cbr\u003e\nWhen asked about partitioning, choose Shell, and manually add a partition and set up a root filesystem:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003egpart add -t freebsd-zfs -a 4k -l zroot vtbd0\nzpool create -R /mnt -O mountpoint=none -O atime=off zroot /dev/gpt/zroot\nzfs create -o canmount=off -o mountpoint=none zroot/ROOT\nzfs create -o mountpoint=/ zroot/ROOT/default\nzfs create -o mountpoint=/usr zroot/ROOT/default/usr\nzfs create -o mountpoint=/var zroot/ROOT/default/var\nzfs create -o mountpoint=/var/log zroot/ROOT/default/var/log\nzfs create -o mountpoint=/usr/home zroot/home\nzpool set bootfs=zroot/ROOT/default zroot\nexit\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e(In this example, I set up ZFS with a beadm-compatible layout which allows me to use Boot Environments.)\u003c/p\u003e\n\n\u003cp\u003eIn the post-install chroot shell, fix some configs like so:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eecho 'zfs_load=\u0026quot;YES\u0026quot;' \u0026gt;\u0026gt; /boot/loader.conf\necho 'console=\u0026quot;comconsole,efi\u0026quot;' \u0026gt;\u0026gt; /boot/loader.conf\necho 'vfs.zfs.arc_max=\u0026quot;512M\u0026quot;' \u0026gt;\u0026gt; /boot/loader.conf\nsysrc zfs_enable=YES\nexit\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e(Yeah, for some reason, the loader does not load zfs.ko’s dependency opensolaris.ko automatically here. idk what even. It does on my desktop and laptop.)\u003c/p\u003e\n\n\u003cp\u003eNow you can reboot into the installed system!!\u003c/p\u003e\n\n\u003cp\u003eHere’s how you can set up IPv6 (and root’s ssh key) auto configuration on boot:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003ePkg bootstrap\npkg install curl\ncurl https://raw.githubusercontent.com/scaleway/image-tools/master/bases/overlay-common/usr/local/bin/scw-metadata \u0026gt; /usr/local/bin/scw-metadata\nchmod +x /usr/local/bin/scw-metadata\necho '#\\!/bin/sh' \u0026gt; /etc/rc.local\necho 'PATH=/usr/local/bin:$PATH' \u0026gt;\u0026gt; /etc/rc.local\necho 'eval $(scw-metadata)' \u0026gt;\u0026gt; /etc/rc.local\necho 'echo $SSH_PUBLIC_KEYS_0_KEY \u0026gt; /root/.ssh/authorized_keys' \u0026gt;\u0026gt; /etc/rc.local\necho 'chmod 0400 /root/.ssh/authorized_keys' \u0026gt;\u0026gt; /etc/rc.local\necho 'ifconfig vtnet0 inet6 $IPV6_ADDRESS/$IPV6_NETMASK' \u0026gt;\u0026gt; /etc/rc.local\necho 'route -6 add default $IPV6_GATEWAY' \u0026gt;\u0026gt; /etc/rc.local\nmkdir /run\nmkdir /root/.ssh\nsh /etc/rc.local\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd to fix incoming TCP connections, configure the DHCP client to change the broadcast address:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eecho 'interface \u0026quot;vtnet0\u0026quot; { supersede broadcast-address 255.255.255.255; }' \u0026gt;\u0026gt; /etc/dhclient.conf\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ekillall dhclient\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003edhclient vtnet0\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOther random notes:\u003c/li\u003e\n\u003cli\u003ekeep in mind that -CURRENT snapshots come with a debugging kernel by default, which limits syscall performance by a lot, you might want to build your own 2 with config GENERIC-NODEBUG\u003c/li\u003e\n\u003cli\u003ealso disable heavy malloc debugging features by running ln -s ‘abort:false,junk:false’ /etc/malloc.conf (yes that’s storing config in a symlink)\u003c/li\u003e\n\u003cli\u003eyou can reuse the installer’s partition for swap\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e** Digital Ocean **\u003cbr\u003e\n\u003ca href=\"http://do.co/bsdnow\"\u003ehttp://do.co/bsdnow\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://dataswamp.org/~solene/2018-06-26-openbsd-easy-backup.html\"\u003eEasy encrypted backups on OpenBSD with base tools\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday’s topic is “Encrypted backups” using only OpenBSD base tools. I am planning to write a bigger article later about backups but it’s a wide topic with a lot of software to cover and a lot of explanations about the differents uses cases, needs, issues an solutions. Here I will stick on explaining how to make reliable backups for an OpenBSD system (my laptop).\u003cbr\u003e\nWhat we need is the dump command (see man 8 dump for its man page). It’s an utility to make a backup for a filesystem, it can only make a backup of one filesystem at a time. On my laptop I only backup /home partition so this solution is suitable for me while still being easy.\u003cbr\u003e\nDump can do incremental backups, it means that it will only save what changed since the last backup of lower level. If you do not understand this, please refer to the dump man page.\u003cbr\u003e\nWhat is very interesting with dump is that it honors nodump flag which is an extended attribute of a FFS filesystem. One can use the command chflags nodump /home/solene/Downloads to tells dump not do save that folder (under some circumstances). By default, dump will not save thoses files, EXCEPT for a level 0 backup.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eImportant features of this backup solution:\u003c/li\u003e\n\u003cli\u003esave files with attributes, permissions and flags\u003c/li\u003e\n\u003cli\u003ecan recreate a partition from a dump, restore files interactively, from a list or from its inode number (useful when you have files in lost+found)\u003c/li\u003e\n\u003cli\u003eone dump = one file\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy process is to make a huge dump of level 0 and keep it on a remote server, then, once a week I make a level 1 backup which will contain everything changed since the last dump of level 0, and everyday I do a level 2 backup of my files. The level 2 will contain latest files and the files changing a lot, which are often the most interesting. The level 1 backup is important because it will offload a lot of changes for the level 2.\u003cbr\u003e\nLet me explain: let says my full backup is 60 GB, full of pictures, sources files, GUI applications data files etc… A level 1 backup will contain every new picture, new projects, new GUI files etc… since the full backup, which will produce bigger and bigger dump over time, usually it is only 100 MB to 1GB. As I don’t add new pictures everyday or use new software everyday, the level 2 will take care of most littles changes to my data, like source code edited, little works on files etc… The level 2 backup is really small, I try to keep it under 50 MB so I can easily send it on my remote server everyday.\u003cbr\u003e\nOne could you more dump level, up to level 9, but keep in mind that those are incremental. In my case, if I need to restore all my partition, I will need to use level 0, 1 and 2 to get up to latest backup state. If you want to restore a file deleted a few days ago, you need to remember in which level its latest version is.\u003cbr\u003e\nHistory note: dump was designed to be used with magnetic tapes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the article for the remainder of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2018-July/357809.html\"\u003eStatus of DFly server storage upgrades (Matt Dillon)\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast month we did some storage upgrades, particularly of internet-facing machines for package and OS distribution.  Yesterday we did a number of additional upgrades, described below.  All using funds generously donated by everyone!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe main repository server received a 2TB SSD to replace the HDDs it was using before.  This will improve access to a number of things maintained by this server, including the mail archives, and gives the main repo server more breathing room for repository expansion.  Space was at a premium before.  Now there’s plenty.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMonster, the quad socket opteron which we currently use as the database builder and repository that we export to our public grok service (\u003ca href=\"http://grok.dragonflybsd.org\"\u003egrok.dragonflybsd.org\u003c/a\u003e) received a 512G SSD to add swap space for swapcache, to help cache the grok meta-data.  It now has 600GB of swapcache configured.  Over the next few weeks we will also be changing the grok updates to ping-pong between the two 4TB data drives it received in the last upgrade so we can do concurrent updates and web accesses without them tripping over each other performance-wise.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe main developer box, Leaf, received a 2TB SSD and we are currently in the midst of migrating all the developer accounts in /home and /build from its old HDDs to its new SSD.  This machine serves developer repos, developer web stuff, our home page and wiki, etc, so those will become snappier as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHard drives are becoming real dinosaurs.  We still have a few left from the old days but in terms of active use the only HDDs we feel we really need to keep now are the ones we use for backups and grok data, owing to the amount of storage needed for those functions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFive years ago when we received the blade server that now sits in the colo, we had a small 256G SSD for root on every blade, and everything else used HDDs.  To make things operate smoothly, most of that 256G root SSD was assigned to swapcache (200G of it, in fact, in most cases).  Even just 2 years ago replacing all those HDDs with SSDs, even just the ones being used to actively serve data and support developers, would have been cost prohibitive.  But today it isn’t and the only HDDs we really need anywhere are for backups or certain very large bits of bulk data (aka the grok source repository and index).  The way things are going, even the backup drives will probably become SSDs over the next two years.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###iX ad spot\u003cbr\u003e\n\u003ca href=\"https://www.ixsystems.com/blog/oscon2018/\"\u003eOSCON 2018 Recap\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://oshogbo.vexillium.org/blog/46/\"\u003ezpool checkpoints\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn March, to FreeBSD landed a very interesting feature called ‘zpool checkpoints’. Before we jump straight into the topic, let’s take a step back and look at another ZFS feature called ‘snapshot’. Snapshot allows us to create an image of our single file systems. This gives us the option to modify data on the dataset without the fear of losing some data.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA very good example of how to use ZFS snapshot is during an upgrade of database schema. Let us consider a situation where we have a few scripts which change our schema. Sometimes we are unable to upgrade in one transaction (for example, when we attempt to alter a table and then update it in single transaction). If our database is on dataset, we can just snapshot it, and if something goes wrong, simply rollback the file system to its previous state.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe problem with snapshot is that it works only on a single dataset. If we added some dataset, we wouldn’t then be able to create the snapshot which would rollback that operation. The same with changing the attributes of a dataset. If we change the compression on the dataset, we cannot rollback it. We would need to change that manually.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnother interesting problem involves upgrading the whole operating system when we upgrade system with a new ZFS version. What if we start upgrading our dataset and our kernel begins to crash? (If you use FreeBSD, I doubt you will ever have had that experience but still…). If we rollback to the old kernel, there is a chance the dataset will stop working because the new kernel doesn’t know how to use the new features.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZpool checkpoints is the solution to all those problems. Instead of taking a single snapshot of the dataset, we can now take a snapshot of the whole pool. That means we will not only rollback the data but also all the metadata. If we rewind to the checkpoint, all our ZFS properties will be rolled back; the upgrade will be rolledback, and even the creation/deletion of the dataset, and the snapshot, will be rolledback.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eZpool Checkpoint has introduced a few simple functions:\u003c/li\u003e\n\u003cli\u003eFor a creating checkpoint:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ezpool checkpoint \u0026lt;pool\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRollbacks state to checkpoint and remove the checkpoint:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ezpool import -- rewind-to-checkpoint \u0026lt;pool\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMount the pool read only - this does not rollback the data:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ezpool import --read-only=on --rewind-to-checkpoint\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRemove the checkpoint\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ezpool checkpoint --discard \u0026lt;pool\u0026gt; or zpool checkpoint -d \u0026lt;pool\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith this powerful feature we need to remember some safety rules:\u003c/li\u003e\n\u003cli\u003eScrub will work only on data that isn’t in checkpool.\u003c/li\u003e\n\u003cli\u003eYou can’t remove vdev if you have a checkpoint.\u003c/li\u003e\n\u003cli\u003eYou can’t split mirror.\u003c/li\u003e\n\u003cli\u003eReguid will not work either.\u003c/li\u003e\n\u003cli\u003eCreate a checkpoint when one of the disks is removed…\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor me, this feature is incredibly useful, especially when upgrading an operating system, or when I need to experiment with additional data sets. If you speak Polish, I have some additional information for you. During the first Polish BSD user group meeting, I had the opportunity to give a short talk about this feature. Here you find the video of that talk, and here is the slideshow.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI would like to offer my thanks to Serapheim Dimitropoulos for developing this feature, and for being so kind in sharing with me so many of its intricacies. If you are interested in knowing more about the technical details of this feature, you should check out Serapheim’s blog, and his video about checkpoints.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###g2k18 Reports\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180728110010\"\u003eg2k18 hackathon report: Ingo Schwarze on sed(1) bugfixing with Martijn van Duren, and about other small userland stuff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180726184322\"\u003eg2k18 hackathon report: Kenneth Westerback on dhcpd(8) fixes, disklabel(8) refactoring and more\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180716193511\"\u003eg2k18 Hackathon Report: Marc Espie on ports and packages progress\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180716202456\"\u003eg2k18 hackathon report: Antoine Jacoutot on porting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180717074543\"\u003eg2k18 hackathon report: Matthieu Herrb on font caches and xenodm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180718060313\"\u003eg2k18 hackathon report: Florian Obser on rtadvd(8) -\u0026gt; rad(8) progress (actually, rewrite)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180719100833\"\u003eg2k18 Hackathon Report: Klemens Nanni on improvements to route(8), pfctl(8), and mount(2)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180721053002\"\u003eg2k18 hackathon report: Carlos Cardenas on vmm/vmd progress, LACP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180721053011\"\u003eg2k18 hackathon report: Claudio Jeker on OpenBGPD developments\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://i.imgur.com/3t3cJF6.jpg\"\u003ePicture of the last day of the g2k18 hackathon in Ljubljana, Slovenia\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.geeklan.co.uk/?p=2266\"\u003eSomething blogged (on pkgsrcCon 2018)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_configuration_files\"\u003eGSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd.network/@mulander/100390180499807877\"\u003eThere should be a global ‘awareness’ week for developers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-pl.org/en\"\u003ePolish BSD User Group – Upcoming Meeting: Aug 9th 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2018-July/000430.html\"\u003eLondon BSD User Group – Upcoming Meeting: Aug 14th 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://whyzfsisbetter.com/\"\u003ePhillip Smith’s collection of reasons why ZFS is better so that he does not have to repeat\u003cbr\u003e\nhimself all the time\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/registration-is-open/\"\u003eEuroBSDCon 2018: Sept 20-23rd in Romania – Register NOW!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetbsd.com/call-for-papers/\"\u003eMeetBSD 2018: Oct 19-20 in Santa Clara, California. Call for Papers closes on Aug 12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eDale - \u003ca href=\"http://dpaste.com/1K452Y7#wrap\"\u003eL2ARC recommendations \u0026amp; drive age question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTodd - \u003ca href=\"http://dpaste.com/0WWHZ3E#wrap\"\u003eZFS \u0026amp; S3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eefraim - \u003ca href=\"http://dpaste.com/36YP39B#wrap\"\u003eLicense Poem\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHenrick - \u003ca href=\"http://dpaste.com/21D1KWA#wrap\"\u003eYet another ZFS question\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.","date_published":"2018-08-02T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7928575b-6648-4fac-ba50-4d24e56a7b9b.mp3","mime_type":"audio/mp3","size_in_bytes":50094426,"duration_in_seconds":4991}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2304","title":"Episode 256: Because Computers | BSD Now 2^8","url":"https://www.bsdnow.tv/256","content_text":"FreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.\n\nWin\n\nCelebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored).\n\nTo enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They spell different words in each of the 4 episodes. Send us these words in order to feedback@bsdnow.tv with the subject “bsdnow256” until August 8th, 2018 18:00 UTC and we’ll randomly draw the winner on the live show. We’ll then contact you to ship the item.\nOnly one item to win. All decisions are final. Better luck next time.\n\nHeadlines\n\nBattle of the Schedulers: FreeBSD ULE vs. Linux CFS\n\nIntroduction\nThis paper analyzes the impact on application performance of the design and implementation choices made in two widely used open-source schedulers: ULE, the default FreeBSD scheduler, and CFS, the default Linux scheduler. We compare ULE and CFS in otherwise identical circumstances. We have ported ULE to Linux, and use it to schedule all threads that are normally scheduled by CFS. We compare the performance of a large suite of applications on the modified kernel running ULE and on the standard Linux kernel running CFS. The observed performance differences are solely the result of scheduling decisions, and do not reflect differences in other subsystems between FreeBSD and Linux. There is no overall winner. On many workloads the two schedulers perform similarly, but for some workloads there are significant and even surprising differences. ULE may cause starvation, even when executing a single application with identical threads, but this starvation may actually lead to better application performance for some workloads. The more complex load balancing mechanism of CFS reacts more quickly to workload changes, but ULE achieves better load balance in the long run.\nOperating system kernel schedulers are responsible for maintaining high utilization of hardware resources (CPU cores, memory, I/O devices) while providing fast response time to latency-sensitive applications. They have to react to workload changes, and handle large numbers of cores and threads with minimal overhead [12]. This paper provides a comparison between the default schedulers of two of the most widely deployed open-source operating systems: the Completely Fair Scheduler (CFS) used in Linux, and the ULE scheduler used in FreeBSD. Our goal is not to declare an overall winner.\nIn fact, we find that for some workloads ULE is better and for others CFS is better. Instead, our goal is to illustrate how differences in the design and the implementation of the two schedulers are reflected in application performance under different workloads. ULE and CFS are both designed to schedule large numbers of threads on large multicore machines. Scalability considerations have led both schedulers to adopt per-core run-queues. On a context switch, a core accesses only its local run-queue to find the next thread to run. Periodically and at select times, e.g., when a thread wakes up, both ULE and CFS perform load balancing, i.e., they try to balance the amount of work waiting in the run-queues of different cores.\nULE and CFS, however, differ greatly in their design and implementation choices. FreeBSD ULE is a simple scheduler (2,950 lines of code in FreeBSD 11.1), while Linux CFS is much more complex (17,900 lines of code in the latest LTS Linux kernel, Linux 4.9). FreeBSD run-queues are FIFO. For load balancing, FreeBSD strives to even out the number of threads per core. In Linux, a core decides which thread to run next based on prior execution time, priority, and perceived cache behavior of the threads in its runqueue. Instead of evening out the number of threads between cores, Linux strives to even out the average amount of pending work.\n\nPerformance analysis\nWe now analyze the impact of the per-core scheduling on the performance of 37 applications. We define “performance” as follows: for database workloads and NAS applications, we compare the number of operations per second, and for the other applications we compare “execution time”. The higher the “performance”, the better a scheduler performs. Figure 5 presents the performance difference between CFS and ULE on a single core, with percentages above 0 meaning that the application executes faster with ULE than CFS.\nOverall, the scheduler has little influence on most workloads. Indeed, most applications use threads that all perform the same work, thus both CFS and ULE endup scheduling all of the threads in a round-robin fashion. The average performance difference is 1.5%, in favor of ULE. Still, scimark is 36% slower on ULE than CFS, and apache is 40% faster on ULE than CFS. Scimark is a single-threaded Java application. It launches one compute thread, and the Java runtime executes other Java system threads in the background (for the garbage collector, I/O, etc.).\nWhen the application is executed with ULE, the compute thread can be delayed, because Java system threads are considered interactive and get priority over the computation thread. The apache workload consists of two applications: the main server (httpd) running 100 threads, and ab, a single-threaded load injector.\nThe performance difference between ULE and CFS is explained by different choices regarding thread preemption. In ULE, full preemption is disabled, while CFS preempts the running thread when the thread that has just been woken up has a vruntime that is much smaller than the vruntime of the currently executing thread (1ms difference in practice). In CFS, ab is preempted 2 million times during the benchmark, while it never preempted with ULE.\nThis behavior is explained as follows: ab starts by sending 100 requests to the httpd server, and then waits for the server to answer. When ab is woken up, it checks which requests have been processed and sends new requests to the server. Since ab is single-threaded, all requests sent to the server are sent sequentially. In ULE, ab is able to send as many new requests as it has received responses. In CFS, every request sent by ab wakes up a httpd thread, which preempts ab.\n\nConclusion\nScheduling threads on a multicore machine is hard. In this paper, we perform a fair comparison of the design choices of two widely used schedulers: the ULE scheduler from FreeBSD and CFS from Linux. We show that they behave differently even on simple workloads, and that no scheduler performs better than the other on all workloads.\n\nOpenBSD 6.3 on Tuxedo InfinityBook\n\nDisclaimer:\nI came across the Tuxedo Computers InfinityBook last year at the Open! Conference where Tuxedo had a small booth. Previously they came to my attention since they’re a member of the OSB Alliance on whose board I’m a member. Furthermore Tuxedo Computers are a sponsor of the OSBAR which I’m part of the organizational team.\n\nOpenBSD on the Tuxedo InfinityBook\nI’ve asked the guys over at Tuxedo Computers whether they would be interested to have some tests with *BSD done and that I could test drive one of their machines and give feedback on what works and what does not - and possibly look into it.+\n\nWithin a few weeks they shipped me a machine and last week the InfinityBook Pro 14” arrived. Awesome. Thanks already to the folks at Tuxedo Computers. The machine arrived accompanied by lot’s of swag :)\n\nThe InfinityBook is a very nice machine and allows a wide range of configuration. The configuration that was shipped to me:\n\nIntel Core i7-8550U\n1x 16GB RAM 2400Mhz Crucial Ballistix Sport LT\n250 GB Samsung 860 EVO (M.2 SATAIII)\n\nI used a USB-stick to boot install63.fs and re-installed the machine with OpenBSD. Full dmesg.\n\nThe installation went flawlessly, the needed intel firmware is being installed after installation automatically via fw_update(1).\n\nOut of the box the graphics works and once installed the machine presents the login.\n\nVideo\nWhen X starts the display is turned off for some reason. You will need to hit fn+f12 (the key with the moon on it) then the display will go on. Aside from that little nit, X works just fine and presents one the expected resolution.\n\nExternal video is working just fine as well. Either via hdmi output or via the mini displayport connector.\n\nThe buttons for adjusting brightness (fn+f8 and fn+f9) are not working. Instead one has to use wsconsctl(8) to adjust the brightness.\n\nNetworking\nThe infinityBook has built-in ethernet, driven by re(4) And for the wireless interface the iwm(4) driver is being used. Both work as expected.\n\nACPI\nNeither suspend nor hibernate work. Reporting of battery status is bogus as well. Some of the keyboard function keys work:\n\nLCD on/off works (fn+f2)\nKeyboard backlight dimming works (fn+f4)\nVolume (fn+f5 / fn+f6) works\n\nSound\nThe azalia chipset is being used for audio processing. Works as expected, volume can be controlled via buttons (fn+f5, fn+f6) or via mixerctl.\n\nTouchpad\nCan be controlled via wsconsctl(8).\nSo far I must say, that the InfinityBook makes a nice machine - and I’m enjoying working with it.\n\niXsystems\niXsystems - Its all NAS\n\nHow ZFS makes things like ‘zfs diff’ report filenames efficiently\n\nAs a copy on write (file)system, ZFS can use the transaction group (txg) numbers that are embedded in ZFS block pointers to efficiently find the differences between two txgs; this is used in, for example, ZFS bookmarks. However, as I noted at the end of my entry on block pointers, this doesn’t give us a filesystem level difference; instead, it essentially gives us a list of inodes (okay, dnodes) that changed.\nIn theory, turning an inode or dnode number into the path to a file is an expensive operation; you basically have to search the entire filesystem until you find it. In practice, if you’ve ever run ‘zfs diff’, you’ve likely noticed that it runs pretty fast. Nor is this the only place that ZFS quickly turns dnode numbers into full paths, as it comes up in ‘zpool status’ reports about permanent errors. At one level, zfs diff and zpool status do this so rapidly because they ask the ZFS code in the kernel to do it for them. At another level, the question is how the kernel’s ZFS code can be so fast.\nThe interesting and surprising answer is that ZFS cheats, in a way that makes things very fast when it works and almost always works in normal filesystems and with normal usage patterns. The cheat is that ZFS dnodes record their parent’s object number.\nIf you’re familiar with the twists and turns of Unix filesystems, you’re now wondering how ZFS deals with hardlinks, which can cause a file to be in several directories at once and so have several parents (and then it can be removed from some of the directories). The answer is that ZFS doesn’t; a dnode only ever tracks a single parent, and ZFS accepts that this parent information can be inaccurate. I’ll quote the comment in zfs_obj_to_pobj:\nWhen a link is removed [the file’s] parent pointer is not changed and will be invalid. There are two cases where a link is removed but the file stays around, when it goes to the delete queue and when there are additional links.\nBefore I get into the details, I want to say that I appreciate the brute force elegance of this cheat. The practical reality is that most Unix files today don’t have extra hardlinks, and when they do most hardlinks are done in ways that won’t break ZFS’s parent stuff. The result is that ZFS has picked an efficient implementation that works almost all of the time; in my opinion, the great benefit we get from having it around are more than worth the infrequent cases where it fails or malfunctions. Both zfs diff and having filenames show up in zpool status permanent error reports are very useful (and there may be other cases where this gets used).\nThe current details are that any time you hardlink a file to somewhere or rename it, ZFS updates the file’s parent to point to the new directory. Often this will wind up with a correct parent even after all of the dust settles; for example, a common pattern is to write a file to an initial location, hardlink it to its final destination, and then remove the initial location version. In this case, the parent will be correct and you’ll get the right name.\n\nNews Roundup\n\nWhat is FreeBSD? Why Should You Choose It Over Linux?\n\nNot too long ago I wondered if and in what situations FreeBSD could be faster than Linux and we received a good amount of informative feedback. So far, Linux rules the desktop space and FreeBSD rules the server space.\n\nIn the meantime, though, what exactly is FreeBSD? And at what times should you choose it over a GNU/Linux installation? Let’s tackle these questions.\n\nFreeBSD is a free and open source derivative of BSD (Berkeley Software Distribution) with a focus on speed, stability, security, and consistency, among other features. It has been developed and maintained by a large community ever since its initial release many years ago on November 1, 1993.\n\nBSD is the version of UNIX® that was developed at the University of California in Berkeley. And being a free and open source version, “Free” being a prefix to BSD is a no-brainer.\n\nWhat’s FreeBSD Good For?\n\nFreeBSD offers a plethora of advanced features and even boasts some not available in some commercial Operating Systems. It makes an excellent Internet and Intranet server thanks to its robust network services that allow it to maximize memory and work with heavy loads to deliver and maintain good response times for thousands of simultaneous user processes.\n\nFreeBSD runs a huge number of applications with ease. At the moment, it has over 32,000 ported applications and libraries with support for desktop, server, and embedded environments. with that being said, let me also add that FreeBSD is excellent for working with advanced embedded platforms. Mail and web appliances, timer servers, routers, MIPS hardware platforms, etc. You name it!\n\nFreeBSD is available to install in several ways and there are directions to follow for any method you want to use; be it via CD-ROM, over a network using NFS or FTP, or DVD.\n\nFreeBSD is easy to contribute to and all you have to do is to locate the section of the FreeBSD code base to modify and carefully do a neat job. Potential contributors are also free to improve on its artwork and documentation, among other project aspects.\n\nFreeBSD is backed by the FreeBSD Foundation, a non-profit organization that you can contribute to financially and all direct contributions are tax deductible.\n\nFreeBSD’s license allows users to incorporate the use of proprietary software which is ideal for companies interested in generating revenues. Netflix, for example, could cite this as one of the reasons for using FreeBSD servers.\n\nWhy Should You Choose It over Linux?\n\nFrom what I’ve gathered about both FreeBSD and Linux, FreeBSD has a better performance on servers than Linux does. Yes, its packaged applications are configured to offer better a performance than Linux and it is usually running fewer services by default, there really isn’t a way to certify which is faster because the answer is dependent on the running hardware and applications and how the system is tuned.\n\nFreeBSD is reportedly more secure than Linux because of the way the whole project is developed and maintained.\n\nUnlike with Linux, the FreeBSD project is controlled by a large community of developers around the world who fall into any of these categories; core team, contributors, and committers.\n\nFreeBSD is much easier to learn and use because there aren’t a thousand and one distros to choose from with different package managers, DEs, etc.\n\nFreeBSD is more convenient to contribute to because it is the entire OS that is preserved and not just the kernel and a repo as is the case with Linux. You can easily access all of its versions since they are sorted by release numbers.\n\nApart from the many documentations and guides that you can find online, FreeBSD has a single official documentation wherein you can find the solution to virtually any issue you will come across. So, you’re sure to find it resourceful.\n\nFreeBSD has close to no software issues compared to Linux because it has Java, is capable of running Windows programs using Wine, and can run .NET programs using Mono.\n\nFreeBSD’s ports/packages system allows you to compile software with specific configurations, thereby avoiding conflicting dependency and version issues.\n\nBoth the FreeBSD and GNU/Linux project are always receiving updates. The platform you decide to go with is largely dependent on what you want to use it for, your technical know-how, willingness to learn new stuff, and ultimately your preference.\nWhat is your take on the topic? For what reasons would you choose FreeBSD over Linux if you would? Let us know what you think about both platforms in the comments section below.\n\nPS4 5.05 BPF Double Free Kernel Exploit Writeup\n\nIntroduction\nWelcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here.\nThis bug is no longer accessible however past 5.05 firmware, because the BPF driver has finally been blocked from unprivileged processes - WebKit can no longer open it. Sony also introduced a new security mitigation in 5.0x firmwares to prevent the stack pointer from pointing into user space, however we’ll go more in detail on this a bit further down.\n\nAssumptions\nSome assumptions are made of the reader’s knowledge for the writeup. The avid reader should have a basic understanding of how memory allocators work - more specifically, how malloc() and free() allocate and deallocate memory respectively. They should also be aware that devices can be issued commands concurrently, as in, one command could be received while another one is being processed via threading. An understanding of C, x86, and exploitation basics is also very helpful, though not necessarily required.\n\nBackground\nThis section contains some helpful information to those newer to exploitation, or are unfamiliar with device drivers, or various exploit techniques such as heap spraying and race conditions. Feel free to skip to the “A Tale of Two Free()'s” section if you’re already familiar with this material.\n\nWhat Are Drivers?\nThere are a few ways that applications can directly communicate with the operating system. One of which is system calls, which there are over 600 of in the PS4 kernel, ~500 of which are FreeBSD - the rest are Sony-implemented. Another method is through something called “Device Drivers”. Drivers are typically used to bridge the gap between software and hardware devices (usb drives, keyboard/mouse, webcams, etc) - though they can also be used just for software purposes.\nThere are a few operations that a userland application can perform on a driver (if it has sufficient permissions) to interface with it after opening it. In some instances, one can read from it, write to it, or in some cases, issue more complex commands to it via the ioctl() system call. The handlers for these commands are implemented in kernel space - this is important, because any bugs that could be exploited in an ioctl handler can be used as a privilege escalation straight to ring0 - typically the most privileged state.\nDrivers are often the more weaker points of an operating system for attackers, because sometimes these drivers are written by developers who don’t understand how the kernel works, or the drivers are older and thus not wise to newer attack methods.\n\nThe BPF Device Driver\nIf we take a look around inside of WebKit’s sandbox, we’ll find a /dev directory. While this may seem like the root device driver path, it’s a lie. Many of the drivers that the PS4 has are not exposed to this directory, but rather only ones that are needed for WebKit’s operation (for the most part). For some reason though, BPF (aka. the “Berkely Packet Filter”) device is not only exposed to WebKit’s sandbox - it also has the privileges to open the device as R/W. This is very odd, because on most systems this driver is root-only (and for good reason). If you want to read more into this, refer to my previous write-up with 4.55FW.\n\nWhat Are Packet Filters?\nBelow is an excerpt from the 4.55 bpfwrite writeup.\nSince the bug is directly in the filter system, it is important to know the basics of what packet filters are. Filters are essentially sets of pseudo-instructions that are parsed by bpf_filter() (which are ran when packets are received). While the pseudo-instruction set is fairly minimal, it allows you to do things like perform basic arithmetic operations and copy values around inside it’s buffer. Breaking down the BPF VM in it’s entirety is far beyond the scope of this write-up, just know that the code produced by it is ran in kernel mode - this is why read/write access to /dev/bpf should be privileged.\n\nRace Conditions\nRace conditions occur when two processes/threads try to access a shared resource at the same time without mutual exclusion. The problem was ultimately solved by introducing concepts such as the “mutex” or “lock”. The idea is when one thread/process tries to access a resource, it will first acquire a lock, access it, then unlock it once it’s finished. If another thread/process tries to access it while the other has the lock, it will wait until the other thread is finished. This works fairly well - when it’s used properly.\nLocking is hard to get right, especially when you try to implement fine-grained locking for performance. One single instruction or line of code outside the locking window could introduce a race condition. Not all race conditions are exploitable, but some are (such as this one) - and they can give an attacker very powerful bugs to work with.\n\nHeap Spraying\nThe process of heap spraying is fairly simple - allocate a bunch of memory and fill it with controlled data in a loop and pray your allocation doesn’t get stolen from underneath you. It’s a very useful technique when exploiting something such as a use-after-free(), as you can use it to get controlled data into your target object’s backing memory.\nBy extension, it’s useful to do this for a double free() as well, because once we have a stale reference, we can use a heap spray to control the data. Since the object will be marked “free” - the allocator will eventually provide us with control over this memory, even though something else is still using it. That is, unless, something else has already stolen the pointer from you and corrupts it - then you’ll likely get a system crash, and that’s no fun. This is one factor that adds to the variance of exploits, and typically, the smaller the object, the more likely this is to happen.\n\nFollow the link to read more of the article\nDigitalOcean\nhttp://do.co/bsdnow\n\nOpenBSD gains Wi-Fi “auto-join”\n\nIn a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:\n\nCVSROOT:    /cvs\nModule name:    src\nChanges by: phessler@cvs.openbsd.org    2018/07/11 14:18:09\n\nModified files:\n    sbin/ifconfig  : ifconfig.8 ifconfig.c \n    sys/net80211   : ieee80211_ioctl.c ieee80211_ioctl.h \n                     ieee80211_node.c ieee80211_node.h \n                     ieee80211_var.h \n\nLog message:\nIntroduce 'auto-join' to the wifi 802.11 stack.\n\nThis allows a system to remember which ESSIDs it wants to connect to, any\nrelevant security configuration, and switch to it when the network we are\ncurrently connected to is no longer available.\nWorks when connecting and switching between WPA2/WPA1/WEP/clear encryptions.\n\nexample hostname.if:\njoin home wpakey password\njoin work wpakey mekmitasdigoat\njoin open-lounge\njoin cafe wpakey cafe2018\njoin \"wepnetwork\" nwkey \"12345\"\ndhcp\ninet6 autoconf\nup\n\nOK stsp@ reyk@\nand enthusiasm from every hackroom I've been in for the last 3 years\nThe usage should be clear from the commit message, but basically you ‘join’ all the networks you want to auto-join as you would previously use ‘nwid’ to connect to one specific network. Then the kernel will join the network that’s actually in range and do the rest automagically for you. When you move out of range of that network you lose connectivity until you come in range of the original (where things will continue to work as you’ve been used to) or one of the other networks (where you will associate and then get a new lease).\n\nThanks to Peter for working on this feature - something many a Wi-Fi using OpenBSD user will be able to benefit from.\n\nFreeBSD Jails the hard way\n\nThere are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.\n\nThis post goes over what is involved in creating and managing jails using only the tools built into FreeBSD.\n\nFor this guide, I’m going to be putting my jails in /usr/local/jails.\n\nI’ll start with a very simple, isolated jail. Then I’ll go over how to use ZFS snapshots, and lastly nullfs mounts to share the FreeBSD base files with multiple jails.\n\nI’ll also show some examples of how to use the templating power of jail.conf to apply similar settings to all your jails.\n\nFull Jail\nMake a directory for the jail, or a zfs dataset if you prefer.\nDownload the FreeBSD base files, and any other parts of FreeBSD you want. In this example I’ll include the 32 bit libraries as well.\nUpdate your FreeBSD base install.\nVerify your download. We’re downloading these archives over FTP after all, we should confirm that this download is valid and not tampered with. The freebsd-update IDS command verifies the installation using a PGP key which is in your base system, which was presumably installed with an ISO that you verified using the FreeBSD signed checksums. Admittedly this step is a bit of paranoia, but I think it’s prudent.\nMake sure you jail has the right timezone and dns servers and a hostname in rc.conf.\nEdit jail.conf with the details about your jail.\nStart and login to your jail.\n11 commands and a config file, but this is the most tedious way to make a jail. With a little bit of templating it can be even easier. So I’ll start by making a template. Making a template is basically the same as steps 1, 2 and 3 above, but with a different destination folder, I’ll condense them here.\n\nCreating a template\nCreate a template or a ZFS dataset. If you’d like to use the zfs clone method of deploying templates, you’ll need to create a zfs dataset instead of a folder.\nUpdate your template with freebsd-update.\nVerify your install\nAnd that’s it, now you have a fully up to date jail template. If you’ve made this template with zfs, you can easily deploy it using zfs snapshots.\n\nDeploying a template with ZFS snapshots\nCreate a snapshot. My last freebsd-update to my template brought it to patch level 17, so I’ll call my snapshot p10.\nClone the snapshot to a new jail.\nConfigure the jail hostname.\nAdd the jail definition to jail.conf, make sure you have the global jail settings from jail.conf listed in the fulljail example.\nStart the jail.\nThe downside with the zfs approach is that each jail is now a fully independent, and if you need to update your jails, you have to update them all individually. By sharing a template using nullfs mounts you can have only one copy of the base system that only needs to be updated once.\n\nFollow the link to see the rest of the article about\nThin jails using NullFS mounts\nSimplifying jail.conf\nHopefully this has helped you understand the process of how to create and manage FreeBSD jails without tools that abstract away all the details. Those tools are often quite useful, but there is always benefit in learning to do things the hard way. And in this case, the hard way doesn’t seem to be that hard after all.\n\nBeastie Bits\n\nMeetup in Zurich #4, July edition (July 19) – Which you likely missed, but now you know to look for the August edition!\nThe next two BSD-PL User group meetings in Warsaw have been scheduled for July 30th and Aug 9th @ 1830 CEST – Submit your topic proposals now\nLinux Geek Books - Humble Bundle\nExtend loader(8) geli support to all architectures and all disk-like devices\nUpgrading from a bootpool to a single encrypted pool – skip the gptzfsboot part, and manually update your EFI partition with loader.efi\nThe pkgsrc 2018Q2 for Illumos is available with 18500+ binary packages\nNetBSD ARM64 Images Available with SMP for RPi3 / NanoPi / Pine64 Boards\nRecently released CDE 2.3.0 running on Tribblix (Illumos)\nAn Interview With Tech \u0026amp; Science Fiction Author Michael W Lucas\nA reminder : MeetBSD CFP\nEuroBSDCon talk acceptances have gone out, and once the tutorials are confirmed, registration will open. That will likely have happened by time you see this episode, so go register! See you in Romania\nTarsnap\n\nFeedback/Questions\n\nWilyarti - Adblocked on FreeBSD Continued…\nAndrew - A Question and a Story\nMatthew - Thanks\nBrian - PCI-E Controller\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv","content_html":"\u003cp\u003eFreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.\u003c/p\u003e\n\n\u003ch2\u003eWin\u003c/h2\u003e\n\n\u003cp\u003eCelebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored).\u003c/p\u003e\n\n\u003cp\u003eTo enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They spell different words in each of the 4 episodes. Send us these words in order to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e with the subject “bsdnow256” until August 8th, 2018 18:00 UTC and we’ll randomly draw the winner on the live show. We’ll then contact you to ship the item.\u003cbr\u003e\nOnly one item to win. All decisions are final. Better luck next time.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eBattle of the Schedulers: FreeBSD ULE vs. Linux CFS\u003c/h3\u003e\n\n\u003cp\u003eIntroduction\u003cbr\u003e\nThis paper analyzes the impact on application performance of the design and implementation choices made in two widely used open-source schedulers: ULE, the default FreeBSD scheduler, and CFS, the default Linux scheduler. We compare ULE and CFS in otherwise identical circumstances. We have ported ULE to Linux, and use it to schedule all threads that are normally scheduled by CFS. We compare the performance of a large suite of applications on the modified kernel running ULE and on the standard Linux kernel running CFS. The observed performance differences are solely the result of scheduling decisions, and do not reflect differences in other subsystems between FreeBSD and Linux. There is no overall winner. On many workloads the two schedulers perform similarly, but for some workloads there are significant and even surprising differences. ULE may cause starvation, even when executing a single application with identical threads, but this starvation may actually lead to better application performance for some workloads. The more complex load balancing mechanism of CFS reacts more quickly to workload changes, but ULE achieves better load balance in the long run.\u003cbr\u003e\nOperating system kernel schedulers are responsible for maintaining high utilization of hardware resources (CPU cores, memory, I/O devices) while providing fast response time to latency-sensitive applications. They have to react to workload changes, and handle large numbers of cores and threads with minimal overhead [12]. This paper provides a comparison between the default schedulers of two of the most widely deployed open-source operating systems: the Completely Fair Scheduler (CFS) used in Linux, and the ULE scheduler used in FreeBSD. Our goal is not to declare an overall winner.\u003cbr\u003e\nIn fact, we find that for some workloads ULE is better and for others CFS is better. Instead, our goal is to illustrate how differences in the design and the implementation of the two schedulers are reflected in application performance under different workloads. ULE and CFS are both designed to schedule large numbers of threads on large multicore machines. Scalability considerations have led both schedulers to adopt per-core run-queues. On a context switch, a core accesses only its local run-queue to find the next thread to run. Periodically and at select times, e.g., when a thread wakes up, both ULE and CFS perform load balancing, i.e., they try to balance the amount of work waiting in the run-queues of different cores.\u003cbr\u003e\nULE and CFS, however, differ greatly in their design and implementation choices. FreeBSD ULE is a simple scheduler (2,950 lines of code in FreeBSD 11.1), while Linux CFS is much more complex (17,900 lines of code in the latest LTS Linux kernel, Linux 4.9). FreeBSD run-queues are FIFO. For load balancing, FreeBSD strives to even out the number of threads per core. In Linux, a core decides which thread to run next based on prior execution time, priority, and perceived cache behavior of the threads in its runqueue. Instead of evening out the number of threads between cores, Linux strives to even out the average amount of pending work.\u003c/p\u003e\n\n\u003cp\u003ePerformance analysis\u003cbr\u003e\nWe now analyze the impact of the per-core scheduling on the performance of 37 applications. We define “performance” as follows: for database workloads and NAS applications, we compare the number of operations per second, and for the other applications we compare “execution time”. The higher the “performance”, the better a scheduler performs. Figure 5 presents the performance difference between CFS and ULE on a single core, with percentages above 0 meaning that the application executes faster with ULE than CFS.\u003cbr\u003e\nOverall, the scheduler has little influence on most workloads. Indeed, most applications use threads that all perform the same work, thus both CFS and ULE endup scheduling all of the threads in a round-robin fashion. The average performance difference is 1.5%, in favor of ULE. Still, scimark is 36% slower on ULE than CFS, and apache is 40% faster on ULE than CFS. Scimark is a single-threaded Java application. It launches one compute thread, and the Java runtime executes other Java system threads in the background (for the garbage collector, I/O, etc.).\u003cbr\u003e\nWhen the application is executed with ULE, the compute thread can be delayed, because Java system threads are considered interactive and get priority over the computation thread. The apache workload consists of two applications: the main server (httpd) running 100 threads, and ab, a single-threaded load injector.\u003cbr\u003e\nThe performance difference between ULE and CFS is explained by different choices regarding thread preemption. In ULE, full preemption is disabled, while CFS preempts the running thread when the thread that has just been woken up has a vruntime that is much smaller than the vruntime of the currently executing thread (1ms difference in practice). In CFS, ab is preempted 2 million times during the benchmark, while it never preempted with ULE.\u003cbr\u003e\nThis behavior is explained as follows: ab starts by sending 100 requests to the httpd server, and then waits for the server to answer. When ab is woken up, it checks which requests have been processed and sends new requests to the server. Since ab is single-threaded, all requests sent to the server are sent sequentially. In ULE, ab is able to send as many new requests as it has received responses. In CFS, every request sent by ab wakes up a httpd thread, which preempts ab.\u003c/p\u003e\n\n\u003cp\u003eConclusion\u003cbr\u003e\nScheduling threads on a multicore machine is hard. In this paper, we perform a fair comparison of the design choices of two widely used schedulers: the ULE scheduler from FreeBSD and CFS from Linux. We show that they behave differently even on simple workloads, and that no scheduler performs better than the other on all workloads.\u003c/p\u003e\n\n\u003ch3\u003eOpenBSD 6.3 on Tuxedo InfinityBook\u003c/h3\u003e\n\n\u003cp\u003eDisclaimer:\u003cbr\u003e\nI came across the Tuxedo Computers InfinityBook last year at the Open! Conference where Tuxedo had a small booth. Previously they came to my attention since they’re a member of the OSB Alliance on whose board I’m a member. Furthermore Tuxedo Computers are a sponsor of the OSBAR which I’m part of the organizational team.\u003c/p\u003e\n\n\u003cp\u003eOpenBSD on the Tuxedo InfinityBook\u003cbr\u003e\nI’ve asked the guys over at Tuxedo Computers whether they would be interested to have some tests with *BSD done and that I could test drive one of their machines and give feedback on what works and what does not - and possibly look into it.+\u003c/p\u003e\n\n\u003cp\u003eWithin a few weeks they shipped me a machine and last week the InfinityBook Pro 14” arrived. Awesome. Thanks already to the folks at Tuxedo Computers. The machine arrived accompanied by lot’s of swag :)\u003c/p\u003e\n\n\u003cp\u003eThe InfinityBook is a very nice machine and allows a wide range of configuration. The configuration that was shipped to me:\u003c/p\u003e\n\n\u003cp\u003eIntel Core i7-8550U\u003cbr\u003e\n1x 16GB RAM 2400Mhz Crucial Ballistix Sport LT\u003cbr\u003e\n250 GB Samsung 860 EVO (M.2 SATAIII)\u003c/p\u003e\n\n\u003cp\u003eI used a USB-stick to boot install63.fs and re-installed the machine with OpenBSD. Full dmesg.\u003c/p\u003e\n\n\u003cp\u003eThe installation went flawlessly, the needed intel firmware is being installed after installation automatically via fw_update(1).\u003c/p\u003e\n\n\u003cp\u003eOut of the box the graphics works and once installed the machine presents the login.\u003c/p\u003e\n\n\u003cp\u003eVideo\u003cbr\u003e\nWhen X starts the display is turned off for some reason. You will need to hit fn+f12 (the key with the moon on it) then the display will go on. Aside from that little nit, X works just fine and presents one the expected resolution.\u003c/p\u003e\n\n\u003cp\u003eExternal video is working just fine as well. Either via hdmi output or via the mini displayport connector.\u003c/p\u003e\n\n\u003cp\u003eThe buttons for adjusting brightness (fn+f8 and fn+f9) are not working. Instead one has to use wsconsctl(8) to adjust the brightness.\u003c/p\u003e\n\n\u003cp\u003eNetworking\u003cbr\u003e\nThe infinityBook has built-in ethernet, driven by re(4) And for the wireless interface the iwm(4) driver is being used. Both work as expected.\u003c/p\u003e\n\n\u003cp\u003eACPI\u003cbr\u003e\nNeither suspend nor hibernate work. Reporting of battery status is bogus as well. Some of the keyboard function keys work:\u003c/p\u003e\n\n\u003cp\u003eLCD on/off works (fn+f2)\u003cbr\u003e\nKeyboard backlight dimming works (fn+f4)\u003cbr\u003e\nVolume (fn+f5 / fn+f6) works\u003c/p\u003e\n\n\u003cp\u003eSound\u003cbr\u003e\nThe azalia chipset is being used for audio processing. Works as expected, volume can be controlled via buttons (fn+f5, fn+f6) or via mixerctl.\u003c/p\u003e\n\n\u003cp\u003eTouchpad\u003cbr\u003e\nCan be controlled via wsconsctl(8).\u003cbr\u003e\nSo far I must say, that the InfinityBook makes a nice machine - and I’m enjoying working with it.\u003c/p\u003e\n\n\u003cp\u003eiXsystems\u003cbr\u003e\niXsystems - Its all NAS\u003c/p\u003e\n\n\u003ch3\u003eHow ZFS makes things like ‘zfs diff’ report filenames efficiently\u003c/h3\u003e\n\n\u003cp\u003eAs a copy on write (file)system, ZFS can use the transaction group (txg) numbers that are embedded in ZFS block pointers to efficiently find the differences between two txgs; this is used in, for example, ZFS bookmarks. However, as I noted at the end of my entry on block pointers, this doesn’t give us a filesystem level difference; instead, it essentially gives us a list of inodes (okay, dnodes) that changed.\u003cbr\u003e\nIn theory, turning an inode or dnode number into the path to a file is an expensive operation; you basically have to search the entire filesystem until you find it. In practice, if you’ve ever run ‘zfs diff’, you’ve likely noticed that it runs pretty fast. Nor is this the only place that ZFS quickly turns dnode numbers into full paths, as it comes up in ‘zpool status’ reports about permanent errors. At one level, zfs diff and zpool status do this so rapidly because they ask the ZFS code in the kernel to do it for them. At another level, the question is how the kernel’s ZFS code can be so fast.\u003cbr\u003e\nThe interesting and surprising answer is that ZFS cheats, in a way that makes things very fast when it works and almost always works in normal filesystems and with normal usage patterns. The cheat is that ZFS dnodes record their parent’s object number.\u003cbr\u003e\nIf you’re familiar with the twists and turns of Unix filesystems, you’re now wondering how ZFS deals with hardlinks, which can cause a file to be in several directories at once and so have several parents (and then it can be removed from some of the directories). The answer is that ZFS doesn’t; a dnode only ever tracks a single parent, and ZFS accepts that this parent information can be inaccurate. I’ll quote the comment in zfs_obj_to_pobj:\u003cbr\u003e\nWhen a link is removed [the file’s] parent pointer is not changed and will be invalid. There are two cases where a link is removed but the file stays around, when it goes to the delete queue and when there are additional links.\u003cbr\u003e\nBefore I get into the details, I want to say that I appreciate the brute force elegance of this cheat. The practical reality is that most Unix files today don’t have extra hardlinks, and when they do most hardlinks are done in ways that won’t break ZFS’s parent stuff. The result is that ZFS has picked an efficient implementation that works almost all of the time; in my opinion, the great benefit we get from having it around are more than worth the infrequent cases where it fails or malfunctions. Both zfs diff and having filenames show up in zpool status permanent error reports are very useful (and there may be other cases where this gets used).\u003cbr\u003e\nThe current details are that any time you hardlink a file to somewhere or rename it, ZFS updates the file’s parent to point to the new directory. Often this will wind up with a correct parent even after all of the dust settles; for example, a common pattern is to write a file to an initial location, hardlink it to its final destination, and then remove the initial location version. In this case, the parent will be correct and you’ll get the right name.\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003eWhat is FreeBSD? Why Should You Choose It Over Linux?\u003c/h3\u003e\n\n\u003cp\u003eNot too long ago I wondered if and in what situations FreeBSD could be faster than Linux and we received a good amount of informative feedback. So far, Linux rules the desktop space and FreeBSD rules the server space.\u003c/p\u003e\n\n\u003cp\u003eIn the meantime, though, what exactly is FreeBSD? And at what times should you choose it over a GNU/Linux installation? Let’s tackle these questions.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is a free and open source derivative of BSD (Berkeley Software Distribution) with a focus on speed, stability, security, and consistency, among other features. It has been developed and maintained by a large community ever since its initial release many years ago on November 1, 1993.\u003c/p\u003e\n\n\u003cp\u003eBSD is the version of UNIX® that was developed at the University of California in Berkeley. And being a free and open source version, “Free” being a prefix to BSD is a no-brainer.\u003c/p\u003e\n\n\u003cp\u003eWhat’s FreeBSD Good For?\u003c/p\u003e\n\n\u003cp\u003eFreeBSD offers a plethora of advanced features and even boasts some not available in some commercial Operating Systems. It makes an excellent Internet and Intranet server thanks to its robust network services that allow it to maximize memory and work with heavy loads to deliver and maintain good response times for thousands of simultaneous user processes.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD runs a huge number of applications with ease. At the moment, it has over 32,000 ported applications and libraries with support for desktop, server, and embedded environments. with that being said, let me also add that FreeBSD is excellent for working with advanced embedded platforms. Mail and web appliances, timer servers, routers, MIPS hardware platforms, etc. You name it!\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is available to install in several ways and there are directions to follow for any method you want to use; be it via CD-ROM, over a network using NFS or FTP, or DVD.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is easy to contribute to and all you have to do is to locate the section of the FreeBSD code base to modify and carefully do a neat job. Potential contributors are also free to improve on its artwork and documentation, among other project aspects.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is backed by the FreeBSD Foundation, a non-profit organization that you can contribute to financially and all direct contributions are tax deductible.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD’s license allows users to incorporate the use of proprietary software which is ideal for companies interested in generating revenues. Netflix, for example, could cite this as one of the reasons for using FreeBSD servers.\u003c/p\u003e\n\n\u003cp\u003eWhy Should You Choose It over Linux?\u003c/p\u003e\n\n\u003cp\u003eFrom what I’ve gathered about both FreeBSD and Linux, FreeBSD has a better performance on servers than Linux does. Yes, its packaged applications are configured to offer better a performance than Linux and it is usually running fewer services by default, there really isn’t a way to certify which is faster because the answer is dependent on the running hardware and applications and how the system is tuned.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is reportedly more secure than Linux because of the way the whole project is developed and maintained.\u003c/p\u003e\n\n\u003cp\u003eUnlike with Linux, the FreeBSD project is controlled by a large community of developers around the world who fall into any of these categories; core team, contributors, and committers.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is much easier to learn and use because there aren’t a thousand and one distros to choose from with different package managers, DEs, etc.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD is more convenient to contribute to because it is the entire OS that is preserved and not just the kernel and a repo as is the case with Linux. You can easily access all of its versions since they are sorted by release numbers.\u003c/p\u003e\n\n\u003cp\u003eApart from the many documentations and guides that you can find online, FreeBSD has a single official documentation wherein you can find the solution to virtually any issue you will come across. So, you’re sure to find it resourceful.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD has close to no software issues compared to Linux because it has Java, is capable of running Windows programs using Wine, and can run .NET programs using Mono.\u003c/p\u003e\n\n\u003cp\u003eFreeBSD’s ports/packages system allows you to compile software with specific configurations, thereby avoiding conflicting dependency and version issues.\u003c/p\u003e\n\n\u003cp\u003eBoth the FreeBSD and GNU/Linux project are always receiving updates. The platform you decide to go with is largely dependent on what you want to use it for, your technical know-how, willingness to learn new stuff, and ultimately your preference.\u003cbr\u003e\nWhat is your take on the topic? For what reasons would you choose FreeBSD over Linux if you would? Let us know what you think about both platforms in the comments section below.\u003c/p\u003e\n\n\u003ch3\u003ePS4 5.05 BPF Double Free Kernel Exploit Writeup\u003c/h3\u003e\n\n\u003cp\u003eIntroduction\u003cbr\u003e\nWelcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here.\u003cbr\u003e\nThis bug is no longer accessible however past 5.05 firmware, because the BPF driver has finally been blocked from unprivileged processes - WebKit can no longer open it. Sony also introduced a new security mitigation in 5.0x firmwares to prevent the stack pointer from pointing into user space, however we’ll go more in detail on this a bit further down.\u003c/p\u003e\n\n\u003cp\u003eAssumptions\u003cbr\u003e\nSome assumptions are made of the reader’s knowledge for the writeup. The avid reader should have a basic understanding of how memory allocators work - more specifically, how malloc() and free() allocate and deallocate memory respectively. They should also be aware that devices can be issued commands concurrently, as in, one command could be received while another one is being processed via threading. An understanding of C, x86, and exploitation basics is also very helpful, though not necessarily required.\u003c/p\u003e\n\n\u003cp\u003eBackground\u003cbr\u003e\nThis section contains some helpful information to those newer to exploitation, or are unfamiliar with device drivers, or various exploit techniques such as heap spraying and race conditions. Feel free to skip to the “A Tale of Two Free()\u0026#39;s” section if you’re already familiar with this material.\u003c/p\u003e\n\n\u003cp\u003eWhat Are Drivers?\u003cbr\u003e\nThere are a few ways that applications can directly communicate with the operating system. One of which is system calls, which there are over 600 of in the PS4 kernel, ~500 of which are FreeBSD - the rest are Sony-implemented. Another method is through something called “Device Drivers”. Drivers are typically used to bridge the gap between software and hardware devices (usb drives, keyboard/mouse, webcams, etc) - though they can also be used just for software purposes.\u003cbr\u003e\nThere are a few operations that a userland application can perform on a driver (if it has sufficient permissions) to interface with it after opening it. In some instances, one can read from it, write to it, or in some cases, issue more complex commands to it via the ioctl() system call. The handlers for these commands are implemented in kernel space - this is important, because any bugs that could be exploited in an ioctl handler can be used as a privilege escalation straight to ring0 - typically the most privileged state.\u003cbr\u003e\nDrivers are often the more weaker points of an operating system for attackers, because sometimes these drivers are written by developers who don’t understand how the kernel works, or the drivers are older and thus not wise to newer attack methods.\u003c/p\u003e\n\n\u003cp\u003eThe BPF Device Driver\u003cbr\u003e\nIf we take a look around inside of WebKit’s sandbox, we’ll find a /dev directory. While this may seem like the root device driver path, it’s a lie. Many of the drivers that the PS4 has are not exposed to this directory, but rather only ones that are needed for WebKit’s operation (for the most part). For some reason though, BPF (aka. the “Berkely Packet Filter”) device is not only exposed to WebKit’s sandbox - it also has the privileges to open the device as R/W. This is very odd, because on most systems this driver is root-only (and for good reason). If you want to read more into this, refer to my previous write-up with 4.55FW.\u003c/p\u003e\n\n\u003cp\u003eWhat Are Packet Filters?\u003cbr\u003e\nBelow is an excerpt from the 4.55 bpfwrite writeup.\u003cbr\u003e\nSince the bug is directly in the filter system, it is important to know the basics of what packet filters are. Filters are essentially sets of pseudo-instructions that are parsed by bpf_filter() (which are ran when packets are received). While the pseudo-instruction set is fairly minimal, it allows you to do things like perform basic arithmetic operations and copy values around inside it’s buffer. Breaking down the BPF VM in it’s entirety is far beyond the scope of this write-up, just know that the code produced by it is ran in kernel mode - this is why read/write access to /dev/bpf should be privileged.\u003c/p\u003e\n\n\u003cp\u003eRace Conditions\u003cbr\u003e\nRace conditions occur when two processes/threads try to access a shared resource at the same time without mutual exclusion. The problem was ultimately solved by introducing concepts such as the “mutex” or “lock”. The idea is when one thread/process tries to access a resource, it will first acquire a lock, access it, then unlock it once it’s finished. If another thread/process tries to access it while the other has the lock, it will wait until the other thread is finished. This works fairly well - when it’s used properly.\u003cbr\u003e\nLocking is hard to get right, especially when you try to implement fine-grained locking for performance. One single instruction or line of code outside the locking window could introduce a race condition. Not all race conditions are exploitable, but some are (such as this one) - and they can give an attacker very powerful bugs to work with.\u003c/p\u003e\n\n\u003cp\u003eHeap Spraying\u003cbr\u003e\nThe process of heap spraying is fairly simple - allocate a bunch of memory and fill it with controlled data in a loop and pray your allocation doesn’t get stolen from underneath you. It’s a very useful technique when exploiting something such as a use-after-free(), as you can use it to get controlled data into your target object’s backing memory.\u003cbr\u003e\nBy extension, it’s useful to do this for a double free() as well, because once we have a stale reference, we can use a heap spray to control the data. Since the object will be marked “free” - the allocator will eventually provide us with control over this memory, even though something else is still using it. That is, unless, something else has already stolen the pointer from you and corrupts it - then you’ll likely get a system crash, and that’s no fun. This is one factor that adds to the variance of exploits, and typically, the smaller the object, the more likely this is to happen.\u003c/p\u003e\n\n\u003cp\u003eFollow the link to read more of the article\u003cbr\u003e\nDigitalOcean\u003cbr\u003e\n\u003ca href=\"http://do.co/bsdnow\" rel=\"nofollow\"\u003ehttp://do.co/bsdnow\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003eOpenBSD gains Wi-Fi “auto-join”\u003c/h3\u003e\n\n\u003cp\u003eIn a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:\u003c/p\u003e\n\n\u003cp\u003eCVSROOT:    /cvs\u003cbr\u003e\nModule name:    src\u003cbr\u003e\nChanges by: \u003ca href=\"mailto:phessler@cvs.openbsd.org\" rel=\"nofollow\"\u003ephessler@cvs.openbsd.org\u003c/a\u003e    2018/07/11 14:18:09\u003c/p\u003e\n\n\u003cp\u003eModified files:\u003cbr\u003e\n    sbin/ifconfig  : ifconfig.8 ifconfig.c \u003cbr\u003e\n    sys/net80211   : ieee80211_ioctl.c ieee80211_ioctl.h \u003cbr\u003e\n                     ieee80211_node.c ieee80211_node.h \u003cbr\u003e\n                     ieee80211_var.h \u003c/p\u003e\n\n\u003cp\u003eLog message:\u003cbr\u003e\nIntroduce \u0026#39;auto-join\u0026#39; to the wifi 802.11 stack.\u003c/p\u003e\n\n\u003cp\u003eThis allows a system to remember which ESSIDs it wants to connect to, any\u003cbr\u003e\nrelevant security configuration, and switch to it when the network we are\u003cbr\u003e\ncurrently connected to is no longer available.\u003cbr\u003e\nWorks when connecting and switching between WPA2/WPA1/WEP/clear encryptions.\u003c/p\u003e\n\n\u003cp\u003eexample hostname.if:\u003cbr\u003e\njoin home wpakey password\u003cbr\u003e\njoin work wpakey mekmitasdigoat\u003cbr\u003e\njoin open-lounge\u003cbr\u003e\njoin cafe wpakey cafe2018\u003cbr\u003e\njoin \u0026quot;wepnetwork\u0026quot; nwkey \u0026quot;12345\u0026quot;\u003cbr\u003e\ndhcp\u003cbr\u003e\ninet6 autoconf\u003cbr\u003e\nup\u003c/p\u003e\n\n\u003cp\u003eOK stsp@ reyk@\u003cbr\u003e\nand enthusiasm from every hackroom I\u0026#39;ve been in for the last 3 years\u003cbr\u003e\nThe usage should be clear from the commit message, but basically you ‘join’ all the networks you want to auto-join as you would previously use ‘nwid’ to connect to one specific network. Then the kernel will join the network that’s actually in range and do the rest automagically for you. When you move out of range of that network you lose connectivity until you come in range of the original (where things will continue to work as you’ve been used to) or one of the other networks (where you will associate and then get a new lease).\u003c/p\u003e\n\n\u003cp\u003eThanks to Peter for working on this feature - something many a Wi-Fi using OpenBSD user will be able to benefit from.\u003c/p\u003e\n\n\u003ch3\u003eFreeBSD Jails the hard way\u003c/h3\u003e\n\n\u003cp\u003eThere are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.\u003c/p\u003e\n\n\u003cp\u003eThis post goes over what is involved in creating and managing jails using only the tools built into FreeBSD.\u003c/p\u003e\n\n\u003cp\u003eFor this guide, I’m going to be putting my jails in /usr/local/jails.\u003c/p\u003e\n\n\u003cp\u003eI’ll start with a very simple, isolated jail. Then I’ll go over how to use ZFS snapshots, and lastly nullfs mounts to share the FreeBSD base files with multiple jails.\u003c/p\u003e\n\n\u003cp\u003eI’ll also show some examples of how to use the templating power of jail.conf to apply similar settings to all your jails.\u003c/p\u003e\n\n\u003cp\u003eFull Jail\u003cbr\u003e\nMake a directory for the jail, or a zfs dataset if you prefer.\u003cbr\u003e\nDownload the FreeBSD base files, and any other parts of FreeBSD you want. In this example I’ll include the 32 bit libraries as well.\u003cbr\u003e\nUpdate your FreeBSD base install.\u003cbr\u003e\nVerify your download. We’re downloading these archives over FTP after all, we should confirm that this download is valid and not tampered with. The freebsd-update IDS command verifies the installation using a PGP key which is in your base system, which was presumably installed with an ISO that you verified using the FreeBSD signed checksums. Admittedly this step is a bit of paranoia, but I think it’s prudent.\u003cbr\u003e\nMake sure you jail has the right timezone and dns servers and a hostname in rc.conf.\u003cbr\u003e\nEdit jail.conf with the details about your jail.\u003cbr\u003e\nStart and login to your jail.\u003cbr\u003e\n11 commands and a config file, but this is the most tedious way to make a jail. With a little bit of templating it can be even easier. So I’ll start by making a template. Making a template is basically the same as steps 1, 2 and 3 above, but with a different destination folder, I’ll condense them here.\u003c/p\u003e\n\n\u003cp\u003eCreating a template\u003cbr\u003e\nCreate a template or a ZFS dataset. If you’d like to use the zfs clone method of deploying templates, you’ll need to create a zfs dataset instead of a folder.\u003cbr\u003e\nUpdate your template with freebsd-update.\u003cbr\u003e\nVerify your install\u003cbr\u003e\nAnd that’s it, now you have a fully up to date jail template. If you’ve made this template with zfs, you can easily deploy it using zfs snapshots.\u003c/p\u003e\n\n\u003cp\u003eDeploying a template with ZFS snapshots\u003cbr\u003e\nCreate a snapshot. My last freebsd-update to my template brought it to patch level 17, so I’ll call my snapshot p10.\u003cbr\u003e\nClone the snapshot to a new jail.\u003cbr\u003e\nConfigure the jail hostname.\u003cbr\u003e\nAdd the jail definition to jail.conf, make sure you have the global jail settings from jail.conf listed in the fulljail example.\u003cbr\u003e\nStart the jail.\u003cbr\u003e\nThe downside with the zfs approach is that each jail is now a fully independent, and if you need to update your jails, you have to update them all individually. By sharing a template using nullfs mounts you can have only one copy of the base system that only needs to be updated once.\u003c/p\u003e\n\n\u003cp\u003eFollow the link to see the rest of the article about\u003cbr\u003e\nThin jails using NullFS mounts\u003cbr\u003e\nSimplifying jail.conf\u003cbr\u003e\nHopefully this has helped you understand the process of how to create and manage FreeBSD jails without tools that abstract away all the details. Those tools are often quite useful, but there is always benefit in learning to do things the hard way. And in this case, the hard way doesn’t seem to be that hard after all.\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003eMeetup in Zurich #4, July edition (July 19) – Which you likely missed, but now you know to look for the August edition!\u003cbr\u003e\nThe next two BSD-PL User group meetings in Warsaw have been scheduled for July 30th and Aug 9th @ 1830 CEST – Submit your topic proposals now\u003cbr\u003e\nLinux Geek Books - Humble Bundle\u003cbr\u003e\nExtend loader(8) geli support to all architectures and all disk-like devices\u003cbr\u003e\nUpgrading from a bootpool to a single encrypted pool – skip the gptzfsboot part, and manually update your EFI partition with loader.efi\u003cbr\u003e\nThe pkgsrc 2018Q2 for Illumos is available with 18500+ binary packages\u003cbr\u003e\nNetBSD ARM64 Images Available with SMP for RPi3 / NanoPi / Pine64 Boards\u003cbr\u003e\nRecently released CDE 2.3.0 running on Tribblix (Illumos)\u003cbr\u003e\nAn Interview With Tech \u0026amp; Science Fiction Author Michael W Lucas\u003cbr\u003e\nA reminder : MeetBSD CFP\u003cbr\u003e\nEuroBSDCon talk acceptances have gone out, and once the tutorials are confirmed, registration will open. That will likely have happened by time you see this episode, so go register! See you in Romania\u003cbr\u003e\nTarsnap\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003eWilyarti - Adblocked on FreeBSD Continued…\u003cbr\u003e\nAndrew - A Question and a Story\u003cbr\u003e\nMatthew - Thanks\u003cbr\u003e\nBrian - PCI-E Controller\u003cbr\u003e\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e","summary":"FreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.","date_published":"2018-07-25T01:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d5ca53c5-7144-4ce4-9189-591a8ac5767b.mp3","mime_type":"audio/mp3","size_in_bytes":63008930,"duration_in_seconds":6282}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2267","title":"Episode 255: What Are You Pointing At | BSD Now 255","url":"https://www.bsdnow.tv/255","content_text":"What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.\n\n##Headlines\n###What ZFS block pointers are and what’s in them\n\n\nI’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS.\n\n\n\nThe very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF):\n\n\n\nA block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk.\n\n\n\nBlock pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata).\n\n\n\nSo what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains:\n\n\n\nvarious metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to.\nUp to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata).\nThe logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s).\nThe txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal.\nThe checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks.\n\n\n\nJust like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object.\n\n\n\n(The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.)\n\n\n\nThere is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object.\n\n\n\nSince block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently).\n\n\n\nAs far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg.\n\n\n\nHowever, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed).\n\n\n\n(ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.)\n\n\n\n\n###Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days\n\n\nExploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.\nThe offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement.\nThe company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category.\n\n\n\nBSD zero-day rewards will be on par with Linux payouts\n\n\n\nThe US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000.\nIn another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.\nZerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros.\nThe company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions.\nPayouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros.\n\n\n\nZero-day price varies based on exploitation chain\n\n\n\nThe acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said.\nOther factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs).\n\n\n\nZero-days in servers “can reach exceptional amounts”\n\n\n\n“Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email.\nAsked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following:\n\"Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.”\n“We may also react to customers’ requests and their operational needs,” Bekrar said.\n\n\n\nIt’s becoming a crowded market\n\n\n\nSince Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals.\nThe latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers.\n\n\nTwitter Announcement\n\n\n\nDigital Ocean\nhttp://do.co/bsdnow\n\n###KDE on FreeBSD – June 2018\n\n\nThe KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this:\n\n\nhttp://FreeBSD.kde.org | Bleeding edge \nhttp://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0\n\n\n\nIt’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this).\n\n\n\nIn no particular order:\nQt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile.\nOur collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though.\nKDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs.\nSimilarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer.\nThe freebsd.kde.org website has been slightly updated; it was terribly out-of-date.\n\n\n\nSo we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for the amazing application for downloading and displaying a flamingo … niche usecases FTW)\n\n\n\n\n##News Roundup\n###New FreeBSD Core Team Elected\n\n\nActive committers to the project have elected your tenth FreeBSD Core\nTeam.\n\n\n\nAllan Jude (allanjude)\nBenedict Reuschling (bcr)\nBrooks Davis (brooks)\nHiroki Sato (hrs)\nJeff Roberson (jeff)\nJohn Baldwin (jhb)\nKris Moore (kmoore)\nSean Chittenden (seanc)\nWarner Losh (imp)\n\n\n\nLet’s extend our gratitude to the outgoing Core Team members:\n\n\n\nBaptiste Daroussin (bapt)\nBenno Rice (benno)\nEd Maste (emaste)\nGeorge V. Neville-Neil (gnn)\nMatthew Seaman (matthew)\n\n\n\nMatthew, after having served as the Core Team Secretary for the past\nfour years, will be stepping down from that role.\n\n\n\nThe Core Team would also like to thank Dag-Erling Smørgrav for running a\nflawless election.\n\n\n\nTo read about the responsibilities of the Core Team, refer to https://www.freebsd.org/administration.html#t-core.\n\n\n\n\n###NetBSD WiFi refresh\n\n\nThe NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%NetBSD.org@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code.  The goals of the project are:\n\n\n\nMinimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier.\nAdding support for the newer protocols 801.11/N and 802.11/AC.\nImproving SMP support in the IEEE 802.11 stack.\nAdding Virtual Access Point (VAP) support.\nUpdating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes.\n\n\n\nStatus reports will be posted to tech-net%NetBSD.org@localhost every other week\nwhile the contract is active.\n\n\n\n\niXsystems\n\n###Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape\n\n\nPoor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.)\n\n\n\nThe architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible.\n\n\n\nPoor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.)\n\n\n\nARCHITECTURE\n\n\n\nA CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section.\n\n\n\n\nPoor Man’s CI consists of the following components and their interactions:\n\n\nController: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components:\n\nListener: Listens for GitHub push events and posts them as work messages to the workq PubSub.\nDispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build.\nCollector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool.\n\n\n\n\n\nPubSub Topics:\n\n\nworkq: Transports work messages that contain the link of the repository to build.\npoolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq.\ndoneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances.\n\n\n\n\n\nbuilder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script.\n\n\n\n\nBuild Logs: A Storage bucket that contains the logs of builds performed by builder instances.\n\n\n\n\nLogging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq.\n\n\n\n\nBUGS\n\n\n\n\n\nThe Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see https://tinyurl.com/ybkycuub.\n\n\n$ ./pmci queue_post poolq builder0\n# ./pmci queue_post poolq builder1\n# ... repeat for as many builders as you want\n\n\nThe Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see https://tinyurl.com/yb2vbwfd.\n\n\n\n\n###The Power of Ctrl-T\n\n\nDid you know that you can check what a process is doing by pressing CTRL+T?\nHas it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running.  This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal.\nOn FreeBSD it looks like this:\n\n\nping pingtest.com\nPING pingtest.com (5.22.149.135): 56 data bytes\n64 bytes from 5.22.149.135: icmp_seq=0 ttl=51 time=86.232 ms\n64 bytes from 5.22.149.135: icmp_seq=1 ttl=51 time=85.477 ms\n64 bytes from 5.22.149.135: icmp_seq=2 ttl=51 time=85.493 ms\n64 bytes from 5.22.149.135: icmp_seq=3 ttl=51 time=85.211 ms\n64 bytes from 5.22.149.135: icmp_seq=4 ttl=51 time=86.002 ms\nload: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k\n5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max\n64 bytes from 5.22.149.135: icmp_seq=5 ttl=51 time=85.725 ms\n64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms\n\n\n\nAs you can see it not only outputs the name of the running command but the following parameters as well:\n\n\n94371 – PID\n4.70r – since when is the process running\n0.00u – user time\n0.00s – system time\n0% – CPU usage\n2500k – resident set size of the process or RSS\n``\n\n\u0026gt; An even better example is with the following cp command:\n\n\n\ncp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null\nload: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 15%\nload: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 32%\nload: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 49%\nload: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 64%\nload: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 79%\nload: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 95%\n\n\n\u0026gt; I prcessed CTRL+T six times.  Without that, all the output would have been is the first line.\n\n\u0026gt; Another example how the process is changing states:\n\n\n\nwget https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso\n–2018-06-17 18:47:48– https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso\nResolving download.freebsd.org (download.freebsd.org)… 96.47.72.72, 2610:1c1:1:606c::15:0\nConnecting to download.freebsd.org (download.freebsd.org)|96.47.72.72|:443… connected.\nHTTP request sent, awaiting response… 200 OK\nLength: 3348465664 (3.1G) [application/octet-stream]\nSaving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’\n\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[\u0026gt; ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[\u0026gt; ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=\u0026gt; ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=\u0026gt; ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============\u0026gt; ] 460.23M 7.01MB/s eta 9m 0s 1\n\n\n\u0026gt; The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X:\n\n\n\n—\u0026gt; Fetching distfiles for gmp\n—\u0026gt; Attempting to fetch gmp-6.1.2.tar.bz2 from https://distfiles.macports.org/gmp\n—\u0026gt; Verifying checksums for gmp\n—\u0026gt; Extracting gmp\n—\u0026gt; Applying patches to gmp\n—\u0026gt; Configuring gmp\nload: 2.81 cmd: clang 74287 running 0.31u 0.28s\n\n\n\u0026gt; PS: If I recall correctly Feld showed me CTRL+T, thank you!\n\n***\n\n\n##Beastie Bits\n+ [Half billion tries for a HAMMER2 bug](http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html)\n+ OpenBSD with various Desktops\n + [OpenBSD 6.3 running twm window manager](https://youtu.be/v6XeC5wU2s4)\n + [OpenBSD 6.3 jwm and rox desktop](https://youtu.be/jlSK2oi7CBc)\n + [OpenBSD 6.3 cwm youtube video](https://youtu.be/mgqNyrP2CPs)\n+ [pf: Increase default state table size](https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=336221)\n***\n\n**Tarsnap**\n\n##Feedback/Questions\n+ Ben Sims - [Full feed?](http://dpaste.com/3XVH91T#wrap)\n+ Scott - [Questions and Comments](http://dpaste.com/08P34YN#wrap)\n+ Troels - [Features of FreeBSD 11.2 that deserve a mention](http://dpaste.com/3DDPEC2#wrap)\n+ [Fred - Show Ideas](http://dpaste.com/296ZA0P#wrap)\n***\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)\n***\n\n***\n\niXsystems [It's all NAS](https://www.ixsystems.com/blog/its-all-nas/)\n","content_html":"\u003cp\u003eWhat ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSBlockPointers\"\u003eWhat ZFS block pointers are and what’s in them\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF):\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBlock pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003evarious metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to.\u003c/li\u003e\n\u003cli\u003eUp to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata).\u003c/li\u003e\n\u003cli\u003eThe logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s).\u003c/li\u003e\n\u003cli\u003eThe txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal.\u003c/li\u003e\n\u003cli\u003eThe checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJust like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e(The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHowever, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e(ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/\"\u003eRewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eExploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.\u003cbr\u003e\nThe offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement.\u003cbr\u003e\nThe company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD zero-day rewards will be on par with Linux payouts\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000.\u003cbr\u003e\nIn another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.\u003cbr\u003e\nZerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros.\u003cbr\u003e\nThe company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions.\u003cbr\u003e\nPayouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eZero-day price varies based on exploitation chain\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said.\u003cbr\u003e\nOther factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eZero-days in servers “can reach exceptional amounts”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email.\u003cbr\u003e\nAsked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following:\u003cbr\u003e\n\u0026quot;Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.”\u003cbr\u003e\n“We may also react to customers’ requests and their operational needs,” Bekrar said.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s becoming a crowded market\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals.\u003cbr\u003e\nThe latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ca href=\"https://twitter.com/Zerodium/status/1012007051466162177\"\u003eTwitter Announcement\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigital Ocean\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"http://do.co/bsdnow\"\u003ehttp://do.co/bsdnow\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://euroquis.nl/bobulate/?p=1915\"\u003eKDE on FreeBSD – June 2018\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003ehttp://FreeBSD.kde.org | Bleeding edge \nhttp://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn no particular order:\u003c/li\u003e\n\u003cli\u003eQt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile.\u003c/li\u003e\n\u003cli\u003eOur collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though.\u003c/li\u003e\n\u003cli\u003eKDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs.\u003c/li\u003e\n\u003cli\u003eSimilarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer.\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://freebsd.kde.org\"\u003efreebsd.kde.org\u003c/a\u003e website has been slightly updated; it was terribly out-of-date.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for \u003ca href=\"https://www.angrycane.com.br/wp-content/uploads/2018/06/download_flamingo_and_display.txt\"\u003ethe amazing application for downloading and displaying a flamingo\u003c/a\u003e … niche usecases FTW)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2018-July/001836.html\"\u003eNew FreeBSD Core Team Elected\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eActive committers to the project have elected your tenth FreeBSD Core\u003cbr\u003e\nTeam.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAllan Jude (allanjude)\u003c/li\u003e\n\u003cli\u003eBenedict Reuschling (bcr)\u003c/li\u003e\n\u003cli\u003eBrooks Davis (brooks)\u003c/li\u003e\n\u003cli\u003eHiroki Sato (hrs)\u003c/li\u003e\n\u003cli\u003eJeff Roberson (jeff)\u003c/li\u003e\n\u003cli\u003eJohn Baldwin (jhb)\u003c/li\u003e\n\u003cli\u003eKris Moore (kmoore)\u003c/li\u003e\n\u003cli\u003eSean Chittenden (seanc)\u003c/li\u003e\n\u003cli\u003eWarner Losh (imp)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet’s extend our gratitude to the outgoing Core Team members:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBaptiste Daroussin (bapt)\u003c/li\u003e\n\u003cli\u003eBenno Rice (benno)\u003c/li\u003e\n\u003cli\u003eEd Maste (emaste)\u003c/li\u003e\n\u003cli\u003eGeorge V. Neville-Neil (gnn)\u003c/li\u003e\n\u003cli\u003eMatthew Seaman (matthew)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMatthew, after having served as the Core Team Secretary for the past\u003cbr\u003e\nfour years, will be stepping down from that role.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Core Team would also like to thank Dag-Erling Smørgrav for running a\u003cbr\u003e\nflawless election.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo read about the responsibilities of the Core Team, refer to \u003ca href=\"https://www.freebsd.org/administration.html#t-core\"\u003ehttps://www.freebsd.org/administration.html#t-core\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://mail-index.netbsd.org/tech-net/2018/06/26/msg006943.html\"\u003eNetBSD WiFi refresh\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%\u003ca href=\"http://NetBSD.org\"\u003eNetBSD.org\u003c/a\u003e@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code.  The goals of the project are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMinimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier.\u003c/li\u003e\n\u003cli\u003eAdding support for the newer protocols 801.11/N and 802.11/AC.\u003c/li\u003e\n\u003cli\u003eImproving SMP support in the IEEE 802.11 stack.\u003c/li\u003e\n\u003cli\u003eAdding Virtual Access Point (VAP) support.\u003c/li\u003e\n\u003cli\u003eUpdating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eStatus reports will be posted to tech-net%\u003ca href=\"http://NetBSD.org\"\u003eNetBSD.org\u003c/a\u003e@localhost every other week\u003cbr\u003e\nwhile the contract is active.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://github.com/billziss-gh/pmci\"\u003ePoor Man’s CI - Hosted CI for BSD with shell scripting and duct tape\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePoor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePoor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eARCHITECTURE\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePoor Man’s CI consists of the following components and their interactions:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eController: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eListener: Listens for GitHub push events and posts them as work messages to the workq PubSub.\u003c/li\u003e\n\u003cli\u003eDispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build.\u003c/li\u003e\n\u003cli\u003eCollector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003ePubSub Topics:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eworkq: Transports work messages that contain the link of the repository to build.\u003c/li\u003e\n\u003cli\u003epoolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq.\u003c/li\u003e\n\u003cli\u003edoneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003ebuilder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script.\u003c/p\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003eBuild Logs: A Storage bucket that contains the logs of builds performed by builder instances.\u003c/p\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003eLogging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq.\u003c/p\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003c/p\u003e\n\n\u003cp\u003eBUGS\u003c/p\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003c/ul\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see \u003ca href=\"https://tinyurl.com/ybkycuub\"\u003ehttps://tinyurl.com/ybkycuub\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e$ ./pmci queue_post poolq builder0\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e# ./pmci queue_post poolq builder1\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003e# ... repeat for as many builders as you want\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see \u003ca href=\"https://tinyurl.com/yb2vbwfd\"\u003ehttps://tinyurl.com/yb2vbwfd\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.danielisz.org/2018/06/21/the-power-of-ctrlt/\"\u003eThe Power of Ctrl-T\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDid you know that you can check what a process is doing by pressing CTRL+T?\u003cbr\u003e\nHas it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running.  This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal.\u003cbr\u003e\nOn FreeBSD it looks like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eping pingtest.com\nPING pingtest.com (5.22.149.135): 56 data bytes\n64 bytes from 5.22.149.135: icmp_seq=0 ttl=51 time=86.232 ms\n64 bytes from 5.22.149.135: icmp_seq=1 ttl=51 time=85.477 ms\n64 bytes from 5.22.149.135: icmp_seq=2 ttl=51 time=85.493 ms\n64 bytes from 5.22.149.135: icmp_seq=3 ttl=51 time=85.211 ms\n64 bytes from 5.22.149.135: icmp_seq=4 ttl=51 time=86.002 ms\nload: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k\n5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max\n64 bytes from 5.22.149.135: icmp_seq=5 ttl=51 time=85.725 ms\n64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs you can see it not only outputs the name of the running command but the following parameters as well:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e94371 – PID\n4.70r – since when is the process running\n0.00u – user time\n0.00s – system time\n0% – CPU usage\n2500k – resident set size of the process or RSS\n``\n\n\u0026gt; An even better example is with the following cp command:\n\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003ecp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null\u003cbr\u003e\nload: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 15%\u003cbr\u003e\nload: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 32%\u003cbr\u003e\nload: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 49%\u003cbr\u003e\nload: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 64%\u003cbr\u003e\nload: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 79%\u003cbr\u003e\nload: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso -\u0026gt; /dev/null 95%\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\n\u0026gt; I prcessed CTRL+T six times.  Without that, all the output would have been is the first line.\n\n\u0026gt; Another example how the process is changing states:\n\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003ewget \u003ca href=\"https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso\"\u003ehttps://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso\u003c/a\u003e\u003cbr\u003e\n–2018-06-17 18:47:48– \u003ca href=\"https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso\"\u003ehttps://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso\u003c/a\u003e\u003cbr\u003e\nResolving \u003ca href=\"http://download.freebsd.org\"\u003edownload.freebsd.org\u003c/a\u003e (\u003ca href=\"http://download.freebsd.org\"\u003edownload.freebsd.org\u003c/a\u003e)… 96.47.72.72, 2610:1c1:1:606c::15:0\u003cbr\u003e\nConnecting to \u003ca href=\"http://download.freebsd.org\"\u003edownload.freebsd.org\u003c/a\u003e (\u003ca href=\"http://download.freebsd.org\"\u003edownload.freebsd.org\u003c/a\u003e)|96.47.72.72|:443… connected.\u003cbr\u003e\nHTTP request sent, awaiting response… 200 OK\u003cbr\u003e\nLength: 3348465664 (3.1G) [application/octet-stream]\u003cbr\u003e\nSaving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’\u003c/p\u003e\n\n\u003cp\u003eFreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[\u0026gt; ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[\u0026gt; ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=\u0026gt; ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=\u0026gt; ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s\u003cbr\u003e\nFreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============\u0026gt; ] 460.23M 7.01MB/s eta 9m 0s 1\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\n\u0026gt; The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X:\n\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e—\u0026gt; Fetching distfiles for gmp\u003cbr\u003e\n—\u0026gt; Attempting to fetch gmp-6.1.2.tar.bz2 from \u003ca href=\"https://distfiles.macports.org/gmp\"\u003ehttps://distfiles.macports.org/gmp\u003c/a\u003e\u003cbr\u003e\n—\u0026gt; Verifying checksums for gmp\u003cbr\u003e\n—\u0026gt; Extracting gmp\u003cbr\u003e\n—\u0026gt; Applying patches to gmp\u003cbr\u003e\n—\u0026gt; Configuring gmp\u003cbr\u003e\nload: 2.81 cmd: clang 74287 running 0.31u 0.28s\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\n\u0026gt; PS: If I recall correctly Feld showed me CTRL+T, thank you!\n\n***\n\n\n##Beastie Bits\n+ [Half billion tries for a HAMMER2 bug](http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html)\n+ OpenBSD with various Desktops\n + [OpenBSD 6.3 running twm window manager](https://youtu.be/v6XeC5wU2s4)\n + [OpenBSD 6.3 jwm and rox desktop](https://youtu.be/jlSK2oi7CBc)\n + [OpenBSD 6.3 cwm youtube video](https://youtu.be/mgqNyrP2CPs)\n+ [pf: Increase default state table size](https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=336221)\n***\n\n**Tarsnap**\n\n##Feedback/Questions\n+ Ben Sims - [Full feed?](http://dpaste.com/3XVH91T#wrap)\n+ Scott - [Questions and Comments](http://dpaste.com/08P34YN#wrap)\n+ Troels - [Features of FreeBSD 11.2 that deserve a mention](http://dpaste.com/3DDPEC2#wrap)\n+ [Fred - Show Ideas](http://dpaste.com/296ZA0P#wrap)\n***\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)\n***\n\n***\n\niXsystems [It's all NAS](https://www.ixsystems.com/blog/its-all-nas/)\n\u003c/code\u003e\u003c/pre\u003e","summary":"What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.","date_published":"2018-07-18T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ca9b19c1-e202-45d6-ac45-d0048a734c45.mp3","mime_type":"audio/mp3","size_in_bytes":48457846,"duration_in_seconds":4827}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2259","title":"Episode 254: Bare the OS | BSD Now 254","url":"https://www.bsdnow.tv/254","content_text":"Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.\n\n##Headlines\n###Silent Fanless FreeBSD Desktop/Server\n\n\nToday I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multa##Headlines\n###Cross-DSO CFI in HardenedBSD\nControl Flow Integrity, or CFI, raises the bar for attackers aiming to hijack control flow and execute arbitrary code. The llvm compiler toolchain, included and used by default in HardenedBSD 12-CURRENT/amd64, supports forward-edge CFI. Backward-edge CFI support is gained via a tangential feature called SafeStack. Cross-DSO CFI builds upon ASLR and PaX NOEXEC for effectiveness.\nHardenedBSD supports non-Cross-DSO CFI in base for 12-CURRENT/amd64 and has it enabled for a few individual ports. The term “non-Cross-DSO CFI” means that CFI is enabled for code within an application’s codebase, but not for the shared libraries it depends on. Supporting non-Cross-DSO CFI is an important initial milestone for supporting Cross-DSO CFI, or CFI applied to both shared libraries and applications.\nThis article discusses where HardenedBSD stands with regards to Cross-DSO CFI in base. We have made a lot of progress, yet we’re not even half-way there.\nBrace yourself: This article is going to be full of references to “Cross-DSO CFI.” Make a drinking game out of it. Or don’t. It’s your call. ;)\n\n\n\nUsing More llvm Toolchain Components\n\n\n\nCFI requires compiling source files with Link-Time Optimization (LTO). I remembered hearing a few years back that llvm developers were able to compile the entirety of FreeBSD’s source code with LTO. Compiling with LTO produces intermediate object files as LLVM IR bitcode instead of ELF objects.\nIn March of 2017, we started compiling all applications with LTO and non-Cross-DSO CFI. This also enabled ld.lld as the default linker in base since CFI requires lld. Commit f38b51668efcd53b8146789010611a4632cafade made the switch to ld.lld as the default linker while enabling non-Cross-DSO CFI at the same time.\nBuilding libraries in base requires applications like ar, ranlib, nm, and objdump. In FreeBSD 12-CURRENT, ar and ranlib are known as “BSD ar” and “BSD ranlib.” In fact, ar and ranlib are the same applications. One is hardlinked to another and the application changes behavior depending on arvgv[0] ending in “ranlib”. The ar, nm, and objdump used in FreeBSD do not support LLVM IR bitcode object files.\nIn preparation for Cross-DSO CFI support, commit fe4bb0104fc75c7216a6dafe2d7db0e3f5fe8257 in October 2017 saw HardenedBSD switching ar, ranlib, nm, and objdump to their respective llvm components. The llvm versions due support LLVM IR bitcode object files (surprise!) There has been some fallout in the ports tree and we’ve added LLVM_AR_UNSAFE and friends to help transition those ports that dislike llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump.\nWith ld.lld, llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump the default, HardenedBSD has effectively switched to a full llvm compiler toolchain in 12-CURRENT/amd64.\n\n\n\nBuilding Libraries With LTO\n\n\n\nThe primary 12-CURRENT development branch in HardenedBSD (hardened/current/master) only builds applications with LTO as mentioned in the secion above. My first attempt at building all static and shared libraries failed due to issues within llvm itself.\nI reported these issues to FreeBSD. Ed Maste (emaste@), Dimitry Andric (dim@), and llvm’s Rafael Espindola expertly helped address these issues. Various commits within the llvm project by Rafael fully and quickly resolved the issues brought up privately in emails.\nWith llvm fixed, I could now build nearly every library in base with LTO. I noticed, however, that if I kept non-Cross-DSO CFI and SafeStack enabled, all applications would segfault. Even simplistic applications like /bin/ls.\nDisabling both non-Cross-DSO CFI and SafeStack, but keeping LTO produced a fully functioning world! I have spent the last few months figuring out why enabling either non-Cross-DSO CFI or SafeStack caused issues. This brings us to today.\n\n\n\nThe Sanitizers in FreeBSD\n\n\n\nFreeBSD brought in all the files required for SafeStack and CFI. When compiling with SafeStack, llvm statically links a full sanitization framework into the application. FreeBSD includes a full copy of the sanitization framework in SafeStack, including the common C++ sanization namespaces. Thus, libclang_rt.safestack included code meant to be shared among all the sanitizers, not just SafeStack.\nI had naively taken a brute-force approach to setting up the libclang_rt.cfi static library. I copied the Makefile from libclang_rt.safestack and used that as a template for libclang_rt.cfi. This approach was incorrect due to breaking the One Definition Rule (ODR). Essentially, I ended up including a duplicate copy of the C++ classes and sanitizer runtime if both CFI and SafeStack were used.\nIn my Cross-DSO CFI development VM, I now have SafeStack disabled across-the-board and am only compiling in CFI. As of 26 May 2018, an LTO-ified world (libs + apps) works in my limited testing. /bin/ls does not crash anymore! The second major milestone for Cross-DSO CFI has now been reached.\n\n\n\nKnown Issues And Limitations\n\n\n\nThere are a few known issues and regressions. Note that this list of known issues essentially also constitutes a “work-in-progress” and every known issue will be fixed prior to the official launch of Cross-DSO CFI.\nIt seems llvm does not like statically compiling applications with LTO that have a mixture of C and C++ code. /sbin/devd is one of these applications. As such, when Cross-DSO CFI is enabled, devd is compiled as a Position-Independent Executable (PIE). Doing this breaks UFS systems where /usr is on a separate partition. We are currently looking into solving this issue to allow devd to be statically compiled again.\nNO_SHARED is now unset in the tools build stage (aka, bootstrap-tools, cross-tools). This is related to the static compilation issue above. Unsetting NO_SHARED for to tools build stage is only a band-aid until we can resolve static compliation with LTO.\nOne goal of our Cross-DSO CFI integration work is to be able to support the cfi-icall scheme when dlopen(3) and dlsym(3)/dlfunc(3) is used. This means the runtime linker (RTLD), must be enhanced to know and care about the CFI runtime. This enhancement is not currently implemented, but is planned.\nWhen Cross-DSO CFI is enabled, SafeStack is disabled. This is because compiling with Cross-DSO CFI brings in a second copy of the sanitizer runtime, violating the One Definition Rule (ODR). Resolving this issue should be straightforward: Unify the sanitizer runtime into a single common library that both Cross-DSO CFI and SafeStack can link against.  When the installed world has Cross-DSO CFI enabled, performing a buildworld with Cross-DSO CFI disabled fails. This is somewhat related to the static compilation issue described above.\n\n\n\nCurrent Status\n\n\n\nI’ve managed to get a Cross-DSO CFI world booting on bare metal (my development laptop) and in a VM. Some applications failed to work. Curiously, Firefox still worked (which also means xorg works).\nI’m now working through the known issues list, researching and learning.\n\n\n\nFuture Work\n\n\n\nFixing pretty much everything in the “Known Issues And Limitations” section. ;P\nI need to create a static library that includes only a single copy of the common sanitizer framework code. Applications compiled with CFI or SafeStack will then only have a single copy of the framework.\nNext I will need to integrate support in the RTLD for Cross-DSO CFI. Applications with the cfi-icall scheme enabled that call functions resolved through dlsym(3) currently crash due to the lack of RTLD support. I need to make a design decision as to whether to only support adding cfi-icall whitelist entries only with dlfunc(3) or to also whitelist cfi-icall entries with the more widely used dlsym(3).\nThere’s likely more items in the “TODO” bucket that I am not currently aware of. I’m treading in uncharted territory. I have no firm ETA for any bit of this work. We may gain Cross-DSO CFI support in 2018, but it’s looking like it will be later in either 2019 or 2020.\n\n\n\nConclusion\n\n\n\nI have been working on Cross-DSO CFI support in HardenedBSD for a little over a year now. A lot of progress is being made, yet there’s still some major hurdles to overcome. This work has already helped improve llvm and I hope more commits upstream to both FreeBSD and llvm will happen.\nWe’re getting closer to being able to send out a preliminary Call For Testing (CFT). At the very least, I would like to solve the static linking issues prior to publishing the CFT. Expect it to be published before the end of 2018.\nI would like to thank Ed Maste, Dimitry Andric, and Rafael Espindola for their help, guidance, and support.\n\n\n\n\niXsystems\nFreeNAS 11.2-BETAs are starting to appear\n\n###Bareos Backup Server on FreeBSD\n\n\nEver heard about Bareos? Probably heard about Bacula. Read what is the difference here – Why Bareos forked from Bacula?\nBareos (Backup Archiving Recovery Open Sourced) is a network based open source backup solution. It is 100% open source fork of the backup project from bacula.org site. The fork is in development since late 2010 and it has a lot of new features. The source is published on github and licensed under AGPLv3 license. Bareos supports ‘Always Incremental backup which is interesting especially for users with big data. The time and network capacity consuming full backups only have to be taken once. Bareos comes with WebUI for administration tasks and restore file browser. Bareos can backup data to disk and to tape drives as well as tape libraries. It supports compression and encryption both hardware-based (like on LTO tape drives) and software-based. You can also get professional services and support from Bareos as well as Bareos subscription service that provides you access to special quality assured installation packages.\n\n\n\nI started my sysadmin job with backup system as one of the new responsibilities, so it will be like going back to the roots. As I look on the ‘backup’ market it is more and more popular – especially in cloud oriented environments – to implement various levels of protection like GOLD, SILVER and BRONZE for example. They of course have different retention times, number of backups kept, different RTO and RPO. Below is a example implementation of BRONZE level backups in Bareos. I used 3 groups of A, B and C with FULL backup starting on DAY 0 (A group), DAY 1 (B group) and DAY 2 (C group).\nThis way you still have FULL backups quite often and with 3 groups you can balance the network load. I for the days that we will not be doing FULL backups we will be doing DIFFERENTIAL backups. People often confuse them with INCREMENTAL backups. The difference is that DIFFERENTIAL backups are always against FULL backup, so its always ‘one level of combining’. INCREMENTAL ones are done against last done backup TYPE, so its possible to have 100+ levels of combining against 99 earlier INCREMENTAL backups and the 1 FULL backup. That is why I prefer DIFFERENTIAL ones here, faster recovery. That is all backups is about generally, recovery, some people/companies tend to forget that.\nThe implementation of BRONZE in these three groups is not perfect, but ‘does the job’. I also made ‘simulation’ how these group will overlap at the end/beginning of the month, here is the result.\nNot bad for my taste.\n\n\n\nToday I will show you how to install and configure Bareos Server based on FreeBSD operating system. It will be the most simplified setup with all services on single machine:\n\n\n\nbareos-dir\nbareos-sd\nbareos-webui\nbareos-fd\n\n\n\nI also assume that in order to provide storage space for the backup data itself You would mount resources from external NFS shares.\n\n\n\nTo get in touch with Bareos terminology and technology check their great Manual in HTML or PDF version depending which format You prefer for reading documentation. Also their FAQ provides a lot of needed answers.\n\n\n\nAlso this diagram may be useful for You to get some grip into the Bareos world.\n\n\n\nSystem\n\n\n\nAs every system needs to have its name we will use latin word closest to backup here – replica – for our FreeBSD system hostname. The install would be generally the same as in the FreeBSD Desktop – Part 2 – Install article. Here is our installed FreeBSD system with login prompt.\n","content_html":"\u003cp\u003eControl flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/\"\u003eSilent Fanless FreeBSD Desktop/Server\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multa##Headlines\u003cbr\u003e\n###\u003ca href=\"https://github.com/lattera/articles/blob/master/hardenedbsd/2018-05-26_cross-dso-cfi/article.md\"\u003eCross-DSO CFI in HardenedBSD\u003c/a\u003e\u003cbr\u003e\nControl Flow Integrity, or CFI, raises the bar for attackers aiming to hijack control flow and execute arbitrary code. The llvm compiler toolchain, included and used by default in HardenedBSD 12-CURRENT/amd64, supports forward-edge CFI. Backward-edge CFI support is gained via a tangential feature called SafeStack. Cross-DSO CFI builds upon ASLR and PaX NOEXEC for effectiveness.\u003cbr\u003e\nHardenedBSD supports non-Cross-DSO CFI in base for 12-CURRENT/amd64 and has it enabled for a few individual ports. The term “non-Cross-DSO CFI” means that CFI is enabled for code within an application’s codebase, but not for the shared libraries it depends on. Supporting non-Cross-DSO CFI is an important initial milestone for supporting Cross-DSO CFI, or CFI applied to both shared libraries and applications.\u003cbr\u003e\nThis article discusses where HardenedBSD stands with regards to Cross-DSO CFI in base. We have made a lot of progress, yet we’re not even half-way there.\u003cbr\u003e\nBrace yourself: This article is going to be full of references to “Cross-DSO CFI.” Make a drinking game out of it. Or don’t. It’s your call. ;)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsing More llvm Toolchain Components\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCFI requires compiling source files with Link-Time Optimization (LTO). I remembered hearing a few years back that llvm developers were able to compile the entirety of FreeBSD’s source code with LTO. Compiling with LTO produces intermediate object files as LLVM IR bitcode instead of ELF objects.\u003cbr\u003e\nIn March of 2017, we started compiling all applications with LTO and non-Cross-DSO CFI. This also enabled ld.lld as the default linker in base since CFI requires lld. Commit f38b51668efcd53b8146789010611a4632cafade made the switch to ld.lld as the default linker while enabling non-Cross-DSO CFI at the same time.\u003cbr\u003e\nBuilding libraries in base requires applications like ar, ranlib, nm, and objdump. In FreeBSD 12-CURRENT, ar and ranlib are known as “BSD ar” and “BSD ranlib.” In fact, ar and ranlib are the same applications. One is hardlinked to another and the application changes behavior depending on arvgv[0] ending in “ranlib”. The ar, nm, and objdump used in FreeBSD do not support LLVM IR bitcode object files.\u003cbr\u003e\nIn preparation for Cross-DSO CFI support, commit fe4bb0104fc75c7216a6dafe2d7db0e3f5fe8257 in October 2017 saw HardenedBSD switching ar, ranlib, nm, and objdump to their respective llvm components. The llvm versions due support LLVM IR bitcode object files (surprise!) There has been some fallout in the ports tree and we’ve added LLVM_AR_UNSAFE and friends to help transition those ports that dislike llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump.\u003cbr\u003e\nWith ld.lld, llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump the default, HardenedBSD has effectively switched to a full llvm compiler toolchain in 12-CURRENT/amd64.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBuilding Libraries With LTO\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe primary 12-CURRENT development branch in HardenedBSD (hardened/current/master) only builds applications with LTO as mentioned in the secion above. My first attempt at building all static and shared libraries failed due to issues within llvm itself.\u003cbr\u003e\nI reported these issues to FreeBSD. Ed Maste (emaste@), Dimitry Andric (dim@), and llvm’s Rafael Espindola expertly helped address these issues. Various commits within the llvm project by Rafael fully and quickly resolved the issues brought up privately in emails.\u003cbr\u003e\nWith llvm fixed, I could now build nearly every library in base with LTO. I noticed, however, that if I kept non-Cross-DSO CFI and SafeStack enabled, all applications would segfault. Even simplistic applications like /bin/ls.\u003cbr\u003e\nDisabling both non-Cross-DSO CFI and SafeStack, but keeping LTO produced a fully functioning world! I have spent the last few months figuring out why enabling either non-Cross-DSO CFI or SafeStack caused issues. This brings us to today.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Sanitizers in FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD brought in all the files required for SafeStack and CFI. When compiling with SafeStack, llvm statically links a full sanitization framework into the application. FreeBSD includes a full copy of the sanitization framework in SafeStack, including the common C++ sanization namespaces. Thus, libclang_rt.safestack included code meant to be shared among all the sanitizers, not just SafeStack.\u003cbr\u003e\nI had naively taken a brute-force approach to setting up the libclang_rt.cfi static library. I copied the Makefile from libclang_rt.safestack and used that as a template for libclang_rt.cfi. This approach was incorrect due to breaking the One Definition Rule (ODR). Essentially, I ended up including a duplicate copy of the C++ classes and sanitizer runtime if both CFI and SafeStack were used.\u003cbr\u003e\nIn my Cross-DSO CFI development VM, I now have SafeStack disabled across-the-board and am only compiling in CFI. As of 26 May 2018, an LTO-ified world (libs + apps) works in my limited testing. /bin/ls does not crash anymore! The second major milestone for Cross-DSO CFI has now been reached.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eKnown Issues And Limitations\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are a few known issues and regressions. Note that this list of known issues essentially also constitutes a “work-in-progress” and every known issue will be fixed prior to the official launch of Cross-DSO CFI.\u003cbr\u003e\nIt seems llvm does not like statically compiling applications with LTO that have a mixture of C and C++ code. /sbin/devd is one of these applications. As such, when Cross-DSO CFI is enabled, devd is compiled as a Position-Independent Executable (PIE). Doing this breaks UFS systems where /usr is on a separate partition. We are currently looking into solving this issue to allow devd to be statically compiled again.\u003cbr\u003e\nNO_SHARED is now unset in the tools build stage (aka, bootstrap-tools, cross-tools). This is related to the static compilation issue above. Unsetting NO_SHARED for to tools build stage is only a band-aid until we can resolve static compliation with LTO.\u003cbr\u003e\nOne goal of our Cross-DSO CFI integration work is to be able to support the cfi-icall scheme when dlopen(3) and dlsym(3)/dlfunc(3) is used. This means the runtime linker (RTLD), must be enhanced to know and care about the CFI runtime. This enhancement is not currently implemented, but is planned.\u003cbr\u003e\nWhen Cross-DSO CFI is enabled, SafeStack is disabled. This is because compiling with Cross-DSO CFI brings in a second copy of the sanitizer runtime, violating the One Definition Rule (ODR). Resolving this issue should be straightforward: Unify the sanitizer runtime into a single common library that both Cross-DSO CFI and SafeStack can link against.  When the installed world has Cross-DSO CFI enabled, performing a buildworld with Cross-DSO CFI disabled fails. This is somewhat related to the static compilation issue described above.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCurrent Status\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve managed to get a Cross-DSO CFI world booting on bare metal (my development laptop) and in a VM. Some applications failed to work. Curiously, Firefox still worked (which also means xorg works).\u003cbr\u003e\nI’m now working through the known issues list, researching and learning.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFuture Work\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFixing pretty much everything in the “Known Issues And Limitations” section. ;P\u003cbr\u003e\nI need to create a static library that includes only a single copy of the common sanitizer framework code. Applications compiled with CFI or SafeStack will then only have a single copy of the framework.\u003cbr\u003e\nNext I will need to integrate support in the RTLD for Cross-DSO CFI. Applications with the cfi-icall scheme enabled that call functions resolved through dlsym(3) currently crash due to the lack of RTLD support. I need to make a design decision as to whether to only support adding cfi-icall whitelist entries only with dlfunc(3) or to also whitelist cfi-icall entries with the more widely used dlsym(3).\u003cbr\u003e\nThere’s likely more items in the “TODO” bucket that I am not currently aware of. I’m treading in uncharted territory. I have no firm ETA for any bit of this work. We may gain Cross-DSO CFI support in 2018, but it’s looking like it will be later in either 2019 or 2020.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been working on Cross-DSO CFI support in HardenedBSD for a little over a year now. A lot of progress is being made, yet there’s still some major hurdles to overcome. This work has already helped improve llvm and I hope more commits upstream to both FreeBSD and llvm will happen.\u003cbr\u003e\nWe’re getting closer to being able to send out a preliminary Call For Testing (CFT). At the very least, I would like to solve the static linking issues prior to publishing the CFT. Expect it to be published before the end of 2018.\u003cbr\u003e\nI would like to thank Ed Maste, Dimitry Andric, and Rafael Espindola for their help, guidance, and support.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003cbr\u003e\nFreeNAS 11.2-BETAs are starting to appear\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://vermaden.wordpress.com/2018/05/01/bareos-backup-server-on-freebsd/\"\u003eBareos Backup Server on FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEver heard about Bareos? Probably heard about Bacula. Read what is the difference here – Why Bareos forked from Bacula?\u003cbr\u003e\nBareos (Backup Archiving Recovery Open Sourced) is a network based open source backup solution. It is 100% open source fork of the backup project from \u003ca href=\"http://bacula.org\"\u003ebacula.org\u003c/a\u003e site. The fork is in development since late 2010 and it has a lot of new features. The source is published on github and licensed under AGPLv3 license. Bareos supports ‘Always Incremental backup which is interesting especially for users with big data. The time and network capacity consuming full backups only have to be taken once. Bareos comes with WebUI for administration tasks and restore file browser. Bareos can backup data to disk and to tape drives as well as tape libraries. It supports compression and encryption both hardware-based (like on LTO tape drives) and software-based. You can also get professional services and support from Bareos as well as Bareos subscription service that provides you access to special quality assured installation packages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI started my sysadmin job with backup system as one of the new responsibilities, so it will be like going back to the roots. As I look on the ‘backup’ market it is more and more popular – especially in cloud oriented environments – to implement various levels of protection like GOLD, SILVER and BRONZE for example. They of course have different retention times, number of backups kept, different RTO and RPO. Below is a example implementation of BRONZE level backups in Bareos. I used 3 groups of A, B and C with FULL backup starting on DAY 0 (A group), DAY 1 (B group) and DAY 2 (C group).\u003cbr\u003e\nThis way you still have FULL backups quite often and with 3 groups you can balance the network load. I for the days that we will not be doing FULL backups we will be doing DIFFERENTIAL backups. People often confuse them with INCREMENTAL backups. The difference is that DIFFERENTIAL backups are always against FULL backup, so its always ‘one level of combining’. INCREMENTAL ones are done against last done backup TYPE, so its possible to have 100+ levels of combining against 99 earlier INCREMENTAL backups and the 1 FULL backup. That is why I prefer DIFFERENTIAL ones here, faster recovery. That is all backups is about generally, recovery, some people/companies tend to forget that.\u003cbr\u003e\nThe implementation of BRONZE in these three groups is not perfect, but ‘does the job’. I also made ‘simulation’ how these group will overlap at the end/beginning of the month, here is the result.\u003cbr\u003e\nNot bad for my taste.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday I will show you how to install and configure Bareos Server based on FreeBSD operating system. It will be the most simplified setup with all services on single machine:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ebareos-dir\u003c/li\u003e\n\u003cli\u003ebareos-sd\u003c/li\u003e\n\u003cli\u003ebareos-webui\u003c/li\u003e\n\u003cli\u003ebareos-fd\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI also assume that in order to provide storage space for the backup data itself You would mount resources from external NFS shares.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo get in touch with Bareos terminology and technology check their great Manual in HTML or PDF version depending which format You prefer for reading documentation. Also their FAQ provides a lot of needed answers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlso this diagram may be useful for You to get some grip into the Bareos world.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSystem\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs every system needs to have its name we will use latin word closest to backup here – replica – for our FreeBSD system hostname. The install would be generally the same as in the FreeBSD Desktop – Part 2 – Install article. Here is our installed FreeBSD system with login prompt.\u003c/p\u003e\n\u003c/blockquote\u003e","summary":"Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.","date_published":"2018-07-12T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d28fb670-e841-4f88-b58f-768d8876f126.mp3","mime_type":"audio/mp3","size_in_bytes":54900530,"duration_in_seconds":5483}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2208","title":"Episode 253: Silence of the Fans | BSD Now 253","url":"https://www.bsdnow.tv/253","content_text":"Fanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD's Korn Shell on Plan9, static site generators on OpenBSD, and more.\n\n##Headlines\n###Silent Fanless FreeBSD Desktop/Server\n\n\nToday I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multiple purposes. It also very low power solution, which also means that it will not overheat. Silent means no fans at all, even for the PSU. The format of the system should also be brought to minimum, so Mini-ITX seems best solution here.\n\n\n\nI have chosen Intel based solutions as they are very low power (6-10W), if you prefer AMD (as I often do) the closest solution in comparable price and power is Biostar A68N-2100 motherboard with AMD E1-2100 CPU and 9W power. Of course AMD has even more low power SoC solutions but finding the Mini-ITX motherboard with decent price is not an easy task. For comparison Intel has lots of such solutions below 6W whose can be nicely filtered on the ark.intel.com page. Pity that AMD does not provide such filtration for their products. I also chosen AES instructions as storage encryption (GELI on FreeBSD) today seems as obvious as HTTPS for the web pages.\n\n\n\nHere is how the system look powered up and working\n\n\n\nThis motherboard uses Intel J3355 SoC which uses 10W and has AES instructions. It has two cores at your disposal but it also supports VT-x and EPT extensions so you can even run Bhyve on it.\n\n\n\nComponents\n\n\n\nNow, an example system would look like that one below, here are the components with their prices.\n\n\n\n$49  CPU/Motherboard ASRock J3355B-ITX Mini-ITX\n$14  RAM Crucial 4 GB DDR3L 1.35V (low power)\n$17  PSU 12V 160W Pico (internal)\n$11  PSU 12V 96W FSP (external)\n$5  USB 2.0 Drive 16 GB ADATA\n$4  USB Wireless 802.11n\n$100  TOTAL\n\n\n\nThe PSU 12V 160W Pico (internal) and PSU 12V 96W FSP can be purchased on aliexpress.com or ebay.com for example, at least I got them there.  Here is the 12V 160W Pico (internal) PSU and its optional additional cables to power the optional HDDs. If course its one SATA power and one MOLEX power so additional MOLEX-SATA power adapter for about 1$ would be needed. Here is the 12V 96W FSP (external) PSU without the power cord.\n\n\n\nThis gives as total silent fanless system price of about $120. Its about ONE TENTH OF THE COST of the cheapest FreeNAS hardware solution available – the FreeNAS Mini (Diskless) costs $1156 also without disks.\n\n\n\nYou can put plain FreeBSD on top of it or Solaris/Illumos distribution OmniOSce which is server oriented. You can use prebuilt NAS solution based on FreeBSD like FreeNAS, NAS4Free, ZFSguru or even Solaris/Illumos based storage with napp-it appliance.\n\n\n\n\n###An annotated look at a NetBSD Pinebook’s startup\n\n\nPinebook is an affordable 64-bit ARM notebook. Today we’re going to take a look at the kernel output at startup and talk about what hardware support is available on NetBSD.\nPhoto\nPinebook comes with 2GB RAM standard. A small amount of this is reserved by the kernel and framebuffer.\nNetBSD uses flattened device-tree (FDT) to enumerate devices on all Allwinner based SoCs. On a running system, you can inspect the device tree using the ofctl(8) utility:\nPinebook’s Allwinner A64 processor is based on the ARM Cortex-A53. It is designed to run at frequencies up to 1.2GHz.\nThe A64 is a quad core design. NetBSD’s aarch64 pmap does not yet support SMP, so three cores are disabled for now.\nThe interrupt controller is a standard ARM GIC-400 design.\nClock drivers for managing PLLs, module clock dividers, clock gating, software resets, etc. Information about the clock tree is exported in the hw.clk sysctl namespace (root access required to read these values).\n\n\n# sysctl hw.clk.sun50ia64ccu0.mmc2\nhw.clk.sun50ia64ccu0.mmc2.rate = 200000000\nhw.clk.sun50ia64ccu0.mmc2.parent = pll_periph0_2x\nhw.clk.sun50ia64ccu0.mmc2.parent_domain = sun50ia64ccu0\n\n\n\n\nDigital Ocean\nhttp://do.co/bsdnow\n\n###BSDCan 2018 Trip Report: Mark Johnston\n\n\nBSDCan is a highlight of my summers: the ability to have face-to-face conversations with fellow developers and contributors is invaluable and always helps refresh my enthusiasm for FreeBSD.  While in a perfect world we would all be able to communicate effectively over the Internet, it’s often noted that locking a group of developers together in a room can be a very efficient way to make progress on projects that otherwise get strung out over time, and to me this is one of the principal functions of BSD conferences.  In my case I was able to fix some kgdb bugs that had been hindering me for months; get some opinions on the design of a feature I’ve been working on for FreeBSD 12.0; hear about some ongoing usage of code that I’ve worked on; and do some pair-debugging of an issue that has been affecting another developer.\nAs is tradition, on Tuesday night I dropped off my things at the university residence where I was staying, and headed straight to the Royal Oak.  This year it didn’t seem quite as packed with BSD developers, but I did meet several long-time colleagues and get a chance to catch up.  In particular, I chatted with Justin Hibbits and got to hear about the bring-up of FreeBSD on POWER9, a new CPU family released by IBM.  Justin was able to acquire a workstation based upon this CPU, which is a great motivator for getting FreeBSD into shape on that platform.  POWER9 also has some promise in the server market, so it’s important for FreeBSD to be a viable OS choice there.\nWednesday morning saw the beginning of the two-day FreeBSD developer summit, which precedes the conference proper.  Gordon Tetlow led the summit and did an excellent job organizing things and keeping to the schedule.  The first presentation was by Deb Goodkin of the FreeBSD Foundation, who gave an overview of the Foundation’s role and activities. After Deb’s presentation, present members of the FreeBSD core team discussed the work they had done over the past two years, as well as open tasks that would be handed over to the new core team upon completion of the ongoing election.  Finally, Marius Strobl rounded off the day’s presentations by discussing the state and responsibilities of FreeBSD’s release engineering team.\nOne side discussion of interest to me was around the notion of tightening integration with our Bugzilla instance; at moment we do not have any good means to mark a given bug as blocking a release, making it easy for bugs to slip into releases and thus lowering our overall quality.  With FreeBSD 12.0 upon us, I plan to help with the triage and fixes for known regressions before the release process begins.\nAfter a break, the rest of the morning was devoted to plans for features in upcoming FreeBSD releases.  This is one of my favorite discussion topics and typically takes the form of have/need/want, where developers collectively list features that they’ve developed and intend to upstream (have), features that they are missing (need), and nice-to-have features (want).  This year, instead of the usual format, we listed features that are intended to ship in FreeBSD 12.0.  The compiled list ended up being quite ambitious given how close we are to the beginning of the release cycle, but many individual developers (including myself) have signed up to deliver work.  I’m hopeful that most, if not all of it, will make it into the release.\nAfter lunch, I attended a discussion led by Matt Ahrens and Alexander Motin on OpenZFS.  Of particular interest to me were some observations made regarding the relative quantity and quality of contributions made by different “camps” of OpenZFS users (illumos, FreeBSD and ZoL), and their respective track records of upstreaming enhancements to the OpenZFS project. In part due to the high pace of changes in ZoL, the definition of “upstream” for ZFS has become murky, and of late ZFS changes have been ported directly from ZoL.  Alexander discussed some known problems with ZFS on FreeBSD that have been discovered through performance testing.  While I’m not familiar with ZFS internals, Alexander noted that ZFS’ write path has poor SMP scalability on FreeBSD owing to some limitations in a certain kernel API called taskqueue(9).  I would like to explore this problem further and perhaps integrate a relatively new alternative interface which should perform better.\nFriday and Saturday were, of course, taken up by BSDCan talks.  Friday’s keynote was by Benno Rice, who provided some history of UNIX boot systems as a precursor to some discussion of systemd and the difficulties presented by a user and developer community that actively resist change.  The rest of the morning was consumed by talks and passed by quickly. First was Colin Percival’s detailed examination of where the FreeBSD kernel spends time during boot, together with an overview of some infrastructure he added to track boot times. He also provided a list of improvements that have been made since he started taking measurements, and some areas we can further improve.  Colin’s existing work in this area has already brought about substantial reductions in boot time; amusingly, one of the remaining large delays comes from the keyboard driver, which contains a workaround for old PS/2 keyboards.  While there seems to be general agreement that the workaround is probably no longer needed on most systems, the lingering uncertainty around this prevents us from removing the workaround.  This is, sadly, a fairly typical example of an OS maintenance burden, and underscores the need to carefully document hardware bug workarounds.  After this talk, I got to see some rather novel demonstrations of system tracing using dwatch, a new utility by Devin Teske, which aims to provide a user-friendly interface to DTrace.  After lunch, I attended talks on netdump, a protocol for transmitting kernel dumps over a network after the system has panicked, and on a VPC implementation for FreeBSD.  After the talks ended, I headed yet again to the hacker lounge and had some fruitful discussions on early microcode loading (one of my features for FreeBSD 12.0). These led me to reconsider some aspects of my approach and saved me a lot of time.  Finally, I continued my debugging session from Wednesday with help from a couple of other developers.\nSaturday’s talks included a very thorough account by Li-Wen Hsu of his work in organizing a BSD conference in Taipei last year.  As one of the attendees, I had felt that the conference had gone quite smoothly and was taken aback by the number of details and pitfalls that Li-Wen enumerated during his talk. This was followed by an excellent talk by Baptiste Daroussin on the difficulties one encounters when deploying FreeBSD in new environments. Baptiste offered criticisms of a number of aspects of FreeBSD, some of which hit close to home as they involved portions of the system that I’ve worked on.\nAt the conclusion of the talks, we all gathered in the main lecture hall, where Dan led a traditional and quite lively auction for charity.  I managed to snag a Pine64 board and will be getting FreeBSD installed on it the first chance I get.  At the end of the auction, we all headed to ByWard for dinner, concluding yet another BSDCan.\n\n\n\nThanks to Mark for sharing his experiences at this years BSDCan\n\n\n\n\n##News Roundup\n###Transparent network audio with mpd \u0026amp; sndiod\n\n\nLandry Breuil (landry@ when wearing his developer hat) wrote in…\n\n\nI've been a huge fan of MPD over the years to centralize my audio collection, and i've been using it with the http output to stream the music as a radio on the computer i'm currently using…\n\naudio_output {\n       type            \"sndio\"\n       name            \"Local speakers\"\n       mixer_type      \"software\"\n}\naudio_output {\n       type            \"httpd\"\n       name            \"HTTP stream\"\n       mixer_type      \"software\"\n       encoder         \"vorbis\"\n       port            \"8000\"\n       format          \"44100:16:2\"\n}\nthis setup worked for years, allows me to stream my home radio to $work by tunnelling the port 8000 over ssh via LocalForward, but that still has some issues:\n\na distinct timing gap between the 'local output' (ie the speakers connected to the machine where MPD is running) and the 'http output' caused by the time it takes to reencode the stream, which is ugly when you walk through the house and have a 15s delay\nsometimes mplayer as a client doesn't detect the pauses in the stream and needs to be restarted\ni need to configure/start a client on each computer and point it at the sound server url (can do via gmpc shoutcast client plugin…)\nit's not that elegant to reencode the stream, and it wastes cpu cycles\nSo the current scheme is:\n\nmpd -\u0026gt; http output -\u0026gt; network -\u0026gt; mplayer -\u0026gt; sndiod on remote machine\n|\n-\u0026gt; sndio output -\u0026gt; sndiod on soundserver\nFiddling a little bit with mpd outputs and reading the sndio output driver, i remembered sndiod has native network support… and the mpd sndio output allows you to specify a device (it uses SIO_DEVANY by default).\n\nSo in the end, it's super easy to:\n\nenable network support in sndio on the remote machine i want the audio to play by adding -L\u0026lt;local ip\u0026gt; to sndiod_flags (i have two audio devices, with an input coming from the webcam):\nsndiod_flags=\"-L10.246.200.10 -f rsnd/0 -f rsnd/1\"\nopen pf on port 11025 from the sound server ip:\npass in proto tcp from 10.246.200.1 to any port 11025\nconfigure a new output in mpd:\naudio_output {\n       type            \"sndio\"\n       name            \"sndio on renton\"\n       device          \"snd@10.246.200.10/0\"\n       mixer_type      \"software\"\n}\nand enable the new output in mpd:\n$mpc enable 2\nOutput 1 (Local speakers) is disabled\nOutput 2 (sndio on renton) is enabled\nOutput 3 (HTTP stream) is disabled\nResults in a big win: no gap anymore with the local speakers, no reencoding, no need to configure a client to play the stream, and i can still probably reproduce the same scheme over ssh from $work using a RemoteForward.\n\nmpd -\u0026gt; sndio output 2 -\u0026gt; network -\u0026gt; sndiod on remote machine\n|\n-\u0026gt; sndio output 1 -\u0026gt; sndiod on soundserver\nThanks ratchov@ for sndiod :)\n\n\n\n\n###MirBSD’s Korn Shell on Plan9 Jehanne\n\n\nLet start by saying that I’m not really a C programmer.\nMy last public contribution to a POSIX C program was a little improvement to the Snort’s react module back in 2008.\nSo while I know the C language well enough, I do not know anything about the subtleness of the standard library and I have little experience with POSIX semantics.\nThis is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX.\nSo I ported RedHat’s newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first.\nI approached MirBSD’s Korn Shell for several reason:\n\n\n\nit is simple, powerful and well written\nit has been ported to several different operating systems\nit has few dependencies\nit’s the default shell in Android, so it’s really battle tested\n\n\n\nI was very confident. I had read the POSIX standard after all! And I had a test suite!\nI remember, I thought “Given newlib, how hard can it be?”\nThe porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later.\nTurn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn’t understood most POSIX semantics at all!\n\n\n\n\niXsystems\n\n###Static site generator with rsync and lowdown on OpenBSD\n\n\n\nssg is a tiny POSIX-compliant shell script with few dependencies:\n\n\nlowdown(1) to parse markdown,\n\n\nrsync(1) to copy temporary files, and\n\n\nentr(1) to watch file changes.\n\n\nIt generates Markdown articles to a static website.\n\n\nIt copies the current directory to a temporary on in /tmp skipping .* and _*, renders all Markdown articles to HTML, generates RSS feed based on links from index.html, extracts the first \u0026lt;h1\u0026gt; tag from every article to generate a sitemap and use it as a page title, then wraps articles with a single HTML template, copies everything from the temporary directory to $DOCS/\n\n\n\n\nWhy not Jekyll or “$X”?\n\n\n\nssg is one hundred times smaller than Jekyll.\n\n\n\nssg and its dependencies are about 800KB combined. Compare that to 78MB of ruby with Jekyll and all the gems. So ssg can be installed in just few seconds on almost any Unix-like operating system.\nObviously, ssg is tailored for my needs, it has all features I need and only those I use.\nKeeping ssg helps you to master your Unix-shell skills: awk, grep, sed, sh, cut, tr. As a web developer you work with lots of text: code and data. So you better master these wonderful tools.\n\n\n\nPerformance\n\n\n\n100 pps. On modern computers ssg generates a hundred pages per second. Half of a time for markdown rendering and another half for wrapping articles into the template. I heard good static site generators work—twice as fast—at 200 pps, so there’s lots of performance that can be gained. ;)\n\n\n\n\n###Why does FreeBSD have virtually no (0%) desktop market share?\n\n\nBecause someone made a horrible design decision back in 1984.\n\n\n\nIn absolute fairness to those involved, it was an understandable decision, both from a research perspective, and from an economic perspective, although likely not, from a technology perspective.\n\n\n\nWhy and what.\n\n\n\nThe decision was taken because the X Window System was intended to run on cheap hardware, and, at the time, that meant reduced functionality in the end-point device with the physical display attached to it.\nAt the same time, another force was acting to also limit X displays to display services only, rather than rolling in both window management and specific widget instances for common operational paradigms.\nMostly, common operational paradigms didn’t really exist for windowing systems because they also simply didn’t exist at the time, and no one really knew how people were going to use the things, and so researchers didn’t want to commit future research to a set of hard constraints.\nSo a decision was made: separate the display services from the application at the lowest level of graphics primitives currently in use at the time.\n\n\n\nThe ramifications of this were pretty staggering.\n\n\n\nFirst, it guaranteed that all higher level graphics would live on the host side of the X protocol, instead of on the display device side of the protocol.\nDespite a good understanding of Moore’s law, and the fact that, since no X Terminals existed at the time as hardware, but were instead running as emulations on workstations that had sufficient capability, this put the higher level GUI object libraries — referred to as “widgets” — in host libraries linked into the applications.\nSecond, it guaranteed that display organization and management paradigms would also live on the host side of the protocol — assumed, in contradiction to the previous decision, to be running on the workstation.\nBut, presumably, at some point, as lightweight X Terminals became available, to migrate to a particular host computer managing compute resource login/access services.\n\n\n\nBetween these early decisions reigned chaos.\n\n\n\nSpecifically, the consequences of these decisions have been with us ever since:\nLook-and-feel are a consequence of the toolkit chosen by the application programmer, rather than a user decision which applies universally to all applications.\nYou could call this “lack of a theme”, and — although I personally despise the idea of customizing or “theming” desktops — this meant that one paradigm chosen by the user would not apply universally across all applications, no matter who had written them.\nWindow management style is a preference.\nYou could call this a more radical version of “theming” — which you will remember, I despise — but a consequence to this is that training is not universal across personnel using such systems, nor is it transferrable.\nIn other words, I can’t send someone to a class, and have them come back and use the computers in the office as a tool, with the computer itself — and the elements not specific to the application itself — disappearing into the background.\nBoth of these ultimately render an X-based system unsuitable for desktops.\nI can’t pay once for training. Training that I do pay for does not easily and naturally translate between applications. Each new version may radically alter the desktop management paradigm into unrecognizability.\n\n\n\nIs there hope for the future?\n\n\n\nWell, the Linux community has been working on something called Wayland, and it is very promising…\n…In the same way X was “very promising” in 1984, because, unfortunately, they are making exactly the same mistakes X made in 1984, rather than correcting them, now that we have 20/20 hindsight, and know what a mature widget library should look like.\nSo Wayland is screwing up again.\nBut hey, it only took us, what, 25 years to get from X in 1987 to Wayland in in 2012.\nMaybe if we try again in 2037, we can get to where Windows was in 1995.\n\n\n\n\n##Beastie Bits\n\n\nNew washing machine comes with 7 pages of open source licenses!\nBSD Jobs Site\nFreeBSD Foundation Update, May 2018\nFreeBSD Journal looking for book reviewers\nzedenv ZFS Boot Environment Manager\n\n\n\n\nTarsnap\n\n##Feedback/Questions\n\n\nWouter - Feedback\nEfraim - OS Suggestion\nkevr - Raspberry Pi2/FreeBSD/Router on a Stick\nVanja - Interview Suggestion\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eFanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD\u0026#39;s Korn Shell on Plan9, static site generators on OpenBSD, and more.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://vermaden.wordpress.com/2018/06/07/silent-fanless-freebsd-desktop-server/\"\u003eSilent Fanless FreeBSD Desktop/Server\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multiple purposes. It also very low power solution, which also means that it will not overheat. Silent means no fans at all, even for the PSU. The format of the system should also be brought to minimum, so Mini-ITX seems best solution here.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have chosen Intel based solutions as they are very low power (6-10W), if you prefer AMD (as I often do) the closest solution in comparable price and power is Biostar A68N-2100 motherboard with AMD E1-2100 CPU and 9W power. Of course AMD has even more low power SoC solutions but finding the Mini-ITX motherboard with decent price is not an easy task. For comparison Intel has lots of such solutions below 6W whose can be nicely filtered on the \u003ca href=\"http://ark.intel.com\"\u003eark.intel.com\u003c/a\u003e page. Pity that AMD does not provide such filtration for their products. I also chosen AES instructions as storage encryption (GELI on FreeBSD) today seems as obvious as HTTPS for the web pages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.files.wordpress.com/2018/06/itx-mobo.jpg\"\u003eHere is how the system look powered up and working\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis motherboard uses Intel J3355 SoC which uses 10W and has AES instructions. It has two cores at your disposal but it also supports VT-x and EPT extensions so you can even run Bhyve on it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eComponents\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow, an example system would look like that one below, here are the components with their prices.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e$49  CPU/Motherboard ASRock J3355B-ITX Mini-ITX\u003c/li\u003e\n\u003cli\u003e$14  RAM Crucial 4 GB DDR3L 1.35V (low power)\u003c/li\u003e\n\u003cli\u003e$17  PSU 12V 160W Pico (internal)\u003c/li\u003e\n\u003cli\u003e$11  PSU 12V 96W FSP (external)\u003c/li\u003e\n\u003cli\u003e$5  USB 2.0 Drive 16 GB ADATA\u003c/li\u003e\n\u003cli\u003e$4  USB Wireless 802.11n\u003c/li\u003e\n\u003cli\u003e$100  TOTAL\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe PSU 12V 160W Pico (internal) and PSU 12V 96W FSP can be purchased on \u003ca href=\"http://aliexpress.com\"\u003ealiexpress.com\u003c/a\u003e or \u003ca href=\"http://ebay.com\"\u003eebay.com\u003c/a\u003e for example, at least I got them there.  Here is the 12V 160W Pico (internal) PSU and its optional additional cables to power the optional HDDs. If course its one SATA power and one MOLEX power so additional MOLEX-SATA power adapter for about 1$ would be needed. Here is the 12V 96W FSP (external) PSU without the power cord.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis gives as total silent fanless system price of about $120. Its about ONE TENTH OF THE COST of the cheapest FreeNAS hardware solution available – the FreeNAS Mini (Diskless) costs $1156 also without disks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou can put plain FreeBSD on top of it or Solaris/Illumos distribution OmniOSce which is server oriented. You can use prebuilt NAS solution based on FreeBSD like FreeNAS, NAS4Free, ZFSguru or even Solaris/Illumos based storage with napp-it appliance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.netbsd.org/tnf/entry/pinebook\"\u003eAn annotated look at a NetBSD Pinebook’s startup\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePinebook is an affordable 64-bit ARM notebook. Today we’re going to take a look at the kernel output at startup and talk about what hardware support is available on NetBSD.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/jmcwhatever/status/998258710496628736/photo/1\"\u003ePhoto\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePinebook comes with 2GB RAM standard. A small amount of this is reserved by the kernel and framebuffer.\u003c/li\u003e\n\u003cli\u003eNetBSD uses flattened device-tree (FDT) to enumerate devices on all Allwinner based SoCs. On a running system, you can inspect the device tree using the ofctl(8) utility:\u003c/li\u003e\n\u003cli\u003ePinebook’s Allwinner A64 processor is based on the ARM Cortex-A53. It is designed to run at frequencies up to 1.2GHz.\u003c/li\u003e\n\u003cli\u003eThe A64 is a quad core design. NetBSD’s aarch64 pmap does not yet support SMP, so three cores are disabled for now.\u003c/li\u003e\n\u003cli\u003eThe interrupt controller is a standard ARM GIC-400 design.\u003c/li\u003e\n\u003cli\u003eClock drivers for managing PLLs, module clock dividers, clock gating, software resets, etc. Information about the clock tree is exported in the hw.clk sysctl namespace (root access required to read these values).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e# sysctl hw.clk.sun50ia64ccu0.mmc2\nhw.clk.sun50ia64ccu0.mmc2.rate = 200000000\nhw.clk.sun50ia64ccu0.mmc2.parent = pll_periph0_2x\nhw.clk.sun50ia64ccu0.mmc2.parent_domain = sun50ia64ccu0\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigital Ocean\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"http://do.co/bsdnow\"\u003ehttp://do.co/bsdnow\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-trip-report-mark-johnston/\"\u003eBSDCan 2018 Trip Report: Mark Johnston\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBSDCan is a highlight of my summers: the ability to have face-to-face conversations with fellow developers and contributors is invaluable and always helps refresh my enthusiasm for FreeBSD.  While in a perfect world we would all be able to communicate effectively over the Internet, it’s often noted that locking a group of developers together in a room can be a very efficient way to make progress on projects that otherwise get strung out over time, and to me this is one of the principal functions of BSD conferences.  In my case I was able to fix some kgdb bugs that had been hindering me for months; get some opinions on the design of a feature I’ve been working on for FreeBSD 12.0; hear about some ongoing usage of code that I’ve worked on; and do some pair-debugging of an issue that has been affecting another developer.\u003cbr\u003e\nAs is tradition, on Tuesday night I dropped off my things at the university residence where I was staying, and headed straight to the Royal Oak.  This year it didn’t seem quite as packed with BSD developers, but I did meet several long-time colleagues and get a chance to catch up.  In particular, I chatted with Justin Hibbits and got to hear about the bring-up of FreeBSD on POWER9, a new CPU family released by IBM.  Justin was able to acquire a workstation based upon this CPU, which is a great motivator for getting FreeBSD into shape on that platform.  POWER9 also has some promise in the server market, so it’s important for FreeBSD to be a viable OS choice there.\u003cbr\u003e\nWednesday morning saw the beginning of the two-day FreeBSD developer summit, which precedes the conference proper.  Gordon Tetlow led the summit and did an excellent job organizing things and keeping to the schedule.  The first presentation was by Deb Goodkin of the FreeBSD Foundation, who gave an overview of the Foundation’s role and activities. After Deb’s presentation, present members of the FreeBSD core team discussed the work they had done over the past two years, as well as open tasks that would be handed over to the new core team upon completion of the ongoing election.  Finally, Marius Strobl rounded off the day’s presentations by discussing the state and responsibilities of FreeBSD’s release engineering team.\u003cbr\u003e\nOne side discussion of interest to me was around the notion of tightening integration with our Bugzilla instance; at moment we do not have any good means to mark a given bug as blocking a release, making it easy for bugs to slip into releases and thus lowering our overall quality.  With FreeBSD 12.0 upon us, I plan to help with the triage and fixes for known regressions before the release process begins.\u003cbr\u003e\nAfter a break, the rest of the morning was devoted to plans for features in upcoming FreeBSD releases.  This is one of my favorite discussion topics and typically takes the form of have/need/want, where developers collectively list features that they’ve developed and intend to upstream (have), features that they are missing (need), and nice-to-have features (want).  This year, instead of the usual format, we listed features that are intended to ship in FreeBSD 12.0.  The compiled list ended up being quite ambitious given how close we are to the beginning of the release cycle, but many individual developers (including myself) have signed up to deliver work.  I’m hopeful that most, if not all of it, will make it into the release.\u003cbr\u003e\nAfter lunch, I attended a discussion led by Matt Ahrens and Alexander Motin on OpenZFS.  Of particular interest to me were some observations made regarding the relative quantity and quality of contributions made by different “camps” of OpenZFS users (illumos, FreeBSD and ZoL), and their respective track records of upstreaming enhancements to the OpenZFS project. In part due to the high pace of changes in ZoL, the definition of “upstream” for ZFS has become murky, and of late ZFS changes have been ported directly from ZoL.  Alexander discussed some known problems with ZFS on FreeBSD that have been discovered through performance testing.  While I’m not familiar with ZFS internals, Alexander noted that ZFS’ write path has poor SMP scalability on FreeBSD owing to some limitations in a certain kernel API called taskqueue(9).  I would like to explore this problem further and perhaps integrate a relatively new alternative interface which should perform better.\u003cbr\u003e\nFriday and Saturday were, of course, taken up by BSDCan talks.  Friday’s keynote was by Benno Rice, who provided some history of UNIX boot systems as a precursor to some discussion of systemd and the difficulties presented by a user and developer community that actively resist change.  The rest of the morning was consumed by talks and passed by quickly. First was Colin Percival’s detailed examination of where the FreeBSD kernel spends time during boot, together with an overview of some infrastructure he added to track boot times. He also provided a list of improvements that have been made since he started taking measurements, and some areas we can further improve.  Colin’s existing work in this area has already brought about substantial reductions in boot time; amusingly, one of the remaining large delays comes from the keyboard driver, which contains a workaround for old PS/2 keyboards.  While there seems to be general agreement that the workaround is probably no longer needed on most systems, the lingering uncertainty around this prevents us from removing the workaround.  This is, sadly, a fairly typical example of an OS maintenance burden, and underscores the need to carefully document hardware bug workarounds.  After this talk, I got to see some rather novel demonstrations of system tracing using dwatch, a new utility by Devin Teske, which aims to provide a user-friendly interface to DTrace.  After lunch, I attended talks on netdump, a protocol for transmitting kernel dumps over a network after the system has panicked, and on a VPC implementation for FreeBSD.  After the talks ended, I headed yet again to the hacker lounge and had some fruitful discussions on early microcode loading (one of my features for FreeBSD 12.0). These led me to reconsider some aspects of my approach and saved me a lot of time.  Finally, I continued my debugging session from Wednesday with help from a couple of other developers.\u003cbr\u003e\nSaturday’s talks included a very thorough account by Li-Wen Hsu of his work in organizing a BSD conference in Taipei last year.  As one of the attendees, I had felt that the conference had gone quite smoothly and was taken aback by the number of details and pitfalls that Li-Wen enumerated during his talk. This was followed by an excellent talk by Baptiste Daroussin on the difficulties one encounters when deploying FreeBSD in new environments. Baptiste offered criticisms of a number of aspects of FreeBSD, some of which hit close to home as they involved portions of the system that I’ve worked on.\u003cbr\u003e\nAt the conclusion of the talks, we all gathered in the main lecture hall, where Dan led a traditional and quite lively auction for charity.  I managed to snag a Pine64 board and will be getting FreeBSD installed on it the first chance I get.  At the end of the auction, we all headed to ByWard for dinner, concluding yet another BSDCan.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThanks to Mark for sharing his experiences at this years BSDCan\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://undeadly.org/cgi?action=article\u0026amp;sid=20180410063454\"\u003eTransparent network audio with mpd \u0026amp; sndiod\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLandry Breuil (landry@ when wearing his developer hat) wrote in…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eI've been a huge fan of MPD over the years to centralize my audio collection, and i've been using it with the http output to stream the music as a radio on the computer i'm currently using…\n\naudio_output {\n       type            \u0026quot;sndio\u0026quot;\n       name            \u0026quot;Local speakers\u0026quot;\n       mixer_type      \u0026quot;software\u0026quot;\n}\naudio_output {\n       type            \u0026quot;httpd\u0026quot;\n       name            \u0026quot;HTTP stream\u0026quot;\n       mixer_type      \u0026quot;software\u0026quot;\n       encoder         \u0026quot;vorbis\u0026quot;\n       port            \u0026quot;8000\u0026quot;\n       format          \u0026quot;44100:16:2\u0026quot;\n}\nthis setup worked for years, allows me to stream my home radio to $work by tunnelling the port 8000 over ssh via LocalForward, but that still has some issues:\n\na distinct timing gap between the 'local output' (ie the speakers connected to the machine where MPD is running) and the 'http output' caused by the time it takes to reencode the stream, which is ugly when you walk through the house and have a 15s delay\nsometimes mplayer as a client doesn't detect the pauses in the stream and needs to be restarted\ni need to configure/start a client on each computer and point it at the sound server url (can do via gmpc shoutcast client plugin…)\nit's not that elegant to reencode the stream, and it wastes cpu cycles\nSo the current scheme is:\n\nmpd -\u0026gt; http output -\u0026gt; network -\u0026gt; mplayer -\u0026gt; sndiod on remote machine\n|\n-\u0026gt; sndio output -\u0026gt; sndiod on soundserver\nFiddling a little bit with mpd outputs and reading the sndio output driver, i remembered sndiod has native network support… and the mpd sndio output allows you to specify a device (it uses SIO_DEVANY by default).\n\nSo in the end, it's super easy to:\n\nenable network support in sndio on the remote machine i want the audio to play by adding -L\u0026lt;local ip\u0026gt; to sndiod_flags (i have two audio devices, with an input coming from the webcam):\nsndiod_flags=\u0026quot;-L10.246.200.10 -f rsnd/0 -f rsnd/1\u0026quot;\nopen pf on port 11025 from the sound server ip:\npass in proto tcp from 10.246.200.1 to any port 11025\nconfigure a new output in mpd:\naudio_output {\n       type            \u0026quot;sndio\u0026quot;\n       name            \u0026quot;sndio on renton\u0026quot;\n       device          \u0026quot;snd@10.246.200.10/0\u0026quot;\n       mixer_type      \u0026quot;software\u0026quot;\n}\nand enable the new output in mpd:\n$mpc enable 2\nOutput 1 (Local speakers) is disabled\nOutput 2 (sndio on renton) is enabled\nOutput 3 (HTTP stream) is disabled\nResults in a big win: no gap anymore with the local speakers, no reencoding, no need to configure a client to play the stream, and i can still probably reproduce the same scheme over ssh from $work using a RemoteForward.\n\nmpd -\u0026gt; sndio output 2 -\u0026gt; network -\u0026gt; sndiod on remote machine\n|\n-\u0026gt; sndio output 1 -\u0026gt; sndiod on soundserver\nThanks ratchov@ for sndiod :)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.mirbsd.org/permalinks/wlog-10_e20180415-tg.htm\"\u003eMirBSD’s Korn Shell on Plan9 Jehanne\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet start by saying that I’m not really a C programmer.\u003cbr\u003e\nMy last public contribution to a POSIX C program was a little improvement to the Snort’s react module back in 2008.\u003cbr\u003e\nSo while I know the C language well enough, I do not know anything about the subtleness of the standard library and I have little experience with POSIX semantics.\u003cbr\u003e\nThis is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX.\u003cbr\u003e\nSo I ported RedHat’s newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first.\u003cbr\u003e\nI approached MirBSD’s Korn Shell for several reason:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eit is simple, powerful and well written\u003c/li\u003e\n\u003cli\u003eit has been ported to several different operating systems\u003c/li\u003e\n\u003cli\u003eit has few dependencies\u003c/li\u003e\n\u003cli\u003eit’s the default shell in Android, so it’s really battle tested\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was very confident. I had read the POSIX standard after all! And I had a test suite!\u003cbr\u003e\nI remember, I thought “Given newlib, how hard can it be?”\u003cbr\u003e\nThe porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later.\u003cbr\u003e\nTurn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn’t understood most POSIX semantics at all!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.romanzolotarev.com/ssg.html\"\u003eStatic site generator with rsync and lowdown on OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003essg is a tiny POSIX-compliant shell script with few dependencies:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003elowdown(1) to parse markdown,\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ersync(1) to copy temporary files, and\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eentr(1) to watch file changes.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIt generates Markdown articles to a static website.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIt copies the current directory to a temporary on in /tmp skipping .* and _*, renders all Markdown articles to HTML, generates RSS feed based on links from index.html, extracts the first \u0026lt;h1\u0026gt; tag from every article to generate a sitemap and use it as a page title, then wraps articles with a single HTML template, copies everything from the temporary directory to $DOCS/\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhy not Jekyll or “$X”?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003essg is one hundred times smaller than Jekyll.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003essg and its dependencies are about 800KB combined. Compare that to 78MB of ruby with Jekyll and all the gems. So ssg can be installed in just few seconds on almost any Unix-like operating system.\u003cbr\u003e\nObviously, ssg is tailored for my needs, it has all features I need and only those I use.\u003cbr\u003e\nKeeping ssg helps you to master your Unix-shell skills: awk, grep, sed, sh, cut, tr. As a web developer you work with lots of text: code and data. So you better master these wonderful tools.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePerformance\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e100 pps. On modern computers ssg generates a hundred pages per second. Half of a time for markdown rendering and another half for wrapping articles into the template. I heard good static site generators work—twice as fast—at 200 pps, so there’s lots of performance that can be gained. ;)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.quora.com/Why-does-FreeBSD-have-virtually-no-0-desktop-market-share/answer/Terry-Lambert\"\u003eWhy does FreeBSD have virtually no (0%) desktop market share?\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBecause someone made a horrible design decision back in 1984.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn absolute fairness to those involved, it was an understandable decision, both from a research perspective, and from an economic perspective, although likely not, from a technology perspective.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy and what.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe decision was taken because the X Window System was intended to run on cheap hardware, and, at the time, that meant reduced functionality in the end-point device with the physical display attached to it.\u003cbr\u003e\nAt the same time, another force was acting to also limit X displays to display services only, rather than rolling in both window management and specific widget instances for common operational paradigms.\u003cbr\u003e\nMostly, common operational paradigms didn’t really exist for windowing systems because they also simply didn’t exist at the time, and no one really knew how people were going to use the things, and so researchers didn’t want to commit future research to a set of hard constraints.\u003cbr\u003e\nSo a decision was made: separate the display services from the application at the lowest level of graphics primitives currently in use at the time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ramifications of this were pretty staggering.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst, it guaranteed that all higher level graphics would live on the host side of the X protocol, instead of on the display device side of the protocol.\u003cbr\u003e\nDespite a good understanding of Moore’s law, and the fact that, since no X Terminals existed at the time as hardware, but were instead running as emulations on workstations that had sufficient capability, this put the higher level GUI object libraries — referred to as “widgets” — in host libraries linked into the applications.\u003cbr\u003e\nSecond, it guaranteed that display organization and management paradigms would also live on the host side of the protocol — assumed, in contradiction to the previous decision, to be running on the workstation.\u003cbr\u003e\nBut, presumably, at some point, as lightweight X Terminals became available, to migrate to a particular host computer managing compute resource login/access services.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBetween these early decisions reigned chaos.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSpecifically, the consequences of these decisions have been with us ever since:\u003cbr\u003e\nLook-and-feel are a consequence of the toolkit chosen by the application programmer, rather than a user decision which applies universally to all applications.\u003cbr\u003e\nYou could call this “lack of a theme”, and — although I personally despise the idea of customizing or “theming” desktops — this meant that one paradigm chosen by the user would not apply universally across all applications, no matter who had written them.\u003cbr\u003e\nWindow management style is a preference.\u003cbr\u003e\nYou could call this a more radical version of “theming” — which you will remember, I despise — but a consequence to this is that training is not universal across personnel using such systems, nor is it transferrable.\u003cbr\u003e\nIn other words, I can’t send someone to a class, and have them come back and use the computers in the office as a tool, with the computer itself — and the elements not specific to the application itself — disappearing into the background.\u003cbr\u003e\nBoth of these ultimately render an X-based system unsuitable for desktops.\u003cbr\u003e\nI can’t pay once for training. Training that I do pay for does not easily and naturally translate between applications. Each new version may radically alter the desktop management paradigm into unrecognizability.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIs there hope for the future?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWell, the Linux community has been working on something called Wayland, and it is very promising…\u003cbr\u003e\n…In the same way X was “very promising” in 1984, because, unfortunately, they are making exactly the same mistakes X made in 1984, rather than correcting them, now that we have 20/20 hindsight, and know what a mature widget library should look like.\u003cbr\u003e\nSo Wayland is screwing up again.\u003cbr\u003e\nBut hey, it only took us, what, 25 years to get from X in 1987 to Wayland in in 2012.\u003cbr\u003e\nMaybe if we try again in 2037, we can get to where Windows was in 1995.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/FranckPachot/status/1012606253338591232\"\u003eNew washing machine comes with 7 pages of open source licenses!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdjobs.com/\"\u003eBSD Jobs Site\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/wp-content/uploads/2018/05/FreeBSD-Foundation-May-2018-Update.pdf\"\u003eFreeBSD Foundation Update, May 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://freebsdjournal.org/\"\u003eFreeBSD Journal looking for book reviewers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ramsdenj.com/2018/05/29/zedenv-zfs-boot-environment-manager.html\"\u003ezedenv ZFS Boot Environment Manager\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWouter - \u003ca href=\"http://dpaste.com/28959CK#wrap\"\u003eFeedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEfraim - \u003ca href=\"http://dpaste.com/2RZ16K8#wrap\"\u003eOS Suggestion\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekevr - \u003ca href=\"http://dpaste.com/2PX7KSP#wrap\"\u003eRaspberry Pi2/FreeBSD/Router on a Stick\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVanja - \u003ca href=\"http://dpaste.com/0ARSVWE#wrap\"\u003eInterview Suggestion\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Fanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD's Korn Shell on Plan9, static site generators on OpenBSD, and more.","date_published":"2018-07-05T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f597f732-405b-4f10-8d40-c00315bd064b.mp3","mime_type":"audio/mp3","size_in_bytes":52181883,"duration_in_seconds":5211}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2170","title":"Episode 252: Goes to 11.2 | BSD Now 252","url":"https://www.bsdnow.tv/252","content_text":"FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report.\n\n##Headlines\n###FreeBSD 11.2-RELEASE Available\n\n\nFreeBSD 11.2 was released today (June 27th) and is ready for download\nHighlights:\n\n\n\nOpenSSH has been updated to version 7.5p1.\nOpenSSL has been updated to version 1.0.2o.\nThe clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0.\nThe libarchive(3) library has been updated to version 3.3.2.\nThe libxo(3) library has been updated to version 0.9.0.\nMajor Device driver updates to:\n\n\n\ncxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6\nixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k\nng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags\n\n\n\nNew drivers:\n+ drm-next-kmod driver supporting integrated Intel graphics with the i915 driver.\n\n\n\nmlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs\nocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters\nsmartpqi(4) – HP Gen10 Smart Array Controller Family\n\n\n\nThe newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs\nThe diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller.\nThe top(1) utility has been updated to allow filtering on multiple user names when the    -U flag is used\nThe umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.\nThe ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’\nThe service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID\nThe mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).\nThe ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface.\nThe dwatch(1) utility has been introduced\nThe efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.\nThe etdump(1) utility has been added, which is used to view El Torito boot catalog information.\nThe linux(4) ABI compatibility layer has been updated to include support for musl consumers.\nThe fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior\nSupport for virtio_console(4) has been added to bhyve(4).\nThe length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior.\n\n\n\nIn addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on:\n\nAmazon EC2\nGoogle Compute Engine\nHashicorp/Atlas Vagrant\nMicrosoft Azure\n\n\n\nIn addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for:\n\n\nGUMSTIX\nBANANAPI\nBEAGLEBONE\nCUBIEBOARD\nCUBIEBOARD2\nCUBOX-HUMMINGBOARD\nRASPBERRY PI 2\nPANDABOARD\nWANDBOARD\n\n\n\nFull Release Notes\n\n\n\n###Setting up an MTA Behind Tor\n\n\nThis article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4).\n\n\n\nNote that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new.\n\n\n\nThe reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD.\n\n\n\n\nRequirements:\n\n\nA fully Tor-ified network\n\n\nHardenedBSD as the operating system\n\n\nA server (or VM) running HardenedBSD behind the fully Tor-ified network.\n\n\n/usr/ports is empty\n\n\nOr is already pre-populated with the HardenedBSD Ports tree\n\n\nWhy use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats.\n\n\n\n\nAlso note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours.\n\n\n\nOn 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports.\n\n\n\nSteps\nInstallation\nGenerating Cryptographic Key Material\nTor Configuration\nOpenSMTPD Configuration\nDovecot Configuration\nTesting your configuration\nOptional: Webmail Access\n\n\n\n\niXsystems\nhttps://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec\nhttps://www.ixsystems.com/blog/self-2018-recap/\n\n###Running pfSense on a Digital Ocean Droplet\n\n\nI love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy \u0026lt;enter brand name fw appliance here\u0026gt; for a pfSense setup on a decent hardware.\n\n\n\nI also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why.\n\u0026lt;shameless plug: head over to JupiterBroadcasting.com, the best technology content out there, they have coupon codes to get you started with DO\u0026gt;.\n\n\n\nUnfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom.\n\n\n\nStart by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome):\n\n\n\nThere are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more.\n\n\n\nOne note though, before we wrap up:\n\n\n\nYou have two ways to initiate the initial setup wizard of the web-configurator:\nSpin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer  as it eliminates the small window of risk the second method poses.\nor\nOnce your  WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup.\nThing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do \u0026lt;enter scary thing here\u0026gt;.\n\n\n\nI leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS.\n\n\n\nHopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO.\nMany thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now.\n\n\n\n\n##News Roundup\n###One year of C\n\n\nIt’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective.\n\n\n\nIn the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad.\n\n\n\nHere are all the github projects I wrote in C:\n\n\n\nsokol: a slowly growing set of platform-abstraction headers\nsokol-samples - examples for Sokol\nchips - 8-bit chip emulators\nchips-test - tests and examples for the chip- emulators, including some complete home computer emulators (minus sound)\n\n\n\nAll in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language.\n\n\n\nSo one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).\n\n\n\n\nHere’s a few things I learned:\n\n\nPick the right language for a problem\n\n\nC is a perfect match for WebAssembly\n\n\nC99 is a huge improvement over C89\n\n\nThe dangers of pointers and explicit memory management are overrated\n\n\nLess Boilerplate Code\n\n\nLess Language Feature ‘Anxiety’\n\n\nConclusion\n\n\n\n\nAll in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course ;) There simply isn’t much to discuss about a language that can be learned in an afternoon.\n\n\n\nI don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction).\n\n\n\n\n###Configuring OpenBGPD to announce VM’s virtual networks\n\n\nWe use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines.\n\n\n\nMy setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge.\n\n\n\nI’ve installed openbgpd on both hosts and configured it like this:\n\n\nvmhost: /usr/local/etc/bgpd.conf\nAS 65002\nrouter-id 192.168.87.48\nfib-update no\n\nnetwork 10.0.1.1/24\n\nneighbor 192.168.87.41 {\n    descr \"desktop\"\n    remote-as 65001\n}\n\n\n\nHere, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box:\n\n\ndesktop: /usr/local/etc/bgpd.conf\nAS 65001\nrouter-id 192.168.87.41\nfib-update yes\n\nneighbor 192.168.87.48 {                                                                                                                                                                                           \n        descr \"vmhost\"                                                                                                                                                                                             \n        remote-as 65002                                                                                                                                                                                            \n}\n\n\n\nIt’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled:\n\n\n/etc/rc.conf.local\nopenbgpd_enable=\"YES\"\n\n\n\nConclusion\n\n\n\nAs mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking.\n\n\n\nAs a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax.\n\n\n\n\nDigital Ocean\n\n###The Power to Serve\n\n\nAll people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form.\n\n\n\nI provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice:\n\n\n\nRent some cloud based services or\nDIY (Do IT Yourself) on premise\n\n\n\nRunning your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business.\n\n\n\nOne of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker.\n\n\n\nFreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me.\n\n\n\nIf a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function.\n\n\n\nFreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all.\n\n\n\nJune 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD.\n\n\n\n\n###Dave’s BSDCan trip report\n\n\nSo far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part.\n\n\n\nHello guys! During the last show, you asked for a trip report regarding BSDCan 2018.\nThis was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA.\nArriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress.\nOnce I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule!\nThe following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead.\nThe first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it.\nWith the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom.\nI also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”.\nThe talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie!\nAfter the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems.\nI would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year!\nRegards,\nDave (aka m0nkey_)\n\n\n\nThanks to Dave for sharing his experiences with us and our viewers\n\n\n\n\n##Beastie Bits\n\n\nRobert Watson (from 2008) on how much FreeBSD is in Mac OS X \nWhy Intel Skylake CPUs are sometimes 50% slower than older CPUs\nKristaps Dzonsons is looking for somebody to maintain this as mentioned at this link\ncamcontrol(8) saves the day again! Formatting floppy disks in a USB floppy disk drive\n32+ great indie games now playable on OpenBSD -current; 7 currently on sale!\nWarsaw BSD User Group. June 27 2018 18:30-21:00, Wheel Systems Office, Aleje Jerozolimskie 178, Warsaw\n\n\nTarsnap\n\n##Feedback/Questions\n\n\nRon - Adding a disk to ZFS\nMarshall - zfs question\nThomas - Allan, the myth perpetuator\nRoss - ZFS IO stats per dataset\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eFreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.freebsd.org/releases/11.2R/announce.html\"\u003eFreeBSD 11.2-RELEASE Available\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 11.2 was released today (June 27th) and is ready for download\u003c/li\u003e\n\u003cli\u003eHighlights:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenSSH has been updated to version 7.5p1.\u003cbr\u003e\nOpenSSL has been updated to version 1.0.2o.\u003cbr\u003e\nThe clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0.\u003cbr\u003e\nThe libarchive(3) library has been updated to version 3.3.2.\u003cbr\u003e\nThe libxo(3) library has been updated to version 0.9.0.\u003cbr\u003e\nMajor Device driver updates to:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ecxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6\u003c/li\u003e\n\u003cli\u003eixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k\u003c/li\u003e\n\u003cli\u003eng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNew drivers:\u003cbr\u003e\n+ drm-next-kmod driver supporting integrated Intel graphics with the i915 driver.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003emlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs\u003c/li\u003e\n\u003cli\u003eocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters\u003c/li\u003e\n\u003cli\u003esmartpqi(4) – HP Gen10 Smart Array Controller Family\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs\u003cbr\u003e\nThe diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller.\u003cbr\u003e\nThe top(1) utility has been updated to allow filtering on multiple user names when the    -U flag is used\u003cbr\u003e\nThe umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.\u003cbr\u003e\nThe ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’\u003cbr\u003e\nThe service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID\u003cbr\u003e\nThe mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).\u003cbr\u003e\nThe ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface.\u003cbr\u003e\nThe dwatch(1) utility has been introduced\u003cbr\u003e\nThe efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.\u003cbr\u003e\nThe etdump(1) utility has been added, which is used to view El Torito boot catalog information.\u003cbr\u003e\nThe linux(4) ABI compatibility layer has been updated to include support for musl consumers.\u003cbr\u003e\nThe fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior\u003cbr\u003e\nSupport for virtio_console(4) has been added to bhyve(4).\u003cbr\u003e\nThe length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on:\n\u003cul\u003e\n\u003cli\u003eAmazon EC2\u003c/li\u003e\n\u003cli\u003eGoogle Compute Engine\u003c/li\u003e\n\u003cli\u003eHashicorp/Atlas Vagrant\u003c/li\u003e\n\u003cli\u003eMicrosoft Azure\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003eIn addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eGUMSTIX\u003c/li\u003e\n\u003cli\u003eBANANAPI\u003c/li\u003e\n\u003cli\u003eBEAGLEBONE\u003c/li\u003e\n\u003cli\u003eCUBIEBOARD\u003c/li\u003e\n\u003cli\u003eCUBIEBOARD2\u003c/li\u003e\n\u003cli\u003eCUBOX-HUMMINGBOARD\u003c/li\u003e\n\u003cli\u003eRASPBERRY PI 2\u003c/li\u003e\n\u003cli\u003ePANDABOARD\u003c/li\u003e\n\u003cli\u003eWANDBOARD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/11.2R/relnotes.html\"\u003eFull Release Notes\u003c/a\u003e\u003c/li\u003e\u003cbr\u003e\n\u003c/ul\u003e\u003cbr\u003e\n\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://github.com/lattera/articles/blob/master/opsec/2018-05-08_torified_mta/article.md\"\u003eSetting up an MTA Behind Tor\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNote that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequirements:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA fully Tor-ified network\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHardenedBSD as the operating system\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA server (or VM) running HardenedBSD behind the fully Tor-ified network.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e/usr/ports is empty\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOr is already pre-populated with the HardenedBSD Ports tree\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhy use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlso note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSteps\u003c/li\u003e\n\u003cli\u003eInstallation\u003c/li\u003e\n\u003cli\u003eGenerating Cryptographic Key Material\u003c/li\u003e\n\u003cli\u003eTor Configuration\u003c/li\u003e\n\u003cli\u003eOpenSMTPD Configuration\u003c/li\u003e\n\u003cli\u003eDovecot Configuration\u003c/li\u003e\n\u003cli\u003eTesting your configuration\u003c/li\u003e\n\u003cli\u003eOptional: Webmail Access\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003cbr\u003e\n\u003ca href=\"https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec\"\u003ehttps://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.ixsystems.com/blog/self-2018-recap/\"\u003ehttps://www.ixsystems.com/blog/self-2018-recap/\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://squigly.blogspot.com/2018/02/running-pfsense-on-digitalocean-droplet.html\"\u003eRunning pfSense on a Digital Ocean Droplet\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy \u0026lt;enter brand name fw appliance here\u0026gt; for a pfSense setup on a decent hardware.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why.\u003cbr\u003e\n\u0026lt;shameless plug: head over to \u003ca href=\"http://JupiterBroadcasting.com\"\u003eJupiterBroadcasting.com\u003c/a\u003e, the \u003cem\u003ebest\u003c/em\u003e technology content out there, they have coupon codes to get you started with DO\u0026gt;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eStart by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome):\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne note though, before we wrap up:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou have two ways to initiate the initial setup wizard of the web-configurator:\u003cbr\u003e\nSpin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer  as it eliminates the small window of risk the second method poses.\u003cbr\u003e\nor\u003cbr\u003e\nOnce your  WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup.\u003cbr\u003e\nThing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do \u0026lt;enter scary thing here\u0026gt;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO.\u003cbr\u003e\nMany thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"http://floooh.github.io/2018/06/02/one-year-of-c.html\"\u003eOne year of C\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere are all the github projects I wrote in C:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003esokol: a slowly growing set of platform-abstraction headers\u003c/li\u003e\n\u003cli\u003esokol-samples - examples for Sokol\u003c/li\u003e\n\u003cli\u003echips - 8-bit chip emulators\u003c/li\u003e\n\u003cli\u003echips-test - tests and examples for the chip- emulators, including some complete home computer emulators (minus sound)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAll in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHere’s a few things I learned:\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePick the right language for a problem\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eC is a perfect match for WebAssembly\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eC99 is a huge improvement over C89\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe dangers of pointers and explicit memory management are overrated\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLess Boilerplate Code\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLess Language Feature ‘Anxiety’\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConclusion\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAll in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course ;) There simply isn’t much to discuss about a language that can be learned in an afternoon.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://empt1e.blogspot.com/2018/06/configuring-openbgpd-to-announce-vms.html\"\u003eConfiguring OpenBGPD to announce VM’s virtual networks\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve installed openbgpd on both hosts and configured it like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003evmhost: /usr/local/etc/bgpd.conf\nAS 65002\nrouter-id 192.168.87.48\nfib-update no\n\nnetwork 10.0.1.1/24\n\nneighbor 192.168.87.41 {\n    descr \u0026quot;desktop\u0026quot;\n    remote-as 65001\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003edesktop: /usr/local/etc/bgpd.conf\nAS 65001\nrouter-id 192.168.87.41\nfib-update yes\n\nneighbor 192.168.87.48 {                                                                                                                                                                                           \n        descr \u0026quot;vmhost\u0026quot;                                                                                                                                                                                             \n        remote-as 65002                                                                                                                                                                                            \n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e/etc/rc.conf.local\nopenbgpd_enable=\u0026quot;YES\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigital Ocean\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://nocomplexity.com/the-power-to-serve/\"\u003eThe Power to Serve\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAll people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRent some cloud based services or\u003c/li\u003e\n\u003cli\u003eDIY (Do IT Yourself) on premise\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRunning your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJune 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###Dave’s BSDCan trip report\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHello guys! During the last show, you asked for a trip report regarding BSDCan 2018.\u003cbr\u003e\nThis was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA.\u003cbr\u003e\nArriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress.\u003cbr\u003e\nOnce I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule!\u003cbr\u003e\nThe following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead.\u003cbr\u003e\nThe first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it.\u003cbr\u003e\nWith the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom.\u003cbr\u003e\nI also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”.\u003cbr\u003e\nThe talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie!\u003cbr\u003e\nAfter the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems.\u003cbr\u003e\nI would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year!\u003cbr\u003e\nRegards,\u003cbr\u003e\nDave (aka m0nkey_)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThanks to Dave for sharing his experiences with us and our viewers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-advocacy/2008-August/003674.html\"\u003eRobert Watson (from 2008) on how much FreeBSD is in Mac OS X \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aloiskraus.wordpress.com/2018/06/16/why-skylakex-cpus-are-sometimes-50-slower-how-intel-has-broken-existing-code/\"\u003eWhy Intel Skylake CPUs are sometimes 50% slower than older CPUs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lobste.rs/s/bos5cr/practical_unix_manuals_mdoc\"\u003eKristaps Dzonsons is looking for somebody to maintain this as mentioned at this link\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/87rru4/formatting_floppy_disks_in_a_usb_floppy_disk_drive/\"\u003ecamcontrol(8) saves the day again! Formatting floppy disks in a USB floppy disk drive\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/openbsd_gaming/comments/898ey5/32_great_indie_games_now_playable_on_current_7/\"\u003e32+ great indie games now playable on OpenBSD -current; 7 currently on sale!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd-pl.org/en\"\u003eWarsaw BSD User Group. June 27 2018 18:30-21:00, Wheel Systems Office, Aleje Jerozolimskie 178, Warsaw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRon - \u003ca href=\"http://dpaste.com/2B6CWDM#wrap\"\u003eAdding a disk to ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMarshall - \u003ca href=\"http://dpaste.com/2W7VD6K#wrap\"\u003ezfs question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThomas - \u003ca href=\"http://dpaste.com/1FS7534#wrap\"\u003eAllan, the myth perpetuator\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRoss - \u003ca href=\"http://dpaste.com/1HWQWB6#wrap\"\u003eZFS IO stats per dataset\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report.","date_published":"2018-06-28T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ee4c7eca-8ae4-44bc-965b-9631a9d99865.mp3","mime_type":"audio/mp3","size_in_bytes":56727001,"duration_in_seconds":5666}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2136","title":"Episode 251: Crypto HAMMER | BSD Now 251","url":"https://www.bsdnow.tv/251","content_text":"DragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean.\n\n##Headlines\n###DragonflyBSD: Towards a HAMMER1 master/slave encrypted setup with LUKS\n\n\nI just wanted to share my experience with setting up DragonFly master/slave HAMMER1 PFS’s on top of LUKS\nSo after a long time using an Synology for my NFS needs, I decided it was time to rethink my setup a little since I had several issues with it :\n\n\n\nYou cannot run NFS on top of encrypted partitions easily\nI suspect I am having some some data corruption (bitrot) on the ext4 filesystem\nthe NIC was stcuk to 100 Mbps instead of 1 Gbps even after swapping cables, switches, you name it\nIt’s proprietary\n\n\n\nI have been playing with DragonFly in the past and knew about HAMMER, now I just had the perfect excuse to actually use it in production :) After setting up the OS, creating the LUKS partition and HAMMER FS was easy :\n\n\nkdload dm\ncryptsetup luksFormat /dev/serno/\u0026lt;id1\u0026gt;\ncryptsetup luksOpen /dev/serno/\u0026lt;id1\u0026gt; fort_knox\nnewfs_hammer -L hammer1_secure_master /dev/mapper/fort_knox\ncryptsetup luksFormat /dev/serno/\u0026lt;id2\u0026gt;\ncryptsetup luksOpen /dev/serno/\u0026lt;id2\u0026gt; fort_knox_slave\nnewfs_hammer -L hammer1_secure_slave /dev/mapper/fort_knox_slave\n\n\nMount the 2 drives :\n\n\nmount /dev/mapper/fort_knox /fort_knox\nmount /dev/mapper_fort_know_slave /fort_knox_slave\n\n\nYou can now put your data under /fort_knox\nNow, off to setting up the replication, first get the shared-uuid of /fort_knox\n\n\nhammer pfs-status /fort_knox\n\n\nCreate a PFS slave “linked” to the master\n\n\nhammer pfs-slave /fort_knox_slave/pfs/slave shared-uuid=f9e7cc0d-eb59-10e3-a5b5-01e6e7cefc12\n\n\nAnd then stream your data to the slave PFS !\n\n\nhammer mirror-stream /fort_knox /fort_knox_slave/pfs/slave\n\n\nAfter that, setting NFS is fairly trivial even though I had problem with the /etc/exports syntax which is different than Linux\n\n\n\nThere’s a few things I wish would be better though but nothing too problematic or without workarounds :\n\n\n\nCannot unlock LUKS partitions at boot time afaik (Acceptable tradeoff for the added security LUKS gives me vs my old Synology setup) but this force me to run a script to unlock LUKS, mount hammer and start mirror-stream at each boot\nNo S1/S3 sleep so I made a script to shutdown the system when there’s no network neighborgs to serve the NFS\nAs my system isn’t online 24/7 for energy reasons, I guess will have to run hammer cleanup myself from time to time\nSome uncertainty because hey, it’s kind of exotic but exciting too :)\n\n\n\nOverall, I am happy, HAMMER1 and PFS are looking really good, DragonFly is a neat Unix and the community is super friendly (Matthew Dillon actually provided me with a kernel patch to fix the broken ACPI on the PC holding this setup, many thanks!), the system is still a “work in progress” but it is already serving my files as I write this post.\n\n\n\nLet’s see in 6 months how it goes in the longer run !\n\n\n\nHelpful resources : https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/\n\n\n\n\n###BSDCan 2018 Recap\n\n\nAs promised, here is our second part of our BSDCan report, covering the conference proper. The last tutorials/devsummit of that day lead directly into the conference, as people could pick up their registration packs at the Red Lion and have a drink with fellow BSD folks.\nAllan and I were there only briefly, as we wanted to get back to the “Newcomers orientation and mentorship” session lead by Michael W. Lucas. This session is intended for people that are new to BSDCan (maybe their first BSD conference ever?) and may have questions. Michael explained everything from the 6-2-1 rule (hours of sleep, meals per day, and number of showers that attendees should have at a minimum), to the partner and widowers program (lead by his wife Liz), to the sessions that people should not miss (opening, closing, and hallway track). Old-time BSDCan folks were asked to stand up so that people can recognize them and ask them any questions they might have during the conferences. The session was well attended. Afterwards, people went for dinner in groups, a big one lead by Michael Lucas to his favorite Shawarma place, followed by gelato (of course). This allowed newbies to mingle over dinner and ice cream, creating a welcoming atmosphere.\nThe next day, after Dan Langille opened the conference, Benno Rice gave the keynote presentation about “The Tragedy of Systemd”.\nBenedict went to the following talks:\n\n\n\n“Automating Network Infrastructures with Ansible on FreeBSD” in the DevSummit track. A good talk that connected well with his Ansible tutorial and even allowed some discussions among participants.\n“All along the dwatch tower”: Devin delivered a well prepared talk. I first thought that the number of slides would not fit into the time slot, but she even managed to give a demo of her work, which was well received. The dwatch tool she wrote should make it easy for people to get started with DTrace without learning too much about the syntax at first. The visualizations were certainly nice to see, combining different tools together in a new way.\nZFS BoF, lead by Allan and Matthew Ahrens\nSSH Key Management by Michael W. Lucas. Yet another great talk where I learned a lot. I did not get to the SSH CA chapter in the new SSH Mastery book, so this was a good way to wet my appetite for it and motivated me to look into creating one for the cluster that I’m managing.\nThe rest of the day was spent at the FreeBSD Foundation table, talking to various folks. Then, Allan and I had an interview with Kirk McKusick for National FreeBSD Day, then we had a core meeting, followed by a core dinner.\n\n\n\nDay 2:\n\n“Flexible Disk Use in OpenZFS”: Matthew Ahrens talking about the feature he is implementing to expand a RAID-Z with a single disk, as well as device removal.\nAllan’s talk about his efforts to implement ZSTD in OpenZFS as another compression algorithm. I liked his overview slides with the numbers comparing the algorithms for their effectiveness and his personal story about the sometimes rocky road to get the feature implemented.\n“zrepl - ZFS replication” by Christian Schwarz, was well prepared and even had a demo to show what his snapshot replication tool can do. We covered it on the show before and people can find it under sysutils/zrepl. Feedback and help is welcome.\n“The Evolution of FreeBSD Governance” by Kirk McKusick was yet another great talk by him covering the early days of FreeBSD until today, detailing some of the progress and challenges the project faced over the years in terms of leadership and governance. This is an ongoing process that everyone in the community should participate in to keep the project healthy and infused with fresh blood.\nClosing session and auction were funny and great as always.\nAll in all, yet another amazing BSDCan. Thank you Dan Langille and your organizing team for making it happen! Well done.\n\n\n\n\n\n\nDigital Ocean\n\n###NomadBSD 1.1-RC1 Released\n\n\nThe first – and hopefully final – release candidate of NomadBSD 1.1 is available!\n\n\n\nChanges\nThe base system has been upgraded to FreeBSD 11.2-RC3\nEFI booting has been fixed.\nSupport for modern Intel GPUs has been added.\nSupport for installing packages has been added.\nImproved setup menu.\nMore software packages:\nbenchmarks/bonnie++\nDSBDisplaySettings\nDSBExec\nDSBSu\nmail/thunderbird\nnet/mosh\nports-mgmt/octopkg\nprint/qpdfview\nsecurity/nmap\nsysutils/ddrescue\nsysutils/fusefs-hfsfuse\nsysutils/fusefs-sshfs\nsysutils/sleuthkit\nwww/lynx\nx11-wm/compton\nx11/xev\nx11/xterm\nMany improvements and bugfixes\nThe image and instructions can be found here.\n\n\n\n\n##News Roundup\n###LDAP client added to -current\n\nCVSROOT:    /cvs\nModule name:    src\nChanges by: reyk@cvs.openbsd.org    2018/06/13 09:45:58\n\nLog message:\n    Import ldap(1), a simple ldap search client.\n    We have an ldapd(8) server and ypldap in base, so it makes sense to\n    have a simple LDAP client without depending on the OpenLDAP package.\n    This tool can be used in an ssh(1) AuthorizedKeysCommand script.\n    \n    With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@\n    \n    OK deraadt@\n    \n    Status:\n    \n    Vendor Tag: reyk\n    Release Tags:   ldap_20180613\n    \n    N src/usr.bin/ldap/Makefile\n    N src/usr.bin/ldap/aldap.c\n    N src/usr.bin/ldap/aldap.h\n    N src/usr.bin/ldap/ber.c\n    N src/usr.bin/ldap/ber.h\n    N src/usr.bin/ldap/ldap.1\n    N src/usr.bin/ldap/ldapclient.c\n    N src/usr.bin/ldap/log.c\n    N src/usr.bin/ldap/log.h\n    \n    No conflicts created by this import\n\n\n\n\n###Intel® FPU Speculation Vulnerability Confirmed\n\n\nEarlier this month, Philip Guenther (guenther@) committed (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs.\nTheo de Raadt (deraadt@) discussed this in his BSDCan 2018 session.\nUsing information disclosed in Theo’s talk, Colin Percival developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the official announcement of the vulnerability.\nFPU change in FreeBSD\n\n\nSummary:\n\nSystem software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.\n\nDescription:\n\nSystem software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.\n\n    ·    CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\nAffected Products:\n\nIntel® Core-based microprocessors.\n\nRecommendations:\n\nIf an XSAVE-enabled feature is disabled, then we recommend either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled. Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.\n\nAcknowledgements:\n\nIntel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH (https://www.cyberus-technology.de/), Zdenek Sojka from SYSGO AG (http://sysgo.com), and Colin Percival for reporting this issue and working with us on coordinated disclosure.\n\n\n\n\niXsystems\niX Ad Spot\n###iX Systems - BSDCan 2018 Recap\n\n###FreeBSD gets pNFS support\n\nMerge the pNFS server code from projects/pnfs-planb-server into head.\n\nThis code merge adds a pNFS service to the NFSv4.1 server. Although it is\na large commit it should not affect behaviour for a non-pNFS NFS server.\nSome documentation on how this works can be found at:\nMerge the pN http://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt\nand will hopefully be turned into a proper document soon.\nThis is a merge of the kernel code. Userland and man page changes will\ncome soon, once the dust settles on this merge.\nIt has passed a \"make universe\", so I hope it will not cause build problems.\nIt also adds NFSv4.1 server support for the \"current stateid\".\n\nHere is a brief overview of the pNFS service:\nA pNFS service separates the Read/Write operations from all the other NFSv4.1\nMetadata operations. It is hoped that this separation allows a pNFS service\nto be configured that exceeds the limits of a single NFS server for either\nstorage capacity and/or I/O bandwidth.\nIt is possible to configure mirroring within the data servers (DSs) so that\nthe data storage file for an MDS file will be mirrored on two or more of\nthe DSs.\nWhen this is used, failure of a DS will not stop the pNFS service and a\nfailed DS can be recovered once repaired while the pNFS service continues\nto operate.  Although two way mirroring would be the norm, it is possible\nto set a mirroring level of up to four or the number of DSs, whichever is\nless.\nThe Metadata server will always be a single point of failure,\njust as a single NFS server is.\n\nA Plan B pNFS service consists of a single MetaData Server (MDS) and K\nData Servers (DS), all of which are recent FreeBSD systems.\nClients will mount the MDS as they would a single NFS server.\nWhen files are created, the MDS creates a file tree identical to what a\nsingle NFS server creates, except that all the regular (VREG) files will\nbe empty. As such, if you look at the exported tree on the MDS directly\non the MDS server (not via an NFS mount), the files will all be of size 0.\nEach of these files will also have two extended attributes in the system\nattribute name space:\npnfsd.dsfile - This extended attrbute stores the information that\n    the MDS needs to find the data storage file(s) on DS(s) for this file.\npnfsd.dsattr - This extended attribute stores the Size, AccessTime, ModifyTime\n    and Change attributes for the file, so that the MDS doesn't need to\n    acquire the attributes from the DS for every Getattr operation.\nFor each regular (VREG) file, the MDS creates a data storage file on one\n(or more if mirroring is enabled) of the DSs in one of the \"dsNN\"\nsubdirectories.  The name of this file is the file handle\nof the file on the MDS in hexadecimal so that the name is unique.\nThe DSs use subdirectories named \"ds0\" to \"dsN\" so that no one directory\ngets too large. The value of \"N\" is set via the sysctl vfs.nfsd.dsdirsize\non the MDS, with the default being 20.\nFor production servers that will store a lot of files, this value should\nprobably be much larger.\nIt can be increased when the \"nfsd\" daemon is not running on the MDS,\nonce the \"dsK\" directories are created.\n\nFor pNFS aware NFSv4.1 clients, the FreeBSD server will return two pieces\nof information to the client that allows it to do I/O directly to the DS.\nDeviceInfo - This is relatively static information that defines what a DS\n             is. The critical bits of information returned by the FreeBSD\n             server is the IP address of the DS and, for the Flexible\n             File layout, that NFSv4.1 is to be used and that it is\n             \"tightly coupled\".\n             There is a \"deviceid\" which identifies the DeviceInfo.\nLayout     - This is per file and can be recalled by the server when it\n             is no longer valid. For the FreeBSD server, there is support\n             for two types of layout, call File and Flexible File layout.\n             Both allow the client to do I/O on the DS via NFSv4.1 I/O\n             operations. The Flexible File layout is a more recent variant\n             that allows specification of mirrors, where the client is\n             expected to do writes to all mirrors to maintain them in a\n             consistent state. The Flexible File layout also allows the\n             client to report I/O errors for a DS back to the MDS.\n             The Flexible File layout supports two variants referred to as\n             \"tightly coupled\" vs \"loosely coupled\". The FreeBSD server always\n             uses the \"tightly coupled\" variant where the client uses the\n             same credentials to do I/O on the DS as it would on the MDS.\n             For the \"loosely coupled\" variant, the layout specifies a\n             synthetic user/group that the client uses to do I/O on the DS.\n             The FreeBSD server does not do striping and always returns\n             layouts for the entire file. The critical information in a layout\n             is Read vs Read/Writea and DeviceID(s) that identify which\n             DS(s) the data is stored on.\n\nAt this time, the MDS generates File Layout layouts to NFSv4.1 clients\nthat know how to do pNFS for the non-mirrored DS case unless the sysctl\nvfs.nfsd.default_flexfile is set non-zero, in which case Flexible File\nlayouts are generated.\nThe mirrored DS configuration always generates Flexible File layouts.\nFor NFS clients that do not support NFSv4.1 pNFS, all I/O operations\nare done against the MDS which acts as a proxy for the appropriate DS(s).\nWhen the MDS receives an I/O RPC, it will do the RPC on the DS as a proxy.\nIf the DS is on the same machine, the MDS/DS will do the RPC on the DS as\na proxy and so on, until the machine runs out of some resource, such as\nsession slots or mbufs.\nAs such, DSs must be separate systems from the MDS.\n\n***\n\n###[What does {some strange unix command name} stand for?](http://www.unixguide.net/unix/faq/1.3.shtml)\n\n+ awk = \"Aho Weinberger and Kernighan\" \n+ grep = \"Global Regular Expression Print\" \n+ fgrep = \"Fixed GREP\". \n+ egrep = \"Extended GREP\" \n+ cat = \"CATenate\" \n+ gecos = \"General Electric Comprehensive Operating Supervisor\" \n+ nroff = \"New ROFF\" \n+ troff = \"Typesetter new ROFF\" \n+ tee = T \n+ bss = \"Block Started by Symbol\n+ biff = \"BIFF\" \n+ rc (as in \".cshrc\" or \"/etc/rc\") = \"RunCom\" \n+ Don Libes' book \"Life with Unix\" contains lots more of these \ntidbits. \n***\n\n##Beastie Bits\n+ [RetroBSD: Unix for microcontrollers](http://retrobsd.org/wiki/doku.php)\n+ [On the matter of OpenBSD breaking embargos (KRACK)](https://marc.info/?l=openbsd-tech\u0026amp;m=152910536208954\u0026amp;w=2)\n+ [Theo's Basement Computer Paradise (1998)](https://zeus.theos.com/deraadt/hosts.html)\n+ [Airport Extreme runs NetBSD](https://jcs.org/2018/06/12/airport_ssh)\n+ [What UNIX shell could have been](https://rain-1.github.io/shell-2.html)\n\n***\nTarsnap ad\n***\n\n##Feedback/Questions\n+ We need more feedback and questions. Please email feedback@bsdnow.tv \n+ Also, many of you owe us BSDCan trip reports! We have shared what our experience at BSDCan was like, but we want to hear about yours. What can we do better next year? What was it like being there for the first time?\n+ [Jason writes in](https://slexy.org/view/s205jU58X2)\n    + https://www.wheelsystems.com/en/products/wheel-fudo-psm/\n+ [June 19th was National FreeBSD Day](https://twitter.com/search?src=typd\u0026amp;q=%23FreeBSDDay)\n***\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)\n***\n\n","content_html":"\u003cp\u003eDragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean.\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://www.reddit.com/r/dragonflybsd/comments/8riwtx/towards_a_hammer1_masterslave_encrypted_setup/\"\u003eDragonflyBSD: Towards a HAMMER1 master/slave encrypted setup with LUKS\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI just wanted to share my experience with setting up DragonFly master/slave HAMMER1 PFS’s on top of LUKS\u003cbr\u003e\nSo after a long time using an Synology for my NFS needs, I decided it was time to rethink my setup a little since I had several issues with it :\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou cannot run NFS on top of encrypted partitions easily\u003c/li\u003e\n\u003cli\u003eI suspect I am having some some data corruption (bitrot) on the ext4 filesystem\u003c/li\u003e\n\u003cli\u003ethe NIC was stcuk to 100 Mbps instead of 1 Gbps even after swapping cables, switches, you name it\u003c/li\u003e\n\u003cli\u003eIt’s proprietary\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been playing with DragonFly in the past and knew about HAMMER, now I just had the perfect excuse to actually use it in production :) After setting up the OS, creating the LUKS partition and HAMMER FS was easy :\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ekdload dm\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecryptsetup luksFormat /dev/serno/\u0026lt;id1\u0026gt;\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecryptsetup luksOpen /dev/serno/\u0026lt;id1\u0026gt; fort_knox\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003enewfs_hammer -L hammer1_secure_master /dev/mapper/fort_knox\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecryptsetup luksFormat /dev/serno/\u0026lt;id2\u0026gt;\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003ecryptsetup luksOpen /dev/serno/\u0026lt;id2\u0026gt; fort_knox_slave\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003enewfs_hammer -L hammer1_secure_slave /dev/mapper/fort_knox_slave\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMount the 2 drives :\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003emount /dev/mapper/fort_knox /fort_knox\u003c/code\u003e\u003cbr\u003e\n\u003ccode\u003emount /dev/mapper_fort_know_slave /fort_knox_slave\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou can now put your data under /fort_knox\u003cbr\u003e\nNow, off to setting up the replication, first get the shared-uuid of /fort_knox\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ehammer pfs-status /fort_knox\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCreate a PFS slave “linked” to the master\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ehammer pfs-slave /fort_knox_slave/pfs/slave shared-uuid=f9e7cc0d-eb59-10e3-a5b5-01e6e7cefc12\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd then stream your data to the slave PFS !\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ehammer mirror-stream /fort_knox /fort_knox_slave/pfs/slave\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter that, setting NFS is fairly trivial even though I had problem with the /etc/exports syntax which is different than Linux\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere’s a few things I wish would be better though but nothing too problematic or without workarounds :\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCannot unlock LUKS partitions at boot time afaik (Acceptable tradeoff for the added security LUKS gives me vs my old Synology setup) but this force me to run a script to unlock LUKS, mount hammer and start mirror-stream at each boot\u003c/li\u003e\n\u003cli\u003eNo S1/S3 sleep so I made a script to shutdown the system when there’s no network neighborgs to serve the NFS\u003c/li\u003e\n\u003cli\u003eAs my system isn’t online 24/7 for energy reasons, I guess will have to run hammer cleanup myself from time to time\u003c/li\u003e\n\u003cli\u003eSome uncertainty because hey, it’s kind of exotic but exciting too :)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOverall, I am happy, HAMMER1 and PFS are looking really good, DragonFly is a neat Unix and the community is super friendly (Matthew Dillon actually provided me with a kernel patch to fix the broken ACPI on the PC holding this setup, many thanks!), the system is still a “work in progress” but it is already serving my files as I write this post.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet’s see in 6 months how it goes in the longer run !\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHelpful resources : \u003ca href=\"https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/\"\u003ehttps://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###BSDCan 2018 Recap\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs promised, here is our second part of our BSDCan report, covering the conference proper. The last tutorials/devsummit of that day lead directly into the conference, as people could pick up their registration packs at the Red Lion and have a drink with fellow BSD folks.\u003c/li\u003e\n\u003cli\u003eAllan and I were there only briefly, as we wanted to get back to the “Newcomers orientation and mentorship” session lead by Michael W. Lucas. This session is intended for people that are new to BSDCan (maybe their first BSD conference ever?) and may have questions. Michael explained everything from the 6-2-1 rule (hours of sleep, meals per day, and number of showers that attendees should have at a minimum), to the partner and widowers program (lead by his wife Liz), to the sessions that people should not miss (opening, closing, and hallway track). Old-time BSDCan folks were asked to stand up so that people can recognize them and ask them any questions they might have during the conferences. The session was well attended. Afterwards, people went for dinner in groups, a big one lead by Michael Lucas to his favorite Shawarma place, followed by gelato (of course). This allowed newbies to mingle over dinner and ice cream, creating a welcoming atmosphere.\u003c/li\u003e\n\u003cli\u003eThe next day, after Dan Langille opened the conference, Benno Rice gave the keynote presentation about “The Tragedy of Systemd”.\u003c/li\u003e\n\u003cli\u003eBenedict went to the following talks:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Automating Network Infrastructures with Ansible on FreeBSD” in the DevSummit track. A good talk that connected well with his Ansible tutorial and even allowed some discussions among participants.\u003cbr\u003e\n“All along the dwatch tower”: Devin delivered a well prepared talk. I first thought that the number of slides would not fit into the time slot, but she even managed to give a demo of her work, which was well received. The dwatch tool she wrote should make it easy for people to get started with DTrace without learning too much about the syntax at first. The visualizations were certainly nice to see, combining different tools together in a new way.\u003cbr\u003e\nZFS BoF, lead by Allan and Matthew Ahrens\u003cbr\u003e\nSSH Key Management by Michael W. Lucas. Yet another great talk where I learned a lot. I did not get to the SSH CA chapter in the new SSH Mastery book, so this was a good way to wet my appetite for it and motivated me to look into creating one for the cluster that I’m managing.\u003cbr\u003e\nThe rest of the day was spent at the FreeBSD Foundation table, talking to various folks. Then, Allan and I had an interview with Kirk McKusick for National FreeBSD Day, then we had a core meeting, followed by a core dinner.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDay 2:\n\u003cblockquote\u003e\n\u003cp\u003e“Flexible Disk Use in OpenZFS”: Matthew Ahrens talking about the feature he is implementing to expand a RAID-Z with a single disk, as well as device removal.\u003cbr\u003e\nAllan’s talk about his efforts to implement ZSTD in OpenZFS as another compression algorithm. I liked his overview slides with the numbers comparing the algorithms for their effectiveness and his personal story about the sometimes rocky road to get the feature implemented.\u003cbr\u003e\n“zrepl - ZFS replication” by Christian Schwarz, was well prepared and even had a demo to show what his snapshot replication tool can do. We covered it on the show before and people can find it under sysutils/zrepl. Feedback and help is welcome.\u003cbr\u003e\n“The Evolution of FreeBSD Governance” by Kirk McKusick was yet another great talk by him covering the early days of FreeBSD until today, detailing some of the progress and challenges the project faced over the years in terms of leadership and governance. This is an ongoing process that everyone in the community should participate in to keep the project healthy and infused with fresh blood.\u003cbr\u003e\nClosing session and auction were funny and great as always.\u003cbr\u003e\nAll in all, yet another amazing BSDCan. Thank you Dan Langille and your organizing team for making it happen! Well done.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigital Ocean\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://nomadbsd.org/index.html#rel1.1-rc1\"\u003eNomadBSD 1.1-RC1 Released\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first – and hopefully final – release candidate of NomadBSD 1.1 is available!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eChanges\u003c/li\u003e\n\u003cli\u003eThe base system has been upgraded to FreeBSD 11.2-RC3\u003c/li\u003e\n\u003cli\u003eEFI booting has been fixed.\u003c/li\u003e\n\u003cli\u003eSupport for modern Intel GPUs has been added.\u003c/li\u003e\n\u003cli\u003eSupport for installing packages has been added.\u003c/li\u003e\n\u003cli\u003eImproved setup menu.\u003c/li\u003e\n\u003cli\u003eMore software packages:\u003c/li\u003e\n\u003cli\u003ebenchmarks/bonnie++\u003c/li\u003e\n\u003cli\u003eDSBDisplaySettings\u003c/li\u003e\n\u003cli\u003eDSBExec\u003c/li\u003e\n\u003cli\u003eDSBSu\u003c/li\u003e\n\u003cli\u003email/thunderbird\u003c/li\u003e\n\u003cli\u003enet/mosh\u003c/li\u003e\n\u003cli\u003eports-mgmt/octopkg\u003c/li\u003e\n\u003cli\u003eprint/qpdfview\u003c/li\u003e\n\u003cli\u003esecurity/nmap\u003c/li\u003e\n\u003cli\u003esysutils/ddrescue\u003c/li\u003e\n\u003cli\u003esysutils/fusefs-hfsfuse\u003c/li\u003e\n\u003cli\u003esysutils/fusefs-sshfs\u003c/li\u003e\n\u003cli\u003esysutils/sleuthkit\u003c/li\u003e\n\u003cli\u003ewww/lynx\u003c/li\u003e\n\u003cli\u003ex11-wm/compton\u003c/li\u003e\n\u003cli\u003ex11/xev\u003c/li\u003e\n\u003cli\u003ex11/xterm\u003c/li\u003e\n\u003cli\u003eMany improvements and bugfixes\u003cbr\u003e\nThe image and instructions can be found \u003ca href=\"http://nomadbsd.org/download.html\"\u003ehere\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180616115514\"\u003eLDAP client added to -current\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eCVSROOT:    /cvs\nModule name:    src\nChanges by: reyk@cvs.openbsd.org    2018/06/13 09:45:58\n\nLog message:\n    Import ldap(1), a simple ldap search client.\n    We have an ldapd(8) server and ypldap in base, so it makes sense to\n    have a simple LDAP client without depending on the OpenLDAP package.\n    This tool can be used in an ssh(1) AuthorizedKeysCommand script.\n    \n    With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@\n    \n    OK deraadt@\n    \n    Status:\n    \n    Vendor Tag: reyk\n    Release Tags:   ldap_20180613\n    \n    N src/usr.bin/ldap/Makefile\n    N src/usr.bin/ldap/aldap.c\n    N src/usr.bin/ldap/aldap.h\n    N src/usr.bin/ldap/ber.c\n    N src/usr.bin/ldap/ber.h\n    N src/usr.bin/ldap/ldap.1\n    N src/usr.bin/ldap/ldapclient.c\n    N src/usr.bin/ldap/log.c\n    N src/usr.bin/ldap/log.h\n    \n    No conflicts created by this import\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180614064341\"\u003eIntel® FPU Speculation Vulnerability Confirmed\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEarlier this month, Philip Guenther (guenther@) \u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026amp;m=152818076013158\u0026amp;w=2\"\u003ecommitted\u003c/a\u003e (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs.\u003c/li\u003e\n\u003cli\u003eTheo de Raadt (deraadt@) discussed this in \u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180611101817\"\u003ehis BSDCan 2018 session\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUsing information disclosed in Theo’s talk, \u003ca href=\"https://twitter.com/cperciva/status/1007010583244230656\"\u003eColin Percival\u003c/a\u003e developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the \u003ca href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html\"\u003eofficial announcement\u003c/a\u003e of the vulnerability.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=335072\"\u003eFPU change in FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003eSummary:\n\nSystem software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.\n\nDescription:\n\nSystem software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.\n\n    ·    CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\nAffected Products:\n\nIntel® Core-based microprocessors.\n\nRecommendations:\n\nIf an XSAVE-enabled feature is disabled, then we recommend either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled. Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.\n\nAcknowledgements:\n\nIntel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH (https://www.cyberus-technology.de/), Zdenek Sojka from SYSGO AG (http://sysgo.com), and Colin Percival for reporting this issue and working with us on coordinated disclosure.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003cbr\u003e\niX Ad Spot\u003cbr\u003e\n###\u003ca href=\"https://www.ixsystems.com/blog/bsdcan-2018-recap/\"\u003eiX Systems - BSDCan 2018 Recap\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=335012\"\u003eFreeBSD gets pNFS support\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eMerge the pNFS server code from projects/pnfs-planb-server into head.\n\nThis code merge adds a pNFS service to the NFSv4.1 server. Although it is\na large commit it should not affect behaviour for a non-pNFS NFS server.\nSome documentation on how this works can be found at:\nMerge the pN http://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt\nand will hopefully be turned into a proper document soon.\nThis is a merge of the kernel code. Userland and man page changes will\ncome soon, once the dust settles on this merge.\nIt has passed a \u0026quot;make universe\u0026quot;, so I hope it will not cause build problems.\nIt also adds NFSv4.1 server support for the \u0026quot;current stateid\u0026quot;.\n\nHere is a brief overview of the pNFS service:\nA pNFS service separates the Read/Write operations from all the other NFSv4.1\nMetadata operations. It is hoped that this separation allows a pNFS service\nto be configured that exceeds the limits of a single NFS server for either\nstorage capacity and/or I/O bandwidth.\nIt is possible to configure mirroring within the data servers (DSs) so that\nthe data storage file for an MDS file will be mirrored on two or more of\nthe DSs.\nWhen this is used, failure of a DS will not stop the pNFS service and a\nfailed DS can be recovered once repaired while the pNFS service continues\nto operate.  Although two way mirroring would be the norm, it is possible\nto set a mirroring level of up to four or the number of DSs, whichever is\nless.\nThe Metadata server will always be a single point of failure,\njust as a single NFS server is.\n\nA Plan B pNFS service consists of a single MetaData Server (MDS) and K\nData Servers (DS), all of which are recent FreeBSD systems.\nClients will mount the MDS as they would a single NFS server.\nWhen files are created, the MDS creates a file tree identical to what a\nsingle NFS server creates, except that all the regular (VREG) files will\nbe empty. As such, if you look at the exported tree on the MDS directly\non the MDS server (not via an NFS mount), the files will all be of size 0.\nEach of these files will also have two extended attributes in the system\nattribute name space:\npnfsd.dsfile - This extended attrbute stores the information that\n    the MDS needs to find the data storage file(s) on DS(s) for this file.\npnfsd.dsattr - This extended attribute stores the Size, AccessTime, ModifyTime\n    and Change attributes for the file, so that the MDS doesn't need to\n    acquire the attributes from the DS for every Getattr operation.\nFor each regular (VREG) file, the MDS creates a data storage file on one\n(or more if mirroring is enabled) of the DSs in one of the \u0026quot;dsNN\u0026quot;\nsubdirectories.  The name of this file is the file handle\nof the file on the MDS in hexadecimal so that the name is unique.\nThe DSs use subdirectories named \u0026quot;ds0\u0026quot; to \u0026quot;dsN\u0026quot; so that no one directory\ngets too large. The value of \u0026quot;N\u0026quot; is set via the sysctl vfs.nfsd.dsdirsize\non the MDS, with the default being 20.\nFor production servers that will store a lot of files, this value should\nprobably be much larger.\nIt can be increased when the \u0026quot;nfsd\u0026quot; daemon is not running on the MDS,\nonce the \u0026quot;dsK\u0026quot; directories are created.\n\nFor pNFS aware NFSv4.1 clients, the FreeBSD server will return two pieces\nof information to the client that allows it to do I/O directly to the DS.\nDeviceInfo - This is relatively static information that defines what a DS\n             is. The critical bits of information returned by the FreeBSD\n             server is the IP address of the DS and, for the Flexible\n             File layout, that NFSv4.1 is to be used and that it is\n             \u0026quot;tightly coupled\u0026quot;.\n             There is a \u0026quot;deviceid\u0026quot; which identifies the DeviceInfo.\nLayout     - This is per file and can be recalled by the server when it\n             is no longer valid. For the FreeBSD server, there is support\n             for two types of layout, call File and Flexible File layout.\n             Both allow the client to do I/O on the DS via NFSv4.1 I/O\n             operations. The Flexible File layout is a more recent variant\n             that allows specification of mirrors, where the client is\n             expected to do writes to all mirrors to maintain them in a\n             consistent state. The Flexible File layout also allows the\n             client to report I/O errors for a DS back to the MDS.\n             The Flexible File layout supports two variants referred to as\n             \u0026quot;tightly coupled\u0026quot; vs \u0026quot;loosely coupled\u0026quot;. The FreeBSD server always\n             uses the \u0026quot;tightly coupled\u0026quot; variant where the client uses the\n             same credentials to do I/O on the DS as it would on the MDS.\n             For the \u0026quot;loosely coupled\u0026quot; variant, the layout specifies a\n             synthetic user/group that the client uses to do I/O on the DS.\n             The FreeBSD server does not do striping and always returns\n             layouts for the entire file. The critical information in a layout\n             is Read vs Read/Writea and DeviceID(s) that identify which\n             DS(s) the data is stored on.\n\nAt this time, the MDS generates File Layout layouts to NFSv4.1 clients\nthat know how to do pNFS for the non-mirrored DS case unless the sysctl\nvfs.nfsd.default_flexfile is set non-zero, in which case Flexible File\nlayouts are generated.\nThe mirrored DS configuration always generates Flexible File layouts.\nFor NFS clients that do not support NFSv4.1 pNFS, all I/O operations\nare done against the MDS which acts as a proxy for the appropriate DS(s).\nWhen the MDS receives an I/O RPC, it will do the RPC on the DS as a proxy.\nIf the DS is on the same machine, the MDS/DS will do the RPC on the DS as\na proxy and so on, until the machine runs out of some resource, such as\nsession slots or mbufs.\nAs such, DSs must be separate systems from the MDS.\n\n***\n\n###[What does {some strange unix command name} stand for?](http://www.unixguide.net/unix/faq/1.3.shtml)\n\n+ awk = \u0026quot;Aho Weinberger and Kernighan\u0026quot; \n+ grep = \u0026quot;Global Regular Expression Print\u0026quot; \n+ fgrep = \u0026quot;Fixed GREP\u0026quot;. \n+ egrep = \u0026quot;Extended GREP\u0026quot; \n+ cat = \u0026quot;CATenate\u0026quot; \n+ gecos = \u0026quot;General Electric Comprehensive Operating Supervisor\u0026quot; \n+ nroff = \u0026quot;New ROFF\u0026quot; \n+ troff = \u0026quot;Typesetter new ROFF\u0026quot; \n+ tee = T \n+ bss = \u0026quot;Block Started by Symbol\n+ biff = \u0026quot;BIFF\u0026quot; \n+ rc (as in \u0026quot;.cshrc\u0026quot; or \u0026quot;/etc/rc\u0026quot;) = \u0026quot;RunCom\u0026quot; \n+ Don Libes' book \u0026quot;Life with Unix\u0026quot; contains lots more of these \ntidbits. \n***\n\n##Beastie Bits\n+ [RetroBSD: Unix for microcontrollers](http://retrobsd.org/wiki/doku.php)\n+ [On the matter of OpenBSD breaking embargos (KRACK)](https://marc.info/?l=openbsd-tech\u0026amp;m=152910536208954\u0026amp;w=2)\n+ [Theo's Basement Computer Paradise (1998)](https://zeus.theos.com/deraadt/hosts.html)\n+ [Airport Extreme runs NetBSD](https://jcs.org/2018/06/12/airport_ssh)\n+ [What UNIX shell could have been](https://rain-1.github.io/shell-2.html)\n\n***\nTarsnap ad\n***\n\n##Feedback/Questions\n+ We need more feedback and questions. Please email feedback@bsdnow.tv \n+ Also, many of you owe us BSDCan trip reports! We have shared what our experience at BSDCan was like, but we want to hear about yours. What can we do better next year? What was it like being there for the first time?\n+ [Jason writes in](https://slexy.org/view/s205jU58X2)\n    + https://www.wheelsystems.com/en/products/wheel-fudo-psm/\n+ [June 19th was National FreeBSD Day](https://twitter.com/search?src=typd\u0026amp;q=%23FreeBSDDay)\n***\n\n- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)\n***\n\n\u003c/code\u003e\u003c/pre\u003e","summary":"DragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean.","date_published":"2018-06-21T05:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/034d5002-639f-4744-a773-9c000ce91d1c.mp3","mime_type":"audio/mp3","size_in_bytes":53300210,"duration_in_seconds":5323}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2107","title":"Episode 250: BSDCan 2018 Recap | BSD Now 250","url":"https://www.bsdnow.tv/250","content_text":"TrueOS becoming a downstream fork with Trident, our BSDCan 2018 recap, HardenedBSD Foundation founding efforts, VPN with OpenIKED on OpenBSD, FreeBSD on a System76 Galago Pro, and hardware accelerated crypto on Octeons.\n\n##Headlines##\n###TrueOS to Focus on Core Operating System\n\n\nThe TrueOS Project has some big plans in the works, and we want to take a minute and share them with you. Many have come to know TrueOS as the “graphical FreeBSD” that makes things easy for newcomers to the BSDs. Today we’re announcing that TrueOS is shifting our focus a bit to become a cutting-edge operating system that keeps all of the stability that you know and love from ZFS (OpenZFS) and FreeBSD, and adds additional features to create a fresh, innovative operating system. Our goal is to create a core-centric operating system that is modular, functional, and perfect for do-it-yourselfers and advanced users alike.\n\n\n\nTrueOS will become a downstream fork that will build on FreeBSD by integrating new software technologies like OpenRC and LibreSSL. Work has already begun which allows TrueOS to be used as a base platform for other projects, including JSON-based manifests, integrated Poudriere / pkg tools and much more. We’re planning on a six month release cycle to keep development moving and fresh, allowing us to bring you hot new features to ZFS, bhyve and related tools in a timely manner. This makes TrueOS the perfect fit to serve as the basis for building other distributions.\n\n\n\nSome of you are probably asking yourselves “But what if I want to have a graphical desktop?” Don’t worry! We’re making sure that everyone who knows and loves the legacy desktop version of TrueOS will be able to continue using a FreeBSD-based, graphical operating system in the future. For instance, if you want to add KDE, just use sudo pkg install kde and voila! You have your new shiny desktop. Easy right? This allows us to get back to our roots of being a desktop agnostic operating system. If you want to add a new desktop environment, you get to pick the one that best suits your use.\n\n\n\nWe know that some of you will still be looking for an out-of-the-box solution similar to legacy PC-BSD and TrueOS. We’re happy to announce that Project Trident will take over graphical FreeBSD development going forward. Not much is going to change in that regard other than a new name! You’ll still have Lumina Desktop as a lightweight and feature-rich desktop environment and tons of utilities from the legacy TrueOS toolchain like sysadm and AppCafe. There will be migration paths available for those that would like to move to other FreeBSD-based distributions like Project Trident or GhostBSD.\n\n\n\nWe look forward to this new chapter for TrueOS and hope you will give the new edition a spin! Tell us what you think about the new changes by leaving us a comment. Don’t forget you can ask us questions on our Twitter and be a part of our community by joining the new TrueOS Forums when they go live in about a week. Thanks for being a loyal fan of TrueOS.\n\n\n###Project Trident FAQ\n\n\nQ: Why did you pick the name “Project Trident”?\n\n\n\nA: We were looking for a name that was unique, yet would still relate to the BSD community. Since Beastie (the FreeBSD mascot) is always pictured with a trident, it felt like that would be a great name.\n\n\n\nQ: Where can users go for technical support?\n\n\n\nA: At the moment, Project Trident will continue sharing the TrueOS community forums and Telegram channels. We are currently evaluating dedicated options for support channels in the future.\n\n\n\nQ: Can I help contribute to the project?\n\n\n\nA: We are always looking for developers who want to join the project. If you’re not a developer you can still help, as a community project we will be more reliant on contributions from the community in the form of how-to guides and other user-centric documentation and support systems.\n\n\n\nQ: How is the project supported financially?\n\n\n\nA: Project Trident is sponsored by the community, from both individuals and corporations. iXsystems has stepped up as the first enterprise-level sponsor of the project, and has been instrumental in getting Project Trident up and running. Please visit the Sponsors page to see all the current sponsors.\n\n\n\nQ: How can I help support the project financially?\n\n\n\nA: Several methods exist, from one time or recurring donations via Paypal to limited time swag t-shirt campaigns during the year. We are also looking into more alternative methods of support, so please visit the Sponsors page to see all the current methods of sponsorship.\n\n\n\nQ: Will there be any transparency of the financial donations and expenditures?\n\n\n\nA: Yes, we will be totally open with how much money comes into the project and what it is spent on. Due to concerns of privacy, we will not identify individuals and their donation amounts unless they specifically request to be identified. We will release a monthly overview in/out ledger, so that community members can see where their money is going.\n\n\n\n\nRelationship with TrueOS\n\n\nProject Trident does have very close ties to the TrueOS project, since most of the original Project Trident developers were once part of the TrueOS project before it became a distribution platform. For users of the TrueOS desktop, we have some additional questions and answers below.\n\n\nQ: Do we need to be at a certain TrueOS install level/release to upgrade?\n\n\n\n\nA: As long as you have a TrueOS system which has been updated to at least the 18.03 release you should be able to just perform a system update to be automatically upgraded to Project Trident.\n\n\n\nQ: Which members moved from TrueOS to Project Trident?\n\n\n\nA: Project Trident is being led by prior members of the TrueOS desktop team. Ken and JT (development), Tim (documentation) and Rod (Community/Support). Since Project Trident is a community-first project, we look forward to working with new members of the team.\n\n\n\n\niXsystems\n\n###BSDCan\n\n\nBSDCan finished Saturday last week\nIt started with the GoatBoF on Tuesday at the Royal Oak Pub, where people had a chance to meet and greet. Benedict could not attend due to an all-day FreeBSD Foundation meeting and and even FreeBSD Journal Editorial Board meeting.\nThe FreeBSD devsummit was held the next two days in parallel to the tutorials. Gordon Tetlow, who organized the devsummit, opened the devsummit. Deb Goodkin from the FreeBSD Foundation gave the first talk with a Foundation update, highlighting current and future efforts. Li-Wen Hsu is now employed by the Foundation to assist in QA work (Jenkins, CI/CD) and Gordon Tetlow has a part-time contract to help secteam as their secretary.\nNext, the FreeBSD core team (among them Allan and Benedict) gave a talk about what has happened this last term. With a core election currently running, some of these items will carry over to the next core team, but there were also some finished ones like the FCP process and FreeBSD members initiative. People in the audience asked questions on various topics of interest.\nAfter the coffee break, the release engineering team gave a talk about their efforts in terms of making releases happen in time and good quality.\nBenedict had to give his Ansible tutorial in the afternoon, which had roughly 15 people attending. Most of them beginners, we could get some good discussions going and I also learned a few new tricks. The overall feedback was positive and one even asked what I’m going to teach next year.\nThe second day of the FreeBSD devsummit began with Gordon Tetlow giving an insight into the FreeBSD Security team (aka secteam). He gave a overview of secteam members and responsibilities, explaining the process based on a long past advisory. Developers were encouraged to help out secteam. NDAs and proper disclosure of vulnerabilities were also discussed, and the audience had some feedback and questions.\nWhen the coffee break was over, the FreeBSD 12.0 planning session happened. A Google doc served as a collaborative way of gathering features and things left to do. People signed up for it or were volunteered. Some features won’t make it into 12.0 as they are not 100% ready for prime time and need a few more rounds of testing and bugfixing. Still, 12.0 will have some compelling features.\nA 360° group picture was taken after lunch, and then people split up into the working groups for the afternoon or started hacking in the UofO Henderson residence.\nBenedict and Allan both attended the OpenZFS working group, lead by Matt Ahrens. He presented the completed and outstanding work in FreeBSD, without spoiling too much of the ZFS presentations of various people that happened later at the conference.\nBenedict joined the boot code session a bit late (hallway track is the reason) when most things seem to have already been discussed.\nBSDCan 2018 — Ottawa (In Pictures)\niXsystems Photos from BSDCan 2018\n\n\n\n\n##News Roundup\n###June HardenedBSD Foundation Update\n\n\nWe at HardenedBSD are working towards starting up a 501©(3) not-for-profit organization in the USA. Setting up this organization will allow future donations to be tax deductible. We’ve made progress and would like to share with you the current state of affairs.\n\n\n\nWe have identified, sent invitations out, and received acceptance letters from six people who will serve on the HardenedBSD Foundation Board of Directors. You can find their bios below. In the latter half of June 2018 or the beginning half of July 2018, we will meet for the first time as a board and formally begin the process of creating the documentation needed to submit to the local, state, and federal tax services.\n\n\n\nHere’s a brief introduction to those who will serve on the board:\n\n\n\n\nW. Dean Freeman (Advisor): Dean has ten years of professional experience with deploying and security Unix and networking systems, including assessing systems security for government certification and assessing the efficacy of security products. He was introduced to Unix via FreeBSD 2.2.8 on an ISP shell account as a teenager. Formerly, he was the Snort port maintainer for FreeBSD while working in the Sourcefire VRT, and has contributed entropy-related patches to the FreeBSD and HardenedBSD projects – a topic on which he presented at vBSDCon 2017.\n\n\nBen La Monica (Advisor): Ben is a Senior Technology Manager of Software Engineering at Morningstar, Inc and has been developing software for over 15 years in a variety of languages. He advocates open source software and enjoys tinkering with electronics and home automation.\n\n\nGeorge Saylor (Advisor): George is a Technical Directory at G2, Inc. Mr. Saylor has over 28 years of information systems and security experience in a broad range of disciplines. His core focus areas are automation and standards in the event correlation space as well as penetration and exploitation of computer systems. Mr Saylor was also a co-founder of the OpenSCAP project.\n\n\nVirginia Suydan (Accountant and general administrator): Accountant and general administrator for the HardenedBSD Foundation. She has worked with Shawn Webb for tax and accounting purposes for over six years.\n\n\nShawn Webb (Director): Co-founder of HardenedBSD and all-around infosec wonk. He has worked and played in the infosec industry, doing both offensive and defensive research, for around fifteen years. He loves open source technologies and likes to frustrate the bad guys.\n\n\nBen Welch (Advisor): Ben is currently a Security Engineer at G2, Inc. He graduated from Pennsylvania College of Technology with a Bachelors in Information Assurance and Security. Ben likes long walks, beaches, candlelight dinners, and attending various conferences like BSides and ShmooCon.\n\n\n\n\n\n###Your own VPN with OpenIKED \u0026amp; OpenBSD\n\n\nRemote connectivity to your home network is something I think a lot of people find desirable. Over the years, I’ve just established an SSH tunnel and use it as a SOCKS proxy, sending my traffic through that. It’s a nice solution for a “poor man’s VPN”, but it can be a bit clunky, and it’s not great having to expose SSH to the world, even if you make sure to lock everything down \n\n\n\nI set out the other day to finally do it properly. I’d come across this great post by Gordon Turner: OpenBSD 6.2 VPN Endpoint for iOS and macOS\n\n\n\nWhilst it was exactly what I was looking for, it outlined how to set up an L2TP VPN. Really, I wanted IKEv2 for performance and security reasons (I won’t elaborate on this here, if you’re curious about the differences, there’s a lot of content out on the web explaining this).\n\n\n\nThe client systems I’d be using have native support for IKEv2 (iOS, macOS, other BSD systems). But, I couldn’t find any tutorials in the same vein.\n\n\n\nSo, let’s get stuck in!\n\n\n\nA quick note ✍️\n\n\n\nThis guide will walk through the set up of an IKEv2 VPN using OpenIKED on OpenBSD. It will detail a “road warrior” configuration, and use a PSK (pre-shared-key) for authentication. I’m sure it can be easily adapted to work on any other platforms that OpenIKED is available on, but keep in mind my steps are specifically for OpenBSD.\n\n\n\nServer Configuration\n\n\n\nAs with all my home infrastructure, I crafted this set-up declaratively. So, I had the deployment of the VM setup in Terraform (deployed on my private Triton cluster), and wrote the configuration in Ansible, then tied them together using radekg/terraform-provisioner-ansible.\n\n\n\nOne of the reasons I love Ansible is that its syntax is very simplistic, yet expressive. As such, I feel it fits very well into explaining these steps with snippets of the playbook I wrote.  I’ll link the full playbook a bit further down for those interested.\n\n\n\nSee the full article for the information on:\nsysctl parameters\nThe naughty list (optional)\nConfigure the VPN network interface\nConfigure the firewall\nConfigure the iked service\nGateway configuration\nClient configuration\nTroubleshooting\n\n\n\n\nDigitalOcean\n\n###FreeBSD on a System76 Galago Pro\n\n\nHey all, It’s been a while since I last posted but I thought I would hammer something out here. My most recent purchase was a System76 Galago Pro. I thought, afer playing with POP! OS a bit, is there any reason I couldn’t get BSD on this thing. Turns out the answer is no, no there isnt and it works pretty decently.\n\n\n\nTo get some accounting stuff out of the way I tested this all on FreeBSD Head and 11.1, and all of it is valid as of May 10, 2018. Head is a fast moving target so some of this is only bound to improve.\n\n\n\n\nThe hardware\n\n\nIntel Core i5 Gen 8\n\n\nUHD Graphics 620\n\n\n16 GB DDR4 Ram\n\n\nRTL8411B PCI Express Card Reader\n\n\nRTL8111 Gigabit ethernet controller\n\n\nIntel HD Audio\n\n\nSamsung SSD 960 PRO 512GB NVMe\n\n\nThe caveats\n\n\n\n\nThere are a few things that I cant seem to make work straight out of the box, and that is the SD Card reader, the backlight, and the audio is a bit finicky. Also the trackpad doesn’t respond to two finger scrolling. The wiki is mostly up to date, there are a few edits that need to be made still but there is a bug where I cant register an account yet so I haven’t made all the changes.\n\n\n\nProcessor\n\n\n\nIt works like any other Intel processor. Pstates and throttling work.\n\n\n\nGraphics\n\n\n\nThe boot menu sets itself to what looks like 1024x768, but works as you expect in a tiny window. The text console does the full 3200x1800 resolution, but the text is ultra tiny. There isnt a font for the console that covers hidpi screens yet. As for X Windows it requres the drm-kmod-next package. Once installed follow the directions from the package and it works with almost no fuss. I have it running on X with full intel acceleration, but it is running at it’s full 3200x1800 resolution, to scale that down just do xrandr --output eDP-1 --scale 0.5x0.5 it will blow it up to roughly 200%. Due to limitations with X windows and hidpi it is harder to get more granular.\n\n\n\nIntel Wireless 8265\n\n\n\nThe wireless uses the iwm module, as of right now it does not seem to automagically load right now. Adding iwm_load=“YES” will cause the module to load on boot and kldload iwm\n\n\n\nBattery\n\n\n\nI seem to be getting about 5 hours out of the battery, but everything reports out of the box as expected. I could get more by throttling the CPU down speed wise.\n\n\n\nOverall impression\n\n\n\nIt is a pretty decent experience. While not as polished as a Thinkpad there is a lot of potential with a bit of work and polishing. The laptop itself is not bad, the keyboard is responsive. The build quality is pretty solid. My only real complaint is the trackpad is stiff to click and sort of tiny. They seem to be a bit indifferent to non linux OSes running on the gear but that isnt anything new. I wont have any problems using it and is enough that when I work through this laptop, but I’m not sure at this stage if my next machine will be a System76 laptop, but they have impressed me enough to put them in the running when I go to look for my next portable machine but it hasn’t yet replaced the hole left in my heart by lenovo messing with the thinkpad.\n\n\n\n\n###Hardware accelerated AES/HMAC-SHA on octeons\n\nIn this commit, visa@ submitted code (disabled for now) to use built-in acceleration on octeon CPUs, much like AESNI for x86s.\n\nI decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.\n\nI didn't capture detailed perf stats from before the update, I had heard someone say that Edgerouter Lite boxes would only do some 6MBit/s over ipsec, so I set up a really simple ipsec.conf with ike esp from A to B leading to a policy of\n\nesp tunnel from A to B spi 0xdeadbeef auth hmac-sha2-256 enc aes\ngoing from one ERL to another (I collect octeons, so I have a bunch to test with) and let tcpbench run for a while on it. My numbers hovered around 7Mbit/s, which coincided with what I've heard, and also that most of the CPU gets used while doing it.\nThen I edited /sys/arch/octeon/conf/GENERIC, removed the # from octcrypto0 at mainbus0 and recompiled. Booted into the new kernel and got a octcrypto0 line in dmesg, and it was time to rock the ipsec tunnel again. The crypto algorithm and HMAC used by default on ipsec coincides nicely with the list of accelerated functions provided by the driver.\n\nBefore we get to tunnel traffic numbers, just one quick look at what systat pigs says while the ipsec is running at full steam:\n\n     PID USER        NAME                 CPU     20\\    40\\    60\\    80\\  100\\\n   58917 root        crypto             52.25 #################\n   42636 root        softnet            42.48 ##############\n                     (idle)             29.74 #########\n    1059 root        tcpbench           24.22 #######\n   67777 root        crynlk             19.58 ######\nSo this indicates that the load from doing ipsec and generating the traffic is somewhat nicely evened out over the two cores in the Edgerouter, and there's even some CPU left unused, which means I can actually ssh into it and have it usable. I have had it running for almost 2 days now, moving some 2.1TB over the tunnel.\nNow for the new and improved performance numbers:\n\n   204452123        4740752       37.402  100.00% \nConn:   1 Mbps:       37.402 Peak Mbps:       58.870 Avg Mbps:       37.402\n   204453149        4692968       36.628  100.00% \nConn:   1 Mbps:       36.628 Peak Mbps:       58.870 Avg Mbps:       36.628\n   204454167        5405552       42.480  100.00% \nConn:   1 Mbps:       42.480 Peak Mbps:       58.870 Avg Mbps:       42.480\n   204455188        5202496       40.804  100.00% \nConn:   1 Mbps:       40.804 Peak Mbps:       58.870 Avg Mbps:       40.804\n   204456194        5062208       40.256  100.00% \nConn:   1 Mbps:       40.256 Peak Mbps:       58.870 Avg Mbps:       40.256\n\nThe tcpbench numbers fluctuate up and down a bit, but the output is nice enough to actually keep tabs on the peak values. Peaking to 58.8MBit/s! Of course, as you can see, the average is lower but nice anyhow.\n\nA manyfold increase in performance, which is good enough in itself, but also moves the throughput from a speed that would make a poor but cheap gateway to something actually useful and decent for many home network speeds. Biggest problem after this gets enabled will be that my options to buy cheap used ERLs diminish.\n\n\n\n\n##Beastie Bits\n\n\nUsing FreeBSD Text Dumps\nllvm’s lld now the default linker for amd64 on FreeBSD\nAuthor Discoverability\nPledge and Unveil in OpenBSD {pdf}\nEuroBSDCon 2018 CFP Closes June 17, hurry up and get your submissions in\nJust want to attend, but need help getting to the conference? Applications for the Paul Schenkeveld travel grant accepted until June 15th\n\n\n\n\nTarsnap\n\n##Feedback/Questions\n\n\nCasey - ZFS on Digital Ocean\nJürgen - A Question\nKevin - Failover best practice\nDennis - SQL\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eTrueOS becoming a downstream fork with Trident, our BSDCan 2018 recap, HardenedBSD Foundation founding efforts, VPN with OpenIKED on OpenBSD, FreeBSD on a System76 Galago Pro, and hardware accelerated crypto on Octeons.\u003c/p\u003e\n\n\u003cp\u003e##Headlines##\u003cbr\u003e\n###\u003ca href=\"https://www.trueos.org/blog/trueosdownstream/\"\u003eTrueOS to Focus on Core Operating System\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe TrueOS Project has some big plans in the works, and we want to take a minute and share them with you. Many have come to know TrueOS as the “graphical FreeBSD” that makes things easy for newcomers to the BSDs. Today we’re announcing that TrueOS is shifting our focus a bit to become a cutting-edge operating system that keeps all of the stability that you know and love from ZFS (OpenZFS) and FreeBSD, and adds additional features to create a fresh, innovative operating system. Our goal is to create a core-centric operating system that is modular, functional, and perfect for do-it-yourselfers and advanced users alike.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueOS will become a downstream fork that will build on FreeBSD by integrating new software technologies like OpenRC and LibreSSL. Work has already begun which allows TrueOS to be used as a base platform for other projects, including JSON-based manifests, integrated Poudriere / pkg tools and much more. We’re planning on a six month release cycle to keep development moving and fresh, allowing us to bring you hot new features to ZFS, bhyve and related tools in a timely manner. This makes TrueOS the perfect fit to serve as the basis for building other distributions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome of you are probably asking yourselves “But what if I want to have a graphical desktop?” Don’t worry! We’re making sure that everyone who knows and loves the legacy desktop version of TrueOS will be able to continue using a FreeBSD-based, graphical operating system in the future. For instance, if you want to add KDE, just use sudo pkg install kde and voila! You have your new shiny desktop. Easy right? This allows us to get back to our roots of being a desktop agnostic operating system. If you want to add a new desktop environment, you get to pick the one that best suits your use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe know that some of you will still be looking for an out-of-the-box solution similar to legacy PC-BSD and TrueOS. We’re happy to announce that Project Trident will take over graphical FreeBSD development going forward. Not much is going to change in that regard other than a new name! You’ll still have Lumina Desktop as a lightweight and feature-rich desktop environment and tons of utilities from the legacy TrueOS toolchain like sysadm and AppCafe. There will be migration paths available for those that would like to move to other FreeBSD-based distributions like Project Trident or GhostBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe look forward to this new chapter for TrueOS and hope you will give the new edition a spin! Tell us what you think about the new changes by leaving us a comment. Don’t forget you can ask us questions on our Twitter and be a part of our community by joining the new TrueOS Forums when they go live in about a week. Thanks for being a loyal fan of TrueOS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e###\u003ca href=\"http://project-trident.org/faq\"\u003eProject Trident FAQ\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Why did you pick the name “Project Trident”?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: We were looking for a name that was unique, yet would still relate to the BSD community. Since Beastie (the FreeBSD mascot) is always pictured with a trident, it felt like that would be a great name.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Where can users go for technical support?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: At the moment, Project Trident will continue sharing the TrueOS community forums and Telegram channels. We are currently evaluating dedicated options for support channels in the future.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Can I help contribute to the project?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: We are always looking for developers who want to join the project. If you’re not a developer you can still help, as a community project we will be more reliant on contributions from the community in the form of how-to guides and other user-centric documentation and support systems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: How is the project supported financially?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: Project Trident is sponsored by the community, from both individuals and corporations. iXsystems has stepped up as the first enterprise-level sponsor of the project, and has been instrumental in getting Project Trident up and running. Please visit the Sponsors page to see all the current sponsors.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: How can I help support the project financially?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: Several methods exist, from one time or recurring donations via Paypal to limited time swag t-shirt campaigns during the year. We are also looking into more alternative methods of support, so please visit the Sponsors page to see all the current methods of sponsorship.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Will there be any transparency of the financial donations and expenditures?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: Yes, we will be totally open with how much money comes into the project and what it is spent on. Due to concerns of privacy, we will not identify individuals and their donation amounts unless they specifically request to be identified. We will release a monthly overview in/out ledger, so that community members can see where their money is going.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRelationship with TrueOS\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eProject Trident does have very close ties to the TrueOS project, since most of the original Project Trident developers were once part of the TrueOS project before it became a distribution platform. For users of the TrueOS desktop, we have some additional questions and answers below.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eQ: Do we need to be at a certain TrueOS install level/release to upgrade?\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: As long as you have a TrueOS system which has been updated to at least the 18.03 release you should be able to just perform a system update to be automatically upgraded to Project Trident.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Which members moved from TrueOS to Project Trident?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: Project Trident is being led by prior members of the TrueOS desktop team. Ken and JT (development), Tim (documentation) and Rod (Community/Support). Since Project Trident is a community-first project, we look forward to working with new members of the team.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.bsdcan.org/2018\"\u003eBSDCan\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDCan finished Saturday last week\u003c/li\u003e\n\u003cli\u003eIt started with the GoatBoF on Tuesday at the Royal Oak Pub, where people had a chance to meet and greet. Benedict could not attend due to an all-day FreeBSD Foundation meeting and and even FreeBSD Journal Editorial Board meeting.\u003c/li\u003e\n\u003cli\u003eThe FreeBSD devsummit was held the next two days in parallel to the tutorials. Gordon Tetlow, who organized the devsummit, opened the devsummit. Deb Goodkin from the FreeBSD Foundation gave the first talk with a Foundation update, highlighting current and future efforts. Li-Wen Hsu is now employed by the Foundation to assist in QA work (Jenkins, CI/CD) and Gordon Tetlow has a part-time contract to help secteam as their secretary.\u003c/li\u003e\n\u003cli\u003eNext, the FreeBSD core team (among them Allan and Benedict) gave a talk about what has happened this last term. With a core election currently running, some of these items will carry over to the next core team, but there were also some finished ones like the FCP process and FreeBSD members initiative. People in the audience asked questions on various topics of interest.\u003c/li\u003e\n\u003cli\u003eAfter the coffee break, the release engineering team gave a talk about their efforts in terms of making releases happen in time and good quality.\u003c/li\u003e\n\u003cli\u003eBenedict had to give his Ansible tutorial in the afternoon, which had roughly 15 people attending. Most of them beginners, we could get some good discussions going and I also learned a few new tricks. The overall feedback was positive and one even asked what I’m going to teach next year.\u003c/li\u003e\n\u003cli\u003eThe second day of the FreeBSD devsummit began with Gordon Tetlow giving an insight into the FreeBSD Security team (aka secteam). He gave a overview of secteam members and responsibilities, explaining the process based on a long past advisory. Developers were encouraged to help out secteam. NDAs and proper disclosure of vulnerabilities were also discussed, and the audience had some feedback and questions.\u003c/li\u003e\n\u003cli\u003eWhen the coffee break was over, the FreeBSD 12.0 planning session happened. A \u003ca href=\"https://wiki.freebsd.org/DevSummit/201806/HaveNeedWant12\"\u003eGoogle doc\u003c/a\u003e served as a collaborative way of gathering features and things left to do. People signed up for it or were volunteered. Some features won’t make it into 12.0 as they are not 100% ready for prime time and need a few more rounds of testing and bugfixing. Still, 12.0 will have some compelling features.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://theta360.com/s/xuR4ogsjGmu584JJju0vUaTA\"\u003eA 360° group picture\u003c/a\u003e was taken after lunch, and then people split up into the working groups for the afternoon or started hacking in the UofO Henderson residence.\u003c/li\u003e\n\u003cli\u003eBenedict and Allan both attended the OpenZFS working group, lead by Matt Ahrens. He presented the completed and outstanding work in FreeBSD, without spoiling too much of the ZFS presentations of various people that happened later at the conference.\u003c/li\u003e\n\u003cli\u003eBenedict joined the boot code session a bit late (hallway track is the reason) when most things seem to have already been discussed.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.talegraph.com/tales/WmObSRejzT\"\u003eBSDCan 2018 — Ottawa (In Pictures)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://photos.google.com/share/AF1QipPv_eOz9z-e8R23DkSEcMLF9ivl8est0H4k0lkAoIdY0Jgsn4eyKT54fPyy4EukCw?key=RmJoNS1uOHU2djRDdzZxNGM4ZEY1dFVKamhCNThR\"\u003eiXsystems Photos from BSDCan 2018\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2018-06-09/june-hardenedbsd-foundation-update\"\u003eJune HardenedBSD Foundation Update\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe at HardenedBSD are working towards starting up a 501©(3) not-for-profit organization in the USA. Setting up this organization will allow future donations to be tax deductible. We’ve made progress and would like to share with you the current state of affairs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe have identified, sent invitations out, and received acceptance letters from six people who will serve on the HardenedBSD Foundation Board of Directors. You can find their bios below. In the latter half of June 2018 or the beginning half of July 2018, we will meet for the first time as a board and formally begin the process of creating the documentation needed to submit to the local, state, and federal tax services.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere’s a brief introduction to those who will serve on the board:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eW. Dean Freeman (Advisor): Dean has ten years of professional experience with deploying and security Unix and networking systems, including assessing systems security for government certification and assessing the efficacy of security products. He was introduced to Unix via FreeBSD 2.2.8 on an ISP shell account as a teenager. Formerly, he was the Snort port maintainer for FreeBSD while working in the Sourcefire VRT, and has contributed entropy-related patches to the FreeBSD and HardenedBSD projects – a topic on which he presented at vBSDCon 2017.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBen La Monica (Advisor): Ben is a Senior Technology Manager of Software Engineering at Morningstar, Inc and has been developing software for over 15 years in a variety of languages. He advocates open source software and enjoys tinkering with electronics and home automation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGeorge Saylor (Advisor): George is a Technical Directory at G2, Inc. Mr. Saylor has over 28 years of information systems and security experience in a broad range of disciplines. His core focus areas are automation and standards in the event correlation space as well as penetration and exploitation of computer systems. Mr Saylor was also a co-founder of the OpenSCAP project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVirginia Suydan (Accountant and general administrator): Accountant and general administrator for the HardenedBSD Foundation. She has worked with Shawn Webb for tax and accounting purposes for over six years.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eShawn Webb (Director): Co-founder of HardenedBSD and all-around infosec wonk. He has worked and played in the infosec industry, doing both offensive and defensive research, for around fifteen years. He loves open source technologies and likes to frustrate the bad guys.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBen Welch (Advisor): Ben is currently a Security Engineer at G2, Inc. He graduated from Pennsylvania College of Technology with a Bachelors in Information Assurance and Security. Ben likes long walks, beaches, candlelight dinners, and attending various conferences like BSides and ShmooCon.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://medium.com/@cmacrae/your-own-vpn-with-openiked-openbsd-13d7abd3d1d4\"\u003eYour own VPN with OpenIKED \u0026amp; OpenBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRemote connectivity to your home network is something I think a lot of people find desirable. Over the years, I’ve just established an SSH tunnel and use it as a SOCKS proxy, sending my traffic through that. It’s a nice solution for a “poor man’s VPN”, but it can be a bit clunky, and it’s not great having to expose SSH to the world, even if you make sure to lock everything down \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI set out the other day to finally do it properly. I’d come across this great post by Gordon Turner: \u003ca href=\"https://blog.gordonturner.com/2018/02/25/openbsd-6-2-vpn-endpoint-for-ios-and-macos/\"\u003eOpenBSD 6.2 VPN Endpoint for iOS and macOS\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhilst it was exactly what I was looking for, it outlined how to set up an L2TP VPN. Really, I wanted IKEv2 for performance and security reasons (I won’t elaborate on this here, if you’re curious about the differences, there’s a lot of content out on the web explaining this).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe client systems I’d be using have native support for IKEv2 (iOS, macOS, other BSD systems). But, I couldn’t find any tutorials in the same vein.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo, let’s get stuck in!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA quick note ✍️\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis guide will walk through the set up of an IKEv2 VPN using OpenIKED on OpenBSD. It will detail a “road warrior” configuration, and use a PSK (pre-shared-key) for authentication. I’m sure it can be easily adapted to work on any other platforms that OpenIKED is available on, but keep in mind my steps are specifically for OpenBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eServer Configuration\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs with all my home infrastructure, I crafted this set-up declaratively. So, I had the deployment of the VM setup in Terraform (deployed on my private Triton cluster), and wrote the configuration in Ansible, then tied them together using radekg/terraform-provisioner-ansible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the reasons I love Ansible is that its syntax is very simplistic, yet expressive. As such, I feel it fits very well into explaining these steps with snippets of the playbook I wrote.  I’ll link the full playbook a bit further down for those interested.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee the full article for the information on:\u003c/li\u003e\n\u003cli\u003esysctl parameters\u003c/li\u003e\n\u003cli\u003eThe naughty list (optional)\u003c/li\u003e\n\u003cli\u003eConfigure the VPN network interface\u003c/li\u003e\n\u003cli\u003eConfigure the firewall\u003c/li\u003e\n\u003cli\u003eConfigure the iked service\u003c/li\u003e\n\u003cli\u003eGateway configuration\u003c/li\u003e\n\u003cli\u003eClient configuration\u003c/li\u003e\n\u003cli\u003eTroubleshooting\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://corrupted.io/2018/05/15/system76-free-bsd.html\"\u003eFreeBSD on a System76 Galago Pro\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHey all, It’s been a while since I last posted but I thought I would hammer something out here. My most recent purchase was a System76 Galago Pro. I thought, afer playing with POP! OS a bit, is there any reason I couldn’t get BSD on this thing. Turns out the answer is no, no there isnt and it works pretty decently.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo get some accounting stuff out of the way I tested this all on FreeBSD Head and 11.1, and all of it is valid as of May 10, 2018. Head is a fast moving target so some of this is only bound to improve.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe hardware\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIntel Core i5 Gen 8\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUHD Graphics 620\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e16 GB DDR4 Ram\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRTL8411B PCI Express Card Reader\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRTL8111 Gigabit ethernet controller\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIntel HD Audio\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSamsung SSD 960 PRO 512GB NVMe\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe caveats\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are a few things that I cant seem to make work straight out of the box, and that is the SD Card reader, the backlight, and the audio is a bit finicky. Also the trackpad doesn’t respond to two finger scrolling. The wiki is mostly up to date, there are a few edits that need to be made still but there is a bug where I cant register an account yet so I haven’t made all the changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eProcessor\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt works like any other Intel processor. Pstates and throttling work.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGraphics\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe boot menu sets itself to what looks like 1024x768, but works as you expect in a tiny window. The text console does the full 3200x1800 resolution, but the text is ultra tiny. There isnt a font for the console that covers hidpi screens yet. As for X Windows it requres the drm-kmod-next package. Once installed follow the directions from the package and it works with almost no fuss. I have it running on X with full intel acceleration, but it is running at it’s full 3200x1800 resolution, to scale that down just do xrandr --output eDP-1 --scale 0.5x0.5 it will blow it up to roughly 200%. Due to limitations with X windows and hidpi it is harder to get more granular.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntel Wireless 8265\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe wireless uses the iwm module, as of right now it does not seem to automagically load right now. Adding iwm_load=“YES” will cause the module to load on boot and kldload iwm\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBattery\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI seem to be getting about 5 hours out of the battery, but everything reports out of the box as expected. I could get more by throttling the CPU down speed wise.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOverall impression\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt is a pretty decent experience. While not as polished as a Thinkpad there is a lot of potential with a bit of work and polishing. The laptop itself is not bad, the keyboard is responsive. The build quality is pretty solid. My only real complaint is the trackpad is stiff to click and sort of tiny. They seem to be a bit indifferent to non linux OSes running on the gear but that isnt anything new. I wont have any problems using it and is enough that when I work through this laptop, but I’m not sure at this stage if my next machine will be a System76 laptop, but they have impressed me enough to put them in the running when I go to look for my next portable machine but it hasn’t yet replaced the hole left in my heart by lenovo messing with the thinkpad.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180418073437\"\u003eHardware accelerated AES/HMAC-SHA on octeons\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eIn this commit, visa@ submitted code (disabled for now) to use built-in acceleration on octeon CPUs, much like AESNI for x86s.\n\nI decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.\n\nI didn't capture detailed perf stats from before the update, I had heard someone say that Edgerouter Lite boxes would only do some 6MBit/s over ipsec, so I set up a really simple ipsec.conf with ike esp from A to B leading to a policy of\n\nesp tunnel from A to B spi 0xdeadbeef auth hmac-sha2-256 enc aes\ngoing from one ERL to another (I collect octeons, so I have a bunch to test with) and let tcpbench run for a while on it. My numbers hovered around 7Mbit/s, which coincided with what I've heard, and also that most of the CPU gets used while doing it.\nThen I edited /sys/arch/octeon/conf/GENERIC, removed the # from octcrypto0 at mainbus0 and recompiled. Booted into the new kernel and got a octcrypto0 line in dmesg, and it was time to rock the ipsec tunnel again. The crypto algorithm and HMAC used by default on ipsec coincides nicely with the list of accelerated functions provided by the driver.\n\nBefore we get to tunnel traffic numbers, just one quick look at what systat pigs says while the ipsec is running at full steam:\n\n     PID USER        NAME                 CPU     20\\    40\\    60\\    80\\  100\\\n   58917 root        crypto             52.25 #################\n   42636 root        softnet            42.48 ##############\n                     (idle)             29.74 #########\n    1059 root        tcpbench           24.22 #######\n   67777 root        crynlk             19.58 ######\nSo this indicates that the load from doing ipsec and generating the traffic is somewhat nicely evened out over the two cores in the Edgerouter, and there's even some CPU left unused, which means I can actually ssh into it and have it usable. I have had it running for almost 2 days now, moving some 2.1TB over the tunnel.\nNow for the new and improved performance numbers:\n\n   204452123        4740752       37.402  100.00% \nConn:   1 Mbps:       37.402 Peak Mbps:       58.870 Avg Mbps:       37.402\n   204453149        4692968       36.628  100.00% \nConn:   1 Mbps:       36.628 Peak Mbps:       58.870 Avg Mbps:       36.628\n   204454167        5405552       42.480  100.00% \nConn:   1 Mbps:       42.480 Peak Mbps:       58.870 Avg Mbps:       42.480\n   204455188        5202496       40.804  100.00% \nConn:   1 Mbps:       40.804 Peak Mbps:       58.870 Avg Mbps:       40.804\n   204456194        5062208       40.256  100.00% \nConn:   1 Mbps:       40.256 Peak Mbps:       58.870 Avg Mbps:       40.256\n\nThe tcpbench numbers fluctuate up and down a bit, but the output is nice enough to actually keep tabs on the peak values. Peaking to 58.8MBit/s! Of course, as you can see, the average is lower but nice anyhow.\n\nA manyfold increase in performance, which is good enough in itself, but also moves the throughput from a speed that would make a poor but cheap gateway to something actually useful and decent for many home network speeds. Biggest problem after this gets enabled will be that my options to buy cheap used ERLs diminish.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.etinc.com/122/Using-FreeBSD-Text-Dumps\"\u003eUsing FreeBSD Text Dumps\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=334391\"\u003ellvm’s lld now the default linker for amd64 on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3194\"\u003eAuthor Discoverability\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf\"\u003ePledge and Unveil in OpenBSD {pdf}\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/call-for-papers/\"\u003eEuroBSDCon 2018 CFP Closes June 17, hurry up and get your submissions in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/paul-schenkeveld-travel-grant/\"\u003eJust want to attend, but need help getting to the conference? Applications for the Paul Schenkeveld travel grant accepted until June 15th\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCasey - \u003ca href=\"http://dpaste.com/2H42V7W#wrap\"\u003eZFS on Digital Ocean\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJürgen - \u003ca href=\"http://dpaste.com/3N7ZN8C#wrap\"\u003eA Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKevin - \u003ca href=\"http://dpaste.com/231CY5Z#wrap\"\u003eFailover best practice\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDennis - \u003ca href=\"http://dpaste.com/1QPNB25#wrap\"\u003eSQL\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"TrueOS becoming a downstream fork with Trident, our BSDCan 2018 recap, HardenedBSD Foundation founding efforts, VPN with OpenIKED on OpenBSD, FreeBSD on a System76 Galago Pro, and hardware accelerated crypto on Octeons.","date_published":"2018-06-14T07:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4a856940-c133-4d38-98e6-88d80a82c29a.mp3","mime_type":"audio/mp3","size_in_bytes":60891452,"duration_in_seconds":6070}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2072","title":"Episode 249: Router On A Stick | BSD Now 249","url":"https://www.bsdnow.tv/249","content_text":"OpenZFS and DTrace updates in NetBSD, NetBSD network security stack audit, Performance of MySQL on ZFS, OpenSMTP results from p2k18, legacy Windows backup to FreeNAS, ZFS block size importance, and NetBSD as router on a stick.\n\n\n##Headlines\n###ZFS and DTrace update lands in NetBSD\n\n\nmerge a new version of the CDDL dtrace and ZFS code. This changes the upstream vendor from OpenSolaris to FreeBSD, and this version is based on FreeBSD svn r315983.\n\n\n\nr315983 is from March 2017 (14 months ago), so there is still more work to do\n\n\n\nin addition to the 10 years of improvements from upstream, this version also has these NetBSD-specific enhancements:\n\ndtrace FBT probes can now be placed in kernel modules.\nZFS now supports mmap().\n\n\n\n\nThis brings NetBSD 10 years forward, and they should be able to catch the rest of the way up fairly quickly\n\n\n\n\n###NetBSD network stack security audit\n\n\nMaxime Villard has been working on an audit of the NetBSD network stack, a project sponsored by The NetBSD Foundation, which has served all users of BSD-derived operating systems.\n\n\n\nOver the last five months, hundreds of patches were committed to the source tree as a result of this work. Dozens of bugs were fixed, among which a good number of actual, remotely-triggerable vulnerabilities.\n\n\n\nChanges were made to strengthen the networking subsystems and improve code quality: reinforce the mbuf API, add many KASSERTs to enforce assumptions, simplify packet handling, and verify compliance with RFCs. This was done in several layers of the NetBSD kernel, from device drivers to L4 handlers.\nIn the course of investigating several bugs discovered in NetBSD, I happened to look at the network stacks of other operating systems, to see whether they had already fixed the issues, and if so how. Needless to say, I found bugs there too.\n\n\n\nA lot of code is shared between the BSDs, so it is especially helpful when one finds a bug, to check the other BSDs and share the fix.\n\n\n\nThe IPv6 Buffer Overflow: The overflow allowed an attacker to write one byte of packet-controlled data into ‘packet_storage+off’, where ‘off’ could be approximately controlled too. This allowed at least a pretty bad remote DoS/Crash\nThe IPsec Infinite Loop: When receiving an IPv6-AH packet, the IPsec entry point was not correctly computing the length of the IPv6 suboptions, and this, before authentication. As a result, a specially-crafted IPv6 packet could trigger an infinite loop in the kernel (making it unresponsive). In addition this flaw allowed a limited buffer overflow - where the data being written was however not controllable by the attacker.\nThe IPPROTO Typo: While looking at the IPv6 Multicast code, I stumbled across a pretty simple yet pretty bad mistake: at one point the Pim6 entry point would return IPPROTO_NONE instead of IPPROTO_DONE. Returning IPPROTO_NONE was entirely wrong: it caused the kernel to keep iterating on the IPv6 packet chain, while the packet storage was already freed.\nThe PF Signedness Bug: A bug was found in NetBSD’s implementation of the PF firewall, that did not affect the other BSDs. In the initial PF code a particular macro was used as an alias to a number. This macro formed a signed integer. NetBSD replaced the macro with a sizeof(), which returns an unsigned result.\nThe NPF Integer Overflow: An integer overflow could be triggered in NPF, when parsing an IPv6 packet with large options. This could cause NPF to look for the L4 payload at the wrong offset within the packet, and it allowed an attacker to bypass any L4 filtering rule on IPv6.\nThe IPsec Fragment Attack: I noticed some time ago that when reassembling fragments (in either IPv4 or IPv6), the kernel was not removing the M_PKTHDR flag on the secondary mbufs in mbuf chains. This flag is supposed to indicate that a given mbuf is the head of the chain it forms; having the flag on secondary mbufs was suspicious.\nWhat Now: Not all protocols and layers of the network stack were verified, because of time constraints, and also because of unexpected events: the recent x86 CPU bugs, which I was the only one able to fix promptly. A todo list will be left when the project end date is reached, for someone else to pick up. Me perhaps, later this year? We’ll see.\nThis security audit of NetBSD’s network stack is sponsored by The NetBSD Foundation, and serves all users of BSD-derived operating systems. The NetBSD Foundation is a non-profit organization, and welcomes any donations that help continue funding projects of this kind.\n\n\n\n\nDigitalOcean\n\n###MySQL on ZFS Performance\n\n\nI used sysbench to create a table of 10M rows and then, using export/import tablespace, I copied it 329 times. I ended up with 330 tables for a total size of about 850GB. The dataset generated by sysbench is not very compressible, so I used lz4 compression in ZFS. For the other ZFS settings, I used what can be found in my earlier ZFS posts but with the ARC size limited to 1GB. I then used that plain configuration for the first benchmarks. Here are the results with the sysbench point-select benchmark, a uniform distribution and eight threads. The InnoDB buffer pool was set to 2.5GB.\nIn both cases, the load is IO bound. The disk is doing exactly the allowed 3000 IOPS. The above graph appears to be a clear demonstration that XFS is much faster than ZFS, right? But is that really the case? The way the dataset has been created is extremely favorable to XFS since there is absolutely no file fragmentation. Once you have all the files opened, a read IOP is just a single fseek call to an offset and ZFS doesn’t need to access any intermediate inode. The above result is about as fair as saying MyISAM is faster than InnoDB based only on table scan performance results of unfragmented tables and default configuration. ZFS is much less affected by the file level fragmentation, especially for point access type.\n\n\n\nZFS stores the files in B-trees in a very similar fashion as InnoDB stores data. To access a piece of data in a B-tree, you need to access the top level page (often called root node) and then one block per level down to a leaf-node containing the data. With no cache, to read something from a three levels B-tree thus requires 3 IOPS.\n\n\n\nThe extra IOPS performed by ZFS are needed to access those internal blocks in the B-trees of the files. These internal blocks are labeled as metadata. Essentially, in the above benchmark, the ARC is too small to contain all the internal blocks of the table files’ B-trees. If we continue the comparison with InnoDB, it would be like running with a buffer pool too small to contain the non-leaf pages. The test dataset I used has about 600MB of non-leaf pages, about 0.1% of the total size, which was well cached by the 3GB buffer pool. So only one InnoDB page, a leaf page, needed to be read per point-select statement.\n\n\n\nTo correctly set the ARC size to cache the metadata, you have two choices. First, you can guess values for the ARC size and experiment. Second, you can try to evaluate it by looking at the ZFS internal data. Let’s review these two approaches.\n\n\n\nYou’ll read/hear often the ratio 1GB of ARC for 1TB of data, which is about the same 0.1% ratio as for InnoDB. I wrote about that ratio a few times, having nothing better to propose. Actually, I found it depends a lot on the recordsize used. The 0.1% ratio implies a ZFS recordsize of 128KB. A ZFS filesystem with a recordsize of 128KB will use much less metadata than another one using a recordsize of 16KB because it has 8x fewer leaf pages. Fewer leaf pages require less B-tree internal nodes, hence less metadata. A filesystem with a recordsize of 128KB is excellent for sequential access as it maximizes compression and reduces the IOPS but it is poor for small random access operations like the ones MySQL/InnoDB does.\n\n\n\nIn order to improve ZFS performance, I had 3 options:\nIncrease the ARC size to 7GB\nUse a larger Innodb page size like 64KB\nAdd a L2ARC\n\n\n\nI was reluctant to grow the ARC to 7GB, which was nearly half the overall system memory. At best, the ZFS performance would only match XFS. A larger InnoDB page size would increase the CPU load for decompression on an instance with only two vCPUs; not great either. The last option, the L2ARC, was the most promising.\n\n\n\nZFS is much more complex than XFS and EXT4 but, that also means it has more tunables/options. I used a simplistic setup and an unfair benchmark which initially led to poor ZFS results. With the same benchmark, very favorable to XFS, I added a ZFS L2ARC and that completely reversed the situation, more than tripling the ZFS results, now 66% above XFS.\n\n\n\nConclusion\n\n\n\nWe have seen in this post why the general perception is that ZFS under-performs compared to XFS or EXT4. The presence of B-trees for the files has a big impact on the amount of metadata ZFS needs to handle, especially when the recordsize is small. The metadata consists mostly of the non-leaf pages (or internal nodes) of the B-trees. When properly cached, the performance of ZFS is excellent. ZFS allows you to optimize the use of EBS volumes, both in term of IOPS and size when the instance has fast ephemeral storage devices. Using the ephemeral device of an i3.large instance for the ZFS L2ARC, ZFS outperformed XFS by 66%.\n\n\n\n\n###OpenSMTPD new config\n\nTL;DR:\nOpenBSD #p2k18 hackathon took place at Epitech in Nantes.\nI was organizing the hackathon but managed to make progress on OpenSMTPD.\nAs mentioned at EuroBSDCon the one-line per rule config format was a design error.\nA new configuration grammar is almost ready and the underlying structures are simplified.\nRefactor removes ~750 lines of code and solves _many_ issues that were side-effects of the design error.\nNew features are going to be unlocked thanks to this.\n\n\n\nAnatomy of a design error\n\n\n\nOpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.\nThe initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.\nWhen I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.\nIt helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.\nThat being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.\nOne-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.\nTo get to the point: we should move to two-line rules :-)\n\n\nAnatomy of a design error\nOpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.\n\nThe initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.\n\nWhen I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.\n\nIt helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.\n\nThat being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.\n\nOne-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.\n\nTo get to the point: we should move to two-line rules :-)\n\n\nThe problem with one-line rules\n\n\n\nOpenSMTPD decides to accept or reject messages based on one-line rules such as:\n\n\naccept from any for domain poolp.org deliver to mbox\n\n\nWhich can essentially be split into three units:\n\n\n\nthe decision: accept/reject\nthe matching: from any for domain poolp.org\nthe (default) action: deliver to mbox\n\n\n\nTo ensure that we meet the requirements of the transactions, the matching must be performed during the SMTP transaction before we take a decision for the recipient.\nGiven that the rule is atomic, that it doesn’t have an identifier and that the action is part of it, the two only ways to make sure we can remember the action to take later on at delivery time is to either:\n\n\n\nsave the action in the envelope, which is what we do today\nevaluate the envelope again at delivery\nAnd this this where it gets tricky… both solutions are NOT ok.\n\n\n\nThe first solution, which we’ve been using for a decade, was to save the action within the envelope and kind of carve it in stone. This works fine… however it comes with the downsides that errors fixed in configuration files can’t be caught up by envelopes, that delivery action must be validated way ahead of time during the SMTP transaction which is much trickier, that the parsing of delivery methods takes place as the _smtpd user rather than the recipient user, and that envelope structures that are passed all over OpenSMTPD carry delivery-time informations, and more, and more, and more. The code becomes more complex in general, less safe in some particular places, and some areas are nightmarish to deal with because they have to deal with completely unrelated code that can’t be dealt with later in the code path.\n\n\n\nThe second solution can’t be done. An envelope may be the result of nested rules, for example an external client, hitting an alias, hitting a user with a .forward file resolving to a user. An envelope on disk may no longer match any rule or it may match a completely different rule If we could ensure that it matched the same rule, evaluating the ruleset may spawn new envelopes which would violate the transaction. Trying to imagine how we could work around this leads to more and more and more RFC violations, incoherent states, duplicate mails, etc…\n\n\n\nThere is simply no way to deal with this with atomic rules, the matching and the action must be two separate units that are evaluated at two different times, failure to do so will necessarily imply that you’re either using our first solution and all its downsides, or that you are currently in a world of pain trying to figure out why everything is burning around you. The minute the action is written to an on-disk envelope, you have failed.\n\n\n\nA proper ruleset must define a set of matching patterns resolving to an action identifier that is carved in stone, AND a set of named action set that is resolved dynamically at delivery time.\n\n\n\nFollow the link above to see the rest of the article\n\n\n\n\nBreak\n\n##News Roundup\n###Backing up a legacy Windows machine to a FreeNAS with rsync\n\n\nI have some old Windows servers (10 years and counting) and I have been using rsync to back them up to my FreeNAS box. It has been working great for me.\n\n\n\nFirst of all, I do have my Windows servers backup in virtualized format. However, those are only one-time snapshops that I run once in a while. These are classic ASP IIS web servers that I can easily put up on a new VM. However, many of these legacy servers generate gigabytes of data a day in their repositories. Running VM conversion daily is not ideal.\n\n\n\nMy solution was to use some sort of rsync solution just for the data repos. I’ve tried some applications that didn’t work too well with Samba shares and these old servers have slow I/O. Copying files to external sata or usb drive was not ideal. We’ve moved on from Windows to Linux and do not have any Windows file servers of capacity to provide network backups.  Hence, I decided to use Delta Copy with FreeNAS. So here is a little write up on how to set it up. I have 4 Windows 2000 servers backing up daily with this method.\n\n\n\nFirst, download Delta Copy and install it. It is open-source and pretty much free. It is basically a wrapper for cygwin’s rsync. When you install it, it will ask you to install the Server services which allows you to run it as a Rsync server on Windows. You don’t need to do this. Instead, you will be just using the Delta Copy Client application. But before we do that, we will need to configure our Rsync service for our Windows Clients on FreeNAS.\n\n\n\nIn FreeNAS, go under Services , Select Rsync \u0026gt;  Rsync Modules \u0026gt; Add Rsync Module.\nThen fill out the form; giving the module a name and set the path. In my example, I simply called it WIN and linked it to a user called backupuser.\nThis process is much easier than trying to configure the daemon rsyncd.conf file by hand.\nNow, on the Windows Client, start the DeltaCopy Client. You will create a new Profile.\nYou will need to enter the IP of the Rsync server (FreeNAS) and specify the module name which will be called “Virtual Directory Name.”  When you pull the select menu, the list of Rsync Modules you created earlier in FreeNAS will populate.\nYou can set authentication. On the server, you can restrict by IP and do other things to lock down your rsync.\nNext, you will add folders (and/or files) you want to synchronize.\nOnce the paths are set up, you can run a sync by right clicking the profile name.\nHere, I made a test sync to a home folder of a virtualized windows box. As you can see, I mounted the rsync volume on my mac to see the progress. The rsync worked beautifully. DeltaCopy did what it was told.\nOnce you get everything working. The next thing to do is set schedules. If you done tasks schedules in Windows before, it is pretty straightforward. DeltaCopy has a link in the application to directly create a new task for you. I set my backups to run nightly and it has been working great.\n\n\n\nThere you have it. Windows rsync to FreeNAS using DeltaCopy.\nThe nice thing about FreeNAS is you don’t have to modify /etc/rsyncd.conf files. Everything can be done in the web admin.\n\n\n\n\niXsystems\n\n###How to write ATF tests for NetBSD\n\n\nI have recently started contributing to the amazing NetBSD foundation. I was thinking of trying out a new OS for a long time. Switching to the NetBSD OS has been a fun change.\n\n\n\nMy first contribution to the NetBSD foundation was adding regression tests for the Address Sanitizer (ASan) in the Automated Testing Framework(ATF) which NetBSD has. I managed to complete it with the help of my really amazing mentor Kamil. This post is gonna be about the ATF framework that NetBSD has and how to you can add multiple tests with ease.\n\n\n\nIntro\n\n\n\nIn ATF tests we will basically be talking about test programs which are a suite of test cases for a specific application or program.\n\n\n\nThe ATF suite of Commands\n\n\n\nThere are a variety of commands that the atf suite offers. These include :\n\n\n\n\natf-check: The versatile command that is a vital part of the checking process. man page\n\n\natf-run: Command used to run a test program. man page\n\n\natf-fail: Report failure of a test case.\n\n\natf-report: used to pretty print the atf-run. man page\n\n\natf-set: To set atf test conditions.\n\n\nWe will be taking a better look at the syntax and usage later.\n\n\nLet’s start with the Basics\n\n\n\n\nThe ATF testing framework comes preinstalled with a default NetBSD installation. It is used to write tests for various applications and commands in NetBSD.  One can write the Test programs in either the C language or in shell script. In this post I will be dealing with the Bash part.\n\n\n\nFollow the link above to see the rest of the article\n\n\n\n\n###The Importance of ZFS Block Size\n\n\nWarning! WARNING! Don’t just do things because some random blog says so\n\n\n\nOne of the important tunables in ZFS is the recordsize (for normal datasets) and volblocksize (for zvols). These default to 128KB and 8KB respectively.\nAs I understand it, this is the unit of work in ZFS. If you modify one byte in a large file with the default 128KB record size, it causes the whole 128KB to be read in, one byte to be changed, and a new 128KB block to be written out.\nAs a result, the official recommendation is to use a block size which aligns with the underlying workload: so for example if you are using a database which reads and writes 16KB chunks then you should use a 16KB block size, and if you are running VMs containing an ext4 filesystem, which uses a 4KB block size, you should set a 4KB block size\nYou can see it has a 16GB total file size, of which 8.5G has been touched and consumes space - that is, it’s a “sparse” file. The used space is also visible by looking at the zfs filesystem which this file resides in\nThen I tried to copy the image file whilst maintaining its “sparseness”, that is, only touching the blocks of the zvol which needed to be touched. The original used only 8.42G, but the copy uses 14.6GB - almost the entire 16GB has been touched! What’s gone wrong?\nI finally realised that the difference between the zfs filesystem and the zvol is the block size. I recreated the zvol with a 128K block size\nThat’s better. The disk usage of the zvol is now exactly the same as for the sparse file in the filesystem dataset\n\n\n\nIt does impact the read speed too. 4K blocks took 5:52, and 128K blocks took 3:20\nPart of this is the amount of metadata that has to be read, see the MySQL benchmarks from earlier in the show\nAnd yes, using a larger block size will increase the compression efficiency, since the compressor has more redundant data to optimize.\nSome of the savings, and the speedup is because a lot less metadata had to be written\nYour zpool layout also plays a big role, if you use 4Kn disks, and RAID-Z2, using a volblocksize of 8k will actually result in a large amount of wasted space because of RAID-Z padding. Although, if you enable compression, your 8k records may compress to only 4k, and then all the numbers change again.\n\n\n\n\n###Using a Raspberry Pi 2 as a Router on a Stick Starring NetBSD\n\n\nSorry we didn’t answer you quickly enough\n\n\n\nA few weeks ago I set about upgrading my feeble networking skills by playing around with a Cisco 2970 switch. I set up a couple of VLANs and found the urge to set up a router to route between them. The 2970 isn’t a modern layer 3 switch so what am I to do?\n\n\n\nWhy not make use of the Raspberry Pi 2 that I’ve never used and put it to some good use as a ‘router on a stick’.\n\n\n\nI could install a Linux based OS as I am quite familiar with it but where’s the fun in that? In my home lab I use SmartOS which by the way is a shit hot hypervisor but as far as I know there aren’t any Illumos distributions for the Raspberry Pi. On the desktop I use Solus OS which is by far the slickest Linux based OS that I’ve had the pleasure to use but Solus’ focus is purely desktop. It’s looking like BSD then!\n\n\n\nI believe FreeBSD is renowned for it’s top notch networking stack and so I wrote to the BSDNow show on Jupiter Broadcasting for some help but it seems that the FreeBSD chaps from the show are off on a jolly to some BSD conference or another(love the show by the way).\n\n\n\nIt looks like me and the luvverly NetBSD are on a date this Saturday. I’ve always had a secret love for NetBSD. She’s a beautiful, charming and promiscuous lover(looking at the supported architectures) and I just can’t stop going back to her despite her misgivings(ahem, zfs). Just my type of grrrl!\n\n\n\nLet’s crack on…\n\n\n\nFollow the link above to see the rest of the article\n\n\n\n\n##Beastie Bits\n\n\nBSD Jobs\nUniversity of Aberdeen’s Internet Transport Research Group is hiring\nVR demo on OpenBSD via OpenHMD with OSVR HDK2\npatch runs ed, and ed can run anything (mentions FreeBSD and OpenBSD)\nAlacritty (OpenGL-powered terminal emulator) now supports OpenBSD\nMAP_STACK Stack Register Checking Committed to -current\nEuroBSDCon CfP till June 17, 2018\n\n\n\n\nTarsnap\n\n##Feedback/Questions\n\n\nNeutronDaemon - Tutorial request\nKurt - Question about transferability/bi-directionality of ZFS snapshots and send/receive\nPeter - A Question and much love for BSD Now\nPeter - netgraph state\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenZFS and DTrace updates in NetBSD, NetBSD network security stack audit, Performance of MySQL on ZFS, OpenSMTP results from p2k18, legacy Windows backup to FreeNAS, ZFS block size importance, and NetBSD as router on a stick.\u003cbr\u003e\n\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Headlines\u003cbr\u003e\n###\u003ca href=\"https://mail-index.netbsd.org/source-changes/2018/05/28/msg095541.html\"\u003eZFS and DTrace update lands in NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003emerge a new version of the CDDL dtrace and ZFS code. This changes the upstream vendor from OpenSolaris to FreeBSD, and this version is based on FreeBSD svn r315983.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003er315983 is from March 2017 (14 months ago), so there is still more work to do\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ein addition to the 10 years of improvements from upstream, this version also has these NetBSD-specific enhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edtrace FBT probes can now be placed in kernel modules.\u003c/li\u003e\n\u003cli\u003eZFS now supports mmap().\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis brings NetBSD 10 years forward, and they should be able to catch the rest of the way up fairly quickly\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://blog.netbsd.org/tnf/entry/network_security_audit\"\u003eNetBSD network stack security audit\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMaxime Villard has been working on an audit of the NetBSD network stack, a project sponsored by The NetBSD Foundation, which has served all users of BSD-derived operating systems.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the last five months, hundreds of patches were committed to the source tree as a result of this work. Dozens of bugs were fixed, among which a good number of actual, remotely-triggerable vulnerabilities.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eChanges were made to strengthen the networking subsystems and improve code quality: reinforce the mbuf API, add many KASSERTs to enforce assumptions, simplify packet handling, and verify compliance with RFCs. This was done in several layers of the NetBSD kernel, from device drivers to L4 handlers.\u003cbr\u003e\nIn the course of investigating several bugs discovered in NetBSD, I happened to look at the network stacks of other operating systems, to see whether they had already fixed the issues, and if so how. Needless to say, I found bugs there too.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA lot of code is shared between the BSDs, so it is especially helpful when one finds a bug, to check the other BSDs and share the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe IPv6 Buffer Overflow: The overflow allowed an attacker to write one byte of packet-controlled data into ‘packet_storage+off’, where ‘off’ could be approximately controlled too. This allowed at least a pretty bad remote DoS/Crash\u003cbr\u003e\nThe IPsec Infinite Loop: When receiving an IPv6-AH packet, the IPsec entry point was not correctly computing the length of the IPv6 suboptions, and this, before authentication. As a result, a specially-crafted IPv6 packet could trigger an infinite loop in the kernel (making it unresponsive). In addition this flaw allowed a limited buffer overflow - where the data being written was however not controllable by the attacker.\u003cbr\u003e\nThe IPPROTO Typo: While looking at the IPv6 Multicast code, I stumbled across a pretty simple yet pretty bad mistake: at one point the Pim6 entry point would return IPPROTO_NONE instead of IPPROTO_DONE. Returning IPPROTO_NONE was entirely wrong: it caused the kernel to keep iterating on the IPv6 packet chain, while the packet storage was already freed.\u003cbr\u003e\nThe PF Signedness Bug: A bug was found in NetBSD’s implementation of the PF firewall, that did not affect the other BSDs. In the initial PF code a particular macro was used as an alias to a number. This macro formed a signed integer. NetBSD replaced the macro with a sizeof(), which returns an unsigned result.\u003cbr\u003e\nThe NPF Integer Overflow: An integer overflow could be triggered in NPF, when parsing an IPv6 packet with large options. This could cause NPF to look for the L4 payload at the wrong offset within the packet, and it allowed an attacker to bypass any L4 filtering rule on IPv6.\u003cbr\u003e\nThe IPsec Fragment Attack: I noticed some time ago that when reassembling fragments (in either IPv4 or IPv6), the kernel was not removing the M_PKTHDR flag on the secondary mbufs in mbuf chains. This flag is supposed to indicate that a given mbuf is the head of the chain it forms; having the flag on secondary mbufs was suspicious.\u003cbr\u003e\nWhat Now: Not all protocols and layers of the network stack were verified, because of time constraints, and also because of unexpected events: the recent x86 CPU bugs, which I was the only one able to fix promptly. A todo list will be left when the project end date is reached, for someone else to pick up. Me perhaps, later this year? We’ll see.\u003cbr\u003e\nThis security audit of NetBSD’s network stack is sponsored by The NetBSD Foundation, and serves all users of BSD-derived operating systems. The NetBSD Foundation is a non-profit organization, and welcomes any donations that help continue funding projects of this kind.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.percona.com/blog/2018/05/15/about-zfs-performance/\"\u003eMySQL on ZFS Performance\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI used sysbench to create a table of 10M rows and then, using export/import tablespace, I copied it 329 times. I ended up with 330 tables for a total size of about 850GB. The dataset generated by sysbench is not very compressible, so I used lz4 compression in ZFS. For the other ZFS settings, I used what can be found in my earlier ZFS posts but with the ARC size limited to 1GB. I then used that plain configuration for the first benchmarks. Here are the results with the sysbench point-select benchmark, a uniform distribution and eight threads. The InnoDB buffer pool was set to 2.5GB.\u003cbr\u003e\nIn both cases, the load is IO bound. The disk is doing exactly the allowed 3000 IOPS. The above graph appears to be a clear demonstration that XFS is much faster than ZFS, right? But is that really the case? The way the dataset has been created is extremely favorable to XFS since there is absolutely no file fragmentation. Once you have all the files opened, a read IOP is just a single fseek call to an offset and ZFS doesn’t need to access any intermediate inode. The above result is about as fair as saying MyISAM is faster than InnoDB based only on table scan performance results of unfragmented tables and default configuration. ZFS is much less affected by the file level fragmentation, especially for point access type.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS stores the files in B-trees in a very similar fashion as InnoDB stores data. To access a piece of data in a B-tree, you need to access the top level page (often called root node) and then one block per level down to a leaf-node containing the data. With no cache, to read something from a three levels B-tree thus requires 3 IOPS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe extra IOPS performed by ZFS are needed to access those internal blocks in the B-trees of the files. These internal blocks are labeled as metadata. Essentially, in the above benchmark, the ARC is too small to contain all the internal blocks of the table files’ B-trees. If we continue the comparison with InnoDB, it would be like running with a buffer pool too small to contain the non-leaf pages. The test dataset I used has about 600MB of non-leaf pages, about 0.1% of the total size, which was well cached by the 3GB buffer pool. So only one InnoDB page, a leaf page, needed to be read per point-select statement.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo correctly set the ARC size to cache the metadata, you have two choices. First, you can guess values for the ARC size and experiment. Second, you can try to evaluate it by looking at the ZFS internal data. Let’s review these two approaches.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou’ll read/hear often the ratio 1GB of ARC for 1TB of data, which is about the same 0.1% ratio as for InnoDB. I wrote about that ratio a few times, having nothing better to propose. Actually, I found it depends a lot on the recordsize used. The 0.1% ratio implies a ZFS recordsize of 128KB. A ZFS filesystem with a recordsize of 128KB will use much less metadata than another one using a recordsize of 16KB because it has 8x fewer leaf pages. Fewer leaf pages require less B-tree internal nodes, hence less metadata. A filesystem with a recordsize of 128KB is excellent for sequential access as it maximizes compression and reduces the IOPS but it is poor for small random access operations like the ones MySQL/InnoDB does.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn order to improve ZFS performance, I had 3 options:\u003c/li\u003e\n\u003cli\u003eIncrease the ARC size to 7GB\u003c/li\u003e\n\u003cli\u003eUse a larger Innodb page size like 64KB\u003c/li\u003e\n\u003cli\u003eAdd a L2ARC\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was reluctant to grow the ARC to 7GB, which was nearly half the overall system memory. At best, the ZFS performance would only match XFS. A larger InnoDB page size would increase the CPU load for decompression on an instance with only two vCPUs; not great either. The last option, the L2ARC, was the most promising.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS is much more complex than XFS and EXT4 but, that also means it has more tunables/options. I used a simplistic setup and an unfair benchmark which initially led to poor ZFS results. With the same benchmark, very favorable to XFS, I added a ZFS L2ARC and that completely reversed the situation, more than tripling the ZFS results, now 66% above XFS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe have seen in this post why the general perception is that ZFS under-performs compared to XFS or EXT4. The presence of B-trees for the files has a big impact on the amount of metadata ZFS needs to handle, especially when the recordsize is small. The metadata consists mostly of the non-leaf pages (or internal nodes) of the B-trees. When properly cached, the performance of ZFS is excellent. ZFS allows you to optimize the use of EBS volumes, both in term of IOPS and size when the instance has fast ephemeral storage devices. Using the ephemeral device of an i3.large instance for the ZFS L2ARC, ZFS outperformed XFS by 66%.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://poolp.org/posts/2018-04-30/opensmtpd-new-config/\"\u003eOpenSMTPD new config\u003c/a\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eTL;DR:\nOpenBSD #p2k18 hackathon took place at Epitech in Nantes.\nI was organizing the hackathon but managed to make progress on OpenSMTPD.\nAs mentioned at EuroBSDCon the one-line per rule config format was a design error.\nA new configuration grammar is almost ready and the underlying structures are simplified.\nRefactor removes ~750 lines of code and solves _many_ issues that were side-effects of the design error.\nNew features are going to be unlocked thanks to this.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnatomy of a design error\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.\u003cbr\u003e\nThe initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.\u003cbr\u003e\nWhen I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.\u003cbr\u003e\nIt helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.\u003cbr\u003e\nThat being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.\u003cbr\u003e\nOne-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.\u003cbr\u003e\nTo get to the point: we should move to two-line rules :-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eAnatomy of a design error\u003cbr\u003e\nOpenSMTPD started ten years ago out of dissatisfaction with other solutions, mainly because I considered them way too complex for me not to get things wrong from time to time.\u003c/p\u003e\n\n\u003cp\u003eThe initial configuration format was very different, I was inspired by pyr@’s hoststated, which eventually became relayd, and designed my configuration format with blocks enclosed by brackets.\u003c/p\u003e\n\n\u003cp\u003eWhen I first showed OpenSMTPD to pyr@, he convinced me that PF-like one-line rules would be awesome, and it was awesome indeed.\u003c/p\u003e\n\n\u003cp\u003eIt helped us maintain our goal of simple configuration files, it helped fight feature creeping, it helped us gain popularity and become a relevant MTA, it helped us get where we are now 10 years later.\u003c/p\u003e\n\n\u003cp\u003eThat being said, I believe this was a design error. A design error that could not have been predicted until we hit the wall to understand WHY this was an error. One-line rules are semantically wrong, they are SMTP wrong, they are wrong.\u003c/p\u003e\n\n\u003cp\u003eOne-line rules are making the entire daemon more complex, preventing some features from being implemented, making others more complex than they should be, they no longer serve our goals.\u003c/p\u003e\n\n\u003cp\u003eTo get to the point: we should move to two-line rules :-)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe problem with one-line rules\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenSMTPD decides to accept or reject messages based on one-line rules such as:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eaccept from any for domain poolp.org deliver to mbox\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhich can essentially be split into three units:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ethe decision: accept/reject\u003c/li\u003e\n\u003cli\u003ethe matching: from any for domain \u003ca href=\"http://poolp.org\"\u003epoolp.org\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe (default) action: deliver to mbox\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo ensure that we meet the requirements of the transactions, the matching must be performed during the SMTP transaction before we take a decision for the recipient.\u003cbr\u003e\nGiven that the rule is atomic, that it doesn’t have an identifier and that the action is part of it, the two only ways to make sure we can remember the action to take later on at delivery time is to either:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003esave the action in the envelope, which is what we do today\u003c/li\u003e\n\u003cli\u003eevaluate the envelope again at delivery\u003c/li\u003e\n\u003cli\u003eAnd this this where it gets tricky… both solutions are NOT ok.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first solution, which we’ve been using for a decade, was to save the action within the envelope and kind of carve it in stone. This works fine… however it comes with the downsides that errors fixed in configuration files can’t be caught up by envelopes, that delivery action must be validated way ahead of time during the SMTP transaction which is much trickier, that the parsing of delivery methods takes place as the _smtpd user rather than the recipient user, and that envelope structures that are passed all over OpenSMTPD carry delivery-time informations, and more, and more, and more. The code becomes more complex in general, less safe in some particular places, and some areas are nightmarish to deal with because they have to deal with completely unrelated code that can’t be dealt with later in the code path.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe second solution can’t be done. An envelope may be the result of nested rules, for example an external client, hitting an alias, hitting a user with a .forward file resolving to a user. An envelope on disk may no longer match any rule or it may match a completely different rule If we could ensure that it matched the same rule, evaluating the ruleset may spawn new envelopes which would violate the transaction. Trying to imagine how we could work around this leads to more and more and more RFC violations, incoherent states, duplicate mails, etc…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is simply no way to deal with this with atomic rules, the matching and the action must be two separate units that are evaluated at two different times, failure to do so will necessarily imply that you’re either using our first solution and all its downsides, or that you are currently in a world of pain trying to figure out why everything is burning around you. The minute the action is written to an on-disk envelope, you have failed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA proper ruleset must define a set of matching patterns resolving to an action identifier that is carved in stone, AND a set of named action set that is resolved dynamically at delivery time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollow the link above to see the rest of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eBreak\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##News Roundup\u003cbr\u003e\n###\u003ca href=\"http://fortysomethinggeek.blogspot.com/2012/09/legacy-windows-rsync-backup-to-freenas.html\"\u003eBacking up a legacy Windows machine to a FreeNAS with rsync\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have some old Windows servers (10 years and counting) and I have been using rsync to back them up to my FreeNAS box. It has been working great for me.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst of all, I do have my Windows servers backup in virtualized format. However, those are only one-time snapshops that I run once in a while. These are classic ASP IIS web servers that I can easily put up on a new VM. However, many of these legacy servers generate gigabytes of data a day in their repositories. Running VM conversion daily is not ideal.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy solution was to use some sort of rsync solution just for the data repos. I’ve tried some applications that didn’t work too well with Samba shares and these old servers have slow I/O. Copying files to external sata or usb drive was not ideal. We’ve moved on from Windows to Linux and do not have any Windows file servers of capacity to provide network backups.  Hence, I decided to use Delta Copy with FreeNAS. So here is a little write up on how to set it up. I have 4 Windows 2000 servers backing up daily with this method.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst, download Delta Copy and install it. It is open-source and pretty much free. It is basically a wrapper for cygwin’s rsync. When you install it, it will ask you to install the Server services which allows you to run it as a Rsync server on Windows. You don’t need to do this. Instead, you will be just using the Delta Copy Client application. But before we do that, we will need to configure our Rsync service for our Windows Clients on FreeNAS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn FreeNAS, go under Services , Select Rsync \u0026gt;  Rsync Modules \u0026gt; Add Rsync Module.\u003c/li\u003e\n\u003cli\u003eThen fill out the form; giving the module a name and set the path. In my example, I simply called it WIN and linked it to a user called backupuser.\u003c/li\u003e\n\u003cli\u003eThis process is much easier than trying to configure the daemon rsyncd.conf file by hand.\u003c/li\u003e\n\u003cli\u003eNow, on the Windows Client, start the DeltaCopy Client. You will create a new Profile.\u003c/li\u003e\n\u003cli\u003eYou will need to enter the IP of the Rsync server (FreeNAS) and specify the module name which will be called “Virtual Directory Name.”  When you pull the select menu, the list of Rsync Modules you created earlier in FreeNAS will populate.\u003c/li\u003e\n\u003cli\u003eYou can set authentication. On the server, you can restrict by IP and do other things to lock down your rsync.\u003c/li\u003e\n\u003cli\u003eNext, you will add folders (and/or files) you want to synchronize.\u003c/li\u003e\n\u003cli\u003eOnce the paths are set up, you can run a sync by right clicking the profile name.\u003c/li\u003e\n\u003cli\u003eHere, I made a test sync to a home folder of a virtualized windows box. As you can see, I mounted the rsync volume on my mac to see the progress. The rsync worked beautifully. DeltaCopy did what it was told.\u003c/li\u003e\n\u003cli\u003eOnce you get everything working. The next thing to do is set schedules. If you done tasks schedules in Windows before, it is pretty straightforward. DeltaCopy has a link in the application to directly create a new task for you. I set my backups to run nightly and it has been working great.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere you have it. Windows rsync to FreeNAS using DeltaCopy.\u003cbr\u003e\nThe nice thing about FreeNAS is you don’t have to modify /etc/rsyncd.conf files. Everything can be done in the web admin.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://r3xnation.wordpress.com/2018/04/10/how-to-write-atf-tests-for-netbsd/amp/\"\u003eHow to write ATF tests for NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have recently started contributing to the amazing NetBSD foundation. I was thinking of trying out a new OS for a long time. Switching to the NetBSD OS has been a fun change.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy first contribution to the NetBSD foundation was adding regression tests for the Address Sanitizer (ASan) in the Automated Testing Framework(ATF) which NetBSD has. I managed to complete it with the help of my really amazing mentor Kamil. This post is gonna be about the ATF framework that NetBSD has and how to you can add multiple tests with ease.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntro\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn ATF tests we will basically be talking about test programs which are a suite of test cases for a specific application or program.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ATF suite of Commands\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are a variety of commands that the atf suite offers. These include :\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eatf-check: The versatile command that is a vital part of the checking process. man page\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eatf-run: Command used to run a test program. man page\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eatf-fail: Report failure of a test case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eatf-report: used to pretty print the atf-run. man page\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eatf-set: To set atf test conditions.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe will be taking a better look at the syntax and usage later.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLet’s start with the Basics\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe ATF testing framework comes preinstalled with a default NetBSD installation. It is used to write tests for various applications and commands in NetBSD.  One can write the Test programs in either the C language or in shell script. In this post I will be dealing with the Bash part.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollow the link above to see the rest of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"http://brian.candler.me/posts/the-importance-of-zfs-blocksize/\"\u003eThe Importance of ZFS Block Size\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWarning! WARNING! Don’t just do things because some random blog says so\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the important tunables in ZFS is the recordsize (for normal datasets) and volblocksize (for zvols). These default to 128KB and 8KB respectively.\u003cbr\u003e\nAs I understand it, this is the unit of work in ZFS. If you modify one byte in a large file with the default 128KB record size, it causes the whole 128KB to be read in, one byte to be changed, and a new 128KB block to be written out.\u003cbr\u003e\nAs a result, the official recommendation is to use a block size which aligns with the underlying workload: so for example if you are using a database which reads and writes 16KB chunks then you should use a 16KB block size, and if you are running VMs containing an ext4 filesystem, which uses a 4KB block size, you should set a 4KB block size\u003cbr\u003e\nYou can see it has a 16GB total file size, of which 8.5G has been touched and consumes space - that is, it’s a “sparse” file. The used space is also visible by looking at the zfs filesystem which this file resides in\u003cbr\u003e\nThen I tried to copy the image file whilst maintaining its “sparseness”, that is, only touching the blocks of the zvol which needed to be touched. The original used only 8.42G, but the copy uses 14.6GB - almost the entire 16GB has been touched! What’s gone wrong?\u003cbr\u003e\nI finally realised that the difference between the zfs filesystem and the zvol is the block size. I recreated the zvol with a 128K block size\u003cbr\u003e\nThat’s better. The disk usage of the zvol is now exactly the same as for the sparse file in the filesystem dataset\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt does impact the read speed too. 4K blocks took 5:52, and 128K blocks took 3:20\u003c/li\u003e\n\u003cli\u003ePart of this is the amount of metadata that has to be read, see the MySQL benchmarks from earlier in the show\u003c/li\u003e\n\u003cli\u003eAnd yes, using a larger block size will increase the compression efficiency, since the compressor has more redundant data to optimize.\u003c/li\u003e\n\u003cli\u003eSome of the savings, and the speedup is because a lot less metadata had to be written\u003c/li\u003e\n\u003cli\u003eYour zpool layout also plays a big role, if you use 4Kn disks, and RAID-Z2, using a volblocksize of 8k will actually result in a large amount of wasted space because of RAID-Z padding. Although, if you enable compression, your 8k records may compress to only 4k, and then all the numbers change again.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e###\u003ca href=\"https://www.fukr.org.uk/?p=184\"\u003eUsing a Raspberry Pi 2 as a Router on a Stick Starring NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSorry we didn’t answer you quickly enough\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few weeks ago I set about upgrading my feeble networking skills by playing around with a Cisco 2970 switch. I set up a couple of VLANs and found the urge to set up a router to route between them. The 2970 isn’t a modern layer 3 switch so what am I to do?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhy not make use of the Raspberry Pi 2 that I’ve never used and put it to some good use as a ‘router on a stick’.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI could install a Linux based OS as I am quite familiar with it but where’s the fun in that? In my home lab I use SmartOS which by the way is a shit hot hypervisor but as far as I know there aren’t any Illumos distributions for the Raspberry Pi. On the desktop I use Solus OS which is by far the slickest Linux based OS that I’ve had the pleasure to use but Solus’ focus is purely desktop. It’s looking like BSD then!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI believe FreeBSD is renowned for it’s top notch networking stack and so I wrote to the BSDNow show on Jupiter Broadcasting for some help but it seems that the FreeBSD chaps from the show are off on a jolly to some BSD conference or another(love the show by the way).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt looks like me and the luvverly NetBSD are on a date this Saturday. I’ve always had a secret love for NetBSD. She’s a beautiful, charming and promiscuous lover(looking at the supported architectures) and I just can’t stop going back to her despite her misgivings(ahem, zfs). Just my type of grrrl!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet’s crack on…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollow the link above to see the rest of the article\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e##Beastie Bits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdjobs.com/\"\u003eBSD Jobs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html\"\u003eUniversity of Aberdeen’s Internet Transport Research Group is hiring\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/YnNpgtjrM9U\"\u003eVR demo on OpenBSD via OpenHMD with OSVR HDK2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://rachelbythebay.com/w/2018/04/05/bangpatch/\"\u003epatch runs ed, and ed can run anything (mentions FreeBSD and OpenBSD)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwilm/alacritty/blob/master/README.md\"\u003eAlacritty (OpenGL-powered terminal emulator) now supports OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180413065457\"\u003eMAP_STACK Stack Register Checking Committed to -current\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/call-for-papers/\"\u003eEuroBSDCon CfP till June 17, 2018\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e##Feedback/Questions\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNeutronDaemon - \u003ca href=\"http://dpaste.com/3E0SR5Y#wrap\"\u003eTutorial request\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKurt - \u003ca href=\"http://dpaste.com/01CWKM5#wrap\"\u003eQuestion about transferability/bi-directionality of ZFS snapshots and send/receive\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePeter - \u003ca href=\"http://dpaste.com/3N1BGQF#wrap\"\u003eA Question and much love for BSD Now\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePeter - \u003ca href=\"http://dpaste.com/20R2DTG\"\u003enetgraph state\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr\u003e\u003c/p\u003e","summary":"OpenZFS and DTrace updates in NetBSD, NetBSD network security stack audit, Performance of MySQL on ZFS, OpenSMTP results from p2k18, legacy Windows backup to FreeNAS, ZFS block size importance, and NetBSD as router on a stick.","date_published":"2018-06-06T14:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9447bcc4-4425-4ae0-bc1e-0fb13362e0e2.mp3","mime_type":"audio/mp3","size_in_bytes":51237875,"duration_in_seconds":5117}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-2016","title":"Episode 248: Show Me The Mooney | BSD Now 248","url":"https://www.bsdnow.tv/248","content_text":"DragonflyBSD release 5.2.1 is here, BPF kernel exploit writeup, Remote Debugging the running OpenBSD kernel, interview with Patrick Mooney, FreeBSD buildbot setup in a jail, dumping your USB, and 5 years of gaming on FreeBSD.\n\nHeadlines\n\nDragonFlyBSD: release52 (w/stable HAMMER2, as default root)\n\n\nDragonflyBSD 5.2.1 was released on May 21, 2018\n\u0026gt; Big Ticket items:\n\n\n\n  Meltdown and Spectre mitigation support\n  Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectremitigation and machdep.meltdownmitigation.\n  HAMMER2\n  H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.\n  Clustered support is not yet available.\n  ipfw Updates\n  Implement state based \"redirect\", i.e. without using libalias.\n  ipfw now supports all possible ICMP types.\n  Fix ICMPMAXTYPE assumptions (now 40 as of this release).\n  Improved graphics support\n  The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs\n  Add 24-bit pixel format support to the EFI frame buffer code.\n  Significantly improve fbio support for the \"scfb\" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.\n  Partly implement the FBIOBLANK ioctl for display powersaving.\n  Syscons waits for drm modesetting at appropriate places, avoiding races.\n  \n  \n\n\nPS4 4.55 BPF Race Condition Kernel Exploit Writeup\n\n\n\n\n  Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I've published it under the \"FreeBSD\" folder and not the \"PS4\" folder.\n\n\n\nIntroduction\n\n\n\n  Welcome to the kernel portion of the PS4 4.55FW full exploit chain write-up. This bug was found by qwerty, and is fairly unique in the way it's exploited, so I wanted to do a detailed write-up on how it worked. The full source of the exploit can be found here. I've previously covered the webkit exploit implementation for userland access here.\n\n\n\nFreeBSD or Sony's fault? Why not both...\n\n\n\n  Interestingly, this bug is actually a FreeBSD bug and was not (at least directly) introduced by Sony code. While this is a FreeBSD bug however, it's not very useful for most systems because the /dev/bpf device driver is root-owned, and the permissions for it are set to 0600 (meaning owner has read/write privileges, and nobody else does) - though it can be used for escalating from root to kernel mode code execution. However, let’s take a look at the make_dev() call inside the PS4 kernel for /dev/bpf (taken from a 4.05 kernel dump).\n\n\n\nseg000:FFFFFFFFA181F15B                 lea     rdi, unk_FFFFFFFFA2D77640\nseg000:FFFFFFFFA181F162                 lea     r9, aBpf        ; \"bpf\"\nseg000:FFFFFFFFA181F169                 mov     esi, 0\nseg000:FFFFFFFFA181F16E                 mov     edx, 0\nseg000:FFFFFFFFA181F173                 xor     ecx, ecx\nseg000:FFFFFFFFA181F175                 mov     r8d, 1B6h\nseg000:FFFFFFFFA181F17B                 xor     eax, eax\nseg000:FFFFFFFFA181F17D                 mov     cs:qword_FFFFFFFFA34EC770, 0\nseg000:FFFFFFFFA181F188                 call    make_dev\n\n\n\n  We see UID 0 (the UID for the root user) getting moved into the register for the 3rd argument, which is the owner argument. However, the permissions bits are being set to 0x1B6, which in octal is 0666. This means anyone can open /dev/bpf with read/write privileges. I’m not sure why this is the case, qwerty speculates that perhaps bpf is used for LAN gaming. In any case, this was a poor design decision because bpf is usually considered privileged, and should not be accessible to a process that is completely untrusted, such as WebKit. On most platforms, permissions for /dev/bpf will be set to 0x180, or 0600.\n\n\n\nRace Conditions - What are they?\n\n\n\n  The class of the bug abused in this exploit is known as a \"race condition\". Before we get into bug specifics, it's important for the reader to understand what race conditions are and how they can be an issue (especially in something like a kernel). Often in complex software (such as a kernel), resources will be shared (or \"global\"). This means other threads could potentially execute code that will access some resource that could be accessed by another thread at the same point in time. What happens if one thread accesses this resource while another thread does without exclusive access? Race conditions are introduced.\n  \n  Race conditions are defined as possible scenarios where events happen in a sequence different than the developer intended which leads to undefined behavior. In simple, single-threaded programs, this is not an issue because execution is linear. In more complex programs where code can be running in parallel however, this becomes a real issue. To prevent these problems, atomic instructions and locking mechanisms were introduced. When one thread wants to access a critical resource, it will attempt to acquire a \"lock\". If another thread is already using this resource, generally the thread attempting to acquire the lock will wait until the other thread is finished with it. Each thread must release the lock to the resource after they're done with it, failure to do so could result in a deadlock.\n  \n  While locking mechanisms such as mutexes have been introduced, developers sometimes struggle to use them properly. For example, what if a piece of shared data gets validated and processed, but while the processing of the data is locked, the validation is not? There is a window between validation and locking where that data can change, and while the developer thinks the data has been validated, it could be substituted with something malicious after it is validated, but before it is used. Parallel programming can be difficult, especially when, as a developer, you also want to factor in the fact that you don't want to put too much code in between locking and unlocking as it can impact performance.\n\n\n\nSee article for the rest\n\n\n\n\niXsystems\n\nRemote Debugging the running OpenBSD kernel\n\n\nSubtitled: A way to understand the OpenBSD internals\n+\u0026gt; The Problem\n+\u0026gt; A few month ago, I tried porting the FreeBSD kdb along with it's gdb stub implementations to OpenBSD as a practice of learning the internals of an BSD operating system. The ddb code in both FreeBSD and OpenBSD looks pretty much the same and the GDB Remote Serial Protocol looks very minimal.\n+\u0026gt; But sadly I got very busy and the work is stalled but I'm planning on resuming the attempt as soon as I get the chance, But there is an alternative way to Debugging the OpenBSD kernel via QEMU. What I did below is basically the same with a few minor changes which I hope to describe it as best.\n+\u0026gt; Installing OpenBSD on Qemu\n+\u0026gt; For debugging the kernel, we need a working OpenBSD system running on Qemu. I chose to create a raw disk file to be able to easily mount it later via the host and copy the custom kernel onto it.\n\n\n\n  $ qemu-img create -f raw disk.raw 5G\n  $ qemu-system-x8664 -m 256M \\\n  -drive format=raw,file=install63.fs \\\n  -drive format=raw,file=disk.raw\n  +\u0026gt; Custom Kernel\n  +\u0026gt; To debug the kernel, we need a version of the kernel with debugging symbols and for that we have to recompile it first. The process is documented at Building the System from Source:\n  ...\n  +\u0026gt; Then we can copy the bsd kernel to the guest machine and keep the bsd.gdb on the host to start the remote debugging via gdb.\n  +\u0026gt; Remote debugging kernel\n  +\u0026gt; Now it's to time to boot the guest with the new custom kernel. Remember that the -s argument enables the gdb server on qemu on localhost port 1234 by default:\n  $ qemu-system-x8664 -m 256M -s \\\n     -net nic -net user \\\n  -drive format=raw,file=install63.fs \\\n  +\u0026gt; Now to finally attach to the running kernel:\n  \n  \n\n\nInterview - Patrick Mooney - Software Engineer pmooney@pfmooney.com / @pfmooney\n\n\nBR: How did you first get introduced to UNIX?\nAJ: What got you started contributing to an open source project?\nBR: What sorts of things have you worked on in the past?\nAJ: Can you tell us more about what attracted you to illumos?\nBR: How did you get interested in, and started with, systems development?\nAJ: When did you first get interested in bhyve?\nBR: How much work was it to take the years-old port of bhyve and get it working on modern IllumOS?\nAJ: What was the process for getting the bhyve port caught up to current FreeBSD?\nBR: How usable is bhyve on illumOS?\nAJ: What area are you most interested in improving in bhyve?\nBR: Do you think the FreeBSD and illumos versions of bhyve will stay in sync with each other?\nAJ: What do you do for fun?\nBR: Anything else you want to mention?\n\n\n\n\nNews Roundup\n\nSetting up buildbot in FreeBSD Jails\n\n\n  In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism \"jails\". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.\n\n\n\nTable of contents\n\nChoosing host operating system and version for buildbot\nCreate a FreeBSD playground\nIntroduction to jails\nOverview of buildbot\nSet up jails\nInstall buildbot master\nRun buildbot master\nInstall buildbot worker\nRun buildbot worker\nSet up web server nginx to access buildbot UI\nRun your first build\nProduction hints\nFinished!\nChoosing host operating system and version for buildbot\n\n\n\n  We choose the released version of FreeBSD (11.1-RELEASE at the moment). There is no particular reason for it, and as a matter of fact buildbot as a Python-based server is very cross-platform; therefore the underlying OS platform and version should not make a large difference.\n  \n  It will make a difference for what you do with buildbot, however. For instance, poudriere is the de-facto standard for building packages from source on FreeBSD. Builds run in jails which may be any FreeBSD base system version older or equal to the host’s version (reason will be explained below). In other words, if the host is FreeBSD 11.1, build jails created by poudriere could e.g. use 9.1, 10.3, 11.0, 11.1, but potentially not version 12 or newer because of incompatibilities with the host’s kernel (jails do not run their own kernel as full virtual machines do). To not prolong this article over the intended scope, the details of which nice things could be done or automated with buildbot are not covered.\n  \n  Package names on the FreeBSD platform are independent of the OS version, since external software (as in: not part of base system) is maintained in FreeBSD ports. So, if your chosen FreeBSD version (here: 11) is still officially supported, the packages mentioned in this post should work. In the unlikely event of package name changes before you read this article, you should be able to find the actual package names like pkg search buildbot.\n  \n  Other operating systems like the various Linux distributions will use different package names but might also offer buildbot pre-packaged. If not, the buildbot installation manual offers steps to install it manually. In such case, the downside is that you will have to maintain and update the buildbot modules outside the stability and (semi-)automatic updates of your OS packages.\n\n\n\nSee article for the rest\n\n\n\n\nDigitalOcean\n\nDumping your USB\n\n\n  One of the many new features of OpenBSD 6.3 is the possibility to dump USB traffic to userland via bpf(4). This can be done with tcpdump(8) by specifying a USB bus as interface:\n\n\n```\n\ntcpdump -Xx -i usb0\n\ntcpdump: listening on usb0, link-type USBPCAP\n12:28:03.317945 bus 0 \u0026lt; addr 1: ep1 intr 2\n  0000: 0400                                     ..\n\n12:28:03.318018 bus 0 \u0026gt; addr 1: ep0 ctrl 8\n  0000: 00a3 0000 0002 0004 00                   ......... \n[...]\n```\n\n\n  As you might have noted I decided to implement the existing USBPcap capture format. A capture format is required because USB packets do not include all the necessary information to properly interpret them. I first thought I would implement libpcap's DLTUSB but then I quickly realize that this was not a standard. It is instead a FreeBSD specific format which has been since then renamed DLTUSBFREEBSD.\n  But I didn't want to embrace xkcd #927, so I look at the existing formats: DLTUSBFREEBSD, DLTUSBLINUX, DLTUSBLINUXMMAPPED, DLTUSBDARWIN and DLT_USBPCAP. I was first a bit sad to see that nobody could agree on a common format then I moved on and picked the simplest one: USBPcap.\n  Implementing an already existing format gives us out-of-box support for all the tools supporting it. That's why having common formats let us share our energy. In the case of USBPcap it is already supported by Wireshark, so you can already inspect your packet graphically. For that you need to first capture raw packets:\n\n\n```\n\ntcpdump -s 3303 -w usb.pcap -i usb0\n\ntcpdump: listening on usb0, link-type USBPCAP\n^C\n208 packets received by filter\n0 packets dropped by kernel\n```\n\n\n  USB packets can be quite big, that's why I'm not using tcpdump(8)'s default packet size. In this case, I want to make sure I can dump the complete uaudio(4) frames.\n  It is important to say that what is dumped to userland is what the USB stack sees. Packets sent on the wire might differ, especially when it comes to retries and timing. So this feature is not here to replace any USB analyser, however I hope that it will help people understand how things work and what the USB stack is doing. Even I found some interesting timing issues while implementing isochronous support.\n\n\n\n\nRun OpenBSD on your web server\n\n\nDeploy and login to your OpenBSD server first.\n\n\n\n  As soon as you're there you can enable an httpd(8) daemon, it's already installed on OpenBSD, you just need to configure it:\n\n\nwww# vi /etc/httpd.conf\n\n\nAdd two server sections---one for www and another for naked domain (all requests are redirected to www).\n\n\n```\nserver \"www.example.com\" {\n  listen on * port 80\n  root \"/htdocs/www.example.com\"\n}\n\nserver \"example.com\" {\n  listen on * port 80\n  block return 301 \"http://www.example.com$REQUEST_URI\"\n}\n```\n\n\nhttpd is chrooted to /var/www by default, so let's make a document root directory:\n\n\nwww# mkdir -p /var/www/htdocs/www.example.com\n\n\nSave and check this configuration:\n\n\n\nwww# httpd -n\nconfiguration ok\n\n\n\nEnable httpd(8) daemon and start it.\n\n\n\nwww# rcctl enable httpd\nwww# rcctl start httpd\n\n\n\nPublish your website\nCopy your website content into /var/www/htdocs/www.example.com and then test it your web browser.\n\n\nhttp://XXX.XXX.XXX.XXX/\n\n\n  Your web server should be up and running.\n\n\n\nUpdate DNS records\n\n\n\n  If there is another HTTPS server using this domain, configure that server to redirect all HTTPS requests to HTTP.\n  \n  Now as your new server is ready you can update DNS records accordingly.\n\n\n\n    example.com. 300 IN     A XXX.XXX.XXX.XXX\nwww.example.com. 300 IN     A XXX.XXX.XXX.XXX\n\n\n\nExamine your DNS is propagated.\n\n\n$ dig example.com www.example.com\n\n\nCheck IP addresses it answer sections. If they are correct, you should be able to access your new web server by its domain name.\nWhat's next? Enable HTTPS on your server.\n\n\n\n\nModern Akonadi and KMail on FreeBSD\n\n\n  For, quite literally a year or more, KMail and Akonadi on FreeBSD have been only marginally useful, at best. KDE4 era KMail was pretty darn good, but everything after that has had a number of FreeBSD users tearing out their hair. Sure, you can go to Trojitá, which has its own special problems and is generally “meh”, or bail out entirely to webmail, but .. KMail is a really great mail client when it works. Which, on Linux desktops, is nearly always, and on FreeBSD, is was nearly never.\n  \n  I looked at it with Dan and Volker last summer, briefly, and we got not much further than “hmm”. There’s a message about “The world is going to end!” which hardly makes sense, it means that a message has been truncated or corrupted while traversing a UNIX domain socket.\n  \n  Now Alexandre Martins — praise be! — has wandered in with a likely solution. KDE Bug 381850 contains a suggestion, which deserves to be publicised (and tested):\n\n\nsysctl net.local.stream.recvspace=65536\nsysctl net.local.stream.sendspace=65536\n\n\n  The default FreeBSD UNIX local socket buffer space is 8kiB. Bumping the size up to 64kiB — which matches the size that Linux has by default — suddenly makes KMail and Akonadi shine again. No other changes, no recompiling, just .. bump the sysctls (perhaps also in /etc/sysctl.conf) and KMail from Area51 hums along all day without ending the world.\n  \n  Since changing this value may have other effects, and Akonadi shouldn’t be dependent on a specific buffer size anyway, I’m looking into the Akonadi code (encouraged by Dan) to either automatically size the socket buffers, or to figure out where in the underlying code the assumption about buffer size lives. So for now, sysctl can make KMail users on FreeBSD happy, and later we hope to have things fully automatic (and if that doesn’t pan out, well, pkg-message exists).\n  \n  PS. Modern KDE PIM applications — Akonadi, KMail — which live in the deskutils/ category of the official FreeBSD ports were added to the official tree April 10th, so you can get your fix now from the official tree.\n\n\n\n\nBeastie Bits\n\n\npkg-provides support for DragonFly (from Rodrigo Osorio)\nMemories of writing a parser for man pages\nBryan Cantrill interview over at DeveloperOnFire podcast\n1978-03-25 - 2018-03-25: 40 years BSD Mail\nMy 5 years of FreeBSD gaming: a compendium of free games and engines running natively on FreeBSD\nSequential Resilver being upstreamed to FreeBSD, from FreeNAS, where it was ported from ZFS-on-Linux\nUniversity of Aberdeen’s Internet Transport Research Group is hiring  \n\n\n\n\nTarsnap ad\n\nFeedback/Questions\n\n\nDave - mounting non-filesystem things inside jails\nMorgan - ZFS on Linux Data loss bug\nRene - How to keep your ISP’s nose out of your browser history with encrypted DNS\nRodriguez - Feedback question! Relating to Windows\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eDragonflyBSD release 5.2.1 is here, BPF kernel exploit writeup, Remote Debugging the running OpenBSD kernel, interview with Patrick Mooney, FreeBSD buildbot setup in a jail, dumping your USB, and 5 years of gaming on FreeBSD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release52/\"\u003eDragonFlyBSD: release52 (w/stable HAMMER2, as default root)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonflyBSD 5.2.1 was released on May 21, 2018\u003c/li\u003e\n\u003cli\u003e\u003e Big Ticket items:\n\n\n\u003cblockquote\u003e\n  Meltdown and Spectre mitigation support\n  Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre\u003cem\u003emitigation and machdep.meltdown\u003c/em\u003emitigation.\n  HAMMER2\n  H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.\n  Clustered support is not yet available.\n  ipfw Updates\n  Implement state based \"redirect\", i.e. without using libalias.\n  ipfw now supports all possible ICMP types.\n  Fix ICMP\u003cem\u003eMAXTYPE assumptions (now 40 as of this release).\n  Improved graphics support\n  The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs\n  Add 24-bit pixel format support to the EFI frame buffer code.\n  Significantly improve fbio support for the \"scfb\" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.\n  Partly implement the FBIO\u003c/em\u003eBLANK ioctl for display powersaving.\n  Syscons waits for drm modesetting at appropriate places, avoiding races.\u003c/li\u003e\n  \u003c/ul\u003e\n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md\"\u003ePS4 4.55 BPF Race Condition Kernel Exploit Writeup\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eNote: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I've published it under the \"FreeBSD\" folder and not the \"PS4\" folder.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWelcome to the kernel portion of the PS4 4.55FW full exploit chain write-up. This bug was found by qwerty, and is fairly unique in the way it's exploited, so I wanted to do a detailed write-up on how it worked. The full source of the exploit can be found \u003ca href=\"https://github.com/Cryptogenic/PS4-4.55-Kernel-Exploit\"\u003ehere\u003c/a\u003e. I've previously covered the webkit exploit implementation for userland access \u003ca href=\"https://github.com/Cryptogenic/Exploit-Writeups/blob/master/WebKit/setAttributeNodeNS%20UAF%20Write-up.md\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD or Sony's fault? Why not both...\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eInterestingly, this bug is actually a FreeBSD bug and was not (at least directly) introduced by Sony code. While this is a FreeBSD bug however, it's not very useful for most systems because the /dev/bpf device driver is root-owned, and the permissions for it are set to 0600 (meaning owner has read/write privileges, and nobody else does) - though it can be used for escalating from root to kernel mode code execution. However, let’s take a look at the make_dev() call inside the PS4 kernel for /dev/bpf (taken from a 4.05 kernel dump).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\nseg000:FFFFFFFFA181F15B                 lea     rdi, unk_FFFFFFFFA2D77640\nseg000:FFFFFFFFA181F162                 lea     r9, aBpf        ; \"bpf\"\nseg000:FFFFFFFFA181F169                 mov     esi, 0\nseg000:FFFFFFFFA181F16E                 mov     edx, 0\nseg000:FFFFFFFFA181F173                 xor     ecx, ecx\nseg000:FFFFFFFFA181F175                 mov     r8d, 1B6h\nseg000:FFFFFFFFA181F17B                 xor     eax, eax\nseg000:FFFFFFFFA181F17D                 mov     cs:qword_FFFFFFFFA34EC770, 0\nseg000:FFFFFFFFA181F188                 call    make_dev\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe see UID 0 (the UID for the root user) getting moved into the register for the 3rd argument, which is the owner argument. However, the permissions bits are being set to 0x1B6, which in octal is 0666. This means anyone can open /dev/bpf with read/write privileges. I’m not sure why this is the case, qwerty speculates that perhaps bpf is used for LAN gaming. In any case, this was a poor design decision because bpf is usually considered privileged, and should not be accessible to a process that is completely untrusted, such as WebKit. On most platforms, permissions for /dev/bpf will be set to 0x180, or 0600.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRace Conditions - What are they?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe class of the bug abused in this exploit is known as a \"race condition\". Before we get into bug specifics, it's important for the reader to understand what race conditions are and how they can be an issue (especially in something like a kernel). Often in complex software (such as a kernel), resources will be shared (or \"global\"). This means other threads could potentially execute code that will access some resource that could be accessed by another thread at the same point in time. What happens if one thread accesses this resource while another thread does without exclusive access? Race conditions are introduced.\u003c/p\u003e\n  \n  \u003cp\u003eRace conditions are defined as possible scenarios where events happen in a sequence different than the developer intended which leads to undefined behavior. In simple, single-threaded programs, this is not an issue because execution is linear. In more complex programs where code can be running in parallel however, this becomes a real issue. To prevent these problems, atomic instructions and locking mechanisms were introduced. When one thread wants to access a critical resource, it will attempt to acquire a \"lock\". If another thread is already using this resource, generally the thread attempting to acquire the lock will wait until the other thread is finished with it. Each thread must release the lock to the resource after they're done with it, failure to do so could result in a deadlock.\u003c/p\u003e\n  \n  \u003cp\u003eWhile locking mechanisms such as mutexes have been introduced, developers sometimes struggle to use them properly. For example, what if a piece of shared data gets validated and processed, but while the processing of the data is locked, the validation is not? There is a window between validation and locking where that data can change, and while the developer thinks the data has been validated, it could be substituted with something malicious after it is validated, but before it is used. Parallel programming can be difficult, especially when, as a developer, you also want to factor in the fact that you don't want to put too much code in between locking and unlocking as it can impact performance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee \u003ca href=\"https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md\"\u003earticle\u003c/a\u003e for the rest\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bijanebrahimi.github.io/blog/remote-debugging-the-running-openbsd-kernel.html\"\u003eRemote Debugging the running OpenBSD kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubtitled: A way to understand the OpenBSD internals\n+\u003e The Problem\n+\u003e A few month ago, I tried porting the FreeBSD kdb along with it's gdb stub implementations to OpenBSD as a practice of learning the internals of an BSD operating system. The ddb code in both FreeBSD and OpenBSD looks pretty much the same and the GDB Remote Serial Protocol looks very minimal.\n+\u003e But sadly I got very busy and the work is stalled but I'm planning on resuming the attempt as soon as I get the chance, But there is an alternative way to Debugging the OpenBSD kernel via QEMU. What I did below is basically the same with a few minor changes which I hope to describe it as best.\n+\u003e Installing OpenBSD on Qemu\n+\u003e For debugging the kernel, we need a working OpenBSD system running on Qemu. I chose to create a raw disk file to be able to easily mount it later via the host and copy the custom kernel onto it.\n\n\n\u003cblockquote\u003e\n  $ qemu-img create -f raw disk.raw 5G\n  $ qemu-system-x86\u003cem\u003e64 -m 256M \\\n  -drive format=raw,file=install63.fs \\\n  -drive format=raw,file=disk.raw\n  +\u003e Custom Kernel\n  +\u003e To debug the kernel, we need a version of the kernel with debugging symbols and for that we have to recompile it first. The process is documented at Building the System from Source:\n  ...\n  +\u003e Then we can copy the bsd kernel to the guest machine and keep the bsd.gdb on the host to start the remote debugging via gdb.\n  +\u003e Remote debugging kernel\n  +\u003e Now it's to time to boot the guest with the new custom kernel. Remember that the -s argument enables the gdb server on qemu on localhost port 1234 by default:\n  $ qemu-system-x86\u003c/em\u003e64 -m 256M -s \\\n     -net nic -net user \\\n  -drive format=raw,file=install63.fs \\\n  +\u003e Now to finally attach to the running kernel:\u003c/li\u003e\n  \u003c/ul\u003e\n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eInterview - Patrick Mooney - Software Engineer \u003ca href=\"pmooney@pfmooney.com\"\u003epmooney@pfmooney.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/pfmooney\"\u003e@pfmooney\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBR: How did you first get introduced to UNIX?\u003c/li\u003e\n\u003cli\u003eAJ: What got you started contributing to an open source project?\u003c/li\u003e\n\u003cli\u003eBR: What sorts of things have you worked on in the past?\u003c/li\u003e\n\u003cli\u003eAJ: Can you tell us more about what attracted you to illumos?\u003c/li\u003e\n\u003cli\u003eBR: How did you get interested in, and started with, systems development?\u003c/li\u003e\n\u003cli\u003eAJ: When did you first get interested in bhyve?\u003c/li\u003e\n\u003cli\u003eBR: How much work was it to take the years-old port of bhyve and get it working on modern IllumOS?\u003c/li\u003e\n\u003cli\u003eAJ: What was the process for getting the bhyve port caught up to current FreeBSD?\u003c/li\u003e\n\u003cli\u003eBR: How usable is bhyve on illumOS?\u003c/li\u003e\n\u003cli\u003eAJ: What area are you most interested in improving in bhyve?\u003c/li\u003e\n\u003cli\u003eBR: Do you think the FreeBSD and illumos versions of bhyve will stay in sync with each other?\u003c/li\u003e\n\u003cli\u003eAJ: What do you do for fun?\u003c/li\u003e\n\u003cli\u003eBR: Anything else you want to mention?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails\"\u003eSetting up buildbot in FreeBSD Jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIn this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism \"jails\". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eTable of contents\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eChoosing host operating system and version for buildbot\u003c/li\u003e\n\u003cli\u003eCreate a FreeBSD playground\u003c/li\u003e\n\u003cli\u003eIntroduction to jails\u003c/li\u003e\n\u003cli\u003eOverview of buildbot\u003c/li\u003e\n\u003cli\u003eSet up jails\u003c/li\u003e\n\u003cli\u003eInstall buildbot master\u003c/li\u003e\n\u003cli\u003eRun buildbot master\u003c/li\u003e\n\u003cli\u003eInstall buildbot worker\u003c/li\u003e\n\u003cli\u003eRun buildbot worker\u003c/li\u003e\n\u003cli\u003eSet up web server nginx to access buildbot UI\u003c/li\u003e\n\u003cli\u003eRun your first build\u003c/li\u003e\n\u003cli\u003eProduction hints\u003c/li\u003e\n\u003cli\u003eFinished!\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eChoosing host operating system and version for buildbot\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe choose the released version of FreeBSD (11.1-RELEASE at the moment). There is no particular reason for it, and as a matter of fact buildbot as a Python-based server is very cross-platform; therefore the underlying OS platform and version should not make a large difference.\u003c/p\u003e\n  \n  \u003cp\u003eIt will make a difference for what you do with buildbot, however. For instance, poudriere is the de-facto standard for building packages from source on FreeBSD. Builds run in jails which may be any FreeBSD base system version older or equal to the host’s version (reason will be explained below). In other words, if the host is FreeBSD 11.1, build jails created by poudriere could e.g. use 9.1, 10.3, 11.0, 11.1, but potentially not version 12 or newer because of incompatibilities with the host’s kernel (jails do not run their own kernel as full virtual machines do). To not prolong this article over the intended scope, the details of which nice things could be done or automated with buildbot are not covered.\u003c/p\u003e\n  \n  \u003cp\u003ePackage names on the FreeBSD platform are independent of the OS version, since external software (as in: not part of base system) is maintained in FreeBSD ports. So, if your chosen FreeBSD version (here: 11) is still officially supported, the packages mentioned in this post should work. In the unlikely event of package name changes before you read this article, you should be able to find the actual package names like pkg search buildbot.\u003c/p\u003e\n  \n  \u003cp\u003eOther operating systems like the various Linux distributions will use different package names but might also offer buildbot pre-packaged. If not, the buildbot installation manual offers steps to install it manually. In such case, the downside is that you will have to maintain and update the buildbot modules outside the stability and (semi-)automatic updates of your OS packages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee \u003ca href=\"https://andidog.de/blog/2018-04-22-buildbot-setup-freebsd-jails\"\u003earticle\u003c/a\u003e for the rest\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.grenadille.net/post/2018/03/29/Dumping-your-USB\"\u003eDumping your USB\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOne of the many new features of OpenBSD 6.3 is the possibility to dump USB traffic to userland via bpf(4). This can be done with tcpdump(8) by specifying a USB bus as interface:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e```\u003c/p\u003e\n\n\u003ch1\u003etcpdump -Xx -i usb0\u003c/h1\u003e\n\n\u003cp\u003etcpdump: listening on usb0, link-type USBPCAP\n12:28:03.317945 bus 0 \u0026lt; addr 1: ep1 intr 2\n  0000: 0400                                     ..\u003c/p\u003e\n\n\u003cp\u003e12:28:03.318018 bus 0 \u003e addr 1: ep0 ctrl 8\n  0000: 00a3 0000 0002 0004 00                   ......... \u003cbr /\u003e\n[...]\n```\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAs you might have noted I decided to implement the existing USBPcap capture format. A capture format is required because USB packets do not include all the necessary information to properly interpret them. I first thought I would implement libpcap's DLT\u003cem\u003eUSB but then I quickly realize that this was not a standard. It is instead a FreeBSD specific format which has been since then renamed DLT\u003c/em\u003eUSB\u003cem\u003eFREEBSD.\n  But I didn't want to embrace xkcd #927, so I look at the existing formats: DLT\u003c/em\u003eUSB\u003cem\u003eFREEBSD, DLT\u003c/em\u003eUSB\u003cem\u003eLINUX, DLT\u003c/em\u003eUSB\u003cem\u003eLINUX\u003c/em\u003eMMAPPED, DLT\u003cem\u003eUSB\u003c/em\u003eDARWIN and DLT_USBPCAP. I was first a bit sad to see that nobody could agree on a common format then I moved on and picked the simplest one: USBPcap.\n  Implementing an already existing format gives us out-of-box support for all the tools supporting it. That's why having common formats let us share our energy. In the case of USBPcap it is already supported by Wireshark, so you can already inspect your packet graphically. For that you need to first capture raw packets:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e```\u003c/p\u003e\n\n\u003ch1\u003etcpdump -s 3303 -w usb.pcap -i usb0\u003c/h1\u003e\n\n\u003cp\u003etcpdump: listening on usb0, link-type USBPCAP\n^C\n208 packets received by filter\n0 packets dropped by kernel\n```\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eUSB packets can be quite big, that's why I'm not using tcpdump(8)'s default packet size. In this case, I want to make sure I can dump the complete uaudio(4) frames.\n  It is important to say that what is dumped to userland is what the USB stack sees. Packets sent on the wire might differ, especially when it comes to retries and timing. So this feature is not here to replace any USB analyser, however I hope that it will help people understand how things work and what the USB stack is doing. Even I found some interesting timing issues while implementing isochronous support.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.romanzolotarev.com/openbsd/webserver.html\"\u003eRun OpenBSD on your web server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.romanzolotarev.com/vultr.html\"\u003eDeploy and login to your OpenBSD server first.\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAs soon as you're there you can enable an httpd(8) daemon, it's already installed on OpenBSD, you just need to configure it:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ewww# vi /etc/httpd.conf\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdd two server sections---one for www and another for naked domain (all requests are redirected to www).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e```\nserver \"www.example.com\" {\n  listen on * port 80\n  root \"/htdocs/www.example.com\"\n}\u003c/p\u003e\n\n\u003cp\u003eserver \"example.com\" {\n  listen on * port 80\n  block return 301 \"http://www.example.com$REQUEST_URI\"\n}\n```\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ehttpd is chrooted to /var/www by default, so let's make a document root directory:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ewww# mkdir -p /var/www/htdocs/www.example.com\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSave and check this configuration:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e\nwww# httpd -n\nconfiguration ok\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEnable httpd(8) daemon and start it.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e\nwww# rcctl enable httpd\nwww# rcctl start httpd\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003ePublish your website\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eCopy your website content into /var/www/htdocs/www.example.com and then test it your web browser.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ehttp://XXX.XXX.XXX.XXX/\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eYour web server should be up and running.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpdate DNS records\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIf there is another HTTPS server using this domain, configure that server to redirect all HTTPS requests to HTTP.\u003c/p\u003e\n  \n  \u003cp\u003eNow as your new server is ready you can update DNS records accordingly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\n    example.com. 300 IN     A XXX.XXX.XXX.XXX\nwww.example.com. 300 IN     A XXX.XXX.XXX.XXX\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eExamine your DNS is propagated.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e$ dig example.com www.example.com\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eCheck IP addresses it answer sections. If they are correct, you should be able to access your new web server by its domain name.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.romanzolotarev.com/openbsd/acme-client.html\"\u003eWhat's next? Enable HTTPS on your server.\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=1827\"\u003eModern Akonadi and KMail on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eFor, quite literally a year or more, KMail and Akonadi on FreeBSD have been only marginally useful, at best. KDE4 era KMail was pretty darn good, but everything after that has had a number of FreeBSD users tearing out their hair. Sure, you can go to Trojitá, which has its own special problems and is generally “meh”, or bail out entirely to webmail, but .. KMail is a really great mail client when it works. Which, on Linux desktops, is nearly always, and on FreeBSD, is was nearly never.\u003c/p\u003e\n  \n  \u003cp\u003eI looked at it with Dan and Volker last summer, briefly, and we got not much further than “hmm”. There’s a message about “The world is going to end!” which hardly makes sense, it means that a message has been truncated or corrupted while traversing a UNIX domain socket.\u003c/p\u003e\n  \n  \u003cp\u003eNow Alexandre Martins — praise be! — has wandered in with a likely solution. KDE Bug 381850 contains a suggestion, which deserves to be publicised (and tested):\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003esysctl net.local.stream.recvspace=65536\u003c/code\u003e\n\u003ccode\u003esysctl net.local.stream.sendspace=65536\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe default FreeBSD UNIX local socket buffer space is 8kiB. Bumping the size up to 64kiB — which matches the size that Linux has by default — suddenly makes KMail and Akonadi shine again. No other changes, no recompiling, just .. bump the sysctls (perhaps also in /etc/sysctl.conf) and KMail from Area51 hums along all day without ending the world.\u003c/p\u003e\n  \n  \u003cp\u003eSince changing this value may have other effects, and Akonadi shouldn’t be dependent on a specific buffer size anyway, I’m looking into the Akonadi code (encouraged by Dan) to either automatically size the socket buffers, or to figure out where in the underlying code the assumption about buffer size lives. So for now, sysctl can make KMail users on FreeBSD happy, and later we hope to have things fully automatic (and if that doesn’t pan out, well, pkg-message exists).\u003c/p\u003e\n  \n  \u003cp\u003ePS. Modern KDE PIM applications — Akonadi, KMail — which live in the deskutils/ category of the official FreeBSD ports were added to the official tree April 10th, so you can get your fix now from the official tree.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2018-April/335722.html\"\u003epkg-provides support for DragonFly (from Rodrigo Osorio)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://monades.roperzh.com/memories-writing-parser-man-pages/\"\u003eMemories of writing a parser for man pages\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://developeronfire.com/podcast/episode-198-bryan-cantrill-persistence-and-action\"\u003eBryan Cantrill interview over at DeveloperOnFire podcast\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://minnie.tuhs.org/pipermail/tuhs/2018-March/013285.html\"\u003e1978-03-25 - 2018-03-25: 40 years BSD Mail\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://imgur.com/a/KOTJS\"\u003eMy 5 years of FreeBSD gaming: a compendium of free games and engines running natively on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D15562\"\u003eSequential Resilver being upstreamed to FreeBSD, from FreeNAS, where it was ported from ZFS-on-Linux\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-jobs/2018-May/000944.html\"\u003eUniversity of Aberdeen’s Internet Transport Research Group is hiring  \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap ad\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDave - \u003ca href=\"http://dpaste.com/0KHRB4Z#wrap\"\u003emounting non-filesystem things inside jails\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMorgan - \u003ca href=\"http://dpaste.com/10QD42T#wrap\"\u003eZFS on Linux Data loss bug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRene - \u003ca href=\"http://dpaste.com/30VM51S#wrap\"\u003eHow to keep your ISP’s nose out of your browser history with encrypted DNS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodriguez - \u003ca href=\"http://dpaste.com/3WVYR9D#wrap\"\u003eFeedback question! Relating to Windows\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"DragonflyBSD release 5.2.1 is here, BPF kernel exploit writeup, Remote Debugging the running OpenBSD kernel, interview with Patrick Mooney, FreeBSD buildbot setup in a jail, dumping your USB, and 5 years of gaming on FreeBSD.","date_published":"2018-05-29T14:30:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a0ea5b3c-e781-499e-bfa4-cee1d550f915.mp3","mime_type":"audio/mp3","size_in_bytes":62803024,"duration_in_seconds":6273}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1994","title":"Episode 247: Interning for FreeBSD | BSD Now 247","url":"https://www.bsdnow.tv/247","content_text":"FreeBSD internship learnings, exciting developments coming to FreeBSD, running FreeNAS on DigitalOcean, Network Manager control for OpenBSD, OpenZFS User Conference Videos are here and batch editing files with ed.\n\nHeadlines\n\nWhat I learned during my FreeBSD intership\n\n\n  Hi, my name is Mitchell Horne. I am a computer engineering student at the University of Waterloo, currently in my third year of studies, and fortunate to have been one of the FreeBSD Foundation’s co-op students this past term (January to April). During this time I worked under Ed Maste, in the Foundation’s small Kitchener office, along with another co-op student Arshan Khanifar. My term has now come to an end, and so I’d like to share a little bit about my experience as a newcomer to FreeBSD and open-source development.\n  \n  I’ll begin with some quick background — and a small admission of guilt. I have been an open-source user for a large part of my life. When I was a teenager I started playing around with Linux, which opened my eyes to the wider world of free software. Other than some small contributions to GNOME, my experience has been mostly as an end user; however, the value of these projects and the open-source philosophy was not lost on me, and is most of what motivated my interest in this position. Before beginning this term I had no personal experience with any of the BSDs, although I knew of their existence and was extremely excited to receive the position. I knew it would be a great opportunity for growth, but I must confess that my naivety about FreeBSD caused me to make the silent assumption that this would be a form of compromise — a stepping stone that would eventually allow me to work on open-source projects that are somehow “greater” or more “legitimate”. After four months spent immersed in this project I have learned how it operates, witnessed its community, and learned about its history. I am happy to admit that I was completely mistaken. Saying it now seems obvious, but FreeBSD is a project with its own distinct uses, goals, and identity. For many there may exist no greater opportunity than to work on FreeBSD full time, and with what I know now I would have a hard time coming up with a project that is more “legitimate”.\n\n\n\nWhat I Liked\n\n\n\n  In all cases, the work I submitted this term was reviewed by no less than two people before being committed. The feedback and criticism I received was always both constructive and to the point, and it commented on everything from high-level ideas to small style issues. I appreciate having these thorough reviews in place, since I believe it ultimately encourages people to accept only their best work. It is indicative of the high quality that already exists within every aspect of this project, and this commitment to quality is something that should continue to be honored as a core value. As I’ve discovered in some of my previous work terms, it is all too easy cut corners in the name of a deadline or changing priorities, but the fact that FreeBSD doesn’t need to make these types of compromises is a testament to the power of free software.\n  \n  It’s a small thing, but the quality and completeness of the FreeBSD documentation was hugely helpful throughout my term. Everything you might need to know about utilities, library functions, the kernel, and more can be found in a man page; and the handbook is a great resource as both an introduction to the operating system and a reference. I only wish I had taken some time earlier in the term to explore the different documents more thoroughly, as they cover a wide range of interesting and useful topics. The effort people put into writing and maintaining FreeBSD’s documentation is easy to overlook, but its value cannot be overstated.\n\n\n\nWhat I Learned\n\n\n\n  Although there was a lot I enjoyed, there were certainly many struggles I faced throughout the term, and lessons to be learned from them. I expect that some of issues I faced may be specific to FreeBSD, while others may be common to open-source projects in general. I don’t have enough experience to speculate on which is which, so I will leave this to the reader.\n  \n  The first lesson can be summed up simply: you have to advocate for your own work. FreeBSD is made up in large part by volunteer efforts, and in many cases there is more work to go around than people available to do it. A consequence of this is that there will not be anybody there to check up on you. Even in my position where I actually had a direct supervisor, Ed often had his plate full with so many other things that the responsibility to find someone to look at my work fell to me. Admittedly, a couple of smaller changes I worked on got left behind or stuck in review simply because there wasn’t a clear person/place to reach out to.\n  \n  I think this is both a barrier of entry to FreeBSD and a mental hurdle that I needed to get over. If there’s a change you want to see included or reviewed, then you may have to be the one to push for it, and there’s nothing wrong with that. Perhaps this process should be easier for newcomers or infrequent contributors (the disconnect between Bugzilla and Phabricator definitely leaves a lot to be desired), but we also have to be aware that this simply isn’t the reality right now. Getting your work looked at may require a little bit more self-motivation, but I’d argue that there are much worse problems a project like FreeBSD could have than this.\n  \n  I understand this a lot better now, but it is still something I struggle with. I’m not naturally the type of person who easily connects with others or asks for help, so I see this as an area for future growth rather than simply a struggle I encountered and overcame over the course of this work term. Certainly it is an important skill to understand the value of your own work, and equally important is the ability to communicate that value to others.\n  \n  I also learned the importance of starting small. My first week or two on the job mainly involved getting set up and comfortable with the workflow. After this initial stage, I began exploring the project and found myself overwhelmed by its scale. With so many possible areas to investigate, and so much work happening at once, I felt quite lost on where to begin. Many of the potential projects I found were too far beyond my experience level, and most small bugs were picked up and fixed quickly by more experienced contributors before I could even get to them.\n  \n  It’s easy to make the mistake that FreeBSD is made up solely of a few rock-star committers that do everything. This is how it appears at face-value, as reading through commits, bug reports, and mailing lists yields a few of the same names over and over. The reality is that just as important are the hundreds of users and infrequent contributors who take the time to submit bug reports, patches, or feedback. Even though there are some people who would fall under the umbrella of a rock-star committer, they didn’t get there overnight. Rather, they have built their skills and knowledge through many years of involvement in FreeBSD and similar projects.\n  \n  As a student coming into this project and having high expectations of myself, it was easy to set the bar too high by comparing myself against those big committers, and feel that my work was insignificant, inadequate, and simply too infrequent. In reality, there is no reason I should have felt this way. In a way, this comparison is disrespectful to those who have reached this level, as it took them a long time to get there, and it’s a humbling reminder that any skill worth learning requires time, patience, and dedication. It is easy to focus on an end product and simply wish to be there, but in order to be truly successful one must start small, and find satisfaction in the struggle of learning something new. I take pride in the many small successes I’ve had throughout my term here, and appreciate the fact that my journey into FreeBSD and open-source software is only just beginning.\n\n\n\nClosing Thoughts\n\n\n\n  I would like to close with some brief thank-you’s. First, to everyone at the Foundation for being so helpful, and allowing this position to exist in the first place. I am extremely grateful to have been given this unique opportunity to learn about and give back to the open-source world. I’d also like to thank my office mates; Ed: for being an excellent mentor, who offered an endless wealth of knowledge and willingness to share it. My classmate and fellow intern Arshan: for giving me a sense of camaraderie and the comforting reminder that at many moments he was as lost as I was. Finally, a quick thanks to everyone else I crossed paths with who offered reviews and advice. I appreciate your help and look forward to working with you all further.\n  \n  I am walking away from this co-op with a much greater appreciation for this project, and have made it a goal to remain involved in some capacity. I feel that I’ve gained a little bit of a wider perspective on my place in the software world, something I never really got from my previous co-ops. Whether it ends up being just a stepping stone, or the beginning of much larger involvement, I thoroughly enjoyed my time here.\n\n\n\n\nRecent Developments in FreeBSD\n\n\nSupport for encrypted, compressed (gzip and zstd), and network crash dumps enabled by default on most platforms\nIntel Microcode Splitter\nIntel Spec Store Bypass Disable control\nRaspberry Pi 3B+ Ethernet Driver\nIBRS for i386\nUpcoming:\nMicrocode updater for AMD CPUs\nthe RACK TCP/IP stack, from Netflix\nVoting in the FreeBSD Core Election begins today:\n\n\n\n\nDigitalOcean\nDigital Ocean Promo Link for BSD Now Listeners\n\n\n\nRunning FreeNAS on a DigitalOcean Droplet\n\n\nNeed to backup your FreeNAS offsite? Run a locked down instance in the cloud, and replicate to it\nThe tutorial walks though the steps of converting a fresh FreeBSD based droplet into a FreeNAS\nCreate a droplet, and add a small secondary block-storage device\nBoot the droplet, login, and download FreeNAS\nDisable swap, enable ‘foot shooting’ mode in GEOM\nuse dd to write the FreeNAS installer to the boot disk\nReboot the droplet, and use the FreeNAS installer to install FreeNAS to the secondary block storage device\nNow, reimage the droplet with FreeBSD again, to replace the FreeNAS installer\nBoot, and dd FreeNAS from the secondary block storage device back to the boot disk\nYou can now destroy the secondary block device\nNow you have a FreeNAS, and can take it from there.\nUse the FreeNAS replication wizard to configure sending snapshots from your home NAS to your cloud NAS\nNote: You might consider creating a new block storage device to create a larger pool, that you can more easily grow over time, rather than using the boot device in the droplet as your main pool.\n\n\n\n\nNews Roundup\n\nNetwork Manager Control for OpenBSD (Updated)\n\n\nGeneralities\nI just remind the scope of this small tool:\n\nallow you to pre-define several cable or wifi connections\nlet nmctl to connect automatically to the first available one\nallow you to easily switch from one network connection to an other one\ncreate openbox dynamic menus\nEnhancements in this version\n\n\n\n  This is my second development version: 0.2.\n  I've added performed several changes in the code:\n\n\n\ncode style cleanup, to better match the python recommendations\nadapt the tool to allow to connect to an Open-wifi having blancs in the name. This happens in some hotels\nimplement a loop as work-around concerning the arp table issue.\n\n\n\n  The source code is still on the git of Sourceforge.net. \n   You can see the files here\n  \n  And you can download the last version here\n\n\n\nFeedbacks after few months\n\n\n\n  I'm using this script on my OpenBSD laptop since about 5 months. In my case, I'm mainly using the openbox menus and the --restart option.\n\n\n\nThe Openbox menus\n\n\n\n  The openbox menus are working fine. As explain in my previous blog, I just have to create 2 entries in my openbox's menu.xml file, and all the rest comes automatically from nmctl itself thanks to the --list and --scan options.\n  I've not changed this part of nmctl since it works as expected (for me :-) ).\n\n\n\nThe --restart option\n\n\n\n  Because I'm very lazy, and because OpenBSD is very simple to use, I've added the command \"nmctl --restart\" in the /etc/apm/resume script. Thanks to apmd, this script will be used each time I'm opening the lid of my laptop. \n  In other words, each time I'll opening my laptop, nmctl will search the optimum network connection for me.\n  But I had several issues in this scenario.\n  Most of the problems were linked to the arp table issues. Indeed, in some circumstances, my proxy IP address was associated to the cable interface instead of the wifi interface or vice-versa. As consequence I'm not able to connect to the proxy, thus not able to connect to internet. So the ping to google (final test nmctl perform) is failing.\n  Knowing that anyhow, I'm doing a full arp cleanup, it's not clear for me from where this problem come from. To solve this situation I've implemented a \"retry\" concept. In other words, before testing an another possible network connection (as listed in my /etc/nmctl.conf file), the script try 3x the current connection's parameters.\n  If you want to reduce or increase this figures, you can do it via the --retry parameter.\n\n\n\nResults of my expertise with this small tool\n\n\n\n  Where ever I'm located, my laptop is now connecting automatically to the wifi / cable connection previously identified for this location.\n  Currently I have 3 places where I have Wifi credentials and 2 offices places where I just have to plug the network cable.\n  Since the /etc/apm/resume scripts is triggered when I open the lid of the laptop, I just have to make sure that I plug the RJ45 before opening the laptop. For the rest, I do not have to type any commands, OpenBSD do all what is needed ;-).\n  I hotels or restaurants, I can just connect to the Open Wifi thanks to the openbox menu created by \"nmctl --scan\".\n\n\n\nNext steps\nDocumentation\n\n\n\n  The tool is missing lot of documentation. I appreciate OpenBSD for his great documentation, so I have to do the same.\n  I plan to write a README and a man page at first instances.\n  But since my laziness, I will do it as soon as I see some interest for this tool from other persons.\n\n\n\nTests\n\n\n\n  I now have to travel and see how to see the script react on the different situations.\n  Interested persons are welcome to share with me the outcome of their tests.\n  I'm curious how it work.\n\n\n\n\nOpenBSD 6.3 on EdgeRouter Lite simple upgrade method\n\n\nTL;DR\n\n\n\n  OpenBSD 6.3 oceton upgrade instructions may not factor that your ERL is running from the USB key they want wiped with the miniroot63.fs image loaded on.\n  Place the bsd.rd for OpenBSD 6.3 on the sd0i slice used by U-Boot for the kernel, and then edit the boot command to run it.\n\n\n\na tiny upgrade\n\n\n\n  The OpenBSD documentation is comprehensive, but there might be rough corners around what are probably edge cases in their user base. People running EdgeRouter Lite hardware for example, who are looking to upgrade from 6.2 to 6.3.\n  The documentation, which gave us everything we needed last time, left me with some questions about how to upgrade. In INSTALL.octeon, the Upgrading section does mention:\n  The best solution, whenever possible, is to backup your data and reinstall from scratch\n  I had to check if that directive existed in the documentation for other architectures. I wondered if oceton users were getting singled out. We were not. Just simplicity and pragmatism.\n\n\n\nReading on:\n\n\n\n  To upgrade OpenBSD 6.3 from a previous version, start with the general instructions in the section \"Installing OpenBSD\".\n  But that section requires us to boot off of TFTP or NFS. Which I don’t want to do right now. Could also use a USB stick with the miniroot63.fs installed on it.\n  But as the ERL only has a single USB port, we would have to remove the USB stick with the current install on it. Once we get to the Install or Upgrade prompt, there would be nothing to upgrade.\n  Well, I guess I could use a USB hub. But the ERL’s USB port is inside the case. With all the screws in. And the tools are neatly put away. And I’d have to pull the USB hub from behind a workstation. And it’s two am. And I cleaned up the cabling in the lab this past weekend. Looks nice for once.\n  So I don’t want to futz around with all that.\n  There must be an almost imperceptibly easier way of doing this than setting up a TFTP server or NFS share in five minutes… Right?\n\n\n\n\niXsystems\nBoise Technology Show 2018 Recap\n\nOpenZFS User Conference Slides \u0026amp; Videos\n\n\nThank you ZFS\nZSTD Compression\nPool Layout Considerations\nZFS Releases\nHelping Developers Help You\nZFS and MySQL on Linux\nMicron\nOSNEXUS\nZFS at Six Feet Up\nFlexible Disk Use with OpenZFS\n\n\n\n\nBatch editing files with ed\n\n\nwhat’s ‘ed’?\n\n\n\n  ed is this sort of terrifying text editor. A typical interaction with ed for me in the past has gone something like this:\n\n\n\n$ ed\nhelp\n?\nh\n?\nasdfasdfasdfsadf\n?\n\u0026lt;close terminal in frustration\u0026gt;\n\n\n\n  Basically if you do something wrong, ed will just print out a single, unhelpful, ?. So I’d basically dismissed ed as an old arcane Unix tool that had no practical use today.\n  vi is a successor to ed, except with a visual interface instead of this ?\n\n\n\nsurprise: Ed is actually sort of cool and fun\n\n\n\n  So if Ed is a terrifying thing that only prints ? at you, why am I writing a blog post about it? WELL!!!!\n  On April 1 this year, Michael W Lucas published a new short book called Ed Mastery. I like his writing, and even though it was sort of an april fool’s joke, it was ALSO a legitimate actual real book, and so I bought it and read it to see if his claims that Ed is actually interesting were true.\n  And it was so cool!!!! I found out:\n\n\n\nhow to get Ed to give you better error messages than just ?\nthat the name of the grep command comes from ed syntax (g/re/p)\nthe basics of how to navigate and edit files using ed\n\n\n\n  All of that was a cool Unix history lesson, but did not make me want to actually use Ed in real life. But!!!\n  \n  The other neat thing about Ed (that did make me want to use it!) is that any Ed session corresponds to a script that you can replay! So if I know Ed, then I can use Ed basically as a way to easily apply vim-macro-like programs to my files.\n\n\n\n\nBeastie Bits\n\n\nFreeBSD Mastery: Jails -- Help make it happen \nVideo: OpenZFS Basics presented by George Wilson and Matt Ahrens at Scale 16x back in March 2018\nDragonFlyBSD’s IPFW gets highspeed lockless in-kernel NAT\nA Love Letter to OpenBSD\nNew talks, and the F-bomb\nPractical UNIX Manuals: mdoc\nBSD Meetup in Zurich: May 24th\nBSD Meetup in Warsaw: May 24th\nMeetBSD 2018\n\n\n\n\nTarsnap\n\nFeedback/Questions\n\n\nSeth - First time poudriere Builder\nFarhan - Why we didn't go FreeBSD\narchitech - Encryption Feedback\nDave - Handy Tip on setting up automated coredump handling for FreeBSD\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eFreeBSD internship learnings, exciting developments coming to FreeBSD, running FreeNAS on DigitalOcean, Network Manager control for OpenBSD, OpenZFS User Conference Videos are here and batch editing files with ed.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/guest-blog-what-i-learned-during-my-freebsd-internship/\"\u003eWhat I learned during my FreeBSD intership\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eHi, my name is Mitchell Horne. I am a computer engineering student at the University of Waterloo, currently in my third year of studies, and fortunate to have been one of the FreeBSD Foundation’s co-op students this past term (January to April). During this time I worked under Ed Maste, in the Foundation’s small Kitchener office, along with another co-op student Arshan Khanifar. My term has now come to an end, and so I’d like to share a little bit about my experience as a newcomer to FreeBSD and open-source development.\u003c/p\u003e\n  \n  \u003cp\u003eI’ll begin with some quick background — and a small admission of guilt. I have been an open-source user for a large part of my life. When I was a teenager I started playing around with Linux, which opened my eyes to the wider world of free software. Other than some small contributions to GNOME, my experience has been mostly as an end user; however, the value of these projects and the open-source philosophy was not lost on me, and is most of what motivated my interest in this position. Before beginning this term I had no personal experience with any of the BSDs, although I knew of their existence and was extremely excited to receive the position. I knew it would be a great opportunity for growth, but I must confess that my naivety about FreeBSD caused me to make the silent assumption that this would be a form of compromise — a stepping stone that would eventually allow me to work on open-source projects that are somehow “greater” or more “legitimate”. After four months spent immersed in this project I have learned how it operates, witnessed its community, and learned about its history. I am happy to admit that I was completely mistaken. Saying it now seems obvious, but FreeBSD is a project with its own distinct uses, goals, and identity. For many there may exist no greater opportunity than to work on FreeBSD full time, and with what I know now I would have a hard time coming up with a project that is more “legitimate”.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat I Liked\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIn all cases, the work I submitted this term was reviewed by no less than two people before being committed. The feedback and criticism I received was always both constructive and to the point, and it commented on everything from high-level ideas to small style issues. I appreciate having these thorough reviews in place, since I believe it ultimately encourages people to accept only their best work. It is indicative of the high quality that already exists within every aspect of this project, and this commitment to quality is something that should continue to be honored as a core value. As I’ve discovered in some of my previous work terms, it is all too easy cut corners in the name of a deadline or changing priorities, but the fact that FreeBSD doesn’t need to make these types of compromises is a testament to the power of free software.\u003c/p\u003e\n  \n  \u003cp\u003eIt’s a small thing, but the quality and completeness of the FreeBSD documentation was hugely helpful throughout my term. Everything you might need to know about utilities, library functions, the kernel, and more can be found in a man page; and the handbook is a great resource as both an introduction to the operating system and a reference. I only wish I had taken some time earlier in the term to explore the different documents more thoroughly, as they cover a wide range of interesting and useful topics. The effort people put into writing and maintaining FreeBSD’s documentation is easy to overlook, but its value cannot be overstated.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat I Learned\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAlthough there was a lot I enjoyed, there were certainly many struggles I faced throughout the term, and lessons to be learned from them. I expect that some of issues I faced may be specific to FreeBSD, while others may be common to open-source projects in general. I don’t have enough experience to speculate on which is which, so I will leave this to the reader.\u003c/p\u003e\n  \n  \u003cp\u003eThe first lesson can be summed up simply: you have to advocate for your own work. FreeBSD is made up in large part by volunteer efforts, and in many cases there is more work to go around than people available to do it. A consequence of this is that there will not be anybody there to check up on you. Even in my position where I actually had a direct supervisor, Ed often had his plate full with so many other things that the responsibility to find someone to look at my work fell to me. Admittedly, a couple of smaller changes I worked on got left behind or stuck in review simply because there wasn’t a clear person/place to reach out to.\u003c/p\u003e\n  \n  \u003cp\u003eI think this is both a barrier of entry to FreeBSD and a mental hurdle that I needed to get over. If there’s a change you want to see included or reviewed, then you may have to be the one to push for it, and there’s nothing wrong with that. Perhaps this process should be easier for newcomers or infrequent contributors (the disconnect between Bugzilla and Phabricator definitely leaves a lot to be desired), but we also have to be aware that this simply isn’t the reality right now. Getting your work looked at may require a little bit more self-motivation, but I’d argue that there are much worse problems a project like FreeBSD could have than this.\u003c/p\u003e\n  \n  \u003cp\u003eI understand this a lot better now, but it is still something I struggle with. I’m not naturally the type of person who easily connects with others or asks for help, so I see this as an area for future growth rather than simply a struggle I encountered and overcame over the course of this work term. Certainly it is an important skill to understand the value of your own work, and equally important is the ability to communicate that value to others.\u003c/p\u003e\n  \n  \u003cp\u003eI also learned the importance of starting small. My first week or two on the job mainly involved getting set up and comfortable with the workflow. After this initial stage, I began exploring the project and found myself overwhelmed by its scale. With so many possible areas to investigate, and so much work happening at once, I felt quite lost on where to begin. Many of the potential projects I found were too far beyond my experience level, and most small bugs were picked up and fixed quickly by more experienced contributors before I could even get to them.\u003c/p\u003e\n  \n  \u003cp\u003eIt’s easy to make the mistake that FreeBSD is made up solely of a few rock-star committers that do everything. This is how it appears at face-value, as reading through commits, bug reports, and mailing lists yields a few of the same names over and over. The reality is that just as important are the hundreds of users and infrequent contributors who take the time to submit bug reports, patches, or feedback. Even though there are some people who would fall under the umbrella of a rock-star committer, they didn’t get there overnight. Rather, they have built their skills and knowledge through many years of involvement in FreeBSD and similar projects.\u003c/p\u003e\n  \n  \u003cp\u003eAs a student coming into this project and having high expectations of myself, it was easy to set the bar too high by comparing myself against those big committers, and feel that my work was insignificant, inadequate, and simply too infrequent. In reality, there is no reason I should have felt this way. In a way, this comparison is disrespectful to those who have reached this level, as it took them a long time to get there, and it’s a humbling reminder that any skill worth learning requires time, patience, and dedication. It is easy to focus on an end product and simply wish to be there, but in order to be truly successful one must start small, and find satisfaction in the struggle of learning something new. I take pride in the many small successes I’ve had throughout my term here, and appreciate the fact that my journey into FreeBSD and open-source software is only just beginning.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eClosing Thoughts\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI would like to close with some brief thank-you’s. First, to everyone at the Foundation for being so helpful, and allowing this position to exist in the first place. I am extremely grateful to have been given this unique opportunity to learn about and give back to the open-source world. I’d also like to thank my office mates; Ed: for being an excellent mentor, who offered an endless wealth of knowledge and willingness to share it. My classmate and fellow intern Arshan: for giving me a sense of camaraderie and the comforting reminder that at many moments he was as lost as I was. Finally, a quick thanks to everyone else I crossed paths with who offered reviews and advice. I appreciate your help and look forward to working with you all further.\u003c/p\u003e\n  \n  \u003cp\u003eI am walking away from this co-op with a much greater appreciation for this project, and have made it a goal to remain involved in some capacity. I feel that I’ve gained a little bit of a wider perspective on my place in the software world, something I never really got from my previous co-ops. Whether it ends up being just a stepping stone, or the beginning of much larger involvement, I thoroughly enjoyed my time here.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003eRecent Developments in FreeBSD\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=333890\"\u003eSupport for encrypted, compressed (gzip and zstd), and network crash dumps enabled by default on most platforms\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=333649\"\u003eIntel Microcode Splitter\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=334005\"\u003eIntel Spec Store Bypass Disable control\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=333713\"\u003eRaspberry Pi 3B+ Ethernet Driver\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D15522\"\u003eIBRS for i386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpcoming:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D15523\"\u003eMicrocode updater for AMD CPUs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D15525\"\u003ethe RACK TCP/IP stack, from Netflix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVoting in the FreeBSD Core Election begins today:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\n\u003ca href=\"http://do.co/bsdnow\"\u003eDigital Ocean Promo Link for BSD Now Listeners\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shlomimarco.com/blog/running-freenas-on-a-digitalocean-droplet\"\u003eRunning FreeNAS on a DigitalOcean Droplet\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNeed to backup your FreeNAS offsite? Run a locked down instance in the cloud, and replicate to it\u003c/li\u003e\n\u003cli\u003eThe tutorial walks though the steps of converting a fresh FreeBSD based droplet into a FreeNAS\u003c/li\u003e\n\u003cli\u003eCreate a droplet, and add a small secondary block-storage device\u003c/li\u003e\n\u003cli\u003eBoot the droplet, login, and download FreeNAS\u003c/li\u003e\n\u003cli\u003eDisable swap, enable ‘foot shooting’ mode in GEOM\u003c/li\u003e\n\u003cli\u003euse dd to write the FreeNAS installer to the boot disk\u003c/li\u003e\n\u003cli\u003eReboot the droplet, and use the FreeNAS installer to install FreeNAS to the secondary block storage device\u003c/li\u003e\n\u003cli\u003eNow, reimage the droplet with FreeBSD again, to replace the FreeNAS installer\u003c/li\u003e\n\u003cli\u003eBoot, and dd FreeNAS from the secondary block storage device back to the boot disk\u003c/li\u003e\n\u003cli\u003eYou can now destroy the secondary block device\u003c/li\u003e\n\u003cli\u003eNow you have a FreeNAS, and can take it from there.\u003c/li\u003e\n\u003cli\u003eUse the FreeNAS replication wizard to configure sending snapshots from your home NAS to your cloud NAS\u003c/li\u003e\n\u003cli\u003eNote: You might consider creating a new block storage device to create a larger pool, that you can more easily grow over time, rather than using the boot device in the droplet as your main pool.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.vincentdelft.be/post/post_20180411\"\u003eNetwork Manager Control for OpenBSD (Updated)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGeneralities\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eI just remind the scope of this small tool:\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eallow you to pre-define several cable or wifi connections\u003c/li\u003e\n\u003cli\u003elet nmctl to connect automatically to the first available one\u003c/li\u003e\n\u003cli\u003eallow you to easily switch from one network connection to an other one\u003c/li\u003e\n\u003cli\u003ecreate openbox dynamic menus\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eEnhancements in this version\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThis is my second development version: 0.2.\n  I've added performed several changes in the code:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ecode style cleanup, to better match the python recommendations\u003c/li\u003e\n\u003cli\u003eadapt the tool to allow to connect to an Open-wifi having blancs in the name. This happens in some hotels\u003c/li\u003e\n\u003cli\u003eimplement a loop as work-around concerning the arp table issue.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe source code is still on the git of Sourceforge.net. \n   You can see the files \u003ca href=\"https://sourceforge.net/p/nmctl/code/ci/master/tree/\"\u003ehere\u003c/a\u003e\u003c/p\u003e\n  \n  \u003cp\u003eAnd you can download the last version \u003ca href=\"https://sourceforge.net/p/nmctl/code/ci/master/tarball\"\u003ehere\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFeedbacks after few months\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI'm using this script on my OpenBSD laptop since about 5 months. In my case, I'm mainly using the openbox menus and the --restart option.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Openbox menus\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe openbox menus are working fine. As explain in my previous blog, I just have to create 2 entries in my openbox's menu.xml file, and all the rest comes automatically from nmctl itself thanks to the --list and --scan options.\n  I've not changed this part of nmctl since it works as expected (for me :-) ).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe --restart option\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eBecause I'm very lazy, and because OpenBSD is very simple to use, I've added the command \"nmctl --restart\" in the /etc/apm/resume script. Thanks to apmd, this script will be used each time I'm opening the lid of my laptop. \n  In other words, each time I'll opening my laptop, nmctl will search the optimum network connection for me.\n  But I had several issues in this scenario.\n  Most of the problems were linked to the arp table issues. Indeed, in some circumstances, my proxy IP address was associated to the cable interface instead of the wifi interface or vice-versa. As consequence I'm not able to connect to the proxy, thus not able to connect to internet. So the ping to google (final test nmctl perform) is failing.\n  Knowing that anyhow, I'm doing a full arp cleanup, it's not clear for me from where this problem come from. To solve this situation I've implemented a \"retry\" concept. In other words, before testing an another possible network connection (as listed in my /etc/nmctl.conf file), the script try 3x the current connection's parameters.\n  If you want to reduce or increase this figures, you can do it via the --retry parameter.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eResults of my expertise with this small tool\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWhere ever I'm located, my laptop is now connecting automatically to the wifi / cable connection previously identified for this location.\n  Currently I have 3 places where I have Wifi credentials and 2 offices places where I just have to plug the network cable.\n  Since the /etc/apm/resume scripts is triggered when I open the lid of the laptop, I just have to make sure that I plug the RJ45 before opening the laptop. For the rest, I do not have to type any commands, OpenBSD do all what is needed ;-).\n  I hotels or restaurants, I can just connect to the Open Wifi thanks to the openbox menu created by \"nmctl --scan\".\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eNext steps\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDocumentation\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe tool is missing lot of documentation. I appreciate OpenBSD for his great documentation, so I have to do the same.\n  I plan to write a README and a man page at first instances.\n  But since my laziness, I will do it as soon as I see some interest for this tool from other persons.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTests\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI now have to travel and see how to see the script react on the different situations.\n  Interested persons are welcome to share with me the outcome of their tests.\n  I'm curious how it work.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://an.undulating.space/post/180411-erl-openbsd-upgrade/\"\u003eOpenBSD 6.3 on EdgeRouter Lite simple upgrade method\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTL;DR\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOpenBSD 6.3 oceton upgrade instructions may not factor that your ERL is running from the USB key they want wiped with the miniroot63.fs image loaded on.\n  Place the bsd.rd for OpenBSD 6.3 on the sd0i slice used by U-Boot for the kernel, and then edit the boot command to run it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ea tiny upgrade\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe OpenBSD documentation is comprehensive, but there might be rough corners around what are probably edge cases in their user base. People running EdgeRouter Lite hardware for example, who are looking to upgrade from 6.2 to 6.3.\n  The documentation, which gave us everything we needed last time, left me with some questions about how to upgrade. In INSTALL.octeon, the Upgrading section does mention:\n  The best solution, whenever possible, is to backup your data and reinstall from scratch\n  I had to check if that directive existed in the documentation for other architectures. I wondered if oceton users were getting singled out. We were not. Just simplicity and pragmatism.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eReading on:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eTo upgrade OpenBSD 6.3 from a previous version, start with the general instructions in the section \"Installing OpenBSD\".\n  But that section requires us to boot off of TFTP or NFS. Which I don’t want to do right now. Could also use a USB stick with the miniroot63.fs installed on it.\n  But as the ERL only has a single USB port, we would have to remove the USB stick with the current install on it. Once we get to the Install or Upgrade prompt, there would be nothing to upgrade.\n  Well, I guess I could use a USB hub. But the ERL’s USB port is inside the case. With all the screws in. And the tools are neatly put away. And I’d have to pull the USB hub from behind a workstation. And it’s two am. And I cleaned up the cabling in the lab this past weekend. Looks nice for once.\n  So I don’t want to futz around with all that.\n  There must be an almost imperceptibly easier way of doing this than setting up a TFTP server or NFS share in five minutes… Right?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\n\u003ca href=\"https://www.ixsystems.com/blog/boisetechshow-2018/\"\u003eBoise Technology Show 2018 Recap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://zfs.datto.com/\"\u003eOpenZFS User Conference Slides \u0026amp; Videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266112599\"\u003eThank you ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266112475\"\u003eZSTD Compression\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266111164\"\u003ePool Layout Considerations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266111346\"\u003eZFS Releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266112077\"\u003eHelping Developers Help You\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266112233\"\u003eZFS and MySQL on Linux\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266110985\"\u003eMicron\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266108105\"\u003eOSNEXUS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266107946\"\u003eZFS at Six Feet Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vimeo.com/album/5150026/video/266107372\"\u003eFlexible Disk Use with OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jvns.ca/blog/2018/05/11/batch-editing-files-with-ed/\"\u003eBatch editing files with ed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ewhat’s ‘ed’?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eed is this sort of terrifying text editor. A typical interaction with ed for me in the past has gone something like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\n$ ed\nhelp\n?\nh\n?\nasdfasdfasdfsadf\n?\n\u0026lt;close terminal in frustration\u0026gt;\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eBasically if you do something wrong, ed will just print out a single, unhelpful, ?. So I’d basically dismissed ed as an old arcane Unix tool that had no practical use today.\n  vi is a successor to ed, except with a visual interface instead of this ?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003esurprise: Ed is actually sort of cool and fun\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eSo if Ed is a terrifying thing that only prints ? at you, why am I writing a blog post about it? WELL!!!!\n  On April 1 this year, Michael W Lucas published a new short book called Ed Mastery. I like his writing, and even though it was sort of an april fool’s joke, it was ALSO a legitimate actual real book, and so I bought it and read it to see if his claims that Ed is actually interesting were true.\n  And it was so cool!!!! I found out:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ehow to get Ed to give you better error messages than just ?\u003c/li\u003e\n\u003cli\u003ethat the name of the grep command comes from ed syntax (g/re/p)\u003c/li\u003e\n\u003cli\u003ethe basics of how to navigate and edit files using ed\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAll of that was a cool Unix history lesson, but did not make me want to actually use Ed in real life. But!!!\u003c/p\u003e\n  \n  \u003cp\u003eThe other neat thing about Ed (that did make me want to use it!) is that any Ed session corresponds to a script that you can replay! So if I know Ed, then I can use Ed basically as a way to easily apply vim-macro-like programs to my files.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3186\"\u003eFreeBSD Mastery: Jails -- Help make it happen \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=MsY-BafQgj4\"\u003eVideo: OpenZFS Basics presented by George Wilson and Matt Ahrens at Scale 16x back in March 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2018/05/17/21257.html\"\u003eDragonFlyBSD’s IPFW gets highspeed lockless in-kernel NAT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/openbsd/comments/8ei00k/a_love_letter_to_openbsd/\"\u003eA Love Letter to OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3176\"\u003eNew talks, and the F-bomb\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://manpages.bsd.lv/mdoc.html\"\u003ePractical UNIX Manuals: mdoc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-advocacy/2018-May/004758.html\"\u003eBSD Meetup in Zurich: May 24th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.eventbrite.com/e/the-polish-bsd-user-group-1-meetup-tickets-45941857332\"\u003eBSD Meetup in Warsaw: May 24th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://meetbsd.com/\"\u003eMeetBSD 2018\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeth - \u003ca href=\"http://dpaste.com/12R65X4#wrap\"\u003eFirst time poudriere Builder\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFarhan - \u003ca href=\"http://dpaste.com/1GHCGY5#wrap\"\u003eWhy we didn't go FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003earchitech - \u003ca href=\"http://dpaste.com/1H72FGE#wrap\"\u003eEncryption Feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDave - \u003ca href=\"http://dpaste.com/27YH93Y#wrap\"\u003eHandy Tip on setting up automated coredump handling for FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD internship learnings, exciting developments coming to FreeBSD, running FreeNAS on DigitalOcean, Network Manager control for OpenBSD, OpenZFS User Conference Videos are here and batch editing files with ed.","date_published":"2018-05-24T15:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/31bf045b-2e53-459e-a40e-993a51ceccdb.mp3","mime_type":"audio/mp3","size_in_bytes":54062460,"duration_in_seconds":5399}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1954","title":"Episode 246: Properly Coordinated Disclosure | BSD Now 246","url":"https://www.bsdnow.tv/246","content_text":"How Intel docs were misinterpreted by almost any OS, a look at the mininet SDN emulator, do’s and don’ts for FreeBSD, OpenBSD community going gold, ed mastery is a must read, and the distributed object store minio on FreeBSD.\n\nHeadlines\n\nIntel documentation flaw sees instruction misimplemented in almost every OS\n\n\n  A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash.\n  OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. \n  + A detailed white paper describes this behavior here\n  + FreeBSD Commit\n  Thank you to the MSRC Incident Response Team, and in particular Greg Lenti and Nate Warfield, for coordinating the response to this issue across multiple vendors.\n  Thanks to Computer Recycling at The Working Center of Kitchener for making hardware available to allow us to test the patch on additional CPU families.\n  + FreeBSD Security Advisory\n  + DragonFlyBSD Post\n  + NetBSD does not support debug register and so is not affected.\n  + OpenBSD also appears to not be affected, “We are not aware of further vendor information regarding this vulnerability.”\n  + IllumOS Not Impacted\n\n\n\n\nGuest Post – A Look at SDN Emulator Mininet\n\n\nA guest post on the FreeBSD Foundation’s blog by developer Ayaka Koshibe\n\n\n\n  At this year’s AsiaBSDCon, I presented a talk about a SDN network emulator called Mininet, and my ongoing work to make it more portable. That presentation was focused on the OpenBSD version of the port, and I breezed past the detail that I also had a version or Mininet working on FreeBSD. Because I was given the opportunity, I’d like to share a bit about the FreeBSD version of Mininet. It will not only be about what Mininet is and why it might be interesting, but also a recounting of my experience as a user making a first-time attempt at porting an application to FreeBSD.\n  Mininet started off as a tool used by academic researchers to emulate OpenFlow networks when they didn’t have convenient access to actual networks. Because of its history, Mininet became associated strongly with networks that use OpenFlow for their control channels. But, it has also become fairly popular among developers working in, and among several universities for research and teaching about, SDN (Software Defined Networking)\n  I began using Mininet as an intern at my university’s network research lab. I was using FreeBSD by that time, and wasn’t too happy to learn that Mininet wouldn’t work on anything but Linux. I gradually got tired of having to run a Linux VM just to use Mininet, and one day it clicked in my mind that I can actually try porting it to FreeBSD.\n  Mininet creates a topology using the resource virtualization features that Linux has. Specifically, nodes are bash processes running in network namespaces, and the nodes are interconnected using veth virtual Ethernet links. Switches and controllers are just nodes whose shells have run the right commands to configure a software switch or start a controller application. Mininet can therefore be viewed as a series of Python libraries that run the system commands necessary to create network namespaces and veth interfaces, assemble a specified topology, and coordinate how user commands aimed at nodes (since they are just shells) are run.\n  Coming back to the port, I chose to use vnet jails to replace the network namespaces, and epair(4) links to replace the veth links. For the SDN functionality, I needed at least one switch and controller that can be run on FreeBSD. I chose OpenvSwitch(OVS) for the switch, since it was available in ports and is well-known by the SDN world, and Ryu for the controller since it’s being actively developed and used and supports more recent versions of OpenFlow.\n  I have discussed the possibility of upstreaming my work. Although they were excited about it, I was asked about a script for creating VMs with Mininet preinstalled, and continuous integration support for my fork of the repository. I started taking a look at the release scripts for creating a VM, and after seeing that it would be much easier to use the scripts if I can get Mininet and Ryu added to the ports tree, I also tried a hand at submitting some ports. For CI support, Mininet uses Travis, which unfortunately doesn’t support FreeBSD. For this, I plan to look at a minimalistic CI tool called contbuild, which looks simple enough to get running and is written portably.\n  This is very much a work-in-progress, and one going at a glacial pace. Even though the company that I work for does use Mininet, but doesn’t use FreeBSD, so this is something that I’ve been working on in my free time. Earlier on, it was the learning curve that made progress slow. When I started, I hadn’t done anything more than run FreeBSD on a laptop, and uneventfully build a few applications from the ports tree. Right off the bat, using vnet jails meant learning how to build and run a custom kernel. This was the easy part, as the handbook was clear about how to do this. When I moved from using FreeBSD 10.3 to 11, I found that I can panic my machine by quickly creating and destroying OVS switches and jails. I submitted a bug report, but decided to go one step further and actually try to debug the panic for myself. With the help of a few people well-versed in systems programming and the developer’s handbook, I was able to come up with a fix, and get it accepted. This pretty much brings my porting experiment to the present day, where I’m slowly working out the pieces that I mentioned earlier.\n  In the beginning, I thought that this Mininet port would be a weekend project where I come out knowing thing or two about using vnet jails and with one less VM to run. Instead, it became a crash course in building and debugging kernels and submitting bug reports, patches, and ports. It’d like to mention that I wouldn’t have gotten far at all if it weren’t for the helpful folks, the documentation, and how debuggable FreeBSD is. I enjoy good challenges and learning experiences, and this has definitely been both.\n  Thank you to Ayaka for working to port Mininet to the BSDs, and for sharing her experiences with us.\n  If you want to see the OpenBSD version of the talk, the video from AsiaBSDCon is here, and it will be presented again at BSDCan.\n  \n  \n\n\n**iXsystems**\n[iXsystems LFNW Recap](https://www.ixsystems.com/blog/lfnw-2018-recap/)\n\n\n\n\n\n\n\n\n10 Beginner Do's and Don't for FreeBSD\n\n\n1) Don't mix ports and binary packages\n2) Don't edit 'default' files\n3) Don't mess with /etc/crontab\n4) Don't mess with /etc/passwd and /etc/groups either!\n5) Reconsider the removal of any options from your customized kernel configuration\n6) Don't change the root shell to something else\n7) Don't use the root user all the time\n8) /var/backups is a thing\n9) Check system integrity using /etc/mtree\n10) What works for me doesn't have to work for you!\n\n\n\n\nNews Roundup\n\nOpenBSD Community Goes Gold for 2018!\n\n\nKen Westerback (krw@ when wearing his developer hat) writes:\n\n\n```\nMonthly paypal donations from the OpenBSD community have made the community the OpenBSD Foundation's first Gold level contributor for 2018!\n\n2018 is the third consecutive year that the community has reached Gold status or better.\n\nThese monthly paypal commitments by the community are our most reliable source of funds and thus the most useful for financial planning purposes. We are extremely thankful for the continuing support and hope the community matches their 2017 achievement of Platinum status. Or even their 2016 achievement of Iridium status.\n\nSign up now for a monthly donation!\n\nNote that Bitcoin contributions have been re-enabled now that our Bitcoin intermediary has re-certified our Canadian paperwork.\n\nhttps://www.openbsdfoundation.org/donations.html\n```\n\n\n\ned(1) mastery is a must read for real unix people\n\n\n  In some circles on the Internet, your choice of text editor is a serious matter.\n  \n  We've all seen the threads on mailing lits, USENET news groups and web forums about the relative merits of Emacs vs vi, including endless iterations of flame wars, and sometimes even involving lesser known or non-portable editing environments.\n  \n  And then of course, from the Linux newbies we have seen an endless stream of tweeted graphical 'memes' about the editor vim (aka 'vi Improved') versus the various apparently friendlier-to-some options such as GNU nano. Apparently even the 'improved' version of the classical and ubiquitous vi(1) editor is a challenge even to exit for a significant subset of the younger generation.\n  \n  Yes, your choice of text editor or editing environment is a serious matter. Mainly because text processing is so fundamental to our interactions with computers.\n  \n  But for those of us who keep our systems on a real Unix (such as OpenBSD or FreeBSD), there is no real contest. The OpenBSD base system contains several text editors including vi(1) and the almost-emacs mg(1), but ed(1) remains the standard editor.\n  \n  Now Michael Lucas has written a book to guide the as yet uninitiated to the fundamentals of the original Unix text editor. It is worth keeping in mind that much of Unix and its original standard text editor written back when the standard output and default user interface was more likely than not a printing terminal.\n  \n  To some of us, reading and following the narrative of Ed Mastery is a trip down memory lane. To others, following along the text will illustrate the horror of the world of pre-graphic computer interfaces. For others again, the fact that ed(1) doesn't use your terminal settings much at all offers hope of fixing things when something or somebody screwed up your system so you don't have a working terminal for that visual editor.\n\n\n\n\nDigitalOcean\nDigital Ocean Promo Link for BSD Now Listeners\n\n\n\nDistributed Object Storage with Minio on FreeBSD\n\n\n  Free and open source distributed object storage server compatible with Amazon S3 v2/v4 API. Offers data protection against hardware failures using erasure code and bitrot detection. Supports highly available distributed setup. Provides confidentiality, integrity and authenticity assurances for encrypted data with negligible performance overhead. Both server side and client side encryption are supported. Below is the image of example Minio setup.\n\n\n\nArchitecture Diagram \n\n\nThe Minio identifies itself as the ZFS of Cloud Object Storage. This guide will show You how to setup highly available distributed Minio storage on the FreeBSD operating system with ZFS as backend for Minio data. For convenience we will use FreeBSD Jails operating system level virtualization.\n\n\nSetup\n\n\n\n  The setup will assume that You have 3 datacenters and assumption that you have two datacenters in whose the most of the data must reside and that the third datacenter is used as a ‘quorum/witness’ role. Distributed Minio supports up to 16 nodes/drives total, so we may juggle with that number to balance data between desired datacenters. As we have 16 drives to allocate resources on 3 sites we will use 7 + 7 + 2 approach here. The datacenters where most of the data must reside have 7/16 ratio while the ‘quorum/witness’ datacenter have only 2/16 ratio. Thanks to built in Minio redundancy we may loose (turn off for example) any one of those machines and our object storage will still be available and ready to use for any purpose.\n\n\n\nJails\n\n\n\n  First we will create 3 jails for our proof of concept Minio setup, storage1 will have the ‘quorum/witness’ role while storage2 and storage3 will have the ‘data’ role. To distinguish commands I type on the host system and storageX Jail I use two different prompts, this way it should be obvious what command to execute and where.\n\n\n\nWeI know the FreeNAS people have been working on integrating this\n\n\n\n\nBest practises for pledge(2) security\n\n\n  Let's set the record straight for securing kcgi CGI and FastCGI applications with pledge(2). This is focussed on secure OpenBSD deployments.\n\n\n\nTheory\n\n\n\n  Internally, kcgi makes considerable use of available security tools. But it's also designed to be invoked in a secure environment. We'll start with pledge(2), which has been around on OpenBSD since version 5.9. If you're reading this tutorial, you're probably on OpenBSD, and you probably have knowledge of pledge(2).\n  \n  How to begin? Read kcgi(3). It includes canonical information on which pledge(2) promises you'll need for each function in the library. This is just a tutorial—the manpage is canonical and overrides what you may read here.\n  \n  Next, assess the promises that your application needs. From kcgi(3), it's easy to see which promises we'll need to start. You'll need to augment this list with whichever tools you're also using. The general push is to start with the broadest set of required promises, then restrict as quickly as possible. Sometimes this can be done in a single pledge(2), but other times it takes a few.\n\n\n\n\nBeastie Bits\n\n\nApril's London *BSD meetup - notes\nMay’s London *BSD Meetup: May 22nd \nCall for Papers for EuroBSDcon 2018\nFreeBSD Journal March/April Desktop/Laptop issue\nLWN followup on the PostgreSQL fsync() issue\nThe Association for Computing Machinery recognizes Steve Bourne for outstanding contributions\n\n\n\n\nFeedback/Questions\n\n\nRay - Speaking at Conferences\nCasey - Questions\nJeremy - zfs in the enterprise\nHAST + ZFS\nLars - Civil Infrastructure Platform use of *BSD\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eHow Intel docs were misinterpreted by almost any OS, a look at the mininet SDN emulator, do’s and don’ts for FreeBSD, OpenBSD community going gold, ed mastery is a must read, and the distributed object store minio on FreeBSD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html\"\u003eIntel documentation flaw sees instruction misimplemented in almost every OS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eA statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash.\n  OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. \n  + A detailed white paper describes this behavior \u003ca href=\"http://everdox.net/popss.pdf\"\u003ehere\u003c/a\u003e\n  + \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=333368\"\u003eFreeBSD Commit\u003c/a\u003e\n  Thank you to the MSRC Incident Response Team, and in particular Greg Lenti and Nate Warfield, for coordinating the response to this issue across multiple vendors.\n  Thanks to Computer Recycling at The Working Center of Kitchener for making hardware available to allow us to test the patch on additional CPU families.\n  + \u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc\"\u003eFreeBSD Security Advisory\u003c/a\u003e\n  + \u003ca href=\"https://www.dragonflydigest.com/2018/05/09/21231.html\"\u003eDragonFlyBSD Post\u003c/a\u003e\n  + \u003ca href=\"https://www.kb.cert.org/vuls/id/CHEU-AYC3MZ\"\u003eNetBSD does not support debug register and so is not affected.\u003c/a\u003e\n  + \u003ca href=\"https://www.kb.cert.org/vuls/id/CHEU-AYC3MR\"\u003eOpenBSD also appears to not be affected, “We are not aware of further vendor information regarding this vulnerability.”\u003c/a\u003e\n  + \u003ca href=\"https://illumos.topicbox.com/groups/developer/T9cd475bd5497caa9\"\u003eIllumOS Not Impacted\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/guest-post-a-look-at-sdn-emulator-mininet/\"\u003eGuest Post – A Look at SDN Emulator Mininet\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA guest post on the FreeBSD Foundation’s blog by developer Ayaka Koshibe\n\n\n\u003cblockquote\u003e\n  At this year’s AsiaBSDCon, I presented a talk about a SDN network emulator called Mininet, and my ongoing work to make it more portable. That presentation was focused on the OpenBSD version of the port, and I breezed past the detail that I also had a version or Mininet working on FreeBSD. Because I was given the opportunity, I’d like to share a bit about the FreeBSD version of Mininet. It will not only be about what Mininet is and why it might be interesting, but also a recounting of my experience as a user making a first-time attempt at porting an application to FreeBSD.\n  Mininet started off as a tool used by academic researchers to emulate OpenFlow networks when they didn’t have convenient access to actual networks. Because of its history, Mininet became associated strongly with networks that use OpenFlow for their control channels. But, it has also become fairly popular among developers working in, and among several universities for research and teaching about, SDN (Software Defined Networking)\n  I began using Mininet as an intern at my university’s network research lab. I was using FreeBSD by that time, and wasn’t too happy to learn that Mininet wouldn’t work on anything but Linux. I gradually got tired of having to run a Linux VM just to use Mininet, and one day it clicked in my mind that I can actually try porting it to FreeBSD.\n  Mininet creates a topology using the resource virtualization features that Linux has. Specifically, nodes are bash processes running in network namespaces, and the nodes are interconnected using veth virtual Ethernet links. Switches and controllers are just nodes whose shells have run the right commands to configure a software switch or start a controller application. Mininet can therefore be viewed as a series of Python libraries that run the system commands necessary to create network namespaces and veth interfaces, assemble a specified topology, and coordinate how user commands aimed at nodes (since they are just shells) are run.\n  Coming back to the port, I chose to use vnet jails to replace the network namespaces, and epair(4) links to replace the veth links. For the SDN functionality, I needed at least one switch and controller that can be run on FreeBSD. I chose OpenvSwitch(OVS) for the switch, since it was available in ports and is well-known by the SDN world, and Ryu for the controller since it’s being actively developed and used and supports more recent versions of OpenFlow.\n  I have discussed the possibility of upstreaming my work. Although they were excited about it, I was asked about a script for creating VMs with Mininet preinstalled, and continuous integration support for my fork of the repository. I started taking a look at the release scripts for creating a VM, and after seeing that it would be much easier to use the scripts if I can get Mininet and Ryu added to the ports tree, I also tried a hand at submitting some ports. For CI support, Mininet uses Travis, which unfortunately doesn’t support FreeBSD. For this, I plan to look at a minimalistic CI tool called contbuild, which looks simple enough to get running and is written portably.\n  This is very much a work-in-progress, and one going at a glacial pace. Even though the company that I work for does use Mininet, but doesn’t use FreeBSD, so this is something that I’ve been working on in my free time. Earlier on, it was the learning curve that made progress slow. When I started, I hadn’t done anything more than run FreeBSD on a laptop, and uneventfully build a few applications from the ports tree. Right off the bat, using vnet jails meant learning how to build and run a custom kernel. This was the easy part, as the handbook was clear about how to do this. When I moved from using FreeBSD 10.3 to 11, I found that I can panic my machine by quickly creating and destroying OVS switches and jails. I submitted a bug report, but decided to go one step further and actually try to debug the panic for myself. With the help of a few people well-versed in systems programming and the developer’s handbook, I was able to come up with a fix, and get it accepted. This pretty much brings my porting experiment to the present day, where I’m slowly working out the pieces that I mentioned earlier.\n  In the beginning, I thought that this Mininet port would be a weekend project where I come out knowing thing or two about using vnet jails and with one less VM to run. Instead, it became a crash course in building and debugging kernels and submitting bug reports, patches, and ports. It’d like to mention that I wouldn’t have gotten far at all if it weren’t for the helpful folks, the documentation, and how debuggable FreeBSD is. I enjoy good challenges and learning experiences, and this has definitely been both.\u003c/li\u003e\n  \u003cli\u003eThank you to Ayaka for working to port Mininet to the BSDs, and for sharing her experiences with us.\u003c/li\u003e\n  \u003cli\u003eIf you want to see the OpenBSD version of the talk, the video from \u003ca href=\"https://www.youtube.com/watch?v=Vg9Czjm9aV8\"\u003eAsiaBSDCon is here\u003c/a\u003e, and it will be presented again at BSDCan.\u003c/li\u003e\n  \u003c/ul\u003e\n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n**iXsystems**\n[iXsystems LFNW Recap](https://www.ixsystems.com/blog/lfnw-2018-recap/)\n\n\n\u003chr /\u003e\n\n\n\n\n\n\u003ch3\u003e\u003ca href=\"https://forums.freebsd.org/threads/10-dos-and-dont-for-freebsd.65618/\"\u003e10 Beginner Do's and Don't for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e1) Don't mix ports and binary packages\u003c/li\u003e\n\u003cli\u003e2) Don't edit 'default' files\u003c/li\u003e\n\u003cli\u003e3) Don't mess with /etc/crontab\u003c/li\u003e\n\u003cli\u003e4) Don't mess with /etc/passwd and /etc/groups either!\u003c/li\u003e\n\u003cli\u003e5) Reconsider the removal of any options from your customized kernel configuration\u003c/li\u003e\n\u003cli\u003e6) Don't change the root shell to something else\u003c/li\u003e\n\u003cli\u003e7) Don't use the root user all the time\u003c/li\u003e\n\u003cli\u003e8) /var/backups is a thing\u003c/li\u003e\n\u003cli\u003e9) Check system integrity using /etc/mtree\u003c/li\u003e\n\u003cli\u003e10) What works for me doesn't have to work for you!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180419060427\"\u003eOpenBSD Community Goes Gold for 2018!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eKen Westerback (krw@ when wearing his developer hat) writes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e```\nMonthly paypal donations from the OpenBSD community have made the community the OpenBSD Foundation's first Gold level contributor for 2018!\u003c/p\u003e\n\n\u003cp\u003e2018 is the third consecutive year that the community has reached Gold status or better.\u003c/p\u003e\n\n\u003cp\u003eThese monthly paypal commitments by the community are our most reliable source of funds and thus the most useful for financial planning purposes. We are extremely thankful for the continuing support and hope the community matches their 2017 achievement of Platinum status. Or even their 2016 achievement of Iridium status.\u003c/p\u003e\n\n\u003cp\u003eSign up now for a monthly donation!\u003c/p\u003e\n\n\u003cp\u003eNote that Bitcoin contributions have been re-enabled now that our Bitcoin intermediary has re-certified our Canadian paperwork.\u003c/p\u003e\n\n\u003cp\u003ehttps://www.openbsdfoundation.org/donations.html\n```\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2018/04/ed1-mastery-is-must-for-real-unix-person.html\"\u003eed(1) mastery is a must read for real unix people\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIn some circles on the Internet, your choice of text editor is a serious matter.\u003c/p\u003e\n  \n  \u003cp\u003eWe've all seen the threads on mailing lits, USENET news groups and web forums about the relative merits of Emacs vs vi, including endless iterations of flame wars, and sometimes even involving lesser known or non-portable editing environments.\u003c/p\u003e\n  \n  \u003cp\u003eAnd then of course, from the Linux newbies we have seen an endless stream of tweeted graphical 'memes' about the editor vim (aka 'vi Improved') versus the various apparently friendlier-to-some options such as GNU nano. Apparently even the 'improved' version of the classical and ubiquitous vi(1) editor is a challenge even to exit for a significant subset of the younger generation.\u003c/p\u003e\n  \n  \u003cp\u003eYes, your choice of text editor or editing environment is a serious matter. Mainly because text processing is so fundamental to our interactions with computers.\u003c/p\u003e\n  \n  \u003cp\u003eBut for those of us who keep our systems on a real Unix (such as OpenBSD or FreeBSD), there is no real contest. The OpenBSD base system contains several text editors including vi(1) and the almost-emacs mg(1), but ed(1) remains the standard editor.\u003c/p\u003e\n  \n  \u003cp\u003eNow Michael Lucas has written a book to guide the as yet uninitiated to the fundamentals of the original Unix text editor. It is worth keeping in mind that much of Unix and its original standard text editor written back when the standard output and default user interface was more likely than not a printing terminal.\u003c/p\u003e\n  \n  \u003cp\u003eTo some of us, reading and following the narrative of Ed Mastery is a trip down memory lane. To others, following along the text will illustrate the horror of the world of pre-graphic computer interfaces. For others again, the fact that ed(1) doesn't use your terminal settings much at all offers hope of fixing things when something or somebody screwed up your system so you don't have a working terminal for that visual editor.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\n\u003ca href=\"http://do.co/bsdnow\"\u003eDigital Ocean Promo Link for BSD Now Listeners\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/04/16/distributed-object-storage-with-minio-on-freebsd/\"\u003eDistributed Object Storage with Minio on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eFree and open source distributed object storage server compatible with Amazon S3 v2/v4 API. Offers data protection against hardware failures using erasure code and bitrot detection. Supports highly available distributed setup. Provides confidentiality, integrity and authenticity assurances for encrypted data with negligible performance overhead. Both server side and client side encryption are supported. Below is the image of example Minio setup.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.files.wordpress.com/2018/04/minio-architecture-diagram-distributed.jpg?w=960\"\u003eArchitecture Diagram \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThe Minio identifies itself as the ZFS of Cloud Object Storage. This guide will show You how to setup highly available distributed Minio storage on the FreeBSD operating system with ZFS as backend for Minio data. For convenience we will use FreeBSD Jails operating system level virtualization.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSetup\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe setup will assume that You have 3 datacenters and assumption that you have two datacenters in whose the most of the data must reside and that the third datacenter is used as a ‘quorum/witness’ role. Distributed Minio supports up to 16 nodes/drives total, so we may juggle with that number to balance data between desired datacenters. As we have 16 drives to allocate resources on 3 sites we will use 7 + 7 + 2 approach here. The datacenters where most of the data must reside have 7/16 ratio while the ‘quorum/witness’ datacenter have only 2/16 ratio. Thanks to built in Minio redundancy we may loose (turn off for example) any one of those machines and our object storage will still be available and ready to use for any purpose.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eJails\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eFirst we will create 3 jails for our proof of concept Minio setup, storage1 will have the ‘quorum/witness’ role while storage2 and storage3 will have the ‘data’ role. To distinguish commands I type on the host system and storageX Jail I use two different prompts, this way it should be obvious what command to execute and where.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWeI know the FreeNAS people have been working on integrating this\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kristaps.bsd.lv/kcgi/tutorial6.html\"\u003eBest practises for pledge(2) security\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eLet's set the record straight for securing kcgi CGI and FastCGI applications with pledge(2). This is focussed on secure OpenBSD deployments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTheory\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eInternally, kcgi makes considerable use of available security tools. But it's also designed to be invoked in a secure environment. We'll start with pledge(2), which has been around on OpenBSD since version 5.9. If you're reading this tutorial, you're probably on OpenBSD, and you probably have knowledge of pledge(2).\u003c/p\u003e\n  \n  \u003cp\u003eHow to begin? Read kcgi(3). It includes canonical information on which pledge(2) promises you'll need for each function in the library. This is just a tutorial—the manpage is canonical and overrides what you may read here.\u003c/p\u003e\n  \n  \u003cp\u003eNext, assess the promises that your application needs. From kcgi(3), it's easy to see which promises we'll need to start. You'll need to augment this list with whichever tools you're also using. The general push is to start with the broadest set of required promises, then restrict as quickly as possible. Sometimes this can be done in a single pledge(2), but other times it takes a few.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-April/014194.html\"\u003eApril's London *BSD meetup - notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-May/014198.html\"\u003eMay’s London *BSD Meetup: May 22nd \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/call-for-papers/\"\u003eCall for Papers for EuroBSDcon 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/journal/\"\u003eFreeBSD Journal March/April Desktop/Laptop issue\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lwn.net/Articles/752063/\"\u003eLWN followup on the PostgreSQL fsync() issue\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://awards.acm.org/outstanding-contribution\"\u003eThe Association for Computing Machinery recognizes Steve Bourne for outstanding contributions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eRay - \u003ca href=\"http://dpaste.com/1F8RX6H#wrap\"\u003eSpeaking at Conferences\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCasey - \u003ca href=\"http://dpaste.com/364FTMM#wrap\"\u003eQuestions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJeremy - \u003ca href=\"http://dpaste.com/3GWHP9N#wrap\"\u003ezfs in the enterprise\u003c/a\u003e\n\u003cul\u003e\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/HAST\"\u003eHAST + ZFS\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLars - \u003ca href=\"http://dpaste.com/1HDZFA3\"\u003eCivil Infrastructure Platform use of *BSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"How Intel docs were misinterpreted by almost any OS, a look at the mininet SDN emulator, do’s and don’ts for FreeBSD, OpenBSD community going gold, ed mastery is a must read, and the distributed object store minio on FreeBSD.","date_published":"2018-05-17T01:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ef0afdeb-1a67-441c-9317-8405a2572cd6.mp3","mime_type":"audio/mp3","size_in_bytes":54017115,"duration_in_seconds":5394}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1913","title":"Episode 245: ZFS User Conf 2018 | BSD Now 245","url":"https://www.bsdnow.tv/245","content_text":"Allan’s recap of the ZFS User conference, first impressions of OmniOS by a BSD user, Nextcloud 13 setup on FreeBSD, OpenBSD on a fanless desktop computer, an intro to HardenedBSD, and DragonFlyBSD getting some SMP improvements.\n\n\nHeadlines\n\nZFS User Conference Recap\n\n\nAttendees met for breakfast on the fourth floor, in a lunchroom type area just outside of the theatre. One entire wall was made of lego base plates, and there were buckets of different coloured lego embedded in the wall.\nThe talks started with Matt Ahrens discussing how the 2nd most requested feature of ZFS, Device Removal, has now landed, then pivoting into the MOST requested feature, RAID-Z expansion, and his work on that so far, which included the first functional prototype, on FreeBSD.\nThen our friend Calvin Hendryx-Parker presented how he solves all of his backup headaches with ZFS. I provided him some helpful hints to optimize his setup and improve the throughput of his backups\nThen Steven Umbehocker of OSNEXUS talked about their products, and how they manage large numbers of ZFS nodes\nAfter a very nice lunch, Orlando Pichardo of Micron talked about the future of flash, and their new 7.5TB SATA SSDs. Discussion of these devices after the talk may lead to enhancements to ZFS to better support these new larger flash devices that use larger logical sector sizes.\nAlek Pinchuk of Datto talked about Pool Layout Considerations\nthen Tony Hutter of LLNL talked about the release process for ZFS on Linux\nThen Tom Caputi of Datto presented: Helping Developers Help You, guidance for users submitting bug reports, with some good and bad examples\nThen we had a nice cocktail party and dinner, and stayed late into the night talked about ZFS\nThe next day, Jervin Real of Percona, presented: ZFS and MySQL on Linux, the Sweet Spots. Mostly outlining some benchmark they had done, some of the results were curious and some additional digging may turn up enhancements that can be made to ZFS, or just better tuning advice for high traffic MySQL servers.\nThen I presented my ZSTD compression work, which had been referenced in 2 of the previous talks, as people are anxious to get their hands on this code.\nLastly, Eric Sproul of Circonus, gave his talk: Thank You, ZFS. It thanked ZFS and its Community for making their companies product possible, and then provided an update to his presentation from last year, where they were having problems with extremely high levels of ZFS fragmentation. This also sparked a longer conversation after the talk was over.\nThen we had a BBQ lunch, and after some more talking, the conference broke up.\n\n\n\n\nInitial OmniOS impressions by a BSD user\n\n\n  I had been using FreeBSD as my main web server OS since 2012 and I liked it so much that I even contributed money and code to it. However, since the FreeBSD guys (and gals) decided to install anti-tech feminism, I have been considering to move away from it for quite some time now.\n  \n  As my growing needs require stronger hardware, it was finally time to rent a new server. I do not intend to run FreeBSD on it. Although the most obvious choice would be OpenBSD (I run it on another server and it works just fine), I plan to have a couple of databases running on the new machine, and database throughput has never been one of OpenBSD's strong points. This is my chance to give illumos another try. As neither WiFi nor desktop environments are relevant on a no-X11 server, the server-focused OmniOS seemed to fit my needs.\n  \n  My current (to be phased out) setup on FreeBSD is:\n\n\n\napache24 with SSL support, running five websites on six domains (both HTTP and HTTPS)\na (somewhat large) Tiny Tiny RSS installation from git, updated via cronjob\nsbcl running a daily cronjob of my Web-to-RSS parser\nan FTP server where I share stuff with friends\nan IRC bouncer\nMariaDB and PostgreSQL for some of the hosted services\n\n\n\n  I would not consider anything of that too esoteric for a modern operating system. Since I was not really using anything mod_rewrite-related, I was perfectly ready to replace apache24 by nginx, remembering that the prepackaged apache24 on FreeBSD did not support HTTPS out of the box and I had ended up installing it from the ports. That is the only change in my setup which I am actively planning.\n  \n  So here's what I noticed.\n\n\n\nFirst impressions:\n\n\n\n  Hooray, a BSD boot loader! Finally an operating system without grub - I made my experiences with that and I don't want to repeat them too often.\n  \n  It is weird that the installer won't accept \"mydomain.org\" as a hostname but sendmail complains that \"mydomain\" is not a valid hostname right from the start, OmniOS sent me into Maintenance Mode to fix that. A good start, right? So the first completely new thing I had to find out on my new shiny toy was how to change the hostname. There is no /etc/rc.conf in it and hostname mydomain.org was only valid for one login session. I found out that the hostname has to be changed in three different files under /etc on Solaris - the third one did not even exist for me. Changing the other two files seems to have solved this problem for me.\n\n\n\nRandom findings:\n\n\n\n  ~ I was wondering how many resources my (mostly idle) new web server was using - I always thought Solaris was rather fat, but it still felt fast to me.\n  \n  Ah, right - we're in Unixland and we need to think outside of the box. This table was really helpful: although a number of things are different between OmniOS and SmartOS, I found out that the *stat tools do what top does. I could probably just install top from one of the package managers, but I failed to find a reason to do so. I had 99% idle CPU and RAM - that's all I wanted to know.\n  \n  ~ Trying to set up twtxt informed me that Python 3.6 (from pkgin) expects LANG and LC_ALL to be set. Weird - did FreeBSD do that for me? It's been a while ... at least that was easy to fix.\n  \n  ~ SMF - Solaris's version of init - confuses me. It has \"levels\" similar to Gentoo's OpenRC, but it mostly shuts up during the boot process. Stuff from pkgsrc, e.g. nginx, comes with a description how to set up the particular service, but I should probably read more about it. What if, one day, I install a package which is not made ready for OmniOS? I'll have to find out how to write SMF scripts. But that should not be my highest priority.\n  \n  ~ The OmniOS documentation talks a lot about \"zones\" which, if I understand that correctly, mostly equal FreeBSD's \"jails\". This could be my chance to try to respect a better separation between my various services - if my lazyness won't take over again. (It probably will.)\n  \n  ~ OmniOS's default shell - rather un-unixy - seems to be the bash. Update: I was informed about a mistake here: the default shell is ksh93, there are bogus .bashrc files lying around though.\n  \n  ~ Somewhere in between, my sshd had a hiccup or, at least, logging into it took longer than usual. If that happens again, I should investigate.\n\n\n\nConclusion:\n\n\n\n  By the time of me writing this, I have a basic web server with an awesome performance and a lot of applications ready to be configured only one click away. The more I play with it, the more I have the feeling that I have missed a lot while wasting my time with FreeBSD. For a system that is said to be \"dying\", OmniOS feels well-thought and, when equipped with a reasonable package management, comes with everything I need to reproduce my FreeBSD setup without losing functionality.\n  \n  I'm looking forward to what will happen with it.\n\n\n\n\nDigitalOcean\nhttp://do.co/bsdnow\n\n[Open Source Hardware Camp 2018 — Sat 30/06 \u0026amp; Sun 01/07, Lincoln, UK\n\n(includes 'Open-source RISC-V core quickstart' and 'An introductory workshop to NetBSD on embedded platforms')](http://oshug.org/pipermail/oshug/2018-April/000635.html)\n\n```\nHi All,\n\nI'm pleased to announce that we have 10 talks and 7 workshops confirmed\nfor Open Source Hardware Camp 2018, with the possibility of one or two\nmore. Registration is now open!\n\nFor the first time ever we will be hosting OSHCamp in Lincoln and a huge\nthanks to Sarah Markall for helping to make this happen.\n\nAs in previous years, there will be a social event on the Saturday\nevening and we have a room booked at the Wig and Mitre. Food will be\navailable.\n\nThere will likely be a few of us meeting up for pre-conference drinks on\nthe Friday evening also.\n\nDetails of the programme can be found below and, as ever, we have an\nexcellent mix of topics being covered.\n\nCheers,\n\nAndrew\n```\n\n\nOpen Source Hardware Camp 2018\n\n\n\n  On the 30th June 2018, 09:00 Saturday morning - 16:00 on the Sunday\n  afternoon at The Blue Room, The Lawn, Union Rd, Lincoln, LN1 3BU.\n\n\n\nRegistration: http://oshug.org/event/oshcamp2018\nOpen Source Hardware Camp 2018 will be hosted in the historic county\ntown of Lincoln — home to, amongst others, noted engine builders Ruston\n\u0026amp; Hornsby (now Siemens, via GEC and English Electric).\nLincoln is well served by rail, reachable from Leeds and London within\n2-2.5 hours, and 4-5 hours from Edinburgh and Southampton.\nThere will be a social at the Wig and Mitre on the Saturday evening.\nFor travel and accommodation information information please see the\nevent page on oshug.org.\n\n\n\n\nNews Roundup\n\nNextcloud 13 on FreeBSD\n\n\n  Today I would like to share a setup of Nextcloud 13 running on a FreeBSD system. To make things more interesting it would be running inside a FreeBSD Jail. I will not describe the Nextcloud setup itself here as its large enough for several blog posts.\n  \n  Official Nextcloud 13 documentation recommends following setup:\n\n\n\nMySQL/MariaDB\nPHP 7.0 (or newer)\nApache 2.4 (with mod_php)\n\n\n\n  I prefer PostgreSQL database to MySQL/MariaDB and I prefer fast and lean Nginx web server to Apache, so my setup is based on these components:\n\n\n\nPostgreSQL 10.3\nPHP 7.2.4\nNginx 1.12.2 (with php-fpm)\nMemcached 1.5.7\n\n\n\n  The Memcached subsystem is least important, it can be easily changed into something more modern like Redis for example. I prefer not to use any third party tools for FreeBSD Jails management. Not because they are bad or something like that. There are just many choices for good FreeBSD Jails management and I want to provide a GENERIC example for Nextcloud 13 in a Jail, not for a specific management tool.\n\n\n\nHost\n\n\n\n  Lets start with preparing the FreeBSD Host with needed settings. We need to allow using raw sockets in Jails. For the future optional upgrades of the Jail we will also allow using chflags(1) in Jails.\n\n\n\n\nOpenBSD on my fanless desktop computer\n\n\n  You asked me about my setup. Here you go.\n  \n  I’ve been using OpenBSD on servers for years as a web developer, but never had a chance to dive in to system administration before. If you appreciate the simplicity of OpenBSD and you have to give it a try on your desktop.\n  \n  Bear in mind, this is a relatively cheap ergonomic setup, because all I need is xterm(1) with Vim and Firefox, I don’t care about CPU/GPU performance or mobility too much, but I want a large screen and a good keyboard.\n\n\n\nItem                                    Price, USD\nZotac CI527 NANO-BE                        $371\n16GB RAM Crucial DDR4-2133                    $127\n250GB SSD Samsung 850 EVO                    $104\nAsus VZ249HE 23.8\" IPS Full HD                    $129\nErgoDox EZ V3, Cherry MX Brown, blank DCS            $325\nKensington Orbit Trackball                        $33\nTotal                                    $1,107\n\n\n\nOpenBSD\n\n\n\n  I tried few times to install OpenBSD on my MacBooks—I heard some models are compatible with it,—but in my case it was a bit of a fiasco (thanks to Nvidia and Broadcom). That’s why I bought a new computer, just to be able to run this wonderful operating system.\n  \n  Now I run -stable on my desktop and servers. Servers are supposed to be reliable, that’s obvious, why not run -current on a desktop? Because -stable is shipped every six months and I that’s is often enough for me. I prefer slow fashion.\n\n\n\n\niXsystems\niX Ad Spot NAB 2018 – Michael Dexter’s Recap\n\nIntroduction to HardenedBSD World\n\n\n  HardenedBSD is a security enhanced fork of FreeBSD which happened in 2014. HardenedBSD is implementing many exploit mitigation and security technologies on top of FreeBSD which all started with implementation of Address Space Layout Randomization (ASLR). The fork has been created for ease of development.\n  \n  To cite the https://hardenedbsd.org/content/about page – “HardenedBSD aims to implement innovative exploit mitigation and security solutions for the FreeBSD community. (…) HardenedBSD takes a holistic approach to security by hardening the system and implementing exploit mitigation technologies.”\n  \n  Most FreeBSD enthusiasts know mfsBSD project by Martin Matuska – http://mfsbsd.vx.sk/ – FreeBSD system loaded completely into memory. The mfsBSD synonym for the HardenedBSD world is SoloBSD – http://www.solobsd.org/ – which is based on HardenedBSD sources.\n  \n  One may ask how HardenedBSD project compared to more well know for its security OpenBSD system and it is very important question. The OpenBSD developers try to write ‘good’ code without dirty hacks for performance or other reasons. Clean and secure code is most important in OpenBSD world. The OpenBSD project even made security audit of all OpenBSD code available, line by line. This was easier to achieve in FreeBSD or HardenedBSD because OpenBSD code base its about ten times smaller. This has also other implications, possibilities. While FreeBSD (and HardenedBSD) offer many new features like mature SMP subsystem even with some NUMA support, ZFS filesystem, GEOM storage framework, Bhyve virtualization, Virtualbox option and many other new modern features the OpenBSD remains classic UNIX system with UFS filesystem and with very ‘theoretical’ SMP support. The vmm project tried to implement new hypervisor in OpenBSD world, but because of lack of support for graphics its for OpenBSD, Illumos and Linux currently, You will not virtualize Windows or Mac OS X there. This is also only virtualization option for OpenBSD as there are no Jails on OpenBSD. Current Bhyve implementation allows one even to boot latest Windows 2019 Technology Preview.\n  \n  A HardenedBSD project is FreeBSD system code base with LOTS of security mechanisms and mitigations that are not available on FreeBSD system. For example entire lib32 tree has been disabled by default on HardenedBSD to make it more secure. Also LibreSSL is the default SSL library on HardenedBSD, same as OpenBSD while FreeBSD uses OpenSSL for compatibility reasons.\n  \n  Comparison between LibreSSL and OpenSSL vulnerabilities.\n\n\n\nhttps://en.wikipedia.org/wiki/LibreSSL#Security\nhttps://wiki.freebsd.org/LibreSSL#LibreSSL.28andOpenSSL.29SecurityVulnerabilities\n\n\n\n  One may see HardenedBSD as FreeBSD being successfully pulled up to the OpenBSD level (at least that is the goal), but as FreeBSD has tons more code and features it will be harder and longer process to achieve the goal.\n  \n  As I do not have that much competence on the security field I will just repost the comparison from the HardenedBSD project versus other BSD systems. The comparison is also available here – https://hardenedbsd.org/content/easy-feature-comparison – on the HardenedBSD website.\n\n\n\n\nRunning my own git server\n\n\n  Note: This article is predominantly based on work by Hiltjo Posthuma who you should read because I would have spent far too much time failing to set things up if it wasn’t for their post. Not only have they written lots of very interesting posts, they write some really brilliant programs\n  \n  Since I started university 3 years ago, I started using lots of services from lots of different companies. The “cloud” trend led me to believe that I wanted other people to look after my data for me. I was wrong. Since finding myself loving the ethos of OpenBSD, I found myself wanting to apply this ethos to the services I use as well. Not only is it important to me because of the security benefits, but also because I like the minimalist style OpenBSD portrays. This is the first in a mini-series documenting my move from bloated, hosted, sometimes proprietary services to minimal, well-written, free, self-hosted services.\n\n\n\nTools \u0026amp; applications\n\n\n\n  These are the programs I am going to be using to get my git server up and running:\n\n\n\nhttpd(8)\nacme-client(1)\ngit(1)\ncgit(1)\nslowcgi(8)\n\n\n\nSetting up httpd\n\n\n\n  Ensure you have the necessary flags enabled in your /etc/rc.conf.local:\n\n\n\nConfiguring cgit\n\n\n\n  When using the OpenBSD httpd(8), it will serve it’s content in a chrooted environment,which defaults to the home directory of the user it runs as, which is www in this case. This means that the chroot is limited to the directory /var/www and it’s contents.\n  \n  In order to configure cgit, there must be a cgitrc file available to cgit. This is found at the location stored in $CGIT_CONFIG, which defaults to /conf/cgitrc. Because of the chroot, this file is actually stored at /var/www/conf/cgitrc.\n\n\n\n\nBeastie Bits\n\n\nMy Penguicon 2018 Schedule\nsigaction: see who killed you (and more)\nTakeshi steps down from NetBSD core team after 13 years\nDragonFlyBSD Kernel Gets Some SMP Improvements – Phoronix\nWriting FreeBSD Malware\n\n\nTarsnap ad\n\nFeedback/Questions\n\n\nTroels - Question regarding ZFS xattr\nMike - Sharing your screen\nWilyarti - Adlocking on FreeBSD\nBrad - Recommendations for snapshot strategy\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eAllan’s recap of the ZFS User conference, first impressions of OmniOS by a BSD user, Nextcloud 13 setup on FreeBSD, OpenBSD on a fanless desktop computer, an intro to HardenedBSD, and DragonFlyBSD getting some SMP improvements.\u003cbr\u003e\n\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eZFS User Conference Recap\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAttendees met for breakfast on the fourth floor, in a lunchroom type area just outside of the theatre. One entire wall was made of lego base plates, and there were buckets of different coloured lego embedded in the wall.\u003c/li\u003e\n\u003cli\u003eThe talks started with Matt Ahrens discussing how the 2nd most requested feature of ZFS, Device Removal, has now landed, then pivoting into the MOST requested feature, RAID-Z expansion, and his work on that so far, which included the first functional prototype, on FreeBSD.\u003c/li\u003e\n\u003cli\u003eThen our friend Calvin Hendryx-Parker presented how he solves all of his backup headaches with ZFS. I provided him some helpful hints to optimize his setup and improve the throughput of his backups\u003c/li\u003e\n\u003cli\u003eThen Steven Umbehocker of OSNEXUS talked about their products, and how they manage large numbers of ZFS nodes\u003c/li\u003e\n\u003cli\u003eAfter a very nice lunch, Orlando Pichardo of Micron talked about the future of flash, and their new 7.5TB SATA SSDs. Discussion of these devices after the talk may lead to enhancements to ZFS to better support these new larger flash devices that use larger logical sector sizes.\u003c/li\u003e\n\u003cli\u003eAlek Pinchuk of Datto talked about Pool Layout Considerations\u003c/li\u003e\n\u003cli\u003ethen Tony Hutter of LLNL talked about the release process for ZFS on Linux\u003c/li\u003e\n\u003cli\u003eThen Tom Caputi of Datto presented: Helping Developers Help You, guidance for users submitting bug reports, with some good and bad examples\u003c/li\u003e\n\u003cli\u003eThen we had a nice cocktail party and dinner, and stayed late into the night talked about ZFS\u003c/li\u003e\n\u003cli\u003eThe next day, Jervin Real of Percona, presented: ZFS and MySQL on Linux, the Sweet Spots. Mostly outlining some benchmark they had done, some of the results were curious and some additional digging may turn up enhancements that can be made to ZFS, or just better tuning advice for high traffic MySQL servers.\u003c/li\u003e\n\u003cli\u003eThen I presented my ZSTD compression work, which had been referenced in 2 of the previous talks, as people are anxious to get their hands on this code.\u003c/li\u003e\n\u003cli\u003eLastly, Eric Sproul of Circonus, gave his talk: Thank You, ZFS. It thanked ZFS and its Community for making their companies product possible, and then provided an update to his presentation from last year, where they were having problems with extremely high levels of ZFS fragmentation. This also sparked a longer conversation after the talk was over.\u003c/li\u003e\n\u003cli\u003eThen we had a BBQ lunch, and after some more talking, the conference broke up.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.linuxquestions.org/questions/solaris-opensolaris-20/initial-omnios-impressions-by-a-bsd-user-4175626757/\"\u003eInitial OmniOS impressions by a BSD user\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI had been using FreeBSD as my main web server OS since 2012 and I liked it so much that I even contributed money and code to it. However, since the FreeBSD guys (and gals) decided to install anti-tech feminism, I have been considering to move away from it for quite some time now.\u003c/p\u003e\n  \n  \u003cp\u003eAs my growing needs require stronger hardware, it was finally time to rent a new server. I do not intend to run FreeBSD on it. Although the most obvious choice would be OpenBSD (I run it on another server and it works just fine), I plan to have a couple of databases running on the new machine, and database throughput has never been one of OpenBSD's strong points. This is my chance to give illumos another try. As neither WiFi nor desktop environments are relevant on a no-X11 server, the server-focused OmniOS seemed to fit my needs.\u003c/p\u003e\n  \n  \u003cp\u003eMy current (to be phased out) setup on FreeBSD is:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eapache24 with SSL support, running five websites on six domains (both HTTP and HTTPS)\u003c/li\u003e\n\u003cli\u003ea (somewhat large) Tiny Tiny RSS installation from git, updated via cronjob\u003c/li\u003e\n\u003cli\u003esbcl running a daily cronjob of my Web-to-RSS parser\u003c/li\u003e\n\u003cli\u003ean FTP server where I share stuff with friends\u003c/li\u003e\n\u003cli\u003ean IRC bouncer\u003c/li\u003e\n\u003cli\u003eMariaDB and PostgreSQL for some of the hosted services\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI would not consider anything of that too esoteric for a modern operating system. Since I was not really using anything mod_rewrite-related, I was perfectly ready to replace apache24 by nginx, remembering that the prepackaged apache24 on FreeBSD did not support HTTPS out of the box and I had ended up installing it from the ports. That is the only change in my setup which I am actively planning.\u003c/p\u003e\n  \n  \u003cp\u003eSo here's what I noticed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirst impressions:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eHooray, a BSD boot loader! Finally an operating system without grub - I made my experiences with that and I don't want to repeat them too often.\u003c/p\u003e\n  \n  \u003cp\u003eIt is weird that the installer won't accept \"mydomain.org\" as a hostname but sendmail complains that \"mydomain\" is not a valid hostname right from the start, OmniOS sent me into Maintenance Mode to fix that. A good start, right? So the first completely new thing I had to find out on my new shiny toy was how to change the hostname. There is no /etc/rc.conf in it and hostname mydomain.org was only valid for one login session. I found out that the hostname has to be changed in three different files under /etc on Solaris - the third one did not even exist for me. Changing the other two files seems to have solved this problem for me.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRandom findings:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003e~ I was wondering how many resources my (mostly idle) new web server was using - I always thought Solaris was rather fat, but it still felt fast to me.\u003c/p\u003e\n  \n  \u003cp\u003eAh, right - we're in Unixland and we need to think outside of the box. This table was really helpful: although a number of things are different between OmniOS and SmartOS, I found out that the *stat tools do what top does. I could probably just install top from one of the package managers, but I failed to find a reason to do so. I had 99% idle CPU and RAM - that's all I wanted to know.\u003c/p\u003e\n  \n  \u003cp\u003e~ Trying to set up twtxt informed me that Python 3.6 (from pkgin) expects LANG and LC_ALL to be set. Weird - did FreeBSD do that for me? It's been a while ... at least that was easy to fix.\u003c/p\u003e\n  \n  \u003cp\u003e~ SMF - Solaris's version of init - confuses me. It has \"levels\" similar to Gentoo's OpenRC, but it mostly shuts up during the boot process. Stuff from pkgsrc, e.g. nginx, comes with a description how to set up the particular service, but I should probably read more about it. What if, one day, I install a package which is not made ready for OmniOS? I'll have to find out how to write SMF scripts. But that should not be my highest priority.\u003c/p\u003e\n  \n  \u003cp\u003e~ The OmniOS documentation talks a lot about \"zones\" which, if I understand that correctly, mostly equal FreeBSD's \"jails\". This could be my chance to try to respect a better separation between my various services - if my lazyness won't take over again. (It probably will.)\u003c/p\u003e\n  \n  \u003cp\u003e~ OmniOS's default shell - rather un-unixy - seems to be the bash. Update: I was informed about a mistake here: the default shell is ksh93, there are bogus .bashrc files lying around though.\u003c/p\u003e\n  \n  \u003cp\u003e~ Somewhere in between, my sshd had a hiccup or, at least, logging into it took longer than usual. If that happens again, I should investigate.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eBy the time of me writing this, I have a basic web server with an awesome performance and a lot of applications ready to be configured only one click away. The more I play with it, the more I have the feeling that I have missed a lot while wasting my time with FreeBSD. For a system that is said to be \"dying\", OmniOS feels well-thought and, when equipped with a reasonable package management, comes with everything I need to reproduce my FreeBSD setup without losing functionality.\u003c/p\u003e\n  \n  \u003cp\u003eI'm looking forward to what will happen with it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\nhttp://do.co/bsdnow\u003c/p\u003e\n\n\u003ch3\u003e[Open Source Hardware Camp 2018 — Sat 30/06 \u0026amp; Sun 01/07, Lincoln, UK\u003c/h3\u003e\n\n\u003cp\u003e(includes 'Open-source RISC-V core quickstart' and 'An introductory workshop to NetBSD on embedded platforms')](http://oshug.org/pipermail/oshug/2018-April/000635.html)\u003c/p\u003e\n\n\u003cp\u003e```\nHi All,\u003c/p\u003e\n\n\u003cp\u003eI'm pleased to announce that we have 10 talks and 7 workshops confirmed\nfor Open Source Hardware Camp 2018, with the possibility of one or two\nmore. Registration is now open!\u003c/p\u003e\n\n\u003cp\u003eFor the first time ever we will be hosting OSHCamp in Lincoln and a huge\nthanks to Sarah Markall for helping to make this happen.\u003c/p\u003e\n\n\u003cp\u003eAs in previous years, there will be a social event on the Saturday\nevening and we have a room booked at the Wig and Mitre. Food will be\navailable.\u003c/p\u003e\n\n\u003cp\u003eThere will likely be a few of us meeting up for pre-conference drinks on\nthe Friday evening also.\u003c/p\u003e\n\n\u003cp\u003eDetails of the programme can be found below and, as ever, we have an\nexcellent mix of topics being covered.\u003c/p\u003e\n\n\u003cp\u003eCheers,\u003c/p\u003e\n\n\u003cp\u003eAndrew\n```\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpen Source Hardware Camp 2018\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOn the 30th June 2018, 09:00 Saturday morning - 16:00 on the Sunday\n  afternoon at The Blue Room, The Lawn, Union Rd, Lincoln, LN1 3BU.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRegistration: http://oshug.org/event/oshcamp2018\u003c/li\u003e\n\u003cli\u003eOpen Source Hardware Camp 2018 will be hosted in the historic county\ntown of Lincoln — home to, amongst others, noted engine builders Ruston\n\u0026amp; Hornsby (now Siemens, via GEC and English Electric).\u003c/li\u003e\n\u003cli\u003eLincoln is well served by rail, reachable from Leeds and London within\n2-2.5 hours, and 4-5 hours from Edinburgh and Southampton.\u003c/li\u003e\n\u003cli\u003eThere will be a social at the Wig and Mitre on the Saturday evening.\u003c/li\u003e\n\u003cli\u003eFor travel and accommodation information information please see the\nevent page on oshug.org.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/04/04/nextcloud-13-on-freebsd/\"\u003eNextcloud 13 on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eToday I would like to share a setup of Nextcloud 13 running on a FreeBSD system. To make things more interesting it would be running inside a FreeBSD Jail. I will not describe the Nextcloud setup itself here as its large enough for several blog posts.\u003c/p\u003e\n  \n  \u003cp\u003eOfficial Nextcloud 13 documentation recommends following setup:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMySQL/MariaDB\u003c/li\u003e\n\u003cli\u003ePHP 7.0 (or newer)\u003c/li\u003e\n\u003cli\u003eApache 2.4 (with mod_php)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI prefer PostgreSQL database to MySQL/MariaDB and I prefer fast and lean Nginx web server to Apache, so my setup is based on these components:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePostgreSQL 10.3\u003c/li\u003e\n\u003cli\u003ePHP 7.2.4\u003c/li\u003e\n\u003cli\u003eNginx 1.12.2 (with php-fpm)\u003c/li\u003e\n\u003cli\u003eMemcached 1.5.7\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe Memcached subsystem is least important, it can be easily changed into something more modern like Redis for example. I prefer not to use any third party tools for FreeBSD Jails management. Not because they are bad or something like that. There are just many choices for good FreeBSD Jails management and I want to provide a GENERIC example for Nextcloud 13 in a Jail, not for a specific management tool.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHost\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eLets start with preparing the FreeBSD Host with needed settings. We need to allow using raw sockets in Jails. For the future optional upgrades of the Jail we will also allow using chflags(1) in Jails.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.romanzolotarev.com/setup.html\"\u003eOpenBSD on my fanless desktop computer\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eYou asked me about my setup. Here you go.\u003c/p\u003e\n  \n  \u003cp\u003eI’ve been using OpenBSD on servers for years as a web developer, but never had a chance to dive in to system administration before. If you appreciate the simplicity of OpenBSD and you have to give it a try on your desktop.\u003c/p\u003e\n  \n  \u003cp\u003eBear in mind, this is a relatively cheap ergonomic setup, because all I need is xterm(1) with Vim and Firefox, I don’t care about CPU/GPU performance or mobility too much, but I want a large screen and a good keyboard.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\nItem                                    Price, USD\nZotac CI527 NANO-BE                        $371\n16GB RAM Crucial DDR4-2133                    $127\n250GB SSD Samsung 850 EVO                    $104\nAsus VZ249HE 23.8\" IPS Full HD                    $129\nErgoDox EZ V3, Cherry MX Brown, blank DCS            $325\nKensington Orbit Trackball                        $33\nTotal                                    $1,107\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI tried few times to install OpenBSD on my MacBooks—I heard some models are compatible with it,—but in my case it was a bit of a fiasco (thanks to Nvidia and Broadcom). That’s why I bought a new computer, just to be able to run this wonderful operating system.\u003c/p\u003e\n  \n  \u003cp\u003eNow I run -stable on my desktop and servers. Servers are supposed to be reliable, that’s obvious, why not run -current on a desktop? Because -stable is shipped every six months and I that’s is often enough for me. I prefer slow fashion.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\niX Ad Spot \u003ca href=\"https://www.ixsystems.com/blog/nab-2018-recap-2/\"\u003eNAB 2018 – Michael Dexter’s Recap\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/04/06/introduction-to-hardenedbsd-world/\"\u003eIntroduction to HardenedBSD World\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eHardenedBSD is a security enhanced fork of FreeBSD which happened in 2014. HardenedBSD is implementing many exploit mitigation and security technologies on top of FreeBSD which all started with implementation of Address Space Layout Randomization (ASLR). The fork has been created for ease of development.\u003c/p\u003e\n  \n  \u003cp\u003eTo cite the https://hardenedbsd.org/content/about page – “HardenedBSD aims to implement innovative exploit mitigation and security solutions for the FreeBSD community. (…) HardenedBSD takes a holistic approach to security by hardening the system and implementing exploit mitigation technologies.”\u003c/p\u003e\n  \n  \u003cp\u003eMost FreeBSD enthusiasts know mfsBSD project by Martin Matuska – http://mfsbsd.vx.sk/ – FreeBSD system loaded completely into memory. The mfsBSD synonym for the HardenedBSD world is SoloBSD – http://www.solobsd.org/ – which is based on HardenedBSD sources.\u003c/p\u003e\n  \n  \u003cp\u003eOne may ask how HardenedBSD project compared to more well know for its security OpenBSD system and it is very important question. The OpenBSD developers try to write ‘good’ code without dirty hacks for performance or other reasons. Clean and secure code is most important in OpenBSD world. The OpenBSD project even made security audit of all OpenBSD code available, line by line. This was easier to achieve in FreeBSD or HardenedBSD because OpenBSD code base its about ten times smaller. This has also other implications, possibilities. While FreeBSD (and HardenedBSD) offer many new features like mature SMP subsystem even with some NUMA support, ZFS filesystem, GEOM storage framework, Bhyve virtualization, Virtualbox option and many other new modern features the OpenBSD remains classic UNIX system with UFS filesystem and with very ‘theoretical’ SMP support. The vmm project tried to implement new hypervisor in OpenBSD world, but because of lack of support for graphics its for OpenBSD, Illumos and Linux currently, You will not virtualize Windows or Mac OS X there. This is also only virtualization option for OpenBSD as there are no Jails on OpenBSD. Current Bhyve implementation allows one even to boot latest Windows 2019 Technology Preview.\u003c/p\u003e\n  \n  \u003cp\u003eA HardenedBSD project is FreeBSD system code base with LOTS of security mechanisms and mitigations that are not available on FreeBSD system. For example entire lib32 tree has been disabled by default on HardenedBSD to make it more secure. Also LibreSSL is the default SSL library on HardenedBSD, same as OpenBSD while FreeBSD uses OpenSSL for compatibility reasons.\u003c/p\u003e\n  \n  \u003cp\u003eComparison between LibreSSL and OpenSSL vulnerabilities.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ehttps://en.wikipedia.org/wiki/LibreSSL#Security\u003c/li\u003e\n\u003cli\u003ehttps://wiki.freebsd.org/LibreSSL#LibreSSL\u003cem\u003e.28and\u003c/em\u003eOpenSSL.29\u003cem\u003eSecurity\u003c/em\u003eVulnerabilities\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOne may see HardenedBSD as FreeBSD being successfully pulled up to the OpenBSD level (at least that is the goal), but as FreeBSD has tons more code and features it will be harder and longer process to achieve the goal.\u003c/p\u003e\n  \n  \u003cp\u003eAs I do not have that much competence on the security field I will just repost the comparison from the HardenedBSD project versus other BSD systems. The comparison is also available here – https://hardenedbsd.org/content/easy-feature-comparison – on the HardenedBSD website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tomatkinson.uk/git.html\"\u003eRunning my own git server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eNote: This article is predominantly based on work by Hiltjo Posthuma who you should read because I would have spent far too much time failing to set things up if it wasn’t for their post. Not only have they written lots of very interesting posts, they write some really brilliant programs\u003c/p\u003e\n  \n  \u003cp\u003eSince I started university 3 years ago, I started using lots of services from lots of different companies. The “cloud” trend led me to believe that I wanted other people to look after my data for me. I was wrong. Since finding myself loving the ethos of OpenBSD, I found myself wanting to apply this ethos to the services I use as well. Not only is it important to me because of the security benefits, but also because I like the minimalist style OpenBSD portrays. This is the first in a mini-series documenting my move from bloated, hosted, sometimes proprietary services to minimal, well-written, free, self-hosted services.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTools \u0026amp; applications\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThese are the programs I am going to be using to get my git server up and running:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\nhttpd(8)\nacme-client(1)\ngit(1)\ncgit(1)\nslowcgi(8)\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSetting up httpd\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eEnsure you have the necessary flags enabled in your /etc/rc.conf.local:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConfiguring cgit\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWhen using the OpenBSD httpd(8), it will serve it’s content in a chrooted environment,which defaults to the home directory of the user it runs as, which is www in this case. This means that the chroot is limited to the directory /var/www and it’s contents.\u003c/p\u003e\n  \n  \u003cp\u003eIn order to configure cgit, there must be a cgitrc file available to cgit. This is found at the location stored in $CGIT_CONFIG, which defaults to /conf/cgitrc. Because of the chroot, this file is actually stored at /var/www/conf/cgitrc.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3173\"\u003eMy Penguicon 2018 Schedule\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://rachelbythebay.com/w/2018/04/16/signal/\"\u003esigaction: see who killed you (and more)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-announce/2018/04/20/msg000284.html\"\u003eTakeshi steps down from NetBSD core team after 13 years\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026amp;px=DragonFlyBSD-More-Perf-For-5.4\"\u003eDragonFlyBSD Kernel Gets Some SMP Improvements – Phoronix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://m.youtube.com/watch?v=bT_k06Xg-BE\"\u003eWriting FreeBSD Malware\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap ad\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTroels - \u003ca href=\"http://dpaste.com/35K0BD7#wrap\"\u003eQuestion regarding ZFS xattr\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMike - \u003ca href=\"http://dpaste.com/33X1K80#wrap\"\u003eSharing your screen\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWilyarti - \u003ca href=\"http://dpaste.com/0D452Q0#wrap\"\u003eAdlocking on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/08XAHNY#wrap\"\u003eRecommendations for snapshot strategy\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"Allan’s recap of the ZFS User conference, first impressions of OmniOS by a BSD user, Nextcloud 13 setup on FreeBSD, OpenBSD on a fanless desktop computer, an intro to HardenedBSD, and DragonFlyBSD getting some SMP improvements.","date_published":"2018-05-10T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b6503021-a9eb-471a-8089-2dc3647bc58c.mp3","mime_type":"audio/mp3","size_in_bytes":61107427,"duration_in_seconds":5077}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1868","title":"Episode 244: C is a Lie | BSD Now 244","url":"https://www.bsdnow.tv/244","content_text":"Arcan and OpenBSD, running OpenBSD 6.3 on RPI 3, why C is not a low-level language, HardenedBSD switching back to OpenSSL, how the Internet was almost broken, EuroBSDcon CfP is out, and the BSDCan 2018 schedule is available.\n\nHeadlines\n\nTowards Secure System Graphics: Arcan and OpenBSD\n\n\n  Let me preface this by saying that this is a (very) long and medium-rare technical article about the security considerations and minutiae of porting (most of) the Arcan ecosystem to work under OpenBSD. The main point of this article is not so much flirting with the OpenBSD crowd or adding further noise to software engineering topics, but to go through the special considerations that had to be taken, as notes to anyone else that decides to go down this overgrown and lonesome trail, or are curious about some less than obvious differences between how these things “work” on Linux vs. other parts of the world.\n  \n  A disclaimer is also that most of this have been discovered by experimentation and combining bits and pieces scattered in everything from Xorg code to man pages, there may be smarter ways to solve some of the problems mentioned – this is just the best I could find within the time allotted. I’d be happy to be corrected, in patch/pull request form that is 😉\n  \n  Each section will start with a short rant-like explanation of how it works in Linux, and what the translation to OpenBSD involved or, in the cases that are still partly or fully missing, will require. The topics that will be covered this time are:\n\n\n\nGraphics Device Access\nHotplug\nInput\nBacklight\nXorg\nPledging\nMissing\n\n\n\n\nInstalling OpenBSD 6.3 (snapshots) on Raspberry pi 3\n\n\nThe Easy way\n\n\n\n  Installing the OpenBSD on raspberry pi 3 is very easy and well documented which almost convinced me of not writing about it, but still I felt like it may help somebody new to the project (But again I really recommend reading the document if you are interested and have the time).\n  \n  Note: I'm always running snapshots and recommend anybody to do it as well. But the snapshots links will change to the next version every 6 month, so I changed the links to the 6.3 version to keep the blog post valid over times. If you're familiar to the OpenBSD flavors, feel free to use the snapshots links instead.\n\n\n\nRequirements\n\n\n\n  Due to the lack of driver, the OpenBSD can not boot directly from the SD Card yet, So we'll need an USB Stick for the installtion target aside the SD Card for the U-Boot and installer. Also, a Serial Console connection is required. I Used a PL2303 USB to Serial (TTL) adapter connected to my Laptop via USB port and connected to the Raspberry via TX, RX and GND pins.\n\n\n\n\niXsystems\nhttps://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/\n\nWhy Didn’t Larrabee Fail?\n\n\n  Every month or so, someone will ask me what happened to Larrabee and why it failed so badly. And I then try to explain to them that not only didn't it fail, it was a pretty huge success. And they are understandably very puzzled by this, because in the public consciousness Larrabee was like the Itanic and the SPU rolled into one, wasn't it? Well, not quite. So rather than explain it in person a whole bunch more times, I thought I should write it down.\n  \n  This is not a history, and I'm going to skip a TON of details for brevity. One day I'll write the whole story down, because it's a pretty decent escapade with lots of fun characters. But not today. Today you just get the very start and the very end.\n  \n  When I say \"Larrabee\" I mean all of Knights, all of MIC, all of Xeon Phi, all of the \"Isle\" cards - they're all exactly the same chip and the same people and the same software effort. Marketing seemed to dream up a new codeword every week, but there was only ever three chips:\n\n\n\nKnights Ferry / Aubrey Isle / LRB1 - mostly a prototype, had some performance gotchas, but did work, and shipped to partners.\nKnights Corner / Xeon Phi / LRB2 - the thing we actually shipped in bulk.\nKnights Landing - the new version that is shipping any day now (mid 2016).\n\n\n\n  That's it. There were some other codenames I've forgotten over the years, but they're all of one of the above chips. Behind all the marketing smoke and mirrors there were only three chips ever made (so far), and only four planned in total (we had a thing called LRB3 planned between KNC and KNL for a while). All of them are \"Larrabee\", whether they do graphics or not.\n  \n  When Larrabee was originally conceived back in about 2005, it was called \"SMAC\", and its original goals were, from most to least important:\n\n\n\nMake the most powerful flops-per-watt machine for real-world workloads using a huge array of simple cores, on systems and boards that could be built into bazillo-core supercomputers.\nMake it from x86 cores. That means memory coherency, store ordering, memory protection, real OSes, no ugly scratchpads, it runs legacy code, and so on. No funky DSPs or windowed register files or wacky programming models allowed. Do not build another Itanium or SPU!\nMake it soon. That means keeping it simple.\nSupport the emerging GPGPU market with that same chip. Intel were absolutely not going to build a 150W PCIe card version of their embedded graphics chip (known as \"Gen\"), so we had to cover those programming models. As a bonus, run normal graphics well.\nAdd as little graphics-specific hardware as you can get away with.\n\n\n\n  That ordering is important - in terms of engineering and focus, Larrabee was never primarily a graphics card. If Intel had wanted a kick-ass graphics card, they already had a very good graphics team begging to be allowed to build a nice big fat hot discrete GPU - and the Gen architecture is such that they'd build a great one, too. But Intel management didn't want one, and still doesn't. But if we were going to build Larrabee anyway, they wanted us to cover that market as well.\n  \n  ... the design of Larrabee was of a CPU with a very wide SIMD unit, designed above all to be a real grown-up CPU - coherent caches, well-ordered memory rules, good memory protection, true multitasking, real threads, runs Linux/FreeBSD, etc. Larrabee, in the form of KNC, went on to become the fastest supercomputer in the world for a couple of years, and it's still making a ton of money for Intel in the HPC market that it was designed for, fighting very nicely against the GPUs and other custom architectures. Its successor, KNL, is just being released right now (mid 2016) and should do very nicely in that space too. Remember - KNC is literally the same chip as LRB2. It has texture samplers and a video out port sitting on the die. They don't test them or turn them on or expose them to software, but they're still there - it's still a graphics-capable part.\n  \n  But it's still actually running FreeBSD on that card, and under FreeBSD it's just running an x86 program called DirectXGfx (248 threads of it).\n\n\n\n\nNews Roundup\n\nC Is Not a Low-level Language : Your computer is not a fast PDP-11.\n\n\n  In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.\n  \n  Processor vendors are not alone in this. Those of us working on C/C++ compilers have also participated.\n\n\n\nWhat Is a Low-Level Language?\n\n\n\n  Computer science pioneer Alan Perlis defined low-level languages this way: \"A programming language is low level when its programs require attention to the irrelevant.\"\n  \n  While, yes, this definition applies to C, it does not capture what people desire in a low-level language. Various attributes cause people to regard a language as low-level. Think of programming languages as belonging on a continuum, with assembly at one end and the interface to the Starship Enterprise's computer at the other. Low-level languages are \"close to the metal,\" whereas high-level languages are closer to how humans think.\n  \n  For a language to be \"close to the metal,\" it must provide an abstract machine that maps easily to the abstractions exposed by the target platform. It's easy to argue that C was a low-level language for the PDP-11. They both described a model in which programs executed sequentially, in which memory was a flat space, and even the pre- and post-increment operators cleanly lined up with the PDP-11 addressing modes.\n\n\nFast PDP-11 Emulators\n\n\n  The root cause of the Spectre and Meltdown vulnerabilities was that processor architects were trying to build not just fast processors, but fast processors that expose the same abstract machine as a PDP-11. This is essential because it allows C programmers to continue in the belief that their language is close to the underlying hardware.\n  \n  C code provides a mostly serial abstract machine (until C11, an entirely serial machine if nonstandard vendor extensions were excluded). Creating a new thread is a library operation known to be expensive, so processors wishing to keep their execution units busy running C code rely on ILP (instruction-level parallelism). They inspect adjacent operations and issue independent ones in parallel. This adds a significant amount of complexity (and power consumption) to allow programmers to write mostly sequential code. In contrast, GPUs achieve very high performance without any of this logic, at the expense of requiring explicitly parallel programs.\n  \n  The quest for high ILP was the direct cause of Spectre and Meltdown. A modern Intel processor has up to 180 instructions in flight at a time (in stark contrast to a sequential C abstract machine, which expects each operation to complete before the next one begins). A typical heuristic for C code is that there is a branch, on average, every seven instructions. If you wish to keep such a pipeline full from a single thread, then you must guess the targets of the next 25 branches. This, again, adds complexity; it also means that an incorrect guess results in work being done and then discarded, which is not ideal for power consumption. This discarded work has visible side effects, which the Spectre and Meltdown attacks could exploit.\n  \n  On a modern high-end core, the register rename engine is one of the largest consumers of die area and power. To make matters worse, it cannot be turned off or power gated while any instructions are running, which makes it inconvenient in a dark silicon era when transistors are cheap but powered transistors are an expensive resource. This unit is conspicuously absent on GPUs, where parallelism again comes from multiple threads rather than trying to extract instruction-level parallelism from intrinsically scalar code. If instructions do not have dependencies that need to be reordered, then register renaming is not necessary.\n  \n  Consider another core part of the C abstract machine's memory model: flat memory. This hasn't been true for more than two decades. A modern processor often has three levels of cache in between registers and main memory, which attempt to hide latency.\n  \n  The cache is, as its name implies, hidden from the programmer and so is not visible to C. Efficient use of the cache is one of the most important ways of making code run quickly on a modern processor, yet this is completely hidden by the abstract machine, and programmers must rely on knowing implementation details of the cache (for example, two values that are 64-byte-aligned may end up in the same cache line) to write efficient code.\n\n\n\nBackup URL\nHacker News Commentary\n\n\n\n\nHardenedBSD Switching Back to OpenSSL\n\n\n  Over a year ago, HardenedBSD switched to LibreSSL as the default cryptographic library in base for 12-CURRENT. 11-STABLE followed suit later on. Bernard Spil has done an excellent job at keeping our users up-to-date with the latest security patches from LibreSSL.\n  \n  After recently updating 12-CURRENT to LibreSSL 2.7.2 from 2.6.4, it has become increasingly clear to us that performing major upgrades requires a team larger than a single person. Upgrading to 2.7.2 caused a lot of fallout in our ports tree. As of 28 Apr 2018, several ports we consider high priority are still broken. As it stands right now, it would take Bernard a significant amount of his spare personal time to fix these issues.\n  \n  Until we have a multi-person team dedicated to maintaining LibreSSL in base along with the patches required in ports, HardenedBSD will use OpenSSL going forward as the default cryptographic library in base. LibreSSL will co-exist with OpenSSL in the source tree, as it does now. However, MK_LIBRESSL will default to \"no\" instead of the current \"yes\". Bernard will continue maintaining LibreSSL in base along with addressing the various problematic ports entries.\n  \n  To provide our users with ample time to plan and perform updates, we will wait a period of two months prior to making the switch. The switch will occur on 01 Jul 2018 and will be performed simultaneously in 12-CURRENT and 11-STABLE. HardenedBSD will archive a copy of the LibreSSL-centric package repositories and binary updates for base for a period of six months after the switch (expiring the package repos on 01 Jan 2019). This essentially gives our users eight full months for an upgrade path.\n  \n  As part of the switch back to OpenSSL, the default NTP daemon in base will switch back from OpenNTPd to ISC NTP. Users who have localopenntpdenable=\"YES\" set in rc.conf will need to switch back to ntpd_enable=\"YES\".\n  \n  Users who build base from source will want to fully clean their object directories. Any and all packages that link with libcrypto or libssl will need to be rebuilt or reinstalled.\n  \n  With the community's help, we look forward to the day when we can make the switch back to LibreSSL. We at HardenedBSD believe that providing our users options to rid themselves of software monocultures can better increase security and manage risk.\n\n\n\n\nDigitalOcean\nhttp://do.co/bsdnow -- $100 credit for 60 days\n\nHow Dan Kaminsky Almost Broke the Internet\n\n\n  In the summer of 2008, security researcher Dan Kaminsky disclosed how he had found a huge flaw in the Internet that could let attackers redirect web traffic to alternate servers and disrupt normal operations. In this Hacker History video, Kaminsky describes the flaw and notes the issue remains unfixed.\n  \n  “We were really concerned about web pages and emails 'cause that’s what you get to compromise when you compromise DNS,” Kaminsky says. “You think you’re sending an email to IBM but it really goes to the bad guy.”\n  \n  As the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don’t have to remember strings of numbers to reach web applications and services. Authoritative nameservers publish the IP addresses of domain names. Recursive nameservers talk to authoritative servers to find addresses for those domain names and saves the information into its cache to speed up the response time the next time it is asked about that site. While anyone can set up a nameserver and configure an authoritative zone for any site, if recursive nameservers don’t point to it to ask questions, no one will get those wrong answers.\n  \n  We made the Internet less flammable.\n  \n  Kaminsky found a fundamental design flaw in DNS that made it possible to inject incorrect information into the nameserver's cache, or DNS cache poisoning. In this case, if an attacker crafted DNS queries looking for sibling names to existing domains, such as 1.example.com, 2.example.com, and 3.example.com, while claiming to be the official \"www\" server for example.com, the nameserver will save that server IP address for “www” in its cache.\n  \n  “The server will go, ‘You are the official. Go right ahead. Tell me what it’s supposed to be,’” Kaminsky says in the video.\n  \n  Since the issue affected nearly every DNS server on the planet, it required a coordinated response to address it. Kaminsky informed Paul Vixie, creator of several DNS protocol extensions and application, and Vixie called an emergency summit of major IT vendors at Microsoft’s headquarters to figure out what to do.\n  \n  The “fix” involved combining the 16-bit transaction identifier that DNS lookups used with UDP source ports to create 32-bit transaction identifiers. Instead of fixing the flaw so that it can’t be exploited, the resolution focused on making it take more than ten seconds, eliminating the instantaneous attack.\n  \n  “[It’s] not like we repaired DNS,” Kaminsky says. “We made the Internet less flammable.”\n  \n  DNSSEC (Domain Name System Security Extensions), is intended to secure DNS by adding a cryptographic layer to DNS information. The root zone of the internet was signed for DNSSEC in July 2010 and the .com Top Level Domain (TLD) was finally signed for DNSSEC in April 2011. Unfortunately, adoption has been slow, even ten years after Kaminsky first raised the alarm about DNS, as less than 15 percent of users pass their queries to DNSSEC validating resolvers.\n  \n  The Internet was never designed to be secure. The Internet was designed to move pictures of cats.\n  \n  No one expected the Internet to be used for commerce and critical communications. If people lose faith in DNS, then all the things that depend on it are at risk.\n  \n  “What are we going to do? Here is the answer. Some of us gotta go out fix it,” Kaminsky says.\n\n\n\n\nOpenIndiana Hipster 2018.04 is here\n\n\nWe have released a new OpenIndiana Hipster snapshot 2018.04. The noticeable changes:\n\nUserland software is rebuilt with GCC 6.\nKPTI was enabled to mitigate recent security issues in Intel CPUs.\nSupport of Gnome 2 desktop was removed.\nLinked images now support zoneproxy service.\nMate desktop applications are delivered as 64-bit-only.\nUpower support was integrated.\nIIIM was removed.\nMore information can be found in 2018.04 Release notes and new medias can be downloaded from http://dlc.openindiana.org.\n\n\n\n\nBeastie Bits\n\n\nEuroBSDCon - Call for Papers\nOpenSSH 7.7\npkgsrc-2018Q1 released\nBSDCan Schedule\nMichael Dexter's LFNW talk\n\n\n\n\n\n\nTarsnap ad\n\n\n\nFeedback/Questions\n\n\nBob - Help locating FreeBSD Help\nAlex - Convert directory to dataset\nAdam - FreeNAS Question\nFlorian - Three Questions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n\n\niX Ad spot: iXsystems TrueNAS M-Series Blows Away Veeam Backup Certification Tests","content_html":"\u003cp\u003eArcan and OpenBSD, running OpenBSD 6.3 on RPI 3, why C is not a low-level language, HardenedBSD switching back to OpenSSL, how the Internet was almost broken, EuroBSDcon CfP is out, and the BSDCan 2018 schedule is available.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arcan-fe.com/2018/04/25/towards-secure-system-graphics-arcan-and-openbsd/\"\u003eTowards Secure System Graphics: Arcan and OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eLet me preface this by saying that this is a (very) long and medium-rare technical article about the security considerations and minutiae of porting (most of) the Arcan ecosystem to work under OpenBSD. The main point of this article is not so much flirting with the OpenBSD crowd or adding further noise to software engineering topics, but to go through the special considerations that had to be taken, as notes to anyone else that decides to go down this overgrown and lonesome trail, or are curious about some less than obvious differences between how these things “work” on Linux vs. other parts of the world.\u003c/p\u003e\n  \n  \u003cp\u003eA disclaimer is also that most of this have been discovered by experimentation and combining bits and pieces scattered in everything from Xorg code to man pages, there may be smarter ways to solve some of the problems mentioned – this is just the best I could find within the time allotted. I’d be happy to be corrected, in patch/pull request form that is \u0026#x1f609;\u003c/p\u003e\n  \n  \u003cp\u003eEach section will start with a short rant-like explanation of how it works in Linux, and what the translation to OpenBSD involved or, in the cases that are still partly or fully missing, will require. The topics that will be covered this time are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGraphics Device Access\u003c/li\u003e\n\u003cli\u003eHotplug\u003c/li\u003e\n\u003cli\u003eInput\u003c/li\u003e\n\u003cli\u003eBacklight\u003c/li\u003e\n\u003cli\u003eXorg\u003c/li\u003e\n\u003cli\u003ePledging\u003c/li\u003e\n\u003cli\u003eMissing\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html\"\u003eInstalling OpenBSD 6.3 (snapshots) on Raspberry pi 3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Easy way\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eInstalling the OpenBSD on raspberry pi 3 is very easy and well documented which almost convinced me of not writing about it, but still I felt like it may help somebody new to the project (But again I really recommend reading the document if you are interested and have the time).\u003c/p\u003e\n  \n  \u003cp\u003eNote: I'm always running snapshots and recommend anybody to do it as well. But the snapshots links will change to the next version every 6 month, so I changed the links to the 6.3 version to keep the blog post valid over times. If you're familiar to the OpenBSD flavors, feel free to use the snapshots links instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRequirements\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eDue to the lack of driver, the OpenBSD can not boot directly from the SD Card yet, So we'll need an USB Stick for the installtion target aside the SD Card for the U-Boot and installer. Also, a Serial Console connection is required. I Used a PL2303 USB to Serial (TTL) adapter connected to my Laptop via USB port and connected to the Raspberry via TX, RX and GND pins.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\nhttps://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://tomforsyth1000.github.io/blog.wiki.html#%5B%5BWhydidn%27tLarrabeefail?%5D%5D\"\u003eWhy Didn’t Larrabee Fail?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eEvery month or so, someone will ask me what happened to Larrabee and why it failed so badly. And I then try to explain to them that not only didn't it fail, it was a pretty huge success. And they are understandably very puzzled by this, because in the public consciousness Larrabee was like the Itanic and the SPU rolled into one, wasn't it? Well, not quite. So rather than explain it in person a whole bunch more times, I thought I should write it down.\u003c/p\u003e\n  \n  \u003cp\u003eThis is not a history, and I'm going to skip a TON of details for brevity. One day I'll write the whole story down, because it's a pretty decent escapade with lots of fun characters. But not today. Today you just get the very start and the very end.\u003c/p\u003e\n  \n  \u003cp\u003eWhen I say \"Larrabee\" I mean all of Knights, all of MIC, all of Xeon Phi, all of the \"Isle\" cards - they're all exactly the same chip and the same people and the same software effort. Marketing seemed to dream up a new codeword every week, but there was only ever three chips:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eKnights Ferry / Aubrey Isle / LRB1 - mostly a prototype, had some performance gotchas, but did work, and shipped to partners.\u003c/li\u003e\n\u003cli\u003eKnights Corner / Xeon Phi / LRB2 - the thing we actually shipped in bulk.\u003c/li\u003e\n\u003cli\u003eKnights Landing - the new version that is shipping any day now (mid 2016).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThat's it. There were some other codenames I've forgotten over the years, but they're all of one of the above chips. Behind all the marketing smoke and mirrors there were only three chips ever made (so far), and only four planned in total (we had a thing called LRB3 planned between KNC and KNL for a while). All of them are \"Larrabee\", whether they do graphics or not.\u003c/p\u003e\n  \n  \u003cp\u003eWhen Larrabee was originally conceived back in about 2005, it was called \"SMAC\", and its original goals were, from most to least important:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003col\u003e\u003cli\u003eMake the most powerful flops-per-watt machine for real-world workloads using a huge array of simple cores, on systems and boards that could be built into bazillo-core supercomputers.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\n\u003cli\u003e\u003col\u003e\u003cli\u003eMake it from x86 cores. That means memory coherency, store ordering, memory protection, real OSes, no ugly scratchpads, it runs legacy code, and so on. No funky DSPs or windowed register files or wacky programming models allowed. Do not build another Itanium or SPU!\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\n\u003cli\u003e\u003col\u003e\u003cli\u003eMake it soon. That means keeping it simple.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\n\u003cli\u003e\u003col\u003e\u003cli\u003eSupport the emerging GPGPU market with that same chip. Intel were absolutely not going to build a 150W PCIe card version of their embedded graphics chip (known as \"Gen\"), so we had to cover those programming models. As a bonus, run normal graphics well.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\n\u003cli\u003e\u003col\u003e\u003cli\u003eAdd as little graphics-specific hardware as you can get away with.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThat ordering is important - in terms of engineering and focus, Larrabee was never primarily a graphics card. If Intel had wanted a kick-ass graphics card, they already had a very good graphics team begging to be allowed to build a nice big fat hot discrete GPU - and the Gen architecture is such that they'd build a great one, too. But Intel management didn't want one, and still doesn't. But if we were going to build Larrabee anyway, they wanted us to cover that market as well.\u003c/p\u003e\n  \n  \u003cp\u003e... the design of Larrabee was of a CPU with a very wide SIMD unit, designed above all to be a real grown-up CPU - coherent caches, well-ordered memory rules, good memory protection, true multitasking, real threads, runs Linux/FreeBSD, etc. Larrabee, in the form of KNC, went on to become the fastest supercomputer in the world for a couple of years, and it's still making a ton of money for Intel in the HPC market that it was designed for, fighting very nicely against the GPUs and other custom architectures. Its successor, KNL, is just being released right now (mid 2016) and should do very nicely in that space too. Remember - KNC is literally the same chip as LRB2. It has texture samplers and a video out port sitting on the die. They don't test them or turn them on or expose them to software, but they're still there - it's still a graphics-capable part.\u003c/p\u003e\n  \n  \u003cp\u003eBut it's still actually running FreeBSD on that card, and under FreeBSD it's just running an x86 program called DirectXGfx (248 threads of it).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://queue.acm.org/detail.cfm?id=3212479\"\u003eC Is Not a Low-level Language : Your computer is not a fast PDP-11.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIn the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.\u003c/p\u003e\n  \n  \u003cp\u003eProcessor vendors are not alone in this. Those of us working on C/C++ compilers have also participated.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat Is a Low-Level Language?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eComputer science pioneer Alan Perlis defined low-level languages this way: \"A programming language is low level when its programs require attention to the irrelevant.\"\u003c/p\u003e\n  \n  \u003cp\u003eWhile, yes, this definition applies to C, it does not capture what people desire in a low-level language. Various attributes cause people to regard a language as low-level. Think of programming languages as belonging on a continuum, with assembly at one end and the interface to the Starship Enterprise's computer at the other. Low-level languages are \"close to the metal,\" whereas high-level languages are closer to how humans think.\u003c/p\u003e\n  \n  \u003cp\u003eFor a language to be \"close to the metal,\" it must provide an abstract machine that maps easily to the abstractions exposed by the target platform. It's easy to argue that C was a low-level language for the PDP-11. They both described a model in which programs executed sequentially, in which memory was a flat space, and even the pre- and post-increment operators cleanly lined up with the PDP-11 addressing modes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eFast PDP-11 Emulators\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe root cause of the Spectre and Meltdown vulnerabilities was that processor architects were trying to build not just fast processors, but fast processors that expose the same abstract machine as a PDP-11. This is essential because it allows C programmers to continue in the belief that their language is close to the underlying hardware.\u003c/p\u003e\n  \n  \u003cp\u003eC code provides a mostly serial abstract machine (until C11, an entirely serial machine if nonstandard vendor extensions were excluded). Creating a new thread is a library operation known to be expensive, so processors wishing to keep their execution units busy running C code rely on ILP (instruction-level parallelism). They inspect adjacent operations and issue independent ones in parallel. This adds a significant amount of complexity (and power consumption) to allow programmers to write mostly sequential code. In contrast, GPUs achieve very high performance without any of this logic, at the expense of requiring explicitly parallel programs.\u003c/p\u003e\n  \n  \u003cp\u003eThe quest for high ILP was the direct cause of Spectre and Meltdown. A modern Intel processor has up to 180 instructions in flight at a time (in stark contrast to a sequential C abstract machine, which expects each operation to complete before the next one begins). A typical heuristic for C code is that there is a branch, on average, every seven instructions. If you wish to keep such a pipeline full from a single thread, then you must guess the targets of the next 25 branches. This, again, adds complexity; it also means that an incorrect guess results in work being done and then discarded, which is not ideal for power consumption. This discarded work has visible side effects, which the Spectre and Meltdown attacks could exploit.\u003c/p\u003e\n  \n  \u003cp\u003eOn a modern high-end core, the register rename engine is one of the largest consumers of die area and power. To make matters worse, it cannot be turned off or power gated while any instructions are running, which makes it inconvenient in a dark silicon era when transistors are cheap but powered transistors are an expensive resource. This unit is conspicuously absent on GPUs, where parallelism again comes from multiple threads rather than trying to extract instruction-level parallelism from intrinsically scalar code. If instructions do not have dependencies that need to be reordered, then register renaming is not necessary.\u003c/p\u003e\n  \n  \u003cp\u003eConsider another core part of the C abstract machine's memory model: flat memory. This hasn't been true for more than two decades. A modern processor often has three levels of cache in between registers and main memory, which attempt to hide latency.\u003c/p\u003e\n  \n  \u003cp\u003eThe cache is, as its name implies, hidden from the programmer and so is not visible to C. Efficient use of the cache is one of the most important ways of making code run quickly on a modern processor, yet this is completely hidden by the abstract machine, and programmers must rely on knowing implementation details of the cache (for example, two values that are 64-byte-aligned may end up in the same cache line) to write efficient code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://web.archive.org/web/20180501170011/https://queue.acm.org/detail.cfm?id=3212479\"\u003eBackup URL\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://news.ycombinator.com/item?id=16967675\"\u003eHacker News Commentary\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2018-04-30/hardenedbsd-switching-back-openssl\"\u003eHardenedBSD Switching Back to OpenSSL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOver a year ago, HardenedBSD switched to LibreSSL as the default cryptographic library in base for 12-CURRENT. 11-STABLE followed suit later on. Bernard Spil has done an excellent job at keeping our users up-to-date with the latest security patches from LibreSSL.\u003c/p\u003e\n  \n  \u003cp\u003eAfter recently updating 12-CURRENT to LibreSSL 2.7.2 from 2.6.4, it has become increasingly clear to us that performing major upgrades requires a team larger than a single person. Upgrading to 2.7.2 caused a lot of fallout in our ports tree. As of 28 Apr 2018, several ports we consider high priority are still broken. As it stands right now, it would take Bernard a significant amount of his spare personal time to fix these issues.\u003c/p\u003e\n  \n  \u003cp\u003eUntil we have a multi-person team dedicated to maintaining LibreSSL in base along with the patches required in ports, HardenedBSD will use OpenSSL going forward as the default cryptographic library in base. LibreSSL will co-exist with OpenSSL in the source tree, as it does now. However, MK_LIBRESSL will default to \"no\" instead of the current \"yes\". Bernard will continue maintaining LibreSSL in base along with addressing the various problematic ports entries.\u003c/p\u003e\n  \n  \u003cp\u003eTo provide our users with ample time to plan and perform updates, we will wait a period of two months prior to making the switch. The switch will occur on 01 Jul 2018 and will be performed simultaneously in 12-CURRENT and 11-STABLE. HardenedBSD will archive a copy of the LibreSSL-centric package repositories and binary updates for base for a period of six months after the switch (expiring the package repos on 01 Jan 2019). This essentially gives our users eight full months for an upgrade path.\u003c/p\u003e\n  \n  \u003cp\u003eAs part of the switch back to OpenSSL, the default NTP daemon in base will switch back from OpenNTPd to ISC NTP. Users who have local\u003cem\u003eopenntpd\u003c/em\u003eenable=\"YES\" set in rc.conf will need to switch back to ntpd_enable=\"YES\".\u003c/p\u003e\n  \n  \u003cp\u003eUsers who build base from source will want to fully clean their object directories. Any and all packages that link with libcrypto or libssl will need to be rebuilt or reinstalled.\u003c/p\u003e\n  \n  \u003cp\u003eWith the community's help, we look forward to the day when we can make the switch back to LibreSSL. We at HardenedBSD believe that providing our users options to rid themselves of software monocultures can better increase security and manage risk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\nhttp://do.co/bsdnow -- $100 credit for 60 days\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://duo.com/decipher/hacker-history-how-dan-kaminsky-almost-broke-the-internet\"\u003eHow Dan Kaminsky Almost Broke the Internet\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIn the summer of 2008, security researcher Dan Kaminsky disclosed how he had found a huge flaw in the Internet that could let attackers redirect web traffic to alternate servers and disrupt normal operations. In this Hacker History video, Kaminsky describes the flaw and notes the issue remains unfixed.\u003c/p\u003e\n  \n  \u003cp\u003e“We were really concerned about web pages and emails 'cause that’s what you get to compromise when you compromise DNS,” Kaminsky says. “You think you’re sending an email to IBM but it really goes to the bad guy.”\u003c/p\u003e\n  \n  \u003cp\u003eAs the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don’t have to remember strings of numbers to reach web applications and services. Authoritative nameservers publish the IP addresses of domain names. Recursive nameservers talk to authoritative servers to find addresses for those domain names and saves the information into its cache to speed up the response time the next time it is asked about that site. While anyone can set up a nameserver and configure an authoritative zone for any site, if recursive nameservers don’t point to it to ask questions, no one will get those wrong answers.\u003c/p\u003e\n  \n  \u003cp\u003eWe made the Internet less flammable.\u003c/p\u003e\n  \n  \u003cp\u003eKaminsky found a fundamental design flaw in DNS that made it possible to inject incorrect information into the nameserver's cache, or DNS cache poisoning. In this case, if an attacker crafted DNS queries looking for sibling names to existing domains, such as 1.example.com, 2.example.com, and 3.example.com, while claiming to be the official \"www\" server for example.com, the nameserver will save that server IP address for “www” in its cache.\u003c/p\u003e\n  \n  \u003cp\u003e“The server will go, ‘You are the official. Go right ahead. Tell me what it’s supposed to be,’” Kaminsky says in the video.\u003c/p\u003e\n  \n  \u003cp\u003eSince the issue affected nearly every DNS server on the planet, it required a coordinated response to address it. Kaminsky informed Paul Vixie, creator of several DNS protocol extensions and application, and Vixie called an emergency summit of major IT vendors at Microsoft’s headquarters to figure out what to do.\u003c/p\u003e\n  \n  \u003cp\u003eThe “fix” involved combining the 16-bit transaction identifier that DNS lookups used with UDP source ports to create 32-bit transaction identifiers. Instead of fixing the flaw so that it can’t be exploited, the resolution focused on making it take more than ten seconds, eliminating the instantaneous attack.\u003c/p\u003e\n  \n  \u003cp\u003e“[It’s] not like we repaired DNS,” Kaminsky says. “We made the Internet less flammable.”\u003c/p\u003e\n  \n  \u003cp\u003eDNSSEC (Domain Name System Security Extensions), is intended to secure DNS by adding a cryptographic layer to DNS information. The root zone of the internet was signed for DNSSEC in July 2010 and the .com Top Level Domain (TLD) was finally signed for DNSSEC in April 2011. Unfortunately, adoption has been slow, even ten years after Kaminsky first raised the alarm about DNS, as less than 15 percent of users pass their queries to DNSSEC validating resolvers.\u003c/p\u003e\n  \n  \u003cp\u003eThe Internet was never designed to be secure. The Internet was designed to move pictures of cats.\u003c/p\u003e\n  \n  \u003cp\u003eNo one expected the Internet to be used for commerce and critical communications. If people lose faith in DNS, then all the things that depend on it are at risk.\u003c/p\u003e\n  \n  \u003cp\u003e“What are we going to do? Here is the answer. Some of us gotta go out fix it,” Kaminsky says.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openindiana.org/2018/04/28/openindiana-hipster-2018-04-is-here/\"\u003eOpenIndiana Hipster 2018.04 is here\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eWe have released a new OpenIndiana Hipster snapshot 2018.04. The noticeable changes:\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eUserland software is rebuilt with GCC 6.\u003c/li\u003e\n\u003cli\u003eKPTI was enabled to mitigate recent security issues in Intel CPUs.\u003c/li\u003e\n\u003cli\u003eSupport of Gnome 2 desktop was removed.\u003c/li\u003e\n\u003cli\u003eLinked images now support zoneproxy service.\u003c/li\u003e\n\u003cli\u003eMate desktop applications are delivered as 64-bit-only.\u003c/li\u003e\n\u003cli\u003eUpower support was integrated.\u003c/li\u003e\n\u003cli\u003eIIIM was removed.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMore information can be found in \u003ca href=\"https://wiki.openindiana.org/oi/2018.04+Release+notes\"\u003e2018.04 Release notes\u003c/a\u003e and new medias can be downloaded from \u003ca href=\"http://dlc.openindiana.org/\"\u003ehttp://dlc.openindiana.org\u003c/a\u003e.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/call-for-papers/\"\u003eEuroBSDCon - Call for Papers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openssh.com/txt/release-7.7\"\u003eOpenSSH 7.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/pkgsrc-users/2018/04/05/msg026461.html\"\u003epkgsrc-2018Q1 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdcan.org/2018/schedule/\"\u003eBSDCan Schedule\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=CehSeSVgEUA\u0026amp;feature=youtu.be\"\u003eMichael Dexter's LFNW talk\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003eTarsnap ad\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBob - \u003ca href=\"http://dpaste.com/02T6P91#wrap\"\u003eHelp locating FreeBSD Help\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlex - \u003ca href=\"http://dpaste.com/04RQ46X#wrap\"\u003eConvert directory to dataset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdam - \u003ca href=\"http://dpaste.com/3GT988W#wrap\"\u003eFreeNAS Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFlorian - \u003ca href=\"http://dpaste.com/3RGQRVR#wrap\"\u003eThree Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003eiX Ad spot: \u003ca href=\"https://www.ixsystems.com/blog/truenas-m-series-veeam-pr-2018/\"\u003eiXsystems TrueNAS M-Series Blows Away Veeam Backup Certification Tests\u003c/a\u003e\u003c/p\u003e","summary":"Arcan and OpenBSD, running OpenBSD 6.3 on RPI 3, why C is not a low-level language, HardenedBSD switching back to OpenSSL, how the Internet was almost broken, EuroBSDcon CfP is out, and the BSDCan 2018 schedule is available.","date_published":"2018-05-03T03:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a46e2baa-82ee-4acb-9678-978f26dbd32c.mp3","mime_type":"audio/mp3","size_in_bytes":61656187,"duration_in_seconds":5132}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1826","title":"Episode 243: Understanding The Scheduler | BSD Now 243","url":"https://www.bsdnow.tv/243","content_text":"OpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018.\n\nHeadlines\n\nOpenBSD 6.3 released\n\n\nPunctual as ever, OpenBSD 6.3 has been releases with the following features/changes:\n\n\n\n  Improved HW support, including:\n  SMP support on OpenBSD/arm64 platforms\n  vmm/vmd improvements:\n  IEEE 802.11 wireless stack improvements\n  Generic network stack improvements\n  Installer improvements\n  Routing daemons and other userland network improvements\n  Security improvements\n  dhclient(8) improvements\n  Assorted improvements\n  OpenSMTPD 6.0.4\n  OpenSSH 7.7\n  LibreSSL 2.7.2\n  \n  \n\n\nDragonFlyBSD 5.2 released\n\n\n\n\n  Big-ticket items\n  Meltdown and Spectre mitigation support\n  Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectremitigation and machdep.meltdownmitigation.\n  HAMMER2\n  H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.\n  Clustered support is not yet available.\n  ipfw Updates\n  Implement state based \"redirect\", i.e. without using libalias.\n  ipfw now supports all possible ICMP types.\n  Fix ICMPMAXTYPE assumptions (now 40 as of this release).\n  Improved graphics support\n  The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs\n  Add 24-bit pixel format support to the EFI frame buffer code.\n  Significantly improve fbio support for the \"scfb\" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.\n  Partly implement the FBIOBLANK ioctl for display powersaving.\n  Syscons waits for drm modesetting at appropriate places, avoiding races.\n  + For more details, check out the “All changes since DragonFly 5.0” section.\n\n\n\n\n\n\n\n\n\nZFS on Linux bug causes files to disappear\n\n\nA bug in ZoL 0.7.7 caused 0.7.8 to be released just 3 days after the release\nThe bug only impacts Linux, the change that caused the problem was not upstreamed yet, so does not impact ZFS on illumos, FreeBSD, OS X, or Windows\nThe bug can cause files being copied into a directory to not be properly linked to the directory, so they will no longer be listed in the contents of the directory\nZoL developers are working on a tool to allow you to recover the data, since no data was actually lost, the files were just not properly registered as part of the directory\nThe bug was introduced in a commit made in February, that attempted to improve performance of datasets created with the case insensitivity option. In an effort to improve performance, they introduced a limit to cap to give up (return ENOSPC) if growing the directory ZAP failed twice.\nThe ZAP is the key-value pair data structure that contains metadata for a directory, including a hash table of the files that are in a directory. When a directory has a large number of files, the ZAP is converted to a FatZAP, and additional space may need to be allocated as additional files are added.\n\n\n\n  Commit cc63068 caused ENOSPC error when copy a large amount of files between two directories. The reason is that the patch limits zap leaf expansion to 2 retries, and return ENOSPC when failed.\n  Finding the root cause of this issue was somewhat hampered by the fact that many people were not able to reproduce the issue. It turns out this was caused by an entirely unrelated change to GNU coreutils.\n  On later versions of GNU Coreutils, the files were returned in a sorted order, resulting in them hitting different buckets in the hash table, and not tripping the retry limit\n  Tools like rsync were unaffected, because they always sort the files before copying\n  If you did not see any ENOSPC errors, you were likely not impacted\n  The intent for limiting retries is to prevent pointlessly growing table to max size when adding a block full of entries with same name in different case in mixed mode. However, it turns out we cannot use any limit on the retry. When we copy files from one directory in readdir order, we are copying in hash order, one leaf block at a time. Which means that if the leaf block in source directory has expanded 6 times, and you copy those entries in that block, by the time you need to expand the leaf in destination directory, you need to expand it 6 times in one go. So any limit on the retry will result in error where it shouldn't.\n  Recommendations for Users from Ryan Yao:\n  The regression makes it so that creating a new file could fail with ENOSPC after which files created in that directory could become orphaned. Existing files seem okay, but I have yet to confirm that myself and I cannot speak for what others know. It is incredibly difficult to reproduce on systems running coreutils 8.23 or later. So far, reports have only come from people using coreutils 8.22 or older. The directory size actually gets incremented for each orphaned file, which makes it wrong after orphan files happen.\n  We will likely have some way to recover the orphaned files (like ext4’s lost+found) and fix the directory sizes in the very near future. Snapshots of the damaged datasets are problematic though. Until we have a subcommand to fix it (not including the snapshots, which we would have to list), the damage can be removed from a system that has it either by rolling back to a snapshot before it happened or creating a new dataset with 0.7.6 (or another release other than 0.7.7), moving everything to the new dataset and destroying the old. That will restore things to pristine condition.\n  It should also be possible to check for pools that are affected, but I have yet to finish my analysis to be certain that no false negatives occur when checking, so I will avoid saying how for now.\n  Writes to existing files cannot trigger this bug, only adding new files to a directory in bulk\n  \n  \n\n\nNews Roundup\n\n\n\ndes@’s thoughts on being a FreeBSD committer for 20 years\n\n\n\n\n  Yesterday was the twentieth anniversary of my FreeBSD commit bit, and tomorrow will be the twentieth anniversary of my first commit. I figured I’d split the difference and write a few words about it today.\n  \n  My level of engagement with the FreeBSD project has varied greatly over the twenty years I’ve been a committer. There have been times when I worked on it full-time, and times when I did not touch it for months. The last few years, health issues and life events have consumed my time and sapped my energy, and my contributions have come in bursts. Commit statistics do not tell the whole story, though: even when not working on FreeBSD directly, I have worked on side projects which, like OpenPAM, may one day find their way into FreeBSD.\n  \n  My contributions have not been limited to code. I was the project’s first Bugmeister; I’ve served on the Security Team for a long time, and have been both Security Officer and Deputy Security Officer; I managed the last four Core Team elections and am doing so again this year.\n  \n  In return, the project has taught me much about programming and software engineering. It taught me code hygiene and the importance of clarity over cleverness; it taught me the ins and outs of revision control; it taught me the importance of good documentation, and how to write it; and it taught me good release engineering practices.\n  \n  Last but not least, it has provided me with the opportunity to work with some of the best people in the field. I have the privilege today to count several of them among my friends.\n  \n  For better or worse, the FreeBSD project has shaped my career and my life. It set me on the path to information security in general and IAA in particular, and opened many a door for me. I would not be where I am now without it.\n  \n  I won’t pretend to be able to tell the future. I don’t know how long I will remain active in the FreeBSD project and community. It could be another twenty years; or it could be ten, or five, or less. All I know is that FreeBSD and I still have things to teach each other, and I don’t intend to call it quits any time soon.\n\n\n\n\n\n\n\n\n\niXsystems unveils new TrueNAS M-Series Unified Storage Line\n\n\n\n\n  San Jose, Calif., April 10, 2018 — iXsystems, the leader in Enterprise Open Source servers and software-defined storage, announced the TrueNAS M40 and M50 as the newest high-performance models in its hybrid, unified storage product line. The TrueNAS M-Series harnesses NVMe and NVDIMM to bring all-flash array performance to the award-winning TrueNAS hybrid arrays. It also includes the Intel® Xeon® Scalable Family of Processors and supports up to 100GbE and 32Gb Fibre Channel networking. Sitting between the all-flash TrueNAS Z50 and the hybrid TrueNAS X-Series in the product line, the TrueNAS M-Series delivers up to 10 Petabytes of highly-available and flash-powered network attached storage and rounds out a comprehensive product set that has a capacity and performance option for every storage budget.\n\n\n\nDesigned for On-Premises \u0026amp; Enterprise Cloud Environments\n\n\n\n  As a unified file, block, and object sharing solution, TrueNAS can meet the needs of file serving, backup, virtualization, media production, and private cloud users thanks to its support for the SMB, NFS, AFP, iSCSI, Fibre Channel, and S3 protocols.\n  \n  At the heart of the TrueNAS M-Series is a custom 4U, dual-controller head unit that supports up to 24 3.5” drives and comes in two models, the M40 and M50, for maximum flexibility and scalability. The TrueNAS M40 uses NVDIMMs for write cache, SSDs for read cache, and up to two external 60-bay expansion shelves that unlock up to 2PB in capacity. The TrueNAS M50 uses NVDIMMs for write caching, NVMe drives for read caching, and up to twelve external 60-bay expansion shelves to scale upwards of 10PB. The dual-controller design provides high-availability failover and non-disruptive upgrades for mission-critical enterprise environments.\n  \n  By design, the TrueNAS M-Series unleashes cutting-edge persistent memory technology for demanding performance and capacity workloads, enabling businesses to accelerate enterprise applications and deploy enterprise private clouds that are twice the capacity of previous TrueNAS models. It also supports replication to the Amazon S3, BackBlaze B2, Google Cloud, and Microsoft Azure cloud platforms and can deliver an object store using the ubiquitous S3 object storage protocol at a fraction of the cost of the public cloud.\n\n\n\nFast\n\n\n\n  As a true enterprise storage platform, the TrueNAS M50 supports very demanding performance workloads with up to four active 100GbE ports, 3TB of RAM, 32GB of NVDIMM write cache and up to 15TB of NVMe flash read cache. The TrueNAS M40 and M50 include up to 24/7 and global next-business-day support, putting IT at ease. The modular and tool-less design of the M-Series allows for easy, non-disruptive servicing and upgrading by end-users and support technicians for guaranteed uptime. TrueNAS has US-Based support provided by the engineering team that developed it, offering the rapid response that every enterprise needs.\n\n\n\nAward-Winning TrueNAS Features\n\nEnterprise: Perfectly suited for private clouds and enterprise workloads such as file sharing, backups, M\u0026amp;E, surveillance, and hosting virtual machines.\nUnified: Utilizes SMB, AFP, NFS for file storage, iSCSI, Fibre Channel and OpenStack Cinder for block storage, and S3-compatible APIs for object storage. Supports every common operating system, hypervisor, and application.\nEconomical: Deploy an enterprise private cloud and reduce storage TCO by 70% over AWS with built-in enterprise-class features such as in-line compression, deduplication, clones, and thin-provisioning.\nSafe: The OpenZFS file system ensures data integrity with best-in-class replication and snapshotting. Customers can replicate data to the rest of the iXsystems storage lineup and to the public cloud.\nReliable: High Availability option with dual hot-swappable controllers for continuous data availability and 99.999% uptime.\nFamiliar: Provision and manage storage with the same simple and powerful WebUI and REST APIs used in all iXsystems storage products, as well as iXsystems’ FreeNAS Software.\nCertified: TrueNAS has passed the Citrix Ready, VMware Ready, and Veeam Ready certifications, reducing the risk of deploying a virtualized infrastructure.\nOpen: By using industry-standard sharing protocols, the OpenZFS Open Source enterprise file system and FreeNAS, the world’s #1 Open Source storage operating system (and also engineered by iXsystems), TrueNAS is the most open enterprise storage solution on the market.\nAvailability\n\n\n\n  The TrueNAS M40 and M50 will be generally available in April 2018 through the iXsystems global channel partner network. The TrueNAS M-Series starts at under $20,000 USD and can be easily expanded using a linear “per terabyte” pricing model. With typical compression, a Petabtye can be stored for under $100,000 USD. TrueNAS comes with an all-inclusive software suite that provides NFS, Windows SMB, iSCSI, snapshots, clones and replication.\n\n\n\nFor more information, visit www.ixsystems.com/TrueNAS \nTrueNAS M-Series What's New Video\n\n\n\n\nUnderstanding and tuning the FreeBSD Scheduler \n\n```\nOccasionally I noticed that the system would not quickly process the\ntasks i need done, but instead prefer other, longrunning tasks. I\nfigured it must be related to the scheduler, and decided it hates me.\n\nA closer look shows the behaviour as follows (single CPU):\n\nLets run an I/O-active task, e.g, postgres VACUUM that would\ncontinuously read from big files (while doing compute as well [1]):\n\n\n  pool        alloc   free   read  write   read  write\n  cache           -      -      -      -      -      -\n   ada1s4    7.08G  10.9G  1.58K      0  12.9M      0\n\n\nNow start an endless loop:\n\nwhile true; do :; done\n\nAnd the effect is:\n\n\n  pool        alloc   free   read  write   read  write\n  cache           -      -      -      -      -      -\n   ada1s4    7.08G  10.9G      9      0  76.8K      0\n\n\nThe VACUUM gets almost stuck! This figures with WCPU in \"top\":\n\n\n  PID USERNAME   PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND\n  85583 root        99    0  7044K  1944K RUN      1:06  92.21% bash\n  53005 pgsql       52    0   620M 91856K RUN      5:47   0.50% postgres\n\n\nHacking on kern.sched.quantum makes it quite a bit better:\n\nsysctl kern.sched.quantum=1\n\nkern.sched.quantum: 94488 -\u0026gt; 7874\n\n\n  pool        alloc   free   read  write   read  write\n  cache           -      -      -      -      -      -\n   ada1s4    7.08G  10.9G    395      0  3.12M      0\n  \n  PID USERNAME   PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND\n  85583 root        94    0  7044K  1944K RUN      4:13  70.80% bash\n  53005 pgsql       52    0   276M 91856K RUN      5:52  11.83% postgres\n\n\nNow, as usual, the \"root-cause\" questions arise: What exactly does\nthis \"quantum\"? Is this solution a workaround, i.e. actually something\nelse is wrong, and has it tradeoff in other situations? Or otherwise,\nwhy is such a default value chosen, which appears to be ill-deceived?\n\nThe docs for the quantum parameter are a bit unsatisfying - they say\nits the max num of ticks a process gets - and what happens when\nthey're exhausted? If by default the endless loop is actually allowed\nto continue running for 94k ticks (or 94ms, more likely) uninterrupted,\nthen that explains the perceived behaviour - buts thats certainly not\nwhat a scheduler should do when other procs are ready to run.\n\n11.1-RELEASE-p7, kern.hz=200. Switching tickless mode on or off does\nnot influence the matter. Starting the endless loop with \"nice\" does\nnot influence the matter.\n\n[1]\nA pure-I/O job without compute load, like \"dd\", does not show\nthis behaviour. Also, when other tasks are running, the unjust\nbehaviour is not so stongly pronounced.\n```\n\n\n\naarch64 support added\n\n\n  I have committed about adding initial support for aarch64.\n\n\n\nbooting log on RaspberryPI3:\n\n\n```\n    boot NetBSD/evbarm (aarch64)\n    Drop to EL1...OK\n    Creating VA=PA tables\n    Creating KSEG tables\n    Creating KVA=PA tables\n    Creating devmap tables\n    MMU Enable...OK\n    VSTART          = ffffffc000001ff4\n    FDT\u0026lt;3ab46000\u0026gt; devmap cpufunc bootstrap consinit ok\n    uboot: args 0x3ab46000, 0, 0, 0\n\nNetBSD/evbarm (fdt) booting ...\nFDT /memory [0] @ 0x0 size 0x3b000000\nMEM: add 0-3b000000\nMEM: res 0-1000\nMEM: res 3ab46000-3ab4a000\nUsable memory:\n  1000 - 3ab45fff\n  3ab4a000 - 3affffff\ninitarm: kernel phys start 1000000 end 17bd000\nMEM: res 1000000-17bd000\nbootargs: root=axe0\n  1000 - ffffff\n  17bd000 - 3ab45fff\n  3ab4a000 - 3affffff\n------------------------------------------\nkern_vtopdiff         = 0xffffffbfff000000\nphysical_start        = 0x0000000000001000\nkernel_start_phys     = 0x0000000001000000\nkernel_end_phys       = 0x00000000017bd000\nphysical_end          = 0x000000003ab45000\nVM_MIN_KERNEL_ADDRESS = 0xffffffc000000000\nkernel_start_l2       = 0xffffffc000000000\nkernel_start          = 0xffffffc000000000\nkernel_end            = 0xffffffc0007bd000\nkernel_end_l2         = 0xffffffc000800000\n(kernel va area)\n(devmap va area)\nVM_MAX_KERNEL_ADDRESS = 0xffffffffffe00000\n------------------------------------------\nCopyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,\n    2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,\n    2018 The NetBSD Foundation, Inc.  All rights reserved.\nCopyright (c) 1982, 1986, 1989, 1991, 1993\n    The Regents of the University of California.  All rights reserved.\n\nNetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018\n        ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64\ntotal memory = 936 MB\navail memory = 877 MB\n\n\n…\n\nStarting local daemons:.\nUpdating motd.\nStarting sshd.\nStarting inetd.\nStarting cron.\nThe following components reported failures:\n    /etc/rc.d/swap2\nSee /var/run/rc.log for more information.\nFri Mar 30 12:35:31 JST 2018\n\nNetBSD/evbarm (rpi3) (console)\n\nlogin: root\nLast login: Fri Mar 30 12:30:24 2018 on console\n\nrpi3# uname -ap\nNetBSD rpi3 8.99.14 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018  ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64 evbarm aarch64\nrpi3#\n\n\n```\n\n\n  Now, multiuser mode works stably on fdt based boards (RPI3,SUNXI,TEGRA). But there are still some problems, more time is required for release. also SMP is not yet. See sys/arch/aarch64/aarch64/TODO for more detail. Especially the problems around TLS of rtld, and C++ stack unwindings are too difficult for me to solve, I give up and need someone's help (^o^)/ Since C++ doesn't work, ATF also doesn't work. If the ATF works, it will clarify more issues.\n  \n  sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. One evbarm/conf/GENERIC64 kernel binary supports all fdt (bcm2837,sunxi,tegra) based boards. While on 32bit, sys/arch/evbarm/conf/GENERIC will support all fdt based boards...but doesn't work yet. (WIP)\n  \n  My deepest appreciation goes to Tohru Nishimura (nisimura@) whose writes vector handlers, context switchings, and so on. and his comments and suggestions were innumerably valuable. I would also like to thank Nick Hudson (skrll@) and Jared McNeill (jmcneill@) whose added support FDT and integrated into evbarm. Finally, I would like to thank Matt Thomas (matt@) whose commited aarch64\n  toolchains and preliminary support for aarch64.\n\n\n\n\nBeastie Bits\n\n\n5 Reasons to Use FreeBSD in 2018\nRewriting Intel gigabit network driver in Rust\nRecruiting to make Elastic Search on FreeBSD better\nWindows Server 2019 Preview, in bhyve on FreeBSD\n“SSH Mastery, 2nd ed” in hardcover\n\n\n\n\nFeedback/Questions\n\n\nJason - ZFS Transfer option\nLuis - ZFS Pools\nClonOS \nMichael - Tech Conferences\nanonymous - BSD trash on removable drives\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/63.html\"\u003eOpenBSD 6.3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePunctual as ever, OpenBSD 6.3 has been releases with the following features/changes:\n\n\n\u003cblockquote\u003e\n  Improved HW support, including:\n  SMP support on OpenBSD/arm64 platforms\n  vmm/vmd improvements:\n  IEEE 802.11 wireless stack improvements\n  Generic network stack improvements\n  Installer improvements\n  Routing daemons and other userland network improvements\n  Security improvements\n  dhclient(8) improvements\n  Assorted improvements\n  OpenSMTPD 6.0.4\n  OpenSSH 7.7\n  LibreSSL 2.7.2\u003c/li\u003e\n  \u003c/ul\u003e\n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release52/\"\u003eDragonFlyBSD 5.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eBig-ticket items\n  Meltdown and Spectre mitigation support\n  Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectre\u003cem\u003emitigation and machdep.meltdown\u003c/em\u003emitigation.\n  HAMMER2\n  H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.\n  Clustered support is not yet available.\n  ipfw Updates\n  Implement state based \"redirect\", i.e. without using libalias.\n  ipfw now supports all possible ICMP types.\n  Fix ICMP\u003cem\u003eMAXTYPE assumptions (now 40 as of this release).\n  Improved graphics support\n  The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs\n  Add 24-bit pixel format support to the EFI frame buffer code.\n  Significantly improve fbio support for the \"scfb\" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.\n  Partly implement the FBIO\u003c/em\u003eBLANK ioctl for display powersaving.\n  Syscons waits for drm modesetting at appropriate places, avoiding races.\n  + For more details, check out the “All changes since DragonFly 5.0” section.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\n\n\n\n\n\u003ch3\u003e\u003ca href=\"https://github.com/zfsonlinux/zfs/issues/7401\"\u003eZFS on Linux bug causes files to disappear\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA bug in ZoL 0.7.7 caused 0.7.8 to be released just 3 days after the release\u003c/li\u003e\n\u003cli\u003eThe bug only impacts Linux, the change that caused the problem was not upstreamed yet, so does not impact ZFS on illumos, FreeBSD, OS X, or Windows\u003c/li\u003e\n\u003cli\u003eThe bug can cause files being copied into a directory to not be properly linked to the directory, so they will no longer be listed in the contents of the directory\u003c/li\u003e\n\u003cli\u003eZoL developers are working on a tool to allow you to recover the data, since no data was actually lost, the files were just not properly registered as part of the directory\u003c/li\u003e\n\u003cli\u003eThe bug was introduced in a commit made in February, that attempted to improve performance of datasets created with the case insensitivity option. In an effort to improve performance, they introduced a limit to cap to give up (return ENOSPC) if growing the directory ZAP failed twice.\u003c/li\u003e\n\u003cli\u003eThe ZAP is the key-value pair data structure that contains metadata for a directory, including a hash table of the files that are in a directory. When a directory has a large number of files, the ZAP is converted to a FatZAP, and additional space may need to be allocated as additional files are added.\n\n\n\u003cblockquote\u003e\n  Commit cc63068 caused ENOSPC error when copy a large amount of files between two directories. The reason is that the patch limits zap leaf expansion to 2 retries, and return ENOSPC when failed.\u003c/li\u003e\n  \u003cli\u003eFinding the root cause of this issue was somewhat hampered by the fact that many people were not able to reproduce the issue. It turns out this was caused by an entirely unrelated change to GNU coreutils.\u003c/li\u003e\n  \u003cli\u003eOn later versions of GNU Coreutils, the files were returned in a sorted order, resulting in them hitting different buckets in the hash table, and not tripping the retry limit\u003c/li\u003e\n  \u003cli\u003eTools like rsync were unaffected, because they always sort the files before copying\u003c/li\u003e\n  \u003cli\u003eIf you did not see any ENOSPC errors, you were likely not impacted\n  The intent for limiting retries is to prevent pointlessly growing table to max size when adding a block full of entries with same name in different case in mixed mode. However, it turns out we cannot use any limit on the retry. When we copy files from one directory in readdir order, we are copying in hash order, one leaf block at a time. Which means that if the leaf block in source directory has expanded 6 times, and you copy those entries in that block, by the time you need to expand the leaf in destination directory, you need to expand it 6 times in one go. So any limit on the retry will result in error where it shouldn't.\u003c/li\u003e\n  \u003cli\u003eRecommendations for Users from Ryan Yao:\n  The regression makes it so that creating a new file could fail with ENOSPC after which files created in that directory could become orphaned. Existing files seem okay, but I have yet to confirm that myself and I cannot speak for what others know. It is incredibly difficult to reproduce on systems running coreutils 8.23 or later. So far, reports have only come from people using coreutils 8.22 or older. The directory size actually gets incremented for each orphaned file, which makes it wrong after orphan files happen.\n  We will likely have some way to recover the orphaned files (like ext4’s lost+found) and fix the directory sizes in the very near future. Snapshots of the damaged datasets are problematic though. Until we have a subcommand to fix it (not including the snapshots, which we would have to list), the damage can be removed from a system that has it either by rolling back to a snapshot before it happened or creating a new dataset with 0.7.6 (or another release other than 0.7.7), moving everything to the new dataset and destroying the old. That will restore things to pristine condition.\n  It should also be possible to check for pools that are affected, but I have yet to finish my analysis to be certain that no false negatives occur when checking, so I will avoid saying how for now.\u003c/li\u003e\n  \u003cli\u003eWrites to existing files cannot trigger this bug, only adding new files to a directory in bulk\u003c/li\u003e\n  \u003c/ul\u003e\n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://blog.des.no/2018/04/twenty-years/\"\u003edes@’s thoughts on being a FreeBSD committer for 20 years\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eYesterday was the twentieth anniversary of my FreeBSD commit bit, and tomorrow will be the twentieth anniversary of my first commit. I figured I’d split the difference and write a few words about it today.\u003c/p\u003e\n  \n  \u003cp\u003eMy level of engagement with the FreeBSD project has varied greatly over the twenty years I’ve been a committer. There have been times when I worked on it full-time, and times when I did not touch it for months. The last few years, health issues and life events have consumed my time and sapped my energy, and my contributions have come in bursts. Commit statistics do not tell the whole story, though: even when not working on FreeBSD directly, I have worked on side projects which, like OpenPAM, may one day find their way into FreeBSD.\u003c/p\u003e\n  \n  \u003cp\u003eMy contributions have not been limited to code. I was the project’s first Bugmeister; I’ve served on the Security Team for a long time, and have been both Security Officer and Deputy Security Officer; I managed the last four Core Team elections and am doing so again this year.\u003c/p\u003e\n  \n  \u003cp\u003eIn return, the project has taught me much about programming and software engineering. It taught me code hygiene and the importance of clarity over cleverness; it taught me the ins and outs of revision control; it taught me the importance of good documentation, and how to write it; and it taught me good release engineering practices.\u003c/p\u003e\n  \n  \u003cp\u003eLast but not least, it has provided me with the opportunity to work with some of the best people in the field. I have the privilege today to count several of them among my friends.\u003c/p\u003e\n  \n  \u003cp\u003eFor better or worse, the FreeBSD project has shaped my career and my life. It set me on the path to information security in general and IAA in particular, and opened many a door for me. I would not be where I am now without it.\u003c/p\u003e\n  \n  \u003cp\u003eI won’t pretend to be able to tell the future. I don’t know how long I will remain active in the FreeBSD project and community. It could be another twenty years; or it could be ten, or five, or less. All I know is that FreeBSD and I still have things to teach each other, and I don’t intend to call it quits any time soon.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\n\n\n\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-m-series/?utm_source=twitter.com\u0026amp;utm_medium=bsdnow\u0026amp;utm_campaign=truenas+m+series\"\u003eiXsystems unveils new TrueNAS M-Series Unified Storage Line\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eSan Jose, Calif., April 10, 2018 — iXsystems, the leader in Enterprise Open Source servers and software-defined storage, announced the TrueNAS M40 and M50 as the newest high-performance models in its hybrid, unified storage product line. The TrueNAS M-Series harnesses NVMe and NVDIMM to bring all-flash array performance to the award-winning TrueNAS hybrid arrays. It also includes the Intel® Xeon® Scalable Family of Processors and supports up to 100GbE and 32Gb Fibre Channel networking. Sitting between the all-flash TrueNAS Z50 and the hybrid TrueNAS X-Series in the product line, the TrueNAS M-Series delivers up to 10 Petabytes of highly-available and flash-powered network attached storage and rounds out a comprehensive product set that has a capacity and performance option for every storage budget.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDesigned for On-Premises \u0026amp; Enterprise Cloud Environments\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAs a unified file, block, and object sharing solution, TrueNAS can meet the needs of file serving, backup, virtualization, media production, and private cloud users thanks to its support for the SMB, NFS, AFP, iSCSI, Fibre Channel, and S3 protocols.\u003c/p\u003e\n  \n  \u003cp\u003eAt the heart of the TrueNAS M-Series is a custom 4U, dual-controller head unit that supports up to 24 3.5” drives and comes in two models, the M40 and M50, for maximum flexibility and scalability. The TrueNAS M40 uses NVDIMMs for write cache, SSDs for read cache, and up to two external 60-bay expansion shelves that unlock up to 2PB in capacity. The TrueNAS M50 uses NVDIMMs for write caching, NVMe drives for read caching, and up to twelve external 60-bay expansion shelves to scale upwards of 10PB. The dual-controller design provides high-availability failover and non-disruptive upgrades for mission-critical enterprise environments.\u003c/p\u003e\n  \n  \u003cp\u003eBy design, the TrueNAS M-Series unleashes cutting-edge persistent memory technology for demanding performance and capacity workloads, enabling businesses to accelerate enterprise applications and deploy enterprise private clouds that are twice the capacity of previous TrueNAS models. It also supports replication to the Amazon S3, BackBlaze B2, Google Cloud, and Microsoft Azure cloud platforms and can deliver an object store using the ubiquitous S3 object storage protocol at a fraction of the cost of the public cloud.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFast\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eAs a true enterprise storage platform, the TrueNAS M50 supports very demanding performance workloads with up to four active 100GbE ports, 3TB of RAM, 32GB of NVDIMM write cache and up to 15TB of NVMe flash read cache. The TrueNAS M40 and M50 include up to 24/7 and global next-business-day support, putting IT at ease. The modular and tool-less design of the M-Series allows for easy, non-disruptive servicing and upgrading by end-users and support technicians for guaranteed uptime. TrueNAS has US-Based support provided by the engineering team that developed it, offering the rapid response that every enterprise needs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eAward-Winning TrueNAS Features\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eEnterprise: Perfectly suited for private clouds and enterprise workloads such as file sharing, backups, M\u0026amp;E, surveillance, and hosting virtual machines.\u003c/li\u003e\n\u003cli\u003eUnified: Utilizes SMB, AFP, NFS for file storage, iSCSI, Fibre Channel and OpenStack Cinder for block storage, and S3-compatible APIs for object storage. Supports every common operating system, hypervisor, and application.\u003c/li\u003e\n\u003cli\u003eEconomical: Deploy an enterprise private cloud and reduce storage TCO by 70% over AWS with built-in enterprise-class features such as in-line compression, deduplication, clones, and thin-provisioning.\u003c/li\u003e\n\u003cli\u003eSafe: The OpenZFS file system ensures data integrity with best-in-class replication and snapshotting. Customers can replicate data to the rest of the iXsystems storage lineup and to the public cloud.\u003c/li\u003e\n\u003cli\u003eReliable: High Availability option with dual hot-swappable controllers for continuous data availability and 99.999% uptime.\u003c/li\u003e\n\u003cli\u003eFamiliar: Provision and manage storage with the same simple and powerful WebUI and REST APIs used in all iXsystems storage products, as well as iXsystems’ FreeNAS Software.\u003c/li\u003e\n\u003cli\u003eCertified: TrueNAS has passed the Citrix Ready, VMware Ready, and Veeam Ready certifications, reducing the risk of deploying a virtualized infrastructure.\u003c/li\u003e\n\u003cli\u003eOpen: By using industry-standard sharing protocols, the OpenZFS Open Source enterprise file system and FreeNAS, the world’s #1 Open Source storage operating system (and also engineered by iXsystems), TrueNAS is the most open enterprise storage solution on the market.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAvailability\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe TrueNAS M40 and M50 will be generally available in April 2018 through the iXsystems global channel partner network. The TrueNAS M-Series starts at under $20,000 USD and can be easily expanded using a linear “per terabyte” pricing model. With typical compression, a Petabtye can be stored for under $100,000 USD. TrueNAS comes with an all-inclusive software suite that provides NFS, Windows SMB, iSCSI, snapshots, clones and replication.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor more information, visit www.ixsystems.com/TrueNAS \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"TrueNAS M-Series What's New\"\u003eTrueNAS M-Series What's New Video\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2018-April/088678.html\"\u003eUnderstanding and tuning the FreeBSD Scheduler \u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e```\nOccasionally I noticed that the system would not quickly process the\ntasks i need done, but instead prefer other, longrunning tasks. I\nfigured it must be related to the scheduler, and decided it hates me.\u003c/p\u003e\n\n\u003cp\u003eA closer look shows the behaviour as follows (single CPU):\u003c/p\u003e\n\n\u003cp\u003eLets run an I/O-active task, e.g, postgres VACUUM that would\ncontinuously read from big files (while doing compute as well [1]):\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003epool        alloc   free   read  write   read  write\n  cache           -      -      -      -      -      -\n   ada1s4    7.08G  10.9G  1.58K      0  12.9M      0\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eNow start an endless loop:\u003c/p\u003e\n\n\u003ch1\u003ewhile true; do :; done\u003c/h1\u003e\n\n\u003cp\u003eAnd the effect is:\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003epool        alloc   free   read  write   read  write\n  cache           -      -      -      -      -      -\n   ada1s4    7.08G  10.9G      9      0  76.8K      0\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eThe VACUUM gets almost stuck! This figures with WCPU in \"top\":\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePID USERNAME   PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND\n  85583 root        99    0  7044K  1944K RUN      1:06  92.21% bash\n  53005 pgsql       52    0   620M 91856K RUN      5:47   0.50% postgres\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eHacking on kern.sched.quantum makes it quite a bit better:\u003c/p\u003e\n\n\u003ch1\u003esysctl kern.sched.quantum=1\u003c/h1\u003e\n\n\u003cp\u003ekern.sched.quantum: 94488 -\u003e 7874\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003epool        alloc   free   read  write   read  write\n  cache           -      -      -      -      -      -\n   ada1s4    7.08G  10.9G    395      0  3.12M      0\u003c/p\u003e\n  \n  \u003cp\u003ePID USERNAME   PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND\n  85583 root        94    0  7044K  1944K RUN      4:13  70.80% bash\n  53005 pgsql       52    0   276M 91856K RUN      5:52  11.83% postgres\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eNow, as usual, the \"root-cause\" questions arise: What exactly does\nthis \"quantum\"? Is this solution a workaround, i.e. actually something\nelse is wrong, and has it tradeoff in other situations? Or otherwise,\nwhy is such a default value chosen, which appears to be ill-deceived?\u003c/p\u003e\n\n\u003cp\u003eThe docs for the quantum parameter are a bit unsatisfying - they say\nits the max num of ticks a process gets - and what happens when\nthey're exhausted? If by default the endless loop is actually allowed\nto continue running for 94k ticks (or 94ms, more likely) uninterrupted,\nthen that explains the perceived behaviour - buts thats certainly not\nwhat a scheduler should do when other procs are ready to run.\u003c/p\u003e\n\n\u003cp\u003e11.1-RELEASE-p7, kern.hz=200. Switching tickless mode on or off does\nnot influence the matter. Starting the endless loop with \"nice\" does\nnot influence the matter.\u003c/p\u003e\n\n\u003cp\u003e[1]\nA pure-I/O job without compute load, like \"dd\", does not show\nthis behaviour. Also, when other tasks are running, the unjust\nbehaviour is not so stongly pronounced.\n```\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/port-arm/2018/04/01/msg004702.html\"\u003eaarch64 support added\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI have committed about adding initial support for aarch64.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ebooting log on RaspberryPI3:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e```\n    boot NetBSD/evbarm (aarch64)\n    Drop to EL1...OK\n    Creating VA=PA tables\n    Creating KSEG tables\n    Creating KVA=PA tables\n    Creating devmap tables\n    MMU Enable...OK\n    VSTART          = ffffffc000001ff4\n    FDT\u0026lt;3ab46000\u003e devmap cpufunc bootstrap consinit ok\n    uboot: args 0x3ab46000, 0, 0, 0\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eNetBSD/evbarm (fdt) booting ...\nFDT /memory [0] @ 0x0 size 0x3b000000\nMEM: add 0-3b000000\nMEM: res 0-1000\nMEM: res 3ab46000-3ab4a000\nUsable memory:\n  1000 - 3ab45fff\n  3ab4a000 - 3affffff\ninitarm: kernel phys start 1000000 end 17bd000\nMEM: res 1000000-17bd000\nbootargs: root=axe0\n  1000 - ffffff\n  17bd000 - 3ab45fff\n  3ab4a000 - 3affffff\n------------------------------------------\nkern_vtopdiff         = 0xffffffbfff000000\nphysical_start        = 0x0000000000001000\nkernel_start_phys     = 0x0000000001000000\nkernel_end_phys       = 0x00000000017bd000\nphysical_end          = 0x000000003ab45000\nVM_MIN_KERNEL_ADDRESS = 0xffffffc000000000\nkernel_start_l2       = 0xffffffc000000000\nkernel_start          = 0xffffffc000000000\nkernel_end            = 0xffffffc0007bd000\nkernel_end_l2         = 0xffffffc000800000\n(kernel va area)\n(devmap va area)\nVM_MAX_KERNEL_ADDRESS = 0xffffffffffe00000\n------------------------------------------\nCopyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,\n    2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,\n    2018 The NetBSD Foundation, Inc.  All rights reserved.\nCopyright (c) 1982, 1986, 1989, 1991, 1993\n    The Regents of the University of California.  All rights reserved.\n\nNetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018\n        ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64\ntotal memory = 936 MB\navail memory = 877 MB\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e…\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eStarting local daemons:.\nUpdating motd.\nStarting sshd.\nStarting inetd.\nStarting cron.\nThe following components reported failures:\n    /etc/rc.d/swap2\nSee /var/run/rc.log for more information.\nFri Mar 30 12:35:31 JST 2018\n\nNetBSD/evbarm (rpi3) (console)\n\nlogin: root\nLast login: Fri Mar 30 12:30:24 2018 on console\n\nrpi3# uname -ap\nNetBSD rpi3 8.99.14 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018  ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64 evbarm aarch64\nrpi3#\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e```\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eNow, multiuser mode works stably on fdt based boards (RPI3,SUNXI,TEGRA). But there are still some problems, more time is required for release. also SMP is not yet. See sys/arch/aarch64/aarch64/TODO for more detail. Especially the problems around TLS of rtld, and C++ stack unwindings are too difficult for me to solve, I give up and need someone's help (^o^)/ Since C++ doesn't work, ATF also doesn't work. If the ATF works, it will clarify more issues.\u003c/p\u003e\n  \n  \u003cp\u003esys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. One evbarm/conf/GENERIC64 kernel binary supports all fdt (bcm2837,sunxi,tegra) based boards. While on 32bit, sys/arch/evbarm/conf/GENERIC will support all fdt based boards...but doesn't work yet. (WIP)\u003c/p\u003e\n  \n  \u003cp\u003eMy deepest appreciation goes to Tohru Nishimura (nisimura@) whose writes vector handlers, context switchings, and so on. and his comments and suggestions were innumerably valuable. I would also like to thank Nick Hudson (skrll@) and Jared McNeill (jmcneill@) whose added support FDT and integrated into evbarm. Finally, I would like to thank Matt Thomas (matt@) whose commited aarch64\n  toolchains and preliminary support for aarch64.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=hvuWI5hzD5U\"\u003e5 Reasons to Use FreeBSD in 2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/johalun/status/983645780509712384\"\u003eRewriting Intel gigabit network driver in Rust\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/DLangille/status/983360090240684034\"\u003eRecruiting to make Elastic Search on FreeBSD better\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/Tubsta/status/981058685219688448\"\u003eWindows Server 2019 Preview, in bhyve on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3126\"\u003e“SSH Mastery, 2nd ed” in hardcover\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJason - \u003ca href=\"http://dpaste.com/0JN4V1K#wrap\"\u003eZFS Transfer option\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLuis - \u003ca href=\"http://dpaste.com/3MH4QRF#wrap\"\u003eZFS Pools\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://clonos.tekroutine.com/\"\u003eClonOS \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/3MN5F74#wrap\"\u003eTech Conferences\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eanonymous - \u003ca href=\"http://dpaste.com/18J24QJ#wrap\"\u003eBSD trash on removable drives\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"OpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018.","date_published":"2018-04-25T16:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bc8d0c60-eef3-488f-9d07-65122019420b.mp3","mime_type":"audio/mp3","size_in_bytes":61676635,"duration_in_seconds":5124}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1788","title":"Episode 242: Linux Takes The Fastpath | BSD Now 242","url":"https://www.bsdnow.tv/242","content_text":"TrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata.\n\nHeadlines\n\nTrueOS STABLE 18.03 Release\n\n\n  The TrueOS team is pleased to announce the availability of a new STABLE release of the TrueOS project (version 18.03). This is a special release due to the security issues impacting the computing world since the beginning of 2018. In particular, mitigating the “Meltdown” and “Spectre” system exploits make it necessary to update the entire package ecosystem for TrueOS. This release does not replace the scheduled June STABLE update, but provides the necessary and expected security updates for the STABLE release branch of TrueOS, even though this is part-way through our normal release cycle.\n\n\n\nImportant changes between version 17.12 and 18.03\n\n“Meltdown” security fixes: This release contains all the fixes to FreeBSD which mitigate the security issues for systems that utilize Intel-based processors when running virtual machines such as FreeBSD jails. Please note that virtual machines or jails must also be updated to a version of FreeBSD or TrueOS which contains these security fixes.\n“Spectre” security mitigations: This release contains all current mitigations from FreeBSD HEAD for the Spectre memory-isolation attacks (Variant 2). All 3rd-party packages for this release are also compiled with LLVM/Clang 6 (the “retpoline” mitigation strategy). This fixes many memory allocation issues and enforces stricter requirements for code completeness and memory usage within applications. Unfortunately, some 3rd-party applications became unavailable as pre-compiled packages due to non-compliance with these updated standards. These applications are currently being fixed either by the upstream authors or the FreeBSD port maintainers. If there are any concerns about the availability of a critical application for a specific workflow, please search through the changelog of packages between TrueOS 17.12 and 18.03 to verify the status of the application.\n\n\n\n  Most systems will need microcode updates for additional Spectre mitigations. The microcode updates are not enabled by default. This work is considered experimental because it is in active development by the upstream vendors. If desired, the microcode updates are available with the new devcpu-data package, which is available in the Appcafe. Install this package and enable the new microcode_update service to apply the latest runtime code when booting the system.\n\n\n\nImportant security-based package updates\n\nLibreSSL is updated from version 2.6.3 -\u0026gt; 2.6.4\nReminder: LibreSSL is used on TrueOS to build any package which does not explicitly require OpenSSL. All applications that utilize the SSL transport layer are now running with the latest security updates.\nBrowser updates: (Keep in mind that many browsers have also implemented their own security mitigations in the aftermath of the Spectre exploit.)\nFirefox: 57.0.1 -\u0026gt; 58.0.2\nChromium: 61.0.3163.100 -\u0026gt; 63.0.3239.132\nQt5 Webengine (QupZilla, Falkon, many others): 5.7.1 -\u0026gt; 5.9.4\nAll pre-compiled packages for this release are built with the latest versions of LLVM/Clang, unless the package explicitly requires GCC. These packages also utilize the latest compile-time mitigations for memory-access security concerns.\n\n\n\n\nF-Stack\n\n\n  F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API. http://www.f-stack.org\n\n\n\nIntroduction\nWith the rapid development of NIC, the poor performance of data packets processing with Linux kernel has become the bottleneck. However, the rapid development of the Internet needs high performance of network processing, kernel bypass has caught more and more attentions. There are various similar technologies appear, such as DPDK, NETMAP and PF_RING. The main idea of kernel bypass is that Linux is only used to deal with control flow, all data streams are processed in user space. Therefore, kernel bypass can avoid performance bottlenecks caused by kernel packet copying, thread scheduling, system calls and interrupts. Furthermore, kernel bypass can achieve higher performance with multi optimizing methods. Within various techniques, DPDK has been widely used because of its more thorough isolation from kernel scheduling and active community support.\nF-Stack is an open source network framework with high performance based on DPDK. With following characteristics\n\nUltra high network performance which can achieve network card under full load, 10 million concurrent connections, 5 million RPS, 1 million CPS.\nTransplant FreeBSD 11.01 user space stack, provides a complete stack function, cut a great amount of irrelevant features. Therefore greatly enhance the performance.\nSupport Nginx, Redis and other mature applications, service can easily use F-Stack\nWith Multi-process architecture, easy to extend\nProvide micro thread interface. Various applications with stateful app can easily use F-Stack to get high performance without processing complex asynchronous logic.\nProvide Epoll/Kqueue interface that allow many kinds of applications easily use F-Stack\nHistory\n\n\n\n  In order to deal with the increasingly severe DDoS attacks, authorized DNS server of Tencent Cloud DNSPod switched from Gigabit Ethernet to 10-Gigabit at the end of 2012. We faced several options, one is to continue to use the original model another is to use kernel bypass technology. After several rounds of investigation, we finally chose to develop our next generation of DNS server based on DPDK. The reason is DPDK provides ultra-high performance and can be seamlessly extended to 40G, or even 100G NIC in the future.\n  \n  After several months of development and testing, DKDNS, high-performance DNS server based on DPDK officially released in October 2013. It's capable of achieving up to 11 million QPS with a single 10GE port and 18.2 million QPS with two 10GE ports. And then we developed a user-space TCP/IP stack called F-Stack that can process 0.6 million RPS with a single 10GE port.\n  \n  With the fast growth of Tencent Cloud, more and more services need higher network access performance. Meanwhile, F-Stack was continuous improving driven by the business growth, and ultimately developed into a general network access framework. But this TCP/IP stack couldn't meet the needs of these services while continue to develop and maintain a complete network stack will cost high, we've tried several plans and finally determined to port FreeBSD(11.0 stable) TCP/IP stack into F-Stack. Thus, we can reduce the cost of maintenance and follow up the improvement from community quickly.Thanks to libplebnet and libuinet, this work becomes a lot easier.\n  \n  With the rapid development of all kinds of application, in order to help different APPs quick and easily use F-Stack, F-Stack has integrated Nginx, Redis and other commonly used APPs, and a micro thread framework, and provides a standard Epoll/Kqueue interface.\n  \n  Currently, besides authorized DNS server of DNSPod, there are various products in Tencent Cloud has used the F-Stack, such as HttpDNS (D+), COS access module, CDN access module, etc..\n\n\n\n\niXsystems\n\nLeadership Is The Secret To An Open Source Business Model\n\n\nA Forbes article by Mike Lauth, CEO of iXsystems\n\n\n\n  There is a good chance you’ve never heard of open source software and an even greater one that you’re using it every day without even realizing it. Open source software is computer software that is available under a variety of licenses that all encourage the sharing of the software and its underlying source code. Open source has powered the internet from day one and today powers the cloud and just about everything connected to it from your mobile phone to virtually every internet of things device.\n  FreeNAS is one of two open source operating systems that my company, iXsystems, develops and distributes free of charge and is at the heart of our line of TrueNAS enterprise storage products. While some of our competitors sell storage software similar to FreeNAS, we not only give it away but also do so with truly no strings attached -- competitors can and do take FreeNAS and build products based on it with zero obligation to share their changes. The freedom to do so is the fundamental tenet of permissively licensed open source software, and while it sounds self-defeating to be this generous, we’ve proven that leadership, not licensing, is the true secret to a successful open source business model.\n  We each have our own personal definition of what is fair when it comes to open source. At iXsystems, we made a conscious decision to base FreeNAS and TrueOS on the FreeBSD operating system developed by the FreeBSD project. We stand on the shoulders of giants by using FreeBSD and we consider it quite reasonable to give back on the same generous terms that the FreeBSD project offers us. We could be selective in what we provide free of charge, but we believe that doing so would be short-sighted. In the long game we’re playing, the leadership we provide over the open source projects we produce is infinitely more important than any restrictions provided by the licenses of those and other open source projects.\n  Twenty years in, we have no reason to change our free-software-on-great-hardware business model and giving away the software has brought an unexpected side-benefit: the largest Q/A department in the world, staffed by our passionate users who volunteer to let us know every thought they have about our software. We wouldn’t change a thing, and I encourage you to find exactly what win-win goodwill you and your company can provide to your constituents to make them not just a customer base but a community.\n  Drive The Conversation\n  It took a leap of faith for us to give away the heart of our products in exchange for a passionate community, but doing so changes your customer's relationship with your brand from priced to priceless. This kind of relationship leverages a social contract instead of a legal one. Taking this approach empowers your users in ways they will not experience with other companies and it is your responsibility to lead, rather than control them with a project like FreeNAS\n  Relieve Customer Pain Points With Every New Release\n  Responsiveness to the needs of your constituents is what distinguishes project leadership from project dictatorship. Be sure to balance your vision for your products and projects with the “real world” needs of your users. While our competition can use the software we develop, they will at best wow users with specific features rather than project-wide ones. Never underestimate how grateful a user will be when you make their job easier.\n  Accept That A Patent Is Not A Business Model\n  Patents are considered the ultimate control mechanism in the technology industry, but they only provide a business model if you have a monopoly and monopolies are illegal. Resist getting hung up on the control you can establish over your customers and spend your time acquiring and empowering them. The moment you both realize that your success is mutual, you have a relationship that will last longer than any single sale. You’ll be pleasantly surprised how the relationships you build will transcend the specific companies that friends you make work for.\n  Distinguish Leadership From Management\n  Every company has various levels of management, but leadership is the magic that creates markets where they did not exist and aligns paying customers with value that you can deliver in a profitable manner. Leadership and vision are ultimately the most proprietary aspects of a technology business, over every patentable piece of hardware or licensable piece of software. Whether you create a new market or bring efficiency to an existing one, your leadership is your secret weapon -- not your level of control.\n  \n  \n\n\nNews Roundup\n\n\n\nIntroduction to Jails and Jail Networking on FreeBSD\n\n\n\n\n  Jails basically partition a FreeBSD system into various isolated sub-systems called jails. The syscall and userspace tools first appeared in FreeBSD 4.0 (~ March 2000) with subsequent releases expanding functionality and improving existing features as well as usability.\n  + For Linux users, jails are similar to LXC, used for resource/process isolation. Unlike LXC however, jails are a first-class concept and are well integrated into the base system. Essentially however, both offer a chroot-with-extra-separation feeling.\n  Setting up a jail is a fairly simple process, which can essentially be split into three steps:\n    + Place the stuff you want to run and the stuff it needs to run somewhere on your filesystem.\n    + Add some basic configuration for the jail in jail.conf.\n    + Fire up the jail.\n  To confirm that the jail started successfully we can use the jls utility:\n  We can now enter the jailed environment by using jexec, which will by default execute a root shell inside the named jail\n  A jail can only see and use addresses that have been passed down to it by the parent system. This creates a slight problem with the loopback address: The host would probably like to keep that address to itself and not share it with any jail.\n  Because of this, the loopback-address inside a jail is emulated by the system:\n    + 127.0.0.1 is an alias for the first IPv4-address assigned to the jail.\n    + ::1 is an alias for the first IPv6-address assigned to the jail.\n  While this looks simple enough and usually works just fine[tm], it is also a source of many problems. Just imagine if your jail has only one single global IPv4 assigned to it. A daemon binding its (possibly unsecured) control port to the loopback-address would then unwillingly be exposed to the rest of the internet, which is hardly ever a good idea.\n  + So, create an extra loopback adapter, and make the first IP in each jail a private loopback address\n  + The tutorial goes on to cover making multiple jails share a single public IP address using NAT\n  + It also covers more advanced concepts like ‘thin’ jails, to save some disk space if you are going to create a large number of jails, and how to upgrade them after the fact\n  + Finally, it covers the integration with a lot of common tools, like identifying and filter jailed processes using top and ps, or using the package managers support for jails to install packages in a jail from the outside.\n\n\n\n\n\n\n**DigitalOcean**\n\n\n\nSmartOS release-20180315\n\n```\n\nHello All,\n\nThe latest bi-weekly \"release\" branch build of SmartOS is up:\n\n\ncurl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.iso\ncurl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest-USB.img.bz2\ncurl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.vmwarevm.tar.bz2\n\n\nA generated changelog is here:\n\nhttps://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#20180329T002644Z\n\n\nThe full build bits directory, for those interested, is here in Manta:\n\n/Joyent_Dev/public/SmartOS/20180329T002644Z\n\n\nHighlights\n\nFirewall rules created with fwadm(1M) can now use the PRIORITY keyword to\nspecify a higher precedence for a rule.\n\nThis release has includes mitigation of the Intel Meltdown vulnerability in the\nform of kpti (kernel page table isolation) with PCID (process context\nidentifier) support\n\nThis release also includes experimental support for bhyve branded zones.\n\n\n\n\nGeneral Info\n\nEvery second Thursday we roll a \"release-YYYYMMDD\" release branch and\nbuilds for SmartOS (and Triton DataCenter and Manta, as well).\n\nCheers,\nJosh Wilsdon, on behalf of the SmartOS developers\nhttps://smartos.org\n``` \n\n\nHere's a screencap from q5sys' machine showing the output of sysinfo: https://i.imgur.com/MFkNi76.jpg\n\n\n\n\nFreeBSD Foundation March 2018 Update\n\n\n\u0026gt; Syzkaller update: Syzkaller is a coverage-guided system call fuzzer. It invokes syscalls with arbitrary and changing inputs, and is intended to use code coverage data to guide changes to system call inputs in order to access larger and larger portions of the kernel in the search for bugs.\n\u0026gt; Last term’s student focused largely on scripts to deploy and configure Syzkaller on Packet.net’s hosting infrastructure, but did not get to the code coverage integration required for Syzkaller to be effective. This term co-op student Mitchell Horne has been adding code coverage support in FreeBSD for Syzkaller.\n\u0026gt; The Linux code coverage support for Syzkaller is known as kcov and was submitted by Dmitry Vyukov, Syzkaller’s author. Kcov is purposebuilt for Syzkaller:\n\u0026gt; kcov provides code coverage collection for coverage-guided fuzzing (randomized testing). Coverage-guided fuzzing is a testing technique that uses coverage feedback to determine new interesting inputs to a system.\n\u0026gt; kcov does not aim to collect as much coverage as possible. It aims to collect more or less stable coverage that is function of syscall inputs. To achieve this goal it does not collect coverage in soft/hard interrupts and instrumentation of some inherently non-deterministic or non-interesting parts of kernel is disabled (e.g. scheduler, locking).\n\u0026gt; Mitchell implemented equivalent functionality for FreeBSD - a distinct implementation, but modelled on the one in Linux. These patches are currently in review, as are minor changes to Syzkaller to use the new interface on FreeBSD.\n\u0026gt; We still have some additional work to fully integrate Syzkaller and run it on a consistent basis, but the brief testing that has been completed suggests this work will provide a very valuable improvement in test coverage and opportunities for system hardening: we tested Syzkaller with Mitchell's code coverage patch over a weekend. It provoked kernel crashes hundreds of times faster than without his work.\n\u0026gt; I want to say thank you to NetApp for becoming an Iridium Partner again this\nyear! (Donations between $100,000 - $249,999) It’s companies like NetApp, who recognize the importance of supporting our efforts, that allow us to continue to provide software improvements, advocate for FreeBSD, and help lead the release engineering and security efforts.\n\u0026gt; Conference Recap: FOSSASIA 2018\nFoundation Director Philip Paeps went to FOSSASIA, which is possibly the largest open source event in Asia. The FreeBSD Foundation sponsored the conference.\nOur booth had a constant stream of traffic over the weekend and we handed out hundreds of FreeBSD stickers, pens and flyers. Many attendees of FOSSASIA had never heard of FreeBSD before and are now keen to start exploring and perhaps even contributing. By the end of the conference, there were FreeBSD stickers everywhere!\n\u0026gt; One particular hallway-track conversation led to an invitation to present FreeBSD at a \"Women Who Code\" evening in Kuala Lumpur later this week (Thursday 29th March). I spent the days after the conference meeting companies who use (or want to use) FreeBSD in Singapore.\n\u0026gt; SCaLE 16x: The Foundation sponsored a FreeBSD table in the expo hall that was\nstaffed by Dru Lavigne, Warren Block, and Deb Goodkin. Our purpose was to promote FreeBSD, and attract more users and contributors to the Project. We had a steady flow of people stopping by our table, asking inquisitive questions, and picking up some cool swag and FreeBSD handouts.\nDeb Goodkin took some tutorials/trainings there and talked to a lot of other open source projects.\n\n  Next year, we have the opportunity to have a BSD track, similar to the BSD Devroom at FOSDEM. We are looking for some volunteers in Southern California who can help organize this one or two-day event and help us educate more people about the BSDs. Let us know if you\n  would like to help with this effort.\n\n\n  Roll Call: #WhoUsesFreeBSD\n\n\n  Many of you probably saw our post on social media asking Who Uses FreeBSD. Please help us answer this question to assist us in determining FreeBSD market share data, promote how companies are successfully using FreeBSD to encourage more companies to embrace\n  FreeBSD, and to update the list of users on our website. Knowing who uses FreeBSD helps our contributors know where to look for jobs; knowing what universities teach with FreeBSD, helps companies know where to recruit, and knowing what products use FreeBSD helps us determine what features and technologies to support.\n\n\n  New Hosting Partner: Oregon State University Open Source Lab\n\n\u0026gt; We are pleased to announce that the Oregon State University (OSU) Open Source Lab (OSL), which hosts infrastructure for over 160 different open source projects, has agreed to host some of our servers for FreeBSD development.  The first server, which should be arriving shortly, is an HP Enterprise Proliant DL360 Gen10 configured with NVDIMM memory which will be initially used for further development and testing of permanent memory support in the kernel.\nStay tuned for more news from the FreeBSD Foundation in May (next newsletter).\n\n\n\n\nBeastie Bits\n\n\ncURL is 20 today\nA Note on SYSVIPC and Jails on FreeBSD\nOpenBSD Errata: March 20th, 2018 (ipsec)\nFreeBSD Security Advisories for IPSEC and vt \n23 Useful PKG Command Examples to Manage Packages in FreeBSD\n\n\n\n\nTarsnap\n\nFeedback/Questions\n\n\nCasey - Cool Editor\nNelson - New article on FreeBSD vs MacOS\nDamian - Mysterious Reverse Proxy 504\nNelson - FreeBSD, rsync, nasty bug, now fixed\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eTrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://trueos.org/blog/trueos-stable-18-03-release/\"\u003eTrueOS STABLE 18.03 Release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe TrueOS team is pleased to announce the availability of a new STABLE release of the TrueOS project (version 18.03). This is a special release due to the security issues impacting the computing world since the beginning of 2018. In particular, mitigating the “Meltdown” and “Spectre” system exploits make it necessary to update the entire package ecosystem for TrueOS. This release does not replace the scheduled June STABLE update, but provides the necessary and expected security updates for the STABLE release branch of TrueOS, even though this is part-way through our normal release cycle.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eImportant changes between version 17.12 and 18.03\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003e“Meltdown” security fixes: This release contains all the fixes to FreeBSD which mitigate the security issues for systems that utilize Intel-based processors when running virtual machines such as FreeBSD jails. Please note that virtual machines or jails must also be updated to a version of FreeBSD or TrueOS which contains these security fixes.\u003c/li\u003e\n\u003cli\u003e“Spectre” security mitigations: This release contains all current mitigations from FreeBSD HEAD for the Spectre memory-isolation attacks (Variant 2). All 3rd-party packages for this release are also compiled with LLVM/Clang 6 (the “retpoline” mitigation strategy). This fixes many memory allocation issues and enforces stricter requirements for code completeness and memory usage within applications. Unfortunately, some 3rd-party applications became unavailable as pre-compiled packages due to non-compliance with these updated standards. These applications are currently being fixed either by the upstream authors or the FreeBSD port maintainers. If there are any concerns about the availability of a critical application for a specific workflow, please search through the changelog of packages between TrueOS 17.12 and 18.03 to verify the status of the application.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eMost systems will need microcode updates for additional Spectre mitigations. The microcode updates are not enabled by default. This work is considered experimental because it is in active development by the upstream vendors. If desired, the microcode updates are available with the new devcpu-data package, which is available in the Appcafe. Install this package and enable the new microcode_update service to apply the latest runtime code when booting the system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eImportant security-based package updates\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eLibreSSL is updated from version 2.6.3 -\u003e 2.6.4\u003c/li\u003e\n\u003cli\u003eReminder: LibreSSL is used on TrueOS to build any package which does not explicitly require OpenSSL. All applications that utilize the SSL transport layer are now running with the latest security updates.\u003c/li\u003e\n\u003cli\u003eBrowser updates: (Keep in mind that many browsers have also implemented their own security mitigations in the aftermath of the Spectre exploit.)\u003c/li\u003e\n\u003cli\u003eFirefox: 57.0.1 -\u003e 58.0.2\u003c/li\u003e\n\u003cli\u003eChromium: 61.0.3163.100 -\u003e 63.0.3239.132\u003c/li\u003e\n\u003cli\u003eQt5 Webengine (QupZilla, Falkon, many others): 5.7.1 -\u003e 5.9.4\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAll pre-compiled packages for this release are built with the latest versions of LLVM/Clang, unless the package explicitly requires GCC. These packages also utilize the latest compile-time mitigations for memory-access security concerns.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/F-Stack/f-stack\"\u003eF-Stack\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eF-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API. http://www.f-stack.org\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eIntroduction\nWith the rapid development of NIC, the poor performance of data packets processing with Linux kernel has become the bottleneck. However, the rapid development of the Internet needs high performance of network processing, kernel bypass has caught more and more attentions. There are various similar technologies appear, such as DPDK, NETMAP and PF_RING. The main idea of kernel bypass is that Linux is only used to deal with control flow, all data streams are processed in user space. Therefore, kernel bypass can avoid performance bottlenecks caused by kernel packet copying, thread scheduling, system calls and interrupts. Furthermore, kernel bypass can achieve higher performance with multi optimizing methods. Within various techniques, DPDK has been widely used because of its more thorough isolation from kernel scheduling and active community support.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eF-Stack is an open source network framework with high performance based on DPDK. With following characteristics\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eUltra high network performance which can achieve network card under full load, 10 million concurrent connections, 5 million RPS, 1 million CPS.\u003c/li\u003e\n\u003cli\u003eTransplant FreeBSD 11.01 user space stack, provides a complete stack function, cut a great amount of irrelevant features. Therefore greatly enhance the performance.\u003c/li\u003e\n\u003cli\u003eSupport Nginx, Redis and other mature applications, service can easily use F-Stack\u003c/li\u003e\n\u003cli\u003eWith Multi-process architecture, easy to extend\u003c/li\u003e\n\u003cli\u003eProvide micro thread interface. Various applications with stateful app can easily use F-Stack to get high performance without processing complex asynchronous logic.\u003c/li\u003e\n\u003cli\u003eProvide Epoll/Kqueue interface that allow many kinds of applications easily use F-Stack\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHistory\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIn order to deal with the increasingly severe DDoS attacks, authorized DNS server of Tencent Cloud DNSPod switched from Gigabit Ethernet to 10-Gigabit at the end of 2012. We faced several options, one is to continue to use the original model another is to use kernel bypass technology. After several rounds of investigation, we finally chose to develop our next generation of DNS server based on DPDK. The reason is DPDK provides ultra-high performance and can be seamlessly extended to 40G, or even 100G NIC in the future.\u003c/p\u003e\n  \n  \u003cp\u003eAfter several months of development and testing, DKDNS, high-performance DNS server based on DPDK officially released in October 2013. It's capable of achieving up to 11 million QPS with a single 10GE port and 18.2 million QPS with two 10GE ports. And then we developed a user-space TCP/IP stack called F-Stack that can process 0.6 million RPS with a single 10GE port.\u003c/p\u003e\n  \n  \u003cp\u003eWith the fast growth of Tencent Cloud, more and more services need higher network access performance. Meanwhile, F-Stack was continuous improving driven by the business growth, and ultimately developed into a general network access framework. But this TCP/IP stack couldn't meet the needs of these services while continue to develop and maintain a complete network stack will cost high, we've tried several plans and finally determined to port FreeBSD(11.0 stable) TCP/IP stack into F-Stack. Thus, we can reduce the cost of maintenance and follow up the improvement from community quickly.Thanks to libplebnet and libuinet, this work becomes a lot easier.\u003c/p\u003e\n  \n  \u003cp\u003eWith the rapid development of all kinds of application, in order to help different APPs quick and easily use F-Stack, F-Stack has integrated Nginx, Redis and other commonly used APPs, and a micro thread framework, and provides a standard Epoll/Kqueue interface.\u003c/p\u003e\n  \n  \u003cp\u003eCurrently, besides authorized DNS server of DNSPod, there are various products in Tencent Cloud has used the F-Stack, such as HttpDNS (D+), COS access module, CDN access module, etc..\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.forbes.com/sites/forbestechcouncil/2018/04/02/leadership-is-the-secret-to-an-open-source-business-model/#a2beca765c78\"\u003eLeadership Is The Secret To An Open Source Business Model\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Forbes article by Mike Lauth, CEO of iXsystems\n\n\n\u003cblockquote\u003e\n  There is a good chance you’ve never heard of open source software and an even greater one that you’re using it every day without even realizing it. Open source software is computer software that is available under a variety of licenses that all encourage the sharing of the software and its underlying source code. Open source has powered the internet from day one and today powers the cloud and just about everything connected to it from your mobile phone to virtually every internet of things device.\n  FreeNAS is one of two open source operating systems that my company, iXsystems, develops and distributes free of charge and is at the heart of our line of TrueNAS enterprise storage products. While some of our competitors sell storage software similar to FreeNAS, we not only give it away but also do so with truly no strings attached -- competitors can and do take FreeNAS and build products based on it with zero obligation to share their changes. The freedom to do so is the fundamental tenet of permissively licensed open source software, and while it sounds self-defeating to be this generous, we’ve proven that leadership, not licensing, is the true secret to a successful open source business model.\n  We each have our own personal definition of what is fair when it comes to open source. At iXsystems, we made a conscious decision to base FreeNAS and TrueOS on the FreeBSD operating system developed by the FreeBSD project. We stand on the shoulders of giants by using FreeBSD and we consider it quite reasonable to give back on the same generous terms that the FreeBSD project offers us. We could be selective in what we provide free of charge, but we believe that doing so would be short-sighted. In the long game we’re playing, the leadership we provide over the open source projects we produce is infinitely more important than any restrictions provided by the licenses of those and other open source projects.\n  Twenty years in, we have no reason to change our free-software-on-great-hardware business model and giving away the software has brought an unexpected side-benefit: the largest Q/A department in the world, staffed by our passionate users who volunteer to let us know every thought they have about our software. We wouldn’t change a thing, and I encourage you to find exactly what win-win goodwill you and your company can provide to your constituents to make them not just a customer base but a community.\u003c/li\u003e\n  \u003cli\u003eDrive The Conversation\n  It took a leap of faith for us to give away the heart of our products in exchange for a passionate community, but doing so changes your customer's relationship with your brand from priced to priceless. This kind of relationship leverages a social contract instead of a legal one. Taking this approach empowers your users in ways they will not experience with other companies and it is your responsibility to lead, rather than control them with a project like FreeNAS\u003c/li\u003e\n  \u003cli\u003eRelieve Customer Pain Points With Every New Release\n  Responsiveness to the needs of your constituents is what distinguishes project leadership from project dictatorship. Be sure to balance your vision for your products and projects with the “real world” needs of your users. While our competition can use the software we develop, they will at best wow users with specific features rather than project-wide ones. Never underestimate how grateful a user will be when you make their job easier.\u003c/li\u003e\n  \u003cli\u003eAccept That A Patent Is Not A Business Model\n  Patents are considered the ultimate control mechanism in the technology industry, but they only provide a business model if you have a monopoly and monopolies are illegal. Resist getting hung up on the control you can establish over your customers and spend your time acquiring and empowering them. The moment you both realize that your success is mutual, you have a relationship that will last longer than any single sale. You’ll be pleasantly surprised how the relationships you build will transcend the specific companies that friends you make work for.\u003c/li\u003e\n  \u003cli\u003eDistinguish Leadership From Management\n  Every company has various levels of management, but leadership is the magic that creates markets where they did not exist and aligns paying customers with value that you can deliver in a profitable manner. Leadership and vision are ultimately the most proprietary aspects of a technology business, over every patentable piece of hardware or licensable piece of software. Whether you create a new market or bring efficiency to an existing one, your leadership is your secret weapon -- not your level of control.\u003c/li\u003e\n  \u003c/ul\u003e\n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://www.skyforge.at/posts/an-introduction-to-jails-and-jail-networking/\"\u003eIntroduction to Jails and Jail Networking on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eJails basically partition a FreeBSD system into various isolated sub-systems called jails. The syscall and userspace tools first appeared in FreeBSD 4.0 (~ March 2000) with subsequent releases expanding functionality and improving existing features as well as usability.\n  + For Linux users, jails are similar to LXC, used for resource/process isolation. Unlike LXC however, jails are a first-class concept and are well integrated into the base system. Essentially however, both offer a chroot-with-extra-separation feeling.\n  Setting up a jail is a fairly simple process, which can essentially be split into three steps:\n    + Place the stuff you want to run and the stuff it needs to run somewhere on your filesystem.\n    + Add some basic configuration for the jail in jail.conf.\n    + Fire up the jail.\n  To confirm that the jail started successfully we can use the jls utility:\n  We can now enter the jailed environment by using jexec, which will by default execute a root shell inside the named jail\n  A jail can only see and use addresses that have been passed down to it by the parent system. This creates a slight problem with the loopback address: The host would probably like to keep that address to itself and not share it with any jail.\n  Because of this, the loopback-address inside a jail is emulated by the system:\n    + 127.0.0.1 is an alias for the first IPv4-address assigned to the jail.\n    + ::1 is an alias for the first IPv6-address assigned to the jail.\n  While this looks simple enough and usually works just fine[tm], it is also a source of many problems. Just imagine if your jail has only one single global IPv4 assigned to it. A daemon binding its (possibly unsecured) control port to the loopback-address would then unwillingly be exposed to the rest of the internet, which is hardly ever a good idea.\n  + So, create an extra loopback adapter, and make the first IP in each jail a private loopback address\n  + The tutorial goes on to cover making multiple jails share a single public IP address using NAT\n  + It also covers more advanced concepts like ‘thin’ jails, to save some disk space if you are going to create a large number of jails, and how to upgrade them after the fact\n  + Finally, it covers the integration with a lot of common tools, like identifying and filter jailed processes using top and ps, or using the package managers support for jails to install packages in a jail from the outside.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\n\n**DigitalOcean**\n\n\n\n\u003ch3\u003eSmartOS release-20180315\u003c/h3\u003e\n\n```\n\nHello All,\n\nThe latest bi-weekly \"release\" branch build of SmartOS is up:\n\n\n\u003cpre\u003e\u003ccode\u003ecurl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.iso\ncurl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest-USB.img.bz2\ncurl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.vmwarevm.tar.bz2\n\u003c/code\u003e\u003c/pre\u003e\n\nA generated changelog is here:\n\n\u003cpre\u003e\u003ccode\u003ehttps://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#20180329T002644Z\n\u003c/code\u003e\u003c/pre\u003e\n\nThe full build bits directory, for those interested, is here in Manta:\n\n\u003cpre\u003e\u003ccode\u003e/Joyent_Dev/public/SmartOS/20180329T002644Z\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\nFirewall rules created with fwadm(1M) can now use the PRIORITY keyword to\nspecify a higher precedence for a rule.\n\nThis release has includes mitigation of the Intel Meltdown vulnerability in the\nform of kpti (kernel page table isolation) with PCID (process context\nidentifier) support\n\nThis release also includes experimental support for bhyve branded zones.\n\n\n\n\n\u003ch1\u003eGeneral Info\u003c/h1\u003e\n\nEvery second Thursday we roll a \"release-YYYYMMDD\" release branch and\nbuilds for SmartOS (and Triton DataCenter and Manta, as well).\n\nCheers,\nJosh Wilsdon, on behalf of the SmartOS developers\nhttps://smartos.org\n``` \n\n\u003cul\u003e\n\u003cli\u003eHere's a screencap from q5sys' machine showing the output of sysinfo: https://i.imgur.com/MFkNi76.jpg\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/wp-content/uploads/2018/03/FreeBSD-Foundation-March-2018-Update-1.pdf\"\u003eFreeBSD Foundation March 2018 Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003e Syzkaller update: Syzkaller is a coverage-guided system call fuzzer. It invokes syscalls with arbitrary and changing inputs, and is intended to use code coverage data to guide changes to system call inputs in order to access larger and larger portions of the kernel in the search for bugs.\u003c/li\u003e\n\u003cli\u003e\u003e Last term’s student focused largely on scripts to deploy and configure Syzkaller on Packet.net’s hosting infrastructure, but did not get to the code coverage integration required for Syzkaller to be effective. This term co-op student Mitchell Horne has been adding code coverage support in FreeBSD for Syzkaller.\u003c/li\u003e\n\u003cli\u003e\u003e The Linux code coverage support for Syzkaller is known as kcov and was submitted by Dmitry Vyukov, Syzkaller’s author. Kcov is purposebuilt for Syzkaller:\n\u003cul\u003e\u003cli\u003e\u003e kcov provides code coverage collection for coverage-guided fuzzing (randomized testing). Coverage-guided fuzzing is a testing technique that uses coverage feedback to determine new interesting inputs to a system.\u003c/li\u003e\n\u003cli\u003e\u003e kcov does not aim to collect as much coverage as possible. It aims to collect more or less stable coverage that is function of syscall inputs. To achieve this goal it does not collect coverage in soft/hard interrupts and instrumentation of some inherently non-deterministic or non-interesting parts of kernel is disabled (e.g. scheduler, locking).\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003e Mitchell implemented equivalent functionality for FreeBSD - a distinct implementation, but modelled on the one in Linux. These patches are currently in review, as are minor changes to Syzkaller to use the new interface on FreeBSD.\u003c/li\u003e\n\u003cli\u003e\u003e We still have some additional work to fully integrate Syzkaller and run it on a consistent basis, but the brief testing that has been completed suggests this work will provide a very valuable improvement in test coverage and opportunities for system hardening: we tested Syzkaller with Mitchell's code coverage patch over a weekend. It provoked kernel crashes hundreds of times faster than without his work.\u003c/li\u003e\n\u003cli\u003e\u003e I want to say thank you to NetApp for becoming an Iridium Partner again this\nyear! (Donations between $100,000 - $249,999) It’s companies like NetApp, who recognize the importance of supporting our efforts, that allow us to continue to provide software improvements, advocate for FreeBSD, and help lead the release engineering and security efforts.\u003c/li\u003e\n\u003cli\u003e\u003e Conference Recap: FOSSASIA 2018\u003c/li\u003e\n\u003cli\u003eFoundation Director Philip Paeps went to FOSSASIA, which is possibly the largest open source event in Asia. The FreeBSD Foundation sponsored the conference.\u003c/li\u003e\n\u003cli\u003eOur booth had a constant stream of traffic over the weekend and we handed out hundreds of FreeBSD stickers, pens and flyers. Many attendees of FOSSASIA had never heard of FreeBSD before and are now keen to start exploring and perhaps even contributing. By the end of the conference, there were FreeBSD stickers everywhere!\u003c/li\u003e\n\u003cli\u003e\u003e One particular hallway-track conversation led to an invitation to present FreeBSD at a \"Women Who Code\" evening in Kuala Lumpur later this week (Thursday 29th March). I spent the days after the conference meeting companies who use (or want to use) FreeBSD in Singapore.\u003c/li\u003e\n\u003cli\u003e\u003e SCaLE 16x: The Foundation sponsored a FreeBSD table in the expo hall that was\nstaffed by Dru Lavigne, Warren Block, and Deb Goodkin. Our purpose was to promote FreeBSD, and attract more users and contributors to the Project. We had a steady flow of people stopping by our table, asking inquisitive questions, and picking up some cool swag and FreeBSD handouts.\u003c/li\u003e\n\u003cli\u003eDeb Goodkin took some tutorials/trainings there and talked to a lot of other open source projects.\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n  \u003cp\u003eNext year, we have the opportunity to have a BSD track, similar to the BSD Devroom at FOSDEM. We are looking for some volunteers in Southern California who can help organize this one or two-day event and help us educate more people about the BSDs. Let us know if you\n  would like to help with this effort.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n  \u003cp\u003eRoll Call: #WhoUsesFreeBSD\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n  \u003cp\u003eMany of you probably saw our post on social media asking Who Uses FreeBSD. Please help us answer this question to assist us in determining FreeBSD market share data, promote how companies are successfully using FreeBSD to encourage more companies to embrace\n  FreeBSD, and to update the list of users on our website. Knowing who uses FreeBSD helps our contributors know where to look for jobs; knowing what universities teach with FreeBSD, helps companies know where to recruit, and knowing what products use FreeBSD helps us determine what features and technologies to support.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n  \u003cp\u003eNew Hosting Partner: Oregon State University Open Source Lab\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003e We are pleased to announce that the Oregon State University (OSU) Open Source Lab (OSL), which hosts infrastructure for over 160 different open source projects, has agreed to host some of our servers for FreeBSD development.  The first server, which should be arriving shortly, is an HP Enterprise Proliant DL360 Gen10 configured with NVDIMM memory which will be initially used for further development and testing of permanent memory support in the kernel.\u003c/li\u003e\n\u003cli\u003eStay tuned for more news from the FreeBSD Foundation in May (next newsletter).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://daniel.haxx.se/blog/2018/03/20/twenty-years-1998-2018/\"\u003ecURL is 20 today\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.skyforge.at/posts/a-note-in-sysvipc-and-jails-on-freebsd/\"\u003eA Note on SYSVIPC and Jails on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026amp;m=152149507725894\u0026amp;w=2\"\u003eOpenBSD Errata: March 20th, 2018 (ipsec)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/security/advisories.html\"\u003eFreeBSD Security Advisories for IPSEC and vt \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.tecmint.com/pkg-command-examples-to-manage-packages-in-freebsd/\"\u003e23 Useful PKG Command Examples to Manage Packages in FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eCasey - \u003ca href=\"http://dpaste.com/2VMH555#wrap\"\u003eCool Editor\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNelson - \u003ca href=\"http://dpaste.com/2NTE4SD#wrap\"\u003eNew article on FreeBSD vs MacOS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDamian - \u003ca href=\"http://dpaste.com/0FYWVHD#wrap\"\u003eMysterious Reverse Proxy 504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNelson - \u003ca href=\"http://dpaste.com/0BTGTVP#wrap\"\u003eFreeBSD, rsync, nasty bug, now fixed\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"TrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata.","date_published":"2018-04-18T14:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/729a44d2-5a5b-4879-8700-d519931d67f0.mp3","mime_type":"audio/mp3","size_in_bytes":60077262,"duration_in_seconds":5000}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1749","title":"Episode 241: Bowling in the LimeLight | BSD Now 241","url":"https://www.bsdnow.tv/241","content_text":"Second round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers.\n\nHeadlines\n\n[Other big ZFS improvements you might have missed]\n\n\n9075 Improve ZFS pool import/load process and corrupted pool recovery\n\n\n\n  One of the first tasks during the pool load process is to parse a config provided from userland that describes what devices the pool is composed of. A vdev tree is generated from that config, and then all the vdevs are opened.\n  The Meta Object Set (MOS) of the pool is accessed, and several metadata objects that are necessary to load the pool are read. The exact configuration of the pool is also stored inside the MOS. Since the configuration provided from userland is external and might not accurately describe the vdev tree of the pool at the txg that is being loaded, it cannot be relied upon to safely operate the pool. For that reason, the configuration in the MOS is read early on. In the past, the two configurations were compared together and if there was a mismatch then the load process was aborted and an error was returned.\n  The latter was a good way to ensure a pool does not get corrupted, however it made the pool load process needlessly fragile in cases where the vdev configuration changed or the userland configuration was outdated. Since the MOS is stored in 3 copies, the configuration provided by userland doesn't have to be perfect in order to read its contents. Hence, a new approach has been adopted: The pool is first opened with the untrusted userland configuration just so that the real configuration can be read from the MOS. The trusted MOS configuration is then used to generate a new vdev tree and the pool is re-opened.\n  When the pool is opened with an untrusted configuration, writes are disabled to avoid accidentally damaging it. During reads, some sanity checks are performed on block pointers to see if each DVA points to a known vdev; when the configuration is untrusted, instead of panicking the system if those checks fail we simply avoid issuing reads to the invalid DVAs.\n  This new two-step pool load process now allows rewinding pools across vdev tree changes such as device replacement, addition, etc. Loading a pool from an external config file in a clustering environment also becomes much safer now since the pool will import even if the config is outdated and didn't, for instance, register a recent device addition.\n  With this code in place, it became relatively easy to implement a long-sought-after feature: the ability to import a pool with missing top level (i.e. non-redundant) devices. Note that since this almost guarantees some loss Of data, this feature is for now restricted to a read-only import.\n  \n  \n  7614 zfs device evacuation/removal\n  This project allows top-level vdevs to be removed from the storage pool with “zpool remove”, reducing the total amount of storage in the pool. This operation copies all allocated regions of the device to be removed onto other devices, recording the mapping from old to new location. After the removal is complete, read and free operations to the removed (now “indirect”) vdev must be remapped and performed at the new location on disk. The indirect mapping table is kept in memory whenever the pool is loaded, so there is minimal performance overhead when doing operations on the indirect vdev.\n  The size of the in-memory mapping table will be reduced when its entries become “obsolete” because they are no longer used by any block pointers in the pool. An entry becomes obsolete when all the blocks that use it are freed. An entry can also become obsolete when all the snapshots that reference it are deleted, and the block pointers that reference it have been “remapped” in all filesystems/zvols (and clones). Whenever an indirect block is written, all the block pointers in it will be “remapped” to their new (concrete) locations if possible. This process can be accelerated by using the “zfs remap” command to proactively rewrite all indirect blocks that reference indirect (removed) vdevs.\n  Note that when a device is removed, we do not verify the checksum of the data that is copied. This makes the process much faster, but if it were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be possible to copy the wrong data, when we have the correct data on e.g. the other side of the mirror. Therefore, mirror and raidz devices can not be removed.\n  You can use ‘zpool detach’ to downgrade a mirror to a single top-level device, so that you can then remove it\n  \n  7446 zpool create should support efi system partition\n  This one was not actually merged into FreeBSD, as it doesn’t apply currently, but I would like to switch the way FreeBSD deals with full disks to be closer to IllumOS to make automatic spare replacement a hands-off operation.\n  Since we support whole-disk configuration for boot pool, we also will need whole disk support with UEFI boot and for this, zpool create should create efi-system partition. I have borrowed the idea from oracle solaris, and introducing zpool create -B switch to provide an way to specify that boot partition should be created. However, there is still an question, how big should the system partition be. For time being, I have set default size 256MB (thats minimum size for FAT32 with 4k blocks). To support custom size, the set on creation \"bootsize\" property is created and so the custom size can be set as: zpool create -B -o bootsize=34MB rpool c0t0d0. After the pool is created, the \"bootsize\" property is read only. When -B switch is not used, the bootsize defaults to 0 and is shown in zpool get output with no value. Older zfs/zpool implementations can ignore this property.\n  \n  \n  \n\n\n**Digital Ocean**\n\n\n\nPostgreSQL developers find that every operating system other than FreeBSD and IllumOS might corrupt your data\n\n\n\n\n  Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error.\n  TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means \"all writes since the last fsync have hit disk\" but we assume it means \"all writes since the last SUCCESSFUL fsync have hit disk\".\n  Pg wrote some blocks, which went to OS dirty buffers for writeback. Writeback failed due to an underlying storage error. The block I/O layer and XFS marked the writeback page as failed (ASEIO), but had no way to tell the app about the failure. When Pg called fsync() on the FD during the next checkpoint, fsync() returned EIO because of the flagged page, to tell Pg that a previous async write failed. Pg treated the checkpoint as failed and didn't advance the redo start position in the control file.\n  + All good so far.\n  But then we retried the checkpoint, which retried the fsync(). The retry succeeded, because the prior fsync() *cleared the ASEIO bad page flag*.\n  The write never made it to disk, but we completed the checkpoint, and merrily carried on our way. Whoops, data loss.\n  The clear-error-and-continue behaviour of fsync is not documented as far as I can tell. Nor is fsync() returning EIO unless you have a very new linux man-pages with the patch I wrote to add it. But from what I can see in the POSIX standard we are not given any guarantees about what happens on fsync() failure at all, so we're probably wrong to assume that retrying fsync() is safe.\n  We already PANIC on fsync() failure for WAL segments. We just need to do the same for data forks at least for EIO. This isn't as bad as it seems because AFAICS fsync only returns EIO in cases where we should be stopping the world anyway, and many FSes will do that for us.\n  + Upon further looking, it turns out it is not just Linux brain damage:\n  Apparently I was too optimistic.  I had looked only at FreeBSD, which keeps the page around and dirties it so we can retry, but the other BSDs apparently don't (FreeBSD changed that in 1999).\n  From what I can tell from the sources below, we have: Linux, OpenBSD, NetBSD: retrying fsync() after EIO lies\n  FreeBSD, Illumos: retrying fsync() after EIO tells the truth\n  + NetBSD PR to solve the issues \n    + I/O errors are not reported back to fsync at all.\n    + Write errors during genfs_putpages that fail for any reason other than ENOMEM cause the data to be semi-silently discarded.\n    + It appears that UVM pages are marked clean when they're selected to be written out, not after the write succeeds; so there are a bunch of potential races when writes fail.\n    + It appears that write errors for buffercache buffers are semi-silently discarded as well.\n\n\n\n\n\n\n\n\nInterview - Kevin Bowling: Senior Manager Engineering of LimeLight Networks - kbowling@llnw.com / @kevinbowling1\n\n\nBR: How did you first get introduced to UNIX and BSD?\nAJ: What got you started contributing to an open source project?\nBR: What sorts of things have you worked on it the past?\nAJ: Tell us a bit about LimeLight and how they use FreeBSD.\nBR: What are the biggest advantages of FreeBSD for LimeLight?\nAJ: What could FreeBSD do better that would benefit LimeLight?\nBR: What has LimeLight given back to FreeBSD?\nAJ: What have you been working on more recently?\nBR: What do you find to be the most valuable part of open source?\nAJ: Where do you think the most improvement in open source is needed?\nBR: Tell us a bit about your computing history collection. What are your three favourite pieces?\nAJ: How do you keep motivated to work on Open Source?\nBR: What do you do for fun?\nAJ: Anything else you want to mention?\n\n\n\n\nNews Roundup\n\nBSDCan 2018 Selected Talks\n\n\nThe schedule for BSDCan is up\nLots of interesting content, we are looking forward to it\nWe hope to see lots of you there. Make sure you come introduce yourselves to us. Don’t be shy.\nRemember, if this is your first BSDCan, checkout the newbie session on Thursday night. It’ll help you get to know a few people so you have someone you can ask for guidance.\nAlso, check out the hallway track, the tables, and come to the hacker lounge.\n\n\n\n\niXsystems\n\nCryptographic Right Answers\n\n\nCrypto can be confusing. We all know we shouldn’t roll our own, but what should we use?\nWell, some developers have tried to answer that question over the years, keeping an updated list of “Right Answers”\n2009: Colin Percival of FreeBSD\n2015: Thomas H. Ptacek\n2018: Latacora A consultancy that provides “Retained security teams for startups”, where Thomas Ptacek works.\n\n\n\n  We’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right.\n  \n  There are, in the literature and in the most sophisticated modern systems, “better” answers for many of these items. If you’re building for low-footprint embedded systems, you can use STROBE and a sound, modern, authenticated encryption stack entirely out of a single SHA-3-like sponge constructions. You can use NOISE to build a secure transport protocol with its own AKE. Speaking of AKEs, there are, like, 30 different password AKEs you could choose from.\n  \n  But if you’re a developer and not a cryptography engineer, you shouldn’t do any of that. You should keep things simple and conventional and easy to analyze; “boring”, as the Google TLS people would say.\n\n\n\nCryptographic Right Answers\nEncrypting Data\n\n\n\n  Percival, 2009: AES-CTR with HMAC.\n  Ptacek, 2015: (1) NaCl/libsodium’s default, (2) ChaCha20-Poly1305, or (3) AES-GCM.\n  Latacora, 2018: KMS or XSalsa20+Poly1305\n\n\n\nSymmetric key length\n\n\n\n  Percival, 2009: Use 256-bit keys.\n  Ptacek, 2015: Use 256-bit keys.\n  Latacora, 2018: Go ahead and use 256 bit keys.\n\n\n\nSymmetric “Signatures”\n\n\n\n  Percival, 2009: Use HMAC.\n  Ptacek, 2015: Yep, use HMAC.\n  Latacora, 2018: Still HMAC.\n\n\n\nHashing algorithm\n\n\n\n  Percival, 2009: Use SHA256 (SHA-2).\n  Ptacek, 2015: Use SHA-2.\n  Latacora, 2018: Still SHA-2.\n\n\n\nRandom IDs\n\n\n\n  Percival, 2009: Use 256-bit random numbers.\n  Ptacek, 2015: Use 256-bit random numbers.\n  Latacora, 2018: Use 256-bit random numbers.\n\n\n\nPassword handling\n\n\n\n  Percival, 2009: scrypt or PBKDF2.\n  Ptacek, 2015: In order of preference, use scrypt, bcrypt, and then if nothing else is available PBKDF2.\n  Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2.\n\n\n\nAsymmetric encryption\n\n\n\n  Percival, 2009: Use RSAES-OAEP with SHA256 and MGF1+SHA256 bzzrt pop ffssssssst exponent 65537.\n  Ptacek, 2015: Use NaCl/libsodium (box / cryptobox).\n  Latacora, 2018: Use Nacl/libsodium (box / cryptobox).\n\n\n\nAsymmetric signatures\n\n\n\n  Percival, 2009: Use RSASSA-PSS with SHA256 then MGF1+SHA256 in tricolor systemic silicate orientation.\n  Ptacek, 2015: Use Nacl, Ed25519, or RFC6979.\n  Latacora, 2018: Use Nacl or Ed25519.\n\n\n\nDiffie-Hellman\n\n\n\n  Percival, 2009: Operate over the 2048-bit Group #14 with a generator of 2.\n  Ptacek, 2015: Probably still DH-2048, or Nacl.\n  Latacora, 2018: Probably nothing. Or use Curve25519.\n\n\n\nWebsite security\n\n\n\n  Percival, 2009: Use OpenSSL.\n  Ptacek, 2015: Remains: OpenSSL, or BoringSSL if you can. Or just use AWS ELBs\n  Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt\n\n\n\nClient-server application security\n\n\n\n  Percival, 2009: Distribute the server’s public RSA key with the client code, and do not use SSL.\n  Ptacek, 2015: Use OpenSSL, or BoringSSL if you can. Or just use AWS ELBs\n  Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt\n\n\n\nOnline backups\n\n\n\n  Percival, 2009: Use Tarsnap.\n  Ptacek, 2015: Use Tarsnap.\n  Latacora, 2018: Store PMAC-SIV-encrypted arc files to S3 and save fingerprints of your backups to an ERC20-compatible blockchain. Just kidding. You should still use Tarsnap.\n\n\n\nSeriously though, use Tarsnap.\n\n\n\n\nAdding IPv6 to an existing server\n\n\n  I am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6.\n  \n  In this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own addresses.\n  \n  The IPv6 block I have been assigned is 2001:DB8:1001:8d00/64.\n  \n  I added this to /etc/rc.conf:\n\n\n\nipv6_activate_all_interfaces=\"YES\"\nipv6_defaultrouter=\"2001:DB8:1001:8d00::1\"\nifconfig_em1_ipv6=\"inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv\" # ns1\n\n\n\n  The IPv6 address I have assigned to this host is completely random (with the given block). I found a random IPv6 address generator and used it to select d389:119c:9b57:396b as the address for this service within my address block.\n  \n  I don’t have the reference, but I did read that randomly selecting addresses within your block is a better approach.\n  \n  In order to invoke these changes without rebooting, I issued these commands:\n\n\n```\n[dan@tallboy:~] $ sudo ifconfig em1 inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv\n[dan@tallboy:~] $ \n\n[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1\nadd net default: gateway 2001:DB8:1001:8d00::1\n```\n\n\n  If you do the route add first, you will get this error:\n\n\n\n[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1\nroute: writing to routing socket: Network is unreachable\nadd net default: gateway 2001:DB8:1001:8d00::1 fib 0: Network is unreachable\n\n\n\n\nBeastie Bits\n\n\nGhost in the Shell – Part 1\nEnabling compression on ZFS - a practical example\nModern and secure DevOps on FreeBSD (Goran Mekić)\nLibreSSL 2.7.0 Released\nzrepl version 0.0.3 is out!\n[ZFS User Conference](http://zfs.datto.com/]\n\n\n\n\nTarsnap\n\nFeedback/Questions\n\n\nBenjamin - BSD Personal Mailserver\nWarren - ZFS volume size limit (show #233)\nLars - AFRINIC\nBrad - OpenZFS vs OracleZFS\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n","content_html":"\u003cp\u003eSecond round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e[Other big ZFS improvements you might have missed]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=329798\"\u003e9075 Improve ZFS pool import/load process and corrupted pool recovery\u003c/a\u003e\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eOne of the first tasks during the pool load process is to parse a config provided from userland that describes what devices the pool is composed of. A vdev tree is generated from that config, and then all the vdevs are opened.\n  The Meta Object Set (MOS) of the pool is accessed, and several metadata objects that are necessary to load the pool are read. The exact configuration of the pool is also stored inside the MOS. Since the configuration provided from userland is external and might not accurately describe the vdev tree of the pool at the txg that is being loaded, it cannot be relied upon to safely operate the pool. For that reason, the configuration in the MOS is read early on. In the past, the two configurations were compared together and if there was a mismatch then the load process was aborted and an error was returned.\n  The latter was a good way to ensure a pool does not get corrupted, however it made the pool load process needlessly fragile in cases where the vdev configuration changed or the userland configuration was outdated. Since the MOS is stored in 3 copies, the configuration provided by userland doesn't have to be perfect in order to read its contents. Hence, a new approach has been adopted: The pool is first opened with the untrusted userland configuration just so that the real configuration can be read from the MOS. The trusted MOS configuration is then used to generate a new vdev tree and the pool is re-opened.\n  When the pool is opened with an untrusted configuration, writes are disabled to avoid accidentally damaging it. During reads, some sanity checks are performed on block pointers to see if each DVA points to a known vdev; when the configuration is untrusted, instead of panicking the system if those checks fail we simply avoid issuing reads to the invalid DVAs.\n  This new two-step pool load process now allows rewinding pools across vdev tree changes such as device replacement, addition, etc. Loading a pool from an external config file in a clustering environment also becomes much safer now since the pool will import even if the config is outdated and didn't, for instance, register a recent device addition.\n  With this code in place, it became relatively easy to implement a long-sought-after feature: the ability to import a pool with missing top level (i.e. non-redundant) devices. Note that since this almost guarantees some loss Of data, this feature is for now restricted to a read-only import.\u003c/li\u003e\n  \u003cli\u003e\u003c/p\u003e\n  \n  \u003cul\u003e\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=329732\"\u003e7614 zfs device evacuation/removal\u003c/a\u003e\n  This project allows top-level vdevs to be removed from the storage pool with “zpool remove”, reducing the total amount of storage in the pool. This operation copies all allocated regions of the device to be removed onto other devices, recording the mapping from old to new location. After the removal is complete, read and free operations to the removed (now “indirect”) vdev must be remapped and performed at the new location on disk. The indirect mapping table is kept in memory whenever the pool is loaded, so there is minimal performance overhead when doing operations on the indirect vdev.\n  The size of the in-memory mapping table will be reduced when its entries become “obsolete” because they are no longer used by any block pointers in the pool. An entry becomes obsolete when all the blocks that use it are freed. An entry can also become obsolete when all the snapshots that reference it are deleted, and the block pointers that reference it have been “remapped” in all filesystems/zvols (and clones). Whenever an indirect block is written, all the block pointers in it will be “remapped” to their new (concrete) locations if possible. This process can be accelerated by using the “zfs remap” command to proactively rewrite all indirect blocks that reference indirect (removed) vdevs.\n  Note that when a device is removed, we do not verify the checksum of the data that is copied. This makes the process much faster, but if it were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be possible to copy the wrong data, when we have the correct data on e.g. the other side of the mirror. Therefore, mirror and raidz devices can not be removed.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n  \u003cli\u003eYou can use ‘zpool detach’ to downgrade a mirror to a single top-level device, so that you can then remove it\u003c/li\u003e\n  \u003cli\u003e\n  \u003cul\u003e\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=329681\"\u003e7446 zpool create should support efi system partition\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n  \u003cli\u003eThis one was not actually merged into FreeBSD, as it doesn’t apply currently, but I would like to switch the way FreeBSD deals with full disks to be closer to IllumOS to make automatic spare replacement a hands-off operation.\n  Since we support whole-disk configuration for boot pool, we also will need whole disk support with UEFI boot and for this, zpool create should create efi-system partition. I have borrowed the idea from oracle solaris, and introducing zpool create -B switch to provide an way to specify that boot partition should be created. However, there is still an question, how big should the system partition be. For time being, I have set default size 256MB (thats minimum size for FAT32 with 4k blocks). To support custom size, the set on creation \"bootsize\" property is created and so the custom size can be set as: zpool create -B -o bootsize=34MB rpool c0t0d0. After the pool is created, the \"bootsize\" property is read only. When -B switch is not used, the bootsize defaults to 0 and is shown in zpool get output with no value. Older zfs/zpool implementations can ignore this property.\u003c/li\u003e\n  \u003c/ul\u003e\n  \n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n**Digital Ocean**\n\n\n\n\u003ch3\u003e\u003ca href=\"https://www.postgresql.org/message-id/flat/CAEepm%3D0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp%3D3BxGbZPqEyQg%40mail.gmail.com#CAEepm=0B9f0O7jLE3ipUTqC3V6NO2LNbwE9Hp=3BxGbZPqEyQg@mail.gmail.com\"\u003ePostgreSQL developers find that every operating system other than FreeBSD and IllumOS might corrupt your data\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eSome time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error.\n  TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means \"all writes since the last fsync have hit disk\" but we assume it means \"all writes since the last SUCCESSFUL fsync have hit disk\".\n  Pg wrote some blocks, which went to OS dirty buffers for writeback. Writeback failed due to an underlying storage error. The block I/O layer and XFS marked the writeback page as failed (AS\u003cem\u003eEIO), but had no way to tell the app about the failure. When Pg called fsync() on the FD during the next checkpoint, fsync() returned EIO because of the flagged page, to tell Pg that a previous async write failed. Pg treated the checkpoint as failed and didn't advance the redo start position in the control file.\n  + All good so far.\n  But then we retried the checkpoint, which retried the fsync(). The retry succeeded, because the prior fsync() *cleared the AS\u003c/em\u003eEIO bad page flag*.\n  The write never made it to disk, but we completed the checkpoint, and merrily carried on our way. Whoops, data loss.\n  The clear-error-and-continue behaviour of fsync is not documented as far as I can tell. Nor is fsync() returning EIO unless you have a very new linux man-pages with the patch I wrote to add it. But from what I can see in the POSIX standard we are not given any guarantees about what happens on fsync() failure at all, so we're probably wrong to assume that retrying fsync() is safe.\n  We already PANIC on fsync() failure for WAL segments. We just need to do the same for data forks at least for EIO. This isn't as bad as it seems because AFAICS fsync only returns EIO in cases where we should be stopping the world anyway, and many FSes will do that for us.\n  + Upon further looking, it turns out it is not just Linux brain damage:\n  Apparently I was too optimistic.  I had looked only at FreeBSD, which keeps the page around and dirties it so we can retry, but the other BSDs apparently don't (\u003ca href=\"https://github.com/freebsd/freebsd/commit/e4e8fec98ae986357cdc208b04557dba55a59266\"\u003eFreeBSD changed that in 1999\u003c/a\u003e).\n  From what I can tell from the sources below, we have: Linux, OpenBSD, NetBSD: retrying fsync() after EIO lies\n  FreeBSD, Illumos: retrying fsync() after EIO tells the truth\n  + \u003ca href=\"http://gnats.netbsd.org/53152\"\u003eNetBSD PR to solve the issues \u003c/a\u003e\n    + I/O errors are not reported back to fsync at all.\n    + Write errors during genfs_putpages that fail for any reason other than ENOMEM cause the data to be semi-silently discarded.\n    + It appears that UVM pages are marked clean when they're selected to be written out, not after the write succeeds; so there are a bunch of potential races when writes fail.\n    + It appears that write errors for buffercache buffers are semi-silently discarded as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\n\n\n\n\u003ch2\u003eInterview - Kevin Bowling: Senior Manager Engineering of LimeLight Networks - \u003ca href=\"mailto:kbowling@llnw.com\"\u003ekbowling@llnw.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/kevinbowling1\"\u003e@kevinbowling1\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBR: How did you first get introduced to UNIX and BSD?\u003c/li\u003e\n\u003cli\u003eAJ: What got you started contributing to an open source project?\u003c/li\u003e\n\u003cli\u003eBR: What sorts of things have you worked on it the past?\u003c/li\u003e\n\u003cli\u003eAJ: Tell us a bit about LimeLight and how they use FreeBSD.\u003c/li\u003e\n\u003cli\u003eBR: What are the biggest advantages of FreeBSD for LimeLight?\u003c/li\u003e\n\u003cli\u003eAJ: What could FreeBSD do better that would benefit LimeLight?\u003c/li\u003e\n\u003cli\u003eBR: What has LimeLight given back to FreeBSD?\u003c/li\u003e\n\u003cli\u003eAJ: What have you been working on more recently?\u003c/li\u003e\n\u003cli\u003eBR: What do you find to be the most valuable part of open source?\u003c/li\u003e\n\u003cli\u003eAJ: Where do you think the most improvement in open source is needed?\u003c/li\u003e\n\u003cli\u003eBR: Tell us a bit about your computing history collection. What are your three favourite pieces?\u003c/li\u003e\n\u003cli\u003eAJ: How do you keep motivated to work on Open Source?\u003c/li\u003e\n\u003cli\u003eBR: What do you do for fun?\u003c/li\u003e\n\u003cli\u003eAJ: Anything else you want to mention?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdcan.org/2018/schedule/\"\u003eBSDCan 2018 Selected Talks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe schedule for BSDCan is up\u003c/li\u003e\n\u003cli\u003eLots of interesting content, we are looking forward to it\u003c/li\u003e\n\u003cli\u003eWe hope to see lots of you there. Make sure you come introduce yourselves to us. Don’t be shy.\u003c/li\u003e\n\u003cli\u003eRemember, if this is your first BSDCan, checkout the newbie session on Thursday night. It’ll help you get to know a few people so you have someone you can ask for guidance.\u003c/li\u003e\n\u003cli\u003eAlso, check out the hallway track, the tables, and come to the hacker lounge.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://latacora.singles/2018/04/03/cryptographic-right-answers.html\"\u003eCryptographic Right Answers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCrypto can be confusing. We all know we shouldn’t roll our own, but what should we use?\u003c/li\u003e\n\u003cli\u003eWell, some developers have tried to answer that question over the years, keeping an updated list of “Right Answers”\u003c/li\u003e\n\u003cli\u003e2009: \u003ca href=\"https://twitter.com/cperciva\"\u003eColin Percival\u003c/a\u003e of FreeBSD\u003c/li\u003e\n\u003cli\u003e2015: \u003ca href=\"https://twitter.com/tqbf\"\u003eThomas H. Ptacek\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2018: \u003ca href=\"https://twitter.com/latacora_team\"\u003eLatacora\u003c/a\u003e A consultancy that provides “Retained security teams for startups”, where Thomas Ptacek works.\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right.\u003c/li\u003e\n  \u003c/ul\u003e\n  There are, in the literature and in the most sophisticated modern systems, “better” answers for many of these items. If you’re building for low-footprint embedded systems, you can use STROBE and a sound, modern, authenticated encryption stack entirely out of a single SHA-3-like sponge constructions. You can use NOISE to build a secure transport protocol with its own AKE. Speaking of AKEs, there are, like, 30 different password AKEs you could choose from.\u003c/p\u003e\n  \n  \u003cp\u003eBut if you’re a developer and not a cryptography engineer, you shouldn’t do any of that. You should keep things simple and conventional and easy to analyze; “boring”, as the Google TLS people would say.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eCryptographic Right Answers\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eEncrypting Data\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: AES-CTR with HMAC.\n  Ptacek, 2015: (1) NaCl/libsodium’s default, (2) ChaCha20-Poly1305, or (3) AES-GCM.\n  Latacora, 2018: KMS or XSalsa20+Poly1305\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSymmetric key length\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use 256-bit keys.\n  Ptacek, 2015: Use 256-bit keys.\n  Latacora, 2018: Go ahead and use 256 bit keys.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSymmetric “Signatures”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use HMAC.\n  Ptacek, 2015: Yep, use HMAC.\n  Latacora, 2018: Still HMAC.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHashing algorithm\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use SHA256 (SHA-2).\n  Ptacek, 2015: Use SHA-2.\n  Latacora, 2018: Still SHA-2.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRandom IDs\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use 256-bit random numbers.\n  Ptacek, 2015: Use 256-bit random numbers.\n  Latacora, 2018: Use 256-bit random numbers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePassword handling\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: scrypt or PBKDF2.\n  Ptacek, 2015: In order of preference, use scrypt, bcrypt, and then if nothing else is available PBKDF2.\n  Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAsymmetric encryption\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use RSAES-OAEP with SHA256 and MGF1+SHA256 bzzrt pop ffssssssst exponent 65537.\n  Ptacek, 2015: Use NaCl/libsodium (box / crypto\u003cem\u003ebox).\n  Latacora, 2018: Use Nacl/libsodium (box / crypto\u003c/em\u003ebox).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAsymmetric signatures\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use RSASSA-PSS with SHA256 then MGF1+SHA256 in tricolor systemic silicate orientation.\n  Ptacek, 2015: Use Nacl, Ed25519, or RFC6979.\n  Latacora, 2018: Use Nacl or Ed25519.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDiffie-Hellman\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Operate over the 2048-bit Group #14 with a generator of 2.\n  Ptacek, 2015: Probably still DH-2048, or Nacl.\n  Latacora, 2018: Probably nothing. Or use Curve25519.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWebsite security\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use OpenSSL.\n  Ptacek, 2015: Remains: OpenSSL, or BoringSSL if you can. Or just use AWS ELBs\n  Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eClient-server application security\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Distribute the server’s public RSA key with the client code, and do not use SSL.\n  Ptacek, 2015: Use OpenSSL, or BoringSSL if you can. Or just use AWS ELBs\n  Latacora, 2018: Use AWS ALB/ELB or OpenSSL, with LetsEncrypt\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOnline backups\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003ePercival, 2009: Use Tarsnap.\n  Ptacek, 2015: Use Tarsnap.\n  Latacora, 2018: Store PMAC-SIV-encrypted arc files to S3 and save fingerprints of your backups to an ERC20-compatible blockchain. Just kidding. You should still use Tarsnap.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeriously though, use Tarsnap.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2018/03/19/adding-ipv6-to-an-existing-server/\"\u003eAdding IPv6 to an existing server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6.\u003c/p\u003e\n  \n  \u003cp\u003eIn this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own addresses.\u003c/p\u003e\n  \n  \u003cp\u003eThe IPv6 block I have been assigned is 2001:DB8:1001:8d00/64.\u003c/p\u003e\n  \n  \u003cp\u003eI added this to /etc/rc.conf:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\nipv6_activate_all_interfaces=\"YES\"\nipv6_defaultrouter=\"2001:DB8:1001:8d00::1\"\nifconfig_em1_ipv6=\"inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv\" # ns1\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe IPv6 address I have assigned to this host is completely random (with the given block). I found a random IPv6 address generator and used it to select d389:119c:9b57:396b as the address for this service within my address block.\u003c/p\u003e\n  \n  \u003cp\u003eI don’t have the reference, but I did read that randomly selecting addresses within your block is a better approach.\u003c/p\u003e\n  \n  \u003cp\u003eIn order to invoke these changes without rebooting, I issued these commands:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e```\n[dan@tallboy:~] $ sudo ifconfig em1 inet6 2001:DB8:1001:8d00:d389:119c:9b57:396b prefixlen 64 accept_rtadv\n[dan@tallboy:~] $ \u003c/p\u003e\n\n\u003cp\u003e[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1\nadd net default: gateway 2001:DB8:1001:8d00::1\n```\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIf you do the route add first, you will get this error:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\n[dan@tallboy:~] $ sudo route add -inet6 default 2001:DB8:1001:8d00::1\nroute: writing to routing socket: Network is unreachable\nadd net default: gateway 2001:DB8:1001:8d00::1 fib 0: Network is unreachable\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://vermaden.wordpress.com/2018/03/15/ghost-in-the-shell-part-1/\"\u003eGhost in the Shell – Part 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/dlangille/bcf918b22aaf9b3fd17408b39c97e8ce\"\u003eEnabling compression on ZFS - a practical example\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://0x7e2.bsidesljubljana.si/modern-secure-devops-freebsd-goran-mekic/\"\u003eModern and secure DevOps on FreeBSD (Goran Mekić)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt\"\u003eLibreSSL 2.7.0 Released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://zrepl.github.io/changelog.html\"\u003ezrepl version 0.0.3 is out!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ZFS User Conference](http://zfs.datto.com/]\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBenjamin - \u003ca href=\"http://dpaste.com/1SXE1B9#wrap\"\u003eBSD Personal Mailserver\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarren - \u003ca href=\"http://dpaste.com/0RN0S8X#wrap\"\u003eZFS volume size limit (show #233)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLars - \u003ca href=\"http://dpaste.com/3RAM4Z7#wrap\"\u003eAFRINIC\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/0M7XD71#wrap\"\u003eOpenZFS vs OracleZFS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Second round of ZFS improvements in FreeBSD, Postgres finds that non-FreeBSD/non-Illumos systems are corrupting data, interview with Kevin Bowling, BSDCan list of talks, and cryptographic right answers.","date_published":"2018-04-12T09:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b2801252-e063-4376-b49f-82b61742290d.mp3","mime_type":"audio/mp3","size_in_bytes":87193008,"duration_in_seconds":7260}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1717","title":"Episode 240: TCP Blackbox Recording | BSD Now 240","url":"https://www.bsdnow.tv/240","content_text":"New ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking.\n\nHeadlines\n\n[A number of Upstream ZFS features landed in FreeBSD this week]\n\n\n9188 increase size of dbuf cache to reduce indirect block decompression\n\n\n  With compressed ARC (6950) we use up to 25% of our CPU to decompress indirect blocks, under a workload of random cached reads. To reduce this decompression cost, we would like to increase the size of the dbuf cache so that more indirect blocks can be stored uncompressed.\n  If we are caching entire large files of recordsize=8K, the indirect blocks use 1/64th as much memory as the data blocks (assuming they have the same compression ratio). We suggest making the dbuf cache be 1/32nd of all memory, so that in this scenario we should be able to keep all the indirect blocks decompressed in the dbuf cache. (We want it to be more than the 1/64th that the indirect blocks would use because we need to cache other stuff in the dbuf cache as well.)\n  In real world workloads, this won't help as dramatically as the example above, but we think it's still worth it because the risk of decreasing performance is low. The potential negative performance impact is that we will be slightly reducing the size of the ARC (by ~3%).\n\n9166 zfs storage pool checkpoint\n\n\n  The idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that.  It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data).  It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it.  Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure.  She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state.  Otherwise, she discards it.  With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”.\n\nMore information\n8484 Implement aggregate sum and use for arc counters\n\n\n  In pursuit of improving performance on multi-core systems, we should implements fanned out counters and use them to improve the performance of some of the arc statistics. These stats are updated extremely frequently, and can consume a significant amount of CPU time.\n\nAnd a small bug fix authored by me:\n9321 arcloancompressedbuf() can increment arcloanedbytes by the wrong value\n\n\n\n  arcloancompressedbuf() increments arcloanedbytes by psize unconditionally In the case of zfscompressedarcenabled=0, when the buf is returned via arcreturnbuf(), if ARCBUFCOMPRESSED(buf) is false, then arcloanedbytes is decremented by lsize, not psize.\n  Switch to using arcbufsize(buf), instead of psize, which will return psize or lsize, depending on the result of ARCBUF_COMPRESSED(buf).\n  \n  \n\n\nMAP_STACK for OpenBSD\n\n\n\n\n  Almost 2 decades ago we started work on W^X.  The concept was simple. Pages that are writable, should not be executable.  We applied this concept object by object, trying to seperate objects with different qualities to different pages. The first one we handled was the signal trampoline at the top of the stack.  We just kept making changes in the same vein.  Eventually W^X came to some of our kernel address spaces also.\n  The fundamental concept is that an object should only have the\n  permissions necessary, and any other operation should fault.  The only permission separations we have are kernel vs userland, and then read, write, and execute.\n  How about we add another new permission!  This is not a hardware permission, but a software permission.  It is opportunistically enforced by the kernel.\n  the permission is MAPSTACK.  If you want to use memory as a stack, you must mmap it with that flag bit.  The kernel does so automatically for the stack region of a process's stack.  Two other types of stack occur: thread stacks, and alternate signal stacks.  Those are handled in clever ways.\n  When a system call happens, we check if the stack-pointer register points to such a page.  If it doesn't, the program is killed.  We have tightened the ABI.  You may no longer point your stack register at non-stack memory.  You'll be killed.  This checking code is MI, so it works for all platforms.\n  Since page-permissions are generally done on page boundaries, there is caveat that thread and altstacks must now be page-sized and page-aligned, so that we can enforce the MAPSTACK attribute correctly.  It is possible that a few ports need some massaging to satisfy this condition, but we haven't found any which break yet.  A syslog_r has been added so that we can identify these failure cases. Also, the faulting cases are quite verbose for now, to help identify the programs we need to repair.\n\n\n\n\n\n\n**iXsystems**\n\n\n\nWriting Safer C with the Clang Address Sanitizer\n\n\n\n\n  We wanted to improve our password strength algorithm, and decided to go for the industry-standard zxcvbn, from the people at Dropbox. Our web front-end would use the default Javascript library, and for mobile and desktop, we chose to use the C implementation as it was the lowest common denominator for all platforms.\n  Bootstrapping all of this together was done pretty fast. I had toyed around with a few sample passwords so I decided to run it through the test suite we had for the previous password strength evaluator. The test generates a large number of random passwords according to different rules and expects the strength to be in a given range. But the test runner kept crashing with segmentation faults.\n  It turns out the library has a lot of buffer overflow cases that are usually \"harmless\", but eventually crash your program when you run the evaluator function too much. I started fixing the cases I could see, but reading someone else's algorithms to track down tiny memory errors got old pretty fast. I needed a tool to help me.\n  That's when I thought of Clang's Address Sanitizer.\n  AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library\n  Let's try the sanitizer on a simple program. We'll allocate a buffer on the heap, copy each character of a string into it, and print it to standard output.\n  + The site walks through a simple example which contains an error, it writes past the end of a buffer\n  + The code works as expected, and nothing bad happens. It must be fine…\n  + Then they compile it again with the address sanitizer actived\n  So what can we gather from that pile of hex? Let's go through it line by line.\n  AddressSanitizer found a heap buffer overflow at 0x60200000ef3d, a seemingly valid address (not NULL or any other clearly faulty value).\n  + ASAN points directly to the line of code that is causing the problem\n  We're writing outside of the heap in this instruction. And AddressSanitizer isn't having it.\n  This is definitely one of my favorite indications. In addition to telling which line in the code failed and where in the memory the failure happened, you get a complete description of the closest allocated region in memory (which is probably the region you were trying to access).\n  + They then walk through combining this with lldb, the Clang debugger, to actually interactively inspect the state of the problem when an invalid memory access happens\n  Back to my practical case, how did I put the address sanitizer to good use? I simply ran the test suite, compiled with the sanitizer, with lldb. Sure enough, it stopped on every line that could cause a crash. It turns out there were many cases where zxcvbn-c wrote past the end of allocated buffers, on the heap and on the stack. I fixed those cases in the C library and ran the tests again. Not a segfault in sight!\n  I've used memory tools in the past, but they were usually unwieldy, or put such a toll on performance that they were useless in any real-life case. Clang's address sanitizer turned out to be detailed, reliable, and surprisingly easy to use. I've heard of the miracles of Valgrind but macOS hardly supports it, making it a pain to use on my MacBook Pro.\n  Coupled with Clang's static analyzer, AddressSanitizer is going to become a mandatory stop for evaluating code quality. It's also going to be the first tool I grab when facing confusing memory issues. There are many more case where I could use early failure and memory history to debug my code. For example, if a program crashes when accessing member of a deallocated object, we could easily trace the event that caused the deallocation, saving hours of adding and reading logs to retrace just what happened.\n\n\n\n\n\n\n\n\n\n\nNews Roundup\n\n\n\nOn sponsor gifts\n\n\n\n\n  Note the little stack of customs forms off to the side. It’s like I’ve learned a lesson from standing at the post office counter filling out those stupid forms. Sponsors should get their books soon.\n  \n  This seems like an apropos moment to talk about what I do for print sponsors. I say I send them “a gift,” but what does that really mean? The obvious thing to ship them is a copy of the book I’ve written. Flat-out selling print books online has tax implications, though.\n  \n  Sponsors might have guessed that they’d get a copy of the book. But I shipped them the hardcover, which isn’t my usual practice.\n  \n  That’s because I send sponsors a gift. As it’s a gift, I get to choose what I send. I want to send them something nice, to encourage them to sponsor another book. It makes no sense for me to send a sponsor a Singing Wedgie-O-Gram. (Well, maybe a couple sponsors. You know who you are.)\n  \n  The poor bastards who bought into my scam–er, sponsored my untitled book–have no idea what’s coming. As of right now, their sensible guesses are woefully incomplete.\n  \n  Future books? They might get a copy of the book. They might get book plus something. They might just get the something. Folks who sponsor the jails book might get a cake with a file in it. Who knows?\n  \n  It’s a gift. It’s my job to make that gift worthwhile.\n  \n  And to amuse myself. Because otherwise, what’s the point?\n\n\n\n\n\n\n\n\nTCP Blackbox Recorder\n\n```\nAdd the \"TCP Blackbox Recorder\" which we discussed at the developer\nsummits at BSDCan and BSDCam in 2017.\n\nThe TCP Blackbox Recorder allows you to capture events on a TCP connection\nin a ring buffer. It stores metadata with the event. It optionally stores\nthe TCP header associated with an event (if the event is associated with a\npacket) and also optionally stores information on the sockets.\n\nIt supports setting a log ID on a TCP connection and using this to correlate\nmultiple connections that share a common log ID.\n\nYou can log connections in different modes. If you are doing a coordinated\ntest with a particular connection, you may tell the system to put it in\nmode 4 (continuous dump). Or, if you just want to monitor for errors, you\ncan put it in mode 1 (ring buffer) and dump all the ring buffers associated\nwith the connection ID when we receive an error signal for that connection\nID. You can set a default mode that will be applied to a particular ratio\nof incoming connections. You can also manually set a mode using a socket\noption.\n\nThis commit includes only basic probes. rrs@ has added quite an abundance\nof probes in his TCP development work. He plans to commit those soon.\n\nThere are user-space programs which we plan to commit as ports. These read\nthe data from the log device and output pcapng files, and then let you\nanalyze the data (and metadata) in the pcapng files.\n\nReviewed by:    gnn (previous version)\nObtained from:    Netflix, Inc.\nRelnotes:    yes\nDifferential Revision:    https://reviews.freebsd.org/D11085\n```\n\n\n\n\n\n\n\n**Digital Ocean**\n\n\n\nOutta the way, KDE4\n\n\n\n\n  KDE4 has been rudely moved aside on FreeBSD. It still installs (use x11/kde4) and should update without a problem, but this is another step towards adding modern KDE (Plasma 5 and Applications) to the official FreeBSD Ports tree.\n  This has taken a long time mostly for administrative reasons, getting all the bits lined up so that people sticking with KDE4 (which, right now, would be everyone using KDE from official ports and packages on FreeBSD) don’t end up with a broken desktop. We don’t want that. But now that everything Qt4 and kdelibs4-based has been moved aside by suffixing it with -kde4, we have the unsuffixed names free to indicate the latest-and-greatest from upstream.\n  \n  KDE4 users will see a lot of packages moving around and being renamed, but no functional changes. Curiously, the KDE4 desktop depends on Qt5 and KDE Frameworks 5 — and it has for quite some time already, because the Oxygen icons are shared with KDE Frameworks, but primarily because FileLight was updated to the modern KDE Applications version some time ago (the KDE4 version had some serious bugs, although I can not remember what they were). Now that the names are cleaned up, we could consider giving KDE4 users the buggy version back.\n  \n  From here on, we’ve got the following things lined up:\n\n\n\nQt 5.10 is being worked on, except for WebEngine (it would slow down an update way too much), because Plasma is going to want Qt 5.10 soon.\nCMake 3.11 is in the -rc stage, so that is being lined up.\nThe kde5-import branch in KDE-FreeBSD’s copy of the FreeBSD ports tree (e.g. Area51) is being prepped and polished for a few big SVN commits that will add all the new bits.\n\n\n\n  So we’ve been saying Real Soon Now ™ for years, but things are Realer Sooner Nower ™ now.\n\n\n\n\nDell FS12-NV7 and other 2U server (e.g. C6100) disk system hacking\n\n\n  A while back I reviewed the Dell FS12-NV7 – a 2U rack server being sold cheap by all and sundry. It’s a powerful box, even by modern standards, but one of its big drawbacks is the disk system it comes with. But it needn’t be.\n  \n  There are two viable solutions, depending on what you want to do. You can make use of the SAS backplane, using SAS and/or SATA drives, or you can go for fewer SATA drives and free up one or more PCIe slots as Plan B. You probably have an FS12 because it looks good for building a drive array (or even FreeNAS) so I’ll deal with Plan A first.\n  \n  Like most Dell servers, this comes with a Dell PERC RAID SAS controller – a PERC6/i to be precise. This ‘I’ means it has internal connectors; the /E is the same but its sockets are external.\n  \n  The PERC connects to a twelve-slot backplane forming a drive array at the front of the box. More on the backplane later; it’s the PERCs you need to worry about.\n  \n  The PERC6 is actually an LSI Megaraid 1078 card, which is just the thing you need if you’re running an operating system like Windows that doesn’t support a volume manager, striping and other grown-up stuff. Or if your OS does have these features, but you just don’t trust it. If you are running such an OS you may as well stick to the PERC6, and good luck to you. If you’re using BSD (including FreeNAS), Solaris or a Linux distribution that handles disk arrays, read on. The PERC6 is a solution to a problem you probably don’t have, but in all other respects its a turkey. You really want a straightforward HBA (Host Bus Adapter) that allows your clever operating system to talk directly with the drives.\n  \n  Any SAS card based on the 1078 (such as the PERC6) is likely to have problems with drives larger than 2Tb. I’m not completely sure why, but I suspect it only applies to SATA. Unfortunately I don’t have any very large SAS drives to test this theory. A 2Tb limit isn’t really such a problem when you’re talking about a high performance array, as lots of small drives are a better option anyway. But it does matter if you’re building a very large datastore and don’t mind slower access and very significant resilvering times when you replace a drive. And for large datastores, very large SATA drives save you a whole lot of cash. The best capacity/cost ratio is for 5Gb SATA drives\n  \n  Some Dell PERCs can be re-flashed with LSI firmware and used as a normal HBA. Unfortunately the PERC6 isn’t one of them. I believe the PERC6/R can be, but those I’ve seen in a FS12 are just a bit too old. So the first thing you’ll need to do is dump them in the recycling or try and sell them on eBay.\n  \n  There are actually two PERC6 cards in most machine, and they each support eight SAS channels through two SFF-8484 connectors on each card. Given there are twelve drives slots, one of the PERCs is only half used. Sometimes they have a cable going off to a battery located near the fans. This is used in a desperate attempt to keep the data in the card’s cache safe in order to avoid write holes corrupting NTFS during a power failure, although the data on the on-drive caches won’t be so lucky. If you’re using a file system like that, make sure you have a UPS for the whole lot.\n  \n  But we’re going to put the PERCs out of our misery and replace them with some nice new LSI HBAs that will do our operating system’s bidding and let it talk to the drives as it knows best. But which to pick? First we need to know what we’re connecting.\n  \n  Moving to the front of the case there are twelve metal drive slots with a backplane behind. Dell makes machines with either backplanes or expanders. A backplane has a 1:1 SAS channel to drive connection; an expander takes one SAS channel and multiplexes it to (usually) four drives. You could always swap the blackplane with an expander, but I like the 1:1 nature of a backplane. It’s faster, especially if you’re configured as an array. And besides, we don’t want to spend more money than we need to, otherwise we wouldn’t be hot-rodding a cheap 2U server in the first place – expanders are expensive. Bizarrely, HBAs are cheap in comparison. So we need twelve channels of SAS that will connect to the sockets on the backplane.\n  \n  The HBA you will probably want to go with is an LSI, as these have great OS support. Other cards are available, but check that the drivers are also available. The obvious choice for SAS aficionados is the LSI 9211-8i, which has eight internal channels. This is based on an LSI 2000 series chip, the 2008, which is the de-facto standard. There’s also four-channel -4i version, so you could get your twelve channels using one of each – but the price difference is small these days, so you might as well go for two -8i cards. If you want cheaper there are 1068-based equivalent cards, and these work just fine at about half the price. They probably won’t work with larger disks, only operate at 3Gb and the original SAS standard. However, the 2000 series is only about £25 extra and gives you more options for the future. A good investment. Conversely, the latest 3000 series cards can do some extra stuff (particularly to do with active cables) but I can’t see any great advantage in paying megabucks for one unless you’re going really high-end – in which case the NV12 isn’t the box for you anyway. And you’d need some very fast drives and a faster backplane to see any speed advantage. And probably a new motherboard….\n  \n  Whether the 6Gb SAS2 of the 9211-8i is any use on the backplane, which was designed for 3Gb, I don’t know. If it matters that much to you you probably need to spend a lot more money. A drive array with a direct 3Gb to each drive is going to shift fast enough for most purposes.\n  \n  Once you have removed the PERCs and plugged in your modern-ish 9211 HBAs, your next problem is going to be the cable. Both the PERCs and the backplane have SFF-8484 multi-lane connectors, which you might not recognise. SAS is a point-to-point system, the same as SATA, and a multi-lane cable is simply four single cables in a bundle with one plug. (Newer versions of SAS have more). SFF-8484 multi-lane connectors are somewhat rare, (but unfortunately this doesn’t make them valuable if you were hoping to flog them on eBay). The world switched quickly to the SFF-8087 for multi-lane SAS. The signals are electrically the same, but the connector is not.\n  \n  Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post\n  So there are two snags with this backplane. Firstly it’s designed to work with PERC controllers; secondly it has the old SFF-8484 connectors on the back, and any SAS cables you find are likely to have SFF-8087.\n  \n  First things first – there is actually a jumper on the backplane to tell it whether it’s talking to a PERC or a standard LSI HBA. All you need to do is find it and change it. Fortunately there are very few jumpers to choose from (i.e. two), and you know the link is already in the wrong place. So try them one at a time until it works. The one you want may be labelled J15, but I wouldn’t like to say this was the same on every variant.\n  \n  Second problem: the cable. You can get cables with an SFF-8087 on one end and an SFF-8484 on the other. These should work. But they’re usually rather expensive. If you want to make your own, it’s a PITA but at least you have the connectors already (assuming you didn’t bin the ones on the PERC cables).\n  \n  I don’t know what committee designed SAS cable connectors, but ease of construction wasn’t foremost in their collective minds. You’re basically soldering twisted pair to a tiny PCB. This is mechanically rubbish, of course, as the slightest force on the cable will lift the track. Therefore its usual to cover the whole joint in solidified gunk (technical term) to protect it. Rewiring SAS connectors is definitely not easy.\n  \n  I’ve tried various ways of soldering to them, none of which were satisfactory or rewarding. One method is to clip the all bare wires you wish to solder using something like a bulldog clip so they’re at lined up horizontally and then press then adjust the clamp so they’re gently pressed to the tracks on the board, making final adjustments with a strong magnifying glass and a fine tweezers. You can then either solder them with a fine temperature-controlled iron, or have pre-coated the pads with solder paste and flash across it with an SMD rework station. I’d love to know how they’re actually manufactured – using a precision jig I assume.\n  \n  The “easy” way is to avoid soldering the connectors at all; simply cut existing cables in half and join one to the other. I’ve used prototyping matrix board for this. Strip and twist the conductors, push them through a hole and solder. This keeps things compact but manageable. We’re dealing with twisted pair here, so maintain the twists as close as possible to the board – it actually works quite well.\n  \n  However, I’ve now found a reasonably-priced source of the appropriate cable so I don’t do this any more. Contact me if you need some in the UK.\n  \n  So all that remains is to plug your HBAs to the backplane, shove in some drives and you’re away. If you’re at this stage, it “just works”. The access lights for all the drives do their thing as they should. The only mystery is how you can get the ident LED to come on; this may be controlled by the PERC when it detects a failure using the so-called sideband channel, or it may be operated by the electronics on the backplane. It’s workings are, I’m afraid, something of a mystery still – it’s got too much electronics on board to be a completely passive backplane.\n  \n  Plan B: SATA\n  \n  If you plan to use only SATA drives, especially if you don’t intend using more than six, it makes little sense to bother with SAS at all. The Gigabyte motherboard comes with half a dozen perfectly good 3Gb SATA channels, and if you need more you can always put another controller in a PCIe slot, or even USB. The advantages are lower cost and you get to free up two PCIe slots for more interesting things.\n  \n  The down-side is that you can’t use the SAS backplane, but you can still use the mounting bays.\n  \n  Removing the backplane looks tricky, but it really isn’t when you look a bit closer. Take out the fans first (held in place by rubber blocks), undo a couple of screws and it just lifts and slides out. You can then slot and lock in the drives and connect the SATA connectors directly to the back of the drives. You could even slide them out again without opening the case, as long as the cable was long enough and you manually detached the cable it when it was withdrawn. And let’s face it – drives are likely to last for years so even with half a dozen it’s not that great a hardship to open the case occasionally.\n  \n  Next comes power. The PSU has a special connector for the backplane and two standard SATA power plugs. You could split these three ways using an adapter, but if you have a lot of drives you might want to re-wire the cables going to the backplane plug. It can definitely power twelve drives.\n  \n  And that’s almost all there is to it. Unfortunately the main fans are connected to the backplane, which you’ve just removed. You can power them from an adapter on the drive power cables, but there are unused fan connectors on the motherboard. I’m doing a bit more research on cooling options, but this approach has promising possibilities for noise reduction.\n\n\n\n\nBeastie Bits\n\n\nAdriaan de Groot’s post FOSDEM blog post\nMy First FreeNAS\nsmart(8) Call for Testing by Michael Dexter\nBSDCan 2018 Travel Grant Application Now Open\nBSD Developer Kristaps Dzonsons interviews Linus Torvalds, about diving\nTwitter vote - The secret to a faster FreeBSD default build world...\ntmate - Instant terminal sharing\n\n\n\n\nTarsnap\n\nFeedback/Questions\n\n\nVikash - Getting a port added\nChris Wells - Quarterly Ports Branch\nFreeBSD-CI configs on Github\nJenkins on the FreeBSD Wiki\nGordon - Centralised storage suggestions\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eNew ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e[A number of Upstream ZFS features landed in FreeBSD this week]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=331711\"\u003e9188 increase size of dbuf cache to reduce indirect block decompression\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWith compressed ARC (6950) we use up to 25% of our CPU to decompress indirect blocks, under a workload of random cached reads. To reduce this decompression cost, we would like to increase the size of the dbuf cache so that more indirect blocks can be stored uncompressed.\n  If we are caching entire large files of recordsize=8K, the indirect blocks use 1/64th as much memory as the data blocks (assuming they have the same compression ratio). We suggest making the dbuf cache be 1/32nd of all memory, so that in this scenario we should be able to keep all the indirect blocks decompressed in the dbuf cache. (We want it to be more than the 1/64th that the indirect blocks would use because we need to cache other stuff in the dbuf cache as well.)\n  In real world workloads, this won't help as dramatically as the example above, but we think it's still worth it because the risk of decreasing performance is low. The potential negative performance impact is that we will be slightly reducing the size of the ARC (by ~3%).\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=331701\"\u003e9166 zfs storage pool checkpoint\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that.  It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data).  It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it.  Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure.  She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state.  Otherwise, she discards it.  With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://sdimitro.github.io/post/zpool-checkpoint/\"\u003eMore information\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=331404\"\u003e8484 Implement aggregate sum and use for arc counters\u003c/a\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eIn pursuit of improving performance on multi-core systems, we should implements fanned out counters and use them to improve the performance of some of the arc statistics. These stats are updated extremely frequently, and can consume a significant amount of CPU time.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAnd a small bug fix authored by me:\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=331709\"\u003e9321 arc\u003cem\u003eloan\u003c/em\u003ecompressed\u003cem\u003ebuf() can increment arc\u003c/em\u003eloaned\u003cem\u003ebytes by the wrong value\u003c/a\u003e\n\n\n\u003cblockquote\u003e\n  arc\u003c/em\u003eloan\u003cem\u003ecompressed\u003c/em\u003ebuf() increments arc\u003cem\u003eloaned\u003c/em\u003ebytes by psize unconditionally In the case of zfs\u003cem\u003ecompressed\u003c/em\u003earc\u003cem\u003eenabled=0, when the buf is returned via arc\u003c/em\u003ereturn\u003cem\u003ebuf(), if ARC\u003c/em\u003eBUF\u003cem\u003eCOMPRESSED(buf) is false, then arc\u003c/em\u003eloaned\u003cem\u003ebytes is decremented by lsize, not psize.\n  Switch to using arc\u003c/em\u003ebuf\u003cem\u003esize(buf), instead of psize, which will return psize or lsize, depending on the result of ARC\u003c/em\u003eBUF_COMPRESSED(buf).\u003c/li\u003e\n  \u003c/ul\u003e\n  \u003chr /\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026amp;m=152035796722258\u0026amp;w=2\"\u003eMAP_STACK for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eAlmost 2 decades ago we started work on W^X.  The concept was simple. Pages that are writable, should not be executable.  We applied this concept object by object, trying to seperate objects with different qualities to different pages. The first one we handled was the signal trampoline at the top of the stack.  We just kept making changes in the same vein.  Eventually W^X came to some of our kernel address spaces also.\n  The fundamental concept is that an object should only have the\n  permissions necessary, and any other operation should fault.  The only permission separations we have are kernel vs userland, and then read, write, and execute.\n  How about we add another new permission!  This is not a hardware permission, but a software permission.  It is opportunistically enforced by the kernel.\n  the permission is MAP\u003cem\u003eSTACK.  If you want to use memory as a stack, you must mmap it with that flag bit.  The kernel does so automatically for the stack region of a process's stack.  Two other types of stack occur: thread stacks, and alternate signal stacks.  Those are handled in clever ways.\n  When a system call happens, we check if the stack-pointer register points to such a page.  If it doesn't, the program is killed.  We have tightened the ABI.  You may no longer point your stack register at non-stack memory.  You'll be killed.  This checking code is MI, so it works for all platforms.\n  Since page-permissions are generally done on page boundaries, there is caveat that thread and altstacks must now be page-sized and page-aligned, so that we can enforce the MAP\u003c/em\u003eSTACK attribute correctly.  It is possible that a few ports need some massaging to satisfy this condition, but we haven't found any which break yet.  A syslog_r has been added so that we can identify these failure cases. Also, the faulting cases are quite verbose for now, to help identify the programs we need to repair.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\n\n**iXsystems**\n\n\n\n\u003ch3\u003e\u003ca href=\"https://dev.to/loderunner/writing-safer-c-with-clang-address-sanitizer\"\u003eWriting Safer C with the Clang Address Sanitizer\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe wanted to improve our password strength algorithm, and decided to go for the industry-standard zxcvbn, from the people at Dropbox. Our web front-end would use the default Javascript library, and for mobile and desktop, we chose to use the C implementation as it was the lowest common denominator for all platforms.\n  Bootstrapping all of this together was done pretty fast. I had toyed around with a few sample passwords so I decided to run it through the test suite we had for the previous password strength evaluator. The test generates a large number of random passwords according to different rules and expects the strength to be in a given range. But the test runner kept crashing with segmentation faults.\n  It turns out the library has a lot of buffer overflow cases that are usually \"harmless\", but eventually crash your program when you run the evaluator function too much. I started fixing the cases I could see, but reading someone else's algorithms to track down tiny memory errors got old pretty fast. I needed a tool to help me.\n  That's when I thought of Clang's Address Sanitizer.\n  AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library\n  Let's try the sanitizer on a simple program. We'll allocate a buffer on the heap, copy each character of a string into it, and print it to standard output.\n  + The site walks through a simple example which contains an error, it writes past the end of a buffer\n  + The code works as expected, and nothing bad happens. It must be fine…\n  + Then they compile it again with the address sanitizer actived\n  So what can we gather from that pile of hex? Let's go through it line by line.\n  AddressSanitizer found a heap buffer overflow at 0x60200000ef3d, a seemingly valid address (not NULL or any other clearly faulty value).\n  + ASAN points directly to the line of code that is causing the problem\n  We're writing outside of the heap in this instruction. And AddressSanitizer isn't having it.\n  This is definitely one of my favorite indications. In addition to telling which line in the code failed and where in the memory the failure happened, you get a complete description of the closest allocated region in memory (which is probably the region you were trying to access).\n  + They then walk through combining this with lldb, the Clang debugger, to actually interactively inspect the state of the problem when an invalid memory access happens\n  Back to my practical case, how did I put the address sanitizer to good use? I simply ran the test suite, compiled with the sanitizer, with lldb. Sure enough, it stopped on every line that could cause a crash. It turns out there were many cases where zxcvbn-c wrote past the end of allocated buffers, on the heap and on the stack. I fixed those cases in the C library and ran the tests again. Not a segfault in sight!\n  I've used memory tools in the past, but they were usually unwieldy, or put such a toll on performance that they were useless in any real-life case. Clang's address sanitizer turned out to be detailed, reliable, and surprisingly easy to use. I've heard of the miracles of Valgrind but macOS hardly supports it, making it a pain to use on my MacBook Pro.\n  Coupled with Clang's static analyzer, AddressSanitizer is going to become a mandatory stop for evaluating code quality. It's also going to be the first tool I grab when facing confusing memory issues. There are many more case where I could use early failure and memory history to debug my code. For example, if a program crashes when accessing member of a deallocated object, we could easily trace the event that caused the deallocation, saving hours of adding and reading logs to retrace just what happened.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\n\n\n\n\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\n\n\u003ch3\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3131\"\u003eOn sponsor gifts\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eNote the little stack of customs forms off to the side. It’s like I’ve learned a lesson from standing at the post office counter filling out those stupid forms. Sponsors should get their books soon.\u003c/p\u003e\n  \n  \u003cp\u003eThis seems like an apropos moment to talk about what I do for print sponsors. I say I send them “a gift,” but what does that really mean? The obvious thing to ship them is a copy of the book I’ve written. Flat-out selling print books online has tax implications, though.\u003c/p\u003e\n  \n  \u003cp\u003eSponsors might have guessed that they’d get a copy of the book. But I shipped them the hardcover, which isn’t my usual practice.\u003c/p\u003e\n  \n  \u003cp\u003eThat’s because I send sponsors a gift. As it’s a gift, I get to choose what I send. I want to send them something nice, to encourage them to sponsor another book. It makes no sense for me to send a sponsor a Singing Wedgie-O-Gram. (Well, maybe a couple sponsors. You know who you are.)\u003c/p\u003e\n  \n  \u003cp\u003eThe poor bastards who bought into my scam–er, sponsored my untitled book–have no idea what’s coming. As of right now, their sensible guesses are woefully incomplete.\u003c/p\u003e\n  \n  \u003cp\u003eFuture books? They might get a copy of the book. They might get book plus something. They might just get the something. Folks who sponsor the jails book might get a cake with a file in it. Who knows?\u003c/p\u003e\n  \n  \u003cp\u003eIt’s a gift. It’s my job to make that gift worthwhile.\u003c/p\u003e\n  \n  \u003cp\u003eAnd to amuse myself. Because otherwise, what’s the point?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr /\u003e\n\n\n\n\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=331347\"\u003eTCP Blackbox Recorder\u003c/a\u003e\u003c/h3\u003e\n\n```\nAdd the \"TCP Blackbox Recorder\" which we discussed at the developer\nsummits at BSDCan and BSDCam in 2017.\n\nThe TCP Blackbox Recorder allows you to capture events on a TCP connection\nin a ring buffer. It stores metadata with the event. It optionally stores\nthe TCP header associated with an event (if the event is associated with a\npacket) and also optionally stores information on the sockets.\n\nIt supports setting a log ID on a TCP connection and using this to correlate\nmultiple connections that share a common log ID.\n\nYou can log connections in different modes. If you are doing a coordinated\ntest with a particular connection, you may tell the system to put it in\nmode 4 (continuous dump). Or, if you just want to monitor for errors, you\ncan put it in mode 1 (ring buffer) and dump all the ring buffers associated\nwith the connection ID when we receive an error signal for that connection\nID. You can set a default mode that will be applied to a particular ratio\nof incoming connections. You can also manually set a mode using a socket\noption.\n\nThis commit includes only basic probes. rrs@ has added quite an abundance\nof probes in his TCP development work. He plans to commit those soon.\n\nThere are user-space programs which we plan to commit as ports. These read\nthe data from the log device and output pcapng files, and then let you\nanalyze the data (and metadata) in the pcapng files.\n\nReviewed by:    gnn (previous version)\nObtained from:    Netflix, Inc.\nRelnotes:    yes\nDifferential Revision:    https://reviews.freebsd.org/D11085\n```\n\n\n\n\u003chr /\u003e\n\n\n\n**Digital Ocean**\n\n\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=1812\"\u003eOutta the way, KDE4\u003c/a\u003e\u003c/h3\u003e\n\n\n\n\u003cblockquote\u003e\n  \u003cp\u003eKDE4 has been rudely moved aside on FreeBSD. It still installs (use x11/kde4) and should update without a problem, but this is another step towards adding modern KDE (Plasma 5 and Applications) to the official FreeBSD Ports tree.\n  This has taken a long time mostly for administrative reasons, getting all the bits lined up so that people sticking with KDE4 (which, right now, would be everyone using KDE from official ports and packages on FreeBSD) don’t end up with a broken desktop. We don’t want that. But now that everything Qt4 and kdelibs4-based has been moved aside by suffixing it with -kde4, we have the unsuffixed names free to indicate the latest-and-greatest from upstream.\u003c/p\u003e\n  \n  \u003cp\u003eKDE4 users will see a lot of packages moving around and being renamed, but no functional changes. Curiously, the KDE4 desktop depends on Qt5 and KDE Frameworks 5 — and it has for quite some time already, because the Oxygen icons are shared with KDE Frameworks, but primarily because FileLight was updated to the modern KDE Applications version some time ago (the KDE4 version had some serious bugs, although I can not remember what they were). Now that the names are cleaned up, we could consider giving KDE4 users the buggy version back.\u003c/p\u003e\n  \n  \u003cp\u003eFrom here on, we’ve got the following things lined up:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQt 5.10 is being worked on, except for WebEngine (it would slow down an update way too much), because Plasma is going to want Qt 5.10 soon.\u003c/li\u003e\n\u003cli\u003eCMake 3.11 is in the -rc stage, so that is being lined up.\u003c/li\u003e\n\u003cli\u003eThe kde5-import branch in KDE-FreeBSD’s copy of the FreeBSD ports tree (e.g. Area51) is being prepped and polished for a few big SVN commits that will add all the new bits.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eSo we’ve been saying Real Soon Now ™ for years, but things are Realer Sooner Nower ™ now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.frankleonhardt.com/2017/del-fs12-nv7-and-other-2u-server-e-g-c6100-disk-system-hacking/\"\u003eDell FS12-NV7 and other 2U server (e.g. C6100) disk system hacking\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eA while back I reviewed the Dell FS12-NV7 – a 2U rack server being sold cheap by all and sundry. It’s a powerful box, even by modern standards, but one of its big drawbacks is the disk system it comes with. But it needn’t be.\u003c/p\u003e\n  \n  \u003cp\u003eThere are two viable solutions, depending on what you want to do. You can make use of the SAS backplane, using SAS and/or SATA drives, or you can go for fewer SATA drives and free up one or more PCIe slots as Plan B. You probably have an FS12 because it looks good for building a drive array (or even FreeNAS) so I’ll deal with Plan A first.\u003c/p\u003e\n  \n  \u003cp\u003eLike most Dell servers, this comes with a Dell PERC RAID SAS controller – a PERC6/i to be precise. This ‘I’ means it has internal connectors; the /E is the same but its sockets are external.\u003c/p\u003e\n  \n  \u003cp\u003eThe PERC connects to a twelve-slot backplane forming a drive array at the front of the box. More on the backplane later; it’s the PERCs you need to worry about.\u003c/p\u003e\n  \n  \u003cp\u003eThe PERC6 is actually an LSI Megaraid 1078 card, which is just the thing you need if you’re running an operating system like Windows that doesn’t support a volume manager, striping and other grown-up stuff. Or if your OS does have these features, but you just don’t trust it. If you are running such an OS you may as well stick to the PERC6, and good luck to you. If you’re using BSD (including FreeNAS), Solaris or a Linux distribution that handles disk arrays, read on. The PERC6 is a solution to a problem you probably don’t have, but in all other respects its a turkey. You really want a straightforward HBA (Host Bus Adapter) that allows your clever operating system to talk directly with the drives.\u003c/p\u003e\n  \n  \u003cp\u003eAny SAS card based on the 1078 (such as the PERC6) is likely to have problems with drives larger than 2Tb. I’m not completely sure why, but I suspect it only applies to SATA. Unfortunately I don’t have any very large SAS drives to test this theory. A 2Tb limit isn’t really such a problem when you’re talking about a high performance array, as lots of small drives are a better option anyway. But it does matter if you’re building a very large datastore and don’t mind slower access and very significant resilvering times when you replace a drive. And for large datastores, very large SATA drives save you a whole lot of cash. The best capacity/cost ratio is for 5Gb SATA drives\u003c/p\u003e\n  \n  \u003cp\u003eSome Dell PERCs can be re-flashed with LSI firmware and used as a normal HBA. Unfortunately the PERC6 isn’t one of them. I believe the PERC6/R can be, but those I’ve seen in a FS12 are just a bit too old. So the first thing you’ll need to do is dump them in the recycling or try and sell them on eBay.\u003c/p\u003e\n  \n  \u003cp\u003eThere are actually two PERC6 cards in most machine, and they each support eight SAS channels through two SFF-8484 connectors on each card. Given there are twelve drives slots, one of the PERCs is only half used. Sometimes they have a cable going off to a battery located near the fans. This is used in a desperate attempt to keep the data in the card’s cache safe in order to avoid write holes corrupting NTFS during a power failure, although the data on the on-drive caches won’t be so lucky. If you’re using a file system like that, make sure you have a UPS for the whole lot.\u003c/p\u003e\n  \n  \u003cp\u003eBut we’re going to put the PERCs out of our misery and replace them with some nice new LSI HBAs that will do our operating system’s bidding and let it talk to the drives as it knows best. But which to pick? First we need to know what we’re connecting.\u003c/p\u003e\n  \n  \u003cp\u003eMoving to the front of the case there are twelve metal drive slots with a backplane behind. Dell makes machines with either backplanes or expanders. A backplane has a 1:1 SAS channel to drive connection; an expander takes one SAS channel and multiplexes it to (usually) four drives. You could always swap the blackplane with an expander, but I like the 1:1 nature of a backplane. It’s faster, especially if you’re configured as an array. And besides, we don’t want to spend more money than we need to, otherwise we wouldn’t be hot-rodding a cheap 2U server in the first place – expanders are expensive. Bizarrely, HBAs are cheap in comparison. So we need twelve channels of SAS that will connect to the sockets on the backplane.\u003c/p\u003e\n  \n  \u003cp\u003eThe HBA you will probably want to go with is an LSI, as these have great OS support. Other cards are available, but check that the drivers are also available. The obvious choice for SAS aficionados is the LSI 9211-8i, which has eight internal channels. This is based on an LSI 2000 series chip, the 2008, which is the de-facto standard. There’s also four-channel -4i version, so you could get your twelve channels using one of each – but the price difference is small these days, so you might as well go for two -8i cards. If you want cheaper there are 1068-based equivalent cards, and these work just fine at about half the price. They probably won’t work with larger disks, only operate at 3Gb and the original SAS standard. However, the 2000 series is only about £25 extra and gives you more options for the future. A good investment. Conversely, the latest 3000 series cards can do some extra stuff (particularly to do with active cables) but I can’t see any great advantage in paying megabucks for one unless you’re going really high-end – in which case the NV12 isn’t the box for you anyway. And you’d need some very fast drives and a faster backplane to see any speed advantage. And probably a new motherboard….\u003c/p\u003e\n  \n  \u003cp\u003eWhether the 6Gb SAS2 of the 9211-8i is any use on the backplane, which was designed for 3Gb, I don’t know. If it matters that much to you you probably need to spend a lot more money. A drive array with a direct 3Gb to each drive is going to shift fast enough for most purposes.\u003c/p\u003e\n  \n  \u003cp\u003eOnce you have removed the PERCs and plugged in your modern-ish 9211 HBAs, your next problem is going to be the cable. Both the PERCs and the backplane have SFF-8484 multi-lane connectors, which you might not recognise. SAS is a point-to-point system, the same as SATA, and a multi-lane cable is simply four single cables in a bundle with one plug. (Newer versions of SAS have more). SFF-8484 multi-lane connectors are somewhat rare, (but unfortunately this doesn’t make them valuable if you were hoping to flog them on eBay). The world switched quickly to the SFF-8087 for multi-lane SAS. The signals are electrically the same, but the connector is not.\u003c/p\u003e\n  \n  \u003cp\u003ePlease generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post\n  So there are two snags with this backplane. Firstly it’s designed to work with PERC controllers; secondly it has the old SFF-8484 connectors on the back, and any SAS cables you find are likely to have SFF-8087.\u003c/p\u003e\n  \n  \u003cp\u003eFirst things first – there is actually a jumper on the backplane to tell it whether it’s talking to a PERC or a standard LSI HBA. All you need to do is find it and change it. Fortunately there are very few jumpers to choose from (i.e. two), and you know the link is already in the wrong place. So try them one at a time until it works. The one you want may be labelled J15, but I wouldn’t like to say this was the same on every variant.\u003c/p\u003e\n  \n  \u003cp\u003eSecond problem: the cable. You can get cables with an SFF-8087 on one end and an SFF-8484 on the other. These should work. But they’re usually rather expensive. If you want to make your own, it’s a PITA but at least you have the connectors already (assuming you didn’t bin the ones on the PERC cables).\u003c/p\u003e\n  \n  \u003cp\u003eI don’t know what committee designed SAS cable connectors, but ease of construction wasn’t foremost in their collective minds. You’re basically soldering twisted pair to a tiny PCB. This is mechanically rubbish, of course, as the slightest force on the cable will lift the track. Therefore its usual to cover the whole joint in solidified gunk (technical term) to protect it. Rewiring SAS connectors is definitely not easy.\u003c/p\u003e\n  \n  \u003cp\u003eI’ve tried various ways of soldering to them, none of which were satisfactory or rewarding. One method is to clip the all bare wires you wish to solder using something like a bulldog clip so they’re at lined up horizontally and then press then adjust the clamp so they’re gently pressed to the tracks on the board, making final adjustments with a strong magnifying glass and a fine tweezers. You can then either solder them with a fine temperature-controlled iron, or have pre-coated the pads with solder paste and flash across it with an SMD rework station. I’d love to know how they’re actually manufactured – using a precision jig I assume.\u003c/p\u003e\n  \n  \u003cp\u003eThe “easy” way is to avoid soldering the connectors at all; simply cut existing cables in half and join one to the other. I’ve used prototyping matrix board for this. Strip and twist the conductors, push them through a hole and solder. This keeps things compact but manageable. We’re dealing with twisted pair here, so maintain the twists as close as possible to the board – it actually works quite well.\u003c/p\u003e\n  \n  \u003cp\u003eHowever, I’ve now found a reasonably-priced source of the appropriate cable so I don’t do this any more. Contact me if you need some in the UK.\u003c/p\u003e\n  \n  \u003cp\u003eSo all that remains is to plug your HBAs to the backplane, shove in some drives and you’re away. If you’re at this stage, it “just works”. The access lights for all the drives do their thing as they should. The only mystery is how you can get the ident LED to come on; this may be controlled by the PERC when it detects a failure using the so-called sideband channel, or it may be operated by the electronics on the backplane. It’s workings are, I’m afraid, something of a mystery still – it’s got too much electronics on board to be a completely passive backplane.\u003c/p\u003e\n  \n  \u003cp\u003ePlan B: SATA\u003c/p\u003e\n  \n  \u003cp\u003eIf you plan to use only SATA drives, especially if you don’t intend using more than six, it makes little sense to bother with SAS at all. The Gigabyte motherboard comes with half a dozen perfectly good 3Gb SATA channels, and if you need more you can always put another controller in a PCIe slot, or even USB. The advantages are lower cost and you get to free up two PCIe slots for more interesting things.\u003c/p\u003e\n  \n  \u003cp\u003eThe down-side is that you can’t use the SAS backplane, but you can still use the mounting bays.\u003c/p\u003e\n  \n  \u003cp\u003eRemoving the backplane looks tricky, but it really isn’t when you look a bit closer. Take out the fans first (held in place by rubber blocks), undo a couple of screws and it just lifts and slides out. You can then slot and lock in the drives and connect the SATA connectors directly to the back of the drives. You could even slide them out again without opening the case, as long as the cable was long enough and you manually detached the cable it when it was withdrawn. And let’s face it – drives are likely to last for years so even with half a dozen it’s not that great a hardship to open the case occasionally.\u003c/p\u003e\n  \n  \u003cp\u003eNext comes power. The PSU has a special connector for the backplane and two standard SATA power plugs. You could split these three ways using an adapter, but if you have a lot of drives you might want to re-wire the cables going to the backplane plug. It can definitely power twelve drives.\u003c/p\u003e\n  \n  \u003cp\u003eAnd that’s almost all there is to it. Unfortunately the main fans are connected to the backplane, which you’ve just removed. You can power them from an adapter on the drive power cables, but there are unused fan connectors on the motherboard. I’m doing a bit more research on cooling options, but this approach has promising possibilities for noise reduction.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=1787\"\u003eAdriaan de Groot’s post FOSDEM blog post\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.manios.ca/blog/2018/01/my-first-freenas/\"\u003eMy First FreeNAS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-fs/2018-March/025997.html\"\u003esmart(8) Call for Testing by Michael Dexter\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-travel-grant-application-now-open/\"\u003eBSDCan 2018 Travel Grant Application Now Open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://divelog.blue/linus_torvalds.html\"\u003eBSD Developer Kristaps Dzonsons interviews Linus Torvalds, about diving\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/michaeldexter/status/979236774667939840\"\u003eTwitter vote - The secret to a faster FreeBSD default build world...\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://tmate.io/\"\u003etmate - Instant terminal sharing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTarsnap\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eVikash - \u003ca href=\"http://dpaste.com/05X35B1#wrap\"\u003eGetting a port added\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChris Wells - \u003ca href=\"http://dpaste.com/05S7A6V#wrap\"\u003eQuarterly Ports Branch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freebsd/freebsd-ci\"\u003eFreeBSD-CI configs on Github\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/Jenkins\"\u003eJenkins on the FreeBSD Wiki\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGordon - \u003ca href=\"http://dpaste.com/0HSVFE7#wrap\"\u003eCentralised storage suggestions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"New ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking.","date_published":"2018-04-07T15:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b3126658-f33d-4d1b-9298-94929ae3e52e.mp3","mime_type":"audio/mp3","size_in_bytes":47822501,"duration_in_seconds":5958}]},{"id":"http://feed.jupiter.zone/bsdnow#entry-1668","title":"Episode 239: The Return To ptrace | BSD Now 239","url":"https://www.bsdnow.tv/239","content_text":"OpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available.\n\nRSS Feeds:\n\nMP3 Feed | iTunes Feed | HD Vid Feed | HD Torrent Feed\n\nBecome a supporter on Patreon:\n\n\n\n- Show Notes: -\n\nHeadlines\n\nPreventing Windows 10 and untrusted software from having full access to the internet using OpenBSD\n\n\n  Whilst setting up one of my development laptops to port some software to Windows I noticed Windows 10 doing crazy things like installing or updating apps and games by default after initial setup. The one I noticed in particular was Candy Crush Soda Saga which for those who don't know of it is some cheesy little puzzle game originally for consumer devices. I honestly did not want software like this near to a development machine. It has also been reported that Windows 10 now also updates core system software without notifying the user. Surely this destroys any vaguely deterministic behaviour, in my opinion making Windows 10 by default almost useless for development testbeds.\n  \n  Deciding instead to start from scratch but this time to set the inbuilt Windows Firewall to be very restrictive and only allow a few select programs to communicate. In this case all I really needed to be online was Firefox, Subversion and Putty. To my amusement (and astonishment) I found out that the Windows firewall could be modified to give access very easily by programs during installation (usually because this task needs to be done with admin privileges). It also seems that Windows store Apps can change the windows firewall settings at any point. One way to get around this issue could be to install a 3rd party firewall that most software will not have knowledge about and thus not attempt to break through. However the only decent firewall I have used was Sygate Pro which unfortunately is no longer supported by recent operating systems. The last supported versions was 2003, XP and 2000. In short, I avoid 3rd party firewalls.\n  \n  Instead I decided to trap Windows 10 (and all of it's rogue updaters) behind a virtual machine running OpenBSD. This effectively provided me with a full blown firewall appliance. From here I could then allow specific software I trusted through the firewall (via a proxy) in a safe, controlled and deterministic manner. For other interested developers (and security conscious users) and for my own reference, I have listed the steps taken here:\n\n\n\n1) First and foremost disable the Windows DHCP service - this is so no IP can be obtained on any interface. This effectively stops any communication with any network on the host system. This can be done by running services.msc with admin privileges and stopping and disabling the service called DHCP Client.\n2) Install or enable your favorite virtualization software - I have tested this with both VirtualBox and Hyper-V. Note that on non-server versions of Windows, in order to get Hyper-V working, your processor also needs to support SLAT which is daft so to avoid faffing about, I recommend using VirtualBox to get round this seemingly arbitrary restriction.\n3) Install OpenBSD on the VM - Note, if you decide to use Hyper-V, its hardware support isn't 100% perfect to run OpenBSD and you will need to disable a couple of things in the kernel. At the initial boot prompt, run the following commands.\n\n\n\nconfig -e -o /bsd /bsd\ndisable acpi\ndisable mpbios\n\n\n\n4) Add a host only virtual adapter to the VM - This is the one which we are going to connect through the VM with. Look at the IP that VirtualBox assigns this in network manager on the host machine. Mine was [b]192.168.56.1[/b]. Set up the adapter in the OpenBSD VM to have a static address on the same subnet. For example [b]192.168.56.2[/b]. If you are using Hyper-V and OpenBSD, make sure you add a \"Legacy Interface\" because no guest additions are available. Then set up a virtual switch which is host only.\n5) Add a bridged adapter to the VM - then assign it to whichever interface you wanted to connect to the external network with. Note that if using Wireless, set the bridged adapters MAC address to the same as your physical device or the access point will reject it. This is not needed (or possible) on Hyper-V because the actual device is \"shared\" rather than bridged so the same MAC address is used. Again, if you use Hyper-V, then add another virtual switch and attach it to your chosen external interface. VMs in Hyper-V \"share\" an adapter within a virtual switch and there is the option to also disable the hosts ability to use this interface at the same time which is fine for an additional level of security if those pesky rogue apps and updaters can also enable / disable DHCP service one day which wouldn't be too surprising.\n6) Connect to your network in the host OS - In case of Wireless, select the correct network from the list and type in a password if needed. Windows will probably say \"no internet available\", it also does not assign an IP address which is fine.\n7) Install the Squid proxy package on the OpenBSD guest and enable the daemon\n\n\n```\n\npkg_add squid\n\necho 'squid_flags=\"\"' \u0026gt;\u0026gt; /etc/rc.conf.local\n\n/etc/rc.d/squid start\n\n```\n\n\n  We will use this service for a limited selection of \"safe and trusted\" programs to connect to the outside world from within the Windows 10 host. You can also use putty on the host to connect to the VM via SSH and create a SOCKS proxy which software like Firefox can also use to connect externally.\n\n\n\n8) Configure the software you want to be able to access the external network with\n\nFirefox - go to the connection settings and specify the VMs IP address for the proxy.\nSubversion - modify the %HOME%\\AppData\\Roaming\\Subversion\\servers file and change the HTTP proxy field to the VMs IP. This is important to communicate with GitHub via https:// (Yes, GitHub also supports Subversion). For svn:// addresses you can use Putty to port forward.\nChromium/Chrome - unfortunately uses the global Windows proxy settings which defeats much of the purpose of this exercise if we were going to allow all of Windows access to the internet via the proxy. It would become mayhem again. However we can still use Putty to create a SOCKS proxy and then launch the browser with the following flags:\n\n\n\n--proxy-server=\"socks5://\u0026lt;VM IP\u0026gt;:\u0026lt;SOCKS PORT\u0026gt;\"\n--host-resolver-rules=\"MAP * 0.0.0.0 , EXCLUDE \u0026lt;VM IP\u0026gt;\"\n\n\n\n9) Congratulations, you are now done - Admittedly this process can be a bit fiddly to set up but it completely prevents Windows 10 from making a complete mess. This solution is probably also useful for those who like privacy or don't like the idea of their software \"phoning home\". Hope you find this useful and if you have any issues, please feel free to leave questions in the comments.\n\n\n\n\nLLDB restoration and return to ptrace(2)\n\n\n  I've managed to unbreak the LLDB debugger as much as possible with the current kernel and hit problems with ptrace(2) that are causing issues with further work on proper NetBSD support. Meanwhile, I've upstreamed all the planned NetBSD patches to sanitizers and helped other BSDs to gain better or initial support.\n\n\n\nLLDB\n\n\n\n  Since the last time I worked on LLDB, we have introduced many changes to the kernel interfaces (most notably related to signals) that apparently fixed some bugs in Go and introduced regressions in ptrace(2). Part of the regressions were noted by the existing ATF tests. However, the breakage was only marked as a new problem to resolve. For completeness, the ptrace(2) code was also cleaned up by Christos Zoulas, and we fixed some bugs with compat32.\n  \n  I've fixed a crash in *NetBSD::Factory::Launch(), triggered on startup of the lldb-server application.\n  \n  Here is the commit message:\n\n\n```\nWe cannot call process_up-\u0026gt;SetState() inside\nthe NativeProcessNetBSD::Factory::Launch\nfunction because it triggers a NULL pointer\ndeference.\n\nThe generic code for launching a process in:\nGDBRemoteCommunicationServerLLGS::LaunchProcess\nsets the mdebuggedprocessup pointer after\na successful call to  mprocessfactory.Launch().\nIf we attempt to call processup-\u0026gt;SetState()\ninside a platform specific Launch function we\nend up dereferencing a NULL pointer in\nNativeProcessProtocol::GetCurrentThreadID().\n\nUse the proper call processup-\u0026gt;SetState(,false)\nthat sets notifydelegates to false.\n```\n\n\nSanitizers\n\n\n\n  I suspended development of new features in sanitizers last month, but I was still in the process of upstreaming of local patches. This process was time-consuming as it required rebasing patches, adding dedicated tests, and addressing all other requests and comments from the upstream developers.\n  \n  I'm not counting hot fixes, as some changes were triggering build or test issues on !NetBSD hosts. Thankfully all these issues were addressed quickly. The final result is a reduction of local delta size of almost 1MB to less than 100KB (1205 lines of diff). The remaining patches are rescheduled for later, mostly because they depend on extra work with cross-OS tests and prior integration of sanitizers with the basesystem distribution. I didn't want to put extra work here in the current state of affairs and, I've registered as a mentor for Google Summer of Code for the NetBSD Foundation and prepared Software Quality improvement tasks in order to outsource part of the labour.\n\n\n\nUserland changes\n\n\n\n  I've also improved documentation for some of the features of NetBSD, described in man-pages. These pieces of information were sometimes wrong or incomplete, and this makes covering the NetBSD system with features such as sanitizers harder as there is a mismatch between the actual code and the documented code.\n  \n  Some pieces of software also require better namespacing support, these days mostly for the POSIX standard. I've fixed few low-hanging fruits there and requested pullups to NetBSD-8(BETA).\n  \n  I thank the developers for improving the landed code in order to ship the best solutions for users.\n\n\n\nBSD collaboration in LLVM\n\n\n\n  A One-man-show in human activity is usually less fun and productive than collaboration in a team. This is also true in software development. Last month I was helping as a reviewer to port LLVM features to FreeBSD and when possible to OpenBSD. This included MSan/FreeBSD, libFuzzer/FreeBSD, XRay/FreeBSD and UBSan/OpenBSD.\n  \n  I've landed most of the submitted and reviewed code to the mainstream LLVM tree.\n  \n  Part of the code also verified the correctness of NetBSD routes in the existing porting efforts and showed new options for improvement. This is the reason why I've landed preliminary XRay/NetBSD code and added missing NetBSD bits to ToolChain::getOSLibName(). The latter produced setup issues with the prebuilt LLVM toolchain, as the directory name with compiler-rt goodies were located in a path like ./lib/clang/7.0.0/lib/netbsd8.99.12 with a varying OS version. This could stop working after upgrades, so I've simplified it to \"netbsd\", similar to FreeBSD and Solaris.\n\n\n\nPrebuilt toolchain for testers\n\n\n\n  I've prepared a build of Clang/LLVM with LLDB and compiler-rt features prebuilt on NetBSD/amd64 v. 8.99.12:\n\n\nllvm-clang-compilerrt-lldb-7.0.0beta_2018-02-28.tar.bz2\n\n\nPlan for the next milestone\n\n\n\n  With the approaching NetBSD 8.0 release I plan to finish backporting a few changes there from HEAD:\n\n\n\nRemove one unused feature from ptrace(2), PTSETSIGMASK \u0026amp; PTGETSIGMASK. I've originally introduced these operations with criu/rr-like software in mind, but they are misusing or even abusing ptrace(2) and are not regular process debuggers. I plan to remove this operation from HEAD and backport this to NetBSD-8(BETA), before the release, so no compat will be required for this call. Future ports of criu/rr should involve dedicated kernel support for such requirements.\nFinish the backport of UCMACHINE_FP() to NetBSD-8. This will allow use of the same code in sanitizers in HEAD and NetBSD-8.0.\nBy popular demand, improve the regnsub(3) and regasub(3) API, adding support for more or less substitutions than 10.\n\n\n\n  Once done, I will return to ptrace(2) debugging and corrections.\n\n\n\n\nDigitalOcean\n\nWorking with the NetBSD kernel\n\n\nOverview\n\n\n\n  When working on complex systems, such as OS kernels, your attention span and cognitive energy are too valuable to be wasted on inefficiencies pertaining to ancillary tasks. After experimenting with different environmental setups for kernel debugging, some of which were awkward and distracting from my main objectives, I have arrived to my current workflow, which is described here. This approach is mainly oriented towards security research and the study of kernel internals.\n  \n  Before delving into the details, this is the general outline of my environment:\n  \n  My host system runs Linux. My target system is a QEMU guest.\n  \n  I’m tracing and debugging on my host system by attaching GDB (with NetBSD x86-64 ABI support) to QEMU’s built-in GDB server.\n  I work with NetBSD-current. All sources are built on my host system with the cross-compilation toolchain produced by build.sh.\n  I use NFS to share the source tree and the build artifacts between the target and the host.\n  I find IDEs awkward, so for codebase navigation I mainly rely on vim, tmux and ctags.\n  For non-intrusive instrumentation, such as figuring out control flow, I’m using dtrace.\n\n\n\nPreparing the host system\n\nQEMU\nGDB\nNFS Exports\nBuilding NetBSD-current\nA word of warning\n\nNow is a great time to familiarize yourself with the build.sh tool and its options. Be especially carefull with the following options:\n\n\n\n    -r          Remove contents of TOOLDIR and DESTDIR before building.\n    -u          Set MKUPDATE=yes; do not run \"make clean\" first.\n        Without this, everything is rebuilt, including the tools.\n\n\n\n  Chance are, you do not want to use these options once you’ve successfully built the cross-compilation toolchain and your entire userland, because building those takes time and there aren’t many good reasons to recompile them from scratch. Here’s what to expect:\n  \n  On my desktop, running a quad-core Intel i5-3470 at 3.20GHz with 24GB of RAM and underlying directory structure residing on a SSD drive, the entire process took about 55 minutes. I was running make with -j12, so the machine was quite busy.\n  On an old Dell D630 laptop, running Intel Core 2 Duo T7500 at 2.20GHz with 4GB of RAM and a slow hard drive (5400RPM), the process took approximatelly 2.5 hours. I was running make with -j4. Based on the temperature alerts and CPU clock throttling messages, it was quite a struggle.\n\n\n\nAcquiring the sources\nCompiling the sources\n\nPreparing the guest system\nProvisioning your guest\nPkgin and NFS shares\nTailoring the kernel for debugging\nInstalling the new kernel\nConfiguring DTrace\nDebugging the guest’s kernel\n\n\n\n\nNews Roundup\n\nAdd support for the experimental Internet-Draft \"TCP Alternative Backoff”\n\n```\nAdd support for the experimental Internet-Draft \"TCP Alternative Backoff with\nECN (ABE)\" proposal to the New Reno congestion control algorithm module.\nABE reduces the amount of congestion window reduction in response to\nECN-signalled congestion relative to the loss-inferred congestion response.\n\nMore details about ABE can be found in the Internet-Draft:\nhttps://tools.ietf.org/html/draft-ietf-tcpm-alternativebackoff-ecn\n\nThe implementation introduces four new sysctls:\n\n\nnet.inet.tcp.cc.abe defaults to 0 (disabled) and can be set to non-zero to\nenable ABE for ECN-enabled TCP connections.\nnet.inet.tcp.cc.newreno.beta and net.inet.tcp.cc.newreno.betaecn set the\nmultiplicative window decrease factor, specified as a percentage, applied to\nthe congestion window in response to a loss-based or ECN-based congestion\nsignal respectively. They default to the values specified in the draft i.e.\nbeta=50 and betaecn=80.\nnet.inet.tcp.cc.abe_frlossreduce defaults to 0 (disabled) and can be set to\nnon-zero to enable the use of standard beta (50% by default) when repairing\nloss during an ECN-signalled congestion recovery episode. It enables a more\nconservative congestion response and is provided for the purposes of\nexperimentation as a result of some discussion at IETF 100 in Singapore.\n\n\nThe values of beta and betaecn can also be set per-connection by way of the\nTCPCCALGOOPT TCP-level socket option and the new CCNEWRENOBETA or\nCCNEWRENOBETA_ECN CC algo sub-options.\n\nSubmitted by:    Tom Jones tj@enoti.me\nTested by:    Tom Jones tj@enoti.me, Grenville Armitage garmitage@swin.edu.au\nRelnotes:    Yes\nDifferential Revision:    https://reviews.freebsd.org/D11616\n```\n\n\n\nMeltdown-mitigation syspatch/errata now available\n\n\n  The recent changes in -current mitigating the Meltdown vulnerability have been backported to the 6.1 and 6.2 (amd64) releases, and the syspatch update (for 6.2) is now available.\n\n\n\n6.1\n\n\n```\nChanges by:    bluhm@cvs.openbsd.org   2018/02/26 05:36:18\nLog message:\nImplement a workaround against the Meltdown flaw in Intel CPUs.\nThe following changes have been backported from OpenBSD -current.\n\nChanges by:     guenther@cvs.openbsd.org        2018/01/06 15:03:13\nLog message:\nHandle %gs like %[def]s and reset set it in cpu_switchto() instead of on\nevery return to userspace.\n\nChanges by:     mlarkin@cvs.openbsd.org 2018/01/06 18:08:20\nLog message:\nAdd identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs\nthat should help mitigate spectre. This is just the detection piece, these\nfeatures are not yet used.\nPart of a larger ongoing effort to mitigate meltdown/spectre. i386 will\ncome later; it needs some machdep.c cleanup first.\n\nChanges by:     mlarkin@cvs.openbsd.org 2018/01/07 12:56:19\nLog message:\nremove all PG_G global page mappings from the kernel when running on\nIntel CPUs. Part of an ongoing set of commits to mitigate the Intel\n\"meltdown\" CVE. This diff does not confer any immunity to that\nvulnerability - subsequent commits are still needed and are being\nworked on presently.\nok guenther, deraadt\n\nChanges by:     mlarkin@cvs.openbsd.org 2018/01/12 01:21:30\nLog message:\nIBRS -\u0026gt; IBRS,IBPB in identifycpu lines\n\nChanges by:     guenther@cvs.openbsd.org        2018/02/21 12:24:15\nLog message:\nMeltdown: implement user/kernel page table separation.\nOn Intel CPUs which speculate past user/supervisor page permission checks,\nuse a separate page table for userspace with only the minimum of kernel code\nand data required for the transitions to/from the kernel (still marked as\nsupervisor-only, of course):\n- the IDT (RO)\n- three pages of kernel text in the .kutext section for interrupt, trap,\nand syscall trampoline code (RX)\n- one page of kernel data in the .kudata section for TLB flush IPIs (RW)\n- the lapic page (RW, uncachable)\n- per CPU: one page for the TSS+GDT (RO) and one page for trampoline\nstacks (RW)\nWhen a syscall, trap, or interrupt takes a CPU from userspace to kernel the\ntrampoline code switches page tables, switches stacks to the thread's real\nkernel stack, then copies over the necessary bits from the trampoline stack.\nOn return to userspace the opposite occurs: recreate the iretq frame on the\ntrampoline stack, switch stack, switch page tables, and return to userspace.\nmlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing\nissues on MP in particular, and drove the final push to completion.\nMany rounds of testing by naddy@, sthen@, and others\nThanks to Alex Wilson from Joyent for early discussions about trampolines\nand their data requirements.\nPer-CPU page layout mostly inspired by DragonFlyBSD.\nok mlarkin@ deraadt@\n\nChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:18:59\nLog message:\nThe GNU assembler does not understand 1ULL, so replace the constant\nwith 1.  Then it compiles with gcc, sign and size do not matter\nhere.\n\nChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:27:14\nLog message:\nThe compile time assertion for cpu info did not work with gcc.\nRephrase the condition in a way that both gcc and clang accept it.\n\nChanges by:     guenther@cvs.openbsd.org        2018/02/22 13:36:40\nLog message:\nSet the PG_G (global) bit on the special page table entries that are shared\nbetween the u-k and u+k tables, because they're actually in all tables.\n\nOpenBSD 6.1 errata 037\n```\n\n\n6.2\n\n\n```\nChanges by:    bluhm@cvs.openbsd.org   2018/02/26 05:29:48\nLog message:\nImplement a workaround against the Meltdown flaw in Intel CPUs.\nThe following changes have been backported from OpenBSD -current.\n\nChanges by:     guenther@cvs.openbsd.org        2018/01/06 15:03:13\nLog message:\nHandle %gs like %[def]s and reset set it in cpu_switchto() instead of on\nevery return to userspace.\n\nChanges by:     mlarkin@cvs.openbsd.org 2018/01/06 18:08:20\nLog message:\nAdd identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs\nthat should help mitigate spectre. This is just the detection piece, these\nfeatures are not yet used.\nPart of a larger ongoing effort to mitigate meltdown/spectre. i386 will\ncome later; it needs some machdep.c cleanup first.\n\nChanges by:     mlarkin@cvs.openbsd.org 2018/01/07 12:56:19\nLog message:\nremove all PG_G global page mappings from the kernel when running on\nIntel CPUs. Part of an ongoing set of commits to mitigate the Intel\n\"meltdown\" CVE. This diff does not confer any immunity to that\nvulnerability - subsequent commits are still needed and are being\nworked on presently.\n\nChanges by:     mlarkin@cvs.openbsd.org 2018/01/12 01:21:30\nLog message:\nIBRS -\u0026gt; IBRS,IBPB in identifycpu lines\n\nChanges by:     guenther@cvs.openbsd.org        2018/02/21 12:24:15\nLog message:\nMeltdown: implement user/kernel page table separation.\nOn Intel CPUs which speculate past user/supervisor page permission checks,\nuse a separate page table for userspace with only the minimum of kernel code\nand data required for the transitions to/from the kernel (still marked as\nsupervisor-only, of course):\n- the IDT (RO)\n- three pages of kernel text in the .kutext section for interrupt, trap,\nand syscall trampoline code (RX)\n- one page of kernel data in the .kudata section for TLB flush IPIs (RW)\n- the lapic page (RW, uncachable)\n- per CPU: one page for the TSS+GDT (RO) and one page for trampoline\nstacks (RW)\nWhen a syscall, trap, or interrupt takes a CPU from userspace to kernel the\ntrampoline code switches page tables, switches stacks to the thread's real\nkernel stack, then copies over the necessary bits from the trampoline stack.\nOn return to userspace the opposite occurs: recreate the iretq frame on the\ntrampoline stack, switch stack, switch page tables, and return to userspace.\nmlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing\nissues on MP in particular, and drove the final push to completion.\nMany rounds of testing by naddy@, sthen@, and others\nThanks to Alex Wilson from Joyent for early discussions about trampolines\nand their data requirements.\nPer-CPU page layout mostly inspired by DragonFlyBSD.\n\nChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:18:59\nLog message:\nThe GNU assembler does not understand 1ULL, so replace the constant\nwith 1.  Then it compiles with gcc, sign and size do not matter\nhere.\n\nChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:27:14\nLog message:\nThe compile time assertion for cpu info did not work with gcc.\nRephrase the condition in a way that both gcc and clang accept it.\n\nChanges by:     guenther@cvs.openbsd.org        2018/02/22 13:36:40\nLog message:\nSet the PG_G (global) bit on the special page table entries that are shared\nbetween the u-k and u+k tables, because they're actually in all tables.\n\nOpenBSD 6.2 errata 009\n```\n\n\nsyspatch\n\n\n\n\niXsystems\n\na2k18 Hackathon Report: Ken Westerback on dhclient and more\n\n\n  Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:\n\n\n\nYYZ -\u0026gt; YVR -\u0026gt; MEL -\u0026gt; ZQN -\u0026gt; CHC -\u0026gt; DUD -\u0026gt; WLG -\u0026gt; AKL -\u0026gt; SYD -\u0026gt; BNE -\u0026gt; YVR -\u0026gt; YYZ\nFor those of you who don’t speak Airport code:\nToronto -\u0026gt; Vancouver -\u0026gt; Melbourne -\u0026gt; Queenstown -\u0026gt; Christchurch -\u0026gt; Dunedin\nThen: Dunedin -\u0026gt; Wellington -\u0026gt; Auckland -\u0026gt; Sydney -\u0026gt; Brisbane -\u0026gt; Vancouver -\u0026gt; Toronto\n\n\n```\n\nWhew.\n\nOnce in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.\n```\n\n```\nI worked with rpe@ and tb@ to make the install script create the 'correct' FQDN when dhclient was involved. I worked with tb@ on some code cleanup in various bits of the base. dhclient(8) got some nice cleanup, further pruning/improving log messages in particular. In addition the oddball -q option was flipped into the more normal -v. I.e. be quiet by default and verbose on request.\n\nMore substantially the use of recorded leases was made less intrusive by avoiding continual reconfiguration of the interface with the same information. The 'request', 'require' and 'ignore' dhclient.conf(5) statement were changed so they are cumulative, making it easier to build longer lists of affected options.\n\nI tweaked softraid(4) to remove a handrolled version of duid_format().\n\nI sprinkled a couple of M_WAITOK into amd64 and i386 mpbios to document that there is really no need to check for NULL being returned from some malloc() calls.\n\nI continued to help test the new filesystem quiescing logic that deraadt@ committed during the hackathon.\n\nI only locked myself out of my room once!\n\nFueled by the excellent coffee from local institutions The Good Earth Cafe and The Good Oil Cafe, and the excellent hacking facilities and accommodations at the University of Otago it was another enjoyable and productive hackathon south of the equator. And I even saw penguins.\n\nThanks to Jim Cheetham and the support from the project and the OpenBSD Foundation that made it all possible\n```\n\n\n\nPoetic License\n\n\n  I found this when going through old documents. It looks like I wrote it and never posted it. Perhaps I didn’t consider it finished at the time. But looking at it now, I think it’s good enough to share. It’s a redrafting of the BSD licence, in poetic form. Maybe I had plans to do other licences one day; I can’t remember.\n  \n  I’ve interleaved it with the original license text so you can see how true, or otherwise, I’ve been to it. Enjoy :-)\n\n\n```\nCopyright (c) , \nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n```\n\n\n  You may redistribute and use –\n  as source or binary, as you choose,\n  and with some changes or without –\n  this software; let there be no doubt.\n  But you must meet conditions three,\n  if in compliance you wish to be.\n\n\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright\n  notice, this list of conditions and the following disclaimer in the\n  documentation and/or other materials provided with the distribution.\n3. Neither the name of the  nor the names of its\n   contributors may be used to endorse or promote products derived\n   from this software without specific prior written permission.\n\n\n\n  The first is obvious, of course –\n  To keep this text within the source.\n  The second is for binaries\n  Place in the docs a copy, please.\n  A moral lesson from this ode –\n  Don’t strip the copyright on code.\n  \n  The third applies when you promote:\n  You must not take, from us who wrote,\n  our names and make it seem as true\n  we like or love your version too.\n  (Unless, of course, you contact us\n  And get our written assensus.)\n\n\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS  IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE\nCOPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,\nINCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,\nBUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN\nANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\nPOSSIBILITY OF SUCH DAMAGE.\n\n\n\n  One final point to be laid out\n  (You must forgive my need to shout):\n  THERE IS NO WARRANTY FOR THIS\n  WHATEVER THING MAY GO AMISS.\n  EXPRESS, IMPLIED, IT’S ALL THE SAME –\n  RESPONSIBILITY DISCLAIMED.\n  \n  WE ARE NOT LIABLE FOR LOSS\n  NO MATTER HOW INCURRED THE COST\n  THE TYPE OR STYLE OF DAMAGE DONE\n  WHATE’ER THE LEGAL THEORY SPUN.\n  THIS STILL REMAINS AS TRUE IF YOU\n  INFORM US WHAT YOU PLAN TO DO.\n  \n  When all is told, we sum up thus –\n  Do what you like, just don’t sue us.\n\n\n\n\n\n\nBeastie Bits\n\n\nAsiaBSDCon 2018 Videos\nThe January/February 2018 FreeBSD Journal is Here\nAnnouncing the pkgsrc-2017Q4 release (2018-01-04)\nBSD Hamburg Event\nZFS User conference\nUnreal Engine 4 Being Brought Natively To FreeBSD By Independent Developer\n\n\n\n\nTarsnap ad\n\n\n\nFeedback/Questions\n\n\nPhilippe - I heart FreeBSD and other questions\nCyrus - BSD Now is excellent\nArchitect - Combined Feedback\nDale - ZFS on Linux moving to ZFS on FreeBSD\nTommi - New BUG in Finland\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available.\u003c/p\u003e\n\n\u003ch3\u003eRSS Feeds:\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://feeds.feedburner.com/BsdNowMp3\"\u003eMP3 Feed\u003c/a\u003e \u003cstrong\u003e|\u003c/strong\u003e \u003ca href=\"https://itunes.apple.com/us/podcast/bsd-now-mp3/id701045710?mt=2\"\u003eiTunes Feed\u003c/a\u003e \u003cstrong\u003e|\u003c/strong\u003e \u003ca href=\"http://feeds.feedburner.com/BsdNowHd\"\u003eHD Vid Feed\u003c/a\u003e \u003cstrong\u003e|\u003c/strong\u003e \u003ca href=\"http://bitlove.org/jupiterbroadcasting/bsdnowhd/feed\"\u003eHD Torrent Feed\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.patreon.com/jupitersignal\"\u003eBecome a supporter on Patreon\u003c/a\u003e:\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.patreon.com/jupitersignal\" rel=\"Support us on Patreon\"\u003e\u003cimg src=\"http://i.imgur.com/2ioAf3Q.png\" alt=\"Patreon\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003e- Show Notes: -\u003c/h3\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ibm.com/developerworks/community/blogs/karsten/entry/Preventing_Windows_10_and_untrusted_software_from_having_full_access_to_the_internet?lang=en\"\u003ePreventing Windows 10 and untrusted software from having full access to the internet using OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWhilst setting up one of my development laptops to port some software to Windows I noticed Windows 10 doing crazy things like installing or updating apps and games by default after initial setup. The one I noticed in particular was Candy Crush Soda Saga which for those who don't know of it is some cheesy little puzzle game originally for consumer devices. I honestly did not want software like this near to a development machine. It has also been reported that Windows 10 now also updates core system software without notifying the user. Surely this destroys any vaguely deterministic behaviour, in my opinion making Windows 10 by default almost useless for development testbeds.\u003c/p\u003e\n  \n  \u003cp\u003eDeciding instead to start from scratch but this time to set the inbuilt Windows Firewall to be very restrictive and only allow a few select programs to communicate. In this case all I really needed to be online was Firefox, Subversion and Putty. To my amusement (and astonishment) I found out that the Windows firewall could be modified to give access very easily by programs during installation (usually because this task needs to be done with admin privileges). It also seems that Windows store Apps can change the windows firewall settings at any point. One way to get around this issue could be to install a 3rd party firewall that most software will not have knowledge about and thus not attempt to break through. However the only decent firewall I have used was Sygate Pro which unfortunately is no longer supported by recent operating systems. The last supported versions was 2003, XP and 2000. In short, I avoid 3rd party firewalls.\u003c/p\u003e\n  \n  \u003cp\u003eInstead I decided to trap Windows 10 (and all of it's rogue updaters) behind a virtual machine running OpenBSD. This effectively provided me with a full blown firewall appliance. From here I could then allow specific software I trusted through the firewall (via a proxy) in a safe, controlled and deterministic manner. For other interested developers (and security conscious users) and for my own reference, I have listed the steps taken here:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e1) First and foremost disable the Windows DHCP service - this is so no IP can be obtained on any interface. This effectively stops any communication with any network on the host system. This can be done by running services.msc with admin privileges and stopping and disabling the service called DHCP Client.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e2) Install or enable your favorite virtualization software - I have tested this with both VirtualBox and Hyper-V. Note that on non-server versions of Windows, in order to get Hyper-V working, your processor also needs to support SLAT which is daft so to avoid faffing about, I recommend using VirtualBox to get round this seemingly arbitrary restriction.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e3) Install OpenBSD on the VM - Note, if you decide to use Hyper-V, its hardware support isn't 100% perfect to run OpenBSD and you will need to disable a couple of things in the kernel. At the initial boot prompt, run the following commands.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e\nconfig -e -o /bsd /bsd\ndisable acpi\ndisable mpbios\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e4) Add a host only virtual adapter to the VM - This is the one which we are going to connect through the VM with. Look at the IP that VirtualBox assigns this in network manager on the host machine. Mine was [b]192.168.56.1[/b]. Set up the adapter in the OpenBSD VM to have a static address on the same subnet. For example [b]192.168.56.2[/b]. If you are using Hyper-V and OpenBSD, make sure you add a \"Legacy Interface\" because no guest additions are available. Then set up a virtual switch which is host only.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e5) Add a bridged adapter to the VM - then assign it to whichever interface you wanted to connect to the external network with. Note that if using Wireless, set the bridged adapters MAC address to the same as your physical device or the access point will reject it. This is not needed (or possible) on Hyper-V because the actual device is \"shared\" rather than bridged so the same MAC address is used. Again, if you use Hyper-V, then add another virtual switch and attach it to your chosen external interface. VMs in Hyper-V \"share\" an adapter within a virtual switch and there is the option to also disable the hosts ability to use this interface at the same time which is fine for an additional level of security if those pesky rogue apps and updaters can also enable / disable DHCP service one day which wouldn't be too surprising.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e6) Connect to your network in the host OS - In case of Wireless, select the correct network from the list and type in a password if needed. Windows will probably say \"no internet available\", it also does not assign an IP address which is fine.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e7) Install the Squid proxy package on the OpenBSD guest and enable the daemon\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e```\u003c/p\u003e\n\n\u003ch4\u003epkg_add squid\u003c/h4\u003e\n\n\u003ch4\u003eecho 'squid_flags=\"\"' \u003e\u003e /etc/rc.conf.local\u003c/h4\u003e\n\n\u003ch4\u003e/etc/rc.d/squid start\u003c/h4\u003e\n\n\u003cp\u003e```\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWe will use this service for a limited selection of \"safe and trusted\" programs to connect to the outside world from within the Windows 10 host. You can also use putty on the host to connect to the VM via SSH and create a SOCKS proxy which software like Firefox can also use to connect externally.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e8) Configure the software you want to be able to access the external network with\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eFirefox - go to the connection settings and specify the VMs IP address for the proxy.\u003c/li\u003e\n\u003cli\u003eSubversion - modify the %HOME%\\AppData\\Roaming\\Subversion\\servers file and change the HTTP proxy field to the VMs IP. This is important to communicate with GitHub via https:// (Yes, GitHub also supports Subversion). For svn:// addresses you can use Putty to port forward.\u003c/li\u003e\n\u003cli\u003eChromium/Chrome - unfortunately uses the global Windows proxy settings which defeats much of the purpose of this exercise if we were going to allow \u003cem\u003eall\u003c/em\u003e of Windows access to the internet via the proxy. It would become mayhem again. However we can still use Putty to create a SOCKS proxy and then launch the browser with the following flags:\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e\n--proxy-server=\"socks5://\u0026lt;VM IP\u0026gt;:\u0026lt;SOCKS PORT\u0026gt;\"\n--host-resolver-rules=\"MAP * 0.0.0.0 , EXCLUDE \u0026lt;VM IP\u0026gt;\"\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e9) Congratulations, you are now done - Admittedly this process can be a bit fiddly to set up but it completely prevents Windows 10 from making a complete mess. This solution is probably also useful for those who like privacy or don't like the idea of their software \"phoning home\". Hope you find this useful and if you have any issues, please feel free to leave questions in the comments.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/lldb_restoration_and_return_to\"\u003eLLDB restoration and return to ptrace(2)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI've managed to unbreak the LLDB debugger as much as possible with the current kernel and hit problems with ptrace(2) that are causing issues with further work on proper NetBSD support. Meanwhile, I've upstreamed all the planned NetBSD patches to sanitizers and helped other BSDs to gain better or initial support.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLLDB\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eSince the last time I worked on LLDB, we have introduced many changes to the kernel interfaces (most notably related to signals) that apparently fixed some bugs in Go and introduced regressions in ptrace(2). Part of the regressions were noted by the existing ATF tests. However, the breakage was only marked as a new problem to resolve. For completeness, the ptrace(2) code was also cleaned up by Christos Zoulas, and we fixed some bugs with compat32.\u003c/p\u003e\n  \n  \u003cp\u003eI've fixed a crash in *NetBSD::Factory::Launch(), triggered on startup of the lldb-server application.\u003c/p\u003e\n  \n  \u003cp\u003eHere is the commit message:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e```\nWe cannot call process_up-\u003eSetState() inside\nthe NativeProcessNetBSD::Factory::Launch\nfunction because it triggers a NULL pointer\ndeference.\u003c/p\u003e\n\n\u003cp\u003eThe generic code for launching a process in:\nGDBRemoteCommunicationServerLLGS::LaunchProcess\nsets the m\u003cem\u003edebugged\u003c/em\u003eprocess\u003cem\u003eup pointer after\na successful call to  m\u003c/em\u003eprocess\u003cem\u003efactory.Launch().\nIf we attempt to call process\u003c/em\u003eup-\u003eSetState()\ninside a platform specific Launch function we\nend up dereferencing a NULL pointer in\nNativeProcessProtocol::GetCurrentThreadID().\u003c/p\u003e\n\n\u003cp\u003eUse the proper call process\u003cem\u003eup-\u003eSetState(,false)\nthat sets notify\u003c/em\u003edelegates to false.\n```\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSanitizers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI suspended development of new features in sanitizers last month, but I was still in the process of upstreaming of local patches. This process was time-consuming as it required rebasing patches, adding dedicated tests, and addressing all other requests and comments from the upstream developers.\u003c/p\u003e\n  \n  \u003cp\u003eI'm not counting hot fixes, as some changes were triggering build or test issues on !NetBSD hosts. Thankfully all these issues were addressed quickly. The final result is a reduction of local delta size of almost 1MB to less than 100KB (1205 lines of diff). The remaining patches are rescheduled for later, mostly because they depend on extra work with cross-OS tests and prior integration of sanitizers with the basesystem distribution. I didn't want to put extra work here in the current state of affairs and, I've registered as a mentor for Google Summer of Code for the NetBSD Foundation and prepared Software Quality improvement tasks in order to outsource part of the labour.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUserland changes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI've also improved documentation for some of the features of NetBSD, described in man-pages. These pieces of information were sometimes wrong or incomplete, and this makes covering the NetBSD system with features such as sanitizers harder as there is a mismatch between the actual code and the documented code.\u003c/p\u003e\n  \n  \u003cp\u003eSome pieces of software also require better namespacing support, these days mostly for the POSIX standard. I've fixed few low-hanging fruits there and requested pullups to NetBSD-8(BETA).\u003c/p\u003e\n  \n  \u003cp\u003eI thank the developers for improving the landed code in order to ship the best solutions for users.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD collaboration in LLVM\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eA One-man-show in human activity is usually less fun and productive than collaboration in a team. This is also true in software development. Last month I was helping as a reviewer to port LLVM features to FreeBSD and when possible to OpenBSD. This included MSan/FreeBSD, libFuzzer/FreeBSD, XRay/FreeBSD and UBSan/OpenBSD.\u003c/p\u003e\n  \n  \u003cp\u003eI've landed most of the submitted and reviewed code to the mainstream LLVM tree.\u003c/p\u003e\n  \n  \u003cp\u003ePart of the code also verified the correctness of NetBSD routes in the existing porting efforts and showed new options for improvement. This is the reason why I've landed preliminary XRay/NetBSD code and added missing NetBSD bits to ToolChain::getOSLibName(). The latter produced setup issues with the prebuilt LLVM toolchain, as the directory name with compiler-rt goodies were located in a path like ./lib/clang/7.0.0/lib/netbsd8.99.12 with a varying OS version. This could stop working after upgrades, so I've simplified it to \"netbsd\", similar to FreeBSD and Solaris.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePrebuilt toolchain for testers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI've prepared a build of Clang/LLVM with LLDB and compiler-rt features prebuilt on NetBSD/amd64 v. 8.99.12:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ellvm-clang-compilerrt-lldb-7.0.0beta_2018-02-28.tar.bz2\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlan for the next milestone\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWith the approaching NetBSD 8.0 release I plan to finish backporting a few changes there from HEAD:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRemove one unused feature from ptrace(2), PT\u003cem\u003eSET\u003c/em\u003eSIGMASK \u0026amp; PT\u003cem\u003eGET\u003c/em\u003eSIGMASK. I've originally introduced these operations with criu/rr-like software in mind, but they are misusing or even abusing ptrace(2) and are not regular process debuggers. I plan to remove this operation from HEAD and backport this to NetBSD-8(BETA), before the release, so no compat will be required for this call. Future ports of criu/rr should involve dedicated kernel support for such requirements.\nFinish the backport of \u003cem\u003eUC\u003c/em\u003eMACHINE_FP() to NetBSD-8. This will allow use of the same code in sanitizers in HEAD and NetBSD-8.0.\u003c/li\u003e\n\u003cli\u003eBy popular demand, improve the regnsub(3) and regasub(3) API, adding support for more or less substitutions than 10.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOnce done, I will return to ptrace(2) debugging and corrections.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eDigitalOcean\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://t.pagef.lt/working-with-the-netbsd-kernel/\"\u003eWorking with the NetBSD kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOverview\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eWhen working on complex systems, such as OS kernels, your attention span and cognitive energy are too valuable to be wasted on inefficiencies pertaining to ancillary tasks. After experimenting with different environmental setups for kernel debugging, some of which were awkward and distracting from my main objectives, I have arrived to my current workflow, which is described here. This approach is mainly oriented towards security research and the study of kernel internals.\u003c/p\u003e\n  \n  \u003cp\u003eBefore delving into the details, this is the general outline of my environment:\u003c/p\u003e\n  \n  \u003cp\u003eMy host system runs Linux. My target system is a QEMU guest.\u003c/p\u003e\n  \n  \u003cp\u003eI’m tracing and debugging on my host system by attaching GDB (with NetBSD x86-64 ABI support) to QEMU’s built-in GDB server.\n  I work with NetBSD-current. All sources are built on my host system with the cross-compilation toolchain produced by build.sh.\n  I use NFS to share the source tree and the build artifacts between the target and the host.\n  I find IDEs awkward, so for codebase navigation I mainly rely on vim, tmux and ctags.\n  For non-intrusive instrumentation, such as figuring out control flow, I’m using dtrace.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003ePreparing the host system\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eQEMU\u003c/li\u003e\n\u003cli\u003eGDB\u003c/li\u003e\n\u003cli\u003eNFS Exports\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eBuilding NetBSD-current\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA word of warning\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eNow is a great time to familiarize yourself with the build.sh tool and its options. Be especially carefull with the following options:\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e\n    -r          Remove contents of TOOLDIR and DESTDIR before building.\n    -u          Set MKUPDATE=yes; do not run \"make clean\" first.\n        Without this, everything is rebuilt, including the tools.\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eChance are, you do not want to use these options once you’ve successfully built the cross-compilation toolchain and your entire userland, because building those takes time and there aren’t many good reasons to recompile them from scratch. Here’s what to expect:\u003c/p\u003e\n  \n  \u003cp\u003eOn my desktop, running a quad-core Intel i5-3470 at 3.20GHz with 24GB of RAM and underlying directory structure residing on a SSD drive, the entire process took about 55 minutes. I was running make with -j12, so the machine was quite busy.\n  On an old Dell D630 laptop, running Intel Core 2 Duo T7500 at 2.20GHz with 4GB of RAM and a slow hard drive (5400RPM), the process took approximatelly 2.5 hours. I was running make with -j4. Based on the temperature alerts and CPU clock throttling messages, it was quite a struggle.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAcquiring the sources\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eCompiling the sources\u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003ePreparing the guest system\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eProvisioning your guest\u003c/li\u003e\n\u003cli\u003ePkgin and NFS shares\u003c/li\u003e\n\u003cli\u003eTailoring the kernel for debugging\u003c/li\u003e\n\u003cli\u003eInstalling the new kernel\u003c/li\u003e\n\u003cli\u003eConfiguring DTrace\u003c/li\u003e\n\u003cli\u003eDebugging the guest’s kernel\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=331214\"\u003eAdd support for the experimental Internet-Draft \"TCP Alternative Backoff”\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e```\nAdd support for the experimental Internet-Draft \"TCP Alternative Backoff with\nECN (ABE)\" proposal to the New Reno congestion control algorithm module.\nABE reduces the amount of congestion window reduction in response to\nECN-signalled congestion relative to the loss-inferred congestion response.\u003c/p\u003e\n\n\u003cp\u003eMore details about ABE can be found in the Internet-Draft:\nhttps://tools.ietf.org/html/draft-ietf-tcpm-alternativebackoff-ecn\u003c/p\u003e\n\n\u003cp\u003eThe implementation introduces four new sysctls:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003enet.inet.tcp.cc.abe defaults to 0 (disabled) and can be set to non-zero to\nenable ABE for ECN-enabled TCP connections.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003enet.inet.tcp.cc.newreno.beta and net.inet.tcp.cc.newreno.beta\u003cem\u003eecn set the\nmultiplicative window decrease factor, specified as a percentage, applied to\nthe congestion window in response to a loss-based or ECN-based congestion\nsignal respectively. They default to the values specified in the draft i.e.\nbeta=50 and beta\u003c/em\u003eecn=80.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003enet.inet.tcp.cc.abe_frlossreduce defaults to 0 (disabled) and can be set to\nnon-zero to enable the use of standard beta (50% by default) when repairing\nloss during an ECN-signalled congestion recovery episode. It enables a more\nconservative congestion response and is provided for the purposes of\nexperimentation as a result of some discussion at IETF 100 in Singapore.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThe values of beta and beta\u003cem\u003eecn can also be set per-connection by way of the\nTCP\u003c/em\u003eCCALGOOPT TCP-level socket option and the new CC\u003cem\u003eNEWRENO\u003c/em\u003eBETA or\nCC\u003cem\u003eNEWRENO\u003c/em\u003eBETA_ECN CC algo sub-options.\u003c/p\u003e\n\n\u003cp\u003eSubmitted by:    Tom Jones \u003ca href=\"\u0026#x6D;\u0026#x61;i\u0026#x6C;\u0026#x74;\u0026#111;:\u0026#x74;\u0026#x6A;\u0026#64;\u0026#x65;\u0026#x6E;\u0026#x6F;\u0026#x74;\u0026#105;.\u0026#x6D;\u0026#101;\"\u003e\u0026#x74;\u0026#x6A;\u0026#64;\u0026#x65;\u0026#x6E;\u0026#x6F;\u0026#x74;\u0026#105;.\u0026#x6D;\u0026#101;\u003c/a\u003e\nTested by:    Tom Jones \u003ca href=\"\u0026#x6D;\u0026#97;\u0026#105;\u0026#x6C;\u0026#x74;\u0026#x6F;:\u0026#116;\u0026#x6A;\u0026#64;\u0026#101;\u0026#x6E;\u0026#111;\u0026#116;\u0026#105;\u0026#x2E;\u0026#x6D;\u0026#101;\"\u003e\u0026#116;\u0026#x6A;\u0026#64;\u0026#101;\u0026#x6E;\u0026#111;\u0026#116;\u0026#105;\u0026#x2E;\u0026#x6D;\u0026#101;\u003c/a\u003e, Grenville Armitage \u003ca href=\"\u0026#109;\u0026#x61;\u0026#105;\u0026#x6C;\u0026#x74;\u0026#x6F;:\u0026#103;\u0026#97;\u0026#x72;\u0026#109;\u0026#x69;ta\u0026#x67;\u0026#x65;\u0026#64;\u0026#x73;\u0026#119;\u0026#105;\u0026#x6E;.\u0026#x65;d\u0026#117;.\u0026#97;\u0026#117;\"\u003e\u0026#103;\u0026#97;\u0026#x72;\u0026#109;\u0026#x69;ta\u0026#x67;\u0026#x65;\u0026#64;\u0026#x73;\u0026#119;\u0026#105;\u0026#x6E;.\u0026#x65;d\u0026#117;.\u0026#97;\u0026#117;\u003c/a\u003e\nRelnotes:    Yes\nDifferential Revision:    https://reviews.freebsd.org/D11616\n```\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180228225937\"\u003eMeltdown-mitigation syspatch/errata now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe recent changes in -current mitigating the Meltdown vulnerability have been backported to the 6.1 and 6.2 (amd64) releases, and the syspatch update (for 6.2) is now available.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026amp;m=151964860620856\u0026amp;w=2\"\u003e6.1\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e```\nChanges by:    bluhm@cvs.openbsd.org   2018/02/26 05:36:18\nLog message:\nImplement a workaround against the Meltdown flaw in Intel CPUs.\nThe following changes have been backported from OpenBSD -current.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     guenther@cvs.openbsd.org        2018/01/06 15:03:13\nLog message:\nHandle %gs like %[def]s and reset set it in cpu_switchto() instead of on\nevery return to userspace.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     mlarkin@cvs.openbsd.org 2018/01/06 18:08:20\nLog message:\nAdd identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs\nthat should help mitigate spectre. This is just the detection piece, these\nfeatures are not yet used.\nPart of a larger ongoing effort to mitigate meltdown/spectre. i386 will\ncome later; it needs some machdep.c cleanup first.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     mlarkin@cvs.openbsd.org 2018/01/07 12:56:19\nLog message:\nremove all PG_G global page mappings from the kernel when running on\nIntel CPUs. Part of an ongoing set of commits to mitigate the Intel\n\"meltdown\" CVE. This diff does not confer any immunity to that\nvulnerability - subsequent commits are still needed and are being\nworked on presently.\nok guenther, deraadt\u003c/p\u003e\n\n\u003cp\u003eChanges by:     mlarkin@cvs.openbsd.org 2018/01/12 01:21:30\nLog message:\nIBRS -\u003e IBRS,IBPB in identifycpu lines\u003c/p\u003e\n\n\u003cp\u003eChanges by:     guenther@cvs.openbsd.org        2018/02/21 12:24:15\nLog message:\nMeltdown: implement user/kernel page table separation.\nOn Intel CPUs which speculate past user/supervisor page permission checks,\nuse a separate page table for userspace with only the minimum of kernel code\nand data required for the transitions to/from the kernel (still marked as\nsupervisor-only, of course):\n- the IDT (RO)\n- three pages of kernel text in the .kutext section for interrupt, trap,\nand syscall trampoline code (RX)\n- one page of kernel data in the .kudata section for TLB flush IPIs (RW)\n- the lapic page (RW, uncachable)\n- per CPU: one page for the TSS+GDT (RO) and one page for trampoline\nstacks (RW)\nWhen a syscall, trap, or interrupt takes a CPU from userspace to kernel the\ntrampoline code switches page tables, switches stacks to the thread's real\nkernel stack, then copies over the necessary bits from the trampoline stack.\nOn return to userspace the opposite occurs: recreate the iretq frame on the\ntrampoline stack, switch stack, switch page tables, and return to userspace.\nmlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing\nissues on MP in particular, and drove the final push to completion.\nMany rounds of testing by naddy@, sthen@, and others\nThanks to Alex Wilson from Joyent for early discussions about trampolines\nand their data requirements.\nPer-CPU page layout mostly inspired by DragonFlyBSD.\nok mlarkin@ deraadt@\u003c/p\u003e\n\n\u003cp\u003eChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:18:59\nLog message:\nThe GNU assembler does not understand 1ULL, so replace the constant\nwith 1.  Then it compiles with gcc, sign and size do not matter\nhere.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:27:14\nLog message:\nThe compile time assertion for cpu info did not work with gcc.\nRephrase the condition in a way that both gcc and clang accept it.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     guenther@cvs.openbsd.org        2018/02/22 13:36:40\nLog message:\nSet the PG_G (global) bit on the special page table entries that are shared\nbetween the u-k and u+k tables, because they're actually in \u003cem\u003eall\u003c/em\u003e tables.\u003c/p\u003e\n\n\u003cp\u003eOpenBSD 6.1 errata 037\n```\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e6.2\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e```\nChanges by:    bluhm@cvs.openbsd.org   2018/02/26 05:29:48\nLog message:\nImplement a workaround against the Meltdown flaw in Intel CPUs.\nThe following changes have been backported from OpenBSD -current.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     guenther@cvs.openbsd.org        2018/01/06 15:03:13\nLog message:\nHandle %gs like %[def]s and reset set it in cpu_switchto() instead of on\nevery return to userspace.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     mlarkin@cvs.openbsd.org 2018/01/06 18:08:20\nLog message:\nAdd identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs\nthat should help mitigate spectre. This is just the detection piece, these\nfeatures are not yet used.\nPart of a larger ongoing effort to mitigate meltdown/spectre. i386 will\ncome later; it needs some machdep.c cleanup first.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     mlarkin@cvs.openbsd.org 2018/01/07 12:56:19\nLog message:\nremove all PG_G global page mappings from the kernel when running on\nIntel CPUs. Part of an ongoing set of commits to mitigate the Intel\n\"meltdown\" CVE. This diff does not confer any immunity to that\nvulnerability - subsequent commits are still needed and are being\nworked on presently.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     mlarkin@cvs.openbsd.org 2018/01/12 01:21:30\nLog message:\nIBRS -\u003e IBRS,IBPB in identifycpu lines\u003c/p\u003e\n\n\u003cp\u003eChanges by:     guenther@cvs.openbsd.org        2018/02/21 12:24:15\nLog message:\nMeltdown: implement user/kernel page table separation.\nOn Intel CPUs which speculate past user/supervisor page permission checks,\nuse a separate page table for userspace with only the minimum of kernel code\nand data required for the transitions to/from the kernel (still marked as\nsupervisor-only, of course):\n- the IDT (RO)\n- three pages of kernel text in the .kutext section for interrupt, trap,\nand syscall trampoline code (RX)\n- one page of kernel data in the .kudata section for TLB flush IPIs (RW)\n- the lapic page (RW, uncachable)\n- per CPU: one page for the TSS+GDT (RO) and one page for trampoline\nstacks (RW)\nWhen a syscall, trap, or interrupt takes a CPU from userspace to kernel the\ntrampoline code switches page tables, switches stacks to the thread's real\nkernel stack, then copies over the necessary bits from the trampoline stack.\nOn return to userspace the opposite occurs: recreate the iretq frame on the\ntrampoline stack, switch stack, switch page tables, and return to userspace.\nmlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing\nissues on MP in particular, and drove the final push to completion.\nMany rounds of testing by naddy@, sthen@, and others\nThanks to Alex Wilson from Joyent for early discussions about trampolines\nand their data requirements.\nPer-CPU page layout mostly inspired by DragonFlyBSD.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:18:59\nLog message:\nThe GNU assembler does not understand 1ULL, so replace the constant\nwith 1.  Then it compiles with gcc, sign and size do not matter\nhere.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     bluhm@cvs.openbsd.org   2018/02/22 13:27:14\nLog message:\nThe compile time assertion for cpu info did not work with gcc.\nRephrase the condition in a way that both gcc and clang accept it.\u003c/p\u003e\n\n\u003cp\u003eChanges by:     guenther@cvs.openbsd.org        2018/02/22 13:36:40\nLog message:\nSet the PG_G (global) bit on the special page table entries that are shared\nbetween the u-k and u+k tables, because they're actually in \u003cem\u003eall\u003c/em\u003e tables.\u003c/p\u003e\n\n\u003cp\u003eOpenBSD 6.2 errata 009\n```\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://man.openbsd.org/syspatch\"\u003esyspatch\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eiXsystems\u003c/strong\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180302002131\"\u003ea2k18 Hackathon Report: Ken Westerback on dhclient and more\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eKen Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.gcmap.com/mapui?P=YYZ-YVR-MEL-ZQN-CHC-DUD,DUD-WLG-AKL-SYD-BNE-YVR-YYZ\"\u003eYYZ -\u003e YVR -\u003e MEL -\u003e ZQN -\u003e CHC -\u003e DUD -\u003e WLG -\u003e AKL -\u003e SYD -\u003e BNE -\u003e YVR -\u003e YYZ\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFor those of you who don’t speak Airport code:\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003eToronto -\u003e Vancouver -\u003e Melbourne -\u003e Queenstown -\u003e Christchurch -\u003e Dunedin\u003c/li\u003e\n\u003cli\u003eThen: Dunedin -\u003e Wellington -\u003e Auckland -\u003e Sydney -\u003e Brisbane -\u003e Vancouver -\u003e Toronto\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e```\u003c/p\u003e\n\n\u003cp\u003eWhew.\u003c/p\u003e\n\n\u003cp\u003eOnce in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.\n```\u003c/p\u003e\n\n\u003cp\u003e```\nI worked with rpe@ and tb@ to make the install script create the 'correct' FQDN when dhclient was involved. I worked with tb@ on some code cleanup in various bits of the base. dhclient(8) got some nice cleanup, further pruning/improving log messages in particular. In addition the oddball -q option was flipped into the more normal -v. I.e. be quiet by default and verbose on request.\u003c/p\u003e\n\n\u003cp\u003eMore substantially the use of recorded leases was made less intrusive by avoiding continual reconfiguration of the interface with the same information. The 'request', 'require' and 'ignore' dhclient.conf(5) statement were changed so they are cumulative, making it easier to build longer lists of affected options.\u003c/p\u003e\n\n\u003cp\u003eI tweaked softraid(4) to remove a handrolled version of duid_format().\u003c/p\u003e\n\n\u003cp\u003eI sprinkled a couple of M_WAITOK into amd64 and i386 mpbios to document that there is really no need to check for NULL being returned from some malloc() calls.\u003c/p\u003e\n\n\u003cp\u003eI continued to help test the new filesystem quiescing logic that deraadt@ committed during the hackathon.\u003c/p\u003e\n\n\u003cp\u003eI only locked myself out of my room once!\u003c/p\u003e\n\n\u003cp\u003eFueled by the excellent coffee from local institutions The Good Earth Cafe and The Good Oil Cafe, and the excellent hacking facilities and accommodations at the University of Otago it was another enjoyable and productive hackathon south of the equator. And I even saw penguins.\u003c/p\u003e\n\n\u003cp\u003eThanks to Jim Cheetham and the support from the project and the OpenBSD Foundation that made it all possible\n```\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.gerv.net/2018/03/poetic-license/\"\u003ePoetic License\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eI found this when going through old documents. It looks like I wrote it and never posted it. Perhaps I didn’t consider it finished at the time. But looking at it now, I think it’s good enough to share. It’s a redrafting of the BSD licence, in poetic form. Maybe I had plans to do other licences one day; I can’t remember.\u003c/p\u003e\n  \n  \u003cp\u003eI’ve interleaved it with the original license text so you can see how true, or otherwise, I’ve been to it. Enjoy :-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e```\nCopyright (c) \u003cYEAR\u003e, \u003cOWNER\u003e\nAll rights reserved.\u003c/p\u003e\n\n\u003cp\u003eRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n```\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eYou may redistribute and use –\n  as source or binary, as you choose,\n  and with some changes or without –\n  this software; let there be no doubt.\n  But you must meet conditions three,\n  if in compliance you wish to be.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright\n  notice, this list of conditions and the following disclaimer in the\n  documentation and/or other materials provided with the distribution.\n3. Neither the name of the  nor the names of its\n   contributors may be used to endorse or promote products derived\n   from this software without specific prior written permission.\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eThe first is obvious, of course –\n  To keep this text within the source.\n  The second is for binaries\n  Place in the docs a copy, please.\n  A moral lesson from this ode –\n  Don’t strip the copyright on code.\u003c/p\u003e\n  \n  \u003cp\u003eThe third applies when you promote:\n  You must not take, from us who wrote,\n  our names and make it seem as true\n  we like or love your version too.\n  (Unless, of course, you contact us\n  And get our written assensus.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS  IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE\nCOPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,\nINCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,\nBUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN\nANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\nPOSSIBILITY OF SUCH DAMAGE.\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n  \u003cp\u003eOne final point to be laid out\n  (You must forgive my need to shout):\n  THERE IS NO WARRANTY FOR THIS\n  WHATEVER THING MAY GO AMISS.\n  EXPRESS, IMPLIED, IT’S ALL THE SAME –\n  RESPONSIBILITY DISCLAIMED.\u003c/p\u003e\n  \n  \u003cp\u003eWE ARE NOT LIABLE FOR LOSS\n  NO MATTER HOW INCURRED THE COST\n  THE TYPE OR STYLE OF DAMAGE DONE\n  WHATE’ER THE LEGAL THEORY SPUN.\n  THIS STILL REMAINS AS TRUE IF YOU\n  INFORM US WHAT YOU PLAN TO DO.\u003c/p\u003e\n  \n  \u003cp\u003eWhen all is told, we sum up thus –\n  Do what you like, just don’t sue us.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLnTFqpZk5ebDZwT-bmYcIwv76yhmTfl0l\"\u003eAsiaBSDCon 2018 Videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/past-issues/storage/\"\u003eThe January/February 2018 FreeBSD Journal is Here\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/pkgsrc-users/2018/01/04/msg026073.html\"\u003eAnnouncing the pkgsrc-2017Q4 release (2018-01-04)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdhh.org/bsdhh-de-index.html\"\u003eBSD Hamburg Event\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://zfs.datto.com/\"\u003eZFS User conference\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026amp;px=Unreal-Engine-4-FreeBSD\"\u003eUnreal Engine 4 Being Brought Natively To FreeBSD By Independent Developer\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cp\u003eTarsnap ad\u003c/p\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhilippe - \u003ca href=\"http://dpaste.com/2643BF5#wrap\"\u003eI heart FreeBSD and other questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCyrus - \u003ca href=\"http://dpaste.com/3NTH14J#wrap\"\u003eBSD Now is excellent\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eArchitect - \u003ca href=\"http://dpaste.com/317BP8X#wrap\"\u003eCombined Feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDale - \u003ca href=\"http://dpaste.com/284G4TQ#wrap\"\u003eZFS on Linux moving to ZFS on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTommi - \u003ca href=\"http://dpaste.com/1KGMRGM#wrap\"\u003eNew BUG in Finland\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003chr /\u003e\u003c/p\u003e","summary":"OpenBSD firewalling Windows 10, NetBSD’s return to ptrace, TCP Alternative Backoff, the BSD Poetic license, and AsiaBSDcon 2018 videos available.","date_published":"2018-03-29T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/17c4fe12-c4ee-47a7-8d14-1a73407e86f4.mp3","mime_type":"audio/mp3","size_in_bytes":44655271,"duration_in_seconds":5563}]},{"id":"19a3e093-c80b-4eae-84c6-aa128d0c61d7","title":"238: VLAN-Zezes-ki in Hardware","url":"https://www.bsdnow.tv/238","content_text":"Looking at Lumina Desktop 2.0, 2 months of KPTI development in SmartOS, OpenBSD email service, an interview with Ryan Zezeski, NomadBSD released, and John Carmack's programming retreat with OpenBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nLooking at Lumina Desktop 2.0\n\n\nA few weeks ago I sat down with Lead Developer Ken Moore of the TrueOS Project to get answers to some of the most frequently asked questions about Lumina Desktop from the open source community. Here is what he said on Lumina Desktop 2.0.  Do you have a question for Ken and the rest of the team over at the TrueOS Project? Make sure to read the interview and comment below. We are glad to answer your questions!\n\nKen: Lumina Desktop 2.0 is a significant overhaul compared to Lumina 1.x. Almost every single subsystem of the desktop has been streamlined, resulting in a nearly-total conversion in many important areas.\n\nWith Lumina Desktop 2.0 we will finally achieve our long-term goal of turning Lumina into a complete, end-to-end management system for the graphical session and removing all the current runtime dependencies from Lumina 1.x (Fluxbox, xscreensaver, compton/xcompmgr). The functionality from those utilities is now provided by Lumina Desktop itself.\n\nGoing along with the session management changes, we have compressed the entire desktop into a single, multi-threaded binary. This means that if any rogue script or tool starts trying to muck about with the memory used by the desktop (probably even more relevant now than when we started working on this), the entire desktop session will close/crash rather than allowing targeted application crashes to bypass the session security mechanisms. By the same token, this also prevents “man-in-the-middle” type of attacks because the desktop does not use any sort of external messaging system to communicate (looking at you dbus). This also gives a large performance boost to Lumina Desktop\n\nThe entire system for how a user’s settings get saved and loaded has been completely redone, making it a “layered” settings system which allows the default settings (Lumina) to get transparently replaced by system settings (OS/Distributor/SysAdmin) which can get replaced by individual user settings. This results in the actual changes in the user setting files to be kept to a minimum and allows for a smooth transition between updates to the OS or Desktop. This also provides the ability to “restrict” a user’s desktop session (based on a system config file) to the default system settings and read-only user sessions for certain business applications.\n\nThe entire graphical interface has been written in QML in order to fully-utilize hardware-based GPU acceleration with OpenGL while the backend logic and management systems are still written entirely in C++. This results in blazing fast performance on the backend systems (myriad multi-threaded C++ objects) as well as a smooth and responsive graphical interface with all the bells and whistles (drag and drop, compositing, shading, etc).\n\n\n\nQ: Are there future plans to implement something like Lumina in a MAC Jail?\n\n\n\nWhile I have never tried out Lumina in a MAC jail, I do not see anything on that page which should stop it from running in one right now. Lumina is already designed to be run as an unpriviledged user and is very smart about probing the system to find out what is/not available before showing anything to the user. The only thing that comes to mind is that you might need to open up some other system devices so that X11 itself can draw to the display (graphical environment setup is a bit different than CLI environment).\n\n\n\nQ: I look forward to these changes. I know the last time I used it when I would scroll I would get flashes like the refresh rate was not high enough. It will be nice to have a fast system as well as I know with the more changes Linux is becoming slower. Not once it has loaded but in the loading process. I will do another download when these changes come out and install again and maybe stay this time.\n\n\n\nIf I recall correctly, one of the very first versions of Lumina (pre-1.0) would occasionally flicker. If that is still happening, you might want to verify that you are using the proper video driver for your hardware and/or enable the compositor within the Lumina settings.\n\n\n\nQ: Why was enlightenment project not considered for TrueOS? It is BSD licensed and is written in C.\n\n\n\nThis was a common question about 4(?) years ago with the first release of the Lumina desktop and it basically boiled down to long-term support and reliability of the underlying toolkit. Some of the things we had to consider were: cross-platform/cross-architecture support, dependency reliability and support framework (Qt5 \u0026gt; EFL), and runtime requirements and dependency tracking (Qt5 is lighter than the EFL). That plus the fact that the EFL specifically states that it is linux-focused and the BSD’s are just an afterthought (especially at the time we were doing the evaluation).\n\n\n\nQ: I have two questions.\n\n\n1) The default layout of Unity(menu bar with actual menu entries on top and icon dock on the side) is one of the few things I liked about my first voyage into non-Windows systems, and have been missing since moving on to other distros(and now also other non-Linux systems). However in 1.4.0 screenshots on Lumina’s site, the OSX-like layout has the menu attached to the window. Will 2.0 be able to have the menus on the bar?\n2) Is there any timeline for a public release, or are you taking a “when it’s ready” approach?\n\n\n\n\n\nIn Lumina you can already put panels on the left/right side of the screen and give you something like the layout of the Unity desktop. The embedded menu system is not available in Lumina because that is not a specification supported by X11 and the window manager standards at the present time. The way that functionality is currently run on Linux is a hacky-bypass of the display system which only really works with the GTK3 and Qt5 toolkits, resulting in very odd overall desktop behavior in mixed environments where some apps use other graphical toolkits.\nWe are targetting the 18.06 STABLE release of TrueOS for Lumina 2, but that is just a guideline and if necessary we will push back the release date to allow for additional testing/fixing as needed.\n\n\n\n\n\nA long two months\n\n\nIllumOS/SmartOS developer Alex Wilson describes the journey of developing KPTI for IllumOS\n\u0026gt; On Monday (January 1st) I had the day off work for New Year's day, as is usual in most of the western world, so I slept in late. Lou and her friend decided to go to the wax museum and see several tourist attractions around SF, and I decided to pass the day at home reading. That afternoon, work chat started talking about a Tumblr post by pythonsweetness about an Intel hardware security bug. At the time I definitely did not suspect that this was going to occupy most of my working life for the next (almost) two months.\n\n\n\nLike many people who work on system security, I had read Anders Fogh's post about a \"Negative Result\" in speculative execution research in July of 2017. At the time I thought it was an interesting writeup and I remember being glad that researchers were looking into this area. I sent the post to Bryan and asked him about his thoughts on it at the time, to which he replied saying that \"it would be shocking if they left a way to directly leak out memory in the speculative execution\". None of us seriously thought that there would be low-hanging fruit down that research path, but we also felt it was important that there was someone doing work in the area who was committed to public disclosure.\n\nAt first, after reading the blog post on Monday, we thought (or hoped) that the bug might \"just\" be a KASLR bypass and wouldn't require a lot of urgency. We tried to reach out to Intel at work to get more information but were met with silence. (We wouldn't hear back from them until after the disclosure was already made public.) The speculation on Tuesday intensified, until finally on Wednesday morning I arrived at the office to find links to late Tuesday night tweets revealing exploits that allowed arbitrary kernel memory reads.\n\nWednesday was not a happy day. Intel finally responded to our emails -- after they had already initiated public disclosure. We all spent a lot of time reading. An arbitrary kernel memory read (an info leak) is not that uncommon as far as bugs go, but for the most part they tend to be fairly easy to fix. The thing that makes the Meltdown and Spectre bugs particularly notable is that in order to mitigate them, a large amount of change is required in very deep low-level parts of the kernel. The kind of deep parts of the kernel where there are 20-year old errata workarounds that were single-line changes that you have to be very careful to not accidentally undo; the kind of parts where, as they say, mortals fear to tread.\n\nOn Friday we saw the patches Matthew Dillon put together for DragonFlyBSD for the first time. These were the first patches for KPTI that were very straightforward to read and understand, and applied to a BSD-derived kernel that was similar to those I'm accustomed to working on.\n\nTo mitigate Meltdown (and partially one of the Spectre variants), you have to make sure that speculative execution cannot reach any sensitive data from a user context. This basically means that the pages the kernel uses for anything potentially sensitive have to be unmapped when we are running user code. Traditionally, CPUs that were built to run a multi-user, UNIX-like OS did this by default (SPARC is an example of such a CPU which has completely separate address spaces for the kernel and userland). However, x86 descends from a single-address-space microcontroller that has grown up avoiding backwards-incompatible changes, and has never really introduced a clean notion of multiple address spaces (segmentation is the closest feature really, and it was thrown out for 64-bit AMD64). Instead, operating systems for x86 have generally wound up (at least in the post-AMD64 era) with flat address space models where the kernel text and data is always present in the page table no matter whether you're in user or kernel mode. The kernel mappings simply have the \"supervisor\" bit set on them so that user code can't directly access them.\n\nThe mitigation is basically to stop doing this: to stop mapping the kernel text, data and other memory into the page table while we're running in userland. Unfortunately, the x86 design does not make this easy. In order to be able to take interrupts or traps, the CPU has to have a number of structures mapped in the current page table at all times. There is also no ability to tell an x86 CPU that you want it to switch page tables when an interrupt occurs. So, the code that we jump to when we take an interrupt, as well as space for a stack to push context onto have to be available in both page tables. And finally, of course, we need to be able to figure out somehow what the other page table we should switch to is when we enter the kernel.\n\nWhen we looked at the patches for Linux (and also the DragonFlyBSD patches at the time) on Friday and started asking questions, it became pretty evident that the initial work done by both was done under time constraints. Both had left the full kernel text mapped in both page tables, and the Linux trampoline design seemed over-complex. I started talking over some ideas with Robert Mustacchi about ways to fix these and who we should talk to, and reached out to some of my old workmates from the University of Queensland who were involved with OpenBSD. It seemed to me that the OpenBSD developers would care about these issues even more than we did, and would want to work out how to do the mitigation right.\n\nI ended up sending an email to Philip Guenther on Friday afternoon, and on Saturday morning I drove an hour or so to meet up with him for coffee to talk page tables and interrupt trampolines. We wound up spending a good 6 hours at the coffee shop, and I came back with several pages of notes and a half-decent idea of the shape of the work to come.\n\nOne detail we missed that day was the interaction of per-CPU structures with per-process page tables. Much of the interrupt trampoline work is most easily done by using per-CPU structures in memory (and you definitely want a per-CPU stack!). If you combine that with per-process page tables, however, you have a problem: if you leave all the per-CPU areas mapped in all the processes, you will leak information (via Meltdown) about the state of one process to a different one when taking interrupts. In particular, you will leak things like %rip, which ruins all the work being done with PIE and ASLR pretty quickly. So, there are two options: you can either allocate the per-CPU structures per-process (so you end up with $NCPUS * $NPROCS of them); or you can make the page tables per-CPU.\n\nOpenBSD, like Linux and the other implementations so far, decided to go down the road of per-CPU per-process pages to solve this issue. For illumos, we took the other route.\n\nIn illumos, it turned out that we already had per-CPU page tables. Robert and I re-discovered this on the Sunday of that week. We use them for 32-bit processes due to having full P\u0026gt;V PAE support in our kernel (which is, as it turns out, relatively uncommon amongst open-source OS). The logic to deal with creating and managing them and updating them was all already written, and after reading the code we concluded we could basically make a few small changes and re-use all of it. So we did.\n\nBy the end of that second week, we had a prototype that could get to userland. But, when working on this kind of kernel change we have a rule of thumb we use: after the first 70% of the patch is done and we can boot again, now it's time for the second 70%. In fact it turned out to be more like the second 200% for us -- a tedious long tail of bugs to solve that ended up necessitating some changes in the design as well.\n\nAt first we borrowed the method that Matt Dillon used for DragonFlyBSD, by putting the temporary \"stack\" space and state data for the interrupt trampolines into an extra page tacked onto the end of *%gs (in illumos the structure that lives there is the cpu_t). \n\nIf you read the existing logic in interrupt handlers for dealing with %gs though, you will quickly notice that the corner cases start to build up. There are a bunch of situations where the kernel temporarily alters %gs, and some of the ways to mess it up have security consequences that end up being worse than the bug we're trying to fix. As it turns out, there are no less than 3 different ways that ISRs use to try to get to having the right cpu_t in %gs on illumos, as it turns out, and they are all subtly different. Trying to tell which you should use when requires a bunch of test logic that in turn requires branches and changes to the CPU state, which is difficult to do in a trampoline where you're trying to avoid altering that state as much as possible until you've got the real stack online to push things into.\n\nI kept in touch with Philip Guenther and Mike Larkin from the OpenBSD project throughout the weeks that followed. In one of the discussions we had, we talked about the NMI/MCE handlers and the fact that their handling currently on OpenBSD neglected some nasty corner-cases around interrupting an existing trap handler. A big part of the solution to those issues was to use a feature called IST, which allows you to unconditionally change stacks when you take an interrupt.\n\nTraditionally, x86 only changes the stack pointer (%rsp on AMD64) while taking an interrupt when there is a privilege level change. If you take an interrupt while already in the kernel, the CPU does not change the stack pointer, and simply pushes the interrupt stack frame onto the stack you're already using. IST makes the change of stack pointer unconditional. If used unwisely, this is a bad idea: if you stay on that stack and turn interrupts back on, you could take another interrupt and clobber the frame you're already in. However, in it I saw a possible way to simplify the KPTI trampoline logic and avoid having to deal with %gs.\n\nA few weeks into the project, John Levon joined us at work. He had previously worked on a bunch of Xen-related stuff as well as other parts of the kernel very close to where we were, so he quickly got up to speed with the KPTI work as well. He and I drafted out a \"crazy idea\" on the whiteboard one afternoon where we would use IST for all interrupts on the system, and put the \"stack\" they used in the KPTI page on the end of the cpu_t. Then, they could easily use stack-relative addresses to get the page table to change to, then pivot their stack to the real kernel stack memory, and throw away (almost) all the conditional logic. A few days later, we had convinced each other that this was the way to go.\n\nTwo of the most annoying x86 issues we had to work around were related to the SYSENTER instruction. This instruction is used to make \"fast\" system calls in 32-bit userland. It has a couple of unfortunate properties: firstly, it doesn't save or restore RFLAGS, so the kernel code has to take care of this (and be very careful not to clobber any of it before saving or after restoring it). Secondly, if you execute SYSENTER with the TF (\"trap\"/single-step flag) set by a debugger, the resulting debug trap's frame points at kernel code instead of the user code where it actually happened. The first one requires some careful gymnastics on the entry and return trampolines specifically for SYSENTER, while the second is a nasty case that is incidentally made easier by using IST. With IST, we can simply make the debug trap trampoline check for whether we took the trap in another trampoline's code, and reset %cr3 and the destination stack. This works for single-stepping into any of the handlers, not just the one for SYSENTER.\n\nTo make debugging easier, we decided that traps like the debug/single-step trap (as well as faults like page faults, #GP, etc.) would push their interrupt frame in a different part of the KPTI state page to normal interrupts. We applied this change to all the traps that can interrupt another trampoline (based on the instructions we used). These \"paranoid\" traps also set a flag in the KPTI struct to mark it busy (and jump to the double-fault handler if it is), to work around some bugs where double-faults are not correctly generated.\n\nIt's been a long and busy two months, with lots of time spent building, testing, and validating the code. We've run it on as many kinds of machines as we could get our hands on, to try to make sure we catch issues. The time we've spent on this has been validated several times in the process by finding bugs that could have been nasty in production.\n\nOne great example: our patches on Westmere-EP Xeons were causing busy machines to throw a lot of L0 I-cache parity errors. This seemed very mysterious at first, and it took us a few times seeing it to believe that it was actually our fault. This was actually caused by the accidental activation of a CPU errata for Westmere (B52, \"Memory Aliasing of Code Pages May Cause Unpredictable System Behaviour\") -- it turned out we had made a typo and put the \"cacheable\" flag into a variable named flags instead of attrs where it belonged when setting up the page tables. This was causing performance degradation on other machines, but on Westmere it causes cache parity errors as well. This is a great example of the surprising consequences that small mistakes in this kind of code can end up having. In the end, I'm glad that that erratum existed, otherwise it may have been a long time before we caught that bug.\n\nAs of this week, Mike and Philip have committed the OpenBSD patches for KPTI to their repository, and the patches for illumos are out for review. It's a nice kind of symmetry that the two projects who started on the work together after the public disclosure at the same time are both almost ready to ship at the same time at the other end. I'm feeling hopeful, and looking forward to further future collaborations like this with our cousins, the BSDs.\n\n\n\nThe IllumOS work has since landed, on March 12th\n***\n\n\nOpenBSD Email Service\n\n\nFeatures\n\n\nEfficient: configured to run on min. 512MB RAM and 20GB SSD, a KVM (cloud) VPS for around $2.50/mo\n15GB+ uncompressed Maildir, rivals top free-email providers (grow by upgrading SSD)\nEmail messages are gzip compressed, at least 1/3 more space with level 6 default\nServer side full text search (headers and body) can be enabled (to use the extra space)\nMobile data friendly: IMAPS connections are compressed\nSubaddress (+tag) support, to filter and monitor email addresses\nVirtual domains, aliases, and credentials in files, Berkeley DB, or SQLite3\nNaive Bayes rspamd filtering with supervised learning: the lowest false positive spam detection rates\nCarefree automated Spam/ and Trash/ cleaning service (default: older than 30 days)\nAutomated quota management, gently assists when over quota\nEasy backup MX setup: using the same configuration, install in minutes on a different host\nWorry-free automated master/master replication with backup MX, prevents accidental loss of email messages\nResilient: the backup MX can be used as primary, even when the primary is not down, both perfect replicas\nFlexible: switching roles is easy, making the process of changing VPS hosts a breeze (no downtime)\nDMARC (with DKIM and SPF) email-validation system, to detect and prevent email spoofing\nDaily (spartan) stats, to keep track of things\nYour sieve scripts and managesieve configuration, let's get started\n\nConsiderations\n\n\n\nBy design, email message headers need to be public, for exchanges to happen. The body of the message can be encrypted by the user, if desired. Moreover, there is no way to prevent the host from having access to the virtual machine. Therefore, full disk encryption (at rest) may not be necessary.\n\nGiven our low memory requirements, and the single-purpose concept of email service, Roundcube or other web-based IMAP email clients should be on a different VPS.\n\nAntivirus software users (usually) have the service running on their devices. ClamAV can easily be incorporated into this configuration, if affected by the types of malware it protects against, but will require around 1GB additional RAM (or another VPS).\n\nEvery email message is important, if properly delivered, for Bayes classification. At least 200 ham and 200 spam messages are required to learn what one considers junk. By default (change to use case), a rspamd score above 50% will send the message to Spam/. Moving messages in and out of Spam/ changes this score. After 95%, the message is flagged as \"seen\" and can be safely ignored.\n\nSpamd is effective at greylisting and stopping high volume spam, if it becomes a problem. It will be an option when IPv6 is supported, along with bgp-spamd.\n\nSystem mail is delivered to an alias mapped to a virtual user served by the service. This way, messages are guaranteed to be delivered via encrypted connection. It is not possible for real users to alias, nor mail an external mail address with the default configuration. e.g. puffy@mercury.example.com is wheel, with an alias mapped to (virtual) puffy@example.com, and user (puffy) can be different for each.\n\n\n\n\nInterview - Ryan Zezeski - rpz@joyent.com / @rzezeski\n\n\n\nNews Roundup\n\nJohn Carmack's programming retreat to hermit coding with OpenBSD\n\n\nAfter a several year gap, I finally took another week-long programming retreat, where I could work in hermit mode, away from the normal press of work. My wife has been generously offering it to me the last few years, but I’m generally bad at taking vacations from work.\nAs a change of pace from my current Oculus work, I wanted to write some from-scratch-in-C++ neural network implementations, and I wanted to do it with a strictly base OpenBSD system. Someone remarked that is a pretty random pairing, but it worked out ok.\nDespite not having actually used it, I have always been fond of the idea of OpenBSD — a relatively minimal and opinionated system with a cohesive vision and an emphasis on quality and craftsmanship. Linux is a lot of things, but cohesive isn’t one of them.\nI’m not a Unix geek. I get around ok, but I am most comfortable developing in Visual Studio on Windows. I thought a week of full immersion work in the old school Unix style would be interesting, even if it meant working at a slower pace. It was sort of an adventure in retro computing — this was fvwm and vi. Not vim, actual BSD vi.\nIn the end, I didn’t really explore the system all that much, with 95% of my time in just the basic vi / make / gdb operations. I appreciated the good man pages, as I tried to do everything within the self contained system, without resorting to internet searches. Seeing references to 30+ year old things like Tektronix terminals was amusing.\nI was a little surprised that the C++ support wasn’t very good. G++ didn’t support C++11, and LLVM C++ didn’t play nicely with gdb. Gdb crashed on me a lot as well, I suspect due to C++ issues. I know you can get more recent versions through ports, but I stuck with using the base system.\nIn hindsight, I should have just gone full retro and done everything in ANSI C. I do have plenty of days where, like many older programmers, I think “Maybe C++ isn’t as much of a net positive as we assume...”. There is still much that I like, but it isn’t a hardship for me to build small projects in plain C.\nMaybe next time I do this I will try to go full emacs, another major culture that I don’t have much exposure to.\nI have a decent overview understanding of most machine learning algorithms, and I have done some linear classifier and decision tree work, but for some reason I have avoided neural networks. On some level, I suspect that Deep Learning being so trendy tweaked a little bit of contrarian in me, and I still have a little bit of a reflexive bias against “throw everything at the NN and let it sort it out!”\nIn the spirit of my retro theme, I had printed out several of Yann LeCun’s old papers and was considering doing everything completely off line, as if I was actually in a mountain cabin somewhere, but I wound up watching a lot of the Stanford CS231N lectures on YouTube, and found them really valuable. Watching lecture videos is something that I very rarely do — it is normally hard for me to feel the time is justified, but on retreat it was great!\nI don’t think I have anything particularly insightful to add about neural networks, but it was a very productive week for me, solidifying “book knowledge” into real experience.\nI used a common pattern for me: get first results with hacky code, then write a brand new and clean implementation with the lessons learned, so they both exist and can be cross checked.\nI initially got backprop wrong both times, comparison with numerical differentiation was critical! It is interesting that things still train even when various parts are pretty wrong — as long as the sign is right most of the time, progress is often made.\nI was pretty happy with my multi-layer neural net code; it wound up in a form that I can just drop it into future efforts. Yes, for anything serious I should use an established library, but there are a lot of times when just having a single .cpp and .h file that you wrote ever line of is convenient.\nMy conv net code just got to the hacky but working phase, I could have used another day or two to make a clean and flexible implementation.\nOne thing I found interesting was that when testing on MNIST with my initial NN before adding any convolutions, I was getting significantly better results than the non-convolutional NN reported for comparison in LeCun ‘98 — right around 2% error on the test set with a single 100 node hidden layer, versus 3% for both wider and deeper nets back then. I attribute this to the modern best practices —ReLU, Softmax, and better initialization.\nThis is one of the most fascinating things about NN work — it is all so simple, and the breakthrough advances are often things that can be expressed with just a few lines of code. It feels like there are some similarities with ray tracing in the graphics world, where you can implement a physically based light transport ray tracer quite quickly, and produce state of the art images if you have the data and enough runtime patience.\nI got a much better gut-level understanding of overtraining / generalization / regularization by exploring a bunch of training parameters. On the last night before I had to head home, I froze the architecture and just played with hyperparameters. “Training!” Is definitely worse than “Compiling!” for staying focused.\nNow I get to keep my eyes open for a work opportunity to use the new skills!\nI am dreading what my email and workspace are going to look like when I get into the office tomorrow.\n\n\n\n\nStack-register Checking\n\n\nRecently, Theo de Raadt (deraadt@) described a new type of mitigation he has been working on together with Stefan Kempf (stefan@):\nHow about we add another new permission!  This is not a hardware permission, but a software permission.  It is opportunistically enforced by the kernel.\nThe permission is MAP_STACK.  If you want to use memory as a stack, you must mmap it with that flag bit.  The kernel does so automatically for the stack region of a process's stack.  Two other types of stack occur: thread stacks, and alternate signal stacks.  Those are handled\nin clever ways.\nWhen a system call happens, we check if the stack-pointer register points to such a page.  If it doesn't, the program is killed.  We have tightened the ABI.  You may no longer point your stack register at non-stack memory.  You'll be killed.  This checking code is MI, so it works for all platforms.\n\n\n\nFor more detail, see Theo's original message.\n\n\n\nThis is now available in snapshots, and people are finding the first problems in the ports tree already. So far, few issues have been uncovered, but as Theo points out, more testing is necessary:\n\nFairly good results.\nA total of 4 problems have been found so far.  go, SBCL, and two cases in src/regress which failed the new page-alignment requirement.  The SBCL and go ones were found at buildtime, since they use themselves to complete build.\nBut more page-alignment violations may be found in ports at runtime.\nThis is something I worry about a bit.  So please everyone out there can help: Use snapshots which contain the stack-check diff, update to new packages, and test all possible packages.  Really need a lot of testing for this, so please help out.\n\nSo, everybody, install the latest snapshot and try all your favorite ports. This is the time to report issues you find, so there is a good chance this additional security feature is present in 6.3 (and works with third party software from packages).\n\n\n\n\nNomadBSD 1.0 has been released\n\n\nNomadBSD is a live system for flash drives, based on FreeBSD® 11.1 (amd64)\nChange Log\n\n\nThe setup process has been improved.\nSupport for optional geli encryption of the home partition has been added\nAuto-detection of NVIDIA graphics cards and their corresponding driver has been added.  (Thanks to holgerw and lme from BSDForen.de)\nAn rc script to start the GEOM disk scheduler on the root device has been added.\n\nMore software has been added:\n\n\naccessibility/redshift (starts automatically)\naudio/cantata\naudio/musicpd\naudio/ncmpc\nftp/filezilla\ngames/bsdtris\nmail/neomutt\nmath/galculator\nnet-p2p/transmission-qt5\nsecurity/fpm2\nsysutils/bsdstats\nx11/metalock\nx11/xbindkeys\nSeveral smaller improvements and bugfixes.\n\nScreenshots\n\n\nhttps://freeshell.de/~mk/projects/nomadbsd-ss1.png\nhttps://freeshell.de/~mk/projects/nomadbsd-ss2.png\nhttps://freeshell.de/~mk/projects/nomadbsd-ss3.png\nhttps://freeshell.de/~mk/projects/nomadbsd-ss4.png\nhttps://freeshell.de/~mk/projects/nomadbsd-ss5.png\nhttps://freeshell.de/~mk/projects/nomadbsd-ss6.png\n\n\n\n\n\nBeastie Bits\n\n\nKnoxBug - Nagios\nvBSDcon videos landing\nAsiaBSDCon 2017 videos\nDragonFlyBSD Adds New \"Ptr_Restrict\" Security Option\nA Dexter needs your help\nMike Larkin at bhyvecon 2018: OpenBSD vmm(4) update\n[HEADS UP] - OFED/RDMA stack update\n***\n\n\nFeedback/Questions\n\n\nRon - Interview someone using DragonflyBSD\nBrad - Gaming and all\nMohammad - Sockets vs TCP\nPaul - All or at least most of Bryan Cantrill's Talks\n***\n","content_html":"\u003cp\u003eLooking at Lumina Desktop 2.0, 2 months of KPTI development in SmartOS, OpenBSD email service, an interview with Ryan Zezeski, NomadBSD released, and John Carmack\u0026#39;s programming retreat with OpenBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/looking-lumina-desktop-2-0/\" rel=\"nofollow\"\u003eLooking at Lumina Desktop 2.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few weeks ago I sat down with Lead Developer Ken Moore of the TrueOS Project to get answers to some of the most frequently asked questions about Lumina Desktop from the open source community. Here is what he said on Lumina Desktop 2.0.  Do you have a question for Ken and the rest of the team over at the TrueOS Project? Make sure to read the interview and comment below. We are glad to answer your questions!\u003c/p\u003e\n\n\u003cp\u003eKen: Lumina Desktop 2.0 is a significant overhaul compared to Lumina 1.x. Almost every single subsystem of the desktop has been streamlined, resulting in a nearly-total conversion in many important areas.\u003c/p\u003e\n\n\u003cp\u003eWith Lumina Desktop 2.0 we will finally achieve our long-term goal of turning Lumina into a complete, end-to-end management system for the graphical session and removing all the current runtime dependencies from Lumina 1.x (Fluxbox, xscreensaver, compton/xcompmgr). The functionality from those utilities is now provided by Lumina Desktop itself.\u003c/p\u003e\n\n\u003cp\u003eGoing along with the session management changes, we have compressed the entire desktop into a single, multi-threaded binary. This means that if any rogue script or tool starts trying to muck about with the memory used by the desktop (probably even more relevant now than when we started working on this), the entire desktop session will close/crash rather than allowing targeted application crashes to bypass the session security mechanisms. By the same token, this also prevents “man-in-the-middle” type of attacks because the desktop does not use any sort of external messaging system to communicate (looking at you \u003ccode\u003edbus\u003c/code\u003e). This also gives a large performance boost to Lumina Desktop\u003c/p\u003e\n\n\u003cp\u003eThe entire system for how a user’s settings get saved and loaded has been completely redone, making it a “layered” settings system which allows the default settings (Lumina) to get transparently replaced by system settings (OS/Distributor/SysAdmin) which can get replaced by individual user settings. This results in the actual changes in the user setting files to be kept to a minimum and allows for a smooth transition between updates to the OS or Desktop. This also provides the ability to “restrict” a user’s desktop session (based on a system config file) to the default system settings and read-only user sessions for certain business applications.\u003c/p\u003e\n\n\u003cp\u003eThe entire graphical interface has been written in QML in order to fully-utilize hardware-based GPU acceleration with OpenGL while the backend logic and management systems are still written entirely in C++. This results in blazing fast performance on the backend systems (myriad multi-threaded C++ objects) as well as a smooth and responsive graphical interface with all the bells and whistles (drag and drop, compositing, shading, etc).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Are there future plans to implement something like Lumina in a MAC Jail?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile I have never tried out Lumina in a MAC jail, I do not see anything on that page which should stop it from running in one right now. Lumina is already designed to be run as an unpriviledged user and is very smart about probing the system to find out what is/not available before showing anything to the user. The only thing that comes to mind is that you might need to open up some other system devices so that X11 itself can draw to the display (graphical environment setup is a bit different than CLI environment).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: I look forward to these changes. I know the last time I used it when I would scroll I would get flashes like the refresh rate was not high enough. It will be nice to have a fast system as well as I know with the more changes Linux is becoming slower. Not once it has loaded but in the loading process. I will do another download when these changes come out and install again and maybe stay this time.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf I recall correctly, one of the very first versions of Lumina (pre-1.0) would occasionally flicker. If that is still happening, you might want to verify that you are using the proper video driver for your hardware and/or enable the compositor within the Lumina settings.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Why was enlightenment project not considered for TrueOS? It is BSD licensed and is written in C.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis was a common question about 4(?) years ago with the first release of the Lumina desktop and it basically boiled down to long-term support and reliability of the underlying toolkit. Some of the things we had to consider were: cross-platform/cross-architecture support, dependency reliability and support framework (Qt5 \u0026gt; EFL), and runtime requirements and dependency tracking (Qt5 is lighter than the EFL). That plus the fact that the EFL specifically states that it is linux-focused and the BSD’s are just an afterthought (especially at the time we were doing the evaluation).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: I have two questions.\n\n\u003cul\u003e\n\u003cli\u003e1) The default layout of Unity(menu bar with actual menu entries on top and icon dock on the side) is one of the few things I liked about my first voyage into non-Windows systems, and have been missing since moving on to other distros(and now also other non-Linux systems). However in 1.4.0 screenshots on Lumina’s site, the OSX-like layout has the menu attached to the window. Will 2.0 be able to have the menus on the bar?\u003c/li\u003e\n\u003cli\u003e2) Is there any timeline for a public release, or are you taking a “when it’s ready” approach?\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003col\u003e\n\u003cli\u003eIn Lumina you can already put panels on the left/right side of the screen and give you something like the layout of the Unity desktop. The embedded menu system is not available in Lumina because that is not a specification supported by X11 and the window manager standards at the present time. The way that functionality is currently run on Linux is a hacky-bypass of the display system which only really works with the GTK3 and Qt5 toolkits, resulting in very odd overall desktop behavior in mixed environments where some apps use other graphical toolkits.\u003c/li\u003e\n\u003cli\u003eWe are targetting the 18.06 STABLE release of TrueOS for Lumina 2, but that is just a guideline and if necessary we will push back the release date to allow for additional testing/fixing as needed.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.cooperi.net/a-long-two-months\" rel=\"nofollow\"\u003eA long two months\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIllumOS/SmartOS developer Alex Wilson describes the journey of developing KPTI for IllumOS\n\u0026gt; On Monday (January 1st) I had the day off work for New Year\u0026#39;s day, as is usual in most of the western world, so I slept in late. Lou and her friend decided to go to the wax museum and see several tourist attractions around SF, and I decided to pass the day at home reading. That afternoon, work chat started talking about a Tumblr post by pythonsweetness about an Intel hardware security bug. At the time I definitely did not suspect that this was going to occupy most of my working life for the next (almost) two months.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLike many people who work on system security, I had read Anders Fogh\u0026#39;s post about a \u0026quot;Negative Result\u0026quot; in speculative execution research in July of 2017. At the time I thought it was an interesting writeup and I remember being glad that researchers were looking into this area. I sent the post to Bryan and asked him about his thoughts on it at the time, to which he replied saying that \u0026quot;it would be shocking if they left a way to directly leak out memory in the speculative execution\u0026quot;. None of us seriously thought that there would be low-hanging fruit down that research path, but we also felt it was important that there was someone doing work in the area who was committed to public disclosure.\u003c/p\u003e\n\n\u003cp\u003eAt first, after reading the blog post on Monday, we thought (or hoped) that the bug might \u0026quot;just\u0026quot; be a KASLR bypass and wouldn\u0026#39;t require a lot of urgency. We tried to reach out to Intel at work to get more information but were met with silence. (We wouldn\u0026#39;t hear back from them until after the disclosure was already made public.) The speculation on Tuesday intensified, until finally on Wednesday morning I arrived at the office to find links to late Tuesday night tweets revealing exploits that allowed arbitrary kernel memory reads.\u003c/p\u003e\n\n\u003cp\u003eWednesday was not a happy day. Intel finally responded to our emails -- after they had already initiated public disclosure. We all spent a lot of time reading. An arbitrary kernel memory read (an info leak) is not that uncommon as far as bugs go, but for the most part they tend to be fairly easy to fix. The thing that makes the Meltdown and Spectre bugs particularly notable is that in order to mitigate them, a large amount of change is required in very deep low-level parts of the kernel. The kind of deep parts of the kernel where there are 20-year old errata workarounds that were single-line changes that you have to be very careful to not accidentally undo; the kind of parts where, as they say, mortals fear to tread.\u003c/p\u003e\n\n\u003cp\u003eOn Friday we saw the patches Matthew Dillon put together for DragonFlyBSD for the first time. These were the first patches for KPTI that were very straightforward to read and understand, and applied to a BSD-derived kernel that was similar to those I\u0026#39;m accustomed to working on.\u003c/p\u003e\n\n\u003cp\u003eTo mitigate Meltdown (and partially one of the Spectre variants), you have to make sure that speculative execution cannot reach any sensitive data from a user context. This basically means that the pages the kernel uses for anything potentially sensitive have to be unmapped when we are running user code. Traditionally, CPUs that were built to run a multi-user, UNIX-like OS did this by default (SPARC is an example of such a CPU which has completely separate address spaces for the kernel and userland). However, x86 descends from a single-address-space microcontroller that has grown up avoiding backwards-incompatible changes, and has never really introduced a clean notion of multiple address spaces (segmentation is the closest feature really, and it was thrown out for 64-bit AMD64). Instead, operating systems for x86 have generally wound up (at least in the post-AMD64 era) with flat address space models where the kernel text and data is always present in the page table no matter whether you\u0026#39;re in user or kernel mode. The kernel mappings simply have the \u0026quot;supervisor\u0026quot; bit set on them so that user code can\u0026#39;t directly access them.\u003c/p\u003e\n\n\u003cp\u003eThe mitigation is basically to stop doing this: to stop mapping the kernel text, data and other memory into the page table while we\u0026#39;re running in userland. Unfortunately, the x86 design does not make this easy. In order to be able to take interrupts or traps, the CPU has to have a number of structures mapped in the current page table at all times. There is also no ability to tell an x86 CPU that you want it to switch page tables when an interrupt occurs. So, the code that we jump to when we take an interrupt, as well as space for a stack to push context onto have to be available in both page tables. And finally, of course, we need to be able to figure out somehow what the other page table we should switch to is when we enter the kernel.\u003c/p\u003e\n\n\u003cp\u003eWhen we looked at the patches for Linux (and also the DragonFlyBSD patches at the time) on Friday and started asking questions, it became pretty evident that the initial work done by both was done under time constraints. Both had left the full kernel text mapped in both page tables, and the Linux trampoline design seemed over-complex. I started talking over some ideas with Robert Mustacchi about ways to fix these and who we should talk to, and reached out to some of my old workmates from the University of Queensland who were involved with OpenBSD. It seemed to me that the OpenBSD developers would care about these issues even more than we did, and would want to work out how to do the mitigation right.\u003c/p\u003e\n\n\u003cp\u003eI ended up sending an email to Philip Guenther on Friday afternoon, and on Saturday morning I drove an hour or so to meet up with him for coffee to talk page tables and interrupt trampolines. We wound up spending a good 6 hours at the coffee shop, and I came back with several pages of notes and a half-decent idea of the shape of the work to come.\u003c/p\u003e\n\n\u003cp\u003eOne detail we missed that day was the interaction of per-CPU structures with per-process page tables. Much of the interrupt trampoline work is most easily done by using per-CPU structures in memory (and you definitely want a per-CPU stack!). If you combine that with per-process page tables, however, you have a problem: if you leave all the per-CPU areas mapped in all the processes, you will leak information (via Meltdown) about the state of one process to a different one when taking interrupts. In particular, you will leak things like %rip, which ruins all the work being done with PIE and ASLR pretty quickly. So, there are two options: you can either allocate the per-CPU structures per-process (so you end up with $NCPUS * $NPROCS of them); or you can make the page tables per-CPU.\u003c/p\u003e\n\n\u003cp\u003eOpenBSD, like Linux and the other implementations so far, decided to go down the road of per-CPU per-process pages to solve this issue. For illumos, we took the other route.\u003c/p\u003e\n\n\u003cp\u003eIn illumos, it turned out that we already had per-CPU page tables. Robert and I re-discovered this on the Sunday of that week. We use them for 32-bit processes due to having full P\u0026gt;V PAE support in our kernel (which is, as it turns out, relatively uncommon amongst open-source OS). The logic to deal with creating and managing them and updating them was all already written, and after reading the code we concluded we could basically make a few small changes and re-use all of it. So we did.\u003c/p\u003e\n\n\u003cp\u003eBy the end of that second week, we had a prototype that could get to userland. But, when working on this kind of kernel change we have a rule of thumb we use: after the first 70% of the patch is done and we can boot again, now it\u0026#39;s time for the second 70%. In fact it turned out to be more like the second 200% for us -- a tedious long tail of bugs to solve that ended up necessitating some changes in the design as well.\u003c/p\u003e\n\n\u003cp\u003eAt first we borrowed the method that Matt Dillon used for DragonFlyBSD, by putting the temporary \u0026quot;stack\u0026quot; space and state data for the interrupt trampolines into an extra page tacked onto the end of *%gs (in illumos the structure that lives there is the cpu_t). \u003c/p\u003e\n\n\u003cp\u003eIf you read the existing logic in interrupt handlers for dealing with %gs though, you will quickly notice that the corner cases start to build up. There are a bunch of situations where the kernel temporarily alters %gs, and some of the ways to mess it up have security consequences that end up being worse than the bug we\u0026#39;re trying to fix. As it turns out, there are no less than 3 different ways that ISRs use to try to get to having the right cpu_t in %gs on illumos, as it turns out, and they are all subtly different. Trying to tell which you should use when requires a bunch of test logic that in turn requires branches and changes to the CPU state, which is difficult to do in a trampoline where you\u0026#39;re trying to avoid altering that state as much as possible until you\u0026#39;ve got the real stack online to push things into.\u003c/p\u003e\n\n\u003cp\u003eI kept in touch with Philip Guenther and Mike Larkin from the OpenBSD project throughout the weeks that followed. In one of the discussions we had, we talked about the NMI/MCE handlers and the fact that their handling currently on OpenBSD neglected some nasty corner-cases around interrupting an existing trap handler. A big part of the solution to those issues was to use a feature called IST, which allows you to unconditionally change stacks when you take an interrupt.\u003c/p\u003e\n\n\u003cp\u003eTraditionally, x86 only changes the stack pointer (%rsp on AMD64) while taking an interrupt when there is a privilege level change. If you take an interrupt while already in the kernel, the CPU does not change the stack pointer, and simply pushes the interrupt stack frame onto the stack you\u0026#39;re already using. IST makes the change of stack pointer unconditional. If used unwisely, this is a bad idea: if you stay on that stack and turn interrupts back on, you could take another interrupt and clobber the frame you\u0026#39;re already in. However, in it I saw a possible way to simplify the KPTI trampoline logic and avoid having to deal with %gs.\u003c/p\u003e\n\n\u003cp\u003eA few weeks into the project, John Levon joined us at work. He had previously worked on a bunch of Xen-related stuff as well as other parts of the kernel very close to where we were, so he quickly got up to speed with the KPTI work as well. He and I drafted out a \u0026quot;crazy idea\u0026quot; on the whiteboard one afternoon where we would use IST for all interrupts on the system, and put the \u0026quot;stack\u0026quot; they used in the KPTI page on the end of the cpu_t. Then, they could easily use stack-relative addresses to get the page table to change to, then pivot their stack to the real kernel stack memory, and throw away (almost) all the conditional logic. A few days later, we had convinced each other that this was the way to go.\u003c/p\u003e\n\n\u003cp\u003eTwo of the most annoying x86 issues we had to work around were related to the SYSENTER instruction. This instruction is used to make \u0026quot;fast\u0026quot; system calls in 32-bit userland. It has a couple of unfortunate properties: firstly, it doesn\u0026#39;t save or restore RFLAGS, so the kernel code has to take care of this (and be very careful not to clobber any of it before saving or after restoring it). Secondly, if you execute SYSENTER with the TF (\u0026quot;trap\u0026quot;/single-step flag) set by a debugger, the resulting debug trap\u0026#39;s frame points at kernel code instead of the user code where it actually happened. The first one requires some careful gymnastics on the entry and return trampolines specifically for SYSENTER, while the second is a nasty case that is incidentally made easier by using IST. With IST, we can simply make the debug trap trampoline check for whether we took the trap in another trampoline\u0026#39;s code, and reset %cr3 and the destination stack. This works for single-stepping into any of the handlers, not just the one for SYSENTER.\u003c/p\u003e\n\n\u003cp\u003eTo make debugging easier, we decided that traps like the debug/single-step trap (as well as faults like page faults, #GP, etc.) would push their interrupt frame in a different part of the KPTI state page to normal interrupts. We applied this change to all the traps that can interrupt another trampoline (based on the instructions we used). These \u0026quot;paranoid\u0026quot; traps also set a flag in the KPTI struct to mark it busy (and jump to the double-fault handler if it is), to work around some bugs where double-faults are not correctly generated.\u003c/p\u003e\n\n\u003cp\u003eIt\u0026#39;s been a long and busy two months, with lots of time spent building, testing, and validating the code. We\u0026#39;ve run it on as many kinds of machines as we could get our hands on, to try to make sure we catch issues. The time we\u0026#39;ve spent on this has been validated several times in the process by finding bugs that could have been nasty in production.\u003c/p\u003e\n\n\u003cp\u003eOne great example: our patches on Westmere-EP Xeons were causing busy machines to throw a lot of L0 I-cache parity errors. This seemed very mysterious at first, and it took us a few times seeing it to believe that it was actually our fault. This was actually caused by the accidental activation of a CPU errata for Westmere (B52, \u0026quot;Memory Aliasing of Code Pages May Cause Unpredictable System Behaviour\u0026quot;) -- it turned out we had made a typo and put the \u0026quot;cacheable\u0026quot; flag into a variable named flags instead of attrs where it belonged when setting up the page tables. This was causing performance degradation on other machines, but on Westmere it causes cache parity errors as well. This is a great example of the surprising consequences that small mistakes in this kind of code can end up having. In the end, I\u0026#39;m glad that that erratum existed, otherwise it may have been a long time before we caught that bug.\u003c/p\u003e\n\n\u003cp\u003eAs of this week, Mike and Philip have committed the OpenBSD patches for KPTI to their repository, and the patches for illumos are out for review. It\u0026#39;s a nice kind of symmetry that the two projects who started on the work together after the public disclosure at the same time are both almost ready to ship at the same time at the other end. I\u0026#39;m feeling hopeful, and looking forward to further future collaborations like this with our cousins, the BSDs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe IllumOS work has since landed, on \u003ca href=\"https://github.com/joyent/illumos-joyent/commit/d85fbfe15cf9925f83722b6d62da49d549af615c\" rel=\"nofollow\"\u003eMarch 12th\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/vedetta-com/caesonia\" rel=\"nofollow\"\u003eOpenBSD Email Service\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFeatures\n\n\u003cul\u003e\n\u003cli\u003eEfficient: configured to run on min. 512MB RAM and 20GB SSD, a KVM (cloud) VPS for around $2.50/mo\u003c/li\u003e\n\u003cli\u003e15GB+ uncompressed Maildir, rivals top free-email providers (grow by upgrading SSD)\u003c/li\u003e\n\u003cli\u003eEmail messages are gzip compressed, at least 1/3 more space with level 6 default\u003c/li\u003e\n\u003cli\u003eServer side full text search (headers and body) can be enabled (to use the extra space)\u003c/li\u003e\n\u003cli\u003eMobile data friendly: IMAPS connections are compressed\u003c/li\u003e\n\u003cli\u003eSubaddress (+tag) support, to filter and monitor email addresses\u003c/li\u003e\n\u003cli\u003eVirtual domains, aliases, and credentials in files, Berkeley DB, or SQLite3\u003c/li\u003e\n\u003cli\u003eNaive Bayes rspamd filtering with supervised learning: the lowest false positive spam detection rates\u003c/li\u003e\n\u003cli\u003eCarefree automated Spam/ and Trash/ cleaning service (default: older than 30 days)\u003c/li\u003e\n\u003cli\u003eAutomated quota management, gently assists when over quota\u003c/li\u003e\n\u003cli\u003eEasy backup MX setup: using the same configuration, install in minutes on a different host\u003c/li\u003e\n\u003cli\u003eWorry-free automated master/master replication with backup MX, prevents accidental loss of email messages\u003c/li\u003e\n\u003cli\u003eResilient: the backup MX can be used as primary, even when the primary is not down, both perfect replicas\u003c/li\u003e\n\u003cli\u003eFlexible: switching roles is easy, making the process of changing VPS hosts a breeze (no downtime)\u003c/li\u003e\n\u003cli\u003eDMARC (with DKIM and SPF) email-validation system, to detect and prevent email spoofing\u003c/li\u003e\n\u003cli\u003eDaily (spartan) stats, to keep track of things\u003c/li\u003e\n\u003cli\u003eYour sieve scripts and managesieve configuration, let\u0026#39;s get started\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eConsiderations\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBy design, email message headers need to be public, for exchanges to happen. The body of the message can be encrypted by the user, if desired. Moreover, there is no way to prevent the host from having access to the virtual machine. Therefore, full disk encryption (at rest) may not be necessary.\u003c/p\u003e\n\n\u003cp\u003eGiven our low memory requirements, and the single-purpose concept of email service, Roundcube or other web-based IMAP email clients should be on a different VPS.\u003c/p\u003e\n\n\u003cp\u003eAntivirus software users (usually) have the service running on their devices. ClamAV can easily be incorporated into this configuration, if affected by the types of malware it protects against, but will require around 1GB additional RAM (or another VPS).\u003c/p\u003e\n\n\u003cp\u003eEvery email message is important, if properly delivered, for Bayes classification. At least 200 ham and 200 spam messages are required to learn what one considers junk. By default (change to use case), a rspamd score above 50% will send the message to Spam/. Moving messages in and out of Spam/ changes this score. After 95%, the message is flagged as \u0026quot;seen\u0026quot; and can be safely ignored.\u003c/p\u003e\n\n\u003cp\u003eSpamd is effective at greylisting and stopping high volume spam, if it becomes a problem. It will be an option when IPv6 is supported, along with bgp-spamd.\u003c/p\u003e\n\n\u003cp\u003eSystem mail is delivered to an alias mapped to a virtual user served by the service. This way, messages are guaranteed to be delivered via encrypted connection. It is not possible for real users to alias, nor mail an external mail address with the default configuration. e.g. \u003ca href=\"mailto:puffy@mercury.example.com\" rel=\"nofollow\"\u003epuffy@mercury.example.com\u003c/a\u003e is wheel, with an alias mapped to (virtual) \u003ca href=\"mailto:puffy@example.com\" rel=\"nofollow\"\u003epuffy@example.com\u003c/a\u003e, and user (puffy) can be different for each.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eInterview - Ryan Zezeski - \u003ca href=\"mailto:rpz@joyent.com\" rel=\"nofollow\"\u003erpz@joyent.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/rzezeski\" rel=\"nofollow\"\u003e@rzezeski\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.facebook.com/permalink.php?story_fbid=2110408722526967\u0026id=100006735798590\" rel=\"nofollow\"\u003eJohn Carmack\u0026#39;s programming retreat to hermit coding with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter a several year gap, I finally took another week-long programming retreat, where I could work in hermit mode, away from the normal press of work. My wife has been generously offering it to me the last few years, but I’m generally bad at taking vacations from work.\u003cbr\u003e\nAs a change of pace from my current Oculus work, I wanted to write some from-scratch-in-C++ neural network implementations, and I wanted to do it with a strictly base OpenBSD system. Someone remarked that is a pretty random pairing, but it worked out ok.\u003cbr\u003e\nDespite not having actually used it, I have always been fond of the idea of OpenBSD — a relatively minimal and opinionated system with a cohesive vision and an emphasis on quality and craftsmanship. Linux is a lot of things, but cohesive isn’t one of them.\u003cbr\u003e\nI’m not a Unix geek. I get around ok, but I am most comfortable developing in Visual Studio on Windows. I thought a week of full immersion work in the old school Unix style would be interesting, even if it meant working at a slower pace. It was sort of an adventure in retro computing — this was fvwm and vi. Not vim, actual BSD vi.\u003cbr\u003e\nIn the end, I didn’t really explore the system all that much, with 95% of my time in just the basic vi / make / gdb operations. I appreciated the good man pages, as I tried to do everything within the self contained system, without resorting to internet searches. Seeing references to 30+ year old things like Tektronix terminals was amusing.\u003cbr\u003e\nI was a little surprised that the C++ support wasn’t very good. G++ didn’t support C++11, and LLVM C++ didn’t play nicely with gdb. Gdb crashed on me a lot as well, I suspect due to C++ issues. I know you can get more recent versions through ports, but I stuck with using the base system.\u003cbr\u003e\nIn hindsight, I should have just gone full retro and done everything in ANSI C. I do have plenty of days where, like many older programmers, I think “Maybe C++ isn’t as much of a net positive as we assume...”. There is still much that I like, but it isn’t a hardship for me to build small projects in plain C.\u003cbr\u003e\nMaybe next time I do this I will try to go full emacs, another major culture that I don’t have much exposure to.\u003cbr\u003e\nI have a decent overview understanding of most machine learning algorithms, and I have done some linear classifier and decision tree work, but for some reason I have avoided neural networks. On some level, I suspect that Deep Learning being so trendy tweaked a little bit of contrarian in me, and I still have a little bit of a reflexive bias against “throw everything at the NN and let it sort it out!”\u003cbr\u003e\nIn the spirit of my retro theme, I had printed out several of Yann LeCun’s old papers and was considering doing everything completely off line, as if I was actually in a mountain cabin somewhere, but I wound up watching a lot of the Stanford CS231N lectures on YouTube, and found them really valuable. Watching lecture videos is something that I very rarely do — it is normally hard for me to feel the time is justified, but on retreat it was great!\u003cbr\u003e\nI don’t think I have anything particularly insightful to add about neural networks, but it was a very productive week for me, solidifying “book knowledge” into real experience.\u003cbr\u003e\nI used a common pattern for me: get first results with hacky code, then write a brand new and clean implementation with the lessons learned, so they both exist and can be cross checked.\u003cbr\u003e\nI initially got backprop wrong both times, comparison with numerical differentiation was critical! It is interesting that things still train even when various parts are pretty wrong — as long as the sign is right most of the time, progress is often made.\u003cbr\u003e\nI was pretty happy with my multi-layer neural net code; it wound up in a form that I can just drop it into future efforts. Yes, for anything serious I should use an established library, but there are a lot of times when just having a single .cpp and .h file that you wrote ever line of is convenient.\u003cbr\u003e\nMy conv net code just got to the hacky but working phase, I could have used another day or two to make a clean and flexible implementation.\u003cbr\u003e\nOne thing I found interesting was that when testing on MNIST with my initial NN before adding any convolutions, I was getting significantly better results than the non-convolutional NN reported for comparison in LeCun ‘98 — right around 2% error on the test set with a single 100 node hidden layer, versus 3% for both wider and deeper nets back then. I attribute this to the modern best practices —ReLU, Softmax, and better initialization.\u003cbr\u003e\nThis is one of the most fascinating things about NN work — it is all so simple, and the breakthrough advances are often things that can be expressed with just a few lines of code. It feels like there are some similarities with ray tracing in the graphics world, where you can implement a physically based light transport ray tracer quite quickly, and produce state of the art images if you have the data and enough runtime patience.\u003cbr\u003e\nI got a much better gut-level understanding of overtraining / generalization / regularization by exploring a bunch of training parameters. On the last night before I had to head home, I froze the architecture and just played with hyperparameters. “Training!” Is definitely worse than “Compiling!” for staying focused.\u003cbr\u003e\nNow I get to keep my eyes open for a work opportunity to use the new skills!\u003cbr\u003e\nI am dreading what my email and workspace are going to look like when I get into the office tomorrow.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180310000858\" rel=\"nofollow\"\u003eStack-register Checking\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently, Theo de Raadt (deraadt@) described a new type of mitigation he has been working on together with Stefan Kempf (stefan@):\u003cbr\u003e\nHow about we add another new permission!  This is not a hardware permission, but a software permission.  It is opportunistically enforced by the kernel.\u003cbr\u003e\nThe permission is MAP_STACK.  If you want to use memory as a stack, you must mmap it with that flag bit.  The kernel does so automatically for the stack region of a process\u0026#39;s stack.  Two other types of stack occur: thread stacks, and alternate signal stacks.  Those are handled\u003cbr\u003e\nin clever ways.\u003cbr\u003e\nWhen a system call happens, we check if the stack-pointer register points to such a page.  If it doesn\u0026#39;t, the program is killed.  We have tightened the ABI.  You may no longer point your stack register at non-stack memory.  You\u0026#39;ll be killed.  This checking code is MI, so it works for all platforms.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor more detail, see \u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=152035796722258\u0026w=2\" rel=\"nofollow\"\u003eTheo\u0026#39;s original message\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is now available in snapshots, and people are finding the first problems in the ports tree already. So far, few issues have been uncovered, but as Theo points out, more testing is necessary:\u003c/p\u003e\n\n\u003cp\u003eFairly good results.\u003cbr\u003e\nA total of 4 problems have been found so far.  go, SBCL, and two cases in src/regress which failed the new page-alignment requirement.  The SBCL and go ones were found at buildtime, since they use themselves to complete build.\u003cbr\u003e\nBut more page-alignment violations may be found in ports at runtime.\u003cbr\u003e\nThis is something I worry about a bit.  So please everyone out there can help: Use snapshots which contain the stack-check diff, update to new packages, and test all possible packages.  Really need a lot of testing for this, so please help out.\u003c/p\u003e\n\n\u003cp\u003eSo, everybody, install the latest snapshot and try all your favorite ports. This is the time to report issues you find, so there is a good chance this additional security feature is present in 6.3 (and works with third party software from packages).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/nomadbsd.html\" rel=\"nofollow\"\u003eNomadBSD 1.0 has been released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNomadBSD is a live system for flash drives, based on FreeBSD® 11.1 (amd64)\u003c/li\u003e\n\u003cli\u003eChange Log\n\n\u003cul\u003e\n\u003cli\u003eThe setup process has been improved.\u003c/li\u003e\n\u003cli\u003eSupport for optional geli encryption of the home partition has been added\u003c/li\u003e\n\u003cli\u003eAuto-detection of NVIDIA graphics cards and their corresponding driver has been added.  (Thanks to holgerw and lme from BSDForen.de)\u003c/li\u003e\n\u003cli\u003eAn rc script to start the GEOM disk scheduler on the root device has been added.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eMore software has been added:\n\n\u003cul\u003e\n\u003cli\u003eaccessibility/redshift (starts automatically)\u003c/li\u003e\n\u003cli\u003eaudio/cantata\u003c/li\u003e\n\u003cli\u003eaudio/musicpd\u003c/li\u003e\n\u003cli\u003eaudio/ncmpc\u003c/li\u003e\n\u003cli\u003eftp/filezilla\u003c/li\u003e\n\u003cli\u003egames/bsdtris\u003c/li\u003e\n\u003cli\u003email/neomutt\u003c/li\u003e\n\u003cli\u003emath/galculator\u003c/li\u003e\n\u003cli\u003enet-p2p/transmission-qt5\u003c/li\u003e\n\u003cli\u003esecurity/fpm2\u003c/li\u003e\n\u003cli\u003esysutils/bsdstats\u003c/li\u003e\n\u003cli\u003ex11/metalock\u003c/li\u003e\n\u003cli\u003ex11/xbindkeys\u003c/li\u003e\n\u003cli\u003eSeveral smaller improvements and bugfixes.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eScreenshots\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/nomadbsd-ss1.png\" rel=\"nofollow\"\u003ehttps://freeshell.de/~mk/projects/nomadbsd-ss1.png\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/nomadbsd-ss2.png\" rel=\"nofollow\"\u003ehttps://freeshell.de/~mk/projects/nomadbsd-ss2.png\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/nomadbsd-ss3.png\" rel=\"nofollow\"\u003ehttps://freeshell.de/~mk/projects/nomadbsd-ss3.png\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/nomadbsd-ss4.png\" rel=\"nofollow\"\u003ehttps://freeshell.de/~mk/projects/nomadbsd-ss4.png\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/nomadbsd-ss5.png\" rel=\"nofollow\"\u003ehttps://freeshell.de/~mk/projects/nomadbsd-ss5.png\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/nomadbsd-ss6.png\" rel=\"nofollow\"\u003ehttps://freeshell.de/~mk/projects/nomadbsd-ss6.png\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/2018-03-27\" rel=\"nofollow\"\u003eKnoxBug - Nagios\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLfJr0tWo35bc9FG_reSki2S5S0G8imqB4\" rel=\"nofollow\"\u003evBSDcon videos landing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLnTFqpZk5ebBTyXedudGm6CwedJGsE2Py\" rel=\"nofollow\"\u003eAsiaBSDCon 2017 videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=DragonFlyBSD-Ptr-Restrict\" rel=\"nofollow\"\u003eDragonFlyBSD Adds New \u0026quot;Ptr_Restrict\u0026quot; Security Option\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/michaeldexter/status/975603855407788032\" rel=\"nofollow\"\u003eA Dexter needs your help\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180309064801\" rel=\"nofollow\"\u003eMike Larkin at bhyvecon 2018: OpenBSD vmm(4) update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018900.html\" rel=\"nofollow\"\u003e[HEADS UP] - OFED/RDMA stack update\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eRon - \u003ca href=\"http://dpaste.com/3BM6GSW#wrap\" rel=\"nofollow\"\u003eInterview someone using DragonflyBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/3X4ZZK2#wrap\" rel=\"nofollow\"\u003eGaming and all\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMohammad - \u003ca href=\"http://dpaste.com/0PJMKRD#wrap\" rel=\"nofollow\"\u003eSockets vs TCP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaul - \u003ca href=\"http://dpaste.com/2WXVR1X#wrap\" rel=\"nofollow\"\u003eAll or at least most of Bryan Cantrill\u0026#39;s Talks\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Looking at Lumina Desktop 2.0, 2 months of KPTI development in SmartOS, OpenBSD email service, an interview with Ryan Zezeski, NomadBSD released, and John Carmack's programming retreat with OpenBSD.","date_published":"2018-03-21T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/19a3e093-c80b-4eae-84c6-aa128d0c61d7.mp3","mime_type":"audio/mpeg","size_in_bytes":89016628,"duration_in_seconds":7418}]},{"id":"b77208bf-14b6-4644-bbca-40bc1ff1e594","title":"237: AsiaBSDcon 2018","url":"https://www.bsdnow.tv/237","content_text":"AsiaBSDcon review, Meltdown and Spectre Patches in FreeBSD stable, Interview with MidnightBSD founder, 8 months with TrueOS, mysteries of GNU and BSD split\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nAsiaBSDCon 2018 has concluded\n\n\nWe have just returned from AsiaBSDCon in Tokyo, Japan last weekend\nPlease excuse our jetlag\nThe conference consisted two days of meeting followed by 2 days of paper presentations\nWe arrived a few days early to see some sights and take a few extra delicious meals in Tokyo\nThe first day of meetings was a FreeBSD developer summit (while Benedict was teaching his two tutorials) where we discussed the FreeBSD release cycle and our thoughts on improving it, the new Casper capsicum helper service, and developments in SDIO which will eventually enable WiFi and SD card readers on more embedded devices\nThe second day of meetings consisted of bhyvecon, a miniconf that covered development in all hypervisors on all BSDs. It also included presentations on the porting of bhyve to IllumOS.\nThen the conference started\nThere were a number of great presentations, plus an amazing hallway track as usual\nIt was great to see many old friends and to spend time discussing the latest happenings in BSD. A couple of people came by and asked to take a picture with us and we were happy to do that.\n***\n\n\nFreeBSD releases Spectre and Meltdown mitigations for 11.1\n\n\nSpeculative execution vulnerability mitigation is a work in progress.  This advisory addresses the most significant issues for FreeBSD 11.1 on amd64 CPUs.  We expect to update this advisory to include 10.x for amd64 CPUs.  Future FreeBSD releases will address this issue on i386 and other CPUs.  freebsd-update will include changes on i386 as part of this update due to common code changes shared between amd64 and i386, however it contains no functional changes for i386 (in particular, it does not mitigate the issue on i386).\nMany modern processors have implementation issues that allow unprivileged attackers to bypass user-kernel or inter-process memory access restrictions by exploiting speculative execution and shared resources (for example, caches).\nAn attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).\n\n\nMeltdown:\nThe mitigation is known as Page Table Isolation (PTI).  PTI largely separates kernel and user mode page tables, so that even during speculative execution most of the kernel's data is unmapped and not accessible.\nA demonstration of the Meltdown vulnerability is available at https://github.com/dag-erling/meltdown.  A positive result is definitive (that is, the vulnerability exists with certainty).  A negative result indicates either that the CPU is not affected, or that the test is not capable of demonstrating the issue on the CPU (and may need to be modified).\nA patched kernel will automatically enable PTI on Intel CPUs.  The status can be checked via the vm.pmap.pti sysctl \nPTI introduces a performance regression.  The observed performance loss is significant in microbenchmarks of system call overhead, but is much smaller for many real workloads.\nSpectre V2:\nThere are two common mitigations for Spectre V2.  This patch includes a mitigation using Indirect Branch Restricted Speculation, a feature available via a microcode update from processor manufacturers.  The alternate mitigation, Retpoline, is a feature available in newer compilers.  The feasibility of applying Retpoline to stable branches and/or releases is under\ninvestigation.\nThe patch includes the IBRS mitigation for Spectre V2.  To use the mitigation the system must have an updated microcode; with older microcode a patched kernel will function without the mitigation.\nIBRS can be disabled via the hw.ibrs_disable sysctl (and tunable), and the status can be checked via the hw.ibrs_active sysctl.  IBRS may be enabled or disabled at runtime.  Additional detail on microcode updates will follow.\nWiki tracking the vulnerabilities and mitigations on different platforms\n***\n\n\n\nInterview with MidnightBSD Founder and Lead Dev Lucas Holt\n\n\nRecently, I have taken a little dip into the world of BSD. As part of my attempt to understand the BSD world a little better, I connected with Lucas Holt (MidnightBSD founder and lead developer) to ask him a few questions about his project. Here are his answers.\n\nIt’s FOSS: Please explain MidnightBSD in a nutshell. How is it different than other BSDs?\n\nLucas Holt: MidnightBSD is a desktop focused operating system. When it’s considered stable, it will provide a full desktop experience. This differs from other efforts such as TrueOS or GhostBSD in that it’s not a distro of FreeBSD, but rather a fork. MidnightBSD has its own package manager, mport as well as unique package cluster software and several features built into user land such as mDNSresponder, libdispatch, and customizations throughout the system.\n\nIt’s FOSS: Who is MidnightBSD aimed at?\n\nLucas Holt: The goal with MidnightBSD has always been to provide a desktop OS that’s usable for everyday tasks and that even somewhat non technical people can use. Early versions of Mac OS X were certainly an inspiration. In practice, we’re rather far from that goal at this point, but it’s been an excellent learning opportunity.\n\nIt’s FOSS: What is your background in computers?\n\nLucas Holt: I started in technical support at a small ISP and moved into web design and system administration. While there, I learned BSDi, Solaris and Linux. I also started tinkering with programming web apps in ASP and a little perl CGI. I then did a mix of programming and system administration jobs through college and graduated with a bachelors in C.S. from Eastern Michigan University. During that time, I learned NetBSD and FreeBSD. I started working on several projects such as porting Apple’s HFS+ code to FreeBSD 6 and working on getting the nforce2 chipset SATA controller working with FreeBSD 6, with the latter getting committed. I got a real taste for BSD and after seeing the lack of interest in the community for desktop BSDs, I started MidnightBSD. I began work on it in late 2005.\nCurrently, I’m a Senior Software Engineer focusing on backend rest services by day and a part-time graduate student at the University of Michigan Flint.\n\nIt’s FOSS: I recently installed TrueOS. I was disappointed that a couple of the programs I wanted were not available. The FreeBSD port system looked mildly complicated for beginners. I’m used to using pacman to get the job done quickly. How does MidnightBSD deal with ports?\n\nLucas Holt: MidnightBSD has it’s own port system, mports, which shared similarities with FreeBSD ports as well as some ideas from OpenBSD. We decided early on that decent package management was essential for regular users. Power users will still use ports for certain software, but it’s just so time consuming to build everything. We started work on our own package manager, mport.\nEvery package is a tar lzma archive with a sqlite3 manifest file as well as a sqlite 3 index that’s downloaded from our server. This allows users to query and customize the package system with standard SQL queries. We’re also building more user friendly graphical tools.\nPackage availability is another issue that most BSDs have. Software tends to be written for one or two operating systems and many projects are reluctant to support other systems, particularly smaller projects like MidnightBSD. There are certainly gaps. All of the BSD projects need more volunteers to help with porting software and keeping it up to date.\n\nIt’s FOSS: During your June 2015 interview on BSDNow, you mentioned that even though you support both i386 and amd64, that you recommend people choose amd64. Do you have any plans to drop i386 support in the future, like many have done?\n\nLucas Holt: Yes, we do plan to drop i386 support, mostly because of the extra work needed to build and maintain packages. I’ve held off on this so far because I had a lot of feedback from users in South America that they still needed it. For now, the plan is to keep i386 support through 1.0 release. That’s probably a year or two out.\n\nIt’s FOSS: What desktop environments does MidnightBSD support?\n\nLucas Holt: The original plan was to use Etoile as a desktop environment, but that project changed focus. We currently support Xfce, Gnome 3, WindowMaker + GNUstep + Gworkspace as primary choices. We also have several other window managers and desktop environments available such as Enlightenment, rat poison, afterstep, etc.\nEarly versions offered KDE 3.x but we had some issues with KDE 4. We may revisit that with newer versions.\n\nIt’s FOSS: What is MidnightBSD’s default filesystem? Do you support DragonflyBSD’s HAMMER filesystem? What other filesystems?\n\nLucas Holt: Boot volumes are UFS2. We also support ZFS for additional storage. We have read support for ExFat, NTFS, ext2, CD9660. NFS v3 and v4 are also supported for network file systems.\nWe do not support HAMMER, although it was considered. I would love to see HAMMER2 get added to MidnightBSD eventually.\n\nIt’s FOSS: Is MidnightBSD affected by the recent Spectre and Meltdown issues?\n\nLucas Holt: Yes. Most operating systems were affected by these issues. We were not informed of the issue until the general public became aware. Work is ongoing to come up with appropriate mitigations. Unfortunately, we do not have a patch yet.\n\nIt’s FOSS: The Raspberry Pi and its many clones have made the ARM platform very popular. Are there any plans to make MidnightBSD available on that platform?\n\nLucas Holt: No immediate plans. ARM is an interesting architecture, but by the very nature of SoC designs, takes a lot of work to support a broad number of devices. It might be possible when we stop supporting i386 or if someone volunteers to work on the ARM port.\nEventually, I think most hobby systems will need to run ARM chips. Intel’s planning on locking down hardware with UEFI 3 and this may make it difficult to run on commodity hardware in the future not only for MidnightBSD but other systems as well.\nAt one point, MidinightBSD ran on sparc64. When workstations were killed off, we dropped support. A desktop OS on a server platform makes little sense.\n\nIt’s FOSS: Does MidnightBSD offer support for Linux applications?\n\nLucas Holt: Yes, we offer Linux emulation. It’s emulating a 2.6.16 kernel currently and that needs to be updated so support newer apps. It’s possible to run semi-recent versions of Firefox, Thunderbird, Java, and OpenOffice on it though. I’ve also used it to host game servers in the past and play older games such as Quake 3, enemy territory, etc.\n\nIt’s FOSS: Could you comment on the recent dust-up between the Pale Moon browser developers and the team behind the OpenBSD ports system?\n\n\n\n[Author’s Note: For those who haven’t heard about this, let me summarize. Last month, someone from the OpenBSD team added the Pale Moon browser to their ports collection. A Pale Moon developer demanded that they include Pale Moon’s libraries instead of using system libraries. As the conversation continued, it got more hostile, especially on the Pale Moon side. The net result is that Pale Moon will not be available on OpenBSD, MidnightBSD, or FreeBSD.]\n\n\n\nLucas Holt: I found this discussion frustrating. Many of the BSD projects hear a lot of complaints about browser availability and compatibility. With Firefox moving to Rust, it makes it even more difficult. Then you get into branding issues. Like Firefox, the Pale Moon developers have decided to protect their brand at the cost of users. Unlike the Firefox devs, they’ve made even stranger requirements for branding. It is not possible to use a system library version of anything with Pale Moon and keep their branding requirements. As such, we cannot offer Pale Moon in MidnightBSD.\nThe reason this is an issue for an open source project is that many third party libraries are used in something as complex as a web browser. For instance, Gecko-based browsers use several multimedia libraries, sqlite3 (for bookmarks), audio and video codecs, etc. Trying to maintain upstream patches for each of these items is difficult. That’s why the BSDs have ports collections to begin with. It allows us to track and manage custom patches to make all these libraries work. We go through a lot of effort in keeping these up to date. Sometimes upstream patches don’t get included. That means our versions are the only working copies. With pale moon’s policy, we’d need to submit separate patches to their customized versions of all these libraries too and any new release of the browser would not be available as changes occur. It might not even be possible to compile pale moon without a patch locally.\nWith regard to Rust, it requires porting the language, as well as an appropriate version of LLVM before you can even start on the browser.\n\nIt’s FOSS: If someone wanted to contribute to your project, both financial and technical, how can they do that?\n\nLucas Holt: Financial assistance for the project can be submitted online. We have a page outlining how to make donations with Patreon, Paypal or via bitcoin. Donations are not tax deductible. You can learn more at http://www.midnightbsd.org/donate/\nWe also need assistance with translations, porting applications, and working on the actual OS. Interested parties can contact us on the mailing list or through IRC on freenode #midnightbsd We also could use assistance with mirroring ISOs and packages.\n\nI would like to thank Lucas for taking the time to reply to my many questions. For more information about MidnightBSD or to download it, please visit their website. The most recent version of MidnightBSD is 0.8.6.\n\n\n\n\nNews Roundup\n\n8 months with TrueOS\n\n\nPurpose of this review - what it is and what it is not.\n\n\n\nI vowed to write down what I felt about TrueOS if I ever got to the six month mark of usage. This is just that. This is neither a tutorial, nor a piece of evangelism dedicated towards it.\n\nThis is also not a review of specific parts of TrueOS such as Lumina or AppCafe, since I don't use them at all.\n\nIn the spirit of presenting a screen shot, here is my i3wm displaying 4 windows in one screen - a configuration that I never use. https://inflo.ws/blog/images/trues-screenshot.png\n\n\n\nThe primary tasks I get done with my computer.\n\n\n\nI need a tiling wm with multi-desktop capability. As regards what I do with a computer, it is fairly straightforward to describe if I just list down my most frequently used applications.\n\n\nxterm (CLI)\nEmacs (General editing and org mode)\nIntellij IDEA (Java, Kotlin, SQL)\nFirefox (Main web browser, with Multi-Account Containers)\nThunderbird (Work e-mail)\nNotmuchmail (Personal e-mail)\nChromium/Iridium (Dumb web browser)\nTelegram Desktop\nweechat (with wee-slack)\ncmus (Music player)\nmpv (Video player)\nmps-youtube (Youtube client)\ntransmission-gtk\nPostgresql10 (daemon)\nRabbitmq (daemon)\nSeafile (file sync)\nShotwell (manage pictures)\nGIMP (Edit pictures)\nCalibre (Manage e-books)\nVirtualBox\n\n\n\nAll of these are available as binary packages from the repository. Since I use Intellij Ultimate edition, I decided to download the no-jdk linux version from the website rather than install it. This would make sure that it gets updated regularly.\n\n\n\nWhy did I pick TrueOS ?\n\n\n\nI ran various Linux distributions from 2001 all the way till 2009, till I discovered Arch, and continued with it till 2017. I tried out Void for two months before I switched to TrueOS.\n\nOver the last few years, I started feeling like no matter which Linux distribution I touched, they all just stopped making a lot of sense. Generally in the way things were organised, and particularly in terms of software like systemd, which just got pushed down my throat. I couldn't wrap my head around half the things going on in my computer.\n\nMostly I found that Linux distributions stopped becoming a collection of applications that got developed together to something more coupled by software mechanisms like systemd - and that process was more and more opaque. I don't want to talk about the merits and de-merits of systemd, lets just say that I found it of no use and an unnecessary hassle.\n\nIn February, I found myself in charge of the entire technology stack of a company, and I was free to make choices. A friend who was a long time FreeBSD user convinced me to try it on the servers. My requirement then was to run Postgres, Rabbitmq, Nginx and a couple of JVM processes. The setup was zero hassle and it hasn't changed much in a year.\n\nAbout three months of running FreeBSD-11.x on servers was enough for me to consider it for my laptop. I was very apprehensive of hardware support, but luckily my computer is a Thinkpad, and Thinkpads sort of work out of the box with various BSDs.\n\nMy general requirements were:\n\n\n\nMust run Intellij IDEA.\nMust have proper graphics and sound driver support.\nMust be able to run VirtualBox.\n\n\n\nI had to pick from FreeBSD, NetBSD and OpenBSD, since these were the major BSDs that I was familiar with. One of my requirements was that I needed to be able to run VMs just in case I needed to test something on Windows/Linux. This ruled out OpenBSD. Then I was left with NetBSD and FreeBSD. NetBSD's driver support for newer Intel chip-sets were questionable, and FreeBSD was the only choice then.\n\nWhen I was digging through FreeBSD forums, I found out that running the 11.x RELEASE on my laptop was out of the question since it didn't have proper drivers for my chip-set either.\n\nA few more hours of digging led me to GhostBSD and TrueOS. I picked TrueOS straightaway because - well because TrueOS came from the old PC-BSD and it was built off FreeBSD-12-CURRENT with the latest drivers integrated.\n\nI downloaded the UNSTABLE version available in June 2017, backed up ALL my data and home directory, and then installed it. There were no glitches during installation - I simply followed the installation as described in the handbook and everything was fine.\n\nMy entire switch from Arch/Void to TrueOS took about an hour, discounting the time it took to backup my data to an external hard disk. It was that easy. Everything I wanted to work just worked, everything was available in the repo.\n\nTweaks from cooltrainer.org : I discovered this excellent tutorial that describes setting up a FreeBSD 11 desktop. It documents several useful tweaks, some of which I applied. A few examples - Fonts, VirtualBox, Firewall, UTF-8 sections.\n\n\n\nTrueOS (and FreeBSD) specific things I liked\n\n\nOpen-rc\n\n\n\n\nThe open-rc init system is familiar and is well documented.\nTrueOS specific parts are described here.\nWhen I installed postgresql10-server, there was no open-rc script for it, but I could cobble one together in two hours with zero prior experience writing init scripts. Later on I figured out that the init script for postgresql9 would work for 10 as well, and used that.\n\n\n\nBoot Environments\n\n\n\nThis was an alien concept to me, but the first time I did an update without waiting for a CDN sync to finish, my computer booted into the shell and remained there. The friendly people at TrueOS discourse asked me to roll back to an older BE and wait for sync to finish.\nI dug through the forums and found \"ZFS / Snapshots basics \u0026amp; How-To’s for those new to TrueOS\". This describes ZFS and BEs, and is well worth reading.\n\n\n\nZFS\n\n\n\nMy experience with boot environments was enough to convince me about the utility of ZFS. I am still reading about it and trying things out, and whatever I read just convinces me more about why it is good.\n\n\n\nFile-system layout\n\n\n\nComing from the Linux world, how the FreeBSD file-system is laid out seemed odd at first. Then I realised that it was the Linux distros that were doing the odd thing. e.g : The whole OS is split into base system and applications. All the non base system configurations and apps go into /usr/local. That made a lot of sense.\nThe entire OS is developed along with its applications as a single coherent entity, and that shows.\n\n\n\nDocumentation\n\n\n\nThe handbooks for both TrueOS and FreeBSD are really really good. For e.g, I kept some files in an LUKS encrypted drive (when I used Arch Linux). To find an equivalent, all I had to do was read the handbook and look at the GELI section. It is actually nice being able to go to a source like Handbook and things from there just work.\nArch Linux and Gentoo has excellent documentation as well, if anyone is wondering about Linux distros.\n\n\n\nCommunity\n\n\n\nThe TrueOS community on both Telegram as well as on Discourse are very friendly and patient. They help out a lot and do not get upset when I pose really stupid questions. TrueOS core developers hangout in the Telegram chat-room too, and it is nice being able to talk to them directly about things.\n\n\n\nWhat did not work in TrueOS ?\n\n\n\nThe following things that worked during my Linux tenure doesn't work in TrueOS.\n\n\n\nNetflix\nGoogle Hangouts\nElectron based applications (Slack, Skype)\n\n\n\nThese are not major concerns for the kind of work I do, so it doesn't bother me much. I run a WinXP VM to play some old games, and a Bunsenlabs installation for Linux things like Hangouts/Netflix.\n\nI don't have a video calling system setup in TrueOS because I use my phone for both voice and video calls exclusively.\n\n\n\nWhy am I staying on TrueOS ?\n\n\n\nGreat community - whether on Discourse or on the telegram channel, the people make you feel welcome. If things go unanswered, someone will promise to work on it/file a bug/suggest work-arounds.\n\nSwitching to TrueOS was philosophical as well - I thought a lot more about licenses, and I have arrived at the conclusion that I like BSD more than GPL. I believe it is a more practical license.\n\nI believe TrueOS is improving continuously, and is a great desktop UNIX if you put some time into it.\n\n\n\n\nAsiaBSDCon 2016 videos now available\n\n\nThe videos from AsiaBSDCon 2016 have been posted to youtube, 30 videos in all\nWe’ll cover the videos from 2017 next week\nThe videos from 2018 should be posted in 4-6 weeks\nI are working on a new version of https://papers.freebsd.org/ that will make it easier to find the papers, slides, and videos of all talks related to FreeBSD\n***\n\n\nsyspatches will be provided for both supported releases\n\n\nGood news for people doing upgrades only once per year: syspatches will be provided for both supported releases. The commit from T.J. Townsend (tj@) speaks for itself:\n\n\nSubject:    CVS: cvs.openbsd.org: www\nFrom:       T.J. Townsend \u0026lt;tj () openbsd ! org\u0026gt;\nDate:       2018-03-06 22:09:12\n\nCVSROOT:    /cvs\nModule name:    www\nChanges by: tj@cvs.openbsd.org  2018/03/06 15:09:12\n\nModified files:\n    .              : errata61.html stable.html \n    faq            : faq10.html \n\nLog message:\nsyspatches will now be provided for both supported releases.\n\n\n\nThanks to all the developers involved in providing these!\n\n\n\nUpdate: An official announcement has been released:\n\n\nI'm happy to announce that we are now able to provide two releases worth\nof syspatches on the amd64 and i386 platforms. The binary patches for\n6.1 will hit the mirrors shortly, so you will be able to catch up with\nthe errata on\n\n   https://www.openbsd.org/errata61.html\n\nusing the syspatch utility. People running amd64 will thus get the\nmeltdown workaround.\n\nThis means in particular that 6.2 will remain supported by syspatch when\n6.3 comes out.\n\nThanks to robert and ajacoutot for their amazing work on syspatch and\nfor all their help. Thanks also to tj and the volunteers from #openbsd\nfor their timely tests and of course to Theo for overseeing it all.\n\n\n\n\nExploring permutations and a mystery with BSD and GNU split filenames\n\n\nRecently, I was playing around with the split command-line tool on Mac OS X, and I decided to chop a 4000-line file into 4000 separate single-line files. However, when I attempted to run split -l1, I ran into a funny error:\n\n\nsplit: too many files\n\n\nCurious to see if any splitting had occurred, I ran ls and sure enough, a huge list of filenames appeared, such as:\n\n\nxaa\nxab\n...\nxzy\nxzz\n\n\n\nNow I could see why you'd run out of unique filenames - there are only 26 letters in the alphabet and these filenames were only three letters long. Also, they all seemed to begin with the letter \"x\".\n\n\n\nBSD split's filename defaults\n\n\n\nI checked the manual for split's defaults and confirmed what I was seeing:\n\neach file into which the file is split is named by the prefix followed by a lexically ordered suffix using suffix_length characters in the range 'a-z'. If -a is not specified, two letters are used as the suffix....with the prefix 'x' and with suffixes as above.\n\nGot it, so running split with the defaults for prefix name and suffix length will give me filenames that always start with the letter \"x\" followed by two-letter alphabetical permutations composed of a-z letters, with repeats allowed. I say \"repeats allowed\" because I noticed filenames such as xaa and xbb in the output.\n\nSide node: The reason why I say \"permutations\" rather than \"combinations\" is because letter order matters. For example, xab and xba are two distinct and legitimate filenames. Here's a nice explanation about the difference between permutations and combinations.\n\n\n\nSome permutation math\n\n\n\nSo how many filenames can you get from the BSD split tool using the defaults? There are permutation formulas out there for repeating values and non-repeating values. Based on split's behavior, I wanted to use the repeating values formula:\n\nnr where n equals the number of possible values (26 for a-z) and r equals the number of values (2, since there are only 2 letters after \"x\" in the filename).\n\n262 = 676\n\nSo the total number of filename permutations allowed with BSD split's defaults should be 676.\n\nTo double check, I ran ls | wc -l to get the total number of files in my split_test directory. The output was 677. If you subtract my original input file, input.txt, then you have 676, or the number of permutations split would allow before running out of filenames!\n\nNeat. But I still wanted my 4000 files.\n\n\n\nMoar permutations pls\n\n\n\nWhile 262 permutations doesn't support 4000 different filenames, I wondered if I could increase r to 3. Then, I'd have 17,576 different filename permutations to play with - more than enough.\n\nEarlier, I remembered the manual mentioning suffix length:\n\n-a suffix_length\nUse suffix_length letters to form the suffix of the file name.\n\nSo I passed 3 in with the -a flag and guess what? I got my 4000 files!\n\n\nsplit -l1 -a3 input.txt \nls | wc -l\n4001\n\n\n\nBut that was a lot of work. It would be great if split would just handle these permutations and suffix lengths by default!\n\nIn fact, I vaguely remember splitting large files into smaller ones with numerical filenames, which I prefer. I also remember not having to worry about suffixes in the past. But numerical filenames didn't seem to be an option with split installed on Mac OS X - there was no mention of it in the manual.\n\nTurns out that I was remembering GNU split from using the Debian OS two years ago, a different flavor of the split tool with different defaults and behaviors.\n\n\n\n\nBeastie Bits\n\nMichael Lucas is speaking at mug.org 10 April 2018\nPkgsrcCon 2018 July 7+8 Berlin\nTint2 rocks\nOpen Source Summit Europe 2018 Call for Proposals\nTravel Grants for BSDCan 2018\nBSDCan 2018 FreeBSD Developers Summit Call for Proposals\nOpenBSD vmm(4) update, by Mike Larkin\n\n\n\nFeedback/Questions\n\n\nMorgan ZFS Install Question\nAndre - Splitting ZFS Array, or not\nJake - Python Projects\nDave - Screen Sharing \u0026amp; Video Conference\nJames - ZFS disk id switching\n\n\n","content_html":"\u003cp\u003eAsiaBSDcon review, Meltdown and Spectre Patches in FreeBSD stable, Interview with MidnightBSD founder, 8 months with TrueOS, mysteries of GNU and BSD split\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2018.asiabsdcon.org/\" rel=\"nofollow\"\u003eAsiaBSDCon 2018 has concluded\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have just returned from AsiaBSDCon in Tokyo, Japan last weekend\u003c/li\u003e\n\u003cli\u003ePlease excuse our jetlag\u003c/li\u003e\n\u003cli\u003eThe conference consisted two days of meeting followed by 2 days of paper presentations\u003c/li\u003e\n\u003cli\u003eWe arrived a few days early to see some sights and take a few extra delicious meals in Tokyo\u003c/li\u003e\n\u003cli\u003eThe first day of meetings was a FreeBSD developer summit (while Benedict was teaching his two tutorials) where we discussed the FreeBSD release cycle and our thoughts on improving it, the new Casper capsicum helper service, and developments in SDIO which will eventually enable WiFi and SD card readers on more embedded devices\u003c/li\u003e\n\u003cli\u003eThe second day of meetings consisted of bhyvecon, a miniconf that covered development in all hypervisors on all BSDs. It also included presentations on the porting of bhyve to IllumOS.\u003c/li\u003e\n\u003cli\u003eThen the conference started\u003c/li\u003e\n\u003cli\u003eThere were a number of great presentations, plus an amazing hallway track as usual\u003c/li\u003e\n\u003cli\u003eIt was great to see many old friends and to spend time discussing the latest happenings in BSD. A couple of people came by and asked to take a picture with us and we were happy to do that.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-18:03.speculative_execution.asc\" rel=\"nofollow\"\u003eFreeBSD releases Spectre and Meltdown mitigations for 11.1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSpeculative execution vulnerability mitigation is a work in progress.  This advisory addresses the most significant issues for FreeBSD 11.1 on amd64 CPUs.  We expect to update this advisory to include 10.x for amd64 CPUs.  Future FreeBSD releases will address this issue on i386 and other CPUs.  freebsd-update will include changes on i386 as part of this update due to common code changes shared between amd64 and i386, however it contains no functional changes for i386 (in particular, it does not mitigate the issue on i386).\u003cbr\u003e\nMany modern processors have implementation issues that allow unprivileged attackers to bypass user-kernel or inter-process memory access restrictions by exploiting speculative execution and shared resources (for example, caches).\u003cbr\u003e\nAn attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeltdown:\nThe mitigation is known as Page Table Isolation (PTI).  PTI largely separates kernel and user mode page tables, so that even during speculative execution most of the kernel\u0026#39;s data is unmapped and not accessible.\nA demonstration of the Meltdown vulnerability is available at \u003ca href=\"https://github.com/dag-erling/meltdown\" rel=\"nofollow\"\u003ehttps://github.com/dag-erling/meltdown\u003c/a\u003e.  A positive result is definitive (that is, the vulnerability exists with certainty).  A negative result indicates either that the CPU is not affected, or that the test is not capable of demonstrating the issue on the CPU (and may need to be modified).\nA patched kernel will automatically enable PTI on Intel CPUs.  The status can be checked via the vm.pmap.pti sysctl \nPTI introduces a performance regression.  The observed performance loss is significant in microbenchmarks of system call overhead, but is much smaller for many real workloads.\u003c/li\u003e\n\u003cli\u003eSpectre V2:\nThere are two common mitigations for Spectre V2.  This patch includes a mitigation using Indirect Branch Restricted Speculation, a feature available via a microcode update from processor manufacturers.  The alternate mitigation, Retpoline, is a feature available in newer compilers.  The feasibility of applying Retpoline to stable branches and/or releases is under\ninvestigation.\nThe patch includes the IBRS mitigation for Spectre V2.  To use the mitigation the system must have an updated microcode; with older microcode a patched kernel will function without the mitigation.\nIBRS can be disabled via the hw.ibrs_disable sysctl (and tunable), and the status can be checked via the hw.ibrs_active sysctl.  IBRS may be enabled or disabled at runtime.  Additional detail on microcode updates will follow.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities\" rel=\"nofollow\"\u003eWiki tracking the vulnerabilities and mitigations on different platforms\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://itsfoss.com/midnightbsd-founder-lucas-holt/\" rel=\"nofollow\"\u003eInterview with MidnightBSD Founder and Lead Dev Lucas Holt\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently, I have taken a little dip into the world of BSD. As part of my attempt to understand the BSD world a little better, I connected with Lucas Holt (MidnightBSD founder and lead developer) to ask him a few questions about his project. Here are his answers.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: Please explain MidnightBSD in a nutshell. How is it different than other BSDs?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: MidnightBSD is a desktop focused operating system. When it’s considered stable, it will provide a full desktop experience. This differs from other efforts such as TrueOS or GhostBSD in that it’s not a distro of FreeBSD, but rather a fork. MidnightBSD has its own package manager, mport as well as unique package cluster software and several features built into user land such as mDNSresponder, libdispatch, and customizations throughout the system.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: Who is MidnightBSD aimed at?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: The goal with MidnightBSD has always been to provide a desktop OS that’s usable for everyday tasks and that even somewhat non technical people can use. Early versions of Mac OS X were certainly an inspiration. In practice, we’re rather far from that goal at this point, but it’s been an excellent learning opportunity.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: What is your background in computers?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: I started in technical support at a small ISP and moved into web design and system administration. While there, I learned BSDi, Solaris and Linux. I also started tinkering with programming web apps in ASP and a little perl CGI. I then did a mix of programming and system administration jobs through college and graduated with a bachelors in C.S. from Eastern Michigan University. During that time, I learned NetBSD and FreeBSD. I started working on several projects such as porting Apple’s HFS+ code to FreeBSD 6 and working on getting the nforce2 chipset SATA controller working with FreeBSD 6, with the latter getting committed. I got a real taste for BSD and after seeing the lack of interest in the community for desktop BSDs, I started MidnightBSD. I began work on it in late 2005.\u003cbr\u003e\nCurrently, I’m a Senior Software Engineer focusing on backend rest services by day and a part-time graduate student at the University of Michigan Flint.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: I recently installed TrueOS. I was disappointed that a couple of the programs I wanted were not available. The FreeBSD port system looked mildly complicated for beginners. I’m used to using pacman to get the job done quickly. How does MidnightBSD deal with ports?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: MidnightBSD has it’s own port system, mports, which shared similarities with FreeBSD ports as well as some ideas from OpenBSD. We decided early on that decent package management was essential for regular users. Power users will still use ports for certain software, but it’s just so time consuming to build everything. We started work on our own package manager, mport.\u003cbr\u003e\nEvery package is a tar lzma archive with a sqlite3 manifest file as well as a sqlite 3 index that’s downloaded from our server. This allows users to query and customize the package system with standard SQL queries. We’re also building more user friendly graphical tools.\u003cbr\u003e\nPackage availability is another issue that most BSDs have. Software tends to be written for one or two operating systems and many projects are reluctant to support other systems, particularly smaller projects like MidnightBSD. There are certainly gaps. All of the BSD projects need more volunteers to help with porting software and keeping it up to date.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: During your June 2015 interview on BSDNow, you mentioned that even though you support both i386 and amd64, that you recommend people choose amd64. Do you have any plans to drop i386 support in the future, like many have done?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: Yes, we do plan to drop i386 support, mostly because of the extra work needed to build and maintain packages. I’ve held off on this so far because I had a lot of feedback from users in South America that they still needed it. For now, the plan is to keep i386 support through 1.0 release. That’s probably a year or two out.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: What desktop environments does MidnightBSD support?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: The original plan was to use Etoile as a desktop environment, but that project changed focus. We currently support Xfce, Gnome 3, WindowMaker + GNUstep + Gworkspace as primary choices. We also have several other window managers and desktop environments available such as Enlightenment, rat poison, afterstep, etc.\u003cbr\u003e\nEarly versions offered KDE 3.x but we had some issues with KDE 4. We may revisit that with newer versions.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: What is MidnightBSD’s default filesystem? Do you support DragonflyBSD’s HAMMER filesystem? What other filesystems?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: Boot volumes are UFS2. We also support ZFS for additional storage. We have read support for ExFat, NTFS, ext2, CD9660. NFS v3 and v4 are also supported for network file systems.\u003cbr\u003e\nWe do not support HAMMER, although it was considered. I would love to see HAMMER2 get added to MidnightBSD eventually.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: Is MidnightBSD affected by the recent Spectre and Meltdown issues?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: Yes. Most operating systems were affected by these issues. We were not informed of the issue until the general public became aware. Work is ongoing to come up with appropriate mitigations. Unfortunately, we do not have a patch yet.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: The Raspberry Pi and its many clones have made the ARM platform very popular. Are there any plans to make MidnightBSD available on that platform?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: No immediate plans. ARM is an interesting architecture, but by the very nature of SoC designs, takes a lot of work to support a broad number of devices. It might be possible when we stop supporting i386 or if someone volunteers to work on the ARM port.\u003cbr\u003e\nEventually, I think most hobby systems will need to run ARM chips. Intel’s planning on locking down hardware with UEFI 3 and this may make it difficult to run on commodity hardware in the future not only for MidnightBSD but other systems as well.\u003cbr\u003e\nAt one point, MidinightBSD ran on sparc64. When workstations were killed off, we dropped support. A desktop OS on a server platform makes little sense.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: Does MidnightBSD offer support for Linux applications?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: Yes, we offer Linux emulation. It’s emulating a 2.6.16 kernel currently and that needs to be updated so support newer apps. It’s possible to run semi-recent versions of Firefox, Thunderbird, Java, and OpenOffice on it though. I’ve also used it to host game servers in the past and play older games such as Quake 3, enemy territory, etc.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: Could you comment on the recent dust-up between the Pale Moon browser developers and the team behind the OpenBSD ports system?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e[Author’s Note: For those who haven’t heard about this, let me summarize. Last month, someone from the OpenBSD team added the Pale Moon browser to their ports collection. A Pale Moon developer demanded that they include Pale Moon’s libraries instead of using system libraries. As the conversation continued, it got more hostile, especially on the Pale Moon side. The net result is that Pale Moon will not be available on OpenBSD, MidnightBSD, or FreeBSD.]\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLucas Holt: I found this discussion frustrating. Many of the BSD projects hear a lot of complaints about browser availability and compatibility. With Firefox moving to Rust, it makes it even more difficult. Then you get into branding issues. Like Firefox, the Pale Moon developers have decided to protect their brand at the cost of users. Unlike the Firefox devs, they’ve made even stranger requirements for branding. It is not possible to use a system library version of anything with Pale Moon and keep their branding requirements. As such, we cannot offer Pale Moon in MidnightBSD.\u003cbr\u003e\nThe reason this is an issue for an open source project is that many third party libraries are used in something as complex as a web browser. For instance, Gecko-based browsers use several multimedia libraries, sqlite3 (for bookmarks), audio and video codecs, etc. Trying to maintain upstream patches for each of these items is difficult. That’s why the BSDs have ports collections to begin with. It allows us to track and manage custom patches to make all these libraries work. We go through a lot of effort in keeping these up to date. Sometimes upstream patches don’t get included. That means our versions are the only working copies. With pale moon’s policy, we’d need to submit separate patches to their customized versions of all these libraries too and any new release of the browser would not be available as changes occur. It might not even be possible to compile pale moon without a patch locally.\u003cbr\u003e\nWith regard to Rust, it requires porting the language, as well as an appropriate version of LLVM before you can even start on the browser.\u003c/p\u003e\n\n\u003cp\u003eIt’s FOSS: If someone wanted to contribute to your project, both financial and technical, how can they do that?\u003c/p\u003e\n\n\u003cp\u003eLucas Holt: Financial assistance for the project can be submitted online. We have a page outlining how to make donations with Patreon, Paypal or via bitcoin. Donations are not tax deductible. You can learn more at \u003ca href=\"http://www.midnightbsd.org/donate/\" rel=\"nofollow\"\u003ehttp://www.midnightbsd.org/donate/\u003c/a\u003e\u003cbr\u003e\nWe also need assistance with translations, porting applications, and working on the actual OS. Interested parties can contact us on the mailing list or through IRC on freenode #midnightbsd We also could use assistance with mirroring ISOs and packages.\u003c/p\u003e\n\n\u003cp\u003eI would like to thank Lucas for taking the time to reply to my many questions. For more information about MidnightBSD or to download it, please visit their website. The most recent version of MidnightBSD is 0.8.6.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://inflo.ws/blog/post/2018-03-03-trueos-8th-month-review/\" rel=\"nofollow\"\u003e8 months with TrueOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePurpose of this review - what it is and what it is not.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI vowed to write down what I felt about TrueOS if I ever got to the six month mark of usage. This is just that. This is neither a tutorial, nor a piece of evangelism dedicated towards it.\u003c/p\u003e\n\n\u003cp\u003eThis is also not a review of specific parts of TrueOS such as Lumina or AppCafe, since I don\u0026#39;t use them at all.\u003c/p\u003e\n\n\u003cp\u003eIn the spirit of presenting a screen shot, here is my i3wm displaying 4 windows in one screen - a configuration that I never use. \u003ca href=\"https://inflo.ws/blog/images/trues-screenshot.png\" rel=\"nofollow\"\u003ehttps://inflo.ws/blog/images/trues-screenshot.png\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe primary tasks I get done with my computer.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI need a tiling wm with multi-desktop capability. As regards what I do with a computer, it is fairly straightforward to describe if I just list down my most frequently used applications.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003exterm (CLI)\nEmacs (General editing and org mode)\nIntellij IDEA (Java, Kotlin, SQL)\nFirefox (Main web browser, with Multi-Account Containers)\nThunderbird (Work e-mail)\nNotmuchmail (Personal e-mail)\nChromium/Iridium (Dumb web browser)\nTelegram Desktop\nweechat (with wee-slack)\ncmus (Music player)\nmpv (Video player)\nmps-youtube (Youtube client)\ntransmission-gtk\nPostgresql10 (daemon)\nRabbitmq (daemon)\nSeafile (file sync)\nShotwell (manage pictures)\nGIMP (Edit pictures)\nCalibre (Manage e-books)\nVirtualBox\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAll of these are available as binary packages from the repository. Since I use Intellij Ultimate edition, I decided to download the no-jdk linux version from the website rather than install it. This would make sure that it gets updated regularly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy did I pick TrueOS ?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI ran various Linux distributions from 2001 all the way till 2009, till I discovered Arch, and continued with it till 2017. I tried out Void for two months before I switched to TrueOS.\u003c/p\u003e\n\n\u003cp\u003eOver the last few years, I started feeling like no matter which Linux distribution I touched, they all just stopped making a lot of sense. Generally in the way things were organised, and particularly in terms of software like systemd, which just got pushed down my throat. I couldn\u0026#39;t wrap my head around half the things going on in my computer.\u003c/p\u003e\n\n\u003cp\u003eMostly I found that Linux distributions stopped becoming a collection of applications that got developed together to something more coupled by software mechanisms like systemd - and that process was more and more opaque. I don\u0026#39;t want to talk about the merits and de-merits of systemd, lets just say that I found it of no use and an unnecessary hassle.\u003c/p\u003e\n\n\u003cp\u003eIn February, I found myself in charge of the entire technology stack of a company, and I was free to make choices. A friend who was a long time FreeBSD user convinced me to try it on the servers. My requirement then was to run Postgres, Rabbitmq, Nginx and a couple of JVM processes. The setup was zero hassle and it hasn\u0026#39;t changed much in a year.\u003c/p\u003e\n\n\u003cp\u003eAbout three months of running FreeBSD-11.x on servers was enough for me to consider it for my laptop. I was very apprehensive of hardware support, but luckily my computer is a Thinkpad, and Thinkpads sort of work out of the box with various BSDs.\u003c/p\u003e\n\n\u003cp\u003eMy general requirements were:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMust run Intellij IDEA.\u003c/li\u003e\n\u003cli\u003eMust have proper graphics and sound driver support.\u003c/li\u003e\n\u003cli\u003eMust be able to run VirtualBox.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI had to pick from FreeBSD, NetBSD and OpenBSD, since these were the major BSDs that I was familiar with. One of my requirements was that I needed to be able to run VMs just in case I needed to test something on Windows/Linux. This ruled out OpenBSD. Then I was left with NetBSD and FreeBSD. NetBSD\u0026#39;s driver support for newer Intel chip-sets were questionable, and FreeBSD was the only choice then.\u003c/p\u003e\n\n\u003cp\u003eWhen I was digging through FreeBSD forums, I found out that running the 11.x RELEASE on my laptop was out of the question since it didn\u0026#39;t have proper drivers for my chip-set either.\u003c/p\u003e\n\n\u003cp\u003eA few more hours of digging led me to GhostBSD and TrueOS. I picked TrueOS straightaway because - well because TrueOS came from the old PC-BSD and it was built off FreeBSD-12-CURRENT with the latest drivers integrated.\u003c/p\u003e\n\n\u003cp\u003eI downloaded the UNSTABLE version available in June 2017, backed up ALL my data and home directory, and then installed it. There were no glitches during installation - I simply followed the installation as described in the handbook and everything was fine.\u003c/p\u003e\n\n\u003cp\u003eMy entire switch from Arch/Void to TrueOS took about an hour, discounting the time it took to backup my data to an external hard disk. It was that easy. Everything I wanted to work just worked, everything was available in the repo.\u003c/p\u003e\n\n\u003cp\u003eTweaks from cooltrainer.org : I discovered this excellent tutorial that describes setting up a FreeBSD 11 desktop. It documents several useful tweaks, some of which I applied. A few examples - Fonts, VirtualBox, Firewall, UTF-8 sections.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eTrueOS (and FreeBSD) specific things I liked\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpen-rc\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe open-rc init system is familiar and is well documented.\u003cbr\u003e\nTrueOS specific parts are described here.\u003cbr\u003e\nWhen I installed postgresql10-server, there was no open-rc script for it, but I could cobble one together in two hours with zero prior experience writing init scripts. Later on I figured out that the init script for postgresql9 would work for 10 as well, and used that.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBoot Environments\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis was an alien concept to me, but the first time I did an update without waiting for a CDN sync to finish, my computer booted into the shell and remained there. The friendly people at TrueOS discourse asked me to roll back to an older BE and wait for sync to finish.\u003cbr\u003e\nI dug through the forums and found \u0026quot;ZFS / Snapshots basics \u0026amp; How-To’s for those new to TrueOS\u0026quot;. This describes ZFS and BEs, and is well worth reading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy experience with boot environments was enough to convince me about the utility of ZFS. I am still reading about it and trying things out, and whatever I read just convinces me more about why it is good.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFile-system layout\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eComing from the Linux world, how the FreeBSD file-system is laid out seemed odd at first. Then I realised that it was the Linux distros that were doing the odd thing. e.g : The whole OS is split into base system and applications. All the non base system configurations and apps go into /usr/local. That made a lot of sense.\u003cbr\u003e\nThe entire OS is developed along with its applications as a single coherent entity, and that shows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDocumentation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe handbooks for both TrueOS and FreeBSD are really really good. For e.g, I kept some files in an LUKS encrypted drive (when I used Arch Linux). To find an equivalent, all I had to do was read the handbook and look at the GELI section. It is actually nice being able to go to a source like Handbook and things from there just work.\u003cbr\u003e\nArch Linux and Gentoo has excellent documentation as well, if anyone is wondering about Linux distros.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCommunity\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe TrueOS community on both Telegram as well as on Discourse are very friendly and patient. They help out a lot and do not get upset when I pose really stupid questions. TrueOS core developers hangout in the Telegram chat-room too, and it is nice being able to talk to them directly about things.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat did not work in TrueOS ?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe following things that worked during my Linux tenure doesn\u0026#39;t work in TrueOS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetflix\u003c/li\u003e\n\u003cli\u003eGoogle Hangouts\u003c/li\u003e\n\u003cli\u003eElectron based applications (Slack, Skype)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese are not major concerns for the kind of work I do, so it doesn\u0026#39;t bother me much. I run a WinXP VM to play some old games, and a Bunsenlabs installation for Linux things like Hangouts/Netflix.\u003c/p\u003e\n\n\u003cp\u003eI don\u0026#39;t have a video calling system setup in TrueOS because I use my phone for both voice and video calls exclusively.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy am I staying on TrueOS ?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGreat community - whether on Discourse or on the telegram channel, the people make you feel welcome. If things go unanswered, someone will promise to work on it/file a bug/suggest work-arounds.\u003c/p\u003e\n\n\u003cp\u003eSwitching to TrueOS was philosophical as well - I thought a lot more about licenses, and I have arrived at the conclusion that I like BSD more than GPL. I believe it is a more practical license.\u003c/p\u003e\n\n\u003cp\u003eI believe TrueOS is improving continuously, and is a great desktop UNIX if you put some time into it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLnTFqpZk5ebD-FfVScL-x6ZnZSecMA1jI\" rel=\"nofollow\"\u003eAsiaBSDCon 2016 videos now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe videos from AsiaBSDCon 2016 have been posted to youtube, 30 videos in all\u003c/li\u003e\n\u003cli\u003eWe’ll cover the videos from 2017 next week\u003c/li\u003e\n\u003cli\u003eThe videos from 2018 should be posted in 4-6 weeks\u003c/li\u003e\n\u003cli\u003eI are working on a new version of \u003ca href=\"https://papers.freebsd.org/\" rel=\"nofollow\"\u003ehttps://papers.freebsd.org/\u003c/a\u003e that will make it easier to find the papers, slides, and videos of all talks related to FreeBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180307234243\" rel=\"nofollow\"\u003esyspatches will be provided for both supported releases\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGood news for people doing upgrades only once per year: syspatches will be provided for both supported releases. The commit from T.J. Townsend (tj@) speaks for itself:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eSubject:    CVS: cvs.openbsd.org: www\nFrom:       T.J. Townsend \u0026lt;tj () openbsd ! org\u0026gt;\nDate:       2018-03-06 22:09:12\n\nCVSROOT:    /cvs\nModule name:    www\nChanges by: tj@cvs.openbsd.org  2018/03/06 15:09:12\n\nModified files:\n    .              : errata61.html stable.html \n    faq            : faq10.html \n\nLog message:\nsyspatches will now be provided for both supported releases.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThanks to all the developers involved in providing these!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpdate: An official announcement has been released:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003eI\u0026#39;m happy to announce that we are now able to provide two releases worth\nof syspatches on the amd64 and i386 platforms. The binary patches for\n6.1 will hit the mirrors shortly, so you will be able to catch up with\nthe errata on\n\n   https://www.openbsd.org/errata61.html\n\nusing the syspatch utility. People running amd64 will thus get the\nmeltdown workaround.\n\nThis means in particular that 6.2 will remain supported by syspatch when\n6.3 comes out.\n\nThanks to robert and ajacoutot for their amazing work on syspatch and\nfor all their help. Thanks also to tj and the volunteers from #openbsd\nfor their timely tests and of course to Theo for overseeing it all.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.lorainekv.com/permutations_split_and_gsplit/\" rel=\"nofollow\"\u003eExploring permutations and a mystery with BSD and GNU split filenames\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently, I was playing around with the split command-line tool on Mac OS X, and I decided to chop a 4000-line file into 4000 separate single-line files. However, when I attempted to run split -l1, I ran into a funny error:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003esplit: too many files\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCurious to see if any splitting had occurred, I ran ls and sure enough, a huge list of filenames appeared, such as:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003exaa\nxab\n...\nxzy\nxzz\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow I could see why you\u0026#39;d run out of unique filenames - there are only 26 letters in the alphabet and these filenames were only three letters long. Also, they all seemed to begin with the letter \u0026quot;x\u0026quot;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD split\u0026#39;s filename defaults\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI checked the manual for split\u0026#39;s defaults and confirmed what I was seeing:\u003c/p\u003e\n\n\u003cp\u003eeach file into which the file is split is named by the prefix followed by a lexically ordered suffix using suffix_length characters in the range \u0026#39;a-z\u0026#39;. If -a is not specified, two letters are used as the suffix....with the prefix \u0026#39;x\u0026#39; and with suffixes as above.\u003c/p\u003e\n\n\u003cp\u003eGot it, so running split with the defaults for prefix name and suffix length will give me filenames that always start with the letter \u0026quot;x\u0026quot; followed by two-letter alphabetical permutations composed of a-z letters, with repeats allowed. I say \u0026quot;repeats allowed\u0026quot; because I noticed filenames such as xaa and xbb in the output.\u003c/p\u003e\n\n\u003cp\u003eSide node: The reason why I say \u0026quot;permutations\u0026quot; rather than \u0026quot;combinations\u0026quot; is because letter order matters. For example, xab and xba are two distinct and legitimate filenames. Here\u0026#39;s a nice explanation about the difference between permutations and combinations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome permutation math\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo how many filenames can you get from the BSD split tool using the defaults? There are permutation formulas out there for repeating values and non-repeating values. Based on split\u0026#39;s behavior, I wanted to use the repeating values formula:\u003c/p\u003e\n\n\u003cp\u003en\u003csup\u003er\u003c/sup\u003e where n equals the number of possible values (26 for a-z) and r equals the number of values (2, since there are only 2 letters after \u0026quot;x\u0026quot; in the filename).\u003c/p\u003e\n\n\u003cp\u003e26\u003csup\u003e2\u003c/sup\u003e = 676\u003c/p\u003e\n\n\u003cp\u003eSo the total number of filename permutations allowed with BSD split\u0026#39;s defaults should be 676.\u003c/p\u003e\n\n\u003cp\u003eTo double check, I ran ls | wc -l to get the total number of files in my split_test directory. The output was 677. If you subtract my original input file, input.txt, then you have 676, or the number of permutations split would allow before running out of filenames!\u003c/p\u003e\n\n\u003cp\u003eNeat. But I still wanted my 4000 files.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMoar permutations pls\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile 26\u003csup\u003e2\u003c/sup\u003e permutations doesn\u0026#39;t support 4000 different filenames, I wondered if I could increase r to 3. Then, I\u0026#39;d have 17,576 different filename permutations to play with - more than enough.\u003c/p\u003e\n\n\u003cp\u003eEarlier, I remembered the manual mentioning suffix length:\u003c/p\u003e\n\n\u003cp\u003e-a suffix_length\u003cbr\u003e\nUse suffix_length letters to form the suffix of the file name.\u003c/p\u003e\n\n\u003cp\u003eSo I passed 3 in with the -a flag and guess what? I got my 4000 files!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003esplit -l1 -a3 input.txt \nls | wc -l\n4001\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut that was a lot of work. It would be great if split would just handle these permutations and suffix lengths by default!\u003c/p\u003e\n\n\u003cp\u003eIn fact, I vaguely remember splitting large files into smaller ones with numerical filenames, which I prefer. I also remember not having to worry about suffixes in the past. But numerical filenames didn\u0026#39;t seem to be an option with split installed on Mac OS X - there was no mention of it in the manual.\u003c/p\u003e\n\n\u003cp\u003eTurns out that I was remembering GNU split from using the Debian OS two years ago, a different flavor of the split tool with different defaults and behaviors.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3121\" rel=\"nofollow\"\u003eMichael Lucas is speaking at mug.org 10 April 2018\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://pkgsrc.org/pkgsrcCon/2018/\" rel=\"nofollow\"\u003ePkgsrcCon 2018 July 7+8 Berlin\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://www.vincentdelft.be/post/post_20180310\" rel=\"nofollow\"\u003eTint2 rocks\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/open-source-summit-europe-2018-call-for-proposals/\" rel=\"nofollow\"\u003eOpen Source Summit Europe 2018 Call for Proposals\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcan-2018-travel-grant-application-now-open/\" rel=\"nofollow\"\u003eTravel Grants for BSDCan 2018\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/bsdcan-2018-freebsd-developers-summit-call-for-proposals/\" rel=\"nofollow\"\u003eBSDCan 2018 FreeBSD Developers Summit Call for Proposals\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.openbsd.org/papers/asiabsdcon2018-vmm-slides.pdf\" rel=\"nofollow\"\u003eOpenBSD vmm(4) update, by Mike Larkin\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/3NZN49P#wrap\" rel=\"nofollow\"\u003eMorgan ZFS Install Question\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/3V09BZ5#wrap\" rel=\"nofollow\"\u003eAndre - Splitting ZFS Array, or not\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/2CY5MRE#wrap\" rel=\"nofollow\"\u003eJake - Python Projects\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/257WGCB#wrap\" rel=\"nofollow\"\u003eDave - Screen Sharing \u0026amp; Video Conference\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/3HAPZ90#wrap\" rel=\"nofollow\"\u003eJames - ZFS disk id switching\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"AsiaBSDcon review, Meltdown and Spectre Patches in FreeBSD stable, Interview with MidnightBSD founder, 8 months with TrueOS, mysteries of GNU and BSD split","date_published":"2018-03-14T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b77208bf-14b6-4644-bbca-40bc1ff1e594.mp3","mime_type":"audio/mpeg","size_in_bytes":71307220,"duration_in_seconds":5942}]},{"id":"2b307489-eb54-4432-8391-e65980da511d","title":"236: How a cd works","url":"https://www.bsdnow.tv/236","content_text":"We’ll cover OpenBSD’s defensive approach to OS security, help you  Understanding Syscall Conventions for Different Platforms, Mishandling SMTP Sender Verification, how the cd command works, and the LUA boot loader coming to FreeBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nPledge: OpenBSD’s defensive approach to OS Security\n\n\nThe meaning of Pledge is same as in the real world, that is, “a solemn promise or undertaking”.\n\nSo, in OpenBSD: Calling pledge in a program means to promise that the program will only use certain resources.\n\n\n\nHow does it make a program more secure?\n\n\n\nIt limits the operation of a program. Example: You wrote a program named ‘abc’ that only needed the stdio to just print something to stdout.\n\n\n\nYou added pledge to use only stdio and nothing else.\nThen, a malicious user found out that there is a vulnerability in your program which one can exploit and get into shell (or root shell).\nExploiting your program to open a shell (or root shell) will result in the kernel killing the process with SIGABRT (which cannot be caught/ignored) and will generate a log (which you can find with dmesg).\n\n\n\nThis happens because before executing other codes of your program, the code first pledges not to use anything other than stdio promise/operations. But, opening a shell or root shell will call several other system-calls which are distributed in lots of other promises like “stdio”, “proc”, “exec” etc. They are all forbidden because the program has already promised not to use any promises other than stdio.\n\nPledge is not a system call filter. So, it is not used to restrict system calls.\nFor example,\n\n\n\npledge(“read”,NULL) ? wrong syntax of the pledge()\npledge(“stdio inet”,NULL) ? correct syntax of the pledge()\n\n\n\nPledge works on stdio, dns, inet, etc. promises but not directly on system calls like read, write, etc. And, unique functionality of pledge() is that it works on behavioral approach not just like 1:1 approach with the system calls.\n\nOn 11 December 2017, Theo de Raadt said:\n\n\nList: openbsd-tech\nSubject: pledge execpromises\nFrom: Theo de Raadt \u0026lt;deraadt () openbsd ! org\u0026gt;\nDate: 2017–12–11 21:20:51\nMessage-ID: 6735.1513027251 () cvs ! openbsd ! org\nThis will probably be committed in the next day or so.\nThe 2nd argument of pledge() becomes execpromises, which is what\nwill gets activated after execve.\nThere is also a small new feature called “error”, which causes\nviolating system calls to return -1 with ENOSYS rather than killing\nthe process. This must be used with EXTREME CAUTION because libraries\nand programs are full of unchecked system calls. If you carry on past\none of these failures, your program is in uncharted territory and\nrisks of exploitation become high.\n“error” is being introduced for a different reason: The pre-exec\nprocess’s expectation of what the post-exec process will do might\nmismatch, so “error” allows things like starting an editor which has\nno network access or maybe other restrictions in the future…\n\n\n\n\nEvery Journey Starts with a FAIL...or Understanding Syscall Conventions for Different Platforms\n\n\nIntroduction\n\n\n\nNot long ago I started looking into FreeBSD kernel exploitation. There are only a few resources but probably the best starting point is argp's Phrack article from 2009[0]. And while he does only provide one technique, I wanted to understand it and port it to a modern FreeBSD release before describing new, own researched techniques.\n\nWell, at least this was my plan. In reality I ended researching how different operating systems resp. the same operating system but for different architectures implement syscalls. Hence, new exploiting methods have to wait for another post. In this one I want to describe my personal FAIL while porting argp's exploit example to a FreeBSD 11.1-RELEASE running on a 64bit processor. Maybe this will give other people interested in kernel stuff some insights they didn't know before. If you already know how syscalls work on 32bit and 64bit *BSD because you are an experienced exploit or kernel developer, you will probably want to search for something\nelse to read. Moreover, some of the debugging stuff can look laborious because I wanted to show the steps I have done while attacking my problem instead of showing a simple walkthrough to the solution.\n\n\n\nThe Problem\n\n\n\nargp described in his article vulnerable code consisting of a loadable kernel module which exposes a syscall to the userland. Because it was written around the time when FreeBSD 8-RELEASE came out and because he has written himself that the code needs smaller adjustments to work with this version (it was written for FreeBSD 7) I thought I will first port it to\nFreeBSD 11.1-RELEASE. Moreover it was written for an Intel 32bit processor architecture as we can see from his shellcode examples. Hence, I wanted to go right away the harder way and modify it to work on an 64bit processor.\n\n\n\nWhy the Original Code Worked While It Was Wrong\n\n\n\nAs written above, the syscall convention for the 32bit architecture is different from the one for the 64bit architecture. Indeed, a syscall on a 32bit FreeBSD system passes the arguments via the stack while the syscall offset is stored in the EAX register. The transfer into the kernel address space is done in 'cpu_fetch_syscall_args' in 'sys/i386/i386/trap.c'.\n\n\nint\ncpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa)\n{\n    ...\n    frame = td-\u0026gt;td_frame;\n\n    params = (caddr_t)frame-\u0026gt;tf_esp + sizeof(int);\n    sa-\u0026gt;code = frame-\u0026gt;tf_eax;\n\n    ...\n\n    if (params != NULL \u0026amp;\u0026amp; sa-\u0026gt;narg != 0)\n        error = copyin(params, (caddr_t)sa-\u0026gt;args,\n            (u_int)(sa-\u0026gt;narg * sizeof(int)));\n    else\n    ...\n}\n\n\n\nThat is, 'params' points to ESP+4 bytes offset. Later, the arguments are copied into the kernel space which is referenced by 'sa-\u0026gt;args'. 'args' is an array of eight 'register_t' which is defined as 'int32_t' on the 32bit platform in comparison to the 64bit platform. And as 'struct args' only\nconsisted of integers they got copied into the syscall arguments which are given to the trigger function inside the kernel module. We could verify this by changing 'int op' to 'long long op' in the kernel module and in trigger.c. We get the following output:\n\n\nroot@freebsd64:trigger/ # ./trigger\n0x28414000\n256\n3\n1\n0x28414000\n256\n4294967295\n2\nroot@freebsd64:trigger/ #\n\n\n\nTo bring this to an end: argp's version only worked for his special choice of arguments and only on 32bit. On 32bit FreeBSD platforms the arguments are transferred into kernel space by 4 byte integers, hence it will only work for integers anyway. On 64bit FreeBSD platforms we have to use syscall(2) in the intended way.\n\n\n\n\niXsystems\n\n\nNew Disks!\n\n\nA Life Lesson in Mishandling SMTP Sender Verification\n\n\nIt all started with one of those rare spam mails that got through.\n\nThis one was hawking address lists, much like the ones I occasionally receive to addresses that I can not turn into spamtraps. The message was addressed to, of all things, root@skapet.bsdly.net. (The message with full headers has been preserved here for reference).\n\nYes, that's right, they sent their spam to root@. And a quick peek at the headers revealed that like most of those attempts at hawking address lists for spamming that actually make it to a mailbox here, this one had been sent by an outlook.com customer.\n\nThe problem with spam delivered via outlook.com is that you can't usefully blacklist the sending server, since the largish chunk of the world that uses some sort of Microsoft hosted email solution (Office365 and its ilk) have their usually legitimate mail delivered via the very same infrastructure.\n\nAnd since outlook.com is one of the mail providers that doesn't play well with greylisting (it spreads its retries across no less than 81 subnets (the output of 'echo outlook.com | doas smtpctl spf walk' is preserved here), it's fairly common practice to just whitelist all those networks and avoid the hassle of lost or delayed mail to and from Microsoft customers.\n\nI was going to just ignore this message too, but we've seen an increasing number of spammy outfits taking advantage of outlook.com's seeming right of way to innocent third parties' mail boxes.\n\nSo I decided to try both to do my best at demoralizing this particular sender and alert outlook.com to their problem. I wrote a messsage (preserved here) with a Cc: to abuse@outlook.com where the meat is,\n\n\nMs Farell,\n\nThe address root@skapet.bsdly.net has never been subscribed to any mailing list, for obvious reasons. Whoever sold you an address list with that address on it are criminals and you should at least demand your money back.\n\nWhoever handles abuse@outlook.com will appreciate the attachment, which is a copy of the message as it arrived here with all headers intact.\n\nYours sincerely,\nPeter N. M. Hansteen\n\n\n\nWhat happened next is quite amazing.\n\nIf my analysis is correct, it may not be possible for senders who are not themselves outlook.com customers to actually reach the outlook.com abuse team.\n\nAny student or practitioner of SMTP mail delivery should know that SPF records should only happen on ingress, that is at the point where the mail traffic enters your infrastructure and the sender IP address is the original one. Leave the check for later when the message may have been forwarded, and you do not have sufficient data to perform the check.\n\nWhenever I encounter incredibly stupid and functionally destructive configuration errors like this I tend to believe they're down to simple incompetence and not malice.\n\nBut this one has me wondering. If you essentially require incoming mail to include the contents of spf.outlook.com (currently no less than 81 subnets) as valid senders for the domain, you are essentially saying that only outlook.com customers are allowed to communicate.\n\nIf that restriction is a result of a deliberate choice rather than a simple configuration error, the problem moves out of the technical sphere and could conceivably become a legal matter, depending on what outlook.com have specified in their contracts that they are selling to their customers.\n\nBut let us assume that this is indeed a matter of simple bad luck or incompetence and that the solution is indeed technical.\n\nI would have liked to report this to whoever does technical things at that domain via email, but unfortunately there are indications that being their customer is a precondition for using that channel of communication to them.\n\nI hope they fix that, and soon. And then move on to terminating their spamming customers' contracts.\n\nThe main lesson to be learned from this is that when you shop around for email service, please do yourself a favor and make an effort to ensure that your prospective providers actually understand how the modern-ish SMTP addons SPF, DKIM and DMARC actually work.\n\nOtherwise you may end up receiving more of the mail you don't want than what you do want, and your own mail may end up not being delivered as intended.\n\n\n\n\nNews Roundup\n\nRunning Salt Proxy Minions on OpenBSD\n\n\nAs I have previously attempted several times in the past, I am (finally) very close to switch to OpenBSD, a more stable and reliable operating system that I like. Before starting to make the actual change on both personal and work computer, I started testing some of the tools I’m currently using, and understand what are the expectations.\n\nIn general I didn’t encounter issues, or when I did, I found the answers in the documentation (which is really great), or various forums. I didn’t find however any questions regarding Proxy Minions on OpenBSD which is why I thought it might be helpful to share my experience.\n\n\n\nInstallation and Startup\n\n\n\nWith these said, I started playing with Salt, and it was simple and straightforward. First step - install Salt: pkg_add salt. This will bring several ports for Python futures, ZeroMQ, or Tornado which are needed for Salt.\n\nAfter configuring the pillar_roots in the /etc/salt/master config file for the Master, I started up the master process using rcctl:\n\n\n\nStarting up the Proxy Minions\n\n\n\nThe Salt package for OpenBSD comes with the rc file for salt-proxy as well, /etc/rc.d/salt_proxy\nWhile typically you run a single regular Minion on a given machine, it is very like that there are multiple Proxy processes. Additionally, the default Salt rc file has the following configuration for the salt-proxy daemon:\n\n\n\nStarting many Proxy Minions\n\n\n\nI have managed to startup a Proxy Minion, but what about many? Executing the three commands above for each and every device is tedious and cannot scale very well. I thus have figured the following way:\n\n\n\nHave a separate rc file per Proxy, each having the daemon instruction explicitly specifying its Minion ID\nStart the service (using the regular Minion that controls the machine where the Proxy processes are running)\nAnd the test Proxy Minion is then up (after accepting the key, i.e,, salt-key -a test)\n\n\n\nExtending the same to a (very) large number of Proxy Minions, you can easily manage the rc files and start the services using a Salt State executed on the regular Minion:\n\n\n\nUsing the file.managed State function to generate the contents of the rc file for each Proxy, with its own Minion ID.\nUsing the service.running State function start the service.\n\n\n\nThese two steps would suffice to start an arbitrary number of Proxy Minions, and the command executed will always be the same regardless how many processes you aim to manage.\n\n\n\nConclusions\n\n\n\nI am still a novice when it comes to OpenBSD, I have plenty to learn, but it looks like the transition will be much smoother than I expected. I am already looking forward to the handover, and - most importantly - I will no longer be using systemd. :-)\n\n\n\n\nLUA boot loader coming very soon\n\n\nAs you may know, the Lua (http://www.lua.org) boot loader has been in the works for some time. It started out life as a GSoC in 2014 by Pedro Souza mentored by Wojciech A. Koszek. Rui Paulo created a svn project branch to try to integrate it. I rebased that effort into a github branch which Pedro Arthur fixed up. Over the past year, I've been cleaning up the boot loader\nfor other reasons, and found the time was ripe to start integrating this into the tree. However, those integration efforts have taken a while as my day-job work on the boot loader took priority. In the mean time, Ed Maste and the FreeBSD Foundation funded Zakary Nafziger to enhance the original GSoC Lua scripts to bring it closer to parity with the evolution of the FORTH menu system since the GSoC project started.\n\nI'm pleased to announce that all these threads of development have converged and I'll be pushing the FreeBSD Lua Loader later today. This loader uses Lua as its scripting language instead of FORTH. While co-existance is planned, the timeline for it is looking to be a few weeks\nand I didn't want to delay pushing this into the tree for that.\n\nTo try the loader, you'll need to build WITHOUT_FORTH=yes and WITH_LOADER_LUA=yes. Fortunately, you needn't do a full world to do this, you can do it in src/stand and install the result (be sure to have the options for both the build and the install). This will replace your current\n/boot/loader that is scripted with FORTH to one that's scripted with Lua.\nIt will install the lua scripts in /boot/lua. The boot is scripted with /boot/lua/loader.lua instead of /boot/loader.rc. You are strongly advised to create a backup copy of /boot/loader before testing (eg cp /boot/loader /boot/loader_forth), since you'll need to boot that from boot2 if something\ngoes wrong. I've tested it extensively, though, with userboot.so and it's test program, so all the initial kinks of finding the lua scripts, etc have been worked out.\n\nWhile it's possible to build all the /boot/loader variants with Lua, I've just tested a BIOS booting /boot/loader both with and without menus enabled. I've not tested any of the other variants and the instructions for testing some of them may be rather tedious (especially UEFI, if you want a\nsimple path to back out). Since there's not been full convergence testing, you'll almost certainly find bumps in this system. Also, all the build-system APIs are likely not yet final.\n\nI put  MFC after a month on the commit. Due to the heroic (dare I say almost crazy) work of Kyle Evans on merging all the revs from -current to 11, I'm planning a MFC to 11 after the co-existence issues are hammered out. In 11, FORTH will be the default, and Lua will  be built by default, but users will have to do something to use it. 12, both FORTH and Lua will be built and installed, with Lua as default (barring unforeseen complications). Once the co-existence stuff goes in, I imagine we'll make the switch to Lua by default shortly after that. In 13, FORTH will be removed unless there's a really really compelling case made to keep it.\n\nSo please give it a spin and give me any feedback, documentation updates and/or bug fixes. I'm especially interested in reviews from people that have embedded Lua in other projects or experts in Lua that can improve the robustness of the menu code.\n\n\n\n\nBitcoin Full Node on FreeBSD\n\n\nWhat is a Bitcoin ?\n\n\n\nBitcoin is a valuable popular open-source cryptocurrency that was invented by Satoshi Nakamoto in 2009. Bitcoins have value because they possess same characteristics like money (durability, portability, fungibility, scarcity, divisibility, and recognizability), but based on the properties of mathematics rather than on physical properties (like gold and silver) or trust in central authorities (like fiat currencies). In short, Bitcoin is backed by mathematics.\nBitcoin is the first decentralized peer-to-peer cryptocurrency that is controlled by its users.\nTransactions take place directly between users, and are later verified by network nodes with digital signature and then placed in a public distributed ledger called a blockchain. Bitcoin is unique in that only 21 million bitcoins will ever be created. The unit of the bitcoin system is bitcoin or mBTC.\n\n\n\nWhat is a Bitcoin Wallet ?\n\n\n\nA wallet is nothing more than a pair of public and private keys that are created by a client to store the digital credentials for your bitcoin.\n\nThere are several types of wallets:\n\n\nDesktop Wallet\nToken Wallet\nOnline Wallet\nMobile Wallet\nA token wallet is the safest way to work with bitcoin network, but you can use your mobile or pc as a bitcoin wallet.\n\n\n\nWhat is a Blockchain?\n\n\n\nA blockchain is a ledger that records bitcoin transactions. The blockchain is a distributed database that achieves independent verification of the chain of ownership. Each network node stores its own copy of the blockchain. Transactions will broadcast on the bitcoin network, and about 2400 transactions create a block. These blocks are building blocks of the blockchain.\n\n\n\nWhat is Mining?\n\n\n\nMining is the process of dedicating computing power to process transactions, secure the network, and keep everyone in the system synchronized together. It has been designed to be fully decentralized.\nMiners need mining software with specialized hardware. Mining software listens for transactions broadcasted through the peer-to-peer network and performs appropriate tasks to process and confirm these transactions. Bitcoin miners perform this work because they can earn transaction fees paid by users for faster transaction processing.\nNew transactions have to be confirmed then be included in a block along with a mathematical proof of work. Such proofs are very hard to generate because there is no way to create them other than by trying billions of calculations per second. Hence, miners are required to perform these calculations before their blocks are accepted by the network and before they are rewarded. As more people start to mine, the difficulty of finding valid blocks is automatically increased by the network to ensure that the average time to find a block remains equal to 10 minutes. As a result, mining is a very competitive business where no individual miner can control what is included in the blockchain.\nThe proof of work is also designed to depend on the previous block to force a chronological order in the blockchain. This makes it exponentially difficult to reverse previous transactions because it would require the recalculation of the proofs of work of all the subsequent blocks. When two blocks are found at the same time, miners work on the first block they receive and switch to the longest chain of blocks as soon as the next block is found. This allows mining to secure and maintain a global consensus based on processing power.\n\n\n\nWhat is Pooled Mining?\n\n\n\nYou have more chances if you participate with others to create a block. In a pool, all participating miners get paid every time a participating server solves a block. The payment depends on the amount of work an individual miner contributed to help find that block.\n\n\n\nWhat is a Full Node?\n\n\n\nA full node is a client that fully validates transactions and blocks. Full nodes also help the network by accepting transactions and blocks from other full nodes, validating those transactions and blocks, and then relaying them to further full nodes.\nMany people and organizations volunteer to run full nodes using spare computing and bandwidth resources.\n\n\n\nWhat is a Bitcoind?\n\n\n\nbitcoind is a Bitcoin client under the MIT license in 32-bit and 64-bit versions for Windows, GNU/Linux-based OSes, Mac OS X, OpenBSD and FreeBSD as well.\n\nConclusion\n\n\n\nCryptocurrencies are replacement for banking we know today, and bitcoin is the game changer. Mining bitcoin with typical hardware is not a good idea. It needs specialized devices like ASIC, but you can create a full node and help the bitcoin network.\nUseful Links\n\n\nhttps://en.wikipedia.org/wiki/Cryptocurrency\nhttps://bitcoin.org/en/faq\n***\n\n\n\nLatest DRM Graphics work\n\n\nThe DRM Graphics stack from Linux is ported to FreeBSD on an ongoing basis to provide support for accelerated graphics for Intel and AMD GPUs.\nThe LinuxKPI bits that the drm-next-kmod driver port depends on have been merged into stable/11 and will be included as part of the upcoming FreeBSD 11.2 \nAdditionally, the version of the drives has been updated from Linux 4.9 to Linux 4.11 with a number of additional devices being supported\n***\n\n\nHow does cd work?\n\n\nIn my last blog post, I dove into some of the code behind the sudo command. I thought this was pretty fun. sudo is one of those commands that I use quite often but haven’t had the chance to look into truly. I started thinking about other commands that I use on a daily basis but had little understanding of the internals of. The first command that came to mind is cd. cd stands for change directory. Simply put, it allows you to set your current working directory to a different directory.\nI read through some of the code that was defined in this file. Some of it was in functions, and other bits were in templates, but after a while, I figured that most of the code was a wrapper around a function called chdir. A lot of the functions defined in the cd.def file linked above actually just invoke chdir and handle errors and parameter cleaning.\nSo all in all, here is what happens when you run cd on the command line.\n\n\n\nThe cd builtin is invoked as part of the Bash shell.\nThe Bash shell invokes the chdir function.\nThe chdir function is part of Unix and invokes the chdir system call.\nThe Unix kernel executes the chdir call and does its own low-level thing.\n\n\n\nI could dive in a little bit more into how #4 works, but let’s be honest, I’ve already read too much code at this point, and my eyes are starting to hurt.\n\n\n\n\nBeastie Bits\n\n\nStockholm BSD User Group: March 22\nOpen Source Hardware Camp 2018 (30/06 \u0026amp; 01/07) Call for Participation\nInitial release schedule announcement for FreeBSD 11.2\nSerious Shell Programming (Devin Teske)\nSSH Mastery 2/e out\nTCP Fast Open client side lands in FreeBSD \nHelp the Tor BSD Project increase the OS diversity of Tor nodes, for your own safety, and everyone else's \n5 Differences Between TrueOS \u0026amp; Linux\n***\n\n\nFeedback/Questions\n\n\nAmbrose - Bunch of questions\nEddy - ZFSoL with single SSD\n\n\n","content_html":"\u003cp\u003eWe’ll cover OpenBSD’s defensive approach to OS security, help you  Understanding Syscall Conventions for Different Platforms, Mishandling SMTP Sender Verification, how the cd command works, and the LUA boot loader coming to FreeBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@_neerajpal/pledge-openbsds-defensive-approach-for-os-security-86629ef779ce\" rel=\"nofollow\"\u003ePledge: OpenBSD’s defensive approach to OS Security\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe meaning of Pledge is same as in the real world, that is, “a solemn promise or undertaking”.\u003c/p\u003e\n\n\u003cp\u003eSo, in OpenBSD: Calling pledge in a program means to promise that the program will only use certain resources.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow does it make a program more secure?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt limits the operation of a program. Example: You wrote a program named ‘abc’ that only needed the stdio to just print something to stdout.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou added pledge to use only stdio and nothing else.\u003c/li\u003e\n\u003cli\u003eThen, a malicious user found out that there is a vulnerability in your program which one can exploit and get into shell (or root shell).\u003c/li\u003e\n\u003cli\u003eExploiting your program to open a shell (or root shell) will result in the kernel killing the process with SIGABRT (which cannot be caught/ignored) and will generate a log (which you can find with dmesg).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis happens because before executing other codes of your program, the code first pledges not to use anything other than stdio promise/operations. But, opening a shell or root shell will call several other system-calls which are distributed in lots of other promises like “stdio”, “proc”, “exec” etc. They are all forbidden because the program has already promised not to use any promises other than stdio.\u003c/p\u003e\n\n\u003cp\u003ePledge is not a system call filter. So, it is not used to restrict system calls.\u003cbr\u003e\nFor example,\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003epledge(“read”,NULL) ? wrong syntax of the pledge()\u003c/li\u003e\n\u003cli\u003epledge(“stdio inet”,NULL) ? correct syntax of the pledge()\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePledge works on stdio, dns, inet, etc. promises but not directly on system calls like read, write, etc. And, unique functionality of pledge() is that it works on behavioral approach not just like 1:1 approach with the system calls.\u003c/p\u003e\n\n\u003cp\u003eOn 11 December 2017, Theo de Raadt said:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eList: openbsd-tech\nSubject: pledge execpromises\nFrom: Theo de Raadt \u0026lt;deraadt () openbsd ! org\u0026gt;\nDate: 2017–12–11 21:20:51\nMessage-ID: 6735.1513027251 () cvs ! openbsd ! org\nThis will probably be committed in the next day or so.\nThe 2nd argument of pledge() becomes execpromises, which is what\nwill gets activated after execve.\nThere is also a small new feature called “error”, which causes\nviolating system calls to return -1 with ENOSYS rather than killing\nthe process. This must be used with EXTREME CAUTION because libraries\nand programs are full of unchecked system calls. If you carry on past\none of these failures, your program is in uncharted territory and\nrisks of exploitation become high.\n“error” is being introduced for a different reason: The pre-exec\nprocess’s expectation of what the post-exec process will do might\nmismatch, so “error” allows things like starting an editor which has\nno network access or maybe other restrictions in the future…\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://k3research.outerhaven.de/posts/every-journey-starts-with-a-fail.html\" rel=\"nofollow\"\u003eEvery Journey Starts with a FAIL...or Understanding Syscall Conventions for Different Platforms\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNot long ago I started looking into FreeBSD kernel exploitation. There are only a few resources but probably the best starting point is argp\u0026#39;s Phrack article from 2009[0]. And while he does only provide one technique, I wanted to understand it and port it to a modern FreeBSD release before describing new, own researched techniques.\u003c/p\u003e\n\n\u003cp\u003eWell, at least this was my plan. In reality I ended researching how different operating systems resp. the same operating system but for different architectures implement syscalls. Hence, new exploiting methods have to wait for another post. In this one I want to describe my personal FAIL while porting argp\u0026#39;s exploit example to a FreeBSD 11.1-RELEASE running on a 64bit processor. Maybe this will give other people interested in kernel stuff some insights they didn\u0026#39;t know before. If you already know how syscalls work on 32bit and 64bit *BSD because you are an experienced exploit or kernel developer, you will probably want to search for something\u003cbr\u003e\nelse to read. Moreover, some of the debugging stuff can look laborious because I wanted to show the steps I have done while attacking my problem instead of showing a simple walkthrough to the solution.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Problem\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eargp described in his article vulnerable code consisting of a loadable kernel module which exposes a syscall to the userland. Because it was written around the time when FreeBSD 8-RELEASE came out and because he has written himself that the code needs smaller adjustments to work with this version (it was written for FreeBSD 7) I thought I will first port it to\u003cbr\u003e\nFreeBSD 11.1-RELEASE. Moreover it was written for an Intel 32bit processor architecture as we can see from his shellcode examples. Hence, I wanted to go right away the harder way and modify it to work on an 64bit processor.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy the Original Code Worked While It Was Wrong\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs written above, the syscall convention for the 32bit architecture is different from the one for the 64bit architecture. Indeed, a syscall on a 32bit FreeBSD system passes the arguments via the stack while the syscall offset is stored in the EAX register. The transfer into the kernel address space is done in \u0026#39;cpu_fetch_syscall_args\u0026#39; in \u0026#39;sys/i386/i386/trap.c\u0026#39;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eint\ncpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa)\n{\n    ...\n    frame = td-\u0026gt;td_frame;\n\n    params = (caddr_t)frame-\u0026gt;tf_esp + sizeof(int);\n    sa-\u0026gt;code = frame-\u0026gt;tf_eax;\n\n    ...\n\n    if (params != NULL \u0026amp;\u0026amp; sa-\u0026gt;narg != 0)\n        error = copyin(params, (caddr_t)sa-\u0026gt;args,\n            (u_int)(sa-\u0026gt;narg * sizeof(int)));\n    else\n    ...\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThat is, \u0026#39;params\u0026#39; points to ESP+4 bytes offset. Later, the arguments are copied into the kernel space which is referenced by \u0026#39;sa-\u0026gt;args\u0026#39;. \u0026#39;args\u0026#39; is an array of eight \u0026#39;register_t\u0026#39; which is defined as \u0026#39;int32_t\u0026#39; on the 32bit platform in comparison to the 64bit platform. And as \u0026#39;struct args\u0026#39; only\u003cbr\u003e\nconsisted of integers they got copied into the syscall arguments which are given to the trigger function inside the kernel module. We could verify this by changing \u0026#39;int op\u0026#39; to \u0026#39;long long op\u0026#39; in the kernel module and in trigger.c. We get the following output:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eroot@freebsd64:trigger/ # ./trigger\n0x28414000\n256\n3\n1\n0x28414000\n256\n4294967295\n2\nroot@freebsd64:trigger/ #\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo bring this to an end: argp\u0026#39;s version only worked for his special choice of arguments and only on 32bit. On 32bit FreeBSD platforms the arguments are transferred into kernel space by 4 byte integers, hence it will only work for integers anyway. On 64bit FreeBSD platforms we have to use syscall(2) in the intended way.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eiXsystems\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/gdpr-countdown/\" rel=\"nofollow\"\u003eNew Disks!\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdly.blogspot.co.uk/2018/02/a-life-lesson-in-mishandling-smtp.html\" rel=\"nofollow\"\u003eA Life Lesson in Mishandling SMTP Sender Verification\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt all started with one of those rare spam mails that got through.\u003c/p\u003e\n\n\u003cp\u003eThis one was hawking address lists, much like the ones I occasionally receive to addresses that I can not turn into spamtraps. The message was addressed to, of all things, \u003ca href=\"mailto:root@skapet.bsdly.net\" rel=\"nofollow\"\u003eroot@skapet.bsdly.net\u003c/a\u003e. (The message with full headers has been preserved here for reference).\u003c/p\u003e\n\n\u003cp\u003eYes, that\u0026#39;s right, they sent their spam to \u003ca href=\"mailto:root@\" rel=\"nofollow\"\u003eroot@\u003c/a\u003e. And a quick peek at the headers revealed that like most of those attempts at hawking address lists for spamming that actually make it to a mailbox here, this one had been sent by an outlook.com customer.\u003c/p\u003e\n\n\u003cp\u003eThe problem with spam delivered via outlook.com is that you can\u0026#39;t usefully blacklist the sending server, since the largish chunk of the world that uses some sort of Microsoft hosted email solution (Office365 and its ilk) have their usually legitimate mail delivered via the very same infrastructure.\u003c/p\u003e\n\n\u003cp\u003eAnd since outlook.com is one of the mail providers that doesn\u0026#39;t play well with greylisting (it spreads its retries across no less than 81 subnets (the output of \u0026#39;echo outlook.com | doas smtpctl spf walk\u0026#39; is preserved here), it\u0026#39;s fairly common practice to just whitelist all those networks and avoid the hassle of lost or delayed mail to and from Microsoft customers.\u003c/p\u003e\n\n\u003cp\u003eI was going to just ignore this message too, but we\u0026#39;ve seen an increasing number of spammy outfits taking advantage of outlook.com\u0026#39;s seeming right of way to innocent third parties\u0026#39; mail boxes.\u003c/p\u003e\n\n\u003cp\u003eSo I decided to try both to do my best at demoralizing this particular sender and alert outlook.com to their problem. I wrote a messsage (preserved here) with a Cc: to \u003ca href=\"mailto:abuse@outlook.com\" rel=\"nofollow\"\u003eabuse@outlook.com\u003c/a\u003e where the meat is,\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eMs Farell,\n\nThe address root@skapet.bsdly.net has never been subscribed to any mailing list, for obvious reasons. Whoever sold you an address list with that address on it are criminals and you should at least demand your money back.\n\nWhoever handles abuse@outlook.com will appreciate the attachment, which is a copy of the message as it arrived here with all headers intact.\n\nYours sincerely,\nPeter N. M. Hansteen\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat happened next is quite amazing.\u003c/p\u003e\n\n\u003cp\u003eIf my analysis is correct, it may not be possible for senders who are not themselves outlook.com customers to actually reach the outlook.com abuse team.\u003c/p\u003e\n\n\u003cp\u003eAny student or practitioner of SMTP mail delivery should know that SPF records should only happen on ingress, that is at the point where the mail traffic enters your infrastructure and the sender IP address is the original one. Leave the check for later when the message may have been forwarded, and you do not have sufficient data to perform the check.\u003c/p\u003e\n\n\u003cp\u003eWhenever I encounter incredibly stupid and functionally destructive configuration errors like this I tend to believe they\u0026#39;re down to simple incompetence and not malice.\u003c/p\u003e\n\n\u003cp\u003eBut this one has me wondering. If you essentially require incoming mail to include the contents of spf.outlook.com (currently no less than 81 subnets) as valid senders for the domain, you are essentially saying that only outlook.com customers are allowed to communicate.\u003c/p\u003e\n\n\u003cp\u003eIf that restriction is a result of a deliberate choice rather than a simple configuration error, the problem moves out of the technical sphere and could conceivably become a legal matter, depending on what outlook.com have specified in their contracts that they are selling to their customers.\u003c/p\u003e\n\n\u003cp\u003eBut let us assume that this is indeed a matter of simple bad luck or incompetence and that the solution is indeed technical.\u003c/p\u003e\n\n\u003cp\u003eI would have liked to report this to whoever does technical things at that domain via email, but unfortunately there are indications that being their customer is a precondition for using that channel of communication to them.\u003c/p\u003e\n\n\u003cp\u003eI hope they fix that, and soon. And then move on to terminating their spamming customers\u0026#39; contracts.\u003c/p\u003e\n\n\u003cp\u003eThe main lesson to be learned from this is that when you shop around for email service, please do yourself a favor and make an effort to ensure that your prospective providers actually understand how the modern-ish SMTP addons SPF, DKIM and DMARC actually work.\u003c/p\u003e\n\n\u003cp\u003eOtherwise you may end up receiving more of the mail you don\u0026#39;t want than what you do want, and your own mail may end up not being delivered as intended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mirceaulinic.net/2018-02-14-openbsd-salt-proxy/\" rel=\"nofollow\"\u003eRunning Salt Proxy Minions on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs I have previously attempted several times in the past, I am (finally) very close to switch to OpenBSD, a more stable and reliable operating system that I like. Before starting to make the actual change on both personal and work computer, I started testing some of the tools I’m currently using, and understand what are the expectations.\u003c/p\u003e\n\n\u003cp\u003eIn general I didn’t encounter issues, or when I did, I found the answers in the documentation (which is really great), or various forums. I didn’t find however any questions regarding Proxy Minions on OpenBSD which is why I thought it might be helpful to share my experience.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstallation and Startup\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith these said, I started playing with Salt, and it was simple and straightforward. First step - install Salt: pkg_add salt. This will bring several ports for Python futures, ZeroMQ, or Tornado which are needed for Salt.\u003c/p\u003e\n\n\u003cp\u003eAfter configuring the pillar_roots in the /etc/salt/master config file for the Master, I started up the master process using rcctl:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eStarting up the Proxy Minions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Salt package for OpenBSD comes with the rc file for salt-proxy as well, /etc/rc.d/salt_proxy\u003cbr\u003e\nWhile typically you run a single regular Minion on a given machine, it is very like that there are multiple Proxy processes. Additionally, the default Salt rc file has the following configuration for the salt-proxy daemon:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eStarting many Proxy Minions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have managed to startup a Proxy Minion, but what about many? Executing the three commands above for each and every device is tedious and cannot scale very well. I thus have figured the following way:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHave a separate rc file per Proxy, each having the daemon instruction explicitly specifying its Minion ID\u003c/li\u003e\n\u003cli\u003eStart the service (using the regular Minion that controls the machine where the Proxy processes are running)\u003c/li\u003e\n\u003cli\u003eAnd the test Proxy Minion is then up (after accepting the key, i.e,, salt-key -a test)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eExtending the same to a (very) large number of Proxy Minions, you can easily manage the rc files and start the services using a Salt State executed on the regular Minion:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsing the file.managed State function to generate the contents of the rc file for each Proxy, with its own Minion ID.\u003c/li\u003e\n\u003cli\u003eUsing the service.running State function start the service.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese two steps would suffice to start an arbitrary number of Proxy Minions, and the command executed will always be the same regardless how many processes you aim to manage.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI am still a novice when it comes to OpenBSD, I have plenty to learn, but it looks like the transition will be much smoother than I expected. I am already looking forward to the handover, and - most importantly - I will no longer be using systemd. :-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-February/068464.html\" rel=\"nofollow\"\u003eLUA boot loader coming very soon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs you may know, the Lua (\u003ca href=\"http://www.lua.org\" rel=\"nofollow\"\u003ehttp://www.lua.org\u003c/a\u003e) boot loader has been in the works for some time. It started out life as a GSoC in 2014 by Pedro Souza mentored by Wojciech A. Koszek. Rui Paulo created a svn project branch to try to integrate it. I rebased that effort into a github branch which Pedro Arthur fixed up. Over the past year, I\u0026#39;ve been cleaning up the boot loader\u003cbr\u003e\nfor other reasons, and found the time was ripe to start integrating this into the tree. However, those integration efforts have taken a while as my day-job work on the boot loader took priority. In the mean time, Ed Maste and the FreeBSD Foundation funded Zakary Nafziger to enhance the original GSoC Lua scripts to bring it closer to parity with the evolution of the FORTH menu system since the GSoC project started.\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;m pleased to announce that all these threads of development have converged and I\u0026#39;ll be pushing the FreeBSD Lua Loader later today. This loader uses Lua as its scripting language instead of FORTH. While co-existance is planned, the timeline for it is looking to be a few weeks\u003cbr\u003e\nand I didn\u0026#39;t want to delay pushing this into the tree for that.\u003c/p\u003e\n\n\u003cp\u003eTo try the loader, you\u0026#39;ll need to build WITHOUT_FORTH=yes and WITH_LOADER_LUA=yes. Fortunately, you needn\u0026#39;t do a full world to do this, you can do it in src/stand and install the result (be sure to have the options for both the build and the install). This will replace your current\u003cbr\u003e\n/boot/loader that is scripted with FORTH to one that\u0026#39;s scripted with Lua.\u003cbr\u003e\nIt will install the lua scripts in /boot/lua. The boot is scripted with /boot/lua/loader.lua instead of /boot/loader.rc. You are strongly advised to create a backup copy of /boot/loader before testing (eg cp /boot/loader /boot/loader_forth), since you\u0026#39;ll need to boot that from boot2 if something\u003cbr\u003e\ngoes wrong. I\u0026#39;ve tested it extensively, though, with userboot.so and it\u0026#39;s test program, so all the initial kinks of finding the lua scripts, etc have been worked out.\u003c/p\u003e\n\n\u003cp\u003eWhile it\u0026#39;s possible to build all the /boot/loader variants with Lua, I\u0026#39;ve just tested a BIOS booting /boot/loader both with and without menus enabled. I\u0026#39;ve not tested any of the other variants and the instructions for testing some of them may be rather tedious (especially UEFI, if you want a\u003cbr\u003e\nsimple path to back out). Since there\u0026#39;s not been full convergence testing, you\u0026#39;ll almost certainly find bumps in this system. Also, all the build-system APIs are likely not yet final.\u003c/p\u003e\n\n\u003cp\u003eI put  MFC after a month on the commit. Due to the heroic (dare I say almost crazy) work of Kyle Evans on merging all the revs from -current to 11, I\u0026#39;m planning a MFC to 11 after the co-existence issues are hammered out. In 11, FORTH will be the default, and Lua will  be built by default, but users will have to do something to use it. 12, both FORTH and Lua will be built and installed, with Lua as default (barring unforeseen complications). Once the co-existence stuff goes in, I imagine we\u0026#39;ll make the switch to Lua by default shortly after that. In 13, FORTH will be removed unless there\u0026#39;s a really really compelling case made to keep it.\u003c/p\u003e\n\n\u003cp\u003eSo please give it a spin and give me any feedback, documentation updates and/or bug fixes. I\u0026#39;m especially interested in reviews from people that have embedded Lua in other projects or experts in Lua that can improve the robustness of the menu code.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/5374-2/\" rel=\"nofollow\"\u003eBitcoin Full Node on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is a Bitcoin ?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBitcoin is a valuable popular open-source cryptocurrency that was invented by Satoshi Nakamoto in 2009. Bitcoins have value because they possess same characteristics like money (durability, portability, fungibility, scarcity, divisibility, and recognizability), but based on the properties of mathematics rather than on physical properties (like gold and silver) or trust in central authorities (like fiat currencies). In short, Bitcoin is backed by mathematics.\u003cbr\u003e\nBitcoin is the first decentralized peer-to-peer cryptocurrency that is controlled by its users.\u003cbr\u003e\nTransactions take place directly between users, and are later verified by network nodes with digital signature and then placed in a public distributed ledger called a blockchain. Bitcoin is unique in that only 21 million bitcoins will ever be created. The unit of the bitcoin system is bitcoin or mBTC.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is a Bitcoin Wallet ?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA wallet is nothing more than a pair of public and private keys that are created by a client to store the digital credentials for your bitcoin.\u003c/p\u003e\n\n\u003cp\u003eThere are several types of wallets:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eDesktop Wallet\nToken Wallet\nOnline Wallet\nMobile Wallet\nA token wallet is the safest way to work with bitcoin network, but you can use your mobile or pc as a bitcoin wallet.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is a Blockchain?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA blockchain is a ledger that records bitcoin transactions. The blockchain is a distributed database that achieves independent verification of the chain of ownership. Each network node stores its own copy of the blockchain. Transactions will broadcast on the bitcoin network, and about 2400 transactions create a block. These blocks are building blocks of the blockchain.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is Mining?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMining is the process of dedicating computing power to process transactions, secure the network, and keep everyone in the system synchronized together. It has been designed to be fully decentralized.\u003cbr\u003e\nMiners need mining software with specialized hardware. Mining software listens for transactions broadcasted through the peer-to-peer network and performs appropriate tasks to process and confirm these transactions. Bitcoin miners perform this work because they can earn transaction fees paid by users for faster transaction processing.\u003cbr\u003e\nNew transactions have to be confirmed then be included in a block along with a mathematical proof of work. Such proofs are very hard to generate because there is no way to create them other than by trying billions of calculations per second. Hence, miners are required to perform these calculations before their blocks are accepted by the network and before they are rewarded. As more people start to mine, the difficulty of finding valid blocks is automatically increased by the network to ensure that the average time to find a block remains equal to 10 minutes. As a result, mining is a very competitive business where no individual miner can control what is included in the blockchain.\u003cbr\u003e\nThe proof of work is also designed to depend on the previous block to force a chronological order in the blockchain. This makes it exponentially difficult to reverse previous transactions because it would require the recalculation of the proofs of work of all the subsequent blocks. When two blocks are found at the same time, miners work on the first block they receive and switch to the longest chain of blocks as soon as the next block is found. This allows mining to secure and maintain a global consensus based on processing power.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is Pooled Mining?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou have more chances if you participate with others to create a block. In a pool, all participating miners get paid every time a participating server solves a block. The payment depends on the amount of work an individual miner contributed to help find that block.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is a Full Node?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA full node is a client that fully validates transactions and blocks. Full nodes also help the network by accepting transactions and blocks from other full nodes, validating those transactions and blocks, and then relaying them to further full nodes.\u003cbr\u003e\nMany people and organizations volunteer to run full nodes using spare computing and bandwidth resources.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is a Bitcoind?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ebitcoind is a Bitcoin client under the MIT license in 32-bit and 64-bit versions for Windows, GNU/Linux-based OSes, Mac OS X, OpenBSD and FreeBSD as well.\u003c/p\u003e\n\n\u003cp\u003eConclusion\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCryptocurrencies are replacement for banking we know today, and bitcoin is the game changer. Mining bitcoin with typical hardware is not a good idea. It needs specialized devices like ASIC, but you can create a full node and help the bitcoin network.\u003c/li\u003e\n\u003cli\u003eUseful Links\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://en.wikipedia.org/wiki/Cryptocurrency\" rel=\"nofollow\"\u003ehttps://en.wikipedia.org/wiki/Cryptocurrency\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitcoin.org/en/faq\" rel=\"nofollow\"\u003ehttps://bitcoin.org/en/faq\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eLatest DRM Graphics work\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe DRM Graphics stack from Linux is ported to FreeBSD on an ongoing basis to provide support for accelerated graphics for Intel and AMD GPUs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=462202\" rel=\"nofollow\"\u003eThe LinuxKPI bits that the drm-next-kmod driver port depends on have been merged into stable/11 and will be included as part of the upcoming FreeBSD 11.2 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-February/068690.html\" rel=\"nofollow\"\u003eAdditionally, the version of the drives has been updated from Linux 4.9 to Linux 4.11 with a number of additional devices being supported\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.safia.rocks/post/171311670379/how-does-cd-work\" rel=\"nofollow\"\u003eHow does \u003ccode\u003ecd\u003c/code\u003e work?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my last blog post, I dove into some of the code behind the sudo command. I thought this was pretty fun. sudo is one of those commands that I use quite often but haven’t had the chance to look into truly. I started thinking about other commands that I use on a daily basis but had little understanding of the internals of. The first command that came to mind is cd. cd stands for change directory. Simply put, it allows you to set your current working directory to a different directory.\u003cbr\u003e\nI read through some of the code that was defined in this file. Some of it was in functions, and other bits were in templates, but after a while, I figured that most of the code was a wrapper around a function called chdir. A lot of the functions defined in the cd.def file linked above actually just invoke chdir and handle errors and parameter cleaning.\u003cbr\u003e\nSo all in all, here is what happens when you run cd on the command line.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe cd builtin is invoked as part of the Bash shell.\u003c/li\u003e\n\u003cli\u003eThe Bash shell invokes the chdir function.\u003c/li\u003e\n\u003cli\u003eThe chdir function is part of Unix and invokes the chdir system call.\u003c/li\u003e\n\u003cli\u003eThe Unix kernel executes the chdir call and does its own low-level thing.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI could dive in a little bit more into how #4 works, but let’s be honest, I’ve already read too much code at this point, and my eyes are starting to hurt.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/247552279/\" rel=\"nofollow\"\u003eStockholm BSD User Group: March 22\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-February/014182.html\" rel=\"nofollow\"\u003eOpen Source Hardware Camp 2018 (30/06 \u0026amp; 01/07) Call for Participation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/11.2R/schedule.html\" rel=\"nofollow\"\u003eInitial release schedule announcement for FreeBSD 11.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.gitbook.com/book/freebsdfrau/serious-shell-programming/details\" rel=\"nofollow\"\u003eSerious Shell Programming (Devin Teske)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3115\" rel=\"nofollow\"\u003eSSH Mastery 2/e out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=330001\" rel=\"nofollow\"\u003eTCP Fast Open client side lands in FreeBSD \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://torbsd.org/open-letter.html\" rel=\"nofollow\"\u003eHelp the Tor BSD Project increase the OS diversity of Tor nodes, for your own safety, and everyone else\u0026#39;s \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.kompulsa.com/2018/02/23/5-differences-trueos-linux/\" rel=\"nofollow\"\u003e5 Differences Between TrueOS \u0026amp; Linux\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAmbrose - \u003ca href=\"http://dpaste.com/0KRRG18#wrap\" rel=\"nofollow\"\u003eBunch of questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEddy - \u003ca href=\"http://dpaste.com/0MTXYJN#wrap\" rel=\"nofollow\"\u003eZFSoL with single SSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"We’ll cover OpenBSD’s defensive approach to OS security, help you  Understanding Syscall Conventions for Different Platforms, Mishandling SMTP Sender Verification, how the cd command works, and the LUA boot loader coming to FreeBSD.","date_published":"2018-03-07T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2b307489-eb54-4432-8391-e65980da511d.mp3","mime_type":"audio/mpeg","size_in_bytes":87714580,"duration_in_seconds":7309}]},{"id":"460ca95a-5b37-4d69-9367-525dfa539ab6","title":"235: I C you BSD","url":"https://www.bsdnow.tv/235","content_text":"How the term open source was created, running FreeBSD on ThinkPad T530, Moving away from Windows, Unknown Giants, as well as OpenBSD and FreeDOS.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nHow I coined the term 'open source'\n\n\nIn a few days, on February 3, the 20th anniversary of the introduction of the term \"open source software\" is upon us. As open source software grows in popularity and powers some of the most robust and important innovations of our time, we reflect on its rise to prominence.\n\nI am the originator of the term \"open source software\" and came up with it while executive director at Foresight Institute. Not a software developer like the rest, I thank Linux programmer Todd Anderson for supporting the term and proposing it to the group.\n\nThis is my account of how I came up with it, how it was proposed, and the subsequent reactions. Of course, there are a number of accounts of the coining of the term, for example by Eric Raymond and Richard Stallman, yet this is mine, written on January 2, 2006.\n\nIt has never been published, until today.\n\nThe introduction of the term \"open source software\" was a deliberate effort to make this field of endeavor more understandable to newcomers and to business, which was viewed as necessary to its spread to a broader community of users. The problem with the main earlier label, \"free software,\" was not its political connotations, but that—to newcomers—its seeming focus on price is distracting. A term was needed that focuses on the key issue of source code and that does not immediately confuse those new to the concept. The first term that came along at the right time and fulfilled these requirements was rapidly adopted: open source.\n\nThis term had long been used in an \"intelligence\" (i.e., spying) context, but to my knowledge, use of the term with respect to software prior to 1998 has not been confirmed. The account below describes how the term open source software caught on and became the name of both an industry and a movement.\n\n\n\nMeetings on computer security\n\n\n\nIn late 1997, weekly meetings were being held at Foresight Institute to discuss computer security. Foresight is a nonprofit think tank focused on nanotechnology and artificial intelligence, and software security is regarded as central to the reliability and security of both. We had identified free software as a promising approach to improving software security and reliability and were looking for ways to promote it. Interest in free software was starting to grow outside the programming community, and it was increasingly clear that an opportunity was coming to change the world. However, just how to do this was unclear, and we were groping for strategies.\n\nAt these meetings, we discussed the need for a new term due to the confusion factor. The argument was as follows: those new to the term \"free software\" assume it is referring to the price. Oldtimers must then launch into an explanation, usually given as follows: \"We mean free as in freedom, not free as in beer.\" At this point, a discussion on software has turned into one about the price of an alcoholic beverage. The problem was not that explaining the meaning is impossible—the problem was that the name for an important idea should not be so confusing to newcomers. A clearer term was needed. No political issues were raised regarding the free software term; the issue was its lack of clarity to those new to the concept.\n\n\n\nReleasing Netscape\n\n\n\nOn February 2, 1998, Eric Raymond arrived on a visit to work with Netscape on the plan to release the browser code under a free-software-style license. We held a meeting that night at Foresight's office in Los Altos to strategize and refine our message. In addition to Eric and me, active participants included Brian Behlendorf, Michael Tiemann, Todd Anderson, Mark S. Miller, and Ka-Ping Yee. But at that meeting, the field was still described as free software or, by Brian, \"source code available\" software.\n\nWhile in town, Eric used Foresight as a base of operations. At one point during his visit, he was called to the phone to talk with a couple of Netscape legal and/or marketing staff. When he was finished, I asked to be put on the phone with them—one man and one woman, perhaps Mitchell Baker—so I could bring up the need for a new term. They agreed in principle immediately, but no specific term was agreed upon.\n\nBetween meetings that week, I was still focused on the need for a better name and came up with the term \"open source software.\" While not ideal, it struck me as good enough. I ran it by at least four others: Eric Drexler, Mark Miller, and Todd Anderson liked it, while a friend in marketing and public relations felt the term \"open\" had been overused and abused and believed we could do better. He was right in theory; however, I didn't have a better idea, so I thought I would try to go ahead and introduce it. In hindsight, I should have simply proposed it to Eric Raymond, but I didn't know him well at the time, so I took an indirect strategy instead.\n\nTodd had agreed strongly about the need for a new term and offered to assist in getting the term introduced. This was helpful because, as a non-programmer, my influence within the free software community was weak. My work in nanotechnology education at Foresight was a plus, but not enough for me to be taken very seriously on free software questions. As a Linux programmer, Todd would be listened to more closely.\n\n\n\nThe key meeting\n\n\n\nLater that week, on February 5, 1998, a group was assembled at VA Research to brainstorm on strategy. Attending—in addition to Eric Raymond, Todd, and me—were Larry Augustin, Sam Ockman, and attending by phone, Jon \"maddog\" Hall.\n\nThe primary topic was promotion strategy, especially which companies to approach. I said little, but was looking for an opportunity to introduce the proposed term. I felt that it wouldn't work for me to just blurt out, \"All you technical people should start using my new term.\" Most of those attending didn't know me, and for all I knew, they might not even agree that a new term was greatly needed, or even somewhat desirable.\n\nFortunately, Todd was on the ball. Instead of making an assertion that the community should use this specific new term, he did something less directive—a smart thing to do with this community of strong-willed individuals. He simply used the term in a sentence on another topic—just dropped it into the conversation to see what happened. I went on alert, hoping for a response, but there was none at first. The discussion continued on the original topic. It seemed only he and I had noticed the usage.\n\nNot so—memetic evolution was in action. A few minutes later, one of the others used the term, evidently without noticing, still discussing a topic other than terminology. Todd and I looked at each other out of the corners of our eyes to check: yes, we had both noticed what happened. I was excited—it might work! But I kept quiet: I still had low status in this group. Probably some were wondering why Eric had invited me at all.\n\nToward the end of the meeting, the question of terminology was brought up explicitly, probably by Todd or Eric. Maddog mentioned \"freely distributable\" as an earlier term, and \"cooperatively developed\" as a newer term. Eric listed \"free software,\" \"open source,\" and \"sourceware\" as the main options. Todd advocated the \"open source\" model, and Eric endorsed this. I didn't say much, letting Todd and Eric pull the (loose, informal) consensus together around the open source name. It was clear that to most of those at the meeting, the name change was not the most important thing discussed there; a relatively minor issue. Only about 10% of my notes from this meeting are on the terminology question.\n\nBut I was elated. These were some key leaders in the community, and they liked the new name, or at least didn't object. This was a very good sign. There was probably not much more I could do to help; Eric Raymond was far better positioned to spread the new meme, and he did. Bruce Perens signed on to the effort immediately, helping set up Opensource.org and playing a key role in spreading the new term.\n\nFor the name to succeed, it was necessary, or at least highly desirable, that Tim O'Reilly agree and actively use it in his many projects on behalf of the community. Also helpful would be use of the term in the upcoming official release of the Netscape Navigator code. By late February, both O'Reilly \u0026amp; Associates and Netscape had started to use the term.\n\n\n\nGetting the name out\n\n\n\nAfter this, there was a period during which the term was promoted by Eric Raymond to the media, by Tim O'Reilly to business, and by both to the programming community. It seemed to spread very quickly.\n\nOn April 7, 1998, Tim O'Reilly held a meeting of key leaders in the field. Announced in advance as the first \"Freeware Summit,\" by April 14 it was referred to as the first \"Open Source Summit.\"\n\nThese months were extremely exciting for open source. Every week, it seemed, a new company announced plans to participate. Reading Slashdot became a necessity, even for those like me who were only peripherally involved. I strongly believe that the new term was helpful in enabling this rapid spread into business, which then enabled wider use by the public.\n\nA quick Google search indicates that \"open source\" appears more often than \"free software,\" but there still is substantial use of the free software term, which remains useful and should be included when communicating with audiences who prefer it.\n\n\n\nA happy twinge\n\n\n\nWhen an early account of the terminology change written by Eric Raymond was posted on the Open Source Initiative website, I was listed as being at the VA brainstorming meeting, but not as the originator of the term. This was my own fault; I had neglected to tell Eric the details. My impulse was to let it pass and stay in the background, but Todd felt otherwise. He suggested to me that one day I would be glad to be known as the person who coined the name \"open source software.\" He explained the situation to Eric, who promptly updated his site.\n\nComing up with a phrase is a small contribution, but I admit to being grateful to those who remember to credit me with it. Every time I hear it, which is very often now, it gives me a little happy twinge.\n\nThe big credit for persuading the community goes to Eric Raymond and Tim O'Reilly, who made it happen. Thanks to them for crediting me, and to Todd Anderson for his role throughout. The above is not a complete account of open source history; apologies to the many key players whose names do not appear. Those seeking a more complete account should refer to the links in this article and elsewhere on the net.\n\n\n\n\nFreeBSD on a Laptop - A guide to a fully functional installation of FreeBSD on a ThinkPad T530\n\n\nAs I stated my previous post, I recently dug up my old ThinkPad T530 after the embarrassing stream of OS X security bugs this month. Although this ThinkPad ran Gentoo faithfully during my time in graduate school at Clemson, these days I'd much rather spend time my wife and baby than fighting with emerge and USE flags. FreeBSD has always been my OS of choice, and laptop support seems to be much better than it was a few years ago. In this guide, I'll show you the tweaks I made to wrestle FreeBSD into a decent experience on a laptop.\n\nUnlike my usual posts, this time I'm going to assume you're already pretty familiar with FreeBSD. If you're a layman looking for your first BSD-based desktop, I highly recommend checking out TrueOS (previously PC-BSD): they've basically taken FreeBSD and packaged it with all the latest drivers, along with a user-friendly installer and custom desktop environment out of the box. TrueOS is an awesome project–the only reason I don't use it is because I'm old, grumpy, and persnickety about having my operating system just so.\n\nAnyway, if you'd still like to take the plunge, read on. Keep in mind, I'm using a ThinkPad T530, but other ThinkPads of the same generation should be similarly compatible.\n\n\n\nHere's what you'll get:\n\n\nDecent battery life (8-9 hours with a new 9-cell battery)\nUEFI boot and full-disk encryption\nWiFi (Intel Ultimate-N 6300)\nEthernet (Intel PRO/1000)\nScreen brightness adjustment\nSuspend/Resume on lid close (make sure to disable TPM in BIOS)\nAudio (Realtek ALC269 HDA, speakers and headphone jack)\nKeyboard multimedia buttons\nTouchpad/Trackpoint\nGraphics Acceleration (with integrated Intel graphics, NVIDIA card disabled in BIOS)\n\nWhat I haven't tested yet:\n\n\nBluetooth\nWebcam\nFingerprint reader\nSD Card slot\n\nInstallation\nPower Saving\nTweaks for Desktop Use\nX11\nFonts\nLogin Manager: SLiM\nDesktop Environment: i3\nApplications\n\n\n\n\nThe LLVM Sanitizers stage accomplished\n\n\nI've managed to get the Memory Sanitizer to work for the elementary base system utilities, like ps(1), awk(1) and ksh(1). This means that the toolchain is ready for tests and improvements. I've iterated over the basesystem utilities and I looked for bugs, both in programs and in sanitizers. The number of detected bugs in the userland programs was low, there merely was one reading of an uninitialized variable in ps(1).\n\n\n\nA prebuilt LLVM toolchain\n\n\n\nI've prepared a prebuilt toolchain with Clang, LLVM, LLDB and compiler-rt for NetBSD/amd64. I prepared the toolchain on 8.99.12, however I have received reports that it works on other older releases. Link: llvm-clang-compilerrt-lldb-7.0.0beta_2018-01-24.tar.bz2\n\nThe archive has to be untarballed to /usr/local (however it might work to some extent in other paths).\n\nThis toolchain contains a prebuilt tree of the LLVM projects from a snapshot of 7.0.0(svn). It is a pristine snapshot of HEAD with patches from pkgsrc-wip for llvm, clang, compiler-rt and lldb.\n\n\n\nSanitizers\n\n\nNotable changes in sanitizers, all of them are in the context of NetBSD support.\n\n\n\nAdded fstat(2) MSan interceptor.\nSupport for kvm(3) interceptors in the common sanitizer code.\nAdded devname(3) and devname_r(3) interceptors to the common sanitizer code.\nAdded sysctl(3) familty of functions interceptors in the common sanitizer code.\nAdded strlcpy(3)/strlcat(3) interceptors in the common sanitizer code.\nAdded getgrouplist(3)/getgroupmembership(3) interceptors in the common sanitizer code.\nCorrect ctype(3) interceptors in a code using Native Language Support.\nCorrect tzset(3) interceptor in MSan.\nCorrect localtime(3) interceptor in the common sanitizer code.\nAdded paccept(2) interceptor to the common sanitizer code.\nAdded access(2) and faccessat(2) interceptors to the common sanitizer code.\nAdded acct(2) interceptor to the common sanitizer code.\nAdded accept4(2) interceptor to the common sanitizer code.\nAdded fgetln(3) interceptor to the common sanitizer code.\nAdded interceptors for the pwcache(3)-style functions in the common sanitizer code.\nAdded interceptors for the getprotoent(3)-style functions in the common sanitizer code.\nAdded interceptors for the getnetent(3)-style functions in the common sanitizer code.\nAdded interceptors for the fts(3)-style functions in the common sanitizer code.\nAdded lstat(3) interceptor in MSan.\nAdded strftime(3) interceptor in the common sanitizer code.\nAdded strmode(3) interceptor in the common sanitizer code.\nAdded interceptors for the regex(3)-style functions in the common sanitizer code.\nDisabled unwanted interceptor __sigsetjmp in TSan.\n\n\n\nBase system changes\n\n\n\nI've tidied up inclusion of the internal namespace.h header in libc. This has hidden the usage of public global symbol names of:\n\n\nstrlcat -\u0026gt; _strlcat\nsysconf -\u0026gt; __sysconf\nclosedir -\u0026gt; _closedir\nfparseln -\u0026gt; _fparseln\nkill -\u0026gt; _kill\nmkstemp -\u0026gt; _mkstemp\nreallocarr -\u0026gt; _reallocarr\nstrcasecmp -\u0026gt; _strcasecmp\nstrncasecmp -\u0026gt; _strncasecmp\nstrptime -\u0026gt; _strptime\nstrtok_r -\u0026gt; _strtok_r\nsysctl -\u0026gt; _sysctl\ndlopen -\u0026gt; __dlopen\ndlclose -\u0026gt; __dlclose\ndlsym -\u0026gt; __dlsym\nstrlcpy -\u0026gt; _strlcpy\nfdopen -\u0026gt; _fdopen\nmmap -\u0026gt; _mmap\nstrdup -\u0026gt; _strdup\n\n\n\nThe purpose of these changes was to stop triggering interceptors recursively. Such interceptors lead to sanitization of internals of unprepared (not recompiled with sanitizers) prebuilt code. It's not trivial to sanitize libc's internals and the sanitizers are not designed to do so. This means that they are not a full replacement of Valgrind-like software, but a a supplement in the developer toolbox. Valgrind translates native code to a bytecode virtual machine, while sanitizers are designed to work with interceptors inside the pristine elementary libraries (libc, libm, librt, libpthread) and embed functionality into the executable's code.\n\nI've also reverted the vadvise(2) syscall removal, from the previous month. This caused a regression in legacy code recompiled against still supported compat layers. Newly compiled code will use a libc's stub of vadvise(2).\n\nI've also prepared a patch installing dedicated headers for sanitizers along with the base system GCC. It's still discussed and should land the sources soon.\n\n\n\nFuture directions and goals\n\n\nPossible paths in random order:\nIn the quartet of UBSan (Undefined Behavior Sanitizer), ASan (Address Sanitizer), TSan (Thread Sanitizer), MSan (Memory Sanitizer) we need to add the fifth basic sanitizer: LSan (Leak Sanitizer). The Leak Sanitizer (detector of memory leaks) demands a stable ptrace(2) interface for processes with multiple threads (unless we want to build a custom kernel interface).\nIntegrate the sanitizers with the userland framework in order to ship with the native toolchain to users.\nPort sanitizers from LLVM to GCC.\nAllow to sanitize programs linked against userland libraries other than libc, librt, libm and libpthread; by a global option (like MKSANITIZER) producing a userland that is partially prebuilt with a desired sanitizer. This is required to run e.g. MSanitized programs against editline(3). So far, there is no Operating System distribution in existence with a native integration with sanitizers. There are 3rd party scripts for certain OSes to build a stack of software dependencies in order to validate a piece of software.\nExecute ATF tests with the userland rebuilt with supported flavors of sanitizers and catch regressions.\nFinish porting of modern linkers designed for large C++ software, such as GNU GOLD and LLVM LLD. Today the bottleneck with building the LLVM toolchain is a suboptimal linker GNU ld(1).\n\n\n\n\nI've decided to not open new battlefields and return now to porting LLDB and fixing ptrace(2).\n\n\n\nPlan for the next milestone\n\n\nKeep upstreaming a pile of local compiler-rt patches.\nRestore the LLDB support for traced programs with a single thread.\n\n\n\n\n\nInterview - Goran Mekic - meka@tilda.center / @meka_floss\n\n\nCBSD website Jail and VM Manager\n***\n\n\nNews Roundup\n\nFinally Moving Away From Windows\n\n\nBroken Window\n\n\n\nThanks to a combination of some really impressive malware, bad clicking, and poor website choices, I had to blow away my Windows 10 installation. Not that it was Window’s fault, but a piece of malware had infected my computer when I tried to download a long lost driver for an even longer lost RAID card for a server. A word of advice – the download you’re looking for is never on an ad-infested forum in another language. In any case, I had been meaning to switch away from Windows soon. I didn’t have my entire plan ready, but now was as good a time as any.\n\nMy line of work requires me to maintain some form of Windows installation, so I decided to keep it in a VM rather than dual booting as I was developing code and not running any high-end visual stuff like games. My first thought was to install Arch or Gentoo Linux, but the last time I attempted a Gentoo installation it left me bootless. Not that there is anything wrong with Gentoo, it was probably my fault, but I like the idea of some sort of installer so I looked at rock-solid Debian. My dad had installed Debian on his sweet new cutting-edge Lenovo laptop he received recently from work. He often raves about his cool scripts and much more effective customized experience, but often complains about his hybrid GPU support as he has an Intel/Nvidia hybrid display adapter (he has finally resolved it and now boasts his 6 connected displays).\n\nI didn’t want to install Windows again, but something didn’t feel right about installing some flavour of Linux. Back at home I have a small collection of FreeBSD servers running in all sorts of jails and other physical hardware, with the exception of one Debian server which I had the hardest time dealing with (it would be FreeBSD too if 802.11ac support was there as it is acting as my WiFi/gateway/IDS/IPS). I loved my FreeBSD servers, and yes I will write posts about each one soon enough. I wanted that cleanliness and familiarity on my desktop as well (I really love the ports collection!). It’s settled – I will run FreeBSD on my laptop. This also created a new rivalry with my father, which is not a bad thing either.\n\n\n\nPlaying Devil’s Advocate\n\n\n\nThe first thing I needed to do was backup my Windows data. This was easy enough, just run a Windows Image Backup and it will- wait, what? Why isn’t this working? I didn’t want to fiddle with this too long because I didn’t actually need an image just the data. I ended up just copying over the files to an external hard disk. Once that was done, I downloaded and verified the latest FreeBSD 11.1 RELEASE memstick image and flashed it to my trusty 8GB Verbatim USB stick. I’ve had this thing since 2007, it works great for being my re-writable “CD”. I booted it up and started the installation. I knew this installer pretty well as I had test-installed FreeBSD and OpenBSD in VMs when I was researching a Unix style replacement OS last year. In any case, I left most of the defaults (I didn’t want to play with custom kernels right now) and I selected all packages. This downloaded them from the FreeBSD FTP server as I only had the memstick image. The installer finished and I was off to my first boot. Great! so far so good. FreeBSD loaded up and I did a ‘pkg upgrade’ just to make sure that everything was up to date.\n\nAlright, time to get down to business. I needed nano. I just can’t use vi, or just not yet. I don’t care about being a vi-wizard, that’s just too much effort for me. Anyway, just a ‘pkg install nano’ and I had my editor. Next was obvious, I needed x11. XFCE was common, and there were plenty of tutorials out there. I wont bore you with those details, but it went something like ‘pkg install xfce’ and I got all the dependencies. Don’t forget to install SLiM to make it seamless. There are some configs in the .login I think. SLiM needs to be called once the boot drops you to the login so that you get SLiM’s nice GUI login instead of the CLI login screen. Then SLiM passes you off to XFCE. I think I followed this and this. Awesome. Now that x11 is working, it’s time to get all of my apps from Windows. Obviously, I can’t get everything (ie. Visual Studio, Office). But in my Windows installation, I had chosen many open-source or cross-compiled apps as they either worked better or so that I was ready to move away from Windows at a moments notice. ‘pkg install firefox thunderbird hexchat pidgin gpa keepass owncloud-client transmission-qt5 veracrypt openvpn’ were some immediate picks. There are a lot more that I downloaded later, but these are a few I use everyday. My laptop also has the same hybrid display adapter config that my dad’s has, but I chose to only run Intel graphics, so dual screens are no problem for me. I’ll add Nvidia support later, but it’s not a priority.\n\nAfter I had imported my private keys and loaded my firefox and thunderbird settings, I wanted to get my Windows VM running right away as I was burning productive days at work fiddling with this. I had only two virtualisation options; qemu/kvm and bhyve. qemu/kvm wasn’t available in pkg, and looked real dirty to compile, from FreeBSD’s point of view. My dad is using qemu/kvm with virt-manager to manage all of his Windows/Unix VMs alike. I wanted that experience, but I also wanted packages that could be updated and I didn’t want to mess up a compile. bhyve was a better choice. It was built-in, it was more compatible with Windows (from what I read), and this is a great step-by-step article for Windows 10 on FreeBSD 11 bhyve! I had already tried to get virt-manager to work with bhyve with no luck. I don’t think libvirt connects with bhyve completely, or maybe my config is wrong. But I didn’t have time to fiddle with it. I managed it all through command lines and that has worked perfectly so far. Well sorta, there was an issue installing SQL Server, and only SQL Server, on my Windows VM. This was due to a missing ‘sectorsize=512’ setting on the disk parameter on the bhyve command line. That was only found after A LOT of digging because the SQL Server install didn’t log the error properly. I eventually found out that SQL Server only likes one sector size of disks for the install and my virtual disk geometry was incorrect.\n\n\n\nApps Apps Apps\n\n\n\nI installed Windows 10 on my bhyve VM and I got that all setup with the apps I needed for work. Mostly Office, Visual Studio, and vSphere for managing our server farm. Plus all of the annoying 3rd party VPN software (I’m looking at you Dell and Cisco). Alright, with the Windows VM done, I can now work at work and finish FreeBSD mostly during the nights. I still needed my remote files (I setup an ownCloud instance on a FreeNAS jail at home) so I setup the client. Now, normally on Windows I would come to work and connect to my home network using OpenVPN (again, I have a OpenVPN FreeNAS jail at home) and the ownCloud desktop would be able to handle changing DNS destination IPs Not on FreeBSD (and Linux too?). I ended up just configuring the ownCloud client to just connect to the home LAN IP for the ownCloud server and always connecting the OpenVPN to sync things. It kinda sucks, but at least it works. I left that running at home overnight to get a full sync (~130GB cloud sync, another reason I use it over Google or Microsoft). Once that was done I moved onto the fstab as I had another 1TB SSD in my laptop with other files. I messed around with fstab and my NFS shares to my FreeNAS at home, but took them out as they made the boot time so long when I wasn’t at home. I would only mount them when my OpenVPN connected or manually. I really wanted to install SpaceFM, but it’s only available as a package on Debian and their non-package install script doesn’t work on FreeBSD (packages are named differently). I tried doing it manually, but it was too much work. As my dad was the one who introduced me to it, he still uses it as a use-case for his Debian setup. Instead I kept to the original PCManFM and it works just fine. I also loaded up my Bitcoin and Litecoin wallets and pointed them to the blockchain that I has used on Windows after their sync, they loaded perfectly and my balances were there. I kinda wish there was the Bitcoin-ABC full node Bitcoin Cash wallet package on FreeBSD, but I’m sure it will come out later.\n\nThe rest is essentially just tweaks and making the environment more comfortable for me, and with most programs installed as packages I feel a lot better with upgrades and audit checking (‘pkg audit -F’ is really helpful!). I will always hate Python, actually, I will always hate any app that has it’s own package manager. I do miss the GUI GitHub tool on Windows. It was a really good-looking way to view all of my repos. The last thing (which is increasing it’s priority every time I go to a social media site or YouTube) is fonts. My god I never thought it was such a problem, and UTF support is complicated. If anyone knows how to get all UTF characters to show up, please let me know. I’d really like Wikipedia articles to load perfectly (I followed this post and there are still some missing). There are some extra tweaks I followed here and here.\n\n\n\nConclusion\n\n\n\nI successfully migrated from Windows 10 to FreeBSD 11.1 with minimal consequence. Shout out goes to the entire FreeBSD community. So many helpful people in there, and the forums are a great place to find tons of information. Also thanks to the ones who wrote the how-to articles I’ve referenced. I never would have gotten bhyve to work and I’d still probably be messing with my X config without them. I guess my take home from this is to not be afraid to make changes that may change how comfortable I am in an environment. I’m always open to comments and questions, please feel free to make them below. I purposefully didn’t include too many technical things or commands in this article as I wanted to focus on the larger picture of the migration as a whole not the struggles of xorg.conf, but if you would like to see some of the configs or commands I used, let me know and I’ll include some!\n\n\n\n\nTrueOS Rules of Conduct\n\n\nWe believe code is truly agnostic and embrace inclusiveness regardless of a person’s individual beliefs. As such we only ask the following when participating in TrueOS public events and digital forums:\nTreat each other with respect and professionalism.\nLeave personal and TrueOS unrelated conversations to other channels.\nIn other words, it’s all about the code. Users who feel the above rules have been violated in some way can register a complaint with abuse@trueos.org\n\n\nShorter than the BSD License\nPositive response from the community\nI really like the @TrueOS Code of Conduct, unlike some other CoCs. It's short, clear and covers everything.\nMost #OpenSource projects are labour of love. Why do you need a something that reads like a legal contract?\n***\n\n\n\nFreeBSD: The Unknown Giant\n\n\nI decided to write this article as a gratitude for the recent fast answer of the FreeBSD/TrueOS community with my questions and doubts. I am impressed how fast and how they tried to help me about this operating system which I used in the past(2000-2007) but recently in 2017 I began to use it again.\n\n\nA lot has changed in 10 years\nI was looking around the internet, trying to do some research about recent information about FreeBSD and other versions or an easy to use spins like PCBSD (now TrueOS)\nI used to be Windows/Mac user for so many years until 2014 when I decided to use Linux as my desktop OS just because I wanted to use something different. I always wanted to use unix or a unix-like operating system, nowadays my main objective is to learn more about  these operating systems (Debian Linux, TrueOS or FreeBSD).\nFreeBSD has similarities with Linux, with two major differences in scope and licensing: FreeBSD maintains a complete operating system, i.e. the project delivers kernel, device drivers, userland utilities and documentation, as opposed to Linux delivering a kernel and drivers only and relying on third-parties for system software; and FreeBSD source code is generally released under a permissive BSD license as opposed to the copyleft GPL used by Linux.“\nBut why do I call FreeBSD “The Unknown Giant”?, because the code base of this operating system has been used by other companies to develop their own operating system for products like computers or also game consoles.\nFreeBSD is used for storage appliances, firewalls, email scanners, network scanners, network security appliances, load balancers, video servers, and more\nSo many people now will learn that not only “linux is everywhere” but also that “FreeBSD is everywhere too”\nBy the way speaking about movies, Do you remember the movie “The Matrix”? FreeBSD was used to make the movie: “The photo-realistic surroundings generated by this method were incorporated into the bullet time scene, and linear interpolation filled in any gaps of the still images to produce a fluent dynamic motion; the computer-generated “lead in” and “lead out” slides were filled in between frames in sequence to get an illusion of orbiting the scene. Manex Visual Effects used a cluster farm running the Unix-like operating system FreeBSD to render many of the film’s visual effects”\nFreeBSD Press Release re: The Matrix \nI hope that I gave a good reference, information and now so many people can understand why I am going to use just Debian Linux and FreeBSD(TrueOS) to do so many different stuff (music, 3d animation, video editing and text editing) instead use a Mac or Windows.\nFreeBSD really is the unknown giant.\n***\n\n\n\nOpenBSD and FreeDOS vs the hell in earth\n\n\nYes sir, yes. Our family, composed until now by OpenBSD, Alpine Linux and Docker is rapidly growing. And yes, sir. Yes. All together we're fighting against your best friends, the infamous, the ugliest, the worst...the dudes called the privacy cannibals. Do you know what i mean, sure?\nWe're working hard, no matter what time is it, no matter in what part in the world we are, no matter if we've no money. We perfectly know that you cannot do nothing against the true. And we're doing our best to expand our true, our doors are opened to all the good guys, there's a lot here but their brain was fucked by your shit tv, your fake news, your laws, etc etc etc. We're alive, we're here to fight against you.\nTonight, yes it's a Friday night and we're working, we're ready to welcome with open arms an old guy, his experience will give us more power. Welcome to: FreeDOS\n\nBut why we want to build a bootable usb stick with FreeDOS under our strong OpenBSD? The answer is as usual to fight against the privacy cannibals!\nMore than one decade ago the old BIOS was silently replaced by the more capable and advanced UEFI, this is absolutely normal because of the pass of the years and exponencial grow of the power of our personal computers. UEFI is a complex system, it's like a standalone system operative with direct access to every component of our (yes, it's our not your!) machine. But...wait a moment...do you know how to use it? Do you ever know that it exist? And one more thing, it's secure? The answer to this question is totally insane, no, it's not secure. The idea is good, the company that started in theory is one of the most important in IT, it's Intel.\nThe history is very large and obviously we're going to go very deep in it, but trust me UEFI and the various friend of him, like ME, TPM are insecure and closed source! Like the hell in earth.\n\n\n\nA FreeDOS bootable usb image under OpenBSD\n\n\n\nBut let's start preparing our OpenBSD to put order in this chaos:\n\n\n$ mkdir -p freedos/stuff\n$ cd freedos/stuff\n$ wget https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdboot.img\n$ wget https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/dos/sys/sys-freedos-linux/sys-freedos-linux.zip\n$ wget https://download.lenovo.com/consumer/desktop/o35jy19usa_y900.exe\n$ wget http://145.130.102.57/domoticx/software/amiflasher/AFUDOS%20Flasher%205.05.04.7z\nExplanation in clear language as usual: create two directory, download the minimal boot disc image of FreeDOS, download Syslinux assembler MBR bootloaders, download the last Windows only UEFI update from Lenovo and download the relative unknown utility from AMI to flash our motherboard UEFI chipset. Go ahead:\n\n$ doas pkg_add -U nasm unzip dosfstools cabextract p7zip\n\n\nnasm the Netwide Assembler, a portable 80x86 assembler. \nunzip list, test and extract compressed files in a ZIP archive. \ndosfstoolsa collections of utilities to manipulate MS-DOSfs. \ncabextract program to extract files from cabinet. \np7zipcollection of utilities to manipulate 7zip archives.\n\n\n$ mkdir sys-freedos-linux \u0026amp;\u0026amp; cd sys-freedos-linux\n$ unzip ../sys-freedos-linux.zip\n$ cd ~/freedos \u0026amp;\u0026amp; mkdir old new\n$ dd if=/dev/null of=freedos.img bs=1024 seek=20480\n$ mkfs.fat freedos.img\n\n\n\nCreate another working directory, cd into it, unzip the archive that we've downloaded, return to the working root and create another twos directories. dd is one of the most important utilities in the unix world to manipulate at byte level input and output:\n\nThe dd utility copies the standard input to the standard output, applying any specified conversions. Input data is read and written in 512-byte blocks. If input reads are short, input from multiple reads are aggregated to form the output block. When finished, dd displays the number of complete and partial input and output blocks and truncated input records to the standard error output.\n\nWe're creating here a virtual disk with bs=1024 we're setting both input and output block to 1024bytes; with seek=20480 we require 20480bytes. This is the result:\n\n\n-rw-r--r-- 1 taglio taglio 20971520 Feb 3 00:11 freedos.img.\n\n\nNext we format the virtual disk using the MS-DOS filesystem. Go ahead:\n\n\n$ doas su\n$ perl stuff/sys-freedos-linux/sys-freedos.pl --disk=freedos.img\n$ vnconfig vnd0 stuff/fdboot.img\n$ vnconfig vnd1 freedos.img\n$ mount -t msdos /dev/vnd0c old/\n$ mount -t msdos /dev/vnd1c new/\n\n\n\nWe use the perl utility from syslinux to write the MBR of our virtual disk freedos.img. Next we create to loop virtual node using the OpenBSD utility vnconfig. Take care here because it is quite different from Linux, but as usual is clear and simple. The virtual nodes are associated to the downloaded fdboot.img and the newly created freedos.img. Next we mount the two virtual nodes cpartitions; in OpenBSD cpartition describes the entire physical disk. Quite different from Linux, take care.\n\n\n$ cp -R old/* new/\n$ cd stuff\n$ mkdir o35jy19usa\n$ cabextract -d o35jy19usa o35jy19usa_y900.exe\n$ doas su\n$ cp o35jy19usa/ ../new/\n$ mkdir afudos \u0026amp;\u0026amp; cd afudos\n$ 7z e ../AFUDOS*\n$ doas su\n$ cp AFUDOS.exe ../../new/\n$ umount ~/freedos/old/ \u0026amp;\u0026amp; umount ~/freedos/new/\n$ vnconfig -u vnd1 \u0026amp;\u0026amp; vnconfig -u vnd0\n\n\n\nCopy all files and directories in the new virtual node partition, extract the Lenovo cabinet in a new directory, copy the result in our new image, extract the afudos utility and like the others copy it. Umount the partitions and destroy the loop vnode.\n\n\n\n\nBeastie Bits\n\n\nNetBSD - A modern operating system for your retro battlestation\nFOSDEM OS distribution\nUpdate on two pledge-related changes\n*execpromises\nSlides for (BSD from scratch - from source to OS with ease on NetBSD)\nGoobyte LastPass: You're fired! \n***\n\n\nFeedback/Questions\n\n\nScott - ZFS Mirror with SLOG\nTroels - Question about compressed ARC\nJeff - FreeBSD Desktop DNS\nJonathon - Bhyve and gpu passthrough\n***\n","content_html":"\u003cp\u003eHow the term open source was created, running FreeBSD on ThinkPad T530, Moving away from Windows, Unknown Giants, as well as OpenBSD and FreeDOS.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opensource.com/article/18/2/coining-term-open-source-software\" rel=\"nofollow\"\u003eHow I coined the term \u0026#39;open source\u0026#39;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn a few days, on February 3, the 20th anniversary of the introduction of the term \u0026quot;open source software\u0026quot; is upon us. As open source software grows in popularity and powers some of the most robust and important innovations of our time, we reflect on its rise to prominence.\u003c/p\u003e\n\n\u003cp\u003eI am the originator of the term \u0026quot;open source software\u0026quot; and came up with it while executive director at Foresight Institute. Not a software developer like the rest, I thank Linux programmer Todd Anderson for supporting the term and proposing it to the group.\u003c/p\u003e\n\n\u003cp\u003eThis is my account of how I came up with it, how it was proposed, and the subsequent reactions. Of course, there are a number of accounts of the coining of the term, for example by Eric Raymond and Richard Stallman, yet this is mine, written on January 2, 2006.\u003c/p\u003e\n\n\u003cp\u003eIt has never been published, until today.\u003c/p\u003e\n\n\u003cp\u003eThe introduction of the term \u0026quot;open source software\u0026quot; was a deliberate effort to make this field of endeavor more understandable to newcomers and to business, which was viewed as necessary to its spread to a broader community of users. The problem with the main earlier label, \u0026quot;free software,\u0026quot; was not its political connotations, but that—to newcomers—its seeming focus on price is distracting. A term was needed that focuses on the key issue of source code and that does not immediately confuse those new to the concept. The first term that came along at the right time and fulfilled these requirements was rapidly adopted: open source.\u003c/p\u003e\n\n\u003cp\u003eThis term had long been used in an \u0026quot;intelligence\u0026quot; (i.e., spying) context, but to my knowledge, use of the term with respect to software prior to 1998 has not been confirmed. The account below describes how the term open source software caught on and became the name of both an industry and a movement.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeetings on computer security\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn late 1997, weekly meetings were being held at Foresight Institute to discuss computer security. Foresight is a nonprofit think tank focused on nanotechnology and artificial intelligence, and software security is regarded as central to the reliability and security of both. We had identified free software as a promising approach to improving software security and reliability and were looking for ways to promote it. Interest in free software was starting to grow outside the programming community, and it was increasingly clear that an opportunity was coming to change the world. However, just how to do this was unclear, and we were groping for strategies.\u003c/p\u003e\n\n\u003cp\u003eAt these meetings, we discussed the need for a new term due to the confusion factor. The argument was as follows: those new to the term \u0026quot;free software\u0026quot; assume it is referring to the price. Oldtimers must then launch into an explanation, usually given as follows: \u0026quot;We mean free as in freedom, not free as in beer.\u0026quot; At this point, a discussion on software has turned into one about the price of an alcoholic beverage. The problem was not that explaining the meaning is impossible—the problem was that the name for an important idea should not be so confusing to newcomers. A clearer term was needed. No political issues were raised regarding the free software term; the issue was its lack of clarity to those new to the concept.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eReleasing Netscape\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn February 2, 1998, Eric Raymond arrived on a visit to work with Netscape on the plan to release the browser code under a free-software-style license. We held a meeting that night at Foresight\u0026#39;s office in Los Altos to strategize and refine our message. In addition to Eric and me, active participants included Brian Behlendorf, Michael Tiemann, Todd Anderson, Mark S. Miller, and Ka-Ping Yee. But at that meeting, the field was still described as free software or, by Brian, \u0026quot;source code available\u0026quot; software.\u003c/p\u003e\n\n\u003cp\u003eWhile in town, Eric used Foresight as a base of operations. At one point during his visit, he was called to the phone to talk with a couple of Netscape legal and/or marketing staff. When he was finished, I asked to be put on the phone with them—one man and one woman, perhaps Mitchell Baker—so I could bring up the need for a new term. They agreed in principle immediately, but no specific term was agreed upon.\u003c/p\u003e\n\n\u003cp\u003eBetween meetings that week, I was still focused on the need for a better name and came up with the term \u0026quot;open source software.\u0026quot; While not ideal, it struck me as good enough. I ran it by at least four others: Eric Drexler, Mark Miller, and Todd Anderson liked it, while a friend in marketing and public relations felt the term \u0026quot;open\u0026quot; had been overused and abused and believed we could do better. He was right in theory; however, I didn\u0026#39;t have a better idea, so I thought I would try to go ahead and introduce it. In hindsight, I should have simply proposed it to Eric Raymond, but I didn\u0026#39;t know him well at the time, so I took an indirect strategy instead.\u003c/p\u003e\n\n\u003cp\u003eTodd had agreed strongly about the need for a new term and offered to assist in getting the term introduced. This was helpful because, as a non-programmer, my influence within the free software community was weak. My work in nanotechnology education at Foresight was a plus, but not enough for me to be taken very seriously on free software questions. As a Linux programmer, Todd would be listened to more closely.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe key meeting\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLater that week, on February 5, 1998, a group was assembled at VA Research to brainstorm on strategy. Attending—in addition to Eric Raymond, Todd, and me—were Larry Augustin, Sam Ockman, and attending by phone, Jon \u0026quot;maddog\u0026quot; Hall.\u003c/p\u003e\n\n\u003cp\u003eThe primary topic was promotion strategy, especially which companies to approach. I said little, but was looking for an opportunity to introduce the proposed term. I felt that it wouldn\u0026#39;t work for me to just blurt out, \u0026quot;All you technical people should start using my new term.\u0026quot; Most of those attending didn\u0026#39;t know me, and for all I knew, they might not even agree that a new term was greatly needed, or even somewhat desirable.\u003c/p\u003e\n\n\u003cp\u003eFortunately, Todd was on the ball. Instead of making an assertion that the community should use this specific new term, he did something less directive—a smart thing to do with this community of strong-willed individuals. He simply used the term in a sentence on another topic—just dropped it into the conversation to see what happened. I went on alert, hoping for a response, but there was none at first. The discussion continued on the original topic. It seemed only he and I had noticed the usage.\u003c/p\u003e\n\n\u003cp\u003eNot so—memetic evolution was in action. A few minutes later, one of the others used the term, evidently without noticing, still discussing a topic other than terminology. Todd and I looked at each other out of the corners of our eyes to check: yes, we had both noticed what happened. I was excited—it might work! But I kept quiet: I still had low status in this group. Probably some were wondering why Eric had invited me at all.\u003c/p\u003e\n\n\u003cp\u003eToward the end of the meeting, the question of terminology was brought up explicitly, probably by Todd or Eric. Maddog mentioned \u0026quot;freely distributable\u0026quot; as an earlier term, and \u0026quot;cooperatively developed\u0026quot; as a newer term. Eric listed \u0026quot;free software,\u0026quot; \u0026quot;open source,\u0026quot; and \u0026quot;sourceware\u0026quot; as the main options. Todd advocated the \u0026quot;open source\u0026quot; model, and Eric endorsed this. I didn\u0026#39;t say much, letting Todd and Eric pull the (loose, informal) consensus together around the open source name. It was clear that to most of those at the meeting, the name change was not the most important thing discussed there; a relatively minor issue. Only about 10% of my notes from this meeting are on the terminology question.\u003c/p\u003e\n\n\u003cp\u003eBut I was elated. These were some key leaders in the community, and they liked the new name, or at least didn\u0026#39;t object. This was a very good sign. There was probably not much more I could do to help; Eric Raymond was far better positioned to spread the new meme, and he did. Bruce Perens signed on to the effort immediately, helping set up Opensource.org and playing a key role in spreading the new term.\u003c/p\u003e\n\n\u003cp\u003eFor the name to succeed, it was necessary, or at least highly desirable, that Tim O\u0026#39;Reilly agree and actively use it in his many projects on behalf of the community. Also helpful would be use of the term in the upcoming official release of the Netscape Navigator code. By late February, both O\u0026#39;Reilly \u0026amp; Associates and Netscape had started to use the term.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGetting the name out\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter this, there was a period during which the term was promoted by Eric Raymond to the media, by Tim O\u0026#39;Reilly to business, and by both to the programming community. It seemed to spread very quickly.\u003c/p\u003e\n\n\u003cp\u003eOn April 7, 1998, Tim O\u0026#39;Reilly held a meeting of key leaders in the field. Announced in advance as the first \u0026quot;Freeware Summit,\u0026quot; by April 14 it was referred to as the first \u0026quot;Open Source Summit.\u0026quot;\u003c/p\u003e\n\n\u003cp\u003eThese months were extremely exciting for open source. Every week, it seemed, a new company announced plans to participate. Reading Slashdot became a necessity, even for those like me who were only peripherally involved. I strongly believe that the new term was helpful in enabling this rapid spread into business, which then enabled wider use by the public.\u003c/p\u003e\n\n\u003cp\u003eA quick Google search indicates that \u0026quot;open source\u0026quot; appears more often than \u0026quot;free software,\u0026quot; but there still is substantial use of the free software term, which remains useful and should be included when communicating with audiences who prefer it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA happy twinge\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen an early account of the terminology change written by Eric Raymond was posted on the Open Source Initiative website, I was listed as being at the VA brainstorming meeting, but not as the originator of the term. This was my own fault; I had neglected to tell Eric the details. My impulse was to let it pass and stay in the background, but Todd felt otherwise. He suggested to me that one day I would be glad to be known as the person who coined the name \u0026quot;open source software.\u0026quot; He explained the situation to Eric, who promptly updated his site.\u003c/p\u003e\n\n\u003cp\u003eComing up with a phrase is a small contribution, but I admit to being grateful to those who remember to credit me with it. Every time I hear it, which is very often now, it gives me a little happy twinge.\u003c/p\u003e\n\n\u003cp\u003eThe big credit for persuading the community goes to Eric Raymond and Tim O\u0026#39;Reilly, who made it happen. Thanks to them for crediting me, and to Todd Anderson for his role throughout. The above is not a complete account of open source history; apologies to the many key players whose names do not appear. Those seeking a more complete account should refer to the links in this article and elsewhere on the net.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.c0ffee.net/blog/freebsd-on-a-laptop\" rel=\"nofollow\"\u003eFreeBSD on a Laptop - A guide to a fully functional installation of FreeBSD on a ThinkPad T530\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs I stated my previous post, I recently dug up my old ThinkPad T530 after the embarrassing stream of OS X security bugs this month. Although this ThinkPad ran Gentoo faithfully during my time in graduate school at Clemson, these days I\u0026#39;d much rather spend time my wife and baby than fighting with emerge and USE flags. FreeBSD has always been my OS of choice, and laptop support seems to be much better than it was a few years ago. In this guide, I\u0026#39;ll show you the tweaks I made to wrestle FreeBSD into a decent experience on a laptop.\u003c/p\u003e\n\n\u003cp\u003eUnlike my usual posts, this time I\u0026#39;m going to assume you\u0026#39;re already pretty familiar with FreeBSD. If you\u0026#39;re a layman looking for your first BSD-based desktop, I highly recommend checking out TrueOS (previously PC-BSD): they\u0026#39;ve basically taken FreeBSD and packaged it with all the latest drivers, along with a user-friendly installer and custom desktop environment out of the box. TrueOS is an awesome project–the only reason I don\u0026#39;t use it is because I\u0026#39;m old, grumpy, and persnickety about having my operating system just so.\u003c/p\u003e\n\n\u003cp\u003eAnyway, if you\u0026#39;d still like to take the plunge, read on. Keep in mind, I\u0026#39;m using a ThinkPad T530, but other ThinkPads of the same generation should be similarly compatible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eHere\u0026#39;s what you\u0026#39;ll get:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eDecent battery life (8-9 hours with a new 9-cell battery)\u003c/li\u003e\n\u003cli\u003eUEFI boot and full-disk encryption\u003c/li\u003e\n\u003cli\u003eWiFi (Intel Ultimate-N 6300)\u003c/li\u003e\n\u003cli\u003eEthernet (Intel PRO/1000)\u003c/li\u003e\n\u003cli\u003eScreen brightness adjustment\u003c/li\u003e\n\u003cli\u003eSuspend/Resume on lid close (make sure to disable TPM in BIOS)\u003c/li\u003e\n\u003cli\u003eAudio (Realtek ALC269 HDA, speakers and headphone jack)\u003c/li\u003e\n\u003cli\u003eKeyboard multimedia buttons\u003c/li\u003e\n\u003cli\u003eTouchpad/Trackpoint\u003c/li\u003e\n\u003cli\u003eGraphics Acceleration (with integrated Intel graphics, NVIDIA card disabled in BIOS)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWhat I haven\u0026#39;t tested yet:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBluetooth\u003c/li\u003e\n\u003cli\u003eWebcam\u003c/li\u003e\n\u003cli\u003eFingerprint reader\u003c/li\u003e\n\u003cli\u003eSD Card slot\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eInstallation\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003ePower Saving\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eTweaks for Desktop Use\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eX11\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFonts\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLogin Manager: SLiM\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDesktop Environment: i3\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eApplications\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_llvm_sanitizers_stage_accomplished\" rel=\"nofollow\"\u003eThe LLVM Sanitizers stage accomplished\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve managed to get the Memory Sanitizer to work for the elementary base system utilities, like ps(1), awk(1) and ksh(1). This means that the toolchain is ready for tests and improvements. I\u0026#39;ve iterated over the basesystem utilities and I looked for bugs, both in programs and in sanitizers. The number of detected bugs in the userland programs was low, there merely was one reading of an uninitialized variable in ps(1).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA prebuilt LLVM toolchain\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve prepared a prebuilt toolchain with Clang, LLVM, LLDB and compiler-rt for NetBSD/amd64. I prepared the toolchain on 8.99.12, however I have received reports that it works on other older releases. Link: llvm-clang-compilerrt-lldb-7.0.0beta_2018-01-24.tar.bz2\u003c/p\u003e\n\n\u003cp\u003eThe archive has to be untarballed to /usr/local (however it might work to some extent in other paths).\u003c/p\u003e\n\n\u003cp\u003eThis toolchain contains a prebuilt tree of the LLVM projects from a snapshot of 7.0.0(svn). It is a pristine snapshot of HEAD with patches from pkgsrc-wip for llvm, clang, compiler-rt and lldb.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSanitizers\n\n\u003cul\u003e\n\u003cli\u003eNotable changes in sanitizers, all of them are in the context of NetBSD support.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003eAdded fstat(2) MSan interceptor.\nSupport for kvm(3) interceptors in the common sanitizer code.\nAdded devname(3) and devname_r(3) interceptors to the common sanitizer code.\nAdded sysctl(3) familty of functions interceptors in the common sanitizer code.\nAdded strlcpy(3)/strlcat(3) interceptors in the common sanitizer code.\nAdded getgrouplist(3)/getgroupmembership(3) interceptors in the common sanitizer code.\nCorrect ctype(3) interceptors in a code using Native Language Support.\nCorrect tzset(3) interceptor in MSan.\nCorrect localtime(3) interceptor in the common sanitizer code.\nAdded paccept(2) interceptor to the common sanitizer code.\nAdded access(2) and faccessat(2) interceptors to the common sanitizer code.\nAdded acct(2) interceptor to the common sanitizer code.\nAdded accept4(2) interceptor to the common sanitizer code.\nAdded fgetln(3) interceptor to the common sanitizer code.\nAdded interceptors for the pwcache(3)-style functions in the common sanitizer code.\nAdded interceptors for the getprotoent(3)-style functions in the common sanitizer code.\nAdded interceptors for the getnetent(3)-style functions in the common sanitizer code.\nAdded interceptors for the fts(3)-style functions in the common sanitizer code.\nAdded lstat(3) interceptor in MSan.\nAdded strftime(3) interceptor in the common sanitizer code.\nAdded strmode(3) interceptor in the common sanitizer code.\nAdded interceptors for the regex(3)-style functions in the common sanitizer code.\nDisabled unwanted interceptor __sigsetjmp in TSan.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eBase system changes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve tidied up inclusion of the internal namespace.h header in libc. This has hidden the usage of public global symbol names of:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003estrlcat -\u0026gt; _strlcat\nsysconf -\u0026gt; __sysconf\nclosedir -\u0026gt; _closedir\nfparseln -\u0026gt; _fparseln\nkill -\u0026gt; _kill\nmkstemp -\u0026gt; _mkstemp\nreallocarr -\u0026gt; _reallocarr\nstrcasecmp -\u0026gt; _strcasecmp\nstrncasecmp -\u0026gt; _strncasecmp\nstrptime -\u0026gt; _strptime\nstrtok_r -\u0026gt; _strtok_r\nsysctl -\u0026gt; _sysctl\ndlopen -\u0026gt; __dlopen\ndlclose -\u0026gt; __dlclose\ndlsym -\u0026gt; __dlsym\nstrlcpy -\u0026gt; _strlcpy\nfdopen -\u0026gt; _fdopen\nmmap -\u0026gt; _mmap\nstrdup -\u0026gt; _strdup\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe purpose of these changes was to stop triggering interceptors recursively. Such interceptors lead to sanitization of internals of unprepared (not recompiled with sanitizers) prebuilt code. It\u0026#39;s not trivial to sanitize libc\u0026#39;s internals and the sanitizers are not designed to do so. This means that they are not a full replacement of Valgrind-like software, but a a supplement in the developer toolbox. Valgrind translates native code to a bytecode virtual machine, while sanitizers are designed to work with interceptors inside the pristine elementary libraries (libc, libm, librt, libpthread) and embed functionality into the executable\u0026#39;s code.\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;ve also reverted the vadvise(2) syscall removal, from the previous month. This caused a regression in legacy code recompiled against still supported compat layers. Newly compiled code will use a libc\u0026#39;s stub of vadvise(2).\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;ve also prepared a patch installing dedicated headers for sanitizers along with the base system GCC. It\u0026#39;s still discussed and should land the sources soon.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFuture directions and goals\n\n\u003cul\u003e\n\u003cli\u003ePossible paths in random order:\u003c/li\u003e\n\u003cli\u003eIn the quartet of UBSan (Undefined Behavior Sanitizer), ASan (Address Sanitizer), TSan (Thread Sanitizer), MSan (Memory Sanitizer) we need to add the fifth basic sanitizer: LSan (Leak Sanitizer). The Leak Sanitizer (detector of memory leaks) demands a stable ptrace(2) interface for processes with multiple threads (unless we want to build a custom kernel interface).\u003c/li\u003e\n\u003cli\u003eIntegrate the sanitizers with the userland framework in order to ship with the native toolchain to users.\u003c/li\u003e\n\u003cli\u003ePort sanitizers from LLVM to GCC.\u003c/li\u003e\n\u003cli\u003eAllow to sanitize programs linked against userland libraries other than libc, librt, libm and libpthread; by a global option (like MKSANITIZER) producing a userland that is partially prebuilt with a desired sanitizer. This is required to run e.g. MSanitized programs against editline(3). So far, there is no Operating System distribution in existence with a native integration with sanitizers. There are 3rd party scripts for certain OSes to build a stack of software dependencies in order to validate a piece of software.\u003c/li\u003e\n\u003cli\u003eExecute ATF tests with the userland rebuilt with supported flavors of sanitizers and catch regressions.\u003c/li\u003e\n\u003cli\u003eFinish porting of modern linkers designed for large C++ software, such as GNU GOLD and LLVM LLD. Today the bottleneck with building the LLVM toolchain is a suboptimal linker GNU ld(1).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve decided to not open new battlefields and return now to porting LLDB and fixing ptrace(2).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlan for the next milestone\n\n\u003cul\u003e\n\u003cli\u003eKeep upstreaming a pile of local compiler-rt patches.\u003c/li\u003e\n\u003cli\u003eRestore the LLDB support for traced programs with a single thread.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Goran Mekic - \u003ca href=\"mailto:meka@tilda.center\" rel=\"nofollow\"\u003emeka@tilda.center\u003c/a\u003e / \u003ca href=\"https://twitter.com/meka_floss\" rel=\"nofollow\"\u003e@meka_floss\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bsdstore.ru\" rel=\"nofollow\"\u003eCBSD website\u003c/a\u003e Jail and VM Manager\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.manios.ca/blog/2018/01/finally-moving-away-from-windows/\" rel=\"nofollow\"\u003eFinally Moving Away From Windows\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBroken Window\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThanks to a combination of some really impressive malware, bad clicking, and poor website choices, I had to blow away my Windows 10 installation. Not that it was Window’s fault, but a piece of malware had infected my computer when I tried to download a long lost driver for an even longer lost RAID card for a server. A word of advice – the download you’re looking for is never on an ad-infested forum in another language. In any case, I had been meaning to switch away from Windows soon. I didn’t have my entire plan ready, but now was as good a time as any.\u003c/p\u003e\n\n\u003cp\u003eMy line of work requires me to maintain some form of Windows installation, so I decided to keep it in a VM rather than dual booting as I was developing code and not running any high-end visual stuff like games. My first thought was to install Arch or Gentoo Linux, but the last time I attempted a Gentoo installation it left me bootless. Not that there is anything wrong with Gentoo, it was probably my fault, but I like the idea of some sort of installer so I looked at rock-solid Debian. My dad had installed Debian on his sweet new cutting-edge Lenovo laptop he received recently from work. He often raves about his cool scripts and much more effective customized experience, but often complains about his hybrid GPU support as he has an Intel/Nvidia hybrid display adapter (he has finally resolved it and now boasts his 6 connected displays).\u003c/p\u003e\n\n\u003cp\u003eI didn’t want to install Windows again, but something didn’t feel right about installing some flavour of Linux. Back at home I have a small collection of FreeBSD servers running in all sorts of jails and other physical hardware, with the exception of one Debian server which I had the hardest time dealing with (it would be FreeBSD too if 802.11ac support was there as it is acting as my WiFi/gateway/IDS/IPS). I loved my FreeBSD servers, and yes I will write posts about each one soon enough. I wanted that cleanliness and familiarity on my desktop as well (I really love the ports collection!). It’s settled – I will run FreeBSD on my laptop. This also created a new rivalry with my father, which is not a bad thing either.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlaying Devil’s Advocate\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first thing I needed to do was backup my Windows data. This was easy enough, just run a Windows Image Backup and it will- wait, what? Why isn’t this working? I didn’t want to fiddle with this too long because I didn’t actually need an image just the data. I ended up just copying over the files to an external hard disk. Once that was done, I downloaded and verified the latest FreeBSD 11.1 RELEASE memstick image and flashed it to my trusty 8GB Verbatim USB stick. I’ve had this thing since 2007, it works great for being my re-writable “CD”. I booted it up and started the installation. I knew this installer pretty well as I had test-installed FreeBSD and OpenBSD in VMs when I was researching a Unix style replacement OS last year. In any case, I left most of the defaults (I didn’t want to play with custom kernels right now) and I selected all packages. This downloaded them from the FreeBSD FTP server as I only had the memstick image. The installer finished and I was off to my first boot. Great! so far so good. FreeBSD loaded up and I did a ‘pkg upgrade’ just to make sure that everything was up to date.\u003c/p\u003e\n\n\u003cp\u003eAlright, time to get down to business. I needed nano. I just can’t use vi, or just not yet. I don’t care about being a vi-wizard, that’s just too much effort for me. Anyway, just a ‘pkg install nano’ and I had my editor. Next was obvious, I needed x11. XFCE was common, and there were plenty of tutorials out there. I wont bore you with those details, but it went something like ‘pkg install xfce’ and I got all the dependencies. Don’t forget to install SLiM to make it seamless. There are some configs in the .login I think. SLiM needs to be called once the boot drops you to the login so that you get SLiM’s nice GUI login instead of the CLI login screen. Then SLiM passes you off to XFCE. I think I followed this and this. Awesome. Now that x11 is working, it’s time to get all of my apps from Windows. Obviously, I can’t get everything (ie. Visual Studio, Office). But in my Windows installation, I had chosen many open-source or cross-compiled apps as they either worked better or so that I was ready to move away from Windows at a moments notice. ‘pkg install firefox thunderbird hexchat pidgin gpa keepass owncloud-client transmission-qt5 veracrypt openvpn’ were some immediate picks. There are a lot more that I downloaded later, but these are a few I use everyday. My laptop also has the same hybrid display adapter config that my dad’s has, but I chose to only run Intel graphics, so dual screens are no problem for me. I’ll add Nvidia support later, but it’s not a priority.\u003c/p\u003e\n\n\u003cp\u003eAfter I had imported my private keys and loaded my firefox and thunderbird settings, I wanted to get my Windows VM running right away as I was burning productive days at work fiddling with this. I had only two virtualisation options; qemu/kvm and bhyve. qemu/kvm wasn’t available in pkg, and looked real dirty to compile, from FreeBSD’s point of view. My dad is using qemu/kvm with virt-manager to manage all of his Windows/Unix VMs alike. I wanted that experience, but I also wanted packages that could be updated and I didn’t want to mess up a compile. bhyve was a better choice. It was built-in, it was more compatible with Windows (from what I read), and this is a great step-by-step article for Windows 10 on FreeBSD 11 bhyve! I had already tried to get virt-manager to work with bhyve with no luck. I don’t think libvirt connects with bhyve completely, or maybe my config is wrong. But I didn’t have time to fiddle with it. I managed it all through command lines and that has worked perfectly so far. Well sorta, there was an issue installing SQL Server, and only SQL Server, on my Windows VM. This was due to a missing ‘sectorsize=512’ setting on the disk parameter on the bhyve command line. That was only found after A LOT of digging because the SQL Server install didn’t log the error properly. I eventually found out that SQL Server only likes one sector size of disks for the install and my virtual disk geometry was incorrect.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eApps Apps Apps\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI installed Windows 10 on my bhyve VM and I got that all setup with the apps I needed for work. Mostly Office, Visual Studio, and vSphere for managing our server farm. Plus all of the annoying 3rd party VPN software (I’m looking at you Dell and Cisco). Alright, with the Windows VM done, I can now work at work and finish FreeBSD mostly during the nights. I still needed my remote files (I setup an ownCloud instance on a FreeNAS jail at home) so I setup the client. Now, normally on Windows I would come to work and connect to my home network using OpenVPN (again, I have a OpenVPN FreeNAS jail at home) and the ownCloud desktop would be able to handle changing DNS destination IPs Not on FreeBSD (and Linux too?). I ended up just configuring the ownCloud client to just connect to the home LAN IP for the ownCloud server and always connecting the OpenVPN to sync things. It kinda sucks, but at least it works. I left that running at home overnight to get a full sync (~130GB cloud sync, another reason I use it over Google or Microsoft). Once that was done I moved onto the fstab as I had another 1TB SSD in my laptop with other files. I messed around with fstab and my NFS shares to my FreeNAS at home, but took them out as they made the boot time so long when I wasn’t at home. I would only mount them when my OpenVPN connected or manually. I really wanted to install SpaceFM, but it’s only available as a package on Debian and their non-package install script doesn’t work on FreeBSD (packages are named differently). I tried doing it manually, but it was too much work. As my dad was the one who introduced me to it, he still uses it as a use-case for his Debian setup. Instead I kept to the original PCManFM and it works just fine. I also loaded up my Bitcoin and Litecoin wallets and pointed them to the blockchain that I has used on Windows after their sync, they loaded perfectly and my balances were there. I kinda wish there was the Bitcoin-ABC full node Bitcoin Cash wallet package on FreeBSD, but I’m sure it will come out later.\u003c/p\u003e\n\n\u003cp\u003eThe rest is essentially just tweaks and making the environment more comfortable for me, and with most programs installed as packages I feel a lot better with upgrades and audit checking (‘pkg audit -F’ is really helpful!). I will always hate Python, actually, I will always hate any app that has it’s own package manager. I do miss the GUI GitHub tool on Windows. It was a really good-looking way to view all of my repos. The last thing (which is increasing it’s priority every time I go to a social media site or YouTube) is fonts. My god I never thought it was such a problem, and UTF support is complicated. If anyone knows how to get all UTF characters to show up, please let me know. I’d really like Wikipedia articles to load perfectly (I followed this post and there are still some missing). There are some extra tweaks I followed here and here.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI successfully migrated from Windows 10 to FreeBSD 11.1 with minimal consequence. Shout out goes to the entire FreeBSD community. So many helpful people in there, and the forums are a great place to find tons of information. Also thanks to the ones who wrote the how-to articles I’ve referenced. I never would have gotten bhyve to work and I’d still probably be messing with my X config without them. I guess my take home from this is to not be afraid to make changes that may change how comfortable I am in an environment. I’m always open to comments and questions, please feel free to make them below. I purposefully didn’t include too many technical things or commands in this article as I wanted to focus on the larger picture of the migration as a whole not the struggles of xorg.conf, but if you would like to see some of the configs or commands I used, let me know and I’ll include some!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/rulesofconduct/\" rel=\"nofollow\"\u003eTrueOS Rules of Conduct\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe believe code is truly agnostic and embrace inclusiveness regardless of a person’s individual beliefs. As such we only ask the following when participating in TrueOS public events and digital forums:\u003cbr\u003e\nTreat each other with respect and professionalism.\u003cbr\u003e\nLeave personal and TrueOS unrelated conversations to other channels.\u003cbr\u003e\nIn other words, it’s all about the code. Users who feel the above rules have been violated in some way can register a complaint with \u003ca href=\"mailto:abuse@trueos.org\" rel=\"nofollow\"\u003eabuse@trueos.org\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/trueos/status/965994363070353413\" rel=\"nofollow\"\u003eShorter than the BSD License\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/freebsdbytes/status/966567686015782912\" rel=\"nofollow\"\u003ePositive response from the community\u003c/a\u003e\nI really like the @TrueOS Code of Conduct, unlike some other CoCs. It\u0026#39;s short, clear and covers everything.\nMost #OpenSource projects are labour of love. Why do you need a something that reads like a legal contract?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://neomoevius.tumblr.com/post/171108458234/freebsd-the-unknown-giant\" rel=\"nofollow\"\u003eFreeBSD: The Unknown Giant\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI decided to write this article as a gratitude for the recent fast answer of the FreeBSD/TrueOS community with my questions and doubts. I am impressed how fast and how they tried to help me about this operating system which I used in the past(2000-2007) but recently in 2017 I began to use it again.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA lot has changed in 10 years\nI was looking around the internet, trying to do some research about recent information about FreeBSD and other versions or an easy to use spins like PCBSD (now TrueOS)\nI used to be Windows/Mac user for so many years until 2014 when I decided to use Linux as my desktop OS just because I wanted to use something different. I always wanted to use unix or a unix-like operating system, nowadays my main objective is to learn more about  these operating systems (Debian Linux, TrueOS or FreeBSD).\nFreeBSD has similarities with Linux, with two major differences in scope and licensing: FreeBSD maintains a complete operating system, i.e. the project delivers kernel, device drivers, userland utilities and documentation, as opposed to Linux delivering a kernel and drivers only and relying on third-parties for system software; and FreeBSD source code is generally released under a permissive BSD license as opposed to the copyleft GPL used by Linux.“\nBut why do I call FreeBSD “The Unknown Giant”?, because the code base of this operating system has been used by other companies to develop their own operating system for products like computers or also game consoles.\u003c/li\u003e\n\u003cli\u003eFreeBSD is used for storage appliances, firewalls, email scanners, network scanners, network security appliances, load balancers, video servers, and more\nSo many people now will learn that not only “linux is everywhere” but also that “FreeBSD is everywhere too”\nBy the way speaking about movies, Do you remember the movie “The Matrix”? FreeBSD was used to make the movie: “The photo-realistic surroundings generated by this method were incorporated into the bullet time scene, and linear interpolation filled in any gaps of the still images to produce a fluent dynamic motion; the computer-generated “lead in” and “lead out” slides were filled in between frames in sequence to get an illusion of orbiting the scene. Manex Visual Effects used a cluster farm running the Unix-like operating system FreeBSD to render many of the film’s visual effects”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/press-rel-1.html\" rel=\"nofollow\"\u003eFreeBSD Press Release re: The Matrix \u003c/a\u003e\nI hope that I gave a good reference, information and now so many people can understand why I am going to use just Debian Linux and FreeBSD(TrueOS) to do so many different stuff (music, 3d animation, video editing and text editing) instead use a Mac or Windows.\u003c/li\u003e\n\u003cli\u003eFreeBSD really is the unknown giant.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://steemit.com/openbsd/@npna/openbsd-and-freedos-vs-the-hell-in-earth\" rel=\"nofollow\"\u003eOpenBSD and FreeDOS vs the hell in earth\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYes sir, yes. Our family, composed until now by OpenBSD, Alpine Linux and Docker is rapidly growing. And yes, sir. Yes. All together we\u0026#39;re fighting against your best friends, the infamous, the ugliest, the worst...the dudes called the privacy cannibals. Do you know what i mean, sure?\u003cbr\u003e\nWe\u0026#39;re working hard, no matter what time is it, no matter in what part in the world we are, no matter if we\u0026#39;ve no money. We perfectly know that you cannot do nothing against the true. And we\u0026#39;re doing our best to expand our true, our doors are opened to all the good guys, there\u0026#39;s a lot here but their brain was fucked by your shit tv, your fake news, your laws, etc etc etc. We\u0026#39;re alive, we\u0026#39;re here to fight against you.\u003cbr\u003e\nTonight, yes it\u0026#39;s a Friday night and we\u0026#39;re working, we\u0026#39;re ready to welcome with open arms an old guy, his experience will give us more power. Welcome to: FreeDOS\u003c/p\u003e\n\n\u003cp\u003eBut why we want to build a bootable usb stick with FreeDOS under our strong OpenBSD? The answer is as usual to fight against the privacy cannibals!\u003cbr\u003e\nMore than one decade ago the old BIOS was silently replaced by the more capable and advanced UEFI, this is absolutely normal because of the pass of the years and exponencial grow of the power of our personal computers. UEFI is a complex system, it\u0026#39;s like a standalone system operative with direct access to every component of our (yes, it\u0026#39;s our not your!) machine. But...wait a moment...do you know how to use it? Do you ever know that it exist? And one more thing, it\u0026#39;s secure? The answer to this question is totally insane, no, it\u0026#39;s not secure. The idea is good, the company that started in theory is one of the most important in IT, it\u0026#39;s Intel.\u003cbr\u003e\nThe history is very large and obviously we\u0026#39;re going to go very deep in it, but trust me UEFI and the various friend of him, like ME, TPM are insecure and closed source! Like the hell in earth.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA FreeDOS bootable usb image under OpenBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut let\u0026#39;s start preparing our OpenBSD to put order in this chaos:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e$ mkdir -p freedos/stuff\u003cbr\u003e\n$ cd freedos/stuff\u003cbr\u003e\n$ wget \u003ca href=\"https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdboot.img\" rel=\"nofollow\"\u003ehttps://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdboot.img\u003c/a\u003e\u003cbr\u003e\n$ wget \u003ca href=\"https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/dos/sys/sys-freedos-linux/sys-freedos-linux.zip\" rel=\"nofollow\"\u003ehttps://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/dos/sys/sys-freedos-linux/sys-freedos-linux.zip\u003c/a\u003e\u003cbr\u003e\n$ wget \u003ca href=\"https://download.lenovo.com/consumer/desktop/o35jy19usa_y900.exe\" rel=\"nofollow\"\u003ehttps://download.lenovo.com/consumer/desktop/o35jy19usa_y900.exe\u003c/a\u003e\u003cbr\u003e\n$ wget \u003ca href=\"http://145.130.102.57/domoticx/software/amiflasher/AFUDOS%20Flasher%205.05.04.7z\" rel=\"nofollow\"\u003ehttp://145.130.102.57/domoticx/software/amiflasher/AFUDOS%20Flasher%205.05.04.7z\u003c/a\u003e\u003cbr\u003e\nExplanation in clear language as usual: create two directory, download the minimal boot disc image of FreeDOS, download Syslinux assembler MBR bootloaders, download the last Windows only UEFI update from Lenovo and download the relative unknown utility from AMI to flash our motherboard UEFI chipset. Go ahead:\u003c/p\u003e\n\n\u003cp\u003e\u003ccode\u003e$ doas pkg_add -U nasm unzip dosfstools cabextract p7zip\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003enasm the Netwide Assembler, a portable 80x86 assembler. \u003c/li\u003e\n\u003cli\u003eunzip list, test and extract compressed files in a ZIP archive. \u003c/li\u003e\n\u003cli\u003edosfstoolsa collections of utilities to manipulate MS-DOSfs. \u003c/li\u003e\n\u003cli\u003ecabextract program to extract files from cabinet. \u003c/li\u003e\n\u003cli\u003ep7zipcollection of utilities to manipulate 7zip archives.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ mkdir sys-freedos-linux \u0026amp;\u0026amp; cd sys-freedos-linux\n$ unzip ../sys-freedos-linux.zip\n$ cd ~/freedos \u0026amp;\u0026amp; mkdir old new\n$ dd if=/dev/null of=freedos.img bs=1024 seek=20480\n$ mkfs.fat freedos.img\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCreate another working directory, cd into it, unzip the archive that we\u0026#39;ve downloaded, return to the working root and create another twos directories. dd is one of the most important utilities in the unix world to manipulate at byte level input and output:\u003c/p\u003e\n\n\u003cp\u003eThe dd utility copies the standard input to the standard output, applying any specified conversions. Input data is read and written in 512-byte blocks. If input reads are short, input from multiple reads are aggregated to form the output block. When finished, dd displays the number of complete and partial input and output blocks and truncated input records to the standard error output.\u003c/p\u003e\n\n\u003cp\u003eWe\u0026#39;re creating here a virtual disk with bs=1024 we\u0026#39;re setting both input and output block to 1024bytes; with seek=20480 we require 20480bytes. This is the result:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e-rw-r--r-- 1 taglio taglio 20971520 Feb 3 00:11 freedos.img.\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNext we format the virtual disk using the MS-DOS filesystem. Go ahead:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ doas su\n$ perl stuff/sys-freedos-linux/sys-freedos.pl --disk=freedos.img\n$ vnconfig vnd0 stuff/fdboot.img\n$ vnconfig vnd1 freedos.img\n$ mount -t msdos /dev/vnd0c old/\n$ mount -t msdos /dev/vnd1c new/\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe use the perl utility from syslinux to write the MBR of our virtual disk freedos.img. Next we create to loop virtual node using the OpenBSD utility vnconfig. Take care here because it is quite different from Linux, but as usual is clear and simple. The virtual nodes are associated to the downloaded fdboot.img and the newly created freedos.img. Next we mount the two virtual nodes cpartitions; in OpenBSD cpartition describes the entire physical disk. Quite different from Linux, take care.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ cp -R old/* new/\n$ cd stuff\n$ mkdir o35jy19usa\n$ cabextract -d o35jy19usa o35jy19usa_y900.exe\n$ doas su\n$ cp o35jy19usa/ ../new/\n$ mkdir afudos \u0026amp;\u0026amp; cd afudos\n$ 7z e ../AFUDOS*\n$ doas su\n$ cp AFUDOS.exe ../../new/\n$ umount ~/freedos/old/ \u0026amp;\u0026amp; umount ~/freedos/new/\n$ vnconfig -u vnd1 \u0026amp;\u0026amp; vnconfig -u vnd0\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCopy all files and directories in the new virtual node partition, extract the Lenovo cabinet in a new directory, copy the result in our new image, extract the afudos utility and like the others copy it. Umount the partitions and destroy the loop vnode.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.geeklan.co.uk/files/fosdem2018-retro\" rel=\"nofollow\"\u003eNetBSD - A modern operating system for your retro battlestation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/pvaneynd/status/960181163578019840/photo/1\" rel=\"nofollow\"\u003eFOSDEM OS distribution\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=151268831628549\" rel=\"nofollow\"\u003eUpdate on two pledge-related changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=151304116010721\u0026w=2\" rel=\"nofollow\"\u003e*execpromises\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.geeklan.co.uk/files/fosdem2018-bsd/\" rel=\"nofollow\"\u003eSlides for (BSD from scratch - from source to OS with ease on NetBSD)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.crashed.org/goodbye-lastpass/\" rel=\"nofollow\"\u003eGoobyte LastPass: You\u0026#39;re fired! \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eScott - \u003ca href=\"http://dpaste.com/22Z8C6Z#wrap\" rel=\"nofollow\"\u003eZFS Mirror with SLOG\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTroels - \u003ca href=\"http://dpaste.com/3X2R1BV#wrap\" rel=\"nofollow\"\u003eQuestion about compressed ARC\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJeff - \u003ca href=\"http://dpaste.com/2BQ9HFB#wrap\" rel=\"nofollow\"\u003eFreeBSD Desktop DNS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJonathon - \u003ca href=\"http://dpaste.com/0TTT0DB#wrap\" rel=\"nofollow\"\u003eBhyve and gpu passthrough\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"How the term open source was created, running FreeBSD on ThinkPad T530, Moving away from Windows, Unknown Giants, as well as OpenBSD and FreeDOS.","date_published":"2018-02-28T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/460ca95a-5b37-4d69-9367-525dfa539ab6.mp3","mime_type":"audio/mpeg","size_in_bytes":90339700,"duration_in_seconds":7528}]},{"id":"f6baf9a1-e78a-4997-9a29-0ca6f7453383","title":"234: Code and Community","url":"https://www.bsdnow.tv/234","content_text":"GSoC 2018 Projects announced, tutorial FreeBSD jails with iocage, new Code of Conduct for FreeBSD, libhijack, and fancy monitoring for OpenSMTPD\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nGoogle Summer of Code 2018\n\n\nFreeBSD\nFreeBSD Google Summer oF Code Ideas\n\n\n\nYou can join #freebsd-soc on the efnet IRC network to chat with FreeBSD developers interested in mentoring student proposals and projects, past FreeBSD/GSoC students, and other students applying to FreeBSD/GSoC this year.\n\n\n\nNetBSD\n\n\n\nYou can get a stipend (paid for by Google) and spend a few months getting to know and improving the insides of NetBSD or pkgsrc.\n\n\nThe schedule is:\n12-27 March             Applying\n23 April                Find out if you were accepted\n14 May - 22 August      Do the project!\n\nWe have some suggestions for suitable projects:\n- ARM EFI bootloader\n- Using libFuzzer on base tools\n- Refactoring ALTQ (QoS implementation) and integrating with NPF\n- Testsuite for libcurses\n- Improve pkgin\n\nOther suggestions and details are at:\nhttps://wiki.netbsd.org/projects/gsoc/\n\n\n\nThese projects are suggestions; you can come up with your own. Suggestions for other suitable projects are welcome.\n\nFeel free to contact, or chat around on IRC: irc.freenode.org #netbsd #netbsd-code #pkgsrc\n\n\n\nHaiku\n\n\nStudents: How to Apply for a Haiku Idea\nProject Ideas\n\u0026gt; If you have questions you can contact the devs on IRC: irc.freenode.org #haiku\n\n\n\n\n\nFreeBSD Jails with iocage\n\n\nIntroduction\n\n\n\nFreeBSD jails allow users to run multiple, isolated instances of FreeBSD on a single server. Iocage simplifies the management of FreeBSD Jails. Following this tutorial, the jails will be configured to bind to an IP address on the jail host's internal network, and the host OS will pass traffic from the external network to the jail.\n\nThe jails will be managed with Iocage. Iocage uses ZFS properties to store configuration data for each jail, so a ZFS file system is required.\n\n\n\nNetwork setup These steps will:\n\n\nSet up the internal network.\nEnable the pf packet filter\nConfigure pf pass internet traffic to and from the jail.\n\n\n\n\nPF is full featured firewall, and can do more than just pass traffic to an internal network. Refer to the PF documentation for additional configuration options.\n\n\n\nRun the following to configure the internal network and enable pf.\n\n\nsysrc cloned_interfaces+=\"lo1\"\nsysrc ifconfig_lo1=\"inet 192.0.2.1/24\"\nsysrc pf_enable=\"YES\"\n\n\n\nPut the following in /etc/pf.conf\n\n\n# Variables\n# ext_if should be set to the hosts external NIC\next_if = \"vtnet0\"\njail_if = \"lo1\"\njail_net = $jail_if:network\n\n# NAT allows the jails to access the external network\nnat on $ext_if from $jail_net to any -\u0026gt; ($ext_if)\n\n# Redirect traffic on port 80 to the web server jail\n# Add similar rules for additional jails\nrdr pass on $ext_if inet proto tcp to port 80 -\u0026gt; 192.0.2.10\n\n\n\nReboot to activate the network changes\nZFS\n\n\n\nThe best way to use ZFS on a VPS is to attach block storage as a new disk.\nIf block storage is not available, you can optionally use a file as the ZFS device.\n\n\n\nEnable and start ZFS.\n\n\nsysrc zfs_enable=\"YES\"\nservice zfs start\n\n\n\nZFS using Block storage\n\n\n\nList the available disks. \nIf you are using a VPS, the block store will probably be the second disk.\n\n\ngeom disk list\n\n\nCreate a ZFS pool named jailstore.\n\n\nzpool create jailstore  /dev/vtbd1\n\n\nZFS using a file\n\n\n\nCreate the ZFS file.\n\n\ndd if=/dev/zero of=/zfsfile bs=1M count=4096\n\n\nCreate a ZFS pool named jailstore.\n\n\nzpool create jailstore /zfsfile\n\n\nInstall iocage the easy way\n\n\npkg install py36-iocage\n\n\nSkip to \"Using iocage\"\n\n\n\nInstall iocage the hard way\nSwap file\n\n\n\nSmaller servers may not have enough RAM to build iocage. If needed, create a swap file and reboot.\n\n\ndd if=/dev/zero of=/swapfile bs=1M count=1024\necho 'swapfile=\"/swapfile\"' \u0026gt;\u0026gt; /etc/rc.conf\nreboot\n\n\n\nInstall some build dependencies\n\n\npkg install subversion python36 git-lite libgit2  py36-pip\n\n\nBuilding iocage requires the FreeBSD source.\n\n\nsvn checkout https://svn.freebsd.org/base/releng/11.1 /usr/src\n\n\nGet the latest FreeBSD ports tree.\n\n\nportsnap fetch\nportsnap extract\n\n\n\n\nbuild iocage.\n\n\ncd /usr/ports/sysutils/iocage/\nmake install\n\n\n\nUsing iocage\n\n\niocage activate jailstore\niocage fetch\n\niocage create -n www ip4_addr=\"lo1|192.0.2.10/24\" -r 11.1-RELEASE\niocage start www\niocage console www\n\n\n\nOnce you have a shell inside the jail, install and start Apache.\n\n\npkg install apache24\nsysrc apache24_enable=\"yes\"\nservice apache24 start\n\n\n\nPort 80 on the jail will now be accessible on the hosts IP address.\n\n\n\nMultiple jails.\n\n\n\nAdditional jails can be installed using the example above.\n\n\n\nInstall the new jail with the iocage create command , but use a different IP address\nExpose the new jail to the network by adding additional rules to pf.conf.\n\n\n\n\niXsystems\n\n\nSNIA Persistent Memory Summit 2018 Report\n\n\nNew FreeBSD Code of Conduct\n\n\nThe FreeBSD Project is inclusive. We want the FreeBSD Project to be a venue where people of all backgrounds can work together to make the best operating system, built by a strong community. These values extend beyond just development to all aspects of the Project. All those given recognition as members of the Project in whatever form are seen as ambassadors of the Project.\n\nDiversity is a huge strength and is critical to the long term success of the Project. To that end we have a few ground rules that we ask people to adhere to. This code applies equally to everyone representing the FreeBSD Project in any way, from new members, to committers, to the core team itself. These rules are intended to ensure a safe, harassment-free environment for all and to ensure that everyone feels welcome both working within, and interacting with, the Project.\n\nThis document is not an exhaustive list of things that you should not do. Rather, consider it a guide to make it easier to enrich all of us and the technical communities in which we participate.\n\nThis code of conduct applies to all spaces used by the FreeBSD Project, including our mailing lists, IRC channels, and social media, both online and off. Anyone who is found to violate this code of conduct may be sanctioned or expelled from FreeBSD Project controlled spaces at the discretion of the FreeBSD Code of Conduct Committee.\n\nSome FreeBSD Project spaces may have additional rules in place, which will be made clearly available to participants. Participants are responsible for knowing and abiding by these rules. \n\n\nHarassment includes but is not limited to:\n\n\nComments that reinforce systemic oppression related to gender, gender identity and expression, sexual orientation, disability, mental illness, neurodiversity, physical appearance, body size, age, race, or religion.\nUnwelcome comments regarding a person's lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment.\nDeliberate misgendering.\nDeliberate use of \"dead\" or rejected names.\nGratuitous or off-topic sexual images or behaviour in spaces where they're not appropriate.\nPhysical contact and simulated physical contact (e.g., textual descriptions like \"hug\" or \"backrub\") without consent or after a request to stop.\nThreats of violence.\nIncitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.\nDeliberate intimidation.\nStalking or following.\nHarassing photography or recording, including logging online activity for harassment purposes.\nSustained disruption of discussion.\nUnwelcome sexual attention.\nPattern of inappropriate social contact, such as requesting/assuming inappropriate levels of intimacy with others.\nContinued one-on-one communication after requests to cease.\nDeliberate \"outing\" of any private aspect of a person's identity without their consent except as necessary to protect vulnerable people from intentional abuse.\nPublication of non-harassing private communication without consent.\nPublication of non-harassing private communication with consent but in a way that intentionally misrepresents the communication (e.g., removes context that changes the meaning).\nKnowingly making harmful false claims about a person.\n***\n\n\nInterview - Benno Rice - benno@freebsd.org / @jeamland\n\n\n\nNews Roundup\n\nlibhijack in PoC||GTFO 0x17!\n\n\nHijacking Your Free Beasties\n\n\n\nIn the land of red devils known as Beasties exists a system devoid of meaningful exploit mitigations. As we explore this vast land of opportunity, we will meet our ELFish friends, [p]tracing their very moves in order to hijack them. Since unprivileged process debugging is\nenabled by default on FreeBSD, we can abuse PTrace to create anonymous memory mappings, inject code into them, and overwrite PLT/GOT entries. We will revive a tool called libhijack to make our nefarious activities of hijacking ELFs via PTrace relatively easy.\n\nNothing presented here is technically new. However, this type of work has not been documented in this much detail, tying it all into one cohesive work. In Phrack 56, Silvio Cesare taught us ELF research enthusiasts how to hook the PLT/GOT. The Phrack 59 article on Runtime Process Infection briefly introduces the concept of injecting shared objects by injecting shellcode via PTrace that calls dlopen(). No other piece of research, however, has discovered the joys of forcing the application to create anonymous memory mappings in which to inject\nCode.\n\nThis is only part one of a series of planned articles that will follow libhijack's development. The end goal is to be able to anonymously inject shared objects. The libhijack project is maintained by the SoldierX community.\n\n\n\nPrevious Research\n\n\n\nAll prior work injects code into the stack, the heap, or existing executable code. All three methods create issues on today's systems. On amd64 and arm64, the two architectures libhijack cares about, the stack is non-executable by default. jemalloc, the heap implementation\non FreeBSD, creates non-executable mappings. Obviously overwriting existing executable code destroys a part of the executable image.\n\n\n\nThe Role of ELF\n\u0026gt; FreeBSD provides a nifty API for inspecting the entire virtual memory space of an application. The results returned from the API tells us the protection flags (readable, writable, executable) of each mapping. If FreeBSD provides such a rich API, why would we need to parse the\nELF headers?\n\n\n\nPLT/GOT hijacking requires parsing ELF headers. One would not be able to find the PLT/GOT without iterating through the Process Headers to find the Dynamic Headers, eventually ending up with the DT_PLTGOT entry.\n\nWith FreeBSD's libprocstat API, we don't have a need for parsing ELF headers until we get to the PLT/GOT stage, but doing so early makes it easier for the attacker using libhijack\n\n\n\nThe Future of libhijack\n\n\n\nWriting devious code in assembly is cumbersome. Assembly doesn't scale well to multiple architectures. Instead, we would like to write our devious code in C, compiling to a shared object that gets injected anonymously. This requires writing a remote RTLD within libhijack and\nis in progress. Writing a remote RTLD will take a while as doing so is not an easy task.\n\nAdditionally, creation of a general-purpose helper library that gets injected would be helpful. It could aid in PLT/GOT redirection attacks, possibly storing the addresses of functions we've previously hijacked. This work is dependent on the remote RTLD.\n\nlibhijack currently lacks documentation. Once the ABI and API stabilize, formal documentation will be written.\n\n\n\nConclusion\n\n\n\nUsing libhijack, we can easily create anonymous memory mappings, inject into them arbitrary code, and hijack the PLT/GOT on FreeBSD. On HardenedBSD, a hardened derivative of FreeBSD, libhijack is fully mitigated through PaX NOEXEC.\n\nWe've demonstrated that wrapper-style Capsicum is ineffective on FreeBSD. Through the use of libhijack, we emulate a control flow hijack in which the application is forced to call sandbox_open and fdlopen on the resulting file descriptor.\n\nFurther work to support anonymous injection of full shared objects, along with their dependencies, will be supported in the future. Imagine injecting libpcap into Apache to sniff traffic whenever \"GET /pcap\" is sent.\n\nIn order to prevent abuse of PTrace, FreeBSD should set the security.bsd.unprivileged_proc_debug to 0 by default. In order to prevent process manipulation, FreeBSD should implement PaX NOEXEC.\n\n\n\nlibhijack can be found at https://github.com/SoldierX/libhijack\n\n\n\n\nIntroduction to POSIX shell\n\n\nWhat the heck is the POSIX shell anyway? Well, the POSIX (the Portable Operating System Interface) shell is the standard Unix shell - standard meaning it was formally defined and shipped in a published standard. This makes shell scripts written for it portable, something no other shell can lay claim to. The POSIX shell is basically a formalized version of the venerable Bourne shell, and on your system it lives at /bin/sh, unless you’re one of the unlucky masses for whom this is a symlink to bash.\n\n\n\nWhy use POSIX shell?\n\n\n\nThe “Bourne Again shell”, aka bash, is not standardized. Its grammar, features, and behavior aren’t formally written up anywhere, and only one implementation of bash exists. Without a standard, bash is defined by its implementation. POSIX shell, on the other hand, has many competing implementations on many different operating systems - all of which are compatible with each other because they conform to the standard.\n\nAny shell that utilizes features specific to Bash are not portable, which means you cannot take them with you to any other system. Many Linux-based systems do not use Bash or GNU coreutils. Outside of Linux, pretty much everyone but Hurd does not ship GNU tools, including bash1. On any of these systems, scripts using “bashisms” will not work.\n\nThis is bad if your users wish to utilize your software anywhere other than GNU/Linux. If your build tooling utilizes bashisms, your software will not build on anything but GNU/Linux. If you ship runtime scripts that use bashisms, your software will not run on anything but GNU/Linux. The case for sticking to POSIX shell in shipping software is compelling, but I argue that you should stick to POSIX shell for your personal scripts, too. You might not care now, but when you feel like flirting with other Unicies you’ll thank me when all of your scripts work.\n\nOne place where POSIX shell does not shine is for interactive use - a place where I think bash sucks, too. Any shell you want to use for your day-to-day command line work is okay in my book. I use fish. Use whatever you like interactively, but stick to POSIX sh for your scripts.\n\n\n\nHow do I use POSIX shell?\n\n\n\nAt the top of your scripts, put #!/bin/sh. You don’t have to worry about using env here like you might have been trained to do with bash: /bin/sh is the standardized location for the POSIX shell, and any standards-conforming system will either put it there or make your script work anyway.\n\nThe next step is to avoid bashisms. There are many, but here are a few that might trip you up:\n\n\n\n[[ condition ]] does not work; use [ condition ]\nArrays do not work; use IFS\nLocal variables do not work; use a subshell\n\n\n\nThe easiest way to learn about POSIX shell is to read the standard - it’s not too dry and shorter than you think.\n\n\n\nUsing standard coreutils\n\n\n\nThe last step to writing portable scripts is to use portable tools. Your system may have GNU coreutils installed, which provides tools like grep and cut. Unfortunately, GNU has extended these tools with its own non-portable flags and tools. It’s important that you avoid these.\n\nOne dead giveaway of a non-portable flag is long flags, e.g. grep --file=FILE as opposed to grep -f. The POSIX standard only defines the getopt function - not the proprietary GNU getopt_long function that’s used to interpret long options. As a result, no long flags are standardized. You might worry that this will make your scripts difficult to understand, but I think that on the whole it will not. Shell scripts are already pretty alien and require some knowledge to understand. Is knowledge of what the magic word grep means much different from knowledge of what grep -E means?\n\nI also like that short flags allow you to make more concise command lines. Which is better: ps --all --format=user --without-tty, or ps -aux? If you are inclined to think the former, do you also prefer function(a, b, c) { return a + b + c; } over (a, b, c) =\u0026gt; a + b + c? Conciseness matters, and POSIX shell supports comments if necessary!\n\n\n\nSome tips for using short flags:\nThey can be collapsed: cmd -a -b -c is equivalent to cmd -abc\nIf they take additional arguments, either a space or no separation is acceptable: cmd -f\"hello world\" or cmd -f \"hello world\"\n\n\n\nA good reference for learning about standardized commands is, once again, the standard. From this page, search for the command you want, or navigate through “Shell \u0026amp; Utilities” -\u0026gt; “Utilities” for a list. If you have man-pages installed, you will also find POSIX man pages installed on your system with the p postfix, such as man 1p grep. Note: at the time of writing, the POSIX man pages do not use dashes if your locale is UTF-8, which makes searching for flags with / difficult. Use env LC_ALL=POSIX man 1p grep if you need to search for flags, and I’ll speak to the maintainer of man-pages about this.\n\n\n\n\nFreeBSD Broadcom Wi-Fi Improvements\n\n\nIntroduction\n\n\n\nSince 2015, I've been working on improving FreeBSD support for Broadcom Wi-Fi devices and SoCs, including authoring the bhnd(4) driver family, which provides a unified bus and driver programming interface for these devices.\n\nFirst committed in early 2016, bhnd(4) allowed us to quickly bring up FreeBSD/MIPS on Broadcom SoCs, but it has taken much longer to implement the full set of features required to support modern Broadcom SoftMAC Wi-Fi hardware.\n\nThanks to the generosity of the FreeBSD Foundation, I've recently finished implementing the necessary improvements to the bhnd(4) driver family. With these changes in place, I was finally able to port the existing bwn(4) Broadcom SoftMAC Wi-Fi driver to the bhnd(4) bus, and implement initial support for the BCM43224 and BCM43225 chipsets, with additional hardware support to be forthcoming.\n\nNow that my efforts on FreeBSD/Broadcom Wi-Fi support have progressed far enough to be generally useful, I wanted to take some time to provide a brief overview of Broadcom's Wi-Fi hardware, and explain how my work provides a foundation for further FreeBSD Broadcom Wi-Fi/SoC improvements.\n\n\n\nA Brief Background on Broadcom Wi-Fi Hardware\n\n\n\nBroadcom's Wi-Fi devices are members of the Broadcom Home Networking Division (BHND) device family; other BHND devices include MIPS/ARM SoCs (including Wi-Fi SoCs commonly found in consumer access points), as well as a large variety of related networking hardware.\n\n\n\nBHND devices utilize a common set of Broadcom IP cores (or \"functional blocks\") connected via one of two on-chip bus architectures:\nHardware designed prior to 2009 used Broadcom’s “SSB” backplane architecture, based on Sonics Silicon’s interconnect IP.\nSubsequent hardware adopted Broadcom’s “BCMA” backplane, based on ARM’s AMBA IP. The IP cores used in earlier SSB-based devices were adapted for compatibility with the new backplane.\n\n\n\nWhen BHND hardware is used in a PCI Wi-Fi card, or a SDIO Wi-Fi module, the device's dual-mode peripheral controller is configured to operate as an endpoint device on the host's peripheral bus, bridging access to the SoC hardware:\n\n\n\nHost access to SoC address space is provided via a set of register windows (e.g., a set of configurable windows into SoC address space mapped via PCI BARs)\nDMA is supported by the bridge core’s sparse mapping of host address space into the backplane address space. These address regions may be used as a target for the on-chip DMA engines.\nAny backplane interrupt vectors routed to the bridge core may be mapped by the bridge to host interrupts (e.g., PCI INTx/MSI/MSI-X).\n\n\n\nThe host is generally expected to provide drivers for the IP cores found on the SoC backplane; since these cores are found in both BHND SoCs and BHND Wi-Fi devices, it is advantageous to share driver and platform code between the two targets.\n\n\n\nModernizing FreeBSD's Broadcom SoftMAC Wi-Fi Support\n\n\nFreeBSD support for Broadcom SoftMAC Wi-Fi adapters is provided by two partially overlapping PCI/CardBus drivers:\nLegacy Wi-Fi adapters are supported by bwi(4). This driver remains in-tree to support devices incompatible with v4 or later firmware (e.g. BCM4301, BCM4302, BCM4306 rev 1-2), all of which were released prior to December 2002.\nModern Wi-Fi adapters are supported by bwn(4), with access to on-chip cores mediated by bhnd(4).\n\n\n\n\nPrior to my work porting bwn(4) to bhnd(4), access to on-chip cores was mediated by siba_bwn, a PCI/WiFi-specific derivative of the legacy siba(4) SSB bus driver. There were two major limitations to siba_bwn that have long blocked adding support for newer SoftMAC Wi-Fi chipsets: the newer BCMA interconnect found in post-2009 hardware was not supported by siba(4), and siba_bwn assumed a PCI/PCIe bridge, preventing its use on FreeBSD/MIPS Broadcom SoCs with interconnect-attached D11 cores.\n\n\n\nThe new bhnd(4) driver family, written as a replacement for siba(4) and siba_bwn, provides:\nA unified bus driver interface for both SSB and BCMA on-chip interconnects\nA generic BHND bridge driver framework for host-connected BHND devices (e.g. Wi-Fi adapters, etc)\nA PCI/PCIe bridge core driver, for PCI-attached BHND devices.\nAn abstract BHND NVRAM API, with support for the varied NVRAM formats found in BHND Wi-Fi adapters and SoCs.\nDrivers for common BHND platform peripherals (UARTs, SPROM/flash, PMUs, etc)\n\n\n\nBy porting bwn(4) to bhnd(4), we are now able to support existing BCMA devices with MAC/PHY/Radio combinations readily supported by bwn(4), as was the case with the BCM43224 and BCM43225 chipsets. This also opens the door to porting additional PHY support from Broadcom’s ISC-licensed Linux drivers, and will allow us to bring up bwn(4) on Broadcom WiSoCs supported by FreeBSD/MIPS.\n\n\n\n\nMonitor OpenSMTPD using Logstash and Grafana\n\n\nLogs are usefull. Graphs are sexy. Here’s a way to get a view on what happens to your OpenSMTPD traffic, using Web v2.0 tools ; namely Logstash \u0026amp; Grafana.\nFor those who would not be aware of those tools, logstash is some kind of log-parser that can eat syslog formatted logs and write them into elasticsearch ; in “document” format. Grafana is a Web frontend that can dig into various databases and render graphics from requests.\nI won’t go into the whole “how to install” process here. Installation is quite straight forward and online documentation is quite clear.\n\n\n\nWhat you need\n\n\n\nOpenSMTPD deals with emails and logs its activity via Syslog.\nSyslog is configured to send the logs to Logstash.\nLogstash has a set of rules configured to transform the text-oriented information into searchable document-oriented data. The transformed data is stored into Elasticsearch.\nElasticsearch provides Web API to search and find stuff.\nGrafana connects to ELS to get data and draw the graphs.\n\n\nBeastie Bits\n\n\nCharmBUG Presentation - Writing FreeBSD Malware\nMarch London *BSD meeting 13/03/18\nFreBSD Ports Workshop\nThe history of NetBSD/atari and support for ATARI compatible Milan / OSC2018Osaka\nSSH Mastery, 2nd Edition\n***\n\n\nFeedback/Questions\n\n\nStephen - Viewer Interview Question\npb - trust expanding your 280TB pool\nTim - ZFS questions for the ZFS Man\nDaniel - ZFS full backup question\n***\n","content_html":"\u003cp\u003eGSoC 2018 Projects announced, tutorial FreeBSD jails with iocage, new Code of Conduct for FreeBSD, libhijack, and fancy monitoring for OpenSMTPD\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://summerofcode.withgoogle.com/organizations/?sp-page=5\" rel=\"nofollow\"\u003eGoogle Summer of Code 2018\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/projects/summerofcode.html\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/SummerOfCodeIdeas\" rel=\"nofollow\"\u003eFreeBSD Google Summer oF Code Ideas\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou can join #freebsd-soc on the efnet IRC network to chat with FreeBSD developers interested in mentoring student proposals and projects, past FreeBSD/GSoC students, and other students applying to FreeBSD/GSoC this year.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2018/02/12/msg000765.html\" rel=\"nofollow\"\u003eNetBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou can get a stipend (paid for by Google) and spend a few months getting to know and improving the insides of NetBSD or pkgsrc.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eThe schedule is:\n12-27 March             Applying\n23 April                Find out if you were accepted\n14 May - 22 August      Do the project!\n\nWe have some suggestions for suitable projects:\n- ARM EFI bootloader\n- Using libFuzzer on base tools\n- Refactoring ALTQ (QoS implementation) and integrating with NPF\n- Testsuite for libcurses\n- Improve pkgin\n\nOther suggestions and details are at:\nhttps://wiki.netbsd.org/projects/gsoc/\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese projects are suggestions; you can come up with your own. Suggestions for other suitable projects are welcome.\u003c/p\u003e\n\n\u003cp\u003eFeel free to contact, or chat around on IRC: irc.freenode.org #netbsd #netbsd-code #pkgsrc\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://summerofcode.withgoogle.com/organizations/4821756754264064/\" rel=\"nofollow\"\u003eHaiku\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.haiku-os.org/community/gsoc/2018/students\" rel=\"nofollow\"\u003eStudents: How to Apply for a Haiku Idea\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.haiku-os.org/community/gsoc/2018/ideas\" rel=\"nofollow\"\u003eProject Ideas\u003c/a\u003e\n\u0026gt; If you have questions you can contact the devs on IRC: irc.freenode.org #haiku\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://norrist.devio.us/iocage_freebsd.html\" rel=\"nofollow\"\u003eFreeBSD Jails with iocage\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD jails allow users to run multiple, isolated instances of FreeBSD on a single server. Iocage simplifies the management of FreeBSD Jails. Following this tutorial, the jails will be configured to bind to an IP address on the jail host\u0026#39;s internal network, and the host OS will pass traffic from the external network to the jail.\u003c/p\u003e\n\n\u003cp\u003eThe jails will be managed with Iocage. Iocage uses ZFS properties to store configuration data for each jail, so a ZFS file system is required.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetwork setup These steps will:\n\n\u003cul\u003e\n\u003cli\u003eSet up the internal network.\u003c/li\u003e\n\u003cli\u003eEnable the pf packet filter\u003c/li\u003e\n\u003cli\u003eConfigure pf pass internet traffic to and from the jail.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePF is full featured firewall, and can do more than just pass traffic to an internal network. Refer to the PF documentation for additional configuration options.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRun the following to configure the internal network and enable pf.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003esysrc cloned_interfaces+=\u0026quot;lo1\u0026quot;\nsysrc ifconfig_lo1=\u0026quot;inet 192.0.2.1/24\u0026quot;\nsysrc pf_enable=\u0026quot;YES\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003ePut the following in /etc/pf.conf\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e# Variables\n# ext_if should be set to the hosts external NIC\next_if = \u0026quot;vtnet0\u0026quot;\njail_if = \u0026quot;lo1\u0026quot;\njail_net = $jail_if:network\n\n# NAT allows the jails to access the external network\nnat on $ext_if from $jail_net to any -\u0026gt; ($ext_if)\n\n# Redirect traffic on port 80 to the web server jail\n# Add similar rules for additional jails\nrdr pass on $ext_if inet proto tcp to port 80 -\u0026gt; 192.0.2.10\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eReboot to activate the network changes\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eZFS\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe best way to use ZFS on a VPS is to attach block storage as a new disk.\u003cbr\u003e\nIf block storage is not available, you can optionally use a file as the ZFS device.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEnable and start ZFS.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003esysrc zfs_enable=\u0026quot;YES\u0026quot;\nservice zfs start\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS using Block storage\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eList the available disks. \u003cbr\u003e\nIf you are using a VPS, the block store will probably be the second disk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003egeom disk list\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCreate a ZFS pool named jailstore.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ezpool create jailstore  /dev/vtbd1\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS using a file\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCreate the ZFS file.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003edd if=/dev/zero of=/zfsfile bs=1M count=4096\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCreate a ZFS pool named jailstore.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003ezpool create jailstore /zfsfile\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall iocage the easy way\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003epkg install py36-iocage\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSkip to \u0026quot;Using iocage\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall iocage the hard way\u003c/li\u003e\n\u003cli\u003eSwap file\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSmaller servers may not have enough RAM to build iocage. If needed, create a swap file and reboot.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003edd if=/dev/zero of=/swapfile bs=1M count=1024\necho \u0026#39;swapfile=\u0026quot;/swapfile\u0026quot;\u0026#39; \u0026gt;\u0026gt; /etc/rc.conf\nreboot\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall some build dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003epkg install subversion python36 git-lite libgit2  py36-pip\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBuilding iocage requires the FreeBSD source.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003esvn checkout https://svn.freebsd.org/base/releng/11.1 /usr/src\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eGet the latest FreeBSD ports tree.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003eportsnap fetch\nportsnap extract\n\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003ebuild iocage.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003ecd /usr/ports/sysutils/iocage/\nmake install\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsing iocage\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003eiocage activate jailstore\niocage fetch\n\niocage create -n www ip4_addr=\u0026quot;lo1|192.0.2.10/24\u0026quot; -r 11.1-RELEASE\niocage start www\niocage console www\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce you have a shell inside the jail, install and start Apache.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003epkg install apache24\nsysrc apache24_enable=\u0026quot;yes\u0026quot;\nservice apache24 start\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePort 80 on the jail will now be accessible on the hosts IP address.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMultiple jails.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAdditional jails can be installed using the example above.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall the new jail with the iocage create command , but use a different IP address\u003c/li\u003e\n\u003cli\u003eExpose the new jail to the network by adding additional rules to pf.conf.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eiXsystems\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/snia-report-2018/\" rel=\"nofollow\"\u003eSNIA Persistent Memory Summit 2018 Report\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/internal/code-of-conduct.html\" rel=\"nofollow\"\u003eNew FreeBSD Code of Conduct\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD Project is inclusive. We want the FreeBSD Project to be a venue where people of all backgrounds can work together to make the best operating system, built by a strong community. These values extend beyond just development to all aspects of the Project. All those given recognition as members of the Project in whatever form are seen as ambassadors of the Project.\u003c/p\u003e\n\n\u003cp\u003eDiversity is a huge strength and is critical to the long term success of the Project. To that end we have a few ground rules that we ask people to adhere to. This code applies equally to everyone representing the FreeBSD Project in any way, from new members, to committers, to the core team itself. These rules are intended to ensure a safe, harassment-free environment for all and to ensure that everyone feels welcome both working within, and interacting with, the Project.\u003c/p\u003e\n\n\u003cp\u003eThis document is not an exhaustive list of things that you should not do. Rather, consider it a guide to make it easier to enrich all of us and the technical communities in which we participate.\u003c/p\u003e\n\n\u003cp\u003eThis code of conduct applies to all spaces used by the FreeBSD Project, including our mailing lists, IRC channels, and social media, both online and off. Anyone who is found to violate this code of conduct may be sanctioned or expelled from FreeBSD Project controlled spaces at the discretion of the FreeBSD Code of Conduct Committee.\u003c/p\u003e\n\n\u003cp\u003eSome FreeBSD Project spaces may have additional rules in place, which will be made clearly available to participants. Participants are responsible for knowing and abiding by these rules. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eHarassment includes but is not limited to:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eComments that reinforce systemic oppression related to gender, gender identity and expression, sexual orientation, disability, mental illness, neurodiversity, physical appearance, body size, age, race, or religion.\u003c/li\u003e\n\u003cli\u003eUnwelcome comments regarding a person\u0026#39;s lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment.\u003c/li\u003e\n\u003cli\u003eDeliberate misgendering.\u003c/li\u003e\n\u003cli\u003eDeliberate use of \u0026quot;dead\u0026quot; or rejected names.\u003c/li\u003e\n\u003cli\u003eGratuitous or off-topic sexual images or behaviour in spaces where they\u0026#39;re not appropriate.\u003c/li\u003e\n\u003cli\u003ePhysical contact and simulated physical contact (e.g., textual descriptions like \u0026quot;\u003cem\u003ehug\u003c/em\u003e\u0026quot; or \u0026quot;\u003cem\u003ebackrub\u003c/em\u003e\u0026quot;) without consent or after a request to stop.\u003c/li\u003e\n\u003cli\u003eThreats of violence.\u003c/li\u003e\n\u003cli\u003eIncitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.\u003c/li\u003e\n\u003cli\u003eDeliberate intimidation.\u003c/li\u003e\n\u003cli\u003eStalking or following.\u003c/li\u003e\n\u003cli\u003eHarassing photography or recording, including logging online activity for harassment purposes.\u003c/li\u003e\n\u003cli\u003eSustained disruption of discussion.\u003c/li\u003e\n\u003cli\u003eUnwelcome sexual attention.\u003c/li\u003e\n\u003cli\u003ePattern of inappropriate social contact, such as requesting/assuming inappropriate levels of intimacy with others.\u003c/li\u003e\n\u003cli\u003eContinued one-on-one communication after requests to cease.\u003c/li\u003e\n\u003cli\u003eDeliberate \u0026quot;outing\u0026quot; of any private aspect of a person\u0026#39;s identity without their consent except as necessary to protect vulnerable people from intentional abuse.\u003c/li\u003e\n\u003cli\u003ePublication of non-harassing private communication without consent.\u003c/li\u003e\n\u003cli\u003ePublication of non-harassing private communication with consent but in a way that intentionally misrepresents the communication (e.g., removes context that changes the meaning).\u003c/li\u003e\n\u003cli\u003eKnowingly making harmful false claims about a person.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Benno Rice - \u003ca href=\"mailto:benno@freebsd.org\" rel=\"nofollow\"\u003ebenno@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/jeamland\" rel=\"nofollow\"\u003e@jeamland\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.soldierx.com/news/libhijack-PoCGTFO-0x17\" rel=\"nofollow\"\u003elibhijack in PoC||GTFO 0x17!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHijacking Your Free Beasties\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the land of red devils known as Beasties exists a system devoid of meaningful exploit mitigations. As we explore this vast land of opportunity, we will meet our ELFish friends, [p]tracing their very moves in order to hijack them. Since unprivileged process debugging is\u003cbr\u003e\nenabled by default on FreeBSD, we can abuse PTrace to create anonymous memory mappings, inject code into them, and overwrite PLT/GOT entries. We will revive a tool called libhijack to make our nefarious activities of hijacking ELFs via PTrace relatively easy.\u003c/p\u003e\n\n\u003cp\u003eNothing presented here is technically new. However, this type of work has not been documented in this much detail, tying it all into one cohesive work. In Phrack 56, Silvio Cesare taught us ELF research enthusiasts how to hook the PLT/GOT. The Phrack 59 article on Runtime Process Infection briefly introduces the concept of injecting shared objects by injecting shellcode via PTrace that calls dlopen(). No other piece of research, however, has discovered the joys of forcing the application to create anonymous memory mappings in which to inject\u003cbr\u003e\nCode.\u003c/p\u003e\n\n\u003cp\u003eThis is only part one of a series of planned articles that will follow libhijack\u0026#39;s development. The end goal is to be able to anonymously inject shared objects. The libhijack project is maintained by the SoldierX community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePrevious Research\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAll prior work injects code into the stack, the heap, or existing executable code. All three methods create issues on today\u0026#39;s systems. On amd64 and arm64, the two architectures libhijack cares about, the stack is non-executable by default. jemalloc, the heap implementation\u003cbr\u003e\non FreeBSD, creates non-executable mappings. Obviously overwriting existing executable code destroys a part of the executable image.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Role of ELF\n\u0026gt; FreeBSD provides a nifty API for inspecting the entire virtual memory space of an application. The results returned from the API tells us the protection flags (readable, writable, executable) of each mapping. If FreeBSD provides such a rich API, why would we need to parse the\nELF headers?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePLT/GOT hijacking requires parsing ELF headers. One would not be able to find the PLT/GOT without iterating through the Process Headers to find the Dynamic Headers, eventually ending up with the DT_PLTGOT entry.\u003c/p\u003e\n\n\u003cp\u003eWith FreeBSD\u0026#39;s libprocstat API, we don\u0026#39;t have a need for parsing ELF headers until we get to the PLT/GOT stage, but doing so early makes it easier for the attacker using libhijack\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Future of libhijack\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWriting devious code in assembly is cumbersome. Assembly doesn\u0026#39;t scale well to multiple architectures. Instead, we would like to write our devious code in C, compiling to a shared object that gets injected anonymously. This requires writing a remote RTLD within libhijack and\u003cbr\u003e\nis in progress. Writing a remote RTLD will take a while as doing so is not an easy task.\u003c/p\u003e\n\n\u003cp\u003eAdditionally, creation of a general-purpose helper library that gets injected would be helpful. It could aid in PLT/GOT redirection attacks, possibly storing the addresses of functions we\u0026#39;ve previously hijacked. This work is dependent on the remote RTLD.\u003c/p\u003e\n\n\u003cp\u003elibhijack currently lacks documentation. Once the ABI and API stabilize, formal documentation will be written.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUsing libhijack, we can easily create anonymous memory mappings, inject into them arbitrary code, and hijack the PLT/GOT on FreeBSD. On HardenedBSD, a hardened derivative of FreeBSD, libhijack is fully mitigated through PaX NOEXEC.\u003c/p\u003e\n\n\u003cp\u003eWe\u0026#39;ve demonstrated that wrapper-style Capsicum is ineffective on FreeBSD. Through the use of libhijack, we emulate a control flow hijack in which the application is forced to call sandbox_open and fdlopen on the resulting file descriptor.\u003c/p\u003e\n\n\u003cp\u003eFurther work to support anonymous injection of full shared objects, along with their dependencies, will be supported in the future. Imagine injecting libpcap into Apache to sniff traffic whenever \u0026quot;GET /pcap\u0026quot; is sent.\u003c/p\u003e\n\n\u003cp\u003eIn order to prevent abuse of PTrace, FreeBSD should set the security.bsd.unprivileged_proc_debug to 0 by default. In order to prevent process manipulation, FreeBSD should implement PaX NOEXEC.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003elibhijack can be found at \u003ca href=\"https://github.com/SoldierX/libhijack\" rel=\"nofollow\"\u003ehttps://github.com/SoldierX/libhijack\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sircmpwn.github.io/2018/02/05/Introduction-to-POSIX-shell.html\" rel=\"nofollow\"\u003eIntroduction to POSIX shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat the heck is the POSIX shell anyway? Well, the POSIX (the Portable Operating System Interface) shell is the standard Unix shell - standard meaning it was formally defined and shipped in a published standard. This makes shell scripts written for it portable, something no other shell can lay claim to. The POSIX shell is basically a formalized version of the venerable Bourne shell, and on your system it lives at /bin/sh, unless you’re one of the unlucky masses for whom this is a symlink to bash.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy use POSIX shell?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe “Bourne Again shell”, aka bash, is not standardized. Its grammar, features, and behavior aren’t formally written up anywhere, and only one implementation of bash exists. Without a standard, bash is defined by its implementation. POSIX shell, on the other hand, has many competing implementations on many different operating systems - all of which are compatible with each other because they conform to the standard.\u003c/p\u003e\n\n\u003cp\u003eAny shell that utilizes features specific to Bash are not portable, which means you cannot take them with you to any other system. Many Linux-based systems do not use Bash or GNU coreutils. Outside of Linux, pretty much everyone but Hurd does not ship GNU tools, including bash1. On any of these systems, scripts using “bashisms” will not work.\u003c/p\u003e\n\n\u003cp\u003eThis is bad if your users wish to utilize your software anywhere other than GNU/Linux. If your build tooling utilizes bashisms, your software will not build on anything but GNU/Linux. If you ship runtime scripts that use bashisms, your software will not run on anything but GNU/Linux. The case for sticking to POSIX shell in shipping software is compelling, but I argue that you should stick to POSIX shell for your personal scripts, too. You might not care now, but when you feel like flirting with other Unicies you’ll thank me when all of your scripts work.\u003c/p\u003e\n\n\u003cp\u003eOne place where POSIX shell does not shine is for interactive use - a place where I think bash sucks, too. Any shell you want to use for your day-to-day command line work is okay in my book. I use fish. Use whatever you like interactively, but stick to POSIX sh for your scripts.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow do I use POSIX shell?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt the top of your scripts, put #!/bin/sh. You don’t have to worry about using env here like you might have been trained to do with bash: /bin/sh is the standardized location for the POSIX shell, and any standards-conforming system will either put it there or make your script work anyway.\u003c/p\u003e\n\n\u003cp\u003eThe next step is to avoid bashisms. There are many, but here are a few that might trip you up:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e[[ condition ]] does not work; use [ condition ]\u003c/li\u003e\n\u003cli\u003eArrays do not work; use IFS\u003c/li\u003e\n\u003cli\u003eLocal variables do not work; use a subshell\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe easiest way to learn about POSIX shell is to read the standard - it’s not too dry and shorter than you think.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsing standard coreutils\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe last step to writing portable scripts is to use portable tools. Your system may have GNU coreutils installed, which provides tools like grep and cut. Unfortunately, GNU has extended these tools with its own non-portable flags and tools. It’s important that you avoid these.\u003c/p\u003e\n\n\u003cp\u003eOne dead giveaway of a non-portable flag is long flags, e.g. grep --file=FILE as opposed to grep -f. The POSIX standard only defines the getopt function - not the proprietary GNU getopt_long function that’s used to interpret long options. As a result, no long flags are standardized. You might worry that this will make your scripts difficult to understand, but I think that on the whole it will not. Shell scripts are already pretty alien and require some knowledge to understand. Is knowledge of what the magic word grep means much different from knowledge of what grep -E means?\u003c/p\u003e\n\n\u003cp\u003eI also like that short flags allow you to make more concise command lines. Which is better: ps --all --format=user --without-tty, or ps -aux? If you are inclined to think the former, do you also prefer function(a, b, c) { return a + b + c; } over (a, b, c) =\u0026gt; a + b + c? Conciseness matters, and POSIX shell supports comments if necessary!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome tips for using short flags:\u003c/li\u003e\n\u003cli\u003eThey can be collapsed: cmd -a -b -c is equivalent to cmd -abc\u003c/li\u003e\n\u003cli\u003eIf they take additional arguments, either a space or no separation is acceptable: cmd -f\u0026quot;hello world\u0026quot; or cmd -f \u0026quot;hello world\u0026quot;\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA good reference for learning about standardized commands is, once again, the standard. From this page, search for the command you want, or navigate through “Shell \u0026amp; Utilities” -\u0026gt; “Utilities” for a list. If you have man-pages installed, you will also find POSIX man pages installed on your system with the p postfix, such as man 1p grep. Note: at the time of writing, the POSIX man pages do not use dashes if your locale is UTF-8, which makes searching for flags with / difficult. Use env LC_ALL=POSIX man 1p grep if you need to search for flags, and I’ll speak to the maintainer of man-pages about this.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://landonf.org/code/freebsd/Broadcom_WiFi_Improvements.20180122.html\" rel=\"nofollow\"\u003eFreeBSD Broadcom Wi-Fi Improvements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince 2015, I\u0026#39;ve been working on improving FreeBSD support for Broadcom Wi-Fi devices and SoCs, including authoring the bhnd(4) driver family, which provides a unified bus and driver programming interface for these devices.\u003c/p\u003e\n\n\u003cp\u003eFirst committed in early 2016, bhnd(4) allowed us to quickly bring up FreeBSD/MIPS on Broadcom SoCs, but it has taken much longer to implement the full set of features required to support modern Broadcom SoftMAC Wi-Fi hardware.\u003c/p\u003e\n\n\u003cp\u003eThanks to the generosity of the FreeBSD Foundation, I\u0026#39;ve recently finished implementing the necessary improvements to the bhnd(4) driver family. With these changes in place, I was finally able to port the existing bwn(4) Broadcom SoftMAC Wi-Fi driver to the bhnd(4) bus, and implement initial support for the BCM43224 and BCM43225 chipsets, with additional hardware support to be forthcoming.\u003c/p\u003e\n\n\u003cp\u003eNow that my efforts on FreeBSD/Broadcom Wi-Fi support have progressed far enough to be generally useful, I wanted to take some time to provide a brief overview of Broadcom\u0026#39;s Wi-Fi hardware, and explain how my work provides a foundation for further FreeBSD Broadcom Wi-Fi/SoC improvements.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Brief Background on Broadcom Wi-Fi Hardware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBroadcom\u0026#39;s Wi-Fi devices are members of the Broadcom Home Networking Division (BHND) device family; other BHND devices include MIPS/ARM SoCs (including Wi-Fi SoCs commonly found in consumer access points), as well as a large variety of related networking hardware.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBHND devices utilize a common set of Broadcom IP cores (or \u0026quot;functional blocks\u0026quot;) connected via one of two on-chip bus architectures:\u003c/li\u003e\n\u003cli\u003eHardware designed prior to 2009 used Broadcom’s “SSB” backplane architecture, based on Sonics Silicon’s interconnect IP.\u003c/li\u003e\n\u003cli\u003eSubsequent hardware adopted Broadcom’s “BCMA” backplane, based on ARM’s AMBA IP. The IP cores used in earlier SSB-based devices were adapted for compatibility with the new backplane.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen BHND hardware is used in a PCI Wi-Fi card, or a SDIO Wi-Fi module, the device\u0026#39;s dual-mode peripheral controller is configured to operate as an endpoint device on the host\u0026#39;s peripheral bus, bridging access to the SoC hardware:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHost access to SoC address space is provided via a set of register windows (e.g., a set of configurable windows into SoC address space mapped via PCI BARs)\u003c/li\u003e\n\u003cli\u003eDMA is supported by the bridge core’s sparse mapping of host address space into the backplane address space. These address regions may be used as a target for the on-chip DMA engines.\u003c/li\u003e\n\u003cli\u003eAny backplane interrupt vectors routed to the bridge core may be mapped by the bridge to host interrupts (e.g., PCI INTx/MSI/MSI-X).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe host is generally expected to provide drivers for the IP cores found on the SoC backplane; since these cores are found in both BHND SoCs and BHND Wi-Fi devices, it is advantageous to share driver and platform code between the two targets.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eModernizing FreeBSD\u0026#39;s Broadcom SoftMAC Wi-Fi Support\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD support for Broadcom SoftMAC Wi-Fi adapters is provided by two partially overlapping PCI/CardBus drivers:\u003c/li\u003e\n\u003cli\u003eLegacy Wi-Fi adapters are supported by bwi(4). This driver remains in-tree to support devices incompatible with v4 or later firmware (e.g. BCM4301, BCM4302, BCM4306 rev 1-2), all of which were released prior to December 2002.\u003c/li\u003e\n\u003cli\u003eModern Wi-Fi adapters are supported by bwn(4), with access to on-chip cores mediated by bhnd(4).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePrior to my work porting bwn(4) to bhnd(4), access to on-chip cores was mediated by siba_bwn, a PCI/WiFi-specific derivative of the legacy siba(4) SSB bus driver. There were two major limitations to siba_bwn that have long blocked adding support for newer SoftMAC Wi-Fi chipsets: the newer BCMA interconnect found in post-2009 hardware was not supported by siba(4), and siba_bwn assumed a PCI/PCIe bridge, preventing its use on FreeBSD/MIPS Broadcom SoCs with interconnect-attached D11 cores.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe new bhnd(4) driver family, written as a replacement for siba(4) and siba_bwn, provides:\u003c/li\u003e\n\u003cli\u003eA unified bus driver interface for both SSB and BCMA on-chip interconnects\u003c/li\u003e\n\u003cli\u003eA generic BHND bridge driver framework for host-connected BHND devices (e.g. Wi-Fi adapters, etc)\u003c/li\u003e\n\u003cli\u003eA PCI/PCIe bridge core driver, for PCI-attached BHND devices.\u003c/li\u003e\n\u003cli\u003eAn abstract BHND NVRAM API, with support for the varied NVRAM formats found in BHND Wi-Fi adapters and SoCs.\u003c/li\u003e\n\u003cli\u003eDrivers for common BHND platform peripherals (UARTs, SPROM/flash, PMUs, etc)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBy porting bwn(4) to bhnd(4), we are now able to support existing BCMA devices with MAC/PHY/Radio combinations readily supported by bwn(4), as was the case with the BCM43224 and BCM43225 chipsets. This also opens the door to porting additional PHY support from Broadcom’s ISC-licensed Linux drivers, and will allow us to bring up bwn(4) on Broadcom WiSoCs supported by FreeBSD/MIPS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20180129/monitor-opensmtpd-using-logstash-grafana/\" rel=\"nofollow\"\u003eMonitor OpenSMTPD using Logstash and Grafana\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLogs are usefull. Graphs are sexy. Here’s a way to get a view on what happens to your OpenSMTPD traffic, using Web v2.0 tools ; namely Logstash \u0026amp; Grafana.\u003cbr\u003e\nFor those who would not be aware of those tools, logstash is some kind of log-parser that can eat syslog formatted logs and write them into elasticsearch ; in “document” format. Grafana is a Web frontend that can dig into various databases and render graphics from requests.\u003cbr\u003e\nI won’t go into the whole “how to install” process here. Installation is quite straight forward and online documentation is quite clear.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat you need\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenSMTPD deals with emails and logs its activity via Syslog.\u003cbr\u003e\nSyslog is configured to send the logs to Logstash.\u003cbr\u003e\nLogstash has a set of rules configured to transform the text-oriented information into searchable document-oriented data. The transformed data is stored into Elasticsearch.\u003cbr\u003e\nElasticsearch provides Web API to search and find stuff.\u003cbr\u003e\nGrafana connects to ELS to get data and draw the graphs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/CharmBUG/events/247995596/\" rel=\"nofollow\"\u003eCharmBUG Presentation - Writing FreeBSD Malware\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-February/014180.html\" rel=\"nofollow\"\u003eMarch London *BSD meeting 13/03/18\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/MateuszPiotrowski/Ports/Workshop\" rel=\"nofollow\"\u003eFreBSD Ports Workshop\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://speakerdeck.com/tsutsui/osc2018osaka\" rel=\"nofollow\"\u003eThe history of NetBSD/atari and support for ATARI compatible Milan / OSC2018Osaka\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.tiltedwindmillpress.com/?product=ssh-mastery-2nd-edition\" rel=\"nofollow\"\u003eSSH Mastery, 2nd Edition\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eStephen - \u003ca href=\"http://dpaste.com/06WTRB9#wrap\" rel=\"nofollow\"\u003eViewer Interview Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epb - \u003ca href=\"http://dpaste.com/0TZV6CM#wrap\" rel=\"nofollow\"\u003etrust expanding your 280TB pool\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTim - \u003ca href=\"http://dpaste.com/0759X1E#wrap\" rel=\"nofollow\"\u003eZFS questions for the ZFS Man\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDaniel - \u003ca href=\"http://dpaste.com/1SJXSBQ#wrap\" rel=\"nofollow\"\u003eZFS full backup question\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"GSoC 2018 Projects announced, tutorial FreeBSD jails with iocage, new Code of Conduct for FreeBSD, libhijack, and fancy monitoring for OpenSMTPD","date_published":"2018-02-21T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f6baf9a1-e78a-4997-9a29-0ca6f7453383.mp3","mime_type":"audio/mpeg","size_in_bytes":74658100,"duration_in_seconds":6221}]},{"id":"5647e1f4-9a10-426a-bb98-165793302cb3","title":"233: High on ZFS","url":"https://www.bsdnow.tv/233","content_text":"We explain the physics behind ZFS, DTrace switching to the GPL, Emacs debugging, syncookies coming to PF \u0026amp; FreeBSD’s history on EC2.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\n128 bit storage: Are you high?\n\n\nFor people who have heard about ZFS boiling oceans and wonder where that is coming from, we dug out this old piece from 2004 on the blog of ZFS co-creator Jeff Bonwick, originally from the Sun website.\n\n\n\n64 bits would have been plenty ... but then you can't talk out of your ass about boiling oceans then, can you?\nWell, it's a fair question. Why did we make ZFS a 128-bit storage system? What on earth made us think it's necessary? And how do we know it's sufficient? Let's start with the easy one: how do we know it's necessary?\n Some customers already have datasets on the order of a petabyte, or 250 bytes. Thus the 64-bit capacity limit of 264 bytes is only 14 doublings away. Moore's Law for storage predicts that capacity will continue to double every 9-12 months, which means we'll start to hit the 64-bit limit in about a decade. Storage systems tend to live for several decades, so it would be foolish to create a new one without anticipating the needs that will surely arise within its projected lifetime.\nIf 64 bits isn't enough, the next logical step is 128 bits. That's enough to survive Moore's Law until I'm dead, and after that, it's not my problem. But it does raise the question: what are the theoretical limits to storage capacity?\nAlthough we'd all like Moore's Law to continue forever, quantum mechanics imposes some fundamental limits on the computation rate and information capacity of any physical device. In particular, it has been shown that 1 kilogram of matter confined to 1 liter of space can perform at most 1051 operations per second on at most 1031 bits of information [see Seth Lloyd, \"Ultimate physical limits to computation.\" Nature 406, 1047-1054 (2000)]. A fully-populated 128-bit storage pool would contain 2128 blocks = 2137 bytes = 2140 bits; therefore the minimum mass required to hold the bits would be (2140 bits) / (1031 bits/kg) = 136 billion kg.\nThat's a lot of gear.\nTo operate at the 1031 bits/kg limit, however, the entire mass of the computer must be in the form of pure energy. By E=mc2, the rest energy of 136 billion kg is 1.2x1028 J. The mass of the oceans is about 1.4x1021 kg. It takes about 4,000 J to raise the temperature of 1 kg of water by 1 degree Celcius, and thus about 400,000 J to heat 1 kg of water from freezing to boiling.\nThe latent heat of vaporization adds another 2 million J/kg.\nThus the energy required to boil the oceans is about 2.4x106 J/kg * 1.4x1021 kg = \n3.4x1027 J. Thus, fully populating a 128-bit storage pool would, literally, require more energy than boiling the oceans.\n\n\n\nBest part of all: you don’t have to understand any of this to use ZFS. Rest assured that you won’t hit any limits with that filesystem for a long time. You still have to buy bigger disks over time, though...\n***\n\n\ndtrace for Linux, Oracle relicenses dtrace\n\n\nAt Fosdem we had a talk on dtrace for linux in the Debugging Tools devroom.\n\nNot explicitly mentioned in that talk, but certainly the most exciting thing, is that Oracle is doing a proper linux kernel port:\n\n\n commit e1744f50ee9bc1978d41db7cc93bcf30687853e6\n Author: Tomas Jedlicka \u0026lt;tomas.jedlicka@oracle.com\u0026gt;\n Date: Tue Aug 1 09:15:44 2017 -0400\n\n dtrace: Integrate DTrace Modules into kernel proper\n\n This changeset integrates DTrace module sources into the main kernel\n source tree under the GPLv2 license. Sources have been moved to\n appropriate locations in the kernel tree.\n\n\n\nThat is right, dtrace dropped the CDDL and switched to the GPL!\n\nThe user space code dtrace-utils and libdtrace-ctf (a combination of GPLv2 and UPL) can be found on the DTrace Project Source Control page. The NEWS file mentions the license switch (and that it is build upon elfutils, which I personally was pleased to find out).\n\nThe kernel sources (GPLv2+ for the core kernel and UPL for the uapi) are slightly harder to find because they are inside the uek kernel source tree, but following the above commit you can easily get at the whole linux kernel dtrace directory.\n\nThe UPL is the Universal Permissive License, which according to the FSF is a lax, non-copyleft license that is compatible with the GNU GPL.\n\nThank you Oracle for making everyone’s life easier by waving your magic relicensing wand!\n\nNow there is lots of hard work to do to actually properly integrate this. And I am sure there are a lot of technical hurdles when trying to get this upstreamed into the mainline kernel. But that is just hard work. Which we can now start collaborating on in earnest.\n\nLike systemtap and the Dynamic Probes (dprobes) before it, dtrace is a whole system observability tool combining tracing, profiling and probing/debugging techniques. Something the upstream linux kernel hackers don’t always appreciate when presented as one large system. They prefer having separate small tweaks for tracing, profiling and probing which are mostly separate from each other. It took years for the various hooks, kprobes, uprobes, markers, etc. from systemtap (and other systems) to get upstream. But these days they are. And there is now even a byte code interpreter (eBPF) in the mainline kernel as originally envisioned by dprobes, which systemtap can now target through stapbpf. So with all those techniques now available in the linux kernel it will be exciting to see if dtrace for linux can unite them all.\n\n\n\n\nDebugging Emacs or: How I Learned to Stop Worrying and Love DTrace\n\n\nFor some time Elfeed was experiencing a strange, spurious failure. Every so often users were seeing an error (spoiler warning) when updating feeds: “error in process sentinel: Search failed.” If you use Elfeed, you might have even seen this yourself. From the surface it appeared that curl, tasked with the responsibility for downloading feed data, was producing incomplete output despite reporting a successful run. Since the run was successful, Elfeed assumed certain data was in curl’s output buffer, but, since it wasn’t, it failed hard.\n\nUnfortunately this issue was not reproducible. Manually running curl outside of Emacs never revealed any issues. Asking Elfeed to retry fetching the feeds would work fine. The issue would only randomly rear its head when Elfeed was fetching many feeds in parallel, under stress. By the time the error was discovered, the curl process had exited and vital debugging information was lost. Considering that this was likely to be a bug in Emacs itself, there really wasn’t a reliable way to capture the necessary debugging information from within Emacs Lisp. And, indeed, this later proved to be the case.\n\nA quick-and-dirty work around is to use condition-case to catch and swallow the error. When the bizarre issue shows up, rather than fail badly in front of the user, Elfeed could attempt to swallow the error — assuming it can be reliably detected — and treat the fetch as simply a failure. That didn’t sit comfortably with me. Elfeed had done its due diligence checking for errors already. Someone was lying to Elfeed, and I intended to catch them with their pants on fire. Someday.\n\nI’d just need to witness the bug on one of my own machines. Elfeed is part of my daily routine, so surely I’d have to experience this issue myself someday. My plan was, should that day come, to run a modified Elfeed, instrumented to capture extra data. I would have also routinely run Emacs under GDB so that I could inspect the failure more deeply.\n\nFor now I just had to wait to hunt that zebra.\n\n\n\nBryan Cantrill, DTrace, and FreeBSD\n\n\n\nOver the holidays I re-discovered Bryan Cantrill, a systems software engineer who worked for Sun between 1996 and 2010, and is most well known for DTrace. My first exposure to him was in a BSD Now interview in 2015. I had re-watched that interview and decided there was a lot more I had to learn from him. He’s become a personal hero to me. So I scoured the internet for more of his writing and talks.\n\nSome interesting operating system technology came out of Sun during its final 15 or so years — most notably DTrace and ZFS — and Bryan speaks about it passionately. Almost as a matter of luck, most of it survived the Oracle acquisition thanks to Sun releasing it as open source in just the nick of time. Otherwise it would have been lost forever. The scattered ex-Sun employees, still passionate about their prior work at Sun, along with some of their old customers have since picked up the pieces and kept going as a community under the name illumos. It’s like an open source flotilla.\n\nNaturally I wanted to get my hands on this stuff to try it out for myself. Is it really as good as they say? Normally I stick to Linux, but it (generally) doesn’t have these Sun technologies available. The main reason is license incompatibility. Sun released its code under the CDDL, which is incompatible with the GPL. Ubuntu does infamously include ZFS, but other distributions are unwilling to take that risk. Porting DTrace is a serious undertaking since it’s got its fingers throughout the kernel, which also makes the licensing issues even more complicated.\n\nLinux has a reputation for Not Invented Here (NIH) syndrome, and these licensing issues certainly contribute to that. Rather than adopt ZFS and DTrace, they’ve been reinvented from scratch: btrfs instead of ZFS, and a slew of partial options instead of DTrace. Normally I’m most interested in system call tracing, and my go to is strace, though it certainly has its limitations — including this situation of debugging curl under Emacs. Another famous example of NIH is Linux’s epoll(2), which is a broken version of BSD kqueue(2).\n\nSo, if I want to try these for myself, I’ll need to install a different operating system. I’ve dabbled with OmniOS, an OS built on illumos, in virtual machines, using it as an alien environment to test some of my software (e.g. enchive). OmniOS has a philosophy called Keep Your Software To Yourself (KYSTY), which is really just code for “we don’t do packaging.” Honestly, you can’t blame them since they’re a tiny community. The best solution to this is probably pkgsrc, which is essentially a universal packaging system. Otherwise you’re on your own.\n\nThere’s also openindiana, which is a more friendly desktop-oriented illumos distribution. Still, the short of it is that you’re very much on your own when things don’t work. The situation is like running Linux a couple decades ago, when it was still difficult to do.\n\nIf you’re interested in trying DTrace, the easiest option these days is probably FreeBSD. It’s got a big, active community, thorough documentation, and a huge selection of packages. Its license (the BSD license, duh) is compatible with the CDDL, so both ZFS and DTrace have been ported to FreeBSD.\n\n\n\nWhat is DTrace?\n\n\n\nI’ve done all this talking but haven’t yet described what DTrace really is. I won’t pretend to write my own tutorial, but I’ll provide enough information to follow along. DTrace is a tracing framework for debugging production systems in real time, both for the kernel and for applications. The “production systems” part means it’s stable and safe — using DTrace won’t put your system at risk of crashing or damaging data. The “real time” part means it has little impact on performance. You can use DTrace on live, active systems with little impact. Both of these core design principles are vital for troubleshooting those really tricky bugs that only show up in production.\n\nThere are DTrace probes scattered all throughout the system: on system calls, scheduler events, networking events, process events, signals, virtual memory events, etc. Using a specialized language called D (unrelated to the general purpose programming language D), you can dynamically add behavior at these instrumentation points. Generally the behavior is to capture information, but it can also manipulate the event being traced.\n\nEach probe is fully identified by a 4-tuple delimited by colons: provider, module, function, and probe name. An empty element denotes a sort of wildcard. For example, syscall::open:entry is a probe at the beginning (i.e. “entry”) of open(2). syscall:::entry matches all system call entry probes.\n\nUnlike strace on Linux which monitors a specific process, DTrace applies to the entire system when active. To run curl under strace from Emacs, I’d have to modify Emacs’ behavior to do so. With DTrace I can instrument every curl process without making a single change to Emacs, and with negligible impact to Emacs. That’s a big deal.\n\nSo, when it comes to this Elfeed issue, FreeBSD is much better poised for debugging the problem. All I have to do is catch it in the act. However, it’s been months since that bug report and I’m not really making this connection yet. I’m just hoping I eventually find an interesting problem where I can apply DTrace.\n\n\n\nBryan Cantrill: Talks I have given\n***\n\n\nNews Roundup\n\na2k18 Hackathon preview: Syncookies coming to PF\n\n\nAs you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on.\nOne eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation:\n\n\nsyncookies for pf.\n\nwhen syncookies are on, pf will blindly answer each and every SYN with a syncookie-SYNACK. Upon reception of the ACK completing the 3WHS, pf will reconstruct the original SYN, shove it through pf_test, where state will be created if the ruleset permits it. Then massage the freshly created state (we won't see the SYNACK), set up the sequence number modulator, and call into the existing synproxy code to start the 3WHS with the backend host.\n\nAdd an - somewhat basic for now - adaptive mode where syncookies get enabled if a certain percentage of the state table is filled up with half-open tcp connections. This makes pf firewalls resilient against large synflood attacks.\n\nsyncookies are off by default until we gained more experience, considered experimental for now.\n\nsee http://bulabula.org/papers/2017/bsdcan/ for more details.\n\njoint work with sashan@, widely discussed and with lots of input by many\n\n\n\nThe first release to have this feature available will probably be the upcoming OpenBSD 6.3 if a sufficient number of people test this in their setups (hint, hint). More info is likely to emerge soon in post-hackathon writeups, so watch this space!\n\n\n\n\n[Pale Moon]\n\n\nA Perfect example of how not to approach OS developers/packagers\nRemoved from OpenBSD Ports due to Licensing Issues\nFreeBSD Palemoon branding violation\nMightnight BSD's response\n***\n\n\nFreeBSD EC2 History\n\n\nA couple years ago Jeff Barr published a blog post with a timeline of EC2 instances. I thought at the time that I should write up a timeline of the FreeBSD/EC2 platform, but I didn't get around to it; but last week, as I prepared to ask for sponsorship for my work I decided that it was time to sit down and collect together the long history of how the platform has evolved and improved over the years.\nNormally I don't edit blog posts after publishing them (with the exception of occasional typographical corrections), but I do plan on keeping this post up to date with future developments.\n\n\n\nAugust 25, 2006: Amazon EC2 launches. It supports a single version of Ubuntu Linux; FreeBSD is not available.\nDecember 13, 2010: I manage to get FreeBSD running on EC2 t1.micro instances.\nMarch 22, 2011: I manage to get FreeBSD running on EC2 \"cluster compute\" instances.\nJuly 8, 2011: I get FreeBSD 8.2 running on all 64-bit EC2 instance types, by marking it as \"Windows\" in order to get access to Xen/HVM virtualization. (Unfortunately this meant that users had to pay the higher \"Windows\" hourly pricing.)\nJanuary 16, 2012: I get FreeBSD 9.0 running on 32-bit EC2 instances via the same \"defenestration\" trick. (Again, paying the \"Windows\" prices.)\nAugust 16, 2012: I move the FreeBSD rc.d scripts which handle \"EC2\" functionality (e.g., logging SSH host keys to the console) into the FreeBSD ports tree.\nOctober 7, 2012: I rework the build process for FreeBSD 9.1-RC1 and later to use \"world\" bits extracted from the release ISOs; only the kernel is custom-built. Also, the default SSH user changes from \"root\" to \"ec2-user\".\nOctober 31, 2012: Amazon launches the \"M3\" family of instances, which support Xen/HVM without FreeBSD needing to pay the \"Windows\" tax.\nNovember 21, 2012: I get FreeBSD added to the AWS Marketplace.\nOctober 2, 2013: I finish merging kernel patches into the FreeBSD base system, and rework the AMI build (again) so that FreeBSD 10.0-ALPHA4 and later use bits extracted from the release ISOs for the entire system (world + kernel). FreeBSD Update can now be used for updating everything (because now FreeBSD/EC2 uses a GENERIC kernel).\nOctober 27, 2013: I add code to EC2 images so that FreeBSD 10.0-BETA2 and later AMIs will run FreeBSD Update when they first boot in order to download and install any critical updates.\nDecember 1, 2013: I add code to EC2 images so that FreeBSD 10.0-BETA4 and later AMIs bootstrap the pkg tool and install packages at boot time (by default, the \"awscli\" package).\nDecember 9, 2013: I add configinit to FreeBSD 10.0-RC1 and later to allow systems to be easily configured via EC2 user-data.\nJuly 1, 2014: Amazon launches the \"T2\" family of instances; now the most modern family for every type of EC2 instance (regular, high-memory, high-CPU, high-I/O, burstable) supports HVM and there should no longer be any need for FreeBSD users to pay the \"Windows tax\".\nNovember 24, 2014: I add code to FreeBSD 10.2 and later to automatically resize their root filesystems when they first boot; this means that a larger root disk can be specified at instance launch time and everything will work as expected.\nApril 1, 2015: I integrate the FreeBSD/EC2 build process into the FreeBSD release building process; FreeBSD 10.2-BETA1 and later AMIs are built by the FreeBSD release engineering team.\nJanuary 12, 2016: I enable Intel 82599-based \"first generation EC2 Enhanced Networking\" in FreeBSD 11.0 and later.\nJune 9, 2016: I enable the new EC2 VGA console functionality in FreeBSD 11.0 and later. (The old serial console also continues to work.)\nJune 24, 2016: Intel 82599-based Enhanced Networking works reliably in FreeBSD 11.0 and later thanks to discovering and working around a Xen bug.\nJune 29, 2016: I improve throughput on Xen blkfront devices (/dev/xbd*) by enabling indirect segment I/Os in FreeBSD 10.4 and later. (I wrote this functionality in July 2015, but left it disabled by default a first because a bug in EC2 caused it to hurt performance on some instances.)\nJuly 7, 2016: I fix a bug in FreeBSD's virtual memory initialization in order to allow it to support boot with 128 CPUs; aka. FreeBSD 11.0 and later support the EC2 x1.32xlarge instance type.\nJanuary 26, 2017: I change the default configuration in FreeBSD 11.1 and later to support EC2's IPv6 networking setup out of the box (once you flip all of the necessary switches to enable IPv6 in EC2 itself).\nMay 20, 2017: In collaboration with Rick Macklem, I make FreeBSD 11.1 and later compatible with the Amazon \"Elastic File System\" (aka. NFSv4-as-a-service) via the newly added \"oneopenown\" mount option (and lots of bug fixes).\nMay 25, 2017: I enable support for the Amazon \"Elastic Network Adapter\" in FreeBSD 11.1 and later. (The vast majority of the work — porting the driver code — was done by Semihalf with sponsorship from Amazon.)\nDecember 5, 2017: I change the default configuration in FreeBSD 11.2 and later to make use of the Amazon Time Sync Service (aka. NTP-as-a-service).\nThe current status\nThe upcoming FreeBSD release (11.2) supports: IPv6, Enhanced Networking (both generations), Amazon Elastic File System, Amazon Time Sync Service, both consoles (Serial VGA), and every EC2 instance type (although I'm not sure if FreeBSD has drivers to make use of the FPGA or GPU hardware on those instances).\nColin's Patreon' page if you'd like to support him\n\n\n\n\nX network transparency\n\n\nX's network transparency has wound up mostly being a failure\n\n\n\nI was recently reading Mark Dominus's entry about some X keyboard problems, in which he said in passing (quoting himself):\n\nI have been wondering for years if X's vaunted network transparency was as big a failure as it seemed: an interesting idea, worth trying out, but one that eventually turned out to be more trouble than it was worth. [...]\n\nMy first reaction was to bristle, because I use X's network transparency all of the time at work. I have several programs to make it work very smoothly, and some core portions of my environment would be basically impossible without it. But there's a big qualification on my use of X's network transparency, namely that it's essentially all for text. When I occasionally go outside of this all-text environment of xterms and emacs and so on, it doesn't go as well.\n\nX's network transparency was not designed as 'it will run xterm well'; originally it was to be something that should let you run almost everything remotely, providing a full environment. Even apart from the practical issues covered in Daniel Stone's slide presentation, it's clear that it's been years since X could deliver a real first class environment over the network. You cannot operate with X over the network in the same way that you do locally. Trying to do so is painful and involves many things that either don't work at all or perform so badly that you don't want to use them.\n\nIn my view, there are two things that did in general X network transparency. The first is that networks turned out to not be fast enough even for ordinary things that people wanted to do, at least not the way that X used them. The obvious case is web browsers; once the web moved to lots of images and worse, video, that was pretty much it, especially with 24-bit colour.\n\n(It's obviously not impossible to deliver video across the network with good performance, since YouTube and everyone else does it. But their video is highly encoded in specialized formats, not handled by any sort of general 'send successive images to the display' system.)\n\nThe second is that the communication facilities that X provided were too narrow and limited. This forced people to go outside of them in order to do all sorts of things, starting with audio and moving on to things like DBus and other ways of coordinating environments, handling sophisticated configuration systems, modern fonts, and so on. When people designed these additional communication protocols, the result generally wasn't something that could be used over the network (especially not without a bunch of setup work that you had to do in addition to remote X). Basic X clients that use X properties for everything may be genuinely network transparent, but there are very few of those left these days. (Not even xterm is any more, at least if you use XFT fonts. XFT fonts are rendered in the client, and so different hosts may have different renderings of the same thing, cf.)\n\n\n\u0026lt; What remains of X's network transparency is still useful to some of us, but it's only a shadow of what the original design aimed for. I don't think it was a mistake for X to specifically design it in (to the extent that they did, which is less than you might think), and it did help X out pragmatically in the days of X terminals, but that's mostly it.\n\n(I continue to think that remote display protocols are useful in general, but I'm in an usual situation. Most people only ever interact with remote machines with either text mode SSH or a browser talking to a web server on the remote machine.)\n\n\nPS: The X protocol issues with synchronous requests that Daniel Stone talks about don't help the situation, but I think that even with those edges sanded off X's network transparency wouldn't be a success. Arguably X's protocol model committed a lesser version of part of the NeWS mistake.\n\n\n\nX's network transparency was basically free at the time\n\n\n\nI recently wrote an entry about how X's network transparency has wound up mostly being a failure for various reasons. However, there is an important flipside to the story of X's network transparency, and that is that X's network transparency was almost free at the time and in the context it was created. Unlike the situation today, in the beginning X did not have to give up lots of performance or other things in order to get network transparency.\n\nX originated in the mid 1980s and it was explicitly created to be portable across various Unixes, especially BSD-derived ones (because those were what universities were mostly using at that time). In the mid to late 1980s, Unix had very few IPC methods, especially portable ones. In particular, BSD systems did not have shared memory (it was called 'System V IPC' for the obvious reasons). BSD had TCP and Unix sockets, some System V machines had TCP (and you could likely assume that more would get it), and in general your safest bet was to assume some sort of abstract stream protocol and then allow for switchable concrete backends. Unsurprisingly, this is exactly what X did; the core protocol is defined as a bidirectional stream of bytes over an abstracted channel. (And the concrete implementation of $DISPLAY has always let you specify the transport mechanism, as well as allowing your local system to pick the best mechanism it has.)\n\nOnce you've decided that your protocol has to run over abstracted streams, it's not that much more work to make it network transparent (TCP provides streams, after all). X could have refused to make the byte order of the stream clear or required the server and the client to have access to some shared files (eg for fonts), but I don't think either would have been a particularly big win. I'm sure that it took some extra effort and care to make X work across TCP from a different machine, but I don't think it took very much. (At the same time, my explanation here is probably a bit ahistorical. X's initial development seems relatively strongly tied to sometimes having clients on different machines than the display, which is not unreasonable for the era. But it doesn't hurt to get a feature that you want anyway for a low cost.)\n\nI believe it's important here that X was intended to be portable across different Unixes. If you don't care about portability and can get changes made to your Unix, you can do better (for example, you can add some sort of shared memory or process to process virtual memory transfer). I'm not sure how the 1980s versions of SunView worked, but I believe they were very SunOS dependent. Wikipedia says SunView was partly implemented in the kernel, which is certainly one way to both share memory and speed things up.\n\nPS: Sharing memory through mmap() and friends was years in the future at this point and required significant changes when it arrived.\n\n\n\n\nBeastie Bits\n\n\nGrace Hopper Celebration 2018 Call for Participation\nGoogle Summer of Code: Call for Project Ideas\nThe OpenBSD Foundation 2018 Fundraising Campaign\nSSH Mastery 2/e out\nAsiaBSDcon 2018 Registration is open\nTarsnap support for Bitcoin ending April 1st; and a Chrome bug\n\n\n\n\nFeedback/Questions\n\n\nTodd - Couple Questions\nSeth - Tar Snap\nAlex - sudo question\nThomas - FreeBSD on ARM?\nAlbert - Austria BSD User Group\n\n\n","content_html":"\u003cp\u003eWe explain the physics behind ZFS, DTrace switching to the GPL, Emacs debugging, syncookies coming to PF \u0026amp; FreeBSD’s history on EC2.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blogs.oracle.com/bonwick/128-bit-storage:-are-you-high\" rel=\"nofollow\"\u003e128 bit storage: Are you high?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor people who have heard about ZFS boiling oceans and wonder where that is coming from, we dug out this old piece from 2004 on the blog of ZFS co-creator Jeff Bonwick, originally from the Sun website.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e64 bits would have been plenty ... but then you can\u0026#39;t talk out of your ass about boiling oceans then, can you?\u003cbr\u003e\nWell, it\u0026#39;s a fair question. Why did we make ZFS a 128-bit storage system? What on earth made us think it\u0026#39;s necessary? And how do we know it\u0026#39;s sufficient? Let\u0026#39;s start with the easy one: how do we know it\u0026#39;s necessary?\u003cbr\u003e\n Some customers already have datasets on the order of a petabyte, or 2\u003csup\u003e50\u003c/sup\u003e bytes. Thus the 64-bit capacity limit of 2\u003csup\u003e64\u003c/sup\u003e bytes is only 14 doublings away. Moore\u0026#39;s Law for storage predicts that capacity will continue to double every 9-12 months, which means we\u0026#39;ll start to hit the 64-bit limit in about a decade. Storage systems tend to live for several decades, so it would be foolish to create a new one without anticipating the needs that will surely arise within its projected lifetime.\u003cbr\u003e\nIf 64 bits isn\u0026#39;t enough, the next logical step is 128 bits. That\u0026#39;s enough to survive Moore\u0026#39;s Law until I\u0026#39;m dead, and after that, it\u0026#39;s not my problem. But it does raise the question: what are the theoretical limits to storage capacity?\u003cbr\u003e\nAlthough we\u0026#39;d all like Moore\u0026#39;s Law to continue forever, quantum mechanics imposes some fundamental limits on the computation rate and information capacity of any physical device. In particular, it has been shown that 1 kilogram of matter confined to 1 liter of space can perform at most 10\u003csup\u003e51\u003c/sup\u003e operations per second on at most 10\u003csup\u003e31\u003c/sup\u003e bits of information [see Seth Lloyd, \u0026quot;Ultimate physical limits to computation.\u0026quot; Nature 406, 1047-1054 (2000)]. A fully-populated 128-bit storage pool would contain 2\u003csup\u003e128\u003c/sup\u003e blocks = 2\u003csup\u003e137\u003c/sup\u003e bytes = 2\u003csup\u003e140\u003c/sup\u003e bits; therefore the minimum mass required to hold the bits would be (2\u003csup\u003e140\u003c/sup\u003e bits) / (10\u003csup\u003e31\u003c/sup\u003e bits/kg) = 136 billion kg.\u003cbr\u003e\nThat\u0026#39;s a lot of gear.\u003cbr\u003e\nTo operate at the 1031 bits/kg limit, however, the entire mass of the computer must be in the form of pure energy. By E=mc\u003csup\u003e2,\u003c/sup\u003e the rest energy of 136 billion kg is 1.2x1028 J. The mass of the oceans is about 1.4x1021 kg. It takes about 4,000 J to raise the temperature of 1 kg of water by 1 degree Celcius, and thus about 400,000 J to heat 1 kg of water from freezing to boiling.\u003cbr\u003e\nThe latent heat of vaporization adds another 2 million J/kg.\u003cbr\u003e\nThus the energy required to boil the oceans is about 2.4x106 J/kg * 1.4x1021 kg = \u003cbr\u003e\n3.4x1027 J. Thus, fully populating a 128-bit storage pool would, literally, require more energy than boiling the oceans.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBest part of all: you don’t have to understand any of this to use ZFS. Rest assured that you won’t hit any limits with that filesystem for a long time. You still have to buy bigger disks over time, though...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gnu.wildebeest.org/blog/mjw/2018/02/14/dtrace-for-linux-oracle-does-the-right-thing/\" rel=\"nofollow\"\u003edtrace for Linux, Oracle relicenses dtrace\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt Fosdem we had a talk on dtrace for linux in the Debugging Tools devroom.\u003c/p\u003e\n\n\u003cp\u003eNot explicitly mentioned in that talk, but certainly the most exciting thing, is that Oracle is doing a proper linux kernel port:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e commit e1744f50ee9bc1978d41db7cc93bcf30687853e6\n Author: Tomas Jedlicka \u0026lt;tomas.jedlicka@oracle.com\u0026gt;\n Date: Tue Aug 1 09:15:44 2017 -0400\n\n dtrace: Integrate DTrace Modules into kernel proper\n\n This changeset integrates DTrace module sources into the main kernel\n source tree under the GPLv2 license. Sources have been moved to\n appropriate locations in the kernel tree.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThat is right, dtrace dropped the CDDL and switched to the GPL!\u003c/p\u003e\n\n\u003cp\u003eThe user space code dtrace-utils and libdtrace-ctf (a combination of GPLv2 and UPL) can be found on the DTrace Project Source Control page. The NEWS file mentions the license switch (and that it is build upon elfutils, which I personally was pleased to find out).\u003c/p\u003e\n\n\u003cp\u003eThe kernel sources (GPLv2+ for the core kernel and UPL for the uapi) are slightly harder to find because they are inside the uek kernel source tree, but following the above commit you can easily get at the whole linux kernel dtrace directory.\u003c/p\u003e\n\n\u003cp\u003eThe UPL is the Universal Permissive License, which according to the FSF is a lax, non-copyleft license that is compatible with the GNU GPL.\u003c/p\u003e\n\n\u003cp\u003eThank you Oracle for making everyone’s life easier by waving your magic relicensing wand!\u003c/p\u003e\n\n\u003cp\u003eNow there is lots of hard work to do to actually properly integrate this. And I am sure there are a lot of technical hurdles when trying to get this upstreamed into the mainline kernel. But that is just hard work. Which we can now start collaborating on in earnest.\u003c/p\u003e\n\n\u003cp\u003eLike systemtap and the Dynamic Probes (dprobes) before it, dtrace is a whole system observability tool combining tracing, profiling and probing/debugging techniques. Something the upstream linux kernel hackers don’t always appreciate when presented as one large system. They prefer having separate small tweaks for tracing, profiling and probing which are mostly separate from each other. It took years for the various hooks, kprobes, uprobes, markers, etc. from systemtap (and other systems) to get upstream. But these days they are. And there is now even a byte code interpreter (eBPF) in the mainline kernel as originally envisioned by dprobes, which systemtap can now target through stapbpf. So with all those techniques now available in the linux kernel it will be exciting to see if dtrace for linux can unite them all.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://nullprogram.com/blog/2018/01/17/\" rel=\"nofollow\"\u003eDebugging Emacs or: How I Learned to Stop Worrying and Love DTrace\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor some time Elfeed was experiencing a strange, spurious failure. Every so often users were seeing an error (spoiler warning) when updating feeds: “error in process sentinel: Search failed.” If you use Elfeed, you might have even seen this yourself. From the surface it appeared that curl, tasked with the responsibility for downloading feed data, was producing incomplete output despite reporting a successful run. Since the run was successful, Elfeed assumed certain data was in curl’s output buffer, but, since it wasn’t, it failed hard.\u003c/p\u003e\n\n\u003cp\u003eUnfortunately this issue was not reproducible. Manually running curl outside of Emacs never revealed any issues. Asking Elfeed to retry fetching the feeds would work fine. The issue would only randomly rear its head when Elfeed was fetching many feeds in parallel, under stress. By the time the error was discovered, the curl process had exited and vital debugging information was lost. Considering that this was likely to be a bug in Emacs itself, there really wasn’t a reliable way to capture the necessary debugging information from within Emacs Lisp. And, indeed, this later proved to be the case.\u003c/p\u003e\n\n\u003cp\u003eA quick-and-dirty work around is to use condition-case to catch and swallow the error. When the bizarre issue shows up, rather than fail badly in front of the user, Elfeed could attempt to swallow the error — assuming it can be reliably detected — and treat the fetch as simply a failure. That didn’t sit comfortably with me. Elfeed had done its due diligence checking for errors already. Someone was lying to Elfeed, and I intended to catch them with their pants on fire. Someday.\u003c/p\u003e\n\n\u003cp\u003eI’d just need to witness the bug on one of my own machines. Elfeed is part of my daily routine, so surely I’d have to experience this issue myself someday. My plan was, should that day come, to run a modified Elfeed, instrumented to capture extra data. I would have also routinely run Emacs under GDB so that I could inspect the failure more deeply.\u003c/p\u003e\n\n\u003cp\u003eFor now I just had to wait to hunt that zebra.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBryan Cantrill, DTrace, and FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the holidays I re-discovered Bryan Cantrill, a systems software engineer who worked for Sun between 1996 and 2010, and is most well known for DTrace. My first exposure to him was in a BSD Now interview in 2015. I had re-watched that interview and decided there was a lot more I had to learn from him. He’s become a personal hero to me. So I scoured the internet for more of his writing and talks.\u003c/p\u003e\n\n\u003cp\u003eSome interesting operating system technology came out of Sun during its final 15 or so years — most notably DTrace and ZFS — and Bryan speaks about it passionately. Almost as a matter of luck, most of it survived the Oracle acquisition thanks to Sun releasing it as open source in just the nick of time. Otherwise it would have been lost forever. The scattered ex-Sun employees, still passionate about their prior work at Sun, along with some of their old customers have since picked up the pieces and kept going as a community under the name illumos. It’s like an open source flotilla.\u003c/p\u003e\n\n\u003cp\u003eNaturally I wanted to get my hands on this stuff to try it out for myself. Is it really as good as they say? Normally I stick to Linux, but it (generally) doesn’t have these Sun technologies available. The main reason is license incompatibility. Sun released its code under the CDDL, which is incompatible with the GPL. Ubuntu does infamously include ZFS, but other distributions are unwilling to take that risk. Porting DTrace is a serious undertaking since it’s got its fingers throughout the kernel, which also makes the licensing issues even more complicated.\u003c/p\u003e\n\n\u003cp\u003eLinux has a reputation for Not Invented Here (NIH) syndrome, and these licensing issues certainly contribute to that. Rather than adopt ZFS and DTrace, they’ve been reinvented from scratch: btrfs instead of ZFS, and a slew of partial options instead of DTrace. Normally I’m most interested in system call tracing, and my go to is strace, though it certainly has its limitations — including this situation of debugging curl under Emacs. Another famous example of NIH is Linux’s epoll(2), which is a broken version of BSD kqueue(2).\u003c/p\u003e\n\n\u003cp\u003eSo, if I want to try these for myself, I’ll need to install a different operating system. I’ve dabbled with OmniOS, an OS built on illumos, in virtual machines, using it as an alien environment to test some of my software (e.g. enchive). OmniOS has a philosophy called Keep Your Software To Yourself (KYSTY), which is really just code for “we don’t do packaging.” Honestly, you can’t blame them since they’re a tiny community. The best solution to this is probably pkgsrc, which is essentially a universal packaging system. Otherwise you’re on your own.\u003c/p\u003e\n\n\u003cp\u003eThere’s also openindiana, which is a more friendly desktop-oriented illumos distribution. Still, the short of it is that you’re very much on your own when things don’t work. The situation is like running Linux a couple decades ago, when it was still difficult to do.\u003c/p\u003e\n\n\u003cp\u003eIf you’re interested in trying DTrace, the easiest option these days is probably FreeBSD. It’s got a big, active community, thorough documentation, and a huge selection of packages. Its license (the BSD license, duh) is compatible with the CDDL, so both ZFS and DTrace have been ported to FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is DTrace?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve done all this talking but haven’t yet described what DTrace really is. I won’t pretend to write my own tutorial, but I’ll provide enough information to follow along. DTrace is a tracing framework for debugging production systems in real time, both for the kernel and for applications. The “production systems” part means it’s stable and safe — using DTrace won’t put your system at risk of crashing or damaging data. The “real time” part means it has little impact on performance. You can use DTrace on live, active systems with little impact. Both of these core design principles are vital for troubleshooting those really tricky bugs that only show up in production.\u003c/p\u003e\n\n\u003cp\u003eThere are DTrace probes scattered all throughout the system: on system calls, scheduler events, networking events, process events, signals, virtual memory events, etc. Using a specialized language called D (unrelated to the general purpose programming language D), you can dynamically add behavior at these instrumentation points. Generally the behavior is to capture information, but it can also manipulate the event being traced.\u003c/p\u003e\n\n\u003cp\u003eEach probe is fully identified by a 4-tuple delimited by colons: provider, module, function, and probe name. An empty element denotes a sort of wildcard. For example, syscall::open:entry is a probe at the beginning (i.e. “entry”) of open(2). syscall:::entry matches all system call entry probes.\u003c/p\u003e\n\n\u003cp\u003eUnlike strace on Linux which monitors a specific process, DTrace applies to the entire system when active. To run curl under strace from Emacs, I’d have to modify Emacs’ behavior to do so. With DTrace I can instrument every curl process without making a single change to Emacs, and with negligible impact to Emacs. That’s a big deal.\u003c/p\u003e\n\n\u003cp\u003eSo, when it comes to this Elfeed issue, FreeBSD is much better poised for debugging the problem. All I have to do is catch it in the act. However, it’s been months since that bug report and I’m not really making this connection yet. I’m just hoping I eventually find an interesting problem where I can apply DTrace.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dtrace.org/blogs/bmc/2018/02/03/talks/\" rel=\"nofollow\"\u003eBryan Cantrill: Talks I have given\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180207090000\" rel=\"nofollow\"\u003ea2k18 Hackathon preview: Syncookies coming to PF\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on.\u003cbr\u003e\nOne eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003esyncookies for pf.\n\nwhen syncookies are on, pf will blindly answer each and every SYN with a syncookie-SYNACK. Upon reception of the ACK completing the 3WHS, pf will reconstruct the original SYN, shove it through pf_test, where state will be created if the ruleset permits it. Then massage the freshly created state (we won\u0026#39;t see the SYNACK), set up the sequence number modulator, and call into the existing synproxy code to start the 3WHS with the backend host.\n\nAdd an - somewhat basic for now - adaptive mode where syncookies get enabled if a certain percentage of the state table is filled up with half-open tcp connections. This makes pf firewalls resilient against large synflood attacks.\n\nsyncookies are off by default until we gained more experience, considered experimental for now.\n\nsee http://bulabula.org/papers/2017/bsdcan/ for more details.\n\njoint work with sashan@, widely discussed and with lots of input by many\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first release to have this feature available will probably be the upcoming OpenBSD 6.3 if a sufficient number of people test this in their setups (hint, hint). More info is likely to emerge soon in post-hackathon writeups, so watch this space!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e[Pale Moon]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Perfect example of how not to approach OS developers/packagers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jasperla/openbsd-wip/issues/86\" rel=\"nofollow\"\u003eRemoved from OpenBSD Ports due to Licensing Issues\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2018-February/112455.html\" rel=\"nofollow\"\u003eFreeBSD Palemoon branding violation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/midnightbsd/status/961232422091280386\" rel=\"nofollow\"\u003eMightnight BSD\u0026#39;s response\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2018-02-12-FreeBSD-EC2-history.html\" rel=\"nofollow\"\u003eFreeBSD EC2 History\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA couple years ago Jeff Barr published a blog post with a timeline of EC2 instances. I thought at the time that I should write up a timeline of the FreeBSD/EC2 platform, but I didn\u0026#39;t get around to it; but last week, as I prepared to ask for sponsorship for my work I decided that it was time to sit down and collect together the long history of how the platform has evolved and improved over the years.\u003cbr\u003e\nNormally I don\u0026#39;t edit blog posts after publishing them (with the exception of occasional typographical corrections), but I do plan on keeping this post up to date with future developments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAugust 25, 2006: Amazon EC2 launches. It supports a single version of Ubuntu Linux; FreeBSD is not available.\u003c/li\u003e\n\u003cli\u003eDecember 13, 2010: I manage to get FreeBSD running on EC2 t1.micro instances.\u003c/li\u003e\n\u003cli\u003eMarch 22, 2011: I manage to get FreeBSD running on EC2 \u0026quot;cluster compute\u0026quot; instances.\u003c/li\u003e\n\u003cli\u003eJuly 8, 2011: I get FreeBSD 8.2 running on all 64-bit EC2 instance types, by marking it as \u0026quot;Windows\u0026quot; in order to get access to Xen/HVM virtualization. (Unfortunately this meant that users had to pay the higher \u0026quot;Windows\u0026quot; hourly pricing.)\u003c/li\u003e\n\u003cli\u003eJanuary 16, 2012: I get FreeBSD 9.0 running on 32-bit EC2 instances via the same \u0026quot;defenestration\u0026quot; trick. (Again, paying the \u0026quot;Windows\u0026quot; prices.)\u003c/li\u003e\n\u003cli\u003eAugust 16, 2012: I move the FreeBSD rc.d scripts which handle \u0026quot;EC2\u0026quot; functionality (e.g., logging SSH host keys to the console) into the FreeBSD ports tree.\u003c/li\u003e\n\u003cli\u003eOctober 7, 2012: I rework the build process for FreeBSD 9.1-RC1 and later to use \u0026quot;world\u0026quot; bits extracted from the release ISOs; only the kernel is custom-built. Also, the default SSH user changes from \u0026quot;root\u0026quot; to \u0026quot;ec2-user\u0026quot;.\u003c/li\u003e\n\u003cli\u003eOctober 31, 2012: Amazon launches the \u0026quot;M3\u0026quot; family of instances, which support Xen/HVM without FreeBSD needing to pay the \u0026quot;Windows\u0026quot; tax.\u003c/li\u003e\n\u003cli\u003eNovember 21, 2012: I get FreeBSD added to the AWS Marketplace.\u003c/li\u003e\n\u003cli\u003eOctober 2, 2013: I finish merging kernel patches into the FreeBSD base system, and rework the AMI build (again) so that FreeBSD 10.0-ALPHA4 and later use bits extracted from the release ISOs for the entire system (world + kernel). FreeBSD Update can now be used for updating everything (because now FreeBSD/EC2 uses a GENERIC kernel).\u003c/li\u003e\n\u003cli\u003eOctober 27, 2013: I add code to EC2 images so that FreeBSD 10.0-BETA2 and later AMIs will run FreeBSD Update when they first boot in order to download and install any critical updates.\u003c/li\u003e\n\u003cli\u003eDecember 1, 2013: I add code to EC2 images so that FreeBSD 10.0-BETA4 and later AMIs bootstrap the pkg tool and install packages at boot time (by default, the \u0026quot;awscli\u0026quot; package).\u003c/li\u003e\n\u003cli\u003eDecember 9, 2013: I add configinit to FreeBSD 10.0-RC1 and later to allow systems to be easily configured via EC2 user-data.\u003c/li\u003e\n\u003cli\u003eJuly 1, 2014: Amazon launches the \u0026quot;T2\u0026quot; family of instances; now the most modern family for every type of EC2 instance (regular, high-memory, high-CPU, high-I/O, burstable) supports HVM and there should no longer be any need for FreeBSD users to pay the \u0026quot;Windows tax\u0026quot;.\u003c/li\u003e\n\u003cli\u003eNovember 24, 2014: I add code to FreeBSD 10.2 and later to automatically resize their root filesystems when they first boot; this means that a larger root disk can be specified at instance launch time and everything will work as expected.\u003c/li\u003e\n\u003cli\u003eApril 1, 2015: I integrate the FreeBSD/EC2 build process into the FreeBSD release building process; FreeBSD 10.2-BETA1 and later AMIs are built by the FreeBSD release engineering team.\u003c/li\u003e\n\u003cli\u003eJanuary 12, 2016: I enable Intel 82599-based \u0026quot;first generation EC2 Enhanced Networking\u0026quot; in FreeBSD 11.0 and later.\u003c/li\u003e\n\u003cli\u003eJune 9, 2016: I enable the new EC2 VGA console functionality in FreeBSD 11.0 and later. (The old serial console also continues to work.)\u003c/li\u003e\n\u003cli\u003eJune 24, 2016: Intel 82599-based Enhanced Networking works reliably in FreeBSD 11.0 and later thanks to discovering and working around a Xen bug.\u003c/li\u003e\n\u003cli\u003eJune 29, 2016: I improve throughput on Xen blkfront devices (/dev/xbd*) by enabling indirect segment I/Os in FreeBSD 10.4 and later. (I wrote this functionality in July 2015, but left it disabled by default a first because a bug in EC2 caused it to hurt performance on some instances.)\u003c/li\u003e\n\u003cli\u003eJuly 7, 2016: I fix a bug in FreeBSD\u0026#39;s virtual memory initialization in order to allow it to support boot with 128 CPUs; aka. FreeBSD 11.0 and later support the EC2 x1.32xlarge instance type.\u003c/li\u003e\n\u003cli\u003eJanuary 26, 2017: I change the default configuration in FreeBSD 11.1 and later to support EC2\u0026#39;s IPv6 networking setup out of the box (once you flip all of the necessary switches to enable IPv6 in EC2 itself).\u003c/li\u003e\n\u003cli\u003eMay 20, 2017: In collaboration with Rick Macklem, I make FreeBSD 11.1 and later compatible with the Amazon \u0026quot;Elastic File System\u0026quot; (aka. NFSv4-as-a-service) via the newly added \u0026quot;oneopenown\u0026quot; mount option (and lots of bug fixes).\u003c/li\u003e\n\u003cli\u003eMay 25, 2017: I enable support for the Amazon \u0026quot;Elastic Network Adapter\u0026quot; in FreeBSD 11.1 and later. (The vast majority of the work — porting the driver code — was done by Semihalf with sponsorship from Amazon.)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDecember 5, 2017: I change the default configuration in FreeBSD 11.2 and later to make use of the Amazon Time Sync Service (aka. NTP-as-a-service).\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe current status\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe upcoming FreeBSD release (11.2) supports: IPv6, Enhanced Networking (both generations), Amazon Elastic File System, Amazon Time Sync Service, both consoles (Serial VGA), and every EC2 instance type (although I\u0026#39;m not sure if FreeBSD has drivers to make use of the FPGA or GPU hardware on those instances).\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.patreon.com/cperciva\" rel=\"nofollow\"\u003eColin\u0026#39;s Patreon\u0026#39; page if you\u0026#39;d like to support him\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eX network transparency\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/XNetworkTransparencyFailure\" rel=\"nofollow\"\u003eX\u0026#39;s network transparency has wound up mostly being a failure\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was recently reading Mark Dominus\u0026#39;s entry about some X keyboard problems, in which he said in passing (quoting himself):\u003c/p\u003e\n\n\u003cp\u003eI have been wondering for years if X\u0026#39;s vaunted network transparency was as big a failure as it seemed: an interesting idea, worth trying out, but one that eventually turned out to be more trouble than it was worth. [...]\u003c/p\u003e\n\n\u003cp\u003eMy first reaction was to bristle, because I use X\u0026#39;s network transparency all of the time at work. I have several programs to make it work very smoothly, and some core portions of my environment would be basically impossible without it. But there\u0026#39;s a big qualification on my use of X\u0026#39;s network transparency, namely that it\u0026#39;s essentially all for text. When I occasionally go outside of this all-text environment of xterms and emacs and so on, it doesn\u0026#39;t go as well.\u003c/p\u003e\n\n\u003cp\u003eX\u0026#39;s network transparency was not designed as \u0026#39;it will run xterm well\u0026#39;; originally it was to be something that should let you run almost everything remotely, providing a full environment. Even apart from the practical issues covered in Daniel Stone\u0026#39;s slide presentation, it\u0026#39;s clear that it\u0026#39;s been years since X could deliver a real first class environment over the network. You cannot operate with X over the network in the same way that you do locally. Trying to do so is painful and involves many things that either don\u0026#39;t work at all or perform so badly that you don\u0026#39;t want to use them.\u003c/p\u003e\n\n\u003cp\u003eIn my view, there are two things that did in general X network transparency. The first is that networks turned out to not be fast enough even for ordinary things that people wanted to do, at least not the way that X used them. The obvious case is web browsers; once the web moved to lots of images and worse, video, that was pretty much it, especially with 24-bit colour.\u003c/p\u003e\n\n\u003cp\u003e(It\u0026#39;s obviously not impossible to deliver video across the network with good performance, since YouTube and everyone else does it. But their video is highly encoded in specialized formats, not handled by any sort of general \u0026#39;send successive images to the display\u0026#39; system.)\u003c/p\u003e\n\n\u003cp\u003eThe second is that the communication facilities that X provided were too narrow and limited. This forced people to go outside of them in order to do all sorts of things, starting with audio and moving on to things like DBus and other ways of coordinating environments, handling sophisticated configuration systems, modern fonts, and so on. When people designed these additional communication protocols, the result generally wasn\u0026#39;t something that could be used over the network (especially not without a bunch of setup work that you had to do in addition to remote X). Basic X clients that use X properties for everything may be genuinely network transparent, but there are very few of those left these days. (Not even xterm is any more, at least if you use XFT fonts. XFT fonts are rendered in the client, and so different hosts may have different renderings of the same thing, cf.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u0026lt; What remains of X\u0026#39;s network transparency is still useful to some of us, but it\u0026#39;s only a shadow of what the original design aimed for. I don\u0026#39;t think it was a mistake for X to specifically design it in (to the extent that they did, which is less than you might think), and it did help X out pragmatically in the days of X terminals, but that\u0026#39;s mostly it.\u003c/p\u003e\n\n\u003cp\u003e(I continue to think that remote display protocols are useful in general, but I\u0026#39;m in an usual situation. Most people only ever interact with remote machines with either text mode SSH or a browser talking to a web server on the remote machine.)\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePS: The X protocol issues with synchronous requests that Daniel Stone talks about don\u0026#39;t help the situation, but I think that even with those edges sanded off X\u0026#39;s network transparency wouldn\u0026#39;t be a success. Arguably X\u0026#39;s protocol model committed a lesser version of part of the NeWS mistake.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/XFreeNetworkTransparency\" rel=\"nofollow\"\u003eX\u0026#39;s network transparency was basically free at the time\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recently wrote an entry about how X\u0026#39;s network transparency has wound up mostly being a failure for various reasons. However, there is an important flipside to the story of X\u0026#39;s network transparency, and that is that X\u0026#39;s network transparency was almost free at the time and in the context it was created. Unlike the situation today, in the beginning X did not have to give up lots of performance or other things in order to get network transparency.\u003c/p\u003e\n\n\u003cp\u003eX originated in the mid 1980s and it was explicitly created to be portable across various Unixes, especially BSD-derived ones (because those were what universities were mostly using at that time). In the mid to late 1980s, Unix had very few IPC methods, especially portable ones. In particular, BSD systems did not have shared memory (it was called \u0026#39;System V IPC\u0026#39; for the obvious reasons). BSD had TCP and Unix sockets, some System V machines had TCP (and you could likely assume that more would get it), and in general your safest bet was to assume some sort of abstract stream protocol and then allow for switchable concrete backends. Unsurprisingly, this is exactly what X did; the core protocol is defined as a bidirectional stream of bytes over an abstracted channel. (And the concrete implementation of $DISPLAY has always let you specify the transport mechanism, as well as allowing your local system to pick the best mechanism it has.)\u003c/p\u003e\n\n\u003cp\u003eOnce you\u0026#39;ve decided that your protocol has to run over abstracted streams, it\u0026#39;s not that much more work to make it network transparent (TCP provides streams, after all). X could have refused to make the byte order of the stream clear or required the server and the client to have access to some shared files (eg for fonts), but I don\u0026#39;t think either would have been a particularly big win. I\u0026#39;m sure that it took some extra effort and care to make X work across TCP from a different machine, but I don\u0026#39;t think it took very much. (At the same time, my explanation here is probably a bit ahistorical. X\u0026#39;s initial development seems relatively strongly tied to sometimes having clients on different machines than the display, which is not unreasonable for the era. But it doesn\u0026#39;t hurt to get a feature that you want anyway for a low cost.)\u003c/p\u003e\n\n\u003cp\u003eI believe it\u0026#39;s important here that X was intended to be portable across different Unixes. If you don\u0026#39;t care about portability and can get changes made to your Unix, you can do better (for example, you can add some sort of shared memory or process to process virtual memory transfer). I\u0026#39;m not sure how the 1980s versions of SunView worked, but I believe they were very SunOS dependent. Wikipedia says SunView was partly implemented in the kernel, which is certainly one way to both share memory and speed things up.\u003c/p\u003e\n\n\u003cp\u003ePS: Sharing memory through mmap() and friends was years in the future at this point and required significant changes when it arrived.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/grace-hopper-celebration-2018-call-for-participation/\" rel=\"nofollow\"\u003eGrace Hopper Celebration 2018 Call for Participation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/google-summer-of-code-call-for-project-ideas/\" rel=\"nofollow\"\u003eGoogle Summer of Code: Call for Project Ideas\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180129190641\" rel=\"nofollow\"\u003eThe OpenBSD Foundation 2018 Fundraising Campaign\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3115\" rel=\"nofollow\"\u003eSSH Mastery 2/e out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.asiabsdcon.org/\" rel=\"nofollow\"\u003eAsiaBSDcon 2018 Registration is open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail.tarsnap.com/tarsnap-announce/msg00042.html\" rel=\"nofollow\"\u003eTarsnap support for Bitcoin ending April 1st; and a Chrome bug\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTodd - \u003ca href=\"http://dpaste.com/195HGHY#wrap\" rel=\"nofollow\"\u003eCouple Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSeth - \u003ca href=\"http://dpaste.com/1N7NQVQ#wrap\" rel=\"nofollow\"\u003eTar Snap\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlex - \u003ca href=\"http://dpaste.com/3D9P1DW#wrap\" rel=\"nofollow\"\u003esudo question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThomas - \u003ca href=\"http://dpaste.com/24NMG47#wrap\" rel=\"nofollow\"\u003eFreeBSD on ARM?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlbert - \u003ca href=\"http://dpaste.com/373CRX7#wrap\" rel=\"nofollow\"\u003eAustria BSD User Group\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"We explain the physics behind ZFS, DTrace switching to the GPL, Emacs debugging, syncookies coming to PF \u0026 FreeBSD’s history on EC2.","date_published":"2018-02-14T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5647e1f4-9a10-426a-bb98-165793302cb3.mp3","mime_type":"audio/mpeg","size_in_bytes":79804372,"duration_in_seconds":6650}]},{"id":"2246fb14-61bb-4387-942b-f8ba55f48deb","title":"232: FOSDEM 2018","url":"https://www.bsdnow.tv/232","content_text":"We talk about our recent trip to FOSDEM, we discuss the pros and cons of permissive licensing, cover the installation of OpenBSD on a dedibox with full-disk encryption, the new Lumina guide repository, and we explain ZFS vs. OpenZFS.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\n[FOSDEM Trip report]\n\n\nYour BSDNow hosts were both at FOSDEM in Brussels, Belgium over the weekend.\nOn the friday before FOSDEM, we held a FreeBSD devsummit (3rd consecutive year), sponsored by the FreeBSD Foundation and organized by Benedict (with the help from Kristof Provost, who did it in previous years but could not make it this year). We had 21 people attend, a good mixture of FreeBSD committers (mostly ports) and guests. After introductions, we collected topics and discussed various topics, including a new plan for a future FreeBSD release roadmap (more frequent releases, so that features from HEAD can be tried out earlier in RELEASES). The devsummit concluded with a nice dinner in a nearby restaurant.\nOn Saturday, first day of FOSDEM, we set up the FreeBSD Foundation table with flyers, stickers, FreeBSD Journal print editions, and a small RPI 3 demo system that Deb Goodkin brought. Our table was located next to the Illumos table like last year. This allowed us to continue the good relationship that we have with the Illumos people and Allan helped a little bit getting bhyve to run on Illumos with UEFI. Meanwhile, our table was visited by a lot of people who would ask questions about FreeBSD, take info material, or talk about their use cases. We were busy refilling the table throughout the day and luckily, we had many helpers at the table. Some items we had ran out in the early afternoon, an indicator of how popular they were.\nSaturday also featured a BSD devroom, organized by Rodrigo Osorio. You can find the list of talks and the recordings on the BSD Devroom schedule. The room was very crowded and popular. Deb Goodkin gave the opening talk with an overview of what the Foundation is doing to change the world. Other speakers from various BSD projects presented their talks after that with a range of topics. Among them, Allan gave his talk about ZFS: Advanced Integration, while Benedict presented his Reflections on Teaching a Unix Class With FreeBSD.\nSunday was just as busy on the FreeBSD table as Saturday and we finally ran out of stickers and some other goodies. We were happy with the results of the two days. Some very interesting conversations at the table about FreeBSD took place, some of which we’re going to follow up afterwards.\nCheck out the FOSDEM schedule as many talk recordings are already available, and especially the ones from the BSD devroom if you could not attend the conference. We would like to thank everyone who attended the FreeBSD devsummit, who helped out at the FreeBSD table and organized the BSD devroom. Also, thanks to all the speakers, organizers, and helping hands making FOSDEM another success this year.\n***\n\n\nNetBSD kernel wscons IOCTL vulnerable bug class\n\n\nI discovered this bug class during the InfoSect public code review session we ran looking specifically at the NetBSD kernel. I found a couple of these bugs and then after the session was complete, I went back and realised the same bug was scattered in other drivers. In total, 17 instances of this vulnerability and its variants were discovered.\nIn all fairness, I came across this bug class during my kernel audits in 2002 and most instances were patched. It just seems there are more bugs now in NetBSD while OpenBSD and FreeBSD have practically eliminated them.\n\n\n\nSee slide 41 in http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-cesare.pdf for exactly the same bug (class) 16 years ago.\nThe format of the this blog post is as follows:\nIntroduction\nExample of the Bug Class\nHow to Fix\nHow to Detect Automatically with Coccinelle\nMore Bugs\nConclusion\nThese source files had bugs\n\n\n./dev/tc/tfb.c\n./dev/ic/bt485.c\n./dev/pci/radeonfb.c\n./dev/ic/sti.c\n./dev/sbus/tcx.c\n./dev/tc/mfb.c\n./dev/tc/sfb.c\n./dev/tc/stic.c\n./dev/tc/cfb.c\n./dev/tc/xcfb.c\n./dev/tc/sfbplus.c\n./arch/arm/allwinner/awin_debe.c\n./arch/arm/iomd/vidcvideo.c\n./arch/pmax/ibus/pm.c\n./dev/ic/igfsb.c\n./dev/ic/bt463.c\n./arch/luna68k/dev/lunafb.c\n\n\n\nReporting of the bugs was easy. In less than a week from reporting the specific instances of each bug, patches were committed into the mainline kernel. Thanks to Luke Mewburn from NetBSD for coming to the code review session at InfoSect and coordinating with the NetBSD security team.\n\n\n\nThe patches to fix these issues are in NetBSD: https://mail-index.netbsd.org/source-changes/2018/01/24/msg091428.html\n\n\n\n\n\"Permissive licensing is wrong!” – Is it?\n\n\nA few weeks ago I’ve been attacked by some GNU zealots on a German tech site after speaking in favor of permissive licenses. Unfortunately a discussion was not possible there because that would require the will to actually communicate instead of simply accusing the other side of vile motives. Since I actually do care about this topic and a reader asked for a post about it in comments a while ago, here we go.\n\nThis first part tries to sum up the most important things around the topic. I deliberately aim for an objective overview that tries not to be one-sided. The second part will then contain my points in defence of permissive licensing.\n\n\n\nWhy license software at all?\n\n\nLicenses exist for reasons of protection. If you’re the author/inventor of some software, a story or whatever product, you get to decide what to do with it. You can keep it for yourself or you can give it away. If you decide for the latter, you have to decide who may use it and in which way(s). In case you intend to give it to a (potentially) large group of people, you may not want to be asked for permission to xyz by everybody. That’s when you decide to write a license which states what you are allowing and explicitly disallowing.\nMost of the well-known commercial licenses focus on what you’re not allowed to do (usually things like copying, disassembling, etc.). Open source licenses on the other hand are meant to grant the user rights (e.g. the right to distribute) while reserving some rights or only giving permission under certain conditions – and they usually make you claim responsibility for using the software. For these reasons licenses can actually be a good thing!\nIf you got an unlicensed piece of code, you’re not legally allowed to do anything with it without getting the author’s permission first. And even if you got that permission, your project would be risky, since the author can withdraw it later. A proper license protects both parties. The author doesn’t get his mail account full of email asking for permission, he’s save from legal trouble if his code breaks anything for you and at the same time you have legal certainty when you decide to put the code to long-term use.\n\nPermissive vs. Copyleft (in a nutshell)\n\n\n\nIn short terms, permissive licensing usually goes like this: “Here you are, have fun. Oh, and don’t sue me if it does something else than what you expect!” Yes, it’s that easy and there’s little to dispute over.\nCopyleft on the other side sounds like this (if you ask somebody in favor of Copyleft): “Sure, you can use it, it’s free. Just keep it free, ok?”. Also quite simple. And not too bad, eh? Other people however read the same thing like this: “Yes, you’re free to use it. Just read these ten pages of legalese and be dead certain that you comply. If you got something wrong, we will absolutely make you regret it.”\n\n\n\nThe GNU Public license (GPL)\n\n\n\nThe most popular copyleft license in use is the GPL (in various versions). It got more and more complex with each version – and to be fair, it had to, because it was necessary to react to new threats and loop holes that were found later. The GNU project states that they are committed to protect what they call the four freedoms of free software:\n\n\nthe freedom to use the software for any purpose\nthe freedom to change the software to suit your needs\nthe freedom to share the software with your friends and neighbors\nthe freedom to share the changes you make\n\n\n\nThese are freedoms that every supporter of open source software should be able to agree with. So what’s the deal with all the hostility and fighting between the two camps? Let’s take a look at a permissive license, too.\n\n\n\nThe BSD license\n\n\n\nUnlike the GPL, the BSD family of licenses begun with a rather simple license that span four rules (“original BSD license”). It was later revised and reduced to three (“modified BSD license”). And the modern BSD license that e.g. FreeBSD uses is even just two (“simplified BSD license”).\n\nDid you read the GPLv3 that I linked to above? If you are using GPL’d code you really should. In case you don’t feel like reading all of it, at least take a look and grasp how long that text is. Now compare it to the complete modern BSD license.\n\n\n\nWhat’s the problem?\n\n\n\nThere are essentially two problems that cause all the trouble. The first one is the question of what should be subject to the freedom that we’re talking about. And closely related, the second one is where that freedom needs to end.\n\nIronically both camps claim that freedom is the one important thing and it must not be restricted. The GPL is meant to protect the freedom of the software and enforces the availability of the source code, hence limiting the freedom of actual persons. BSD on the other hand is meant to protect the freedom of human beings who should be able to use the software as they see fit – even if that means closing down former open source code!\n\nThe GNU camp taunts permissive licenses as being “lax” for not providing the protection that they want. The other camp points out that the GPL is a complex monster and that it is virulent in nature: Since it’s very strict in a lot of areas, it’s incompatible with many other licenses. This makes it complicated to mix GPL and non-GPL code and in the cases where it’s legally possible, the GPL’s terms will take precedence and necessarily be in effect for the whole combined work.\n\n\n\nWho’s right?\n\n\n\nThat totally depends on what you want to achieve. There are pros and cons to both – and in fact we’re only looking at the big picture here. There’s also e.g. the Apache license which is often deemed as kind of middle ground. Then you may want to consider the difference between weak (e.g. LGPL) as well as strong copyleft (GPL). Licensing is a potentially huge topic. But let’s keep it simple here because the exact details are actually not necessary to understand the essence of our topic.\n\nIn the next post I’ll present my stance on why permissive licensing is a good thing and copyleft is more problematic than many people may think.\n\n\n\n“Permissive licensing is wrong?” – No it’s not!\n\n\n\nThe previous post gave a short introduction into the topic of software licenses, focusing on the GPL vs. BSD discussion. This one is basically my response to some typical arguments I’ve seen from people who seem to loathe permissive licensing. I’ll write this in dialog style, hoping that this makes it a little lighter to read.\n\n\n\n\nRoundup\n\nInstall OpenBSD on dedibox with full-disk encryption\n\n\nTL;DR:\n\n\n\nI run several \"dedibox\" servers at online.net, all powered by OpenBSD. OpenBSD is not officially supported so you have to work-around. Running full-disk encrypted OpenBSD there is a piece of cake. As a bonus, my first steps within a brand new booted machine ;-)\n\n\n\nStep #0: choosing your server\n\n\n\nOpenBSD is not officially supported, I can’t guarantee that this will work for you on any kind of server online.net provides, however I’ve been running https://poolp.org on OpenBSD there since 2008, only switching machines as they were getting a bit old and new offers came up.\n\nCurrently, I’m running two SC 2016 (SATA) and one XC 2016 (SSD) boxes, all three running OpenBSD reliably ever since I installed them.\n\nRecently I’ve been willing to reinstall the XC one after I did some experiments that turned it into a FrankenBSD, so this was the right occasion to document how I do it for future references.\n\nI wrote an article similar to this a few years ago relying on qemu to install to the disk, since then online.net provided access to a virtual serial console accessed within the browser, making it much more convenient to install without the qemu indirection which hid the NIC devices and disks duid and required tricks.\n\nThe method I currently use is a mix and adaptation from the techniques described in https://www.2f30.org/guides/openbsd-dedibox.html to boot the installer, and the technique described in https://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption.html to setup the crypto slice.\n\n\n\nStep #1: boot to rescue mode\nStep #2: boot to the installer\nStep #3: prepare softraid\nStep #4: reboot to encrypted OpenBSD system\nBonus: further tightening your system\nenable doas\ndisable the root account\nupdate system with syspatch\nadd my ssh public key to my ~/.ssh/authorized_keys\ndisable password authentication within ssh\nreboot so you boot on a brand new up-to-date system with latest stable kernel\nVOILA !\n\n\n\n\nJanuary 2018 Development Projects Update\n\n\nSpectre and Meltdown in FreeBSD\n\n\n\nIssues affecting most CPUs used in servers, desktops, laptops, and mobile devices are in the news. These hardware vulnerabilities, known by the code-names “Meltdown” and “Spectre”, allow malicious programs to read data to which they should not have access. This potentially includes credentials, cryptographic material, or other secrets. They were originally identified by a researcher from Google’s Project Zero, and were also independently discovered by researchers and academics from Cyberus Technology, Graz University of Technology, the University of Pennsylvania, the University of Maryland, Rambus, the University of Adelaide and Data61.\n\nThese vulnerabilities affect many CPU architectures supported by FreeBSD, but the 64-bit x86 family of processors from Intel and AMD are the most widely used, and are a high priority for software changes to mitigate the effects of Meltdown and Spectre. In particular, the Meltdown issue affects Intel CPUs and may be used to extract secret data from the running kernel, and therefore, is the most important issue to address.\n\nThe FreeBSD Foundation collaborates with Intel, and under this relationship participated in a briefing to understand the details of these issues and plan the mitigations to be applied to the x86 architectures supported by FreeBSD. We also made arrangements to have FreeBSD’s security officer join me in the briefing. It is through the generous support of the Foundation’s donors that we are able to dedicate resources to focus on these issues on demand as they arise.\n\nFoundation staff member Konstantin (Kostik) Belousov is an expert on FreeBSD’s Virtual Memory (VM) system as well as low-level x86 details, and is developing the x86 kernel mitigations for FreeBSD.\n\nThe mitigation for Meltdown is known as Page Table Isolation (PTI). Kostik created a PTI implementation which was initially committed in mid-January and is available in the FreeBSD-CURRENT development repository. This is the same approach used by the Linux kernel to mitigate Meltdown.\n\nOne of the drawbacks of the PTI mitigation is that it incurs a performance regression. Kostik recently reworked FreeBSD’s use of Process-Context Identifiers (PCID) in order to regain some of the performance loss incurred by PTI. This change is also now available in FreeBSD-CURRENT.\n\nThe issue known as Spectre comes in two variants, and variant 2 is the more troubling and pressing one. It may be mitigated in one of two ways: by using a technique called “retpoline” in the compiler, or by making use of a CPU feature introduced in a processor microcode update. Both options are under active development. Kostik’s change to implement the CPU-based mitigation is currently in review. Unfortunately, it introduces a significant performance penalty and alternatives are preferred, if available.\n\nFor most cases, the compiler-based retpoline mitigation is likely to be the chosen mitigation. Having switched to the Clang compiler for the base system and most of the ports collection some years ago, FreeBSD is well-positioned to deploy Clang-based mitigations. FreeBSD developer Dimitry Andric is spearheading the update of Clang/LLVM in FreeBSD to version 6.0 in anticipation of its official release; FreeBSD-CURRENT now includes an interim snapshot. I have been assisting with the import, particularly with respect to LLVM’s lld linker, and will support the integration of retpoline. This support is expected to be merged into FreeBSD in the coming weeks.\n\nThe Foundation’s co-op students have also participated in the response to these vulnerabilities. Mitchell Horne developed the patch to control the PTI mitigation default setting, while Arshan Khanifar benchmarked the performance impact of the in-progress mitigation patches. In addition, Arshan and Mitchell each developed changes to FreeBSD’s tool chain to support the full set of mitigations that will be applied.\n\nThese mitigations will continue be tested, benchmarked, and refined in FreeBSD-CURRENT before being merged into stable branches and then being made available as updates to FreeBSD releases. Details on the timing of these merges and releases will be shared as they become available.\n\nI would like to acknowledge all of those in the FreeBSD community who have participated in FreeBSD’s response to Meltdown and Spectre, for testing, reviewing, and coordinating x86 mitigations, for developing mitigations for other processor architectures and for the Bhyve hypervisor, and for working on the toolchain-based mitigations.\n\n\n\n\nGuides: Getting Started \u0026amp; Lumina Theme Submissions\n\n\nI am pleased to announce the beginning of a new sub-series of blog posts for the Lumina project: Guides!\n\nThe TrueOS/Lumina projects want to support our users as they use Lumina or experiment with TrueOS. To that end, we’ve recently set up a central repository for our users to share instructions or other “how-to” guides with each other! Project developers and contributors will also submit guides to the repository on occasion, but the overall goal is to provide a simple hub for instructions written by any Lumina or TrueOS user. This will make it easier for users to not only find a “how-to” for some procedure, but also a very easy way to “give back” to the community by writing simple instructions or more detailed guides.\n\n\n\nGuides Repository\n\n\n\nOur first guide to get the whole thing started was created by the TrueOS Linebacker  (with technical assistance from our own q5sys). In this guide, Terry Tate will walk you through the steps necessary to submit new wallpaper images to the Lumina Themes collection. This procedure is fully documented with screenshots every step of the way, walking you through a simple procedure that only requires a web browser and a Github account!\n\n\n\nGuide: Lumina Themes Submissions\n\n\n\nThe end result of this guide was that Terry Tate was able to submit this cool new “Lunar-4K” wallpaper to the “lumina-nature” collection.\n\n\n\nTrueOS Community Guides\n\n\n\n\nZFS vs. OpenZFS (by Michael Dexter)\n\n\nYou’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. Our Senior Analyst clears up what ZFS and OpenZFS refer to and how they differ.\nI admit that we geeks tend to get caught up in the nuts and bolts of enterprise storage and overlook the more obvious questions that users might have. You’ve probably noticed that this blog and the FreeNAS blog refer to “ZFS” and “OpenZFS” seemingly at random when talking about the amazing file system at the heart of FreeNAS and every storage product that iXsystems sells. I will do my best to clarify what exactly these two terms refer to.\nFrom its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS \u0026amp; you should too” or try a completely-graphical ZFS experience with FreeNAS.\nYes, ZFS is really as good as people say it is.\nAfter enjoying nearly a decade of refinement by a growing group of developers around the world, ZFS became the property of database vendor Oracle, which ceased public development of both ZFS and OpenSolaris in 2010. Disappointed but undeterred, a group of OpenSolaris users and developers forked the last public release of OpenSolaris as the Illumos project. To this day, Illumos represents the official upstream home of the Open Source OpenSolaris technologies, including ZFS. The Illumos project enjoys healthy vendor and user participation but the portable nature and compelling features of ZFS soon produced far more ZFS users than Illumos users around the world. While most if not all users of Illumos and its derivatives are ZFS users, the majority of ZFS users are not Illumos users, thanks significantly in part to FreeNAS which uses the FreeBSD operating system. This imbalance plus several successful ZFS Day events led ZFS co-founder Matt Ahrens and a group of ZFS developers to announce the OpenZFS project, which would remain a part of the Illumos code base but would be free to coordinate development efforts and events around their favorite file system. ZFS Day has grown into the two-day OpenZFS Developer Summit and is stronger than ever, a testament to the passion and dedication of the OpenZFS community.\nOracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.\n\n\n\n\nBeastie Bits\n\n\nExplaining Shell\nOPNsense® 18.1 Released\n“SSH Mastery 2/e” copyedits back\nSponsoring a Scam\nThursday, February 8, 2018 - Come to Netflix to talk about FreeBSD\nBSD User Group meeting in Stockholm: March 22, 17:30 - 21:00\nFreeBSD Flavoured talks from Linux.conf.au: You can’t unit test C, right? and A Brief History of I/O\nEuroBSDcon 2018 website is up\nFull day bhyvecon Tokyo, Japan, March 9, 2018\n***\n\n\nFeedback/Questions\n\n\nThomas - freebsd installer improvements\nMohammad - FreeBSD 11 installation from a read only rescue disk\nStan - Follow up on guide you covered\nJalal - couple questions\n\n\n","content_html":"\u003cp\u003eWe talk about our recent trip to FOSDEM, we discuss the pros and cons of permissive licensing, cover the installation of OpenBSD on a dedibox with full-disk encryption, the new Lumina guide repository, and we explain ZFS vs. OpenZFS.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e[FOSDEM Trip report]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYour BSDNow hosts were both at FOSDEM in Brussels, Belgium over the weekend.\u003c/li\u003e\n\u003cli\u003eOn the friday before FOSDEM, we held a FreeBSD devsummit (3rd consecutive year), sponsored by the FreeBSD Foundation and organized by Benedict (with the help from Kristof Provost, who did it in previous years but could not make it this year). We had 21 people attend, a good mixture of FreeBSD committers (mostly ports) and guests. After introductions, we collected topics and discussed various topics, including a new plan for a future FreeBSD release roadmap (more frequent releases, so that features from HEAD can be tried out earlier in RELEASES). The devsummit concluded with a nice dinner in a nearby restaurant.\u003c/li\u003e\n\u003cli\u003eOn Saturday, first day of FOSDEM, we set up the FreeBSD Foundation table with flyers, stickers, FreeBSD Journal print editions, and a small RPI 3 demo system that Deb Goodkin brought. Our table was located next to the Illumos table like last year. This allowed us to continue the good relationship that we have with the Illumos people and Allan helped a little bit getting bhyve to run on Illumos with UEFI. Meanwhile, our table was visited by a lot of people who would ask questions about FreeBSD, take info material, or talk about their use cases. We were busy refilling the table throughout the day and luckily, we had many helpers at the table. Some items we had ran out in the early afternoon, an indicator of how popular they were.\u003c/li\u003e\n\u003cli\u003eSaturday also featured a \u003ca href=\"https://twitter.com/fosdembsd\" rel=\"nofollow\"\u003eBSD devroom\u003c/a\u003e, organized by Rodrigo Osorio. You can find the list of talks and the recordings on the \u003ca href=\"https://fosdem.org/2018/schedule/track/bsd/\" rel=\"nofollow\"\u003eBSD Devroom schedule\u003c/a\u003e. The room was very crowded and popular. Deb Goodkin gave the opening talk with an overview of what the Foundation is doing to change the world. Other speakers from various BSD projects presented their talks after that with a range of topics. Among them, Allan gave his talk about \u003ca href=\"https://fosdem.org/2018/schedule/event/zfs_advanced_integration/\" rel=\"nofollow\"\u003eZFS: Advanced Integration\u003c/a\u003e, while Benedict presented his \u003ca href=\"https://fosdem.org/2018/schedule/event/reflections_on_reaching_unix_class_with_freebsd/\" rel=\"nofollow\"\u003eReflections on Teaching a Unix Class With FreeBSD\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSunday was just as busy on the FreeBSD table as Saturday and we finally ran out of stickers and some other goodies. We were happy with the results of the two days. Some very interesting conversations at the table about FreeBSD took place, some of which we’re going to follow up afterwards.\u003c/li\u003e\n\u003cli\u003eCheck out the FOSDEM schedule as many talk recordings are already available, and especially the ones from the BSD devroom if you could not attend the conference. We would like to thank everyone who attended the FreeBSD devsummit, who helped out at the FreeBSD table and organized the BSD devroom. Also, thanks to all the speakers, organizers, and helping hands making FOSDEM another success this year.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.infosectcbr.com.au/2018/01/netbsd-kernel-wscons-ioctl-vulnerable.html\" rel=\"nofollow\"\u003eNetBSD kernel wscons IOCTL vulnerable bug class\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI discovered this bug class during the InfoSect public code review session we ran looking specifically at the NetBSD kernel. I found a couple of these bugs and then after the session was complete, I went back and realised the same bug was scattered in other drivers. In total, 17 instances of this vulnerability and its variants were discovered.\u003cbr\u003e\nIn all fairness, I came across this bug class during my kernel audits in 2002 and most instances were patched. It just seems there are more bugs now in NetBSD while OpenBSD and FreeBSD have practically eliminated them.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSee slide 41 in \u003ca href=\"http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-cesare.pdf\" rel=\"nofollow\"\u003ehttp://www.blackhat.com/presentations/bh-usa-03/bh-us-03-cesare.pdf\u003c/a\u003e for exactly the same bug (class) 16 years ago.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe format of the this blog post is as follows:\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIntroduction\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eExample of the Bug Class\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHow to Fix\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHow to Detect Automatically with Coccinelle\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMore Bugs\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eConclusion\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThese source files had bugs\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e./dev/tc/tfb.c\n./dev/ic/bt485.c\n./dev/pci/radeonfb.c\n./dev/ic/sti.c\n./dev/sbus/tcx.c\n./dev/tc/mfb.c\n./dev/tc/sfb.c\n./dev/tc/stic.c\n./dev/tc/cfb.c\n./dev/tc/xcfb.c\n./dev/tc/sfbplus.c\n./arch/arm/allwinner/awin_debe.c\n./arch/arm/iomd/vidcvideo.c\n./arch/pmax/ibus/pm.c\n./dev/ic/igfsb.c\n./dev/ic/bt463.c\n./arch/luna68k/dev/lunafb.c\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eReporting of the bugs was easy. In less than a week from reporting the specific instances of each bug, patches were committed into the mainline kernel. Thanks to Luke Mewburn from NetBSD for coming to the code review session at InfoSect and coordinating with the NetBSD security team.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe patches to fix these issues are in NetBSD: \u003ca href=\"https://mail-index.netbsd.org/source-changes/2018/01/24/msg091428.html\" rel=\"nofollow\"\u003ehttps://mail-index.netbsd.org/source-changes/2018/01/24/msg091428.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/11/25/permissive-licensing-is-wrong-is-it-1-2/\" rel=\"nofollow\"\u003e\u0026quot;Permissive licensing is wrong!” – Is it?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few weeks ago I’ve been attacked by some GNU zealots on a German tech site after speaking in favor of permissive licenses. Unfortunately a discussion was not possible there because that would require the will to actually communicate instead of simply accusing the other side of vile motives. Since I actually do care about this topic and a reader asked for a post about it in comments a while ago, here we go.\u003c/p\u003e\n\n\u003cp\u003eThis first part tries to sum up the most important things around the topic. I deliberately aim for an objective overview that tries not to be one-sided. The second part will then contain my points in defence of permissive licensing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eWhy license software at all?\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLicenses exist for reasons of protection. If you’re the author/inventor of some software, a story or whatever product, you get to decide what to do with it. You can keep it for yourself or you can give it away. If you decide for the latter, you have to decide who may use it and in which way(s). In case you intend to give it to a (potentially) large group of people, you may not want to be asked for permission to xyz by everybody. That’s when you decide to write a license which states what you are allowing and explicitly disallowing.\u003cbr\u003e\nMost of the well-known commercial licenses focus on what you’re not allowed to do (usually things like copying, disassembling, etc.). Open source licenses on the other hand are meant to grant the user rights (e.g. the right to distribute) while reserving some rights or only giving permission under certain conditions – and they usually make you claim responsibility for using the software. For these reasons licenses can actually be a good thing!\u003cbr\u003e\nIf you got an unlicensed piece of code, you’re not legally allowed to do anything with it without getting the author’s permission first. And even if you got that permission, your project would be risky, since the author can withdraw it later. A proper license protects both parties. The author doesn’t get his mail account full of email asking for permission, he’s save from legal trouble if his code breaks anything for you and at the same time you have legal certainty when you decide to put the code to long-term use.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003ePermissive vs. Copyleft (in a nutshell)\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn short terms, permissive licensing usually goes like this: “Here you are, have fun. Oh, and don’t sue me if it does something else than what you expect!” Yes, it’s that easy and there’s little to dispute over.\u003cbr\u003e\nCopyleft on the other side sounds like this (if you ask somebody in favor of Copyleft): “Sure, you can use it, it’s free. Just keep it free, ok?”. Also quite simple. And not too bad, eh? Other people however read the same thing like this: “Yes, you’re free to use it. Just read these ten pages of legalese and be dead certain that you comply. If you got something wrong, we will absolutely make you regret it.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe GNU Public license (GPL)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"https://www.gnu.org/licenses/gpl.html\" rel=\"nofollow\"\u003eThe most popular copyleft license in use is the GPL (in various versions)\u003c/a\u003e. It got more and more complex with each version – and to be fair, it had to, because it was necessary to react to new threats and loop holes that were found later. The GNU project states that they are committed to protect what they call the four freedoms of free software:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003ethe freedom to use the software for any purpose\nthe freedom to change the software to suit your needs\nthe freedom to share the software with your friends and neighbors\nthe freedom to share the changes you make\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese are freedoms that every supporter of open source software should be able to agree with. So what’s the deal with all the hostility and fighting between the two camps? Let’s take a look at a permissive license, too.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe BSD license\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnlike the GPL, the BSD family of licenses begun with a rather simple license that span four rules (“original BSD license”). It was later revised and reduced to three (“modified BSD license”). And the modern BSD license that e.g. FreeBSD uses is even just two (“simplified BSD license”).\u003c/p\u003e\n\n\u003cp\u003eDid you read the GPLv3 that I linked to above? If you are using GPL’d code you really should. In case you don’t feel like reading all of it, at least take a look and grasp how long that text is. \u003ca href=\"https://opensource.org/licenses/bsd-license.php\" rel=\"nofollow\"\u003eNow compare it to the complete modern BSD license\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat’s the problem?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are essentially two problems that cause all the trouble. The first one is the question of what should be subject to the freedom that we’re talking about. And closely related, the second one is where that freedom needs to end.\u003c/p\u003e\n\n\u003cp\u003eIronically both camps claim that freedom is the one important thing and it must not be restricted. The GPL is meant to protect the freedom of the software and enforces the availability of the source code, hence limiting the freedom of actual persons. BSD on the other hand is meant to protect the freedom of human beings who should be able to use the software as they see fit – even if that means closing down former open source code!\u003c/p\u003e\n\n\u003cp\u003eThe GNU camp taunts permissive licenses as being “lax” for not providing the protection that they want. The other camp points out that the GPL is a complex monster and that it is virulent in nature: Since it’s very strict in a lot of areas, it’s incompatible with many other licenses. This makes it complicated to mix GPL and non-GPL code and in the cases where it’s legally possible, the GPL’s terms will take precedence and necessarily be in effect for the whole combined work.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWho’s right?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThat totally depends on what you want to achieve. There are pros and cons to both – and in fact we’re only looking at the big picture here. There’s also e.g. the Apache license which is often deemed as kind of middle ground. Then you may want to consider the difference between weak (e.g. LGPL) as well as strong copyleft (GPL). Licensing is a potentially huge topic. But let’s keep it simple here because the exact details are actually not necessary to understand the essence of our topic.\u003c/p\u003e\n\n\u003cp\u003eIn the next post I’ll present my stance on why permissive licensing is a good thing and copyleft is more problematic than many people may think.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2018/01/25/permissive-licensing-is-wrong-no-its-not-2-2/\" rel=\"nofollow\"\u003e“Permissive licensing is wrong?” – No it’s not!\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe previous post gave a short introduction into the topic of software licenses, focusing on the GPL vs. BSD discussion. This one is basically my response to some typical arguments I’ve seen from people who seem to loathe permissive licensing. I’ll write this in dialog style, hoping that this makes it a little lighter to read.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eRoundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://poolp.org/posts/2018-01-29/install-openbsd-on-dedibox-with-full-disk-encryption/\" rel=\"nofollow\"\u003eInstall OpenBSD on dedibox with full-disk encryption\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTL;DR:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI run several \u0026quot;dedibox\u0026quot; servers at online.net, all powered by OpenBSD. OpenBSD is not officially supported so you have to work-around. Running full-disk encrypted OpenBSD there is a piece of cake. As a bonus, my first steps within a brand new booted machine ;-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eStep #0: choosing your server\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD is not officially supported, I can’t guarantee that this will work for you on any kind of server online.net provides, however I’ve been running \u003ca href=\"https://poolp.org\" rel=\"nofollow\"\u003ehttps://poolp.org\u003c/a\u003e on OpenBSD there since 2008, only switching machines as they were getting a bit old and new offers came up.\u003c/p\u003e\n\n\u003cp\u003eCurrently, I’m running two SC 2016 (SATA) and one XC 2016 (SSD) boxes, all three running OpenBSD reliably ever since I installed them.\u003c/p\u003e\n\n\u003cp\u003eRecently I’ve been willing to reinstall the XC one after I did some experiments that turned it into a FrankenBSD, so this was the right occasion to document how I do it for future references.\u003c/p\u003e\n\n\u003cp\u003eI wrote an article similar to this a few years ago relying on qemu to install to the disk, since then online.net provided access to a virtual serial console accessed within the browser, making it much more convenient to install without the qemu indirection which hid the NIC devices and disks duid and required tricks.\u003c/p\u003e\n\n\u003cp\u003eThe method I currently use is a mix and adaptation from the techniques described in \u003ca href=\"https://www.2f30.org/guides/openbsd-dedibox.html\" rel=\"nofollow\"\u003ehttps://www.2f30.org/guides/openbsd-dedibox.html\u003c/a\u003e to boot the installer, and the technique described in \u003ca href=\"https://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption.html\" rel=\"nofollow\"\u003ehttps://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption.html\u003c/a\u003e to setup the crypto slice.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eStep #1: boot to rescue mode\u003c/li\u003e\n\u003cli\u003eStep #2: boot to the installer\u003c/li\u003e\n\u003cli\u003eStep #3: prepare softraid\u003c/li\u003e\n\u003cli\u003eStep #4: reboot to encrypted OpenBSD system\u003c/li\u003e\n\u003cli\u003eBonus: further tightening your system\u003c/li\u003e\n\u003cli\u003eenable doas\u003c/li\u003e\n\u003cli\u003edisable the root account\u003c/li\u003e\n\u003cli\u003eupdate system with syspatch\u003c/li\u003e\n\u003cli\u003eadd my ssh public key to my ~/.ssh/authorized_keys\u003c/li\u003e\n\u003cli\u003edisable password authentication within ssh\u003c/li\u003e\n\u003cli\u003ereboot so you boot on a brand new up-to-date system with latest stable kernel\u003c/li\u003e\n\u003cli\u003eVOILA !\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/january-2018-development-projects-update/\" rel=\"nofollow\"\u003eJanuary 2018 Development Projects Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpectre and Meltdown in FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIssues affecting most CPUs used in servers, desktops, laptops, and mobile devices are in the news. These hardware vulnerabilities, known by the code-names “Meltdown” and “Spectre”, allow malicious programs to read data to which they should not have access. This potentially includes credentials, cryptographic material, or other secrets. They were originally identified by a researcher from Google’s Project Zero, and were also independently discovered by researchers and academics from Cyberus Technology, Graz University of Technology, the University of Pennsylvania, the University of Maryland, Rambus, the University of Adelaide and Data61.\u003c/p\u003e\n\n\u003cp\u003eThese vulnerabilities affect many CPU architectures supported by FreeBSD, but the 64-bit x86 family of processors from Intel and AMD are the most widely used, and are a high priority for software changes to mitigate the effects of Meltdown and Spectre. In particular, the Meltdown issue affects Intel CPUs and may be used to extract secret data from the running kernel, and therefore, is the most important issue to address.\u003c/p\u003e\n\n\u003cp\u003eThe FreeBSD Foundation collaborates with Intel, and under this relationship participated in a briefing to understand the details of these issues and plan the mitigations to be applied to the x86 architectures supported by FreeBSD. We also made arrangements to have FreeBSD’s security officer join me in the briefing. It is through the generous support of the Foundation’s donors that we are able to dedicate resources to focus on these issues on demand as they arise.\u003c/p\u003e\n\n\u003cp\u003eFoundation staff member Konstantin (Kostik) Belousov is an expert on FreeBSD’s Virtual Memory (VM) system as well as low-level x86 details, and is developing the x86 kernel mitigations for FreeBSD.\u003c/p\u003e\n\n\u003cp\u003eThe mitigation for Meltdown is known as Page Table Isolation (PTI). Kostik created a PTI implementation which was initially committed in mid-January and is available in the FreeBSD-CURRENT development repository. This is the same approach used by the Linux kernel to mitigate Meltdown.\u003c/p\u003e\n\n\u003cp\u003eOne of the drawbacks of the PTI mitigation is that it incurs a performance regression. Kostik recently reworked FreeBSD’s use of Process-Context Identifiers (PCID) in order to regain some of the performance loss incurred by PTI. This change is also now available in FreeBSD-CURRENT.\u003c/p\u003e\n\n\u003cp\u003eThe issue known as Spectre comes in two variants, and variant 2 is the more troubling and pressing one. It may be mitigated in one of two ways: by using a technique called “retpoline” in the compiler, or by making use of a CPU feature introduced in a processor microcode update. Both options are under active development. Kostik’s change to implement the CPU-based mitigation is currently in review. Unfortunately, it introduces a significant performance penalty and alternatives are preferred, if available.\u003c/p\u003e\n\n\u003cp\u003eFor most cases, the compiler-based retpoline mitigation is likely to be the chosen mitigation. Having switched to the Clang compiler for the base system and most of the ports collection some years ago, FreeBSD is well-positioned to deploy Clang-based mitigations. FreeBSD developer Dimitry Andric is spearheading the update of Clang/LLVM in FreeBSD to version 6.0 in anticipation of its official release; FreeBSD-CURRENT now includes an interim snapshot. I have been assisting with the import, particularly with respect to LLVM’s lld linker, and will support the integration of retpoline. This support is expected to be merged into FreeBSD in the coming weeks.\u003c/p\u003e\n\n\u003cp\u003eThe Foundation’s co-op students have also participated in the response to these vulnerabilities. Mitchell Horne developed the patch to control the PTI mitigation default setting, while Arshan Khanifar benchmarked the performance impact of the in-progress mitigation patches. In addition, Arshan and Mitchell each developed changes to FreeBSD’s tool chain to support the full set of mitigations that will be applied.\u003c/p\u003e\n\n\u003cp\u003eThese mitigations will continue be tested, benchmarked, and refined in FreeBSD-CURRENT before being merged into stable branches and then being made available as updates to FreeBSD releases. Details on the timing of these merges and releases will be shared as they become available.\u003c/p\u003e\n\n\u003cp\u003eI would like to acknowledge all of those in the FreeBSD community who have participated in FreeBSD’s response to Meltdown and Spectre, for testing, reviewing, and coordinating x86 mitigations, for developing mitigations for other processor architectures and for the Bhyve hypervisor, and for working on the toolchain-based mitigations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/guides-getting-started-lumina-themes/\" rel=\"nofollow\"\u003eGuides: Getting Started \u0026amp; Lumina Theme Submissions\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI am pleased to announce the beginning of a new sub-series of blog posts for the Lumina project: Guides!\u003c/p\u003e\n\n\u003cp\u003eThe TrueOS/Lumina projects want to support our users as they use Lumina or experiment with TrueOS. To that end, we’ve recently set up a central repository for our users to share instructions or other “how-to” guides with each other! Project developers and contributors will also submit guides to the repository on occasion, but the overall goal is to provide a simple hub for instructions written by any Lumina or TrueOS user. This will make it easier for users to not only find a “how-to” for some procedure, but also a very easy way to “give back” to the community by writing simple instructions or more detailed guides.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGuides Repository\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOur first guide to get the whole thing started was created by the \u003ca href=\"https://discourse.trueos.org/t/introducing-the-trueos-linebacker/991\" rel=\"nofollow\"\u003eTrueOS Linebacker\u003c/a\u003e  (with technical assistance from our own q5sys). In this guide, Terry Tate will walk you through the steps necessary to submit new wallpaper images to the Lumina Themes collection. This procedure is fully documented with screenshots every step of the way, walking you through a simple procedure that only requires a web browser and a Github account!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trueos/guides/blob/master/lumina-themes-submissions/readme.md\" rel=\"nofollow\"\u003eGuide: Lumina Themes Submissions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe end result of this guide was that Terry Tate was able to submit this cool new “Lunar-4K” wallpaper to the “lumina-nature” collection.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trueos/guides/tree/master\" rel=\"nofollow\"\u003eTrueOS Community Guides\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/zfs-vs-openzfs/\" rel=\"nofollow\"\u003eZFS vs. OpenZFS (by Michael Dexter)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. Our Senior Analyst clears up what ZFS and OpenZFS refer to and how they differ.\u003cbr\u003e\nI admit that we geeks tend to get caught up in the nuts and bolts of enterprise storage and overlook the more obvious questions that users might have. You’ve probably noticed that this blog and the FreeNAS blog refer to “ZFS” and “OpenZFS” seemingly at random when talking about the amazing file system at the heart of FreeNAS and every storage product that iXsystems sells. I will do my best to clarify what exactly these two terms refer to.\u003cbr\u003e\nFrom its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS \u0026amp; you should too” or try a completely-graphical ZFS experience with FreeNAS.\u003cbr\u003e\nYes, ZFS is really as good as people say it is.\u003cbr\u003e\nAfter enjoying nearly a decade of refinement by a growing group of developers around the world, ZFS became the property of database vendor Oracle, which ceased public development of both ZFS and OpenSolaris in 2010. Disappointed but undeterred, a group of OpenSolaris users and developers forked the last public release of OpenSolaris as the Illumos project. To this day, Illumos represents the official upstream home of the Open Source OpenSolaris technologies, including ZFS. The Illumos project enjoys healthy vendor and user participation but the portable nature and compelling features of ZFS soon produced far more ZFS users than Illumos users around the world. While most if not all users of Illumos and its derivatives are ZFS users, the majority of ZFS users are not Illumos users, thanks significantly in part to FreeNAS which uses the FreeBSD operating system. This imbalance plus several successful ZFS Day events led ZFS co-founder Matt Ahrens and a group of ZFS developers to announce the OpenZFS project, which would remain a part of the Illumos code base but would be free to coordinate development efforts and events around their favorite file system. ZFS Day has grown into the two-day OpenZFS Developer Summit and is stronger than ever, a testament to the passion and dedication of the OpenZFS community.\u003cbr\u003e\nOracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://explainshell.com/\" rel=\"nofollow\"\u003eExplaining Shell\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-18-1-released/\" rel=\"nofollow\"\u003eOPNsense® 18.1 Released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3104\" rel=\"nofollow\"\u003e“SSH Mastery 2/e” copyedits back\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3106\" rel=\"nofollow\"\u003eSponsoring a Scam\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BAFUG-Bay-Area-FreeBSD-User-Group/events/246623825/\" rel=\"nofollow\"\u003eThursday, February 8, 2018 - Come to Netflix to talk about FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/events/247552279/\" rel=\"nofollow\"\u003eBSD User Group meeting in Stockholm: March 22, 17:30 - 21:00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeBSD Flavoured talks from Linux.conf.au: \u003ca href=\"https://www.youtube.com/watch?v=z-uWt5wVVkU\" rel=\"nofollow\"\u003eYou can’t unit test C, right?\u003c/a\u003e and \u003ca href=\"https://www.youtube.com/watch?v=qAhZEI_6lbc\" rel=\"nofollow\"\u003eA Brief History of I/O\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.eurobsdcon.org/\" rel=\"nofollow\"\u003eEuroBSDcon 2018 website is up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://bhyvecon.org/\" rel=\"nofollow\"\u003eFull day bhyvecon Tokyo, Japan, March 9, 2018\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eThomas - \u003ca href=\"http://dpaste.com/3G2F7RC#wrap\" rel=\"nofollow\"\u003efreebsd installer improvements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMohammad - \u003ca href=\"http://dpaste.com/0HGK3FQ#wrap\" rel=\"nofollow\"\u003eFreeBSD 11 installation from a read only rescue disk\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStan - \u003ca href=\"http://dpaste.com/2S169SH#wrap\" rel=\"nofollow\"\u003eFollow up on guide you covered\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJalal - \u003ca href=\"http://dpaste.com/35N8QXP#wrap\" rel=\"nofollow\"\u003ecouple questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"We talk about our recent trip to FOSDEM, we discuss the pros and cons of permissive licensing, cover the installation of OpenBSD on a dedibox with full-disk encryption, the new Lumina guide repository, and we explain ZFS vs. OpenZFS.","date_published":"2018-02-07T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2246fb14-61bb-4387-942b-f8ba55f48deb.mp3","mime_type":"audio/mpeg","size_in_bytes":68482228,"duration_in_seconds":5706}]},{"id":"06b29fa5-0520-4e4d-a373-9e10de3ea498","title":"231: Unix Architecture Evolution","url":"https://www.bsdnow.tv/231","content_text":"We cover an interview about Unix Architecture Evolution, another vBSDcon trip report, how to teach an old Unix about backspace, new NUMA support coming to FreeBSD, and stack pointer checking in OpenBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nUnix Architecture Evolution from the 1970 PDP-7 to the 2017 FreeBSD\n\n\nQ: Could you briefly introduce yourself?\n\n\n\nI’m a professor of software engineering, a programmer at heart, and a technology author. Currently I’m also the editor in chief of the IEEE Software magazine. I recently published the book Effective Debugging, where I detail 66 ways to debug software and systems.\n\n\n\nQ: What will your talk be about, exactly?\n\n\n\nI will describe how the architecture of the Unix operating system evolved over the past half century, starting from an unnamed system written in PDP-7 assembly language and ending with a modern FreeBSD system. My talk is based, first, on a GitHub repository where I tried to record the system’s history from 1970 until today and, second, on the evolution of documented facilities (user commands, system calls, library functions) across revisions. I will thus present the early system’s defining architectural features (layering, system calls, devices as files, an interpreter, and process management) and the important ones that followed in subsequent releases: the tree directory structure, user contributed code, I/O redirection, the shell as a user program, groups, pipes, scripting, and little languages.\n\n\n\nQ: Why this topic?\n\n\n\nUnix stands out as a major engineering breakthrough due to its exemplary design, its numerous technical contributions, its impact, its development model, and its widespread use. Furthermore, the design of the Unix programming environment has been characterized as one offering unusual simplicity, power, and elegance. Consequently, there are many lessons that we can learn by studying the evolution of the Unix architecture, which we can apply to the design of new systems. I often see modern systems that suffer from a bloat of architectural features and a lack of clear form on which functionality can be built. I believe that many of the modern Unix architecture defining features are excellent examples of what we should strive toward as system architects.\n\n\n\nQ: What do you hope to accomplish by giving this talk? What do you expect?\n\n\n\nI’d like FOSDEM attendees to leave the talk with their mind full with architectural features of timeless quality. I want them to realize that architectural elegance isn’t derived by piling design patterns and does not need to be expensive in terms of resources. Rather, beautiful architecture can be achieved on an extremely modest scale. Furthermore, I want attendees to appreciate the importance of adopting flexible conventions rather than rigid enforcement mechanisms. Finally, I want to demonstrate through examples that the open source culture was part of Unix from its earliest days.\n\n\n\nQ: What are the most significant milestones in the development of Unix?\n\n\n\nThe architectural development of Unix follows a path of continuous evolution, albeit at a slowing pace, so I don’t see here the most important milestones. I would however define as significant milestones two key changes in the way Unix was developed. The first occurred in the late 1970s when significant activity shifted from a closely-knit team of researchers at the AT\u0026amp;T Bell Labs to the Computer Science Research Group in the University of California at Berkeley. This opened the system to academic contributions and growth through competitive research funding. The second took place in the late 1980s and the 1990s when Berkeley open-sourced the the code it had developed (by that time a large percentage of the system) and enthusiasts built on it to create complete open source operating system distributions: 386BSD, and then FreeBSD, NetBSD, OpenBSD, and others.\n\n\n\nQ: In which areas has the development of Unix stalled?\n\n\n\nThe data I will show demonstrate that there were in the past some long periods where the number of C library functions and system calls remained mostly stable. Nowadays there is significant growth in the number of all documented facilities with the exception of file formats. I’m looking forward to a discussion regarding the meaning of these growth patterns in the Q\u0026amp;A session after the talk.\n\n\n\nQ: What are the core features that still link the 1970 PDP-7 system to the latest FreeBSD 11.1 release, almost half a century apart?\n\n\n\nOver the past half-century the Unix system has grown by four orders of magnitude from a few thousand lines of code to many millions. Nevertheless, looking at a 1970s architecture diagram and a current one reveals that the initial architectural blocks are still with us today. Furthermore, most system calls, user programs, and C library functions of that era have survived until today with essentially similar functionality. I’ve even found in modern FreeBSD some lines of code that have survived unchanged for 40 years.\n\n\n\nQ: Can we still add innovative changes to operating systems like FreeBSD without breaking the ‘Unix philosophy’? Will there be a moment where FreeBSD isn’t recognizable anymore as a descendant of the 1970 PDP-7 system?\n\n\n\nThere’s a saying that “form liberates”. So having available a time-tested form for developing operating system functionality allows you to innovate in areas that matter rather than reinventing the wheel.\n\nSuch concepts include having commands act as a filter, providing manual pages with a consistent structure, supplying build information in the form of a Makefile, installing files in a well-defined directory hierarchy, implementing filesystems with an standardized object-oriented interface, and packaging reusable functions as a library. Within this framework there’s ample space for both incremental additions (think of jq, the JSON query command) and radical innovations (consider the Solaris-derived ZFS and dtrace functionality). For this reason I think that BSD and Linux systems will always be recognizable as direct or intellectual descendants of the 1970s Research Unix editions.\n\n\n\nQ: Have you enjoyed previous FOSDEM editions?\n\n\n\nImmensely! As an academic I need to attend many scientific conferences and meetings in order to present research results and interact with colleagues. This means too much time spent traveling and away from home, and a limited number of conferences I’m in the end able to attend. Nevertheless, attending FOSDEM is an easy decision due to the world-changing nature of its theme, the breadth of the topics presented, the participants’ enthusiasm and energy, as well as the exemplary, very efficient conference organization.\n\n\n\n\nAnother vBSDCon trip report we just found\n\n\nWe just got tipped about another trip report from vBSDCon, this time from one of the first time speakers: W. Dean Freeman\n\n\n\nRecently I had the honor of co-presenting on the internals of FreeBSD’s Kernel RNG with John-Mark Gurney at the 3rd biennial vBSDCon, hosted in Reston, VA hosted by Verisign.\nI’ve been in and out of the FreeBSD community for about 20 years. As I’ve mentioned on here before, my first Unix encounter was FreeBSD 2.2.8 when I was in the 7th or 8th grade. However, for all that time I’ve never managed to get out to any of the cons. I’ve been to one or two BUG meetings and I’ve met some folks from IRC before, but nothing like this.\n\n\n\nA BSD conference is a very different experience than anything else out there. You have to try it, it is the only way to truly understand it.\n\n\n\nI’d also not had to do a stand-up presentation really since college before this. So, my first BSD con and my first time presenting rolled into one made for an interesting experience.\n\n\n\nSee, he didn’t say terrifying. It went very well. You should totally submit a talk for the next conference, even if it is your first.\n\n\n\nThat said, it was amazing and invigorating experience. I got to meet a few big names in the FreeBSD community, discuss projects, ideas for FreeBSD, etc. I did seem to spend an unusual amount of time talking about FIPS and Common Criteria with folks, but to me that’s a good sign and indicative that there is interest in working to close gaps between FreeBSD and the current requirements so that we can start getting FreeBSD and more BSD-based products into the government and start whittling away the domination of Linux (especially since Oracle has cut Solaris, SPARC and the ZFS storage appliance business units).\n\n\n\nThere is nothing that can match the high bandwidth interchange of ideas in person. The internet has made all kinds of communication possible, and we use it all the time, but every once in a while, getting together in person is hugely valuable.\nDean then went on to list some of the talks he found most valuable, including DTrace, Capsicum, bhyve, *BSD security tools, and Paul Vixie’s talk about gets()\n\n\n\nI think the talk that really had the biggest impact on me, however, was Kyle Kneisl’s talk on BSD community dynamics. One of the key points he asked was whether the things that drew us to the BSD community in the first place would be able to happen today. Obviously, I’m not a 12 or 13 year old kid anymore, but it really got me thinking. That, combined with getting face time with people I’d previously only known as screen names has recently drawn me back into participating in IRC and rejoining mailing lists (wdf on freenode. be on the lookout!)\n\n\n\nThen Dean covered some thoughts on his own talk:\n\n\n\nJMG and my talk seems to have been well received, with people paying lots of attention. I don’t know what a typical number of questions is for one of these things, but on day one there weren’t that many questions.  We got about 5 during our question time and spent most of the rest of the day fielding questions from interested attendees. Getting a “great talk!” from GNN after coming down from the stage was probably one of the major highlights for me.\n\n\n\nI remember my first solo talk, and GNN asking the right question in the middle to get me to explain a part of it I had missed. It was very helpful.\n\n\n\nI think key to the interest in our presentation was that JMG did a good job framing a very complicated topic’s importance in terms everyone could understand.  It also helped that we got to drop some serious truth bombs.\n\n\n\nFinal Thoughts:\n\n\n\nI met a lot of folks in person for the first time, and met some people I’d never known online before. It was a great community and I’m glad I got a chance to expand my network.\nVerisign were excellent hosts and they took good care of both speakers (covering airfare, rooms, etc.) and also conference attendees at large. The dinners that they hosted were quite good as well.\nI’m definitely interested in attending vBSDCon again and now that I’ve had a taste of meeting IRL with the community on scale of more than a handful, I have every intention of finally making it to BSDCan next year (I’d said it in 2017, but then moved to Texas for a new job and it wasn’t going to be practical). This year for sure, though!\n\n\n\n\nTeaching an Almost 40-year Old UNIX about Backspace\n\n\nIntroduction\n\n\n\nI have been messing with the UNIX® operating system, Seventh Edition (commonly known as UNIX V7 or just V7) for a while now. V7 dates from 1979, so it’s about 40 years old at this point. The last post was on V7/x86, but since I’ve run into various issues with it, I moved on to a proper installation of V7 on SIMH. The Internet has some really good resources on installing V7 in SIMH. Thus, I set out on my own journey on installing and using V7 a while ago, but that was remarkably uneventful.\n\nOne convenience that I have been dearly missing since the switch from V7/x86 is a functioning backspace key. There seem to be multiple different definitions of backspace:\n\nBS, as in ASCII character 8 (010, 0x08, also represented as H), and\nDEL, as in ASCII character 127 (0177, 0x7F, also represented as ?).\nV7 does not accept either for input by default. Instead, # is used as the erase character and @ is used as the kill character. These defaults have been there since UNIX V1. In fact, they have been “there” since Multics, where they got chosen seemingly arbitrarily. The erase character erases the character before it. The kill character kills (deletes) the whole line. For example, “ba##gooo#d” would be interpreted as “good” and “bad line@good line” would be interpreted as “good line”.\n\nThere is some debate on whether BS or DEL is the correct character for terminals to send when the user presses the backspace key. However, most programs have settled on DEL today. tmux forces DEL, even if the terminal emulator sends BS, so simply changing my terminal to send BS was not an option. The change from the defaults outlined here to today’s modern-day defaults occurred between 4.1BSD and 4.2BSD. enf on Hacker News has written a nice overview of the various conventions\n\n\n\nGetting the Diff\n\n\n\nFor future generations as well as myself when I inevitably majorly break this installation of V7, I wanted to make a diff. However, my V7 is installed in SIMH. I am not a very intelligent man, I didn’t keep backup copies of the files I’d changed. Getting data out of this emulated machine is an exercise in frustration.\n\nIn the end, I printed everything on screen using cat(1) and copied that out. Then I performed a manual diff against the original source code tree because tabs got converted to spaces in the process. Then I applied the changes to clean copies that did have the tabs. And finally, I actually invoked diff(1).\n\n\n\nClosing Thoughts\n\n\n\nFiguring all this out took me a few days. Penetrating how the system is put together was surprisingly fairly hard at first, but then the difficulty curve eased up. It was an interesting exercise in some kind of “reverse engineering” and I definitely learned something about tty handling. I was, however, not pleased with using ed(1), even if I do know the basics. vi(1) is a blessing that I did not appreciate enough until recently. Had I also been unable to access recursive grep(1) on my host and scroll through the code, I would’ve probably given up. Writing UNIX under those kinds of editing conditions is an amazing feat. I have nothing but the greatest respect for software developers of those days.\n\n\n\n\nNews Roundup\n\nNew NUMA support coming to FreeBSD CURRENT\n\n\nHello folks,\n\nI am working on merging improved NUMA support with policy implemented by cpuset(2) over the next week.  This work has been supported by Dell/EMC's Isilon product division and Netflix.  You can see some discussion of these changes here:\n\nhttps://reviews.freebsd.org/D13403\nhttps://reviews.freebsd.org/D13289\nhttps://reviews.freebsd.org/D13545\n\nThe work has been done in user/jeff/numa if you want to look at svn history or experiment with the branch.  It has been tested by Peter Holm on i386 and amd64 and it has been verified to work on arm at various points.\n\nWe are working towards compatibility with libnuma and linux mbind.  These commits will bring in improved support for NUMA in the kernel.  There are new domain specific allocation functions available to kernel for UMA, malloc, kmem_, and vm_page*.  busdmamem consumers will automatically be placed in the correct domain, bringing automatic improvements to some \ndevice performance.\n\ncpuset will be able to constrains processes, groups of processes, jails, etc. to subsets of the system memory domains, just as it can with sets of cpus.  It can set default policy for any of the above.  Threads can use cpusets to set policy that specifies a subset of their visible domains.\n\nAvailable policies are first-touch (local in linux terms), round-robin (similar to linux interleave), and preferred.  For now, the default is round-robin.  You can achieve a fixed domain policy by using round-robin with a bitmask of a single domain.  As the scheduler and VM become more \nsophisticated we may switch the default to first-touch as linux does.\n\nCurrently these features are enabled with VM_NUMA_ALLOC and MAXMEMDOM.  It will eventually be NUMA/MAXMEMDOM to match SMP/MAXCPU.  The current NUMA syscalls and VM_NUMA_ALLOC code was 'experimental' and will be deprecated. numactl will continue to be supported although cpuset should be preferred going forward as it supports the full feature set of the new API.\n\nThank you for your patience as I deal with the inevitable fallout of such sweeping changes.  If you do have bugs, please file them in bugzilla, or reach out to me directly.  I don't always have time to catch up on all of my mailing list mail and regretfully things slip through the cracks when \nthey are not addressed directly to me.\n\nThanks,\nJeff\n\n\n\n\nStack pointer checking – OpenBSD\n\n\nStefan (stefan@) and I have been working for a few months on this diff, with help from a few others.\n\nAt every trap and system call, it checks if the stack-pointer is on a page that is marked MAP_STACK.  execve() is changed to create such mappings for the process stack.  Also, libpthread is taught the new MAP_STACK flag to use with mmap().\n\nThere is no corresponding system call which can set MAP_FLAG on an existing page, you can only set the flag by mapping new memory into place.  That is a piece of the security model.\n\nThe purpose of this change is to twart stack pivots, which apparently have gained some popularity in JIT ROP attacks.  It makes it difficult to place the ROP stack in regular data memory, and then perform a system call from it.  Workarounds are cumbersome, increasing the need for far more gadgetry.  But also the trap case -- if any memory experiences a demand page fault, the same check will occur and potentially also kill the process.\n\nWe have experimented a little with performing this check during device interrupts, but there are some locking concerns and performance may then become a concern.  It'll be best to gain experience from handle of syncronous trap cases first.\n\nchrome and other applications I use run fine!\n\nI'm asking for some feedback to discover what ports this breaks, we'd like to know.  Those would be ports which try to (unconventionally) create their stacks in malloc()'d memory or inside another Data structure.  Most of them are probably easily fixed ...\n\n\n\n\nQt 5.9 on FreeBSD\n\n\nTobias and Raphael have spent the past month or so hammering on the Qt 5.9 branch, which has (finally!) landed in the official FreeBSD ports tree. This brings FreeBSD back up-to-date with current Qt releases and, more importantly, up-to-date with the Qt release KDE software is increasingly expecting. With Qt 5.9, the Elisa music player works, for instance (where it has run-time errors with Qt 5.7, even if it compiles). The KDE-FreeBSD CI system has had Qt 5.9 for some time already, but that was hand-compiled and jimmied into the system, rather than being a “proper” ports build.\n\nThe new Qt version uses a new build system, which is one of the things that really slowed us down from a packaging perspective. Some modules have been reshuffled in the process. Some applications depending on Qt internal-private headers have been fixed along the way. The Telegram desktop client continues to be a pain in the butt that way.\n\nFollowing on from Qt 5.9 there has been some work in getting ready for Clang 6 support; in general the KDE and Qt stack is clean and modern C++, so it’s more infrastructural tweaks than fixing code. Outside of our silo, I still see lots of wonky C++ code being fixed and plenty of confusion between pointers and integers and strings and chars and .. ugh. Speaking of ugh, I’m still planning to clean up Qt4 on ARM aarch64 for FreeBSD; this boils down to stealing suitable qatomic implementations from Arch Linux.\n\nFor regular users of Qt applications on FreeBSD, there should be few to no changes required outside the regular upgrade cycle. For KDE Plasma users, note that development of the ports has changed branches; as we get closer to actually landing modern KDE bits, things have been renamed and reshuffled and mulled over so often that the old plasma5 branch wasn’t really right anymore. The kde5-import branch is where it’s at nowadays, and the instructions are the same: the x11/kde5 metaport will give you all the KDE Frameworks 5, KDE Plasma Desktop and modern KDE Applications you need.\n\n\n\n\nAdding IPv6 to an Nginx website on FreeBSD / FreshPorts\n\n\nFreshPorts recently moved to an IPv6-capable server but until today, that capability has not been utilized.\nThere were a number of things I had to configure, but this will not necessarily be an exhaustive list for you to follow. Some steps might be missing, and it might not apply to your situation.\n\n\n\nAll of this took about 3 hours.\n\n\n\nWe are using:\n\n\nFreeBSD 11.1\nBind 9.9.11\nnginx 1.12.2\n\nFallout\n\n\n\nI expect some monitoring fallout from this change. I suspect some of my monitoring assumes IP4 and now that IPv6 is available, I need to monitor both IP addresses.\n\n\n\n\nZFS on TrueOS: Why We Love OpenZFS\n\n\nTrueOS was the first desktop operating system to fully implement the OpenZFS (Zettabyte File System or ZFS for short) enterprise file system in a stable production environment. To fully understand why we love ZFS, we will look back to the early days of TrueOS (formerly PC-BSD). The development team had been using the UFS file system in TrueOS because of its solid track record with FreeBSD-based computer systems and its ability to check file consistency with the built-in check utility fsck.\n\nHowever, as computing demands increased, problems began to surface. Slow fsck file verification on large file systems, slow replication speeds, and inconsistency in data integrity while using UFS logging / journaling began to hinder users. It quickly became apparent that TrueOS users would need a file system that scales with evolving enterprise storage needs, offers the best data protection, and works just as well on a hobbyist system or desktop computer.\n\nKris Moore, the founder of the TrueOS project, first heard about OpenZFS in 2007 from chatter on the FreeBSD mailing lists. In 2008, the TrueOS development team was thrilled to learn that the FreeBSD Project had ported ZFS. At the time, ZFS was still unproven as a graphical desktop solution, but Kris saw a perfect opportunity to offer ZFS as a cutting-edge file system option in the TrueOS installer, allowing the TrueOS project to act as an indicator of how OpenZFS would fair in real-world production use.\n\nThe team was blown away by the reception and quality of OpenZFS on FreeBSD-based systems. By its nature, ZFS is a copy-on-write (CoW) file system that won’t move a block of data until it both writes the data and verifies its integrity. This is very different from most other file systems in use today. ZFS is able to assure that data stays consistent between writes by automatically comparing write checksums, which mitigates bit rot. ZFS also comes with native RaidZ functionality that allows for enterprise data management and redundancy without the need for expensive traditional RAID cards. ZFS snapshots allow for system configuration backups in a split-second. You read that right. TrueOS can backup or restore snapshots in less than a second using the ZFS file system.\n\nGiven these advantages, the TrueOS team decided to use ZFS as its exclusive file system starting in 2013, and we haven’t looked back since. ZFS offers TrueOS users the stable workstation experience they want, while simultaneously scaling to meet the increasing demands of the enterprise storage market. TrueOS users are frequently commenting on how easy it is to use ZFS snapshots with our built-in snapshot utility. This allows users the freedom to experiment with their system knowing they can restore it in seconds if anything goes wrong. If you haven’t had a chance to try ZFS with TrueOS, browse to our download page and make sure to grab a copy of TrueOS. You’ll be blown away by the ease of use, data protection functionality, and incredible flexibility of RaidZ.\n\n\n\n\nBeastie Bits\n\n\nSource Code Podcast Interview with Michael W Lucas\nOperating System of the Year 2017: NetBSD Third place\nOPNsense 18.1-RC1 released\nPersonal OpenBSD Wiki Notes\nBSD section can use some contribution\nThe Third Research Edition Unix Programmer's Manual (now available in PDF)\n\n\nFeedback/Questions\n\n\nAlex - my first freebsd bug\nJohn - Suggested Speakers \nTodd - Two questions\nMatthew - CentOS to FreeBSD\nBrian - Brian - openbsd 6.2 and enlightenment .17\n***\n","content_html":"\u003cp\u003eWe cover an interview about Unix Architecture Evolution, another vBSDcon trip report, how to teach an old Unix about backspace, new NUMA support coming to FreeBSD, and stack pointer checking in OpenBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fosdem.org/2018/interviews/diomidis-spinellis/\" rel=\"nofollow\"\u003eUnix Architecture Evolution from the 1970 PDP-7 to the 2017 FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Could you briefly introduce yourself?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m a professor of software engineering, a programmer at heart, and a technology author. Currently I’m also the editor in chief of the IEEE Software magazine. I recently published the book Effective Debugging, where I detail 66 ways to debug software and systems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: What will your talk be about, exactly?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI will describe how the architecture of the Unix operating system evolved over the past half century, starting from an unnamed system written in PDP-7 assembly language and ending with a modern FreeBSD system. My talk is based, first, on a GitHub repository where I tried to record the system’s history from 1970 until today and, second, on the evolution of documented facilities (user commands, system calls, library functions) across revisions. I will thus present the early system’s defining architectural features (layering, system calls, devices as files, an interpreter, and process management) and the important ones that followed in subsequent releases: the tree directory structure, user contributed code, I/O redirection, the shell as a user program, groups, pipes, scripting, and little languages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Why this topic?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnix stands out as a major engineering breakthrough due to its exemplary design, its numerous technical contributions, its impact, its development model, and its widespread use. Furthermore, the design of the Unix programming environment has been characterized as one offering unusual simplicity, power, and elegance. Consequently, there are many lessons that we can learn by studying the evolution of the Unix architecture, which we can apply to the design of new systems. I often see modern systems that suffer from a bloat of architectural features and a lack of clear form on which functionality can be built. I believe that many of the modern Unix architecture defining features are excellent examples of what we should strive toward as system architects.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: What do you hope to accomplish by giving this talk? What do you expect?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’d like FOSDEM attendees to leave the talk with their mind full with architectural features of timeless quality. I want them to realize that architectural elegance isn’t derived by piling design patterns and does not need to be expensive in terms of resources. Rather, beautiful architecture can be achieved on an extremely modest scale. Furthermore, I want attendees to appreciate the importance of adopting flexible conventions rather than rigid enforcement mechanisms. Finally, I want to demonstrate through examples that the open source culture was part of Unix from its earliest days.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: What are the most significant milestones in the development of Unix?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe architectural development of Unix follows a path of continuous evolution, albeit at a slowing pace, so I don’t see here the most important milestones. I would however define as significant milestones two key changes in the way Unix was developed. The first occurred in the late 1970s when significant activity shifted from a closely-knit team of researchers at the AT\u0026amp;T Bell Labs to the Computer Science Research Group in the University of California at Berkeley. This opened the system to academic contributions and growth through competitive research funding. The second took place in the late 1980s and the 1990s when Berkeley open-sourced the the code it had developed (by that time a large percentage of the system) and enthusiasts built on it to create complete open source operating system distributions: 386BSD, and then FreeBSD, NetBSD, OpenBSD, and others.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: In which areas has the development of Unix stalled?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe data I will show demonstrate that there were in the past some long periods where the number of C library functions and system calls remained mostly stable. Nowadays there is significant growth in the number of all documented facilities with the exception of file formats. I’m looking forward to a discussion regarding the meaning of these growth patterns in the Q\u0026amp;A session after the talk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: What are the core features that still link the 1970 PDP-7 system to the latest FreeBSD 11.1 release, almost half a century apart?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the past half-century the Unix system has grown by four orders of magnitude from a few thousand lines of code to many millions. Nevertheless, looking at a 1970s architecture diagram and a current one reveals that the initial architectural blocks are still with us today. Furthermore, most system calls, user programs, and C library functions of that era have survived until today with essentially similar functionality. I’ve even found in modern FreeBSD some lines of code that have survived unchanged for 40 years.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Can we still add innovative changes to operating systems like FreeBSD without breaking the ‘Unix philosophy’? Will there be a moment where FreeBSD isn’t recognizable anymore as a descendant of the 1970 PDP-7 system?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere’s a saying that “form liberates”. So having available a time-tested form for developing operating system functionality allows you to innovate in areas that matter rather than reinventing the wheel.\u003c/p\u003e\n\n\u003cp\u003eSuch concepts include having commands act as a filter, providing manual pages with a consistent structure, supplying build information in the form of a Makefile, installing files in a well-defined directory hierarchy, implementing filesystems with an standardized object-oriented interface, and packaging reusable functions as a library. Within this framework there’s ample space for both incremental additions (think of jq, the JSON query command) and radical innovations (consider the Solaris-derived ZFS and dtrace functionality). For this reason I think that BSD and Linux systems will always be recognizable as direct or intellectual descendants of the 1970s Research Unix editions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Have you enjoyed previous FOSDEM editions?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eImmensely! As an academic I need to attend many scientific conferences and meetings in order to present research results and interact with colleagues. This means too much time spent traveling and away from home, and a limited number of conferences I’m in the end able to attend. Nevertheless, attending FOSDEM is an easy decision due to the world-changing nature of its theme, the breadth of the topics presented, the participants’ enthusiasm and energy, as well as the exemplary, very efficient conference organization.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.weaponizedawesome.com/blog/?cat=53\" rel=\"nofollow\"\u003eAnother vBSDCon trip report we just found\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe just got tipped about another trip report from vBSDCon, this time from one of the first time speakers: W. Dean Freeman\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently I had the honor of co-presenting on the internals of FreeBSD’s Kernel RNG with John-Mark Gurney at the 3rd biennial vBSDCon, hosted in Reston, VA hosted by Verisign.\u003cbr\u003e\nI’ve been in and out of the FreeBSD community for about 20 years. As I’ve mentioned on here before, my first Unix encounter was FreeBSD 2.2.8 when I was in the 7th or 8th grade. However, for all that time I’ve never managed to get out to any of the cons. I’ve been to one or two BUG meetings and I’ve met some folks from IRC before, but nothing like this.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA BSD conference is a very different experience than anything else out there. You have to try it, it is the only way to truly understand it.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’d also not had to do a stand-up presentation really since college before this. So, my first BSD con and my first time presenting rolled into one made for an interesting experience.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee, he didn’t say terrifying. It went very well. You should totally submit a talk for the next conference, even if it is your first.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThat said, it was amazing and invigorating experience. I got to meet a few big names in the FreeBSD community, discuss projects, ideas for FreeBSD, etc. I did seem to spend an unusual amount of time talking about FIPS and Common Criteria with folks, but to me that’s a good sign and indicative that there is interest in working to close gaps between FreeBSD and the current requirements so that we can start getting FreeBSD and more BSD-based products into the government and start whittling away the domination of Linux (especially since Oracle has cut Solaris, SPARC and the ZFS storage appliance business units).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is nothing that can match the high bandwidth interchange of ideas in person. The internet has made all kinds of communication possible, and we use it all the time, but every once in a while, getting together in person is hugely valuable.\u003c/li\u003e\n\u003cli\u003eDean then went on to list some of the talks he found most valuable, including DTrace, Capsicum, bhyve, *BSD security tools, and Paul Vixie’s talk about gets()\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI think the talk that really had the biggest impact on me, however, was Kyle Kneisl’s talk on BSD community dynamics. One of the key points he asked was whether the things that drew us to the BSD community in the first place would be able to happen today. Obviously, I’m not a 12 or 13 year old kid anymore, but it really got me thinking. That, combined with getting face time with people I’d previously only known as screen names has recently drawn me back into participating in IRC and rejoining mailing lists (wdf on freenode. be on the lookout!)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThen Dean covered some thoughts on his own talk:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJMG and my talk seems to have been well received, with people paying lots of attention. I don’t know what a typical number of questions is for one of these things, but on day one there weren’t that many questions.  We got about 5 during our question time and spent most of the rest of the day fielding questions from interested attendees. Getting a “great talk!” from GNN after coming down from the stage was probably one of the major highlights for me.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI remember my first solo talk, and GNN asking the right question in the middle to get me to explain a part of it I had missed. It was very helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI think key to the interest in our presentation was that JMG did a good job framing a very complicated topic’s importance in terms everyone could understand.  It also helped that we got to drop some serious truth bombs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFinal Thoughts:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI met a lot of folks in person for the first time, and met some people I’d never known online before. It was a great community and I’m glad I got a chance to expand my network.\u003cbr\u003e\nVerisign were excellent hosts and they took good care of both speakers (covering airfare, rooms, etc.) and also conference attendees at large. The dinners that they hosted were quite good as well.\u003cbr\u003e\nI’m definitely interested in attending vBSDCon again and now that I’ve had a taste of meeting IRL with the community on scale of more than a handful, I have every intention of finally making it to BSDCan next year (I’d said it in 2017, but then moved to Texas for a new job and it wasn’t going to be practical). This year for sure, though!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://virtuallyfun.com/2018/01/17/teaching_an_almost_40-year_old_unix_about_backspace/\" rel=\"nofollow\"\u003eTeaching an Almost 40-year Old UNIX about Backspace\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntroduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been messing with the UNIX® operating system, Seventh Edition (commonly known as UNIX V7 or just V7) for a while now. V7 dates from 1979, so it’s about 40 years old at this point. The last post was on V7/x86, but since I’ve run into various issues with it, I moved on to a proper installation of V7 on SIMH. The Internet has some really good resources on installing V7 in SIMH. Thus, I set out on my own journey on installing and using V7 a while ago, but that was remarkably uneventful.\u003c/p\u003e\n\n\u003cp\u003eOne convenience that I have been dearly missing since the switch from V7/x86 is a functioning backspace key. There seem to be multiple different definitions of backspace:\u003c/p\u003e\n\n\u003cp\u003eBS, as in ASCII character 8 (010, 0x08, also represented as \u003csup\u003eH),\u003c/sup\u003e and\u003cbr\u003e\nDEL, as in ASCII character 127 (0177, 0x7F, also represented as \u003csup\u003e?).\u003c/sup\u003e\u003cbr\u003e\nV7 does not accept either for input by default. Instead, # is used as the erase character and @ is used as the kill character. These defaults have been there since UNIX V1. In fact, they have been “there” since Multics, where they got chosen seemingly arbitrarily. The erase character erases the character before it. The kill character kills (deletes) the whole line. For example, “ba##gooo#d” would be interpreted as “good” and “bad line@good line” would be interpreted as “good line”.\u003c/p\u003e\n\n\u003cp\u003eThere is some debate on whether BS or DEL is the correct character for terminals to send when the user presses the backspace key. However, most programs have settled on DEL today. tmux forces DEL, even if the terminal emulator sends BS, so simply changing my terminal to send BS was not an option. The change from the defaults outlined here to today’s modern-day defaults occurred between 4.1BSD and 4.2BSD. enf on Hacker News has written a nice overview of the various conventions\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGetting the Diff\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor future generations as well as myself when I inevitably majorly break this installation of V7, I wanted to make a diff. However, my V7 is installed in SIMH. I am not a very intelligent man, I didn’t keep backup copies of the files I’d changed. Getting data out of this emulated machine is an exercise in frustration.\u003c/p\u003e\n\n\u003cp\u003eIn the end, I printed everything on screen using cat(1) and copied that out. Then I performed a manual diff against the original source code tree because tabs got converted to spaces in the process. Then I applied the changes to clean copies that did have the tabs. And finally, I actually invoked diff(1).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eClosing Thoughts\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFiguring all this out took me a few days. Penetrating how the system is put together was surprisingly fairly hard at first, but then the difficulty curve eased up. It was an interesting exercise in some kind of “reverse engineering” and I definitely learned something about tty handling. I was, however, not pleased with using ed(1), even if I do know the basics. vi(1) is a blessing that I did not appreciate enough until recently. Had I also been unable to access recursive grep(1) on my host and scroll through the code, I would’ve probably given up. Writing UNIX under those kinds of editing conditions is an amazing feat. I have nothing but the greatest respect for software developers of those days.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2018-January/068145.html\" rel=\"nofollow\"\u003eNew NUMA support coming to FreeBSD CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHello folks,\u003c/p\u003e\n\n\u003cp\u003eI am working on merging improved NUMA support with policy implemented by cpuset(2) over the next week.  This work has been supported by Dell/EMC\u0026#39;s Isilon product division and Netflix.  You can see some discussion of these changes here:\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://reviews.freebsd.org/D13403\" rel=\"nofollow\"\u003ehttps://reviews.freebsd.org/D13403\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://reviews.freebsd.org/D13289\" rel=\"nofollow\"\u003ehttps://reviews.freebsd.org/D13289\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://reviews.freebsd.org/D13545\" rel=\"nofollow\"\u003ehttps://reviews.freebsd.org/D13545\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eThe work has been done in user/jeff/numa if you want to look at svn history or experiment with the branch.  It has been tested by Peter Holm on i386 and amd64 and it has been verified to work on arm at various points.\u003c/p\u003e\n\n\u003cp\u003eWe are working towards compatibility with libnuma and linux mbind.  These commits will bring in improved support for NUMA in the kernel.  There are new domain specific allocation functions available to kernel for UMA, malloc, kmem_, and vm_page*.  busdmamem consumers will automatically be placed in the correct domain, bringing automatic improvements to some \u003cbr\u003e\ndevice performance.\u003c/p\u003e\n\n\u003cp\u003ecpuset will be able to constrains processes, groups of processes, jails, etc. to subsets of the system memory domains, just as it can with sets of cpus.  It can set default policy for any of the above.  Threads can use cpusets to set policy that specifies a subset of their visible domains.\u003c/p\u003e\n\n\u003cp\u003eAvailable policies are first-touch (local in linux terms), round-robin (similar to linux interleave), and preferred.  For now, the default is round-robin.  You can achieve a fixed domain policy by using round-robin with a bitmask of a single domain.  As the scheduler and VM become more \u003cbr\u003e\nsophisticated we may switch the default to first-touch as linux does.\u003c/p\u003e\n\n\u003cp\u003eCurrently these features are enabled with VM_NUMA_ALLOC and MAXMEMDOM.  It will eventually be NUMA/MAXMEMDOM to match SMP/MAXCPU.  The current NUMA syscalls and VM_NUMA_ALLOC code was \u0026#39;experimental\u0026#39; and will be deprecated. numactl will continue to be supported although cpuset should be preferred going forward as it supports the full feature set of the new API.\u003c/p\u003e\n\n\u003cp\u003eThank you for your patience as I deal with the inevitable fallout of such sweeping changes.  If you do have bugs, please file them in bugzilla, or reach out to me directly.  I don\u0026#39;t always have time to catch up on all of my mailing list mail and regretfully things slip through the cracks when \u003cbr\u003e\nthey are not addressed directly to me.\u003c/p\u003e\n\n\u003cp\u003eThanks,\u003cbr\u003e\nJeff\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=151572838911297\u0026w=2\" rel=\"nofollow\"\u003eStack pointer checking – OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eStefan (stefan@) and I have been working for a few months on this diff, with help from a few others.\u003c/p\u003e\n\n\u003cp\u003eAt every trap and system call, it checks if the stack-pointer is on a page that is marked MAP_STACK.  execve() is changed to create such mappings for the process stack.  Also, libpthread is taught the new MAP_STACK flag to use with mmap().\u003c/p\u003e\n\n\u003cp\u003eThere is no corresponding system call which can set MAP_FLAG on an existing page, you can only set the flag by mapping new memory into place.  That is a piece of the security model.\u003c/p\u003e\n\n\u003cp\u003eThe purpose of this change is to twart stack pivots, which apparently have gained some popularity in JIT ROP attacks.  It makes it difficult to place the ROP stack in regular data memory, and then perform a system call from it.  Workarounds are cumbersome, increasing the need for far more gadgetry.  But also the trap case -- if any memory experiences a demand page fault, the same check will occur and potentially also kill the process.\u003c/p\u003e\n\n\u003cp\u003eWe have experimented a little with performing this check during device interrupts, but there are some locking concerns and performance may then become a concern.  It\u0026#39;ll be best to gain experience from handle of syncronous trap cases first.\u003c/p\u003e\n\n\u003cp\u003echrome and other applications I use run fine!\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;m asking for some feedback to discover what ports this breaks, we\u0026#39;d like to know.  Those would be ports which try to (unconventionally) create their stacks in malloc()\u0026#39;d memory or inside another Data structure.  Most of them are probably easily fixed ...\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=1768\" rel=\"nofollow\"\u003eQt 5.9 on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTobias and Raphael have spent the past month or so hammering on the Qt 5.9 branch, which has (finally!) landed in the official FreeBSD ports tree. This brings FreeBSD back up-to-date with current Qt releases and, more importantly, up-to-date with the Qt release KDE software is increasingly expecting. With Qt 5.9, the Elisa music player works, for instance (where it has run-time errors with Qt 5.7, even if it compiles). The KDE-FreeBSD CI system has had Qt 5.9 for some time already, but that was hand-compiled and jimmied into the system, rather than being a “proper” ports build.\u003c/p\u003e\n\n\u003cp\u003eThe new Qt version uses a new build system, which is one of the things that really slowed us down from a packaging perspective. Some modules have been reshuffled in the process. Some applications depending on Qt internal-private headers have been fixed along the way. The Telegram desktop client continues to be a pain in the butt that way.\u003c/p\u003e\n\n\u003cp\u003eFollowing on from Qt 5.9 there has been some work in getting ready for Clang 6 support; in general the KDE and Qt stack is clean and modern C++, so it’s more infrastructural tweaks than fixing code. Outside of our silo, I still see lots of wonky C++ code being fixed and plenty of confusion between pointers and integers and strings and chars and .. ugh. Speaking of ugh, I’m still planning to clean up Qt4 on ARM aarch64 for FreeBSD; this boils down to stealing suitable qatomic implementations from Arch Linux.\u003c/p\u003e\n\n\u003cp\u003eFor regular users of Qt applications on FreeBSD, there should be few to no changes required outside the regular upgrade cycle. For KDE Plasma users, note that development of the ports has changed branches; as we get closer to actually landing modern KDE bits, things have been renamed and reshuffled and mulled over so often that the old plasma5 branch wasn’t really right anymore. The kde5-import branch is where it’s at nowadays, and the instructions are the same: the x11/kde5 metaport will give you all the KDE Frameworks 5, KDE Plasma Desktop and modern KDE Applications you need.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dan.langille.org/2018/01/13/adding-ipv6-to-an-nginx-website-on-freebsd-freshports/\" rel=\"nofollow\"\u003eAdding IPv6 to an Nginx website on FreeBSD / FreshPorts\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eFreshPorts recently moved to an IPv6-capable server but until today, that capability has not been utilized.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThere were a number of things I had to configure, but this will not necessarily be an exhaustive list for you to follow. Some steps might be missing, and it might not apply to your situation.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAll of this took about 3 hours.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eWe are using:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 11.1\u003c/li\u003e\n\u003cli\u003eBind 9.9.11\u003c/li\u003e\n\u003cli\u003enginx 1.12.2\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFallout\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI expect some monitoring fallout from this change. I suspect some of my monitoring assumes IP4 and now that IPv6 is available, I need to monitor both IP addresses.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/zfs-trueos-love-openzfs/\" rel=\"nofollow\"\u003eZFS on TrueOS: Why We Love OpenZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueOS was the first desktop operating system to fully implement the OpenZFS (Zettabyte File System or ZFS for short) enterprise file system in a stable production environment. To fully understand why we love ZFS, we will look back to the early days of TrueOS (formerly PC-BSD). The development team had been using the UFS file system in TrueOS because of its solid track record with FreeBSD-based computer systems and its ability to check file consistency with the built-in check utility fsck.\u003c/p\u003e\n\n\u003cp\u003eHowever, as computing demands increased, problems began to surface. Slow fsck file verification on large file systems, slow replication speeds, and inconsistency in data integrity while using UFS logging / journaling began to hinder users. It quickly became apparent that TrueOS users would need a file system that scales with evolving enterprise storage needs, offers the best data protection, and works just as well on a hobbyist system or desktop computer.\u003c/p\u003e\n\n\u003cp\u003eKris Moore, the founder of the TrueOS project, first heard about OpenZFS in 2007 from chatter on the FreeBSD mailing lists. In 2008, the TrueOS development team was thrilled to learn that the FreeBSD Project had ported ZFS. At the time, ZFS was still unproven as a graphical desktop solution, but Kris saw a perfect opportunity to offer ZFS as a cutting-edge file system option in the TrueOS installer, allowing the TrueOS project to act as an indicator of how OpenZFS would fair in real-world production use.\u003c/p\u003e\n\n\u003cp\u003eThe team was blown away by the reception and quality of OpenZFS on FreeBSD-based systems. By its nature, ZFS is a copy-on-write (CoW) file system that won’t move a block of data until it both writes the data and verifies its integrity. This is very different from most other file systems in use today. ZFS is able to assure that data stays consistent between writes by automatically comparing write checksums, which mitigates bit rot. ZFS also comes with native RaidZ functionality that allows for enterprise data management and redundancy without the need for expensive traditional RAID cards. ZFS snapshots allow for system configuration backups in a split-second. You read that right. TrueOS can backup or restore snapshots in less than a second using the ZFS file system.\u003c/p\u003e\n\n\u003cp\u003eGiven these advantages, the TrueOS team decided to use ZFS as its exclusive file system starting in 2013, and we haven’t looked back since. ZFS offers TrueOS users the stable workstation experience they want, while simultaneously scaling to meet the increasing demands of the enterprise storage market. TrueOS users are frequently commenting on how easy it is to use ZFS snapshots with our built-in snapshot utility. This allows users the freedom to experiment with their system knowing they can restore it in seconds if anything goes wrong. If you haven’t had a chance to try ZFS with TrueOS, browse to our download page and make sure to grab a copy of TrueOS. You’ll be blown away by the ease of use, data protection functionality, and incredible flexibility of RaidZ.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3099\" rel=\"nofollow\"\u003eSource Code Podcast Interview with Michael W Lucas\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://w3techs.com/blog/entry/web_technologies_of_the_year_2017\" rel=\"nofollow\"\u003eOperating System of the Year 2017: NetBSD Third place\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-18-1-rc1-released/\" rel=\"nofollow\"\u003eOPNsense 18.1-RC1 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://balu-wiki.readthedocs.io/en/latest/security/openbsd.html\" rel=\"nofollow\"\u003ePersonal OpenBSD Wiki Notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://guide.freecodecamp.org/bsd-os/\" rel=\"nofollow\"\u003eBSD section can use some contribution\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dspinellis/unix-v3man\" rel=\"nofollow\"\u003eThe Third Research Edition Unix Programmer\u0026#39;s Manual (now available in PDF)\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlex - \u003ca href=\"http://dpaste.com/3DSV7BC#wrap\" rel=\"nofollow\"\u003emy first freebsd bug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohn - \u003ca href=\"http://dpaste.com/2QFR4MT#wrap\" rel=\"nofollow\"\u003eSuggested Speakers\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eTodd - \u003ca href=\"http://dpaste.com/2FQ450Q#wrap\" rel=\"nofollow\"\u003eTwo questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatthew - \u003ca href=\"http://dpaste.com/3KA29E0#wrap\" rel=\"nofollow\"\u003eCentOS to FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrian - \u003ca href=\"http://dpaste.com/24DYF1J#wrap\" rel=\"nofollow\"\u003eBrian - openbsd 6.2 and enlightenment .17\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We cover an interview about Unix Architecture Evolution, another vBSDcon trip report, how to teach an old Unix about backspace, new NUMA support coming to FreeBSD, and stack pointer checking in OpenBSD.","date_published":"2018-02-01T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/06b29fa5-0520-4e4d-a373-9e10de3ea498.mp3","mime_type":"audio/mpeg","size_in_bytes":61159252,"duration_in_seconds":5096}]},{"id":"cb9ee437-7c5c-4e4c-99b2-4270ffbfbae2","title":"230: Your questions, Part III","url":"https://www.bsdnow.tv/230","content_text":"We provide you with updates to Spectre and Meltdown from various BSD projects, a review of TrueOS from Linux, how to set up FreeBSD on ThinkPad x240, and a whole bunch of beastie bits.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nKPTI patch lands in FreeBSD -current\n\n\nAfter a heroic effort by Konstantin Belousov kib@FreeBSD.org, the first meltdown patch has landed in FreeBSD\nThis creates separate page tables for the Kernel and userland, and switches between them when executions enters the kernel, and when it returns to userland\nIt is currently off by default, but you are encouraged to test it, so it can be merged back to the release branches. Set vm.pmap.pti=1 in /boot/loader.conf\nThe existing implementation of PCID (process-context identifiers), is not compatible with the new PTI code, and is disabled when PTI is enabled, decreasing performance. A future patch will use PCID in a way that is compatible with PTI.\nPCID allows the OS to annotate memory mappings to specific processes, so that they can be flushed selectively, and so that they are only used when in the context of that application.\nOnce the developers are relatively confident in the correctness of the code that has landed in -current, it will be ported back to FreeBSD 10 and 11, and released as a security advisory.\nApparently porting back to FreeBSD 11 only has some relatively simple merge conflicts, but 10 will be more work.\nFormer FreeBSD Security Officer Dag-Erling Smørgrav has created a meltdown testing and PoC tool that you can use to check your system. It is not finished yet, and doesn’t seem to work with newer processors (haswell and newer).\nThe first partial mitigation for Spectre variant 2 for bhyve on AMD64 has also been committed\nThe latest information is always available on the FreeBSD Wiki\n***\n\n\nSome thoughts on Spectre and Meltdown\n\n\nColin Percival breaks down how these vulnerabilities work, with same nice analogies\nWhat is a side channel:\n\n\n\nI want to know when my girlfriend's passport expires, but she won't show me her passport (she complains that it has a horrible photo) and refuses to tell me the expiry date. I tell her that I'm going to take her to Europe on vacation in August and watch what happens: If she runs out to renew her passport, I know that it will expire before August; while if she doesn't get her passport renewed, I know that it will remain valid beyond that date. Her desire to ensure that her passport would be valid inadvertently revealed to me some information: Whether its expiry date was before or after August.\n\n\n\nSpectre Variant 1: \n\n\n\nI tell my girlfriend that I'm going to take her on vacation in June, but I don't tell her where yet; however, she knows that it will either be somewhere within Canada (for which she doesn't need a passport, since we live in Vancouver) or somewhere in Europe. She knows that it takes time to get a passport renewed, so she checks her passport and (if it was about to expire) gets it renewed just in case I later reveal that I'm going to take her to Europe. If I tell her later that I'm only taking her to Ottawa — well, she didn't need to renew her passport after all, but in the meantime her behaviour has already revealed to me whether her passport was about to expire. This is what Google refers to \"variant 1\" of the Spectre vulnerability: Even though she didn't need her passport, she made sure it was still valid just in case she was going to need it.\n\n\n\nSpectre Variant 2:\n\n\n\nI spend a week talking about how Oxford is a wonderful place to visit and I really enjoyed the years I spent there, and then I tell her that I want to take her on vacation. She very reasonably assumes that — since I've been talking about Oxford so much — I must be planning on taking her to England, and runs off to check her passport and potentially renew it... but in fact I tricked her and I'm only planning on taking her to Ottawa.\n\n\n\nMeltdown:\n\n\n\nI tell my girlfriend that I want to take her to the Korean peninsula. She knows that her passport is valid for long enough; but she immediately runs off to check that her North Korean visa hasn't expired. Why does she have a North Korean visa, you ask? Good question. She doesn't — but she runs off to check its expiry date anyway! Because she doesn't have a North Korean visa, she (somehow) checks the expiry date on someone else's North Korean visa, and then (if it is about to expire) runs out to renew it — and so by telling her that I want to take her to Korea for a vacation I find out something she couldn't have told me even if she wanted to.\nFinal thoughts on vulnerability disclosure\nThe way these issues were handled was a mess; frankly, I expected better of Google, I expected better of Intel, and I expected better of the Linux community. When I found that Hyper-Threading was easily exploitable, I spent five months notifying the security community and preparing everyone for my announcement of the vulnerability; but when the embargo ended at midnight UTC and FreeBSD published its advisory a few minutes later, the broader world was taken entirely by surprise. Nobody knew what was coming aside from the people who needed to know; and the people who needed to know had months of warning.\nContrast that with what happened this time around. Google discovered a problem and reported it to Intel, AMD, and ARM on June 1st. Did they then go around contacting all of the operating systems which would need to work on fixes for this? Not even close. FreeBSD was notified the week before Christmas, over six months after the vulnerabilities were discovered. Now, FreeBSD can occasionally respond very quickly to security vulnerabilities, even when they arise at inconvenient times — on November 30th 2009 a vulnerability was reported at 22:12 UTC, and on December 1st I provided a patch at 01:20 UTC, barely over 3 hours later — but that was an extremely simple bug which needed only a few lines of code to fix; the Spectre and Meltdown issues are orders of magnitude more complex.\nTo make things worse, the Linux community was notified and couldn't keep their mouths shut. Standard practice for multi-vendor advisories like this is that an embargo date is set, and nobody does anything publicly prior to that date. People don't publish advisories; they don't commit patches into their public source code repositories; and they definitely don't engage in arguments on public mailing lists about whether the patches are needed for different CPUs. As a result, despite an embargo date being set for January 9th, by January 4th anyone who cared knew about the issues and there was code being passed around on Twitter for exploiting them.\nThis is not the first time I've seen people get sloppy with embargoes recently, but it's by far the worst case. As an industry we pride ourselves on the concept of responsible disclosure — ensuring that people are notified in time to prepare fixes before an issue is disclosed publicly — but in this case there was far too much disclosure and nowhere near enough responsibility. We can do better, and I sincerely hope that next time we do.\n\n\n\n\nCPU microcode update code for amd64\n\n\n\n\nPatrick Wildt (patrick@) recently committed some code that will update the Intel microcode on many Intel CPUs, a diff initially written by Stefan Fritsch (sf@). The microcode of your CPU is basically the firmware that runs on your (Intel) processor, defining its instruction set in terms of so called \"microinstructions\". The new code depends, of course, on the corresponding firmware package, ported by Patrick which can be installed using a very recent fw_update(1). Of course, this all plays into the recently revealed problems in Intel (and other) CPUs, Meltdown and Spectre.\nNow Theo has explained the workings of the code on openbsd-tech, detailing some of the challenges in updating microcode on CPUs where your OS is already starting to run.\nTheo hints at future updates to the intel-firmware package in his mail:\n\n\n\nPatrick and others committed amd64 Intel cpu microcode update code over the last few days.  The approach isn't perfect, but it is good enough for a start.  I want to explain the situation.\nWhen you fw_update, you'll get the firmware files.\nUpon a reboot, it will attempt to update the microcode on your cpus.\nMaybe there isn't a new microcode.  Maybe your BIOS has a copy of the microcode and installs it before booting OpenBSD.\nThis firmware installation is done a little late.  Doing it better will require some work in the bootblocks to find the firmware files, but time is a bit short to do that right now.\nThe branch-target-cache flushing features added in new microcode are not being used yet.  There is more code which has to be written, but again other work is happening first.\nAlso, Intel is saying their new microcodes sucks and people should wait a little.\n\"Hi, my name is Intel and I'm an cheating speculator\".\n\n\n\nSeveral developers are working on mitigations for these issues, attacking the problem from several angles. Expect to see more updates to a CVS tree near you soon.\n\n\n\n\nIntel: as a *BSD user, I am fucking pissed!\n\n\nI wasn’t going to write anything on the recently found x64 architecture – related bugs. I’m not a kernel developer nor even a programmer and I can’t say that I have a solid understanding of what Meltdown and Spectre attacks are. Also there already is a ton of articles and posts written by people who have no grasp of the subject.\nI’m however a malcontent and I find this a good way to express my feelings:\n\nIntel: as a *BSD user, I am fucking pissed!\n\n\n\nMeltdown, Spectre and BSD – the “pissed” part\n\n\n\nPart of my work is UNIX-like systems administration – including BSDs and Linuces. As much as I am happy with Linux changes already made, I am beyond pissed about how the BSDs were handled by Intel – because they were not. FreeBSD Security Team received some heads-up just before Xmas, while OpenBSD, NetBSD and DragonflyBSD teams received no prior warnings.\n\nMeltdown and Spectre attacks are hard to perform. It is a hard work to mitigate them in the software, as the bugs lay in the CPUs and are not fixable by microcode updates. Developers are trying to mitigate these bugs in a way that will deliver smallest performance losses. A lot of time consuming work is needed to fix CPU vendors’ mistakes. Linux developers had this time. BSD developers did not.\n\n\n\nBSD user base too small?\n\n\n\nBSD user base is small in comparison to Linux. Seems that it’s too small for Intel. PlayStation4 consoles are FreeBSD-based (and use AMD CPUs) but I think it’s safe to say that gaming devices are not the most important systems to be fixed. Netflix serves their content off FreeBSD but the bugs are not remotely exploitable (possibly not including JavaScript, but it’s running someone’s code locally) so there’s probably not much harm to be done here either.\nHowever gamers and Netflix aren’t the only ones who use *BSD systems. I’d say that there is more than a few FreeBSD, NetBSD, OpenBSD and DragonFlyBSD servers on the internet.\n\nIn March 2017, Intel promised “more timely support to FreeBSD”. They knew about flaws in their CPUs in June and decided that a timely manner is the end of December – short before the embargo was to be lifted.\n\nIntel and Google (probably Intel more): it was your job to pick the correct people to whom the bugs can be disclosed. In my humble opinion you chose poorly by disclosing these issues with ONLY Apple, Microsoft, and the Linux Foundation, of OS vendors. You did much harm to the BSD community.\n\nIntel: It’s your bugs. And you offered “more support” to the FreeBSD Foundation less than 3 months prior to being informed (my guess is that you knew much earlier) on the flaws in YOUR products. I don’t want to write more here as the wording would be too strong.\n\n\n\n\nInterview - Viewer Questions\n\n\nThese days, do you consider yourself more of an programmer or a sysadmin? Which one do you enjoy more?\nDoes FreeBSD/BSD enable your business or would another OS suit your needs just as well?\nYou’ve hinted that you use FreeBSD as part of your business. Can you elaborate on that and give some technical detail on how it’s used in that environment?\nIf you were allowed three wishes for anything at all to be implemented or changed in ZFS, what would they be, and why?\n\n\nPer Dataset throughput and IOPS limiting\nPer-File Cloning and/or zfsmv (move a file from one dataset to another, without copying)\nCluster support\n\nAllan, you have previously mentioned that you have worked on FreeBSD on MIPS, what made you choose the Onion Omega over something like the Raspberry Pi?\nWhat is BSD Now’s association with Jupiter broadcasting, and how did the relationship come to be? Jupiter seems to be associated with several Linux-themed podcasts, and I’m wondering how and why BSD Now joined Jupiter. The two communities (the Linuxes and BSDs) don’t always seem to mix freely -- or do they?\nWhat kind of keyboard is that? Have you ever tried an ErgoDox? The ErgoDox EZ is made by a Canadian.\nYou mentioned when doing one of your talks on UCL for FreeBSD that you had only recently learned C. I am also aware of your history also on contributing to the FreeBSD handbook and to documentation in general. Given you started with C relatively recently, what made you want to learn it, how quickly did you pick it up, and is it your favourite language? It is most inspiring to me, as you are clearly so talented, and of all the languages I have learned (including C++), I still prefer C in my heart of hearts. I'd be really interested to hear your answer, many thanks.\n***\n\n\nNews Roundup\n\nLinuxAndUbuntu Review Of TrueOS A Unix Based OS\n\n\nTrust me, the name TrueOS takes me back to 1990s when Tru64 UNIX operating system made its presence. TrueOS is PC-BSD’s new unified brand built upon FreeBSD-CURRENT code base. Note that TrueOS is not a Linux distro but is BSD Unix. FreeBSD is known for its cutting-edge features, security, scalability, and ability to work both as a server and desktop operating system.  TrueOS aims at having user-friendliness with the power of FreeBSD OS. Let us start with going into details of different aspects of the TrueOS.\n\n\n\nTrueOS History\n?\n\n\nTrueOS was founded by Kris Moore in 2005 with name PC-BSD.  Initial version focused to make FreeBSD easy to use starting with providing GUI based installer (to relatively complicated FreeBSD installer). In the year 2006, PC-BSD was acquired by iXsystems. Before rebranding as TrueOS in Sept 2016, PC-BSD reached a stage starting considering better than vanilla FreeBSD.  Older PC-BSD version used to support both x86 and x86-64 architecture.\nKris Moore, the developer founder, says about rebranding: “We’ve already been using TrueOS for the server side of PC-BSD, and it made sense to unify the names. PC-BSD doesn’t reflect server or embedded well. TrueOS Desktop/Server/Embedded can be real products, avoids some of the alphabet soup, and gives us a more catchy name.”\n\nTrueOS First Impression\n?\n\n\nThe startup is little longer; may be due to starting up of many services.  The heavy KDE well suited to PC-BSD.  The C++/Qt5 based Lumina desktop environment is light and fast.  The Lumina offers an easy way to configure menu and panels.  I did not face any problems for continuous use of two weeks on a virtual machine having the minimal configuration: 1 GB RAM, 20 GB hard disk and Intel 3.06 GHz i3 processor. The Lumina desktop is light and fast. The developers of Lumina know what they are doing and have a good idea of what makes a good IDE.  As it happens with any new desktop environment, it needs some time to settle.  Let us hope that they keep to the path they are on with it.\n\nConclusion\n?\n\n\nThe TrueOS is impressive when consider it as relatively young.  It is a daring step that TrueOS developers took FreeBSD Current rather than FreeBSD Stable code base. Overall it has created its own place from the legacy shadow of PC-BSD.  Starting with easy installation TrueOS is a good combination of software and utilities that make the system ready to use. Go and get a TrueOS ISO to unleash the “bleeding edge” tag of FreeBSD\n\n\n\n\n\nThinkpad x240 - FreeBSD Setup\n\n\nWhat follows is a record of how I set up FreeBSD to be my daily driver OS on the Lenovo Thinkpad X240. Everything seems to work great. Although, the touchpad needs some tweaking. I've tried several configurations, even recompiling Xorg with EVDEV support and all that, to no avail. Eventually I will figure it out. Do not sleep the laptop from the command line. Do it from within Xorg, or it will not wake up. I don't know why. You can do it from a terminal within Xorg, just not from the naked command line without Xorg started. It also will not sleep by closing the lid. I included a sudo config that allows you to run /usr/sbin/zzz without a password, so what I do is I have a key combo assigned within i3wm to run \"sudo /usr/sbin/zzz\". It works fine this way.\n\nI go into detail when it comes to setting up Xorg with i3wm. You can skip this if you want, but if you've never used a tiling window manager, it will handle screen real estate very efficiently on a laptop with a 12.5-inch screen and a touchpad.\n\nFirst, download the amd64 image for 11.1-RELEASE and flash it to a USB pen drive. For the Unices, use this:\n\n\n# dd if=FreeBSD-11.1-RELEASE-amd64-memstick.img of=/dev/da0 bs=1M conv=sync\n\n\nObviously, you'll change /dev/da0 to whatever the USB pen drive is assigned. Plug it in, check dmesg.\n\nLeave it plugged in, restart the laptop. When prompted, tap Enter to halt the boot process, then F12 to select a bootable device. Choose the USB drive.\n\nI won't go through the actual install process, but it is pretty damn easy so just look at a guide or two and you'll be fine. If you can install Debian, you can install FreeBSD. I will, however, recommend ZFS if you have over 4GB of RAM (my particular variant of the X240 has 8GB of RAM, so yours should have at least 4GB), along with an encrypted disk, and an encrypted SWAP partition. When prompted to add an additional user, and you get to the question where it asks for additional groups, please make sure you add the user to \"wheel\". The rest should be self-explanatory during the install.\n\nNow for the good shit. You just booted into a fresh FreeBSD install. Now what? Well, time to fire up vi and open some config files...\n\n\n\n\nCNN Article about CDROM.com and FreeBSD, from 1999\n\n\nWalnut Creek CDROM sells a lot of CD-ROMs, but it gives away even more data. Specifically, anyone who has Internet access is free to log into wcarchive (ftp.cdrom.com) and start downloading bits.\nEven with a good Internet connection, however, you should expect to be at it for a while. At the present time, wcarchive resides on half a terabyte (500 GB) of RAID 5-disk storage. Even if your 56-Kbps modem can deliver seven kilobytes per second, downloading the complete archive would take you 70 million seconds. Even then, some of the files would be more than two years out of date, so a bit of \"back and fill\" would be needed.\nOf course, nobody uses wcarchive that way. Instead, they just drop in when they need the odd file or two. The FTP server is very accommodating; 3,600 simultaneous download sessions is the current limit and an upgrade to 10,000 sessions is in the works.\nThis translates to about 800 GB per day of downloads. Bob Bruce (Walnut Creek's founder) says he's thinking about issuing a press release when they reach a terabyte a day. But 800 GB isn't all that shabby....\n\n\n\nThe hardware\n\n\n\nBecause FTP archives don't do a lot of thinking, wcarchive doesn't need a massive cluster of CPUs. In fact, it gets by with a single 200-MHz P6 Pentium Pro and a measly(!) 1 GB of RAM. The I/O support, however, is fairly impressive.\nA six-channel Mylex RAID controller (DAC960SXI; Ultra-Wide SCSI-SCSI) is the centerpiece of the I/O subsystem. Two channels link it to the PC (\"Personal Computer\"!?!), via a dual-channel Adaptec card (AHA-3940AUW; PCI to Ultra-Wide SCSI). An 256-MB internal cache helps it to eliminate recurring disk accesses.\nFour nine-drive disk arrays provide the actual storage. The two larger arrays use 18-GB IBM drives; the two smaller arrays use 9-GB Micropolis and Quantum drives. A separate 4-GB Quantum drive is used as the \"system disk.\"\nThe output side is handled by a single Intel 100Base-T controller (Pro/100B PCI), which feeds into the Internet through a number of shared DS3 (45 Mbps) and OC3 (155 Mbps) circuits.\nA detailed description of the system is available as ftp.cdrom.com/archive-info/configuration;\n\n\n\nThe software\n\n\n\nThe system software is rather prosaic: a copy of FreeBSD, supplemented by home-grown FTP mirroring and server code. Because of the massive hardware support, the software \"only\" needs to keep the I/O going in an efficient and reliable manner.\nFreeBSD, the \"prosaic\" operating system mentioned above, merits a bit more discussion. Like Linux, FreeBSD is open source. Anyone can examine, modify, and/or redistribute the source code. And, like Linux, an active user community helps the authors to find bugs, improve documentation, and generally support the OS.\nUnlike Linux, FreeBSD is derived from the Berkeley Unix code that forms the foundation for most commercial Unix variants. When you use the \"fast file system\" (cylinder groups, long file names, symbolic links, etc.), TCP/IP networking, termcap, or even vi, you are using Berkeley Unix additions.\nThe version of BSD underlying FreeBSD, however, is \"pure\" BSD; don't look for the System V modifications you see in Solaris. Instead, think of it as SunOS, brought up to date with Kerberos, modern sendmail, an updated filesystem, and more. Solid, fast, and free!\nOne of FreeBSD's finest innovations, the Ports Collection, makes FreeBSD a delight for open source application users. The Ports Collection automates the downloading, building, and installation (including de-installation) of 2,300+ open source packages.\n\n\n\nThe company\n\n\n\nWalnut Creek CDROM has been around for several years now, so you are likely to be familiar with its offerings. You may not realize, however, that it provides the major financial support for FreeBSD.\nThe FreeBSD support has two purposes. First, it provides the company with a solid base to run wcarchive and other massive projects. Second, it ties in with the company's mission of making software (and data) economically accessible.\nBob Bruce, the firm's founder, is an interesting guy: laid back and somewhat conservative in manner, but productive and innovative in practice. Here is a possibly illustrative story.\nWhen Bob started selling CD-ROMs, disc caddies were selling for $15 each. Bob thought that was rather high, so he started investigating the marketplace. A long-distance call to Japan got him Sony's fax number; a series of faxes got him in touch with the salespeople.\nIt turned out that caddies were available, in bulk, for only a few dollars each. Bulk, in this case, meant pallet-loads of 10,000 caddies. In an act of great faith, Bob purchased a pallet of caddies, then proceeded to sell them for five dollars each.\nThe results were everything he might have wished. Folks who bought his CD-ROMs added caddies to their orders; folks who bought piles of caddies added in a disc or two. Either way, Walnut Creek CDROM was making a name for itself.\nMany pallet-loads later, the company is still selling caddies, making and distributing CD-ROMs, and giving away bits. Walnut Creek CDROM is a real open-source success story; its breadth and depth of offerings is well worth a look.\n\n\n\n\nBeastie Bits\n\n\nOpenBSD adds kqueue event support to DRM, to detect device changes like HDMI cables being plugged in, and trigger randr events\nThesis describing QUAD3, a unix-like, multi-tasking operating system for the 6502 processor \nWindows is getting chmod and chown...\nTimeline: How they kept Meltdown and Spectre secret for so long \nbsd.network is a *BSD-themed Mastodon Instance: Peter Hessler is administering a new Mastodon instance, running in an OpenBSD VM on top of an OpenBSD vmm hypervisor\nComputer-Aided Instruction on UNIX\nAsiaBSDCon 2018 Travel Grant Application Now Open\nAsiaBSDCon 2018 FreeBSD Developers Summit Call for Proposals\nLinuxFest Northwest 2018 Call for Proposals\n\n\n\n\nFeedback/Questions\n\n\nJason - Dont break my ports\nWilyarti - show content https://clinetworking.wordpress.com/2017/12/08/data-de-duplication-file-diff-ing-and-s3-style-object-storage-using-digital-ocean-spaces\nScott - Your show is Perfect!\nKen - Community Culture\n\n\n","content_html":"\u003cp\u003eWe provide you with updates to Spectre and Meltdown from various BSD projects, a review of TrueOS from Linux, how to set up FreeBSD on ThinkPad x240, and a whole bunch of beastie bits.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=328083\" rel=\"nofollow\"\u003eKPTI patch lands in FreeBSD -current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a heroic effort by Konstantin Belousov \u003ca href=\"mailto:kib@FreeBSD.org\" rel=\"nofollow\"\u003ekib@FreeBSD.org\u003c/a\u003e, the first meltdown patch has landed in FreeBSD\u003c/li\u003e\n\u003cli\u003eThis creates separate page tables for the Kernel and userland, and switches between them when executions enters the kernel, and when it returns to userland\u003c/li\u003e\n\u003cli\u003eIt is currently off by default, but you are encouraged to test it, so it can be merged back to the release branches. Set vm.pmap.pti=1 in /boot/loader.conf\u003c/li\u003e\n\u003cli\u003eThe existing implementation of PCID (process-context identifiers), is not compatible with the new PTI code, and is disabled when PTI is enabled, decreasing performance. A future patch will use PCID in a way that is compatible with PTI.\u003c/li\u003e\n\u003cli\u003ePCID allows the OS to annotate memory mappings to specific processes, so that they can be flushed selectively, and so that they are only used when in the context of that application.\u003c/li\u003e\n\u003cli\u003eOnce the developers are relatively confident in the correctness of the code that has landed in -current, it will be ported back to FreeBSD 10 and 11, and released as a security advisory.\u003c/li\u003e\n\u003cli\u003eApparently porting back to FreeBSD 11 only has some relatively simple merge conflicts, but 10 will be more work.\u003c/li\u003e\n\u003cli\u003eFormer FreeBSD Security Officer Dag-Erling Smørgrav has created a \u003ca href=\"https://github.com/dag-erling/meltdown\" rel=\"nofollow\"\u003emeltdown testing and PoC tool\u003c/a\u003e that you can use to check your system. It is not finished yet, and doesn’t seem to work with newer processors (haswell and newer).\u003c/li\u003e\n\u003cli\u003eThe first partial \u003ca href=\"https://svnweb.freebsd.org/changeset/base/328011\" rel=\"nofollow\"\u003emitigation for Spectre variant 2\u003c/a\u003e for bhyve on AMD64 has also been committed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/action/edit/SpeculativeExecutionVulnerabilities\" rel=\"nofollow\"\u003eThe latest information is always available on the FreeBSD Wiki\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2018-01-17-some-thoughts-on-spectre-and-meltdown.html\" rel=\"nofollow\"\u003eSome thoughts on Spectre and Meltdown\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin Percival breaks down how these vulnerabilities work, with same nice analogies\u003c/li\u003e\n\u003cli\u003eWhat is a side channel:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI want to know when my girlfriend\u0026#39;s passport expires, but she won\u0026#39;t show me her passport (she complains that it has a horrible photo) and refuses to tell me the expiry date. I tell her that I\u0026#39;m going to take her to Europe on vacation in August and watch what happens: If she runs out to renew her passport, I know that it will expire before August; while if she doesn\u0026#39;t get her passport renewed, I know that it will remain valid beyond that date. Her desire to ensure that her passport would be valid inadvertently revealed to me some information: Whether its expiry date was before or after August.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpectre Variant 1: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI tell my girlfriend that I\u0026#39;m going to take her on vacation in June, but I don\u0026#39;t tell her where yet; however, she knows that it will either be somewhere within Canada (for which she doesn\u0026#39;t need a passport, since we live in Vancouver) or somewhere in Europe. She knows that it takes time to get a passport renewed, so she checks her passport and (if it was about to expire) gets it renewed just in case I later reveal that I\u0026#39;m going to take her to Europe. If I tell her later that I\u0026#39;m only taking her to Ottawa — well, she didn\u0026#39;t need to renew her passport after all, but in the meantime her behaviour has already revealed to me whether her passport was about to expire. This is what Google refers to \u0026quot;variant 1\u0026quot; of the Spectre vulnerability: Even though she didn\u0026#39;t need her passport, she made sure it was still valid just in case she was going to need it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpectre Variant 2:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI spend a week talking about how Oxford is a wonderful place to visit and I really enjoyed the years I spent there, and then I tell her that I want to take her on vacation. She very reasonably assumes that — since I\u0026#39;ve been talking about Oxford so much — I must be planning on taking her to England, and runs off to check her passport and potentially renew it... but in fact I tricked her and I\u0026#39;m only planning on taking her to Ottawa.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeltdown:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI tell my girlfriend that I want to take her to the Korean peninsula. She knows that her passport is valid for long enough; but she immediately runs off to check that her North Korean visa hasn\u0026#39;t expired. Why does she have a North Korean visa, you ask? Good question. She doesn\u0026#39;t — but she runs off to check its expiry date anyway! Because she doesn\u0026#39;t have a North Korean visa, she (somehow) checks the expiry date on someone else\u0026#39;s North Korean visa, and then (if it is about to expire) runs out to renew it — and so by telling her that I want to take her to Korea for a vacation I find out something she couldn\u0026#39;t have told me even if she wanted to.\u003cbr\u003e\nFinal thoughts on vulnerability disclosure\u003cbr\u003e\nThe way these issues were handled was a mess; frankly, I expected better of Google, I expected better of Intel, and I expected better of the Linux community. When I found that Hyper-Threading was easily exploitable, I spent five months notifying the security community and preparing everyone for my announcement of the vulnerability; but when the embargo ended at midnight UTC and FreeBSD published its advisory a few minutes later, the broader world was taken entirely by surprise. Nobody knew what was coming aside from the people who needed to know; and the people who needed to know had months of warning.\u003cbr\u003e\nContrast that with what happened this time around. Google discovered a problem and reported it to Intel, AMD, and ARM on June 1st. Did they then go around contacting all of the operating systems which would need to work on fixes for this? Not even close. FreeBSD was notified the week before Christmas, over six months after the vulnerabilities were discovered. Now, FreeBSD can occasionally respond very quickly to security vulnerabilities, even when they arise at inconvenient times — on November 30th 2009 a vulnerability was reported at 22:12 UTC, and on December 1st I provided a patch at 01:20 UTC, barely over 3 hours later — but that was an extremely simple bug which needed only a few lines of code to fix; the Spectre and Meltdown issues are orders of magnitude more complex.\u003cbr\u003e\nTo make things worse, the Linux community was notified and couldn\u0026#39;t keep their mouths shut. Standard practice for multi-vendor advisories like this is that an embargo date is set, and \u003cstrong\u003enobody does anything publicly prior to that date\u003c/strong\u003e. People don\u0026#39;t publish advisories; they don\u0026#39;t commit patches into their public source code repositories; and they definitely don\u0026#39;t engage in arguments on public mailing lists about whether the patches are needed for different CPUs. As a result, despite an embargo date being set for January 9th, by January 4th anyone who cared knew about the issues and there was code being passed around on Twitter for exploiting them.\u003cbr\u003e\nThis is not the first time I\u0026#39;ve seen people get sloppy with embargoes recently, but it\u0026#39;s by far the worst case. As an industry we pride ourselves on the concept of responsible disclosure — ensuring that people are notified in time to prepare fixes before an issue is disclosed publicly — but in this case there was far too much disclosure and nowhere near enough responsibility. We can do better, and I sincerely hope that next time we do.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180115073406\" rel=\"nofollow\"\u003eCPU microcode update code for amd64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=151588857304763\u0026w=2\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePatrick Wildt (patrick@) recently committed some code that will update the Intel microcode on many Intel CPUs, a diff initially written by Stefan Fritsch (sf@). The microcode of your CPU is basically the firmware that runs on your (Intel) processor, defining its instruction set in terms of so called \u0026quot;microinstructions\u0026quot;. The new code depends, of course, on the corresponding firmware package, ported by Patrick which can be installed using a very recent fw_update(1). Of course, this all plays into the recently revealed problems in Intel (and other) CPUs, Meltdown and Spectre.\u003c/li\u003e\n\u003cli\u003eNow Theo has explained the workings of the code on openbsd-tech, detailing some of the challenges in updating microcode on CPUs where your OS is already starting to run.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=151588857304763\u0026w=2\" rel=\"nofollow\"\u003eTheo hints at future updates to the intel-firmware package in his mail:\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePatrick and others committed amd64 Intel cpu microcode update code over the last few days.  The approach isn\u0026#39;t perfect, but it is good enough for a start.  I want to explain the situation.\u003cbr\u003e\nWhen you fw_update, you\u0026#39;ll get the firmware files.\u003cbr\u003e\nUpon a reboot, it will attempt to update the microcode on your cpus.\u003cbr\u003e\nMaybe there isn\u0026#39;t a new microcode.  Maybe your BIOS has a copy of the microcode and installs it before booting OpenBSD.\u003cbr\u003e\nThis firmware installation is done a little late.  Doing it better will require some work in the bootblocks to find the firmware files, but time is a bit short to do that right now.\u003cbr\u003e\nThe branch-target-cache flushing features added in new microcode are not being used yet.  There is more code which has to be written, but again other work is happening first.\u003cbr\u003e\nAlso, Intel is saying their new microcodes sucks and people should wait a little.\u003cbr\u003e\n\u0026quot;Hi, my name is Intel and I\u0026#39;m an cheating speculator\u0026quot;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeveral developers are working on mitigations for these issues, attacking the problem from several angles. Expect to see more updates to a CVS tree near you soon.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://malcont.net/2018/01/dont-like-meltdown-spectre-releated-bugs-handled/\" rel=\"nofollow\"\u003eIntel: as a *BSD user, I am fucking pissed!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI wasn’t going to write anything on the recently found x64 architecture – related bugs. I’m not a kernel developer nor even a programmer and I can’t say that I have a solid understanding of what Meltdown and Spectre attacks are. Also there already is a ton of articles and posts written by people who have no grasp of the subject.\u003cbr\u003e\nI’m however a malcontent and I find this a good way to express my feelings:\u003c/p\u003e\n\n\u003cp\u003eIntel: as a *BSD user, I am fucking pissed!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeltdown, Spectre and BSD – the “pissed” part\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePart of my work is UNIX-like systems administration – including BSDs and Linuces. As much as I am happy with Linux changes already made, I am beyond pissed about how the BSDs were handled by Intel – because they were not. FreeBSD Security Team received some heads-up just before Xmas, while OpenBSD, NetBSD and DragonflyBSD teams received no prior warnings.\u003c/p\u003e\n\n\u003cp\u003eMeltdown and Spectre attacks are hard to perform. It is a hard work to mitigate them in the software, as the bugs lay in the CPUs and are not fixable by microcode updates. Developers are trying to mitigate these bugs in a way that will deliver smallest performance losses. A lot of time consuming work is needed to fix CPU vendors’ mistakes. Linux developers had this time. BSD developers did not.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD user base too small?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBSD user base is small in comparison to Linux. Seems that it’s too small for Intel. PlayStation4 consoles are FreeBSD-based (and use AMD CPUs) but I think it’s safe to say that gaming devices are not the most important systems to be fixed. Netflix serves their content off FreeBSD but the bugs are not remotely exploitable (possibly not including JavaScript, but it’s running someone’s code locally) so there’s probably not much harm to be done here either.\u003cbr\u003e\nHowever gamers and Netflix aren’t the only ones who use *BSD systems. I’d say that there is more than a few FreeBSD, NetBSD, OpenBSD and DragonFlyBSD servers on the internet.\u003c/p\u003e\n\n\u003cp\u003eIn March 2017, Intel promised “more timely support to FreeBSD”. They knew about flaws in their CPUs in June and decided that a timely manner is the end of December – short before the embargo was to be lifted.\u003c/p\u003e\n\n\u003cp\u003eIntel and Google (probably Intel more): it was your job to pick the correct people to whom the bugs can be disclosed. In my humble opinion you chose poorly by disclosing these issues with ONLY Apple, Microsoft, and the Linux Foundation, of OS vendors. You did much harm to the BSD community.\u003c/p\u003e\n\n\u003cp\u003eIntel: It’s your bugs. And you offered “more support” to the FreeBSD Foundation less than 3 months prior to being informed (my guess is that you knew much earlier) on the flaws in YOUR products. I don’t want to write more here as the wording would be too strong.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Viewer Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eThese days, do you consider yourself more of an programmer or a sysadmin? Which one do you enjoy more?\u003c/li\u003e\n\u003cli\u003eDoes FreeBSD/BSD enable your business or would another OS suit your needs just as well?\u003c/li\u003e\n\u003cli\u003eYou’ve hinted that you use FreeBSD as part of your business. Can you elaborate on that and give some technical detail on how it’s used in that environment?\u003c/li\u003e\n\u003cli\u003eIf you were allowed three wishes for anything at all to be implemented or changed in ZFS, what would they be, and why?\n\n\u003cul\u003e\n\u003cli\u003ePer Dataset throughput and IOPS limiting\u003c/li\u003e\n\u003cli\u003ePer-File Cloning and/or zfsmv (move a file from one dataset to another, without copying)\u003c/li\u003e\n\u003cli\u003eCluster support\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAllan, you have previously mentioned that you have worked on FreeBSD on MIPS, what made you choose the Onion Omega over something like the Raspberry Pi?\u003c/li\u003e\n\u003cli\u003eWhat is BSD Now’s association with Jupiter broadcasting, and how did the relationship come to be? Jupiter seems to be associated with several Linux-themed podcasts, and I’m wondering how and why BSD Now joined Jupiter. The two communities (the Linuxes and BSDs) don’t always seem to mix freely -- or do they?\u003c/li\u003e\n\u003cli\u003eWhat kind of keyboard is that? Have you ever tried an ErgoDox? The ErgoDox EZ is made by a Canadian.\u003c/li\u003e\n\u003cli\u003eYou mentioned when doing one of your talks on UCL for FreeBSD that you had only recently learned C. I am also aware of your history also on contributing to the FreeBSD handbook and to documentation in general. Given you started with C relatively recently, what made you want to learn it, how quickly did you pick it up, and is it your favourite language? It is most inspiring to me, as you are clearly so talented, and of all the languages I have learned (including C++), I still prefer C in my heart of hearts. I\u0026#39;d be really interested to hear your answer, many thanks.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.linuxandubuntu.com/home/linuxandubuntu-review-of-trueos-a-unix-based-os\" rel=\"nofollow\"\u003eLinuxAndUbuntu Review Of TrueOS A Unix Based OS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrust me, the name TrueOS takes me back to 1990s when Tru64 UNIX operating system made its presence. TrueOS is PC-BSD’s new unified brand built upon FreeBSD-CURRENT code base. Note that TrueOS is not a Linux distro but is BSD Unix. FreeBSD is known for its cutting-edge features, security, scalability, and ability to work both as a server and desktop operating system.  TrueOS aims at having user-friendliness with the power of FreeBSD OS. Let us start with going into details of different aspects of the TrueOS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eTrueOS History\u003cbr\u003e\n?\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueOS was founded by Kris Moore in 2005 with name PC-BSD.  Initial version focused to make FreeBSD easy to use starting with providing GUI based installer (to relatively complicated FreeBSD installer). In the year 2006, PC-BSD was acquired by iXsystems. Before rebranding as TrueOS in Sept 2016, PC-BSD reached a stage starting considering better than vanilla FreeBSD.  Older PC-BSD version used to support both x86 and x86-64 architecture.\u003cbr\u003e\nKris Moore, the developer founder, says about rebranding: “We’ve already been using TrueOS for the server side of PC-BSD, and it made sense to unify the names. PC-BSD doesn’t reflect server or embedded well. TrueOS Desktop/Server/Embedded can be real products, avoids some of the alphabet soup, and gives us a more catchy name.”\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eTrueOS First Impression\u003cbr\u003e\n?\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe startup is little longer; may be due to starting up of many services.  The heavy KDE well suited to PC-BSD.  The C++/Qt5 based Lumina desktop environment is light and fast.  The Lumina offers an easy way to configure menu and panels.  I did not face any problems for continuous use of two weeks on a virtual machine having the minimal configuration: 1 GB RAM, 20 GB hard disk and Intel 3.06 GHz i3 processor. The Lumina desktop is light and fast. The developers of Lumina know what they are doing and have a good idea of what makes a good IDE.  As it happens with any new desktop environment, it needs some time to settle.  Let us hope that they keep to the path they are on with it.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eConclusion\u003cbr\u003e\n?\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe TrueOS is impressive when consider it as relatively young.  It is a daring step that TrueOS developers took FreeBSD Current rather than FreeBSD Stable code base. Overall it has created its own place from the legacy shadow of PC-BSD.  Starting with easy installation TrueOS is a good combination of software and utilities that make the system ready to use. Go and get a TrueOS ISO to unleash the “bleeding edge” tag of FreeBSD\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://stygix.org/nix/x240-freebsd.php\" rel=\"nofollow\"\u003eThinkpad x240 - FreeBSD Setup\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat follows is a record of how I set up FreeBSD to be my daily driver OS on the Lenovo Thinkpad X240. Everything seems to work great. Although, the touchpad needs some tweaking. I\u0026#39;ve tried several configurations, even recompiling Xorg with EVDEV support and all that, to no avail. Eventually I will figure it out. Do not sleep the laptop from the command line. Do it from within Xorg, or it will not wake up. I don\u0026#39;t know why. You can do it from a terminal within Xorg, just not from the naked command line without Xorg started. It also will not sleep by closing the lid. I included a sudo config that allows you to run /usr/sbin/zzz without a password, so what I do is I have a key combo assigned within i3wm to run \u0026quot;sudo /usr/sbin/zzz\u0026quot;. It works fine this way.\u003c/p\u003e\n\n\u003cp\u003eI go into detail when it comes to setting up Xorg with i3wm. You can skip this if you want, but if you\u0026#39;ve never used a tiling window manager, it will handle screen real estate very efficiently on a laptop with a 12.5-inch screen and a touchpad.\u003c/p\u003e\n\n\u003cp\u003eFirst, download the amd64 image for 11.1-RELEASE and flash it to a USB pen drive. For the Unices, use this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# dd if=FreeBSD-11.1-RELEASE-amd64-memstick.img of=/dev/da0 bs=1M conv=sync\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eObviously, you\u0026#39;ll change /dev/da0 to whatever the USB pen drive is assigned. Plug it in, check dmesg.\u003c/p\u003e\n\n\u003cp\u003eLeave it plugged in, restart the laptop. When prompted, tap Enter to halt the boot process, then F12 to select a bootable device. Choose the USB drive.\u003c/p\u003e\n\n\u003cp\u003eI won\u0026#39;t go through the actual install process, but it is pretty damn easy so just look at a guide or two and you\u0026#39;ll be fine. If you can install Debian, you can install FreeBSD. I will, however, recommend ZFS if you have over 4GB of RAM (my particular variant of the X240 has 8GB of RAM, so yours should have at least 4GB), along with an encrypted disk, and an encrypted SWAP partition. When prompted to add an additional user, and you get to the question where it asks for additional groups, please make sure you add the user to \u0026quot;wheel\u0026quot;. The rest should be self-explanatory during the install.\u003c/p\u003e\n\n\u003cp\u003eNow for the good shit. You just booted into a fresh FreeBSD install. Now what? Well, time to fire up vi and open some config files...\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cnn.com/TECH/computing/9904/08/cdrom.idg/index.html\" rel=\"nofollow\"\u003eCNN Article about CDROM.com and FreeBSD, from 1999\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWalnut Creek CDROM sells a lot of CD-ROMs, but it gives away even more data. Specifically, anyone who has Internet access is free to log into wcarchive (ftp.cdrom.com) and start downloading bits.\u003cbr\u003e\nEven with a good Internet connection, however, you should expect to be at it for a while. At the present time, wcarchive resides on half a terabyte (500 GB) of RAID 5-disk storage. Even if your 56-Kbps modem can deliver seven kilobytes per second, downloading the complete archive would take you 70 million seconds. Even then, some of the files would be more than two years out of date, so a bit of \u0026quot;back and fill\u0026quot; would be needed.\u003cbr\u003e\nOf course, nobody uses wcarchive that way. Instead, they just drop in when they need the odd file or two. The FTP server is very accommodating; 3,600 simultaneous download sessions is the current limit and an upgrade to 10,000 sessions is in the works.\u003cbr\u003e\nThis translates to about 800 GB per day of downloads. Bob Bruce (Walnut Creek\u0026#39;s founder) says he\u0026#39;s thinking about issuing a press release when they reach a terabyte a day. But 800 GB isn\u0026#39;t all that shabby....\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe hardware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBecause FTP archives don\u0026#39;t do a lot of thinking, wcarchive doesn\u0026#39;t need a massive cluster of CPUs. In fact, it gets by with a single 200-MHz P6 Pentium Pro and a measly(!) 1 GB of RAM. The I/O support, however, is fairly impressive.\u003cbr\u003e\nA six-channel Mylex RAID controller (DAC960SXI; Ultra-Wide SCSI-SCSI) is the centerpiece of the I/O subsystem. Two channels link it to the PC (\u0026quot;Personal Computer\u0026quot;!?!), via a dual-channel Adaptec card (AHA-3940AUW; PCI to Ultra-Wide SCSI). An 256-MB internal cache helps it to eliminate recurring disk accesses.\u003cbr\u003e\nFour nine-drive disk arrays provide the actual storage. The two larger arrays use 18-GB IBM drives; the two smaller arrays use 9-GB Micropolis and Quantum drives. A separate 4-GB Quantum drive is used as the \u0026quot;system disk.\u0026quot;\u003cbr\u003e\nThe output side is handled by a single Intel 100Base-T controller (Pro/100B PCI), which feeds into the Internet through a number of shared DS3 (45 Mbps) and OC3 (155 Mbps) circuits.\u003cbr\u003e\nA detailed description of the system is available as ftp.cdrom.com/archive-info/configuration;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe software\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe system software is rather prosaic: a copy of FreeBSD, supplemented by home-grown FTP mirroring and server code. Because of the massive hardware support, the software \u0026quot;only\u0026quot; needs to keep the I/O going in an efficient and reliable manner.\u003cbr\u003e\nFreeBSD, the \u0026quot;prosaic\u0026quot; operating system mentioned above, merits a bit more discussion. Like Linux, FreeBSD is open source. Anyone can examine, modify, and/or redistribute the source code. And, like Linux, an active user community helps the authors to find bugs, improve documentation, and generally support the OS.\u003cbr\u003e\nUnlike Linux, FreeBSD is derived from the Berkeley Unix code that forms the foundation for most commercial Unix variants. When you use the \u0026quot;fast file system\u0026quot; (cylinder groups, long file names, symbolic links, etc.), TCP/IP networking, termcap, or even vi, you are using Berkeley Unix additions.\u003cbr\u003e\nThe version of BSD underlying FreeBSD, however, is \u0026quot;pure\u0026quot; BSD; don\u0026#39;t look for the System V modifications you see in Solaris. Instead, think of it as SunOS, brought up to date with Kerberos, modern sendmail, an updated filesystem, and more. Solid, fast, and free!\u003cbr\u003e\nOne of FreeBSD\u0026#39;s finest innovations, the Ports Collection, makes FreeBSD a delight for open source application users. The Ports Collection automates the downloading, building, and installation (including de-installation) of 2,300+ open source packages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe company\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWalnut Creek CDROM has been around for several years now, so you are likely to be familiar with its offerings. You may not realize, however, that it provides the major financial support for FreeBSD.\u003cbr\u003e\nThe FreeBSD support has two purposes. First, it provides the company with a solid base to run wcarchive and other massive projects. Second, it ties in with the company\u0026#39;s mission of making software (and data) economically accessible.\u003cbr\u003e\nBob Bruce, the firm\u0026#39;s founder, is an interesting guy: laid back and somewhat conservative in manner, but productive and innovative in practice. Here is a possibly illustrative story.\u003cbr\u003e\nWhen Bob started selling CD-ROMs, disc caddies were selling for $15 each. Bob thought that was rather high, so he started investigating the marketplace. A long-distance call to Japan got him Sony\u0026#39;s fax number; a series of faxes got him in touch with the salespeople.\u003cbr\u003e\nIt turned out that caddies were available, in bulk, for only a few dollars each. Bulk, in this case, meant pallet-loads of 10,000 caddies. In an act of great faith, Bob purchased a pallet of caddies, then proceeded to sell them for five dollars each.\u003cbr\u003e\nThe results were everything he might have wished. Folks who bought his CD-ROMs added caddies to their orders; folks who bought piles of caddies added in a disc or two. Either way, Walnut Creek CDROM was making a name for itself.\u003cbr\u003e\nMany pallet-loads later, the company is still selling caddies, making and distributing CD-ROMs, and giving away bits. Walnut Creek CDROM is a real open-source success story; its breadth and depth of offerings is well worth a look.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openbsd/src/commit/b8584f4233dc11a328cd245a5843ec3d67462200\" rel=\"nofollow\"\u003eOpenBSD adds kqueue event support to DRM, to detect device changes like HDMI cables being plugged in, and trigger randr events\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://archive.org/details/AMultiTaskingOperatingSystemForMicrocomputers\" rel=\"nofollow\"\u003eThesis describing QUAD3, a unix-like, multi-tasking operating system for the 6502 processor \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blogs.msdn.microsoft.com/commandline/2018/01/12/chmod-chown-wsl-improvements/\" rel=\"nofollow\"\u003eWindows is getting chmod and chown...\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.theverge.com/platform/amp/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux\" rel=\"nofollow\"\u003eTimeline: How they kept Meltdown and Spectre secret for so long \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd.network/\" rel=\"nofollow\"\u003ebsd.network is a *BSD-themed Mastodon Instance\u003c/a\u003e: Peter Hessler is administering a new Mastodon instance, running in an OpenBSD VM on top of an OpenBSD vmm hypervisor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://virtuallyfun.com/wordpress/wp-content/uploads/2017/12/whfUb.pdf\" rel=\"nofollow\"\u003eComputer-Aided Instruction on UNIX\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/asiabsdcon-2018-travel-grant-application-now-open/\" rel=\"nofollow\"\u003eAsiaBSDCon 2018 Travel Grant Application Now Open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/asiabsdcon-2018-freebsd-developers-summit-call-for-proposals/\" rel=\"nofollow\"\u003eAsiaBSDCon 2018 FreeBSD Developers Summit Call for Proposals\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/linuxfest-northwest-2018-call-for-proposals/\" rel=\"nofollow\"\u003eLinuxFest Northwest 2018 Call for Proposals\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJason - \u003ca href=\"http://dpaste.com/05PRNG2\" rel=\"nofollow\"\u003eDont break my ports\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWilyarti - \u003ca href=\"http://dpaste.com/1BG8GZW\" rel=\"nofollow\"\u003eshow content\u003c/a\u003e \u003ca href=\"https://clinetworking.wordpress.com/2017/12/08/data-de-duplication-file-diff-ing-and-s3-style-object-storage-using-digital-ocean-spaces\" rel=\"nofollow\"\u003ehttps://clinetworking.wordpress.com/2017/12/08/data-de-duplication-file-diff-ing-and-s3-style-object-storage-using-digital-ocean-spaces\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eScott - \u003ca href=\"http://dpaste.com/0KER8YE#wrap\" rel=\"nofollow\"\u003eYour show is Perfect!\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eKen - \u003ca href=\"http://dpaste.com/0WT8285#wrap\" rel=\"nofollow\"\u003eCommunity Culture\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"We provide you with updates to Spectre and Meltdown from various BSD projects, a review of TrueOS from Linux, how to set up FreeBSD on ThinkPad x240, and a whole bunch of beastie bits.","date_published":"2018-01-24T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cb9ee437-7c5c-4e4c-99b2-4270ffbfbae2.mp3","mime_type":"audio/mpeg","size_in_bytes":84236980,"duration_in_seconds":7019}]},{"id":"73543d49-f8be-481c-b9ed-34ad42cc934e","title":"229: The Meltdown of Spectre","url":"https://www.bsdnow.tv/229","content_text":"We review Meltdown and Spectre responses from various BSD projects, show you how to run CentOS with bhyve, GhostBSD 11.1 is out, and we look at the case against the fork syscall.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMore Meltdown\n\n\nMuch has been happened this week, but before we get into a status update of the various mitigations on the other BSDs, some important updates:\n\n\nIntel has recalled the microcode update they issued on January 8th. It turns out this update can cause Haswell and Broadwell based systems to randomly reboot, with some frequency.\nAMD has confirmed that its processors are vulnerable to both variants of Spectre, and the the fix for variant #2 will require a forthcoming microcode update, in addition to OS level mitigations\nFujitsu has provided a status report for most of its products, including SPARC hardware\n\nThe Register of course has some commentary\n\n\n\nIf new code is needed, Intel will need to get it right: the company already faces numerous class action lawsuits. Data centre operators already scrambling to conduct unplanned maintenance will not be happy about the fix reducing stability.\nAMD has said that operating system patches alone will address the Spectre bounds check bypass bug. Fixing Spectre’s branch target injection flaw will require firmware fixes that AMD has said will start to arrive for Ryzen and EPYC CPUs this week.\nThe Register has also asked other server vendors how they’re addressing the bugs. Oracle has patched its Linux, but has told us it has “No comment/statement on this as of now” in response to our query about its x86 systems, x86 cloud, Linux and Solaris on x86. The no comment regarding Linux is odd as fixes for Oracle Linux landed here on January 9th.\nSPARC-using Fujitsu, meanwhile, has published advice (PDF) revealing how it will address the twin bugs in its servers and PCs, and also saying its SPARC systems are “under investigation”.\n\n\n\nResponse from OpenBSD:\n\n\n'Meltdown, aka \"Dear Intel, you suck\"'\n\n\nTheo de Raadt's response to Meltdown\nThat time in 2007 when Theo talked about how Intel x86 had major design problems in their chips\nOpenBSD gets a Microcode updater\nResponse from Dragonfly BSD:\nThe longer response in four commits\n\n\nOne\nTwo\nThree\nFour\n\nEven more Meltdown\nDragonflyBSD master now has full IBRS and IBPB support\n\n\nIBRS (Indirect Branch Restricted Speculation): The x86 IBRS feature requires corresponding microcode support. It mitigates the variant 2 vulnerability.\nIf IBRS is set, near returns and near indirect jumps/calls will not allow their predicted target address to be controlled by code that executed in a less privileged prediction mode before the IBRS mode was last written with a value of 1 or on another logical processor so long as all RSB entries from the previous less privileged prediction mode are overwritten.\nSpeculation on Skylake and later requires these patches (\"dynamic IBRS\") be used instead of retpoline.  If you are very paranoid or you run on a CPU where IBRS=1 is cheaper, you may also want to run in \"IBRS always\" mode.\nIBPB (Indirect Branch Prediction Barrier): Setting of IBPB ensures that earlier code's behavior does not control later indirect branch predictions.  It is used when context switching to new untrusted address space. Unlike IBRS, IBPB is a command MSR and does not retain its state.\n\nDragonFlyBSD's Meltdown Fix Causing More Slowdowns Than Linux\nNetBSD HOTPATCH()\nNetBSD SVS (Separate Virtual Space)\n\n\n\n\nRunning CentOS with Bhyve\n\n\nWith the addition of UEFI in FreeBSD (since version 11), users of bhyve can use the UEFI boot loader instead of the grub2-bhyve port for booting operating systems such as Microsoft Windows, Linux and OpenBSD. The following page provides information necessary for setting up bhyve with UEFI boot loader support:\nhttps://wiki.freebsd.org/bhyve/UEFI\nFeatures have been added to vmrun.sh to make it easier to setup the UEFI boot loader, but the following is required to install the UEFI firmware pkg:\n\n# pkg install -y uefi-edk2-bhyve\n\nWith graphical support, you can use a vnc client like tigervnc, which can be installed with the following command:\n\n# pkg install -y tigervnc\n\nIn the case of most corporate or government environments, the Linux of choice is RHEL, or CentOS. Utilizing bhyve, you can test and install CentOS in a bhyve VM the same way you would deploy a Linux VM in production. The first step is to download the CentOS iso (for this tutorial I used the CentOS minimal ISO): http://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1708.iso\n\nI normally use a ZFS Volume (zvol) when running bhyve VMs. Run the following commands to create a zvol (ensure you have enough disk space to perform these operations):\n\n# zfs create -V20G -o volmode=dev zroot/centos0\n\n\n\n(zroot in this case is the zpool I am using)\n\n\n\nSimilar to my previous post about vmrun.sh, you need certain items to be configured on FreeBSD in order to use bhyve. The following commands are necessary to get things running:\n\n# echo \"vfs.zfs.vol.mode=2\" \u0026gt;\u0026gt; /boot/loader.conf\n# kldload vmm\n# ifconfig tap0 create\n# sysctl net.link.tap.up_on_open=1\nnet.link.tap.up_on_open: 0 -\u0026gt; 1\n# ifconfig bridge0 create\n# ifconfig bridge0 addm em0 addm tap0\n# ifconfig bridge0 up\n\n\n\n\n(replace em0 with whatever your physical interface is).\n\n\n\nThere are a number of utilities that can be used to manage bhyve VMs, and I am sure there is a way to use vmrun.sh to run Linux VMs, but since all of the HowTos for running Linux use the bhyve command line, the following script is what I use for running CentOS with bhyve.\n\n#!/bin/sh\n#\n# General bhyve install/run script for CentOS\n# Based on scripts from pr1ntf and lattera \n\nHOST=\"127.0.0.1\" \nPORT=\"5901\"\nISO=\"/tmp/centos.iso\"\nVMNAME=\"centos\"\nZVOL=\"centos0\" \nSERIAL=\"nmda0A\"\nTAP=\"tap1\" \nCPU=\"1\"\nRAM=\"1024M\"\nHEIGHT=\"800\"\nWIDTH=\"600\"\n\nif [ \"$1\" == \"install\" ];\nthen \n\n#Kill it before starting it\nbhyvectl --destroy --vm=$VMNAME\n\nbhyve -c $CPU -m $RAM -H -P -A \\ \n-s 0,hostbridge \\\n-s 2,virtio-net,$TAP \\ \n-s 3,ahci-cd,$ISO \\\n-s 4,virtio-blk,/dev/zvol/zroot/$ZVOL \\\n-s 29,fbuf,tcp=$HOST:$PORT,w=$WIDTH,h=$HEIGHT \\ \n-s 30,xhci,tablet \\\n-s 31,lpc -l com1,/dev/$SERIAL \\ \n-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\\n$VMNAME\n\n#kill it after \nbhyvectl --destroy --vm=$VMNAME\n\nelif [ \"$1\" == \"run\" ];\nthen \n\n#Kill it before starting it\nbhyvectl --destroy --vm=centos \n\nbhyve -c $CPU -m $RAM -w -H \\\n-s 0,hostbridge \\\n-s 2,virtio-net,$TAP \\ \n-s 4,virtio-blk,/dev/zvol/zroot/$ZVOL \\\n-s 29,fbuf,tcp=$HOST:$PORT,w=$WIDTH,h=$HEIGHT \\ \n-s 30,xhci,tablet \\\n-s 31,lpc -l com1,/dev/$SERIAL \\ \n-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\\n$VMNAME \u0026amp;\n\nelse \necho \"Please type install or run\"; \nfi \n\n\nThe variables at the top of the script can be adjusted to fit your own needs. With the addition of the graphics output protocol in UEFI (or UEFI-GOP), a VNC console is launched and hosted with the HOST and PORT setting. There is a password option available for the VNC service, but the connection should be treated as insecure. It is advised to only listen on localhost with the VNC console and tunnel into the host of the bhyve VM. Now with the ISO copied to /tmp/centos.iso, and the script saved as centos.sh you can run the following command to start the install:\n\n# ./centos.sh install\n\nAt this point, using vncviewer (on the local machine, or over an SSH tunnel), you should be able to bring up the console and run the CentOS installer as normal. The absolutely most critical item is to resolve an issue with the booting of UEFI after the installation has completed. Because of the path used in bhyve, you need to run the following to be able to boot CentOS after the installation:\n\n\n# cp -f /mnt/sysimage/boot/efi/EFI/centos/grubx64.efi /mnt/sysimage/boot/efi/EFI/BOOT\n\n\nWith this setting changed, the same script can be used to launch your CentOS VM as needed:\n\n\n# ./centos.sh run\n\n\nIf you are interested in a better solution for managing your Linux VM, take a look at the various bhyve management ports in the FreeBSD ports tree.\n\n\n\n\nInterview - newnix architect - @newnix\n\nNews Roundup\n\nGhostBSD 11.1 - FreeBSD for the desktop\n\n\nGhostBSD is a desktop oriented operating system which is based on FreeBSD. The project takes the FreeBSD operating system and adds a desktop environment, some popular applications, a graphical package manager and Linux binary compatibility. GhostBSD is available in two flavours, MATE and Xfce, and is currently available for 64-bit x86 computers exclusively. I downloaded the MATE edition which is available as a 2.3GB ISO file. \n\n\n\nInstalling \n\n\n\nGhostBSD's system installer is a graphical application which begins by asking us for our preferred language, which we can select from a list. We can then select our keyboard's layout and our time zone. When it comes to partitioning we have three main options: let GhostBSD take over the entire disk using UFS as the file system, create a custom UFS layout or take over the entire disk using ZFS as the file system. UFS is a classic file system and quite popular, it is more or less FreeBSD's equivalent to Linux's ext4. ZFS is a more advanced file system with snapshots, multi-disk volumes and optional deduplication of data. I decided to try the ZFS option. \n\nOnce I selected ZFS I didn't have many more options to go through. I was given the chance to set the size of my swap space and choose whether to set up ZFS as a plain volume, with a mirrored disk for backup or in a RAID arrangement with multiple disks. I stayed with the plain, single disk arrangement. We are then asked to create a password for the root account and create a username and password for a regular user account. The installer lets us pick our account's shell with the default being fish, which seemed unusual. Other shells, including bash, csh, tcsh, ksh and zsh are available. The installer goes to work copying files and offers to reboot our computer when it is done. \n\n\n\nEarly impressions \n\n\n\nThe newly installed copy of GhostBSD boots to a graphical login screen where we can sign into the account we created during the install process. Signing into our account loads the MATE 1.18 desktop environment. I found MATE to be responsive and applications were quick to open. Early on I noticed odd window behaviour where windows would continue to slide around after I moved them with the mouse, as if the windows were skidding on ice. Turning off compositing in the MATE settings panel corrected this behaviour. I also found the desktop's default font (Montserrat Alternates) to be hard on my eyes as the font is thin and, for lack of a better term, bubbly. Fonts can be easily adjusted in the settings panel. \n\nA few minutes after I signed into my account, a notification appeared in the system tray letting me know software updates were available. Clicking the update icon brings up a small window showing us a list of package updates and, if any are available, updates to the base operating system. FreeBSD, and therefore GhostBSD, both separate the core operating system from the applications (packages) which run on the operating system. This means we can update the core of the system separately from the applications. GhostBSD's core remains relatively static and minimal while applications are updated using a semi-rolling schedule. \n\nWhen we are updating the core operating system, the update manager will give us the option of rebooting the system to finish the process. We can dismiss this prompt to continue working, but the wording of the prompt may be confusing. When asked if we want to reboot to continue the update process, the options presented to us are \"Continue\" or \"Restart\". The Continue option closes the update manager and returns us to the MATE desktop. \n\nThe update manager worked well for me and the only issue I ran into was when I dismissed the update manager and then wanted to install updates later. There are two launchers for the update manager, one in MATE's System menu and one in the settings panel. Clicking either of these launchers didn't accomplish anything. Running the update manager from the command line simply caused the process to lock up until killed. I found if I had dismissed the update manager once, I'd have to wait until I logged in again to use it. Alternatively, I could use a command line tool or use the OctoPkg package manager to install package updates. \n\n\n\nConclusions \n\n\n\nMost of my time with GhostBSD, I was impressed and happy with the operating system. GhostBSD builds on a solid, stable FreeBSD core. We benefit from FreeBSD's performance and its large collection of open source software packages. The MATE desktop was very responsive in my trial and the system is relatively light on memory, even when run on ZFS which has a reputation for taking up more memory than other file systems. \n\n\n\n\nFreeBSD Looks At Making Wayland Support Available By Default\n\n\nThere's an active discussion this week about making Wayland support available by default on FreeBSD. \n\nFreeBSD has working Wayland support -- well, assuming you have working Intel / Radeon graphics -- and do have Weston and some other Wayland components available via FreeBSD Ports. FreeBSD has offered working Wayland support that is \"quite usable\" for more than one year. But, it's not too easy to get going with Wayland on FreeBSD. \n\nRight now those FreeBSD desktop users wanting to use/develop with Wayland currently need to rebuild the GTK3 tool-kit, Mesa, and other packages with Wayland support enabled. This call for action now is about allowing the wayland=on to be made the default. \n\nThis move would then allow these dependencies to be built with Wayland support by default, but for the foreseeable future FreeBSD will continue defaulting to X.Org-based sessions. \n\nThe FreeBSD developers mostly acknowledge that Wayland is the future and the cost of enabling Wayland support by default is just slightly larger packages, but that weight is still leaner than the size of the X.Org code-base and its dependencies. \n\n\n\nFreeBSD vote thread\nTrueOS Fliped the switch already\n\n\n\n\nfork is not my favorite syscall\n\n\nThis article has been on my to-write list for a while now. In my opinion, fork is one of the most questionable design choices of Unix. I don’t understand the circumstances that led to its creation, and I grieve over the legacy rationale that keeps it alive to this day.\n\nLet’s set the scene. It’s 1971 and you’re a fly on the wall in Bell Labs, watching the first edition of Unix being designed for the PDP-11/20. This machine has a 16-bit address space with no more than 248 kilobytes of memory. They’re discussing how they’re going to support programs that spawn new programs, and someone has a brilliant idea. “What if we copied the entire address space of the program into a new process running from the same spot, then let them overwrite themselves with the new program?” This got a rousing laugh out of everyone present, then they moved on to a better design which would become immortalized in the most popular and influential operating system of all time.\n\nAt least, that’s the story I’d like to have been told. In actual fact, the laughter becomes consensus. There’s an obvious problem with this approach: every time you want to execute a new program, the entire process space is copied and promptly discarded when the new program begins. Usually when I complain about fork, this the point when its supporters play the virtual memory card, pointing out that modern operating systems don’t actually have to copy the whole address space. We’ll get to that, but first — First Edition Unix does copy the whole process space, so this excuse wouldn’t have held up at the time. By Fourth Edition Unix (the next one for which kernel sources survived), they had wisened up a bit, and started only copying segments when they faulted.\n\nThis model leads to a number of problems. One is that the new process inherits all of the parent’s process descriptors, so you have to close them all before you exec another process. However, unless you’re manually keeping tabs on your open file descriptors, there is no way to know what file handles you must close! The hack that solves this is CLOEXEC, the first of many hacks that deal with fork’s poor design choices. This file descriptors problem balloons a bit - consider for example if you want to set up a pipe. You have to establish a piped pair of file descriptors in the parent, then close every fd but the pipe in the child, then dup2 the pipe file descriptor over the (now recently closed) file descriptor 1. By this point you’ve probably had to do several non-trivial operations and utilize a handful of variables from the parent process space, which hopefully were on the stack so that we don’t end up copying segments into the new process space anyway.\n\nThese problems, however, pale in comparison to my number one complaint with the fork model. Fork is the direct cause of the stupidest component I’ve ever heard of in an operating system: the out-of-memory (aka OOM) killer. Say you have a process which is using half of the physical memory on your system, and wants to spawn a tiny program. Since fork “copies” the entire process, you might be inclined to think that this would make fork fail. But, on Linux and many other operating systems since, it does not fail! They agree that it’s stupid to copy the entire process just to exec something else, but because fork is Important for Backwards Compatibility, they just fake it and reuse the same memory map (except read-only), then trap the faults and actually copy later. The hope is that the child will get on with it and exec before this happens.\n\nHowever, nothing prevents the child from doing something other than exec - it’s free to use the memory space however it desires! This approach now leads to memory overcommittment - Linux has promised memory it does not have. As a result, when it really does run out of physical memory, Linux will just kill off processes until it has some memory back. Linux makes an awfully big fuss about “never breaking userspace” for a kernel that will lie about memory it doesn’t have, then kill programs that try to use the back-alley memory they were given. That this nearly 50 year old crappy design choice has come to this astonishes me.\n\nAlas, I cannot rant forever without discussing the alternatives. There are better process models that have been developed since Unix!\n\nThe first attempt I know of is BSD’s vfork syscall, which is, in a nutshell, the same as fork but with severe limitations on what you do in the child process (i.e. nothing other than calling exec straight away). There are loads of problems with vfork. It only handles the most basic of use cases: you cannot set up a pipe, cannot set up a pty, and can’t even close open file descriptors you inherited from the parent. Also, you couldn’t really be sure of what variables you were and weren’t editing or allowed to edit, considering the limitations of the C specification. Overall this syscall ended up being pretty useless.\n\nAnother model is posix_spawn, which is a hell of an interface. It’s far too complicated for me to detail here, and in my opinion far too complicated to ever consider using in practice. Even if it could be understood by mortals, it’s a really bad implementation of the spawn paradigm — it basically operates like fork backwards, and inherits many of the same flaws. You still have to deal with children inheriting your file descriptors, for example, only now you do it in the parent process. It’s also straight-up impossible to make a genuine pipe with posix_spawn. (Note: a reader corrected me - this is indeed possible via posix_spawn_file_actions_adddup2.)\n\nLet’s talk about the good models - rfork and spawn (at least, if spawn is done right). rfork originated from plan9 and is a beautiful little coconut of a syscall, much like the rest of plan9. They also implement fork, but it’s a special case of rfork. plan9 does not distinguish between processes and threads - all threads are processes and vice versa. However, new processes in plan9 are not the everything-must-go fuckfest of your typical fork call. Instead, you specify exactly what the child should get from you. You can choose to include (or not include) your memory space, file descriptors, environment, or a number of other things specific to plan9. There’s a cool flag that makes it so you don’t have to reap the process, too, which is nice because reaping children is another really stupid idea. It still has some problems, mainly around creating pipes without tremendous file descriptor fuckery, but it’s basically as good as the fork model gets. Note: Linux offers this via the clone syscall now, but everyone just fork+execs anyway.\n\nThe other model is the spawn model, which I prefer. This is the approach I took in my own kernel for KnightOS, and I think it’s also used in NT (Microsoft’s kernel). I don’t really know much about NT, but I can tell you how it works in KnightOS. Basically, when you create a new process, it is kept in limbo until the parent consents to begin. You are given a handle with which you can configure the process - you can change its environment, load it up with file descriptors to your liking, and so on. When you’re ready for it to begin, you give the go-ahead and it’s off to the races. The spawn model has none of the flaws of fork.\n\nBoth fork and exec can be useful at times, but spawning is much better for 90% of their use-cases. If I were to write a new kernel today, I’d probably take a leaf from plan9’s book and find a happy medium between rfork and spawn, so you could use spawn to start new threads in your process space as well. To the brave OS designers of the future, ready to shrug off the weight of legacy: please reconsider fork.\n\n\n\n\nEnable ld.lld as bootstrap linker by default on amd64\n\n\nEnable ld.lld as bootstrap linker by default on amd64\n\n\n\nFor some time we have been planning to migrate to LLVM's lld linker.\nHaving a man page was the last blocking issue for using ld.lld to link\nthe base system kernel + userland, now addressed by r327770.  Link the\nkernel and userland libraries and binaries with ld.lld by default, for\nadditional test coverage.\n\nThis has been a long time in the making.  On 2013-04-13 I submitted an\nupstream tracking issue in LLVM PR 23214: [META] Using LLD as FreeBSD's\nsystem linker.  Since then 85 individual issues were identified, and\nsubmitted as dependencies.  These have been addressed along with two\nand a half years of other lld development and improvement.\n\nI'd like to express deep gratitude to upstream lld developers Rui\nUeyama, Rafael Espindola, George Rimar and Davide Italiano.  They put in\nsubstantial effort in addressing the issues we found affecting\nFreeBSD/amd64.\n\nTo revert to using ld.bfd as the bootstrap linker, in /etc/src.conf set\n\nWITHOUT_LLD_BOOTSTRAP=yes\n\nIf you need to set this, please follow up with a PR or post to the\nfreebsd-toolchain mailing list explaining how default WITH_LLD_BOOTSTRAP\nfailed for your use case.\n\nNote that GNU ld.bfd is still installed as /usr/bin/ld, and will still\nbe used for linking ports.  ld.lld can be installed as /usr/bin/ld by\nsetting in /etc/src.conf\n\nWITH_LLD_IS_LLD=yes\n\n\nA followup commit will set WITH_LLD_IS_LD by default, possibly after\nClang/LLVM/lld 6.0 is merged to FreeBSD.\n\nRelease notes:    Yes\nSponsored by: The FreeBSD Foundation\n\n\n\nFollowup: https://www.mail-archive.com/svn-src-all@freebsd.org/msg155493.html\n***\n\n\nBeastie Bits\n\n\nBSDCAN2017 Interview with Peter Hessler, Reyk Floeter, and Henning Brauer\nvideo\nDSBMD\nccc34 talk - May contain DTraces of FreeBSD\n[scripts to run an OpenBSD mirror, rsync and verify])(https://github.com/bluhm/mirror-openbsd)\nOld School PC Fonts\n\n\n\n\nFeedback/Questions\n\n\nDavid - Approach and Tools for Snapshots and Remote Replication\nBrian - Help getting my FreeBSD systems talking across the city\nMalcolm - First BSD Meetup in Stockholm happened and it was great\nBrad - Update on TrueOS system\n***\n","content_html":"\u003cp\u003eWe review Meltdown and Spectre responses from various BSD projects, show you how to run CentOS with bhyve, GhostBSD 11.1 is out, and we look at the case against the fork syscall.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eMore Meltdown\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eMuch has been happened this week, but before we get into a status update of the various mitigations on the other BSDs, some important updates:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/\" rel=\"nofollow\"\u003eIntel has recalled the microcode update they issued on January 8th. It turns out this update can cause Haswell and Broadwell based systems to randomly reboot, with some frequency.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.amd.com/en/corporate/speculative-execution\" rel=\"nofollow\"\u003eAMD has confirmed that its processors are vulnerable to both variants of Spectre, and the the fix for variant #2 will require a forthcoming microcode update, in addition to OS level mitigations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-Side-Channel-Analysis-Method-Security-Review-CVE2017-5715-vulnerability-Fujitsu-products.pdf\" rel=\"nofollow\"\u003eFujitsu has provided a status report for most of its products, including SPARC hardware\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.theregister.co.uk/2018/01/12/intel_warns_meltdown_spectre_fixes_make_broadwells_haswells_unstable/\" rel=\"nofollow\"\u003eThe Register of course has some commentary\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf new code is needed, Intel will need to get it right: the company already faces numerous class action lawsuits. Data centre operators already scrambling to conduct unplanned maintenance will not be happy about the fix reducing stability.\u003cbr\u003e\nAMD has said that operating system patches alone will address the Spectre bounds check bypass bug. Fixing Spectre’s branch target injection flaw will require firmware fixes that AMD has said will start to arrive for Ryzen and EPYC CPUs this week.\u003cbr\u003e\nThe Register has also asked other server vendors how they’re addressing the bugs. Oracle has patched its Linux, but has told us it has “No comment/statement on this as of now” in response to our query about its x86 systems, x86 cloud, Linux and Solaris on x86. The no comment regarding Linux is odd as fixes for Oracle Linux landed \u003ca href=\"https://linux.oracle.com/errata/ELSA-2018-4006.html\" rel=\"nofollow\"\u003ehere\u003c/a\u003e on January 9th.\u003cbr\u003e\nSPARC-using Fujitsu, meanwhile, has published advice (PDF) revealing how it will address the twin bugs in its servers and PCs, and also saying its SPARC systems are “under investigation”.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20180106082238\" rel=\"nofollow\"\u003eResponse from OpenBSD:\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ca href=\"https://marc.info/?t=151521438600001\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003e\u0026#39;Meltdown, aka \u0026quot;Dear Intel, you suck\u0026quot;\u0026#39;\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.itwire.com/security/81338-handling-of-cpu-bug-disclosure-incredibly-bad-openbsd-s-de-raadt.html\" rel=\"nofollow\"\u003eTheo de Raadt\u0026#39;s response to Meltdown\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=118296441702631\u0026w=2\" rel=\"nofollow\"\u003eThat time in 2007 when Theo talked about how Intel x86 had major design problems in their chips\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=151570987406841\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD gets a Microcode updater\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html\" rel=\"nofollow\"\u003eResponse from Dragonfly BSD:\u003c/a\u003e\u003cbr\u003e\nThe longer response in four commits\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2018-January/627151.html\" rel=\"nofollow\"\u003eOne\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2018-January/627152.html\" rel=\"nofollow\"\u003eTwo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2018-January/627153.html\" rel=\"nofollow\"\u003eThree\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2018-January/627154.html\" rel=\"nofollow\"\u003eFour\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2018/01/10/20718.html\" rel=\"nofollow\"\u003eEven more Meltdown\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2018-January/335643.html\" rel=\"nofollow\"\u003eDragonflyBSD master now has full IBRS and IBPB support\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIBRS (Indirect Branch Restricted Speculation): The x86 IBRS feature requires corresponding microcode support. It mitigates the variant 2 vulnerability.\u003c/li\u003e\n\u003cli\u003eIf IBRS is set, near returns and near indirect jumps/calls will not allow their predicted target address to be controlled by code that executed in a less privileged prediction mode before the IBRS mode was last written with a value of 1 or on another logical processor so long as all RSB entries from the previous less privileged prediction mode are overwritten.\u003c/li\u003e\n\u003cli\u003eSpeculation on Skylake and later requires these patches (\u0026quot;dynamic IBRS\u0026quot;) be used instead of retpoline.  If you are very paranoid or you run on a CPU where IBRS=1 is cheaper, you may also want to run in \u0026quot;IBRS always\u0026quot; mode.\u003c/li\u003e\n\u003cli\u003eIBPB (Indirect Branch Prediction Barrier): Setting of IBPB ensures that earlier code\u0026#39;s behavior does not control later indirect branch predictions.  It is used when context switching to new untrusted address space. Unlike IBRS, IBPB is a command MSR and does not retain its state.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=article\u0026item=dragonfly-bsd-meltdown\u0026num=1\" rel=\"nofollow\"\u003eDragonFlyBSD\u0026#39;s Meltdown Fix Causing More Slowdowns Than Linux\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2018/01/07/msg090945.html\" rel=\"nofollow\"\u003eNetBSD HOTPATCH()\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2018/01/07/msg090952.html\" rel=\"nofollow\"\u003eNetBSD SVS (Separate Virtual Space)\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.daemon-security.com/2018/01/bhyve-centos-0110.html\" rel=\"nofollow\"\u003eRunning CentOS with Bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the addition of UEFI in FreeBSD (since version 11), users of bhyve can use the UEFI boot loader instead of the grub2-bhyve port for booting operating systems such as Microsoft Windows, Linux and OpenBSD. The following page provides information necessary for setting up bhyve with UEFI boot loader support:\u003cbr\u003e\n\u003ca href=\"https://wiki.freebsd.org/bhyve/UEFI\" rel=\"nofollow\"\u003ehttps://wiki.freebsd.org/bhyve/UEFI\u003c/a\u003e\u003cbr\u003e\nFeatures have been added to vmrun.sh to make it easier to setup the UEFI boot loader, but the following is required to install the UEFI firmware pkg:\u003c/p\u003e\n\n\u003cp\u003e\u003ccode\u003e# pkg install -y uefi-edk2-bhyve\u003c/code\u003e\u003c/p\u003e\n\n\u003cp\u003eWith graphical support, you can use a vnc client like tigervnc, which can be installed with the following command:\u003c/p\u003e\n\n\u003cp\u003e\u003ccode\u003e# pkg install -y tigervnc\u003c/code\u003e\u003c/p\u003e\n\n\u003cp\u003eIn the case of most corporate or government environments, the Linux of choice is RHEL, or CentOS. Utilizing bhyve, you can test and install CentOS in a bhyve VM the same way you would deploy a Linux VM in production. The first step is to download the CentOS iso (for this tutorial I used the CentOS minimal ISO): \u003ca href=\"http://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1708.iso\" rel=\"nofollow\"\u003ehttp://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1708.iso\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eI normally use a ZFS Volume (zvol) when running bhyve VMs. Run the following commands to create a zvol (ensure you have enough disk space to perform these operations):\u003c/p\u003e\n\n\u003cp\u003e\u003ccode\u003e# zfs create -V20G -o volmode=dev zroot/centos0\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(zroot in this case is the zpool I am using)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSimilar to my previous post about vmrun.sh, you need certain items to be configured on FreeBSD in order to use bhyve. The following commands are necessary to get things running:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e# echo \u0026quot;vfs.zfs.vol.mode=2\u0026quot; \u0026gt;\u0026gt; /boot/loader.conf\n# kldload vmm\n# ifconfig tap0 create\n# sysctl net.link.tap.up_on_open=1\nnet.link.tap.up_on_open: 0 -\u0026gt; 1\n# ifconfig bridge0 create\n# ifconfig bridge0 addm em0 addm tap0\n# ifconfig bridge0 up\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(replace em0 with whatever your physical interface is).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are a number of utilities that can be used to manage bhyve VMs, and I am sure there is a way to use vmrun.sh to run Linux VMs, but since all of the HowTos for running Linux use the bhyve command line, the following script is what I use for running CentOS with bhyve.\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e#!/bin/sh\n#\n# General bhyve install/run script for CentOS\n# Based on scripts from pr1ntf and lattera \n\nHOST=\u0026quot;127.0.0.1\u0026quot; \nPORT=\u0026quot;5901\u0026quot;\nISO=\u0026quot;/tmp/centos.iso\u0026quot;\nVMNAME=\u0026quot;centos\u0026quot;\nZVOL=\u0026quot;centos0\u0026quot; \nSERIAL=\u0026quot;nmda0A\u0026quot;\nTAP=\u0026quot;tap1\u0026quot; \nCPU=\u0026quot;1\u0026quot;\nRAM=\u0026quot;1024M\u0026quot;\nHEIGHT=\u0026quot;800\u0026quot;\nWIDTH=\u0026quot;600\u0026quot;\n\nif [ \u0026quot;$1\u0026quot; == \u0026quot;install\u0026quot; ];\nthen \n\n#Kill it before starting it\nbhyvectl --destroy --vm=$VMNAME\n\nbhyve -c $CPU -m $RAM -H -P -A \\ \n-s 0,hostbridge \\\n-s 2,virtio-net,$TAP \\ \n-s 3,ahci-cd,$ISO \\\n-s 4,virtio-blk,/dev/zvol/zroot/$ZVOL \\\n-s 29,fbuf,tcp=$HOST:$PORT,w=$WIDTH,h=$HEIGHT \\ \n-s 30,xhci,tablet \\\n-s 31,lpc -l com1,/dev/$SERIAL \\ \n-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\\n$VMNAME\n\n#kill it after \nbhyvectl --destroy --vm=$VMNAME\n\nelif [ \u0026quot;$1\u0026quot; == \u0026quot;run\u0026quot; ];\nthen \n\n#Kill it before starting it\nbhyvectl --destroy --vm=centos \n\nbhyve -c $CPU -m $RAM -w -H \\\n-s 0,hostbridge \\\n-s 2,virtio-net,$TAP \\ \n-s 4,virtio-blk,/dev/zvol/zroot/$ZVOL \\\n-s 29,fbuf,tcp=$HOST:$PORT,w=$WIDTH,h=$HEIGHT \\ \n-s 30,xhci,tablet \\\n-s 31,lpc -l com1,/dev/$SERIAL \\ \n-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\\n$VMNAME \u0026amp;\n\nelse \necho \u0026quot;Please type install or run\u0026quot;; \nfi \n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThe variables at the top of the script can be adjusted to fit your own needs. With the addition of the graphics output protocol in UEFI (or UEFI-GOP), a VNC console is launched and hosted with the HOST and PORT setting. There is a password option available for the VNC service, but the connection should be treated as insecure. It is advised to only listen on localhost with the VNC console and tunnel into the host of the bhyve VM. Now with the ISO copied to /tmp/centos.iso, and the script saved as centos.sh you can run the following command to start the install:\u003c/p\u003e\n\n\u003cp\u003e\u003ccode\u003e# ./centos.sh install\u003c/code\u003e\u003c/p\u003e\n\n\u003cp\u003eAt this point, using vncviewer (on the local machine, or over an SSH tunnel), you should be able to bring up the console and run the CentOS installer as normal. The absolutely most critical item is to resolve an issue with the booting of UEFI after the installation has completed. Because of the path used in bhyve, you need to run the following to be able to boot CentOS after the installation:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# cp -f /mnt/sysimage/boot/efi/EFI/centos/grubx64.efi /mnt/sysimage/boot/efi/EFI/BOOT\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith this setting changed, the same script can be used to launch your CentOS VM as needed:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# ./centos.sh run\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you are interested in a better solution for managing your Linux VM, take a look at the various bhyve management ports in the FreeBSD ports tree.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - newnix architect - \u003ca href=\"https://bsd.network/@newnix\" rel=\"nofollow\"\u003e@newnix\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20180108#ghostbsd\" rel=\"nofollow\"\u003eGhostBSD 11.1 - FreeBSD for the desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGhostBSD is a desktop oriented operating system which is based on FreeBSD. The project takes the FreeBSD operating system and adds a desktop environment, some popular applications, a graphical package manager and Linux binary compatibility. GhostBSD is available in two flavours, MATE and Xfce, and is currently available for 64-bit x86 computers exclusively. I downloaded the MATE edition which is available as a 2.3GB ISO file. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstalling \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGhostBSD\u0026#39;s system installer is a graphical application which begins by asking us for our preferred language, which we can select from a list. We can then select our keyboard\u0026#39;s layout and our time zone. When it comes to partitioning we have three main options: let GhostBSD take over the entire disk using UFS as the file system, create a custom UFS layout or take over the entire disk using ZFS as the file system. UFS is a classic file system and quite popular, it is more or less FreeBSD\u0026#39;s equivalent to Linux\u0026#39;s ext4. ZFS is a more advanced file system with snapshots, multi-disk volumes and optional deduplication of data. I decided to try the ZFS option. \u003c/p\u003e\n\n\u003cp\u003eOnce I selected ZFS I didn\u0026#39;t have many more options to go through. I was given the chance to set the size of my swap space and choose whether to set up ZFS as a plain volume, with a mirrored disk for backup or in a RAID arrangement with multiple disks. I stayed with the plain, single disk arrangement. We are then asked to create a password for the root account and create a username and password for a regular user account. The installer lets us pick our account\u0026#39;s shell with the default being fish, which seemed unusual. Other shells, including bash, csh, tcsh, ksh and zsh are available. The installer goes to work copying files and offers to reboot our computer when it is done. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEarly impressions \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe newly installed copy of GhostBSD boots to a graphical login screen where we can sign into the account we created during the install process. Signing into our account loads the MATE 1.18 desktop environment. I found MATE to be responsive and applications were quick to open. Early on I noticed odd window behaviour where windows would continue to slide around after I moved them with the mouse, as if the windows were skidding on ice. Turning off compositing in the MATE settings panel corrected this behaviour. I also found the desktop\u0026#39;s default font (Montserrat Alternates) to be hard on my eyes as the font is thin and, for lack of a better term, bubbly. Fonts can be easily adjusted in the settings panel. \u003c/p\u003e\n\n\u003cp\u003eA few minutes after I signed into my account, a notification appeared in the system tray letting me know software updates were available. Clicking the update icon brings up a small window showing us a list of package updates and, if any are available, updates to the base operating system. FreeBSD, and therefore GhostBSD, both separate the core operating system from the applications (packages) which run on the operating system. This means we can update the core of the system separately from the applications. GhostBSD\u0026#39;s core remains relatively static and minimal while applications are updated using a semi-rolling schedule. \u003c/p\u003e\n\n\u003cp\u003eWhen we are updating the core operating system, the update manager will give us the option of rebooting the system to finish the process. We can dismiss this prompt to continue working, but the wording of the prompt may be confusing. When asked if we want to reboot to continue the update process, the options presented to us are \u0026quot;Continue\u0026quot; or \u0026quot;Restart\u0026quot;. The Continue option closes the update manager and returns us to the MATE desktop. \u003c/p\u003e\n\n\u003cp\u003eThe update manager worked well for me and the only issue I ran into was when I dismissed the update manager and then wanted to install updates later. There are two launchers for the update manager, one in MATE\u0026#39;s System menu and one in the settings panel. Clicking either of these launchers didn\u0026#39;t accomplish anything. Running the update manager from the command line simply caused the process to lock up until killed. I found if I had dismissed the update manager once, I\u0026#39;d have to wait until I logged in again to use it. Alternatively, I could use a command line tool or use the OctoPkg package manager to install package updates. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusions \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMost of my time with GhostBSD, I was impressed and happy with the operating system. GhostBSD builds on a solid, stable FreeBSD core. We benefit from FreeBSD\u0026#39;s performance and its large collection of open source software packages. The MATE desktop was very responsive in my trial and the system is relatively light on memory, even when run on ZFS which has a reputation for taking up more memory than other file systems. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=FreeBSD-Wayland-Availability\" rel=\"nofollow\"\u003eFreeBSD Looks At Making Wayland Support Available By Default\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere\u0026#39;s an active discussion this week about making Wayland support available by default on FreeBSD. \u003c/p\u003e\n\n\u003cp\u003eFreeBSD has working Wayland support -- well, assuming you have working Intel / Radeon graphics -- and do have Weston and some other Wayland components available via FreeBSD Ports. FreeBSD has offered working Wayland support that is \u0026quot;quite usable\u0026quot; for more than one year. But, it\u0026#39;s not too easy to get going with Wayland on FreeBSD. \u003c/p\u003e\n\n\u003cp\u003eRight now those FreeBSD desktop users wanting to use/develop with Wayland currently need to rebuild the GTK3 tool-kit, Mesa, and other packages with Wayland support enabled. This call for action now is about allowing the wayland=on to be made the default. \u003c/p\u003e\n\n\u003cp\u003eThis move would then allow these dependencies to be built with Wayland support by default, but for the foreseeable future FreeBSD will continue defaulting to X.Org-based sessions. \u003c/p\u003e\n\n\u003cp\u003eThe FreeBSD developers mostly acknowledge that Wayland is the future and the cost of enabling Wayland support by default is just slightly larger packages, but that weight is still leaner than the size of the X.Org code-base and its dependencies. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2017-December/111906.html\" rel=\"nofollow\"\u003eFreeBSD vote thread\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trueos/trueos-core/commit/f48dba9d4e8cefc45d6f72336e7a0b5f42a2f6f1\" rel=\"nofollow\"\u003eTrueOS Fliped the switch already\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sircmpwn.github.io/2018/01/02/The-case-against-fork.html\" rel=\"nofollow\"\u003efork is not my favorite syscall\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis article has been on my to-write list for a while now. In my opinion, fork is one of the most questionable design choices of Unix. I don’t understand the circumstances that led to its creation, and I grieve over the legacy rationale that keeps it alive to this day.\u003c/p\u003e\n\n\u003cp\u003eLet’s set the scene. It’s 1971 and you’re a fly on the wall in Bell Labs, watching the first edition of Unix being designed for the PDP-11/20. This machine has a 16-bit address space with no more than 248 kilobytes of memory. They’re discussing how they’re going to support programs that spawn new programs, and someone has a brilliant idea. “What if we copied the entire address space of the program into a new process running from the same spot, then let them overwrite themselves with the new program?” This got a rousing laugh out of everyone present, then they moved on to a better design which would become immortalized in the most popular and influential operating system of all time.\u003c/p\u003e\n\n\u003cp\u003eAt least, that’s the story I’d like to have been told. In actual fact, the laughter becomes consensus. There’s an obvious problem with this approach: every time you want to execute a new program, the entire process space is copied and promptly discarded when the new program begins. Usually when I complain about fork, this the point when its supporters play the virtual memory card, pointing out that modern operating systems don’t actually have to copy the whole address space. We’ll get to that, but first — First Edition Unix does copy the whole process space, so this excuse wouldn’t have held up at the time. By Fourth Edition Unix (the next one for which kernel sources survived), they had wisened up a bit, and started only copying segments when they faulted.\u003c/p\u003e\n\n\u003cp\u003eThis model leads to a number of problems. One is that the new process inherits all of the parent’s process descriptors, so you have to close them all before you exec another process. However, unless you’re manually keeping tabs on your open file descriptors, there is no way to know what file handles you must close! The hack that solves this is CLOEXEC, the first of many hacks that deal with fork’s poor design choices. This file descriptors problem balloons a bit - consider for example if you want to set up a pipe. You have to establish a piped pair of file descriptors in the parent, then close every fd but the pipe in the child, then dup2 the pipe file descriptor over the (now recently closed) file descriptor 1. By this point you’ve probably had to do several non-trivial operations and utilize a handful of variables from the parent process space, which hopefully were on the stack so that we don’t end up copying segments into the new process space anyway.\u003c/p\u003e\n\n\u003cp\u003eThese problems, however, pale in comparison to my number one complaint with the fork model. Fork is the direct cause of the stupidest component I’ve ever heard of in an operating system: the out-of-memory (aka OOM) killer. Say you have a process which is using half of the physical memory on your system, and wants to spawn a tiny program. Since fork “copies” the entire process, you might be inclined to think that this would make fork fail. But, on Linux and many other operating systems since, it does not fail! They agree that it’s stupid to copy the entire process just to exec something else, but because fork is Important for Backwards Compatibility, they just fake it and reuse the same memory map (except read-only), then trap the faults and actually copy later. The hope is that the child will get on with it and exec before this happens.\u003c/p\u003e\n\n\u003cp\u003eHowever, nothing prevents the child from doing something other than exec - it’s free to use the memory space however it desires! This approach now leads to memory overcommittment - Linux has promised memory it does not have. As a result, when it really does run out of physical memory, Linux will just kill off processes until it has some memory back. Linux makes an awfully big fuss about “never breaking userspace” for a kernel that will lie about memory it doesn’t have, then kill programs that try to use the back-alley memory they were given. That this nearly 50 year old crappy design choice has come to this astonishes me.\u003c/p\u003e\n\n\u003cp\u003eAlas, I cannot rant forever without discussing the alternatives. There are better process models that have been developed since Unix!\u003c/p\u003e\n\n\u003cp\u003eThe first attempt I know of is BSD’s vfork syscall, which is, in a nutshell, the same as fork but with severe limitations on what you do in the child process (i.e. nothing other than calling exec straight away). There are loads of problems with vfork. It only handles the most basic of use cases: you cannot set up a pipe, cannot set up a pty, and can’t even close open file descriptors you inherited from the parent. Also, you couldn’t really be sure of what variables you were and weren’t editing or allowed to edit, considering the limitations of the C specification. Overall this syscall ended up being pretty useless.\u003c/p\u003e\n\n\u003cp\u003eAnother model is posix_spawn, which is a hell of an interface. It’s far too complicated for me to detail here, and in my opinion far too complicated to ever consider using in practice. Even if it could be understood by mortals, it’s a really bad implementation of the spawn paradigm — it basically operates like fork backwards, and inherits many of the same flaws. You still have to deal with children inheriting your file descriptors, for example, only now you do it in the parent process. It’s also straight-up impossible to make a genuine pipe with posix_spawn. (Note: a reader corrected me - this is indeed possible via posix_spawn_file_actions_adddup2.)\u003c/p\u003e\n\n\u003cp\u003eLet’s talk about the good models - rfork and spawn (at least, if spawn is done right). rfork originated from plan9 and is a beautiful little coconut of a syscall, much like the rest of plan9. They also implement fork, but it’s a special case of rfork. plan9 does not distinguish between processes and threads - all threads are processes and vice versa. However, new processes in plan9 are not the everything-must-go fuckfest of your typical fork call. Instead, you specify exactly what the child should get from you. You can choose to include (or not include) your memory space, file descriptors, environment, or a number of other things specific to plan9. There’s a cool flag that makes it so you don’t have to reap the process, too, which is nice because reaping children is another really stupid idea. It still has some problems, mainly around creating pipes without tremendous file descriptor fuckery, but it’s basically as good as the fork model gets. Note: Linux offers this via the clone syscall now, but everyone just fork+execs anyway.\u003c/p\u003e\n\n\u003cp\u003eThe other model is the spawn model, which I prefer. This is the approach I took in my own kernel for KnightOS, and I think it’s also used in NT (Microsoft’s kernel). I don’t really know much about NT, but I can tell you how it works in KnightOS. Basically, when you create a new process, it is kept in limbo until the parent consents to begin. You are given a handle with which you can configure the process - you can change its environment, load it up with file descriptors to your liking, and so on. When you’re ready for it to begin, you give the go-ahead and it’s off to the races. The spawn model has none of the flaws of fork.\u003c/p\u003e\n\n\u003cp\u003eBoth fork and exec can be useful at times, but spawning is much better for 90% of their use-cases. If I were to write a new kernel today, I’d probably take a leaf from plan9’s book and find a happy medium between rfork and spawn, so you could use spawn to start new threads in your process space as well. To the brave OS designers of the future, ready to shrug off the weight of legacy: please reconsider fork.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/327783\" rel=\"nofollow\"\u003eEnable ld.lld as bootstrap linker by default on amd64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEnable ld.lld as bootstrap linker by default on amd64\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor some time we have been planning to migrate to LLVM\u0026#39;s lld linker.\u003cbr\u003e\nHaving a man page was the last blocking issue for using ld.lld to link\u003cbr\u003e\nthe base system kernel + userland, now addressed by r327770.  Link the\u003cbr\u003e\nkernel and userland libraries and binaries with ld.lld by default, for\u003cbr\u003e\nadditional test coverage.\u003c/p\u003e\n\n\u003cp\u003eThis has been a long time in the making.  On 2013-04-13 I submitted an\u003cbr\u003e\nupstream tracking issue in LLVM PR 23214: [META] Using LLD as FreeBSD\u0026#39;s\u003cbr\u003e\nsystem linker.  Since then 85 individual issues were identified, and\u003cbr\u003e\nsubmitted as dependencies.  These have been addressed along with two\u003cbr\u003e\nand a half years of other lld development and improvement.\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;d like to express deep gratitude to upstream lld developers Rui\u003cbr\u003e\nUeyama, Rafael Espindola, George Rimar and Davide Italiano.  They put in\u003cbr\u003e\nsubstantial effort in addressing the issues we found affecting\u003cbr\u003e\nFreeBSD/amd64.\u003c/p\u003e\n\n\u003cp\u003eTo revert to using ld.bfd as the bootstrap linker, in /etc/src.conf set\u003c/p\u003e\n\n\u003cp\u003eWITHOUT_LLD_BOOTSTRAP=yes\u003c/p\u003e\n\n\u003cp\u003eIf you need to set this, please follow up with a PR or post to the\u003cbr\u003e\nfreebsd-toolchain mailing list explaining how default WITH_LLD_BOOTSTRAP\u003cbr\u003e\nfailed for your use case.\u003c/p\u003e\n\n\u003cp\u003eNote that GNU ld.bfd is still installed as /usr/bin/ld, and will still\u003cbr\u003e\nbe used for linking ports.  ld.lld can be installed as /usr/bin/ld by\u003cbr\u003e\nsetting in /etc/src.conf\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eWITH_LLD_IS_LLD=yes\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eA followup commit will set WITH_LLD_IS_LD by default, possibly after\u003cbr\u003e\nClang/LLVM/lld 6.0 is merged to FreeBSD.\u003c/p\u003e\n\n\u003cp\u003eRelease notes:    Yes\u003cbr\u003e\nSponsored by: The FreeBSD Foundation\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollowup: \u003ca href=\"https://www.mail-archive.com/svn-src-all@freebsd.org/msg155493.html\" rel=\"nofollow\"\u003ehttps://www.mail-archive.com/svn-src-all@freebsd.org/msg155493.html\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171229080944\" rel=\"nofollow\"\u003eBSDCAN2017 Interview with Peter Hessler, Reyk Floeter, and Henning Brauer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=e-Xim3_rJns\" rel=\"nofollow\"\u003evideo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://freeshell.de/%7Emk/projects/dsbmd.html\" rel=\"nofollow\"\u003eDSBMD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://media.ccc.de/v/34c3-9196-may_contain_dtraces_of_freebsd\" rel=\"nofollow\"\u003eccc34 talk - May contain DTraces of FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[scripts to run an OpenBSD mirror, rsync and verify])(\u003ca href=\"https://github.com/bluhm/mirror-openbsd\" rel=\"nofollow\"\u003ehttps://github.com/bluhm/mirror-openbsd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://int10h.org/oldschool-pc-fonts/readme/\" rel=\"nofollow\"\u003eOld School PC Fonts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDavid - \u003ca href=\"http://dpaste.com/33HKKEM#wrap\" rel=\"nofollow\"\u003eApproach and Tools for Snapshots and Remote Replication\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrian - \u003ca href=\"http://dpaste.com/3QWFEYR#wrap\" rel=\"nofollow\"\u003eHelp getting my FreeBSD systems talking across the city\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/1Z9Y8H1\" rel=\"nofollow\"\u003eFirst BSD Meetup in Stockholm happened and it was great\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/3EC9RGG#wrap\" rel=\"nofollow\"\u003eUpdate on TrueOS system\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We review Meltdown and Spectre responses from various BSD projects, show you how to run CentOS with bhyve, GhostBSD 11.1 is out, and we look at the case against the fork syscall.","date_published":"2018-01-17T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/73543d49-f8be-481c-b9ed-34ad42cc934e.mp3","mime_type":"audio/mpeg","size_in_bytes":78241972,"duration_in_seconds":6520}]},{"id":"4e0833ff-c2bf-4a7d-ac29-9249c3bc8114","title":"228: The Spectre of Meltdown","url":"https://www.bsdnow.tv/228","content_text":"We review the information about Spectre \u0026amp; Meltdown thus far, we look at NetBSD memory sanitizer progress, Postgres on ZFS \u0026amp; show you a bit about NomadBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMeltdown Spectre\n\n\nOfficial Site\nKernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign\nIntel’s official response\nThe Register mocks intels response with pithy annotations\nIntel’s Analysis PDF\nXKCD\nResponse from FreeBSD\nFreeBSD's patch WIP\nWhy Raspberry Pi isn’t vulnerable to Spectre or Meltdown\nXen mitigation patches\nOverview of affected FreeBSD Platforms/Architectures\nGroff's response\n##### We’ll cover OpenBSD, NetBSD, and DragonflyBSD’s responses in next weeks episode.\n***\n###The LLVM Memory Sanitizer support work in progress\n\u0026gt; In the past 31 days, I've managed to get the core functionality of MSan to work. This is an uninitialized memory usage detector. MSan is a special sanitizer because it requires knowledge of every entry to the basesystem library and every entry to the kernel through public interfaces. This is mandatory in order to mark memory regions as initialized.  Most of the work has been done directly for MSan. However, part of the work helped generic features in compiler-rt.\nSanitizers\n\u0026gt; Changes in the sanitizer are listed below in chronological order. Almost all of the changes mentioned here landed upstream. A few small patches were reverted due to breaking non-NetBSD hosts and are rescheduled for further investigation. I maintain these patches locally and have moved on for now to work on the remaining features.\nNetBSD syscall hooks\n\u0026gt; I wrote a large patch (815kb!) adding support for NetBSD syscall hooks for use with sanitizers. \nNetBSD ioctl(2) hooks\n\u0026gt; Similar to the syscall hooks, there is need to handle every ioctl(2) call. I've created the needed patch, this time shorter - for less than 300kb.\nNew patches still pending for upstream review\n\u0026gt; There are two corrections that I've created, and they are still pending upstream for review:\nAdd MSan interceptor for fstat(2)](https://reviews.llvm.org/D41637)\n Correct the setitimer interceptor on NetBSD)](https://reviews.llvm.org/D41502)\n\u0026gt; I've got a few more local patches that require cleanup before submitting to review.\nNetBSD basesystem corrections\nSanitizers in Go\nThe MSan state as of today\nSolaris support in sanitizers\n\u0026gt; I've helped the Solaris team add basic support for Sanitizers (ASan, UBsan). This does not help NetBSD directly, however indirectly it improves the overall support for non-Linux hosts and helps to catch more Linuxisms in the code.\nPlan for the next milestone\n\u0026gt; I plan to continue the work on MSan and correct sanitizing of the NetBSD basesystem utilities. This mandates me to iterate over the basesystem libraries implementing the missing interceptors and correcting the current support of the existing ones. My milestone is to build all src/bin programs against Memory Sanitizer and when possible execute them cleanly.\nThis work was sponsored by The NetBSD Foundation.\nThe NetBSD Foundation is a non-profit organization and welcomes any donations to help us continue funding projects and services to the open-source community. Please consider visiting the following URL, and chip in what you can: http://netbsd.org/donations/#how-to-donate\n***\n##News Roundup\n###MWL’s 2017 Wrap-Up\n\u0026gt; The obvious place to start is my 2016 wrap-up post](https://blather.michaelwlucas.com/archives/2822), where I listed goals for 2017. As usual, these goals were wildly delusional.\n\u0026gt; The short answer is, my iron was back up to normal. My writing speed wasn’t, though. I’d lost too much general health, and needed hard exercise to recover it. Yes, writing requires physical endurance. Maintaining that level of concentration for several hours a day demands a certain level of blood flow to the brain. I could have faked it in a day job, but when self-employed as an artist? Not so much.\n\u0026gt; Then there’s travel. I did my usual BSDCan trip, plus two educational trips to Lincoln City, Oregon. The current political mayhem convinced me that if I wanted to hit EuroBSDCon any time in the next few years, I should do it in the very near future. So I went to Paris, where I promptly got pickpocketed. (Thankfully, they didn’t get my passport.) I was actively writing the third edition of Absolute FreeBSD, so I visited BSDCam in Cambridge to get the latest information and a sense of where FreeBSD was going. I also did weekends at Kansas LinuxFest (because they asked and paid for my trip) and Penguicon.\n\u0026gt; (Because people will ask: why EuroBSDCon and not AsiaBSDCon? A six-hour transatlantic flight requires that I take a substantial dose of heavy-grade tranquilizers. I’m incapable of making intelligent decisions while on those drugs, or for several hours afterward. They don’t last long enough for twelve-hour flight to Japan, so I need to be accompanied by someone qualified to tell me when I need to take the next dose partway through the flight. This isn’t a predetermined time that I can set an alarm for; it depends on how the clonazepam affects me at those altitudes. A drug overdose while flying over the North Pole would be bad. When I can arrange that qualified companion, I’ll make the trip.)\n\u0026gt; I need most of the preceding week to prepare for long trips. I need the following week to recover from time shifts and general exhaustion. Additionally, I have to hoard people juice for a few weeks beforehand so I can deal with folks during these expeditions. Travel disrupts my dojo time as well, which impacts my health.\n\u0026gt; Taken as a whole: I didn’t get nearly as much done as I hoped.\nI wrote more stories, but Kris Rusch bludgeoned me into submitting them to trad markets. (The woman is a brute, I tell you. Cross her at your peril.)\nAmong my 2017 titles, my fiction outsold the tech books. No, not Prohibition Orcs–all four of the people who buy those love them, but the sales tell me I’ve done something wrong with those tales.\nMy cozy mystery git commit murder outsold Relayd and Httpd Mastery.\nBut what outdid them both, as well as most of my older books? What title utterly dominated my sales for the last quarter of the year? It was of course, my open source software political satire disguised as porn Savaged by Systemd: an Erotic Unix Encounter.\n\u0026gt; I can’t believe I just wrote that paragraph.\nThe good news is, once I recovered from EuroBSDCon, my writing got better.\nI finished Absolute FreeBSD, 3rd edition and submitted it to the publisher.\nI wrote the second edition of SSH Mastery (no link, because you can’t order it yet.)\nI’m plowing through git sync murder, the sequel to git commit murder. I don’t get to see the new Star Wars movie until I finish GSM, so hopefully that’ll be this month.\nAll in all, I wrote 480,200 words in 2017. Most of that was after September. It’s annoyingly close to breaking half a million, but after 2016’s scandalous 195,700, I’ll take it.\n***\n###PG Phriday: Postgres on ZFS\n\u0026gt; ZFS is a filesystem originally created by Sun Microsystems, and has been available for BSD over a decade. While Postgres will run just fine on BSD, most Postgres installations are historically Linux-based systems. ZFS on Linux has had much more of a rocky road to integration due to perceived license incompatibilities.\n\u0026gt; As a consequence, administrators were reluctant or outright refused to run ZFS on their Linux clusters. It wasn’t until OpenZFS was introduced in 2013 that this slowly began to change. These days, ZFS and Linux are starting to become more integrated, and Canonical of Ubuntu fame even announced direct support for ZFS in their 16.04 LTS release.\n\u0026gt; So how can a relatively obscure filesystem designed by a now-defunct hardware and software company help Postgres? Let’s find out!\nEddie waited til he finished high school\n\u0026gt; Old server hardware is dirt cheap these days, and make for a perfect lab for testing suspicious configurations. This is the server we’ll be using for these tests for those following along at home, or want some point of reference:\n\nDell R710\nx2 Intel X5660 CPUs, for up to 24 threads\n64GB RAM\nx4 1TB 7200RPM SATA HDDs\nH200 RAID card configured for Host Bus Adapter (HBA) mode\n250GB Samsung 850 EVO SSD\n\n\u0026gt; The H200 is particularly important, as ZFS acts as its own RAID system. It also has its own checksumming and other algorithms that don’t like RAID cards getting in the way. As such, we put the card itself in a mode that facilitates this use case.\n\u0026gt; Due to that, we lose out on any battery-backed write cache the RAID card might offer. To make up for it, it’s fairly common to use an SSD or other persistent fast storage to act both as a write cache, and a read cache. This also transforms our HDDs into hybrid storage automatically, which is a huge performance boost on a budget.\nShe had a guitar and she taught him some chords\n\u0026gt; First things first: we need a filesystem. This hardware has four 1TB HDDs, and a 250GB SSD. To keep this article from being too long, we’ve already placed GPT partition tables on all the HDDs, and split the SSD into 50GB for the OS, 32GB for the write cache, and 150GB for the read cache. A more robust setup would probably use separate SSDs or a mirrored pair for these, but labs are fair game.\nThey moved into a place they both could afford\n\u0026gt; Let’s start by getting a performance baseline for the hardware. We might expect peak performance at 12 or 24 threads because the server has 12 real CPUs and 24 threads, but query throughput actually topped out at concurrent 32 processes. We can scratch our heads over this later, for now, we can consider it the maximum capabilities of this hardware.\nHere’s a small sample:\n```\n$\u0026gt; pgbench -S -j 32 -c 32 -M prepared -T 20 pgbench\n\n\n...\ntps = 264661.135288 (including connections establishing)\ntps = 264849.345595 (excluding connections establishing)\n\n\u0026gt; So far, this is pretty standard behavior. 260k prepared queries per second is great read performance, but this is supposed to be a filesystem demonstration. Let’s get ZFS involved.\n+ The papers said Ed always played from the heart\n\u0026gt; Let’s repeat that same test with writes enabled. Once that happens, filesystem syncs, dirty pages, WAL overhead, and other things should drastically reduce overall throughput. That’s an expected result, but how much are we looking at, here?\n\n\n$\u0026gt; pgbench -j 32 -c 32 -M prepared -T 10 pgbench\n\n...\ntps = 6153.877658 (including connections establishing)\ntps = 6162.392166 (excluding connections establishing)\n\n\u0026gt; SSD cache or not, storage overhead is a painful reality. Still, 6000 TPS with writes enabled is a great result for this hardware. Or is it? Can we actually do better?\n\u0026gt; Consider the Postgres full_page_writes parameter. Tomas Vondra has written about it in the past as a necessity to prevent WAL corruption due to partial writes. The WAL is both streaming replication and crash recovery, so its integrity is of utmost importance. As a result, this is one parameter almost everyone should leave alone.\n\u0026gt; ZFS is Copy on Write (CoW). As a result, it’s not possible to have a torn page because a page can’t be partially written without reverting to the previous copy. This means we can actually turn off full_page_writes in the Postgres config. The results are some fairly startling performance gains:\n\n\n$\u0026gt; pgbench -j 32 -c 32 -M prepared -T 10 pgbench\n\n\n\ntps = 10325.200812 (including connections establishing)\ntps = 10336.807218 (excluding connections establishing)\n\n\u0026gt; That’s nearly a 70% improvement. Due to write amplification caused by full page writes, Postgres produced 1.2GB of WAL files during a 1-minute pgbench test, but only 160MB with full page writes disabled.\n\u0026gt; To be fair, a 32-thread pgbench write test is extremely abusive and certainly not a typical usage scenario. However, ZFS just ensured our storage a much lower write load by altering one single parameter. That means the capabilities of the hardware have also been extended to higher write workloads as IO bandwidth is not being consumed by WAL traffic.\n+ They both met movie stars, partied and mingled\n\u0026gt; Astute readers may have noticed we didn’t change the default ZFS block size from 128k to align with the Postgres default of 8kb. \n\u0026gt; As it turns out, the 128kb blocks allow ZFS to better combine some of those 8kb Postgres pages to save space. That will allow our measly 2TB to go a lot further than is otherwise possible.\n\u0026gt; Please note that this is not de-duplication, but simple lz4 compression, which is nearly real-time in terms of CPU overhead. De-duplication on ZFS is currently an uncertain bizzaro universe populated with misshapen horrors crawling along a broken landscape. It’s a world of extreme memory overhead for de-duplication tables, and potential lost data due to inherent conflicts with the CoW underpinnings. Please don’t use it, let anyone else use it, or even think about using it, ever.\n+ They made a record and it went in the chart\n\u0026gt; We’re still not done. One important aspect of ZFS as a CoW filesystem, is that it has integrated snapshots.\n\u0026gt; Consider the scenario where a dev is connected to the wrong system and drops what they think is a table in a QA environment. It turns out they were in the wrong terminal and just erased a critical production table, and now everyone is frantic.\n+ The future was wide open\n\u0026gt; It’s difficult to discount an immediately observable reduction in write overhead. Snapshots have a multitude of accepted and potential use cases, as well. In addition to online low-overhead compression, and the hybrid cache layer, ZFS boasts a plethora of features we didn’t explore.\n\u0026gt; Built-in checksums with integrated self-healing suggest it isn’t entirely necessary to re-initialize an existing Postgres instance to enable checksums. The filesystem itself ensures checksums are validated and correct, especially if we have more than one drive resource in our pool. It even goes the extra mile and actively corrects inconsistencies when encountered.\n\u0026gt; I immediately discounted ZFS back in 2012 because the company I worked for at the time was a pure Linux shop. ZFS was only available using the FUSE driver back then, meaning ZFS only worked through userspace with no real kernel integration. It was fun to tinker with, but nobody sane would use that on a production server of any description.\n\u0026gt; Things have changed quite drastically since then. I’ve stopped waiting for btrfs to become viable, and ZFS has probably taken the throne away from XFS as my filesystem of choice. Future editions of the Postgres High Availability Cookbook will reflect this as well.\n\u0026gt; Postgres MVCC and ZFS CoW seem made for each other. I’m curious to see what will transpire over the next few years now that ZFS has reached mainstream acceptance in at least one major Linux distribution.\n***\n###[NomadBSD](https://github.com/mrclksr/NomadBSD)\n+  About\n\u0026gt; NomadBSD is a live system for flash drives, based on FreeBSD.\n+ Screenshots\n![](http://freeshell.de/~mk/download/nomadbsd-ss1.png)\n![](http://freeshell.de/~mk/download/nomadbsd-ss2.png)\n+  Requirements for building the image\nA recent FreeBSD system\n+  Requirements for running NomadBSD\n* A 4GB (or more) flash drive\n* A System capable running FreeBSD 11.1 (amd64)\n+  Building the image\n~~ csh\n# make image\n~~\n+  Writing the image to an USB memory stick\n~~ csh\n# dd if=nomadbsd.img of=/dev/da0 bs=10240 conv=sync\n~~\n+  Resize filesystem to use the entire USB memory\n + Boot NomadBSD into single user mode, and execute:\n~~\n# gpart delete -i 2 da0s1\n# gpart resize -i 1 da0\n# gpart commit da0s1\n~~\n + Determine the partition size in megabytes using \n ````fdisk da0````\n + and calculate the remaining size of da0s1a:\n````\u0026lt;REMAIN\u0026gt; = \u0026lt;SIZE OF PARTITION IN MB\u0026gt; - \u0026lt;DESIRED SWAP SIZE IN MB\u0026gt;````.\n~~\n# gpart resize -i 1 -s \u0026lt;REMAIN\u0026gt;M da0s1\n# gpart add -t freebsd-swap -i 2 da0s1\n# glabel label NomadBSDsw da0s1b\n# service growfs onestart\n# reboot\n~~\n+ [FreeBSD forum thread](https://forums.freebsd.org/threads/63888/)\n+ [A short screen capture video of the NomadBSD system running in VirtualBox](https://freeshell.de/~mk/download/nomad_capture.mp4)\n***\n##Beastie Bits\n+ [Coolpkg, a package manager inspired by Nix for OpenBSD](https://github.com/andrewchambers/coolpkg)\n+ [zrepl - ZFS replication](https://zrepl.github.io/)\n+ [OpenBSD hotplugd automount script](https://bijanebrahimi.github.io/blog/openbsd-hotplugd-scripting.html)\n+ [Ancient troff sources vs. modern-day groff](https://virtuallyfun.com/2017/12/22/learn-ancient-troff-sources-vs-modern-day-groff/)\n+ [Paypal donation balance and status.. thanks everyone!](http://lists.dragonflybsd.org/pipermail/users/2017-December/313752.html)\n+ [Supervised FreeBSD rc.d script for a Go daemon (updated in last few days)](https://redbyte.eu/en/blog/supervised-freebsd-init-script-for-go-deamon/)\n+ [A Brief History of sed](https://blog.sourcerer.io/a-brief-history-of-sed-6eaf00302ed)\n+ [Flamegraph: Why does my AWS instance boot so slow?](http://www.daemonology.net/timestamping/tslog-c5.4xlarge.svg)\n***\n##Feedback/Questions\n+ Jeremy - [Replacing Drive in a Zpool](http://dpaste.com/319593M#wrap)\n+ [Dan’s Blog ](https://dan.langille.org/2017/08/16/swapping-5tb-in-3tb-out/)\n+ Tim - [Keeping GELI key through reboot](http://dpaste.com/11QTA06)\n+ Brian - [Mixing 2.5 and 3.5 drives](http://dpaste.com/2JQVD10#wrap)\n+ Troels - [zfs swap on FreeBSD](http://dpaste.com/147WAFR#wrap)\n***\n","content_html":"\u003cp\u003eWe review the information about Spectre \u0026amp; Meltdown thus far, we look at NetBSD memory sanitizer progress, Postgres on ZFS \u0026amp; show you a bit about NomadBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eMeltdown Spectre\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://meltdownattack.com/\" rel=\"nofollow\"\u003eOfficial Site\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/\" rel=\"nofollow\"\u003eKernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://newsroom.intel.com/news/intel-responds-to-security-research-findings/\" rel=\"nofollow\"\u003eIntel’s official response\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/\" rel=\"nofollow\"\u003eThe Register mocks intels response with pithy annotations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf\" rel=\"nofollow\"\u003eIntel’s Analysis PDF\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://xkcd.com/1938/\" rel=\"nofollow\"\u003eXKCD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security/2018-January/009719.html\" rel=\"nofollow\"\u003eResponse from FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/D13797\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s patch WIP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/\" rel=\"nofollow\"\u003eWhy Raspberry Pi isn’t vulnerable to Spectre or Meltdown\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.xenproject.org/archives/html/xen-devel/2018-01/msg00110.html\" rel=\"nofollow\"\u003eXen mitigation patches\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities\" rel=\"nofollow\"\u003eOverview of affected FreeBSD Platforms/Architectures\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/GroffTheBSDGoat/status/949372300368867328\" rel=\"nofollow\"\u003eGroff\u0026#39;s response\u003c/a\u003e\n##### We’ll cover OpenBSD, NetBSD, and DragonflyBSD’s responses in next weeks episode.\n***\n###\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_llvm_memory_sanitizer_support\" rel=\"nofollow\"\u003eThe LLVM Memory Sanitizer support work in progress\u003c/a\u003e\n\u0026gt; In the past 31 days, I\u0026#39;ve managed to get the core functionality of MSan to work. This is an uninitialized memory usage detector. MSan is a special sanitizer because it requires knowledge of every entry to the basesystem library and every entry to the kernel through public interfaces. This is mandatory in order to mark memory regions as initialized.  Most of the work has been done directly for MSan. However, part of the work helped generic features in compiler-rt.\u003c/li\u003e\n\u003cli\u003eSanitizers\n\u0026gt; Changes in the sanitizer are listed below in chronological order. Almost all of the changes mentioned here landed upstream. A few small patches were reverted due to breaking non-NetBSD hosts and are rescheduled for further investigation. I maintain these patches locally and have moved on for now to work on the remaining features.\u003c/li\u003e\n\u003cli\u003eNetBSD syscall hooks\n\u0026gt; I wrote a large patch (815kb!) adding support for NetBSD syscall hooks for use with sanitizers. \u003c/li\u003e\n\u003cli\u003eNetBSD ioctl(2) hooks\n\u0026gt; Similar to the syscall hooks, there is need to handle every ioctl(2) call. I\u0026#39;ve created the needed patch, this time shorter - for less than 300kb.\u003c/li\u003e\n\u003cli\u003eNew patches still pending for upstream review\n\u0026gt; There are two corrections that I\u0026#39;ve created, and they are still pending upstream for review:\u003c/li\u003e\n\u003cli\u003eAdd MSan interceptor for fstat(2)](\u003ca href=\"https://reviews.llvm.org/D41637\" rel=\"nofollow\"\u003ehttps://reviews.llvm.org/D41637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e Correct the setitimer interceptor on NetBSD)](\u003ca href=\"https://reviews.llvm.org/D41502\" rel=\"nofollow\"\u003ehttps://reviews.llvm.org/D41502\u003c/a\u003e)\n\u0026gt; I\u0026#39;ve got a few more local patches that require cleanup before submitting to review.\u003c/li\u003e\n\u003cli\u003eNetBSD basesystem corrections\u003c/li\u003e\n\u003cli\u003eSanitizers in Go\u003c/li\u003e\n\u003cli\u003eThe MSan state as of today\u003c/li\u003e\n\u003cli\u003eSolaris support in sanitizers\n\u0026gt; I\u0026#39;ve helped the Solaris team add basic support for Sanitizers (ASan, UBsan). This does not help NetBSD directly, however indirectly it improves the overall support for non-Linux hosts and helps to catch more Linuxisms in the code.\u003c/li\u003e\n\u003cli\u003ePlan for the next milestone\n\u0026gt; I plan to continue the work on MSan and correct sanitizing of the NetBSD basesystem utilities. This mandates me to iterate over the basesystem libraries implementing the missing interceptors and correcting the current support of the existing ones. My milestone is to build all src/\u003cem\u003ebin\u003c/em\u003e programs against Memory Sanitizer and when possible execute them cleanly.\u003c/li\u003e\n\u003cli\u003eThis work was sponsored by The NetBSD Foundation.\u003c/li\u003e\n\u003cli\u003eThe NetBSD Foundation is a non-profit organization and welcomes any donations to help us continue funding projects and services to the open-source community. Please consider visiting the following URL, and chip in what you can: \u003ca href=\"http://netbsd.org/donations/#how-to-donate\" rel=\"nofollow\"\u003ehttp://netbsd.org/donations/#how-to-donate\u003c/a\u003e\n***\n##News Roundup\n###\u003ca href=\"https://blather.michaelwlucas.com/archives/3078\" rel=\"nofollow\"\u003eMWL’s 2017 Wrap-Up\u003c/a\u003e\n\u0026gt; The obvious place to start is my 2016 wrap-up post](\u003ca href=\"https://blather.michaelwlucas.com/archives/2822\" rel=\"nofollow\"\u003ehttps://blather.michaelwlucas.com/archives/2822\u003c/a\u003e), where I listed goals for 2017. As usual, these goals were wildly delusional.\n\u0026gt; The short answer is, my iron was back up to normal. My writing speed wasn’t, though. I’d lost too much general health, and needed hard exercise to recover it. Yes, writing requires physical endurance. Maintaining that level of concentration for several hours a day demands a certain level of blood flow to the brain. I could have faked it in a day job, but when self-employed as an artist? Not so much.\n\u0026gt; Then there’s travel. I did my usual BSDCan trip, plus two educational trips to Lincoln City, Oregon. The current political mayhem convinced me that if I wanted to hit EuroBSDCon any time in the next few years, I should do it in the very near future. So I went to Paris, where I promptly got pickpocketed. (Thankfully, they didn’t get my passport.) I was actively writing the third edition of Absolute FreeBSD, so I visited BSDCam in Cambridge to get the latest information and a sense of where FreeBSD was going. I also did weekends at Kansas LinuxFest (because they asked and paid for my trip) and Penguicon.\n\u0026gt; (Because people will ask: why EuroBSDCon and not AsiaBSDCon? A six-hour transatlantic flight requires that I take a substantial dose of heavy-grade tranquilizers. I’m incapable of making intelligent decisions while on those drugs, or for several hours afterward. They don’t last long enough for twelve-hour flight to Japan, so I need to be accompanied by someone qualified to tell me when I need to take the next dose partway through the flight. This isn’t a predetermined time that I can set an alarm for; it depends on how the clonazepam affects me at those altitudes. A drug overdose while flying over the North Pole would be bad. When I can arrange that qualified companion, I’ll make the trip.)\n\u0026gt; I need most of the preceding week to prepare for long trips. I need the following week to recover from time shifts and general exhaustion. Additionally, I have to hoard people juice for a few weeks beforehand so I can deal with folks during these expeditions. Travel disrupts my dojo time as well, which impacts my health.\n\u0026gt; Taken as a whole: I didn’t get nearly as much done as I hoped.\u003c/li\u003e\n\u003cli\u003eI wrote more stories, but Kris Rusch bludgeoned me into submitting them to trad markets. (The woman is a brute, I tell you. Cross her at your peril.)\u003c/li\u003e\n\u003cli\u003eAmong my 2017 titles, my fiction outsold the tech books. No, not Prohibition Orcs–all four of the people who buy those love them, but the sales tell me I’ve done something wrong with those tales.\u003c/li\u003e\n\u003cli\u003eMy cozy mystery git commit murder outsold Relayd and Httpd Mastery.\u003c/li\u003e\n\u003cli\u003eBut what outdid them both, as well as most of my older books? What title utterly dominated my sales for the last quarter of the year? It was of course, my open source software political satire disguised as porn \u003ca href=\"https://www.michaelwarrenlucas.com/index.php/romance#sbs\" rel=\"nofollow\"\u003eSavaged by Systemd: an Erotic Unix Encounter.\u003c/a\u003e\n\u0026gt; I can’t believe I just wrote that paragraph.\u003c/li\u003e\n\u003cli\u003eThe good news is, once I recovered from EuroBSDCon, my writing got better.\u003c/li\u003e\n\u003cli\u003eI finished Absolute FreeBSD, 3rd edition and submitted it to the publisher.\u003c/li\u003e\n\u003cli\u003eI wrote the second edition of SSH Mastery (no link, because you can’t order it yet.)\u003c/li\u003e\n\u003cli\u003eI’m plowing through git sync murder, the sequel to git commit murder. I don’t get to see the new Star Wars movie until I finish GSM, so hopefully that’ll be this month.\u003c/li\u003e\n\u003cli\u003eAll in all, I wrote 480,200 words in 2017. Most of that was after September. It’s annoyingly close to breaking half a million, but after 2016’s scandalous 195,700, I’ll take it.\n***\n###\u003ca href=\"https://blog.2ndquadrant.com/pg-phriday-postgres-zfs/\" rel=\"nofollow\"\u003ePG Phriday: Postgres on ZFS\u003c/a\u003e\n\u0026gt; ZFS is a filesystem originally created by Sun Microsystems, and has been available for BSD over a decade. While Postgres will run just fine on BSD, most Postgres installations are historically Linux-based systems. ZFS on Linux has had much more of a rocky road to integration due to perceived license incompatibilities.\n\u0026gt; As a consequence, administrators were reluctant or outright refused to run ZFS on their Linux clusters. It wasn’t until OpenZFS was introduced in 2013 that this slowly began to change. These days, ZFS and Linux are starting to become more integrated, and Canonical of Ubuntu fame even announced direct support for ZFS in their 16.04 LTS release.\n\u0026gt; So how can a relatively obscure filesystem designed by a now-defunct hardware and software company help Postgres? Let’s find out!\u003c/li\u003e\n\u003cli\u003eEddie waited til he finished high school\n\u0026gt; Old server hardware is dirt cheap these days, and make for a perfect lab for testing suspicious configurations. This is the server we’ll be using for these tests for those following along at home, or want some point of reference:\n\u003ccode\u003e\nDell R710\nx2 Intel X5660 CPUs, for up to 24 threads\n64GB RAM\nx4 1TB 7200RPM SATA HDDs\nH200 RAID card configured for Host Bus Adapter (HBA) mode\n250GB Samsung 850 EVO SSD\n\u003c/code\u003e\n\u0026gt; The H200 is particularly important, as ZFS acts as its own RAID system. It also has its own checksumming and other algorithms that don’t like RAID cards getting in the way. As such, we put the card itself in a mode that facilitates this use case.\n\u0026gt; Due to that, we lose out on any battery-backed write cache the RAID card might offer. To make up for it, it’s fairly common to use an SSD or other persistent fast storage to act both as a write cache, and a read cache. This also transforms our HDDs into hybrid storage automatically, which is a huge performance boost on a budget.\u003c/li\u003e\n\u003cli\u003eShe had a guitar and she taught him some chords\n\u0026gt; First things first: we need a filesystem. This hardware has four 1TB HDDs, and a 250GB SSD. To keep this article from being too long, we’ve already placed GPT partition tables on all the HDDs, and split the SSD into 50GB for the OS, 32GB for the write cache, and 150GB for the read cache. A more robust setup would probably use separate SSDs or a mirrored pair for these, but labs are fair game.\u003c/li\u003e\n\u003cli\u003eThey moved into a place they both could afford\n\u0026gt; Let’s start by getting a performance baseline for the hardware. We might expect peak performance at 12 or 24 threads because the server has 12 real CPUs and 24 threads, but query throughput actually topped out at concurrent 32 processes. We can scratch our heads over this later, for now, we can consider it the maximum capabilities of this hardware.\nHere’s a small sample:\n```\n$\u0026gt; pgbench -S -j 32 -c 32 -M prepared -T 20 pgbench\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e...\u003cbr\u003e\ntps = 264661.135288 (including connections establishing)\u003cbr\u003e\ntps = 264849.345595 (excluding connections establishing)\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; So far, this is pretty standard behavior. 260k prepared queries per second is great read performance, but this is supposed to be a filesystem demonstration. Let’s get ZFS involved.\n+ The papers said Ed always played from the heart\n\u0026gt; Let’s repeat that same test with writes enabled. Once that happens, filesystem syncs, dirty pages, WAL overhead, and other things should drastically reduce overall throughput. That’s an expected result, but how much are we looking at, here?\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e$\u0026gt; pgbench -j 32 -c 32 -M prepared -T 10 pgbench\u003c/p\u003e\n\n\u003cp\u003e...\u003cbr\u003e\ntps = 6153.877658 (including connections establishing)\u003cbr\u003e\ntps = 6162.392166 (excluding connections establishing)\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; SSD cache or not, storage overhead is a painful reality. Still, 6000 TPS with writes enabled is a great result for this hardware. Or is it? Can we actually do better?\n\u0026gt; Consider the Postgres full_page_writes parameter. Tomas Vondra has written about it in the past as a necessity to prevent WAL corruption due to partial writes. The WAL is both streaming replication and crash recovery, so its integrity is of utmost importance. As a result, this is one parameter almost everyone should leave alone.\n\u0026gt; ZFS is Copy on Write (CoW). As a result, it’s not possible to have a torn page because a page can’t be partially written without reverting to the previous copy. This means we can actually turn off full_page_writes in the Postgres config. The results are some fairly startling performance gains:\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e$\u0026gt; pgbench -j 32 -c 32 -M prepared -T 10 pgbench\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003etps = 10325.200812 (including connections establishing)\u003cbr\u003e\ntps = 10336.807218 (excluding connections establishing)\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; That’s nearly a 70% improvement. Due to write amplification caused by full page writes, Postgres produced 1.2GB of WAL files during a 1-minute pgbench test, but only 160MB with full page writes disabled.\n\u0026gt; To be fair, a 32-thread pgbench write test is extremely abusive and certainly not a typical usage scenario. However, ZFS just ensured our storage a much lower write load by altering one single parameter. That means the capabilities of the hardware have also been extended to higher write workloads as IO bandwidth is not being consumed by WAL traffic.\n+ They both met movie stars, partied and mingled\n\u0026gt; Astute readers may have noticed we didn’t change the default ZFS block size from 128k to align with the Postgres default of 8kb. \n\u0026gt; As it turns out, the 128kb blocks allow ZFS to better combine some of those 8kb Postgres pages to save space. That will allow our measly 2TB to go a lot further than is otherwise possible.\n\u0026gt; Please note that this is not de-duplication, but simple lz4 compression, which is nearly real-time in terms of CPU overhead. De-duplication on ZFS is currently an uncertain bizzaro universe populated with misshapen horrors crawling along a broken landscape. It’s a world of extreme memory overhead for de-duplication tables, and potential lost data due to inherent conflicts with the CoW underpinnings. Please don’t use it, let anyone else use it, or even think about using it, ever.\n+ They made a record and it went in the chart\n\u0026gt; We’re still not done. One important aspect of ZFS as a CoW filesystem, is that it has integrated snapshots.\n\u0026gt; Consider the scenario where a dev is connected to the wrong system and drops what they think is a table in a QA environment. It turns out they were in the wrong terminal and just erased a critical production table, and now everyone is frantic.\n+ The future was wide open\n\u0026gt; It’s difficult to discount an immediately observable reduction in write overhead. Snapshots have a multitude of accepted and potential use cases, as well. In addition to online low-overhead compression, and the hybrid cache layer, ZFS boasts a plethora of features we didn’t explore.\n\u0026gt; Built-in checksums with integrated self-healing suggest it isn’t entirely necessary to re-initialize an existing Postgres instance to enable checksums. The filesystem itself ensures checksums are validated and correct, especially if we have more than one drive resource in our pool. It even goes the extra mile and actively corrects inconsistencies when encountered.\n\u0026gt; I immediately discounted ZFS back in 2012 because the company I worked for at the time was a pure Linux shop. ZFS was only available using the FUSE driver back then, meaning ZFS only worked through userspace with no real kernel integration. It was fun to tinker with, but nobody sane would use that on a production server of any description.\n\u0026gt; Things have changed quite drastically since then. I’ve stopped waiting for btrfs to become viable, and ZFS has probably taken the throne away from XFS as my filesystem of choice. Future editions of the Postgres High Availability Cookbook will reflect this as well.\n\u0026gt; Postgres MVCC and ZFS CoW seem made for each other. I’m curious to see what will transpire over the next few years now that ZFS has reached mainstream acceptance in at least one major Linux distribution.\n***\n###[NomadBSD](https://github.com/mrclksr/NomadBSD)\n+  About\n\u0026gt; NomadBSD is a live system for flash drives, based on FreeBSD.\n+ Screenshots\n![](http://freeshell.de/~mk/download/nomadbsd-ss1.png)\n![](http://freeshell.de/~mk/download/nomadbsd-ss2.png)\n+  Requirements for building the image\nA recent FreeBSD system\n+  Requirements for running NomadBSD\n* A 4GB (or more) flash drive\n* A System capable running FreeBSD 11.1 (amd64)\n+  Building the image\n~~ csh\n# make image\n~~\n+  Writing the image to an USB memory stick\n~~ csh\n# dd if=nomadbsd.img of=/dev/da0 bs=10240 conv=sync\n~~\n+  Resize filesystem to use the entire USB memory\n + Boot NomadBSD into single user mode, and execute:\n~~\n# gpart delete -i 2 da0s1\n# gpart resize -i 1 da0\n# gpart commit da0s1\n~~\n + Determine the partition size in megabytes using \n ````fdisk da0````\n + and calculate the remaining size of da0s1a:\n````\u0026lt;REMAIN\u0026gt; = \u0026lt;SIZE OF PARTITION IN MB\u0026gt; - \u0026lt;DESIRED SWAP SIZE IN MB\u0026gt;````.\n~~\n# gpart resize -i 1 -s \u0026lt;REMAIN\u0026gt;M da0s1\n# gpart add -t freebsd-swap -i 2 da0s1\n# glabel label NomadBSDsw da0s1b\n# service growfs onestart\n# reboot\n~~\n+ [FreeBSD forum thread](https://forums.freebsd.org/threads/63888/)\n+ [A short screen capture video of the NomadBSD system running in VirtualBox](https://freeshell.de/~mk/download/nomad_capture.mp4)\n***\n##Beastie Bits\n+ [Coolpkg, a package manager inspired by Nix for OpenBSD](https://github.com/andrewchambers/coolpkg)\n+ [zrepl - ZFS replication](https://zrepl.github.io/)\n+ [OpenBSD hotplugd automount script](https://bijanebrahimi.github.io/blog/openbsd-hotplugd-scripting.html)\n+ [Ancient troff sources vs. modern-day groff](https://virtuallyfun.com/2017/12/22/learn-ancient-troff-sources-vs-modern-day-groff/)\n+ [Paypal donation balance and status.. thanks everyone!](http://lists.dragonflybsd.org/pipermail/users/2017-December/313752.html)\n+ [Supervised FreeBSD rc.d script for a Go daemon (updated in last few days)](https://redbyte.eu/en/blog/supervised-freebsd-init-script-for-go-deamon/)\n+ [A Brief History of sed](https://blog.sourcerer.io/a-brief-history-of-sed-6eaf00302ed)\n+ [Flamegraph: Why does my AWS instance boot so slow?](http://www.daemonology.net/timestamping/tslog-c5.4xlarge.svg)\n***\n##Feedback/Questions\n+ Jeremy - [Replacing Drive in a Zpool](http://dpaste.com/319593M#wrap)\n+ [Dan’s Blog ](https://dan.langille.org/2017/08/16/swapping-5tb-in-3tb-out/)\n+ Tim - [Keeping GELI key through reboot](http://dpaste.com/11QTA06)\n+ Brian - [Mixing 2.5 and 3.5 drives](http://dpaste.com/2JQVD10#wrap)\n+ Troels - [zfs swap on FreeBSD](http://dpaste.com/147WAFR#wrap)\n***\n\u003c/code\u003e\u003c/pre\u003e","summary":"We review the information about Spectre \u0026 Meltdown thus far, we look at NetBSD memory sanitizer progress, Postgres on ZFS \u0026 show you a bit about NomadBSD.","date_published":"2018-01-10T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4e0833ff-c2bf-4a7d-ac29-9249c3bc8114.mp3","mime_type":"audio/mpeg","size_in_bytes":80596084,"duration_in_seconds":6716}]},{"id":"a7f9f9fa-3d35-4f58-8709-12f6a433b446","title":"227: The long core dump","url":"https://www.bsdnow.tv/227","content_text":"We walk through dumping a PS4 kernel in only 6 days, tell you the news that NetBSD 7.1.1 has been released, details on how to run FreeBSD on a Thinkpad T470, and there’s progress in OpenBSD’s pledge.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nNetBSD 7.1.1 released\n\n\nThe NetBSD Project is pleased to announce NetBSD 7.1.1, the first security/critical update of the NetBSD 7.1 release branch. It represents a selected subset of fixes deemed important for security or stability reasons.\nComplete source and binaries for NetBSD 7.1.1 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at https://www.NetBSD.org/mirrors/. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.1.1 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: https://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.1.1_hashes.asc\nNetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:\n[NetBSD website](www.NetBSD.org)\n+Changes Between 7.1 and 7.1.1 Below is an abbreviated list of changes in this release. The complete list can be found in the CHANGES-7.1.1 file in the top level directory of the NetBSD 7.1.1 release tree.\n\n\nSecurity Advisory Fixes The following security advisories were fixed:\nNetBSD-SA2017-004 buffer overflow via cmap for 4 graphics drivers.\nNetBSD-SA2017-005 x86: vulnerabilities in context handling.\nNetBSD-SA2017-006 Vnode reference leak in the openat system call.\nNetBSD-SA2018-001 Several vulnerabilities in context handling\nNetBSD-SA2018-002 Local DoS in virecover\nNote: Advisories prior to NetBSD-SA2017-004 do not affect NetBSD 7.1.1.\nUserland changes\ndhcrelay(8): Fix bug that prevented proper operation when run in the background.\nHeimdal: Update to 7.1. Fix CVE-2017-11103.\nmtree(8): Don't modify strings stored in hash, otherwise filling up of directory hierarchy stops if the same hash value occurs in directory and leaf.\nping(8): Fix cksum calculation for clearing the cached route.\nresize_ffs(8): Fix numerous overflow errors which can lead to superblock corruption on large filesystems.\nrtadvd(8): Fix the default value of rltime. PR bin/51994.\nUpdate BIND to 9.10.5-P2.\nUpdate expat to 2.2.1.\nUpdate ntp to 4.2.8p10.\nUpdate root.cache to 2017102400.\nUpdate tzdata to 2017c.\nvi(1): Don't garble display when when resizing nvi in xterm.\n\nwpa_supplicant/hostapd: Update to 2.6.\nApply fixes for CVEs 2017-13077 through 2017-13082 and CVEs 2017-13086 through 2017-13088.\nX: Apply fixes for CVEs 2017-12176 through 2017-12187, 2017-10971, 2017-10972, 2017-13722, 2017-13720, 2017-16611, and 2017-16612.\n***\n###Dumping a PS4 Kernel in \"Only\" 6 Days\n\u0026gt; What if a secure device had an attacker-viewable crashdump format? What if that same device allowed putting arbitrary memory into the crashdump? Amazingly, the ps4 tempted fate by supporting both of these features! Let’s see how that turned out…\nCrashdumps on PS4\n\n\nThe crash handling infrastructure of the ps4 kernel is interesting for 2 main reasons:\nIt is ps4-specific code (likely to be buggy)\nIf the crashdump can be decoded, we will gain very useful info for finding bugs and creating reliable exploits\nOn a normal FreeBSD system, a kernel panic will create a dump by calling kern_reboot with the RB_DUMP flag. This then leads to doadump being called, which will dump a rather tiny amount of information about the kernel image itself to some storage device.\nOn ps4, the replacement for doadump is mdbg_run_dump, which can be called from panic or directly from trap_fatal. The amount of information stored into the dump is gigantic by comparison - kernel state for all process, thread, and vm objects are included, along with some metadata about loaded libraries. Other obvious changes from the vanilla FreeBSD method are that the mdbg_run_dump encodes data recorded into the dump on a field-by-field basis and additionally encrypts the resulting buffer before finally storing it to disk.\n\nDumping Anything\n\n\nLet’s zoom in to a special part of mdbg_run_dump - where it iterates over all process’ threads and tries to dump some pthread state:\ndumpstate is a temporary buffer which will eventually make it into the crashdump. To summarize, sysdump__internal_call_readuser can be made to function as a read-anywhere oracle. This is because fsbase will point into our (owned) webkit process’ usermode address space. Thus, even without changing the actual fsbase value, we may freely change the value of tcb_thread, which is stored at fsbase + 0x10.\nFurther, sysdump__internal_call_readuser will happily read from a kernel address and put the result into the dump.\nWe can now put any kernel location into the dump, but we still need to decrypt and decode it…\nAside from that, there’s also the issue that we may only add 0x10 bytes per thread in this manner…\n\nFurther reading:\n\n\nCrashdump Crypto\nCrashdump Decoding\nCrashdump Automation\nTriggering the Vulnerability\nThe Fix (Kind of…)\nFin\n\nAppendix\n\n\nCrashdump Decryptor\nNXDP Decoder\n***\n###BSDTW 2017 Conference Recap: Li-Wen Hsu\n\nBSDTW 2017 Conference Recap: Li-Wen Hsu\n12/28/2017\n\u0026gt; Last month, we held BSDTW 2017 on November 11-12th, 2017 in Taipei, Taiwan. It was the second largest BSD conference in Taiwan and the first one in this decade. In 2004, the first AsiaBSDCon was also held in Taipei. Then all of the following AsiaBSDCon conferences were held in Tokyo, Japan. (AsiaBSDCon 2018 will be in Tokyo again next year, please submit your talk proposal by December 31th 2017, and attend the conference on March 8th-11th)\n\u0026gt; We wanted to start small with the first BSDTW because we were not sure how much sponsorship or how many volunteers we might have. BSDTW 2017 was a single track, two-day conference with 11 selected 50 minute presentations and 1 WIP/lightning talk session consisting of 8 short talks. I do regret that we did not have any local presenters this year. It is also a similar problem at AsiaBSDCon. Unsurprisingly, as with AsiaBSDcon, the travel reimbursement took up a large part of the whole conference budget. We do have many good people that work in Asia, but we still need to encourage people to present their work more.\n\u0026gt; We had over 130 registered attendees, with 30% of them coming from outside of Taiwan. To our knowledge, in recent years, this is the only open source conference in Taiwan to be held entirely in English, and to have such a large portion of international attendees. This is also the first open source conference in Taiwan to focus entirely on operating systems. The attendees included students, professors, engineers or CTOs, and CEOs from technology companies. This is also the first time that GroffTheBSDGoat visited Taiwan! We were surprised that after the silence for so many years, there are still so many people that use and love BSD near us. We saw many old friends, who had “disappeared” for a long time, came back, and were glad to meet many new friends at the conference. I am really happy that this conference was able to bring together these people, from local and abroad. After attending BSD conferences around the world for many years, I feel that the friendship between BSD users is the most important thing in the BSD community, and one of the main reasons people stay. It has been my pleasure to bring this community back to my friends in my homeland.\n\u0026gt; After the two-day event, I truly understand that bootstrapping a new conference is a very hard job. One with many aspects that you don’t even imagine until you’re really in the process of planning an event. I now have an even greater respect for all of the conference organizers and realize that we need to have more people help them, to keep these conferences continue to get better and better. Plus, there will always be room for a new conference!\n\u0026gt; Thanks to the FreeBSD Foundation for being the biggest sponsor of BSDTW 2017 and always being the strongest backend of our community. We are excited about the many local companies and organizations that helped us whether with people, materials or financially. We even had 21 personal sponsors, more than two times the number of other big open source conferences in Taiwan.\n\u0026gt; As I said in the closing session, I’m not sure if there will be 2nd BSDTW next year. It still depends on the amount of sponsorship and number of volunteers. However, we will definitely hold more smaller meetups in the next year to keep building up the local BSD community.\n\u0026gt; Finally, in the beginning of this month, we had a “post-conference media workshop” for organizing the media files we collected in the BSDTW 2017. Here are the review article in Traditional Chinese and the photos: https://medium.com/@bsdtw/bsdtw-2017-總回顧-a402788daede \u0026amp;\u0026amp;\nhttps://www.flickr.com/photos/bsdtw/albums/72157689410035911\n***\n##News Roundup\n###Running FreeBSD on a Lenovo T470s\nRunning FreeBSD on the Lenovo T470s ThinkPad\n\u0026gt; Installing FreeBSD on this machine was super easy. As I couldn't find a comprehensive/encouraging how-to about installing FreeBSD on a recent ThinkPad, I just wrote up the one below. It includes details about my personal setup, which are not required to run FreeBSD on this model, but which are more to my own taste. I still think this can be a quite useful inspiration for others who want to run their own customized configurations.\nSpecs\n\u0026gt; The system I use has these specifications:\nType: 20JS-001EGE\nCPU: Intel Core i7-6600U, 2x 2.60GHz\nRAM: 20GB DDR4\nSSD: 512GB NVMe\nGraphics: Intel HD Graphics 520 (IGP), 1x HDMI 1.4\nDisplay: 14\", 1920x1080, non-glare, IPS\nPorts: 3x USB-A 3.0, 1x Thunderbolt 3, 1x Gb LAN\nWireless: WLAN 802.11a/b/g/n/ac, Bluetooth 4.1, LTE (Micro-SIM)\nCardreader: SD/SDHC/SDXC/MMC\nWebcam: 0.9 Megapixel\nExtras: MIL-STD-810G, Pointing Stick, Fingerprint-Reader, Docking port\nThings that work\n\u0026gt; Basically everything I care about:\n\n\nAccelerated video\nKeyboard\nTouchpad/ClickPad (like expected in a modern laptop)\nSSD\nWiFi\nSound\nHDMI out\nSuspend to RAM\nWebcam\n\nThings that don't work\n\n\nFingerprint reader\nPotentially anything I didn't test\nBattery life is okay, but could be better.\n\nInstallation of the base system\n\u0026gt; I used a snapshot release of 12-CURRENT as the basis of my installation, particularly the one of 13th of December 2017.\n\u0026gt; I dd'ed it onto a memory stick and boot the laptop. I started a standard installation and created an encrypted ZFS pool on nvme0, using encryption, swap encryption and partition scheme \"GPT (UEFI)\".\n\u0026gt; After installation, it boots straight up.\nPorts tree used\n\u0026gt; All work is based on a head ports tree from about Dec 18, 22:15 CET, which should be more or less r456672.\nPreferred ClickPad configuration\n\u0026gt; As I'm not a fan of the the pointing stick, I disabled it in the bios. My final ClickPad configuration will be: Click to click (not tap), no middle button, right button in the lower right corner. As the old synaptics driver doesn't provide good thumb detection, libinput will be used.\nCheck out the laptop list on the FreeBSD wiki for compatibility: (https://wiki.freebsd.org/Laptops/)\n***\n###FreeBSD desktop LiveCD creator\nIntroduction\n\u0026gt; The purpose of this tool is quickly generate bloat free images containing stock FreeBSD, and supported desktop environments.\nFeatures\nFreeBSD 11.1-RELEASE\nAMD64\nGnome \u0026amp; KDE desktop environments\nHybrid DVD/USB image\nScreenshots\n[Gnome LiveCD])https://github.com/pkgdemon/comet/raw/master/screenshots/gnome-livecd.png?raw=true)\nKDE LiveCD\nSystem Requirements\nFreeBSD 11.1, or higher for AMD64\n20GB of free disk space\n1GB of free memory\nUFS, or ZFS\nInitial Setup\nInstall the required packages:\npkg install git grub2-pcbsd grub2-efi xorriso\nClone the repo:\ngit clone https://www.github.com/pkgdemon/comet\nEnter the directory for running the LiveCD creator:\ncd comet/src\nCredentials for live media\n\u0026gt; User: liveuser\n\u0026gt; Password: freebsd\n***\n###iXsystems\nStorageCrypter Ransomware: Security Threat or Clickbait?\n###pledge() work in progress\n\u0026gt; I wanted to give an update that a two pledge-related changes are being worked on. The semantics and integration are complicated so it is taking some time.\n\u0026gt; One is execpromises. This will become the 2nd argument of pledge(). This allows one to set the pledge for the new image after pledge \"exec\"-allowed execve(). A warning though: utilizing this in software isn't as easy as you might think! The fork+exec + startup sequences needed to be studied quite carefully to ensure the newly-executed child doesn't ask for more than the parent's execpromises. In my experiments such a circumstance is exceedingly common, so the problem is eased by introducing a new pledge feature which allows pledge violations to return ENOSYS or such rather than killing the process.\n\u0026gt; This feature also needs to be used with great caution (especially in privileged programs) because programs which fail to observe errors may continue operating forward very incorrectly; you've lost the ability to catch it failing, and provide care by fixing the problem.\n\u0026gt; The other is pledgepaths. The semantics are still being tuned a bit. Before the first call to pledge() in a process, one can pledgepath() directories. Then later after pledge(), file access operations only work if the traversal of the path crosses one of those pre-declared directories (but better make sure you don't move a directory, because the kernel remembers and reasons about the vnode of the directory rather than the path). Something similar is being worked on for files, but we are still adjusting that, as well as a flag parameter for the pledgepath() call which may constrain the operations done on such files.\n\u0026gt; As such, pledgepath() will become a filesystem containment mechanism unlike chroot() because paths will still be based upon true /.\n\u0026gt; Patience.\n***\n###The anatomy of tee program on OpenBSD\n\u0026gt; The tee command is used to read content from standard input and displays it not only in standard output but also saves to other files simultaneously. The source code of tee in OpenBSD is very simple, and I want to give it an analysis:\n\u0026gt; (1) tee leverages Singlely-linked List defined in sys/queue.h to manage outputted files (including standard output):\nstruct list {\nSLIST_ENTRY(list) next;\nint fd;\nchar *name;\n};\nSLIST_HEAD(, list) head;\n......\nstatic void\nadd(int fd, char *name)\n{\nstruct list *p;\n......\nSLIST_INSERT_HEAD(\u0026amp;head, p, next);\n}\nint\nmain(int argc, char *argv[])\n{\nstruct list *p;\n......\nSLIST_INIT(\u0026amp;head);\n......\nSLIST_FOREACH(p, \u0026amp;head, next) {\n......\n}\n}\n\u0026gt; To understand it easily, I extract the macros from sys/queue.h and created a file which utilizes the marcos:\n\u0026amp;#35;define SLIST_HEAD(name, type) \\\nstruct name { \\\nstruct type *slh_first; /* first element */ \\\n}\n\u0026amp;#35;define SLIST_ENTRY(type) \\\nstruct { \\\nstruct type *sle_next; /* next element */ \\\n}\n\u0026amp;#35;define SLIST_FIRST(head) ((head)-\u0026gt;slh_first)\n\u0026amp;#35;define SLIST_END(head) NULL\n\u0026amp;#35;define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head))\n\u0026amp;#35;define SLIST_NEXT(elm, field) ((elm)-\u0026gt;field.sle_next)\n\u0026amp;#35;define SLIST_FOREACH(var, head, field) \\\nfor((var) = SLIST_FIRST(head); \\\n(var) != SLIST_END(head); \\\n(var) = SLIST_NEXT(var, field))\n\u0026amp;#35;define SLIST_INIT(head) { \\\nSLIST_FIRST(head) = SLIST_END(head); \\\n}\n\u0026amp;#35;define SLIST_INSERT_HEAD(head, elm, field) do { \\\n(elm)-\u0026gt;field.sle_next = (head)-\u0026gt;slh_first; \\\n(head)-\u0026gt;slh_first = (elm); \\\n} while (0)\nstruct list {\nSLIST_ENTRY(list) next;\nint fd;\nchar *name;\n};\nSLIST_HEAD(, list) head;\nint\nmain(int argc, char *argv[])\n{\nstruct list *p;\nSLIST_INIT(\u0026amp;head);\nSLIST_INSERT_HEAD(\u0026amp;head, p, next);\nSLIST_FOREACH(p, \u0026amp;head, next) {\n}\n}\n\u0026gt; Then employed gcc‘s pre-processing function:\n\u0026amp;#35; gcc -E slist.c\n\u0026amp;#35; 1 \"slist.c\"\n\u0026amp;#35; 1 \"\u0026lt;built-in\u0026gt;\"\n\u0026amp;#35; 1 \"\u0026lt;command-line\u0026gt;\"\n\u0026amp;#35; 1 \"slist.c\"\n\u0026amp;#35; 30 \"slist.c\"\nstruct list {\nstruct { struct list *sle_next; } next;\nint fd;\nchar *name;\n};\nstruct { struct list *slh_first; } head;\nint\nmain(int argc, char *argv[])\n{\nstruct list *p;\n{ ((\u0026amp;head)-\u0026gt;slh_first) = NULL; };\ndo { (p)-\u0026gt;next.sle_next = (\u0026amp;head)-\u0026gt;slh_first; (\u0026amp;head)-\u0026gt;slh_first = (p); } while (0);\nfor((p) = ((\u0026amp;head)-\u0026gt;slh_first); (p) != NULL; (p) = ((p)-\u0026gt;next.sle_next)) {\n}\n}\n\n\u0026gt; It becomes clear now! The head node in list contains only 1 member: slh_first, which points to the first valid node. For the elements in the list, it is embedded with next struct which uses sle_next to refer to next buddy.\n\u0026gt; (2) By default, tee will overwrite the output files. If you want to append it, use -a option, and the code is as following:\n\nwhile (*argv) {\nif ((fd = open(*argv, O_WRONLY | O_CREAT |\n(append ? O_APPEND : O_TRUNC), DEFFILEMODE)) == -1) {\n......\n}\n......\n}\n\n\u0026gt; (3) The next part is the skeleton of saving content to files:\n\nwhile ((rval = read(STDIN_FILENO, buf, sizeof(buf))) \u0026gt; 0) {\nSLIST_FOREACH(p, \u0026amp;head, next) {\nn = rval;\nbp = buf;\ndo {\nif ((wval = write(p-\u0026gt;fd, bp, n)) == -1) {\n......\n}\nbp += wval;\n} while (n -= wval);\n}\n}\n\u0026gt; We need to iterates every opened file descriptor and write contents into it.\n\u0026gt; (4) Normally, theinterrupt signal will cause tee exit:\n\u0026amp;#35; tee\nfdkfkdfjk\nfdkfkdfjk\n^C\n\u0026amp;#35;\n\u0026gt; To disable this feature, use -i option:\n\u0026amp;#35; tee -i\nfdhfhd\nfdhfhd\n^C^C\n\u0026gt; The corresponding code is like this:\n......\ncase 'i':\n(void)signal(SIGINT, SIG_IGN);\nbreak;\n***\n##Beastie Bits\n+ What I learned from reading the OpenBSD's network stack source code\n+ Broadcom BCM43224 and BCM43225 Wi-Fi cards now supported by bwn(4)\n+ Ingo details searching man pages\n+ DTrace \u0026amp; ZFS Being Updated On NetBSD, Moving Away From Old OpenSolaris Code\n+ Linux Professional Institute and BSD Certification Group Join Efforts\n+ The FreeBSD Foundation thanks Donors\n##Feedback/Questions\n+ Alex - My first freebsd bug\n+ John - Suggested Speakers\n+ Todd - Two questions\n+ Matthew - CentOS to FreeBSD\n***\n","content_html":"\u003cp\u003eWe walk through dumping a PS4 kernel in only 6 days, tell you the news that NetBSD 7.1.1 has been released, details on how to run FreeBSD on a Thinkpad T470, and there’s progress in OpenBSD’s pledge.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.netbsd.org/releases/formal-7/NetBSD-7.1.1.html\" rel=\"nofollow\"\u003eNetBSD 7.1.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe NetBSD Project is pleased to announce NetBSD 7.1.1, the first security/critical update of the NetBSD 7.1 release branch. It represents a selected subset of fixes deemed important for security or stability reasons.\u003c/li\u003e\n\u003cli\u003eComplete source and binaries for NetBSD 7.1.1 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at \u003ca href=\"https://www.NetBSD.org/mirrors/\" rel=\"nofollow\"\u003ehttps://www.NetBSD.org/mirrors/\u003c/a\u003e. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.1.1 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: \u003ca href=\"https://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.1.1_hashes.asc\" rel=\"nofollow\"\u003ehttps://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.1.1_hashes.asc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:\u003c/li\u003e\n\u003cli\u003e[NetBSD website](\u003ca href=\"http://www.NetBSD.org\" rel=\"nofollow\"\u003ewww.NetBSD.org\u003c/a\u003e)\n+Changes Between 7.1 and 7.1.1 Below is an abbreviated list of changes in this release. The complete list can be found in the CHANGES-7.1.1 file in the top level directory of the NetBSD 7.1.1 release tree.\n\n\u003cul\u003e\n\u003cli\u003eSecurity Advisory Fixes The following security advisories were fixed:\u003c/li\u003e\n\u003cli\u003eNetBSD-SA2017-004 buffer overflow via cmap for 4 graphics drivers.\u003c/li\u003e\n\u003cli\u003eNetBSD-SA2017-005 x86: vulnerabilities in context handling.\u003c/li\u003e\n\u003cli\u003eNetBSD-SA2017-006 Vnode reference leak in the openat system call.\u003c/li\u003e\n\u003cli\u003eNetBSD-SA2018-001 Several vulnerabilities in context handling\u003c/li\u003e\n\u003cli\u003eNetBSD-SA2018-002 Local DoS in virecover\u003c/li\u003e\n\u003cli\u003eNote: Advisories prior to NetBSD-SA2017-004 do not affect NetBSD 7.1.1.\u003c/li\u003e\n\u003cli\u003eUserland changes\u003c/li\u003e\n\u003cli\u003edhcrelay(8): Fix bug that prevented proper operation when run in the background.\u003c/li\u003e\n\u003cli\u003eHeimdal: Update to 7.1. Fix CVE-2017-11103.\u003c/li\u003e\n\u003cli\u003emtree(8): Don\u0026#39;t modify strings stored in hash, otherwise filling up of directory hierarchy stops if the same hash value occurs in directory and leaf.\u003c/li\u003e\n\u003cli\u003eping(8): Fix cksum calculation for clearing the cached route.\u003c/li\u003e\n\u003cli\u003eresize_ffs(8): Fix numerous overflow errors which can lead to superblock corruption on large filesystems.\u003c/li\u003e\n\u003cli\u003ertadvd(8): Fix the default value of rltime. PR bin/51994.\u003c/li\u003e\n\u003cli\u003eUpdate BIND to 9.10.5-P2.\u003c/li\u003e\n\u003cli\u003eUpdate expat to 2.2.1.\u003c/li\u003e\n\u003cli\u003eUpdate ntp to 4.2.8p10.\u003c/li\u003e\n\u003cli\u003eUpdate root.cache to 2017102400.\u003c/li\u003e\n\u003cli\u003eUpdate tzdata to 2017c.\u003c/li\u003e\n\u003cli\u003evi(1): Don\u0026#39;t garble display when when resizing nvi in xterm.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003ewpa_supplicant/hostapd: Update to 2.6.\u003c/li\u003e\n\u003cli\u003eApply fixes for CVEs 2017-13077 through 2017-13082 and CVEs 2017-13086 through 2017-13088.\u003c/li\u003e\n\u003cli\u003eX: Apply fixes for CVEs 2017-12176 through 2017-12187, 2017-10971, 2017-10972, 2017-13722, 2017-13720, 2017-16611, and 2017-16612.\n***\n###\u003ca href=\"https://fail0verflow.com/blog/2017/ps4-crashdump-dump/\" rel=\"nofollow\"\u003eDumping a PS4 Kernel in \u0026quot;Only\u0026quot; 6 Days\u003c/a\u003e\n\u0026gt; What if a secure device had an attacker-viewable crashdump format? What if that same device allowed putting arbitrary memory into the crashdump? Amazingly, the ps4 tempted fate by supporting both of these features! Let’s see how that turned out…\u003c/li\u003e\n\u003cli\u003eCrashdumps on PS4\n\n\u003cul\u003e\n\u003cli\u003eThe crash handling infrastructure of the ps4 kernel is interesting for 2 main reasons:\u003c/li\u003e\n\u003cli\u003eIt is ps4-specific code (likely to be buggy)\u003c/li\u003e\n\u003cli\u003eIf the crashdump can be decoded, we will gain very useful info for finding bugs and creating reliable exploits\u003c/li\u003e\n\u003cli\u003eOn a normal FreeBSD system, a kernel panic will create a dump by calling kern_reboot with the RB_DUMP flag. This then leads to doadump being called, which will dump a rather tiny amount of information about the kernel image itself to some storage device.\u003c/li\u003e\n\u003cli\u003eOn ps4, the replacement for doadump is mdbg_run_dump, which can be called from panic or directly from trap_fatal. The amount of information stored into the dump is gigantic by comparison - kernel state for all process, thread, and vm objects are included, along with some metadata about loaded libraries. Other obvious changes from the vanilla FreeBSD method are that the mdbg_run_dump encodes data recorded into the dump on a field-by-field basis and additionally encrypts the resulting buffer before finally storing it to disk.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDumping Anything\n\n\u003cul\u003e\n\u003cli\u003eLet’s zoom in to a special part of mdbg_run_dump - where it iterates over all process’ threads and tries to dump some pthread state:\u003c/li\u003e\n\u003cli\u003edumpstate is a temporary buffer which will eventually make it into the crashdump. To summarize, sysdump__internal_call_readuser can be made to function as a read-anywhere oracle. This is because fsbase will point into our (owned) webkit process’ usermode address space. Thus, even without changing the actual fsbase value, we may freely change the value of tcb_thread, which is stored at fsbase + 0x10.\u003c/li\u003e\n\u003cli\u003eFurther, sysdump__internal_call_readuser will happily read from a kernel address and put the result into the dump.\u003c/li\u003e\n\u003cli\u003eWe can now put any kernel location into the dump, but we still need to decrypt and decode it…\u003c/li\u003e\n\u003cli\u003eAside from that, there’s also the issue that we may only add 0x10 bytes per thread in this manner…\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eFurther reading:\n\n\u003cul\u003e\n\u003cli\u003eCrashdump Crypto\u003c/li\u003e\n\u003cli\u003eCrashdump Decoding\u003c/li\u003e\n\u003cli\u003eCrashdump Automation\u003c/li\u003e\n\u003cli\u003eTriggering the Vulnerability\u003c/li\u003e\n\u003cli\u003eThe Fix (Kind of…)\u003c/li\u003e\n\u003cli\u003eFin\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAppendix\n\n\u003cul\u003e\n\u003cli\u003eCrashdump Decryptor\u003c/li\u003e\n\u003cli\u003eNXDP Decoder\n***\n###\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdtw-2017-conference-recap-li-wen-hsu/\" rel=\"nofollow\"\u003eBSDTW 2017 Conference Recap: Li-Wen Hsu\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eBSDTW 2017 Conference Recap: Li-Wen Hsu\u003c/li\u003e\n\u003cli\u003e12/28/2017\n\u0026gt; Last month, we held BSDTW 2017 on November 11-12th, 2017 in Taipei, Taiwan. It was the second largest BSD conference in Taiwan and the first one in this decade. In 2004, the first AsiaBSDCon was also held in Taipei. Then all of the following AsiaBSDCon conferences were held in Tokyo, Japan. (AsiaBSDCon 2018 will be in Tokyo again next year, please submit your talk proposal by December 31th 2017, and attend the conference on March 8th-11th)\n\u0026gt; We wanted to start small with the first BSDTW because we were not sure how much sponsorship or how many volunteers we might have. BSDTW 2017 was a single track, two-day conference with 11 selected 50 minute presentations and 1 WIP/lightning talk session consisting of 8 short talks. I do regret that we did not have any local presenters this year. It is also a similar problem at AsiaBSDCon. Unsurprisingly, as with AsiaBSDcon, the travel reimbursement took up a large part of the whole conference budget. We do have many good people that work in Asia, but we still need to encourage people to present their work more.\n\u0026gt; We had over 130 registered attendees, with 30% of them coming from outside of Taiwan. To our knowledge, in recent years, this is the only open source conference in Taiwan to be held entirely in English, and to have such a large portion of international attendees. This is also the first open source conference in Taiwan to focus entirely on operating systems. The attendees included students, professors, engineers or CTOs, and CEOs from technology companies. This is also the first time that GroffTheBSDGoat visited Taiwan! We were surprised that after the silence for so many years, there are still so many people that use and love BSD near us. We saw many old friends, who had “disappeared” for a long time, came back, and were glad to meet many new friends at the conference. I am really happy that this conference was able to bring together these people, from local and abroad. After attending BSD conferences around the world for many years, I feel that the friendship between BSD users is the most important thing in the BSD community, and one of the main reasons people stay. It has been my pleasure to bring this community back to my friends in my homeland.\n\u0026gt; After the two-day event, I truly understand that bootstrapping a new conference is a very hard job. One with many aspects that you don’t even imagine until you’re really in the process of planning an event. I now have an even greater respect for all of the conference organizers and realize that we need to have more people help them, to keep these conferences continue to get better and better. Plus, there will always be room for a new conference!\n\u0026gt; Thanks to the FreeBSD Foundation for being the biggest sponsor of BSDTW 2017 and always being the strongest backend of our community. We are excited about the many local companies and organizations that helped us whether with people, materials or financially. We even had 21 personal sponsors, more than two times the number of other big open source conferences in Taiwan.\n\u0026gt; As I said in the closing session, I’m not sure if there will be 2nd BSDTW next year. It still depends on the amount of sponsorship and number of volunteers. However, we will definitely hold more smaller meetups in the next year to keep building up the local BSD community.\n\u0026gt; Finally, in the beginning of this month, we had a “post-conference media workshop” for organizing the media files we collected in the BSDTW 2017. Here are the review article in Traditional Chinese and the photos: \u003ca href=\"https://medium.com/@bsdtw/bsdtw-2017-%E7%B8%BD%E5%9B%9E%E9%A1%A7-a402788daede\" rel=\"nofollow\"\u003ehttps://medium.com/@bsdtw/bsdtw-2017-總回顧-a402788daede\u003c/a\u003e \u0026amp;\u0026amp;\n\u003ca href=\"https://www.flickr.com/photos/bsdtw/albums/72157689410035911\" rel=\"nofollow\"\u003ehttps://www.flickr.com/photos/bsdtw/albums/72157689410035911\u003c/a\u003e\n***\n##News Roundup\n###\u003ca href=\"https://blog.grem.de/pages/t470s.html\" rel=\"nofollow\"\u003eRunning FreeBSD on a Lenovo T470s\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRunning FreeBSD on the Lenovo T470s ThinkPad\n\u0026gt; Installing FreeBSD on this machine was super easy. As I couldn\u0026#39;t find a comprehensive/encouraging how-to about installing FreeBSD on a recent ThinkPad, I just wrote up the one below. It includes details about my personal setup, which are not required to run FreeBSD on this model, but which are more to my own taste. I still think this can be a quite useful inspiration for others who want to run their own customized configurations.\u003c/li\u003e\n\u003cli\u003eSpecs\n\u0026gt; The system I use has these specifications:\u003c/li\u003e\n\u003cli\u003eType: 20JS-001EGE\u003c/li\u003e\n\u003cli\u003eCPU: Intel Core i7-6600U, 2x 2.60GHz\u003c/li\u003e\n\u003cli\u003eRAM: 20GB DDR4\u003c/li\u003e\n\u003cli\u003eSSD: 512GB NVMe\u003c/li\u003e\n\u003cli\u003eGraphics: Intel HD Graphics 520 (IGP), 1x HDMI 1.4\u003c/li\u003e\n\u003cli\u003eDisplay: 14\u0026quot;, 1920x1080, non-glare, IPS\u003c/li\u003e\n\u003cli\u003ePorts: 3x USB-A 3.0, 1x Thunderbolt 3, 1x Gb LAN\u003c/li\u003e\n\u003cli\u003eWireless: WLAN 802.11a/b/g/n/ac, Bluetooth 4.1, LTE (Micro-SIM)\u003c/li\u003e\n\u003cli\u003eCardreader: SD/SDHC/SDXC/MMC\u003c/li\u003e\n\u003cli\u003eWebcam: 0.9 Megapixel\u003c/li\u003e\n\u003cli\u003eExtras: MIL-STD-810G, Pointing Stick, Fingerprint-Reader, Docking port\u003c/li\u003e\n\u003cli\u003eThings that work\n\u0026gt; Basically everything I care about:\n\n\u003cul\u003e\n\u003cli\u003eAccelerated video\u003c/li\u003e\n\u003cli\u003eKeyboard\u003c/li\u003e\n\u003cli\u003eTouchpad/ClickPad (like expected in a modern laptop)\u003c/li\u003e\n\u003cli\u003eSSD\u003c/li\u003e\n\u003cli\u003eWiFi\u003c/li\u003e\n\u003cli\u003eSound\u003c/li\u003e\n\u003cli\u003eHDMI out\u003c/li\u003e\n\u003cli\u003eSuspend to RAM\u003c/li\u003e\n\u003cli\u003eWebcam\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThings that don\u0026#39;t work\n\n\u003cul\u003e\n\u003cli\u003eFingerprint reader\u003c/li\u003e\n\u003cli\u003ePotentially anything I didn\u0026#39;t test\u003c/li\u003e\n\u003cli\u003eBattery life is okay, but could be better.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eInstallation of the base system\n\u0026gt; I used a snapshot release of 12-CURRENT as the basis of my installation, particularly the one of 13th of December 2017.\n\u0026gt; I dd\u0026#39;ed it onto a memory stick and boot the laptop. I started a standard installation and created an encrypted ZFS pool on nvme0, using encryption, swap encryption and partition scheme \u0026quot;GPT (UEFI)\u0026quot;.\n\u0026gt; After installation, it boots straight up.\u003c/li\u003e\n\u003cli\u003ePorts tree used\n\u0026gt; All work is based on a head ports tree from about Dec 18, 22:15 CET, which should be more or less r456672.\u003c/li\u003e\n\u003cli\u003ePreferred ClickPad configuration\n\u0026gt; As I\u0026#39;m not a fan of the the pointing stick, I disabled it in the bios. My final ClickPad configuration will be: Click to click (not tap), no middle button, right button in the lower right corner. As the old synaptics driver doesn\u0026#39;t provide good thumb detection, libinput will be used.\u003c/li\u003e\n\u003cli\u003eCheck out the laptop list on the FreeBSD wiki for compatibility: (\u003ca href=\"https://wiki.freebsd.org/Laptops/\" rel=\"nofollow\"\u003ehttps://wiki.freebsd.org/Laptops/\u003c/a\u003e)\n***\n###\u003ca href=\"https://github.com/pkgdemon/comet\" rel=\"nofollow\"\u003eFreeBSD desktop LiveCD creator\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduction\n\u0026gt; The purpose of this tool is quickly generate bloat free images containing stock FreeBSD, and supported desktop environments.\u003c/li\u003e\n\u003cli\u003eFeatures\u003c/li\u003e\n\u003cli\u003eFreeBSD 11.1-RELEASE\u003c/li\u003e\n\u003cli\u003eAMD64\u003c/li\u003e\n\u003cli\u003eGnome \u0026amp; KDE desktop environments\u003c/li\u003e\n\u003cli\u003eHybrid DVD/USB image\u003c/li\u003e\n\u003cli\u003eScreenshots\u003c/li\u003e\n\u003cli\u003e[Gnome LiveCD])\u003ca href=\"https://github.com/pkgdemon/comet/raw/master/screenshots/gnome-livecd.png?raw=true\" rel=\"nofollow\"\u003ehttps://github.com/pkgdemon/comet/raw/master/screenshots/gnome-livecd.png?raw=true\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pkgdemon/comet/raw/master/screenshots/kde-livecd.png?raw=true\" rel=\"nofollow\"\u003eKDE LiveCD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSystem Requirements\u003c/li\u003e\n\u003cli\u003eFreeBSD 11.1, or higher for AMD64\u003c/li\u003e\n\u003cli\u003e20GB of free disk space\u003c/li\u003e\n\u003cli\u003e1GB of free memory\u003c/li\u003e\n\u003cli\u003eUFS, or ZFS\u003c/li\u003e\n\u003cli\u003eInitial Setup\u003c/li\u003e\n\u003cli\u003eInstall the required packages:\n\u003ccode\u003epkg install git grub2-pcbsd grub2-efi xorriso\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eClone the repo:\n\u003ccode\u003egit clone https://www.github.com/pkgdemon/comet\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEnter the directory for running the LiveCD creator:\n\u003ccode\u003ecd comet/src\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCredentials for live media\n\u0026gt; User: liveuser\n\u0026gt; Password: freebsd\n***\n###iXsystems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/storagecrypter/\" rel=\"nofollow\"\u003eStorageCrypter Ransomware: Security Threat or Clickbait?\u003c/a\u003e\n###\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171208082246\" rel=\"nofollow\"\u003epledge() work in progress\u003c/a\u003e\n\u0026gt; I wanted to give an update that a two pledge-related changes are being worked on. The semantics and integration are complicated so it is taking some time.\n\u0026gt; One is execpromises. This will become the 2nd argument of pledge(). This allows one to set the pledge for the new image after pledge \u0026quot;exec\u0026quot;-allowed execve(). A warning though: utilizing this in software isn\u0026#39;t as easy as you might think! The fork+exec + startup sequences needed to be studied quite carefully to ensure the newly-executed child doesn\u0026#39;t ask for more than the parent\u0026#39;s execpromises. In my experiments such a circumstance is exceedingly common, so the problem is eased by introducing a new pledge feature which allows pledge violations to return ENOSYS or such rather than killing the process.\n\u0026gt; This feature also needs to be used with great caution (especially in privileged programs) because programs which fail to observe errors may continue operating forward very incorrectly; you\u0026#39;ve lost the ability to catch it failing, and provide care by fixing the problem.\n\u0026gt; The other is pledgepaths. The semantics are still being tuned a bit. Before the first call to pledge() in a process, one can pledgepath() directories. Then later after pledge(), file access operations only work if the traversal of the path crosses one of those pre-declared directories (but better make sure you don\u0026#39;t move a directory, because the kernel remembers and reasons about the vnode of the directory rather than the path). Something similar is being worked on for files, but we are still adjusting that, as well as a flag parameter for the pledgepath() call which may constrain the operations done on such files.\n\u0026gt; As such, pledgepath() will become a filesystem containment mechanism unlike chroot() because paths will still be based upon true /.\n\u0026gt; Patience.\n***\n###\u003ca href=\"http://nanxiao.me/en/the-anatomy-of-tee-program-on-openbsd/\" rel=\"nofollow\"\u003eThe anatomy of tee program on OpenBSD\u003c/a\u003e\n\u0026gt; The tee command is used to read content from standard input and displays it not only in standard output but also saves to other files simultaneously. The source code of tee in OpenBSD is very simple, and I want to give it an analysis:\n\u0026gt; (1) tee leverages Singlely-linked List defined in sys/queue.h to manage outputted files (including standard output):\n\u003ccode\u003estruct list {\nSLIST_ENTRY(list) next;\nint fd;\nchar *name;\n};\nSLIST_HEAD(, list) head;\n......\nstatic void\nadd(int fd, char *name)\n{\nstruct list *p;\n......\nSLIST_INSERT_HEAD(\u0026amp;head, p, next);\n}\nint\nmain(int argc, char *argv[])\n{\nstruct list *p;\n......\nSLIST_INIT(\u0026amp;head);\n......\nSLIST_FOREACH(p, \u0026amp;head, next) {\n......\n}\n}\u003c/code\u003e\n\u0026gt; To understand it easily, I extract the macros from sys/queue.h and created a file which utilizes the marcos:\n\u003ccode\u003e\u0026amp;#35;define SLIST_HEAD(name, type) \\\nstruct name { \\\nstruct type *slh_first; /* first element */ \\\n}\n\u0026amp;#35;define SLIST_ENTRY(type) \\\nstruct { \\\nstruct type *sle_next; /* next element */ \\\n}\n\u0026amp;#35;define SLIST_FIRST(head) ((head)-\u0026gt;slh_first)\n\u0026amp;#35;define SLIST_END(head) NULL\n\u0026amp;#35;define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head))\n\u0026amp;#35;define SLIST_NEXT(elm, field) ((elm)-\u0026gt;field.sle_next)\n\u0026amp;#35;define SLIST_FOREACH(var, head, field) \\\nfor((var) = SLIST_FIRST(head); \\\n(var) != SLIST_END(head); \\\n(var) = SLIST_NEXT(var, field))\n\u0026amp;#35;define SLIST_INIT(head) { \\\nSLIST_FIRST(head) = SLIST_END(head); \\\n}\n\u0026amp;#35;define SLIST_INSERT_HEAD(head, elm, field) do { \\\n(elm)-\u0026gt;field.sle_next = (head)-\u0026gt;slh_first; \\\n(head)-\u0026gt;slh_first = (elm); \\\n} while (0)\nstruct list {\nSLIST_ENTRY(list) next;\nint fd;\nchar *name;\n};\nSLIST_HEAD(, list) head;\nint\nmain(int argc, char *argv[])\n{\nstruct list *p;\nSLIST_INIT(\u0026amp;head);\nSLIST_INSERT_HEAD(\u0026amp;head, p, next);\nSLIST_FOREACH(p, \u0026amp;head, next) {\n}\n}\u003c/code\u003e\n\u0026gt; Then employed gcc‘s pre-processing function:\n\u003ccode\u003e\u0026amp;#35; gcc -E slist.c\n\u0026amp;#35; 1 \u0026quot;slist.c\u0026quot;\n\u0026amp;#35; 1 \u0026quot;\u0026lt;built-in\u0026gt;\u0026quot;\n\u0026amp;#35; 1 \u0026quot;\u0026lt;command-line\u0026gt;\u0026quot;\n\u0026amp;#35; 1 \u0026quot;slist.c\u0026quot;\n\u0026amp;#35; 30 \u0026quot;slist.c\u0026quot;\nstruct list {\nstruct { struct list *sle_next; } next;\nint fd;\nchar *name;\n};\nstruct { struct list *slh_first; } head;\nint\nmain(int argc, char *argv[])\n{\nstruct list *p;\n{ ((\u0026amp;head)-\u0026gt;slh_first) = NULL; };\ndo { (p)-\u0026gt;next.sle_next = (\u0026amp;head)-\u0026gt;slh_first; (\u0026amp;head)-\u0026gt;slh_first = (p); } while (0);\nfor((p) = ((\u0026amp;head)-\u0026gt;slh_first); (p) != NULL; (p) = ((p)-\u0026gt;next.sle_next)) {\n}\n}\n\u003c/code\u003e\n\u0026gt; It becomes clear now! The head node in list contains only 1 member: slh_first, which points to the first valid node. For the elements in the list, it is embedded with next struct which uses sle_next to refer to next buddy.\n\u0026gt; (2) By default, tee will overwrite the output files. If you want to append it, use -a option, and the code is as following:\n\u003ccode\u003e\nwhile (*argv) {\nif ((fd = open(*argv, O_WRONLY | O_CREAT |\n(append ? O_APPEND : O_TRUNC), DEFFILEMODE)) == -1) {\n......\n}\n......\n}\n\u003c/code\u003e\n\u0026gt; (3) The next part is the skeleton of saving content to files:\n\u003ccode\u003e\nwhile ((rval = read(STDIN_FILENO, buf, sizeof(buf))) \u0026gt; 0) {\nSLIST_FOREACH(p, \u0026amp;head, next) {\nn = rval;\nbp = buf;\ndo {\nif ((wval = write(p-\u0026gt;fd, bp, n)) == -1) {\n......\n}\nbp += wval;\n} while (n -= wval);\n}\n}\u003c/code\u003e\n\u0026gt; We need to iterates every opened file descriptor and write contents into it.\n\u0026gt; (4) Normally, theinterrupt signal will cause tee exit:\n\u003ccode\u003e\u0026amp;#35; tee\nfdkfkdfjk\nfdkfkdfjk\n^C\n\u0026amp;#35;\u003c/code\u003e\n\u0026gt; To disable this feature, use -i option:\n\u003ccode\u003e\u0026amp;#35; tee -i\nfdhfhd\nfdhfhd\n^C^C\u003c/code\u003e\n\u0026gt; The corresponding code is like this:\n\u003ccode\u003e......\ncase \u0026#39;i\u0026#39;:\n(void)signal(SIGINT, SIG_IGN);\nbreak;\u003c/code\u003e\n***\n##Beastie Bits\n+ \u003ca href=\"https://bijanebrahimi.github.io/blog/openbsds-network-stack-part-1.html\" rel=\"nofollow\"\u003eWhat I learned from reading the OpenBSD\u0026#39;s network stack source code\u003c/a\u003e\n+ \u003ca href=\"https://github.com/freebsd/freebsd/commit/888843e26a4e393f405c1c6cbdfc5b701670d363\" rel=\"nofollow\"\u003eBroadcom BCM43224 and BCM43225 Wi-Fi cards now supported by bwn(4)\u003c/a\u003e\n+ \u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=151320195122669\u0026w=2\" rel=\"nofollow\"\u003eIngo details searching man pages\u003c/a\u003e\n+ \u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=NetBSD-ZFS-DTrace-Updating\" rel=\"nofollow\"\u003eDTrace \u0026amp; ZFS Being Updated On NetBSD, Moving Away From Old OpenSolaris Code\u003c/a\u003e\n+ \u003ca href=\"http://www.lpi.org/articles/linux-professional-institute-and-bsd-certification-group-join-efforts\" rel=\"nofollow\"\u003eLinux Professional Institute and BSD Certification Group Join Efforts\u003c/a\u003e\n+ \u003ca href=\"https://www.freebsdfoundation.org/blog/thank-you-2/\" rel=\"nofollow\"\u003eThe FreeBSD Foundation thanks Donors\u003c/a\u003e\n##Feedback/Questions\n+ Alex - \u003ca href=\"http://dpaste.com/3DSV7BC#wrap\" rel=\"nofollow\"\u003eMy first freebsd bug\u003c/a\u003e\n+ John - \u003ca href=\"http://dpaste.com/2QFR4MT#wrap\" rel=\"nofollow\"\u003eSuggested Speakers\u003c/a\u003e\n+ Todd - \u003ca href=\"http://dpaste.com/2FQ450Q#wrap\" rel=\"nofollow\"\u003eTwo questions\u003c/a\u003e\n+ Matthew - \u003ca href=\"http://dpaste.com/3KA29E0#wrap\" rel=\"nofollow\"\u003eCentOS to FreeBSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We walk through dumping a PS4 kernel in only 6 days, tell you the news that NetBSD 7.1.1 has been released, details on how to run FreeBSD on a Thinkpad T470, and there’s progress in OpenBSD’s pledge.","date_published":"2018-01-03T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a7f9f9fa-3d35-4f58-8709-12f6a433b446.mp3","mime_type":"audio/mpeg","size_in_bytes":66175060,"duration_in_seconds":5514}]},{"id":"12b503ea-38c7-458a-b5b3-6893c50337b1","title":"226: SSL: Santa’s Syscall List","url":"https://www.bsdnow.tv/226","content_text":"We read the FreeBSD Q3 status report, explore good and bad syscalls, list GOG Games for OpenBSD, and show you what devmatch can do.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD Q3 Status Report 2017\n\n\nFreeBSD Team Reports\n\n\nFreeBSD Release Engineering Team\nPorts Collection\nThe FreeBSD Core Team\nThe FreeBSD Foundation\n\nProjects\n\n\nFreeBSD CI\n\nKernel\n\n\nIntel 10G iflib Driver Update\nIntel iWARP Support\npNFS Server Plan B\n\nArchitectures\n\n\nAMD Zen (family 17h) support\n\nUserland Programs\n\n\nUpdates to GDB\n\nPorts\n\n\nFreeBSDDesktop\nOpenJFX 8\nPuppet\n\nDocumentation\n\n\nAbsolute FreeBSD, 3rd Edition\nManual Pages\n\nThird-Party Projects\n\n\nThe nosh Project\n####FreeBSD Foundation Q4 Update\n***\n###11 syscalls that rock the world\n\n0. read\n\u0026gt; You cannot go wrong with a read. You can barely EFAULT it! On Linux amd64 it is syscall zero. If all its arguments are zero it returns zero. Cool!\n1. pipe\n\u0026gt; The society for the preservation of historic calling conventions is very fond of pipe, as in many operating systems and architectures it preserves the fun feature of returning both of the file descriptors as return values. At least Linux MIPS does, and NetBSD does even on x86 and amd64. Multiple return values are making a comeback in languages like Lua and Go, but C has always had a bit of a funny thing about them, but they have long been supported in many calling conventions, so let us use them in syscalls! Well, one syscall.\n2. kqueue\n\u0026gt; When the world went all C10K on our ass, and scaleable polling was a thing, Linux went epoll, the BSDs went kqueue and Solaris went /dev/poll. The nicest interface was kqueue, while epoll is some mix of edge and level triggered semantics and design errors so bugs are still being found.\n3. unshare\n\u0026gt; Sounds like a selfish syscall, but this generous syscall call is the basis of Linux namespaces, allowing a process to isolate its resources. Containers are built from unshares.\n4. setns\n\u0026gt; If you liked unshare, its younger but cooler friend takes file descriptors for namespaces. Pass it down a unix socket to another process, or stash it for later, and do that namespace switching. All the best system calls take file descriptors.\n5. execveat\n\u0026gt; Despite its somewhat confusing name (FreeBSD has the saner fexecve, but other BSDs do not have support last time I checked), this syscall finally lets you execute a program just given a file descriptor for the file. I say finally, as Linux only implemented this in 3.19, which means it is hard to rely on it (yeah, stop using those stupid old kernels folks). Before that Glibc had a terrible userspace implementation that is basically useless. Perfect for creating sandboxes, as you can sandbox a program into a filesystem with nothing at all in, or with a totally controlled tree, by opening the file to execute before chroot or changing the namespace.\n6. pdfork\n\u0026gt; Too cool for Linux, you have to head out to FreeBSD for this one. Like fork, but you get a file descriptor for the process not a pid. Then you can throw it in the kqueue or send it to another process. Once you have tried process descriptors you will never go back.\n7. signalfd\n\u0026gt; You might detect a theme here, but if you have ever written traditional 1980s style signal handlers you know how much they suck. How about turning your signals into messages that you can read on, you guessed it, file descriptors. Like, usable.\n8. wstat\n\u0026gt; This one is from Plan 9. It does the opposite of stat and writes the same structure. Simples. Avoids having chmod, chown, rename, utime and so on, by the simple expedient of making the syscall symmetric. Why not?\n9. clonefile\n\u0026gt; The only cool syscall on OSX, and only supported on the new APFS filesystem. Copies whole files or directories on a single syscall using copy on write for all the data. Look on my works, copy_file_range and despair.\n10. pledge\n\u0026gt; The little sandbox that worked. OpenBSD only here, they managed to make a simple sandbox that was practical for real programs, like the base OpenBSD system. Capsicum form FreeBSD (and promised for Linux for years but no sign) is a lovely design, and gave us pdfork, but its still kind of difficult and intrusive to implement. Linux has, well, seccomp, LSMs, and still nothing that usable for the average program.\n###Eleven syscalls that suck\n0. ioctl\n\u0026gt; It can‘t decide if it‘s arguments are integers, strings, or some struct that is lost in the midst of time. Make up your mind! Plan 9 was invented to get rid of this.\n1. fcntl\n\u0026gt; Just like ioctl but for some different miscellaneous operations, because one miscelleny is not enough.\n2. tuxcall\n\u0026gt; Linux put a web server in the kernel! To win a benchmark contest with Microsoft! It had it‘s own syscall! My enum tux_reactions are YUK! Don‘t worry though, it was a distro patch (thanks Red Hat!) and never made it upstream, so only the man page and reserved number survive to taunt you and remind you that the path of the righteous is beset by premature optmization!\n3. io_setup\n\u0026gt; The Linux asynchronous IO syscalls are almost entirely useless! Almost nothing works! You have to use O_DIRECT for a start. And then they still barely work! They have one use, benchmarking SSDs, to show what speed you could get if only there was a usable API. Want async IO in kernel? Use Windows!\n4. stat, and its friends and relatives\n\u0026gt; Yes this one is useful, but can you find the data structure it uses? We have oldstat, oldfstat, ustat, oldlstat, statfs, fstatfs, stat, lstat, fstat, stat64, lstat64, fstat64, statfs64, fstatfs64, fstatat64 for stating files and links and filesystems in Linux. A new bunch will be along soon for Y2038. Simplify your life, use a BSD, where they cleaned up the mess as they did the cooking! Linux on 32 bit platforms is just sucky in comparison, and will get worse. And don’t even look at MIPS, where the padding is wrong.\n5. Linux on MIPS\n\u0026gt; Not a syscall, a whole implemntation of the Linux ABI. Unlike the lovely clean BSDs, Linux is different on each architecture, system calls randomly take arguments in different orders, and constants have different values, and there are special syscalls. But MIPS takes the biscuit, the whole packet of biscuits. It was made to be binary compatible with old SGI machines that don’t even exist, and has more syscall ABIs than I have had hot dinners. Clean it up! Make a new sane MIPS ABI and deprecate the old ones, nothing like adding another variant. So annoying I think I threw out all my MIPS machines, each different.\n6. inotify, fanotify and friends\n\u0026gt; Linux has no fewer than three file system change notification protocols. The first, dnotify hopped on ioctl‘s sidekick fcntl, while the two later ones, inotify and fanotify added a bunch more syscalls. You can use any of them, and they still will not provide the notification API you want for most applications. Most people use the second one, inotify and curse it. Did you know kqueue can do this on the BSDs?\n7. personality\n\u0026gt; Oozing in personality, but we just don’t get along. Basically obsolete, as the kernel can decide what kind of system emulation to do from binaries directly, it stays around with some use cases in persuading ./configure it is running on a 32 bit system. But it can turn off ASLR, and let the CVEs right into your system. We need less persoanlity!\n8. gettimeofday\n\u0026gt; Still has an obsolete timezone value from an old times when people thought timezones should go all the way to the kernel. Now we know that your computer should not know. Set its clock to UTC. Do the timezones in the UI based on where the user is, not the computer. You should use clock_gettime now. Don’t even talk to me about locales. This syscall is fast though, don’t use it for benchmarking, its in the VDSO.\n9. splice and tee\n\u0026gt; These, back in 2005 were a quite nice idea, although Linux said then “it is incomplete, the interfaces are ugly, and it will oops the system if anything goes wrong”. It won’t oops your system now, but usage has not taken off. The nice idea from Linus was that a pipe is just a ring buffer in the kernel, that can have a more general API and use cases for performant code, but a decade on it hasn’t really worked out. It was also supposed to be a more general sendfile, which in many ways was the successor of that Tux web server, but I think sendfile is still more widely used.\n10. userfaultfd\n\u0026gt; Yes, I like file descriptors. Yes CRIU is kind of cool. But userspace handling page faults? Is nothing sacred? I get that you can do this badly with a SIGSEGV handler, but talk about lipstick on a pig.\n***\n###OpenBSD 6.0 on an iMac G3 from 1999\n\u0026gt; A while ago I spent $50 for an iMac G3 (aka the iMac,1). This iconic model restored Apple's fortunes in the late '90s. Since the iMac G3 can still boot Mac OSes 8 and 9, I mostly use the machine to indulge a nostalgia for childhood schooldays spent poking at the operating system and playing Escape Velocity. But before I got around to that, I decided to try out the software that the previous owner had left on the machine. The antiquated OSX 10.2 install and 12 year old versions of Safari and Internet Explorer were too slow and old to use for anything. Updating to newer software was almost impossible; a later OSX is required to run the little PowerPC-compatible software still languishing in forgotten corners of the Internet. This got me thinking: could this machine be used, really used, nowadays? Lacking a newer OSX disc, I decided to try the most recent OpenBSD release. (And, since then, to re-try with each new OpenBSD release.) Below are the results of this experiment (plus a working xorg.conf file) and a few background notes.\nBackground\n\u0026gt; This iMac is a Revision D iMac G3 in grape. It's part of the iMac,1 family of computers. This family includes all tray-loading iMac G3s. (Later iMac G3s had a slot-loading CD drive and different components.) Save for a slightly faster processor, a dedicated graphics card, and cosmetic tweaks to the case, my iMac is identical to the prior year's line-launching Bondi Blue iMac. My machine has had its memory upgraded from 32 MB to 320 MB. Thank Goodness.\n\u0026gt; The Revision D iMac G3 shipped with Mac OS 8.5. It can run up to Mac OS 9.2.2 or OSX 10.3.9. Other operating systems that tout support for the iMac,1 include NetBSD, OpenBSD, and a shrinking number of Linux distributions.\n\u0026gt; OpenBSD is simple (by design) and well-maintained. In contrast, NetBSD seems rather more complex and featureful, and I have heard grumbling that despite its reputation for portability, NetBSD really only works well on amd64. I'd test that assertion if OpenBSD's macppc installation instructions didn't seem much simpler than NetBSD's. Linux is even more complicated, although most distros are put together in a way that you can mostly ignore that complexity (until you can't). In the end I went with OpenBSD because I am familiar with it and because I like it.\nInstalling OpenBSD on the iMac,1\n\u0026gt; Installing OpenBSD on this iMac was simple. It's the same procedure as installing OpenBSD on an amd64 rig. You put in the installation disc; you tell the machine to boot from it; and then you answer a few prompts, most of which simply ask you to press enter. In this case, OpenBSD recognizes all machine's hardware just fine, including sound and networking, though I had a little trouble with video.\n\u0026gt; The OpenBSD documentation says video should just work and that an xorg.conf file isn't necessary. As such, it no longer ships with an xorg.conf file. Though that's never posed a problem on my other OpenBSD machines, it does here. Video doesn't work out of the box on my iMac,1. startx just blanks the screen. Fortunately, because the BSDs use a centralized development model where each operating system is stored in one repository, OpenBSD's website provides a web interface to the source code going back to the early days. I was able to find the last version of the sample xorg.conf that used to ship on macppc. With a little tweaking, I transformed that file into this one, with which video works just fine. Just drop it into your iMac's /etc/X11 directory. You'll also need to remember to set the machdep.allowaperture sysctl to 2 (e.g., as root run sysctl machdep.allowaperture=2), although the installer will do that automatically if you answer yes to the question about whether you plan to run X.\n\u0026gt; All that being said, video performance is pretty poor. I am either doing something wrong, or OpenBSD doesn't have accelerated video for this iMac, or this machine is just really old! I will discuss performance below.\nRunning OpenBSD on the iMac,1\n\u0026gt; The machine performs okay under OpenBSD. You can expect to ably run minimalistic software under minimalistic window managers. I tried dillo, mrxvt, and cmus under cwm and fvwm. Performance here was just fine. I also tried Firefox 26, 33, and 34 under fvwm and cwm. Firefox ran, but \"modern,\" Javascript-heavy sites were an exercise in frustration; the 2015 version of CNN.com basically froze Firefox for 30 seconds or more. A lighter browser like dillo is doable.\n\u0026gt; You'll notice that I used the past-tense to talk about Firefox. Firefox currently doesn't build on PowerPC on OpenBSD. Neither does Chromium. Neither do a fair number of applications. But whatever -- there's still a lot of lighter applications available, and it's these you'll use day-to-day on a decades-old machine.\n\u0026gt; Lightweight window managers work okay, as you'd expect. You can even run heavier desktop environments, such as xfce, though you'll give up a lot of performance.\n\u0026gt; I ran the Ubench benchmark on this iMac and two more modern machines also running OpenBSD. The benchmark seems like an old one; I don't know how (if at all) it accounts for hardware changes in the past 13 years. That is, I don't know if the difference in score accurately measures the difference in real-world performance. Here are the results anyway:\nConclusion\n\u0026gt; Except for when I check to see if OpenBSD still works, I run Mac OS9 on this rig. I have faster and better machines for running OpenBSD. If I didn't -- if this rig were, improbably, all I had left, and I was waiting on the rush delivery of something modern -- then I would use OpenBSD on my iMac,1. I'd have to stick to lightweight applications, but at least they'd be up-to-date and running on a simple, stable, OS.\n***\n##News Roundup\n###34th Chaos Communication Congress Schedule\nMany talks are streamed live, a good mixture of english and german talks\nMay contain DTraces of FreeBSD\nAre all BSDs created equally?\nlibrary operating systems\nHardening Open Source Development\n***\n###OpenBSD 6.2 + CDE\n\u0026gt; If you've noticed a disruption in the time-space continuum recently, it is likely because I have finally been able to compile and install the Common Desktop Environment (CDE) in a current and actively-developed operating system (OpenBSD 6.2 in this case).\n\u0026gt; This comes after so many attempts (across multiple platforms) that ended up with the build process prematurely stopping itself in its own tracks for a variety of infinitesimal reasons that were beyond my comprehension as a non-programmer, or when there was success it was not without some broken parts. As for the latter, I've been able to build CDE on OpenIndiana Hipster, but with an end product where I'm unable to change the color scheme in dtstyle (because \"useColorObj\" is set to \"False\"), with a default color scheme that is low-res and unpleasant. As for changing \"useColorObj\" to \"True\", I tried every recommended trick I could find online, but nothing worked. \n\u0026gt; My recent attempts at installing CDE on OpenBSD (version 6.1) saw the process stop due to a number of errors that are pure gibberish to these naive eyes. While disappointing, it was par for the course within my miserable experience with trying to build this particular desktop environment. As I wrote in this space in November 2015, in the course of explaining part of my imperitive for installing Solaris 10: \n\u0026gt; And so I have come to think of building the recently open-sourced CDE as being akin to a coffee mug I saw many years ago. One side of the mug read \"Turn the mug to see how to keep an idiot busy.\" On the other side, it read \"Turn the mug to see how to keep an idiot busy.\" I'm through feeling like an idiot, which is partially why I'm on this one-week journey with Solaris 10.\n\u0026gt; While I thoroughly enjoyed running Solaris 10 on my ThinkPad T61p, and felt a devilish thrill at using it out in the open at my local MacBook- and iPhone-infested Starbucks and causing general befuddlement and consternation among the occasional prying yoga mom, I never felt like I could do much with it beyond explore the SunOS 5.10 command line and watch YouTube videos. While still supported by its current corporate owner (whose name I don't even want to type), it is no longer actively developed and is thus little more than a retro toy. I hated the idea of installing anything else over it, but productivity beckoned and it was time to tearfully and reluctantly drag myself off the dance floor.\n\u0026gt; In any case, just last week I noticed that the Sourceforge page for the OpenBSD build had some 6.2-specific notes by way of a series of four patches, and so I decided 'what the heck, let's give this puppy another whirl'. After an initial abortive attempt at a build, I surmised that I hadn't applied the four patches correctly. A day or two later, I took a deep breath and tried again, this time resolving to not proceed with the time make World build command until I could see some sign of a successful patch process. (This time around, I downloaded the patches and moved them into the directory containing the CDE makefiles, and issued each patch command as patch  Once I had the thing up and running, and with a mind bursting with fruit flavor, I started messing about. The first order of business was to create a custom color scheme modelled after the default color scheme in UnixWare. (Despite any baggage that system carries from its previous ownership under SCO, I adored the aesthetics of UnixWare 7.1.4 two years ago when I installed the free one month trial version on my ThinkPad. For reasons that escape me now, I named my newly-created color scheme in honor of UnixWare 7.1.3.)\n\u0026gt; Like a proud papa, I immediately tweeted the above screenshot and risked irritating a Linux kid or two in the process, given SCO's anti-climatic anti-Linux patent trolling from way back when. (I'm not out to irritate penguinistas, I just sure like this color scheme.)\nFinal Thoughts\n\u0026gt; It may look a little clunky at first, and may be a little bling-challenged, but the more I use CDE and adapt to it, the more it feels like an extension of my brain. Perhaps this is because it has a lot zip and behaves in a consistent and coherent manner. (I don't want to go too much further down that road here, as OSnews's Thom Holwerda already gave a good rundown about ten years ago.)\n\u0026gt; Now that I have succesfully paired my absolute favorite operating system with a desktop environment that has exerted an intense gravitational hold on me for many, many years, I don't anticipate distrohopping any time soon. And as I attain a more advanced knowledge of CDE, I'll be chronicling any new discoveries here for the sake of anyone following me from behind as I feel my way around this darkened room.\n***\n###devmatch(8) added to FreeBSD HEAD\n```\nLog:\nMatch unattached devices on the system to potential kernel modules.\n\n\ndevmatch(8) matchs up devices in the system device tree with drivers\n  that may match them. For each unattached device in the system, it\n  tries to find matching PNP info in the linker hints and prints modules\n  to load to claim the devices.\n\nIn --unbound mode, devmatch can look for drivers that have attached to\n  devices in the device tree and have plug and play information, but for\n  which no PNP info exists. This helps find drivers that haven't been\n  converted yet that are in use on this system.\n\nIn addition, the ability to dump out linker.hints is provided.\n\nFuture commits will add hooks to devd.conf and rc.d to fully automate\n  using this information.\nAdded:\n  head/usr.sbin/devmatch/\n  head/usr.sbin/devmatch/Makefile   (contents, props changed)\n  head/usr.sbin/devmatch/devmatch.8   (contents, props changed)\n  head/usr.sbin/devmatch/devmatch.c   (contents, props changed)\nModified:\n  head/usr.sbin/Makefile\nModified: head/usr.sbin/Makefile\n\n+ Oh, you naughty committers: :-) https://www.mail-archive.com/svn-src-all@freebsd.org/msg154720.html\n***\n##Beastie Bits\n+ [New FreeBSD Journal issue: Monitoring and Metrics](https://www.freebsdfoundation.org/journal/)\n+ [OpenBSD Engine Mix available on GOG.com](https://www.gog.com/mix/openbsd_engine_available)\n+ [OpenBSD Foundation reached their 2017 fundraising goal](http://www.openbsdfoundation.org/campaign2017.html)\n+ [TrueOS 17.12 Review – An Easy BSD](https://www.youtube.com/watch?v=nKr1GCsV-gA)\n+ [LibreSSL 2.6.4 Released](https://bsdsec.net/articles/libressl-2-6-4-released-fixed)\n***\n##Feedback/Questions\n+ Mike - [BSD 217 \u0026amp; Winning over Linux Users](http://dpaste.com/3AB7J4P#wrap)\n+ JLR - [Boot Environments Broken?](http://dpaste.com/2K0ZDH9#wrap)\n+ Kevr - [ZFS question and suggestion](http://dpaste.com/04MXA5P#wrap)\n+ Ivan - [FreeBSD read cache - ZFS](http://dpaste.com/1P9ETGQ#wrap)\n***\n","content_html":"\u003cp\u003eWe read the FreeBSD Q3 status report, explore good and bad syscalls, list GOG Games for OpenBSD, and show you what devmatch can do.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2017-December/001818.html\" rel=\"nofollow\"\u003eFreeBSD Q3 Status Report 2017\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD Team Reports\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD Release Engineering Team\u003c/li\u003e\n\u003cli\u003ePorts Collection\u003c/li\u003e\n\u003cli\u003eThe FreeBSD Core Team\u003c/li\u003e\n\u003cli\u003eThe FreeBSD Foundation\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eProjects\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD CI\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eKernel\n\n\u003cul\u003e\n\u003cli\u003eIntel 10G iflib Driver Update\u003c/li\u003e\n\u003cli\u003eIntel iWARP Support\u003c/li\u003e\n\u003cli\u003epNFS Server Plan B\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eArchitectures\n\n\u003cul\u003e\n\u003cli\u003eAMD Zen (family 17h) support\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eUserland Programs\n\n\u003cul\u003e\n\u003cli\u003eUpdates to GDB\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003ePorts\n\n\u003cul\u003e\n\u003cli\u003eFreeBSDDesktop\u003c/li\u003e\n\u003cli\u003eOpenJFX 8\u003c/li\u003e\n\u003cli\u003ePuppet\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation\n\n\u003cul\u003e\n\u003cli\u003eAbsolute FreeBSD, 3rd Edition\u003c/li\u003e\n\u003cli\u003eManual Pages\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThird-Party Projects\n\n\u003cul\u003e\n\u003cli\u003eThe nosh Project\n####\u003ca href=\"https://www.freebsdfoundation.org/wp-content/uploads/2017/12/FreeBSD-Foundation-Q4-Update.pdf\" rel=\"nofollow\"\u003eFreeBSD Foundation Q4 Update\u003c/a\u003e\n***\n###\u003ca href=\"https://www.cloudatomiclab.com/prosyscall/\" rel=\"nofollow\"\u003e11 syscalls that rock the world\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e0. read\n\u0026gt; You cannot go wrong with a read. You can barely EFAULT it! On Linux amd64 it is syscall zero. If all its arguments are zero it returns zero. Cool!\u003c/li\u003e\n\u003cli\u003e1. pipe\n\u0026gt; The society for the preservation of historic calling conventions is very fond of pipe, as in many operating systems and architectures it preserves the fun feature of returning both of the file descriptors as return values. At least Linux MIPS does, and NetBSD does even on x86 and amd64. Multiple return values are making a comeback in languages like Lua and Go, but C has always had a bit of a funny thing about them, but they have long been supported in many calling conventions, so let us use them in syscalls! Well, one syscall.\u003c/li\u003e\n\u003cli\u003e2. kqueue\n\u0026gt; When the world went all C10K on our ass, and scaleable polling was a thing, Linux went epoll, the BSDs went kqueue and Solaris went /dev/poll. The nicest interface was kqueue, while epoll is some mix of edge and level triggered semantics and design errors so bugs are still being found.\u003c/li\u003e\n\u003cli\u003e3. unshare\n\u0026gt; Sounds like a selfish syscall, but this generous syscall call is the basis of Linux namespaces, allowing a process to isolate its resources. Containers are built from unshares.\u003c/li\u003e\n\u003cli\u003e4. setns\n\u0026gt; If you liked unshare, its younger but cooler friend takes file descriptors for namespaces. Pass it down a unix socket to another process, or stash it for later, and do that namespace switching. All the best system calls take file descriptors.\u003c/li\u003e\n\u003cli\u003e5. execveat\n\u0026gt; Despite its somewhat confusing name (FreeBSD has the saner fexecve, but other BSDs do not have support last time I checked), this syscall finally lets you execute a program just given a file descriptor for the file. I say finally, as Linux only implemented this in 3.19, which means it is hard to rely on it (yeah, stop using those stupid old kernels folks). Before that Glibc had a terrible userspace implementation that is basically useless. Perfect for creating sandboxes, as you can sandbox a program into a filesystem with nothing at all in, or with a totally controlled tree, by opening the file to execute before chroot or changing the namespace.\u003c/li\u003e\n\u003cli\u003e6. pdfork\n\u0026gt; Too cool for Linux, you have to head out to FreeBSD for this one. Like fork, but you get a file descriptor for the process not a pid. Then you can throw it in the kqueue or send it to another process. Once you have tried process descriptors you will never go back.\u003c/li\u003e\n\u003cli\u003e7. signalfd\n\u0026gt; You might detect a theme here, but if you have ever written traditional 1980s style signal handlers you know how much they suck. How about turning your signals into messages that you can read on, you guessed it, file descriptors. Like, usable.\u003c/li\u003e\n\u003cli\u003e8. wstat\n\u0026gt; This one is from Plan 9. It does the opposite of stat and writes the same structure. Simples. Avoids having chmod, chown, rename, utime and so on, by the simple expedient of making the syscall symmetric. Why not?\u003c/li\u003e\n\u003cli\u003e9. clonefile\n\u0026gt; The only cool syscall on OSX, and only supported on the new APFS filesystem. Copies whole files or directories on a single syscall using copy on write for all the data. Look on my works, copy_file_range and despair.\u003c/li\u003e\n\u003cli\u003e10. pledge\n\u0026gt; The little sandbox that worked. OpenBSD only here, they managed to make a simple sandbox that was practical for real programs, like the base OpenBSD system. Capsicum form FreeBSD (and promised for Linux for years but no sign) is a lovely design, and gave us pdfork, but its still kind of difficult and intrusive to implement. Linux has, well, seccomp, LSMs, and still nothing that usable for the average program.\n###\u003ca href=\"https://www.cloudatomiclab.com/antisyscall/\" rel=\"nofollow\"\u003eEleven syscalls that suck\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e0. ioctl\n\u0026gt; It can‘t decide if it‘s arguments are integers, strings, or some struct that is lost in the midst of time. Make up your mind! Plan 9 was invented to get rid of this.\u003c/li\u003e\n\u003cli\u003e1. fcntl\n\u0026gt; Just like ioctl but for some different miscellaneous operations, because one miscelleny is not enough.\u003c/li\u003e\n\u003cli\u003e2. tuxcall\n\u0026gt; Linux put a web server in the kernel! To win a benchmark contest with Microsoft! It had it‘s own syscall! My enum tux_reactions are YUK! Don‘t worry though, it was a distro patch (thanks Red Hat!) and never made it upstream, so only the man page and reserved number survive to taunt you and remind you that the path of the righteous is beset by premature optmization!\u003c/li\u003e\n\u003cli\u003e3. io_setup\n\u0026gt; The Linux asynchronous IO syscalls are almost entirely useless! Almost nothing works! You have to use O_DIRECT for a start. And then they still barely work! They have one use, benchmarking SSDs, to show what speed you could get if only there was a usable API. Want async IO in kernel? Use Windows!\u003c/li\u003e\n\u003cli\u003e4. stat, and its friends and relatives\n\u0026gt; Yes this one is useful, but can you find the data structure it uses? We have oldstat, oldfstat, ustat, oldlstat, statfs, fstatfs, stat, lstat, fstat, stat64, lstat64, fstat64, statfs64, fstatfs64, fstatat64 for stating files and links and filesystems in Linux. A new bunch will be along soon for Y2038. Simplify your life, use a BSD, where they cleaned up the mess as they did the cooking! Linux on 32 bit platforms is just sucky in comparison, and will get worse. And don’t even look at MIPS, where the padding is wrong.\u003c/li\u003e\n\u003cli\u003e5. Linux on MIPS\n\u0026gt; Not a syscall, a whole implemntation of the Linux ABI. Unlike the lovely clean BSDs, Linux is different on each architecture, system calls randomly take arguments in different orders, and constants have different values, and there are special syscalls. But MIPS takes the biscuit, the whole packet of biscuits. It was made to be binary compatible with old SGI machines that don’t even exist, and has more syscall ABIs than I have had hot dinners. Clean it up! Make a new sane MIPS ABI and deprecate the old ones, nothing like adding another variant. So annoying I think I threw out all my MIPS machines, each different.\u003c/li\u003e\n\u003cli\u003e6. inotify, fanotify and friends\n\u0026gt; Linux has no fewer than three file system change notification protocols. The first, dnotify hopped on ioctl‘s sidekick fcntl, while the two later ones, inotify and fanotify added a bunch more syscalls. You can use any of them, and they still will not provide the notification API you want for most applications. Most people use the second one, inotify and curse it. Did you know kqueue can do this on the BSDs?\u003c/li\u003e\n\u003cli\u003e7. personality\n\u0026gt; Oozing in personality, but we just don’t get along. Basically obsolete, as the kernel can decide what kind of system emulation to do from binaries directly, it stays around with some use cases in persuading ./configure it is running on a 32 bit system. But it can turn off ASLR, and let the CVEs right into your system. We need less persoanlity!\u003c/li\u003e\n\u003cli\u003e8. gettimeofday\n\u0026gt; Still has an obsolete timezone value from an old times when people thought timezones should go all the way to the kernel. Now we know that your computer should not know. Set its clock to UTC. Do the timezones in the UI based on where the user is, not the computer. You should use clock_gettime now. Don’t even talk to me about locales. This syscall is fast though, don’t use it for benchmarking, its in the VDSO.\u003c/li\u003e\n\u003cli\u003e9. splice and tee\n\u0026gt; These, back in 2005 were a quite nice idea, although Linux said then “it is incomplete, the interfaces are ugly, and it will oops the system if anything goes wrong”. It won’t oops your system now, but usage has not taken off. The nice idea from Linus was that a pipe is just a ring buffer in the kernel, that can have a more general API and use cases for performant code, but a decade on it hasn’t really worked out. It was also supposed to be a more general sendfile, which in many ways was the successor of that Tux web server, but I think sendfile is still more widely used.\u003c/li\u003e\n\u003cli\u003e10. userfaultfd\n\u0026gt; Yes, I like file descriptors. Yes CRIU is kind of cool. But userspace handling page faults? Is nothing sacred? I get that you can do this badly with a SIGSEGV handler, but talk about lipstick on a pig.\n***\n###\u003ca href=\"http://www.increasinglyadequate.com/macppc.html\" rel=\"nofollow\"\u003eOpenBSD 6.0 on an iMac G3 from 1999\u003c/a\u003e\n\u0026gt; A while ago I spent $50 for an iMac G3 (aka the iMac,1). This iconic model restored Apple\u0026#39;s fortunes in the late \u0026#39;90s. Since the iMac G3 can still boot Mac OSes 8 and 9, I mostly use the machine to indulge a nostalgia for childhood schooldays spent poking at the operating system and playing Escape Velocity. But before I got around to that, I decided to try out the software that the previous owner had left on the machine. The antiquated OSX 10.2 install and 12 year old versions of Safari and Internet Explorer were too slow and old to use for anything. Updating to newer software was almost impossible; a later OSX is required to run the little PowerPC-compatible software still languishing in forgotten corners of the Internet. This got me thinking: could this machine be used, really used, nowadays? Lacking a newer OSX disc, I decided to try the most recent OpenBSD release. (And, since then, to re-try with each new OpenBSD release.) Below are the results of this experiment (plus a working xorg.conf file) and a few background notes.\u003c/li\u003e\n\u003cli\u003eBackground\n\u0026gt; This iMac is a Revision D iMac G3 in grape. It\u0026#39;s part of the iMac,1 family of computers. This family includes all tray-loading iMac G3s. (Later iMac G3s had a slot-loading CD drive and different components.) Save for a slightly faster processor, a dedicated graphics card, and cosmetic tweaks to the case, my iMac is identical to the prior year\u0026#39;s line-launching Bondi Blue iMac. My machine has had its memory upgraded from 32 MB to 320 MB. Thank Goodness.\n\u0026gt; The Revision D iMac G3 shipped with Mac OS 8.5. It can run up to Mac OS 9.2.2 or OSX 10.3.9. Other operating systems that tout support for the iMac,1 include NetBSD, OpenBSD, and a shrinking number of Linux distributions.\n\u0026gt; OpenBSD is simple (by design) and well-maintained. In contrast, NetBSD seems rather more complex and featureful, and I have heard grumbling that despite its reputation for portability, NetBSD really only works well on amd64. I\u0026#39;d test that assertion if OpenBSD\u0026#39;s macppc installation instructions didn\u0026#39;t seem much simpler than NetBSD\u0026#39;s. Linux is even more complicated, although most distros are put together in a way that you can mostly ignore that complexity (until you can\u0026#39;t). In the end I went with OpenBSD because I am familiar with it and because I like it.\u003c/li\u003e\n\u003cli\u003eInstalling OpenBSD on the iMac,1\n\u0026gt; Installing OpenBSD on this iMac was simple. It\u0026#39;s the same procedure as installing OpenBSD on an amd64 rig. You put in the installation disc; you tell the machine to boot from it; and then you answer a few prompts, most of which simply ask you to press enter. In this case, OpenBSD recognizes all machine\u0026#39;s hardware just fine, including sound and networking, though I had a little trouble with video.\n\u0026gt; The OpenBSD documentation says video should just work and that an xorg.conf file isn\u0026#39;t necessary. As such, it no longer ships with an xorg.conf file. Though that\u0026#39;s never posed a problem on my other OpenBSD machines, it does here. Video doesn\u0026#39;t work out of the box on my iMac,1. startx just blanks the screen. Fortunately, because the BSDs use a centralized development model where each operating system is stored in one repository, OpenBSD\u0026#39;s website provides a web interface to the source code going back to the early days. I was able to find the last version of the sample xorg.conf that used to ship on macppc. With a little tweaking, I transformed that file into \u003ca href=\"https://www.increasinglyadequate.com/files/xorg.conf\" rel=\"nofollow\"\u003ethis one\u003c/a\u003e, with which video works just fine. Just drop it into your iMac\u0026#39;s /etc/X11 directory. You\u0026#39;ll also need to remember to set the machdep.allowaperture sysctl to 2 (e.g., as root run sysctl machdep.allowaperture=2), although the installer will do that automatically if you answer yes to the question about whether you plan to run X.\n\u0026gt; All that being said, video performance is pretty poor. I am either doing something wrong, or OpenBSD doesn\u0026#39;t have accelerated video for this iMac, or this machine is just really old! I will discuss performance below.\u003c/li\u003e\n\u003cli\u003eRunning OpenBSD on the iMac,1\n\u0026gt; The machine performs okay under OpenBSD. You can expect to ably run minimalistic software under minimalistic window managers. I tried dillo, mrxvt, and cmus under cwm and fvwm. Performance here was just fine. I also tried Firefox 26, 33, and 34 under fvwm and cwm. Firefox ran, but \u0026quot;modern,\u0026quot; Javascript-heavy sites were an exercise in frustration; the 2015 version of CNN.com basically froze Firefox for 30 seconds or more. A lighter browser like dillo is doable.\n\u0026gt; You\u0026#39;ll notice that I used the past-tense to talk about Firefox. Firefox currently doesn\u0026#39;t build on PowerPC on OpenBSD. Neither does Chromium. Neither do a fair number of applications. But whatever -- there\u0026#39;s still a lot of lighter applications available, and it\u0026#39;s these you\u0026#39;ll use day-to-day on a decades-old machine.\n\u0026gt; Lightweight window managers work okay, as you\u0026#39;d expect. You can even run heavier desktop environments, such as xfce, though you\u0026#39;ll give up a lot of performance.\n\u0026gt; I ran the Ubench benchmark on this iMac and two more modern machines also running OpenBSD. The benchmark seems like an old one; I don\u0026#39;t know how (if at all) it accounts for hardware changes in the past 13 years. That is, I don\u0026#39;t know if the difference in score accurately measures the difference in real-world performance. Here are the results anyway:\u003c/li\u003e\n\u003cli\u003eConclusion\n\u0026gt; Except for when I check to see if OpenBSD still works, I run Mac OS9 on this rig. I have faster and better machines for running OpenBSD. If I didn\u0026#39;t -- if this rig were, improbably, all I had left, and I was waiting on the rush delivery of something modern -- then I would use OpenBSD on my iMac,1. I\u0026#39;d have to stick to lightweight applications, but at least they\u0026#39;d be up-to-date and running on a simple, stable, OS.\n***\n##News Roundup\n###\u003ca href=\"https://events.ccc.de/congress/2017/Fahrplan/index.html\" rel=\"nofollow\"\u003e34th Chaos Communication Congress Schedule\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMany talks are \u003ca href=\"http://streaming.media.ccc.de/34c3\" rel=\"nofollow\"\u003estreamed live\u003c/a\u003e, a good mixture of english and german talks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://events.ccc.de/congress/2017/Fahrplan/events/9196.html\" rel=\"nofollow\"\u003eMay contain DTraces of FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://events.ccc.de/congress/2017/Fahrplan/events/8968.html\" rel=\"nofollow\"\u003eAre all BSDs created equally?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://events.ccc.de/congress/2017/Fahrplan/events/8949.html\" rel=\"nofollow\"\u003elibrary operating systems\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://events.ccc.de/congress/2017/Fahrplan/events/9249.html\" rel=\"nofollow\"\u003eHardening Open Source Development\u003c/a\u003e\n***\n###\u003ca href=\"https://jamesdeagle.blogspot.co.uk/2017/12/openbsd-62-cde.html\" rel=\"nofollow\"\u003eOpenBSD 6.2 + CDE\u003c/a\u003e\n\u0026gt; If you\u0026#39;ve noticed a disruption in the time-space continuum recently, it is likely because I have finally been able to compile and install the Common Desktop Environment (CDE) in a current and actively-developed operating system (OpenBSD 6.2 in this case).\n\u0026gt; This comes after so many attempts (across multiple platforms) that ended up with the build process prematurely stopping itself in its own tracks for a variety of infinitesimal reasons that were beyond my comprehension as a non-programmer, or when there was success it was not without some broken parts. As for the latter, I\u0026#39;ve been able to build CDE on OpenIndiana Hipster, but with an end product where I\u0026#39;m unable to change the color scheme in dtstyle (because \u0026quot;useColorObj\u0026quot; is set to \u0026quot;False\u0026quot;), with a default color scheme that is low-res and unpleasant. As for changing \u0026quot;useColorObj\u0026quot; to \u0026quot;True\u0026quot;, I tried every recommended trick I could find online, but nothing worked. \n\u0026gt; My recent attempts at installing CDE on OpenBSD (version 6.1) saw the process stop due to a number of errors that are pure gibberish to these naive eyes. While disappointing, it was par for the course within my miserable experience with trying to build this particular desktop environment. As I wrote in this space in November 2015, in the course of explaining part of my imperitive for installing Solaris 10: \n\u0026gt; And so I have come to think of building the recently open-sourced CDE as being akin to a coffee mug I saw many years ago. One side of the mug read \u0026quot;Turn the mug to see how to keep an idiot busy.\u0026quot; On the other side, it read \u0026quot;Turn the mug to see how to keep an idiot busy.\u0026quot; I\u0026#39;m through feeling like an idiot, which is partially why I\u0026#39;m on this one-week journey with Solaris 10.\n\u0026gt; While I thoroughly enjoyed running Solaris 10 on my ThinkPad T61p, and felt a devilish thrill at using it out in the open at my local MacBook- and iPhone-infested Starbucks and causing general befuddlement and consternation among the occasional prying yoga mom, I never felt like I could do much with it beyond explore the SunOS 5.10 command line and watch YouTube videos. While still supported by its current corporate owner (whose name I don\u0026#39;t even want to type), it is no longer actively developed and is thus little more than a retro toy. I hated the idea of installing anything else over it, but productivity beckoned and it was time to tearfully and reluctantly drag myself off the dance floor.\n\u0026gt; In any case, just last week I noticed that the Sourceforge page for the OpenBSD build had some 6.2-specific notes by way of a series of four patches, and so I decided \u0026#39;what the heck, let\u0026#39;s give this puppy another whirl\u0026#39;. After an initial abortive attempt at a build, I surmised that I hadn\u0026#39;t applied the four patches correctly. A day or two later, I took a deep breath and tried again, this time resolving to not proceed with the time make World build command until I could see some sign of a successful patch process. (This time around, I downloaded the patches and moved them into the directory containing the CDE makefiles, and issued each patch command as patch \u003cfilename.patch and then reading the output carefully to determine which file in the source code was to be patched, and entering the filename when asked.)\n\u003e Once I had the thing up and running, and with a mind bursting with fruit flavor, I started messing about. The first order of business was to create a custom color scheme modelled after the default color scheme in UnixWare. (Despite any baggage that system carries from its previous ownership under SCO, I adored the aesthetics of UnixWare 7.1.4 two years ago when I installed the free one month trial version on my ThinkPad. For reasons that escape me now, I named my newly-created color scheme in honor of UnixWare 7.1.3.)\n\u0026gt; Like a proud papa, I immediately tweeted the above screenshot and risked irritating a Linux kid or two in the process, given SCO\u0026#39;s anti-climatic anti-Linux patent trolling from way back when. (I\u0026#39;m not out to irritate penguinistas, I just sure like this color scheme.)\u003c/li\u003e\n\u003cli\u003eFinal Thoughts\n\u0026gt; It may look a little clunky at first, and may be a little bling-challenged, but the more I use CDE and adapt to it, the more it feels like an extension of my brain. Perhaps this is because it has a lot zip and behaves in a consistent and coherent manner. (I don\u0026#39;t want to go too much further down that road here, as OSnews\u0026#39;s Thom Holwerda already gave a good rundown about ten years ago.)\n\u0026gt; Now that I have succesfully paired my absolute favorite operating system with a desktop environment that has exerted an intense gravitational hold on me for many, many years, I don\u0026#39;t anticipate distrohopping any time soon. And as I attain a more advanced knowledge of CDE, I\u0026#39;ll be chronicling any new discoveries here for the sake of anyone following me from behind as I feel my way around this darkened room.\n***\n###\u003ca href=\"https://www.mail-archive.com/svn-src-all@freebsd.org/msg154719.html\" rel=\"nofollow\"\u003edevmatch(8) added to FreeBSD HEAD\u003c/a\u003e\n```\nLog:\nMatch unattached devices on the system to potential kernel modules.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003edevmatch(8) matchs up devices in the system device tree with drivers\u003cbr\u003e\n  that may match them. For each unattached device in the system, it\u003cbr\u003e\n  tries to find matching PNP info in the linker hints and prints modules\u003cbr\u003e\n  to load to claim the devices.\u003c/p\u003e\n\n\u003cp\u003eIn --unbound mode, devmatch can look for drivers that have attached to\u003cbr\u003e\n  devices in the device tree and have plug and play information, but for\u003cbr\u003e\n  which no PNP info exists. This helps find drivers that haven\u0026#39;t been\u003cbr\u003e\n  converted yet that are in use on this system.\u003c/p\u003e\n\n\u003cp\u003eIn addition, the ability to dump out linker.hints is provided.\u003c/p\u003e\n\n\u003cp\u003eFuture commits will add hooks to devd.conf and rc.d to fully automate\u003cbr\u003e\n  using this information.\u003cbr\u003e\nAdded:\u003cbr\u003e\n  head/usr.sbin/devmatch/\u003cbr\u003e\n  head/usr.sbin/devmatch/Makefile   (contents, props changed)\u003cbr\u003e\n  head/usr.sbin/devmatch/devmatch.8   (contents, props changed)\u003cbr\u003e\n  head/usr.sbin/devmatch/devmatch.c   (contents, props changed)\u003cbr\u003e\nModified:\u003cbr\u003e\n  head/usr.sbin/Makefile\u003cbr\u003e\nModified: head/usr.sbin/Makefile\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e+ Oh, you naughty committers: :-) https://www.mail-archive.com/svn-src-all@freebsd.org/msg154720.html\n***\n##Beastie Bits\n+ [New FreeBSD Journal issue: Monitoring and Metrics](https://www.freebsdfoundation.org/journal/)\n+ [OpenBSD Engine Mix available on GOG.com](https://www.gog.com/mix/openbsd_engine_available)\n+ [OpenBSD Foundation reached their 2017 fundraising goal](http://www.openbsdfoundation.org/campaign2017.html)\n+ [TrueOS 17.12 Review – An Easy BSD](https://www.youtube.com/watch?v=nKr1GCsV-gA)\n+ [LibreSSL 2.6.4 Released](https://bsdsec.net/articles/libressl-2-6-4-released-fixed)\n***\n##Feedback/Questions\n+ Mike - [BSD 217 \u0026amp; Winning over Linux Users](http://dpaste.com/3AB7J4P#wrap)\n+ JLR - [Boot Environments Broken?](http://dpaste.com/2K0ZDH9#wrap)\n+ Kevr - [ZFS question and suggestion](http://dpaste.com/04MXA5P#wrap)\n+ Ivan - [FreeBSD read cache - ZFS](http://dpaste.com/1P9ETGQ#wrap)\n***\n\u003c/code\u003e\u003c/pre\u003e","summary":"We read the FreeBSD Q3 status report, explore good and bad syscalls, list GOG Games for OpenBSD, and show you what devmatch can do.","date_published":"2017-12-27T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/12b503ea-38c7-458a-b5b3-6893c50337b1.mp3","mime_type":"audio/mpeg","size_in_bytes":91934356,"duration_in_seconds":7661}]},{"id":"5f2c1de5-e2e3-49c6-8e12-39b0f4b76458","title":"225: The one true OS","url":"https://www.bsdnow.tv/225","content_text":"TrueOS stable 17.12 is out, we have an OpenBSD workstation guide for you, learnings from the PDP-11, FreeBSD 2017 Releng recap and Duo SSH.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nTrueOS stable release 17.12\n\n\nWe are pleased to announce a new release of the 6-month STABLE version of TrueOS!\nThis release cycle focused on lots of cleanup and stabilization of the distinguishing features of TrueOS: OpenRC, boot speed, removable-device management, SysAdm API integrations, Lumina improvements, and more. We have also been working quite a bit on the server offering of TrueOS, and are pleased to provide new text-based server images with support for Virtualization systems such as bhyve! This allows for simple server deployments which also take advantage of the TrueOS improvements to FreeBSD such as:\n\n\n\nSane service management and status reporting with OpenRC\nReliable, non-interactive system update mechanism with fail-safe boot environment support.\nGraphical management of remote TrueOS servers through SysAdm (also provides a reliable API for administrating systems remotely).\nLibreSSL for all base SSL support.\nBase system managed via packages (allows for additional fine-tuning).\nBase system is smaller due to the removal of the old GCC version in base. Any compiler and/or version may be installed and used via packages as desired.\nSupport for newer graphics drivers and chipsets (graphics, networking, wifi, and more)\n\n\n\nTrueOS Version 17.12 (2017, December) is now available for download from the TrueOS website. Both the STABLE and UNSTABLE package repositories have also been updated in-sync with each other, so current users only need to follow the prompts about updating their system to run the new release.\nWe are also pleased to announce the availability of TrueOS Sponsorships! If you would like to help contribute to the project financially we now have the ability to accept both one-time donations as well as recurring monthly donations which wil help us advocate for TrueOS around the world.  Thank you all for using and supporting TrueOS!\n\n\n\nNotable Changes:\n\n\nOver 1100 OpenRC services have been created for 3rd-party packages. This should ensure the functionality of nearly all available 3rd-party packages that install/use their own services.\nThe OpenRC services for FreeBSD itself have been overhauled, resulting in significantly shorter boot times.\nSeparate install images for desktops and servers (server image uses a text/console installer)\nBhyve support for TrueOS Server Install\nFreeBSD base is synced with 12.0-CURRENT as of December 4th, 2017 (Github commit: 209d01f)\nFreeBSD ports tree is synced as of November 30th (pre-FLAVOR changes)\nLumina Desktop has been updated/developed from 1.3.0 to 1.4.1\nPCDM now supports multiple simultaneous graphical sessions\nRemovable devices are now managed through the “automounter” service.\nDevices are “announced” as available to the system via *.desktop shortcuts in /media. These shortcuts also contain a variety of optional “Actions” that may be performed on the device.\nDevices are only mounted while they are being used (such as when browsing via the command line or a file manager).\nDevices are automatically unmounted as soon as they stop being accessed.\nIntegrated support for all major filesystems (UFS, EXT, FAT, NTFS, ExFAT, etc..)\nNOTE: The Lumina desktop is the only one which supports this functionality at the present time.\nThe TrueOS update system has moved to an “active” update backend. This means that the user will need to actually start the update process by clicking the “Update Now” button in SysAdm, Lumina, or PCDM (as well as the command-line option). The staging of the update files is still performed automatically by default but this (and many other options) can be easily changed in the “Update Manager” settings as desired.\n\nKnown Errata:\n\n\n[VirtualBox] Running FreeBSD within a VirtualBox VM is known to occasionally receive non-existent mouse clicks – particularly when using a scroll wheel or two-finger scroll.\n\nQuick Links:\n\n\nTrueOS Forums\nTrueOS Bugs\nTrueOS Handbook\nTrueOS Community Chat on Telegram\n***\n\n\n\nOpenBSD Workstation Guide\n\n\nDesign Goals\nUser actions should complete instantaneously. While I understand if compiling code and rendering videos takes time, opening programs and moving windows should have no observable delay. The system should use minimalist tools.\nCorollary: cache data offline when possible. Everything from OpenStreetMaps to StackExchange can be stored locally. No reason to repeatedly hit the internet to query them. This also improves privacy because the initial download is indiscriminate and doesn’t reveal personal queries or patterns of computer activity.\nNo idling program should use a perceptible amount of CPU. Why does CalendarAgent on my Macbook sometimes use 150% CPU for fifteen minutes? Who knows. Why are background ChromeHelpers chugging along at upper-single-digit CPU? I didn’t realize that holding a rendered DOM could be so challenging.\nAvoid interpreted languages, web-based desktop apps, and JavaScript garbage. There, I said it. Take your Electron apps with you to /dev/null!\nStability. Old fashioned programs on a conservative OS on quality mainstream hardware. There are enough challenges to tackle without a bleeding edge system being one of them.\nDelegate to quality hardware components. Why use a janky ncurses software audio mixer when you can use…an actual audio mixer?\nHardware privacy. No cameras or microphones that I can’t physically disconnect. Also real hardware protection for cryptographic keys.\nSoftware privacy. Commercial software and operating systems have gotten so terrible about this. I even catch Mac command line tools trying to call Google Analytics. Sorry homebrew, your cute emojis don’t make up for the surveillance.\n\n\nThe Hardware\nCore\n\n\n\n\nTo get the best hardware for the money I’m opting for a desktop computer. Haven’t had one since the early 2000s and it feels anachronistic, but it will outperform a laptop of similar cost. After much searching, I found the HP Z240 Tower Workstation. It’s no-nonsense and supports exactly the customizations I was looking for:\n\n\n\nNo operating system pre-loaded (Cut out the “Windows tax”)\nIntel Xeon E3-1270 v6 processor (Supports ECC ram)\n16 GB (2x8 GB) DDR4-2400 ECC Unbuffered memory (2400Mhz is the full memory clock speed supported by the Xeon)\n256 GB HP Z Turbo Drive G2 PCIe SSD (Uses NVMe rather than SATA for faster throughput, supported by nvme(4))\nNo graphics card (We’ll add our own)\nIntel® Ethernet I210-T1 PCIe (Supported by em(4))\nA modest discrete video card will enable 2D Glamor acceleration on X11. The Radeon HD 6450 (sold separately) is fanless and listed as supported by radeon(4).\nWhy build a solid computer and not protect it? Externally, the APC BR1300G UPS will protect the system from power surges and abrupt shutdowns.\n\n\nPeripherals\n\n\n\n\nThe Matias Ergo Pro uses mechanical switches for that old fashioned clicky sound. It also includes dedicated buttons along the side for copying and pasting. Why is that cool? Well, it improves secondary selection, a technique that Sun computers used but time forgot.\nSince we’re talking about a home office workstation, you may want a printer. The higher quality printers speak PostScript and PDF natively. Unix machines connect to them on TCP port 9100 and send PostScript commands directly. (You can print via telnet if you know the commands!) The Brother HL-L5100DN is a duplex LaserJet which allows that “raw” TCP printing.\n\n\n\nAudio/Video\n\n\n\nI know a lot of people enjoy surrounding themselves with a wall of monitors like they’re in the heart of NASA Mission Control, but I find multi-monitor setups slightly disorienting. It introduces an extra bit of cognitive overhead to determine which monitor is for what exactly. That’s why I’d go with a modest, crisp Dell UltraSharp 24\" U2417H. It’s 1080p and yeah there are 4k monitors nowadays, but text and icons are small enough as it is for me!\nIf I ever considered a second monitor it would be e-ink for comfortably reading electronic copies of books or long articles. The price is currently too high to justify the purchase, but the most promising monitor seems to be the Dasung Paperlike.\nIn the other direction, video input, it’s more flexible to use a general-purpose HDMI capture box like the Rongyuxuan than settle on a particular webcam. This allows hooking up a real camera, or any other video device.\nAlthough the motherboard for this system has built-in audio, we should use a card with better OpenBSD support. The WBTUO PCIe card uses a C-Media CMI8768 chipset, handled by cmpci(4). The card provides S/PDIFF in and out ports if you ever want to use an external DAC or ADC.\nThe way to connect it with other things is with a dedicated hardware mixer. The Behringer Xenyx 802 has all the connections needed, and the ability to route audio to and from the computer and a variety of devices at once. The mixer may seem an odd peripheral, but I want to mix the computer with an old fashioned CD player, ham radio gear, and amplifier so this unifies the audio setup.\nWhen doing remote pair programming or video team meetings it’s nice to have a quality microphone. The best ones for this kind of work are directional, with a cardioid reception pattern. The MXL 770 condenser mic is perfect, and uses a powered XLR connection supplied by the mixer.\n\n\n\nBackups\n\n\n\nWe’re going dead simple and old-school, back to tapes. There are a set of tape standards called LTO-n. As n increases the tape capacity gets bigger, but the tape drive gets more expensive. In my opinion the best balance these days for the home user is LTO-3. You can usually find an HP Ultrium 960 LTO-3 on eBay for 150 dollars. The cartridges hold 800GB and are about 15 dollars apiece. Hard drives keep coming down in price, but these tapes are very cheap and simpler than keeping a bunch of disk drives. Also tape has proven longevity, and good recoverability.\nTo use old fashioned tech like this you need a SCSI host bus adapter like the Adaptec 29320LPE, supported by ahd(4).\n\n\n\nCryptography\n\n\n\nYou don’t want to generate and store secret keys on a general purpose network attached computer. The attack surface is a mile wide. Generating or manipulating “offline” secret keys needs to happen on a separate computer with no network access.\nLittle boards like the Raspberry Pi would be good except they use ARM processors (incompatible with Tails OS) and have wifi. The JaguarBoard is a small x86 machine with no wireless capability. Just switch the keyboard and monitor over to this machine for your “cleanroom.” \njaguar board: Generating keys requires entropy. The Linux kernel on Tails samples system properties to generate randomness, but why not help it out with a dedicated true random number generator (TRNG)? Bit Babbler supplies pure randomness at a high bitrate through USB. (OneRNG works better on the OpenBSD main system, via uonerng(4).)\nbit babbler: This little computer will save its results onto a OpenPGP Smartcard V2.1. This card provides write-only access to keys, and computes cryptographic primitives internally to sign and encrypt messages. To use it with a regular computer, hook up a Cherry ST2000 card reader. This reader has a PIN pad built in, so no keylogger on the main computer could even obtain your decryption PIN.\n\n\n\nThe Software\n\n\n\nWe take the beefed up hardware above and pair it with ninja-fast software written in C. Some text-based, others raw X11 graphical apps unencumbered by ties to any specific window manager.\nI’d advise OpenBSD for the underlying operating system, not a Linux. OpenBSD has greater internal consistency, their man pages are impeccable, and they make it a priority to prune old code to keep the system minimal.\n\n\n\n\nWhat Have We Learned from the PDP-11?\n\n\nThe paper I have chosen tonight is a retrospective on a computer design. It is one of a series of papers by Gordon Bell, and various co-authors, spanning the design, growth, and eventual replacement of the companies iconic line of PDP-11 mini computers.\nThis year represents the 60th anniversary of the founding of the company that produced the PDP-11. It is also 40 years since this paper was written, so I thought it would be entertaining to review Bell’s retrospective through the lens of our own 20/20 hindsight.\nTo set the scene for this paper, first we should talk a little about the company that produced the PDP-11, the Digital Equipment Corporation of Maynard, Massachusetts. Better known as DEC.\nIt’s also worth noting that the name PDP is an acronym for “Programmed Data Processor”, as at the time, computers had a reputation of being large, complicated, and expensive machines, and DEC’s venture capitalists would not support them if they built a “computer”\nA computer is not solely determined by its architecture; it reflects the technological, economic, and human aspects of the environment in which it was designed and built. […] The finished computer is a product of the total design environment.\n\n\n\n“Right from the get go, Bell is letting us know that the success of any computer project is not abstractly building the best computer but building the right computer, and that takes context.”\n\n\n\nIt is the nature of computer engineering to be goal-oriented, with pressure to produce deliverable products. It is therefore difficult to plan for an extensive lifetime.\nBecause of the open nature of the PDP-11, anything which interpreted the instructions according to the processor specification, was a PDP-11, so there had been a rush within DEC, once it was clear that the PDP-11 market was heating up, to build implementations; you had different groups building fast, expensive ones and cost reduced slower ones\nThe first weakness of minicomputers was their limited addressing capability. The biggest (and most common) mistake that can be made in a computer design is that of not providing enough address bits for memory addressing and management.\nA second weakness of minicomputers was their tendency not to have enough registers. This was corrected for the PDP-11 by providing eight 16-bit registers. Later, six 32-bit registers were added for floating-point arithmetic.  […] More registers would increase the multiprogramming context switch time and confuse the user.\n\n\n\n“It’s also interesting to note Bell’s concern that additional registers would confuse the user. In the early 1970’s the assumption that the machine would be programmed directly in assembly was still the prevailing mindset.”\n\n\n\nA third weakness of minicomputers was their lack of hardware stack capability. In the PDP-11, this was solved with the autoincrement/autodecrement addressing mechanism. This solution is unique to the PDP-11 and has proven to be exceptionally useful. (In fact, it has been copied by other designers.)\n\n\n\n“Nowadays it’s hard to imagine hardware that doesn’t have a notion of a stack, but consider that a stack isn’t important if you don’t need recursion.”\n“The design for the PDP-11 was laid down in 1969 and if we look at the programming languages of the time, FORTRAN and COBOL, neither supported recursive function calls. The function call sequence would often store the return address at a blank word at the start of the procedure making recursion impossible.”\n\n\n\nA fourth weakness, limited interrupt capability and slow context switching, was essentially solved with the device of UNIBUS interrupt vectors, which direct device interrupts.\nThe basic mechanism is very fast, requiring only four memory cycles from the time an interrupt request is issued until the first instruction of the interrupt routine begins execution.\nA fifth weakness of prior minicomputers, inadequate character-handling capability, was met in the PDP-11 by providing direct byte addressing capability.\n\n\n\n“Strings and character handling were of increasing importance during the 1960’s as scientific and business computing converged. The predominant character encodings at the time were 6 bit character sets which provided just enough space for upper case letters, the digits 0 to 9, space, and a few punctuation characters sufficient for printing financial reports.”\n“Because memory was so expensive, placing one 6 bit character into a 12 or 18 bit word was simply unacceptable so characters would be packed into words. This proved efficient for storage, but complex for operations like move, compare, and concatenate, which had to account for a character appearing in the top or bottom of the word, expending valuable words of program storage to cope.”\n“The problem was addressed in the PDP-11 by allowing the machine to operate on memory as both a 16-bit word, and the increasingly popular 8-bit byte. The expenditure of 2 additional bits per character was felt to be worth it for simpler string handling, and also eased the adoption of the increasingly popular 7-bit ASCII standard of which DEC were a proponent at the time. Bell concludes this point with the throw away line:”\n\n\n\nAlthough string instructions are not yet provided in the hardware, the common string operations (move, compare, concatenate) can be programmed with very short loops.\nA sixth weakness, the inability to use read-only memories, was avoided in the PDP-11. Most code written for the PDP-11 tends to be pure and reentrant without special effort by the programmer, allowing a read-only memory (ROM) to be used directly.\nA seventh weakness, one common to many minicomputers, was primitive I/O capabilities.\nA ninth weakness of minicomputers was the high cost of programming them. Many users program in assembly language, without the comfortable environment of editors, file systems, and debuggers available on bigger systems. The PDP-11 does not seem to have overcome this weakness, although it appears that more complex systems are being built successfully with the PDP-11 than with its predecessors, the PDP-8 and PDP-15.\nThe problems faced by computer designers can usually be attributed to one of two causes: inexperience or second-systemitis\nBefore the PDP-11, there was no UNIX. Before the PDP-11, there was no C, this is the computer that C was designed on. If you want to know why the classical C int is 16 bits wide, it’s because of the PDP-11. UNIX bought us ideas such as pipes, everything is a file, and interactive computing.\nUNIX, which had arrived at Berkley in 1974 aboard a tape carried by Ken Thompson, would evolve into the west coast flavoured Berkley Systems Distribution. Berkeley UNIX had been ported to the VAX by the start of the 1980’s and was thriving as the counter cultural alternative to DEC’s own VMS operating system. Berkeley UNIX spawned a new generation of hackers who would go on to form companies like Sun micro systems, and languages like Self, which lead directly to the development of Java. UNIX was ported to a bewildering array of computer systems during the 80’s and the fallout from the UNIX wars gave us the various BSD operating systems who continue to this day.\n\n\n\nThe article, and the papers it is summarizing, contain a lot more than we could possibly dig into even if we dedicated the entire show to the topic\n***\n\n\nNews Roundup\n\nTwo-factor authentication SSH with Duo in FreeBSD 11\n\n\nThis setup uses an SSH key as the first factor of authentication. Please watch Part 1 on setting up SSH keys and how to scp it to your server.\n\n\n\nVideo guide\nRegister for a free account at Duo.com\nInstall the Duo package on your FreeBSD server\n\n\npkg install -y duo\n\n\nLog into the Duo site \u0026gt; Applications \u0026gt; Protect an Application \u0026gt; Search for Unix application \u0026gt; Protect this Application This will generate the keys we need to configure Duo.\nEdit the Duo config file using the course notes template\n\n\nvi /usr/local/etc/pam_duo.conf\n\n\nExample config\n\n\n[duo]\n; Duo integration key\nikey = Integration key goes here\n; Duo secret key\nskey = Secret key goes here\n; Duo API host\nhost = API hostname goes here\n\n\n\nChange the permissions of the Duo config file. If the permissions are not correct then the service will not function properly.\n\n\nchmod 600 /usr/local/etc/pam_duo.conf\n\n\nEdit the SSHD config file using the course notes template\n\n\nvi /etc/ssh/sshd_config\n\n\nExample config\n\n\nListenAddress 0.0.0.0\nPort 22\nPasswordAuthentication no\nUsePAM yes\nChallengeResponseAuthentication yes\nUseDNS no\nPermitRootLogin yes\nAuthenticationMethods publickey,keyboard-interactive\n\n\n\nEdit PAM to configure SSHD for Duo using the course notes template\nExample config\n\n\n\u0026amp;#35; auth\nauth            sufficient      pam_opie.so             no_warn no_fake_prompts\nauth            requisite       pam_opieaccess.so       no_warn allow_local\nauth            required        /usr/local/lib/security/pam_duo.so\n\n\u0026amp;#35; session\n\u0026amp;#35; session        optional        pam_ssh.so              want_agent\nsession         required        pam_permit.so\n\n\u0026amp;#35; password\n\u0026amp;#35; password       sufficient      pam_krb5.so             no_warn try_first_pass\npassword        required        pam_unix.so             no_warn try_first_pass\n\n\n\nRestart the sshd service\n\n\nservice sshd restart\n\n\nSSH into your FreeBSD server and follow the link it outputs to enroll your phone with Duo.\n\n\nssh server.example.com\n\n\nSSH into your server again\n\n\nssh server.example.com\n\n\nChoose your preferred method and it should log you into your server.\n\n\n\n\nFreeBSD 2017 Release Engineering Recap\n\n\nThis past year was undoubtedly a rather busy and successful year for the Release Engineering Team. Throughout the year, development snapshot builds for FreeBSD-CURRENT and supported FreeBSD-STABLE branches were continually provided. In addition, work to package the base system using pkg(8) continued throughout the year and remains ongoing.\nThe FreeBSD Release Engineering Team worked on the FreeBSD 11.1-RELEASE, with the code slush starting mid-May. The FreeBSD 11.1-RELEASE cycle stayed on schedule, with the final release build starting July 21, and the final release announcement following on July 25, building upon the stability and reliability of 11.0-RELEASE.\nMilestones during the 11.1-RELEASE cycle can be found on the 11.1 schedule page. The final announcement is available here.\nThe FreeBSD Release Engineering Team started the FreeBSD 10.4-RELEASE cycle, led by Marius Strobl. The FreeBSD 10.4-RELEASE cycle continued on schedule, with the only adjustments to the schedule being the addition of BETA4 and the removal of RC3. FreeBSD 10.4-RELEASE builds upon the stability and reliability of FreeBSD 10.3-RELEASE, and is planned to be the final release from the stable/10 branch.\nMilestones during the 10.4-RELEASE cycle can be found on the 10.4 schedule page. The final announcement is available here.\nIn addition to these releases, support for additional arm single-board computer images were added, notably Raspberry Pi 3 and Pine64. Additionally, release-related documentation effective 12.0-RELEASE and later has been moved from the base system repository to the documentation repository, making it possible to update related documentation as necessary post-release.\nAdditionally, the FreeBSD Release Engineering article in the Project Handbook had been rewritten to outline current practices used by the Release Engineering Team. For more information on the procedures and processes the FreeBSD Release Engineering Team follows, the new article is available here  and continually updated as procedures change.\nFinally, following the availability of FreeBSD 11.1-RELEASE, Glen Barber attended the September Developer Summit hosted at vBSDCon in Reston, VA, USA, where he gave a brief talk comprising of several points relating directly to the 11.1-RELEASE cycle. In particular, some of the points covered included what he felt went well during the release cycle, what did not go as well as it could have, and what we, as a Project, could do better to improve the release process. The slides from the talk are available in the FreeBSD Wiki.\nDuring the question and answer time following the talk, some questions asked included:\n\n\n\nQ: Should developers use the ‘Relnotes’ tag in the Subversion commit template more loosely, at risk of an increase in false positives.\n\n\n\nA: When asked when the tag in the template was initially added, the answer would have been “no”, however in hindsight it is easier to sift through the false positives, than to comb through months or years of commit logs.\n\n\n\nQ: What issues are present preventing moving release-related documentation to the documentation repository?\n\n\n\nA: There were some rendering issues last time it was investigated, but it is really nothing more than taking the time to fix those issues. (Note, that since this talk, the migration of the documentation in question had moved.)\n\n\n\nQ: Does it make sense to extend the timeframe between milestone builds during a release cycle from one week to two weeks, to allow more time for testing, for example, RC1 versus RC2?\n\n\n\nA: No. It would extend the length of the release cycle with no real benefit between milestones since as we draw nearer to the end of a given release cycle, the number of changes to that code base significantly reduce.\n\n\n\n\nFLIMP - GIMP Exploit on FreeBSD\n\n\nIn 2014, when starting the Fuzzing Project, Hanno Böck did some primitive fuzzing on GIMP and reported two bugs. They weren't fixed and were forgotten in the public bug tracker.\nRecently Tobias Stöckmann found one of these bugs (CVE-2017-17785) and figured out that it's easy to exploit.\n\n\n\nWhat kind of bug is that?\n\n\n\nIt's a classic heap buffer overflow in the FLIC parser. FLIC is a file format for animations and was introduced by Autodesk Animator.\n\n\n\nHow does the exploit work?\n\n\n\nTobias has created a detailed writeup.\n\n\n\nThe exploit doesn't work for me!\n\n\n\nWe figured out it's unreliable and the memory addresses are depending on many circumstances. The exploit ZIP comes with two variations using different memory addresses.\nTry both of them. We also noticed putting the files in a subdirectory sometimes made the exploit work.\n\n\n\nAnything more to tell about the GIMP?\n\n\n\nThere's a wide variety of graphics formats. GIMP tries to support many of them, including many legacy formats that nobody is using any more today.\nWhile this has obvious advantages - you can access the old images you may find on a backup CD from 1995 - it comes with risks. Support for many obscure file formats means many parsers that hardly anyone ever looks at.\n\n\n\nSo... what about the other parsers?\n\n\n\nThe second bug (CVE-2017-17786), which is a simple overread, was in the TGA parser. Furthermore we found buffer overreads in the XCF parser (CVE-2017-17788), the Gimp Brush (GBR) parser (CVE-2017-17784) and the Paint Shop Pro (PSP) parser (CVE-2017-17789).\nWe found another Heap buffer overflow in the Paint Shop Pro parser (CVE-2017-17787) which is probably also exploitable.\nIn other words: The GIMP import parsers are full of memory safety bugs.\n\n\n\nWhat should happen?\n\n\n\nFirst of all obviously all known memory safety bugs should be fixed.\nFurthermore we believe the way GIMP plugins work is not ideal for security testing. The plug-ins are separate executables, however they can't be executed on their own, as they communicate with the main GIMP process.\nIdeally either these plug-ins should be changed in a way that allows running them directly from the command line or - even better - they should be turned into libraries. The latter would also have the advantage of making the parser code useable for other software projects.\nFinally it might be a good idea to sandbox the import parsers.\n\n\n\n\nDell FS12-NV7 Review – Bargain FreeBSD/ZFS box\n\n\nIt seems just about everyone selling refurbished data centre kit has a load of Dell FS12-NV7’s to flog. Dell FS-what? You won’t find them in the Dell catalogue, that’s for sure. They look a bit like C2100s of some vintage, and they have a lot in common. But on closer inspection they’re obviously a “special” for an important customer. Given the number of them knocking around, it’s obviously a customer with big data, centres stuffed full of servers with a lot of processing to do. Here’s a hint: It’s not Google or Amazon.\nSo, should you be buying a weirdo box with no documentation whatsoever? I’d say yes, definitely. If you’re interests are anything like mine. In a 2U box you can get twin 4-core CPUs and 64Gb of RAM for £150 or less. What’s not to like? Ah yes, the complete lack of documentation.\nOver the next few weeks I intend to cover that. And to start off this is my first PC review for nearly twenty years.\nAs I mentioned, it’s a 2U full length heavy metal box on rails. On the back there are the usual I/O ports: a 9-way RS-232, VGA, two 1Gb Ethernet, two USB2 and a PS/2 keyboard and mouse. The front is taken up by twelve 3.5″ hard drive bays, with the status lights and power button on one of the mounting ears to make room. Unlike other Dell servers, all the connections are on the back, only.\nSo, in summary, you’re getting a lot for your money if its the kind of thing you want. It’s ideal as a high-performance Unix box with plenty of drive bays (preferably running BSD and ZFS). In this configuration it really shifts. Major bang-per-buck. Another idea I’ve had is using it for a flight simulator. That’s a lot of RAM and processors for the money. If you forego the SAS controllers in the PCIe slots and dump in a decent graphics card and sound board, it’s hard to see what’s could be better (and you get jet engine sound effects without a speaker).\nSo who should buy one of these? BSD geeks is the obvious answer. With a bit of tweaking they’re a dream. It can build-absolutely-everything in 20-30 minutes. For storage you can put fast SAS drives in and it goes like the wind, even at 3Gb bandwidth per drive. I don’t know if it works with FreeNAS but I can’t see why not – I’m using mostly FreeBSD 11.1 and the generic kernel is fine. And if you want to run a load of weird operating systems (like Windows XP) in VM format, it seems to work very well with the Xen hypervisor and Dom0 under FreeBSD. Or CentOS if you prefer.\nSo I shall end this review in true PCW style:\n\n\n\nPros:\n\n\nCheap\nLots of CPUs,\nLots of RAM\nLots of HD slots\nGreat for BSD/ZFS or VMs\n\nCons:\n\n\nNoisy\nno AES-NI\nSAS needs upgrading\nLimited PCI slots\n\n\n\n\nAs I’ve mentioned, the noise and SAS are easy and relatively cheap to fix, and thanks to BitCoin miners, even the PCI slot problem can be sorted. I’ll talk about this in a later post.\n\n\n\n\nBeastie Bits\n\n\nReflections on Hackathons\n7-Part Video Crash Course on SaltStack For FreeBSD\nThe LLVM Thread Sanitizer has been ported to NetBSD\nThe First Unix Port (1998)\narm64 platform now officially supported [and has syspatch(8)]\nBSDCan 2018 Call for Participation\nAsiaBSDCon 2018 Call for Papers\n***\n\n\nFeedback/Questions\n\n\nShawn - DragonFlyBSD vagrant images\nBen - undermydesk\nKen - Conferences\nBen - ssh keys\n\n\nSSH Chaining\n***\n\n","content_html":"\u003cp\u003eTrueOS stable 17.12 is out, we have an OpenBSD workstation guide for you, learnings from the PDP-11, FreeBSD 2017 Releng recap and Duo SSH.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/trueos-17-12-release/\" rel=\"nofollow\"\u003eTrueOS stable release 17.12\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe are pleased to announce a new release of the 6-month STABLE version of TrueOS!\u003cbr\u003e\nThis release cycle focused on lots of cleanup and stabilization of the distinguishing features of TrueOS: OpenRC, boot speed, removable-device management, SysAdm API integrations, Lumina improvements, and more. We have also been working quite a bit on the server offering of TrueOS, and are pleased to provide new text-based server images with support for Virtualization systems such as bhyve! This allows for simple server deployments which also take advantage of the TrueOS improvements to FreeBSD such as:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSane service management and status reporting with OpenRC\u003c/li\u003e\n\u003cli\u003eReliable, non-interactive system update mechanism with fail-safe boot environment support.\u003c/li\u003e\n\u003cli\u003eGraphical management of remote TrueOS servers through SysAdm (also provides a reliable API for administrating systems remotely).\u003c/li\u003e\n\u003cli\u003eLibreSSL for all base SSL support.\u003c/li\u003e\n\u003cli\u003eBase system managed via packages (allows for additional fine-tuning).\u003c/li\u003e\n\u003cli\u003eBase system is smaller due to the removal of the old GCC version in base. Any compiler and/or version may be installed and used via packages as desired.\u003c/li\u003e\n\u003cli\u003eSupport for newer graphics drivers and chipsets (graphics, networking, wifi, and more)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueOS Version 17.12 (2017, December) is now available for download from the TrueOS website. Both the STABLE and UNSTABLE package repositories have also been updated in-sync with each other, so current users only need to follow the prompts about updating their system to run the new release.\u003cbr\u003e\nWe are also pleased to announce the availability of TrueOS Sponsorships! If you would like to help contribute to the project financially we now have the ability to accept both one-time donations as well as recurring monthly donations which wil help us advocate for TrueOS around the world.  Thank you all for using and supporting TrueOS!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNotable Changes:\n\n\u003cul\u003e\n\u003cli\u003eOver 1100 OpenRC services have been created for 3rd-party packages. This should ensure the functionality of nearly all available 3rd-party packages that install/use their own services.\u003c/li\u003e\n\u003cli\u003eThe OpenRC services for FreeBSD itself have been overhauled, resulting in significantly shorter boot times.\u003c/li\u003e\n\u003cli\u003eSeparate install images for desktops and servers (server image uses a text/console installer)\u003c/li\u003e\n\u003cli\u003eBhyve support for TrueOS Server Install\u003c/li\u003e\n\u003cli\u003eFreeBSD base is synced with 12.0-CURRENT as of December 4th, 2017 (Github commit: 209d01f)\u003c/li\u003e\n\u003cli\u003eFreeBSD ports tree is synced as of November 30th (pre-FLAVOR changes)\u003c/li\u003e\n\u003cli\u003eLumina Desktop has been updated/developed from 1.3.0 to 1.4.1\u003c/li\u003e\n\u003cli\u003ePCDM now supports multiple simultaneous graphical sessions\u003c/li\u003e\n\u003cli\u003eRemovable devices are now managed through the “automounter” service.\u003c/li\u003e\n\u003cli\u003eDevices are “announced” as available to the system via *.desktop shortcuts in /media. These shortcuts also contain a variety of optional “Actions” that may be performed on the device.\u003c/li\u003e\n\u003cli\u003eDevices are only mounted while they are being used (such as when browsing via the command line or a file manager).\u003c/li\u003e\n\u003cli\u003eDevices are automatically unmounted as soon as they stop being accessed.\u003c/li\u003e\n\u003cli\u003eIntegrated support for all major filesystems (UFS, EXT, FAT, NTFS, ExFAT, etc..)\u003c/li\u003e\n\u003cli\u003eNOTE: The Lumina desktop is the only one which supports this functionality at the present time.\u003c/li\u003e\n\u003cli\u003eThe TrueOS update system has moved to an “active” update backend. This means that the user will need to actually start the update process by clicking the “Update Now” button in SysAdm, Lumina, or PCDM (as well as the command-line option). The staging of the update files is still performed automatically by default but this (and many other options) can be easily changed in the “Update Manager” settings as desired.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eKnown Errata:\n\n\u003cul\u003e\n\u003cli\u003e[VirtualBox] Running FreeBSD within a VirtualBox VM is known to occasionally receive non-existent mouse clicks – particularly when using a scroll wheel or two-finger scroll.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eQuick Links:\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://discourse.trueos.org/\" rel=\"nofollow\"\u003eTrueOS Forums\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trueos/trueos-core/issues\" rel=\"nofollow\"\u003eTrueOS Bugs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/handbook/trueos.html\" rel=\"nofollow\"\u003eTrueOS Handbook\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://t.me/TrueOSCommunity\" rel=\"nofollow\"\u003eTrueOS Community Chat on Telegram\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://begriffs.com/posts/2017-05-17-linux-workstation-guide.html\" rel=\"nofollow\"\u003eOpenBSD Workstation Guide\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDesign Goals\u003c/li\u003e\n\u003cli\u003eUser actions should complete instantaneously. While I understand if compiling code and rendering videos takes time, opening programs and moving windows should have no observable delay. The system should use minimalist tools.\u003c/li\u003e\n\u003cli\u003eCorollary: cache data offline when possible. Everything from OpenStreetMaps to StackExchange can be stored locally. No reason to repeatedly hit the internet to query them. This also improves privacy because the initial download is indiscriminate and doesn’t reveal personal queries or patterns of computer activity.\u003c/li\u003e\n\u003cli\u003eNo idling program should use a perceptible amount of CPU. Why does CalendarAgent on my Macbook sometimes use 150% CPU for fifteen minutes? Who knows. Why are background ChromeHelpers chugging along at upper-single-digit CPU? I didn’t realize that holding a rendered DOM could be so challenging.\u003c/li\u003e\n\u003cli\u003eAvoid interpreted languages, web-based desktop apps, and JavaScript garbage. There, I said it. Take your Electron apps with you to /dev/null!\u003c/li\u003e\n\u003cli\u003eStability. Old fashioned programs on a conservative OS on quality mainstream hardware. There are enough challenges to tackle without a bleeding edge system being one of them.\u003c/li\u003e\n\u003cli\u003eDelegate to quality hardware components. Why use a janky ncurses software audio mixer when you can use…an actual audio mixer?\u003c/li\u003e\n\u003cli\u003eHardware privacy. No cameras or microphones that I can’t physically disconnect. Also real hardware protection for cryptographic keys.\u003c/li\u003e\n\u003cli\u003eSoftware privacy. Commercial software and operating systems have gotten so terrible about this. I even catch Mac command line tools trying to call Google Analytics. Sorry homebrew, your cute emojis don’t make up for the surveillance.\n\n\u003cul\u003e\n\u003cli\u003eThe Hardware\u003c/li\u003e\n\u003cli\u003eCore\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo get the best hardware for the money I’m opting for a desktop computer. Haven’t had one since the early 2000s and it feels anachronistic, but it will outperform a laptop of similar cost. After much searching, I found the HP Z240 Tower Workstation. It’s no-nonsense and supports exactly the customizations I was looking for:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNo operating system pre-loaded (Cut out the “Windows tax”)\u003c/li\u003e\n\u003cli\u003eIntel Xeon E3-1270 v6 processor (Supports ECC ram)\u003c/li\u003e\n\u003cli\u003e16 GB (2x8 GB) DDR4-2400 ECC Unbuffered memory (2400Mhz is the full memory clock speed supported by the Xeon)\u003c/li\u003e\n\u003cli\u003e256 GB HP Z Turbo Drive G2 PCIe SSD (Uses NVMe rather than SATA for faster throughput, supported by nvme(4))\u003c/li\u003e\n\u003cli\u003eNo graphics card (We’ll add our own)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIntel® Ethernet I210-T1 PCIe (Supported by em(4))\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA modest discrete video card will enable 2D Glamor acceleration on X11. The Radeon HD 6450 (sold separately) is fanless and listed as supported by radeon(4).\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWhy build a solid computer and not protect it? Externally, the APC BR1300G UPS will protect the system from power surges and abrupt shutdowns.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeripherals\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Matias Ergo Pro uses mechanical switches for that old fashioned clicky sound. It also includes dedicated buttons along the side for copying and pasting. Why is that cool? Well, it improves secondary selection, a technique that Sun computers used but time forgot.\u003cbr\u003e\nSince we’re talking about a home office workstation, you may want a printer. The higher quality printers speak PostScript and PDF natively. Unix machines connect to them on TCP port 9100 and send PostScript commands directly. (You can print via telnet if you know the commands!) The Brother HL-L5100DN is a duplex LaserJet which allows that “raw” TCP printing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAudio/Video\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI know a lot of people enjoy surrounding themselves with a wall of monitors like they’re in the heart of NASA Mission Control, but I find multi-monitor setups slightly disorienting. It introduces an extra bit of cognitive overhead to determine which monitor is for what exactly. That’s why I’d go with a modest, crisp Dell UltraSharp 24\u0026quot; U2417H. It’s 1080p and yeah there are 4k monitors nowadays, but text and icons are small enough as it is for me!\u003cbr\u003e\nIf I ever considered a second monitor it would be e-ink for comfortably reading electronic copies of books or long articles. The price is currently too high to justify the purchase, but the most promising monitor seems to be the Dasung Paperlike.\u003cbr\u003e\nIn the other direction, video input, it’s more flexible to use a general-purpose HDMI capture box like the Rongyuxuan than settle on a particular webcam. This allows hooking up a real camera, or any other video device.\u003cbr\u003e\nAlthough the motherboard for this system has built-in audio, we should use a card with better OpenBSD support. The WBTUO PCIe card uses a C-Media CMI8768 chipset, handled by cmpci(4). The card provides S/PDIFF in and out ports if you ever want to use an external DAC or ADC.\u003cbr\u003e\nThe way to connect it with other things is with a dedicated hardware mixer. The Behringer Xenyx 802 has all the connections needed, and the ability to route audio to and from the computer and a variety of devices at once. The mixer may seem an odd peripheral, but I want to mix the computer with an old fashioned CD player, ham radio gear, and amplifier so this unifies the audio setup.\u003cbr\u003e\nWhen doing remote pair programming or video team meetings it’s nice to have a quality microphone. The best ones for this kind of work are directional, with a cardioid reception pattern. The MXL 770 condenser mic is perfect, and uses a powered XLR connection supplied by the mixer.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBackups\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe’re going dead simple and old-school, back to tapes. There are a set of tape standards called LTO-n. As n increases the tape capacity gets bigger, but the tape drive gets more expensive. In my opinion the best balance these days for the home user is LTO-3. You can usually find an HP Ultrium 960 LTO-3 on eBay for 150 dollars. The cartridges hold 800GB and are about 15 dollars apiece. Hard drives keep coming down in price, but these tapes are very cheap and simpler than keeping a bunch of disk drives. Also tape has proven longevity, and good recoverability.\u003cbr\u003e\nTo use old fashioned tech like this you need a SCSI host bus adapter like the Adaptec 29320LPE, supported by ahd(4).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCryptography\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou don’t want to generate and store secret keys on a general purpose network attached computer. The attack surface is a mile wide. Generating or manipulating “offline” secret keys needs to happen on a separate computer with no network access.\u003cbr\u003e\nLittle boards like the Raspberry Pi would be good except they use ARM processors (incompatible with Tails OS) and have wifi. The JaguarBoard is a small x86 machine with no wireless capability. Just switch the keyboard and monitor over to this machine for your “cleanroom.” \u003cbr\u003e\njaguar board: Generating keys requires entropy. The Linux kernel on Tails samples system properties to generate randomness, but why not help it out with a dedicated true random number generator (TRNG)? Bit Babbler supplies pure randomness at a high bitrate through USB. (OneRNG works better on the OpenBSD main system, via uonerng(4).)\u003cbr\u003e\nbit babbler: This little computer will save its results onto a OpenPGP Smartcard V2.1. This card provides write-only access to keys, and computes cryptographic primitives internally to sign and encrypt messages. To use it with a regular computer, hook up a Cherry ST2000 card reader. This reader has a PIN pad built in, so no keylogger on the main computer could even obtain your decryption PIN.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Software\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe take the beefed up hardware above and pair it with ninja-fast software written in C. Some text-based, others raw X11 graphical apps unencumbered by ties to any specific window manager.\u003cbr\u003e\nI’d advise OpenBSD for the underlying operating system, not a Linux. OpenBSD has greater internal consistency, their man pages are impeccable, and they make it a priority to prune old code to keep the system minimal.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dave.cheney.net/2017/12/04/what-have-we-learned-from-the-pdp-11\" rel=\"nofollow\"\u003eWhat Have We Learned from the PDP-11?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe paper I have chosen tonight is a retrospective on a computer design. It is one of a series of papers by Gordon Bell, and various co-authors, spanning the design, growth, and eventual replacement of the companies iconic line of PDP-11 mini computers.\u003cbr\u003e\nThis year represents the 60th anniversary of the founding of the company that produced the PDP-11. It is also 40 years since this paper was written, so I thought it would be entertaining to review Bell’s retrospective through the lens of our own 20/20 hindsight.\u003cbr\u003e\nTo set the scene for this paper, first we should talk a little about the company that produced the PDP-11, the Digital Equipment Corporation of Maynard, Massachusetts. Better known as DEC.\u003cbr\u003e\nIt’s also worth noting that the name PDP is an acronym for “Programmed Data Processor”, as at the time, computers had a reputation of being large, complicated, and expensive machines, and DEC’s venture capitalists would not support them if they built a “computer”\u003cbr\u003e\nA computer is not solely determined by its architecture; it reflects the technological, economic, and human aspects of the environment in which it was designed and built. […] The finished computer is a product of the total design environment.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Right from the get go, Bell is letting us know that the success of any computer project is not abstractly building the best computer but building the right computer, and that takes context.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt is the nature of computer engineering to be goal-oriented, with pressure to produce deliverable products. It is therefore difficult to plan for an extensive lifetime.\u003cbr\u003e\nBecause of the open nature of the PDP-11, anything which interpreted the instructions according to the processor specification, was a PDP-11, so there had been a rush within DEC, once it was clear that the PDP-11 market was heating up, to build implementations; you had different groups building fast, expensive ones and cost reduced slower ones\u003cbr\u003e\nThe first weakness of minicomputers was their limited addressing capability. The biggest (and most common) mistake that can be made in a computer design is that of not providing enough address bits for memory addressing and management.\u003cbr\u003e\nA second weakness of minicomputers was their tendency not to have enough registers. This was corrected for the PDP-11 by providing eight 16-bit registers. Later, six 32-bit registers were added for floating-point arithmetic.  […] More registers would increase the multiprogramming context switch time and confuse the user.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e“It’s also interesting to note Bell’s concern that additional registers would confuse the user. In the early 1970’s the assumption that the machine would be programmed directly in assembly was still the prevailing mindset.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA third weakness of minicomputers was their lack of hardware stack capability. In the PDP-11, this was solved with the autoincrement/autodecrement addressing mechanism. This solution is unique to the PDP-11 and has proven to be exceptionally useful. (In fact, it has been copied by other designers.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Nowadays it’s hard to imagine hardware that doesn’t have a notion of a stack, but consider that a stack isn’t important if you don’t need recursion.”\u003c/li\u003e\n\u003cli\u003e“The design for the PDP-11 was laid down in 1969 and if we look at the programming languages of the time, FORTRAN and COBOL, neither supported recursive function calls. The function call sequence would often store the return address at a blank word at the start of the procedure making recursion impossible.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA fourth weakness, limited interrupt capability and slow context switching, was essentially solved with the device of UNIBUS interrupt vectors, which direct device interrupts.\u003cbr\u003e\nThe basic mechanism is very fast, requiring only four memory cycles from the time an interrupt request is issued until the first instruction of the interrupt routine begins execution.\u003cbr\u003e\nA fifth weakness of prior minicomputers, inadequate character-handling capability, was met in the PDP-11 by providing direct byte addressing capability.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Strings and character handling were of increasing importance during the 1960’s as scientific and business computing converged. The predominant character encodings at the time were 6 bit character sets which provided just enough space for upper case letters, the digits 0 to 9, space, and a few punctuation characters sufficient for printing financial reports.”\u003c/li\u003e\n\u003cli\u003e“Because memory was so expensive, placing one 6 bit character into a 12 or 18 bit word was simply unacceptable so characters would be packed into words. This proved efficient for storage, but complex for operations like move, compare, and concatenate, which had to account for a character appearing in the top or bottom of the word, expending valuable words of program storage to cope.”\u003c/li\u003e\n\u003cli\u003e“The problem was addressed in the PDP-11 by allowing the machine to operate on memory as both a 16-bit word, and the increasingly popular 8-bit byte. The expenditure of 2 additional bits per character was felt to be worth it for simpler string handling, and also eased the adoption of the increasingly popular 7-bit ASCII standard of which DEC were a proponent at the time. Bell concludes this point with the throw away line:”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlthough string instructions are not yet provided in the hardware, the common string operations (move, compare, concatenate) can be programmed with very short loops.\u003cbr\u003e\nA sixth weakness, the inability to use read-only memories, was avoided in the PDP-11. Most code written for the PDP-11 tends to be pure and reentrant without special effort by the programmer, allowing a read-only memory (ROM) to be used directly.\u003cbr\u003e\nA seventh weakness, one common to many minicomputers, was primitive I/O capabilities.\u003cbr\u003e\nA ninth weakness of minicomputers was the high cost of programming them. Many users program in assembly language, without the comfortable environment of editors, file systems, and debuggers available on bigger systems. The PDP-11 does not seem to have overcome this weakness, although it appears that more complex systems are being built successfully with the PDP-11 than with its predecessors, the PDP-8 and PDP-15.\u003cbr\u003e\nThe problems faced by computer designers can usually be attributed to one of two causes: inexperience or second-systemitis\u003cbr\u003e\nBefore the PDP-11, there was no UNIX. Before the PDP-11, there was no C, this is the computer that C was designed on. If you want to know why the classical C int is 16 bits wide, it’s because of the PDP-11. UNIX bought us ideas such as pipes, everything is a file, and interactive computing.\u003cbr\u003e\nUNIX, which had arrived at Berkley in 1974 aboard a tape carried by Ken Thompson, would evolve into the west coast flavoured Berkley Systems Distribution. Berkeley UNIX had been ported to the VAX by the start of the 1980’s and was thriving as the counter cultural alternative to DEC’s own VMS operating system. Berkeley UNIX spawned a new generation of hackers who would go on to form companies like Sun micro systems, and languages like Self, which lead directly to the development of Java. UNIX was ported to a bewildering array of computer systems during the 80’s and the fallout from the UNIX wars gave us the various BSD operating systems who continue to this day.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article, and the papers it is summarizing, contain a lot more than we could possibly dig into even if we dedicated the entire show to the topic\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.teachnix.com/2017/11/29/configuring-two-factor-authentication-on-freebsd-with-duo/\" rel=\"nofollow\"\u003eTwo-factor authentication SSH with Duo in FreeBSD 11\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis setup uses an SSH key as the first factor of authentication. Please watch Part 1 on setting up SSH keys and how to scp it to your server.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=E5EuvF-iaV0\" rel=\"nofollow\"\u003eVideo guide\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eRegister for a free account at Duo.com\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eInstall the Duo package on your FreeBSD server\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003epkg install -y duo\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eLog into the Duo site \u0026gt; Applications \u0026gt; Protect an Application \u0026gt; Search for Unix application \u0026gt; Protect this Application This will generate the keys we need to configure Duo.\u003c/li\u003e\n\u003cli\u003eEdit the Duo config file using the course notes template\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003evi /usr/local/etc/pam_duo.conf\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eExample config\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e[duo]\n; Duo integration key\nikey = Integration key goes here\n; Duo secret key\nskey = Secret key goes here\n; Duo API host\nhost = API hostname goes here\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eChange the permissions of the Duo config file. If the permissions are not correct then the service will not function properly.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003echmod 600 /usr/local/etc/pam_duo.conf\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEdit the SSHD config file using the course notes template\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003evi /etc/ssh/sshd_config\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eExample config\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003eListenAddress 0.0.0.0\nPort 22\nPasswordAuthentication no\nUsePAM yes\nChallengeResponseAuthentication yes\nUseDNS no\nPermitRootLogin yes\nAuthenticationMethods publickey,keyboard-interactive\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eEdit PAM to configure SSHD for Duo using the course notes template\u003c/li\u003e\n\u003cli\u003eExample config\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026amp;#35; auth\nauth            sufficient      pam_opie.so             no_warn no_fake_prompts\nauth            requisite       pam_opieaccess.so       no_warn allow_local\nauth            required        /usr/local/lib/security/pam_duo.so\n\n\u0026amp;#35; session\n\u0026amp;#35; session        optional        pam_ssh.so              want_agent\nsession         required        pam_permit.so\n\n\u0026amp;#35; password\n\u0026amp;#35; password       sufficient      pam_krb5.so             no_warn try_first_pass\npassword        required        pam_unix.so             no_warn try_first_pass\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eRestart the sshd service\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003eservice sshd restart\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSSH into your FreeBSD server and follow the link it outputs to enroll your phone with Duo.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003essh server.example.com\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSSH into your server again\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003essh server.example.com\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eChoose your preferred method and it should log you into your server.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/2017-release-engineering-recap/\" rel=\"nofollow\"\u003eFreeBSD 2017 Release Engineering Recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis past year was undoubtedly a rather busy and successful year for the Release Engineering Team. Throughout the year, development snapshot builds for FreeBSD-CURRENT and supported FreeBSD-STABLE branches were continually provided. In addition, work to package the base system using pkg(8) continued throughout the year and remains ongoing.\u003cbr\u003e\nThe FreeBSD Release Engineering Team worked on the FreeBSD 11.1-RELEASE, with the code slush starting mid-May. The FreeBSD 11.1-RELEASE cycle stayed on schedule, with the final release build starting July 21, and the final release announcement following on July 25, building upon the stability and reliability of 11.0-RELEASE.\u003cbr\u003e\nMilestones during the 11.1-RELEASE cycle can be found on the \u003ca href=\"https://www.freebsd.org/releases/11.1R/schedule.html\" rel=\"nofollow\"\u003e11.1 schedule page\u003c/a\u003e. The final announcement is available \u003ca href=\"https://www.freebsd.org/releases/11.1R/announce.html\" rel=\"nofollow\"\u003ehere\u003c/a\u003e.\u003cbr\u003e\nThe FreeBSD Release Engineering Team started the FreeBSD 10.4-RELEASE cycle, led by Marius Strobl. The FreeBSD 10.4-RELEASE cycle continued on schedule, with the only adjustments to the schedule being the addition of BETA4 and the removal of RC3. FreeBSD 10.4-RELEASE builds upon the stability and reliability of FreeBSD 10.3-RELEASE, and is planned to be the final release from the stable/10 branch.\u003cbr\u003e\nMilestones during the 10.4-RELEASE cycle can be found on the \u003ca href=\"https://www.freebsd.org/releases/10.4R/schedule.html\" rel=\"nofollow\"\u003e10.4 schedule page\u003c/a\u003e. The final announcement is available \u003ca href=\"https://www.freebsd.org/releases/10.4R/announce.html\" rel=\"nofollow\"\u003ehere\u003c/a\u003e.\u003cbr\u003e\nIn addition to these releases, support for additional arm single-board computer images were added, notably Raspberry Pi 3 and Pine64. Additionally, release-related documentation effective 12.0-RELEASE and later has been moved from the base system repository to the documentation repository, making it possible to update related documentation as necessary post-release.\u003cbr\u003e\nAdditionally, the FreeBSD Release Engineering article in the Project Handbook had been rewritten to outline current practices used by the Release Engineering Team. For more information on the procedures and processes the FreeBSD Release Engineering Team follows, the new article is available here  and continually updated as procedures change.\u003cbr\u003e\nFinally, following the availability of FreeBSD 11.1-RELEASE, Glen Barber attended the September Developer Summit hosted at vBSDCon in Reston, VA, USA, where he gave a brief talk comprising of several points relating directly to the 11.1-RELEASE cycle. In particular, some of the points covered included what he felt went well during the release cycle, what did not go as well as it could have, and what we, as a Project, could do better to improve the release process. The slides from the talk are available in the FreeBSD Wiki.\u003cbr\u003e\nDuring the question and answer time following the talk, some questions asked included:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Should developers use the ‘Relnotes’ tag in the Subversion commit template more loosely, at risk of an increase in false positives.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: When asked when the tag in the template was initially added, the answer would have been “no”, however in hindsight it is easier to sift through the false positives, than to comb through months or years of commit logs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: What issues are present preventing moving release-related documentation to the documentation repository?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: There were some rendering issues last time it was investigated, but it is really nothing more than taking the time to fix those issues. (Note, that since this talk, the migration of the documentation in question had moved.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eQ: Does it make sense to extend the timeframe between milestone builds during a release cycle from one week to two weeks, to allow more time for testing, for example, RC1 versus RC2?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA: No. It would extend the length of the release cycle with no real benefit between milestones since as we draw nearer to the end of a given release cycle, the number of changes to that code base significantly reduce.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://flimp.fuzzing-project.org\" rel=\"nofollow\"\u003eFLIMP - GIMP Exploit on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn 2014, when starting the \u003ca href=\"https://fuzzing-project.org/\" rel=\"nofollow\"\u003eFuzzing Project\u003c/a\u003e, Hanno Böck did some primitive fuzzing on GIMP and reported two bugs. They weren\u0026#39;t fixed and were forgotten in the public bug tracker.\u003cbr\u003e\nRecently Tobias Stöckmann found \u003ca href=\"https://bugzilla.gnome.org/show_bug.cgi?id=739133\" rel=\"nofollow\"\u003eone of these bugs\u003c/a\u003e (CVE-2017-17785) and figured out that it\u0026#39;s easy to exploit.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat kind of bug is that?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt\u0026#39;s a classic heap buffer overflow in the FLIC parser. FLIC is a file format for animations and was introduced by Autodesk Animator.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow does the exploit work?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTobias has created a \u003ca href=\"https://flimp.fuzzing-project.org/exploit.html\" rel=\"nofollow\"\u003edetailed writeup\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe exploit doesn\u0026#39;t work for me!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe figured out it\u0026#39;s unreliable and the memory addresses are depending on many circumstances. The exploit ZIP comes with two variations using different memory addresses.\u003cbr\u003e\nTry both of them. We also noticed putting the files in a subdirectory sometimes made the exploit work.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnything more to tell about the GIMP?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere\u0026#39;s a wide variety of graphics formats. GIMP tries to support many of them, including many legacy formats that nobody is using any more today.\u003cbr\u003e\nWhile this has obvious advantages - you can access the old images you may find on a backup CD from 1995 - it comes with risks. Support for many obscure file formats means many parsers that hardly anyone ever looks at.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo... what about the other parsers?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe \u003ca href=\"https://bugzilla.gnome.org/show_bug.cgi?id=739134\" rel=\"nofollow\"\u003esecond bug\u003c/a\u003e (CVE-2017-17786), which is a simple overread, was in the TGA parser. Furthermore we found buffer overreads in the \u003ca href=\"https://bugzilla.gnome.org/show_bug.cgi?id=790783\" rel=\"nofollow\"\u003eXCF parser\u003c/a\u003e (CVE-2017-17788), the \u003ca href=\"https://bugzilla.gnome.org/show_bug.cgi?id=790784\" rel=\"nofollow\"\u003eGimp Brush (GBR) parser\u003c/a\u003e (CVE-2017-17784) and the \u003ca href=\"https://bugzilla.gnome.org/show_bug.cgi?id=790849\" rel=\"nofollow\"\u003ePaint Shop Pro (PSP) parser\u003c/a\u003e (CVE-2017-17789).\u003cbr\u003e\nWe found another \u003ca href=\"https://bugzilla.gnome.org/show_bug.cgi?id=790849\" rel=\"nofollow\"\u003eHeap buffer overflow\u003c/a\u003e in the Paint Shop Pro parser (CVE-2017-17787) which is probably also exploitable.\u003cbr\u003e\nIn other words: The GIMP import parsers are full of memory safety bugs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat should happen?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst of all obviously all known memory safety bugs should be fixed.\u003cbr\u003e\nFurthermore we believe the way GIMP plugins work is not ideal for security testing. The plug-ins are separate executables, however they can\u0026#39;t be executed on their own, as they communicate with the main GIMP process.\u003cbr\u003e\nIdeally either these plug-ins should be changed in a way that allows running them directly from the command line or - even better - they should be turned into libraries. The latter would also have the advantage of making the parser code useable for other software projects.\u003cbr\u003e\nFinally it might be a good idea to sandbox the import parsers.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.frankleonhardt.com/2017/dell-fs12-nv7-review-bargain-freebsdzfs-box/\" rel=\"nofollow\"\u003eDell FS12-NV7 Review – Bargain FreeBSD/ZFS box\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt seems just about everyone selling refurbished data centre kit has a load of Dell FS12-NV7’s to flog. Dell FS-what? You won’t find them in the Dell catalogue, that’s for sure. They look a bit like C2100s of some vintage, and they have a lot in common. But on closer inspection they’re obviously a “special” for an important customer. Given the number of them knocking around, it’s obviously a customer with big data, centres stuffed full of servers with a lot of processing to do. Here’s a hint: It’s not Google or Amazon.\u003cbr\u003e\nSo, should you be buying a weirdo box with no documentation whatsoever? I’d say yes, definitely. If you’re interests are anything like mine. In a 2U box you can get twin 4-core CPUs and 64Gb of RAM for £150 or less. What’s not to like? Ah yes, the complete lack of documentation.\u003cbr\u003e\nOver the next few weeks I intend to cover that. And to start off this is my first PC review for nearly twenty years.\u003cbr\u003e\nAs I mentioned, it’s a 2U full length heavy metal box on rails. On the back there are the usual I/O ports: a 9-way RS-232, VGA, two 1Gb Ethernet, two USB2 and a PS/2 keyboard and mouse. The front is taken up by twelve 3.5″ hard drive bays, with the status lights and power button on one of the mounting ears to make room. Unlike other Dell servers, all the connections are on the back, only.\u003cbr\u003e\nSo, in summary, you’re getting a lot for your money if its the kind of thing you want. It’s ideal as a high-performance Unix box with plenty of drive bays (preferably running BSD and ZFS). In this configuration it really shifts. Major bang-per-buck. Another idea I’ve had is using it for a flight simulator. That’s a lot of RAM and processors for the money. If you forego the SAS controllers in the PCIe slots and dump in a decent graphics card and sound board, it’s hard to see what’s could be better (and you get jet engine sound effects without a speaker).\u003cbr\u003e\nSo who should buy one of these? BSD geeks is the obvious answer. With a bit of tweaking they’re a dream. It can build-absolutely-everything in 20-30 minutes. For storage you can put fast SAS drives in and it goes like the wind, even at 3Gb bandwidth per drive. I don’t know if it works with FreeNAS but I can’t see why not – I’m using mostly FreeBSD 11.1 and the generic kernel is fine. And if you want to run a load of weird operating systems (like Windows XP) in VM format, it seems to work very well with the Xen hypervisor and Dom0 under FreeBSD. Or CentOS if you prefer.\u003cbr\u003e\nSo I shall end this review in true PCW style:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePros:\n\n\u003cul\u003e\n\u003cli\u003eCheap\u003c/li\u003e\n\u003cli\u003eLots of CPUs,\u003c/li\u003e\n\u003cli\u003eLots of RAM\u003c/li\u003e\n\u003cli\u003eLots of HD slots\u003c/li\u003e\n\u003cli\u003eGreat for BSD/ZFS or VMs\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eCons:\n\n\u003cul\u003e\n\u003cli\u003eNoisy\u003c/li\u003e\n\u003cli\u003eno AES-NI\u003c/li\u003e\n\u003cli\u003eSAS needs upgrading\u003c/li\u003e\n\u003cli\u003eLimited PCI slots\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs I’ve mentioned, the noise and SAS are easy and relatively cheap to fix, and thanks to BitCoin miners, even the PCI slot problem can be sorted. I’ll talk about this in a later post.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171126090055\" rel=\"nofollow\"\u003eReflections on Hackathons\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=HijG0hWebZk\u0026list=PL5yV8umka8YQOr1wm719In5LITdGzQMOF\" rel=\"nofollow\"\u003e7-Part Video Crash Course on SaltStack For FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_llvm_thread_sanitizer_has\" rel=\"nofollow\"\u003eThe LLVM Thread Sanitizer has been ported to NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://bitsavers.informatik.uni-stuttgart.de/bits/Interdata/32bit/unix/univWollongong_v6/miller.pdf\" rel=\"nofollow\"\u003eThe First Unix Port (1998)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171208082238\" rel=\"nofollow\"\u003earm64 platform now officially supported [and has syspatch(8)]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/bsdcan-2018-call-for-participation/\" rel=\"nofollow\"\u003eBSDCan 2018 Call for Participation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/asiabsdcon-2018-call-for-papers/\" rel=\"nofollow\"\u003eAsiaBSDCon 2018 Call for Papers\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eShawn - \u003ca href=\"http://dpaste.com/3PRPJHG#wrap\" rel=\"nofollow\"\u003eDragonFlyBSD vagrant images\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBen - \u003ca href=\"http://dpaste.com/0AZ32ZB#wrap\" rel=\"nofollow\"\u003eundermydesk\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKen - \u003ca href=\"http://dpaste.com/3E8FQC6#wrap\" rel=\"nofollow\"\u003eConferences\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBen - \u003ca href=\"http://dpaste.com/0E4538Q#wrap\" rel=\"nofollow\"\u003essh keys\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdnow.tv/tutorials/ssh-chaining\" rel=\"nofollow\"\u003eSSH Chaining\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"TrueOS stable 17.12 is out, we have an OpenBSD workstation guide for you, learnings from the PDP-11, FreeBSD 2017 Releng recap and Duo SSH.","date_published":"2017-12-20T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5f2c1de5-e2e3-49c6-8e12-39b0f4b76458.mp3","mime_type":"audio/mpeg","size_in_bytes":77115604,"duration_in_seconds":6426}]},{"id":"58d9f7dd-0328-4641-b34f-fb00673ba9fb","title":"224: The Bus Factor","url":"https://www.bsdnow.tv/224","content_text":"We try to answer what happens to an open source project after a developers death, we tell you about the last bootstrapped tech company in Silicon Valley, we have an update to the NetBSD Thread sanitizer, and show how to use use cabal on OpenBSD\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nLife after death, for code\n\n\nYOU'VE PROBABLY NEVER heard of the late Jim Weirich or his software. But you've almost certainly used apps built on his work.\nWeirich helped create several key tools for Ruby, the popular programming language used to write the code for sites like Hulu, Kickstarter, Twitter, and countless others. His code was open source, meaning that anyone could use it and modify it. \"He was a seminal member of the western world's Ruby community,\" says Justin Searls, a Ruby developer and co-founder of the software company Test Double.\nWhen Weirich died in 2014, Searls noticed that no one was maintaining one of Weirich's software-testing tools. That meant there would be no one to approve changes if other developers submitted bug fixes, security patches, or other improvements. Any tests that relied on the tool would eventually fail, as the code became outdated and incompatible with newer tech.\nThe incident highlights a growing concern in the open-source software community. What happens to code after programmers pass away? Much has been written about what happens to social-media accounts after users die. But it’s been less of an issue among programmers. In part, that’s because most companies and governments relied on commercial software maintained by teams of people. But today, more programs rely on obscure but crucial software like Weirich's.\nSome open-source projects are well known, such as the Linux operating system or Google's artificial-intelligence framework TensorFlow. But each of these projects depend on smaller libraries of open-source code. And those libraries depend on other libraries. The result is a complex, but largely hidden, web of software dependencies.\nThat can create big problems, as in 2014 when a security vulnerability known as \"Heartbleed\" was found in OpenSSL, an open-source program used by nearly every website that processes credit- or debit-card payments. The software comes bundled with most versions of Linux, but was maintained by a small team of volunteers who didn't have the time or resources to do extensive security audits. Shortly after the Heartbleed fiasco, a security issue was discovered in another common open-source application called Bash that left countless web servers and other devices vulnerable to attack.\nThere are surely more undiscovered vulnerabilities. Libraries.io, a group that analyzes connections between software projects, has identified more than 2,400 open-source libraries that are used in at least 1,000 other programs but have received little attention from the open-source community.\nSecurity problems are only one part of the issue. If software libraries aren't kept up to date, they may stop working with newer software. That means an application that depends on an outdated library may not work after a user updates other software. When a developer dies or abandons a project, everyone who depends on that software can be affected. Last year when programmer Azer Koçulu deleted a tiny library called Leftpad from the internet, it created ripple effects that reportedly caused headaches at Facebook, Netflix, and elsewhere.\n\n\n\nThe Bus Factor\n\n\n\nThe fewer people with ownership of a piece of software, the greater the risk that it could be orphaned. Developers even have a morbid name for this: the bus factor, meaning the number of people who would have to be hit by a bus before there's no one left to maintain the project. Libraries.io has identified about 3,000 open-source libraries that are used in many other programs but have only a handful of contributors.\nOrphaned projects are a risk of using open-source software, though commercial software makers can leave users in a similar bind when they stop supporting or updating older programs. In some cases, motivated programmers adopt orphaned open-source code.\nThat's what Searls did with one of Weirich’s projects. Weirich's most-popular projects had co-managers by the time of his death. But Searls noticed one, the testing tool Rspec-Given, hadn't been handed off, and wanted to take responsibility for updating it. But he ran into a few snags along the way.\nRspec-Given's code was hosted on the popular code-hosting and collaboration site GitHub, home to 67 million codebases. Weirich's Rspec-Given page on GitHub was the main place for people to report bugs or to volunteer to help improve the code. But GitHub wouldn’t give Searls control of the page, because Weirich had not named him before he died. So Searls had to create a new copy of the code, and host it elsewhere. He also had to convince the operators of Ruby Gems, a “package-management system” for distributing code, to use his version of Rspec-Given, instead of Weirich's, so that all users would have access to Searls’ changes. GitHub declined to discuss its policies around transferring control of projects.\n\nThat solved potential problems related to Rspec-Given, but it opened Searls' eyes to the many things that could go wrong. “It’s easy to see open source as a purely technical phenomenon,” Searls says. “But once something takes off and is depended on by hundreds of other people, it becomes a social phenomenon as well.”\nThe maintainers of most package-management systems have at least an ad-hoc process for transferring control over a library, but that process usually depends on someone noticing that a project has been orphaned and then volunteering to adopt it. \"We don’t have an official policy mostly because it hasn’t come up all that often,\" says Evan Phoenix of the Ruby Gems project. \"We do have an adviser council that is used to decide these types of things case by case.\"\nSome package managers now monitor their libraries and flag widely used projects that haven't been updated in a long time. Neil Bowers, who helps maintain a package manager for the programming language Perl, says he sometimes seeks out volunteers to take over orphan projects. Bowers says his group vets claims that a project has been abandoned, and the people proposing to take it over.\n\n\n\nA 'Dead-Man's Switch'\n\n\n\nTaking over Rspec-Given inspired Searls, who was only 30 at the time, to make a will and a succession plan for his own open-source projects. There are other things developers can do to help future-proof their work. They can, for example, transfer the copyrights to a foundation, such as the Apache Foundation. But many open-source projects essentially start as hobbies, so programmers may not think to transfer ownership until it is too late.\nSearls suggests that GitHub and package managers such as Gems could add something like a \"dead man's switch\" to their platform, which would allow programmers to automatically transfer ownership of a project or an account to someone else if the creator doesn’t log in or make changes after a set period of time.\nBut a transition plan means more than just giving people access to the code. Michael Droettboom, who took over a popular mathematics library called Matplotlib after its creator John Hunter died in 2012, points out that successors also need to understand the code. \"Sometimes there are parts of the code that only one person understands,\" he says. \"The knowledge exists only in one person's head.\"\nThat means getting people involved in a project earlier, ideally as soon as it is used by people other than the original developer. That has another advantage, Searls points out, in distributing the work of maintaining a project to help prevent developer burnout.\n\n\n\n\nThe Last Bootstrapped Tech Company In Silicon Valley\n\n\nMy business partner, Matt Olander, and I were intimately familiar with the ups and downs of the Silicon Valley tech industry when we acquired the remnants of our then-employer BSDi’s enterprise computer business in 2002 and assumed the roles of CEO and CTO. Fast-forward to today, and we still work in the same buildings where BSDi started in 1996, though you’d hardly recognize them today.\nAs the business grew from a startup to a global brand, our success came from always ensuring we ran a profitable business. While that may sound obvious, keep in mind that we are in the heart of Silicon Valley where venture capitalists hunt for the unicorn company that will skyrocket to a billion-dollar valuation. Unicorns like Facebook and Twitter unquestionably exist, but they are the exception.\n\n\n\nLive By The VC, Die By The VC\n\n\n\nAfter careful consideration, Matt and I decided to bootstrap our company rather than seek funding. The first dot-com bubble had recently burst, and we were seeing close friends lose their jobs right and left at VC-funded companies based on dubious business plans. While we did not have much cash on hand, we did have a customer base and treasured those customers as our greatest asset. We concluded that meeting their needs was the surest path to meeting ours, and the rest would simply be details to address individually. This strategy ended up working so well that we have many of the same customers to this day.\nAfter deciding to bootstrap, we made a decision on a matter that has left egg on the face of many of our competitors: We seated sales next to support under one roof at our manufacturing facility in Silicon Valley. Dell's decision to outsource some of its support overseas in the early 2000s was the greatest gift it could have given us. Some of our sales and support staff have worked with the same clients for over a decade, and we concluded that no amount of funding could buy that mutual loyalty. While accepting venture capital or an acquisition may make you rich, it does not guarantee that your customers, employees or even business will be taken care of. Our motto is, “Treat your customers like friends and employees like family,” and we have an incredibly low employee turnover to show for it.\nThanks to these principles, iXsystems has remained employee-owned, debt-free and profitable from the day we took it over -- all without VC funding, which is why we call ourselves the \"last bootstrapped tech company in Silicon Valley.\" As a result, we now provide enterprise servers to thousands of customers, including top Fortune 500 companies, research and educational institutions, all branches of the military, and numerous government entities.\nOver time, however, we realized that we were selling more and more third-party data storage systems with every order. We saw this as a new opportunity. We had partnered with several storage vendors to meet our customers’ needs, but every time we did, we opened a can of worms with regard to supporting our customers to our standards. Given a choice of risking being dragged down by our partners or outmaneuvered by competitors with their own storage portfolios, we made a conscious decision to develop a line of storage products that would not only complement our enterprise servers but tightly integrate with them.\nTo accelerate this effort, we adopted the FreeNAS open-source software-defined storage project in 2009 and haven’t looked back. The move enabled us to focus on storage, fully leveraging our experience with enterprise hardware and our open source heritage in equal measures. We saw many storage startups appear every quarter, struggling to establish their niche in a sea of competitors. We wondered how they’d instantly master hardware to avoid the partnering mistakes that we made years ago, given that storage hardware and software are truly inseparable at the enterprise level. We entered the storage market with the required hardware expertise, capacity and, most importantly, revenue, allowing us to develop our storage line at our own pace.\n\n\n\nGrow Up, But On Your Own Terms\n\n\n\nBy not having the external pressure from VCs or shareholders that your competitors have, you're free to set your own priorities and charge fair prices for your products. Our customers consistently tell us how refreshing our sales and marketing approaches are. We consider honesty, transparency and responsible marketing the only viable strategy when you’re bootstrapped. Your reputation with your customers and vendors should mean everything to you, and we can honestly say that the loyalty we have developed is priceless.\nSo how can your startup venture down a similar path? Here's our advice for playing the long game:\n\n\n\nRelate your experiences to each fad: Our industry is a firehose of fads and buzzwords, and it can be difficult to distinguish the genuine trends from the flops. Analyze every new buzzword in terms of your own products, services and experiences, and monitor customer trends even more carefully. Some buzzwords will even formalize things you have been doing for years.\nValue personal relationships: Companies come and go, but you will maintain many clients and colleagues for decades, regardless of the hat they currently wear. Encourage relationship building at every level of your company because you may encounter someone again.\nTrust your instincts and your colleagues: No contractual terms or credit rating system can beat the instincts you will develop over time for judging the ability of individuals and companies to deliver. You know your business, employees and customers best.\n\n\n\nLooking back, I don't think I’d change a thing. We need to be in Silicon Valley for the prime customers, vendors and talent, and it’s a point of pride that our customers recognize how different we are from the norm. Free of a venture capital “runway” and driven by these principles, we look forward to the next 20 years in this highly-competitive industry.\n\n\n\n\nCreating an AS for fun and profit\n\n\nAt its core, the Internet is an interconnected fabric of separate networks. Each network which makes up the Internet is operated independently and only interconnects with other networks in clearly defined places.\nFor smaller networks like your home, the interaction between your network and the rest of the Internet is usually pretty simple: you buy an Internet service plan from an ISP (Internet Service Provider), they give you some kind of hand-off through something like a DSL or cable modem, and give you access to \"the entire Internet\". Your router (which is likely also a WiFi access point and Ethernet switch) then only needs to know about two things; your local computers and devices are on one side, and the ENTIRE Internet is on the other side of that network link given to you by your ISP.\nFor most people, that's the extent of what's needed to be understood about how the Internet works. Pick the best ISP, buy a connection from them, and attach computers needing access to the Internet. And that's fine, as long as you're happy with only having one Internet connection from one vendor, who will lend you some arbitrary IP address(es) for the extend of your service agreement, but that starts not being good enough when you don't want to be beholden to a single ISP or a single connection for your connectivity to the Internet.\nThat also isn't good enough if you are an Internet Service Provider so you are literally a part of the Internet. You can't assume that the entire Internet is that way when half of the Internet is actually in the other direction. This is when you really have to start thinking about the Internet and treating the Internet as a very large mesh of independent connected organizations instead of an abstract cloud icon on the edge of your local network map.  Which is pretty much never for most of us.\nAlmost no one needs to consider the Internet at this level. The long flight of steps from DSL for your apartment up to needing to be an integral part of the Internet means that pretty much regardless of what level of Internet service you need for your projects, you can probably pay someone else to provide it and don't need to sit down and learn how BGP works and what an Autonomous System is. But let's ignore that for one second, and talk about how to become your own ISP.\n\n\n\nTo become your own Internet Service Provider with customers who pay you to access the Internet, or be your own web hosting provider with customers who pay you to be accessible from the Internet, or your own transit provider who has customers who pay you to move their customer's packets to other people's customers, you need a few things:\n\n\nYour own public IP address space allocated to you by an Internet numbering organization\nYour own Autonomous System Number (ASN) to identify your network as separate from everyone else's networks\nAt least one router connected to a different autonomous system speaking the Border Gateway Protocol to tell the rest of the Internet that your address space is accessible from your autonomous system.\n\n\n\n\nSo... I recently set up my own autonomous system... and I don't really have a fantastic justification for it...\n\n\n\nMy motivation was twofold:\n\n\nOne of my friends and I sat down and figured it out that splitting the cost of a rack in Hurricane Electric's FMT2 data center marginally lowered our monthly hosting expenses vs all the paid services we're using scattered across the Internet which can all be condensed into this one rack.\nAnd this first reason on its own is a perfectly valid justification for paying for co-location space at a data center like Hurricane Electric's, but isn't actually a valid reason for running it as an autonomous system, because Hurricane Electric will gladly let you use their address space for your servers hosted in their building. That's usually part of the deal when you pay for space in a data center: power, cooling, Internet connectivity, and your own IP addresses.\nAnother one of my friends challenged me to do it as an Autonomous System.\nSo admittedly, my justification for going through the additional trouble to set up this single rack of servers as an AS is a little more tenuous. I will readily admit that, more than anything else, this was a \"hold my beer\" sort of engineering moment, and not something that is at all needed to achieve what we actually needed (a rack to park all our servers in).\n\n\n\n\nBut what the hell; I've figured out how to do it, so I figured it would make an entertaining blog post. \n\n\n\nSo here's how I set up a multi-homed autonomous system on a shoe-string budget:\n\n\nStep 1. Found a Company\nStep 2. Get Yourself Public Address Space\nStep 3. Find Yourself Multiple Other Autonomous Systems to Peer With\nStep 4. Apply for an Autonomous System Number\nStep 5. Source a Router Capable of Handling the Entire Internet Routing Table\nStep 6. Turn it All On and Pray\nAnd we're off to the races.\n\n\n\n\nAt this point, Hurricane Electric is feeding us all ~700k routes for the Internet, we're feeding them our two routes for our local IPv4 and IPv6 subnets, and all that's left to do is order all our cross-connects to other ASes in the building willing to peer with us (mostly for fun) and load in all our servers to build our own personal corner of the Internet.\nThe only major goof so far has been accidentally feeding the full IPv6 table to our first other peer that we turned on, but thankfully he has a much more powerful supervisor than the Sup720-BXL, so he just sent me an email to knock that off, a little fiddling with my BGP egress policies, and we were all set.\nIn the end, setting up my own autonomous system wasn't exactly simple, it was definitely not justified, but some times in life you just need to take the more difficult path. And there's a certain amount of pride in being able to claim that I'm part of the actual Internet. That's pretty neat. \nAnd of course, thanks to all of my friends who variously contributed parts, pieces, resources, and know-how to this on-going project. I had to pull in a lot of favors to pull this off, and I appreciate it.\n\n\n\n\nNews Roundup\n\nOne year checkpoint and Thread Sanitizer update\n\n\nThe past year has been started with bugfixes and the development of regression tests for ptrace(2) and related kernel features, as well as the continuation of bringing LLDB support and LLVM sanitizers (ASan + UBsan and partial TSan + Msan) to NetBSD.  My plan for the next year is to finish implementing TSan and MSan support, followed by a long run of bug fixes for LLDB, ptrace(2), and other related kernel subsystems\n\n\n\nTSan\n\n\n\nIn the past month, I've developed Thread Sanitizer far enough to have a subset of its tests pass on NetBSD, started with addressing breakage related to the memory layout of processes. The reason for this breakage was narrowed down to the current implementation of ASLR, which was too aggressive and which didn't allow enough space to be mapped for Shadow memory. The fix for this was to either force the disabling of ASLR per-process, or globally on the system. The same will certainly happen for MSan executables. After some other corrections, I got TSan to work for the first time ever on October 14th. This was a big achievement, so I've made a snapshot available. Getting the snapshot of execution under GDB was pure hazard.\n\n\n$ gdb ./a.out                                  \nGNU gdb (GDB) 7.12\nCopyright (C) 2016 Free Software Foundation, Inc.\nLicense GPLv3+: GNU GPL version 3 or later \nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permitted by law.  Type \"show copying\"\nand \"show warranty\" for details.\nThis GDB was configured as \"x86_64--netbsd\".\nType \"show configuration\" for configuration details.\nFor bug reporting instructions, please see:\n.\nFind the GDB manual and other documentation resources online at:\n.\nFor help, type \"help\".\nType \"apropos word\" to search for commands related to \"word\"...\nReading symbols from ./a.out...done.\n(gdb) r\nStarting program: /public/llvm-build/a.out \n[New LWP 2]\n\nWARNING: ThreadSanitizer: data race (pid=1621)\n  Write of size 4 at 0x000001475d70 by thread T1:\n    #0 Thread1 /public/llvm-build/tsan.c:4:10 (a.out+0x46bf71)\n\n  Previous write of size 4 at 0x000001475d70 by main thread:\n    #0 main /public/llvm-build/tsan.c:10:10 (a.out+0x46bfe6)\n\n  Location is global 'Global' of size 4 at 0x000001475d70 (a.out+0x000001475d70)\n\n  Thread T1 (tid=2, running) created by main thread at:\n    #0 pthread_create /public/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:930:3 (a.out+0x412120)\n    #1 main /public/llvm-build/tsan.c:9:3 (a.out+0x46bfd1)\n\nSUMMARY: ThreadSanitizer: data race /public/llvm-build/tsan.c:4:10 in Thread1\n\nThread 2 received signal SIGSEGV, Segmentation fault.\n\n\n\nI was able to get the above execution results around 10% of the time (being under a tracer had no positive effect on the frequency of successful executions).  I've managed to hit the following final results for this month, with another set of bugfixes and improvements:\n\n\ncheck-tsan:\nExpected Passes    : 248\nExpected Failures  : 1\nUnsupported Tests  : 83\nUnexpected Failures: 44\n\n\n\nAt the end of the month, TSan can now reliably executabe the same (already-working) program every time. The majority of failures are in tests verifying sanitization of correct mutex locking usage. There are still problems with NetBSD-specific libc and libpthread bootstrap code that conflicts with TSan. Certain functions (pthread_create(3), pthread_key_create(3), _cxa_atexit()) cannot be started early by TSan initialization, and must be deferred late enough for the sanitizer to work correctly.\n\n\n\nMSan\n\n\n\nI've prepared a scratch support for MSan on NetBSD to help in researching how far along it is. I've also cloned and adapted the existing FreeBSD bits; however, the code still needs more work and isn't functional yet. The number of passed tests (5) is negligible and most likely does not work at all. The conclusion after this research is that TSan shall be finished first, as it touches similar code. In the future, there will be likely another round of iterating the system structs and types and adding the missing ones for NetBSD. So far, this part has been done before executing the real MSan code. I've added one missing symbol that was missing and was detected when attempting to link a test program with MSan.\n\n\n\nSanitizers\n\n\n\nThe GCC team has merged the LLVM sanitizer code, which has resulted in almost-complete support for ASan and UBsan on NetBSD. It can be found in the latest GCC8 snapshot, located in pkgsrc-wip/gcc8snapshot. Though, do note that there is an issue with getting backtraces from libasan.so, which can be worked-around by backtracing ASan events in a debugger. UBsan also passes all GCC regression tests and appears to work fine. The code enabling sanitizers on the GCC/NetBSD frontend will be submitted upstream once the backtracing issue is fixed and I'm satisfied that there are no other problems. I've managed to upstream a large portion of generic+TSan+MSan code to compiler-rt and reduce local patches to only the ones that are in progress. This deals with any rebasing issues, and allows me to just focus on the delta that is being worked on. I've tried out the LLDB builds which have TSan/NetBSD enabled, and they built and started fine. However, there were some false positives related to the mutex locking/unlocking code.\n\n\n\nPlans for the next milestone\n\n\n\nThe general goals are to finish TSan and MSan and switch back to LLDB debugging. I plan to verify the impact of the TSan bootstrap initialization on the observed crashes and research the remaining failures.\n\n\n\nThis work was sponsored by The NetBSD Foundation.\n\n\n\nThe NetBSD Foundation is a non-profit organization and welcomes any donations to help us continue funding projects and services to the open-source community. Please consider visiting the following URL, and chip in what you can:\n\n\n\n\nThe scourge of systemd\n\n\nWhile this article is actually couched in terms of promoting devuan, a de-systemd-ed version of debian, it would seem the same logic could be applied to all of the BSDs\n\n\n\nLet's say every car manufacturer recently discovered a new technology named \"doord\", which lets you open up car doors much faster than before. It only takes 0.05 seconds, instead of 1.2 seconds on average. So every time you open a door, you are much, much faster!\nMany of the manufacturers decide to implement doord, because the company providing doord makes it clear that it is beneficial for everyone. And additional to opening doors faster, it also standardises things. How to turn on your car? It is the same now everywhere, it is not necessarily to look for the keyhole anymore.\nUnfortunately though, sometimes doord does not stop the engine. Or if it is cold outside, it stops the ignition process, because it takes too long. Doord also changes the way your navigation system works, because that is totally related to opening doors, but leads to some users being unable to navigate, which is accepted as collateral damage. In the end, you at least have faster door opening and a standard way to turn on the car. Oh, and if you are in a traffic jam and have to restart the engine often, it will stop restarting it after several times, because that's not what you are supposed to do. You can open the engine hood and tune that setting though, but it will be reset once you buy a new car.\nSome of you might now ask themselves \"Is systemd THAT bad?\". And my answer to it is: No. It is even worse. Systemd developers split the community over a tiny detail that decreases stability significantly and increases complexity for not much real value. And this is not theoretical: We tried to build Data Center Light on Debian and Ubuntu, but servers that don't boot, that don't reboot or systemd-resolved that constantly interferes with our core network configuration made it too expensive to run Debian or Ubuntu.\nYes, you read right: too expensive. While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don't have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd.\n\n\n\n\nUsing cabal on OpenBSD\n\n\nSince WX became mandatory in OpenBSD, WX’d binaries are only allowed to be executed from designated locations (mount points). If you used the auto partition layout during install, your /usr/local/ will be mounted with wxallowed. For example, here is the entry for my current machine:\n\n\n/dev/sd2g on /usr/local type ffs (local, nodev, wxallowed, softdep)\n\n\n\nThis is a great feature, but if you build applications outside of the wxallowed partition, you are going to run into some issues, especially in the case of cabal (python as well).\nHere is an example of what you would see when attempting to do cabal install pandoc:\n\n\nqbit@slip[1]:~? cabal update\nConfig file path source is default config file.\nConfig file /home/qbit/.cabal/config not found.\nWriting default configuration to /home/qbit/.cabal/config\nDownloading the latest package list from hackage.haskell.org\nqbit@slip[0]:~? cabal install pandoc\nResolving dependencies...\n.....\ncabal: user error (Error: some packages failed to install:\nJuicyPixels-3.2.8.3 failed during the configure step. The exception was:\n/home/qbit/.cabal/setup-exe-cache/setup-Simple-Cabal-1.22.5.0-x86_64-openbsd-ghc-7.10.3: runProcess: runInteractiveProcess: exec: permission denied (Permission denied)\n\n\n\nThe error isn’t actually what it says. The untrained eye would assume permissions issue. A quick check of dmesg reveals what is really happening:\n\n\n/home/qbit/.cabal/setup-exe-cache/setup-Simple-Cabal-1.22.5.0-x86_64-openbsd-ghc-7.10.3(22924): W^X binary outside wxallowed mountpoint\n\n\n\nOpenBSD is killing the above binary because it is violating WX and hasn’t been safely kept in its /usr/local corral!\nWe could solve this problem quickly by marking our /home as wxallowed, however, this would be heavy handed and reckless (we don’t want to allow other potentially unsafe binaries to execute.. just the cabal stuff).\nInstead, we will build all our cabal stuff in /usr/local by using a symlink!\n\n\ndoas mkdir -p /usr/local/{cabal,cabal/build} # make our cabal and build dirs\ndoas chown -R user:wheel /usr/local/cabal    # set perms\nrm -rf ~/.cabal                              # kill the old non-working cabal\nln -s /usr/local/cabal ~/.cabal              # link it!\n\n\n\nWe are almost there! Some cabal packages build outside of ~/.cabal:\n\n\ncabal install hakyll\n.....\nBuilding foundation-0.0.14...                                                   Preprocessing library foundation-0.0.14...\nhsc2hs: dist/build/Foundation/System/Bindings/Posix_hsc_make: runProcess: runInteractiveProcess: exec: permission denied (Permission denied)\nDownloading time-locale-compat-0.1.1.3...\n.....\n\n\n\nFortunately, all of the packages I have come across that do this all respect the TMPDIR environment variable!\n\n\nalias cabal='env TMPDIR=/usr/local/cabal/build/ cabal'\n\n\n\nWith this alias, you should be able to cabal without issue (so far pandoc, shellcheck and hakyll have all built fine)!\n\n\n\nTL;DR\n\n\n\u0026amp;#35; This assumes /usr/local/ is mounted as wxallowed.\n\u0026amp;#35;\ndoas mkdir -p /usr/local/{cabal,cabal/build}\ndoas chown -R user:wheel /usr/local/cabal\nrm -rf ~/.cabal\nln -s /usr/local/cabal ~/.cabal\nalias cabal='env TMPDIR=/usr/local/cabal/build/ cabal'\ncabal install pandoc\n\n\n\n\nFreeBSD and APRS, or \"hm what happens when none of this is well documented..\"\n\n\nHere's another point along my quest for amateur radio on FreeBSD - bring up basic APRS support. Yes, someone else has done the work, but in the normal open source way it was .. inconsistently documented.\n\n\n\nFirst is figuring out the hardware platform. I chose the following:\n\n\nA Baofeng UV5R2, since they're cheap, plentiful, and do both VHF and UHF;\nA cable to do sound level conversion and isolation (and yes, I really should post a circuit diagram and picture..);\nA USB sound device, primarily so I can whack it into FreeBSD/Linux devices to get a separate sound card for doing radio work;\nFreeBSD laptop (it'll become a raspberry pi + GPS + sensor + LCD thingy later, but this'll do to start with.)\nThe Baofeng is easy - set it to the right frequency (VHF APRS sits on 144.390MHz), turn on VOX so I don't have to make up a PTT cable, done/done.\n\n\n\n\nThe PTT bit isn't that hard - one of the microphone jack pins is actually PTT (if you ground it, it engages PTT) so when you make the cable just ensure you expose a ground pin and PTT pin so you can upgrade it later.\n\nThe cable itself isn't that hard either - I had a baofeng handmic lying around (they're like $5) so I pulled it apart for the cable. I'll try to remember to take pictures of that.\n\n\n\nHere's a picture I found on the internet that shows the pinout: image\n\n\n\nNow, I went a bit further. I bought a bunch of 600 ohm isolation transformers for audio work, so I wired it up as follows:\nFrom the audio output of the USB sound card, I wired up a little attenuator - input is 2k to ground, then 10k to the input side of the transformer; then the output side of the transformer has a 0.01uF greencap capacitor to the microphone input of the baofeng;\nFrom the baofeng I just wired it up to the transformer, then the output side of that went into a 0.01uF greencap capacitor in series to the microphone input of the sound card.\nIn both instances those capacitors are there as DC blockers.\n\nOk, so that bit is easy. Then on to the software side. The normal way people do this stuff is \"direwolf\" on Linux. So, \"pkg install direwolf\" installed it. That was easy.\nConfiguring it up was a bit less easy. I found this guide to be helpful\nFreeBSD has the example direwolf config in /usr/local/share/doc/direwolf/examples/direwolf.conf . Now, direwolf will run as a normal user (there's no rc.d script for it yet!) and by default runs out of the current directory. So:\n\n\n$ cd ~\n$ cp /usr/local/share/doc/direwolf/examples/direwolf.conf . \n$ (edit it)\n$ direwolf\n\n\n\nEditing it isn't that hard - you need to change your callsign and the audio device.\n\nOK, here is the main undocumented bit for FreeBSD - the sound device can just be /dev/dsp . It isn't an ALSA name! Don't waste time trying to use ALSA names. Instead, just find the device you want and reference it. For me the USB sound card shows up as /dev/dsp3 (which is very non specific as USB sound devices come and go, but that's a later problem!) but it's enough to bring it up.\n\nSo yes, following the above guide, using the right sound device name resulted in a working APRS modem.\n\nNext up - something to talk to it. This is called 'xastir'. It's .. well, when you run it, you'll find exactly how old an X application it is. It's very nostalgically old. But, it is enough to get APRS positioning up and test both the TCP/IP side of APRS and the actual radio radio side.\n\n\n\nHere's the guide I followed:\n\n\n\nSo, that was it! So far so good. It actually works well enough to decode and watch APRS traffic around me. I managed to get out position information to the APRS network over both TCP/IP and relayed via VHF radio.\n\n\n\n\nBeastie Bits\n\n\nZebras All the Way Down - Bryan Cantrill\nYour impact on FreeBSD\nThe Secret to a good Gui\ncontainerd hits v1.0.0\nFreeBSD 11.1 Custom Kernels Made Easy - Configuring And Installing A Custom Kernel\nDebugging\n***\n\n\nFeedback/Questions\n\n\nBostjan - Backup Tapes\nPhilipp - A long time ago, there was a script\nAdam - ZFS Pool Monitoring\nDamian - KnoxBug\n***\n","content_html":"\u003cp\u003eWe try to answer what happens to an open source project after a developers death, we tell you about the last bootstrapped tech company in Silicon Valley, we have an update to the NetBSD Thread sanitizer, and show how to use use cabal on OpenBSD\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.wired.com/story/giving-open-source-projects-life-after-a-developers-death/\" rel=\"nofollow\"\u003eLife after death, for code\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYOU\u0026#39;VE PROBABLY NEVER heard of the late Jim Weirich or his software. But you\u0026#39;ve almost certainly used apps built on his work.\u003cbr\u003e\nWeirich helped create several key tools for Ruby, the popular programming language used to write the code for sites like Hulu, Kickstarter, Twitter, and countless others. His code was open source, meaning that anyone could use it and modify it. \u0026quot;He was a seminal member of the western world\u0026#39;s Ruby community,\u0026quot; says Justin Searls, a Ruby developer and co-founder of the software company Test Double.\u003cbr\u003e\nWhen Weirich died in 2014, Searls noticed that no one was maintaining one of Weirich\u0026#39;s software-testing tools. That meant there would be no one to approve changes if other developers submitted bug fixes, security patches, or other improvements. Any tests that relied on the tool would eventually fail, as the code became outdated and incompatible with newer tech.\u003cbr\u003e\nThe incident highlights a growing concern in the open-source software community. What happens to code after programmers pass away? Much has been written about what happens to social-media accounts after users die. But it’s been less of an issue among programmers. In part, that’s because most companies and governments relied on commercial software maintained by teams of people. But today, more programs rely on obscure but crucial software like Weirich\u0026#39;s.\u003cbr\u003e\nSome open-source projects are well known, such as the Linux operating system or Google\u0026#39;s artificial-intelligence framework TensorFlow. But each of these projects depend on smaller libraries of open-source code. And those libraries depend on other libraries. The result is a complex, but largely hidden, web of software dependencies.\u003cbr\u003e\nThat can create big problems, as in 2014 when a security vulnerability known as \u0026quot;Heartbleed\u0026quot; was found in OpenSSL, an open-source program used by nearly every website that processes credit- or debit-card payments. The software comes bundled with most versions of Linux, but was maintained by a small team of volunteers who didn\u0026#39;t have the time or resources to do extensive security audits. Shortly after the Heartbleed fiasco, a security issue was discovered in another common open-source application called Bash that left countless web servers and other devices vulnerable to attack.\u003cbr\u003e\nThere are surely more undiscovered vulnerabilities. Libraries.io, a group that analyzes connections between software projects, has identified more than 2,400 open-source libraries that are used in at least 1,000 other programs but have received little attention from the open-source community.\u003cbr\u003e\nSecurity problems are only one part of the issue. If software libraries aren\u0026#39;t kept up to date, they may stop working with newer software. That means an application that depends on an outdated library may not work after a user updates other software. When a developer dies or abandons a project, everyone who depends on that software can be affected. Last year when programmer Azer Koçulu deleted a tiny library called Leftpad from the internet, it created ripple effects that reportedly caused headaches at Facebook, Netflix, and elsewhere.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Bus Factor\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe fewer people with ownership of a piece of software, the greater the risk that it could be orphaned. Developers even have a morbid name for this: the bus factor, meaning the number of people who would have to be hit by a bus before there\u0026#39;s no one left to maintain the project. Libraries.io has identified about 3,000 open-source libraries that are used in many other programs but have only a handful of contributors.\u003cbr\u003e\nOrphaned projects are a risk of using open-source software, though commercial software makers can leave users in a similar bind when they stop supporting or updating older programs. In some cases, motivated programmers adopt orphaned open-source code.\u003cbr\u003e\nThat\u0026#39;s what Searls did with one of Weirich’s projects. Weirich\u0026#39;s most-popular projects had co-managers by the time of his death. But Searls noticed one, the testing tool Rspec-Given, hadn\u0026#39;t been handed off, and wanted to take responsibility for updating it. But he ran into a few snags along the way.\u003cbr\u003e\nRspec-Given\u0026#39;s code was hosted on the popular code-hosting and collaboration site GitHub, home to 67 million codebases. Weirich\u0026#39;s Rspec-Given page on GitHub was the main place for people to report bugs or to volunteer to help improve the code. But GitHub wouldn’t give Searls control of the page, because Weirich had not named him before he died. So Searls had to create a new copy of the code, and host it elsewhere. He also had to convince the operators of Ruby Gems, a “package-management system” for distributing code, to use his version of Rspec-Given, instead of Weirich\u0026#39;s, so that all users would have access to Searls’ changes. GitHub declined to discuss its policies around transferring control of projects.\u003c/p\u003e\n\n\u003cp\u003eThat solved potential problems related to Rspec-Given, but it opened Searls\u0026#39; eyes to the many things that could go wrong. “It’s easy to see open source as a purely technical phenomenon,” Searls says. “But once something takes off and is depended on by hundreds of other people, it becomes a social phenomenon as well.”\u003cbr\u003e\nThe maintainers of most package-management systems have at least an ad-hoc process for transferring control over a library, but that process usually depends on someone noticing that a project has been orphaned and then volunteering to adopt it. \u0026quot;We don’t have an official policy mostly because it hasn’t come up all that often,\u0026quot; says Evan Phoenix of the Ruby Gems project. \u0026quot;We do have an adviser council that is used to decide these types of things case by case.\u0026quot;\u003cbr\u003e\nSome package managers now monitor their libraries and flag widely used projects that haven\u0026#39;t been updated in a long time. Neil Bowers, who helps maintain a package manager for the programming language Perl, says he sometimes seeks out volunteers to take over orphan projects. Bowers says his group vets claims that a project has been abandoned, and the people proposing to take it over.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA \u0026#39;Dead-Man\u0026#39;s Switch\u0026#39;\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTaking over Rspec-Given inspired Searls, who was only 30 at the time, to make a will and a succession plan for his own open-source projects. There are other things developers can do to help future-proof their work. They can, for example, transfer the copyrights to a foundation, such as the Apache Foundation. But many open-source projects essentially start as hobbies, so programmers may not think to transfer ownership until it is too late.\u003cbr\u003e\nSearls suggests that GitHub and package managers such as Gems could add something like a \u0026quot;dead man\u0026#39;s switch\u0026quot; to their platform, which would allow programmers to automatically transfer ownership of a project or an account to someone else if the creator doesn’t log in or make changes after a set period of time.\u003cbr\u003e\nBut a transition plan means more than just giving people access to the code. Michael Droettboom, who took over a popular mathematics library called Matplotlib after its creator John Hunter died in 2012, points out that successors also need to understand the code. \u0026quot;Sometimes there are parts of the code that only one person understands,\u0026quot; he says. \u0026quot;The knowledge exists only in one person\u0026#39;s head.\u0026quot;\u003cbr\u003e\nThat means getting people involved in a project earlier, ideally as soon as it is used by people other than the original developer. That has another advantage, Searls points out, in distributing the work of maintaining a project to help prevent developer burnout.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.forbes.com/sites/forbestechcouncil/2017/12/12/the-last-bootstrapped-tech-company-in-silicon-valley/2/#4d53d50f1e4d\" rel=\"nofollow\"\u003eThe Last Bootstrapped Tech Company In Silicon Valley\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy business partner, Matt Olander, and I were intimately familiar with the ups and downs of the Silicon Valley tech industry when we acquired the remnants of our then-employer BSDi’s enterprise computer business in 2002 and assumed the roles of CEO and CTO. Fast-forward to today, and we still work in the same buildings where BSDi started in 1996, though you’d hardly recognize them today.\u003cbr\u003e\nAs the business grew from a startup to a global brand, our success came from always ensuring we ran a profitable business. While that may sound obvious, keep in mind that we are in the heart of Silicon Valley where venture capitalists hunt for the unicorn company that will skyrocket to a billion-dollar valuation. Unicorns like Facebook and Twitter unquestionably exist, but they are the exception.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLive By The VC, Die By The VC\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter careful consideration, Matt and I decided to bootstrap our company rather than seek funding. The first dot-com bubble had recently burst, and we were seeing close friends lose their jobs right and left at VC-funded companies based on dubious business plans. While we did not have much cash on hand, we did have a customer base and treasured those customers as our greatest asset. We concluded that meeting their needs was the surest path to meeting ours, and the rest would simply be details to address individually. This strategy ended up working so well that we have many of the same customers to this day.\u003cbr\u003e\nAfter deciding to bootstrap, we made a decision on a matter that has left egg on the face of many of our competitors: We seated sales next to support under one roof at our manufacturing facility in Silicon Valley. Dell\u0026#39;s decision to outsource some of its support overseas in the early 2000s was the greatest gift it could have given us. Some of our sales and support staff have worked with the same clients for over a decade, and we concluded that no amount of funding could buy that mutual loyalty. While accepting venture capital or an acquisition may make you rich, it does not guarantee that your customers, employees or even business will be taken care of. Our motto is, “Treat your customers like friends and employees like family,” and we have an incredibly low employee turnover to show for it.\u003cbr\u003e\nThanks to these principles, iXsystems has remained employee-owned, debt-free and profitable from the day we took it over -- all without VC funding, which is why we call ourselves the \u0026quot;last bootstrapped tech company in Silicon Valley.\u0026quot; As a result, we now provide enterprise servers to thousands of customers, including top Fortune 500 companies, research and educational institutions, all branches of the military, and numerous government entities.\u003cbr\u003e\nOver time, however, we realized that we were selling more and more third-party data storage systems with every order. We saw this as a new opportunity. We had partnered with several storage vendors to meet our customers’ needs, but every time we did, we opened a can of worms with regard to supporting our customers to our standards. Given a choice of risking being dragged down by our partners or outmaneuvered by competitors with their own storage portfolios, we made a conscious decision to develop a line of storage products that would not only complement our enterprise servers but tightly integrate with them.\u003cbr\u003e\nTo accelerate this effort, we adopted the FreeNAS open-source software-defined storage project in 2009 and haven’t looked back. The move enabled us to focus on storage, fully leveraging our experience with enterprise hardware and our open source heritage in equal measures. We saw many storage startups appear every quarter, struggling to establish their niche in a sea of competitors. We wondered how they’d instantly master hardware to avoid the partnering mistakes that we made years ago, given that storage hardware and software are truly inseparable at the enterprise level. We entered the storage market with the required hardware expertise, capacity and, most importantly, revenue, allowing us to develop our storage line at our own pace.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGrow Up, But On Your Own Terms\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBy not having the external pressure from VCs or shareholders that your competitors have, you\u0026#39;re free to set your own priorities and charge fair prices for your products. Our customers consistently tell us how refreshing our sales and marketing approaches are. We consider honesty, transparency and responsible marketing the only viable strategy when you’re bootstrapped. Your reputation with your customers and vendors should mean everything to you, and we can honestly say that the loyalty we have developed is priceless.\u003cbr\u003e\nSo how can your startup venture down a similar path? Here\u0026#39;s our advice for playing the long game:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRelate your experiences to each fad: Our industry is a firehose of fads and buzzwords, and it can be difficult to distinguish the genuine trends from the flops. Analyze every new buzzword in terms of your own products, services and experiences, and monitor customer trends even more carefully. Some buzzwords will even formalize things you have been doing for years.\u003c/li\u003e\n\u003cli\u003eValue personal relationships: Companies come and go, but you will maintain many clients and colleagues for decades, regardless of the hat they currently wear. Encourage relationship building at every level of your company because you may encounter someone again.\u003c/li\u003e\n\u003cli\u003eTrust your instincts and your colleagues: No contractual terms or credit rating system can beat the instincts you will develop over time for judging the ability of individuals and companies to deliver. You know your business, employees and customers best.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLooking back, I don\u0026#39;t think I’d change a thing. We need to be in Silicon Valley for the prime customers, vendors and talent, and it’s a point of pride that our customers recognize how different we are from the norm. Free of a venture capital “runway” and driven by these principles, we look forward to the next 20 years in this highly-competitive industry.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.thelifeofkenneth.com/2017/11/creating-autonomous-system-for-fun-and.html\" rel=\"nofollow\"\u003eCreating an AS for fun and profit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt its core, the Internet is an interconnected fabric of separate networks. Each network which makes up the Internet is operated independently and only interconnects with other networks in clearly defined places.\u003cbr\u003e\nFor smaller networks like your home, the interaction between your network and the rest of the Internet is usually pretty simple: you buy an Internet service plan from an ISP (Internet Service Provider), they give you some kind of hand-off through something like a DSL or cable modem, and give you access to \u0026quot;the entire Internet\u0026quot;. Your router (which is likely also a WiFi access point and Ethernet switch) then only needs to know about two things; your local computers and devices are on one side, and the ENTIRE Internet is on the other side of that network link given to you by your ISP.\u003cbr\u003e\nFor most people, that\u0026#39;s the extent of what\u0026#39;s needed to be understood about how the Internet works. Pick the best ISP, buy a connection from them, and attach computers needing access to the Internet. And that\u0026#39;s fine, as long as you\u0026#39;re happy with only having one Internet connection from one vendor, who will lend you some arbitrary IP address(es) for the extend of your service agreement, but that starts not being good enough when you don\u0026#39;t want to be beholden to a single ISP or a single connection for your connectivity to the Internet.\u003cbr\u003e\nThat also isn\u0026#39;t good enough if you \u003cem\u003eare\u003c/em\u003e an Internet Service Provider so you are literally a part of the Internet. You can\u0026#39;t assume that the entire Internet is that way when half of the Internet is actually in the other direction. This is when you really have to start thinking about the Internet and treating the Internet as a very large mesh of independent connected organizations instead of an abstract cloud icon on the edge of your local network map.  Which is pretty much never for most of us.\u003cbr\u003e\nAlmost no one needs to consider the Internet at this level. The long flight of steps from DSL for your apartment up to needing to be an integral part of the Internet means that pretty much regardless of what level of Internet service you need for your projects, you can probably pay someone else to provide it and don\u0026#39;t need to sit down and learn how BGP works and what an Autonomous System is. But let\u0026#39;s ignore that for one second, and talk about how to become your own ISP.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo become your own Internet Service Provider with customers who pay you to access the Internet, or be your own web hosting provider with customers who pay you to be accessible from the Internet, or your own transit provider who has customers who pay you to move their customer\u0026#39;s packets to other people\u0026#39;s customers, you need a few things:\n\n\u003cul\u003e\n\u003cli\u003eYour own public IP address space allocated to you by an Internet numbering organization\u003c/li\u003e\n\u003cli\u003eYour own Autonomous System Number (ASN) to identify your network as separate from everyone else\u0026#39;s networks\u003c/li\u003e\n\u003cli\u003eAt least one router connected to a different autonomous system speaking the Border Gateway Protocol to tell the rest of the Internet that your address space is accessible from your autonomous system.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo... I recently set up my own autonomous system... and I don\u0026#39;t really have a fantastic justification for it...\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMy motivation was twofold:\n\n\u003cul\u003e\n\u003cli\u003eOne of my friends and I sat down and figured it out that splitting the cost of a rack in Hurricane Electric\u0026#39;s FMT2 data center marginally lowered our monthly hosting expenses vs all the paid services we\u0026#39;re using scattered across the Internet which can all be condensed into this one rack.\u003c/li\u003e\n\u003cli\u003eAnd this first reason on its own is a perfectly valid justification for paying for co-location space at a data center like Hurricane Electric\u0026#39;s, but isn\u0026#39;t actually a valid reason for running it as an autonomous system, because Hurricane Electric will gladly let you use their address space for your servers hosted in their building. That\u0026#39;s usually part of the deal when you pay for space in a data center: power, cooling, Internet connectivity, and your own IP addresses.\u003c/li\u003e\n\u003cli\u003eAnother one of my friends challenged me to do it as an Autonomous System.\u003c/li\u003e\n\u003cli\u003eSo admittedly, my justification for going through the additional trouble to set up this single rack of servers as an AS is a little more tenuous. I will readily admit that, more than anything else, this was a \u0026quot;hold my beer\u0026quot; sort of engineering moment, and not something that is at all needed to achieve what we actually needed (a rack to park all our servers in).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut what the hell; I\u0026#39;ve figured out how to do it, so I figured it would make an entertaining blog post. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo here\u0026#39;s how I set up a multi-homed autonomous system on a shoe-string budget:\n\n\u003cul\u003e\n\u003cli\u003eStep 1. Found a Company\u003c/li\u003e\n\u003cli\u003eStep 2. Get Yourself Public Address Space\u003c/li\u003e\n\u003cli\u003eStep 3. Find Yourself Multiple Other Autonomous Systems to Peer With\u003c/li\u003e\n\u003cli\u003eStep 4. Apply for an Autonomous System Number\u003c/li\u003e\n\u003cli\u003eStep 5. Source a Router Capable of Handling the Entire Internet Routing Table\u003c/li\u003e\n\u003cli\u003eStep 6. Turn it All On and Pray\u003c/li\u003e\n\u003cli\u003eAnd we\u0026#39;re off to the races.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt this point, Hurricane Electric is feeding us all ~700k routes for the Internet, we\u0026#39;re feeding them our two routes for our local IPv4 and IPv6 subnets, and all that\u0026#39;s left to do is order all our cross-connects to other ASes in the building willing to peer with us (mostly for fun) and load in all our servers to build our own personal corner of the Internet.\u003cbr\u003e\nThe only major goof so far has been accidentally feeding the full IPv6 table to our first other peer that we turned on, but thankfully he has a much more powerful supervisor than the Sup720-BXL, so he just sent me an email to knock that off, a little fiddling with my BGP egress policies, and we were all set.\u003cbr\u003e\nIn the end, setting up my own autonomous system wasn\u0026#39;t exactly simple, it was definitely not justified, but some times in life you just need to take the more difficult path. And there\u0026#39;s a certain amount of pride in being able to claim that I\u0026#39;m part of the actual Internet. That\u0026#39;s pretty neat. \u003cbr\u003e\nAnd of course, thanks to all of my friends who variously contributed parts, pieces, resources, and know-how to this on-going project. I had to pull in a lot of favors to pull this off, and I appreciate it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/one_year_checkpoint_and_thread\" rel=\"nofollow\"\u003eOne year checkpoint and Thread Sanitizer update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe past year has been started with bugfixes and the development of regression tests for ptrace(2) and related kernel features, as well as the continuation of bringing LLDB support and LLVM sanitizers (ASan + UBsan and partial TSan + Msan) to NetBSD.  My plan for the next year is to finish implementing TSan and MSan support, followed by a long run of bug fixes for LLDB, ptrace(2), and other related kernel subsystems\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTSan\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the past month, I\u0026#39;ve developed Thread Sanitizer far enough to have a subset of its tests pass on NetBSD, started with addressing breakage related to the memory layout of processes. The reason for this breakage was narrowed down to the current implementation of ASLR, which was too aggressive and which didn\u0026#39;t allow enough space to be mapped for Shadow memory. The fix for this was to either force the disabling of ASLR per-process, or globally on the system. The same will certainly happen for MSan executables. After some other corrections, I got TSan to work for the first time ever on October 14th. This was a big achievement, so I\u0026#39;ve made a snapshot available. Getting the snapshot of execution under GDB was pure hazard.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ gdb ./a.out                                  \nGNU gdb (GDB) 7.12\nCopyright (C) 2016 Free Software Foundation, Inc.\nLicense GPLv3+: GNU GPL version 3 or later \nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permitted by law.  Type \u0026quot;show copying\u0026quot;\nand \u0026quot;show warranty\u0026quot; for details.\nThis GDB was configured as \u0026quot;x86_64--netbsd\u0026quot;.\nType \u0026quot;show configuration\u0026quot; for configuration details.\nFor bug reporting instructions, please see:\n.\nFind the GDB manual and other documentation resources online at:\n.\nFor help, type \u0026quot;help\u0026quot;.\nType \u0026quot;apropos word\u0026quot; to search for commands related to \u0026quot;word\u0026quot;...\nReading symbols from ./a.out...done.\n(gdb) r\nStarting program: /public/llvm-build/a.out \n[New LWP 2]\n\nWARNING: ThreadSanitizer: data race (pid=1621)\n  Write of size 4 at 0x000001475d70 by thread T1:\n    #0 Thread1 /public/llvm-build/tsan.c:4:10 (a.out+0x46bf71)\n\n  Previous write of size 4 at 0x000001475d70 by main thread:\n    #0 main /public/llvm-build/tsan.c:10:10 (a.out+0x46bfe6)\n\n  Location is global \u0026#39;Global\u0026#39; of size 4 at 0x000001475d70 (a.out+0x000001475d70)\n\n  Thread T1 (tid=2, running) created by main thread at:\n    #0 pthread_create /public/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:930:3 (a.out+0x412120)\n    #1 main /public/llvm-build/tsan.c:9:3 (a.out+0x46bfd1)\n\nSUMMARY: ThreadSanitizer: data race /public/llvm-build/tsan.c:4:10 in Thread1\n\nThread 2 received signal SIGSEGV, Segmentation fault.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was able to get the above execution results around 10% of the time (being under a tracer had no positive effect on the frequency of successful executions).  I\u0026#39;ve managed to hit the following final results for this month, with another set of bugfixes and improvements:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003echeck-tsan:\nExpected Passes    : 248\nExpected Failures  : 1\nUnsupported Tests  : 83\nUnexpected Failures: 44\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt the end of the month, TSan can now reliably executabe the same (already-working) program every time. The majority of failures are in tests verifying sanitization of correct mutex locking usage. There are still problems with NetBSD-specific libc and libpthread bootstrap code that conflicts with TSan. Certain functions (pthread_create(3), pthread_key_create(3), _cxa_atexit()) cannot be started early by TSan initialization, and must be deferred late enough for the sanitizer to work correctly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMSan\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve prepared a scratch support for MSan on NetBSD to help in researching how far along it is. I\u0026#39;ve also cloned and adapted the existing FreeBSD bits; however, the code still needs more work and isn\u0026#39;t functional yet. The number of passed tests (5) is negligible and most likely does not work at all. The conclusion after this research is that TSan shall be finished first, as it touches similar code. In the future, there will be likely another round of iterating the system structs and types and adding the missing ones for NetBSD. So far, this part has been done before executing the real MSan code. I\u0026#39;ve added one missing symbol that was missing and was detected when attempting to link a test program with MSan.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSanitizers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe GCC team has merged the LLVM sanitizer code, which has resulted in almost-complete support for ASan and UBsan on NetBSD. It can be found in the latest GCC8 snapshot, located in pkgsrc-wip/gcc8snapshot. Though, do note that there is an issue with getting backtraces from libasan.so, which can be worked-around by backtracing ASan events in a debugger. UBsan also passes all GCC regression tests and appears to work fine. The code enabling sanitizers on the GCC/NetBSD frontend will be submitted upstream once the backtracing issue is fixed and I\u0026#39;m satisfied that there are no other problems. I\u0026#39;ve managed to upstream a large portion of generic+TSan+MSan code to compiler-rt and reduce local patches to only the ones that are in progress. This deals with any rebasing issues, and allows me to just focus on the delta that is being worked on. I\u0026#39;ve tried out the LLDB builds which have TSan/NetBSD enabled, and they built and started fine. However, there were some false positives related to the mutex locking/unlocking code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlans for the next milestone\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe general goals are to finish TSan and MSan and switch back to LLDB debugging. I plan to verify the impact of the TSan bootstrap initialization on the observed crashes and research the remaining failures.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis work was sponsored by The NetBSD Foundation.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe NetBSD Foundation is a non-profit organization and welcomes any donations to help us continue funding projects and services to the open-source community. Please consider visiting the following URL, and chip in what you can:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.ungleich.ch/en-us/cms/blog/2017/12/10/the-importance-of-devuan/\" rel=\"nofollow\"\u003eThe scourge of systemd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile this article is actually couched in terms of promoting devuan, a de-systemd-ed version of debian, it would seem the same logic could be applied to all of the BSDs\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet\u0026#39;s say every car manufacturer recently discovered a new technology named \u0026quot;doord\u0026quot;, which lets you open up car doors much faster than before. It only takes 0.05 seconds, instead of 1.2 seconds on average. So every time you open a door, you are much, much faster!\u003cbr\u003e\nMany of the manufacturers decide to implement doord, because the company providing doord makes it clear that it is beneficial for everyone. And additional to opening doors faster, it also standardises things. How to turn on your car? It is the same now everywhere, it is not necessarily to look for the keyhole anymore.\u003cbr\u003e\nUnfortunately though, sometimes doord does not stop the engine. Or if it is cold outside, it stops the ignition process, because it takes too long. Doord also changes the way your navigation system works, because that is totally related to opening doors, but leads to some users being unable to navigate, which is accepted as collateral damage. In the end, you at least have faster door opening and a standard way to turn on the car. Oh, and if you are in a traffic jam and have to restart the engine often, it will stop restarting it after several times, because that\u0026#39;s not what you are supposed to do. You can open the engine hood and tune that setting though, but it will be reset once you buy a new car.\u003cbr\u003e\nSome of you might now ask themselves \u0026quot;Is systemd THAT bad?\u0026quot;. And my answer to it is: No. It is even worse. Systemd developers split the community over a tiny detail that decreases stability significantly and increases complexity for not much real value. And this is not theoretical: We tried to build Data Center Light on Debian and Ubuntu, but servers that don\u0026#39;t boot, that don\u0026#39;t reboot or systemd-resolved that constantly interferes with our core network configuration made it too expensive to run Debian or Ubuntu.\u003cbr\u003e\nYes, you read right: too expensive. While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don\u0026#39;t have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://deftly.net/posts/2017-10-12-using-cabal-on-openbsd.html\" rel=\"nofollow\"\u003eUsing cabal on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince \u003ca href=\"https://undeadly.org/cgi?action=article\u0026sid=20160527203200\" rel=\"nofollow\"\u003eW\u003csup\u003eX\u003c/sup\u003e became mandatory in OpenBSD\u003c/a\u003e, W\u003csup\u003eX’d\u003c/sup\u003e binaries are only allowed to be executed from designated locations (mount points). If you used the auto partition layout during install, your /usr/local/ will be mounted with wxallowed. For example, here is the entry for my current machine:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e/dev/sd2g on /usr/local type ffs (local, nodev, wxallowed, softdep)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a great feature, but if you build applications outside of the wxallowed partition, you are going to run into some issues, especially in the case of cabal (python as well).\u003cbr\u003e\nHere is an example of what you would see when attempting to do cabal install pandoc:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eqbit@slip[1]:~? cabal update\nConfig file path source is default config file.\nConfig file /home/qbit/.cabal/config not found.\nWriting default configuration to /home/qbit/.cabal/config\nDownloading the latest package list from hackage.haskell.org\nqbit@slip[0]:~? cabal install pandoc\nResolving dependencies...\n.....\ncabal: user error (Error: some packages failed to install:\nJuicyPixels-3.2.8.3 failed during the configure step. The exception was:\n/home/qbit/.cabal/setup-exe-cache/setup-Simple-Cabal-1.22.5.0-x86_64-openbsd-ghc-7.10.3: runProcess: runInteractiveProcess: exec: permission denied (Permission denied)\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe error isn’t actually what it says. The untrained eye would assume permissions issue. A quick check of dmesg reveals what is really happening:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e/home/qbit/.cabal/setup-exe-cache/setup-Simple-Cabal-1.22.5.0-x86_64-openbsd-ghc-7.10.3(22924): W^X binary outside wxallowed mountpoint\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD is killing the above binary because it is violating W\u003csup\u003eX\u003c/sup\u003e and hasn’t been safely kept in its /usr/local corral!\u003cbr\u003e\nWe could solve this problem quickly by marking our /home as wxallowed, however, this would be heavy handed and reckless (we don’t want to allow other potentially unsafe binaries to execute.. just the cabal stuff).\u003cbr\u003e\nInstead, we will build all our cabal stuff in /usr/local by using a symlink!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003edoas mkdir -p /usr/local/{cabal,cabal/build} # make our cabal and build dirs\ndoas chown -R user:wheel /usr/local/cabal    # set perms\nrm -rf ~/.cabal                              # kill the old non-working cabal\nln -s /usr/local/cabal ~/.cabal              # link it!\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe are almost there! Some cabal packages build outside of ~/.cabal:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003ecabal install hakyll\n.....\nBuilding foundation-0.0.14...                                                   Preprocessing library foundation-0.0.14...\nhsc2hs: dist/build/Foundation/System/Bindings/Posix_hsc_make: runProcess: runInteractiveProcess: exec: permission denied (Permission denied)\nDownloading time-locale-compat-0.1.1.3...\n.....\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFortunately, all of the packages I have come across that do this all respect the TMPDIR environment variable!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003ealias cabal=\u0026#39;env TMPDIR=/usr/local/cabal/build/ cabal\u0026#39;\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith this alias, you should be able to cabal without issue (so far pandoc, shellcheck and hakyll have all built fine)!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTL;DR\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026amp;#35; This assumes /usr/local/ is mounted as wxallowed.\n\u0026amp;#35;\ndoas mkdir -p /usr/local/{cabal,cabal/build}\ndoas chown -R user:wheel /usr/local/cabal\nrm -rf ~/.cabal\nln -s /usr/local/cabal ~/.cabal\nalias cabal=\u0026#39;env TMPDIR=/usr/local/cabal/build/ cabal\u0026#39;\ncabal install pandoc\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://adrianchadd.blogspot.co.uk/2017/10/freebsd-and-aprs-or-hm-what-happens.html\" rel=\"nofollow\"\u003eFreeBSD and APRS, or \u0026quot;hm what happens when none of this is well documented..\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere\u0026#39;s another point along my quest for amateur radio on FreeBSD - bring up basic APRS support. Yes, someone else has done the work, but in the normal open source way it was .. inconsistently documented.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirst is figuring out the hardware platform. I chose the following:\n\n\u003cul\u003e\n\u003cli\u003eA Baofeng UV5R2, since they\u0026#39;re cheap, plentiful, and do both VHF and UHF;\u003c/li\u003e\n\u003cli\u003eA cable to do sound level conversion and isolation (and yes, I really should post a circuit diagram and picture..);\u003c/li\u003e\n\u003cli\u003eA USB sound device, primarily so I can whack it into FreeBSD/Linux devices to get a separate sound card for doing radio work;\u003c/li\u003e\n\u003cli\u003eFreeBSD laptop (it\u0026#39;ll become a raspberry pi + GPS + sensor + LCD thingy later, but this\u0026#39;ll do to start with.)\u003c/li\u003e\n\u003cli\u003eThe Baofeng is easy - set it to the right frequency (VHF APRS sits on 144.390MHz), turn on VOX so I don\u0026#39;t have to make up a PTT cable, done/done.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe PTT bit isn\u0026#39;t that hard - one of the microphone jack pins is actually PTT (if you ground it, it engages PTT) so when you make the cable just ensure you expose a ground pin and PTT pin so you can upgrade it later.\u003c/p\u003e\n\n\u003cp\u003eThe cable itself isn\u0026#39;t that hard either - I had a baofeng handmic lying around (they\u0026#39;re like $5) so I pulled it apart for the cable. I\u0026#39;ll try to remember to take pictures of that.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere\u0026#39;s a picture I found on the internet that shows the pinout: \u003ca href=\"https://3.bp.blogspot.com/-58HUyt-9SUw/Wdz6uMauWlI/AAAAAAAAVz8/e7OrnRzN3908UYGUIRI1EBYJ5UcnO0qRgCLcBGAs/s1600/aprs-cable.png\" rel=\"nofollow\"\u003eimage\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow, I went a bit further. I bought a bunch of 600 ohm isolation transformers for audio work, so I wired it up as follows:\u003cbr\u003e\nFrom the audio output of the USB sound card, I wired up a little attenuator - input is 2k to ground, then 10k to the input side of the transformer; then the output side of the transformer has a 0.01uF greencap capacitor to the microphone input of the baofeng;\u003cbr\u003e\nFrom the baofeng I just wired it up to the transformer, then the output side of that went into a 0.01uF greencap capacitor in series to the microphone input of the sound card.\u003cbr\u003e\nIn both instances those capacitors are there as DC blockers.\u003c/p\u003e\n\n\u003cp\u003eOk, so that bit is easy. Then on to the software side. The normal way people do this stuff is \u0026quot;direwolf\u0026quot; on Linux. So, \u0026quot;pkg install direwolf\u0026quot; installed it. That was easy.\u003cbr\u003e\nConfiguring it up was a bit less easy. \u003ca href=\"https://andrewmemory.wordpress.com/tag/direwolf/\" rel=\"nofollow\"\u003eI found this guide to be helpful\u003c/a\u003e\u003cbr\u003e\nFreeBSD has the example direwolf config in /usr/local/share/doc/direwolf/examples/direwolf.conf . Now, direwolf will run as a normal user (there\u0026#39;s no rc.d script for it yet!) and by default runs out of the current directory. So:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ cd ~\n$ cp /usr/local/share/doc/direwolf/examples/direwolf.conf . \n$ (edit it)\n$ direwolf\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEditing it isn\u0026#39;t that hard - you need to change your callsign and the audio device.\u003c/p\u003e\n\n\u003cp\u003eOK, here is the main undocumented bit for FreeBSD - the sound device can just be /dev/dsp . It isn\u0026#39;t an ALSA name! Don\u0026#39;t waste time trying to use ALSA names. Instead, just find the device you want and reference it. For me the USB sound card shows up as /dev/dsp3 (which is very non specific as USB sound devices come and go, but that\u0026#39;s a later problem!) but it\u0026#39;s enough to bring it up.\u003c/p\u003e\n\n\u003cp\u003eSo yes, following the above guide, using the right sound device name resulted in a working APRS modem.\u003c/p\u003e\n\n\u003cp\u003eNext up - something to talk to it. This is called \u0026#39;xastir\u0026#39;. It\u0026#39;s .. well, when you run it, you\u0026#39;ll find exactly how old an X application it is. It\u0026#39;s very nostalgically old. But, it is enough to get APRS positioning up and test both the TCP/IP side of APRS and the actual radio radio side.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://andrewmemory.wordpress.com/2015/03/22/setting-up-direwolfxastir-on-a-raspberry-pi/\" rel=\"nofollow\"\u003eHere\u0026#39;s the guide I followed:\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo, that was it! So far so good. It actually works well enough to decode and watch APRS traffic around me. I managed to get out position information to the APRS network over both TCP/IP and relayed via VHF radio.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=fE2KDzZaxvE\" rel=\"nofollow\"\u003eZebras All the Way Down - Bryan Cantrill\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/your-impact-on-freebsd/\" rel=\"nofollow\"\u003eYour impact on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/secret-good-gui/\" rel=\"nofollow\"\u003eThe Secret to a good Gui\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/releases/tag/v1.0.0\" rel=\"nofollow\"\u003econtainerd hits v1.0.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=lzdg_2bUh9Y\u0026t=\" rel=\"nofollow\"\u003eFreeBSD 11.1 Custom Kernels Made Easy - Configuring And Installing A Custom Kernel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://pbs.twimg.com/media/DQgCNq6UEAEqa1W.jpg:large\" rel=\"nofollow\"\u003eDebugging\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBostjan - \u003ca href=\"http://dpaste.com/22ZVJ12#wrap\" rel=\"nofollow\"\u003eBackup Tapes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePhilipp - \u003ca href=\"http://dpaste.com/13E8RGR#wrap\" rel=\"nofollow\"\u003eA long time ago, there was a script\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdam - \u003ca href=\"http://dpaste.com/3BQXXPM#wrap\" rel=\"nofollow\"\u003eZFS Pool Monitoring\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDamian - \u003ca href=\"http://dpaste.com/0ZZVM4R#wrap\" rel=\"nofollow\"\u003eKnoxBug\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We try to answer what happens to an open source project after a developers death, we tell you about the last bootstrapped tech company in Silicon Valley, we have an update to the NetBSD Thread sanitizer, and show how to use use cabal on OpenBSD","date_published":"2017-12-13T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/58d9f7dd-0328-4641-b34f-fb00673ba9fb.mp3","mime_type":"audio/mpeg","size_in_bytes":72307156,"duration_in_seconds":6025}]},{"id":"d183f10c-66be-49a7-b233-18c3a30ecdb4","title":"223: Compile once, debug twice","url":"https://www.bsdnow.tv/223","content_text":"Picking a compiler for debuggability, how to port Rust apps to FreeBSD, what the point of Docker is on FreeBSD/Solaris, another EuroBSDcon recap, and network manager control in OpenBSD\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nCompile once, Debug twice: Picking a compiler for debuggability, part 1 of 3\n\n\nAn interesting look into why when you try to debug a crash, you can often find all of the useful information has been ‘optimized out’\n\n\n\nHave you ever had an assert get triggered only to result in a useless core dump with missing variable information or an invalid callstack?\nCommon factors that go into selecting a C or C++ compiler are: availability, correctness, compilation speed and application performance. A factor that is often neglected is debug information quality, which symbolic debuggers use to reconcile application executable state to the source-code form that is familiar to most software engineers.\nWhen production builds of an application fail, the level of access to program state directly impacts the ability for a software engineer to investigate and fix a bug. If a compiler has optimized out a variable or is unable to express to a symbolic debugger how to reconstruct the value of a variable, the engineer’s investigation process is significantly impacted. Either the engineer has to attempt to recreate the problem, iterate through speculative fixes or attempt to perform prohibitively expensive debugging, such as reconstructing program state through executable code analysis.\nDebug information quality is in fact not proportionally related to the quality of the generated executable code and wildly varies from compiler to compiler.\nDifferent compilers emit debug information at varying levels of quality and accuracy. However, certain optimizations will certainly impact any debugger’s ability to generate accurate stack traces or extract variable values. \nIn the above program, the value of argv is extracted and then the program is paused. The ck_pr_load_ptr function performs a read from the region of memory pointed to by argv, in a manner that prevents the compiler from performing optimization on it. This ensures that the memory access occurs and for this reason, the value of argv must be accessible by the time ck_pr_load_ptr is executed.\nWhen compiled with gcc, the debugger fails to find the value of the variable. The compiler determines that the value of argv is no longer needed after the ck_pr_load_ptr operation and so doesn’t bother paying the cost of saving the value.\nSome optimizations generate executable code whose call stack cannot be sufficiently disambiguated to reconcile a call stack that mirrors that of the source program. Two common culprits for this are tail call optimization and basic block commoning.\n\n\n\nIn another example\n\n\n\nIf the program receives a first argument of 1, then function is called with the argument of \"a\". If the program receives a first argument of 2, then function is called with the argument of \"b\". However, if we compile this program with clang, the stack traces in both cases are identical! clang informs the debugger that the function f invoked the function(\"b\") branch where x = 2 even if x = 1.\nThough some optimizations will certainly impact the accuracy of a symbolic debugger, some compilers simply lack the ability to generate debug information in the presence of certain optimizations. One common optimization is induction variable elimination. A variable that’s incremented or decremented by a constant on every iteration of a loop or derived from another variable that follows this pattern, is an induction variable.\nCoupled with other optimizations, the compiler is then able to generate code that doesn’t actually rely on a dedicated counter variable “i” for maintaining the current offset into “buffer”.\nAs you can see, i is completely optimized out. The compiler determines it doesn’t have to pay the cost of maintaining the induction variable i. It maintains the pointer in the register %rdi. The code is effectively rewritten to something closer to this:\n\n\n\nSo the for loop, changes into a while loop, with a condition of the end of the input\n\n\n\nWe have shown some common optimizations that may get in the way of the debuggability of your application and demonstrated a disparity in debug information quality across two popular compilers. In the next blog post of this series, we will examine how gcc and clang stack up with regards to debug information quality across a myriad of synthetic applications and real world applications.\n\n\n\nLooking forward to part 2\n***\n\n\nThis is how you can port your rust application to FreeBSD\n\n\nThis is how you can port your rust application to FreeBSD\n\n\n\nThe FreeBSD Ports Collection is the way almost everyone installs applications (“ports”) on FreeBSD. Like everything else about FreeBSD, it is primarily a volunteer effort. It is important to keep this in mind when reading this document.\nIn FreeBSD, anyone may submit a new port, or volunteer to maintain an existing unmaintained port. No special commit privilege is needed.\nFor this guide I will use fd tool written by David Peter as example project.\n\n\n\nPrerequisites\n\n\nFreeBSD installation (VM is fine)\nLocal ports tree (done via svn)\nportlint (located at devel/portlint)\npoudriere (located at ports-mgmt/poudriere)[optional]\n\nGetting ports tree\n\n\nWhen you install FreeBSD opt-out of the ports tree. Install svn:\n\n\n\npkg install svn\nsvn checkout https://svn.freebsd.org/ports/head /usr/ports\n\n\n\nPoudriere\n\n\n\nSometimes you might get asked to show poudriere build log, sometimes you won’t. It’s good to have anyway. If you choose to use poudriere, use ZFS. There are plenty of guides on the subject. FreeBSD Porter’s Handbook is the most complete source of information on porting to FreeBSD.\n\n\n\nMakefile\n\n\n\nWhole porting process in most cases is writing one Makefile. I recommend doing something like this.\nHere is the one I wrote for fd:\n\n\n\nPort metadata\n\n\n\nEach port must have one primary category in case of fd it will be sysutils, therefore it's located in /usr/ports/systuils/fd.\n\n\nPORTNAME= fd\nCATEGORIES= sysutils\n\n\n\nSince this port conflicts with other util named fd I specified package suffix as: PKGNAMESUFFIX= -find and indicate conflict: CONFLICTS_INSTALL= fd-[0-9]*. That means to install it from packages user will have to type:\n\n\npkg install fd-find\n\n\n\nLicenses\n\n\n\nThis section is different for every port, but in case of fd it's pretty straightforward:\n\n\nLICENSE= MIT APACHE20\nLICENSE_COMB= dual\n\n\n\nSince fd includes the text of licenses you should do this as well:\n\n\nLICENSE_FILE_MIT= ${WRKSRC}/LICENSE-MIT\nLICENSE_FILE_APACHE20= ${WRKSRC}/LICENSE-APACHE\n\n\n\nDistfiles\n\n\n\nFreeBSD has a requirement that all ports must allow offline building. That means you have specified which files are needed to be downloaded. Luckily we now have helpers to download GitHub sources directly from GitHub:\n\n\nUSE_GITHUB= yes\nGH_ACCOUNT= sharkdp\n\n\n\nSince PORTNANE is fd it will try to download sources for sharkdp/fd. By default it's going to download tag: \n\n\n${DISTVERSIONPREFIX}${DISTVERSION}${DISTVERSIONSUFFIX}\n\n\n\nfd uses v as the prefix, therefore we need to specify: DISTVERSIONPREFIX= v.\nIt's also possible to specify GH_TAGNAME in case tag name doesn't match that pattern.\n\n\n\nExtra packages\n\n\n\nThere are very few rust projects that are standalone and use no crates dependencies. It’s used to be PITA to make it work offline, but now cargo is a first class citizen in ports:\n\n\nUSES= cargo\nCARGO_CRATES= aho-corasick-0.6.3 \\\n              atty-0.2.3 \\\n              # and so goes on\n\n\n\nYes, you have to specify each dependency. Luckily, there is a magic awk script that turns Cargo.lock into what you need. Execute make cargo-crates in the port root. This will fail because you're missing checksum for the original source files:\n\n\nmake makesum\nmake cargo-crates\n\n\n\nThis will give you what you need. Double check that result is correct. There is a way to ignore checksum error, but I can’t remember… Execute make makesum again.\n\n\n\nCARGO_OUT\n\n\n\nIf. build.rs relies on that you have to change it. fd allows you to use SHELL_COMPLETIONS_DIR to specify where completions go, while ripgrep doesn't. In our case we just specify SHELL_COMPLETIONS_DIR:\n\n\nSHELL_COMPLETIONS_DIR= ${WRKDIR}/shell-completions-dir CARGO_ENV= SHELL_COMPLETIONS_DIR=${SHELL_COMPLETIONS_DIR}\n\n\n\nPLIST\n\n\n\nFreeBSD is very strict about files it’s installing and it won’t allow you to install random files that get lost. You have to specify which files you’re installing. In this case, it’s just two:\n\n\nPLIST_FILES= bin/fd \\\n             man/man1/fd.1.gz\n\n\n\nNote that sources for fd have uncompressed man file, while here it’s listed as compressed. If port installs a lot of files, specify them in pkg-plist like here. To actually install them:\n\n\npost-install:\n  @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/fd\n  ${INSTALL_MAN}${WRKSRC}/doc/fd.1 ${STAGEDIR}${MAN1PREFIX}/man/man1\n\n\n\nShell completions\n\n\n\nclap-rs can generate shell completions for you, it's usually handled by build.rs script. First, we need to define options:\n\n\nOPTIONS_DEFINE= BASH FISH ZSH # list options\nOPTIONS_DEFAULT= BASH FISH ZSH # select them by default\nBASH_PLIST_FILES= etc/bash_completion.d/fd.bash-completion \nFISH_PLIST_FILES= share/fish/completions/fd.fish\nZSH_PLIST_FILES= share/zsh/site-functions/_fd\n\n\n\nTo actually install them:\n\n\npost-install-BASH-on:\n @${MKDIR} ${STAGEDIR}${PREFIX}/etc/bash_completion.d\n ${INSTALL_DATA} ${SHELL_COMPLETIONS_DIR}/fd.bash-completion \\\n ${STAGEDIR}${PREFIX}/etc/bash_completion.d\npost-install-FISH-on:\n @${MKDIR} ${STAGEDIR}${PREFIX}/share/fish/completions\n ${INSTALL_DATA} ${SHELL_COMPLETIONS_DIR}/fd.fish \\\n ${STAGEDIR}${PREFIX}/share/fish/completions\npost-install-ZSH-on:\n @${MKDIR} ${STAGEDIR}${PREFIX}/share/zsh/site-functions\n ${INSTALL_DATA} ${SHELL_COMPLETIONS_DIR}/_fd \\\n ${STAGEDIR}${PREFIX}/share/zsh/site-functions\n\n\n\nBonus round - Patching source code\n\n\n\nSometimes you have to patch it and send the patch upstream. Merging it upstream can take awhile, so you can patch it as part of the install process. An easy way to do it:\n\n\n\n Go to work/ dir\nCopy file you want to patch and add .orig suffix to it\nEdit file you want to patch\nExecute make makepatch in port's root\nSubmitting port\n\n\n\nFirst, make sure portlint -AC doesn't give you any errors or warnings. Second, make sure poudriere can build it on both amd64 and i386. If it can't?—?you have to either fix it or mark port broken for that arch.\nFollow this steps like I did steps. If you have any issues you can always ask your question in freebsd-ports on freenode try to find your answer in porter’s handbook before asking.\n\n\n\n\nConference Recap: EuroBSDCon 2017 Recap\n\n\nThe location was wonderful and I loved sneaking out and exploring the city when I could. From what I heard, it was the largest BSD conference in history, with over 320 attendees!\nEach venue is unique and draws many local BSD enthusiasts, who normally wouldn’t be able to travel to a conference. I love having the chance to talk to these people about how they are involved in the projects and what they would like to do. Most of the time, they are asking me questions about how they can get more involved and how we can help.\nMagical is how I would describe the conference social event. To stand in front of the dinner cruise on the Seine, with the Eiffel Tower standing tall, lit up in the night, while working – talking to our community members, was incredible. But, let me start at the beginning.\nWe attend these conferences to talk to our community members, to find out what they are working on, determine technologies that should be supported in FreeBSD, and what we can do to help and improve FreeBSD.\nWe started the week with a half-day board meeting on Wednesday. BSD conferences give us a chance to not only meet with community members around the world, but to have face-to-face meetings with our team members, who are also located around the world. We worked on refining our strategic direction and goals, determining what upcoming conferences we want FreeBSD presence at and who can give FreeBSD talks and workshops there, discussed current and potential software development projects, and discussed how we can help raise awareness about and increase the use of FreeBSD in Europe.\nThursday was the first day of the FreeBSD developer summit, led by our very own Benedict Reuschling. He surprised us all by having us participate in a very clever quiz on France. 45 of us signed into the software, where he’d show the question on the screen and we had a limited amount of time to select our answers, with the results listed on the screen. It was actually a lot of fun, especially since they didn’t publicize the names of the people who got the questions wrong. The lucky or most knowledgeable person on France, was des@freebsd.org.\nSome of our board members ran tutorials in parallel to the summit. Kirk McKusick gave his legendary tutorial,  An Introduction to the FreeBSD Open-Source Operating System , George Neville-Neil gave his tutorial, DTrace for Developers, and Benedict Reuschling gave a tutorial on, Managing BSD systems with Ansible.\nI was pleased to have two chairs from ACM-W Europe run an “Increasing Diversity in the BSDs” BoF for the second year in a row. We broke up into three groups to discuss different gender bias situations, and what we can do to address these types of situations, to make the BSD projects more diverse, welcoming, and inclusive. At the end, people asked that we continue these discussions at future BSD conferences and suggested having an expert in the field give a talk on how to increase the diversity in our projects.\nAs I mentioned earlier, the social dinner was on a boat cruising along the Seine. I had a chance to talk to community members in a more social environment. With the conference being in France, we had a lot of first time attendees from France. I enjoyed talking to many of them, as well as other people I only get to see at the European conferences. Sunday was full of more presentations and conversations. During the closing session, I gave a short talk on the Foundation and the work we are doing. Then, Benedict Reuschling, Board Vice President, came up and gave out recognition awards to four FreeBSD contributors who have made an impact on the Project.\n\n\n\n\nNews Roundup\n\nPlaying with the pine64\n\n\nDaniel Jakots writes in his blog about his experiences with his two pine64 boards: \n\n\n\nFinding something to install on it\n6 weeks ago, I ordered two pine64 units. I didn't (and still don't) have much plan for them, but I wanted to play with some cheap boards. I finally received them this week. Initially I wanted to install some Linux stuff on it, I didn't have much requirement so I thought I would just look what seems to be easy and/or the best supported systemd flavour. I headed over their wiki. Everything seems either not really maintained, done by some random people or both. I am not saying random people do bad things, just that installing some random things from the Internet is not really my cup of tea.\nI heard about Armbian but the server flavour seems to be experimental so I got scared of it. And sadly, the whole things looks like to be alot undermanned.\nSo I went for OpenBSD because I know the stuff and who to harWkindly ask for help. Spoiler alert, it's boring because it just works.\n\n\n\nGetting OpenBSD on it\n\n\n\nI downloaded miniroot62.fs, dd'ed it on the micro SD card. I was afraid I'd need to fiddle with some things like sysutils/dtb because I don't know what I would have needed to do. That's because I don't know what it does and for this precise reason I was wrong and I didn't need to do anything. So just dd the miniroot62.fs and you can go to next checkpoint.\nI plugged an HDMI cable, ethernet cable and the power, it booted, I could read for 10 seconds but then it got dark. Of course it's because you need a serial console. Of course I didn't have one.\nI thought about trying to install OpenBSD blindly, I could have probably succeeded with autoinstall buuuuuut…\nFollowing some good pieces of advice from OpenBSD people I bought some cp2102 (I didn't try to understand what it was or what were the other possibilities, I just wanted something that would work :D).\nI looked how to plug the thing. It appears you can plug it on two different places but if you plug it on the Euler bus it could power a bit the board so if you try to reboot it, it would then mess with the power disruption and could lead a unclean reboot.\nYou just need to plug three cables: GND, TXD and RXD. Of course, the TXD goes on the RXD pin from the picture and the RXD goes on the TXD pin. Guess why I'm telling you that! \n\n\n\nThat's it\nThen you can connect with the usual\n\n\n\n$ cu -dl /dev/cuaU0 -s 115200\n\n\n\n\nWhat’s the point of Docker on FreeBSD or Solaris?\n\n\nPenguinisters are very keen on their docker, but for the rest of us it may be difficult to see what the fuss is all about – it’s only been around a few years and everyone’s talking about it. And someone asked again today. What are we missing?\nWell docker is a solution to a Linux (and Windows) problem that FreeBSD/Solaris doesn’t have. Until recently, the Linux kernel only implemented the original user isolation model involving chroot. More recent kernels have had Control Groups added, which are intended to provide isolation for a group of processes (namespaces). This came out of Google, and they’ve extended to concept to include processor resource allocation as one of the knobs, which could be a good idea for FreeBSD. The scheduler is aware of the JID of the process it’s about to schedule, and I might take a look in the forthcoming winter evenings. But I digress.\nSo if isolation (containerisation in Linux terms) is in the Linux kernel, what is Docker bringing to the party? The only thing I can think of is standardisation and an easy user interface (at the expense of having Python installed). You might think of it in similar terms to ezjail – a complex system intended to do something that is otherwise very simple.\nTo make a jail in FreeBSD all you need do is copy the files for your system  to a directory. This can even be a whole server’s system disk if you like, and jails can run inside jails.  You then create a very simple config file, giving the jail a name, the path to your files and an what IP addresses to pass through (if any) and you’re done. Just type “service jail nameofjal start”, and off it goes.\nIs there any advantage in running Docker? Well, in a way, there is. Docker has a repository of system images that you can just install and run, and this is what a lot of people want. They’re a bit like virtual appliances, but not mind-numbingly inefficient.\nYou can actually run docker on FreeBSD. A port was done a couple of years ago, but it relies on the 64-bit Linux emulation that started to appear in 10.x. The newer the version of FreeBSD the better.\nDocker is in ports/sysutils/docker-freebsd. It makes uses of jails instead of Linux cgroups, and requires ZFS rather than UFS for file system isolation. I believe the Linux version uses Union FS but I could be completely wrong on that.\nThe FreeBSD port works with the Docker hub repository, giving you access to thousands of pre-packaged system images to play with. And that’s about as far as I’ve ever tested it. If you want to run the really tricky stuff (like Windows) you probably want full hardware emulation and something like  Xen. If you want to deploy or migrate FreeBSD or Solaris systems, just copy a new tarball in to the directory and go. It’s a non-problem, so why make it more complicated?\nGiven the increasing frequency Docker turns up in conversations, it’s probably worth taking seriously as Linux applications get packaged up in to images for easy access. Jails/Zones may be more efficient, and Docker images are limited to binary, but convenience tends to win in many environments.\n\n\n\n\nNetwork Manager Control for OpenBSD\n\n\nI propose you a small script allowing you to easily manage your networks connections. This script is integrated within the openbox dynamic menus. Moreover, it allow you to automatically have the connections you have pre-defined based.\nI was frustrated to not be able to swap quickly from one network interface to an another, to connect simply and quickly to my wifi, to my cable connection, to the wifi of a friend, ... \nEvery time you have to type the ifconfig commands, .... This is nice, but boring. Surely, when you are in a middle of a presentation and you just want a quick connection to your mobile in tethering mode.\nThanks to OpenBSD those commands are not so hard, but this frustrate me to not be able to do it with one click. Directly from my windows environment. Since I'm using Openbox, from a menu of openbox.\nSo, I've looked around to see what is currently existing. \nOne tool I've found was netctl. The idea is to have a repository of hostname.if files ready to use for different cases. \nThe idea sounds great, but I had some difficulties to use it. \nBut what annoys me the most, is that it modify the current hostname.if files in /etc. \nTo my eyes, I would avoid to modify those files because they are my working basis. I want to rely on them and make sure that my network will be back to a normal mode after a reboot. \nNevertheless, if I've well understood netctl, you have a feature where it will look for the predefined network config matching the environment where you are. Very cool.\nSo, after having played with netctl, look for alternative on internet, I've decided to create nmctl. A small python script which just perform the mandatory network commands.\n\n\n\n1. nmctl: a Network Manager Control tool for OpenBSD\n\n\n\nNmctl a small tool that allow you to manage your network connections. \nWhy python ? Just because it's the easiest programming language for me. But I should maybe rewrite it in shell, more standard in the OpenBSD world than python.\n\n\n\n1.1. download and install\n\n\n\nI've put nmctl on my sourceforge account here\nYou can dowload the last version here\nTo install you just have to run: make install (as root)\nThe per-requists are:\n\n\nhaving python2.7 installed\nSince nmctl must be run as root, I strongly recommend you to run it via doas.\n\n\n\n\n1.2. The config file\n\n\n\nFirst you have to create a config and store it in /etc/nmctl.conf. \nThis file must respect few rules:\nEach block must starts with a line having the following format: '''\u0026lt;-name-\u0026gt;:\u0026lt;-interface-\u0026gt;'''\nEach following lines must start by at least one space. Those lines have more or less the same format as for hostname.if.\nYou have to create a block with the name \"open\". This will be used to establish a connection to the Open Wifi around you (in restaurant for example)\nThe order of those elements is important. In case you use the -restart option, nmctl will try each of those network configs one after one until it can ping www.google.com. (if you wan to ping something else, you can change it in the python script if you want).\nYou can use external commands. Just preced them with the \"!\".\nYou have macors. Macros allow you to perform some actions. The 2 currently implemented are '''\u0026lt;-nwid-\u0026gt;''' and '''\u0026lt;-random mac-\u0026gt;'''.\nYou can use keywords. Currently the only one implemented is \"dhcp\"\nBasically you can put all commands that nmctl will apply to the interface to which those commands are referring to. So, you will always have \"ifconfig \u0026lt;-interface-\u0026gt; \u0026lt;-command you type in the config file-\u0026gt;\". \nCheck the manpage of ifconfig to see how flexible command is.\nYou have currently 2 macros:\n\n\n\u0026lt;-nwid-\u0026gt; which refers to the \"nwid \u0026lt;-nwid name-\u0026gt;\" when you select an Open Wifi with the -open option of nmctl.\n\u0026lt;-random mac-\u0026gt; is a macro generating a random mac address. This is useful test a dhcp server for example.\n\n\nThe keyword \"dhcp\" will trigger a command like \"dhclient \u0026lt;-interface-\u0026gt;\".\n\n\n\n1.3. Config file sample.\n\n\n\nLet me show you one nmctl.conf example. It speaks by itself.\n\n\n\n\u0026amp;#35; the name open is required for Open wifi. \n\u0026amp;#35; this is the interface that nmctl will take to establish a connection\n\u0026amp;#35; We must put the macro \u0026lt;nwid\u0026gt;. This is where nmctl will put the nwid command\n\u0026amp;#35; and the selected openwifi selected by the parameter --open\n\nopen:iwn0\n !route flush\n \u0026lt;nwid\u0026gt; -wpa\n dhcp\n\ncable:em0\n !route flush\n dhcp\n\nlgg4:iwn0\n !route flush\n nwid LGG4s_8114 wpakey aanotherpassword\n dhcp\n\nhome:iwn0\n !route flush\n nwid Linksys19594 wpakey apassword\n dhcp\n\ncollege:iwn0\n !route flush\n nwid john wpakey haahaaaguessme\n dhcp\n\ncable_fixip:em0\n !route flush\n inet 192.168.3.3 netmask 255.255.255.0\n !route add -host default 192.168.3.1\n\n\u0026amp;#35; with this network interface I'm using the macro \u0026lt;random mac\u0026gt; \n\u0026amp;#35; which will do what you guess it will do :-)\ncable_random:em0\n !route flush\n lladdr \u0026lt;random mac\u0026gt;\n dhcp\n\n\n\n\nIn this config we have several cable's networks associated with my interface \"em0\" and several wifi networks associated with my wireless interface \"iwn0\".\nYou see that you can switch from dhcp, to fixed IP and even you can play with the random mac address macro.\nThanks to the network called \"open\", you can connect to any open wifi system. To do that, just type ''' nmctl --open \u0026lt;-name of the open wifi-\u0026gt;'''\nSo, now, with just one command you can switch from one network configuration to an another one. \nThat's become cool :-).\n\n\n\n2. Integration with openbox\n\n\n\nThanks to the dynamic menu feature of oenbox[sic], you can have your different pre-defined networks under one click of your mouse.\nFor that, you just have to add, at the most appropriate place for you, the following code in your ./config/openbox/menu.xml\n\n\n\u0026lt;menu id=\"network-menu\" label=\"Network\"\u0026gt;\n  \u0026lt;menu id=\"wifi-list\" label=\"Wifi configured\"  execute=\"doas /usr/local/bin/nmctl --list\" /\u0026gt;\n  \u0026lt;menu id=\"wifi-scan\" label=\"Wifi scan\"  execute=\"doas /usr/local/bin/nmctl --scan\" /\u0026gt;\n  \u0026lt;separator /\u0026gt;\n\n\n\nIn this case, you see the different networks as defined in the config file just above.\n\n\n\n3. Automatically identify your available connection and connect to it in one go\n\n\n\nBut the most interesting part, is coming from a loop through all of your defined networks. \nThis loop is reachable via the -restart option.\nBasically the idea is to loop from the first network config to the last and test a ping for each of them. Once the ping works, we break the loop and keep this setting.\nThus where ever you are, you just have to initiate a nmctl -restart and you will be connected to the network you have defined for this place. There is one small exception, the open-wifis. We do not include them in this loop exercise.\nThus the way you define your config file is important. \nSince the network called \"open\" is dedicated to \"open wifi\", it will not be part of this scan exercise. I propose you keep it at the first place.\nThen, in my case, if my mobile, called lgg4, is open and visible by my laptop, I will connect it immediately. \nSecond, I check if my \"home wifi\" is visible. \nThird, if I have a cable connected on my laptop, I'm using this connection and do a dhcp command. \nThen, I check to see if my laptop is not viewing the \"college\" wifi. \n? and so on until a ping command works.\nIf you do not have a cable in your laptop and if none of your pre-defined wifi connections are visible, the scan will stop.\n\n\n\n3.1 examples\n\n\n\nNo cable connected, no pre-defined wifi around me:\n\n\nt420:~$ time doas nmctl -r \nnwids around you:  bbox2-d954\n    0m02.97s real     0m00.08s user     0m00.11s system\nt420:~$ \nt420:~$\n\n\n\nI'm at home and my wifi router is running:\n\n\nt420:~$ time doas nmctl -r \nnwids around you:  Linksys19594 bbox2-d954\nifconfig em0 down: 0\ndefault              fw                   done\nfw                   00:22:4d:ac:30:fd    done\nnas                  link#2               done\nroute flush: 0\nifconfig iwn0 nwid Linksys19594  ...: 0\niwn0: no link ........... sleeping\ndhclient iwn0: 0\nDone.\nPING www.google.com (216.58.212.164): 56 data bytes\n64 bytes from 216.58.212.164: icmp_seq=0 ttl=52 time=12.758 ms\n\n--- www.google.com ping statistics ---\n1 packets transmitted, 1 packets received, 0.0% packet loss\nround-trip min/avg/max/std-dev = 12.758/12.758/12.758/0.000 ms\nping -c1 -w2 www.google.com: 0\n    0m22.49s real     0m00.08s user     0m00.11s system\nt420:~$\n\n\n\nI'm at home but tethering is active on my mobile:\n\n\nt420:~$ \nt420:~$ time doas nmctl -r \nnwids around you:  Linksys19594 bbox2-d954 LGG4s_8114\nifconfig em0 down: 0\ndefault              fw                   done\nfw                   00:22:4d:ac:30:fd    done\nnas                  link#2               done\nroute flush: 0\nifconfig iwn0 nwid LGG4s_8114  ...: 0\niwn0: DHCPDISCOVER - interval 1\niwn0: DHCPDISCOVER - interval 2\niwn0: DHCPOFFER from 192.168.43.1 (a0:91:69:be:10:49)\niwn0: DHCPREQUEST to 255.255.255.255\niwn0: DHCPACK from 192.168.43.1 (a0:91:69:be:10:49)\niwn0: bound to 192.168.43.214 -- renewal in 1800 seconds\ndhclient iwn0: 0\nDone.\nping: Warning: www.google.com has multiple addresses; using 173.194.69.99\nPING www.google.com (173.194.69.99): 56 data bytes\n64 bytes from 173.194.69.99: icmp_seq=0 ttl=43 time=42.863 ms\n\n--- www.google.com ping statistics ---\n1 packets transmitted, 1 packets received, 0.0% packet loss\nround-trip min/avg/max/std-dev = 42.863/42.863/42.863/0.000 ms\nping -c1 -w2 www.google.com: 0\n    0m13.78s real     0m00.08s user     0m00.13s system\nt420:~$\n\n\n\nSame situation, but I cut the tethering just after the scan. Thus the dhcp command will not succeed. \nWe see that, after timeouts, nmctl see that the ping is failing (return code 1), thus he pass to the next possible pre-defined network.\n\n\nt420:~$ time doas nmctl -r \nnwids around you:  Linksys19594 bbox2-d954 LGG4s_8114\nifconfig em0 down: 0\ndefault              192.168.43.1         done\n192.168.43.1         a0:91:69:be:10:49    done\nroute flush: 0\nifconfig iwn0 nwid LGG4s_8114  ...: 0\niwn0: no link ........... sleeping\ndhclient iwn0: 0\nDone.\nping: no address associated with name\nping -c1 -w2 www.google.com: 1\nifconfig em0 down: 0\n192.168.43.1         link#2               done\nroute flush: 0\nifconfig iwn0 nwid Linksys19594  ...: 0\niwn0: DHCPREQUEST to 255.255.255.255\niwn0: DHCPACK from 192.168.3.1 (00:22:4d:ac:30:fd)\niwn0: bound to 192.168.3.16 -- renewal in 302400 seconds\ndhclient iwn0: 0\nDone.\nPING www.google.com (216.58.212.164): 56 data bytes\n64 bytes from 216.58.212.164: icmp_seq=0 ttl=52 time=12.654 ms\n\n--- www.google.com ping statistics ---\n1 packets transmitted, 1 packets received, 0.0% packet loss\nround-trip min/avg/max/std-dev = 12.654/12.654/12.654/0.000 ms\nping -c1 -w2 www.google.com: 0\n    3m34.85s real     0m00.17s user     0m00.20s system\nt420:~$\n\n\n\n\nOpenVPN Setup Guide for FreeBSD\n\n\nOpenVPN Setup Guide\n\n\nBrowse securely from anywhere using a personal VPN with OpenVPN, LDAP, FreeBSD, and PF.\n\n\n\n\nA VPN allows you to securely extend a private network over the internet via tunneling protocols and traffic encryption. For most people, a VPN offers two primary features: (1) the ability to access services on your local network over the internet, and (2) secure internet connectivity over an untrusted network. In this guide, I'll describe how to set up a personal VPN using OpenVPN on FreeBSD. The configuration can use both SSL certificates and LDAP credentials for authentication. We'll also be using the PF firewall to NAT traffic from our VPN out to the internet.\nOne important note about running your own VPN: since you are most likely hosting your server using a VPS or hosting provider, with a public IP address allocated specifically to you, your VPN will not give you any extra anonymity on the internet. If anything, you'll be making yourself more of a target, since all your activity can be trivially traced back to your server's IP address. So while your VPN will protect you from a snooping hacker on the free WiFi at Starbucks, it won't protect you from a federal investigation.\nThis guide assumes you are running FreeBSD with the PF firewall. If you're using a different Unix flavor, I'll probably get you most of the way there—but you'll be on your own when configuring your firewall and networking.\nFinally, I've used example.com and a non-routable public IP address for all the examples in this guide. You'll need to replace them with your own domain name and public IP address.\n\n\n\n\nBeastie Bits\n\n\nBSDCan 2017 videos\nGetting started with OpenBSD device driver development PDF\nAWS CloudWatch Logs agent for FreeBSD\nFreeBSD Foundation November 2017 Development Projects Update\nSchedule for the BSD Devroom at FOSDEM 2018\n***\n\n\nFeedback/Questions\n\n\nMatt - The show and Cantrill\nPaulo - FreeBSD Question\nSteven - Virtualization under FreeBSD\n***\n","content_html":"\u003cp\u003ePicking a compiler for debuggability, how to port Rust apps to FreeBSD, what the point of Docker is on FreeBSD/Solaris, another EuroBSDcon recap, and network manager control in OpenBSD\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://backtrace.io/blog/compile-once-debug-twice-picking-a-compiler-for-debuggability-1of3/\" rel=\"nofollow\"\u003eCompile once, Debug twice: Picking a compiler for debuggability, part 1 of 3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting look into why when you try to debug a crash, you can often find all of the useful information has been ‘optimized out’\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHave you ever had an assert get triggered only to result in a useless core dump with missing variable information or an invalid callstack?\u003cbr\u003e\nCommon factors that go into selecting a C or C++ compiler are: availability, correctness, compilation speed and application performance. A factor that is often neglected is debug information quality, which symbolic debuggers use to reconcile application executable state to the source-code form that is familiar to most software engineers.\u003cbr\u003e\nWhen production builds of an application fail, the level of access to program state directly impacts the ability for a software engineer to investigate and fix a bug. If a compiler has optimized out a variable or is unable to express to a symbolic debugger how to reconstruct the value of a variable, the engineer’s investigation process is significantly impacted. Either the engineer has to attempt to recreate the problem, iterate through speculative fixes or attempt to perform prohibitively expensive debugging, such as reconstructing program state through executable code analysis.\u003cbr\u003e\nDebug information quality is in fact not proportionally related to the quality of the generated executable code and wildly varies from compiler to compiler.\u003cbr\u003e\nDifferent compilers emit debug information at varying levels of quality and accuracy. However, certain optimizations will certainly impact any debugger’s ability to generate accurate stack traces or extract variable values. \u003cbr\u003e\nIn the above program, the value of argv is extracted and then the program is paused. The ck_pr_load_ptr function performs a read from the region of memory pointed to by argv, in a manner that prevents the compiler from performing optimization on it. This ensures that the memory access occurs and for this reason, the value of argv must be accessible by the time ck_pr_load_ptr is executed.\u003cbr\u003e\nWhen compiled with gcc, the debugger fails to find the value of the variable. The compiler determines that the value of argv is no longer needed after the ck_pr_load_ptr operation and so doesn’t bother paying the cost of saving the value.\u003cbr\u003e\nSome optimizations generate executable code whose call stack cannot be sufficiently disambiguated to reconcile a call stack that mirrors that of the source program. Two common culprits for this are tail call optimization and basic block commoning.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn another example\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf the program receives a first argument of 1, then function is called with the argument of \u0026quot;a\u0026quot;. If the program receives a first argument of 2, then function is called with the argument of \u0026quot;b\u0026quot;. However, if we compile this program with clang, the stack traces in both cases are identical! clang informs the debugger that the function f invoked the function(\u0026quot;b\u0026quot;) branch where x = 2 even if x = 1.\u003cbr\u003e\nThough some optimizations will certainly impact the accuracy of a symbolic debugger, some compilers simply lack the ability to generate debug information in the presence of certain optimizations. One common optimization is induction variable elimination. A variable that’s incremented or decremented by a constant on every iteration of a loop or derived from another variable that follows this pattern, is an induction variable.\u003cbr\u003e\nCoupled with other optimizations, the compiler is then able to generate code that doesn’t actually rely on a dedicated counter variable “i” for maintaining the current offset into “buffer”.\u003cbr\u003e\nAs you can see, i is completely optimized out. The compiler determines it doesn’t have to pay the cost of maintaining the induction variable i. It maintains the pointer in the register %rdi. The code is effectively rewritten to something closer to this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo the for loop, changes into a while loop, with a condition of the end of the input\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe have shown some common optimizations that may get in the way of the debuggability of your application and demonstrated a disparity in debug information quality across two popular compilers. In the next blog post of this series, we will examine how gcc and clang stack up with regards to debug information quality across a myriad of synthetic applications and real world applications.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking forward to part 2\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@andoriyu/this-is-how-you-can-port-your-rust-application-to-freebsd-7d3e9f1bc3df\" rel=\"nofollow\"\u003eThis is how you can port your rust application to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is how you can port your rust application to FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD Ports Collection is the way almost everyone installs applications (“ports”) on FreeBSD. Like everything else about FreeBSD, it is primarily a volunteer effort. It is important to keep this in mind when reading this document.\u003cbr\u003e\nIn FreeBSD, anyone may submit a new port, or volunteer to maintain an existing unmaintained port. No special commit privilege is needed.\u003cbr\u003e\nFor this guide I will use fd tool written by David Peter as example project.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003ePrerequisites\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD installation (VM is fine)\u003c/li\u003e\n\u003cli\u003eLocal ports tree (done via svn)\u003c/li\u003e\n\u003cli\u003eportlint (located at devel/portlint)\u003c/li\u003e\n\u003cli\u003epoudriere (located at ports-mgmt/poudriere)[optional]\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eGetting ports tree\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhen you install FreeBSD opt-out of the ports tree. Install svn:\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003epkg install svn\nsvn checkout https://svn.freebsd.org/ports/head /usr/ports\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003ePoudriere\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSometimes you might get asked to show poudriere build log, sometimes you won’t. It’s good to have anyway. If you choose to use poudriere, use ZFS. There are plenty of guides on the subject. FreeBSD Porter’s Handbook is the most complete source of information on porting to FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMakefile\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhole porting process in most cases is writing one Makefile. I recommend doing something like this.\u003cbr\u003e\nHere is the one I wrote for fd:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePort metadata\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEach port must have one primary category in case of fd it will be sysutils, therefore it\u0026#39;s located in /usr/ports/systuils/fd.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003ePORTNAME= fd\nCATEGORIES= sysutils\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince this port conflicts with other util named fd I specified package suffix as: PKGNAMESUFFIX= -find and indicate conflict: CONFLICTS_INSTALL= fd-[0-9]*. That means to install it from packages user will have to type:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003epkg install fd-find\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eLicenses\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis section is different for every port, but in case of fd it\u0026#39;s pretty straightforward:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eLICENSE= MIT APACHE20\nLICENSE_COMB= dual\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince fd includes the text of licenses you should do this as well:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eLICENSE_FILE_MIT= ${WRKSRC}/LICENSE-MIT\nLICENSE_FILE_APACHE20= ${WRKSRC}/LICENSE-APACHE\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eDistfiles\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD has a requirement that all ports must allow offline building. That means you have specified which files are needed to be downloaded. Luckily we now have helpers to download GitHub sources directly from GitHub:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eUSE_GITHUB= yes\nGH_ACCOUNT= sharkdp\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince PORTNANE is fd it will try to download sources for sharkdp/fd. By default it\u0026#39;s going to download tag: \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e${DISTVERSIONPREFIX}${DISTVERSION}${DISTVERSIONSUFFIX}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003efd uses v as the prefix, therefore we need to specify: DISTVERSIONPREFIX= v.\u003cbr\u003e\nIt\u0026#39;s also possible to specify GH_TAGNAME in case tag name doesn\u0026#39;t match that pattern.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eExtra packages\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are very few rust projects that are standalone and use no crates dependencies. It’s used to be PITA to make it work offline, but now cargo is a first class citizen in ports:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eUSES= cargo\nCARGO_CRATES= aho-corasick-0.6.3 \\\n              atty-0.2.3 \\\n              # and so goes on\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYes, you have to specify each dependency. Luckily, there is a magic awk script that turns Cargo.lock into what you need. Execute make cargo-crates in the port root. This will fail because you\u0026#39;re missing checksum for the original source files:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003emake makesum\nmake cargo-crates\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis will give you what you need. Double check that result is correct. There is a way to ignore checksum error, but I can’t remember… Execute make makesum again.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCARGO_OUT\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf. build.rs relies on that you have to change it. fd allows you to use SHELL_COMPLETIONS_DIR to specify where completions go, while ripgrep doesn\u0026#39;t. In our case we just specify SHELL_COMPLETIONS_DIR:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eSHELL_COMPLETIONS_DIR= ${WRKDIR}/shell-completions-dir CARGO_ENV= SHELL_COMPLETIONS_DIR=${SHELL_COMPLETIONS_DIR}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003ePLIST\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD is very strict about files it’s installing and it won’t allow you to install random files that get lost. You have to specify which files you’re installing. In this case, it’s just two:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003ePLIST_FILES= bin/fd \\\n             man/man1/fd.1.gz\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNote that sources for fd have uncompressed man file, while here it’s listed as compressed. If port installs a lot of files, specify them in pkg-plist like here. To actually install them:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003epost-install:\n  @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/fd\n  ${INSTALL_MAN}${WRKSRC}/doc/fd.1 ${STAGEDIR}${MAN1PREFIX}/man/man1\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eShell completions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eclap-rs can generate shell completions for you, it\u0026#39;s usually handled by build.rs script. First, we need to define options:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eOPTIONS_DEFINE= BASH FISH ZSH # list options\nOPTIONS_DEFAULT= BASH FISH ZSH # select them by default\nBASH_PLIST_FILES= etc/bash_completion.d/fd.bash-completion \nFISH_PLIST_FILES= share/fish/completions/fd.fish\nZSH_PLIST_FILES= share/zsh/site-functions/_fd\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo actually install them:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003epost-install-BASH-on:\n @${MKDIR} ${STAGEDIR}${PREFIX}/etc/bash_completion.d\n ${INSTALL_DATA} ${SHELL_COMPLETIONS_DIR}/fd.bash-completion \\\n ${STAGEDIR}${PREFIX}/etc/bash_completion.d\npost-install-FISH-on:\n @${MKDIR} ${STAGEDIR}${PREFIX}/share/fish/completions\n ${INSTALL_DATA} ${SHELL_COMPLETIONS_DIR}/fd.fish \\\n ${STAGEDIR}${PREFIX}/share/fish/completions\npost-install-ZSH-on:\n @${MKDIR} ${STAGEDIR}${PREFIX}/share/zsh/site-functions\n ${INSTALL_DATA} ${SHELL_COMPLETIONS_DIR}/_fd \\\n ${STAGEDIR}${PREFIX}/share/zsh/site-functions\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eBonus round - Patching source code\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSometimes you have to patch it and send the patch upstream. Merging it upstream can take awhile, so you can patch it as part of the install process. An easy way to do it:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e Go to work/ dir\u003c/li\u003e\n\u003cli\u003eCopy file you want to patch and add .orig suffix to it\u003c/li\u003e\n\u003cli\u003eEdit file you want to patch\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eExecute make makepatch in port\u0026#39;s root\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSubmitting port\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst, make sure portlint -AC doesn\u0026#39;t give you any errors or warnings. Second, make sure poudriere can build it on both amd64 and i386. If it can\u0026#39;t?—?you have to either fix it or mark port broken for that arch.\u003cbr\u003e\nFollow this steps like I did steps. If you have any issues you can always ask your question in freebsd-ports on freenode try to find your answer in porter’s handbook before asking.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/conference-recap-eurobsdcon-2017-recap/\" rel=\"nofollow\"\u003eConference Recap: EuroBSDCon 2017 Recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe location was wonderful and I loved sneaking out and exploring the city when I could. From what I heard, it was the largest BSD conference in history, with over 320 attendees!\u003cbr\u003e\nEach venue is unique and draws many local BSD enthusiasts, who normally wouldn’t be able to travel to a conference. I love having the chance to talk to these people about how they are involved in the projects and what they would like to do. Most of the time, they are asking me questions about how they can get more involved and how we can help.\u003cbr\u003e\n\u003cem\u003eMagical\u003c/em\u003e is how I would describe the conference social event. To stand in front of the dinner cruise on the Seine, with the Eiffel Tower standing tall, lit up in the night, while working – talking to our community members, was incredible. But, let me start at the beginning.\u003cbr\u003e\nWe attend these conferences to talk to our community members, to find out what they are working on, determine technologies that should be supported in FreeBSD, and what we can do to help and improve FreeBSD.\u003cbr\u003e\nWe started the week with a half-day board meeting on Wednesday. BSD conferences give us a chance to not only meet with community members around the world, but to have face-to-face meetings with our team members, who are also located around the world. We worked on refining our strategic direction and goals, determining what upcoming conferences we want FreeBSD presence at and who can give FreeBSD talks and workshops there, discussed current and potential software development projects, and discussed how we can help raise awareness about and increase the use of FreeBSD in Europe.\u003cbr\u003e\nThursday was the first day of the FreeBSD developer summit, led by our very own Benedict Reuschling. He surprised us all by having us participate in a very clever quiz on France. 45 of us signed into the software, where he’d show the question on the screen and we had a limited amount of time to select our answers, with the results listed on the screen. It was actually a lot of fun, especially since they didn’t publicize the names of the people who got the questions wrong. The lucky or most knowledgeable person on France, was \u003ca href=\"mailto:des@freebsd.org\" rel=\"nofollow\"\u003edes@freebsd.org\u003c/a\u003e.\u003cbr\u003e\nSome of our board members ran tutorials in parallel to the summit. Kirk McKusick gave his legendary tutorial,  An Introduction to the FreeBSD Open-Source Operating System , George Neville-Neil gave his tutorial, DTrace for Developers, and Benedict Reuschling gave a tutorial on, Managing BSD systems with Ansible.\u003cbr\u003e\nI was pleased to have two chairs from ACM-W Europe run an “Increasing Diversity in the BSDs” BoF for the second year in a row. We broke up into three groups to discuss different gender bias situations, and what we can do to address these types of situations, to make the BSD projects more diverse, welcoming, and inclusive. At the end, people asked that we continue these discussions at future BSD conferences and suggested having an expert in the field give a talk on how to increase the diversity in our projects.\u003cbr\u003e\nAs I mentioned earlier, the social dinner was on a boat cruising along the Seine. I had a chance to talk to community members in a more social environment. With the conference being in France, we had a lot of first time attendees from France. I enjoyed talking to many of them, as well as other people I only get to see at the European conferences. Sunday was full of more presentations and conversations. During the closing session, I gave a short talk on the Foundation and the work we are doing. Then, Benedict Reuschling, Board Vice President, came up and gave out recognition awards to four FreeBSD contributors who have made an impact on the Project.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://chown.me/blog/playing-with-the-pine64.html\" rel=\"nofollow\"\u003ePlaying with the pine64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDaniel Jakots writes in his blog about his experiences with his two pine64 boards: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFinding something to install on it\u003cbr\u003e\n6 weeks ago, I ordered two pine64 units. I didn\u0026#39;t (and still don\u0026#39;t) have much plan for them, but I wanted to play with some cheap boards. I finally received them this week. Initially I wanted to install some Linux stuff on it, I didn\u0026#39;t have much requirement so I thought I would just look what seems to be easy and/or the best supported systemd flavour. I headed over their wiki. Everything seems either not really maintained, done by some random people or both. I am not saying random people do bad things, just that installing some random things from the Internet is not really my cup of tea.\u003cbr\u003e\nI heard about \u003ca href=\"https://www.armbian.com/pine64/\" rel=\"nofollow\"\u003eArmbian\u003c/a\u003e but the server flavour seems to be experimental so I got scared of it. And sadly, the whole things looks like to be alot undermanned.\u003cbr\u003e\nSo I went for OpenBSD because I know the stuff and who to har\u003csup\u003eWkindly\u003c/sup\u003e ask for help. Spoiler alert, it\u0026#39;s boring because it just works.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGetting OpenBSD on it\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI downloaded miniroot62.fs, dd\u0026#39;ed it on the micro SD card. I was afraid I\u0026#39;d need to fiddle with some things like sysutils/dtb because I don\u0026#39;t know what I would have needed to do. That\u0026#39;s because I don\u0026#39;t know what it does and for this precise reason I was wrong and I didn\u0026#39;t need to do anything. So just dd the miniroot62.fs and you can go to next checkpoint.\u003cbr\u003e\nI plugged an HDMI cable, ethernet cable and the power, it booted, I could read for 10 seconds but then it got dark. Of course it\u0026#39;s because you need a serial console. Of course I didn\u0026#39;t have one.\u003cbr\u003e\nI thought about trying to install OpenBSD blindly, I could have probably succeeded with autoinstall buuuuuut…\u003cbr\u003e\nFollowing some good pieces of advice from OpenBSD people I bought some cp2102 (I didn\u0026#39;t try to understand what it was or what were the other possibilities, I just wanted something that would work :D).\u003cbr\u003e\nI looked how to plug the thing. It appears you can plug it on two different places but if you plug it on the Euler bus it could power a bit the board so if you try to reboot it, it would then mess with the power disruption and could lead a unclean reboot.\u003cbr\u003e\nYou just need to plug three cables: GND, TXD and RXD. Of course, the TXD goes on the RXD pin from the picture and the RXD goes on the TXD pin. Guess why I\u0026#39;m telling you that! \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThat\u0026#39;s it\u003c/li\u003e\n\u003cli\u003eThen you can connect with the usual\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e$ cu -dl /dev/cuaU0 -s 115200\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.frankleonhardt.com/2017/whats-the-point-of-docker-on-freebsd-or-solaris/\" rel=\"nofollow\"\u003eWhat’s the point of Docker on FreeBSD or Solaris?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePenguinisters are very keen on their docker, but for the rest of us it may be difficult to see what the fuss is all about – it’s only been around a few years and everyone’s talking about it. And someone asked again today. What are we missing?\u003cbr\u003e\nWell docker is a solution to a Linux (and Windows) problem that FreeBSD/Solaris doesn’t have. Until recently, the Linux kernel only implemented the original user isolation model involving chroot. More recent kernels have had Control Groups added, which are intended to provide isolation for a group of processes (namespaces). This came out of Google, and they’ve extended to concept to include processor resource allocation as one of the knobs, which could be a good idea for FreeBSD. The scheduler is aware of the JID of the process it’s about to schedule, and I might take a look in the forthcoming winter evenings. But I digress.\u003cbr\u003e\nSo if isolation (containerisation in Linux terms) is in the Linux kernel, what is Docker bringing to the party? The only thing I can think of is standardisation and an easy user interface (at the expense of having Python installed). You might think of it in similar terms to ezjail – a complex system intended to do something that is otherwise very simple.\u003cbr\u003e\nTo make a jail in FreeBSD all you need do is copy the files for your system  to a directory. This can even be a whole server’s system disk if you like, and jails can run inside jails.  You then create a very simple config file, giving the jail a name, the path to your files and an what IP addresses to pass through (if any) and you’re done. Just type “service jail nameofjal start”, and off it goes.\u003cbr\u003e\nIs there any advantage in running Docker? Well, in a way, there is. Docker has a repository of system images that you can just install and run, and this is what a lot of people want. They’re a bit like virtual appliances, but not mind-numbingly inefficient.\u003cbr\u003e\nYou can actually run docker on FreeBSD. A port was done a couple of years ago, but it relies on the 64-bit Linux emulation that started to appear in 10.x. The newer the version of FreeBSD the better.\u003cbr\u003e\nDocker is in ports/sysutils/docker-freebsd. It makes uses of jails instead of Linux cgroups, and requires ZFS rather than UFS for file system isolation. I believe the Linux version uses Union FS but I could be completely wrong on that.\u003cbr\u003e\nThe FreeBSD port works with the Docker hub repository, giving you access to thousands of pre-packaged system images to play with. And that’s about as far as I’ve ever tested it. If you want to run the really tricky stuff (like Windows) you probably want full hardware emulation and something like  Xen. If you want to deploy or migrate FreeBSD or Solaris systems, just copy a new tarball in to the directory and go. It’s a non-problem, so why make it more complicated?\u003cbr\u003e\nGiven the increasing frequency Docker turns up in conversations, it’s probably worth taking seriously as Linux applications get packaged up in to images for easy access. Jails/Zones may be more efficient, and Docker images are limited to binary, but convenience tends to win in many environments.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.vincentdelft.be/post/post_20171023\" rel=\"nofollow\"\u003eNetwork Manager Control for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI propose you a small script allowing you to easily manage your networks connections. This script is integrated within the openbox dynamic menus. Moreover, it allow you to automatically have the connections you have pre-defined based.\u003cbr\u003e\nI was frustrated to not be able to swap quickly from one network interface to an another, to connect simply and quickly to my wifi, to my cable connection, to the wifi of a friend, ... \u003cbr\u003e\nEvery time you have to type the ifconfig commands, .... This is nice, but boring. Surely, when you are in a middle of a presentation and you just want a quick connection to your mobile in tethering mode.\u003cbr\u003e\nThanks to OpenBSD those commands are not so hard, but this frustrate me to not be able to do it with one click. Directly from my windows environment. Since I\u0026#39;m using Openbox, from a menu of openbox.\u003cbr\u003e\nSo, I\u0026#39;ve looked around to see what is currently existing. \u003cbr\u003e\nOne tool I\u0026#39;ve found was \u003ca href=\"https://github.com/akpoff/netctl\" rel=\"nofollow\"\u003enetctl\u003c/a\u003e. The idea is to have a repository of hostname.if files ready to use for different cases. \u003cbr\u003e\nThe idea sounds great, but I had some difficulties to use it. \u003cbr\u003e\nBut what annoys me the most, is that it modify the current hostname.if files in /etc. \u003cbr\u003e\nTo my eyes, I would avoid to modify those files because they are my working basis. I want to rely on them and make sure that my network will be back to a normal mode after a reboot. \u003cbr\u003e\nNevertheless, if I\u0026#39;ve well understood netctl, you have a feature where it will look for the predefined network config matching the environment where you are. Very cool.\u003cbr\u003e\nSo, after having played with netctl, look for alternative on internet, I\u0026#39;ve decided to create nmctl. A small python script which just perform the mandatory network commands.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e1. nmctl: a Network Manager Control tool for OpenBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNmctl a small tool that allow you to manage your network connections. \u003cbr\u003e\nWhy python ? Just because it\u0026#39;s the easiest programming language for me. But I should maybe rewrite it in shell, more standard in the OpenBSD world than python.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e1.1. download and install\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve put nmctl on my sourceforge account \u003ca href=\"https://sourceforge.net/p/nmctl/code/ci/master/tree/\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\u003cbr\u003e\nYou can dowload the last version \u003ca href=\"https://sourceforge.net/p/nmctl/code/ci/master/tarball\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\u003cbr\u003e\nTo install you just have to run: make install (as root)\u003cbr\u003e\nThe per-requists are:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ehaving python2.7 installed\u003c/li\u003e\n\u003cli\u003eSince nmctl must be run as root, I strongly recommend you to run it via \u003ca href=\"http://man.openbsd.org/doas.conf.5\" rel=\"nofollow\"\u003edoas\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e1.2. The config file\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst you have to create a config and store it in /etc/nmctl.conf. \u003cbr\u003e\nThis file must respect few rules:\u003cbr\u003e\nEach block must starts with a line having the following format: \u0026#39;\u0026#39;\u0026#39;\u0026lt;-name-\u0026gt;:\u0026lt;-interface-\u0026gt;\u0026#39;\u0026#39;\u0026#39;\u003cbr\u003e\nEach following lines must start by at least one space. Those lines have more or less the same format as for hostname.if.\u003cbr\u003e\nYou have to create a block with the name \u0026quot;open\u0026quot;. This will be used to establish a connection to the Open Wifi around you (in restaurant for example)\u003cbr\u003e\nThe order of those elements is important. In case you use the -restart option, nmctl will try each of those network configs one after one until it can ping \u003ca href=\"http://www.google.com\" rel=\"nofollow\"\u003ewww.google.com\u003c/a\u003e. (if you wan to ping something else, you can change it in the python script if you want).\u003cbr\u003e\nYou can use external commands. Just preced them with the \u0026quot;!\u0026quot;.\u003cbr\u003e\nYou have macors. Macros allow you to perform some actions. The 2 currently implemented are \u0026#39;\u0026#39;\u0026#39;\u0026lt;-nwid-\u0026gt;\u0026#39;\u0026#39;\u0026#39; and \u0026#39;\u0026#39;\u0026#39;\u0026lt;-random mac-\u0026gt;\u0026#39;\u0026#39;\u0026#39;.\u003cbr\u003e\nYou can use keywords. Currently the only one implemented is \u0026quot;dhcp\u0026quot;\u003cbr\u003e\nBasically you can put all commands that nmctl will apply to the interface to which those commands are referring to. So, you will always have \u0026quot;ifconfig \u0026lt;-interface-\u0026gt; \u0026lt;-command you type in the config file-\u0026gt;\u0026quot;. \u003cbr\u003e\nCheck the manpage of ifconfig to see how flexible command is.\u003cbr\u003e\nYou have currently 2 macros:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026lt;-nwid-\u0026gt; which refers to the \u0026quot;nwid \u0026lt;-nwid name-\u0026gt;\u0026quot; when you select an Open Wifi with the -open option of nmctl.\u003c/li\u003e\n\u003cli\u003e\u0026lt;-random mac-\u0026gt; is a macro generating a random mac address. This is useful test a dhcp server for example.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThe keyword \u0026quot;dhcp\u0026quot; will trigger a command like \u0026quot;dhclient \u0026lt;-interface-\u0026gt;\u0026quot;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e1.3. Config file sample.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet me show you one nmctl.conf example. It speaks by itself.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\n\u0026amp;#35; the name open is required for Open wifi. \n\u0026amp;#35; this is the interface that nmctl will take to establish a connection\n\u0026amp;#35; We must put the macro \u0026lt;nwid\u0026gt;. This is where nmctl will put the nwid command\n\u0026amp;#35; and the selected openwifi selected by the parameter --open\n\nopen:iwn0\n !route flush\n \u0026lt;nwid\u0026gt; -wpa\n dhcp\n\ncable:em0\n !route flush\n dhcp\n\nlgg4:iwn0\n !route flush\n nwid LGG4s_8114 wpakey aanotherpassword\n dhcp\n\nhome:iwn0\n !route flush\n nwid Linksys19594 wpakey apassword\n dhcp\n\ncollege:iwn0\n !route flush\n nwid john wpakey haahaaaguessme\n dhcp\n\ncable_fixip:em0\n !route flush\n inet 192.168.3.3 netmask 255.255.255.0\n !route add -host default 192.168.3.1\n\n\u0026amp;#35; with this network interface I\u0026#39;m using the macro \u0026lt;random mac\u0026gt; \n\u0026amp;#35; which will do what you guess it will do :-)\ncable_random:em0\n !route flush\n lladdr \u0026lt;random mac\u0026gt;\n dhcp\n\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this config we have several cable\u0026#39;s networks associated with my interface \u0026quot;em0\u0026quot; and several wifi networks associated with my wireless interface \u0026quot;iwn0\u0026quot;.\u003cbr\u003e\nYou see that you can switch from dhcp, to fixed IP and even you can play with the random mac address macro.\u003cbr\u003e\nThanks to the network called \u0026quot;open\u0026quot;, you can connect to any open wifi system. To do that, just type \u0026#39;\u0026#39;\u0026#39; nmctl --open \u0026lt;-name of the open wifi-\u0026gt;\u0026#39;\u0026#39;\u0026#39;\u003cbr\u003e\nSo, now, with just one command you can switch from one network configuration to an another one. \u003cbr\u003e\nThat\u0026#39;s become cool :-).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e2. Integration with openbox\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThanks to the dynamic menu feature of oenbox[sic], you can have your different pre-defined networks under one click of your mouse.\u003cbr\u003e\nFor that, you just have to add, at the most appropriate place for you, the following code in your ./config/openbox/menu.xml\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026lt;menu id=\u0026quot;network-menu\u0026quot; label=\u0026quot;Network\u0026quot;\u0026gt;\n  \u0026lt;menu id=\u0026quot;wifi-list\u0026quot; label=\u0026quot;Wifi configured\u0026quot;  execute=\u0026quot;doas /usr/local/bin/nmctl --list\u0026quot; /\u0026gt;\n  \u0026lt;menu id=\u0026quot;wifi-scan\u0026quot; label=\u0026quot;Wifi scan\u0026quot;  execute=\u0026quot;doas /usr/local/bin/nmctl --scan\u0026quot; /\u0026gt;\n  \u0026lt;separator /\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this case, you see the different networks as defined in the config file just above.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e3. Automatically identify your available connection and connect to it in one go\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut the most interesting part, is coming from a loop through all of your defined networks. \u003cbr\u003e\nThis loop is reachable via the -restart option.\u003cbr\u003e\nBasically the idea is to loop from the first network config to the last and test a ping for each of them. Once the ping works, we break the loop and keep this setting.\u003cbr\u003e\nThus where ever you are, you just have to initiate a nmctl -restart and you will be connected to the network you have defined for this place. There is one small exception, the open-wifis. We do not include them in this loop exercise.\u003cbr\u003e\nThus the way you define your config file is important. \u003cbr\u003e\nSince the network called \u0026quot;open\u0026quot; is dedicated to \u0026quot;open wifi\u0026quot;, it will not be part of this scan exercise. I propose you keep it at the first place.\u003cbr\u003e\nThen, in my case, if my mobile, called lgg4, is open and visible by my laptop, I will connect it immediately. \u003cbr\u003e\nSecond, I check if my \u0026quot;home wifi\u0026quot; is visible. \u003cbr\u003e\nThird, if I have a cable connected on my laptop, I\u0026#39;m using this connection and do a dhcp command. \u003cbr\u003e\nThen, I check to see if my laptop is not viewing the \u0026quot;college\u0026quot; wifi. \u003cbr\u003e\n? and so on until a ping command works.\u003cbr\u003e\nIf you do not have a cable in your laptop and if none of your pre-defined wifi connections are visible, the scan will stop.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e3.1 examples\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNo cable connected, no pre-defined wifi around me:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003et420:~$ time doas nmctl -r \nnwids around you:  bbox2-d954\n    0m02.97s real     0m00.08s user     0m00.11s system\nt420:~$ \nt420:~$\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;m at home and my wifi router is running:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003et420:~$ time doas nmctl -r \nnwids around you:  Linksys19594 bbox2-d954\nifconfig em0 down: 0\ndefault              fw                   done\nfw                   00:22:4d:ac:30:fd    done\nnas                  link#2               done\nroute flush: 0\nifconfig iwn0 nwid Linksys19594  ...: 0\niwn0: no link ........... sleeping\ndhclient iwn0: 0\nDone.\nPING www.google.com (216.58.212.164): 56 data bytes\n64 bytes from 216.58.212.164: icmp_seq=0 ttl=52 time=12.758 ms\n\n--- www.google.com ping statistics ---\n1 packets transmitted, 1 packets received, 0.0% packet loss\nround-trip min/avg/max/std-dev = 12.758/12.758/12.758/0.000 ms\nping -c1 -w2 www.google.com: 0\n    0m22.49s real     0m00.08s user     0m00.11s system\nt420:~$\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;m at home but tethering is active on my mobile:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003et420:~$ \nt420:~$ time doas nmctl -r \nnwids around you:  Linksys19594 bbox2-d954 LGG4s_8114\nifconfig em0 down: 0\ndefault              fw                   done\nfw                   00:22:4d:ac:30:fd    done\nnas                  link#2               done\nroute flush: 0\nifconfig iwn0 nwid LGG4s_8114  ...: 0\niwn0: DHCPDISCOVER - interval 1\niwn0: DHCPDISCOVER - interval 2\niwn0: DHCPOFFER from 192.168.43.1 (a0:91:69:be:10:49)\niwn0: DHCPREQUEST to 255.255.255.255\niwn0: DHCPACK from 192.168.43.1 (a0:91:69:be:10:49)\niwn0: bound to 192.168.43.214 -- renewal in 1800 seconds\ndhclient iwn0: 0\nDone.\nping: Warning: www.google.com has multiple addresses; using 173.194.69.99\nPING www.google.com (173.194.69.99): 56 data bytes\n64 bytes from 173.194.69.99: icmp_seq=0 ttl=43 time=42.863 ms\n\n--- www.google.com ping statistics ---\n1 packets transmitted, 1 packets received, 0.0% packet loss\nround-trip min/avg/max/std-dev = 42.863/42.863/42.863/0.000 ms\nping -c1 -w2 www.google.com: 0\n    0m13.78s real     0m00.08s user     0m00.13s system\nt420:~$\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSame situation, but I cut the tethering just after the scan. Thus the dhcp command will not succeed. \u003cbr\u003e\nWe see that, after timeouts, nmctl see that the ping is failing (return code 1), thus he pass to the next possible pre-defined network.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003et420:~$ time doas nmctl -r \nnwids around you:  Linksys19594 bbox2-d954 LGG4s_8114\nifconfig em0 down: 0\ndefault              192.168.43.1         done\n192.168.43.1         a0:91:69:be:10:49    done\nroute flush: 0\nifconfig iwn0 nwid LGG4s_8114  ...: 0\niwn0: no link ........... sleeping\ndhclient iwn0: 0\nDone.\nping: no address associated with name\nping -c1 -w2 www.google.com: 1\nifconfig em0 down: 0\n192.168.43.1         link#2               done\nroute flush: 0\nifconfig iwn0 nwid Linksys19594  ...: 0\niwn0: DHCPREQUEST to 255.255.255.255\niwn0: DHCPACK from 192.168.3.1 (00:22:4d:ac:30:fd)\niwn0: bound to 192.168.3.16 -- renewal in 302400 seconds\ndhclient iwn0: 0\nDone.\nPING www.google.com (216.58.212.164): 56 data bytes\n64 bytes from 216.58.212.164: icmp_seq=0 ttl=52 time=12.654 ms\n\n--- www.google.com ping statistics ---\n1 packets transmitted, 1 packets received, 0.0% packet loss\nround-trip min/avg/max/std-dev = 12.654/12.654/12.654/0.000 ms\nping -c1 -w2 www.google.com: 0\n    3m34.85s real     0m00.17s user     0m00.20s system\nt420:~$\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.c0ffee.net/blog/openvpn-guide\" rel=\"nofollow\"\u003eOpenVPN Setup Guide for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenVPN Setup Guide\n\n\u003cul\u003e\n\u003cli\u003eBrowse securely from anywhere using a personal VPN with OpenVPN, LDAP, FreeBSD, and PF.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA VPN allows you to securely extend a private network over the internet via tunneling protocols and traffic encryption. For most people, a VPN offers two primary features: (1) the ability to access services on your local network over the internet, and (2) secure internet connectivity over an untrusted network. In this guide, I\u0026#39;ll describe how to set up a personal VPN using OpenVPN on FreeBSD. The configuration can use both SSL certificates and LDAP credentials for authentication. We\u0026#39;ll also be using the PF firewall to NAT traffic from our VPN out to the internet.\u003cbr\u003e\nOne important note about running your own VPN: since you are most likely hosting your server using a VPS or hosting provider, with a public IP address allocated specifically to you, your VPN will not give you any extra anonymity on the internet. If anything, you\u0026#39;ll be making yourself more of a target, since all your activity can be trivially traced back to your server\u0026#39;s IP address. So while your VPN will protect you from a snooping hacker on the free WiFi at Starbucks, it won\u0026#39;t protect you from a federal investigation.\u003cbr\u003e\nThis guide assumes you are running FreeBSD with the PF firewall. If you\u0026#39;re using a different Unix flavor, I\u0026#39;ll probably get you most of the way there—but you\u0026#39;ll be on your own when configuring your firewall and networking.\u003cbr\u003e\nFinally, I\u0026#39;ve used example.com and a non-routable public IP address for all the examples in this guide. You\u0026#39;ll need to replace them with your own domain name and public IP address.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/channel/UCuQhwHMJ0yK2zlfyRr1XZ_Q/feed\" rel=\"nofollow\"\u003eBSDCan 2017 videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/papers/eurobsdcon2017-device-drivers.pdf\" rel=\"nofollow\"\u003eGetting started with OpenBSD device driver development PDF\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://macfoo.wordpress.com/2017/10/27/aws-cloudwatch-logs-agent-for-freebsd/\" rel=\"nofollow\"\u003eAWS CloudWatch Logs agent for FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/november-2017-development-projects-update/\" rel=\"nofollow\"\u003eFreeBSD Foundation November 2017 Development Projects Update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://fosdem.org/2018/schedule/track/bsd/\" rel=\"nofollow\"\u003eSchedule for the BSD Devroom at FOSDEM 2018\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMatt - \u003ca href=\"http://dpaste.com/35VNXR5#wrap\" rel=\"nofollow\"\u003eThe show and Cantrill\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaulo - \u003ca href=\"http://dpaste.com/17E9Z2W#wrap\" rel=\"nofollow\"\u003eFreeBSD Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSteven - \u003ca href=\"http://dpaste.com/1N6F0TC#wrap\" rel=\"nofollow\"\u003eVirtualization under FreeBSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Picking a compiler for debuggability, how to port Rust apps to FreeBSD, what the point of Docker is on FreeBSD/Solaris, another EuroBSDcon recap, and network manager control in OpenBSD","date_published":"2017-12-06T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d183f10c-66be-49a7-b233-18c3a30ecdb4.mp3","mime_type":"audio/mpeg","size_in_bytes":80350996,"duration_in_seconds":6695}]},{"id":"b3352064-ac33-44ac-98e5-88f7acdd5d0b","title":"222: How Netflix works","url":"https://www.bsdnow.tv/222","content_text":"We take a look at two-faced Oracle, cover a FAMP installation, how Netflix works the complex stuff, and show you who the patron of yak shaving is.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nWhy is Oracle so two-faced over open source?\n\n\nOracle loves open source. \n\n\n\nExcept when the database giant hates open source. Which, according to its recent lobbying of the US federal government, seems to be \"most of the time\". Yes, Oracle has recently joined the Cloud Native Computing Foundation (CNCF) to up its support for open-source Kubernetes and, yes, it has long supported (and contributed to) Linux. And, yes, Oracle has even gone so far as to (finally) open up Java development by putting it under a foundation's stewardship. Yet this same, seemingly open Oracle has actively hammered the US government to consider that \"there is no math that can justify open source from a cost perspective as the cost of support plus the opportunity cost of forgoing features, functions, automation and security overwhelm any presumed cost savings.\" That punch to the face was delivered in a letter to Christopher Liddell, a former Microsoft CFO and now director of Trump's American Technology Council, by Kenneth Glueck, Oracle senior vice president.\nThe US government had courted input on its IT modernisation programme. Others writing back to Liddell included AT\u0026amp;T, Cisco, Microsoft and VMware.\nIn other words, based on its letter, what Oracle wants us to believe is that open source leads to greater costs and poorly secured, limply featured software. Nor is Oracle content to leave it there, also arguing that open source is exactly how the private sector does not function, seemingly forgetting that most of the leading infrastructure, big data, and mobile software today is open source.\nDetails! Rather than take this counterproductive detour into self-serving silliness, Oracle would do better to follow Microsoft's path. Microsoft, too, used to Janus-face its way through open source, simultaneously supporting and bashing it. Only under chief executive Satya Nadella's reign did Microsoft realise it's OK to fully embrace open source, and its financial results have loved the commitment. Oracle has much to learn, and emulate, in Microsoft's approach.\n\n\n\nI love you, you're perfect. \n\n\n\nNow change Oracle has never been particularly warm and fuzzy about open source. As founder Larry Ellison might put it, Oracle is a profit-seeking corporation, not a peace-loving charity. To the extent that Oracle embraces open source, therefore it does so for financial reward, just like every other corporation. Few, however, are as blunt as Oracle about this fact of corporate open-source life. As Ellison told the Financial Times back in 2006: \"If an open-source product gets good enough, we'll simply take it. So the great thing about open source is nobody owns it – a company like Oracle is free to take it for nothing, include it in our products and charge for support, and that's what we'll do. \"So it is not disruptive at all – you have to find places to add value. Once open source gets good enough, competing with it would be insane... We don't have to fight open source, we have to exploit open source.\" \"Exploit\" sounds about right. While Oracle doesn't crack the top-10 corporate contributors to the Linux kernel, it does register a respectable number 12, which helps it influence the platform enough to feel comfortable building its IaaS offering on Linux (and Xen for virtualisation). Oracle has also managed to continue growing MySQL's clout in the industry while improving it as a product and business. As for Kubernetes, Oracle's decision to join the CNCF also came with P\u0026amp;L strings attached. \"CNCF technologies such as Kubernetes, Prometheus, gRPC and OpenTracing are critical parts of both our own and our customers' development toolchains,\" said Mark Cavage, vice president of software development at Oracle. One can argue that Oracle has figured out the exploitation angle reasonably well. This, however, refers to the right kind of exploitation, the kind that even free software activist Richard Stallman can love (or, at least, tolerate). But when it comes to government lobbying, Oracle looks a lot more like Mr Hyde than Dr Jekyll.\n\n\n\nLies, damned lies, and Oracle lobbying\n\n\n\nThe current US president has many problems (OK, many, many problems), but his decision to follow the Obama administration's support for IT modernisation is commendable. Most recently, the Trump White House asked for feedback on how best to continue improving government IT. Oracle's response is high comedy in many respects. As TechDirt's Mike Masnick summarises, Oracle's \"latest crusade is against open-source technology being used by the federal government – and against the government hiring people out of Silicon Valley to help create more modern systems. Instead, Oracle would apparently prefer the government just give it lots of money.\" Oracle is very good at making lots of money. As such, its request for even more isn't too surprising. What is surprising is the brazenness of its position. As Masnick opines: \"The sheer contempt found in Oracle's submission on IT modernization is pretty stunning.\" Why? Because Oracle contradicts much that it publicly states in other forums about open source and innovation. More than this, Oracle contradicts much of what we now know is essential to competitive differentiation in an increasingly software and data-driven world.\nTake, for example, Oracle's contention that \"significant IT development expertise is not... central to successful modernization efforts\". What? In our \"software is eating the world\" existence Oracle clearly believes that CIOs are buyers, not doers: \"The most important skill set of CIOs today is to critically compete and evaluate commercial alternatives to capture the benefits of innovation conducted at scale, and then to manage the implementation of those technologies efficiently.\" While there is some truth to Oracle's claim – every project shouldn't be a custom one-off that must be supported forever – it's crazy to think that a CIO – government or otherwise – is doing their job effectively by simply shovelling cash into vendors' bank accounts.\nIndeed, as Masnick points out: \"If it weren't for Oracle's failures, there might not even be a USDS [the US Digital Service created in 2014 to modernise federal IT]. USDS really grew out of the emergency hiring of some top-notch internet engineers in response to the Healthcare.gov rollout debacle. And if you don't recall, a big part of that debacle was blamed on Oracle's technology.\" In short, blindly giving money to Oracle and other big vendors is the opposite of IT modernisation.\nIn its letter to Liddell, Oracle proceeded to make the fantastic (by which I mean \"silly and false\") claim that \"the fact is that the use of open-source software has been declining rapidly in the private sector\". What?!? This is so incredibly untrue that Oracle should score points for being willing to say it out loud. Take a stroll through the most prominent software in big data (Hadoop, Spark, Kafka, etc.), mobile (Android), application development (Kubernetes, Docker), machine learning/AI (TensorFlow, MxNet), and compare it to Oracle's statement. One conclusion must be that Oracle believes its CIO audience is incredibly stupid. Oracle then tells a half-truth by declaring: \"There is no math that can justify open source from a cost perspective.\" How so? Because \"the cost of support plus the opportunity cost of forgoing features, functions, automation and security overwhelm any presumed cost savings.\" Which I guess is why Oracle doesn't use any open source like Linux, Kubernetes, etc. in its services.\nOops.\n\n\n\nThe Vendor Formerly Known As Satan\n\n\n\nThe thing is, Oracle doesn't need to do this and, for its own good, shouldn't do this. After all, we already know how this plays out. We need only look at what happened with Microsoft. Remember when Microsoft wanted us to \"get the facts\" about Linux? Now it's a big-time contributor to Linux. Remember when it told us open source was anti-American and a cancer? Now it aggressively contributes to a huge variety of open-source projects, some of them homegrown in Redmond, and tells the world that \"Microsoft loves open source.\" Of course, Microsoft loves open source for the same reason any corporation does: it drives revenue as developers look to build applications filled with open-source components on Azure. There's nothing wrong with that. \nWould Microsoft prefer government IT to purchase SQL Server instead of open-source-licensed PostgreSQL? Sure. But look for a single line in its response to the Trump executive order that signals \"open source is bad\". You won't find it. Why? Because Microsoft understands that open source is a friend, not foe, and has learned how to monetise it. Microsoft, in short, is no longer conflicted about open source. It can compete at the product level while embracing open source at the project level, which helps fuel its overall product and business strategy. Oracle isn't there yet, and is still stuck where Microsoft was a decade ago.\nIt's time to grow up, Oracle. For a company that builds great software and understands that it increasingly needs to depend on open source to build that software, it's disingenuous at best to lobby the US government to put the freeze on open source. Oracle needs to learn from Microsoft, stop worrying and love the open-source bomb. It was a key ingredient in Microsoft's resurgence. Maybe it could help Oracle get a cloud clue, too.  \n\n\n\n\nInstall FAMP on FreeBSD\n\n\nThe acronym FAMP refers to a set of free open source applications which are commonly used in Web server environments called Apache, MySQL and PHP on the FreeBSD operating system, which provides a server stack that provides web services, database and PHP.\nPrerequisites\n\n\nsudo Installed and working - Please read\nApache\nPHP5 or PHP7 \nMySQL or MariaDB\nInstall your favorite editor, ours is vi\n\n\n\n\nNote: You don't need to upgrade FreeBSD but make sure all patches have been installed and your port tree is up-2-date if you plan to update by ports.\n\n\n\nInstall Ports\n\n\n\nportsnap fetch\nYou must use sudo for each indivdual command during installations. Please see link above for installing sudo.\nSearching Available Apache Versions to Install\npkg search apache\n\n\n\nInstall Apache\n\n\n\nTo install Apache 2.4 using pkg. The apache 2.4 user account managing Apache is www in FreeBSD.\npkg install apache24\nConfirmation yes prompt and hit y for yes to install Apache 2.4 This installs Apache and its dependencies. \nEnable Apache use sysrc to update services to be started at boot time, Command below adds \"apache24_enable=\"YES\" to the /etc/rc.conf file. For sysrc commands please read\nsysrc apache24_enable=yes\nStart Apache\nservice apache24 start\nVisit web address by accessing your server's public IP address in your web browser \n\n\n\nHow To find Your Server's Public IP Address\n\n\n\nIf you do not know what your server's public IP address is, there are a number of ways that you can find it. Usually, this is the address you use to connect to your server through SSH.\nifconfig vtnet0 | grep \"inet \" | awk '{ print $2 }'\nNow that you have the public IP address, you may use it in your web browser's address bar to access your web server.\n\n\n\nInstall MySQL\n\n\n\nNow that we have our web server up and running, it is time to install MySQL, the relational database management system. The MySQL server will organize and provide access to databases where our server can store information. Install MySQL 5.7 using pkg by typing\npkg install mysql57-server\nEnter y at the confirmation prompt. This installs the MySQL server and client packages.\nTo enable MySQL server as a service, add mysql_enable=\"YES\" to the /etc/rc.conf file. This sysrc command will do just that\nsysrc mysql_enable=yes\nNow start the MySQL server\nservice mysql-server start\nNow run the security script that will remove some dangerous defaults and slightly restrict access to your database system.\n\nAnswer all questions to secure your newly installed MySQL database. Enter current password for root (enter for none): [RETURN]\nYour database system is now set up and we can move on.\n\n\n\n\nInstall PHP5 or PHP70\n\n\n\npkg search php70\nInstall PHP70 you would do the following by typing\npkg install php70-mysqli mod_php70\n\n\n\nNote: In these instructions we are using php5.7 not php7.0. We will be coming out with php7.0 instructions with FPM.\n\n\n\nPHP is the component of our setup that will process code to display dynamic content. It can run scripts, connect to MySQL databases to get information, and hand the processed content over to the web server to display. We're going to install the mod_php, php-mysql, and php-mysqli packages. To install PHP 5.7 with pkg, run this command\npkg install mod_php56 php56-mysql php56-mysqli\nCopy sample PHP configuration file into place.\ncp /usr/local/etc/php.ini-production /usr/local/etc/php.ini\nRegenerate the system's cached information about your installed executable files\n\nBefore using PHP, you must configure it to work with Apache.\n\n\n\n\nInstall PHP Modules (Optional)\n\n\n\nTo enhance the functionality of PHP, we can optionally install some additional modules. To see the available options for PHP 5.6 modules and libraries, you can type this into your system\npkg search php56\nGet more information about each module you can look at the long description of the package by typing\npkg search -f apache24\n\n\n\nOptional Install Example\n\n\n\npkg install php56-calendar\nConfigure Apache to Use PHP Module\nOpen the Apache configuration file\nvim /usr/local/etc/apache24/Includes/php.conf\n\n\u0026lt;IfModule dir_module\u0026gt;\n    DirectoryIndex index.php index.html\nNext, we will configure Apache to process requested PHP files with the PHP processor. Add these lines to the end of the file:\n    \u0026lt;FilesMatch \"\\.php$\"\u0026gt;\n        SetHandler application/x-httpd-php\n    \u0026lt;/FilesMatch\u0026gt;\n    \u0026lt;FilesMatch \"\\.phps$\"\u0026gt;\n        SetHandler application/x-httpd-php-source\n    \u0026lt;/FilesMatch\u0026gt;\n\u0026lt;/IfModule\u0026gt; \n\n\nNow restart Apache to put the changes into effect\nservice apache24 restart\n\n\n\nTest PHP Processing\n\n\n\nBy default, the DocumentRoot is set to /usr/local/www/apache24/data. We can create the info.php file under that location by typing\nvim /usr/local/www/apache24/data/info.php\nAdd following line to info.php and save it.\n\n\u0026lt;?php phpinfo(); ?\u0026gt; \n\n\n\n\nDetails on info.php\n\n\n\ninfo.php file gives you information about your server from the perspective of PHP. It' useful for debugging and to ensure that your settings are being applied correctly.\nIf this was successful, then your PHP is working as expected.\nYou probably want to remove info.php after testing because it could actually give information about your server to unauthorized users. Remove file by typing\nrm /usr/local/www/apache24/data/info.php\nNote: Make sure Apache / meaning the root of Apache is owned by user which should have been created during the Apache install is the owner of the /usr/local/www structure.\nThat explains FAMP on FreeBSD.\n\n\n\n\nIXsystems\n\n\nIXsystems TrueNAS X10 Torture Test \u0026amp; Fail Over Systems In Action with the ZFS File System\n\n\nHow Netflix works: what happens every time you hit Play\n\n\nNot long ago, House of Cards came back for the fifth season, finally ending a long wait for binge watchers across the world who are interested in an American politician’s ruthless ascendance to presidency. For them, kicking off a marathon is as simple as reaching out for your device or remote, opening the Netflix app and hitting Play. Simple, fast and instantly gratifying. What isn’t as simple is what goes into running Netflix, a service that streams around 250 million hours of video per day to around 98 million paying subscribers in 190 countries. At this scale, providing quality entertainment in a matter of a few seconds to every user is no joke. And as much as it means building top-notch infrastructure at a scale no other Internet service has done before, it also means that a lot of participants in the experience have to be negotiated with and kept satiated?—?from production companies supplying the content, to internet providers dealing with the network traffic Netflix brings upon them.\nThis is, in short and in the most layman terms, how Netflix works.\nLet us just try to understand how Netflix is structured on the technological side with a simple example.\nNetflix literally ushered in a revolution around ten years ago by rewriting the applications that run the entire service to fit into a microservices architecture?—?which means that each application, or microservice’s code and resources are its very own. It will not share any of it with any other app by nature. And when two applications do need to talk to each other, they use an application programming interface (API)?—?a tightly-controlled set of rules that both programs can handle. Developers can now make many changes, small or huge, to each application as long as they ensure that it plays well with the API. And since the one program knows the other’s API properly, no change will break the exchange of information.\nNetflix estimates that it uses around 700 microservices to control each of the many parts of what makes up the entire Netflix service: one microservice stores what all shows you watched, one deducts the monthly fee from your credit card, one provides your device with the correct video files that it can play, one takes a look at your watching history and uses algorithms to guess a list of movies that you will like, and one will provide the names and images of these movies to be shown in a list on the main menu. And that’s the tip of the iceberg. Netflix engineers can make changes to any part of the application and can introduce new changes rapidly while ensuring that nothing else in the entire service breaks down.\nThey made a courageous decision to get rid of maintaining their own servers and move all of their stuff to the cloud?—?i.e. run everything on the servers of someone else who dealt with maintaining the hardware while Netflix engineers wrote hundreds of programs and deployed it on the servers rapidly. The someone else they chose for their cloud-based infrastructure is Amazon Web Services (AWS).\nNetflix works on thousands of devices, and each of them play a different format of video and sound files. Another set of AWS servers take this original film file, and convert it into hundreds of files, each meant to play the entire show or film on a particular type of device and a particular screen size or video quality. One file will work exclusively on the iPad, one on a full HD Android phone, one on a Sony TV that can play 4K video and Dolby sound, one on a Windows computer, and so on. Even more of these files can be made with varying video qualities so that they are easier to load on a poor network connection. This is a process known as transcoding. A special piece of code is also added to these files to lock them with what is called digital rights management or DRM?—?a technological measure which prevents piracy of films.\nThe Netflix app or website determines what particular device you are using to watch, and fetches the exact file for that show meant to specially play on your particular device, with a particular video quality based on how fast your internet is at that moment.\nHere, instead of relying on AWS servers, they install their very own around the world. But it has only one purpose?—?to store content smartly and deliver it to users. Netflix strikes deals with internet service providers and provides them the red box you saw above at no cost. ISPs install these along with their servers. These Open Connect boxes download the Netflix library for their region from the main servers in the US?—?if there are multiple of them, each will rather store content that is more popular with Netflix users in a region to prioritise speed. So a rarely watched film might take time to load more than a Stranger Things episode. Now, when you will connect to Netflix, the closest Open Connect box to you will deliver the content you need, thus videos load faster than if your Netflix app tried to load it from the main servers in the US.\n\n\n\nIn a nutshell… This is what happens when you hit that Play button:\n\n\nHundreds of microservices, or tiny independent programs, work together to make one large Netflix service.\nContent legally acquired or licensed is converted into a size that fits your screen, and protected from being copied.\nServers across the world make a copy of it and store it so that the closest one to you delivers it at max quality and speed.\nWhen you select a show, your Netflix app cherry picks which of these servers will it load the video from\u0026gt;\nYou are now gripped by Frank Underwood’s chilling tactics, given depression by BoJack Horseman’s rollercoaster life, tickled by Dev in Master of None and made phobic to the future of technology by the stories in Black Mirror. And your lifespan decreases as your binge watching turns you into a couch potato.\n\n\n\n\nIt looked so simple before, right?\n\n\n\n\nNews Roundup\n\nMoving FreshPorts\n\n\nToday I moved the FreshPorts website from one server to another. My goal is for nobody to notice.\n\n\n\nIn preparation for this move, I have:\n\n\nDNS TTL reduced to 60s\nPosted to Twitter\nUpdated the status page\nPut the website put in offline mode:\n\nWhat was missed\n\n\n\nI turned off commit processing on the new server, but I did not do this on the old server. I should have:\n\nsudo svc -d /var/service/freshports\n\n\nThat stops processing of incoming commits. No data is lost, but it keeps the two databases at the same spot in history. Commit processing could continue during the database dumping, but that does not affect the dump, which will be consistent regardless.\n\n\n\nThe offline code\n\n\n\nHere is the basic stuff I used to put the website into offline mode. The main points are:\n\n\n\nheader(“HTTP/1.1 503 Service Unavailable”);\nErrorDocument 404 /index.php\n\n\n\nI move the DocumentRoot to a new directory, containing only index.php. Every error invokes index.php, which returns a 503 code.\n\n\n\nThe dump\n\n\n\nThe database dump just started (Sun Nov 5 17:07:22 UTC 2017).\n\nroot@pg96:~ # /usr/bin/time pg_dump -h 206.127.23.226 -Fc -U dan freshports.org \u0026gt; freshports.org.9.6.dump\n\n\nThat should take about 30 minutes. I have set a timer to remind me. Total time was:\n\n1464.82 real      1324.96 user        37.22 sys\n\n\nThe MD5 is:\nMD5 (freshports.org.9.6.dump) = 5249b45a93332b8344c9ce01245a05d5\nIt is now: Sun Nov 5 17:34:07 UTC 2017\n\n\n\n The rsync\n\n\n\nThe rsync should take about 10-20 minutes. I have already done an rsync of yesterday’s dump file. The rsync today should copy over only the deltas (i.e. differences).  The rsync started at about Sun Nov 5 17:36:05 UTC 2017 That took 2m9.091s The MD5 matches.\n\n\n\nThe restore\n\n\n\nThe restore should take about 30 minutes. I ran this test yesterday. It is now Sun Nov 5 17:40:03 UTC 2017.\n\n```$ createdb -T template0 -E SQL_ASCII freshports.testing\n$ time pg_restore -j 16 -d freshports.testing freshports.org.9.6.dump\n\nDone.\n\n```real    25m21.108s\nuser    1m57.508s\nsys     0m15.172s\n\n\nIt is now Sun Nov 5 18:06:22 UTC 2017.\n\n\n\nInsert break here\n\n\n\nAbout here, I took a 30 minute break to run an errand. It was worth it.\n\n\n\nChanging DNS\n\n\n\nI’m ready to change DNS now. It is Sun Nov 5 19:49:20 EST 2017 Done. And nearly immediately, traffic started.\n\n\n\nHow many misses?\n\n\n\nDuring this process, XXXXX requests were declined:\n\n$ grep -c '\" 503 ' /usr/websites/log/freshports.org-access.log\nXXXXX\n\n\n\n\nThat’s it, we’re done\n\n\n\nTotal elapsed time: 1 hour 48 minutes. There are still a number of things to follow up on, but that was the transfers.\n\n\n\nThe new FreshPorts Server\n***\n\n\nUsing bhyve on top of CEPH\n\n\nHi,\nJust an info point.\nI'm preparing for a lecture tomorrow, and thought why not do an actual demo.... Like to be friends with Murphy :)\nSo after I started the cluster:\n5 jails with 7 OSDs\nThis what I manually needed to do to boot a memory stick\nStart een Bhyve instance\n\n\n\nrbd --dest-pool rbd_data --no-progress import memstick.img memstick\nrbd-ggate map rbd_data/memstick\n\n\n\nggate-devvice is available on /dev/ggate1\n\n\n\nkldload vmm\nkldload nmdm\nkldload if_tap\nkldload if_bridge\nkldload cpuctl\nsysctl net.link.tap.up_on_open=1\nifconfig bridge0 create\nifconfig bridge0 addm em0 up\nifconfig\nifconfig tap11 create\nifconfig bridge0 addm tap11\nifconfig tap11 up\n\n\n\nload the GGate disk in bhyve\n\n\n\nbhyveload -c /dev/nmdm11A -m 2G -d /dev/ggate1 FB11\n\n\n\nand boot a single from it.\n\n\n\nbhyve -H -P -A -c 1 -m 2G -l com1,/dev/nmdm11A -s 0:0,hostbridge -s \n1:0,lpc -s 2:0,virtio-net,tap11 -s 4,ahci-hd,/dev/ggate1 FB11 \u0026amp;\nbhyvectl --vm=FB11 --get-stats\n\n\n\nConnect to the VM\n\n\n\ncu -l /dev/nmdm11B\n\n\n\nAnd that'll give you a bhyve VM running on an RBD image over ggate.\nIn the installer I tested reading from the bootdisk:\n\n\n\nroot@:/ # dd if=/dev/ada0 of=/dev/null bs=32M\n21+1 records in\n21+1 records out\n734077952 bytes transferred in 5.306260 secs (138341865 bytes/sec)\n\n\n\nwhich is a nice 138Mb/sec.\nHope the demonstration does work out tomorrow.\n--WjW\n***\n\n\nDonald Knuth - The Patron Saint of Yak Shaves\n\n\nExcerpts:\n\n\n\nIn 2015, I gave a talk in which I called Donald Knuth the Patron Saint of Yak Shaves. The reason is that Donald Knuth achieved the most perfect and long-running yak shave: TeX. I figured this is worth repeating.\n\n\n\nHow to achieve the ultimate Yak Shave\n\n\n\nThe ultimate yak shave is the combination of improbable circumstance, the privilege to be able to shave at your hearts will and the will to follow things through to the end. Here’s the way it was achieved with TeX. The recount is purely mine, inaccurate and obviously there for fun. I’ll avoid the most boring facts that everyone always tells, such as why Knuth’s checks have their own Wikipedia page.\n\n\n\nCommunity Shaving is Best Shaving\n\n\n\nSince the release of TeX, the community has been busy working on using it as a platform. If you ever downloaded the full TeX distribution, please bear in mind that you are downloading the amassed work of over 40 years, to make sure that each and every TeX document ever written builds. We’re talking about documents here.\nBut mostly, two big projects sprung out of that. The first is LaTeX by Leslie Lamport. Lamport is a very productive researcher, famous for research in formal methods through TLA+ and also known laying groundwork for many distributed algorithms. LaTeX is based on the idea of separating presentation and content. It is based around the idea of document classes, which then describe the way a certain document is laid out. Think Markdown, just much more complex. The second is ConTeXt, which is far more focused on fine grained layout control.\n\n\n\nThe Moral of the Story\n\n\n\nWhenever you feel like “can’t we just replace this whole thing, it can’t be so hard” when handling TeX, don’t forget how many years of work and especially knowledge were poured into that system. Typesetting isn’t the most popular knowledge around programmers. Especially see it in the context of the space it is in: they can’t remove legacy. Ever. That would break documents.\nTeX is also not a programming language. It might resemble one, but mostly, it should be approached as a typesetting system first. A lot of it's confusing lingo gets much better then. It’s not programming lingo. By approaching TeX with an understanding for its history, a lot of things can be learned from it. And yes, a replacement would be great, but it would take ages.\nIn any case, I hope I thoroughly convinced you why Donald Knuth is the Patron Saint of Yak Shaves.\n\n\n\nExtra Credits\n\n\n\nThis comes out of a enjoyable discussion with [Arne from Lambda Island](https://lambdaisland.com/https://lambdaisland.com/, who listened and said “you should totally turn this into a talk”.\n\n\n\n\nVincent’s trip to EuroBSDCon 2017\n\n\nMy euroBSDCon 2017\nPosted on 2017-10-16 09:43:00 from Vincent in Open Bsd\n\n\n\nLet me just share my feedback on those 2 days spent in Paris for the EuroBSDCon. My 1st BSDCon. I'm not a developer, contributor, ... Do not expect to improve your skills with OpenBSD with this text :-) I know, we are on October 16th, and the EuroBSDCon of Paris was 3 weeks ago :( I'm not quick !!! Sorry for that\nArrival at 10h, I'm too late for the start of the key note.  The few persons behind a desk welcome me by talking in Dutch, mainly because of my name. Indeed, Delft is a city in Netherlands, but also a well known university. I inform them that I'm from Belgium, and the discussion moves to the fact the Fosdem is located in Brussels. I receive my nice T-shirt white and blue, a bit like the marine T-shirts, but with the nice EuroBSDCon logo. I'm asking where are the different rooms reserved for the BSD event. We have 1 big on the 1st floor, 1 medium 1 level below, and 2 smalls 1 level above. All are really easy to access.  In this entrance we have 4 or 5 tables with some persons representing their company. Those are mainly the big sponsors of the event providing details about their activity and business. I discuss a little bit with StormShield and Gandi.  On other tables people are selling BSD t-shirts, and they will quickly be sold.\n\n\n\n\"Is it done yet ?\" The never ending story of pkg tools\n\n\n\nIn the last Fosdem, I've already hear Antoine and Baptiste presenting the OpenBSD and FreeBSD battle, I decide to listen Marc Espie in the medium room called Karnak. Marc explains that he has rewritten completely the pkg_add command. He explains that, at contrario with other elements of OpenBSD, the packages tools must be backward compatible and stable on a longer period than 12 months (the support period for OpenBSD).  On the funny side, he explains that he has his best idea inside his bath. Hackathons are also used to validate some ideas with other OpenBSD developers. All in all, he explains that the most time consuming part is to imagine a good solution. Coding it is quite straightforward. He adds that better an idea is, shorter the implementation will be.\n\n\n\nA Tale of six motherboards, three BSDs and coreboot\n\n\n\nAfter the lunch I decide to listen the talk about Coreboot. Indeed, 1 or 2 years ago I had listened the Libreboot project at Fosdem. Since they did several references to Coreboot, it's a perfect occasion to listen more carefully to this project. Piotr and Katazyba Kubaj explains us how to boot a machine without the native Bios. Indeed Coreboot can replace the bios, and de facto avoid several binaries imposed by the vendor. They explain that some motherboards are supporting their code. But they also show how difficult it is to flash a Bios and replace it by Coreboot. They even have destroyed a motherboard during the installation. Apparently because the power supply they were using was not stable enough with the 3v. It's really amazing to see that open source developers can go, by themselves, to such deep technical level.\n\n\n\nState of the DragonFly's graphics stack\n\n\n\nAfter this Coreboot talk, I decide to stay in the room to follow the presentation of Fran?ois Tigeot. Fran?ois is now one of the core developer of DrangonflyBSD, an amazing BSD system having his own filesystem called Hammer. Hammer offers several amazing features like snapshots, checksum data integrity, deduplication, ... Francois has spent his last years to integrate the video drivers developed for Linux inside DrangonflyBSD. \nHe explains that instead of adapting this code for the video card to the kernel API of DrangonflyBSD, he has \"simply\" build an intermediate layer between the kernel of DragonflyBSD and the video drivers. This is not said in the talk, but this effort is very impressive. Indeed, this is more or less a linux emulator inside DragonflyBSD.  Francois explains that he has started with Intel video driver (drm/i915), but now he is able to run drm/radeon quite well, but also drm/amdgpu and drm/nouveau.\n\n\n\nDiscovering OpenBSD on AWS\n\n\n\nThen I move to the small room at the upper level to follow a presentation made by Laurent Bernaille on OpenBSD and AWS. First Laurent explains that he is re-using the work done by Antoine Jacoutot concerning the integration of OpenBSD inside AWS. But on top of that he has integrated several other Open Source solutions allowing him to build OpenBSD machines very quickly with one command. Moreover those machines will have the network config, the required packages, ... On top of the slides presented, he shows us, in a real demo, how this system works. Amazing presentation which shows that, by putting the correct tools together, a machine builds and configure other machines in one go. \n\n\n\nOpenBSD Testing Infrastructure Behind bluhm.genua.de\n\n\n\nHere Jan Klemkow explains us that he has setup a lab where he is able to run different OpenBSD architectures. The system has been designed to be able to install, on demand, a certain version of OpenBSD on the different available machines. On top of that a regression test script can be triggered. This provides reports showing what is working and what is not more working on the different machines.  If I've well understood, Jan is willing to provide such lab to the core developers of OpenBSD in order to allow them to validate easily and quickly their code.  Some more effort is needed to reach this goal, but with what exists today, Jan and his colleague are quite close. Since his company is using OpenBSD business, to his eyes this system is a \"tit for tat\" to the OpenBSD community.\n\n\n\nFrench story on cybercrime\n\n\n\nThen comes the second keynote of the day in the big auditorium. This talk is performed by the colonel of french gendarmerie. Mr Freyssinet, who is head of the Cyber crimes unit inside the Gendarmerie.  Mr Freyssinet explains that the \"bad guys\" are more and more volatile across countries, and more and more organized. The small hacker in his room, alone, is no more the reality. As a consequence the different national police investigators are collaborating more inside an organization called Interpol.  What is amazing in his talk is that Mr Freyssinet talks about \"Crime as a service\". Indeed, more and more hackers are selling their services to some \"bad and temporary organizations\". \n\n\n\nSocial event\n\n\n\nIt's now time for the famous social event on the river: la Seine.  The organizers ask us to go, by small groups, to a station. There is a walk of 15 minutes inside Paris. Hopefully the weather is perfect. To identify them clearly several organizers takes a \"beastie fork\" in their hands and walk on the sidewalk generating some amazing reactions from some citizens and toursits. Some of them recognize the Freebsd logo and ask us some details. Amazing :-)\nWe walk on small and big sidewalks until a small stair going under the street. There, we have a train station a bit like a metro station. 3 stations later they ask us to go out. We walk few minutes and come in front of a boat having a double deck: one inside, with nice tables and chairs and one on the roof. But the crew ask us to go up, on the second deck. There, we are welcome with a glass of wine. The tour Eiffel is just at few 100 meters from us. Every hour the Eiffel tower is blinking for 5 minutes with thousands of small lights. Brilliant :-) \nWe see also the \"statue de la libertee\" (the small one) which is on a small island in the middle of the river.  During the whole night the bar will be open with drinks and some appetizers, snacks, ...  Such walking diner is perfect to talk with many different persons.  I've discussed with several persons just using BSD, they are not, like me, deep and specialized developers. One was from Switzerland, another one from Austria, and another one from Netherlands. But I've also followed a discussion with Theo de Raadt, several persons of the FreeBSD foundation. Some are very technical guys, other just users, like me. But all with the same passion for one of the BSD system. Amazing evening.\n\n\n\nOpenBSD's small steps towards DTrace (a tale about DDB and CTF)\n\n\n\nOn the second day, I decide to sleep enough in order to have enough resources to drive back to my home (3 hours by car). So I miss the 1st presentations, and arrive at the event around 10h30. Lot of persons are already present. Some faces are less \"fresh\" than others.\nI decide to listen to Dtrace in OpenBSD. After 10 minutes I am so lost into those too technical explainations, that I decide to open and look at my PC. My OpenBSD laptop is rarely leaving my home, so I've never had the need to have a screen locking system. In a crowded environment, this is better. So I was looking for a simple solution. I've looked at how to use xlock. I've combined it with the /ets/apm/suspend script, ... Always very easy to use OpenBSD :-)\n\n\n\nThe OpenBSD web stack\n\n\n\nThen I decide to follow the presentation of Michael W Lucas. Well know person for his different books about \"Absolute OpenBSD\", Relayd\", ...  Michael talks about the httpd daemon inside OpenBSD. But he also present his integration with Carp, Relayd, PF, FastCGI, the rules based on LUA regexp (opposed to perl regexp), ... For sure he emphasis on the security aspect of those tools: privilege separation, chroot, ...\n\n\n\nOpenSMTPD, current state of affairs\n\n\n\nThen I follow the presentation of Gilles Chehade about the OpenSMTPD project.  Amazing presentation that, on top of the technical challenges, shows how to manage such project across the years. Gilles is working on OpenSMTPD since 2007, thus 10 years !!!.  He explains the different decisions they took to make the software as simple as possible to use, but as secure as possible, too: privilege separation, chroot, pledge, random malloc, ? . The development starts on BSD systems, but once quite well known they received lot of contributions from Linux developers. \n\n\n\nHoisting: lessons learned integrating pledge into 500 programs\n\n\n\nAfter a small break, I decide to listen to Theo de Raadt, the founder of OpenBSD. In his own style, with trekking boots, shorts, backpack.  Theo starts by saying that Pledge is the outcome of nightmares. Theo explains that the book called \"Hacking blind\" presenting the BROP has worried him since few years.  That's why he developed Pledge as a tool killing a process as soon as possible when there is an unforeseen behavior of this program. For example, with Pledge a program which can only write to disk will be immediately killed if he tries to reach network.  By implementing Pledge in the +-500 programs present in the \"base\", OpenBSD is becoming more secured and more robust.\n\n\n\nConclusion\n\n\n\nMy first EuroBSDCon was a great, interesting and cool event. I've discussed with several BSD enthusiasts. I'm using OpenBSD since 2010, but I'm not a developer, so I was worried to be \"lost\" in the middle of experts. In fact it was not the case. At EuroBSDCon you have many different type of enthusiasts BSD's users. What is nice with the EuroBSDCon is that the organizers foresee everything for you. You just have to sit and listen. They foresee even how to spend, in a funny and very cool attitude, the evening of Saturday. \u0026gt; The small draw back is that all of this has a cost. In my case the whole weekend cost me a bit more than 500euro. Based on what I've learned, what I've saw this is very acceptable price. Nearly all presentations I saw give me a valuable input for my daily job.  For sure, the total price is also linked to my personal choice: hotel, parking.  And I'm surely biased because I'm used to go to the Fosdem in Brussels which cost nothing (entrance) and is approximately 45 minutes of my home. But Fosdem is not the same atmosphere and presentations are less linked to my daily job.\nI do not regret my trip to EuroBSDCon and will surely plan other ones.\n\n\n\n\nBeastie Bits\n\n\nImportant munitions lawyering\nAsiaBSDCon 2018 CFP is now open, until December 15th\nZSTD Compression for ZFS by Allan Jude\nNetBSD on Allwinner SoCs Update\n***\n\n\nFeedback/Questions\n\n\nTim - Creating Multi Boot USB sticks\nNomen - ZFS Questions\nJJ - Questions\nLars - Hardening Diffie-Hellman\n***\n","content_html":"\u003cp\u003eWe take a look at two-faced Oracle, cover a FAMP installation, how Netflix works the complex stuff, and show you who the patron of yak shaving is.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.theregister.co.uk/2017/10/12/oracle_must_grow_up_on_open_source/\" rel=\"nofollow\"\u003eWhy is Oracle so two-faced over open source?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOracle loves open source. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eExcept when the database giant hates open source. Which, according to its recent lobbying of the US federal government, seems to be \u0026quot;most of the time\u0026quot;. Yes, Oracle has recently joined the Cloud Native Computing Foundation (CNCF) to up its support for open-source Kubernetes and, yes, it has long supported (and contributed to) Linux. And, yes, Oracle has even gone so far as to (finally) open up Java development by putting it under a foundation\u0026#39;s stewardship. Yet this same, seemingly open Oracle has actively hammered the US government to consider that \u0026quot;there is no math that can justify open source from a cost perspective as the cost of support plus the opportunity cost of forgoing features, functions, automation and security overwhelm any presumed cost savings.\u0026quot; That punch to the face was delivered in a letter to Christopher Liddell, a former Microsoft CFO and now director of Trump\u0026#39;s American Technology Council, by Kenneth Glueck, Oracle senior vice president.\u003cbr\u003e\nThe US government had courted input on its IT modernisation programme. Others writing back to Liddell included AT\u0026amp;T, Cisco, Microsoft and VMware.\u003cbr\u003e\nIn other words, based on its letter, what Oracle wants us to believe is that open source leads to greater costs and poorly secured, limply featured software. Nor is Oracle content to leave it there, also arguing that open source is exactly how the private sector does not function, seemingly forgetting that most of the leading infrastructure, big data, and mobile software today is open source.\u003cbr\u003e\nDetails! Rather than take this counterproductive detour into self-serving silliness, Oracle would do better to follow Microsoft\u0026#39;s path. Microsoft, too, used to Janus-face its way through open source, simultaneously supporting and bashing it. Only under chief executive Satya Nadella\u0026#39;s reign did Microsoft realise it\u0026#39;s OK to fully embrace open source, and its financial results have loved the commitment. Oracle has much to learn, and emulate, in Microsoft\u0026#39;s approach.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI love you, you\u0026#39;re perfect. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow change Oracle has never been particularly warm and fuzzy about open source. As founder Larry Ellison might put it, Oracle is a profit-seeking corporation, not a peace-loving charity. To the extent that Oracle embraces open source, therefore it does so for financial reward, just like every other corporation. Few, however, are as blunt as Oracle about this fact of corporate open-source life. As Ellison told the Financial Times back in 2006: \u0026quot;If an open-source product gets good enough, we\u0026#39;ll simply take it. So the great thing about open source is nobody owns it – a company like Oracle is free to take it for nothing, include it in our products and charge for support, and that\u0026#39;s what we\u0026#39;ll do. \u0026quot;So it is not disruptive at all – you have to find places to add value. Once open source gets good enough, competing with it would be insane... We don\u0026#39;t have to fight open source, we have to exploit open source.\u0026quot; \u0026quot;Exploit\u0026quot; sounds about right. While Oracle doesn\u0026#39;t crack the top-10 corporate contributors to the Linux kernel, it does register a respectable number 12, which helps it influence the platform enough to feel comfortable building its IaaS offering on Linux (and Xen for virtualisation). Oracle has also managed to continue growing MySQL\u0026#39;s clout in the industry while improving it as a product and business. As for Kubernetes, Oracle\u0026#39;s decision to join the CNCF also came with P\u0026amp;L strings attached. \u0026quot;CNCF technologies such as Kubernetes, Prometheus, gRPC and OpenTracing are critical parts of both our own and our customers\u0026#39; development toolchains,\u0026quot; said Mark Cavage, vice president of software development at Oracle. One can argue that Oracle has figured out the exploitation angle reasonably well. This, however, refers to the right kind of exploitation, the kind that even free software activist Richard Stallman can love (or, at least, tolerate). But when it comes to government lobbying, Oracle looks a lot more like Mr Hyde than Dr Jekyll.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLies, damned lies, and Oracle lobbying\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe current US president has many problems (OK, many, many problems), but his decision to follow the Obama administration\u0026#39;s support for IT modernisation is commendable. Most recently, the Trump White House asked for feedback on how best to continue improving government IT. Oracle\u0026#39;s response is high comedy in many respects. As TechDirt\u0026#39;s Mike Masnick summarises, Oracle\u0026#39;s \u0026quot;latest crusade is against open-source technology being used by the federal government – and against the government hiring people out of Silicon Valley to help create more modern systems. Instead, Oracle would apparently prefer the government just give it lots of money.\u0026quot; Oracle is very good at making lots of money. As such, its request for even more isn\u0026#39;t too surprising. What is surprising is the brazenness of its position. As Masnick opines: \u0026quot;The sheer contempt found in Oracle\u0026#39;s submission on IT modernization is pretty stunning.\u0026quot; Why? Because Oracle contradicts much that it publicly states in other forums about open source and innovation. More than this, Oracle contradicts much of what we now know is essential to competitive differentiation in an increasingly software and data-driven world.\u003cbr\u003e\nTake, for example, Oracle\u0026#39;s contention that \u0026quot;significant IT development expertise is not... central to successful modernization efforts\u0026quot;. What? In our \u0026quot;software is eating the world\u0026quot; existence Oracle clearly believes that CIOs are buyers, not doers: \u0026quot;The most important skill set of CIOs today is to critically compete and evaluate commercial alternatives to capture the benefits of innovation conducted at scale, and then to manage the implementation of those technologies efficiently.\u0026quot; While there is some truth to Oracle\u0026#39;s claim – every project shouldn\u0026#39;t be a custom one-off that must be supported forever – it\u0026#39;s crazy to think that a CIO – government or otherwise – is doing their job effectively by simply shovelling cash into vendors\u0026#39; bank accounts.\u003cbr\u003e\nIndeed, as Masnick points out: \u0026quot;If it weren\u0026#39;t for Oracle\u0026#39;s failures, there might not even be a USDS [the US Digital Service created in 2014 to modernise federal IT]. USDS really grew out of the emergency hiring of some top-notch internet engineers in response to the Healthcare.gov rollout debacle. And if you don\u0026#39;t recall, a big part of that debacle was blamed on Oracle\u0026#39;s technology.\u0026quot; In short, blindly giving money to Oracle and other big vendors is the opposite of IT modernisation.\u003cbr\u003e\nIn its letter to Liddell, Oracle proceeded to make the fantastic (by which I mean \u0026quot;silly and false\u0026quot;) claim that \u0026quot;the fact is that the use of open-source software has been declining rapidly in the private sector\u0026quot;. What?!? This is so incredibly untrue that Oracle should score points for being willing to say it out loud. Take a stroll through the most prominent software in big data (Hadoop, Spark, Kafka, etc.), mobile (Android), application development (Kubernetes, Docker), machine learning/AI (TensorFlow, MxNet), and compare it to Oracle\u0026#39;s statement. One conclusion must be that Oracle believes its CIO audience is incredibly stupid. Oracle then tells a half-truth by declaring: \u0026quot;There is no math that can justify open source from a cost perspective.\u0026quot; How so? Because \u0026quot;the cost of support plus the opportunity cost of forgoing features, functions, automation and security overwhelm any presumed cost savings.\u0026quot; Which I guess is why Oracle doesn\u0026#39;t use any open source like Linux, Kubernetes, etc. in its services.\u003cbr\u003e\nOops.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Vendor Formerly Known As Satan\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe thing is, Oracle doesn\u0026#39;t need to do this and, for its own good, shouldn\u0026#39;t do this. After all, we already know how this plays out. We need only look at what happened with Microsoft. Remember when Microsoft wanted us to \u0026quot;get the facts\u0026quot; about Linux? Now it\u0026#39;s a big-time contributor to Linux. Remember when it told us open source was anti-American and a cancer? Now it aggressively contributes to a huge variety of open-source projects, some of them homegrown in Redmond, and tells the world that \u0026quot;Microsoft loves open source.\u0026quot; Of course, Microsoft loves open source for the same reason any corporation does: it drives revenue as developers look to build applications filled with open-source components on Azure. There\u0026#39;s nothing wrong with that. \u003cbr\u003e\nWould Microsoft prefer government IT to purchase SQL Server instead of open-source-licensed PostgreSQL? Sure. But look for a single line in its response to the Trump executive order that signals \u0026quot;open source is bad\u0026quot;. You won\u0026#39;t find it. Why? Because Microsoft understands that open source is a friend, not foe, and has learned how to monetise it. Microsoft, in short, is no longer conflicted about open source. It can compete at the product level while embracing open source at the project level, which helps fuel its overall product and business strategy. Oracle isn\u0026#39;t there yet, and is still stuck where Microsoft was a decade ago.\u003cbr\u003e\nIt\u0026#39;s time to grow up, Oracle. For a company that builds great software and understands that it increasingly needs to depend on open source to build that software, it\u0026#39;s disingenuous at best to lobby the US government to put the freeze on open source. Oracle needs to learn from Microsoft, stop worrying and love the open-source bomb. It was a key ingredient in Microsoft\u0026#39;s resurgence. Maybe it could help Oracle get a cloud clue, too.  \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.linuxsecrets.com/home/3164-install-famp-on-freebsd\" rel=\"nofollow\"\u003eInstall FAMP on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe acronym FAMP refers to a set of free open source applications which are commonly used in Web server environments called Apache, MySQL and PHP on the FreeBSD operating system, which provides a server stack that provides web services, database and PHP.\u003c/li\u003e\n\u003cli\u003ePrerequisites\n\n\u003cul\u003e\n\u003cli\u003esudo Installed and working - Please read\u003c/li\u003e\n\u003cli\u003eApache\u003c/li\u003e\n\u003cli\u003ePHP5 or PHP7 \u003c/li\u003e\n\u003cli\u003eMySQL or MariaDB\u003c/li\u003e\n\u003cli\u003eInstall your favorite editor, ours is vi\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNote: You don\u0026#39;t need to upgrade FreeBSD but make sure all patches have been installed and your port tree is up-2-date if you plan to update by ports.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall Ports\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ccode\u003eportsnap fetch\u003c/code\u003e\u003cbr\u003e\nYou must use sudo for each indivdual command during installations. Please see link above for installing sudo.\u003cbr\u003e\nSearching Available Apache Versions to Install\u003cbr\u003e\n\u003ccode\u003epkg search apache\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall Apache\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo install Apache 2.4 using pkg. The apache 2.4 user account managing Apache is www in FreeBSD.\u003cbr\u003e\n\u003ccode\u003epkg install apache24\u003c/code\u003e\u003cbr\u003e\nConfirmation yes prompt and hit y for yes to install Apache 2.4 This installs Apache and its dependencies. \u003cbr\u003e\nEnable Apache use sysrc to update services to be started at boot time, Command below adds \u0026quot;apache24_enable=\u0026quot;YES\u0026quot; to the /etc/rc.conf file. For sysrc commands please read\u003cbr\u003e\n\u003ccode\u003esysrc apache24_enable=yes\u003c/code\u003e\u003cbr\u003e\nStart Apache\u003cbr\u003e\n\u003ccode\u003eservice apache24 start\u003c/code\u003e\u003cbr\u003e\nVisit web address by accessing your server\u0026#39;s public IP address in your web browser \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow To find Your Server\u0026#39;s Public IP Address\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you do not know what your server\u0026#39;s public IP address is, there are a number of ways that you can find it. Usually, this is the address you use to connect to your server through SSH.\u003cbr\u003e\n\u003ccode\u003eifconfig vtnet0 | grep \u0026quot;inet \u0026quot; | awk \u0026#39;{ print $2 }\u0026#39;\u003c/code\u003e\u003cbr\u003e\nNow that you have the public IP address, you may use it in your web browser\u0026#39;s address bar to access your web server.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall MySQL\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow that we have our web server up and running, it is time to install MySQL, the relational database management system. The MySQL server will organize and provide access to databases where our server can store information. Install MySQL 5.7 using pkg by typing\u003cbr\u003e\n\u003ccode\u003epkg install mysql57-server\u003c/code\u003e\u003cbr\u003e\nEnter y at the confirmation prompt. This installs the MySQL server and client packages.\u003cbr\u003e\nTo enable MySQL server as a service, add mysql_enable=\u0026quot;YES\u0026quot; to the /etc/rc.conf file. This sysrc command will do just that\u003cbr\u003e\n\u003ccode\u003esysrc mysql_enable=yes\u003c/code\u003e\u003cbr\u003e\nNow start the MySQL server\u003cbr\u003e\n\u003ccode\u003eservice mysql-server start\u003c/code\u003e\u003cbr\u003e\nNow run the security script that will remove some dangerous defaults and slightly restrict access to your database system.\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode class=\"mysql_secure_installation```\"\u003eAnswer all questions to secure your newly installed MySQL database. Enter current password for root (enter for none): [RETURN]\nYour database system is now set up and we can move on.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall PHP5 or PHP70\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ccode\u003epkg search php70\u003c/code\u003e\u003cbr\u003e\nInstall PHP70 you would do the following by typing\u003cbr\u003e\n\u003ccode\u003epkg install php70-mysqli mod_php70\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNote: In these instructions we are using php5.7 not php7.0. We will be coming out with php7.0 instructions with FPM.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePHP is the component of our setup that will process code to display dynamic content. It can run scripts, connect to MySQL databases to get information, and hand the processed content over to the web server to display. We\u0026#39;re going to install the mod_php, php-mysql, and php-mysqli packages. To install PHP 5.7 with pkg, run this command\u003cbr\u003e\n\u003ccode\u003epkg install mod_php56 php56-mysql php56-mysqli\u003c/code\u003e\u003cbr\u003e\nCopy sample PHP configuration file into place.\u003cbr\u003e\n\u003ccode\u003ecp /usr/local/etc/php.ini-production /usr/local/etc/php.ini\u003c/code\u003e\u003cbr\u003e\nRegenerate the system\u0026#39;s cached information about your installed executable files\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode class=\"rehash```\"\u003eBefore using PHP, you must configure it to work with Apache.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall PHP Modules (Optional)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo enhance the functionality of PHP, we can optionally install some additional modules. To see the available options for PHP 5.6 modules and libraries, you can type this into your system\u003cbr\u003e\n\u003ccode\u003epkg search php56\u003c/code\u003e\u003cbr\u003e\nGet more information about each module you can look at the long description of the package by typing\u003cbr\u003e\n\u003ccode\u003epkg search -f apache24\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOptional Install Example\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u003ccode\u003epkg install php56-calendar\u003c/code\u003e\u003cbr\u003e\nConfigure Apache to Use PHP Module\u003cbr\u003e\nOpen the Apache configuration file\u003cbr\u003e\n\u003ccode\u003evim /usr/local/etc/apache24/Includes/php.conf\u003c/code\u003e\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026lt;IfModule dir_module\u0026gt;\n    DirectoryIndex index.php index.html\nNext, we will configure Apache to process requested PHP files with the PHP processor. Add these lines to the end of the file:\n    \u0026lt;FilesMatch \u0026quot;\\.php$\u0026quot;\u0026gt;\n        SetHandler application/x-httpd-php\n    \u0026lt;/FilesMatch\u0026gt;\n    \u0026lt;FilesMatch \u0026quot;\\.phps$\u0026quot;\u0026gt;\n        SetHandler application/x-httpd-php-source\n    \u0026lt;/FilesMatch\u0026gt;\n\u0026lt;/IfModule\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eNow restart Apache to put the changes into effect\u003cbr\u003e\n\u003ccode\u003eservice apache24 restart\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTest PHP Processing\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBy default, the DocumentRoot is set to /usr/local/www/apache24/data. We can create the info.php file under that location by typing\u003cbr\u003e\n\u003ccode\u003evim /usr/local/www/apache24/data/info.php\u003c/code\u003e\u003cbr\u003e\nAdd following line to info.php and save it.\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026lt;?php phpinfo(); ?\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDetails on info.php\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003einfo.php file gives you information about your server from the perspective of PHP. It\u0026#39; useful for debugging and to ensure that your settings are being applied correctly.\u003cbr\u003e\nIf this was successful, then your PHP is working as expected.\u003cbr\u003e\nYou probably want to remove info.php after testing because it could actually give information about your server to unauthorized users. Remove file by typing\u003cbr\u003e\n\u003ccode\u003erm /usr/local/www/apache24/data/info.php\u003c/code\u003e\u003cbr\u003e\nNote: Make sure Apache / meaning the root of Apache is owned by user which should have been created during the Apache install is the owner of the /usr/local/www structure.\u003cbr\u003e\nThat explains FAMP on FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003eIXsystems\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=GG_NvKuh530\" rel=\"nofollow\"\u003eIXsystems TrueNAS X10 Torture Test \u0026amp; Fail Over Systems In Action with the ZFS File System\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/refraction-tech-everything/how-netflix-works-the-hugely-simplified-complex-stuff-that-happens-every-time-you-hit-play-3a40c9be254b\" rel=\"nofollow\"\u003eHow Netflix works: what happens every time you hit Play\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNot long ago, House of Cards came back for the fifth season, finally ending a long wait for binge watchers across the world who are interested in an American politician’s ruthless ascendance to presidency. For them, kicking off a marathon is as simple as reaching out for your device or remote, opening the Netflix app and hitting Play. Simple, fast and instantly gratifying. What isn’t as simple is what goes into running Netflix, a service that streams around 250 million hours of video per day to around 98 million paying subscribers in 190 countries. At this scale, providing quality entertainment in a matter of a few seconds to every user is no joke. And as much as it means building top-notch infrastructure at a scale no other Internet service has done before, it also means that a lot of participants in the experience have to be negotiated with and kept satiated?—?from production companies supplying the content, to internet providers dealing with the network traffic Netflix brings upon them.\u003cbr\u003e\nThis is, in short and in the most layman terms, how Netflix works.\u003cbr\u003e\nLet us just try to understand how Netflix is structured on the technological side with a simple example.\u003cbr\u003e\nNetflix literally ushered in a revolution around ten years ago by rewriting the applications that run the entire service to fit into a microservices architecture?—?which means that each application, or microservice’s code and resources are its very own. It will not share any of it with any other app by nature. And when two applications do need to talk to each other, they use an application programming interface (API)?—?a tightly-controlled set of rules that both programs can handle. Developers can now make many changes, small or huge, to each application as long as they ensure that it plays well with the API. And since the one program knows the other’s API properly, no change will break the exchange of information.\u003cbr\u003e\nNetflix estimates that it uses around 700 microservices to control each of the many parts of what makes up the entire Netflix service: one microservice stores what all shows you watched, one deducts the monthly fee from your credit card, one provides your device with the correct video files that it can play, one takes a look at your watching history and uses algorithms to guess a list of movies that you will like, and one will provide the names and images of these movies to be shown in a list on the main menu. And that’s the tip of the iceberg. Netflix engineers can make changes to any part of the application and can introduce new changes rapidly while ensuring that nothing else in the entire service breaks down.\u003cbr\u003e\nThey made a courageous decision to get rid of maintaining their own servers and move all of their stuff to the cloud?—?i.e. run everything on the servers of someone else who dealt with maintaining the hardware while Netflix engineers wrote hundreds of programs and deployed it on the servers rapidly. The someone else they chose for their cloud-based infrastructure is Amazon Web Services (AWS).\u003cbr\u003e\nNetflix works on thousands of devices, and each of them play a different format of video and sound files. Another set of AWS servers take this original film file, and convert it into hundreds of files, each meant to play the entire show or film on a particular type of device and a particular screen size or video quality. One file will work exclusively on the iPad, one on a full HD Android phone, one on a Sony TV that can play 4K video and Dolby sound, one on a Windows computer, and so on. Even more of these files can be made with varying video qualities so that they are easier to load on a poor network connection. This is a process known as transcoding. A special piece of code is also added to these files to lock them with what is called digital rights management or DRM?—?a technological measure which prevents piracy of films.\u003cbr\u003e\nThe Netflix app or website determines what particular device you are using to watch, and fetches the exact file for that show meant to specially play on your particular device, with a particular video quality based on how fast your internet is at that moment.\u003cbr\u003e\nHere, instead of relying on AWS servers, they install their very own around the world. But it has only one purpose?—?to store content smartly and deliver it to users. Netflix strikes deals with internet service providers and provides them the red box you saw above at no cost. ISPs install these along with their servers. These Open Connect boxes download the Netflix library for their region from the main servers in the US?—?if there are multiple of them, each will rather store content that is more popular with Netflix users in a region to prioritise speed. So a rarely watched film might take time to load more than a Stranger Things episode. Now, when you will connect to Netflix, the closest Open Connect box to you will deliver the content you need, thus videos load faster than if your Netflix app tried to load it from the main servers in the US.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn a nutshell… This is what happens when you hit that Play button:\n\n\u003cul\u003e\n\u003cli\u003eHundreds of microservices, or tiny independent programs, work together to make one large Netflix service.\u003c/li\u003e\n\u003cli\u003eContent legally acquired or licensed is converted into a size that fits your screen, and protected from being copied.\u003c/li\u003e\n\u003cli\u003eServers across the world make a copy of it and store it so that the closest one to you delivers it at max quality and speed.\u003c/li\u003e\n\u003cli\u003eWhen you select a show, your Netflix app cherry picks which of these servers will it load the video from\u0026gt;\u003c/li\u003e\n\u003cli\u003eYou are now gripped by Frank Underwood’s chilling tactics, given depression by BoJack Horseman’s rollercoaster life, tickled by Dev in Master of None and made phobic to the future of technology by the stories in Black Mirror. And your lifespan decreases as your binge watching turns you into a couch potato.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt looked so simple before, right?\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://dan.langille.org/2017/11/15/moving-freshports/\" rel=\"nofollow\"\u003eMoving FreshPorts\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday I moved the FreshPorts website from one server to another. My goal is for nobody to notice.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn preparation for this move, I have:\n\n\u003cul\u003e\n\u003cli\u003eDNS TTL reduced to 60s\u003c/li\u003e\n\u003cli\u003ePosted to Twitter\u003c/li\u003e\n\u003cli\u003eUpdated the status page\u003c/li\u003e\n\u003cli\u003ePut the website put in offline mode:\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWhat was missed\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI turned off commit processing on the new server, but I did not do this on the old server. I should have:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003esudo svc -d /var/service/freshports\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThat stops processing of incoming commits. No data is lost, but it keeps the two databases at the same spot in history. Commit processing could continue during the database dumping, but that does not affect the dump, which will be consistent regardless.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe offline code\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere is the basic stuff I used to put the website into offline mode. The main points are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eheader(“HTTP/1.1 503 Service Unavailable”);\u003c/li\u003e\n\u003cli\u003eErrorDocument 404 /index.php\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI move the DocumentRoot to a new directory, containing only index.php. Every error invokes index.php, which returns a 503 code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe dump\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe database dump just started (Sun Nov 5 17:07:22 UTC 2017).\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eroot@pg96:~ # /usr/bin/time pg_dump -h 206.127.23.226 -Fc -U dan freshports.org \u0026gt; freshports.org.9.6.dump\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThat should take about 30 minutes. I have set a timer to remind me. Total time was:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e1464.82 real      1324.96 user        37.22 sys\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThe MD5 is:\u003cbr\u003e\n\u003ccode\u003eMD5 (freshports.org.9.6.dump) = 5249b45a93332b8344c9ce01245a05d5\u003c/code\u003e\u003cbr\u003e\nIt is now: Sun Nov 5 17:34:07 UTC 2017\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e The rsync\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe rsync should take about 10-20 minutes. I have already done an rsync of yesterday’s dump file. The rsync today should copy over only the deltas (i.e. differences).  The rsync started at about Sun Nov 5 17:36:05 UTC 2017 That took 2m9.091s The MD5 matches.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe restore\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe restore should take about 30 minutes. I ran this test yesterday. It is now Sun Nov 5 17:40:03 UTC 2017.\u003c/p\u003e\n\n\u003cp\u003e```$ createdb -T template0 -E SQL_ASCII freshports.testing\u003cbr\u003e\n$ time pg_restore -j 16 -d freshports.testing freshports.org.9.6.dump\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eDone.\n\n```real    25m21.108s\nuser    1m57.508s\nsys     0m15.172s\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eIt is now Sun Nov 5 18:06:22 UTC 2017.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInsert break here\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAbout here, I took a 30 minute break to run an errand. It was worth it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eChanging DNS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m ready to change DNS now. It is Sun Nov 5 19:49:20 EST 2017 Done. And nearly immediately, traffic started.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow many misses?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDuring this process, XXXXX requests were declined:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ grep -c \u0026#39;\u0026quot; 503 \u0026#39; /usr/websites/log/freshports.org-access.log\nXXXXX\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThat’s it, we’re done\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTotal elapsed time: 1 hour 48 minutes. There are still a number of things to follow up on, but that was the transfers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dan.langille.org/2017/11/17/x8dtu-3/\" rel=\"nofollow\"\u003eThe new FreshPorts Server\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2017-November/005876.html\" rel=\"nofollow\"\u003eUsing bhyve on top of CEPH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHi,\u003c/li\u003e\n\u003cli\u003eJust an info point.\u003c/li\u003e\n\u003cli\u003eI\u0026#39;m preparing for a lecture tomorrow, and thought why not do an actual demo.... Like to be friends with Murphy :)\u003c/li\u003e\n\u003cli\u003eSo after I started the cluster:\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e5 jails with 7 OSDs\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThis what I manually needed to do to boot a memory stick\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eStart een Bhyve instance\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003erbd --dest-pool rbd_data --no-progress import memstick.img memstick\u003cbr\u003e\nrbd-ggate map rbd_data/memstick\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eggate-devvice is available on /dev/ggate1\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ekldload vmm\u003cbr\u003e\nkldload nmdm\u003cbr\u003e\nkldload if_tap\u003cbr\u003e\nkldload if_bridge\u003cbr\u003e\nkldload cpuctl\u003cbr\u003e\nsysctl net.link.tap.up_on_open=1\u003cbr\u003e\nifconfig bridge0 create\u003cbr\u003e\nifconfig bridge0 addm em0 up\u003cbr\u003e\nifconfig\u003cbr\u003e\nifconfig tap11 create\u003cbr\u003e\nifconfig bridge0 addm tap11\u003cbr\u003e\nifconfig tap11 up\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eload the GGate disk in bhyve\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ebhyveload -c /dev/nmdm11A -m 2G -d /dev/ggate1 FB11\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eand boot a single from it.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ebhyve -H -P -A -c 1 -m 2G -l com1,/dev/nmdm11A -s 0:0,hostbridge -s \u003cbr\u003e\n1:0,lpc -s 2:0,virtio-net,tap11 -s 4,ahci-hd,/dev/ggate1 FB11 \u0026amp;\u003cbr\u003e\nbhyvectl --vm=FB11 --get-stats\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConnect to the VM\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ecu -l /dev/nmdm11B\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnd that\u0026#39;ll give you a bhyve VM running on an RBD image over ggate.\u003c/li\u003e\n\u003cli\u003eIn the installer I tested reading from the bootdisk:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eroot@:/ # dd if=/dev/ada0 of=/dev/null bs=32M\u003cbr\u003e\n21+1 records in\u003cbr\u003e\n21+1 records out\u003cbr\u003e\n734077952 bytes transferred in 5.306260 secs (138341865 bytes/sec)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ewhich is a nice 138Mb/sec.\u003c/li\u003e\n\u003cli\u003eHope the demonstration does work out tomorrow.\u003c/li\u003e\n\u003cli\u003e--WjW\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://yakshav.es/the-patron-saint-of-yakshaves/\" rel=\"nofollow\"\u003eDonald Knuth - The Patron Saint of Yak Shaves\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eExcerpts:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn 2015, I gave a talk in which I called Donald Knuth the Patron Saint of Yak Shaves. The reason is that Donald Knuth achieved the most perfect and long-running yak shave: TeX. I figured this is worth repeating.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow to achieve the ultimate Yak Shave\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe ultimate yak shave is the combination of improbable circumstance, the privilege to be able to shave at your hearts will and the will to follow things through to the end. Here’s the way it was achieved with TeX. The recount is purely mine, inaccurate and obviously there for fun. I’ll avoid the most boring facts that everyone always tells, such as why Knuth’s checks have their own Wikipedia page.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCommunity Shaving is Best Shaving\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince the release of TeX, the community has been busy working on using it as a platform. If you ever downloaded the full TeX distribution, please bear in mind that you are downloading the amassed work of over 40 years, to make sure that each and every TeX document ever written builds. We’re talking about documents here.\u003cbr\u003e\nBut mostly, two big projects sprung out of that. The first is LaTeX by Leslie Lamport. Lamport is a very productive researcher, famous for research in formal methods through TLA+ and also known laying groundwork for many distributed algorithms. LaTeX is based on the idea of separating presentation and content. It is based around the idea of document classes, which then describe the way a certain document is laid out. Think Markdown, just much more complex. The second is ConTeXt, which is far more focused on fine grained layout control.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Moral of the Story\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhenever you feel like “can’t we just replace this whole thing, it can’t be so hard” when handling TeX, don’t forget how many years of work and especially knowledge were poured into that system. Typesetting isn’t the most popular knowledge around programmers. Especially see it in the context of the space it is in: they can’t remove legacy. Ever. That would break documents.\u003cbr\u003e\nTeX is also not a programming language. It might resemble one, but mostly, it should be approached as a typesetting system first. A lot of it\u0026#39;s confusing lingo gets much better then. It’s not programming lingo. By approaching TeX with an understanding for its history, a lot of things can be learned from it. And yes, a replacement would be great, but it would take ages.\u003cbr\u003e\nIn any case, I hope I thoroughly convinced you why Donald Knuth is the Patron Saint of Yak Shaves.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eExtra Credits\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis comes out of a enjoyable discussion with [Arne from Lambda Island](\u003ca href=\"https://lambdaisland.com/https://lambdaisland.com/\" rel=\"nofollow\"\u003ehttps://lambdaisland.com/https://lambdaisland.com/\u003c/a\u003e, who listened and said “you should totally turn this into a talk”.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.vincentdelft.be/post/post_20171016\" rel=\"nofollow\"\u003eVincent’s trip to EuroBSDCon 2017\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMy euroBSDCon 2017\u003c/li\u003e\n\u003cli\u003ePosted on 2017-10-16 09:43:00 from Vincent in Open Bsd\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet me just share my feedback on those 2 days spent in Paris for the EuroBSDCon. My 1st BSDCon. I\u0026#39;m not a developer, contributor, ... Do not expect to improve your skills with OpenBSD with this text :-) I know, we are on October 16th, and the EuroBSDCon of Paris was 3 weeks ago :( I\u0026#39;m not quick !!! Sorry for that\u003cbr\u003e\nArrival at 10h, I\u0026#39;m too late for the start of the key note.  The few persons behind a desk welcome me by talking in Dutch, mainly because of my name. Indeed, Delft is a city in Netherlands, but also a well known university. I inform them that I\u0026#39;m from Belgium, and the discussion moves to the fact the Fosdem is located in Brussels. I receive my nice T-shirt white and blue, a bit like the marine T-shirts, but with the nice EuroBSDCon logo. I\u0026#39;m asking where are the different rooms reserved for the BSD event. We have 1 big on the 1st floor, 1 medium 1 level below, and 2 smalls 1 level above. All are really easy to access.  In this entrance we have 4 or 5 tables with some persons representing their company. Those are mainly the big sponsors of the event providing details about their activity and business. I discuss a little bit with StormShield and Gandi.  On other tables people are selling BSD t-shirts, and they will quickly be sold.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Is it done yet ?\u0026quot; The never ending story of pkg tools\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the last Fosdem, I\u0026#39;ve already hear Antoine and Baptiste presenting the OpenBSD and FreeBSD battle, I decide to listen Marc Espie in the medium room called Karnak. Marc explains that he has rewritten completely the pkg_add command. He explains that, at contrario with other elements of OpenBSD, the packages tools must be backward compatible and stable on a longer period than 12 months (the support period for OpenBSD).  On the funny side, he explains that he has his best idea inside his bath. Hackathons are also used to validate some ideas with other OpenBSD developers. All in all, he explains that the most time consuming part is to imagine a good solution. Coding it is quite straightforward. He adds that better an idea is, shorter the implementation will be.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Tale of six motherboards, three BSDs and coreboot\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter the lunch I decide to listen the talk about Coreboot. Indeed, 1 or 2 years ago I had listened the Libreboot project at Fosdem. Since they did several references to Coreboot, it\u0026#39;s a perfect occasion to listen more carefully to this project. Piotr and Katazyba Kubaj explains us how to boot a machine without the native Bios. Indeed Coreboot can replace the bios, and de facto avoid several binaries imposed by the vendor. They explain that some motherboards are supporting their code. But they also show how difficult it is to flash a Bios and replace it by Coreboot. They even have destroyed a motherboard during the installation. Apparently because the power supply they were using was not stable enough with the 3v. It\u0026#39;s really amazing to see that open source developers can go, by themselves, to such deep technical level.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eState of the DragonFly\u0026#39;s graphics stack\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter this Coreboot talk, I decide to stay in the room to follow the presentation of Fran?ois Tigeot. Fran?ois is now one of the core developer of DrangonflyBSD, an amazing BSD system having his own filesystem called Hammer. Hammer offers several amazing features like snapshots, checksum data integrity, deduplication, ... Francois has spent his last years to integrate the video drivers developed for Linux inside DrangonflyBSD. \u003cbr\u003e\nHe explains that instead of adapting this code for the video card to the kernel API of DrangonflyBSD, he has \u0026quot;simply\u0026quot; build an intermediate layer between the kernel of DragonflyBSD and the video drivers. This is not said in the talk, but this effort is very impressive. Indeed, this is more or less a linux emulator inside DragonflyBSD.  Francois explains that he has started with Intel video driver (drm/i915), but now he is able to run drm/radeon quite well, but also drm/amdgpu and drm/nouveau.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDiscovering OpenBSD on AWS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen I move to the small room at the upper level to follow a presentation made by Laurent Bernaille on OpenBSD and AWS. First Laurent explains that he is re-using the work done by Antoine Jacoutot concerning the integration of OpenBSD inside AWS. But on top of that he has integrated several other Open Source solutions allowing him to build OpenBSD machines very quickly with one command. Moreover those machines will have the network config, the required packages, ... On top of the slides presented, he shows us, in a real demo, how this system works. Amazing presentation which shows that, by putting the correct tools together, a machine builds and configure other machines in one go. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD Testing Infrastructure Behind bluhm.genua.de\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere Jan Klemkow explains us that he has setup a lab where he is able to run different OpenBSD architectures. The system has been designed to be able to install, on demand, a certain version of OpenBSD on the different available machines. On top of that a regression test script can be triggered. This provides reports showing what is working and what is not more working on the different machines.  If I\u0026#39;ve well understood, Jan is willing to provide such lab to the core developers of OpenBSD in order to allow them to validate easily and quickly their code.  Some more effort is needed to reach this goal, but with what exists today, Jan and his colleague are quite close. Since his company is using OpenBSD business, to his eyes this system is a \u0026quot;tit for tat\u0026quot; to the OpenBSD community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrench story on cybercrime\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen comes the second keynote of the day in the big auditorium. This talk is performed by the colonel of french gendarmerie. Mr Freyssinet, who is head of the Cyber crimes unit inside the Gendarmerie.  Mr Freyssinet explains that the \u0026quot;bad guys\u0026quot; are more and more volatile across countries, and more and more organized. The small hacker in his room, alone, is no more the reality. As a consequence the different national police investigators are collaborating more inside an organization called Interpol.  What is amazing in his talk is that Mr Freyssinet talks about \u0026quot;Crime as a service\u0026quot;. Indeed, more and more hackers are selling their services to some \u0026quot;bad and temporary organizations\u0026quot;. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSocial event\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt\u0026#39;s now time for the famous social event on the river: la Seine.  The organizers ask us to go, by small groups, to a station. There is a walk of 15 minutes inside Paris. Hopefully the weather is perfect. To identify them clearly several organizers takes a \u0026quot;beastie fork\u0026quot; in their hands and walk on the sidewalk generating some amazing reactions from some citizens and toursits. Some of them recognize the Freebsd logo and ask us some details. Amazing :-)\u003cbr\u003e\nWe walk on small and big sidewalks until a small stair going under the street. There, we have a train station a bit like a metro station. 3 stations later they ask us to go out. We walk few minutes and come in front of a boat having a double deck: one inside, with nice tables and chairs and one on the roof. But the crew ask us to go up, on the second deck. There, we are welcome with a glass of wine. The tour Eiffel is just at few 100 meters from us. Every hour the Eiffel tower is blinking for 5 minutes with thousands of small lights. Brilliant :-) \u003cbr\u003e\nWe see also the \u0026quot;statue de la libertee\u0026quot; (the small one) which is on a small island in the middle of the river.  During the whole night the bar will be open with drinks and some appetizers, snacks, ...  Such walking diner is perfect to talk with many different persons.  I\u0026#39;ve discussed with several persons just using BSD, they are not, like me, deep and specialized developers. One was from Switzerland, another one from Austria, and another one from Netherlands. But I\u0026#39;ve also followed a discussion with Theo de Raadt, several persons of the FreeBSD foundation. Some are very technical guys, other just users, like me. But all with the same passion for one of the BSD system. Amazing evening.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD\u0026#39;s small steps towards DTrace (a tale about DDB and CTF)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn the second day, I decide to sleep enough in order to have enough resources to drive back to my home (3 hours by car). So I miss the 1st presentations, and arrive at the event around 10h30. Lot of persons are already present. Some faces are less \u0026quot;fresh\u0026quot; than others.\u003cbr\u003e\nI decide to listen to Dtrace in OpenBSD. After 10 minutes I am so lost into those too technical explainations, that I decide to open and look at my PC. My OpenBSD laptop is rarely leaving my home, so I\u0026#39;ve never had the need to have a screen locking system. In a crowded environment, this is better. So I was looking for a simple solution. I\u0026#39;ve looked at how to use xlock. I\u0026#39;ve combined it with the /ets/apm/suspend script, ... Always very easy to use OpenBSD :-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenBSD web stack\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen I decide to follow the presentation of Michael W Lucas. Well know person for his different books about \u0026quot;Absolute OpenBSD\u0026quot;, Relayd\u0026quot;, ...  Michael talks about the httpd daemon inside OpenBSD. But he also present his integration with Carp, Relayd, PF, FastCGI, the rules based on LUA regexp (opposed to perl regexp), ... For sure he emphasis on the security aspect of those tools: privilege separation, chroot, ...\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenSMTPD, current state of affairs\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen I follow the presentation of Gilles Chehade about the OpenSMTPD project.  Amazing presentation that, on top of the technical challenges, shows how to manage such project across the years. Gilles is working on OpenSMTPD since 2007, thus 10 years !!!.  He explains the different decisions they took to make the software as simple as possible to use, but as secure as possible, too: privilege separation, chroot, pledge, random malloc, ? . The development starts on BSD systems, but once quite well known they received lot of contributions from Linux developers. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHoisting: lessons learned integrating pledge into 500 programs\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter a small break, I decide to listen to Theo de Raadt, the founder of OpenBSD. In his own style, with trekking boots, shorts, backpack.  Theo starts by saying that Pledge is the outcome of nightmares. Theo explains that the book called \u0026quot;Hacking blind\u0026quot; presenting the BROP has worried him since few years.  That\u0026#39;s why he developed Pledge as a tool killing a process as soon as possible when there is an unforeseen behavior of this program. For example, with Pledge a program which can only write to disk will be immediately killed if he tries to reach network.  By implementing Pledge in the +-500 programs present in the \u0026quot;base\u0026quot;, OpenBSD is becoming more secured and more robust.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy first EuroBSDCon was a great, interesting and cool event. I\u0026#39;ve discussed with several BSD enthusiasts. I\u0026#39;m using OpenBSD since 2010, but I\u0026#39;m not a developer, so I was worried to be \u0026quot;lost\u0026quot; in the middle of experts. In fact it was not the case. At EuroBSDCon you have many different type of enthusiasts BSD\u0026#39;s users. What is nice with the EuroBSDCon is that the organizers foresee everything for you. You just have to sit and listen. They foresee even how to spend, in a funny and very cool attitude, the evening of Saturday. \u0026gt; The small draw back is that all of this has a cost. In my case the whole weekend cost me a bit more than 500euro. Based on what I\u0026#39;ve learned, what I\u0026#39;ve saw this is very acceptable price. Nearly all presentations I saw give me a valuable input for my daily job.  For sure, the total price is also linked to my personal choice: hotel, parking.  And I\u0026#39;m surely biased because I\u0026#39;m used to go to the Fosdem in Brussels which cost nothing (entrance) and is approximately 45 minutes of my home. But Fosdem is not the same atmosphere and presentations are less linked to my daily job.\u003cbr\u003e\nI do not regret my trip to EuroBSDCon and will surely plan other ones.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.jwz.org/blog/2017/10/important-munitions-lawyering/\" rel=\"nofollow\"\u003eImportant munitions lawyering\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2018.asiabsdcon.org/\" rel=\"nofollow\"\u003eAsiaBSDCon 2018 CFP is now open, until December 15th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=hWnWEitDPlM\u0026feature=share\" rel=\"nofollow\"\u003eZSTD Compression for ZFS by Allan Jude\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_on_allwinner_socs_update\" rel=\"nofollow\"\u003eNetBSD on Allwinner SoCs Update\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0FKTJK3#wrap\" rel=\"nofollow\"\u003eTim - Creating Multi Boot USB sticks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1HY5MFB\" rel=\"nofollow\"\u003eNomen - ZFS Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3ZGNSK9#wrap\" rel=\"nofollow\"\u003eJJ - Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3TRXXN4\" rel=\"nofollow\"\u003eLars - Hardening Diffie-Hellman\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We take a look at two-faced Oracle, cover a FAMP installation, how Netflix works the complex stuff, and show you who the patron of yak shaving is.","date_published":"2017-11-29T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b3352064-ac33-44ac-98e5-88f7acdd5d0b.mp3","mime_type":"audio/mpeg","size_in_bytes":91743412,"duration_in_seconds":7645}]},{"id":"c223b460-2a15-4458-87f8-0f1b7e5947db","title":"221: BSD in Taiwan","url":"https://www.bsdnow.tv/221","content_text":"Allan reports on his trip to BSD Taiwan, new versions of Lumina and GhostBSD are here, a bunch of OpenBSD p2k17 hackathon reports.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nAllan’s Trip Report from BSD Taiwan\n\n\nBSD TW and Taiwan in general was a fun and interesting experience\nI arrived Thursday night and took the high speed train to Taipei main station, and then got on the Red line subway to the venue. The dorm rooms were on par with BSDCan, except the mattress was better.\nI spent Friday with a number of other FreeBSD developers doing touristy things. We went to Taipei 101, the world’s tallest building from 2004 - 2010. It also features the world’s fastest elevator (2004 - 2016), traveling at 60.6 km/h and transporting passengers from the 5th to 89th floor in 37 seconds.\nWe also got to see the “tuned mass damper”, a 660 tonne steel pendulum suspended between the 92nd and 87th floors. This device resists the swaying of the building caused by high winds. There are interesting videos on display beside the damper, of its reaction during recent typhoons and earthquakes. The Taipei 101 building sits just 200 meters from a major fault line.\nThen we had excellent dumplings for lunch\nAfter walking around the city for a few more hours, we retired to a pub to escape the heat of the sunny Friday afternoon.\nThen came the best part of each day in Taipei, dinner!\nWe continued our efforts to cause a nation wide shortage of dumplings\nSpecial thanks to Scott Tsai who took detailed notes for each of the presentations\nSaturday marked the start of the conference:\n\n\nArun Thomas provided background and then a rundown of what is happening with the RISC-V architecture. Notes\nGeorge Neville-Neil talked about using DTrace in distributed systems as an in-depth auditing system (who did what to whom and when). Notes\nBaptiste Daroussin presented Poudrière image, an extension of everyone’s favourite package building system, to build custom images of FreeBSD. There was discussion of making this generate ZFS based images as well, making it mesh very well with my talk the next day. Notes\nBrooks Davis presented his work on an API design for a replacement for mmap. It started with a history of address space management in the BSD family of operating systems going all the way back to the beginning. This overview of the feature and how it evolved filled in many gaps for me, and showed why the newer work would be beneficial. The motivation for the work includes further extensions to support the CHERI hardware platform. Notes\nJohannes M Dieterich gave an interesting presentation about using FreeBSD and GPU acceleration for high performance computing. One of the slides showed that amd64 has taken almost the entire market for the top 500 super computers, and that linux dominates the list, with only a few remaining non-linux systems. Sadly, at the supercomputing conference the next week, it was announced that linux has achieved 100% saturation of the top 500 super computers list. Johannes detailed the available tools, what ports are missing, what changes should be made to the base system (mostly OpenMP), and generally what FreeBSD needs to do to become a player in the supercomputer OS market. Johannes’ perspective is interesting, as he is a computational chemist, not a computer scientist. Those interested in improving the numerical libraries and GPU acceleration frameworks on FreeBSD should join the ports team. Notes\nThe final talk of the day was Peter Grehan, who spoke about how graphics support in bhyve came to be. He provided a history of how the feature evolved, and where it stands today. Notes\n\nAfterwards, we traveled as a group to a large restaurant for dinner. There was even Mongolian Vodka, provided by Ganbold Tsagaankhuu of the FreeBSD project.\nSunday:\n\n\nThe first talk of the day Sunday was mine. I presented “ZFS: Advanced Integration”, mostly talking about how boot environments work, and the new libbe and be(1) tools that my GSoC student Kyle Kneitinger created to manage them. I talked about how they can be used for laptop and developer systems, but also how boot environments can be used to replace nanobsd for appliances (as already done in FreeNAS and pfSense). I also presented about zfsbootcfg (zfs nextboot), and some future extensions to it to make it even more useful in appliance type workloads. I also provided a rundown of new developments out of the ZFS developer summit, two weeks previous. Notes\nTheo de Raadt presented “Mitigations and other real Security Features”, and made his case for changing to a ‘fail closed’ mode of interoperability. Computer’s cannot actually self heal, so lets stop pretending that they can. Notes\nRuslan Bukin talked about doing the port of FreeBSD for RISC-V and writing the Device Drivers. Ruslan walked through the process step by step, leading members of the audience to suggest he turn it into a developer’s handbook article, explaining how to do the initial bringup on new hardware. Ruslan also showed off a FreeBSD/MIPS board he designed himself and had manufactured in China.  Notes\nMariusz Zaborski presented Case studies on sandboxing the base system with Capsicum. He discussed the challenges encountered as existing programs are modified to sandbox them, and recent advancements in the debugging tools available during that process. Mariusz also discussed the Casper service at length, including the features that are planned for 2018 and onwards. Notes\nThe final presentation of the day was Mark Johnston on Memory Management Improvements in FreeBSD 12.0. This talk provided a very nice overview of the memory management system in FreeBSD, and then detailed some of the recent improvements.  Notes\nThe conference wrapped up with the Work-in-Progress session, including updates on: multi-device-at-once GELI attach, MP-safe networking on NetBSD, pkgsrc, NetBSD in general, BSD on Microsoft Azure, Mothra (send-pr for bugzilla), BSDMizer a machine learning compiler optimizer, Hyperledger Sawtooth (blockchain), and finally VIMAGE and pf testing on FreeBSD.\nNotes\n\nGroup Photo\nBSDTW was a great conference. They are still considering if it should be an annual thing, trade off every 2nd year with AsiaBSDCon, or something else. In order to continue, BSD Taiwan requires more organizers and volunteers. They have regular meetups in Taipei if you are interested in getting involved.\n***\n\n\nLumina 1.4.0 released\n\n\nThe Lumina Theme Engine (and associated configuration utility)\nThe Lumina theme engine is a new component of the “core” desktop, and provides enhanced theming capabilities for the desktop as well as all Qt5 applications. While it started out life as a fork of the “qt5ct” utility, it quickly grew all sorts of new features and functionality such as system-defined color profiles, modular theme components, and built-in editors/creators for all components. The backend of this engine is a standardized theme plugin for the Qt5 toolkit, so that all Qt5 applications will now present a unified appearance (if the application does not enforce a specific appearance/theme of it’s own). Users of the Lumina desktop will automatically have this plugin enabled: no special action is required.\n\n\nPlease note that the older desktop theme system for Lumina has been rendered obsolete by the new engine, but a settings-conversion path has already been implemented which should transition your current settings to the new engine the first time you login to Lumina 1.4.0. Custom themes for the older system may not be converted though, but it is trivial to copy/paste any custom stylesheets from the old system into the editor for the new theme engine to register/re-apply them as desired.\n\nLumina-Themes Repository\n\n\n\nI also want to give a shout-out to the trueos/lumina-themes github repository contributors. All of the wallpapers in the 1.4.0 screenshots I posted come from that package, and they are working on making more wallpapers, color palettes, and desktop styles for use with the Lumina Theme Engine. If your operating system does not currently provide a package for lumina-themes, I highly recommend that you make one as soon as possible!\n\n\n\nThe Lumina PDF Viewer (lumina-pdf)\n\n\nThis is a new, stand-alone desktop utility for viewing/printing/presenting PDF documents. It uses the poppler-qt5 library in the backend for rendering the document, but uses multi-threading in many ways (such as to speed up the loading of pages) to give the user a nice, streamlined utility for viewing PDF documents. There is also built-in presentation functionality which allows users to easily cast the document to a separate screen without mucking about in system menus or configuration utilities.\n\nLumina PDF Viewer (1.4.0)\n\n\nImportant Packaging Changes\n\n\n\n\nOne significant change of note for people who are packaging Lumina for their particular operating system is that the minimum supported versions of Qt for Lumina have been changed with this release:\n\nlumina-core: Qt 5.4+\nlumina-mediaplayer: Qt 5.7+\nEverything else: Qt 5.2+\n\n\nOf course, using the latest version of the Qt5 libraries is always recommended.\nWhen packaging for Linux distributions, the theme engine also requires the availability of some of the “-dev” packages for Qt itself when compiling the theme plugin. For additional information (specifically regarding Ubuntu builds), please take a look at a recent ticket on the Lumina repository.\n\n\nThe new lumina-pdf utility requires the availability of the “poppler-qt5” library. The includes for this library on Ubuntu 17.10 were found to be installed outside of the normal include directories, so a special rule for it was added to our OS-Detect file in the Lumina source tree. If your particular operating system also places the the poppler include files in a non-standard place, please patch that file or send us the information and we can add more special rules for your particular OS.\n\n\n\n\nOther Changes of Note (in no particular order)\n\n\nlumina-config:\nAdd a new page for changing audio theme (login, logout, low battery)\nAdd option to replace fluxbox with some other WM (with appropriate warnings)\nHave the “themes” page redirect to launching the Lumina theme engine configuration utility.\nstart-lumina-desktop:\nAuto-detect the active X11 displays and create a new display for the Lumina session (prevent conflict with prior graphical sessions).\nAdd a process-failure counter \u0026amp; restart mechanism. This is particularly useful for restarting Fluxbox from time to time (such as after any monitor addition/removal)\nlumina-xconfig:\nRestart fluxbox after making any monitor changes with xrandr. This ensures a more reliable session.\nImplement a  new 2D monitor layout mechanism. This allows for the placement of monitors anywhere in the X/Y plane, with simplification buttons for auto-tiling the monitors in each dimension based on their current location.\nAdd the ability to save/load monitor profiles.\nDistinguish between the “default” monitor arrangement and the “current” monitor arrangement. Allow the user to set the current arrangement as the new default.\nlumina-desktop:\nCompletely revamp the icon loading mechanisms so it should auto-update when the theme changes.\nSpeed up the initialization of the desktop quite a bit.\nPrevent loading/probing files in the “/net/” path for existence (assume they exist in the interest of providing shortcuts). On FreeBSD, these are special paths that actually pause the calling process in order to mount/load a network share before resuming the process, and can cause significant “hangs” in the desktop process.\nAdd the ability to take a directory as a target for the wallpaper. This will open/probe the directory for any existing image files that it can use as a wallpaper and randomly select one.\nRemove the popup dialog prompting about system updates, and replace it with new “Restart (with updates)” buttons on the appropriate menus/windows instead.\nIf no wallpapers selection is provided, try to use the “lumina-nature” wallpaper directory as the default, otherwise fall back on the original default wallpaper if the “lumina-themes” package is not installed.\nlumina-open:\nMake the *.desktop parsing a bit more flexible regarding quoted strings where there should not be any.\nIf selecting which application to use, only overwrite the user-default app if the option is explicitly selected.\nlumina-fileinfo:\nSignificant cleanup of this utility. Now it can be reliably used for creating/registering XDG application shortcuts.\nAdd a whole host of new ZFS integrations:\nIf a ZFS dataset is being examined, show all the ZFS properties for that dataset.\nIf the file being examined exists within ZFS snapshots, show all the snapshots of the file\n\nlumina-fm:\n\n\nSignificant use of additional multi-threading. Makes the loading of directories much faster (particularly ones with image files which need thumbnails)\nAdd detection/warning when running as root user. Also add an option to launch a new instance of lumina-fm as the root user.\n[FreeBSD/TrueOS] Fix up the detection of the “External Devices” list to also list available devices for the autofs system.\nFix up some drag and drop functionality.\nExpose the creation, extraction, and insertion of files into archives (requires lumina-archiver at runtime)\nExpand the “Open With” option into a menu of application suggestions in addition to the “Other” option which runs “lumina-open” to find an application.\nProvide an option to set the desktop wallpaper to the selected image file(s). (If the running desktop session is Lumina).\n\nlumina-mediaplayer:\n\n\nEnable the ability to playback local video files. (NOTE: If Qt5 is set to use the gstreamer multimedia backend, make sure you have the “GL” plugin installed for smooth video playback).\n\nlumina-archiver:\n\n\nAdd CLI flags for auto-archive and auto-extract. This allows for programmatic/scriptable interactions with archives.\nThat is not mentioning all of the little bugfixes, performance tweaks, and more that are also included in this release.\n***\n\n\n\nThe strongest KASLR, ever?\n\n\nRe: amd64: kernel aslr support\n\n\n\nSo, I did it. Now the kernel sections are split in sub-blocks, and are all randomized independently. See my drawing [1]. What it means in practice, is that Kernel ASLR is much more difficult to defeat: a cache attack will at most allow you to know that a given range is mapped as executable for example, but you don't know which sub-block of .text it is; a kernel pointer leak will at most allow you to reconstruct the layout of one sub-block, but you don't know the layout and address of the remaining blocks, and there can be many.\nThe size and number of these blocks is controlled by the split-by-file parameter in Makefile.amd64. Right now it is set to 2MB, which produces a kernel with ~23 allocatable (ie useful at runtime) sections, which is a third of the total number supported (BTSPACE_NSEGS = 64). I will probably reduce this parameter a bit in the future, to 1.5MB, or even 1MB.\nAll of that leaves us with about the most advanced KASLR implementation available out there. There are ways to improve it even more, but you'll have to wait a few weeks for that.\n If you want to try it out you need to make sure you have the latest versions of GENERIC_KASLR / prekern / bootloader. The instructions are still here, and haven't changed.\n\n\n\nInitial design\n\n\n\nAs I said in the previous episode, I added in October a Kernel ASLR implementation in NetBSD for 64bit x86 CPUs. This implementation would randomize the location of the kernel in virtual memory as one block: a random VA would be chosen, and the kernel ELF sections would be mapped contiguously starting from there.\nThis design had several drawbacks: one leak, or one successful cache attack, could be enough to reconstruct the layout of the entire kernel and defeat KASLR.\nNetBSD’s new KASLR design significantly improves this situation.\n\n\n\nNew design\n\n\n\nIn the new design, each kernel ELF section is randomized independently. That is to say, the base addresses of .text, .rodata, .data and .bss are not correlated. KASLR is already at this stage more difficult to defeat, since you would need a leak or cache attack on each of the kernel sections in order to reconstruct the in-memory kernel layout.\nThen, starting from there, several techniques are used to strengthen the implementation even more.\n\n\n\nSub-blocks\n\n\n\nThe kernel ELF sections are themselves split in sub-blocks of approximately 1MB. The kernel therefore goes from having:\n\n    { .text .rodata .data .bss }\n\n\nto having\n\n    { .text .text.0 .text.1 ... .text.i .rodata .rodata.0 ... .rodata.j ... .data ...etc }\n\n\nAs of today, this produces a kernel with ~33 sections, each of which is mapped at a random address and in a random order.\nThis implies that there can be dozens of .text segments. Therefore, even if you are able to conduct a cache attack and determine that a given range of memory is mapped as executable, you don’t know which sub-block of .text it is. If you manage to obtain a kernel pointer via a leak, you can at most guess the address of the section it finds itself in, but you don’t know the layout of the remaining 32 sections. In other words, defeating this KASLR implementation is much more complicated than in the initial design.\n\n\n\nHigher entropy\n\n\n\nEach section is put in a 2MB-sized physical memory chunk. Given that the sections are 1MB in size, this leaves half of the 2MB chunk unused. Once in control, the prekern shifts the section within the chunk using a random offset, aligned to the ELF alignment constraint. This offset has a maximum value of 1MB, so that once shifted the section still resides in its initial 2MB chunk:\nThe prekern then maps these 2MB physical chunks at random virtual addresses; but addresses aligned to 2MB. For example, the two sections in Fig. A will be mapped at two distinct VAs:\nThere is a reason the sections are shifted in memory: it offers higher entropy. If we consider a .text.i section with a 64byte ELF alignment constraint, and give a look at the number of possibilities for the location of the section in memory:\nThe prekern shifts the 1MB section in its 2MB chunk, with an offset aligned to 64 bytes. So there are (2MB-1MB)/(64B)=214 possibilities for the offset.\nThen, the prekern uses a 2MB-sized 2MB-aligned range of VA, chosen in a 2GB window. So there are (2GB-2MB)/(2MB)=210-1 possibilities for the VA.\nTherefore, there are 214x(210-1)˜224 possible locations for the section. As a comparison with other systems:\n\nOS  # of possibilities\nLinux   2^6\nMacOS   2^8\nWindows 2^13\nNetBSD  2^24\n\n\nOf course, we are talking about one .text.i section here; the sections that will be mapped afterwards will have fewer location possibilities because some slots will be already occupied. However, this does not alter the fact that the resulting entropy is still higher than that of the other implementations. Note also that several sections have an alignment constraint smaller than 64 bytes, and that in such cases the entropy is even higher.\n\n\n\nLarge pages\n\n\n\nThere is also a reason we chose to use 2MB-aligned 2MB-sized ranges of VAs: when the kernel is in control and initializes itself, it can now use large pages to map the physical 2MB chunks. This greatly improves memory access performance at the CPU level.\n\n\n\nCountermeasures against TLB cache attacks\n\n\n\nWith the memory shift explained above, randomness is therefore enforced at both the physical and virtual levels: the address of the first page of a section does not equal the address of the section itself anymore.\nIt has, as a side effect, an interesting property: it can mostly mitigate TLB cache attacks. Such attacks operate at the virtual-page level; they will allow you to know that a given large page is mapped as executable, but you don’t know where exactly within that page the section actually begins.\n\n\n\nStrong?\n\n\n\nThis KASLR implementation, which splits the kernel in dozens of sub-blocks, randomizes them independently, while at the same time allowing for higher entropy in a way that offers large page support and some countermeasures against TLB cache attacks, appears to be the most advanced KASLR implementation available publicly as of today. \nFeel free to prove me wrong, I would be happy to know!\n\n\n\nWIP\n\n\n\nEven if it is in a functional state, this implementation is still a work in progress, and some of the issues mentioned in the previous blog post haven't been addressed yet. But feel free to test it and report any issue you encounter. Instructions on how to use this implementation can still be found in the previous blog post, and haven’t changed since.\nSee you in the next episode!\n\n\n\n\nNews Roundup\n\nGhostBSD 11.1 Finally Ready and Available!\n\n\nScreenshots\n\n\n\nAfter a year of development, testing, debugging and working on our software package repository, we are pleased to announce the release of GhostBSD 11.1 is now available on 64-bit(amd64) architecture with MATE and XFCE Desktop on direct and torrent download. With 11.1 we drop 32-bit i386 supports, and we currently maintain our software packages repository for more stability.\n\n\n\nWhat's new on GhostBSD 11.1\n\n\nGhostBSD software repository\nSupport VMware Workstation Guest Features\nNew UFS full disk mirroring option on the installer\nNew UFS full disk MBR and GPT option on the installer\nNew UFS full disk swap size option on the installer\nWhisker Menu as default Application menu on XFCE\nAll software developed by GhostBSD is now getting updated\nZFS configuration for disk\n\nWhat has been fixed on 11.1?\n\n\nFix XFCE sound plugin\nInstaller ZFS configuration file setting\nInstaller ZFS setup appears to be incomplete\nThe installer was not listing ZFS disk correctly.\nThe installer The partition list was not deleted when pressing back\nXFCE and MATE shutdown/suspend/hibernate randomly missing\nClicking 'GhostBSD Bugs' item in the Main menu -\u0026gt; 'System Tools' brings up 'Server not found' page\nXFCE installation - incorrect keyboard layout\nLocale setting not filling correctly\nUpdate Station tray icon\n\nThe image checksum's, hybrid ISO(DVD, USB) images are available at GhostBSD.\n***\n\n\np2k17 Hackathon Reports\n\n\np2k17 Hackathon Report: Matthias Kilian on xpdf, haskell, and more\np2k17 Hackathon Report: Herzliche grusse vom Berlin (espie@ on mandoc, misc packages progress)\np2k17 Hackathon Report: Paul Irofti (pirofti@) on hotplugd(8), math ports, xhci(4) and other kernel advancements\np2k17 Hackathon report: Jeremy Evans on ruby progress, postgresql and webdriver work\np2k17 Hackathon report: Christian Weisgerber on random devices, build failures and gettext\np2k17 Hackathon report: Sebastian Reitenbach on Puppet progress\np2k17 Hackathon Report: Anthony J. Bentley on firmware, games and securing pkg_add runs\np2k17 Hackathon Report: Landry Breuil on Mozilla things and much more\np2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more\np2k17 Hackathon report: Antoine Jacoutot on ports+packages progress\n***\n\n\nTrueOS Talks\n\n\nTech and Open Source at Pellissippi State\n\n\n\nKen Moore of the TrueOS project presented a talk to the AITP group at Pellissippi State today entitled “It’s A Unix(-like) system? An Introduction to TrueOS and Open source”. Joshua Smith of the TrueOS project was also in attendance. \nWe were happy to see a good attendance of about 40 individuals that came to hear more about TrueOS and how we continue to innovate along with the FreeBSD project. Many good questions were raised about development, snapshots, cryptocurrency, and cyber-security. We’ve included a copy of the slides if you’d like to have a look at the talk on open source. We’d like to offer a sincere thanks to everyone who attended and offer an extended invitation for you to join us at our KnoxBUG group on October 30th @ the iXsystems offices! We hope to see you soon!\n\n\n\nOpen Source Talk – Slideshare PDF\nKnoxBug - Lumina Rising : Challenging Desktop Orthodoxy\nKen gave his talk about the new Lumina 2.0 Window Manager that he gave at Ohio LinuxFest 2017\nKnoxBUG October 2017\n(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy\n***\n\n\nOfficial OpenBSD 6.2 CD set - the only one to be made!\n\n\nOur dear friend Bob Beck (beck@) writes:\n\n\n\nSo, again this release the tradition of making Theo do art has continued!\nUp for sale by auction to the highest bidder on Ebay is the only OpenBSD 6.2 CD set to be produced.\nThe case and CD's feature the 6.2 artwork, custom drawn and signed by Theo.\nAll proceeds to support OpenBSD\nGo have a look at the auction\n\n\n\nAs with previous OpenBSD auctions, if you are not the successful bidder, we would like to encourage you to donate the equivalent of you highest bid to the project.\nThe Auction\n***\n\n\nBeastie Bits\n\n\nHAMMER2 userspace on Linux\nOpenBSD Porting Workshop (now changed to January 3, 2018)\nMatt Ahrens on when Native Encryption for ZFS will land\nThe first successful build of OpenBSD base system\nKnoxBug November Meeting\nAbsolute FreeBSD, 3rd Edition, pre-orders available\n\n\nFeedback/Questions\n\n\nJon - Jails and Networking\nNathan - bhyve Provisioning\nLian - OpenSSL jumping the Shark\nKim - Suggestions\n***\n","content_html":"\u003cp\u003eAllan reports on his trip to BSD Taiwan, new versions of Lumina and GhostBSD are here, a bunch of OpenBSD p2k17 hackathon reports.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdtw.org/\" rel=\"nofollow\"\u003eAllan’s Trip Report from BSD Taiwan\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD TW and Taiwan in general was a fun and interesting experience\u003c/li\u003e\n\u003cli\u003eI arrived Thursday night and took the high speed train to Taipei main station, and then got on the Red line subway to the venue. The dorm rooms were on par with BSDCan, except the mattress was better.\u003c/li\u003e\n\u003cli\u003eI spent Friday with a number of other FreeBSD developers doing touristy things. We went to Taipei 101, the world’s tallest building from 2004 - 2010. It also features the world’s fastest elevator (2004 - 2016), traveling at 60.6 km/h and transporting passengers from the 5th to 89th floor in 37 seconds.\u003c/li\u003e\n\u003cli\u003eWe also got to see the “tuned mass damper”, a 660 tonne steel pendulum suspended between the 92nd and 87th floors. This device resists the swaying of the building caused by high winds. There are interesting videos on display beside the damper, of its reaction during recent typhoons and earthquakes. The Taipei 101 building sits just 200 meters from a major fault line.\u003c/li\u003e\n\u003cli\u003eThen we had excellent dumplings for lunch\u003c/li\u003e\n\u003cli\u003eAfter walking around the city for a few more hours, we retired to a pub to escape the heat of the sunny Friday afternoon.\u003c/li\u003e\n\u003cli\u003eThen came the best part of each day in Taipei, dinner!\u003c/li\u003e\n\u003cli\u003eWe continued our efforts to cause a nation wide shortage of dumplings\u003c/li\u003e\n\u003cli\u003eSpecial thanks to \u003ca href=\"https://twitter.com/scottttw\" rel=\"nofollow\"\u003eScott Tsai\u003c/a\u003e who took detailed notes for each of the presentations\u003c/li\u003e\n\u003cli\u003eSaturday marked the start of the conference:\n\n\u003cul\u003e\n\u003cli\u003eArun Thomas provided background and then a rundown of what is happening with the RISC-V architecture. \u003ca href=\"https://docs.google.com/document/d/1yrnhNTHaMDr4DG-iviXN0O9NES9Lmlc7sWVQhnios6g/edit#heading=h.kcm1n3yzl35q\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeorge Neville-Neil talked about using DTrace in distributed systems as an in-depth auditing system (who did what to whom and when). \u003ca href=\"https://docs.google.com/document/d/1qut6tMVF8NesrGHd6bydLDN-aKBdXMgHx8Vp3_iGKjQ/edit#heading=h.qdghsgk1bgtl\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBaptiste Daroussin presented Poudrière image, an extension of everyone’s favourite package building system, to build custom images of FreeBSD. There was discussion of making this generate ZFS based images as well, making it mesh very well with my talk the next day. \u003ca href=\"https://docs.google.com/document/d/1LceXj8IWJeTRHp9KzOYy8tpM00Fzt7fSN0Gw83B9COE/edit#heading=h.incfzi6bnzxr\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrooks Davis presented his work on an API design for a replacement for mmap. It started with a history of address space management in the BSD family of operating systems going all the way back to the beginning. This overview of the feature and how it evolved filled in many gaps for me, and showed why the newer work would be beneficial. The motivation for the work includes further extensions to support the CHERI hardware platform. \u003ca href=\"https://docs.google.com/document/d/1LceXj8IWJeTRHp9KzOYy8tpM00Fzt7fSN0Gw83B9COE/edit#heading=h.incfzi6bnzxr\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohannes M Dieterich gave an interesting presentation about using FreeBSD and GPU acceleration for high performance computing. One of the slides showed that amd64 has taken almost the entire market for the top 500 super computers, and that linux dominates the list, with only a few remaining non-linux systems. Sadly, at the supercomputing conference the next week, it was announced that linux has achieved 100% saturation of the top 500 super computers list. Johannes detailed the available tools, what ports are missing, what changes should be made to the base system (mostly OpenMP), and generally what FreeBSD needs to do to become a player in the supercomputer OS market. Johannes’ perspective is interesting, as he is a computational chemist, not a computer scientist. Those interested in improving the numerical libraries and GPU acceleration frameworks on FreeBSD should join the ports team. \u003ca href=\"https://docs.google.com/document/d/1uaJiqtPk8WetST6_GnQwIV49bj790qx7ToY2BHC9zO4/edit#heading=h.nvsz1n6w3gyq\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe final talk of the day was Peter Grehan, who spoke about how graphics support in bhyve came to be. He provided a history of how the feature evolved, and where it stands today. \u003ca href=\"https://docs.google.com/document/d/1LqJQJUwdUwWZ0n5KwCH1vNI8jiWGJlI1j0It3mERN80/edit#heading=h.sgeixwgz7bjs\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAfterwards, we traveled as a group to a large restaurant for dinner. There was even Mongolian Vodka, provided by Ganbold Tsagaankhuu of the FreeBSD project.\u003c/li\u003e\n\u003cli\u003eSunday:\n\n\u003cul\u003e\n\u003cli\u003eThe first talk of the day Sunday was mine. I presented “ZFS: Advanced Integration”, mostly talking about how boot environments work, and the new libbe and be(1) tools that my GSoC student Kyle Kneitinger created to manage them. I talked about how they can be used for laptop and developer systems, but also how boot environments can be used to replace nanobsd for appliances (as already done in FreeNAS and pfSense). I also presented about zfsbootcfg (zfs nextboot), and some future extensions to it to make it even more useful in appliance type workloads. I also provided a rundown of new developments out of the ZFS developer summit, two weeks previous. \u003ca href=\"https://docs.google.com/document/d/1Blh3Dulf0O91A0mwv34UnIgxRZaS_0FU2lZ41KRQoOU/edit#heading=h.gypim387e8hy\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTheo de Raadt presented “Mitigations and other real Security Features”, and made his case for changing to a ‘fail closed’ mode of interoperability. Computer’s cannot actually self heal, so lets stop pretending that they can. \u003ca href=\"https://docs.google.com/document/d/1fFHzlxJjbHPsV9t_Uh3PXZnXmkapAK5RkJsfaHki7kc/edit#heading=h.192e4lmbl70c\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRuslan Bukin talked about doing the port of FreeBSD for RISC-V and writing the Device Drivers. Ruslan walked through the process step by step, leading members of the audience to suggest he turn it into a developer’s handbook article, explaining how to do the initial bringup on new hardware. Ruslan also showed off a FreeBSD/MIPS board he designed himself and had manufactured in China.  \u003ca href=\"https://docs.google.com/document/d/1kRhRr3O3lQ-0dS0kYF0oh_S0_zFufEwrdFjG1QLyk8Y/edit#heading=h.293mameym7w1\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMariusz Zaborski presented Case studies on sandboxing the base system with Capsicum. He discussed the challenges encountered as existing programs are modified to sandbox them, and recent advancements in the debugging tools available during that process. Mariusz also discussed the Casper service at length, including the features that are planned for 2018 and onwards. \u003ca href=\"https://docs.google.com/document/d/1_0BpAE1jGr94taUlgLfSWlJOYU5II9o7Y3ol0ym1eZQ/edit#heading=h.xm9mh7dh6bay\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe final presentation of the day was Mark Johnston on Memory Management Improvements in FreeBSD 12.0. This talk provided a very nice overview of the memory management system in FreeBSD, and then detailed some of the recent improvements.  \u003ca href=\"https://docs.google.com/document/d/1gFQXxsHM66GQGMO4-yoeFRTcmOP4NK_ujVFHIQJi82U/edit#heading=h.uirc9jyyti7w\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe conference wrapped up with the Work-in-Progress session, including updates on: multi-device-at-once GELI attach, MP-safe networking on NetBSD, pkgsrc, NetBSD in general, BSD on Microsoft Azure, Mothra (send-pr for bugzilla), BSDMizer a machine learning compiler optimizer, Hyperledger Sawtooth (blockchain), and finally VIMAGE and pf testing on FreeBSD.\n\u003ca href=\"https://docs.google.com/document/d/1miHZEPrqrpCTh8JONmUKWDPYUmTuG2lbsVrWDtekvLc/edit#heading=h.orhedpjis5po\" rel=\"nofollow\"\u003eNotes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://pbs.twimg.com/media/DOh1txnVoAAFKAa.jpg:large\" rel=\"nofollow\"\u003eGroup Photo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBSDTW was a great conference. They are still considering if it should be an annual thing, trade off every 2nd year with AsiaBSDCon, or something else. In order to continue, BSD Taiwan requires more organizers and volunteers. They have regular meetups in Taipei if you are interested in getting involved.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/version-1-4-0-released/\" rel=\"nofollow\"\u003eLumina 1.4.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Lumina Theme Engine (and associated configuration utility)\u003c/li\u003e\n\u003cli\u003eThe Lumina theme engine is a new component of the “core” desktop, and provides enhanced theming capabilities for the desktop as well as all Qt5 applications. While it started out life as a fork of the “qt5ct” utility, it quickly grew all sorts of new features and functionality such as system-defined color profiles, modular theme components, and built-in editors/creators for all components. The backend of this engine is a standardized theme plugin for the Qt5 toolkit, so that all Qt5 applications will now present a unified appearance (if the application does not enforce a specific appearance/theme of it’s own). Users of the Lumina desktop will automatically have this plugin enabled: no special action is required.\n\n\u003cul\u003e\n\u003cli\u003ePlease note that the older desktop theme system for Lumina has been rendered obsolete by the new engine, but a settings-conversion path has already been implemented which should transition your current settings to the new engine the first time you login to Lumina 1.4.0. Custom themes for the older system may not be converted though, but it is trivial to copy/paste any custom stylesheets from the old system into the editor for the new theme engine to register/re-apply them as desired.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLumina-Themes Repository\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI also want to give a shout-out to the trueos/lumina-themes github repository contributors. All of the wallpapers in the 1.4.0 screenshots I posted come from that package, and they are working on making more wallpapers, color palettes, and desktop styles for use with the Lumina Theme Engine. If your operating system does not currently provide a package for lumina-themes, I highly recommend that you make one as soon as possible!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThe Lumina PDF Viewer (lumina-pdf)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a new, stand-alone desktop utility for viewing/printing/presenting PDF documents. It uses the poppler-qt5 library in the backend for rendering the document, but uses multi-threading in many ways (such as to speed up the loading of pages) to give the user a nice, streamlined utility for viewing PDF documents. There is also built-in presentation functionality which allows users to easily cast the document to a separate screen without mucking about in system menus or configuration utilities.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLumina PDF Viewer (1.4.0)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eImportant Packaging Changes\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne significant change of note for people who are packaging Lumina for their particular operating system is that the minimum supported versions of Qt for Lumina have been changed with this release:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003elumina-core: Qt 5.4+\nlumina-mediaplayer: Qt 5.7+\nEverything else: Qt 5.2+\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eOf course, using the latest version of the Qt5 libraries is always recommended.\u003cbr\u003e\nWhen packaging for Linux distributions, the theme engine also requires the availability of some of the “-dev” packages for Qt itself when compiling the theme plugin. For additional information (specifically regarding Ubuntu builds), please take a look at a recent ticket on the Lumina repository.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe new lumina-pdf utility requires the availability of the “poppler-qt5” library. The includes for this library on Ubuntu 17.10 were found to be installed outside of the normal include directories, so a special rule for it was added to our OS-Detect file in the Lumina source tree. If your particular operating system also places the the poppler include files in a non-standard place, please patch that file or send us the information and we can add more special rules for your particular OS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOther Changes of Note (in no particular order)\n\n\u003cul\u003e\n\u003cli\u003elumina-config:\u003c/li\u003e\n\u003cli\u003eAdd a new page for changing audio theme (login, logout, low battery)\u003c/li\u003e\n\u003cli\u003eAdd option to replace fluxbox with some other WM (with appropriate warnings)\u003c/li\u003e\n\u003cli\u003eHave the “themes” page redirect to launching the Lumina theme engine configuration utility.\u003c/li\u003e\n\u003cli\u003estart-lumina-desktop:\u003c/li\u003e\n\u003cli\u003eAuto-detect the active X11 displays and create a new display for the Lumina session (prevent conflict with prior graphical sessions).\u003c/li\u003e\n\u003cli\u003eAdd a process-failure counter \u0026amp; restart mechanism. This is particularly useful for restarting Fluxbox from time to time (such as after any monitor addition/removal)\u003c/li\u003e\n\u003cli\u003elumina-xconfig:\u003c/li\u003e\n\u003cli\u003eRestart fluxbox after making any monitor changes with xrandr. This ensures a more reliable session.\u003c/li\u003e\n\u003cli\u003eImplement a  new 2D monitor layout mechanism. This allows for the placement of monitors anywhere in the X/Y plane, with simplification buttons for auto-tiling the monitors in each dimension based on their current location.\u003c/li\u003e\n\u003cli\u003eAdd the ability to save/load monitor profiles.\u003c/li\u003e\n\u003cli\u003eDistinguish between the “default” monitor arrangement and the “current” monitor arrangement. Allow the user to set the current arrangement as the new default.\u003c/li\u003e\n\u003cli\u003elumina-desktop:\u003c/li\u003e\n\u003cli\u003eCompletely revamp the icon loading mechanisms so it should auto-update when the theme changes.\u003c/li\u003e\n\u003cli\u003eSpeed up the initialization of the desktop quite a bit.\u003c/li\u003e\n\u003cli\u003ePrevent loading/probing files in the “/net/” path for existence (assume they exist in the interest of providing shortcuts). On FreeBSD, these are special paths that actually pause the calling process in order to mount/load a network share before resuming the process, and can cause significant “hangs” in the desktop process.\u003c/li\u003e\n\u003cli\u003eAdd the ability to take a directory as a target for the wallpaper. This will open/probe the directory for any existing image files that it can use as a wallpaper and randomly select one.\u003c/li\u003e\n\u003cli\u003eRemove the popup dialog prompting about system updates, and replace it with new “Restart (with updates)” buttons on the appropriate menus/windows instead.\u003c/li\u003e\n\u003cli\u003eIf no wallpapers selection is provided, try to use the “lumina-nature” wallpaper directory as the default, otherwise fall back on the original default wallpaper if the “lumina-themes” package is not installed.\u003c/li\u003e\n\u003cli\u003elumina-open:\u003c/li\u003e\n\u003cli\u003eMake the *.desktop parsing a bit more flexible regarding quoted strings where there should not be any.\u003c/li\u003e\n\u003cli\u003eIf selecting which application to use, only overwrite the user-default app if the option is explicitly selected.\u003c/li\u003e\n\u003cli\u003elumina-fileinfo:\u003c/li\u003e\n\u003cli\u003eSignificant cleanup of this utility. Now it can be reliably used for creating/registering XDG application shortcuts.\u003c/li\u003e\n\u003cli\u003eAdd a whole host of new ZFS integrations:\u003c/li\u003e\n\u003cli\u003eIf a ZFS dataset is being examined, show all the ZFS properties for that dataset.\u003c/li\u003e\n\u003cli\u003eIf the file being examined exists within ZFS snapshots, show all the snapshots of the file\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003elumina-fm:\n\n\u003cul\u003e\n\u003cli\u003eSignificant use of additional multi-threading. Makes the loading of directories much faster (particularly ones with image files which need thumbnails)\u003c/li\u003e\n\u003cli\u003eAdd detection/warning when running as root user. Also add an option to launch a new instance of lumina-fm as the root user.\u003c/li\u003e\n\u003cli\u003e[FreeBSD/TrueOS] Fix up the detection of the “External Devices” list to also list available devices for the autofs system.\u003c/li\u003e\n\u003cli\u003eFix up some drag and drop functionality.\u003c/li\u003e\n\u003cli\u003eExpose the creation, extraction, and insertion of files into archives (requires lumina-archiver at runtime)\u003c/li\u003e\n\u003cli\u003eExpand the “Open With” option into a menu of application suggestions in addition to the “Other” option which runs “lumina-open” to find an application.\u003c/li\u003e\n\u003cli\u003eProvide an option to set the desktop wallpaper to the selected image file(s). (If the running desktop session is Lumina).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003elumina-mediaplayer:\n\n\u003cul\u003e\n\u003cli\u003eEnable the ability to playback local video files. (NOTE: If Qt5 is set to use the gstreamer multimedia backend, make sure you have the “GL” plugin installed for smooth video playback).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003elumina-archiver:\n\n\u003cul\u003e\n\u003cli\u003eAdd CLI flags for auto-archive and auto-extract. This allows for programmatic/scriptable interactions with archives.\u003c/li\u003e\n\u003cli\u003eThat is not mentioning all of the little bugfixes, performance tweaks, and more that are also included in this release.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever\" rel=\"nofollow\"\u003eThe strongest KASLR, ever?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/tech-kern/2017/11/14/msg022594.html\" rel=\"nofollow\"\u003eRe: amd64: kernel aslr support\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo, I did it. Now the kernel sections are split in sub-blocks, and are all randomized independently. See my drawing [1]. What it means in practice, is that Kernel ASLR is much more difficult to defeat: a cache attack will at most allow you to know that a given range is mapped as executable for example, but you don\u0026#39;t know which sub-block of .text it is; a kernel pointer leak will at most allow you to reconstruct the layout of one sub-block, but you don\u0026#39;t know the layout and address of the remaining blocks, and there can be many.\u003cbr\u003e\nThe size and number of these blocks is controlled by the split-by-file parameter in Makefile.amd64. Right now it is set to 2MB, which produces a kernel with ~23 allocatable (ie useful at runtime) sections, which is a third of the total number supported (BTSPACE_NSEGS = 64). I will probably reduce this parameter a bit in the future, to 1.5MB, or even 1MB.\u003cbr\u003e\nAll of that leaves us with about the most advanced KASLR implementation available out there. There are ways to improve it even more, but you\u0026#39;ll have to wait a few weeks for that.\u003cbr\u003e\n If you want to try it out you need to make sure you have the latest versions of GENERIC_KASLR / prekern / bootloader. The instructions are still here, and haven\u0026#39;t changed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInitial design\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs I said in the previous episode, I added in October a Kernel ASLR implementation in NetBSD for 64bit x86 CPUs. This implementation would randomize the location of the kernel in virtual memory as one block: a random VA would be chosen, and the kernel ELF sections would be mapped contiguously starting from there.\u003cbr\u003e\nThis design had several drawbacks: one leak, or one successful cache attack, could be enough to reconstruct the layout of the entire kernel and defeat KASLR.\u003cbr\u003e\nNetBSD’s new KASLR design significantly improves this situation.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew design\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the new design, each kernel ELF section is randomized independently. That is to say, the base addresses of .text, .rodata, .data and .bss are not correlated. KASLR is already at this stage more difficult to defeat, since you would need a leak or cache attack on each of the kernel sections in order to reconstruct the in-memory kernel layout.\u003cbr\u003e\nThen, starting from there, several techniques are used to strengthen the implementation even more.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSub-blocks\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe kernel ELF sections are themselves split in sub-blocks of approximately 1MB. The kernel therefore goes from having:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e    { .text .rodata .data .bss }\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eto having\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e    { .text .text.0 .text.1 ... .text.i .rodata .rodata.0 ... .rodata.j ... .data ...etc }\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eAs of today, this produces a kernel with ~33 sections, each of which is mapped at a random address and in a random order.\u003cbr\u003e\nThis implies that there can be dozens of .text segments. Therefore, even if you are able to conduct a cache attack and determine that a given range of memory is mapped as executable, you don’t know which sub-block of .text it is. If you manage to obtain a kernel pointer via a leak, you can at most guess the address of the section it finds itself in, but you don’t know the layout of the remaining 32 sections. In other words, defeating this KASLR implementation is much more complicated than in the initial design.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHigher entropy\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEach section is put in a 2MB-sized physical memory chunk. Given that the sections are 1MB in size, this leaves half of the 2MB chunk unused. Once in control, the prekern shifts the section within the chunk using a random offset, aligned to the ELF alignment constraint. This offset has a maximum value of 1MB, so that once shifted the section still resides in its initial 2MB chunk:\u003cbr\u003e\nThe prekern then maps these 2MB physical chunks at random virtual addresses; but addresses aligned to 2MB. For example, the two sections in Fig. A will be mapped at two distinct VAs:\u003cbr\u003e\nThere is a reason the sections are shifted in memory: it offers higher entropy. If we consider a .text.i section with a 64byte ELF alignment constraint, and give a look at the number of possibilities for the location of the section in memory:\u003cbr\u003e\nThe prekern shifts the 1MB section in its 2MB chunk, with an offset aligned to 64 bytes. So there are (2MB-1MB)/(64B)=214 possibilities for the offset.\u003cbr\u003e\nThen, the prekern uses a 2MB-sized 2MB-aligned range of VA, chosen in a 2GB window. So there are (2GB-2MB)/(2MB)=210-1 possibilities for the VA.\u003cbr\u003e\nTherefore, there are 214x(210-1)˜224 possible locations for the section. As a comparison with other systems:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eOS  # of possibilities\nLinux   2^6\nMacOS   2^8\nWindows 2^13\nNetBSD  2^24\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eOf course, we are talking about one .text.i section here; the sections that will be mapped afterwards will have fewer location possibilities because some slots will be already occupied. However, this does not alter the fact that the resulting entropy is still higher than that of the other implementations. Note also that several sections have an alignment constraint smaller than 64 bytes, and that in such cases the entropy is even higher.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLarge pages\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is also a reason we chose to use 2MB-aligned 2MB-sized ranges of VAs: when the kernel is in control and initializes itself, it can now use large pages to map the physical 2MB chunks. This greatly improves memory access performance at the CPU level.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCountermeasures against TLB cache attacks\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the memory shift explained above, randomness is therefore enforced at both the physical and virtual levels: the address of the first page of a section does not equal the address of the section itself anymore.\u003cbr\u003e\nIt has, as a side effect, an interesting property: it can mostly mitigate TLB cache attacks. Such attacks operate at the virtual-page level; they will allow you to know that a given large page is mapped as executable, but you don’t know where exactly within that page the section actually begins.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eStrong?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis KASLR implementation, which splits the kernel in dozens of sub-blocks, randomizes them independently, while at the same time allowing for higher entropy in a way that offers large page support and some countermeasures against TLB cache attacks, appears to be the most advanced KASLR implementation available publicly as of today. \u003cbr\u003e\nFeel free to prove me wrong, I would be happy to know!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWIP\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEven if it is in a functional state, this implementation is still a work in progress, and some of the issues mentioned in the previous blog post haven\u0026#39;t been addressed yet. But feel free to test it and report any issue you encounter. Instructions on how to use this implementation can still be found in the previous blog post, and haven’t changed since.\u003cbr\u003e\nSee you in the next episode!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.ghostbsd.org/11.1_release_announcement\" rel=\"nofollow\"\u003eGhostBSD 11.1 Finally Ready and Available!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://imgur.com/a/Mu8xk\" rel=\"nofollow\"\u003eScreenshots\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter a year of development, testing, debugging and working on our software package repository, we are pleased to announce the release of GhostBSD 11.1 is now available on 64-bit(amd64) architecture with MATE and XFCE Desktop on direct and torrent download. With 11.1 we drop 32-bit i386 supports, and we currently maintain our software packages repository for more stability.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat\u0026#39;s new on GhostBSD 11.1\n\n\u003cul\u003e\n\u003cli\u003eGhostBSD software repository\u003c/li\u003e\n\u003cli\u003eSupport VMware Workstation Guest Features\u003c/li\u003e\n\u003cli\u003eNew UFS full disk mirroring option on the installer\u003c/li\u003e\n\u003cli\u003eNew UFS full disk MBR and GPT option on the installer\u003c/li\u003e\n\u003cli\u003eNew UFS full disk swap size option on the installer\u003c/li\u003e\n\u003cli\u003eWhisker Menu as default Application menu on XFCE\u003c/li\u003e\n\u003cli\u003eAll software developed by GhostBSD is now getting updated\u003c/li\u003e\n\u003cli\u003eZFS configuration for disk\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWhat has been fixed on 11.1?\n\n\u003cul\u003e\n\u003cli\u003eFix XFCE sound plugin\u003c/li\u003e\n\u003cli\u003eInstaller ZFS configuration file setting\u003c/li\u003e\n\u003cli\u003eInstaller ZFS setup appears to be incomplete\u003c/li\u003e\n\u003cli\u003eThe installer was not listing ZFS disk correctly.\u003c/li\u003e\n\u003cli\u003eThe installer The partition list was not deleted when pressing back\u003c/li\u003e\n\u003cli\u003eXFCE and MATE shutdown/suspend/hibernate randomly missing\u003c/li\u003e\n\u003cli\u003eClicking \u0026#39;GhostBSD Bugs\u0026#39; item in the Main menu -\u0026gt; \u0026#39;System Tools\u0026#39; brings up \u0026#39;Server not found\u0026#39; page\u003c/li\u003e\n\u003cli\u003eXFCE installation - incorrect keyboard layout\u003c/li\u003e\n\u003cli\u003eLocale setting not filling correctly\u003c/li\u003e\n\u003cli\u003eUpdate Station tray icon\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe image checksum\u0026#39;s, hybrid ISO(DVD, USB) images are available at \u003ca href=\"http://www.ghostbsd.org/download\" rel=\"nofollow\"\u003eGhostBSD\u003c/a\u003e.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003ep2k17 Hackathon Reports\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171107034258\" rel=\"nofollow\"\u003ep2k17 Hackathon Report: Matthias Kilian on xpdf, haskell, and more\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171107185122\" rel=\"nofollow\"\u003ep2k17 Hackathon Report: Herzliche grusse vom Berlin (espie@ on mandoc, misc packages progress)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171107225258\" rel=\"nofollow\"\u003ep2k17 Hackathon Report: Paul Irofti (pirofti@) on hotplugd(8), math ports, xhci(4) and other kernel advancements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171108072117\" rel=\"nofollow\"\u003ep2k17 Hackathon report: Jeremy Evans on ruby progress, postgresql and webdriver work\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171109171447\" rel=\"nofollow\"\u003ep2k17 Hackathon report: Christian Weisgerber on random devices, build failures and gettext\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171110124645\" rel=\"nofollow\"\u003ep2k17 Hackathon report: Sebastian Reitenbach on Puppet progress\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171110124656\" rel=\"nofollow\"\u003ep2k17 Hackathon Report: Anthony J. Bentley on firmware, games and securing pkg_add runs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171113091807\" rel=\"nofollow\"\u003ep2k17 Hackathon Report: Landry Breuil on Mozilla things and much more\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171113235334\" rel=\"nofollow\"\u003ep2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171120075903\" rel=\"nofollow\"\u003ep2k17 Hackathon report: Antoine Jacoutot on ports+packages progress\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eTrueOS Talks\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/trueos-talks-tech-open-source-pellissippi-state/\" rel=\"nofollow\"\u003eTech and Open Source at Pellissippi State\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKen Moore of the TrueOS project presented a talk to the AITP group at Pellissippi State today entitled “It’s A Unix(-like) system? An Introduction to TrueOS and Open source”. Joshua Smith of the TrueOS project was also in attendance. \u003cbr\u003e\nWe were happy to see a good attendance of about 40 individuals that came to hear more about TrueOS and how we continue to innovate along with the FreeBSD project. Many good questions were raised about development, snapshots, cryptocurrency, and cyber-security. We’ve included a copy of the slides if you’d like to have a look at the talk on open source. We’d like to offer a sincere thanks to everyone who attended and offer an extended invitation for you to join us at our KnoxBUG group on October 30th @ the iXsystems offices! We hope to see you soon!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://web.trueos.org/wp-content/uploads/2017/10/Open-Source-Talk.pdf\" rel=\"nofollow\"\u003eOpen Source Talk – Slideshare PDF\u003c/a\u003e\n\u003ca href=\"http://knoxbug.org/content/octobers-talk-available-youtube\" rel=\"nofollow\"\u003eKnoxBug - Lumina Rising : Challenging Desktop Orthodoxy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKen gave his talk about the new Lumina 2.0 Window Manager that he gave at Ohio LinuxFest 2017\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/w3ZrqxLTnIU\" rel=\"nofollow\"\u003eKnoxBUG October 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.slideshare.net/beanpole135/olf-2017-lumina-rising-challenging-desktop-orthodoxy\" rel=\"nofollow\"\u003e(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20171118190325\" rel=\"nofollow\"\u003eOfficial OpenBSD 6.2 CD set - the only one to be made!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur dear friend Bob Beck (beck@) writes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo, again this release the tradition of making Theo do art has continued!\u003cbr\u003e\nUp for sale by auction to the highest bidder on Ebay is the only OpenBSD 6.2 CD set to be produced.\u003cbr\u003e\nThe case and CD\u0026#39;s feature the 6.2 artwork, custom drawn and signed by Theo.\u003cbr\u003e\nAll proceeds to support OpenBSD\u003cbr\u003e\nGo have a look at the auction\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs with previous OpenBSD auctions, if you are not the successful bidder, we would like to encourage you to donate the equivalent of you highest bid to the project.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ebay.ca/itm/Official-OpenBSD-6-2-CD-Set/253265944606\" rel=\"nofollow\"\u003eThe Auction\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2017-October/313646.html\" rel=\"nofollow\"\u003eHAMMER2 userspace on Linux\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.nycbug.org/index.cgi?action=view\u0026id=10655\" rel=\"nofollow\"\u003eOpenBSD Porting Workshop (now changed to January 3, 2018)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/mahrens1/status/921204908094775296\" rel=\"nofollow\"\u003eMatt Ahrens on when Native Encryption for ZFS will land\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://nanxiao.me/en/the-first-successful-build-of-openbsd-base-system/\" rel=\"nofollow\"\u003eThe first successful build of OpenBSD base system\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/KnoxBUG-BSD-Linux-and-FOSS-Users-Unite/events/245291204/\" rel=\"nofollow\"\u003eKnoxBug November Meeting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.michaelwlucas.com/os/af3e\" rel=\"nofollow\"\u003eAbsolute FreeBSD, 3rd Edition, pre-orders available\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eJon - \u003ca href=\"http://dpaste.com/2BEW0HB#wrap\" rel=\"nofollow\"\u003eJails and Networking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNathan - \u003ca href=\"http://dpaste.com/1GHSYJS#wrap\" rel=\"nofollow\"\u003ebhyve Provisioning\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLian - \u003ca href=\"http://dpaste.com/18P8D8C#wrap\" rel=\"nofollow\"\u003eOpenSSL jumping the Shark\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKim - \u003ca href=\"http://dpaste.com/1VE0K9E#wrap\" rel=\"nofollow\"\u003eSuggestions\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Allan reports on his trip to BSD Taiwan, new versions of Lumina and GhostBSD are here, a bunch of OpenBSD p2k17 hackathon reports.","date_published":"2017-11-22T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c223b460-2a15-4458-87f8-0f1b7e5947db.mp3","mime_type":"audio/mpeg","size_in_bytes":84011764,"duration_in_seconds":7000}]},{"id":"317534a9-acaf-4d19-8857-2a02ad303297","title":"220: Opening ZFS in 2017","url":"https://www.bsdnow.tv/220","content_text":"We have a first PS4 kernel exploit, the long awaited OpenZFS devsummit report by Allan, DragonflyBSD 5.0 is out, we show you vmadm to manage jails, and parallel processing with Unix tools.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nThe First PS4 Kernel Exploit: Adieu\n\n\nThe First PS4 Kernel Exploit: Adieu\n\n\n\nPlenty of time has passed since we first demonstrated Linux running on the PS4.  Now we will step back a bit and explain how we managed to jump from the browser process into the kernel such that ps4-kexec et al. are usable.  Over time, ps4 firmware revisions have progressively added many mitigations and in general tried to lock down the system. This post will mainly touch on vulnerabilities and issues which are not present on the latest releases, but should still be useful for people wanting to investigate ps4 security.\n\n\n\nVulnerability Discovery\n\n\n\nAs previously explained, we were able to get a dump of the ps4 firmware 1.01 kernel via a PCIe man-in-the-middle attack. Like all FreeBSD kernels, this image included “export symbols” - symbols which are required to perform kernel and module initialization processes. However, the ps4 1.01 kernel also included full ELF symbols (obviously an oversight as they have been removed in later firmware versions). This oversight was beneficial to the reverse engineering process, although of course not a true prerequisite. Indeed, we began exploring the kernel by examining built-in metadata in the form of the syscall handler table - focusing on the ps4-specific entries.\nEach process object in the kernel contains its own “idt” (ID Table) object. As can be inferred from the snippet above, the hash table essentially just stores pointers to opaque data blobs, along with a given kind and name. Entries may be accessed (and thus “locked”) with either read or write intent. Note that IDT_TYPE is not a bitfield consisting of only unique powers of 2. This means that if we can control the kind of an id_entry, we may be able to cause a type confusion to occur (it is assumed that we may control name).\n\n\n\nExploitation\n\n\n\nTo an exploiter without ps4 background, it might seem that the easiest way to exploit this bug would be to take advantage of the write off the end of the malloc’d namedobj_usr_t object. However, this turns out to be impossible (as far as I know) because of a side effect of the ps4 page size being changed to 0x4000 bytes (from the normal of 0x1000). It appears that in order to change the page size globally, the ps4 kernel developers opted to directly change the related macros. One of the many changes resulting from this is that the smallest actual amount of memory which malloc may give back to a caller becomes 0x40 bytes. While this also results in tons of memory being completely wasted, it does serve to nullify certain exploitation techniques (likely completely by accident…).\n\n\n\nAdieu\n\n\n\nThe namedobj exploit was present and exploitable (albeit using a slightly different method than described here) until it was fixed in firmware version 4.06. This vulnerability was also found and exploited by (at least) Chaitin Tech, so props to them! Taking a quick look at the 4.07 kernel, we can see a straightforward fix (4.06 is assumed to be identical - only had 4.07 on hand while writing this post):\n\nint sys_namedobj_create(struct thread *td, void *args) {\n  // ...\n  rv = EINVAL;\n  kind = *((_DWORD *)args + 4)\n  if ( !(kind \u0026amp; 0x4000) \u0026amp;\u0026amp; *(_QWORD *)args ) {\n    // ... (unchanged)\n  }\n  return rv;\n}\n\n\nAnd so we say goodbye to a nice exploit. I hope you enjoyed this blast from the past :) Keep hacking!\n\n\n\n\nOpenZFS Developer Summit 2017 Recap\n\n\nThe 5th annual OpenZFS Developer Summit was held in San Francisco on October 24-25. Hosted by Delphix at the Children’s Creativity Museum in San Francisco, over a hundred OpenZFS contributors from a wide variety of companies attended and collaborated during the conference and developer summit. iXsystems was a Gold sponsor and several iXsystems employees attended the conference, including the entire Technical Documentation Team, the Director of Engineering, the Senior Analyst, a Tier 3 Support Engineer, and a Tier 2 QA Engineer.\nDay 1 of the conference had 9 highly detailed, informative, and interactive technical presentations from companies which use or contribute to OpenZFS. The presentations highlighted improvements to OpenZFS developed “in-house” at each of these companies, with most improvements looking to be made available to the entire OpenZFS community in the near to long term. There’s a lot of exciting stuff happening in the OpenZFS community and this post provides an overview of the presented features and proof-of-concepts.\nThe keynote was delivered by Mark Maybee who spoke about the past, present, and future of ZFS at Oracle. An original ZFS developer, he outlined the history of closed-source ZFS development after Oracle’s acquisition of Sun. ZFS has a fascinating history, as the project has evolved over the last decade in both open and closed source forms, independent of one another. While Oracle’s proprietary internal version of ZFS has diverged from OpenZFS, it has implemented many of the same features. Mark was very proud of the work his team had accomplished over the years, claiming Oracle’s ZFS products have accounted for over a billion dollars in sales and are used in the vast majority of Fortune 100 companies. However, with Oracle aggressively moving into cloud storage, the future of closed source ZFS is uncertain. Mark presented a few ideas to transform ZFS into a mainstream and standard file system, including adding more robust support for Linux.\nAllan Jude from ScaleEngine talked about ZStandard, a new compression method he is developing in collaboration with Facebook. It offers compression comparable to gzip, but at speeds fast enough to keep up with hard drive bandwidth. According to early testing, it improves both the speed and compression efficiency over the current LZ4 compression algorithm. It also offers a new “dictionary” feature for improving image compression, which is of particular interest to Facebook. In addition, when using ZFS send and receive, it will adapt the compression ratio to make the most efficient use of the network bandwidth.\nCurrently, deleting a clone on ZFS is a time-consuming process, especially when dealing with large datasets that have diverged over time. Sara Hartse from Delphix described how “clone fast delete” speeds up clone deletion. Rather than traversing the entire dataset during clone deletion, changes to the clone are tracked in a “live list” which the delete process uses to determine which blocks to free.  In addition, rather than having to wait for the clone to finish, the delete process backgrounds the task so you can keep working without any interruptions. Sara shared the findings of a test they ran on a clone with 500MB of data, which took 45 minutes to delete with the old method, and under a minute using the live list. This behavior is an optional property as it may not be appropriate for long-lived clones where deletion times are not a concern. At this time, it does not support promoted clones.\nOlaf Faaland from Lawrence Livermore National Labs demonstrated the progress his team has made to improve ZFS pool imports with MMP (Multi-Modifier Protection), a watchdog system to make sure that ZFS pools in clustered High Availability environments are not imported by more than one host at a time.  MMP uses uberblocks and other low-level ZFS features to monitor pool import status and otherwise safeguard the import process. MMP adds fields to on-disk metadata so it does not depend on hardware, such as SAS. It supports multi-node HA configs and does not affect non-HA systems. However, it does have issues with long I/O delays so existing HA software is recommended as an additional fallback.\nJörgen Lundman of GMO Internet gave an entertaining talk on the trials and tribulations of porting ZFS to OS X.  As a bonus, he talked about porting ZFS to Windows, and showed a working demo.  While not yet in a usable state, it demonstrated a proof-of-concept of ZFS support for other platforms.\nSerapheim Dimitropoulos from Delphix discussed Faster Allocation with the Log Spacemap as a means of optimizing ZFS allocation performance. He began with an in-depth overview of metaslabs and how log spacemaps are used to track allocated and freed blocks. Since blocks are only allocated from loaded metaslabs but freed blocks may apply to any metaslab, over time logging the freed blocks to each appropriate metaslab with every txg becomes less efficient. Their solution is to create a pool-wide metaslab for unflushed entries.\nShailendra Tripathi from Tegile presented iFlash: Dynamic Adaptive L2ARC Caching. This was an interesting talk on what is required to allow very different classes of resources to share the same flash device–in their case, ZIL, L2ARC, and metadata. To achieve this, they needed to address the following differences for each class: queue priority, metaslab load policy, allocation, and data protection (as cache has no redundancy).\nIsaac Huang of Intel introduced DRAID, or parity declustered RAID. Once available, this will provide the same levels of redundancy as traditional RAIDZ, providing the administrator doubles the amount of options for providing redundancy for their use case. The goals of DRAID are to address slow resilvering times and the write throughput of a single replacement drive being a bottleneck. This solution skips block pointer tree traversal when rebuilding the pool after drive failure, which is the cause of long resilver times. This means that redundancy is restored quickly, mitigating the risk of losing additional drives before the resilver completes, but it does require a scrub afterwards to confirm data integrity. This solution supports logical spares, which must be defined at vdev creation time, which are used to quickly restore the array.\nPrakash Surya of Delphix described how ZIL commits currently occur in batches, where waiting threads have to wait for the batch to complete. His proposed solution was to replace batch commits and to instead notify the waiting thread after its ZIL commit in order to greatly increase throughput.  A new tunable for the log write block timeout can also be used to log write blocks more efficiently.\nOverall, the quality of the presentations at the 2017 OpenZFS conference was high. While quite technical, they clearly explained the scope of the problems being addressed and how the proposed solutions worked. We look forward to seeing the described features integrated into OpenZFS. The videos and slides for the presentations should be made available over the next month or so at the OpenZFS website.\n\n\n\nOpenZFS Photo Album\n\n\n\n\nDragonflyBSD 5.0\n\n\nDragonFly version 5.0 brings the first bootable release of HAMMER2, DragonFly's next generation file system.\nHAMMER2\n\n\nPreliminary HAMMER2 support has been released into the wild as-of the 5.0 release. This support is considered EXPERIMENTAL and should generally not yet be used for production machines and important data. The boot loader will support both UFS and HAMMER2 /boot. The installer will still use a UFS /boot even for a HAMMER2 installation because the /boot partition is typically very small and HAMMER2, like HAMMER1, does not instantly free space when files are deleted or replaced.\nDragonFly 5.0 has single-image HAMMER2 support, with live dedup (for cp's), compression, fast recovery, snapshot, and boot support. HAMMER2 does not yet support multi-volume or clustering, though commands for it exist. Please use non-clustered single images for now.\n\nipfw Updates\n\n\nIPFW has gone through a number of updates in DragonFly and now offers better performance. pf and ipfw3 are also still supported.\n\nImproved graphics support\n\n\nThe i915 driver has been brought up to match what's in the Linux 4.7.10 kernel. Intel GPUs are supported up to the Kabylake generation.\nvga_switcheroo(4) module added, allowing the use of Intel GPUs on hybrid-graphics systems.\nThe new apple_gmux driver enables switching to the Intel video chipset on dual Intel/NVIDIA and Intel/Radeon Macbook computers.\n\nOther user-affecting changes\n\n\nefisetup(8) added.\nDragonFly can now support over 900,000 processes on a single machine.\nClient-side SSH by default does not try password authentication, which is the default behavior in newer versions of OpenSSH. Pass an explicit '-o PasswordAuthentication=yes' or change /etc/ssh/ssh_config if you need the old behavior. Public key users are unaffected.\n\nClang status\n\n\nA starting framework has been added for using clang as the alternate base compiler in DragonFly, to replace gcc 4.7. It's not yet complete. Clang can of course be added as a package.\n\nPackage updates\n\n\nMany package updates but I think most notably we need to point to chrome60 finally getting into dports with accelerated video and graphics support.\n\n64-bit status\n\n\nNote that DragonFly is a 64-bit-only operating system as of 4.6, and will not run on 32-bit hardware.\nAMD Ryzen is supported and DragonFly 5.0 has a workaround for a hardware bug.\n\nDragonFly quickly released a v5.0.1 with a few patches Download link\n\n\n\n\nNews Roundup\n\n(r)vmadm – managing FreeBSD jails\n\n\nWe are releasing the first version (0.1.0) of our clone of vmadm for FreeBSD jails today. It is not done or feature complete, but it does provides basic functionality.  At this point, we think it would be helpful to get it out there and get some feedback. As of today, it allows basic management of datasets, as well as creating, starting, stopping, and destroying jails.\n\n\n\nWhy another tool to manage jails\n\n\n\nHowever, before we go into details let’s talk why we build yet another jail manager? It is not the frequent NIH syndrome, actually quite the opposite. In FiFo 0.9.2 we experimented with iocage as a way to control jails. While iocage is a useful tool when used as a CLI utility it has some issues when used programmatically.\nWhen managing jails automatically and not via a CLI tool things like performance, or a machine parsable interface matter. While on a CLI it is acceptable if a call takes a second or two, for automatically consuming a tool this delay is problematic.\nAnother reason for the decision was that vmadm is an excellent tool. It is very well designed. SmartOs uses vmadm for years now. Given all that, we opted for adopting a proven interface rather than trying to create a new one. Since we already interface with it on SmartOS, we can reuse a majority of our management code between SmartOS and FreeBSD.\n\n\n\nWhat can we do\n\n\n\nToday we can manage datasets, which are jail templates in the form of ZFS volumes. We can list and serve them from a dataset-server, and fetch those we like want. At this point, we provide datasets for FreeBSD 10.0 to 11.1, but it is very likely that the list will grow. As an idea here is a community-driven list of datasets that exist for SmartOS today. Moreover, while those datasets will not work, we hope to see the same for BSD jails.\nAfter fetching the dataset, we can define jails by using a JSON file. This file is compatible with the zone description used on SmartOS. It does not provide all the same features but a subset. Resources such as CPU and memory can be defined, networking configured, a dataset selected and necessary settings like hostname set.\nWith the jail created, vmadm allows managing its lifetime, starting, stopping it, accessing the console and finally destroying it. Updates to jails are supported to however as of today they are only taken into account after restarting the jail. However, this is in large parts not a technical impossibility but rather wasn’t high up on the TODO list.\nIt is worth mentioning that vmadm will not pick up jails created in other tools or manually. Only using vmadm created jails was a conscious decision to prevent it interfering with existing setups or other utilities. While conventional tools can manage jails set up with vmadm just fine we use some special tricks like nested jails to allow for restrictions required for multi-tenancy that are hard or impossible to achieve otherwise.\n\n\n\nWhats next\n\n\n\nFirst and foremost we hope to get some feedback and perhaps community engagement. In the meantime, as announced earlier this year, we are hard at work integrating FreeBSD hypervisors in FiFo, and as of writing this, the core actions work quite well.\nRight now only the barebone functions are supported, some of the output is not as clear as we would like. We hope to eventually add support for behyve to vmadm the same way that it supports KVM on SmartOS. Moreover, the groundwork for this already exists in the nested jail techniques we are using.\nOther than that we are exploring ways to allow for PCI pass through in jails, something not possible in SmartOS zones right now that would be beneficial for some users.\nIn general, we want to improve compatibility with SmartOS as much as possible and features that we add over time should make the specifications invalid for SmartOS.\n\n\n\nYou can get the tool from github.\n***\n\n\nParallel processing with unix tools\n\n\nThere are various ways to use parallel processing in UNIX:\n\n\n\npiping\nAn often under appreciated idea in the unix pipe model is that the components of the pipe run in parallel. This is a key advantage leveraged when combining simple commands that do \"one thing well\"\nsplit -n, xargs -P, parallel\nNote programs that are invoked in parallel by these, need to output atomically for each item processed, which the GNU coreutils are careful to do for factor and sha*sum, etc. Generally commands that use stdio for output can be wrapped with the stdbuf -oL command to avoid intermixing lines from parallel invocations\nmake -j\nMost implementations of make(1) now support the -j option to process targets in parallel. make(1) is generally a higher level tool designed to process disparate tasks and avoid reprocessing already generated targets. For example it is used very effictively when testing coreutils where about 700 tests can be processed in 13 seconds on a 40 core machine.\nimplicit threading\nThis goes against the unix model somewhat and definitely adds internal complexity to those tools. The advantages can be less data copying overhead, and simpler usage, though its use needs to be carefully considered. A disadvantage is that one loses the ability to easily distribute commands to separate systems. Examples are GNU sort(1) and turbo-linecount\n\n\n\nThe example provided counts lines in parallel:\n\n\n\nThe examples below will compare the above methods for implementing multi-processing, for the function of counting lines in a file. First of all let's generate some test data. We use both long and short lines to compare the overhead of the various methods compared to the core cost of the function being performed:\n$ seq 100000000 \u0026gt; lines.txt  # 100M lines\n$ yes $(yes longline | head -n9) | head -n10000000 \u0026gt; long-lines.txt  # 10M lines\n\nWe'll also define the add() { paste -d+ -s | bc; } helper function to add a list of numbers.\nNote the following runs were done against cached files, and thus not I/O bound. Therefore we limit the number of processes in parallel to $(nproc), though you would generally benefit to raising that if your jobs are waiting on network or disk etc.\n\n\nWe'll use this command to count lines for most methods, so here is the base non multi-processing performance for comparison:\n$ time wc -l lines.txt\n$ time wc -l long-lines.txt\nsplit -n\nNote using -n alone is not enough to parallelize. For example this will run serially with each chunk, because since --filter may write files, the -n pertains to the number of files to split into rather than the number to process in parallel.\n$ time split -n$(nproc) --filter='wc -l' lines.txt | add\n\n\n\n\nYou can either run multiple invocations of split in parallel on separate portions of the file like:\n\n\n\n$ time for i in $(seq $(nproc)); do\n       split -n$i/$(nproc) lines.txt | wc -l\u0026amp;\n  done | add\n\n\n\nOr split can do parallel mode using round robin on each line, but that's huge overhead in this case. (Note also the -u option significant with -nr):\n\n\n\n$ time split -nr/$(nproc) --filter='wc -l' lines.txt | add\n\n\n\nRound robin would only be useful when the processing per item is significant.\nParallel isn't well suited to processing a large single file, rather focusing on distributing multiple files to commands. It can't efficiently split to lightweight processing if reading sequentially from pipe:\n\n\n\n$ time parallel --will-cite --block=200M --pipe 'wc -l' \u0026lt; lines.txt | add\n\n\n\nLike parallel, xargs is designed to distribute separate files to commands, and with the -P option can do so in parallel. If you have a large file then it may be beneficial to presplit it, which could also help with I/O bottlenecks if the pieces were placed on separate devices:\n\n\n\nsplit -d -n l/$(nproc) lines.txt l.\nThose pieces can then be processed in parallel like:\n$ time find -maxdepth 1 -name 'l.*' |\nxargs -P$(nproc) -n1 wc -l | cut -f1 -d' ' | add\n\n\n\nIf your file sizes are unrelated to the number of processors then you will probably want to adjust -n1 to batch together more files to reduce the number of processes run in total. Note you should always specify -n with -P to avoid xargs accumulating too many input items, thus impacting the parallelism of the processes it runs.\nmake(1) is generally used to process disparate tasks, though can be leveraged to provide low level parallel processing on a bunch of files. Note also the make -O option which avoids the need for commands to output their data atomically, letting make do the synchronization. We'll process the presplit files as generated for the xargs example above, and to support that we'll use the following Makefile:\n\n\n\n%: FORCE     # Always run the command\n  @wc -l \u0026lt; $@\nFORCE: ;\nMakefile: ;  # Don't include Makefile itself\n\n\n\nOne could generate this and pass to make(1) with the -f option, though we'll keep it as a separate Makefile here for simplicity. This performs very well and matches the performance of xargs.\n\n\n\n$ time find -name 'l.*' -exec make -j$(nproc) {} + | add\nNote we use the POSIX specified \"find ... -exec ... {} +\" construct, rather than conflating the example with xargs. This construct like xargs will pass as many files to make as possible, which make(1) will then process in parallel.\n\n\n\n\nOpenBSD gives a hint on forgetting unlock mutex\n\n\nOpenBSD gives a hint on forgetting unlock mutex\nCheck following simple C++ program:\n\u0026gt; ```\n#include \n\n\nint main(void)\n{\n    std::mutex m;\n    m.lock();\n\nreturn 0;\n\n\n}\n\n\n+ The mutex m forgot unlock itself before exiting main function:\n\n\u0026gt; ```\nm.unlock();\n\n\n\nTest it on GNU/Linux, and I chose ArchLinux as the testbed:\n\n\n\n$ uname -a\nLinux fujitsu-i 4.13.7-1-ARCH #1 SMP PREEMPT Sat Oct 14 20:13:26 CEST 2017 x86_64 GNU/Linux\n$ clang++ -g -pthread -std=c++11 test_mutex.cpp\n$ ./a.out\n$\n\n\n\n\nThe process exited normally, and no more words was given. Build and run it on OpenBSD 6.2:\n\n\n\nclang++ -g -pthread -std=c++11 test_mutex.cpp\n./a.out\npthread_mutex_destroy on mutex with waiters!\n\n\n\n\nThe OpenBSD prompts “pthread_mutex_destroy on mutex with waiters!“. Interesting!\n***\n\n\nBeastie Bits\n\n\nUpdates to the NetBSD operating system since OSHUG #57 \u0026amp; #58\nCreating a jail with FiFo and Digital Ocean\nI'm thinking about OpenBSD again\nKernel ASLR on amd64\nCall for Participation - BSD Devroom at FOSDEM\nBSD Stockholm Meetup\n***\n\n\nFeedback/Questions\n\n\narchitect - vBSDCon\nBrad - Packages and package dependencies\nLars - dpb\nAlex re: PS4 Network Throttling\n***\n","content_html":"\u003cp\u003eWe have a first PS4 kernel exploit, the long awaited OpenZFS devsummit report by Allan, DragonflyBSD 5.0 is out, we show you vmadm to manage jails, and parallel processing with Unix tools.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/\" rel=\"nofollow\"\u003eThe First PS4 Kernel Exploit: Adieu\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe First PS4 Kernel Exploit: Adieu\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePlenty of time has passed since we first demonstrated Linux running on the PS4.  Now we will step back a bit and explain how we managed to jump from the browser process into the kernel such that ps4-kexec et al. are usable.  Over time, ps4 firmware revisions have progressively added many mitigations and in general tried to lock down the system. This post will mainly touch on vulnerabilities and issues which are not present on the latest releases, but should still be useful for people wanting to investigate ps4 security.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eVulnerability Discovery\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs previously explained, we were able to get a dump of the ps4 firmware 1.01 kernel via a PCIe man-in-the-middle attack. Like all FreeBSD kernels, this image included “export symbols” - symbols which are required to perform kernel and module initialization processes. However, the ps4 1.01 kernel also included full ELF symbols (obviously an oversight as they have been removed in later firmware versions). This oversight was beneficial to the reverse engineering process, although of course not a true prerequisite. Indeed, we began exploring the kernel by examining built-in metadata in the form of the syscall handler table - focusing on the ps4-specific entries.\u003cbr\u003e\nEach process object in the kernel contains its own “idt” (ID Table) object. As can be inferred from the snippet above, the hash table essentially just stores pointers to opaque data blobs, along with a given kind and name. Entries may be accessed (and thus “locked”) with either read or write intent. Note that IDT_TYPE is not a bitfield consisting of only unique powers of 2. This means that if we can control the kind of an id_entry, we may be able to cause a type confusion to occur (it is assumed that we may control name).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eExploitation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo an exploiter without ps4 background, it might seem that the easiest way to exploit this bug would be to take advantage of the write off the end of the malloc’d namedobj_usr_t object. However, this turns out to be impossible (as far as I know) because of a side effect of the ps4 page size being changed to 0x4000 bytes (from the normal of 0x1000). It appears that in order to change the page size globally, the ps4 kernel developers opted to directly change the related macros. One of the many changes resulting from this is that the smallest actual amount of memory which malloc may give back to a caller becomes 0x40 bytes. While this also results in tons of memory being completely wasted, it does serve to nullify certain exploitation techniques (likely completely by accident…).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdieu\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe namedobj exploit was present and exploitable (albeit using a slightly different method than described here) until it was fixed in firmware version 4.06. This vulnerability was also found and exploited by (at least) Chaitin Tech, so props to them! Taking a quick look at the 4.07 kernel, we can see a straightforward fix (4.06 is assumed to be identical - only had 4.07 on hand while writing this post):\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eint sys_namedobj_create(struct thread *td, void *args) {\n  // ...\n  rv = EINVAL;\n  kind = *((_DWORD *)args + 4)\n  if ( !(kind \u0026amp; 0x4000) \u0026amp;\u0026amp; *(_QWORD *)args ) {\n    // ... (unchanged)\n  }\n  return rv;\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eAnd so we say goodbye to a nice exploit. I hope you enjoyed this blast from the past :) Keep hacking!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/openzfs-devsummit-2017/\" rel=\"nofollow\"\u003eOpenZFS Developer Summit 2017 Recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe 5th annual OpenZFS Developer Summit was held in San Francisco on October 24-25. Hosted by Delphix at the Children’s Creativity Museum in San Francisco, over a hundred OpenZFS contributors from a wide variety of companies attended and collaborated during the conference and developer summit. iXsystems was a Gold sponsor and several iXsystems employees attended the conference, including the entire Technical Documentation Team, the Director of Engineering, the Senior Analyst, a Tier 3 Support Engineer, and a Tier 2 QA Engineer.\u003cbr\u003e\nDay 1 of the conference had 9 highly detailed, informative, and interactive technical presentations from companies which use or contribute to OpenZFS. The presentations highlighted improvements to OpenZFS developed “in-house” at each of these companies, with most improvements looking to be made available to the entire OpenZFS community in the near to long term. There’s a lot of exciting stuff happening in the OpenZFS community and this post provides an overview of the presented features and proof-of-concepts.\u003cbr\u003e\nThe keynote was delivered by Mark Maybee who spoke about the past, present, and future of ZFS at Oracle. An original ZFS developer, he outlined the history of closed-source ZFS development after Oracle’s acquisition of Sun. ZFS has a fascinating history, as the project has evolved over the last decade in both open and closed source forms, independent of one another. While Oracle’s proprietary internal version of ZFS has diverged from OpenZFS, it has implemented many of the same features. Mark was very proud of the work his team had accomplished over the years, claiming Oracle’s ZFS products have accounted for over a billion dollars in sales and are used in the vast majority of Fortune 100 companies. However, with Oracle aggressively moving into cloud storage, the future of closed source ZFS is uncertain. Mark presented a few ideas to transform ZFS into a mainstream and standard file system, including adding more robust support for Linux.\u003cbr\u003e\nAllan Jude from ScaleEngine talked about ZStandard, a new compression method he is developing in collaboration with Facebook. It offers compression comparable to gzip, but at speeds fast enough to keep up with hard drive bandwidth. According to early testing, it improves both the speed and compression efficiency over the current LZ4 compression algorithm. It also offers a new “dictionary” feature for improving image compression, which is of particular interest to Facebook. In addition, when using ZFS send and receive, it will adapt the compression ratio to make the most efficient use of the network bandwidth.\u003cbr\u003e\nCurrently, deleting a clone on ZFS is a time-consuming process, especially when dealing with large datasets that have diverged over time. Sara Hartse from Delphix described how “clone fast delete” speeds up clone deletion. Rather than traversing the entire dataset during clone deletion, changes to the clone are tracked in a “live list” which the delete process uses to determine which blocks to free.  In addition, rather than having to wait for the clone to finish, the delete process backgrounds the task so you can keep working without any interruptions. Sara shared the findings of a test they ran on a clone with 500MB of data, which took 45 minutes to delete with the old method, and under a minute using the live list. This behavior is an optional property as it may not be appropriate for long-lived clones where deletion times are not a concern. At this time, it does not support promoted clones.\u003cbr\u003e\nOlaf Faaland from Lawrence Livermore National Labs demonstrated the progress his team has made to improve ZFS pool imports with MMP (Multi-Modifier Protection), a watchdog system to make sure that ZFS pools in clustered High Availability environments are not imported by more than one host at a time.  MMP uses uberblocks and other low-level ZFS features to monitor pool import status and otherwise safeguard the import process. MMP adds fields to on-disk metadata so it does not depend on hardware, such as SAS. It supports multi-node HA configs and does not affect non-HA systems. However, it does have issues with long I/O delays so existing HA software is recommended as an additional fallback.\u003cbr\u003e\nJörgen Lundman of GMO Internet gave an entertaining talk on the trials and tribulations of porting ZFS to OS X.  As a bonus, he talked about porting ZFS to Windows, and showed a working demo.  While not yet in a usable state, it demonstrated a proof-of-concept of ZFS support for other platforms.\u003cbr\u003e\nSerapheim Dimitropoulos from Delphix discussed Faster Allocation with the Log Spacemap as a means of optimizing ZFS allocation performance. He began with an in-depth overview of metaslabs and how log spacemaps are used to track allocated and freed blocks. Since blocks are only allocated from loaded metaslabs but freed blocks may apply to any metaslab, over time logging the freed blocks to each appropriate metaslab with every txg becomes less efficient. Their solution is to create a pool-wide metaslab for unflushed entries.\u003cbr\u003e\nShailendra Tripathi from Tegile presented iFlash: Dynamic Adaptive L2ARC Caching. This was an interesting talk on what is required to allow very different classes of resources to share the same flash device–in their case, ZIL, L2ARC, and metadata. To achieve this, they needed to address the following differences for each class: queue priority, metaslab load policy, allocation, and data protection (as cache has no redundancy).\u003cbr\u003e\nIsaac Huang of Intel introduced DRAID, or parity declustered RAID. Once available, this will provide the same levels of redundancy as traditional RAIDZ, providing the administrator doubles the amount of options for providing redundancy for their use case. The goals of DRAID are to address slow resilvering times and the write throughput of a single replacement drive being a bottleneck. This solution skips block pointer tree traversal when rebuilding the pool after drive failure, which is the cause of long resilver times. This means that redundancy is restored quickly, mitigating the risk of losing additional drives before the resilver completes, but it does require a scrub afterwards to confirm data integrity. This solution supports logical spares, which must be defined at vdev creation time, which are used to quickly restore the array.\u003cbr\u003e\nPrakash Surya of Delphix described how ZIL commits currently occur in batches, where waiting threads have to wait for the batch to complete. His proposed solution was to replace batch commits and to instead notify the waiting thread after its ZIL commit in order to greatly increase throughput.  A new tunable for the log write block timeout can also be used to log write blocks more efficiently.\u003cbr\u003e\nOverall, the quality of the presentations at the 2017 OpenZFS conference was high. While quite technical, they clearly explained the scope of the problems being addressed and how the proposed solutions worked. We look forward to seeing the described features integrated into OpenZFS. The videos and slides for the presentations should be made available over the next month or so at the OpenZFS website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://photos.google.com/share/AF1QipNxYQuOm5RDxRgRQ4P8BhtoLDpyCuORKWiLPT0WlvUmZYDdrX3334zu5lvY_sxRBA?key=MW5fR05MdUdPaXFKVDliQVJEb3N3Uy1uMVFFdVdR\" rel=\"nofollow\"\u003eOpenZFS Photo Album\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release50/\" rel=\"nofollow\"\u003eDragonflyBSD 5.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly version 5.0 brings the first bootable release of HAMMER2, DragonFly\u0026#39;s next generation file system.\u003c/li\u003e\n\u003cli\u003eHAMMER2\n\n\u003cul\u003e\n\u003cli\u003ePreliminary HAMMER2 support has been released into the wild as-of the 5.0 release. This support is considered EXPERIMENTAL and should generally not yet be used for production machines and important data. The boot loader will support both UFS and HAMMER2 /boot. The installer will still use a UFS /boot even for a HAMMER2 installation because the /boot partition is typically very small and HAMMER2, like HAMMER1, does not instantly free space when files are deleted or replaced.\u003c/li\u003e\n\u003cli\u003eDragonFly 5.0 has single-image HAMMER2 support, with live dedup (for cp\u0026#39;s), compression, fast recovery, snapshot, and boot support. HAMMER2 does not yet support multi-volume or clustering, though commands for it exist. Please use non-clustered single images for now.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eipfw Updates\n\n\u003cul\u003e\n\u003cli\u003eIPFW has gone through a number of updates in DragonFly and now offers better performance. pf and ipfw3 are also still supported.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eImproved graphics support\n\n\u003cul\u003e\n\u003cli\u003eThe i915 driver has been brought up to match what\u0026#39;s in the Linux 4.7.10 kernel. Intel GPUs are supported up to the Kabylake generation.\u003c/li\u003e\n\u003cli\u003evga_switcheroo(4) module added, allowing the use of Intel GPUs on hybrid-graphics systems.\u003c/li\u003e\n\u003cli\u003eThe new apple_gmux driver enables switching to the Intel video chipset on dual Intel/NVIDIA and Intel/Radeon Macbook computers.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eOther user-affecting changes\n\n\u003cul\u003e\n\u003cli\u003eefisetup(8) added.\u003c/li\u003e\n\u003cli\u003eDragonFly can now support over 900,000 processes on a single machine.\u003c/li\u003e\n\u003cli\u003eClient-side SSH by default does not try password authentication, which is the default behavior in newer versions of OpenSSH. Pass an explicit \u0026#39;-o PasswordAuthentication=yes\u0026#39; or change /etc/ssh/ssh_config if you need the old behavior. Public key users are unaffected.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eClang status\n\n\u003cul\u003e\n\u003cli\u003eA starting framework has been added for using clang as the alternate base compiler in DragonFly, to replace gcc 4.7. It\u0026#39;s not yet complete. Clang can of course be added as a package.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003ePackage updates\n\n\u003cul\u003e\n\u003cli\u003eMany package updates but I think most notably we need to point to chrome60 finally getting into dports with accelerated video and graphics support.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e64-bit status\n\n\u003cul\u003e\n\u003cli\u003eNote that DragonFly is a 64-bit-only operating system as of 4.6, and will not run on 32-bit hardware.\u003c/li\u003e\n\u003cli\u003eAMD Ryzen is supported and DragonFly 5.0 has a workaround for a \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-August/626190.html\" rel=\"nofollow\"\u003ehardware bug\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDragonFly quickly released a v5.0.1 with a few patches \u003ca href=\"https://www.dragonflybsd.org/download/\" rel=\"nofollow\"\u003eDownload link\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.project-fifo.net/rvmadm-managing-freebsd-jails/\" rel=\"nofollow\"\u003e(r)vmadm – managing FreeBSD jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe are releasing the first version (0.1.0) of our clone of vmadm for FreeBSD jails today. It is not done or feature complete, but it does provides basic functionality.  At this point, we think it would be helpful to get it out there and get some feedback. As of today, it allows basic management of datasets, as well as creating, starting, stopping, and destroying jails.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhy another tool to manage jails\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHowever, before we go into details let’s talk why we build yet another jail manager? It is not the frequent NIH syndrome, actually quite the opposite. In FiFo 0.9.2 we experimented with iocage as a way to control jails. While iocage is a useful tool when used as a CLI utility it has some issues when used programmatically.\u003cbr\u003e\nWhen managing jails automatically and not via a CLI tool things like performance, or a machine parsable interface matter. While on a CLI it is acceptable if a call takes a second or two, for automatically consuming a tool this delay is problematic.\u003cbr\u003e\nAnother reason for the decision was that vmadm is an excellent tool. It is very well designed. SmartOs uses vmadm for years now. Given all that, we opted for adopting a proven interface rather than trying to create a new one. Since we already interface with it on SmartOS, we can reuse a majority of our management code between SmartOS and FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat can we do\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday we can manage datasets, which are jail templates in the form of ZFS volumes. We can list and serve them from a dataset-server, and fetch those we like want. At this point, we provide datasets for FreeBSD 10.0 to 11.1, but it is very likely that the list will grow. As an idea \u003ca href=\"https://datasets.at/\" rel=\"nofollow\"\u003ehere is a community-driven list of datasets\u003c/a\u003e that exist for SmartOS today. Moreover, while those datasets will not work, we hope to see the same for BSD jails.\u003cbr\u003e\nAfter fetching the dataset, we can define jails by using a JSON file. This file is compatible with the zone description used on SmartOS. It does not provide all the same features but a subset. Resources such as CPU and memory can be defined, networking configured, a dataset selected and necessary settings like hostname set.\u003cbr\u003e\nWith the jail created, vmadm allows managing its lifetime, starting, stopping it, accessing the console and finally destroying it. Updates to jails are supported to however as of today they are only taken into account after restarting the jail. However, this is in large parts not a technical impossibility but rather wasn’t high up on the TODO list.\u003cbr\u003e\nIt is worth mentioning that vmadm will not pick up jails created in other tools or manually. Only using vmadm created jails was a conscious decision to prevent it interfering with existing setups or other utilities. While conventional tools can manage jails set up with vmadm just fine we use some special tricks like nested jails to allow for restrictions required for multi-tenancy that are hard or impossible to achieve otherwise.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhats next\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst and foremost we hope to get some feedback and perhaps community engagement. In the meantime, as \u003ca href=\"https://blog.project-fifo.net/fifo-in-2017/\" rel=\"nofollow\"\u003eannounced earlier this year\u003c/a\u003e, we are hard at work integrating FreeBSD hypervisors in FiFo, and as of writing this, the core actions work quite well.\u003cbr\u003e\nRight now only the barebone functions are supported, some of the output is not as clear as we would like. We hope to eventually add support for behyve to vmadm the same way that it supports KVM on SmartOS. Moreover, the groundwork for this already exists in the nested jail techniques we are using.\u003cbr\u003e\nOther than that we are exploring ways to allow for PCI pass through in jails, something not possible in SmartOS zones right now that would be beneficial for some users.\u003cbr\u003e\nIn general, we want to improve compatibility with SmartOS as much as possible and features that we add over time should make the specifications invalid for SmartOS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou can get the tool \u003ca href=\"https://github.com/project-fifo/r-vmadm\" rel=\"nofollow\"\u003efrom github\u003c/a\u003e.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.pixelbeat.org/docs/unix-parallel-tools.html\" rel=\"nofollow\"\u003eParallel processing with unix tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere are various ways to use parallel processing in UNIX:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epiping\u003cbr\u003e\nAn often under appreciated idea in the unix pipe model is that the components of the pipe run in parallel. This is a key advantage leveraged when combining simple commands that do \u0026quot;one thing well\u0026quot;\u003cbr\u003e\nsplit -n, xargs -P, parallel\u003cbr\u003e\nNote programs that are invoked in parallel by these, need to output atomically for each item processed, which the GNU coreutils are careful to do for factor and sha*sum, etc. Generally commands that use stdio for output can be wrapped with the \u003ccode\u003estdbuf -oL\u003c/code\u003e command to avoid intermixing lines from parallel invocations\u003cbr\u003e\nmake -j\u003cbr\u003e\nMost implementations of make(1) now support the -j option to process targets in parallel. make(1) is generally a higher level tool designed to process disparate tasks and avoid reprocessing already generated targets. For example it is used very effictively when testing coreutils where about 700 tests can be processed in 13 seconds on a 40 core machine.\u003cbr\u003e\nimplicit threading\u003cbr\u003e\nThis goes against the unix model somewhat and definitely adds internal complexity to those tools. The advantages can be less data copying overhead, and simpler usage, though its use needs to be carefully considered. A disadvantage is that one loses the ability to easily distribute commands to separate systems. Examples are GNU sort(1) and turbo-linecount\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe example provided counts lines in parallel:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe examples below will compare the above methods for implementing multi-processing, for the function of counting lines in a file. First of all let\u0026#39;s generate some test data. We use both long and short lines to compare the overhead of the various methods compared to the core cost of the function being performed:\u003cbr\u003e\n$ seq 100000000 \u0026gt; lines.txt  # 100M lines\u003cbr\u003e\n$ yes $(yes longline | head -n9) | head -n10000000 \u0026gt; long-lines.txt  # 10M lines\u003c/p\u003e\n\n\u003cp\u003eWe\u0026#39;ll also define the add() { paste -d+ -s | bc; } helper function to add a list of numbers.\u003cbr\u003e\nNote the following runs were done against cached files, and thus not I/O bound. Therefore we limit the number of processes in parallel to $(nproc), though you would generally benefit to raising that if your jobs are waiting on network or disk etc.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ll use this command to count lines for most methods, so here is the base non multi-processing performance for comparison:\n$ time wc -l lines.txt\n$ time wc -l long-lines.txt\nsplit -n\nNote using -n alone is not enough to parallelize. For example this will run serially with each chunk, because since --filter may write files, the -n pertains to the number of files to split into rather than the number to process in parallel.\n$ time split -n$(nproc) --filter=\u0026#39;wc -l\u0026#39; lines.txt | add\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou can either run multiple invocations of split in parallel on separate portions of the file like:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e$ time for i in $(seq $(nproc)); do\u003cbr\u003e\n       split -n$i/$(nproc) lines.txt | wc -l\u0026amp;\u003cbr\u003e\n  done | add\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOr split can do parallel mode using round robin on each line, but that\u0026#39;s huge overhead in this case. (Note also the -u option significant with -nr):\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e$ time split -nr/$(nproc) --filter=\u0026#39;wc -l\u0026#39; lines.txt | add\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRound robin would only be useful when the processing per item is significant.\u003c/li\u003e\n\u003cli\u003eParallel isn\u0026#39;t well suited to processing a large single file, rather focusing on distributing multiple files to commands. It can\u0026#39;t efficiently split to lightweight processing if reading sequentially from pipe:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e$ time parallel --will-cite --block=200M --pipe \u0026#39;wc -l\u0026#39; \u0026lt; lines.txt | add\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLike parallel, xargs is designed to distribute separate files to commands, and with the -P option can do so in parallel. If you have a large file then it may be beneficial to presplit it, which could also help with I/O bottlenecks if the pieces were placed on separate devices:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003esplit -d -n l/$(nproc) lines.txt l.\u003cbr\u003e\nThose pieces can then be processed in parallel like:\u003cbr\u003e\n$ time find -maxdepth 1 -name \u0026#39;l.*\u0026#39; |\u003cbr\u003e\nxargs -P$(nproc) -n1 wc -l | cut -f1 -d\u0026#39; \u0026#39; | add\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf your file sizes are unrelated to the number of processors then you will probably want to adjust -n1 to batch together more files to reduce the number of processes run in total. Note you should always specify -n with -P to avoid xargs accumulating too many input items, thus impacting the parallelism of the processes it runs.\u003c/li\u003e\n\u003cli\u003emake(1) is generally used to process disparate tasks, though can be leveraged to provide low level parallel processing on a bunch of files. Note also the make -O option which avoids the need for commands to output their data atomically, letting make do the synchronization. We\u0026#39;ll process the presplit files as generated for the xargs example above, and to support that we\u0026#39;ll use the following Makefile:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e%: FORCE     # Always run the command\u003cbr\u003e\n  @wc -l \u0026lt; $@\u003cbr\u003e\nFORCE: ;\u003cbr\u003e\nMakefile: ;  # Don\u0026#39;t include Makefile itself\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne could generate this and pass to make(1) with the -f option, though we\u0026#39;ll keep it as a separate Makefile here for simplicity. This performs very well and matches the performance of xargs.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e$ time find -name \u0026#39;l.*\u0026#39; -exec make -j$(nproc) {} + | add\u003cbr\u003e\nNote we use the POSIX specified \u0026quot;find ... -exec ... {} +\u0026quot; construct, rather than conflating the example with xargs. This construct like xargs will pass as many files to make as possible, which make(1) will then process in parallel.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://nanxiao.me/en/openbsd-gives-a-hint-on-forgetting-unlock-mutex/\" rel=\"nofollow\"\u003eOpenBSD gives a hint on forgetting unlock mutex\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD gives a hint on forgetting unlock mutex\u003c/li\u003e\n\u003cli\u003eCheck following simple C++ program:\n\u0026gt; ```\n#include \u003cmutex\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eint main(void)\u003cbr\u003e\n{\u003cbr\u003e\n    std::mutex m;\u003cbr\u003e\n    m.lock();\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003ereturn 0;\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e}\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\n+ The mutex m forgot unlock itself before exiting main function:\n\n\u0026gt; ```\nm.unlock();\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eTest it on GNU/Linux, and I chose ArchLinux as the testbed:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cpre\u003e\u003ccode\u003e$ uname -a\nLinux fujitsu-i 4.13.7-1-ARCH #1 SMP PREEMPT Sat Oct 14 20:13:26 CEST 2017 x86_64 GNU/Linux\n$ clang++ -g -pthread -std=c++11 test_mutex.cpp\n$ ./a.out\n$\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe process exited normally, and no more words was given. Build and run it on OpenBSD 6.2:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cpre\u003e\u003ccode\u003eclang++ -g -pthread -std=c++11 test_mutex.cpp\n./a.out\npthread_mutex_destroy on mutex with waiters!\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenBSD prompts “pthread_mutex_destroy on mutex with waiters!“. Interesting!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2017-October/014148.html\" rel=\"nofollow\"\u003eUpdates to the NetBSD operating system since OSHUG #57 \u0026amp; #58\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.project-fifo.net/fifo-jails-digital-ocean/\" rel=\"nofollow\"\u003eCreating a jail with FiFo and Digital Ocean\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://stevenrosenberg.net/blog/bsd/openbsd/2017_0924_openbsd\" rel=\"nofollow\"\u003eI\u0026#39;m thinking about OpenBSD again\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/kernel_aslr_on_amd64\" rel=\"nofollow\"\u003eKernel ASLR on amd64\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://people.freebsd.org/%7Erodrigo/fosdem18/\" rel=\"nofollow\"\u003eCall for Participation - BSD Devroom at FOSDEM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/BSD-Users-Stockholm/\" rel=\"nofollow\"\u003eBSD Stockholm Meetup\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003earchitect - \u003ca href=\"http://dpaste.com/15D5SM4#wrap\" rel=\"nofollow\"\u003evBSDCon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/3MENN0X#wrap\" rel=\"nofollow\"\u003ePackages and package dependencies\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLars - \u003ca href=\"http://dpaste.com/2SVS18Y\" rel=\"nofollow\"\u003edpb\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlex \u003ca href=\"http://dpaste.com/028BCFA#wrap\" rel=\"nofollow\"\u003ere: PS4 Network Throttling\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We have a first PS4 kernel exploit, the long awaited OpenZFS devsummit report by Allan, DragonflyBSD 5.0 is out, we show you vmadm to manage jails, and parallel processing with Unix tools.","date_published":"2017-11-15T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/317534a9-acaf-4d19-8857-2a02ad303297.mp3","mime_type":"audio/mpeg","size_in_bytes":82521652,"duration_in_seconds":6876}]},{"id":"00179d62-cc7f-42f5-ae1e-732013948a80","title":"219: We love the ARC","url":"https://www.bsdnow.tv/219","content_text":"Papers we love: ARC by Bryan Cantrill, SSD caching adventures with ZFS, OpenBSD full disk encryption setup, and a Perl5 Slack Syslog BSD daemon.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nPapers We Love: ARC: A Self-Tuning, Low Overhead Replacement Cache\n\n\nEver wondered how the ZFS ARC (Adaptive Replacement Cache) works?\nHow about if Bryan Cantrill presented the original paper on its design?\nToday is that day.\nSlides\nIt starts by looking back at a fundamental paper from the 40s where the architecture of general-purpose computers are first laid out\nThe main is the description of memory hierarchies, where you have a small amount of very fast memory, then the next level is slower but larger, and on and on. As we look at the various L1, L2, and L3 caches on a CPU, then RAM, then flash, then spinning disks, this still holds true today.\nThe paper then does a survey of the existing caching policies and tries to explain the issues with each. This includes ‘MIN’, which is the theoretically optimal policy, which requires future knowledge, but is useful for setting the upper bound, what is the best we could possibly do.\nThe paper ends up showing that the ARC can end up being better than manually trying to pick the best number for the workload, because it adapts as the workload changes\nAt about 1:25 into the video, Bryan start talking about the practical implementation of the ARC in ZFS, and some challenges they have run into recently at Joyent.\nA great discussion about some of the problems when ZFS needs to shrink the ARC. Not all of it applies 1:1 to FreeBSD because the kernel and the kmem implementation are different in a number of ways\nThere were some interesting questions asked at the end as well\n***\n\n\nHow do I use man pages to learn how to use commands?\n\n\nnwildner on StackExchange has a very thorough answer to the question how to interpret man pages to understand complicated commands (xargs in this case, but not specifically).\nHave in mind what you want to do.\n\n\n\nWhen doing your research about xargs you did it for a purpose, right? You had a specific need that was reading standard output and executing commands based on that output.\n\n\n\nBut, when I don't know which command I want?\n\n\n\nUse man -k or apropos (they are equivalent). If I don't know how to find a file: man -k file | grep search. Read the descriptions and find one that will better fit your needs.\n\n\n\nApropos works with regular expressions by default, (man apropos, read the description and find out what -r does), and on this example I'm looking for every manpage where the description starts with \"report\".\nAlways read the DESCRIPTION before starting\nTake a time and read the description. By just reading the description of the xargs command we will learn that:\n\n\n\nxargs reads from STDIN and executes the command needed. This also means that you will need to have some knowledge of how standard input works, and how to manipulate it through pipes to chain commands\nThe default behavior is to act like /bin/echo. This gives you a little tip that if you need to chain more than one xargs, you don't need to use echo to print.\nWe have also learned that unix filenames can contain blank and newlines, that this could be a problem and the argument -0 is a way to prevent things explode by using null character separators. The description warns you that the command being used as input needs to support this feature too, and that GNU find support it. Great. We use a lot of find with xargs.\nxargs will stop if exit status 255 is reached.\n\n\n\nSome descriptions are very short and that is generally because the software works on a very simple way. Don't even think of skipping this part of the manpage ;)\nOther things to pay attention...\nYou know that you can search for files using find. There is a ton of options and if you only look at the SYNOPSIS, you will get overwhelmed by those. It's just the tip of the iceberg. Excluding NAME, SYNOPSIS, and DESCRIPTION, you will have the following sections:\n\n\n\nWhen this method will not work so well...\n\n\nTips that apply to all commands\n\n\n\n\nSome options, mnemonics and \"syntax style\" travel through all commands making you buy some time by not having to open the manpage at all. Those are learned by practice and the most common are:\n\n\n\nGenerally, -v means verbose. -vvv is a variation \"very very verbose\" on some software.\nFollowing the POSIX standard, generally one dash arguments can be stacked. Example: tar -xzvf,  cp -Rv.\nGenerally -R and/or -r means recursive.\nAlmost all commands have a brief help with the --help option.\n--version shows the version of a software.\n-p, on copy or move utilities means \"preserve permissions\".\n-y means YES, or \"proceed without confirmation\" in most cases.\n\n\n\nDefault values of commands.\n\n\n\nAt the pager chunk of this answer, we saw that less -is is the pager of man. The default behavior of commands are not always shown at a separated section on manpages, or at the section that is most top placed.\nYou will have to read the options to find out defaults, or if you are lucky, typing /pager will lead you to that info. This also requires you to know the concept of the pager(software that scrolls the manpage), and this is a thing you will only acquire after reading lots of manpages.\n\n\n\nAnd what about the SYNOPSIS syntax?\n\n\n\nAfter getting all the information needed to execute the command, you can combine options, option-arguments and operands inline to make your job done. Overview of concepts:\nOptions are the switches that dictates a command behavior. \"Do this\" \"don't do this\" or \"act this way\". Often called switches.\n\n\n\nCheck out the full answer and see if it helps you better grasp the meaning of a man page and thus the command.\n***\n\n\nMy adventure into SSD caching with ZFS (Home NAS)\n\n\nRobert Putt as written about his adventure using SSDs for caching with ZFS on his home NAS.\n\n\n\nRecently I decided to throw away my old defunct 2009 MacBook Pro which was rotting in my cupboard and I decided to retrieve the only useful part before doing so, the 80GB Intel SSD I had installed a few years earlier. Initially I thought about simply adding it to my desktop as a bit of extra space but in 2017 80GB really wasn’t worth it and then I had a brainwave… Lets see if we can squeeze some additional performance out of my HP Microserver Gen8 NAS running ZFS by installing it as a cache disk.\nI installed the SSD to the cdrom tray of the Microserver using a floppy disk power to SATA power converter and a SATA cable, unfortunately it seems the CD ROM SATA port on the motherboard is only a 3gbps port although this didn’t matter so much as it was an older 3gbps SSD anyway. Next I booted up the machine and to my suprise the disk was not found in my FreeBSD install, then I realised that the SATA port for the CD drive is actually provided by the RAID controller, so I rebooted into intelligent provisioning and added an additional RAID0 array with just the 1 disk to act as my cache, in fact all of the disks in this machine are individual RAID0 arrays so it looks like just a bunch of disks (JBOD) as ZFS offers additional functionality over normal RAID (mainly scrubbing, deduplication and compression).\n\n\n\nConfiguration\nLets have a look at the zpool before adding the cache drive to make sure there are no errors or uglyness:\n\n\n\nNow lets prep the drive for use in the zpool using gpart. I want to split the SSD into two seperate partitions, one for L2ARC (read caching) and one for ZIL (write caching). I have decided to split the disk into 20GB for ZIL and 50GB for L2ARC. Be warned using 1 SSD like this is considered unsafe because it is a single point of failure in terms of delayed writes (a redundant configuration with 2 SSDs would be more appropriate) and the heavy write cycles on the SSD from the ZIL is likely to kill it over time.\nNow it’s time to see if adding the cache has made much of a difference. I suspect not as my Home NAS sucks, it is a HP Microserver Gen8 with the crappy Celeron CPU and only 4GB RAM, anyway, lets test it and find out. First off lets throw fio at the mount point for this zpool and see what happens both with the ZIL and L2ARC enabled and disabled.\n\n\n\nObservations\n\n\n\nOk, so the initial result is a little dissapointing, but hardly unexpected, my NAS sucks and there are lots of bottle necks, CPU, memory and the fact only 2 of the SATA ports are 6gbps. There is no real difference performance wise in comparison between the results, the IOPS, bandwidth and latency appear very similar. However lets bare in mind fio is a pretty hardcore disk benchmark utility, how about some real world use cases?\nNext I decided to test a few typical file transactions that this NAS is used for, Samba shares to my workstation. For the first test I wanted to test reading a 3GB file over the network with both the cache enabled and disabled, I would run this multiple times to ensure the data is hot in the L2ARC and to ensure the test is somewhat repeatable, the network itself is an uncongested 1gbit link and I am copying onto the secondary SSD in my workstation. The dataset for these tests has compression and deduplication disabled.\n\n\n\nSamba Read Test\n\n\n\nNot bad once the data becomes hot in the L2ARC cache reads appear to gain a decent advantage compared to reading from the disk directly. How does it perform when writing the same file back accross the network using the ZIL vs no ZIL.\n\n\n\nSamba Write Test\n\n\n\nAnother good result in the real world test, this certainately helps the write transfer speed however I do wonder what would happen if you filled the ZIL transferring a very large file, however this is unlikely with my use case as I typically only deal with a couple of files of several hundred megabytes at any given time so a 20GB ZIL should suit me reasonably well.\n\n\n\nIs ZIL and L2ARC worth it?\n\n\n\nI would imagine with a big beefy ZFS server running in a company somewhere with a large disk pool and lots of users with multiple enterprise level SSD ZIL and L2ARC would be well worth the investment, however at home I am not so sure. Yes I did see an increase in read speeds with cached data and a general increase in write speeds however it is use case dependant. In my use case I rarely access the same file frequently, my NAS primarily serves as a backup and for archived data, and although the write speeds are cool I am not sure its a deal breaker. If I built a new home NAS today I’d probably concentrate the budget on a better CPU, more RAM (for ARC cache) and more disks. However if I had a use case where I frequently accessed the same files and needed to do so in a faster fashion then yes, I’d probably invest in an SSD for caching. I think if you have a spare SSD lying around and you want something fun todo with it, sure chuck it in your ZFS based NAS as a cache mechanism. If you were planning on buying an SSD for caching then I’d really consider your needs and decide if the money can be spent on alternative stuff which would improve your experience with your NAS. I know my NAS would benefit more from an extra stick of RAM and a more powerful CPU, but as a quick evening project with some parts I had hanging around adding some SSD cache was worth a go.\n\n\n\n\nMore Viewer Interview Questions for Allan\n\n\n\nNews Roundup\n\nSetup OpenBSD 6.2 with Full Disk Encryption\n\n\nHere is a quick way to setup (in 7 steps) OpenBSD 6.2 with the encryption of the filesystem.\nFirst step: Boot and start the installation:\n\n\n\n(I)nstall: I\nKeyboard Layout: ENTER (I'm french so in my case I took the FR layout)\nLeave the installer with: !\n\n\n\nSecond step: Prepare your disk for encryption.\n\n\n\nUsing a SSD, my disk is named : sd0, the name may vary, for example : wd0.\nInitiating the disk:\nConfigure your volume:\nNow we'll use bioctl to encrypt the partition we created, in this case : sd0a (disk sd0 + partition « a »).\nEnter your passphrase.\n\n\n\nThird step:\n\n\n\nLet's resume the OpenBSD's installer. We follow the install procedure\n\n\n\nFourth step: Partitioning of the encrypted volume.\n\n\n\nWe select our new volume, in this case: sd1\nThe whole disk will be used: W(hole)\nLet's create our partitions:\nNB: You are more than welcome to create multiple partitions for your system.\n\n\n\nFifth step: System installation\n\n\n\nIt's time to choose how we'll install our system (network install by http in my case)\n\n\n\nSixth step: Finalize the installation.\nLast step: Reboot and start your system.\n\n\n\nPut your passphrase. Welcome to OpenBSD 6.2 with a full encrypted file system.\n\n\n\nOptional: Disable the swap encryption.\n\n\n\nThe swap is actually part of the encrypted filesystem, we don't need OpenBSD to encrypt it. Sysctl is giving us this possibility.\n\n\n\n\nStep-by-Step FreeBSD installation with ZFS and Full Disk Encryption\n\n\n1. What do I need?\n\n\nFor this tutorial, the installation has been made on a Intel Core i7 - AMD64 architecture.\nOn a USB key, you would probably use this link : ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-mini-memstick.img\nIf you can't do a network installation, you'd better use this image : ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-memstick.img\nYou can write the image file on your USB device (replace XXXX with the name of your device) using dd : # dd if=FreeBSD-11.1-RELEASE-amd64-mini-memstick.img of=/dev/XXXX bs=1m\n\n2. Boot and install: Screenshot\n3. Configure your keyboard layout: Screenshot \u0026amp; Screenshot\n4. Hostname and system components configuration : \n\n\nSet the name of your machine: [Screenshot](https://blog.cagedmonster.net/content/images/2017/09/F4.png_\nWhat components do you want to install? Screenshot\n\n5. Network configuration:\n\n\nSelect the network interface you want to configure. Screenshot\nFirst, we configure our IPv4 network. I used a static adress so you can see how it works, but you can use DHCP for an automated configuration, it depends of what you want to do with your system (desktop/server) Screenshot \u0026amp; Screenshot \u0026amp; Screenshot\n\nIPv6 network configuration. Same as for IPv4, you can use SLAAC for an automated configuration. Screenshot \u0026amp; Screenshot \u0026amp; Screenshot\n\n\nHere, you can configure your DNS servers, I used the Google DNS servers so you can use them too if needed. Screenshot\n\n6. Select the server you want to use for the installation:\n\n\nI always use the IPv6 mirror to ensure that my IPv6 network configuration is good.Screenshot \n\n7. Disk configuration:\n\n\nAs we want to do an easy full disk encryption, we'll use ZFS. Screenshot\nMake sure to select the disk encryption :Screenshot\nLaunch the disk configuration :Screenshot\nHere everything is normal, you have to select the disk you'll use :Screenshot\nI have only one SSD disk named da0 :Screenshot\nLast chance before erasing your disk :Screenshot\n\nTime to choose the password you'll use to start your system : Screenshot \u0026amp; Screenshot \u0026amp; Screenshot \n8. Last steps to finish the installation:\n\n\nThe installer will download what you need and what you selected previously (ports, src, etc.) to create your system: Screenshot\n\n8.1. Root password:\n\n\nEnter your root password: Screenshot\n\n8.2. Time and date:\n\n\nSet your timezone, in my case: Europe/France Screenshot \u0026amp; Screenshot \u0026amp; Screenshot\nMake sure the date and time are good, or you can change them :Screenshot \u0026amp; Screenshot\n\n8.3. Services:\n\n\nSelect the services you'll use at system startup depending again of what you want to do. In many cases powerd and ntpd will be useful, sshd if you're planning on using FreeBSD as a server. Screenshot\n\n8.4. Security:\n\n\nSecurity options you want to enable. You'll still be able to change them after the installation with sysctl. Screenshot\n\n8.5. Additionnal user:\n\n\nCreate an unprivileged system user: Screenshot\nMake sure your user is in the wheel group so he can use the su command. Screenshot \u0026amp; Screenshot\n\n8.6. The end:\nEnd of your configuration, you can still do some modifications if you want : Screenshot \u0026amp; Screenshot \u0026amp; Screenshot\n9. First boot:\n\n\nEnter the passphrase you have chosen previously : Screenshot \u0026amp; Screenshot \u0026amp; Screenshot\n\nWelcome to Freebsd 11.1 with full disk encryption!\n***\n\n\nThe anatomy of ldd program on OpenBSD\n\n\nIn the past week, I read the ldd source code on OpenBSD to get a better understanding of how it works. And this post should also be a reference for other*NIX OSs.\n\n\n\nThe ELF file is divided into 4 categories: relocatable, executable, shared, and core. Only the executable and shared object files may have dynamic object dependencies, so the ldd only check these 2 kinds of ELF file:\n(1) Executable. ldd leverages the LD_TRACE_LOADED_OBJECTS environment variable in fact, and the code is as following:\n\n\n\nif (setenv(\"LD_TRACE_LOADED_OBJECTS\", \"true\", 1) \u0026lt; 0)\nerr(1, \"setenv(LD_TRACE_LOADED_OBJECTS)\");\n\n\nWhen LD_TRACE_LOADED_OBJECTS is set to 1 or true, running executable file will show shared objects needed instead of running it, so you even not needldd to check executable file. See the following outputs:\n\n$ /usr/bin/ldd\nusage: ldd program ...\n$ LD_TRACE_LOADED_OBJECTS=1 /usr/bin/ldd\n        Start            End              Type Open Ref GrpRef Name\n        00000b6ac6e00000 00000b6ac7003000 exe  1    0   0      /usr/bin/ldd\n        00000b6dbc96c000 00000b6dbcc38000 rlib 0    1   0      /usr/lib/libc.so.89.3\n        00000b6d6ad00000 00000b6d6ad00000 rtld 0    1   0      /usr/libexec/ld.so  \n\n\n\n\n(2) Shared object. The code to print dependencies of shared object is as following:\n\n\n\nif (ehdr.e_type == ET_DYN \u0026amp;\u0026amp; !interp) {\n    if (realpath(name, buf) == NULL) {\n        printf(\"realpath(%s): %s\", name,\n            strerror(errno));\n        fflush(stdout);\n        _exit(1);\n    }\n    dlhandle = dlopen(buf, RTLD_TRACE);\n    if (dlhandle == NULL) {\n        printf(\"%s\\n\", dlerror());\n        fflush(stdout);\n        _exit(1);\n    }\n    _exit(0);\n}\n\n\nWhy the condition of checking a ELF file is shared object or not is like this:\n\nif (ehdr.e_type == ET_DYN \u0026amp;\u0026amp; !interp) {\n    ......\n}\n\n\nThat’s because the file type of position-independent executable (PIE) is the same as shared object, but normally PIE contains a interpreter program header since it needs dynamic linker to load it while shared object lacks (refer this article). So the above condition will filter PIE file.\nThe dlopen(buf, RTLD_TRACE) is used to print dynamic object information. And the actual code is like this:\n\nif (_dl_traceld) {\n    _dl_show_objects();\n    _dl_unload_shlib(object);\n    _dl_exit(0);\n}\n\n\nIn fact, you can also implement a simple application which outputs dynamic object information for shared object yourself:\n\n\u0026amp;#35; include \u0026lt;dlfcn.h\u0026gt;\nint main(int argc, char **argv)\n{\n    dlopen(argv[1], RTLD_TRACE);\n    return 0;\n}\n\n\nCompile and use it to analyze /usr/lib/libssl.so.43.2:\n\n$ cc lddshared.c\n$ ./a.out /usr/lib/libssl.so.43.2\n    Start            End              Type Open Ref GrpRef Name\n    000010e2df1c5000 000010e2df41a000 dlib 1    0   0      /usr/lib/libssl.so.43.2\n    000010e311e3f000 000010e312209000 rlib 0    1   0      /usr/lib/libcrypto.so.41.1\n\n\nThe same as using ldd directly:\n\n$ ldd /usr/lib/libssl.so.43.2\n/usr/lib/libssl.so.43.2:\n    Start            End              Type Open Ref GrpRef Name\n    00001d9ffef08000 00001d9fff15d000 dlib 1    0   0      /usr/lib/libssl.so.43.2\n    00001d9ff1431000 00001d9ff17fb000 rlib 0    1   0      /usr/lib/libcrypto.so.41.1\n\n\nThrough the studying of ldd source code, I also get many by-products: such as knowledge of ELF file, linking and loading, etc. So diving into code is a really good method to learn *NIX deeper!\n\n\n\n\nPerl5 Slack Syslog BSD daemon\n\n\nSo I have been working on my little Perl daemon for a week now.\nIt is a simple syslog daemon that listens on port 514 for incoming messages. It listens on a port so it can process log messages from my consumer Linux router as well as the messages from my server.  Messages that are above alert are sent, as are messages that match the regex of SSH or DHCP (I want to keep track of new connections to my wifi). The rest of the messages are not sent to slack but appended to a log file. This is very handy as I can get access to info like failed ssh logins, disk failures, and new devices connecting to the network all on my Android phone when I am not home.\n\n\n\nScreenshot\n\n\n\nThe situation arose today that the internet went down and I thought to myself what would happen to all my important syslog messages when they couldn’t be sent?  Before the script only ran an eval block on the botsend() function. The error was returned, handled, but nothing was done and the unsent message was discarded. So I added a function that appended unsent messengers to an array that are later sent when the server is not busy sending messages to slack.\nSlack has a limit of one message per second. The new addition works well and means that if the internet fails my server will store these messages in memory and resend them at a rate of one message per second when the internet connectivity returns. It currently sends the newest ones first but I am not sure if this is a bug or a feature at this point! It currently works with my Linux based WiFi router and my FreeBSD server. It is easy to scale as all you need to do is send messages to syslog to get them sent to slack. You could sent CPU temp, logged in users etc.\n\n\n\nThere is a github page: https://github.com/wilyarti/slackbot\n\n\n\n\nLscpu for OpenBSD/FreeBSD\n\n\nGithub Link\n\n\n\nThere is a neat command, lscpu, which is very handy to display CPU information on GNU/Linux OS:\n\n$ lscpu\nArchitecture:        x86_64\nCPU op-mode(s):      32-bit, 64-bit\nByte Order:          Little Endian\nCPU(s):              32\nOn-line CPU(s) list: 0-31\nThread(s) per core:  2\nCore(s) per socket:  8\nSocket(s):           2\n\n\nBut unfortunately, the BSD OSs lack this command, maybe one reason is lscpu relies heavily on /proc file system which BSD don’t provide, :-). TakeOpenBSD as an example, if I want to know CPU information, dmesg should be one choice:\n\n$ dmesg | grep -i cpu\ncpu0 at mainbus0: apid 0 (boot processor)\ncpu0: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, 2527.35 MHz\ncpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,\nPBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR\ncpu0: 3MB 64b/line 8-way L2 cache\ncpu0: apic clock running at 266MHz\ncpu0: mwait min=64, max=64, C-substates=0.2.2.2.2.1.3, IBE\n\n\nBut the output makes me feeling messy, not very clear. As for dmidecode, it used to be another option, but now can’t work out-of-box because it will access /dev/mem which for security reason, OpenBSD doesn’t allow by default (You can refer this discussion):\n\n$ ./dmidecode\n$ dmidecode 3.1\nScanning /dev/mem for entry point.\n/dev/mem: Operation not permitted\n\n\nBased on above situation, I want a specified command for showing CPU information for my BSD box. So in the past 2 weeks, I developed a lscpu program for OpenBSD/FreeBSD, or more accurately, OpenBSD/FreeBSD on x86 architecture since I only have some Intel processors at hand. The application getsCPU metrics from 2 sources:\n\n\n\n(1) sysctl functions.  The BSD OSs provide sysctl interface which I can use to get general CPU particulars, such as how many CPUs the system contains, the byte-order of CPU, etc.\n(2) CPUID instruction. For x86 architecture, CPUID instruction can obtain very detail information of CPU. This coding work is a little tedious and error-prone, not only because I need to reference both Intel and AMD specifications since these 2 vendors have minor distinctions, but also I need to parse the bits of register values.\nThe code is here, and if you run OpenBSD/FreeBSD on x86 processors, please try it. It will be better you can give some feedback or report the issues, and I appreciate it very much. In the future if I have other CPUs resource, such as ARM or SPARC64, maybe I will enrich this small program.\n***\n\n\nBeastie Bits\n\n\nOpenBSD Porting Workshop - Brian Callahan will be running an OpenBSD porting workshop in NYC for NYC*BUG on December 6, 2017.\nLearn to tame OpenBSD quickly\nDetect the operating system using UDP stack corner cases\n***\n\n\nFeedback/Questions\n\n\nAwesome Mike - ZFS Questions\nMichael - Expanding a file server with only one hard drive with ZFS - information based on Allan's IRC response\nBrian - Optimizing ZFS for a single disk\n***\n","content_html":"\u003cp\u003ePapers we love: ARC by Bryan Cantrill, SSD caching adventures with ZFS, OpenBSD full disk encryption setup, and a Perl5 Slack Syslog BSD daemon.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=F8sZRBdmqc0\u0026feature=youtu.be\" rel=\"nofollow\"\u003ePapers We Love: ARC: A Self-Tuning, Low Overhead Replacement Cache\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEver wondered how the ZFS ARC (Adaptive Replacement Cache) works?\u003c/li\u003e\n\u003cli\u003eHow about if Bryan Cantrill presented the original paper on its design?\u003c/li\u003e\n\u003cli\u003eToday is that day.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.slideshare.net/bcantrill/papers-we-love-arc-after-dark\" rel=\"nofollow\"\u003eSlides\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt starts by looking back at a fundamental paper from the 40s where the architecture of general-purpose computers are first laid out\u003c/li\u003e\n\u003cli\u003eThe main is the description of memory hierarchies, where you have a small amount of very fast memory, then the next level is slower but larger, and on and on. As we look at the various L1, L2, and L3 caches on a CPU, then RAM, then flash, then spinning disks, this still holds true today.\u003c/li\u003e\n\u003cli\u003eThe paper then does a survey of the existing caching policies and tries to explain the issues with each. This includes ‘MIN’, which is the theoretically optimal policy, which requires future knowledge, but is useful for setting the upper bound, what is the best we could possibly do.\u003c/li\u003e\n\u003cli\u003eThe paper ends up showing that the ARC can end up being better than manually trying to pick the best number for the workload, because it adapts as the workload changes\u003c/li\u003e\n\u003cli\u003eAt about 1:25 into the video, Bryan start talking about the practical implementation of the ARC in ZFS, and some challenges they have run into recently at Joyent.\u003c/li\u003e\n\u003cli\u003eA great discussion about some of the problems when ZFS needs to shrink the ARC. Not all of it applies 1:1 to FreeBSD because the kernel and the kmem implementation are different in a number of ways\u003c/li\u003e\n\u003cli\u003eThere were some interesting questions asked at the end as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://unix.stackexchange.com/a/193837\" rel=\"nofollow\"\u003eHow do I use man pages to learn how to use commands?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003enwildner on StackExchange has a very thorough answer to the question how to interpret man pages to understand complicated commands (xargs in this case, but not specifically).\u003c/li\u003e\n\u003cli\u003eHave in mind what you want to do.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen doing your research about xargs you did it for a purpose, right? You had a specific need that was reading standard output and executing commands based on that output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBut, when I don\u0026#39;t know which command I want?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUse man -k or apropos (they are equivalent). If I don\u0026#39;t know how to find a file: man -k file | grep search. Read the descriptions and find one that will better fit your needs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eApropos works with regular expressions by default, (man apropos, read the description and find out what -r does), and on this example I\u0026#39;m looking for every manpage where the description starts with \u0026quot;report\u0026quot;.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAlways read the DESCRIPTION before starting\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eTake a time and read the description. By just reading the description of the xargs command we will learn that:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003exargs reads from STDIN and executes the command needed. This also means that you will need to have some knowledge of how standard input works, and how to manipulate it through pipes to chain commands\u003cbr\u003e\nThe default behavior is to act like /bin/echo. This gives you a little tip that if you need to chain more than one xargs, you don\u0026#39;t need to use echo to print.\u003cbr\u003e\nWe have also learned that unix filenames can contain blank and newlines, that this could be a problem and the argument -0 is a way to prevent things explode by using null character separators. The description warns you that the command being used as input needs to support this feature too, and that GNU find support it. Great. We use a lot of find with xargs.\u003cbr\u003e\nxargs will stop if exit status 255 is reached.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome descriptions are very short and that is generally because the software works on a very simple way. Don\u0026#39;t even think of skipping this part of the manpage ;)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOther things to pay attention...\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eYou know that you can search for files using find. There is a ton of options and if you only look at the SYNOPSIS, you will get overwhelmed by those. It\u0026#39;s just the tip of the iceberg. Excluding NAME, SYNOPSIS, and DESCRIPTION, you will have the following sections:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen this method will not work so well...\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTips that apply to all commands\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome options, mnemonics and \u0026quot;syntax style\u0026quot; travel through all commands making you buy some time by not having to open the manpage at all. Those are learned by practice and the most common are:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGenerally, -v means verbose. -vvv is a variation \u0026quot;very very verbose\u0026quot; on some software.\u003cbr\u003e\nFollowing the POSIX standard, generally one dash arguments can be stacked. Example: tar -xzvf,  cp -Rv.\u003cbr\u003e\nGenerally -R and/or -r means recursive.\u003cbr\u003e\nAlmost all commands have a brief help with the --help option.\u003cbr\u003e\n--version shows the version of a software.\u003cbr\u003e\n-p, on copy or move utilities means \u0026quot;preserve permissions\u0026quot;.\u003cbr\u003e\n-y means YES, or \u0026quot;proceed without confirmation\u0026quot; in most cases.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDefault values of commands.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt the pager chunk of this answer, we saw that less -is is the pager of man. The default behavior of commands are not always shown at a separated section on manpages, or at the section that is most top placed.\u003cbr\u003e\nYou will have to read the options to find out defaults, or if you are lucky, typing /pager will lead you to that info. This also requires you to know the concept of the pager(software that scrolls the manpage), and this is a thing you will only acquire after reading lots of manpages.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnd what about the SYNOPSIS syntax?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter getting all the information needed to execute the command, you can combine options, option-arguments and operands inline to make your job done. Overview of concepts:\u003cbr\u003e\nOptions are the switches that dictates a command behavior. \u0026quot;Do this\u0026quot; \u0026quot;don\u0026#39;t do this\u0026quot; or \u0026quot;act this way\u0026quot;. Often called switches.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the full answer and see if it helps you better grasp the meaning of a man page and thus the command.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://robertputt.co.uk/my-adventure-into-ssd-caching-with-zfs-home-nas.html\" rel=\"nofollow\"\u003eMy adventure into SSD caching with ZFS (Home NAS)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRobert Putt as written about his adventure using SSDs for caching with ZFS on his home NAS.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently I decided to throw away my old defunct 2009 MacBook Pro which was rotting in my cupboard and I decided to retrieve the only useful part before doing so, the 80GB Intel SSD I had installed a few years earlier. Initially I thought about simply adding it to my desktop as a bit of extra space but in 2017 80GB really wasn’t worth it and then I had a brainwave… Lets see if we can squeeze some additional performance out of my HP Microserver Gen8 NAS running ZFS by installing it as a cache disk.\u003cbr\u003e\nI installed the SSD to the cdrom tray of the Microserver using a floppy disk power to SATA power converter and a SATA cable, unfortunately it seems the CD ROM SATA port on the motherboard is only a 3gbps port although this didn’t matter so much as it was an older 3gbps SSD anyway. Next I booted up the machine and to my suprise the disk was not found in my FreeBSD install, then I realised that the SATA port for the CD drive is actually provided by the RAID controller, so I rebooted into intelligent provisioning and added an additional RAID0 array with just the 1 disk to act as my cache, in fact all of the disks in this machine are individual RAID0 arrays so it looks like just a bunch of disks (JBOD) as ZFS offers additional functionality over normal RAID (mainly scrubbing, deduplication and compression).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eConfiguration\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLets have a look at the zpool before adding the cache drive to make sure there are no errors or uglyness:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow lets prep the drive for use in the zpool using gpart. I want to split the SSD into two seperate partitions, one for L2ARC (read caching) and one for ZIL (write caching). I have decided to split the disk into 20GB for ZIL and 50GB for L2ARC. Be warned using 1 SSD like this is considered unsafe because it is a single point of failure in terms of delayed writes (a redundant configuration with 2 SSDs would be more appropriate) and the heavy write cycles on the SSD from the ZIL is likely to kill it over time.\u003cbr\u003e\nNow it’s time to see if adding the cache has made much of a difference. I suspect not as my Home NAS sucks, it is a HP Microserver Gen8 with the crappy Celeron CPU and only 4GB RAM, anyway, lets test it and find out. First off lets throw fio at the mount point for this zpool and see what happens both with the ZIL and L2ARC enabled and disabled.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eObservations\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOk, so the initial result is a little dissapointing, but hardly unexpected, my NAS sucks and there are lots of bottle necks, CPU, memory and the fact only 2 of the SATA ports are 6gbps. There is no real difference performance wise in comparison between the results, the IOPS, bandwidth and latency appear very similar. However lets bare in mind fio is a pretty hardcore disk benchmark utility, how about some real world use cases?\u003cbr\u003e\nNext I decided to test a few typical file transactions that this NAS is used for, Samba shares to my workstation. For the first test I wanted to test reading a 3GB file over the network with both the cache enabled and disabled, I would run this multiple times to ensure the data is hot in the L2ARC and to ensure the test is somewhat repeatable, the network itself is an uncongested 1gbit link and I am copying onto the secondary SSD in my workstation. The dataset for these tests has compression and deduplication disabled.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSamba Read Test\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNot bad once the data becomes hot in the L2ARC cache reads appear to gain a decent advantage compared to reading from the disk directly. How does it perform when writing the same file back accross the network using the ZIL vs no ZIL.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSamba Write Test\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnother good result in the real world test, this certainately helps the write transfer speed however I do wonder what would happen if you filled the ZIL transferring a very large file, however this is unlikely with my use case as I typically only deal with a couple of files of several hundred megabytes at any given time so a 20GB ZIL should suit me reasonably well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIs ZIL and L2ARC worth it?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI would imagine with a big beefy ZFS server running in a company somewhere with a large disk pool and lots of users with multiple enterprise level SSD ZIL and L2ARC would be well worth the investment, however at home I am not so sure. Yes I did see an increase in read speeds with cached data and a general increase in write speeds however it is use case dependant. In my use case I rarely access the same file frequently, my NAS primarily serves as a backup and for archived data, and although the write speeds are cool I am not sure its a deal breaker. If I built a new home NAS today I’d probably concentrate the budget on a better CPU, more RAM (for ARC cache) and more disks. However if I had a use case where I frequently accessed the same files and needed to do so in a faster fashion then yes, I’d probably invest in an SSD for caching. I think if you have a spare SSD lying around and you want something fun todo with it, sure chuck it in your ZFS based NAS as a cache mechanism. If you were planning on buying an SSD for caching then I’d really consider your needs and decide if the money can be spent on alternative stuff which would improve your experience with your NAS. I know my NAS would benefit more from an extra stick of RAM and a more powerful CPU, but as a quick evening project with some parts I had hanging around adding some SSD cache was worth a go.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eMore Viewer Interview Questions for Allan\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.cagedmonster.net/setup-openbsd-with-full-disk-encryption/\" rel=\"nofollow\"\u003eSetup OpenBSD 6.2 with Full Disk Encryption\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eHere is a quick way to setup (in 7 steps) OpenBSD 6.2 with the encryption of the filesystem.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFirst step: Boot and start the installation:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e(I)nstall: I\u003cbr\u003e\nKeyboard Layout: ENTER (I\u0026#39;m french so in my case I took the FR layout)\u003cbr\u003e\nLeave the installer with: !\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSecond step: Prepare your disk for encryption.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUsing a SSD, my disk is named : sd0, the name may vary, for example : wd0.\u003cbr\u003e\nInitiating the disk:\u003cbr\u003e\nConfigure your volume:\u003cbr\u003e\nNow we\u0026#39;ll use bioctl to encrypt the partition we created, in this case : sd0a (disk sd0 + partition « a »).\u003cbr\u003e\nEnter your passphrase.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThird step:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet\u0026#39;s resume the OpenBSD\u0026#39;s installer. We follow the install procedure\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFourth step: Partitioning of the encrypted volume.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe select our new volume, in this case: sd1\u003cbr\u003e\nThe whole disk will be used: W(hole)\u003cbr\u003e\nLet\u0026#39;s create our partitions:\u003cbr\u003e\nNB: You are more than welcome to create multiple partitions for your system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFifth step: System installation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt\u0026#39;s time to choose how we\u0026#39;ll install our system (network install by http in my case)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSixth step: Finalize the installation.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLast step: Reboot and start your system.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePut your passphrase. Welcome to OpenBSD 6.2 with a full encrypted file system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOptional: Disable the swap encryption.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe swap is actually part of the encrypted filesystem, we don\u0026#39;t need OpenBSD to encrypt it. Sysctl is giving us this possibility.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.cagedmonster.net/step-by-step-freebsd-installation-with-full-disk-encryption/\" rel=\"nofollow\"\u003eStep-by-Step FreeBSD installation with ZFS and Full Disk Encryption\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e1. What do I need?\n\n\u003cul\u003e\n\u003cli\u003eFor this tutorial, the installation has been made on a Intel Core i7 - AMD64 architecture.\u003c/li\u003e\n\u003cli\u003eOn a USB key, you would probably use this link : \u003ca href=\"ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-mini-memstick.img\" rel=\"nofollow\"\u003eftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-mini-memstick.img\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf you can\u0026#39;t do a network installation, you\u0026#39;d better use this image : \u003ca href=\"ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-memstick.img\" rel=\"nofollow\"\u003eftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-memstick.img\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can write the image file on your USB device (replace XXXX with the name of your device) using dd : \u003ccode\u003e# dd if=FreeBSD-11.1-RELEASE-amd64-mini-memstick.img of=/dev/XXXX bs=1m\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e2. Boot and install: \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F1.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e3. Configure your keyboard layout: \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F2.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F3.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e4. Hostname and system components configuration : \n\n\u003cul\u003e\n\u003cli\u003eSet the name of your machine: [Screenshot](\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F4.png_\" rel=\"nofollow\"\u003ehttps://blog.cagedmonster.net/content/images/2017/09/F4.png_\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhat components do you want to install? \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F5.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e5. Network configuration:\n\n\u003cul\u003e\n\u003cli\u003eSelect the network interface you want to configure. \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F6.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFirst, we configure our IPv4 network. I used a static adress so you can see how it works, but you can use DHCP for an automated configuration, it depends of what you want to do with your system (desktop/server) \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F7.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F7-1.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F8.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eIPv6 network configuration. Same as for IPv4, you can use SLAAC for an automated configuration. \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F9.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F10-1.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F10-2.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere, you can configure your DNS servers, I used the Google DNS servers so you can use them too if needed. \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F11.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e6. Select the server you want to use for the installation:\n\n\u003cul\u003e\n\u003cli\u003eI always use the IPv6 mirror to ensure that my IPv6 network configuration is good.\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F12.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e7. Disk configuration:\n\n\u003cul\u003e\n\u003cli\u003eAs we want to do an easy full disk encryption, we\u0026#39;ll use ZFS. \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F13.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake sure to select the disk encryption :\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F14.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLaunch the disk configuration :\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F15.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHere everything is normal, you have to select the disk you\u0026#39;ll use :\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F16.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eI have only one SSD disk named da0 :\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F17.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLast chance before erasing your disk :\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F18.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eTime to choose the password you\u0026#39;ll use to start your system : \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F19.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F20.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F21.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e8. Last steps to finish the installation:\n\n\u003cul\u003e\n\u003cli\u003eThe installer will download what you need and what you selected previously (ports, src, etc.) to create your system: \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F22.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e8.1. Root password:\n\n\u003cul\u003e\n\u003cli\u003eEnter your root password: \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F22-1.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e8.2. Time and date:\n\n\u003cul\u003e\n\u003cli\u003eSet your timezone, in my case: Europe/France \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F22-2.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F23.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F23-1.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake sure the date and time are good, or you can change them :\u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F24.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F25.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e8.3. Services:\n\n\u003cul\u003e\n\u003cli\u003eSelect the services you\u0026#39;ll use at system startup depending again of what you want to do. In many cases powerd and ntpd will be useful, sshd if you\u0026#39;re planning on using FreeBSD as a server. \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e8.4. Security:\n\n\u003cul\u003e\n\u003cli\u003eSecurity options you want to enable. You\u0026#39;ll still be able to change them after the installation with sysctl. \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26-1.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e8.5. Additionnal user:\n\n\u003cul\u003e\n\u003cli\u003eCreate an unprivileged system user: \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26-2.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake sure your user is in the wheel group so he can use the su command. \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26-3.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26-4.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e8.6. The end:\nEnd of your configuration, you can still do some modifications if you want : \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26-5.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26-6.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F26-7.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e9. First boot:\n\n\u003cul\u003e\n\u003cli\u003eEnter the passphrase you have chosen previously : \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F27.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F28.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e \u0026amp; \u003ca href=\"https://blog.cagedmonster.net/content/images/2017/09/F29.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWelcome to Freebsd 11.1 with full disk encryption!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://nanxiao.me/en/the-anatomy-of-ldd-program-on-openbsd/\" rel=\"nofollow\"\u003eThe anatomy of ldd program on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the past week, I read the \u003ca href=\"https://github.com/openbsd/src/blob/master/libexec/ld.so/ldd/ldd.c\" rel=\"nofollow\"\u003eldd\u003c/a\u003e source code on OpenBSD to get a better understanding of how it works. And this post should also be a reference for other*NIX OSs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://en.wikipedia.org/wiki/Executable_and_Linkable_Format\" rel=\"nofollow\"\u003eELF\u003c/a\u003e file is divided into 4 categories: relocatable, executable, shared, and core. Only the executable and shared object files may have dynamic object dependencies, so the ldd only check these 2 kinds of ELF file:\u003c/li\u003e\n\u003cli\u003e(1) Executable. \u003ccode\u003eldd\u003c/code\u003e leverages the \u003ccode\u003eLD_TRACE_LOADED_OBJECTS\u003c/code\u003e environment variable in fact, and the code is as following:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cpre\u003e\u003ccode\u003eif (setenv(\u0026quot;LD_TRACE_LOADED_OBJECTS\u0026quot;, \u0026quot;true\u0026quot;, 1) \u0026lt; 0)\nerr(1, \u0026quot;setenv(LD_TRACE_LOADED_OBJECTS)\u0026quot;);\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eWhen LD_TRACE_LOADED_OBJECTS is set to 1 or true, running executable file will show shared objects needed instead of running it, so you even not needldd to check executable file. See the following outputs:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ /usr/bin/ldd\nusage: ldd program ...\n$ LD_TRACE_LOADED_OBJECTS=1 /usr/bin/ldd\n        Start            End              Type Open Ref GrpRef Name\n        00000b6ac6e00000 00000b6ac7003000 exe  1    0   0      /usr/bin/ldd\n        00000b6dbc96c000 00000b6dbcc38000 rlib 0    1   0      /usr/lib/libc.so.89.3\n        00000b6d6ad00000 00000b6d6ad00000 rtld 0    1   0      /usr/libexec/ld.so  \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(2) Shared object. The code to print dependencies of shared object is as following:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cpre\u003e\u003ccode\u003eif (ehdr.e_type == ET_DYN \u0026amp;\u0026amp; !interp) {\n    if (realpath(name, buf) == NULL) {\n        printf(\u0026quot;realpath(%s): %s\u0026quot;, name,\n            strerror(errno));\n        fflush(stdout);\n        _exit(1);\n    }\n    dlhandle = dlopen(buf, RTLD_TRACE);\n    if (dlhandle == NULL) {\n        printf(\u0026quot;%s\\n\u0026quot;, dlerror());\n        fflush(stdout);\n        _exit(1);\n    }\n    _exit(0);\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eWhy the condition of checking a ELF file is shared object or not is like this:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eif (ehdr.e_type == ET_DYN \u0026amp;\u0026amp; !interp) {\n    ......\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThat’s because the file type of position-independent executable (PIE) is the same as shared object, but normally PIE contains a interpreter program header since it needs dynamic linker to load it while shared object lacks (refer this article). So the above condition will filter PIE file.\u003cbr\u003e\nThe dlopen(buf, RTLD_TRACE) is used to print dynamic object information. And the actual code is like this:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eif (_dl_traceld) {\n    _dl_show_objects();\n    _dl_unload_shlib(object);\n    _dl_exit(0);\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eIn fact, you can also implement a simple application which outputs dynamic object information for shared object yourself:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026amp;#35; include \u0026lt;dlfcn.h\u0026gt;\nint main(int argc, char **argv)\n{\n    dlopen(argv[1], RTLD_TRACE);\n    return 0;\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eCompile and use it to analyze /usr/lib/libssl.so.43.2:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ cc lddshared.c\n$ ./a.out /usr/lib/libssl.so.43.2\n    Start            End              Type Open Ref GrpRef Name\n    000010e2df1c5000 000010e2df41a000 dlib 1    0   0      /usr/lib/libssl.so.43.2\n    000010e311e3f000 000010e312209000 rlib 0    1   0      /usr/lib/libcrypto.so.41.1\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThe same as using ldd directly:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ ldd /usr/lib/libssl.so.43.2\n/usr/lib/libssl.so.43.2:\n    Start            End              Type Open Ref GrpRef Name\n    00001d9ffef08000 00001d9fff15d000 dlib 1    0   0      /usr/lib/libssl.so.43.2\n    00001d9ff1431000 00001d9ff17fb000 rlib 0    1   0      /usr/lib/libcrypto.so.41.1\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThrough the studying of ldd source code, I also get many by-products: such as knowledge of ELF file, linking and loading, etc. So diving into code is a really good method to learn *NIX deeper!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://clinetworking.wordpress.com/2017/10/13/perl5-slack-syslog-bsd-daemon/\" rel=\"nofollow\"\u003ePerl5 Slack Syslog BSD daemon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo I have been working on my little Perl daemon for a week now.\u003cbr\u003e\nIt is a simple syslog daemon that listens on port 514 for incoming messages. It listens on a port so it can process log messages from my consumer Linux router as well as the messages from my server.  Messages that are above alert are sent, as are messages that match the regex of SSH or DHCP (I want to keep track of new connections to my wifi). The rest of the messages are not sent to slack but appended to a log file. This is very handy as I can get access to info like failed ssh logins, disk failures, and new devices connecting to the network all on my Android phone when I am not home.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://clinetworking.files.wordpress.com/2017/10/screenshot_2017-10-13-23-00-26.png\" rel=\"nofollow\"\u003eScreenshot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe situation arose today that the internet went down and I thought to myself what would happen to all my important syslog messages when they couldn’t be sent?  Before the script only ran an eval block on the botsend() function. The error was returned, handled, but nothing was done and the unsent message was discarded. So I added a function that appended unsent messengers to an array that are later sent when the server is not busy sending messages to slack.\u003cbr\u003e\nSlack has a limit of one message per second. The new addition works well and means that if the internet fails my server will store these messages in memory and resend them at a rate of one message per second when the internet connectivity returns. It currently sends the newest ones first but I am not sure if this is a bug or a feature at this point! It currently works with my Linux based WiFi router and my FreeBSD server. It is easy to scale as all you need to do is send messages to syslog to get them sent to slack. You could sent CPU temp, logged in users etc.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is a github page: \u003ca href=\"https://github.com/wilyarti/slackbot\" rel=\"nofollow\"\u003ehttps://github.com/wilyarti/slackbot\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://nanxiao.me/en/lscpu-for-openbsdfreebsd/\" rel=\"nofollow\"\u003eLscpu for OpenBSD/FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NanXiao/lscpu\" rel=\"nofollow\"\u003eGithub Link\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere is a neat command, lscpu, which is very handy to display CPU information on GNU/Linux OS:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ lscpu\nArchitecture:        x86_64\nCPU op-mode(s):      32-bit, 64-bit\nByte Order:          Little Endian\nCPU(s):              32\nOn-line CPU(s) list: 0-31\nThread(s) per core:  2\nCore(s) per socket:  8\nSocket(s):           2\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eBut unfortunately, the BSD OSs lack this command, maybe one reason is lscpu relies heavily on /proc file system which BSD don’t provide, :-). TakeOpenBSD as an example, if I want to know CPU information, dmesg should be one choice:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ dmesg | grep -i cpu\ncpu0 at mainbus0: apid 0 (boot processor)\ncpu0: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, 2527.35 MHz\ncpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,\nPBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR\ncpu0: 3MB 64b/line 8-way L2 cache\ncpu0: apic clock running at 266MHz\ncpu0: mwait min=64, max=64, C-substates=0.2.2.2.2.1.3, IBE\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eBut the output makes me feeling messy, not very clear. As for dmidecode, it used to be another option, but now can’t work out-of-box because it will access /dev/mem which for security reason, OpenBSD doesn’t allow by default (You can refer this discussion):\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e$ ./dmidecode\n$ dmidecode 3.1\nScanning /dev/mem for entry point.\n/dev/mem: Operation not permitted\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eBased on above situation, I want a specified command for showing CPU information for my BSD box. So in the past 2 weeks, I developed a lscpu program for OpenBSD/FreeBSD, or more accurately, OpenBSD/FreeBSD on x86 architecture since I only have some Intel processors at hand. The application getsCPU metrics from 2 sources:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e(1) \u003ccode\u003esysctl\u003c/code\u003e functions.  The BSD OSs provide sysctl interface which I can use to get general CPU particulars, such as how many CPUs the system contains, the byte-order of CPU, etc.\u003c/li\u003e\n\u003cli\u003e(2) \u003ccode\u003eCPUID\u003c/code\u003e instruction. For x86 architecture, CPUID instruction can obtain very detail information of CPU. This coding work is a little tedious and error-prone, not only because I need to reference both Intel and AMD specifications since these 2 vendors have minor distinctions, but also I need to parse the bits of register values.\u003c/li\u003e\n\u003cli\u003eThe code is \u003ca href=\"https://github.com/NanXiao/lscpu\" rel=\"nofollow\"\u003ehere\u003c/a\u003e, and if you run OpenBSD/FreeBSD on x86 processors, please try it. It will be better you can give some feedback or report the issues, and I appreciate it very much. In the future if I have other CPUs resource, such as ARM or SPARC64, maybe I will enrich this small program.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://daemonforums.org/showthread.php?t=10429\" rel=\"nofollow\"\u003eOpenBSD Porting Workshop - Brian Callahan will be running an OpenBSD porting workshop in NYC for NYC*BUG on December 6, 2017.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.openbsdjumpstart.org/#/\" rel=\"nofollow\"\u003eLearn to tame OpenBSD quickly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/sortie/94b302dd383df19237d1a04969f1a42b\" rel=\"nofollow\"\u003eDetect the operating system using UDP stack corner cases\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAwesome Mike - \u003ca href=\"http://dpaste.com/1H22BND#wrap\" rel=\"nofollow\"\u003eZFS Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael - \u003ca href=\"http://dpaste.com/1JRJ6T9\" rel=\"nofollow\"\u003eExpanding a file server with only one hard drive with ZFS\u003c/a\u003e - \u003ca href=\"http://dpaste.com/36M7M3E\" rel=\"nofollow\"\u003einformation based on Allan\u0026#39;s IRC response\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrian - \u003ca href=\"http://dpaste.com/3X0GXJR#wrap\" rel=\"nofollow\"\u003eOptimizing ZFS for a single disk\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Papers we love: ARC by Bryan Cantrill, SSD caching adventures with ZFS, OpenBSD full disk encryption setup, and a Perl5 Slack Syslog BSD daemon.","date_published":"2017-11-08T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/00179d62-cc7f-42f5-ae1e-732013948a80.mp3","mime_type":"audio/mpeg","size_in_bytes":93957844,"duration_in_seconds":7829}]},{"id":"e0a5ad39-7410-48c8-b0f4-a879c27cf354","title":"218: A KRACK in the WiFi","url":"https://www.bsdnow.tv/218","content_text":"FreeBSD 10.4-RELEASE is here, more EuroBSDcon travel notes, the KRACK attack, ZFS and DTrace on NetBSD, and pfsense 2.4.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 10.4-RELEASE Available\n\n\nFreeBSD 10.4-RELEASE is out. The FreeBSD Project dedicates the FreeBSD 10.4-RELEASE to the memory of Andrey A. Chernov.\nSome of the highlights:\n\n\n\n10.4-RELEASE is the first FreeBSD release to feature full support for eMMC storage, including eMMC partitions, TRIM and bus speed modes up to HS400. Please note, though, that availability of especially the DDR52, HS200 and HS400 modes requires support in the actual sdhci(4) front-end as well as by the hardware used. Also note, that the SDHCI controller part of Intel® Apollo Lake chipsets is affected by several severe silicon bugs. Apparently, it depends on the particular Apollo Lake platform whether the workarounds in place so far are sufficient to avoid timeouts on attaching sdhci(4) there.\nAlso in case a GPT disk label is used, the fsck_ffs(8) utility now is able to find alternate superblocks.\nThe aesni(4) driver now no longer shares a single FPU context across multiple sessions in multiple threads, addressing problems seen when employing aesni(4) for accelerating ipsec(4).\nSupport for the Kaby Lake generation of Intel® i219(4)/ i219(5) devices has been added to the em(4) driver.\nThe em(4) driver is now capable of enabling Wake On LAN (WOL) also for Intel® i217, i218 and i219 chips. Note that stale interface configurations from previous unsuccessful attempts to enable WOL for these devices now will actually take effect. For example, an ifconfig em0 wol activates all WOL variants including wol_mcast, which might be undesirable.\nSupport for WOL has been added to the igb(4) driver, which was not able to activate this feature on any device before. The same remark regarding stale WOL configurations as for the em(4) driver applies.\nUserland coredumps can now trigger events such as generating a human readable crash report via devd(8). This feature is off by default.\nThe firmware shipping with the qlxgbe(4) driver has been updated to version 5.4.66. Additionally, this driver has received some TSO and locking fixes, performance optimizations as well as SYSCTLs providing MAC, RX and TX statistics.\nMellanox® ConnectX-4 series adapters are now supported by the newly added mlx5ib(4) driver.\nOpenSSH received an update to version 7.3p1.\nGNOME has been updated to version 3.18.\nXorg-Server has been updated to version 1.18.4.\n\n\n\nCheck out the full release notes and upgrade your systems to 10.4-RELEASE. Thanks to the FreeBSD Release Engineering Team for their efforts. \n***\n\n\nEuroBSDcon 2017: \"travel notes\" after the conference\n\n\nLeonardo Taccari posted in the NetBSD blog about his experiences at EuroBSDcon 2017:\n\n\n\nLet me tell you about my experience at EuroBSDcon 2017 in Paris, France. We will see what was presented during the NetBSD developer summit on Friday and then we will give a look to all of the NetBSD and pkgsrc presentations given during the conference session on Saturday and Sunday. Of course, a lot of fun also happened on the \"hall track\", the several breaks during the conference and the dinners we had together with other *BSD developers and community! This is difficult to describe and I will try to just share some part of that with photographs that we have taken. I can just say that it was a really beautiful experience, I had a great time with others and, after coming back home... ...I miss all of that! :) So, if you have never been in any BSD conferences I strongly suggest you to go to the next ones, so please stay tuned via NetBSD Events. Being there this is probably the only way to understand these feelings!\n\n\n\nThursday (21/09): NetBSD developers dinner\n\n\n\nArriving in Paris via a night train from Italy I literally sleep-walked through Paris getting lost again and again. After getting in touch with other developers we had a dinner together and went sightseeing for aWseveral beers!\nFriday (22/09): NetBSD developers summit\nOn Friday morning we met for the NetBSD developers summit kindly hosted by Arolla.\nNetBSD on Google Compute Engine -- Benny Siegert (bsiegert)\nScripting DDB with Forth -- Valery Ushakov (uwe)\nNews from the version control front -- Jörg Sonnenberger (joerg)\nAfternoon discussions and dinner\nAfter the lunch we had several non-scheduled discussions, some time for hacking, etc.\nWe then had a nice dinner together (it was in a restaurant with a very nice waiter who always shouted after every order or after accidentally dropping and crashing dishes!, yeah! That's probably a bit weird but I liked that attitude! :)) and then did some sightseeing and had a beer together.\n\n\n\nSaturday (23/09): First day of conference session and Social Event\n\n\n\nA Modern Replacement for BSD spell(1) -- Abhinav Upadhyay (abhinav)\nPortable Hotplugging: NetBSD's uvm_hotplug(9) API development -- Cherry G.\nMathew (cherry)\nHardening pkgsrc -- Pierre Pronchery (khorben)\nReproducible builds on NetBSD -- Christos Zoulas (christos)\n\n\n\nSocial event\n\n\n\nThe social event on Saturday evening took place on a boat that cruised on the Seine river.\nIt was a very nice and different way to sightsee Paris, eat and enjoy some drinks and socialize and discuss with other developers and community.\n\n\nSunday (24/09): Second day of conference session\nThe school of hard knocks - PT1 -- Sevan Janiyan (sevan)\nThe LLDB Debugger on NetBSD -- Kamil Rytarowski (kamil)\nWhat's in store for NetBSD 8.0? -- Alistair Crooks (agc)\n\n\n\n\nSunday dinner\n\n\n\nAfter the conference we did some sightseeing in Paris, had a dinner together and then enjoyed some beers!\n\n\n\nConclusion\n\n\n\nIt was a very nice weekend and conference. It is worth to mention that EuroBSDcon 2017 was the biggest BSD conference (more than 300 people attended it!).\nI would like to thank the entire EuroBSDcon organising committee (Baptiste Daroussin, Antoine Jacoutot, Jean-Sébastien Pédron and Jean-Yves Migeon), EuroBSDcon programme committee (Antoine Jacoutot, Lars Engels, Ollivier Robert, Sevan Janiyan, Jörg Sonnenberger, Jasper Lievisse Adriaanse and Janne Johansson) and EuroBSDcon Foundation for organizing such a wonderful conference!\nI also would like to thank the speakers for presenting very interesting talks, all developers and community that attended the NetBSD devsummit and conference, in particular Jean-Yves and Jörg, for organizing and moderating the devsummit and Arolla that kindly hosted us for the NetBSD devsummit!\nA special thanks also to Abhinav (abhinav) and Martin (martin) for photographs and locals Jean-Yves (jym) and Stoned (seb) for helping us in not get lost in Paris' rues! :)\n\n\n\nThank you!\n***\n\n\nWiFi Vulnerability in WPA2: KRACK\n\n\n“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”\n“Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.”\n\n\n\nFreeBSD Advisory \nAs of the date of this recording, a few weeks ahead of when this episode will air, the issue is fixed in FreeBSD 11.0 and 11.1, and a workaround has been provided for 10.3 and 10.4 (install newer wpa_supplicant from ports). A fix for 10.3 and 10.4 is expected soon. They will more than likely be out by time you are watching this.\nThe fix for 10.3 and 10.4 is more complicated because the version of wpa_supplicant included in the base system is 2.0, from January 2013, so is nearly 5 years old, so the patches do not apply cleanly. The security team is still considering if it will try to patch 2.0, or just replace the version of wpa_supplicant with 2.5 from FreeBSD 11.x.\nOpenBSD was unwilling to wait when the embargo was extended on this vulnerability and stealth fixed the issue on Aug 30th\nstsp@openbsd.org ‘s Mastodon post\nLobste.rs conversation about flaw and OpenBSD’s reaction\n\n\n\n“What happened is that he told me on July 15, and gave a 6 weeks embargo until end of August. We already complained back then that this was way too long and leaving people exposed. Then he got CERT (and, thus, US gov agencies) involved and had to extend the embargo even further until today. At that point we already had the ball rolling and decided to stick to the original agreement with him, and he gave us an agreeing nod towards that as well.”\n“In this situation, a request for keeping the problem and fix secret is a request to leave our users at risk and exposed to insiders who will potentially use the bug to exploit our users. And we have no idea who the other insiders are. We have to assume that information of this kind leaks and dissipates pretty fast in the security “community”.”\n“We chose to serve the needs of our users who are the vulnerable people in this drama. I stand by that choice.”\n\n\n\nAs a result of this:\n\n\n\n“To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.”\n\n\n\nNetBSD: “patches for the WPA issues in KRACK Attacks were committed Oct 16th to HEAD \u0026amp; are pending pullup to 6/7/8 branches”\nAs of this recording, Dragonfly appears to use wpa_supplicant 2.1 which they imported in 2014 and has not been touched in over a year\n***\n\n\nNews Roundup\n\nNetBSD - dtrace and ZFS update\n\n\nChuck Silvers writes to the tech-kern mailing list of NetBSD:\n\n\n\nI've been working on updating netbsd's copy of the dtrace and zfs code to rebase from the existing ancient opensolaris version to a recent freebsd version. most of the freebsd changes are pretty close to what netbsd needs, so that seems like a more useful upstream for us.  I have things working well enough now that I want to share the code in preparation for committing.\n\n\n\nthis update improves upon our existing dtrace/zfs code in several ways:\n\n\n\npicks up all the upstream zfs fixes and enhancements from the last decade\nzfs now supports mmap on netbsd, so you can run executables stored in zfs\ndtrace fbt probes can now be used in kernel modules (such as zfs)\n\n\n\nA patch is provided here: http://ftp.netbsd.org/pub/NetBSD/misc/chs/diff.cddl.20171012 which needs to be applied using “patch -E” as it adds and removes files.\nHe provides the following summary for the diff:\n\n\n\nfreebsd's dtrace/zfs code as of r315983 (2017-03-26), adapted for netbsd.\na few updates to our copy of freebsd's libproc.\nbuild system support for using -fno-omit-frame-pointer everywhere and disabling other compiler optimizations that confuse dtrace.\nsample kernel config changes for a couple evbarm configs (the ones I tested).\nmodule/ksyms enhancements for dtrace integration.\ngenfs API enhancements to support zfs.\nan option to have mutexes not become no-ops during a panic.\nuvm_aobj API change to support 64-bit aobj sizes (eg. for tmpfs).\n\n\n\nKnown issues with the patch include:\n\n\n\nunloading the zfs module fails even with no zpools imported if you've done much with zfs since it was loaded. there's some refcounting problem that I haven't tracked down yet.\nthe module refcounting for active fbt probes is bogus. currently module refcounting is protected by kernconfig_lock(), but taking that lock down in the bowels of dtrace seems likely to create deadlocks.  I plan to do something fancier but haven't gotten to it yet.\nthe dtrace uregs[] stuff is probably still wrong.\nthe CTF typeid overflow problem is still there (more on this below).\n\n\n\nUnsupported features include:\n\n\n\nthe \".zfs\" virtual directory, eg. \".zfs/snapshot/foo@bar\"\nzvols\nZFS ACLs (aka. NFSv4 ACLs)\nNFS exporting a ZFS file system\nsetting dtrace probes in application code\nusing ZFS as the root fs\nnew crypto hashes SHA512_256, skein, and edonr (the last one is not in freebsd yet either)\nzio delay injection (used for testing zfs)\ndtrace support for platforms other than x86 and arm\n\n\n\nA more detailed description of the CTF typeid overflow is also provided. Check out the full thread with followups and try out the patch if you’re on NetBSD.\n***\n\n\npfSense 2.4.0-RELEASE Now Available!\n\n\nJim Pingle writes about the new release:\n\n\n\nWe are excited to announce the release of pfSense® software version 2.4, now available for new installations and upgrades!\npfSense software version 2.4.0 was a herculean effort! It is the culmination of 18 months of hard work by Netgate and community contributors, with over 290 items resolved. According to git, 671 files were changed with a total 1651680 lines added, and 185727 lines deleted. Most of those added lines are from translated strings for multiple language support!\n\n\nHighlights\n\n\nFreeBSD 11.1-RELEASE as the base Operating System\nNew pfSense installer based on bsdinstall, with support for ZFS, UEFI, and multiple types of partition layouts (e.g. GPT, BIOS)\nSupport for Netgate ARM devices such as the SG-1000\nOpenVPN 2.4.x support, which brings features like AES-GCM ciphers, speed improvements, Negotiable Crypto Parameters (NCP), TLS encryption, and dual stack/multihome\nTranslation of the GUI into 13 different languages! For more information on contributing to the translation effort, read our previous blog post and visit the project on Zanata\nWebGUI improvements, such as a new login page, improved GET/POST CSRF handling, significant improvements to the Dashboard and its AJAX handling\nCertificate Management improvements including CSR signing and international character support\nCaptive Portal has been rewritten to work without multiple instances of ipfw\n\n\n\nImportant Information:\n\n\n\n32-bit x86 and NanoBSD have been deprecated and are not supported on pfSense 2.4.\n\n\n\nRead the full release notes and let them know how you like the new release. \n***\n\n\nOpenBSD changes of note 629\n\n\nUse getrusage to measure CPU time in md5 benchmarking.\nAdd guard pages at the end of kernel stacks so overflows don’t run into important stuff.\n\n\nThis would be useful in FreeBSD, even just to detect the condition. I had all kinds of strange crashes when I was accidently overflowing the stack when working on the initial version of the ZSTD patches before ZSTD gained a working heap mode.\n\nAdd dwxe driver for ethernet found on Allwinner A64, H3 and H5 SoCs.\nFix a regression caused by removal of SIGIO from some devices.\nIn malloc, always delay freeing chunks and change ‘F’ option to perform a more extensive check for double free.\nChange sendsyslog prototype to take a string, since there’s little point logging not strings.\nThe config program tries to modify zero initialized variables. Previous versions of gcc were patched to place these in the data segment, instead of the bss, but clang has no such patches. Long long ago, this was the default behavior for compilers, which is why gcc was patched to maintain that existing behavior, but now we want a slightly less unusual toolchain. Fix the underlying issue for now by annotating such variables with a data section attribute.\n***\n\n\nt2k17 Hackathon Report: Philip Guenther: locking and libc\n\n\nNext up in our series of t2k17 hackathon reports is this one from Philip Guenther:\n\n\n\nI showed up at t2k17 with a couple hold-over diffs from e2k17 that weren't stable then and hadn't gotten much better since, so after a red-eye through Chicago I arrived in the hackroom, fired up my laptop and synced trees.\nMeanwhile, people trickled in and the best part of hackathons, the conversations and \"what do you think about this?\" chats started. Theo introduced me to Todd Mortimer (mortimer@), who's been hacking on clang to implement RETGUARD for C programs. Over the hackathon we discussed a few loose ends that cropped up and what the correct behavior should be for them as well as the mechanics of avoiding 0xc3 bytes (the RET opcode) embedded in the middle of other multi-byte x86 machine code. Fun stuff.\nMartin (mpi@) and I had a conversation about the desirability of being able to sleep while holding netlock and pretty much came down on \"oof, the scheduler does need work before the underlying issue driving this question can be resolved enough to answer it\". :-(\nAfter some final hammering I got in an enhancement to pool(9) to let a pool use (sleeping) rwlocks instead of (spinning) mutexes and then immediately used that for the per-CPU pool cache pool as well as the futex pool. Further pools are likely to be converted as well kernel upper-level locking changes are made.\nSpeaking of, a larger diff I had been working on for said upper-level locking was still suffering deadlock issues so I took a stab at narrowing it down to just a lock for the process tree, mostly mirroring the FreeBSD proctree_lock. That appears to be holding up much better and I just have some code arrangement issues around sys_ptrace() before that'll go out for final review.\nThen most of the way through the week, Bob (beck@) vocally complained that life would be easier for libressl if we had some version of pthread_once() and the pthread mutex routines in libc. This would make some other stuff easier too (c.f. /usr/X11R6/lib/libpthread-stubs.*) and the TIB work over the last couple years has basically eliminated the runtime costs of doing so, so I spent most the rest of the hackathon finding the right place to draw a line through libpthread and move everything on the one side of the line into libc. That code seems pretty stable and the xenocara and ports people seem to like—or at least accept—the effects, so it will almost certainly go in with the next libc bump.\nLots of other random conversations, hacking, meals, and beer. Many thanks to Ken (krw@) and local conspirators for another excellent Toronto hackathon!\n\n\n\n\nBeastie Bits\n\n\n2017 NetBSD Foundation Officers\nNew BSDMag is out - Military Grade Data Wiping in FreeBSD with BCWipe\nLibertyBSD 6.1 released\n***\n\n\nFeedback/Questions\n\n\nEddy - EuroBSDCon 2017 video and some help\nEric - ZFS monitoring\nTom - BSD Hosting\n***\n","content_html":"\u003cp\u003eFreeBSD 10.4-RELEASE is here, more EuroBSDcon travel notes, the KRACK attack, ZFS and DTrace on NetBSD, and pfsense 2.4.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/10.4R/announce.html\" rel=\"nofollow\"\u003eFreeBSD 10.4-RELEASE Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 10.4-RELEASE is out. The FreeBSD Project dedicates the FreeBSD 10.4-RELEASE to the memory of Andrey A. Chernov.\u003c/li\u003e\n\u003cli\u003eSome of the highlights:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e10.4-RELEASE is the first FreeBSD release to feature full support for eMMC storage, including eMMC partitions, TRIM and bus speed modes up to HS400. Please note, though, that availability of especially the DDR52, HS200 and HS400 modes requires support in the actual sdhci(4) front-end as well as by the hardware used. Also note, that the SDHCI controller part of Intel® Apollo Lake chipsets is affected by several severe silicon bugs. Apparently, it depends on the particular Apollo Lake platform whether the workarounds in place so far are sufficient to avoid timeouts on attaching sdhci(4) there.\u003cbr\u003e\nAlso in case a GPT disk label is used, the fsck_ffs(8) utility now is able to find alternate superblocks.\u003cbr\u003e\nThe aesni(4) driver now no longer shares a single FPU context across multiple sessions in multiple threads, addressing problems seen when employing aesni(4) for accelerating ipsec(4).\u003cbr\u003e\nSupport for the Kaby Lake generation of Intel® i219(4)/ i219(5) devices has been added to the em(4) driver.\u003cbr\u003e\nThe em(4) driver is now capable of enabling Wake On LAN (WOL) also for Intel® i217, i218 and i219 chips. Note that stale interface configurations from previous unsuccessful attempts to enable WOL for these devices now will actually take effect. For example, an \u003ccode\u003eifconfig em0 wol\u003c/code\u003e activates all WOL variants including wol_mcast, which might be undesirable.\u003cbr\u003e\nSupport for WOL has been added to the igb(4) driver, which was not able to activate this feature on any device before. The same remark regarding stale WOL configurations as for the em(4) driver applies.\u003cbr\u003e\nUserland coredumps can now trigger events such as generating a human readable crash report via devd(8). This feature is off by default.\u003cbr\u003e\nThe firmware shipping with the qlxgbe(4) driver has been updated to version 5.4.66. Additionally, this driver has received some TSO and locking fixes, performance optimizations as well as SYSCTLs providing MAC, RX and TX statistics.\u003cbr\u003e\nMellanox® ConnectX-4 series adapters are now supported by the newly added mlx5ib(4) driver.\u003cbr\u003e\nOpenSSH received an update to version 7.3p1.\u003cbr\u003e\nGNOME has been updated to version 3.18.\u003cbr\u003e\nXorg-Server has been updated to version 1.18.4.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the full release notes and upgrade your systems to 10.4-RELEASE. Thanks to the FreeBSD Release Engineering Team for their efforts. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/eurobsdcon_2017_travel_notes_after\" rel=\"nofollow\"\u003eEuroBSDcon 2017: \u0026quot;travel notes\u0026quot; after the conference\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLeonardo Taccari posted in the NetBSD blog about his experiences at EuroBSDcon 2017:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet me tell you about my experience at EuroBSDcon 2017 in Paris, France. We will see what was presented during the NetBSD developer summit on Friday and then we will give a look to all of the NetBSD and pkgsrc presentations given during the conference session on Saturday and Sunday. Of course, a lot of fun also happened on the \u0026quot;hall track\u0026quot;, the several breaks during the conference and the dinners we had together with other *BSD developers and community! This is difficult to describe and I will try to just share some part of that with photographs that we have taken. I can just say that it was a really beautiful experience, I had a great time with others and, after coming back home... ...I miss all of that! :) So, if you have never been in any BSD conferences I strongly suggest you to go to the next ones, so please stay tuned via NetBSD Events. Being there this is probably the only way to understand these feelings!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThursday (21/09): NetBSD developers dinner\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eArriving in Paris via a night train from Italy I literally sleep-walked through Paris getting lost again and again. After getting in touch with other developers we had a dinner together and went sightseeing for a\u003csup\u003eWseveral\u003c/sup\u003e beers!\u003cbr\u003e\nFriday (22/09): NetBSD developers summit\u003cbr\u003e\nOn Friday morning we met for the NetBSD developers summit kindly hosted by Arolla.\u003cbr\u003e\nNetBSD on Google Compute Engine -- Benny Siegert (bsiegert)\u003cbr\u003e\nScripting DDB with Forth -- Valery Ushakov (uwe)\u003cbr\u003e\nNews from the version control front -- Jörg Sonnenberger (joerg)\u003cbr\u003e\nAfternoon discussions and dinner\u003cbr\u003e\nAfter the lunch we had several non-scheduled discussions, some time for hacking, etc.\u003cbr\u003e\nWe then had a nice dinner together (it was in a restaurant with a very nice waiter who always shouted after every order or after accidentally dropping and crashing dishes!, yeah! That\u0026#39;s probably a bit weird but I liked that attitude! :)) and then did some sightseeing and had a beer together.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSaturday (23/09): First day of conference session and Social Event\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA Modern Replacement for BSD spell(1) -- Abhinav Upadhyay (abhinav)\u003cbr\u003e\nPortable Hotplugging: NetBSD\u0026#39;s uvm_hotplug(9) API development -- Cherry G.\u003cbr\u003e\nMathew (cherry)\u003cbr\u003e\nHardening pkgsrc -- Pierre Pronchery (khorben)\u003cbr\u003e\nReproducible builds on NetBSD -- Christos Zoulas (christos)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSocial event\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe social event on Saturday evening took place on a boat that cruised on the Seine river.\u003cbr\u003e\nIt was a very nice and different way to sightsee Paris, eat and enjoy some drinks and socialize and discuss with other developers and community.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSunday (24/09): Second day of conference session\nThe school of hard knocks - PT1 -- Sevan Janiyan (sevan)\nThe LLDB Debugger on NetBSD -- Kamil Rytarowski (kamil)\nWhat\u0026#39;s in store for NetBSD 8.0? -- Alistair Crooks (agc)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSunday dinner\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter the conference we did some sightseeing in Paris, had a dinner together and then enjoyed some beers!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt was a very nice weekend and conference. It is worth to mention that EuroBSDcon 2017 was the biggest BSD conference (more than 300 people attended it!).\u003cbr\u003e\nI would like to thank the entire EuroBSDcon organising committee (Baptiste Daroussin, Antoine Jacoutot, Jean-Sébastien Pédron and Jean-Yves Migeon), EuroBSDcon programme committee (Antoine Jacoutot, Lars Engels, Ollivier Robert, Sevan Janiyan, Jörg Sonnenberger, Jasper Lievisse Adriaanse and Janne Johansson) and EuroBSDcon Foundation for organizing such a wonderful conference!\u003cbr\u003e\nI also would like to thank the speakers for presenting very interesting talks, all developers and community that attended the NetBSD devsummit and conference, in particular Jean-Yves and Jörg, for organizing and moderating the devsummit and Arolla that kindly hosted us for the NetBSD devsummit!\u003cbr\u003e\nA special thanks also to Abhinav (abhinav) and Martin (martin) for photographs and locals Jean-Yves (jym) and Stoned (seb) for helping us in not get lost in Paris\u0026#39; rues! :)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThank you!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.krackattacks.com/\" rel=\"nofollow\"\u003eWiFi Vulnerability in WPA2: KRACK\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”\u003cbr\u003e\n“Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-17:07.wpa.asc\" rel=\"nofollow\"\u003eFreeBSD Advisory \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAs of the date of this recording, a few weeks ahead of when this episode will air, the issue is fixed in FreeBSD 11.0 and 11.1, and a workaround has been provided for 10.3 and 10.4 (install newer wpa_supplicant from ports). A fix for 10.3 and 10.4 is expected soon. They will more than likely be out by time you are watching this.\u003c/li\u003e\n\u003cli\u003eThe fix for 10.3 and 10.4 is more complicated because the version of wpa_supplicant included in the base system is 2.0, from January 2013, so is nearly 5 years old, so the patches do not apply cleanly. The security team is still considering if it will try to patch 2.0, or just replace the version of wpa_supplicant with 2.5 from FreeBSD 11.x.\u003c/li\u003e\n\u003cli\u003eOpenBSD was unwilling to wait when the embargo was extended on this vulnerability and stealth fixed the issue on \u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=150410571407760\u0026w=2\" rel=\"nofollow\"\u003eAug 30th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mastodon.social/@stsp/98837563531323569\" rel=\"nofollow\"\u003estsp@openbsd.org ‘s Mastodon post\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lobste.rs/s/dwzplh/krack_attacks_breaking_wpa2#c_pbhnfz\" rel=\"nofollow\"\u003eLobste.rs conversation about flaw and OpenBSD’s reaction\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“What happened is that he told me on July 15, and gave a 6 weeks embargo until end of August. We already complained back then that this was way too long and leaving people exposed. Then he got CERT (and, thus, US gov agencies) involved and had to extend the embargo even further until today. At that point we already had the ball rolling and decided to stick to the original agreement with him, and he gave us an agreeing nod towards that as well.”\u003cbr\u003e\n“In this situation, a request for keeping the problem and fix secret is a request to leave our users at risk and exposed to insiders who will potentially use the bug to exploit our users. And we have no idea who the other insiders are. We have to assume that information of this kind leaks and dissipates pretty fast in the security “community”.”\u003cbr\u003e\n“We chose to serve the needs of our users who are the vulnerable people in this drama. I stand by that choice.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs a result of this:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD: \u003ca href=\"http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html\" rel=\"nofollow\"\u003e“patches for the WPA issues in KRACK Attacks were committed Oct 16th to HEAD \u0026amp; are pending pullup to 6/7/8 branches”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAs of this recording, Dragonfly appears to use wpa_supplicant 2.1 which they imported in 2014 and has \u003ca href=\"https://github.com/DragonFlyBSD/DragonFlyBSD/commits/master/contrib/wpa_supplicant\" rel=\"nofollow\"\u003enot been touched in over a year\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/tech-kern/2017/10/13/msg022436.html\" rel=\"nofollow\"\u003eNetBSD - dtrace and ZFS update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eChuck Silvers writes to the tech-kern mailing list of NetBSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve been working on updating netbsd\u0026#39;s copy of the dtrace and zfs code to rebase from the existing ancient opensolaris version to a recent freebsd version. most of the freebsd changes are pretty close to what netbsd needs, so that seems like a more useful upstream for us.  I have things working well enough now that I want to share the code in preparation for committing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ethis update improves upon our existing dtrace/zfs code in several ways:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epicks up all the upstream zfs fixes and enhancements from the last decade\u003cbr\u003e\nzfs now supports mmap on netbsd, so you can run executables stored in zfs\u003cbr\u003e\ndtrace fbt probes can now be used in kernel modules (such as zfs)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA patch is provided here: \u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/misc/chs/diff.cddl.20171012\" rel=\"nofollow\"\u003ehttp://ftp.netbsd.org/pub/NetBSD/misc/chs/diff.cddl.20171012\u003c/a\u003e which needs to be applied using “patch -E” as it adds and removes files.\u003c/li\u003e\n\u003cli\u003eHe provides the following summary for the diff:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003efreebsd\u0026#39;s dtrace/zfs code as of r315983 (2017-03-26), adapted for netbsd.\u003cbr\u003e\na few updates to our copy of freebsd\u0026#39;s libproc.\u003cbr\u003e\nbuild system support for using -fno-omit-frame-pointer everywhere and disabling other compiler optimizations that confuse dtrace.\u003cbr\u003e\nsample kernel config changes for a couple evbarm configs (the ones I tested).\u003cbr\u003e\nmodule/ksyms enhancements for dtrace integration.\u003cbr\u003e\ngenfs API enhancements to support zfs.\u003cbr\u003e\nan option to have mutexes not become no-ops during a panic.\u003cbr\u003e\nuvm_aobj API change to support 64-bit aobj sizes (eg. for tmpfs).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eKnown issues with the patch include:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eunloading the zfs module fails even with no zpools imported if you\u0026#39;ve done much with zfs since it was loaded. there\u0026#39;s some refcounting problem that I haven\u0026#39;t tracked down yet.\u003cbr\u003e\nthe module refcounting for active fbt probes is bogus. currently module refcounting is protected by kernconfig_lock(), but taking that lock down in the bowels of dtrace seems likely to create deadlocks.  I plan to do something fancier but haven\u0026#39;t gotten to it yet.\u003cbr\u003e\nthe dtrace uregs[] stuff is probably still wrong.\u003cbr\u003e\nthe CTF typeid overflow problem is still there (more on this below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUnsupported features include:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ethe \u0026quot;.zfs\u0026quot; virtual directory, eg. \u0026quot;.zfs/snapshot/foo@bar\u0026quot;\u003cbr\u003e\nzvols\u003cbr\u003e\nZFS ACLs (aka. NFSv4 ACLs)\u003cbr\u003e\nNFS exporting a ZFS file system\u003cbr\u003e\nsetting dtrace probes in application code\u003cbr\u003e\nusing ZFS as the root fs\u003cbr\u003e\nnew crypto hashes SHA512_256, skein, and edonr (the last one is not in freebsd yet either)\u003cbr\u003e\nzio delay injection (used for testing zfs)\u003cbr\u003e\ndtrace support for platforms other than x86 and arm\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA more detailed description of the CTF typeid overflow is also provided. Check out the full thread with followups and try out the patch if you’re on NetBSD.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netgate.com/blog/pfsense-2-4-0-release-now-available.html\" rel=\"nofollow\"\u003epfSense 2.4.0-RELEASE Now Available!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJim Pingle writes about the new release:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe are excited to announce the release of pfSense® software version 2.4, now available for new installations and upgrades!\u003cbr\u003e\npfSense software version 2.4.0 was a herculean effort! It is the culmination of 18 months of hard work by Netgate and community contributors, with over 290 items resolved. According to git, 671 files were changed with a total 1651680 lines added, and 185727 lines deleted. Most of those added lines are from translated strings for multiple language support!\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eHighlights\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eFreeBSD 11.1-RELEASE as the base Operating System\u003cbr\u003e\nNew pfSense installer based on bsdinstall, with support for ZFS, UEFI, and multiple types of partition layouts (e.g. GPT, BIOS)\u003cbr\u003e\nSupport for Netgate ARM devices such as the SG-1000\u003cbr\u003e\nOpenVPN 2.4.x support, which brings features like AES-GCM ciphers, speed improvements, Negotiable Crypto Parameters (NCP), TLS encryption, and dual stack/multihome\u003cbr\u003e\nTranslation of the GUI into 13 different languages! For more information on contributing to the translation effort, read our previous blog post and visit the project on Zanata\u003cbr\u003e\nWebGUI improvements, such as a new login page, improved GET/POST CSRF handling, significant improvements to the Dashboard and its AJAX handling\u003cbr\u003e\nCertificate Management improvements including CSR signing and international character support\u003cbr\u003e\nCaptive Portal has been rewritten to work without multiple instances of ipfw\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eImportant Information:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e32-bit x86 and NanoBSD have been deprecated and are not supported on pfSense 2.4.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRead the full release notes and let them know how you like the new release. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tedunangst.com/flak/post/openbsd-changes-of-note-629\" rel=\"nofollow\"\u003eOpenBSD changes of note 629\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUse getrusage to measure CPU time in md5 benchmarking.\u003c/li\u003e\n\u003cli\u003eAdd guard pages at the end of kernel stacks so overflows don’t run into important stuff.\n\n\u003cul\u003e\n\u003cli\u003eThis would be useful in FreeBSD, even just to detect the condition. I had all kinds of strange crashes when I was accidently overflowing the stack when working on the initial version of the ZSTD patches before ZSTD gained a working heap mode.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAdd dwxe driver for ethernet found on Allwinner A64, H3 and H5 SoCs.\u003c/li\u003e\n\u003cli\u003eFix a regression caused by removal of SIGIO from some devices.\u003c/li\u003e\n\u003cli\u003eIn malloc, always delay freeing chunks and change ‘F’ option to perform a more extensive check for double free.\u003c/li\u003e\n\u003cli\u003eChange sendsyslog prototype to take a string, since there’s little point logging not strings.\u003c/li\u003e\n\u003cli\u003eThe config program tries to modify zero initialized variables. Previous versions of gcc were patched to place these in the data segment, instead of the bss, but clang has no such patches. Long long ago, this was the default behavior for compilers, which is why gcc was patched to maintain that existing behavior, but now we want a slightly less unusual toolchain. Fix the underlying issue for now by annotating such variables with a data section attribute.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20170824080132\" rel=\"nofollow\"\u003et2k17 Hackathon Report: Philip Guenther: locking and libc\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext up in our series of t2k17 hackathon reports is this one from Philip Guenther:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI showed up at t2k17 with a couple hold-over diffs from e2k17 that weren\u0026#39;t stable then and hadn\u0026#39;t gotten much better since, so after a red-eye through Chicago I arrived in the hackroom, fired up my laptop and synced trees.\u003cbr\u003e\nMeanwhile, people trickled in and the best part of hackathons, the conversations and \u0026quot;what do you think about this?\u0026quot; chats started. Theo introduced me to Todd Mortimer (mortimer@), who\u0026#39;s been hacking on clang to implement RETGUARD for C programs. Over the hackathon we discussed a few loose ends that cropped up and what the correct behavior should be for them as well as the mechanics of avoiding 0xc3 bytes (the RET opcode) embedded in the middle of other multi-byte x86 machine code. Fun stuff.\u003cbr\u003e\nMartin (mpi@) and I had a conversation about the desirability of being able to sleep while holding netlock and pretty much came down on \u0026quot;oof, the scheduler does need work before the underlying issue driving this question can be resolved enough to answer it\u0026quot;. :-(\u003cbr\u003e\nAfter some final hammering I got in an enhancement to pool(9) to let a pool use (sleeping) rwlocks instead of (spinning) mutexes and then immediately used that for the per-CPU pool cache pool as well as the futex pool. Further pools are likely to be converted as well kernel upper-level locking changes are made.\u003cbr\u003e\nSpeaking of, a larger diff I had been working on for said upper-level locking was still suffering deadlock issues so I took a stab at narrowing it down to just a lock for the process tree, mostly mirroring the FreeBSD proctree_lock. That appears to be holding up much better and I just have some code arrangement issues around sys_ptrace() before that\u0026#39;ll go out for final review.\u003cbr\u003e\nThen most of the way through the week, Bob (beck@) vocally complained that life would be easier for libressl if we had some version of pthread_once() and the pthread mutex routines in libc. This would make some other stuff easier too (c.f. /usr/X11R6/lib/libpthread-stubs.*) and the TIB work over the last couple years has basically eliminated the runtime costs of doing so, so I spent most the rest of the hackathon finding the right place to draw a line through libpthread and move everything on the one side of the line into libc. That code seems pretty stable and the xenocara and ports people seem to like—or at least accept—the effects, so it will almost certainly go in with the next libc bump.\u003cbr\u003e\nLots of other random conversations, hacking, meals, and beer. Many thanks to Ken (krw@) and local conspirators for another excellent Toronto hackathon!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/2017_netbsd_foundation_officers\" rel=\"nofollow\"\u003e2017 NetBSD Foundation Officers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/download/military-grade-data-wiping-freebsd-bcwipe/\" rel=\"nofollow\"\u003eNew BSDMag is out - Military Grade Data Wiping in FreeBSD with BCWipe\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://libertybsd.net/\" rel=\"nofollow\"\u003eLibertyBSD 6.1 released\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eEddy - \u003ca href=\"http://dpaste.com/3WDNV05#wrap\" rel=\"nofollow\"\u003eEuroBSDCon 2017 video and some help\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEric - \u003ca href=\"http://dpaste.com/2RP0S60#wrap\" rel=\"nofollow\"\u003eZFS monitoring\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTom - \u003ca href=\"http://dpaste.com/31DGH3J#wrap\" rel=\"nofollow\"\u003eBSD Hosting\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 10.4-RELEASE is here, more EuroBSDcon travel notes, the KRACK attack, ZFS and DTrace on NetBSD, and pfsense 2.4.","date_published":"2017-11-01T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e0a5ad39-7410-48c8-b0f4-a879c27cf354.mp3","mime_type":"audio/mpeg","size_in_bytes":53638132,"duration_in_seconds":4469}]},{"id":"88994206-f8e5-4c4f-a6c4-798f4bac15c3","title":"217: Your questions, part II","url":"https://www.bsdnow.tv/217","content_text":"OpenBSD 6.2 is here, style arguments, a second round of viewer interview questions, how to set CPU affinity for FreeBSD jails, containers on FreeNAS \u0026amp; more!\n\nHeadlines\n\nOpenBSD 6.2 Released\n\n\nOpenBSD continues their six month release cadence with the release of 6.2, the 44th release\nOn a disappointing note, the song for 6.2 will not be released until December\nHighlights:\n\n\n\nImproved hardware support on modern platforms including ARM64/ARMv7 and octeon, while amd64 users will appreciate additional support for the Intel Kaby Lake video cards.\nNetwork stack improvements include extensive SMPization improvements and a new FQ-CoDel queueing discipline, as well as enhanced WiFi support in general and improvements to iwn(4), iwm(4) and anthn(4) drivers.\nImprovements in vmm(4)/vmd include VM migration, as well as various compatibility and performance improvements.\nSecurity enhancements including a new freezero(3) function, further pledge(2)ing of base system programs and conversion of several daemons to the fork+exec model.\nTrapsleds, KARL, and random linking for libcrypto and ld.so, dramatically increase security by making it harder to find helpful ROP gadgets, and by creating a unique order of objects per-boot.\nA unique kernel is now created by the installer to boot from after install/upgrade. \nThe base system compiler on the amd64 and i386 platforms has switched to clang(1).\nNew versions of OpenSSH, OpenSMTPd, LibreSSL and mandoc are also included.\nThe kernel no longer handles IPv6 Stateless Address Autoconfiguration (RFC 4862), allowing cleanup and simplification of the IPv6 network stack. \nImproved IPv6 checks for IPsec policies and made them consistent with IPv4.\nEnabled the use of per-CPU caches in the network packet allocators.\nImproved UTF-8 line editing support for ksh(1) Emacs and Vi input mode.\nbreaking change for nvme(4) users with GPT: If you are booting from an nvme(4) drive with a GPT disk layout, you are affected by an off-by-one in the driver with the consequence that the sector count in your partition table may be incorrect. The only way to fix this is to re-initialize the partition table. Backup your data to another disk before you upgrade. In the new bsd.rd, drop to a shell and re-initialize the GPT:\nfdisk -iy -g -b 960 sdN\n\n\n\n\nWhy we argue: style\n\n\nI've been thinking about why we argue about code, and how we might transform vehement differences of opinion into active forces for good.\nMy thoughts spring from a very specific context. Ten or twelve times a year I go to an arbitrary business and spend three or more days teaching a course in object-oriented design. I'm an outsider, but for a few days these business let me in on their secrets.\nHere's what I've noticed. In some places, folks are generally happy. Programmers get along. They feel as if they are all \"in this together.\" At businesses like this I spend most of my time actually teaching object-oriented design.\nOther places, folks are surprisingly miserable. There's a lot of discord, and the programmers have devolved into competing \"camps.\" In these situations the course rapidly morphs away from OO Design and into wide-ranging group discussions about how to resolve deeply embedded conflicts.\nTolstoy famously said that \"Happy families are all alike; every unhappy family is unhappy in its own way.\" This is known as the Anna Karenina Principle, and describes situations in which success depends on meeting all of a number of criteria. The only way to be happy is to succeed at every one of them. Unhappiness, unfortunately, can be achieved by any combination of failure. Thus, all happy businesses are similar, but unhappy ones appear unique in their misery.\nToday I'm interested in choices of syntax, i.e whether or not your shop has agreed upon and follows a style guide. If you're surprised that I'm starting with this apparently mundane issue, consider yourself lucky in your choice of workplace. If you're shaking your head in rueful agreement about the importance of this topic, I feel your pain.\nI firmly believe that all of the code that I personally have to examine should come to me in a consistent format. Code is read many more times than it is written, which means that the ultimate cost of code is in its reading. It therefore follows that code should be optimized for readability, which in turn dictates that an application's code should all follow the same style.\n\n\n\nThis is why FreeBSD, and most other open source projects, have a preferred style. Some projects are less specific and less strict about it.\n\n\n\nMost programmers agree with the prior paragraph, but here's where things begin to break down. As far as I'm concerned, my personal formatting style is clearly the best. However, I'm quite sure that you feel the same. It's easy for a group of programmers to agree that all code should follow a common style, but surprisingly difficult to get them to agree on just what that common style should be.\nAvoid appointing a human \"style cop\", which just forces someone to be an increasingly ill-tempered nag. Instead, supply programmers with the information they need to remedy their own transgressions. By the time a pull request is submitted, mis-stylings should long since have been put right. Pull request conversations ought to be about what code does rather than how code looks.\nWhat about old code? Ignore it. You don't have to re-style all existing code, just do better from this day forward. Defer updating old code until you touch it for other reasons. Following this strategy means that the code you most often work on will gradually take on a common style. It also means that some of your existing code might never get updated, but if you never look at it, who cares?\nIf you choose to re-style code that you otherwise have no need to touch, you're declaring that changing the look of this old code has more value to your business than delivering the next item on the backlog. The opportunity cost of making a purely aesthetic change includes losing the benefit of what you could have done instead. The rule-of-thumb is: Don't bother updating the styling of stable, existing code unless not doing so costs you money.\n\n\n\nMost open source projects also avoid reformatting code just to change the style, because of the merge conflicts this will cause for downstream consumers\n\n\n\nIf you disagree with the style guide upon which your team agrees, you have only two honorable options:\nFirst, you can obey the guide despite your aversion. As with me in the Elm story above, this act is likely to change your thinking so that over time you come to prefer the new style. It's possible that if you follow the guide you'll begin to like it.\nAlternatively, you can decide you will not obey the style guide. Making this decision demands that you leave your current project and find some other project whose guide matches your preferred style. Go there and follow that one.\nNotice that both of these choices have you following a guide. This part is not optional.\nThe moral of this story? It's more important for all code to be formatted the same than it is for any one of us to get our own way. Commit to agreeing upon and following a style guide. And if you find that your team cannot come to an agreement, step away from this problem and start a discussion about power.\n\n\n\nThere have been many arguments about style, and it can often be one of the first complaints of people new to any open source project\nThis article covers it fairly well from both sides, a) you should follow the style guide of the project you are contributing to, b) the project should review your actual code, then comment on the style after, and provide gentle guidance towards the right style, and avoid being “style cops”\n***\n\n\nInterview - The BSDNow Crew, Part II\n\n\n\nNews Roundup\n\nBuilding FreeBSD for the Onion Omega 2\n\n\nI got my Onion Omega 2 devices in the mail quite a while ago, but I had never gotten around to trying to install FreeBSD on them. They are a different MIPS SoC than the Onion Omega 1, so it would not work out of the box at the time. Now, the SoC is supported!\nThis guide provides the steps to build an image for the Omega 2 using the freebsd-wifi-build infrastructure\nFirst some config files are modified to make the image small enough for the Omega 2’s flash chip\nThe DTS (Device Tree Source) files are not yet included in FreeBSD, so they are fetched from github\nThen the build for the ralink SoC is run, with the provided DTS file and the MT7628_FDT kernel config\nOnce the build is complete, you’ll have a tftp image file. Then that image is compressed, and bundled into a uboot image\nWrite the files to a USB stick, and plug it into the Omega’s dock\nTurn it on while holding the reset button with console open\n\n\n\nPress 1 to get into the command line.\n\n\n\nYou will need to reset the usb:\n\n\n\nusb reset\n\n\n\nThen load the kernel boot image:\n\n\n\nfatload usb 0:1 0x80800000 kernel.MT7628_FDT.lzma.uImage\n\n\n\nAnd boot it:\n\n\n\nbootm 0x80800000\n\n\n\nAt this point FreeBSD should boot\nMount a userland, and you should end up in multi-user mode\nHopefully this will get even easier in the next few weeks, and we’ll end up with a more streamlined process to tftp boot the device, then write FreeBSD into the onboard flash so it boots automatically.\n***\n\n\nSetting the CPU Affinity on FreeBSD Jails with ezjail\n\n\nWhile there are more advanced resource controls available for FreeBSD jails, one of the most basic ways to control CPU usage is to limit the subset of CPUs that each jail can use. This can make sure that every jail has access to some dedicated resources, while at the same time doesn’t have the ability to entirely dominate the machine\n\n\n\nI just got a new home server: a HP ProLiant ML110 G6. Being a FreeBSD person myself, it was natural that I used it on my server instead of Linux\nI chose to use ezjail to manage the jails on my ProLiant, with the initial one being a Tor middle node. Despite the fact that where my ML110 is, the upstream is only 35mbps (which is pretty good for cable), I did not want to give my Tor jail access to all four cores.\nSetting the CPU Affinity would let you choose a specific CPU core (or a range of cores) you want to use. However, it does not just let you pick the number of CPU cores you want and make FreeBSD choose the core running your jail. Going forward, I assumed that you have already created a jail using ezjail-admin. I also do not cover limiting a jail to a certain percentage of CPU usage.\nezjail-admin config -c [CORE_NUMBER_FIRST]-[CORE_NUMBER_LAST] [JAIL_NAME]\n\n\n\nor\n\n\n\nezjail-admin config -c [CORE_NUMBER_FIRST],[CORE_NUMBER_SECOND],...,[CORE_NUMBER_N] [JAIL_NAME]\nAnd hopefully, you should have your ezjail-managed FreeBSD jail limited to the CPU cores you want. While I did not cover a CPU percentage or RAM usage, this can be done with rctl\nI'll admit: it doesn't really matter which CPU a jail runs on, but it might matter if you don't want a jail to have access to all the CPU cores available and only want [JAIL_NAME] to use one core. Since it's not really possible just specify the number of CPU cores with ezjail (or even iocell), a fallback would be to use CPU affinity, and that requires you to specify an exact CPU core. I know it's not the best solution (it would be better if we could let the scheduler choose provided a jail only runs on one core), but it's what works.\n\n\n\nWe use this at work on high core count machines. When we have multiple databases colocated on the same machine, we make sure each one has a few cores to itself, while it shares other cores with the rest of the machine. We often reserve a core or two for the base system as well.\n***\n\n\nA practical guide to containers on FreeNAS for a depraved psychopath.\n\n\nIf you are interested in playing with Docker, this guide sets up a Linux VM running on FreeBSD or FreeNAS under bhyve, then runs linux docker containers on top of it\n\n\n\nYou know that jails are dope and I know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years…\n\n\n\nThis tutorial uses iohyve to manage the VMs on the FreeBSD or FreeNAS\n\n\n\nThere are many Linux variants you can choose from — RancherOS, CoreOS are the most popular for docker-only hosts. We going to use RancherOS because it’s more lightweight out of the box.\n\n\n\nNavigate to RancherOS website and grab link to latest version\n\n\n\nsudo iohyve setup pool=zpool kmod=1 net=em0\nsudo iohyve fetch https://releases.rancher.com/os/latest/rancheros.iso\nsudo iohyve renameiso rancheros.iso rancheros-v1.0.4.iso\nsudo pkg install grub2-bhyve\nsudo iohyve create rancher 32G\nsudo iohyve set rancher loader=grub-bhyve ram=8G cpu=8 con=nmdm0 os=debian\nsudo iohyve install rancher rancheros-v1.0.4.iso\nsudo iohyve console rancher\n\n\n\nThen the tutorial does some basic configuration of RancherOS, and some house keeping in iohyve to make RancherOS come up unattended at boot\n\n\n\nThe whole point of this guide is to reduce pain, and using the docker CLI is still painful. There are a lot of Web UIs to control docker. Most of them include a lot of orchestrating services, so it’s just overkill. Portainer is very lightweight and can be run even on Raspberry Pi\n\n\n\nCreate a config file as described\n\n\n\nAfter reboot you will be able to access WebUI on 9000 port. Setup is very easy, so I won’t go over it\n\n\n\nThe docker tools for FreeBSD are still being worked on. Eventually you will be able to host native FreeBSD docker containers on FreeBSD jails, but we are not quite there yet\nIn the meantime, you can install sysutils/docker and use it to manage the docker instances running on a remote machine, or in this case, the RancherOS VM running in bhyve\n***\n\n\nBeastie Bits\n\n\nThe Ghost of Invention: A Visit to Bell Labs, excerpt from the forthcoming book: “Kitten Clone: Inside Alcatel-Lucent” \nOpenBSD Cookbook (set of Ansible playbooks)\n15 useful sockstat commands to find open ports on FreeBSD \nA prehistory of Slashdot\nUsing ed, the unix line editor \n***\n\n\nFeedback/Questions\n\n\nMalcolm - ZFS snapshots\nDarryn - Zones\nMohammad - SSH Keys\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOpenBSD 6.2 is here, style arguments, a second round of viewer interview questions, how to set CPU affinity for FreeBSD jails, containers on FreeNAS \u0026amp; more!\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/62.html\" rel=\"nofollow\"\u003eOpenBSD 6.2 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD continues their six month release cadence with the release of 6.2, the 44th release\u003c/li\u003e\n\u003cli\u003eOn a disappointing note, the song for 6.2 will not be released until December\u003c/li\u003e\n\u003cli\u003eHighlights:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eImproved hardware support on modern platforms including ARM64/ARMv7 and octeon, while amd64 users will appreciate additional support for the Intel Kaby Lake video cards.\u003cbr\u003e\nNetwork stack improvements include extensive SMPization improvements and a new FQ-CoDel queueing discipline, as well as enhanced WiFi support in general and improvements to iwn(4), iwm(4) and anthn(4) drivers.\u003cbr\u003e\nImprovements in vmm(4)/vmd include VM migration, as well as various compatibility and performance improvements.\u003cbr\u003e\nSecurity enhancements including a new freezero(3) function, further pledge(2)ing of base system programs and conversion of several daemons to the fork+exec model.\u003cbr\u003e\nTrapsleds, KARL, and random linking for libcrypto and ld.so, dramatically increase security by making it harder to find helpful ROP gadgets, and by creating a unique order of objects per-boot.\u003cbr\u003e\nA unique kernel is now created by the installer to boot from after install/upgrade. \u003cbr\u003e\nThe base system compiler on the amd64 and i386 platforms has switched to clang(1).\u003cbr\u003e\nNew versions of OpenSSH, OpenSMTPd, LibreSSL and mandoc are also included.\u003cbr\u003e\nThe kernel no longer handles IPv6 Stateless Address Autoconfiguration (RFC 4862), allowing cleanup and simplification of the IPv6 network stack. \u003cbr\u003e\nImproved IPv6 checks for IPsec policies and made them consistent with IPv4.\u003cbr\u003e\nEnabled the use of per-CPU caches in the network packet allocators.\u003cbr\u003e\nImproved UTF-8 line editing support for ksh(1) Emacs and Vi input mode.\u003cbr\u003e\n\u003cem\u003ebreaking change for nvme(4) users with GPT\u003c/em\u003e: If you are booting from an nvme(4) drive with a GPT disk layout, you are affected by an off-by-one in the driver with the consequence that the sector count in your partition table may be incorrect. The only way to fix this is to re-initialize the partition table. Backup your data to another disk before you upgrade. In the new bsd.rd, drop to a shell and re-initialize the GPT:\u003cbr\u003e\n\u003cstrong\u003efdisk -iy -g -b 960 sdN\u003c/strong\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.sandimetz.com/blog/2017/6/1/why-we-argue-style\" rel=\"nofollow\"\u003eWhy we argue: style\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve been thinking about why we argue about code, and how we might transform vehement differences of opinion into active forces for good.\u003cbr\u003e\nMy thoughts spring from a very specific context. Ten or twelve times a year I go to an arbitrary business and spend three or more days teaching a course in object-oriented design. I\u0026#39;m an outsider, but for a few days these business let me in on their secrets.\u003cbr\u003e\nHere\u0026#39;s what I\u0026#39;ve noticed. In some places, folks are generally happy. Programmers get along. They feel as if they are all \u0026quot;in this together.\u0026quot; At businesses like this I spend most of my time actually teaching object-oriented design.\u003cbr\u003e\nOther places, folks are surprisingly miserable. There\u0026#39;s a lot of discord, and the programmers have devolved into competing \u0026quot;camps.\u0026quot; In these situations the course rapidly morphs away from OO Design and into wide-ranging group discussions about how to resolve deeply embedded conflicts.\u003cbr\u003e\nTolstoy famously said that \u0026quot;Happy families are all alike; every unhappy family is unhappy in its own way.\u0026quot; This is known as the Anna Karenina Principle, and describes situations in which success depends on meeting all of a number of criteria. The only way to be happy is to succeed at every one of them. Unhappiness, unfortunately, can be achieved by any combination of failure. Thus, all happy businesses are similar, but unhappy ones appear unique in their misery.\u003cbr\u003e\nToday I\u0026#39;m interested in choices of syntax, i.e whether or not your shop has agreed upon and follows a style guide. If you\u0026#39;re surprised that I\u0026#39;m starting with this apparently mundane issue, consider yourself lucky in your choice of workplace. If you\u0026#39;re shaking your head in rueful agreement about the importance of this topic, I feel your pain.\u003cbr\u003e\nI firmly believe that all of the code that I personally have to examine should come to me in a consistent format. Code is read many more times than it is written, which means that the ultimate cost of code is in its reading. It therefore follows that code should be optimized for readability, which in turn dictates that an application\u0026#39;s code should all follow the same style.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is why FreeBSD, and most other open source projects, have a preferred style. Some projects are less specific and less strict about it.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMost programmers agree with the prior paragraph, but here\u0026#39;s where things begin to break down. As far as I\u0026#39;m concerned, my personal formatting style is clearly the best. However, I\u0026#39;m quite sure that you feel the same. It\u0026#39;s easy for a group of programmers to agree that all code should follow a common style, but surprisingly difficult to get them to agree on just what that common style should be.\u003cbr\u003e\nAvoid appointing a human \u0026quot;style cop\u0026quot;, which just forces someone to be an increasingly ill-tempered nag. Instead, supply programmers with the information they need to remedy their own transgressions. By the time a pull request is submitted, mis-stylings should long since have been put right. Pull request conversations ought to be about what code does rather than how code looks.\u003cbr\u003e\nWhat about old code? Ignore it. You don\u0026#39;t have to re-style all existing code, just do better from this day forward. Defer updating old code until you touch it for other reasons. Following this strategy means that the code you most often work on will gradually take on a common style. It also means that some of your existing code might never get updated, but if you never look at it, who cares?\u003cbr\u003e\nIf you choose to re-style code that you otherwise have no need to touch, you\u0026#39;re declaring that changing the look of this old code has more value to your business than delivering the next item on the backlog. The opportunity cost of making a purely aesthetic change includes losing the benefit of what you could have done instead. The rule-of-thumb is: Don\u0026#39;t bother updating the styling of stable, existing code unless not doing so costs you money.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMost open source projects also avoid reformatting code just to change the style, because of the merge conflicts this will cause for downstream consumers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you disagree with the style guide upon which your team agrees, you have only two honorable options:\u003cbr\u003e\nFirst, you can obey the guide despite your aversion. As with me in the Elm story above, this act is likely to change your thinking so that over time you come to prefer the new style. It\u0026#39;s possible that if you follow the guide you\u0026#39;ll begin to like it.\u003cbr\u003e\nAlternatively, you can decide you will not obey the style guide. Making this decision demands that you leave your current project and find some other project whose guide matches your preferred style. Go there and follow that one.\u003cbr\u003e\nNotice that both of these choices have you following a guide. This part is not optional.\u003cbr\u003e\nThe moral of this story? It\u0026#39;s more important for all code to be formatted the same than it is for any one of us to get our own way. Commit to agreeing upon and following a style guide. And if you find that your team cannot come to an agreement, step away from this problem and start a discussion about power.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere have been many arguments about style, and it can often be one of the first complaints of people new to any open source project\u003c/li\u003e\n\u003cli\u003eThis article covers it fairly well from both sides, a) you should follow the style guide of the project you are contributing to, b) the project should review your actual code, then comment on the style after, and provide gentle guidance towards the right style, and avoid being “style cops”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - The BSDNow Crew, Part II\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/sysadminmike/freebsd-onion-omega2-build\" rel=\"nofollow\"\u003eBuilding FreeBSD for the Onion Omega 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eI got my Onion Omega 2 devices in the mail quite a while ago, but I had never gotten around to trying to install FreeBSD on them. They are a different MIPS SoC than the Onion Omega 1, so it would not work out of the box at the time. Now, the SoC is supported!\u003c/li\u003e\n\u003cli\u003eThis guide provides the steps to build an image for the Omega 2 using the freebsd-wifi-build infrastructure\u003c/li\u003e\n\u003cli\u003eFirst some config files are modified to make the image small enough for the Omega 2’s flash chip\u003c/li\u003e\n\u003cli\u003eThe DTS (Device Tree Source) files are not yet included in FreeBSD, so they are fetched from github\u003c/li\u003e\n\u003cli\u003eThen the build for the ralink SoC is run, with the provided DTS file and the MT7628_FDT kernel config\u003c/li\u003e\n\u003cli\u003eOnce the build is complete, you’ll have a tftp image file. Then that image is compressed, and bundled into a uboot image\u003c/li\u003e\n\u003cli\u003eWrite the files to a USB stick, and plug it into the Omega’s dock\u003c/li\u003e\n\u003cli\u003eTurn it on while holding the reset button with console open\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePress 1 to get into the command line.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou will need to reset the usb:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eusb reset\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThen load the kernel boot image:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003efatload usb 0:1 0x80800000 kernel.MT7628_FDT.lzma.uImage\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnd boot it:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ebootm 0x80800000\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAt this point FreeBSD should boot\u003c/li\u003e\n\u003cli\u003eMount a userland, and you should end up in multi-user mode\u003c/li\u003e\n\u003cli\u003eHopefully this will get even easier in the next few weeks, and we’ll end up with a more streamlined process to tftp boot the device, then write FreeBSD into the onboard flash so it boots automatically.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.neelc.org/setting-the-cpu-affinity-on-freebsd-jails-with-ezjail/\" rel=\"nofollow\"\u003eSetting the CPU Affinity on FreeBSD Jails with ezjail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile there are more advanced resource controls available for FreeBSD jails, one of the most basic ways to control CPU usage is to limit the subset of CPUs that each jail can use. This can make sure that every jail has access to some dedicated resources, while at the same time doesn’t have the ability to entirely dominate the machine\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI just got a new home server: a HP ProLiant ML110 G6. Being a FreeBSD person myself, it was natural that I used it on my server instead of Linux\u003cbr\u003e\nI chose to use ezjail to manage the jails on my ProLiant, with the initial one being a Tor middle node. Despite the fact that where my ML110 is, the upstream is only 35mbps (which is pretty good for cable), I did not want to give my Tor jail access to all four cores.\u003cbr\u003e\nSetting the CPU Affinity would let you choose a specific CPU core (or a range of cores) you want to use. However, it does not just let you pick the number of CPU cores you want and make FreeBSD choose the core running your jail. Going forward, I assumed that you have already created a jail using ezjail-admin. I also do not cover limiting a jail to a certain percentage of CPU usage.\u003cbr\u003e\nezjail-admin config -c [CORE_NUMBER_FIRST]-[CORE_NUMBER_LAST] [JAIL_NAME]\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eor\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eezjail-admin config -c [CORE_NUMBER_FIRST],[CORE_NUMBER_SECOND],...,[CORE_NUMBER_N] [JAIL_NAME]\u003cbr\u003e\nAnd hopefully, you should have your ezjail-managed FreeBSD jail limited to the CPU cores you want. While I did not cover a CPU percentage or RAM usage, this can be done with rctl\u003cbr\u003e\nI\u0026#39;ll admit: it doesn\u0026#39;t really matter which CPU a jail runs on, but it might matter if you don\u0026#39;t want a jail to have access to all the CPU cores available and only want [JAIL_NAME] to use one core. Since it\u0026#39;s not really possible just specify the number of CPU cores with ezjail (or even iocell), a fallback would be to use CPU affinity, and that requires you to specify an exact CPU core. I know it\u0026#39;s not the best solution (it would be better if we could let the scheduler choose provided a jail only runs on one core), but it\u0026#39;s what works.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe use this at work on high core count machines. When we have multiple databases colocated on the same machine, we make sure each one has a few cores to itself, while it shares other cores with the rest of the machine. We often reserve a core or two for the base system as well.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@andoriyu/a-practical-guide-to-containers-on-freenas-for-a-depraved-psychopath-c212203c0394\" rel=\"nofollow\"\u003eA practical guide to containers on FreeNAS for a depraved psychopath.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you are interested in playing with Docker, this guide sets up a Linux VM running on FreeBSD or FreeNAS under bhyve, then runs linux docker containers on top of it\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou know that jails are dope and I know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis tutorial uses iohyve to manage the VMs on the FreeBSD or FreeNAS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are many Linux variants you can choose from — RancherOS, CoreOS are the most popular for docker-only hosts. We going to use RancherOS because it’s more lightweight out of the box.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNavigate to RancherOS website and grab link to latest version\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003esudo iohyve setup pool=zpool kmod=1 net=em0\u003cbr\u003e\nsudo iohyve fetch \u003ca href=\"https://releases.rancher.com/os/latest/rancheros.iso\" rel=\"nofollow\"\u003ehttps://releases.rancher.com/os/latest/rancheros.iso\u003c/a\u003e\u003cbr\u003e\nsudo iohyve renameiso rancheros.iso rancheros-v1.0.4.iso\u003cbr\u003e\nsudo pkg install grub2-bhyve\u003cbr\u003e\nsudo iohyve create rancher 32G\u003cbr\u003e\nsudo iohyve set rancher loader=grub-bhyve ram=8G cpu=8 con=nmdm0 os=debian\u003cbr\u003e\nsudo iohyve install rancher rancheros-v1.0.4.iso\u003cbr\u003e\nsudo iohyve console rancher\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThen the tutorial does some basic configuration of RancherOS, and some house keeping in iohyve to make RancherOS come up unattended at boot\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe whole point of this guide is to reduce pain, and using the docker CLI is still painful. There are a lot of Web UIs to control docker. Most of them include a lot of orchestrating services, so it’s just overkill. Portainer is very lightweight and can be run even on Raspberry Pi\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCreate a config file as described\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter reboot you will be able to access WebUI on 9000 port. Setup is very easy, so I won’t go over it\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe docker tools for FreeBSD are still being worked on. Eventually you will be able to host native FreeBSD docker containers on FreeBSD jails, but we are not quite there yet\u003c/li\u003e\n\u003cli\u003eIn the meantime, you can install sysutils/docker and use it to manage the docker instances running on a remote machine, or in this case, the RancherOS VM running in bhyve\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.wired.com/2014/09/coupland-bell-labs/\" rel=\"nofollow\"\u003eThe Ghost of Invention: A Visit to Bell Labs, excerpt from the forthcoming book: “Kitten Clone: Inside Alcatel-Lucent” \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ligurio/openbsd-cookbooks\" rel=\"nofollow\"\u003eOpenBSD Cookbook (set of Ansible playbooks)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.tecmint.com/sockstat-command-examples-to-find-open-ports-in-freebsd/\" rel=\"nofollow\"\u003e15 useful sockstat commands to find open ports on FreeBSD \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://medium.freecodecamp.org/a-pre-history-of-slashdot-6403341dabae\" rel=\"nofollow\"\u003eA prehistory of Slashdot\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://medium.com/@claudio.santos.ribeiro/using-ed-the-unix-line-editor-557ed6466660\" rel=\"nofollow\"\u003eUsing ed, the unix line editor \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMalcolm - \u003ca href=\"http://dpaste.com/16EB3ZA#wrap\" rel=\"nofollow\"\u003eZFS snapshots\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDarryn - \u003ca href=\"http://dpaste.com/1DGHQJP#wrap\" rel=\"nofollow\"\u003eZones\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMohammad - \u003ca href=\"http://dpaste.com/08G3VTB#wrap\" rel=\"nofollow\"\u003eSSH Keys\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"OpenBSD 6.2 is here, style arguments, a second round of viewer interview questions, how to set CPU affinity for FreeBSD jails, containers on FreeNAS \u0026 more!\r\n","date_published":"2017-10-25T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/88994206-f8e5-4c4f-a6c4-798f4bac15c3.mp3","mime_type":"audio/mpeg","size_in_bytes":73969492,"duration_in_seconds":6164}]},{"id":"06744f64-a9ca-4e0e-832e-34f53a663933","title":"216: Software is storytelling","url":"https://www.bsdnow.tv/216","content_text":"EuroBSDcon trip report, how to secure OpenBSD’s LDAP server, ZFS channel programs in FreeBSD HEAD and why software is storytelling.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDcon Trip Report\n\n\nThis is from Frank Moore, who has been supplying us with collections of links for the show and who we met at EuroBSDcon in Paris for the first time. Here is his trip report.\n\n\n\nMy attendance at the EuroBSDCon 2017 conference in Paris was sprinkled with \nseveral 'firsts'. My first visit to Paris, my first time travelling on a EuroTunnel Shuttle train and my first time at any BSD conference. Hopefully, none of these will turn out to be 'lasts'.\nI arrived on the Wednesday afternoon before the conference started on Thursday morning. My hotel was conveniently located close to the conference centre in Paris' 3rd arrondissement. This area is well-known as a buzzy enclave of hip cafes, eateries, independent shops, markets, modern galleries and museums. It certainly lived up to its reputation. Even better, the weather held over the course of the conference, only raining once, with the rest of the time being both warm and sunny.\nThe first two days were taken up with attending Dr Kirk McKusick's excellent tutorial 'An Introduction to the FreeBSD Open-Source Operating System'. This is training \"straight from the horse's mouth\". Kirk has worked extensively on The FreeBSD operating system since the 1980's, helping to design the original BSD filesystem (FFS) and later working on UFS as well. Not only is Kirk an engaging speaker, making what could be a dry topic very interesting, he also \nsprinkles liberal doses of history and war stories throughout his lectures. Want to know why a protocol was designed the way that it was? Or why a system flag has a particular value or position in a record? Kirk was there and has the first-hand answer. He reminisces about his meetings and work with other Unix and BSD luminaries and debunks and confirms common myths in equal measure.\nKirk's teaching style and knowledge are impressive. Every section starts with an overview and a big picture diagram before drilling down into the nitty-gritty detail. Nothing feels superfluous, and everything fits together logically. It's easy to tell that the material and its delivery have been honed over many years, but without feeling stale. Topics covered included the kernel, processes, virtual memory, threads, I/O, devices, FFS, ZFS, and networking. \nThe slides were just as impressive, with additional notes written by a previous student and every slide containing a reference back to the relevant page(s) in the 2nd edition of Kirk's operating system book. As well as a hard copy for those that requested it, Kirk also helpfully supplied soft copies of all the training materials.\nThe breaks in between lectures were useful for meeting the students from the other tutorials and for recovering from the inevitable information overload.\nIt's not often that you can get to hear someone as renowned as Dr McKusick give a lecture on something as important as the FreeBSD operating system. If you have any interest in FreeBSD, Unix history, or operating systems in general, I would urge you to grab the opportunity to attend one of his lectures. You won't be disappointed.\nThe last two days of the conference consisted of various hour-long talks by members of each of the main BSD systems. All of them were fairly evenly represented except Dragonfly BSD which unfortunately only had one talk. With three talks going on at any one time, it was often difficult to pick which one to go to. At other times there might be nothing to pique the interest. Attendance at a talk is not mandatory, so for those times when no talks looked inviting, just hanging out in one of the lobby areas with other attendees was often just as interesting and informative. \nThe conference centre itself was certainly memorable with the interior design of an Egyptian temple or pyramid. All the classrooms were more than adequate while the main auditorium was first-class and easily held the 300+ attendees comfortably. All in all, the facilities, catering and organisation were excellent. Kudos to the EuroBSDCon team, especially Bapt and Antoine for all their hard work and hospitality.\nAs a long-time watcher and occasional contributor to the BSD Now podcast it was good to meet both Allan and Benedict in the flesh. And having done some proofreading for Michael Lucas previously, it was nice to finally meet him as well.\nMy one suggestion to the organisers of the next conference would be to provide more \nhand-holding for newbies. As a first-time attendee at a BSD conference it would have been nice to have been formally introduced to various people within the projects as the goto people for their areas. I could do this myself, but it's not always easy finding the right person and wrangling an introduction. I also think it was a missed opportunity for each project to recruit new developers to their cause. Apparently, this is already in place at BSDCan, but should probably be rolled out across all BSD conferences.\nHaving said all that, my aims for the conference were to take Dr McKusick's course, meet a few BSD people and make contacts within one of the BSD projects to start contributing. I was successful on all these fronts, so for me this was mission accomplished. Another first!\n\n\n\n\nautoconf/clang (No) Fun and Games\n\n\nRobert Nagy (robert@) wrote in with a fascinating story of hunting down a recent problem with ports:\n\n\n\nYou might have been noticing the amount of commits to ports regarding autoconf and nested functions and asking yourself… what the hell is this all about?\nI was hanging out at my friend Antoine (ajacoutot@)'s place just before EuroBSDCon 2017 started and we were having drinks and he told me that there is this weird bug where Gnome hangs completely after just a couple of seconds of usage and the gnome-shell process just sits in the fsleep state. This started to happen at the time when inteldrm(4) was updated, the default compiler was switched to clang(1) and futexes were turned on by default.\nThe next day we started to have a look at the issue and since the process was hanging in fsleep, it seemed clear that the cause must be futexes, so we had to start bisecting the base system, which resulted in random success and failure. In the end we figured out that it is neither futex nor inteldrm(4) related, so the only thing that was left is the switch to clang.\nNow the problem is that we have to figure out what part of the system needs to be build with clang to trigger this issue, so we kept on going and systematically recompiled the base system with gcc until everything was ruled out … and it kept on hanging.\nWe were drunk and angry that now we have to go and check hundreds of ports because gnome is not a small standalone port, so between two bottles of wine a build VM was fired up to do a package build with gcc, because manually building all the dependencies would just take too long and we had spent almost two days on this already.\nNext day ~200 packages were available to bisect and figure out what's going on. After a couple of tries it turned out that the hang is being caused by the gtk+3 package, which is bad since almost everything is using gtk+3. Now it was time to figure out what file the gtk+3 source being built by clang is causing the issue. (Compiler optimizations were ruled out already at this point.) So another set of bisecting happened, building each subdirectory of gtk+3 with clang and waiting for the hang to manifest … and it did not. What the $f?\nOkay so something else is going on and maybe the configure script of gtk+3 is doing something weird with different compilers, so I quickly did two configure runs with gcc and clang and simply diff'd the two directories. Snippets from the diff:\n\n-GDK_HIDDEN_VISIBILITY_CFLAGS = -fvisibility=hidden\nGDK_HIDDEN_VISIBILITY_CFLAGS = \n\n-lt_cv_prog_compiler_rtti_exceptions=no\nlt_cv_prog_compiler_rtti_exceptions=yes\n\n-#define GDK_EXTERN __attribute_((visibility(\"default\"))) extern\n\n-lt_prog_compiler_no_builtin_flag=' -fno-builtin'\n+lt_prog_compiler_no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions'\nOkay, okay that's something, but wait … clang has symbol visibility support so what is going on again? Let's take a peek at config.log:\n\nconfigure:29137: checking for -fvisibility=hidden compiler flag\n\nconfigure:29150: cc -c -fvisibility=hidden  -I/usr/local/include -I/usr/X11R6/include conftest.c \u0026gt;\u0026amp;5\nconftest.c:82:17: error: function definition is not allowed here\n\nint main (void) { return 0; }\n              ^\n1 error generated.\n\nOkay that's clearly an error but why exactly? autoconf basically generates a huge shell script that will check for whatever you throw at it by creating a file called conftest.c and putting chunks of code into it and then trying to compile it. In this case the relevant part of the code was:\n\n\n| int\n| main ()\n| {\n| int main (void) { return 0; }\n|   ;\n|   return 0;\n| }\n\n\nThat is a nested function declaration which is a GNU extension and it is not supported by clang, but that's okay, the question is why the hell would you use nested functions to check for simple compiler flags. The next step was to go and check what is going on in configure.ac to see how the configure script is generated. In the gtk+3 case the following snippet is used:\n\nAC_MSG_CHECKING([for -fvisibility=hidden compiler flag])\n\n\nAC_TRY_COMPILE([], [int main (void) { return 0; }],\n                  AC_MSG_RESULT(yes)\n                  enable_fvisibility_hidden=yes,\n                  AC_MSG_RESULT(no)\n                  enable_fvisibility_hidden=no)\n\nAccording to the autoconf manual the AC_TRY_COMPILE macro accepts the following parameters:\nThat clearly states that a function body has to be specified because the function definition is already provided automatically, so doing AC_TRY_COMPILE([], [int main (void) { return 0;}], instead of AC_TRY_COMPILE([],[] will result in a nested function declaration, which will work just fine with gcc, even though the autoconf usage is wrong.\nAfter fixing the autoconf macro in gtk+3 and rebuilding the complete port from scratch with clang, the hang completely went away as the proper CFLAGS and LDFLAGS were picked up by autoconf for the build.\nAt this point we realized that most of the ports tree uses autoconf so this issue might be a lot bigger than we thought, so I asked sthen@ to do a grep on the ports object directory and just search for \"function definition is not allowed here\", which resulted in about ~60 additional ports affected.\nOut of the list of ports there were only two false positive matches. These were actually trying to test whether the compiler supports nested functions. The rest were a combination of several autoconf macros used in a wrong way, e.g: AC_TRY_COMPILE, AC_TRY_LINK. Most of them were fixable by just removing the extra function declaration or by switching to other autoconf macros like AC_LANG_SOURCE where you can actually declare your own functions if need be.\nThe conclusion is that this issue was a combination of people not reading documentation and just copy/pasting autoconf snippets, instead of reading their documentation and using the macros in the way they were intended, and the fact that switching to a new compiler is never easy and bugs or undefined behaviour are always lurking in the dark.\nThanks to everyone who helped fixing all the ports up this quickly! Hopefully all of the changes can be merged upstream, so that others can benefit as well. \n\n\n\n\nInterview - David Carlier - @devnexen\n\n\nSoftware Engineer at Afilias\n***\n\n\nNews Roundup\n\nSetting up OpenBSD's LDAP Server (ldapd) with StartTLS and SASL\n\n\nA tutorial on setting up OpenBSD’s native LDAP server with TLS encryption and SASL authentication\n\n\n\nOpenBSD has its own LDAP server, ldapd. Here's how to configure it for use with StartTLS and SASL authentication\nCreate a certificate (acme-client anyone?)\nCreate a basic config file\nlisten on em0 tls certificate ldapserver\n\n\n\nThis will listen on the em0 interface with tls using the certificate called ldapserver.crt / ldapserver.key\nValidate the configuration:\n\n\n\n/usr/sbin/ldapd -n\n\n\n\nEnable and start the service:\n\n\n\nrcctl enable ldapd\nrcctl start ldapd\n\n\n\nOn the client machine:\n\n\n\npkg_add openldap-client\n\n\n\nCopy the certificate to /etc/ssl/trusted.crt\nAdd this line to /etc/openldap/ldap.conf\n\n\n\nTLS_CACERT    /etc/ssl/trusted.crt\n\n\n\nEnable and start the service\n\n\n\nrcctl enable saslauthd\nrcctl start saslauthd\n\n\n\nConnect to ldapd (-ZZ means force TLS, use -H to specify URI): \n\n\n\nldapsearch -H ldap://ldapserver -ZZ\n\n\n\n\nFreeBSD Picks Up Support for ZFS Channel Programs in -current\n\n\nZFS channel programs (ZCP) adds support for performing compound ZFS administrative actions via Lua scripts in a sandboxed environment (with time and memory limits).\nThis initial commit includes both base support for running ZCP scripts, and a small initial library of API calls which support getting properties and listing, destroying, and promoting datasets.\nTesting: in addition to the included unit tests, channel programs have been in use at Delphix for several months for batch destroying filesystems.\n\n\n\nTake a simple task as an example: Create a snapshot, then set a property on that snapshot. In the traditional system for this, when you issue the snapshot command, that closes the currently open transaction group (say #100), and opens a new one, #101. While #100 is being written to disk, other writes are accumulated in #101. Once #100 is flushed to disk, the ‘zfs snapshot’ command returns. You can then issue the ‘zfs set’ command. This actually ends up going into transaction group #102. Each administrative action needs to wait for the transaction group to flush, which under heavy loads could take multiple seconds. Now if you want to create AND set, you need to wait for two or three transaction groups. Meanwhile, during transaction group #101, the snapshot existed without the property set, which could cause all kinds of side effects.\nZFS Channel programs solves this by allowing you to perform a small scripted set of actions as a single atomic operation.\nIn Delphix’s appliance, they often needed to do as many as 15 operations together, which might take multiple minutes. Now with channel programs it is much faster, far safer, and has fewer chances of side effects\nBSDCan 2017 - Matt Ahrens: Building products based on OpenZFS, using channel programs -- Video Soon\n\n\n\n\nSoftware Is About Storytelling\n\n\nTyler Treat writes on the brave new geek blog:\n\n\n\nSoftware engineering is more a practice in archeology than it is in building. As an industry, we undervalue storytelling and focus too much on artifacts and tools and deliverables. How many times have you been left scratching your head while looking at a piece of code, system, or process? It’s the story, the legacy left behind by that artifact, that is just as important—if not more—than the artifact itself.\nAnd I don’t mean what’s in the version control history—that’s often useless. I mean the real, human story behind something. Artifacts, whether that’s code or tools or something else entirely, are not just snapshots in time. They’re the result of a series of decisions, discussions, mistakes, corrections, problems, constraints, and so on.  They’re the product of the engineering process, but the problem is they usually don’t capture that process in its entirety. They rarely capture it at all. They commonly end up being nothing but a snapshot in time.\nIt’s often the sign of an inexperienced engineer when someone looks at something and says, “this is stupid” or “why are they using X instead of Y?” They’re ignoring the context, the fact that circumstances may have been different. There is a story that led up to that point, a reason for why things are the way they are. If you’re lucky, the people involved are still around. Unfortunately, this is not typically the case. And so it’s not necessarily the poor engineer’s fault for wondering these things. Their predecessors haven’t done enough to make that story discoverable and share that context.\nI worked at a company that built a homegrown container PaaS on ECS. Doing that today would be insane with the plethora of container solutions available now. “Why aren’t you using Kubernetes?” Well, four years ago when we started, Kubernetes didn’t exist. Even Docker was just in its infancy. And it’s not exactly a flick of a switch to move multiple production environments to a new container runtime, not to mention the politicking with leadership to convince them it’s worth it to not ship any new code for the next quarter as we rearchitect our entire platform. Oh, and now the people behind the original solution are no longer with the company. Good luck! And this is on the timescale of about five years. That’s maybe like one generation of engineers at the company at most—nothing compared to the decades or more software usually lives (an interesting observation is that timescale, I think, is proportional to the size of an organization). Don’t underestimate momentum, but also don’t underestimate changing circumstances, even on a small time horizon.\nThe point is, stop looking at technology in a vacuum. There are many facets to consider. Likewise, decisions are not made in a vacuum. Part of this is just being an empathetic engineer. The corollary to this is you don’t need to adopt every bleeding-edge tech that comes out to be successful, but the bigger point is software is about storytelling. The question you should be asking is how does your organization tell those stories? Are you deliberate or is it left to tribal knowledge and hearsay? Is it something you truly value and prioritize or simply a byproduct?\nDocumentation is good, but the trouble with documentation is it’s usually haphazard and stagnant. It’s also usually documentation of how and not why. Documenting intent can go a long way, and understanding the why is a good way to develop empathy. Code survives us. There’s a fantastic talk by Bryan Cantrill on oral tradition in software engineering where he talks about this. People care about intent. Specifically, when you write software, people care what you think. As Bryan puts it, future generations of programmers want to understand your intent so they can abide by it, so we need to tell them what our intent was. We need to broadcast it. Good code comments are an example of this. They give you a narrative of not only what’s going on, but why. When we write software, we write it for future generations, and that’s the most underestimated thing in all of software. Documenting intent also allows you to document your values, and that allows the people who come after you to continue to uphold them.\nStorytelling in software is important. Without it, software archeology is simply the study of puzzles created by time and neglect. When an organization doesn’t record its history, it’s bound to repeat the same mistakes. A company’s memory is comprised of its people, but the fact is people churn. Knowing how you got here often helps you with getting to where you want to be. Storytelling is how we transcend generational gaps and the inevitable changing of the old guard to the new guard in a maturing engineering organization. The same is true when we expand that to the entire industry. We’re too memoryless—shipping code and not looking back, discovering everything old that is new again, and simply not appreciating our lineage.\n\n\n\n\nBeastie Bits\n\n\n1st BSD Users Stockholm Meetup\nAbsolute FreeBSD, 3rd Edition draft completed \nAbsolute FreeBSD, 3rd Edition Table of Contents\nt2k17 Hackathon Report: My first time (Aaron Bieber)\nThe release of pfSense 2.4.0 will be slightly delayed to apply patches for vulnerabilities in 3rd party packages that are part of pfSense\n\n\n\n\nFeedback/Questions\n\n\nBen writes in that zrepl is in ports now\nPeter asks us about Netflix on BSD\nmeka writes in about dhclient exiting\n***\n","content_html":"\u003cp\u003eEuroBSDcon trip report, how to secure OpenBSD’s LDAP server, ZFS channel programs in FreeBSD HEAD and why software is storytelling.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eEuroBSDcon Trip Report\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is from Frank Moore, who has been supplying us with collections of links for the show and who we met at EuroBSDcon in Paris for the first time. Here is his trip report.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy attendance at the EuroBSDCon 2017 conference in Paris was sprinkled with \u003cbr\u003e\nseveral \u0026#39;firsts\u0026#39;. My first visit to Paris, my first time travelling on a EuroTunnel Shuttle train and my first time at any BSD conference. Hopefully, none of these will turn out to be \u0026#39;lasts\u0026#39;.\u003cbr\u003e\nI arrived on the Wednesday afternoon before the conference started on Thursday morning. My hotel was conveniently located close to the conference centre in Paris\u0026#39; 3rd arrondissement. This area is well-known as a buzzy enclave of hip cafes, eateries, independent shops, markets, modern galleries and museums. It certainly lived up to its reputation. Even better, the weather held over the course of the conference, only raining once, with the rest of the time being both warm and sunny.\u003cbr\u003e\nThe first two days were taken up with attending Dr Kirk McKusick\u0026#39;s excellent tutorial \u0026#39;An Introduction to the FreeBSD Open-Source Operating System\u0026#39;. This is training \u0026quot;straight from the horse\u0026#39;s mouth\u0026quot;. Kirk has worked extensively on The FreeBSD operating system since the 1980\u0026#39;s, helping to design the original BSD filesystem (FFS) and later working on UFS as well. Not only is Kirk an engaging speaker, making what could be a dry topic very interesting, he also \u003cbr\u003e\nsprinkles liberal doses of history and war stories throughout his lectures. Want to know why a protocol was designed the way that it was? Or why a system flag has a particular value or position in a record? Kirk was there and has the first-hand answer. He reminisces about his meetings and work with other Unix and BSD luminaries and debunks and confirms common myths in equal measure.\u003cbr\u003e\nKirk\u0026#39;s teaching style and knowledge are impressive. Every section starts with an overview and a big picture diagram before drilling down into the nitty-gritty detail. Nothing feels superfluous, and everything fits together logically. It\u0026#39;s easy to tell that the material and its delivery have been honed over many years, but without feeling stale. Topics covered included the kernel, processes, virtual memory, threads, I/O, devices, FFS, ZFS, and networking. \u003cbr\u003e\nThe slides were just as impressive, with additional notes written by a previous student and every slide containing a reference back to the relevant page(s) in the 2nd edition of Kirk\u0026#39;s operating system book. As well as a hard copy for those that requested it, Kirk also helpfully supplied soft copies of all the training materials.\u003cbr\u003e\nThe breaks in between lectures were useful for meeting the students from the other tutorials and for recovering from the inevitable information overload.\u003cbr\u003e\nIt\u0026#39;s not often that you can get to hear someone as renowned as Dr McKusick give a lecture on something as important as the FreeBSD operating system. If you have any interest in FreeBSD, Unix history, or operating systems in general, I would urge you to grab the opportunity to attend one of his lectures. You won\u0026#39;t be disappointed.\u003cbr\u003e\nThe last two days of the conference consisted of various hour-long talks by members of each of the main BSD systems. All of them were fairly evenly represented except Dragonfly BSD which unfortunately only had one talk. With three talks going on at any one time, it was often difficult to pick which one to go to. At other times there might be nothing to pique the interest. Attendance at a talk is not mandatory, so for those times when no talks looked inviting, just hanging out in one of the lobby areas with other attendees was often just as interesting and informative. \u003cbr\u003e\nThe conference centre itself was certainly memorable with the interior design of an Egyptian temple or pyramid. All the classrooms were more than adequate while the main auditorium was first-class and easily held the 300+ attendees comfortably. All in all, the facilities, catering and organisation were excellent. Kudos to the EuroBSDCon team, especially Bapt and Antoine for all their hard work and hospitality.\u003cbr\u003e\nAs a long-time watcher and occasional contributor to the BSD Now podcast it was good to meet both Allan and Benedict in the flesh. And having done some proofreading for Michael Lucas previously, it was nice to finally meet him as well.\u003cbr\u003e\nMy one suggestion to the organisers of the next conference would be to provide more \u003cbr\u003e\nhand-holding for newbies. As a first-time attendee at a BSD conference it would have been nice to have been formally introduced to various people within the projects as the goto people for their areas. I could do this myself, but it\u0026#39;s not always easy finding the right person and wrangling an introduction. I also think it was a missed opportunity for each project to recruit new developers to their cause. Apparently, this is already in place at BSDCan, but should probably be rolled out across all BSD conferences.\u003cbr\u003e\nHaving said all that, my aims for the conference were to take Dr McKusick\u0026#39;s course, meet a few BSD people and make contacts within one of the BSD projects to start contributing. I was successful on all these fronts, so for me this was mission accomplished. Another first!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20170930133438\" rel=\"nofollow\"\u003eautoconf/clang (No) Fun and Games\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRobert Nagy (robert@) wrote in with a fascinating story of hunting down a recent problem with ports:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou might have been noticing the amount of commits to ports regarding autoconf and nested functions and asking yourself… what the hell is this all about?\u003cbr\u003e\nI was hanging out at my friend Antoine (ajacoutot@)\u0026#39;s place just before EuroBSDCon 2017 started and we were having drinks and he told me that there is this weird bug where Gnome hangs completely after just a couple of seconds of usage and the gnome-shell process just sits in the fsleep state. This started to happen at the time when inteldrm(4) was updated, the default compiler was switched to clang(1) and futexes were turned on by default.\u003cbr\u003e\nThe next day we started to have a look at the issue and since the process was hanging in fsleep, it seemed clear that the cause must be futexes, so we had to start bisecting the base system, which resulted in random success and failure. In the end we figured out that it is neither futex nor inteldrm(4) related, so the only thing that was left is the switch to clang.\u003cbr\u003e\nNow the problem is that we have to figure out what part of the system needs to be build with clang to trigger this issue, so we kept on going and systematically recompiled the base system with gcc until everything was ruled out … and it kept on hanging.\u003cbr\u003e\nWe were drunk and angry that now we have to go and check hundreds of ports because gnome is not a small standalone port, so between two bottles of wine a build VM was fired up to do a package build with gcc, because manually building all the dependencies would just take too long and we had spent almost two days on this already.\u003cbr\u003e\nNext day ~200 packages were available to bisect and figure out what\u0026#39;s going on. After a couple of tries it turned out that the hang is being caused by the gtk+3 package, which is bad since almost everything is using gtk+3. Now it was time to figure out what file the gtk+3 source being built by clang is causing the issue. (Compiler optimizations were ruled out already at this point.) So another set of bisecting happened, building each subdirectory of gtk+3 with clang and waiting for the hang to manifest … and it did not. What the $f?\u003cbr\u003e\nOkay so something else is going on and maybe the configure script of gtk+3 is doing something weird with different compilers, so I quickly did two configure runs with gcc and clang and simply diff\u0026#39;d the two directories. Snippets from the diff:\u003c/p\u003e\n\n\u003cp\u003e-GDK_HIDDEN_VISIBILITY_CFLAGS = -fvisibility=hidden\u003cbr\u003e\nGDK_HIDDEN_VISIBILITY_CFLAGS = \u003c/p\u003e\n\n\u003cp\u003e-lt_cv_prog_compiler_rtti_exceptions=no\u003cbr\u003e\nlt_cv_prog_compiler_rtti_exceptions=yes\u003c/p\u003e\n\n\u003cp\u003e-#define \u003cem\u003eGDK_EXTERN __attribute\u003c/em\u003e_((visibility(\u0026quot;default\u0026quot;))) extern\u003c/p\u003e\n\n\u003cp\u003e-lt_prog_compiler_no_builtin_flag=\u0026#39; -fno-builtin\u0026#39;\u003cbr\u003e\n+lt_prog_compiler_no_builtin_flag=\u0026#39; -fno-builtin -fno-rtti -fno-exceptions\u0026#39;\u003cbr\u003e\nOkay, okay that\u0026#39;s something, but wait … clang has symbol visibility support so what is going on again? Let\u0026#39;s take a peek at config.log:\u003c/p\u003e\n\n\u003cp\u003econfigure:29137: checking for -fvisibility=hidden compiler flag\u003c/p\u003e\n\n\u003cp\u003econfigure:29150: cc -c -fvisibility=hidden  -I/usr/local/include -I/usr/X11R6/include conftest.c \u0026gt;\u0026amp;5\u003cbr\u003e\nconftest.c:82:17: error: function definition is not allowed here\u003c/p\u003e\n\n\u003cp\u003eint main (void) { return 0; }\u003cbr\u003e\n              ^\u003cbr\u003e\n1 error generated.\u003c/p\u003e\n\n\u003cp\u003eOkay that\u0026#39;s clearly an error but why exactly? autoconf basically generates a huge shell script that will check for whatever you throw at it by creating a file called conftest.c and putting chunks of code into it and then trying to compile it. In this case the relevant part of the code was:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e| int\u003cbr\u003e\n| main ()\u003cbr\u003e\n| {\u003cbr\u003e\n| int main (void) { return 0; }\u003cbr\u003e\n|   ;\u003cbr\u003e\n|   return 0;\u003cbr\u003e\n| }\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eThat is a nested function declaration which is a GNU extension and it is not supported by clang, but that\u0026#39;s okay, the question is why the hell would you use nested functions to check for simple compiler flags. The next step was to go and check what is going on in configure.ac to see how the configure script is generated. In the gtk+3 case the following snippet is used:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eAC_MSG_CHECKING([for -fvisibility=hidden compiler flag])\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eAC_TRY_COMPILE([], [int main (void) { return 0; }],\u003cbr\u003e\n                  AC_MSG_RESULT(yes)\u003cbr\u003e\n                  enable_fvisibility_hidden=yes,\u003cbr\u003e\n                  AC_MSG_RESULT(no)\u003cbr\u003e\n                  enable_fvisibility_hidden=no)\u003c/p\u003e\n\n\u003cp\u003eAccording to the autoconf manual the AC_TRY_COMPILE macro accepts the following parameters:\u003cbr\u003e\nThat clearly states that a function body has to be specified because the function definition is already provided automatically, so doing AC_TRY_COMPILE([], [int main (void) { return 0;}], instead of AC_TRY_COMPILE([],[] will result in a nested function declaration, which will work just fine with gcc, even though the autoconf usage is wrong.\u003cbr\u003e\nAfter fixing the autoconf macro in gtk+3 and rebuilding the complete port from scratch with clang, the hang completely went away as the proper CFLAGS and LDFLAGS were picked up by autoconf for the build.\u003cbr\u003e\nAt this point we realized that most of the ports tree uses autoconf so this issue might be a lot bigger than we thought, so I asked sthen@ to do a grep on the ports object directory and just search for \u0026quot;function definition is not allowed here\u0026quot;, which resulted in about ~60 additional ports affected.\u003cbr\u003e\nOut of the list of ports there were only two false positive matches. These were actually trying to test whether the compiler supports nested functions. The rest were a combination of several autoconf macros used in a wrong way, e.g: AC_TRY_COMPILE, AC_TRY_LINK. Most of them were fixable by just removing the extra function declaration or by switching to other autoconf macros like AC_LANG_SOURCE where you can actually declare your own functions if need be.\u003cbr\u003e\nThe conclusion is that this issue was a combination of people not reading documentation and just copy/pasting autoconf snippets, instead of reading their documentation and using the macros in the way they were intended, and the fact that switching to a new compiler is never easy and bugs or undefined behaviour are always lurking in the dark.\u003cbr\u003e\nThanks to everyone who helped fixing all the ports up this quickly! Hopefully all of the changes can be merged upstream, so that others can benefit as well. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eInterview - David Carlier - \u003ca href=\"https://twitter.com/devnexen\" rel=\"nofollow\"\u003e@devnexen\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSoftware Engineer at Afilias\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.databasepatterns.com/2017/08/setting-up-openbsds-ldap-server-ldapd.html\" rel=\"nofollow\"\u003eSetting up OpenBSD\u0026#39;s LDAP Server (ldapd) with StartTLS and SASL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA tutorial on setting up OpenBSD’s native LDAP server with TLS encryption and SASL authentication\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD has its own LDAP server, ldapd. Here\u0026#39;s how to configure it for use with StartTLS and SASL authentication\u003cbr\u003e\nCreate a certificate (acme-client anyone?)\u003cbr\u003e\nCreate a basic config file\u003cbr\u003e\nlisten on em0 tls certificate ldapserver\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis will listen on the em0 interface with tls using the certificate called ldapserver.crt / ldapserver.key\u003c/li\u003e\n\u003cli\u003eValidate the configuration:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e/usr/sbin/ldapd -n\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEnable and start the service:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ercctl enable ldapd\u003cbr\u003e\nrcctl start ldapd\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOn the client machine:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003ch1\u003epkg_add openldap-client\u003c/h1\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCopy the certificate to /etc/ssl/trusted.crt\u003c/li\u003e\n\u003cli\u003eAdd this line to /etc/openldap/ldap.conf\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTLS_CACERT    /etc/ssl/trusted.crt\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEnable and start the service\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ercctl enable saslauthd\u003cbr\u003e\nrcctl start saslauthd\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConnect to ldapd (-ZZ means force TLS, use -H to specify URI): \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eldapsearch -H ldap://ldapserver -ZZ\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=324163\" rel=\"nofollow\"\u003eFreeBSD Picks Up Support for ZFS Channel Programs in -current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS channel programs (ZCP) adds support for performing compound ZFS administrative actions via Lua scripts in a sandboxed environment (with time and memory limits).\u003cbr\u003e\nThis initial commit includes both base support for running ZCP scripts, and a small initial library of API calls which support getting properties and listing, destroying, and promoting datasets.\u003cbr\u003e\nTesting: in addition to the included unit tests, channel programs have been in use at Delphix for several months for batch destroying filesystems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eTake a simple task as an example: Create a snapshot, then set a property on that snapshot. In the traditional system for this, when you issue the snapshot command, that closes the currently open transaction group (say #100), and opens a new one, #101. While #100 is being written to disk, other writes are accumulated in #101. Once #100 is flushed to disk, the ‘zfs snapshot’ command returns. You can then issue the ‘zfs set’ command. This actually ends up going into transaction group #102. Each administrative action needs to wait for the transaction group to flush, which under heavy loads could take multiple seconds. Now if you want to create AND set, you need to wait for two or three transaction groups. Meanwhile, during transaction group #101, the snapshot existed without the property set, which could cause all kinds of side effects.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eZFS Channel programs solves this by allowing you to perform a small scripted set of actions as a single atomic operation.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIn Delphix’s appliance, they often needed to do as many as 15 operations together, which might take multiple minutes. Now with channel programs it is much faster, far safer, and has fewer chances of side effects\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.bsdcan.org/2017/schedule/events/854.en.html\" rel=\"nofollow\"\u003eBSDCan 2017 - Matt Ahrens: Building products based on OpenZFS, using channel programs -- Video Soon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bravenewgeek.com/software-is-about-storytelling/\" rel=\"nofollow\"\u003eSoftware Is About Storytelling\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTyler Treat writes on the brave new geek blog:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSoftware engineering is more a practice in archeology than it is in building. As an industry, we undervalue storytelling and focus too much on artifacts and tools and deliverables. How many times have you been left scratching your head while looking at a piece of code, system, or process? It’s the story, the legacy left behind by that artifact, that is just as important—if not more—than the artifact itself.\u003cbr\u003e\nAnd I don’t mean what’s in the version control history—that’s often useless. I mean the real, human story behind something. Artifacts, whether that’s code or tools or something else entirely, are not just snapshots in time. They’re the result of a series of decisions, discussions, mistakes, corrections, problems, constraints, and so on.  They’re the product of the engineering process, but the problem is they usually don’t capture that process in its entirety. They rarely capture it at all. They commonly end up being nothing but a snapshot in time.\u003cbr\u003e\nIt’s often the sign of an inexperienced engineer when someone looks at something and says, “this is stupid” or “why are they using X instead of Y?” They’re ignoring the context, the fact that circumstances may have been different. There is a story that led up to that point, a reason for why things are the way they are. If you’re lucky, the people involved are still around. Unfortunately, this is not typically the case. And so it’s not necessarily the poor engineer’s fault for wondering these things. Their predecessors haven’t done enough to make that story discoverable and share that context.\u003cbr\u003e\nI worked at a company that built a homegrown container PaaS on ECS. Doing that today would be insane with the plethora of container solutions available now. “Why aren’t you using Kubernetes?” Well, four years ago when we started, Kubernetes didn’t exist. Even Docker was just in its infancy. And it’s not exactly a flick of a switch to move multiple production environments to a new container runtime, not to mention the politicking with leadership to convince them it’s worth it to not ship any new code for the next quarter as we rearchitect our entire platform. Oh, and now the people behind the original solution are no longer with the company. Good luck! And this is on the timescale of about five years. That’s maybe like one generation of engineers at the company at most—nothing compared to the decades or more software usually lives (an interesting observation is that timescale, I think, is proportional to the size of an organization). Don’t underestimate momentum, but also don’t underestimate changing circumstances, even on a small time horizon.\u003cbr\u003e\nThe point is, stop looking at technology in a vacuum. There are many facets to consider. Likewise, decisions are not made in a vacuum. Part of this is just being an empathetic engineer. The corollary to this is you don’t need to adopt every bleeding-edge tech that comes out to be successful, but the bigger point is software is about storytelling. The question you should be asking is how does your organization tell those stories? Are you deliberate or is it left to tribal knowledge and hearsay? Is it something you truly value and prioritize or simply a byproduct?\u003cbr\u003e\nDocumentation is good, but the trouble with documentation is it’s usually haphazard and stagnant. It’s also usually documentation of how and not why. Documenting intent can go a long way, and understanding the why is a good way to develop empathy. Code survives us. There’s a fantastic talk by Bryan Cantrill on \u003ca href=\"https://youtu.be/4PaWFYm0kEw\" rel=\"nofollow\"\u003eoral tradition in software engineering\u003c/a\u003e where he talks about this. People care about intent. Specifically, when you write software, people care what you think. As Bryan puts it, future generations of programmers want to understand your intent so they can abide by it, so we need to tell them what our intent was. We need to broadcast it. Good code comments are an example of this. They give you a narrative of not only what’s going on, but why. When we write software, we write it for future generations, and that’s the most underestimated thing in all of software. Documenting intent also allows you to document your values, and that allows the people who come after you to continue to uphold them.\u003cbr\u003e\nStorytelling in software is important. Without it, software archeology is simply the study of puzzles created by time and neglect. When an organization doesn’t record its history, it’s bound to repeat the same mistakes. A company’s memory is comprised of its people, but the fact is people churn. Knowing how you got here often helps you with getting to where you want to be. Storytelling is how we transcend generational gaps and the inevitable changing of the old guard to the new guard in a maturing engineering organization. The same is true when we expand that to the entire industry. We’re too memoryless—shipping code and not looking back, discovering everything old that is new again, and simply not appreciating our lineage.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/en-US/BSD-Users-Stockholm/\" rel=\"nofollow\"\u003e1st BSD Users Stockholm Meetup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/3020\" rel=\"nofollow\"\u003eAbsolute FreeBSD, 3rd Edition draft completed \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2995\" rel=\"nofollow\"\u003eAbsolute FreeBSD, 3rd Edition Table of Contents\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20170824193521\" rel=\"nofollow\"\u003et2k17 Hackathon Report: My first time (Aaron Bieber)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.netgate.com/blog/no-plan-survives-contact-with-the-internet.html\" rel=\"nofollow\"\u003eThe release of pfSense 2.4.0 will be slightly delayed to apply patches for vulnerabilities in 3rd party packages that are part of pfSense\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1XMJYMH#wrap\" rel=\"nofollow\"\u003eBen writes in that zrepl is in ports now\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/334WY4T#wrap\" rel=\"nofollow\"\u003ePeter asks us about Netflix on BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3GSGKD3#wrap\" rel=\"nofollow\"\u003emeka writes in about dhclient exiting\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"EuroBSDcon trip report, how to secure OpenBSD’s LDAP server, ZFS channel programs in FreeBSD HEAD and why software is storytelling.","date_published":"2017-10-18T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/06744f64-a9ca-4e0e-832e-34f53a663933.mp3","mime_type":"audio/mpeg","size_in_bytes":78743956,"duration_in_seconds":6561}]},{"id":"6b1d62bd-687d-46b1-afc8-3934b133d075","title":"215: Turning FreeBSD up to 100 Gbps","url":"https://www.bsdnow.tv/215","content_text":"We look at how Netflix serves 100 Gbps from an Open Connect Appliance, read through the 2nd quarter FreeBSD status report, show you a freebsd-update speedup via nginx reverse proxy, and customize your OpenBSD default shell.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nServing 100 Gbps from an Open Connect Appliance\n\n\nIn the summer of 2015, the Netflix Open Connect CDN team decided to take on an ambitious project. The goal was to leverage the new 100GbE network interface technology just coming to market in order to be able to serve at 100 Gbps from a single FreeBSD-based Open Connect Appliance (OCA) using NVM Express (NVMe)-based storage.\nAt the time, the bulk of our flash storage-based appliances were close to being CPU limited serving at 40 Gbps using single-socket Xeon E5–2697v2. The first step was to find the CPU bottlenecks in the existing platform while we waited for newer CPUs from Intel, newer motherboards with PCIe Gen3 x16 slots that could run the new Mellanox 100GbE NICs at full speed, and for systems with NVMe drives.\n\n\n\nFake NUMA\n\n\n\nNormally, most of an OCA’s content is served from disk, with only 10–20% of the most popular titles being served from memory (see our previous blog, Content Popularity for Open Connect for details). However, our early pre-NVMe prototypes were limited by disk bandwidth. So we set up a contrived experiment where we served only the very most popular content on a test server. This allowed all content to fit in RAM and therefore avoid the temporary disk bottleneck. Surprisingly, the performance actually dropped from being CPU limited at 40 Gbps to being CPU limited at only 22 Gbps!\nThe ultimate solution we came up with is what we call “Fake NUMA”. This approach takes advantage of the fact that there is one set of page queues per NUMA domain. All we had to do was to lie to the system and tell it that we have one Fake NUMA domain for every 2 CPUs. After we did this, our lock contention nearly disappeared and we were able to serve at 52 Gbps (limited by the PCIe Gen3 x8 slot) with substantial CPU idle time.\nAfter we had newer prototype machines, with an Intel Xeon E5 2697v3 CPU, PCIe Gen3 x16 slots for 100GbE NIC, and more disk storage (4 NVMe or 44 SATA SSD drives), we hit another bottleneck, also related to a lock on a global list. We were stuck at around 60 Gbps on this new hardware, and we were constrained by pbufs.\nOur first problem was that the list was too small. We were spending a lot of time waiting for pbufs. This was easily fixed by increasing the number of pbufs allocated at boot time by increasing the kern.nswbuf tunable. However, this update revealed the next problem, which was lock contention on the global pbuf mutex. To solve this, we changed the vnode pager (which handles paging to files, rather than the swap partition, and hence handles all sendfile() I/O) to use the normal kernel zone allocator. This change removed the lock contention, and boosted our performance into the 70 Gbps range.\nAs noted above, we make heavy use of the VM page queues, especially the inactive queue. Eventually, the system runs short of memory and these queues need to be scanned by the page daemon to free up memory. At full load, this was happening roughly twice per minute. When this happened, all NGINX processes would go to sleep in vm_wait() and the system would stop serving traffic while the pageout daemon worked to scan pages, often for several seconds. This problem is actually made progressively worse as one adds NUMA domains, because there is one pageout daemon per NUMA domain, but the page deficit that it is trying to clear is calculated globally. So if the vm pageout daemon decides to clean, say 1GB of memory and there are 16 domains, each of the 16 pageout daemons will individually attempt to clean 1GB of memory.\nTo solve this problem, we decided to proactively scan the VM page queues. In the sendfile path, when allocating a page for I/O, we run the pageout code several times per second on each VM domain. The pageout code is run in its lightest-weight mode in the context of one unlucky NGINX process. Other NGINX processes continue to run and serve traffic while this is happening, so we can avoid bursts of pager activity that blocks traffic serving. Proactive scanning allowed us to serve at roughly 80 Gbps on the prototype hardware.\nHans Petter Selasky, Mellanox’s 100GbE driver developer, came up with an innovative solution to our problem. Most modern NICs will supply an Receive Side Scaling (RSS) hash result to the host. RSS is a standard developed by Microsoft wherein TCP/IP traffic is hashed by source and destination IP address and/or TCP source and destination ports. The RSS hash result will almost always uniquely identify a TCP connection. Hans’ idea was that rather than just passing the packets to the LRO engine as they arrive from the network, we should hold the packets in a large batch, and then sort the batch of packets by RSS hash result (and original time of arrival, to keep them in order). After the packets are sorted, packets from the same connection are adjacent even when they arrive widely separated in time. Therefore, when the packets are passed to the FreeBSD LRO routine, it can aggregate them.\nWith this new LRO code, we were able to achieve an LRO aggregation rate of over 2 packets per aggregation, and were able to serve at well over 90 Gbps for the first time on our prototype hardware for mostly unencrypted traffic. So the job was done. Or was it? The next goal was to achieve 100 Gbps while serving only TLS-encrypted streams. By this point, we were using hardware which closely resembles today’s 100GbE flash storage-based OCAs: four NVMe PCIe Gen3 x4 drives, 100GbE ethernet, Xeon E5v4 2697A CPU. With the improvements described in the Protecting Netflix Viewing Privacy at Scale blog entry, we were able to serve TLS-only traffic at roughly 58 Gbps.\nIn the lock contention problems we’d observed above, the cause of any increased CPU use was relatively apparent from normal system level tools like flame graphs, DTrace, or lockstat. The 58 Gbps limit was comparatively strange. As before, the CPU use would increase linearly as we approached the 58 Gbps limit, but then as we neared the limit, the CPU use would increase almost exponentially. Flame graphs just showed everything taking longer, with no apparent hotspots. We finally had a hunch that we were limited by our system’s memory bandwidth. We used the Intel® Performance Counter Monitor Tools to measure the memory bandwidth we were consuming at peak load. We then wrote a simple memory thrashing benchmark that used one thread per core to copy between large memory chunks that did not fit into cache. According to the PCM tools, this benchmark consumed the same amount of memory bandwidth as our OCA’s TLS-serving workload. So it was clear that we were memory limited. At this point, we became focused on reducing memory bandwidth usage. To assist with this, we began using the Intel VTune profiling tools to identify memory loads and stores, and to identify cache misses.\nBecause we are using sendfile() to serve data, encryption is done from the virtual memory page cache into connection-specific encryption buffers. This preserves the normal FreeBSD page cache in order to allow serving of hot data from memory to many connections. One of the first things that stood out to us was that the ISA-L encryption library was using half again as much memory bandwidth for memory reads as it was for memory writes. From looking at VTune profiling information, we saw that ISA-L was somehow reading both the source and destination buffers, rather than just writing to the destination buffer. We realized that this was because the AVX instructions used by ISA-L for encryption on our CPUs worked on 256-bit (32-byte) quantities, whereas the cache line size was 512-bits (64 bytes)?—?thus triggering the system to do read-modify-writes when data was written. The problem is that the the CPU will normally access the memory system in 64 byte cache line-sized chunks, reading an entire 64 bytes to access even just a single byte. After a quick email exchange with the ISA-L team, they provided us with a new version of the library that used non-temporal instructions when storing encryption results. Non-temporals bypass the cache, and allow the CPU direct access to memory. This meant that the CPU was no longer reading from the destination buffers, and so this increased our bandwidth from 58 Gbps to 65 Gbps.\nAt 100 Gbps, we’re moving about 12.5 GB/s of 4K pages through our system unencrypted. Adding encryption doubles that to 25 GB/s worth of 4K pages. That’s about 6.25 Million mbufs per second. When you add in the extra 2 mbufs used by the crypto code for TLS metadata at the beginning and end of each TLS record, that works out to another 1.6M mbufs/sec, for a total of about 8M mbufs/second. With roughly 2 cache line accesses per mbuf, that’s 128 bytes * 8M, which is 1 GB/s (8 Gbps) of data that is accessed at multiple layers of the stack (alloc, free, crypto, TCP, socket buffers, drivers, etc).\nAt this point, we’re able to serve 100% TLS traffic comfortably at 90 Gbps using the default FreeBSD TCP stack. However, the goalposts keep moving. We’ve found that when we use more advanced TCP algorithms, such as RACK and BBR, we are still a bit short of our goal. We have several ideas that we are currently pursuing, which range from optimizing the new TCP code to increasing the efficiency of LRO to trying to do encryption closer to the transfer of the data (either from the disk, or to the NIC) so as to take better advantage of Intel’s DDIO and save memory bandwidth.\n\n\n\n\nFreeBSD April to June 2017 Status Report\n\nFreeBSD Team Reports\nFreeBSD Release Engineering Team\nPorts Collection\nThe FreeBSD Core Team\nThe FreeBSD Foundation\nThe Postmaster Team\n\nProjects\n64-bit Inode Numbers\nCapability-Based Network Communication for Capsicum/CloudABI\nCeph on FreeBSD\nDTS Updates\nKernel\nCoda revival\nFreeBSD Driver for the Annapurna Labs ENA\nIntel 10G Driver Update\npNFS Server Plan B\nArchitectures\nFreeBSD on Marvell Armada38x\nFreeBSD/arm64\nUserland Programs\nDTC\nUsing LLVM's LLD Linker as FreeBSD's System Linker\nPorts\nA New USES Macro for Porting Cargo-Based Rust Applications\nGCC (GNU Compiler Collection)\nGNOME on FreeBSD\nKDE on FreeBSD\nNew Port: FRRouting\nPHP Ports: Help Improving QA\nRust\nsndio Support in the FreeBSD Ports Collection\nTensorFlow\nUpdating Port Metadata for non-x86 Architectures\nXfce on FreeBSD\nDocumentation\nAbsolute FreeBSD, 3rd Edition\nDoc Version Strings Improved by Their Absence\nNew Xen Handbook Section\nMiscellaneous\n\nBSD Meetups at Rennes (France)\n\nThird-Party Projects\n\nHardenedBSD\n\n\n\nDPDK, VPP, and the future of pfSense @ the DPDK Summit\n\n\nThe DPDK (Data Plane Development Kit) conference included a short update from the pfSense project\nThe video starts with a quick introduction to pfSense and the company behind it\nIt covers the issues they ran into trying to scale to 10gbps and beyond, and some of the solutions they tried: libuinet, netmap, packet-journey\nThen they discovered VPP (Vector Packet Processing)\nThe video then covers the architecture of the new pfSense\npfSense has launched of EC2, on Azure soon, and will launch support for the new Atom C3000 and Xeon hardware with built-in QAT (Quick-Assist crypto offload) in November\nThe future: 100gbps, MPLS, VXLANs, and ARM64 hardware support\n***\n\n\nNews Roundup\n\nLocal nginx reverse proxy cache for freebsd-update\n\n\nVladimir Krstulja has created this interesting tutorial on the FreeBSD wiki about a freebsd-update reverse proxy cache\n\n\n\nEither because you're a good netizen and don't want to repeatedly hammer the FreeBSD mirrors to upgrade all your systems, or you want to benefit from the speed of having a local \"mirror\" (cache, more precisely), running a freebsd update reverse proxy cache with, say, nginx is dead simple.\n\n\nInstall nginx somewhere\nConfigure nginx for a subdomain, say, freebsd-update.example.com\nOn all your hosts, in all your jails, configure /etc/freebsd-update.conf for new ServerName\nAnd... that's it. Running freebsd-update will use the ServerName domain which is your reverse nginx proxy. Note the comment about using a \"nearby\" server is not quite true. FreeBSD update mirrors are frequently slow and running such a reverse proxy cache significantly speeds things up.\nCaveats: This is a simple cache. That means it doesn't consider the files as a whole repository, which in turn means updates to your cache are not atomic. It'd be advised to nuke your cache before your update run, as its point is only to retain the files in a local cache for some short period of time required for all your machines to be updated.\n***\n\n\n\nClonOS is a free, open-source FreeBSD-based platform for virtual environment creation and management\n\n\nThe operating system uses FreeBSD's development branch (12.0-CURRENT) as its base. ClonOS uses ZFS as the default file system and includes web-based administration tools for managing virtual machines and jails. The project's website also mentions the availability of templates for quickly setting up new containers and web-based VNC access to jails. Puppet, we are told, can be used for configuration management.\nClonOS can be downloaded as a disk image file (IMG) or as an optical media image (ISO). I downloaded the ISO file which is 1.6GB in size. Booting from ClonOS's media displays a text console asking us to select the type of text terminal we are using. There are four options and most people can probably safely take the default, xterm, option.\nThe operating system, on the surface, appears to be a full installation of FreeBSD 12. The usual collection of FreeBSD packages are available, including manual pages, a compiler and the typical selection of UNIX command line utilities. The operating system uses ZFS as its file system and uses approximately 3.3GB of disk space. ClonOS requires about 50MB of active memory and 143MB of wired memory before any services or jails are created.\nMost of the key features of ClonOS, the parts which set it apart from vanilla FreeBSD, can be accessed through a web-based control panel. When we connect to this control panel, over a plain HTTP connection, using our web browser, we are not prompted for an account name or password. The web-based interface has a straight forward layout. Down the left side of the browser window we find categories of options and controls. Over on the right side of the window are the specific options or controls available in the selected category. At the top of the page there is a drop-down menu where we can toggle the displayed language between English and Russian, with English being the default.\nThere are twelve option screens we can access in the ClonOS interface and I want to quickly give a summary of each one:\n\n\n\nOverview - this page shows a top-level status summary. The page lists the number of jails and nodes in the system. We are also shown the number of available CPU cores and available RAM on the system.\nJail containers - this page allows us to create and delete jails. We can also change some basic jail settings on this page, adjusting the network configuration and hostname. Plus we can click a button to open a VNC window that allows us to access the jail's command line interface.\nTemplate for jails - provides a list of available jail templates. Each template is listed with its name and a brief description. For example, we have a Wordpress template and a bittorrent template. We can click a listed template to create a new jail with a vanilla installation of the selected software included. We cannot download or create new templates from this page.\nBhyve VMs - this page is very much like the Jails containers page, but concerns the creation of new virtual machines and managing them.\nVirtual Private Network - allows for the management of subnets\nAuthkeys - upload security keys for something, but it is not clear for what these keys will be used.\nStorage media - upload ISO files that will be used when creating virtual machines and installing an operating system in the new virtual environment.\nFreeBSD Bases - I think this page downloads and builds source code for alternative versions of FreeBSD, but I am unsure and could not find any associated documentation for this page.\nFreeBSD Sources - download source code for various versions of FreeBSD.\nTaskLog - browse logs of events, particularly actions concerning jails.\nSQLite admin - this page says it will open an interface for managing a SQLite database. Clicking link on the page gives a file not found error.\nSettings - this page simply displays a message saying the settings page has not been implemented yet.\n\n\n\nWhile playing with ClonOS, I wanted to perform a couple of simple tasks. I wanted to use the Wordpress template to set up a blog inside a jail. I wanted a generic, empty jail in which I could play and run commands without harming the rest of the operating system. I also wanted to try installing an operating system other than FreeBSD inside a Bhyve virtual environment. I thought this would give me a pretty good idea of how quick and easy ClonOS would make common tasks.\n\n\n\nConclusions\n\n\n\nClonOS appears to be in its early stages of development, more of a feature preview or proof-of-concept than a polished product. A few of the settings pages have not been finished yet, the web-based controls for jails are unable to create jails that connect to the network and I was unable to upload even small ISO files to create virtual machines.\nThe project's website mentions working with Puppet to handle system configuration, but I did not encounter any Puppet options. There also does not appear to be any documentation on using Puppet on the ClonOS platform.\nOne of the biggest concerns I had was the lack of security on ClonOS. The web-based control panel and terminal both automatically login as the root user. Passwords we create for our accounts are ignored and we cannot logout of the local terminal. This means anyone with physical access to the server automatically gains root access and, in addition, anyone on our local network gets access to the web-based admin panel. As it stands, it would not be safe to install ClonOS on a shared network.\nSome of the ideas present are good ones. I like the idea of jail templates and have used them on other systems. The graphical Bhyve tools could be useful too, if the limitations of the ISO manager are sorted out. But right now, ClonOS still has a way to go before it is likely to be safe or practical to use.\n\n\n\n\nCustomize ksh display for OpenBSD\n\n\nThe default shell for OpenBSD is ksh, and it looks a little monotonous.\nTo make its user-experience more friendly, I need to do some customizations:\n(1) Modify the “Prompt String” to display the user name and current directory:\nPS1='$USER:$PWD# '\n(2) Install colorls package:\npkg_add colorls\nUse it to replace the shipped ls command:\nalias ls='colorls -G'\n(3) Change LSCOLORS environmental variable to make your favorite color. For example, I don’t want the directory is displayed in default blue, change it to magenta:\nLSCOLORS=fxexcxdxbxegedabagacad\nFor detailed explanation of LSCOLORS, please refer manual of colorls.\nThis is my final modification of .profile:\nPS1='$USER:$PWD# '\nexport PS1\nLSCOLORS=fxexcxdxbxegedabagacad\nexport LSCOLORS\nalias ls='colorls -G'\n\n\n\n\nDragonFly 5 release candidate\n\n\nCommit\n\n\n\nI tagged DragonFly 5.0 (commit message list in that link) over the weekend, and there’s a 5.0 release candidate for download.\nIt’s RC2 because the recent Radeon changes had to be taken out.\n\n\n\n\nBeastie Bits\n\n\nFaster forwarding\nDRM-Next-Kmod hits the ports tree\nOpenBSD Community Goes Platinum\nSetting up iSCSI on TrueOS and FreeBSD12\n***\n\n\nFeedback/Questions\n\n\nChristopher - Virtualizing FreeNAS\nVan - Tar Question\nJoe - Book Reviews\n***\n","content_html":"\u003cp\u003eWe look at how Netflix serves 100 Gbps from an Open Connect Appliance, read through the 2nd quarter FreeBSD status report, show you a freebsd-update speedup via nginx reverse proxy, and customize your OpenBSD default shell.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/netflix-techblog/serving-100-gbps-from-an-open-connect-appliance-cdb51dda3b99\" rel=\"nofollow\"\u003eServing 100 Gbps from an Open Connect Appliance\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the summer of 2015, the Netflix Open Connect CDN team decided to take on an ambitious project. The goal was to leverage the new 100GbE network interface technology just coming to market in order to be able to serve at 100 Gbps from a single FreeBSD-based Open Connect Appliance (OCA) using NVM Express (NVMe)-based storage.\u003cbr\u003e\nAt the time, the bulk of our flash storage-based appliances were close to being CPU limited serving at 40 Gbps using single-socket Xeon E5–2697v2. The first step was to find the CPU bottlenecks in the existing platform while we waited for newer CPUs from Intel, newer motherboards with PCIe Gen3 x16 slots that could run the new Mellanox 100GbE NICs at full speed, and for systems with NVMe drives.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFake NUMA\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNormally, most of an OCA’s content is served from disk, with only 10–20% of the most popular titles being served from memory (see our previous blog, \u003ca href=\"https://medium.com/@NetflixTechBlog/content-popularity-for-open-connect-b86d56f613b\" rel=\"nofollow\"\u003eContent Popularity for Open Connect\u003c/a\u003e for details). However, our early pre-NVMe prototypes were limited by disk bandwidth. So we set up a contrived experiment where we served only the very most popular content on a test server. This allowed all content to fit in RAM and therefore avoid the temporary disk bottleneck. Surprisingly, the performance actually dropped from being CPU limited at 40 Gbps to being CPU limited at only 22 Gbps!\u003cbr\u003e\nThe ultimate solution we came up with is what we call “Fake NUMA”. This approach takes advantage of the fact that there is one set of page queues per NUMA domain. All we had to do was to lie to the system and tell it that we have one Fake NUMA domain for every 2 CPUs. After we did this, our lock contention nearly disappeared and we were able to serve at 52 Gbps (limited by the PCIe Gen3 x8 slot) with substantial CPU idle time.\u003cbr\u003e\nAfter we had newer prototype machines, with an Intel Xeon E5 2697v3 CPU, PCIe Gen3 x16 slots for 100GbE NIC, and more disk storage (4 NVMe or 44 SATA SSD drives), we hit another bottleneck, also related to a lock on a global list. We were stuck at around 60 Gbps on this new hardware, and we were constrained by pbufs.\u003cbr\u003e\nOur first problem was that the list was too small. We were spending a lot of time waiting for pbufs. This was easily fixed by increasing the number of pbufs allocated at boot time by increasing the kern.nswbuf tunable. However, this update revealed the next problem, which was lock contention on the global pbuf mutex. To solve this, we changed the vnode pager (which handles paging to files, rather than the swap partition, and hence handles all sendfile() I/O) to use the normal kernel zone allocator. This change removed the lock contention, and boosted our performance into the 70 Gbps range.\u003cbr\u003e\nAs noted above, we make heavy use of the VM page queues, especially the inactive queue. Eventually, the system runs short of memory and these queues need to be scanned by the page daemon to free up memory. At full load, this was happening roughly twice per minute. When this happened, all NGINX processes would go to sleep in vm_wait() and the system would stop serving traffic while the pageout daemon worked to scan pages, often for several seconds. This problem is actually made progressively worse as one adds NUMA domains, because there is one pageout daemon per NUMA domain, but the page deficit that it is trying to clear is calculated globally. So if the vm pageout daemon decides to clean, say 1GB of memory and there are 16 domains, each of the 16 pageout daemons will individually attempt to clean 1GB of memory.\u003cbr\u003e\nTo solve this problem, we decided to proactively scan the VM page queues. In the sendfile path, when allocating a page for I/O, we run the pageout code several times per second on each VM domain. The pageout code is run in its lightest-weight mode in the context of one unlucky NGINX process. Other NGINX processes continue to run and serve traffic while this is happening, so we can avoid bursts of pager activity that blocks traffic serving. Proactive scanning allowed us to serve at roughly 80 Gbps on the prototype hardware.\u003cbr\u003e\nHans Petter Selasky, Mellanox’s 100GbE driver developer, came up with an innovative solution to our problem. Most modern NICs will supply an Receive Side Scaling (RSS) hash result to the host. RSS is a standard developed by Microsoft wherein TCP/IP traffic is hashed by source and destination IP address and/or TCP source and destination ports. The RSS hash result will almost always uniquely identify a TCP connection. Hans’ idea was that rather than just passing the packets to the LRO engine as they arrive from the network, we should hold the packets in a large batch, and then sort the batch of packets by RSS hash result (and original time of arrival, to keep them in order). After the packets are sorted, packets from the same connection are adjacent even when they arrive widely separated in time. Therefore, when the packets are passed to the FreeBSD LRO routine, it can aggregate them.\u003cbr\u003e\nWith this new LRO code, we were able to achieve an LRO aggregation rate of over 2 packets per aggregation, and were able to serve at well over 90 Gbps for the first time on our prototype hardware for mostly unencrypted traffic. So the job was done. Or was it? The next goal was to achieve 100 Gbps while serving only TLS-encrypted streams. By this point, we were using hardware which closely resembles today’s 100GbE flash storage-based OCAs: four NVMe PCIe Gen3 x4 drives, 100GbE ethernet, Xeon E5v4 2697A CPU. With the improvements described in the Protecting Netflix Viewing Privacy at Scale blog entry, we were able to serve TLS-only traffic at roughly 58 Gbps.\u003cbr\u003e\nIn the lock contention problems we’d observed above, the cause of any increased CPU use was relatively apparent from normal system level tools like flame graphs, DTrace, or lockstat. The 58 Gbps limit was comparatively strange. As before, the CPU use would increase linearly as we approached the 58 Gbps limit, but then as we neared the limit, the CPU use would increase almost exponentially. Flame graphs just showed everything taking longer, with no apparent hotspots. We finally had a hunch that we were limited by our system’s memory bandwidth. We used the Intel® Performance Counter Monitor Tools to measure the memory bandwidth we were consuming at peak load. We then wrote a simple memory thrashing benchmark that used one thread per core to copy between large memory chunks that did not fit into cache. According to the PCM tools, this benchmark consumed the same amount of memory bandwidth as our OCA’s TLS-serving workload. So it was clear that we were memory limited. At this point, we became focused on reducing memory bandwidth usage. To assist with this, we began using the Intel VTune profiling tools to identify memory loads and stores, and to identify cache misses.\u003cbr\u003e\nBecause we are using sendfile() to serve data, encryption is done from the virtual memory page cache into connection-specific encryption buffers. This preserves the normal FreeBSD page cache in order to allow serving of hot data from memory to many connections. One of the first things that stood out to us was that the ISA-L encryption library was using half again as much memory bandwidth for memory reads as it was for memory writes. From looking at VTune profiling information, we saw that ISA-L was somehow reading both the source and destination buffers, rather than just writing to the destination buffer. We realized that this was because the AVX instructions used by ISA-L for encryption on our CPUs worked on 256-bit (32-byte) quantities, whereas the cache line size was 512-bits (64 bytes)?—?thus triggering the system to do read-modify-writes when data was written. The problem is that the the CPU will normally access the memory system in 64 byte cache line-sized chunks, reading an entire 64 bytes to access even just a single byte. After a quick email exchange with the ISA-L team, they provided us with a new version of the library that used non-temporal instructions when storing encryption results. Non-temporals bypass the cache, and allow the CPU direct access to memory. This meant that the CPU was no longer reading from the destination buffers, and so this increased our bandwidth from 58 Gbps to 65 Gbps.\u003cbr\u003e\nAt 100 Gbps, we’re moving about 12.5 GB/s of 4K pages through our system unencrypted. Adding encryption doubles that to 25 GB/s worth of 4K pages. That’s about 6.25 Million mbufs per second. When you add in the extra 2 mbufs used by the crypto code for TLS metadata at the beginning and end of each TLS record, that works out to another 1.6M mbufs/sec, for a total of about 8M mbufs/second. With roughly 2 cache line accesses per mbuf, that’s 128 bytes * 8M, which is 1 GB/s (8 Gbps) of data that is accessed at multiple layers of the stack (alloc, free, crypto, TCP, socket buffers, drivers, etc).\u003cbr\u003e\nAt this point, we’re able to serve 100% TLS traffic comfortably at 90 Gbps using the default FreeBSD TCP stack. However, the goalposts keep moving. We’ve found that when we use more advanced TCP algorithms, such as RACK and BBR, we are still a bit short of our goal. We have several ideas that we are currently pursuing, which range from optimizing the new TCP code to increasing the efficiency of LRO to trying to do encryption closer to the transfer of the data (either from the disk, or to the NIC) so as to take better advantage of Intel’s DDIO and save memory bandwidth.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html\" rel=\"nofollow\"\u003eFreeBSD April to June 2017 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#FreeBSD-Team-Reports\"\u003eFreeBSD Team Reports\u003c/a\u003e\u003cbr\u003e\n\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#FreeBSD-Release-Engineering-Team\"\u003eFreeBSD Release Engineering Team\u003c/a\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Ports-Collection\"\u003ePorts Collection\u003c/a\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#The-FreeBSD-Core-Team\"\u003eThe FreeBSD Core Team\u003c/a\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#The-FreeBSD-Foundation\"\u003eThe FreeBSD Foundation\u003c/a\u003e\u003c/li\u003e\u003cbr\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#The-Postmaster-Team\"\u003eThe Postmaster Team\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Projects\"\u003eProjects\u003c/a\u003e\u003c/h3\u003e\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#64-bit-Inode-Numbers\"\u003e64-bit Inode Numbers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Capability-Based-Network-Communication-for-Capsicum/CloudABI\"\u003eCapability-Based Network Communication for Capsicum/CloudABI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Ceph-on-FreeBSD\"\u003eCeph on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#DTS-Updates\"\u003eDTS Updates\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Kernel\"\u003eKernel\u003c/a\u003e\u003c/h3\u003e\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Coda-revival\"\u003eCoda revival\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#FreeBSD-Driver-for-the-Annapurna-Labs-ENA\"\u003eFreeBSD Driver for the Annapurna Labs ENA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Intel-10G-Driver-Update\"\u003eIntel 10G Driver Update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#pNFS-Server-Plan-B\"\u003epNFS Server Plan B\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Architectures\"\u003eArchitectures\u003c/a\u003e\u003c/h3\u003e\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#FreeBSD-on-Marvell-Armada38x\"\u003eFreeBSD on Marvell Armada38x\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#FreeBSD/arm64\"\u003eFreeBSD/arm64\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Userland-Programs\"\u003eUserland Programs\u003c/a\u003e\u003c/h3\u003e\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#DTC\"\u003eDTC\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Using-LLVM's-LLD-Linker-as-FreeBSD's-System-Linker\"\u003eUsing LLVM's LLD Linker as FreeBSD's System Linker\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Ports\"\u003ePorts\u003c/a\u003e\u003c/h3\u003e\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#A-New-USES-Macro-for-Porting-Cargo-Based-Rust-Applications\"\u003eA New USES Macro for Porting Cargo-Based Rust Applications\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#GCC-(GNU-Compiler-Collection)\"\u003eGCC (GNU Compiler Collection)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#GNOME-on-FreeBSD\"\u003eGNOME on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#KDE-on-FreeBSD\"\u003eKDE on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#New-Port:-FRRouting\"\u003eNew Port: FRRouting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#PHP-Ports:-Help-Improving-QA\"\u003ePHP Ports: Help Improving QA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Rust\"\u003eRust\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#sndio-Support-in-the-FreeBSD-Ports-Collection\"\u003esndio Support in the FreeBSD Ports Collection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#TensorFlow\"\u003eTensorFlow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Updating-Port-Metadata-for-non-x86-Architectures\"\u003eUpdating Port Metadata for non-x86 Architectures\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Xfce-on-FreeBSD\"\u003eXfce on FreeBSD\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Documentation\"\u003eDocumentation\u003c/a\u003e\u003c/h3\u003e\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Absolute-FreeBSD,-3rd-Edition\"\u003eAbsolute FreeBSD, 3rd Edition\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Doc-Version-Strings-Improved-by-Their-Absence\"\u003eDoc Version Strings Improved by Their Absence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#New-Xen-Handbook-Section\"\u003eNew Xen Handbook Section\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#Miscellaneous\"\u003eMiscellaneous\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#BSD-Meetups-at-Rennes-(France)\"\u003eBSD Meetups at Rennes (France)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.htmlThird-Party-Projects\"\u003eThird-Party Projects\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-04-2017-06.html#HardenedBSD\"\u003eHardenedBSD\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.pscp.tv/DPDKProject/1dRKZnleWbmKB?t=5h1m0s\" rel=\"nofollow\"\u003eDPDK, VPP, and the future of pfSense @ the DPDK Summit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe DPDK (Data Plane Development Kit) conference included a short update from the pfSense project\u003c/li\u003e\n\u003cli\u003eThe video starts with a quick introduction to pfSense and the company behind it\u003c/li\u003e\n\u003cli\u003eIt covers the issues they ran into trying to scale to 10gbps and beyond, and some of the solutions they tried: libuinet, netmap, packet-journey\u003c/li\u003e\n\u003cli\u003eThen they discovered VPP (Vector Packet Processing)\u003c/li\u003e\n\u003cli\u003eThe video then covers the architecture of the new pfSense\u003c/li\u003e\n\u003cli\u003epfSense has launched of EC2, on Azure soon, and will launch support for the new Atom C3000 and Xeon hardware with built-in QAT (Quick-Assist crypto offload) in November\u003c/li\u003e\n\u003cli\u003eThe future: 100gbps, MPLS, VXLANs, and ARM64 hardware support\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/VladimirKrstulja/Guides/FreeBSDUpdateReverseProxy\" rel=\"nofollow\"\u003eLocal nginx reverse proxy cache for freebsd-update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVladimir Krstulja has created this interesting tutorial on the FreeBSD wiki about a freebsd-update reverse proxy cache\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEither because you\u0026#39;re a good netizen and don\u0026#39;t want to repeatedly hammer the FreeBSD mirrors to upgrade all your systems, or you want to benefit from the speed of having a local \u0026quot;mirror\u0026quot; (cache, more precisely), running a freebsd update reverse proxy cache with, say, nginx is dead simple.\u003c/p\u003e\n\n\u003col\u003e\n\u003cli\u003eInstall nginx somewhere\u003c/li\u003e\n\u003cli\u003eConfigure nginx for a subdomain, say, freebsd-update.example.com\u003c/li\u003e\n\u003cli\u003eOn all your hosts, in all your jails, configure /etc/freebsd-update.conf for new ServerName\nAnd... that\u0026#39;s it. Running freebsd-update will use the ServerName domain which is your reverse nginx proxy. Note the comment about using a \u0026quot;nearby\u0026quot; server is not quite true. FreeBSD update mirrors are frequently slow and running such a reverse proxy cache significantly speeds things up.\nCaveats: This is a simple cache. That means it doesn\u0026#39;t consider the files as a whole repository, which in turn means updates to your cache are not atomic. It\u0026#39;d be advised to nuke your cache before your update run, as its point is only to retain the files in a local cache for some short period of time required for all your machines to be updated.\n***\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://clonos.tekroutine.com/\" rel=\"nofollow\"\u003eClonOS is a free, open-source FreeBSD-based platform for virtual environment creation and management\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe operating system uses FreeBSD\u0026#39;s development branch (12.0-CURRENT) as its base. ClonOS uses ZFS as the default file system and includes web-based administration tools for managing virtual machines and jails. The project\u0026#39;s website also mentions the availability of templates for quickly setting up new containers and web-based VNC access to jails. Puppet, we are told, can be used for configuration management.\u003cbr\u003e\nClonOS can be downloaded as a disk image file (IMG) or as an optical media image (ISO). I downloaded the ISO file which is 1.6GB in size. Booting from ClonOS\u0026#39;s media displays a text console asking us to select the type of text terminal we are using. There are four options and most people can probably safely take the default, xterm, option.\u003cbr\u003e\nThe operating system, on the surface, appears to be a full installation of FreeBSD 12. The usual collection of FreeBSD packages are available, including manual pages, a compiler and the typical selection of UNIX command line utilities. The operating system uses ZFS as its file system and uses approximately 3.3GB of disk space. ClonOS requires about 50MB of active memory and 143MB of wired memory before any services or jails are created.\u003cbr\u003e\nMost of the key features of ClonOS, the parts which set it apart from vanilla FreeBSD, can be accessed through a web-based control panel. When we connect to this control panel, over a plain HTTP connection, using our web browser, we are not prompted for an account name or password. The web-based interface has a straight forward layout. Down the left side of the browser window we find categories of options and controls. Over on the right side of the window are the specific options or controls available in the selected category. At the top of the page there is a drop-down menu where we can toggle the displayed language between English and Russian, with English being the default.\u003cbr\u003e\nThere are twelve option screens we can access in the ClonOS interface and I want to quickly give a summary of each one:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOverview - this page shows a top-level status summary. The page lists the number of jails and nodes in the system. We are also shown the number of available CPU cores and available RAM on the system.\u003c/li\u003e\n\u003cli\u003eJail containers - this page allows us to create and delete jails. We can also change some basic jail settings on this page, adjusting the network configuration and hostname. Plus we can click a button to open a VNC window that allows us to access the jail\u0026#39;s command line interface.\u003c/li\u003e\n\u003cli\u003eTemplate for jails - provides a list of available jail templates. Each template is listed with its name and a brief description. For example, we have a Wordpress template and a bittorrent template. We can click a listed template to create a new jail with a vanilla installation of the selected software included. We cannot download or create new templates from this page.\u003c/li\u003e\n\u003cli\u003eBhyve VMs - this page is very much like the Jails containers page, but concerns the creation of new virtual machines and managing them.\u003c/li\u003e\n\u003cli\u003eVirtual Private Network - allows for the management of subnets\u003c/li\u003e\n\u003cli\u003eAuthkeys - upload security keys for something, but it is not clear for what these keys will be used.\u003c/li\u003e\n\u003cli\u003eStorage media - upload ISO files that will be used when creating virtual machines and installing an operating system in the new virtual environment.\u003c/li\u003e\n\u003cli\u003eFreeBSD Bases - I think this page downloads and builds source code for alternative versions of FreeBSD, but I am unsure and could not find any associated documentation for this page.\u003c/li\u003e\n\u003cli\u003eFreeBSD Sources - download source code for various versions of FreeBSD.\u003c/li\u003e\n\u003cli\u003eTaskLog - browse logs of events, particularly actions concerning jails.\u003c/li\u003e\n\u003cli\u003eSQLite admin - this page says it will open an interface for managing a SQLite database. Clicking link on the page gives a file not found error.\u003c/li\u003e\n\u003cli\u003eSettings - this page simply displays a message saying the settings page has not been implemented yet.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile playing with ClonOS, I wanted to perform a couple of simple tasks. I wanted to use the Wordpress template to set up a blog inside a jail. I wanted a generic, empty jail in which I could play and run commands without harming the rest of the operating system. I also wanted to try installing an operating system other than FreeBSD inside a Bhyve virtual environment. I thought this would give me a pretty good idea of how quick and easy ClonOS would make common tasks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusions\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eClonOS appears to be in its early stages of development, more of a feature preview or proof-of-concept than a polished product. A few of the settings pages have not been finished yet, the web-based controls for jails are unable to create jails that connect to the network and I was unable to upload even small ISO files to create virtual machines.\u003cbr\u003e\nThe project\u0026#39;s website mentions working with Puppet to handle system configuration, but I did not encounter any Puppet options. There also does not appear to be any documentation on using Puppet on the ClonOS platform.\u003cbr\u003e\nOne of the biggest concerns I had was the lack of security on ClonOS. The web-based control panel and terminal both automatically login as the root user. Passwords we create for our accounts are ignored and we cannot logout of the local terminal. This means anyone with physical access to the server automatically gains root access and, in addition, anyone on our local network gets access to the web-based admin panel. As it stands, it would not be safe to install ClonOS on a shared network.\u003cbr\u003e\nSome of the ideas present are good ones. I like the idea of jail templates and have used them on other systems. The graphical Bhyve tools could be useful too, if the limitations of the ISO manager are sorted out. But right now, ClonOS still has a way to go before it is likely to be safe or practical to use.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://nanxiao.me/en/customize-ksh-display-for-openbsd/\" rel=\"nofollow\"\u003eCustomize ksh display for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe default shell for OpenBSD is ksh, and it looks a little monotonous.\u003cbr\u003e\nTo make its user-experience more friendly, I need to do some customizations:\u003cbr\u003e\n(1) Modify the “Prompt String” to display the user name and current directory:\u003cbr\u003e\nPS1=\u0026#39;$USER:$PWD# \u0026#39;\u003cbr\u003e\n(2) Install colorls package:\u003cbr\u003e\npkg_add colorls\u003cbr\u003e\nUse it to replace the shipped ls command:\u003cbr\u003e\nalias ls=\u0026#39;colorls -G\u0026#39;\u003cbr\u003e\n(3) Change LSCOLORS environmental variable to make your favorite color. For example, I don’t want the directory is displayed in default blue, change it to magenta:\u003cbr\u003e\nLSCOLORS=fxexcxdxbxegedabagacad\u003cbr\u003e\nFor detailed explanation of LSCOLORS, please refer manual of colorls.\u003cbr\u003e\nThis is my final modification of .profile:\u003cbr\u003e\nPS1=\u0026#39;$USER:$PWD# \u0026#39;\u003cbr\u003e\nexport PS1\u003cbr\u003e\nLSCOLORS=fxexcxdxbxegedabagacad\u003cbr\u003e\nexport LSCOLORS\u003cbr\u003e\nalias ls=\u0026#39;colorls -G\u0026#39;\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2017/10/02/20295.html\" rel=\"nofollow\"\u003eDragonFly 5 release candidate\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-September/626463.html\" rel=\"nofollow\"\u003eCommit\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI tagged DragonFly 5.0 (commit message list in that link) over the weekend, and there’s a \u003ca href=\"http://mirror-master.dragonflybsd.org/iso-images/\" rel=\"nofollow\"\u003e5.0 release candidate for download\u003c/a\u003e.\u003cbr\u003e\nIt’s RC2 because the recent Radeon changes \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-September/626476.html\" rel=\"nofollow\"\u003ehad to be taken out.\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.grenadille.net/post/2017/08/21/Faster-forwarding\" rel=\"nofollow\"\u003eFaster forwarding\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.freshports.org/graphics/drm-next-kmod/\" rel=\"nofollow\"\u003eDRM-Next-Kmod hits the ports tree\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://undeadly.org/cgi?action=article;sid=20170829025446\" rel=\"nofollow\"\u003eOpenBSD Community Goes Platinum\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=4myESLZPXBU\" rel=\"nofollow\"\u003eSetting up iSCSI on TrueOS and FreeBSD12\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eChristopher - \u003ca href=\"http://dpaste.com/38G99CK#wrap\" rel=\"nofollow\"\u003eVirtualizing FreeNAS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVan - \u003ca href=\"http://dpaste.com/3MEPD3S#wrap\" rel=\"nofollow\"\u003eTar Question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJoe - \u003ca href=\"http://dpaste.com/0T623Z6#wrap\" rel=\"nofollow\"\u003eBook Reviews\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We look at how Netflix serves 100 Gbps from an Open Connect Appliance, read through the 2nd quarter FreeBSD status report, show you a freebsd-update speedup via nginx reverse proxy, and customize your OpenBSD default shell.","date_published":"2017-10-11T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6b1d62bd-687d-46b1-afc8-3934b133d075.mp3","mime_type":"audio/mpeg","size_in_bytes":67385524,"duration_in_seconds":5615}]},{"id":"207dad42-9da7-47e3-a6d7-4fd257905cf1","title":"214: The history of man, kind","url":"https://www.bsdnow.tv/214","content_text":"The costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages, and more.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nThe Cost Of Open Sourcing Your Project\n\n\nAccusing a company of “dumping” their project as open source is probably misplaced – it’s an expensive business no-one would do frivolously.\nIf you see an active move to change software licensing or governance, it’s likely someone is paying for it and thus could justify the expense to an executive.\n\n\n\nA Little History\n\n\n\nSome case study cameos may help. From 2004 onwards, Sun Microsystems had a policy of all its software moving to open source. The company migrated almost all products to open source licenses, and had varying degrees of success engaging communities around the various projects, largely related to the outlooks of the product management and Sun developers for the project.\nSun occasionally received requests to make older, retired products open source. For example, Sun acquired a company called Lighthouse Design which created a respected suite of office productivity software for Steve Jobs’ NeXT platform. Strategy changes meant that software headed for the vault (while Jonathan Schwartz, a founder of Lighthouse, headed for the executive suite). Members of the public asked if Sun would open source some of this software, but these requests were declined because there was no business unit willing to fund the move.\nWhen Sun was later bought by Oracle, a number of those projects that had been made open source were abandoned. “Abandoning” software doesn’t mean leaving it for others; it means simply walking away from wherever you left it. In the case of Sun’s popular identity middleware products, that meant Oracle let the staff go and tried to migrate customers to other products, while remaining silent in public on the future of the project. But the code was already open source, so the user community was able to pick up the pieces and carry on, with help from Forgerock.\nIt costs a lot of money to open source a mature piece of commercial software, even if all you are doing is “throwing a tarball over the wall”. That’s why companies abandoning software they no longer care about so rarely make it open source, and those abandoning open source projects rarely move them to new homes that benefit others.\n\n\n\nIf all you have thought about is the eventual outcome, you may be surprised how expensive it is to get there. Costs include: For throwing a tarball over the wall:\nLegal clearance.\n\n\n\nHaving the right to use the software is not the same as giving everyone in the world an unrestricted right to use it and create derivatives. Checking every line of code to make sure you have the rights necessary to release under an OSI-approved license is a big task requiring high-value employees on the “liberation team”. That includes both developers and lawyers; neither come cheap.\n\n\n\nRepackaging.\n\n\n\nTo pass it to others, a self-contained package containing all necessary source code, build scripts and non-public source and tool dependencies has to be created since it is quite unlikely to exist internally. Again, the liberation team will need your best developers.\n\n\n\nPreserving provenance.\n\n\n\nJust because you have confidence that you have the rights to the code, that doesn’t mean anyone else will. The version control system probably contains much of the information that gives confidence about who wrote which code, so the repackaging needs to also include a way to migrate the commit information.\n\n\n\nCode cleaning.\n\n\n\nThe file headers will hopefully include origin information but the liberation team had better check. They also need to check the comments for libel and profanities, not to mention trade secrets (especially those from third parties) and other IP issues.\n\n\n\nFor a sustainable project, all the above plus:\nCompliance with host governance.\n\n\n\nIt is a fantastic idea to move your project to a host like Apache, Conservancy, Public Software and so on. But doing so requires preparatory work. As a minimum you will need to negotiate with the new host organisation, and they may well need you to satisfy their process requirements. Paperwork obviously, but also the code may need conforming copyright statements and more. That’s more work for your liberation team.\n\n\n\nMigration of rights.\n\n\n\nYour code has an existing community who will need to migrate to your new host. That includes your staff – they are community too! They will need commit rights, governance rights, social media rights and more. Your liberation team will need your community manager, obviously, but may also need HR input.\n\n\n\nEndowment.\n\n\n\nKeeping your project alive will take money. It’s all been coming from you up to this point, but if you simply walk away before the financial burden has been accepted by the new community and hosts there may be a problem. You should consider making an endowment to your new host to pay for their migration costs plus the cost of hosting the community for at least a year.\n\n\n\nMarketing.\n\n\n\nExplaining the move you are making, the reasons why you are making it and the benefits for you and the community is important. If you don’t do it, there are plenty of trolls around who will do it for you. Creating a news blog post and an FAQ — the minimum effort necessary — really does take someone experienced and you’ll want to add such a person to your liberation team.\n\n\n\nMotivations\nThere has to be some commercial reason that makes the time, effort and thus expense worth incurring. Some examples of motivations include:\nMarket Strategy.\n\n\n\nAn increasing number of companies are choosing to create substantial, openly-governed open source communities around software that contributes to their business. An open multi-stakeholder co-developer community is an excellent vehicle for innovation at the lowest cost to all involved. As long as your market strategy doesn’t require creating artificial scarcity.\n\n\n\nContract with a third party.\n\n\n\nWhile the owner of the code may no longer be interested, there may be one or more parties to which they owe a contractual responsibility. Rather than breaching that contract, or buying it out, a move to open source may be better. Some sources suggest a contractual obligation to IBM was the reason Oracle abandoned OpenOffice.org by moving it over to the Apache Software Foundation for example.\n\n\n\nLarger dependent ecosystem.\n\n\n\nYou may have no further use for the code itself, but you may well have other parts of your business which depend on it. If they are willing to collectively fund development you might consider an “inner source” strategy which will save you many of the costs above. But the best way to proceed may well be to open the code so your teams and those in other companies can fund the code.\n\n\n\nInternal politics.\n\n\n\nFrom the outside, corporations look monolithic, but from the inside it becomes clear they are a microcosm of the market in which they exist. As a result, they have political machinations that may be addressed by open source. One of Oracle’s motivations for moving NetBeans to Apache seems to have been political. Despite multiple internal groups needing it to exist, the code was not generating enough direct revenue to satisfy successive executive owners, who allegedly tried to abandon it on more than one occasion. Donating it to Apache meant that couldn’t happen again.\n\nNone of this is to say a move to open source guarantees the success of a project. A “Field of Dreams” strategy only works in the movies, after all. But while it may be tempting to look at a failed corporate liberation and describe it as “abandonware”, chances are it was intended as nothing of the kind.\n\n\n\n\nWhy PS4 downloads are so slow\n\n\nFrom the blog that brought us “The origins of XXX as FIXME” and “The mystery of the hanging S3 downloads”, this week it is: “Why are PS4 downloads so slow?”\n\n\n\nGame downloads on PS4 have a reputation of being very slow, with many people reporting downloads being an order of magnitude faster on Steam or Xbox. This had long been on my list of things to look into, but at a pretty low priority. After all, the PS4 operating system is based on a reasonably modern FreeBSD (9.0), so there should not be any crippling issues in the TCP stack.\nThe implication is that the problem is something boring, like an inadequately dimensioned CDN. But then I heard that people were successfully using local HTTP proxies as a workaround. It should be pretty rare for that to actually help with download speeds, which made this sound like a much more interesting problem.\nBefore running any experiments, it's good to have a mental model of how the thing we're testing works, and where the problems might be. If nothing else, it will guide the initial experiment design.\n The speed of a steady-state TCP connection is basically defined by three numbers. The amount of data the client is will to receive on a single round-trip (TCP receive window), the amount of data the server is willing to send on a single round-trip (TCP congestion window), and the round trip latency between the client and the server (RTT). To a first approximation, the connection speed will be:\n   speed = min(rwin, cwin) / RTT \nWith this model, how could a proxy speed up the connection?\n\n\n\nThe speed through the proxy should be the minimum of the speed between the client and proxy, and the proxy and server. It should only possibly be slower\n\n\n\nWith a local proxy the client-proxy RTT will be very low; that connection is almost guaranteed to be the faster one. The improvement will have to be from the server-proxy connection being somehow better than the direct client-server one. The RTT will not change, so there are just two options: either the client has a much smaller receive window than the proxy, or the client is somehow causing the server's congestion window to decrease. (E.g. the client is randomly dropping received packets, while the proxy isn't).\n\n\n\nAfter setting up a test rig, where the PS4’s connection was bridged through a linux box so packets could be captured, and artificial latency could be added, some interested results came up:\n\n\n\nThe differences in receive windows at different times are striking. And more important, the changes in the receive windows correspond very well to specific things I did on the PS4\nWhen the download was started, the game Styx: Shards of Darkness was running in the background (just idling in the title screen). The download was limited by a receive window of under 7kB. This is an incredibly low value; it's basically going to cause the downloads to take 100 times longer than they should. And this was not a coincidence, whenever that game was running, the receive window would be that low.\nHaving an app running (e.g. Netflix, Spotify) limited the receive window to 128kB, for about a 5x reduction in potential download speed.\nMoving apps, games, or the download window to the foreground or background didn't have any effect on the receive window.\nPlaying an online match in a networked game (Dreadnought) caused the receive window to be artificially limited to 7kB.\nI ran a speedtest at a time when downloads were limited to 7kB receive window. It got a decent receive window of over 400kB; the conclusion is that the artificial receive window limit appears to only apply to PSN downloads.\nWhen a game was started (causing the previously running game to be stopped automatically), the receive window could increase to 650kB for a very brief period of time. Basically it appears that the receive window gets unclamped when the old game stops, and then clamped again a few seconds later when the new game actually starts up.\nI did a few more test runs, and all of them seemed to support the above findings. The only additional information from that testing is that the rest mode behavior was dependent on the PS4 settings. Originally I had it set up to suspend apps when in rest mode. If that setting was disabled, the apps would be closed when entering in rest mode, and the downloads would proceed at full speed.\nThe PS4 doesn't make it very obvious exactly what programs are running. For games, the interaction model is that opening a new game closes the previously running one. This is not how other apps work; they remain in the background indefinitely until you explicitly close them.\n\n\n\nSo, FreeBSD and its network stack are not to blame\nSony used a poor method to try to keep downloads from interfering with your gameplay\nThe impact of changing the receive window is highly dependant upon RTT, so it doesn’t work as evenly as actual traffic shaping or queueing would.\nAn interesting deep dive, it is well worth reading the full article and checking out the graphs\n***\n\n\nOpenSSH 7.6 Released\n\n\nFrom the release notes:\n\n\n\nThis release includes a number of changes that may affect existing\nconfigurations:\nssh(1): delete SSH protocol version 1 support, associated\n   configuration options and documentation.\n ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.\n ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST\nRefuse RSA keys \u0026lt;1024 bits in length and improve reporting for keys that do not meet \nthis requirement.\nssh(1): do not offer CBC ciphers by default.\n\n\n\nChanges since OpenSSH 7.5\nThis is primarily a bugfix release. It also contains substantial internal refactoring.\n\n\n\nSecurity: sftp-server(8): in read-only mode, sftp-server was incorrectly permitting creation of zero-length files. Reported by Michal Zalewski.\n\n\n\nNew features: \n\n\n\nssh(1): add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client's command line. This allows the configuration file to specify the command that will be executed on the remote host.\nsshd(8): add ExposeAuthInfo option that enables writing details of the authentication methods used (including public keys where applicable) to a file that is exposed via a $SSH_USER_AUTH environment variable in the subsequent session.\nssh(1): add support for reverse dynamic forwarding. In this mode, ssh will act as a SOCKS4/5 proxy and forward connections to destinations requested by the remote SOCKS client. This mode is requested using extended syntax for the -R and RemoteForward options and, because it is implemented solely at the client, does not require the server be updated to be supported.\nsshd(8): allow LogLevel directive in sshd_config Match blocks;\nssh-keygen(1): allow inclusion of arbitrary string or flag certificate extensions and critical options.\nssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates.\n ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default.\nssh-add(1): added -q option to make ssh-add quiet on success.\nssh(1): expand the StrictHostKeyChecking option with two new settings. The first \"accept-new\" will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. This is a safer subset of the current behaviour of StrictHostKeyChecking=no. The second setting \"off\", is a synonym for the current behaviour of StrictHostKeyChecking=no: accept new host keys, and continue connection for hosts with incorrect hostkeys. A future release will change the meaning of StrictHostKeyChecking=no to the behaviour of \"accept-new\".\nssh(1): add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8).\n\n\n\nCheck out the bugfixes and portability sections, too. \n***\n\n\nNews Roundup\n\nFreeBSD comes to FiFo 0.9.3 with vmadm\n\n\nWhat is Project FiFo? It’s an Open Source SmartOS Cloud Management and orchestration software. FiFo can be installed on SmartOS zones, running on standard compute nodes. There is no need for dedicated hardware or server roles.\n\n\n\nFiFo 0.9.3 has been in the works for a while, and it comes with quite a few new features. With our last release, we started experimenting with FreeBSD support. Since then much work has gone into improving this. We also did something rather exciting with the mystery box! However, more on that in a later post.\nThe stable release of 0.9.3 will land within a few days with only packaging and documentation tasks left to do. Part of this means that we’ll have packages for all major components that work natively on BSD. There is no more need for a SmartOS box to run the components!\nWhen we introduced FreeBSD support last version we marked it as an experimental feature. We needed to try out and experiment what works and what does not. Understand the way FreeBSD does things, what tools exist, and how those align with our workflow. Bottomline we were not even sure BSD support was a thing in the future.\nWe are happy to announce that with 0.9.3 we are now sure BSD support is a thing, and it is here to remain. That said it was good that we experimented in the last release, we did some significant changes to what we have now. When first looking at FreeBSD we went ahead and used existing tooling, namely iocage, to manage jails. It turns out the tooling around jails is not on par with what exists on illumos and especially SmartOS. The goodness of vmadm as a CLI for managing zones is just unparalleled. So we do what every (in)sane person would do!\nSo with 0.9.3, we did what every (in)sane person would do! We implemented a version of vmadm that would work with FreeBSD and jails and keep the same CLI. Our clone works completely stand alone; vmadm is a compiled binary, written in rust which is blazing fast! The design takes up lessons learned from both zoneadm and vmadm in illumos/SmartOS for how things work instead of trying to reinvent the wheel. Moreover, while we love giving the FreeBSD community a tool we learned to love on SmartOS this also makes things a lot easier for us. FiFo now can use the same logic on SmartOS and FreeBSD as the differences are abstracted away inside of vmadm. That said there are a few notable differences.\nFirst of all, vmadm uses datasets the same way it does on SmartOS. However, there is no separate imgadm tool. Instead, we encapsulate the commands under vmadm images. To make this work we also provide a dataset server with base images for FreeBSD that used the same API as SmartOS dataset servers. Second, we needed to work around some limitations in VNET to make jails capable of being fully utilized in multi-tenancy environments.\nNested vnet jails on freebsd While on illumos a virtual nic can be bound to an IP that can not be changed from inside the zone, VNET does not support this. Preventing tenants from messing with IP settings is crucial from a security standpoint!\nTo work around that each jail created by vmadm are two jails: a minimal outer jail with nothing but a VNET interface, no IP or anything and an internal one that runs the user code. This outer jail then creates an inner jail with an inherited NIC that gets a fixed IP, combining both the security of a VNET jail as well as the security of a fixed IP interface.\nThe nested jail layout resembles the way that SmartOS handles KVM machines, running KVM inside a zone. So in addition to working around VNET limitations, this already paves the way for bhyve nested in jails that might come in a future release. We hope to leverage the same two-step with just a different executable started in the outer jail instead of the jail command itself.\n\n\n\n\nHistory of UNIX Manpages\n\n\nWhere do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage source writers and readers: where were those economical two- and three-letter instructions developed? The many accounts available on the Internet lack citations and are at times inconsistent.\nIn this article, I reconstruct the history of the UNIX manpage based on source code, manuals, and first-hand accounts.\nSpecial thanks to Paul Pierce for his CTSS source archive; Bernard Nivelet for the Multics Internet Server; the UNIX Heritage Society for their research UNIX source reconstruction; Gunnar Ritter for the Heirloom Project sources; Alcatel-Lucent Bell Labs for the Plan 9 sources; BitSavers for their historical archive; and last but not least, Rudd Canaday, James Clarke, Brian Kernighan, Douglas McIlroy, Nils-Peter Nelson, Jerome Saltzer, Henry Spencer, Ken Thompson, and Tom Van Vleck for their valuable contributions.\n\nPlease see the Copyright section if you plan on reproducing parts of this work.\n\n\n\nPeople:\n\n\nAbell, Vic\nCanaday, Rudd\nCapps, Dennis\nClarke, James\nDzonsons, Kristaps\nKernighan, Brian\nMadnick, Stuart\nMcIlroy, Douglas\nMorris, Robert\nOssanna, Joseph F.\nRitchie, Dennis\nRitter, Gunnar\nSaltzer, Jerome H.\nSpencer, Henry\nThompson, Ken\n***\n\n\n\nBSDCam 2017 Trip Report: Mathieu Arnold\n\n\nIt seems that every time I try to go to England using the Eurostar, it gets delayed between 30 minutes and 2 hours. This year, it got my 45 minute layover down to 10 minutes. Luckily, King’s Cross is literally across the street from Saint Pancras, and I managed to get into my second train just in time.\nI arrived in Cambridge on Tuesday right on time for tea. A quick walk from the station got me to St Catharine’s College. This year, we were in a different building for the rooms, so I listened to the convoluted explanation the porter gave me to get to my room, I managed to get there without getting lost more than once. That evening was almost organized as we got together for dinner at the usual pub, the Maypole.\n\n\n\nWednesday:\n\n\n\nThe weather is lovely, and it is a good thing as there is a 25-30 minute walk from the College to the Computer Laboratory where the devsummit happens. The first morning is for deciding what we are going to talk about for the rest of the week, so we all go in turn introducing ourselves and voicing about what we would like to talk about. There are a few subjects that are of interest to me, so I listen to the toolchain discussions while writing new bits for the Porter’s Handbook.\n\n\n\nThursday:\n\n\n\nI spent most of the day writing documentation, and talked a bit with a couple of DocEng members about joining the team as I would like to give some love to the build framework that has not been touched in a long time. At the end of the afternoon is a packaging session, we talked about the status of package in base, which is not really going anywhere right now. On the ports side, three aspects that are making good progress include, package flavors, sub packages, and migrating some base libraries to private libraries, which is a nightmare because of openssl, and kerberos, and pam. That evening, we had the formal diner at St John’s College, I love those old buildings that reminds me of Hogwarts. (I am sure there is a quidditch pitch somewhere nearby.)\n\n\n\nFriday:\n\n\n\nLast day. I continued to write documentation, while listening to a provisioning session. It would be great to have bhyve support in existing orchestration tools like vagrant, openstack, or maybe ganeti. We end the day, and the devsummit with short talks, some very interesting, some going way over my head.\nThe weekend is here. I spent most of Saturday strolling in some of the numerous Cambridge parks, gardens, greens, fens… and I worked on a knitting pattern in the evening. On Sunday, I ate my last full gargantuan english breakfast of the year, and then back in a train to King’s Cross, and a Eurostar (this one on time) back to Paris.\nI would like to thank the FreeBSD Foundation for making this trip possible for me.\n\n\n\n\nGSoC 2017 Reports: Add SUBPACKAGES support to pkgsrc, part 1\n\n\nIntroduction\nSUBPACKAGES (on some package systems they are known as multi-packages, but this term for pkgsrc is already used by packages that can be built against several versions (e.g. Python, PHP, Ruby packages)) consist in generating multiple binary packages from a single pkgsrc package. For example, from a pkgsrc package - local/frobnitzem - we will see how to generate three separate binary packages: frobnitzem-foo, frobnitzem-bar and frobnitzem-baz.\nThis can be useful to separate several components of binary packages (and avoid to run the extract and configure phase two times!), for debugpkgs (so that all *.debug files containing debug symbols are contained in a separate -debugpkg package that can be installed only when it is needed), etc..\nAn high-level look at how SUBPACKAGES support is implemented\nMost of the changes needed are in mk/pkgformat/pkg/ hierarchy (previously known as mk/flavour and then renamed and generalized to other package formats during Anton Panev's Google Summer of Code 2011).\nThe code in mk/pkgformat/${PKG_FORMAT}/ handle the interaction of pkgsrc with the particular ${PKG_FORMAT}, e.g. for pkg populate meta-data files used by pkg_create(1), install/delete packages via pkg_add(1), and pkg_delete(1), etc.\nConclusion\nIn this first part of this blog post series we have seen what are SUBPACKAGES, when and why they can be useful.\nWe have then seen a practical example of them taking a very trivial package and learned how to \"subpackage-ify\" it.\nThen we have described - from an high-level perspective - the changes needed to the pkgsrc infrastructure for the SUBPACKAGES features that we have used. If you are more interested in them please give a look to the pkgsrc debugpkg branch that contains all work done described in this blog post.\nIn the next part we will see how to handle DEPENDS and buildlink3 inclusion for subpackages.\n**\n\n\nBeastie Bits\n\n\nFirst partial boot of FreeBSD on Power8\nThe new TNF Board of Directors are installed and patched for 2017.\nOpen Source Summit 2017 October 23-26, 2017, Prague, Czech Republic Giovanni Bechis will give a talk about seccomp(2) vs pledge(2)\nMy first patch to OpenBSD\n\n\n\n\nFeedback/Questions\n\n\nBrian - OPNSense Facebook Group\nMark Felder - ZFS Health via SNMP\nMatt - Cantrill Presentation\n***\n","content_html":"\u003cp\u003eThe costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages, and more.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://meshedinsights.com/2016/09/20/open-source-unlikely-to-be-abandonware/\" rel=\"nofollow\"\u003eThe Cost Of Open Sourcing Your Project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAccusing a company of “dumping” their project as open source is probably misplaced – it’s an expensive business no-one would do frivolously.\u003cbr\u003e\nIf you see an active move to change software licensing or governance, it’s likely someone is paying for it and thus could justify the expense to an executive.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Little History\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSome case study cameos may help. From 2004 onwards, Sun Microsystems had a policy of all its software moving to open source. The company migrated almost all products to open source licenses, and had varying degrees of success engaging communities around the various projects, largely related to the outlooks of the product management and Sun developers for the project.\u003cbr\u003e\nSun occasionally received requests to make older, retired products open source. For example, Sun acquired a company called Lighthouse Design which created a respected suite of office productivity software for Steve Jobs’ NeXT platform. Strategy changes meant that software headed for the vault (while Jonathan Schwartz, a founder of Lighthouse, headed for the executive suite). Members of the public asked if Sun would open source some of this software, but these requests were declined because there was no business unit willing to fund the move.\u003cbr\u003e\nWhen Sun was later bought by Oracle, a number of those projects that had been made open source were abandoned. “Abandoning” software doesn’t mean leaving it for others; it means simply walking away from wherever you left it. In the case of Sun’s popular identity middleware products, that meant Oracle let the staff go and tried to migrate customers to other products, while remaining silent in public on the future of the project. But the code was already open source, so the user community was able to pick up the pieces and carry on, with help from Forgerock.\u003cbr\u003e\nIt costs a lot of money to open source a mature piece of commercial software, even if all you are doing is “throwing a tarball over the wall”. That’s why companies abandoning software they no longer care about so rarely make it open source, and those abandoning open source projects rarely move them to new homes that benefit others.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf all you have thought about is the eventual outcome, you may be surprised how expensive it is to get there. Costs include: For throwing a tarball over the wall:\u003c/li\u003e\n\u003cli\u003eLegal clearance.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHaving the right to use the software is not the same as giving everyone in the world an unrestricted right to use it and create derivatives. Checking every line of code to make sure you have the rights necessary to release under an OSI-approved license is a big task requiring high-value employees on the “liberation team”. That includes both developers and lawyers; neither come cheap.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRepackaging.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo pass it to others, a self-contained package containing all necessary source code, build scripts and non-public source and tool dependencies has to be created since it is quite unlikely to exist internally. Again, the liberation team will need your best developers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePreserving provenance.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJust because you have confidence that you have the rights to the code, that doesn’t mean anyone else will. The version control system probably contains much of the information that gives confidence about who wrote which code, so the repackaging needs to also include a way to migrate the commit information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCode cleaning.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe file headers will hopefully include origin information but the liberation team had better check. They also need to check the comments for libel and profanities, not to mention trade secrets (especially those from third parties) and other IP issues.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor a sustainable project, all the above plus:\u003c/li\u003e\n\u003cli\u003eCompliance with host governance.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt is a fantastic idea to move your project to a host like Apache, Conservancy, Public Software and so on. But doing so requires preparatory work. As a minimum you will need to negotiate with the new host organisation, and they may well need you to satisfy their process requirements. Paperwork obviously, but also the code may need conforming copyright statements and more. That’s more work for your liberation team.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMigration of rights.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYour code has an existing community who will need to migrate to your new host. That includes your staff – they are community too! They will need commit rights, governance rights, social media rights and more. Your liberation team will need your community manager, obviously, but may also need HR input.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEndowment.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKeeping your project alive will take money. It’s all been coming from you up to this point, but if you simply walk away before the financial burden has been accepted by the new community and hosts there may be a problem. You should consider making an endowment to your new host to pay for their migration costs plus the cost of hosting the community for at least a year.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMarketing.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eExplaining the move you are making, the reasons why you are making it and the benefits for you and the community is important. If you don’t do it, there are plenty of trolls around who will do it for you. Creating a news blog post and an FAQ — the minimum effort necessary — really does take someone experienced and you’ll want to add such a person to your liberation team.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMotivations\u003c/li\u003e\n\u003cli\u003eThere has to be some commercial reason that makes the time, effort and thus expense worth incurring. Some examples of motivations include:\u003c/li\u003e\n\u003cli\u003eMarket Strategy.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAn increasing number of companies are choosing to create substantial, openly-governed open source communities around software that contributes to their business. An open multi-stakeholder co-developer community is an excellent vehicle for innovation at the lowest cost to all involved. As long as your market strategy doesn’t require creating artificial scarcity.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eContract with a third party.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile the owner of the code may no longer be interested, there may be one or more parties to which they owe a contractual responsibility. Rather than breaching that contract, or buying it out, a move to open source may be better. Some sources suggest a contractual obligation to IBM was the reason Oracle abandoned OpenOffice.org by moving it over to the Apache Software Foundation for example.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLarger dependent ecosystem.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou may have no further use for the code itself, but you may well have other parts of your business which depend on it. If they are willing to collectively fund development you might consider an “inner source” strategy which will save you many of the costs above. But the best way to proceed may well be to open the code so your teams and those in other companies can fund the code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInternal politics.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFrom the outside, corporations look monolithic, but from the inside it becomes clear they are a microcosm of the market in which they exist. As a result, they have political machinations that may be addressed by open source. One of Oracle’s motivations for moving NetBeans to Apache seems to have been political. Despite multiple internal groups needing it to exist, the code was not generating enough direct revenue to satisfy successive executive owners, who allegedly tried to abandon it on more than one occasion. Donating it to Apache meant that couldn’t happen again.\u003c/p\u003e\n\n\u003cp\u003eNone of this is to say a move to open source guarantees the success of a project. A “Field of Dreams” strategy only works in the movies, after all. But while it may be tempting to look at a failed corporate liberation and describe it as “abandonware”, chances are it was intended as nothing of the kind.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.snellman.net/blog/archive/2017-08-19-slow-ps4-downloads/\" rel=\"nofollow\"\u003eWhy PS4 downloads are so slow\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the blog that brought us “\u003ca href=\"https://www.snellman.net/blog/archive/2017-04-17-xxx-fixme/\" rel=\"nofollow\"\u003eThe origins of XXX as FIXME\u003c/a\u003e” and “\u003ca href=\"https://www.snellman.net/blog/archive/2017-07-20-s3-mystery/\" rel=\"nofollow\"\u003eThe mystery of the hanging S3 downloads\u003c/a\u003e”, this week it is: “Why are PS4 downloads so slow?”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGame downloads on PS4 have a reputation of being very slow, with many people reporting downloads being an order of magnitude faster on Steam or Xbox. This had long been on my list of things to look into, but at a pretty low priority. After all, the PS4 operating system is based on a reasonably modern FreeBSD (9.0), so there should not be any crippling issues in the TCP stack.\u003cbr\u003e\nThe implication is that the problem is something boring, like an inadequately dimensioned CDN. But then I heard that people were successfully using local HTTP proxies as a workaround. It should be pretty rare for that to actually help with download speeds, which made this sound like a much more interesting problem.\u003cbr\u003e\nBefore running any experiments, it\u0026#39;s good to have a mental model of how the thing we\u0026#39;re testing works, and where the problems might be. If nothing else, it will guide the initial experiment design.\u003cbr\u003e\n The speed of a steady-state TCP connection is basically defined by three numbers. The amount of data the client is will to receive on a single round-trip (TCP receive window), the amount of data the server is willing to send on a single round-trip (TCP congestion window), and the round trip latency between the client and the server (RTT). To a first approximation, the connection speed will be:\u003cbr\u003e\n  \u003ccode\u003e speed = min(rwin, cwin) / RTT \u003c/code\u003e\u003cbr\u003e\nWith this model, how could a proxy speed up the connection?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe speed through the proxy should be the minimum of the speed between the client and proxy, and the proxy and server. It should only possibly be slower\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith a local proxy the client-proxy RTT will be very low; that connection is almost guaranteed to be the faster one. The improvement will have to be from the server-proxy connection being somehow better than the direct client-server one. The RTT will not change, so there are just two options: either the client has a much smaller receive window than the proxy, or the client is somehow causing the server\u0026#39;s congestion window to decrease. (E.g. the client is randomly dropping received packets, while the proxy isn\u0026#39;t).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter setting up a test rig, where the PS4’s connection was bridged through a linux box so packets could be captured, and artificial latency could be added, some interested results came up:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe differences in receive windows at different times are striking. And more important, the changes in the receive windows correspond very well to specific things I did on the PS4\u003cbr\u003e\nWhen the download was started, the game Styx: Shards of Darkness was running in the background (just idling in the title screen). The download was limited by a receive window of under 7kB. This is an incredibly low value; it\u0026#39;s basically going to cause the downloads to take 100 times longer than they should. And this was not a coincidence, whenever that game was running, the receive window would be that low.\u003cbr\u003e\nHaving an app running (e.g. Netflix, Spotify) limited the receive window to 128kB, for about a 5x reduction in potential download speed.\u003cbr\u003e\nMoving apps, games, or the download window to the foreground or background didn\u0026#39;t have any effect on the receive window.\u003cbr\u003e\nPlaying an online match in a networked game (Dreadnought) caused the receive window to be artificially limited to 7kB.\u003cbr\u003e\nI ran a speedtest at a time when downloads were limited to 7kB receive window. It got a decent receive window of over 400kB; the conclusion is that the artificial receive window limit appears to only apply to PSN downloads.\u003cbr\u003e\nWhen a game was started (causing the previously running game to be stopped automatically), the receive window could increase to 650kB for a very brief period of time. Basically it appears that the receive window gets unclamped when the old game stops, and then clamped again a few seconds later when the new game actually starts up.\u003cbr\u003e\nI did a few more test runs, and all of them seemed to support the above findings. The only additional information from that testing is that the rest mode behavior was dependent on the PS4 settings. Originally I had it set up to suspend apps when in rest mode. If that setting was disabled, the apps would be closed when entering in rest mode, and the downloads would proceed at full speed.\u003cbr\u003e\nThe PS4 doesn\u0026#39;t make it very obvious exactly what programs are running. For games, the interaction model is that opening a new game closes the previously running one. This is not how other apps work; they remain in the background indefinitely until you explicitly close them.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo, FreeBSD and its network stack are not to blame\u003c/li\u003e\n\u003cli\u003eSony used a poor method to try to keep downloads from interfering with your gameplay\u003c/li\u003e\n\u003cli\u003eThe impact of changing the receive window is highly dependant upon RTT, so it doesn’t work as evenly as actual traffic shaping or queueing would.\u003c/li\u003e\n\u003cli\u003eAn interesting deep dive, it is well worth reading the full article and checking out the graphs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openssh.com/releasenotes.html#7.6\" rel=\"nofollow\"\u003eOpenSSH 7.6 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the release notes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis release includes a number of changes that may affect existing\u003cbr\u003e\nconfigurations:\u003cbr\u003e\nssh(1): delete SSH protocol version 1 support, associated\u003cbr\u003e\n   configuration options and documentation.\u003cbr\u003e\n ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.\u003cbr\u003e\n ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST\u003cbr\u003e\nRefuse RSA keys \u0026lt;1024 bits in length and improve reporting for keys that do not meet \u003cbr\u003e\nthis requirement.\u003cbr\u003e\nssh(1): do not offer CBC ciphers by default.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eChanges since OpenSSH 7.5\u003c/li\u003e\n\u003cli\u003eThis is primarily a bugfix release. It also contains substantial internal refactoring.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSecurity: sftp-server(8): in read-only mode, sftp-server was incorrectly permitting creation of zero-length files. Reported by Michal Zalewski.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew features: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003essh(1): add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client\u0026#39;s command line. This allows the configuration file to specify the command that will be executed on the remote host.\u003cbr\u003e\nsshd(8): add ExposeAuthInfo option that enables writing details of the authentication methods used (including public keys where applicable) to a file that is exposed via a $SSH_USER_AUTH environment variable in the subsequent session.\u003cbr\u003e\nssh(1): add support for reverse dynamic forwarding. In this mode, ssh will act as a SOCKS4/5 proxy and forward connections to destinations requested by the remote SOCKS client. This mode is requested using extended syntax for the -R and RemoteForward options and, because it is implemented solely at the client, does not require the server be updated to be supported.\u003cbr\u003e\nsshd(8): allow LogLevel directive in sshd_config Match blocks;\u003cbr\u003e\nssh-keygen(1): allow inclusion of arbitrary string or flag certificate extensions and critical options.\u003cbr\u003e\nssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates.\u003cbr\u003e\n ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default.\u003cbr\u003e\nssh-add(1): added -q option to make ssh-add quiet on success.\u003cbr\u003e\nssh(1): expand the StrictHostKeyChecking option with two new settings. The first \u0026quot;accept-new\u0026quot; will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. This is a safer subset of the current behaviour of StrictHostKeyChecking=no. The second setting \u0026quot;off\u0026quot;, is a synonym for the current behaviour of StrictHostKeyChecking=no: accept new host keys, and continue connection for hosts with incorrect hostkeys. A future release will change the meaning of StrictHostKeyChecking=no to the behaviour of \u0026quot;accept-new\u0026quot;.\u003cbr\u003e\nssh(1): add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the bugfixes and portability sections, too. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.project-fifo.net/freebsd-in-fifo-0-9-3/\" rel=\"nofollow\"\u003eFreeBSD comes to FiFo 0.9.3 with vmadm\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is Project FiFo? It’s an Open Source SmartOS Cloud Management and orchestration software. FiFo can be installed on SmartOS zones, running on standard compute nodes. There is no need for dedicated hardware or server roles.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFiFo 0.9.3 has been in the works for a while, and it comes with quite a few new features. With our last release, we started experimenting with FreeBSD support. Since then much work has gone into improving this. We also did something rather exciting with the mystery box! However, more on that in a later post.\u003cbr\u003e\nThe stable release of 0.9.3 will land within a few days with only packaging and documentation tasks left to do. Part of this means that we’ll have packages for all major components that work natively on BSD. There is no more need for a SmartOS box to run the components!\u003cbr\u003e\nWhen we introduced FreeBSD support last version we marked it as an experimental feature. We needed to try out and experiment what works and what does not. Understand the way FreeBSD does things, what tools exist, and how those align with our workflow. Bottomline we were not even sure BSD support was a thing in the future.\u003cbr\u003e\nWe are happy to announce that with 0.9.3 we are now sure BSD support is a thing, and it is here to remain. That said it was good that we experimented in the last release, we did some significant changes to what we have now. When first looking at FreeBSD we went ahead and used existing tooling, namely iocage, to manage jails. It turns out the tooling around jails is not on par with what exists on illumos and especially SmartOS. The goodness of vmadm as a CLI for managing zones is just unparalleled. So we do what every (in)sane person would do!\u003cbr\u003e\nSo with 0.9.3, we did what every (in)sane person would do! We implemented a version of vmadm that would work with FreeBSD and jails and keep the same CLI. Our clone works completely stand alone; vmadm is a compiled binary, written in rust which is blazing fast! The design takes up lessons learned from both zoneadm and vmadm in illumos/SmartOS for how things work instead of trying to reinvent the wheel. Moreover, while we love giving the FreeBSD community a tool we learned to love on SmartOS this also makes things a lot easier for us. FiFo now can use the same logic on SmartOS and FreeBSD as the differences are abstracted away inside of vmadm. That said there are a few notable differences.\u003cbr\u003e\nFirst of all, vmadm uses datasets the same way it does on SmartOS. However, there is no separate imgadm tool. Instead, we encapsulate the commands under vmadm images. To make this work we also provide a dataset server with base images for FreeBSD that used the same API as SmartOS dataset servers. Second, we needed to work around some limitations in VNET to make jails capable of being fully utilized in multi-tenancy environments.\u003cbr\u003e\nNested vnet jails on freebsd While on illumos a virtual nic can be bound to an IP that can not be changed from inside the zone, VNET does not support this. Preventing tenants from messing with IP settings is crucial from a security standpoint!\u003cbr\u003e\nTo work around that each jail created by vmadm are two jails: a minimal outer jail with nothing but a VNET interface, no IP or anything and an internal one that runs the user code. This outer jail then creates an inner jail with an inherited NIC that gets a fixed IP, combining both the security of a VNET jail as well as the security of a fixed IP interface.\u003cbr\u003e\nThe nested jail layout resembles the way that SmartOS handles KVM machines, running KVM inside a zone. So in addition to working around VNET limitations, this already paves the way for bhyve nested in jails that might come in a future release. We hope to leverage the same two-step with just a different executable started in the outer jail instead of the jail command itself.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://manpages.bsd.lv/history.html\" rel=\"nofollow\"\u003eHistory of UNIX Manpages\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhere do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage source writers and readers: where were those economical two- and three-letter instructions developed? The many accounts available on the Internet lack citations and are at times inconsistent.\u003cbr\u003e\nIn this article, I reconstruct the history of the UNIX manpage based on source code, manuals, and first-hand accounts.\u003cbr\u003e\nSpecial thanks to Paul Pierce for his CTSS source archive; Bernard Nivelet for the Multics Internet Server; the UNIX Heritage Society for their research UNIX source reconstruction; Gunnar Ritter for the Heirloom Project sources; Alcatel-Lucent Bell Labs for the Plan 9 sources; BitSavers for their historical archive; and last but not least, Rudd Canaday, James Clarke, Brian Kernighan, Douglas McIlroy, Nils-Peter Nelson, Jerome Saltzer, Henry Spencer, Ken Thompson, and Tom Van Vleck for their valuable contributions.\u003c/p\u003e\n\n\u003cp\u003ePlease see the Copyright section if you plan on reproducing parts of this work.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeople:\n\n\u003cul\u003e\n\u003cli\u003eAbell, Vic\u003c/li\u003e\n\u003cli\u003eCanaday, Rudd\u003c/li\u003e\n\u003cli\u003eCapps, Dennis\u003c/li\u003e\n\u003cli\u003eClarke, James\u003c/li\u003e\n\u003cli\u003eDzonsons, Kristaps\u003c/li\u003e\n\u003cli\u003eKernighan, Brian\u003c/li\u003e\n\u003cli\u003eMadnick, Stuart\u003c/li\u003e\n\u003cli\u003eMcIlroy, Douglas\u003c/li\u003e\n\u003cli\u003eMorris, Robert\u003c/li\u003e\n\u003cli\u003eOssanna, Joseph F.\u003c/li\u003e\n\u003cli\u003eRitchie, Dennis\u003c/li\u003e\n\u003cli\u003eRitter, Gunnar\u003c/li\u003e\n\u003cli\u003eSaltzer, Jerome H.\u003c/li\u003e\n\u003cli\u003eSpencer, Henry\u003c/li\u003e\n\u003cli\u003eThompson, Ken\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcam-2017-trip-report-mathieu-arnold/\" rel=\"nofollow\"\u003eBSDCam 2017 Trip Report: Mathieu Arnold\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt seems that every time I try to go to England using the Eurostar, it gets delayed between 30 minutes and 2 hours. This year, it got my 45 minute layover down to 10 minutes. Luckily, King’s Cross is literally across the street from Saint Pancras, and I managed to get into my second train just in time.\u003cbr\u003e\nI arrived in Cambridge on Tuesday right on time for tea. A quick walk from the station got me to St Catharine’s College. This year, we were in a different building for the rooms, so I listened to the convoluted explanation the porter gave me to get to my room, I managed to get there without getting lost more than once. That evening was almost organized as we got together for dinner at the usual pub, the Maypole.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWednesday:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe weather is lovely, and it is a good thing as there is a 25-30 minute walk from the College to the Computer Laboratory where the devsummit happens. The first morning is for deciding what we are going to talk about for the rest of the week, so we all go in turn introducing ourselves and voicing about what we would like to talk about. There are a few subjects that are of interest to me, so I listen to the toolchain discussions while writing new bits for the Porter’s Handbook.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThursday:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI spent most of the day writing documentation, and talked a bit with a couple of DocEng members about joining the team as I would like to give some love to the build framework that has not been touched in a long time. At the end of the afternoon is a packaging session, we talked about the status of package in base, which is not really going anywhere right now. On the ports side, three aspects that are making good progress include, package flavors, sub packages, and migrating some base libraries to private libraries, which is a nightmare because of openssl, and kerberos, and pam. That evening, we had the formal diner at St John’s College, I love those old buildings that reminds me of Hogwarts. (I am sure there is a quidditch pitch somewhere nearby.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFriday:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast day. I continued to write documentation, while listening to a provisioning session. It would be great to have bhyve support in existing orchestration tools like vagrant, openstack, or maybe ganeti. We end the day, and the devsummit with short talks, some very interesting, some going way over my head.\u003cbr\u003e\nThe weekend is here. I spent most of Saturday strolling in some of the numerous Cambridge parks, gardens, greens, fens… and I worked on a knitting pattern in the evening. On Sunday, I ate my last full gargantuan english breakfast of the year, and then back in a train to King’s Cross, and a Eurostar (this one on time) back to Paris.\u003cbr\u003e\nI would like to thank the FreeBSD Foundation for making this trip possible for me.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2017_reports_add_code\" rel=\"nofollow\"\u003eGSoC 2017 Reports: Add SUBPACKAGES support to pkgsrc, part 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIntroduction\u003c/li\u003e\n\u003cli\u003eSUBPACKAGES (on some package systems they are known as multi-packages, but this term for pkgsrc is already used by packages that can be built against several versions (e.g. Python, PHP, Ruby packages)) consist in generating multiple binary packages from a single pkgsrc package. For example, from a pkgsrc package - local/frobnitzem - we will see how to generate three separate binary packages: frobnitzem-foo, frobnitzem-bar and frobnitzem-baz.\u003c/li\u003e\n\u003cli\u003eThis can be useful to separate several components of binary packages (and avoid to run the extract and configure phase two times!), for debugpkgs (so that all *.debug files containing debug symbols are contained in a separate -debugpkg package that can be installed only when it is needed), etc..\u003c/li\u003e\n\u003cli\u003eAn high-level look at how SUBPACKAGES support is implemented\u003c/li\u003e\n\u003cli\u003eMost of the changes needed are in mk/pkgformat/pkg/ hierarchy (previously known as mk/flavour and then renamed and generalized to other package formats during Anton Panev\u0026#39;s Google Summer of Code 2011).\u003c/li\u003e\n\u003cli\u003eThe code in mk/pkgformat/${PKG_FORMAT}/ handle the interaction of pkgsrc with the particular ${PKG_FORMAT}, e.g. for pkg populate meta-data files used by pkg_create(1), install/delete packages via pkg_add(1), and pkg_delete(1), etc.\u003c/li\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003cli\u003eIn this first part of this blog post series we have seen what are SUBPACKAGES, when and why they can be useful.\u003c/li\u003e\n\u003cli\u003eWe have then seen a practical example of them taking a very trivial package and learned how to \u0026quot;subpackage-ify\u0026quot; it.\u003c/li\u003e\n\u003cli\u003eThen we have described - from an high-level perspective - the changes needed to the pkgsrc infrastructure for the SUBPACKAGES features that we have used. If you are more interested in them please give a look to the pkgsrc debugpkg branch that contains all work done described in this blog post.\u003c/li\u003e\n\u003cli\u003eIn the next part we will see how to handle \u003cem\u003eDEPENDS and buildlink3 inclusion for subpackages.\n*\u003c/em\u003e*\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dmesgd.nycbug.org/index.cgi?do=view\u0026id=3329\" rel=\"nofollow\"\u003eFirst partial boot of FreeBSD on Power8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_new_tnf_board_of\" rel=\"nofollow\"\u003eThe new TNF Board of Directors are installed and patched for 2017.\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://osseu17.sched.com/event/BxJw/seccomp2-vs-pledge2-giovanni-bechis-snb-srl\" rel=\"nofollow\"\u003eOpen Source Summit 2017 October 23-26, 2017, Prague, Czech Republic Giovanni Bechis will give a talk about seccomp(2) vs pledge(2)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://nanxiao.me/en/my-first-patch-to-openbsd/\" rel=\"nofollow\"\u003eMy first patch to OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBrian - \u003ca href=\"http://dpaste.com/35WA42Z#wrap\" rel=\"nofollow\"\u003eOPNSense Facebook Group\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark Felder - \u003ca href=\"http://dpaste.com/0B8QH2W\" rel=\"nofollow\"\u003eZFS Health via SNMP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatt - \u003ca href=\"http://dpaste.com/1D9WTHV#wrap\" rel=\"nofollow\"\u003eCantrill Presentation\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages, and more.","date_published":"2017-10-04T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/207dad42-9da7-47e3-a6d7-4fd257905cf1.mp3","mime_type":"audio/mpeg","size_in_bytes":65043220,"duration_in_seconds":5420}]},{"id":"1e3907b4-e886-4922-ae37-e2fa5e898d3e","title":"213: The French CONnection","url":"https://www.bsdnow.tv/213","content_text":"We recap EuroBSDcon in Paris, tell the story behind a pf PR, and show you how to do screencasting with OpenBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nRecap of EuroBSDcon 2017 in Paris, France\n\n\nEuroBSDcon was held in Paris, France this year, which drew record numbers this year.\nWith over 300 attendees, it was the largest BSD event I have ever attended, and I was encouraged by the higher than expected number of first time attendees.\nThe FreeBSD Foundation held a board meeting on Wednesday afternoon with the members who were in Paris. Topics included future conferences (including a conference kit we can mail to people who want to represent FreeBSD) and planning for next year.\nThe FreeBSD Devsummit started on Thursday at the beautiful Mozilla Office in Paris. After registering and picking up our conference bag, everyone gathered for a morning coffee with lots of handshaking and greeting. We then gathered in the next room which had a podium with microphone, screens as well as tables and chairs. After developers sat down, Benedict opened the devsummit with a small quiz about France for developers to win a Mogics Power Bagel. 45 developers participated and DES won the item in the end. After introductions and collecting topics of interest from everyone, we started with the Work in Progress (WIP) session.\nThe WIP session had different people present a topic they are working on in 7 minute timeslots. Topics ranged from FreeBSD Forwarding Performance, fast booting options, and a GELI patch under review to attach multiple providers. See their slides on the FreeBSD wiki.\nAfter lunch, the FreeBSD Foundation gave a general update on staff and funding, as well as a more focused presentation about our partnership with Intel. People were interested to hear what was done so far and asked a few questions to the Intel representative Glenn Weinberg.\nAfter lunch, developers worked quietly on their own projects. The mic remained open and occasionally, people would step forward and gave a short talk without slides or motivated a discussion of common interest. The day concluded with a dinner at a nice restaurant in Paris, which allowed to continue the discussions of the day.\nThe second day of the devsummit began with a talk about the CAM-based SDIO stack by Ilya Bakulin. His work would allow access to wifi cards/modules on embedded boards like the Raspberry Pi Zero W and similar devices as many of these are using SDIO for data transfers.\nNext up was a discussion and Q\u0026amp;A session with the FreeBSD core team members who were there (missing only Benno Rice, Kris Moore, John Baldwin, and Baptiste Daroussin, the latter being busy with conference preparations). The new FCP (FreeBSD community proposals) were introduced for those who were not at BSDCan this year and the hows and whys about it. Allan and I were asked to describe our experiences as new members of core and we encouraged people to run for core when the next election happens. After a short break, Scott Long gave an overview of the work that’s been started on NUMA (Non-Uniform Memory Architecture), what the goals of the project are and who is working on it.\nBefore lunch, Christian Schwarz presented his work on zrepl, a new ZFS replication solution he developed using Go. This sparked interest in developers, a port was started and people suggested to Christian that he should submit his talk to AsiaBSDcon and BSDCan next year. Benedict had to leave before lunch was done to teach his Ansible tutorial (which was well attended) at the conference venue.\nThere were organized dinners, for those two nights, quite a feat of organization to fit over 100 people into a restaurant and serve them quickly.\nOn Saturday, there was a social event, a river cruise down the Seine. This took the form of a ‘standing’ dinner, with a wide selection of appetizer type dishes, designed to get people to walk around and converse with many different people, rather than sit at a table with the same 6-8 people. I talked to a much larger group of people than I had managed to at the other dinners.\nI like having both dinner formats.\nWe would also like to thank all of the BSDNow viewers who attended the conference and made the point of introducing themselves to us. It was nice to meet you all.\nThe recordings of the live video stream from the conference are available immediately, so you can watch the raw versions of the talks now:\nAuditorium\n\n\nKeynote 1: Software Development in the Age of Heroes by Thomas Pornin\nTuning FreeBSD for routing and firewalling by Olivier Cochard-Labbé\nMy BSD sucks less than yours, Act I by Antoine Jacoutot and Baptiste Daroussin\nMy BSD sucks less than yours, Act II by Antoine Jacoutot and Baptiste Daroussin\nReproducible builds on NetBSD by Christos Zoulas\nYour scheduler is not the problem by Martin Pieuchot\nKeynote 2: A French story on cybercrime by Éric Freyssinet\nCase studies of sandboxing base system with Capsicum by Mariusz Zaborski\nOpenBSD’s small steps towards DTrace (a tale about DDB and CTF) by Jasper Lievisse Adriaanse\nThe Realities of DTrace on FreeBSD by George Neville-Neil\nOpenSMTPD, current state of affairs by Gilles Chehade\nHoisting: lessons learned integrating pledge into 500 programs by Theo de Raadt\nKeynote 3: System Performance Analysis Methodologies by Brendan Gregg\nClosing Session\n\nKarnak\n\n\n“Is it done yet ?” The never ending story of pkg tools by Marc Espie\nA Tale of six motherboards, three BSDs and coreboot by Piotr Kubaj and Katarzyna Kubaj\nState of the DragonFly’s graphics stack by François Tigeot\nFrom NanoBSD to ZFS and Jails – FreeBSD as a Hosting Platform, Revisited by Patrick M. Hausen\nBacula – nobody ever regretted making a backup by Dan Langille\nNever Lose a Syslog Message by Alexander Bluhm\nRunning CloudABI applications on a FreeBSD-based Kubernetes cluster by Ed Schouten\nThe OpenBSD web stack by Michael W. Lucas\nThe LLDB Debugger on NetBSD by Kamil Rytarowski\nWhat’s in store for NetBSD 8.0? by Alistair Crooks\n\nLouxor\n\n\nA Modern Replacement for BSD spell(1) by Abhinav Upadhyay\nPortable Hotplugging: NetBSD’s uvm_hotplug(9) API development by Cherry G. Mathew\nHardening pkgsrc by Pierre Pronchery\nDiscovering OpenBSD on AWS by Laurent Bernaille\nOpenBSD Testing Infrastructure Behind bluhm.genua.de by Jan Klemkow\nThe school of hard knocks – PT1 by Sevan Janiyan\n7 years of maintaining firefox, and still looking ahead by Landry Breuil\nBranch VPN solution based on OpenBSD, OSPF, RDomains and Ansible by Remi Locherer\nRunning BSD on AWS by Julien Simon and Nicolas David\nGetting started with OpenBSD device driver development by Stefan Sperling\n\nA huge thanks to the organizers, program committee, and sponsors of EuroBSDCon. Next year, EuroBSDcon will be in Bucharest, Romania.\n***\n\n\nThe story of PR 219251\n\n\nThe actual story I wanted Kristof to tell, the pf bug he fixed at the Essen Hackathon earlier this summer.\n\n\n\nAs I threatened to do in my previous post, I'm going to talk about PR 219251 for a bit. The bug report dates from only a few months ago, but the first report (that I can remeber) actually came from Shawn Webb on Twitter, of all places\nDespite there being a stacktrace it took quite a while (nearly 6 months in fact) before I figured this one out.\nIt took Reshad Patuck managing to distill the problem down to a small-ish test script to make real progress on this. His testcase meant that I could get core dumps and experiment. It also provided valuable clues because it could be tweaked to see what elements were required to trigger the panic.\nThis test script starts a (vnet) jail, adds an epair interface to it, sets up pf in the jail, and then reloads the pf rules on the host. Interestingly the panic does not seem to occur if that last step is not included.\n\n\n\nObviously not the desired behaviour, but it seems strange. The instances of pf in the jails are supposed to be separate.\n\n\n\nWe try to fetch a counter value here, but instead we dereference a bad pointer. There's two here, so already we need more information. Inspection of the core dump reveals that the state pointer is valid, and contains sane information. The rule pointer (rule.ptr) points to a sensible location, but the data is mostly 0xdeadc0de. This is the memory allocator being helpful (in debug mode) and writing garbage over freed memory, to make use-after-free bugs like this one easier to find.\nIn other words: the rule has been free()d while there was still a state pointing to it. Somehow we have a state (describing a connection pf knows about) which points to a rule which no longer exists. The core dump also shows that the problem always occurs with states and rules in the default vnet (i.e. the host pf instance), not one of the pf instances in one of the vnet jails. That matches with the observation that the test script does not trigger the panic unless we also reload the rules on the host.\nGreat, we know what's wrong, but now we need to work out how we can get into this state. At this point we're going to have to learn something about how rules and states get cleaned up in pf. Don't worry if you had no idea, because before this bug I didn't either.\nThe states keep a pointer to the rule they match, so when rules are changed (or removed) we can't just delete them. States get cleaned up when connections are closed or they time out. This means we have to keep old rules around until the states that use them expire.\n When rules are removed pf_unlink_rule() adds then to the V_pf_unlinked_rules list (more on that funny V_ prefix later). From time to time the pf purge thread will run over all states and mark the rules that are used by a state. Once that's done for all states we know that all rules that are not marked as in-use can be removed (because none of the states use it). That can be a lot of work if we've got a lot of states, so pf_purge_thread() breaks that up into smaller chuncks, iterating only part of the state table on every run.\nWe iterate over all of our virtual pf instances (VNET_FOREACH()), check if it's active (for FreeBSD-EN-17.08, where we've seen this code before) and then check the expired states with pf_purge_expired_states(). We start at state 'idx' and only process a certain number (determined by the PFTM_INTERVAL setting) states. The pf_purge_expired_states() function returns a new idx value to tell us how far we got.\nSo, remember when I mentioned the odd V_ prefix? Those are per-vnet variables. They work a bit like thread-local variables. Each vnet (virtual network stack) keeps its state separate from the others, and the V_ variables use a pointer that's changed whenever we change the currently active vnet (say with CURVNET_SET() or CURVNET_RESTORE()). That's tracked in the 'curvnet' variable. In other words: there are as many V_pf_vnet_active variables as there are vnets: number of vnet jails plus one (for the host system).\nWhy is that relevant here? Note that idx is not a per-vnet variable, but we handle multiple pf instances here. We run through all of them in fact. That means that we end up checking the first X states in the first vnet, then check the second X states in the second vnet, the third X states in the third and so on and so on.\nThat of course means that we think we've run through all of the states in a vnet while we really only checked some of them. So when pf_purge_unlinked_rules() runs it can end up free()ing rules that actually are still in use because pf_purge_thread() skipped over the state(s) that actually used the rule. The problem only happened if we reloaded rules in the host, because the active ruleset is never free()d, even if there are no states pointing to the rule.\nThat explains the panic, and the fix is actually quite straightforward: idx needs to be a per-vnet variable, V_pf_purge_idx, and then the problem is gone. As is often the case, the solution to a fairly hard problem turns out to be really simple.\n\n\n\nAs you might expect, finding the problem takes a lot more work that fixing it\nThanks to Kristof for writing up this detailed post explaining how the problem was found, and what caused it.\n***\n\n\nvBSDcon 2017: BSD at Work\n\n\nThe third biennial vBSDcon hosted by Verisign took place September 7th through 9th with the FreeBSD Developer Summit taking place the first day. vBSDcon and iXsystems’ MeetBSD event have been alternating between the East and West coasts of the U.S.A. and these two events play vital roles in reaching Washington, DC-area and Bay Area/Silicon Valley audiences. Where MeetBSD serves many BSD Vendors, vBSDcon attracts a unique government and security industry demographic that isn’t found anywhere else. Conference time and travel budgets are always limited and bringing these events to their attendees is a much-appreciated service provided by their hosts.\nThe vBSDcon FreeBSD DevSummit had a strong focus on OpenZFS, the build system and networking with the FreeBSD 12 wish list of features in mind. How to best incorporate the steady flow of new OpenZFS features into FreeBSD such as dataset-level encryption was of particular interest. This feature from a GNU/Linux-based storage vendor is tribute to the growth of the OpenZFS community which is vital in light of the recent “Death of Solaris and ZFS” at Oracle. There has never been more demand for OpenZFS on FreeBSD and the Oracle news further confirms our collective responsibility to meet that demand.\nThe official conference opened with my talk on “Isolated BSD Build Environments” in which I explained how the bhyve hypervisor can be used to effortlessly tour FreeBSD 5.0-onward and build specific source releases on demand to trace regressions to their offending commit. I was followed by a FreeNAS user who made the good point that FreeNAS is an exemplary “entry vector” into Unix and Enterprise Storage fundamentals, given that many of the vectors our generation had are gone. Where many of us discovered Unix and the Internet via console terminals at school or work, smart phones are only delivering the Internet without the Unix. With some irony, both iOS and Android are Unix-based yet offer few opportunities for their users to learn and leverage their Unix environments.\nThe next two talks were The History and Future of Core Dumps in FreeBSD by Sam Gwydir and Using pkgsrc for multi-platform deployments in heterogeneous environments by G. Clifford Williams. I strongly recommend that anyone wanting to speak at AsiaBSDCon read Sam’s accompanying paper on core dumps because I consider it the perfect AsiaBSDCon topic and his execution is excellent. Core dumps are one of those things you rarely think about until they are a DROP EVERYTHING! priority. G. Clifford’s talk was about what I consider a near-perfect BSD project: pkgsrc, the portable BSD package manager. I put it up there with OpenSSH and mandoc as projects that have provided significant value to other Open Source operating systems. G. Clifford’s real-world experiences are perfectly inline with vBSDcon’s goal to be more production-oriented than other BSDCons.\nOf the other talks, any and all Dtrace talks are always appreciated and George Neville-Neil’s did not disappoint. He based it on his experiences with the Teach BSD project which is bringing FreeBSD-based computer science education to schools around the world. The security-related talks by John-Mark Gurney, Dean Freeman and Michael Shirk also represented vBSDcon’s consideration of the local community and made a convincing point that the BSDs should make concerted efforts to qualify for Common Criteria, FIPS, and other Government security requirements. While some security experts will scoff at these, they are critical to the adoption of BSD-based products by government agencies.\nBSD Now hosts Allan Jude and Benedict Reuschling hosted an OpenZFS BoF and Ansible talk respectively and I hosted a bhyve hypervisor BoF. The Hallway Track and food at vBSDcon were excellent and both culminated with an after-dinner dramatic reading of Michael W. Lucas’ latest book that raised money for the FreeBSD Foundation. A great time was had by all and it was wonderful to see everyone!\n\n\n\n\nNews Roundup\n\nFreeBSD 10.4-RC2 Available\n\n\nFreeBSD 10.4 will be released soon, this is the last chance to find bugs before the official release is cut.\nNoteworthy Changes Since 10.4-RC1:\n\n\nGiven that the amd64 disc1 image was overflowing, more of the base components installed into the disc1 (live) file systems had to be disabled.  Most notably, this removed the compiler toolchain from the disc1 images.  All disabled tools are still available with the dvd1 images, though.\nThe aesni(4) driver now no longer shares a single FPU context across multiple sessions in multiple threads, addressing problems seen when employing aesni(4) for ipsec(4).\nSupport for netmap(4) by the ixgbe(4) driver has been brought into line with the netmap(4) API present in stable/10.  Also, ixgbe(4) now correctly handles VFs in its netmap(4) support again instead of treating these as PFs.\nDuring the creation of amd64 and i386 VM images, etcupdate(8) and mergemaster(8) databases now are bootstrapped, akin to what happens along the extraction of base.txz as part of a new installation via bsdinstall(8).  This change allows for both of these tools to work out-of-box on the VM images and avoids errors seen when upgrading these images via freebsd-update(8).\n\nIf you are still on the stable/10 branch, you should test upgrading to 10.4, and make sure there are no problems with your workload\nAdditional testing specifically of the features that have changed since 10.4-BETA1 would also be most helpful\nThis will be the last release from the stable/10 branch\n***\n\n\nOpenBSD changes of note 628\n\n\nEuroBSDCon in two weeks. Be sure to attend early and often.\n\n\n\nMany and various documentation improvements for libcrypto. New man pages, rewrites, expanded bugs sections, and more.\nOnly allow upward migration in vmd.\n\n\n\nThere’s a README for the syspatch build system if you want to run your own.\n\n\n\nMove the kernel relinking code from /etc/rc into a seperate script usable by syspatch. Kernel patches can now be reduced to just the necessary files.\nMake the callers of sogetopt() responsible for allocating memory. Now allocation and free occur in the same place.\nUse waitpid() instead of wait() in most programs to avoid accidentally collecting the wrong child.\nHave cu call isatty() before making assumptions.\nSwitch mandoc rendering of mathematical symbols and greek letters from trying to imitate the characters’ graphical shapes, which resulted in unintelligible renderings in many cases, to transliterations conveying the characters’ meanings.\nUpdate libexpat to 2.2.4. Fix copying partial UTF-8 characters.\n\n\n\nSigh, here we go again. \n\n\n\nWork around bug in F5’s handling of the supported elliptic curves extension. RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is sending it in ServerHello. We need to skip over it since our TLS extension parsing code is now more strict.\nAfter a first install, run syspatch -c to check for patches.\nIf SMAP is present, clear PSL_AC on kernel entry and interrupt so that only the code in copy{in,out}* that need it run with it set. Panic if it’s set on entry to trap() or syscall(). Prompted by Maxime Villard’s NetBSD work. Errata.\nNew drivers for arm: rktemp, mvpinctrl, mvmpic, mvneta, mvmdio, mvpxa, rkiic, rkpmic.\nNo need to exec rm from within mandoc. We know there’s exactly one file and directory to remove. Similarly with running cmp.\nRevert to Mesa 13.0.6 to hopefully address rendering issues a handful of people have reported with xpdf/fvwm on ivy bridge with modesetting driver.\nRewrite ALPN extension using CBB/CBS and the new extension framework. Rewrite SRTP extension using CBB/CBS and the new extension framework.\nRevisit 2q queue sizes. Limit the hot queue to 1/20th the cache size up to a max of 4096 pages. Limit the warm and cold queues to half the cache. This allows us to more effectively notice re-interest in buffers instead of losing it in a large hot queue.\nAdd glass console support for arm64. Probably not yet for your machine, though.\nReplace heaps of hand-written syscall stubs in ld.so with a simpler framework.\n65535 is a valid port to listen on.\nWhen xinit starts an X server that listens only on UNIX socket, prefer DISPLAY=unix:0 rather than DISPLAY=:0. This will prevent applications from ever falling back to TCP if the UNIX socket connection fails (such as when the X server crashes). Reverted.\nAdd -z and -Z options to apmd to auto suspend or hibernate when low on battery.\nRemove the original (pre-IETF) chacha20-poly1305 cipher suites.\nAdd urng(4) which supports various USB RNG devices. Instead of adding one driver per device, start bundling them into a single driver.\nRemove old deactivated pledge path code. A replacement mechanism is being brewed.\nFix a bug from the extension parsing rewrite. Always parse ALPN even if no callback has been installed to prevent leaving unprocessed data which leads to a decode error.\nClarify what is meant by syslog priorities being ordered, since the numbers and priorities are backwards.\nRemove a stray setlocale() from ksh, eliminating a lot of extra statically linked code.\nUnremove some NPN symbols from libssl because ports software thinks they should be there for reasons.\nFix saved stack location after resume. Somehow clang changed it. Resume works again on i386.\nImprove error messages in vmd and vmctl to be more informative.\nStop building the miniroot installer for OMAP3 Beagleboards. It hasn’t worked in over a year and nobody noticed.\nHave the callers of sosetopt() free the mbuf for symmetry.\nOn octeon, let the kernel use the hardware FPU even if emulation is compiled in. It’s faster.\nFix support for 486DX CPUs by not calling cpuid. I used to own a 486. Now I don’t.\nMerge some drm fixes from linux.\nDefer probing of floppy drives, eliminating delays during boot.\nBetter handling of probes and beacons and timeouts and scans in wifi stack to avoid disconnects.\nMove mutex, condvar, and thread-specific data routes, pthread_once, and pthread_exit from libpthread to libc, along with low-level bits to support them. Let’s thread aware (but not actually threaded) code work with just libc.\nNew POSIX xlocale implementation. Complete as long as you only use ASCII and UTF-8, as you should.\nRound and round it goes; when 6.2 stops, nobody knows. A peak at the future?\n***\n\n\nScreencasting with OpenBSD\n\n\nUSB Audio\n\n\n\nAny USB microphone should appear as a new audio device. Here is the dmesg for my mic by ART:\n\n\n\nuaudio0 at uhub0 port 2 configuration 1 interface 0 \"M-One USB\" rev 1.10/0.01 addr 2\nuaudio0: audio rev 1.00, 8 mixer controls\naudio1 at uaudio0\n\n\n\naudioctl can read off all of the specific characterisitcs of this device\n\n\n\n$ audioctl -f /dev/audio1 | grep record\nmode=play,record\nrecord.rate=48000\nrecord.channels=1\nrecord.precision=16\nrecord.bps=2\nrecord.msb=1\nrecord.encoding=slinear_le\nrecord.pause=0\nrecord.active=0\nrecord.block_size=1960\nrecord.bytes=0\nrecord.errors=0\n\n\n\nNow test the recording from the second audio device using aucat(1)\n\n\n\naucat -f rsnd/1 -o file.wav\n\n\n\nIf the device also has a headset audio can be played through the same device.\n\n\n\naucat -f rsnd/1 -i file.wav\n\n\n\nScreen Capture using Xvfb\n\n\n\nThe rate at which a framebuffer for your video card is a feature of the hardware and software your using, and it's often very slow. x11vnc will print an estimate of the banwidth for the system your running.\n\n\n\nx11vnc\n...\n09/05/2012 22:23:45 fb read rate: 7 MB/sec\n\n\n\nThis is about 4fps. We can do much better by using a virtual framebuffer. Here I'm setting up a new screen, setting the background color, starting cwm and an instance of xterm\n\n\n\nXvfb :1 -screen 0 720x540x16 \u0026amp;\nDISPLAY=:1 xsetroot -solid steelblue \u0026amp;\nDISPLAY=:1 cwm \u0026amp;\nDISPLAY=:1 xterm +sb -fa Hermit -fs 14 \u0026amp;\n\n\n\nMuch better! Now we're up around 20fps.\n\n\n\nx11vnc -display :1  \u0026amp;\n...\n11/05/2012 18:04:07 fb read rate: 168 MB/sec\n\n\n\nMake a connection to this virtual screen using raw encoding to eliminate time wasted on compression.\n\n\n\nvncviewer localhost -encodings raw\n\n\n\nA test recording with sound then looks like this\n\n\n\nffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 ~/out.avi\n\n\n\nNote: always stop the recording and playback using q, not Ctrl-C so that audio inputs are shut down properly.\n\n\n\nScreen Capture using Xephyr\n\n\n\nXephyr is perhaps the easiest way to run X with a shadow framebuffer. This solution also avoids reading from the video card's RAM, so it's reasonably fast.\n\n\n\nXephyr -ac -br -noreset -screen 800x600 :1 \u0026amp;\nDISPLAY=:1 xsetroot -solid steelblue \u0026amp;\nDISPLAY=:1 cwm \u0026amp;\nDISPLAY=:1 xrdb -load ~/.Xdefaults \u0026amp;\nDISPLAY=:1 xterm +sb -fa \"Hermit\" -fs 14 \u0026amp;\n\n\n\nCapture works in exactally the same way. This command tries to maintain 12fps.\n\n\n\nffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 -acodec copy ~/out.avi\nTo capture keyboard and mouse input press Ctrl then Shift. This is very handy for using navigating a window manager in the nested X session.\n\n\n\nArranging Windows\n\n\n\nI have sometimes found it helpful to launch applications and arrange them in a specific way. This will open up a web browser listing the current directory and position windows using xdotool\n\n\n\nDISPLAY=:1 midori \"file:///pwd\" \u0026amp;\nsleep 2\nDISPLAY=:1 xdotool search --name \"xterm\" windowmove 0 0\nDISPLAY=:1 xdotool search --class \"midori\" windowmove 400 0\nDISPLAY=:1 xdotool search --class \"midori\" windowsize 400 576\n\n\n\nThis will position the window precisely so that it appears to be in a tmux window on the right.\n\n\n\nAudio/Video Sync\n\n\n\nIf you find that the audio is way out of sync with the video, you can ajust the start using the -ss before the audio input to specify the number of seconds to delay. My final recording command line, that delays the audio by 0.5 seconds, writing 12fps\n\n\n\nffmpeg -ss 0.5 -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1  -acodec copy ~/out.avi\n\n\n\nSharing a Terminal with tmux\n\n\n\nIf you're trying to record a terminal session, tmux is able to share a session. In this way a recording of an X framebuffer can be taken without even using the screen. Start by creating the session.\n\n\n\ntmux -2 -S /tmp/tmux0\n\n\n\nThen on the remote side connect on the same socket\n\n\n\ntmux -2 -S /tmp/tmux0 attach\n\n\n\nTaking Screenshots\n\n\n\nGrabbing a screenshots on Xvfb server is easily accomplished with ImageMagick's import command\n\n\n\nDISPLAY=:1 import -window root screenshot.png\n\n\n\nAudio Processing and Video Transcoding\n\n\n\nThe first step is to ensure that the clip begins and ends where you'd like it to. The following will make a copy of the recording starting at time 00:00 and ending at 09:45\n\n\n\nffmpeg -i interactive-sql.avi \\\n    -vcodec copy -acodec copy\n    -ss 00:00:00 -t 00:09:45\n    interactive-sql-trimmed.avi\nmv interactive-sql-trimmed.avi interactive-sql.avi\n\n\n\nSetting the gain correctly is very important with an analog mixer, but if you're using a USB mic there may not be a gain option; simply record using it's built-in settings and then adjust the levels afterwards using a utility such as normalize. First extact the audio as a raw PCM file and then run normalize\n\n\n\nffmpeg -i interactive-sql.avi -c:a copy -vn audio.wav\nnormalize audio.wav\n\n\n\nNext merge the audio back in again\n\n\n\nffmpeg -i interactive-sql.avi -i audio.wav \\\n    -map 0:0 -map 1:0 -c copy interactive-sql-normalized.avi\n\n\n\nThe final step is to compress the screencast for distribution. Encoding to VP8/Vorbis is easy:\n\n\n\nffmpeg -i interactive-sql-normalized.avi -c:v libvpx -b:v 1M\n    -c:a libvorbis -q:a 6 interactive-sql.webm\n\n\n\nH.264/AAC is tricky. For most video players the color space needs to be set to yuv420p. The -movflags puts the index data at the beginning of the file to enable streaming/partial content requests over HTTP:\n\n\n\nffmpeg -y -i interactive-sql-normalized.avi -c:v libx264 \\\n    -preset slow -crf 14 -pix_fmt yuv420p -movflags +faststart \\\n    -c:a aac -q:a 6 interactive-sql.mp4\n\n\n\n\nTrueOS @ Ohio Linuxfest ’17!\n\n\nDru Lavigne and Ken Moore are both giving presentations on Saturday the 30th. Sit in and hear about new developments for the Lumina and FreeNAS projects.\nKen is offering Lumina Rising: Challenging Desktop Orthodoxy at 10:15 am in Franklin A. Hear his thoughts about the ideas propelling desktop environment development and how Lumina, especially Lumina 2, is seeking to offer a new model of desktop architecture. Elements discussed include session security, application dependencies, message handling, and operating system integration.\nDru is talking about What’s New in FreeNAS 11 at 2:00 pm in Franklin D. She’ll be providing an overview of some of the new features added in FreeNAS 11.0, including:\n\n\nAlert Services\nStarting specific services at boot time\nAD Monitoring to ensure the AD service restarts if disconnected\nA preview of the new user interface\nsupport for S3-compatible storage and the bhyve hypervisor\n\nShe’s also giving a sneak peek of FreeNAS 11.1, which has some neat features:\n\n\nA complete rewrite of the Jails/Plugins system as FreeNAS moves from warden to iocage\nWriting new plugins with just a few lines of code\nA brand new asynchronous middleware API \n\nWho’s going? Attending this year are:\n\n\nDru Lavigne (dlavigne): Dru leads the technical documentation team at iX, and contributes heavily to open source documentation projects like FreeBSD, FreeNAS, and TrueOS.\nKen Moore (beanpole134): Ken is the lead developer of Lumina and a core contributor to TrueOS. He also works on a number of other Qt5 projects for iXsystems.\nJ.T. Pennington (q5sys): Some of you may be familiar with his work on BSDNow, but J.T. also contributes to the TrueOS, Lumina, and SysAdm projects, helping out with development and general bug squashing.\n***\n\n\n\nBeastie Bits\n\n\nLumina Development Preview: Theme Engine\nIt's happening! Official retro Thinkpad lappy spotted in the wild\nLLVM libFuzzer and SafeStack ported to NetBSD\nRemaining 2017 FreeBSD Events\n***\n\n\nFeedback/Questions\n\n\nAndrew - BSD Teaching Material\nSeth - Switching to Tarsnap after Crashplan becomes no more\nThomas - Native encryption in ZFS\nCoding Cowboy - Coding Cowboy - Passwords and clipboards\n***\n","content_html":"\u003cp\u003eWe recap EuroBSDcon in Paris, tell the story behind a pf PR, and show you how to do screencasting with OpenBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2017.eurobsdcon.org\" rel=\"nofollow\"\u003eRecap of EuroBSDcon 2017 in Paris, France\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEuroBSDcon was held in Paris, France this year, which drew record numbers this year.\u003c/li\u003e\n\u003cli\u003eWith over 300 attendees, it was the largest BSD event I have ever attended, and I was encouraged by the higher than expected number of first time attendees.\u003c/li\u003e\n\u003cli\u003eThe FreeBSD Foundation held a board meeting on Wednesday afternoon with the members who were in Paris. Topics included future conferences (including a conference kit we can mail to people who want to represent FreeBSD) and planning for next year.\u003c/li\u003e\n\u003cli\u003eThe FreeBSD Devsummit started on Thursday at the beautiful Mozilla Office in Paris. After registering and picking up our conference bag, everyone gathered for a morning coffee with lots of handshaking and greeting. We then gathered in the next room which had a podium with microphone, screens as well as tables and chairs. After developers sat down, Benedict opened the devsummit with a small quiz about France for developers to win a \u003ca href=\"https://www.mogics.com/?page_id=3824\" rel=\"nofollow\"\u003eMogics Power Bagel\u003c/a\u003e. 45 developers participated and DES won the item in the end. After introductions and collecting topics of interest from everyone, we started with the Work in Progress (WIP) session.\u003c/li\u003e\n\u003cli\u003eThe WIP session had different people present a topic they are working on in 7 minute timeslots. Topics ranged from FreeBSD Forwarding Performance, fast booting options, and a GELI patch under review to attach multiple providers. See their \u003ca href=\"https://wiki.freebsd.org/DevSummit/201709\" rel=\"nofollow\"\u003eslides on the FreeBSD wiki\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAfter lunch, the FreeBSD Foundation gave a general update on staff and funding, as well as a more focused presentation about our partnership with Intel. People were interested to hear what was done so far and asked a few questions to the Intel representative Glenn Weinberg.\u003c/li\u003e\n\u003cli\u003eAfter lunch, developers worked quietly on their own projects. The mic remained open and occasionally, people would step forward and gave a short talk without slides or motivated a discussion of common interest. The day concluded with a dinner at a nice restaurant in Paris, which allowed to continue the discussions of the day.\u003c/li\u003e\n\u003cli\u003eThe second day of the devsummit began with a talk about the CAM-based SDIO stack by Ilya Bakulin. His work would allow access to wifi cards/modules on embedded boards like the Raspberry Pi Zero W and similar devices as many of these are using SDIO for data transfers.\u003c/li\u003e\n\u003cli\u003eNext up was a discussion and Q\u0026amp;A session with the FreeBSD core team members who were there (missing only Benno Rice, Kris Moore, John Baldwin, and Baptiste Daroussin, the latter being busy with conference preparations). The new FCP (FreeBSD community proposals) were introduced for those who were not at BSDCan this year and the hows and whys about it. Allan and I were asked to describe our experiences as new members of core and we encouraged people to run for core when the next election happens. After a short break, Scott Long gave an overview of the work that’s been started on NUMA (Non-Uniform Memory Architecture), what the goals of the project are and who is working on it.\u003c/li\u003e\n\u003cli\u003eBefore lunch, Christian Schwarz presented his work on zrepl, a new ZFS replication solution he developed using Go. This sparked interest in developers, \u003ca href=\"https://reviews.freebsd.org/D12462\" rel=\"nofollow\"\u003ea port was started\u003c/a\u003e and people suggested to Christian that he should submit his talk to AsiaBSDcon and BSDCan next year. Benedict had to leave before lunch was done to teach his Ansible tutorial (which was well attended) at the conference venue.\u003c/li\u003e\n\u003cli\u003eThere were organized dinners, for those two nights, quite a feat of organization to fit over 100 people into a restaurant and serve them quickly.\u003c/li\u003e\n\u003cli\u003eOn Saturday, there was a social event, a river cruise down the Seine. This took the form of a ‘standing’ dinner, with a wide selection of appetizer type dishes, designed to get people to walk around and converse with many different people, rather than sit at a table with the same 6-8 people. I talked to a much larger group of people than I had managed to at the other dinners.\u003c/li\u003e\n\u003cli\u003eI like having both dinner formats.\u003c/li\u003e\n\u003cli\u003eWe would also like to thank all of the BSDNow viewers who attended the conference and made the point of introducing themselves to us. It was nice to meet you all.\u003c/li\u003e\n\u003cli\u003eThe recordings of the live video stream from the conference are available immediately, so you can watch the raw versions of the talks now:\u003c/li\u003e\n\u003cli\u003eAuditorium\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/4iR8g9-39LM?t=179\" rel=\"nofollow\"\u003eKeynote 1: Software Development in the Age of Heroes\u003c/a\u003e by \u003ca href=\"https://twitter.com/BearSSLnews\" rel=\"nofollow\"\u003eThomas Pornin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/4iR8g9-39LM?t=1660\" rel=\"nofollow\"\u003eTuning FreeBSD for routing and firewalling\u003c/a\u003e by \u003ca href=\"https://twitter.com/ocochardlabbe\" rel=\"nofollow\"\u003eOlivier Cochard-Labbé\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/4iR8g9-39LM?t=7040\" rel=\"nofollow\"\u003eMy BSD sucks less than yours, Act I\u003c/a\u003e by \u003ca href=\"https://twitter.com/ajacoutot\" rel=\"nofollow\"\u003eAntoine Jacoutot\u003c/a\u003e and \u003ca href=\"https://twitter.com/_bapt_\" rel=\"nofollow\"\u003eBaptiste Daroussin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/4iR8g9-39LM?t=14254\" rel=\"nofollow\"\u003eMy BSD sucks less than yours, Act II\u003c/a\u003e by \u003ca href=\"https://twitter.com/ajacoutot\" rel=\"nofollow\"\u003eAntoine Jacoutot\u003c/a\u003e and \u003ca href=\"https://twitter.com/_bapt_\" rel=\"nofollow\"\u003eBaptiste Daroussin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/4iR8g9-39LM?t=23351\" rel=\"nofollow\"\u003eReproducible builds on NetBSD\u003c/a\u003e by Christos Zoulas\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/4iR8g9-39LM?t=26845\" rel=\"nofollow\"\u003eYour scheduler is not the problem\u003c/a\u003e by Martin Pieuchot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/4iR8g9-39LM?t=30540\" rel=\"nofollow\"\u003eKeynote 2: A French story on cybercrime\u003c/a\u003e by \u003ca href=\"https://twitter.com/ericfreyss\" rel=\"nofollow\"\u003eÉric Freyssinet\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jqdHYEH_BQY?t=731\" rel=\"nofollow\"\u003eCase studies of sandboxing base system with Capsicum\u003c/a\u003e by \u003ca href=\"https://twitter.com/oshogbovx\" rel=\"nofollow\"\u003eMariusz Zaborski\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jqdHYEH_BQY?t=6030\" rel=\"nofollow\"\u003eOpenBSD’s small steps towards DTrace (a tale about DDB and CTF)\u003c/a\u003e by Jasper Lievisse Adriaanse\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jqdHYEH_BQY?t=13096\" rel=\"nofollow\"\u003eThe Realities of DTrace on FreeBSD\u003c/a\u003e by \u003ca href=\"https://twitter.com/gvnn3\" rel=\"nofollow\"\u003eGeorge Neville-Neil\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jqdHYEH_BQY?t=16818\" rel=\"nofollow\"\u003eOpenSMTPD, current state of affairs\u003c/a\u003e by \u003ca href=\"https://twitter.com/PoolpOrg\" rel=\"nofollow\"\u003eGilles Chehade\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jqdHYEH_BQY?t=21764\" rel=\"nofollow\"\u003eHoisting: lessons learned integrating pledge into 500 programs\u003c/a\u003e by Theo de Raadt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jqdHYEH_BQY?t=25463\" rel=\"nofollow\"\u003eKeynote 3: System Performance Analysis Methodologies\u003c/a\u003e by \u003ca href=\"https://twitter.com/brendangregg\" rel=\"nofollow\"\u003eBrendan Gregg\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/jqdHYEH_BQY?t=29355\" rel=\"nofollow\"\u003eClosing Session\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eKarnak\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/1hjzleqGRYk?t=71\" rel=\"nofollow\"\u003e“Is it done yet ?” The never ending story of pkg tools\u003c/a\u003e by \u003ca href=\"https://twitter.com/espie_openbsd\" rel=\"nofollow\"\u003eMarc Espie\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/1hjzleqGRYk?t=7498\" rel=\"nofollow\"\u003eA Tale of six motherboards, three BSDs and coreboot\u003c/a\u003e by Piotr Kubaj and Katarzyna Kubaj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/1hjzleqGRYk?t=11475\" rel=\"nofollow\"\u003eState of the DragonFly’s graphics stack\u003c/a\u003e by François Tigeot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/1hjzleqGRYk?t=16227\" rel=\"nofollow\"\u003eFrom NanoBSD to ZFS and Jails – FreeBSD as a Hosting Platform, Revisited\u003c/a\u003e by Patrick M. Hausen\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/1hjzleqGRYk?t=20069\" rel=\"nofollow\"\u003eBacula – nobody ever regretted making a backup\u003c/a\u003e by \u003ca href=\"https://twitter.com/DLangille\" rel=\"nofollow\"\u003eDan Langille\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/qX0BS4P65cQ?t=325\" rel=\"nofollow\"\u003eNever Lose a Syslog Message\u003c/a\u003e by Alexander Bluhm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/qX0BS4P65cQ?t=5647\" rel=\"nofollow\"\u003eRunning CloudABI applications on a FreeBSD-based Kubernetes cluster\u003c/a\u003e by \u003ca href=\"https://twitter.com/EdSchouten\" rel=\"nofollow\"\u003eEd Schouten\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/qX0BS4P65cQ?t=13255\" rel=\"nofollow\"\u003eThe OpenBSD web stack\u003c/a\u003e by \u003ca href=\"https://twitter.com/mwlauthor\" rel=\"nofollow\"\u003eMichael W. Lucas\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/qX0BS4P65cQ?t=16835\" rel=\"nofollow\"\u003eThe LLDB Debugger on NetBSD\u003c/a\u003e by Kamil Rytarowski\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/qX0BS4P65cQ?t=21583\" rel=\"nofollow\"\u003eWhat’s in store for NetBSD 8.0?\u003c/a\u003e by Alistair Crooks\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLouxor\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/6Nen6a1Xl7I?t=156\" rel=\"nofollow\"\u003eA Modern Replacement for BSD spell(1)\u003c/a\u003e by \u003ca href=\"https://twitter.com/abhi9u\" rel=\"nofollow\"\u003eAbhinav Upadhyay\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/6Nen6a1Xl7I?t=5874\" rel=\"nofollow\"\u003ePortable Hotplugging: NetBSD’s uvm_hotplug(9) API development\u003c/a\u003e by Cherry G. Mathew\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/6Nen6a1Xl7I?t=9343\" rel=\"nofollow\"\u003eHardening pkgsrc\u003c/a\u003e by \u003ca href=\"https://twitter.com/khorben\" rel=\"nofollow\"\u003ePierre Pronchery\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/6Nen6a1Xl7I?t=14874\" rel=\"nofollow\"\u003eDiscovering OpenBSD on AWS\u003c/a\u003e by \u003ca href=\"https://twitter.com/lbernail\" rel=\"nofollow\"\u003eLaurent Bernaille\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/6Nen6a1Xl7I?t=18639\" rel=\"nofollow\"\u003eOpenBSD Testing Infrastructure Behind bluhm.genua.de\u003c/a\u003e by Jan Klemkow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/8wuW8lfsVGc?t=276\" rel=\"nofollow\"\u003eThe school of hard knocks – PT1\u003c/a\u003e by \u003ca href=\"https://twitter.com/sevanjaniyan\" rel=\"nofollow\"\u003eSevan Janiyan\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/8wuW8lfsVGc?t=5321\" rel=\"nofollow\"\u003e7 years of maintaining firefox, and still looking ahead\u003c/a\u003e by Landry Breuil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/8wuW8lfsVGc?t=12385\" rel=\"nofollow\"\u003eBranch VPN solution based on OpenBSD, OSPF, RDomains and Ansible\u003c/a\u003e by Remi Locherer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/8wuW8lfsVGc?t=15983\" rel=\"nofollow\"\u003eRunning BSD on AWS\u003c/a\u003e by Julien Simon and Nicolas David\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/8wuW8lfsVGc?t=21491\" rel=\"nofollow\"\u003eGetting started with OpenBSD device driver development\u003c/a\u003e by Stefan Sperling\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eA huge thanks to the organizers, program committee, and sponsors of EuroBSDCon. Next year, EuroBSDcon will be in Bucharest, Romania.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.sigsegv.be//blog/freebsd/PR219251\" rel=\"nofollow\"\u003eThe story of PR 219251\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe actual story I wanted Kristof to tell, the pf bug he fixed at the Essen Hackathon earlier this summer.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs I threatened to do in my previous post, I\u0026#39;m going to talk about PR 219251 for a bit. The bug report dates from only a few months ago, but the first report (that I can remeber) actually came from Shawn Webb on Twitter, of all places\u003cbr\u003e\nDespite there being a stacktrace it took quite a while (nearly 6 months in fact) before I figured this one out.\u003cbr\u003e\nIt took Reshad Patuck managing to distill the problem down to a small-ish test script to make real progress on this. His testcase meant that I could get core dumps and experiment. It also provided valuable clues because it could be tweaked to see what elements were required to trigger the panic.\u003cbr\u003e\nThis test script starts a (vnet) jail, adds an epair interface to it, sets up pf in the jail, and then reloads the pf rules on the host. Interestingly the panic does not seem to occur if that last step is not included.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eObviously not the desired behaviour, but it seems strange. The instances of pf in the jails are supposed to be separate.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe try to fetch a counter value here, but instead we dereference a bad pointer. There\u0026#39;s two here, so already we need more information. Inspection of the core dump reveals that the state pointer is valid, and contains sane information. The rule pointer (rule.ptr) points to a sensible location, but the data is mostly 0xdeadc0de. This is the memory allocator being helpful (in debug mode) and writing garbage over freed memory, to make use-after-free bugs like this one easier to find.\u003cbr\u003e\nIn other words: the rule has been free()d while there was still a state pointing to it. Somehow we have a state (describing a connection pf knows about) which points to a rule which no longer exists. The core dump also shows that the problem always occurs with states and rules in the default vnet (i.e. the host pf instance), not one of the pf instances in one of the vnet jails. That matches with the observation that the test script does not trigger the panic unless we also reload the rules on the host.\u003cbr\u003e\nGreat, we know what\u0026#39;s wrong, but now we need to work out how we can get into this state. At this point we\u0026#39;re going to have to learn something about how rules and states get cleaned up in pf. Don\u0026#39;t worry if you had no idea, because before this bug I didn\u0026#39;t either.\u003cbr\u003e\nThe states keep a pointer to the rule they match, so when rules are changed (or removed) we can\u0026#39;t just delete them. States get cleaned up when connections are closed or they time out. This means we have to keep old rules around until the states that use them expire.\u003cbr\u003e\n When rules are removed pf_unlink_rule() adds then to the V_pf_unlinked_rules list (more on that funny V_ prefix later). From time to time the pf purge thread will run over all states and mark the rules that are used by a state. Once that\u0026#39;s done for all states we know that all rules that are not marked as in-use can be removed (because none of the states use it). That can be a lot of work if we\u0026#39;ve got a lot of states, so pf_purge_thread() breaks that up into smaller chuncks, iterating only part of the state table on every run.\u003cbr\u003e\nWe iterate over all of our virtual pf instances (VNET_FOREACH()), check if it\u0026#39;s active (for FreeBSD-EN-17.08, where we\u0026#39;ve seen this code before) and then check the expired states with pf_purge_expired_states(). We start at state \u0026#39;idx\u0026#39; and only process a certain number (determined by the PFTM_INTERVAL setting) states. The pf_purge_expired_states() function returns a new idx value to tell us how far we got.\u003cbr\u003e\nSo, remember when I mentioned the odd V_ prefix? Those are per-vnet variables. They work a bit like thread-local variables. Each vnet (virtual network stack) keeps its state separate from the others, and the V_ variables use a pointer that\u0026#39;s changed whenever we change the currently active vnet (say with CURVNET_SET() or CURVNET_RESTORE()). That\u0026#39;s tracked in the \u0026#39;curvnet\u0026#39; variable. In other words: there are as many V_pf_vnet_active variables as there are vnets: number of vnet jails plus one (for the host system).\u003cbr\u003e\nWhy is that relevant here? Note that idx is not a per-vnet variable, but we handle multiple pf instances here. We run through all of them in fact. That means that we end up checking the first X states in the first vnet, then check the second X states in the second vnet, the third X states in the third and so on and so on.\u003cbr\u003e\nThat of course means that we think we\u0026#39;ve run through all of the states in a vnet while we really only checked some of them. So when pf_purge_unlinked_rules() runs it can end up free()ing rules that actually are still in use because pf_purge_thread() skipped over the state(s) that actually used the rule. The problem only happened if we reloaded rules in the host, because the active ruleset is never free()d, even if there are no states pointing to the rule.\u003cbr\u003e\nThat explains the panic, and the fix is actually quite straightforward: idx needs to be a per-vnet variable, V_pf_purge_idx, and then the problem is gone. As is often the case, the solution to a fairly hard problem turns out to be really simple.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs you might expect, finding the problem takes a lot more work that fixing it\u003c/li\u003e\n\u003cli\u003eThanks to Kristof for writing up this detailed post explaining how the problem was found, and what caused it.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/vbsdcon-2017-dexter/\" rel=\"nofollow\"\u003evBSDcon 2017: BSD at Work\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe third biennial vBSDcon hosted by Verisign took place September 7th through 9th with the FreeBSD Developer Summit taking place the first day. vBSDcon and iXsystems’ MeetBSD event have been alternating between the East and West coasts of the U.S.A. and these two events play vital roles in reaching Washington, DC-area and Bay Area/Silicon Valley audiences. Where MeetBSD serves many BSD Vendors, vBSDcon attracts a unique government and security industry demographic that isn’t found anywhere else. Conference time and travel budgets are always limited and bringing these events to their attendees is a much-appreciated service provided by their hosts.\u003cbr\u003e\nThe vBSDcon FreeBSD DevSummit had a strong focus on OpenZFS, the build system and networking with the FreeBSD 12 wish list of features in mind. How to best incorporate the steady flow of new OpenZFS features into FreeBSD such as dataset-level encryption was of particular interest. This feature from a GNU/Linux-based storage vendor is tribute to the growth of the OpenZFS community which is vital in light of the recent “Death of Solaris and ZFS” at Oracle. There has never been more demand for OpenZFS on FreeBSD and the Oracle news further confirms our collective responsibility to meet that demand.\u003cbr\u003e\nThe official conference opened with my talk on “Isolated BSD Build Environments” in which I explained how the bhyve hypervisor can be used to effortlessly tour FreeBSD 5.0-onward and build specific source releases on demand to trace regressions to their offending commit. I was followed by a FreeNAS user who made the good point that FreeNAS is an exemplary “entry vector” into Unix and Enterprise Storage fundamentals, given that many of the vectors our generation had are gone. Where many of us discovered Unix and the Internet via console terminals at school or work, smart phones are only delivering the Internet without the Unix. With some irony, both iOS and Android are Unix-based yet offer few opportunities for their users to learn and leverage their Unix environments.\u003cbr\u003e\nThe next two talks were The History and Future of Core Dumps in FreeBSD by Sam Gwydir and Using pkgsrc for multi-platform deployments in heterogeneous environments by G. Clifford Williams. I strongly recommend that anyone wanting to speak at AsiaBSDCon read Sam’s accompanying paper on core dumps because I consider it the perfect AsiaBSDCon topic and his execution is excellent. Core dumps are one of those things you rarely think about until they are a DROP EVERYTHING! priority. G. Clifford’s talk was about what I consider a near-perfect BSD project: pkgsrc, the portable BSD package manager. I put it up there with OpenSSH and mandoc as projects that have provided significant value to other Open Source operating systems. G. Clifford’s real-world experiences are perfectly inline with vBSDcon’s goal to be more production-oriented than other BSDCons.\u003cbr\u003e\nOf the other talks, any and all Dtrace talks are always appreciated and George Neville-Neil’s did not disappoint. He based it on his experiences with the Teach BSD project which is bringing FreeBSD-based computer science education to schools around the world. The security-related talks by John-Mark Gurney, Dean Freeman and Michael Shirk also represented vBSDcon’s consideration of the local community and made a convincing point that the BSDs should make concerted efforts to qualify for Common Criteria, FIPS, and other Government security requirements. While some security experts will scoff at these, they are critical to the adoption of BSD-based products by government agencies.\u003cbr\u003e\nBSD Now hosts Allan Jude and Benedict Reuschling hosted an OpenZFS BoF and Ansible talk respectively and I hosted a bhyve hypervisor BoF. The Hallway Track and food at vBSDcon were excellent and both culminated with an after-dinner dramatic reading of Michael W. Lucas’ latest book that raised money for the FreeBSD Foundation. A great time was had by all and it was wonderful to see everyone!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2017-September/087848.html\" rel=\"nofollow\"\u003eFreeBSD 10.4-RC2 Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 10.4 will be released soon, this is the last chance to find bugs before the official release is cut.\u003c/li\u003e\n\u003cli\u003eNoteworthy Changes Since 10.4-RC1:\n\n\u003cul\u003e\n\u003cli\u003eGiven that the amd64 disc1 image was overflowing, more of the base components installed into the disc1 (live) file systems had to be disabled.  Most notably, this removed the compiler toolchain from the disc1 images.  All disabled tools are still available with the dvd1 images, though.\u003c/li\u003e\n\u003cli\u003eThe aesni(4) driver now no longer shares a single FPU context across multiple sessions in multiple threads, addressing problems seen when employing aesni(4) for ipsec(4).\u003c/li\u003e\n\u003cli\u003eSupport for netmap(4) by the ixgbe(4) driver has been brought into line with the netmap(4) API present in stable/10.  Also, ixgbe(4) now correctly handles VFs in its netmap(4) support again instead of treating these as PFs.\u003c/li\u003e\n\u003cli\u003eDuring the creation of amd64 and i386 VM images, etcupdate(8) and mergemaster(8) databases now are bootstrapped, akin to what happens along the extraction of base.txz as part of a new installation via bsdinstall(8).  This change allows for both of these tools to work out-of-box on the VM images and avoids errors seen when upgrading these images via freebsd-update(8).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eIf you are still on the stable/10 branch, you should test upgrading to 10.4, and make sure there are no problems with your workload\u003c/li\u003e\n\u003cli\u003eAdditional testing specifically of the features that have changed since 10.4-BETA1 would also be most helpful\u003c/li\u003e\n\u003cli\u003eThis will be the last release from the stable/10 branch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tedunangst.com/flak/post/openbsd-changes-of-note-628\" rel=\"nofollow\"\u003eOpenBSD changes of note 628\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEuroBSDCon in two weeks. Be sure to attend early and often.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMany and various documentation improvements for libcrypto. New man pages, rewrites, expanded bugs sections, and more.\u003c/li\u003e\n\u003cli\u003eOnly allow upward migration in vmd.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere’s a README for the syspatch build system if you want to run your own.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMove the kernel relinking code from /etc/rc into a seperate script usable by syspatch. Kernel patches can now be reduced to just the necessary files.\u003c/li\u003e\n\u003cli\u003eMake the callers of sogetopt() responsible for allocating memory. Now allocation and free occur in the same place.\u003c/li\u003e\n\u003cli\u003eUse waitpid() instead of wait() in most programs to avoid accidentally collecting the wrong child.\u003c/li\u003e\n\u003cli\u003eHave cu call isatty() before making assumptions.\u003c/li\u003e\n\u003cli\u003eSwitch mandoc rendering of mathematical symbols and greek letters from trying to imitate the characters’ graphical shapes, which resulted in unintelligible renderings in many cases, to transliterations conveying the characters’ meanings.\u003c/li\u003e\n\u003cli\u003eUpdate libexpat to 2.2.4. Fix copying partial UTF-8 characters.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSigh, here we go again. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWork around bug in F5’s handling of the supported elliptic curves extension. RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is sending it in ServerHello. We need to skip over it since our TLS extension parsing code is now more strict.\u003c/li\u003e\n\u003cli\u003eAfter a first install, run syspatch -c to check for patches.\u003c/li\u003e\n\u003cli\u003eIf SMAP is present, clear PSL_AC on kernel entry and interrupt so that only the code in copy{in,out}* that need it run with it set. Panic if it’s set on entry to trap() or syscall(). Prompted by Maxime Villard’s NetBSD work. Errata.\u003c/li\u003e\n\u003cli\u003eNew drivers for arm: rktemp, mvpinctrl, mvmpic, mvneta, mvmdio, mvpxa, rkiic, rkpmic.\u003c/li\u003e\n\u003cli\u003eNo need to exec rm from within mandoc. We know there’s exactly one file and directory to remove. Similarly with running cmp.\u003c/li\u003e\n\u003cli\u003eRevert to Mesa 13.0.6 to hopefully address rendering issues a handful of people have reported with xpdf/fvwm on ivy bridge with modesetting driver.\u003c/li\u003e\n\u003cli\u003eRewrite ALPN extension using CBB/CBS and the new extension framework. Rewrite SRTP extension using CBB/CBS and the new extension framework.\u003c/li\u003e\n\u003cli\u003eRevisit 2q queue sizes. Limit the hot queue to 1/20th the cache size up to a max of 4096 pages. Limit the warm and cold queues to half the cache. This allows us to more effectively notice re-interest in buffers instead of losing it in a large hot queue.\u003c/li\u003e\n\u003cli\u003eAdd glass console support for arm64. Probably not yet for your machine, though.\u003c/li\u003e\n\u003cli\u003eReplace heaps of hand-written syscall stubs in ld.so with a simpler framework.\u003c/li\u003e\n\u003cli\u003e65535 is a valid port to listen on.\u003c/li\u003e\n\u003cli\u003eWhen xinit starts an X server that listens only on UNIX socket, prefer DISPLAY=unix:0 rather than DISPLAY=:0. This will prevent applications from ever falling back to TCP if the UNIX socket connection fails (such as when the X server crashes). Reverted.\u003c/li\u003e\n\u003cli\u003eAdd -z and -Z options to apmd to auto suspend or hibernate when low on battery.\u003c/li\u003e\n\u003cli\u003eRemove the original (pre-IETF) chacha20-poly1305 cipher suites.\u003c/li\u003e\n\u003cli\u003eAdd urng(4) which supports various USB RNG devices. Instead of adding one driver per device, start bundling them into a single driver.\u003c/li\u003e\n\u003cli\u003eRemove old deactivated pledge path code. A replacement mechanism is being brewed.\u003c/li\u003e\n\u003cli\u003eFix a bug from the extension parsing rewrite. Always parse ALPN even if no callback has been installed to prevent leaving unprocessed data which leads to a decode error.\u003c/li\u003e\n\u003cli\u003eClarify what is meant by syslog priorities being ordered, since the numbers and priorities are backwards.\u003c/li\u003e\n\u003cli\u003eRemove a stray setlocale() from ksh, eliminating a lot of extra statically linked code.\u003c/li\u003e\n\u003cli\u003eUnremove some NPN symbols from libssl because ports software thinks they should be there for reasons.\u003c/li\u003e\n\u003cli\u003eFix saved stack location after resume. Somehow clang changed it. Resume works again on i386.\u003c/li\u003e\n\u003cli\u003eImprove error messages in vmd and vmctl to be more informative.\u003c/li\u003e\n\u003cli\u003eStop building the miniroot installer for OMAP3 Beagleboards. It hasn’t worked in over a year and nobody noticed.\u003c/li\u003e\n\u003cli\u003eHave the callers of sosetopt() free the mbuf for symmetry.\u003c/li\u003e\n\u003cli\u003eOn octeon, let the kernel use the hardware FPU even if emulation is compiled in. It’s faster.\u003c/li\u003e\n\u003cli\u003eFix support for 486DX CPUs by not calling cpuid. I used to own a 486. Now I don’t.\u003c/li\u003e\n\u003cli\u003eMerge some drm fixes from linux.\u003c/li\u003e\n\u003cli\u003eDefer probing of floppy drives, eliminating delays during boot.\u003c/li\u003e\n\u003cli\u003eBetter handling of probes and beacons and timeouts and scans in wifi stack to avoid disconnects.\u003c/li\u003e\n\u003cli\u003eMove mutex, condvar, and thread-specific data routes, pthread_once, and pthread_exit from libpthread to libc, along with low-level bits to support them. Let’s thread aware (but not actually threaded) code work with just libc.\u003c/li\u003e\n\u003cli\u003eNew POSIX xlocale implementation. Complete as long as you only use ASCII and UTF-8, as you should.\u003c/li\u003e\n\u003cli\u003eRound and round it goes; when 6.2 stops, nobody knows. A peak at the future?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://eradman.com/posts/screencasting.html\" rel=\"nofollow\"\u003eScreencasting with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUSB Audio\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAny USB microphone should appear as a new audio device. Here is the dmesg for my mic by ART:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nuaudio0 at uhub0 port 2 configuration 1 interface 0 \u0026quot;M-One USB\u0026quot; rev 1.10/0.01 addr 2\u003cbr\u003e\nuaudio0: audio rev 1.00, 8 mixer controls\u003cbr\u003e\naudio1 at uaudio0\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eaudioctl can read off all of the specific characterisitcs of this device\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\n$ audioctl -f /dev/audio1 | grep record\u003cbr\u003e\nmode=play,record\u003cbr\u003e\nrecord.rate=48000\u003cbr\u003e\nrecord.channels=1\u003cbr\u003e\nrecord.precision=16\u003cbr\u003e\nrecord.bps=2\u003cbr\u003e\nrecord.msb=1\u003cbr\u003e\nrecord.encoding=slinear_le\u003cbr\u003e\nrecord.pause=0\u003cbr\u003e\nrecord.active=0\u003cbr\u003e\nrecord.block_size=1960\u003cbr\u003e\nrecord.bytes=0\u003cbr\u003e\nrecord.errors=0\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow test the recording from the second audio device using aucat(1)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\naucat -f rsnd/1 -o file.wav\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf the device also has a headset audio can be played through the same device.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\naucat -f rsnd/1 -i file.wav\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eScreen Capture using Xvfb\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe rate at which a framebuffer for your video card is a feature of the hardware and software your using, and it\u0026#39;s often very slow. x11vnc will print an estimate of the banwidth for the system your running.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nx11vnc\u003cbr\u003e\n...\u003cbr\u003e\n09/05/2012 22:23:45 fb read rate: 7 MB/sec\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is about 4fps. We can do much better by using a virtual framebuffer. Here I\u0026#39;m setting up a new screen, setting the background color, starting cwm and an instance of xterm\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nXvfb :1 -screen 0 720x540x16 \u0026amp;\u003cbr\u003e\nDISPLAY=:1 xsetroot -solid steelblue \u0026amp;\u003cbr\u003e\nDISPLAY=:1 cwm \u0026amp;\u003cbr\u003e\nDISPLAY=:1 xterm +sb -fa Hermit -fs 14 \u0026amp;\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMuch better! Now we\u0026#39;re up around 20fps.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nx11vnc -display :1  \u0026amp;\u003cbr\u003e\n...\u003cbr\u003e\n11/05/2012 18:04:07 fb read rate: 168 MB/sec\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMake a connection to this virtual screen using raw encoding to eliminate time wasted on compression.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nvncviewer localhost -encodings raw\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA test recording with sound then looks like this\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 ~/out.avi\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNote: always stop the recording and playback using q, not Ctrl-C so that audio inputs are shut down properly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eScreen Capture using Xephyr\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eXephyr is perhaps the easiest way to run X with a shadow framebuffer. This solution also avoids reading from the video card\u0026#39;s RAM, so it\u0026#39;s reasonably fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nXephyr -ac -br -noreset -screen 800x600 :1 \u0026amp;\u003cbr\u003e\nDISPLAY=:1 xsetroot -solid steelblue \u0026amp;\u003cbr\u003e\nDISPLAY=:1 cwm \u0026amp;\u003cbr\u003e\nDISPLAY=:1 xrdb -load ~/.Xdefaults \u0026amp;\u003cbr\u003e\nDISPLAY=:1 xterm +sb -fa \u0026quot;Hermit\u0026quot; -fs 14 \u0026amp;\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCapture works in exactally the same way. This command tries to maintain 12fps.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1 -acodec copy ~/out.avi\u003cbr\u003e\nTo capture keyboard and mouse input press Ctrl then Shift. This is very handy for using navigating a window manager in the nested X session.\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eArranging Windows\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have sometimes found it helpful to launch applications and arrange them in a specific way. This will open up a web browser listing the current directory and position windows using xdotool\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nDISPLAY=:1 midori \u0026quot;file:///\u003c/code\u003epwd\u003ccode\u003e\u0026quot; \u0026amp;\u003cbr\u003e\nsleep 2\u003cbr\u003e\nDISPLAY=:1 xdotool search --name \u0026quot;xterm\u0026quot; windowmove 0 0\u003cbr\u003e\nDISPLAY=:1 xdotool search --class \u0026quot;midori\u0026quot; windowmove 400 0\u003cbr\u003e\nDISPLAY=:1 xdotool search --class \u0026quot;midori\u0026quot; windowsize 400 576\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis will position the window precisely so that it appears to be in a tmux window on the right.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAudio/Video Sync\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you find that the audio is way out of sync with the video, you can ajust the start using the -ss before the audio input to specify the number of seconds to delay. My final recording command line, that delays the audio by 0.5 seconds, writing 12fps\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -ss 0.5 -f sndio -i snd/1 -y -f x11grab -r 12 -s 800x600 -i :1.0 -vcodec ffv1  -acodec copy ~/out.avi\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSharing a Terminal with tmux\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you\u0026#39;re trying to record a terminal session, tmux is able to share a session. In this way a recording of an X framebuffer can be taken without even using the screen. Start by creating the session.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\ntmux -2 -S /tmp/tmux0\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen on the remote side connect on the same socket\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\ntmux -2 -S /tmp/tmux0 attach\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTaking Screenshots\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eGrabbing a screenshots on Xvfb server is easily accomplished with ImageMagick\u0026#39;s import command\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nDISPLAY=:1 import -window root screenshot.png\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAudio Processing and Video Transcoding\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first step is to ensure that the clip begins and ends where you\u0026#39;d like it to. The following will make a copy of the recording starting at time 00:00 and ending at 09:45\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -i interactive-sql.avi \\\u003cbr\u003e\n    -vcodec copy -acodec copy\u003cbr\u003e\n    -ss 00:00:00 -t 00:09:45\u003cbr\u003e\n    interactive-sql-trimmed.avi\u003cbr\u003e\nmv interactive-sql-trimmed.avi interactive-sql.avi\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSetting the gain correctly is very important with an analog mixer, but if you\u0026#39;re using a USB mic there may not be a gain option; simply record using it\u0026#39;s built-in settings and then adjust the levels afterwards using a utility such as normalize. First extact the audio as a raw PCM file and then run normalize\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -i interactive-sql.avi -c:a copy -vn audio.wav\u003cbr\u003e\nnormalize audio.wav\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNext merge the audio back in again\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -i interactive-sql.avi -i audio.wav \\\u003cbr\u003e\n    -map 0:0 -map 1:0 -c copy interactive-sql-normalized.avi\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe final step is to compress the screencast for distribution. Encoding to VP8/Vorbis is easy:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -i interactive-sql-normalized.avi -c:v libvpx -b:v 1M\u003cbr\u003e\n    -c:a libvorbis -q:a 6 interactive-sql.webm\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eH.264/AAC is tricky. For most video players the color space needs to be set to yuv420p. The -movflags puts the index data at the beginning of the file to enable streaming/partial content requests over HTTP:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e\u003cbr\u003e\nffmpeg -y -i interactive-sql-normalized.avi -c:v libx264 \\\u003cbr\u003e\n    -preset slow -crf 14 -pix_fmt yuv420p -movflags +faststart \\\u003cbr\u003e\n    -c:a aac -q:a 6 interactive-sql.mp4\u003cbr\u003e\n\u003c/code\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/trueos-ohio-linuxfest-17/\" rel=\"nofollow\"\u003eTrueOS @ Ohio Linuxfest ’17!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDru Lavigne and Ken Moore are both giving presentations on Saturday the 30th. Sit in and hear about new developments for the Lumina and FreeNAS projects.\u003c/li\u003e\n\u003cli\u003eKen is offering Lumina Rising: Challenging Desktop Orthodoxy at 10:15 am in Franklin A. Hear his thoughts about the ideas propelling desktop environment development and how Lumina, especially Lumina 2, is seeking to offer a new model of desktop architecture. Elements discussed include session security, application dependencies, message handling, and operating system integration.\u003c/li\u003e\n\u003cli\u003eDru is talking about What’s New in FreeNAS 11 at 2:00 pm in Franklin D. She’ll be providing an overview of some of the new features added in FreeNAS 11.0, including:\n\n\u003cul\u003e\n\u003cli\u003eAlert Services\u003c/li\u003e\n\u003cli\u003eStarting specific services at boot time\u003c/li\u003e\n\u003cli\u003eAD Monitoring to ensure the AD service restarts if disconnected\u003c/li\u003e\n\u003cli\u003eA preview of the new user interface\u003c/li\u003e\n\u003cli\u003esupport for S3-compatible storage and the bhyve hypervisor\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eShe’s also giving a sneak peek of FreeNAS 11.1, which has some neat features:\n\n\u003cul\u003e\n\u003cli\u003eA complete rewrite of the Jails/Plugins system as FreeNAS moves from warden to iocage\u003c/li\u003e\n\u003cli\u003eWriting new plugins with just a few lines of code\u003c/li\u003e\n\u003cli\u003eA brand new asynchronous middleware API \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWho’s going? Attending this year are:\n\n\u003cul\u003e\n\u003cli\u003eDru Lavigne (dlavigne): Dru leads the technical documentation team at iX, and contributes heavily to open source documentation projects like FreeBSD, FreeNAS, and TrueOS.\u003c/li\u003e\n\u003cli\u003eKen Moore (beanpole134): Ken is the lead developer of Lumina and a core contributor to TrueOS. He also works on a number of other Qt5 projects for iXsystems.\u003c/li\u003e\n\u003cli\u003eJ.T. Pennington (q5sys): Some of you may be familiar with his work on BSDNow, but J.T. also contributes to the TrueOS, Lumina, and SysAdm projects, helping out with development and general bug squashing.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/lumina-development-preview-theme-engine/\" rel=\"nofollow\"\u003eLumina Development Preview: Theme Engine\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.theregister.co.uk/2017/09/04/retro_thinkpad_spotted_in_the_wild/\" rel=\"nofollow\"\u003eIt\u0026#39;s happening! Official retro Thinkpad lappy spotted in the wild\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/llvm_libfuzzer_and_safestack_ported\" rel=\"nofollow\"\u003eLLVM libFuzzer and SafeStack ported to NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/event-calendar/2017-openzfs-developer-summit/\" rel=\"nofollow\"\u003eRemaining 2017 FreeBSD Events\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAndrew - \u003ca href=\"http://dpaste.com/0YTT0VP\" rel=\"nofollow\"\u003eBSD Teaching Material\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSeth - \u003ca href=\"http://dpaste.com/1SK92ZX#wrap\" rel=\"nofollow\"\u003eSwitching to Tarsnap after Crashplan becomes no more\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThomas - \u003ca href=\"http://dpaste.com/02KD5FX#wrap\" rel=\"nofollow\"\u003eNative encryption in ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCoding Cowboy - \u003ca href=\"http://dpaste.com/31K0E40#wrap\" rel=\"nofollow\"\u003eCoding Cowboy - Passwords and clipboards\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We recap EuroBSDcon in Paris, tell the story behind a pf PR, and show you how to do screencasting with OpenBSD.","date_published":"2017-09-27T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1e3907b4-e886-4922-ae37-e2fa5e898d3e.mp3","mime_type":"audio/mpeg","size_in_bytes":65524180,"duration_in_seconds":5460}]},{"id":"79738da3-b250-4193-a0fe-9184876562bf","title":"212: The Solaris Eclipse","url":"https://www.bsdnow.tv/212","content_text":"We recap vBSDcon, give you the story behind a PF EN, reminisce in Solaris memories, and show you how to configure different DEs on FreeBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\n[vBSDCon]\n\n\nvBSDCon was held September 7 - 9th. We recorded this only a few days after getting home from this great event.\nThings started on Wednesday night, as attendees of the thursday developer summit arrived and broke into smallish groups for disorganized dinner and drinks.\nWe then held an unofficial hacker lounge in a medium sized seating area, working and talking until we all decided that the developer summit started awfully early tomorrow.\nThe developer summit started with a light breakfast and then then we dove right in\nEd Maste started us off, and then Glen Barber gave a presentation about lessons learned from the 11.1-RELEASE cycle, and comparing it to previous releases. 11.1 was released on time, and was one of the best releases so far. The slides are linked on the DevSummit wiki page.\nThe group then jumped into hackmd.io a collaborative note taking application, and listed of various works in progress and upstreaming efforts. Then we listed wants and needs for the 12.0 release.\nAfter lunch we broke into pairs of working groups, with additional space for smaller meetings. The first pair were, ZFS and Toolchain, followed by a break and then a discussion of IFLIB and network drivers in general. After another break, the last groups of the day met, pkgbase and secure boot.\nThen it was time for the vBSDCon reception dinner. This standing dinner was a great way to meet new people, and for attendees to mingle and socialize.\nThe official hacking lounge Thursday night was busy, and included some great storytelling, along with a bunch of work getting done.\nIt was very encouraging to watch a struggling new developer getting help from a seasoned veteran. Watching the new developers eyes light up as the new information filled in gaps and they now understood so much more than just a few minutes before, and they raced off to continue working, was inspirational, and reminded me why these conferences are so important.\nThe hacker lounge shut down relatively early by BSD conference standards, but, the conference proper started at 8:45 sharp the next morning, so it made sense.\nFriday saw a string of good presentations, I think my favourite was Jonathan Anderson’s talk on Oblivious sandboxing. Jonathan is a very energetic speaker, and was able to keep everyone focused even during relatively complicated explanations.\nFriday night I went for dinner at ‘Big Bowl’, a stir-fry bar, with a largish group of developers and users of both FreeBSD and OpenBSD. The discussions were interesting and varied, and the food was excellent. Benedict had dinner with JT and some other folks from iXsystems.\nFriday night the hacker lounge was so large we took over a bigger room (it had better WiFi too).\nSaturday featured more great talks. The talk I was most interested in was from Eric McCorkle, who did the EFI version of my GELIBoot work. I had reviewed some of the work, but it was interesting to hear the story of how it happened, and to see the parallels with my own story.\nMy favourite speaker was Paul Vixie, who gave a very interesting talk about the gets() function in libc. gets() was declared unsafe before the FreeBSD project even started. The original import of the CSRG code into FreeBSD includes the compile time, and run-time warnings against using gets(). OpenBSD removed gets() in version 5.6, in 2014. Following Paul’s presentation, various patches were raised, to either cause use of gets() to crash the program, or to remove gets() entirely, causing such programs to fail to link.\nThe last talk before the closing was Benedict’s BSD Systems Management with Ansible.\nShortly after, Allan won a MacBook Pro by correctly guessing the number of components in a jar that was standing next to the registration desk (Benedict was way off, but had a good laugh about the unlikely future Apple user).\nSaturday night ended with the Conference Social, and excellent dinner with more great conversations\nOn Sunday morning, a number of us went to the Smithsonian Air and Space Museum site near the airport, and saw a Concorde, an SR-71, and the space shuttle Discovery, among many other exhibits.\nCheck out the full photo album by JT, our producer.\nThanks to all the sponsors for vBSDcon and all the organizers from Verisign, who made it such a great event.\n***\n\n\nThe story behind FreeBSD-EN-17.08.pf\n\n\nAfter our previous deep dive on a bug in episode 209, Kristof Provost, the maintainer of pf on FreeBSD (he is going to hate me for saying that) has written the story behind a recent ERRATA notice for FreeBSD\n\n\n\nFirst things first, so I have to point out that I think Allan misremembered things. The heroic debugging story is PR 219251, which I'll try to write about later. \nFreeBSD-EN-17:08.pf is an issue that affected some FreeBSD 11.x systems, where FreeBSD would panic at startup. There were no reports for CURRENT.\nThere's very little to go on here, but we do know the cause of the panic (\"integer divide fault\"), and that the current process was \"pf purge\". The pf purge thread is part of the pf housekeeping infrastructure. It's a housekeeping kernel thread which cleans up things like old states and expired fragments.\nThe lack of mention of pf functions in the backtrace is a hint unto itself. It suggests that the error is probably directly in pf_purge_thread(). It might also be in one of the static functions it calls, because compilers often just inline those so they don't generate stack frames. \nRemember that the problem is an \"integer divide fault\". How can integer divisions be a problem? Well, you can try to divide by zero. The most obvious suspect for this is this code:\n  idx = pf_purge_expired_states(idx, pf_hashmask / (V_pf_default_rule.timeout[PFTM_INTERVAL] * 10));\nHowever, this variable is both correctly initialised (in pfattach_vnet()) and can only be modified through the DIOCSETTIMEOUT ioctl() call and that one checks for zero. \nAt that point I had no idea how this could happen, but because the problem did not affect CURRENT I looked at the commit history and found this commit from Luiz Otavio O Souza:\n  Do not run the pf purge thread while the VNET variables are not initialized, this can cause a divide by zero (if the VNET initialization takes to long to complete).\n  Obtained from:  pfSense\n  Sponsored by:   Rubicon Communications, LLC (Netgate)\nThat sounds very familiar, and indeed, applying the patch fixed the problem. Luiz explained it well: it's possible to use V_pf_default_rule.timeout before it's initialised, which caused this panic. \nTo me, this reaffirms the importance of writing good commit messages: because Luiz mentioned both the pf purge thread and the division by zero I was easily able to find the relevant commit. If I hadn't found it this fix would have taken a lot longer. \n\n\n\nNext week we’ll look at the more interesting story I was interested in, which I managed to nag Kristof into writing\n***\n\n\nThe sudden death and eternal life of Solaris\n\n\nA blog post from Bryan Cantrill about the death of Solaris\n\n\n\nAs had been rumored for a while, Oracle effectively killed Solaris. When I first saw this, I had assumed that this was merely a deep cut, but in talking to Solaris engineers still at Oracle, it is clearly much more than that. It is a cut so deep as to be fatal: the core Solaris engineering organization lost on the order of 90% of its people, including essentially all management.\nOf note, among the engineers I have spoken with, I heard two things repeatedly: “this is the end” and (from those who managed to survive Friday) “I wish I had been laid off.” Gone is any of the optimism (however tepid) that I have heard over the years — and embarrassed apologies for Oracle’s behavior have been replaced with dismay about the clumsiness, ineptitude and callousness with which this final cut was handled. In particular, that employees who had given their careers to the company were told of their termination via a pre-recorded call — “robo-RIF’d” in the words of one employee — is both despicable and cowardly. To their credit, the engineers affected saw themselves as Sun to the end: they stayed to solve hard, interesting problems and out of allegiance to one another — not out of any loyalty to the broader Oracle. Oracle didn’t deserve them and now it doesn’t have them — they have been liberated, if in a depraved act of corporate violence.\nAssuming that this is indeed the end of Solaris (and it certainly looks that way), it offers a time for reflection. Certainly, the demise of Solaris is at one level not surprising, but on the other hand, its very suddenness highlights the degree to which proprietary software can suffer by the vicissitudes of corporate capriciousness. Vulnerable to executive whims, shareholder demands, and a fickle public, organizations can simply change direction by fiat. And because — in the words of the late, great Roger Faulkner — “it is easier to destroy than to create,” these changes in direction can have lasting effect when they mean stopping (or even suspending!) work on a project. Indeed, any engineer in any domain with sufficient longevity will have one (or many!) stories of exciting projects being cancelled by foolhardy and myopic management. For software, though, these cancellations can be particularly gutting because (in the proprietary world, anyway) so many of the details of software are carefully hidden from the users of the product — and much of the innovation of a cancelled software project will likely die with the project, living only in the oral tradition of the engineers who knew it. Worse, in the long run — to paraphrase Keynes — proprietary software projects are all dead. However ubiquitous at their height, this lonely fate awaits all proprietary software. \nThere is, of course, another way — and befitting its idiosyncratic life and death, Solaris shows us this path too: software can be open source. In stark contrast to proprietary software, open source does not — cannot, even — die. Yes, it can be disused or rusty or fusty, but as long as anyone is interested in it at all, it lives and breathes. Even should the interest wane to nothing, open source software survives still: its life as machine may be suspended, but it becomes as literature, waiting to be discovered by a future generation. That is, while proprietary software can die in an instant, open source software perpetually endures by its nature — and thrives by the strength of its communities. Just as the existence of proprietary software can be surprisingly brittle, open source communities can be crazily robust: they can survive neglect, derision, dissent — even sabotage.\nIn this regard, I speak from experience: from when Solaris was open sourced in 2005, the OpenSolaris community survived all of these things. By the time Oracle bought Sun five years later in 2010, the community had decided that it needed true independence — illumos was born. And, it turns out, illumos was born at exactly the right moment: shortly after illumos was announced, Oracle — in what remains to me a singularly loathsome and cowardly act — silently re-proprietarized Solaris on August 13, 2010. We in illumos were indisputably on our own, and while many outsiders gave us no chance of survival, we ourselves had reason for confidence: after all, open source communities are robust because they are often united not only by circumstance, but by values, and in our case, we as a community never lost our belief in ZFS, Zones, DTrace and myriad other technologies like MDB, FMA and Crossbow.\nIndeed, since 2010, illumos has thrived; illumos is not only the repository of record for technologies that have become cross-platform like OpenZFS, but we have also advanced our core technologies considerably, while still maintaining highest standards of quality. Learning some of the mistakes of OpenSolaris, we have a model that allows for downstream innovation, experimentation and differentiation. For example, Joyent’s SmartOS has always been focused on our need for a cloud hypervisor (causing us to develop big features like hardware virtualization and Linux binary compatibility), and it is now at the heart of a massive buildout for Samsung (who acquired Joyent a little over a year ago). For us at Joyent, the Solaris/illumos/SmartOS saga has been formative in that we have seen both the ill effects of proprietary software and the amazing resilience of open source software — and it very much informed our decision to open source our entire stack in 2014.\nJudging merely by its tombstone, the life of Solaris can be viewed as tragic: born out of wedlock between Sun and AT\u0026amp;T and dying at the hands of a remorseless corporate sociopath a quarter century later. And even that may be overstating its longevity: Solaris may not have been truly born until it was made open source, and — certainly to me, anyway — it died the moment it was again made proprietary. But in that shorter life, Solaris achieved the singular: immortality for its revolutionary technologies. So while we can mourn the loss of the proprietary embodiment of Solaris (and we can certainly lament the coarse way in which its technologists were treated!), we can rejoice in the eternal life of its technologies — in illumos and beyond!\n\n\n\n\nNews Roundup\n\nOpenBSD on the Lenovo Thinkpad X1 Carbon (5th Gen)\n\n\nJoshua Stein writes about his experiences running OpenBSD on the 5th generation Lenovo Thinkpad X1 Carbon:\n\n\n\nThinkPads have sort of a cult following among OpenBSD developers and users because the hardware is basic and well supported, and the keyboards are great to type on. While no stranger to ThinkPads myself, most of my OpenBSD laptops in recent years have been from various vendors with brand new hardware components that OpenBSD does not yet support. As satisfying as it is to write new kernel drivers or extend existing ones to make that hardware work, it usually leaves me with a laptop that doesn't work very well for a period of months.\nAfter exhausting efforts trying to debug the I2C touchpad interrupts on the Huawei MateBook X (and other 100-Series Intel chipset laptops), I decided to take a break and use something with better OpenBSD support out of the box: the fifth generation Lenovo ThinkPad X1 Carbon.\n\n\n\nHardware\n\n\n\nLike most ThinkPads, the X1 Carbon is available in a myriad of different internal configurations. I went with the non-vPro Core i7-7500U (it was the same price as the Core i5 that I normally opt for), 16Gb of RAM, a 256Gb NVMe SSD, and a WQHD display.\nThis generation of X1 Carbon finally brings a thinner screen bezel, allowing the entire footprint of the laptop to be smaller which is welcome on something with a 14\" screen. The X1 now measures 12.7\" wide, 8.5\" deep, and 0.6\" thick, and weighs just 2.6 pounds. While not available at initial launch, Lenovo is now offering a WQHD IPS screen option giving a resolution of 2560x1440. Perhaps more importantly, this display also has much better brightness than the FHD version, something ThinkPads have always struggled with.\nOn the left side of the laptop are two USB-C ports, a USB-A port, a full-size HDMI port, and a port for the ethernet dongle which, despite some reviews stating otherwise, is not included with the laptop. On the right side is another USB-A port and a headphone jack, along with a fan exhaust grille. On the back is a tray for the micro-SIM card for the optional WWAN device, which also covers the Realtek microSD card reader. The tray requires a paperclip to eject which makes it inconvenient to remove, so I think this microSD card slot is designed to house a card semi-permanently as a backup disk or something.\nOn the bottom are the two speakers towards the front and an exhaust grille near the center. The four rubber feet are rather plastic feeling, which allows the laptop to slide around on a desk a bit too much for my liking. I wish they were a bit softer to be stickier.\nCharging can be done via either of the two USB-C ports on the left, though I wish more vendors would do as Google did on the Chromebook Pixel and provide a port on both sides. This makes it much more convenient to charge when not at one's desk, rather than having to route a cable around to one specific side. The X1 Carbon includes a 65W USB-C PD with a fixed USB-C cable and removable country-specific power cable, which is not very convenient due to its large footprint. I am using an Apple 61W USB-C charger and an Anker cable which charge the X1 fine (unlike HP laptops which only work with HP USB-C chargers).\nWireless connectivity is provided by a removable Intel 8265 802.11a/b/g/n/ac WiFi and Bluetooth 4.1 card. An Intel I219-V chip provides ethernet connectivity and requires an external dongle for the physical cable connection.\nThe screen hinge is rather tight, making it difficult to open with one hand. The tradeoff is that the screen does not wobble in the least bit when typing.\nThe fan is silent at idle, and there is no coil whine even under heavy load. During a make -j4 build, the fan noise is reasonable and medium-pitched, rather than a high-pitched whine like on some laptops. The palm rest and keyboard area remain cool during high CPU utilization.\nThe full-sized keyboard is backlit and offers two levels of adjustment. The keys have a soft surface and a somewhat clicky feel, providing very quiet typing except for certain keys like Enter, Backspace, and Escape. The keyboard has a reported key travel of 1.5mm and there are dedicated Page Up and Page Down keys above the Left and Right arrow keys. Dedicated Home, End, Insert, and Delete keys are along the top row. The Fn key is placed to the left of Control, which some people hate (although Lenovo does provide a BIOS option to swap it), but it's in the same position on Apple keyboards so I'm used to it. However, since there are dedicated Page Up, Page Down, Home, and End keys, I don't really have a use for the Fn key anyway.\n\n\n\nFirmware\n\n\n\nThe X1 Carbon has a very detailed BIOS/firmware menu which can be entered with the F1 key at boot. F12 can be used to temporarily select a different boot device.\nA neat feature of the Lenovo BIOS is that it supports showing a custom boot logo instead of the big red Lenovo logo. From Windows, download the latest BIOS Update Utility for the X1 Carbon (my model was 20HR). Run it and it'll extract everything to C:\\drivers\\flash(some random string). Drop a logo.gif file in that directory and run winuptp.exe. If a logo file is present, it'll ask whether to use it and then write the new BIOS to its staging area, then reboot to actually flash it.\n\n\nOpenBSD support\n\n\nSecure Boot has to be disabled in the BIOS menu, and the \"CSM Support\" option must be enabled, even when \"UEFI/Legacy Boot\" is left on \"UEFI Only\". Otherwise the screen will just go black after the OpenBSD kernel loads into memory.\n\n\n\nBased on this component list, it seems like everything but the fingerprint sensor works fine on OpenBSD.\n***\n\n\nConfiguring 5 different desktop environments on FreeBSD\n\n\nThis fairly quick tutorial over at LinuxSecrets.com is a great start if you are new to FreeBSD, especially if you are coming from Linux and miss your favourite desktop environment\nIt just goes to show how easy it is to build the desktop you want on modern FreeBSD\nThe tutorial covers: GNOME, KDE, Xfce, Mate, and Cinnamon\nThe instructions for each boil down to some variation of:\nInstall the desktop environment and a login manager if it is not included:\n\u0026gt; sudo pkg install gnome3\nEnable the login manager, and usually dbus and hald:\n\u0026gt; sudo sysrc dbus_enable=\"YES\" hald_enable=\"YES\" gdm_enable=\"YES\" gnome_enable=\"YES\"?\nIf using a generic login manager, add the DE startup command to your .xinitrc:\n\u0026gt; echo \"exec cinnamon\" \u0026gt; ~/.xinitrc \nAnd that is about it. \nThe tutorial goes into more detail on other configuration you can do to get your desktop just the way you like it.\nTo install Lumina:\n\u0026gt; sudo pkg install lumina pcbsd-utils-qt5\nThis will install Lumina and the pcbsd utilities package which includes pcdm, the login manager. In the near future we hear the login manager and some of the other utilities will be split into separate packages, making it easier to use them on vanilla FreeBSD.\n\u0026gt; sudo sysrc pcdm_enable=”YES” dbus_enable=\"YES\" hald_enable=\"YES\" \nReboot, and you should be greeted with the graphical login screen\n***\n\n\nA return-oriented programming defense from OpenBSD\n\n\nWe talked a bit about RETGUARD last week, presenting Theo’s email announcing the new feature\nLinux Weekly News has a nice breakdown on just how it works\n\n\n\nStack-smashing attacks have a long history; they featured, for example, as a core part of the Morris worm back in 1988. Restrictions on executing code on the stack have, to a great extent, put an end to such simple attacks, but that does not mean that stack-smashing attacks are no longer a threat. Return-oriented programming (ROP) has become a common technique for compromising systems via a stack-smashing vulnerability. There are various schemes out there for defeating ROP attacks, but a mechanism called \"RETGUARD\" that is being implemented in OpenBSD is notable for its relative simplicity.\nIn a classic stack-smashing attack, the attack code would be written directly to the stack and executed there. Most modern systems do not allow execution of on-stack code, though, so this kind of attack will be ineffective. The stack does affect code execution, though, in that the call chain is stored there; when a function executes a \"return\" instruction, the address to return to is taken from the stack. An attacker who can overwrite the stack can, thus, force a function to \"return\" to an arbitrary location.\nThat alone can be enough to carry out some types of attacks, but ROP adds another level of sophistication. A search through a body of binary code will turn up a great many short sequences of instructions ending in a return instruction. These sequences are termed \"gadgets\"; a large program contains enough gadgets to carry out almost any desired task — if they can be strung together into a chain. ROP works by locating these gadgets, then building a series of stack frames so that each gadget \"returns\" to the next.\nThere is, of course, a significant limitation here: a ROP chain made up of exclusively polymorphic gadgets will still work, since those gadgets were not (intentionally) created by the compiler and do not contain the return-address-mangling code. De Raadt acknowledged this limitation, but said: \"we believe once standard-RET is solved those concerns become easier to address separately in the future. In any case a substantial reduction of gadgets is powerful\".\nUsing the compiler to insert the hardening code greatly eases the task of applying RETGUARD to both the OpenBSD kernel and its user-space code. At least, that is true for code written in a high-level language. Any code written in assembly must be changed by hand, though, which is a fair amount of work. De Raadt and company have done that work; he reports that: \"We are at the point where userland and base are fully working without regressions, and the remaining impacts are in a few larger ports which directly access the return address (for a variety of reasons)\". It can be expected that, once these final issues are dealt with, OpenBSD will ship with this hardening enabled.\n\n\n\nThe article wonders about applying the same to Linux, but notes it would be difficult because the Linux kernel cannot currently be compiled using LLVM\n\n\n\nIf any benchmarks have been run to determine the cost of using RETGUARD, they have not been publicly posted. The extra code will make the kernel a little bigger, and the extra overhead on every function is likely to add up in the end. But if this technique can make the kernel that much harder to exploit, it may well justify the extra execution overhead that it brings with it. All that's needed is somebody to actually do the work and try it out.\n\n\n\n\nVideos from BSDCan have started to appear!\n\n\nHenning Brauer: tcp synfloods - BSDCan 2017\nBenno Rice: The Trouble with FreeBSD - BSDCan 2017\nLi-Wen Hsu: Continuous Integration of The FreeBSD Project - BSDCan 2017\nAndrew Turner: GENERIC ARM - BSDCan 2017\nBjoern A. Zeeb: From the outside - BSDCan 2017\nRodney W. Grimes: FreeBSD as a Service - BSDCan 2017\nReyk Floeter: The OpenBSD virtual machine daemon - BSDCan 2017\nBrian Kidney: The Realities of DTrace on FreeBSD - BSDCan 2017\nThe rest will continue to trickle out, likely not until after EuroBSDCon\n***\n\n\nBeastie Bits\n\n\nOracle has killed sun\nConfigure Thunderbird to send patch friendly\nFreeBSD 10.4-BETA4 Available\niXsystems looking to hire kernel and zfs developers (especially Sun/Oracle Refugees)\nSpeaking of job postings, UnitedBSD.com has few job postings related to BSD\n\n\nCall for papers\n\n\nUSENIX FAST ‘18 - February 12-15, 2018, Due: September 28 2017\nScale 16x - March 8-11, 2018, Due: October 31, 2017 \nFOSDEM ‘18 - February 3-4, 2018, Due: November 3 2017 \n\n\n\n\nFeedback/Questions\n\n\nJason asks about cheap router hardware\nPrashant asks about latest kernels with freebsd-update\nMatt wants know about VM Performance \u0026amp; CPU Steal Time\nJohn has config questions regarding Dell precision 7720, FreeBSD, NVME, and ZFS\n***\n","content_html":"\u003cp\u003eWe recap vBSDcon, give you the story behind a PF EN, reminisce in Solaris memories, and show you how to configure different DEs on FreeBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e[vBSDCon]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003evBSDCon was held September 7 - 9th. We recorded this only a few days after getting home from this great event.\u003c/li\u003e\n\u003cli\u003eThings started on Wednesday night, as attendees of the thursday developer summit arrived and broke into smallish groups for disorganized dinner and drinks.\u003c/li\u003e\n\u003cli\u003eWe then held an unofficial hacker lounge in a medium sized seating area, working and talking until we all decided that the developer summit started awfully early tomorrow.\u003c/li\u003e\n\u003cli\u003eThe developer summit started with a light breakfast and then then we dove right in\u003c/li\u003e\n\u003cli\u003eEd Maste started us off, and then Glen Barber gave a presentation about lessons learned from the 11.1-RELEASE cycle, and comparing it to previous releases. 11.1 was released on time, and was one of the best releases so far. The slides are linked on the \u003ca href=\"https://wiki.freebsd.org/DevSummit/20170907\" rel=\"nofollow\"\u003eDevSummit wiki page\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThe group then jumped into hackmd.io a collaborative note taking application, and listed of various works in progress and upstreaming efforts. Then we listed wants and needs for the 12.0 release.\u003c/li\u003e\n\u003cli\u003eAfter lunch we broke into pairs of working groups, with additional space for smaller meetings. The first pair were, ZFS and Toolchain, followed by a break and then a discussion of IFLIB and network drivers in general. After another break, the last groups of the day met, pkgbase and secure boot.\u003c/li\u003e\n\u003cli\u003eThen it was time for the vBSDCon reception dinner. This standing dinner was a great way to meet new people, and for attendees to mingle and socialize.\u003c/li\u003e\n\u003cli\u003eThe official hacking lounge Thursday night was busy, and included some great storytelling, along with a bunch of work getting done.\u003c/li\u003e\n\u003cli\u003eIt was very encouraging to watch a struggling new developer getting help from a seasoned veteran. Watching the new developers eyes light up as the new information filled in gaps and they now understood so much more than just a few minutes before, and they raced off to continue working, was inspirational, and reminded me why these conferences are so important.\u003c/li\u003e\n\u003cli\u003eThe hacker lounge shut down relatively early by BSD conference standards, but, the conference proper started at 8:45 sharp the next morning, so it made sense.\u003c/li\u003e\n\u003cli\u003eFriday saw a string of good presentations, I think my favourite was Jonathan Anderson’s talk on Oblivious sandboxing. Jonathan is a very energetic speaker, and was able to keep everyone focused even during relatively complicated explanations.\u003c/li\u003e\n\u003cli\u003eFriday night I went for dinner at ‘Big Bowl’, a stir-fry bar, with a largish group of developers and users of both FreeBSD and OpenBSD. The discussions were interesting and varied, and the food was excellent. Benedict had dinner with JT and some other folks from iXsystems.\u003c/li\u003e\n\u003cli\u003eFriday night the hacker lounge was so large we took over a bigger room (it had better WiFi too).\u003c/li\u003e\n\u003cli\u003eSaturday featured more great talks. The talk I was most interested in was from Eric McCorkle, who did the EFI version of my GELIBoot work. I had reviewed some of the work, but it was interesting to hear the story of how it happened, and to see the parallels with my own story.\u003c/li\u003e\n\u003cli\u003eMy favourite speaker was Paul Vixie, who gave a very interesting talk about the gets() function in libc. gets() was declared unsafe before the FreeBSD project even started. The original import of the CSRG code into FreeBSD includes the compile time, and run-time warnings against using gets(). OpenBSD removed gets() in version 5.6, in 2014. Following Paul’s presentation, various patches were raised, to either cause use of gets() to crash the program, or to remove gets() entirely, causing such programs to fail to link.\u003c/li\u003e\n\u003cli\u003eThe last talk before the closing was Benedict’s \u003ca href=\"https://people.freebsd.org/%7Ebcr/talks/vBSDcon2017_Ansible.pdf\" rel=\"nofollow\"\u003eBSD Systems Management with Ansible\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eShortly after, Allan won a MacBook Pro by correctly guessing the number of components in a jar that was standing next to the registration desk (Benedict was way off, but had a good laugh about the unlikely future Apple user).\u003c/li\u003e\n\u003cli\u003eSaturday night ended with the Conference Social, and excellent dinner with more great conversations\u003c/li\u003e\n\u003cli\u003eOn Sunday morning, a number of us went to the Smithsonian Air and Space Museum site near the airport, and saw a Concorde, an SR-71, and the space shuttle Discovery, among many other exhibits.\u003c/li\u003e\n\u003cli\u003eCheck out the \u003ca href=\"https://t.co/KRmSNzUSus\" rel=\"nofollow\"\u003efull photo album by JT\u003c/a\u003e, our producer.\u003c/li\u003e\n\u003cli\u003eThanks to all the sponsors for vBSDcon and all the organizers from Verisign, who made it such a great event.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.sigsegv.be//blog/freebsd/FreeBSD-EN-17.08.pf\" rel=\"nofollow\"\u003eThe story behind FreeBSD-EN-17.08.pf\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter our previous deep dive on a bug in episode 209, Kristof Provost, the maintainer of pf on FreeBSD (he is going to hate me for saying that) has written the story behind a recent ERRATA notice for FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst things first, so I have to point out that I think Allan misremembered things. The heroic debugging story is PR 219251, which I\u0026#39;ll try to write about later. \u003cbr\u003e\nFreeBSD-EN-17:08.pf is an issue that affected some FreeBSD 11.x systems, where FreeBSD would panic at startup. There were no reports for CURRENT.\u003cbr\u003e\nThere\u0026#39;s very little to go on here, but we do know the cause of the panic (\u0026quot;integer divide fault\u0026quot;), and that the current process was \u0026quot;pf purge\u0026quot;. The pf purge thread is part of the pf housekeeping infrastructure. It\u0026#39;s a housekeeping kernel thread which cleans up things like old states and expired fragments.\u003cbr\u003e\nThe lack of mention of pf functions in the backtrace is a hint unto itself. It suggests that the error is probably directly in pf_purge_thread(). It might also be in one of the static functions it calls, because compilers often just inline those so they don\u0026#39;t generate stack frames. \u003cbr\u003e\nRemember that the problem is an \u0026quot;integer divide fault\u0026quot;. How can integer divisions be a problem? Well, you can try to divide by zero. The most obvious suspect for this is this code:\u003cbr\u003e\n  idx = pf_purge_expired_states(idx, pf_hashmask / (V_pf_default_rule.timeout[PFTM_INTERVAL] * 10));\u003cbr\u003e\nHowever, this variable is both correctly initialised (in pfattach_vnet()) and can only be modified through the DIOCSETTIMEOUT ioctl() call and that one checks for zero. \u003cbr\u003e\nAt that point I had no idea how this could happen, but because the problem did not affect CURRENT I looked at the commit history and found this commit from Luiz Otavio O Souza:\u003cbr\u003e\n  Do not run the pf purge thread while the VNET variables are not initialized, this can cause a divide by zero (if the VNET initialization takes to long to complete).\u003cbr\u003e\n  Obtained from:  pfSense\u003cbr\u003e\n  Sponsored by:   Rubicon Communications, LLC (Netgate)\u003cbr\u003e\nThat sounds very familiar, and indeed, applying the patch fixed the problem. Luiz explained it well: it\u0026#39;s possible to use V_pf_default_rule.timeout before it\u0026#39;s initialised, which caused this panic. \u003cbr\u003e\nTo me, this reaffirms the importance of writing good commit messages: because Luiz mentioned both the pf purge thread and the division by zero I was easily able to find the relevant commit. If I hadn\u0026#39;t found it this fix would have taken a lot longer. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext week we’ll look at the more interesting story I was interested in, which I managed to nag Kristof into writing\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://dtrace.org/blogs/bmc/2017/09/04/the-sudden-death-and-eternal-life-of-solaris/\" rel=\"nofollow\"\u003eThe sudden death and eternal life of Solaris\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA blog post from Bryan Cantrill about the death of Solaris\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs had been rumored for a while, Oracle effectively killed Solaris. When I first saw this, I had assumed that this was merely a deep cut, but in talking to Solaris engineers still at Oracle, it is clearly much more than that. It is a cut so deep as to be fatal: the core Solaris engineering organization lost on the order of 90% of its people, including essentially all management.\u003cbr\u003e\nOf note, among the engineers I have spoken with, I heard two things repeatedly: “this is the end” and (from those who managed to survive Friday) “I wish I had been laid off.” Gone is any of the optimism (however tepid) that I have heard over the years — and embarrassed apologies for Oracle’s behavior have been replaced with dismay about the clumsiness, ineptitude and callousness with which this final cut was handled. In particular, that employees who had given their careers to the company were told of their termination via a pre-recorded call — “robo-RIF’d” in the words of one employee — is both despicable and cowardly. To their credit, the engineers affected saw themselves as Sun to the end: they stayed to solve hard, interesting problems and out of allegiance to one another — not out of any loyalty to the broader Oracle. Oracle didn’t deserve them and now it doesn’t have them — they have been liberated, if in a depraved act of corporate violence.\u003cbr\u003e\nAssuming that this is indeed the end of Solaris (and it certainly looks that way), it offers a time for reflection. Certainly, the demise of Solaris is at one level not surprising, but on the other hand, its very suddenness highlights the degree to which proprietary software can suffer by the vicissitudes of corporate capriciousness. Vulnerable to executive whims, shareholder demands, and a fickle public, organizations can simply change direction by fiat. And because — in the words of the late, great Roger Faulkner — “it is easier to destroy than to create,” these changes in direction can have lasting effect when they mean stopping (or even suspending!) work on a project. Indeed, any engineer in any domain with sufficient longevity will have one (or many!) stories of exciting projects being cancelled by foolhardy and myopic management. For software, though, these cancellations can be particularly gutting because (in the proprietary world, anyway) so many of the details of software are carefully hidden from the users of the product — and much of the innovation of a cancelled software project will likely die with the project, living only in the oral tradition of the engineers who knew it. Worse, in the long run — to paraphrase Keynes — proprietary software projects are all dead. However ubiquitous at their height, this lonely fate awaits all proprietary software. \u003cbr\u003e\nThere is, of course, another way — and befitting its idiosyncratic life and death, Solaris shows us this path too: software can be open source. In stark contrast to proprietary software, open source does not — cannot, even — die. Yes, it can be disused or rusty or fusty, but as long as anyone is interested in it at all, it lives and breathes. Even should the interest wane to nothing, open source software survives still: its life as machine may be suspended, but it becomes as literature, waiting to be discovered by a future generation. That is, while proprietary software can die in an instant, open source software perpetually endures by its nature — and thrives by the strength of its communities. Just as the existence of proprietary software can be surprisingly brittle, open source communities can be crazily robust: they can survive neglect, derision, dissent — even sabotage.\u003cbr\u003e\nIn this regard, I speak from experience: from when Solaris was open sourced in 2005, the OpenSolaris community survived all of these things. By the time Oracle bought Sun five years later in 2010, the community had decided that it needed true independence — illumos was born. And, it turns out, illumos was born at exactly the right moment: shortly after illumos was announced, Oracle — in what remains to me a singularly loathsome and cowardly act — silently re-proprietarized Solaris on August 13, 2010. We in illumos were indisputably on our own, and while many outsiders gave us no chance of survival, we ourselves had reason for confidence: after all, open source communities are robust because they are often united not only by circumstance, but by values, and in our case, we as a community never lost our belief in ZFS, Zones, DTrace and myriad other technologies like MDB, FMA and Crossbow.\u003cbr\u003e\nIndeed, since 2010, illumos has thrived; illumos is not only the repository of record for technologies that have become cross-platform like OpenZFS, but we have also advanced our core technologies considerably, while still maintaining highest standards of quality. Learning some of the mistakes of OpenSolaris, we have a model that allows for downstream innovation, experimentation and differentiation. For example, Joyent’s SmartOS has always been focused on our need for a cloud hypervisor (causing us to develop big features like hardware virtualization and Linux binary compatibility), and it is now at the heart of a massive buildout for Samsung (who acquired Joyent a little over a year ago). For us at Joyent, the Solaris/illumos/SmartOS saga has been formative in that we have seen both the ill effects of proprietary software and the amazing resilience of open source software — and it very much informed our decision to open source our entire stack in 2014.\u003cbr\u003e\nJudging merely by its tombstone, the life of Solaris can be viewed as tragic: born out of wedlock between Sun and AT\u0026amp;T and dying at the hands of a remorseless corporate sociopath a quarter century later. And even that may be overstating its longevity: Solaris may not have been truly born until it was made open source, and — certainly to me, anyway — it died the moment it was again made proprietary. But in that shorter life, Solaris achieved the singular: immortality for its revolutionary technologies. So while we can mourn the loss of the proprietary embodiment of Solaris (and we can certainly lament the coarse way in which its technologists were treated!), we can rejoice in the eternal life of its technologies — in illumos and beyond!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2017/09/01/thinkpad_x1c\" rel=\"nofollow\"\u003eOpenBSD on the Lenovo Thinkpad X1 Carbon (5th Gen)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJoshua Stein writes about his experiences running OpenBSD on the 5th generation Lenovo Thinkpad X1 Carbon:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThinkPads have sort of a cult following among OpenBSD developers and users because the hardware is basic and well supported, and the keyboards are great to type on. While no stranger to ThinkPads myself, most of my OpenBSD laptops in recent years have been from various vendors with brand new hardware components that OpenBSD does not yet support. As satisfying as it is to write new kernel drivers or extend existing ones to make that hardware work, it usually leaves me with a laptop that doesn\u0026#39;t work very well for a period of months.\u003cbr\u003e\nAfter exhausting efforts trying to debug the I2C touchpad interrupts on the Huawei MateBook X (and other 100-Series Intel chipset laptops), I decided to take a break and use something with better OpenBSD support out of the box: the fifth generation Lenovo ThinkPad X1 Carbon.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHardware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLike most ThinkPads, the X1 Carbon is available in a myriad of different internal configurations. I went with the non-vPro Core i7-7500U (it was the same price as the Core i5 that I normally opt for), 16Gb of RAM, a 256Gb NVMe SSD, and a WQHD display.\u003cbr\u003e\nThis generation of X1 Carbon finally brings a thinner screen bezel, allowing the entire footprint of the laptop to be smaller which is welcome on something with a 14\u0026quot; screen. The X1 now measures 12.7\u0026quot; wide, 8.5\u0026quot; deep, and 0.6\u0026quot; thick, and weighs just 2.6 pounds. While not available at initial launch, Lenovo is now offering a WQHD IPS screen option giving a resolution of 2560x1440. Perhaps more importantly, this display also has much better brightness than the FHD version, something ThinkPads have always struggled with.\u003cbr\u003e\nOn the left side of the laptop are two USB-C ports, a USB-A port, a full-size HDMI port, and a port for the ethernet dongle which, despite some reviews stating otherwise, is not included with the laptop. On the right side is another USB-A port and a headphone jack, along with a fan exhaust grille. On the back is a tray for the micro-SIM card for the optional WWAN device, which also covers the Realtek microSD card reader. The tray requires a paperclip to eject which makes it inconvenient to remove, so I think this microSD card slot is designed to house a card semi-permanently as a backup disk or something.\u003cbr\u003e\nOn the bottom are the two speakers towards the front and an exhaust grille near the center. The four rubber feet are rather plastic feeling, which allows the laptop to slide around on a desk a bit too much for my liking. I wish they were a bit softer to be stickier.\u003cbr\u003e\nCharging can be done via either of the two USB-C ports on the left, though I wish more vendors would do as Google did on the Chromebook Pixel and provide a port on both sides. This makes it much more convenient to charge when not at one\u0026#39;s desk, rather than having to route a cable around to one specific side. The X1 Carbon includes a 65W USB-C PD with a fixed USB-C cable and removable country-specific power cable, which is not very convenient due to its large footprint. I am using an Apple 61W USB-C charger and an Anker cable which charge the X1 fine (unlike HP laptops which only work with HP USB-C chargers).\u003cbr\u003e\nWireless connectivity is provided by a removable Intel 8265 802.11a/b/g/n/ac WiFi and Bluetooth 4.1 card. An Intel I219-V chip provides ethernet connectivity and requires an external dongle for the physical cable connection.\u003cbr\u003e\nThe screen hinge is rather tight, making it difficult to open with one hand. The tradeoff is that the screen does not wobble in the least bit when typing.\u003cbr\u003e\nThe fan is silent at idle, and there is no coil whine even under heavy load. During a make -j4 build, the fan noise is reasonable and medium-pitched, rather than a high-pitched whine like on some laptops. The palm rest and keyboard area remain cool during high CPU utilization.\u003cbr\u003e\nThe full-sized keyboard is backlit and offers two levels of adjustment. The keys have a soft surface and a somewhat clicky feel, providing very quiet typing except for certain keys like Enter, Backspace, and Escape. The keyboard has a reported key travel of 1.5mm and there are dedicated Page Up and Page Down keys above the Left and Right arrow keys. Dedicated Home, End, Insert, and Delete keys are along the top row. The Fn key is placed to the left of Control, which some people hate (although Lenovo does provide a BIOS option to swap it), but it\u0026#39;s in the same position on Apple keyboards so I\u0026#39;m used to it. However, since there are dedicated Page Up, Page Down, Home, and End keys, I don\u0026#39;t really have a use for the Fn key anyway.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirmware\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe X1 Carbon has a very detailed BIOS/firmware menu which can be entered with the F1 key at boot. F12 can be used to temporarily select a different boot device.\u003cbr\u003e\nA neat feature of the Lenovo BIOS is that it supports showing a custom boot logo instead of the big red Lenovo logo. From Windows, download the latest BIOS Update Utility for the X1 Carbon (my model was 20HR). Run it and it\u0026#39;ll extract everything to C:\\drivers\\flash(some random string). Drop a logo.gif file in that directory and run winuptp.exe. If a logo file is present, it\u0026#39;ll ask whether to use it and then write the new BIOS to its staging area, then reboot to actually flash it.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD support\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eSecure Boot has to be disabled in the BIOS menu, and the \u0026quot;CSM Support\u0026quot; option must be enabled, even when \u0026quot;UEFI/Legacy Boot\u0026quot; is left on \u0026quot;UEFI Only\u0026quot;. Otherwise the screen will just go black after the OpenBSD kernel loads into memory.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBased on this component list, it seems like everything but the fingerprint sensor works fine on OpenBSD.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.linuxsecrets.com/en/entry/51-freebsd/2017/09/04/2942-configure-5-freebsd-x-environments\" rel=\"nofollow\"\u003eConfiguring 5 different desktop environments on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis fairly quick tutorial over at LinuxSecrets.com is a great start if you are new to FreeBSD, especially if you are coming from Linux and miss your favourite desktop environment\u003c/li\u003e\n\u003cli\u003eIt just goes to show how easy it is to build the desktop you want on modern FreeBSD\u003c/li\u003e\n\u003cli\u003eThe tutorial covers: GNOME, KDE, Xfce, Mate, and Cinnamon\u003c/li\u003e\n\u003cli\u003eThe instructions for each boil down to some variation of:\u003c/li\u003e\n\u003cli\u003eInstall the desktop environment and a login manager if it is not included:\n\u0026gt; sudo pkg install gnome3\u003c/li\u003e\n\u003cli\u003eEnable the login manager, and usually dbus and hald:\n\u0026gt; sudo sysrc dbus_enable=\u0026quot;YES\u0026quot; hald_enable=\u0026quot;YES\u0026quot; gdm_enable=\u0026quot;YES\u0026quot; gnome_enable=\u0026quot;YES\u0026quot;?\u003c/li\u003e\n\u003cli\u003eIf using a generic login manager, add the DE startup command to your .xinitrc:\n\u0026gt; echo \u0026quot;exec cinnamon\u0026quot; \u0026gt; ~/.xinitrc \u003c/li\u003e\n\u003cli\u003eAnd that is about it. \u003c/li\u003e\n\u003cli\u003eThe tutorial goes into more detail on other configuration you can do to get your desktop just the way you like it.\u003c/li\u003e\n\u003cli\u003eTo install Lumina:\n\u0026gt; sudo pkg install lumina pcbsd-utils-qt5\u003c/li\u003e\n\u003cli\u003eThis will install Lumina and the pcbsd utilities package which includes pcdm, the login manager. In the near future we hear the login manager and some of the other utilities will be split into separate packages, making it easier to use them on vanilla FreeBSD.\n\u0026gt; sudo sysrc pcdm_enable=”YES” dbus_enable=\u0026quot;YES\u0026quot; hald_enable=\u0026quot;YES\u0026quot; \u003c/li\u003e\n\u003cli\u003eReboot, and you should be greeted with the graphical login screen\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lwn.net/Articles/732201/\" rel=\"nofollow\"\u003eA return-oriented programming defense from OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe talked a bit about RETGUARD last week, presenting Theo’s email announcing the new feature\u003c/li\u003e\n\u003cli\u003eLinux Weekly News has a nice breakdown on just how it works\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eStack-smashing attacks have a long history; they featured, for example, as a core part of the Morris worm back in 1988. Restrictions on executing code on the stack have, to a great extent, put an end to such simple attacks, but that does not mean that stack-smashing attacks are no longer a threat. Return-oriented programming (ROP) has become a common technique for compromising systems via a stack-smashing vulnerability. There are various schemes out there for defeating ROP attacks, but a mechanism called \u0026quot;RETGUARD\u0026quot; that is being implemented in OpenBSD is notable for its relative simplicity.\u003cbr\u003e\nIn a classic stack-smashing attack, the attack code would be written directly to the stack and executed there. Most modern systems do not allow execution of on-stack code, though, so this kind of attack will be ineffective. The stack does affect code execution, though, in that the call chain is stored there; when a function executes a \u0026quot;return\u0026quot; instruction, the address to return to is taken from the stack. An attacker who can overwrite the stack can, thus, force a function to \u0026quot;return\u0026quot; to an arbitrary location.\u003cbr\u003e\nThat alone can be enough to carry out some types of attacks, but ROP adds another level of sophistication. A search through a body of binary code will turn up a great many short sequences of instructions ending in a return instruction. These sequences are termed \u0026quot;gadgets\u0026quot;; a large program contains enough gadgets to carry out almost any desired task — if they can be strung together into a chain. ROP works by locating these gadgets, then building a series of stack frames so that each gadget \u0026quot;returns\u0026quot; to the next.\u003cbr\u003e\nThere is, of course, a significant limitation here: a ROP chain made up of exclusively polymorphic gadgets will still work, since those gadgets were not (intentionally) created by the compiler and do not contain the return-address-mangling code. De Raadt acknowledged this limitation, but said: \u0026quot;we believe once standard-RET is solved those concerns become easier to address separately in the future. In any case a substantial reduction of gadgets is powerful\u0026quot;.\u003cbr\u003e\nUsing the compiler to insert the hardening code greatly eases the task of applying RETGUARD to both the OpenBSD kernel and its user-space code. At least, that is true for code written in a high-level language. Any code written in assembly must be changed by hand, though, which is a fair amount of work. De Raadt and company have done that work; he reports that: \u0026quot;We are at the point where userland and base are fully working without regressions, and the remaining impacts are in a few larger ports which directly access the return address (for a variety of reasons)\u0026quot;. It can be expected that, once these final issues are dealt with, OpenBSD will ship with this hardening enabled.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article wonders about applying the same to Linux, but notes it would be difficult because the Linux kernel cannot currently be compiled using LLVM\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf any benchmarks have been run to determine the cost of using RETGUARD, they have not been publicly posted. The extra code will make the kernel a little bigger, and the extra overhead on every function is likely to add up in the end. But if this technique can make the kernel that much harder to exploit, it may well justify the extra execution overhead that it brings with it. All that\u0026#39;s needed is somebody to actually do the work and try it out.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLeF8ZihVdpFfVEsCxNWGDmcATJfRZacHv\" rel=\"nofollow\"\u003eVideos from BSDCan have started to appear!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=KuHepyI0_KY\" rel=\"nofollow\"\u003eHenning Brauer: tcp synfloods - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=1DM5SwoXWSU\" rel=\"nofollow\"\u003eBenno Rice: The Trouble with FreeBSD - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=SCLfKWaUGa8\" rel=\"nofollow\"\u003eLi-Wen Hsu: Continuous Integration of The FreeBSD Project - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=gkYjvrFvPJ0\" rel=\"nofollow\"\u003eAndrew Turner: GENERIC ARM - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=sYmW_H6FrWo\" rel=\"nofollow\"\u003eBjoern A. Zeeb: From the outside - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=Zf9tDJhoVbA\" rel=\"nofollow\"\u003eRodney W. Grimes: FreeBSD as a Service - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=Os9L_sOiTH0\" rel=\"nofollow\"\u003eReyk Floeter: The OpenBSD virtual machine daemon - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=NMUf6VGK2fI\" rel=\"nofollow\"\u003eBrian Kidney: The Realities of DTrace on FreeBSD - BSDCan 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe rest will continue to trickle out, likely not until after EuroBSDCon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://meshedinsights.com/2017/09/03/oracle-finally-killed-sun/\" rel=\"nofollow\"\u003eOracle has killed sun\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://nanxiao.me/en/configure-thunderbird-to-send-patch-friendly/\" rel=\"nofollow\"\u003eConfigure Thunderbird to send patch friendly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/newsflash.html#event20170909:01\" rel=\"nofollow\"\u003eFreeBSD 10.4-BETA4 Available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.facebook.com/ixsystems/posts/10155403417921508\" rel=\"nofollow\"\u003eiXsystems looking to hire kernel and zfs developers (especially Sun/Oracle Refugees)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://unitedbsd.com/\" rel=\"nofollow\"\u003eSpeaking of job postings, UnitedBSD.com has few job postings related to BSD\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eCall for papers\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/usenix-fast-18-call-for-papers/\" rel=\"nofollow\"\u003eUSENIX FAST ‘18 - February 12-15, 2018, Due: September 28 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/scale-16x-call-for-participation/\" rel=\"nofollow\"\u003eScale 16x - March 8-11, 2018, Due: October 31, 2017 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/fosdem-18-call-for-participation/\" rel=\"nofollow\"\u003eFOSDEM ‘18 - February 3-4, 2018, Due: November 3 2017 \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/340KRHG\" rel=\"nofollow\"\u003eJason asks about cheap router hardware\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2J7DQQ6\" rel=\"nofollow\"\u003ePrashant asks about latest kernels with freebsd-update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1H5SZ81\" rel=\"nofollow\"\u003eMatt wants know about VM Performance \u0026amp; CPU Steal Time\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0X770SY\" rel=\"nofollow\"\u003eJohn has config questions regarding Dell precision 7720, FreeBSD, NVME, and ZFS\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We recap vBSDcon, give you the story behind a PF EN, reminisce in Solaris memories, and show you how to configure different DEs on FreeBSD.","date_published":"2017-09-20T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/79738da3-b250-4193-a0fe-9184876562bf.mp3","mime_type":"audio/mpeg","size_in_bytes":72690196,"duration_in_seconds":6057}]},{"id":"ad97fd5d-79ef-479e-bdc4-e4510ca8e241","title":"211: It's HAMMER2 Time!","url":"https://www.bsdnow.tv/211","content_text":"We explore whether a BSD can replicate Cisco router performance; RETGUARD, OpenBSDs new exploit mitigation technology, Dragonfly’s HAMMER2 filesystem implementation \u0026amp; more!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nCan a BSD system replicate the performance of a Cisco router?\n\n\nShort Answer: No, but it might be good enough for what you need\n\n\n\nTraditionally routers were built with a tightly coupled data plane and control plane. Back in the 80s and 90s the data plane was running in software on commodity CPUs with proprietary software. As the needs and desires for more speeds and feeds grew, the data plane had to be implemented in ASICs and FPGAs with custom memories and TCAMs. While these were still programmable in a sense, they certainly weren't programmable by anyone but a small handful of people who developed the hardware platform. The data plane was often layered, where features not handled by the hardware data plane were punted to a software only data path running on a more general CPU. The performance difference between the two were typically an order or two of magnitude. source\n\nExcept for encryption (e.g. IPsec) or IDS/IPS, the true measure of router performance is packets forwarded per unit time. This is normally expressed as Packets-per-second, or PPS. To 'line-rate' forward on a 1gbps interface, you must be able to forward packets at 1.488 million pps (Mpps). To forward at \"line-rate\" between 10Gbps interfaces, you must be able to forward at 14.88Mpps.\nEven on large hardware, kernel-forwarding is limited to speeds that top out below 2Mpps. George Neville-Neil and I did a couple papers on this back in 2014/2015. You can read the papers for the results.\n\nHowever, once you export the code from the kernel, things start to improve. There are a few open source code bases that show the potential of kernel-bypass networking for building a software-based router. The first of these is netmap-fwd which is the FreeBSD ip_forward() code hosted on top of netmap, a kernel-bypass technology present in FreeBSD (and available for linux). Full-disclosure, netmap-fwd was done at my company, Netgate. netmap-fwd will l3 forward around 5 Mpps per core. slides\n\nThe first of these is netmap-fwd which is the FreeBSD ip_forward() code hosted on top of netmap, a kernel-bypass technology present in FreeBSD (and available for linux). Full-disclosure, netmap-fwd was done at my company, Netgate. (And by \"my company\" I mean that I co-own it with my spouse.). netmap-fwd will l3 forward around 5 Mpps per core. slides\n\nNanako Momiyama of the Keio Univ Tokuda Lab presented on IP Forwarding Fastpath at BSDCan this past May. She got about 5.6Mpps (roughly 10% faster than netmap-fwd) using a similar approach where the ip_foward() function was rewritten as a module for VALE (the netmap-based in-kernel switch). Slides from her previous talk at EuroBSDCon 2016 are available. (Speed at the time was 2.8Mpps.). Also a paper from that effort, if you want to read it. Of note: They were showing around 1.6Mpps even after replacing the in-kernel routing lookup algorithm with DXR. (DXR was written by Luigi Rizzo, who is also the primary author of netmap.)\n\nNot too long after netmap-fwd was open sourced, Ghandi announced packet-journey, an application based on drivers and libraries and from DPDK. Packet-journey is also an L3 router. The GitHub page for packet-journey lists performance as 21,773.47 mbps (so 21.77Gbps) for 64-byte UDP frames with 50 ACLs and 500,000 routes. Since they're using 64-byte frames, this translates to roughly 32.4Mpps.\nFinally, there is recent work in FreeBSD (which is part of 11.1-RELEASE) that gets performance up to 2x the level of netmap-fwd or the work by Nanako Momiyama. 10 million PPS: Here is a decent introduction.\n\n\n\nBut of course, even as FreeBSD gets up to being able to do 10gbps at line-rate, 40 and 100 gigabits are not uncommon now\n\n\n\nEven with the fastest modern CPUs, this is very little time to do any kind of meaningful packet processing. At 10Gbps, your total budget per packet, to receive (Rx) the packet, process the packet, and transmit (Tx) the packet is 67.2 ns. Complicating the task is the simple fact that main memory (RAM) is 70 ns away. The simple conclusion here is that, even at 10Gbps, if you have to hit RAM, you can't generate the PPS required for line-rate forwarding.\n\n\n\nThere is some detail about design tradeoffs in the Ryzen architecture and how that might impact using those machines as routers\n\n\n\nAnyway... those are all interesting, but the natural winner here is FD.io's Vector Packet Processing (VPP). Read this\nVPP is an efficient, flexible open source data plane. It consists of a set of forwarding nodes arranged in a directed graph and a supporting framework. The framework has all the basic data structures, timers, drivers (and interfaces to both DPDK and netmap), a scheduler which allocates the CPU time between the graph nodes, performance and debugging tools, like counters and built-in packet trace. The latter allows you to capture the paths taken by the packets within the graph with high timestamp granularity, giving full insight into the processing on a per-packet level.\nThe net result here is that Cisco (again, Cisco) has shown the ability to route packets at 1 Tb/s using VPP on a four socket Purley system\n\n\n\nThere is also much discussion of the future of pfSense, as they transition to using VPP\nThis is a very lengthy write up which deserves a full read, plus there are some comments from other people\n***\n\n\nRETGUARD, the OpenBSD next level in exploit mitigation, is about to debut\n\n\nThis year I went to BSDCAN in Ottawa.  I spent much of it in the 'hallway track', and had an extended conversation with various people regarding our existing security mitigations and hopes for new ones in the future.  I spoke a lot with Todd Mortimer.  Apparently I told him that I felt return-address protection was impossible, so a few weeks later he sent a clang diff to address that issue...\nThe first diff is for amd64 and i386 only -- in theory RISC architectures can follow this approach soon.\nThe mechanism is like a userland 'stackghost' in the function prologue and epilogue.  The preamble XOR's the return address at top of stack with the stack pointer value itself.  This perturbs by introducing bits from ASLR.  The function epilogue undoes the transform immediately before the RET instruction.  ROP attack methods are impacted because existing gadgets are transformed to consist of \"  RET\".  That pivots the return sequence off the ROP chain in a highly unpredictable and inconvenient fashion.\nThe compiler diff handles this for all the C code, but the assembly functions have to be done by hand.  I did this work first for amd64, and more recently for i386.  I've fixed most of the functions and only a handful of complex ones remain.\nFor those who know about polymorphism and pop/jmp or JOP, we believe once standard-RET is solved those concerns become easier to address seperately in the future.  In any case a substantial reduction of gadgets is powerful.\nFor those worried about introducing worse polymorphism with these \"xor; ret\" epilogues themselves, the nested gadgets for 64bit and 32bit variations are +1 \"xor %esp,(%rsp); ret\", +2 \"and $0x24,%al; ret\" and +3 \"and $0xc3,%al; int3\".  Not bad.\nOver the last two weeks, we have received help and advice to ensure debuggers (gdb, egdb, ddb, lldb) can still handle these transformed callframes.  Also in the kernel, we discovered we must use a smaller XOR, because otherwise userland addresses are generated, and cannot rely on SMEP as it is really new feature of the architecture.  There were also issues with pthreads and dlsym, which leads to a series of uplifts around __builtin_return_address and DWARF CFI.\nApplication of this diff doesn't require anything special, a system can simply be built twice.  Or shortcut by building \u0026amp; installing gnu/usr.bin/clang first, then a full build.\nWe are at the point where userland and base are fully working without regressions, and the remaining impacts are in a few larger ports which directly access the return address (for a variety of reasons).\nSo work needs to continue with handling the RET-addr swizzle in those ports, and then we can move forward.\n\n\n\nYou can find the full message with the diff here\n***\n\n\nInterview - Ed Maste, Charlie \u0026amp; Siva - @ed_maste, @yzgyyang \u0026amp; @svmhdvn\n\n\nCo-op Students for the FreeBSD Foundation\n***\n\n\nNews Roundup\n\nNext DFly release will have an initial HAMMER2 implementation\n\n\nThe next DragonFly release (probably in September some time) will have an initial HAMMER2 implementation.  It WILL be considered experimental and won't be an installer option yet.  This initial release will only have single-image support operational plus basic features.  It will have live dedup (for cp's), compression, fast recovery, snapshot, and boot support out of the gate.\nThis first H2 release will not have clustering or multi-volume support, so don't expect those features to work.  I may be able to get bulk dedup and basic mirroring operational by release time, but it won't be very efficient.  Also, right now, sync operations are fairly expensive and will stall modifying operations to some degree during the flush, and there is no reblocking (yet).  The allocator has a 16KB granularity (on HAMMER1 it was 2MB), so for testing purposes it will still work fairly well even without reblocking.\nThe design is in a good place.  I'm quite happy with how the physical layout turned out.  Allocations down to 1KB are supported.  The freemap has a 16KB granularity with a linear counter (one counter per 512KB) for packing smaller allocations.  INodes are 1KB and can directly embed 512 bytes of file data for files \u0026lt;= 512 bytes, or have four top-level blockrefs for files \u0026gt; 512 bytes.  The freemap is also zoned by type for I/O locality.\nThe blockrefs are 'fat' at 128 bytes but enormously powerful.  That will allow us to ultimately support up to a 512-bit crypto hash and blind dedup using said hash.  Not on release, but that's the plan.\nI came up with an excellent solution for directory entries.  The 1KB allocation granularity was a bit high but I didn't want to reduce it. However, because blockrefs are now 128 byte entities, and directory entries are hashed just like in H1, I was able to code them such that a directory entry is embedded in the blockref itself and does not require a separate data reference or allocation beyond that.  Filenames up to 64 bytes long can be accomodated in the blockref using the check-code area of the blockref.  Longer filenames will use an additional data reference hanging off the blockref to accomodate up to 255 char filenames.  Of course, a minimum of 1KB will have to be allocated in that case, but filenames are \u0026lt;= 64 bytes in the vast majority of use cases so it just isn't an issue.\nThis gives directory entries optimal packing and indexing and is a huge win in terms of performance since blockrefs are arrayed in 16KB and 64KB blocks.  In addition, since inodes can embed up to four blockrefs, the directory entries for 'small' directories with \u0026lt;= 4 entries ('.' and '..' don't count) can actually be embedded in the directory inode itself.\nSo, generally speaking, the physical layout is in a very happy place.  The basics are solid on my test boxes so it's now a matter of implementing as many of the more sophisticated features as I can before release, and continuing to work on the rest after the release.\n\n\n\n\nRemoving Some Code\n\n\nThis is another update on our effort to re-license the OpenSSL software. Our previous post in March was about the launch of our effort to reach all contributors, with the hope that they would support this change.\nSo far, about 40% of the people have responded. For a project that is as old as OpenSSL (including its predecessor, SSLeay, it’s around 20 years) that’s not bad. We’ll be continuing our efforts over the next couple of months to contact everyone.\nOf those people responding, the vast majority have been in favor of the license change – less then a dozen objected. This post describes what we’re doing about those and how we came to our conclusions. The goal is to be very transparent and open with our processes.\nFirst, we want to mention that we respect their decision. While it is inconvenient to us, we acknowledge their rights to keep their code under the terms that they originally agreed to. We are asking permission to change the license terms, and it is fully within their rights to say no.\nThe license website is driven by scripts that are freely available in the license section of our tools repository on GitHub. When we started, we imported every single git commit, looked for anything that resembled an email address, and created tables for each commit, each user we found, and a log that connects users to commits. This did find false positives: sometimes email Message-ID’s showed up, and there were often mentions of folks just as a passing side-comment, or because they were in the context diff. (That script is also in the tools repository, of course.)\nThe user table also has columns to record approval or rejection of the license change, and comments. Most of the comments have been supportive, and (a bit surprisingly) only one or two were obscene.\nThe whattoremove script finds the users who refused, and all commits they were named in. We then examined each commit – there were 86 in all – and filtered out those that were cherry-picks to other releases. We are planning on only changing the license for the master branch, so the other releases branches aren’t applicable. There were also some obvious false positives. At the end of this step, we had 43 commits to review.\nWe then re-read every single commit, looking for what we could safely ignore as not relevant. We found the following:\nNine of them showed up only because the person was mentioned in a comment.\nSixteen of them were changes to the OpenBSD configuration data. The OpenSSL team had completely rewritten this, refactoring all BSD configurations into a common hierarchy, and the config stuff changed a great deal for 1.1.0.\nSeven were not copyrightable as because they were minimal changes (e.g., fixing a typo in a comment).\nOne was a false positive.\nThis left us with 10 commits. Two of them them were about the CryptoDev engine. We are removing that engine, as can be seen in this PR, but we expect to have a replacement soon (for at least Linux and FreeBSD). As for the other commits, we are removing that code, as can be seen in this first PR. and this second PR. Fortunately, none of them are particularly complex.\nCopyright, however, is a complex thing – at times it makes debugging look simple. If there is only one way to write something, then that content isn’t copyrightable. If the work is very small, such as a one-line patch, then it isn’t copyrightable. We aren’t lawyers, and have no wish to become such, but those viewpoints are valid. It is not official legal advice, however.\nFor the next step, we hope that we will be able to “put back” the code that we removed. We are looking to the community for help, and encourage you to create the appropriate GitHub pull requests. We ask the community to look at that second PR and provide fixes.\nAnd finally, we ask everyone to look at the list of authors and see if their name, or the name of anyone they know, is listed. If so please email us.\n\n\n\n\nderaadt@ moves us to 6.2-beta!\n\n\nTheo has just committed the diff that marks the end of the development cycle and the beginning of the testing phase for the upcoming 6.2 release:\n\n\n`\nCVSROOT:        /cvs\nModule name:    src\nChanges by:     deraadt@cvs.openbsd.org 2017/08/20 10:56:43                                               \n\nModified files:\n        etc/root       : root.mail\n        share/mk       : sys.mk\n        sys/arch/macppc/stand/tbxidata: bsd.tbxi\n        sys/conf       : newvers.sh\n        sys/sys        : param.h\nLog message:\ncrank to 6.2-beta\n`\n\n\nYou all know what this means: get to testing! Find whatever hardware you have and install the latest snapshots, stress the upgrade procedure, play your favorite games, build your own code - whatever you use OpenBSD for, try it in the new snaps and report any problems you find. Your testing efforts will help make sure 6.2 is another great release!\n\n\n\n\nBeastie Bits\n\n\n64 Hijacked ARMs\nSmartisan Makes Another Iridium Donation to the OpenBSD Foundation\nAndrey A. Chernov (ache), long-time FreeBSD core team member and dev, has passed away\nOpenBSD hacker Mickey Shalayeff has passed away\nFreeBSD 10.4-BETA1 Available\nvmadm in action, from getting a dataset to running a jail w/ vnet networking in just a few commands\nInterview with Patrick Wildt (from t2k17 OpenBSD Hackathon)\n***\n\n\nFeedback/Questions\n\n\nSeth - Switching to tarsnap\nJohnny - memcmp\nThomas - Drives and NAS\nBen - Nvidia\nDavid - ZFS performance variations over nfs\n***\n","content_html":"\u003cp\u003eWe explore whether a BSD can replicate Cisco router performance; RETGUARD, OpenBSDs new exploit mitigation technology, Dragonfly’s HAMMER2 filesystem implementation \u0026amp; more!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/networking/comments/6upchy/can_a_bsd_system_replicate_the_performance_of/\" rel=\"nofollow\"\u003eCan a BSD system replicate the performance of a Cisco router?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eShort Answer: No, but it might be good enough for what you need\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTraditionally routers were built with a tightly coupled data plane and control plane. Back in the 80s and 90s the data plane was running in software on commodity CPUs with proprietary software. As the needs and desires for more speeds and feeds grew, the data plane had to be implemented in ASICs and FPGAs with custom memories and TCAMs. While these were still programmable in a sense, they certainly weren\u0026#39;t programmable by anyone but a small handful of people who developed the hardware platform. The data plane was often layered, where features not handled by the hardware data plane were punted to a software only data path running on a more general CPU. The performance difference between the two were typically an order or two of magnitude. \u003ca href=\"https://fd.io/wp-content/uploads/sites/34/2017/07/FDioVPPwhitepaperJuly2017.pdf\" rel=\"nofollow\"\u003esource\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eExcept for encryption (e.g. IPsec) or IDS/IPS, the true measure of router performance is packets forwarded per unit time. This is normally expressed as Packets-per-second, or PPS. To \u0026#39;line-rate\u0026#39; forward on a 1gbps interface, you must be able to forward packets at 1.488 million pps (Mpps). To forward at \u0026quot;line-rate\u0026quot; between 10Gbps interfaces, you must be able to forward at 14.88Mpps.\u003cbr\u003e\nEven on large hardware, kernel-forwarding is limited to speeds that top out below 2Mpps. George Neville-Neil and I did a couple papers on this back in 2014/2015. You can read \u003ca href=\"https://github.com/freebsd-net/netperf/blob/master/Documentation/Papers/ABSDCon2015Paper.pdf\" rel=\"nofollow\"\u003ethe papers\u003c/a\u003e for the results.\u003c/p\u003e\n\n\u003cp\u003eHowever, once you export the code from the kernel, things start to improve. There are a few open source code bases that show the potential of kernel-bypass networking for building a software-based router. The first of these is netmap-fwd which is the FreeBSD ip_forward() code hosted on top of netmap, a kernel-bypass technology present in FreeBSD (and available for linux). Full-disclosure, netmap-fwd was done at my company, Netgate. netmap-fwd will l3 forward around 5 Mpps per core. \u003ca href=\"https://github.com/Netgate/netmap-fwd/blob/master/netmap-fwd.pdf\" rel=\"nofollow\"\u003eslides\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eThe first of these is \u003ca href=\"https://github.com/Netgate/netmap-fwd\" rel=\"nofollow\"\u003enetmap-fwd\u003c/a\u003e which is the FreeBSD ip_forward() code hosted on top of \u003ca href=\"https://github.com/luigirizzo/netmap\" rel=\"nofollow\"\u003enetmap\u003c/a\u003e, a kernel-bypass technology present in FreeBSD (and available for linux). Full-disclosure, netmap-fwd was done at my company, Netgate. (And by \u0026quot;my company\u0026quot; I mean that I co-own it with my spouse.). netmap-fwd will l3 forward around 5 Mpps per core. \u003ca href=\"https://github.com/Netgate/netmap-fwd/blob/master/netmap-fwd.pdf\" rel=\"nofollow\"\u003eslides\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eNanako Momiyama of the Keio Univ Tokuda Lab presented on \u003ca href=\"https://www.bsdcan.org/2017/schedule/events/823.en.html\" rel=\"nofollow\"\u003eIP Forwarding Fastpath\u003c/a\u003e at BSDCan this past May. She got about 5.6Mpps (roughly 10% faster than netmap-fwd) using a similar approach where the ip_foward() function was rewritten as a module for VALE (the netmap-based in-kernel switch). \u003ca href=\"https://2016.eurobsdcon.org/PresentationSlides/NanakoMomiyama_TowardsFastIPForwarding.pdf\" rel=\"nofollow\"\u003eSlides\u003c/a\u003e from her previous talk at EuroBSDCon 2016 are available. (Speed at the time was 2.8Mpps.). Also a \u003ca href=\"https://www.ht.sfc.keio.ac.jp/%7Enanako/conext17-sw.pdf\" rel=\"nofollow\"\u003epaper\u003c/a\u003e from that effort, if you want to read it. Of note: They were showing around 1.6Mpps even after replacing the in-kernel routing lookup algorithm with DXR. (DXR was written by Luigi Rizzo, who is also the primary author of netmap.)\u003c/p\u003e\n\n\u003cp\u003eNot too long after netmap-fwd was open sourced, Ghandi announced packet-journey, an application based on drivers and libraries and from DPDK. Packet-journey is also an L3 router. The GitHub page for packet-journey lists performance as 21,773.47 mbps (so 21.77Gbps) for 64-byte UDP frames with 50 ACLs and 500,000 routes. Since they\u0026#39;re using 64-byte frames, this translates to roughly 32.4Mpps.\u003cbr\u003e\nFinally, there is recent work in FreeBSD (which is part of 11.1-RELEASE) that gets performance up to 2x the level of netmap-fwd or the work by Nanako Momiyama. 10 million PPS: \u003ca href=\"http://blog.cochard.me/2015/09/receipt-for-building-10mpps-freebsd.html\" rel=\"nofollow\"\u003eHere\u003c/a\u003e is a decent introduction.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBut of course, even as FreeBSD gets up to being able to do 10gbps at line-rate, 40 and 100 gigabits are not uncommon now\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEven with the fastest modern CPUs, this is very little time to do any kind of meaningful packet processing. At 10Gbps, your total budget per packet, to receive (Rx) the packet, process the packet, and transmit (Tx) the packet is 67.2 ns. Complicating the task is the simple fact that main memory (RAM) is 70 ns away. The simple conclusion here is that, even at 10Gbps, if you have to hit RAM, you can\u0026#39;t generate the PPS required for line-rate forwarding.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is some detail about design tradeoffs in the Ryzen architecture and how that might impact using those machines as routers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnyway... those are all interesting, but the natural winner here is FD.io\u0026#39;s Vector Packet Processing (VPP). \u003ca href=\"http://blogs.cisco.com/sp/a-bigger-helping-of-internet-please\" rel=\"nofollow\"\u003eRead this\u003c/a\u003e\u003cbr\u003e\nVPP is an efficient, flexible open source data plane. It consists of a set of forwarding nodes arranged in a directed graph and a supporting framework. The framework has all the basic data structures, timers, drivers (and interfaces to both DPDK and netmap), a scheduler which allocates the CPU time between the graph nodes, performance and debugging tools, like counters and built-in packet trace. The latter allows you to capture the paths taken by the packets within the graph with high timestamp granularity, giving full insight into the processing on a per-packet level.\u003cbr\u003e\nThe net result here is that Cisco (again, Cisco) has shown the ability to route packets at 1 Tb/s using VPP on a four socket Purley system\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is also much discussion of the future of pfSense, as they transition to using VPP\u003c/li\u003e\n\u003cli\u003eThis is a very lengthy write up which deserves a full read, plus there are some comments from other people\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=150317547021396\u0026w=2\" rel=\"nofollow\"\u003eRETGUARD, the OpenBSD next level in exploit mitigation, is about to debut\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis year I went to BSDCAN in Ottawa.  I spent much of it in the \u0026#39;hallway track\u0026#39;, and had an extended conversation with various people regarding our existing security mitigations and hopes for new ones in the future.  I spoke a lot with Todd Mortimer.  Apparently I told him that I felt return-address protection was impossible, so a few weeks later he sent a clang diff to address that issue...\u003cbr\u003e\nThe first diff is for amd64 and i386 only -- in theory RISC architectures can follow this approach soon.\u003cbr\u003e\nThe mechanism is like a userland \u0026#39;stackghost\u0026#39; in the function prologue and epilogue.  The preamble XOR\u0026#39;s the return address at top of stack with the stack pointer value itself.  This perturbs by introducing bits from ASLR.  The function epilogue undoes the transform immediately before the RET instruction.  ROP attack methods are impacted because existing gadgets are transformed to consist of \u0026quot;\u003cgadget artifacts\u003e \u003cmangle ret address\u003e RET\u0026quot;.  That pivots the return sequence off the ROP chain in a highly unpredictable and inconvenient fashion.\u003cbr\u003e\nThe compiler diff handles this for all the C code, but the assembly functions have to be done by hand.  I did this work first for amd64, and more recently for i386.  I\u0026#39;ve fixed most of the functions and only a handful of complex ones remain.\u003cbr\u003e\nFor those who know about polymorphism and pop/jmp or JOP, we believe once standard-RET is solved those concerns become easier to address seperately in the future.  In any case a substantial reduction of gadgets is powerful.\u003cbr\u003e\nFor those worried about introducing worse polymorphism with these \u0026quot;xor; ret\u0026quot; epilogues themselves, the nested gadgets for 64bit and 32bit variations are +1 \u0026quot;xor %esp,(%rsp); ret\u0026quot;, +2 \u0026quot;and $0x24,%al; ret\u0026quot; and +3 \u0026quot;and $0xc3,%al; int3\u0026quot;.  Not bad.\u003cbr\u003e\nOver the last two weeks, we have received help and advice to ensure debuggers (gdb, egdb, ddb, lldb) can still handle these transformed callframes.  Also in the kernel, we discovered we must use a smaller XOR, because otherwise userland addresses are generated, and cannot rely on SMEP as it is really new feature of the architecture.  There were also issues with pthreads and dlsym, which leads to a series of uplifts around __builtin_return_address and DWARF CFI.\u003cbr\u003e\nApplication of this diff doesn\u0026#39;t require anything special, a system can simply be built twice.  Or shortcut by building \u0026amp; installing gnu/usr.bin/clang first, then a full build.\u003cbr\u003e\nWe are at the point where userland and base are fully working without regressions, and the remaining impacts are in a few larger ports which directly access the return address (for a variety of reasons).\u003cbr\u003e\nSo work needs to continue with handling the RET-addr swizzle in those ports, and then we can move forward.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou can find the full message with the diff \u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=150317547021396\u0026w=2\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ed Maste, Charlie \u0026amp; Siva - \u003ca href=\"https://twitter.com/ed_maste\" rel=\"nofollow\"\u003e@ed_maste\u003c/a\u003e, \u003ca href=\"https://twitter.com/yzgyyang\" rel=\"nofollow\"\u003e@yzgyyang\u003c/a\u003e \u0026amp; \u003ca href=\"https://twitter.com/svmhdvn\" rel=\"nofollow\"\u003e@svmhdvn\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eCo-op Students for the FreeBSD Foundation\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2017-August/313558.html\" rel=\"nofollow\"\u003eNext DFly release will have an initial HAMMER2 implementation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe next DragonFly release (probably in September some time) will have an initial HAMMER2 implementation.  It WILL be considered experimental and won\u0026#39;t be an installer option yet.  This initial release will only have single-image support operational plus basic features.  It will have live dedup (for cp\u0026#39;s), compression, fast recovery, snapshot, and boot support out of the gate.\u003cbr\u003e\nThis first H2 release will not have clustering or multi-volume support, so don\u0026#39;t expect those features to work.  I may be able to get bulk dedup and basic mirroring operational by release time, but it won\u0026#39;t be very efficient.  Also, right now, sync operations are fairly expensive and will stall modifying operations to some degree during the flush, and there is no reblocking (yet).  The allocator has a 16KB granularity (on HAMMER1 it was 2MB), so for testing purposes it will still work fairly well even without reblocking.\u003cbr\u003e\nThe design is in a good place.  I\u0026#39;m quite happy with how the physical layout turned out.  Allocations down to 1KB are supported.  The freemap has a 16KB granularity with a linear counter (one counter per 512KB) for packing smaller allocations.  INodes are 1KB and can directly embed 512 bytes of file data for files \u0026lt;= 512 bytes, or have four top-level blockrefs for files \u0026gt; 512 bytes.  The freemap is also zoned by type for I/O locality.\u003cbr\u003e\nThe blockrefs are \u0026#39;fat\u0026#39; at 128 bytes but enormously powerful.  That will allow us to ultimately support up to a 512-bit crypto hash and blind dedup using said hash.  Not on release, but that\u0026#39;s the plan.\u003cbr\u003e\nI came up with an excellent solution for directory entries.  The 1KB allocation granularity was a bit high but I didn\u0026#39;t want to reduce it. However, because blockrefs are now 128 byte entities, and directory entries are hashed just like in H1, I was able to code them such that a directory entry is embedded in the blockref itself and does not require a separate data reference or allocation beyond that.  Filenames up to 64 bytes long can be accomodated in the blockref using the check-code area of the blockref.  Longer filenames will use an additional data reference hanging off the blockref to accomodate up to 255 char filenames.  Of course, a minimum of 1KB will have to be allocated in that case, but filenames are \u0026lt;= 64 bytes in the vast majority of use cases so it just isn\u0026#39;t an issue.\u003cbr\u003e\nThis gives directory entries optimal packing and indexing and is a huge win in terms of performance since blockrefs are arrayed in 16KB and 64KB blocks.  In addition, since inodes can embed up to four blockrefs, the directory entries for \u0026#39;small\u0026#39; directories with \u0026lt;= 4 entries (\u0026#39;.\u0026#39; and \u0026#39;..\u0026#39; don\u0026#39;t count) can actually be embedded in the directory inode itself.\u003cbr\u003e\nSo, generally speaking, the physical layout is in a very happy place.  The basics are solid on my test boxes so it\u0026#39;s now a matter of implementing as many of the more sophisticated features as I can before release, and continuing to work on the rest after the release.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openssl.org/blog/blog/2017/06/17/code-removal/\" rel=\"nofollow\"\u003eRemoving Some Code\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is another update on our effort to re-license the OpenSSL software. Our previous post in March was about the launch of our effort to reach all contributors, with the hope that they would support this change.\u003cbr\u003e\nSo far, about 40% of the people have responded. For a project that is as old as OpenSSL (including its predecessor, SSLeay, it’s around 20 years) that’s not bad. We’ll be continuing our efforts over the next couple of months to contact everyone.\u003cbr\u003e\nOf those people responding, the vast majority have been in favor of the license change – less then a dozen objected. This post describes what we’re doing about those and how we came to our conclusions. The goal is to be very transparent and open with our processes.\u003cbr\u003e\nFirst, we want to mention that we respect their decision. While it is inconvenient to us, we acknowledge their rights to keep their code under the terms that they originally agreed to. We are asking permission to change the license terms, and it is fully within their rights to say no.\u003cbr\u003e\nThe license website is driven by scripts that are freely available in the license section of our tools repository on GitHub. When we started, we imported every single git commit, looked for anything that resembled an email address, and created tables for each commit, each user we found, and a log that connects users to commits. This did find false positives: sometimes email Message-ID’s showed up, and there were often mentions of folks just as a passing side-comment, or because they were in the context diff. (That script is also in the tools repository, of course.)\u003cbr\u003e\nThe user table also has columns to record approval or rejection of the license change, and comments. Most of the comments have been supportive, and (a bit surprisingly) only one or two were obscene.\u003cbr\u003e\nThe whattoremove script finds the users who refused, and all commits they were named in. We then examined each commit – there were 86 in all – and filtered out those that were cherry-picks to other releases. We are planning on only changing the license for the master branch, so the other releases branches aren’t applicable. There were also some obvious false positives. At the end of this step, we had 43 commits to review.\u003cbr\u003e\nWe then re-read every single commit, looking for what we could safely ignore as not relevant. We found the following:\u003cbr\u003e\nNine of them showed up only because the person was mentioned in a comment.\u003cbr\u003e\nSixteen of them were changes to the OpenBSD configuration data. The OpenSSL team had completely rewritten this, refactoring all BSD configurations into a common hierarchy, and the config stuff changed a great deal for 1.1.0.\u003cbr\u003e\nSeven were not copyrightable as because they were minimal changes (e.g., fixing a typo in a comment).\u003cbr\u003e\nOne was a false positive.\u003cbr\u003e\nThis left us with 10 commits. Two of them them were about the CryptoDev engine. We are removing that engine, as can be seen in this PR, but we expect to have a replacement soon (for at least Linux and FreeBSD). As for the other commits, we are removing that code, as can be seen in this first PR. and this second PR. Fortunately, none of them are particularly complex.\u003cbr\u003e\nCopyright, however, is a complex thing – at times it makes debugging look simple. If there is only one way to write something, then that content isn’t copyrightable. If the work is very small, such as a one-line patch, then it isn’t copyrightable. We aren’t lawyers, and have no wish to become such, but those viewpoints are valid. It is not official legal advice, however.\u003cbr\u003e\nFor the next step, we hope that we will be able to “put back” the code that we removed. We are looking to the community for help, and encourage you to create the appropriate GitHub pull requests. We ask the community to look at that second PR and provide fixes.\u003cbr\u003e\nAnd finally, we ask everyone to look at the list of authors and see if their name, or the name of anyone they know, is listed. If so please email us.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170821133453\" rel=\"nofollow\"\u003ederaadt@ moves us to 6.2-beta!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTheo has just committed the diff that marks the end of the development cycle and the beginning of the testing phase for the upcoming 6.2 release:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e`\u003cbr\u003e\nCVSROOT:        /cvs\u003cbr\u003e\u003cbr\u003e\nModule name:    src\u003cbr\u003e\u003cbr\u003e\nChanges by:     \u003ca href=\"mailto:deraadt@cvs.openbsd.org\" rel=\"nofollow\"\u003ederaadt@cvs.openbsd.org\u003c/a\u003e 2017/08/20 10:56:43                                               \u003c/p\u003e\n\n\u003cp\u003eModified files:\u003cbr\u003e\u003cbr\u003e\n        etc/root       : root.mail\u003cbr\u003e\u003cbr\u003e\n        share/mk       : sys.mk\u003cbr\u003e\u003cbr\u003e\n        sys/arch/macppc/stand/tbxidata: bsd.tbxi\u003cbr\u003e\u003cbr\u003e\n        sys/conf       : newvers.sh\u003cbr\u003e\u003cbr\u003e\n        sys/sys        : param.h\u003cbr\u003e\u003cbr\u003e\nLog message:\u003cbr\u003e\u003cbr\u003e\ncrank to 6.2-beta\u003cbr\u003e\u003cbr\u003e\n`\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYou all know what this means: get to testing! Find whatever hardware you have and install the latest snapshots, stress the upgrade procedure, play your favorite games, build your own code - whatever you use OpenBSD for, try it in the new snaps and report any problems you find. Your testing efforts will help make sure 6.2 is another great release!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.soldierx.com/news/64-Hijacked-ARMs\" rel=\"nofollow\"\u003e64 Hijacked ARMs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170817195416\" rel=\"nofollow\"\u003eSmartisan Makes Another Iridium Donation to the OpenBSD Foundation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/Keltounet/status/898092662657560576\" rel=\"nofollow\"\u003eAndrey A. Chernov (ache), long-time FreeBSD core team member and dev, has passed away\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/dugsong/status/897338038212276224\" rel=\"nofollow\"\u003eOpenBSD hacker Mickey Shalayeff has passed away\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/news/newsflash.html#event20170819:01\" rel=\"nofollow\"\u003eFreeBSD 10.4-BETA1 Available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://asciinema.org/a/M8sjN0FC64JPBWZqjKIG5sx2q\" rel=\"nofollow\"\u003evmadm in action, from getting a dataset to running a jail w/ vnet networking in just a few commands\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://garbage.fm/episodes/41\" rel=\"nofollow\"\u003eInterview with Patrick Wildt (from t2k17 OpenBSD Hackathon)\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeth - \u003ca href=\"http://dpaste.com/0F2382X\" rel=\"nofollow\"\u003eSwitching to tarsnap\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohnny - \u003ca href=\"http://dpaste.com/1F576QS\" rel=\"nofollow\"\u003ememcmp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThomas - \u003ca href=\"http://dpaste.com/0F9QSZZ\" rel=\"nofollow\"\u003eDrives and NAS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBen - \u003ca href=\"http://dpaste.com/1Z6CFWE\" rel=\"nofollow\"\u003eNvidia\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDavid - \u003ca href=\"http://dpaste.com/0B23QZB\" rel=\"nofollow\"\u003eZFS performance variations over nfs\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We explore whether a BSD can replicate Cisco router performance; RETGUARD, OpenBSDs new exploit mitigation technology, Dragonfly’s HAMMER2 filesystem implementation \u0026 more!","date_published":"2017-09-13T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ad97fd5d-79ef-479e-bdc4-e4510ca8e241.mp3","mime_type":"audio/mpeg","size_in_bytes":88353364,"duration_in_seconds":7362}]},{"id":"be8706fd-d9f3-488b-89a2-a1d3243560a9","title":"210: Your questions, part I","url":"https://www.bsdnow.tv/210","content_text":"In this episode, we take a look at the reimplementation of NetBSD using a Microkernel, check out what makes DHCP faster, and see what high-process count support for DragonflyBSD has to offer, and we answer the questions you’ve always wanted to ask us.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nA Reimplementation Of Netbsd Using a Microkernel\n\n\nMinix author Andy Tanenbaum writes in Part 1 of a-reimplementation-of-netbsd-using-a-microkernel\n\n\n\nBased on the MINIX 3 microkernel, we have constructed a system that to the user looks a great deal like NetBSD. It uses pkgsrc, NetBSD headers and libraries, and passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running, and without user processes noticing it. The talk will discuss the history, goals, technology, and status of the project.\n Research at the Vrije Universiteit has resulted in a reimplementation of NetBSD using a microkernel instead of the traditional monolithic kernel. To the user, the system looks a great deal like NetBSD (it passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running.\n The latest work has been adding live update, making it possible to upgrade to a new version of the operating system WITHOUT a reboot and without running processes even noticing. No other operating system can do this.\n The system is built on MINIX 3, a derivative of the original MINIX system, which was intended for education. However, after the original author, Andrew Tanenbaum, received a 2 million euro grant from the Royal Netherlands Academy of Arts and Sciences and a 2.5 million euro grant from the European Research Council, the focus changed to building a highly reliable, secure, fault tolerant operating system, with an emphasis on embedded systems. The code is open source and can be downloaded from www.minix3.org. It runs on the x86 and ARM Cortex V8 (e.g., BeagleBones). Since 2007, the Website has been visited over 3 million times and the bootable image file has been downloaded over 600,000 times. The talk will discuss the history, goals, technology, and status of the project.\n\n\n\nPart 2 is also available.\n***\n\n\nRapid DHCP: Or, how do Macs get on the network so fast?\n\n\nOne of life's minor annoyances is having to wait on my devices to connect to the network after I wake them from sleep. All too often, I'll open the lid on my EeePC netbook, enter a web address, and get the dreaded \"This webpage is not available\" message because the machine is still working on connecting to my Wi-Fi network. On some occasions, I have to twiddle my thumbs for as long as 10-15 seconds before the network is ready to be used. The frustrating thing is that I know it doesn't have to be this way. I know this because I have a Mac. When I open the lid of my MacBook Pro, it connects to the network nearly instantaneously. In fact, no matter how fast I am, the network comes up before I can even try to load a web page. My curiosity got the better of me, and I set out to investigate how Macs are able to connect to the network so quickly, and how the network connect time in other operating systems could be improved.\n\n\n\nI figure there are three main categories of time-consuming activities that occur during network initialization:\nLink establishment. This is the activity of establishing communication with the network's link layer. In the case of Wi-Fi, the radio must be powered on, the access point detected, and the optional encryption layer (e.g. WPA) established. After link establishment, the device is able to send and receive Ethernet frames on the network.\nDynamic Host Configuration Protocol (DHCP). Through DHCP handshaking, the device negotiates an IP address for its use on the local IP network. A DHCP server is responsible for managing the IP addresses available for use on the network.\nMiscellaneous overhead. The operating system may perform any number of mundane tasks during the process of network initialization, including running scripts, looking up preconfigured network settings in a local database, launching programs, etc.\n My investigation thus far is primarily concerned with the DHCP phase, although the other two categories would be interesting to study in the future. I set up a packet capture environment with a spare wireless access point, and observed the network activity of a number of devices as they initialized their network connection. For a worst-case scenario, let's look at the network activity captured while an Android tablet is connecting:\n This tablet, presumably in the interest of \"optimization\", is initially skipping the DHCP discovery phase and immediately requesting its previous IP address. The only problem is this is a different network, so the DHCP server ignores these requests. After about 4.5 seconds, the tablet stubbornly tries again to request its old IP address. After another 4.5 seconds, it resigns itself to starting from scratch, and performs the DHCP discovery needed to obtain an IP address on the new network.\n In all fairness, this delay wouldn't be so bad if the device was connecting to the same network as it was previously using. However, notice that the tablet waits a full 1.13 seconds after link establishment to even think about starting the DHCP process. Engineering snappiness usually means finding lots of small opportunities to save a few milliseconds here and there, and someone definitely dropped the ball here.\n In contrast, let's look at the packet dump from the machine with the lightning-fast network initialization, and see if we can uncover the magic that is happening under the hood:\n The key to understanding the magic is the first three unicast ARP requests. It looks like Mac OS remembers certain information about not only the last connected network, but the last several networks. In particular, it must at least persist the following tuple for each of these networks:\n    \u0026gt; 1. The Ethernet address of the DHCP server\n    \u0026gt; 2. The IP address of the DHCP server\n    \u0026gt; 3. Its own IP address, as assigned by the DHCP server\n During network initialization, the Mac transmits carefully crafted unicast ARP requests with this stored information. For each network in its memory, it attempts to send a request to the specific Ethernet address of the DHCP server for that network, in which it asks about the server's IP address, and requests that the server reply to the IP address which the Mac was formerly using on that network. Unless network hosts have been radically shuffled around, at most only one of these ARP requests will result in a response—the request corresponding to the current network, if the current network happens to be one of the remembered networks.\n This network recognition technique allows the Mac to very rapidly discover if it is connected to a known network. If the network is recognized (and presumably if the Mac knows that the DHCP lease is still active), it immediately and presumptuously configures its IP interface with the address it knows is good for this network. (Well, it does perform a self-ARP for good measure, but doesn't seem to wait more than 13ms for a response.) The DHCP handshaking process begins in the background by sending a DHCP request for its assumed IP address, but the network interface is available for use during the handshaking process. If the network was not recognized, I assume the Mac would know to begin the DHCP discovery phase, instead of sending blind requests for a former IP address as the Galaxy Tab does.\n The Mac's rapid network initialization can be credited to more than just the network recognition scheme. Judging by the use of ARP (which can be problematic to deal with in user-space) and the unusually regular transmission intervals (a reliable 1.0ms delay between each packet sent), I'm guessing that the Mac's DHCP client system is entirely implemented as tight kernel-mode code. The Mac began the IP interface initialization process a mere 10ms after link establishment, which is far faster than any other device I tested. Android devices such as the Galaxy Tab rely on the user-mode dhclient system (part of the dhcpcd package) dhcpcd program, which no doubt brings a lot of additional overhead such as loading the program, context switching, and perhaps even running scripts.\n The next step for some daring kernel hacker is to implement a similarly aggressive DHCP client system in the Linux kernel, so that I can enjoy fast sign-on speeds on my Android tablet, Android phone, and Ubuntu netbook. There already exists a minimal DHCP client implementation in the Linux kernel, but it lacks certain features such as configuring the DNS nameservers. Perhaps it wouldn't be too much work to extend this code to support network recognition and interface with a user-mode daemon to handle such auxillary configuration information received via DHCP. If I ever get a few spare cycles, maybe I'll even take a stab at it.\n\n\n\nYou can also find other ways of optimizing the dhclient program and how it works in the dhclient tutorial on Calomel.org.\n***\n\n\nBSDCam Trip Report\n\n\nOver the decades, FreeBSD development and coordination has shifted from being purely on-line to involving more and more in-person coordination and cooperation. The FreeBSD Foundation sponsors a devsummit right before BSDCan, EuroBSDCon, and AsiaBSDCon, so that developers traveling to the con can leverage their airfare and hammer out some problems. Yes, the Internet is great for coordination, but nothing beats a group of developers spending ten minutes together to sketch on a whiteboard and figuring out exactly how to make something bulletproof.\nIn addition to the coordination efforts, though, conference devsummits are hierarchical. There’s a rigid schedule, with topics decided in advance. Someone leads the session. Sessions can be highly informative, passionate arguments, or anything in between.\nBSDCam is… a little different. It’s an invaluable part of the FreeBSD ecosystem. However, it’s something that I wouldn’t normally attend.\nBut right now, is not normal. I’m writing a new edition of Absolute FreeBSD. To my astonishment, people have come to rely on this book when planning their deployments and operations. While I find this satisfying, it also increases the pressure on me to get things correct. When I wrote my first FreeBSD book back in 2000, a dozen mailing lists provided authoritative information on FreeBSD development. One person could read every one of those lists. Today, that’s not possible—and the mailing lists are only one narrow aspect of the FreeBSD social system.\nDon’t get me wrong—it’s pretty easy to find out what people are doing and how the system works. But it’s not that easy to find out what people will be doing and how the system will work. If this book is going to be future-proof, I needed to leave my cozy nest and venture into the wilds of Cambridge, England. Sadly, the BSDCam chair agreed with my logic, so I boarded an aluminum deathtrap—sorry, a “commercial airliner”—and found myself hurtled from Detroit to Heathrow.\nAnd one Wednesday morning, I made it to the William Gates building of Cambridge University, consciousness nailed to my body by a thankfully infinite stream of proper British tea.\nBSDCam attendance is invitation only, and the facilities can only handle fifty folks or so. You need to be actively working on FreeBSD to wrangle an invite. Developers attend from all over the world. Yet, there’s no agenda. Robert Watson is the chair, but he doesn’t decide on the conference topics. He goes around the room and asks everyone to introduce themselves, say what they’re working on, and declare what they want to discuss during the conference. The topics of interest are tallied. The most popular topics get assigned time slots and one of the two big rooms. Folks interested in less popular topics are invited to claim one of the small breakout rooms.\nThen the real fun begins. I started by eavesdropping in the virtualization workshop. For two hours, people discussed FreeBSD’s virtualization needs, strengths, and weaknesses. What needs help? What should this interface look like? What compatibility is important, and what isn’t? By the end of the session, the couple dozen people had developed a reasonable consensus and, most importantly, some folks had added items to their to-do lists.\nRepeat for a dozen more topics. I got a good grip on what’s really happening with security mitigation techniques, FreeBSD’s cloud support, TCP/IP improvements, advances in teaching FreeBSD, and more. A BSDCan devsummit presentation on packaging the base system is informative, but eavesdropping on two dozen highly educated engineers arguing about how to nail down the final tidbits needed to make that a real thing is far more educational.\nTo my surprise, I was able to provide useful feedback for some sessions. I speak at a lot of events outside of the FreeBSD world, and was able to share much of what I hear at Linux conferences. A tool that works well for an experienced developer doesn’t necessarily work well for everyone.\nEvery year, I leave BSDCan tired. I left BSDCam entirely exhausted. These intense, focused discussions stretched my brain.\nBut, I have a really good idea where key parts of FreeBSD development are actually headed. This should help future-proof the new Absolute FreeBSD, as much as any computer book can be future-proof.\nPlus, BSDCam throws the most glorious conference dinner I’ve ever seen.\nI want to thank Robert Watson for his kind invitation, and the FreeBSD Foundation for helping defray the cost of this trip\n\n\n\n\nInterview - The BSDNow Crew\n\n\nAs a kid, what did you dream of to become as an adult?\n\n\n\nJT: An Astronaut\nBR: I wanted to be a private detective, because of all the crime novels that I read back\nthen. I didn’t get far with it. However, I think the structured analysis skills (who did what, when, and such) help me in debugging and sysadmin work.\nAJ: Didn’t think about it much\n\n\n\nHow do you manage to stay organized day to day with so much things you're actively doing each day? (Day job, wife/girlfriend, conferences, hobbies, friends, etc.)\n\n\n\nJT: Who said I was organized?\nBR: A lot of stuff in my calendar as reminders, open browser tabs as “to read later” list. A few things like task switching when getting stuck helps. Also, focus on a single goal for the day, even though there will be distractions. Slowly, but steadily chip away at the things you’re working on. Rather than to procrastinate and put things back to review later, get started early with easy things for a big task and then tackle the hard part. Often, things look totally chaotic and unmanageable, until you start working on them. \nAJ: I barely manage. Lots of Google Calendar reminders, and the entire wall of my office is covered in whiteboard sheet todo lists. I use pinboard.in to deal with finding and organizing bookmarks. Write things down, don’t trust your memory.\n\n\n\nWhat hobbies outside of IT do you have?\n\n\n\nJT: I love photography, but I do that Professional part time, so I’m not sure if that counts as a hobby anymore.  I guess it’d have to be working in the garage on my cars.\nBR: I do Tai Chi to relax once a week in a group, but can also do it alone, pretty much everywhere. Way too much Youtube watching and browsing the web. I did play some games before studying at the university and I’m still proud that I could control it to the bare minimum not to impact my studies. A few “lapses” from time to time, revisiting the old classics since the newer stuff won’t run on my machines anyway. Holiday time is pretty much spent for BSD conferences and events, this is where I can relax and talk with like-minded people from around the world, which is fascinating. Plus, it gets me to various places and countries I never would have dared to visit on my own.\nAJ: I play a few video games, and I like to ski, although I don’t go very often as most of my vacation time is spent hanging out with my BSD friends at various conferences\n\n\n\nHow do you relax?\n\n\n\nJT: What is this word ‘relax’ and what does it mean?\nBR: My Tai Chi plays a big part in it I guess. I really calms you and the constant stream of thoughts for a while. It also gives you better clarity of what’s important in life. Watching movies, sleeping long.\nAJ: Usually watching TV or Movies. Although I have taken to doing most of my TV watching on my exercise bike now, but it is still mentally relaxing\n\n\n\nIf FreeBSD didn't exist,  which BSD flavour would you use? Why?\n\n\n\nJT: I use TrueOS, but if FreeBSD didn’t exist, that project might not either… so…  My other choice would be HardenedBSD, but since it’s also based on FreeBSD I’m in the same dillema.\nBR: I once installed NetBSD to see what It can do. If FreeBSD wouldn’t exist, I would probably try my luck with it. OpenBSD is also appealing, but I’ve never installed it.\nAJ: When I started using FreeBSD in 2000, the only other BSD I had heard of at the time was OpenBSD. If FreeBSD wasn’t around, I don’t think the world would look like it does, so it is hard to speculate.\n\n\n\nIf any of the BSD's weren't around and you had to use Linux, which camp would belong to? (Redhat, SUSE, Debian, Ubuntu, Gentoo?)\n\n\n\nJT: I learned Linux in the mid 90s using Slackware, which I used consistently up until the mid 2000s, when I joined the PuppyLinux community and eventually became a developer (FYI, Puppy was/is/can be based on Slackware -- its complicated).  So I’d go back to using either Slackware or PuppyLinux.\nBR: I tried various Linux distributions until I landed at Debian. I used is pretty extensively as my desktop OS at home, building custom kernels and packages to install them until I discovered FreeBSD. I ran both side by side for a few months for learning until one day I figured out that I had not booted Debian in a while, so I switched completely. \nAJ: The first Linux I played with was Slackware, and it is the most BSD like, but the bits of Linux I learned in school were Redhat and so I can somewhat wrap my head around it, although now that they are changing everything to systemd, all of that old knowledge is more harmful than useful.\n\n\n\nAre you still finding yourself in need to use Windows/Mac OS? Why?\n\n\n\nJT: I work part time as a professional Photographer, so I do use Windows for my photography work.  While I can do everything I need to do in Linux, it comes down to being pragmatic about my time.  What takes me several hours to accomplish in Linux I can accomplish in 20 minutes on Windows.\nBR: I was a long time Windows-only user before my Unix days. But back when Vista was about to come out and I needed a new laptop, my choice was basically learning to cope with Vistas awful features or learn MacOS X. I did the latter, it increased my productivity since it’s really a good Unix desktop experience (at least, back then). I only have to use Windows at work from time to time as I manage our Windows Terminal server, which keeps the exposure low enough and I only connect to it to use a certain app not available for the Mac or the BSDs.\nAJ: I still use Windows to play games, for a lot of video conferencing, and to produce BSD Now. Some of it could be done on BSD but not as easily. I have promised myself that I will switch to 100% BSD rather than upgrade to Windows 10, so we’ll see how that goes.\n\n\n\nPlease describe your home networking setup.  Router type, router OS, router hardware, network segmentation, wifi apparatus(es), other devices connected, and anything else that might be interesting about your home network.\n\n\n\nBR: Very simple and boring: Apple Airport Express base station and an AVM FritzBox  for DNS, DHCP, and the link to my provider. A long network cable to my desktop machine. That I use less and less often. I just bought an RPI 3 for some home use in the future to replace it. Mostly my brother’s and my Macbook Pro’s are connected, our phones and the iPad of my mother.  \n\nAJ: I have a E3-1220 v3 (dual 3.1ghz + HT) with 8 GB of ram, and 4x Intel gigabit server NICs as my router, and it runs vanilla FreeBSD (usually some snapshot of -current). I have 4 different VLANs, Home, Office, DMZ, and Guest WiFi. WiFi is served via a tiny USB powered device I bought in Tokyo years ago, it serves 3 different SSIDs, one for each VLAN except the DMZ. There are ethernet jacks in every room wired for 10 gigabit, although the only machines with 10 gigabit are my main workstation, file server, and some machines in the server rack. There are 3 switches, one for the house (in the laundry room), one for the rack, and one for 10gig stuff. There is a rack in the basement spare bedroom, it has 7 servers in it, mostly storage for live replicas of customer data for my company.\n\n\n\nHow do guys manage to get your work done on FreeBSD desktops? What do you do when you need to a Linux or Windows app that isn't ported, or working? I've made several attempts to switch to FreeBSD, but each attempt failed because of tools not being available (e.g. Zoom, Dropbox, TeamViewer, Crashplan) or broken (e.g. VirtualBox).\n\n\n\nBR: I use VIrtualBox for everything that is not natively available or Windows-only. Unfortunately, that means no modern games. I mostly do work in the shell when I’m on FreeBSD and when it has to be a graphical application, then I use Fluxbox as the DE. I want to get work done, not look at fancy eye-candy that get’s boring after a while. Deactivated the same stuff on my mac due to the same reason. I look for alternative software online, but my needs are relatively easy to satisfy as I’m not doing video editing/rendering and such.\n\nAJ: I generally find that I don’t need these apps. I use Firefox, Thunderbird, OpenSSH, Quassel, KomodoEdit, and a few other apps, so my needs are not very demanding. It is annoying when packages are broken, but I usually work around this with boot environments, and being able to just roll back to a version that worked for a few days until the problem is solved. I do still have access to a windows machine for the odd time I need specific VPN software or access to Dell/HP etc out-of-band management tools.\n\n\n\nWhich desktop environments are your favorite, and why? For example, I like i3, Xfce, and I'm drawn to Lumina's ethos, but so far always seem to end up back on Xfc because of its ease of use, flexibility, and dashing good looks.\n\n\n\nJT: As a Lumina Desktop developer, I think my preference is obvious. ;)  I am also a long \ntimeOpenBox user, so I have a soft place in my heart for that as well.  \n\nBR: I use Fluxbox when I need to work with a lot of windows or an application demands X11. KDE and others are too memory heavy for me and I rarely use even 20% of the features they provide.\nAJ: I was a long time KDE user, but I have adopted Lumina. I find it fast, and that it gets out of my way and lets me do what I want. It had some annoyances early on, but I’ve nagged the developers into making it work for me.\n\n\n\nWhich command-line shells do you prefer, why, and how (if at all) have you customised the environment or prompt?\n\n\n\nBR: I use zsh, but without all the fancy stuff you can find online. It might make you more productive, yes. But again, I try to keep things simple. I’m slowly learning tmux and want to work more in it in the future. I sometimes look at other BSD people’s laptops and am amazed at what they do with window-management in tmux. My prompt looks like this:\n\nbcr@Voyager:~\u0026gt;                             20:20 17-08-17\nPut this in your .zshrc to get the same result:\nPROMPT='%n@%m:%~\u0026gt;'\nRPROMPT='%T %D'\n\n\nAJ: I started using tcsh early on, because it was the shell on the first box I had access to, and because one of the first things I read in “BSD Hacks” was how to enable ‘typo correction”, which made my life a lot better especially on dial up in the early days. My shell prompt looks like this: allan@CA-TOR1-02:/usr/home/allan%\n\n\n\nWhat is one thing (or more) missing in FreeBSD you would import from another project or community? Could be tech, process, etc.\n\n\n\nJT: AUFS from Linux\n\nBR: Nohup from Illumos where you can detach an already running process and put it in the background. I often forget that and I’m not in tmux when that happens, so I can see myself use that feature a lot.\n\nAJ: Zones (more complete Jails) from IllumOS\n\n\n\nhow do you manage your time to learn about and work on FreeBSD?  Does your  work/employment enable what you do, or are your contributions mainly done in private time?\n\n\n\nJT: These days I’m mostly learning things I need for work, so it just falls into something I’m doing while working on work projects.\n\nBR: We have a lot of time during the semester holidays to learn on our own, it’s part of the idea of being in a university to keep yourself updated, at least for me. Especially in the fast moving world of IT. I also read a lot in my free time. My interests can shift sometimes, but then I devour everything I can find on the topic. Can be a bit excessive, but has gotten me where I am now and I still need a lot to learn (and want to). Since I work with FreeBSD at work (my owndoing), I can try out many things there.\n\nAJ: My work means a spend a lot of time working with FreeBSD, but not that much time working ON it. My contributions are mostly done outside of work, but as I own the company I do get more flexibility to take time off for conferences and other FreeBSD related stuff.\n\n\n\nwe know we can bribe Michael W Lucas with gelato (good gelato that is), but what can we use to bribe you guys? Like when I want to have Allan to work on fixing a bug which prevents me from running ZFS on this fancy rock64 board?\n\n\n\nBR: Desserts of various kinds. \n\nAJ: I am probably not the right person to look at your rock64 board. Most people in the project have taken to bribing me with chocolate. In general, my todo list is so long, the best way is a trade, you take this task and I’ll take that task.\n\n\n\nIs your daily mobile device iOS, Android, Windows Mobile, or other? Why?\n\n\n\nJT: These days I’m using Android on my Blackberry Priv, but until recently I was still a heavy user of Sailfish OS.  I would use SailfishOS everyday, if I could find a phone with a keyboard that I could run it on.\n\nBR: iOS on the iPhone 7 currently. Never used an Android phone, saw it on other people’s devices and what they can do with it (much more). But the infrequent security updates (if any at all) keep me away from it.\n\nAJ: I have a Google Nexus 6 (Android 7.1). I wanted the ‘pure’ Android experience, and I had been happy with my previous Nexus S. I don’t run a custom OS/ROM or anything because I use the phone to verify that video streams work on an ‘average users device’. I am displeased that support for my device will end soon. I am not sure what device I will get next, but it definitely won’t be an iPhone.\n\n\n\n\nNews Roundup\n\nBeta Update - Request for (more) Testing\n\n\n https://beta.undeadly.org/ has received an update. The most significant changes include:\n\n\n\nThe site has been given a less antiquated \"look\". (As the topic icons have been eliminated, we are no longer seeking help with those graphics.)\nThe site now uses a moderate amount of semantic HTML5.\nSeveral bugs in the HTML fragment validator (used for submissions and comments) have been fixed.\nTo avoid generating invalid HTML, submission content which fails validation is no longer displayed in submission/comment previews.\nPlain text submissions are converted to HTML in a more useful fashion. (Instead of just converting each EOL to , the converter now generates proper paragraphs and interprets two or more consecutive EOLs as indicating a paragraph break.)\n\n\n\n The redevelopment remains a work-in-progress. Many thanks to those who have contributed!\n\n\n\nAs before, constructive feedback would be appreciated. Of particular interest are reports of bugs in behaviour (for example, in the HTML validator or in authentication) that would preclude the adoption of the current code for the main site.\n\n\n\n\nHigh-process-count support added to master\n\n\nWe've fixed a number of bottlenecks that can develop when the number of user processes runs into the tens of thousands or higher.  One thing led to another and I said to myself, \"gee, we have a 6-digit PID, might as well make it work to a million!\".  With the commits made today, master can support at least 900,000 processes with just a kern.maxproc setting in\n/boot/loader.conf, assuming the machine has the memory to handle it.\n And, in fact, as today's machines start to ratchet up there in both memory capacity and core count, with fast storage (NVMe) and fast networking (10GigE and higher), even in consumer boxes, this is actually something that one might want to do.  With AMD's threadripper and EPYC chips now out, the Intel\u0026lt;-\u0026gt;AMD cpu wars are back on!   Boasting up to 32 cores (64 threads) per socket and two sockets on EPYC, terabytes of ram, and motherboards with dual 10GigE built-in, the reality is that these numbers are already achievable in a useful manner.\n In anycase, I've tested these changes on a dual-socket xeon.  I can in-fact start 900,000 processes.  They don't get a whole lot of cpu and running 'ps' would be painful, but it works and the system is still responsive from the shell with all of that going on.\n xeon126# uptime\n 1:42PM  up 9 mins, 3 users, load averages: 890407.00, 549381.40, 254199.55\n In fact, judging from the memory use, these minimal test processes only eat around 60KB each.  900,000 of them ate only 55GB on a 128GB machine.  So even a million processes is not out of the question, depending on the cpu requirements for those processes.  Today's modern machines can be stuffed with enormous amounts of memory.\n Of course, our PIDs are currently limited to 6 digits, so a million is kinda the upper limit in terms of discrete user processes (verses pthreads which are less restricted).  I'd rather not go to 7 digits (yet).\n\n\n\n\nCFT: Driver for generic MS Windows 7/8/10 - compatible USB HID multi-touch touchscreens\n\n\nFollowing patch [1] adds support for generic MS Windows 7/8/10 - compatible USB HID multi-touch touchscreens via evdev protocol. It is intended to be a native replacement of hid-multitouch.c driver found in Linux distributions and multimedia/webcamd port.\nPatch is made for 12-CURRENT and most probably can be applied to recent 11-STABLE and 11.1-RELEASE (not tested)\nHow to test\"\n\n\n1. Apply patch [1]\n2. To compile this driver into the kernel, place the following lines \ninto your kernel configuration file:\n       device wmt\n       device usb\n       device evdev\n    Alternatively, to load the driver as a module at boot time, place the \nfollowing line in loader.conf(5):\n       wmt_load=\"YES\"\n3. Install x11-drivers/xf86-input-evdev or \nx11-drivers/xf86-input-libinput port\n4. Tell XOrg to use evdev or libinput driver for the device:\n\n\nSection \"ServerLayout\"\n     InputDevice    \"TouchScreen0\" \"SendCoreEvents\"\nEndSection\n\n\nSection \"InputDevice\"\n     Identifier  \"TouchScreen0\"\n     Driver      \"evdev\"\n\u0026amp;#35;   Driver      \"libinput\"\n     Option      \"Device\" \"/dev/input/eventXXX\"\nEndSection\n\n\n\nExact value of \"/dev/input/eventXXX\" can be obtained with evemu-record utility from devel/evemu.\nNote1: Currently, driver does not support pens or touchpads.\nNote2: wmt.ko should be kld-loaded before uhid driver to take precedence over it! Otherwise uhid can be kld-unloaded after loading of wmt.\nwmt review: https://reviews.freebsd.org/D12017\nRaw diff: https://reviews.freebsd.org/D12017.diff\n***\n\n\nBeastie Bits\n\n\nBSDMag Programing Languages Infographic\nt2k17 Hackathon Report: Bob Beck on buffer cache tweaks, libressl and pledge progress\nNew FreeBSD Journal\nNetBSD machines at Open Source Conference 2017 Kyoto\n***\n\n\nFeedback/Questions\n\n\nDan - HDD question\nBenjamin - scrub of death\nJason - Router Opinion \nSohrab - Thanks\n***\n","content_html":"\u003cp\u003eIn this episode, we take a look at the reimplementation of NetBSD using a Microkernel, check out what makes DHCP faster, and see what high-process count support for DragonflyBSD has to offer, and we answer the questions you’ve always wanted to ask us.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://theembeddedboard.review/a-reimplementation-of-netbsd-using-a-microkernel-part-1-of-2/\" rel=\"nofollow\"\u003eA Reimplementation Of Netbsd Using a Microkernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMinix author Andy Tanenbaum writes in \u003ca href=\"http://theembeddedboard.review/a-reimplementation-of-netbsd-using-a-microkernel-part-1-of-2/\" rel=\"nofollow\"\u003ePart 1 of a-reimplementation-of-netbsd-using-a-microkernel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBased on the MINIX 3 microkernel, we have constructed a system that to the user looks a great deal like NetBSD. It uses pkgsrc, NetBSD headers and libraries, and passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running, and without user processes noticing it. The talk will discuss the history, goals, technology, and status of the project.\u003cbr\u003e\n Research at the Vrije Universiteit has resulted in a reimplementation of NetBSD using a microkernel instead of the traditional monolithic kernel. To the user, the system looks a great deal like NetBSD (it passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running.\u003cbr\u003e\n The latest work has been adding live update, making it possible to upgrade to a new version of the operating system WITHOUT a reboot and without running processes even noticing. No other operating system can do this.\u003cbr\u003e\n The system is built on MINIX 3, a derivative of the original MINIX system, which was intended for education. However, after the original author, Andrew Tanenbaum, received a 2 million euro grant from the Royal Netherlands Academy of Arts and Sciences and a 2.5 million euro grant from the European Research Council, the focus changed to building a highly reliable, secure, fault tolerant operating system, with an emphasis on embedded systems. The code is open source and can be downloaded from \u003ca href=\"http://www.minix3.org\" rel=\"nofollow\"\u003ewww.minix3.org\u003c/a\u003e. It runs on the x86 and ARM Cortex V8 (e.g., BeagleBones). Since 2007, the Website has been visited over 3 million times and the bootable image file has been downloaded over 600,000 times. The talk will discuss the history, goals, technology, and status of the project.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://theembeddedboard.review/a-reimplementation-of-netbsd-using-a-microkernel-part-2-of-2/\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e is also available.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cafbit.com/post/rapid_dhcp_or_how_do/\" rel=\"nofollow\"\u003eRapid DHCP: Or, how do Macs get on the network so fast?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of life\u0026#39;s minor annoyances is having to wait on my devices to connect to the network after I wake them from sleep. All too often, I\u0026#39;ll open the lid on my EeePC netbook, enter a web address, and get the dreaded \u0026quot;This webpage is not available\u0026quot; message because the machine is still working on connecting to my Wi-Fi network. On some occasions, I have to twiddle my thumbs for as long as 10-15 seconds before the network is ready to be used. The frustrating thing is that I know it doesn\u0026#39;t have to be this way. I know this because I have a Mac. When I open the lid of my MacBook Pro, it connects to the network nearly instantaneously. In fact, no matter how fast I am, the network comes up before I can even try to load a web page. My curiosity got the better of me, and I set out to investigate how Macs are able to connect to the network so quickly, and how the network connect time in other operating systems could be improved.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI figure there are three main categories of time-consuming activities that occur during network initialization:\u003cbr\u003e\nLink establishment. This is the activity of establishing communication with the network\u0026#39;s link layer. In the case of Wi-Fi, the radio must be powered on, the access point detected, and the optional encryption layer (e.g. WPA) established. After link establishment, the device is able to send and receive Ethernet frames on the network.\u003cbr\u003e\nDynamic Host Configuration Protocol (DHCP). Through DHCP handshaking, the device negotiates an IP address for its use on the local IP network. A DHCP server is responsible for managing the IP addresses available for use on the network.\u003cbr\u003e\nMiscellaneous overhead. The operating system may perform any number of mundane tasks during the process of network initialization, including running scripts, looking up preconfigured network settings in a local database, launching programs, etc.\u003cbr\u003e\n My investigation thus far is primarily concerned with the DHCP phase, although the other two categories would be interesting to study in the future. I set up a packet capture environment with a spare wireless access point, and observed the network activity of a number of devices as they initialized their network connection. For a worst-case scenario, let\u0026#39;s look at the network activity captured while an Android tablet is connecting:\u003cbr\u003e\n This tablet, presumably in the interest of \u0026quot;optimization\u0026quot;, is initially skipping the DHCP discovery phase and immediately requesting its previous IP address. The only problem is this is a different network, so the DHCP server ignores these requests. After about 4.5 seconds, the tablet stubbornly tries again to request its old IP address. After another 4.5 seconds, it resigns itself to starting from scratch, and performs the DHCP discovery needed to obtain an IP address on the new network.\u003cbr\u003e\n In all fairness, this delay wouldn\u0026#39;t be so bad if the device was connecting to the same network as it was previously using. However, notice that the tablet waits a full 1.13 seconds after link establishment to even think about starting the DHCP process. Engineering snappiness usually means finding lots of small opportunities to save a few milliseconds here and there, and someone definitely dropped the ball here.\u003cbr\u003e\n In contrast, let\u0026#39;s look at the packet dump from the machine with the lightning-fast network initialization, and see if we can uncover the magic that is happening under the hood:\u003cbr\u003e\n The key to understanding the magic is the first three unicast ARP requests. It looks like Mac OS remembers certain information about not only the last connected network, but the last several networks. In particular, it must at least persist the following tuple for each of these networks:\u003cbr\u003e\n    \u0026gt; 1. The Ethernet address of the DHCP server\u003cbr\u003e\n    \u0026gt; 2. The IP address of the DHCP server\u003cbr\u003e\n    \u0026gt; 3. Its own IP address, as assigned by the DHCP server\u003cbr\u003e\n During network initialization, the Mac transmits carefully crafted unicast ARP requests with this stored information. For each network in its memory, it attempts to send a request to the specific Ethernet address of the DHCP server for that network, in which it asks about the server\u0026#39;s IP address, and requests that the server reply to the IP address which the Mac was formerly using on that network. Unless network hosts have been radically shuffled around, at most only one of these ARP requests will result in a response—the request corresponding to the current network, if the current network happens to be one of the remembered networks.\u003cbr\u003e\n This network recognition technique allows the Mac to very rapidly discover if it is connected to a known network. If the network is recognized (and presumably if the Mac knows that the DHCP lease is still active), it immediately and presumptuously configures its IP interface with the address it knows is good for this network. (Well, it does perform a self-ARP for good measure, but doesn\u0026#39;t seem to wait more than 13ms for a response.) The DHCP handshaking process begins in the background by sending a DHCP request for its assumed IP address, but the network interface is available for use during the handshaking process. If the network was not recognized, I assume the Mac would know to begin the DHCP discovery phase, instead of sending blind requests for a former IP address as the Galaxy Tab does.\u003cbr\u003e\n The Mac\u0026#39;s rapid network initialization can be credited to more than just the network recognition scheme. Judging by the use of ARP (which can be problematic to deal with in user-space) and the unusually regular transmission intervals (a reliable 1.0ms delay between each packet sent), I\u0026#39;m guessing that the Mac\u0026#39;s DHCP client system is entirely implemented as tight kernel-mode code. The Mac began the IP interface initialization process a mere 10ms after link establishment, which is far faster than any other device I tested. Android devices such as the Galaxy Tab rely on the user-mode dhclient system (part of the dhcpcd package) dhcpcd program, which no doubt brings a lot of additional overhead such as loading the program, context switching, and perhaps even running scripts.\u003cbr\u003e\n The next step for some daring kernel hacker is to implement a similarly aggressive DHCP client system in the Linux kernel, so that I can enjoy fast sign-on speeds on my Android tablet, Android phone, and Ubuntu netbook. There already exists a minimal DHCP client implementation in the Linux kernel, but it lacks certain features such as configuring the DNS nameservers. Perhaps it wouldn\u0026#39;t be too much work to extend this code to support network recognition and interface with a user-mode daemon to handle such auxillary configuration information received via DHCP. If I ever get a few spare cycles, maybe I\u0026#39;ll even take a stab at it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou can also find other ways of optimizing the dhclient program and how it works in the \u003ca href=\"https://calomel.org/dhclient.html\" rel=\"nofollow\"\u003edhclient tutorial on Calomel.org\u003c/a\u003e.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcam-2017-trip-report-michael-lucas/\" rel=\"nofollow\"\u003eBSDCam Trip Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the decades, FreeBSD development and coordination has shifted from being purely on-line to involving more and more in-person coordination and cooperation. The FreeBSD Foundation sponsors a devsummit right before BSDCan, EuroBSDCon, and AsiaBSDCon, so that developers traveling to the con can leverage their airfare and hammer out some problems. Yes, the Internet is great for coordination, but nothing beats a group of developers spending ten minutes together to sketch on a whiteboard and figuring out exactly how to make something bulletproof.\u003cbr\u003e\nIn addition to the coordination efforts, though, conference devsummits are hierarchical. There’s a rigid schedule, with topics decided in advance. Someone leads the session. Sessions can be highly informative, passionate arguments, or anything in between.\u003cbr\u003e\nBSDCam is… a little different. It’s an invaluable part of the FreeBSD ecosystem. However, it’s something that I wouldn’t normally attend.\u003cbr\u003e\nBut right now, is not normal. I’m writing a new edition of Absolute FreeBSD. To my astonishment, people have come to rely on this book when planning their deployments and operations. While I find this satisfying, it also increases the pressure on me to get things correct. When I wrote my first FreeBSD book back in 2000, a dozen mailing lists provided authoritative information on FreeBSD development. One person could read every one of those lists. Today, that’s not possible—and the mailing lists are only one narrow aspect of the FreeBSD social system.\u003cbr\u003e\nDon’t get me wrong—it’s pretty easy to find out what people are doing and how the system works. But it’s not that easy to find out what people will be doing and how the system will work. If this book is going to be future-proof, I needed to leave my cozy nest and venture into the wilds of Cambridge, England. Sadly, the BSDCam chair agreed with my logic, so I boarded an aluminum deathtrap—sorry, a “commercial airliner”—and found myself hurtled from Detroit to Heathrow.\u003cbr\u003e\nAnd one Wednesday morning, I made it to the William Gates building of Cambridge University, consciousness nailed to my body by a thankfully infinite stream of proper British tea.\u003cbr\u003e\nBSDCam attendance is invitation only, and the facilities can only handle fifty folks or so. You need to be actively working on FreeBSD to wrangle an invite. Developers attend from all over the world. Yet, there’s no agenda. Robert Watson is the chair, but he doesn’t decide on the conference topics. He goes around the room and asks everyone to introduce themselves, say what they’re working on, and declare what they want to discuss during the conference. The topics of interest are tallied. The most popular topics get assigned time slots and one of the two big rooms. Folks interested in less popular topics are invited to claim one of the small breakout rooms.\u003cbr\u003e\nThen the real fun begins. I started by eavesdropping in the virtualization workshop. For two hours, people discussed FreeBSD’s virtualization needs, strengths, and weaknesses. What needs help? What should this interface look like? What compatibility is important, and what isn’t? By the end of the session, the couple dozen people had developed a reasonable consensus and, most importantly, some folks had added items to their to-do lists.\u003cbr\u003e\nRepeat for a dozen more topics. I got a good grip on what’s really happening with security mitigation techniques, FreeBSD’s cloud support, TCP/IP improvements, advances in teaching FreeBSD, and more. A BSDCan devsummit presentation on packaging the base system is informative, but eavesdropping on two dozen highly educated engineers arguing about how to nail down the final tidbits needed to make that a real thing is far more educational.\u003cbr\u003e\nTo my surprise, I was able to provide useful feedback for some sessions. I speak at a lot of events outside of the FreeBSD world, and was able to share much of what I hear at Linux conferences. A tool that works well for an experienced developer doesn’t necessarily work well for everyone.\u003cbr\u003e\nEvery year, I leave BSDCan tired. I left BSDCam entirely exhausted. These intense, focused discussions stretched my brain.\u003cbr\u003e\nBut, I have a really good idea where key parts of FreeBSD development are actually headed. This should help future-proof the new Absolute FreeBSD, as much as any computer book can be future-proof.\u003cbr\u003e\nPlus, BSDCam throws the most glorious conference dinner I’ve ever seen.\u003cbr\u003e\nI want to thank Robert Watson for his kind invitation, and the FreeBSD Foundation for helping defray the cost of this trip\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eInterview - The BSDNow Crew\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs a kid, what did you dream of to become as an adult?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: An Astronaut\u003cbr\u003e\nBR: I wanted to be a private detective, because of all the crime novels that I read back\u003cbr\u003e\nthen. I didn’t get far with it. However, I think the structured analysis skills (who did what, when, and such) help me in debugging and sysadmin work.\u003cbr\u003e\nAJ: Didn’t think about it much\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow do you manage to stay organized day to day with so much things you\u0026#39;re actively doing each day? (Day job, wife/girlfriend, conferences, hobbies, friends, etc.)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: Who said I was organized?\u003cbr\u003e\nBR: A lot of stuff in my calendar as reminders, open browser tabs as “to read later” list. A few things like task switching when getting stuck helps. Also, focus on a single goal for the day, even though there will be distractions. Slowly, but steadily chip away at the things you’re working on. Rather than to procrastinate and put things back to review later, get started early with easy things for a big task and then tackle the hard part. Often, things look totally chaotic and unmanageable, until you start working on them. \u003cbr\u003e\nAJ: I barely manage. Lots of Google Calendar reminders, and the entire wall of my office is covered in whiteboard sheet todo lists. I use pinboard.in to deal with finding and organizing bookmarks. Write things down, don’t trust your memory.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat hobbies outside of IT do you have?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: I love photography, but I do that Professional part time, so I’m not sure if that counts as a hobby anymore.  I guess it’d have to be working in the garage on my cars.\u003cbr\u003e\nBR: I do Tai Chi to relax once a week in a group, but can also do it alone, pretty much everywhere. Way too much Youtube watching and browsing the web. I did play some games before studying at the university and I’m still proud that I could control it to the bare minimum not to impact my studies. A few “lapses” from time to time, revisiting the old classics since the newer stuff won’t run on my machines anyway. Holiday time is pretty much spent for BSD conferences and events, this is where I can relax and talk with like-minded people from around the world, which is fascinating. Plus, it gets me to various places and countries I never would have dared to visit on my own.\u003cbr\u003e\nAJ: I play a few video games, and I like to ski, although I don’t go very often as most of my vacation time is spent hanging out with my BSD friends at various conferences\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow do you relax?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: What is this word ‘relax’ and what does it mean?\u003cbr\u003e\nBR: My Tai Chi plays a big part in it I guess. I really calms you and the constant stream of thoughts for a while. It also gives you better clarity of what’s important in life. Watching movies, sleeping long.\u003cbr\u003e\nAJ: Usually watching TV or Movies. Although I have taken to doing most of my TV watching on my exercise bike now, but it is still mentally relaxing\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf FreeBSD didn\u0026#39;t exist,  which BSD flavour would you use? Why?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: I use TrueOS, but if FreeBSD didn’t exist, that project might not either… so…  My other choice would be HardenedBSD, but since it’s also based on FreeBSD I’m in the same dillema.\u003cbr\u003e\u003cbr\u003e\nBR: I once installed NetBSD to see what It can do. If FreeBSD wouldn’t exist, I would probably try my luck with it. OpenBSD is also appealing, but I’ve never installed it.\u003cbr\u003e\nAJ: When I started using FreeBSD in 2000, the only other BSD I had heard of at the time was OpenBSD. If FreeBSD wasn’t around, I don’t think the world would look like it does, so it is hard to speculate.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf any of the BSD\u0026#39;s weren\u0026#39;t around and you had to use Linux, which camp would belong to? (Redhat, SUSE, Debian, Ubuntu, Gentoo?)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: I learned Linux in the mid 90s using Slackware, which I used consistently up until the mid 2000s, when I joined the PuppyLinux community and eventually became a developer (FYI, Puppy was/is/can be based on Slackware -- its complicated).  So I’d go back to using either Slackware or PuppyLinux.\u003cbr\u003e\nBR: I tried various Linux distributions until I landed at Debian. I used is pretty extensively as my desktop OS at home, building custom kernels and packages to install them until I discovered FreeBSD. I ran both side by side for a few months for learning until one day I figured out that I had not booted Debian in a while, so I switched completely. \u003cbr\u003e\nAJ: The first Linux I played with was Slackware, and it is the most BSD like, but the bits of Linux I learned in school were Redhat and so I can somewhat wrap my head around it, although now that they are changing everything to systemd, all of that old knowledge is more harmful than useful.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAre you still finding yourself in need to use Windows/Mac OS? Why?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: I work part time as a professional Photographer, so I do use Windows for my photography work.  While I can do everything I need to do in Linux, it comes down to being pragmatic about my time.  What takes me several hours to accomplish in Linux I can accomplish in 20 minutes on Windows.\u003cbr\u003e\nBR: I was a long time Windows-only user before my Unix days. But back when Vista was about to come out and I needed a new laptop, my choice was basically learning to cope with Vistas awful features or learn MacOS X. I did the latter, it increased my productivity since it’s really a good Unix desktop experience (at least, back then). I only have to use Windows at work from time to time as I manage our Windows Terminal server, which keeps the exposure low enough and I only connect to it to use a certain app not available for the Mac or the BSDs.\u003cbr\u003e\nAJ: I still use Windows to play games, for a lot of video conferencing, and to produce BSD Now. Some of it could be done on BSD but not as easily. I have promised myself that I will switch to 100% BSD rather than upgrade to Windows 10, so we’ll see how that goes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlease describe your home networking setup.  Router type, router OS, router hardware, network segmentation, wifi apparatus(es), other devices connected, and anything else that might be interesting about your home network.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBR: Very simple and boring: Apple Airport Express base station and an AVM FritzBox  for DNS, DHCP, and the link to my provider. A long network cable to my desktop machine. That I use less and less often. I just bought an RPI 3 for some home use in the future to replace it. Mostly my brother’s and my Macbook Pro’s are connected, our phones and the iPad of my mother.  \u003c/p\u003e\n\n\u003cp\u003eAJ: I have a E3-1220 v3 (dual 3.1ghz + HT) with 8 GB of ram, and 4x Intel gigabit server NICs as my router, and it runs vanilla FreeBSD (usually some snapshot of -current). I have 4 different VLANs, Home, Office, DMZ, and Guest WiFi. WiFi is served via a tiny USB powered device I bought in Tokyo years ago, it serves 3 different SSIDs, one for each VLAN except the DMZ. There are ethernet jacks in every room wired for 10 gigabit, although the only machines with 10 gigabit are my main workstation, file server, and some machines in the server rack. There are 3 switches, one for the house (in the laundry room), one for the rack, and one for 10gig stuff. There is a rack in the basement spare bedroom, it has 7 servers in it, mostly storage for live replicas of customer data for my company.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow do guys manage to get your work done on FreeBSD desktops? What do you do when you need to a Linux or Windows app that isn\u0026#39;t ported, or working? I\u0026#39;ve made several attempts to switch to FreeBSD, but each attempt failed because of tools not being available (e.g. Zoom, Dropbox, TeamViewer, Crashplan) or broken (e.g. VirtualBox).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBR: I use VIrtualBox for everything that is not natively available or Windows-only. Unfortunately, that means no modern games. I mostly do work in the shell when I’m on FreeBSD and when it has to be a graphical application, then I use Fluxbox as the DE. I want to get work done, not look at fancy eye-candy that get’s boring after a while. Deactivated the same stuff on my mac due to the same reason. I look for alternative software online, but my needs are relatively easy to satisfy as I’m not doing video editing/rendering and such.\u003c/p\u003e\n\n\u003cp\u003eAJ: I generally find that I don’t need these apps. I use Firefox, Thunderbird, OpenSSH, Quassel, KomodoEdit, and a few other apps, so my needs are not very demanding. It is annoying when packages are broken, but I usually work around this with boot environments, and being able to just roll back to a version that worked for a few days until the problem is solved. I do still have access to a windows machine for the odd time I need specific VPN software or access to Dell/HP etc out-of-band management tools.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhich desktop environments are your favorite, and why? For example, I like i3, Xfce, and I\u0026#39;m drawn to Lumina\u0026#39;s ethos, but so far always seem to end up back on Xfc because of its ease of use, flexibility, and dashing good looks.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: As a Lumina Desktop developer, I think my preference is obvious. ;)  I am also a long \u003cbr\u003e\ntimeOpenBox user, so I have a soft place in my heart for that as well.  \u003c/p\u003e\n\n\u003cp\u003eBR: I use Fluxbox when I need to work with a lot of windows or an application demands X11. KDE and others are too memory heavy for me and I rarely use even 20% of the features they provide.\u003cbr\u003e\nAJ: I was a long time KDE user, but I have adopted Lumina. I find it fast, and that it gets out of my way and lets me do what I want. It had some annoyances early on, but I’ve nagged the developers into making it work for me.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhich command-line shells do you prefer, why, and how (if at all) have you customised the environment or prompt?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBR: I use zsh, but without all the fancy stuff you can find online. It might make you more productive, yes. But again, I try to keep things simple. I’m slowly learning tmux and want to work more in it in the future. I sometimes look at other BSD people’s laptops and am amazed at what they do with window-management in tmux. My prompt looks like this:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003ebcr@Voyager:~\u0026gt;                             20:20 17-08-17\nPut this in your .zshrc to get the same result:\nPROMPT=\u0026#39;%n@%m:%~\u0026gt;\u0026#39;\nRPROMPT=\u0026#39;%T %D\u0026#39;\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eAJ: I started using tcsh early on, because it was the shell on the first box I had access to, and because one of the first things I read in “BSD Hacks” was how to enable ‘typo correction”, which made my life a lot better especially on dial up in the early days. My shell prompt looks like this: allan@CA-TOR1-02:/usr/home/allan%\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat is one thing (or more) missing in FreeBSD you would import from another project or community? Could be tech, process, etc.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: AUFS from Linux\u003c/p\u003e\n\n\u003cp\u003eBR: Nohup from Illumos where you can detach an already running process and put it in the background. I often forget that and I’m not in tmux when that happens, so I can see myself use that feature a lot.\u003c/p\u003e\n\n\u003cp\u003eAJ: Zones (more complete Jails) from IllumOS\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ehow do you manage your time to learn about and work on FreeBSD?  Does your  work/employment enable what you do, or are your contributions mainly done in private time?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: These days I’m mostly learning things I need for work, so it just falls into something I’m doing while working on work projects.\u003c/p\u003e\n\n\u003cp\u003eBR: We have a lot of time during the semester holidays to learn on our own, it’s part of the idea of being in a university to keep yourself updated, at least for me. Especially in the fast moving world of IT. I also read a lot in my free time. My interests can shift sometimes, but then I devour everything I can find on the topic. Can be a bit excessive, but has gotten me where I am now and I still need a lot to learn (and want to). Since I work with FreeBSD at work (my owndoing), I can try out many things there.\u003c/p\u003e\n\n\u003cp\u003eAJ: My work means a spend a lot of time working with FreeBSD, but not that much time working ON it. My contributions are mostly done outside of work, but as I own the company I do get more flexibility to take time off for conferences and other FreeBSD related stuff.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ewe know we can bribe Michael W Lucas with gelato (\u003cem\u003egood\u003c/em\u003e gelato that is), but what can we use to bribe \u003cem\u003eyou\u003c/em\u003e guys? Like when I want to have Allan to work on fixing a bug which prevents me from running ZFS on this fancy rock64 board?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBR: Desserts of various kinds. \u003c/p\u003e\n\n\u003cp\u003eAJ: I am probably not the right person to look at your rock64 board. Most people in the project have taken to bribing me with chocolate. In general, my todo list is so long, the best way is a trade, you take this task and I’ll take that task.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIs your daily mobile device iOS, Android, Windows Mobile, or other? Why?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eJT: These days I’m using Android on my Blackberry Priv, but until recently I was still a heavy user of Sailfish OS.  I would use SailfishOS everyday, if I could find a phone with a keyboard that I could run it on.\u003c/p\u003e\n\n\u003cp\u003eBR: iOS on the iPhone 7 currently. Never used an Android phone, saw it on other people’s devices and what they can do with it (much more). But the infrequent security updates (if any at all) keep me away from it.\u003c/p\u003e\n\n\u003cp\u003eAJ: I have a Google Nexus 6 (Android 7.1). I wanted the ‘pure’ Android experience, and I had been happy with my previous Nexus S. I don’t run a custom OS/ROM or anything because I use the phone to verify that video streams work on an ‘average users device’. I am displeased that support for my device will end soon. I am not sure what device I will get next, but it definitely won’t be an iPhone.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170808065718\u0026mode=flat\u0026count=30\" rel=\"nofollow\"\u003eBeta Update - Request for (more) Testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e \u003ca href=\"https://beta.undeadly.org/\" rel=\"nofollow\"\u003ehttps://beta.undeadly.org/\u003c/a\u003e has received an update. The most significant changes include:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe site has been given a less antiquated \u0026quot;look\u0026quot;. (As the topic icons have been eliminated, we are no longer seeking help with those graphics.)\u003cbr\u003e\nThe site now uses a moderate amount of semantic HTML5.\u003cbr\u003e\nSeveral bugs in the HTML fragment validator (used for submissions and comments) have been fixed.\u003cbr\u003e\nTo avoid generating invalid HTML, submission content which fails validation is no longer displayed in submission/comment previews.\u003cbr\u003e\nPlain text submissions are converted to HTML in a more useful fashion. (Instead of just converting each EOL to \u003cbr\u003e, the converter now generates proper paragraphs and interprets two or more consecutive EOLs as indicating a paragraph break.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e The redevelopment remains a work-in-progress. Many thanks to those who have contributed!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs before, constructive feedback would be appreciated. Of particular interest are reports of bugs in behaviour (for example, in the HTML validator or in authentication) that would preclude the adoption of the current code for the main site.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2017-August/313552.html\" rel=\"nofollow\"\u003eHigh-process-count support added to master\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe\u0026#39;ve fixed a number of bottlenecks that can develop when the number of user processes runs into the tens of thousands or higher.  One thing led to another and I said to myself, \u0026quot;gee, we have a 6-digit PID, might as well make it work to a million!\u0026quot;.  With the commits made today, master can support at least 900,000 processes with just a kern.maxproc setting in\u003cbr\u003e\n/boot/loader.conf, assuming the machine has the memory to handle it.\u003cbr\u003e\n And, in fact, as today\u0026#39;s machines start to ratchet up there in both memory capacity and core count, with fast storage (NVMe) and fast networking (10GigE and higher), even in consumer boxes, this is actually something that one might want to do.  With AMD\u0026#39;s threadripper and EPYC chips now out, the Intel\u0026lt;-\u0026gt;AMD cpu wars are back on!   Boasting up to 32 cores (64 threads) per socket and two sockets on EPYC, terabytes of ram, and motherboards with dual 10GigE built-in, the reality is that these numbers are already achievable in a useful manner.\u003cbr\u003e\n In anycase, I\u0026#39;ve tested these changes on a dual-socket xeon.  I can in-fact start 900,000 processes.  They don\u0026#39;t get a whole lot of cpu and running \u0026#39;ps\u0026#39; would be painful, but it works and the system is still responsive from the shell with all of that going on.\u003cbr\u003e\n xeon126# uptime\u003cbr\u003e\n 1:42PM  up 9 mins, 3 users, load averages: 890407.00, 549381.40, 254199.55\u003cbr\u003e\n In fact, judging from the memory use, these minimal test processes only eat around 60KB each.  900,000 of them ate only 55GB on a 128GB machine.  So even a million processes is not out of the question, depending on the cpu requirements for those processes.  Today\u0026#39;s modern machines can be stuffed with enormous amounts of memory.\u003cbr\u003e\n Of course, our PIDs are currently limited to 6 digits, so a million is kinda the upper limit in terms of discrete user processes (verses pthreads which are less restricted).  I\u0026#39;d rather not go to 7 digits (yet).\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2017-August/066783.html\" rel=\"nofollow\"\u003eCFT: Driver for generic MS Windows 7/8/10 - compatible USB HID multi-touch touchscreens\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollowing patch [1] adds support for generic MS Windows 7/8/10 - compatible USB HID multi-touch touchscreens via evdev protocol. It is intended to be a native replacement of hid-multitouch.c driver found in Linux distributions and multimedia/webcamd port.\u003c/li\u003e\n\u003cli\u003ePatch is made for 12-CURRENT and most probably can be applied to recent 11-STABLE and 11.1-RELEASE (not tested)\u003c/li\u003e\n\u003cli\u003eHow to test\u0026quot;\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e1. Apply patch [1]\n2. To compile this driver into the kernel, place the following lines \ninto your kernel configuration file:\n       device wmt\n       device usb\n       device evdev\n    Alternatively, to load the driver as a module at boot time, place the \nfollowing line in loader.conf(5):\n       wmt_load=\u0026quot;YES\u0026quot;\n3. Install x11-drivers/xf86-input-evdev or \nx11-drivers/xf86-input-libinput port\n4. Tell XOrg to use evdev or libinput driver for the device:\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cpre\u003e\u003ccode\u003eSection \u0026quot;ServerLayout\u0026quot;\n     InputDevice    \u0026quot;TouchScreen0\u0026quot; \u0026quot;SendCoreEvents\u0026quot;\nEndSection\n\n\nSection \u0026quot;InputDevice\u0026quot;\n     Identifier  \u0026quot;TouchScreen0\u0026quot;\n     Driver      \u0026quot;evdev\u0026quot;\n\u0026amp;#35;   Driver      \u0026quot;libinput\u0026quot;\n     Option      \u0026quot;Device\u0026quot; \u0026quot;/dev/input/eventXXX\u0026quot;\nEndSection\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eExact value of \u0026quot;/dev/input/eventXXX\u0026quot; can be obtained with evemu-record utility from devel/evemu.\u003c/li\u003e\n\u003cli\u003eNote1: Currently, driver does not support pens or touchpads.\u003c/li\u003e\n\u003cli\u003eNote2: wmt.ko should be kld-loaded before uhid driver to take precedence over it! Otherwise uhid can be kld-unloaded after loading of wmt.\u003c/li\u003e\n\u003cli\u003ewmt review: \u003ca href=\"https://reviews.freebsd.org/D12017\" rel=\"nofollow\"\u003ehttps://reviews.freebsd.org/D12017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaw diff: \u003ca href=\"https://reviews.freebsd.org/D12017.diff\" rel=\"nofollow\"\u003ehttps://reviews.freebsd.org/D12017.diff\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/programm_history/\" rel=\"nofollow\"\u003eBSDMag Programing Languages Infographic\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170815171854\" rel=\"nofollow\"\u003et2k17 Hackathon Report: Bob Beck on buffer cache tweaks, libressl and pledge progress\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/past-issues/resource-control/\" rel=\"nofollow\"\u003eNew FreeBSD Journal\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2017/08/10/msg000744.html\" rel=\"nofollow\"\u003eNetBSD machines at Open Source Conference 2017 Kyoto\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3H6TDJV\" rel=\"nofollow\"\u003eDan - HDD question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/10F086V\" rel=\"nofollow\"\u003eBenjamin - scrub of death\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2D9102K\" rel=\"nofollow\"\u003eJason - Router Opinion\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1XYYTWF\" rel=\"nofollow\"\u003eSohrab - Thanks\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"In this episode, we take a look at the reimplementation of NetBSD using a Microkernel, check out what makes DHCP faster, and see what high-process count support for DragonflyBSD has to offer, and we answer the questions you’ve always wanted to ask us.","date_published":"2017-09-06T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/be8706fd-d9f3-488b-89a2-a1d3243560a9.mp3","mime_type":"audio/mpeg","size_in_bytes":84270964,"duration_in_seconds":7022}]},{"id":"9fc2e90e-3bb7-4ff5-a3e1-c559838b6710","title":"209: Signals: gotta catch ‘em all","url":"https://www.bsdnow.tv/209","content_text":"We read a trip report about FreeBSD in China, look at how Unix deals with Signals, a stats collector in DragonFlyBSD \u0026amp; much more!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nTrip Report: FreeBSD in China at COPU and LinuxCon\n\n\nThis trip report is from Deb Goodkin, the Executive Director of the FreeBSD Foundation. She travelled to China in May 2017 to promote FreeBSD, meet with companies, and participate in discussions around Open Source.\n\u0026gt; In May of 2017, we were invited to give a talk about FreeBSD at COPU’s (China Open Source Promotional Unit) Open Source China, Open Source World Summit, which took place June 21-22, in Beijing. This was a tremendous opportunity to talk about the advantages of FreeBSD to the open source leaders and organizations interested in open source. I was honored to represent the Project and Foundation and give the presentation “FreeBSD Advantages and Applications”.\n\u0026gt; Since I was already going to be in Beijing, and LinuxCon China was being held right before the COPU event, Microsoft invited me to be part of a women-in-tech panel they were sponsoring. There were six of us on the panel including two from Microsoft, one from the Linux Foundation, one from Accenture of China, and one from Women Who Code. Two of us spoke in English, with everyone else speaking Chinese. It was disappointing that we didn’t have translators, because I would have loved hearing everyone’s answers. We had excellent questions from the audience at the end. I also had a chance to talk with a journalist from Beijing, where I emphasized how contributing to an open source project, like FreeBSD, is a wonderful way to get experience to boost your resume for a job.\n\u0026gt; The first day of LinuxCon also happened to be FreeBSD Day. I had my posters with me and was thrilled to have the Honorary Chairman of COPU (also known as the “Father of Open Source in China”) hold one up for a photo op. Unfortunately, I haven’t been able to get a copy of that photo for proof (I’m still working on it!). We spent a long time discussing the strengths of FreeBSD. He believes there are many applications in China that could benefit from FreeBSD, especially for embedded devices, university research, and open source education. We had more time throughout the week to discuss FreeBSD in more detail.\n\u0026gt; Since I was at LinuxCon, I had a chance to meet with people from the Linux Foundation, other open source projects, and some of our donors. With LinuxCon changing its name to Open Source Summit, I discussed how important it is to include minority voices like ours to contribute to improving the open source ecosystem. The people I talked to within the Linux Foundation agreed and suggested that we get someone from the Project to give a talk at the Open Source Summit in Prague this October. Jim Zemlin, the Linux Foundation Executive Director, suggested having a BSD track at the summits. We did miss the call for proposals for that conference, but we need to get people to consider submitting proposals for the Open Source Summits in 2018.\n\u0026gt; I talked to a CTO from a company that donates to us and he brought up his belief that FreeBSD is much easier to get started on as a contributor. He talked about the steep path in Linux to getting contributions accepted due to having over 10,000 developers and the hierarchy of decision makers, from Linus to his main lieutenants to the layers beneath him. It can take 6 months to get your changes in!\n\u0026gt; On Tuesday, Kylie and I met with a representative from Huawei, who we’ve been meeting over the phone with over the past few months. Huawei has a FreeBSD contributor and is looking to add more. We were thrilled to hear they decided to donate this year. We look forward to helping them get up to speed with FreeBSD and collaborate with the Project.\n\u0026gt; Wednesday marked the beginning of COPU and the reason I flew all the way to Beijing! We started the summit with having a group photo of all the speakers:The honorary chairman, Professor Lu in the front middle.\n\u0026gt; My presentation was called “FreeBSD Advantages and Applications”. A lot of the material came from Foundation Board President, George-Neville-Neil’s presentation, “FreeBSD is not a Linux Distribution”, which is a wonderful introduction to FreeBSD and includes the history of FreeBSD, who uses it and why, and which features stand out. My presentation went well, with Professor Lu and others engaged through the translators. Afterwards, I was invited to a VIP dinner, which I was thrilled about.\n\u0026gt; The only hitch was that Kylie and I were running a FreeBSD meetup that evening, and both were important! Beijing during rush hour is crazy, even trying to go only a couple of miles is challenging. We made plans that I would go to the meetup and give the same presentation, and then head back to the dinner. Amazingly, it worked out.\nCheck out the rest of her trip report and stay tuned for more news from the region as this is one of the focus areas of the Foundation. \n***\n\n\nUnix: Dealing with signals\n\n\nSignals on Unix systems are critical to the way processes live and die. This article looks at how they're generated, how they work, and how processes receive or block them\nOn Unix systems, there are several ways to send signals to processes—with a kill command, with a keyboard sequence (like control-C), or through a program\nSignals are also generated by hardware exceptions such as segmentation faults and illegal instructions, timers and child process termination.\nBut how do you know what signals a process will react to? After all, what a process is programmed to do and able to ignore is another issue.\nFortunately, the /proc file system makes information about how processes handle signals (and which they block or ignore) accessible with commands like the one shown below. In this command, we’re looking at information related to the login shell for the current user, the \"$$\" representing the current process.\n\n\n\nOn FreeBSD, you can use procstat -i PID to get that and even more information, and easier to digest form\n\n\n\n\n        P  if signal is pending in the global process queue\n        I  if signal delivery disposition is SIGIGN\n        C  if signal delivery is to catch it\n\n\nCatching a signal requires that a signal handling function exists in the process to handle a given signal. The SIGKILL (9) and SIGSTOP (#) signals cannot be ignored or caught. For example, if you wanted to tell the kernel that ctrl-C's are to be ignored, you would include something like this in your source code:\nsignal(SIGINT, SIG_IGN);\nTo ensure that the default action for a signal is taken, you would do something like this instead:\nsignal(SIGSEGV, SIG_DFL);\n\n\nThe article then shows some ways to send signals from the command line, for example to send SIGHUP to a process with pid 1234:\nkill -HUP 1234\nYou can get a list of the different signals by running\nkill -l\nOn Unix systems, signals are used to send all kinds of information to running processes, and they come from user commands, other processes, and the kernel itself. Through /proc, information about how processes are handling signals is now easily accessible and, with just a little manipulation of the data, easy to understand.\n***\n\n\n\n\nlinks owned by NGZ erroneously marked as on loan\n\n\nNGZ (Non-Global Zone), is IllumOS speak for their equivalent to a jail\n\u0026gt; As reported by user brianewell in smartos-live#737, NGZ ip tunnels stopped persisting across zone reboot. This behavior appeared in the 20170202 PI and was not present in previous releases. After much spelunking I determined that this was caused by a regression introduced in commit 33df115 (part of the OS-5363 work). The regression was a one-line change to link_activate() which marks NGZ links as on loan when they are in fact not loaned because the NGZ created and owns the link.\n“On loan” means the interface belongs to the host (GZ, Global Zone), and has been loaned to the NGZ (Jail)\n\n\n\nThis regression was easy to introduce because of the subtle nature of this code and lack of comments. I'm going to remove the regressive line, add clarifying comments, and also add some asserts.\nThe following is a detailed analysis of the issue, how I debugged it, and why my one-line change caused the regression:\nTo start I verified that PI 20170119 work as expected:\n    booted 20170119\n   created iptun (named v4_sys76) inside of a native NGZ (names sos-zone)\n   performed a reboot of sos-zone\n   zlogin to sos-zone and verify iptun still exists after reboot\nThen I booted the GZ into PI 20170202 and verified the iptun did not show up\n   booted 20170202\n   started sos-zone\n   zlogin and verified the iptun was missing\nAt this point I thought I would recreate the iptun and see if I could monitor the zone halt/boot process for the culprit, but instead I received an error from dladm: \"object already exists\".\nI didn't expect this. So I used mdb to inspect the dlmgmtd state. Sure enough the iptun exists in dlmgmtd.\nOkay, so if the link already exists, why doesn't it show up (in either the GZ or the NGZ)?\nIf a link is not marked as active then it won't show up when you query dladm. When booting the zone on 20170119 the ll_flags for the iptun contained the value 0x3. So the problem is the link is not marked as active on the 20170202 PI.\nThe link_activate() function is responsible for marking a link as active. I used dtrace to verify this function was called on the 20170202 PI and that the dlmgmt_link_t had the correct ll_flags value.\nSo the iptun link structure has the correct ll_flags when link_activate() returns but when I inspect the same structure with mdb afterwards the value has changed.\nSometime after link_activate() completes some other process changed the ll_flags value. My next question was: where is link_activate() called and what comes after it that might affect the ll_flags? I did another trace and got this stack.\nThe dlmgmt_upid() function calls dlmgmt_write_db_entry() after link_activate() and that can change the flags. But dtrace proved the ll_flags value was still 0x3 after returning from this function.\nWith no obvious questions left I then asked cscope to show me all places where ll_flags is modified. As I walked through the list I used dtrace to eliminate candidates one at a time -- until I reached dlmgmt_destroy_common(). I would not have expected this function to show up during zone boot but sure enough it was being called somehow, and by someone. Who?\nSince there is no easy way to track door calls it was at this point I decided to go nuclear and use the dtrace stop action to stop dlmgmtd when it hits dlmgmt_destroy_common(). Then I used mdb -k to inspect the door info for the dlmgmtd threads and look for my culprit.\nThe culprit is do_up_iptun() caused by the dladm up-iptun call. Using ptree I then realized this was happening as part of the zone boot under the network/iptun svc startup. At this point it was a matter of doing a zlogin to sos-zone and running truss on dladm up-iptun to find the real reason why dladm_destroy_datalink_id() is called.\nSo the link is marked as inactive because dladm_getsnap_conf() fails with DLADM_STATUS_DENIED which is mapped to EACCESS. Looking at the dladm_getsnap_conf() code I see the following\n\n\n\n“The caller is in a non-global zone and the persistent configuration belongs to the global zone.”\n\n\n\nWhat this is saying is that if a link is marked \"on loan\" (meaning it's technically owned/created by the GZ but assigned/loaned to the NGZ) and the zone calling dladm_getsnap_conf() is an NGZ then return EACCESS because the configuration of the link is up to the GZ, not the NGZ. This code is correct and should be enforced, but why is it tripping in PI 20170202 and not 20170119? It comes back to my earlier observation that in the 20170202 PI we marked the iptun as \"on loan\" but not in the older one. Why?\nWell as it turns out while fixing OS-5363 I fixed what I thought was a bug in link_activate()\nWhen I first read this code it was my understanding that anytime we added a link to a zone's datalink list, by calling zone_add_datalink(), that link was then considered \"on loan\". My understanding was incorrect. The link_activate() code has a subtleness that eluded me. There are two cases in link_activate():\n\n\nThe link is under an NGZ's datalink list but it's ll_linkid doesn't reflect that (e.g., the link is found under zoneid 3 but ll_linkid is 0). In this case the link is owned by the GZ but is being loaned to an NGZ and the link state should be updated accordingly. We get in this situation when dlmgmtd is restated for some reason (it must resync it's in-memory state with the state of the system).\nThe link is NOT under any NGZ's (zone_check_datalink() is only concerned with NGZs) datalink list but its ll_zoneid holds the value of an NGZ. This indicates that the link is owned by an NGZ but for whatever reason is not currently under the NGZ's datalink list (e.g., because we are booting the zone and we now need to assign the link to its list).\nSo the fix is to revert that one line change as well as add some clarifying comments and also some asserts to prevent further confusion in the future.\nA nice breakdown by Ryan Zezeski of how he accidently introduced a regression, and how he tracked it down using dtrace and mdb\n***\n\n\n\nNew experimental statistics collector in master\n\n\nMaster now has an in-kernel statistics collector which is enabled by default, and a (still primitive) user land program to access it.  This recorder samples the state of the machine once every 10 seconds and records it in a large FIFO, all in-kernel.  The FIFO typically contains 8192 entries, or around the last 23 hours worth of data.\nStatistics recorded include current load, user/sys/idle cpu use, swap use, VM fault rate, VM memory statistics, and counters for syscalls, path lookups, and various interrupt types.  A few more useful counters will probably be added... I'd like to tie cpu temperature, fork rate, and exec rate in at some point, as well as network and disk traffic.\nThe statistics gathering takes essentially no real overhead and is always on, so any user at the spur of the moment with no prior intent can query the last 23 hours worth of data.\nThere is a user frontend to the data called 'kcollect' (its tied into the buildworld now).  Currently still primitive.  Ultimately my intention is to integrate it with a dbm database for long-term statistical data retention (if desired) using an occasional (like once-an-hour) cron-job to soak up anything new, with plenty of wiggle room due to the amount of time the kernel keeps itself.  This is better and less invasive than having a userland statistics gathering script running every few minutes from cron and has the advantage of giving you a lot of data on the spur of the moment without having to ask for it before-hand.\nIf you have gnuplot installed (pkg install gnuplot), kcollect can generate some useful graphs based on the in-kernel data.  Well, it will be boring if the machine isn't doing anything :-).  There are options to use gnuplot to generate a plot window in X or a .jpg or .png file, and other options to set the width and height and such.  At the moment the gnuplot output uses a subset of statically defined fields to plot but ultimately the field list it uses will be specifiable.\n\n\n\nSample image generated during a synth run\n\n\n\n\nNews Roundup\n\nopenbsd changes of note 626\n\n\nHackerthon is imminent.\nThere are two signals one can receive after accessing invalid memory, SIGBUS and SIGSEGV. Nobody seems to know what the difference is or should be, although some theories have been unearthed. Make some attempt to be slightly more consistent and predictable in OpenBSD.\nIntroduces jiffies in an effort to appease our penguin oppressors.\nClarify that IP.OF.UPSTREAM.RESOLVER is not actually the hostname of a server you can use.\nSwitch acpibat to use _BIX before _BIF, which means you might see discharge cycle counts, too.\nAssorted clang compatibility. clang uses -Oz to mean optimize for size and -Os for something else, so make gcc accept -Oz so all makefiles can be the same. Adjust some hardlinks. Make sure we build gcc with gcc. \nThe SSL_check_private_key function is a lie.\nSwitch the amd64 and i386 compiler to clang and see what happens.\nWe are moving towards using wscons (wstpad) as the driver for touchpads.\nDancing with the stars, er, NET_LOCK().\nclang emits lots of warnings. Fix some of them. Turn off a bunch of clang builtins because we have a strong preference that code use our libc versions. Some other changes because clang is not gcc.\nAmong other curiosities, static variables in the special .openbsd.randomdata are sometimes assumed to be all zero, leading the clang optimizer to eliminate reads of such variables.\nSome more pledge rules for sed. If the script doesn’t require opening new files, don’t let it.\nBackport a bajillion fixes to stable. Release errata.\nRFC 1885 was obsoleted nearly 20 years ago by RFC 2463 which was obsoleted over 10 years ago by RFC 4443. We are probably not going back.\nUpdate libexpat to 2.2.3.\nvmm: support more than 3855MB guest memory.\nMerge libdrm 2.4.82.\nDisable SSE optimizations on i386/amd64 for SlowBcopy. It is supposed to be slow. Prevents crashes when talking to memory mapped video memory in a hypervisor.\n\n\n\n\nThe $25 “FREEDOM Laptop!”\n\n\nTime to get back to the original intent of this blog – talking about my paranoid obsession with information security!  So break out your tinfoil hats my friends because this will be a fun ride.  I’m looking for the most open source / freedom respecting portable computing experience I can possibly find and I’m going to document my work in real-time so you will get to experience the ups (and possibly the downs) of that path through the universe.  With that said, let’s get rolling.\nWhen I built my OpenBSD router using the APU2 board, I discovered that there are some amd64 systems that use open source BIOS.  This one used Coreboot and after some investigation I discovered that there was an even more paranoid open source BIOS called Libreboot out there.  That started to feel like it might scratch my itch.\nWell, after playing around with some lower-powered systems like my APU2 board, my Thinkpad x230 and my SPARC64 boxes, I thought, if it runs amd64 code and I can run an open source operating system on it, the thing should be powerful enough for me to do most (if not all) of what I need it to do.  At this point, I started looking for a viable machine.  From a performance perspective, it looked like the Thinkpad x200, T400, T500 and W500 were all viable candidates.  After paying attention on eBay for a while, I saw something that was either going to be a sweet deal, or a throwaway piece of garbage!\nI found a listing for a Thinkpad T500 that said it didn’t come with a power adapter and was 100% untested.  From looking at the photos, it seemed like there was nothing that had been molested about it.  Obviously, nobody was jumping on something this risky so I thought, “what the heck” and dropped a bit at the opening price of $24.99.  Well, guess what.  I won the auction.  Now to see what I got.\nWhen the laptop showed up, I discovered it was minus its hard drive (but the outside plastic cover was still in place).  I plugged in my x230’s power adapter and hit the button.  I got lights and was dropped to the BIOS screen.  To my eternal joy, I discovered that the machine I had purchased for $25 was 100% functional and included the T9400 2.54 GHz Core 2 Duo CPU and the 1680×1050 display panel.  W00t!\nFirst things first, I need to get this machine a hard drive and get the RAM upgraded from the 2GB that it showed up with to 8GB.  Good news is that these two purchases only totaled $50 for the pair.  An aftermarket 9-cell replacement battery was another $20. Throw in a supported WiFi card that doesn’t require a non-free blob from Libreboot at $5.99 off of eBay and $5 for a hard drive caddy and I’m looking at about $65 in additional parts bringing the total cost of the laptop, fully loaded up at just over $100.  Not bad at all…\nOnce all of the parts arrived and were installed, now for the fun part.  Disassembling the entire thing down to the motherboard so we can re-flash the BIOS with Libreboot.  The guide looks particularly challenging for this but hey, I have a nice set of screwdrivers from iFixit and a remarkable lack of fear when it comes to disassembling things.  Should be fun!\nWell, fun didn’t even come close.  I wish I had shot some pictures along the way because at one point I had a heap of parts in one corner of my “workbench” (the dining room table) and just the bare motherboard, minus the CPU sitting in front of me.  With the help of a clip and a bunch of whoops wires (patch cables), I connected my Beaglebone Black to the BIOS chip on the bare motherboard and attempted to read the chip.  #fail\nI figured out after doing some more digging that you need to use the connector on the left side of the BBB if you hold it with the power connector facing away from you.  In addition, you should probably read the entire process through instead of stopping at the exciting pinout connector diagram because I missed the bit about the 3.3v power supply need to have ground connected to pin 2 of the BIOS chip.\nSpeaking of that infamous 3.3v power supply, I managed to bend a paperclip into a U shape and jam it into the connector of an old ATX power supply I had in a closet and source power from that.  I felt like MacGyver for that one!\nI was able to successfully read the original Thinkpad BIOS and then flash the Libreboot + Grub2 VESA framebuffer image onto the laptop!  I gulped loudly and started the reassembly process.  Other than having some cable routing difficulties because the replacement WiFi card didn’t have a 5Ghz antenna, it all went back together.  Now for the moment of truth!  I hit the power button and everything worked!!!\nAt this point I happily scurried to download the latest snapshot of OpenBSD – current and install it.  Well, things got a little weird here.  Looks like I have to use GRUB to boot this machine now and GRUB won’t boot an OpenBSD machine with Full Disk Encryption.  That was a bit of a bummer for me.  I tilted against that windmill for several days and then finally admitted defeat.  So now what to do?  Install Arch?\nWell, here’s where I think the crazy caught up to me.  I decided to be an utter sell out and install Ubuntu Gnome Edition 17.04 (since that will be the default DE going forward) with full disk encryption.  I figured I could have fun playing around in a foreign land and try to harden the heck out of that operating system.  I called Ubuntu “grandma’s Linux” because a friend of mine installed it on his mom’s laptop for her but I figured what the heck – let’s see how the other half live!\nAt this point, while I didn’t have what I originally set out to do – build a laptop with Libreboot and OpenBSD, I did have a nice compromise that is as well hardened as I can possibly make it and very functional in terms of being able to do what I need to do on a day to day basis.  Do I wish it was more portable?  Of course.  This thing is like a six or seven pounder.  However, I feel much more secure in knowing that the vast majority of the code running on this machine is open source and has all the eyes of the community on it, versus something that comes from a vendor that we cannot inspect.  My hope is that someone with the talent (unfortunately I lack those skills) takes an interest in getting FDE working with Libreboot on OpenBSD and I will most happily nuke and repave this “ancient of days” machine to run that!\n\n\n\n\nFreeBSD Programmers Report Ryzen SMT Bug That Hangs Or Resets Machines\n\n\nIt's starting to look like there's an inherent bug with AMD's Zen-based chips that is causing issues on Unix-based operating systems, with both Linux and FreeBSD confirmed. The bug doesn't just affect Ryzen desktop chips, but also AMD's enterprise EPYC chips. It seems safe to assume that Threadripper will bundle it in, as well.\nIt's not entirely clear what is causing the issue, but it's related to the CPU being maxed out in operations, thus causing data to get shifted around in memory, ultimately resulting in unstable software. If the bug is exercised a certain way, it can even cause machines to reset.\nThe revelation about the issue on FreeBSD was posted to the official repository, where the issue is said to happen when threads can lock up, and then cause the system to become unstable. Getting rid of the issue seems as simple as disabling SMT, but that would then negate the benefits provided by having so many threads at-the-ready.\nOn the Linux side of the Unix fence, Phoronix reports on similar issues, where stressing Zen chips with intensive benchmarks can cause one segmentation fault after another. The issue is so profound, that Phoronix Test Suite developer Michael Larabel introduced a special test that can be run to act as a bit of a proof-of-concept. To test another way, PTS can be run with this command:\nPTS_CONCURRENT_TEST_RUNS=4 TOTAL_LOOP_TIME=60 phoronix-test-suite stress-run build-linux-kernel build-php build-apache build-imagemagick\nRunning this command will compile four different software projects at once, over and over, for an hour. Before long, segfaults should begin to appear (as seen in the shot above).\nIt's not entirely clear if both sets of issues here are related, but seeing as both involve stressing the CPU to its limit, it seems likely. Whether or not this could be patched on a kernel or EFI level is something yet to be seen.\n\n\n\n\nTrueOS - UNSTABLE update: 8/7/17\n\n\nA new UNSTABLE update for TrueOS is available!  Released regularly, UNSTABLE updates are the full “rolling release” of TrueOS. UNSTABLE includes experimental features, bugfixes, and other CURRENT FreeBSD work. It is meant to be used by those users interested in using the latest TrueOS and FreeBSD developments to help test and improve these projects.\n\n\nWARNING: UNSTABLE updates are released primarily for TrueOS and FreeBSD testing/experimentation purposes. Update and run UNSTABLE “at your own risk”.\nNote: There was a CDN issue over the weekend that caused issues for early updaters. Everything appears to be resolved and the update is fully available again. If you encountered instability or package issues from updating on 8/6 or 8/5, roll back to a previous boot environment and run the update again.\n\nChanges:\n\n\nUNSTABLE .iso and .img files beginning with TrueOS-2017-08-3-x64 will be available to download from http://download.trueos.org/unstable/amd64/. Due to CDN issues, these are not quite available, look for them later today or tomorrow (8/8/17). This update resyncs all ports with FreeBSD as of 8.1.2017. This includes: New/updated FreeBSD Kernel and World \u0026amp; New DRM (Direct Rendering Manager) next.\nExperimental patch for libhyve-remote: (From htps://github.com/trueos/freebsd/commit/a67a73e49538448629ea27, thanks araujobsd)\n\n\n\n\nThe libhyve-remote aims to abstract functionalities from other third party libraries like libvncserver, freerdp, and spice to be used in hypervisor implementation. With a basic data structure it is easy to implement any remote desktop protocol without digging into the protocol specification or third part libraries – check some of our examples.We don’t statically link any third party library, instead we use a dynamic linker and load only the functionality necessary to launch the service.Our target is to abstract functionalities from libvncserver, freerdp and spice. Right now, libhyve-remote only supports libvncserver. It is possible to launch a VNC server with different screen resolution as well as with authentication.With this patch we implement support for bhyve to use libhyve-remote that basically abstract some functionalities from libvncserver.  We can: Enable wait state, Enable authentication, Enable different resolutions\u0026lt; Have a better compression.  Also, we add a new -s flag for vncserver, if the libhyve-remote library is not present in the system, we fallback to bhyve RFB implementation. For example:\n-s 2,fbuf,tcp=0.0.0.0:5937,w=800,h=600,password=1234567,vncserver,wait\n\n\n\nNew SysAdm Client pages under the System Management category: \n\n\nSystem Control: This is an interface to browse all the sysctl’s on the system.\nDevices: This lists all known information about devices on the designated system.\n\nLumina Theming: Lumina is testing new theming functionality! By default (in UNSTABLE), a heavily customized version of the Qt5ct engine is included and enabled. This is intended to allow users to quickly adjust themes/icon packs without needing to log out and back in. This also fixes a bug in Insight with different icons loading for the side and primary windows. Look for more information about this new functionality to be discussed on the Lumina Website.\nUpdate to Iridium Web Browser: Iridium is a Chromium based browser built with user privacy and security as the primary concern, but still maintaining the speed and usability of Chromium. It is now up to date – give it a try and let us know what you think (search for iridium-browser in AppCafe).\n\n\n\n\nBeastie Bits\n\n\nGhostBSD 11.1 Alpha1 is ready\nA Special CharmBUG announcement\nByhve Obfuscation Part 1 of Many\nNew BSDMag is out\ngit: kernel - Lower VM_MAX_USER_ADDRESS to finalize work-around for Ryzen bug\nKen Thompson corrects one of his biggest regrets\n***\n\n\nFeedback/Questions\n\n\nHans - zxfer\nHarza - Google Summer of Code\ntadslot - Microphones, Proprietary software, and feedback\nFlorian - ZFS/Jail\n\n\nModifying a ZFS root system to a beadm layout\n***\n\n","content_html":"\u003cp\u003eWe read a trip report about FreeBSD in China, look at how Unix deals with Signals, a stats collector in DragonFlyBSD \u0026amp; much more!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/trip-report-freebsd-in-china-at-copu-and-linuxcon/\" rel=\"nofollow\"\u003eTrip Report: FreeBSD in China at COPU and LinuxCon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis trip report is from Deb Goodkin, the Executive Director of the FreeBSD Foundation. She travelled to China in May 2017 to promote FreeBSD, meet with companies, and participate in discussions around Open Source.\u003c/li\u003e\n\u003cli\u003e\u0026gt; In May of 2017, we were invited to give a talk about FreeBSD at COPU’s (China Open Source Promotional Unit) Open Source China, Open Source World Summit, which took place June 21-22, in Beijing. This was a tremendous opportunity to talk about the advantages of FreeBSD to the open source leaders and organizations interested in open source. I was honored to represent the Project and Foundation and give the presentation “FreeBSD Advantages and Applications”.\u003c/li\u003e\n\u003cli\u003e\u0026gt; Since I was already going to be in Beijing, and LinuxCon China was being held right before the COPU event, Microsoft invited me to be part of a women-in-tech panel they were sponsoring. There were six of us on the panel including two from Microsoft, one from the Linux Foundation, one from Accenture of China, and one from Women Who Code. Two of us spoke in English, with everyone else speaking Chinese. It was disappointing that we didn’t have translators, because I would have loved hearing everyone’s answers. We had excellent questions from the audience at the end. I also had a chance to talk with a journalist from Beijing, where I emphasized how contributing to an open source project, like FreeBSD, is a wonderful way to get experience to boost your resume for a job.\u003c/li\u003e\n\u003cli\u003e\u0026gt; The first day of LinuxCon also happened to be FreeBSD Day. I had my posters with me and was thrilled to have the Honorary Chairman of COPU (also known as the “Father of Open Source in China”) hold one up for a photo op. Unfortunately, I haven’t been able to get a copy of that photo for proof (I’m still working on it!). We spent a long time discussing the strengths of FreeBSD. He believes there are many applications in China that could benefit from FreeBSD, especially for embedded devices, university research, and open source education. We had more time throughout the week to discuss FreeBSD in more detail.\u003c/li\u003e\n\u003cli\u003e\u0026gt; Since I was at LinuxCon, I had a chance to meet with people from the Linux Foundation, other open source projects, and some of our donors. With LinuxCon changing its name to Open Source Summit, I discussed how important it is to include minority voices like ours to contribute to improving the open source ecosystem. The people I talked to within the Linux Foundation agreed and suggested that we get someone from the Project to give a talk at the Open Source Summit in Prague this October. Jim Zemlin, the Linux Foundation Executive Director, suggested having a BSD track at the summits. We did miss the call for proposals for that conference, but we need to get people to consider submitting proposals for the Open Source Summits in 2018.\u003c/li\u003e\n\u003cli\u003e\u0026gt; I talked to a CTO from a company that donates to us and he brought up his belief that FreeBSD is much easier to get started on as a contributor. He talked about the steep path in Linux to getting contributions accepted due to having over 10,000 developers and the hierarchy of decision makers, from Linus to his main lieutenants to the layers beneath him. It can take 6 months to get your changes in!\u003c/li\u003e\n\u003cli\u003e\u0026gt; On Tuesday, Kylie and I met with a representative from Huawei, who we’ve been meeting over the phone with over the past few months. Huawei has a FreeBSD contributor and is looking to add more. We were thrilled to hear they decided to donate this year. We look forward to helping them get up to speed with FreeBSD and collaborate with the Project.\u003c/li\u003e\n\u003cli\u003e\u0026gt; Wednesday marked the beginning of COPU and the reason I flew all the way to Beijing! We started the summit with having a group photo of all the speakers:The honorary chairman, Professor Lu in the front middle.\u003c/li\u003e\n\u003cli\u003e\u0026gt; My presentation was called “FreeBSD Advantages and Applications”. A lot of the material came from Foundation Board President, George-Neville-Neil’s presentation, “FreeBSD is not a Linux Distribution”, which is a wonderful introduction to FreeBSD and includes the history of FreeBSD, who uses it and why, and which features stand out. My presentation went well, with Professor Lu and others engaged through the translators. Afterwards, I was invited to a VIP dinner, which I was thrilled about.\u003c/li\u003e\n\u003cli\u003e\u0026gt; The only hitch was that Kylie and I were running a FreeBSD meetup that evening, and both were important! Beijing during rush hour is crazy, even trying to go only a couple of miles is challenging. We made plans that I would go to the meetup and give the same presentation, and then head back to the dinner. Amazingly, it worked out.\u003c/li\u003e\n\u003cli\u003eCheck out the rest of her trip report and stay tuned for more news from the region as this is one of the focus areas of the Foundation. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.networkworld.com/article/3211296/linux/unix-dealing-with-signals.html\" rel=\"nofollow\"\u003eUnix: Dealing with signals\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSignals on Unix systems are critical to the way processes live and die. This article looks at how they\u0026#39;re generated, how they work, and how processes receive or block them\u003cbr\u003e\nOn Unix systems, there are several ways to send signals to processes—with a kill command, with a keyboard sequence (like control-C), or through a program\u003cbr\u003e\nSignals are also generated by hardware exceptions such as segmentation faults and illegal instructions, timers and child process termination.\u003cbr\u003e\nBut how do you know what signals a process will react to? After all, what a process is programmed to do and able to ignore is another issue.\u003cbr\u003e\nFortunately, the /proc file system makes information about how processes handle signals (and which they block or ignore) accessible with commands like the one shown below. In this command, we’re looking at information related to the login shell for the current user, the \u0026quot;$$\u0026quot; representing the current process.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOn FreeBSD, you can use \u003cem\u003eprocstat -i PID\u003c/em\u003e to get that and even more information, and easier to digest form\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cblockquote\u003e\n\u003cpre\u003e\u003ccode\u003e        P  if signal is pending in the global process queue\n        I  if signal delivery disposition is SIGIGN\n        C  if signal delivery is to catch it\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eCatching a signal requires that a signal handling function exists in the process to handle a given signal. The SIGKILL (9) and SIGSTOP (#) signals cannot be ignored or caught. For example, if you wanted to tell the kernel that ctrl-C\u0026#39;s are to be ignored, you would include something like this in your source code:\u003cbr\u003e\nsignal(SIGINT, SIG_IGN);\u003cbr\u003e\nTo ensure that the default action for a signal is taken, you would do something like this instead:\u003cbr\u003e\nsignal(SIGSEGV, SIG_DFL);\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article then shows some ways to send signals from the command line, for example to send SIGHUP to a process with pid 1234:\nkill -HUP 1234\u003c/li\u003e\n\u003cli\u003eYou can get a list of the different signals by running\nkill -l\nOn Unix systems, signals are used to send all kinds of information to running processes, and they come from user commands, other processes, and the kernel itself. Through /proc, information about how processes are handling signals is now easily accessible and, with just a little manipulation of the data, easy to understand.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://smartos.org/bugview/OS-6274\" rel=\"nofollow\"\u003elinks owned by NGZ erroneously marked as on loan\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNGZ (Non-Global Zone), is IllumOS speak for their equivalent to a jail\n\u0026gt; As reported by user brianewell in smartos-live#737, NGZ ip tunnels stopped persisting across zone reboot. This behavior appeared in the 20170202 PI and was not present in previous releases. After much spelunking I determined that this was caused by a regression introduced in commit 33df115 (part of the OS-5363 work). The regression was a one-line change to link_activate() which marks NGZ links as on loan when they are in fact not loaned because the NGZ created and owns the link.\u003c/li\u003e\n\u003cli\u003e“On loan” means the interface belongs to the host (GZ, Global Zone), and has been loaned to the NGZ (Jail)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis regression was easy to introduce because of the subtle nature of this code and lack of comments. I\u0026#39;m going to remove the regressive line, add clarifying comments, and also add some asserts.\u003cbr\u003e\nThe following is a detailed analysis of the issue, how I debugged it, and why my one-line change caused the regression:\u003cbr\u003e\nTo start I verified that PI 20170119 work as expected:\u003cbr\u003e\n    booted 20170119\u003cbr\u003e\n   created iptun (named v4_sys76) inside of a native NGZ (names sos-zone)\u003cbr\u003e\n   performed a reboot of sos-zone\u003cbr\u003e\n   zlogin to sos-zone and verify iptun still exists after reboot\u003cbr\u003e\nThen I booted the GZ into PI 20170202 and verified the iptun did not show up\u003cbr\u003e\n   booted 20170202\u003cbr\u003e\n   started sos-zone\u003cbr\u003e\n   zlogin and verified the iptun was missing\u003cbr\u003e\nAt this point I thought I would recreate the iptun and see if I could monitor the zone halt/boot process for the culprit, but instead I received an error from dladm: \u0026quot;object already exists\u0026quot;.\u003cbr\u003e\nI didn\u0026#39;t expect this. So I used mdb to inspect the dlmgmtd state. Sure enough the iptun exists in dlmgmtd.\u003cbr\u003e\nOkay, so if the link already exists, why doesn\u0026#39;t it show up (in either the GZ or the NGZ)?\u003cbr\u003e\nIf a link is not marked as active then it won\u0026#39;t show up when you query dladm. When booting the zone on 20170119 the ll_flags for the iptun contained the value 0x3. So the problem is the link is not marked as active on the 20170202 PI.\u003cbr\u003e\nThe link_activate() function is responsible for marking a link as active. I used dtrace to verify this function was called on the 20170202 PI and that the dlmgmt_link_t had the correct ll_flags value.\u003cbr\u003e\nSo the iptun link structure has the correct ll_flags when link_activate() returns but when I inspect the same structure with mdb afterwards the value has changed.\u003cbr\u003e\nSometime after link_activate() completes some other process changed the ll_flags value. My next question was: where is link_activate() called and what comes after it that might affect the ll_flags? I did another trace and got this stack.\u003cbr\u003e\nThe dlmgmt_upid() function calls dlmgmt_write_db_entry() after link_activate() and that can change the flags. But dtrace proved the ll_flags value was still 0x3 after returning from this function.\u003cbr\u003e\nWith no obvious questions left I then asked cscope to show me all places where ll_flags is modified. As I walked through the list I used dtrace to eliminate candidates one at a time -- until I reached dlmgmt_destroy_common(). I would not have expected this function to show up during zone boot but sure enough it was being called somehow, and by someone. Who?\u003cbr\u003e\nSince there is no easy way to track door calls it was at this point I decided to go nuclear and use the dtrace stop action to stop dlmgmtd when it hits dlmgmt_destroy_common(). Then I used mdb -k to inspect the door info for the dlmgmtd threads and look for my culprit.\u003cbr\u003e\nThe culprit is do_up_iptun() caused by the dladm up-iptun call. Using ptree I then realized this was happening as part of the zone boot under the network/iptun svc startup. At this point it was a matter of doing a zlogin to sos-zone and running truss on dladm up-iptun to find the real reason why dladm_destroy_datalink_id() is called.\u003cbr\u003e\nSo the link is marked as inactive because dladm_getsnap_conf() fails with DLADM_STATUS_DENIED which is mapped to EACCESS. Looking at the dladm_getsnap_conf() code I see the following\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The caller is in a non-global zone and the persistent configuration belongs to the global zone.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat this is saying is that if a link is marked \u0026quot;on loan\u0026quot; (meaning it\u0026#39;s technically owned/created by the GZ but assigned/loaned to the NGZ) and the zone calling dladm_getsnap_conf() is an NGZ then return EACCESS because the configuration of the link is up to the GZ, not the NGZ. This code is correct and should be enforced, but why is it tripping in PI 20170202 and not 20170119? It comes back to my earlier observation that in the 20170202 PI we marked the iptun as \u0026quot;on loan\u0026quot; but not in the older one. Why?\u003cbr\u003e\nWell as it turns out while fixing OS-5363 I fixed what I thought was a bug in link_activate()\u003cbr\u003e\nWhen I first read this code it was my understanding that anytime we added a link to a zone\u0026#39;s datalink list, by calling zone_add_datalink(), that link was then considered \u0026quot;on loan\u0026quot;. My understanding was incorrect. The link_activate() code has a subtleness that eluded me. There are two cases in link_activate():\u003c/p\u003e\n\n\u003col\u003e\n\u003cli\u003eThe link is under an NGZ\u0026#39;s datalink list but it\u0026#39;s ll_linkid doesn\u0026#39;t reflect that (e.g., the link is found under zoneid 3 but ll_linkid is 0). In this case the link is owned by the GZ but is being loaned to an NGZ and the link state should be updated accordingly. We get in this situation when dlmgmtd is restated for some reason (it must resync it\u0026#39;s in-memory state with the state of the system).\u003c/li\u003e\n\u003cli\u003eThe link is NOT under any NGZ\u0026#39;s (zone_check_datalink() is only concerned with NGZs) datalink list but its ll_zoneid holds the value of an NGZ. This indicates that the link is owned by an NGZ but for whatever reason is not currently under the NGZ\u0026#39;s datalink list (e.g., because we are booting the zone and we now need to assign the link to its list).\nSo the fix is to revert that one line change as well as add some clarifying comments and also some asserts to prevent further confusion in the future.\u003c/li\u003e\n\u003cli\u003eA nice breakdown by Ryan Zezeski of how he accidently introduced a regression, and how he tracked it down using dtrace and mdb\n***\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://dpaste.com/2YP0X9C\" rel=\"nofollow\"\u003eNew experimental statistics collector in master\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMaster now has an in-kernel statistics collector which is enabled by default, and a (still primitive) user land program to access it.  This recorder samples the state of the machine once every 10 seconds and records it in a large FIFO, all in-kernel.  The FIFO typically contains 8192 entries, or around the last 23 hours worth of data.\u003cbr\u003e\nStatistics recorded include current load, user/sys/idle cpu use, swap use, VM fault rate, VM memory statistics, and counters for syscalls, path lookups, and various interrupt types.  A few more useful counters will probably be added... I\u0026#39;d like to tie cpu temperature, fork rate, and exec rate in at some point, as well as network and disk traffic.\u003cbr\u003e\nThe statistics gathering takes essentially no real overhead and is always on, so any user at the spur of the moment with no prior intent can query the last 23 hours worth of data.\u003cbr\u003e\nThere is a user frontend to the data called \u0026#39;kcollect\u0026#39; (its tied into the buildworld now).  Currently still primitive.  Ultimately my intention is to integrate it with a dbm database for long-term statistical data retention (if desired) using an occasional (like once-an-hour) cron-job to soak up anything new, with plenty of wiggle room due to the amount of time the kernel keeps itself.  This is better and less invasive than having a userland statistics gathering script running every few minutes from cron and has the advantage of giving you a lot of data on the spur of the moment without having to ask for it before-hand.\u003cbr\u003e\nIf you have gnuplot installed (pkg install gnuplot), kcollect can generate some useful graphs based on the in-kernel data.  Well, it will be boring if the machine isn\u0026#39;t doing anything :-).  There are options to use gnuplot to generate a plot window in X or a .jpg or .png file, and other options to set the width and height and such.  At the moment the gnuplot output uses a subset of statically defined fields to plot but ultimately the field list it uses will be specifiable.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://apollo.backplane.com/DFlyMisc/kcollect03.jpg\" rel=\"nofollow\"\u003eSample image generated during a synth run\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tedunangst.com/flak/post/openbsd-changes-of-note-626\" rel=\"nofollow\"\u003eopenbsd changes of note 626\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHackerthon is imminent.\u003c/li\u003e\n\u003cli\u003eThere are two signals one can receive after accessing invalid memory, SIGBUS and SIGSEGV. Nobody seems to know what the difference is or should be, although some theories have been unearthed. Make some attempt to be slightly more consistent and predictable in OpenBSD.\u003c/li\u003e\n\u003cli\u003eIntroduces jiffies in an effort to appease our penguin oppressors.\u003c/li\u003e\n\u003cli\u003eClarify that IP.OF.UPSTREAM.RESOLVER is not actually the hostname of a server you can use.\u003c/li\u003e\n\u003cli\u003eSwitch acpibat to use _BIX before _BIF, which means you might see discharge cycle counts, too.\u003c/li\u003e\n\u003cli\u003eAssorted clang compatibility. clang uses -Oz to mean optimize for size and -Os for something else, so make gcc accept -Oz so all makefiles can be the same. Adjust some hardlinks. Make sure we build gcc with gcc. \u003c/li\u003e\n\u003cli\u003eThe SSL_check_private_key function is a lie.\u003c/li\u003e\n\u003cli\u003eSwitch the amd64 and i386 compiler to clang and see what happens.\u003c/li\u003e\n\u003cli\u003eWe are moving towards using wscons (wstpad) as the driver for touchpads.\u003c/li\u003e\n\u003cli\u003eDancing with the stars, er, NET_LOCK().\u003c/li\u003e\n\u003cli\u003eclang emits lots of warnings. Fix some of them. Turn off a bunch of clang builtins because we have a strong preference that code use our libc versions. Some other changes because clang is not gcc.\u003c/li\u003e\n\u003cli\u003eAmong other curiosities, static variables in the special .openbsd.randomdata are sometimes assumed to be all zero, leading the clang optimizer to eliminate reads of such variables.\u003c/li\u003e\n\u003cli\u003eSome more pledge rules for sed. If the script doesn’t require opening new files, don’t let it.\u003c/li\u003e\n\u003cli\u003eBackport a bajillion fixes to stable. Release errata.\u003c/li\u003e\n\u003cli\u003eRFC 1885 was obsoleted nearly 20 years ago by RFC 2463 which was obsoleted over 10 years ago by RFC 4443. We are probably not going back.\u003c/li\u003e\n\u003cli\u003eUpdate libexpat to 2.2.3.\u003c/li\u003e\n\u003cli\u003evmm: support more than 3855MB guest memory.\u003c/li\u003e\n\u003cli\u003eMerge libdrm 2.4.82.\u003c/li\u003e\n\u003cli\u003eDisable SSE optimizations on i386/amd64 for SlowBcopy. It is supposed to be slow. Prevents crashes when talking to memory mapped video memory in a hypervisor.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2017/08/08/the-25-freedom-laptop/\" rel=\"nofollow\"\u003eThe $25 “FREEDOM Laptop!”\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTime to get back to the original intent of this blog – talking about my paranoid obsession with information security!  So break out your tinfoil hats my friends because this will be a fun ride.  I’m looking for the most open source / freedom respecting portable computing experience I can possibly find and I’m going to document my work in real-time so you will get to experience the ups (and possibly the downs) of that path through the universe.  With that said, let’s get rolling.\u003cbr\u003e\nWhen I built my OpenBSD router using the APU2 board, I discovered that there are some amd64 systems that use open source BIOS.  This one used Coreboot and after some investigation I discovered that there was an even more paranoid open source BIOS called Libreboot out there.  That started to feel like it might scratch my itch.\u003cbr\u003e\u003cbr\u003e\nWell, after playing around with some lower-powered systems like my APU2 board, my Thinkpad x230 and my SPARC64 boxes, I thought, if it runs amd64 code and I can run an open source operating system on it, the thing should be powerful enough for me to do most (if not all) of what I need it to do.  At this point, I started looking for a viable machine.  From a performance perspective, it looked like the Thinkpad x200, T400, T500 and W500 were all viable candidates.  After paying attention on eBay for a while, I saw something that was either going to be a sweet deal, or a throwaway piece of garbage!\u003cbr\u003e\nI found a listing for a Thinkpad T500 that said it didn’t come with a power adapter and was 100% untested.  From looking at the photos, it seemed like there was nothing that had been molested about it.  Obviously, nobody was jumping on something this risky so I thought, “what the heck” and dropped a bit at the opening price of $24.99.  Well, guess what.  I won the auction.  Now to see what I got.\u003cbr\u003e\nWhen the laptop showed up, I discovered it was minus its hard drive (but the outside plastic cover was still in place).  I plugged in my x230’s power adapter and hit the button.  I got lights and was dropped to the BIOS screen.  To my eternal joy, I discovered that the machine I had purchased for $25 was 100% functional and included the T9400 2.54 GHz Core 2 Duo CPU and the 1680×1050 display panel.  W00t!\u003cbr\u003e\nFirst things first, I need to get this machine a hard drive and get the RAM upgraded from the 2GB that it showed up with to 8GB.  Good news is that these two purchases only totaled $50 for the pair.  An aftermarket 9-cell replacement battery was another $20. Throw in a supported WiFi card that doesn’t require a non-free blob from Libreboot at $5.99 off of eBay and $5 for a hard drive caddy and I’m looking at about $65 in additional parts bringing the total cost of the laptop, fully loaded up at just over $100.  Not bad at all…\u003cbr\u003e\nOnce all of the parts arrived and were installed, now for the fun part.  Disassembling the entire thing down to the motherboard so we can re-flash the BIOS with Libreboot.  The guide looks particularly challenging for this but hey, I have a nice set of screwdrivers from iFixit and a remarkable lack of fear when it comes to disassembling things.  Should be fun!\u003cbr\u003e\nWell, fun didn’t even come close.  I wish I had shot some pictures along the way because at one point I had a heap of parts in one corner of my “workbench” (the dining room table) and just the bare motherboard, minus the CPU sitting in front of me.  With the help of a clip and a bunch of whoops wires (patch cables), I connected my Beaglebone Black to the BIOS chip on the bare motherboard and attempted to read the chip.  #fail\u003cbr\u003e\nI figured out after doing some more digging that you need to use the connector on the left side of the BBB if you hold it with the power connector facing away from you.  In addition, you should probably read the entire process through instead of stopping at the exciting pinout connector diagram because I missed the bit about the 3.3v power supply need to have ground connected to pin 2 of the BIOS chip.\u003cbr\u003e\nSpeaking of that infamous 3.3v power supply, I managed to bend a paperclip into a U shape and jam it into the connector of an old ATX power supply I had in a closet and source power from that.  I felt like MacGyver for that one!\u003cbr\u003e\nI was able to successfully read the original Thinkpad BIOS and then flash the Libreboot + Grub2 VESA framebuffer image onto the laptop!  I gulped loudly and started the reassembly process.  Other than having some cable routing difficulties because the replacement WiFi card didn’t have a 5Ghz antenna, it all went back together.  Now for the moment of truth!  I hit the power button and everything worked!!!\u003cbr\u003e\nAt this point I happily scurried to download the latest snapshot of OpenBSD – current and install it.  Well, things got a little weird here.  Looks like I have to use GRUB to boot this machine now and GRUB won’t boot an OpenBSD machine with Full Disk Encryption.  That was a bit of a bummer for me.  I tilted against that windmill for several days and then finally admitted defeat.  So now what to do?  Install Arch?\u003cbr\u003e\nWell, here’s where I think the crazy caught up to me.  I decided to be an utter sell out and install Ubuntu Gnome Edition 17.04 (since that will be the default DE going forward) with full disk encryption.  I figured I could have fun playing around in a foreign land and try to harden the heck out of that operating system.  I called Ubuntu “grandma’s Linux” because a friend of mine installed it on his mom’s laptop for her but I figured what the heck – let’s see how the other half live!\u003cbr\u003e\nAt this point, while I didn’t have what I originally set out to do – build a laptop with Libreboot and OpenBSD, I did have a nice compromise that is as well hardened as I can possibly make it and very functional in terms of being able to do what I need to do on a day to day basis.  Do I wish it was more portable?  Of course.  This thing is like a six or seven pounder.  However, I feel much more secure in knowing that the vast majority of the code running on this machine is open source and has all the eyes of the community on it, versus something that comes from a vendor that we cannot inspect.  My hope is that someone with the talent (unfortunately I lack those skills) takes an interest in getting FDE working with Libreboot on OpenBSD and I will most happily nuke and repave this “ancient of days” machine to run that!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hothardware.com/news/freebsd-programmers-report-ryzen-smt-bug-that-hangs-or-resets-machines\" rel=\"nofollow\"\u003eFreeBSD Programmers Report Ryzen SMT Bug That Hangs Or Resets Machines\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt\u0026#39;s starting to look like there\u0026#39;s an inherent bug with AMD\u0026#39;s Zen-based chips that is causing issues on Unix-based operating systems, with both Linux and FreeBSD confirmed. The bug doesn\u0026#39;t just affect Ryzen desktop chips, but also AMD\u0026#39;s enterprise EPYC chips. It seems safe to assume that Threadripper will bundle it in, as well.\u003cbr\u003e\nIt\u0026#39;s not entirely clear what is causing the issue, but it\u0026#39;s related to the CPU being maxed out in operations, thus causing data to get shifted around in memory, ultimately resulting in unstable software. If the bug is exercised a certain way, it can even cause machines to reset.\u003cbr\u003e\nThe revelation about the issue on FreeBSD was posted to the official repository, where the issue is said to happen when threads can lock up, and then cause the system to become unstable. Getting rid of the issue seems as simple as disabling SMT, but that would then negate the benefits provided by having so many threads at-the-ready.\u003cbr\u003e\nOn the Linux side of the Unix fence, Phoronix reports on similar issues, where stressing Zen chips with intensive benchmarks can cause one segmentation fault after another. The issue is so profound, that Phoronix Test Suite developer Michael Larabel introduced a special test that can be run to act as a bit of a proof-of-concept. To test another way, PTS can be run with this command:\u003cbr\u003e\n\u003ccode\u003ePTS_CONCURRENT_TEST_RUNS=4 TOTAL_LOOP_TIME=60 phoronix-test-suite stress-run build-linux-kernel build-php build-apache build-imagemagick\u003c/code\u003e\u003cbr\u003e\nRunning this command will compile four different software projects at once, over and over, for an hour. Before long, segfaults should begin to appear (as seen in the shot above).\u003cbr\u003e\nIt\u0026#39;s not entirely clear if both sets of issues here are related, but seeing as both involve stressing the CPU to its limit, it seems likely. Whether or not this could be patched on a kernel or EFI level is something yet to be seen.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/unstable-update-8717/\" rel=\"nofollow\"\u003eTrueOS - UNSTABLE update: 8/7/17\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eA new UNSTABLE update for TrueOS is available!  Released regularly, UNSTABLE updates are the full “rolling release” of TrueOS. UNSTABLE includes experimental features, bugfixes, and other CURRENT FreeBSD work. It is meant to be used by those users interested in using the latest TrueOS and FreeBSD developments to help test and improve these projects.\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWARNING: UNSTABLE updates are released primarily for TrueOS and FreeBSD testing/experimentation purposes. Update and run UNSTABLE “at your own risk”.\u003cbr\u003e\nNote: There was a CDN issue over the weekend that caused issues for early updaters. Everything appears to be resolved and the update is fully available again. If you encountered instability or package issues from updating on 8/6 or 8/5, roll back to a previous boot environment and run the update again.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eChanges:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eUNSTABLE .iso and .img files beginning with TrueOS-2017-08-3-x64 will be available to download from \u003ca href=\"http://download.trueos.org/unstable/amd64/\" rel=\"nofollow\"\u003ehttp://download.trueos.org/unstable/amd64/\u003c/a\u003e. Due to CDN issues, these are not quite available, look for them later today or tomorrow (8/8/17). This update resyncs all ports with FreeBSD as of 8.1.2017. This includes: New/updated FreeBSD Kernel and World \u0026amp; New DRM (Direct Rendering Manager) next.\u003c/li\u003e\n\u003cli\u003eExperimental patch for libhyve-remote: (From htps://github.com/trueos/freebsd/commit/a67a73e49538448629ea27, thanks araujobsd)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe libhyve-remote aims to abstract functionalities from other third party libraries like libvncserver, freerdp, and spice to be used in hypervisor implementation. With a basic data structure it is easy to implement any remote desktop protocol without digging into the protocol specification or third part libraries – check some of our examples.We don’t statically link any third party library, instead we use a dynamic linker and load only the functionality necessary to launch the service.Our target is to abstract functionalities from libvncserver, freerdp and spice. Right now, libhyve-remote only supports libvncserver. It is possible to launch a VNC server with different screen resolution as well as with authentication.With this patch we implement support for bhyve to use libhyve-remote that basically abstract some functionalities from libvncserver.  We can: Enable wait state, Enable authentication, Enable different resolutions\u0026lt; Have a better compression.  Also, we add a new -s flag for vncserver, if the libhyve-remote library is not present in the system, we fallback to bhyve RFB implementation. For example:\u003cbr\u003e\n\u003ccode\u003e-s 2,fbuf,tcp=0.0.0.0:5937,w=800,h=600,password=1234567,vncserver,wait\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew SysAdm Client pages under the System Management category: \n\n\u003cul\u003e\n\u003cli\u003eSystem Control: This is an interface to browse all the sysctl’s on the system.\u003c/li\u003e\n\u003cli\u003eDevices: This lists all known information about devices on the designated system.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLumina Theming: Lumina is testing new theming functionality! By default (in UNSTABLE), a heavily customized version of the Qt5ct engine is included and enabled. This is intended to allow users to quickly adjust themes/icon packs without needing to log out and back in. This also fixes a bug in Insight with different icons loading for the side and primary windows. Look for more information about this new functionality to be discussed on the Lumina Website.\u003c/li\u003e\n\u003cli\u003eUpdate to Iridium Web Browser: Iridium is a Chromium based browser built with user privacy and security as the primary concern, but still maintaining the speed and usability of Chromium. It is now up to date – give it a try and let us know what you think (search for iridium-browser in AppCafe).\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.ghostbsd.org/11.1-ALPHA1\" rel=\"nofollow\"\u003eGhostBSD 11.1 Alpha1 is ready\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/CharmBUG/events/242563414/\" rel=\"nofollow\"\u003eA Special CharmBUG announcement\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HardenedBSD/hardenedBSD/commit/59eabffdca53275086493836f732f24195f3a91d\" rel=\"nofollow\"\u003eByhve Obfuscation Part 1 of Many\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/download/bsd-magazine-overriding-libc-functions/\" rel=\"nofollow\"\u003eNew BSDMag is out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-August/626190.html\" rel=\"nofollow\"\u003egit: kernel - Lower VM_MAX_USER_ADDRESS to finalize work-around for Ryzen bug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/_rsc/status/897555509141794817\" rel=\"nofollow\"\u003eKen Thompson corrects one of his biggest regrets\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2SQYQV2\" rel=\"nofollow\"\u003eHans - zxfer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2175GEB\" rel=\"nofollow\"\u003eHarza - Google Summer of Code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/154MY1H\" rel=\"nofollow\"\u003etadslot - Microphones, Proprietary software, and feedback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2V9VFAC\" rel=\"nofollow\"\u003eFlorian - ZFS/Jail\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dan.langille.org/2015/03/11/modifying-a-zfs-root-system-to-a-beadm-layout/\" rel=\"nofollow\"\u003eModifying a ZFS root system to a beadm layout\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"We read a trip report about FreeBSD in China, look at how Unix deals with Signals, a stats collector in DragonFlyBSD \u0026 much more!","date_published":"2017-08-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9fc2e90e-3bb7-4ff5-a3e1-c559838b6710.mp3","mime_type":"audio/mpeg","size_in_bytes":66406612,"duration_in_seconds":5533}]},{"id":"a6ed38b0-4c78-4bf0-98ca-10b38ac0ff3f","title":"208: Faces of Open Source","url":"https://www.bsdnow.tv/208","content_text":"DragonflyBSD 4.8.1 has been released, we explore how the X11 clipboard works, and look at OpenBSD gaming resources.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nLLVM, Clang and compiler-rt support enhancements\n\n\nIn the last month I started with upstream of the code for sanitizers: the common layer and ubsan. I worked also on the elimination of unexpected failures in LLVM and Clang. I've managed to achieve, with a pile of local patches, the number of 0 unexpected bugs within LLVM (check-llvm) and 3 unexpected bugs within Clang (check-clang) (however these ones were caused by hardcoded environment -lstdc++ vs -lc++). The number of failures in sanitizers (check-sanitizer) is also low, it's close to zero.\n\n\n\nLLVM\n\n\n\nIn order to achieve the goals of testability concerning the LLVM projects, I had to prepare a new pkgsrc-wip package called llvm-all-in-one that contains 12 active LLVM projects within one tree. The set of these projects is composed of: llvm, clang, compiler-rt, libcxx, libcxxabi, libunwind, test-suite, openmp, llgo, lld, lldb, clang-tools-extra. These were required to build and execute test-suites in the LLVM's projects. Ideally the tests should work in standalone packages - built out-of-LLVM-sources - and with GCC/Clang, however the real life is less bright and this forced me to use Clang as the system compiler an all-in-one package in order to develop the work environment with the ability to build and execute unit tests.\nThere were four threads within LLVM:\n\n\n\nBroken std::call_once with libstdc++. This is an old and well-known bug, which was usually worked around with a homegrown implementation llvm::call_once. I've discovered that the llvm::call_once workaround isn't sufficient for the whole LLVM functionality, as std::call_once can be called internally inside the libstdc++ libraries - like within the C++11 futures interface. This bug has been solved by Joerg Sonnenberger in the ELF dynamic linker.\nUnportable shell construct hardcoded in tests \"\u0026gt;\u0026amp;\". This has been fixed upstream.\nLLVM JIT. The LLVM Memory generic allocator (or page mapper) was designed to freely map pages with any combination of the protection bits: R,W,X. This approach breaks on NetBSD with PaX MPROTECT and requires redesign of the interfaces. This is the continuation of the past month AllocateRWX and ReleaseRWX compatibility with NetBSD improvements. I've prepared few variations of local patches addressing these issues and it's still open for discussion with upstream. My personal preference is to remove the current API entirely and introduce a newer one with narrowed down functionality to swap between readable (R--), writable (RW-) and executable (R-X) memory pages. This would effectively enforce WX.\nSanitizers support. Right now, I keep the patches locally in order to upstream the common sanitizer code in compiler-rt.\n\n\n\nThe LLVM JIT API is the last cause of unexpected failures in check-llvm. This breaks MCJIT, ORCJIT and ExecutionEngine libraries and causes around 200 unexpected failures within tests.\n\n\n\nClang\n\n\n\nI've upstreamed a patch that enables ubsan and asan on Clang's frontend for NetBSD/amd64. This support isn't complete, and requires sanitizers' support code upstreamed to compiler-rt.\n\n\n\ncompiler-rt\n\n\nThe current compiler-rt tasks can be divided into:\nupstream sanitizer common code shared with POSIX platforms\nupstream sanitizer common code shared with Linux and FreeBSD\nupstream sanitizer common code shared with FreeBSD\nupstream sanitizer common code specific to NetBSD\nbuild, execute and pass tests for sanitizer common code in check-santizer\n\n\n\n\nThis means that ubsan, asan and the rest of the specific sanitizers wait in queue.\nAll the mentioned tasks are being worked on simultaneously, with a soft goal to finish them one after another from the first to the last one.\nThe last point with check-sanitizer unveiled so far two generic bugs on NetBSD: \n\n\n\nReturn errno EFAULT instead of EACCES on memory fault with read(2)/write(2)-like syscalls.\nHonor PTHREAD_DESTRUCTOR_ITERATIONS in libpthread.\n\n\n\nThese bugs are not strictly real bugs, but they were introducing needless differences with other modern POSIX systems. The fixes were introduced by Christos Zoulas and backported to NetBSD-8.\n\n\n\nPlan for the next milestone\n\n\n\nI have decided not to open new issues in with the coming month and focus on upstreaming the remaining LLVM code. The roadmap for the next month is to continue working on the goals of the previous months. std::call_once is an example that every delayed bug keeps biting again and again in future.\nLLVM 5.0.0 is planned to be released this month (August) and there is a joint motivation with the upstream maintainer to push compatibility fixes for LLVM JIT. There is an option to submit a workaround now and introduce refactoring for the trunk and next version (6.0.0).\n\n\n\nThis work was sponsored by The NetBSD Foundation.\nThe NetBSD Foundation is a non-profit organization and welcomes any donations to help us continue funding projects and services to the open-source community. Please consider visiting the following URL, and chip in what you can: http://netbsd.org/donations/#how-to-donate\n***\n\n\nDragonFly BSD 4.8.1 released\n\n+Updates by dev:\n\n\nAntonio Huete Jimenez (1):\n\n\nlibc/gmon: Replace sbrk() with mmap()\n\nFrancois Tigeot (3):\n\n\ndrm: bring in Linux compability changes from master\ndrm/linux: make flush_work() more robust\ndrm/i915: Update to Linux 4.7.10\n\nImre Vadász (4):\n\n\ndrm - Fix hrtimer, don't reset timer-\u0026gt;function to NULL in timeout handler.\nsound - Delete devfs clone handler for /dev/dsp and /dev/mixer on unload.\nif_vtnet - Allocate struct vtnet_tx_header entries from a queue.\nMake sure that cam(4)'s dashutdown handler runs before DEVICE_SHUTDOWN().\n\nMatthew Dillon (24):\n\n\nkernel - MFC b48dd28447fc (sigtramp workaround)\nkernel - Fix deadlock in sound system\nkernel - Fix broken wakeup in crypto code\nkernel - Add KERN_PROC_SIGTRAMP\ngcc - Adjust the unwind code to use the new sigtramp probe sysctl\nkernel - Implement NX\nkernel - Implement NX (2)\nkernel - Implement machdep.pmap_nx_enable TUNABLE\nkernel - Implement NX (3) - cleanup\nkernel - Temporarily set the default machdep.pmap_nx_enable to 0\nparam - Change __DragonFly_version to 400801\nkernel - Fix i915 deadlock\npthreads - Change PTHREAD_STACK_MIN\nlibc - Fix bug in rcmdsh()\nppp - Fix minor overflow in protocol search\nlibtelnet - Fix improper statement construction (not a bug in the binary)\nlibdevstat - Limit sscanf field, fix redundant condition\nopenssh - Fix a broken assignment\nwindow - Fix Graphics capability enable test\nkernel - Fix event preset\nmfiutil - Fix static buffer overflow\nmixer - Fix sscanf() overflow\ngcore - fix overflow in sscanf\nkernel - Fix improper parens\n\nSascha Wildner (17):\n\n\nlibkvm: Fix char pointer dereference.\nFix some cases where an index was used before its limits check.\nReally ensure that our world/kernel are built under POSIX locale (\"C\").\nzoneinfo: Create a /usr/share/zoneinfo/UTC link.\nkernel/cam: Add CAM_SCSI_IT_NEXUS_LOST (in preparation for virtio_scsi(4)).\nkernel: Add FreeBSD's virtio_scsi(4) driver.\nccdconfig(8): Add missing free().\nlibpuffs: Fix two asserts.\nkernel/acpi: Untangle the wakecode generation during buildkernel.\nkernel/acpica: Better check AcpiOsPredefinedOverride()'s InitVal argument\nkernel/acpica: ACPI_THREAD_ID is unsigned.\nkernel/acpica: Return curthread as thread id from AcpiOsGetThreadId().\nkernel/acpica: Remove no longer needed #include.\nkernel/acpi: Call AcpiInitializeSubsystem() before AcpiInitializeTables().\nkernel/urtwn: Add missing braces.\nkernel/ieee80211: Add missing braces.\nlibthread_xu: Fix checking of pthread_barrier_init()'s count argument.\n\nSepherosa Ziehau (7):\n\n\nsound/hda: Sync device ID table with FreeBSD\ninet6: Restore mbuf hash after defragmentation.\npf: Normalized, i.e. defragged, packets requiring rehash.\nem: Enable MSI by default on devices has PCI advanced features capability.\nsched: Change CPU_SETSIZE to signed int, same as FreeBSD/Linux.\nusched: Allow process to change self cpu affinity\nix: Fixup TX/RX ring settings for X550, which supports 64/64 TX/RX rings.\n\nzrj (1):\n\n\nRevert \"Always use unix line endings\"\n***\n\n\n\nPorting Unix to the 386: A Practical Approach\n\n\nThe University of California's Berkeley Software Distribution (BSD) has been the catalyst for much of the innovative work done with the UNIX operating system in both the research and commercial sectors. Encompassing over 150 Mbytes (and growing) of cutting-edge operating systems, networking, and applications software, BSD is a fully functional and nonproprietary complete operating systems software distribution (see Figure 1). In fact, every version of UNIX available from every vendor contains at least some Berkeley UNIX code, particularly in the areas of filesystems and networking technologies. However, unless one could pay the high cost of site licenses and equipment, access to this software was simply not within the means of most individual programmers and smaller research groups.\nThe 386BSD project was established in the summer of 1989 for the specific purpose of porting BSD to the Intel 80386 microprocessor platform so that the tools this software offers can be made available to any programmer or research group with a 386 PC. In coordination with the Computer Systems Research Group (CSRG) at the University of California at Berkeley, we successively ported a basic research system to a common AT class machine (see, Figure 2), with the result that approximately 65 percent of all 32-bit systems could immediately make use of this new definition of UNIX. We have been refining and improving this base port ever since.\nBy providing the base 386BSD port to CSRG, our hope is to foster new interest in Berkeley UNIX technology and to speed its acceptance and use worldwide. We hope to see those interested in this technology build on it in both commercial and noncommercial ventures.\nIn this and following articles, we will examine the key aspects of software, strategy, and experience that encompassed a project of this magnitude. We intend to explore the process of the 386BSD port, while learning to effectively exploit features of the 386 architecture for use with an advanced operating system. We also intend to outline some of the tradeoffs in implementation goals which must be periodically reexamined. Finally, we will highlight extensions which remain for future work, perhaps to be done by some of you reading this article today. Note that we are assuming familiarity with UNIX, its concepts and structures, and the basic functions of the 386, so we will not present exhaustive coverage of these areas.\nIn this installment, we discuss the beginning of our project and the initial framework that guided our efforts, in particular, the development of the 386BSD specification. Future articles will address specific topics of interest and actual nonproprietary code fragments used in 386BSD. Among the future areas to be covered are:\n\n\n\n386BSD process context switching\nExecuting the first 386BSD process on the PC\n386BSD kernel interrupt and exception handling\n386BSD INTERNET networking\nISA device drivers and system support\n386BSD bootstrap process\n***\n\n\nX11: How does “the” clipboard work\n\n\n\u0026gt; If you have used another operating system before you switched to something that runs X11, you will have noticed that there is more than one clipboard:\n\u0026gt; Sometimes, you can use the mouse to select some text, switch to another window, and then hit the middle mouse button to paste text.\n\u0026gt; Sometimes, you can select text, then hit some hotkey, e.g. Ctrl+C, switch to another window, hit another hotkey, e.g. Ctrl+V, and paste said text.\n\u0026gt; Sometimes, you can do both.\n\u0026gt; Selections as a form of IPC\n\nFirst things first, in X11 land, “clipboards” are called “selections”.\nYes, there is more than one selection and they all work independently. In fact, you can use as many selections as you wish. In theory, that is. When using selections, you make different clients communicate with each other. This means that those clients have to agree on which selections to use. You can’t just invent your own selection and then expect Firefox to be compatible with it.\n\n\nHow are selections identified?\n\n\nThere are three “standard” selection names:\nPRIMARY: The “middle mouse clipboard”\nSECONDARY: Virtually unused these days\nCLIPBOARD: The “Ctrl+C clipboard”\n\n\nProgram 1: Query selection owners\n\n\nContent type and conversion\n\n\nProgram 2: Get clipboard as UTF-8\n\n\nProgram 3: Owning a selection\n\n\nProgram 4: Content type TARGETS\n\n\nHandling binary data using xclip\n\n\nLarge amounts of data\n\n\nClipboard managers\n\n\nSummary\n\n\n\n\n\nNews Roundup\n\nTrueOS Documentation: A great way to give back!\n\n\nThe TrueOS project is always looking for community contribution. Documentation changes are a great way for users to not only make a solid contribution to the project, but learn more about it too! Over the last few months, many users have asked for both simple and detailed instructions on making documentation changes. These are now added to the TrueOS handbook in the Contributing to TrueOS section.\nIf interested in making a small alteration to the TrueOS handbook, here are some instructions for submitting a patch through the GitHub website. These instructions are also applicable to the Lumina and SysAdm handbooks. Lumina documentation is in the the lumina-docs repository, and SysAdm guides are in sysadm-docs.\n\n\n\nMake a Doc change!\n\n\n\nA GitHub account is required to submit patches to the TrueOS docs. Open a web browser and sign in to GitHub or make a new account. When making a new account, be sure to use an often checked email address, as all communication regarding patches and pull requests are sent to this address. Navigate to the trueos-docs GitHub repository. Click on the trueos-handbook directory to view all the documentation files. Open the .rst file corresponding to the chapter needing an update. The chapter names are reflected in the title of the .rst files. For example, open install.rst to fix an error spotted in handbook chapter 3: “Install”. This first image shows the trueos-docs repository and the contents of the trueos-handbook directory\nOpen the desired chapter file by clicking its entry in the list. The trueos.rst file is an index file and should be ignored. Begin editing the file by clicking the Pencil icon in the upper right corner above the file’s text. The file moves to edit mode, where it is now possible to make changes, as the next image shows.\n\n\n\nEditing install.rst with GitHub\n\n\n\nWhen making a simple change, it is recommended to avoid adjusting the specific formatting elements and instead work within or around them. Once satisfied, scroll to the bottom of the page and write a detailed commit summary of the new changes. Click Propose file change (green button), then Create pull request to submit the changes to the project. GitHub then does an automated merge check. Click Create pull request again to submit the change to the repository. In the final step, a developer or project committer reviews the changes, merging them into the project or asking for more changes as necessary.\n\n\n\nLearn more about TrueOS documentation\n\n\n\nTo learn more about the underlying structure of TrueOS documentation like the Sphinx Documentation Generator and reStructuredText markup, browse the Advanced Documentation Changes section of the TrueOS handbook. This section also contains instructions for forking the repository and configuring a local clone, build testing, updating the translation files, and other useful information. The Sphinx website is also a valuable resource.\n\n\n\n\nlibHijack Revival\n\n\nOver a decade ago, while standing naked and vulnerable in the comfort of my steaming hot shower, I gathered my thoughts as humans typically attempt to do in the wee hours of the morning. Thoughts of a post-exploitation exercise raced in my mind, the same thoughts that made sleeping the night before difficult. If only I could inject into Apache some code that would allow me to hook into its parsing engine without requiring persistance. Putting a file-backed entry into /proc/pid/maps would tip off the security team to a compromise.\nThe end-goal was to be able to send Apache a special string and have Apache perform a unique action based on the special string.\nFelineMenace's Binary Protection Schemes whitepaper provided inspiration. Silvio Cesare paved the way into PLT/GOT redirection attacks. Various Phrack articles selflessly contributed to the direction I was to head.\nAlas, in the aforementioned shower, an epiphany struck me. I jumped as an awkward stereotypical geek does: like an elaborate Elaine Benes dance rehearsal in the air. If I used PTrace, ELF, and the PLT/GOT to my advantage, I could cause the victim application to allocate anonymous memory mappings arbitrarily. In the newly-created memory mapping, I could inject arbitrary code. Since a typical operating system treats debuggers as God-like applications, the memory mapping could be mapped without write access, but as read and execute only. Thus enabling the stealth that I sought.\nThe project took a few years to develop in my spare time. I ended up creating several iterations, taking a rough draft/Proof-of-Concept style code and rewriting it to be more efficient and effective.\nI had toyed with FreeBSD off-and-on for over a decade by this point, but by-and-large I was still mostly using Linux. FreeBSD gained DTrace and ZFS support, winning me over from the Linux camp. I ported libhijack to FreeBSD, giving it support for both Linux and FreeBSD simultaneously.\nIn 2013, I started work on helping Oliver Pinter with his ASLR implementation, which was originally destined to be upstreamed to FreeBSD. It took a lot of work, and my interest in libhijack faded. As a natural consequence, I handed libhijack over to SoldierX, asking the community to take it and enhance it.\nOver four years went by without a single commit. The project was essentially abandoned. My little baby was dead.\nThis past week, I wondered if libhijack could even compile on FreeBSD anymore. Given that four years have passed by and major changes have happened in those four years, I thought libhijack would need a major overhaul just to compile, let alone function. Imagine my surprise when libhijack needed only a few fixups to account for changes in FreeBSD's RTLD.\nToday, I'm announcing the revival of libhijack. No longer is it dead, but very much alive. In order to develop the project faster, I've decided to remove support for Linux, focusing instead on FreeBSD. I've removed hundreds of lines of code over the past few days. Supporting both FreeBSD and Linux meant some code had to be ugly. Now the beautification process has begun.\nI'm announcing the availability of libhijack 0.7.0 today. The ABI and API should be considered unstable as they may change without notice.\nNote that HardenedBSD fully mitigates libhijack from working with two security features: setting security.bsd.unprivileged_proc_debug to 0 by default and the implementation of PaX NOEXEC.\nThe security.bsd.unprivileged_proc_debug sysctl node prevents PTrace access for applications the debugger itself did not fork+execve for unprivileged (non-root) users. Privileged users (the root account) can use PTrace to its fullest extent.\nHardenedBSD's implementation of PaX NOEXEC prevents the creation of memory mappings that are both writable and executable. It also prevents using mprotect to toggle between writable and executable. In libhijack's case, FreeBSD grants libhijack the ability to write to memory mappings that are not marked writable. Debuggers do this to set breakpoints. HardenedBSD behaves differently due to PaX NOEXEC.\nEach memory mapping has a notion of a maximum protection level. When a memory mapping is created, if the write bit is set, then HardenedBSD drops the execute bit from the maximum protection level. When the execute bit is set at memory mapping creation time, then the write bit is dropped from the maximum protection level. If both the write and execute bits are set, then the execute bit is silently dropped from both the mapping creation request and the maximum protection level. \nThe maximum protection level is always obeyed, even for debuggers. Thus we see that PaX NOEXEC is 100% effective in preventing libhijack from injecting code into a process. Here is a screenshot showing PaX NOEXEC preventing libhijack from injecting shellcode into a newly-created memory mapping.\n\n\n\nWhat's next for libhijack? Here's what we have planned, in no particular order:\n\n\nPython bindings\nPort to arm64\nThis requires logic for handling machine-dependent code. High priority.\nFinish anonymous shared object injection. \nThis requires implementing a custom RTLD from within libhijack. \nMore cleanups. Adhere to style(9).\n\nlibhijack can be found on GitHub @ https://github.com/SoldierX/libhijack\n***\n\n\nContributing to FreeBSD\n\n\nI’ve talked to a whole bunch of folks who say things like “I’m a junior programmer. I’m looking for a way to help. I have no specific expertise, but I’m willing to learn.” Today, I present such junior programmers with an opportunity. An opportunity for you to learn skills that will be incredibly valuable to your career, and will simultaneously expand your career opportunities.\nFor decades, FreeBSD has relied on its users for testing. They expect users to install pre-release versions of the OS and exercise them to identify regressions. That’s necessary, but it’s nowhere near enough.\nThe FreeBSD Testing Project is building an automated test suite for the entire operating system. They have a whole mess of work to do. There’s only four people on the team, so each additional person that contributes can have a serious impact. They have tutorials on how to write tests, and sample tests.\nThere’s a whole bunch of tests left to be written. You have an almost open field. They need tests for everything from ls(1) to bhyve. (Yes, ls(1) broke at one point in the last few years.) Everything needs testing. Learning to write, submit, and commit small tests is valuable experience for developing the big tests.\nWhat’s more, learning to write tests for a system means learning the system. Developing tests will transform you into a FreeBSD expert. Once you’ve demonstrated your competence, worth, and ability to work within the project, other FreeBSD teams will solicit your help and advice. The Project will suck you in.\nTesting is perhaps the most valuable contribution anyone can make to an open source project. And this door into the FreeBSD Project is standing wide, wide open.\n\n\n\n\nOpenBSD Gaming Resource\n\n\n\u0026gt; What isn't there to love about playing video games on your favorite operating system? OpenBSD and video games feels like a natural combination to me. My resource has software lists, links to free games not in ports, lists of nonfree games, and recommendations.\nThe Table of Contents has these high-level items for you:\n\u0026gt; General Resources\n\u0026gt; OpenBSD Exclusive\n\u0026gt; Ports\n\u0026gt; Network Clients\n\u0026gt; Browser Games\n\u0026gt; Game Engines\n\u0026gt; Multiple Game Engines\n\u0026gt; Multiple System Emulation\n\u0026gt; Computer Emulation\n\u0026gt; Game Console Emulation\n\u0026gt; Live Media Emulation\n\u0026gt; Operating System Emulation\n\u0026gt; Games in Other Software\nHave fun with these games!\n***\n\n\nBeastie Bits\n\n\nDragonfly introduces kcollect(8)\nThe Faces of Open Source\nEdgemesh CEO, Jake Loveless and Joyent CTO, Bryan Cantrill join together for a fireside chat to discuss distributed caching at scale, Docker, Node.js, Mystery Science Theater 3000, and more!\nUFS: Place the information needed to find alternate superblocks to the end of the area reserved for the boot block\nLet ‘localhost’ be localhost\nHurry up and register for vBSDCon September 7-9 and EuroBSDCon September 21-24\n***\n\n\nFeedback/Questions\n\n\nMorgan - btrfs deprecated\nBen - UEFI, GELI, BEADM, and more\nBrad - Hostname Clarification\nM Rod - BSD Laptop\nJeremy - Contributing to BSDs\n***\n","content_html":"\u003cp\u003eDragonflyBSD 4.8.1 has been released, we explore how the X11 clipboard works, and look at OpenBSD gaming resources.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/llvm_clang_and_compiler_rt\" rel=\"nofollow\"\u003eLLVM, Clang and compiler-rt support enhancements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the last month I started with upstream of the code for sanitizers: the common layer and ubsan. I worked also on the elimination of unexpected failures in LLVM and Clang. I\u0026#39;ve managed to achieve, with a pile of local patches, the number of 0 unexpected bugs within LLVM (check-llvm) and 3 unexpected bugs within Clang (check-clang) (however these ones were caused by hardcoded environment -lstdc++ vs -lc++). The number of failures in sanitizers (check-sanitizer) is also low, it\u0026#39;s close to zero.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLLVM\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn order to achieve the goals of testability concerning the LLVM projects, I had to prepare a new pkgsrc-wip package called llvm-all-in-one that contains 12 active LLVM projects within one tree. The set of these projects is composed of: llvm, clang, compiler-rt, libcxx, libcxxabi, libunwind, test-suite, openmp, llgo, lld, lldb, clang-tools-extra. These were required to build and execute test-suites in the LLVM\u0026#39;s projects. Ideally the tests should work in standalone packages - built out-of-LLVM-sources - and with GCC/Clang, however the real life is less bright and this forced me to use Clang as the system compiler an all-in-one package in order to develop the work environment with the ability to build and execute unit tests.\u003cbr\u003e\nThere were four threads within LLVM:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBroken std::call_once with libstdc++. This is an old and well-known bug, which was usually worked around with a homegrown implementation llvm::call_once. I\u0026#39;ve discovered that the llvm::call_once workaround isn\u0026#39;t sufficient for the whole LLVM functionality, as std::call_once can be called internally inside the libstdc++ libraries - like within the C++11 futures interface. This bug has been solved by Joerg Sonnenberger in the ELF dynamic linker.\u003c/li\u003e\n\u003cli\u003eUnportable shell construct hardcoded in tests \u0026quot;\u0026gt;\u0026amp;\u0026quot;. This has been fixed upstream.\u003c/li\u003e\n\u003cli\u003eLLVM JIT. The LLVM Memory generic allocator (or page mapper) was designed to freely map pages with any combination of the protection bits: R,W,X. This approach breaks on NetBSD with PaX MPROTECT and requires redesign of the interfaces. This is the continuation of the past month AllocateRWX and ReleaseRWX compatibility with NetBSD improvements. I\u0026#39;ve prepared few variations of local patches addressing these issues and it\u0026#39;s still open for discussion with upstream. My personal preference is to remove the current API entirely and introduce a newer one with narrowed down functionality to swap between readable (R--), writable (RW-) and executable (R-X) memory pages. This would effectively enforce W\u003csup\u003eX.\u003c/sup\u003e\u003c/li\u003e\n\u003cli\u003eSanitizers support. Right now, I keep the patches locally in order to upstream the common sanitizer code in compiler-rt.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe LLVM JIT API is the last cause of unexpected failures in check-llvm. This breaks MCJIT, ORCJIT and ExecutionEngine libraries and causes around 200 unexpected failures within tests.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eClang\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve upstreamed a patch that enables ubsan and asan on Clang\u0026#39;s frontend for NetBSD/amd64. This support isn\u0026#39;t complete, and requires sanitizers\u0026#39; support code upstreamed to compiler-rt.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ecompiler-rt\n\n\u003cul\u003e\n\u003cli\u003eThe current compiler-rt tasks can be divided into:\u003c/li\u003e\n\u003cli\u003eupstream sanitizer common code shared with POSIX platforms\u003c/li\u003e\n\u003cli\u003eupstream sanitizer common code shared with Linux and FreeBSD\u003c/li\u003e\n\u003cli\u003eupstream sanitizer common code shared with FreeBSD\u003c/li\u003e\n\u003cli\u003eupstream sanitizer common code specific to NetBSD\u003c/li\u003e\n\u003cli\u003ebuild, execute and pass tests for sanitizer common code in check-santizer\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis means that ubsan, asan and the rest of the specific sanitizers wait in queue.\u003cbr\u003e\nAll the mentioned tasks are being worked on simultaneously, with a soft goal to finish them one after another from the first to the last one.\u003cbr\u003e\nThe last point with check-sanitizer unveiled so far two generic bugs on NetBSD: \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eReturn errno EFAULT instead of EACCES on memory fault with read(2)/write(2)-like syscalls.\u003c/li\u003e\n\u003cli\u003eHonor PTHREAD_DESTRUCTOR_ITERATIONS in libpthread.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese bugs are not strictly real bugs, but they were introducing needless differences with other modern POSIX systems. The fixes were introduced by Christos Zoulas and backported to NetBSD-8.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlan for the next milestone\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have decided not to open new issues in with the coming month and focus on upstreaming the remaining LLVM code. The roadmap for the next month is to continue working on the goals of the previous months. std::call_once is an example that every delayed bug keeps biting again and again in future.\u003cbr\u003e\nLLVM 5.0.0 is planned to be released this month (August) and there is a joint motivation with the upstream maintainer to push compatibility fixes for LLVM JIT. There is an option to submit a workaround now and introduce refactoring for the trunk and next version (6.0.0).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis work was sponsored by The NetBSD Foundation.\u003c/li\u003e\n\u003cli\u003eThe NetBSD Foundation is a non-profit organization and welcomes any donations to help us continue funding projects and services to the open-source community. Please consider visiting the following URL, and chip in what you can: \u003ca href=\"http://netbsd.org/donations/#how-to-donate\" rel=\"nofollow\"\u003ehttp://netbsd.org/donations/#how-to-donate\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-August/626150.html\" rel=\"nofollow\"\u003eDragonFly BSD 4.8.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e+Updates by dev:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAntonio Huete Jimenez (1):\n\n\u003cul\u003e\n\u003cli\u003elibc/gmon: Replace sbrk() with mmap()\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eFrancois Tigeot (3):\n\n\u003cul\u003e\n\u003cli\u003edrm: bring in Linux compability changes from master\u003c/li\u003e\n\u003cli\u003edrm/linux: make flush_work() more robust\u003c/li\u003e\n\u003cli\u003edrm/i915: Update to Linux 4.7.10\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eImre Vadász (4):\n\n\u003cul\u003e\n\u003cli\u003edrm - Fix hrtimer, don\u0026#39;t reset timer-\u0026gt;function to NULL in timeout handler.\u003c/li\u003e\n\u003cli\u003esound - Delete devfs clone handler for /dev/dsp and /dev/mixer on unload.\u003c/li\u003e\n\u003cli\u003eif_vtnet - Allocate struct vtnet_tx_header entries from a queue.\u003c/li\u003e\n\u003cli\u003eMake sure that cam(4)\u0026#39;s dashutdown handler runs before DEVICE_SHUTDOWN().\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eMatthew Dillon (24):\n\n\u003cul\u003e\n\u003cli\u003ekernel - MFC b48dd28447fc (sigtramp workaround)\u003c/li\u003e\n\u003cli\u003ekernel - Fix deadlock in sound system\u003c/li\u003e\n\u003cli\u003ekernel - Fix broken wakeup in crypto code\u003c/li\u003e\n\u003cli\u003ekernel - Add KERN_PROC_SIGTRAMP\u003c/li\u003e\n\u003cli\u003egcc - Adjust the unwind code to use the new sigtramp probe sysctl\u003c/li\u003e\n\u003cli\u003ekernel - Implement NX\u003c/li\u003e\n\u003cli\u003ekernel - Implement NX (2)\u003c/li\u003e\n\u003cli\u003ekernel - Implement machdep.pmap_nx_enable TUNABLE\u003c/li\u003e\n\u003cli\u003ekernel - Implement NX (3) - cleanup\u003c/li\u003e\n\u003cli\u003ekernel - Temporarily set the default machdep.pmap_nx_enable to 0\u003c/li\u003e\n\u003cli\u003eparam - Change __DragonFly_version to 400801\u003c/li\u003e\n\u003cli\u003ekernel - Fix i915 deadlock\u003c/li\u003e\n\u003cli\u003epthreads - Change PTHREAD_STACK_MIN\u003c/li\u003e\n\u003cli\u003elibc - Fix bug in rcmdsh()\u003c/li\u003e\n\u003cli\u003eppp - Fix minor overflow in protocol search\u003c/li\u003e\n\u003cli\u003elibtelnet - Fix improper statement construction (not a bug in the binary)\u003c/li\u003e\n\u003cli\u003elibdevstat - Limit sscanf field, fix redundant condition\u003c/li\u003e\n\u003cli\u003eopenssh - Fix a broken assignment\u003c/li\u003e\n\u003cli\u003ewindow - Fix Graphics capability enable test\u003c/li\u003e\n\u003cli\u003ekernel - Fix event preset\u003c/li\u003e\n\u003cli\u003emfiutil - Fix static buffer overflow\u003c/li\u003e\n\u003cli\u003emixer - Fix sscanf() overflow\u003c/li\u003e\n\u003cli\u003egcore - fix overflow in sscanf\u003c/li\u003e\n\u003cli\u003ekernel - Fix improper parens\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eSascha Wildner (17):\n\n\u003cul\u003e\n\u003cli\u003elibkvm: Fix char pointer dereference.\u003c/li\u003e\n\u003cli\u003eFix some cases where an index was used before its limits check.\u003c/li\u003e\n\u003cli\u003eReally ensure that our world/kernel are built under POSIX locale (\u0026quot;C\u0026quot;).\u003c/li\u003e\n\u003cli\u003ezoneinfo: Create a /usr/share/zoneinfo/UTC link.\u003c/li\u003e\n\u003cli\u003ekernel/cam: Add CAM_SCSI_IT_NEXUS_LOST (in preparation for virtio_scsi(4)).\u003c/li\u003e\n\u003cli\u003ekernel: Add FreeBSD\u0026#39;s virtio_scsi(4) driver.\u003c/li\u003e\n\u003cli\u003eccdconfig(8): Add missing free().\u003c/li\u003e\n\u003cli\u003elibpuffs: Fix two asserts.\u003c/li\u003e\n\u003cli\u003ekernel/acpi: Untangle the wakecode generation during buildkernel.\u003c/li\u003e\n\u003cli\u003ekernel/acpica: Better check AcpiOsPredefinedOverride()\u0026#39;s InitVal argument\u003c/li\u003e\n\u003cli\u003ekernel/acpica: ACPI_THREAD_ID is unsigned.\u003c/li\u003e\n\u003cli\u003ekernel/acpica: Return curthread as thread id from AcpiOsGetThreadId().\u003c/li\u003e\n\u003cli\u003ekernel/acpica: Remove no longer needed #include.\u003c/li\u003e\n\u003cli\u003ekernel/acpi: Call AcpiInitializeSubsystem() before AcpiInitializeTables().\u003c/li\u003e\n\u003cli\u003ekernel/urtwn: Add missing braces.\u003c/li\u003e\n\u003cli\u003ekernel/ieee80211: Add missing braces.\u003c/li\u003e\n\u003cli\u003elibthread_xu: Fix checking of pthread_barrier_init()\u0026#39;s count argument.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eSepherosa Ziehau (7):\n\n\u003cul\u003e\n\u003cli\u003esound/hda: Sync device ID table with FreeBSD\u003c/li\u003e\n\u003cli\u003einet6: Restore mbuf hash after defragmentation.\u003c/li\u003e\n\u003cli\u003epf: Normalized, i.e. defragged, packets requiring rehash.\u003c/li\u003e\n\u003cli\u003eem: Enable MSI by default on devices has PCI advanced features capability.\u003c/li\u003e\n\u003cli\u003esched: Change CPU_SETSIZE to signed int, same as FreeBSD/Linux.\u003c/li\u003e\n\u003cli\u003eusched: Allow process to change self cpu affinity\u003c/li\u003e\n\u003cli\u003eix: Fixup TX/RX ring settings for X550, which supports 64/64 TX/RX rings.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003ezrj (1):\n\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Always use unix line endings\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.informatica.co.cr/unix-source-code/research/1991/0101.html\" rel=\"nofollow\"\u003ePorting Unix to the 386: A Practical Approach\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe University of California\u0026#39;s Berkeley Software Distribution (BSD) has been the catalyst for much of the innovative work done with the UNIX operating system in both the research and commercial sectors. Encompassing over 150 Mbytes (and growing) of cutting-edge operating systems, networking, and applications software, BSD is a fully functional and nonproprietary complete operating systems software distribution (see Figure 1). In fact, every version of UNIX available from every vendor contains at least some Berkeley UNIX code, particularly in the areas of filesystems and networking technologies. However, unless one could pay the high cost of site licenses and equipment, access to this software was simply not within the means of most individual programmers and smaller research groups.\u003cbr\u003e\nThe 386BSD project was established in the summer of 1989 for the specific purpose of porting BSD to the Intel 80386 microprocessor platform so that the tools this software offers can be made available to any programmer or research group with a 386 PC. In coordination with the Computer Systems Research Group (CSRG) at the University of California at Berkeley, we successively ported a basic research system to a common AT class machine (see, Figure 2), with the result that approximately 65 percent of all 32-bit systems could immediately make use of this new definition of UNIX. We have been refining and improving this base port ever since.\u003cbr\u003e\nBy providing the base 386BSD port to CSRG, our hope is to foster new interest in Berkeley UNIX technology and to speed its acceptance and use worldwide. We hope to see those interested in this technology build on it in both commercial and noncommercial ventures.\u003cbr\u003e\nIn this and following articles, we will examine the key aspects of software, strategy, and experience that encompassed a project of this magnitude. We intend to explore the process of the 386BSD port, while learning to effectively exploit features of the 386 architecture for use with an advanced operating system. We also intend to outline some of the tradeoffs in implementation goals which must be periodically reexamined. Finally, we will highlight extensions which remain for future work, perhaps to be done by some of you reading this article today. Note that we are assuming familiarity with UNIX, its concepts and structures, and the basic functions of the 386, so we will not present exhaustive coverage of these areas.\u003cbr\u003e\nIn this installment, we discuss the beginning of our project and the initial framework that guided our efforts, in particular, the development of the 386BSD specification. Future articles will address specific topics of interest and actual nonproprietary code fragments used in 386BSD. Among the future areas to be covered are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e386BSD process context switching\u003c/li\u003e\n\u003cli\u003eExecuting the first 386BSD process on the PC\u003c/li\u003e\n\u003cli\u003e386BSD kernel interrupt and exception handling\u003c/li\u003e\n\u003cli\u003e386BSD INTERNET networking\u003c/li\u003e\n\u003cli\u003eISA device drivers and system support\u003c/li\u003e\n\u003cli\u003e386BSD bootstrap process\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.uninformativ.de/blog/postings/2017-04-02/0/POSTING-en.html\" rel=\"nofollow\"\u003eX11: How does “the” clipboard work\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026gt; If you have used another operating system before you switched to something that runs X11, you will have noticed that there is more than one clipboard:\n\u0026gt; Sometimes, you can use the mouse to select some text, switch to another window, and then hit the middle mouse button to paste text.\n\u0026gt; Sometimes, you can select text, then hit some hotkey, e.g. Ctrl+C, switch to another window, hit another hotkey, e.g. Ctrl+V, and paste said text.\n\u0026gt; Sometimes, you can do both.\u003c/li\u003e\n\u003cli\u003e\u0026gt; Selections as a form of IPC\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eFirst things first, in X11 land, “clipboards” are called “selections”.\u003cbr\u003e\nYes, there is more than one selection and they all work independently. In fact, you can use as many selections as you wish. In theory, that is. When using selections, you make different clients communicate with each other. This means that those clients have to agree on which selections to use. You can’t just invent your own selection and then expect Firefox to be compatible with it.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eHow are selections identified?\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eThere are three “standard” selection names:\u003cbr\u003e\nPRIMARY: The “middle mouse clipboard”\u003cbr\u003e\nSECONDARY: Virtually unused these days\u003cbr\u003e\nCLIPBOARD: The “Ctrl+C clipboard”\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eProgram 1: Query selection owners\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eContent type and conversion\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eProgram 2: Get clipboard as UTF-8\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eProgram 3: Owning a selection\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eProgram 4: Content type TARGETS\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eHandling binary data using xclip\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eLarge amounts of data\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eClipboard managers\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cblockquote\u003e\n\u003cp\u003eSummary\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/trueos-documentation-great-way-give-back/\" rel=\"nofollow\"\u003eTrueOS Documentation: A great way to give back!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe TrueOS project is always looking for community contribution. Documentation changes are a great way for users to not only make a solid contribution to the project, but learn more about it too! Over the last few months, many users have asked for both simple and detailed instructions on making documentation changes. These are now added to the TrueOS handbook in the Contributing to TrueOS section.\u003cbr\u003e\nIf interested in making a small alteration to the TrueOS handbook, here are some instructions for submitting a patch through the GitHub website. These instructions are also applicable to the Lumina and SysAdm handbooks. Lumina documentation is in the the lumina-docs repository, and SysAdm guides are in sysadm-docs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMake a Doc change!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA GitHub account is required to submit patches to the TrueOS docs. Open a web browser and sign in to GitHub or make a new account. When making a new account, be sure to use an often checked email address, as all communication regarding patches and pull requests are sent to this address. Navigate to the trueos-docs GitHub repository. Click on the trueos-handbook directory to view all the documentation files. Open the .rst file corresponding to the chapter needing an update. The chapter names are reflected in the title of the .rst files. For example, open install.rst to fix an error spotted in handbook chapter 3: “Install”. This first image shows the trueos-docs repository and the contents of the trueos-handbook directory\u003cbr\u003e\nOpen the desired chapter file by clicking its entry in the list. The trueos.rst file is an index file and should be ignored. Begin editing the file by clicking the Pencil icon in the upper right corner above the file’s text. The file moves to edit mode, where it is now possible to make changes, as the next image shows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEditing install.rst with GitHub\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen making a simple change, it is recommended to avoid adjusting the specific formatting elements and instead work within or around them. Once satisfied, scroll to the bottom of the page and write a detailed commit summary of the new changes. Click Propose file change (green button), then Create pull request to submit the changes to the project. GitHub then does an automated merge check. Click Create pull request again to submit the change to the repository. In the final step, a developer or project committer reviews the changes, merging them into the project or asking for more changes as necessary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLearn more about TrueOS documentation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo learn more about the underlying structure of TrueOS documentation like the Sphinx Documentation Generator and reStructuredText markup, browse the Advanced Documentation Changes section of the TrueOS handbook. This section also contains instructions for forking the repository and configuring a local clone, build testing, updating the translation files, and other useful information. The Sphinx website is also a valuable resource.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.soldierx.com/news/Hijack-Revival\" rel=\"nofollow\"\u003elibHijack Revival\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver a decade ago, while standing naked and vulnerable in the comfort of my steaming hot shower, I gathered my thoughts as humans typically attempt to do in the wee hours of the morning. Thoughts of a post-exploitation exercise raced in my mind, the same thoughts that made sleeping the night before difficult. If only I could inject into Apache some code that would allow me to hook into its parsing engine without requiring persistance. Putting a file-backed entry into /proc/pid/maps would tip off the security team to a compromise.\u003cbr\u003e\nThe end-goal was to be able to send Apache a special string and have Apache perform a unique action based on the special string.\u003cbr\u003e\nFelineMenace\u0026#39;s Binary Protection Schemes whitepaper provided inspiration. Silvio Cesare paved the way into PLT/GOT redirection attacks. Various Phrack articles selflessly contributed to the direction I was to head.\u003cbr\u003e\nAlas, in the aforementioned shower, an epiphany struck me. I jumped as an awkward stereotypical geek does: like an elaborate Elaine Benes dance rehearsal in the air. If I used PTrace, ELF, and the PLT/GOT to my advantage, I could cause the victim application to allocate anonymous memory mappings arbitrarily. In the newly-created memory mapping, I could inject arbitrary code. Since a typical operating system treats debuggers as God-like applications, the memory mapping could be mapped without write access, but as read and execute only. Thus enabling the stealth that I sought.\u003cbr\u003e\nThe project took a few years to develop in my spare time. I ended up creating several iterations, taking a rough draft/Proof-of-Concept style code and rewriting it to be more efficient and effective.\u003cbr\u003e\nI had toyed with FreeBSD off-and-on for over a decade by this point, but by-and-large I was still mostly using Linux. FreeBSD gained DTrace and ZFS support, winning me over from the Linux camp. I ported libhijack to FreeBSD, giving it support for both Linux and FreeBSD simultaneously.\u003cbr\u003e\nIn 2013, I started work on helping Oliver Pinter with his ASLR implementation, which was originally destined to be upstreamed to FreeBSD. It took a lot of work, and my interest in libhijack faded. As a natural consequence, I handed libhijack over to SoldierX, asking the community to take it and enhance it.\u003cbr\u003e\nOver four years went by without a single commit. The project was essentially abandoned. My little baby was dead.\u003cbr\u003e\nThis past week, I wondered if libhijack could even compile on FreeBSD anymore. Given that four years have passed by and major changes have happened in those four years, I thought libhijack would need a major overhaul just to compile, let alone function. Imagine my surprise when libhijack needed only a few fixups to account for changes in FreeBSD\u0026#39;s RTLD.\u003cbr\u003e\nToday, I\u0026#39;m announcing the revival of libhijack. No longer is it dead, but very much alive. In order to develop the project faster, I\u0026#39;ve decided to remove support for Linux, focusing instead on FreeBSD. I\u0026#39;ve removed hundreds of lines of code over the past few days. Supporting both FreeBSD and Linux meant some code had to be ugly. Now the beautification process has begun.\u003cbr\u003e\nI\u0026#39;m announcing the availability of libhijack 0.7.0 today. The ABI and API should be considered unstable as they may change without notice.\u003cbr\u003e\nNote that HardenedBSD fully mitigates libhijack from working with two security features: setting security.bsd.unprivileged_proc_debug to 0 by default and the implementation of PaX NOEXEC.\u003cbr\u003e\nThe security.bsd.unprivileged_proc_debug sysctl node prevents PTrace access for applications the debugger itself did not fork+execve for unprivileged (non-root) users. Privileged users (the root account) can use PTrace to its fullest extent.\u003cbr\u003e\nHardenedBSD\u0026#39;s implementation of PaX NOEXEC prevents the creation of memory mappings that are both writable and executable. It also prevents using mprotect to toggle between writable and executable. In libhijack\u0026#39;s case, FreeBSD grants libhijack the ability to write to memory mappings that are not marked writable. Debuggers do this to set breakpoints. HardenedBSD behaves differently due to PaX NOEXEC.\u003cbr\u003e\nEach memory mapping has a notion of a maximum protection level. When a memory mapping is created, if the write bit is set, then HardenedBSD drops the execute bit from the maximum protection level. When the execute bit is set at memory mapping creation time, then the write bit is dropped from the maximum protection level. If both the write and execute bits are set, then the execute bit is silently dropped from both the mapping creation request and the maximum protection level. \u003cbr\u003e\nThe maximum protection level is always obeyed, even for debuggers. Thus we see that PaX NOEXEC is 100% effective in preventing libhijack from injecting code into a process. Here is a screenshot showing PaX NOEXEC preventing libhijack from injecting shellcode into a newly-created memory mapping.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat\u0026#39;s next for libhijack? Here\u0026#39;s what we have planned, in no particular order:\n\n\u003cul\u003e\n\u003cli\u003ePython bindings\u003c/li\u003e\n\u003cli\u003ePort to arm64\u003c/li\u003e\n\u003cli\u003eThis requires logic for handling machine-dependent code. High priority.\u003c/li\u003e\n\u003cli\u003eFinish anonymous shared object injection. \u003c/li\u003e\n\u003cli\u003eThis requires implementing a custom RTLD from within libhijack. \u003c/li\u003e\n\u003cli\u003eMore cleanups. Adhere to style(9).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003elibhijack can be found on GitHub @ \u003ca href=\"https://github.com/SoldierX/libhijack\" rel=\"nofollow\"\u003ehttps://github.com/SoldierX/libhijack\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2988\" rel=\"nofollow\"\u003eContributing to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve talked to a whole bunch of folks who say things like “I’m a junior programmer. I’m looking for a way to help. I have no specific expertise, but I’m willing to learn.” Today, I present such junior programmers with an opportunity. An opportunity for you to learn skills that will be incredibly valuable to your career, and will simultaneously expand your career opportunities.\u003cbr\u003e\nFor decades, FreeBSD has relied on its users for testing. They expect users to install pre-release versions of the OS and exercise them to identify regressions. That’s necessary, but it’s nowhere near enough.\u003cbr\u003e\nThe FreeBSD Testing Project is building an automated test suite for the entire operating system. They have a whole mess of work to do. There’s only four people on the team, so each additional person that contributes can have a serious impact. They have tutorials on how to write tests, and sample tests.\u003cbr\u003e\nThere’s a whole bunch of tests left to be written. You have an almost open field. They need tests for everything from ls(1) to bhyve. (Yes, ls(1) broke at one point in the last few years.) Everything needs testing. Learning to write, submit, and commit small tests is valuable experience for developing the big tests.\u003cbr\u003e\nWhat’s more, learning to write tests for a system means learning the system. Developing tests will transform you into a FreeBSD expert. Once you’ve demonstrated your competence, worth, and ability to work within the project, other FreeBSD teams will solicit your help and advice. The Project will suck you in.\u003cbr\u003e\nTesting is perhaps the most valuable contribution anyone can make to an open source project. And this door into the FreeBSD Project is standing wide, wide open.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mrsatterly.com/openbsd_games.html\" rel=\"nofollow\"\u003eOpenBSD Gaming Resource\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026gt; What isn\u0026#39;t there to love about playing video games on your favorite operating system? OpenBSD and video games feels like a natural combination to me. My resource has software lists, links to free games not in ports, lists of nonfree games, and recommendations.\u003c/li\u003e\n\u003cli\u003eThe Table of Contents has these high-level items for you:\u003c/li\u003e\n\u003cli\u003e\u0026gt; General Resources\u003c/li\u003e\n\u003cli\u003e\u0026gt; OpenBSD Exclusive\u003c/li\u003e\n\u003cli\u003e\u0026gt; Ports\u003c/li\u003e\n\u003cli\u003e\u0026gt; Network Clients\u003c/li\u003e\n\u003cli\u003e\u0026gt; Browser Games\u003c/li\u003e\n\u003cli\u003e\u0026gt; Game Engines\u003c/li\u003e\n\u003cli\u003e\u0026gt; Multiple Game Engines\u003c/li\u003e\n\u003cli\u003e\u0026gt; Multiple System Emulation\u003c/li\u003e\n\u003cli\u003e\u0026gt; Computer Emulation\u003c/li\u003e\n\u003cli\u003e\u0026gt; Game Console Emulation\u003c/li\u003e\n\u003cli\u003e\u0026gt; Live Media Emulation\u003c/li\u003e\n\u003cli\u003e\u0026gt; Operating System Emulation\u003c/li\u003e\n\u003cli\u003e\u0026gt; Games in Other Software\u003c/li\u003e\n\u003cli\u003eHave fun with these games!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2017/08/07/20061.html\" rel=\"nofollow\"\u003eDragonfly introduces kcollect(8)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://facesofopensource.com/unix/\" rel=\"nofollow\"\u003eThe Faces of Open Source\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.joyent.com/blog/joyent-edgemesh-cache-me-if-you-can\" rel=\"nofollow\"\u003eEdgemesh CEO, Jake Loveless and Joyent CTO, Bryan Cantrill join together for a fireside chat to discuss distributed caching at scale, Docker, Node.js, Mystery Science Theater 3000, and more!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=322297\" rel=\"nofollow\"\u003eUFS: Place the information needed to find alternate superblocks to the end of the area reserved for the boot block\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-04\" rel=\"nofollow\"\u003eLet ‘localhost’ be localhost\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHurry up and register for \u003ca href=\"http://www.verisign.com/en_US/internet-technology-news/verisign-events/vbsdcon/index.xhtml?dmn=vBSDcon.com\" rel=\"nofollow\"\u003evBSDCon September 7-9\u003c/a\u003e and \u003ca href=\"https://2017.eurobsdcon.org/\" rel=\"nofollow\"\u003eEuroBSDCon September 21-24\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMorgan - \u003ca href=\"http://dpaste.com/0JEYE1K\" rel=\"nofollow\"\u003ebtrfs deprecated\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBen - \u003ca href=\"http://dpaste.com/2TP90HD\" rel=\"nofollow\"\u003eUEFI, GELI, BEADM, and more\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrad - \u003ca href=\"http://dpaste.com/1MQH1BD\" rel=\"nofollow\"\u003eHostname Clarification\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eM Rod - \u003ca href=\"http://dpaste.com/39C6PGN\" rel=\"nofollow\"\u003eBSD Laptop\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJeremy - \u003ca href=\"http://dpaste.com/3SVP5SF\" rel=\"nofollow\"\u003eContributing to BSDs\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"DragonflyBSD 4.8.1 has been released, we explore how the X11 clipboard works, and look at OpenBSD gaming resources.","date_published":"2017-08-23T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a6ed38b0-4c78-4bf0-98ca-10b38ac0ff3f.mp3","mime_type":"audio/mpeg","size_in_bytes":60847636,"duration_in_seconds":5070}]},{"id":"700ab007-00c0-4527-8cf8-1cfd03b3f2ca","title":"207: Bridge over the river Cam","url":"https://www.bsdnow.tv/207","content_text":"We recap our devsummit experiences at BSDCambridge, share why memcmp is more complicated than expected, explore Docker on FreeBSD, and we look at a retro terminal.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCam recap\n\n\nThe 2017 Cambridge DevSummit took place from 2-4 August 2017. The event took place over three days including a formal dinner at St John's College, and was attended by 55 registered developers and guests.\n\n\n\nPrior to the start of the conference, we had a doc hacking lounge, the computer lab provided a room where we could meet and try to spend some time on documentation. Sevan walked two interested people through the process of creating a documentation patch and submitting it for the first time. In the process, found ways to improve the documentation on how to write documentation.\n\n\n\nThe event is run \"un-conference style\" in that we brainstorm the actual session schedule on the first morning, with a focus on interactive topics that reflect the interests and exploit the knowledge of the attendees.\n\n\n\nThe idea is to maximize the amount of discussion and decisions that can be made while we are all in the same room\nThe first morning, we all gather in the slightly too small, and even more slightly under air conditioned FW11 classroom. We go around the room introducing ourselves, and listing a few topics we would be interested in discussing. Eventually the whiteboard is full of topics, with various numbers of ticks beside them to indicate the number of interested people\nThere are breakout rooms of all sizes, so even topics with only a small group of interested folks can get a lot accomplished\nThe most difficult is trying to schedule the sessions, as there is much overlap and people usually want to be in concurrent sessions, or someone's schedule means they won’t be available that day, etc.\nThis years working groups:\n\n\nToolchain (Compilers, Linkers, External Toolchain, Static analysis and sanitizers)\nVirtualization (bhyve, xen, jails, docker)\nTransport (TCP) and Network Performance\nSecurity and mitigations (WX, noexec stack, CFI, ASLR, KASLR, Safe Stack, etc)\nTesting (Status, What to test, How to test, QA for releases)\nCapsicum (Automation with LLVM etc, Casper, Namespacing, “Services”, capsh)\nDesktop / WiFi (drm-next, drivers, resume, power, installer, desktop, OOB Experience)\nTracing (Blackbox, DTrace, KTR, ptrace, truss, hardware tracing)\nPackaging and Packaged Base (Sets, Kernels, Ports \u0026amp; flavours, sub-packages, privlib)\nArchitectural Security Features (CPU Features: SGX, PXN/PAN, Pointer Authentication, AMD Memory Encryption, Libcrunch, RISC-V, CheriABI)\nArchitectures and Embedded systems (RISC-V, ARM, ARM64, MIPS(64), SPARC64)\nTeaching (Audiences, Objectives, Targets, Material, future directions)\nProvisioning and Management Tools (CfgMgmt tools, Image building, VM/bhyve orchestration, Preconfigured VMs for testing, Wishlist)\nStorage (ZFS status update, ZFS encryption infrastructure, ZFS Zero Copy / Sendfile, Acceleration of checksums and raidz parity calculations, sesutil, mpsutil)\n\nAnd that wasn’t everything. We then had a series of short talklets:\n\n\nEnhancing and replacing mmap()\nSDIO support\neBPF support for FreeBSD\nTracing + Virtualization\nPractical DMA Attack Protection\n\nOn Thursday night there was a special dinner at St John's College\nOverall it was a great DevSummit, and I even managed to get some of the work assigned to me finished. Shortly I will commit an update to the boot loader menu that will automatically populate the kernel selection menu with the automatically detected list of installed kernels. The list is also properly refreshed when you switch boot environments.\n***\n\n\nHosts/BSD – for when you need to run your BSD inside a penguin\n\n\nThis wiki provides details on how to run each of the various BSDs under QEMU\nThe target audience is Linux developers looking to test their apps etc under BSD\nThe wiki is in need of some love, there are some option questions, and it lacks some polish\nThere are instructions on building qemu from source, but it should likely mention the qemu-devel port\nThere should probably also be instructions on using other architectures, like ARM/MIPS etc\nIf you have used QEMU, or would like to spend the time to learn how, please help update this wiki\n***\n\n\nmemcmp -- more complicated than you might expect\n\n\n“A suspicious pattern in open-source software”\nOne bug recently found by John using tis-interpreter on a widely used open-source library involved the comparison of strings with memcmp. The unexpected condition was that memcmp was, in one case, called with a pointer to a buffer shorter than the length passed as third argument, breaking one of the two symmetrical pre-conditions in the function’s ACSL contract\nA reason that may have made this use of memcmp look okay to the developer is that the buffers being passed to it always differed before the end of the buffers were reached.\na memcmp implementation based on stopping as soon as a difference is found, would not have caused any out-of-bounds read access\nThe first question raised was whether the pattern memcmp(\"a\", \"bc\", 3) was problematic according to the letter of the C standard. If it was, the second question was whether the busy maintainer of one of the Open Source packages that make the Internet tick should be bothered with a bug report.\nI would like to be able to say that memcmp’s ACSL contract was the product of careful deliberation, but unfortunately this is not the case: many standard function contracts were written quickly in order to get most of the standard library covered, and have not been tested by time. Anyway, upon proofreading the relevant clause in the C11 standard, my feeling was that the ACSL formalization was, in this particular case, right, and that it was undefined behavior to pass as memcmp argument a buffer that wasn’t fully valid, even if the implementation sort-of needs to read the buffer’s characters in order for the purpose of finding the first mismatch.\n\n\n\nThe post then goes on to look at the memcmp code in glibc\n\n\n\nThere are two distinct optimizations for long buffers, one that applies when both buffers start at the same offset modulo the word size, memcmp_common_alignment, and one that applies when they don’t, memcmp_not_common_alignment.\nThe function memcmp_common_alignment is relatively well-behaved: it reads from the two buffers aligned word by aligned word, and thus reads the entire words that contain differing bytes. If the caller passed buffers that aren’t valid after the differing byte, this amounts to reading out of bounds, but this sort of out-of-bounds access is not detected by the typical MMU, which works at the scale of the page.\nThe “not_common_alignment” case, however, tells a different story. When passed the carefully (mis-)aligned buffers t1 and (char*)t2+1, although these buffers differ in the 8th byte, Glibc’s implementation of memcmp reads 8 bytes beyond the end of t1. By making the 16th byte differ instead of the 8th one, it is also possible to make Glibc’s implementation of memcmp read 16 bytes beyond the end of t1.\nIn conclusion, yes, some implementations of memcmp will crash when invoked with buffers that aren’t valid for the full length, even if they differ early. The circumstances are rare (probably the reason this bug was still there to be found in a library that had already been tested with all the available techniques) but outside the programmer’s control. The pattern described in this post should be reported as a bug when found.\n\n\n\nIt is interesting to read the detailed analysis of a bug in such a basic libc feature\n***\n\n\nNews Roundup\n\nDocker on FreeBSD\n\n\nThere are two approaches to running Docker on FreeBSD. First one was created back in 2015 and it was a native port of Docker engine to FreeBSD. It was an ambitious project but nobody stepped forward to continuously port the never-ending flow of upstream code to FreeBSD. So the port still exists (sysutils/docker-freebsd) but it wasn't updated since 2015 and it is Docker v1 (it is v17 as of 2017).\nThe other approach is to use official way of running Docker on platforms other than Linux. Well, somewhat official as Docker still does not support FreeBSD as a host officially. This is docker-machine tool which in turn will use VirtualBox to run a virtual machine with Linux and Docker engine. docker utility on the host will communicate with the engine inside VB where all the work will be done. This article describes what needs to be done to start using it.\nBefore we begin you need VirtualBox installed. Do not skip adding /boot/loader.conf and /etc/rc.conf lines mentioned on that page. You won't need user inteface or anything, docker-machine will do all the work, just make sure VirtualBox is present and ready to be used.\n`pkg install docker docker-machine docker-compose’\nDocker will store its stuff in ~/.docker. You might not want the virtual machine image files to live in your home, in this case just create a symlink:\nmkdir ~/.docker\nln -s /storage/docker ~/.docker/machine\ndocker-machine create --driver virtualbox \\\n   --virtualbox-memory 2048 \\\n   --virtualbox-cpu-count 2 \\\n   --virtualbox-disk-size 102400 \\\n   --virtualbox-hostonly-cidr \"10.2.1.1/24\" \\\n   docker1\nHere's the example. We are creating machine named docker1. It is using VirtualBox driver, the vm has 2G of memory, 2 cores and 100G of disk space. docker-machine setups VirtualBox to use host-only network adapter (it will create vboxnet0 interface on the host automatically) and we are instructing it to use 10.2.1.1/24 as the address of this adapter — change it to what suits your needs or omit this flag (default is 192.168.99.1/24).\nAnd basically that is all. Check if it is running:\ndocker-machine ls\nIf you do open VirtualBox interface you will find a virtual machine named docker1 running. You can start/stop/whatever your machine using docker-machine utility.\n\n\n\nHere’s how you can connect to the machine:\n\n\n\ndocker utility by default tries to talk to Docker engine running on the same host. However with specific environment variables you can instruct it to talk to other host. docker-machine can export these variables for you.\neval docker-machine env docker1\ndocker run hello-world\n\n\n\nThere was quite a bit of discussion about docker at the FreeBSD developers summit in Cambridge during the first week of August. Two docker developers who had worked on the Mac OS X port, one of whom is an OpenBSD advocate, explained how docker has evolved, and the linux-isms have been abstracted away such that a truly native docker solution for FreeBSD can be built and maintained with a lot less headache than before\nI look forward to seeing if we can’t make that happen\n***\n\n\nThe POSIX Shell And Utilities\n\n\nThe POSIX Shell And Utilities\nCompiled for The Shell Hater's Handbook\n***\n\n\nPostgreSQL – logging to a file\n\n\nThese steps were carried out on FreeBSD 11.0 with PostgreSQL 9.6 (two of my favorite tools).\nI like logging. I like logging PostgreSQL. With logs, you can see what happened. Without, you can only guess.\nSetting up logging for PostgreSQL involves several parts, each of which must be completed or else I don’t get what I want. This is not a criticism of PostgreSQL. It’s a feature.\nI am documenting this because each time I configure a new PostgreSQL instance, it takes me more than one iteration to get it working. The goal: this post lets both you and me get it right the first time.\nThe parts include:\n\n\nTelling PostgreSQL to log via syslog\nTelling FreeBSD to local postgres to /var/log/postgres.log (my preference).\nTelling PostgreSQL the things you want logged.\nChanges to postgresql.conf\nThe file location varies with the version installed. For PostgreSQL 9.6 on FreeBSD, the file is /var/db/postgres/data96/postgresql.conf (adjust 96 according to the version installed).\nI made these changes to that file.\n\nlog_destination = 'syslog'\nlog_min_messages = notice\nlog_min_error_statement = notice\nlog_checkpoints = on\nlog_lock_waits = on\nlog_timezone = 'UTC'\n\nBy default, PostgreSQL logs to the local0 facility and is controlled by the syslog_facility in postgresql.conf. This will be used in syslog.conf (see the next section of this post).\nThe above mentioned changes require a reload: \nservice postgresql reload\n\n\n\n\nChanges to /etc/syslog.conf\n\n\n\nNow that we have PostgreSQL logging to syslog, we want to tell syslog where to put those messages.\nI changed this line in /etc/syslog.conf:*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err  /var/log/messages\nWith .notice pulling in some local0 messages, adding local0.none to the line will free the messages up for later use in the configuration file. Otherwise, the PostgreSQL messages will be in /var/log/messages.\nThe changed line is:\n`.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local0.none   /var/log/messages\nThen, to get the messages into my preferred location, I added this to the file:\nlocal0.*     /var/log/postgresql.log`\n\n\n\nLog file rotation\n\n\n\nFor rotating my log file, I added a new file: /usr/local/etc/newsyslog.conf.d/postgresql96\n\n/var/log/postgresql.log     pgsql:wheel  640  7     *    $D0   GB  /var/db/postgres/data96/postmaster.pid 30\n\n\nBefore restarting syslog, I did this, so the destination file existed. This isn’t always/strictly necessary, but because the ownership is not chown root:wheel, I do it to get that part set.\n\ntouch /var/log/postgresql.log\nchown pgsql:wheel\n\n\nRestarting syslog:\n\nsudo kill -HUP `sudo cat /var/run/syslog.pid `\n\n\nThat’s it Now you should see PostgreSQL logging in /var/log/postgresql.log.\n\n\n\n\nmandoc-1.14.2 released\n\n\ni just released portable mandoc-1.14.2. It is available now from http://mandoc.bsd.lv/.\n\n\n```From: Ingo Schwarze schwarze@usta.de\nDate: Fri, 28 Jul 2017 20:12:44 +0200\nTo: discuss@mandoc.bsd.lv\nSubject: mandoc-1.14.2 released\n\nHi,\n\ni just released portable mandoc-1.14.2.\nIt is available now from http://mandoc.bsd.lv/ .\n\nAll downstream maintainers are encouraged to update their ports\nand packages from 1.14.1 to 1.14.2.\n\nMandoc 1.14.2 is a feature release introducing:\n\n\na new -Tmarkdown output mode\nanchors for deep linking into -Thtml manual pages\na superset of the functionality of the former mdoclint(1) utility\na new -Wstyle message level with several new messages\nautomatic line breaking inside individual tbl(7) cells\na rewrite of the eqn(7) lexer, and some eqn(7) rendering improvements\nsupport for many additional low-level roff(7) features\nand various smaller features and bug fixes.\n\n\nFor more details, see: http://mandoc.bsd.lv/NEWS\n\nWith the improved mandoc features, only twenty-five out of the\nten thousand software packages in the OpenBSD ports tree still\nneed groff to format their manual pages.\n\nSince the project has been called \"mandoc\" rather than \"mdocml\"\nfor several years now, the website, the distribution tarball,\nand the source extraction directory are now also called \"mandoc\"\nrather than \"mdocml\".\n\nThe release was tested on the following systems:\n\n\nOpenBSD-current and OpenBSD-stable\nNetBSD-current\nillumos\nDebian Linux\nVoid Linux x86_64 glibc and musl\nCrux Linux\nSunOS 5.11.2, 5.10, and 5.9\n\n\nAs before, catman(8) and the regression suite cannot be used on\nSunOS 5.10 and SunOS 5.9.\nA big thanks to everybody who provided patches, bug reports,\nfeature suggestions, advice, and help with testing!\nYours,\n  Ingo```\n\n\n\nBeastie Bits\n\n\nA good looking terminal emulator which mimics the old cathode display. Available in x11/cool-retro-terminal\nMilestone Complete! OpenRC conversion\nHealthy developer interaction between FreeBSD and IllumOS re: mdb\nLarge Batch of Kernel Errata Patches Released\nopnsense 17.7 released\nTwitter Co-Founder and CEO states “FreeBSD rules them all”\nHurry up and register for vBSDCon September 7-9 and EuroBSDCon September 21-24\n***\n\n\nFeedback/Questions\n\n\nDominik - Monitoring Software\nDarren - Wonderful Awk\nAndrew - Thanks\nJens - Migration Questions\n***\n","content_html":"\u003cp\u003eWe recap our devsummit experiences at BSDCambridge, share why memcmp is more complicated than expected, explore Docker on FreeBSD, and we look at a retro terminal.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/DevSummit/201708\" rel=\"nofollow\"\u003eBSDCam recap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe 2017 Cambridge DevSummit took place from 2-4 August 2017. The event took place over three days including a formal dinner at St John\u0026#39;s College, and was attended by 55 registered developers and guests.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePrior to the start of the conference, we had a doc hacking lounge, the computer lab provided a room where we could meet and try to spend some time on documentation. Sevan walked two interested people through the process of creating a documentation patch and submitting it for the first time. In the process, found ways to improve the documentation on how to write documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe event is run \u0026quot;un-conference style\u0026quot; in that we brainstorm the actual session schedule on the first morning, with a focus on interactive topics that reflect the interests and exploit the knowledge of the attendees.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe idea is to maximize the amount of discussion and decisions that can be made while we are all in the same room\u003c/li\u003e\n\u003cli\u003eThe first morning, we all gather in the slightly too small, and even more slightly under air conditioned FW11 classroom. We go around the room introducing ourselves, and listing a few topics we would be interested in discussing. Eventually the whiteboard is full of topics, with various numbers of ticks beside them to indicate the number of interested people\u003c/li\u003e\n\u003cli\u003eThere are breakout rooms of all sizes, so even topics with only a small group of interested folks can get a lot accomplished\u003c/li\u003e\n\u003cli\u003eThe most difficult is trying to schedule the sessions, as there is much overlap and people usually want to be in concurrent sessions, or someone\u0026#39;s schedule means they won’t be available that day, etc.\u003c/li\u003e\n\u003cli\u003eThis years working groups:\n\n\u003cul\u003e\n\u003cli\u003eToolchain (Compilers, Linkers, External Toolchain, Static analysis and sanitizers)\u003c/li\u003e\n\u003cli\u003eVirtualization (bhyve, xen, jails, docker)\u003c/li\u003e\n\u003cli\u003eTransport (TCP) and Network Performance\u003c/li\u003e\n\u003cli\u003eSecurity and mitigations (W\u003csup\u003eX,\u003c/sup\u003e noexec stack, CFI, ASLR, KASLR, Safe Stack, etc)\u003c/li\u003e\n\u003cli\u003eTesting (Status, What to test, How to test, QA for releases)\u003c/li\u003e\n\u003cli\u003eCapsicum (Automation with LLVM etc, Casper, Namespacing, “Services”, capsh)\u003c/li\u003e\n\u003cli\u003eDesktop / WiFi (drm-next, drivers, resume, power, installer, desktop, OOB Experience)\u003c/li\u003e\n\u003cli\u003eTracing (Blackbox, DTrace, KTR, ptrace, truss, hardware tracing)\u003c/li\u003e\n\u003cli\u003ePackaging and Packaged Base (Sets, Kernels, Ports \u0026amp; flavours, sub-packages, privlib)\u003c/li\u003e\n\u003cli\u003eArchitectural Security Features (CPU Features: SGX, PXN/PAN, Pointer Authentication, AMD Memory Encryption, Libcrunch, RISC-V, CheriABI)\u003c/li\u003e\n\u003cli\u003eArchitectures and Embedded systems (RISC-V, ARM, ARM64, MIPS(64), SPARC64)\u003c/li\u003e\n\u003cli\u003eTeaching (Audiences, Objectives, Targets, Material, future directions)\u003c/li\u003e\n\u003cli\u003eProvisioning and Management Tools (CfgMgmt tools, Image building, VM/bhyve orchestration, Preconfigured VMs for testing, Wishlist)\u003c/li\u003e\n\u003cli\u003eStorage (ZFS status update, ZFS encryption infrastructure, ZFS Zero Copy / Sendfile, Acceleration of checksums and raidz parity calculations, sesutil, mpsutil)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAnd that wasn’t everything. We then had a series of short talklets:\n\n\u003cul\u003e\n\u003cli\u003eEnhancing and replacing mmap()\u003c/li\u003e\n\u003cli\u003eSDIO support\u003c/li\u003e\n\u003cli\u003eeBPF support for FreeBSD\u003c/li\u003e\n\u003cli\u003eTracing + Virtualization\u003c/li\u003e\n\u003cli\u003ePractical DMA Attack Protection\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eOn Thursday night there was a special dinner at St John\u0026#39;s College\u003c/li\u003e\n\u003cli\u003eOverall it was a great DevSummit, and I even managed to get some of the work assigned to me finished. Shortly I will commit an update to the boot loader menu that will automatically populate the kernel selection menu with the automatically detected list of installed kernels. The list is also properly refreshed when you switch boot environments.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.qemu.org/index.php/Hosts/BSD\" rel=\"nofollow\"\u003eHosts/BSD – for when you need to run your BSD inside a penguin\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis wiki provides details on how to run each of the various BSDs under QEMU\u003c/li\u003e\n\u003cli\u003eThe target audience is Linux developers looking to test their apps etc under BSD\u003c/li\u003e\n\u003cli\u003eThe wiki is in need of some love, there are some option questions, and it lacks some polish\u003c/li\u003e\n\u003cli\u003eThere are instructions on building qemu from source, but it should likely mention the qemu-devel port\u003c/li\u003e\n\u003cli\u003eThere should probably also be instructions on using other architectures, like ARM/MIPS etc\u003c/li\u003e\n\u003cli\u003eIf you have used QEMU, or would like to spend the time to learn how, please help update this wiki\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://trust-in-soft.com/memcmp-requires-pointers-to-fully-valid-buffers/\" rel=\"nofollow\"\u003ememcmp -- more complicated than you might expect\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“A suspicious pattern in open-source software”\u003cbr\u003e\nOne bug recently found by John using tis-interpreter on a widely used open-source library involved the comparison of strings with memcmp. The unexpected condition was that memcmp was, in one case, called with a pointer to a buffer shorter than the length passed as third argument, breaking one of the two symmetrical pre-conditions in the function’s ACSL contract\u003cbr\u003e\nA reason that may have made this use of memcmp look okay to the developer is that the buffers being passed to it always differed before the end of the buffers were reached.\u003cbr\u003e\na memcmp implementation based on stopping as soon as a difference is found, would not have caused any out-of-bounds read access\u003cbr\u003e\nThe first question raised was whether the pattern memcmp(\u0026quot;a\u0026quot;, \u0026quot;bc\u0026quot;, 3) was problematic according to the letter of the C standard. If it was, the second question was whether the busy maintainer of one of the Open Source packages that make the Internet tick should be bothered with a bug report.\u003cbr\u003e\nI would like to be able to say that memcmp’s ACSL contract was the product of careful deliberation, but unfortunately this is not the case: many standard function contracts were written quickly in order to get most of the standard library covered, and have not been tested by time. Anyway, upon proofreading the relevant clause in the C11 standard, my feeling was that the ACSL formalization was, in this particular case, right, and that it was undefined behavior to pass as memcmp argument a buffer that wasn’t fully valid, even if the implementation sort-of needs to read the buffer’s characters in order for the purpose of finding the first mismatch.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe post then goes on to look at the memcmp code in glibc\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are two distinct optimizations for long buffers, one that applies when both buffers start at the same offset modulo the word size, memcmp_common_alignment, and one that applies when they don’t, memcmp_not_common_alignment.\u003cbr\u003e\nThe function memcmp_common_alignment is relatively well-behaved: it reads from the two buffers aligned word by aligned word, and thus reads the entire words that contain differing bytes. If the caller passed buffers that aren’t valid after the differing byte, this amounts to reading out of bounds, but this sort of out-of-bounds access is not detected by the typical MMU, which works at the scale of the page.\u003cbr\u003e\nThe “not_common_alignment” case, however, tells a different story. When passed the carefully (mis-)aligned buffers t1 and (char*)t2+1, although these buffers differ in the 8th byte, Glibc’s implementation of memcmp reads 8 bytes beyond the end of t1. By making the 16th byte differ instead of the 8th one, it is also possible to make Glibc’s implementation of memcmp read 16 bytes beyond the end of t1.\u003cbr\u003e\nIn conclusion, yes, some implementations of memcmp will crash when invoked with buffers that aren’t valid for the full length, even if they differ early. The circumstances are rare (probably the reason this bug was still there to be found in a library that had already been tested with all the available techniques) but outside the programmer’s control. The pattern described in this post should be reported as a bug when found.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt is interesting to read the detailed analysis of a bug in such a basic libc feature\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://daemon-notes.com/articles/network/docker\" rel=\"nofollow\"\u003eDocker on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are two approaches to running Docker on FreeBSD. First one was created back in 2015 and it was a native port of Docker engine to FreeBSD. It was an ambitious project but nobody stepped forward to continuously port the never-ending flow of upstream code to FreeBSD. So the port still exists (sysutils/docker-freebsd) but it wasn\u0026#39;t updated since 2015 and it is Docker v1 (it is v17 as of 2017).\u003cbr\u003e\nThe other approach is to use official way of running Docker on platforms other than Linux. Well, somewhat official as Docker still does not support FreeBSD as a host officially. This is docker-machine tool which in turn will use VirtualBox to run a virtual machine with Linux and Docker engine. docker utility on the host will communicate with the engine inside VB where all the work will be done. This article describes what needs to be done to start using it.\u003cbr\u003e\nBefore we begin you need VirtualBox installed. Do not skip adding /boot/loader.conf and /etc/rc.conf lines mentioned on that page. You won\u0026#39;t need user inteface or anything, docker-machine will do all the work, just make sure VirtualBox is present and ready to be used.\u003cbr\u003e\n`pkg install docker docker-machine docker-compose’\u003cbr\u003e\nDocker will store its stuff in ~/.docker. You might not want the virtual machine image files to live in your home, in this case just create a symlink:\u003cbr\u003e\nmkdir ~/.docker\u003cbr\u003e\nln -s /storage/docker ~/.docker/machine\u003cbr\u003e\ndocker-machine create --driver virtualbox \\\u003cbr\u003e\n   --virtualbox-memory 2048 \\\u003cbr\u003e\n   --virtualbox-cpu-count 2 \\\u003cbr\u003e\n   --virtualbox-disk-size 102400 \\\u003cbr\u003e\n   --virtualbox-hostonly-cidr \u0026quot;10.2.1.1/24\u0026quot; \\\u003cbr\u003e\n   docker1\u003cbr\u003e\nHere\u0026#39;s the example. We are creating machine named docker1. It is using VirtualBox driver, the vm has 2G of memory, 2 cores and 100G of disk space. docker-machine setups VirtualBox to use host-only network adapter (it will create vboxnet0 interface on the host automatically) and we are instructing it to use 10.2.1.1/24 as the address of this adapter — change it to what suits your needs or omit this flag (default is 192.168.99.1/24).\u003cbr\u003e\nAnd basically that is all. Check if it is running:\u003cbr\u003e\ndocker-machine ls\u003cbr\u003e\nIf you do open VirtualBox interface you will find a virtual machine named docker1 running. You can start/stop/whatever your machine using docker-machine utility.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere’s how you can connect to the machine:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003edocker utility by default tries to talk to Docker engine running on the same host. However with specific environment variables you can instruct it to talk to other host. docker-machine can export these variables for you.\u003cbr\u003e\neval \u003ccode\u003edocker-machine env docker1\u003c/code\u003e\u003cbr\u003e\ndocker run hello-world\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was quite a bit of discussion about docker at the FreeBSD developers summit in Cambridge during the first week of August. Two docker developers who had worked on the Mac OS X port, one of whom is an OpenBSD advocate, explained how docker has evolved, and the linux-isms have been abstracted away such that a truly native docker solution for FreeBSD can be built and maintained with a lot less headache than before\u003c/li\u003e\n\u003cli\u003eI look forward to seeing if we can’t make that happen\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://shellhaters.org/\" rel=\"nofollow\"\u003eThe POSIX Shell And Utilities\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe POSIX Shell And Utilities\u003c/li\u003e\n\u003cli\u003eCompiled for The Shell Hater\u0026#39;s Handbook\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://dan.langille.org/2017/07/31/postgresql-logging-to-a-file/\" rel=\"nofollow\"\u003ePostgreSQL – logging to a file\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese steps were carried out on FreeBSD 11.0 with PostgreSQL 9.6 (two of my favorite tools).\u003cbr\u003e\nI like logging. I like logging PostgreSQL. With logs, you can see what happened. Without, you can only guess.\u003cbr\u003e\nSetting up logging for PostgreSQL involves several parts, each of which must be completed or else I don’t get what I want. This is not a criticism of PostgreSQL. It’s a feature.\u003cbr\u003e\nI am documenting this because each time I configure a new PostgreSQL instance, it takes me more than one iteration to get it working. The goal: this post lets both you and me get it right the first time.\u003cbr\u003e\nThe parts include:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTelling PostgreSQL to log via syslog\u003c/li\u003e\n\u003cli\u003eTelling FreeBSD to local postgres to /var/log/postgres.log (my preference).\u003c/li\u003e\n\u003cli\u003eTelling PostgreSQL the things you want logged.\u003c/li\u003e\n\u003cli\u003eChanges to postgresql.conf\nThe file location varies with the version installed. For PostgreSQL 9.6 on FreeBSD, the file is /var/db/postgres/data96/postgresql.conf (adjust 96 according to the version installed).\nI made these changes to that file.\n\u003ccode\u003e\nlog_destination = \u0026#39;syslog\u0026#39;\nlog_min_messages = notice\nlog_min_error_statement = notice\nlog_checkpoints = on\nlog_lock_waits = on\nlog_timezone = \u0026#39;UTC\u0026#39;\n\u003c/code\u003e\nBy default, PostgreSQL logs to the local0 facility and is controlled by the syslog_facility in postgresql.conf. This will be used in syslog.conf (see the next section of this post).\nThe above mentioned changes require a reload: \n\u003ccode\u003eservice postgresql reload\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eChanges to /etc/syslog.conf\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow that we have PostgreSQL logging to syslog, we want to tell syslog where to put those messages.\u003cbr\u003e\nI changed this line in /etc/syslog.conf:\u003ccode\u003e*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err  /var/log/messages\u003c/code\u003e\u003cbr\u003e\nWith \u003cem\u003e.notice pulling in some local0 messages, adding local0.none to the line will free the messages up for later use in the configuration file. Otherwise, the PostgreSQL messages will be in /var/log/messages.\u003cbr\u003e\nThe changed line is:\u003cbr\u003e\n`\u003c/em\u003e.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local0.none   /var/log/messages\u003ccode\u003e\u003cbr\u003e\nThen, to get the messages into my preferred location, I added this to the file:\u003cbr\u003e\n\u003c/code\u003elocal0.*     /var/log/postgresql.log`\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLog file rotation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor rotating my log file, I added a new file: /usr/local/etc/newsyslog.conf.d/postgresql96\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e/var/log/postgresql.log     pgsql:wheel  640  7     *    $D0   GB  /var/db/postgres/data96/postmaster.pid 30\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eBefore restarting syslog, I did this, so the destination file existed. This isn’t always/strictly necessary, but because the ownership is not chown root:wheel, I do it to get that part set.\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003etouch /var/log/postgresql.log\nchown pgsql:wheel\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eRestarting syslog:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003esudo kill -HUP `sudo cat /var/run/syslog.pid `\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThat’s it Now you should see PostgreSQL logging in /var/log/postgresql.log.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170729122350\" rel=\"nofollow\"\u003emandoc-1.14.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ei just released portable mandoc-1.14.2. It is available now from \u003ca href=\"http://mandoc.bsd.lv/\" rel=\"nofollow\"\u003ehttp://mandoc.bsd.lv/\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e```From: Ingo Schwarze \u003ca href=\"mailto:schwarze@usta.de\" rel=\"nofollow\"\u003eschwarze@usta.de\u003c/a\u003e\u003cbr\u003e\nDate: Fri, 28 Jul 2017 20:12:44 +0200\u003cbr\u003e\nTo: \u003ca href=\"mailto:discuss@mandoc.bsd.lv\" rel=\"nofollow\"\u003ediscuss@mandoc.bsd.lv\u003c/a\u003e\u003cbr\u003e\nSubject: mandoc-1.14.2 released\u003c/p\u003e\n\n\u003cp\u003eHi,\u003c/p\u003e\n\n\u003cp\u003ei just released portable mandoc-1.14.2.\u003cbr\u003e\nIt is available now from \u003ca href=\"http://mandoc.bsd.lv/\" rel=\"nofollow\"\u003ehttp://mandoc.bsd.lv/\u003c/a\u003e .\u003c/p\u003e\n\n\u003cp\u003eAll downstream maintainers are encouraged to update their ports\u003cbr\u003e\nand packages from 1.14.1 to 1.14.2.\u003c/p\u003e\n\n\u003cp\u003eMandoc 1.14.2 is a feature release introducing:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ea new -Tmarkdown output mode\u003c/li\u003e\n\u003cli\u003eanchors for deep linking into -Thtml manual pages\u003c/li\u003e\n\u003cli\u003ea superset of the functionality of the former mdoclint(1) utility\u003c/li\u003e\n\u003cli\u003ea new -Wstyle message level with several new messages\u003c/li\u003e\n\u003cli\u003eautomatic line breaking inside individual tbl(7) cells\u003c/li\u003e\n\u003cli\u003ea rewrite of the eqn(7) lexer, and some eqn(7) rendering improvements\u003c/li\u003e\n\u003cli\u003esupport for many additional low-level roff(7) features\u003c/li\u003e\n\u003cli\u003eand various smaller features and bug fixes.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eFor more details, see: \u003ca href=\"http://mandoc.bsd.lv/NEWS\" rel=\"nofollow\"\u003ehttp://mandoc.bsd.lv/NEWS\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eWith the improved mandoc features, only twenty-five out of the\u003cbr\u003e\nten thousand software packages in the OpenBSD ports tree still\u003cbr\u003e\nneed groff to format their manual pages.\u003c/p\u003e\n\n\u003cp\u003eSince the project has been called \u0026quot;mandoc\u0026quot; rather than \u0026quot;mdocml\u0026quot;\u003cbr\u003e\nfor several years now, the website, the distribution tarball,\u003cbr\u003e\nand the source extraction directory are now also called \u0026quot;mandoc\u0026quot;\u003cbr\u003e\nrather than \u0026quot;mdocml\u0026quot;.\u003c/p\u003e\n\n\u003cp\u003eThe release was tested on the following systems:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD-current and OpenBSD-stable\u003c/li\u003e\n\u003cli\u003eNetBSD-current\u003c/li\u003e\n\u003cli\u003eillumos\u003c/li\u003e\n\u003cli\u003eDebian Linux\u003c/li\u003e\n\u003cli\u003eVoid Linux x86_64 glibc and musl\u003c/li\u003e\n\u003cli\u003eCrux Linux\u003c/li\u003e\n\u003cli\u003eSunOS 5.11.2, 5.10, and 5.9\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAs before, catman(8) and the regression suite cannot be used on\u003cbr\u003e\nSunOS 5.10 and SunOS 5.9.\u003cbr\u003e\nA big thanks to everybody who provided patches, bug reports,\u003cbr\u003e\nfeature suggestions, advice, and help with testing!\u003cbr\u003e\nYours,\u003cbr\u003e\n  Ingo```\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Swordfish90/cool-retro-term\" rel=\"nofollow\"\u003eA good looking terminal emulator which mimics the old cathode display. Available in x11/cool-retro-terminal\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/milestone-complete-openrc-conversion/\" rel=\"nofollow\"\u003eMilestone Complete! OpenRC conversion\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://illumos.topicbox.com/groups/developer/discussions/T5eae6079331c4df4\" rel=\"nofollow\"\u003eHealthy developer interaction between FreeBSD and IllumOS re: mdb\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170804053102\" rel=\"nofollow\"\u003eLarge Batch of Kernel Errata Patches Released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-17-7-released/\" rel=\"nofollow\"\u003eopnsense 17.7 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/jack/status/892605692317650944\" rel=\"nofollow\"\u003eTwitter Co-Founder and CEO states “FreeBSD rules them all”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHurry up and register for \u003ca href=\"http://www.verisign.com/en_US/internet-technology-news/verisign-events/vbsdcon/index.xhtml?dmn=vBSDcon.com\" rel=\"nofollow\"\u003evBSDCon September 7-9\u003c/a\u003e and \u003ca href=\"https://2017.eurobsdcon.org/\" rel=\"nofollow\"\u003eEuroBSDCon September 21-24\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDominik - \u003ca href=\"http://dpaste.com/08971FQ\" rel=\"nofollow\"\u003eMonitoring Software\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDarren - \u003ca href=\"http://dpaste.com/0YCS4DN\" rel=\"nofollow\"\u003eWonderful Awk\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAndrew - \u003ca href=\"http://dpaste.com/0ZREKTV\" rel=\"nofollow\"\u003eThanks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJens - \u003ca href=\"http://dpaste.com/1GVZNWN\" rel=\"nofollow\"\u003eMigration Questions\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We recap our devsummit experiences at BSDCambridge, share why memcmp is more complicated than expected, explore Docker on FreeBSD, and we look at a retro terminal.","date_published":"2017-08-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/700ab007-00c0-4527-8cf8-1cfd03b3f2ca.mp3","mime_type":"audio/mpeg","size_in_bytes":74300980,"duration_in_seconds":6191}]},{"id":"f5800a25-4b1e-4593-aa7d-eb70bac3bd73","title":"206: To hier is UNIX","url":"https://www.bsdnow.tv/206","content_text":"Lumina Desktop 1.3 is out, we show you a Plasma 5 on FreeBSD tutorial, explore randomness, and more.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nLumina Desktop v1.3 released\n\n\nNotable Changes:\nNew Utility: lumina-mediaplayer. Lumina Media Player is a graphic interface for the Qt QMediaPlayer Class, with Pandora internet radio streaming integration. Lumina Media Player supports many audio formats, including .ogg, .mp3, .mp4, .flac, and .wmv. It is also possible to increase the number of playable formats by installing gstreamer-plugins. This utility is found in the Applications → Utilities section, or opened by typing lumina-mediaplayer in a command line.\n\n\nNew Utility: lumina-xdg-entry. This is another simple utility designed to help users create .desktop entries and shortcuts. Find it in the Utilities application category, or open it by typing lumina-xdg-entry in a command line. \n\nLumina Desktop:\n\n\nDesktop folders are integrated, and can now be manipulated directly from the desktop.\nAdded the automatic settings migration of a desktop monitor (single monitor only, for now).\nNumerous speed and performance improvements with how icons load and the system interacts with the desktop.\n\nLumina-FM:\n\n\nNow fully integrated with lumina-archiver.\nA “System directory” tree pane is available. Options to enable/disable it are being added later, as it is on by default.\nNumerous speed improvements with caching and loading icons.\n\nLumina Texteditor:\n\n\nThere is a new json manifest file format for syntax highlighting support. Users can open this file, customize their highlighting options, and immediately see their changes without rebuilding the utility.\nThe text editor now supports more than 10 different file formats.\nAdded options for file-wide preferences in syntax files. Options include: word wrap, character per line limits, excess whitespace highlighting, font style restrictions, and tab-width settings.\nLTE supports tabs with detach, drag’n’drop, and location customization with the View menu option.\nAdd checkable menu option to show the “unsaved changes” dialogue box on close.\n\nLumina Screenshot:\n\n\nAdjustments to the lumina-screenshot interface.\nAdd an adjustable warning to lumina-screenshot when closing with an unsaved image.\nAdd functionality to select a specific area of the screen for screenshots.\n\nLumina Archiver:\n\n\nFunctionality improvements.\nBug fixes.\nInterface changes.\n\nGeneral Improvements:\n\n\nPermission checks for settings files (all utilities). When launched with sudo, all tools use or create a root-permissioned copy of the user’s settings file. This prevents a settings file being locked by root.\nUI text reworks to help re-unify style.\nAdd hooks to update the desktop with icons for the /media directory when a system uses USB automounting functionality.\nFix Fluxbox bug with windows workspace assignments.\nWork on new utility lumina-notify (not fully functional yet).\nFix panel reporting error crashing lumina-config.\nBug fix for dbus-send calls for Gentoo.\nClean up automatic DPI scaling support.\nBug fix for the panel clock.\nCompton compositor is now disabled by default (but can be manually enabled).\nTranslation file updates.\nDocumentation updates.\n***\n\n\n\nFreeBSD 11.0 and Plasma 5 HowTo\n\n\nHere’s a step-by-step guide to getting a machine with FreeBSD 11 in it, running X, and KDE Plasma 5 Desktop and KDE Applications. It’s the latest thing! (Except that 11-STABLE is in the middle of the pack of what’s supported .. but the KDE bits are fresh. I run 10.3 with KDE4 or Plasma 5 on my physical machines, myself, so the FreeBSD version isn’t that important except that packages are readily available for 11-STABLE, not for 10-STABLE.)\n\n\n\nWe skip the part about installing FreeBSD (it’s in there if you need it) and get right to the important parts that you need: \nAn X Server and a backup X11 environment (ancient):\n\n\n\npkg install xorg xterm twm\n\n\n\nDesktop technologies (modern):\n\n\n\npkg install hal dbus\necho hald_enable=YES \u0026gt;\u0026gt; /etc/rc.conf\necho dbus_enable=YES \u0026gt;\u0026gt; /etc/rc.conf\n\n\n\nNext up, test whether the X server works by running startx and exiting out of twm.\n\n\n\nIf running with ZFS, it’s a good idea to snapshot now, just so you can easily roll back to the it-works-with-basic-X11 setup you have now.\nzfs snapshot -r zroot@x11\n\n\n\nNow swap out the default FreeBSD package repository, for the KDE-FreeBSD community one. This is documented also on the Area51 page.\n\n\n\nmkdir -p /usr/local/etc/pkg/repos\ncd /usr/local/etc/pkg/repos\ncat \u0026gt; FreeBSD.conf \u0026lt;\nFreeBSD: { enabled: no }\nEOF\ncat \u0026gt; Area51.conf \u0026lt;\u0026lt;EOF\nArea51: {\nurl: \"http://meatwad.mouf.net/rubick/poudriere/packages/110-amd64-kde/\",\npriority: 2,\nenabled: yes\n}\nEOF\n\n\n\nTell pkg(8) to refresh itself (it may install a newer pkg, too), then install something nicer than xterm + twm, and then do some post-install configuration:\n\n\n\npkg update\npkg install konsole plasma5-plasma-desktop\necho cuse_load=YES \u0026gt;\u0026gt; /boot/loader.conf\necho webcamd_enable=YES \u0026gt;\u0026gt; /etc/rc.conf\n\n\n\nLog in as your test user, and set up .xinitrc to start Plasma 5:\n\n\n\ncat \u0026gt; .xinitrc \u0026lt;\u0026lt;EOF\n#! /bin/sh\n/usr/local/bin/xterm -geometry +0+0 \u0026amp;\nKDE=/usr/local/bin/startkde\ntest -x $KDE \u0026amp;\u0026amp; exec /usr/local/bin/ck-launch-session $KDE\nexec /usr/local/bin/twm\nEOF\nchmod 755 .xinitrc\n\n\n\nIf you really want, you can run startx, but this isn’t the complete Plasma 5 desktop experience... and KDE Applications are not installed, either. So you get a bare xterm (useful to kill X or start konsole) and kwin and not much else. Good thing that getting the rest of KDE Plasma 5 Desktop and KDE Applications is pretty easy (and we could have skipped the intermediate step with konsole and gone straight to the finish:\n\n\n\npkg install kde\n\n\n\nThis metaport will pull in another 2GiB of stuff, for all the KDE Applications and a complete Plasma desktop. There are intermediate metaports for slightly-less-heavy installations, but this one is easy to remember and will almost certainly get you what you want. So it really comes down to installing X, dbus, hal, and then the kde package. Voila!\n***\n\n\nFull FreeBSD Server on a Raspberry Pi\n\n\nDisclaimer :\n\n\nThe Raspberry PI is a such a great device. You can do a really huge amount of fun things with this little board... \nThe goal of this paper is to show how you can build a full personal server on your Raspberry PI, using FreeBSD and it's packages. \n\nHere's how we'll proceed :\n\n\nGet FreeBSD\nConfigure FreeBSD\nInstall and configure sudo\nConfigure your Wifi with a static IPv4 and IPv6 address\nInstall and start Packet Filter\nInstall and configure nginx with \"let's encrypt\" SSL / PHP / MySQL\nInstall and configure OpenSMTPd and SPAMd\nInstall and configure Netdata with nginx to monitor your system\nAvoid OS detection\n***\n\n\n\nNews Roundup\n\nHardenedBSD, now has openntpd in base\n\n\nOver the past few months, Bernard Spil has been hard at work importing OpenNTPd 6.0p1 in HardenedBSD base. Starting with 12-CURRENT, HardenedBSD will ship with OpenNTPd by default. Just like with LibreSSL in base, HardenedBSD users have a choice when building world of which NTP daemon to use. Users who want to use the legacy NTPd can set WITHOUT_OPENNTPD and WITH_NTP in src.conf(5). Bernard will continue maintaining LibreSSL and OpenNTPd in HardenedBSD base.\nUsers who are upgrading from an existing 12-CURRENT system from source and who use the legacy NTP daemon in base will need to perform the following actions:\n\n\nInstall new world\nRun mergemaster or etcupdate\nsysrc ntpd_enable=\"NO\"\nsysrc local_openntpd_enable=\"YES\"\n\nA binary update will be published within the next 24 hours that contains OpenNTPd in base. Those who use hbsd-update will only need to perform steps 3 and 4 above.\n\n\n\n\nUnix: How random is random\n\n\nSandra Henry-Stocker writes on Networkworld: \n\n\n\nOn Unix systems, random numbers are generated in a number of ways and random data can serve many purposes. From simple commands to fairly complex processes, the question “How random is random?” is worth asking.\nEZ random numbers\nIf all you need is a casual list of random numbers, the RANDOM variable is an easy choice. Type \"echo $RANDOM\" and you'll get a number between 0 and 32,767 (the largest number that two bytes can hold).\n\n\n\nNote: this only works in bash, and is generally a silly thing to do\n\n\n\nOf course, this process is actually providing a \"pseudo-random\" number. As anyone who thinks about random numbers very often might tell you, numbers generated by a program have a limitation. Programs follow carefully crafted steps, and those steps aren’t even close to being truly random. You can increase the randomness of RANDOM's value by seeding it (i.e., setting the variable to some initial value). Some just use the current process ID (via $$) for that. Note that for any particular starting point, the subsequent values that $RANDOM provides are quite predictable.\n\n\n\nMore complex random data\n\n\n\nFor more serious requirements for random data, such as its use in encryption, some more truly random data comes into play. The /dev/random and /dev/urandom files get beyond the predictability of programming by making use of environmental noise gathered from device drivers and other system sources and stored it in an “entropy pool”.\n\n\n\nExamining entropy\nRandomness vs. entropy\nGenerating files with random data\nGenerating random numbers\nBeyond /dev/urandom\n***\n\n\nMoving firmware to userland\n\n\nThis is a post from the DragonFlyBSD mailinglist:\n\n\n\nI would like to introduce a few ideas about the new firmware subsystem.  I assume that it should not require adding a new system tools or modifying boot process.\nSimplification is the first. It would be good to remove parent-child relationship and corresponding functionality. It would significantly simplify firmware handling. Its only practical use is when there are multiple images in one loadable kernel module. The module can be  unloaded when all children are not in use. Usage of the children images is tracked through the counter for the parent image. If images will not be placed inside loadable kernel modules, the parent-child mechanism won't have any practical meaning. I think, currently the mechanism is not used anywhere in the DragonFly system and if it was, it could be easily replaced by putting every child image in its own module without modifying drivers.\nThere are two use cases according to who will provide firmware images to \nthe system:\n\n\ndevelopers of DragonFly BSD (they can modify and rebuild the system)\nthird-parties (they should not be required to modify and rebuild the system)\n\n\nAll firmware images needs to have some information attached (at least, \nif ack with a license is needed) which should be d) stored persistently.\nThe question is where to save the information for non-built-in images. \n\n\n\nVarious solutions are proposed that meet some -- but not all -- of the mentioned requirements, along with pros and cons.\nIt closes with:\n\n\n\nThere would be two firmware sources: kernel and filesystem. In case of the same image names, user could have a choice by setting a kernel environment variable, firmware from which source has higher priority and will be provided to consumer.\n\n\n\n\nOpenBSD changes of note 625\n\n\nContinue with some cleanup and improvement of the depend step of building. Lots of little things to support lex and yacc better as well.\nIntel Optane parts are leaking into the wild, some driver fixes to support them.\nAdd support for pattern substitution to variables in ksh using a common syntax borrowed from ksh93. Or not, reverted.\nDeprecate fgetln.\nAdd detection for missing X sets to syspatch.\nRefinement of the inteldrm code, including better backlight support.\nA special edition of slaacd for the installer.\nAfter much wailing and gnashing of teeth, fix strtol to parse strings like “0xridiculous”.\nA fix for malloc and zero sized allocations when using canaries.\nAdd the ability to pause and unpause VMs in vmd.\nRemove “listen secure” syntax from smtpd.conf. It’s broken since a couple of months and noone complained.\nRemove sending of router solicitations and processing of router advertisements from the kernel.\nThe lidsuspend sysctl has been fully replaced by lidaction.\nFix fortune to filter out unprintable characters. Convert the fortune files to using UTF-8 instead of archaic overprinting. Fortunes with unprintable words may still be obtained with the -o option.\nIntroduce some quirks to the IDE and ATA code to prevent drives from attaching twice on hyper-v.\nAdd vmctl send and receive as well.\nUpdate to xterm 330.\nRemove some magic cleanup from dhclient. It will not deliberately attempt to interfere with other operations on the same interface.\nUpdate libexpat to 2.2.2. Fixes NULL parser dereference.\nIlja Van Sprundel found a whole mess of kernel bugs in this and that. Some info leaks, some erroneous signal handling, some unbounded malloc calls. Lions, tigers, bears. Try to fix them.\n***\n\n\nBeastie Bits\n\n\nHeir - description of the file system hierarchy\nFreeBSD hier(7)\nsshlockout and your logs\nnet-mgmt/netdata can now monitor ZFS pools\nTed Unangst is reviewing some books, chapter by chapter. “Coders at Work”, “Founders at Work”, “the Mythical Man-Month”, “The Pragmatic Programmer”, and “Code: The Hidden Language of Computer Hardware and Software”. This is chapter 5, look for the bookreview tag on the site to find the previous ones\npfSense 2.3.4-p1 release now available\n***\n\n\nFeedback/Questions\n\n\nBen - Thanks\nJay - ZFS and Speed\nPatrick - Portalfs removed?\nSir l33tname - ZFS pool question\n***\n","content_html":"\u003cp\u003eLumina Desktop 1.3 is out, we show you a Plasma 5 on FreeBSD tutorial, explore randomness, and more.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/version-1-3-0-released/\" rel=\"nofollow\"\u003eLumina Desktop v1.3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNotable Changes:\u003c/li\u003e\n\u003cli\u003eNew Utility: lumina-mediaplayer. Lumina Media Player is a graphic interface for the Qt QMediaPlayer Class, with Pandora internet radio streaming integration. Lumina Media Player supports many audio formats, including .ogg, .mp3, .mp4, .flac, and .wmv. It is also possible to increase the number of playable formats by installing gstreamer-plugins. This utility is found in the Applications → Utilities section, or opened by typing lumina-mediaplayer in a command line.\n\n\u003cul\u003e\n\u003cli\u003eNew Utility: lumina-xdg-entry. This is another simple utility designed to help users create .desktop entries and shortcuts. Find it in the Utilities application category, or open it by typing lumina-xdg-entry in a command line. \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLumina Desktop:\n\n\u003cul\u003e\n\u003cli\u003eDesktop folders are integrated, and can now be manipulated directly from the desktop.\u003c/li\u003e\n\u003cli\u003eAdded the automatic settings migration of a desktop monitor (single monitor only, for now).\u003c/li\u003e\n\u003cli\u003eNumerous speed and performance improvements with how icons load and the system interacts with the desktop.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLumina-FM:\n\n\u003cul\u003e\n\u003cli\u003eNow fully integrated with lumina-archiver.\u003c/li\u003e\n\u003cli\u003eA “System directory” tree pane is available. Options to enable/disable it are being added later, as it is on by default.\u003c/li\u003e\n\u003cli\u003eNumerous speed improvements with caching and loading icons.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLumina Texteditor:\n\n\u003cul\u003e\n\u003cli\u003eThere is a new json manifest file format for syntax highlighting support. Users can open this file, customize their highlighting options, and immediately see their changes without rebuilding the utility.\u003c/li\u003e\n\u003cli\u003eThe text editor now supports more than 10 different file formats.\u003c/li\u003e\n\u003cli\u003eAdded options for file-wide preferences in syntax files. Options include: word wrap, character per line limits, excess whitespace highlighting, font style restrictions, and tab-width settings.\u003c/li\u003e\n\u003cli\u003eLTE supports tabs with detach, drag’n’drop, and location customization with the View menu option.\u003c/li\u003e\n\u003cli\u003eAdd checkable menu option to show the “unsaved changes” dialogue box on close.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLumina Screenshot:\n\n\u003cul\u003e\n\u003cli\u003eAdjustments to the lumina-screenshot interface.\u003c/li\u003e\n\u003cli\u003eAdd an adjustable warning to lumina-screenshot when closing with an unsaved image.\u003c/li\u003e\n\u003cli\u003eAdd functionality to select a specific area of the screen for screenshots.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLumina Archiver:\n\n\u003cul\u003e\n\u003cli\u003eFunctionality improvements.\u003c/li\u003e\n\u003cli\u003eBug fixes.\u003c/li\u003e\n\u003cli\u003eInterface changes.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eGeneral Improvements:\n\n\u003cul\u003e\n\u003cli\u003ePermission checks for settings files (all utilities). When launched with sudo, all tools use or create a root-permissioned copy of the user’s settings file. This prevents a settings file being locked by root.\u003c/li\u003e\n\u003cli\u003eUI text reworks to help re-unify style.\u003c/li\u003e\n\u003cli\u003eAdd hooks to update the desktop with icons for the /media directory when a system uses USB automounting functionality.\u003c/li\u003e\n\u003cli\u003eFix Fluxbox bug with windows workspace assignments.\u003c/li\u003e\n\u003cli\u003eWork on new utility lumina-notify (not fully functional yet).\u003c/li\u003e\n\u003cli\u003eFix panel reporting error crashing lumina-config.\u003c/li\u003e\n\u003cli\u003eBug fix for dbus-send calls for Gentoo.\u003c/li\u003e\n\u003cli\u003eClean up automatic DPI scaling support.\u003c/li\u003e\n\u003cli\u003eBug fix for the panel clock.\u003c/li\u003e\n\u003cli\u003eCompton compositor is now disabled by default (but can be manually enabled).\u003c/li\u003e\n\u003cli\u003eTranslation file updates.\u003c/li\u003e\n\u003cli\u003eDocumentation updates.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=1609\" rel=\"nofollow\"\u003eFreeBSD 11.0 and Plasma 5 HowTo\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere’s a step-by-step guide to getting a machine with FreeBSD 11 in it, running X, and KDE Plasma 5 Desktop and KDE Applications. It’s the latest thing! (Except that 11-STABLE is in the middle of the pack of what’s supported .. but the KDE bits are fresh. I run 10.3 with KDE4 or Plasma 5 on my physical machines, myself, so the FreeBSD version isn’t that important except that packages are readily available for 11-STABLE, not for 10-STABLE.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe skip the part about installing FreeBSD (it’s in there if you need it) and get right to the important parts that you need: \u003c/li\u003e\n\u003cli\u003eAn X Server and a backup X11 environment (ancient):\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epkg install xorg xterm twm\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDesktop technologies (modern):\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epkg install hal dbus\u003cbr\u003e\necho hald_enable=YES \u0026gt;\u0026gt; /etc/rc.conf\u003cbr\u003e\necho dbus_enable=YES \u0026gt;\u0026gt; /etc/rc.conf\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext up, test whether the X server works by running startx and exiting out of twm.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf running with ZFS, it’s a good idea to snapshot now, just so you can easily roll back to the it-works-with-basic-X11 setup you have now.\u003cbr\u003e\nzfs snapshot -r zroot@x11\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow swap out the default FreeBSD package repository, for the KDE-FreeBSD community one. This is documented also on the \u003ca href=\"https://community.kde.org/FreeBSD/Setup/Area51\" rel=\"nofollow\"\u003eArea51 page\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003emkdir -p /usr/local/etc/pkg/repos\u003cbr\u003e\ncd /usr/local/etc/pkg/repos\u003cbr\u003e\ncat \u0026gt; FreeBSD.conf \u0026lt;\u003cEOF\u003cbr\u003e\nFreeBSD: { enabled: no }\u003cbr\u003e\nEOF\u003cbr\u003e\ncat \u003e Area51.conf \u0026lt;\u0026lt;EOF\u003cbr\u003e\nArea51: {\u003cbr\u003e\nurl: \u0026quot;\u003ca href=\"http://meatwad.mouf.net/rubick/poudriere/packages/110-amd64-kde/\" rel=\"nofollow\"\u003ehttp://meatwad.mouf.net/rubick/poudriere/packages/110-amd64-kde/\u003c/a\u003e\u0026quot;,\u003cbr\u003e\npriority: 2,\u003cbr\u003e\nenabled: yes\u003cbr\u003e\n}\u003cbr\u003e\nEOF\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTell pkg(8) to refresh itself (it may install a newer pkg, too), then install something nicer than xterm + twm, and then do some post-install configuration:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epkg update\u003cbr\u003e\npkg install konsole plasma5-plasma-desktop\u003cbr\u003e\necho cuse_load=YES \u0026gt;\u0026gt; /boot/loader.conf\u003cbr\u003e\necho webcamd_enable=YES \u0026gt;\u0026gt; /etc/rc.conf\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLog in as your test user, and set up .xinitrc to start Plasma 5:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ecat \u0026gt; .xinitrc \u0026lt;\u0026lt;EOF\u003cbr\u003e\n\u0026#35;\u0026#33; /bin/sh\u003cbr\u003e\n/usr/local/bin/xterm -geometry +0+0 \u0026amp;\u003cbr\u003e\nKDE=/usr/local/bin/startkde\u003cbr\u003e\ntest -x $KDE \u0026amp;\u0026amp; exec /usr/local/bin/ck-launch-session $KDE\u003cbr\u003e\nexec /usr/local/bin/twm\u003cbr\u003e\nEOF\u003cbr\u003e\nchmod 755 .xinitrc\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you really want, you can run startx, but this isn’t the complete Plasma 5 desktop experience... and KDE Applications are not installed, either. So you get a bare xterm (useful to kill X or start konsole) and kwin and not much else. Good thing that getting the rest of KDE Plasma 5 Desktop and KDE Applications is pretty easy (and we could have skipped the intermediate step with konsole and gone straight to the finish:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epkg install kde\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis metaport will pull in another 2GiB of stuff, for all the KDE Applications and a complete Plasma desktop. There are intermediate metaports for slightly-less-heavy installations, but this one is easy to remember and will almost certainly get you what you want. So it really comes down to installing X, dbus, hal, and then the kde package. Voila!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.cagedmonster.net/setup-full-server-with-freebsd-on-raspberrypi/\" rel=\"nofollow\"\u003eFull FreeBSD Server on a Raspberry Pi\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDisclaimer :\n\n\u003cul\u003e\n\u003cli\u003eThe Raspberry PI is a such a great device. You can do a really huge amount of fun things with this little board... \u003c/li\u003e\n\u003cli\u003eThe goal of this paper is to show how you can build a full personal server on your Raspberry PI, using FreeBSD and it\u0026#39;s packages. \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eHere\u0026#39;s how we\u0026#39;ll proceed :\n\n\u003cul\u003e\n\u003cli\u003eGet FreeBSD\u003c/li\u003e\n\u003cli\u003eConfigure FreeBSD\u003c/li\u003e\n\u003cli\u003eInstall and configure sudo\u003c/li\u003e\n\u003cli\u003eConfigure your Wifi with a static IPv4 and IPv6 address\u003c/li\u003e\n\u003cli\u003eInstall and start Packet Filter\u003c/li\u003e\n\u003cli\u003eInstall and configure nginx with \u0026quot;let\u0026#39;s encrypt\u0026quot; SSL / PHP / MySQL\u003c/li\u003e\n\u003cli\u003eInstall and configure OpenSMTPd and SPAMd\u003c/li\u003e\n\u003cli\u003eInstall and configure Netdata with nginx to monitor your system\u003c/li\u003e\n\u003cli\u003eAvoid OS detection\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2017-06-27/introducing-openntpd-base\" rel=\"nofollow\"\u003eHardenedBSD, now has openntpd in base\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver the past few months, Bernard Spil has been hard at work importing OpenNTPd 6.0p1 in HardenedBSD base. Starting with 12-CURRENT, HardenedBSD will ship with OpenNTPd by default. Just like with LibreSSL in base, HardenedBSD users have a choice when building world of which NTP daemon to use. Users who want to use the legacy NTPd can set WITHOUT_OPENNTPD and WITH_NTP in src.conf(5). Bernard will continue maintaining LibreSSL and OpenNTPd in HardenedBSD base.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eUsers who are upgrading from an existing 12-CURRENT system from source and who use the legacy NTP daemon in base will need to perform the following actions:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstall new world\u003c/li\u003e\n\u003cli\u003eRun mergemaster or etcupdate\u003c/li\u003e\n\u003cli\u003esysrc ntpd_enable=\u0026quot;NO\u0026quot;\u003c/li\u003e\n\u003cli\u003esysrc local_openntpd_enable=\u0026quot;YES\u0026quot;\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA binary update will be published within the next 24 hours that contains OpenNTPd in base. Those who use hbsd-update will only need to perform steps 3 and 4 above.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.networkworld.com/article/3208389/linux/unix-how-random-is-random.html\" rel=\"nofollow\"\u003eUnix: How random is random\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSandra Henry-Stocker writes on Networkworld: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn Unix systems, random numbers are generated in a number of ways and random data can serve many purposes. From simple commands to fairly complex processes, the question “How random is random?” is worth asking.\u003cbr\u003e\nEZ random numbers\u003cbr\u003e\nIf all you need is a casual list of random numbers, the RANDOM variable is an easy choice. Type \u0026quot;echo $RANDOM\u0026quot; and you\u0026#39;ll get a number between 0 and 32,767 (the largest number that two bytes can hold).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNote: this only works in bash, and is generally a silly thing to do\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOf course, this process is actually providing a \u0026quot;pseudo-random\u0026quot; number. As anyone who thinks about random numbers very often might tell you, numbers generated by a program have a limitation. Programs follow carefully crafted steps, and those steps aren’t even close to being truly random. You can increase the randomness of RANDOM\u0026#39;s value by seeding it (i.e., setting the variable to some initial value). Some just use the current process ID (via $$) for that. Note that for any particular starting point, the subsequent values that $RANDOM provides are quite predictable.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore complex random data\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor more serious requirements for random data, such as its use in encryption, some more truly random data comes into play. The /dev/random and /dev/urandom files get beyond the predictability of programming by making use of environmental noise gathered from device drivers and other system sources and stored it in an “entropy pool”.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eExamining entropy\u003c/li\u003e\n\u003cli\u003eRandomness vs. entropy\u003c/li\u003e\n\u003cli\u003eGenerating files with random data\u003c/li\u003e\n\u003cli\u003eGenerating random numbers\u003c/li\u003e\n\u003cli\u003eBeyond /dev/urandom\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/kernel/2017-July/239413.html\" rel=\"nofollow\"\u003eMoving firmware to userland\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a post from the DragonFlyBSD mailinglist:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI would like to introduce a few ideas about the new firmware subsystem.  I assume that it should not require adding a new system tools or modifying boot process.\u003cbr\u003e\nSimplification is the first. It would be good to remove parent-child relationship and corresponding functionality. It would significantly simplify firmware handling. Its only practical use is when there are multiple images in one loadable kernel module. The module can be  unloaded when all children are not in use. Usage of the children images is tracked through the counter for the parent image. If images will not be placed inside loadable kernel modules, the parent-child mechanism won\u0026#39;t have any practical meaning. I think, currently the mechanism is not used anywhere in the DragonFly system and if it was, it could be easily replaced by putting every child image in its own module without modifying drivers.\u003cbr\u003e\nThere are two use cases according to who will provide firmware images to \u003cbr\u003e\nthe system:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003edevelopers of DragonFly BSD (they can modify and rebuild the system)\u003c/li\u003e\n\u003cli\u003ethird-parties (they should not be required to modify and rebuild the system)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAll firmware images needs to have some information attached (at least, \u003cbr\u003e\nif ack with a license is needed) which should be d) stored persistently.\u003cbr\u003e\nThe question is where to save the information for non-built-in images. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eVarious solutions are proposed that meet some -- but not all -- of the mentioned requirements, along with pros and cons.\u003c/li\u003e\n\u003cli\u003eIt closes with:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere would be two firmware sources: kernel and filesystem. In case of the same image names, user could have a choice by setting a kernel environment variable, firmware from which source has higher priority and will be provided to consumer.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tedunangst.com/flak/post/openbsd-changes-of-note-625\" rel=\"nofollow\"\u003eOpenBSD changes of note 625\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eContinue with some cleanup and improvement of the depend step of building. Lots of little things to support lex and yacc better as well.\u003c/li\u003e\n\u003cli\u003eIntel Optane parts are leaking into the wild, some driver fixes to support them.\u003c/li\u003e\n\u003cli\u003eAdd support for pattern substitution to variables in ksh using a common syntax borrowed from ksh93. Or not, reverted.\u003c/li\u003e\n\u003cli\u003eDeprecate fgetln.\u003c/li\u003e\n\u003cli\u003eAdd detection for missing X sets to syspatch.\u003c/li\u003e\n\u003cli\u003eRefinement of the inteldrm code, including better backlight support.\u003c/li\u003e\n\u003cli\u003eA special edition of slaacd for the installer.\u003c/li\u003e\n\u003cli\u003eAfter much wailing and gnashing of teeth, fix strtol to parse strings like “0xridiculous”.\u003c/li\u003e\n\u003cli\u003eA fix for malloc and zero sized allocations when using canaries.\u003c/li\u003e\n\u003cli\u003eAdd the ability to pause and unpause VMs in vmd.\u003c/li\u003e\n\u003cli\u003eRemove “listen secure” syntax from smtpd.conf. It’s broken since a couple of months and noone complained.\u003c/li\u003e\n\u003cli\u003eRemove sending of router solicitations and processing of router advertisements from the kernel.\u003c/li\u003e\n\u003cli\u003eThe lidsuspend sysctl has been fully replaced by lidaction.\u003c/li\u003e\n\u003cli\u003eFix fortune to filter out unprintable characters. Convert the fortune files to using UTF-8 instead of archaic overprinting. Fortunes with unprintable words may still be obtained with the -o option.\u003c/li\u003e\n\u003cli\u003eIntroduce some quirks to the IDE and ATA code to prevent drives from attaching twice on hyper-v.\u003c/li\u003e\n\u003cli\u003eAdd vmctl send and receive as well.\u003c/li\u003e\n\u003cli\u003eUpdate to xterm 330.\u003c/li\u003e\n\u003cli\u003eRemove some magic cleanup from dhclient. It will not deliberately attempt to interfere with other operations on the same interface.\u003c/li\u003e\n\u003cli\u003eUpdate libexpat to 2.2.2. Fixes NULL parser dereference.\u003c/li\u003e\n\u003cli\u003eIlja Van Sprundel found a whole mess of kernel bugs in this and that. Some info leaks, some erroneous signal handling, some unbounded malloc calls. Lions, tigers, bears. Try to fix them.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lud.cc/programming/man-hier/\" rel=\"nofollow\"\u003eHeir - description of the file system hierarchy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/cgi/man.cgi?query=hier\u0026format=html\" rel=\"nofollow\"\u003eFreeBSD hier(7)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-July/626020.html\" rel=\"nofollow\"\u003esshlockout and your logs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=446144\" rel=\"nofollow\"\u003enet-mgmt/netdata can now monitor ZFS pools\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.tedunangst.com/flak/post/books-chapter-five\" rel=\"nofollow\"\u003eTed Unangst is reviewing some books, chapter by chapter. “Coders at Work”, “Founders at Work”, “the Mythical Man-Month”, “The Pragmatic Programmer”, and “Code: The Hidden Language of Computer Hardware and Software”. This is chapter 5, look for the bookreview tag on the site to find the previous ones\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.netgate.com/blog/pfsense-2-3-4-p1-release-now-available.html\" rel=\"nofollow\"\u003epfSense 2.3.4-p1 release now available\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0V84RN7\" rel=\"nofollow\"\u003eBen - Thanks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3KRWRS0\" rel=\"nofollow\"\u003eJay - ZFS and Speed\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0M9STNX\" rel=\"nofollow\"\u003ePatrick - Portalfs removed?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2H0Y3R5\" rel=\"nofollow\"\u003eSir l33tname - ZFS pool question\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Lumina Desktop 1.3 is out, we show you a Plasma 5 on FreeBSD tutorial, explore randomness, and more.","date_published":"2017-08-09T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f5800a25-4b1e-4593-aa7d-eb70bac3bd73.mp3","mime_type":"audio/mpeg","size_in_bytes":65122708,"duration_in_seconds":5426}]},{"id":"6923958e-7e04-4d74-9642-e10ec45fa15c","title":"205: FreeBSD Turning it up to 11.1","url":"https://www.bsdnow.tv/205","content_text":"FreeBSD 11.1-RELEASE is out, we look at building at BSD home router, how to be your own OpenBSD VPN provider, and find that glob matching can be simple and fast.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 11.1-RELEASE\n\n\nFreeBSD 11.1 was released on July 26th\nYou can download it as an ISO or USB image, a prebuilt VM Image (vmdk, vhd, qcow2, or raw), and it is available as a cloud image (Amazon EC2, Microsoft Azure, Google Compute Engine, Vagrant)\nThanks to everyone, including the release engineering team who put so much time and effort into managing this release and making sure it came out on schedule, all of the FreeBSD developers who contributed the features, the companies that sponsored that development, and the users who tested the betas and release candidates.\nSupport for blacklistd(8) has been added to OpenSSH\nThe cron(8) utility has been updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by default.\nThe syslogd(8) utility has been updated to add the include keyword which allows specifying     a directory containing configuration files to be included in addition to syslog.conf(5). The default     syslog.conf(5) has been updated to include /etc/syslog.d and /usr/local/etc/syslog.d by default.\nThe zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options\nThe efivar(8) utility has been added, providing an interface to manage UEFI variables.\nThe ipsec and tcpmd5 kernel modules have been added, these can now be loaded without having to recompile the kernel\nA number of new IPFW modules including Network Prefix Translation for IPv6 as defined in RFC 6296, stateless and stateful NAT64, and a module to modify the TCP-MSS of packets\nA huge array of driver updates and additions\nThe NFS client now supports the Amazon® Elastic File System™ (EFS)\nThe new ZFS Compressed ARC feature was added, and is enabled by default\nThe EFI loader has been updated to support TFTPFS, providing netboot support without requiring an NFS server\nFor a complete list of new features and known problems, please see the online release notes and errata list, available at:\n\n\nFreeBSD 11.1-RELEASE Release Notes\nFreeBSD 11.1-RELEASE Errata\nFor more information about FreeBSD release engineering activities, please see: Release Engineering Information\n\nAvailability\n\n\nFreeBSD 11.1-RELEASE is now available for the amd64, i386, powerpc, powerpc64, sparc64, armv6, and aarch64 architectures.\nFreeBSD 11.1-RELEASE can be installed from bootable ISO images or over the network. Some architectures also support installing from a USB memory stick. The required files can be downloaded as described in the section below.\nSHA512 and SHA256 hashes for the release ISO, memory stick, and SD card images are included at the bottom of this message.\nPGP-signed checksums for the release images are also available at: FreeBSD 11.1 Release Checksum Signatures\nA PGP-signed version of this announcement is available at: FreeBSD 11.1-RELEASE Announcement\n***\n\n\n\nBuilding a BSD home router  - ZFS and Jails\n\n\nPart of a series of posts about building a router:\n\n\nPart 1 -- discussing why you want to build your own router and how to assemble the APU2\nPart 2 -- some Unix history explanation of what a serial console is\nPart 3 -- demonstrating serial access to the APU and covering firmware update\nPart 4 -- installing pfSense\nPart 5 -- installing OPNsense instead\nPart 6 -- Comparison of pfSense and OPNsense\nPart 7 -- Advanced installation of OPNsense\n\nAfter the advanced installation in part 7, the tutorials covers converting an unused partition into swap space, and converting the system to ZFS\nAfter creating a new pool using the set aside partition, some datasets are created, and the log files, ports, and obj ZFS datasets are mounted\nThe tutorial then goes on to cover how to download the ports tree, and install additional software on the router\nI wonder what part 9 will be about.\n***\n\n\nBe your own VPN provider with OpenBSD (v2)\n\n\nThis article covers how to build your own VPN server with some advanced features including:\n\n\nFull Disk Encryption (FDE)\nSeparate CA/signing machine (optional)\nMultiple DNSCrypt proxy instances for failover\nOpenVPN: Certificate Revocation List/CRL (optional)\nOpenVPN: TLS 1.2 only\nOpenVPN: TLS cipher based on AES-256-GCM only\nOpenVPN: HMAC-SHA512 instead of HMAC-SHA1\nOpenVPN: TLS encryption of control channel (makes it harder to identify OpenVPN traffic)\n\nThe article starts with an explanation of the differences between OpenVPN and IPSEC.\nIn the end the author chose OpenVPN because you can select the port it runs on, and it has a better chance of working from hotel or coffee shop WiFi.\nThe guide them walks through doing an installation on an encrypted disk, with a caution about the limitations of encrypted disk with virtual machines hosted by other parties.\nThe guide then locks down the newly installed system, configuring SSH for keys only, adding some PF rules, and configuring doas\nThen networking is configured, including enabling IP forwarding since this machine is going to act as the VPN gateway\nThen a large set of firewall rules are created that NAT the VPN traffic out of the gateway, except for DNS requests that are redirected to the gateways local unbound\nThen some python scripts are provided to block brute force attempts\n\n\n\nWe will use DNSCrypt to make our DNS requests encrypted, and Unbound to have a local DNS cache. This will allow us to avoid using our VPS provider DNS servers, and will also be useful to your future VPN clients which will be able to use your VPN server as their DNS server too\nBefore configuring Unbound, which is the local DNS cache which will make requests to dnscrypt_proxy, we can configure an additional dnscrypt instance, as explained in the pkg readme. Indeed, dnscrypt DNS servers being public ones, they often goes into maintenance, become offline or temporarily unreachable. To address this issue, it is possible to setup multiple dnscrypt instances. Below are the steps to follow to add one, but you can add more if you wish\n\n\n\nThen a CA and Certificate are created for OpenVPN\nOpenVPN is installed and configured as a server\nConfiguration is also provided for a client, and a mobile client\nThanks to the author for this great tutorial\nYou might also want to check out this section from their 2015 version of this post: Security vs Anonymity\n***\n\n\nEssen Hackathon Trip - Benedict Reuschling\n\n\nOver on the FreeBSD Foundation Blog, Benedict provides a detailed overview of the Essen Hackathon we were at a few weeks ago.\nHead over there and give it a read, and get a feel for what these smaller type of community events are like. Hopefully you can attend, or better yet, organize, a similar event in your area.\n\n\n\n\nNews Roundup\n\nBlog about my self-hosted httpd blog\n\n\nI really like Twitter because it allows me to share short messages, we have a great community, and 140 characters are enough for everybody.\nAnd this statement was exactly 140 characters, but sometimes I want to say more than that. And that's why I finally created this new blog. I was never really into blogging because I barely had time or the audience to write long articles. I sometimes wrote short stories for sites like undeadly.org, I collected some of them here, but my own blog was hosted on tumblr and never saw any activity.\nI want to try it again, and this time I decided to create a self-hosted blog. Something that runs on my own server and with httpd, the web server that I wrote for OpenBSD. So I was looking for potential blogging tools that I could use to run my own blog. Besides the popular and heavyweight ones such as WordPress, there are countless other options: I looked at blogs from fellow developers, such as Ted Unangst's flak (I like the fact that it is written in Lua but the implementation is a bit over my head), or Pelican that is used by Peter Hessler for bad.network (but, sorry, I don't like Python), and finally Kristaps Dzonsons' sblg that is used for all of his projects and blogs. I decided to use sblg.\nKristaps keeps on releasing very useful free software. Most well-known is mandoc, at least everyone is using it for manpages these days, but there is is also his BCHS (beaches) web stack which strongly advertises OpenBSD's httpd. Great. I also use kcgi whenever I have to write small CGIs. So sblg seemed like the right choice to me.\nLet me quickly iterate over my current Makefile. I keep on tweaking this file, so it might have been changed by the time you are reading this article. Please note that the Makefile is written for OpenBSD's make, a distant derivative of pmake which is not like GNU make.\nI'm not a designer or web developer, but I appreciate good looking web pages. I wanted to have something that is responsive, works on desktops and mobiles, looks somewhat modern, works without JavaScript, but doesn't disqualify me for all the eye candy from a geek point of view.\nI bootstrapped the theme by creating a simple grid layout with a fairly typical blog style: banner, top menu, middle text, sidebar. In 2017, bootstrap is probably a vintage (or retro) framework but it makes it very easy to create responsive pages with a proper layout and without caring about all the CSS and HTML5 madness too much. I also use Font Awesome because it is awesome, provides some fancy icons, and was suggested in sblg's example templates (let's blame Kristaps for it). I do not include any JavaScript which prevents me from using bootstrap's responsive hamburger menu.\nI have to admit that \"reykfloeter\" is not an ideal name for a blog. My actual name is \"Reyk Flöter\", and I normally just use my first name \"reyk\" as a user- and nickname, but it was taken when I registered my Twitter account and the related domain. So I picked reykfloeter in a few places.\nI'm aware that my German last name is nearly unpronounceable for others, so \"reykfloeter\" appears like a random concatenation of letters. As most of us, I own a number of domains and maybe I should move the blog to bsd.plumbing (which is used as a home for relayd and httpd), arc4random.com (but I intended to use it as a fine OpenBSD-powered Entropy-as-a-Service for poor Linuxers), or even copper.coffee?\nIn addition to the domain, I also need a good blog name or tag line. A very memorable example in the BSD world is Peter Hansteen's THAT GRUMPY BSD GUY blog. So what should I use?\n\n\n\nReyk Flöter's blog\n\n\nOpenBSD hacker. Coffee nerd. Founder.\nAsk Reyk (imaginary how-tos and 10 step guides)\n[Sewage, Drainage and BSD Plumbing](bsd.plumbing/blog)\n[A Replacement Call for Random](arc4random.com)\n[Coffee with Reyk](copper.coffee)\n\n\n\n\nFor now it will just be reykfloeter - blog\n\n\n\n\niXsystems releases the X10\n\n\n TrueNAS X10 is the the 3rd generation of the TrueNAS unified storage line. The X10 is the first of a new TrueNAS series, and will be expandable to up to 360TB with the TrueNAS ES12 expansion shelf.\nThe X10 is cost effective, at a 30% lower price point than the Z20, making it an effective addition to your backup/DR infrastructure. The street price of a 20TB non-HA model falls under $10K. It’s designed to move with six predefined configurations that match common use cases. The dual controllers for high availability are an optional upgrade to ensure business continuity and avoid downtime.\nThe X10 boasts 36 hot swap SAS using two expansion shelves, for up to 360TB of storage, allowing you to backup thousands of VMs or share tens of thousands of files. One of the use cases for TrueNAS X10 is for backup, so users can upgrade the X10 to two ports of blazing 10GigE connectivity. The 20TB non-HA model enables you to backup over 7,000 VDI VMs for under $3.00 per VM. Overall, the X10 is a greener solution than the TrueNAS Z product line, with the non-HA version boasting only 138 watts of power and taking up only 2U of space.\nBest of all, the TrueNAS X10 starts at $5,500 street. You can purchase a 120TB configuration today for under $20K street.\n\n\nGlob Matching Can Be Simple And Fast Too\n\n\nHere’s a straightforward benchmark. Time how long it takes to run ls (a*)nb in a directory with a single file named a100, compared to running ls | grep (a.*)nb. Superscripts denote string repetition and parentheses are for grouping only, so that when n is 3, we’re running ls a*a*a*b in a directory containing the single file aaa…aaa (100 a’s), compared against ls | grep a.*a.*a.*b in the same directory.\nThe exception seems to be the original Berkeley csh, which runs in linear time (more precisely, time linear in n). Looking at the source code, it doesn’t attempt to perform glob expansion itself. Instead it calls the C library implementation glob(3), which runs in linear time, at least on this Linux system. So maybe we should look at programming language implementations too.\nMost programming languages provide some kind of glob expansion, like C’s glob. Let’s repeat the experiment in a variety of different programming languages:\nPerhaps the most interesting fact evident in the graph is that GNU glibc, the C library used on Linux systems, has a linear-time glob implementation, but BSD libc, the C library used on BSD and macOS systems, has an exponential-time implementation.\nPHP is not shown in the graph, because its glob function simply invokes the host C library’s glob(3), so that it runs in linear time on Linux and in exponential time on non-Linux systems. (I have not tested what happens on Windows.) All the languages shown in the graph, however, implement glob matching without using the host C library, so the results should not vary by host operating system.\nThe netkit ftpd runs quickly on Linux because it relies on the host C library’s glob function. If run on BSD, the netkit ftpd would take exponential time. ProFTPD ships a copy of the glibc glob, so it should run quickly even on BSD systems. Ironically, Pure-FTPd and tnftpd take exponential time on Linux because they ship a copy of the BSD glob function. Presumably they do this to avoid assuming that the host C library is bug-free, but, at least in this one case, the host C library is better than the one they ship.\n\n\n\nAdditional Reading\n\n\n\nThis post is an elaboration of an informal 2012 Google+ post showing that most shells used exponential-time glob expansion. At the time, Tom Duff, the author of Plan 9’s rc shell, commented that, “I can confirm that rc gets it wrong. My excuse, feeble as it is, is that doing it that way meant that the code took 10 minutes to write, but it took 20 years for someone to notice the problem. (That’s 10 ‘programmer minutes’, i.e. less than a day.)” I agree that’s a reasonable decision for a shell. In contrast, a language library routine, not to mention a network server, today needs to be robust against worst-case inputs that might be controlled by remote attackers, but nearly all of the code in question predates that kind of concern. I didn’t realize the connection to FTP servers until I started doing additional research for this post and came across a reference to CVE-2010-2632 in FreeBSD’s glob implementation.\n\n\n\n\nBSD VPS Providers Needed\n\n\nOne of TDP’s recent projects is accumulating a list of virtual private server services (VPS) that provide a BSD option.\nVPS’s are generally inexpensive services that enable the user to only concern themselves with software configuration, and not be bothered with hardware or basic operating system setup. In the pre-Cloud era, VPS providers were the “other people’s computers” that users outsourced their systems to.\nThe same shortcomings of cloud services apply to VPS providers. You don’t control the hardware. Your files are likely viewable by users up the directory hierarchy. The entropy source or pool is a single source for multiple systems. The same time drift applies to all time-keeping services.\nNevertheless, VPS services are often cheap and provide a good spread in terms of geography. All a provider really needs is a few server-grade computers and a decent network connection. VPS’s are still a gateway drug to bare-metal servers, although it seems more and more of these gateway users stop at stage one.\nCheap systems with a public IP are also a great way to tinker with a new operating system.\nFor this reason, TDP created this list of BSD VPS providers. Some explicitly deny running Tor as a server. Some just reference vague “proxy services.” Others don’t mention Tor or proxies at all.\nThe list is a start with currently just under 70 VPS providers listed. Input through various channels already started, and TDP intends to update the list over the coming months. A first draft email and open letter addressed to the providers were drafted, and we are looking to speak directly to at least some of the better-known BSD VPS providers.\nWe may be able to convince a few to allow public Tor relays, or at least published bridges. These providers could be new BSD users’ gateway drug into the world of BSD Tor nodes. Running a Tor relay shouldn’t be considered a particularly risky activity. Maybe we can adjust that perception.\nLet us know any input via email or GitHub, and we’ll be glad to make updates.\n\n\n\n\nBeastie Bits\n\n\nAvoid OS Detection with OpenBSD\nTrueOS update to fix updating\nMidnightBSD 0.8.5 VirtualBox Install\nBSD Pizza Night in Portland\n***\n\n\nFeedback/Questions\n\n\nAndrew - BSDCan videos?\nMarc - The Rock64 Board\nJason - Follow up on UEFI and Bhyve\nPatrick - EFI booting\n***\n","content_html":"\u003cp\u003eFreeBSD 11.1-RELEASE is out, we look at building at BSD home router, how to be your own OpenBSD VPN provider, and find that glob matching can be simple and fast.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/11.1R/relnotes.html\" rel=\"nofollow\"\u003eFreeBSD 11.1-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/11.1R/announce.asc\" rel=\"nofollow\"\u003eFreeBSD 11.1 was released on July 26th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can download it as an ISO or USB image, a prebuilt VM Image (vmdk, vhd, qcow2, or raw), and it is available as a cloud image (Amazon EC2, Microsoft Azure, Google Compute Engine, Vagrant)\u003c/li\u003e\n\u003cli\u003eThanks to everyone, including the release engineering team who put so much time and effort into managing this release and making sure it came out on schedule, all of the FreeBSD developers who contributed the features, the companies that sponsored that development, and the users who tested the betas and release candidates.\u003c/li\u003e\n\u003cli\u003eSupport for blacklistd(8) has been added to OpenSSH\u003c/li\u003e\n\u003cli\u003eThe cron(8) utility has been updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by default.\u003c/li\u003e\n\u003cli\u003eThe syslogd(8) utility has been updated to add the include keyword which allows specifying     a directory containing configuration files to be included in addition to syslog.conf(5). The default     syslog.conf(5) has been updated to include /etc/syslog.d and /usr/local/etc/syslog.d by default.\u003c/li\u003e\n\u003cli\u003eThe zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options\u003c/li\u003e\n\u003cli\u003eThe efivar(8) utility has been added, providing an interface to manage UEFI variables.\u003c/li\u003e\n\u003cli\u003eThe ipsec and tcpmd5 kernel modules have been added, these can now be loaded without having to recompile the kernel\u003c/li\u003e\n\u003cli\u003eA number of new IPFW modules including Network Prefix Translation for IPv6 as defined in RFC 6296, stateless and stateful NAT64, and a module to modify the TCP-MSS of packets\u003c/li\u003e\n\u003cli\u003eA huge array of driver updates and additions\u003c/li\u003e\n\u003cli\u003eThe NFS client now supports the Amazon® Elastic File System™ (EFS)\u003c/li\u003e\n\u003cli\u003eThe new ZFS Compressed ARC feature was added, and is enabled by default\u003c/li\u003e\n\u003cli\u003eThe EFI loader has been updated to support TFTPFS, providing netboot support without requiring an NFS server\u003c/li\u003e\n\u003cli\u003eFor a complete list of new features and known problems, please see the online release notes and errata list, available at:\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/11.1R/relnotes.html\" rel=\"nofollow\"\u003eFreeBSD 11.1-RELEASE Release Notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/11.1R/errata.html\" rel=\"nofollow\"\u003eFreeBSD 11.1-RELEASE Errata\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor more information about FreeBSD release engineering activities, please see: \u003ca href=\"https://www.freebsd.org/releng/\" rel=\"nofollow\"\u003eRelease Engineering Information\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAvailability\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 11.1-RELEASE is now available for the amd64, i386, powerpc, powerpc64, sparc64, armv6, and aarch64 architectures.\u003c/li\u003e\n\u003cli\u003eFreeBSD 11.1-RELEASE can be installed from bootable ISO images or over the network. Some architectures also support installing from a USB memory stick. The required files can be downloaded as described in the section below.\u003c/li\u003e\n\u003cli\u003eSHA512 and SHA256 hashes for the release ISO, memory stick, and SD card images are included at the bottom of this message.\u003c/li\u003e\n\u003cli\u003ePGP-signed checksums for the release images are also available at: \u003ca href=\"https://www.freebsd.org/releases/11.1R/signatures.html\" rel=\"nofollow\"\u003eFreeBSD 11.1 Release Checksum Signatures\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA PGP-signed version of this announcement is available at: \u003ca href=\"https://www.FreeBSD.org/releases/11.1R/announce.asc\" rel=\"nofollow\"\u003eFreeBSD 11.1-RELEASE Announcement\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/07/15/building-a-bsd-home-router-pt-8-zfs-and-jails/\" rel=\"nofollow\"\u003eBuilding a BSD home router  - ZFS and Jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePart of a series of posts about building a router:\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/05/30/building-a-bsd-home-router-pt-1-hardware-pc-engines-apu2/\" rel=\"nofollow\"\u003ePart 1\u003c/a\u003e -- discussing why you want to build your own router and how to assemble the APU2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/06/03/building-a-bsd-home-router-pt-2-the-serial-console-excursion\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e -- some Unix history explanation of what a serial console is\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/06/10/building-a-bsd-home-router-pt-3-serial-access-and-flashing-the-firmware/\" rel=\"nofollow\"\u003ePart 3\u003c/a\u003e -- demonstrating serial access to the APU and covering firmware update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/06/15/building-a-bsd-home-router-pt-4-installing-pfsense/\" rel=\"nofollow\"\u003ePart 4\u003c/a\u003e -- installing pfSense\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/06/20/building-a-bsd-home-router-pt-5-installing-opnsense/\" rel=\"nofollow\"\u003ePart 5\u003c/a\u003e -- installing OPNsense instead\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/06/30/building-a-bsd-home-router-pt-7-advanced-opnsense-setup/\" rel=\"nofollow\"\u003ePart 6\u003c/a\u003e -- Comparison of pfSense and OPNsense\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eerielinux.wordpress.com/2017/06/30/building-a-bsd-home-router-pt-7-advanced-opnsense-installation/\" rel=\"nofollow\"\u003ePart 7\u003c/a\u003e -- Advanced installation of OPNsense\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAfter the advanced installation in part 7, the tutorials covers converting an unused partition into swap space, and converting the system to ZFS\u003c/li\u003e\n\u003cli\u003eAfter creating a new pool using the set aside partition, some datasets are created, and the log files, ports, and obj ZFS datasets are mounted\u003c/li\u003e\n\u003cli\u003eThe tutorial then goes on to cover how to download the ports tree, and install additional software on the router\u003c/li\u003e\n\u003cli\u003eI wonder what part 9 will be about.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.htm\" rel=\"nofollow\"\u003eBe your own VPN provider with OpenBSD (v2)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis article covers how to build your own VPN server with some advanced features including:\n\n\u003cul\u003e\n\u003cli\u003eFull Disk Encryption (FDE)\u003c/li\u003e\n\u003cli\u003eSeparate CA/signing machine (optional)\u003c/li\u003e\n\u003cli\u003eMultiple DNSCrypt proxy instances for failover\u003c/li\u003e\n\u003cli\u003eOpenVPN: Certificate Revocation List/CRL (optional)\u003c/li\u003e\n\u003cli\u003eOpenVPN: TLS 1.2 only\u003c/li\u003e\n\u003cli\u003eOpenVPN: TLS cipher based on AES-256-GCM only\u003c/li\u003e\n\u003cli\u003eOpenVPN: HMAC-SHA512 instead of HMAC-SHA1\u003c/li\u003e\n\u003cli\u003eOpenVPN: TLS encryption of control channel (makes it harder to identify OpenVPN traffic)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe article starts with an explanation of the differences between OpenVPN and IPSEC.\u003c/li\u003e\n\u003cli\u003eIn the end the author chose OpenVPN because you can select the port it runs on, and it has a better chance of working from hotel or coffee shop WiFi.\u003c/li\u003e\n\u003cli\u003eThe guide them walks through doing an installation on an encrypted disk, with a caution about the limitations of encrypted disk with virtual machines hosted by other parties.\u003c/li\u003e\n\u003cli\u003eThe guide then locks down the newly installed system, configuring SSH for keys only, adding some PF rules, and configuring doas\u003c/li\u003e\n\u003cli\u003eThen networking is configured, including enabling IP forwarding since this machine is going to act as the VPN gateway\u003c/li\u003e\n\u003cli\u003eThen a large set of firewall rules are created that NAT the VPN traffic out of the gateway, except for DNS requests that are redirected to the gateways local unbound\u003c/li\u003e\n\u003cli\u003eThen some python scripts are provided to block brute force attempts\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe will use DNSCrypt to make our DNS requests encrypted, and Unbound to have a local DNS cache. This will allow us to avoid using our VPS provider DNS servers, and will also be useful to your future VPN clients which will be able to use your VPN server as their DNS server too\u003cbr\u003e\nBefore configuring Unbound, which is the local DNS cache which will make requests to dnscrypt_proxy, we can configure an additional dnscrypt instance, as explained in the pkg readme. Indeed, dnscrypt DNS servers being public ones, they often goes into maintenance, become offline or temporarily unreachable. To address this issue, it is possible to setup multiple dnscrypt instances. Below are the steps to follow to add one, but you can add more if you wish\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThen a CA and Certificate are created for OpenVPN\u003c/li\u003e\n\u003cli\u003eOpenVPN is installed and configured as a server\u003c/li\u003e\n\u003cli\u003eConfiguration is also provided for a client, and a mobile client\u003c/li\u003e\n\u003cli\u003eThanks to the author for this great tutorial\u003c/li\u003e\n\u003cli\u003eYou might also want to check out this section from their 2015 version of this post: \u003ca href=\"https://networkfilter.blogspot.nl/2015/01/be-your-own-vpn-provider-with-openbsd.html#security_anonymity\" rel=\"nofollow\"\u003eSecurity vs Anonymity\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/2017-essen-hackathon-trip-report-benedict-reuschling/\" rel=\"nofollow\"\u003eEssen Hackathon Trip - Benedict Reuschling\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver on the FreeBSD Foundation Blog, Benedict provides a detailed overview of the Essen Hackathon we were at a few weeks ago.\u003c/li\u003e\n\u003cli\u003eHead over there and give it a read, and get a feel for what these smaller type of community events are like. Hopefully you can attend, or better yet, organize, a similar event in your area.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://reykfloeter.com/posts/blog-about-my-blog\" rel=\"nofollow\"\u003eBlog about my self-hosted httpd blog\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI really like Twitter because it allows me to share short messages, we have a great community, and 140 characters are enough for everybody.\u003cbr\u003e\nAnd this statement was exactly 140 characters, but sometimes I want to say more than that. And that\u0026#39;s why I finally created this new blog. I was never really into blogging because I barely had time or the audience to write long articles. I sometimes wrote short stories for sites like undeadly.org, I collected some of them here, but my own blog was hosted on tumblr and never saw any activity.\u003cbr\u003e\nI want to try it again, and this time I decided to create a self-hosted blog. Something that runs on my own server and with httpd, the web server that I wrote for OpenBSD. So I was looking for potential blogging tools that I could use to run my own blog. Besides the popular and heavyweight ones such as WordPress, there are countless other options: I looked at blogs from fellow developers, such as Ted Unangst\u0026#39;s flak (I like the fact that it is written in Lua but the implementation is a bit over my head), or Pelican that is used by Peter Hessler for bad.network (but, sorry, I don\u0026#39;t like Python), and finally Kristaps Dzonsons\u0026#39; sblg that is used for all of his projects and blogs. I decided to use sblg.\u003cbr\u003e\nKristaps keeps on releasing very useful free software. Most well-known is mandoc, at least everyone is using it for manpages these days, but there is is also his BCHS (beaches) web stack which strongly advertises OpenBSD\u0026#39;s httpd. Great. I also use kcgi whenever I have to write small CGIs. So sblg seemed like the right choice to me.\u003cbr\u003e\nLet me quickly iterate over my current Makefile. I keep on tweaking this file, so it might have been changed by the time you are reading this article. Please note that the Makefile is written for OpenBSD\u0026#39;s make, a distant derivative of pmake which is not like GNU make.\u003cbr\u003e\nI\u0026#39;m not a designer or web developer, but I appreciate good looking web pages. I wanted to have something that is responsive, works on desktops and mobiles, looks somewhat modern, works without JavaScript, but doesn\u0026#39;t disqualify me for all the eye candy from a geek point of view.\u003cbr\u003e\nI bootstrapped the theme by creating a simple grid layout with a fairly typical blog style: banner, top menu, middle text, sidebar. In 2017, bootstrap is probably a vintage (or retro) framework but it makes it very easy to create responsive pages with a proper layout and without caring about all the CSS and HTML5 madness too much. I also use Font Awesome because it is awesome, provides some fancy icons, and was suggested in sblg\u0026#39;s example templates (let\u0026#39;s blame Kristaps for it). I do not include any JavaScript which prevents me from using bootstrap\u0026#39;s responsive hamburger menu.\u003cbr\u003e\nI have to admit that \u0026quot;reykfloeter\u0026quot; is not an ideal name for a blog. My actual name is \u0026quot;Reyk Flöter\u0026quot;, and I normally just use my first name \u0026quot;reyk\u0026quot; as a user- and nickname, but it was taken when I registered my Twitter account and the related domain. So I picked reykfloeter in a few places.\u003cbr\u003e\nI\u0026#39;m aware that my German last name is nearly unpronounceable for others, so \u0026quot;reykfloeter\u0026quot; appears like a random concatenation of letters. As most of us, I own a number of domains and maybe I should move the blog to bsd.plumbing (which is used as a home for relayd and httpd), arc4random.com (but I intended to use it as a fine OpenBSD-powered Entropy-as-a-Service for poor Linuxers), or even copper.coffee?\u003cbr\u003e\nIn addition to the domain, I also need a good blog name or tag line. A very memorable example in the BSD world is Peter Hansteen\u0026#39;s THAT GRUMPY BSD GUY blog. So what should I use?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eReyk Flöter\u0026#39;s blog\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD hacker. Coffee nerd. Founder.\u003c/li\u003e\n\u003cli\u003eAsk Reyk (imaginary how-tos and 10 step guides)\u003c/li\u003e\n\u003cli\u003e[Sewage, Drainage and BSD Plumbing](bsd.plumbing/blog)\u003c/li\u003e\n\u003cli\u003e[A Replacement Call for Random](arc4random.com)\u003c/li\u003e\n\u003cli\u003e[Coffee with Reyk](copper.coffee)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor now it will just be reykfloeter - blog\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/serverenvy-truenas-x10/\" rel=\"nofollow\"\u003eiXsystems releases the X10\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e TrueNAS X10 is the the 3rd generation of the TrueNAS unified storage line. The X10 is the first of a new TrueNAS series, and will be expandable to up to 360TB with the TrueNAS ES12 expansion shelf.\u003c/li\u003e\n\u003cli\u003eThe X10 is cost effective, at a 30% lower price point than the Z20, making it an effective addition to your backup/DR infrastructure. The street price of a 20TB non-HA model falls under $10K. It’s designed to move with six predefined configurations that match common use cases. The dual controllers for high availability are an optional upgrade to ensure business continuity and avoid downtime.\u003c/li\u003e\n\u003cli\u003eThe X10 boasts 36 hot swap SAS using two expansion shelves, for up to 360TB of storage, allowing you to backup thousands of VMs or share tens of thousands of files. One of the use cases for TrueNAS X10 is for backup, so users can upgrade the X10 to two ports of blazing 10GigE connectivity. The 20TB non-HA model enables you to backup over 7,000 VDI VMs for under $3.00 per VM. Overall, the X10 is a greener solution than the TrueNAS Z product line, with the non-HA version boasting only 138 watts of power and taking up only 2U of space.\u003c/li\u003e\n\u003cli\u003eBest of all, the TrueNAS X10 starts at $5,500 street. You can purchase a 120TB configuration today for under $20K street.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://research.swtch.com/glob\" rel=\"nofollow\"\u003eGlob Matching Can Be Simple And Fast Too\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere’s a straightforward benchmark. Time how long it takes to run ls (a*)nb in a directory with a single file named a100, compared to running ls | grep (a.*)nb. Superscripts denote string repetition and parentheses are for grouping only, so that when n is 3, we’re running ls a*a*a*b in a directory containing the single file aaa…aaa (100 a’s), compared against ls | grep a.*a.*a.*b in the same directory.\u003cbr\u003e\nThe exception seems to be the original Berkeley csh, which runs in linear time (more precisely, time linear in n). Looking at the source code, it doesn’t attempt to perform glob expansion itself. Instead it calls the C library implementation glob(3), which runs in linear time, at least on this Linux system. So maybe we should look at programming language implementations too.\u003cbr\u003e\nMost programming languages provide some kind of glob expansion, like C’s glob. Let’s repeat the experiment in a variety of different programming languages:\u003cbr\u003e\nPerhaps the most interesting fact evident in the graph is that GNU glibc, the C library used on Linux systems, has a linear-time glob implementation, but BSD libc, the C library used on BSD and macOS systems, has an exponential-time implementation.\u003cbr\u003e\nPHP is not shown in the graph, because its glob function simply invokes the host C library’s glob(3), so that it runs in linear time on Linux and in exponential time on non-Linux systems. (I have not tested what happens on Windows.) All the languages shown in the graph, however, implement glob matching without using the host C library, so the results should not vary by host operating system.\u003cbr\u003e\nThe netkit ftpd runs quickly on Linux because it relies on the host C library’s glob function. If run on BSD, the netkit ftpd would take exponential time. ProFTPD ships a copy of the glibc glob, so it should run quickly even on BSD systems. Ironically, Pure-FTPd and tnftpd take exponential time on Linux because they ship a copy of the BSD glob function. Presumably they do this to avoid assuming that the host C library is bug-free, but, at least in this one case, the host C library is better than the one they ship.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdditional Reading\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis post is an elaboration of an informal 2012 Google+ post showing that most shells used exponential-time glob expansion. At the time, Tom Duff, the author of Plan 9’s rc shell, commented that, “I can confirm that rc gets it wrong. My excuse, feeble as it is, is that doing it that way meant that the code took 10 minutes to write, but it took 20 years for someone to notice the problem. (That’s 10 ‘programmer minutes’, i.e. less than a day.)” I agree that’s a reasonable decision for a shell. In contrast, a language library routine, not to mention a network server, today needs to be robust against worst-case inputs that might be controlled by remote attackers, but nearly all of the code in question predates that kind of concern. I didn’t realize the connection to FTP servers until I started doing additional research for this post and came across a reference to CVE-2010-2632 in FreeBSD’s glob implementation.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://torbsd.github.io/blog.html#bsd-vps\" rel=\"nofollow\"\u003eBSD VPS Providers Needed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of TDP’s recent projects is accumulating a list of virtual private server services (VPS) that provide a BSD option.\u003cbr\u003e\nVPS’s are generally inexpensive services that enable the user to only concern themselves with software configuration, and not be bothered with hardware or basic operating system setup. In the pre-Cloud era, VPS providers were the “other people’s computers” that users outsourced their systems to.\u003cbr\u003e\nThe same shortcomings of cloud services apply to VPS providers. You don’t control the hardware. Your files are likely viewable by users up the directory hierarchy. The entropy source or pool is a single source for multiple systems. The same time drift applies to all time-keeping services.\u003cbr\u003e\nNevertheless, VPS services are often cheap and provide a good spread in terms of geography. All a provider really needs is a few server-grade computers and a decent network connection. VPS’s are still a gateway drug to bare-metal servers, although it seems more and more of these gateway users stop at stage one.\u003cbr\u003e\nCheap systems with a public IP are also a great way to tinker with a new operating system.\u003cbr\u003e\nFor this reason, TDP created this list of BSD VPS providers. Some explicitly deny running Tor as a server. Some just reference vague “proxy services.” Others don’t mention Tor or proxies at all.\u003cbr\u003e\nThe list is a start with currently just under 70 VPS providers listed. Input through various channels already started, and TDP intends to update the list over the coming months. A first draft email and open letter addressed to the providers were drafted, and we are looking to speak directly to at least some of the better-known BSD VPS providers.\u003cbr\u003e\nWe may be able to convince a few to allow public Tor relays, or at least published bridges. These providers could be new BSD users’ gateway drug into the world of BSD Tor nodes. Running a Tor relay shouldn’t be considered a particularly risky activity. Maybe we can adjust that perception.\u003cbr\u003e\nLet us know any input via email or GitHub, and we’ll be glad to make updates.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://blog.cagedmonster.net/avoid-os-detection-openbsd/\" rel=\"nofollow\"\u003eAvoid OS Detection with OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/update-fix-updating/\" rel=\"nofollow\"\u003eTrueOS update to fix updating\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=I08__ZWaJ0w\" rel=\"nofollow\"\u003eMidnightBSD 0.8.5 VirtualBox Install\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://calagator.org/events/tag/BSD\" rel=\"nofollow\"\u003eBSD Pizza Night in Portland\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eAndrew - \u003ca href=\"http://dpaste.com/08E90PX\" rel=\"nofollow\"\u003eBSDCan videos?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMarc - \u003ca href=\"http://dpaste.com/08KE40G\" rel=\"nofollow\"\u003eThe Rock64 Board\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJason - \u003ca href=\"http://dpaste.com/2EP7BFC\" rel=\"nofollow\"\u003eFollow up on UEFI and Bhyve\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatrick - \u003ca href=\"http://dpaste.com/34Z9SFM\" rel=\"nofollow\"\u003eEFI booting\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 11.1-RELEASE is out, we look at building at BSD home router, how to be your own OpenBSD VPN provider, and find that glob matching can be simple and fast.","date_published":"2017-08-02T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6923958e-7e04-4d74-9642-e10ec45fa15c.mp3","mime_type":"audio/mpeg","size_in_bytes":53017780,"duration_in_seconds":4418}]},{"id":"4e71ddba-a23a-4036-a89e-ce7d0efe1940","title":"204: WWF - Wayland, Weston, and FreeBSD","url":"https://www.bsdnow.tv/204","content_text":"In this episode, we clear up the myth about scrub of death, look at Wayland and Weston on FreeBSD, Intel QuickAssist is here, and we check out OpenSMTP on OpenBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMatt Ahrens answers questions about the “Scrub of Death”\n\n\nIn working on the breakdown of that ZFS article last week, Matt Ahrens contacted me and provided some answers he has given to questions in the past, allowing me to answer them using HIS exact words.\n“ZFS has an operation, called SCRUB, that is used to check all data in the pool and recover any data that is incorrect. However, if a bug which make errors on the pool persist (for example, a system with bad non-ecc RAM) then SCRUB can cause damage to a pool instead of recover it. I heard it called the “SCRUB of death” somewhere. Therefore, as far as I understand, using SCRUB without ECC memory is dangerous.”\n\u0026gt; I don't believe that is accurate.  What is the proposed mechanism by which scrub can corrupt a lot of data, with non-ECC memory?\n\u0026gt; ZFS repairs bad data by writing known good data to the bad location on disk.  The checksum of the data has to verify correctly for it to be considered \"good\".  An undetected memory error could change the in-memory checksum or data, causing ZFS to incorrectly think that the data on disk doesn’t match the checksum.  In that case, ZFS would attempt to repair the data by first re-reading the same offset on disk, and then reading from any other available copies of the data (e.g. mirrors, ditto blocks, or RAIDZ reconstruction).  If any of these attempts results in data that matches the checksum, then the data will be written on top of the (supposed) bad data.  If the data was actually good, then overwriting it with the same good data doesn’t hurt anything.\n\u0026gt; Let's look at what will happen with 3 types of errors with non-ECC memory:\n\u0026gt; 1. Rare, random errors (e.g. particle strikes - say, less than one error per GB per second). If ZFS finds data that matches the checksum, then we know that we have the correct data (at least at that point in time, with probability 1-1/2256).  If there are a lot of memory errors happening at a high rate, or if the in-memory checksum was corrupt, then ZFS won’t be able to find a good copy of the data , so it won’t do a repair write.  It’s possible that the correctly-checksummed data is later corrupted in memory, before the repair write.  However, the window of vulnerability is very very small - on the order of milliseconds between when the checksum is verified, and when the write to disk completes.  It is implausible that this tiny window of memory vulnerability would be hit repeatedly.\n\u0026gt; 2. Memory that pretty much never does the right thing. (e.g. huge rate of particle strikes, all memory always reads 0, etc). In this case, critical parts of kernel memory (e.g. instructions) will be immediately corrupted, causing the system to panic and not be able to boot again.\n\u0026gt; 3. One or a few memory locations have \"stuck bits\", which always read 0 (or always read 1). This is the scenario discussed in the message which (I believe) originally started the \"Scrub of Death\" myth: https://forums.freenas.org/index.php?threads/ecc-vs-non-ecc-ram-and-zfs.15449/  This assumes that we read in some data from disk to a memory location with a stuck bit, \"correct\" that same bad memory location by overwriting the memory with the correct data, and then we write the bad memory location to disk.  However, ZFS doesn't do that.  (It seems the author thinks that ZFS uses parity, which it only does when using RAID-Z.  Even with RAID-Z, we also verify the checksum, and we don't overwrite the bad memory location.)\n\u0026gt; Here's what ZFS will actually do in this scenario: If ZFS reads data from disk into a memory location with a stuck bit, it will detect a checksum mismatch and try to find a good copy of the data to repair the \"bad\" disk. ZFS will allocate a new, different memory location to read a 2nd copy of the data, e.g. from the other side of a mirror (this happens near the end of dsl_scan_scrub_cb()).  If the new memory location also has a stuck bit, then its checksum will also fail, so we won't use it to repair the \"bad\" disk.  If the checksum of the 2nd copy of the data is correct, then we will write it to the \"bad\" disk.  This write is unnecessary, because the \"bad\" disk is not really bad, but it is overwriting the good data with the same good data.\n\u0026gt; I believe that this misunderstanding stems from the idea that ZFS fixes bad data by overwriting it in place with good data.  In reality, ZFS overwrites the location on disk, using a different memory location for each read from disk.  The \"Scrub of Death\" myth assumes that ZFS overwrites the location in memory, which it doesn't do.\n\u0026gt; In summary, there's no plausible scenario where ZFS would amplify a small number of memory errors, causing a \"scrub of death\".  Additionally, compared to other filesystems, ZFS checksums provide some additional protection against bad memory.\n “Is it true that ZFS verifies the checksum of every block on every read from disk?”\n\u0026gt; Yes\n“And if that block is incorrect, that ZFS will repair it?”\n\u0026gt; Yes\n“If yes, is it possible set options or flag for change that behavior? For example, I would like for ZFS to verify checksums during any read, but not change anything and only report about issues if it appears. Is it possible?”\n\u0026gt; There isn't any built-in flag for doing that.  It wouldn't be hard to add one though.\nIf you just wanted to verify data, without attempting to correct it, you could read or scan the data with the pool was imported read-only\n“If using a mirror, when a file is read, is it fully read and verified from both sides of the mirror?”\n\u0026gt; No, for performance purposes, each block is read from only one side of the mirror (assuming there is no checksum error).\n“What is the difference between a scrub and copying every file to /dev/null?”\n\u0026gt; That won't check all copies of the file (e.g. it won't check both sides of the mirror).\n***\n\n\nWayland, and Weston, and FreeBSD - Oh My!\n\n\nKDE’s CI system for FreeBSD (that is, what upstream runs to continuously test KDE git code on the FreeBSD platform) is missing some bits and failing some tests because of Wayland. Or rather, because FreeBSD now has Wayland, but not Qt5-Wayland, and no Weston either (the reference implementation of a Wayland compositor).\nToday I went hunting for the bits and pieces needed to make that happen. Fortunately, all the heavy lifting has already been done: there is a Weston port prepared and there was a Qt5-Wayland port well-hidden in the Area51 plasma5/ branch.\nI have taken the liberty of pulling them into the Area51 repository as branch qtwayland. That way we can nudge Weston forward, and/or push Qt5-Wayland in separately. Nicest from a testing perspective is probably doing both at the same time.\nI picked a random “Hello World” Wayland tutorial and also built a minimal Qt program (using QMessageBox::question, my favorite function to hate right now, because of its i18n characteristics). Then, setting XDG_RUNTIME_DIR to /tmp/xdg, I could start Weston (as an X11 client), wayland-hello (as a Wayland client, displaying in Weston) and qt-hello (as either an X11 client, or as a Wayland client).\nSo this gives users of Area51 (while shuffling branches, granted) a modern desktop and modern display capabilities. Oh my!\nIt will take a few days for this to trickle up and/or down so that the CI can benefit and we can make sure that KWin’s tests all work on FreeBSD, but it’s another good step towards tight CI and another small step towards KDE Plasma 5 on the desktop on FreeBSD.\n\n\n\n\npkgsrcCon 2017 report\n\n\nThis years pkgsrcCon returned to London once again. It was last held in London back in 2014. The 2014 con was the first pkgsrcCon I attended, I had been working on Darwin/PowerPC fixes for some months and presented on the progress I'd made with a 12\" G4 PowerBook. I took away a G4 Mac Mini that day to help spare the PowerBook for use and dedicate a machine for build and testing. The offer of PowerPC hardware donations was repeated at this years con, thanks to jperkin@ who showed up with a backpack full of Mac Minis (more on that later).\nSince 2014 we have held cons in Berlin (2015) \u0026amp; Krakow (2016). In Krakow we had talks about a wide range of projects over 2 days, from Haiku Ports to Common Lisp to midipix (building native PE binaries for Windows) and back to the BSDs. I was very pleased to continue the theme of a diverse program this year.\nAside from pkgsrc and NetBSD, we had talks about FreeBSD, OpenBSD, Slackware Linux, and Plan 9. Things began with a pub gathering on the Friday for the pre-con social, we hung out and chatted till almost midnight on a wide range of topics, such as supporting a system using NFS on MS-DOS, the origins of pdksh, corporate IT, culture and many other topics.\nOn parting I was asked about the starting time on Saturday as there was some conflicting information. I learnt that the registration email had stated a later start than I had scheduled for \u0026amp; advertised on the website, by 30 minutes. Lesson learnt: register for your own event! Not a problem, I still needed to setup a webpage for the live video stream, I could do both when I got back. With some trimming here and there I had a new schedule, I posted that to the pkgsrcCon website and moved to trying to setup a basic web page which contained a snippet of javascript to play a live video stream from Scale Engine.  2+ hours later, it was pointed out that the XSS protection headers on pkgsrc.org breaks the functionality. Thanks to jmcneill@ for debugging and providing a working page.\nSaturday started off with Giovanni Bechis speaking about pledge in OpenBSD and adding support to various packages in their ports tree, alnsn@ then spoke about installing packages from a repo hosted on the Tor network.\nAfter a quick coffee break we were back to hear Charles Forsyth speak about how Plan 9 and Inferno dealt with portability, building software and the problem which are avoided by the environment there. This was followed by a very energetic rant by David Spencer from the Slackbuilds project on packaging 3rd party software. Slackbuilds is a packaging system for Slackware Linux, which was inspired by FreeBSD ports.\nFor the first slot after lunch, agc@ gave a talk on the early history of pkgsrc followed by Thomas Merkel on using vagrant to test pkgsrc changes with ease, locally, using vagrant. khorben@ covered his work on adding security to pkgsrc and bsiegert@ covered the benefits of performing our bulk builds in the cloud and the challenges we currently face.\nMy talk was about some topics and ideas which had inspired me or caught my attention, and how it could maybe apply to my work.The title of the talk was taken from the name of Andrew Weatherall's Saint Etienne remix, possibly referring to two different styles of track (dub \u0026amp; vocal) merged into one or something else. I meant it in terms of applicability of thoughts and ideas. After me, agc@ gave a second talk on the evolution of the Netflix Open Connect appliance which runs FreeBSD and Vsevolod Stakhov wrapped up the day with a talk about the technical implementation details of the successor to pkg_tools in FreeBSD, called pkg, and how it could be of benefit for pkgsrc.\nFor day 2 we gathered for a hack day at the London Hack Space.\nI had burn't some some CD of the most recent macppc builds of NetBSD 8.0_BETA and -current to install and upgrade Mac Minis. I setup the donated G4 minis for everyone in a dual-boot configuration and moved on to taking apart my MacBook Air to inspect the wifi adapter as I wanted to replace it with something which works on FreeBSD. It was not clear from the ifixit teardown photos of cards size, it seemed like a normal mini-PCIe card but it turned out to be far smaller. Thomas had also had the same card in his and we are not alone. Thomas has started putting together a driver for the Broadcom card, the project is still in its early days and lacks support for encrypted networks but hopefully it will appear on review.freebsd.org in the future.\nweidi@ worked on fixing SunOS bugs in various packages and later in the night we setup a NetBSD/macppc bulk build environment together on his Mac Mini.\nThomas setup an OpenGrock instance to index the source code of all the software available for packaging in pkgsrc. This helps make the evaluation of changes easier and the scope of impact a little quicker without having to run through a potentially lengthy bulk build with a change in mind to realise the impact. bsiegert@ cleared his ticket and email backlog for pkgsrc and alnsn@ got NetBSD/evbmips64-eb booting on his EdgeRouter Lite.\nOn Monday we reconvened at the Hack Space again and worked some more. I started putting together the talks page with the details from Saturday and the the slides which I had received, in preparation for the videos which would come later in the week. By 3pm pkgsrcCon was over. I was pretty exhausted but really pleased to have had a few days of techie fun.\nMany thanks to The NetBSD Foundation for purchasing a camera to use for streaming the event and a speedy response all round by the board. The Open Source Specialist Group at BCS, The Chartered Institute for IT and the London Hack Space for hosting us. Scale Engine for providing streaming facility. weidi@ for hosting the recorded videos. Allan Jude for pointers, Jared McNeill for debugging, NYCBUG and Patrick McEvoy for tips on streaming, the attendees and speakers. This year we had speakers from USA, Italy, Germany and London E2. Looking forward to pkgsrcCon 2018!\nThe videos and slides are available here and the Internet Archive.\n\n\n\n\nNews Roundup\n\nQuickAssist Driver for FreeBSD is here and pfSense Support Coming\n\n\nThis week we have something that STH readers will be excited about. Before I started writing for STH, I was a reader and had been longing for QuickAssist support ever since STH’s first Rangeley article over three and a half years ago. It was clear from the get-go that Rangeley was going to be the preeminent firewall appliance platform of its day. The scope of products that were impacted by the Intel Atom C2000 series bug showed us it was indeed. For my personal firewalls, I use pfSense on that Rangeley platform so I have been waiting to use QuickAssist with my hardware for almost an entire product generation.\n\n\nNew Hardware and QuickAssist Incoming to pfSense (Finally)\npfSense (and a few other firewalls) are based on FreeBSD. FreeBSD tends to lag driver support behind mainstream Linux but it is popular for embedded security appliances. While STH is the only site to have done QuickAssist benchmarks for OpenSSL and IPSec VPNs pre-Skylake, we expect more platforms to use it now that the new Intel Xeon Scalable Processor Family is out. With the Xeon Scalable platforms, the “Lewisburg” PCH has QuickAssist options of up to 100Gbps, or 2.5x faster than the previous generation add-in cards we tested (40Gbps.) We now have more and better hardware for QAT, but we were still devoid of a viable FreeBSD QAT driver from Intel. That has changed.\nOur Intel Xeon Scalable Processor Family (Skylake-SP) Launch Coverage Central has been the focus of the STH team’s attention this week. There was another important update from Intel that got buried, a publicly available Intel QuickAssist driver for FreeBSD. You can find the driver on 01.org here dated July 12, 2017.\nDrivers are great, but we still need support to be enabled in the OS and at the application layer. Patrick forwarded me this tweet from Jim Thompson (lead at Netgate the company behind pfSense):\nThe Netgate team has been a key company pushing QuickAssist appliances in the market, usually based on Linux. To see that QAT is coming to FreeBSD and that they were working to integrate into “pfSense soon” is more than welcome.\nFor STH readers, get ready. It appears to be actually and finally happening. QuickAssist on FreeBSD and pfSense\n***\n\n\n\nOpenBSD on the Huawei MateBook X\n\n\nThe Huawei MateBook X is a high-quality 13\" ultra-thin laptop with a fanless Core i5 processor. It is obviously biting the design of the Apple 12\" MacBook, but it does have some notable improvements such as a slightly larger screen, a more usable keyboard with adequate key travel, and 2 USB-C ports.\nIt also uses more standard PC components than the MacBook, such as a PS/2-connected keyboard, removable m.2 WiFi card, etc., so its OpenBSD compatibility is quite good.\nIn contrast to the Xiaomi Mi Air, the MateBook is actually sold (2) in the US and comes with a full warranty and much higher build quality (though at twice the price). It is offered in the US in a \"space gray\" color for the Core i5 model and a gold color for the Core i7.\nThe fanless Core i5 processor feels snappy and doesn't get warm during normal usage on OpenBSD. Doing a make -j4 build at full CPU speed does cause the laptop to get warm, though the palmrest maintains a usable temperature.\nThe chassis is all aluminum and has excellent rigidity in the keyboard area. The 13.0\" 2160x1440 glossy IPS \"Gorilla glass\" screen has a very small bezel and its hinge is properly weighted to allow opening the lid with one hand. There is no wobble in the screen when open, even when jostling the desk that the laptop sits on. It has a reported brightness of 350 nits.\nI did not experience any of the UEFI boot variable problems that I did with the Xiaomi, and the MateBook booted quickly into OpenBSD after re-initializing the GPT table during installation.\n\n\n\n\nOpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot\n\n\nDuring the 2013 AsiaBSDCon, the team of OpenBSD presented its mail solution named OpenSMTPD. \nDeveloped by the OpenBSD team, we find the so much appreciated philosophy of its developers : security, simplicity / clarity and advanced features.\nBasic configuration : OpenSMTPD is installed by default, we can immediately start with a simple configuration.\n\u0026gt; We listen on our interfaces, we specify the path of our aliases file so we can manage redirections. \n\u0026gt; Mails will be delivered for the domain cagedmonster.net to mbox (the local users mailbox), same for the aliases. \n\u0026gt; Finally, we accept to relay local mails exclusively.\n\u0026gt; We can now enable smtpd at system startup and start the daemon.\nAdvanced configuration including TLS :\n\n\nYou can use SSL with : A self-signed certificate (which will not be trusted) or a certificate generated by a trusted authority. LetsEncrypt uses Certbot to generated your certificate. You can check this page for further informations. Let's focus on the first.\nGeneration of the certificate :\nWe fix the permissions :\nWe edit the config file :\n\u0026gt; We have a mail server with SSL, it's time to configure our IMAP server, Dovecot, and manage the creation of virtual users.\n\nDovecot setup, and creation of Virtual Users : We will use the package system of OpenBSD, so please check the configuration of your /etc/pkg.conf file.\n\n\nEnable the service at system startup :\nSetup the Virtual Users structure :\nAdding the passwd table for smtpd :\nModification of the OpenSMTPD configuration :\nWe declare the files used for our Virtual Accounts, we include SSL, and we configure mails delivery via the Dovecot lmtp socket.\nWe'll create our user lina@cagedmonster.net and set its password.\nConfigure SSL\nConfigure dovecot.conf\nConfigure mail.con\nConfigure login.conf : Make sure that the value of openfiles-cur in /etc/login.conf is equal or superior of 1000 !\nStarting Dovecot\n***\n\n\n\nOpenSMTPD and Dovecot under OpenBSD with MySQL support and SPAMD\n\n\nThis article is the continuation of my previous tutorial OpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot. We'll use the same configuration and add some features so we can :\nUse our domains, aliases, virtual users with a MySQL database (MariaDB under OpenBSD).\nDeploy SPAMD with OpenSMTPD for a strong antispam solution.\n\n\nSetup of the MySQL support for OpenSMTPD \u0026amp; Dovecot\nWe create our SQL database named « smtpd » \nWe create our SQL user « opensmtpd » we give him the privileges on our SQL database and we set its password \nWe create the structure of our SQL database\nWe generate our password with Blowfish (remember it's OpenBSD !) for our users\nWe create our tables and we include our datas\nWe push everything to our database\nTime to configure OpenSMTPD\nWe create our mysql.conf file and configure it \nConfiguration of Dovecot.conf\nConfiguration of auth-sql.conf.ext\nConfiguration of dovecot-sql.conf.ext\nRestart our services\nOpenSMTPD \u0026amp; SPAMD :\nSPAMD is a service simulating a fake SMTP server and relying on strict compliance with RFC to determine whether the server delivering a mail is a spammer or not. \nConfiguration of SPAMD :\nEnable SPAMD \u0026amp; SPAMLOGD at system startup :\nConfiguration of SPAMD flags \nConfiguration of PacketFilter\nConfiguration of SPAMD \nStart SPAMD \u0026amp; SPAMLOGD \n***\n###Running a TOR relay on FreeBSD\nThere are 2 main steps to getting a TOR relay working on FreeBSD:\n\n\nInstalling and configuring Tor\nUsing an edge router to do port translation\nIn my case I wanted TOR to run it’s services on ports 80 and 443 but any port under 1024 requires root access in UNIX systems.\n+So I used port mapping on my router to map the ports.\n+Begin by installing TOR and ARM from:\n\n/usr/ports/security/tor/\n/usr/ports/security/arm/\n\n\nArm is the Anonymizing Relay Monitor: https://www.torproject.org/projects/arm.html.en\nIt provides useful monitoring graph and can be used to configure the torrc file.\nNext step edit the torrc file (see Blog article for the edit)\nIt is handy to add the following lines to /etc/services so you can more easily modify your pf configuration.\n\ntorproxy 9050/tcp #torsocks\ntorOR 9090/tcp #torOR\ntorDIR 9099/tcp #torDIR\n\nTo allow TOR services my pf.conf has the following lines:\n\n# interfaces\nlan_if=”re0″\nwifi_if=”wlan0″\ninterfaces=”{wlan0,re0}”\ntcp_services = “{   ssh torproxy torOR torDIR  }”\n# options\nset block-policy drop\nset loginterface $lan_if\n# pass on lo\nset skip on lo\nscrub in on $lan_if all fragment reassemble\n# NAT\nnat on $lan_if from $wifi_if:network to !($lan_if) -\u0026gt; ($lan_if)\nblock all\nantispoof for $interfaces\n#In NAT\npass in log on $wifi_if inet\npass out all keep state\n#ICMP\npass out log inet proto icmp from any to any keep state\npass in log quick inet proto icmp from any to any keep state\n#SSH\npass in inet proto tcp to $lan_if port ssh\npass in inet proto tcp to $wifi_if port ssh\n#TCP Services on Server\npass in inet proto tcp to $interfaces port $tcp_services keep state\n\nThe finally part is mapping the ports as follows:\n\nTOR directory port: LANIP:9099 —\u0026gt; WANIP:80\nTOR router port: LANIP:9090 —-\u0026gt; WANIP:443\n\nNow enable TOR:\n$ sudo echo “tor_enable=YES” \u0026gt;\u0026gt; /etc/rc.conf\nStart TOR:\n$ sudo service tor start\n***\n\n\n\nBeastie Bits\n\nOpenBSD as a “Desktop” (Laptop)\nSascha Wildner has updated ACPICA in DragonFly to Intel’s version 20170629\nDport, Rust, and updates for DragonFlyBSD\nOPNsense 17.7 RC1 released\nUnix’s mysterious \u0026amp;\u0026amp; and ||\nThe Commute Deck : A Homebrew Unix terminal for tight places\nFreeBSD 11.1-RC3 now available\nInstalling DragonFlyBSD with ORCA when you’re totally blind\nWho says FreeBSD can’t look good\nPratik Vyas adds the ability to do paused VM migrations for VMM\n\n\n\nFeedback/Questions\n\nHrvoje - OpenBSD MP Networking\nGoran - debuggers\nAbhinav - man-k\nLiam - university setup\n\n","content_html":"\u003cp\u003eIn this episode, we clear up the myth about scrub of death, look at Wayland and Weston on FreeBSD, Intel QuickAssist is here, and we check out OpenSMTP on OpenBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eMatt Ahrens answers questions about the “Scrub of Death”\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn working on the breakdown of that ZFS article last week, Matt Ahrens contacted me and provided some answers he has given to questions in the past, allowing me to answer them using HIS exact words.\u003c/li\u003e\n\u003cli\u003e“ZFS has an operation, called SCRUB, that is used to check all data in the pool and recover any data that is incorrect. However, if a bug which make errors on the pool persist (for example, a system with bad non-ecc RAM) then SCRUB can cause damage to a pool instead of recover it. I heard it called the “SCRUB of death” somewhere. Therefore, as far as I understand, using SCRUB without ECC memory is dangerous.”\n\u0026gt; I don\u0026#39;t believe that is accurate.  What is the proposed mechanism by which scrub can corrupt a lot of data, with non-ECC memory?\n\u0026gt; ZFS repairs bad data by writing known good data to the bad location on disk.  The checksum of the data has to verify correctly for it to be considered \u0026quot;good\u0026quot;.  An undetected memory error could change the in-memory checksum or data, causing ZFS to incorrectly think that the data on disk doesn’t match the checksum.  In that case, ZFS would attempt to repair the data by first re-reading the same offset on disk, and then reading from any other available copies of the data (e.g. mirrors, ditto blocks, or RAIDZ reconstruction).  If any of these attempts results in data that matches the checksum, then the data will be written on top of the (supposed) bad data.  If the data was actually good, then overwriting it with the same good data doesn’t hurt anything.\n\u0026gt; Let\u0026#39;s look at what will happen with 3 types of errors with non-ECC memory:\n\u0026gt; 1. Rare, random errors (e.g. particle strikes - say, less than one error per GB per second). If ZFS finds data that matches the checksum, then we know that we have the correct data (at least at that point in time, with probability 1-1/2\u003csup\u003e256).\u003c/sup\u003e  If there are a lot of memory errors happening at a high rate, or if the in-memory checksum was corrupt, then ZFS won’t be able to find a good copy of the data , so it won’t do a repair write.  It’s possible that the correctly-checksummed data is later corrupted in memory, before the repair write.  However, the window of vulnerability is very very small - on the order of milliseconds between when the checksum is verified, and when the write to disk completes.  It is implausible that this tiny window of memory vulnerability would be hit repeatedly.\n\u0026gt; 2. Memory that pretty much never does the right thing. (e.g. huge rate of particle strikes, all memory always reads 0, etc). In this case, critical parts of kernel memory (e.g. instructions) will be immediately corrupted, causing the system to panic and not be able to boot again.\n\u0026gt; 3. One or a few memory locations have \u0026quot;stuck bits\u0026quot;, which always read 0 (or always read 1). This is the scenario discussed in the message which (I believe) originally started the \u0026quot;Scrub of Death\u0026quot; myth: \u003ca href=\"https://forums.freenas.org/index.php?threads/ecc-vs-non-ecc-ram-and-zfs.15449/\" rel=\"nofollow\"\u003ehttps://forums.freenas.org/index.php?threads/ecc-vs-non-ecc-ram-and-zfs.15449/\u003c/a\u003e  This assumes that we read in some data from disk to a memory location with a stuck bit, \u0026quot;correct\u0026quot; that same bad memory location by overwriting the memory with the correct data, and then we write the bad memory location to disk.  However, ZFS doesn\u0026#39;t do that.  (It seems the author thinks that ZFS uses parity, which it only does when using RAID-Z.  Even with RAID-Z, we also verify the checksum, and we don\u0026#39;t overwrite the bad memory location.)\n\u0026gt; Here\u0026#39;s what ZFS will actually do in this scenario: If ZFS reads data from disk into a memory location with a stuck bit, it will detect a checksum mismatch and try to find a good copy of the data to repair the \u0026quot;bad\u0026quot; disk. ZFS will allocate a new, different memory location to read a 2nd copy of the data, e.g. from the other side of a mirror (this happens near the end of dsl_scan_scrub_cb()).  If the new memory location also has a stuck bit, then its checksum will also fail, so we won\u0026#39;t use it to repair the \u0026quot;bad\u0026quot; disk.  If the checksum of the 2nd copy of the data is correct, then we will write it to the \u0026quot;bad\u0026quot; disk.  This write is unnecessary, because the \u0026quot;bad\u0026quot; disk is not really bad, but it is overwriting the good data with the same good data.\n\u0026gt; I believe that this misunderstanding stems from the idea that ZFS fixes bad data by overwriting it in place with good data.  In reality, ZFS overwrites the location on disk, using a different memory location for each read from disk.  The \u0026quot;Scrub of Death\u0026quot; myth assumes that ZFS overwrites the location \u003cem\u003ein memory\u003c/em\u003e, which it doesn\u0026#39;t do.\n\u0026gt; In summary, there\u0026#39;s no plausible scenario where ZFS would amplify a small number of memory errors, causing a \u0026quot;scrub of death\u0026quot;.  Additionally, compared to other filesystems, ZFS checksums provide some additional protection against bad memory.\u003c/li\u003e\n\u003cli\u003e “Is it true that ZFS verifies the checksum of every block on every read from disk?”\n\u0026gt; Yes\u003c/li\u003e\n\u003cli\u003e“And if that block is incorrect, that ZFS will repair it?”\n\u0026gt; Yes\u003c/li\u003e\n\u003cli\u003e“If yes, is it possible set options or flag for change that behavior? For example, I would like for ZFS to verify checksums during any read, but not change anything and only report about issues if it appears. Is it possible?”\n\u0026gt; There isn\u0026#39;t any built-in flag for doing that.  It wouldn\u0026#39;t be hard to add one though.\u003c/li\u003e\n\u003cli\u003eIf you just wanted to verify data, without attempting to correct it, you could read or scan the data with the pool was imported read-only\u003c/li\u003e\n\u003cli\u003e“If using a mirror, when a file is read, is it fully read and verified from both sides of the mirror?”\n\u0026gt; No, for performance purposes, each block is read from only one side of the mirror (assuming there is no checksum error).\u003c/li\u003e\n\u003cli\u003e“What is the difference between a scrub and copying every file to /dev/null?”\n\u0026gt; That won\u0026#39;t check all copies of the file (e.g. it won\u0026#39;t check both sides of the mirror).\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=1617\" rel=\"nofollow\"\u003eWayland, and Weston, and FreeBSD - Oh My!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKDE’s CI system for FreeBSD (that is, what upstream runs to continuously test KDE git code on the FreeBSD platform) is missing some bits and failing some tests because of Wayland. Or rather, because FreeBSD now has Wayland, but not Qt5-Wayland, and no Weston either (the reference implementation of a Wayland compositor).\u003cbr\u003e\nToday I went hunting for the bits and pieces needed to make that happen. Fortunately, all the heavy lifting has already been done: there is a Weston port prepared and there was a Qt5-Wayland port well-hidden in the Area51 plasma5/ branch.\u003cbr\u003e\nI have taken the liberty of pulling them into the Area51 repository as branch qtwayland. That way we can nudge Weston forward, and/or push Qt5-Wayland in separately. Nicest from a testing perspective is probably doing both at the same time.\u003cbr\u003e\nI picked a random “Hello World” Wayland tutorial and also built a minimal Qt program (using QMessageBox::question, my favorite function to hate right now, because of its i18n characteristics). Then, setting XDG_RUNTIME_DIR to /tmp/xdg, I could start Weston (as an X11 client), wayland-hello (as a Wayland client, displaying in Weston) and qt-hello (as either an X11 client, or as a Wayland client).\u003cbr\u003e\nSo this gives users of Area51 (while shuffling branches, granted) a modern desktop and modern display capabilities. Oh my!\u003cbr\u003e\nIt will take a few days for this to trickle up and/or down so that the CI can benefit and we can make sure that KWin’s tests all work on FreeBSD, but it’s another good step towards tight CI and another small step towards KDE Plasma 5 on the desktop on FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/pkgsrccon_2017_report\" rel=\"nofollow\"\u003epkgsrcCon 2017 report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis years pkgsrcCon returned to London once again. It was last held in London back in 2014. The 2014 con was the first pkgsrcCon I attended, I had been working on Darwin/PowerPC fixes for some months and presented on the progress I\u0026#39;d made with a 12\u0026quot; G4 PowerBook. I took away a G4 Mac Mini that day to help spare the PowerBook for use and dedicate a machine for build and testing. The offer of PowerPC hardware donations was repeated at this years con, thanks to jperkin@ who showed up with a backpack full of Mac Minis (more on that later).\u003cbr\u003e\nSince 2014 we have held cons in Berlin (2015) \u0026amp; Krakow (2016). In Krakow we had talks about a wide range of projects over 2 days, from Haiku Ports to Common Lisp to midipix (building native PE binaries for Windows) and back to the BSDs. I was very pleased to continue the theme of a diverse program this year.\u003cbr\u003e\nAside from pkgsrc and NetBSD, we had talks about FreeBSD, OpenBSD, Slackware Linux, and Plan 9. Things began with a pub gathering on the Friday for the pre-con social, we hung out and chatted till almost midnight on a wide range of topics, such as supporting a system using NFS on MS-DOS, the origins of pdksh, corporate IT, culture and many other topics.\u003cbr\u003e\nOn parting I was asked about the starting time on Saturday as there was some conflicting information. I learnt that the registration email had stated a later start than I had scheduled for \u0026amp; advertised on the website, by 30 minutes. Lesson learnt: register for your own event! Not a problem, I still needed to setup a webpage for the live video stream, I could do both when I got back. With some trimming here and there I had a new schedule, I posted that to the pkgsrcCon website and moved to trying to setup a basic web page which contained a snippet of javascript to play a live video stream from Scale Engine.  2+ hours later, it was pointed out that the XSS protection headers on pkgsrc.org breaks the functionality. Thanks to jmcneill@ for debugging and providing a working page.\u003cbr\u003e\nSaturday started off with Giovanni Bechis speaking about pledge in OpenBSD and adding support to various packages in their ports tree, alnsn@ then spoke about installing packages from a repo hosted on the Tor network.\u003cbr\u003e\nAfter a quick coffee break we were back to hear Charles Forsyth speak about how Plan 9 and Inferno dealt with portability, building software and the problem which are avoided by the environment there. This was followed by a very energetic rant by David Spencer from the Slackbuilds project on packaging 3rd party software. Slackbuilds is a packaging system for Slackware Linux, which was inspired by FreeBSD ports.\u003cbr\u003e\nFor the first slot after lunch, agc@ gave a talk on the early history of pkgsrc followed by Thomas Merkel on using vagrant to test pkgsrc changes with ease, locally, using vagrant. khorben@ covered his work on adding security to pkgsrc and bsiegert@ covered the benefits of performing our bulk builds in the cloud and the challenges we currently face.\u003cbr\u003e\nMy talk was about some topics and ideas which had inspired me or caught my attention, and how it could maybe apply to my work.The title of the talk was taken from the name of Andrew Weatherall\u0026#39;s Saint Etienne remix, possibly referring to two different styles of track (dub \u0026amp; vocal) merged into one or something else. I meant it in terms of applicability of thoughts and ideas. After me, agc@ gave a second talk on the evolution of the Netflix Open Connect appliance which runs FreeBSD and Vsevolod Stakhov wrapped up the day with a talk about the technical implementation details of the successor to pkg_tools in FreeBSD, called pkg, and how it could be of benefit for pkgsrc.\u003cbr\u003e\nFor day 2 we gathered for a hack day at the London Hack Space.\u003cbr\u003e\nI had burn\u0026#39;t some some CD of the most recent macppc builds of NetBSD 8.0_BETA and -current to install and upgrade Mac Minis. I setup the donated G4 minis for everyone in a dual-boot configuration and moved on to taking apart my MacBook Air to inspect the wifi adapter as I wanted to replace it with something which works on FreeBSD. It was not clear from the ifixit teardown photos of cards size, it seemed like a normal mini-PCIe card but it turned out to be far smaller. Thomas had also had the same card in his and we are not alone. Thomas has started putting together a driver for the Broadcom card, the project is still in its early days and lacks support for encrypted networks but hopefully it will appear on review.freebsd.org in the future.\u003cbr\u003e\nweidi@ worked on fixing SunOS bugs in various packages and later in the night we setup a NetBSD/macppc bulk build environment together on his Mac Mini.\u003cbr\u003e\nThomas setup an OpenGrock instance to index the source code of all the software available for packaging in pkgsrc. This helps make the evaluation of changes easier and the scope of impact a little quicker without having to run through a potentially lengthy bulk build with a change in mind to realise the impact. bsiegert@ cleared his ticket and email backlog for pkgsrc and alnsn@ got NetBSD/evbmips64-eb booting on his EdgeRouter Lite.\u003cbr\u003e\nOn Monday we reconvened at the Hack Space again and worked some more. I started putting together the talks page with the details from Saturday and the the slides which I had received, in preparation for the videos which would come later in the week. By 3pm pkgsrcCon was over. I was pretty exhausted but really pleased to have had a few days of techie fun.\u003cbr\u003e\nMany thanks to The NetBSD Foundation for purchasing a camera to use for streaming the event and a speedy response all round by the board. The Open Source Specialist Group at BCS, The Chartered Institute for IT and the London Hack Space for hosting us. Scale Engine for providing streaming facility. weidi@ for hosting the recorded videos. Allan Jude for pointers, Jared McNeill for debugging, NYCBUG and Patrick McEvoy for tips on streaming, the attendees and speakers. This year we had speakers from USA, Italy, Germany and London E2. Looking forward to pkgsrcCon 2018!\u003cbr\u003e\nThe videos and slides are available \u003ca href=\"http://www.pkgsrc.org/pkgsrcCon/2017/talks.html\" rel=\"nofollow\"\u003ehere\u003c/a\u003e and the \u003ca href=\"http://archive.org/details/pkgsrcCon-2017\" rel=\"nofollow\"\u003eInternet Archive\u003c/a\u003e.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.servethehome.com/quickassist-driver-freebsd-pfsupport-coming/\" rel=\"nofollow\"\u003eQuickAssist Driver for FreeBSD is here and pfSense Support Coming\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis week we have something that STH readers will be excited about. Before I started writing for STH, I was a reader and had been longing for QuickAssist support ever since STH’s first Rangeley article over three and a half years ago. It was clear from the get-go that Rangeley was going to be the preeminent firewall appliance platform of its day. The scope of products that were impacted by the Intel Atom C2000 series bug showed us it was indeed. For my personal firewalls, I use pfSense on that Rangeley platform so I have been waiting to use QuickAssist with my hardware for almost an entire product generation.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew Hardware and QuickAssist Incoming to pfSense (Finally)\npfSense (and a few other firewalls) are based on FreeBSD. FreeBSD tends to lag driver support behind mainstream Linux but it is popular for embedded security appliances. While STH is the only site to have done QuickAssist benchmarks for OpenSSL and IPSec VPNs pre-Skylake, we expect more platforms to use it now that the new Intel Xeon Scalable Processor Family is out. With the Xeon Scalable platforms, the “Lewisburg” PCH has QuickAssist options of up to 100Gbps, or 2.5x faster than the previous generation add-in cards we tested (40Gbps.) We now have more and better hardware for QAT, but we were still devoid of a viable FreeBSD QAT driver from Intel. That has changed.\nOur Intel Xeon Scalable Processor Family (Skylake-SP) Launch Coverage Central has been the focus of the STH team’s attention this week. There was another important update from Intel that got buried, a publicly available Intel QuickAssist driver for FreeBSD. You can find the driver on 01.org here dated July 12, 2017.\nDrivers are great, but we still need support to be enabled in the OS and at the application layer. Patrick forwarded me this tweet from Jim Thompson (lead at Netgate the company behind pfSense):\nThe Netgate team has been a key company pushing QuickAssist appliances in the market, usually based on Linux. To see that QAT is coming to FreeBSD and that they were working to integrate into “pfSense soon” is more than welcome.\nFor STH readers, get ready. It appears to be actually and finally happening. QuickAssist on FreeBSD and pfSense\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2017/07/14/matebook\" rel=\"nofollow\"\u003eOpenBSD on the Huawei MateBook X\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Huawei MateBook X is a high-quality 13\u0026quot; ultra-thin laptop with a fanless Core i5 processor. It is obviously biting the design of the Apple 12\u0026quot; MacBook, but it does have some notable improvements such as a slightly larger screen, a more usable keyboard with adequate key travel, and 2 USB-C ports.\u003cbr\u003e\nIt also uses more standard PC components than the MacBook, such as a PS/2-connected keyboard, removable m.2 WiFi card, etc., so its OpenBSD compatibility is quite good.\u003cbr\u003e\nIn contrast to the Xiaomi Mi Air, the MateBook is actually sold (2) in the US and comes with a full warranty and much higher build quality (though at twice the price). It is offered in the US in a \u0026quot;space gray\u0026quot; color for the Core i5 model and a gold color for the Core i7.\u003cbr\u003e\nThe fanless Core i5 processor feels snappy and doesn\u0026#39;t get warm during normal usage on OpenBSD. Doing a make -j4 build at full CPU speed does cause the laptop to get warm, though the palmrest maintains a usable temperature.\u003cbr\u003e\nThe chassis is all aluminum and has excellent rigidity in the keyboard area. The 13.0\u0026quot; 2160x1440 glossy IPS \u0026quot;Gorilla glass\u0026quot; screen has a very small bezel and its hinge is properly weighted to allow opening the lid with one hand. There is no wobble in the screen when open, even when jostling the desk that the laptop sits on. It has a reported brightness of 350 nits.\u003cbr\u003e\nI did not experience any of the UEFI boot variable problems that I did with the Xiaomi, and the MateBook booted quickly into OpenBSD after re-initializing the GPT table during installation.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.cagedmonster.net/opensmtpd-under-openbsd-with-ssl-virtualusers-dovecot/\" rel=\"nofollow\"\u003eOpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDuring the 2013 AsiaBSDCon, the team of OpenBSD presented its mail solution named OpenSMTPD. \u003c/li\u003e\n\u003cli\u003eDeveloped by the OpenBSD team, we find the so much appreciated philosophy of its developers : security, simplicity / clarity and advanced features.\u003c/li\u003e\n\u003cli\u003eBasic configuration : OpenSMTPD is installed by default, we can immediately start with a simple configuration.\n\u0026gt; We listen on our interfaces, we specify the path of our aliases file so we can manage redirections. \n\u0026gt; Mails will be delivered for the domain cagedmonster.net to mbox (the local users mailbox), same for the aliases. \n\u0026gt; Finally, we accept to relay local mails exclusively.\n\u0026gt; We can now enable smtpd at system startup and start the daemon.\u003c/li\u003e\n\u003cli\u003eAdvanced configuration including TLS :\n\n\u003cul\u003e\n\u003cli\u003eYou can use SSL with : A self-signed certificate (which will not be trusted) or a certificate generated by a trusted authority. LetsEncrypt uses Certbot to generated your certificate. You can check this page for further informations. Let\u0026#39;s focus on the first.\u003c/li\u003e\n\u003cli\u003eGeneration of the certificate :\u003c/li\u003e\n\u003cli\u003eWe fix the permissions :\u003c/li\u003e\n\u003cli\u003eWe edit the config file :\n\u0026gt; We have a mail server with SSL, it\u0026#39;s time to configure our IMAP server, Dovecot, and manage the creation of virtual users.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDovecot setup, and creation of Virtual Users : We will use the package system of OpenBSD, so please check the configuration of your /etc/pkg.conf file.\n\n\u003cul\u003e\n\u003cli\u003eEnable the service at system startup :\u003c/li\u003e\n\u003cli\u003eSetup the Virtual Users structure :\u003c/li\u003e\n\u003cli\u003eAdding the passwd table for smtpd :\u003c/li\u003e\n\u003cli\u003eModification of the OpenSMTPD configuration :\u003c/li\u003e\n\u003cli\u003eWe declare the files used for our Virtual Accounts, we include SSL, and we configure mails delivery via the Dovecot lmtp socket.\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll create our user \u003ca href=\"mailto:lina@cagedmonster.net\" rel=\"nofollow\"\u003elina@cagedmonster.net\u003c/a\u003e and set its password.\u003c/li\u003e\n\u003cli\u003eConfigure SSL\u003c/li\u003e\n\u003cli\u003eConfigure dovecot.conf\u003c/li\u003e\n\u003cli\u003eConfigure mail.con\u003c/li\u003e\n\u003cli\u003eConfigure login.conf : Make sure that the value of openfiles-cur in /etc/login.conf is equal or superior of 1000 !\u003c/li\u003e\n\u003cli\u003eStarting Dovecot\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.cagedmonster.net/opensmtpd-and-dovecot-under-openbsd-with-mysql-support-and-spamd/\" rel=\"nofollow\"\u003eOpenSMTPD and Dovecot under OpenBSD with MySQL support and SPAMD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis article is the continuation of my previous tutorial OpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot. We\u0026#39;ll use the same configuration and add some features so we can :\u003cbr\u003e\nUse our domains, aliases, virtual users with a MySQL database (MariaDB under OpenBSD).\u003cbr\u003e\nDeploy SPAMD with OpenSMTPD for a strong antispam solution.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSetup of the MySQL support for OpenSMTPD \u0026amp; Dovecot\u003c/li\u003e\n\u003cli\u003eWe create our SQL database named « smtpd » \u003c/li\u003e\n\u003cli\u003eWe create our SQL user « opensmtpd » we give him the privileges on our SQL database and we set its password \u003c/li\u003e\n\u003cli\u003eWe create the structure of our SQL database\u003c/li\u003e\n\u003cli\u003eWe generate our password with Blowfish (remember it\u0026#39;s OpenBSD !) for our users\u003c/li\u003e\n\u003cli\u003eWe create our tables and we include our datas\u003c/li\u003e\n\u003cli\u003eWe push everything to our database\u003c/li\u003e\n\u003cli\u003eTime to configure OpenSMTPD\u003c/li\u003e\n\u003cli\u003eWe create our mysql.conf file and configure it \u003c/li\u003e\n\u003cli\u003eConfiguration of Dovecot.conf\u003c/li\u003e\n\u003cli\u003eConfiguration of auth-sql.conf.ext\u003c/li\u003e\n\u003cli\u003eConfiguration of dovecot-sql.conf.ext\u003c/li\u003e\n\u003cli\u003eRestart our services\nOpenSMTPD \u0026amp; SPAMD :\nSPAMD is a service simulating a fake SMTP server and relying on strict compliance with RFC to determine whether the server delivering a mail is a spammer or not. \u003c/li\u003e\n\u003cli\u003eConfiguration of SPAMD :\u003c/li\u003e\n\u003cli\u003eEnable SPAMD \u0026amp; SPAMLOGD at system startup :\u003c/li\u003e\n\u003cli\u003eConfiguration of SPAMD flags \u003c/li\u003e\n\u003cli\u003eConfiguration of PacketFilter\u003c/li\u003e\n\u003cli\u003eConfiguration of SPAMD \u003c/li\u003e\n\u003cli\u003eStart SPAMD \u0026amp; SPAMLOGD \n***\n###\u003ca href=\"https://networkingbsdblog.wordpress.com/2017/07/14/freebsd-tor-relay-using-priveledge-seperation/\" rel=\"nofollow\"\u003eRunning a TOR relay on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere are 2 main steps to getting a TOR relay working on FreeBSD:\n\n\u003cul\u003e\n\u003cli\u003eInstalling and configuring Tor\u003c/li\u003e\n\u003cli\u003eUsing an edge router to do port translation\u003c/li\u003e\n\u003cli\u003eIn my case I wanted TOR to run it’s services on ports 80 and 443 but any port under 1024 requires root access in UNIX systems.\n+So I used port mapping on my router to map the ports.\n+Begin by installing TOR and ARM from:\n\u003ccode\u003e\n/usr/ports/security/tor/\n/usr/ports/security/arm/\n\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eArm is the Anonymizing Relay Monitor: \u003ca href=\"https://www.torproject.org/projects/arm.html.en\" rel=\"nofollow\"\u003ehttps://www.torproject.org/projects/arm.html.en\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt provides useful monitoring graph and can be used to configure the torrc file.\u003c/li\u003e\n\u003cli\u003eNext step edit the torrc file (see Blog article for the edit)\u003c/li\u003e\n\u003cli\u003eIt is handy to add the following lines to /etc/services so you can more easily modify your pf configuration.\n\u003ccode\u003e\ntorproxy 9050/tcp #torsocks\ntorOR 9090/tcp #torOR\ntorDIR 9099/tcp #torDIR\n\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTo allow TOR services my pf.conf has the following lines:\n\u003ccode\u003e\n# interfaces\nlan_if=”re0″\nwifi_if=”wlan0″\ninterfaces=”{wlan0,re0}”\ntcp_services = “{   ssh torproxy torOR torDIR  }”\n# options\nset block-policy drop\nset loginterface $lan_if\n# pass on lo\nset skip on lo\nscrub in on $lan_if all fragment reassemble\n# NAT\nnat on $lan_if from $wifi_if:network to !($lan_if) -\u0026gt; ($lan_if)\nblock all\nantispoof for $interfaces\n#In NAT\npass in log on $wifi_if inet\npass out all keep state\n#ICMP\npass out log inet proto icmp from any to any keep state\npass in log quick inet proto icmp from any to any keep state\n#SSH\npass in inet proto tcp to $lan_if port ssh\npass in inet proto tcp to $wifi_if port ssh\n#TCP Services on Server\npass in inet proto tcp to $interfaces port $tcp_services keep state\n\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe finally part is mapping the ports as follows:\n\u003ccode\u003e\nTOR directory port: LANIP:9099 —\u0026gt; WANIP:80\nTOR router port: LANIP:9090 —-\u0026gt; WANIP:443\n\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eNow enable TOR:\n\u003ccode\u003e$ sudo echo “tor_enable=YES” \u0026gt;\u0026gt; /etc/rc.conf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStart TOR:\n\u003ccode\u003e$ sudo service tor start\u003c/code\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://unixseclab.com/index.php/2017/06/12/openbsd-as-a-desktop-laptop/\" rel=\"nofollow\"\u003eOpenBSD as a “Desktop” (Laptop)\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-July/625997.html\" rel=\"nofollow\"\u003eSascha Wildner has updated ACPICA in DragonFly to Intel’s version 20170629\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://www.dragonflydigest.com/2017/07/18/19991.html\" rel=\"nofollow\"\u003eDport, Rust, and updates for DragonFlyBSD\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://opnsense.org/opnsense-17-7-rc1/\" rel=\"nofollow\"\u003eOPNsense 17.7 RC1 released\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://www.networkworld.com/article/3205148/linux/unix-s-mysterious-andand-and.html#tk.rss_unixasasecondlanguage\" rel=\"nofollow\"\u003eUnix’s mysterious \u0026amp;\u0026amp; and ||\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://boingboing.net/2017/06/16/cyberspace-is-everting.html\" rel=\"nofollow\"\u003eThe Commute Deck : A Homebrew Unix terminal for tight places\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2017-July/087407.html\" rel=\"nofollow\"\u003eFreeBSD 11.1-RC3 now available\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2017-July/313528.html\" rel=\"nofollow\"\u003eInstalling DragonFlyBSD with ORCA when you’re totally blind\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://imgur.com/gallery/dc1pu\" rel=\"nofollow\"\u003eWho says FreeBSD can’t look good\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170716160129\" rel=\"nofollow\"\u003ePratik Vyas adds the ability to do paused VM migrations for VMM\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://dpaste.com/0EXV173#wrap\" rel=\"nofollow\"\u003eHrvoje - OpenBSD MP Networking\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://dpaste.com/1N853NG#wrap\" rel=\"nofollow\"\u003eGoran - debuggers\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://dpaste.com/1JXQY5E#wrap\" rel=\"nofollow\"\u003eAbhinav - man-k\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://dpaste.com/01ERMEQ#wrap\" rel=\"nofollow\"\u003eLiam - university setup\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e","summary":"In this episode, we clear up the myth about scrub of death, look at Wayland and Weston on FreeBSD, Intel QuickAssist is here, and we check out OpenSMTP on OpenBSD.","date_published":"2017-07-26T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4e71ddba-a23a-4036-a89e-ce7d0efe1940.mp3","mime_type":"audio/mpeg","size_in_bytes":58443124,"duration_in_seconds":4870}]},{"id":"f352fe58-6e6c-4354-80fa-35e2224efc5f","title":"203: For the love of ZFS","url":"https://www.bsdnow.tv/203","content_text":"This week on BSD Now, we clear up some ZFS FUD, show you how to write a NetBSD kernel module, and cover DragonflyBSD on the desktop.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nZFS is the best file system (for now)\n\n\nIn my ongoing effort to fight misinformation and FUD about ZFS, I would like to go through this post in detail and share my thoughts on the current state and future of OpenZFS.\nThe post starts with:\n\n\n\nZFS should have been great, but I kind of hate it: ZFS seems to be trapped in the past, before it was sidelined it as the cool storage project of choice; it’s inflexible; it lacks modern flash integration; and it’s not directly supported by most operating systems. But I put all my valuable data on ZFS because it simply offers the best level of data protection in a small office/home office (SOHO) environment. Here’s why.\nWhen ZFS first appeared in 2005, it was absolutely with the times, but it’s remained stuck there ever since. The ZFS engineers did a lot right when they combined the best features of a volume manager with a “zettabyte-scale” filesystem in Solaris 10\nThe skies first darkened in 2007, as NetApp sued Sun, claiming that their WAFL patents were infringed by ZFS. Sun counter-sued later that year, and the legal issues dragged on.\n\n\n\nThe lawsuit was resolved, and it didn’t really impede ZFS. Some say it is the reason that Apple didn’t go with ZFS, but there are other theories too.\n\n\n\nBy then, Sun was hitting hard times and Oracle swooped in to purchase the company. This sowed further doubt about the future of ZFS, since Oracle did not enjoy wide support from open source advocates.\n\n\n\nYes, Oracle taking over Sun and closing the source for ZFS definitely seemed like a setback at the time, but the OpenZFS project was started and active development has continued as an ever increasing pace. As of today, more than half of the code in OpenZFS has been written since the fork from the last open version of Oracle ZFS.\n\n\n\nthe CDDL license Sun applied to the ZFS code was [https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/](judged incompatible) with the GPLv2 that covers Linux, making it a non-starter for inclusion in the world’s server operating system.\n\n\n\nThat hasn’t stopped the ZFS-on-Linux project, or Ubuntu…\n\n\n\nAlthough OpenSolaris continued after the Oracle acquisition, and FreeBSD embraced ZFS, this was pretty much the extent of its impact outside the enterprise. Sure, NexentaStor and [http://blog.fosketts.net/2008/09/15/greenbytes-embraces-extends-zfs/](GreenBytes) helped push ZFS forward in the enterprise, but Oracle’s lackluster commitment to Sun in the datacenter started having an impact.\n\n\n\nLots of companies have adopted OpenZFS for their products. Before OpenZFS, there were very few non-Sun appliances that used ZFS, now there are plenty.\nOpenZFS Wiki: Companies with products based on OpenZFS\n\n\n\nOpenZFS remains little-changed from what we had a decade ago.\n\n\n\nOther than the fact that half of the current code did not exist a decade ago…\n\n\n\nMany remain skeptical of deduplication, which hogs expensive RAM in the best-case scenario.\n\n\n\nThis is one of the weaker points in ZFS. As it turns out, the demand for deduplication is actually not that strong. Most of the win can be had with transparent compression.\nHowever, there are a number of suggested designs to work around the dedup problems:\n\n\nDedup Ceiling: Set a limit on the side of the DDT and just stop deduping new unique blocks when this limit is reached.\nAllocation Classes: A feature being developed by Intel for a supercomputer, will allow different types of data to be classified, and dedicated vdevs (or even metaslabs within a vdev), to be dedicated to that class of data. This could be extended to having the DDT live on a fast device like an PCIe NVMe, combined with the Dedup Ceiling when the device is full.\nDDT Pruning: Matt Ahrens described a design where items in the DDT with only a single reference, would be expired in an LRU type fashion, to allow newer blocks to live in the DDT in hopes that they would end up with more than a single reference. This doesn’t cause bookkeeping problems since when a block is about to be freed, if it is NOT listed in the DDT, ZFS knows it was never deduplicated, so the current block must be the only reference, and it can safely be freed. This provides a best case scenario compared to Dedup Ceiling, since blocks that will deduplicate well, are likely to be written relatively close together, whereas the chance to a dedup match on a very old block is much lower.\n\n\n\n\nAnd I do mean expensive: Pretty much every ZFS FAQ flatly declares that ECC RAM is a must-have and 8 GB is the bare minimum. In my own experience with FreeNAS, 32 GB is a nice amount for an active small ZFS server, and this costs $200-$300 even at today’s prices.\n\n\n\nAs we talked about a few weeks ago, ECC is best, but it is not required. If you want your server to stay up for a long time, to be highly available, you’ll put ECC in it. Don’t let a lack of ECC stop you from using ZFS, you are just putting your data at more risk. The scrub of death is a myth.\nZFS does not ‘require’ lots of ram. Your NAS will work happily with 8 GB instead of 32 GB of RAM. Its cache hit ratio will be much lower, so performance will be worse. It won’t be able to buffer as many writes, so performance will be worse.\nCopy-on-Write has some drawbacks, data tends to get scattered and fragmented across the drives when it is written gradually. The ARC (RAM Cache) lessens the pain of this, and allows ZFS to batch incoming writes up into nice contiguous writes. ZFS purposely alternates between reading and writing, since both are faster when the other is not happening. So writes are batched up until there is too much dirty data, or the timeout expires. Then reads are held off while the bulk linear write finishes as quickly as possible, and reads are resumed.\nObviously all of this works better and more efficiently in larger batches, which you can do if you have more RAM.\nZFS can be tuned to use less RAM, and if you do not have a lot of RAM, or you have a lot of other demand on your RAM, you should do that tuning.\n\n\n\nAnd ZFS never really adapted to today’s world of widely-available flash storage: Although flash can be used to support the ZIL and L2ARC caches, these are of dubious value in a system with sufficient RAM, and ZFS has no true hybrid storage capability. It’s laughable that the ZFS documentation obsesses over a few GB of SLC flash when multi-TB 3D NAND drives are on the market. And no one is talking about NVMe even though it’s everywhere in performance PC’s.\n\n\n\nMake up your mind, is 32GB of ram too expensive or not…\nthe L2ARC exists specifically for the case where it is not possible to just install more RAM. Be it because there are no more slots, of limits of the processor, or limits of your budget.\nThe SLOG is optional, but it never needs to be very big. A number of GBs of SLC flash is all you need, it is only holding writes that have not been flushed to the regular storage devices yet. The reason the documentation talks about SLC specifically is because your SLOG needs a very high write endurance, something never the newest NVMe devices cannot yet provide. \nOf course you can use NVMe devices with ZFS, lots of people do. All flash ZFS arrays are for sale right now. Other than maybe a little tuning of the device queue depths, ZFS just works and there is nothing to think about.\nHowever, to say there is nothing happening in this space is woefully inaccurate.\nThe previously mentioned allocation classes code can be used to allocate metadata (4 KB blocks) on SSD or NVMe, while allocating bulk storage data (up to 16 MB blocks) on spinning disks. Extended a bit beyond what Intel is building for their super computer, this will basically create hybrid storage for ZFS.\nWith the metaslab classes feature, it will even be possible to mix classes on the same device, grouping small allocations and large allocations in different areas, decreasing fragmentation.\n\n\n\nThen there’s the question of flexibility, or lack thereof. Once you build a ZFS volume, it’s pretty much fixed for life. There are only three ways to expand a storage pool:\n\n\nReplace each and every drive in the pool with a larger one (which is great but limiting and expensive)\n\n\n\n\nIt depends on your pool layout. If you design with this in mind using ZFS Mirrors, it can be quite useful\n\n\n\n\nAdd a stripe on another set of drives (which can lead to imbalanced performance and redundancy and a whole world of potential stupid stuff)\n\n\n\n\nThe unbalanced LUNs performance issues were sorted out in 2013-2016. \n2014: OpenZFS Allocation Performance \n2016: OpenZFS space allocation: doubling performance on large and fragmented pools\nThese also mostly solved the performance issues when a pool gets full, you can run a lot closer to the edge now\n\n\n\n\nBuild a new pool and “zfs send” your datasets to it (which is what I do, even though it’s kind of tricky)\n\n\n\n\nThis is one way to do it, yes.\nThere is another way coming, but I can’t talk about it just yet. Look for big news later this year.\n\n\n\nApart from option 3 above, you can’t shrink a ZFS pool.\n\n\n\nDevice removal is arriving now. It will not work for RAIDZ*, but for Mirrors and Stripes you will be able to remove a device.\n\n\n\nI’ve probably made ZFS sound pretty unappealing right about now. It was revolutionary but now it’s startlingly limiting and out of touch with the present solid-state-dominated storage world.\n\n\n\nI don’t feel like ZFS is out of touch with solid state. Lots of people are running SSD only pools. I will admit the tiered storage options in ZFS are a bit limited still, but there is a lot of work being done to overcome this.\n\n\n\nAfter all, reliably storing data is the only thing a storage system really has to do. All my important data goes on ZFS, from photos to music and movies to office files. It’s going to be a long time before I trust anything other than ZFS!\n\n\nI agree.\nZFS has a great track record of doing its most important job, keeping your data safe.\nWork is ongoing to make ZFS more performance, and more flexible. The import thing is that this work is never allowed to compromise job #1, keeping your data safe.\nHybrid/tiered storage features, re-RAID-ing, are coming\nThere is a lot going on with OpenZFS, check out the notes from the last two OpenZFS Developer Summits just to get an idea of what some of those things are: \n\n\n\n2015 \u0026amp; 2016\n\n\nSome highlights:\n\n\nCompressed ARC\nCompressed send/recv\nABD (arc buf scatter/gather)\nZFS Native Encryption (scrub/resilver, send/recv, etc without encryption keys loaded)\nChannel Programs (do many administrative operations as one atomic transaction)\nDevice Removal\nRedacted send/recv\nZStandard Compression\nTRIM Support (FreeBSD has its own, but this will be more performant and universal)\nFaster Scrub/Resilver\nDeclustered RAID\nAllocation Classes\nMulti-mount protection (for Active/Passive failover)\nZpool Checkpoint (undo almost anything)\nEven more Improved Allocator Performance\nvdev spacemap log\nZIL performance improvements (w/ or w/o SLOG)\nPersistent L2ARC\n\nWhat I don’t think the author of this article understands is how far behind every other filesystem is. 100s of Engineer years have gone into OpenZFS, and the pace is accelerating. I don’t see how BtrFS can ever catch up, without a huge cash infusion.\n\n\n\n\nWriting a NetBSD kernel module\n\n\nKernel modules are object files used to extend an operating system’s kernel functionality at run time.\nIn this post, we’ll look at implementing a simple character device driver as a kernel module in NetBSD. Once it is loaded, userspace processes will be able to write an arbitrary byte string to the device, and on every successive read expect a cryptographically-secure pseudorandom permutation of the original byte string.\n\n\n\nYou will need the NetBSD Source Code.\n\n\nThis doc will explain how you can get it.\n\nThe article gives an easy line by line walkthrough which is easy to follow and understand.\nThe driver implements the bare minimum: open, close, read, and write, plus the module initialization function\nIt explains the differences in how memory is allocated and freed in the kernel\nIt also describes the process of using UIO to copy data back and forth between userspace and the kernel\nCreate a Makefile, and compile the kernel module\nThen, create a simple userspace program to use the character device that the kernel module creates\nAll the code is available here\n***\n\n\nDragonFlyBSD Desktop!\n\n\nIf you read my last post, you know that I set up a machine (Thinkpad x230) with UEFI and four operating systems on it.  One, I had no experience with – DragonFlyBSD (other than using Matthew Dillon’s C compiler for the Amiga back in the day!) and so it was uncharted territory for me.  After getting the install working, I started playing around inside of DragonFlyBSD and discovered to my delight that it was a great operating system with some really unique features – all with that BSD commitment to good documentation and a solid coupling of kernel and userland that doesn’t exist (by design) in Linux.\nSo my goal for my DragonFlyBSD desktop experience was to be as BSD as I possibly could.  Given that (and since I’m the maintainer of the port on OpenBSD ), I went with Lumina as the desktop environment and XDM as the graphical login manager.  I have to confess that I really like the xfce terminal application so I wanted to make sure I had that as well.  Toss in Firefox, libreOffice and ownCloud sync client and I’m good to go!\nOK.  So where to start.  First, we need to get WiFi and wired networking happening for the console at login.  To do that, I added the following to /etc/rc.conf:\n\nwlans_iwn0=”wlan0″\nifconfig_wlan0=”WPA DHCP”\nifconfig_em0=”DHCP”\n\n\nI then edited /etc/wpa_supplicant.conf to put in the details of my WiFi network:\n\nnetwork={\nssid=”MY-NETWORK-NAME”\npsk=”my-super-secret-password”\n}\n\n\nA quick reboot showed that both wired and wireless networking were functional and automatically were assigned IP addresses via DHCP.  Next up is to try getting into X with whatever DragonFlyBSD uses for its default window manager.  A straight up “startx” met with, shall we say, less than stellar results.  Therefore, I used the following command to generate a simple /etc/X11/xorg.conf file:\n\n\u0026amp;#35; Xorg -configure\n\u0026amp;#35; cp /root/xorg.conf.new /etc/X11/xorg.conf\n\n\nWith that file in place, I could get into the default window manager, but I had no mouse.  After some searching and pinging folks on the mailing list, I was able to figure out what I needed to do.  I added the following to my /etc/rc.conf file:\n\nmoused_enable=”YES”\nmoused_type=”auto”\nmoused_port=”/dev/psm0″\n\n\nI rebooted (I’m sure there is an easier way to get the changes but I don’t know it… yet) and was able to get into a basic X session and have a functional mouse.  Next up, installing and configuring Lumina!  To do that, I went through the incredibly torturous process of installing Lumina:\n\n\n# pkg install lumina\n\n\nWow!  That was really, really hard.  I might need to pause here to catch my breath. 🙂\n\nNext up, jumping into Lumina from the console.  To do that, I created a .xinitrc file in my home directory with the following:\n\n\nexec start-lumina-desktop\n\n\nFrom there, I could “startx” until my heart was content and bounce into Lumina.  That wasn’t good enough though!  I want a graphical login (specifically xdm).  To do that, I had to do a little research.  The trick on DragonFlyBSD is not to add anything to /etc/rc.conf like you do in other BSDs, it’s a bit more old school.  Basically you need to edit the /etc/ttys file and update ttyv8 to turn on the xdm daemon:\n\n\nttyv8    “/usr/X11R6/bin/xdm -nodaemon”    xterm    on    secure\n\n\nThe other thing you need to do is set it up to use your desktop environment of choice.  In my case, that’s Lumina.  To do that, I needed to edit /usr/local/lib/X11/xdm/Xsession and change the next to the last line in the file to launch Lumina:\n\n\nexec /usr/local/bin/start-lumina-desktop\n\n\nI then crossed my fingers, rebooted and lo and behold had a graphical login that, when I actually didn’t fat finger my password from excitement, put me into the Lumina desktop environment!\nNext up – I need a cool desktop wallpaper.  Of course that’s way more important that installing application or other stuff!  After some searching, I found this one that met my needs.  I downloaded it to a local ~/Pictures directory and then used the Lumina wallpaper preference application to add the directory containing the picture and set it to automatic layout.  Voila!  I had a cool DragonFlyBSD wallpaper.\nNext I installed the xfce4 terminal program by doing:\n\n\n# pkg install xfce4-terminal\n\n\nI then went into the Lumina “All Desktop Settings” preferences, found the applet for the “Menu” under “Interface Configuration” and swapped out “terminal” for “Xfce Terminal”.  I then configured Lumina further to have a 26 pixel thick, 99% length bottom center panel with the following gadgets in it (in this order):\n\nStart Menu\nTask Manager (No Groups)\nSpacer\nSystem Tray\nTime/Date\nBattery Monitor\n\n\nI then went into my Appearance | Window Manager gadget and set my Window Theme to “bora_blue” (my favorite out of the defaults supplied).  I then installed my remaining applications that I needed in order to have a functioning desktop:\n\n\n# pkg install owncloudclient qtkeychain evolution evolution-ews firefox libreoffice\n\n\nAfter that, I really had a nicely functioning desktop environment!  By the way, the performance of DragonFlyBSD is pretty impressive in terms of its day to day usage.  Keep in mind I’m not doing any official benchmarking or anything, but it sure feels to me to be just as fast (if not faster) than OpenBSD and FreeBSD.  I know that the kernel team has done a lot to unlock things (which FreeBSD has done and we are starting to do on OpenBSD) so perhaps I can attribute the “snappiness” to that?\nAs you can see, although there isn’t as much documentation on the Internet for this BSD, you can get a really nice, functional desktop out of it with some simple (and intuitive) configuration.  I’m really looking forward to living in this system for a while and learning about it.  Probably the first thing I’ll do is ring up the port maintainer for Lumina and see if we can’t collaborate on getting Lumina 1.3 moved over to it!  Give this one a try – I think you’ll find that its a very nice operating system with some very cool features (the HAMMER filesystem for one!).\n\n\n\n\nNews Roundup\n\nPorting NetBSD to Alwinner H3 SoCs\n\n\nJared McNeill writes on the the NetBSD blog:\n\n\n\nA new SUNXI evbarm kernel has appeared recently in NetBSD -current with support for boards based on the Allwinner H3 system on a chip (SoC). The H3 SoC is a quad-core Cortex-A7 SoC designed primarily for set-top boxes, but has managed to find its way into many single-board computers (SBC). This is one of the first evbarm ports built from the ground up with device tree support, which helps us to use a single kernel config to support many different boards.\nTo get these boards up and running, first we need to deal with low-level startup code. For the SUNXI kernel this currently lives in sys/arch/evbarm/sunxi/. The purpose of this code is fairly simple; initialize the boot CPU and initialize the MMU so we can jump to the kernel. The initial MMU configuration needs to cover a few things -- early on we need to be able to access the kernel, UART debug console, and the device tree blob (DTB) passed in from U-Boot. We wrap the kernel in a U-Boot header that claims to be a Linux kernel; this is no accident! This tells U-Boot to use the Linux boot protocol when loading the kernel, which ensures that the DTB (loaded by U-Boot) is processed and passed to us in r2.\nOnce the CPU and MMU are ready, we jump to the generic ARM FDT implementation of initarm in sys/arch/evbarm/fdt/fdt_machdep.c. The first thing this code does is validate and relocate the DTB data. After it has been relocated, we compare the compatible property of the root node in the device tree with the list of ARM platforms compiled into the kernel. The Allwinner sunxi platform code lives in sys/arch/arm/sunxi/sunxi_platform.c. The sunxi platform code provides SoC-specific versions of code needed early at boot. We need to know how to initialize the debug console, spin up application CPUs, reset the board, etc.\nWith a bit of luck, we're now booting and enumerating devices. Apart from a few devices, almost nothing works yet as we are missing a driver for the CCU. The CCU in the Allwinner H3 SoC controls PLLs and most of the clock generation, division, muxing, and gating. Since there are many similarities between Allwinner SoCs, I opted to write generic CCU code and then SoC-specific frontends. The resulting code lives in sys/arch/arm/sunxi/; generic code as sunxi_ccu.c and H3-specific code in sun8i_h3_ccu.c.\n\n\n\nJared has more information about porting and also provides a boot log.\n***\n\n\nTrueOS Community Spotlight: Reset ZFS Replication using the command line\n\n\nWe’d like to spotlight TrueOS community member Brad Alexander for documenting his experience repairing ZFS dataset replication with TrueOS. Thank you! His notes are posted here, and they’ve been added to the TrueOS handbook Troubleshooting section for later reference.\n\n\n\nOriginal indications\n\n\n\nThe SysAdm Client tray icon was pulsing red. Right-clicking on the icon and clicking Messages would show the message:\n\n\nFAILED replication task on NCC74602 -\u0026gt; 192.168.47.20: LOGFILE: /var/log/lpreserver/lpreserver_failed.log\n\n\n/var/log/lpreserver/lastrep-send.log shows very little information:\n\nsend from @auto-2017-07-12-01-00-00 to NCC74602/ROOT/12.0-CURRENT-up-20170623_120331@auto-2017-07-14-01-00-00\ntotal estimated size is 0\nTIME        SENT    SNAPSHOT\n\n\nAnd no useful errors were being written to the lpreserver_failed.log.\n\n\n\nRepairing replication\n\n\nFirst attempt:\n\n\n\n\nThe first approach I tried was to use the Sysadm Client:\nI clicked on the dataset in question, then clicked Initialize. After waiting a few minutes, I clicked Start. I was immediately rewarded with a pulsing red icon in the system tray and received the same messages as above.\n\n\n\nSecond attempt:\n\n\n\nI was working with, and want to specially thank @RodMyers and @NorwegianRockCat. They suggested I use the lpreserver command line. So I issued these commands:\n\nsudo lpreserver replicate init NCC74602 192.168.47.20\nsudo lpreserver replicate run NCC74602 192.168.47.20\n\n\nUnfortunately, the replication failed again. I got these messages in the logs:\n\nFri Jul 14 09:03:34 EDT 2017: Removing NX80101/archive/yukon.sonsofthunder.nanobit.org/ROOT - re-created locally\ncannot unmount '/mnt/NX80101/archive/yukon.sonsofthunder.nanobit.org/ROOT': Operation not permitted\nFailed creating remote dataset!\ncannot create 'NX80101/archive/yukon.sonsofthunder.nanobit.org/ROOT': dataset already exists\n\n\nIt turned out there were a number of children. I logged into luna (the FreeNAS) and issued this command as root: \n\n\nzfs destroy -r NX80101/archive/defiant.sonsofthunder.nanobit.org\n\n\nI then ran the replicate init and replicate run commands again from the TrueOS host, and replication worked! It has continued to work too, at least until the next fiddly bit breaks.\n\n\n\n\nKernel relinking status from Theo de Raadt\n\n\nAs you may have heard (and as was mentioned in an earlier article), on recent OpenBSD snapshots we have KARL, which means that the kernel is relinked so each boot comes with a new kernel where all .o files are linked in random order and with random offsets. Theo de Raadt summarized the status in a message to the tech@ mailing list, subject kernel relinking as follows:\n\n5 weeks ago at d2k17 I started work on randomized kernels. I've been having conversations with other developers for nearly 5 years on the topic... but never got off to a good start, probably because I was trying to pawn the work off on others.\nHaving done this, I really had no idea we'd end up where we are today.\nHere are the behaviours:\nThe base set has grown, it now includes a link-kit\nAt install time, a unique kernel is built from this link-kit\nAt upgrade time, a unique kernel is built\nAt boot time, a unique kernel is built and installed for the next boot\nIf someone compiles their own kernel and uses 'make install', the link-kit is also updated, so that the next boot can do the work\nIf a developer cp's a kernel to /, the mechanism dis-engages until a 'make install\" or upgrade is performed in the future. That may help debugging.\nA unique kernel is linked such that the startup assembly code is kept in the same place, followed by randomly-sized gapping, followed by all the other .o files randomly re-organized. As a result the distances between functions and variables are entirely new. An info leak of a pointer will not disclose other pointers or objects. This may also help reduce gadgets on variable-sized architectures, because polymorphism in the instruction stream is damaged by nested offsets changing.\nAt runtime, the kernel can unmap it's startup code. On architectures where an unmap isn't possible due to large-PTE use, the code can be trashed instead.\nI did most of the kernel work on amd64 first, then i386. I explained what needed to be done to visa and patrick, who handled the arm and mips platforms. Then I completed all the rest of the architectures. Some architecture are missing the unmap/trashing of startup code, that's a step we need to get back to.\nThe next part was tricky and I received assistance from tb and rpe. We had to script the behaviours at build time, snapshot time, relink time, boot time, and later on install/upgrade time also.\nWhile they helped, I also worked to create the \"gap.o\" file without use of a C compiler so that relinks can occur without the \"comp\" set installed. This uses the linkscript feature of ld. I don't think anyone has done this before. It is little bit fragile, and the various linkers may need to receive some fixes due to what I've encountered.\nTo ensure this security feature works great in the 6.2 release, please test snapshots. By working well, I mean it should work invisibly, without any glitch such as a broken kernel or anything. If there are ugly glitches we would like to know before the release.\n\nYou heard the man, now is the time to test and get a preview of the new awsomeness that will be in OpenBSD 6.2.\n\n\n\n\nBeastie Bits\n\n\nBeta Undeadly call for testing\nAbsolute FreeBSD 3rd Edition Update\nNew home for the NetBSD repository conversion\nTrueOS unstable Update: 7/14/17\nInterview with George Neville-Neil - President of the FreeBSD Foundation\nLibreSSL 2.5.5, 2.6.0 released\n***\n\n\nFeedback/Questions\n\n\nJason - Byhve VM UEFI woes\nDonald - Several Questions\nDan - Several Questions\nBryson - Jails\n***\n\n\nFinal Note\n\n\nWe’ve decided to do something different for a change of pace and let you the audience interview Allan and Benedict.\nGetting our entire audience live when we record would be a challenge, so instead we want you to send in your questions for Allan and Benedict.\nThis interview is not going to be like our typical support feedback questions.  This is a chance for you, our audience, to ask Allan and Benedict any questions that you’ve been wondering over the years.\nQuestions like… “Of all the conferences you've gone to, what was your favorite and why?”\nWe will answer the questions during a random week during the month of September.  Send all your questions to feedback@bsdnow.tv with the subject of “viewer interview questions”\nWe reserve the right to not answer questions which we feel are inappropriate or trolling.\n***\n","content_html":"\u003cp\u003eThis week on BSD Now, we clear up some ZFS FUD, show you how to write a NetBSD kernel module, and cover DragonflyBSD on the desktop.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.fosketts.net/2017/07/10/zfs-best-filesystem-now/\" rel=\"nofollow\"\u003eZFS is the best file system (for now)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn my ongoing effort to fight misinformation and FUD about ZFS, I would like to go through this post in detail and share my thoughts on the current state and future of OpenZFS.\u003c/li\u003e\n\u003cli\u003eThe post starts with:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eZFS should have been great, but I kind of hate it: ZFS seems to be trapped in the past, before it was sidelined it as the cool storage project of choice; it’s inflexible; it lacks modern flash integration; and it’s not directly supported by most operating systems. But I put all my valuable data on ZFS because it simply offers the best level of data protection in a small office/home office (SOHO) environment. Here’s why.\u003cbr\u003e\nWhen ZFS first appeared in 2005, it was absolutely with the times, but it’s remained stuck there ever since. The ZFS engineers did a lot right when they combined the best features of a volume manager with a “zettabyte-scale” filesystem in Solaris 10\u003cbr\u003e\nThe skies first darkened in 2007, as NetApp sued Sun, claiming that their WAFL patents were infringed by ZFS. Sun counter-sued later that year, and the legal issues dragged on.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe lawsuit was resolved, and it didn’t really impede ZFS. Some say it is the reason that Apple didn’t go with ZFS, but there are other theories too.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBy then, Sun was hitting hard times and Oracle swooped in to purchase the company. This sowed further doubt about the future of ZFS, since Oracle did not enjoy wide support from open source advocates.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYes, Oracle taking over Sun and closing the source for ZFS definitely seemed like a setback at the time, but the OpenZFS project was started and active development has continued as an ever increasing pace. As of today, more than half of the code in OpenZFS has been written since the fork from the last open version of Oracle ZFS.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ethe CDDL license Sun applied to the ZFS code was [\u003ca href=\"https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/%5D(judged\" rel=\"nofollow\"\u003ehttps://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/](judged\u003c/a\u003e incompatible) with the GPLv2 that covers Linux, making it a non-starter for inclusion in the world’s server operating system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThat hasn’t stopped the ZFS-on-Linux project, or Ubuntu…\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlthough OpenSolaris continued after the Oracle acquisition, and FreeBSD embraced ZFS, this was pretty much the extent of its impact outside the enterprise. Sure, NexentaStor and [\u003ca href=\"http://blog.fosketts.net/2008/09/15/greenbytes-embraces-extends-zfs/%5D(GreenBytes)\" rel=\"nofollow\"\u003ehttp://blog.fosketts.net/2008/09/15/greenbytes-embraces-extends-zfs/](GreenBytes)\u003c/a\u003e helped push ZFS forward in the enterprise, but Oracle’s lackluster commitment to Sun in the datacenter started having an impact.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLots of companies have adopted OpenZFS for their products. Before OpenZFS, there were very few non-Sun appliances that used ZFS, now there are plenty.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://open-zfs.org/wiki/Companies\" rel=\"nofollow\"\u003eOpenZFS Wiki: Companies with products based on OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenZFS remains little-changed from what we had a decade ago.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOther than the fact that half of the current code did not exist a decade ago…\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMany remain skeptical of deduplication, which hogs expensive RAM in the best-case scenario.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is one of the weaker points in ZFS. As it turns out, the demand for deduplication is actually not that strong. Most of the win can be had with transparent compression.\u003c/li\u003e\n\u003cli\u003eHowever, there are a number of suggested designs to work around the dedup problems:\n\n\u003cul\u003e\n\u003cli\u003eDedup Ceiling: Set a limit on the side of the DDT and just stop deduping new unique blocks when this limit is reached.\u003c/li\u003e\n\u003cli\u003eAllocation Classes: A feature being developed by Intel for a supercomputer, will allow different types of data to be classified, and dedicated vdevs (or even metaslabs within a vdev), to be dedicated to that class of data. This could be extended to having the DDT live on a fast device like an PCIe NVMe, combined with the Dedup Ceiling when the device is full.\u003c/li\u003e\n\u003cli\u003eDDT Pruning: Matt Ahrens described a design where items in the DDT with only a single reference, would be expired in an LRU type fashion, to allow newer blocks to live in the DDT in hopes that they would end up with more than a single reference. This doesn’t cause bookkeeping problems since when a block is about to be freed, if it is NOT listed in the DDT, ZFS knows it was never deduplicated, so the current block must be the only reference, and it can safely be freed. This provides a best case scenario compared to Dedup Ceiling, since blocks that will deduplicate well, are likely to be written relatively close together, whereas the chance to a dedup match on a very old block is much lower.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd I do mean expensive: Pretty much every ZFS FAQ flatly declares that ECC RAM is a must-have and 8 GB is the bare minimum. In my own experience with FreeNAS, 32 GB is a nice amount for an active small ZFS server, and this costs $200-$300 even at today’s prices.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs we talked about a few weeks ago, ECC is best, but it is not required. If you want your server to stay up for a long time, to be highly available, you’ll put ECC in it. Don’t let a lack of ECC stop you from using ZFS, you are just putting your data at more risk. The scrub of death is a myth.\u003c/li\u003e\n\u003cli\u003eZFS does not ‘require’ lots of ram. Your NAS will work happily with 8 GB instead of 32 GB of RAM. Its cache hit ratio will be much lower, so performance will be worse. It won’t be able to buffer as many writes, so performance will be worse.\u003c/li\u003e\n\u003cli\u003eCopy-on-Write has some drawbacks, data tends to get scattered and fragmented across the drives when it is written gradually. The ARC (RAM Cache) lessens the pain of this, and allows ZFS to batch incoming writes up into nice contiguous writes. ZFS purposely alternates between reading and writing, since both are faster when the other is not happening. So writes are batched up until there is too much dirty data, or the timeout expires. Then reads are held off while the bulk linear write finishes as quickly as possible, and reads are resumed.\u003c/li\u003e\n\u003cli\u003eObviously all of this works better and more efficiently in larger batches, which you can do if you have more RAM.\u003c/li\u003e\n\u003cli\u003eZFS can be tuned to use less RAM, and if you do not have a lot of RAM, or you have a lot of other demand on your RAM, you should do that tuning.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnd ZFS never really adapted to today’s world of widely-available flash storage: Although flash can be used to support the ZIL and L2ARC caches, these are of dubious value in a system with sufficient RAM, and ZFS has no true hybrid storage capability. It’s laughable that the ZFS documentation obsesses over a few GB of SLC flash when multi-TB 3D NAND drives are on the market. And no one is talking about NVMe even though it’s everywhere in performance PC’s.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMake up your mind, is 32GB of ram too expensive or not…\u003c/li\u003e\n\u003cli\u003ethe L2ARC exists specifically for the case where it is not possible to just install more RAM. Be it because there are no more slots, of limits of the processor, or limits of your budget.\u003c/li\u003e\n\u003cli\u003eThe SLOG is optional, but it never needs to be very big. A number of GBs of SLC flash is all you need, it is only holding writes that have not been flushed to the regular storage devices yet. The reason the documentation talks about SLC specifically is because your SLOG needs a very high write endurance, something never the newest NVMe devices cannot yet provide. \u003c/li\u003e\n\u003cli\u003eOf course you can use NVMe devices with ZFS, lots of people do. All flash ZFS arrays are for sale right now. Other than maybe a little tuning of the device queue depths, ZFS just works and there is nothing to think about.\u003c/li\u003e\n\u003cli\u003eHowever, to say there is nothing happening in this space is woefully inaccurate.\u003c/li\u003e\n\u003cli\u003eThe previously mentioned allocation classes code can be used to allocate metadata (4 KB blocks) on SSD or NVMe, while allocating bulk storage data (up to 16 MB blocks) on spinning disks. Extended a bit beyond what Intel is building for their super computer, this will basically create hybrid storage for ZFS.\u003c/li\u003e\n\u003cli\u003eWith the metaslab classes feature, it will even be possible to mix classes on the same device, grouping small allocations and large allocations in different areas, decreasing fragmentation.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen there’s the question of flexibility, or lack thereof. Once you build a ZFS volume, it’s pretty much fixed for life. There are only three ways to expand a storage pool:\u003c/p\u003e\n\n\u003col\u003e\n\u003cli\u003eReplace each and every drive in the pool with a larger one (which is great but limiting and expensive)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt depends on your pool layout. If you design with this in mind using ZFS Mirrors, it can be quite useful\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003col\u003e\n\u003cli\u003eAdd a stripe on another set of drives (which can lead to imbalanced performance and redundancy and a whole world of potential stupid stuff)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe unbalanced LUNs performance issues were sorted out in 2013-2016. \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://open-zfs.org/w/images/3/31/Performance-George_Wilson.pdf\" rel=\"nofollow\"\u003e2014: OpenZFS Allocation Performance \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdcan.org/2016/schedule/events/710.en.html\" rel=\"nofollow\"\u003e2016: OpenZFS space allocation: doubling performance on large and fragmented pools\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThese also mostly solved the performance issues when a pool gets full, you can run a lot closer to the edge now\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003col\u003e\n\u003cli\u003eBuild a new pool and “zfs send” your datasets to it (which is what I do, even though it’s kind of tricky)\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is one way to do it, yes.\u003c/li\u003e\n\u003cli\u003eThere is another way coming, but I can’t talk about it just yet. Look for big news later this year.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eApart from option 3 above, you can’t shrink a ZFS pool.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDevice removal is arriving now. It will not work for RAIDZ*, but for Mirrors and Stripes you will be able to remove a device.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve probably made ZFS sound pretty unappealing right about now. It was revolutionary but now it’s startlingly limiting and out of touch with the present solid-state-dominated storage world.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI don’t feel like ZFS is out of touch with solid state. Lots of people are running SSD only pools. I will admit the tiered storage options in ZFS are a bit limited still, but there is a lot of work being done to overcome this.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter all, reliably storing data is the only thing a storage system really has to do. All my important data goes on ZFS, from photos to music and movies to office files. It’s going to be a long time before I trust anything other than ZFS!\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eI agree.\u003c/li\u003e\n\u003cli\u003eZFS has a great track record of doing its most important job, keeping your data safe.\u003c/li\u003e\n\u003cli\u003eWork is ongoing to make ZFS more performance, and more flexible. The import thing is that this work is never allowed to compromise job #1, keeping your data safe.\u003c/li\u003e\n\u003cli\u003eHybrid/tiered storage features, re-RAID-ing, are coming\u003c/li\u003e\n\u003cli\u003eThere is a lot going on with OpenZFS, check out the notes from the last two OpenZFS Developer Summits just to get an idea of what some of those things are: \u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ca href=\"http://open-zfs.org/wiki/OpenZFS_Developer_Summit_2015\" rel=\"nofollow\"\u003e2015\u003c/a\u003e \u0026amp; \u003ca href=\"http://open-zfs.org/wiki/OpenZFS_Developer_Summit_2016\" rel=\"nofollow\"\u003e2016\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eSome highlights:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCompressed ARC\u003c/li\u003e\n\u003cli\u003eCompressed send/recv\u003c/li\u003e\n\u003cli\u003eABD (arc buf scatter/gather)\u003c/li\u003e\n\u003cli\u003eZFS Native Encryption (scrub/resilver, send/recv, etc without encryption keys loaded)\u003c/li\u003e\n\u003cli\u003eChannel Programs (do many administrative operations as one atomic transaction)\u003c/li\u003e\n\u003cli\u003eDevice Removal\u003c/li\u003e\n\u003cli\u003eRedacted send/recv\u003c/li\u003e\n\u003cli\u003eZStandard Compression\u003c/li\u003e\n\u003cli\u003eTRIM Support (FreeBSD has its own, but this will be more performant and universal)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/SZFwv8BdBj4\" rel=\"nofollow\"\u003eFaster Scrub/Resilver\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/MxKohtFSB4M\" rel=\"nofollow\"\u003eDeclustered RAID\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/28fKiTWb2oM\" rel=\"nofollow\"\u003eAllocation Classes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMulti-mount protection (for Active/Passive failover)\u003c/li\u003e\n\u003cli\u003eZpool Checkpoint (undo almost anything)\u003c/li\u003e\n\u003cli\u003eEven more Improved Allocator Performance\u003c/li\u003e\n\u003cli\u003evdev spacemap log\u003c/li\u003e\n\u003cli\u003eZIL performance improvements (w/ or w/o SLOG)\u003c/li\u003e\n\u003cli\u003ePersistent L2ARC\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWhat I don’t think the author of this article understands is how far behind every other filesystem is. 100s of Engineer years have gone into OpenZFS, and the pace is accelerating. I don’t see how BtrFS can ever catch up, without a huge cash infusion.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://saurvs.github.io/post/writing-netbsd-kern-mod/\" rel=\"nofollow\"\u003eWriting a NetBSD kernel module\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKernel modules are object files used to extend an operating system’s kernel functionality at run time.\u003cbr\u003e\nIn this post, we’ll look at implementing a simple character device driver as a kernel module in NetBSD. Once it is loaded, userspace processes will be able to write an arbitrary byte string to the device, and on every successive read expect a cryptographically-secure pseudorandom permutation of the original byte string.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou will need the NetBSD Source Code.\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.netbsd.org/docs/guide/en/chap-fetch.html\" rel=\"nofollow\"\u003eThis doc\u003c/a\u003e will explain how you can get it.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe article gives an easy line by line walkthrough which is easy to follow and understand.\u003c/li\u003e\n\u003cli\u003eThe driver implements the bare minimum: open, close, read, and write, plus the module initialization function\u003c/li\u003e\n\u003cli\u003eIt explains the differences in how memory is allocated and freed in the kernel\u003c/li\u003e\n\u003cli\u003eIt also describes the process of using UIO to copy data back and forth between userspace and the kernel\u003c/li\u003e\n\u003cli\u003eCreate a Makefile, and compile the kernel module\u003c/li\u003e\n\u003cli\u003eThen, create a simple userspace program to use the character device that the kernel module creates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/saurvs/rperm-netbsd\" rel=\"nofollow\"\u003eAll the code is available here\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2017/07/11/dragonflybsd-desktop/\" rel=\"nofollow\"\u003eDragonFlyBSD Desktop!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you read my \u003ca href=\"https://functionallyparanoid.com/2017/06/30/boot-all-the-things/\" rel=\"nofollow\"\u003elast post\u003c/a\u003e, you know that I set up a machine (Thinkpad x230) with UEFI and four operating systems on it.  One, I had no experience with – DragonFlyBSD (other than using Matthew Dillon’s C compiler for the Amiga back in the day!) and so it was uncharted territory for me.  After getting the install working, I started playing around inside of DragonFlyBSD and discovered to my delight that it was a great operating system with some really unique features – all with that BSD commitment to good documentation and a solid coupling of kernel and userland that doesn’t exist (by design) in Linux.\u003cbr\u003e\nSo my goal for my DragonFlyBSD desktop experience was to be as BSD as I possibly could.  Given that (and since I’m the maintainer of the port on OpenBSD \u003cgrin\u003e), I went with Lumina as the desktop environment and XDM as the graphical login manager.  I have to confess that I really like the xfce terminal application so I wanted to make sure I had that as well.  Toss in Firefox, libreOffice and ownCloud sync client and I’m good to go!\u003cbr\u003e\nOK.  So where to start.  First, we need to get WiFi and wired networking happening for the console at login.  To do that, I added the following to /etc/rc.conf:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003ewlans_iwn0=”wlan0″\nifconfig_wlan0=”WPA DHCP”\nifconfig_em0=”DHCP”\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eI then edited /etc/wpa_supplicant.conf to put in the details of my WiFi network:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003enetwork={\nssid=”MY-NETWORK-NAME”\npsk=”my-super-secret-password”\n}\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eA quick reboot showed that both wired and wireless networking were functional and automatically were assigned IP addresses via DHCP.  Next up is to try getting into X with whatever DragonFlyBSD uses for its default window manager.  A straight up “startx” met with, shall we say, less than stellar results.  Therefore, I used the following command to generate a simple /etc/X11/xorg.conf file:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026amp;#35; Xorg -configure\n\u0026amp;#35; cp /root/xorg.conf.new /etc/X11/xorg.conf\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eWith that file in place, I could get into the default window manager, but I had no mouse.  After some searching and pinging folks on the mailing list, I was able to figure out what I needed to do.  I added the following to my /etc/rc.conf file:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003emoused_enable=”YES”\nmoused_type=”auto”\nmoused_port=”/dev/psm0″\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eI rebooted (I’m sure there is an easier way to get the changes but I don’t know it… yet) and was able to get into a basic X session and have a functional mouse.  Next up, installing and configuring Lumina!  To do that, I went through the incredibly torturous process of installing Lumina:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# pkg install lumina\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWow!  That was really, really hard.  I might need to pause here to catch my breath. 🙂\u003c/p\u003e\n\n\u003cp\u003eNext up, jumping into Lumina from the console.  To do that, I created a .xinitrc file in my home directory with the following:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eexec start-lumina-desktop\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFrom there, I could “startx” until my heart was content and bounce into Lumina.  That wasn’t good enough though!  I want a graphical login (specifically xdm).  To do that, I had to do a little research.  The trick on DragonFlyBSD is not to add anything to /etc/rc.conf like you do in other BSDs, it’s a bit more old school.  Basically you need to edit the /etc/ttys file and update ttyv8 to turn on the xdm daemon:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ettyv8    “/usr/X11R6/bin/xdm -nodaemon”    xterm    on    secure\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe other thing you need to do is set it up to use your desktop environment of choice.  In my case, that’s Lumina.  To do that, I needed to edit /usr/local/lib/X11/xdm/Xsession and change the next to the last line in the file to launch Lumina:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eexec /usr/local/bin/start-lumina-desktop\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI then crossed my fingers, rebooted and lo and behold had a graphical login that, when I actually didn’t fat finger my password from excitement, put me into the Lumina desktop environment!\u003cbr\u003e\nNext up – I need a cool desktop wallpaper.  Of course that’s way more important that installing application or other stuff!  After some searching, I found this one that met my needs.  I downloaded it to a local ~/Pictures directory and then used the Lumina wallpaper preference application to add the directory containing the picture and set it to automatic layout.  Voila!  I had a cool DragonFlyBSD wallpaper.\u003cbr\u003e\nNext I installed the xfce4 terminal program by doing:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# pkg install xfce4-terminal\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI then went into the Lumina “All Desktop Settings” preferences, found the applet for the “Menu” under “Interface Configuration” and swapped out “terminal” for “Xfce Terminal”.  I then configured Lumina further to have a 26 pixel thick, 99% length bottom center panel with the following gadgets in it (in this order):\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eStart Menu\nTask Manager (No Groups)\nSpacer\nSystem Tray\nTime/Date\nBattery Monitor\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eI then went into my Appearance | Window Manager gadget and set my Window Theme to “bora_blue” (my favorite out of the defaults supplied).  I then installed my remaining applications that I needed in order to have a functioning desktop:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003e# pkg install owncloudclient qtkeychain evolution evolution-ews firefox libreoffice\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter that, I really had a nicely functioning desktop environment!  By the way, the performance of DragonFlyBSD is pretty impressive in terms of its day to day usage.  Keep in mind I’m not doing any official benchmarking or anything, but it sure feels to me to be just as fast (if not faster) than OpenBSD and FreeBSD.  I know that the kernel team has done a lot to unlock things (which FreeBSD has done and we are starting to do on OpenBSD) so perhaps I can attribute the “snappiness” to that?\u003cbr\u003e\nAs you can see, although there isn’t as much documentation on the Internet for this BSD, you can get a really nice, functional desktop out of it with some simple (and intuitive) configuration.  I’m really looking forward to living in this system for a while and learning about it.  Probably the first thing I’ll do is ring up the port maintainer for Lumina and see if we can’t collaborate on getting Lumina 1.3 moved over to it!  Give this one a try – I think you’ll find that its a very nice operating system with some very cool features (the HAMMER filesystem for one!).\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/porting_netbsd_to_allwinner_h3\" rel=\"nofollow\"\u003ePorting NetBSD to Alwinner H3 SoCs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJared McNeill writes on the the NetBSD blog:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA new SUNXI evbarm kernel has appeared recently in NetBSD -current with support for boards based on the Allwinner H3 system on a chip (SoC). The H3 SoC is a quad-core Cortex-A7 SoC designed primarily for set-top boxes, but has managed to find its way into many single-board computers (SBC). This is one of the first evbarm ports built from the ground up with device tree support, which helps us to use a single kernel config to support many different boards.\u003cbr\u003e\nTo get these boards up and running, first we need to deal with low-level startup code. For the SUNXI kernel this currently lives in sys/arch/evbarm/sunxi/. The purpose of this code is fairly simple; initialize the boot CPU and initialize the MMU so we can jump to the kernel. The initial MMU configuration needs to cover a few things -- early on we need to be able to access the kernel, UART debug console, and the device tree blob (DTB) passed in from U-Boot. We wrap the kernel in a U-Boot header that claims to be a Linux kernel; this is no accident! This tells U-Boot to use the Linux boot protocol when loading the kernel, which ensures that the DTB (loaded by U-Boot) is processed and passed to us in r2.\u003cbr\u003e\nOnce the CPU and MMU are ready, we jump to the generic ARM FDT implementation of initarm in sys/arch/evbarm/fdt/fdt_machdep.c. The first thing this code does is validate and relocate the DTB data. After it has been relocated, we compare the compatible property of the root node in the device tree with the list of ARM platforms compiled into the kernel. The Allwinner sunxi platform code lives in sys/arch/arm/sunxi/sunxi_platform.c. The sunxi platform code provides SoC-specific versions of code needed early at boot. We need to know how to initialize the debug console, spin up application CPUs, reset the board, etc.\u003cbr\u003e\nWith a bit of luck, we\u0026#39;re now booting and enumerating devices. Apart from a few devices, almost nothing works yet as we are missing a driver for the CCU. The CCU in the Allwinner H3 SoC controls PLLs and most of the clock generation, division, muxing, and gating. Since there are many similarities between Allwinner SoCs, I opted to write generic CCU code and then SoC-specific frontends. The resulting code lives in sys/arch/arm/sunxi/; generic code as sunxi_ccu.c and H3-specific code in sun8i_h3_ccu.c.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eJared has more information about porting and also provides a boot log.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/community-spotlight/\" rel=\"nofollow\"\u003eTrueOS Community Spotlight: Reset ZFS Replication using the command line\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe’d like to spotlight TrueOS community member Brad Alexander for documenting his experience repairing ZFS dataset replication with TrueOS. Thank you! His notes are posted here, and they’ve been added to the TrueOS handbook Troubleshooting section for later reference.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOriginal indications\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe SysAdm Client tray icon was pulsing red. Right-clicking on the icon and clicking Messages would show the message:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003eFAILED replication task on NCC74602 -\u0026gt; 192.168.47.20: LOGFILE: /var/log/lpreserver/lpreserver_failed.log\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e/var/log/lpreserver/lastrep-send.log shows very little information:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003esend from @auto-2017-07-12-01-00-00 to NCC74602/ROOT/12.0-CURRENT-up-20170623_120331@auto-2017-07-14-01-00-00\ntotal estimated size is 0\nTIME        SENT    SNAPSHOT\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eAnd no useful errors were being written to the lpreserver_failed.log.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRepairing replication\n\n\u003cul\u003e\n\u003cli\u003eFirst attempt:\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first approach I tried was to use the Sysadm Client:\u003cbr\u003e\nI clicked on the dataset in question, then clicked Initialize. After waiting a few minutes, I clicked Start. I was immediately rewarded with a pulsing red icon in the system tray and received the same messages as above.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSecond attempt:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI was working with, and want to specially thank @RodMyers and @NorwegianRockCat. They suggested I use the lpreserver command line. So I issued these commands:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003esudo lpreserver replicate init NCC74602 192.168.47.20\nsudo lpreserver replicate run NCC74602 192.168.47.20\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eUnfortunately, the replication failed again. I got these messages in the logs:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003eFri Jul 14 09:03:34 EDT 2017: Removing NX80101/archive/yukon.sonsofthunder.nanobit.org/ROOT - re-created locally\ncannot unmount \u0026#39;/mnt/NX80101/archive/yukon.sonsofthunder.nanobit.org/ROOT\u0026#39;: Operation not permitted\nFailed creating remote dataset!\ncannot create \u0026#39;NX80101/archive/yukon.sonsofthunder.nanobit.org/ROOT\u0026#39;: dataset already exists\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eIt turned out there were a number of children. I logged into luna (the FreeNAS) and issued this command as root: \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e\u003ccode\u003ezfs destroy -r NX80101/archive/defiant.sonsofthunder.nanobit.org\u003c/code\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI then ran the replicate init and replicate run commands again from the TrueOS host, and replication worked! It has continued to work too, at least until the next fiddly bit breaks.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170701170044\" rel=\"nofollow\"\u003eKernel relinking status from Theo de Raadt\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs you may have heard (and as was mentioned in an earlier article), on recent OpenBSD snapshots we have KARL, which means that the kernel is relinked so each boot comes with a new kernel where all .o files are linked in random order and with random offsets. Theo de Raadt summarized the status in a message to the tech@ mailing list, subject kernel relinking as follows:\u003c/p\u003e\n\n\u003cp\u003e5 weeks ago at d2k17 I started work on randomized kernels. I\u0026#39;ve been having conversations with other developers for nearly 5 years on the topic... but never got off to a good start, probably because I was trying to pawn the work off on others.\u003cbr\u003e\nHaving done this, I really had no idea we\u0026#39;d end up where we are today.\u003cbr\u003e\nHere are the behaviours:\u003cbr\u003e\nThe base set has grown, it now includes a link-kit\u003cbr\u003e\nAt install time, a unique kernel is built from this link-kit\u003cbr\u003e\nAt upgrade time, a unique kernel is built\u003cbr\u003e\nAt boot time, a unique kernel is built and installed for the next boot\u003cbr\u003e\nIf someone compiles their own kernel and uses \u0026#39;make install\u0026#39;, the link-kit is also updated, so that the next boot can do the work\u003cbr\u003e\nIf a developer cp\u0026#39;s a kernel to /, the mechanism dis-engages until a \u0026#39;make install\u0026quot; or upgrade is performed in the future. That may help debugging.\u003cbr\u003e\nA unique kernel is linked such that the startup assembly code is kept in the same place, followed by randomly-sized gapping, followed by all the other .o files randomly re-organized. As a result the distances between functions and variables are entirely new. An info leak of a pointer will not disclose other pointers or objects. This may also help reduce gadgets on variable-sized architectures, because polymorphism in the instruction stream is damaged by nested offsets changing.\u003cbr\u003e\nAt runtime, the kernel can unmap it\u0026#39;s startup code. On architectures where an unmap isn\u0026#39;t possible due to large-PTE use, the code can be trashed instead.\u003cbr\u003e\nI did most of the kernel work on amd64 first, then i386. I explained what needed to be done to visa and patrick, who handled the arm and mips platforms. Then I completed all the rest of the architectures. Some architecture are missing the unmap/trashing of startup code, that\u0026#39;s a step we need to get back to.\u003cbr\u003e\nThe next part was tricky and I received assistance from tb and rpe. We had to script the behaviours at build time, snapshot time, relink time, boot time, and later on install/upgrade time also.\u003cbr\u003e\nWhile they helped, I also worked to create the \u0026quot;gap.o\u0026quot; file without use of a C compiler so that relinks can occur without the \u0026quot;comp\u0026quot; set installed. This uses the linkscript feature of ld. I don\u0026#39;t think anyone has done this before. It is little bit fragile, and the various linkers may need to receive some fixes due to what I\u0026#39;ve encountered.\u003cbr\u003e\nTo ensure this security feature works great in the 6.2 release, please test snapshots. By working well, I mean it should work invisibly, without any glitch such as a broken kernel or anything. If there are ugly glitches we would like to know before the release.\u003c/p\u003e\n\n\u003cp\u003eYou heard the man, now is the time to test and get a preview of the new awsomeness that will be in OpenBSD 6.2.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170704122507\" rel=\"nofollow\"\u003eBeta Undeadly call for testing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2972\" rel=\"nofollow\"\u003eAbsolute FreeBSD 3rd Edition Update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/tech-repository/2017/06/10/msg000637.html\" rel=\"nofollow\"\u003eNew home for the NetBSD repository conversion\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/trueos-unstable-update-71417/\" rel=\"nofollow\"\u003eTrueOS unstable Update: 7/14/17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.mappingthejourney.com/single-post/2017/07/06/Episode-4-Interview-with-George-Neville-Neil-President-of-FreeBSD\" rel=\"nofollow\"\u003eInterview with George Neville-Neil - President of the FreeBSD Foundation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=149993703415746\" rel=\"nofollow\"\u003eLibreSSL 2.5.5, 2.6.0 released\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/30EY7GZ#wrap\" rel=\"nofollow\"\u003eJason - Byhve VM UEFI woes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/39X6YSQ#wrap\" rel=\"nofollow\"\u003eDonald - Several Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3B50ZRV#wrap\" rel=\"nofollow\"\u003eDan - Several Questions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/08C43XN#wrap\" rel=\"nofollow\"\u003eBryson - Jails\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFinal Note\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve decided to do something different for a change of pace and let you the audience interview Allan and Benedict.\u003c/li\u003e\n\u003cli\u003eGetting our entire audience live when we record would be a challenge, so instead we want you to send in your questions for Allan and Benedict.\u003c/li\u003e\n\u003cli\u003eThis interview is not going to be like our typical support feedback questions.  This is a chance for you, our audience, to ask Allan and Benedict any questions that you’ve been wondering over the years.\u003c/li\u003e\n\u003cli\u003eQuestions like… “Of all the conferences you\u0026#39;ve gone to, what was your favorite and why?”\u003c/li\u003e\n\u003cli\u003eWe will answer the questions during a random week during the month of September.  Send all your questions to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e with the subject of “viewer interview questions”\u003c/li\u003e\n\u003cli\u003eWe reserve the right to not answer questions which we feel are inappropriate or trolling.\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSD Now, we clear up some ZFS FUD, show you how to write a NetBSD kernel module, and cover DragonflyBSD on the desktop.","date_published":"2017-07-19T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f352fe58-6e6c-4354-80fa-35e2224efc5f.mp3","mime_type":"audio/mpeg","size_in_bytes":84263188,"duration_in_seconds":7021}]},{"id":"9e615fd7-665a-44b7-af45-95315901cc96","title":"202: Brokering Bind","url":"https://www.bsdnow.tv/202","content_text":"We look at an OpenBSD setup on a new laptop, revel in BSDCan trip reports, and visit daemons and friendly ninjas.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD and the modern laptop\n\n\nPeter Hansteen has a new blog post about OpenBSD on laptops:\n\n\n\nDid you think that OpenBSD is suitable only for firewalls and high-security servers? Think again. Here are my steps to transform a modern mid to high range laptop into a useful Unix workstation with OpenBSD.\nOne thing that never ceases to amaze me is that whenever I'm out and about with my primary laptop at conferences and elsewhere geeks gather, a significant subset of the people I meet have a hard time believing that my laptop runs OpenBSD, and that it's the only system installed.\nand then it takes a bit of demonstrating that yes, the graphics runs with the best available resolution the hardware can offer, the wireless network is functional, suspend and resume does work, and so forth. And of course, yes, I do use that system when writing books and articles too. Apparently heavy users of other free operating systems do not always run them on their primary workstations.\n\n\n\nPeter goes on to describe the laptops he’s had over the years (all running OpenBSD) and after BSDCan 2017, he needed a new one due to cracks in the display.\n\n\n\nSo the time came to shop around for a replacement. After a bit of shopping around I came back to Multicom, a small computers and parts supplier outfit in rural Åmli in southern Norway, the same place I had sourced the previous one.\nOne of the things that attracted me to that particular shop and their own-branded offerings is that they will let you buy those computers with no operating system installed. That is of course what you want to do when you source your operating system separately, as we OpenBSD users tend to do.\nThe last time around I had gone for a \"Thin and lightweight\" 14 inch model (Thickness 20mm, weight 2.0kg) with 16GB RAM, 240GB SSD for system disk and 1TB HD for /home (since swapped out for a same-size SSD, as the dmesg will show). \nThree years later, the rough equivalent with some added oomph for me to stay comfortable for some years to come ended me with a 13.3 inch model, 18mm and advertised as 1.3kg (but actually weighing in at 1.5kg, possibly due to extra components), 32GB RAM, 512GB SSD and 2TB harddisk. For now the specification can be viewed online here (the site language is Norwegian, but product names and units of measure are not in fact different).\nThe OpenBSD installer is a wonder of straightforward, no-nonsense simplicity that simply gets the job done. Even so, if you are not yet familiar with OpenBSD, it is worth spending some time reading the OpenBSD FAQ's installation guidelines and the INSTALL.platform file (in our case, INSTALL.amd64) to familiarize yourself with the procedure. If you're following this article to the letter and will be installing a snapshot, it is worth reading the notes on following -current too.\nThe main hurdle back when I was installing the 2014-vintage 14\" model was getting the system to consider the SSD which showed up as sd1 the automatic choice for booting (I solved that by removing the MBR, setting the size of the MBR on the hard drive that showed up as sd0 to 0 and enlarging the OpenBSD part to fill the entire drive).\n\n\nHe goes on to explain the choices he made in the installer and settings made after the reboot to set up his work environment. Peter closes with:\nIf you have any questions on running OpenBSD as a primary working environment, I'm generally happy to answer but in almost all cases I would prefer that you use the mailing lists such as misc@openbsd.org or the OpenBSD Facebook group so the question and hopefully useful answers become available to the general public. Browsing the slides for my recent OpenBSD and you user group talk might be beneficial if you're not yet familiar with the system. And of course, comments on this article are welcome.\n***\n\n\n\nBSDCan 2017 Trip Report: Roller Angel\n\n\nWe could put this into next week’s show, because we have another trip report already that’s quite long.\n\n\n\nAfter dropping off my luggage, I headed straight over to the Goat BoF which took place at The Royal Oak. There were already a number of people there engaged in conversation with food and drink. I sat down at a table and was delighted that the people sitting with me were also into the BSD’s and were happy to talk about it the whole time. I felt right at home from the start as people were very nice to me, and were interested in what I was working on. I honestly didn’t know that I would fit in so well.\nI had a preconceived notion that people may be a bit hard to approach as they are famous and so technically advanced. At first, people seemed to only be working in smaller circles. Once you get more familiar with the faces, you realize that these circles don’t always contain the same people and that they are just people talking about specific topics. I found that it was easy to participate in the conversation and also found out that people are happy to get your feedback on the subject as well.\nI was actually surprised how easily I got along with everyone and how included I felt in the activities. I volunteered to help wherever possible and got to work on the video crew that recorded the audio and slides of the talks. The people at BSDCan are incredibly easy to talk to, are actually interested in what you’re doing with BSD, and what they can do to help. It’s nice to feel welcome in the community. It’s like going home. Dan mentioned in his welcome on the first day of BSDCan that the conference is like home for many in the community.\n\n\n\nThe trip report is very detailed and chronicles the two days of the developer summit, and the two days of the conference\n\n\n\nThere was some discussion about a new code of conduct by Benno Rice who mentioned that people are welcome to join a body of people that is forming that helps work out issues related to code of conduct and forwards their recommendations on to core. Next, Allan introduced the idea of creating a process for formally discussing big project changes or similar discussions that is going to be known as FCP or FreeBSD Community Proposal. In Python we have the Python Enhancement Proposal or PEP which is very similar to the idea of FCP. I thought this idea is a great step for FreeBSD to be implementing as it has been a great thing for Python to have.\nThere was some discussion about taking non-code contributions from people and how to recognize those people in the project. There was a suggestion to have a FreeBSD Member status created that can be given to people whose non-code contributions are valuable to the project. This idea seemed to be on a lot of people’s minds as something that should be in place soon. The junior jobs on the FreeBSD Wiki were also brought up as a great place to look for ideas on how to get involved in contributing to FreeBSD.\n\n\n\nRoller wasted no time, and started contributing to EdgeBSD at the conference.\n\n\n\nOn the first day of BSDCan I arrived at the conference early to coordinate with the team that records the talks. We selected the rooms that each of us would be in to do the recording and set up a group chat via WhatsApp for coordination.\n\n\n\nThanks to Roller, Patrick McAvoy, Calvin Hendryx-Parker, and all of the others who volunteered their time to run the video and streaming production at BSDCan, as well as all others who volunteered, even if it was just to carry a box. BSDCan couldn’t happen without the army of volunteers.\n\n\n\nAfter the doc lounge, I visited the Hacker Lounge. There were already several tables full of people talking and working on various projects. In fact, there was a larger group of people who were collaborating on the new libtrue library that seemed to be having a great time. I did a little socializing and then got on my laptop and did some more work on the documentation using my new skills. I really enjoyed having a hacker lounge to go to at night.\nI want to give a big thank you to the FreeBSD Foundation for approving my travel grant. It was a great experience to meet the community and participate in discussions. I’m very grateful that I was able to attend my first BSDCan. After visiting the doc lounge a few times, I managed to get comfortable using the tools required to edit the documentation. By the end of the conference, I had submitted two documentation patches to the FreeBSD Bugzilla with several patches still in progress. Prior to the conference I expected that I would be spending a lot of time working on my Onion Omega and Edge Router Lite projects that I had with me, but I actually found that there was always something fun going on that I would rather do or work on. I can always work on those projects at home anyway. I had a good time working with the FreeBSD community and will continue working with them by editing the documentation and working with Bugzilla.\n\n\n\nOne of the things I enjoy about these trip reports is when they help convince other people to make the trip to their first conference. Hopefully by sharing their experience, it will convince you to come to the next conference:\n\n\nvBSDCon in Virginia, USA: Sept 7-9\nEuroBSDCon in Paris, France: Sept 21-24\nBSDTW in Taipei, Taiwan: November 11-12 (CFP ends July 31st)\n***\n\n\n\nBSDCan 2017 - Trip report double-p\n\n\nPrologue\n\n\n\nMost overheard in Tokyo was \"see you in Ottawaaaaah\", so with additional \"personal item\" being Groff I returned home to plan the trip to BSDCan.\nDan was very helpful with getting all the preparations (immigration handling), thanks for that. Before I could start, I had to fix something: the handling of the goat. With a nicely created harness, I could just hang it along my backpack.\nDone that it went to the airport of Hamburg and check-in for an itinerary of HAM-MUC-YUL. While the feeder leg was a common thing, boarding to YUL was great - cabin-crew likes Groff :)\nArriving in Montreal was like entering a Monsoon zone or something, sad! After the night the weather was still rain-ish but improving and i shuttled to Dorval VIARail station to take me to Ottawa (ever avoid AirCanada, right?). Train was late, but the conductor (or so) was nice to talk to - and wanted to know about Groff's facebook page :-P.\nPicking a cab in Ottawa to take me to \"Residence\" was easy at first - just that it was the wrong one. Actually my fault and so I had a \"nice, short\" walk to the actual one in the rain with wrong directions. Eventually I made it and after unpacking, refreshment it was time to hit the Goat BOF!\n\n\n\nDay 1\n\n\n\nSince this was my first BSDCan I didnt exactly knew what to expect from this BOF. But it was like, we (Keeper, Dan, Allan, ..) would talk about \"who's next\" and things like that. How mistaken I was :). Besides the sheer amount of BSD people entering the not-so-yuuge Oak some Dexter sneaked in camouflage. The name-giver got a proper position to oversee the mess and I was glad I did not leave him behind after almost too many Creemores.\n\n\n\nDay 2\n\n\n\nSomething happened it's crystal blue on the \"roof\" and sun is trying its best to wake me up. To start the day, I pick breakfast at 'Father+Sons' - I can really recommend that. Very nice home made fries (almost hashbrowns) and fast delivery! Stuffed up I trott along to get to phessler's tutorial about BGP-for-sysadmins-and-developers.\nPeter did a great job, but the \"lab\" couldn't happen, since - oh surprise - the wifi was sluggish as hell. Must love the first day on a conference every time.\nWent to Hackroom in U90 afterwards, just to fix stuff \"at home\". IPsec giving pains again.\nTime to pick food+beer afterwards and since it's so easy to reach, we went to the Oak again. Having a nice backyard patio experience it was about time to meet new people. Cheers to Tom, Aaron, Nick, Philip and some more, we'd an awesome night there. I also invited some not-really-computer local I know by other means who was completly overwhelmed by what kind of \"nerds\" gather around BSD. He planned to stay \"a beer\" - and it was rather some more and six hours. Looks like \"we\" made some impression on him :).\n\n\n\nDay 3\n\n\n\nEasy day, no tutorials at hand, so first picking up breakfast at F+S again and moving to hackroom in U90. Since I promised phessler to help with an localized lab-setup, I started to hack on a quick vagrant/ansible setup to mimic his BGP-lab and went quickly through most of it. Plus some more IPsec debugging and finally fixing it, we went early in the general direction of the Red Lion to pick our registration pack.\nBut before that could happen it was called to have shawarma at 3brothers along. Given a tight hangover it wasn't the brightest idea to order a poutine m-(. Might be great the other day, it wasn't for me at the very time and had to throw away most of it :(. Eventually passing on to the Red Lion I made the next failure with just running into the pub - please stay at the front desk until \"seated\". I never get used to this concept.\nSo after being \"properly\" seated, we take our beers and the registration can commence after we had half of it. So I register myself; btw it's a great idea to grant \"not needed\" stuff to charity. So dont pick \"just because\", think about it if you really need this or that gadget.\nThen I register Groff - he really needs badges - just to have Dru coming back to me some minutes later one to hand me the badge for Henning. That's just \"amazing\"; I dont know IF i want to break this vicious circle the other day, since it's so funny.\nTalked to Theo about the ongoing IPsec problems and he taught me about utrace(2) which looks \"complicated\" but might be an end of the story the other day. Also had a nice talk to Peter (H.) about some other ideas along books.\nBTW, did I pay for ongoing beers? I think Tom did - what a guy :).\nArriving at the Residence, I had to find my bathroom door locked (special thing).. crazy thing is they dont have a master key at the venue, but to have to call in one from elsewhere.\nShort night shortened by another 30minutes :(.\n\n\n\nDay 4\n\n\n\nWeather is improving into beach+sun levels - and it's Conference Day! The opening keynote from Geist was very interesting (\"citation needed\"). Afterwards I went to zfs-over-ssh, nothing really new (sorry Allan). But then Jason had a super interesting talk on how about to apply BSD for the health-care system in Australia. I hope I can help him with the last bits (rdomain!) in the end.\nWhile lunch I tried to recall my memories about utrace(2) while talking to Theo.\nThen it was about to present my talk and I think it was well perceipted. One \"not so good\" feedback was about not taking the audience more into account. I think I was asking every other five slides or so - but, well. The general feedback (in spoken terms) was quite good. I was a bit \"confused\" and I did likely a better job in Tokyo, but well.\nHappened we ended up in the Oak again.. thanks to mwl, shirkdog, sng, pitrh, kurtm for having me there :)\n\n\n\nDay 5\n\n\n\nWhile the weather had to decide \"what next\", I rushed to the venue just to gather Reyk's talk about vmd(8). Afterwards it was MSTP from Paeps which was very interesting and we (OpenBSD) should look into it. Then happened BUG BOF and I invite all \"coastal Germans\" to cbug.de :)\nI had to run off for other reasons and came back to Dave's talk which was AWESOME.\nFollowing was Rod's talk.. well. While I see his case, that was very poor.\nThe auction into closing was awesome again, and I spend $50 on a Tshirt. :)\n\n\nEpilogue\nI totally got the exit dates wrong. So first cancel a booking of an Hotel and then rebook the train to YUL. So I have plenty of time \"in the morning\" to get breakfast with the local guy. After that he drives me to VIARail station and I dig into \"business\" cussions.\nWell, see you in Ottawa - or how about Paris, Taipei?\n***\n\n\n\nBind Broker\n\n\nTed Unangst writes about an interesting idea he has\nHe has a single big server, and lots of users who would like to share it, many want to run web servers.\n\n\n\nThis would be great, but alas, archaic decisions made long ago mean that network sockets aren’t really files and there’s this weird concept of privileged ports. Maybe we could assign each user a virtual machine and let them do whatever they want, but that seems wasteful. Think of the megabytes! Maybe we could setup nginx.conf to proxy all incoming connections to a process of the user’s choosing, but that only works for web sites and we want to be protocol neutral. Maybe we could use iptables, but nobody wants to do that. \nWhat we need is a bind broker. At some level, there needs to be some kind of broker that assigns IPs to users and resolves conflicts. It should be possible to build something of this nature given just the existing unix tools we have, instead of changing system design. Then we can deploy our broker to existing systems without upgrading or disrupting their ongoing operation. The bind broker watches a directory for the creation, by users, of unix domain sockets. Then it binds to the TCP port of the same name, and transfers traffic between them.\nA more complete problem specification is as follows. A top level directory, which contains subdirectories named after IP addresses. Each user is assigned a subdirectory, which they have write permission to. Inside each subdirectory, the user may create unix sockets named according to the port they wish to bind to. We might assign user alice the IP 10.0.0.5 and the user bob the IP 10.0.0.10. Then alice could run a webserver by binding to net/10.0.0.5/80 and bob could run a mail server by binding to net/10.0.0.10/25. This maps IP ownership (which doesn’t really exist in unix) to the filesystem namespace (which does have working permissions).\n\n\n\nSo this will be a bit different than jails. The idea is to use filesystem permissions to control which users can bind to which IP addresses and ports\n\n\n\nThe broker is responsible for watching each directory. As new sockets are created, it should respond by binding to the appropriate port. When a socket is deleted, the network side socket should be closed as well. Whenever a connection is accepted on the network side, a matching connection is made on the unix side, and then traffic is copied across.\n\n\n\nA full set of example code is provided\n\n\n\nThere’s no completely portable way to watch a directory for changes. I’m using a kevent extension. Otherwise we might consider a timeout and polling with fstat, or another system specific interface (or an abstraction layer over such an interface). Otherwise, if one of our mappings is ready to read (accept), we have a new connection to handle. \nThe first half is straightforward. We accept the connection and make a matching connect call to the unix side. Then I broke out the big cheat stick and just spliced the sockets together. In reality, we’d have to set up a read/copy/write loop for each end to copy traffic between them. That’s not very interesting to read though. \nThe full code, below, comes in at 232 lines according to wc. Minus includes, blank lines, and lines consisting of nothing but braces, it’s 148 lines of stuff that actually gets executed by the computer. Add some error handling, and working read/write code, and 200 lines seems about right. \n\n\n\nA very interesting idea. I wonder about creating a virtual file system that would implement this and maybe do a bit more to fully flesh out this idea.\nWhat do you think?\n***\n\n\nNews Roundup\n\nDaemons and friendly Ninjas\n\n\nThere’s quite a lot of software that uses CMake as a (meta-)buildsystem. A quick count in the FreeBSD ports tree shows me 1110 ports (over a thousand) that use it. CMake generates buildsystem files which then direct the actual build — it doesn’t do building itself.\nThere are multiple buildsystem-backends available: in regular usage, CMake generates Makefiles (and does a reasonable job of producing Makefiles that work for GNU Make and for BSD Make). But it can generate Ninja, or Visual Studio, and other buildsystem files. It’s quite flexible in this regard.\nRecently, the KDE-FreeBSD team has been working on Qt WebEngine, which is horrible. It contains a complete Chromium and who knows what else. Rebuilding it takes forever.\nBut Tobias (KDE-FreeBSD) and Koos (GNOME-FreeBSD) noticed that building things with the Ninja backend was considerably faster for some packages (e.g. Qt WebEngine, and Evolution data-thingy). Tobias wanted to try to extend the build-time improvements to all of the CMake-based ports in FreeBSD, and over the past few days, this has been a success.\nPorts builds using CMake now default to using Ninja as buildsystem-backend.\nHere’s a bitty table of build-times. These are one-off build times, so hardly scientifically accurate — but suggestive of a slight improvement in build time.\n\n\nName        Size        GMake    Ninja\nliblxt        50kB        0:32    0:31\nllvm38        1655kB    *    19:43\nmusescore    47590kB    4:00    3:54\nwebkit2-gtk3    14652kB    44:29    37:40\n\n\n\nOr here’s a much more thorough table of results from tcberner@, who did 5 builds of each with and without ninja. I’ve cut out the raw data, here are just the average-of-five results, showing usually a slight improvement in build time with Ninja.\n\n\nName        av make    av ninj    Delta    D/Awo\ncompiler-rt    00:08        00:07    -00:01    -14%\nopenjpeg    00:06        00:07    +00:01    +17%\nmarble        01:57        01:43    -00:14    -11%\nuhd        01:49        01:34    -00:15    -13%\nopencacscade    04:08        03:23    -00:45    -18%\navidemux    03:01        02:49    -00:12    – 6%\nkdevelop    01:43        01:33    -00:10    – 9%\nring-libclient    00:58        00:53    -00:05    – 8%\n\n\n\nNot everything builds properly with Ninja. This is usually due to missing dependencies that CMake does not discover; this shows up when foo depends on bar but no rule is generated for it. Depending on build order and speed, bar may be there already by the time foo gets around to being built. Doxygen showed this, where builds on 1 CPU core were all fine, but 8 cores would blow up occasionally.\nIn many cases, we’ve gone and fixed the missing implicit dependencies in ports and upstreams. But some things are intractable, or just really need GNU Make. For this, the FreeBSD ports infrastructure now has a knob attached to CMake for switching a port build to GNU Make.\n\nNormal: USES=cmake\nOut-of-source: USES=cmake:outsource\nGNU Make: USES=cmake:noninja gmake\nOoS, GMake: USES=cmake:outsource,noninja gmake\nBad: USES=cmake gmake\n\nFor the majority of users, this has no effect, but for our package-building clusters, and for KDE-FreeBSD developers who build a lot of CMake-buildsystem software in a day it may add up to an extra coffee break. So I’ll raise a shot of espresso to friendship between daemons and ninjas.\n\n\n\n\nAnnouncing the pkgsrc-2017Q2 release\n\n\nFor the 2017Q2 release we welcome the following notable package additions and changes to the pkgsrc collection:\n\n\nFirefox 54\nGCC 7.1\nMATE 1.18\nRuby 2.4\nRuby on Rails 4.2\nTeX Live 2017\nThunderbird 52.1\nXen 4.8\n\nWe say goodbye to:\n\n\nRuby 1.8\nRuby 2.1\n\nThe following infrastructure changes were introduced:\n\n\nImplement optional new pkgtasks and init infrastructure for pkginstall. \nVarious enhancements and fixes for building with ccache.\nAdd support to USE_LANGUAGES for newer C++ standards.\nEnhanced support for SSP, FORTIFY, and RELRO.\nThe GitHub mirror has migrated to https://github.com/NetBSD/pkgsrc\nIn total, 210 packages were added, 43 packages were removed, and 1,780 package updates were processed since the pkgsrc-2017Q1 release.\n***\n\n\n\nOpenBSD changes of note 624\n\n\nThere are a bunch, but here are a few that jump out:\n\n\nStart plugging some leaks. Compile kernels with umask 007. Install them minus read permissions.\nPure preprocessor implementation of the roff .ec and .eo requests, though you are warned that very bad things will happen to anybody trying to use these macros in OpenBSD manuals.\nRandom linking for arm64. And octeon. And alpha. And hppa. There’s some variation by platform, because every architecture has the kernel loaded with different flavors of initial physical and virtual mappings. And landisk. And loongson. And sgi. And macppc. And a gap file for sparc64, but nobody yet dares split locore. And arm7.\nErrata for perl File::Path race condition.\nSome fixes for potential link attacks against cron.\nAdd pledge violations to acct reporting.\nTake random linking to the next stage. More about KARL - kernel address randomized link. As noted, a few difficulties with hibernate and such, but the plan is coming together. Add a new function reorder_kernel() that relinks and installs the new kernel in the background on system startup. Add support for the bootblocks to detect hibernate and boot the previous kernel.\nRemove the poorly described “stuff” from ksh.\nReplace usage of TIOCSTI in csh using a more common IO loop. Kind of like the stuff in ksh, but part of the default command line editing and parsing code, csh would read too many characters, then send the ones it didn’t like back into the terminal. Which is weird, right? Also, more importantly, eliminating the code that uses TIOCSTI to inject characters into ttys means that maybe TIOCSTI can be removed.\nRevamp some of the authentication logging in ssh.\nAdd a verbose flag to rm so you can panic immediately upon seeing it delete the wrong file instead of waiting to discover your mistake after the fact.\nUpdate libexpat to version 2.2.1 which has some security fixes. Never trust an expat, that’s my motto.\nUpdate inteldrm to code based on Linux 4.4.70. This brings us support for Skylake and Cherryview and better support for Broadwell and Valleyview. Also adds MST support. Fun times for people with newish laptops.\n***\n\n\n\nOPNsense 17.1.9 released\n\n\nfirewall: move gateway switching from system to firewall advanced settings\nfirewall: keep category selection when changing tabs\nfirewall: do not skip gateway switch parsing too early (contributed by Stephane Lesimple)\ninterfaces: show VLAN description during edit\nfirmware: opnsense-revert can now handle multiple packages at once\nfirmware: opnsense-patch can now handle permission changes from patches\ndnsmasq: use canned –bogus-priv for no_private_reverse\ndnsmasq: separate log file, ACL and menu entries\ndynamic dns: fix update for IPv6 (contributed by Alexander Leisentritt)\ndynamic dns: remove usage of CURLAUTH_ANY (contributed by Alexander Leisentritt)\nintrusion detection: suppress “fast mode available” boot warning in PCAP mode\nopenvpn: plugin framework adaption\nunbound: add local-zone type transparent for PTR zone (contributed by Davide Gerhard)\nunbound: separate log file, ACL and menu entries\nwizard: remove HTML from description strings\nmvc: group relation to something other than uuid if needed\nmvc: rework “item in” for our Volt templates\nlang: Czech to 100% translated (contributed by Pavel Borecki)\nplugins: zabbix-agent 1.1 (contributed by Frank Wall)\nplugins: haproxy 1.16 (contributed by Frank Wall)\nplugins: acme-client 1.8 (contributed by Frank Wall)\nplugins: tinc fix for switch mode (contributed by Johan Grip)\nplugins: monit 1.3 (contributed by Frank Brendel)\nsrc: support dhclient supersede statement for option 54 (contributed by Fabian Kurtz)\nsrc: add Intel Atom Cherryview SOC HSUART support\nsrc: add the ID for the Huawei ME909S LTE modem\nsrc: HardenedBSD Stack Clash mitigations[1]\nports: sqlite 3.19.3[2]\nports: openvpn 2.4.3[3]\nports: sudo 1.8.20p2[4]\nports: dnsmasq 2.77[5]\nports: openldap 2.4.45[6]\nports: php 7.0.20[7]\nports: suricata 3.2.2[8]\nports: squid 3.5.26[9]\nports: ca_root_nss 3.31\nports: bind 9.11.1-P2[10]\nports: unbound 1.6.3[11]\nports: curl 7.54.1[12]\n***\n\n\nBeastie Bits\n\n\nThinkpad x230 - trying to get TrackPoint / Touchpad working in X\nFreeBSD deprecates all r-cmds (rcp, rlogin, etc.)\nBashfill - art for your terminal\nGo 1.9 release notes: NetBSD support is broken, please help\nJest, A ReST api for creating and managing FreeBSD jails written in Go\n***\n\n\nFeedback/Questions\n\n\nJohn - zfs send/receive\nCallum - laptops \u0026amp; An update\nLars - Snapshot of VM datadisk\nDaryl - Jail managers\n***\n","content_html":"\u003cp\u003eWe look at an OpenBSD setup on a new laptop, revel in BSDCan trip reports, and visit daemons and friendly ninjas.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.de/2017/07/openbsd-and-modern-laptop.html\" rel=\"nofollow\"\u003eOpenBSD and the modern laptop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeter Hansteen has a new blog post about \u003ca href=\"http://www.openbsd.org/\" rel=\"nofollow\"\u003eOpenBSD\u003c/a\u003e on laptops:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDid you think that OpenBSD is suitable only for firewalls and high-security servers? Think again. Here are my steps to transform a modern mid to high range laptop into a useful Unix workstation with OpenBSD.\u003cbr\u003e\nOne thing that never ceases to amaze me is that whenever I\u0026#39;m out and about with my primary laptop at conferences and elsewhere geeks gather, a significant subset of the people I meet have a hard time believing that my laptop runs OpenBSD, and that it\u0026#39;s the only system installed.\u003cbr\u003e\nand then it takes a bit of demonstrating that yes, the graphics runs with the best available resolution the hardware can offer, the wireless network is functional, suspend and resume does work, and so forth. And of course, yes, I do use that system when writing books and articles too. Apparently heavy users of other free operating systems do not always run them on their primary workstations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeter goes on to describe the laptops he’s had over the years (all running OpenBSD) and after BSDCan 2017, he needed a new one due to cracks in the display.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo the time came to shop around for a replacement. After a bit of shopping around I came back to Multicom, a small computers and parts supplier outfit in rural Åmli in southern Norway, the same place I had sourced the previous one.\u003cbr\u003e\nOne of the things that attracted me to that particular shop and their own-branded offerings is that they will let you buy those computers with no operating system installed. That is of course what you want to do when you source your operating system separately, as we OpenBSD users tend to do.\u003cbr\u003e\nThe last time around I had gone for a \u0026quot;Thin and lightweight\u0026quot; 14 inch model (Thickness 20mm, weight 2.0kg) with 16GB RAM, 240GB SSD for system disk and 1TB HD for /home (since swapped out for a same-size SSD, as the dmesg will show). \u003cbr\u003e\nThree years later, the rough equivalent with some added oomph for me to stay comfortable for some years to come ended me with a 13.3 inch model, 18mm and advertised as 1.3kg (but actually weighing in at 1.5kg, possibly due to extra components), 32GB RAM, 512GB SSD and 2TB harddisk. For now the specification can be viewed online \u003ca href=\"https://www.multicom.no/systemconfigurator.aspx?q=st:10637291;c:100559;fl:0#4091-10500502-1;4086-10637290-1;4087-8562157-2;4088-9101982-1;4089-9101991-1\" rel=\"nofollow\"\u003ehere\u003c/a\u003e (the site language is Norwegian, but product names and units of measure are not in fact different).\u003cbr\u003e\nThe OpenBSD installer is a wonder of straightforward, no-nonsense simplicity that simply gets the job done. Even so, if you are not yet familiar with OpenBSD, it is worth spending some time reading the OpenBSD FAQ\u0026#39;s installation guidelines and the INSTALL.platform file (in our case, INSTALL.amd64) to familiarize yourself with the procedure. If you\u0026#39;re following this article to the letter and will be installing a snapshot, it is worth reading the notes on following -current too.\u003cbr\u003e\nThe main hurdle back when I was installing the 2014-vintage 14\u0026quot; model was getting the system to consider the SSD which showed up as sd1 the automatic choice for booting (I solved that by removing the MBR, setting the size of the MBR on the hard drive that showed up as sd0 to 0 and enlarging the OpenBSD part to fill the entire drive).\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe goes on to explain the choices he made in the installer and settings made after the reboot to set up his work environment. Peter closes with:\nIf you have any questions on running OpenBSD as a primary working environment, I\u0026#39;m generally happy to answer but in almost all cases I would prefer that you use the mailing lists such as \u003ca href=\"mailto:misc@openbsd.org\" rel=\"nofollow\"\u003emisc@openbsd.org\u003c/a\u003e or the \u003ca href=\"https://www.facebook.com/groups/2210554563/\" rel=\"nofollow\"\u003eOpenBSD Facebook\u003c/a\u003e group so the question and hopefully useful answers become available to the general public. Browsing the slides for my recent \u003ca href=\"https://home.nuug.no/%7Epeter/openbsd_and_you/\" rel=\"nofollow\"\u003eOpenBSD and you\u003c/a\u003e user group talk might be beneficial if you\u0026#39;re not yet familiar with the system. And of course, comments on this article are welcome.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/2017-bsdcan-trip-report-roller-angel/\" rel=\"nofollow\"\u003eBSDCan 2017 Trip Report: Roller Angel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe could put this into next week’s show, because we have another trip report already that’s quite long.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter dropping off my luggage, I headed straight over to the Goat BoF which took place at The Royal Oak. There were already a number of people there engaged in conversation with food and drink. I sat down at a table and was delighted that the people sitting with me were also into the BSD’s and were happy to talk about it the whole time. I felt right at home from the start as people were very nice to me, and were interested in what I was working on. I honestly didn’t know that I would fit in so well.\u003cbr\u003e\nI had a preconceived notion that people may be a bit hard to approach as they are famous and so technically advanced. At first, people seemed to only be working in smaller circles. Once you get more familiar with the faces, you realize that these circles don’t always contain the same people and that they are just people talking about specific topics. I found that it was easy to participate in the conversation and also found out that people are happy to get your feedback on the subject as well.\u003cbr\u003e\nI was actually surprised how easily I got along with everyone and how included I felt in the activities. I volunteered to help wherever possible and got to work on the video crew that recorded the audio and slides of the talks. The people at BSDCan are incredibly easy to talk to, are actually interested in what you’re doing with BSD, and what they can do to help. It’s nice to feel welcome in the community. It’s like going home. Dan mentioned in his welcome on the first day of BSDCan that the conference is like home for many in the community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe trip report is very detailed and chronicles the two days of the developer summit, and the two days of the conference\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere was some discussion about a new code of conduct by Benno Rice who mentioned that people are welcome to join a body of people that is forming that helps work out issues related to code of conduct and forwards their recommendations on to core. Next, Allan introduced the idea of creating a process for formally discussing big project changes or similar discussions that is going to be known as FCP or FreeBSD Community Proposal. In Python we have the Python Enhancement Proposal or PEP which is very similar to the idea of FCP. I thought this idea is a great step for FreeBSD to be implementing as it has been a great thing for Python to have.\u003cbr\u003e\nThere was some discussion about taking non-code contributions from people and how to recognize those people in the project. There was a suggestion to have a FreeBSD Member status created that can be given to people whose non-code contributions are valuable to the project. This idea seemed to be on a lot of people’s minds as something that should be in place soon. The junior jobs on the FreeBSD Wiki were also brought up as a great place to look for ideas on how to get involved in contributing to FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eRoller wasted no time, and started contributing to EdgeBSD at the conference.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn the first day of BSDCan I arrived at the conference early to coordinate with the team that records the talks. We selected the rooms that each of us would be in to do the recording and set up a group chat via WhatsApp for coordination.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThanks to Roller, Patrick McAvoy, Calvin Hendryx-Parker, and all of the others who volunteered their time to run the video and streaming production at BSDCan, as well as all others who volunteered, even if it was just to carry a box. BSDCan couldn’t happen without the army of volunteers.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter the doc lounge, I visited the Hacker Lounge. There were already several tables full of people talking and working on various projects. In fact, there was a larger group of people who were collaborating on the new libtrue library that seemed to be having a great time. I did a little socializing and then got on my laptop and did some more work on the documentation using my new skills. I really enjoyed having a hacker lounge to go to at night.\u003cbr\u003e\nI want to give a big thank you to the FreeBSD Foundation for approving my travel grant. It was a great experience to meet the community and participate in discussions. I’m very grateful that I was able to attend my first BSDCan. After visiting the doc lounge a few times, I managed to get comfortable using the tools required to edit the documentation. By the end of the conference, I had submitted two documentation patches to the FreeBSD Bugzilla with several patches still in progress. Prior to the conference I expected that I would be spending a lot of time working on my Onion Omega and Edge Router Lite projects that I had with me, but I actually found that there was always something fun going on that I would rather do or work on. I can always work on those projects at home anyway. I had a good time working with the FreeBSD community and will continue working with them by editing the documentation and working with Bugzilla.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the things I enjoy about these trip reports is when they help convince other people to make the trip to their first conference. Hopefully by sharing their experience, it will convince you to come to the next conference:\n\n\u003cul\u003e\n\u003cli\u003evBSDCon in Virginia, USA: Sept 7-9\u003c/li\u003e\n\u003cli\u003eEuroBSDCon in Paris, France: Sept 21-24\u003c/li\u003e\n\u003cli\u003eBSDTW in Taipei, Taiwan: November 11-12 (CFP ends July 31st)\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170629150641\" rel=\"nofollow\"\u003eBSDCan 2017 - Trip report double-p\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePrologue\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMost overheard in Tokyo was \u0026quot;see you in Ottawaaaaah\u0026quot;, so with additional \u0026quot;personal item\u0026quot; being Groff I returned home to plan the trip to BSDCan.\u003cbr\u003e\nDan was very helpful with getting all the preparations (immigration handling), thanks for that. Before I could start, I had to fix something: the handling of the goat. With a nicely created harness, I could just hang it along my backpack.\u003cbr\u003e\nDone that it went to the airport of Hamburg and check-in for an itinerary of HAM-MUC-YUL. While the feeder leg was a common thing, boarding to YUL was great - cabin-crew likes Groff :)\u003cbr\u003e\nArriving in Montreal was like entering a Monsoon zone or something, sad! After the night the weather was still rain-ish but improving and i shuttled to Dorval VIARail station to take me to Ottawa (ever avoid AirCanada, right?). Train was late, but the conductor (or so) was nice to talk to - and wanted to know about Groff\u0026#39;s facebook page :-P.\u003cbr\u003e\nPicking a cab in Ottawa to take me to \u0026quot;Residence\u0026quot; was easy at first - just that it was the wrong one. Actually my fault and so I had a \u0026quot;nice, short\u0026quot; walk to the actual one in the rain with wrong directions. Eventually I made it and after unpacking, refreshment it was time to hit the Goat BOF!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDay 1\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince this was my first BSDCan I didnt exactly knew what to expect from this BOF. But it was like, we (Keeper, Dan, Allan, ..) would talk about \u0026quot;who\u0026#39;s next\u0026quot; and things like that. How mistaken I was :). Besides the sheer amount of BSD people entering the not-so-yuuge Oak some Dexter sneaked in camouflage. The name-giver got a proper position to oversee the mess and I was glad I did not leave him behind after almost too many Creemores.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDay 2\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSomething happened it\u0026#39;s crystal blue on the \u0026quot;roof\u0026quot; and sun is trying its best to wake me up. To start the day, I pick breakfast at \u0026#39;Father+Sons\u0026#39; - I can really recommend that. Very nice home made fries (almost hashbrowns) and fast delivery! Stuffed up I trott along to get to phessler\u0026#39;s tutorial about BGP-for-sysadmins-and-developers.\u003cbr\u003e\nPeter did a great job, but the \u0026quot;lab\u0026quot; couldn\u0026#39;t happen, since - oh surprise - the wifi was sluggish as hell. Must love the first day on a conference every time.\u003cbr\u003e\nWent to Hackroom in U90 afterwards, just to fix stuff \u0026quot;at home\u0026quot;. IPsec giving pains again.\u003cbr\u003e\nTime to pick food+beer afterwards and since it\u0026#39;s so easy to reach, we went to the Oak again. Having a nice backyard patio experience it was about time to meet new people. Cheers to Tom, Aaron, Nick, Philip and some more, we\u0026#39;d an awesome night there. I also invited some not-really-computer local I know by other means who was completly overwhelmed by what kind of \u0026quot;nerds\u0026quot; gather around BSD. He planned to stay \u0026quot;a beer\u0026quot; - and it was rather some more and six hours. Looks like \u0026quot;we\u0026quot; made some impression on him :).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDay 3\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEasy day, no tutorials at hand, so first picking up breakfast at F+S again and moving to hackroom in U90. Since I promised phessler to help with an localized lab-setup, I started to hack on a quick vagrant/ansible setup to mimic his BGP-lab and went quickly through most of it. Plus some more IPsec debugging and finally fixing it, we went early in the general direction of the Red Lion to pick our registration pack.\u003cbr\u003e\nBut before that could happen it was called to have shawarma at 3brothers along. Given a tight hangover it wasn\u0026#39;t the brightest idea to order a poutine m-(. Might be great the other day, it wasn\u0026#39;t for me at the very time and had to throw away most of it :(. Eventually passing on to the Red Lion I made the next failure with just running into the pub - please stay at the front desk until \u0026quot;seated\u0026quot;. I never get used to this concept.\u003cbr\u003e\nSo after being \u0026quot;properly\u0026quot; seated, we take our beers and the registration can commence after we had half of it. So I register myself; btw it\u0026#39;s a great idea to grant \u0026quot;not needed\u0026quot; stuff to charity. So dont pick \u0026quot;just because\u0026quot;, think about it if you really need this or that gadget.\u003cbr\u003e\nThen I register Groff - he really needs badges - just to have Dru coming back to me some minutes later one to hand me the badge for Henning. That\u0026#39;s just \u0026quot;amazing\u0026quot;; I dont know IF i want to break this vicious circle the other day, since it\u0026#39;s so funny.\u003cbr\u003e\nTalked to Theo about the ongoing IPsec problems and he taught me about utrace(2) which looks \u0026quot;complicated\u0026quot; but might be an end of the story the other day. Also had a nice talk to Peter (H.) about some other ideas along books.\u003cbr\u003e\nBTW, did I pay for ongoing beers? I think Tom did - what a guy :).\u003cbr\u003e\nArriving at the Residence, I had to find my bathroom door locked (special thing).. crazy thing is they dont have a master key at the venue, but to have to call in one from elsewhere.\u003cbr\u003e\nShort night shortened by another 30minutes :(.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDay 4\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWeather is improving into beach+sun levels - and it\u0026#39;s Conference Day! The opening keynote from Geist was very interesting (\u0026quot;citation needed\u0026quot;). Afterwards I went to zfs-over-ssh, nothing really new (sorry Allan). But then Jason had a super interesting talk on how about to apply BSD for the health-care system in Australia. I hope I can help him with the last bits (rdomain!) in the end.\u003cbr\u003e\nWhile lunch I tried to recall my memories about utrace(2) while talking to Theo.\u003cbr\u003e\nThen it was about to present my talk and I think it was well perceipted. One \u0026quot;not so good\u0026quot; feedback was about not taking the audience more into account. I think I was asking every other five slides or so - but, well. The general feedback (in spoken terms) was quite good. I was a bit \u0026quot;confused\u0026quot; and I did likely a better job in Tokyo, but well.\u003cbr\u003e\nHappened we ended up in the Oak again.. thanks to mwl, shirkdog, sng, pitrh, kurtm for having me there :)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDay 5\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile the weather had to decide \u0026quot;what next\u0026quot;, I rushed to the venue just to gather Reyk\u0026#39;s talk about vmd(8). Afterwards it was MSTP from Paeps which was very interesting and we (OpenBSD) should look into it. Then happened BUG BOF and I invite all \u0026quot;coastal Germans\u0026quot; to cbug.de :)\u003cbr\u003e\nI had to run off for other reasons and came back to Dave\u0026#39;s talk which was AWESOME.\u003cbr\u003e\nFollowing was Rod\u0026#39;s talk.. well. While I see his case, that was very poor.\u003cbr\u003e\nThe auction into closing was awesome again, and I spend $50 on a Tshirt. :)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEpilogue\nI \u003cem\u003etotally\u003c/em\u003e got the exit dates wrong. So first cancel a booking of an Hotel and then rebook the train to YUL. So I have plenty of time \u0026quot;in the morning\u0026quot; to get breakfast with the local guy. After that he drives me to VIARail station and I dig into \u0026quot;business\u0026quot; cussions.\nWell, see you in Ottawa - or how about Paris, Taipei?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/bind-broker\" rel=\"nofollow\"\u003eBind Broker\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst writes about an interesting idea he has\u003c/li\u003e\n\u003cli\u003eHe has a single big server, and lots of users who would like to share it, many want to run web servers.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis would be great, but alas, archaic decisions made long ago mean that network sockets aren’t really files and there’s this weird concept of privileged ports. Maybe we could assign each user a virtual machine and let them do whatever they want, but that seems wasteful. Think of the megabytes! Maybe we could setup nginx.conf to proxy all incoming connections to a process of the user’s choosing, but that only works for web sites and we want to be protocol neutral. Maybe we could use iptables, but nobody wants to do that. \u003cbr\u003e\nWhat we need is a bind broker. At some level, there needs to be some kind of broker that assigns IPs to users and resolves conflicts. It should be possible to build something of this nature given just the existing unix tools we have, instead of changing system design. Then we can deploy our broker to existing systems without upgrading or disrupting their ongoing operation. The bind broker watches a directory for the creation, by users, of unix domain sockets. Then it binds to the TCP port of the same name, and transfers traffic between them.\u003cbr\u003e\nA more complete problem specification is as follows. A top level directory, which contains subdirectories named after IP addresses. Each user is assigned a subdirectory, which they have write permission to. Inside each subdirectory, the user may create unix sockets named according to the port they wish to bind to. We might assign user alice the IP 10.0.0.5 and the user bob the IP 10.0.0.10. Then alice could run a webserver by binding to net/10.0.0.5/80 and bob could run a mail server by binding to net/10.0.0.10/25. This maps IP ownership (which doesn’t really exist in unix) to the filesystem namespace (which does have working permissions).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo this will be a bit different than jails. The idea is to use filesystem permissions to control which users can bind to which IP addresses and ports\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe broker is responsible for watching each directory. As new sockets are created, it should respond by binding to the appropriate port. When a socket is deleted, the network side socket should be closed as well. Whenever a connection is accepted on the network side, a matching connection is made on the unix side, and then traffic is copied across.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA full set of example code is provided\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere’s no completely portable way to watch a directory for changes. I’m using a kevent extension. Otherwise we might consider a timeout and polling with fstat, or another system specific interface (or an abstraction layer over such an interface). Otherwise, if one of our mappings is ready to read (accept), we have a new connection to handle. \u003cbr\u003e\nThe first half is straightforward. We accept the connection and make a matching connect call to the unix side. Then I broke out the big cheat stick and just spliced the sockets together. In reality, we’d have to set up a read/copy/write loop for each end to copy traffic between them. That’s not very interesting to read though. \u003cbr\u003e\nThe full code, below, comes in at 232 lines according to wc. Minus includes, blank lines, and lines consisting of nothing but braces, it’s 148 lines of stuff that actually gets executed by the computer. Add some error handling, and working read/write code, and 200 lines seems about right. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA very interesting idea. I wonder about creating a virtual file system that would implement this and maybe do a bit more to fully flesh out this idea.\u003c/li\u003e\n\u003cli\u003eWhat do you think?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://euroquis.nl/bobulate/?p=1600\" rel=\"nofollow\"\u003eDaemons and friendly Ninjas\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere’s quite a lot of software that uses CMake as a (meta-)buildsystem. A quick count in the FreeBSD ports tree shows me 1110 ports (over a thousand) that use it. CMake generates buildsystem files which then direct the actual build — it doesn’t do building itself.\u003cbr\u003e\nThere are multiple buildsystem-backends available: in regular usage, CMake generates Makefiles (and does a reasonable job of producing Makefiles that work for GNU Make and for BSD Make). But it can generate Ninja, or Visual Studio, and other buildsystem files. It’s quite flexible in this regard.\u003cbr\u003e\nRecently, the KDE-FreeBSD team has been working on Qt WebEngine, which is horrible. It contains a complete Chromium and who knows what else. Rebuilding it takes forever.\u003cbr\u003e\nBut Tobias (KDE-FreeBSD) and Koos (GNOME-FreeBSD) noticed that building things with the Ninja backend was considerably faster for some packages (e.g. Qt WebEngine, and Evolution data-thingy). Tobias wanted to try to extend the build-time improvements to all of the CMake-based ports in FreeBSD, and over the past few days, this has been a success.\u003cbr\u003e\nPorts builds using CMake now default to using Ninja as buildsystem-backend.\u003cbr\u003e\nHere’s a bitty table of build-times. These are one-off build times, so hardly scientifically accurate — but suggestive of a slight improvement in build time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eName        Size        GMake    Ninja\nliblxt        50kB        0:32    0:31\nllvm38        1655kB    *    19:43\nmusescore    47590kB    4:00    3:54\nwebkit2-gtk3    14652kB    44:29    37:40\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOr here’s a much more thorough table of results from tcberner@, who did 5 builds of each with and without ninja. I’ve cut out the raw data, here are just the average-of-five results, showing usually a slight improvement in build time with Ninja.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003eName        av make    av ninj    Delta    D/Awo\ncompiler-rt    00:08        00:07    -00:01    -14%\nopenjpeg    00:06        00:07    +00:01    +17%\nmarble        01:57        01:43    -00:14    -11%\nuhd        01:49        01:34    -00:15    -13%\nopencacscade    04:08        03:23    -00:45    -18%\navidemux    03:01        02:49    -00:12    – 6%\nkdevelop    01:43        01:33    -00:10    – 9%\nring-libclient    00:58        00:53    -00:05    – 8%\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNot everything builds properly with Ninja. This is usually due to missing dependencies that CMake does not discover; this shows up when foo depends on bar but no rule is generated for it. Depending on build order and speed, bar may be there already by the time foo gets around to being built. Doxygen showed this, where builds on 1 CPU core were all fine, but 8 cores would blow up occasionally.\u003cbr\u003e\nIn many cases, we’ve gone and fixed the missing implicit dependencies in ports and upstreams. But some things are intractable, or just really need GNU Make. For this, the FreeBSD ports infrastructure now has a knob attached to CMake for switching a port build to GNU Make.\u003c/p\u003e\n\n\u003cp\u003eNormal: USES=cmake\u003cbr\u003e\nOut-of-source: USES=cmake:outsource\u003cbr\u003e\nGNU Make: USES=cmake:noninja gmake\u003cbr\u003e\nOoS, GMake: USES=cmake:outsource,noninja gmake\u003cbr\u003e\nBad: USES=cmake gmake\u003c/p\u003e\n\n\u003cp\u003eFor the majority of users, this has no effect, but for our package-building clusters, and for KDE-FreeBSD developers who build a lot of CMake-buildsystem software in a day it may add up to an extra coffee break. So I’ll raise a shot of espresso to friendship between daemons and ninjas.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2017/07/10/msg025237.html\" rel=\"nofollow\"\u003eAnnouncing the pkgsrc-2017Q2 release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor the 2017Q2 release we welcome the following notable package additions and changes to the pkgsrc collection:\n\n\u003cul\u003e\n\u003cli\u003eFirefox 54\u003c/li\u003e\n\u003cli\u003eGCC 7.1\u003c/li\u003e\n\u003cli\u003eMATE 1.18\u003c/li\u003e\n\u003cli\u003eRuby 2.4\u003c/li\u003e\n\u003cli\u003eRuby on Rails 4.2\u003c/li\u003e\n\u003cli\u003eTeX Live 2017\u003c/li\u003e\n\u003cli\u003eThunderbird 52.1\u003c/li\u003e\n\u003cli\u003eXen 4.8\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWe say goodbye to:\n\n\u003cul\u003e\n\u003cli\u003eRuby 1.8\u003c/li\u003e\n\u003cli\u003eRuby 2.1\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe following infrastructure changes were introduced:\n\n\u003cul\u003e\n\u003cli\u003eImplement optional new pkgtasks and init infrastructure for pkginstall. \u003c/li\u003e\n\u003cli\u003eVarious enhancements and fixes for building with ccache.\u003c/li\u003e\n\u003cli\u003eAdd support to USE_LANGUAGES for newer C++ standards.\u003c/li\u003e\n\u003cli\u003eEnhanced support for SSP, FORTIFY, and RELRO.\u003c/li\u003e\n\u003cli\u003eThe GitHub mirror has migrated to \u003ca href=\"https://github.com/NetBSD/pkgsrc\" rel=\"nofollow\"\u003ehttps://github.com/NetBSD/pkgsrc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn total, 210 packages were added, 43 packages were removed, and 1,780 package updates were processed since the pkgsrc-2017Q1 release.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/openbsd-changes-of-note-624\" rel=\"nofollow\"\u003eOpenBSD changes of note 624\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThere are a bunch, but here are a few that jump out:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eStart plugging some leaks. Compile kernels with umask 007. Install them minus read permissions.\u003c/li\u003e\n\u003cli\u003ePure preprocessor implementation of the roff .ec and .eo requests, though you are warned that very bad things will happen to anybody trying to use these macros in OpenBSD manuals.\u003c/li\u003e\n\u003cli\u003eRandom linking for arm64. And octeon. And alpha. And hppa. There’s some variation by platform, because every architecture has the kernel loaded with different flavors of initial physical and virtual mappings. And landisk. And loongson. And sgi. And macppc. And a gap file for sparc64, but nobody yet dares split locore. And arm7.\u003c/li\u003e\n\u003cli\u003eErrata for perl File::Path race condition.\u003c/li\u003e\n\u003cli\u003eSome fixes for potential link attacks against cron.\u003c/li\u003e\n\u003cli\u003eAdd pledge violations to acct reporting.\u003c/li\u003e\n\u003cli\u003eTake random linking to the next stage. More about KARL - kernel address randomized link. As noted, a few difficulties with hibernate and such, but the plan is coming together. Add a new function reorder_kernel() that relinks and installs the new kernel in the background on system startup. Add support for the bootblocks to detect hibernate and boot the previous kernel.\u003c/li\u003e\n\u003cli\u003eRemove the poorly described “stuff” from ksh.\u003c/li\u003e\n\u003cli\u003eReplace usage of TIOCSTI in csh using a more common IO loop. Kind of like the stuff in ksh, but part of the default command line editing and parsing code, csh would read too many characters, then send the ones it didn’t like back into the terminal. Which is weird, right? Also, more importantly, eliminating the code that uses TIOCSTI to inject characters into ttys means that maybe TIOCSTI can be removed.\u003c/li\u003e\n\u003cli\u003eRevamp some of the authentication logging in ssh.\u003c/li\u003e\n\u003cli\u003eAdd a verbose flag to rm so you can panic immediately upon seeing it delete the wrong file instead of waiting to discover your mistake after the fact.\u003c/li\u003e\n\u003cli\u003eUpdate libexpat to version 2.2.1 which has some security fixes. Never trust an expat, that’s my motto.\u003c/li\u003e\n\u003cli\u003eUpdate inteldrm to code based on Linux 4.4.70. This brings us support for Skylake and Cherryview and better support for Broadwell and Valleyview. Also adds MST support. Fun times for people with newish laptops.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-17-1-9-released/\" rel=\"nofollow\"\u003eOPNsense 17.1.9 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003efirewall: move gateway switching from system to firewall advanced settings\u003c/li\u003e\n\u003cli\u003efirewall: keep category selection when changing tabs\u003c/li\u003e\n\u003cli\u003efirewall: do not skip gateway switch parsing too early (contributed by Stephane Lesimple)\u003c/li\u003e\n\u003cli\u003einterfaces: show VLAN description during edit\u003c/li\u003e\n\u003cli\u003efirmware: opnsense-revert can now handle multiple packages at once\u003c/li\u003e\n\u003cli\u003efirmware: opnsense-patch can now handle permission changes from patches\u003c/li\u003e\n\u003cli\u003ednsmasq: use canned –bogus-priv for no_private_reverse\u003c/li\u003e\n\u003cli\u003ednsmasq: separate log file, ACL and menu entries\u003c/li\u003e\n\u003cli\u003edynamic dns: fix update for IPv6 (contributed by Alexander Leisentritt)\u003c/li\u003e\n\u003cli\u003edynamic dns: remove usage of CURLAUTH_ANY (contributed by Alexander Leisentritt)\u003c/li\u003e\n\u003cli\u003eintrusion detection: suppress “fast mode available” boot warning in PCAP mode\u003c/li\u003e\n\u003cli\u003eopenvpn: plugin framework adaption\u003c/li\u003e\n\u003cli\u003eunbound: add local-zone type transparent for PTR zone (contributed by Davide Gerhard)\u003c/li\u003e\n\u003cli\u003eunbound: separate log file, ACL and menu entries\u003c/li\u003e\n\u003cli\u003ewizard: remove HTML from description strings\u003c/li\u003e\n\u003cli\u003emvc: group relation to something other than uuid if needed\u003c/li\u003e\n\u003cli\u003emvc: rework “item in” for our Volt templates\u003c/li\u003e\n\u003cli\u003elang: Czech to 100% translated (contributed by Pavel Borecki)\u003c/li\u003e\n\u003cli\u003eplugins: zabbix-agent 1.1 (contributed by Frank Wall)\u003c/li\u003e\n\u003cli\u003eplugins: haproxy 1.16 (contributed by Frank Wall)\u003c/li\u003e\n\u003cli\u003eplugins: acme-client 1.8 (contributed by Frank Wall)\u003c/li\u003e\n\u003cli\u003eplugins: tinc fix for switch mode (contributed by Johan Grip)\u003c/li\u003e\n\u003cli\u003eplugins: monit 1.3 (contributed by Frank Brendel)\u003c/li\u003e\n\u003cli\u003esrc: support dhclient supersede statement for option 54 (contributed by Fabian Kurtz)\u003c/li\u003e\n\u003cli\u003esrc: add Intel Atom Cherryview SOC HSUART support\u003c/li\u003e\n\u003cli\u003esrc: add the ID for the Huawei ME909S LTE modem\u003c/li\u003e\n\u003cli\u003esrc: HardenedBSD Stack Clash mitigations[1]\u003c/li\u003e\n\u003cli\u003eports: sqlite 3.19.3[2]\u003c/li\u003e\n\u003cli\u003eports: openvpn 2.4.3[3]\u003c/li\u003e\n\u003cli\u003eports: sudo 1.8.20p2[4]\u003c/li\u003e\n\u003cli\u003eports: dnsmasq 2.77[5]\u003c/li\u003e\n\u003cli\u003eports: openldap 2.4.45[6]\u003c/li\u003e\n\u003cli\u003eports: php 7.0.20[7]\u003c/li\u003e\n\u003cli\u003eports: suricata 3.2.2[8]\u003c/li\u003e\n\u003cli\u003eports: squid 3.5.26[9]\u003c/li\u003e\n\u003cli\u003eports: ca_root_nss 3.31\u003c/li\u003e\n\u003cli\u003eports: bind 9.11.1-P2[10]\u003c/li\u003e\n\u003cli\u003eports: unbound 1.6.3[11]\u003c/li\u003e\n\u003cli\u003eports: curl 7.54.1[12]\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2017-July/313519.html\" rel=\"nofollow\"\u003eThinkpad x230 - trying to get TrackPoint / Touchpad working in X\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://marc.info/?l=freebsd-commits-all\u0026m=149918307723723\u0026w=2\" rel=\"nofollow\"\u003eFreeBSD deprecates all r-cmds (rcp, rlogin, etc.)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://max.io/bash.html\" rel=\"nofollow\"\u003eBashfill - art for your terminal\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/go/commit/32002079083e533e11209824bd9e3a797169d1c4\" rel=\"nofollow\"\u003eGo 1.9 release notes: NetBSD support is broken, please help\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/altsrc-io/Jest\" rel=\"nofollow\"\u003eJest, A ReST api for creating and managing FreeBSD jails written in Go\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3ANETHW#wrap\" rel=\"nofollow\"\u003eJohn - zfs send/receive\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/11TV0BJ\" rel=\"nofollow\"\u003eCallum - laptops\u003c/a\u003e \u0026amp; \u003ca href=\"http://dpaste.com/3A14BQ6#wrap\" rel=\"nofollow\"\u003eAn update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0MM37NA#wrap\" rel=\"nofollow\"\u003eLars - Snapshot of VM datadisk\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0CDQ9EK#wrap\" rel=\"nofollow\"\u003eDaryl - Jail managers\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We look at an OpenBSD setup on a new laptop, revel in BSDCan trip reports, and visit daemons and friendly ninjas.","date_published":"2017-07-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9e615fd7-665a-44b7-af45-95315901cc96.mp3","mime_type":"audio/mpeg","size_in_bytes":55418836,"duration_in_seconds":4618}]},{"id":"afc8dee0-e9f1-42d9-9274-32788bd7b848","title":"201: Skip grep, use awk","url":"https://www.bsdnow.tv/201","content_text":"In which we interview a unicorn, FreeNAS 11.0 is out, show you how to run Nextcloud in a FreeBSD jail, and talk about the connection between oil changes and software patches.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeNAS 11.0 is Now Here\n\n\nThe FreeNAS blog informs us:\n\n\n\nAfter several FreeNAS Release Candidates, FreeNAS 11.0 was released today. This version brings new virtualization and object storage features to the World’s Most Popular Open Source Storage Operating System. FreeNAS 11.0 adds bhyve virtual machines to its popular SAN/NAS, jails, and plugins, letting you use host web-scale VMs on your FreeNAS box. It also gives users S3-compatible object storage services, which turns your FreeNAS box into an S3-compatible server, letting you avoid reliance on the cloud.\nFreeNAS 11.0 also introduces the beta version of a new administration GUI. The new GUI is based on the popular Angular framework and the FreeNAS team expects the GUI to be themeable and feature complete by 11.1. The new GUI follows the same flow as the existing GUI, but looks better. For now, the FreeNAS team has released it in beta form to get input from the FreeNAS community. The new GUI, as well as the classic GUI, are selectable from the login screen.\nAlso new in FreeNAS 11 is an Alert Service page which configures the system to send critical alerts from FreeNAS to other applications and services such as Slack, PagerDuty, AWS, Hipchat, InfluxDB, Mattermost, OpsGenie, and VictorOps. FreeNAS 11.0 has an improved Services menu that adds the ability to manage which services and applications are started at boot.\nThe FreeNAS community is large and vibrant. We invite you to join us on the FreeNAS forum and the #freenas IRC channel on Freenode. To download FreeNAS and sign-up for the FreeNAS Newsletter, visit freenas.org/download.\n\n\n\n\nBuilding an IPsec Gateway With OpenBSD\n\n\nPierre-Yves Ritschard wrote the following blog article:\n\n\n\nWith private networks just released on Exoscale, there are now more options to implement secure access to Exoscale cloud infrastructure. While we still recommend the bastion approach, as detailed in this article, there are applications or systems which do not lend themselves well to working this way.\nIn these cases, the next best thing is building IPsec gateways. IPsec is a protocol which works directly at layer 3. It uses its configuration to determine which network flows should be sent encrypted on the wire. Once IPsec is correctly configured, selected network flows are transparently encrypted and applications do not need to modify anything to benefit from secured traffic.\n\n\n\nIn addition to encryption, IPSec also authenticates the end points, so you can be sure you are exchanging packets with a trusted host\n\n\n\nFor the purposes of this article we will work under the following assumptions: We want a host to network setup, providing access to cloud-hosted infrastructure from a desktop environment.\nOnly stock tooling should be used on desktop environment, no additional VPN client should be needed.\nIn this case, to ensure no additional software is needed on the client, we will configure an L2TP/IPsec gateway. This article will use OpenBSD as the operating system to implement the gateway. While this choice may sound surprising, OpenBSD excels at building gateways of all sorts thanks to its simple configuration formats and inclusion of all necessary software and documentation to do so in the base system.\n\n\n\nThe tutorial assumes you have setup a local network between the hosts in the cloud, and walks through the configuration of an OpenBSD host as a IPsec gateway\n\n\n\nOn the OpenBSD host, all necessary software is already installed. We will configure the system, as well as pf, npppd, and ipsec\n\n\nConfigure L2TP\nConfigure IPsec\nConfigure NAT\nEnabled services: ipsec isakmpd npppd\n\n\n\n\nThe tutorial then walks through configuring a OS X client, but other desktops will be very similar\n***\n\n\nRunning Nextcloud in a jail on FreeBSD\n\n\nI recently setup Nextcloud 12 inside a FreeBSD jail in order to allow me access to files i might need while at University. I figured this would be a optimal solution for files that I might need access to unexpectedly, on computers where I am not in complete control. My Nextcloud instance is externally accessible, and yet if someone were to get inside my Jail, I could rest easy knowing they still didn’t have access to the rest of my host server. I chronicled the setup process including jail setup using iocage, https with Lets Encrypt, and full setup of the web stack.\nNextcloud has a variety of features such as calendar synchronization, email, collaborative editing, and even video conferencing. I haven’t had time to play with all these different offerings and have only utilized the file synchronization, but even if file sync is not needed, Nextcloud has many offerings that make it worth setting up.\n\n\n\nMariaDB, PHP 7.0, and Apache 2.4\n\n\n\nTo manage my jails I’m using iocage. In terms of jail managers it’s a fairly new player in the game of jail management and is being very actively developed. It just had a full rewrite in Python, and while the code in the background might be different, the actual user interface has stayed the same.\nIocage makes use of ZFS clones in order to create “base jails”, which allow for sharing of one set of system packages between multiple jails, reducing the amount of resources necessary. Alternatively, jails can be completely independent from each other; however, using a base jail makes it easier to update multiple jails as well.\n\n\npkg install iocage\nsysrc iocage_enable=YES\niocage fetch -r 11.0-RELEASE\niocage create tag=\"stratus\" jail_zfs=on vnet=off boot=on ip4_addr=\"sge0|172.20.0.100/32\" -r 11.0-RELEASE\niocage start stratus\niocage console stratus\n\n\nI have chosen to provide storage to the Nextcloud Jail by mounting a dataset over NFS on my host box. This means my server can focus on serving Nextcloud and my storage box can focus on housing the data. The Nextcloud Jail is not even aware of this since the NFS Mount is simply mounted by the host server into the jail. The other benefit of this is the Nextcloud jail doesn’t need to be able to see my storage server, nor the ability to mount the NFS share itself.\nUsing a separate server for storage isn’t necessary and if the storage for my Nextcloud server was being stored on the same server I would have created a ZFS dataset on the host and mounted it into the jail.\nNext I set up a dataset for the database and delegated it into the jail. Using a separate dataset allows me to specify certain properties that are better for a database, it also makes migration easier in case I ever need to move or backup the database.\nWith most of the requirements in place it was time to start setting up Nextcloud. The requirements for Nextcloud include your basic web stack of a web server, database, and PHP.\n\n\n\nAlso covers the setup of acme.sh for LetsEncrypt. This is now available as a package, and doesn’t need to be manually fetched\nInstall a few more packages, and do a bit of configuration, and you have a NextCloud server\n***\n\n\nHistorical: My first OpenBSD Hackathon\n\n\nThis is a blog post by our friend, and OpenBSD developer: Peter Hessler\n\n\n\nThis is a story about encouragement. Every time I use the word \"I\", you should think \"I as in me, not I as in the author\". \nIn 2003, I was invited to my first OpenBSD Hackathon. Way before I was into networking, I was porting software to my favourite OS. Specifically, I was porting games.\nOn the first night most of the hackathon attendees end up at the bar for food and beer, and I'm sitting next to Theo de Raadt, the founder of OpenBSD. At some point during the evening, he's telling me about all of these \"crazy\" ideas he has about randomizing libraries, and protections that can be done in ld.so. (ld.so is the part of the OS that loads the libraries your program needs. It's, uh, kinda important.) Theo is encouraging me to help implement some of these ideas! At some point I tell Theo \"I'm just a porter, I don't know C.\"\nTheo responds with \"It isn't hard, I'll have Dale (Rahn) show you how ld.so works, and you can do it.\" I was hoping that all of this would be forgotten by the next day, but sure enough Dale comes by. \"Hey, are you Peter? Theo wanted me to show you how ld.so works\" Dale spends an hour or two showing me how it works, the code structure, and how to recover in case of failure.\nAt first I had lots of failures. Then more failures. And even more failures. Once, I broke my machine so badly I had to reinstall it. I learned a lot about how an OS works during this. But, I eventually started doing changes without it breaking. And some even did what I wanted! By the end of the hackathon I had came up with a useful patch, that was committed as part of a larger change.\nI was a nobody. With some encouragement, enough liquid courage to override my imposter syndrome, and a few hours of mentoring, I'm now doing big projects. The next time you're sitting at a table with someone new to your field, ask yourself: how can you encourage them? You just might make the world better.\nThank you Dale. And thank you Theo.\n\n\n\nEveryone has to start somewhere.\nOne of the things that sets the BSDs apart from certain other open source operating systems, is the welcoming community, and the tradition of mentorship.\nSure, someone else in the OpenBSD project could have done the bits that Peter did, likely a lot more quickly, but then OpenBSD wouldn’t have gained a new committer.\nSo, if you are interested in working on one of the BSDs, reach out, and we’ll try to help you find a mentor.\nWhat part of the system do you want to work on?\n***\n\n\nInterview - Dan McDonald - allcoms@gmail.com (danboid)\n\n\n\nNews Roundup\n\nFreeBSD 11.1-RC1 Available\n\n\n11.1-RC1 Installation images are available for:\n\n\namd64, i386\npowerpc, powerpc64\nsparc64\narmv6 BANANAPI, BEAGLEBONE, CUBIEBOARD, CUBIEBOARD2, CUBOX-HUMMINGBOARD, GUMSTIX, RPI-B, RPI2, PANDABOARD, WANDBOARD\naarch64 (aka arm64), including the RPI3, Pine64, OverDrive 1000, and Cavium Server\n\nA summary of changes since BETA3 includes:\n\n\nSeveral build toolchain related fixes.\nA use-after-free in RPC client code has been corrected.\nThe ntpd(8) leap-seconds file has been updated.\nVarious VM subsystem fixes.\nThe '_' character is now allowed in newfs(8) labels.\nA potential sleep while holding a mutex has been corrected in the sa(4) driver.\nA memory leak in an ioctl handler has been fixed in the ses(4) driver.\n\nVirtual Machine Disk Images are available for the amd64 and i386 architectures.\nAmazon EC2 AMI Images of FreeBSD/amd64 EC2 AMIs are available\n\n\nThe freebsd-update(8) utility supports binary upgrades of amd64 and i386 systems running earlier FreeBSD releases.  Systems running earlier FreeBSD releases can upgrade as follows:\n\n\n\n\nfreebsd-update upgrade -r 11.1-RC1\n\n\n\nDuring this process, freebsd-update(8) may ask the user to help by merging some configuration files or by confirming that the automatically performed merging was done correctly.\n\n\n\nfreebsd-update install\n\n\n\nThe system must be rebooted with the newly installed kernel before continuing.\n\n\n\nshutdown -r now\n\n\n\nAfter rebooting, freebsd-update needs to be run again to install the new userland components:\n\n\n\nfreebsd-update install\n\n\n\nIt is recommended to rebuild and install all applications if possible, especially if upgrading from an earlier FreeBSD release, for example, FreeBSD 10.x.  Alternatively, the user can install misc/compat10x and other compatibility libraries, afterwards the system must be rebooted into the new userland:\n\n\n\nshutdown -r now\n\n\n\nFinally, after rebooting, freebsd-update needs to be run again to remove stale files:\n\n\n\nfreebsd-update install\n\n\n\n\nOil changes, safety recalls, and software patches\n\n\nEvery few months I get an email from my local mechanic reminding me that it's time to get my car's oil changed. I generally ignore these emails; it costs time and money to get this done (I'm sure I could do it myself, but the time it would cost is worth more than the money it would save) and I drive little enough — about 2000 km/year — that I'm not too worried about the consequences of going for a bit longer than nominally advised between oil changes. I do get oil changes done... but typically once every 8-12 months, rather than the recommended 4-6 months. From what I've seen, I don't think I'm alone in taking a somewhat lackadaisical approach to routine oil changes. \nOn the other hand, there's another type of notification which elicits more prompt attention: Safety recalls. There are two good reasons for this: First, whether for vehicles, food, or other products, the risk of ignoring a safety recall is not merely that the product will break, but rather that the product will be actively unsafe; and second, when there's a safety recall you don't have to pay for the replacement or fix — the cost is covered by the manufacturer. \nI started thinking about this distinction — and more specifically the difference in user behaviour — in the aftermath of the \"WannaCry\" malware. While WannaCry attracted widespread attention for its \"ransomware\" nature, the more concerning aspect of this incident is how it propagated: By exploiting a vulnerability in SMB for which Microsoft issued patches two months earlier. As someone who works in computer security, I find this horrifying — and I was particularly concerned when I heard that the NHS was postponing surgeries because they couldn't access patient records. Think about it: If the NHS couldn't access patient records due to WannaCry, it suggests WannaCry infiltrated systems used to access patient records — meaning that someone else exploiting the same vulnerabilities could have accessed those records. The SMB subsystem in Windows was not merely broken; until patches were applied, it was actively unsafe. \nI imagine that most people in my industry would agree that security patches should be treated in the same vein as safety recalls — unless you're certain that you're not affected, take care of them as a matter of urgency — but it seems that far more users instead treat security patches more like oil changes: something to be taken care of when convenient... or not at all, if not convenient. It's easy to say that such users are wrong; but as an industry it's time that we think about why they are wrong rather than merely blaming them for their problems. \nThere are a few factors which I think are major contributors to this problem. First, the number of updates: When critical patches occur frequently enough to become routine, alarm fatigue sets in and people cease to give the attention updates deserve, even if on a conscious level they still recognize the importance of applying updates.\n\n\n\nColin also talks about his time as the FreeBSD Security Officer, and the problems in ensuring the patches are correct and do not break the system when installed\nHe also points out the problem of systems like Windows Update, the combines optional updates, and things like its license checking tool, in the same interface that delivers important updates. Or my recent machines, that gets constant popups about how some security updates will not be delivered because my processor is too new.\n\n\n\nMy bank sends me special offers in the mail but phones if my credit card usage trips fraud alarms; this is the sort of distinction in intrusiveness we should see for different types of software updates\nFinally, I think there is a problem with the mental model most people have of computer security. Movies portray attackers as geniuses who can break into any system in minutes; journalists routinely warn people that \"nobody is safe\"; and insurance companies offer insurance against \"cyberattacks\" in much the same way as they offer insurance against tornados. Faced with this wall of misinformation, it's not surprising that people get confused between 400 pound hackers sitting on beds and actual advanced persistent threats. Yes, if the NSA wants to break into your computer, they can probably do it — but most attackers are not the NSA, just like most burglars are not Ethan Hunt. You lock your front door, not because you think it will protect you from the most determined thieves, but because it's an easy step which dramatically reduces your risk from opportunistic attack; but users don't see applying security updates as the equivalent of locking their front door when they leave home.\n\n\n\n\nSKIP grep, use AWK\n\n\nThis is a tip from Jonathan Palardy in a series of blog posts about awk. It is especially helpful for people who write a lot of shell scripts or are using a lot of pipes with awk and grep. \n\n\n\nOver the years, I’ve seen many people use this pattern (filter-map):\n\n$ [data is generated] | grep something | awk '{print $2}'\n\nbut it can be shortened to:\n\n$ [data is generated] | awk '/something/ {print $2}'\n\n\n\nAWK can take a regular expression (the part between the slashes) and matches that to the input. Anything that matches is being passed to the print $2 action (to print the second column). \n\n\n\nWhy would I do this?\n\nI can think of 4 reasons:\n*it’s shorter to type\n*it spawns one less process\n*awk uses modern (read “Perl”) regular expressions, by default – like grep -E\n*it’s ready to “augment” with more awk\n\n\n\nHow about matching the inverse (search for patterns that do NOT match)?\n\n\n\nBut “grep -v” is OK…\nMany people have pointed out that “grep -v” can be done more concisely with:\n\n$ [data is generated] | awk '! /something/'\n\n\n\nSee if you have such combinations of grep piped to awk and fix those in your shell scripts. It saves you one process and makes your scripts much more readable. Also, check out the other intro links on the blog if you are new to awk.\n***\n\n\nvim Adventures\n\n\nThis website, created by Doron Linder, will playfully teach you how to use vim.\nHit any key to get started and follow the instructions on the playing field by moving the cursor around.\nThere is also a menu in the bottom left corner to save your game.\nTry it out, increase your vim-fu, and learn how to use a powerful text editor more efficiently.\n***\n\n\nBeastie Bits\n\n\nSlides from PkgSrcCon\nOpenBSD’s doas adds systemd compat shim\nDeadlock Empire -- “Each challenge below is a computer program of two or more threads. You take the role of the Scheduler - and a cunning one! Your objective is to exploit flaws in the programs to make them crash or otherwise malfunction.”\nEuroBSDcon 2017 Travel Grant Application Now Open\nRegistration for vBSDCon is open  - Registration is only $100 if you register before July 31. Discount hotel rooms arranged at the Hyatt for only $100/night while supplies last.\nBSD Taiwan call for papers opens, closes July 31stWindows Application Versand\n***\n\n\nFeedback/Questions\n\n\nJoseph - Server Monitoring\nPaulo - Updating Jails\nKevin - openvpn server\nTodd - several questions\n***\n","content_html":"\u003cp\u003eIn which we interview a unicorn, FreeNAS 11.0 is out, show you how to run Nextcloud in a FreeBSD jail, and talk about the connection between oil changes and software patches.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freenas.org/blog/freenas-11-0/\" rel=\"nofollow\"\u003eFreeNAS 11.0 is Now Here\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeNAS blog informs us:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter several FreeNAS Release Candidates, FreeNAS 11.0 was released today. This version brings new virtualization and object storage features to the World’s Most Popular Open Source Storage Operating System. FreeNAS 11.0 adds bhyve virtual machines to its popular SAN/NAS, jails, and plugins, letting you use host web-scale VMs on your FreeNAS box. It also gives users S3-compatible object storage services, which turns your FreeNAS box into an S3-compatible server, letting you avoid reliance on the cloud.\u003cbr\u003e\nFreeNAS 11.0 also introduces the beta version of a new administration GUI. The new GUI is based on the popular Angular framework and the FreeNAS team expects the GUI to be themeable and feature complete by 11.1. The new GUI follows the same flow as the existing GUI, but looks better. For now, the FreeNAS team has released it in beta form to get input from the FreeNAS community. The new GUI, as well as the classic GUI, are selectable from the login screen.\u003cbr\u003e\nAlso new in FreeNAS 11 is an Alert Service page which configures the system to send critical alerts from FreeNAS to other applications and services such as Slack, PagerDuty, AWS, Hipchat, InfluxDB, Mattermost, OpsGenie, and VictorOps. FreeNAS 11.0 has an improved Services menu that adds the ability to manage which services and applications are started at boot.\u003cbr\u003e\nThe FreeNAS community is large and vibrant. We invite you to join us on the \u003ca href=\"https://forums.freenas.org/index.php\" rel=\"nofollow\"\u003eFreeNAS forum\u003c/a\u003e and the #freenas IRC channel on Freenode. To download FreeNAS and sign-up for the FreeNAS Newsletter, visit \u003ca href=\"http://www.freenas.org/download/\" rel=\"nofollow\"\u003efreenas.org/download\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.exoscale.ch/syslog/2017/06/26/building-an-ipsec-gateway-with-openbsd/\" rel=\"nofollow\"\u003eBuilding an IPsec Gateway With OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePierre-Yves Ritschard wrote the following blog article:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith private networks just released on Exoscale, there are now more options to implement secure access to Exoscale cloud infrastructure. While we still recommend the bastion approach, as detailed in \u003ca href=\"https://www.exoscale.ch/syslog/2016/01/15/secure-your-cloud-computing-architecture-with-a-bastion/\" rel=\"nofollow\"\u003ethis article\u003c/a\u003e, there are applications or systems which do not lend themselves well to working this way.\u003cbr\u003e\nIn these cases, the next best thing is building IPsec gateways. IPsec is a protocol which works directly at layer 3. It uses its configuration to determine which network flows should be sent encrypted on the wire. Once IPsec is correctly configured, selected network flows are transparently encrypted and applications do not need to modify anything to benefit from secured traffic.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn addition to encryption, IPSec also authenticates the end points, so you can be sure you are exchanging packets with a trusted host\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor the purposes of this article we will work under the following assumptions: We want a host to network setup, providing access to cloud-hosted infrastructure from a desktop environment.\u003cbr\u003e\nOnly stock tooling should be used on desktop environment, no additional VPN client should be needed.\u003cbr\u003e\nIn this case, to ensure no additional software is needed on the client, we will configure an L2TP/IPsec gateway. This article will use OpenBSD as the operating system to implement the gateway. While this choice may sound surprising, OpenBSD excels at building gateways of all sorts thanks to its simple configuration formats and inclusion of all necessary software and documentation to do so in the base system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe tutorial assumes you have setup a local network between the hosts in the cloud, and walks through the configuration of an OpenBSD host as a IPsec gateway\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn the OpenBSD host, all necessary software is already installed. We will configure the system, as well as pf, npppd, and ipsec\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eConfigure L2TP\u003c/li\u003e\n\u003cli\u003eConfigure IPsec\u003c/li\u003e\n\u003cli\u003eConfigure NAT\u003c/li\u003e\n\u003cli\u003eEnabled services: ipsec isakmpd npppd\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe tutorial then walks through configuring a OS X client, but other desktops will be very similar\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ramsdenj.com/2017/06/05/nextcloud-in-a-jail-on-freebsd.html\" rel=\"nofollow\"\u003eRunning Nextcloud in a jail on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recently setup Nextcloud 12 inside a FreeBSD jail in order to allow me access to files i might need while at University. I figured this would be a optimal solution for files that I might need access to unexpectedly, on computers where I am not in complete control. My Nextcloud instance is externally accessible, and yet if someone were to get inside my Jail, I could rest easy knowing they still didn’t have access to the rest of my host server. I chronicled the setup process including jail setup using iocage, https with Lets Encrypt, and full setup of the web stack.\u003cbr\u003e\nNextcloud has a variety of features such as calendar synchronization, email, collaborative editing, and even video conferencing. I haven’t had time to play with all these different offerings and have only utilized the file synchronization, but even if file sync is not needed, Nextcloud has many offerings that make it worth setting up.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMariaDB, PHP 7.0, and Apache 2.4\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo manage my jails I’m using iocage. In terms of jail managers it’s a fairly new player in the game of jail management and is being very actively developed. It just had a full rewrite in Python, and while the code in the background might be different, the actual user interface has stayed the same.\u003cbr\u003e\nIocage makes use of ZFS clones in order to create “base jails”, which allow for sharing of one set of system packages between multiple jails, reducing the amount of resources necessary. Alternatively, jails can be completely independent from each other; however, using a base jail makes it easier to update multiple jails as well.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003epkg install iocage\u003c/li\u003e\n\u003cli\u003esysrc iocage_enable=YES\u003c/li\u003e\n\u003cli\u003eiocage fetch -r 11.0-RELEASE\u003c/li\u003e\n\u003cli\u003eiocage create tag=\u0026quot;stratus\u0026quot; jail_zfs=on vnet=off boot=on ip4_addr=\u0026quot;sge0|172.20.0.100/32\u0026quot; -r 11.0-RELEASE\u003c/li\u003e\n\u003cli\u003eiocage start stratus\u003c/li\u003e\n\u003cli\u003eiocage console stratus\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eI have chosen to provide storage to the Nextcloud Jail by mounting a dataset over NFS on my host box. This means my server can focus on serving Nextcloud and my storage box can focus on housing the data. The Nextcloud Jail is not even aware of this since the NFS Mount is simply mounted by the host server into the jail. The other benefit of this is the Nextcloud jail doesn’t need to be able to see my storage server, nor the ability to mount the NFS share itself.\u003cbr\u003e\nUsing a separate server for storage isn’t necessary and if the storage for my Nextcloud server was being stored on the same server I would have created a ZFS dataset on the host and mounted it into the jail.\u003cbr\u003e\nNext I set up a dataset for the database and delegated it into the jail. Using a separate dataset allows me to specify certain properties that are better for a database, it also makes migration easier in case I ever need to move or backup the database.\u003cbr\u003e\nWith most of the requirements in place it was time to start setting up Nextcloud. The requirements for Nextcloud include your basic web stack of a web server, database, and PHP.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlso covers the setup of acme.sh for LetsEncrypt. This is now available as a package, and doesn’t need to be manually fetched\u003c/li\u003e\n\u003cli\u003eInstall a few more packages, and do a bit of configuration, and you have a NextCloud server\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bad.network/historical-my-first-openbsd-hackathon.html\" rel=\"nofollow\"\u003eHistorical: My first OpenBSD Hackathon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a blog post by our friend, and OpenBSD developer: Peter Hessler\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a story about encouragement. Every time I use the word \u0026quot;I\u0026quot;, you should think \u0026quot;I as in me, not I as in the author\u0026quot;. \u003cbr\u003e\nIn 2003, I was invited to my first OpenBSD Hackathon. Way before I was into networking, I was porting software to my favourite OS. Specifically, I was porting games.\u003cbr\u003e\nOn the first night most of the hackathon attendees end up at the bar for food and beer, and I\u0026#39;m sitting next to Theo de Raadt, the founder of OpenBSD. At some point during the evening, he\u0026#39;s telling me about all of these \u0026quot;crazy\u0026quot; ideas he has about randomizing libraries, and protections that can be done in ld.so. (ld.so is the part of the OS that loads the libraries your program needs. It\u0026#39;s, uh, kinda important.) Theo is encouraging me to help implement some of these ideas! At some point I tell Theo \u0026quot;I\u0026#39;m just a porter, I don\u0026#39;t know C.\u0026quot;\u003cbr\u003e\nTheo responds with \u0026quot;It isn\u0026#39;t hard, I\u0026#39;ll have Dale (Rahn) show you how ld.so works, and you can do it.\u0026quot; I was hoping that all of this would be forgotten by the next day, but sure enough Dale comes by. \u0026quot;Hey, are you Peter? Theo wanted me to show you how ld.so works\u0026quot; Dale spends an hour or two showing me how it works, the code structure, and how to recover in case of failure.\u003cbr\u003e\nAt first I had lots of failures. Then more failures. And even more failures. Once, I broke my machine so badly I had to reinstall it. I learned a lot about how an OS works during this. But, I eventually started doing changes without it breaking. And some even did what I wanted! By the end of the hackathon I had came up with a useful patch, that was committed as part of a larger change.\u003cbr\u003e\nI was a nobody. With some encouragement, enough liquid courage to override my imposter syndrome, and a few hours of mentoring, I\u0026#39;m now doing big projects. The next time you\u0026#39;re sitting at a table with someone new to your field, ask yourself: how can you encourage them? You just might make the world better.\u003cbr\u003e\nThank you Dale. And thank you Theo.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEveryone has to start somewhere.\u003c/li\u003e\n\u003cli\u003eOne of the things that sets the BSDs apart from certain other open source operating systems, is the welcoming community, and the tradition of mentorship.\u003c/li\u003e\n\u003cli\u003eSure, someone else in the OpenBSD project could have done the bits that Peter did, likely a lot more quickly, but then OpenBSD wouldn’t have gained a new committer.\u003c/li\u003e\n\u003cli\u003eSo, if you are interested in working on one of the BSDs, reach out, and we’ll try to help you find a mentor.\u003c/li\u003e\n\u003cli\u003eWhat part of the system do you want to work on?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch4\u003eInterview - Dan McDonald - \u003ca href=\"mailto:allcoms@gmail.com\" rel=\"nofollow\"\u003eallcoms@gmail.com\u003c/a\u003e (danboid)\u003c/h4\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2017-July/087340.html\" rel=\"nofollow\"\u003eFreeBSD 11.1-RC1 Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e11.1-RC1 Installation images are available for:\n\n\u003cul\u003e\n\u003cli\u003eamd64, i386\u003c/li\u003e\n\u003cli\u003epowerpc, powerpc64\u003c/li\u003e\n\u003cli\u003esparc64\u003c/li\u003e\n\u003cli\u003earmv6 BANANAPI, BEAGLEBONE, CUBIEBOARD, CUBIEBOARD2, CUBOX-HUMMINGBOARD, GUMSTIX, RPI-B, RPI2, PANDABOARD, WANDBOARD\u003c/li\u003e\n\u003cli\u003eaarch64 (aka arm64), including the RPI3, Pine64, OverDrive 1000, and Cavium Server\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eA summary of changes since BETA3 includes:\n\n\u003cul\u003e\n\u003cli\u003eSeveral build toolchain related fixes.\u003c/li\u003e\n\u003cli\u003eA use-after-free in RPC client code has been corrected.\u003c/li\u003e\n\u003cli\u003eThe ntpd(8) leap-seconds file has been updated.\u003c/li\u003e\n\u003cli\u003eVarious VM subsystem fixes.\u003c/li\u003e\n\u003cli\u003eThe \u0026#39;_\u0026#39; character is now allowed in newfs(8) labels.\u003c/li\u003e\n\u003cli\u003eA potential sleep while holding a mutex has been corrected in the sa(4) driver.\u003c/li\u003e\n\u003cli\u003eA memory leak in an ioctl handler has been fixed in the ses(4) driver.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eVirtual Machine Disk Images are available for the amd64 and i386 architectures.\u003c/li\u003e\n\u003cli\u003eAmazon EC2 AMI Images of FreeBSD/amd64 EC2 AMIs are available\n\n\u003cul\u003e\n\u003cli\u003eThe freebsd-update(8) utility supports binary upgrades of amd64 and i386 systems running earlier FreeBSD releases.  Systems running earlier FreeBSD releases can upgrade as follows:\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003efreebsd-update upgrade -r 11.1-RC1\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDuring this process, freebsd-update(8) may ask the user to help by merging some configuration files or by confirming that the automatically performed merging was done correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003efreebsd-update install\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe system must be rebooted with the newly installed kernel before continuing.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eshutdown -r now\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter rebooting, freebsd-update needs to be run again to install the new userland components:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003efreebsd-update install\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt is recommended to rebuild and install all applications if possible, especially if upgrading from an earlier FreeBSD release, for example, FreeBSD 10.x.  Alternatively, the user can install misc/compat10x and other compatibility libraries, afterwards the system must be rebooted into the new userland:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eshutdown -r now\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFinally, after rebooting, freebsd-update needs to be run again to remove stale files:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003efreebsd-update install\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2017-06-14-oil-changes-safety-recalls-software-patches.html\" rel=\"nofollow\"\u003eOil changes, safety recalls, and software patches\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEvery few months I get an email from my local mechanic reminding me that it\u0026#39;s time to get my car\u0026#39;s oil changed. I generally ignore these emails; it costs time and money to get this done (I\u0026#39;m sure I could do it myself, but the time it would cost is worth more than the money it would save) and I drive little enough — about 2000 km/year — that I\u0026#39;m not too worried about the consequences of going for a bit longer than nominally advised between oil changes. I do get oil changes done... but typically once every 8-12 months, rather than the recommended 4-6 months. From what I\u0026#39;ve seen, I don\u0026#39;t think I\u0026#39;m alone in taking a somewhat lackadaisical approach to routine oil changes. \u003cbr\u003e\nOn the other hand, there\u0026#39;s another type of notification which elicits more prompt attention: Safety recalls. There are two good reasons for this: First, whether for vehicles, food, or other products, the risk of ignoring a safety recall is not merely that the product will break, but rather that the product will be actively unsafe; and second, when there\u0026#39;s a safety recall you don\u0026#39;t have to pay for the replacement or fix — the cost is covered by the manufacturer. \u003cbr\u003e\nI started thinking about this distinction — and more specifically the difference in user behaviour — in the aftermath of the \u0026quot;WannaCry\u0026quot; malware. While WannaCry attracted widespread attention for its \u0026quot;ransomware\u0026quot; nature, the more concerning aspect of this incident is how it propagated: By exploiting a vulnerability in SMB for which Microsoft issued patches two months earlier. As someone who works in computer security, I find this horrifying — and I was particularly concerned when I heard that the NHS was postponing surgeries because they couldn\u0026#39;t access patient records. Think about it: If the NHS couldn\u0026#39;t access patient records due to WannaCry, it suggests WannaCry infiltrated systems used to access patient records — meaning that someone else exploiting the same vulnerabilities could have accessed those records. The SMB subsystem in Windows was not merely broken; until patches were applied, it was actively unsafe. \u003cbr\u003e\nI imagine that most people in my industry would agree that security patches should be treated in the same vein as safety recalls — unless you\u0026#39;re certain that you\u0026#39;re not affected, take care of them as a matter of urgency — but it seems that far more users instead treat security patches more like oil changes: something to be taken care of when convenient... or not at all, if not convenient. It\u0026#39;s easy to say that such users are wrong; but as an industry it\u0026#39;s time that we think about why they are wrong rather than merely blaming them for their problems. \u003cbr\u003e\nThere are a few factors which I think are major contributors to this problem. First, the number of updates: When critical patches occur frequently enough to become routine, alarm fatigue sets in and people cease to give the attention updates deserve, even if on a conscious level they still recognize the importance of applying updates.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin also talks about his time as the FreeBSD Security Officer, and the problems in ensuring the patches are correct and do not break the system when installed\u003c/li\u003e\n\u003cli\u003eHe also points out the problem of systems like Windows Update, the combines optional updates, and things like its license checking tool, in the same interface that delivers important updates. Or my recent machines, that gets constant popups about how some security updates will not be delivered because my processor is too new.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMy bank sends me special offers in the mail but phones if my credit card usage trips fraud alarms; this is the sort of distinction in intrusiveness we should see for different types of software updates\u003cbr\u003e\nFinally, I think there is a problem with the mental model most people have of computer security. Movies portray attackers as geniuses who can break into any system in minutes; journalists routinely warn people that \u0026quot;nobody is safe\u0026quot;; and insurance companies offer insurance against \u0026quot;cyberattacks\u0026quot; in much the same way as they offer insurance against tornados. Faced with this wall of misinformation, it\u0026#39;s not surprising that people get confused between 400 pound hackers sitting on beds and actual advanced persistent threats. Yes, if the NSA wants to break into your computer, they can probably do it — but most attackers are not the NSA, just like most burglars are not Ethan Hunt. You lock your front door, not because you think it will protect you from the most determined thieves, but because it\u0026#39;s an easy step which dramatically reduces your risk from opportunistic attack; but users don\u0026#39;t see applying security updates as the equivalent of locking their front door when they leave home.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.jpalardy.com/posts/skip-grep-use-awk/\" rel=\"nofollow\"\u003eSKIP grep, use AWK\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a tip from Jonathan Palardy in a series of blog posts about awk. It is especially helpful for people who write a lot of shell scripts or are using a lot of pipes with awk and grep. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the years, I’ve seen many people use this pattern (filter-map):\u003c/p\u003e\n\n\u003cp\u003e$ [data is generated] | grep something | awk \u0026#39;{print $2}\u0026#39;\u003c/p\u003e\n\n\u003cp\u003ebut it can be shortened to:\u003c/p\u003e\n\n\u003cp\u003e$ [data is generated] | awk \u0026#39;/something/ {print $2}\u0026#39;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAWK can take a regular expression (the part between the slashes) and matches that to the input. Anything that matches is being passed to the print $2 action (to print the second column). \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhy would I do this?\u003c/p\u003e\n\n\u003cp\u003eI can think of 4 reasons:\u003cbr\u003e\n*it’s shorter to type\u003cbr\u003e\n*it spawns one less process\u003cbr\u003e\n*awk uses modern (read “Perl”) regular expressions, by default – like grep -E\u003cbr\u003e\n*it’s ready to “augment” with more awk\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow about matching the inverse (search for patterns that do NOT match)?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut “grep -v” is OK…\u003cbr\u003e\nMany people have pointed out that “grep -v” can be done more concisely with:\u003c/p\u003e\n\n\u003cp\u003e$ [data is generated] | awk \u0026#39;! /something/\u0026#39;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSee if you have such combinations of grep piped to awk and fix those in your shell scripts. It saves you one process and makes your scripts much more readable. Also, check out the other intro links on the blog if you are new to awk.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vim-adventures.com\" rel=\"nofollow\"\u003evim Adventures\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis website, created by Doron Linder, will playfully teach you how to use vim.\u003c/li\u003e\n\u003cli\u003eHit any key to get started and follow the instructions on the playing field by moving the cursor around.\u003c/li\u003e\n\u003cli\u003eThere is also a menu in the bottom left corner to save your game.\u003c/li\u003e\n\u003cli\u003eTry it out, increase your vim-fu, and learn how to use a powerful text editor more efficiently.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pkgsrc.org/pkgsrcCon/2017/talks.html\" rel=\"nofollow\"\u003eSlides from PkgSrcCon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=149902196520920\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD’s doas adds systemd compat shim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://deadlockempire.github.io/\" rel=\"nofollow\"\u003eDeadlock Empire -- “Each challenge below is a computer program of two or more threads. You take the role of the Scheduler - and a cunning one! Your objective is to exploit flaws in the programs to make them crash or otherwise malfunction.”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/eurobsdcon-2017-travel-grant-application-now-open/\" rel=\"nofollow\"\u003eEuroBSDcon 2017 Travel Grant Application Now Open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.vbsdcon.com/\" rel=\"nofollow\"\u003eRegistration for vBSDCon is open \u003c/a\u003e - Registration is only $100 if you register before July 31. Discount hotel rooms arranged at the Hyatt for only $100/night while supplies last.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdtw.org/\" rel=\"nofollow\"\u003eBSD Taiwan call for papers opens, closes July 31st\u003c/a\u003eWindows Application Versand\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2AM6C2H#wrap\" rel=\"nofollow\"\u003eJoseph - Server Monitoring\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1Z4FBE2#wrap\" rel=\"nofollow\"\u003ePaulo - Updating Jails\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2MNM9GJ#wrap\" rel=\"nofollow\"\u003eKevin - openvpn server\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/17BVBJ3#wrap\" rel=\"nofollow\"\u003eTodd - several questions\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"In which we interview a unicorn, FreeNAS 11.0 is out, show you how to run Nextcloud in a FreeBSD jail, and talk about the connection between oil changes and software patches.","date_published":"2017-07-05T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/afc8dee0-e9f1-42d9-9274-32788bd7b848.mp3","mime_type":"audio/mpeg","size_in_bytes":85876228,"duration_in_seconds":8587}]},{"id":"8c580651-dcfa-454a-801a-f074597cf4a0","title":"200: Getting Scrubbed to Death","url":"https://www.bsdnow.tv/200","content_text":"The NetBSD 8.0 release process is underway, we try to measure the weight of an electron, and look at stack clashing.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nNetBSD 8.0 release process underway\n\n\nSoren Jacobsen writes on NetBSD-announce:\n\n\n\nIf you've been reading source-changes@, you likely noticed the recent creation of the netbsd-8 branch.  If you haven't been reading source-changes@, here's some news: the netbsd-8 branch has been created, signaling the beginning of the release process for NetBSD 8.0.\nWe don't have a strict timeline for the 8.0 release, but things are looking pretty good at the moment, and we expect this release to happen in a shorter amount of time than the last couple major releases did.\nAt this point, we would love for folks to test out netbsd-8 and let us know how it goes.  A couple of major improvements since 7.0 are the addition of USB 3 support and an overhaul of the audio subsystem, including an in-kernel mixer.  Feedback about these areas is particularly desired.\nTo download the latest binaries built from the netbsd-8 branch, head to\n[http://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/(]http://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/)\nThanks in advance for helping make NetBSD 8.0 a stellar release!\n\n\n\n\nOpenIndiana Hipster 2017.04 is here\n\n\nDesktop software and libraries\n\n\nXorg was updated to 1.18.4, xorg libraries and drivers were updated.\nMate was updated to 1.16\nIntel video driver was updated, the list of supported hardware has significantly extended\nlibsmb was updated to 4.4.6\ngvfs was updated to 1.26.0\ngtk3 was updated to 3.18.9\nMajor text editors were updated (we ship vim 8.0.104, joe 4.4, emacs 25.2, nano 2.7.5\npulseaudio was updated to 10.0\nfirefox was updated to 45.9.0\nthunderbird was updated to 45.8.0\ncritical issue in enlightenment was fixed, now it's operational again\nprivoxy was updated to 3.0.26\nMesa was updated to 13.0.6\nNvidia driver was updated to 340.102\n\nDevelopment tools and libraries\n\n\nGCC 6 was added. Patches necessary to compile illumos-gate with GCC 6 were added (note, compiling illumos-gate with version other than illumos-gcc-4.4.4 is not supported)\nGCC 7.1 added to Hipster\nBison was updated to 3.0.4\nGroovy 2.4 was added\nRuby 1.9 was removed, Ruby 2.3 is the default Ruby now\nPerl 5.16 was removed. 64-bit Perl 5.24 is shipped.\n64-bit OpenJDK 8 is the default OpenJDK version now.\nMercurial was updated to 4.1.3\nGit was updated to 2.12.2\nccache was updated to 3.3.3\nQT 5.8.0 was added\nValgrind was updated to 3.12.0\n\nServer software\n\n\nPostgreSQL 9.6 was added, PostgreSQL 9.3-9.5 were updated to latest minor versions\nMongoDB 3.4 was added\nMariaDB 10.1 was added\nNodeJS 7 was added\nPercona Server 5.5/5.6/5.7 and MariaDB 5.5 were updated to latest minor versions\nOpenVPN was updated to 2.4.1\nISC Bind was updated to 9.10.4-P8\nSquid was updated to 3.5.25\nNginx was updated to 1.12.0\nApache 2.4 was updated to 2.4.25. Apache 2.4 is the default Apache server now. Apache 2.2 will be removed before the next snapshot.\nISC ntpd was updated to 4.2.8p10\nOpenSSH was updated to 7.4p1 \nSamba was updated to 4.4.12\nTcpdump was updated to 4.9.0\nSnort was updated to 2.9.9.0\nPuppet was updated to 3.8.6\n\nA lot of other bug fixes and minor software updates included.\n***\n\n\nPKGSRC at The University of Wisconsin–Milwaukee\n\n\nThis piece is from the University of Wisconsin, Milwaukee\n\n\n\nWhy Use Package Managers?\nWhy Pkgsrc?\n\nPortability\nFlexibility\nModernity\nQuality and Security\nCollaboration\nConvenience\nGrowth\n\nBinary Packages for Research Computing\nThe University of Wisconsin — Milwaukee provides binary pkgsrc packages for selected operating systems as a service to the research computing community.\nUnlike most package repositories, which have a fixed prefix and frequently upgraded packages, these packages are available for multiple prefixes and remain unchanged for a given prefix.  Additional packages may be added and existing packages may be patched to fix bugs or security issues, but the software versions will not be changed.  This allows researchers to keep older software in-place indefinitely for long-term studies while deploying newer software in later snapshots.\nContributing to Pkgsrc\nBuilding Your Own Binary Packages\n\n\n\nCheck out the full article and consider using pkgsrc for your own research purposes. \nPKGSrc Con is this weekend!\n***\n\n\nMeasuring the weight of an electron\n\n\nAn interesting story of the struggles of one person, aided only by their pet Canary, porting Electron to OpenBSD.\n\n\n\nThis is a long rant. A rant intended to document lunacy, hopefully aid others in the future and make myself feel better about something I think is crazy. It may seem like I am making an enemy of electron, but keep in mind that isn’t my intention! The enemy here, is complexity! My friend Henry, a canary, is coming along for the ride!\n\n\n\nGetting the tools\n\n\n\nAt first glance Electron seems like a pretty solid app, it has decent docs, it’s consolidated in a single repository, has a lot of visibility, porting it shouldn’t be a big deal, right?\n\n\n\nAfter cloning the repo, trouble starts:\n\n\n\nReading through the doc, right off the bat there are a few interesting things: At least 25GB disk space. Huh, OK, some how this ~47M repository is going to blow up to 25G?\nContinuing along with the build, I know I have two versions of clang installed on OpenBSD, one from ports and one in base. Hopefully I will be able to tell the build to use one of these versions.\n\n\n\nNext, it’s time to tell the bootstrap that OpenBSD exists as a platform. After that is fixed, the build-script runs.\nEven though cloning another git repo fails, the build happily continues.\n\n\n\nWait. Another repository failed to clone? At least this time the build failed after trying to clone boto.. again. I am guessing it tried twice because something might have changed between now and the last clone? Off in the distance we catch a familiar tune, it almost sounds like Gnarls Barkley’s song Crazy, can’t tell for sure.\nAs it turns out, if you are using git-fsck, you are unable to clone boto and requests. Obviously the proper fix for his is to not care about the validity of the git objects! So we die a little inside and comment out fsckobjects in our ~/.gitconfig.\n\n\n\nNext up, chromium-58 is downloaded…\n\n\n\nOut of curiosity we look at vendor/libchromiumcontent/script/update, it seems its purpose is to download / extract chromium clang and node, good thing we already specified --clang_dir or it might try to build clang again!\n544 dots and 45 minutes later, we have an error! The chromium-58.0.3029.110.tar.xz file is mysteriously not there anymore.. Interesting. Wut. “Updating Clang…”. Didn’t I explicitly say not to build clang? At this point we have to shift projects, no longer are we working on Electron.. It’s libchromiumcontent that needs our attention.\n\n\n\nFixing sub-tools\n\n\n\nAhh, our old friends the dots! This is the second time waiting 45+ minutes for a 500+ MB file to download. We are fairly confident it will fail, delete the file out from under itself and hinder the process even further, so we add an explicit exit to the update script. This way we can copy the file somewhere safe!\n\n\n\nAnother 45 minute chrome build and saving the downloaded executable to a save space seems in order. Fixing another 50 occurrences of error conditions let’s the build continue - to another clang build.\n\n\n\nWe remove the call to update_clang, because.. well.. we have two copies of it already and the Electron doc said everything would be fine if we had \u0026gt;= clang 3.4!\n\n\n\nMore re-builds and updates of clang and chromium are being commented out, just to get somewhere close to the actual electron build.\nFixing sub-sub-tools\nNinja needs to be build and the script for that needs to be told to ignore this “unsupported OS” to continue.\n\n\n\nNo luck. At this point we are faced with a complex web of python scripts that execute gn on GN files to produce ninja files… which then build the various components and somewhere in that cluster, something doesn’t know about OpenBSD…\nI look at Henry, he is looking a photo of his wife and kids. They are sitting on a telephone wire, the morning sun illuminating their beautiful faces. Henry looks back at me and says “It’s    not worth it.” We slam the laptop shut and go outside.\n\n\n\n\nInterview - Dan McDonald - allcoms@gmail.com (danboid)\n\n\n\nNews Roundup\n\ng4u 2.6 (ghosting for unix) released 18th birthday\n\n\nHubert Feyrer writes in his mail to netbsd-users:\n\n\n\nAfter a five-year period for beta-testing and updating, I have finally released g4u 2.6. With its origins in 1999, I'd like to say: Happy 18th Birthday, g4u!\n\n\n\nAbout g4u:\n\n\n\ng4u (\"ghosting for unix\") is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning of PC harddisks to deploy a common setup on a number of PCs using FTP. The floppy/CD offers two functions. The first is to upload the compressed image of a local harddisk to a FTP server, the other is to restore that image via FTP, uncompress it and write it back to disk. Network configuration is fetched via DHCP. As the harddisk is processed as an image, any filesystem and operating system can be deployed using g4u. Easy cloning of local disks as well as partitions is also supported.\n\n\n\nThe past:\n\n\n\nWhen I started g4u, I had the task to install a number of lab machines with a dual-boot of Windows NT and NetBSD. The hype was about Microsoft's \"Zero Administration Kit\" (ZAK) then, but that did barely work for the Windows part - file transfers were slow, depended on the clients' hardware a lot (requiring fiddling with MS DOS network driver disks), and on the ZAK server the files for installing happened do disappear for no good reason every now and then. Not working well, and leaving out NetBSD (and everything else), I created g4u. This gave me the (relative) pain of getting things working once, but with the option to easily add network drivers as they appeared in NetBSD (and oh they did!), plus allowed me to install any operating system.\n\n\n\nThe present:\n\n\n\nWe've used g4u successfully in our labs then, booting from CDROM. I also got many donations from public and private institutions plus companies from many sectors, indicating that g4u does make a difference.\n\nIn the meantime, the world has changed, and CDROMs aren't used that much any more. Network boot and USB sticks are today's devices of choice, cloning of a full disk without knowing its structure has both advantages but also disadvantages, and g4u's user interface is still command-line based with not much space for automation. For storage, FTP servers are nice and fast, but alternatives like SSH/SFTP, NFS, iSCSI and SMB for remote storage plus local storage (back to fun with filesystems, anyone? avoiding this was why g4u was created in the first place!) should be considered these days. Further aspects include integrity (checksums), confidentiality (encryption). This leaves a number of open points to address either by future releases, or by other products.\n\n\n\nThe future:\n\n\n\nAt this point, my time budget for g4u is very limited. I welcome people to contribute to g4u - g4u is Open Source for a reason. Feel free to get back to me for any changes that you want to contribute!\n\n\n\nThe changes:\n\n\n\nMajor changes in g4u 2.6 include:\n\n\n\nMake this build with NetBSD-current sources as of 2017-04-17 (shortly before netbsd-8 release branch), binaries were cross-compiled from Mac OS X 10.10\nMany new drivers, bugfixes and improvements from NetBSD-current (see beta1 and beta2 announcements)\nGo back to keeping the disk image inside the kernel as ramdisk, do not load it as separate module. Less error prone, and allows to boot the g4u (NetBSD) kernel from a single file e.g. via PXE (Testing and documentation updates welcome!)\nActually DO provide the g4u (NetBSD) kernel with the embedded g4u disk image from now on, as separate file, g4u-kernel.gz\nIn addition to MD5, add SHA512 checksums\n\n\nCongratulation, g4u. Check out the g4u website and support the project if you are using it.\n***\n\n\n\nFixing FreeBSD Networking on Digital Ocean\n\n\nMost cloud/VPS providers use some form of semi-automated address assignment, rather than just regular static address configuration, so that newly created virtual machines can configure themselves.\nSometimes, especially during the upgrade process, this can break. This is the story of one such user:\n\n\n\nI decided it was time to update my FreeBSD Digital Ocean droplet from the end-of-life version 10.1 (shame on me) to the modern version 10.3 (good until April 2018), and maybe even version 11 (good until 2021). There were no sensitive files on the VM, so I had put it off.\nAdditionally, cloud providers tend to have shoddy support for BSDs, so breakages after messing with the kernel or init system are rampant, and I had been skirting that risk.\nThe last straw for me was a broken pkg: /usr/local/lib/libpkg.so.3: Undefined symbol \"openat\"\n\n\n\nSo the user fires up freebsd-update and upgrades to FreeBSD 10.3\n\n\n\nI rebooted, and of course, it happened: no ssh access after 30 seconds, 1 minute, 2 minutes…I logged into my Digital Ocean account and saw green status lights for the instance, but something was definitely wrong.\nFortunately, Digital Ocean provides console access (albeit slow, buggy, and crashes my browser every time I run ping). ifconfig revealed that the interfaces vtnet0 (public) and vtnet1 (private) haven’t been configured with IP addresses.\nCombing through files in /etc/rc.*, I found a file called /etc/rc.digitalocean.d/${DROPLET_ID}.conf containing static network settings for this droplet (${DROPLET_ID} was something like 1234567).\nIt seemed that FreeBSD wasn’t picking up the Digital Ocean network settings config file. The quick and dirty way would have been to messily append the contents of this file to /etc/rc.conf, but I wanted a nicer way. Reading the script in /etc/rc.d/digitalocean told me that /etc/rc.digitalocean.d/${DROPLET_ID}.conf was supposed to have a symlink at /etc/rc.digitalocean.d/droplet.conf. It was broken and pointed to /etc/rc.digitalocean.d/.conf, which could happen when the curl command in /etc/rc.d/digitalocean fails\n\n\n\nMaybe the curl binary was also in need for an upgrade so failed to fetch the droplet ID\n\n\n\nUsing grep to fish for files containing droplet.conf, I discovered that it was hacked into the init system via load_rc_config() in /etc/rc.subr\n\n\n\nI would prefer if Digital Ocean had not customized the version of FreeBSD they ship quite so much\nI could fix that symlink and restart the services:\n\n\n\nset DROPLET_ID=$(curl -s http://169.254.169.254/metadata/v1/id)\n\nln -s -f /etc/rc.digitalocean.d/${DROPLET_ID}.conf /etc/rc.digitalocean.d/droplet.conf\n\n/etc/rc.d/netif restart\n\n/etc/rc.d/routing restart\n\nNetworking was working again, and I could then ssh into my server and run the following to finish the upgrade:\n\nfreebsd-update install\n\nAt this point, I decided that I didn’t want to deal with this mess again until at least 2021, so I decided to go for 11.0-RELEASE\n\nfreebsd-update -r 11.0-RELEASE update\n\nfreebsd-update install\n\nreboot\n\nfreebsd-update install\n\npkg-static install -f pkg\n\npkg update\n\npkg upgrade\n\nuname -a\n\nFreeBSD hostname 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9\n\npkg -v\n\n1.10.1\nThe problem was solved correctly, and my /etc/rc.conf remains free of generated cruft.\nThe Digital Ocean team can make our lives easier by having their init scripts do more thorough system checking, e.g., catching broken symlinks and bad network addresses. I’m hopeful that collaboration of the FreeBSD team and cloud providers will one day result in automatic fixing of these situations, or at least a correct status indicator.\n\n\n\nThe Digital Ocean team didn’t really know many FreeBSD people when they made the first 10.1 images, they have improved a lot, but they of course could always use more feedback from BSD users\n**\n\n\nStack Clash\n\n\nA 12-year-old question: \"If the heap grows up, and the stack grows down, what happens when they clash? Is it exploitable? How?\nIn 2005, Gael Delalleau presented \"Large memory management vulnerabilities\" and the first stack-clash exploit in user-space (against mod_php 4.3.0 on Apache 2.0.53)\nIn 2010, Rafal Wojtczuk published \"Exploiting large memory management vulnerabilities in Xorg server running on Linux\", the second stack-clash exploit in user-space (CVE-2010-2240)\nSince 2010, security researchers have exploited several stack-clashes in the kernel-space, In user-space, however, this problem has been greatly underestimated; the only public exploits are Gael Delalleau's and Rafal Wojtczuk's, and they were written before Linux introduced a protection against stack-clashes (a \"guard-page\" mapped below the stack)\nIn this advisory, we show that stack-clashes are widespread in user-space, and exploitable despite the stack guard-page; we discovered multiple vulnerabilities in guard-page implementations, and devised general methods for:\n\"Clashing\" the stack with another memory region: we allocate memory until the stack reaches another memory region, or until another memory region reaches the stack;\n\"Jumping\" over the stack guard-page: we move the stack-pointer from the stack and into the other memory region, without accessing the stack guard-page;\n\"Smashing\" the stack, or the other memory region: we overwrite the stack with the other memory region, or the other memory region with the stack.\n\n\n\nSo this advisory itself, is not a security vulnerability. It is novel research showing ways to work around the mitigations against generic vulnerability types that are implemented on various operating systems.\nWhile this issue with the mitigation feature has been fixed, even without the fix, successful exploitation requires another application with its own vulnerability in order to be exploited. Those vulnerabilities outside of the OS need to be fixed on their own.\nFreeBSD-Security post\n\n\n\nThe issue under discussion is a limitation in a vulnerability mitigation technique. Changes to improve the way FreeBSD manages stack growth, and mitigate the issue demonstrated by Qualys' proof-of-concept code, are in progress by FreeBSD developers knowledgeable in the VM subsystem.\n\n\n\nFreeBSD address space guards\nHardenedBSD Proof of Concept for FreeBSD\nHardenedBSD implementation: https://github.com/HardenedBSD/hardenedBSD/compare/de8124d3bf83d774b66f62d11aee0162d0cd1031...91104ed152d57cde0292b2dc09489fd1f69ea77c \u0026amp; https://github.com/HardenedBSD/hardenedBSD/commit/00ad1fb6b53f63d6e9ba539b8f251b5cf4d40261\nQualys PoC: freebsd_cve-2017-fgpu.c\nQualys PoC: freebsd_cve-2017-fgpe.c\nQualys PoC: freebsd_cve-2017-1085.c\nQualys PoC: OpenBSD\nQualys PoC: NetBSD\n***\n\n\nWill ZFS and non-ECC RAM kill your data? \n\n\nTL;DR: ECC is good, but even without, having ZFS is better than not having ZFS.\n\n\n\nWhat’s ECC RAM? Is it a good idea?\nWhat’s ZFS? Is it a good idea?\nIs ZFS and non-ECC worse than not-ZFS and non-ECC?\nWhat about the Scrub of Death?\n\n\n\nThe article walks through ZFS folk lore, and talks about what can really go wrong, and what is just the over-active imagination of people on the FreeNAS forums\n\n\n\nBut would using any other filesystem that isn’t ZFS have protected that data? ‘Cause remember, nobody’s arguing that you can lose data to evil RAM – the argument is about whether evil RAM is more dangerous with ZFS than it would be without it.\nI really, really want to use the Scrub Of Death in a movie or TV show. How can I make it happen?\nI don’t care about your logic! I wish to appeal to authority!\nOK. “Authority” in this case doesn’t get much better than Matthew Ahrens, one of the cofounders of ZFS at Sun Microsystems and current ZFS developer at Delphix. In the comments to one of my filesystem articles on Ars Technica, Matthew said “There’s nothing special about ZFS that requires/encourages the use of ECC RAM more so than any other filesystem.”\n\n\n\n\nBeastie Bits\n\n\nEuroBSDcon 2017 Travel Grant Application Now Open\nFreeBSD 11.1-BETA3 is out, please give it a test\nAllan and Lacey let us know the video to the Postgresql/ZFS talk is online\nTrapsleds\nBSD User group in North Rhine-Westphalia, Germany\n***\n\n\nFeedback/Questions\n\n\nJoe - Home Server Suggestions\nStephen - general BSD\nEduardo - ZFS Encryption\nJoseph - BGP Kernel Error\n***\n","content_html":"\u003cp\u003eThe NetBSD 8.0 release process is underway, we try to measure the weight of an electron, and look at stack clashing.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-announce/2017/06/06/msg000267.html\" rel=\"nofollow\"\u003eNetBSD 8.0 release process underway\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSoren Jacobsen writes on NetBSD-announce:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you\u0026#39;ve been reading source-changes@, you likely noticed the recent creation of the netbsd-8 branch.  If you haven\u0026#39;t been reading source-changes@, here\u0026#39;s some news: the netbsd-8 branch has been created, signaling the beginning of the release process for NetBSD 8.0.\u003cbr\u003e\nWe don\u0026#39;t have a strict timeline for the 8.0 release, but things are looking pretty good at the moment, and we expect this release to happen in a shorter amount of time than the last couple major releases did.\u003cbr\u003e\nAt this point, we would love for folks to test out netbsd-8 and let us know how it goes.  A couple of major improvements since 7.0 are the addition of USB 3 support and an overhaul of the audio subsystem, including an in-kernel mixer.  Feedback about these areas is particularly desired.\u003cbr\u003e\nTo download the latest binaries built from the netbsd-8 branch, head to\u003cbr\u003e\n[\u003ca href=\"http://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/(%5Dhttp://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/)\" rel=\"nofollow\"\u003ehttp://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/(]http://daily-builds.NetBSD.org/pub/NetBSD-daily/netbsd-8/)\u003c/a\u003e\u003cbr\u003e\nThanks in advance for helping make NetBSD 8.0 a stellar release!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openindiana.org/2017/05/03/openindiana-hipster-2017-04-is-here/\" rel=\"nofollow\"\u003eOpenIndiana Hipster 2017.04 is here\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDesktop software and libraries\n\n\u003cul\u003e\n\u003cli\u003eXorg was updated to 1.18.4, xorg libraries and drivers were updated.\u003c/li\u003e\n\u003cli\u003eMate was updated to 1.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.openindiana.org/oi/Intel+KMS+driver\" rel=\"nofollow\"\u003eIntel video driver was updated, the list of supported hardware has significantly extended\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elibsmb was updated to 4.4.6\u003c/li\u003e\n\u003cli\u003egvfs was updated to 1.26.0\u003c/li\u003e\n\u003cli\u003egtk3 was updated to 3.18.9\u003c/li\u003e\n\u003cli\u003eMajor text editors were updated (we ship vim 8.0.104, joe 4.4, emacs 25.2, nano 2.7.5\u003c/li\u003e\n\u003cli\u003epulseaudio was updated to 10.0\u003c/li\u003e\n\u003cli\u003efirefox was updated to 45.9.0\u003c/li\u003e\n\u003cli\u003ethunderbird was updated to 45.8.0\u003c/li\u003e\n\u003cli\u003ecritical issue in enlightenment was fixed, now it\u0026#39;s operational again\u003c/li\u003e\n\u003cli\u003eprivoxy was updated to 3.0.26\u003c/li\u003e\n\u003cli\u003eMesa was updated to 13.0.6\u003c/li\u003e\n\u003cli\u003eNvidia driver was updated to 340.102\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDevelopment tools and libraries\n\n\u003cul\u003e\n\u003cli\u003eGCC 6 was added. Patches necessary to compile illumos-gate with GCC 6 were added (note, compiling illumos-gate with version other than illumos-gcc-4.4.4 is not supported)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openindiana.org/2017/05/05/gcc-7-1-added-the-hipster-and-rolling-forward/\" rel=\"nofollow\"\u003eGCC 7.1 added to Hipster\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBison was updated to 3.0.4\u003c/li\u003e\n\u003cli\u003eGroovy 2.4 was added\u003c/li\u003e\n\u003cli\u003eRuby 1.9 was removed, Ruby 2.3 is the default Ruby now\u003c/li\u003e\n\u003cli\u003ePerl 5.16 was removed. 64-bit Perl 5.24 is shipped.\u003c/li\u003e\n\u003cli\u003e64-bit OpenJDK 8 is the default OpenJDK version now.\u003c/li\u003e\n\u003cli\u003eMercurial was updated to 4.1.3\u003c/li\u003e\n\u003cli\u003eGit was updated to 2.12.2\u003c/li\u003e\n\u003cli\u003eccache was updated to 3.3.3\u003c/li\u003e\n\u003cli\u003eQT 5.8.0 was added\u003c/li\u003e\n\u003cli\u003eValgrind was updated to 3.12.0\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eServer software\n\n\u003cul\u003e\n\u003cli\u003ePostgreSQL 9.6 was added, PostgreSQL 9.3-9.5 were updated to latest minor versions\u003c/li\u003e\n\u003cli\u003eMongoDB 3.4 was added\u003c/li\u003e\n\u003cli\u003eMariaDB 10.1 was added\u003c/li\u003e\n\u003cli\u003eNodeJS 7 was added\u003c/li\u003e\n\u003cli\u003ePercona Server 5.5/5.6/5.7 and MariaDB 5.5 were updated to latest minor versions\u003c/li\u003e\n\u003cli\u003eOpenVPN was updated to 2.4.1\u003c/li\u003e\n\u003cli\u003eISC Bind was updated to 9.10.4-P8\u003c/li\u003e\n\u003cli\u003eSquid was updated to 3.5.25\u003c/li\u003e\n\u003cli\u003eNginx was updated to 1.12.0\u003c/li\u003e\n\u003cli\u003eApache 2.4 was updated to 2.4.25. Apache 2.4 is the default Apache server now. Apache 2.2 will be removed before the next snapshot.\u003c/li\u003e\n\u003cli\u003eISC ntpd was updated to 4.2.8p10\u003c/li\u003e\n\u003cli\u003eOpenSSH was updated to 7.4p1 \u003c/li\u003e\n\u003cli\u003eSamba was updated to 4.4.12\u003c/li\u003e\n\u003cli\u003eTcpdump was updated to 4.9.0\u003c/li\u003e\n\u003cli\u003eSnort was updated to 2.9.9.0\u003c/li\u003e\n\u003cli\u003ePuppet was updated to 3.8.6\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eA lot of other bug fixes and minor software updates included.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://uwm.edu/hpc/software-management/\" rel=\"nofollow\"\u003ePKGSRC at The University of Wisconsin–Milwaukee\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis piece is from the University of Wisconsin, Milwaukee\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhy Use Package Managers?\u003cbr\u003e\nWhy Pkgsrc?\u003c/p\u003e\n\n\u003cp\u003ePortability\u003cbr\u003e\nFlexibility\u003cbr\u003e\nModernity\u003cbr\u003e\nQuality and Security\u003cbr\u003e\nCollaboration\u003cbr\u003e\nConvenience\u003cbr\u003e\nGrowth\u003c/p\u003e\n\n\u003cp\u003eBinary Packages for Research Computing\u003cbr\u003e\nThe University of Wisconsin — Milwaukee provides binary pkgsrc packages for selected operating systems as a service to the research computing community.\u003cbr\u003e\nUnlike most package repositories, which have a fixed prefix and frequently upgraded packages, these packages are available for multiple prefixes and remain unchanged for a given prefix.  Additional packages may be added and existing packages may be patched to fix bugs or security issues, but the software versions will not be changed.  This allows researchers to keep older software in-place indefinitely for long-term studies while deploying newer software in later snapshots.\u003cbr\u003e\nContributing to Pkgsrc\u003cbr\u003e\nBuilding Your Own Binary Packages\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the full article and consider using pkgsrc for your own research purposes. \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.pkgsrc.org/pkgsrcCon/2017/\" rel=\"nofollow\"\u003ePKGSrc Con is this weekend!\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://deftly.net/posts/2017-06-01-measuring-the-weight-of-an-electron.html\" rel=\"nofollow\"\u003eMeasuring the weight of an electron\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting story of the struggles of one person, aided only by their pet Canary, porting Electron to OpenBSD.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a long rant. A rant intended to document lunacy, hopefully aid others in the future and make myself feel better about something I think is crazy. It may seem like I am making an enemy of electron, but keep in mind that isn’t my intention! The enemy here, is complexity! My friend Henry, a canary, is coming along for the ride!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGetting the tools\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt first glance Electron seems like a pretty solid app, it has decent docs, it’s consolidated in a single repository, has a lot of visibility, porting it shouldn’t be a big deal, right?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter cloning the repo, trouble starts:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eReading through the doc, right off the bat there are a few interesting things: At least 25GB disk space. Huh, OK, some how this ~47M repository is going to blow up to 25G?\u003cbr\u003e\nContinuing along with the build, I know I have two versions of clang installed on OpenBSD, one from ports and one in base. Hopefully I will be able to tell the build to use one of these versions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eNext, it’s time to tell the bootstrap that OpenBSD exists as a platform. After that is fixed, the build-script runs.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eEven though cloning another git repo fails, the build happily continues.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWait. Another repository failed to clone? At least this time the build failed after trying to clone boto.. again. I am guessing it tried twice because something might have changed between now and the last clone? Off in the distance we catch a familiar tune, it almost sounds like Gnarls Barkley’s song Crazy, can’t tell for sure.\u003cbr\u003e\nAs it turns out, if you are using git-fsck, you are unable to clone boto and requests. Obviously the proper fix for his is to not care about the validity of the git objects! So we die a little inside and comment out fsckobjects in our ~/.gitconfig.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext up, chromium-58 is downloaded…\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOut of curiosity we look at vendor/libchromiumcontent/script/update, it seems its purpose is to download / extract chromium clang and node, good thing we already specified --clang_dir or it might try to build clang again!\u003cbr\u003e\n544 dots and 45 minutes later, we have an error! The chromium-58.0.3029.110.tar.xz file is mysteriously not there anymore.. Interesting. Wut. “Updating Clang…”. Didn’t I explicitly say not to build clang? At this point we have to shift projects, no longer are we working on Electron.. It’s libchromiumcontent that needs our attention.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFixing sub-tools\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAhh, our old friends the dots! This is the second time waiting 45+ minutes for a 500+ MB file to download. We are fairly confident it will fail, delete the file out from under itself and hinder the process even further, so we add an explicit exit to the update script. This way we can copy the file somewhere safe!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother 45 minute chrome build and saving the downloaded executable to a save space seems in order. Fixing another 50 occurrences of error conditions let’s the build continue - to another clang build.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe remove the call to update_clang, because.. well.. we have two copies of it already and the Electron doc said everything would be fine if we had \u0026gt;= clang 3.4!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eMore re-builds and updates of clang and chromium are being commented out, just to get somewhere close to the actual electron build.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFixing sub-sub-tools\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNinja needs to be build and the script for that needs to be told to ignore this “unsupported OS” to continue.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNo luck. At this point we are faced with a complex web of python scripts that execute gn on GN files to produce ninja files… which then build the various components and somewhere in that cluster, something doesn’t know about OpenBSD…\u003cbr\u003e\nI look at Henry, he is looking a photo of his wife and kids. They are sitting on a telephone wire, the morning sun illuminating their beautiful faces. Henry looks back at me and says “It’s    not worth it.” We slam the laptop shut and go outside.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Dan McDonald - \u003ca href=\"mailto:allcoms@gmail.com\" rel=\"nofollow\"\u003eallcoms@gmail.com\u003c/a\u003e (danboid)\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-users/2017/06/08/msg019625.html\" rel=\"nofollow\"\u003eg4u 2.6 (ghosting for unix) released 18th birthday\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHubert Feyrer writes in his mail to netbsd-users:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter a five-year period for beta-testing and updating, I have finally released g4u 2.6. With its origins in 1999, I\u0026#39;d like to say: Happy 18th Birthday, g4u!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAbout g4u:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eg4u (\u0026quot;ghosting for unix\u0026quot;) is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning of PC harddisks to deploy a common setup on a number of PCs using FTP. The floppy/CD offers two functions. The first is to upload the compressed image of a local harddisk to a FTP server, the other is to restore that image via FTP, uncompress it and write it back to disk. Network configuration is fetched via DHCP. As the harddisk is processed as an image, any filesystem and operating system can be deployed using g4u. Easy cloning of local disks as well as partitions is also supported.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe past:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen I started g4u, I had the task to install a number of lab machines with a dual-boot of Windows NT and NetBSD. The hype was about Microsoft\u0026#39;s \u0026quot;Zero Administration Kit\u0026quot; (ZAK) then, but that did barely work for the Windows part - file transfers were slow, depended on the clients\u0026#39; hardware a lot (requiring fiddling with MS DOS network driver disks), and on the ZAK server the files for installing happened do disappear for no good reason every now and then. Not working well, and leaving out NetBSD (and everything else), I created g4u. This gave me the (relative) pain of getting things working once, but with the option to easily add network drivers as they appeared in NetBSD (and oh they did!), plus allowed me to install any operating system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe present:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe\u0026#39;ve used g4u successfully in our labs then, booting from CDROM. I also got many donations from public and private institutions plus companies from many sectors, indicating that g4u does make a difference.\u003c/p\u003e\n\n\u003cp\u003eIn the meantime, the world has changed, and CDROMs aren\u0026#39;t used that much any more. Network boot and USB sticks are today\u0026#39;s devices of choice, cloning of a full disk without knowing its structure has both advantages but also disadvantages, and g4u\u0026#39;s user interface is still command-line based with not much space for automation. For storage, FTP servers are nice and fast, but alternatives like SSH/SFTP, NFS, iSCSI and SMB for remote storage plus local storage (back to fun with filesystems, anyone? avoiding this was why g4u was created in the first place!) should be considered these days. Further aspects include integrity (checksums), confidentiality (encryption). This leaves a number of open points to address either by future releases, or by other products.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe future:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt this point, my time budget for g4u is very limited. I welcome people to contribute to g4u - g4u is Open Source for a reason. Feel free to get back to me for any changes that you want to contribute!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe changes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMajor changes in g4u 2.6 include:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMake this build with NetBSD-current sources as of 2017-04-17 (shortly before netbsd-8 release branch), binaries were cross-compiled from Mac OS X 10.10\u003c/li\u003e\n\u003cli\u003eMany new drivers, bugfixes and improvements from NetBSD-current (see beta1 and beta2 announcements)\u003c/li\u003e\n\u003cli\u003eGo back to keeping the disk image inside the kernel as ramdisk, do not load it as separate module. Less error prone, and allows to boot the g4u (NetBSD) kernel from a single file e.g. via PXE (Testing and documentation updates welcome!)\u003c/li\u003e\n\u003cli\u003eActually DO provide the g4u (NetBSD) kernel with the embedded g4u disk image from now on, as separate file, g4u-kernel.gz\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIn addition to MD5, add SHA512 checksums\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCongratulation, g4u. Check out the \u003ca href=\"http://fehu.org/%7Efeyrer/g4u/\" rel=\"nofollow\"\u003eg4u website\u003c/a\u003e and support the project if you are using it.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wycd.net/posts/2017-05-19-fixing-freebsd-networking-on-digital-ocean.html\" rel=\"nofollow\"\u003eFixing FreeBSD Networking on Digital Ocean\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMost cloud/VPS providers use some form of semi-automated address assignment, rather than just regular static address configuration, so that newly created virtual machines can configure themselves.\u003c/li\u003e\n\u003cli\u003eSometimes, especially during the upgrade process, this can break. This is the story of one such user:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI decided it was time to update my FreeBSD Digital Ocean droplet from the end-of-life version 10.1 (shame on me) to the modern version 10.3 (good until April 2018), and maybe even version 11 (good until 2021). There were no sensitive files on the VM, so I had put it off.\u003cbr\u003e\nAdditionally, cloud providers tend to have shoddy support for BSDs, so breakages after messing with the kernel or init system are rampant, and I had been skirting that risk.\u003cbr\u003e\nThe last straw for me was a broken pkg: /usr/local/lib/libpkg.so.3: Undefined symbol \u0026quot;openat\u0026quot;\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo the user fires up freebsd-update and upgrades to FreeBSD 10.3\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI rebooted, and of course, it happened: no ssh access after 30 seconds, 1 minute, 2 minutes…I logged into my Digital Ocean account and saw green status lights for the instance, but something was definitely wrong.\u003cbr\u003e\nFortunately, Digital Ocean provides console access (albeit slow, buggy, and crashes my browser every time I run ping). ifconfig revealed that the interfaces vtnet0 (public) and vtnet1 (private) haven’t been configured with IP addresses.\u003cbr\u003e\nCombing through files in /etc/rc.*, I found a file called /etc/rc.digitalocean.d/${DROPLET_ID}.conf containing static network settings for this droplet (${DROPLET_ID} was something like 1234567).\u003cbr\u003e\nIt seemed that FreeBSD wasn’t picking up the Digital Ocean network settings config file. The quick and dirty way would have been to messily append the contents of this file to /etc/rc.conf, but I wanted a nicer way. Reading the script in /etc/rc.d/digitalocean told me that /etc/rc.digitalocean.d/${DROPLET_ID}.conf was supposed to have a symlink at /etc/rc.digitalocean.d/droplet.conf. It was broken and pointed to /etc/rc.digitalocean.d/.conf, which could happen when the curl command in /etc/rc.d/digitalocean fails\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMaybe the curl binary was also in need for an upgrade so failed to fetch the droplet ID\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUsing grep to fish for files containing droplet.conf, I discovered that it was hacked into the init system via load_rc_config() in /etc/rc.subr\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eI would prefer if Digital Ocean had not customized the version of FreeBSD they ship quite so much\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eI could fix that symlink and restart the services:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003ch1\u003eset DROPLET_ID=$(curl -s \u003ca href=\"http://169.254.169.254/metadata/v1/id\" rel=\"nofollow\"\u003ehttp://169.254.169.254/metadata/v1/id\u003c/a\u003e)\u003c/h1\u003e\n\n\u003ch1\u003eln -s -f /etc/rc.digitalocean.d/${DROPLET_ID}.conf /etc/rc.digitalocean.d/droplet.conf\u003c/h1\u003e\n\n\u003ch1\u003e/etc/rc.d/netif restart\u003c/h1\u003e\n\n\u003ch1\u003e/etc/rc.d/routing restart\u003c/h1\u003e\n\n\u003cp\u003eNetworking was working again, and I could then ssh into my server and run the following to finish the upgrade:\u003c/p\u003e\n\n\u003ch1\u003efreebsd-update install\u003c/h1\u003e\n\n\u003cp\u003eAt this point, I decided that I didn’t want to deal with this mess again until at least 2021, so I decided to go for 11.0-RELEASE\u003c/p\u003e\n\n\u003ch1\u003efreebsd-update -r 11.0-RELEASE update\u003c/h1\u003e\n\n\u003ch1\u003efreebsd-update install\u003c/h1\u003e\n\n\u003ch1\u003ereboot\u003c/h1\u003e\n\n\u003ch1\u003efreebsd-update install\u003c/h1\u003e\n\n\u003ch1\u003epkg-static install -f pkg\u003c/h1\u003e\n\n\u003ch1\u003epkg update\u003c/h1\u003e\n\n\u003ch1\u003epkg upgrade\u003c/h1\u003e\n\n\u003ch1\u003euname -a\u003c/h1\u003e\n\n\u003cp\u003eFreeBSD hostname 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9\u003c/p\u003e\n\n\u003ch1\u003epkg -v\u003c/h1\u003e\n\n\u003cp\u003e1.10.1\u003cbr\u003e\nThe problem was solved correctly, and my /etc/rc.conf remains free of generated cruft.\u003cbr\u003e\nThe Digital Ocean team can make our lives easier by having their init scripts do more thorough system checking, e.g., catching broken symlinks and bad network addresses. I’m hopeful that collaboration of the FreeBSD team and cloud providers will one day result in automatic fixing of these situations, or at least a correct status indicator.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Digital Ocean team didn’t really know many FreeBSD people when they made the first 10.1 images, they have improved a lot, but they of course could always use more feedback from \u003cem\u003eBSD users\n*\u003c/em\u003e*\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\" rel=\"nofollow\"\u003eStack Clash\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA 12-year-old question: \u0026quot;If the heap grows up, and the stack grows down, what happens when they clash? Is it exploitable? How?\u003cbr\u003e\n\u003ca href=\"http://cansecwest.com/core05/memory_vulns_delalleau.pdf\" rel=\"nofollow\"\u003eIn 2005, Gael Delalleau presented \u0026quot;Large memory management vulnerabilities\u0026quot; and the first stack-clash exploit in user-space (against mod_php 4.3.0 on Apache 2.0.53)\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf\" rel=\"nofollow\"\u003eIn 2010, Rafal Wojtczuk published \u0026quot;Exploiting large memory management vulnerabilities in Xorg server running on Linux\u0026quot;, the second stack-clash exploit in user-space (CVE-2010-2240)\u003c/a\u003e\u003cbr\u003e\nSince 2010, security researchers have exploited several stack-clashes in the kernel-space, In user-space, however, this problem has been greatly underestimated; the only public exploits are Gael Delalleau\u0026#39;s and Rafal Wojtczuk\u0026#39;s, and \u003ca href=\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2240\" rel=\"nofollow\"\u003ethey were written before Linux introduced a protection against stack-clashes (a \u0026quot;guard-page\u0026quot; mapped below the stack)\u003c/a\u003e\u003cbr\u003e\nIn this advisory, we show that stack-clashes are widespread in user-space, and exploitable despite the stack guard-page; we discovered multiple vulnerabilities in guard-page implementations, and devised general methods for:\u003cbr\u003e\n\u0026quot;Clashing\u0026quot; the stack with another memory region: we allocate memory until the stack reaches another memory region, or until another memory region reaches the stack;\u003cbr\u003e\n\u0026quot;Jumping\u0026quot; over the stack guard-page: we move the stack-pointer from the stack and into the other memory region, without accessing the stack guard-page;\u003cbr\u003e\n\u0026quot;Smashing\u0026quot; the stack, or the other memory region: we overwrite the stack with the other memory region, or the other memory region with the stack.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo this advisory itself, is not a security vulnerability. It is novel research showing ways to work around the mitigations against generic vulnerability types that are implemented on various operating systems.\u003c/li\u003e\n\u003cli\u003eWhile this issue with the mitigation feature has been fixed, even without the fix, successful exploitation requires another application with its own vulnerability in order to be exploited. Those vulnerabilities outside of the OS need to be fixed on their own.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security/2017-June/009335.html\" rel=\"nofollow\"\u003eFreeBSD-Security post\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe issue under discussion is a limitation in a vulnerability mitigation technique. Changes to improve the way FreeBSD manages stack growth, and mitigate the issue demonstrated by Qualys\u0026#39; proof-of-concept code, are in progress by FreeBSD developers knowledgeable in the VM subsystem.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=320317\" rel=\"nofollow\"\u003eFreeBSD address space guards\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lattera/exploits/blob/master/FreeBSD/StackClash/001-stackclash.c\" rel=\"nofollow\"\u003eHardenedBSD Proof of Concept for FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHardenedBSD implementation: \u003ca href=\"https://github.com/HardenedBSD/hardenedBSD/compare/de8124d3bf83d774b66f62d11aee0162d0cd1031...91104ed152d57cde0292b2dc09489fd1f69ea77c\" rel=\"nofollow\"\u003ehttps://github.com/HardenedBSD/hardenedBSD/compare/de8124d3bf83d774b66f62d11aee0162d0cd1031...91104ed152d57cde0292b2dc09489fd1f69ea77c\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/HardenedBSD/hardenedBSD/commit/00ad1fb6b53f63d6e9ba539b8f251b5cf4d40261\" rel=\"nofollow\"\u003ehttps://github.com/HardenedBSD/hardenedBSD/commit/00ad1fb6b53f63d6e9ba539b8f251b5cf4d40261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.qualys.com/2017/06/19/stack-clash/freebsd_cve-2017-fgpu.c\" rel=\"nofollow\"\u003eQualys PoC: freebsd_cve-2017-fgpu.c\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.qualys.com/2017/06/19/stack-clash/freebsd_cve-2017-fgpe.c\" rel=\"nofollow\"\u003eQualys PoC: freebsd_cve-2017-fgpe.c\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.qualys.com/2017/06/19/stack-clash/freebsd_cve-2017-1085.c\" rel=\"nofollow\"\u003eQualys PoC: freebsd_cve-2017-1085.c\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.qualys.com/2017/06/19/stack-clash/openbsd_at.c\" rel=\"nofollow\"\u003eQualys PoC: OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.qualys.com/2017/06/19/stack-clash/netbsd_cve-2017-1000375.c\" rel=\"nofollow\"\u003eQualys PoC: NetBSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://jrs-s.net/2015/02/03/will-zfs-and-non-ecc-ram-kill-your-data/\" rel=\"nofollow\"\u003eWill ZFS and non-ECC RAM kill your data? \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTL;DR: ECC is good, but even without, having ZFS is better than not having ZFS.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat’s ECC RAM? Is it a good idea?\u003cbr\u003e\nWhat’s ZFS? Is it a good idea?\u003cbr\u003e\nIs ZFS and non-ECC worse than not-ZFS and non-ECC?\u003cbr\u003e\nWhat about the Scrub of Death?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article walks through ZFS folk lore, and talks about what can really go wrong, and what is just the over-active imagination of people on the FreeNAS forums\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut would using any other filesystem that isn’t ZFS have protected that data? ‘Cause remember, nobody’s arguing that you can lose data to evil RAM – the argument is about whether evil RAM is more dangerous with ZFS than it would be without it.\u003cbr\u003e\nI really, really want to use the Scrub Of Death in a movie or TV show. How can I make it happen?\u003cbr\u003e\nI don’t care about your logic! I wish to appeal to authority!\u003cbr\u003e\nOK. “Authority” in this case doesn’t get much better than Matthew Ahrens, one of the cofounders of ZFS at Sun Microsystems and current ZFS developer at Delphix. In the comments to one of my filesystem articles on Ars Technica, Matthew said “There’s nothing special about ZFS that requires/encourages the use of ECC RAM more so than any other filesystem.”\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/eurobsdcon-2017-travel-grant-application-now-open/\" rel=\"nofollow\"\u003eEuroBSDcon 2017 Travel Grant Application Now Open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2017-June/087303.html\" rel=\"nofollow\"\u003eFreeBSD 11.1-BETA3 is out, please give it a test\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1FE80FJ\" rel=\"nofollow\"\u003eAllan and Lacey let us know the video to the Postgresql/ZFS talk is online\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=149792179514439\u0026w=2\" rel=\"nofollow\"\u003eTrapsleds\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsd.nrw/\" rel=\"nofollow\"\u003eBSD User group in North Rhine-Westphalia, Germany\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2Z5BJCR#wrap\" rel=\"nofollow\"\u003eJoe - Home Server Suggestions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1VRQYAM#wrap\" rel=\"nofollow\"\u003eStephen - general BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2TWADQ8#wrap\" rel=\"nofollow\"\u003eEduardo - ZFS Encryption\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0SC0GAC#wrap\" rel=\"nofollow\"\u003eJoseph - BGP Kernel Error\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The NetBSD 8.0 release process is underway, we try to measure the weight of an electron, and look at stack clashing.","date_published":"2017-06-28T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8c580651-dcfa-454a-801a-f074597cf4a0.mp3","mime_type":"audio/mpeg","size_in_bytes":68369620,"duration_in_seconds":5697}]},{"id":"09be4191-2b92-4ab8-b530-f934ac4697f3","title":"199: Read the source, KARL","url":"https://www.bsdnow.tv/199","content_text":"FreeBSD 11.1-Beta1 is out, we discuss Kernel address randomized link (KARL), and explore the benefits of daily OpenBSD source code reading\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 11.1-Beta1 now available\n\n\nGlen Barber, of the FreeBSD release engineering team has announced that FreeBSD 11.1-Beta1 is now available for the following architectures:\n\n\n\n11.1-BETA1 amd64 GENERIC\n11.1-BETA1 i386 GENERIC\n11.1-BETA1 powerpc GENERIC\n11.1-BETA1 powerpc64 GENERIC64\n11.1-BETA1 sparc64 GENERIC\n11.1-BETA1 armv6 BANANAPI\n11.1-BETA1 armv6 BEAGLEBONE\n11.1-BETA1 armv6 CUBIEBOARD\n11.1-BETA1 armv6 CUBIEBOARD2\n11.1-BETA1 armv6 CUBOX-HUMMINGBOARD\n11.1-BETA1 armv6 GUMSTIX\n11.1-BETA1 armv6 RPI-B\n11.1-BETA1 armv6 RPI2\n11.1-BETA1 armv6 PANDABOARD\n11.1-BETA1 armv6 WANDBOARD\n11.1-BETA1 aarch64 GENERIC\nNote regarding arm/armv6 images: For convenience for those without console access to the system, a freebsd user with a password of freebsd is available by default for ssh(1) access.  Additionally, the root user password is set to root.  It is strongly recommended to change the password for both users after gaining access to the system.\n\n\n\nThe full schedule for 11.1-RELEASE is here, the final release is expected at the end of July\nIt was also announced there will be a 10.4-RELEASE scheduled for October\n***\n\n\nKARL – kernel address randomized link\n\n\nOver the last three weeks I've been working on a new randomization feature which will protect the kernel.\nThe situation today is that many people install a kernel binary from OpenBSD, and then run that same kernel binary for 6 months or more. We have substantial randomization for the memory allocations made by the kernel, and for userland also of course.\nPreviously, the kernel assembly language bootstrap/runtime locore.S was compiled and linked with all the other .c files of the kernel in a deterministic fashion. locore.o was always first, then the .c files order specified by our config(8) utility and some helper files.\nIn the new world order, locore is split into two files: One chunk is bootstrap, that is left at the beginning. The assembly language runtime and all other files are linked in random fashion. There are some other pieces to try to improve the randomness of the layout.\nAs a result, every new kernel is unique. The relative offsets between functions and data are unique.\nIt still loads at the same location in KVA. This is not kernel ASLR! ASLR is a concept where the base address of a module is biased to a random location, for position-independent execution. In this case, the module itself is perturbed but it lands at the same location, and\ndoes not need to use position-independent execution modes.\n\n\n\n\nLLDB: Sanitizing the debugger's runtime\n\n\nThe good\n\n\n\nBesides the greater enhancements this month I performed a cleanup in the ATF ptrace(2) tests again. Additionally I have managed to unbreak the LLDB Debug build and to eliminate compiler warnings in the NetBSD Native Process Plugin. It is worth noting that LLVM can run tests on NetBSD again, the patch in gtest/LLVM has been installed by Joerg Sonnenberg and a more generic one has been submitted to the upstream googletest repository. There was also an improvement in ftruncate(2) on the LLVM side (authored by Joerg).\nSince LLD (the LLVM linker) is advancing rapidly, it improved support for NetBSD and it can link a functional executable on NetBSD. I submitted a patch to stop crashing it on startup anymore. It was nearly used for linking LLDB/NetBSD and it spotted a real linking error... however there are further issues that need to be addressed in the future. Currently LLD is not part of the mainline LLDB tasks - it's part of improving the work environment. This linker should reduce the linking time - compared to GNU linkers - of LLDB by a factor of 3x-10x and save precious developer time. As of now LLDB linking can take minutes on a modern amd64 machine designed for performance.\n\n\n\nKernel correctness\n\n\n\nI have researched (in pkgsrc-wip) initial support for multiple threads in the NetBSD Native Process Plugin. This code revealed - when running the LLDB regression test-suite - new kernel bugs. This unfortunately affects the usability of a debugger in a multithread environment in general and explains why GDB was never doing its job properly in such circumstances. One of the first errors was asserting kernel panic with PT_*STEP, when a debuggee has more than a single thread. I have narrowed it down to lock primitives misuse in the do_ptrace() kernel code. The fix has been committed.\n\n\n\nThe bad\n\n\n\nUnfortunately this is not the full story and there is further mandatory work.\nLLDB acceleration\nThe EV_SET() bug broke upstream LLDB over a month ago, and during this period the debugger was significantly accelerated and parallelized. It is difficult to declare it definitely, but it might be the reason why the tracer's runtime broke due to threading desynchronization. LLDB behaves differently when run standalone, under ktruss(1) and under gdb(1) - the shared bug is that it always fails in one way or another, which isn't trivial to debug.\n\n\n\nThe ugly\n\n\n\nThere are also unpleasant issues at the core of the Operating System.\nKernel troubles\nAnother bug with single-step functions that affects another aspect of correctness - this time with reliable execution of a program - is that processes die in non-deterministic ways when single-stepped. My current impression is that there is no appropriate translation between process and thread (LWP) states under a debugger. These issues are sibling problems to unreliable PT_RESUME and PT_SUSPEND.\nIn order to be able to appropriately address this, I have diligently studied this month the Solaris Internals book to get a better image of the design of the NetBSD kernel multiprocessing, which was modeled after this commercial UNIX.\n\n\n\nPlan for the next milestone\n\n\n\nThe current troubles can be summarized as data races in the kernel and at the same time in LLDB. I have decided to port the LLVM sanitizers, as I require the Thread Sanitizer (tsan). Temporarily I have removed the code for tracing processes with multiple threads to hide the known kernel bugs and focus on the LLDB races.\nUnfortunately LLDB is not easily bisectable (build time of the LLVM+Clang+LLDB stack, number of revisions), therefore the debugging has to be performed on the most recent code from upstream trunk.\n\n\n\n\nd2K17 Hackathon Reports\n\n\nd2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection\nd2k17 Hackathon Report: Antoine Jacoutot on rc.d, syspatch, and more\nd2k17 Hackathon Report: Florian Obser on slaacd(8)\nd2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress\n\n\n\n\nNews Roundup\n\nMulti-tenant router or firewall with FreeBSD\n\n\nSetting-up a virtual lab\nDownloading BSD Router Project images\nDownload BSDRP serial image (prevent to have to use an X display) on Sourceforge.\nDownload Lab scripts\n\n\n\nMore information on these BSDRP lab scripts available on How to build a BSDRP router lab.\n\n\n\nStart the lab with full-meshed 5 routers and one shared LAN, on this example using bhyve lab script on FreeBSD:\n\n\n[root@FreeBSD]~# tools/BSDRP-lab-bhyve.sh -i BSDRP-1.71-full-amd64-serial.img.xz -n 5 -l 1\n\n\nConfiguration\nRouter 4 (R4) hosts the 3 routers/firewalls for each 3 customers.\nRouter 1 (R1) belongs to customer 1, router 2 (R2) to customer 2 and router 3 (R3) to customer 3.\nRouter 5 (R5) simulates a simple Internet host\nUsing pf firewall in place of ipfw\n\n\n\npf need a little more configuration because by default /dev/pf is hidden from jail. Then, on the host we need to:\n\n\n\nIn place of loading the ipfw/ipfw-nat modules we need to load the pf module (but still disabling pf on our host for this example)\nModify default devd rules for allowing jails to see /dev/pf (if you want to use tcpdump inside your jail, you should use bpf device too)\nReplacing nojail tag by nojailvnet tag into /etc/rc.d/pf (already done into BSDRP)\nUnder the hood: jails-on-nanobsd\nBSDRP's tenant shell script creates jail configuration compliant with a host running nanobsd. Then these jails need to be configured for a nanobsd:\nBeing nullfs based for being hosted on a read-only root filesystem\nHave their /etc and /var into tmpfs disks (then we need to populate these directory before each start)\nConfiguration changes need to be saved with nanobsd configuration tools, like “config save” on BSDRP\nAnd on the host:\nautosave daemon need to be enabled: Each time a customer will issue a “config save” inside a jail, his configuration diffs will be save into host's /etc/jails/. And this directory is a RAM disk too, then we need to automatically save hosts configuration on changes.\n***\n\n\nOpenBSD Daily Source Reading\n\n\nAdam Wołk writes:\n\n\n\nI made a new year's resolution to read at least one C source file from OpenBSD daily. The goal was to both get better at C and to contribute more to the base system and userland development. I have to admit that initially I wasn’t consistent with it at all. In the first quarter of the year I read the code of a few small base utilities and nothing else. Still, every bit counts and it’s never too late to get better.\nAround the end of May, I really started reading code daily - no days skipped. It usually takes anywhere between ten minutes (for small base utils) and one and a half hour (for targeted reads). I’m pretty happy with the results so far. Exploring the system on a daily basis, looking up things in the code that I don’t understand and digging as deep as possible made me learn a lot more both about C and the system than I initially expected.\nThere’s also one more side effect of reading code daily - diffs. It’s easy to spot inconsistencies, outdated code or an incorrect man page. This results in opportunities for contributing to the project. With time it also becomes less opportunitstic and more goal oriented. You might start with a [https://marc.info/?l=openbsd-tech\u0026amp;m=149591302814638\u0026amp;w=2](drive by diff to kill) optional compilation of an old compatibility option in chown that has been compiled in by default since 1995.\nSoon the contributions become more targeted, for example using a new API for encrypting passwords in the htpasswd utility after reading the code of the utility and the code for htpasswd handling in httpd. Similarly it can take you from discussing a doas feature idea with a friend to implementing it after reading the code.\nI was having a lot of fun reading code daily and started to recommend it to people in general discussions. There was one particular twitter thread that ended up starting something new.\nThis is still a new thing and the format is not yet solidified. Generally I make a lot of notes reading code, instead of slapping them inside a local file I drop the notes on the IRC channel as I go. Everyone on the channel is encouraged to do the same or share his notes in any way he/she seems feasable.\n\n\n\nCheck out the logs from the IRC discussions.\nStart reading code from other BSD projects and see whether you can replicate their results!\n***\n\n\nBecome FreeBSD User: Find Useful Tools\n\n\nBSD Mag has the following article by David Carlier:\n\n\n\nIf you’re usually programming on Linux and you consider a potential switch to FreeBSD, this article will give you an overview of the possibilities.\n\n\n\nHow to Install the Dependencies\n\n\n\nFreeBSD comes with either applications from binary packages or compiled from sources (ports). They are arranged according to software types (programming languages mainly in lang (or java specifically for Java), libraries in devel, web servers in www …) and the main tool for modern FreeBSD versions is pkg, similar to Debian apt tools suite. Hence, most of the time if you are looking for a specific application/library, simply\n\npkg search \u0026lt;name\u0026gt;\n\nwithout necessarily knowing the fully qualified name of the package. It is somehow sufficient. For example pkg search php7 will display php7 itself and the modules. Furthermore, php70 specific version and so on.\n\n\n\nWeb Development\n\n\n\nBasically, this is the easiest area to migrate to. Most  Web languages do not use  specific platform features. Thus, most of the time, your existing projects might just be “drop-in” use cases.\nIf your language of choice is PHP, you are lucky as this scripting language is workable on various operating systems, on most  Unixes and Windows. In the case of FreeBSD, you have even many different ports or binary package versions (5.6 to 7.1). In this case, you may need some specific PHP modules enabled, luckily they are available atomically, or if the port is the way you chose, it is via the www/php70-extensions’s one.\nOf course developing with Apache (both 2.2 and 2.4 series are available, respectively www/apache22 and www/apache24 packages), or even better with Nginx (the last stable or the latest development versions could be used, respectively www/nginx and www/nginx-devel packages) via php-fpm is possible.\nIn terms of databases, we have the regular RDMBS like MySQL and PostgreSQL (client and server are distinct packages … databases/(mysql/portgresql)-client, and databases/(mysql/postgresql)-server). Additionally, a more modern concept of NoSQL with CouchDB, for example (databases/couchdb), MongoDB (databases/mongodb), and Cassandra (databases/cassandra), to name but a few.\n\n\n\nLow-level Development\n\n\n\nThe BSDs are shipped with C and C++ compilers in the base. In the case of FreeBSD 11.0, it is clang 3.8.0 (in x86 architectures) otherwise, modern versions of gcc exist for developing with C++11. Examples are of course available too (lang/gcc … until gcc 7.0 devel).\nNumerous libraries for various topics are also present, web services SOAP with gsoap through User Interfaces with GTK (x11-toolkits/gtk), QT4 or QT 5 (devel/qt), malware libraries with Yara (security/yara), etc.\n\n\n\nAndroid / Mobile Development\n\n\n\nTo be able to do Android development, to a certain degree, the Linux’s compatibility layer (aka linuxulator) needs to be enabled. Also, x11-toolkits/swt and linux-f10-gtk2 port/package need to be installed (note that libswt-gtk-3550.so and libswt-pi-gtk-3550.so are necessary. The current package is versioned as 3557 and can be solved using symlinks). In the worst case scenario, remember that bhyve (or Virtualbox) is available, and can run any Linux distribution efficiently.\n\n\n\nSource Control Management\n\n\n\nFreeBSD comes in base with a version of subversion. As FreeBSD source is in a subversion repository, a prefixed svnlite command prevents conflicts with the package/port.\nAdditionally, Git is present but via the package/port system with various options (with or without a user interface, subversion support).\n\n\n\nConclusion\n\n\n\nFreeBSD has made tremendous improvements over the years to fill the gap created by Linux. FreeBSD still maintains its interesting specificities; hence there will not be too much blockers if your projects are reasonably sized to allow a migration to FreeBSD.\n\n\n\n\nNotes from project Aeronix, part 10\n\n\nPrologue\n\n\n\nIt is almost two years since I finished building Aeronix and it has served me well during that time. Only thing that ever broke was Noctua CPU fan, which I have replaced with the same model. However, for long time, I wanted to run Aeronix on OpenBSD instead of GNU/Linux Debian.\n\n\n\nPreparation\n\n\n\nI first experimented with RAID1 OpenBSD setup in VirtualBox, plugging and unplugging drives and learned that OpenBSD RAID1 is really smooth. When I finally got the courage, I copied all the data on two drives outside of Aeronix. One external HDD I regulary use to backup Aeronix and second internal drive in my desktop computer. Copying the data took about two afternoons. Aeronix usually has higher temperatures (somewhere around 55°C or 65°C depending on time of the year), and when stressed, it can go really high (around 75°C). During full speed copy over NFS and to external drive it went as high as 85°C, which made me a bit nervous. After the data were copied, I temporarily un-configured computers on local network to not touch Aeronix, plugged keyboard, display and OpenBSD 6.1 thumb drive. Installing OpenBSD 6.1 on full disk RAID1 was super easy.\n\n\n\nConfiguring NFS\n\n\n\nAeronix serves primarily as NAS, which means NFS and SMB. NFS is used by computers in local network with persistent connection (via Ethernet). SMB is used by other devices in local network with volatile connection (via WiFi). When configuring NFS, I expected similar configuration to what I had in Debian, but on OpenBSD, it is very different. However, after reading through exports(5), it was really easy to put it together.\n\n\n\nPutting the data back\n\n\n\nCopying from the external drive took few days, since the transfer speed was something around 5MB/s. I didn't really mind. It was sort of a good thing, because Aeronix wasn't overheating that way. I guess I need to figure new backup strategy though.\nOne interesting thing happened with one of my local desktops. It was connecting Aeronix with default NFS mount options (on Archlinux) and had really big troubles with reading anything. Basically it behaved as if the network drive had horrible access times. After changing the default mount options, it started working perfectly.\n\n\n\nConclusion\n\n\n\nMigrating to OpenBSD was way easier than I anticipated. There are various benefits like more security, realiable RAID1 setup (which I know how will work when drive dies), better documentation and much more. However, the true benefit for me is just the fact I like OpenBSD and makes me happy to have one more OpenBSD machine. On to the next two years of service!\n\n\n\n\nBeastie Bits\n\n\nRunning OpenBSD on Azure\nMondieu - portable alternative for freebsd-update\nPlan9-9k: 64-bit Plan 9\nInstalling OpenBSD 6.1 on your laptop is really hard (not)\nUbuntuBSD is dead\nOPNsense 17.1.8 released\n***\n\n\nFeedback/Questions\n\n\nPatrick - Operating System Textbooks\nBrian - snapshot retention\nRandy - FreeNAS to FreeBSD\nFlorian - Bootloader Resolution\n***\n","content_html":"\u003cp\u003eFreeBSD 11.1-Beta1 is out, we discuss Kernel address randomized link (KARL), and explore the benefits of daily OpenBSD source code reading\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2017-June/087242.html\" rel=\"nofollow\"\u003eFreeBSD 11.1-Beta1 now available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGlen Barber, of the FreeBSD release engineering team has announced that FreeBSD 11.1-Beta1 is now available for the following architectures:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e11.1-BETA1 amd64 GENERIC\u003cbr\u003e\n11.1-BETA1 i386 GENERIC\u003cbr\u003e\n11.1-BETA1 powerpc GENERIC\u003cbr\u003e\n11.1-BETA1 powerpc64 GENERIC64\u003cbr\u003e\n11.1-BETA1 sparc64 GENERIC\u003cbr\u003e\n11.1-BETA1 armv6 BANANAPI\u003cbr\u003e\n11.1-BETA1 armv6 BEAGLEBONE\u003cbr\u003e\n11.1-BETA1 armv6 CUBIEBOARD\u003cbr\u003e\n11.1-BETA1 armv6 CUBIEBOARD2\u003cbr\u003e\n11.1-BETA1 armv6 CUBOX-HUMMINGBOARD\u003cbr\u003e\n11.1-BETA1 armv6 GUMSTIX\u003cbr\u003e\n11.1-BETA1 armv6 RPI-B\u003cbr\u003e\n11.1-BETA1 armv6 RPI2\u003cbr\u003e\n11.1-BETA1 armv6 PANDABOARD\u003cbr\u003e\n11.1-BETA1 armv6 WANDBOARD\u003cbr\u003e\n11.1-BETA1 aarch64 GENERIC\u003cbr\u003e\nNote regarding arm/armv6 images: For convenience for those without console access to the system, a freebsd user with a password of freebsd is available by default for ssh(1) access.  Additionally, the root user password is set to root.  It is strongly recommended to change the password for both users after gaining access to the system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://www.freebsd.org/releases/11.1R/schedule.html\" rel=\"nofollow\"\u003efull schedule\u003c/a\u003e for 11.1-RELEASE is here, the final release is expected at the end of July\u003c/li\u003e\n\u003cli\u003eIt was also announced there will be a 10.4-RELEASE \u003ca href=\"https://www.freebsd.org/releases/10.4R/schedule.html\" rel=\"nofollow\"\u003escheduled for October\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=149732026405941\u0026w=2\" rel=\"nofollow\"\u003eKARL – kernel address randomized link\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOver the last three weeks I\u0026#39;ve been working on a new randomization feature which will protect the kernel.\u003cbr\u003e\nThe situation today is that many people install a kernel binary from OpenBSD, and then run that same kernel binary for 6 months or more. We have substantial randomization for the memory allocations made by the kernel, and for userland also of course.\u003cbr\u003e\nPreviously, the kernel assembly language bootstrap/runtime locore.S was compiled and linked with all the other .c files of the kernel in a deterministic fashion. locore.o was always first, then the .c files order specified by our config(8) utility and some helper files.\u003cbr\u003e\nIn the new world order, locore is split into two files: One chunk is bootstrap, that is left at the beginning. The assembly language runtime and all other files are linked in random fashion. There are some other pieces to try to improve the randomness of the layout.\u003cbr\u003e\nAs a result, every new kernel is unique. The relative offsets between functions and data are unique.\u003cbr\u003e\nIt still loads at the same location in KVA. This is not kernel ASLR! ASLR is a concept where the base address of a module is biased to a random location, for position-independent execution. In this case, the module itself is perturbed but it lands at the same location, and\u003cbr\u003e\ndoes not need to use position-independent execution modes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/lldb_sanitizing_the_debugger_s\" rel=\"nofollow\"\u003eLLDB: Sanitizing the debugger\u0026#39;s runtime\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe good\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBesides the greater enhancements this month I performed a cleanup in the ATF ptrace(2) tests again. Additionally I have managed to unbreak the LLDB Debug build and to eliminate compiler warnings in the NetBSD Native Process Plugin. It is worth noting that LLVM can run tests on NetBSD again, the patch in gtest/LLVM has been installed by Joerg Sonnenberg and a more generic one has been submitted to the upstream googletest repository. There was also an improvement in ftruncate(2) on the LLVM side (authored by Joerg).\u003cbr\u003e\nSince LLD (the LLVM linker) is advancing rapidly, it improved support for NetBSD and it can link a functional executable on NetBSD. I submitted a patch to stop crashing it on startup anymore. It was nearly used for linking LLDB/NetBSD and it spotted a real linking error... however there are further issues that need to be addressed in the future. Currently LLD is not part of the mainline LLDB tasks - it\u0026#39;s part of improving the work environment. This linker should reduce the linking time - compared to GNU linkers - of LLDB by a factor of 3x-10x and save precious developer time. As of now LLDB linking can take minutes on a modern amd64 machine designed for performance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eKernel correctness\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have researched (in pkgsrc-wip) initial support for multiple threads in the NetBSD Native Process Plugin. This code revealed - when running the LLDB regression test-suite - new kernel bugs. This unfortunately affects the usability of a debugger in a multithread environment in general and explains why GDB was never doing its job properly in such circumstances. One of the first errors was asserting kernel panic with PT_*STEP, when a debuggee has more than a single thread. I have narrowed it down to lock primitives misuse in the do_ptrace() kernel code. The fix has been committed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe bad\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUnfortunately this is not the full story and there is further mandatory work.\u003cbr\u003e\nLLDB acceleration\u003cbr\u003e\nThe EV_SET() bug broke upstream LLDB over a month ago, and during this period the debugger was significantly accelerated and parallelized. It is difficult to declare it definitely, but it might be the reason why the tracer\u0026#39;s runtime broke due to threading desynchronization. LLDB behaves differently when run standalone, under ktruss(1) and under gdb(1) - the shared bug is that it always fails in one way or another, which isn\u0026#39;t trivial to debug.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ugly\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere are also unpleasant issues at the core of the Operating System.\u003cbr\u003e\nKernel troubles\u003cbr\u003e\nAnother bug with single-step functions that affects another aspect of correctness - this time with reliable execution of a program - is that processes die in non-deterministic ways when single-stepped. My current impression is that there is no appropriate translation between process and thread (LWP) states under a debugger. These issues are sibling problems to unreliable PT_RESUME and PT_SUSPEND.\u003cbr\u003e\nIn order to be able to appropriately address this, I have diligently studied this month the Solaris Internals book to get a better image of the design of the NetBSD kernel multiprocessing, which was modeled after this commercial UNIX.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlan for the next milestone\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe current troubles can be summarized as data races in the kernel and at the same time in LLDB. I have decided to port the LLVM sanitizers, as I require the Thread Sanitizer (tsan). Temporarily I have removed the code for tracing processes with multiple threads to hide the known kernel bugs and focus on the LLDB races.\u003cbr\u003e\nUnfortunately LLDB is not easily bisectable (build time of the LLVM+Clang+LLDB stack, number of revisions), therefore the debugging has to be performed on the most recent code from upstream trunk.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003ed2K17 Hackathon Reports\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170605225415\" rel=\"nofollow\"\u003ed2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170608074033\" rel=\"nofollow\"\u003ed2k17 Hackathon Report: Antoine Jacoutot on rc.d, syspatch, and more\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170609013548\" rel=\"nofollow\"\u003ed2k17 Hackathon Report: Florian Obser on slaacd(8)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170602014048\" rel=\"nofollow\"\u003ed2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdrp.net/documentation/examples/multi-tenant_router_and_firewall\" rel=\"nofollow\"\u003eMulti-tenant router or firewall with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSetting-up a virtual lab\u003c/li\u003e\n\u003cli\u003eDownloading BSD Router Project images\u003c/li\u003e\n\u003cli\u003eDownload BSDRP serial image (prevent to have to use an X display) on Sourceforge.\u003c/li\u003e\n\u003cli\u003eDownload Lab scripts\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMore information on these BSDRP lab scripts available on \u003ca href=\"https://bsdrp.net/documentation/examples/how_to_build_a_bsdrp_router_lab\" rel=\"nofollow\"\u003eHow to build a BSDRP router lab\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eStart the lab with full-meshed 5 routers and one shared LAN, on this example using bhyve lab script on FreeBSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ccode\u003e[root@FreeBSD]~# tools/BSDRP-lab-bhyve.sh -i BSDRP-1.71-full-amd64-serial.img.xz -n 5 -l 1\u003c/code\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfiguration\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eRouter 4 (R4) hosts the 3 routers/firewalls for each 3 customers.\u003c/li\u003e\n\u003cli\u003eRouter 1 (R1) belongs to customer 1, router 2 (R2) to customer 2 and router 3 (R3) to customer 3.\u003c/li\u003e\n\u003cli\u003eRouter 5 (R5) simulates a simple Internet host\u003c/li\u003e\n\u003cli\u003eUsing pf firewall in place of ipfw\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epf need a little more configuration because by default /dev/pf is hidden from jail. Then, on the host we need to:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn place of loading the ipfw/ipfw-nat modules we need to load the pf module (but still disabling pf on our host for this example)\u003c/li\u003e\n\u003cli\u003eModify default devd rules for allowing jails to see /dev/pf (if you want to use tcpdump inside your jail, you should use bpf device too)\u003c/li\u003e\n\u003cli\u003eReplacing nojail tag by nojailvnet tag into /etc/rc.d/pf (\u003ca href=\"https://github.com/ocochard/BSDRP/blob/master/BSDRP/patches/freebsd.pf.rc.jail.patch\" rel=\"nofollow\"\u003ealready done into BSDRP\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUnder the hood: jails-on-nanobsd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocochard/BSDRP/blob/master/BSDRP/Files/usr/local/sbin/tenant\" rel=\"nofollow\"\u003eBSDRP\u0026#39;s tenant shell script\u003c/a\u003e creates jail configuration compliant with a host running nanobsd. Then these jails need to be configured for a nanobsd:\u003c/li\u003e\n\u003cli\u003eBeing nullfs based for being hosted on a read-only root filesystem\u003c/li\u003e\n\u003cli\u003eHave their /etc and /var into tmpfs disks (then we need to populate these directory before each start)\u003c/li\u003e\n\u003cli\u003eConfiguration changes need to be saved with nanobsd configuration tools, like “config save” on BSDRP\u003c/li\u003e\n\u003cli\u003eAnd on the host:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocochard/BSDRP/blob/master/BSDRP/Files/usr/local/sbin/autosave\" rel=\"nofollow\"\u003eautosave daemon\u003c/a\u003e need to be enabled: Each time a customer will issue a “config save” inside a jail, his configuration diffs will be save into host\u0026#39;s /etc/jails/. And this directory is a RAM disk too, then we need to automatically save hosts configuration on changes.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.tintagel.pl/2017/06/09/openbsd-daily.html\" rel=\"nofollow\"\u003eOpenBSD Daily Source Reading\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdam Wołk writes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI made a new year\u0026#39;s resolution to read at least one C source file from OpenBSD daily. The goal was to both get better at C and to contribute more to the base system and userland development. I have to admit that initially I wasn’t consistent with it at all. In the first quarter of the year I read the code of a few small base utilities and nothing else. Still, every bit counts and it’s never too late to get better.\u003cbr\u003e\nAround the end of May, I really started reading code daily - no days skipped. It usually takes anywhere between ten minutes (for small base utils) and one and a half hour (for targeted reads). I’m pretty happy with the results so far. Exploring the system on a daily basis, looking up things in the code that I don’t understand and digging as deep as possible made me learn a lot more both about C and the system than I initially expected.\u003cbr\u003e\nThere’s also one more side effect of reading code daily - diffs. It’s easy to spot inconsistencies, outdated code or an incorrect man page. This results in opportunities for contributing to the project. With time it also becomes less opportunitstic and more goal oriented. You might start with a [\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=149591302814638\u0026w=2%5D(drive\" rel=\"nofollow\"\u003ehttps://marc.info/?l=openbsd-tech\u0026amp;m=149591302814638\u0026amp;w=2](drive\u003c/a\u003e by diff to kill) optional compilation of an old compatibility option in chown that has been compiled in by default since 1995.\u003cbr\u003e\nSoon the contributions become more targeted, for example using a new API for encrypting passwords in the htpasswd utility after reading the code of the utility and the code for htpasswd handling in httpd. Similarly it can take you from discussing a doas feature idea with a friend to implementing it after reading the code.\u003cbr\u003e\nI was having a lot of fun reading code daily and started to recommend it to people in general discussions. There was one particular twitter thread that ended up starting something new.\u003cbr\u003e\nThis is still a new thing and the format is not yet solidified. Generally I make a lot of notes reading code, instead of slapping them inside a local file I drop the notes on the IRC channel as I go. Everyone on the channel is encouraged to do the same or share his notes in any way he/she seems feasable.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the logs from the IRC discussions.\u003c/li\u003e\n\u003cli\u003eStart reading code from other BSD projects and see whether you can replicate their results!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/become-freebsd-user-find-useful-tools/\" rel=\"nofollow\"\u003eBecome FreeBSD User: Find Useful Tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD Mag has the following article by David Carlier:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you’re usually programming on Linux and you consider a potential switch to FreeBSD, this article will give you an overview of the possibilities.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow to Install the Dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD comes with either applications from binary packages or compiled from sources (ports). They are arranged according to software types (programming languages mainly in lang (or java specifically for Java), libraries in devel, web servers in www …) and the main tool for modern FreeBSD versions is pkg, similar to Debian apt tools suite. Hence, most of the time if you are looking for a specific application/library, simply\u003c/p\u003e\n\n\u003cp\u003e\u003ccode\u003epkg search \u0026lt;name\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\n\u003cp\u003ewithout necessarily knowing the fully qualified name of the package. It is somehow sufficient. For example pkg search php7 will display php7 itself and the modules. Furthermore, php70 specific version and so on.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWeb Development\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBasically, this is the easiest area to migrate to. Most  Web languages do not use  specific platform features. Thus, most of the time, your existing projects might just be “drop-in” use cases.\u003cbr\u003e\nIf your language of choice is PHP, you are lucky as this scripting language is workable on various operating systems, on most  Unixes and Windows. In the case of FreeBSD, you have even many different ports or binary package versions (5.6 to 7.1). In this case, you may need some specific PHP modules enabled, luckily they are available atomically, or if the port is the way you chose, it is via the www/php70-extensions’s one.\u003cbr\u003e\nOf course developing with Apache (both 2.2 and 2.4 series are available, respectively www/apache22 and www/apache24 packages), or even better with Nginx (the last stable or the latest development versions could be used, respectively www/nginx and www/nginx-devel packages) via php-fpm is possible.\u003cbr\u003e\nIn terms of databases, we have the regular RDMBS like MySQL and PostgreSQL (client and server are distinct packages … databases/(mysql/portgresql)\u003cversion\u003e-client, and databases/(mysql/postgresql)\u003cversion\u003e-server). Additionally, a more modern concept of NoSQL with CouchDB, for example (databases/couchdb), MongoDB (databases/mongodb), and Cassandra (databases/cassandra), to name but a few.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLow-level Development\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe BSDs are shipped with C and C++ compilers in the base. In the case of FreeBSD 11.0, it is clang 3.8.0 (in x86 architectures) otherwise, modern versions of gcc exist for developing with C++11. Examples are of course available too (lang/gcc\u003cversion\u003e … until gcc 7.0 devel).\u003cbr\u003e\nNumerous libraries for various topics are also present, web services SOAP with gsoap through User Interfaces with GTK (x11-toolkits/gtk\u003cversion\u003e), QT4 or QT 5 (devel/qt\u003cversion\u003e), malware libraries with Yara (security/yara), etc.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAndroid / Mobile Development\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTo be able to do Android development, to a certain degree, the Linux’s compatibility layer (aka linuxulator) needs to be enabled. Also, x11-toolkits/swt and linux-f10-gtk2 port/package need to be installed (note that libswt-gtk-3550.so and libswt-pi-gtk-3550.so are necessary. The current package is versioned as 3557 and can be solved using symlinks). In the worst case scenario, remember that bhyve (or Virtualbox) is available, and can run any Linux distribution efficiently.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSource Control Management\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD comes in base with a version of subversion. As FreeBSD source is in a subversion repository, a prefixed svnlite command prevents conflicts with the package/port.\u003cbr\u003e\nAdditionally, Git is present but via the package/port system with various options (with or without a user interface, subversion support).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD has made tremendous improvements over the years to fill the gap created by Linux. FreeBSD still maintains its interesting specificities; hence there will not be too much blockers if your projects are reasonably sized to allow a migration to FreeBSD.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://martin.kopta.eu/blog/#2017-06-11-16-07-26\" rel=\"nofollow\"\u003eNotes from project Aeronix, part 10\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePrologue\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt is almost two years since I finished building Aeronix and it has served me well during that time. Only thing that ever broke was Noctua CPU fan, which I have replaced with the same model. However, for long time, I wanted to run Aeronix on OpenBSD instead of GNU/Linux Debian.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePreparation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI first experimented with RAID1 OpenBSD setup in VirtualBox, plugging and unplugging drives and learned that OpenBSD RAID1 is really smooth. When I finally got the courage, I copied all the data on two drives outside of Aeronix. One external HDD I regulary use to backup Aeronix and second internal drive in my desktop computer. Copying the data took about two afternoons. Aeronix usually has higher temperatures (somewhere around 55°C or 65°C depending on time of the year), and when stressed, it can go really high (around 75°C). During full speed copy over NFS and to external drive it went as high as 85°C, which made me a bit nervous. After the data were copied, I temporarily un-configured computers on local network to not touch Aeronix, plugged keyboard, display and OpenBSD 6.1 thumb drive. Installing OpenBSD 6.1 on full disk RAID1 was super easy.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConfiguring NFS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAeronix serves primarily as NAS, which means NFS and SMB. NFS is used by computers in local network with persistent connection (via Ethernet). SMB is used by other devices in local network with volatile connection (via WiFi). When configuring NFS, I expected similar configuration to what I had in Debian, but on OpenBSD, it is very different. However, after reading through exports(5), it was really easy to put it together.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePutting the data back\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCopying from the external drive took few days, since the transfer speed was something around 5MB/s. I didn\u0026#39;t really mind. It was sort of a good thing, because Aeronix wasn\u0026#39;t overheating that way. I guess I need to figure new backup strategy though.\u003cbr\u003e\nOne interesting thing happened with one of my local desktops. It was connecting Aeronix with default NFS mount options (on Archlinux) and had really big troubles with reading anything. Basically it behaved as if the network drive had horrible access times. After changing the default mount options, it started working perfectly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConclusion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMigrating to OpenBSD was way easier than I anticipated. There are various benefits like more security, realiable RAID1 setup (which I know how will work when drive dies), better documentation and much more. However, the true benefit for me is just the fact I like OpenBSD and makes me happy to have one more OpenBSD machine. On to the next two years of service!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170609121413\u0026mode=expanded\u0026count=0\" rel=\"nofollow\"\u003eRunning OpenBSD on Azure\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skoef/mondieu\" rel=\"nofollow\"\u003eMondieu - portable alternative for freebsd-update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/forsyth/plan9-9k\" rel=\"nofollow\"\u003ePlan9-9k: 64-bit Plan 9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://sohcahtoa.org.uk/openbsd.html\" rel=\"nofollow\"\u003eInstalling OpenBSD 6.1 on your laptop is really hard (not)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.ubuntubsd.org/\" rel=\"nofollow\"\u003eUbuntuBSD is dead\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-17-1-8-released/\" rel=\"nofollow\"\u003eOPNsense 17.1.8 released\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2DKXA0T#wrap\" rel=\"nofollow\"\u003ePatrick - Operating System Textbooks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3CJGW22#wrap\" rel=\"nofollow\"\u003eBrian - snapshot retention\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2X3X6NR#wrap\" rel=\"nofollow\"\u003eRandy - FreeNAS to FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1AE2SPS#wrap\" rel=\"nofollow\"\u003eFlorian - Bootloader Resolution\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"FreeBSD 11.1-Beta1 is out, we discuss Kernel address randomized link (KARL), and explore the benefits of daily OpenBSD source code reading","date_published":"2017-06-21T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/09be4191-2b92-4ab8-b530-f934ac4697f3.mp3","mime_type":"audio/mpeg","size_in_bytes":59176660,"duration_in_seconds":4931}]},{"id":"0123153a-507e-46d5-b7d3-59fef8b731ae","title":"198: BSDNorth or You can’t handle the libtruth","url":"https://www.bsdnow.tv/198","content_text":"This episode gives you the full dose of BSDCan 2017 recap as well as a blog post on conference speaking advice.\n\nHeadlines\n\nPre-conference activities: Goat BoF, FreeBSD Foundation Board Meeting, and FreeBSD Journal Editorial Board Meeting\n\n\nThe FreeBSD Foundation has a new President as Justin Gibbs is busy this year with building a house, so George Neville-Neil took up the task to serve as President, with Justin Gibbs as Secretary. Take a look at the updated Board of Directors.\nWe also have a new staff member: Scott Lamons joined the Foundation team as senior program manager.\n\n\n\nScott’s work for the Foundation will focus on managing and evangelizing programs for advanced technologies in FreeBSD including preparing project plans, coordinating resources, and facilitating interactions between commercial vendors, the Foundation, and the FreeBSD community.\n\n\n\nThe Foundation also planned various future activities, visits of upcoming conferences, and finding new ways to support and engage the community.\nThe Foundation now has interns in the form of co-op students from the University of Waterloo, Canada. This is described further in the May 2017 Development Projects Update. Both students (Siva and Charlie) were also the conference, helping out at the Foundation table, demonstrating the tinderbox dashboard. Follow the detailed instructions to build one of your own.\nThe Foundation put out a call for Project Proposal Solicitation for 2017. If you think you have a good proposal for work relating to any of the major subsystems or infrastructure for FreeBSD, we’d be happy to review it.\nDon’t miss the deadlines for travel grants to some of the upcoming conferences. You can find the necessary forms and deadlines at the Travel Grant page on the Foundation website.\nPictures from the Goat BoF can be found on Keltia.net\nOverlapping with the GoatBoF, members of the FreeBSD Journal editorial board met in a conference room in the Novotel to plan the upcoming issues. Topics were found, authors identified, and new content was discussed to appeal to even more readers. Check out the FreeBSD Journal website and subscribe if you like to support the Foundation in that way.\n\n\n\n\nFreeBSD Devsummit Day 1 \u0026amp; 2\n\n\nThe first day of the Devsummit began with introductory slides by Gordon Tetlow, who organized the devsummit very well.\nBenno Rice of the FreeBSD core team presented the work done on the new Code of Conduct, which will become effective soon. A round of Q\u0026amp;A followed, with positive feedback from the other devsummit attendees supporting the new CoC.\nAfter that, Allan Jude joined to talk about the new FreeBSD Community Proposal (FCP) process. Modelled after IETF RFCs, Joyent RFDs, and Python PEP, it is a new way for the project to reach consensus on the design or implementation of new features or processes. The FCP repo contains FCP#0 that describes the process, and a template for writing a proposal.\nThen, the entire core team (except John Baldwin, who could not make it this year) and core secretary held a core Q\u0026amp;A session, Answering questions, gathering feedback and suggestions.\nAfter the coffee break, we had a presentation about Intel’s QAT integration in FreeBSD.\nWhen the lunch was over, people spread out into working groups about BearSSL, Transport (TCP/IP), and OpenZFS.\nOpenZFS working group:\n\n\nMatt Ahrens lead the group, and spent most of the first session providing a status update about what features have been recently committed, are out for review, on the horizon, or in the design phase.\n\nExisting Features\n\n\nCompressed ARC\nCompressed Send/Recv\nRecently Upstreamed\nA recent commit improved RAID-Z write speeds by declaring writes to padding blocks to be optional, and to always write them if they can be aggregated with the next write. Mostly impacts large record sizes.\nABD (ARC buffer scatter/gather)\n\nUpstreaming In Progress\n\n\nNative Encryption\nChannel Programs\nDevice Removal (Mirrors and Stripes)\nRedacted Send/recv\nNative TRIM Support (FreeBSD has its own, but this is better and applies to all ZFS implementations)\nFaster (mostly sequential) scrub/resilver\nDRAID (A great deal of time was spent explaining how this works, with diagrams on the chalk board)\nvdev metadata classes (store metadata on SSDs with data is on HDDs, or similar setups. Could also be modified to do dedup to SSD)\nMulti-mount protection (“safe import”, for dual-headed storage shelves)\nzpool checkpoint (rollback an entire pool, including zfs rename and zfs destroy)\n\nFurther Out\n\n\nImport improvements\nImport with missing top-level vdevs (some blocks unreadable, but might let you get some data)\nImproved allocator performance -- vdev spacemap log\nZIL performance\nPersistent L2ARC\nZSTD Compression\n\nDay 2\n\n\nDay two started with the Have/Want/Need session for FreeBSD 12.0. A number of features that various people have or are in the process of building, were discussed with an eye towards upstreaming them. Features we want to have in time for 12.0 (early 2019) were also discussed.\nAfter the break was the Vendor summit, which continued the discussion of how FreeBSD and its vendors can work together to make a better operating system, and better products based on it\nAfter lunch, the group broke up into various working groups: Testing/CI, Containers, Hardening UFS, and GELI Improvements\nAllan lead the GELI Improvements session. The main thrust of the discussions was fixing an outstanding bug in GELI when using both key slots with passphrases. To solve this, and make GELI more extensible, the metadata format will be extended to allow it to store more than 512 bytes of data (currently 511 bytes are used).\nThe new format will allow arbitrarily large metadata, defined at creation time by selecting the number of user key slots desired.\nThe new extended metadata format will contain mostly the same fields, except the userkey will no longer be a byte array of IV-key, Data-key, HMAC, but a struct that will contain all data about that key\nThis new format will store the number of pkcs5v2 iterations per key, instead of only having a single location to store this number for all keys (the source of the original bug)\nA new set of flags per key, to control some aspects of the key (does it require a keyfile, etc), as well as possibly the role of the key.\nAn auxdata field related to the flags, this would allow a specific key with a specific flag set, to boot a different partition, rather than decrypt the main partition.\nA URI to external key material is also stored per key, allowing GELI to uniquely identify the correct data to load to be able to use a specific decryption key\nAnd the three original parts of the key are stored in separate fields now. The HMAC also has a type field, allowing for a different HMAC algorithm to be used in the future.\nThe main metadata is also extended to include a field to store the number of user keys, and to provide an overall HMAC of the metadata, so that it can be verified using the master key (provide any of the user keys)\n\nOther topics discussed:\n\n\nKen Merry presented sedutil, a tool for managing Self Encrypting Drives, as may be required by certain governments and other specific use cases.\nCreating a deniable version of GELI, where the metadata is also encrypted\nThe work to implemented GELI in the UEFI loader was discussed, and a number of developers volunteered to review and test the code\n\nFollowing the end of the Dev Summit, the “Newcomers orientation and mentorship” session was run by Michael W. Lucas, which attempts to pair up first time attendees with oldtimers, to make sure they always know a few people they can ask if they have questions, or if they need help getting introduced to the right people.\n\n\n\n\nNews Roundup\n\nConference Day 1\n\n\nThe conference opened with some short remarks from Dan Langille, and then the opening keynote by Dr Michael Geist, a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. The keynote focused on what some of the currently issues are, and how the technical community needs to get involved at all levels. In Canada especially, contacting your representatives is quite effective, and when it does not happen, they only hear the other side of the story, and often end up spouting talking points from lobbyists as if they were facts.\nThe question period for the keynote ran well overtime because of the number of good questions the discussion raised, including how do we fight back against large telcos with teams of lawyers and piles of money.\nThen the four tracks of talks started up for the day\nThe day wrapped up with the Work In Progress (WIP) session.\n\n\nAllan Jude presented work on ZSTD compression in ZFS\nDrew Gallatin presented about work at Netflix on larger mbufs, to avoid the need for chaining and to allow more data to be pushed at once. Results in an 8% CPU time reduction when pushing 90 gbps of TLS encrypted traffic\nDan Langille presented about letsencrypt (the acme.sh tool specifically), and bacula\nSamy Al Bahra presented about Concurrency Kit\n***\n\n\n\nConference Day 2\n\n\nBecause Dan is a merciful soul, BSDCan starts an hour later on the second day\nAnother great round of talks and BoF sessions over lunch\nThe hallway track was great as always, and I spent most of the afternoon just talking with people\nThen the final set of talks started, and I was torn between all four of them\nThen there was the auction, and the closing party\n***\n\n\nBSDCan 2017 Auction Swag\n\n\nGroff Fundraiser Pins: During the conference, You could get a unique Groff pin, by donating more than the last person to either the FreeBSD or OpenBSD foundation\nMichael W. Lucas and his wife Liz donated some interesting home made and local items to the infamous Charity Auction\nI donated the last remaining copy of the “Canadian Edition” of “FreeBSD Mastery: Advanced ZedFS”, and a Pentium G4400 (Skylake) CPU (Supports ECC or non-ECC)\nPeter Hessler donated his pen (Have you read “Git Commit Murder” yet?)\nTheo De Raadt donated his autographed conference badge\nDavid Maxwell donated a large print of the group photo from last years FreeBSD Developers Summit, which was purchased by Allan\nThere was also a FreeBSD Dev Summit T-Shirt (with the Slogan: What is Core doing about it?) autographed by all of the attending members of core, with a forged jhb@ signature.\nLastly, someone wrote “I \u0026lt;3 FreeBSD” on a left over conference t-shirt with magic marker, and the bidding began to make OpenBSD developer Henning Brauer wear it to the closing party. The top bid was $150 by Kristof Provost, the FreeBSD pf maintainer.\n***\n\n\nHenning Brauer loves FreeBSD\n\n\nIn addition to the $150 donation that resulted in Henning wearing the I love FreeBSD t-shirt, he also took selfies with people in exchange for an additional donation of $10. A total of over $500 was raised.\nMichael W. Lucas\nMichael Dexter\nFreeBSD Foundation Interns + Ed Maste + Eric Joyner\nPierre Ponchery\nNick Danger \nMichael Shirk \nCalvin Hendryx-Parker\nReyk Floeter\nRod Grimes\nJim Thompson\nSean Chittenden and Sam Gwydir, Henning wearing Theo de Raadt’s badge\nDavid Duncan\n***\n\n\nlibtrue\n\n\nAt the hacker lounge, a joke email was sent to the FreeBSD developers list, making it look like a change to true(1)’s manpage had been committed to “document that true(1) supports libxo”\nWhile the change was not actually made, as you might expect this started a discussion about if this was really necessary.\nThis spawned a new github repo\nWhile this all started as a joke, it then became an example of how rapid collaboration can happen, and an example of implementing a number of modern technologies in FreeBSD, including libxo (json output), and capsicum (security sandboxing)\nThe project has an large number of open issues and enhancement suggestions, and a number of active pull requests including:\n\n\nAdd Vagrantfile and Ansible playbooks for VM\nDTrace Support (Add the trueprov provider to allow tracing of true.\nA Code of Conduct\nlibtrue.xyz website as a git submodule\na false binary\nPython and Go bindings\n***\n\n\n\nOn Conference Speaking\n\n\nPhase 1: Idea\n\n\n\nUntil now I’ve never had to sit down and ponder what I could speak about. Over the year, I run into at least one topic I know something about that appears to be interesting to the wider public. I’m positive that’s true for almost anyone if they keep their minds open and keep looking for it.\n\n\n\nPhase 2: Call for Proposals\n\n\n\nIn the end I have to come up with a good pitch that speaks to as many people as possible and with a speculative outline. Since there are always many more submissions than talk slots, this is the first critical point. There are many reasons why a proposal can be refused, so put effort into not giving the program committee any additional, that are entirely avoidable.\n\n\n\nPhase 3: Waiting for the CFP Result\n\n\n\n...do passive research: if I see something relevant, I add it to my mind map. At this point my mind map looks atypical though: it has a lot of unordered root nodes. I just throw in everything that looks interesting and add some of my own thoughts to it. In the case of the reliability topic, I spend a lot of time to stay on top it anyway so a lot of material emerged.\n\n\n\nPhase 4: The Road to an Outline\n\n\n\nOnce the talk is accepted, research intensifies. Books and articles I’ve written down for further research are read and topics extracted. In 2017, this started on January 23. But before I start writing, I get the mind map into a shape that makes sense and that will support me. This is the second critical point: I have to come up with a compelling story using the material I’ve collected. Just enumerating facts and wisdom a good talk doesn’t make. It has to have a good flow that makes sense and that keeps people engaged.\n\n\n\nPhase 5: Slides\n\n\n\nI have a very strong opinion on slides: use few, big words. Don’t make people read your slides unless it’s code samples. Otherwise they’ll be distracted from what you say. You’ll see me rarely use fonts smaller than 100pt (code ~40–60pt) which is readable from everywhere and forces me to be as brief as possible.\n\n\n\nPhase 6: Polishing\n\n\n\nI firmly believe that this phase makes or breaks a talk. Only by practicing again and again you’ll notice rough spots, weak transitions, and redundancies. Each iteration makes the talk a bit better both regarding the slides and my ability to present it. Each iteration adds impressions that my subconscious mind chews on and makes things fall in place and give me inspiration in unlikely moments.\n\n\n\nPhase 7: Sneak Preview\n\n\n\nIn the past years I was blessed with the opportunity to test my talks in front of a smaller audiences. Interestingly, I’ve come to take smaller events more seriously than the big ones. If a small conference pays for my travels and gives me a prominent slot, I have both more responsibility and attention than if I paid my way to an event where I’m one of many speakers.\n\n\n\nPhase 8: Refinement and More Polishing\n\n\n\nThe first session is always just going through all slides, reacquainting myself with my deck. Then it always takes quite a bit of willpower until I do a full practice run again: the first time always pretty brutal because I tend to forget pretty fast. On the other hand, it rather quickly comes back too. Which makes it even harder to motivate myself to start. Ideally I’d have access to a video recording from phase 7 to have a closer look at what work could be improved. But since it’s usually smaller conferences, I don’t.\n\n\n\nPhase 9: Travel\n\n\n\nWhenever I travel to conferences I bring everything I need for my talk and then some. To make sure I don’t forget anything essential, I have a packing list for my business trips (and vacations too – the differences are so minimal that I use a unified list). My epic packing list for business trips. I print it out the day before departure and cross stuff off as I pack. I highly recommend to anyone to emulate this since packing is a lot less stressful if you just follow a checklist.\n\n\n\nPhase 10: Showtime!\n\n\n\nSo this is it. The moment everything else led to. People who suffer from fear of public speaking think this is the worst part. But if you scroll back you’ll realize: this is the payoff! This is what you worked toward. This is the fun, easy part. Once you stand in front of the audience, the work is done and you get to enjoy the ride.\n\n\n\n\nBeastie Bits\n\n\nKris and Ken Moore - TrueOS Q\u0026amp;A\nNew home for the repository conversions (NetBSD Git mirror is now on GitHub.com/NetBSD)\nTab completion in OpenBSD's ksh\npkgsrcCon July 1\u0026amp;2\nOpenBSD 6.1 syspatch installed SP kernel on MP system\nKNOXBug meeting this Friday\n***\n\n\nFeedback/Questions\n\n\nRob - FreeNAS Corral\nBrad - ZFS snapshot strategy\nPhil - ZFS Send via Snail Mail\nPhillip - Network Limits for Public NTP Server\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThis episode gives you the full dose of BSDCan 2017 recap as well as a blog post on conference speaking advice.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003ePre-conference activities: Goat BoF, FreeBSD Foundation Board Meeting, and FreeBSD Journal Editorial Board Meeting\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD Foundation has a new President as Justin Gibbs is busy this year with building a house, so George Neville-Neil took up the task to serve as President, with Justin Gibbs as Secretary. Take a look at the updated \u003ca href=\"https://www.freebsdfoundation.org/about/board-of-directors/\" rel=\"nofollow\"\u003eBoard of Directors\u003c/a\u003e.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eWe also have a new \u003ca href=\"https://www.freebsdfoundation.org/about/staff/\" rel=\"nofollow\"\u003estaff member\u003c/a\u003e: Scott Lamons joined the Foundation team as senior program manager.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eScott’s work for the Foundation will focus on managing and evangelizing programs for advanced technologies in FreeBSD including preparing project plans, coordinating resources, and facilitating interactions between commercial vendors, the Foundation, and the FreeBSD community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Foundation also planned various future activities, visits of upcoming conferences, and finding new ways to support and engage the community.\u003c/li\u003e\n\u003cli\u003eThe Foundation now has interns in the form of co-op students from the University of Waterloo, Canada. This is described further in the \u003ca href=\"https://www.freebsdfoundation.org/blog/may-2017-development-projects-update/\" rel=\"nofollow\"\u003eMay 2017 Development Projects Update\u003c/a\u003e. Both students (Siva and Charlie) were also the conference, helping out at the Foundation table, demonstrating the tinderbox dashboard. Follow the \u003ca href=\"https://www.freebsdfoundation.org/news-and-events/blog/blog-post/building-a-physical-freebsd-build-status-dashboard/\" rel=\"nofollow\"\u003edetailed instructions\u003c/a\u003e to build one of your own.\u003c/li\u003e\n\u003cli\u003eThe Foundation put out a \u003ca href=\"https://www.freebsdfoundation.org/blog/freebsd-foundation-2017-project-proposal-solicitation/\" rel=\"nofollow\"\u003ecall for Project Proposal Solicitation for 2017\u003c/a\u003e. If you think you have a good proposal for work relating to any of the major subsystems or infrastructure for FreeBSD, we’d be happy to review it.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDon’t miss the deadlines for travel grants to some of the upcoming conferences. You can find the necessary forms and deadlines at the \u003ca href=\"https://www.freebsdfoundation.org/what-we-do/travel-grants/travel-grants/\" rel=\"nofollow\"\u003eTravel Grant page\u003c/a\u003e on the Foundation website.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003ePictures from the Goat BoF can be found on \u003ca href=\"https://assets.keltia.net/photos/BSDCan-2017/Royal%20Oak/index.html\" rel=\"nofollow\"\u003eKeltia.net\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOverlapping with the GoatBoF, members of the FreeBSD Journal editorial board met in a conference room in the Novotel to plan the upcoming issues. Topics were found, authors identified, and new content was discussed to appeal to even more readers. Check out the \u003ca href=\"https://www.freebsdfoundation.org/journal/\" rel=\"nofollow\"\u003eFreeBSD Journal website\u003c/a\u003e and subscribe if you like to support the Foundation in that way.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/DevSummit/201706\" rel=\"nofollow\"\u003eFreeBSD Devsummit Day 1 \u0026amp; 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe first day of the Devsummit began with introductory slides by Gordon Tetlow, who organized the devsummit very well.\u003c/li\u003e\n\u003cli\u003eBenno Rice of the FreeBSD core team presented the work done on the new Code of Conduct, which will become effective soon. A round of Q\u0026amp;A followed, with positive feedback from the other devsummit attendees supporting the new CoC.\u003c/li\u003e\n\u003cli\u003eAfter that, Allan Jude joined to talk about the new \u003ca href=\"https://github.com/freebsd/fcp\" rel=\"nofollow\"\u003eFreeBSD Community Proposal (FCP)\u003c/a\u003e process. Modelled after IETF RFCs, Joyent RFDs, and Python PEP, it is a new way for the project to reach consensus on the design or implementation of new features or processes. The FCP repo contains FCP#0 that describes the process, and a template for writing a proposal.\u003c/li\u003e\n\u003cli\u003eThen, the entire core team (except John Baldwin, who could not make it this year) and core secretary held a core Q\u0026amp;A session, Answering questions, gathering feedback and suggestions.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eAfter the coffee break, we had a presentation about Intel’s QAT integration in FreeBSD.\u003c/li\u003e\n\u003cli\u003eWhen the lunch was over, people spread out into working groups about BearSSL, Transport (TCP/IP), and OpenZFS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://pbs.twimg.com/media/DBu_IMsWAAId2sN.jpg:large\" rel=\"nofollow\"\u003eOpenZFS working group\u003c/a\u003e:\n\n\u003cul\u003e\n\u003cli\u003eMatt Ahrens lead the group, and spent most of the first session providing a status update about what features have been recently committed, are out for review, on the horizon, or in the design phase.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExisting Features\u003c/strong\u003e\n\n\u003cul\u003e\n\u003cli\u003eCompressed ARC\u003c/li\u003e\n\u003cli\u003eCompressed Send/Recv\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRecently Upstreamed\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eA recent commit improved RAID-Z write speeds by declaring writes to padding blocks to be optional, and to always write them if they can be aggregated with the next write. Mostly impacts large record sizes.\u003c/li\u003e\n\u003cli\u003eABD (ARC buffer scatter/gather)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUpstreaming In Progress\u003c/strong\u003e\n\n\u003cul\u003e\n\u003cli\u003eNative Encryption\u003c/li\u003e\n\u003cli\u003eChannel Programs\u003c/li\u003e\n\u003cli\u003eDevice Removal (Mirrors and Stripes)\u003c/li\u003e\n\u003cli\u003eRedacted Send/recv\u003c/li\u003e\n\u003cli\u003eNative TRIM Support (FreeBSD has its own, but this is better and applies to all ZFS implementations)\u003c/li\u003e\n\u003cli\u003eFaster (mostly sequential) scrub/resilver\u003c/li\u003e\n\u003cli\u003eDRAID (A great deal of time was spent explaining how this works, with diagrams on the chalk board)\u003c/li\u003e\n\u003cli\u003evdev metadata classes (store metadata on SSDs with data is on HDDs, or similar setups. Could also be modified to do dedup to SSD)\u003c/li\u003e\n\u003cli\u003eMulti-mount protection (“safe import”, for dual-headed storage shelves)\u003c/li\u003e\n\u003cli\u003ezpool checkpoint (rollback an entire pool, including zfs rename and zfs destroy)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFurther Out\u003c/strong\u003e\n\n\u003cul\u003e\n\u003cli\u003eImport improvements\u003c/li\u003e\n\u003cli\u003eImport with missing top-level vdevs (some blocks unreadable, but might let you get some data)\u003c/li\u003e\n\u003cli\u003eImproved allocator performance -- vdev spacemap log\u003c/li\u003e\n\u003cli\u003eZIL performance\u003c/li\u003e\n\u003cli\u003ePersistent L2ARC\u003c/li\u003e\n\u003cli\u003eZSTD Compression\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDay 2\n\n\u003cul\u003e\n\u003cli\u003eDay two started with the Have/Want/Need session for FreeBSD 12.0. A number of features that various people have or are in the process of building, were discussed with an eye towards upstreaming them. Features we want to have in time for 12.0 (early 2019) were also discussed.\u003c/li\u003e\n\u003cli\u003eAfter the break was the Vendor summit, which continued the discussion of how FreeBSD and its vendors can work together to make a better operating system, and better products based on it\u003c/li\u003e\n\u003cli\u003eAfter lunch, the group broke up into various working groups: Testing/CI, Containers, Hardening UFS, and GELI Improvements\u003c/li\u003e\n\u003cli\u003eAllan lead the GELI Improvements session. The main thrust of the discussions was fixing an outstanding bug in GELI when using both key slots with passphrases. To solve this, and make GELI more extensible, the metadata format will be extended to allow it to store more than 512 bytes of data (currently 511 bytes are used).\u003c/li\u003e\n\u003cli\u003eThe new format will allow arbitrarily large metadata, defined at creation time by selecting the number of user key slots desired.\u003c/li\u003e\n\u003cli\u003eThe new extended metadata format will contain mostly the same fields, except the userkey will no longer be a byte array of IV-key, Data-key, HMAC, but a struct that will contain all data about that key\u003c/li\u003e\n\u003cli\u003eThis new format will store the number of pkcs5v2 iterations per key, instead of only having a single location to store this number for all keys (the source of the original bug)\u003c/li\u003e\n\u003cli\u003eA new set of flags per key, to control some aspects of the key (does it require a keyfile, etc), as well as possibly the role of the key.\u003c/li\u003e\n\u003cli\u003eAn auxdata field related to the flags, this would allow a specific key with a specific flag set, to boot a different partition, rather than decrypt the main partition.\u003c/li\u003e\n\u003cli\u003eA URI to external key material is also stored per key, allowing GELI to uniquely identify the correct data to load to be able to use a specific decryption key\u003c/li\u003e\n\u003cli\u003eAnd the three original parts of the key are stored in separate fields now. The HMAC also has a type field, allowing for a different HMAC algorithm to be used in the future.\u003c/li\u003e\n\u003cli\u003eThe main metadata is also extended to include a field to store the number of user keys, and to provide an overall HMAC of the metadata, so that it can be verified using the master key (provide any of the user keys)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOther topics discussed:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eKen Merry presented sedutil, a tool for managing Self Encrypting Drives, as may be required by certain governments and other specific use cases.\u003c/li\u003e\n\u003cli\u003eCreating a deniable version of GELI, where the metadata is also encrypted\u003c/li\u003e\n\u003cli\u003eThe work to implemented GELI in the UEFI loader was discussed, and a number of developers volunteered to review and test the code\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFollowing the end of the Dev Summit, the “Newcomers orientation and mentorship” session was run by Michael W. Lucas, which attempts to pair up first time attendees with oldtimers, to make sure they always know a few people they can ask if they have questions, or if they need help getting introduced to the right people.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdcan.org/2017/schedule/day_2017-06-09.en.html\" rel=\"nofollow\"\u003eConference Day 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe conference opened with some short remarks from Dan Langille, and then the opening keynote by Dr Michael Geist, a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. The keynote focused on what some of the currently issues are, and how the technical community needs to get involved at all levels. In Canada especially, contacting your representatives is quite effective, and when it does not happen, they only hear the other side of the story, and often end up spouting talking points from lobbyists as if they were facts.\u003c/li\u003e\n\u003cli\u003eThe question period for the keynote ran well overtime because of the number of good questions the discussion raised, including how do we fight back against large telcos with teams of lawyers and piles of money.\u003c/li\u003e\n\u003cli\u003eThen the four tracks of talks started up for the day\u003c/li\u003e\n\u003cli\u003eThe day wrapped up with the Work In Progress (WIP) session.\n\n\u003cul\u003e\n\u003cli\u003eAllan Jude presented work on ZSTD compression in ZFS\u003c/li\u003e\n\u003cli\u003eDrew Gallatin presented about work at Netflix on larger mbufs, to avoid the need for chaining and to allow more data to be pushed at once. Results in an 8% CPU time reduction when pushing 90 gbps of TLS encrypted traffic\u003c/li\u003e\n\u003cli\u003eDan Langille presented about letsencrypt (the acme.sh tool specifically), and bacula\u003c/li\u003e\n\u003cli\u003eSamy Al Bahra presented about Concurrency Kit\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdcan.org/2017/schedule/day_2017-06-10.en.html\" rel=\"nofollow\"\u003eConference Day 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBecause Dan is a merciful soul, BSDCan starts an hour later on the second day\u003c/li\u003e\n\u003cli\u003eAnother great round of talks and BoF sessions over lunch\u003c/li\u003e\n\u003cli\u003eThe hallway track was great as always, and I spent most of the afternoon just talking with people\u003c/li\u003e\n\u003cli\u003eThen the final set of talks started, and I was torn between all four of them\u003c/li\u003e\n\u003cli\u003eThen there was the auction, and the closing party\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2962\" rel=\"nofollow\"\u003eBSDCan 2017 Auction Swag\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGroff Fundraiser Pins: During the conference, You could get a unique Groff pin, by donating more than the last person to either the FreeBSD or OpenBSD foundation\u003c/li\u003e\n\u003cli\u003eMichael W. Lucas and his wife Liz donated some interesting home made and local items to the infamous Charity Auction\u003c/li\u003e\n\u003cli\u003eI donated the last remaining copy of the “Canadian Edition” of “FreeBSD Mastery: Advanced ZedFS”, and a Pentium G4400 (Skylake) CPU (Supports ECC or non-ECC)\u003c/li\u003e\n\u003cli\u003ePeter Hessler donated his pen (Have you read “Git Commit Murder” yet?)\u003c/li\u003e\n\u003cli\u003eTheo De Raadt donated his autographed conference badge\u003c/li\u003e\n\u003cli\u003eDavid Maxwell donated a large print of the group photo from last years FreeBSD Developers Summit, which was purchased by Allan\u003c/li\u003e\n\u003cli\u003eThere was also a FreeBSD Dev Summit T-Shirt (with the Slogan: What is Core doing about it?) autographed by all of the attending members of core, with a forged jhb@ signature.\u003c/li\u003e\n\u003cli\u003eLastly, someone wrote “I \u0026lt;3 FreeBSD” on a left over conference t-shirt with magic marker, and the bidding began to make OpenBSD developer Henning Brauer wear it to the closing party. The top bid was $150 by Kristof Provost, the FreeBSD pf maintainer.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/henningBrauer\" rel=\"nofollow\"\u003eHenning Brauer loves FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn addition to the $150 donation that resulted in Henning wearing the I love FreeBSD t-shirt, he also took selfies with people in exchange for an additional donation of $10. A total of over $500 was raised.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/mwlauthor/status/874656462433386497\" rel=\"nofollow\"\u003eMichael W. Lucas\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/michaeldexter/status/874344686885904384\" rel=\"nofollow\"\u003eMichael Dexter\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/yzgyyang/status/873714734343880705\" rel=\"nofollow\"\u003eFreeBSD Foundation Interns + Ed Maste + Eric Joyner\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/khorben/status/873673295903825925\" rel=\"nofollow\"\u003ePierre Ponchery\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/niqdanger/status/873697176513380353\" rel=\"nofollow\"\u003eNick Danger \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/shirkdog/status/873687910175866881\" rel=\"nofollow\"\u003eMichael Shirk \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/calvinhp/status/873686591692255233\" rel=\"nofollow\"\u003eCalvin Hendryx-Parker\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/reykfloeter/status/873673717884346368\" rel=\"nofollow\"\u003eReyk Floeter\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/akpoff/status/873673432751370240\" rel=\"nofollow\"\u003eRod Grimes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/gonzopancho/status/873700951651233792\" rel=\"nofollow\"\u003eJim Thompson\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/SeanChittenden/status/873750297113501697\" rel=\"nofollow\"\u003eSean Chittenden and Sam Gwydir, Henning wearing Theo de Raadt’s badge\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/davdunc/status/873807305162334208\" rel=\"nofollow\"\u003eDavid Duncan\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/libtrue/libtrue\" rel=\"nofollow\"\u003elibtrue\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAt the hacker lounge, a joke email was sent to the FreeBSD developers list, making it look like a change to true(1)’s manpage had been committed to “document that true(1) supports libxo”\u003c/li\u003e\n\u003cli\u003eWhile the change was not actually made, as you might expect this started a discussion about if this was really necessary.\u003c/li\u003e\n\u003cli\u003eThis spawned a new github repo\u003c/li\u003e\n\u003cli\u003eWhile this all started as a joke, it then became an example of how rapid collaboration can happen, and an example of implementing a number of modern technologies in FreeBSD, including libxo (json output), and capsicum (security sandboxing)\u003c/li\u003e\n\u003cli\u003eThe project has an large number of open issues and enhancement suggestions, and a number of active pull requests including:\n\n\u003cul\u003e\n\u003cli\u003eAdd Vagrantfile and Ansible playbooks for VM\u003c/li\u003e\n\u003cli\u003eDTrace Support (Add the trueprov provider to allow tracing of true.\u003c/li\u003e\n\u003cli\u003eA Code of Conduct\u003c/li\u003e\n\u003cli\u003elibtrue.xyz website as a git submodule\u003c/li\u003e\n\u003cli\u003ea false binary\u003c/li\u003e\n\u003cli\u003ePython and Go bindings\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hynek.me/articles/speaking/\" rel=\"nofollow\"\u003eOn Conference Speaking\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 1: Idea\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUntil now I’ve never had to sit down and ponder what I could speak about. Over the year, I run into at least one topic I know something about that appears to be interesting to the wider public. I’m positive that’s true for almost anyone if they keep their minds open and keep looking for it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 2: Call for Proposals\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the end I have to come up with a good pitch that speaks to as many people as possible and with a speculative outline. Since there are always many more submissions than talk slots, this is the first critical point. There are many reasons why a proposal can be refused, so put effort into not giving the program committee any additional, that are entirely avoidable.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 3: Waiting for the CFP Result\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e...do passive research: if I see something relevant, I add it to my mind map. At this point my mind map looks atypical though: it has a lot of unordered root nodes. I just throw in everything that looks interesting and add some of my own thoughts to it. In the case of the reliability topic, I spend a lot of time to stay on top it anyway so a lot of material emerged.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 4: The Road to an Outline\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce the talk is accepted, research intensifies. Books and articles I’ve written down for further research are read and topics extracted. In 2017, this started on January 23. But before I start writing, I get the mind map into a shape that makes sense and that will support me. This is the second critical point: I have to come up with a compelling story using the material I’ve collected. Just enumerating facts and wisdom a good talk doesn’t make. It has to have a good flow that makes sense and that keeps people engaged.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 5: Slides\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have a very strong opinion on slides: use few, big words. Don’t make people read your slides unless it’s code samples. Otherwise they’ll be distracted from what you say. You’ll see me rarely use fonts smaller than 100pt (code ~40–60pt) which is readable from everywhere and forces me to be as brief as possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 6: Polishing\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI firmly believe that this phase makes or breaks a talk. Only by practicing again and again you’ll notice rough spots, weak transitions, and redundancies. Each iteration makes the talk a bit better both regarding the slides and my ability to present it. Each iteration adds impressions that my subconscious mind chews on and makes things fall in place and give me inspiration in unlikely moments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 7: Sneak Preview\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the past years I was blessed with the opportunity to test my talks in front of a smaller audiences. Interestingly, I’ve come to take smaller events more seriously than the big ones. If a small conference pays for my travels and gives me a prominent slot, I have both more responsibility and attention than if I paid my way to an event where I’m one of many speakers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 8: Refinement and More Polishing\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe first session is always just going through all slides, reacquainting myself with my deck. Then it always takes quite a bit of willpower until I do a full practice run again: the first time always pretty brutal because I tend to forget pretty fast. On the other hand, it rather quickly comes back too. Which makes it even harder to motivate myself to start. Ideally I’d have access to a video recording from phase 7 to have a closer look at what work could be improved. But since it’s usually smaller conferences, I don’t.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 9: Travel\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhenever I travel to conferences I bring everything I need for my talk and then some. To make sure I don’t forget anything essential, I have a packing list for my business trips (and vacations too – the differences are so minimal that I use a unified list). My epic packing list for business trips. I print it out the day before departure and cross stuff off as I pack. I highly recommend to anyone to emulate this since packing is a lot less stressful if you just follow a checklist.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhase 10: Showtime!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo this is it. The moment everything else led to. People who suffer from fear of public speaking think this is the worst part. But if you scroll back you’ll realize: this is the payoff! This is what you worked toward. This is the fun, easy part. Once you stand in front of the audience, the work is done and you get to enjoy the ride.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/discourse-trueos-qa-61617/\" rel=\"nofollow\"\u003eKris and Ken Moore - TrueOS Q\u0026amp;A\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/tech-repository/2017/06/10/msg000637.html\" rel=\"nofollow\"\u003eNew home for the repository conversions (NetBSD Git mirror is now on GitHub.com/NetBSD)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://deftly.net/posts/2017-05-01-openbsd-ksh-tab-complete.html\" rel=\"nofollow\"\u003eTab completion in OpenBSD\u0026#39;s ksh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pkgsrc.org/pkgsrcCon/2017/\" rel=\"nofollow\"\u003epkgsrcCon July 1\u0026amp;2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.mail-archive.com/misc@openbsd.org/msg153421.html\" rel=\"nofollow\"\u003eOpenBSD 6.1 syspatch installed SP kernel on MP system\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/content/join-us-freebsd-day\" rel=\"nofollow\"\u003eKNOXBug meeting this Friday\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2XEE9JA#wrap\" rel=\"nofollow\"\u003eRob - FreeNAS Corral\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/27GSJK0#wrap\" rel=\"nofollow\"\u003eBrad - ZFS snapshot strategy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3D02RYZ#wrap\" rel=\"nofollow\"\u003ePhil - ZFS Send via Snail Mail\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/0ZSMVWH#wrap\" rel=\"nofollow\"\u003ePhillip - Network Limits for Public NTP Server\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"This episode gives you the full dose of BSDCan 2017 recap as well as a blog post on conference speaking advice.","date_published":"2017-06-14T11:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0123153a-507e-46d5-b7d3-59fef8b731ae.mp3","mime_type":"audio/mpeg","size_in_bytes":96556756,"duration_in_seconds":8046}]},{"id":"96c50ac2-eb84-4fbf-9a0b-d1cfe342bb11","title":"197: Relaying the good news","url":"https://www.bsdnow.tv/197","content_text":"We’re at BSDCan, but we have an interview with Michael W. Lucas which you don’t want to miss.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nWe are off to BSDCan but we have an interview and news roundup for you.\n\n\n\nInterview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor\n\n\nBooks, conferences \u0026amp; how these two combine\n***\n\n\nNews Roundup\n\nIn The Name Of Sane Email: Setting Up OpenBSD's spamd(8) With Secondary MXes In Play\n\n\n“The Grumpy BSD Guy”, Peter Hansteen is at it again, they have produced an updated version of a full recipe for OpenBSD’s spamd for your primary AND secondary mail servers\n\n\n\nRecipes in our field are all too often offered with little or no commentary to help the user understand the underlying principles of how a specific configuration works. To counter the trend and offer some free advice on a common configuration, here is my recipe for a sane mail setup.\nMailing lists can be fun. Most of the time the discussions on lists like openbsd-misc are useful, entertaining or both. But when your battle with spam fighting technology ends up blocking your source of information and entertainment (like in the case of the recent thread titled \"spamd greylisting: false positives\" - starting with this message), frustration levels can run high, and in the process it emerged that some readers out there place way too much trust in a certain site offering barely commented recipes (named after a rare chemical compound Cl-Hg-Hg-Cl).\n\n\n\n4 easy steps:\n\n\nMake sure your MXes (both primary and secondary) are able to receive mail for your domains\nSet set up content filtering for all MXes, since some spambots actually speak SMTP\nSet up spamd in front of all MXes\nSet up synchronization between your spamds\n\n\n\n\nThese are the basic steps. If you want to go even further, you can supplement your greylisting and publicly available blacklists with your own greytrapping, but greytrapping is by no means required.\nOnce you have made sure that your mail exchangers will accept mail for your domains (checking that secondaries do receive and spool mail when you stop the SMTP service on the primary), it's time to start setting up the content filtering.\n\n\n\nThe post provides links if you need help getting the basic mail server functionality going\n\n\n\nAt this point you will more likely than not discover that any differences in filtering setups between the hosts that accept and deliver mail will let spam through via the weakest link. Tune accordingly, or at least until you are satisfied that you have a fairly functional configuration.\nAs you will have read by now in the various sources I cited earlier, you need to set up rules to redirect traffic to your spamd as appropriate. Now let's take a peek at what I have running at my primary site's gateway.\n\n\n\nThe articles provides a few different sets of rules\nThe setup includes running all outgoing mail through spamd to auto-populate the whitelists, allowing replies to your emails to get through without greylisting\n\n\n\nAt this point, you have seen how to set up two spamds, each running in front of a mail exchanger. You can choose to run with the default spamd.conf, or you can edit in your own customizations.\n\n\n\nThere is also a link to Peter’s spamd.conf if you want to use “what works for me”\n\n\n\nThe fourth and final required step for a spamd setup with backup mail exchangers it to set up synchronization between the spamds. The synchronization keeps your greylists in sync and transfers information on any greytrapped entries to the partner spamds. As the spamd man page explains, the synchronization options -y and -Y are command line options to spamd. \n\n\n\nThe articles steps through the process of configuring spamd to listen for synchronization, and to send synchronization messages to its peer\n\n\n\nWith these settings in place, you have more or less completed step four of our recipe.\n\n\n\nThe article also shows you how to configure spamd to log to a separate log file, to make the messages easier to find and consolidate between your mail servers\n\n\n\nAfter noting the system load on your content filtering machines, restart your spamds. Then watch the system load values on the content filterers and take a note of them from time to time, say every 30 minutes or so\nStep 4) is the last required step for building a multi-MX configuration. You may want to just leave the system running for a while and watch any messages that turn up in the spamd logs or the mail exchanger's logs\nThe final embellishment is to set up local greytrapping. The principle is simple: If you have one or more addresses in your domain that you know will never be valid, you add them to your list of trapping addresses\nany host that tries to deliver mail to noreply@mydomain.nx will be added to the local blacklist spamd-greytrap to be stuttered at for as long as it takes.\nGreytrapping can be fun, you can search for posts here tagged with the obvious keywords. To get you started, I offer up my published list of trap addresses, built mainly from logs of unsuccessful delivery attempts here, at The BSDly.net traplist page, while the raw list of trap email addresses is available here. If you want to use that list in a similar manner for your site, please do, only remember to replace the domain names with one or more that you will be receiving mail for.\n\n\n\nLet us know how this affects your inbox\n***\n\n\nBeastie Bits\n\n\nStatus of FreeBSD’s capsicum on Linux\nHow to build a gateway, from 1979\nLinux escapee Hamza Sheikh on “Why FreeBSD?”\nUNIX is still as relevant as ever\nUpcoming Summer 2017 FreeBSD Foundation Events\n***\n","content_html":"\u003cp\u003eWe’re at BSDCan, but we have an interview with Michael W. Lucas which you don’t want to miss.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003eWe are off to BSDCan but we have an interview and news roundup for you.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Michael W. Lucas - \u003ca href=\"mailto:mwlucas@michaelwlucas.com\" rel=\"nofollow\"\u003emwlucas@michaelwlucas.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/mwlauthor\" rel=\"nofollow\"\u003e@mwlauthor\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBooks, conferences \u0026amp; how these two combine\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.no/2012/05/in-name-of-sane-email-setting-up-spamd.html\" rel=\"nofollow\"\u003eIn The Name Of Sane Email: Setting Up OpenBSD\u0026#39;s spamd(8) With Secondary MXes In Play\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The Grumpy BSD Guy”, Peter Hansteen is at it again, they have produced an updated version of a full recipe for OpenBSD’s spamd for your primary AND secondary mail servers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecipes in our field are all too often offered with little or no commentary to help the user understand the underlying principles of how a specific configuration works. To counter the trend and offer some free advice on a common configuration, here is my recipe for a sane mail setup.\u003cbr\u003e\nMailing lists can be fun. Most of the time the discussions on lists like openbsd-misc are useful, entertaining or both. But when your battle with spam fighting technology ends up blocking your source of information and entertainment (like in the case of the recent thread titled \u0026quot;spamd greylisting: false positives\u0026quot; - starting with this message), frustration levels can run high, and in the process it emerged that some readers out there place way too much trust in a certain site offering barely commented recipes (named after a rare chemical compound Cl-Hg-Hg-Cl).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e4 easy steps:\n\n\u003cul\u003e\n\u003cli\u003eMake sure your MXes (both primary and secondary) are able to receive mail for your domains\u003c/li\u003e\n\u003cli\u003eSet set up content filtering for all MXes, since some spambots actually speak SMTP\u003c/li\u003e\n\u003cli\u003eSet up spamd in front of all MXes\u003c/li\u003e\n\u003cli\u003eSet up synchronization between your spamds\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese are the basic steps. If you want to go even further, you can supplement your greylisting and publicly available blacklists with your own greytrapping, but greytrapping is by no means required.\u003cbr\u003e\nOnce you have made sure that your mail exchangers will accept mail for your domains (checking that secondaries do receive and spool mail when you stop the SMTP service on the primary), it\u0026#39;s time to start setting up the content filtering.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe post provides links if you need help getting the basic mail server functionality going\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt this point you will more likely than not discover that any differences in filtering setups between the hosts that accept and deliver mail will let spam through via the weakest link. Tune accordingly, or at least until you are satisfied that you have a fairly functional configuration.\u003cbr\u003e\nAs you will have read by now in the various sources I cited earlier, you need to set up rules to redirect traffic to your spamd as appropriate. Now let\u0026#39;s take a peek at what I have running at my primary site\u0026#39;s gateway.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe articles provides a few different sets of rules\u003c/li\u003e\n\u003cli\u003eThe setup includes running all outgoing mail through spamd to auto-populate the whitelists, allowing replies to your emails to get through without greylisting\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt this point, you have seen how to set up two spamds, each running in front of a mail exchanger. You can choose to run with the default spamd.conf, or you can edit in your own customizations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is also a link to Peter’s spamd.conf if you want to use “what works for me”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe fourth and final required step for a spamd setup with backup mail exchangers it to set up synchronization between the spamds. The synchronization keeps your greylists in sync and transfers information on any greytrapped entries to the partner spamds. As the spamd man page explains, the synchronization options -y and -Y are command line options to spamd. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe articles steps through the process of configuring spamd to listen for synchronization, and to send synchronization messages to its peer\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith these settings in place, you have more or less completed step four of our recipe.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article also shows you how to configure spamd to log to a separate log file, to make the messages easier to find and consolidate between your mail servers\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter noting the system load on your content filtering machines, restart your spamds. Then watch the system load values on the content filterers and take a note of them from time to time, say every 30 minutes or so\u003cbr\u003e\nStep 4) is the last required step for building a multi-MX configuration. You may want to just leave the system running for a while and watch any messages that turn up in the spamd logs or the mail exchanger\u0026#39;s logs\u003cbr\u003e\nThe final embellishment is to set up local greytrapping. The principle is simple: If you have one or more addresses in your domain that you know will never be valid, you add them to your list of trapping addresses\u003cbr\u003e\nany host that tries to deliver mail to \u003ca href=\"mailto:noreply@mydomain.nx\" rel=\"nofollow\"\u003enoreply@mydomain.nx\u003c/a\u003e will be added to the local blacklist spamd-greytrap to be stuttered at for as long as it takes.\u003cbr\u003e\nGreytrapping can be fun, you can search for posts here tagged with the obvious keywords. To get you started, I offer up my published list of trap addresses, built mainly from logs of unsuccessful delivery attempts here, at The BSDly.net traplist page, while the raw list of trap email addresses is available here. If you want to use that list in a similar manner for your site, please do, only remember to replace the domain names with one or more that you will be receiving mail for.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLet us know how this affects your inbox\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.capsicum-linux.org/\" rel=\"nofollow\"\u003eStatus of FreeBSD’s capsicum on Linux\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.networksorcery.com/enp/ien/ien109.txt\" rel=\"nofollow\"\u003eHow to build a gateway, from 1979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/why_freebsd/\" rel=\"nofollow\"\u003eLinux escapee Hamza Sheikh on “Why FreeBSD?”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.opengroup.org/2012/05/17/unix-is-still-as-relevant-as-ever/\" rel=\"nofollow\"\u003eUNIX is still as relevant as ever\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/upcoming-summer-2017-freebsd-foundation-events/\" rel=\"nofollow\"\u003eUpcoming Summer 2017 FreeBSD Foundation Events\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We’re at BSDCan, but we have an interview with Michael W. Lucas which you don’t want to miss.","date_published":"2017-06-07T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/96c50ac2-eb84-4fbf-9a0b-d1cfe342bb11.mp3","mime_type":"audio/mpeg","size_in_bytes":74289460,"duration_in_seconds":6190}]},{"id":"2ab6a51e-9952-4066-9b69-3eb9dfeff679","title":"196: PostgreZFS","url":"https://www.bsdnow.tv/196","content_text":"This week on BSD Now, we review the EuroBSDcon schedule, we explore the mysteries of Docker on OpenBSD, and show you how to run PostgreSQL on ZFS.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDcon 2017 - Talks \u0026amp; Schedule published\n\n\nThe EuroBSDcon website was updated with the tutorial and talk schedule for the upcoming September conference in Paris, France.\nTutorials on the 1st day: Kirk McKusick - An Introduction to the FreeBSD Open-Source Operating System, George Neville-Neil - DTrace for Developers, Taylor R Campbell - How to untangle your threads from a giant lock in a multiprocessor system\nTutorials on the 2nd day: Kirk continues his Introduction lecture, Michael Lucas - Core concepts of ZFS (half day), Benedict Reuschling - Managing BSD systems with Ansible (half day), Peter Hessler - BGP for developers and sysadmins\nTalks include 3 keynotes (2 on the first day, beginning and end), another one at the end of the second day by Brendan Gregg\nGood mixture of talks of the various BSD projects\nAlso, a good amount of new names and faces\nCheck out the full talk schedule.\nRegistration is not open yet, but will be soon.\n***\n\n\nOpenBSD on the Xiaomi Mi Air 12.5\"\n\n\nThe Xiaomi Mi Air 12.5\" is a basic fanless 12.5\" Ultrabook with good build quality and decent hardware specs, especially for the money: while it can usually be had for about $600, I got mine for $489 shipped to the US during a sale about a month ago.\nXiaomi offers this laptop in silver and gold. They also make a 13\" version but it comes with an NVidia graphics chip. Since these laptops are only sold in China, they come with a Chinese language version of Windows 10 and only one or two distributors that carry them ship to the US. Unfortunately that also means they come with practically no warranty or support.\nHardware\n\n\n\u0026gt; The Mi Air 12.5\" has a fanless, 6th generation (Skylake) Intel Core m3 processor, 4Gb of soldered-on RAM, and a 128Gb SATA SSD (more on that later). It has a small footprint of 11.5\" wide, 8\" deep, and 0.5\" thick, and weighs 2.3 pounds.\n\u0026gt; A single USB-C port on the right-hand side is used to charge the laptop and provide USB connectivity. A USB-C ethernet adapter I tried worked fine in OpenBSD. Whether intentional or not, a particular design touch I appreciated was that the USB-C port is placed directly to the right of the power button on the keyboard, so you don't have to look or feel around for the port when plugging in the power cable.\n\u0026gt; A single USB 3 type-A port is also available on the right side next to the USB-C port. A full-size HDMI port and a headphone jack are on the left-hand side. It has a soldered-on Intel 8260 wireless adapter and Bluetooth. The webcam in the screen bezel attaches internally over USB.\n\u0026gt; The chassis is all aluminum and has sufficient rigidity in the keyboard area. The 12.5\" 1920x1080 glossy IPS screen has a fairly small bezel and while its hinge is properly weighted to allow opening the lid with one hand (if you care about that kind of thing), the screen does have a bit of top-end wobble when open, especially when typing on another laptop on the same desk.\n\u0026gt; The keyboard has a roomy layout and a nice clicky tactile with good travel. It is backlit, but with only one backlight level. When enabled via Fn+F10 (which is handled by the EC, so no OpenBSD support required), it will automatically shut off after not typing for a short while, automatically turning back once a key is pressed.\n\n\n\nUpgrades\n    \u0026gt; An interesting feature of the Mi Air is that it comes with a 128Gb SATA SSD but also includes an open PCI-e slot ready to accept an NVMe SSD.\n    \u0026gt; I upgraded mine with a Samsung PM961 256Gb NVMe SSD (left), and while it is possible to run with both drives in at the same time, I removed the Samsung CM871a 128Gb SATA (right) drive to save power.\n    \u0026gt; The bottom case can be removed by removing the seven visible screws, in addition to the one under the foot in the middle back of the case, which just pries off. A spudger tool is needed to release all of the plastic attachment clips along the entire edge of the bottom cover.\n    \u0026gt; Unfortunately this upgrade proved to be quite time consuming due to the combination of the limited UEFI firmware on the Mi Air and a bug in OpenBSD.\n\nA Detour into UEFI Firmware Variables\n\n\n\u0026gt; Unlike a traditional BIOS where one can boot into a menu and configure the boot order as well as enabling and disabling options such as \"USB Hard Drive\", the InsydeH2O UEFI firmware on the Xiaomi Air only provides the ability to adjust the boot order of existing devices. Any change or addition of boot devices must be done from the operating system, which is not possible under OpenBSD.\n\u0026gt; I booted to a USB key with OpenBSD on it and manually partitioned the new NVME SSD, then rsynced all of the data over from the old drive, but the laptop would not boot to the new NVME drive, instead showing an error message that there was no bootable OS.\n\u0026gt; Eventually I figured out that the GPT table that OpenBSD created on the NVMe disk was wrong due to a [one-off bug in the nvme driver](https://github.com/openbsd/src/commit/dc8298f669ea2d7e18c8a8efea509eed200cb989) which was causing the GPT table to be one sector too large, causing the backup GPT table to be written in the wrong location (and other utilities under Linux to write it over the OpenBSD area). I'm guessing the UEFI firmware would fail to read the bad GPT table on the disk that the boot variable pointed to, then declare that disk as missing, and then remove any variables that pointed to that disk.\n\n\n\nOpenBSD Support\n\n\n\u0026gt; The Mi Air's soldered-on Intel 8260 wireless adapter is supported by OpenBSD's iwm driver, including 802.11n support. The Intel sound chip is recognized by the azalia driver.\n\u0026gt; The Synaptics touchpad is connected via I2C, but is not yet supported. I am actively hacking on my dwiic driver to make this work and the touchpad will hopefully operate as a Windows Precision Touchpad via imt so I don't have to write an entirely new Synaptics driver.\n\u0026gt; Unfortunately since OpenBSD's inteldrm support that is ported from Linux is lagging quite a bit behind, there is no kernel support for Skylake and Kaby Lake video chips. Xorg works at 1920x1080 through efifb so the machine is at least usable, but X is not very fast and there is a noticeable delay when doing certain redrawing operations in xterm. Screen backlight can be adjusted through my OpenBSD port of intel_backlight. Since there is no hardware graphics support, this also means that suspend and resume do not work because nothing is available to re-POST the video after resume. Having to use efifb also makes it impossible to adjust the screen gamma, so for me, I can't use redshift for comfortable night-time hacking.\n\n\n\nFlaws\n\n\n\u0026gt; Especially taking into account the cheap price of the laptop, it's hard to find faults with the design. One minor gripe is that the edges of the case along the bottom are quite sharp, so when carrying the closed laptop, it can feel uncomfortable in one's hands.\n\u0026gt; While all of those things could be overlooked, unfortunately there is also a critical flaw in the rollover support in the keyboard/EC on the laptop. When typing certain combinations of keys quickly, such as holding Shift and typing \"NULL\", one's fingers may actually hold down the Shift, N, and U keys at the same time for a very brief moment before releasing N. Normally the keyboard/EC would recognize U being pressed after N is already down and send an interrupt for the U key. Unfortunately on this laptop, particular combinations of three keys do not interrupt for the third key at all until the second key is lifted, usually causing the third key not to register at all if typed quickly.\n\n\n\nI've been able to reproduce this problem in OpenBSD, Linux, and Windows, with the combinations of at least Shift+N+U and Shift+D+F. Holding Shift and typing the two characters in sequence quickly enough will usually fail to register the final character. Trying the combinations without Shift, using Control or Alt instead of Shift, or other character pairs does not trigger the problem.\nThis might be a problem in the firmware on the Embedded Controller, or a defect in the keyboard circuitry itself. As I mentioned at the beginning, getting technical support for this machine is difficult because it's only sold in China.\n\n\n\n\nDocker on OpenBSD 6.1-current\n\n\nDave Voutila writes:\n\n\n\nSo here’s the thing. I’m normally a macOS user…all my hardware was designed in Cupertino, built in China. But I’m restless and have been toying with trying to switch my daily machine over to a non-macOS system sort of just for fun. I find Linux messy, FreeBSD not as Apple-laptop-friendly as it should be, and Windows a non-starter. Luckily, I found a friend in Puffy. Switching some of my Apple machines over to dual-boot OpenBSD left a gaping hole in my workflow. Luckily, all the hard work the OpenBSD team has done over the last year seems to have plugged it nicely!\nOpenBSD’s hypervisor support officially made it into the 6.1 release, but after some experimentation it was rather time consuming and too fragile to get a Linux guest up and running (i.e. basically the per-requisite for Docker). Others had reported some success starting with QEMU and doing lots of tinkering, but after a wasted evening I figured I’d grab the latest OpenBSD snapshot and try what the openbsd-misc list suggested was improved Linux support in active development.\n\n\n\n10 (11) Steps to docker are provided\n\n\nStep 0 — Install the latest OpenBSD 6.1 snapshot (-current)\nStep 1 — Configure VMM/VMD\nStep 2 — Grab an Alpine Linux ISO\nStep 3 — Make a new virtual disk image\nStep 4 — Boot Alpine’s ISO\nStep 5 — Inhale that fresh Alpine air\nStep 6 — Boot Alpine for Reals\nStep 7 — Install Docker\nStep 8 — Make a User\nStep 9 — Ditch the Serial Console\nStep 10 — Test out your Docker instance\n\n\n\n\nI haven’t done it yet, but I plan on installing docker-compose via Python’s pip package manager. I prefer defining containers in the compose files.\n\n\n\n\nPostgreSQL + ZFS Best Practices and Standard Procedures\n\n\nSlides from Sean Chittenden’s talk about PostgreSQL and ZFS at Scale 15x this spring\nSlides start with a good overview of Postgres and ZFS, and how to use them together\nTo start, it walks through the basics of how PostgreSQL interacts with the filesystem (any filesystem)\nThen it shows the steps to take a good backup of PostgreSQL, then how to do it even better with ZFS\nThen an intro to ZFS, and how Copy-on-Write changes host PostgreSQL interacts with the filesystem\nOverview of how ZFS works\nZFS Tuning tips: Compression, Recordsize, atime, when to use mostly ARC vs shared_buffer, plus pg_repack\nFollowed by a discussion of the reliability of SSDs, and their Bit Error Rate (BER)\nA good SSD has a 4%/year chance of returning the wrong data. A cheap SSD 34%\nIf you put 20 SSDs in a database server, that means 58% (Good SSDs) to 99.975% (Lowest quality commercially viable SSD) chance of an error per year\nLuckily, ZFS can detect and correct these errors\nThis applies to all storage, not just SSDs, every device fails\nMore Advice:\n\n\nUse quotas and reservations to avoid running out of space\nSchedule Periodic Scrubs\nOne dataset per database\n\nBackups: Live demo of rm -rf’ing the database and getting it back\nUsing clones to test upgrades on real data\nNaming Conventions:\n\n\nUse a short prefix not on the root filesystem (e.g. /db)\nEncode the PostgreSQL major version into the dataset name\nGive each PostgreSQL cluster its own dataset (e.g. pgdb01)\nOptional but recommended: one database per cluster\nOptional but recommended: one app per database\nOptional but recommended: encode environment into DB name\nOptional but recommended: encode environment into DB username\n\nusing ZFS Replication\nCheck out the full detailed PDF and implement a similar setup for your database needs\n***\n\n\nNews Roundup\n\nTrueOS Evolving Its \"Stable\" Release Cycle\n\n\nTrueOS is reformulating its Stable branch based on feedback from users. The goal is to have a “release” of the stable branch every 6 months, for those who do not want to live on the edge with the rapid updates of the full rolling release\n\n\n\nMost of the TrueOS developers work for iX Systems in their Tennessee office. Last month, the Tennessee office was moved to a different location across town. As part of the move, we need to move all our servers. We’re still getting some of the infrastructure sorted before moving the servers, so please bear with us as we continue this process.\nAs we’ve continued working on TrueOS, we’ve heard a significant portion of the community asking for a more stable “STABLE” release of TrueOS, maybe something akin to an old PC-BSD version release. In order to meet that need, we’re redefining the TrueOS STABLE branch a bit. STABLE releases are now expected to follow a six month schedule, with more testing and lots of polish between releases. This gives users the option to step back a little from the “cutting edge” of development, but still enjoy many of the benefits of the “rolling release” style and the useful elements of FreeBSD Current.\nCritical updates like emergency patches and utility bug fixes are still expected to be pushed to STABLE on a case-by-case basis, but again with more testing and polish. This also applies to version updates of the Lumina and SysAdm projects. New, released work from those projects will be tested and added to STABLE outside the 6 month window as well.\nThe UNSTABLE branch continues to be our experimental “cutting edge” track, and users who want to follow along with our development and help us or FreeBSD test new features are still encouraged to follow the UNSTABLE track by checking that setting in their TrueOS Update Manager.\n\n\n\nWith boot environments, it will be easy to switch back and forth, so you can have the best of both worlds. Use the latest bleeding edge features, but knowing you can fall back to the stable branch with just a reboot\n\n\n\nAs TrueOS evolves, it is becoming clearer that one role of the system is to function as a “test platform” for FreeBSD. In order to better serve this role, TrueOS will support both OpenRC and the FreeBSD RC init systems, giving users the choice to use either system. While the full functionality isn’t quite ready for the next STABLE update, it is planned for addition after the last bit of work and testing is complete. Stay tuned for an upcoming blog post with all the details of this change, along with instructions how to switch between RC and OpenRC.\n\n\n\nThis is the most important change for me. I used TrueOS as an easy way to run the latest version of -CURRENT on my laptop, to use it as a user, but also to do development. When TrueOS deviates from FreeBSD too much, it lessens the power of my expertise, and complicates development and debugging.\nBeing able to switch back to RC, even if it takes another minute to boot, will bring TrueOS back to being FreeBSD + GUI and more by default, instead of a science project.\nWe need both of those things, so having the option, while more work for the TrueOS team, I think will be better for the entire community\n***\n\n\nLogical Domains on SunFire T2000 with OpenBSD/sparc64\n\n\nA couple of years ago, I picked up a Sun Fire T2000. This is a 2U rack mount server. Mine came with four 146GB SAS drives, a 32-core UltraSPARC T1 CPU and 32GB of RAM.\nSun Microsystems incorporated Logical Domains (LDOMs) on this class of hardware. You don't often need 32 threads and 32GB of RAM in a single server. LDOMs are a kind of virtualization technology that's a bit closer to bare metal than vmm, Hyper-V, VirtualBox or even Xen. It works a bit like Xen, though. You can allocate processor, memory, storage and other resources to virtual servers on-board, with a blend of firmware that supports the hardware allocation, and some software in userland (on the so-called primary or control domain, similar to Xen DomU) to control it.\nLDOMs are similar to what IBM calls Logical Partitions (LPARs) on its Mainframe and POWER series computers. My day job from 2006-2010 involved working with both of these virtualization technologies, and I've kind of missed it.\nWhile upgrading OpenBSD to 6.1 on my T2000, I decided to delve into LDOM support under OpenBSD. This was pretty easy to do, but let's walk through it\n\n\n\nResources:\n\n\nThe ldomctl(8) man page\ntedu@'s write-up on Flak (for a different class of server)\nA Google+ post by bmercer@\n\n\n\n\nOnce you get comfortable with the fact that there's a little-tiny computer (the ALOM) powered by VXWorks inside that's acting as the management system and console (there's no screen or keyboard/mouse input), Installing OpenBSD on the base server is pretty straightforward. The serial console is an RJ-45 jack, and, yes, the ubiquitous blue-colored serial console cables you find for certain kinds of popular routers will work fine.\nOpenBSD installs quite easily, with the same installer you find on amd64 and i386. I chose to install to /dev/sd0, the first SAS drive only, leaving the others unused. It's possible to set them up in a hardware RAID configuration using tools available only under Solaris, or use softraid(4) on OpenBSD, but I didn't do this.\nI set up the primary LDOM to use the first ethernet port, em0. I decided I wanted to bridge the logical domains to the second ethernet port. You could also use a bridge and vether interface, with pf and dhcpd to create a NAT environment, similar to how I networked the vmm(4) systems.\nCreate an LDOM configuration file. You can put this anywhere that's convenient. All of this stuff was in a \"vm\" subdirectory of my home. I called it ldom.conf:\n   domain primary {\n       vcpu 8\n       memory 8G\n   }\n   domain puffy {\n       vcpu 8\n       memory 4G\n       vdisk \"/home/axon/vm/ldom1\"\n       vnet\n   }\n\nMake as many disk images as you want, and make as many additional domain clauses as you wish. Be mindful of system resources. I couldn't actually allocate a full 32GB of RAM across all the LDOMs\nI eventually provisioned seven LDOMs (in addition to the primary) on the T2000, each with 3GB of RAM and 4 vcpu cores. If you get creative with use of network interfaces, virtual ethernet, bridges and pf rules, you can run a pretty complex environment on a single chassis, with services that are only exposed to other VMs, a DMZ segment, and the internal LAN.\n\n\n\nA nice tutorial, and an interesting look at an alternative platform that was ahead of its time\n***\n\n\ndocumentation is thoroughly hard\n\n\nTed Unangst has a new post this week about documentation:\n\n\n\nDocumentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control\nA fine example is the old OpenBSD install instructions. Once you’ve installed OpenBSD once or twice, the process is quite simple, but you’d never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you’ve already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask.\nPart of the problem is how the information is organized. Theoretically it makes sense to list supported hardware before instructions. After all, you can’t install anything if it’s not supported, right? I’m sure that was considered when the device list was originally inserted above the install instructions. But as a practical matter, consulting a device list is neither the easiest nor fastest way to determine what actually works.\n\n\n\nIn the FreeBSD docs tree, we have been doing a facelift project, trying to add ‘quick start’ sections to each chapter to let you get to the more important information first. It is also helpful to move data in the forms of lists and tables to appendices or similar, where they can easily be references, but are not blocking your way to the information you are actually hunting for\n\n\n\nAn example of nerdview signage. “They have in effect provided a sign that will tell you exactly what the question is provided you can already supply the answer.”\n\n\n\nThat is, the logical minds of technical people often decide to order information in an order that makes sense to them, rather than in the order that will be most useful to the reader\n\n\n\nIn the end, I think “copy diskimage to USB and follow prompts” is all the instructions one should need, but it’s hard to overcome the unease of actually making the jump. What if somebody is confused or uncertain? Why is this paragraph more redundant than that paragraph? (And if we delete both, are we cutting too much?)\nSometimes we don’t need to delete the information. Just hide it. The instructions to upgrade to 4.8 and upgrade to 5.8 are very similar, with a few differences because every release is a little bit different. The pages look very different, however, because the not at all recommended kernel free procedure, which takes up half the page, has been hidden from view behind some javascript and only expanded on demand. A casual browser will find the page and figure the upgrade process will be easy, as opposed to some long ordeal.\n\n\n\nThis is important as well, it was my original motivation for working on the FreeBSD Handbook’s ZFS chapter. The very first section of the chapter was the custom kernel configuration required to run ZFS on i386. That scared many users away. I moved that to the very end, and started with why you might want to use ZFS. Much more approachable.\n\n\n\nSometimes it’s just a tiny detail that’s overspecified. The apmd manual used to explain exactly which CPU idle time thresholds were used to adjust frequency. Those parameters, and the algorithm itself, were adjusted occasionally in response to user feedback, but sometimes the man page lagged behind. The numbers are of no use to a user. They’re not adjustable without recompiling. Knowing that the frequency would be reduced at 85% idle vs 90% idle doesn’t really offer much guidance as to whether to enable auto scaling or not. Deleting this detail ensured the man page was always correct and spares the user the cognitive load of trying to solve an unnecessary math problem.\n\n\n\nFor fun:\n\n\n\nFor another humorous example, it was recently observed that the deja-dup package provides man page translations for Australia, Canada, and Great Britain. I checked, the pages are in fact not quite identical. Some contain typo fixes that didn’t propagate to other translations. Project idea: attempt to identify which country has the most users, or most fastidious users, by bug fixes to localized man pages.\n\n\n\n\nlldb on BeagleBone Black\n\n\nI reliably managed to build (lldb + clang/lld) from the svn trunk of LLVM 5.0.0 on my Beaglebone Black running the latest snapshot (May 20th) of FreeBSD 12.0-CURRENT, and the lldb is working very well, and this includes single stepping and ncurses-GUI mode, while single stepping with the latest lldb 4.0.1 from the ports does not work.\nIn order to reliably build LLVM 5.0.0 (svn), I set up a 1 GB swap partition for the BBB on a NFSv4 share on a FreeBSD fileserver in my network - I put a howto of the procedure on my BLog: https://obsigna.net/?p=659\n\n\n\nThe prerequesites on the Beaglebone are:\n\n\n# pkg install tmux\n# pkg install cmake\n# pkg install python\n# pkg install libxml2\n# pkg install swig30\n# pkg install ninja\n# pkg install subversion\n\n\n\nOn the FreeBSD fileserver:\n\n\n# /path_to_the/bbb_share\n# svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm\n# cd llvm/tools\n# svn co http://llvm.org/svn/llvm-project/cfe/trunk clang\n# svn co http://llvm.org/svn/llvm-project/lld/trunk lld\n# svn co http://llvm.org/svn/llvm-project/lldb/trunk lldb\n\n\n\n\nOn the Beaglebone Black:\n\n\n # mount_nfs -o noatime,readahead=4,intr,soft,nfsv4 server:/path_to_the/bbb_share /mnt\n # cd /mnt\n # mkdir build\n # cmake -DLLVM_TARGETS_TO_BUILD=\"ARM\" -DCMAKE_BUILD_TYPE=\"MinSizeRel\" \\\n        -DLLVM_PARALLEL_COMPILE_JOBS=\"1\" -DLLVM_PARALLEL_LINK_JOBS=\"1\" -G Ninja ..\n\n\n\nI execute the actual build command from within a tmux session, so I may disconnect during the quite long (40 h) build:\n\n\n# tmux new \"ninja lldb install\" \n\n\n\nWhen debugging in GUI mode using the newly build lldb 5.0.0-svn, I see only a minor issue, namely UTF8 strings are not displayed correctly. This happens in the ncurses-GUI only, and this is an ARM issue, since it does not occur on x86 machines. Perhaps this might be related to the signed/unsigned char mismatch between ARM and x86.\n\n\n\n\nBeastie Bits\n\n\nTriangle BSD Meetup on June 27th\nSupport for Controller Area Networks (CAN) in NetBSD\nNotes from Monday's meeting\nRunBSD - A site about the BSD family of operating systems\nBSDCam(bridge) 2017 Travel Grant Application Now Open\nNew BSDMag has been released\n***\n\n\nFeedback/Questions\n\n\nPhilipp - A show about byhve\nJake - byhve Support on AMD\nCY - Pledge and Capsicum\nCY - OpenSSL relicense Issue\nAndy - Laptops\n***\n","content_html":"\u003cp\u003eThis week on BSD Now, we review the EuroBSDcon schedule, we explore the mysteries of Docker on OpenBSD, and show you how to run PostgreSQL on ZFS.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2017.eurobsdcon.org/2017/05/26/talks-schedule-published/\" rel=\"nofollow\"\u003eEuroBSDcon 2017 - Talks \u0026amp; Schedule published\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe EuroBSDcon website was updated with the tutorial and talk schedule for the upcoming September conference in Paris, France.\u003c/li\u003e\n\u003cli\u003eTutorials on the 1st day: Kirk McKusick - An Introduction to the FreeBSD Open-Source Operating System, George Neville-Neil - DTrace for Developers, Taylor R Campbell - How to untangle your threads from a giant lock in a multiprocessor system\u003c/li\u003e\n\u003cli\u003eTutorials on the 2nd day: Kirk continues his Introduction lecture, Michael Lucas - Core concepts of ZFS (half day), Benedict Reuschling - Managing BSD systems with Ansible (half day), Peter Hessler - BGP for developers and sysadmins\u003c/li\u003e\n\u003cli\u003eTalks include 3 keynotes (2 on the first day, beginning and end), another one at the end of the second day by Brendan Gregg\u003c/li\u003e\n\u003cli\u003eGood mixture of talks of the various BSD projects\u003c/li\u003e\n\u003cli\u003eAlso, a good amount of new names and faces\u003c/li\u003e\n\u003cli\u003eCheck out the full \u003ca href=\"https://2017.eurobsdcon.org/talks-schedule/\" rel=\"nofollow\"\u003etalk schedule\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRegistration is not open yet, but will be soon.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/2017/05/22/xiaomiair\" rel=\"nofollow\"\u003eOpenBSD on the Xiaomi Mi Air 12.5\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe \u003ca href=\"https://xiaomi-mi.com/notebooks/xiaomi-mi-notebook-air-125-silver/\" rel=\"nofollow\"\u003eXiaomi Mi Air 12.5\u0026quot;\u003c/a\u003e is a basic fanless 12.5\u0026quot; Ultrabook with good build quality and decent hardware specs, especially for the money: while it can usually be had for about $600, I got mine for $489 shipped to the US during a sale about a month ago.\u003cbr\u003e\nXiaomi offers this laptop in silver and gold. They also make a 13\u0026quot; version but it comes with an NVidia graphics chip. Since these laptops are only sold in China, they come with a Chinese language version of Windows 10 and only one or two distributors that carry them ship to the US. Unfortunately that also means they come with practically no warranty or support.\u003cbr\u003e\nHardware\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; The Mi Air 12.5\u0026quot; has a fanless, 6th generation (Skylake) Intel Core m3 processor, 4Gb of soldered-on RAM, and a 128Gb SATA SSD (more on that later). It has a small footprint of 11.5\u0026quot; wide, 8\u0026quot; deep, and 0.5\u0026quot; thick, and weighs 2.3 pounds.\n\u0026gt; A single USB-C port on the right-hand side is used to charge the laptop and provide USB connectivity. A USB-C ethernet adapter I tried worked fine in OpenBSD. Whether intentional or not, a particular design touch I appreciated was that the USB-C port is placed directly to the right of the power button on the keyboard, so you don\u0026#39;t have to look or feel around for the port when plugging in the power cable.\n\u0026gt; A single USB 3 type-A port is also available on the right side next to the USB-C port. A full-size HDMI port and a headphone jack are on the left-hand side. It has a soldered-on Intel 8260 wireless adapter and Bluetooth. The webcam in the screen bezel attaches internally over USB.\n\u0026gt; The chassis is all aluminum and has sufficient rigidity in the keyboard area. The 12.5\u0026quot; 1920x1080 glossy IPS screen has a fairly small bezel and while its hinge is properly weighted to allow opening the lid with one hand (if you care about that kind of thing), the screen does have a bit of top-end wobble when open, especially when typing on another laptop on the same desk.\n\u0026gt; The keyboard has a roomy layout and a nice clicky tactile with good travel. It is backlit, but with only one backlight level. When enabled via Fn+F10 (which is handled by the EC, so no OpenBSD support required), it will automatically shut off after not typing for a short while, automatically turning back once a key is pressed.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpgrades\u003cbr\u003e\n    \u0026gt; An interesting feature of the Mi Air is that it comes with a 128Gb SATA SSD but also includes an open PCI-e slot ready to accept an NVMe SSD.\u003cbr\u003e\n    \u0026gt; I upgraded mine with a Samsung PM961 256Gb NVMe SSD (left), and while it is possible to run with both drives in at the same time, I removed the Samsung CM871a 128Gb SATA (right) drive to save power.\u003cbr\u003e\n    \u0026gt; The bottom case can be removed by removing the seven visible screws, in addition to the one under the foot in the middle back of the case, which just pries off. A spudger tool is needed to release all of the plastic attachment clips along the entire edge of the bottom cover.\u003cbr\u003e\n    \u0026gt; Unfortunately this upgrade proved to be quite time consuming due to the combination of the limited UEFI firmware on the Mi Air and a bug in OpenBSD.\u003c/p\u003e\n\n\u003cp\u003eA Detour into UEFI Firmware Variables\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; Unlike a traditional BIOS where one can boot into a menu and configure the boot order as well as enabling and disabling options such as \u0026quot;USB Hard Drive\u0026quot;, the InsydeH2O UEFI firmware on the Xiaomi Air only provides the ability to adjust the boot order of existing devices. Any change or addition of boot devices must be done from the operating system, which is not possible under OpenBSD.\n\u0026gt; I booted to a USB key with OpenBSD on it and manually partitioned the new NVME SSD, then rsynced all of the data over from the old drive, but the laptop would not boot to the new NVME drive, instead showing an error message that there was no bootable OS.\n\u0026gt; Eventually I figured out that the GPT table that OpenBSD created on the NVMe disk was wrong due to a [one-off bug in the nvme driver](https://github.com/openbsd/src/commit/dc8298f669ea2d7e18c8a8efea509eed200cb989) which was causing the GPT table to be one sector too large, causing the backup GPT table to be written in the wrong location (and other utilities under Linux to write it over the OpenBSD area). I\u0026#39;m guessing the UEFI firmware would fail to read the bad GPT table on the disk that the boot variable pointed to, then declare that disk as missing, and then remove any variables that pointed to that disk.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD Support\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; The Mi Air\u0026#39;s soldered-on Intel 8260 wireless adapter is supported by OpenBSD\u0026#39;s iwm driver, including 802.11n support. The Intel sound chip is recognized by the azalia driver.\n\u0026gt; The Synaptics touchpad is connected via I2C, but is not yet supported. I am actively hacking on my dwiic driver to make this work and the touchpad will hopefully operate as a Windows Precision Touchpad via imt so I don\u0026#39;t have to write an entirely new Synaptics driver.\n\u0026gt; Unfortunately since OpenBSD\u0026#39;s inteldrm support that is ported from Linux is lagging quite a bit behind, there is no kernel support for Skylake and Kaby Lake video chips. Xorg works at 1920x1080 through efifb so the machine is at least usable, but X is not very fast and there is a noticeable delay when doing certain redrawing operations in xterm. Screen backlight can be adjusted through my OpenBSD port of intel_backlight. Since there is no hardware graphics support, this also means that suspend and resume do not work because nothing is available to re-POST the video after resume. Having to use efifb also makes it impossible to adjust the screen gamma, so for me, I can\u0026#39;t use redshift for comfortable night-time hacking.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFlaws\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e\u0026gt; Especially taking into account the cheap price of the laptop, it\u0026#39;s hard to find faults with the design. One minor gripe is that the edges of the case along the bottom are quite sharp, so when carrying the closed laptop, it can feel uncomfortable in one\u0026#39;s hands.\n\u0026gt; While all of those things could be overlooked, unfortunately there is also a critical flaw in the rollover support in the keyboard/EC on the laptop. When typing certain combinations of keys quickly, such as holding Shift and typing \u0026quot;NULL\u0026quot;, one\u0026#39;s fingers may actually hold down the Shift, N, and U keys at the same time for a very brief moment before releasing N. Normally the keyboard/EC would recognize U being pressed after N is already down and send an interrupt for the U key. Unfortunately on this laptop, particular combinations of three keys do not interrupt for the third key at all until the second key is lifted, usually causing the third key not to register at all if typed quickly.\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve been able to reproduce this problem in OpenBSD, Linux, and Windows, with the combinations of at least Shift+N+U and Shift+D+F. Holding Shift and typing the two characters in sequence quickly enough will usually fail to register the final character. Trying the combinations without Shift, using Control or Alt instead of Shift, or other character pairs does not trigger the problem.\u003cbr\u003e\nThis might be a problem in the firmware on the Embedded Controller, or a defect in the keyboard circuitry itself. As I mentioned at the beginning, getting technical support for this machine is difficult because it\u0026#39;s only sold in China.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110\" rel=\"nofollow\"\u003eDocker on OpenBSD 6.1-current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDave Voutila writes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo here’s the thing. I’m normally a macOS user…all my hardware was designed in Cupertino, built in China. But I’m restless and have been toying with trying to switch my daily machine over to a non-macOS system sort of just for fun. I find Linux messy, FreeBSD not as Apple-laptop-friendly as it should be, and Windows a non-starter. Luckily, I found a friend in Puffy. Switching some of my Apple machines over to dual-boot OpenBSD left a gaping hole in my workflow. Luckily, all the hard work the OpenBSD team has done over the last year seems to have plugged it nicely!\u003cbr\u003e\nOpenBSD’s hypervisor support officially made it into the 6.1 release, but after some experimentation it was rather time consuming and too fragile to get a Linux guest up and running (i.e. basically the per-requisite for Docker). Others had reported some success starting with QEMU and doing lots of tinkering, but after a wasted evening I figured I’d grab the latest OpenBSD snapshot and try what the openbsd-misc list suggested was improved Linux support in active development.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e10 (11) Steps to docker are provided\n\n\u003cul\u003e\n\u003cli\u003eStep 0 — Install the latest OpenBSD 6.1 snapshot (-current)\u003c/li\u003e\n\u003cli\u003eStep 1 — Configure VMM/VMD\u003c/li\u003e\n\u003cli\u003eStep 2 — Grab an Alpine Linux ISO\u003c/li\u003e\n\u003cli\u003eStep 3 — Make a new virtual disk image\u003c/li\u003e\n\u003cli\u003eStep 4 — Boot Alpine’s ISO\u003c/li\u003e\n\u003cli\u003eStep 5 — Inhale that fresh Alpine air\u003c/li\u003e\n\u003cli\u003eStep 6 — Boot Alpine for Reals\u003c/li\u003e\n\u003cli\u003eStep 7 — Install Docker\u003c/li\u003e\n\u003cli\u003eStep 8 — Make a User\u003c/li\u003e\n\u003cli\u003eStep 9 — Ditch the Serial Console\u003c/li\u003e\n\u003cli\u003eStep 10 — Test out your Docker instance\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI haven’t done it yet, but I plan on installing docker-compose via Python’s pip package manager. I prefer defining containers in the compose files.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://people.freebsd.org/%7Eseanc/postgresql/scale15x-2017-postgresql_zfs_best_practices.pdf\" rel=\"nofollow\"\u003ePostgreSQL + ZFS Best Practices and Standard Procedures\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSlides from Sean Chittenden’s talk about PostgreSQL and ZFS at Scale 15x this spring\u003c/li\u003e\n\u003cli\u003eSlides start with a good overview of Postgres and ZFS, and how to use them together\u003c/li\u003e\n\u003cli\u003eTo start, it walks through the basics of how PostgreSQL interacts with the filesystem (any filesystem)\u003c/li\u003e\n\u003cli\u003eThen it shows the steps to take a good backup of PostgreSQL, then how to do it even better with ZFS\u003c/li\u003e\n\u003cli\u003eThen an intro to ZFS, and how Copy-on-Write changes host PostgreSQL interacts with the filesystem\u003c/li\u003e\n\u003cli\u003eOverview of how ZFS works\u003c/li\u003e\n\u003cli\u003eZFS Tuning tips: Compression, Recordsize, atime, when to use mostly ARC vs shared_buffer, plus pg_repack\u003c/li\u003e\n\u003cli\u003eFollowed by a discussion of the reliability of SSDs, and their Bit Error Rate (BER)\u003c/li\u003e\n\u003cli\u003eA good SSD has a 4%/year chance of returning the wrong data. A cheap SSD 34%\u003c/li\u003e\n\u003cli\u003eIf you put 20 SSDs in a database server, that means 58% (Good SSDs) to 99.975% (Lowest quality commercially viable SSD) chance of an error per year\u003c/li\u003e\n\u003cli\u003eLuckily, ZFS can detect and correct these errors\u003c/li\u003e\n\u003cli\u003eThis applies to all storage, not just SSDs, every device fails\u003c/li\u003e\n\u003cli\u003eMore Advice:\n\n\u003cul\u003e\n\u003cli\u003eUse quotas and reservations to avoid running out of space\u003c/li\u003e\n\u003cli\u003eSchedule Periodic Scrubs\u003c/li\u003e\n\u003cli\u003eOne dataset per database\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eBackups: Live demo of rm -rf’ing the database and getting it back\u003c/li\u003e\n\u003cli\u003eUsing clones to test upgrades on real data\u003c/li\u003e\n\u003cli\u003eNaming Conventions:\n\n\u003cul\u003e\n\u003cli\u003eUse a short prefix not on the root filesystem (e.g. /db)\u003c/li\u003e\n\u003cli\u003eEncode the PostgreSQL major version into the dataset name\u003c/li\u003e\n\u003cli\u003eGive each PostgreSQL cluster its own dataset (e.g. pgdb01)\u003c/li\u003e\n\u003cli\u003eOptional but recommended: one database per cluster\u003c/li\u003e\n\u003cli\u003eOptional but recommended: one app per database\u003c/li\u003e\n\u003cli\u003eOptional but recommended: encode environment into DB name\u003c/li\u003e\n\u003cli\u003eOptional but recommended: encode environment into DB username\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eusing ZFS Replication\u003c/li\u003e\n\u003cli\u003eCheck out the full detailed PDF and implement a similar setup for your database needs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/housekeeping-update-infrastructure-trueos-changes/\" rel=\"nofollow\"\u003eTrueOS Evolving Its \u0026quot;Stable\u0026quot; Release Cycle\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTrueOS is reformulating its Stable branch based on feedback from users. The goal is to have a “release” of the stable branch every 6 months, for those who do not want to live on the edge with the rapid updates of the full rolling release\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMost of the TrueOS developers work for iX Systems in their Tennessee office. Last month, the Tennessee office was moved to a different location across town. As part of the move, we need to move all our servers. We’re still getting some of the infrastructure sorted before moving the servers, so please bear with us as we continue this process.\u003cbr\u003e\nAs we’ve continued working on TrueOS, we’ve heard a significant portion of the community asking for a more stable “STABLE” release of TrueOS, maybe something akin to an old PC-BSD version release. In order to meet that need, we’re redefining the TrueOS STABLE branch a bit. STABLE releases are now expected to follow a six month schedule, with more testing and lots of polish between releases. This gives users the option to step back a little from the “cutting edge” of development, but still enjoy many of the benefits of the “rolling release” style and the useful elements of FreeBSD Current.\u003cbr\u003e\nCritical updates like emergency patches and utility bug fixes are still expected to be pushed to STABLE on a case-by-case basis, but again with more testing and polish. This also applies to version updates of the Lumina and SysAdm projects. New, released work from those projects will be tested and added to STABLE outside the 6 month window as well.\u003cbr\u003e\nThe UNSTABLE branch continues to be our experimental “cutting edge” track, and users who want to follow along with our development and help us or FreeBSD test new features are still encouraged to follow the UNSTABLE track by checking that setting in their TrueOS Update Manager.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith boot environments, it will be easy to switch back and forth, so you can have the best of both worlds. Use the latest bleeding edge features, but knowing you can fall back to the stable branch with just a reboot\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs TrueOS evolves, it is becoming clearer that one role of the system is to function as a “test platform” for FreeBSD. In order to better serve this role, TrueOS will support both OpenRC and the FreeBSD RC init systems, giving users the choice to use either system. While the full functionality isn’t quite ready for the next STABLE update, it is planned for addition after the last bit of work and testing is complete. Stay tuned for an upcoming blog post with all the details of this change, along with instructions how to switch between RC and OpenRC.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is the most important change for me. I used TrueOS as an easy way to run the latest version of -CURRENT on my laptop, to use it as a user, but also to do development. When TrueOS deviates from FreeBSD too much, it lessens the power of my expertise, and complicates development and debugging.\u003c/li\u003e\n\u003cli\u003eBeing able to switch back to RC, even if it takes another minute to boot, will bring TrueOS back to being FreeBSD + GUI and more by default, instead of a science project.\u003c/li\u003e\n\u003cli\u003eWe need both of those things, so having the option, while more work for the TrueOS team, I think will be better for the entire community\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.h-i-r.net/2017/05/logical-domains-on-sunfire-t2000-with.html\" rel=\"nofollow\"\u003eLogical Domains on SunFire T2000 with OpenBSD/sparc64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA couple of years ago, I picked up a Sun Fire T2000. This is a 2U rack mount server. Mine came with four 146GB SAS drives, a 32-core UltraSPARC T1 CPU and 32GB of RAM.\u003cbr\u003e\nSun Microsystems incorporated Logical Domains (LDOMs) on this class of hardware. You don\u0026#39;t often need 32 threads and 32GB of RAM in a single server. LDOMs are a kind of virtualization technology that\u0026#39;s a bit closer to bare metal than vmm, Hyper-V, VirtualBox or even Xen. It works a bit like Xen, though. You can allocate processor, memory, storage and other resources to virtual servers on-board, with a blend of firmware that supports the hardware allocation, and some software in userland (on the so-called primary or control domain, similar to Xen DomU) to control it.\u003cbr\u003e\nLDOMs are similar to what IBM calls Logical Partitions (LPARs) on its Mainframe and POWER series computers. My day job from 2006-2010 involved working with both of these virtualization technologies, and I\u0026#39;ve kind of missed it.\u003cbr\u003e\nWhile upgrading OpenBSD to 6.1 on my T2000, I decided to delve into LDOM support under OpenBSD. This was pretty easy to do, but let\u0026#39;s walk through it\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eResources:\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://man.openbsd.org/OpenBSD-current/man8/sparc64/ldomctl.8\" rel=\"nofollow\"\u003eThe ldomctl(8) man page\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120\" rel=\"nofollow\"\u003etedu@\u0026#39;s write-up on Flak (for a different class of server)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://plus.google.com/101694200911870273983/posts/jWh4rMKVq97\" rel=\"nofollow\"\u003eA Google+ post by bmercer@\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce you get comfortable with the fact that there\u0026#39;s a little-tiny computer (the ALOM) powered by VXWorks inside that\u0026#39;s acting as the management system and console (there\u0026#39;s no screen or keyboard/mouse input), Installing OpenBSD on the base server is pretty straightforward. The serial console is an RJ-45 jack, and, yes, the ubiquitous blue-colored serial console cables you find for certain kinds of popular routers will work fine.\u003cbr\u003e\nOpenBSD installs quite easily, with the same installer you find on amd64 and i386. I chose to install to /dev/sd0, the first SAS drive only, leaving the others unused. It\u0026#39;s possible to set them up in a hardware RAID configuration using tools available only under Solaris, or use softraid(4) on OpenBSD, but I didn\u0026#39;t do this.\u003cbr\u003e\nI set up the primary LDOM to use the first ethernet port, em0. I decided I wanted to bridge the logical domains to the second ethernet port. You could also use a bridge and vether interface, with pf and dhcpd to create a NAT environment, similar to how I networked the vmm(4) systems.\u003cbr\u003e\nCreate an LDOM configuration file. You can put this anywhere that\u0026#39;s convenient. All of this stuff was in a \u0026quot;vm\u0026quot; subdirectory of my home. I called it ldom.conf:\u003cbr\u003e\n   domain primary {\u003cbr\u003e\n       vcpu 8\u003cbr\u003e\n       memory 8G\u003cbr\u003e\n   }\u003cbr\u003e\n   domain puffy {\u003cbr\u003e\n       vcpu 8\u003cbr\u003e\n       memory 4G\u003cbr\u003e\n       vdisk \u0026quot;/home/axon/vm/ldom1\u0026quot;\u003cbr\u003e\n       vnet\u003cbr\u003e\n   }\u003c/p\u003e\n\n\u003cp\u003eMake as many disk images as you want, and make as many additional domain clauses as you wish. Be mindful of system resources. I couldn\u0026#39;t actually allocate a full 32GB of RAM across all the LDOMs\u003cbr\u003e\nI eventually provisioned seven LDOMs (in addition to the primary) on the T2000, each with 3GB of RAM and 4 vcpu cores. If you get creative with use of network interfaces, virtual ethernet, bridges and pf rules, you can run a pretty complex environment on a single chassis, with services that are only exposed to other VMs, a DMZ segment, and the internal LAN.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA nice tutorial, and an interesting look at an alternative platform that was ahead of its time\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/documentation-is-thoroughly-hard\" rel=\"nofollow\"\u003edocumentation is thoroughly hard\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst has a new post this week about documentation:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDocumentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control\u003cbr\u003e\nA fine example is the old OpenBSD install instructions. Once you’ve installed OpenBSD once or twice, the process is quite simple, but you’d never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you’ve already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask.\u003cbr\u003e\nPart of the problem is how the information is organized. Theoretically it makes sense to list supported hardware before instructions. After all, you can’t install anything if it’s not supported, right? I’m sure that was considered when the device list was originally inserted above the install instructions. But as a practical matter, consulting a device list is neither the easiest nor fastest way to determine what actually works.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the FreeBSD docs tree, we have been doing a facelift project, trying to add ‘quick start’ sections to each chapter to let you get to the more important information first. It is also helpful to move data in the forms of lists and tables to appendices or similar, where they can easily be references, but are not blocking your way to the information you are actually hunting for\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAn example of \u003ca href=\"http://languagelog.ldc.upenn.edu/nll/?p=29866\" rel=\"nofollow\"\u003enerdview signage\u003c/a\u003e. “They have in effect provided a sign that will tell you exactly what the question is provided you can already supply the answer.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThat is, the logical minds of technical people often decide to order information in an order that makes sense to them, rather than in the order that will be most useful to the reader\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the end, I think “copy diskimage to USB and follow prompts” is all the instructions one should need, but it’s hard to overcome the unease of actually making the jump. What if somebody is confused or uncertain? Why is this paragraph more redundant than that paragraph? (And if we delete both, are we cutting too much?)\u003cbr\u003e\nSometimes we don’t need to delete the information. Just hide it. The instructions to upgrade to 4.8 and upgrade to 5.8 are very similar, with a few differences because every release is a little bit different. The pages look very different, however, because the not at all recommended kernel free procedure, which takes up half the page, has been hidden from view behind some javascript and only expanded on demand. A casual browser will find the page and figure the upgrade process will be easy, as opposed to some long ordeal.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is important as well, it was my original motivation for working on the FreeBSD Handbook’s ZFS chapter. The very first section of the chapter was the custom kernel configuration required to run ZFS on i386. That scared many users away. I moved that to the very end, and started with why you might want to use ZFS. Much more approachable.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSometimes it’s just a tiny detail that’s overspecified. The apmd manual used to explain exactly which CPU idle time thresholds were used to adjust frequency. Those parameters, and the algorithm itself, were adjusted occasionally in response to user feedback, but sometimes the man page lagged behind. The numbers are of no use to a user. They’re not adjustable without recompiling. Knowing that the frequency would be reduced at 85% idle vs 90% idle doesn’t really offer much guidance as to whether to enable auto scaling or not. Deleting this detail ensured the man page was always correct and spares the user the cognitive load of trying to solve an unnecessary math problem.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor fun:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor another humorous example, it was recently observed that the deja-dup package provides man page translations for Australia, Canada, and Great Britain. I checked, the pages are in fact not quite identical. Some contain typo fixes that didn’t propagate to other translations. Project idea: attempt to identify which country has the most users, or most fastidious users, by bug fixes to localized man pages.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-arm/2017-May/016260.html\" rel=\"nofollow\"\u003elldb on BeagleBone Black\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI reliably managed to build (lldb + clang/lld) from the svn trunk of LLVM 5.0.0 on my Beaglebone Black running the latest snapshot (May 20th) of FreeBSD 12.0-CURRENT, and the lldb is working very well, and this includes single stepping and ncurses-GUI mode, while single stepping with the latest lldb 4.0.1 from the ports does not work.\u003cbr\u003e\nIn order to reliably build LLVM 5.0.0 (svn), I set up a 1 GB swap partition for the BBB on a NFSv4 share on a FreeBSD fileserver in my network - I put a howto of the procedure on my BLog: \u003ca href=\"https://obsigna.net/?p=659\" rel=\"nofollow\"\u003ehttps://obsigna.net/?p=659\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe prerequesites on the Beaglebone are:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e# pkg install tmux\n# pkg install cmake\n# pkg install python\n# pkg install libxml2\n# pkg install swig30\n# pkg install ninja\n# pkg install subversion\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eOn the FreeBSD fileserver:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e# /path_to_the/bbb_share\n# svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm\n# cd llvm/tools\n# svn co http://llvm.org/svn/llvm-project/cfe/trunk clang\n# svn co http://llvm.org/svn/llvm-project/lld/trunk lld\n# svn co http://llvm.org/svn/llvm-project/lldb/trunk lldb\n\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003eOn the Beaglebone Black:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cpre\u003e\u003ccode\u003e # mount_nfs -o noatime,readahead=4,intr,soft,nfsv4 server:/path_to_the/bbb_share /mnt\n # cd /mnt\n # mkdir build\n # cmake -DLLVM_TARGETS_TO_BUILD=\u0026quot;ARM\u0026quot; -DCMAKE_BUILD_TYPE=\u0026quot;MinSizeRel\u0026quot; \\\n        -DLLVM_PARALLEL_COMPILE_JOBS=\u0026quot;1\u0026quot; -DLLVM_PARALLEL_LINK_JOBS=\u0026quot;1\u0026quot; -G Ninja ..\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI execute the actual build command from within a tmux session, so I may disconnect during the quite long (40 h) build:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e# tmux new \u0026quot;ninja lldb install\u0026quot; \n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen debugging in GUI mode using the newly build lldb 5.0.0-svn, I see only a minor issue, namely UTF8 strings are not displayed correctly. This happens in the ncurses-GUI only, and this is an ARM issue, since it does not occur on x86 machines. Perhaps this might be related to the signed/unsigned char mismatch between ARM and x86.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/Triangle-BSD-Users-Group/events/240247251/\" rel=\"nofollow\"\u003eTriangle BSD Meetup on June 27th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20170521_0113.html\" rel=\"nofollow\"\u003eSupport for Controller Area Networks (CAN) in NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2017-May/014104.html\" rel=\"nofollow\"\u003eNotes from Monday\u0026#39;s meeting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://runbsd.info/\" rel=\"nofollow\"\u003eRunBSD - A site about the BSD family of operating systems\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/bsdcam-2017-travel-grant-application-now-open/\" rel=\"nofollow\"\u003eBSDCam(bridge) 2017 Travel Grant Application Now Open\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/download/nearly-online-zpool-switching-two-freebsd-machines/\" rel=\"nofollow\"\u003eNew BSDMag has been released\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/390F9JN#wrap\" rel=\"nofollow\"\u003ePhilipp - A show about byhve\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0DYG5BD#wrap\" rel=\"nofollow\"\u003eJake - byhve Support on AMD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1YVBT12#wrap\" rel=\"nofollow\"\u003eCY - Pledge and Capsicum\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3RSYV23#wrap\" rel=\"nofollow\"\u003eCY - OpenSSL relicense Issue\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0MM09EX#wrap\" rel=\"nofollow\"\u003eAndy - Laptops\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSD Now, we review the EuroBSDcon schedule, we explore the mysteries of Docker on OpenBSD, and show you how to run PostgreSQL on ZFS.","date_published":"2017-05-31T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2ab6a51e-9952-4066-9b69-3eb9dfeff679.mp3","mime_type":"audio/mpeg","size_in_bytes":76501012,"duration_in_seconds":6375}]},{"id":"f0dd8ba0-2788-4d18-aa36-6cb27f74de37","title":"195: I don’t WannaCry","url":"https://www.bsdnow.tv/195","content_text":"A pledge of love to OpenBSD, combating ransomware like WannaCry with OpenZFS, and using PFsense to maximize your non-gigabit Internet connection\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nino64 project committed to FreeBSD 12-CURRENT\n\n\nThe ino64 project has been completed and merged into FreeBSD 12-CURRENT\n\n\n\nExtend the ino_t, dev_t, nlink_t types to 64-bit ints.  Modify struct dirent layout to add d_off, increase the size of d_fileno to 64-bits, increase the size of d_namlen to 16-bits, and change the required alignment.  Increase struct statfs f_mntfromname[] and f_mntonname[] array length MNAMELEN to 1024\n\n\n\nThis means the length of a mount point (MNAMELEN) has been increased from 88 byte to 1024 bytes. This allows longer ZFS dataset names and more nesting, and generally improves the usefulness of nested jails\nIt also allow more than 4 billion files to be stored in a single file system (both UFS and ZFS). It also deals with a number of NFS problems, such as Amazon’s EFS (cloud NFS), which uses 64 bit IDs even with small numbers of files.\n\n\n\nABI breakage is mitigated by providing compatibility using versioned symbols, ingenious use of the existing padding in structures, and by employing other tricks.  Unfortunately, not everything can be fixed, especially outside the base system.  For instance, third-party APIs which pass struct stat around are broken in backward and forward incompatible ways.\n\n\n\nA bug in poudriere that may cause some packages to not rebuild is being fixed. Many packages like perl will need to be rebuilt after this change\n\n\n\nUpdate note: strictly follow the instructions in UPDATING.  Build and install the new kernel with COMPAT_FREEBSD11 option enabled, then reboot, and only then install new world.\n\n\n\nSo you need the new GENERIC kernel with the COMPAT_FREEBSD11 option, so that your old userland will work with the new kernel, and you need to build, install, and reboot onto the new kernel before attempting to install world. The usual process of installing both and then rebooting will NOT WORK\n\n\n\nCredits: The 64-bit inode project, also known as ino64, started life many years ago as a project by Gleb Kurtsou (gleb).  Kirk McKusick (mckusick) then picked up and updated the patch, and acted as a flag-waver.  Feedback, suggestions, and discussions were carried by Ed Maste (emaste), John Baldwin (jhb), Jilles Tjoelker (jilles), and Rick Macklem (rmacklem).  Kris Moore (kmoore) performed an initial ports investigation followed by an exp-run by Antoine Brodin (antoine). Essential and all-embracing testing was done by Peter Holm (pho). The heavy lifting of coordinating all these efforts and bringing the project to completion were done by Konstantin Belousov (kib).\n\nSponsored by:    The FreeBSD Foundation (emaste, kib)\n\n\n\n\nWhy I love OpenBSD\n\n\nJeroen Janssen writes:\n\n\n\nI do love open source software. Oh boy, I really do love open source software. It’s extendable, auditable, and customizable. What’s not to love?\nI’m astonished by the idea that tens, hundreds, and sometimes even thousands of enthusiastic, passionate developers collaborate on an idea. Together, they make the world a better place, bit by bit.\nAnd this leads me to one of my favorite open source projects: the 22-year-old OpenBSD operating system.\nThe origins of my love affair with OpenBSD\nFrom Linux to *BSD\nThe advantages of OpenBSD\n\nIt’s extremely secure\nIt’s well documented\nIt’s open source\n    \u0026gt; It’s neat and clean\n\nMy take on OpenBSD\n\n\n\n\n** DO **\n\nCombating WannaCry and Other Ransomware with OpenZFS Snapshots\n\n\nRansomware attacks that hold your data hostage using unauthorized data encryption are spreading rapidly and are particularly nefarious because they do not require any special access privileges to your data. A ransomware attack may be launched via a sophisticated software exploit as was the case with the recent “WannaCry” ransomware, but there is nothing stopping you from downloading and executing a malicious program that encrypts every file you have access to. If you fail to pay the ransom, the result will be indistinguishable from your simply deleting every file on your system. To make matters worse, ransomware authors are expanding their attacks to include just about any storage you have access to. The list is long, but includes network shares, Cloud services like DropBox, and even “shadow copies” of data that allow you to open previous versions of files.\nTo make matters even worse, there is little that your operating system can do to prevent you or a program you run from encrypting files with ransomware just as it can’t prevent you from deleting the files you own. Frequent backups are touted as one of the few effective strategies for recovering from ransomware attacks but it is critical that any backup be isolated from the attack to be immune from the same attack. Simply copying your files to a mounted disk on your computer or in the Cloud makes the backup vulnerable to infection by virtue of the fact that you are backing up using your regular permissions. If you can write to it, the ransomware can encrypt it. Like medical workers wearing hazmat suits for isolation when combating an epidemic, you need to isolate your backups from ransomware.\nOpenZFS snapshots to the rescue\nOpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks.\nOpenZFS snapshots in practice\nWhile OpenZFS is available on a number of desktop operating systems such as TrueOS and macOS, the most effective way to bring the benefits of OpenZFS snapshots to the largest number of users is with a network of iXsystems TrueNAS, FreeNAS Certified and FreeNAS Mini unified NAS and SAN storage systems. All of these can provide OpenZFS-backed SMB, NFS, AFP, and iSCSI file and block storage to the smallest workgroups up through the largest enterprises and TrueNAS offers available Fibre Channel for enterprise deployments. By sharing your data to your users using these file and block protocols, you can provide them with a storage infrastructure that can quickly recover from any ransomware attack thrown at it. To mitigate ransomware attacks against individual workstations, TrueNAS and FreeNAS can provide snapshotted storage to your VDI or virtualization solution of choice. Best of all, every iXsystems TrueNAS, FreeNAS Certified, and FreeNAS Mini system includes a consistent user interface and the ability to replicate between one another. This means that any topology of individual offices and campuses can exchange backup data to quickly mitigate ransomware attacks on your organization at all levels.\nJoin us for a free webinar with iXsystems Co-Founder Matt Olander and learn more about why businesses everywhere are replacing their proprietary storage platforms with TrueNAS then email us at info@ixsystems.com or call 1-855-GREP-4-IX (1-855-473-7449), or 1-408-493-4100 (outside the US) to discuss your storage needs with one of our solutions architects.\n\n\n\n\nInterview - Michael W. Lucas - mwlucas@michaelwlucas.com / @twitter\n\nBooks, conferences, and how these two combine\n\n\nBR: Welcome back. Tell us what you’ve been up to since the last time we interviewed you regarding books and such.\nAJ: Tell us a little bit about relayd and what it can do.\nBR: What other books do you have in the pipeline?\nAJ: What are your criteria that qualifies a topic for a mastery book?\nBR: Can you tell us a little bit about these writing workshops that you attend and what happens there?\nAJ: Without spoiling too much: How did you come up with the idea for git commit murder?\nBR: Speaking of BSDCan, can you tell the first timers about what to expect in the [http://www.bsdcan.org/2017/schedule/events/890.en.html](Newcomers orientation and mentorship) session on Thursday?\nAJ: Tell us about the new WIP session at BSDCan. Who had the idea and how much input did you get thus far?\nBR: Have you ever thought about branching off into a new genre like children’s books or medieval fantasy novels?\nAJ: Is there anything else before we let you go?\n***\n\n\nNews Roundup\n\nUsing LLDP on FreeBSD\n\n\nLLDP, or Link Layer Discovery Protocol allows system administrators to easily map the network, eliminating the need to physically run the cables in a rack. LLDP is a protocol used to send and receive information about a neighboring device connected directly to a networking interface. It is similar to Cisco’s CDP, Foundry’s FDP, Nortel’s SONMP, etc. It is a stateless protocol, meaning that an LLDP-enabled device sends advertisements even if the other side cannot do anything with it. In this guide the installation and configuration of the LLDP daemon on FreeBSD as well as on a Cisco switch will be introduced.\nIf you are already familiar with Cisco’s CDP, LLDP won’t surprise you. It is built for the same purpose: to exchange device information between peers on a network. While CDP is a proprietary solution and can be used only on Cisco devices, LLDP is a standard: IEEE 802.3AB. Therefore it is implemented on many types of devices, such as switches, routers, various desktop operating systems, etc. LLDP helps a great deal in mapping the network topology, without spending hours in cabling cabinets to figure out which device is connected with which switchport. If LLDP is running on both the networking device and the server, it can show which port is connected where. Besides physical interfaces, LLDP can be used to exchange a lot more information, such as IP Address, hostname, etc.\nIn order to use LLDP on FreeBSD, net-mgmt/lldpd has to be installed. It can be installed from ports using portmaster: #portmaster net-mgmt/lldpd Or from packages: #pkg install net-mgmt/lldpd By default lldpd sends and receives all the information it can gather , so it is advisable to limit what we will communicate with the neighboring device.\nThe configuration file for lldpd is basically a list of commands as it is passed to lldpcli. Create a file named lldpd.conf under /usr/local/etc/ The following configuration gives an example of how lldpd can be configured. For a full list of options, see %man lldpcli\nTo check what is configured locally, run #lldpcli show chassis detail\nTo see the neighbors run #lldpcli show neighbors details\n\n\n\nCheck out the rest of the article about enabling LLDP on a Cisco switch\n\n\n\n\nexperiments with prepledge\n\n\nTed Unangst takes a crack at a system similar to the one being designed for Capsicum, Oblivious Sandboxing (See the presentation at BSDCan), where the application doesn’t even know it is in the sandbox\n\n\nMP3 is officially dead, so I figure I should listen to my collection one last time before it vanishes entirely. The provenance of some of these files is a little suspect however, and since I know one shouldn’t open files from strangers, I’d like to take some precautions against malicious malarkey. This would be a good use for pledge, perhaps, if we can get it working.\nAt the same time, an occasional feature request for pledge is the ability to specify restrictions before running a program. Given some untrusted program, wrap its execution in a pledge like environment. There are other system call sandbox mechanisms that can do this (systrace was one), but pledge is quite deliberately designed not to support this. But maybe we can bend it to our will.\nOur pledge wrapper can’t be an external program. This leaves us with the option of injecting the wrapper into the target program via LD_PRELOAD. Before main even runs, we’ll initialize what needs initializing, then lock things down with a tight pledge set. Our eventual target will be ffplay, but hopefully the design will permit some flexibility and reuse.\n\nSo the new code is injected to override the open syscall, and reads a list of files from an environment variable. Those files are opened and the path and file descriptor are put into a linked list, and then pledge is used to restrict further access to the file system. The replacement open call now searches just that linked list, returning the already opened file descriptors.\nSo as long as your application only tries to open files that you have preopened, it can function without modification within the sandbox. Or at least that is the goal...\nffplay tries to dlopen() some things, and because of the way dlopen() works, it doesn’t go via the libc open() wrapper, so it doesn’t get overridden\nffplay also tries to call a few ioctl’s, not allowed\nAfter stubbing both of those out, it still doesn’t work and it is just getting worse\nTed switches to a new strategy, using ffmpeg to convert the .mp3 to a .wav file and then just cat it to /dev/audio\nA few more stubs for ffmpeg, including access(), and adding tty access to the list of pledges, and it finally works\n\n\n\nThis point has been made from the early days, but I think this exercise reinforces it, that pledge works best with programs where you understand what the program is doing. A generic pledge wrapper isn’t of much use because the program is going to do something unexpected and you’re going to have a hard time wrangling it into submission.\nSoftware is too complex. What in the world is ffplay doing? Even if I were working with the source, how long would it take to rearrange the program into something that could be pledged? One can try using another program, but I would wager that as far as multiformat media players go, ffplay is actually on the lower end of the complexity spectrum. Most of the trouble comes from using SDL as an abstraction layer, which performs a bunch of console operations.\nOn the flip side, all of this early init code is probably the right design. Once SDL finally gets its screen handle setup, we could apply pledge and sandbox the actual media decoder. That would be the right way to things.\nIs pledge too limiting? Perhaps, but that’s what I want. I could have just kept adding permissions until ffplay had full access to my X socket, but what kind of sandbox is that? I don’t want naughty MP3s scraping my screen and spying on my keystrokes. The sandbox I created had all the capabilities one needs to convert an MP3 to audible sound, but the tool I wanted to use wasn’t designed to work in that environment. And in its defense, these were new post hoc requirements. Other programs, even sed, suffer from less than ideal pledge sets as well. The best summary might be to say that pledge is designed for tomorrow’s programs, not yesterday’s (and vice versa).\nThere were a few things I could have done better. In particular, I gave up getting audio to work, even though there’s a nice description of how to work with pledge in the sio_open manual. Alas, even going back and with a bit more effort I still haven’t succeeded. The requirements to use libsndio are more permissive than I might prefer.\n\n\n\n\nHow I Maximized the Speed of My Non-Gigabit Internet Connection\n\n\nWe have a new post from Brennen Smith, who is the Lead Systems Engineer at Ookla, the company that runs Speedtest.net, explaining how he used pfSense to maximize his internet connection\n\n\n\nI spend my time wrangling servers and internet infrastructure. My daily goals range from designing high performance applications supporting millions of users and testing the fastest internet connections in the world, to squeezing microseconds from our stack —so at home, I strive to make sure that my personal internet performance is running as fast as possible.\nI live in an area with a DOCSIS ISP that does not provide symmetrical gigabit internet — my download and upload speeds are not equal. Instead, I have an asymmetrical plan with 200 Mbps download and 10 Mbps upload — this nuance considerably impacted my network design because asymmetrical service can more easily lead to bufferbloat.\nWe will cover bufferbloat in a later article, but in a nutshell, it’s an issue that arises when an upstream network device’s buffers are saturated during an upload. This causes immense network congestion, latency to rise above 2,000 ms., and overall poor quality of internet. The solution is to shape the outbound traffic to a speed just under the sending maximum of the upstream device, so that its buffers don’t fill up. My ISP is notorious for having bufferbloat issues due to the low upload performance, and it’s an issue prevalent even on their provided routers.\n\n\n\nThey walk through a list of router devices you might consider, and what speeds they are capable of handling, but ultimately ended up using a generic low power x86 machine running pfSense 2.3\n\n\n\nIn my research and testing, I also evaluated IPCop, VyOS, OPNSense, Sophos UTM, RouterOS, OpenWRT x86, and Alpine Linux to serve as the base operating system, but none were as well supported and full featured as PFSense.\n\n\n\nThe main setting to look at is the traffic shaping of uploads, to keep the pipe from getting saturated and having a large buffer build up in the modem and further upstream. This build up is what increases the latency of the connection\n\n\n\nAs with any experiment, any conclusions need to be backed with data. To validate the network was performing smoothly under heavy load, I performed the following experiment:\n\n\nRan a ping6 against speedtest.net to measure latency.\nTurned off QoS to simulate a “normal router”.\nStarted multiple simultaneous outbound TCP and UDP streams to saturate my outbound link.\nTurned on QoS to the above settings and repeated steps 2 and 3.\n\n\nAs you can see from the plot below, without QoS, my connection latency increased by ~1,235%. However with QoS enabled, the connection stayed stable during the upload and I wasn’t able to determine a statistically significant delta.\nThat’s how I maximized the speed on my non-gigabit internet connection. What have you done with your network?\n\n\n\n\nFreeBSD on 11″ MacBook Air\n\n\nSevan Janiyan writes in his tech blog about his experiences running FreeBSD on an 11’’ MacBook Air\n\n\n\nThis tiny machine has been with me for a few years now, It has mostly run OS X though I have tried OpenBSD on it. Besides the screen resolution I’m still really happy with it, hardware wise. Software wise, not so much. I use an external disk containing a zpool with my data on it. Among this data are several source trees. CVS on a ZFS filesystem on OS X is painfully slow. I dislike that builds running inside Terminal.app are slow at the expense of a responsive UI. The system seems fragile, at the slightest push the machine will either hang or become unresponsive. Buggy serial drivers which do not implement the break signal and cause instability are frustrating.\nLast week whilst working on Rump kernel builds I introduced some new build issues in the process of fixing others, I needed to pick up new changes from CVS by updating my copy of the source tree and run builds to test if issues were still present.\nI was let down on both counts, it took ages to update source and in the process of cross compiling a NetBSD/evbmips64-el release, the system locked hard. That was it, time to look what was possible elsewhere. While I have been using OS X for many years, I’m not tied to anything exclusive on it, maybe tweetbot, perhaps, but that’s it.\nOn the BSDnow podcast they’ve been covering changes coming in to TrueOS (formerly PC-BSD – a desktop focused distro based on FreeBSD), their experiments seemed interesting, the project now tracks FreeBSD-CURRENT, they’ve replaced rcng with OpenRC as the init system and it comes with a pre-configured desktop environment, using their own window manager (Lumina). Booting the USB flash image it made it to X11 without any issue. The dock has a widget which states the detected features, no wifi (Broadcom), sound card detected and screen resolution set to 1366×768. I planned to give it a try on the weekend. Friday, I made backups and wiped the system. TrueOS installed without issue, after a short while I had a working desktop, resuming from sleep worked out of the box. I didn’t spend long testing TrueOS, switching out NetBSD-HEAD only to realise that I really need ZFS so while I was testing things out, might as well give stock FreeBSD 11-STABLE a try (TrueOS was based on -CURRENT).\nTurns out sleep doesn’t work yet but sound does work out of the box and with a few invocations of pkg(8) I had xorg, dwm, firefox, CVS and virtuabox-ose installed from binary packages. VirtualBox seems to cause the system to panic (bug 219276) but I should be able to survive without my virtual machines over the next few days as I settle in. I’m considering ditching VirtualBox and converting the vdi files to raw images so that they can be written to a new zvol for use with bhyve. As my default keyboard layout is Dvorak, OS X set the EFI settings to this layout. The first time I installed FreeBSD 11-STABLE, I opted for full disk encryption but ran into this odd issue where on boot the keyboard layout was Dvorak and password was accepted, the system would boot and as it went to mount the various filesystems it would switch back to QWERTY. I tried entering my password with both layout but wasn’t able to progress any further, no bug report yet as I haven’t ruled myself out as the problem.\nThunderbolt gigabit adapter –bge(4) and DVI adapter both worked on FreeBSD though the gigabit adapter needs to be plugged in at boot to be detected. The trackpad bind to wsp(4), left, right and middle clicks are available through single, double and tripple finger tap. Sound card binds to snd_hda(4) and works out of the box.\nFor wifi I’m using a urtw(4) Alfa adapter which is a bit on the large side but works very reliably.  A copy of the dmesg is here.\n\n\n\n\nBeastie Bits\n\n\nOPNsense - call-for-testing for SafeStack\nBSD 4.4: cat\nContinuous Unix commit history from 1970 until today\nUpdate on Unix Architecture Evolution Diagrams\n“Relayd and Httpd Mastery” is out!\nTriangle BSD User Group Meeting -- libxo\n***\n\n\nFeedback/Questions\n\n\nCarlos - ASUS Tinkerboard\nJames - Firewall question\nAdam - ZFS books\nDavid - Managing zvols\n***\n","content_html":"\u003cp\u003eA pledge of love to OpenBSD, combating ransomware like WannaCry with OpenZFS, and using PFsense to maximize your non-gigabit Internet connection\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=318736\" rel=\"nofollow\"\u003eino64 project committed to FreeBSD 12-CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ino64 project has been completed and merged into FreeBSD 12-CURRENT\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eExtend the ino_t, dev_t, nlink_t types to 64-bit ints.  Modify struct dirent layout to add d_off, increase the size of d_fileno to 64-bits, increase the size of d_namlen to 16-bits, and change the required alignment.  Increase struct statfs f_mntfromname[] and f_mntonname[] array length MNAMELEN to 1024\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis means the length of a mount point (MNAMELEN) has been increased from 88 byte to 1024 bytes. This allows longer ZFS dataset names and more nesting, and generally improves the usefulness of nested jails\u003c/li\u003e\n\u003cli\u003eIt also allow more than 4 billion files to be stored in a single file system (both UFS and ZFS). It also deals with a number of NFS problems, such as Amazon’s EFS (cloud NFS), which uses 64 bit IDs even with small numbers of files.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eABI breakage is mitigated by providing compatibility using versioned symbols, ingenious use of the existing padding in structures, and by employing other tricks.  Unfortunately, not everything can be fixed, especially outside the base system.  For instance, third-party APIs which pass struct stat around are broken in backward and forward incompatible ways.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA bug in poudriere that may cause some packages to not rebuild is being fixed. Many packages like perl will need to be rebuilt after this change\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUpdate note: strictly follow the instructions in UPDATING.  Build and install the new kernel with COMPAT_FREEBSD11 option enabled, then reboot, and only then install new world.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo you need the new GENERIC kernel with the COMPAT_FREEBSD11 option, so that your old userland will work with the new kernel, and you need to build, install, and reboot onto the new kernel before attempting to install world. The usual process of installing both and then rebooting will NOT WORK\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eCredits: The 64-bit inode project, also known as ino64, started life many years ago as a project by Gleb Kurtsou (gleb).  Kirk McKusick (mckusick) then picked up and updated the patch, and acted as a flag-waver.  Feedback, suggestions, and discussions were carried by Ed Maste (emaste), John Baldwin (jhb), Jilles Tjoelker (jilles), and Rick Macklem (rmacklem).  Kris Moore (kmoore) performed an initial ports investigation followed by an exp-run by Antoine Brodin (antoine). Essential and all-embracing testing was done by Peter Holm (pho). The heavy lifting of coordinating all these efforts and bringing the project to completion were done by Konstantin Belousov (kib).\u003c/p\u003e\n\n\u003cp\u003eSponsored by:    The FreeBSD Foundation (emaste, kib)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@h3artbl33d/why-i-love-openbsd-ca760cf53941\" rel=\"nofollow\"\u003eWhy I love OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJeroen Janssen writes:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI do love open source software. Oh boy, I really do love open source software. It’s extendable, auditable, and customizable. What’s not to love?\u003cbr\u003e\nI’m astonished by the idea that tens, hundreds, and sometimes even thousands of enthusiastic, passionate developers collaborate on an idea. Together, they make the world a better place, bit by bit.\u003cbr\u003e\nAnd this leads me to one of my favorite open source projects: the 22-year-old OpenBSD operating system.\u003cbr\u003e\nThe origins of my love affair with OpenBSD\u003cbr\u003e\nFrom Linux to *BSD\u003cbr\u003e\nThe advantages of OpenBSD\u003c/p\u003e\n\n\u003cp\u003eIt’s extremely secure\u003cbr\u003e\nIt’s well documented\u003cbr\u003e\nIt’s open source\u003cbr\u003e\n    \u0026gt; It’s neat and clean\u003c/p\u003e\n\n\u003cp\u003eMy take on OpenBSD\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e** DO **\u003c/p\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/combating-ransomware/\" rel=\"nofollow\"\u003eCombating WannaCry and Other Ransomware with OpenZFS Snapshots\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRansomware attacks that hold your data hostage using unauthorized data encryption are spreading rapidly and are particularly nefarious because they do not require any special access privileges to your data. A ransomware attack may be launched via a sophisticated software exploit as was the case with the recent “WannaCry” ransomware, but there is nothing stopping you from downloading and executing a malicious program that encrypts every file you have access to. If you fail to pay the ransom, the result will be indistinguishable from your simply deleting every file on your system. To make matters worse, ransomware authors are expanding their attacks to include just about any storage you have access to. The list is long, but includes network shares, Cloud services like DropBox, and even “shadow copies” of data that allow you to open previous versions of files.\u003cbr\u003e\nTo make matters even worse, there is little that your operating system can do to prevent you or a program you run from encrypting files with ransomware just as it can’t prevent you from deleting the files you own. Frequent backups are touted as one of the few effective strategies for recovering from ransomware attacks but it is critical that any backup be isolated from the attack to be immune from the same attack. Simply copying your files to a mounted disk on your computer or in the Cloud makes the backup vulnerable to infection by virtue of the fact that you are backing up using your regular permissions. If you can write to it, the ransomware can encrypt it. Like medical workers wearing hazmat suits for isolation when combating an epidemic, you need to isolate your backups from ransomware.\u003cbr\u003e\nOpenZFS snapshots to the rescue\u003cbr\u003e\nOpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks.\u003cbr\u003e\nOpenZFS snapshots in practice\u003cbr\u003e\nWhile OpenZFS is available on a number of desktop operating systems such as TrueOS and macOS, the most effective way to bring the benefits of OpenZFS snapshots to the largest number of users is with a network of iXsystems TrueNAS, FreeNAS Certified and FreeNAS Mini unified NAS and SAN storage systems. All of these can provide OpenZFS-backed SMB, NFS, AFP, and iSCSI file and block storage to the smallest workgroups up through the largest enterprises and TrueNAS offers available Fibre Channel for enterprise deployments. By sharing your data to your users using these file and block protocols, you can provide them with a storage infrastructure that can quickly recover from any ransomware attack thrown at it. To mitigate ransomware attacks against individual workstations, TrueNAS and FreeNAS can provide snapshotted storage to your VDI or virtualization solution of choice. Best of all, every iXsystems TrueNAS, FreeNAS Certified, and FreeNAS Mini system includes a consistent user interface and the ability to replicate between one another. This means that any topology of individual offices and campuses can exchange backup data to quickly mitigate ransomware attacks on your organization at all levels.\u003cbr\u003e\nJoin us for a \u003ca href=\"http://www.onlinemeetingnow.com/register/?id=uegudsbc75\" rel=\"nofollow\"\u003efree webinar\u003c/a\u003e with iXsystems Co-Founder Matt Olander and learn more about why businesses everywhere are replacing their proprietary storage platforms with TrueNAS then email us at \u003ca href=\"mailto:info@ixsystems.com\" rel=\"nofollow\"\u003einfo@ixsystems.com\u003c/a\u003e or call 1-855-GREP-4-IX (1-855-473-7449), or 1-408-493-4100 (outside the US) to discuss your storage needs with one of our solutions architects.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Michael W. Lucas - \u003ca href=\"mailto:mwlucas@michaelwlucas.com\" rel=\"nofollow\"\u003emwlucas@michaelwlucas.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/mwlauthor\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBooks, conferences, and how these two combine\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBR: Welcome back. Tell us what you’ve been up to since the last time we interviewed you regarding books and such.\u003c/li\u003e\n\u003cli\u003eAJ: Tell us a little bit about relayd and what it can do.\u003c/li\u003e\n\u003cli\u003eBR: What other books do you have in the pipeline?\u003c/li\u003e\n\u003cli\u003eAJ: What are your criteria that qualifies a topic for a mastery book?\u003c/li\u003e\n\u003cli\u003eBR: Can you tell us a little bit about these writing workshops that you attend and what happens there?\u003c/li\u003e\n\u003cli\u003eAJ: Without spoiling too much: How did you come up with the idea for git commit murder?\u003c/li\u003e\n\u003cli\u003eBR: Speaking of BSDCan, can you tell the first timers about what to expect in the [\u003ca href=\"http://www.bsdcan.org/2017/schedule/events/890.en.html%5D(Newcomers\" rel=\"nofollow\"\u003ehttp://www.bsdcan.org/2017/schedule/events/890.en.html](Newcomers\u003c/a\u003e orientation and mentorship) session on Thursday?\u003c/li\u003e\n\u003cli\u003eAJ: Tell us about the new WIP session at BSDCan. Who had the idea and how much input did you get thus far?\u003c/li\u003e\n\u003cli\u003eBR: Have you ever thought about branching off into a new genre like children’s books or medieval fantasy novels?\u003c/li\u003e\n\u003cli\u003eAJ: Is there anything else before we let you go?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://tetragir.com/freebsd/networking/using-lldp-on-freebsd.html\" rel=\"nofollow\"\u003eUsing LLDP on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLLDP, or Link Layer Discovery Protocol allows system administrators to easily map the network, eliminating the need to physically run the cables in a rack. LLDP is a protocol used to send and receive information about a neighboring device connected directly to a networking interface. It is similar to Cisco’s CDP, Foundry’s FDP, Nortel’s SONMP, etc. It is a stateless protocol, meaning that an LLDP-enabled device sends advertisements even if the other side cannot do anything with it. In this guide the installation and configuration of the LLDP daemon on FreeBSD as well as on a Cisco switch will be introduced.\u003cbr\u003e\nIf you are already familiar with Cisco’s CDP, LLDP won’t surprise you. It is built for the same purpose: to exchange device information between peers on a network. While CDP is a proprietary solution and can be used only on Cisco devices, LLDP is a standard: IEEE 802.3AB. Therefore it is implemented on many types of devices, such as switches, routers, various desktop operating systems, etc. LLDP helps a great deal in mapping the network topology, without spending hours in cabling cabinets to figure out which device is connected with which switchport. If LLDP is running on both the networking device and the server, it can show which port is connected where. Besides physical interfaces, LLDP can be used to exchange a lot more information, such as IP Address, hostname, etc.\u003cbr\u003e\nIn order to use LLDP on FreeBSD, net-mgmt/lldpd has to be installed. It can be installed from ports using portmaster: #portmaster net-mgmt/lldpd Or from packages: #pkg install net-mgmt/lldpd By default lldpd sends and receives all the information it can gather , so it is advisable to limit what we will communicate with the neighboring device.\u003cbr\u003e\nThe configuration file for lldpd is basically a list of commands as it is passed to lldpcli. Create a file named lldpd.conf under /usr/local/etc/ The following configuration gives an example of how lldpd can be configured. For a full list of options, see %man lldpcli\u003cbr\u003e\nTo check what is configured locally, run #lldpcli show chassis detail\u003cbr\u003e\nTo see the neighbors run #lldpcli show neighbors details\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the rest of the article about enabling LLDP on a Cisco switch\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/experiments-with-prepledge\" rel=\"nofollow\"\u003eexperiments with prepledge\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eTed Unangst takes a crack at a system similar to the one being designed for Capsicum, Oblivious Sandboxing (See the presentation at BSDCan), where the application doesn’t even know it is in the sandbox\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMP3 is officially dead, so I figure I should listen to my collection one last time before it vanishes entirely. The provenance of some of these files is a little suspect however, and since I know one shouldn’t open files from strangers, I’d like to take some precautions against malicious malarkey. This would be a good use for pledge, perhaps, if we can get it working.\u003cbr\u003e\nAt the same time, an occasional feature request for pledge is the ability to specify restrictions before running a program. Given some untrusted program, wrap its execution in a pledge like environment. There are other system call sandbox mechanisms that can do this (systrace was one), but pledge is quite deliberately designed not to support this. But maybe we can bend it to our will.\u003cbr\u003e\nOur pledge wrapper can’t be an external program. This leaves us with the option of injecting the wrapper into the target program via LD_PRELOAD. Before main even runs, we’ll initialize what needs initializing, then lock things down with a tight pledge set. Our eventual target will be ffplay, but hopefully the design will permit some flexibility and reuse.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSo the new code is injected to override the open syscall, and reads a list of files from an environment variable. Those files are opened and the path and file descriptor are put into a linked list, and then pledge is used to restrict further access to the file system. The replacement open call now searches just that linked list, returning the already opened file descriptors.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSo as long as your application only tries to open files that you have preopened, it can function without modification within the sandbox. Or at least that is the goal...\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003effplay tries to dlopen() some things, and because of the way dlopen() works, it doesn’t go via the libc open() wrapper, so it doesn’t get overridden\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003effplay also tries to call a few ioctl’s, not allowed\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAfter stubbing both of those out, it still doesn’t work and it is just getting worse\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eTed switches to a new strategy, using ffmpeg to convert the .mp3 to a .wav file and then just cat it to /dev/audio\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA few more stubs for ffmpeg, including access(), and adding tty access to the list of pledges, and it finally works\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis point has been made from the early days, but I think this exercise reinforces it, that pledge works best with programs where you understand what the program is doing. A generic pledge wrapper isn’t of much use because the program is going to do something unexpected and you’re going to have a hard time wrangling it into submission.\u003cbr\u003e\nSoftware is too complex. What in the world is ffplay doing? Even if I were working with the source, how long would it take to rearrange the program into something that could be pledged? One can try using another program, but I would wager that as far as multiformat media players go, ffplay is actually on the lower end of the complexity spectrum. Most of the trouble comes from using SDL as an abstraction layer, which performs a bunch of console operations.\u003cbr\u003e\nOn the flip side, all of this early init code is probably the right design. Once SDL finally gets its screen handle setup, we could apply pledge and sandbox the actual media decoder. That would be the right way to things.\u003cbr\u003e\nIs pledge too limiting? Perhaps, but that’s what I want. I could have just kept adding permissions until ffplay had full access to my X socket, but what kind of sandbox is that? I don’t want naughty MP3s scraping my screen and spying on my keystrokes. The sandbox I created had all the capabilities one needs to convert an MP3 to audible sound, but the tool I wanted to use wasn’t designed to work in that environment. And in its defense, these were new post hoc requirements. Other programs, even sed, suffer from less than ideal pledge sets as well. The best summary might be to say that pledge is designed for tomorrow’s programs, not yesterday’s (and vice versa).\u003cbr\u003e\nThere were a few things I could have done better. In particular, I gave up getting audio to work, even though there’s a nice description of how to work with pledge in the sio_open manual. Alas, even going back and with a bit more effort I still haven’t succeeded. The requirements to use libsndio are more permissive than I might prefer.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/speedtest-by-ookla/engineer-maximizes-internet-speed-story-c3ec0e86f37a\" rel=\"nofollow\"\u003eHow I Maximized the Speed of My Non-Gigabit Internet Connection\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a new post from Brennen Smith, who is the Lead Systems Engineer at Ookla, the company that runs Speedtest.net, explaining how he used pfSense to maximize his internet connection\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI spend my time wrangling servers and internet infrastructure. My daily goals range from designing high performance applications supporting millions of users and testing the fastest internet connections in the world, to squeezing microseconds from our stack —so at home, I strive to make sure that my personal internet performance is running as fast as possible.\u003cbr\u003e\nI live in an area with a DOCSIS ISP that does not provide symmetrical gigabit internet — my download and upload speeds are not equal. Instead, I have an asymmetrical plan with 200 Mbps download and 10 Mbps upload — this nuance considerably impacted my network design because asymmetrical service can more easily lead to bufferbloat.\u003cbr\u003e\nWe will cover bufferbloat in a later article, but in a nutshell, it’s an issue that arises when an upstream network device’s buffers are saturated during an upload. This causes immense network congestion, latency to rise above 2,000 ms., and overall poor quality of internet. The solution is to shape the outbound traffic to a speed just under the sending maximum of the upstream device, so that its buffers don’t fill up. My ISP is notorious for having bufferbloat issues due to the low upload performance, and it’s an issue prevalent even on their provided routers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThey walk through a list of router devices you might consider, and what speeds they are capable of handling, but ultimately ended up using a generic low power x86 machine running pfSense 2.3\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn my research and testing, I also evaluated IPCop, VyOS, OPNSense, Sophos UTM, RouterOS, OpenWRT x86, and Alpine Linux to serve as the base operating system, but none were as well supported and full featured as PFSense.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe main setting to look at is the traffic shaping of uploads, to keep the pipe from getting saturated and having a large buffer build up in the modem and further upstream. This build up is what increases the latency of the connection\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs with any experiment, any conclusions need to be backed with data. To validate the network was performing smoothly under heavy load, I performed the following experiment:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eRan a ping6 against speedtest.net to measure latency.\u003c/li\u003e\n\u003cli\u003eTurned off QoS to simulate a “normal router”.\u003c/li\u003e\n\u003cli\u003eStarted multiple simultaneous outbound TCP and UDP streams to saturate my outbound link.\u003c/li\u003e\n\u003cli\u003eTurned on QoS to the above settings and repeated steps 2 and 3.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAs you can see from the plot below, without QoS, my connection latency increased by ~1,235%. However with QoS enabled, the connection stayed stable during the upload and I wasn’t able to determine a statistically significant delta.\u003cbr\u003e\nThat’s how I maximized the speed on my non-gigabit internet connection. What have you done with your network?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.geeklan.co.uk/?p=2214\" rel=\"nofollow\"\u003eFreeBSD on 11″ MacBook Air\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSevan Janiyan writes in his tech blog about his experiences running FreeBSD on an 11’’ MacBook Air\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis tiny machine has been with me for a few years now, It has mostly run OS X though \u003ca href=\"https://www.geeklan.co.uk/?p=1283\" rel=\"nofollow\"\u003eI have tried OpenBSD on it\u003c/a\u003e. Besides the screen resolution I’m still really happy with it, hardware wise. Software wise, not so much. I use an external disk containing a zpool with my data on it. Among this data are several source trees. CVS on a ZFS filesystem on OS X is painfully slow. I dislike that builds running inside Terminal.app are slow at the expense of a responsive UI. The system seems fragile, at the slightest push the machine will either hang or become unresponsive. Buggy serial drivers which do not implement the break signal and cause instability are frustrating.\u003cbr\u003e\nLast week whilst working on \u003ca href=\"http://rumpkernel.org/\" rel=\"nofollow\"\u003eRump kernel\u003c/a\u003e builds I introduced some new build issues in the process of fixing others, I needed to pick up new changes from CVS by updating my copy of the source tree and run builds to test if issues were still present.\u003cbr\u003e\nI was let down on both counts, it took ages to update source and in the process of cross compiling a NetBSD/evbmips64-el release, the system locked hard. That was it, time to look what was possible elsewhere. While I have been using OS X for many years, I’m not tied to anything exclusive on it, maybe tweetbot, perhaps, but that’s it.\u003cbr\u003e\nOn the BSDnow podcast they’ve been covering changes coming in to TrueOS (formerly PC-BSD – a desktop focused distro based on FreeBSD), their experiments seemed interesting, the project now tracks FreeBSD-CURRENT, they’ve replaced rcng with OpenRC as the init system and it comes with a pre-configured desktop environment, using their own window manager (Lumina). Booting the USB flash image it made it to X11 without any issue. The dock has a widget which states the detected features, no wifi (Broadcom), sound card detected and screen resolution set to 1366×768. I planned to give it a try on the weekend. Friday, I made backups and wiped the system. TrueOS installed without issue, after a short while I had a working desktop, resuming from sleep worked out of the box. I didn’t spend long testing TrueOS, switching out NetBSD-HEAD only to realise that I really need ZFS so while I was testing things out, might as well give stock FreeBSD 11-STABLE a try (TrueOS was based on -CURRENT).\u003cbr\u003e\nTurns out sleep doesn’t work yet but sound does work out of the box and with a few invocations of pkg(8) I had xorg, dwm, firefox, CVS and virtuabox-ose installed from binary packages. VirtualBox seems to cause the system to panic (bug 219276) but I should be able to survive without my virtual machines over the next few days as I settle in. I’m considering ditching VirtualBox and converting the vdi files to raw images so that they can be written to a new zvol for use with bhyve. As my default keyboard layout is Dvorak, OS X set the EFI settings to this layout. The first time I installed FreeBSD 11-STABLE, I opted for full disk encryption but ran into this odd issue where on boot the keyboard layout was Dvorak and password was accepted, the system would boot and as it went to mount the various filesystems it would switch back to QWERTY. I tried entering my password with both layout but wasn’t able to progress any further, no bug report yet as I haven’t ruled myself out as the problem.\u003cbr\u003e\nThunderbolt gigabit adapter –\u003ca href=\"https://www.freebsd.org/cgi/man.cgi?query=bge\" rel=\"nofollow\"\u003ebge(4)\u003c/a\u003e and DVI adapter both worked on FreeBSD though the gigabit adapter needs to be plugged in at boot to be detected. The trackpad bind to \u003ca href=\"https://www.freebsd.org/cgi/man.cgi?query=wsp\" rel=\"nofollow\"\u003ewsp(4)\u003c/a\u003e, left, right and middle clicks are available through single, double and tripple finger tap. Sound card binds to \u003ca href=\"https://www.freebsd.org/cgi/man.cgi?query=snd_hda\" rel=\"nofollow\"\u003esnd_hda(4)\u003c/a\u003e and works out of the box.\u003cbr\u003e\nFor wifi I’m using a \u003ca href=\"https://www.freebsd.org/cgi/man.cgi?query=urtw\" rel=\"nofollow\"\u003eurtw(4)\u003c/a\u003e Alfa adapter which is a bit on the large side but works very reliably.  A copy of the \u003ca href=\"https://www.geeklan.co.uk/files/macbookair/freebsd-dmesg.txt\" rel=\"nofollow\"\u003edmesg\u003c/a\u003e is here.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=5200.0\" rel=\"nofollow\"\u003eOPNsense - call-for-testing for SafeStack\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.rewritinghistorycasts.com/screencasts/bsd-4.4:-cat\" rel=\"nofollow\"\u003eBSD 4.4: cat\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dspinellis/unix-history-repo\" rel=\"nofollow\"\u003eContinuous Unix commit history from 1970 until today\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.spinellis.gr/blog/20170510/\" rel=\"nofollow\"\u003eUpdate on Unix Architecture Evolution Diagrams\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2951\" rel=\"nofollow\"\u003e“Relayd and Httpd Mastery” is out!\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/Triangle-BSD-Users-Group/events/240247251/\" rel=\"nofollow\"\u003eTriangle BSD User Group Meeting -- libxo\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1GJHPNY#wrap\" rel=\"nofollow\"\u003eCarlos - ASUS Tinkerboard\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0QCW933#wrap\" rel=\"nofollow\"\u003eJames - Firewall question\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0GMG5M2#wrap\" rel=\"nofollow\"\u003eAdam - ZFS books\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2GP8H1E#wrap\" rel=\"nofollow\"\u003eDavid - Managing zvols\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"A pledge of love to OpenBSD, combating ransomware like WannaCry with OpenZFS, and using PFsense to maximize your non-gigabit Internet connection","date_published":"2017-05-24T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f0dd8ba0-2788-4d18-aa36-6cb27f74de37.mp3","mime_type":"audio/mpeg","size_in_bytes":54181588,"duration_in_seconds":4515}]},{"id":"58753453-5f24-4697-a3a2-c39ef52c9b5b","title":"194: Daemonic plans","url":"https://www.bsdnow.tv/194","content_text":"This week on BSD Now we cover the latest FreeBSD Status Report, a plan for Open Source software development, centrally managing bhyve with Ansible, libvirt, and pkg-ssh, and a whole lot more.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD Project Status Report (January to March 2017)\n\n\nWhile a few of these projects indicate they are a \"plan B\" or an \"attempt III\", many are still hewing to their original plans, and all have produced impressive results. Please enjoy this vibrant collection of reports, covering the first quarter of 2017.\n\n\n\nThe quarterly report opens with notes from Core, The FreeBSD Foundation, the Ports team, and Release Engineering\nOn the project front, the Ceph on FreeBSD project had made considerable advances, and is now usable as the net/ceph-devel port via the ceph-fuse module. Eventually they hope to have a kernel RADOS block device driver, so fuse is not required\nCloudABI update, including news that the Bitcoin reference implementation is working on a port to CloudABI\neMMC Flash and SD card updates, allowing higher speeds (max speed changes from ~40 to ~80 MB/sec). As well, the MMC Stack can now also be backed by the CAM framework.\nImprovements to the Linuxulator\nMore detail on the pNFS Server plan B that we discussed in a previous week\nSnow B.V. is sponsoring a dutch translation of the FreeBSD Handbook using the new .po system\n***\n\n\nA plan for open source software maintainers\n\n\nColin Percival describes in his blog “a plan for open source software maintainers”:\n\n\n\nI've been writing open source software for about 15 years now; while I'm still wet behind the ears compared to FreeBSD greybeards like Kirk McKusick and Poul-Henning Kamp, I've been around for long enough to start noticing some patterns. In particular:\nFree software is expensive. Software is expensive to begin with; but good quality open source software tends to be written by people who are recognized as experts in their fields (partly thanks to that very software) and can demand commensurate salaries.\nWhile that expensive developer time is donated (either by the developers themselves or by their employers), this influences what their time is used for: Individual developers like doing things which are fun or high-status, while companies usually pay developers to work specifically on the features those companies need. Maintaining existing code is important, but it is neither fun nor high-status; and it tends to get underweighted by companies as well, since maintenance is inherently unlikely to be the most urgent issue at any given time.\nOpen source software is largely a \"throw code over the fence and walk away\" exercise. Over the past 15 years I've written freebsd-update, bsdiff, portsnap, scrypt, spiped, and kivaloo, and done a lot of work on the FreeBSD/EC2 platform. Of these, I know bsdiff and scrypt are very widely used and I suspect that kivaloo is not; but beyond that I have very little knowledge of how widely or where my work is being used. Anecdotally it seems that other developers are in similar positions: At conferences I've heard variations on \"you're using my code? Wow, that's awesome; I had no idea\" many times.\nI have even less knowledge of what people are doing with my work or what problems or limitations they're running into. Occasionally I get bug reports or feature requests; but I know I only hear from a very small proportion of the users of my work. I have a long list of feature ideas which are sitting in limbo simply because I don't know if anyone would ever use them — I suspect the answer is yes, but I'm not going to spend time implementing these until I have some confirmation of that.\nA lot of mid-size companies would like to be able to pay for support for the software they're using, but can't find anyone to provide it. For larger companies, it's often easier — they can simply hire the author of the software (and many developers who do ongoing maintenance work on open source software were in fact hired for this sort of \"in-house expertise\" role) — but there's very little available for a company which needs a few minutes per month of expertise. In many cases, the best support they can find is sending an email to the developer of the software they're using and not paying anything at all — we've all received \"can you help me figure out how to use this\" emails, and most of us are happy to help when we have time — but relying on developer generosity is not a good long-term solution.\nEvery few months, I receive email from people asking if there's any way for them to support my open source software contributions. (Usually I encourage them to donate to the FreeBSD Foundation.) Conversely, there are developers whose work I would like to support (e.g., people working on FreeBSD wifi and video drivers), but there isn't any straightforward way to do this. Patreon has demonstrated that there are a lot of people willing to pay to support what they see as worthwhile work, even if they don't get anything directly in exchange for their patronage.\n\nIt seems to me that this is a case where problems are in fact solutions to other problems. To wit:\nUsers of open source software want to be able to get help with their use cases; developers of open source software want to know how people are using their code.\nUsers of open source software want to support the the work they use; developers of open source software want to know which projects users care about.\nUsers of open source software want specific improvements; developers of open source software may be interested in making those specific changes, but don't want to spend the time until they know someone would use them.\nUsers of open source software have money; developers of open source software get day jobs writing other code because nobody is paying them to maintain their open source software.\n\nI'd like to see this situation get fixed. As I envision it, a solution would look something like a cross between Patreon and Bugzilla: Users would be able sign up to \"support\" projects of their choosing, with a number of dollars per month (possibly arbitrary amounts, possibly specified tiers; maybe including $0/month), and would be able to open issues. These could be private (e.g., for \"technical support\" requests) or public (e.g., for bugs and feature requests); users would be able to indicate their interest in public issues created by other users. Developers would get to see the open issues, along with a nominal \"value\" computed based on allocating the incoming dollars of \"support contracts\" across the issues each user has expressed an interest in, allowing them to focus on issues with higher impact.\n\n\n\nHe poses three questions to users about whether or not people (users and software developers alike) would be interested in this and whether payment (giving and receiving, respectively) is interesting\nCheck out the comments (and those on [https://news.ycombinator.com/item?id=14313804](reddit.com)) as well for some suggestions and discussion on the topic\n***\n\n\nOpenBSD vmm hypervisor: Part 2\n\n\nWe asked for people to write up their experience using OpenBSD’s VMM. This blog post is just that\n\n\n\nThis is going to be a (likely long-running, infrequently-appended) series of posts as I poke around in vmm.  A few months ago, I demonstrated some basic use of the vmm hypervisor as it existed in OpenBSD 6.0-CURRENT around late October, 2016. We'll call that video Part 1.\nQuite a bit of development was done on vmm before 6.1-RELEASE, and it's worth noting that some new features made their way in. Work continues, of course, and I can only imagine the hypervisor technology will mature plenty for the next release. As it stands, this is the first release of OpenBSD with a native hypervisor shipped in the base install, and that's exciting news in and of itself\nTo get our virtual machines onto the network, we have to spend some time setting up a virtual ethernet interface. We'll run a DHCP server on that, and it'll be the default route for our virtual machines. We'll keep all the VMs on a private network segment, and use NAT to allow them to get to the network. There is a way to directly bridge VMs to the network in some situations, but I won't be covering that today.\nCreate an empty disk image for your new VM. I'd recommend 1.5GB to play with at first. You can do this without doas or root if you want your user account to be able to start the VM later. I made a \"vmm\" directory inside my home directory to store VM disk images in. You might have a different partition you wish to store these large files in.\nBoot up a brand new vm instance. You'll have to do this as root or with doas. You can download a -CURRENT install kernel/ramdisk (bsd.rd) from an OpenBSD mirror, or you can simply use the one that's on your existing system (/bsd.rd) like I'll do here.\nThe command will start a VM named \"test.vm\", display the console at startup, use /bsd.rd (from our host environment) as the boot image, allocate 256MB of memory, attach the first network interface to the switch called \"local\" we defined earlier in /etc/vm.conf, and use the test image we just created as the first disk drive.\nNow that the VM disk image file has a full installation of OpenBSD on it, build a VM configuration around it by adding the below block of configuration (with modifications as needed for owner, path and lladdr) to /etc/vm.conf\nI've noticed that VMs with much less than 256MB of RAM allocated tend to be a little unstable for me. You'll also note that in the \"interface\" clause, I hard-coded the lladdr that was generated for it earlier. By specifying \"disable\" in vm.conf, the VM will show up in a stopped state that the owner of the VM (that's you!) can manually start without root access.\n\n\n\nLet us know how VMM works for you\n***\n\n\nNews Roundup\n\nopenbsd changes of note 621\n\n\nMore stuff, more fun.\nFix script to not perform tty operations on things that aren’t ttys. Detected by pledge.\nMerge libdrm 2.4.79.\nAfter a forced unmount, also unmount any filesystems below that mount point.\nFlip previously warm pages in the buffer cache to memory above the DMA region if uvm tells us it is available. Pages are not automatically promoted to upper memory. Instead it’s used as additional memory only for what the cache considers long term buffers. I/O still requires DMA memory, so writing to a buffer will pull it back down.\nMakefile support for systems with both gcc and clang. Make i386 and amd64 so.\nTake a more radical approach to disabling colours in clang.\nWhen the data buffered for write in tmux exceeds a limit, discard it and redraw. Helps when a fast process is running inside tmux running inside a slow terminal.\nAdd a port of witness(4) lock validation tool from FreeBSD. Use it with mplock, rwlock, and mutex in the kernel.\nProperly save and restore FPU context in vmm.\nRemove KGDB. It neither compiles nor works.\nAdd a constant time AES implementation, from BearSSL.\nRemove SSHv1 from ssh.\nand more...\n***\n\n\nDigging into BSD's choice of Unix group for new directories and files\n\n\nI have to eat some humble pie here. In comments on my entry on an interesting chmod failure, Greg A. Woods pointed out that FreeBSD's behavior of creating everything inside a directory with the group of the directory is actually traditional BSD behavior (it dates all the way back to the 1980s), not some odd new invention by FreeBSD. As traditional behavior it makes sense that it's explicitly allowed by the standards, but I've also come to think that it makes sense in context and in general. To see this, we need some background about the problem facing BSD.\nIn the beginning, two things were true in Unix: there was no mkdir() system call, and processes could only be in one group at a time. With processes being in only one group, the choice of the group for a newly created filesystem object was easy; it was your current group. This was felt to be sufficiently obvious behavior that the V7 creat(2) manpage doesn't even mention it.\nNow things get interesting. 4.1c BSD seems to be where mkdir(2) is introduced and where creat() stops being a system call and becomes an option to open(2). It's also where processes can be in multiple groups for the first time. The 4.1c BSD open(2) manpage is silent about the group of newly created files, while the mkdir(2) manpage specifically claims that new directories will have your effective group (ie, the V7 behavior). This is actually wrong. In both mkdir() in sys_directory.c and maknode() in ufs_syscalls.c, the group of the newly created object is set to the group of the parent directory. Then finally in the 4.2 BSD mkdir(2) manpage the group of the new directory is correctly documented (the 4.2 BSD open(2) manpage continues to say nothing about this). So BSD's traditional behavior was introduced at the same time as processes being in multiple groups, and we can guess that it was introduced as part of that change.\nWhen your process can only be in a single group, as in V7, it makes perfect sense to create new filesystem objects with that as their group. It's basically the same case as making new filesystem objects be owned by you; just as they get your UID, they also get your GID. When your process can be in multiple groups, things get less clear. A filesystem object can only be in one group, so which of your several groups should a new filesystem object be owned by, and how can you most conveniently change that choice?\nOne option is to have some notion of a 'primary group' and then provide ways to shuffle around which of your groups is the primary group.\nAnother option is the BSD choice of inheriting the group from context. By far the most common case is that you want your new files and directories to be created in the 'context', ie the group, of the surrounding directory.\nIf you fully embrace the idea of Unix processes being in multiple groups, not just having one primary group and then some number of secondary groups, then the BSD choice makes a lot of sense. And for all of its faults, BSD tended to relatively fully embrace its changes \nWhile it leads to some odd issues, such as the one I ran into, pretty much any choice here is going to have some oddities.\n\n\n\n\nCentrally managed Bhyve infrastructure with Ansible, libvirt and pkg-ssh\n\n\nAt work we've been using Bhyve for a while to run non-critical systems.  It is a really nice and stable hypervisor even though we are using an earlier version available on FreeBSD 10.3. This means we lack Windows and VNC support among other things, but it is not a big deal.\nAfter some iterations in our internal tools, we realised that the installation process was too slow and we always repeated the same steps. Of course,  any good sysadmin will scream \"AUTOMATION!\" and so did we. Therefore, we started looking for different ways to improve our deployments.\nWe had a look at existing frameworks that manage Bhyve, but none of them had a feature that we find really important: having a centralized repository of VM images. For instance, SmartOS applies this method successfully by having a backend server that stores a catalog of VMs and Zones, meaning that new instances can be deployed in a minute at most. This is a game changer if you are really busy in your day-to-day operations.\n\n\n\nThe following building blocks are used:\n\n\nThe ZFS snapshot of an existing VM. This will be our VM template.\nA modified version of oneoff-pkg-create to package the ZFS snapshots.\npkg-ssh  and pkg-repo to host a local FreeBSD repo in a FreeBSD jail.\nlibvirt to manage our Bhyve VMs.\nThe ansible modules virt, virt_net and virt_pool.\n\n\n\n\nOnce automated, the installation process needs 2 minutes at most, compared with the 30 minutes needed to manually install VM plus allowing us to deploy many guests in parallel.\n\n\n\n\nNetBSD maintainer in the QEMU project\n\n\nQEMU - the FAST! processor emulator - is a generic, Open Source, machine emulator and virtualizer. It defines state of the art in modern virtualization.\nThis software has been developed for multiplatform environments with support for NetBSD since virtually forever. It's the primary tool used by the NetBSD developers and release engineering team. It is run with continuous integration tests for daily commits and execute regression tests through the Automatic Test Framework (ATF).\nThe QEMU developers warned the Open Source community - with version 2.9 of the emulator - that they will eventually drop support for suboptimally supported hosts if nobody will step in and take the maintainership to refresh the support. This warning was directed to major BSDs, Solaris, AIX and Haiku.\nThankfully the NetBSD position has been filled - making NetBSD to restore official maintenance.\n\n\n\n\nBeastie Bits\n\n\nOpenBSD Community Goes Gold\nCharmBUG’s Tor Hack-a-thon has been pushed back to July due to scheduling difficulties\nDirect Rendering Manager (DRM) Driver for i915, from the Linux kernel to Haiku with the help of DragonflyBSD’s Linux Compatibility layer\nTomTom lists OpenBSD in license\nLondon Net BSD Meetup on May 22nd\nKnoxBUG meeting May 30th, 2017 - Introduction to FreeNAS\n***\n\n\nFeedback/Questions\n\n\nFelix - Home Firewall\nDavid - Docker Recipes for Jails\nDon - GoLang \u0026amp; Rust\nGeorge - OGG feed\nRoller - BSDCan Tips\n***\n","content_html":"\u003cp\u003eThis week on BSD Now we cover the latest FreeBSD Status Report, a plan for Open Source software development, centrally managing bhyve with Ansible, libvirt, and pkg-ssh, and a whole lot more.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2017-01-2017-03.html\" rel=\"nofollow\"\u003eFreeBSD Project Status Report (January to March 2017)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile a few of these projects indicate they are a \u0026quot;plan B\u0026quot; or an \u0026quot;attempt III\u0026quot;, many are still hewing to their original plans, and all have produced impressive results. Please enjoy this vibrant collection of reports, covering the first quarter of 2017.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe quarterly report opens with notes from Core, The FreeBSD Foundation, the Ports team, and Release Engineering\u003c/li\u003e\n\u003cli\u003eOn the project front, the Ceph on FreeBSD project had made considerable advances, and is now usable as the net/ceph-devel port via the ceph-fuse module. Eventually they hope to have a kernel RADOS block device driver, so fuse is not required\u003c/li\u003e\n\u003cli\u003eCloudABI update, including news that the Bitcoin reference implementation is working on a port to CloudABI\u003c/li\u003e\n\u003cli\u003eeMMC Flash and SD card updates, allowing higher speeds (max speed changes from ~40 to ~80 MB/sec). As well, the MMC Stack can now also be backed by the CAM framework.\u003c/li\u003e\n\u003cli\u003eImprovements to the Linuxulator\u003c/li\u003e\n\u003cli\u003eMore detail on the pNFS Server plan B that we discussed in a previous week\u003c/li\u003e\n\u003cli\u003eSnow B.V. is sponsoring a dutch translation of the FreeBSD Handbook using the new .po system\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2017-05-11-plan-for-foss-maintainers.html\" rel=\"nofollow\"\u003eA plan for open source software maintainers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin Percival describes in his blog “a plan for open source software maintainers”:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve been writing open source software for about 15 years now; while I\u0026#39;m still wet behind the ears compared to FreeBSD greybeards like Kirk McKusick and Poul-Henning Kamp, I\u0026#39;ve been around for long enough to start noticing some patterns. In particular:\u003cbr\u003e\nFree software is expensive. Software is expensive to begin with; but good quality open source software tends to be written by people who are recognized as experts in their fields (partly thanks to that very software) and can demand commensurate salaries.\u003cbr\u003e\nWhile that expensive developer time is donated (either by the developers themselves or by their employers), this influences what their time is used for: Individual developers like doing things which are fun or high-status, while companies usually pay developers to work specifically on the features those companies need. Maintaining existing code is important, but it is neither fun nor high-status; and it tends to get underweighted by companies as well, since maintenance is inherently unlikely to be the most urgent issue at any given time.\u003cbr\u003e\nOpen source software is largely a \u0026quot;throw code over the fence and walk away\u0026quot; exercise. Over the past 15 years I\u0026#39;ve written freebsd-update, bsdiff, portsnap, scrypt, spiped, and kivaloo, and done a lot of work on the FreeBSD/EC2 platform. Of these, I know bsdiff and scrypt are very widely used and I suspect that kivaloo is not; but beyond that I have very little knowledge of how widely or where my work is being used. Anecdotally it seems that other developers are in similar positions: At conferences I\u0026#39;ve heard variations on \u0026quot;you\u0026#39;re using my code? Wow, that\u0026#39;s awesome; I had no idea\u0026quot; many times.\u003cbr\u003e\nI have even less knowledge of what people are doing with my work or what problems or limitations they\u0026#39;re running into. Occasionally I get bug reports or feature requests; but I know I only hear from a very small proportion of the users of my work. I have a long list of feature ideas which are sitting in limbo simply because I don\u0026#39;t know if anyone would ever use them — I suspect the answer is yes, but I\u0026#39;m not going to spend time implementing these until I have some confirmation of that.\u003cbr\u003e\nA lot of mid-size companies would like to be able to pay for support for the software they\u0026#39;re using, but can\u0026#39;t find anyone to provide it. For larger companies, it\u0026#39;s often easier — they can simply hire the author of the software (and many developers who do ongoing maintenance work on open source software were in fact hired for this sort of \u0026quot;in-house expertise\u0026quot; role) — but there\u0026#39;s very little available for a company which needs a few minutes per month of expertise. In many cases, the best support they can find is sending an email to the developer of the software they\u0026#39;re using and not paying anything at all — we\u0026#39;ve all received \u0026quot;can you help me figure out how to use this\u0026quot; emails, and most of us are happy to help when we have time — but relying on developer generosity is not a good long-term solution.\u003cbr\u003e\nEvery few months, I receive email from people asking if there\u0026#39;s any way for them to support my open source software contributions. (Usually I encourage them to donate to the FreeBSD Foundation.) Conversely, there are developers whose work I would like to support (e.g., people working on FreeBSD wifi and video drivers), but there isn\u0026#39;t any straightforward way to do this. Patreon has demonstrated that there are a lot of people willing to pay to support what they see as worthwhile work, even if they don\u0026#39;t get anything directly in exchange for their patronage.\u003c/p\u003e\n\n\u003cp\u003eIt seems to me that this is a case where problems are in fact solutions to other problems. To wit:\u003cbr\u003e\nUsers of open source software want to be able to get help with their use cases; developers of open source software want to know how people are using their code.\u003cbr\u003e\nUsers of open source software want to support the the work they use; developers of open source software want to know which projects users care about.\u003cbr\u003e\nUsers of open source software want specific improvements; developers of open source software may be interested in making those specific changes, but don\u0026#39;t want to spend the time until they know someone would use them.\u003cbr\u003e\nUsers of open source software have money; developers of open source software get day jobs writing other code because nobody is paying them to maintain their open source software.\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;d like to see this situation get fixed. As I envision it, a solution would look something like a cross between Patreon and Bugzilla: Users would be able sign up to \u0026quot;support\u0026quot; projects of their choosing, with a number of dollars per month (possibly arbitrary amounts, possibly specified tiers; maybe including $0/month), and would be able to open issues. These could be private (e.g., for \u0026quot;technical support\u0026quot; requests) or public (e.g., for bugs and feature requests); users would be able to indicate their interest in public issues created by other users. Developers would get to see the open issues, along with a nominal \u0026quot;value\u0026quot; computed based on allocating the incoming dollars of \u0026quot;support contracts\u0026quot; across the issues each user has expressed an interest in, allowing them to focus on issues with higher impact.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe poses three questions to users about whether or not people (users and software developers alike) would be interested in this and whether payment (giving and receiving, respectively) is interesting\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eCheck out the comments (and those on [\u003ca href=\"https://news.ycombinator.com/item?id=14313804%5D(reddit.com)\" rel=\"nofollow\"\u003ehttps://news.ycombinator.com/item?id=14313804](reddit.com)\u003c/a\u003e) as well for some suggestions and discussion on the topic\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.h-i-r.net/2017/04/openbsd-vmm-hypervisor-part-2.html\" rel=\"nofollow\"\u003eOpenBSD vmm hypervisor: Part 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe asked for people to write up their experience using OpenBSD’s VMM. This blog post is just that\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is going to be a (likely long-running, infrequently-appended) series of posts as I poke around in vmm.  A few months ago, I demonstrated some basic use of the vmm hypervisor as it existed in OpenBSD 6.0-CURRENT around late October, 2016. We\u0026#39;ll call that video Part 1.\u003cbr\u003e\nQuite a bit of development was done on vmm before 6.1-RELEASE, and it\u0026#39;s worth noting that some new features made their way in. Work continues, of course, and I can only imagine the hypervisor technology will mature plenty for the next release. As it stands, this is the first release of OpenBSD with a native hypervisor shipped in the base install, and that\u0026#39;s exciting news in and of itself\u003cbr\u003e\nTo get our virtual machines onto the network, we have to spend some time setting up a virtual ethernet interface. We\u0026#39;ll run a DHCP server on that, and it\u0026#39;ll be the default route for our virtual machines. We\u0026#39;ll keep all the VMs on a private network segment, and use NAT to allow them to get to the network. There is a way to directly bridge VMs to the network in some situations, but I won\u0026#39;t be covering that today.\u003cbr\u003e\nCreate an empty disk image for your new VM. I\u0026#39;d recommend 1.5GB to play with at first. You can do this without doas or root if you want your user account to be able to start the VM later. I made a \u0026quot;vmm\u0026quot; directory inside my home directory to store VM disk images in. You might have a different partition you wish to store these large files in.\u003cbr\u003e\nBoot up a brand new vm instance. You\u0026#39;ll have to do this as root or with doas. You can download a -CURRENT install kernel/ramdisk (bsd.rd) from an OpenBSD mirror, or you can simply use the one that\u0026#39;s on your existing system (/bsd.rd) like I\u0026#39;ll do here.\u003cbr\u003e\nThe command will start a VM named \u0026quot;test.vm\u0026quot;, display the console at startup, use /bsd.rd (from our host environment) as the boot image, allocate 256MB of memory, attach the first network interface to the switch called \u0026quot;local\u0026quot; we defined earlier in /etc/vm.conf, and use the test image we just created as the first disk drive.\u003cbr\u003e\nNow that the VM disk image file has a full installation of OpenBSD on it, build a VM configuration around it by adding the below block of configuration (with modifications as needed for owner, path and lladdr) to /etc/vm.conf\u003cbr\u003e\nI\u0026#39;ve noticed that VMs with much less than 256MB of RAM allocated tend to be a little unstable for me. You\u0026#39;ll also note that in the \u0026quot;interface\u0026quot; clause, I hard-coded the lladdr that was generated for it earlier. By specifying \u0026quot;disable\u0026quot; in vm.conf, the VM will show up in a stopped state that the owner of the VM (that\u0026#39;s you!) can manually start without root access.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLet us know how VMM works for you\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/openbsd-changes-of-note-621\" rel=\"nofollow\"\u003eopenbsd changes of note 621\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore stuff, more fun.\u003c/li\u003e\n\u003cli\u003eFix script to not perform tty operations on things that aren’t ttys. Detected by pledge.\u003c/li\u003e\n\u003cli\u003eMerge libdrm 2.4.79.\u003c/li\u003e\n\u003cli\u003eAfter a forced unmount, also unmount any filesystems below that mount point.\u003c/li\u003e\n\u003cli\u003eFlip previously warm pages in the buffer cache to memory above the DMA region if uvm tells us it is available. Pages are not automatically promoted to upper memory. Instead it’s used as additional memory only for what the cache considers long term buffers. I/O still requires DMA memory, so writing to a buffer will pull it back down.\u003c/li\u003e\n\u003cli\u003eMakefile support for systems with both gcc and clang. Make i386 and amd64 so.\u003c/li\u003e\n\u003cli\u003eTake a more radical approach to disabling colours in clang.\u003c/li\u003e\n\u003cli\u003eWhen the data buffered for write in tmux exceeds a limit, discard it and redraw. Helps when a fast process is running inside tmux running inside a slow terminal.\u003c/li\u003e\n\u003cli\u003eAdd a port of witness(4) lock validation tool from FreeBSD. Use it with mplock, rwlock, and mutex in the kernel.\u003c/li\u003e\n\u003cli\u003eProperly save and restore FPU context in vmm.\u003c/li\u003e\n\u003cli\u003eRemove KGDB. It neither compiles nor works.\u003c/li\u003e\n\u003cli\u003eAdd a constant time AES implementation, from BearSSL.\u003c/li\u003e\n\u003cli\u003eRemove SSHv1 from ssh.\u003c/li\u003e\n\u003cli\u003eand more...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/BSDDirectoryGroupChoice\" rel=\"nofollow\"\u003eDigging into BSD\u0026#39;s choice of Unix group for new directories and files\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have to eat some humble pie here. In comments on my entry on an interesting chmod failure, Greg A. Woods pointed out that FreeBSD\u0026#39;s behavior of creating everything inside a directory with the group of the directory is actually traditional BSD behavior (it dates all the way back to the 1980s), not some odd new invention by FreeBSD. As traditional behavior it makes sense that it\u0026#39;s explicitly allowed by the standards, but I\u0026#39;ve also come to think that it makes sense in context and in general. To see this, we need some background about the problem facing BSD.\u003cbr\u003e\nIn the beginning, two things were true in Unix: there was no mkdir() system call, and processes could only be in one group at a time. With processes being in only one group, the choice of the group for a newly created filesystem object was easy; it was your current group. This was felt to be sufficiently obvious behavior that the V7 creat(2) manpage doesn\u0026#39;t even mention it.\u003cbr\u003e\nNow things get interesting. 4.1c BSD seems to be where mkdir(2) is introduced and where creat() stops being a system call and becomes an option to open(2). It\u0026#39;s also where processes can be in multiple groups for the first time. The 4.1c BSD open(2) manpage is silent about the group of newly created files, while the mkdir(2) manpage specifically claims that new directories will have your effective group (ie, the V7 behavior). This is actually wrong. In both mkdir() in sys_directory.c and maknode() in ufs_syscalls.c, the group of the newly created object is set to the group of the parent directory. Then finally in the 4.2 BSD mkdir(2) manpage the group of the new directory is correctly documented (the 4.2 BSD open(2) manpage continues to say nothing about this). So BSD\u0026#39;s traditional behavior was introduced at the same time as processes being in multiple groups, and we can guess that it was introduced as part of that change.\u003cbr\u003e\nWhen your process can only be in a single group, as in V7, it makes perfect sense to create new filesystem objects with that as their group. It\u0026#39;s basically the same case as making new filesystem objects be owned by you; just as they get your UID, they also get your GID. When your process can be in multiple groups, things get less clear. A filesystem object can only be in one group, so which of your several groups should a new filesystem object be owned by, and how can you most conveniently change that choice?\u003cbr\u003e\nOne option is to have some notion of a \u0026#39;primary group\u0026#39; and then provide ways to shuffle around which of your groups is the primary group.\u003cbr\u003e\nAnother option is the BSD choice of inheriting the group from context. By far the most common case is that you want your new files and directories to be created in the \u0026#39;context\u0026#39;, ie the group, of the surrounding directory.\u003cbr\u003e\nIf you fully embrace the idea of Unix processes being in multiple groups, not just having one primary group and then some number of secondary groups, then the BSD choice makes a lot of sense. And for all of its faults, BSD tended to relatively fully embrace its changes \u003cbr\u003e\nWhile it leads to some odd issues, such as the one I ran into, pretty much any choice here is going to have some oddities.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shellguardians.com/2017/05/centrally-managed-bhyve-infrastructure.html\" rel=\"nofollow\"\u003eCentrally managed Bhyve infrastructure with Ansible, libvirt and pkg-ssh\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAt work we\u0026#39;ve been using Bhyve for a while to run non-critical systems.  It is a really nice and stable hypervisor even though we are using an earlier version available on FreeBSD 10.3. This means we lack Windows and VNC support among other things, but it is not a big deal.\u003cbr\u003e\nAfter some iterations in our internal tools, we realised that the installation process was too slow and we always repeated the same steps. Of course,  any good sysadmin will scream \u0026quot;AUTOMATION!\u0026quot; and so did we. Therefore, we started looking for different ways to improve our deployments.\u003cbr\u003e\nWe had a look at existing frameworks that manage Bhyve, but none of them had a feature that we find really important: having a centralized repository of VM images. For instance, SmartOS applies this method successfully by having a backend server that stores a catalog of VMs and Zones, meaning that new instances can be deployed in a minute at most. This is a game changer if you are really busy in your day-to-day operations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe following building blocks are used:\n\n\u003cul\u003e\n\u003cli\u003eThe ZFS snapshot of an existing VM. This will be our VM template.\u003c/li\u003e\n\u003cli\u003eA modified version of oneoff-pkg-create to package the ZFS snapshots.\u003c/li\u003e\n\u003cli\u003epkg-ssh  and pkg-repo to host a local FreeBSD repo in a FreeBSD jail.\u003c/li\u003e\n\u003cli\u003elibvirt to manage our Bhyve VMs.\u003c/li\u003e\n\u003cli\u003eThe ansible modules virt, virt_net and virt_pool.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce automated, the installation process needs 2 minutes at most, compared with the 30 minutes needed to manually install VM plus allowing us to deploy many guests in parallel.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_maintainer_in_the_qemu\" rel=\"nofollow\"\u003eNetBSD maintainer in the QEMU project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eQEMU - the FAST! processor emulator - is a generic, Open Source, machine emulator and virtualizer. It defines state of the art in modern virtualization.\u003cbr\u003e\nThis software has been developed for multiplatform environments with support for NetBSD since virtually forever. It\u0026#39;s the primary tool used by the NetBSD developers and release engineering team. It is run with continuous integration tests for daily commits and execute regression tests through the Automatic Test Framework (ATF).\u003cbr\u003e\nThe QEMU developers warned the Open Source community - with version 2.9 of the emulator - that they will eventually drop support for suboptimally supported hosts if nobody will step in and take the maintainership to refresh the support. This warning was directed to major BSDs, Solaris, AIX and Haiku.\u003cbr\u003e\nThankfully the NetBSD position has been filled - making NetBSD to restore official maintenance.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170510012526\u0026mode=flat\u0026count=0\" rel=\"nofollow\"\u003eOpenBSD Community Goes Gold\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/CharmBUG/events/238218840/\" rel=\"nofollow\"\u003eCharmBUG’s Tor Hack-a-thon has been pushed back to July due to scheduling difficulties\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.haiku-os.org/blog/vivek/2017-05-05_%5Bgsoc_2017%5D_3d_hardware_acceleration_in_haiku/\" rel=\"nofollow\"\u003eDirect Rendering Manager (DRM) Driver for i915, from the Linux kernel to Haiku with the help of DragonflyBSD’s Linux Compatibility layer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/bsdlme/status/863488045449977864\" rel=\"nofollow\"\u003eTomTom lists OpenBSD in license\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/regional-london/2017/05/02/msg000571.html\" rel=\"nofollow\"\u003eLondon Net BSD Meetup on May 22nd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/2017-05-30\" rel=\"nofollow\"\u003eKnoxBUG meeting May 30th, 2017 - Introduction to FreeNAS\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/35EWVGZ#wrap\" rel=\"nofollow\"\u003eFelix - Home Firewall\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0H51NX2#wrap\" rel=\"nofollow\"\u003eDavid - Docker Recipes for Jails\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2VZ7S8K#wrap\" rel=\"nofollow\"\u003eDon - GoLang \u0026amp; Rust\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2A1FZF3#wrap\" rel=\"nofollow\"\u003eGeorge - OGG feed\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3D2B6J3#wrap\" rel=\"nofollow\"\u003eRoller - BSDCan Tips\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSD Now we cover the latest FreeBSD Status Report, a plan for Open Source software development, centrally managing bhyve with Ansible, libvirt, and pkg-ssh, and a whole lot more.","date_published":"2017-05-17T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/58753453-5f24-4697-a3a2-c39ef52c9b5b.mp3","mime_type":"audio/mpeg","size_in_bytes":67381204,"duration_in_seconds":5615}]},{"id":"8cdacddb-11e3-4225-8039-b51eba86a375","title":"193: Fire up the 802.11 AC","url":"https://www.bsdnow.tv/193","content_text":"This week on BSD Now, Adrian Chadd on bringing up 802.11ac in FreeBSD, a PFsense and OpenVPN tutorial, and we talk about an interesting ZFS storage pool checkpoint project.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBringing up 802.11ac on FreeBSD\n\n\nAdrian Chadd has a new blog post about his work to bring 802.11ac support to FreeBSD\n802.11ac allows for speeds up to 500mbps and total bandwidth into multiple gigabits\n\n\n\nThe FreeBSD net80211 stack has reasonably good 802.11n support, but no 802.11ac support. I decided a while ago to start adding basic 802.11ac support. It was a good exercise in figuring out what the minimum set of required features are and another excuse to go find some of the broken corner cases in net80211 that needed addressing.\n802.11ac introduces a few new concepts that the stack needs to understand. I decided to use the QCA 802.11ac parts because (a) I know the firmware and general chip stuff from the first generation 11ac parts well, and (b) I know that it does a bunch of stuff (like rate control, packet scheduling, etc) so I don't have to do it. If I chose, say, the Intel 11ac parts then I'd have to implement a lot more of the fiddly stuff to get good behaviour.\nStep one - adding VHT channels. I decided in the shorter term to cheat and just add VHT channels to the already very large ieee80211_channel map. The linux way of there being a channel context rather than hundreds of static channels to choose from is better in the long run, but I wanted to get things up and running. So, that's what I did first - I added VHT flags for 20, 40, 80, 80+80 and 160MHz operating modes and I did the bare work required to populate the channel lists with VHT channels as well.\nThen I needed to glue it into an 11ac driver. My ath10k port was far enough along to attempt this, so I added enough glue to say \"I support VHT\" to the ic_caps field and propagated it to the driver for monitor mode configuration. And yes, after a bit of dancing, I managed to get a VHT channel to show up in ath10k in monitor mode and could capture 80MHz wide packets. Success!\n\nBy far the most fiddly was getting channel promotion to work. net80211 supports the concept of dumb NICs (like atheros 11abgn parts) very well, where you can have multiple virtual interfaces but the \"driver\" view of the right configuration is what's programmed into the hardware. For firmware NICs which do this themselves (like basically everything sold today) this isn't exactly all that helpful. So, for now, it's limited to a single VAP, and the VAP configuration is partially derived from the global state and partially derived from the negotiated state. It's annoying, but it is adding to the list of things I will have to fix later.\nthe QCA chips/firmware do 802.11 crypto offload. They actually pretend that there's no key - you don't include the IV, you don't include padding, or anything. You send commands to set the crypto keys and then you send unencrypted 802.11 frames (or 802.3 frames if you want to do ethernet only.) This means that I had to teach net80211 a few things:\n\n\nframes decrypted by the hardware needed to have a \"I'm decrypted\" bit set, because the 802.11 header field saying \"I'm decrypted!\" is cleared\nframes encrypted don't have the \"i'm encrypted\" bit set\nframes encrypted/decrypted have no padding, so I needed to teach the input path and crypto paths to not validate those if the hardware said \"we offload it all.\"\nNow comes the hard bit of fixing the shortcomings before I can commit the driver. There are .. lots. The first one is the global state. The ath10k firmware allows what they call 'vdevs' (virtual devices) - for example, multiple SSID/BSSID support is implemented with multiple vdevs. STA+WDS is implemented with vdevs. STA+P2P is implemented with vdevs. So, technically speaking I should go and find all of the global state that should really be per-vdev and make it per-vdev. This is tricky though, because a lot of the state isn't kept per-VAP even though it should be.\nAnyway, so far so good. I need to do some of the above and land it in FreeBSD-HEAD so I can finish off the ath10k port and commit what I have to FreeBSD. There's a lot of stuff coming - including all of the wave-2 stuff (like multiuser MIMO / MU-MIMO) which I just plainly haven't talked about yet. Viva la FreeBSD wireless!\n***\n\n\n\npfSense and OpenVPN Routing\n\n\nThis article tries to be a simple guide on how to enable your home (or small office) [https://www.pfsense.org/](pfSense) setup to route some traffic via the vanilla Internet, and some via a VPN site that you’ve setup in a remote location.\n\n\n\nReasons to Setup a VPN:\n\n\nControl\nSecurity\nPrivacy\nFun\n\n\n\n\nVPNs do not instantly guarantee privacy, they’re a layer, as with any other measure you might invoke. In this example I used a server that’s directly under my name. Sure, it was a country with strict privacy laws, but that doesn’t mean that the outgoing IP address wouldn’t be logged somewhere down the line.\nThere’s also no reason you have to use your own OpenVPN install, there are many, many personal providers out there, who can offer the same functionality, and a degree of anonymity. (If you and a hundred other people are all coming from one IP, it becomes extremely difficult to differentiate, some VPN providers even claim a ‘logless’ setup.)\nVPNs can be slow. The reason I have a split-setup in this article, is because there are devices that I want to connect to the internet quickly, and that I’m never doing sensitive things on, like banking. I don’t mind if my Reddit-browsing and IRC messages are a bit slower, but my Nintendo Switch and PS4 should have a nippy connection.\nServices like Netflix can and do block VPN traffic in some cases. This is more of an issue for wider VPN providers (I suspect, but have no proof, that they just blanket block known VPN IP addresses.)\nIf your VPN is in another country, search results and tracking can be skewed. This is arguable a good thing, who wants to be tracked? But it can also lead to frustration if your DuckDuckGo results are tailored to the middle of Paris, rather than your flat in Birmingham.\n\n\n\nThe tutorial walks through the basic setup: Labeling the interfaces, configuring DHCP, creating a VPN:\n\n\n\nNow that we have our OpenVPN connection set up, we’ll double check that we’ve got our interfaces assigned\nWith any luck (after we’ve assigned our OPENVPN connection correctly, you should now see your new Virtual Interface on the pfSense Dashboard\nWe’re charging full steam towards the sections that start to lose people. Don’t be disheartened if you’ve had a few issues up to now, there is no “right” way to set up a VPN installation, and it may be that you have to tweak a few things and dive into a few man-pages before you’re set up.\nNAT is tricky, and frankly it only exists because we stretched out IPv4 for much longer than we should have. That being said it’s a necessary evil in this day and age, so let’s set up our connection to work with it.\nWe need NAT here because we’re going to masque our machines on the LAN interface to show as coming from the OpenVPN client IP address, to the OpenVPN server.  Head over to Firewall -\u0026gt; NAT -\u0026gt; Outbound.\nThe first thing we need to do in this section, is to change the Outbound NAT Mode to something we can work with, in this case “Hybrid.”\n\n\n\nConfigure the LAN interface to be NAT’d to the OpenVPN address, and the INSECURE interface to use your regular ISP connection\nConfigure the firewall to allow traffic from the LAN network to reach the INSECURE network\nThen add a second rule allowing traffic from the LAN network to any address, and set the gateway the the OPENVPN connection\nAnd there you have it, traffic from the LAN is routed via the VPN, and traffic from the INSECURE network uses the naked internet connection\n***\n\n\nSwitching to OpenBSD\n\n\nAfter 12 years, I switched from macOS to OpenBSD.  It's clean, focused, stable, consistent and lets me get my work done without any hassle.\nWhen I first became interested in computers, I thought operating systems were fascinating. For years I would reinstall an operating system every other weekend just to try a different configuration: MS-DOS 3.3, Windows 3.0, Linux 1.0 (countless hours recompiling kernels).  In high school, I settled down and ran OS/2 for 5 years until I graduated college. I switched to Linux after college and used it exclusively for 5 years. I got tired of configuring Linux, so I switched to OS X for the next 12 years, where things just worked.\nBut Snow Leopard was 7 years ago. These days, OS X is like running a denial of service attack against myself.  macOS has a dozen apps I don't use but can't remove. Updating them requires a restart.  Frequent updates to the browser require a restart.  A minor XCode update requires me to download a 4.3 GB file.  My monitors frequently turn off and require a restart to fix.  A system's availability is a function of mean time between failure and mean time to repair.  For macOS, both numbers are heading in the wrong direction for me. I don't hold any hard feelings about it, but it's time for me to get off this OS and back to productive work.\nI found OpenBSD very refreshing, so I created a bootable thumb drive and within an hour had it up and running on a two-year old laptop.  I've been using it for my daily work for the past two weeks and it's been great.  Simple, boring and productive.  Just the way I like it.  The documentation is fantastic.  I've been using Unix for years and have learned quite a bit just by reading their man pages.  OS releases come like clockwork every 6 months and are supported for 12.  Security and other updates seem relatively rare between releases (roughly one small patch per week during 6.0).  With syspatch in 6.1, installing them should be really easy too.\n\n\n\n\nZFS Storage Pool Checkpoint Project\n\n\nDuring the OpenZFS summit last year (2016), Dan Kimmel and I quickly hacked together the zpool checkpoint command in ZFS, which allows reverting an entire pool to a previous state. Since it was just for a hackathon, our design was bare bones and our implementation far from complete. Around a month later, we had a new and almost complete design within Delphix and I was able to start the implementation on my own. I completed the implementation last month, and we’re now running regression tests, so I decided to write this blog post explaining what a storage pool checkpoint is, why we need it within Delphix, and how to use it.\nThe Delphix product is basically a VM running DelphixOS (a derivative of illumos) with our application stack on top of it. During an upgrade, the VM reboots into the new OS bits and then runs some scripts that update the environment (directories, snapshots, open connections, etc.) for the new version of our app stack. Software being software, failures can happen at different points during the upgrade process. When an upgrade script that makes changes to ZFS fails, we have a corresponding rollback script that attempts to bring ZFS and our app stack back to their previous state. This is very tricky as we need to undo every single modification applied to ZFS (including dataset creation and renaming, or enabling new zpool features).\nThe idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”.\n\n\n\nI definitely see value in this for the appliance use case\nSome usage examples follow, along with some caveats.\nOne of the restrictions is that you cannot attach, detach, or remove a device while a checkpoint exists. However, the zpool add operation is still possible, however if you roll back to the checkpoint, the device will no longer be part of the pool. Rather than a shortcoming, this seems like a nice feature, a way to help users avoid the most common foot shooting (which I witnessed in person at Linux Fest), adding a new log or cache device, but missing a keyword and adding it is a storage vdev rather than a aux vdev. This operation could simply be undone if a checkpoint where taken before the device was added.\n***\n\n\nNews Roundup\n\nReview of TrueOS\n\n\nTrueOS, which was formerly named PC-BSD, is a FreeBSD-based operating system. TrueOS is a rolling release platform which is based on FreeBSD's \"CURRENT\" branch, providing TrueOS with the latest drivers and features from FreeBSD. Apart from the name change, TrueOS has deviated from the old PC-BSD project in a number of ways. The system installer is now more streamlined (and I will touch on that later) and TrueOS is a rolling release platform while PC-BSD defaulted to point releases. Another change is PC-BSD used to allow the user to customize which software was installed at boot time, including the desktop environment. The TrueOS project now selects a minimal amount of software for the user and defaults to using the Lumina desktop environment.\n\n\n\nFrom the conclusions:\n\n\n\nWhat I took away from my time with TrueOS is that the project is different in a lot of ways from PC-BSD. Much more than just the name has changed. The system is now more focused on cutting edge software and features in FreeBSD's development branch. The install process has been streamlined and the user begins with a set of default software rather than selecting desired packages during the initial setup. The configuration tools, particularly the Control Panel and AppCafe, have changed a lot in the past year. The designs have a more flat, minimal look. It used to be that PC-BSD did not have a default desktop exactly, but there tended to be a focus on KDE. With TrueOS the project's in-house desktop, Lumina, serves as the default environment and I think it holds up fairly well.\nIn all, I think TrueOS offers a convenient way to experiment with new FreeBSD technologies and ZFS. I also think people who want to run FreeBSD on a desktop computer may want to look at TrueOS as it sets up a graphical environment automatically. However, people who want a stable desktop platform with lots of applications available out of the box may not find what they want with this project.\n\n\n\n\nA simple guide to install Ubuntu on FreeBSD with byhve\n\n\nDavid Prandzioch writes in his blog:\n\n\n\nFor some reasons I needed a Linux installation on my NAS. bhyve is a lightweight virtualization solution for FreeBSD that makes that easy and efficient. However, the CLI of bhyve is somewhat bulky and bare making it hard to use, especially for the first time. This is what vm-bhyve solves - it provides a simple CLI for working with virtual machines.\n\n\n\nMore details follow about what steps are needed to setup vm_bhyve on FreeBSD \nAlso check out his other tutorials on his blog: https://www.davd.eu/freebsd/\n***\n\n\nGraphical Overview of the Architecture of FreeBSD \n\n\nThis diagram tries to show the different components that make up the FreeBSD Operating Systems\nIt breaks down the various utilities, libraries, and components into some categories and sub-categories:\nUser Commands:\n\n\nDevelopment (cc, ld, nm, as, etc)\nFile Management (ls, cp, cmp, mkdir)\nMultiuser Commands (login, chown, su, who)\nNumber Processing (bc, dc, units, expr)\nText Processing (cut, grep, sort, uniq, wc)\nUser Messaging (mail, mesg, write, talk)\nLittle Languages (sed, awk, m4)\nNetwork Clients (ftp, scp, fetch)\nDocument Preparation (*roff, eqn, tbl, refer)\n\nAdministrator and System Commands\n\n\nFilesystem Management (fsck, newfs, gpart, mount, umount)\nNetworking (ifconfig, route, arp)\nUser Management (adduser, pw, vipw, sa, quota*)\nStatistics (iostat, vmstat, pstat, gstat, top)\nNetwork Servers (sshd, ftpd, ntpd, routed, rpc.*)\nScheduling (cron, periodic, rc.*, atrun)\n\nLibraries (C Standard, Operating System, Peripheral Access, System File Access, Data Handling, Security, Internationalization, Threads)\nSystem Call Interface (File I/O, Mountable Filesystems, File ACLs, File Permissions, Processes, Process Tracing, IPC, Memory Mapping, Shared Memory, Kernel Events, Memory Locking, Capsicum, Auditing, Jails)\nBootstrapping (Loaders, Configuration, Kernel Modules)\nKernel Utility Functions\n\n\nPrivilege Management (acl, mac, priv)\nMultitasking (kproc, kthread, taskqueue, swi, ithread)\nMemory Management (vmem, uma, pbuf, sbuf, mbuf, mbchain, malloc/free)\nGeneric (nvlist, osd, socket, mbuf_tags, bitset)\nVirtualization (cpuset, crypto, device, devclass, driver)\nSynchronization (lock, sx, sema, mutex, condvar_, atomic_*, signal)\nOperations (sysctl, dtrace, watchdog, stack, alq, ktr, panic)\n\nI/O Subsystem\n\n\nSpecial Devices (line discipline, tty, raw character, raw disk)\nFilesystems (UFS, FFS, NFS, CD9660, Ext2, UDF, ZFS, devfs, procfs)\nSockets\nNetwork Protocols (TCP, UDP, UCMP, IPSec,  IP4, IP6)\nNetgraph (50+ modules)\n\nDrivers and Abstractions\n\n\nCharacter Devices\nCAM (ATA, SATA, SAS, SPI)\nNetwork Interface Drivers (802.11, if_ae, 100+, if_xl, NDIS)\n\nGEOM\n\n\nStorage (stripe, mirror, raid3, raid5, concat)\nEncryption / Compression (eli, bde, shsec, uzip)\nFilesystem (label, journal, cache, mbr, bsd)\nVirtualization (md, nop, gate, virtstor)\n\nProcess Control Subsystems\n\n\nScheduler\nMemory Management\nInter-process Communication\nDebugging Support\n***\n\n\n\nOfficial OpenBSD 6.1 CD - There's only One!\n\n\nEbay auction Link\nNow it turns out that in fact, exactly one CD set was made, and it can be yours if you are the successful bidder in the auction that ends on May 13, 2017 (About 3 days from when this episode was recorded).\nThe CD set is hand made and signed by Theo de Raadt.\nFun Fact: The winning bidder will have an OpenBSD CD set that even Theo doesn't have.\n***\n\n\nBeastie Bits\n\n\nHardware Wanted by OpenBSD developers\nDonate hardware to FreeBSD developers\nAnnouncing NetBSD and the Google Summer of Code Projects 2017\nAnnouncing FreeBSD GSoC 2017 Projects \nLibreSSL 2.5.4 Released\nCharmBUG Meeting - Tor Browser Bundle Hack-a-thon\npkgsrcCon 2017 CFT\nExperimental Price Cuts\nLinux Fest North West 2017: Three Generations of FreeNAS: The World’s most popular storage OS turns 12\n***\n\n\nFeedback/Questions\n\n\nDon - Reproducible builds \u0026amp; gcc/clang\narchitect - C development on BSD\nDavid - Linux ABI\nTom - ZFS\n\n\nRAIDZ Stripe Width Myth, Busted\n\nIvan - Jails\n***\n","content_html":"\u003cp\u003eThis week on BSD Now, Adrian Chadd on bringing up 802.11ac in FreeBSD, a PFsense and OpenVPN tutorial, and we talk about an interesting ZFS storage pool checkpoint project.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2017/04/bringing-up-80211ac-on-freebsd.html\" rel=\"nofollow\"\u003eBringing up 802.11ac on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd has a new blog post about his work to bring 802.11ac support to FreeBSD\u003c/li\u003e\n\u003cli\u003e802.11ac allows for speeds up to 500mbps and total bandwidth into multiple gigabits\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe FreeBSD net80211 stack has reasonably good 802.11n support, but no 802.11ac support. I decided a while ago to start adding basic 802.11ac support. It was a good exercise in figuring out what the minimum set of required features are and another excuse to go find some of the broken corner cases in net80211 that needed addressing.\u003cbr\u003e\n802.11ac introduces a few new concepts that the stack needs to understand. I decided to use the QCA 802.11ac parts because (a) I know the firmware and general chip stuff from the first generation 11ac parts well, and (b) I know that it does a bunch of stuff (like rate control, packet scheduling, etc) so I don\u0026#39;t have to do it. If I chose, say, the Intel 11ac parts then I\u0026#39;d have to implement a lot more of the fiddly stuff to get good behaviour.\u003cbr\u003e\nStep one - adding VHT channels. I decided in the shorter term to cheat and just add VHT channels to the already very large ieee80211_channel map. The linux way of there being a channel context rather than hundreds of static channels to choose from is better in the long run, but I wanted to get things up and running. So, that\u0026#39;s what I did first - I added VHT flags for 20, 40, 80, 80+80 and 160MHz operating modes and I did the bare work required to populate the channel lists with VHT channels as well.\u003cbr\u003e\nThen I needed to glue it into an 11ac driver. My ath10k port was far enough along to attempt this, so I added enough glue to say \u0026quot;I support VHT\u0026quot; to the ic_caps field and propagated it to the driver for monitor mode configuration. And yes, after a bit of dancing, I managed to get a VHT channel to show up in ath10k in monitor mode and could capture 80MHz wide packets. Success!\u003c/p\u003e\n\n\u003cp\u003eBy far the most fiddly was getting channel promotion to work. net80211 supports the concept of dumb NICs (like atheros 11abgn parts) very well, where you can have multiple virtual interfaces but the \u0026quot;driver\u0026quot; view of the right configuration is what\u0026#39;s programmed into the hardware. For firmware NICs which do this themselves (like basically everything sold today) this isn\u0026#39;t exactly all that helpful. So, for now, it\u0026#39;s limited to a single VAP, and the VAP configuration is partially derived from the global state and partially derived from the negotiated state. It\u0026#39;s annoying, but it is adding to the list of things I will have to fix later.\u003cbr\u003e\nthe QCA chips/firmware do 802.11 crypto offload. They actually pretend that there\u0026#39;s no key - you don\u0026#39;t include the IV, you don\u0026#39;t include padding, or anything. You send commands to set the crypto keys and then you send unencrypted 802.11 frames (or 802.3 frames if you want to do ethernet only.) This means that I had to teach net80211 a few things:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eframes decrypted by the hardware needed to have a \u0026quot;I\u0026#39;m decrypted\u0026quot; bit set, because the 802.11 header field saying \u0026quot;I\u0026#39;m decrypted!\u0026quot; is cleared\u003c/li\u003e\n\u003cli\u003eframes encrypted don\u0026#39;t have the \u0026quot;i\u0026#39;m encrypted\u0026quot; bit set\u003c/li\u003e\n\u003cli\u003eframes encrypted/decrypted have no padding, so I needed to teach the input path and crypto paths to not validate those if the hardware said \u0026quot;we offload it all.\u0026quot;\nNow comes the hard bit of fixing the shortcomings before I can commit the driver. There are .. lots. The first one is the global state. The ath10k firmware allows what they call \u0026#39;vdevs\u0026#39; (virtual devices) - for example, multiple SSID/BSSID support is implemented with multiple vdevs. STA+WDS is implemented with vdevs. STA+P2P is implemented with vdevs. So, technically speaking I should go and find all of the global state that should really be per-vdev and make it per-vdev. This is tricky though, because a lot of the state isn\u0026#39;t kept per-VAP even though it should be.\nAnyway, so far so good. I need to do some of the above and land it in FreeBSD-HEAD so I can finish off the ath10k port and commit what I have to FreeBSD. There\u0026#39;s a lot of stuff coming - including all of the wave-2 stuff (like multiuser MIMO / MU-MIMO) which I just plainly haven\u0026#39;t talked about yet. Viva la FreeBSD wireless!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.terrafoundry.net/blog/2017/04/12/pfsense-openvpn/\" rel=\"nofollow\"\u003epfSense and OpenVPN Routing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis article tries to be a simple guide on how to enable your home (or small office) [\u003ca href=\"https://www.pfsense.org/%5D(pfSense)\" rel=\"nofollow\"\u003ehttps://www.pfsense.org/](pfSense)\u003c/a\u003e setup to route some traffic via the vanilla Internet, and some via a VPN site that you’ve setup in a remote location.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eReasons to Setup a VPN:\n\n\u003cul\u003e\n\u003cli\u003eControl\u003c/li\u003e\n\u003cli\u003eSecurity\u003c/li\u003e\n\u003cli\u003ePrivacy\u003c/li\u003e\n\u003cli\u003eFun\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eVPNs do not instantly guarantee privacy, they’re a layer, as with any other measure you might invoke. In this example I used a server that’s directly under my name. Sure, it was a country with strict privacy laws, but that doesn’t mean that the outgoing IP address wouldn’t be logged somewhere down the line.\u003cbr\u003e\nThere’s also no reason you have to use your own OpenVPN install, there are many, many personal providers out there, who can offer the same functionality, and a degree of anonymity. (If you and a hundred other people are all coming from one IP, it becomes extremely difficult to differentiate, some VPN providers even claim a ‘logless’ setup.)\u003cbr\u003e\nVPNs can be slow. The reason I have a split-setup in this article, is because there are devices that I want to connect to the internet quickly, and that I’m never doing sensitive things on, like banking. I don’t mind if my Reddit-browsing and IRC messages are a bit slower, but my Nintendo Switch and PS4 should have a nippy connection.\u003cbr\u003e\nServices like Netflix can and do block VPN traffic in some cases. This is more of an issue for wider VPN providers (I suspect, but have no proof, that they just blanket block known VPN IP addresses.)\u003cbr\u003e\nIf your VPN is in another country, search results and tracking can be skewed. This is arguable a good thing, who wants to be tracked? But it can also lead to frustration if your DuckDuckGo results are tailored to the middle of Paris, rather than your flat in Birmingham.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe tutorial walks through the basic setup: Labeling the interfaces, configuring DHCP, creating a VPN:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow that we have our OpenVPN connection set up, we’ll double check that we’ve got our interfaces assigned\u003cbr\u003e\nWith any luck (after we’ve assigned our OPENVPN connection correctly, you should now see your new Virtual Interface on the pfSense Dashboard\u003cbr\u003e\nWe’re charging full steam towards the sections that start to lose people. Don’t be disheartened if you’ve had a few issues up to now, there is no “right” way to set up a VPN installation, and it may be that you have to tweak a few things and dive into a few man-pages before you’re set up.\u003cbr\u003e\nNAT is tricky, and frankly it only exists because we stretched out IPv4 for much longer than we should have. That being said it’s a necessary evil in this day and age, so let’s set up our connection to work with it.\u003cbr\u003e\nWe need NAT here because we’re going to masque our machines on the LAN interface to show as coming from the OpenVPN client IP address, to the OpenVPN server.  Head over to Firewall -\u0026gt; NAT -\u0026gt; Outbound.\u003cbr\u003e\nThe first thing we need to do in this section, is to change the Outbound NAT Mode to something we can work with, in this case “Hybrid.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConfigure the LAN interface to be NAT’d to the OpenVPN address, and the INSECURE interface to use your regular ISP connection\u003c/li\u003e\n\u003cli\u003eConfigure the firewall to allow traffic from the LAN network to reach the INSECURE network\u003c/li\u003e\n\u003cli\u003eThen add a second rule allowing traffic from the LAN network to any address, and set the gateway the the OPENVPN connection\u003c/li\u003e\n\u003cli\u003eAnd there you have it, traffic from the LAN is routed via the VPN, and traffic from the INSECURE network uses the naked internet connection\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mndrix.blogspot.co.uk/2017/05/switching-to-openbsd.html\" rel=\"nofollow\"\u003eSwitching to OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAfter 12 years, I switched from macOS to OpenBSD.  It\u0026#39;s clean, focused, stable, consistent and lets me get my work done without any hassle.\u003cbr\u003e\nWhen I first became interested in computers, I thought operating systems were fascinating. For years I would reinstall an operating system every other weekend just to try a different configuration: MS-DOS 3.3, Windows 3.0, Linux 1.0 (countless hours recompiling kernels).  In high school, I settled down and ran OS/2 for 5 years until I graduated college. I switched to Linux after college and used it exclusively for 5 years. I got tired of configuring Linux, so I switched to OS X for the next 12 years, where things just worked.\u003cbr\u003e\nBut Snow Leopard was 7 years ago. These days, OS X is like running a denial of service attack against myself.  macOS has a dozen apps I don\u0026#39;t use but can\u0026#39;t remove. Updating them requires a restart.  Frequent updates to the browser require a restart.  A minor XCode update requires me to download a 4.3 GB file.  My monitors frequently turn off and require a restart to fix.  A system\u0026#39;s \u003ca href=\"http://techthoughts.typepad.com/managing_computers/2007/11/availability-mt.html\" rel=\"nofollow\"\u003eavailability is a function\u003c/a\u003e of mean time between failure and mean time to repair.  For macOS, both numbers are heading in the wrong direction for me. I don\u0026#39;t hold any hard feelings about it, but it\u0026#39;s time for me to get off this OS and back to productive work.\u003cbr\u003e\nI found OpenBSD very refreshing, so I created a bootable thumb drive and within an hour had it up and running on a two-year old laptop.  I\u0026#39;ve been using it for my daily work for the past two weeks and it\u0026#39;s been great.  Simple, boring and productive.  Just the way I like it.  The documentation is fantastic.  I\u0026#39;ve been using Unix for years and have learned quite a bit just by reading their man pages.  OS releases come like clockwork every 6 months and are supported for 12.  Security and other updates seem relatively rare between releases (roughly one small patch per week during 6.0).  With syspatch in 6.1, installing them should be really easy too.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sdimitro.github.io/post/zpool-checkpoint\" rel=\"nofollow\"\u003eZFS Storage Pool Checkpoint Project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDuring the OpenZFS summit last year (2016), Dan Kimmel and I quickly hacked together the zpool checkpoint command in ZFS, which allows reverting an entire pool to a previous state. Since it was just for a hackathon, our design was bare bones and our implementation far from complete. Around a month later, we had a new and almost complete design within Delphix and I was able to start the implementation on my own. I completed the implementation last month, and we’re now running regression tests, so I decided to write this blog post explaining what a storage pool checkpoint is, why we need it within Delphix, and how to use it.\u003cbr\u003e\nThe Delphix product is basically a VM running DelphixOS (a derivative of illumos) with our application stack on top of it. During an upgrade, the VM reboots into the new OS bits and then runs some scripts that update the environment (directories, snapshots, open connections, etc.) for the new version of our app stack. Software being software, failures can happen at different points during the upgrade process. When an upgrade script that makes changes to ZFS fails, we have a corresponding rollback script that attempts to bring ZFS and our app stack back to their previous state. This is very tricky as we need to undo every single modification applied to ZFS (including dataset creation and renaming, or enabling new zpool features).\u003cbr\u003e\nThe idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI definitely see value in this for the appliance use case\u003c/li\u003e\n\u003cli\u003eSome usage examples follow, along with some caveats.\u003c/li\u003e\n\u003cli\u003eOne of the restrictions is that you cannot attach, detach, or remove a device while a checkpoint exists. However, the zpool add operation is still possible, however if you roll back to the checkpoint, the device will no longer be part of the pool. Rather than a shortcoming, this seems like a nice feature, a way to help users avoid the most common foot shooting (which I witnessed in person at Linux Fest), adding a new log or cache device, but missing a keyword and adding it is a storage vdev rather than a aux vdev. This operation could simply be undone if a checkpoint where taken before the device was added.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20170501#trueos\" rel=\"nofollow\"\u003eReview of TrueOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueOS, which was formerly named PC-BSD, is a FreeBSD-based operating system. TrueOS is a rolling release platform which is based on FreeBSD\u0026#39;s \u0026quot;CURRENT\u0026quot; branch, providing TrueOS with the latest drivers and features from FreeBSD. Apart from the name change, TrueOS has deviated from the old PC-BSD project in a number of ways. The system installer is now more streamlined (and I will touch on that later) and TrueOS is a rolling release platform while PC-BSD defaulted to point releases. Another change is PC-BSD used to allow the user to customize which software was installed at boot time, including the desktop environment. The TrueOS project now selects a minimal amount of software for the user and defaults to using the Lumina desktop environment.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the conclusions:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat I took away from my time with TrueOS is that the project is different in a lot of ways from PC-BSD. Much more than just the name has changed. The system is now more focused on cutting edge software and features in FreeBSD\u0026#39;s development branch. The install process has been streamlined and the user begins with a set of default software rather than selecting desired packages during the initial setup. The configuration tools, particularly the Control Panel and AppCafe, have changed a lot in the past year. The designs have a more flat, minimal look. It used to be that PC-BSD did not have a default desktop exactly, but there tended to be a focus on KDE. With TrueOS the project\u0026#39;s in-house desktop, Lumina, serves as the default environment and I think it holds up fairly well.\u003cbr\u003e\nIn all, I think TrueOS offers a convenient way to experiment with new FreeBSD technologies and ZFS. I also think people who want to run FreeBSD on a desktop computer may want to look at TrueOS as it sets up a graphical environment automatically. However, people who want a stable desktop platform with lots of applications available out of the box may not find what they want with this project.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.davd.eu/install-ubuntu-on-freebsd-with-bhyve/\" rel=\"nofollow\"\u003eA simple guide to install Ubuntu on FreeBSD with byhve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDavid Prandzioch writes in his blog:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFor some reasons I needed a Linux installation on my NAS. bhyve is a lightweight virtualization solution for FreeBSD that makes that easy and efficient. However, the CLI of bhyve is somewhat bulky and bare making it hard to use, especially for the first time. This is what vm-bhyve solves - it provides a simple CLI for working with virtual machines.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore details follow about what steps are needed to setup vm_bhyve on FreeBSD \u003c/li\u003e\n\u003cli\u003eAlso check out his other tutorials on his blog: \u003ca href=\"https://www.davd.eu/freebsd/\" rel=\"nofollow\"\u003ehttps://www.davd.eu/freebsd/\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://dspinellis.github.io/unix-architecture/arch.pdf\" rel=\"nofollow\"\u003eGraphical Overview of the Architecture of FreeBSD \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis diagram tries to show the different components that make up the FreeBSD Operating Systems\u003c/li\u003e\n\u003cli\u003eIt breaks down the various utilities, libraries, and components into some categories and sub-categories:\u003c/li\u003e\n\u003cli\u003eUser Commands:\n\n\u003cul\u003e\n\u003cli\u003eDevelopment (cc, ld, nm, as, etc)\u003c/li\u003e\n\u003cli\u003eFile Management (ls, cp, cmp, mkdir)\u003c/li\u003e\n\u003cli\u003eMultiuser Commands (login, chown, su, who)\u003c/li\u003e\n\u003cli\u003eNumber Processing (bc, dc, units, expr)\u003c/li\u003e\n\u003cli\u003eText Processing (cut, grep, sort, uniq, wc)\u003c/li\u003e\n\u003cli\u003eUser Messaging (mail, mesg, write, talk)\u003c/li\u003e\n\u003cli\u003eLittle Languages (sed, awk, m4)\u003c/li\u003e\n\u003cli\u003eNetwork Clients (ftp, scp, fetch)\u003c/li\u003e\n\u003cli\u003eDocument Preparation (*roff, eqn, tbl, refer)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAdministrator and System Commands\n\n\u003cul\u003e\n\u003cli\u003eFilesystem Management (fsck, newfs, gpart, mount, umount)\u003c/li\u003e\n\u003cli\u003eNetworking (ifconfig, route, arp)\u003c/li\u003e\n\u003cli\u003eUser Management (adduser, pw, vipw, sa, quota*)\u003c/li\u003e\n\u003cli\u003eStatistics (iostat, vmstat, pstat, gstat, top)\u003c/li\u003e\n\u003cli\u003eNetwork Servers (sshd, ftpd, ntpd, routed, rpc.*)\u003c/li\u003e\n\u003cli\u003eScheduling (cron, periodic, rc.*, atrun)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eLibraries (C Standard, Operating System, Peripheral Access, System File Access, Data Handling, Security, Internationalization, Threads)\u003c/li\u003e\n\u003cli\u003eSystem Call Interface (File I/O, Mountable Filesystems, File ACLs, File Permissions, Processes, Process Tracing, IPC, Memory Mapping, Shared Memory, Kernel Events, Memory Locking, Capsicum, Auditing, Jails)\u003c/li\u003e\n\u003cli\u003eBootstrapping (Loaders, Configuration, Kernel Modules)\u003c/li\u003e\n\u003cli\u003eKernel Utility Functions\n\n\u003cul\u003e\n\u003cli\u003ePrivilege Management (acl, mac, priv)\u003c/li\u003e\n\u003cli\u003eMultitasking (kproc, kthread, taskqueue, swi, ithread)\u003c/li\u003e\n\u003cli\u003eMemory Management (vmem, uma, pbuf, sbuf, mbuf, mbchain, malloc/free)\u003c/li\u003e\n\u003cli\u003eGeneric (nvlist, osd, socket, mbuf_tags, bitset)\u003c/li\u003e\n\u003cli\u003eVirtualization (cpuset, crypto, device, devclass, driver)\u003c/li\u003e\n\u003cli\u003eSynchronization (\u003cem\u003elock, sx, sema, mutex, condvar_\u003c/em\u003e, atomic_*, signal)\u003c/li\u003e\n\u003cli\u003eOperations (sysctl, dtrace, watchdog, stack, alq, ktr, panic)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eI/O Subsystem\n\n\u003cul\u003e\n\u003cli\u003eSpecial Devices (line discipline, tty, raw character, raw disk)\u003c/li\u003e\n\u003cli\u003eFilesystems (UFS, FFS, NFS, CD9660, Ext2, UDF, ZFS, devfs, procfs)\u003c/li\u003e\n\u003cli\u003eSockets\u003c/li\u003e\n\u003cli\u003eNetwork Protocols (TCP, UDP, UCMP, IPSec,  IP4, IP6)\u003c/li\u003e\n\u003cli\u003eNetgraph (50+ modules)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDrivers and Abstractions\n\n\u003cul\u003e\n\u003cli\u003eCharacter Devices\u003c/li\u003e\n\u003cli\u003eCAM (ATA, SATA, SAS, SPI)\u003c/li\u003e\n\u003cli\u003eNetwork Interface Drivers (802.11, if_ae, 100+, if_xl, NDIS)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eGEOM\n\n\u003cul\u003e\n\u003cli\u003eStorage (stripe, mirror, raid3, raid5, concat)\u003c/li\u003e\n\u003cli\u003eEncryption / Compression (eli, bde, shsec, uzip)\u003c/li\u003e\n\u003cli\u003eFilesystem (label, journal, cache, mbr, bsd)\u003c/li\u003e\n\u003cli\u003eVirtualization (md, nop, gate, virtstor)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eProcess Control Subsystems\n\n\u003cul\u003e\n\u003cli\u003eScheduler\u003c/li\u003e\n\u003cli\u003eMemory Management\u003c/li\u003e\n\u003cli\u003eInter-process Communication\u003c/li\u003e\n\u003cli\u003eDebugging Support\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170503203426\u0026mode=expanded\" rel=\"nofollow\"\u003eOfficial OpenBSD 6.1 CD - There\u0026#39;s only One!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.ebay.com/itm/The-only-Official-OpenBSD-6-1-CD-set-to-be-made-For-auction-for-the-project-/252910718452\" rel=\"nofollow\"\u003eEbay auction Link\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNow it turns out that in fact, exactly one CD set was made, and it can be yours if you are the successful bidder in the auction that ends on May 13, 2017 (About 3 days from when this episode was recorded).\u003c/li\u003e\n\u003cli\u003eThe CD set is hand made and signed by Theo de Raadt.\u003c/li\u003e\n\u003cli\u003eFun Fact: The winning bidder will have an OpenBSD CD set that even Theo doesn\u0026#39;t have.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/want.html\" rel=\"nofollow\"\u003eHardware Wanted by OpenBSD developers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/donations/index.html#components\" rel=\"nofollow\"\u003eDonate hardware to FreeBSD developers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/announcing_netbsd_and_the_google\" rel=\"nofollow\"\u003eAnnouncing NetBSD and the Google Summer of Code Projects 2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/SummerOfCode2017Projects\" rel=\"nofollow\"\u003eAnnouncing FreeBSD GSoC 2017 Projects \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.4-relnotes.txt\" rel=\"nofollow\"\u003eLibreSSL 2.5.4 Released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/CharmBUG/events/238218840/\" rel=\"nofollow\"\u003eCharmBUG Meeting - Tor Browser Bundle Hack-a-thon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2017/05/01/msg000735.html\" rel=\"nofollow\"\u003epkgsrcCon 2017 CFT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2931\" rel=\"nofollow\"\u003eExperimental Price Cuts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=x6VznQz3VEY\" rel=\"nofollow\"\u003eLinux Fest North West 2017: Three Generations of FreeNAS: The World’s most popular storage OS turns 12\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2AXX75X#wrap\" rel=\"nofollow\"\u003eDon - Reproducible builds \u0026amp; gcc/clang\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0FJ854X#wrap\" rel=\"nofollow\"\u003earchitect - C development on BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2CCK2WF#wrap\" rel=\"nofollow\"\u003eDavid - Linux ABI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2Z25FKJ#wrap\" rel=\"nofollow\"\u003eTom - ZFS\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.delphix.com/blog/delphix-engineering/zfs-raidz-stripe-width-or-how-i-learned-stop-worrying-and-love-raidz\" rel=\"nofollow\"\u003eRAIDZ Stripe Width Myth, Busted\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1Z173WA#wrap\" rel=\"nofollow\"\u003eIvan - Jails\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSD Now, Adrian Chadd on bringing up 802.11ac in FreeBSD, a PFsense and OpenVPN tutorial, and we talk about an interesting ZFS storage pool checkpoint project.","date_published":"2017-05-10T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8cdacddb-11e3-4225-8039-b51eba86a375.mp3","mime_type":"audio/mpeg","size_in_bytes":90794164,"duration_in_seconds":7566}]},{"id":"1d2749a1-3e15-4109-9c6c-155dab78818c","title":"192: SSHv1 Be Gone","url":"https://www.bsdnow.tv/192","content_text":"This week we have a FreeBSD Foundation development update, tell you about sprinkling in the TrueOS project, Dynamic WDS \u0026amp; a whole lot more!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenSSH Removes SSHv1 Support\n\n\nIn a series of commits starting here and ending with this one, Damien Miller completed the removal of all support for the now-historic SSHv1 protocol from OpenSSH.\nThe final commit message, for the commit that removes the SSHv1 related regression tests, reads:\n\n\n\nEliminate explicit specification of protocol in tests and loops over protocol. We only support SSHv2 now.\nDropping support for SSHv1 and associated ciphers that were either suspected to or known to be broken has been planned for several releases, and has been eagerly anticipated by many in the OpenBSD camp.\nIn practical terms this means that starting with OpenBSD-current and snapshots as they will be very soon (and further down the road OpenBSD 6.2 with OpenSSH 7.6), the arcane options you used with ssh to connect to some end-of-life gear in a derelict data centre you don't want to visit anymore will no longer work and you will be forced do the reasonable thing. Upgrade.\n\n\n\n\nFreeBSD Foundation April 2017 Development Projects Update\n\n\nFreeBSD runs on many embedded boards that provide a USB target or USB On-the-Go (OTG) interface. This allows the embedded target to act as a USB device, and present one or more interfaces (USB device classes) to a USB host. That host could be running FreeBSD, Linux, Mac OS, Windows, Android, or another operating system. USB device classes include audio input or output (e.g. headphones), mass storage (USB flash drives), human interface device (keyboards, mice), communications (Ethernet adapters), and many others.\n\nThe Foundation awarded a project grant to Edward Tomasz Napierała to develop a USB mass storage target driver, using the FreeBSD CAM Target Layer (CTL) as a backend. This project allows FreeBSD running on an embedded platform, such as a BeagleBone Black or Raspberry Pi Zero, to emulate a USB mass storage target, commonly known as a USB flash stick. The backing storage for the emulated mass storage target is on the embedded board’s own storage media. It can be configured at runtime using the standard CTL configuration mechanism – the ctladm(8) utility, or the ctl.conf(5) file.\n\nThe FreeBSD target can now present a mass storage interface, a serial interface (for a console on the embedded system), and an Ethernet interface for network access. A typical usage scenario for the mass storage interface is to provide users with documentation and drivers that can be accessed from their host system. This makes it easier for new users to interact with the embedded FreeBSD board, especially in cases where the host operating system may require drivers to access all of the functionality, as with Windows and OS X.\n\n\n\nThey provide instructions on how to configure a BeagleBone Black to act as a flash memory stick attached to a host computer.\n+Check out the article, test, and report back your experiences with the new USB OTG interface. \n***\n\n\nSpring cleaning: Hardware Update and Preview of upcoming TrueOS changes\n\n\nThe much-abused TrueOS build server is experiencing some technical difficulties, slowing down building new packages and releasing updates. After some investigation, one problem seemed to be a bug with the Poudriere port building software. After updating builders to the new version, some of the instability is resolved. Thankfully, we won’t have to rely on this server so much, because…\n\n\n\nWe’re getting new hardware!\nA TrueOS/Lumina contributor is donating a new(ish) server to the project. Special thanks to TrueOS contributor/developer q5sys for the awesome new hardware!\nPreview: UNSTABLE and Upcoming TrueOS STABLE update\nA fresh UNSTABLE release is dropping today, with a few key changes:\n\n\n\nNvidia/graphics driver detection fixes.\nBoot environment listing fix (FreeBSD boot-loader only)\nVirtual box issues fixed on most systems. There appears to be a regression in VirtualBox 5.1 with some hardware.\nNew icon themes for Lumina (Preferences -\u0026gt; Appearance -\u0026gt; Theme).\nRemoval of legacy pc-diskmanager. It was broken and unmaintained, so it is time to remove it.\n\n\n\nInstaller/.iso Changes (Available with new STABLE Update):\n\n\n\nThe text installer has been removed. It was broken and unmaintained, so it is time to remove it.\nThere is now a single TrueOS install image. You can still choose to install as either a server or desktop, but both options live in a single install image now. This image is still available as either an .iso or .img file.\nThe size of the .iso and .img files is reduced about 500 Mb to around 2Gb total. We’ve removed Firefox and Thunderbird from the default desktop installation. These have been replaced with Qupzilla and Trojita. Note you can replace Qupzilla and Trojita with Firefox and Thunderbird via the SysAdm Appcafe after completing the TrueOS install.\nGrub is no longer an installation option. Instead, the FreeBSD boot-loader is always used for the TrueOS partition. rEFInd is used as the master boot-loader for multi-booting; EFI partitioning is required.\nQpdfview is now preinstalled for pdf viewing.\nIncluded a slideshow during the installation with tips and screenshots.\n\n\n\n\nInterview - Patrick M. Hausen - hausen@punkt.de\n\n\nFounder of Punkt.de\nHAST - Highly Available Storage\n\n\n\n\nNews Roundup\n\n(finally) investigating how to get dynamic WDS (DWDS) working in FreeBSD!\n\n\nAdrian Chadd writes in his blog:\n\n\n\nI sat down recently to figure out how to get dynamic WDS working on FreeBSD-HEAD. It's been in FreeBSD since forever, and it in theory should actually have just worked, but it's extremely not documented in any useful way. It's basically the same technology in earlier Apple Airports (before it grew into what the wireless tech world calls \"Proxy-STA\") and is what the \"extender\" technology on Qualcomm Atheros chipsets implement.\nA common question I get from people is \"why can't I bridge multiple virtual machines on my laptop and have them show up over wifi? It works on ethernet!\" And my response is \"when I make dynamic WDS work, you can just make this work on FreeBSD devices - but for now, use NAT.\" That always makes people sad.\n\n\nGoes on to explain that normal station/access point setups have up to three addresses and depending on the packet type, these can vary. There are a couple of variations in the addresses, which is more than the number of address fields in a normal 802.11 frame.\n\n\nThe big note here is that there's not enough MAC addresses to say \"please send this frame to a station MAC address, but then have them forward it to another MAC address attached behind it in a bridge.\" That would require 4 mac addresses in the 802.11 header, which we don't get.\n.. except we do. There's a separate address format where from-DS and to-DS bits in the header set to 1, which means \"this frame is coming from distribution system to a distribution system\", and it has four mac addresses. The RA is then the AP you're sending to, and then a fourth field indicates the eventual destination address that may be an ethernet device connected behind said STA.\nIf you don't configure up WDS, then when you send frames from a station from a MAC address that isn't actually your 802.11 interface MAC address, the system would be confused. The STA wouldn't be able to transmit it easily, and the AP wouldn't know how to get back to your bridged ethernet addresses.\nThe original WDS was a statically configured thing. [...]  So for static configurations, this works great. You'd associate your extender AP as a station of the central AP, it'd use wpa_supplicant to setup encryption, then anything between that central AP and that extender AP (as a station) would be encrypted as normal station traffic (but, 4-address frame format.)\nBut that's not very convenient. You have to statically configure everything, including telling your central AP about all of your satellite extender APs. If you want to replace your central AP, you have to reprogram all of your extenders to use the new MAC addresses.\nSo, Sam Leffler came up with \"dynamic WDS\" - where you don't have to explicitly state the list of central/satellite APs. Instead, you configure a central AP as \"dynamic WDS\", and when a 4-address frame shows up from an associated station, it \"promotes\" it to a WDS peer for you. On the satellite AP, it will just find an AP to communicate to, and then assume it'll do WDS and start using 4-address frames. It's still a bit clunky (there's no beacon, probe request, etc IEs that say \"I do dynamic WDS!\" so you'd better make ALL your central APs a different SSID!) but it certainly is better than what we had.\nFirstly, there are scripts in src/tools/tools/net80211/ - setup.wdsmain and setup.wdsrelay. These scripts are .. well, the almost complete documentation on a dynamic WDS setup. The manpage doesn't go into anywhere near enough information.\nSo I dug into it. It turns out that dynamic WDS uses a helper daemon - 'wlanwds' -  which listens for dynamic WDS configuration changes and will do things for you. This is what runs on the central AP side. Then it started making sense!\nSo far, so good. I followed that script, modified it a bit to use encryption, and .. well, it half worked. Association worked fine, but no traffic was passing.\nA little more digging showed the actual problem - the dynamic WDS example scripts are for an open/unencrypted network. If you are using an encrypted network, the central AP side needs to enable privacy on the virtual interfaces so traffic gets encrypted with the parent interface encryption keys.\nNow, I've only done enough testing to show that indeed it is working. I haven't done anything like pass lots of traffic via iperf, or have a mix of DWDS and normal STA peers, nor actually run it for longer than 5 minutes. I'm sure there will be issues to fix. However - I do need it at home, as I can't see the home AP from the upstairs room (and now you see why I care about DWDS!) and so when I start using it daily I'll fix whatever hilarity ensues.\n\n\n\n\nWhy don't schools teach debugging?\n\n\nA friend of mine and I couldn’t understand why some people were having so much trouble; the material seemed like common sense. The Feynman Method was the only tool we needed.\nWrite down the problem\nThink real hard\nWrite down the solution\n\nThe Feynman Method failed us on the last project: the design of a divider, a real-world-scale project an order of magnitude more complex than anything we’d been asked to tackle before.\n\nI understand now why half the class struggled with the earlier assignments. Without an explanation of how to systematically approach problems, anyone who didn’t intuitively grasp the correct solution was in for a semester of frustration. People who were, like me, above average but not great, skated through most of the class and either got lucky or wasted a huge chunk of time on the final project. I’ve even seen people talented enough to breeze through the entire degree without ever running into a problem too big to intuitively understand; those people have a very bad time when they run into a 10 million line codebase in the real world. The more talented the engineer, the more likely they are to hit a debugging wall outside of school.\n\nIt’s one of the most fundamental skills in engineering: start at the symptom of a problem and trace backwards to find the source. It takes, at most, half an hour to teach the absolute basics – and even that little bit would be enough to save a significant fraction of those who wash out and switch to non-STEM majors.\n\nWhy do we leave material out of classes and then fail students who can’t figure out that material for themselves? Why do we make the first couple years of an engineering major some kind of hazing ritual, instead of simply teaching people what they need to know to be good engineers? For all the high-level talk about how we need to plug the leaks in our STEM education pipeline, not only are we not plugging the holes, we’re proud of how fast the pipeline is leaking.\n\n\n\n\nFreeBSD: pNFS server for testing\n\n\nRick Macklem has issued a call for testing his new pNFS server:\n\n\n\nI now have a pNFS server that I think is ready for testing/evaluation. It is basically a patched FreeBSD-current kernel plus nfsd daemon.\nIf you are interested, some very basic notes on how it works and how to set it up are at:\nhttp://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt\n\nA Plan B pNFS service consists of a single MetaData Server (MDS) and K Data Servers (DS), all of which would be recent FreeBSD systems. Clients will mount the MDS as they would a single NFS server. When files are created, the MDS creates a file tree identical to what a single NFS server creates, except that all the regular (VREG) files will be empty. As such, if you look at the exported tree on the MDS directly on the MDS server (not via an NFS mount), the files will all be of size == 0. Each of these files will also have two extended attributes in the system attribute name space:\npnfsd.dsfile - This extended attrbute stores the information that the MDS needs to find the data storage file on a DS for this file.\npnfsd.dsattr - This extended attribute stores the Size, ModifyTime and Change attributes for the file.\n\nFor each regular (VREG) file, the MDS creates a data storage file on one of the K DSs, in one of the dsNN directories. The name of this file is the file handle of the file on the MDS in hexadecimal. The DSs use 20 subdirectories named \"ds0\" to \"ds19\" so that no one directory gets too large.\nAt this time, the MDS generates File Layout layouts to NFSv4.1 clients that know how to do pNFS.\nFor NFS clients that do not support NFSv4.1 pNFS, there will be a performance hit, since the IO RPCs will be proxied by the MDS for the DS server the data storage file resides on.\nThe current setup does not allow for redundant servers. If the MDS or any of the K DS servers fail, the entire pNFS service will be non-functional.\nLooking at creating mirrored DS servers is planned, but it may be a year or more before that is implemented. I am planning on using the Flex File Layout for this, since it supports client side mirroring, where the client will write to all mirrors concurrently.\n\n\n\n\nBeastie Bits\n\n\nOpenbsd changes of note 620\nWhy Unix commands are short\nOPNsense 17.1.5 released\nSomething for Apple dual-GPU users\npkgsrcCon 2017 CFT\nTrueOS/Lumina Dev Q\u0026amp;A: May 5th 2017\n\n\n\n\nFeedback/Questions\n\n\nPeter - Jails\nAndrew - Languages and University Courses\n\n\nJuniorJobs \n\nSteve - TrueOS and Bootloader\nBen - ZFS questions\nSteve - Linux Emulation\n\n\n","content_html":"\u003cp\u003eThis week we have a FreeBSD Foundation development update, tell you about sprinkling in the TrueOS project, Dynamic WDS \u0026amp; a whole lot more!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170501005206\" rel=\"nofollow\"\u003eOpenSSH Removes SSHv1 Support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn a series of commits starting \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=149359384905651\u0026w=2\" rel=\"nofollow\"\u003ehere\u003c/a\u003e and ending with \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=149359530105864\u0026w=2\" rel=\"nofollow\"\u003ethis one\u003c/a\u003e, Damien Miller completed the removal of all support for the now-historic SSHv1 protocol from \u003ca href=\"https://www.openssh.com/\" rel=\"nofollow\"\u003eOpenSSH\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThe final commit message, for the commit that removes the SSHv1 related regression tests, reads:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEliminate explicit specification of protocol in tests and loops over protocol. We only support SSHv2 now.\u003cbr\u003e\nDropping support for SSHv1 and associated ciphers that were either suspected to or known to be broken has been planned for several releases, and has been eagerly anticipated by many in the OpenBSD camp.\u003cbr\u003e\nIn practical terms this means that starting with OpenBSD-current and snapshots as they will be very soon (and further down the road OpenBSD 6.2 with OpenSSH 7.6), the arcane options you used with \u003ca href=\"http://man.openbsd.org/ssh\" rel=\"nofollow\"\u003essh\u003c/a\u003e to connect to some end-of-life gear in a derelict data centre you don\u0026#39;t want to visit anymore will no longer work and you will be forced do the reasonable thing. Upgrade.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/april-2017-development-projects-update/\" rel=\"nofollow\"\u003eFreeBSD Foundation April 2017 Development Projects Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD runs on many embedded boards that provide a USB target or USB On-the-Go (OTG) interface. This allows the embedded target to act as a USB device, and present one or more interfaces (USB device classes) to a USB host. That host could be running FreeBSD, Linux, Mac OS, Windows, Android, or another operating system. USB device classes include audio input or output (e.g. headphones), mass storage (USB flash drives), human interface device (keyboards, mice), communications (Ethernet adapters), and many others.\u003c/p\u003e\n\n\u003cp\u003eThe Foundation awarded a project grant to Edward Tomasz Napierała to develop a USB mass storage target driver, using the FreeBSD CAM Target Layer (CTL) as a backend. This project allows FreeBSD running on an embedded platform, such as a BeagleBone Black or Raspberry Pi Zero, to emulate a USB mass storage target, commonly known as a USB flash stick. The backing storage for the emulated mass storage target is on the embedded board’s own storage media. It can be configured at runtime using the standard CTL configuration mechanism – the ctladm(8) utility, or the ctl.conf(5) file.\u003c/p\u003e\n\n\u003cp\u003eThe FreeBSD target can now present a mass storage interface, a serial interface (for a console on the embedded system), and an Ethernet interface for network access. A typical usage scenario for the mass storage interface is to provide users with documentation and drivers that can be accessed from their host system. This makes it easier for new users to interact with the embedded FreeBSD board, especially in cases where the host operating system may require drivers to access all of the functionality, as with Windows and OS X.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThey provide instructions on how to configure a BeagleBone Black to act as a flash memory stick attached to a host computer.\n+Check out the article, test, and report back your experiences with the new USB OTG interface. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/spring-cleaning-hardware-update-preview-upcoming-trueos-changes/\" rel=\"nofollow\"\u003eSpring cleaning: Hardware Update and Preview of upcoming TrueOS changes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe much-abused TrueOS build server is experiencing some technical difficulties, slowing down building new packages and releasing updates. After some investigation, one problem seemed to be a bug with the Poudriere port building software. After updating builders to the new version, some of the instability is resolved. Thankfully, we won’t have to rely on this server so much, because…\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’re getting new hardware!\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA TrueOS/Lumina contributor is donating a new(ish) server to the project. Special thanks to TrueOS contributor/developer q5sys for the awesome new hardware!\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003ePreview: UNSTABLE and Upcoming TrueOS STABLE update\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA fresh UNSTABLE release is dropping today, with a few key changes:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNvidia/graphics driver detection fixes.\u003cbr\u003e\nBoot environment listing fix (FreeBSD boot-loader only)\u003cbr\u003e\nVirtual box issues fixed on most systems. There appears to be a regression in VirtualBox 5.1 with some hardware.\u003cbr\u003e\nNew icon themes for Lumina (Preferences -\u0026gt; Appearance -\u0026gt; Theme).\u003cbr\u003e\nRemoval of legacy pc-diskmanager. It was broken and unmaintained, so it is time to remove it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eInstaller/.iso Changes (Available with new STABLE Update):\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe text installer has been removed. It was broken and unmaintained, so it is time to remove it.\u003cbr\u003e\nThere is now a single TrueOS install image. You can still choose to install as either a server or desktop, but both options live in a single install image now. This image is still available as either an .iso or .img file.\u003cbr\u003e\nThe size of the .iso and .img files is reduced about 500 Mb to around 2Gb total. We’ve removed Firefox and Thunderbird from the default desktop installation. These have been replaced with Qupzilla and Trojita. Note you can replace Qupzilla and Trojita with Firefox and Thunderbird via the SysAdm Appcafe after completing the TrueOS install.\u003cbr\u003e\nGrub is no longer an installation option. Instead, the FreeBSD boot-loader is always used for the TrueOS partition. rEFInd is used as the master boot-loader for multi-booting; EFI partitioning is required.\u003cbr\u003e\nQpdfview is now preinstalled for pdf viewing.\u003cbr\u003e\nIncluded a slideshow during the installation with tips and screenshots.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Patrick M. Hausen - \u003ca href=\"mailto:hausen@punkt.de\" rel=\"nofollow\"\u003ehausen@punkt.de\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eFounder of Punkt.de\n\u003ca href=\"https://wiki.freebsd.org/HAST\" rel=\"nofollow\"\u003eHAST - Highly Available Storage\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2017/04/finally-investigating-how-to-get.html\" rel=\"nofollow\"\u003e(finally) investigating how to get dynamic WDS (DWDS) working in FreeBSD!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd writes in his blog:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI sat down recently to figure out how to get dynamic WDS working on FreeBSD-HEAD. It\u0026#39;s been in FreeBSD since forever, and it in theory should actually have just worked, but it\u0026#39;s extremely not documented in any useful way. It\u0026#39;s basically the same technology in earlier Apple Airports (before it grew into what the wireless tech world calls \u0026quot;Proxy-STA\u0026quot;) and is what the \u0026quot;extender\u0026quot; technology on Qualcomm Atheros chipsets implement.\u003cbr\u003e\nA common question I get from people is \u0026quot;why can\u0026#39;t I bridge multiple virtual machines on my laptop and have them show up over wifi? It works on ethernet!\u0026quot; And my response is \u0026quot;when I make dynamic WDS work, you can just make this work on FreeBSD devices - but for now, use NAT.\u0026quot; That always makes people sad.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eGoes on to explain that normal station/access point setups have up to three addresses and depending on the packet type, these can vary. There are a couple of variations in the addresses, which is more than the number of address fields in a normal 802.11 frame.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThe big note here is that there\u0026#39;s not enough MAC addresses to say \u0026quot;please send this frame to a station MAC address, but then have them forward it to another MAC address attached behind it in a bridge.\u0026quot; That would require 4 mac addresses in the 802.11 header, which we don\u0026#39;t get.\u003cbr\u003e\n.. except we do. There\u0026#39;s a separate address format where from-DS and to-DS bits in the header set to 1, which means \u0026quot;this frame is coming from distribution system to a distribution system\u0026quot;, and it has four mac addresses. The RA is then the AP you\u0026#39;re sending to, and then a fourth field indicates the eventual destination address that may be an ethernet device connected behind said STA.\u003cbr\u003e\nIf you don\u0026#39;t configure up WDS, then when you send frames from a station from a MAC address that isn\u0026#39;t actually your 802.11 interface MAC address, the system would be confused. The STA wouldn\u0026#39;t be able to transmit it easily, and the AP wouldn\u0026#39;t know how to get back to your bridged ethernet addresses.\u003cbr\u003e\nThe original WDS was a statically configured thing. [...]  So for static configurations, this works great. You\u0026#39;d associate your extender AP as a station of the central AP, it\u0026#39;d use wpa_supplicant to setup encryption, then anything between that central AP and that extender AP (as a station) would be encrypted as normal station traffic (but, 4-address frame format.)\u003cbr\u003e\nBut that\u0026#39;s not very convenient. You have to statically configure everything, including telling your central AP about all of your satellite extender APs. If you want to replace your central AP, you have to reprogram all of your extenders to use the new MAC addresses.\u003cbr\u003e\nSo, Sam Leffler came up with \u0026quot;dynamic WDS\u0026quot; - where you don\u0026#39;t have to explicitly state the list of central/satellite APs. Instead, you configure a central AP as \u0026quot;dynamic WDS\u0026quot;, and when a 4-address frame shows up from an associated station, it \u0026quot;promotes\u0026quot; it to a WDS peer for you. On the satellite AP, it will just find an AP to communicate to, and then assume it\u0026#39;ll do WDS and start using 4-address frames. It\u0026#39;s still a bit clunky (there\u0026#39;s no beacon, probe request, etc IEs that say \u0026quot;I do dynamic WDS!\u0026quot; so you\u0026#39;d better make ALL your central APs a different SSID!) but it certainly is better than what we had.\u003cbr\u003e\nFirstly, there are scripts in src/tools/tools/net80211/ - setup.wdsmain and setup.wdsrelay. These scripts are .. well, the almost complete documentation on a dynamic WDS setup. The manpage doesn\u0026#39;t go into anywhere near enough information.\u003cbr\u003e\nSo I dug into it. It turns out that dynamic WDS uses a helper daemon - \u0026#39;wlanwds\u0026#39; -  which listens for dynamic WDS configuration changes and will do things for you. This is what runs on the central AP side. Then it started making sense!\u003cbr\u003e\nSo far, so good. I followed that script, modified it a bit to use encryption, and .. well, it half worked. Association worked fine, but no traffic was passing.\u003cbr\u003e\nA little more digging showed the actual problem - the dynamic WDS example scripts are for an open/unencrypted network. If you are using an encrypted network, the central AP side needs to enable privacy on the virtual interfaces so traffic gets encrypted with the parent interface encryption keys.\u003cbr\u003e\nNow, I\u0026#39;ve only done enough testing to show that indeed it is working. I haven\u0026#39;t done anything like pass lots of traffic via iperf, or have a mix of DWDS and normal STA peers, nor actually run it for longer than 5 minutes. I\u0026#39;m sure there will be issues to fix. However - I do need it at home, as I can\u0026#39;t see the home AP from the upstairs room (and now you see why I care about DWDS!) and so when I start using it daily I\u0026#39;ll fix whatever hilarity ensues.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://danluu.com/teach-debugging/\" rel=\"nofollow\"\u003eWhy don\u0026#39;t schools teach debugging?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA friend of mine and I couldn’t understand why some people were having so much trouble; the material seemed like common sense. The Feynman Method was the only tool we needed.\u003cbr\u003e\nWrite down the problem\u003cbr\u003e\nThink real hard\u003cbr\u003e\nWrite down the solution\u003c/p\u003e\n\n\u003cp\u003eThe Feynman Method failed us on the last project: the design of a divider, a real-world-scale project an order of magnitude more complex than anything we’d been asked to tackle before.\u003c/p\u003e\n\n\u003cp\u003eI understand now why half the class struggled with the earlier assignments. Without an explanation of how to systematically approach problems, anyone who didn’t intuitively grasp the correct solution was in for a semester of frustration. People who were, like me, above average but not great, skated through most of the class and either got lucky or wasted a huge chunk of time on the final project. I’ve even seen people talented enough to breeze through the entire degree without ever running into a problem too big to intuitively understand; those people have a very bad time when they run into a 10 million line codebase in the real world. The more talented the engineer, the more likely they are to hit a debugging wall outside of school.\u003c/p\u003e\n\n\u003cp\u003eIt’s one of the most fundamental skills in engineering: start at the symptom of a problem and trace backwards to find the source. It takes, at most, half an hour to teach the absolute basics – and even that little bit would be enough to save a significant fraction of those who wash out and switch to non-STEM majors.\u003c/p\u003e\n\n\u003cp\u003eWhy do we leave material out of classes and then fail students who can’t figure out that material for themselves? Why do we make the first couple years of an engineering major some kind of hazing ritual, instead of simply teaching people what they need to know to be good engineers? For all the high-level talk about how we need to plug the leaks in our STEM education pipeline, not only are we not plugging the holes, we’re proud of how fast the pipeline is leaking.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-fs/2017-April/024702.html\" rel=\"nofollow\"\u003eFreeBSD: pNFS server for testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRick Macklem has issued a call for testing his new pNFS server:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI now have a pNFS server that I think is ready for testing/evaluation. It is basically a patched FreeBSD-current kernel plus nfsd daemon.\u003cbr\u003e\nIf you are interested, some very basic notes on how it works and how to set it up are at:\u003cbr\u003e\n\u003ca href=\"http://people.freebsd.org/%7Ermacklem/pnfs-planb-setup.txt\" rel=\"nofollow\"\u003ehttp://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eA Plan B pNFS service consists of a single MetaData Server (MDS) and K Data Servers (DS), all of which would be recent FreeBSD systems. Clients will mount the MDS as they would a single NFS server. When files are created, the MDS creates a file tree identical to what a single NFS server creates, except that all the regular (VREG) files will be empty. As such, if you look at the exported tree on the MDS directly on the MDS server (not via an NFS mount), the files will all be of size == 0. Each of these files will also have two extended attributes in the system attribute name space:\u003cbr\u003e\npnfsd.dsfile - This extended attrbute stores the information that the MDS needs to find the data storage file on a DS for this file.\u003cbr\u003e\npnfsd.dsattr - This extended attribute stores the Size, ModifyTime and Change attributes for the file.\u003c/p\u003e\n\n\u003cp\u003eFor each regular (VREG) file, the MDS creates a data storage file on one of the K DSs, in one of the dsNN directories. The name of this file is the file handle of the file on the MDS in hexadecimal. The DSs use 20 subdirectories named \u0026quot;ds0\u0026quot; to \u0026quot;ds19\u0026quot; so that no one directory gets too large.\u003cbr\u003e\nAt this time, the MDS generates File Layout layouts to NFSv4.1 clients that know how to do pNFS.\u003cbr\u003e\nFor NFS clients that do not support NFSv4.1 pNFS, there will be a performance hit, since the IO RPCs will be proxied by the MDS for the DS server the data storage file resides on.\u003cbr\u003e\nThe current setup does not allow for redundant servers. If the MDS or any of the K DS servers fail, the entire pNFS service will be non-functional.\u003cbr\u003e\nLooking at creating mirrored DS servers is planned, but it may be a year or more before that is implemented. I am planning on using the Flex File Layout for this, since it supports client side mirroring, where the client will write to all mirrors concurrently.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/openbsd-changes-of-note-620\" rel=\"nofollow\"\u003eOpenbsd changes of note 620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.catonmat.net/blog/why-unix-commands-are-short/\" rel=\"nofollow\"\u003eWhy Unix commands are short\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/opnsense-17-1-5-released/\" rel=\"nofollow\"\u003eOPNsense 17.1.5 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2017-April/625847.html\" rel=\"nofollow\"\u003eSomething for Apple dual-GPU users\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2017/05/01/msg000735.html\" rel=\"nofollow\"\u003epkgsrcCon 2017 CFT\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://discourse.trueos.org/t/trueos-lumina-dev-q-a-5-4-17/1347\" rel=\"nofollow\"\u003eTrueOS/Lumina Dev Q\u0026amp;A: May 5th 2017\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/0J14HGJ#wrap\" rel=\"nofollow\"\u003ePeter - Jails\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/31AVFSF#wrap\" rel=\"nofollow\"\u003eAndrew - Languages and University Courses\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/JuniorJobs\" rel=\"nofollow\"\u003eJuniorJobs \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/1BXVZSY#wrap\" rel=\"nofollow\"\u003eSteve - TrueOS and Bootloader\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/0R7AW2T#wrap\" rel=\"nofollow\"\u003eBen - ZFS questions\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/3ZR7NCC#wrap\" rel=\"nofollow\"\u003eSteve - Linux Emulation\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we have a FreeBSD Foundation development update, tell you about sprinkling in the TrueOS project, Dynamic WDS \u0026 a whole lot more!","date_published":"2017-05-03T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1d2749a1-3e15-4109-9c6c-155dab78818c.mp3","mime_type":"audio/mpeg","size_in_bytes":89446612,"duration_in_seconds":7453}]},{"id":"c2ced77d-4e0a-40af-8909-a75819362a4d","title":"191: I Know 64 \u0026 A Bunch More","url":"https://www.bsdnow.tv/191","content_text":"We cover TrueOS/Lumina working to be less dependent on Linux, How the IllumOS network stack works, Throttling the password gropers \u0026amp; the 64 bit inode call for testing.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nvBSDCon CFP closed April 29th\n\nEuroBSDCon CFP closes April 30th\n\nDeveloper Commentary: Philosophy, Evolution of TrueOS/Lumina, and Other Thoughts.\n\n\nPhilosophy of Development\n\n\nNo project is an island. Every single project needs or uses some other external utility, library, communications format, standards compliance, and more in order to be useful.\nA static project is typically a dead project. A project needs regular upkeep and maintenance to ensure it continues to build and run with the current ecosystem of libraries and utilities, even if the project has no considerable changes to the code base or feature set. “Upstream” decisions can have drastic consequences on your project.\nThrough no fault of yours, your project can be rendered obsolete or broken by changing standards in the global ecosystem that affect your project’s dependencies.\n\nOperating system focus is key. What OS is the project originally designed for? This determines how the “upstream” dependencies list appears and which “heartbeat” to monitor.\nEvolution of PC-BSD, Lumina, and TrueOS.  With these principles in mind – let's look at PC-BSD, Lumina, and TrueOS.\n\n\nPC-BSD : PC-BSD was largely designed around KDE on FreeBSD. KDE/Plasma5 has been available for Linux OS’s for well over a year, but is still not generally available on FreeBSD. It is still tucked away in the experimental “area51” repository where people are trying to get it working first.\nLumina : As a developer with PC-BSD for a long time, and a tester from nearly the beginning of the project, I was keenly aware  the “winds of change” were blowing in the open-source ecosystem.\nTrueOS : All of these ecosystem changes finally came to a head for us near the beginning of 2016. KDE4 was starting to deteriorate underneath us, and the FreeBSD “Release” branch would never allow us to compete with the rate of graphics driver or standards changes coming out of the Linux camp.\n\nThe Rename and Next Steps\n\n\n\nWith all of these changes and the lack of a clear “upgrade” path from PC-BSD to the new systems, we decided it was necessary to change the project itself (name and all). To us, this was the only way to ensure people were aware of the differences, and that TrueOS really is a different kind of project from PC-BSD. Note this was not a “hostile takeover” of the PC-BSD project by rabid FreeBSD fanatics. This was more a refocusing of the PC-BSD project into something that could ensure longevity and reliability for the foreseeable future.\n\n\n\n Does TrueOS have bugs and issues? Of course! That is the nature of “rolling” with upstream changes all the time. Not only do you always get the latest version of something (a good thing), you also find yourself on the “front line” for finding and reporting bugs in those same applications (a bad thing if you like consistency or stability). What you are also seeing is just how much “churn” happens in the open-source ecosystem at any given time.\n We are devoted to providing our users (and ourselves – don’t forget we use TrueOS every day too!) a stable, reliable, and secure experience. Please be patient as we continue striving toward this goal in the best way possible, not just doing what works for the moment, but the project’s future too.\n\n\n\n\nRobert Mustacchi: Excerpts from The Soft Ring Cycle #1\n\n\nThe author of the “Turtles on the Wire” post we featured the other week, is back with a video.\nJoyent has started a new series of lunchtime technical discussions to share information as they grow their engineering team\nThis video focuses on the network stack, how it works, and how it relates to virtualization and multi-tenancy\nBasically, how the network stack on IllumOS works when you have virtual tenants, be they virtual machines or zones\nThe video describes the many layers of the network stack, how they work together, and how they can be made to work quickly\nIt also talks about the trade-offs between high throughput and low latency\nHow security is enforced, so virtual tenants cannot send packets into VLANs they are not members of, or receive traffic that they are not allowed to by the administrator\nHow incoming packets are classified, and eventually delivered to the intended destination\nHow the system decides if it has enough available resources to process the packet, or if it needs to be dropped\nHow interface polling works on IllumOS (a lot different than on FreeBSD)\nThen the last 20 minutes are about how the qemu interface of the KVM hypervisor interfaces with the network stack\nWe look forward to seeing more of these videos as they come out\n***\n\n\nForcing the password gropers through a smaller hole with OpenBSD's PF queues\n\n\nWhile preparing material for the upcoming BSDCan PF and networking tutorial, I realized that the pop3 gropers were actually not much fun to watch anymore. So I used the traffic shaping features of my OpenBSD firewall to let the miscreants inflict some pain on themselves. Watching logs became fun again.\nThe actual useful parts of this article follow - take this as a walkthrough of how to mitigate a wide range of threats and annoyances.\nFirst, analyze the behavior that you want to defend against. In our case that's fairly obvious: We have a service that's getting a volume of unwanted traffic, and looking at our logs the attempts come fairly quickly with a number of repeated attempts from each source address.\nI've written about the rapid-fire ssh bruteforce attacks and their mitigation before (and of course it's in The Book of PF) as well as the slower kind where those techniques actually come up short. The traditional approach to ssh bruteforcers has been to simply block their traffic, and the state-tracking features of PF let you set up overload criteria that add the source addresses to the table that holds the addresses you want to block.\nFor the system that runs our pop3 service, we also have a PF ruleset in place with queues for traffic shaping. For some odd reason that ruleset is fairly close to the HFSC traffic shaper example in The Book of PF, and it contains a queue that I set up mainly as an experiment to annoy spammers (as in, the ones that are already for one reason or the other blacklisted by our spamd).\nThe queue is defined like this:\n\n\n \n queue spamd parent rootq bandwidth 1K min 0K max 1K qlimit 300\n\n\n\nyes, that's right. A queue with a maximum throughput of 1 kilobit per second. I have been warned that this is small enough that the code may be unable to strictly enforce that limit due to the timer resolution in the HFSC code. But that didn't keep me from trying.\nNow a few small additions to the ruleset are needed for the good to put the evil to the task. We start with a table to hold the addresses we want to mess with. Actually, I'll add two, for reasons that will become clear later:\n\n\n\n   table  persist counters \n   table  persist counters \n\n\n\nThe rules that use those tables are:\n\n\n\n   block drop log (all) quick from  \n\n   pass in quick log (all) on egress proto tcp from  to port pop3 flags S/SA keep state \\ \n   (max-src-conn 2, max-src-conn-rate 3/3, overload  flush global, pflow) set queue spamd \n\n   pass in log (all) on egress proto tcp to port pop3 flags S/SA keep state \\ \n   (max-src-conn 5, max-src-conn-rate 6/3, overload  flush global, pflow) \n\n\n\nThe last one lets anybody connect to the pop3 service, but any one source address can have only open five simultaneous connections and at a rate of six over three seconds.\n\nThe results were immediately visible. Monitoring the queues using pfctl -vvsq shows the tiny queue works as expected:\n\n\n\n   queue spamd parent rootq bandwidth 1K, max 1K qlimit 300\n    [ pkts:     196136  bytes:   12157940  dropped pkts: 398350 bytes: 24692564 ]\n    [ qlength: 300/300 ]\n    [ measured:     2.0 packets/s, 999.13 b/s ]\n\n\n\nand looking at the pop3 daemon's log entries, a typical encounter looks like this:\n\n\n\n   Apr 19 22:39:33 skapet spop3d[44875]: connect from 111.181.52.216\n   Apr 19 22:39:33 skapet spop3d[75112]: connect from 111.181.52.216\n   Apr 19 22:39:34 skapet spop3d[57116]: connect from 111.181.52.216\n   Apr 19 22:39:34 skapet spop3d[65982]: connect from 111.181.52.216\n   Apr 19 22:39:34 skapet spop3d[58964]: connect from 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[12410]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[63573]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[76113]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[23524]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[16916]: autologout time elapsed - 111.181.52.216\n\n\n\nhere the miscreant comes in way too fast and only manages to get five connections going before they're shunted to the tiny queue to fight it out with known spammers for a share of bandwidth.\nOne important takeaway from this, and possibly the most important point of this article, is that it does not take a lot of imagination to retool this setup to watch for and protect against undesirable activity directed at essentially any network service.\nYou pick the service and the ports it uses, then figure out what are the parameters that determine what is acceptable behavior. Once you have those parameters defined, you can choose to assign to a minimal queue like in this example, block outright, redirect to something unpleasant or even pass with a low probability.\n\n\n\n\n64-bit inodes (ino64) Status Update and Call for Testing\n\n\nInodes are data structures corresponding to objects in a file system, such as files and directories. FreeBSD has historically used 32-bit values to identify inodes, which limits file systems to somewhat under 232 objects. Many modern file systems internally use 64-bit identifiers and FreeBSD needs to follow suit to properly and fully support these file systems.\n\nThe 64-bit inode project, also known as ino64, started life many years ago as a project by Gleb Kurtsou (gleb@).  After that time several people have had a hand in updating it and addressing regressions, after mckusick@ picked up and updated the patch, and acted as a flag-waver.\n\n\n\nOverview : The ino64 branch extends the basic system types ino_t and dev_t from 32-bit to 64-bit, and nlink_t from 16-bit to 64-bit.\nMotivation : The main risk of the ino64 change is the uncontrolled ABI breakage.\nQuirks : We handled kinfo sysctl MIBs, but other MIBs which report structures depended on the changed type, are not handled in general.  It was considered that the breakage is either in the management interfaces, where we usually allow ABI slip, or is not important.\nTesting procedure : The ino64 project can be tested by cloning the project branch from GitHub or by applying the patch  to a working tree.\n\n\nNew kernel, old world.\nNew kernel, new world, old third-party applications.\n32bit compat.\nTargeted tests.\nNFS server and client test\nOther filesystems\nTest accounting\n\nPorts Status with ino64 : A ports exp-run for ino64 is open in PR 218320.\n5.1. LLVM : LLVM includes a component called Address Sanitizer or ASAN, which triesto intercept syscalls, and contains knowledge of the layout of many system structures.  Since stat and lstat syscalls were removed and several types and structures changed, this has to be reflected in the ASAN hacks.\n5.2. lang/ghc : The ghc compiler and parts of the runtime are written in Haskell, which means that to compile ghc, you need a working Haskell compiler for bootstrap.\n5.3. lang/rust Rustc has a similar structure to GHC, and same issue.  The same solution of patching the bootstrap was done.\nNext Steps : The tentative schedule for the ino64 project:\n\n\n2017-04-20 Post wide call for testing : Investigate and address port failures with maintainer support\n2017-05-05 Request second exp-run with initial patches applied : Investigate and address port failures with maintainer support\n2017-05-19 Commit to HEAD : Address post-commit failures where feasible\n***\n\n\n\nNews Roundup\n\nSing, beastie, sing!\n\n\nFreeBSD digital audio workstation, or DAW for short, is now possible. At this very moment it's not user friendly that much, but you'll manage. What I want to say is that I worked on porting some of the audio apps to FreeBSD, met some other people interested in porting audio stuff and became heavily involved with DrumGizmo - drum sampling engine. Let me start with the basic setup.\nFreeBSD doesn't have hard real-time support, but it's pretty close. For the needs of audio, FreeBSD's implementation of real-time is sufficient and, in my opinion, superior to the one you can get on Linux with RT path (which is ugly, not supported by distributions and breaks apps like VirtualBox). As default install of FreeBSD is concerned with real-time too much, we have to tweak sysctl a bit, so append this to your /etc/sysctl.conf:\n\n\n\n   kern.timecounter.alloweddeviation=0\n   hw.usb.uaudio.buffer_ms=2 # only on -STABLE for now\n   hw.snd.latency=0\n   kern.coredump=0\n\n\n\nSo let me go through the list. First item tells FreeBSD how many events it can aggregate (or wait for) before emitting them. The reason this is the default is because aggregating events saves power a bit, and currently more laptops are running FreeBSD than DAWs. Second one is the lowest possible buffer for USB audio driver. If you're not using USB audio, this won't change a thing. Third one has nothing to do with real-time, but dealing with programs that consume ~3GB of RAM, dumping cores around made a problem on my machine. Besides, core dumps are only useful if you know how to debug the problem, or someone is willing to do that for you. I like to not generate those files by default, but if some app is constantly crashing, I enable dumps, run the app, crash it, and disable dumps again. I lost 30GB in under a minute by examining 10 different drumkits of DrumGizmo and all of them gave me 3GB of core file, each.\nMore setup instructions follow, including jackd setup and PulseAudio using virtual_oss.\n\n\n\nWith this setup I can play OSS, JACK and PulseAudio sound all at the same time, which I was not able to do on Linux.\n\n\n\n\nFreeBSD 11 Unbound DNS server\n\n\nIn FreeBSD, there is a built-in DNS server called Unbound.\nSo why would run a local DNS server? I am in a region where internet traffic is still a bit expensive, that also implies slow, and high response times. To speed that a up a little, you can use own DNS server. It will speed up because for every homepage you visit, there will be several hooks to other domains: commercials, site components, and links to other sites. These, will now all be cached locally on your new DNS server. In my case I use an old PC-Engine Alix board for my home DNS server, but you can use almost everything, Raspberry Pi, old laptop/desktop and others. As long as it runs FreeBSD.\n\n\n\nGoes into more details about what commands to run and which services to start\nTry it out if you are in a similar situation\n***\n\n\nWhy it is important that documentation and tutorials be correct and carefully reviewed\n\n\nA group of researchers found that a lot of online web programming tutorials contain serious security flaws. They decided to do a research project to see how this impacts software that is written possibly based on those tutorials.\nThey used a number of simple google search terms to make a list of tutorials, and manually audited them for common vulnerabilities. They then crawled GitHub to find projects with very similar code snippets that might have been taken from those tutorials.\n\n\n\nThe Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi). Assuming that these tutorials influence real-world software development, we hypothesize that code snippets from popular tutorials can be used to bootstrap vulnerability discovery at scale. To validate our hypothesis, we propose a semi-automated approach to find recurring vulnerabilities starting from a handful of top-ranked tutorials that contain vulnerable code snippets. We evaluate our approach by performing an analysis of tens of thousands of open-source web applications to check if vulnerabilities originating in the selected tutorials recur.\nOur analysis framework has been running on a standard PC, analyzed 64,415 PHP codebases hosted on GitHub thus far, and found a total of 117 vulnerabilities that have a strong syntactic similarity to vulnerable code snippets present in popular tutorials. In addition to shedding light on the anecdotal belief that programmers reuse web tutorial code in an ad hoc manner, our study finds disconcerting evidence of insufficiently reviewed tutorials compromising the security of open-source projects.  Moreover, our findings testify to the feasibility of large-scale vulnerability discovery using poorly written tutorials as a starting point\n\n\n\nThe researchers found 117 vulnerabilities, of these, at least 8 appear to be nearly exact copy/pastes of the tutorials that were found to be vulnerable.\n***\n\n\n1.3.0 Development Preview: New icon themes\n\n\nAs version 1.3.0 of the Lumina desktop starts getting closer to release, I want to take a couple weeks and give you all some sneak peaks at some of the changes/updates that we have been working on (and are in the process of finishing up). \n\n\n\nNew icon theme\n\n\nMaterial Design Light/Dark \nThere are a lot more icons available in the reference icon packs which we still have not gotten around to renaming yet, but this initial version satisfies all the XDG standards for an icon theme + all the extra icons needed for Lumina and it’s utilities + a large number of additional icons for application use.\n\n\n\n\nThis highlights one the big things that I love about Lumina: it gives you an interface that is custom-tailored to YOUR needs/wants – rather than expecting YOU to change your routines to accomodate how some random developer/designer across the world thinks everybody should use a computer.\n\n\n\nLumina Media Player\n\n\n\nThis is a small utility designed to provide the ability for the user to play audio and video files on the local system, as well as stream audio from online sources. For now, only the Pandora internet radio service is supported via the “pianobar” CLI utility, which is an optional runtime dependency. However, we hope to gradually add new streaming sources over time. \nFor a long time I had been using another Pandora streaming client on my TrueOS desktop, but it was very fragile with respect to underlying changes: LibreSSL versions for example. The player would regularly stop functioning for a few update cycles until a version of LibreSSL which was “compatible” with the player was used. After enduring this for some time, I was finally frustrated enough to start looking for alternatives. \nA co-worker pointed me to a command-line utility called “pianobar“, which was also a small client for Pandora radio. After using pianobar for a couple weeks, I was impressed with how stable it was and how little “overhead” it required with regards to extra runtime dependencies. Of course, I started thinking “I could write a Qt5 GUI for that!”. Once I had a few free hours, I started writing what became lumina-mediaplayer. I started with the interface to pianobar itself to see how complicated it would be to interact with, but after a couple days of tinkering in my spare time, I realized I had a full client to Pandora radio basically finished.\n\n\n\n\nBeastie Bits\n\n\nvBSDCon CFP closes April 29th\nEuroBSDCon CFP closes April 30th\nclang(1) added to base on amd64 and i386\nTheo: “Most things come to an end, sorry.”\nASLR, PIE, NX, and other capital letters\nHow SSH got port number 22\nNetflix Serving 90Gb/s+ From Single Machines Using Tuned FreeBSD\nCompressed zfs send / receive lands in FreeBSD HEAD\n***\n\n\nFeedback/Questions\n\n\nSteve - FreeBSD Jobs\nMike - CuBox i4Pro\nSteve - Year of the BSD Desktop?\nBrad - Configuration Management\n***\n","content_html":"\u003cp\u003eWe cover TrueOS/Lumina working to be less dependent on Linux, How the IllumOS network stack works, Throttling the password gropers \u0026amp; the 64 bit inode call for testing.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://easychair.org/conferences/?conf=vbsdcon2017\" rel=\"nofollow\"\u003evBSDCon CFP closed April 29th\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2017.eurobsdcon.org/2017/03/13/call-for-proposals/\" rel=\"nofollow\"\u003eEuroBSDCon CFP closes April 30th\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/developer-commentary-philosophy-evolution-trueoslumina-thoughts/\" rel=\"nofollow\"\u003eDeveloper Commentary: Philosophy, Evolution of TrueOS/Lumina, and Other Thoughts.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhilosophy of Development\n\n\u003cul\u003e\n\u003cli\u003eNo project is an island. Every single project needs or uses some other external utility, library, communications format, standards compliance, and more in order to be useful.\u003c/li\u003e\n\u003cli\u003eA static project is typically a dead project. A project needs regular upkeep and maintenance to ensure it continues to build and run with the current ecosystem of libraries and utilities, even if the project has no considerable changes to the code base or feature set. “Upstream” decisions can have drastic consequences on your project.\u003c/li\u003e\n\u003cli\u003eThrough no fault of yours, your project can be rendered obsolete or broken by changing standards in the global ecosystem that affect your project’s dependencies.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOperating system focus is key. What OS is the project originally designed for? This determines how the “upstream” dependencies list appears and which “heartbeat” to monitor.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eEvolution of PC-BSD, Lumina, and TrueOS.  With these principles in mind – let\u0026#39;s look at PC-BSD, Lumina, and TrueOS.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ePC-BSD : PC-BSD was largely designed around KDE on FreeBSD. KDE/Plasma5 has been available for Linux OS’s for well over a year, but is still not generally available on FreeBSD. It is still tucked away in the experimental “area51” repository where people are trying to get it working first.\u003c/li\u003e\n\u003cli\u003eLumina : As a developer with PC-BSD for a long time, and a tester from nearly the beginning of the project, I was keenly aware  the “winds of change” were blowing in the open-source ecosystem.\u003c/li\u003e\n\u003cli\u003eTrueOS : All of these ecosystem changes finally came to a head for us near the beginning of 2016. KDE4 was starting to deteriorate underneath us, and the FreeBSD “Release” branch would never allow us to compete with the rate of graphics driver or standards changes coming out of the Linux camp.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe Rename and Next Steps\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith all of these changes and the lack of a clear “upgrade” path from PC-BSD to the new systems, we decided it was necessary to change the project itself (name and all). To us, this was the only way to ensure people were aware of the differences, and that TrueOS really is a different kind of project from PC-BSD. Note this was not a “hostile takeover” of the PC-BSD project by rabid FreeBSD fanatics. This was more a refocusing of the PC-BSD project into something that could ensure longevity and reliability for the foreseeable future.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n Does TrueOS have bugs and issues? Of course! That is the nature of “rolling” with upstream changes all the time. Not only do you always get the latest version of something (a good thing), you also find yourself on the “front line” for finding and reporting bugs in those same applications (a bad thing if you like consistency or stability). What you are also seeing is just how much “churn” happens in the open-source ecosystem at any given time.\n We are devoted to providing our users (and ourselves – don’t forget we use TrueOS every day too!) a stable, reliable, and secure experience. Please be patient as we continue striving toward this goal in the best way possible, not just doing what works for the moment, but the project’s future too.\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=vnD10WQ2930\" rel=\"nofollow\"\u003eRobert Mustacchi: Excerpts from The Soft Ring Cycle #1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author of the “Turtles on the Wire” post we featured the other week, is back with a video.\u003c/li\u003e\n\u003cli\u003eJoyent has started a new series of lunchtime technical discussions to share information as they grow their engineering team\u003c/li\u003e\n\u003cli\u003eThis video focuses on the network stack, how it works, and how it relates to virtualization and multi-tenancy\u003c/li\u003e\n\u003cli\u003eBasically, how the network stack on IllumOS works when you have virtual tenants, be they virtual machines or zones\u003c/li\u003e\n\u003cli\u003eThe video describes the many layers of the network stack, how they work together, and how they can be made to work quickly\u003c/li\u003e\n\u003cli\u003eIt also talks about the trade-offs between high throughput and low latency\u003c/li\u003e\n\u003cli\u003eHow security is enforced, so virtual tenants cannot send packets into VLANs they are not members of, or receive traffic that they are not allowed to by the administrator\u003c/li\u003e\n\u003cli\u003eHow incoming packets are classified, and eventually delivered to the intended destination\u003c/li\u003e\n\u003cli\u003eHow the system decides if it has enough available resources to process the packet, or if it needs to be dropped\u003c/li\u003e\n\u003cli\u003eHow interface polling works on IllumOS (a lot different than on FreeBSD)\u003c/li\u003e\n\u003cli\u003eThen the last 20 minutes are about how the qemu interface of the KVM hypervisor interfaces with the network stack\u003c/li\u003e\n\u003cli\u003eWe look forward to seeing more of these videos as they come out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html\" rel=\"nofollow\"\u003eForcing the password gropers through a smaller hole with OpenBSD\u0026#39;s PF queues\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile preparing material for the upcoming \u003ca href=\"http://www.bsdcan.org/2017/schedule/events/805.en.html\" rel=\"nofollow\"\u003eBSDCan PF and networking tutorial\u003c/a\u003e, I realized that the pop3 gropers were actually not much fun to watch anymore. So I used the traffic shaping features of my OpenBSD firewall to let the miscreants inflict some pain on themselves. Watching logs became fun again.\u003cbr\u003e\nThe actual useful parts of this article follow - take this as a walkthrough of how to mitigate a wide range of threats and annoyances.\u003cbr\u003e\nFirst, analyze the behavior that you want to defend against. In our case that\u0026#39;s fairly obvious: We have a service that\u0026#39;s getting a volume of unwanted traffic, and looking at our logs the attempts come fairly quickly with a number of repeated attempts from each source address.\u003cbr\u003e\nI\u0026#39;ve written about the rapid-fire ssh bruteforce attacks and their mitigation before (and of course it\u0026#39;s in The Book of PF) as well as the slower kind where those techniques actually come up short. The traditional approach to ssh bruteforcers has been to simply block their traffic, and the state-tracking features of PF let you set up overload criteria that add the source addresses to the table that holds the addresses you want to block.\u003cbr\u003e\nFor the system that runs our pop3 service, we also have a PF ruleset in place with queues for traffic shaping. For some odd reason that ruleset is fairly close to the HFSC traffic shaper example in The Book of PF, and it contains a queue that I set up mainly as an experiment to annoy spammers (as in, the ones that are already for one reason or the other blacklisted by our spamd).\u003cbr\u003e\nThe queue is defined like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e \n queue spamd parent rootq bandwidth 1K min 0K max 1K qlimit 300\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eyes, that\u0026#39;s right. A queue with a maximum throughput of 1 kilobit per second. I have been warned that this is small enough that the code may be unable to strictly enforce that limit due to the timer resolution in the HFSC code. But that didn\u0026#39;t keep me from trying.\u003cbr\u003e\nNow a few small additions to the ruleset are needed for the good to put the evil to the task. We start with a table to hold the addresses we want to mess with. Actually, I\u0026#39;ll add two, for reasons that will become clear later:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n   table \u003clongterm\u003e persist counters \n   table \u003cpopflooders\u003e persist counters \n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe rules that use those tables are:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n   block drop log (all) quick from \u003clongterm\u003e \n\n   pass in quick log (all) on egress proto tcp from \u003cpopflooders\u003e to port pop3 flags S/SA keep state \\ \n   (max-src-conn 2, max-src-conn-rate 3/3, overload \u003clongterm\u003e flush global, pflow) set queue spamd \n\n   pass in log (all) on egress proto tcp to port pop3 flags S/SA keep state \\ \n   (max-src-conn 5, max-src-conn-rate 6/3, overload \u003cpopflooders\u003e flush global, pflow) \n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe last one lets anybody connect to the pop3 service, but any one source address can have only open five simultaneous connections and at a rate of six over three seconds.\u003c/p\u003e\n\n\u003cp\u003eThe results were immediately visible. Monitoring the queues using pfctl -vvsq shows the tiny queue works as expected:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n   queue spamd parent rootq bandwidth 1K, max 1K qlimit 300\n    [ pkts:     196136  bytes:   12157940  dropped pkts: 398350 bytes: 24692564 ]\n    [ qlength: 300/300 ]\n    [ measured:     2.0 packets/s, 999.13 b/s ]\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eand looking at the pop3 daemon\u0026#39;s log entries, a typical encounter looks like this:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n   Apr 19 22:39:33 skapet spop3d[44875]: connect from 111.181.52.216\n   Apr 19 22:39:33 skapet spop3d[75112]: connect from 111.181.52.216\n   Apr 19 22:39:34 skapet spop3d[57116]: connect from 111.181.52.216\n   Apr 19 22:39:34 skapet spop3d[65982]: connect from 111.181.52.216\n   Apr 19 22:39:34 skapet spop3d[58964]: connect from 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[12410]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[63573]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[76113]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[23524]: autologout time elapsed - 111.181.52.216\n   Apr 19 22:40:34 skapet spop3d[16916]: autologout time elapsed - 111.181.52.216\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ehere the miscreant comes in way too fast and only manages to get five connections going before they\u0026#39;re shunted to the tiny queue to fight it out with known spammers for a share of bandwidth.\u003cbr\u003e\nOne important takeaway from this, and possibly the most important point of this article, is that it does not take a lot of imagination to retool this setup to watch for and protect against undesirable activity directed at essentially any network service.\u003cbr\u003e\nYou pick the service and the ports it uses, then figure out what are the parameters that determine what is acceptable behavior. Once you have those parameters defined, you can choose to assign to a minimal queue like in this example, block outright, redirect to something unpleasant or even pass with a low probability.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-fs/2017-April/024684.html\" rel=\"nofollow\"\u003e64-bit inodes (ino64) Status Update and Call for Testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eInodes are data structures corresponding to objects in a file system, such as files and directories. FreeBSD has historically used 32-bit values to identify inodes, which limits file systems to somewhat under 2\u003csup\u003e32\u003c/sup\u003e objects. Many modern file systems internally use 64-bit identifiers and FreeBSD needs to follow suit to properly and fully support these file systems.\u003c/p\u003e\n\n\u003cp\u003eThe 64-bit inode project, also known as ino64, started life many years ago as a project by Gleb Kurtsou (gleb@).  After that time several people have had a hand in updating it and addressing regressions, after mckusick@ picked up and updated the patch, and acted as a flag-waver.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003col\u003e\n\u003cli\u003eOverview : The ino64 branch extends the basic system types ino_t and dev_t from 32-bit to 64-bit, and nlink_t from 16-bit to 64-bit.\u003c/li\u003e\n\u003cli\u003eMotivation : The main risk of the ino64 change is the uncontrolled ABI breakage.\u003c/li\u003e\n\u003cli\u003eQuirks : We handled kinfo sysctl MIBs, but other MIBs which report structures depended on the changed type, are not handled in general.  It was considered that the breakage is either in the management interfaces, where we usually allow ABI slip, or is not important.\u003c/li\u003e\n\u003cli\u003eTesting procedure : The ino64 project can be tested by cloning the project branch from GitHub or by applying the patch \u003cfrom the Phabricator review | locatedat URL | attached\u003e to a working tree.\n\n\u003cul\u003e\n\u003cli\u003eNew kernel, old world.\u003c/li\u003e\n\u003cli\u003eNew kernel, new world, old third-party applications.\u003c/li\u003e\n\u003cli\u003e32bit compat.\u003c/li\u003e\n\u003cli\u003eTargeted tests.\u003c/li\u003e\n\u003cli\u003eNFS server and client test\u003c/li\u003e\n\u003cli\u003eOther filesystems\u003c/li\u003e\n\u003cli\u003eTest accounting\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003ePorts Status with ino64 : A ports exp-run for ino64 is open in PR 218320.\n5.1. LLVM : LLVM includes a component called Address Sanitizer or ASAN, which triesto intercept syscalls, and contains knowledge of the layout of many system structures.  Since stat and lstat syscalls were removed and several types and structures changed, this has to be reflected in the ASAN hacks.\n5.2. lang/ghc : The ghc compiler and parts of the runtime are written in Haskell, which means that to compile ghc, you need a working Haskell compiler for bootstrap.\n5.3. lang/rust Rustc has a similar structure to GHC, and same issue.  The same solution of patching the bootstrap was done.\u003c/li\u003e\n\u003cli\u003eNext Steps : The tentative schedule for the ino64 project:\n\n\u003cul\u003e\n\u003cli\u003e2017-04-20 Post wide call for testing : Investigate and address port failures with maintainer support\u003c/li\u003e\n\u003cli\u003e2017-05-05 Request second exp-run with initial patches applied : Investigate and address port failures with maintainer support\u003c/li\u003e\n\u003cli\u003e2017-05-19 Commit to HEAD : Address post-commit failures where feasible\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://meka.rs/blog/2017/01/25/sing-beastie-sing/\" rel=\"nofollow\"\u003eSing, beastie, sing!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD digital audio workstation, or DAW for short, is now possible. At this very moment it\u0026#39;s not user friendly that much, but you\u0026#39;ll manage. What I want to say is that I worked on porting some of the audio apps to FreeBSD, met some other people interested in porting audio stuff and became heavily involved with DrumGizmo - drum sampling engine. Let me start with the basic setup.\u003cbr\u003e\nFreeBSD doesn\u0026#39;t have hard real-time support, but it\u0026#39;s pretty close. For the needs of audio, FreeBSD\u0026#39;s implementation of real-time is sufficient and, in my opinion, superior to the one you can get on Linux with RT path (which is ugly, not supported by distributions and breaks apps like VirtualBox). As default install of FreeBSD is concerned with real-time too much, we have to tweak sysctl a bit, so append this to your /etc/sysctl.conf:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cblockquote\u003e\n   kern.timecounter.alloweddeviation=0\n   hw.usb.uaudio.buffer_ms=2 # only on -STABLE for now\n   hw.snd.latency=0\n   kern.coredump=0\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo let me go through the list. First item tells FreeBSD how many events it can aggregate (or wait for) before emitting them. The reason this is the default is because aggregating events saves power a bit, and currently more laptops are running FreeBSD than DAWs. Second one is the lowest possible buffer for USB audio driver. If you\u0026#39;re not using USB audio, this won\u0026#39;t change a thing. Third one has nothing to do with real-time, but dealing with programs that consume ~3GB of RAM, dumping cores around made a problem on my machine. Besides, core dumps are only useful if you know how to debug the problem, or someone is willing to do that for you. I like to not generate those files by default, but if some app is constantly crashing, I enable dumps, run the app, crash it, and disable dumps again. I lost 30GB in under a minute by examining 10 different drumkits of DrumGizmo and all of them gave me 3GB of core file, each.\u003c/li\u003e\n\u003cli\u003eMore setup instructions follow, including jackd setup and PulseAudio using virtual_oss.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith this setup I can play OSS, JACK and PulseAudio sound all at the same time, which I was not able to do on Linux.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://itso.dk/?p=499\" rel=\"nofollow\"\u003eFreeBSD 11 Unbound DNS server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn FreeBSD, there is a built-in DNS server called Unbound.\u003cbr\u003e\nSo why would run a local DNS server? I am in a region where internet traffic is still a bit expensive, that also implies slow, and high response times. To speed that a up a little, you can use own DNS server. It will speed up because for every homepage you visit, there will be several hooks to other domains: commercials, site components, and links to other sites. These, will now all be cached locally on your new DNS server. In my case I use an old PC-Engine Alix board for my home DNS server, but you can use almost everything, Raspberry Pi, old laptop/desktop and others. As long as it runs FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGoes into more details about what commands to run and which services to start\u003c/li\u003e\n\u003cli\u003eTry it out if you are in a similar situation\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arxiv.org/pdf/1704.02786.pdf\" rel=\"nofollow\"\u003eWhy it is important that documentation and tutorials be correct and carefully reviewed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA group of researchers found that a lot of online web programming tutorials contain serious security flaws. They decided to do a research project to see how this impacts software that is written possibly based on those tutorials.\u003c/li\u003e\n\u003cli\u003eThey used a number of simple google search terms to make a list of tutorials, and manually audited them for common vulnerabilities. They then crawled GitHub to find projects with very similar code snippets that might have been taken from those tutorials.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi). Assuming that these tutorials influence real-world software development, we hypothesize that code snippets from popular tutorials can be used to bootstrap vulnerability discovery at scale. To validate our hypothesis, we propose a semi-automated approach to find recurring vulnerabilities starting from a handful of top-ranked tutorials that contain vulnerable code snippets. We evaluate our approach by performing an analysis of tens of thousands of open-source web applications to check if vulnerabilities originating in the selected tutorials recur.\u003cbr\u003e\nOur analysis framework has been running on a standard PC, analyzed 64,415 PHP codebases hosted on GitHub thus far, and found a total of 117 vulnerabilities that have a strong syntactic similarity to vulnerable code snippets present in popular tutorials. In addition to shedding light on the anecdotal belief that programmers reuse web tutorial code in an ad hoc manner, our study finds disconcerting evidence of insufficiently reviewed tutorials compromising the security of open-source projects.  Moreover, our findings testify to the feasibility of large-scale vulnerability discovery using poorly written tutorials as a starting point\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe researchers found 117 vulnerabilities, of these, at least 8 appear to be nearly exact copy/pastes of the tutorials that were found to be vulnerable.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/1-3-0-development-preview-new-icon-themes/\" rel=\"nofollow\"\u003e1.3.0 Development Preview: New icon themes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs version 1.3.0 of the Lumina desktop starts getting closer to release, I want to take a couple weeks and give you all some sneak peaks at some of the changes/updates that we have been working on (and are in the process of finishing up). \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lumina-desktop.org/1-3-0-development-preview-new-icon-themes/\" rel=\"nofollow\"\u003eNew icon theme\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eMaterial Design Light/Dark \u003c/li\u003e\n\u003cli\u003eThere are a lot more icons available in the reference icon packs which we still have not gotten around to renaming yet, but this initial version satisfies all the XDG standards for an icon theme + all the extra icons needed for Lumina and it’s utilities + a large number of additional icons for application use.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis highlights one the big things that I love about Lumina: it gives you an interface that is custom-tailored to YOUR needs/wants – rather than expecting YOU to change your routines to accomodate how some random developer/designer across the world thinks everybody should use a computer.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lumina-desktop.org/1-3-0-development-preview-lumina-mediaplayer/\" rel=\"nofollow\"\u003eLumina Media Player\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a small utility designed to provide the ability for the user to play audio and video files on the local system, as well as stream audio from online sources. For now, only the Pandora internet radio service is supported via the “pianobar” CLI utility, which is an optional runtime dependency. However, we hope to gradually add new streaming sources over time. \u003cbr\u003e\nFor a long time I had been using another Pandora streaming client on my TrueOS desktop, but it was very fragile with respect to underlying changes: LibreSSL versions for example. The player would regularly stop functioning for a few update cycles until a version of LibreSSL which was “compatible” with the player was used. After enduring this for some time, I was finally frustrated enough to start looking for alternatives. \u003cbr\u003e\nA co-worker pointed me to a command-line utility called “pianobar“, which was also a small client for Pandora radio. After using pianobar for a couple weeks, I was impressed with how stable it was and how little “overhead” it required with regards to extra runtime dependencies. Of course, I started thinking “I could write a Qt5 GUI for that!”. Once I had a few free hours, I started writing what became lumina-mediaplayer. I started with the interface to pianobar itself to see how complicated it would be to interact with, but after a couple days of tinkering in my spare time, I realized I had a full client to Pandora radio basically finished.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://easychair.org/conferences/?conf=vbsdcon2017\" rel=\"nofollow\"\u003evBSDCon CFP closes April 29th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2017.eurobsdcon.org/2017/03/13/call-for-proposals/\" rel=\"nofollow\"\u003eEuroBSDCon CFP closes April 30th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170421001933\" rel=\"nofollow\"\u003eclang(1) added to base on amd64 and i386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=149232307018311\u0026w=2\" rel=\"nofollow\"\u003eTheo: “Most things come to an end, sorry.”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.dragonflydigest.com/2017/04/24/19609.html\" rel=\"nofollow\"\u003eASLR, PIE, NX, and other capital letters\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ssh.com/ssh/port\" rel=\"nofollow\"\u003eHow SSH got port number 22\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://news.ycombinator.com/item?id=14128637\" rel=\"nofollow\"\u003eNetflix Serving 90Gb/s+ From Single Machines Using Tuned FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=317414\" rel=\"nofollow\"\u003eCompressed zfs send / receive lands in FreeBSD HEAD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3QSMYEH#wrap\" rel=\"nofollow\"\u003eSteve - FreeBSD Jobs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0NNYH22#wrap\" rel=\"nofollow\"\u003eMike - CuBox i4Pro\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1QRZBPD#wrap\" rel=\"nofollow\"\u003eSteve - Year of the BSD Desktop?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2TFV8AJ#wrap\" rel=\"nofollow\"\u003eBrad - Configuration Management\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We cover TrueOS/Lumina working to be less dependent on Linux, How the IllumOS network stack works, Throttling the password gropers \u0026 the 64 bit inode call for testing.","date_published":"2017-04-26T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c2ced77d-4e0a-40af-8909-a75819362a4d.mp3","mime_type":"audio/mpeg","size_in_bytes":91421140,"duration_in_seconds":7618}]},{"id":"919a0bc5-1fd4-4195-bb5d-5f587826c25e","title":"190: The Moore You Know","url":"https://www.bsdnow.tv/190","content_text":"This week, we look forward with the latest OpenBSD release, look back with Dennis Ritchie’s paper on the evolution of Unix Time Sharing, have an Interview with Kris\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nOpenBSD 6.1 RELEASED\n\n\nMailing list post\nWe are pleased to announce the official release of OpenBSD 6.1. This is our 42nd release.\nNew/extended platforms:\n\n\nNew arm64 platform, using clang(1) as the base system compiler.\nThe loongson platform now supports systems with Loongson 3A CPU and RS780E chipset.\nThe following platforms were retired: armish, sparc, zaurus\n\nNew vmm(4)/ vmd(8)\nIEEE 802.11 wireless stack improvements\nGeneric network stack improvements\nInstaller improvements\nRouting daemons and other userland network improvements\nSecurity improvements\ndhclient(8)/ dhcpd(8)/ dhcrelay(8) improvements\nAssorted improvements\nOpenSMTPD 6.0.0\nOpenSSH 7.4\nLibreSSL 2.5.3\nmandoc 1.14.1\n***\n\n\nFuzz Testing OpenSSH\n\n\nVegard Nossum writes a blog post explaining how to fuzz OpenSSH using AFL\nIt starts by compiling AFL and SSH with LLVM to get extra instrumentation to make the fuzzing process better, and faster\nSandboxing, PIE, and other features are disabled to increase debuggability, and to try to make breaking SSH easier\nPrivsep is also disabled, because when AFL does make SSH crash, the child process crashing causes the parent process to exit normally, and AFL then doesn’t realize that a crash has happened. A one-line patch disables the privsep feature for the purposes of testing\nA few other features are disabled to make testing easier (disabling replay attack protection allows the same inputs to be reused many times), and faster:\n\n\nthe local arc4random_buf() is patched to return a buffer of zeros\ndisabling CRC checks\ndisabling MAC checks\ndisabling encryption (allow the NULL cipher for everything)\nadd a call to __AFL_INIT(), to enable “deferred forkserver mode”\ndisabling closefrom()\n“Skipping expensive DH/curve and key derivation operations”\n\nThen, you can finally get around to writing some test cases\nThe steps are all described in detail\nIn one day of testing, the author found a few NULL dereferences that have since been fixed.\nMaybe you can think of some other code paths through SSH that should be tested, or want to test another daemon\n***\n\n\nGetting OpenBSD running on Raspberry Pi 3\n\n\nIan Darwin writes in about his work deploying the arm64 platform and the Raspberry Pi 3\nSo I have this empty white birdhouse-like thing in the yard, open at the front. It was intended to house the wireless remote temperature sensor from a low-cost weather station, which had previously been mounted on a dark-colored wall of the house [...]. But when I put the sensor into the birdhouse, the signal is too weak for the weather station to receive it (the mounting post was put in place by a previous owner of our property, and is set deeply in concrete). So the next plan was to pop in a tiny OpenBSD computer with a uthum(4) temperature sensor and stream the temperature over WiFi.\nThe Raspberry Pi computers are interesting in their own way: intending to bring low-cost computing to everybody, they take shortcuts and omit things that you'd expect on a laptop or desktop. They aren't too bright on their own: there's very little smarts in the board compared to the \"BIOS\" and later firmwares on conventional systems. Some of the \"smarts\" are only available as binary files. This was part of the reason that our favorite OS never came to the Pi Party for the original rpi, and didn't quite arrive for the rpi2. With the rpi3, though, there is enough availability that our devs were able to make it boot. Some limitations remain, though: if you want to build your own full release, you have to install the dedicated raspberrypi-firmware package from the ports tree. And, the boot disks have to have several extra files on them - this is set up on the install sets, but you should be careful not to mess with these extra files until you know what you're doing!\n\nBut wait! Before you read on, please note that, as of April 1, 2017, this platform boots up but is not yet ready for prime time:\n\n\n\nthere's no driver for SD/MMC but that's the only thing the hardware can level-0 boot from, so you need both the uSD card and a USB disk, at least while getting started;\nthere is no support for the built-in WiFi (a Broadcom BCM43438 SDIO 802.11), so you have to use wired Ethernet or a USB WiFi dongle (for my project an old MSI that shows up as ural(4) seems to work fine);\nthe HDMI driver isn't used by the kernel (if a monitor is plugged in uBoot will display its messages there), so you need to set up cu with a 3V serial cable, at least for initial setup.\nthe ports tree isn't ready to cope with the base compiler being clang yet, so packages are \"a thing of the future\"\n\n\n\nBut wait - there's more! The \"USB disk\" can be a USB thumb drive, though they're generally slower than a \"real\" disk. My first forays used a Kingston DTSE9, the hardy little steel-cased version of the popular DataTraveler line. I was able to do the install, and boot it, once (when I captured the dmesg output shown below). After that, it failed - the boot process hung with the ever-unpopular \"scanning usb for storage devices...\" message. I tried the whole thing again with a second DTSE9, and with a 32GB plastic-cased DataTraveler. Same results. After considerable wasted time, I found a post on RPI's own site which dates back to the early days of the PI 3, in which they admit that they took shortcuts in developing the firmware, and it just can't be made to work with the Kingston DataTraveler! Not having any of the \"approved\" devices, and not living around the corner from a computer store, I switched to a Sabrent USB dock with a 320GB Western Digital disk, and it's been rock solid. Too big and energy-hungry for the final project, but enough to show that the rpi3 can be solid with the right (solid-state) disk. And fast enough to build a few simple ports - though a lot will not build yet. I then found and installed OpenBSD onto a “PNY” brand thumb drive and found it solid - in fact I populated it by dd’ing from one of the DataTraveller drives, so they’re not at fault.\n\n\n\nCheck out the full article for detailed setup instructions\n***\n\n\nDennis M. Ritchie’s Paper: The Evolution of the Unix Time Sharing System\n\n\nFrom the abstract:\n\n\n\nThis paper presents a brief history of the early development of the Unix operating system. It concentrates on the evolution of the file system, the process-control mechanism, and the idea of pipelined commands. Some attention is paid to social conditions during the development of the system. \nDuring the past few years, the Unix operating system has come into wide use, so wide that its very name has become a trademark of Bell Laboratories. Its important characteristics have become known to many people. It has suffered much rewriting and tinkering since the first publication describing it in 1974 [1], but few fundamental changes. However, Unix was born in 1969 not 1974, and the account of its development makes a little-known and perhaps instructive story. This paper presents a technical and social history of the evolution of the system. \n\n\n\nHigh level document structure:\n\n\n\nOrigins\nThe PDP-7 Unix file system \nProcess control\nIO Redirection\nThe advent of the PDP-11\nThe first PDP-11 system\nPipes\nHigh-level languages\nConclusion\n\nOne of the comforting things about old memories is their tendency to take on a rosy glow. The programming environment provided by the early versions of Unix seems, when described here, to be extremely harsh and primitive. I am sure that if forced back to the PDP-7 I would find it intolerably limiting and lacking in conveniences. Nevertheless, it did not seem so at the time; the memory fixes on what was good and what lasted, and on the joy of helping to create the improvements that made life better. In ten years, I hope we can look back with the same mixed impression of progress combined with continuity. \n\n\n\n\nInterview - Kris Moore - kris@trueos.org | @pcbsdkris\n\n\nDirector of Engineering at iXSystems\nFreeNAS \n\n\n\n\nNews Roundup\n\nCompressed zfs send / receive now in FreeBSD’s vendor area\n\n\nAndriy Gapon committed a whole lot of ZFS updates to FreeBSD’s vendor area\nThis feature takes advantage of the new compressed ARC feature, which means blocks that are compressed on disk, remain compressed in ZFS’ RAM cache, to use the compressed blocks when using ZFS replication.\nPreviously, blocks were uncompressed, sent (usually over the network), then recompressed on the other side.\nThis is rather wasteful, and can make the process slower, not just because of the CPU time wasted decompressing/recompressing the data, but because it means more data has to be sent over the network.\nThis caused many users to end up doing: zfs send | xz -T0 | ssh unxz | zfs recv, or similar, to compress the data before sending it over the network.\nWith this new feature, zfs send with the new -c flag, will transmit the already compressed blocks instead.\nThis change also adds longopts versions of all of the zfs send flags, making them easier to understand when written in shell scripts.\nA lot of fixes, man page updates, etc. from upstream OpenZFS \nThanks to everyone who worked on these fixes and features!\nWe’ll announce when these have been committed to head for testing\n***\n\n\nGranting privileges using the FreeBSD MAC framework \n\n\nThe MAC (Mandatory Access Control) framework allows finer grained permissions than the standard UNIX permissions that exist in the base system\n\n\n\nFreeBSD’s kernel provides quite sophisticated privilege model that extends the traditional UNIX user-and-group one. Here I’ll show how to leverage it to grant access to specific privileges to group of non-root users.\nmac(9) allows creating pluggable modules with policies that can extend existing base system security definitions. struct mac_policy_ops consist of many entry points that we can use to amend the behaviour.\nThis time, I wanted to grant a privilege to change realtime priority to a selected group. While Linux kernel lets you specify a named group, FreeBSD doesn’t have such ability, hence I created this very simple policy.\nThe privilege check can be extended using two user supplied functions: priv_check and priv_grant. The first one can be used to further restrict existing privileges, i.e. you can disallow some specific priv to be used in jails, etc. The second one is used to explicitly grant extra privileges not available for the target in base configuration.\nThe core of the mac_rtprio module is dead simple. I defined sysctl tree for two oids: enable (on/off switch for the policy) and gid (the GID target has to be member of), then I specified our custom version of mpo_priv_grant called rtprio_priv_grant. Body of my granting function is even simpler. If the policy is disabled or the privilege that is being checked is not PRIV_SCHED_RTPRIO, we simply skip and return EPERM. If the user is member of the designated group we return 0 that’ll allow the action – target would change realtime privileges.\n\n\n\nAnother useful thing the MAC framework can be used to grant to non-root users: PortACL: The ability to bind to TCP/UDP ports less than 1024, which is usually restricted to root.\nSome other uses for the MAC framework are discussed in The FreeBSD Handbook\nHowever, there are lots more, and we would really like to see more tutorials and documentation on using MAC to make more secure servers, but allowing the few specific things that normally require root access.\n***\n\n\nThe Story of the PING Program\n\n\nThis is from the homepage of Mike Muuss:\n\n\n\nYes, it's true! I'm the author of ping for UNIX. Ping is a little thousand-line hack that I wrote in an evening which practically everyone seems to know about. :-)\nI named it after the sound that a sonar makes, inspired by the whole principle of cho-location. In college I'd done a lot of modeling of sonar and radar systems, so the \"Cyberspace\" analogy seemed very apt. It's exactly the same paradigm applied to a new problem domain: ping uses timed IP/ICMP ECHO_REQUEST and ECHO_REPLY packets to probe the \"distance\" to the target machine.\nMy original impetus for writing PING for 4.2a BSD UNIX came from an offhand remark in July 1983 by Dr. Dave Mills while we were attending a DARPA meeting in Norway, in which he described some work that he had done on his \"Fuzzball\" LSI-11 systems to measure path latency using timed ICMP Echo packets.\nIn December of 1983 I encountered some odd behavior of the IP network at BRL. Recalling Dr. Mills' comments, I quickly coded up the PING program, which revolved around opening an ICMP style SOCK_RAW AF_INET Berkeley-style socket(). The code compiled just fine, but it didn't work -- there was no kernel support for raw ICMP sockets! Incensed, I coded up the kernel support and had everything working well before sunrise. Not surprisingly, Chuck Kennedy (aka \"Kermit\") had found and fixed the network hardware before I was able to launch my very first \"ping\" packet. But I've used it a few times since then. grin If I'd known then that it would be my most famous accomplishment in life, I might have worked on it another day or two and added some more options.\nThe folks at Berkeley eagerly took back my kernel modifications and the PING source code, and it's been a standard part of Berkeley UNIX ever since. Since it's free, it has been ported to many systems since then, including Microsoft Windows95 and WindowsNT.\nIn 1993, ten years after I wrote PING, the USENIX association presented me with a handsome scroll, pronouncing me a Joint recipient of The USENIX Association 1993 Lifetime Achievement Award presented to the Computer Systems Research Group, University of California at Berkeley 1979-1993. ``Presented to honor profound intellectual achievement and unparalleled service to our Community. At the behest of CSRG principals we hereby recognize the following individuals and organizations as CSRG participants, contributors and supporters.'' Wow!\nThe best ping story I've ever heard was told to me at a USENIX conference, where a network administrator with an intermittent Ethernet had linked the ping program to his vocoder program, in essence writing:\nping goodhost | sed -e 's/.*/ping/' | vocoder\nHe wired the vocoder's output into his office stereo and turned up the volume as loud as he could stand. The computer sat there shouting \"Ping, ping, ping...\" once a second, and he wandered through the building wiggling Ethernet connectors until the sound stopped. And that's how he found the intermittent failure.\n\n\n\n\nFreeBSD: /usr/local/lib/libpkg.so.3: Undefined symbol \"utimensat\"\n\n\nThe internet will tell you that, of course, 10.2 is EOL, that packages are being built for 10.3 by now and to better upgrade to the latest version of FreeBSD. While all of this is true and running the latest versions is generally good advise, in most cases it is unfeasible to do an entire OS upgrade just to be able to install a package.\n\n\n\nPoints out the ABI variable being used in /usr/local/etc/pkg/repos/FreeBSD.conf\n\n\n\nNow, if you have 10.2 installed and 10.3 is the current latest FreeBSD version, this url will point to packages built for 10.3 resulting in the problem that, when running pkg upgrade pkg it’ll go ahead and install the latest version of pkg build for 10.3 onto your 10.2 system. Yikes! FreeBSD 10.3 and pkgng broke the ABI by introducing new symbols, like utimensat.\n\n\n\nThe solution:\n\n\n\nHave a look at the actual repo url http://pkg.FreeBSD.org/FreeBSD:10:amd64… there’s repo’s for each release! Instead of going through the tedious process of upgrading FreeBSD you just need to Use a repo url that fits your FreeBSD release:\n\nUpdate the package cache: pkg update\nDowngrade pkgng (in case you accidentally upgraded it already): pkg delete -f pkg\npkg install -y pkg\nInstall your package\nThere you go. Don’t fret. But upgrade your OS soon ;)\n\n\n\n\n\n\nBeastie Bits\n\n\nCPU temperature collectd report on NetBSD\nBooting FreeBSD 11 with NVMe and ZFS on AMD Ryzen\nBeagleBone Black Tor relay\nFreeBSD - Disable in-tree GDB by default on x86, mips, and powerpc\nCharmBUG April Meetup\nThe origins of XXX as FIXME\n***\n\n\nFeedback/Questions\n\n\nFelis - L2ARC\nGabe - FreeBSD Server Install\nFEMP Script\nScott - FreeNAS \u0026amp; LAGG\nMarko - Backups\n***\n","content_html":"\u003cp\u003eThis week, we look forward with the latest OpenBSD release, look back with Dennis Ritchie’s paper on the evolution of Unix Time Sharing, have an Interview with Kris\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170411132956\" rel=\"nofollow\"\u003eOpenBSD 6.1 RELEASED\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=149191716921690\u0026w=2\u0026#x27;\" rel=\"nofollow\"\u003eMailing list post\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are pleased to announce the official release of OpenBSD 6.1. This is our 42nd release.\u003c/li\u003e\n\u003cli\u003eNew/extended platforms:\n\n\u003cul\u003e\n\u003cli\u003eNew arm64 platform, using clang(1) as the base system compiler.\u003c/li\u003e\n\u003cli\u003eThe loongson platform now supports systems with Loongson 3A CPU and RS780E chipset.\u003c/li\u003e\n\u003cli\u003eThe following platforms were retired: armish, sparc, zaurus\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eNew vmm(4)/ vmd(8)\u003c/li\u003e\n\u003cli\u003eIEEE 802.11 wireless stack improvements\u003c/li\u003e\n\u003cli\u003eGeneric network stack improvements\u003c/li\u003e\n\u003cli\u003eInstaller improvements\u003c/li\u003e\n\u003cli\u003eRouting daemons and other userland network improvements\u003c/li\u003e\n\u003cli\u003eSecurity improvements\u003c/li\u003e\n\u003cli\u003edhclient(8)/ dhcpd(8)/ dhcrelay(8) improvements\u003c/li\u003e\n\u003cli\u003eAssorted improvements\u003c/li\u003e\n\u003cli\u003eOpenSMTPD 6.0.0\u003c/li\u003e\n\u003cli\u003eOpenSSH 7.4\u003c/li\u003e\n\u003cli\u003eLibreSSL 2.5.3\u003c/li\u003e\n\u003cli\u003emandoc 1.14.1\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://vegardno.blogspot.ca/2017/03/fuzzing-openssh-daemon-using-afl.html\" rel=\"nofollow\"\u003eFuzz Testing OpenSSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVegard Nossum writes a blog post explaining how to fuzz OpenSSH using AFL\u003c/li\u003e\n\u003cli\u003eIt starts by compiling AFL and SSH with LLVM to get extra instrumentation to make the fuzzing process better, and faster\u003c/li\u003e\n\u003cli\u003eSandboxing, PIE, and other features are disabled to increase debuggability, and to try to make breaking SSH easier\u003c/li\u003e\n\u003cli\u003ePrivsep is also disabled, because when AFL does make SSH crash, the child process crashing causes the parent process to exit normally, and AFL then doesn’t realize that a crash has happened. A one-line patch disables the privsep feature for the purposes of testing\u003c/li\u003e\n\u003cli\u003eA few other features are disabled to make testing easier (disabling replay attack protection allows the same inputs to be reused many times), and faster:\n\n\u003cul\u003e\n\u003cli\u003ethe local arc4random_buf() is patched to return a buffer of zeros\u003c/li\u003e\n\u003cli\u003edisabling CRC checks\u003c/li\u003e\n\u003cli\u003edisabling MAC checks\u003c/li\u003e\n\u003cli\u003edisabling encryption (allow the NULL cipher for everything)\u003c/li\u003e\n\u003cli\u003eadd a call to __AFL_INIT(), to enable “deferred forkserver mode”\u003c/li\u003e\n\u003cli\u003edisabling closefrom()\u003c/li\u003e\n\u003cli\u003e“Skipping expensive DH/curve and key derivation operations”\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThen, you can finally get around to writing some test cases\u003c/li\u003e\n\u003cli\u003eThe steps are all described in detail\u003c/li\u003e\n\u003cli\u003eIn one day of testing, the author found a few NULL dereferences that have since been fixed.\u003c/li\u003e\n\u003cli\u003eMaybe you can think of some other code paths through SSH that should be tested, or want to test another daemon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170409123528\" rel=\"nofollow\"\u003eGetting OpenBSD running on Raspberry Pi 3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIan Darwin writes in about his work deploying the arm64 platform and the Raspberry Pi 3\u003cbr\u003e\nSo I have this empty white birdhouse-like thing in the yard, open at the front. It was intended to house the wireless remote temperature sensor from a low-cost weather station, which had previously been mounted on a dark-colored wall of the house [...]. But when I put the sensor into the birdhouse, the signal is too weak for the weather station to receive it (the mounting post was put in place by a previous owner of our property, and is set deeply in concrete). So the next plan was to pop in a tiny OpenBSD computer with a uthum(4) temperature sensor and stream the temperature over WiFi.\u003cbr\u003e\nThe Raspberry Pi computers are interesting in their own way: intending to bring low-cost computing to everybody, they take shortcuts and omit things that you\u0026#39;d expect on a laptop or desktop. They aren\u0026#39;t too bright on their own: there\u0026#39;s very little smarts in the board compared to the \u0026quot;BIOS\u0026quot; and later firmwares on conventional systems. Some of the \u0026quot;smarts\u0026quot; are only available as binary files. This was part of the reason that our favorite OS never came to the Pi Party for the original rpi, and didn\u0026#39;t quite arrive for the rpi2. With the rpi3, though, there is enough availability that our devs were able to make it boot. Some limitations remain, though: if you want to build your own full release, you have to install the dedicated raspberrypi-firmware package from the ports tree. And, the boot disks have to have several extra files on them - this is set up on the install sets, but you should be careful not to mess with these extra files until you know what you\u0026#39;re doing!\u003c/p\u003e\n\n\u003cp\u003eBut wait! Before you read on, please note that, as of April 1, 2017, this platform boots up but is not yet ready for prime time:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ethere\u0026#39;s no driver for SD/MMC but that\u0026#39;s the only thing the hardware can level-0 boot from, so you need both the uSD card and a USB disk, at least while getting started;\u003c/li\u003e\n\u003cli\u003ethere is no support for the built-in WiFi (a Broadcom BCM43438 SDIO 802.11), so you have to use wired Ethernet or a USB WiFi dongle (for my project an old MSI that shows up as ural(4) seems to work fine);\u003c/li\u003e\n\u003cli\u003ethe HDMI driver isn\u0026#39;t used by the kernel (if a monitor is plugged in uBoot will display its messages there), so you need to set up cu with a 3V serial cable, at least for initial setup.\u003c/li\u003e\n\u003cli\u003ethe ports tree isn\u0026#39;t ready to cope with the base compiler being clang yet, so packages are \u0026quot;a thing of the future\u0026quot;\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBut wait - there\u0026#39;s more! The \u0026quot;USB disk\u0026quot; can be a USB thumb drive, though they\u0026#39;re generally slower than a \u0026quot;real\u0026quot; disk. My first forays used a Kingston DTSE9, the hardy little steel-cased version of the popular DataTraveler line. I was able to do the install, and boot it, once (when I captured the dmesg output shown below). After that, it failed - the boot process hung with the ever-unpopular \u0026quot;scanning usb for storage devices...\u0026quot; message. I tried the whole thing again with a second DTSE9, and with a 32GB plastic-cased DataTraveler. Same results. After considerable wasted time, I found a post on RPI\u0026#39;s own site which dates back to the early days of the PI 3, in which they admit that they took shortcuts in developing the firmware, and it just can\u0026#39;t be made to work with the Kingston DataTraveler! Not having any of the \u0026quot;approved\u0026quot; devices, and not living around the corner from a computer store, I switched to a Sabrent USB dock with a 320GB Western Digital disk, and it\u0026#39;s been rock solid. Too big and energy-hungry for the final project, but enough to show that the rpi3 can be solid with the right (solid-state) disk. And fast enough to build a few simple ports - though a lot will not build yet. I then found and installed OpenBSD onto a “PNY” brand thumb drive and found it solid - in fact I populated it by dd’ing from one of the DataTraveller drives, so they’re not at fault.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the full article for detailed setup instructions\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.read.seas.harvard.edu/%7Ekohler/class/aosref/ritchie84evolution.pdf\" rel=\"nofollow\"\u003eDennis M. Ritchie’s Paper: The Evolution of the Unix Time Sharing System\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the abstract:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis paper presents a brief history of the early development of the Unix operating system. It concentrates on the evolution of the file system, the process-control mechanism, and the idea of pipelined commands. Some attention is paid to social conditions during the development of the system. \u003cbr\u003e\nDuring the past few years, the Unix operating system has come into wide use, so wide that its very name has become a trademark of Bell Laboratories. Its important characteristics have become known to many people. It has suffered much rewriting and tinkering since the first publication describing it in 1974 [1], but few fundamental changes. However, Unix was born in 1969 not 1974, and the account of its development makes a little-known and perhaps instructive story. This paper presents a technical and social history of the evolution of the system. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHigh level document structure:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOrigins\u003cbr\u003e\nThe PDP-7 Unix file system \u003cbr\u003e\nProcess control\u003cbr\u003e\nIO Redirection\u003cbr\u003e\nThe advent of the PDP-11\u003cbr\u003e\nThe first PDP-11 system\u003cbr\u003e\nPipes\u003cbr\u003e\nHigh-level languages\u003cbr\u003e\nConclusion\u003c/p\u003e\n\n\u003cp\u003eOne of the comforting things about old memories is their tendency to take on a rosy glow. The programming environment provided by the early versions of Unix seems, when described here, to be extremely harsh and primitive. I am sure that if forced back to the PDP-7 I would find it intolerably limiting and lacking in conveniences. Nevertheless, it did not seem so at the time; the memory fixes on what was good and what lasted, and on the joy of helping to create the improvements that made life better. In ten years, I hope we can look back with the same mixed impression of progress combined with continuity. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eInterview - Kris Moore - \u003ca href=\"mailto:kris@trueos.org\" rel=\"nofollow\"\u003ekris@trueos.org\u003c/a\u003e | \u003ca href=\"https://twitter.com/pcbsdkris\" rel=\"nofollow\"\u003e@pcbsdkris\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDirector of Engineering at iXSystems\u003c/li\u003e\n\u003cli\u003eFreeNAS \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=316894\" rel=\"nofollow\"\u003eCompressed zfs send / receive now in FreeBSD’s vendor area\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAndriy Gapon committed a whole lot of ZFS updates to FreeBSD’s vendor area\u003c/li\u003e\n\u003cli\u003eThis feature takes advantage of the new compressed ARC feature, which means blocks that are compressed on disk, remain compressed in ZFS’ RAM cache, to use the compressed blocks when using ZFS replication.\u003c/li\u003e\n\u003cli\u003ePreviously, blocks were uncompressed, sent (usually over the network), then recompressed on the other side.\u003c/li\u003e\n\u003cli\u003eThis is rather wasteful, and can make the process slower, not just because of the CPU time wasted decompressing/recompressing the data, but because it means more data has to be sent over the network.\u003c/li\u003e\n\u003cli\u003eThis caused many users to end up doing: zfs send | xz -T0 | ssh unxz | zfs recv, or similar, to compress the data before sending it over the network.\u003c/li\u003e\n\u003cli\u003eWith this new feature, zfs send with the new -c flag, will transmit the already compressed blocks instead.\u003c/li\u003e\n\u003cli\u003eThis change also adds longopts versions of all of the zfs send flags, making them easier to understand when written in shell scripts.\u003c/li\u003e\n\u003cli\u003eA lot of fixes, man page updates, etc. from upstream OpenZFS \u003c/li\u003e\n\u003cli\u003eThanks to everyone who worked on these fixes and features!\u003c/li\u003e\n\u003cli\u003eWe’ll announce when these have been committed to head for testing\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mysteriouscode.io/blog/granting-privileges-using-mac-framework/\" rel=\"nofollow\"\u003eGranting privileges using the FreeBSD MAC framework \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe MAC (Mandatory Access Control) framework allows finer grained permissions than the standard UNIX permissions that exist in the base system\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD’s kernel provides quite sophisticated privilege model that extends the traditional UNIX user-and-group one. Here I’ll show how to leverage it to grant access to specific privileges to group of non-root users.\u003cbr\u003e\nmac(9) allows creating pluggable modules with policies that can extend existing base system security definitions. struct mac_policy_ops consist of many entry points that we can use to amend the behaviour.\u003cbr\u003e\nThis time, I wanted to grant a privilege to change realtime priority to a selected group. While Linux kernel lets you specify a named group, FreeBSD doesn’t have such ability, hence I created this very simple policy.\u003cbr\u003e\nThe privilege check can be extended using two user supplied functions: priv_check and priv_grant. The first one can be used to further restrict existing privileges, i.e. you can disallow some specific priv to be used in jails, etc. The second one is used to explicitly grant extra privileges not available for the target in base configuration.\u003cbr\u003e\nThe core of the mac_rtprio module is dead simple. I defined sysctl tree for two oids: enable (on/off switch for the policy) and gid (the GID target has to be member of), then I specified our custom version of mpo_priv_grant called rtprio_priv_grant. Body of my granting function is even simpler. If the policy is disabled or the privilege that is being checked is not PRIV_SCHED_RTPRIO, we simply skip and return EPERM. If the user is member of the designated group we return 0 that’ll allow the action – target would change realtime privileges.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother useful thing the MAC framework can be used to grant to non-root users: PortACL: The ability to bind to TCP/UDP ports less than 1024, which is usually restricted to root.\u003c/li\u003e\n\u003cli\u003eSome other uses for the MAC framework are discussed in \u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html\" rel=\"nofollow\"\u003eThe FreeBSD Handbook\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHowever, there are lots more, and we would really like to see more tutorials and documentation on using MAC to make more secure servers, but allowing the few specific things that normally require root access.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ftp.arl.army.mil/%7Emike/ping.html\" rel=\"nofollow\"\u003eThe Story of the PING Program\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is from the homepage of Mike Muuss:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYes, it\u0026#39;s true! I\u0026#39;m the author of ping for UNIX. Ping is a little thousand-line hack that I wrote in an evening which practically everyone seems to know about. :-)\u003cbr\u003e\nI named it after the sound that a sonar makes, inspired by the whole principle of cho-location. In college I\u0026#39;d done a lot of modeling of sonar and radar systems, so the \u0026quot;Cyberspace\u0026quot; analogy seemed very apt. It\u0026#39;s exactly the same paradigm applied to a new problem domain: ping uses timed IP/ICMP ECHO_REQUEST and ECHO_REPLY packets to probe the \u0026quot;distance\u0026quot; to the target machine.\u003cbr\u003e\nMy original impetus for writing PING for 4.2a BSD UNIX came from an offhand remark in July 1983 by Dr. Dave Mills while we were attending a DARPA meeting in Norway, in which he described some work that he had done on his \u0026quot;Fuzzball\u0026quot; LSI-11 systems to measure path latency using timed ICMP Echo packets.\u003cbr\u003e\nIn December of 1983 I encountered some odd behavior of the IP network at BRL. Recalling Dr. Mills\u0026#39; comments, I quickly coded up the PING program, which revolved around opening an ICMP style SOCK_RAW AF_INET Berkeley-style socket(). The code compiled just fine, but it didn\u0026#39;t work -- there was no kernel support for raw ICMP sockets! Incensed, I coded up the kernel support and had everything working well before sunrise. Not surprisingly, Chuck Kennedy (aka \u0026quot;Kermit\u0026quot;) had found and fixed the network hardware before I was able to launch my very first \u0026quot;ping\u0026quot; packet. But I\u0026#39;ve used it a few times since then. \u003cem\u003egrin\u003c/em\u003e If I\u0026#39;d known then that it would be my most famous accomplishment in life, I might have worked on it another day or two and added some more options.\u003cbr\u003e\nThe folks at Berkeley eagerly took back my kernel modifications and the PING source code, and it\u0026#39;s been a standard part of Berkeley UNIX ever since. Since it\u0026#39;s free, it has been ported to many systems since then, including Microsoft Windows95 and WindowsNT.\u003cbr\u003e\nIn 1993, ten years after I wrote PING, the USENIX association presented me with a handsome scroll, pronouncing me a Joint recipient of The USENIX Association 1993 Lifetime Achievement Award presented to the Computer Systems Research Group, University of California at Berkeley 1979-1993. ``Presented to honor profound intellectual achievement and unparalleled service to our Community. At the behest of CSRG principals we hereby recognize the following individuals and organizations as CSRG participants, contributors and supporters.\u0026#39;\u0026#39; Wow!\u003cbr\u003e\nThe best ping story I\u0026#39;ve ever heard was told to me at a USENIX conference, where a network administrator with an intermittent Ethernet had linked the ping program to his vocoder program, in essence writing:\u003cbr\u003e\nping goodhost | sed -e \u0026#39;s/.*/ping/\u0026#39; | vocoder\u003cbr\u003e\nHe wired the vocoder\u0026#39;s output into his office stereo and turned up the volume as loud as he could stand. The computer sat there shouting \u0026quot;Ping, ping, ping...\u0026quot; once a second, and he wandered through the building wiggling Ethernet connectors until the sound stopped. And that\u0026#39;s how he found the intermittent failure.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://glasz.org/sheeplog/2017/02/freebsd-usrlocalliblibpkgso3-undefined-symbol-utimensat.html\" rel=\"nofollow\"\u003eFreeBSD: /usr/local/lib/libpkg.so.3: Undefined symbol \u0026quot;utimensat\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe internet will tell you that, of course, 10.2 is EOL, that packages are being built for 10.3 by now and to better upgrade to the latest version of FreeBSD. While all of this is true and running the latest versions is generally good advise, in most cases it is unfeasible to do an entire OS upgrade just to be able to install a package.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePoints out the ABI variable being used in /usr/local/etc/pkg/repos/FreeBSD.conf\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow, if you have 10.2 installed and 10.3 is the current latest FreeBSD version, this url will point to packages built for 10.3 resulting in the problem that, when running pkg upgrade pkg it’ll go ahead and install the latest version of pkg build for 10.3 onto your 10.2 system. Yikes! FreeBSD 10.3 and pkgng broke the ABI by introducing new symbols, like utimensat.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe solution:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHave a look at the actual repo url \u003ca href=\"http://pkg.FreeBSD.org/FreeBSD:10:amd64%C2%85\" rel=\"nofollow\"\u003ehttp://pkg.FreeBSD.org/FreeBSD:10:amd64…\u003c/a\u003e there’s repo’s for each release! Instead of going through the tedious process of upgrading FreeBSD you just need to Use a repo url that fits your FreeBSD release:\u003c/p\u003e\n\n\u003cp\u003eUpdate the package cache: pkg update\u003cbr\u003e\nDowngrade pkgng (in case you accidentally upgraded it already): pkg delete -f pkg\u003cbr\u003e\npkg install -y pkg\u003cbr\u003e\nInstall your package\u003cbr\u003e\nThere you go. Don’t fret. But upgrade your OS soon ;)\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://imil.net/blog/2017/01/22/collectd_NetBSD_temperature/\" rel=\"nofollow\"\u003eCPU temperature collectd report on NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.servethehome.com/booting-freebsd-11-nvme-zfs-amd-ryzen/\" rel=\"nofollow\"\u003eBooting FreeBSD 11 with NVMe and ZFS on AMD Ryzen\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://torbsd.github.io/blog.html#busy-bbb\" rel=\"nofollow\"\u003eBeagleBone Black Tor relay\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://reviews.freebsd.org/rS317094\" rel=\"nofollow\"\u003eFreeBSD - Disable in-tree GDB by default on x86, mips, and powerpc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.meetup.com/CharmBUG/events/238218742/\" rel=\"nofollow\"\u003eCharmBUG April Meetup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.snellman.net/blog/archive/2017-04-17-xxx-fixme/\" rel=\"nofollow\"\u003eThe origins of XXX as FIXME\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/2APJE4E#wrap\" rel=\"nofollow\"\u003eFelis - L2ARC\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/0BRJJ73#wrap\" rel=\"nofollow\"\u003eGabe - FreeBSD Server Install\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/05EYNJ4#wrap\" rel=\"nofollow\"\u003eFEMP Script\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/1CV323G#wrap\" rel=\"nofollow\"\u003eScott - FreeNAS \u0026amp; LAGG\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dpaste.com/3486VQZ#wrap\" rel=\"nofollow\"\u003eMarko - Backups\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, we look forward with the latest OpenBSD release, look back with Dennis Ritchie’s paper on the evolution of Unix Time Sharing, have an Interview with Kris","date_published":"2017-04-19T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/919a0bc5-1fd4-4195-bb5d-5f587826c25e.mp3","mime_type":"audio/mpeg","size_in_bytes":94312372,"duration_in_seconds":7859}]},{"id":"f479797b-02a4-4e79-b3f3-d11d954d578a","title":"189: Codified Summer","url":"https://www.bsdnow.tv/189","content_text":"This week on the show we interview Wendell from Level1Techs, cover Google Summer of Code on the different BSD projects, cover YubiKey usage, dive into how NICs work \u0026amp;\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nGoogle summer of code for BSDs\n\n\nFreeBSD\nFreeBSD's existing list of GSoC Ideas for potential students \n\n\nFreeBSD/Xen: import the grant-table bus_dma(9) handlers from OpenBSD\nAdd support for usbdump file-format to wireshark and vusb-analyzer\nWrite a new boot environment manager\nBasic smoke test of all base utilities\nPort OpenBSD's pf testing framework and tests\nUserspace Address Space Annotation\nzstandard integration in libstand\nReplace mergesort implementation\nTest Kload (kexec for FreeBSD)\nKernel fuzzing suite\nIntegrate MFSBSD into the release building tools\nNVMe controller emulation for bhyve\nVerification of bhyve's instruction emulation\nVGA emulation improvements for bhyve\naudit framework test suite\nAdd more FreeBSD testing to Xen osstest\nLua in bootloader\nPOSIX compliance testing framework\ncoreclr: add Microsoft's coreclr and corefx to the Ports tree.\n\nNetBSD\n\n\nKernel-level projects\nMedium\nISDN NT support and Asterisk integration \nLED/LCD Generic API \nNetBSD/azure -- Bringing NetBSD to Microsoft Azure \nOpenCrypto swcrypto(4) enhancements \nScalable entropy gathering \nUserland PCI drivers \nHard\nReal asynchronous I/O \nParallelize page queues \nTickless NetBSD with high-resolution timers \n Userland projects\nEasy\nInetd enhancements -- Add new features to inetd \nCurses library automated testing \nMedium\nMake Anita support additional virtual machine systems \nCreate an SQL backend and statistics/query page for ATF test results \nLight weight precision user level time reading \nQuery optimizer for find(1) \nPort launchd \nSecure-PLT - supporting RELRO binaries \nSysinst alternative interface \nHard\nVerification tool for NetBSD32 \npkgsrc projects\nEasy\nVersion control config files \nSpawn support in pkgsrc tools \nAuthentication server meta-package \nMedium\npkgin improvements \nUnify standard installation tasks \nHard\nAdd dependency information to binary packages \nTool to find dependencies precisely \n\nLLVM\n\n\nFuzzing the Bitcode reader \n\n\n\n\nDescription of the project: The optimizer is 25-30% slower when debug info are enabled, it'd be nice to track all the places where we don't do a good job about ignoring them!\n\n\n\nExtend clang AST to provide information for the type as written in template instantiations.\n\n\n\nDescription of the project: When instantiating a template, the template arguments are canonicalized before being substituted into the template pattern. Clang does not preserve type sugar when subsequently accessing members of the instantiation. Clang should \"re-sugar\" the type when performing member access on a class template specialization, based on the type sugar of the accessed specialization. \n\n\n\nShell auto-completion support for clang.\n\n\n\nBash and other shells support typing a partial command and then automatically completing it for the user (or at least providing suggestions how to complete) when pressing the tab key. This is usually only supported for popular programs such as package managers (e.g. pressing tab after typing \"apt-get install late\" queries the APT package database and lists all packages that start with \"late\"). As of now clang's frontend isn't supported by any common shell. \n\n\n\nClang-based C/C++ diff tool.\n\n\n\nDescription of the project: Every developer has to interact with diff tools daily. The algorithms are usually based on detecting \"longest common subsequences\", which is agnostic to the file type content. A tool that would understand the structure of the code may provide a better diff experience by being robust against, for example, clang-format changes.\n\n\n\nFind dereference of pointers.\n\n\n\nDescription of the project: Find dereference of pointer before checking for nullptr.\n\n\n\nWarn if virtual calls are made from constructors or destructors.\n\n\n\nDescription of the project: Implement a path-sensitive checker that warns if virtual calls are made from constructors and destructors, which is not valid in case of pure virtual calls and could be a sign of user error in non-pure calls. \n\n\n\nImprove Code Layout\n\n\n\nDescription of the project: The goal for the project is trying to improve the layout/performances of the generated executable. The primary object format considered for the project is ELF but this can be extended to other object formats. The project will touch both LLVM and lld.\n\n\n\nWhy Isn’t OpenBSD in Google Summer of Code 2017?\nHacker News Discussion Thread\n\n\n\n\nTurtles on the Wire: Understanding How the OS Uses the Modern NIC\n\n\nThe Simple NIC\nMAC Address Filters and Promiscuous Mode\nProblem: The Single Busy CPU\nA Swing and a Miss\nNine Rings for Packets Doomed to be Hashed\nProblem: Density, Density, Density\nA Brief Aside: The Virtual NIC\nAlways Promiscuous?\nThe Classification Challenge\nProblem: CPUs are too ‘slow’\nProblem: The Interrupts are Coming in too Hot\nSolution One: Do Less Work\nSolution Two: Turn Off Interrupts\nRecapping\nFuture Directions and More Reading\n\n\n\n\nMake Dragonfly BSD great again!\n\n\nRecently I spent some time reading Dragonfly BSD code. While doing so I spotted a vulnerability in the sysvsem subsystem that let user to point to any piece of memory and write data through it (including the kernel space). This can be turned into execution of arbitrary code in the kernel context and by exploiting this, we're gonna make Dragonfly BSD great again!\n\nDragonfly BSD is a BSD system which originally comes from the FreeBSD project. In 2003 Matthew Dillon forked code from the 4.x branch of the FreeBSD and started a new flavour.\nI thought of Dragonfly BSD as just another fork, but during EuroBSDCon 2015 I accidentally saw the talk about graphical stack in the Dragonfly BSD. I confused rooms, but it was too late to escape as I was sitting in the middle of a row, and the exit seemed light years away from me. :-) Anyway, this talk was a sign to me that it's not just a niche of a niche of a niche of a niche operating system. I recommend spending a few minutes of your precious time to check out the HAMMER file system, Dragonfly's approach to MP, process snapshots and other cool features that it offers. Wikipedia article is a good starter\n\n\n\nWith the exploit, they are able to change the name of the operating system back to FreeBSD, and escalate from an unprivileged user to root.\n\n\n\nThe Bug itself is located in the semctl(2) system call implementation. bcopy(3) in line 385 copies semid_ds structure to memory pointed by arg-\u0026gt;buf, this pointer is fully controlled by the user, as it's one of the syscall's arguments. So the bad thing here is that we can copy things to arbitrary address, but we have not idea what we copy yet. This code was introduced by wrongly merging code from the FreeBSD project, bah, bug happens.\n\n\n\nUsing this access, the example code shows how to overwrite the function pointers in the kernel used for the open() syscall, and how to overwrite the ostype global, changing the name of the operating system.\nIn the second example, the reference to the credentials of the user trying to open a file are used to overwrite that data, making the user root.\n\n\n\nThe bug was fixed in uber fast manner (within few hours!) by Matthew Dillon, version 4.6.1 released shortly after that seems to be safe. In case you care, you know what to do!\n\n\n\nThanks to Mateusz Kocielski for the detailed post, and finding the bug\n***\n\n\nInterview - Wendell - wendell@level1techs.com / @tekwendell\n\n\nHost of Level1Techs website, podcast and YouTube channel\n\n\n\n\nNews Roundup\n\nUsing yubikeys everywhere\n\n\nTed Unangst is back, with an interesting post about YUBI Keys\n\n\n\nEverybody is getting real excited about yubikeys recently, so I figured I should get excited, too. I have so far resisted two factor authorizing everything, but this seemed like another fun experiment. There’s a lot written about yubikeys and how you should use one, but nothing I’ve read answered a few of the specific questions I had\nTo begin with, I ordered two yubikeys. One regular sized 4 and one nano. I wanted to play with different form factors to see which is better for various uses, and I wanted to test having a key and a backup key. Everybody always talks about having one yubikey. And then if you lose it, terrible things happen. Can this problem be alleviated with two keys? I’m also very curious what happens when I try to login to a service with my phone after enabling U2F.\nWe’ve got three computers (and operating systems) in the mix, along with a number of (mostly web) services. Wherever possible, I want to use a yubikey both to login to the computer and to authorize myself to remote services.\nI started my adventure on my chromebook. Ultimate goal would be to use the yubikey for local logins. Either as a second factor, or as an alternative factor. First things first and we need to get the yubikey into the account I use to sign into the chromebook. Alas, there is apparently no way to enroll only a security key for a Google account. Every time I tried, it would ask me for my phone number. That is not what I want. Zero stars.\nGiving up on protecting the chromebook itself, at least maybe I can use it to enable U2F with some other sites. U2F is currently limited to Chrome, but it sounds like everything I want. Facebook signup using U2F was pretty easy. Go to account settings, security subheading, add the device. Tap the button when it glows. Key added. Note that it’s possible to add a key without actually enabling two factor auth, in which case you can still login with only a password, but no way to login with no password and only a USB key. Logged out to confirm it would check the key, and everything looked good, so I killed all my other active sessions. Now for the phone test. Not quite as smooth. Tried to login, the Facebook app then tells me it has sent me an SMS and to enter the code in the box. But I don’t have a phone number attached. I’m not getting an SMS code.\nMeanwhile, on my laptop, I have a new notification about a login attempt. Follow the prompts to confirm it’s me and permit the login. This doesn’t have any effect on the phone, however. I have to tap back, return to the login screen, and enter my password again. This time the login succeeds. So everything works, but there are still some rough patches in the flow. Ideally, the phone would more accurately tell me to visit the desktop site, and then automatically proceed after I approve. (The messenger app crashed after telling me my session had expired, but upon restarting it was able to borrow the Facebook app credentials and I was immediately logged back in.)\nLet’s configure Dropbox next. Dropbox won’t let you add a security key to an account until after you’ve already set up some other mobile authenticator. I already had the Duo app on my phone, so I picked that, and after a short QR scan, I’m ready to add the yubikey. So the key works to access Dropbox via Chrome. Accessing Dropbox via my phone or Firefox requires entering a six digit code. No way to use a yubikey in a three legged configuration\nI don’t use Github, but I know they support two factors, so let’s try them next. Very similar to Dropbox. In order to set up a key, I must first set up an authenticator app. This time I went with Yubico’s own desktop authenticator. Instead of scanning the QR code, type in some giant number (on my Windows laptop), and it spits out an endless series of six digit numbers, but only while the yubikey is inserted. I guess this is kind of what I want, although a three pound yubikey is kind of unwieldy.\nAs part of my experiment, I noticed that Dropbox verifies passwords before even looking at the second auth. I have a feeling that they should be checked at the same time. No sense allowing my password guessing attack to proceed while I plot how to steal someone’s yubikey. In a sense, the yubikey should serve as a salt, preventing me from mounting such an attack until I have it, thus creating a race where the victim notices the key is gone and revokes access before I learn the password. If I know the password, the instant I grab the key I get access. Along similar lines, I was able to complete a password reset without entering any kind of secondary code.\nHaving my phone turn into a second factor is a big part of what I’m looking to avoid with the yubikey. I’d like to be able to take my phone with me, logged into some sites but not all, and unable to login to the rest. All these sites that require using my phone as mobile authenticator are making that difficult. I bought the yubikey because it was cheaper than buying another phone! Using the Yubico desktop authenticator seems the best way around that.\n\n\n\nThe article also provides instructions for configuring the Yubikey on OpenBSD\n\n\n\nA few notes about OTP. As mentioned, the secret key is the real password. It’s stored on whatever laptop or server you login to. Meaning any of those machines can take the key and use it to login to any other machine. If you use the same yubikey to login to both your laptop and a remote server, your stolen laptop can trivially be used to login to the server without the key. Be mindful of that when setting up multiple machines. Also, the OTP counter isn’t synced between machines in this setup, which allows limited replay attacks.\n\n\n\nTed didn’t switch his SSH keys to the Yubikey, because it doesn’t support ED25519, and he just finished rotating all of his keys and doesn’t want to do it again.\n\n\n\nI did most of my experimenting with the larger yubikey, since it was easier to move between machines. For operations involving logging into a web site, however, I’d prefer the nano. It’s very small, even smaller than the tiniest wireless mouse transcievers I’ve seen. So small, in fact, I had trouble removing it because I couldn’t find anything small enough to fit through the tiny loop. But probably a good thing. Most other micro USB gadgets stick out just enough to snag when pushing a laptop into a bag. Not the nano. You lose a port, but there’s really no reason to ever take it out. Just leave it in, and then tap it whenever you login to the tubes. It would not be a good choice for authenticating to the local machine, however. The larger device, sized to fit on a keychain, is much better for that. \nIt is possible to use two keys as backups. Facebook and Dropbox allow adding two U2F keys. This is perhaps a little tiresome if there’s lots of sites, as I see no way to clone a key. You have to login to every service. For challenge response and OTP, however, the personalization tool makes it easy to generate lots of yubikeys with the same secrets. On the other hand, a single device supports an infinite number of U2F sites. The programmable interfaces like OTP are limited to only two slots, and the first is already used by the factory OTP setup.\n\n\n\n\nWhat happened to my vlan\n\n\nA long term goal of the effort I'm driving to unlock OpenBSD's Network Stack is obviously to increase performances. So I'd understand that you find confusing when some of our changes introduce performance regressions.\nIt is just really hard to do incremental changes without introducing temporary regressions. But as much as security is a process, improving performance is also a process. Recently markus@ told me that vlan(4) performances dropped in last releases. He had some ideas why but he couldn't provide evidences. So what really happened?\nHrvoje Popovski was kind enough to help me with some tests. He first confirmed that on his Xeon box (E5-2643 v2 @ 3.50GHz), forwarding performances without pf(4) dropped from 1.42Mpps to 880Kpps when using vlan(4) on both interfaces.\nTogether vlan_input() and vlan_start() represent 25% of the time CPU1 spends processing packets. This is not exactly between 33% and 50% but it is close enough. The assumption we made earlier is certainly too simple. If we compare the amount of work done in process context, represented by if_input_process() we clearly see that half of the CPU time is not spent in ether_input().\nI'm not sure how this is related to the measured performance drop. It is actually hard to tell since packets are currently being processed in 3 different contexts. One of the arguments mikeb@ raised when we discussed moving everything in a single context, is that it is simpler to analyse and hopefully make it scale.\nWith some measurements, a couple of nice pictures, a bit of analysis and some educated guesses we are now in measure of saying that the performances impact observed with vlan(4) is certainly due to the pseudo-driver itself. A decrease of 30% to 50% is not what I would expect from such pseudo-driver.\nI originally heard that the reason for this regression was the use of SRP but by looking at the profiling data it seems to me that the queuing API is the problem. In the graph above the CPU time spent in if_input() and if_enqueue() from vlan(4) is impressive. Remember, in the case of vlan(4) these operations are done per packet!\nWhen if_input() has been introduced the queuing API did not exist and putting/taking a single packet on/from an interface queue was cheap. Now it requires a mutex per operation, which in the case of packets received and sent on vlan(4) means grabbing three mutexes per packets.\nI still can't say if my analysis is correct or not, but at least it could explain the decrease observed by Hrvoje when testing multiple vlan(4) configurations. vlan_input() takes one mutex per packet, so it decreases the number of forwarded packets by ~100Kpps on this machine, while vlan_start() taking two mutexes decreases it by ~200Kpps.\n\n\n\nAn interesting analysis of the routing performance regression on OpenBSD\nI have asked Olivier Cochard-Labbe about doing a similar comparison of routing performance on FreeBSD when a vlan pseudo interface is added to the forwarding path\n***\n\n\nNetBSD: the first BSD introducing a modern process plugin framework in LLDB\n\n\nClean up in ptrace(2) ATF tests\n\n\n\nWe have created some maintanance burden for the current ptrace(2) regression tests. The main issues with them is code duplication and the splitting between generic (Machine Independent) and port-specific (Machine Dependent) test files. I've eliminated some of the ballast and merged tests into the appropriate directory tests/lib/libc/sys/. The old location (tests/kernel) was a violation of the tests/README recommendation\n\n\n\nPTRACE_FORK on !x86 ports\n\n\n\nAlong with the motivation from Martin Husemann we have investigated the issue with PTRACE_FORK ATF regression tests. It was discovered that these tests aren't functional on evbarm, alpha, shark, sparc and sparc64 and likely on other non-x86 ports. We have discovered that there is a missing SIGTRAP emitted from the child, during the fork(2) handshake. The proper order of operations is as follows:\n\n\nparent emits SIGTRAP with si_code=TRAP_CHLD and pe_set_event=pid of forkee\nchild emits SIGTRAP with si_code=TRAP_CHLD and pe_set_event=pid of forker\n\n\nOnly the x86 ports were emitting the second SIGTRAP signal.\n\n\n\nPT_SYSCALL and PT_SYSCALLEMU\n\n\n\nWith the addition of PT_SYSCALLEMU we can implement a virtual kernel syscall monitor. It means that we can fake syscalls within a debugger. In order to achieve this feature, we need to use the PT_SYSCALL operation, catch SIGTRAP with si_code=TRAP_SCE (syscall entry), call PT_SYSCALLEMU and perform an emulated userspace syscall that would have been done by the kernel, followed by calling another PT_SYSCALL with si_code=TRAP_SCX.\n\n\n\nWhat has been done in LLDB\n\n\n\nA lot of work has been done with the goal to get breakpoints functional. This target penetrated bugs in the existing local patches and unveiled missing features required to be added. My initial test was tracing a dummy hello-world application in C. I have sniffed the GDB Remote Protocol packets and compared them between Linux and NetBSD. This helped to streamline both versions and bring the NetBSD support to the required Linux level.\n\n\n\nPlan for the next milestone\n\n\n\nI've listed the following goals for the next milestone.\n\n\n\nwatchpoints support\nfloating point registers support\nenhance core(5) and make it work for multiple threads\nintroduce PT_SETSTEP and PT_CLEARSTEP in ptrace(2)\nsupport threads in the NetBSD Process Plugin\nresearch F_GETPATH in fcntl(2)\nBeyond the next milestone is x86 32-bit support.\n\n\nLibreSSL 2.5.2 released\n\n\nAdded the recallocarray(3) memory allocation function, and converted various places in the library to use it, such as CBB and BUF_MEM_grow. recallocarray(3) is similar to reallocarray. Newly allocated memory is cleared similar to calloc(3). Memory that becomes unallocated while shrinking or moving existing allocations is explicitly discarded by unmapping or clearing to 0.\nAdded new root CAs from SECOM Trust Systems / Security Communication of Japan.\nAdded EVP interface for MD5+SHA1 hashes.\nFixed DTLS client failures when the server sends a certificate request.\nCorrect handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection.\nAllow protocols and ciphers to be set on a TLS config object in libtls.\nImproved nc(1) TLS handshake CPU usage and server-side error reporting.\n\n\nBeastie Bits\n\n\nHardenedBSD Stable v46.16 released\nKnoxBUG looking for OpenBSD people in Knoxville TN area\nKnoxBUG Tuesday, April 18, 2017 - 6:00pm : Caleb Cooper: Advanced BASH Scripting](http://knoxbug.org/2017-04-18)\ne2k17 Nano hackathon report from Bob Beck\nNoah Chelliah, Host of the Linux Action Show calls Linux a ‘Bad Science Project’ and ditches Linux for TrueOS](https://youtu.be/yXB85_olYhQ?t=3238)\n***\n\n\nFeedback/Questions\n\n\nJames - ZFS Mounting\nKevin - Virtualization\nBen - Jails\nFlorian - ZFS and Migrating Linux userlands\nq5sys - question for the community\n\n\n","content_html":"\u003cp\u003eThis week on the show we interview Wendell from Level1Techs, cover Google Summer of Code on the different BSD projects, cover YubiKey usage, dive into how NICs work \u0026amp;\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eGoogle summer of code for BSDs\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsd.org/projects/summerofcode.html\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://wiki.freebsd.org/SummerOfCodeIdeas\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s existing list of GSoC Ideas for potential students\u003c/a\u003e \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD/Xen: import the grant-table bus_dma(9) handlers from OpenBSD\u003c/li\u003e\n\u003cli\u003eAdd support for usbdump file-format to wireshark and vusb-analyzer\u003c/li\u003e\n\u003cli\u003eWrite a new boot environment manager\u003c/li\u003e\n\u003cli\u003eBasic smoke test of all base utilities\u003c/li\u003e\n\u003cli\u003ePort OpenBSD\u0026#39;s pf testing framework and tests\u003c/li\u003e\n\u003cli\u003eUserspace Address Space Annotation\u003c/li\u003e\n\u003cli\u003ezstandard integration in libstand\u003c/li\u003e\n\u003cli\u003eReplace mergesort implementation\u003c/li\u003e\n\u003cli\u003eTest Kload (kexec for FreeBSD)\u003c/li\u003e\n\u003cli\u003eKernel fuzzing suite\u003c/li\u003e\n\u003cli\u003eIntegrate MFSBSD into the release building tools\u003c/li\u003e\n\u003cli\u003eNVMe controller emulation for bhyve\u003c/li\u003e\n\u003cli\u003eVerification of bhyve\u0026#39;s instruction emulation\u003c/li\u003e\n\u003cli\u003eVGA emulation improvements for bhyve\u003c/li\u003e\n\u003cli\u003eaudit framework test suite\u003c/li\u003e\n\u003cli\u003eAdd more FreeBSD testing to Xen osstest\u003c/li\u003e\n\u003cli\u003eLua in bootloader\u003c/li\u003e\n\u003cli\u003ePOSIX compliance testing framework\u003c/li\u003e\n\u003cli\u003ecoreclr: add Microsoft\u0026#39;s coreclr and corefx to the Ports tree.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://wiki.netbsd.org/projects/gsoc/\" rel=\"nofollow\"\u003eNetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eKernel-level projects\u003c/li\u003e\n\u003cli\u003eMedium\u003c/li\u003e\n\u003cli\u003eISDN NT support and Asterisk integration \u003c/li\u003e\n\u003cli\u003eLED/LCD Generic API \u003c/li\u003e\n\u003cli\u003eNetBSD/azure -- Bringing NetBSD to Microsoft Azure \u003c/li\u003e\n\u003cli\u003eOpenCrypto swcrypto(4) enhancements \u003c/li\u003e\n\u003cli\u003eScalable entropy gathering \u003c/li\u003e\n\u003cli\u003eUserland PCI drivers \u003c/li\u003e\n\u003cli\u003eHard\u003c/li\u003e\n\u003cli\u003eReal asynchronous I/O \u003c/li\u003e\n\u003cli\u003eParallelize page queues \u003c/li\u003e\n\u003cli\u003eTickless NetBSD with high-resolution timers \u003c/li\u003e\n\u003cli\u003e Userland projects\u003c/li\u003e\n\u003cli\u003eEasy\u003c/li\u003e\n\u003cli\u003eInetd enhancements -- Add new features to inetd \u003c/li\u003e\n\u003cli\u003eCurses library automated testing \u003c/li\u003e\n\u003cli\u003eMedium\u003c/li\u003e\n\u003cli\u003eMake Anita support additional virtual machine systems \u003c/li\u003e\n\u003cli\u003eCreate an SQL backend and statistics/query page for ATF test results \u003c/li\u003e\n\u003cli\u003eLight weight precision user level time reading \u003c/li\u003e\n\u003cli\u003eQuery optimizer for find(1) \u003c/li\u003e\n\u003cli\u003ePort launchd \u003c/li\u003e\n\u003cli\u003eSecure-PLT - supporting RELRO binaries \u003c/li\u003e\n\u003cli\u003eSysinst alternative interface \u003c/li\u003e\n\u003cli\u003eHard\u003c/li\u003e\n\u003cli\u003eVerification tool for NetBSD32 \u003c/li\u003e\n\u003cli\u003epkgsrc projects\u003c/li\u003e\n\u003cli\u003eEasy\u003c/li\u003e\n\u003cli\u003eVersion control config files \u003c/li\u003e\n\u003cli\u003eSpawn support in pkgsrc tools \u003c/li\u003e\n\u003cli\u003eAuthentication server meta-package \u003c/li\u003e\n\u003cli\u003eMedium\u003c/li\u003e\n\u003cli\u003epkgin improvements \u003c/li\u003e\n\u003cli\u003eUnify standard installation tasks \u003c/li\u003e\n\u003cli\u003eHard\u003c/li\u003e\n\u003cli\u003eAdd dependency information to binary packages \u003c/li\u003e\n\u003cli\u003eTool to find dependencies precisely \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://llvm.org/OpenProjects.html#gsoc17\" rel=\"nofollow\"\u003eLLVM\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFuzzing the Bitcode reader \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDescription of the project: The optimizer is 25-30% slower when debug info are enabled, it\u0026#39;d be nice to track all the places where we don\u0026#39;t do a good job about ignoring them!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eExtend clang AST to provide information for the type as written in template instantiations.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDescription of the project: When instantiating a template, the template arguments are canonicalized before being substituted into the template pattern. Clang does not preserve type sugar when subsequently accessing members of the instantiation. Clang should \u0026quot;re-sugar\u0026quot; the type when performing member access on a class template specialization, based on the type sugar of the accessed specialization. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eShell auto-completion support for clang.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBash and other shells support typing a partial command and then automatically completing it for the user (or at least providing suggestions how to complete) when pressing the tab key. This is usually only supported for popular programs such as package managers (e.g. pressing tab after typing \u0026quot;apt-get install late\u0026quot; queries the APT package database and lists all packages that start with \u0026quot;late\u0026quot;). As of now clang\u0026#39;s frontend isn\u0026#39;t supported by any common shell. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eClang-based C/C++ diff tool.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDescription of the project: Every developer has to interact with diff tools daily. The algorithms are usually based on detecting \u0026quot;longest common subsequences\u0026quot;, which is agnostic to the file type content. A tool that would understand the structure of the code may provide a better diff experience by being robust against, for example, clang-format changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFind dereference of pointers.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDescription of the project: Find dereference of pointer before checking for nullptr.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWarn if virtual calls are made from constructors or destructors.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDescription of the project: Implement a path-sensitive checker that warns if virtual calls are made from constructors and destructors, which is not valid in case of pure virtual calls and could be a sign of user error in non-pure calls. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eImprove Code Layout\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDescription of the project: The goal for the project is trying to improve the layout/performances of the generated executable. The primary object format considered for the project is ELF but this can be extended to other object formats. The project will touch both LLVM and lld.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=149119308705465\u0026w=2\" rel=\"nofollow\"\u003eWhy Isn’t OpenBSD in Google Summer of Code 2017?\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://news.ycombinator.com/item?id=14020814\" rel=\"nofollow\"\u003eHacker News Discussion Thread\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://dtrace.org/blogs/rm/2016/09/15/turtles-on-the-wire-understanding-how-the-os-uses-the-modern-nic/\" rel=\"nofollow\"\u003eTurtles on the Wire: Understanding How the OS Uses the Modern NIC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Simple NIC\u003c/li\u003e\n\u003cli\u003eMAC Address Filters and Promiscuous Mode\u003c/li\u003e\n\u003cli\u003eProblem: The Single Busy CPU\u003c/li\u003e\n\u003cli\u003eA Swing and a Miss\u003c/li\u003e\n\u003cli\u003eNine Rings for Packets Doomed to be Hashed\u003c/li\u003e\n\u003cli\u003eProblem: Density, Density, Density\u003c/li\u003e\n\u003cli\u003eA Brief Aside: The Virtual NIC\u003c/li\u003e\n\u003cli\u003eAlways Promiscuous?\u003c/li\u003e\n\u003cli\u003eThe Classification Challenge\u003c/li\u003e\n\u003cli\u003eProblem: CPUs are too ‘slow’\u003c/li\u003e\n\u003cli\u003eProblem: The Interrupts are Coming in too Hot\u003c/li\u003e\n\u003cli\u003eSolution One: Do Less Work\u003c/li\u003e\n\u003cli\u003eSolution Two: Turn Off Interrupts\u003c/li\u003e\n\u003cli\u003eRecapping\u003c/li\u003e\n\u003cli\u003eFuture Directions and More Reading\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://akat1.pl/?id=3\" rel=\"nofollow\"\u003eMake Dragonfly BSD great again!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently I spent some time reading Dragonfly BSD code. While doing so I spotted a vulnerability in the sysvsem subsystem that let user to point to any piece of memory and write data through it (including the kernel space). This can be turned into execution of arbitrary code in the kernel context and by exploiting this, we\u0026#39;re gonna make Dragonfly BSD great again!\u003c/p\u003e\n\n\u003cp\u003eDragonfly BSD is a BSD system which originally comes from the FreeBSD project. In 2003 Matthew Dillon forked code from the 4.x branch of the FreeBSD and started a new flavour.\u003cbr\u003e\nI thought of Dragonfly BSD as just another fork, but during EuroBSDCon 2015 I accidentally saw the talk about graphical stack in the Dragonfly BSD. I confused rooms, but it was too late to escape as I was sitting in the middle of a row, and the exit seemed light years away from me. :-) Anyway, this talk was a sign to me that it\u0026#39;s not just a niche of a niche of a niche of a niche operating system. I recommend spending a few minutes of your precious time to check out the HAMMER file system, Dragonfly\u0026#39;s approach to MP, process snapshots and other cool features that it offers. Wikipedia article is a good starter\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith the exploit, they are able to change the name of the operating system back to FreeBSD, and escalate from an unprivileged user to root.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Bug itself is located in the semctl(2) system call implementation. bcopy(3) in line 385 copies semid_ds structure to memory pointed by arg-\u0026gt;buf, this pointer is fully controlled by the user, as it\u0026#39;s one of the syscall\u0026#39;s arguments. So the bad thing here is that we can copy things to arbitrary address, but we have not idea what we copy yet. This code was introduced by wrongly merging code from the FreeBSD project, \u003cem\u003ebah\u003c/em\u003e, bug happens.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsing this access, the example code shows how to overwrite the function pointers in the kernel used for the open() syscall, and how to overwrite the ostype global, changing the name of the operating system.\u003c/li\u003e\n\u003cli\u003eIn the second example, the reference to the credentials of the user trying to open a file are used to overwrite that data, making the user root.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe bug was fixed in uber fast manner (within few hours!) by Matthew Dillon, version 4.6.1 released shortly after that seems to be safe. In case you care, you know what to do!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThanks to Mateusz Kocielski for the detailed post, and finding the bug\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Wendell - \u003ca href=\"mailto:wendell@level1techs.com\" rel=\"nofollow\"\u003ewendell@level1techs.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/tekwendell\" rel=\"nofollow\"\u003e@tekwendell\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eHost of Level1Techs website, podcast and YouTube channel\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/using-yubikeys-everywhere\" rel=\"nofollow\"\u003eUsing yubikeys everywhere\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst is back, with an interesting post about YUBI Keys\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEverybody is getting real excited about yubikeys recently, so I figured I should get excited, too. I have so far resisted two factor authorizing everything, but this seemed like another fun experiment. There’s a lot written about yubikeys and how you should use one, but nothing I’ve read answered a few of the specific questions I had\u003cbr\u003e\nTo begin with, I ordered two yubikeys. One regular sized 4 and one nano. I wanted to play with different form factors to see which is better for various uses, and I wanted to test having a key and a backup key. Everybody always talks about having one yubikey. And then if you lose it, terrible things happen. Can this problem be alleviated with two keys? I’m also very curious what happens when I try to login to a service with my phone after enabling U2F.\u003cbr\u003e\nWe’ve got three computers (and operating systems) in the mix, along with a number of (mostly web) services. Wherever possible, I want to use a yubikey both to login to the computer and to authorize myself to remote services.\u003cbr\u003e\nI started my adventure on my chromebook. Ultimate goal would be to use the yubikey for local logins. Either as a second factor, or as an alternative factor. First things first and we need to get the yubikey into the account I use to sign into the chromebook. Alas, there is apparently no way to enroll only a security key for a Google account. Every time I tried, it would ask me for my phone number. That is not what I want. Zero stars.\u003cbr\u003e\nGiving up on protecting the chromebook itself, at least maybe I can use it to enable U2F with some other sites. U2F is currently limited to Chrome, but it sounds like everything I want. Facebook signup using U2F was pretty easy. Go to account settings, security subheading, add the device. Tap the button when it glows. Key added. Note that it’s possible to add a key without actually enabling two factor auth, in which case you can still login with only a password, but no way to login with no password and only a USB key. Logged out to confirm it would check the key, and everything looked good, so I killed all my other active sessions. Now for the phone test. Not quite as smooth. Tried to login, the Facebook app then tells me it has sent me an SMS and to enter the code in the box. But I don’t have a phone number attached. I’m not getting an SMS code.\u003cbr\u003e\nMeanwhile, on my laptop, I have a new notification about a login attempt. Follow the prompts to confirm it’s me and permit the login. This doesn’t have any effect on the phone, however. I have to tap back, return to the login screen, and enter my password again. This time the login succeeds. So everything works, but there are still some rough patches in the flow. Ideally, the phone would more accurately tell me to visit the desktop site, and then automatically proceed after I approve. (The messenger app crashed after telling me my session had expired, but upon restarting it was able to borrow the Facebook app credentials and I was immediately logged back in.)\u003cbr\u003e\nLet’s configure Dropbox next. Dropbox won’t let you add a security key to an account until after you’ve already set up some other mobile authenticator. I already had the Duo app on my phone, so I picked that, and after a short QR scan, I’m ready to add the yubikey. So the key works to access Dropbox via Chrome. Accessing Dropbox via my phone or Firefox requires entering a six digit code. No way to use a yubikey in a three legged configuration\u003cbr\u003e\nI don’t use Github, but I know they support two factors, so let’s try them next. Very similar to Dropbox. In order to set up a key, I must first set up an authenticator app. This time I went with Yubico’s own desktop authenticator. Instead of scanning the QR code, type in some giant number (on my Windows laptop), and it spits out an endless series of six digit numbers, but only while the yubikey is inserted. I guess this is kind of what I want, although a three pound yubikey is kind of unwieldy.\u003cbr\u003e\nAs part of my experiment, I noticed that Dropbox verifies passwords before even looking at the second auth. I have a feeling that they should be checked at the same time. No sense allowing my password guessing attack to proceed while I plot how to steal someone’s yubikey. In a sense, the yubikey should serve as a salt, preventing me from mounting such an attack until I have it, thus creating a race where the victim notices the key is gone and revokes access before I learn the password. If I know the password, the instant I grab the key I get access. Along similar lines, I was able to complete a password reset without entering any kind of secondary code.\u003cbr\u003e\nHaving my phone turn into a second factor is a big part of what I’m looking to avoid with the yubikey. I’d like to be able to take my phone with me, logged into some sites but not all, and unable to login to the rest. All these sites that require using my phone as mobile authenticator are making that difficult. I bought the yubikey because it was cheaper than buying another phone! Using the Yubico desktop authenticator seems the best way around that.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article also provides instructions for configuring the Yubikey on OpenBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few notes about OTP. As mentioned, the secret key is the real password. It’s stored on whatever laptop or server you login to. Meaning any of those machines can take the key and use it to login to any other machine. If you use the same yubikey to login to both your laptop and a remote server, your stolen laptop can trivially be used to login to the server without the key. Be mindful of that when setting up multiple machines. Also, the OTP counter isn’t synced between machines in this setup, which allows limited replay attacks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed didn’t switch his SSH keys to the Yubikey, because it doesn’t support ED25519, and he just finished rotating all of his keys and doesn’t want to do it again.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI did most of my experimenting with the larger yubikey, since it was easier to move between machines. For operations involving logging into a web site, however, I’d prefer the nano. It’s very small, even smaller than the tiniest wireless mouse transcievers I’ve seen. So small, in fact, I had trouble removing it because I couldn’t find anything small enough to fit through the tiny loop. But probably a good thing. Most other micro USB gadgets stick out just enough to snag when pushing a laptop into a bag. Not the nano. You lose a port, but there’s really no reason to ever take it out. Just leave it in, and then tap it whenever you login to the tubes. It would not be a good choice for authenticating to the local machine, however. The larger device, sized to fit on a keychain, is much better for that. \u003cbr\u003e\nIt is possible to use two keys as backups. Facebook and Dropbox allow adding two U2F keys. This is perhaps a little tiresome if there’s lots of sites, as I see no way to clone a key. You have to login to every service. For challenge response and OTP, however, the personalization tool makes it easy to generate lots of yubikeys with the same secrets. On the other hand, a single device supports an infinite number of U2F sites. The programmable interfaces like OTP are limited to only two slots, and the first is already used by the factory OTP setup.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.grenadille.net/post/2017/02/13/What-happened-to-my-vlan\" rel=\"nofollow\"\u003eWhat happened to my vlan\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA long term goal of the effort I\u0026#39;m driving to unlock OpenBSD\u0026#39;s Network Stack is obviously to increase performances. So I\u0026#39;d understand that you find confusing when some of our changes introduce performance regressions.\u003cbr\u003e\nIt is just really hard to do incremental changes without introducing temporary regressions. But as much as security is a process, improving performance is also a process. Recently markus@ told me that vlan(4) performances dropped in last releases. He had some ideas why but he couldn\u0026#39;t provide evidences. So what really happened?\u003cbr\u003e\nHrvoje Popovski was kind enough to help me with some tests. He first confirmed that on his Xeon box (E5-2643 v2 @ 3.50GHz), forwarding performances without pf(4) dropped from 1.42Mpps to 880Kpps when using vlan(4) on both interfaces.\u003cbr\u003e\nTogether vlan_input() and vlan_start() represent 25% of the time CPU1 spends processing packets. This is not exactly between 33% and 50% but it is close enough. The assumption we made earlier is certainly too simple. If we compare the amount of work done in process context, represented by if_input_process() we clearly see that half of the CPU time is not spent in ether_input().\u003cbr\u003e\nI\u0026#39;m not sure how this is related to the measured performance drop. It is actually hard to tell since packets are currently being processed in 3 different contexts. One of the arguments mikeb@ raised when we discussed moving everything in a single context, is that it is simpler to analyse and hopefully make it scale.\u003cbr\u003e\nWith some measurements, a couple of nice pictures, a bit of analysis and some educated guesses we are now in measure of saying that the performances impact observed with vlan(4) is certainly due to the pseudo-driver itself. A decrease of 30% to 50% is not what I would expect from such pseudo-driver.\u003cbr\u003e\nI originally heard that the reason for this regression was the use of SRP but by looking at the profiling data it seems to me that the queuing API is the problem. In the graph above the CPU time spent in if_input() and if_enqueue() from vlan(4) is impressive. Remember, in the case of vlan(4) these operations are done per packet!\u003cbr\u003e\nWhen if_input() has been introduced the queuing API did not exist and putting/taking a single packet on/from an interface queue was cheap. Now it requires a mutex per operation, which in the case of packets received and sent on vlan(4) means grabbing three mutexes per packets.\u003cbr\u003e\nI still can\u0026#39;t say if my analysis is correct or not, but at least it could explain the decrease observed by Hrvoje when testing multiple vlan(4) configurations. vlan_input() takes one mutex per packet, so it decreases the number of forwarded packets by ~100Kpps on this machine, while vlan_start() taking two mutexes decreases it by ~200Kpps.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting analysis of the routing performance regression on OpenBSD\u003c/li\u003e\n\u003cli\u003eI have asked Olivier Cochard-Labbe about doing a similar comparison of routing performance on FreeBSD when a vlan pseudo interface is added to the forwarding path\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_the_first_bsd_introducing\" rel=\"nofollow\"\u003eNetBSD: the first BSD introducing a modern process plugin framework in LLDB\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eClean up in ptrace(2) ATF tests\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe have created some maintanance burden for the current ptrace(2) regression tests. The main issues with them is code duplication and the splitting between generic (Machine Independent) and port-specific (Machine Dependent) test files. I\u0026#39;ve eliminated some of the ballast and merged tests into the appropriate directory tests/lib/libc/sys/. The old location (tests/kernel) was a violation of the tests/README recommendation\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePTRACE_FORK on !x86 ports\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAlong with the motivation from Martin Husemann we have investigated the issue with PTRACE_FORK ATF regression tests. It was discovered that these tests aren\u0026#39;t functional on evbarm, alpha, shark, sparc and sparc64 and likely on other non-x86 ports. We have discovered that there is a missing SIGTRAP emitted from the child, during the fork(2) handshake. The proper order of operations is as follows:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eparent emits SIGTRAP with si_code=TRAP_CHLD and pe_set_event=pid of forkee\u003cbr\u003e\nchild emits SIGTRAP with si_code=TRAP_CHLD and pe_set_event=pid of forker\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eOnly the x86 ports were emitting the second SIGTRAP signal.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePT_SYSCALL and PT_SYSCALLEMU\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith the addition of PT_SYSCALLEMU we can implement a virtual kernel syscall monitor. It means that we can fake syscalls within a debugger. In order to achieve this feature, we need to use the PT_SYSCALL operation, catch SIGTRAP with si_code=TRAP_SCE (syscall entry), call PT_SYSCALLEMU and perform an emulated userspace syscall that would have been done by the kernel, followed by calling another PT_SYSCALL with si_code=TRAP_SCX.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat has been done in LLDB\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA lot of work has been done with the goal to get breakpoints functional. This target penetrated bugs in the existing local patches and unveiled missing features required to be added. My initial test was tracing a dummy hello-world application in C. I have sniffed the GDB Remote Protocol packets and compared them between Linux and NetBSD. This helped to streamline both versions and bring the NetBSD support to the required Linux level.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePlan for the next milestone\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI\u0026#39;ve listed the following goals for the next milestone.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ewatchpoints support\u003c/li\u003e\n\u003cli\u003efloating point registers support\u003c/li\u003e\n\u003cli\u003eenhance core(5) and make it work for multiple threads\u003c/li\u003e\n\u003cli\u003eintroduce PT_SETSTEP and PT_CLEARSTEP in ptrace(2)\u003c/li\u003e\n\u003cli\u003esupport threads in the NetBSD Process Plugin\u003c/li\u003e\n\u003cli\u003eresearch F_GETPATH in fcntl(2)\u003c/li\u003e\n\u003cli\u003eBeyond the next milestone is x86 32-bit support.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.2-relnotes.txt\" rel=\"nofollow\"\u003eLibreSSL 2.5.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdded the recallocarray(3) memory allocation function, and converted various places in the library to use it, such as CBB and BUF_MEM_grow. recallocarray(3) is similar to reallocarray. Newly allocated memory is cleared similar to calloc(3). Memory that becomes unallocated while shrinking or moving existing allocations is explicitly discarded by unmapping or clearing to 0.\u003c/li\u003e\n\u003cli\u003eAdded new root CAs from SECOM Trust Systems / Security Communication of Japan.\u003c/li\u003e\n\u003cli\u003eAdded EVP interface for MD5+SHA1 hashes.\u003c/li\u003e\n\u003cli\u003eFixed DTLS client failures when the server sends a certificate request.\u003c/li\u003e\n\u003cli\u003eCorrect handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection.\u003c/li\u003e\n\u003cli\u003eAllow protocols and ciphers to be set on a TLS config object in libtls.\u003c/li\u003e\n\u003cli\u003eImproved nc(1) TLS handshake CPU usage and server-side error reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://hardenedbsd.org/article/op/2017-03-30/stable-release-hardenedbsd-stable-11-stable-v4616\" rel=\"nofollow\"\u003eHardenedBSD Stable v46.16 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/openbsd/comments/5vggn7/knoxbug_looking_for_openbsd_people_in_knoxville/\" rel=\"nofollow\"\u003eKnoxBUG looking for OpenBSD people in Knoxville TN area\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKnoxBUG Tuesday, April 18, 2017 - 6:00pm : Caleb Cooper: Advanced BASH Scripting](\u003ca href=\"http://knoxbug.org/2017-04-18\" rel=\"nofollow\"\u003ehttp://knoxbug.org/2017-04-18\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170405110059\" rel=\"nofollow\"\u003ee2k17 Nano hackathon report from Bob Beck\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNoah Chelliah, Host of the Linux Action Show calls Linux a ‘Bad Science Project’ and ditches Linux for TrueOS](\u003ca href=\"https://youtu.be/yXB85_olYhQ?t=3238\" rel=\"nofollow\"\u003ehttps://youtu.be/yXB85_olYhQ?t=3238\u003c/a\u003e)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/1H43JGV#wrap\" rel=\"nofollow\"\u003eJames - ZFS Mounting\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/18VNAJK#wrap\" rel=\"nofollow\"\u003eKevin - Virtualization\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/0R7CRZ7#wrap\" rel=\"nofollow\"\u003eBen - Jails\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/2Z1P23T#wrap\" rel=\"nofollow\"\u003eFlorian - ZFS and Migrating Linux userlands\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dpaste.com/26M453F#wrap\" rel=\"nofollow\"\u003eq5sys - question for the community\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show we interview Wendell from Level1Techs, cover Google Summer of Code on the different BSD projects, cover YubiKey usage, dive into how NICs work \u0026","date_published":"2017-04-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f479797b-02a4-4e79-b3f3-d11d954d578a.mp3","mime_type":"audio/mpeg","size_in_bytes":92041828,"duration_in_seconds":9204}]},{"id":"3f745bc2-94ef-484d-89a0-b716571c789c","title":"188: And then the murders began","url":"https://www.bsdnow.tv/188","content_text":"Today on BSD Now, the latest Dragonfly BSD release, RaidZ performance, another OpenSSL Vulnerability, and more; all this week on BSD Now.\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nDragonFly BSD 4.8 is released\n\n\nImproved kernel performance\n\n\nThis release further localizes cache lines and reduces/removes cache ping-ponging on globals. For bulk builds on many-cores or multi-socket systems, we have around a 5% improvement, and certain subsystems such as namecache lookups and exec()s see massive focused improvements. See the corresponding mailing list post with details.\n\nSupport for eMMC booting, and mobile and high-performance PCIe SSDs\n\n\nThis kernel release includes support for eMMC storage as the boot device. We also sport a brand new SMP-friendly, high-performance NVMe SSD driver (PCIe SSD storage). Initial device test results are available.\n\nEFI support\n\n\nThe installer can now create an EFI or legacy installation. Numerous adjustments have been made to userland utilities and the kernel to support EFI as a mainstream boot environment. The /boot filesystem may now be placed either in its own GPT slice, or in a DragonFly disklabel inside a GPT slice.\nDragonFly, by default, creates a GPT slice for all of DragonFly and places a DragonFly disklabel inside it with all the standard DFly partitions, such that the disk names are roughly the same as they would be in a legacy system.\n\nImproved graphics support\n\n\nThe i915 driver has been updated to match the version found with the Linux 4.6 kernel. Broadwell and Skylake processor users will see improvements.\n\nOther user-affecting changes\n\n\nKernel is now built using -O2.\nVKernels now use COW, so multiple vkernels can share one disk image.\npowerd() is now sensitive to time and temperature changes.\nNon-boot-filesystem kernel modules can be loaded in rc.conf instead of loader.conf.\n***\n\n\n\n#8005 poor performance of 1MB writes on certain RAID-Z configurations\n\n\nMatt Ahrens posts a new patch for OpenZFS\n\n\n\nBackground: RAID-Z requires that space be allocated in multiples of P+1 sectors,because this is the minimum size block that can have the required amount of parity. Thus blocks on RAIDZ1 must be allocated in a multiple of 2 sectors; on RAIDZ2 multiple of 3; and on RAIDZ3 multiple of 4. A sector is a unit of 2ashift bytes, typically 512B or 4KB.\nTo satisfy this constraint, the allocation size is rounded up to the proper multiple, resulting in up to 3 \"pad sectors\" at the end of some blocks. The contents of these pad sectors are not used, so we do not need to read or write these sectors. However, some storage hardware performs much worse (around 1/2 as fast) on mostly-contiguous writes when there are small gaps of non-overwritten data between the writes. Therefore, ZFS creates \"optional\" zio's when writing RAID-Z blocks that include pad sectors. If writing a pad sector will fill the gap between two (required) writes, we will issue the optional zio, thus doubling performance. The gap-filling performance improvement was introduced in July 2009.\nWriting the optional zio is done by the io aggregation code in vdev_queue.c. The problem is that it is also subject to the limit on the size of aggregate writes, zfs_vdev_aggregation_limit, which is by default 128KB. For a given block, if the amount of data plus padding written to a leaf device exceeds zfs_vdev_aggregation_limit, the optional zio will not be written, resulting in a ~2x performance degradation.\nThe solution is to aggregate optional zio's regardless of the aggregation size limit.\n\n\n\nAs you can see from the graphs, this can make a large difference in performance.\nI encourage you to read the entire commit message, it is well written and very detailed.\n***\n\n\nCan you spot the OpenSSL vulnerability \n\n\nThis code was introduced in OpenSSL 1.1.0d, which was released a couple of days ago. This is in the server SSL code, ssl/statem/statem_srvr.c, ssl_bytes_to_cipher_list()), and can easily be reached remotely. Can you spot the vulnerability?\nSo there is a loop, and within that loop we have an ‘if’ statement, that tests a number of conditions. If any of those conditions fail, OPENSSL_free(raw) is called. But raw isn’t the address that was allocated; raw is increment every loop. Hence, there is a remote invalid free vulnerability.\nBut not quite. None of those checks in the ‘if’ statement can actually fail; earlier on in the function, there is a check that verifies that the packet contains at least 1 byte, so PACKET_get_1 cannot fail. Furthermore, earlier in the function it is verified that the packet length is a multiple of 3, hence PACKET_copy_bytes and PACKET_forward cannot fail.\n\n\n\nSo, does the code do what the original author thought, or expected it to do?\nBut what about the next person that modifies that code, maybe changing or removing one of the earlier checks, allowing one of those if conditions to fail, and execute the bad code?\n\n\n\nNonetheless OpenSSL has acknowledged that the OPENSSL_free line needs a rewrite: Pull Request #2312\nPS I’m not posting this to ridicule the OpenSSL project or their programming skills. I just like reading code and finding corner cases that impact security, which is an effort that ultimately works in everybody’s best interest, and I like to share what I find. Programming is a very difficult enterprise and everybody makes mistakes.\n\n\n\nThanks to Guido Vranken for the sharp eye and the blog post\n***\n\n\nResearch Debt\n\n\nI found this article interesting as it relates to not just research, but a lot of technical areas in general\n\n\n\nAchieving a research-level understanding of most topics is like climbing a mountain. Aspiring researchers must struggle to understand vast bodies of work that came before them, to learn techniques, and to gain intuition. Upon reaching the top, the new researcher begins doing novel work, throwing new stones onto the top of the mountain and making it a little taller for whoever comes next. \nPeople expect the climb to be hard. It reflects the tremendous progress and cumulative effort that’s gone into the research. The climb is seen as an intellectual pilgrimage, the labor a rite of passage. But the climb could be massively easier. It’s entirely possible to build paths and staircases into these mountains. The climb isn’t something to be proud of. The climb isn’t progress: the climb is a mountain of debt.\nProgrammers talk about technical debt: there are ways to write software that are faster in the short run but problematic in the long run.\n\nPoor Exposition – Often, there is no good explanation of important ideas and one has to struggle to understand them. This problem is so pervasive that we take it for granted and don’t appreciate how much better things could be.\n\nUndigested Ideas – Most ideas start off rough and hard to understand. They become radically easier as we polish them, developing the right analogies, language, and ways of thinking.\n\nBad abstractions and notation – Abstractions and notation are the user interface of research, shaping how we think and communicate. Unfortunately, we often get stuck with the first formalisms to develop even when they’re bad. For example, an object with extra electrons is negative, and pi is wrong\n\nNoise – Being a researcher is like standing in the middle of a construction site. Countless papers scream for your attention and there’s no easy way to filter or summarize them. We think noise is the main way experts experience research debt.\n\nThere’s a tradeoff between the energy put into explaining an idea, and the energy needed to understand it. On one extreme, the explainer can painstakingly craft a beautiful explanation, leading their audience to understanding without even realizing it could have been difficult. On the other extreme, the explainer can do the absolute minimum and abandon their audience to struggle. This energy is called interpretive labor\nResearch distillation is the opposite of research debt. It can be incredibly satisfying, combining deep scientific understanding, empathy, and design to do justice to our research and lay bare beautiful insights. Distillation is also hard. It’s tempting to think of explaining an idea as just putting a layer of polish on it, but good explanations often involve transforming the idea. This kind of refinement of an idea can take just as much effort and deep understanding as the initial discovery.\n\n\nThe distillation can often times require an entirely different set of skills than the original creation of the idea. Almost all of the BSD projects have some great ideas or subsystems that just need distillation into easy to understand and use platforms or tools.\nLike the theoretician, the experimentalist or the research engineer, the research distiller is an integral role for a healthy research community. Right now, almost no one is filling it.\n\n\n\n\nAnyway, if that bit piqued your interest, go read the full article and the suggested further reading.\n***\n\n\nNews Roundup\n\nAnd then the murders began.\n\n\nA whole bunch of people have pointed me at articles like this one, which claim that you can improve almost any book by making the second sentence “And then the murders began.”\nIt’s entirely possible they’re correct. But let’s check, with a sampling of books. As different books come in different tenses and have different voices, I’ve made some minor changes.\n\n“Welcome to Cisco Routers for the Desperate! And then the murders begin.” — Cisco Routers for the Desperate, 2nd ed\n\n“Over the last ten years, OpenSSH has become the standard tool for remote management of Unix-like systems and many network devices. And then the murders began.” — SSH Mastery\n\n“The Z File System, or ZFS, is a complicated beast, but it is also the most powerful tool in a sysadmin’s Batman-esque utility belt. And then the murders begin.” — FreeBSD Mastery: Advanced ZFS\n\n“Blood shall rain from the sky, and great shall be the lamentation of the Linux fans. And then, the murders will begin.” — Absolute FreeBSD, 3rd Ed\n\n\n\n\nNetdata now supports FreeBSD\n\n\nnetdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards.\n\n\n\nFrom the release notes: \n\n\n\napps.plugin ported for FreeBSD\n\n\n\nCheck out their demo sites\n***\n\n\nDistrowatch Weekly reviews RaspBSD\n\n\nRaspBSD is a FreeBSD-based project which strives to create a custom build of FreeBSD for single board and hobbyist computers. RaspBSD takes a recent snapshot of FreeBSD and adds on additional components, such as the LXDE desktop and a few graphical applications. The RaspBSD project currently has live images for Raspberry Pi devices, the Banana Pi, Pine64 and BeagleBone Black \u0026amp; Green computers.\n\nThe default RaspBSD system is quite minimal, running a mere 16 processes when I was logged in. In the background the operating system runs cron, OpenSSH, syslog and the powerd power management service. Other than the user's shell and terminals, nothing else is running. This means RaspBSD uses little memory, requiring just 16MB of active memory and 31MB of wired or kernel memory.\n\nI made note of a few practical differences between running RaspBSD on the Pi verses my usual Raspbian operating system. One minor difference is RaspBSD turns off the Pi's external power light after booting. Raspbian leaves the light on. This means it looks like the Pi is off when it is running RaspBSD, but it also saves a little electricity.\n\nConclusions: Apart from these little differences, running RaspBSD on the Pi was a very similar experience to running Raspbian and my time with the operating system was pleasantly trouble-free. Long-term, I think applying source updates to the base system might be tedious and SD disk operations were slow. However, the Pi usually is not utilized for its speed, but rather its low cost and low-energy usage. For people who are looking for a small home server or very minimal desktop box, RaspBSD running on the Pi should be suitable. \n\n\n\n\nResearch UNIX V8, V9 and V10 made public by Alcatel-Lucent\n\n\nAlcatel-Lucent USA Inc. (“ALU-USA”), on behalf of itself and Nokia Bell Laboratories agrees, to the extent of its ability to do so, that it will not assert its copyright rights with respect to any non-commercial copying, distribution, performance, display or creation of derivative works of Research Unix®1 Editions 8, 9, and 10.\nResearch Unix is a term used to refer to versions of the Unix operating system for DEC PDP-7, PDP-11, VAX and Interdata 7/32 and 8/32 computers, developed in the Bell Labs Computing Science Research Center.  The version breakdown can be viewed on its Wikipedia page\nIt only took 30+ years, but now they’re public\nYou can grab them from here\nIf you’re wondering what happened with Research Unix, After Version 10, Unix development at Bell Labs was stopped in favor of a successor system, Plan 9; which itself was succeeded by Inferno.\n***\n\n\nBeastie Bits\n\n\nThe BSD Family Tree\nUnix Permissions Calculator\nNAS4Free release 11.0.0.4 now available\nAnother BSD Mag released for free downloads\nOPNsense 17.1.4 released\n***\n\n\nFeedback/Questions\n\n\ngozes asks via twitter about how get involved in FreeBSD\n***\n","content_html":"\u003cp\u003eToday on BSD Now, the latest Dragonfly BSD release, RaidZ performance, another OpenSSL Vulnerability, and more; all this week on BSD Now.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflybsd.org/release48/\" rel=\"nofollow\"\u003eDragonFly BSD 4.8 is released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eImproved kernel performance\n\n\u003cul\u003e\n\u003cli\u003eThis release further localizes cache lines and reduces/removes cache ping-ponging on globals. For bulk builds on many-cores or multi-socket systems, we have around a 5% improvement, and certain subsystems such as namecache lookups and exec()s see massive focused improvements. See the corresponding mailing list post with details.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eSupport for eMMC booting, and mobile and high-performance PCIe SSDs\n\n\u003cul\u003e\n\u003cli\u003eThis kernel release includes support for eMMC storage as the boot device. We also sport a brand new SMP-friendly, high-performance NVMe SSD driver (PCIe SSD storage). Initial device test results are available.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eEFI support\n\n\u003cul\u003e\n\u003cli\u003eThe installer can now create an EFI or legacy installation. Numerous adjustments have been made to userland utilities and the kernel to support EFI as a mainstream boot environment. The /boot filesystem may now be placed either in its own GPT slice, or in a DragonFly disklabel inside a GPT slice.\u003c/li\u003e\n\u003cli\u003eDragonFly, by default, creates a GPT slice for all of DragonFly and places a DragonFly disklabel inside it with all the standard DFly partitions, such that the disk names are roughly the same as they would be in a legacy system.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eImproved graphics support\n\n\u003cul\u003e\n\u003cli\u003eThe i915 driver has been updated to match the version found with the Linux 4.6 kernel. Broadwell and Skylake processor users will see improvements.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eOther user-affecting changes\n\n\u003cul\u003e\n\u003cli\u003eKernel is now built using -O2.\u003c/li\u003e\n\u003cli\u003eVKernels now use COW, so multiple vkernels can share one disk image.\u003c/li\u003e\n\u003cli\u003epowerd() is now sensitive to time and temperature changes.\u003c/li\u003e\n\u003cli\u003eNon-boot-filesystem kernel modules can be loaded in rc.conf instead of loader.conf.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/openzfs/openzfs/pull/321\" rel=\"nofollow\"\u003e#8005 poor performance of 1MB writes on certain RAID-Z configurations\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMatt Ahrens posts a new patch for OpenZFS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBackground: RAID-Z requires that space be allocated in multiples of P+1 sectors,because this is the minimum size block that can have the required amount of parity. Thus blocks on RAIDZ1 must be allocated in a multiple of 2 sectors; on RAIDZ2 multiple of 3; and on RAIDZ3 multiple of 4. A sector is a unit of 2\u003csup\u003eashift\u003c/sup\u003e bytes, typically 512B or 4KB.\u003cbr\u003e\nTo satisfy this constraint, the allocation size is rounded up to the proper multiple, resulting in up to 3 \u0026quot;pad sectors\u0026quot; at the end of some blocks. The contents of these pad sectors are not used, so we do not need to read or write these sectors. However, some storage hardware performs much worse (around 1/2 as fast) on mostly-contiguous writes when there are small gaps of non-overwritten data between the writes. Therefore, ZFS creates \u0026quot;optional\u0026quot; zio\u0026#39;s when writing RAID-Z blocks that include pad sectors. If writing a pad sector will fill the gap between two (required) writes, we will issue the optional zio, thus doubling performance. The gap-filling performance improvement was introduced in July 2009.\u003cbr\u003e\nWriting the optional zio is done by the io aggregation code in vdev_queue.c. The problem is that it is also subject to the limit on the size of aggregate writes, zfs_vdev_aggregation_limit, which is by default 128KB. For a given block, if the amount of data plus padding written to a leaf device exceeds zfs_vdev_aggregation_limit, the optional zio will not be written, resulting in a ~2x performance degradation.\u003cbr\u003e\nThe solution is to aggregate optional zio\u0026#39;s regardless of the aggregation size limit.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs you can see from the graphs, this can make a large difference in performance.\u003c/li\u003e\n\u003cli\u003eI encourage you to read the entire commit message, it is well written and very detailed.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://guidovranken.wordpress.com/2017/01/28/can-you-spot-the-vulnerability/\" rel=\"nofollow\"\u003eCan you spot the OpenSSL vulnerability \u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis code was introduced in OpenSSL 1.1.0d, which was released a couple of days ago. This is in the server SSL code, ssl/statem/statem_srvr.c, ssl_bytes_to_cipher_list()), and can easily be reached remotely. Can you spot the vulnerability?\u003cbr\u003e\nSo there is a loop, and within that loop we have an ‘if’ statement, that tests a number of conditions. If any of those conditions fail, OPENSSL_free(raw) is called. But raw isn’t the address that was allocated; raw is increment every loop. Hence, there is a remote invalid free vulnerability.\u003cbr\u003e\nBut not quite. None of those checks in the ‘if’ statement can actually fail; earlier on in the function, there is a check that verifies that the packet contains at least 1 byte, so PACKET_get_1 cannot fail. Furthermore, earlier in the function it is verified that the packet length is a multiple of 3, hence PACKET_copy_bytes and PACKET_forward cannot fail.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo, does the code do what the original author thought, or expected it to do?\u003c/li\u003e\n\u003cli\u003eBut what about the next person that modifies that code, maybe changing or removing one of the earlier checks, allowing one of those if conditions to fail, and execute the bad code?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNonetheless OpenSSL has acknowledged that the OPENSSL_free line needs a rewrite: \u003ca href=\"https://github.com/openssl/openssl/pull/2312\" rel=\"nofollow\"\u003ePull Request #2312\u003c/a\u003e\u003cbr\u003e\nPS I’m not posting this to ridicule the OpenSSL project or their programming skills. I just like reading code and finding corner cases that impact security, which is an effort that ultimately works in everybody’s best interest, and I like to share what I find. Programming is a very difficult enterprise and everybody makes mistakes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThanks to Guido Vranken for the sharp eye and the blog post\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://distill.pub/2017/research-debt/\" rel=\"nofollow\"\u003eResearch Debt\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eI found this article interesting as it relates to not just research, but a lot of technical areas in general\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAchieving a research-level understanding of most topics is like climbing a mountain. Aspiring researchers must struggle to understand vast bodies of work that came before them, to learn techniques, and to gain intuition. Upon reaching the top, the new researcher begins doing novel work, throwing new stones onto the top of the mountain and making it a little taller for whoever comes next. \u003cbr\u003e\nPeople expect the climb to be hard. It reflects the tremendous progress and cumulative effort that’s gone into the research. The climb is seen as an intellectual pilgrimage, the labor a rite of passage. But the climb could be massively easier. It’s entirely possible to build paths and staircases into these mountains. The climb isn’t something to be proud of. The climb isn’t progress: the climb is a mountain of debt.\u003cbr\u003e\nProgrammers talk about technical debt: there are ways to write software that are faster in the short run but problematic in the long run.\u003c/p\u003e\n\n\u003cp\u003ePoor Exposition – Often, there is no good explanation of important ideas and one has to struggle to understand them. This problem is so pervasive that we take it for granted and don’t appreciate how much better things could be.\u003c/p\u003e\n\n\u003cp\u003eUndigested Ideas – Most ideas start off rough and hard to understand. They become radically easier as we polish them, developing the right analogies, language, and ways of thinking.\u003c/p\u003e\n\n\u003cp\u003eBad abstractions and notation – Abstractions and notation are the user interface of research, shaping how we think and communicate. Unfortunately, we often get stuck with the first formalisms to develop even when they’re bad. For example, an object with extra electrons is negative, and pi is wrong\u003c/p\u003e\n\n\u003cp\u003eNoise – Being a researcher is like standing in the middle of a construction site. Countless papers scream for your attention and there’s no easy way to filter or summarize them. We think noise is the main way experts experience research debt.\u003c/p\u003e\n\n\u003cp\u003eThere’s a tradeoff between the energy put into explaining an idea, and the energy needed to understand it. On one extreme, the explainer can painstakingly craft a beautiful explanation, leading their audience to understanding without even realizing it could have been difficult. On the other extreme, the explainer can do the absolute minimum and abandon their audience to struggle. This energy is called interpretive labor\u003cbr\u003e\nResearch distillation is the opposite of research debt. It can be incredibly satisfying, combining deep scientific understanding, empathy, and design to do justice to our research and lay bare beautiful insights. Distillation is also hard. It’s tempting to think of explaining an idea as just putting a layer of polish on it, but good explanations often involve transforming the idea. This kind of refinement of an idea can take just as much effort and deep understanding as the initial discovery.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe distillation can often times require an entirely different set of skills than the original creation of the idea. Almost all of the BSD projects have some great ideas or subsystems that just need distillation into easy to understand and use platforms or tools.\nLike the theoretician, the experimentalist or the research engineer, the research distiller is an integral role for a healthy research community. Right now, almost no one is filling it.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnyway, if that bit piqued your interest, go read the full article and the suggested further reading.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2902\" rel=\"nofollow\"\u003eAnd then the murders began.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA whole bunch of people have pointed me at articles like \u003ca href=\"http://thehookmag.com/2017/03/adding-murders-began-second-sentence-book-makes-instantly-better-125462/\" rel=\"nofollow\"\u003ethis one\u003c/a\u003e, which claim that you can improve almost any book by making the second sentence “And then the murders began.”\u003cbr\u003e\nIt’s entirely possible they’re correct. But let’s check, with a sampling of books. As different books come in different tenses and have different voices, I’ve made some minor changes.\u003c/p\u003e\n\n\u003cp\u003e“Welcome to Cisco Routers for the Desperate! And then the murders begin.” — Cisco Routers for the Desperate, 2nd ed\u003c/p\u003e\n\n\u003cp\u003e“Over the last ten years, OpenSSH has become the standard tool for remote management of Unix-like systems and many network devices. And then the murders began.” — SSH Mastery\u003c/p\u003e\n\n\u003cp\u003e“The Z File System, or ZFS, is a complicated beast, but it is also the most powerful tool in a sysadmin’s Batman-esque utility belt. And then the murders begin.” — FreeBSD Mastery: Advanced ZFS\u003c/p\u003e\n\n\u003cp\u003e“Blood shall rain from the sky, and great shall be the lamentation of the Linux fans. And then, the murders will begin.” — Absolute FreeBSD, 3rd Ed\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/firehol/netdata\" rel=\"nofollow\"\u003eNetdata now supports FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003enetdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the release notes: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eapps.plugin ported for FreeBSD\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/firehol/netdata/wiki\" rel=\"nofollow\"\u003eCheck out their demo sites\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20170220#raspbsd\" rel=\"nofollow\"\u003eDistrowatch Weekly reviews RaspBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRaspBSD is a FreeBSD-based project which strives to create a custom build of FreeBSD for single board and hobbyist computers. RaspBSD takes a recent snapshot of FreeBSD and adds on additional components, such as the LXDE desktop and a few graphical applications. The RaspBSD project currently has live images for Raspberry Pi devices, the Banana Pi, Pine64 and BeagleBone Black \u0026amp; Green computers.\u003c/p\u003e\n\n\u003cp\u003eThe default RaspBSD system is quite minimal, running a mere 16 processes when I was logged in. In the background the operating system runs cron, OpenSSH, syslog and the powerd power management service. Other than the user\u0026#39;s shell and terminals, nothing else is running. This means RaspBSD uses little memory, requiring just 16MB of active memory and 31MB of wired or kernel memory.\u003c/p\u003e\n\n\u003cp\u003eI made note of a few practical differences between running RaspBSD on the Pi verses my usual Raspbian operating system. One minor difference is RaspBSD turns off the Pi\u0026#39;s external power light after booting. Raspbian leaves the light on. This means it looks like the Pi is off when it is running RaspBSD, but it also saves a little electricity.\u003c/p\u003e\n\n\u003cp\u003eConclusions: Apart from these little differences, running RaspBSD on the Pi was a very similar experience to running Raspbian and my time with the operating system was pleasantly trouble-free. Long-term, I think applying source updates to the base system might be tedious and SD disk operations were slow. However, the Pi usually is not utilized for its speed, but rather its low cost and low-energy usage. For people who are looking for a small home server or very minimal desktop box, RaspBSD running on the Pi should be suitable. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://media-bell-labs-com.s3.amazonaws.com/pages/20170327_1602/statement%20regarding%20Unix%203-7-17.pdf\" rel=\"nofollow\"\u003eResearch UNIX V8, V9 and V10 made public by Alcatel-Lucent\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlcatel-Lucent USA Inc. (“ALU-USA”), on behalf of itself and Nokia Bell Laboratories agrees, to the extent of its ability to do so, that it will not assert its copyright rights with respect to any non-commercial copying, distribution, performance, display or creation of derivative works of Research Unix®1 Editions 8, 9, and 10.\u003c/li\u003e\n\u003cli\u003eResearch Unix is a term used to refer to versions of the Unix operating system for DEC PDP-7, PDP-11, VAX and Interdata 7/32 and 8/32 computers, developed in the Bell Labs Computing Science Research Center.  The version breakdown can be viewed on its \u003ca href=\"https://en.wikipedia.org/wiki/Research_Unix\" rel=\"nofollow\"\u003eWikipedia page\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt only took 30+ years, but now they’re public\u003c/li\u003e\n\u003cli\u003eYou can grab them from \u003ca href=\"http://www.tuhs.org/Archive/Distributions/Research/\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf you’re wondering what happened with Research Unix, After Version 10, Unix development at Bell Labs was stopped in favor of a successor system, \u003ca href=\"http://plan9.bell-labs.com/plan9/\" rel=\"nofollow\"\u003ePlan 9\u003c/a\u003e; which itself was succeeded by \u003ca href=\"http://www.vitanuova.com/inferno/\" rel=\"nofollow\"\u003eInferno\u003c/a\u003e.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freebsd/freebsd/blob/master/share/misc/bsd-family-tree\" rel=\"nofollow\"\u003eThe BSD Family Tree\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://permissions-calculator.org/\" rel=\"nofollow\"\u003eUnix Permissions Calculator\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://sourceforge.net/projects/nas4free/files/NAS4Free-11.0.0.4/11.0.0.4.4141/\" rel=\"nofollow\"\u003eNAS4Free release 11.0.0.4 now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/download/simple-quorum-drive-freebsd-ctl-ha-beast-storage-system/\" rel=\"nofollow\"\u003eAnother BSD Mag released for free downloads\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=4898.msg19359\" rel=\"nofollow\"\u003eOPNsense 17.1.4 released\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/gozes/status/846779901738991620\" rel=\"nofollow\"\u003egozes asks via twitter about how get involved in FreeBSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Today on BSD Now, the latest Dragonfly BSD release, RaidZ performance, another OpenSSL Vulnerability, and more; all this week on BSD Now.","date_published":"2017-04-05T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3f745bc2-94ef-484d-89a0-b716571c789c.mp3","mime_type":"audio/mpeg","size_in_bytes":60237652,"duration_in_seconds":5019}]},{"id":"b7d43c1e-0c39-4060-af6a-29ab64c4945c","title":"187: Catching up to BSD","url":"https://www.bsdnow.tv/187","content_text":"Catching up to BSD, news about the NetBSD project, a BSD Phone, and a bunch of OpenBSD and TrueOS News.\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nNetBSD 7.1 released\n\n\nThis update represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\nKernel\n\n\ncompat_linux(8): Fully support sched_setaffinity and sched_getaffinity, fixing, e.g., the Intel Math Kernel Library.\n\nDTrace:\n\n\nAvoid redefined symbol errors when loading the module.\nFix module autoload.\n\nIPFilter:\n\n\nFix matching of ICMP queries when NAT'd through IPF.\nFix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.\nipsec(4): Fix NAT-T issue with NetBSD being the host behind NAT.\n\nDrivers\n\n\nAdd vioscsi driver for the Google Compute Engine disk.\nichsmb(4): Add support for Braswell CPU and Intel 100 Series.\nwm(4):\nAdd C2000 KX and 2.5G support.\nAdd Wake On Lan support.\nFixed a lot of bugs\n\nSecurity Fixes\n\n\nNetBSD-SA2017-001 Memory leak in the connect system call.\nNetBSD-SA2017-002 Several vulnerabilities in ARP.\n\nARM related\n\n\nSupport for Raspberry Pi Zero.\nODROID-C1 Ethernet now works.\n\n\n\n\n\nSummary of the preliminary LLDB support project\n\n\nWhat has been done in NetBSD\n\n\nVerified the full matrix of combinations of wait(2) and ptrace(2) in the following\nGNU libstdc++ std::call_once bug investigation test-cases\nImproving documentation and other minor system parts\nDocumentation of ptrace(2) and explanation how debuggers work\nIntroduction of new siginfo(2) codes for SIGTRAP\nNew ptrace(2) interfaces\n\nWhat has been done in LLDB\nNative Process NetBSD Plugin\nThe MonitorCallback function\nOther LLDB code, out of the NativeProcessNetBSD Plugin\nAutomated LLDB Test Results Summary\nPlan for the next milestone\n\n\nfix conflict with system-wide py-six\nadd support for auxv read operation\nswitch resolution of pid -\u0026gt; path to executable from /proc to sysctl(7)\nrecognize Real-Time Signals (SIGRTMIN-SIGRTMAX)\nupstream !NetBSDProcessPlugin code\nswitch std::call_once to llvm::call_once\nadd new ptrace(2) interface to lock and unlock threads from execution\nswitch the current PT_WATCHPOINT interface to PT_GETDBREGS and PT_SETDBREGS\n\n\n\n\n\nActually building a FreeBSD Phone \n\n\nThere have been a number of different projects that have proposed building a FreeBSD based smart phone\nThis project is a bit different, and I think that gives it a better chance to make progress\nIt uses off-the-shelf parts, so while not as neatly integrated as a regular smartphone device, it makes a much better prototype, and is more readily available.\nHardware overview: X86-based, long-lasting (user-replaceable) battery, WWAN Modem (w/LTE), 4-5\" LCD Touchscreen (Preferably w/720p resolution, IPS), upgradable storage.\nCurrently targeting the UDOO Ultra platform. It features Intel Pentium N3710 (2.56GHz Quad-core, HD Graphics 405 [16 EUs @ 700MHz], VT-x, AES-NI), 2x4GB DDR3L RAM, 32GB eMMC storage built-in, further expansion w/M.2 SSD \u0026amp; MicroSD slot, lots of connectivity onboard.\nSoftware: FreeBSD Hypervisor (bhyve or Xen) to run atop the hardware, hosting two separate hosts.\n\n\nOne will run an instance of pfSense, the \"World's Most Popular Open Source Firewall\" to handle the WWAN connection, routing, and Firewall (as well as Secure VPN if desired).\nThe other instance will run a slimmed down installation of FreeBSD. The UI will be tweaked to work best in this form factor \u0026amp; resources tuned for this platform. There will be a strong reliance on Google Chromium \u0026amp; Google's services (like Google Voice).\n\nThe project has a detailed log, and it looks like the hardware it is based on will ship in the next few weeks, so we expect to see more activity.\n***\n\n\nNews Roundup\n\nNVME M.2 card road tests (Matt Dillon)\n\n\nDragonFlyBSD’s Matt Dillon has posted a rundown of the various M.2 NVMe devices he has tested\n\n\nSAMSUNG 951\nSAMSUNG 960 EVO\nTOSHIBA OCZ RD400\nINTEL 600P\nWD BLACK 256G\nMYDIGITALSSD\nPLEXTOR M8Pe\n\nIt is interesting to see the relative performance of each device, but also how they handle the workload and manage their temperature (or don’t in a few cases)\nThe link provides a lot of detail about different block sizes and overall performance\n***\n\n\nZREP ZFS replication and failover\n\n\n\"zrep\", a robust yet easy to use ZFS based replication and failover solution. It can also serve as the conduit to create a simple backup hub.\nThe tool was originally written for Solaris, and is written in ksh\nHowever, it seems people have used it on FreeBSD and even FreeNAS by installing the ksh93 port\nHas anyone used this? How does it compare to tools like zxfer?\nThere is a FreeBSD port, but it is a few versions behind, someone should update it\nWe would be interested in hearing some feedback\n***\n\n\nCatching up on some TrueOS News\n\n\nTrueOS Security and Wikileaks revelations\nNew Jail management utilities\nKen Moore's talk about Sysadm from Linuxfest 2016\nThe Basics of using ZFS with TrueOS\n***\n\n\nCatching up on some OpenBSD News\n\n\nOpenBSD 6.1 coming May 1\nOpenBSD Foundation 2016 Fundraising (goal: $250K actual: $573K)\nThe OpenBSD Foundation 2017 Fundraising Campaign\nOpenBSD MitM attack against WPA1/WPA2\nOpenBSD vmm/vmd Update\n***\n\n\nBeastie Bits\n\n\nHardenedBSD News: Introducing CFI \nNew version of Iocage (Python 3) on FreshPorts\nDragonFly BSD Network performance comparison as of today\nKnoxBUG recap\n***\n\n\nFeedback/Questions\n\n\nNoel asks about moving to bhyve/jails\n***\n","content_html":"\u003cp\u003eCatching up to BSD, news about the NetBSD project, a BSD Phone, and a bunch of OpenBSD and TrueOS News.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.netbsd.org/releases/formal-7/NetBSD-7.1.html\" rel=\"nofollow\"\u003eNetBSD 7.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis update represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eKernel\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://netbsd.gw.com/cgi-bin/man-cgi?compat_linux+8.i386+NetBSD-7.1\" rel=\"nofollow\"\u003ecompat_linux(8)\u003c/a\u003e: Fully support sched_setaffinity and sched_getaffinity, fixing, e.g., the Intel Math Kernel Library.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDTrace:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAvoid redefined symbol errors when loading the module.\u003c/li\u003e\n\u003cli\u003eFix module autoload.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIPFilter:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFix matching of ICMP queries when NAT\u0026#39;d through IPF.\u003c/li\u003e\n\u003cli\u003eFix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://netbsd.gw.com/cgi-bin/man-cgi?ipsec+4.i386+NetBSD-7.1\" rel=\"nofollow\"\u003eipsec(4)\u003c/a\u003e: Fix NAT-T issue with NetBSD being the host behind NAT.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eDrivers\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdd vioscsi driver for the Google Compute Engine disk.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://netbsd.gw.com/cgi-bin/man-cgi?ichsmb+4.i386+NetBSD-7.1\" rel=\"nofollow\"\u003eichsmb(4)\u003c/a\u003e: Add support for Braswell CPU and Intel 100 Series.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://netbsd.gw.com/cgi-bin/man-cgi?wm+4.i386+NetBSD-7.1\" rel=\"nofollow\"\u003ewm(4)\u003c/a\u003e:\u003c/li\u003e\n\u003cli\u003eAdd C2000 KX and 2.5G support.\u003c/li\u003e\n\u003cli\u003eAdd Wake On Lan support.\u003c/li\u003e\n\u003cli\u003eFixed a lot of bugs\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSecurity Fixes\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-001.txt.asc\" rel=\"nofollow\"\u003eNetBSD-SA2017-001\u003c/a\u003e Memory leak in the connect system call.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc\" rel=\"nofollow\"\u003eNetBSD-SA2017-002\u003c/a\u003e Several vulnerabilities in ARP.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eARM related\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSupport for Raspberry Pi Zero.\u003c/li\u003e\n\u003cli\u003eODROID-C1 Ethernet now works.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/summary_of_the_preliminary_lldb\" rel=\"nofollow\"\u003eSummary of the preliminary LLDB support project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eWhat has been done in NetBSD\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eVerified the full matrix of combinations of wait(2) and ptrace(2) in the following\u003c/li\u003e\n\u003cli\u003eGNU libstdc++ std::call_once bug investigation test-cases\u003c/li\u003e\n\u003cli\u003eImproving documentation and other minor system parts\u003c/li\u003e\n\u003cli\u003eDocumentation of ptrace(2) and explanation how debuggers work\u003c/li\u003e\n\u003cli\u003eIntroduction of new siginfo(2) codes for SIGTRAP\u003c/li\u003e\n\u003cli\u003eNew ptrace(2) interfaces\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWhat has been done in LLDB\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNative Process NetBSD Plugin\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe MonitorCallback function\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOther LLDB code, out of the NativeProcessNetBSD Plugin\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAutomated LLDB Test Results Summary\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003ePlan for the next milestone\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003efix conflict with system-wide py-six\u003c/li\u003e\n\u003cli\u003eadd support for auxv read operation\u003c/li\u003e\n\u003cli\u003eswitch resolution of pid -\u0026gt; path to executable from /proc to sysctl(7)\u003c/li\u003e\n\u003cli\u003erecognize Real-Time Signals (SIGRTMIN-SIGRTMAX)\u003c/li\u003e\n\u003cli\u003eupstream !NetBSDProcessPlugin code\u003c/li\u003e\n\u003cli\u003eswitch std::call_once to llvm::call_once\u003c/li\u003e\n\u003cli\u003eadd new ptrace(2) interface to lock and unlock threads from execution\u003c/li\u003e\n\u003cli\u003eswitch the current PT_WATCHPOINT interface to PT_GETDBREGS and PT_SETDBREGS\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hackaday.io/project/13145-bsd-based-secure-smartphone\" rel=\"nofollow\"\u003eActually building a FreeBSD Phone \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere have been a number of different projects that have proposed building a FreeBSD based smart phone\u003c/li\u003e\n\u003cli\u003eThis project is a bit different, and I think that gives it a better chance to make progress\u003c/li\u003e\n\u003cli\u003eIt uses off-the-shelf parts, so while not as neatly integrated as a regular smartphone device, it makes a much better prototype, and is more readily available.\u003c/li\u003e\n\u003cli\u003eHardware overview: X86-based, long-lasting (user-replaceable) battery, WWAN Modem (w/LTE), 4-5\u0026quot; LCD Touchscreen (Preferably w/720p resolution, IPS), upgradable storage.\u003c/li\u003e\n\u003cli\u003eCurrently targeting the UDOO Ultra platform. It features Intel Pentium N3710 (2.56GHz Quad-core, HD Graphics 405 [16 EUs @ 700MHz], VT-x, AES-NI), 2x4GB DDR3L RAM, 32GB eMMC storage built-in, further expansion w/M.2 SSD \u0026amp; MicroSD slot, lots of connectivity onboard.\u003c/li\u003e\n\u003cli\u003eSoftware: FreeBSD Hypervisor (bhyve or Xen) to run atop the hardware, hosting two separate hosts.\n\n\u003cul\u003e\n\u003cli\u003eOne will run an instance of pfSense, the \u0026quot;World\u0026#39;s Most Popular Open Source Firewall\u0026quot; to handle the WWAN connection, routing, and Firewall (as well as Secure VPN if desired).\u003c/li\u003e\n\u003cli\u003eThe other instance will run a slimmed down installation of FreeBSD. The UI will be tweaked to work best in this form factor \u0026amp; resources tuned for this platform. There will be a strong reliance on Google Chromium \u0026amp; Google\u0026#39;s services (like Google Voice).\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe project has a detailed log, and it looks like the hardware it is based on will ship in the next few weeks, so we expect to see more activity.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2017-March/313261.html\" rel=\"nofollow\"\u003eNVME M.2 card road tests (Matt Dillon)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFlyBSD’s Matt Dillon has posted a rundown of the various M.2 NVMe devices he has tested\n\n\u003cul\u003e\n\u003cli\u003eSAMSUNG 951\u003c/li\u003e\n\u003cli\u003eSAMSUNG 960 EVO\u003c/li\u003e\n\u003cli\u003eTOSHIBA OCZ RD400\u003c/li\u003e\n\u003cli\u003eINTEL 600P\u003c/li\u003e\n\u003cli\u003eWD BLACK 256G\u003c/li\u003e\n\u003cli\u003eMYDIGITALSSD\u003c/li\u003e\n\u003cli\u003ePLEXTOR M8Pe\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eIt is interesting to see the relative performance of each device, but also how they handle the workload and manage their temperature (or don’t in a few cases)\u003c/li\u003e\n\u003cli\u003eThe link provides a lot of detail about different block sizes and overall performance\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bolthole.com/solaris/zrep/\" rel=\"nofollow\"\u003eZREP ZFS replication and failover\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;zrep\u0026quot;, a robust yet easy to use ZFS based replication and failover solution. It can also serve as the conduit to create a simple backup hub.\u003c/li\u003e\n\u003cli\u003eThe tool was originally written for Solaris, and is written in ksh\u003c/li\u003e\n\u003cli\u003eHowever, it seems people have used it on FreeBSD and even FreeNAS by installing the ksh93 port\u003c/li\u003e\n\u003cli\u003eHas anyone used this? How does it compare to tools like zxfer?\u003c/li\u003e\n\u003cli\u003eThere is a FreeBSD port, but it is a few versions behind, someone should update it\u003c/li\u003e\n\u003cli\u003eWe would be interested in hearing some feedback\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eCatching up on some TrueOS News\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/trueos-security-wikileaks-revelations/\" rel=\"nofollow\"\u003eTrueOS Security and Wikileaks revelations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/new-jail-management-utilities/\" rel=\"nofollow\"\u003eNew Jail management utilities\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=PyraePQyCGY\" rel=\"nofollow\"\u003eKen Moore\u0026#39;s talk about Sysadm from Linuxfest 2016\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.trueos.org/blog/community-spotlight-basics-using-zfs-trueos/\" rel=\"nofollow\"\u003eThe Basics of using ZFS with TrueOS\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eCatching up on some OpenBSD News\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/61.html\" rel=\"nofollow\"\u003eOpenBSD 6.1 coming May 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170223044255\" rel=\"nofollow\"\u003eOpenBSD Foundation 2016 Fundraising (goal: $250K actual: $573K)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.openbsdfoundation.org/campaign2017.html\" rel=\"nofollow\"\u003eThe OpenBSD Foundation 2017 Fundraising Campaign\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=148839684520133\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD MitM attack against WPA1/WPA2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/papers/asiabsdcon2017-vmm-slides.pdf\" rel=\"nofollow\"\u003eOpenBSD vmm/vmd Update\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2017-03-02/introducing-cfi\" rel=\"nofollow\"\u003eHardenedBSD News: Introducing CFI\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freshports.org/sysutils/py3-iocage/\" rel=\"nofollow\"\u003eNew version of Iocage (Python 3) on FreshPorts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://leaf.dragonflybsd.org/%7Esephe/perf_cmp.pdf\" rel=\"nofollow\"\u003eDragonFly BSD Network performance comparison as of today\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/content/knoxbug-wants-you\" rel=\"nofollow\"\u003eKnoxBUG recap\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pastebin.com/7B47nuC0\" rel=\"nofollow\"\u003eNoel asks about moving to bhyve/jails\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Catching up to BSD, news about the NetBSD project, a BSD Phone, and a bunch of OpenBSD and TrueOS News.","date_published":"2017-03-29T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b7d43c1e-0c39-4060-af6a-29ab64c4945c.mp3","mime_type":"audio/mpeg","size_in_bytes":54147316,"duration_in_seconds":4512}]},{"id":"09c4e852-2672-45ab-8305-fc91d8b928e6","title":"186: The Fast And the Firewall: Tokyo Drift","url":"https://www.bsdnow.tv/186","content_text":"This week on BSDNow, reports from AsiaBSDcon, TrueOS and FreeBSD news,  Optimizing IllumOS Kernel, your questions and more.\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nAsiaBSDcon Reports and Reviews\n\n\nAsiaBSDcon schedule\nSchedule and slides from the 4th bhyvecon\nMichael Dexter’s trip report on the iXsystems blog\nNetBSD AsiaBSDcon booth report\n***\n\n\nTrueOS Community Guidelines are here!\n\n\nTrueOS has published its new Community Guidelines\nThe TrueOS Project has existed for over ten years. Until now, there was no formally defined process for interested individuals in the TrueOS community to earn contributor status as an active committer to this long-standing project. The current core TrueOS developers (Kris Moore, Ken Moore, and Joe Maloney) want to provide the community more opportunities to directly impact the TrueOS Project, and wish to formalize the process for interested people to gain full commit access to the TrueOS repositories.\nThese describe what is expected of community members and committers\nThey also describe the process of getting commit access to the TrueOS repo:\n\n\n\nPreviously, Kris directly handed out commit bits. Now, the Core developers have provided a small list of requirements for gaining a TrueOS commit bit:\n\nCreate five or more pull requests in a TrueOS Project repository within a single six month period. \n\nStay active in the TrueOS community through at least one of the available community channels (Gitter, Discourse, IRC, etc.). \n\nRequest commit access from the core developers via core@trueos.org OR Core developers contact you concerning commit access.\n\nPull requests can be any contribution to the project, from minor documentation tweaks to creating full utilities.\n\nAt the end of every month, the core developers review the commit logs, removing elements that break the Project or deviate too far from its intended purpose. Additionally, outstanding pull requests with no active dissension are immediately merged, if possible. For example, a user submits a pull request which adds a little-used OpenRC script. No one from the community comments on the request or otherwise argues against its inclusion, resulting in an automatic merge at the end of the month. In this manner, solid contributions are routinely added to the project and never left in a state of “limbo”.\n\n\n\nThe page also describes the perks of being a TrueOS committer:\n\n\n\nContributors to the TrueOS Project enjoy a number of benefits, including:\n\nA personal TrueOS email alias: @trueos.org\n\nFull access for managing TrueOS issues on GitHub.\n\nRegular meetings with the core developers and other contributors.\n\nAccess to private chat channels with the core developers.\n\nRecognition as part of an online Who’s Who of TrueOS developers.\n\nThe eternal gratitude of the core developers of TrueOS.\n\nA warm, fuzzy feeling.\n\n\n\n\nIntel Donates 250.000 $ to the FreeBSD Foundation\n\n\nMore details about the deal: Systems Thinking: Intel and the FreeBSD Project \n\n\n\nIntel will be more actively engaging with the FreeBSD Foundation and the FreeBSD Project to deliver more timely support for Intel products and technologies in FreeBSD.\n\nIntel has contributed code to FreeBSD for individual device drivers (i.e. NICs) in the past, but is now seeking a more holistic “systems thinking” approach. \n\n\n\nIntel Blog Post \n\n\n\nWe will work closely with the FreeBSD Foundation to ensure the drivers, tools, and applications needed on Intel® SSD-based storage appliances are available to the community. This collaboration will also provide timely support for future Intel® 3D XPoint™ products.\n\n\n\nThank you very much, Intel!\n***\n\n\nApplied FreeBSD: Basic iSCSI\n\n\niSCSI is often touted as a low-cost replacement for fibre-channel (FC) Storage Area Networks (SANs). Instead of having to setup a separate fibre-channel network for the SAN, or invest in the infrastructure to run Fibre-Channel over Ethernet (FCoE), iSCSI runs on top of standard TCP/IP. This means that the same network equipment used for routing user data on a network could be utilized for the storage as well.\n\nThis article will cover a very basic setup where a FreeBSD server is configured as an iSCSI Target, and another FreeBSD server is configured as the iSCSI Initiator. The iSCSI Target will export a single disk drive, and the initiator will create a filesystem on this disk and mount it locally. Advanced topics, such as multipath, ZFS storage pools, failover controllers, etc. are not covered.\n\nThe real magic is the /etc/ctl.conf file, which contains all of the information necessary for ctld to share disk drives on the network. Check out the man page for /etc/ctl.conf for more details; below is the configuration file that I created for this test setup. Note that on a system that has never had iSCSI configured, there will be no existing configuration file, so go ahead and create it.\n\n\n\nThen, enable ctld and start it:\n\n\nsysrc ctld_enable=”YES”\nservice ctld start\n\nYou can use the ctladm command to see what is going on:\n\n\nroot@bsdtarget:/dev # ctladm lunlist\n\n(7:0:0/0):  Fixed Direct Access SPC-4 SCSI device\n\n(7:0:1/1):  Fixed Direct Access SPC-4 SCSI device\n\nroot@bsdtarget:/dev # ctladm devlist\n\nLUN Backend Size (Blocks) BS Serial Number Device ID\n\n0 block 10485760 512 MYSERIAL 0 MYDEVID 0\n\n1 block 10485760 512 MYSERIAL 1 MYDEVID 1\n\n\nNow, let’s configure the client side:\n\n\n\nIn order for a FreeBSD host to become an iSCSI Initiator, the iscsd daemon needs to be started.\n\n\n\nsysrc iscsid_enable=”YES”\nservice iscsid start\n\n\n\nNext, the iSCSI Initiator can manually connect to the iSCSI target using the iscsictl tool. While setting up a new iSCSI session, this is probably the best option. Once you are sure the configuration is correct, add the configuration to the /etc/iscsi.conf file (see man page for this file). For iscsictl, pass the IP address of the target as well as the iSCSI IQN for the session:\n\n\n+ iscsictl -A -p 192.168.22.128 -t iqn.2017-02.lab.testing:basictarget\n\n\n\nYou should now have a new device (check dmesg), in this case, da1\nThe guide them walks through partitioning the disk, and laying down a UFS file system, and mounting it\nThis it walks through how to disconnect iscsi, incase you don’t want it anymore\nThis all looked nice and easy, and it works very well. Now lets see what happens when you try to mount the iSCSI from Windows\nOk, that wasn’t so bad.\nNow, instead of sharing an entire space disk on the host via iSCSI, share a zvol. Now your windows machine can be backed by ZFS. All of your problems are solved.\n\n\n\n\nInterview - Philipp Buehler - pbuehler@sysfive.com\n\nTechnical Lead at SysFive, and Former OpenBSD Committer\n\nNews Roundup\n\nHalf a dozen new features in mandoc -T html\n\n\nmandoc’s HTML output mode got some new features\n\n\n\nEven though mdoc(7) is a semantic markup language, traditionally none of the semantic annotations were communicated to the reader. [...] Now, at least in -T html output mode, you can see the semantic function of marked-up words by hovering your mouse over them.\n\nIn terminal output modes, we have the ctags(1)-like internal search facility built around the less(1) tag jump (:t) feature for quite some time now. We now have a similar feature in -T html output mode. To jump to (almost) the same places in the text, go to the address bar of the browser, type a hash mark ('#') after the URI, then the name of the option, command, variable, error code etc. you want to jump to, and hit enter.\n\n\n\nCheck out the full report by Ingo Schwarze (schwarze@) and try out these new features\n***\n\n\nOptimizing IllumOS Kernel Crypto\n\n\nSašo Kiselkov, of ZFS fame, looked into the performance of the OpenSolaris kernel crypto framework and found it lacking.\nThe article also spends a few minutes on the different modes and how they work.\n\n\n\nRecently I've had some motivation to look into the KCF on Illumos and discovered that, unbeknownst to me, we already had an AES-NI implementation that was automatically enabled when running on Intel and AMD CPUs with AES-NI support. This work was done back in 2010 by Dan Anderson.This was great news, so I set out to test the performance in Illumos in a VM on my Mac with a Core i5 3210M (2.5GHz normal, 3.1GHz turbo).\n\n\n\nThe initial tests of “what the hardware can do” were done in OpenSSL\n\n\n\nSo now comes the test for the KCF. I wrote a quick'n'dirty crypto test module that just performed a bunch of encryption operations and timed the results.\n\n\n\nKCF got around 100 MB/s for each algorithm, except half that for AES-GCM\nOpenSSL had done over 3000 MB/s for CTR mode, 500 MB/s for CBC, and 1000 MB/s for GCM\n\n\n\nWhat the hell is that?! This is just plain unacceptable. Obviously we must have hit some nasty performance snag somewhere, because this is comical. And sure enough, we did.\n\nWhen looking around in the AES-NI implementation I came across this bit in aes_intel.s that performed the CLTS instruction.\n\nThis is a problem: 3.1.2 Instructions That Cause VM Exits ConditionallyCLTS. The CLTS instruction causes a VM exit if the bits in position 3 (corresponding to CR0.TS) are set in both the CR0 guest/host mask and the CR0 read shadow.\n\nThe CLTS instruction signals to the CPU that we're about to use FPU registers (which is needed for AES-NI), which in VMware causes an exit into the hypervisor. And we've been doing it for every single AES block! Needless to say, performing the equivalent of a very expensive context switch every 16 bytes is going to hurt encryption performance a bit. The reason why the kernel is issuing CLTS is because for performance reasons, the kernel doesn't save and restore FPU register state on kernel thread context switches. So whenever we need to use FPU registers inside the kernel, we must disable kernel thread preemption via a call to kpreempt_disable() and kpreempt_enable() and save and restore FPU register state manually. During this time, we cannot be descheduled (because if we were, some other thread might clobber our FPU registers), so if a thread does this for too long, it can lead to unexpected latency bubbles\n\nThe solution was to restructure the AES and KCF block crypto implementations in such a way that we execute encryption in meaningfully small chunks. I opted for 32k bytes, for reasons which I'll explain below. Unfortunately, doing this restructuring work was a bit more complicated than one would imagine, since in the KCF the implementation of the AES encryption algorithm and the block cipher modes is separated into two separate modules that interact through an internal API, which wasn't really conducive to high performance (we'll get to that later). Anyway, having fixed the issue here and running the code at near native speed, this is what I get:\n\n\nAES-128/CTR: 439 MB/s\n\nAES-128/CBC: 483 MB/s\n\nAES-128/GCM: 252 MB/s\n\n\nNot disastrous anymore, but still, very, very bad. Of course, you've got keep in mind, the thing we're comparing it to, OpenSSL, is no slouch. It's got hand-written highly optimized inline assembly implementations of most of these encryption functions and their specific modes, for lots of platforms. That's a ton of code to maintain and optimize, but I'll be damned if I let this kind of performance gap persist.\n\nFixing this, however, is not so trivial anymore. It pertains to how the KCF's block cipher mode API interacts with the cipher algorithms. It is beautifully designed and implemented in a fashion that creates minimum code duplication, but this also means that it's inherently inefficient.\n\nECB, CBC and CTR gained the ability to pass an algorithm-specific \"fastpath\" implementation of the block cipher mode, because these functions benefit greatly from pipelining multiple cipher calls into a single place.\n\nECB, CTR and CBC decryption benefit enormously from being able to exploit the wide XMM register file on Intel to perform encryption/decryption operations on 8 blocks at the same time in a non-interlocking manner. The performance gains here are on the order of 5-8x.CBC encryption benefits from not having to copy the previously encrypted ciphertext blocks into memory and back into registers to XOR them with the subsequent plaintext blocks, though here the gains are more modest, around 1.3-1.5x.\n\nAfter all of this work, this is how the results now look on Illumos, even inside of a VM:\n\n\nAlgorithm/Mode 128k ops\n\nAES-128/CTR: 3121 MB/s\n\nAES-128/CBC: 691 MB/s\n\nAES-128/GCM: 1053 MB/s\n\n\nSo the CTR and GCM speeds have actually caught up to OpenSSL, and CBC is actually faster than OpenSSL.\n\n\n\nOn the decryption side of things, CBC decryption also jumped from 627 MB/s to 3011 MB/s. Seeing these performance numbers, you can see why I chose 32k for the operation size in between kernel preemption barriers. Even on the slowest hardware with AES-NI, we can expect at least 300-400 MB/s/core of throughput, so even in the worst case, we'll be hogging the CPU for at most ~0.1ms per run.\n\nOverall, we're even a little bit faster than OpenSSL in some tests, though that's probably down to us encrypting 128k blocks vs 8k in the \"openssl speed\" utility. Anyway, having fixed this monstrous atrocity of a performance bug, I can now finally get some sleep.\n\n\n\nTo made these tests repeatable, and to ensure that the changes didn’t break the crypto algorithms, Saso created a crypto_test kernel module.\nI have recently created a FreeBSD version of crypto_test.ko, for much the same purposes\nInitial performance on FreeBSD is not as bad, if you have the aesni.ko module loaded, but it is not up to speed with OpenSSL. You cannot directly compare to the benchmarks Saso did, because the CPUs are vastly different.\nPerformance results\nI hope to do some more tests on a range of different sized CPUs in order to determine how the algorithms scale across different clock speeds.\nI also want to look at, or get help and have someone else look at, implementing some of the same optimizations that Saso did.\nIt currently seems like there isn’t a way to perform addition crypto operations in the same session without regenerating the key table. Processing additional buffers in an existing session might offer a number of optimizations for bulk operations, although in many cases, each block is encrypted with a different key and/or IV, so it might not be very useful.\n***\n\n\nBrendan Gregg’s special freeware tools for sysadmins\n\n\nThese tools need to be in every (not so) serious sysadmins toolbox. \nTriple ROT13 encryption algorithm (beware: export restrictions may apply)\n/usr/bin/maybe, in case true and false don’t provide too little choice...\nThe bottom command lists you all the processes using the least CPU cycles.\nCheck out the rest of the tools. \nYou wrote similar tools and want us to cover them in the show? Send us an email to feedback@bsdnow.tv \n***\n\n\nA look at 2038 \n\n\nI remember the Y2K problem quite vividly. The world was going crazy for years, paying insane amounts of money to experts to fix critical legacy systems, and there was a neverending stream of predictions from the media on how it’s all going to fail. Most didn’t even understand what the problem was, and I remember one magazine writing something like the following:\nMost systems store the current year as a two-digit value to save space. When the value rolls over on New Year’s Eve 1999, those two digits will be “00”, and “00” means “halt operation” in the machine language of many central processing units. If you’re in an elevator at this time, it will stop working and you may fall to your death.\nI still don’t know why they thought a computer would suddenly interpret data as code, but people believed them. We could see a nearby hydropower plant from my parents’ house, and we expected it to go up in flames as soon as the clock passed midnight, while at least two airplanes crashed in our garden at the same time. Then nothing happened. I think one of the most “severe” problems was the police not being able to open their car garages the next day because their RFID tokens had both a start and end date for validity, and the system clock had actually rolled over to 1900, so the tokens were “not yet valid”.\nThat was 17 years ago. One of the reasons why Y2K wasn’t as bad as it could have been is that many systems had never used the “two-digit-year” representation internally, but use some form of “timestamp” relative to a fixed date (the “epoch”).\nThe actual problem with time and dates rolling over is that systems calculate timestamp differences all day. Since a timestamp derived from the system clock seemingly only increases with each query, it is very common to just calculate diff = now - before and never care about the fact that now could suddenly be lower than before because the system clock has rolled over. In this case diff is suddenly negative, and if other parts of the code make further use of the suddenly negative value, things can go horribly wrong.\nA good example was a bug in the generator control units (GCUs) aboard Boeing 787 “Dreamliner” aircrafts, discovered in 2015. An internal timestamp counter would overflow roughly 248 days after the system had been powered on, triggering a shut down to “safe mode”. The aircraft has four generator units, but if all were powered up at the same time, they would all fail at the same time. This sounds like an overflow caused by a signed 32-bit counter counting the number of centiseconds since boot, overflowing after 248.55 days, and luckily no airline had been using their Boing 787 models for such a long time between maintenance intervals.\nThe “obvious” solution is to simply switch to 64-Bit values and call it day, which would push overflow dates far into the future (as long as you don’t do it like the IBM S/370 mentioned before). But as we’ve learned from the Y2K problem, you have to assume that computer systems, computer software and stored data (which often contains timestamps in some form) will stay with us for much longer than we might think. The years 2036 and 2038 might be far in the future, but we have to assume that many of the things we make and sell today are going to be used and supported for more than just 19 years. Also many systems have to store dates which are far in the future. A 30 year mortgage taken out in 2008 could have already triggered the bug, and for some banks it supposedly did.\nsys_gettimeofday() is one of the most used system calls on a generic Linux system and returns the current time in form of an UNIX timestamp (time_t data type) plus fraction (suseconds_t data type). Many applications have to know the current time and date to do things, e.g. displaying it, using it in game timing loops, invalidating caches after their lifetime ends, perform an action after a specific moment has passed, etc. In a 32-Bit UNIX system, time_t is usually defined as a signed 32-Bit Integer.\nWhen kernel, libraries and applications are compiled, the compiler will turn this assumption machine code and all components later have to match each other. So a 32-Bit Linux application or library still expects the kernel to return a 32-Bit value even if the kernel is running on a 64-Bit architecture and has 32-Bit compatibility. The same holds true for applications calling into libraries. This is a major problem, because there will be a lot of legacy software running in 2038. Systems which used an unsigned 32-Bit Integer for time_t push the problem back to 2106, but I don’t know about many of those.\nThe developers of the GNU C library (glibc), the default standard C library for many GNU/Linux systems, have come up with a design for year 2038 proofness for their library. Besides the time_t data type itself, a number of other data structures have fields based on time_t or the combined struct timespec and struct timeval types. Many methods beside those intended for setting and querying the current time use timestamps\n32-Bit Windows applications, or Windows applications defining _USE_32BIT_TIME_T, can be hit by the year 2038 problem too if they use the time_t data type. The __time64_t data type had been available since Visual C 7.1, but only Visual C 8 (default with Visual Studio 2015) expanded time_t to 64 bits by default. The change will only be effective after a recompilation, legacy applications will continue to be affected.\nIf you live in a 64-Bit world and use a 64-Bit kernel with 64-Bit only applications, you might think you can just ignore the problem. In such a constellation all instances of the standard time_t data type for system calls, libraries and applications are signed 64-Bit Integers which will overflow in around 292 billion years. But many data formats, file systems and network protocols still specify 32-Bit time fields, and you might have to read/write this data or talk to legacy systems after 2038. So solving the problem on your side alone is not enough.\n\n\n\nThen the article goes on to describe how all of this will break your file systems. Not to mention your databases and other file formats.\nAlso see Theo De Raadt’s EuroBSDCon 2013 Presentation\n***\n\n\nBeastie Bits\n\n\nMichael Lucas: Get your name in “Absolute FreeBSD 3rd Edition”\nZFS compressed ARC stats to top\nMatthew Dillon discovered HAMMER was repeating itself when writing to disk.  Fixing that issue doubled write speeds\nTedU on Meaningful Short Names \nvBSDcon and EuroBSDcon Call for Papers are open\n\n\nFeedback/Questions\n\n\nCraig asks about BSD server management\nMichael asks about jails as a router between networks\nTodd asks about connecting jails \nDave writes in with an interesting link\n\u0026gt; applications crash more often due to errors than corruptions. In the case of corruption, a few applications (e.g., Log-Cabin, ZooKeeper) can use checksums and redundancy to recover, leading to a correct behavior; however, when the corruption is transformed into an error, these applications crash, resulting in reduced availability.\n***\n","content_html":"\u003cp\u003eThis week on BSDNow, reports from AsiaBSDcon, TrueOS and FreeBSD news,  Optimizing IllumOS Kernel, your questions and more.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"\" rel=\"nofollow\"\u003eAsiaBSDcon Reports and Reviews\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://2017.asiabsdcon.org/program.html.en\" rel=\"nofollow\"\u003eAsiaBSDcon schedule\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://bhyvecon.org/\" rel=\"nofollow\"\u003eSchedule and slides from the 4th bhyvecon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/ixsystems-attends-asiabsdcon-2017\" rel=\"nofollow\"\u003eMichael Dexter’s trip report on the iXsystems blog\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2017/03/13/msg000729.html\" rel=\"nofollow\"\u003eNetBSD AsiaBSDcon booth report\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/trueos-community-guidelines/\" rel=\"nofollow\"\u003eTrueOS Community Guidelines are here!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTrueOS has published its new Community Guidelines\u003c/li\u003e\n\u003cli\u003eThe TrueOS Project has existed for over ten years. Until now, there was no formally defined process for interested individuals in the TrueOS community to earn contributor status as an active committer to this long-standing project. The current core TrueOS developers (Kris Moore, Ken Moore, and Joe Maloney) want to provide the community more opportunities to directly impact the TrueOS Project, and wish to formalize the process for interested people to gain full commit access to the TrueOS repositories.\u003c/li\u003e\n\u003cli\u003eThese describe what is expected of community members and committers\u003c/li\u003e\n\u003cli\u003eThey also describe the process of getting commit access to the TrueOS repo:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePreviously, Kris directly handed out commit bits. Now, the Core developers have provided a small list of requirements for gaining a TrueOS commit bit:\u003c/p\u003e\n\n\u003cp\u003eCreate five or more pull requests in a TrueOS Project repository within a single six month period. \u003c/p\u003e\n\n\u003cp\u003eStay active in the TrueOS community through at least one of the available community channels (Gitter, Discourse, IRC, etc.). \u003c/p\u003e\n\n\u003cp\u003eRequest commit access from the core developers via \u003ca href=\"mailto:core@trueos.org\" rel=\"nofollow\"\u003ecore@trueos.org\u003c/a\u003e OR Core developers contact you concerning commit access.\u003c/p\u003e\n\n\u003cp\u003ePull requests can be any contribution to the project, from minor documentation tweaks to creating full utilities.\u003c/p\u003e\n\n\u003cp\u003eAt the end of every month, the core developers review the commit logs, removing elements that break the Project or deviate too far from its intended purpose. Additionally, outstanding pull requests with no active dissension are immediately merged, if possible. For example, a user submits a pull request which adds a little-used OpenRC script. No one from the community comments on the request or otherwise argues against its inclusion, resulting in an automatic merge at the end of the month. In this manner, solid contributions are routinely added to the project and never left in a state of “limbo”.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe page also describes the perks of being a TrueOS committer:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eContributors to the TrueOS Project enjoy a number of benefits, including:\u003c/p\u003e\n\n\u003cp\u003eA personal TrueOS email alias: \u003cyouralias\u003e@trueos.org\u003c/p\u003e\n\n\u003cp\u003eFull access for managing TrueOS issues on GitHub.\u003c/p\u003e\n\n\u003cp\u003eRegular meetings with the core developers and other contributors.\u003c/p\u003e\n\n\u003cp\u003eAccess to private chat channels with the core developers.\u003c/p\u003e\n\n\u003cp\u003eRecognition as part of an online Who’s Who of TrueOS developers.\u003c/p\u003e\n\n\u003cp\u003eThe eternal gratitude of the core developers of TrueOS.\u003c/p\u003e\n\n\u003cp\u003eA warm, fuzzy feeling.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/latest-news/new-uranium-level-donation-and-collaborative-partnership-with-intel/\" rel=\"nofollow\"\u003eIntel Donates 250.000 $ to the FreeBSD Foundation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore details about the deal: Systems Thinking: \u003ca href=\"https://www.freebsdfoundation.org/blog/systems-thinking-intel-and-the-freebsd-project/\" rel=\"nofollow\"\u003eIntel and the FreeBSD Project\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIntel will be more actively engaging with the FreeBSD Foundation and the FreeBSD Project to deliver more timely support for Intel products and technologies in FreeBSD.\u003c/p\u003e\n\n\u003cp\u003eIntel has contributed code to FreeBSD for individual device drivers (i.e. NICs) in the past, but is now seeking a more holistic “systems thinking” approach. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://01.org/blogs/imad/2017/intel-increases-support-freebsd-project\" rel=\"nofollow\"\u003eIntel Blog Post \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe will work closely with the FreeBSD Foundation to ensure the drivers, tools, and applications needed on Intel® SSD-based storage appliances are available to the community. This collaboration will also provide timely support for future Intel® 3D XPoint™ products.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThank you very much, Intel!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://globalengineer.wordpress.com/2017/03/05/applied-freebsd-basic-iscsi/\" rel=\"nofollow\"\u003eApplied FreeBSD: Basic iSCSI\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eiSCSI is often touted as a low-cost replacement for fibre-channel (FC) Storage Area Networks (SANs). Instead of having to setup a separate fibre-channel network for the SAN, or invest in the infrastructure to run Fibre-Channel over Ethernet (FCoE), iSCSI runs on top of standard TCP/IP. This means that the same network equipment used for routing user data on a network could be utilized for the storage as well.\u003c/p\u003e\n\n\u003cp\u003eThis article will cover a very basic setup where a FreeBSD server is configured as an iSCSI Target, and another FreeBSD server is configured as the iSCSI Initiator. The iSCSI Target will export a single disk drive, and the initiator will create a filesystem on this disk and mount it locally. Advanced topics, such as multipath, ZFS storage pools, failover controllers, etc. are not covered.\u003c/p\u003e\n\n\u003cp\u003eThe real magic is the /etc/ctl.conf file, which contains all of the information necessary for ctld to share disk drives on the network. Check out the man page for /etc/ctl.conf for more details; below is the configuration file that I created for this test setup. Note that on a system that has never had iSCSI configured, there will be no existing configuration file, so go ahead and create it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThen, enable ctld and start it:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003esysrc ctld_enable=”YES”\u003c/li\u003e\n\u003cli\u003eservice ctld start\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eYou can use the ctladm command to see what is going on:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eroot@bsdtarget:/dev # ctladm lunlist\u003c/p\u003e\n\n\u003cp\u003e(7:0:0/0): \u003cFREEBSD CTLDISK 0001\u003e Fixed Direct Access SPC-4 SCSI device\u003c/p\u003e\n\n\u003cp\u003e(7:0:1/1): \u003cFREEBSD CTLDISK 0001\u003e Fixed Direct Access SPC-4 SCSI device\u003c/p\u003e\n\n\u003cp\u003eroot@bsdtarget:/dev # ctladm devlist\u003c/p\u003e\n\n\u003cp\u003eLUN Backend Size (Blocks) BS Serial Number Device ID\u003c/p\u003e\n\n\u003cp\u003e0 block 10485760 512 MYSERIAL 0 MYDEVID 0\u003c/p\u003e\n\n\u003cp\u003e1 block 10485760 512 MYSERIAL 1 MYDEVID 1\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow, let’s configure the client side:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn order for a FreeBSD host to become an iSCSI Initiator, the iscsd daemon needs to be started.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003esysrc iscsid_enable=”YES”\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eservice iscsid start\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNext, the iSCSI Initiator can manually connect to the iSCSI target using the iscsictl tool. While setting up a new iSCSI session, this is probably the best option. Once you are sure the configuration is correct, add the configuration to the /etc/iscsi.conf file (see man page for this file). For iscsictl, pass the IP address of the target as well as the iSCSI IQN for the session:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cpre\u003e\u003ccode\u003e+ iscsictl -A -p 192.168.22.128 -t iqn.2017-02.lab.testing:basictarget\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eYou should now have a new device (check dmesg), in this case, da1\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe guide them walks through partitioning the disk, and laying down a UFS file system, and mounting it\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThis it walks through how to disconnect iscsi, incase you don’t want it anymore\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThis all looked nice and easy, and it works very well. Now lets see what happens when you try to mount the iSCSI from Windows\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOk, that wasn’t so bad.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNow, instead of sharing an entire space disk on the host via iSCSI, share a zvol. Now your windows machine can be backed by ZFS. All of your problems are solved.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Philipp Buehler - \u003ca href=\"mailto:pbuehler@sysfive.com\" rel=\"nofollow\"\u003epbuehler@sysfive.com\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eTechnical Lead at SysFive, and Former OpenBSD Committer\u003c/p\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170316080827\" rel=\"nofollow\"\u003eHalf a dozen new features in mandoc -T html\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://man.openbsd.org/mandoc.1\" rel=\"nofollow\"\u003emandoc\u003c/a\u003e’s HTML output mode got some new features\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEven though mdoc(7) is a semantic markup language, traditionally none of the semantic annotations were communicated to the reader. [...] Now, at least in -T html output mode, you can see the semantic function of marked-up words by hovering your mouse over them.\u003c/p\u003e\n\n\u003cp\u003eIn terminal output modes, we have the ctags(1)-like internal search facility built around the less(1) tag jump (:t) feature for quite some time now. We now have a similar feature in -T html output mode. To jump to (almost) the same places in the text, go to the address bar of the browser, type a hash mark (\u0026#39;#\u0026#39;) after the URI, then the name of the option, command, variable, error code etc. you want to jump to, and hit enter.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCheck out the full report by Ingo Schwarze (schwarze@) and try out these new features\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://zfs-create.blogspot.com/2014/05/optimizing-illumos-kernel-crypto.html\" rel=\"nofollow\"\u003eOptimizing IllumOS Kernel Crypto\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSašo Kiselkov, of ZFS fame, looked into the performance of the OpenSolaris kernel crypto framework and found it lacking.\u003c/li\u003e\n\u003cli\u003eThe article also spends a few minutes on the different modes and how they work.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecently I\u0026#39;ve had some motivation to look into the KCF on Illumos and discovered that, unbeknownst to me, we already had an AES-NI implementation that was automatically enabled when running on Intel and AMD CPUs with AES-NI support. This work was done back in 2010 by Dan Anderson.This was great news, so I set out to test the performance in Illumos in a VM on my Mac with a Core i5 3210M (2.5GHz normal, 3.1GHz turbo).\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe initial tests of “what the hardware can do” were done in OpenSSL\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo now comes the test for the KCF. I wrote a quick\u0026#39;n\u0026#39;dirty crypto test module that just performed a bunch of encryption operations and timed the results.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eKCF got around 100 MB/s for each algorithm, except half that for AES-GCM\u003c/li\u003e\n\u003cli\u003eOpenSSL had done over 3000 MB/s for CTR mode, 500 MB/s for CBC, and 1000 MB/s for GCM\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat the hell is that?! This is just plain unacceptable. Obviously we must have hit some nasty performance snag somewhere, because this is comical. And sure enough, we did.\u003c/p\u003e\n\n\u003cp\u003eWhen looking around in the AES-NI implementation I came across this bit in aes_intel.s that performed the CLTS instruction.\u003c/p\u003e\n\n\u003cp\u003eThis is a problem: 3.1.2 Instructions That Cause VM Exits ConditionallyCLTS. The CLTS instruction causes a VM exit if the bits in position 3 (corresponding to CR0.TS) are set in both the CR0 guest/host mask and the CR0 read shadow.\u003c/p\u003e\n\n\u003cp\u003eThe CLTS instruction signals to the CPU that we\u0026#39;re about to use FPU registers (which is needed for AES-NI), which in VMware causes an exit into the hypervisor. And we\u0026#39;ve been doing it for every single AES block! Needless to say, performing the equivalent of a very expensive context switch every 16 bytes is going to hurt encryption performance a bit. The reason why the kernel is issuing CLTS is because for performance reasons, the kernel doesn\u0026#39;t save and restore FPU register state on kernel thread context switches. So whenever we need to use FPU registers inside the kernel, we must disable kernel thread preemption via a call to kpreempt_disable() and kpreempt_enable() and save and restore FPU register state manually. During this time, we cannot be descheduled (because if we were, some other thread might clobber our FPU registers), so if a thread does this for too long, it can lead to unexpected latency bubbles\u003c/p\u003e\n\n\u003cp\u003eThe solution was to restructure the AES and KCF block crypto implementations in such a way that we execute encryption in meaningfully small chunks. I opted for 32k bytes, for reasons which I\u0026#39;ll explain below. Unfortunately, doing this restructuring work was a bit more complicated than one would imagine, since in the KCF the implementation of the AES encryption algorithm and the block cipher modes is separated into two separate modules that interact through an internal API, which wasn\u0026#39;t really conducive to high performance (we\u0026#39;ll get to that later). Anyway, having fixed the issue here and running the code at near native speed, this is what I get:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eAES-128/CTR: 439 MB/s\u003c/p\u003e\n\n\u003cp\u003eAES-128/CBC: 483 MB/s\u003c/p\u003e\n\n\u003cp\u003eAES-128/GCM: 252 MB/s\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNot disastrous anymore, but still, very, very bad. Of course, you\u0026#39;ve got keep in mind, the thing we\u0026#39;re comparing it to, OpenSSL, is no slouch. It\u0026#39;s got hand-written highly optimized inline assembly implementations of most of these encryption functions and their specific modes, for lots of platforms. That\u0026#39;s a ton of code to maintain and optimize, but I\u0026#39;ll be damned if I let this kind of performance gap persist.\u003c/p\u003e\n\n\u003cp\u003eFixing this, however, is not so trivial anymore. It pertains to how the KCF\u0026#39;s block cipher mode API interacts with the cipher algorithms. It is beautifully designed and implemented in a fashion that creates minimum code duplication, but this also means that it\u0026#39;s inherently inefficient.\u003c/p\u003e\n\n\u003cp\u003eECB, CBC and CTR gained the ability to pass an algorithm-specific \u0026quot;fastpath\u0026quot; implementation of the block cipher mode, because these functions benefit greatly from pipelining multiple cipher calls into a single place.\u003c/p\u003e\n\n\u003cp\u003eECB, CTR and CBC decryption benefit enormously from being able to exploit the wide XMM register file on Intel to perform encryption/decryption operations on 8 blocks at the same time in a non-interlocking manner. The performance gains here are on the order of 5-8x.CBC encryption benefits from not having to copy the previously encrypted ciphertext blocks into memory and back into registers to XOR them with the subsequent plaintext blocks, though here the gains are more modest, around 1.3-1.5x.\u003c/p\u003e\n\n\u003cp\u003eAfter all of this work, this is how the results now look on Illumos, even inside of a VM:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eAlgorithm/Mode 128k ops\u003c/p\u003e\n\n\u003cp\u003eAES-128/CTR: 3121 MB/s\u003c/p\u003e\n\n\u003cp\u003eAES-128/CBC: 691 MB/s\u003c/p\u003e\n\n\u003cp\u003eAES-128/GCM: 1053 MB/s\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo the CTR and GCM speeds have actually caught up to OpenSSL, and CBC is actually faster than OpenSSL.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn the decryption side of things, CBC decryption also jumped from 627 MB/s to 3011 MB/s. Seeing these performance numbers, you can see why I chose 32k for the operation size in between kernel preemption barriers. Even on the slowest hardware with AES-NI, we can expect at least 300-400 MB/s/core of throughput, so even in the worst case, we\u0026#39;ll be hogging the CPU for at most ~0.1ms per run.\u003c/p\u003e\n\n\u003cp\u003eOverall, we\u0026#39;re even a little bit faster than OpenSSL in some tests, though that\u0026#39;s probably down to us encrypting 128k blocks vs 8k in the \u0026quot;openssl speed\u0026quot; utility. Anyway, having fixed this monstrous atrocity of a performance bug, I can now finally get some sleep.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo made these tests repeatable, and to ensure that the changes didn’t break the crypto algorithms, Saso created a crypto_test kernel module.\u003c/li\u003e\n\u003cli\u003eI have recently created a FreeBSD version of crypto_test.ko, for much the same purposes\u003c/li\u003e\n\u003cli\u003eInitial performance on FreeBSD is not as bad, if you have the aesni.ko module loaded, but it is not up to speed with OpenSSL. You cannot directly compare to the benchmarks Saso did, because the CPUs are vastly different.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/OpenCryptoPerformance\" rel=\"nofollow\"\u003ePerformance results\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eI hope to do some more tests on a range of different sized CPUs in order to determine how the algorithms scale across different clock speeds.\u003c/li\u003e\n\u003cli\u003eI also want to look at, or get help and have someone else look at, implementing some of the same optimizations that Saso did.\u003c/li\u003e\n\u003cli\u003eIt currently seems like there isn’t a way to perform addition crypto operations in the same session without regenerating the key table. Processing additional buffers in an existing session might offer a number of optimizations for bulk operations, although in many cases, each block is encrypted with a different key and/or IV, so it might not be very useful.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.brendangregg.com/specials.html\" rel=\"nofollow\"\u003eBrendan Gregg’s special freeware tools for sysadmins\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThese tools need to be in every (not so) serious sysadmins toolbox. \u003c/li\u003e\n\u003cli\u003eTriple ROT13 encryption algorithm (beware: export restrictions may apply)\u003c/li\u003e\n\u003cli\u003e/usr/bin/maybe, in case true and false don’t provide too little choice...\u003c/li\u003e\n\u003cli\u003eThe bottom command lists you all the processes using the least CPU cycles.\u003c/li\u003e\n\u003cli\u003eCheck out the rest of the tools. \u003c/li\u003e\n\u003cli\u003eYou wrote similar tools and want us to cover them in the show? Send us an email to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/\" rel=\"nofollow\"\u003eA look at 2038 \u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI remember the Y2K problem quite vividly. The world was going crazy for years, paying insane amounts of money to experts to fix critical legacy systems, and there was a neverending stream of predictions from the media on how it’s all going to fail. Most didn’t even understand what the problem was, and I remember one magazine writing something like the following:\u003cbr\u003e\nMost systems store the current year as a two-digit value to save space. When the value rolls over on New Year’s Eve 1999, those two digits will be “00”, and “00” means “halt operation” in the machine language of many central processing units. If you’re in an elevator at this time, it will stop working and you may fall to your death.\u003cbr\u003e\nI still don’t know why they thought a computer would suddenly interpret data as code, but people believed them. We could see a nearby hydropower plant from my parents’ house, and we expected it to go up in flames as soon as the clock passed midnight, while at least two airplanes crashed in our garden at the same time. Then nothing happened. I think one of the most “severe” problems was the police not being able to open their car garages the next day because their RFID tokens had both a start and end date for validity, and the system clock had actually rolled over to 1900, so the tokens were “not yet valid”.\u003cbr\u003e\nThat was 17 years ago. One of the reasons why Y2K wasn’t as bad as it could have been is that many systems had never used the “two-digit-year” representation internally, but use some form of “timestamp” relative to a fixed date (the “epoch”).\u003cbr\u003e\nThe actual problem with time and dates rolling over is that systems calculate timestamp differences all day. Since a timestamp derived from the system clock seemingly only increases with each query, it is very common to just calculate diff = now - before and never care about the fact that now could suddenly be lower than before because the system clock has rolled over. In this case diff is suddenly negative, and if other parts of the code make further use of the suddenly negative value, things can go horribly wrong.\u003cbr\u003e\nA good example was a bug in the generator control units (GCUs) aboard Boeing 787 “Dreamliner” aircrafts, discovered in 2015. An internal timestamp counter would overflow roughly 248 days after the system had been powered on, triggering a shut down to “safe mode”. The aircraft has four generator units, but if all were powered up at the same time, they would all fail at the same time. This sounds like an overflow caused by a signed 32-bit counter counting the number of centiseconds since boot, overflowing after 248.55 days, and luckily no airline had been using their Boing 787 models for such a long time between maintenance intervals.\u003cbr\u003e\nThe “obvious” solution is to simply switch to 64-Bit values and call it day, which would push overflow dates far into the future (as long as you don’t do it like the IBM S/370 mentioned before). But as we’ve learned from the Y2K problem, you have to assume that computer systems, computer software and stored data (which often contains timestamps in some form) will stay with us for much longer than we might think. The years 2036 and 2038 might be far in the future, but we have to assume that many of the things we make and sell today are going to be used and supported for more than just 19 years. Also many systems have to store dates which are far in the future. A 30 year mortgage taken out in 2008 could have already triggered the bug, and for some banks it supposedly did.\u003cbr\u003e\nsys_gettimeofday() is one of the most used system calls on a generic Linux system and returns the current time in form of an UNIX timestamp (time_t data type) plus fraction (suseconds_t data type). Many applications have to know the current time and date to do things, e.g. displaying it, using it in game timing loops, invalidating caches after their lifetime ends, perform an action after a specific moment has passed, etc. In a 32-Bit UNIX system, time_t is usually defined as a signed 32-Bit Integer.\u003cbr\u003e\nWhen kernel, libraries and applications are compiled, the compiler will turn this assumption machine code and all components later have to match each other. So a 32-Bit Linux application or library still expects the kernel to return a 32-Bit value even if the kernel is running on a 64-Bit architecture and has 32-Bit compatibility. The same holds true for applications calling into libraries. This is a major problem, because there will be a lot of legacy software running in 2038. Systems which used an unsigned 32-Bit Integer for time_t push the problem back to 2106, but I don’t know about many of those.\u003cbr\u003e\nThe developers of the GNU C library (glibc), the default standard C library for many GNU/Linux systems, have come up with a design for year 2038 proofness for their library. Besides the time_t data type itself, a number of other data structures have fields based on time_t or the combined struct timespec and struct timeval types. Many methods beside those intended for setting and querying the current time use timestamps\u003cbr\u003e\n32-Bit Windows applications, or Windows applications defining _USE_32BIT_TIME_T, can be hit by the year 2038 problem too if they use the time_t data type. The __time64_t data type had been available since Visual C 7.1, but only Visual C 8 (default with Visual Studio 2015) expanded time_t to 64 bits by default. The change will only be effective after a recompilation, legacy applications will continue to be affected.\u003cbr\u003e\nIf you live in a 64-Bit world and use a 64-Bit kernel with 64-Bit only applications, you might think you can just ignore the problem. In such a constellation all instances of the standard time_t data type for system calls, libraries and applications are signed 64-Bit Integers which will overflow in around 292 billion years. But many data formats, file systems and network protocols still specify 32-Bit time fields, and you might have to read/write this data or talk to legacy systems after 2038. So solving the problem on your side alone is not enough.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThen the article goes on to describe how all of this will break your file systems. Not to mention your databases and other file formats.\u003c/li\u003e\n\u003cli\u003eAlso see \u003ca href=\"https://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp00001.html\" rel=\"nofollow\"\u003eTheo De Raadt’s EuroBSDCon 2013 Presentation\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://blather.michaelwlucas.com/archives/2895\" rel=\"nofollow\"\u003eMichael Lucas: Get your name in “Absolute FreeBSD 3rd Edition”\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=r315435\" rel=\"nofollow\"\u003eZFS compressed ARC stats to top\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2017/03/14/19452.html\" rel=\"nofollow\"\u003eMatthew Dillon discovered HAMMER was repeating itself when writing to disk.  Fixing that issue doubled write speeds\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/shrt-nms-fr-clrty\" rel=\"nofollow\"\u003eTedU on Meaningful Short Names \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/submit-your-work-vbsdcon-and-eurobsdcon-cfps-now-open/\" rel=\"nofollow\"\u003evBSDcon and EuroBSDcon Call for Papers are open\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/NMshpZ7n\" rel=\"nofollow\"\u003eCraig asks about BSD server management\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/UqRwMcRk\" rel=\"nofollow\"\u003eMichael asks about jails as a router between networks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/i1ZD6eXN\" rel=\"nofollow\"\u003eTodd asks about connecting jails \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/QzW5c9wV\" rel=\"nofollow\"\u003eDave writes in with an interesting link\u003c/a\u003e\n\u0026gt; applications crash more often due to errors than corruptions. In the case of corruption, a few applications (e.g., Log-Cabin, ZooKeeper) can use checksums and redundancy to recover, leading to a correct behavior; however, when the corruption is transformed into an error, these applications crash, resulting in reduced availability.\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, reports from AsiaBSDcon, TrueOS and FreeBSD news,  Optimizing IllumOS Kernel, your questions and more.","date_published":"2017-03-22T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/09c4e852-2672-45ab-8305-fc91d8b928e6.mp3","mime_type":"audio/mpeg","size_in_bytes":83580628,"duration_in_seconds":10447}]},{"id":"446a8257-5abe-44a0-848d-f0fa050eec68","title":"185: Exit Interview","url":"https://www.bsdnow.tv/185","content_text":"This is a very special BSD Now! New exciting changes are coming to the show and we’re gonna cover them, so stick around or you’ll miss it!\n\nInterview – Kris Moore – kris@trueos.org / @pcbsdKrisTrueOS founder, FreeNAS developer, BSD Now co-hostBenedict Reuschling – bcr@freebsd.org / @bsdbcrFreeBSD commiter \u0026amp; FreeBSD Foundation Vice President, BSD Now co-host\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n***\n","content_html":"\u003cp\u003eThis is a very special BSD Now! New exciting changes are coming to the show and we’re gonna cover them, so stick around or you’ll miss it!\u003c/p\u003e\n\n\u003cp\u003e\u003ch2\u003eInterview – Kris Moore – \u003ca href=\"mailto:kris@trueos.org\"\u003e\u003ca href=\"mailto:kris@trueos.org\" rel=\"nofollow\"\u003ekris@trueos.org\u003c/a\u003e\u003c/a\u003e / \u003ca href=\"https://twitter.com/pcbsdKris\"\u003e@pcbsdKris\u003c/a\u003e\u003c/h2\u003e\u003cul\u003e\u003cli\u003eTrueOS founder, FreeNAS developer, BSD Now co-host\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eBenedict Reuschling – \u003ca href=\"mailto:bcr@freebsd.org\"\u003e\u003ca href=\"mailto:bcr@freebsd.org\" rel=\"nofollow\"\u003ebcr@freebsd.org\u003c/a\u003e\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdbcr\"\u003e@bsdbcr\u003c/a\u003e\u003c/h2\u003e\u003cul\u003e\u003cli\u003eFreeBSD commiter \u0026amp; FreeBSD Foundation Vice President, BSD Now co-host\u003c/li\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This is a very special BSD Now! New exciting changes are coming to the show and we’re gonna cover them, so stick around or you’ll miss it!","date_published":"2017-03-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/446a8257-5abe-44a0-848d-f0fa050eec68.mp3","mime_type":"audio/mpeg","size_in_bytes":39697780,"duration_in_seconds":3308}]},{"id":"5dde9785-effd-47e6-bcad-d71fe4690749","title":"184: Tokyo Dreaming","url":"https://www.bsdnow.tv/184","content_text":"This week on BSDNow, Allan and I are in Tokyo for AsiaBSDCon, but not to worry, we have a full episode lined up and ready to go. Hackathon reports\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nOpenBSD A2k17 hackathon reports\n\n\na2k17 hackathon report: Patrick Wildt on the arm64 port \na2k17 hackathon report: Antoine Jacoutot on syspatch, rc.d improvements and more \na2k17 hackathon report: Martin Pieuchot on NET_LOCK and much more  \na2k17 hackathon report: Kenneth Westerback on the hidden wonders of the build system, the network stack and more  \na2k17 hackathon report: Bob Beck on LibreSSL progress and more  \n***\n\n\nNetBSD is now reproducible \n\n\nChristos Zoulas posts to the NetBSD blog that he has completed his project to make fully reproducible NetBSD builds for amd64 and sparc64\n\n\n\nI have been working on and off for almost a year trying to get reproducible builds (the same source tree always builds an identical cdrom) on NetBSD. I did not think at the time it would take as long or be so difficult, so I did not keep a log of all the changes I needed to make. I was also not the only one working on this. Other NetBSD developers have been making improvements for the past 6 years. I would like to acknowledge the NetBSD build system (aka build.sh) which is a fully portable cross-build system. This build system has given us a head-start in the reproducible builds work.\n\nI would also like to acknowledge the work done by the Debian folks who have provided a platform to run, test and analyze reproducible builds. Special mention to the diffoscope tool that gives an excellent overview of what's different between binary files, by finding out what they are (and if they are containers what they contain) and then running the appropriate formatter and diff program to show what's different for each file.\n\nFinally other developers who have started, motivated and did a lot of work getting us here like Joerg Sonnenberger and Thomas Klausner for their work on reproducible builds, and Todd Vierling and Luke Mewburn for their work on build.sh.\n\n\n\nSome of the stumbling blocks that were overcome:\n\n\nTimestamps\nDate/time/author embedded in source files\nTimezone sensitive code\nDirectory order / build order\nNon-sanitized data stored in files\nSymbolic links / paths\nGeneral tool inconsistencies: including gcc profiling, the fact that GPT partition tables, are by definition, globally unique each time they are created, and the iso9660 standard calls for a timestamp with a timezone.\nToolchain\nBuild information / tunables / environment. NetBSD now has a knob ‘MKREPRO’, if set to YES it sets a long list of variables to a consistent set of a values.\n\nThe post walks through how these problems where solves\nFuture Work:\n\n\nVary more parameters and find more inconsistencies\nVerify that cross-building is reproducible\nVerify that unprivileged builds are reproducible\nTest on other platforms\n***\n\n\n\nFeatures are faults redux\n\n\nFrom Ted Unangst\n\n\n\nLast week I gave a talk for the security class at Notre Dame based on features are faults but with some various commentary added. It was an exciting trip, with the opportunity to meet and talk with the computer vision group as well. Some other highlights include the Indiana skillet I had for breakfast, which came with pickles and was amazing, and explaining the many wonders of cvs to the Linux users group over lunch. After that came the talk, which went a little something like this.\n\nI got started with OpenBSD back about the same time I started college, although I had a slightly different perspective then. I was using OpenBSD because it included so many security features, therefore it must be the most secure system, right? For example, at some point I acquired a second computer. What’s the first thing anybody does when they get a second computer? That’s right, set up a kerberos domain. The idea that more is better was everywhere. This was also around the time that ipsec was getting its final touches, and everybody knew ipsec was going to be the most secure protocol ever because it had more options than any other secure transport. We’ll revisit this in a bit.\n\nThere’s been a partial attitude adjustment since then, with more people recognizing that layering complexity doesn’t result in more security. It’s not an additive process. There’s a whole talk there, about the perfect security that people can’t or won’t use. OpenBSD has definitely switched directions, including less code, not more. All the kerberos code was deleted a few years ago.\n\nLet’s assume about one bug per 100 lines of code. That’s probably on the low end. Now say your operating system has 100 million lines of code. If I’ve done the math correctly, that’s literally a million bugs. So that’s one reason to avoid adding features. But that’s a solveable problem. If we pick the right language and the right compiler and the right tooling and with enough eyeballs and effort, we can fix all the bugs. We know how to build mostly correct software, we just don’t care.\n\nAs we add features to software, increasing its complexity, new unexpected behaviors start to emerge. What are the bounds? How many features can you add before craziness is inevitable? We can make some guesses. Less than a thousand for sure. Probably less than a hundred? Ten maybe? I’ll argue the answer is quite possibly two. Interesting corollary is that it’s impossible to have a program with exactly two features. Any program with two features has at least a third, but you don’t know what it is\n\nMy first example is a bug in the NetBSD ftp client. We had one feature, we added a second feature, and just like that we got a third misfeature\n\nOur story begins long ago. The origins of this bug are probably older than I am. In the dark times before the web, FTP sites used to be a pretty popular way of publishing files. You run an ftp client, connect to a remote site, and then you can browse the remote server somewhat like a local filesystem. List files, change directories, get files. Typically there would be a README file telling you what’s what, but you don’t need to download a copy to keep. Instead we can pipe the output to a program like more. Right there in the ftp client. No need to disconnect.\n\nFast forward a few decades, and http is the new protocol of choice. http is a much less interactive protocol, but the ftp client has some handy features for batch downloads like progress bars, etc. So let’s add http support to ftp. This works pretty well. Lots of code reused.\n\nhttp has one quirk however that ftp doesn’t have. Redirects. The server can redirect the client to a different file. So now you’re thinking, what happens if I download http://somefile and the server sends back 302 http://|reboot. ftp reconnects to the server, gets the 200, starts downloading and saves it to a file called |reboot. Except it doesn’t. The function that saves files looks at the first character of the name and if it’s a pipe, runs that command instead. And now you just rebooted your computer. Or worse.\n\nIt’s pretty obvious this is not the desired behavior, but where exactly did things go wrong? Arguably, all the pieces were working according to spec. In order to see this bug coming, you needed to know how the save function worked, you needed to know about redirects, and you needed to put all the implications together.\n\n\n\nThe post then goes into a lot more detail about other issues. We just don’t have time to cover it all today, but you should go read it, it is very enlightening\n\n\n\nWhat do we do about this? That’s a tough question. It’s much easier to poke fun at all the people who got things wrong. But we can try. My attitudes are shaped by experiences with the OpenBSD project, and I think we are doing a decent job of containing the complexity. Keep paring away at dependencies and reducing interactions. As a developer, saying “no” to all feature requests is actually very productive. It’s so much faster than implementing the feature. Sometimes users complain, but I’ve often received later feedback from users that they’d come to appreciate the simplicity.\n\nThere was a question about which of these vulnerabilities were found by researchers, as opposed to troublemakers. The answer was most, if not all of them, but it made me realize one additional point I hadn’t mentioned. Unlike the prototypical buffer overflow vulnerability, exploiting features is very reliable. Exploiting something like shellshock or imagetragick requires no customized assembly and is independent of CPU, OS, version, stack alignment, malloc implementation, etc. Within about 24 hours of the initial release of shellshock, I had logs of people trying to exploit it. So unless you’re on about a 12 hour patch cycle, you’re going to have a bad time.\n\n\n\n\nreimplement zfsctl (.zfs) support\n\n\navg@ (Andriy Gapon) has rewritten the .zfs support in FreeBSD\n\n\n\nThe current code is written on top of GFS, a library with the generic support for writing filesystems, which was ported from Illumos. Because of significant differences between illumos VFS and FreeBSD VFS models, both the GFS and zfsctl code were heavily modified to work on FreeBSD.  Nonetheless, they still contain quite a few ugly hacks and bugs.\n\nThis is a reimplementation of the zfsctl code where the VFS-specific bits are written from scratch and only the code that interacts with the rest of ZFS is reused.\n\nSome ideas are picked from an independent work by Will (wca@)\n\n\n\nThis work improves the overall quality of the ZFS port to FreeBSD\n\n\n\nThe code that provides support for ZFS .zfs/ directory functionality has been reimplemented.  It is no longer possible to create a snapshot by mkdir under .zfs/snapshot/.  That should be the only user visible change.\n\n\n\nTIL: On IllumOS, you can create, rename, and destroy snapshots, by manipulating the virtual directories in the .zfs/snapshots directory.\nIf enough people would find this feature useful, maybe it could be implemented (rm and rename have never existed on FreeBSD). At the same time, it seems like rather a lot of work, when the ZFS command line tools work so well. Although wca@ pointed out on IRC, it can be useful to be able to create a snapshot over NFS, or SMB.\n\n\n\n\nInterview - Konrad Witaszczyk - def@freebsd.org\n\n\nEncrypted Kernel Crash Dumps\n***\n\n\nNews Roundup\n\nPBKDF2 Performance improvements on FreeBSD\n\n\nJoe Pixton did some research and found that, because of the way the spec is written, most PBKDF2 implementations are 2x slower than they need to be.\nSince the PBKDF is used to derive a key, used for encryption, this poses a problem. The attacker can derive a key twice as fast as you can. On FreeBSD the PBKDF2 was configured to derive a SHA512-HMAC key that would take approximately 2 seconds to calculate. That is 2 seconds on one core. So an attacker can calculate the same key in 1 second, and use many cores.\nLuckily, 1 second is still a long time for each brute force guess. On modern CPUs with the fast algorithm, you can do about 500,000 iterations of PBKDF per second (per core).\nUntil a recent change, OpenBSD used only 8192 iterations. It now uses a similar benchmark of ~2 seconds, and uses bcrypt instead of a SHA1-HMAC.\nJoe’s research showed that the majority of implementations were done the ‘slow’ way. Calculating the initial part of the outer round each iteration, instead of reusing the initial calculation over and over for each round.\nJoe submitted a match to FreeBSD to solve this problem. That patch was improved, and a test of tests were added by jmg@, but then work stalled\nI picked up the work, and fixed some merge conflicts in the patch that had cropped up based on work I had done that moved the HMAC code to a separate file.\nThis work is now committed.\n\n\n\nWith this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will take half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold.\n\n\n\nIf you are interested in the topic, I recommend the video of Joe’s presentation from the Passwords15 conference in Las Vegas\n***\n\n\nQuick How-To: Updating a screenshot in the TrueOS Handbook\n\n\nDocs writers, might be time to pay attention. This week we have a good walk-through of adding / updating new screenshots to the TrueOS Sphinx Documentation.\nFor those who have not looked in the past, TrueOS and FreeNAS both have fantastic docs by the team over at iXsystems using Sphinx as their doc engine. \nOften we get questions from users asking what “they can do to help” but don’t necessarily have programming skills to apply. \nThe good news is that using Sphinx is relatively easy, and after learning some minio rst syntax you can easily help fix, or even contribute to new sections of the TrueOS (Or FreeNAS) documentation. \nIn this example, Tim takes us through the process of replacing an old out of date screenshot in the handbook with the latest hotness. \nStarting with a .png file, he then locates the old screenshot name and adds the updated version “lumina-e.png” to “lumina-f.png”. With the file added to the tree, the relevant section of .rst code can be adjusted and the sphinx build run to verify the output HTML looks correct.\nUsing this method you can easily start to get involved with other aspects of documentation and next thing you know you’ll be writing boot-loaders like Allan!\n***\n\n\nLearn C Programming With 9 Excellent Open Source Books\n\n\nNow that you’ve easily mastered all your documentation skills, you may be ready to take on a new challenge. (Come on, that boot-loader isn’t going to write itself!)\nWe wanted to point out some excellent resources to get you started on your journey into writing C.\nBefore you think, “oh, more books to purchase”, wait there’s good news. These are the top-9 open-source books that you can download in digital form free of charge. Now I bet we got your attention.\nWe start the rundown with “The C Book”, by Mike Banahan, Declan Brady and Mark Doran, which will lay the groundwork with your introduction into the C language and concepts. \nNext up, if you are going to do anything, do it with style, so take a read through the “C Elements of Style” which will make you popular at all the parties. (We can’t vouch for that statement)\nFrom here we have a book on using C to build your own minimal “lisp” interpreter, reference guides on GNU C and some other excellent introduction / mastery books to help round-out your programming skill set.\nYour C adventure awaits, hopefully these books can not only teach you good C, but also make you feel confident when looking at bits of the FreeBSD world or kernel with a proper foundation to back it up.\n***\n\n\nRunning a Linux VM on OpenBSD\n\n\nOver the past few years we’ve talked a lot about Virtualization, Bhyve or OpenBSD’s ‘vmm’, but qemu hasn’t gotten much attention.\nToday we have a blog post with details on how to deploy qemu to run Linux on top of an OpenBSD host system.\nThe starts by showing us how to first provision the storage for qemu, using the handy ‘qemu-img’ command, which in this example only creates a 4GB disk, you’ll probably want more for real-world usage though.\nNext up the qemu command will be run, pay attention to the particular flags for network and memory setup. You’ll probably want to bump it up past the recommended 256M of memory.\nNetworking is always the fun part, as the author describes his intended setup\n\n\n\nI want OpenBSD and Debian to be able to obtain an IP via DHCP on their wired interfaces and I don't want external networking required for an NFS share to the VM. To accomplish this I need two interfaces since dhclient will erase any other IPv4 addresses already assigned. We can't assign an address directly to the bridge, but we can configure a virtual Ethernet device and add it.\n\n\n\nThe setup for this portion involves touching a few more files, but isn’t that painless. Some “pf” rules to enable NAT for and dhcpd setup to assign a “fixed” IP to the vm will get us going, along with some additional details on how to configure the networking for inside the debian VM.\nOnce those steps are completed you should be able to mount NFS and share data from the host to the VM painlessly. \n\n\n\n\nBeastie Bits\n\n\nMacObserver: Interview with Open Source Developer \u0026amp; Former Apple Manager Jordan Hubbard  \n2016 Google Summer of Code Mentor Summit and MeetBSD Trip Report: Gavin Atkinson \n\n\n\n\nFeedback/Questions\n\n\n Joe - BGP / Vultr Followup \n Ryan Moreno asks about Laptops  \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, Allan and I are in Tokyo for AsiaBSDCon, but not to worry, we have a full episode lined up and ready to go. Hackathon reports\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eOpenBSD A2k17 hackathon reports\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170131101827\" rel=\"nofollow\"\u003ea2k17 hackathon report: Patrick Wildt on the arm64 port\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170203232049\" rel=\"nofollow\"\u003ea2k17 hackathon report: Antoine Jacoutot on syspatch, rc.d improvements and more\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170127154356\" rel=\"nofollow\"\u003ea2k17 hackathon report: Martin Pieuchot on NET_LOCK and much more \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170127031836\" rel=\"nofollow\"\u003ea2k17 hackathon report: Kenneth Westerback on the hidden wonders of the build system, the network stack and more \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170125225403\" rel=\"nofollow\"\u003ea2k17 hackathon report: Bob Beck on LibreSSL progress and more \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds\" rel=\"nofollow\"\u003eNetBSD is now reproducible \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eChristos Zoulas posts to the NetBSD blog that he has completed his project to make fully reproducible NetBSD builds for amd64 and sparc64\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been working on and off for almost a year trying to get reproducible builds (the same source tree always builds an identical cdrom) on NetBSD. I did not think at the time it would take as long or be so difficult, so I did not keep a log of all the changes I needed to make. I was also not the only one working on this. Other NetBSD developers have been making improvements for the past 6 years. I would like to acknowledge the NetBSD build system (aka build.sh) which is a fully portable cross-build system. This build system has given us a head-start in the reproducible builds work.\u003c/p\u003e\n\n\u003cp\u003eI would also like to acknowledge the work done by the Debian folks who have provided a platform to run, test and analyze reproducible builds. Special mention to the diffoscope tool that gives an excellent overview of what\u0026#39;s different between binary files, by finding out what they are (and if they are containers what they contain) and then running the appropriate formatter and diff program to show what\u0026#39;s different for each file.\u003c/p\u003e\n\n\u003cp\u003eFinally other developers who have started, motivated and did a lot of work getting us here like Joerg Sonnenberger and Thomas Klausner for their work on reproducible builds, and Todd Vierling and Luke Mewburn for their work on build.sh.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome of the stumbling blocks that were overcome:\n\n\u003cul\u003e\n\u003cli\u003eTimestamps\u003c/li\u003e\n\u003cli\u003eDate/time/author embedded in source files\u003c/li\u003e\n\u003cli\u003eTimezone sensitive code\u003c/li\u003e\n\u003cli\u003eDirectory order / build order\u003c/li\u003e\n\u003cli\u003eNon-sanitized data stored in files\u003c/li\u003e\n\u003cli\u003eSymbolic links / paths\u003c/li\u003e\n\u003cli\u003eGeneral tool inconsistencies: including gcc profiling, the fact that GPT partition tables, are by definition, globally unique each time they are created, and the iso9660 standard calls for a timestamp with a timezone.\u003c/li\u003e\n\u003cli\u003eToolchain\u003c/li\u003e\n\u003cli\u003eBuild information / tunables / environment. NetBSD now has a knob ‘MKREPRO’, if set to YES it sets a long list of variables to a consistent set of a values.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe post walks through how these problems where solves\u003c/li\u003e\n\u003cli\u003eFuture Work:\n\n\u003cul\u003e\n\u003cli\u003eVary more parameters and find more inconsistencies\u003c/li\u003e\n\u003cli\u003eVerify that cross-building is reproducible\u003c/li\u003e\n\u003cli\u003eVerify that unprivileged builds are reproducible\u003c/li\u003e\n\u003cli\u003eTest on other platforms\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/features-are-faults-redux\" rel=\"nofollow\"\u003eFeatures are faults redux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom Ted Unangst\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLast week I gave a talk for the security class at Notre Dame based on features are faults but with some various commentary added. It was an exciting trip, with the opportunity to meet and talk with the computer vision group as well. Some other highlights include the Indiana skillet I had for breakfast, which came with pickles and was amazing, and explaining the many wonders of cvs to the Linux users group over lunch. After that came the talk, which went a little something like this.\u003c/p\u003e\n\n\u003cp\u003eI got started with OpenBSD back about the same time I started college, although I had a slightly different perspective then. I was using OpenBSD because it included so many security features, therefore it must be the most secure system, right? For example, at some point I acquired a second computer. What’s the first thing anybody does when they get a second computer? That’s right, set up a kerberos domain. The idea that more is better was everywhere. This was also around the time that ipsec was getting its final touches, and everybody knew ipsec was going to be the most secure protocol ever because it had more options than any other secure transport. We’ll revisit this in a bit.\u003c/p\u003e\n\n\u003cp\u003eThere’s been a partial attitude adjustment since then, with more people recognizing that layering complexity doesn’t result in more security. It’s not an additive process. There’s a whole talk there, about the perfect security that people can’t or won’t use. OpenBSD has definitely switched directions, including less code, not more. All the kerberos code was deleted a few years ago.\u003c/p\u003e\n\n\u003cp\u003eLet’s assume about one bug per 100 lines of code. That’s probably on the low end. Now say your operating system has 100 million lines of code. If I’ve done the math correctly, that’s literally a million bugs. So that’s one reason to avoid adding features. But that’s a solveable problem. If we pick the right language and the right compiler and the right tooling and with enough eyeballs and effort, we can fix all the bugs. We know how to build mostly correct software, we just don’t care.\u003c/p\u003e\n\n\u003cp\u003eAs we add features to software, increasing its complexity, new unexpected behaviors start to emerge. What are the bounds? How many features can you add before craziness is inevitable? We can make some guesses. Less than a thousand for sure. Probably less than a hundred? Ten maybe? I’ll argue the answer is quite possibly two. Interesting corollary is that it’s impossible to have a program with exactly two features. Any program with two features has at least a third, but you don’t know what it is\u003c/p\u003e\n\n\u003cp\u003eMy first example is a bug in the NetBSD ftp client. We had one feature, we added a second feature, and just like that we got a \u003ca href=\"http://marc.info/?l=oss-security\u0026m=141451507810253\u0026w=2\" rel=\"nofollow\"\u003ethird misfeature\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eOur story begins long ago. The origins of this bug are probably older than I am. In the dark times before the web, FTP sites used to be a pretty popular way of publishing files. You run an ftp client, connect to a remote site, and then you can browse the remote server somewhat like a local filesystem. List files, change directories, get files. Typically there would be a README file telling you what’s what, but you don’t need to download a copy to keep. Instead we can pipe the output to a program like more. Right there in the ftp client. No need to disconnect.\u003c/p\u003e\n\n\u003cp\u003eFast forward a few decades, and http is the new protocol of choice. http is a much less interactive protocol, but the ftp client has some handy features for batch downloads like progress bars, etc. So let’s add http support to ftp. This works pretty well. Lots of code reused.\u003c/p\u003e\n\n\u003cp\u003ehttp has one quirk however that ftp doesn’t have. Redirects. The server can redirect the client to a different file. So now you’re thinking, what happens if I download \u003ca href=\"http://somefile\" rel=\"nofollow\"\u003ehttp://somefile\u003c/a\u003e and the server sends back 302 http://|reboot. ftp reconnects to the server, gets the 200, starts downloading and saves it to a file called |reboot. Except it doesn’t. The function that saves files looks at the first character of the name and if it’s a pipe, runs that command instead. And now you just rebooted your computer. Or worse.\u003c/p\u003e\n\n\u003cp\u003eIt’s pretty obvious this is not the desired behavior, but where exactly did things go wrong? Arguably, all the pieces were working according to spec. In order to see this bug coming, you needed to know how the save function worked, you needed to know about redirects, and you needed to put all the implications together.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe post then goes into a lot more detail about other issues. We just don’t have time to cover it all today, but you should go read it, it is very enlightening\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhat do we do about this? That’s a tough question. It’s much easier to poke fun at all the people who got things wrong. But we can try. My attitudes are shaped by experiences with the OpenBSD project, and I think we are doing a decent job of containing the complexity. Keep paring away at dependencies and reducing interactions. As a developer, saying “no” to all feature requests is actually very productive. It’s so much faster than implementing the feature. Sometimes users complain, but I’ve often received later feedback from users that they’d come to appreciate the simplicity.\u003c/p\u003e\n\n\u003cp\u003eThere was a question about which of these vulnerabilities were found by researchers, as opposed to troublemakers. The answer was most, if not all of them, but it made me realize one additional point I hadn’t mentioned. Unlike the prototypical buffer overflow vulnerability, exploiting features is very reliable. Exploiting something like shellshock or imagetragick requires no customized assembly and is independent of CPU, OS, version, stack alignment, malloc implementation, etc. Within about 24 hours of the initial release of shellshock, I had logs of people trying to exploit it. So unless you’re on about a 12 hour patch cycle, you’re going to have a bad time.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/314048\" rel=\"nofollow\"\u003ereimplement zfsctl (.zfs) support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eavg@ (Andriy Gapon) has rewritten the .zfs support in FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe current code is written on top of GFS, a library with the generic support for writing filesystems, which was ported from Illumos. Because of significant differences between illumos VFS and FreeBSD VFS models, both the GFS and zfsctl code were heavily modified to work on FreeBSD.  Nonetheless, they still contain quite a few ugly hacks and bugs.\u003c/p\u003e\n\n\u003cp\u003eThis is a reimplementation of the zfsctl code where the VFS-specific bits are written from scratch and only the code that interacts with the rest of ZFS is reused.\u003c/p\u003e\n\n\u003cp\u003eSome ideas are picked from an independent work by Will (wca@)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis work improves the overall quality of the ZFS port to FreeBSD\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe code that provides support for ZFS .zfs/ directory functionality has been reimplemented.  It is no longer possible to create a snapshot by mkdir under .zfs/snapshot/.  That should be the only user visible change.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eTIL: On IllumOS, you can create, rename, and destroy snapshots, by manipulating the virtual directories in the .zfs/snapshots directory.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIf enough people would find this feature useful, maybe it could be implemented (rm and rename have never existed on FreeBSD). At the same time, it seems like rather a lot of work, when the ZFS command line tools work so well. Although wca@ pointed out on IRC, it can be useful to be able to create a snapshot over NFS, or SMB.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Konrad Witaszczyk - \u003ca href=\"mailto:def@freebsd.org\" rel=\"nofollow\"\u003edef@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eEncrypted Kernel Crash Dumps\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/313962\" rel=\"nofollow\"\u003ePBKDF2 Performance improvements on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://jbp.io/2015/08/11/pbkdf2-performance-matters/\" rel=\"nofollow\"\u003eJoe Pixton did some research\u003c/a\u003e and found that, because of the way the spec is written, most PBKDF2 implementations are 2x slower than they need to be.\u003c/li\u003e\n\u003cli\u003eSince the PBKDF is used to derive a key, used for encryption, this poses a problem. The attacker can derive a key twice as fast as you can. On FreeBSD the PBKDF2 was configured to derive a SHA512-HMAC key that would take approximately 2 seconds to calculate. That is 2 seconds on one core. So an attacker can calculate the same key in 1 second, and use many cores.\u003c/li\u003e\n\u003cli\u003eLuckily, 1 second is still a long time for each brute force guess. On modern CPUs with the fast algorithm, you can do about 500,000 iterations of PBKDF per second (per core).\u003c/li\u003e\n\u003cli\u003eUntil a recent change, OpenBSD used only 8192 iterations. It now uses a similar benchmark of ~2 seconds, and uses bcrypt instead of a SHA1-HMAC.\u003c/li\u003e\n\u003cli\u003eJoe’s research showed that the majority of implementations were done the ‘slow’ way. Calculating the initial part of the outer round each iteration, instead of reusing the initial calculation over and over for each round.\u003c/li\u003e\n\u003cli\u003eJoe submitted a match to FreeBSD to solve this problem. That patch was improved, and a test of tests were added by jmg@, but then work stalled\u003c/li\u003e\n\u003cli\u003eI picked up the work, and fixed some merge conflicts in the patch that had cropped up based on work I had done that moved the HMAC code to a separate file.\u003c/li\u003e\n\u003cli\u003eThis work is now committed.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will take half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you are interested in the topic, I recommend the video of Joe’s presentation from the Passwords15 conference in Las Vegas\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/quick-updating-screenshot-trueos-handbook/\" rel=\"nofollow\"\u003eQuick How-To: Updating a screenshot in the TrueOS Handbook\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDocs writers, might be time to pay attention. This week we have a good walk-through of adding / updating new screenshots to the TrueOS Sphinx Documentation.\u003c/li\u003e\n\u003cli\u003eFor those who have not looked in the past, TrueOS and FreeNAS both have fantastic docs by the team over at iXsystems using Sphinx as their doc engine. \u003c/li\u003e\n\u003cli\u003eOften we get questions from users asking what “they can do to help” but don’t necessarily have programming skills to apply. \u003c/li\u003e\n\u003cli\u003eThe good news is that using Sphinx is relatively easy, and after learning some minio rst syntax you can easily help fix, or even contribute to new sections of the TrueOS (Or FreeNAS) documentation. \u003c/li\u003e\n\u003cli\u003eIn this example, Tim takes us through the process of replacing an old out of date screenshot in the handbook with the latest hotness. \u003c/li\u003e\n\u003cli\u003eStarting with a .png file, he then locates the old screenshot name and adds the updated version “lumina-e.png” to “lumina-f.png”. With the file added to the tree, the relevant section of .rst code can be adjusted and the sphinx build run to verify the output HTML looks correct.\u003c/li\u003e\n\u003cli\u003eUsing this method you can easily start to get involved with other aspects of documentation and next thing you know you’ll be writing boot-loaders like Allan!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ossblog.org/learn-c-programming-with-9-excellent-open-source-books/\" rel=\"nofollow\"\u003eLearn C Programming With 9 Excellent Open Source Books\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow that you’ve easily mastered all your documentation skills, you may be ready to take on a new challenge. (Come on, that boot-loader isn’t going to write itself!)\u003c/li\u003e\n\u003cli\u003eWe wanted to point out some excellent resources to get you started on your journey into writing C.\u003c/li\u003e\n\u003cli\u003eBefore you think, “oh, more books to purchase”, wait there’s good news. These are the top-9 open-source books that you can download in digital form free of charge. Now I bet we got your attention.\u003c/li\u003e\n\u003cli\u003eWe start the rundown with “The C Book”, by Mike Banahan, Declan Brady and Mark Doran, which will lay the groundwork with your introduction into the C language and concepts. \u003c/li\u003e\n\u003cli\u003eNext up, if you are going to do anything, do it with style, so take a read through the “C Elements of Style” which will make you popular at all the parties. (We can’t vouch for that statement)\u003c/li\u003e\n\u003cli\u003eFrom here we have a book on using C to build your own minimal “lisp” interpreter, reference guides on GNU C and some other excellent introduction / mastery books to help round-out your programming skill set.\u003c/li\u003e\n\u003cli\u003eYour C adventure awaits, hopefully these books can not only teach you good C, but also make you feel confident when looking at bits of the FreeBSD world or kernel with a proper foundation to back it up.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://eradman.com/posts/linuxvm-on-openbsd.html\" rel=\"nofollow\"\u003eRunning a Linux VM on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver the past few years we’ve talked a lot about Virtualization, Bhyve or OpenBSD’s ‘vmm’, but qemu hasn’t gotten much attention.\u003c/li\u003e\n\u003cli\u003eToday we have a blog post with details on how to deploy qemu to run Linux on top of an OpenBSD host system.\u003c/li\u003e\n\u003cli\u003eThe starts by showing us how to first provision the storage for qemu, using the handy ‘qemu-img’ command, which in this example only creates a 4GB disk, you’ll probably want more for real-world usage though.\u003c/li\u003e\n\u003cli\u003eNext up the qemu command will be run, pay attention to the particular flags for network and memory setup. You’ll probably want to bump it up past the recommended 256M of memory.\u003c/li\u003e\n\u003cli\u003eNetworking is always the fun part, as the author describes his intended setup\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI want OpenBSD and Debian to be able to obtain an IP via DHCP on their wired interfaces and I don\u0026#39;t want external networking required for an NFS share to the VM. To accomplish this I need two interfaces since dhclient will erase any other IPv4 addresses already assigned. We can\u0026#39;t assign an address directly to the bridge, but we can configure a virtual Ethernet device and add it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe setup for this portion involves touching a few more files, but isn’t that painless. Some “pf” rules to enable NAT for and dhcpd setup to assign a “fixed” IP to the vm will get us going, along with some additional details on how to configure the networking for inside the debian VM.\u003c/li\u003e\n\u003cli\u003eOnce those steps are completed you should be able to mount NFS and share data from the host to the VM painlessly. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.macobserver.com/podcasts/background-mode-jordan-hubbard/\" rel=\"nofollow\"\u003eMacObserver: Interview with Open Source Developer \u0026amp; Former Apple Manager Jordan Hubbard \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/2016-google-summer-of-code-mentor-summit-and-meetbsd-trip-report-gavin-atkinson/\" rel=\"nofollow\"\u003e2016 Google Summer of Code Mentor Summit and MeetBSD Trip Report: Gavin Atkinson\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/TNyHBYwT\" rel=\"nofollow\"\u003e Joe - BGP / Vultr Followup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/s4Ypezsz\" rel=\"nofollow\"\u003e Ryan Moreno asks about Laptops \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, Allan and I are in Tokyo for AsiaBSDCon, but not to worry, we have a full episode lined up and ready to go. Hackathon reports","date_published":"2017-03-08T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5dde9785-effd-47e6-bcad-d71fe4690749.mp3","mime_type":"audio/mpeg","size_in_bytes":68369044,"duration_in_seconds":5697}]},{"id":"d02d2a1c-b37d-436b-b181-f2feb9af794d","title":"183: Getting Steamy Here","url":"https://www.bsdnow.tv/183","content_text":"This week on BSDNow, we have “Weird Unix Things”, “Is it getting Steamy in here?” and an Interview about BSD Sockets API. (Those\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nplayonbsd with TrueOS: It’s Getting Steamy in Here and I’ve Had Too Much Wine\n\n\nWe’ve done a couple of tutorials in the past on using Steam and Wine with PC-BSD, but now with the addition of playonbsd to the AppCafe library, you have more options than ever before to game on your TrueOS system.  We’re going to have a look today at playonbsd, how it works with TrueOS, and what you can expect if you want to give it a try on your own system.  Let’s dive right in!\n\nOnce playonbsd is installed, go back to your blank desktop, right-click on the wallpaper, and select terminal.  Playonbsd does almost all the configuring for you, but there are still a couple of simple options you’ll want to configure to give yourself the best experience.  In your open terminal, type: playonbsd.  You can also find playonbsd by doing a fast search using Lumina’s built-in search function in the start menu after it’s been installed.  Once opened,  a graphical interface greets us with easy to navigate menus and even does most of the work for you.\n\n\n\nA nice graphical UI that hides the complexity of setting up WINE and Steam, and lets you pick select the game you want, and get it setup\nStart gaming quicker, without the headache\n\n\n\nIf you’re a PC gamer, you should definitely give playonbsd a try!  You may be surprised at how well it works.  If you want to know ahead of time if your games are well supported or not, head on over to WineHQ and do a search.  Many people have tested and provided feedback and even solutions for potential problems with a large variety of video games. This is a great resource if you run into a glitch or other problem.\n\n\n\n\nWeird Unix thing: 'cd //'\n\n\nSo why can you do ‘cd //tmp’, and it isn’t the same as ‘cd /tmp’?\nThe spec says:\n\n\n\nAn implementation may further simplify curpath by removing any trailing  characters that are not also leading  characters, replacing multiple non-leading consecutive  characters with a single , and replacing three or more leading  characters with a single . If, as a result of this canonicalization, the curpath variable is null, no further steps shall be taken.\n\n\n\n“So! We can replace “three or more leading / characters with a single slash”. That does not say anything about what to do when there are 2 / characters though, which presumably is why cd //tmp leaves you at //tmp.”\n\n\n\nA pathname that begins with two successive slashes may be interpreted in an implementation-defined manner\n\n\n\nSo what is it for? Well, the blog did a bit of digging and came up with this stackoverflow answer\nIn cygwin and some other systems // is treated as a unix-ified version of \\, to access UNC windows file sharing paths like \\server\\share\nPerforce, the vcs, uses // to denote a path relative to the depot\nIt seems to have been used in the path for a bunch of different network file systems, but also for myriad other things\n\n\n\n\nTesting out snapshots in Apple’s next-generation APFS file system\n\n\nAdam Leventhal takes his DTrace hammer to Apple’s new file system to see what is going on\n\n\n\nBack in June, Apple announced its new upcoming file system: APFS, or Apple File System. There was no mention of it in the WWDC keynote, but devotees needed no encouragement. They picked over every scintilla of data from the documentation on Apple’s developer site, extrapolating, interpolating, eager for whatever was about to come. In the WWDC session hall, the crowd buzzed with a nervous energy, eager for the grand unveiling of APFS. I myself badge-swapped my way into the conference just to get that first glimpse of Apple’s first original filesystem in the 30+ years since HFS\n\nApple’s presentation didn’t disappoint the hungry crowd. We hoped for a modern filesystem, optimized for next generation hardware, rich with features that have become the norm for data centers and professionals. With APFS, Apple showed a path to meeting those expectations. Dominic Giampaolo and Eric Tamura, leaders of the APFS team, shared performance optimizations, data integrity design, volume management, efficient storage of copied data, and snapshots—arguably the feature of APFS most directly in the user’s control.\n\nIt’s 2017, and Apple already appears to be making good on its promise with the revelation that the forthcoming iOS 10.3 will use APFS. The number of APFS tinkerers using it for their personal data has instantly gone from a few hundred to a few million. Beta users of iOS 10.3 have already made the switch apparently without incident. They have even ascribed unscientifically-significant performance improvements to APFS.\n\n\n\nPreviously Adam had used DTrace to find a new syscall introduced in OS X, fs_snapshot, but he had not dug into how to use it. Now it seems, the time has come\n\n\n\nLearning from XNU and making some educated guesses, I wrote my first C program to create an APFS snapshot. This section has a bit of code, which you can find in this Github repo\n\n\n\nThat just returned “fs_snapshot: Operation not permitted”\nSo, being Adam, he used DTrace to figure out what the problem was\n\n\n\nRunning this DTrace script in one terminal while running the snapshot program in another shows the code flow through the kernel as the program executes\n\nIn the code flow, the priv_check_cred() function jumps out as a good place to continue because of its name, the fact that fs_snapshot calls it directly, and the fact that it returns 1 which corresponds with EPERM, the error we were getting.\n\n\n\nTurns out, it just requires some sudo\n\n\n\nWith a little more testing I wrote my own version of Apple's unreleased snapUtil command from the WWDC demo\n\nWe figured out the proper use of the fs_snapshot system call and reconstructed the WWDC snapUtil. But all this time an equivalent utility has been lurking on macOS Sierra. If you look in /System/Library/Filesystems/apfs.fs/Contents/Resources/, Apple has included a number of APFS-related utilities, including apfs_snapshot (and, tantalizingly, a tool called hfs_convert).\n\nSnapshots let you preserve state to later peruse; we can also revert an APFS volume to a previous state to restore its contents. The current APFS semantics around rollback are a little odd. The revert operation succeeds, but it doesn't take effect until the APFS volume is next mounted\n\nAnother reason Apple may not have wanted people messing around with snapshots is that the feature appears to be incomplete. Winding yourself into a state where only a reboot can clear a mounted snapshot is easy, and using snapshots seems to break some of the diskutil APFS output\n\n\n\nIt is interesting to see what you can do with DTrace, as well as to see what a DTrace and ZFS developer things of APFS\n***\n\n\nInterview - Tom Jones - tj@enoti.me\n\n\nReplacing the BSD Sockets API\n***\n\n\nNews Roundup\n\nFreeBSD rc.d script to map ethernet device names by MAC address\n\n\nSelf-contained FreeBSD rc.d script for re-naming devices based on their MAC address. I needed it due to USB Ethernet devices coming up in different orders across OS upgrades.\n\n\n\nCopy ethname into /usr/local/etc/rc.d/\nAdd the following to rc.conf:\n\n\nethname_enable=\"YES\"\nethname_devices=\"em0 ue0 ue1\" # Replace with desired devices to rename\n\nCreate /usr/local/etc/ifmap in the following format:  \n\n\n01:23:45:67:89:ab eth0\n01:23:45:67:89:ac eth1\n\n\n\n\n\n\nThat's it. Use ifconfig_=\"\" settings in rc.conf with the new names.\n\n\n\nI know MFSBSD has something like this, but a polished up hybrid of the two should likely be part of the base system if something is not already available\nThis would be a great “Junior Job”, if say, a viewer wanted to get started with their first FreeBSD patch\n***\n\n\nMog: A different take on the Unix tool cat\n\n\nDo you abuse cat to view files?\nDid you know cat is meant for con*cat*enating files, meaning: cat part1 part2 part3 \u0026gt; wholething.txt\nmog is a tool for actually viewing files, and it adds quite a few nice features\n\n\nSyntax highlight scripts\nPrint a hex dump of binary files\nShow details of image files\nPerform objdump on executables\nList a directory\n\n\n\n\nmog reads the $HOME/.mogrc config file which describes a series of operations it can do in an ordered manner. Each operation has a match command and an action command. For each file you give to mog it will test each match command in turn, when one matches it will perform the action. A reasonably useful config file is generated when you first run it.\n\n\n\n\nHow Unix erases things when you type a backspace while entering text\n\n\nYesterday I mentioned in passing that printing a DEL character doesn't actually erase anything. This raises an interesting question, because when you're typing something into a Unix system and hit your backspace key, Unix sure erases the last character that you entered. So how is it doing that?\n\nThe answer turns out to be basically what you'd expect, although the actual implementation rapidly gets complex. When you hit backspace, the kernel tty line discipline rubs out your previous character by printing (in the simple case) Ctrl-H, a space, and then another Ctrl-H.\n\nOf course just backing up one character is not always the correct way of erasing input, and that's when it gets complicated for the kernel. To start with we have tabs, because when you (the user) backspace over a tab you want the cursor to jump all the way back, not just move back one space. The kernel has a certain amount of code to work out what column it thinks you're on and then back up an appropriate number of spaces with Ctrl-Hs.\n\nThen we have the case when you quoted a control character while entering it, eg by typing Ctrl-V Ctrl-H; this causes the kernel to print the Ctrl-H instead of acting on it, and it prints it as the two character sequence H. When you hit backspace to erase that, of course you want both (printed) characters to be rubbed out, not just the 'H'. So the kernel needs to keep track of that and rub out two characters instead of just one.\n\n\n\nChris then provides an example, from IllumOS, of the kernel trying to deal with multibyte characters\n\n\n\nFreeBSD also handles backspacing a space specially, because you don't need to actually rub that out with a '\\b \\b' sequence; you can just print a plain \\b. Other kernels don't seem to bother with this optimization. The FreeBSD code for this is in sys/kern/tty_ttydisc.c in the ttydisc_rubchar function\n\nPS: If you want to see the kernel's handling of backspace in action, you usually can't test it at your shell prompt, because you're almost certainly using a shell that supports command line editing and readline and so on. Command line editing requires taking over input processing from the kernel, and so such shells are handling everything themselves. My usual way to see what the kernel is doing is to run 'cat \u0026gt;/dev/null' and then type away.\n\n\n\nAnd you thought the backspace key would be simple...\n***\n\n\nFreeBSD ports now have Wayland\n\n\nWe’ve discussed the pending Wayland work, but we wanted to point you today to the ports which are in mainline FreeBSD ports tree now.\nFirst of all, (And I was wondering how they would deal with this) it has landed in the “graphics” category, since Wayland is the Anti-X11, putting it in x11/ didn’t make a lot of sense.\nCouple of notes before you start installing new packages and expecting wayland to “just work”\nFirst, this does require that you have working DRM from the kernel side. You’ll want to grab TrueOS or build from Matt Macy’s FreeBSD branches on GitHub before testing on any kind of modern Intel GPU. Nvidia with modesetting should be supported.\nNext, not all desktops will “just work”. You may need to grab experimental Weston for compositor. KDE / Gnome (And Lumina) and friends will grow Wayland support in the future, so don’t expect to just fire up $whatever and have it all work out of box.\nFeedback is needed! This is brand new functionality for FreeBSD, and the maintainers will want to hear your results. For us on the TrueOS side we are interested as well, since we want to port Lumina over to Wayland soon(ish)\nHappy Experimenting!\n***\n\n\nBeastie Bits\n\n\nFaces of FreeBSD 2017: Joseph Kong \nOPNsense 17.1  “Eclectic Eagle”, based on FreeBSD 11 Released \nWhy you should start programming on UNIX \nOpenSMTPD Mail Filtering \n\n\n\n\nFeedback/Questions\n\n\n Zane - Databases and Jails \n Mohammad - USB Install \n Chuck - Updating Jails \n David - Lumina / LXQt \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we have “Weird Unix Things”, “Is it getting Steamy in here?” and an Interview about BSD Sockets API. (Those\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/playonbsd-trueos-getting-steamy-ive-much-wine/\" rel=\"nofollow\"\u003eplayonbsd with TrueOS: It’s Getting Steamy in Here and I’ve Had Too Much Wine\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe’ve done a couple of tutorials in the past on using Steam and Wine with PC-BSD, but now with the addition of playonbsd to the AppCafe library, you have more options than ever before to game on your TrueOS system.  We’re going to have a look today at playonbsd, how it works with TrueOS, and what you can expect if you want to give it a try on your own system.  Let’s dive right in!\u003c/p\u003e\n\n\u003cp\u003eOnce playonbsd is installed, go back to your blank desktop, right-click on the wallpaper, and select terminal.  Playonbsd does almost all the configuring for you, but there are still a couple of simple options you’ll want to configure to give yourself the best experience.  In your open terminal, type: playonbsd.  You can also find playonbsd by doing a fast search using Lumina’s built-in search function in the start menu after it’s been installed.  Once opened,  a graphical interface greets us with easy to navigate menus and even does most of the work for you.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA nice graphical UI that hides the complexity of setting up WINE and Steam, and lets you pick select the game you want, and get it setup\u003c/li\u003e\n\u003cli\u003eStart gaming quicker, without the headache\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIf you’re a PC gamer, you should definitely give playonbsd a try!  You may be surprised at how well it works.  If you want to know ahead of time if your games are well supported or not, head on over to WineHQ and do a search.  Many people have tested and provided feedback and even solutions for potential problems with a large variety of video games. This is a great resource if you run into a glitch or other problem.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jvns.ca/blog/2017/02/08/weird-unix-things-cd/\" rel=\"nofollow\"\u003eWeird Unix thing: \u0026#39;cd //\u0026#39;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo why can you do ‘cd //tmp’, and it isn’t the same as ‘cd /tmp’?\u003c/li\u003e\n\u003cli\u003eThe spec says:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAn implementation may further simplify curpath by removing any trailing \u003cslash\u003e characters that are not also leading \u003cslash\u003e characters, replacing multiple non-leading consecutive \u003cslash\u003e characters with a single \u003cslash\u003e, and replacing three or more leading \u003cslash\u003e characters with a single \u003cslash\u003e. If, as a result of this canonicalization, the curpath variable is null, no further steps shall be taken.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e“So! We can replace “three or more leading / characters with a single slash”. That does not say anything about what to do when there are 2 / characters though, which presumably is why cd //tmp leaves you at //tmp.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA pathname that begins with two successive slashes may be interpreted in an implementation-defined manner\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo what is it for? Well, the blog did a bit of digging and came up with \u003ca href=\"http://unix.stackexchange.com/questions/256497/on-what-systems-is-foo-bar-different-from-foo-bar/256569#256569\" rel=\"nofollow\"\u003ethis stackoverflow answer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn cygwin and some other systems // is treated as a unix-ified version of \\, to access UNC windows file sharing paths like \\server\\share\u003c/li\u003e\n\u003cli\u003ePerforce, the vcs, uses // to denote a path relative to the depot\u003c/li\u003e\n\u003cli\u003eIt seems to have been used in the path for a bunch of different network file systems, but also for myriad other things\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://arstechnica.com/apple/2017/02/testing-out-snapshots-in-apples-next-generation-apfs-file-system/\" rel=\"nofollow\"\u003eTesting out snapshots in Apple’s next-generation APFS file system\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdam Leventhal takes his DTrace hammer to Apple’s new file system to see what is going on\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBack in June, Apple announced its new upcoming file system: APFS, or Apple File System. There was no mention of it in the WWDC keynote, but devotees needed no encouragement. They picked over every scintilla of data from the documentation on Apple’s developer site, extrapolating, interpolating, eager for whatever was about to come. In the WWDC session hall, the crowd buzzed with a nervous energy, eager for the grand unveiling of APFS. I myself badge-swapped my way into the conference just to get that first glimpse of Apple’s first original filesystem in the 30+ years since HFS\u003c/p\u003e\n\n\u003cp\u003eApple’s presentation didn’t disappoint the hungry crowd. We hoped for a modern filesystem, optimized for next generation hardware, rich with features that have become the norm for data centers and professionals. With APFS, Apple showed a path to meeting those expectations. Dominic Giampaolo and Eric Tamura, leaders of the APFS team, shared performance optimizations, data integrity design, volume management, efficient storage of copied data, and snapshots—arguably the feature of APFS most directly in the user’s control.\u003c/p\u003e\n\n\u003cp\u003eIt’s 2017, and Apple already appears to be making good on its promise with the revelation that the forthcoming iOS 10.3 will use APFS. The number of APFS tinkerers using it for their personal data has instantly gone from a few hundred to a few million. Beta users of iOS 10.3 have already made the switch apparently without incident. They have even ascribed unscientifically-significant performance improvements to APFS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePreviously Adam had used DTrace to find a new syscall introduced in OS X, fs_snapshot, but he had not dug into how to use it. Now it seems, the time has come\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLearning from XNU and making some educated guesses, I wrote my first C program to create an APFS snapshot. This section has a bit of code, which you can find in \u003ca href=\"https://github.com/ahl/apfs\" rel=\"nofollow\"\u003ethis Github repo\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThat just returned “fs_snapshot: Operation not permitted”\u003c/li\u003e\n\u003cli\u003eSo, being Adam, he used DTrace to figure out what the problem was\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRunning this DTrace script in one terminal while running the snapshot program in another shows the code flow through the kernel as the program executes\u003c/p\u003e\n\n\u003cp\u003eIn the code flow, the priv_check_cred() function jumps out as a good place to continue because of its name, the fact that fs_snapshot calls it directly, and the fact that it returns 1 which corresponds with EPERM, the error we were getting.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTurns out, it just requires some sudo\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWith a little more testing I wrote my own version of Apple\u0026#39;s unreleased snapUtil command from the WWDC demo\u003c/p\u003e\n\n\u003cp\u003eWe figured out the proper use of the fs_snapshot system call and reconstructed the WWDC snapUtil. But all this time an equivalent utility has been lurking on macOS Sierra. If you look in /System/Library/Filesystems/apfs.fs/Contents/Resources/, Apple has included a number of APFS-related utilities, including apfs_snapshot (and, tantalizingly, a tool called hfs_convert).\u003c/p\u003e\n\n\u003cp\u003eSnapshots let you preserve state to later peruse; we can also revert an APFS volume to a previous state to restore its contents. The current APFS semantics around rollback are a little odd. The revert operation succeeds, but it doesn\u0026#39;t take effect until the APFS volume is next mounted\u003c/p\u003e\n\n\u003cp\u003eAnother reason Apple may not have wanted people messing around with snapshots is that the feature appears to be incomplete. Winding yourself into a state where only a reboot can clear a mounted snapshot is easy, and using snapshots seems to break some of the diskutil APFS output\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt is interesting to see what you can do with DTrace, as well as to see what a DTrace and ZFS developer things of APFS\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Tom Jones - \u003ca href=\"mailto:tj@enoti.me\" rel=\"nofollow\"\u003etj@enoti.me\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eReplacing the BSD Sockets API\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/eborisch/ethname\" rel=\"nofollow\"\u003eFreeBSD rc.d script to map ethernet device names by MAC address\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSelf-contained FreeBSD rc.d script for re-naming devices based on their MAC address. I needed it due to USB Ethernet devices coming up in different orders across OS upgrades.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eCopy ethname into /usr/local/etc/rc.d/\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAdd the following to rc.conf:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eethname_enable=\u0026quot;YES\u0026quot;\u003cbr\u003e\nethname_devices=\u0026quot;em0 ue0 ue1\u0026quot; # Replace with desired devices to rename\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eCreate /usr/local/etc/ifmap in the following format: \u003cMAC address (in lower case)\u003e \u003cDesired name\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e01:23:45:67:89:ab eth0\u003cbr\u003e\n01:23:45:67:89:ac eth1\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThat\u0026#39;s it. Use ifconfig_\u003cname\u003e=\u0026quot;\u0026quot; settings in rc.conf with the new names.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI know MFSBSD has something like this, but a polished up hybrid of the two should likely be part of the base system if something is not already available\u003c/li\u003e\n\u003cli\u003eThis would be a great “Junior Job”, if say, a viewer wanted to get started with their first FreeBSD patch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/witchard/mog\" rel=\"nofollow\"\u003eMog: A different take on the Unix tool cat\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDo you abuse cat to view files?\u003c/li\u003e\n\u003cli\u003eDid you know cat is meant for con*cat*enating files, meaning: cat part1 part2 part3 \u0026gt; wholething.txt\u003c/li\u003e\n\u003cli\u003emog is a tool for actually viewing files, and it adds quite a few nice features\n\n\u003cul\u003e\n\u003cli\u003eSyntax highlight scripts\u003c/li\u003e\n\u003cli\u003ePrint a hex dump of binary files\u003c/li\u003e\n\u003cli\u003eShow details of image files\u003c/li\u003e\n\u003cli\u003ePerform objdump on executables\u003c/li\u003e\n\u003cli\u003eList a directory\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003emog reads the $HOME/.mogrc config file which describes a series of operations it can do in an ordered manner. Each operation has a match command and an action command. For each file you give to mog it will test each match command in turn, when one matches it will perform the action. A reasonably useful config file is generated when you first run it.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/HowUnixBackspaces\" rel=\"nofollow\"\u003eHow Unix erases things when you type a backspace while entering text\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eYesterday I mentioned in passing that printing a DEL character doesn\u0026#39;t actually erase anything. This raises an interesting question, because when you\u0026#39;re typing something into a Unix system and hit your backspace key, Unix sure erases the last character that you entered. So how is it doing that?\u003c/p\u003e\n\n\u003cp\u003eThe answer turns out to be basically what you\u0026#39;d expect, although the actual implementation rapidly gets complex. When you hit backspace, the kernel tty line discipline rubs out your previous character by printing (in the simple case) Ctrl-H, a space, and then another Ctrl-H.\u003c/p\u003e\n\n\u003cp\u003eOf course just backing up one character is not always the correct way of erasing input, and that\u0026#39;s when it gets complicated for the kernel. To start with we have tabs, because when you (the user) backspace over a tab you want the cursor to jump all the way back, not just move back one space. The kernel has a certain amount of code to work out what column it thinks you\u0026#39;re on and then back up an appropriate number of spaces with Ctrl-Hs.\u003c/p\u003e\n\n\u003cp\u003eThen we have the case when you quoted a control character while entering it, eg by typing Ctrl-V Ctrl-H; this causes the kernel to print the Ctrl-H instead of acting on it, and it prints it as the two character sequence \u003csup\u003eH.\u003c/sup\u003e When you hit backspace to erase that, of course you want both (printed) characters to be rubbed out, not just the \u0026#39;H\u0026#39;. So the kernel needs to keep track of that and rub out two characters instead of just one.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eChris then provides an example, from IllumOS, of the kernel trying to deal with multibyte characters\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD also handles backspacing a space specially, because you don\u0026#39;t need to actually rub that out with a \u0026#39;\\b \\b\u0026#39; sequence; you can just print a plain \\b. Other kernels don\u0026#39;t seem to bother with this optimization. The FreeBSD code for this is in sys/kern/tty_ttydisc.c in the ttydisc_rubchar function\u003c/p\u003e\n\n\u003cp\u003ePS: If you want to see the kernel\u0026#39;s handling of backspace in action, you usually can\u0026#39;t test it at your shell prompt, because you\u0026#39;re almost certainly using a shell that supports command line editing and readline and so on. Command line editing requires taking over input processing from the kernel, and so such shells are handling everything themselves. My usual way to see what the kernel is doing is to run \u0026#39;cat \u0026gt;/dev/null\u0026#39; and then type away.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnd you thought the backspace key would be simple...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freshports.org/graphics/wayland/\" rel=\"nofollow\"\u003eFreeBSD ports now have Wayland\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve discussed the pending Wayland work, but we wanted to point you today to the ports which are in mainline FreeBSD ports tree now.\u003c/li\u003e\n\u003cli\u003eFirst of all, (And I was wondering how they would deal with this) it has landed in the “graphics” category, since Wayland is the Anti-X11, putting it in x11/ didn’t make a lot of sense.\u003c/li\u003e\n\u003cli\u003eCouple of notes before you start installing new packages and expecting wayland to “just work”\u003c/li\u003e\n\u003cli\u003eFirst, this does require that you have working DRM from the kernel side. You’ll want to grab TrueOS or build from Matt Macy’s FreeBSD branches on GitHub before testing on any kind of modern Intel GPU. Nvidia with modesetting should be supported.\u003c/li\u003e\n\u003cli\u003eNext, not all desktops will “just work”. You may need to grab experimental Weston for compositor. KDE / Gnome (And Lumina) and friends will grow Wayland support in the future, so don’t expect to just fire up $whatever and have it all work out of box.\u003c/li\u003e\n\u003cli\u003eFeedback is needed! This is brand new functionality for FreeBSD, and the maintainers will want to hear your results. For us on the TrueOS side we are interested as well, since we want to port Lumina over to Wayland soon(ish)\u003c/li\u003e\n\u003cli\u003eHappy Experimenting!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/faces-of-freebsd-2017-joseph-kong/\" rel=\"nofollow\"\u003eFaces of FreeBSD 2017: Joseph Kong\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://opnsense.org/opnsense-17-1-released/\" rel=\"nofollow\"\u003eOPNsense 17.1  “Eclectic Eagle”, based on FreeBSD 11 Released\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.koszek.com/blog/2017/01/28/why-you-should-start-programming-on-unix/\" rel=\"nofollow\"\u003eWhy you should start programming on UNIX\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://eradman.com/posts/opensmtpd-filtering.html\" rel=\"nofollow\"\u003eOpenSMTPD Mail Filtering\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/89AyGe5F\" rel=\"nofollow\"\u003e Zane - Databases and Jails\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Te8sz9id\" rel=\"nofollow\"\u003e Mohammad - USB Install\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/G2SzahWL\" rel=\"nofollow\"\u003e Chuck - Updating Jails\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/71ExJLpL\" rel=\"nofollow\"\u003e David - Lumina / LXQt\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we have “Weird Unix Things”, “Is it getting Steamy in here?” and an Interview about BSD Sockets API. (Those","date_published":"2017-03-01T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d02d2a1c-b37d-436b-b181-f2feb9af794d.mp3","mime_type":"audio/mpeg","size_in_bytes":51077524,"duration_in_seconds":4256}]},{"id":"03a41594-1715-4d90-9b5e-594a358caefd","title":"182: Bloaty McBloatface","url":"https://www.bsdnow.tv/182","content_text":"This week on the show, we’ve got FreeBSD quarterly Status reports to discuss, OpenBSD changes to the installer, EC2 and IPv6 and more. Stay\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD changes of note 6\n\n\nOpenBSD can now be cross built with clang. Work on this continues\n\n\n\nBuild ld.so with -fno-builtin because otherwise clang would optimize the local versions of functions like _dl_memset into a call to memset, which doesn’t exist.\nAdd connection timeout for ftp (http). Mostly for the installer so it can error out and try something else.\nComplete https support for the installer.\n\n\n\nI wonder how they handle certificate verification. I need to look into this as I’d like to switch the FreeBSD installer to this as well\n\n\n\nNew ocspcheck utility to validate a certificate against its ocsp responder.\nnet lock here, net lock there, net lock not quite everywhere but more than before.\nMore per cpu counters in networking code as well.\nDisable and lock Silicon Debug feature on modern Intel CPUs. \nPrevent wireless frame injection attack described at 33C3 in the talk titled “Predicting and Abusing WPA2/802.11 Group Keys” by Mathy Vanhoef.\nAdd support for multiple transmit ifqueues per network interface. Supported drivers include bge, bnx, em, myx, ix, hvn, xnf. \npledge now tracks when a file as opened and uses this to permit or deny ioctl. \nReimplement httpd’s support for byte ranges. Fixes a memory DOS. \n\n\n\n\nFreeBSD 2016Q4 Status Report\n\n\nAn overview of some of the work that happened in October - December 2016\nThe ports tree saw many updates and surpassed 27,000 ports\nThe core team was busy as usual, and the foundation attended and/or sponsored a record 24 events in 2016.\nCEPH on FreeBSD seems to be coming along nicely. For those that do not know, CEPH is a distributed filesystem that can sit on top of another filesystem. That is, you can use it to create a clustered filesystem out of a bunch of ZFS servers. Would love to have some viewers give it a try and report back.\nOpenBSM, the FreeBSD audit framework, got some updates\nEd Schouten committed a front end to export sysctl data in a format usable by Prometheus, the open source monitoring system. This is useful for other monitoring software too.\nLots of updates for various ARM boards\nThere is an update on Reproducible Builds in FreeBSD, “ It is now possible to build the FreeBSD base system (kernel and userland) completely reproducibly, although it currently requires a few non-default settings”, and the ports tree is at 80% reproducible\nLots of toolchain updates (gcc, lld, gdb)\nVarious updates from major ports teams\n***\n\n\nAmazon rolls out IPv6 support on EC2\n\n\nA few hours ago Amazon announced that they had rolled out IPv6 support in EC2 to 15 regions — everywhere except the Beijing region, apparently. This seems as good a time as any to write about using IPv6 in EC2 on FreeBSD instances.\nFirst, the good news: Future FreeBSD releases will support IPv6 \"out of the box\" on EC2. I committed changes to HEAD last week, and merged them to the stable/11 branch moments ago, to have FreeBSD automatically use whatever IPv6 addresses EC2 makes available to it.\nNext, the annoying news: To get IPv6 support in EC2 from existing FreeBSD releases (10.3, 11.0) you'll need to run a few simple commands. I consider this unfortunate but inevitable: While Amazon has been unusually helpful recently, there's nothing they could have done to get support for their IPv6 networking configuration into FreeBSD a year before they launched it.\n\n\n\nYou need the dual-dhclient port:\n\n\n\npkg install dual-dhclient\n\n\n\nAnd the following lines in your /etc/rc.conf:\n\n\n\nifconfig_DEFAULT=\"SYNCDHCP accept_rtadv\"\n   ipv6_activate_all_interfaces=\"YES\"\n   dhclient_program=\"/usr/local/sbin/dual-dhclient\"\n\n\nIt is good to see FreeBSD being ready to use this feature on day 0, not something we would have had in the past\n\n\nFinally, one important caveat: While EC2 is clearly the most important place to have IPv6 support, and one which many of us have been waiting a long time to get, this is not the only service where IPv6 support is important. Of particular concern to me, Application Load Balancer support for IPv6 is still missing in many regions, and Elastic Load Balancers in VPC don't support IPv6 at all — which matters to those of us who run non-HTTP services. Make sure that IPv6 support has been rolled out for all the services you need before you start migrating.\n\n\n\nColin’s blog also has the details on how to actually activate IPv6 from the Amazon side, if only it was as easy as configuring it on the FreeBSD side\n***\n\n\nFreeBSD’s George Neville-Neil tries valiantly for over an hour to convince a Linux fan of the error of their ways \n\n\nIn today's episode of the Lunduke Hour I talk to George Neville-Neil -- author and FreeBSD advocate. He tries to convince me, a Linux user, that FreeBSD is better.\n\n\nThey cover quite a few topics, including:\n\n\nlicensing, and the motivations behind it\nvendor relations\ncommunity\ndevelopment model\ndrivers and hardware support\n\nGeorge also talks about his work with the FreeBSD Foundation, and the book he co-authored, “The Design and Implementation of the FreeBSD Operating System, 2nd Edition”\n***\n\n\n\nNews Roundup\n\nAn interactive script that makes it easy to install 50+ desktop environments following a base install of FreeBSD 11\n\n\nAnd I thought I was doing good when I wrote a patch for the installer that enables your choice of 3 desktop environments...\n\n\n\nThis is a collection of scripts meant to install desktop environments on unix-like operating systems following a base install. I call one of these 'complete' when it meets the following requirements:\n\n\nA graphical logon manager is presented without user intervention after powering on the machine\nLogging into that graphical logon manager takes the user into the specified desktop environment\nThe user can open a terminal emulator\n\n\n\n\nI need to revive my patch, and add Lumina to it\n***\n\n\nFirefox 51 on sparc64 - we did not hit the wall yet\n\n\nA NetBSD developers tells the story of getting Firefox 51 running on their sparc64 machine\nIt turns out the bug impacted amd64 as well, so it was quickly fixed\nThey are a bit less hopeful about the future, since Firefox will soon require rust to compile, and rust is not working on sparc64 yet\nAlthough there has been some activity on the rust on sparc64 front, so maybe there is hope\nThe post also look at a few alternative browsers, but it not hopeful\n***\n\n\nIntroducing Bloaty McBloatface: a size profiler for binaries\n\n\nI’m very excited to announce that today I’m open-sourcing a tool I’ve been working on for several months at Google. It’s called Bloaty McBloatface, and it lets you explore what’s taking up space in your .o, .a, .so, and executable binary files.\n\nBloaty is available under the Apache 2 license. All of the code is available on GitHub: github.com/google/bloaty. It is quick and easy to build, though it does require a somewhat recent compiler since it uses C++11 extensively. Bloaty primarily supports ELF files (Linux, BSD, etc) but there is some support for Mach-O files on OS X too. I’m interested in expanding Bloaty’s capabilities to more platforms if there is interest!\n\n\n\nI need to try this one some of the boot code files, to see if there are places we can trim some fat\n\n\n\nWe’ve been using Bloaty a lot on the Protocol Buffers team at Google to evaluate the binary size impacts of our changes. If a change causes a size increase, where did it come from? What sections/symbols grew, and why? Bloaty has a diff mode for understanding changes in binary size\n\n\n\nThe diff mode looks especially interesting. It might be worth setting up some kind of CI testing that alerts if a change results in a significant size increase in a binary or library\n***\n\n\nA BSD licensed mdns responder\n\n\nOne of the things we just have to deal with in the modern world is service and system discovery. Many of us have fiddled with avahi or mdnsd and related “mdns” services.\nFor various reasons those often haven’t been the best-fit on BSD systems. \nToday we have a github project to point you at, which while a bit older, has recently been updated with pledge() support for OpenBSD. \nFirst of all, why do we need an alternative? They list their reasons:\n\n\n\nThis is an attempt to bring native mdns/dns-sd to OpenBSD. Mainly cause all the other options suck and proper network browsing is a nice feature these days.\n\nWhy not Apple's mdnsd ?\n   1 - It sucks big time.\n   2 - No BSD License (Apache-2).\n   3 - Overcomplex API.\n   4 - Not OpenBSD-like.\n\nWhy not Avahi ?\n   1 - No BSD License (LGPL).\n   2 - Overcomplex API.\n   3 - Not OpenBSD-like\n   4 - DBUS and lots of dependencies.\n\n\n\nThose already sound like pretty compelling reasons. What makes this “new” information again is the pledge support, and perhaps it’s time for more BSD’s to start considering importing something like mdnsd into their base system to make system discovery more “automatic”\n***\n\n\nBeastie Bits\n\n\nBenno Rice at Linux.Conf.Au: The Trouble with FreeBSD \nState of the Port of VMS to x86  \nMicrosoft Azure now offers Patent Troll Protection \nFreeBSD Storage Summit 2017\nIf you are going to be in Tokyo, make sure you come to \n\n\n\n\nFeedback/Questions\n\n\n Farhan - Laptops \n Hjalti - rclone \n Ivan - Jails \n Jungle - Traffic Control \n***\n","content_html":"\u003cp\u003eThis week on the show, we’ve got FreeBSD quarterly Status reports to discuss, OpenBSD changes to the installer, EC2 and IPv6 and more. Stay\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/openbsd-changes-of-note-6\" rel=\"nofollow\"\u003eOpenBSD changes of note 6\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD can now be cross built with clang. Work on this continues\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBuild ld.so with -fno-builtin because otherwise clang would optimize the local versions of functions like _dl_memset into a call to memset, which doesn’t exist.\u003cbr\u003e\nAdd connection timeout for ftp (http). Mostly for the installer so it can error out and try something else.\u003cbr\u003e\nComplete https support for the installer.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI wonder how they handle certificate verification. I need to look into this as I’d like to switch the FreeBSD installer to this as well\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNew ocspcheck utility to validate a certificate against its ocsp responder.\u003cbr\u003e\nnet lock here, net lock there, net lock not quite everywhere but more than before.\u003cbr\u003e\nMore per cpu counters in networking code as well.\u003cbr\u003e\nDisable and lock Silicon Debug feature on modern Intel CPUs. \u003cbr\u003e\nPrevent wireless frame injection attack described at 33C3 in the talk titled “Predicting and Abusing WPA2/802.11 Group Keys” by Mathy Vanhoef.\u003cbr\u003e\nAdd support for multiple transmit ifqueues per network interface. Supported drivers include bge, bnx, em, myx, ix, hvn, xnf. \u003cbr\u003e\npledge now tracks when a file as opened and uses this to permit or deny ioctl. \u003cbr\u003e\nReimplement httpd’s support for byte ranges. Fixes a memory DOS. \u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2016-10-2016-12.html\" rel=\"nofollow\"\u003eFreeBSD 2016Q4 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn overview of some of the work that happened in October - December 2016\u003c/li\u003e\n\u003cli\u003eThe ports tree saw many updates and surpassed 27,000 ports\u003c/li\u003e\n\u003cli\u003eThe core team was busy as usual, and the foundation attended and/or sponsored a record 24 events in 2016.\u003c/li\u003e\n\u003cli\u003eCEPH on FreeBSD seems to be coming along nicely. For those that do not know, CEPH is a distributed filesystem that can sit on top of another filesystem. That is, you can use it to create a clustered filesystem out of a bunch of ZFS servers. Would love to have some viewers give it a try and report back.\u003c/li\u003e\n\u003cli\u003eOpenBSM, the FreeBSD audit framework, got some updates\u003c/li\u003e\n\u003cli\u003eEd Schouten committed a front end to export sysctl data in a format usable by Prometheus, the open source monitoring system. This is useful for other monitoring software too.\u003c/li\u003e\n\u003cli\u003eLots of updates for various ARM boards\u003c/li\u003e\n\u003cli\u003eThere is an update on Reproducible Builds in FreeBSD, “ It is now possible to build the FreeBSD base system (kernel and userland) completely reproducibly, although it currently requires a few non-default settings”, and the ports tree is at 80% reproducible\u003c/li\u003e\n\u003cli\u003eLots of toolchain updates (gcc, lld, gdb)\u003c/li\u003e\n\u003cli\u003eVarious updates from major ports teams\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2017-01-26-IPv6-on-FreeBSD-EC2.html\" rel=\"nofollow\"\u003eAmazon rolls out IPv6 support on EC2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA few hours ago Amazon announced that they had rolled out IPv6 support in EC2 to 15 regions — everywhere except the Beijing region, apparently. This seems as good a time as any to write about using IPv6 in EC2 on FreeBSD instances.\u003cbr\u003e\nFirst, the good news: Future FreeBSD releases will support IPv6 \u0026quot;out of the box\u0026quot; on EC2. I committed changes to HEAD last week, and merged them to the stable/11 branch moments ago, to have FreeBSD automatically use whatever IPv6 addresses EC2 makes available to it.\u003cbr\u003e\nNext, the annoying news: To get IPv6 support in EC2 from existing FreeBSD releases (10.3, 11.0) you\u0026#39;ll need to run a few simple commands. I consider this unfortunate but inevitable: While Amazon has been unusually helpful recently, there\u0026#39;s nothing they could have done to get support for their IPv6 networking configuration into FreeBSD a year before they launched it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou need the dual-dhclient port:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003epkg install dual-dhclient\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnd the following lines in your /etc/rc.conf:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eifconfig_DEFAULT=\u0026quot;SYNCDHCP accept_rtadv\u0026quot;\u003cbr\u003e\n   ipv6_activate_all_interfaces=\u0026quot;YES\u0026quot;\u003cbr\u003e\n   dhclient_program=\u0026quot;/usr/local/sbin/dual-dhclient\u0026quot;\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt is good to see FreeBSD being ready to use this feature on day 0, not something we would have had in the past\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eFinally, one important caveat: While EC2 is clearly the most important place to have IPv6 support, and one which many of us have been waiting a long time to get, this is not the only service where IPv6 support is important. Of particular concern to me, Application Load Balancer support for IPv6 is still missing in many regions, and Elastic Load Balancers in VPC don\u0026#39;t support IPv6 at all — which matters to those of us who run non-HTTP services. Make sure that IPv6 support has been rolled out for all the services you need before you start migrating.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin’s blog also has the details on how to actually activate IPv6 from the Amazon side, if only it was as easy as configuring it on the FreeBSD side\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=cofKxtIO3Is\" rel=\"nofollow\"\u003eFreeBSD’s George Neville-Neil tries valiantly for over an hour to convince a Linux fan of the error of their ways \u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn today\u0026#39;s episode of the Lunduke Hour I talk to George Neville-Neil -- author and FreeBSD advocate. He tries to convince me, a Linux user, that FreeBSD is better.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThey cover quite a few topics, including:\n\n\u003cul\u003e\n\u003cli\u003elicensing, and the motivations behind it\u003c/li\u003e\n\u003cli\u003evendor relations\u003c/li\u003e\n\u003cli\u003ecommunity\u003c/li\u003e\n\u003cli\u003edevelopment model\u003c/li\u003e\n\u003cli\u003edrivers and hardware support\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eGeorge also talks about his work with the FreeBSD Foundation, and the book he co-authored, “The Design and Implementation of the FreeBSD Operating System, 2nd Edition”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/rosedovell/unixdesktops\" rel=\"nofollow\"\u003eAn interactive script that makes it easy to install 50+ desktop environments following a base install of FreeBSD 11\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnd I thought I was doing good when I wrote a patch for the installer that enables your choice of 3 desktop environments...\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is a collection of scripts meant to install desktop environments on unix-like operating systems following a base install. I call one of these \u0026#39;complete\u0026#39; when it meets the following requirements:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA graphical logon manager is presented without user intervention after powering on the machine\u003c/li\u003e\n\u003cli\u003eLogging into that graphical logon manager takes the user into the specified desktop environment\u003c/li\u003e\n\u003cli\u003eThe user can open a terminal emulator\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI need to revive my patch, and add Lumina to it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/firefox_51_on_sparc64_we\" rel=\"nofollow\"\u003eFirefox 51 on sparc64 - we did not hit the wall yet\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA NetBSD developers tells the story of getting Firefox 51 running on their sparc64 machine\u003c/li\u003e\n\u003cli\u003eIt turns out the bug impacted amd64 as well, so it was quickly fixed\u003c/li\u003e\n\u003cli\u003eThey are a bit less hopeful about the future, since Firefox will soon require rust to compile, and rust is not working on sparc64 yet\u003c/li\u003e\n\u003cli\u003eAlthough there has been some activity on the rust on sparc64 front, so maybe there is hope\u003c/li\u003e\n\u003cli\u003eThe post also look at a few alternative browsers, but it not hopeful\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.reverberate.org/2016/11/07/introducing-bloaty-mcbloatface.html\" rel=\"nofollow\"\u003eIntroducing Bloaty McBloatface: a size profiler for binaries\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m very excited to announce that today I’m open-sourcing a tool I’ve been working on for several months at Google. It’s called Bloaty McBloatface, and it lets you explore what’s taking up space in your .o, .a, .so, and executable binary files.\u003c/p\u003e\n\n\u003cp\u003eBloaty is available under the Apache 2 license. All of the code is available on GitHub: github.com/google/bloaty. It is quick and easy to build, though it does require a somewhat recent compiler since it uses C++11 extensively. Bloaty primarily supports ELF files (Linux, BSD, etc) but there is some support for Mach-O files on OS X too. I’m interested in expanding Bloaty’s capabilities to more platforms if there is interest!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI need to try this one some of the boot code files, to see if there are places we can trim some fat\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe’ve been using Bloaty a lot on the Protocol Buffers team at Google to evaluate the binary size impacts of our changes. If a change causes a size increase, where did it come from? What sections/symbols grew, and why? Bloaty has a diff mode for understanding changes in binary size\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe diff mode looks especially interesting. It might be worth setting up some kind of CI testing that alerts if a change results in a significant size increase in a binary or library\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/kristapsdz/mdnsd\" rel=\"nofollow\"\u003eA BSD licensed mdns responder\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the things we just have to deal with in the modern world is service and system discovery. Many of us have fiddled with avahi or mdnsd and related “mdns” services.\u003c/li\u003e\n\u003cli\u003eFor various reasons those often haven’t been the best-fit on BSD systems. \u003c/li\u003e\n\u003cli\u003eToday we have a github project to point you at, which while a bit older, has recently been updated with pledge() support for OpenBSD. \u003c/li\u003e\n\u003cli\u003eFirst of all, why do we need an alternative? They list their reasons:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis is an attempt to bring native mdns/dns-sd to OpenBSD. Mainly cause all the other options suck and proper network browsing is a nice feature these days.\u003c/p\u003e\n\n\u003cp\u003eWhy not Apple\u0026#39;s mdnsd ?\u003cbr\u003e\n   1 - It sucks big time.\u003cbr\u003e\n   2 - No BSD License (Apache-2).\u003cbr\u003e\n   3 - Overcomplex API.\u003cbr\u003e\n   4 - Not OpenBSD-like.\u003c/p\u003e\n\n\u003cp\u003eWhy not Avahi ?\u003cbr\u003e\n   1 - No BSD License (LGPL).\u003cbr\u003e\n   2 - Overcomplex API.\u003cbr\u003e\n   3 - Not OpenBSD-like\u003cbr\u003e\n   4 - DBUS and lots of dependencies.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThose already sound like pretty compelling reasons. What makes this “new” information again is the pledge support, and perhaps it’s time for more BSD’s to start considering importing something like mdnsd into their base system to make system discovery more “automatic”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=Ib7tFvw34DM\" rel=\"nofollow\"\u003eBenno Rice at Linux.Conf.Au: The Trouble with FreeBSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://vmssoftware.com/pdfs/State_of_Port_20170105.pdf\" rel=\"nofollow\"\u003eState of the Port of VMS to x86 \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://thestack.com/cloud/2017/02/08/microsoft-azure-now-offers-patent-troll-ip-protection/\" rel=\"nofollow\"\u003eMicrosoft Azure now offers Patent Troll Protection\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/event-calendar/freebsd-storage-summit-2017/\" rel=\"nofollow\"\u003eFreeBSD Storage Summit 2017\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://bhyvecon.org/\" rel=\"nofollow\"\u003eIf you are going to be in Tokyo, make sure you come to\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/bVqsvM3r\" rel=\"nofollow\"\u003e Farhan - Laptops\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/7KWYX2Mg\" rel=\"nofollow\"\u003e Hjalti - rclone\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/U5XyzMDR\" rel=\"nofollow\"\u003e Ivan - Jails\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/sK7uEDpn\" rel=\"nofollow\"\u003e Jungle - Traffic Control\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we’ve got FreeBSD quarterly Status reports to discuss, OpenBSD changes to the installer, EC2 and IPv6 and more. Stay","date_published":"2017-02-22T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/03a41594-1715-4d90-9b5e-594a358caefd.mp3","mime_type":"audio/mpeg","size_in_bytes":48221716,"duration_in_seconds":4018}]},{"id":"6e425191-eb90-4cea-9104-7b4880f0c224","title":"181: The Cantrillogy (Not special edition)","url":"https://www.bsdnow.tv/181","content_text":"This week on BSDNow we have a cantrill special to bring you! All three interviews back to back in their original glory, you won’t want to miss\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\n– Show Notes: –FOSDEM 2017 BSD Dev Room Videos \nhref=\"http://www.jupiterbroadcasting.com/86662/ubuntu-slaughters-kittens-bsd-now-103/\"\u0026gt;Ubuntu Slaughters Kittens | BSD Now 103\nhref=\"http://www.jupiterbroadcasting.com/90811/the-cantrill-strikes-back-bsd-now-117/\"\u0026gt;The Cantrill Strikes Back | BSD Now 117\nhref=\"http://www.jupiterbroadcasting.com/103871/return-of-the-cantrill-bsd-now-163/\"\u0026gt;Return of the Cantrill | BSD Now 163","content_html":"\u003cp\u003eThis week on BSDNow we have a cantrill special to bring you! All three interviews back to back in their original glory, you won’t want to miss\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ch3\u003e– Show Notes: –\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://fosdem.org/2017/schedule/track/bsd/\"\u003eFOSDEM 2017 BSD Dev Room Videos \u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.jupiterbroadcasting.com/86662/ubuntu-slaughters-kittens-bsd-now-103/\"\u003eUbuntu Slaughters Kittens | BSD Now 103\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.jupiterbroadcasting.com/90811/the-cantrill-strikes-back-bsd-now-117/\"\u003eThe Cantrill Strikes Back | BSD Now 117\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.jupiterbroadcasting.com/103871/return-of-the-cantrill-bsd-now-163/\"\u003eReturn of the Cantrill | BSD Now 163\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/p\u003e","summary":"This week on BSDNow we have a cantrill special to bring you! All three interviews back to back in their original glory, you won’t want to miss","date_published":"2017-02-15T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6e425191-eb90-4cea-9104-7b4880f0c224.mp3","mime_type":"audio/mpeg","size_in_bytes":127909972,"duration_in_seconds":15988}]},{"id":"4ff28335-e7a4-434c-a0c3-3e17c4eaa5e8","title":"180: Illuminating the desktop","url":"https://www.bsdnow.tv/180","content_text":"This week on BSDNow, I’m out of town but we have a great interview with Ken Moore (My brother) about the latest in BSD desktop computing and\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nInterview - Ken Moore - ken@trueos.org\n\nTrueOS, Lumina, Sys Admin, The BSD Desktop Ecosystem\n\n\nKM: Thank you for joining us again, can you believe it has been an entire year?\nAJ: Let’s start by getting an update on Lumina, what has happened in the last year?\nKM: What is the change you are most proud of in that time?\nAJ: What do you think of the recent introduction of Wayland to the ports tree? Do you think this will impact Lumina? Do you have any plans?\nKM: \nAJ: What has changed with SysAdm after a year of development?\nKM: What plans do you have for the future of SysAdm?\nAJ: How has it been working with the drm-next branch? Does it feel like that is progressing?\nKM: Can you tell us about some of the other TrueOS work you have been doing?\nAJ: What are your thoughts on how the BSD Desktop Ecosystem has changed over the last year? Do you think the future looks better or worse now?\nKM: Do you think systemd is going to continue to make things work? Or does it seem like there is enough resistance to it that fewer projects are going to throw out support for anything not-systemd\nAJ: Anything else you want to add?\n***\n","content_html":"\u003cp\u003eThis week on BSDNow, I’m out of town but we have a great interview with Ken Moore (My brother) about the latest in BSD desktop computing and\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Ken Moore - \u003ca href=\"mailto:ken@trueos.org\" rel=\"nofollow\"\u003eken@trueos.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eTrueOS, Lumina, Sys Admin, The BSD Desktop Ecosystem\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eKM: Thank you for joining us again, can you believe it has been an entire year?\u003c/li\u003e\n\u003cli\u003eAJ: Let’s start by getting an update on Lumina, what has happened in the last year?\u003c/li\u003e\n\u003cli\u003eKM: What is the change you are most proud of in that time?\u003c/li\u003e\n\u003cli\u003eAJ: What do you think of the recent introduction of Wayland to the ports tree? Do you think this will impact Lumina? Do you have any plans?\u003c/li\u003e\n\u003cli\u003eKM: \u003cfollowup\u003e\u003c/li\u003e\n\u003cli\u003eAJ: What has changed with SysAdm after a year of development?\u003c/li\u003e\n\u003cli\u003eKM: What plans do you have for the future of SysAdm?\u003c/li\u003e\n\u003cli\u003eAJ: How has it been working with the drm-next branch? Does it feel like that is progressing?\u003c/li\u003e\n\u003cli\u003eKM: Can you tell us about some of the other TrueOS work you have been doing?\u003c/li\u003e\n\u003cli\u003eAJ: What are your thoughts on how the BSD Desktop Ecosystem has changed over the last year? Do you think the future looks better or worse now?\u003c/li\u003e\n\u003cli\u003eKM: Do you think systemd is going to continue to make things work? Or does it seem like there is enough resistance to it that fewer projects are going to throw out support for anything not-systemd\u003c/li\u003e\n\u003cli\u003eAJ: Anything else you want to add?\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, I’m out of town but we have a great interview with Ken Moore (My brother) about the latest in BSD desktop computing and","date_published":"2017-02-08T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4ff28335-e7a4-434c-a0c3-3e17c4eaa5e8.mp3","mime_type":"audio/mpeg","size_in_bytes":37065748,"duration_in_seconds":3088}]},{"id":"06b91bc7-f848-44c2-a5f9-1d1d40f61714","title":"179: The Wayland Machine","url":"https://www.bsdnow.tv/179","content_text":"This week on BSDNow, we’re going to be leading off with the latest news about Wayland and Xorg support on FreeBSD, then a look at OpenBSD ARM64\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nWayland is now in the FreeBSD Ports tree\n\n\nThis commit brings Wayland, the new windowing system, into the FreeBSD ports tree\n“This port was first created by Koop Mast (kwm@) then updated and improved by Johannes Lundberg”\n“Wayland is intended as a simpler replacement for X, easier to develop and maintain. GNOME and KDE are expected to be ported to it.”\nWayland is designed for desktop and laptop use, rather than X, which was designed for use over the network, where clients were not powerful enough to run the applications locally.\n“Wayland is a protocol for a compositor to talk to its clients as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers.”\n“Please report bugs to the FreeBSD bugtracker!”\nIt is good to see this project progressing, as it seems in a few generations, high performance graphics drivers may only be actively developed for Wayland.\n***\n\n\nCall For Testing: xorg 1.18.4 and newer intel/ati DDX \n\n\nBaptiste Daroussin, and the FreeBSD X11 team, have issued a call for testing for the upgrade to Xorg 1.18.4\nAlong with it comes newer ATI/AMD and Intel drivers\n“Note that you will need to rebuild all the xf86-* packages to work with thatnewer xorg (hence the bump of the revision)”\n“Do not expect newer gpu supported as this is not the kernel part”, it only provides the newer Xorg driver, not the kernel mode setting driver (this is a separate project)\n“If you experience any issue with intel or radeon driver please try to use the new modesetting driver provided by xorg directly (note that fedora and debian recommend the use of the new driver instead of the ati/intel one)”\n***\n\n\nError handling in C \n\n\n“Unlike other languages which have one preferred means of signalling an error, C is a multi error paradigm language. Error handling styles in C can be organized into one of several distinct styles, such as popular or correct. Some examples of each.”\n\n\n“One very popular option is the classic unix style. -1 is returned to indicate an error.”\n“Another option seen in the standard C library is NULL for errors.”\n“The latter has the advantage that NULL is a false value, which makes it easier to write logical conditions. File descriptor 0 is valid (stdin) but false, while -1 is invalid but true.”\n“And of course, there’s the worst of both worlds approach requiring a special sentinel that you’ll probably forget to use”\n“Other unix functions, those that don’t need to return a file descriptor, stick to just 0 and -1”\n“Of course, none of these functions reveal anything about the nature of the error. For that, you need to consult the errno on the side”\n\nThe article goes on to describe different ways of dealing with the issue, and return values.\nThere is also coverage of more complex examples and involve a context that might contain the error message\nIt is really interesting to see the differences, and the pitfalls of each approach\n***\n\n\nFixing POSIX Filenames\n\n\n“Traditionally, Unix/Linux/POSIX pathnames and filenames can be almost any sequence of bytes. A pathname lets you select a particular file, and may \ninclude zero or more “/” characters. Each pathname component (separated by “/”) is a filename; filenames cannot contain “/”. Neither \nfilenames nor pathnames can contain the ASCII NUL character (\\0), because that is the terminator.”\n“This lack of limitations is flexible, but it also creates a legion of unnecessary problems. In particular, this lack of limitations makes it \nunnecessarily difficult to write correct programs (enabling many security flaws). It also makes it impossible to consistently and accurately display filenames, \ncauses portability problems, and confuses users.”\n“This article will try to convince you that adding some tiny limitations on legal Unix/Linux/POSIX filenames would be an improvement. Many programs \nalready presume these limitations, the POSIX standard already permits such limitations, and many Unix/Linux filesystems already embed such limitations — so \nit’d be better to make these (reasonable) assumptions true in the first place. This article will discuss, in particular, the three biggest problems: control \ncharacters in filenames (including newline, tab, and escape), leading dashes in filenames, and the lack of a standard character encoding scheme (instead of \nusing UTF-8). These three problems impact programs written in any language on Unix/Linux/POSIX system. There are other problems, of course. Spaces in filenames \ncan cause problems; it’s probably hopeless to ban them outright, but resolving some of the other issues will simplify handling spaces in filenames. For \nexample, when using a Bourne shell, you can use an IFS trick (using IFS=printf '\\n\\t') to eliminate some problems with spaces. Similarly, special \nmetacharacters in filenames cause some problems; I suspect few if any metacharacters could be forbidden on all POSIX systems, but it’d be great if \nadministrators could locally configure systems so that they could prevent or escape such filenames when they want to. I then discuss some other tricks that can \nhelp.”\n“After limiting filenames slightly, creating completely-correct programs is much easier, and some vulnerabilities in existing programs disappear. This \narticle then notes some others’ opinions; I knew that some people wouldn’t agree with me, but I’m heartened that many do agree that something should \nbe done. Finally, I briefly discuss some methods for solving this long-term; these include forbidding creation of such names (hiding them if they already exist \non the underlying filesystem), implementing escaping mechanisms, or changing how tools work so that these are no longer problems (e.g., when globbing/scanning, \nhave the libraries prefix “./” to any filename beginning with “-”). Solving this is not easy, and I suspect that several solutions will be \nneeded. In fact, this paper became long over time because I kept finding new problems that needed explaining (new “worms under the rocks”). If I’ve \nconvinced you that this needs improving, I’d like your help in figuring out how to best do it!”\n“Filename problems affect programs written in any programming language. However, they can be especially tricky to deal with when using Bourne shells \n(including bash and dash). If you just want to write shell programs that can handle filenames correctly, you should see the short companion article Filenames \nand Pathnames in Shell: How to do it correctly.”\n Imagine that you don’t know Unix/Linux/POSIX (I presume you really do), and that you’re trying to do some simple tasks. For our purposes we will \ncreate simple scripts on the command line (using a Bourne shell) for these tasks, though many of the underlying problems affect any program. For example, \nlet’s try to print out the contents of all files in the current directory, putting the contents into a file in the parent directory:\n\n\ncat * \u0026gt; ../collection  # WRONG\ncat ./* \u0026gt; ../collection  # CORRECT\ncat find . -type f \u0026gt; ../collection  # WRONG\n( set -f ; for file in find . -type f ; do  # WRONG\ncat \"$file\"\ndone ) \u0026gt; ../collection\n( find . -type f | xargs cat ) \u0026gt; ../collection # WRONG, WAY WRONG\n\nJust think about trying to remove a file named: -rf /\n***\n\n\nNews Roundup\n\nOpenBSD ARM64\n\n\nA new page has appeared on the OpenBSD website, offering images for ARM64\n“The current target platforms are the Pine64 and the Raspberry Pi 3.”\n“OpenBSD/arm64 bundles various platforms sharing the 64-bit ARM architecture. Due to the fact that there are many System on a Chips (SoC) around, OpenBSD/arm64 differentiates between various SoCs and may have a different level of support between them”\nThe page contains a list of the devices that are supported, and which components have working drivers\nAt the time of recording, the link to download the snapshots did not work yet, but by time this airs a week from now, it should be working.\n***\n\n\nThe design of Chacha20\n\n\nSeems like every few episodes we end up discussing Ciphers (With their o-so amusing naming) and today is no exception.\nWe have a great writeup on the D \u0026amp; I of the ‘chacha20’ cipher written by “Loup Vaillant”\nFirst of all, is this story for you? Maybe the summary will help make that call:\n\n\n“Quick summary: Chacha20 is ARX-based hash function, keyed, running in counter mode. It embodies the idea that one can use a hash function to encrypt data.”\n\n\nIf your eyes didn’t glaze over, then you are cleared to proceed. \nChacha20 is built around stream ciphers:\n\n\n\nWhile Chacha20 is mainly used for encryption, its core is a pseudo-random number generator. The cipher text is obtained by XOR'ing the plain text with a pseudo-random stream:\ncipher_text = plain_text XOR chacha_stream(key, nonce)\n\nProvided you never use the same nonce with the same key twice, you can treat that stream as a one time pad. This makes it very simple: unlike block ciphers, you don't have to worry about padding, and decryption is the same operation as encryption:\nplain_text = cipher_text XOR chacha_stream(key, nonce)\n\nNow we just have to get that stream.\n\n\n\nThe idea that the streams can mimic the concept of a one-time pad does make chacha20 very attractive, even to a non-crypto guy such as myself.\nFrom here the article goes into depth on how the cipher scrambles 512bit blocks using the quarter-round method (A forth of a block or 4 32bit numbers)\nSome ascii art is used here to help visualize how this done, in the quarter round-phase, then to the complete block as the 4 quarters are run in parallel over the entire 512 bit block.\nFrom here the article goes more into depth, looking at the complete chacha block, and the importance of a seemingly unnecessary 32byte constant (Hint: it’s really important)\nIf crypto is something you find fascinating, you’ll want to make sure you give this one a full read-through.\n***\n\n\nCyberChef - Coming to a FreeBSD Ports tree near you\n\n\nDan Langille tweets that he will be creating a port of GCHQ’s CyberChef tool\n“CyberChef is a simple, intuitive web app for carrying out all manner of \"cyber\" operations within a web browser. These operations include creating hexdumps, simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, data compression and decompression, calculating hashes and checksums, IPv6 and X.509 parsing, and much more.”\n“The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. Every effort has been made to structure the code in a readable and extendable format, however it should be noted that the analyst is not a professional developer and the code has not been peer-reviewed for compliance with a formal specification.”\nSome handy functions, beyond stuff like base64 encoding:\nNetwork Enumeration (CIDR to list of IPS) \nBrowser User Agent Parser (what browser is that, based on your HTTP logs)\nXOR Brute Force: enter some XOR’d text, and try every possible key to find plaintext. Optionally give it a regex of known plaintext to find the right key.\nCalculate the “Shannon Entropy” of the input (how random is this data)\nIt also has a number of built in regular expressions for common things, very useful\nThe project is up on github if you want to play with the code\n***\n\n\nBuilding Electron and VSCode in FreeBSD11\n\n\nA patch and set of instructions for building Electron and VSCode on FreeBSD\n“Visual Studio Code is a source code editor developed by Microsoft for Windows, Linux and macOS. It includes support for debugging, embedded Git control, syntax highlighting, intelligent code completion, snippets, and code refactoring. It is also customizable, so users can change the editor's theme, keyboard shortcuts, and preferences. It is free and open-source, although the official download is under a proprietary license.”\n“Visual Studio Code is based on Electron, a framework which is used to deploy Node.js applications for the desktop running on the Blink layout engine. Although it uses the Electron framework, the software is not a fork of Atom, it is actually based on Visual Studio Online's editor (codename \"Monaco\")”\nIt would be interesting to see official support for VSCode on FreeBSD\nHas anyone tried VSCode on the FreeBSD Code base?\n***\n\n\nBeastie Bits\n\n\nSoft Label Keys \nWPA1 (TKIP) disabled by default (OpenBSD)\nCool but obscure unix tools \nKDE Frameworks and Plasma on FreeBSD\nInitiative to migrate OpenBSD mirrors to HTTPS\nThat moment you realize FreeBSD has got some Star Wars fans\nPagelink\n\n\n","content_html":"\u003cp\u003eThis week on BSDNow, we’re going to be leading off with the latest news about Wayland and Xorg support on FreeBSD, then a look at OpenBSD ARM64\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=432406\" rel=\"nofollow\"\u003eWayland is now in the FreeBSD Ports tree\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis commit brings Wayland, the new windowing system, into the FreeBSD ports tree\u003c/li\u003e\n\u003cli\u003e“This port was first created by Koop Mast (kwm@) then updated and improved by Johannes Lundberg”\u003c/li\u003e\n\u003cli\u003e“Wayland is intended as a simpler replacement for X, easier to develop and maintain. GNOME and KDE are expected to be ported to it.”\u003c/li\u003e\n\u003cli\u003eWayland is designed for desktop and laptop use, rather than X, which was designed for use over the network, where clients were not powerful enough to run the applications locally.\u003c/li\u003e\n\u003cli\u003e“Wayland is a protocol for a compositor to talk to its clients as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers.”\u003c/li\u003e\n\u003cli\u003e“Please report bugs to the FreeBSD bugtracker!”\u003c/li\u003e\n\u003cli\u003eIt is good to see this project progressing, as it seems in a few generations, high performance graphics drivers may only be actively developed for Wayland.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-x11/2017-January/018738.html\" rel=\"nofollow\"\u003eCall For Testing: xorg 1.18.4 and newer intel/ati DDX \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBaptiste Daroussin, and the FreeBSD X11 team, have issued a call for testing for the upgrade to Xorg 1.18.4\u003c/li\u003e\n\u003cli\u003eAlong with it comes newer ATI/AMD and Intel drivers\u003c/li\u003e\n\u003cli\u003e“Note that you will need to rebuild all the xf86-* packages to work with thatnewer xorg (hence the bump of the revision)”\u003c/li\u003e\n\u003cli\u003e“Do not expect newer gpu supported as this is not the kernel part”, it only provides the newer Xorg driver, not the kernel mode setting driver (this is a separate project)\u003c/li\u003e\n\u003cli\u003e“If you experience any issue with intel or radeon driver please try to use the new modesetting driver provided by xorg directly (note that fedora and debian recommend the use of the new driver instead of the ati/intel one)”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/to-errno-or-to-error\" rel=\"nofollow\"\u003eError handling in C \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Unlike other languages which have one preferred means of signalling an error, C is a multi error paradigm language. Error handling styles in C can be organized into one of several distinct styles, such as popular or correct. Some examples of each.”\n\n\u003cul\u003e\n\u003cli\u003e“One very popular option is the classic unix style. -1 is returned to indicate an error.”\u003c/li\u003e\n\u003cli\u003e“Another option seen in the standard C library is NULL for errors.”\u003c/li\u003e\n\u003cli\u003e“The latter has the advantage that NULL is a false value, which makes it easier to write logical conditions. File descriptor 0 is valid (stdin) but false, while -1 is invalid but true.”\u003c/li\u003e\n\u003cli\u003e“And of course, there’s the worst of both worlds approach requiring a special sentinel that you’ll probably forget to use”\u003c/li\u003e\n\u003cli\u003e“Other unix functions, those that don’t need to return a file descriptor, stick to just 0 and -1”\u003c/li\u003e\n\u003cli\u003e“Of course, none of these functions reveal anything about the nature of the error. For that, you need to consult the errno on the side”\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe article goes on to describe different ways of dealing with the issue, and return values.\u003c/li\u003e\n\u003cli\u003eThere is also coverage of more complex examples and involve a context that might contain the error message\u003c/li\u003e\n\u003cli\u003eIt is really interesting to see the differences, and the pitfalls of each approach\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dwheeler.com/essays/fixing-unix-linux-filenames.html\" rel=\"nofollow\"\u003eFixing POSIX Filenames\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Traditionally, Unix/Linux/POSIX pathnames and filenames can be almost any sequence of bytes. A pathname lets you select a particular file, and may \ninclude zero or more “/” characters. Each pathname component (separated by “/”) is a filename; filenames cannot contain “/”. Neither \nfilenames nor pathnames can contain the ASCII NUL character (\\0), because that is the terminator.”\u003c/li\u003e\n\u003cli\u003e“This lack of limitations is flexible, but it also creates a legion of unnecessary problems. In particular, this lack of limitations makes it \nunnecessarily difficult to write correct programs (enabling many security flaws). It also makes it impossible to consistently and accurately display filenames, \ncauses portability problems, and confuses users.”\u003c/li\u003e\n\u003cli\u003e“This article will try to convince you that adding some tiny limitations on legal Unix/Linux/POSIX filenames would be an improvement. Many programs \nalready presume these limitations, the POSIX standard already permits such limitations, and many Unix/Linux filesystems already embed such limitations — so \nit’d be better to make these (reasonable) assumptions true in the first place. This article will discuss, in particular, the three biggest problems: control \ncharacters in filenames (including newline, tab, and escape), leading dashes in filenames, and the lack of a standard character encoding scheme (instead of \nusing UTF-8). These three problems impact programs written in any language on Unix/Linux/POSIX system. There are other problems, of course. Spaces in filenames \ncan cause problems; it’s probably hopeless to ban them outright, but resolving some of the other issues will simplify handling spaces in filenames. For \nexample, when using a Bourne shell, you can use an IFS trick (using IFS=\u003ccode\u003eprintf \u0026#39;\\n\\t\u0026#39;\u003c/code\u003e) to eliminate some problems with spaces. Similarly, special \nmetacharacters in filenames cause some problems; I suspect few if any metacharacters could be forbidden on all POSIX systems, but it’d be great if \nadministrators could locally configure systems so that they could prevent or escape such filenames when they want to. I then discuss some other tricks that can \nhelp.”\u003c/li\u003e\n\u003cli\u003e“After limiting filenames slightly, creating completely-correct programs is much easier, and some vulnerabilities in existing programs disappear. This \narticle then notes some others’ opinions; I knew that some people wouldn’t agree with me, but I’m heartened that many do agree that something should \nbe done. Finally, I briefly discuss some methods for solving this long-term; these include forbidding creation of such names (hiding them if they already exist \non the underlying filesystem), implementing escaping mechanisms, or changing how tools work so that these are no longer problems (e.g., when globbing/scanning, \nhave the libraries prefix “./” to any filename beginning with “-”). Solving this is not easy, and I suspect that several solutions will be \nneeded. In fact, this paper became long over time because I kept finding new problems that needed explaining (new “worms under the rocks”). If I’ve \nconvinced you that this needs improving, I’d like your help in figuring out how to best do it!”\u003c/li\u003e\n\u003cli\u003e“Filename problems affect programs written in any programming language. However, they can be especially tricky to deal with when using Bourne shells \n(including bash and dash). If you just want to write shell programs that can handle filenames correctly, you should see the short companion article \u003ca href=\"http://www.dwheeler.com/essays/filenames-in-shell.html\" rel=\"nofollow\"\u003eFilenames \nand Pathnames in Shell: How to do it correctly\u003c/a\u003e.”\u003c/li\u003e\n\u003cli\u003e Imagine that you don’t know Unix/Linux/POSIX (I presume you really do), and that you’re trying to do some simple tasks. For our purposes we will \ncreate simple scripts on the command line (using a Bourne shell) for these tasks, though many of the underlying problems affect any program. For example, \nlet’s try to print out the contents of all files in the current directory, putting the contents into a file in the parent directory:\n\n\u003cul\u003e\n\u003cli\u003ecat * \u0026gt; ../collection  # WRONG\u003c/li\u003e\n\u003cli\u003ecat ./* \u0026gt; ../collection  # CORRECT\u003c/li\u003e\n\u003cli\u003ecat \u003ccode\u003efind . -type f\u003c/code\u003e \u0026gt; ../collection  # WRONG\u003c/li\u003e\n\u003cli\u003e( set -f ; for file in \u003ccode\u003efind . -type f\u003c/code\u003e ; do  # WRONG\ncat \u0026quot;$file\u0026quot;\ndone ) \u0026gt; ../collection\u003c/li\u003e\n\u003cli\u003e( find . -type f | xargs cat ) \u0026gt; ../collection # WRONG, WAY WRONG\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eJust think about trying to remove a file named: -rf /\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/arm64.html\" rel=\"nofollow\"\u003eOpenBSD ARM64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new page has appeared on the OpenBSD website, offering images for ARM64\u003c/li\u003e\n\u003cli\u003e“The current target platforms are the Pine64 and the Raspberry Pi 3.”\u003c/li\u003e\n\u003cli\u003e“OpenBSD/arm64 bundles various platforms sharing the 64-bit ARM architecture. Due to the fact that there are many System on a Chips (SoC) around, OpenBSD/arm64 differentiates between various SoCs and may have a different level of support between them”\u003c/li\u003e\n\u003cli\u003eThe page contains a list of the devices that are supported, and which components have working drivers\u003c/li\u003e\n\u003cli\u003eAt the time of recording, the link to download the snapshots did not work yet, but by time this airs a week from now, it should be working.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://loup-vaillant.fr/tutorials/chacha20-design\" rel=\"nofollow\"\u003eThe design of Chacha20\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeems like every few episodes we end up discussing Ciphers (With their o-so amusing naming) and today is no exception.\u003c/li\u003e\n\u003cli\u003eWe have a great writeup on the D \u0026amp; I of the ‘chacha20’ cipher written by “Loup Vaillant”\u003c/li\u003e\n\u003cli\u003eFirst of all, is this story for you? Maybe the summary will help make that call:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e“Quick summary: Chacha20 is ARX-based hash function, keyed, running in counter mode. It embodies the idea that one can use a hash function to encrypt data.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf your eyes didn’t glaze over, then you are cleared to proceed. \u003c/li\u003e\n\u003cli\u003eChacha20 is built around stream ciphers:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhile Chacha20 is mainly used for encryption, its core is a pseudo-random number generator. The cipher text is obtained by XOR\u0026#39;ing the plain text with a pseudo-random stream:\u003cbr\u003e\ncipher_text = plain_text XOR chacha_stream(key, nonce)\u003c/p\u003e\n\n\u003cp\u003eProvided you never use the same nonce with the same key twice, you can treat that stream as a one time pad. This makes it very simple: unlike block ciphers, you don\u0026#39;t have to worry about padding, and decryption is the same operation as encryption:\u003cbr\u003e\nplain_text = cipher_text XOR chacha_stream(key, nonce)\u003c/p\u003e\n\n\u003cp\u003eNow we just have to get that stream.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe idea that the streams can mimic the concept of a one-time pad does make chacha20 very attractive, even to a non-crypto guy such as myself.\u003c/li\u003e\n\u003cli\u003eFrom here the article goes into depth on how the cipher scrambles 512bit blocks using the quarter-round method (A forth of a block or 4 32bit numbers)\u003c/li\u003e\n\u003cli\u003eSome ascii art is used here to help visualize how this done, in the quarter round-phase, then to the complete block as the 4 quarters are run in parallel over the entire 512 bit block.\u003c/li\u003e\n\u003cli\u003eFrom here the article goes more into depth, looking at the complete chacha block, and the importance of a seemingly unnecessary 32byte constant (Hint: it’s really important)\u003c/li\u003e\n\u003cli\u003eIf crypto is something you find fascinating, you’ll want to make sure you give this one a full read-through.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/DLangille/status/823915729430913025\" rel=\"nofollow\"\u003eCyberChef - Coming to a FreeBSD Ports tree near you\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDan Langille tweets that he will be creating a port of GCHQ’s CyberChef tool\u003c/li\u003e\n\u003cli\u003e“CyberChef is a simple, intuitive web app for carrying out all manner of \u0026quot;cyber\u0026quot; operations within a web browser. These operations include creating hexdumps, simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, data compression and decompression, calculating hashes and checksums, IPv6 and X.509 parsing, and much more.”\u003c/li\u003e\n\u003cli\u003e“The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. Every effort has been made to structure the code in a readable and extendable format, however it should be noted that the analyst is not a professional developer and the code has not been peer-reviewed for compliance with a formal specification.”\u003c/li\u003e\n\u003cli\u003eSome handy functions, beyond stuff like base64 encoding:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gchq.github.io/CyberChef/?recipe=%5B%7B%22op%22%3A%22Parse%20IP%20range%22%2C%22args%22%3A%5Btrue%2Ctrue%2Cfalse%5D%7D%5D\u0026input=MTcyLjIxLjAuMzIvMjcK\" rel=\"nofollow\"\u003eNetwork Enumeration (CIDR to list of IPS) \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrowser User Agent Parser (what browser is that, based on your HTTP logs)\u003c/li\u003e\n\u003cli\u003eXOR Brute Force: enter some XOR’d text, and try every possible key to find plaintext. Optionally give it a regex of known plaintext to find the right key.\u003c/li\u003e\n\u003cli\u003eCalculate the “Shannon Entropy” of the input (how random is this data)\u003c/li\u003e\n\u003cli\u003eIt also has a number of built in regular expressions for common things, very useful\u003c/li\u003e\n\u003cli\u003eThe project is up on github if you want to play with the code\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gist.github.com/prash-wghats/89be1ee069d2acf23c289e9c606616e1\" rel=\"nofollow\"\u003eBuilding Electron and VSCode in FreeBSD11\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA patch and set of instructions for building Electron and VSCode on FreeBSD\u003c/li\u003e\n\u003cli\u003e“Visual Studio Code is a source code editor developed by Microsoft for Windows, Linux and macOS. It includes support for debugging, embedded Git control, syntax highlighting, intelligent code completion, snippets, and code refactoring. It is also customizable, so users can change the editor\u0026#39;s theme, keyboard shortcuts, and preferences. It is free and open-source, although the official download is under a proprietary license.”\u003c/li\u003e\n\u003cli\u003e“Visual Studio Code is based on Electron, a framework which is used to deploy Node.js applications for the desktop running on the Blink layout engine. Although it uses the Electron framework, the software is not a fork of Atom, it is actually based on Visual Studio Online\u0026#39;s editor (codename \u0026quot;Monaco\u0026quot;)”\u003c/li\u003e\n\u003cli\u003eIt would be interesting to see official support for VSCode on FreeBSD\u003c/li\u003e\n\u003cli\u003eHas anyone tried VSCode on the FreeBSD Code base?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://roy.marples.name/blog/blog/soft-label-keys\" rel=\"nofollow\"\u003eSoft Label Keys\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.mail-archive.com/source-changes@openbsd.org/msg84599.html\" rel=\"nofollow\"\u003eWPA1 (TKIP) disabled by default (OpenBSD)\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://kkovacs.eu/cool-but-obscure-unix-tools\" rel=\"nofollow\"\u003eCool but obscure unix tools\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://euroquis.nl/bobulate/?p=1521\" rel=\"nofollow\"\u003eKDE Frameworks and Plasma on FreeBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.mail-archive.com/source-changes@openbsd.org/msg84904.html\" rel=\"nofollow\"\u003eInitiative to migrate OpenBSD mirrors to HTTPS\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://i.imgur.com/dC7c1y4.png\" rel=\"nofollow\"\u003eThat moment you realize FreeBSD has got some Star Wars fans\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://wiki.freebsd.org/PortsSubversionPrimer\" rel=\"nofollow\"\u003ePagelink\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we’re going to be leading off with the latest news about Wayland and Xorg support on FreeBSD, then a look at OpenBSD ARM64","date_published":"2017-02-01T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/06b91bc7-f848-44c2-a5f9-1d1d40f61714.mp3","mime_type":"audio/mpeg","size_in_bytes":40976212,"duration_in_seconds":3414}]},{"id":"432eecad-cec1-4297-a8eb-87d5b5b088fd","title":"178: Enjoy the Silence","url":"https://www.bsdnow.tv/178","content_text":"This week on BSD Now, we will be discussing a wide variety of topics including Routers, Run-Controls, the “Rule” of silence and some\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nPorts no longer build on EOL FreeBSD versions\n\n\nThe FreeBSD ports tree has been updated to automatically fail if you try to compile ports on EOL versions of FreeBSD (any version of 9.x or earlier, 10.0 - 10.2, or 11 from before 11.0)\nThis is to prevent shooting yourself in the food, as the compatibility code for those older OSes has been removed now that they are no longer supported.\nIf you use pkg, you will also run into problems on old releases. Packages are always built on the oldest supported release in a branch. Until recently, this meant packages for 10.1, 10.2, and 10.3 were compiled on 10.1. Now that 10.1 and 10.2 are EOL, packages for 10.x are compiled on 10.3.\nThis matters because 10.3 supports the new openat() and various other *at() functions used by capsicum. Now that pkg and packages are built on a version that supports this new feature, they will not run on systems that do not support it. So pkg will exit with an error as soon as it tries to open a file.\nYou can work around this temporarily by using the pkg-static command, but you should upgrade to a supported release immediately.\n***\n\n\nImproving TrueOS: OpenRC\n\n\nWith TrueOS moving to a rolling-release model, we’ve decided to be a bit more proactive in sharing news about new features that are landing. \nThis week we’ve posted an article talking about the transition to OpenRC\nIn past episodes you’ve heard me mention OpenRC, but hopefully today we can help answer any of those lingering questions you may still have about it\nThe first thing always asked, is “What is OpenRC?”\n\n\n\nOpenRC is a dependency-based init system working with the system provided init program. It is used with several Linux distributions, including Gentoo and Alpine Linux. However, OpenRC was created by the NetBSD developer Roy Marples in one of those interesting intersections of Linux and BSD development. OpenRC’s development history, portability, and 2-clause BSD license make its integration into TrueOS an easy decision.\n\n\n\nNow that we know a bit about what it is, how does it behave differently than traditional RC?\n\n\n\nTrueOS now uses OpenRC to manage all system services, as opposed to FreeBSD’s RC. Instead of using rc.d for base system rc scripts, OpenRC uses init.d. Also, every service in OpenRC has its own user configuration file, located in /etc/conf.d/ for the base system and /usr/local/etc.conf.d/ for ports. Finally, OpenRC uses runlevels, as opposed to the FreeBSD single- or multi- user modes. You can view the services and their runlevels by typing $ rc-update show -v in a CLI. Also, TrueOS integrates OpenRC service management into SysAdm with the Service Manager tool\n\n\n\nOne of the prime benefits of OpenRC is much faster boot-times, which is important in a portable world of laptops (and desktops as well). But service monitoring and crash detection are also important parts of what make OpenRC a substantial upgrade for TrueOS.\nLastly people have asked us about migration, what is done, what isn’t? As of now almost all FreeBSD base system services have been migrated over. In addition most desktop-facing services required to run Lumina and the like are also ported. We are still going through the ports tree and converting legacy rc.d scripts to init.d, but the process takes time. Several new folks have begun contributing OpenRC scripts and we hope to have all the roughly 1k ports converted over this year. \n\n\n\n\nBSDRP Releases 1.70  \n\n\nA new release of the BSD Router Project\nThis distro is designed to replace high end routers, like those from Cisco and Juniper, with FreeBSD running on regular off-the-shelf server.\nHighlights:\n\n\nUpgraded to FreeBSD 11.0-STABLE r312663 (skip 11.0 for massive performance improvement)\nRe-Added: netmap-fwd (https://github.com/Netgate/netmap-fwd)\nAdd FIBsync patch to netmap-fwd from Zollner Robert \nnetmap pkt-gen supports IPv6, thanks to Andrey V. Elsukov (ae@freebsd.org)\nbird 1.6.3 (add BGP Large communities support)\nOpenVPN 2.4.0 (adds the high speed AEAD GCM cipher)\n\nAll of the other packages have also been upgraded\nA lot of great work has been done on BSDRP, and it has also generated a lot of great benchmarks and testing that have resulted in performance increases and improved understanding of how FreeBSD networking scales across different CPU types and speeds\n***\n\n\nDragonFlyBSD gets UEFI support\n\n\nThis commit adds support for UEFI to the Dragonfly Installer, allowing new systems to be installed to boot from UEFI\nThis script provides a way to build a HAMMER filesystem that works with UEFI\nThere is also a UEFI man page \nThe install media has also been updated to support booting from either UEFI or MBR, in the same way that the FreeBSD images work\n***\n\n\nNews Roundup\n\nThe Rule of Silence\n\n\n“The rule of silence, also referred to as the silence is golden rule, is an important part of the Unix philosophy that states that when a program has nothing surprising, interesting or useful to say, it should say nothing. It means that well-behaved programs should treat their users' attention and concentration as being valuable and thus perform their tasks as unobtrusively as possible. That is, silence in itself is a virtue.”\nThis doesn’t mean a program cannot be verbose, it just means you have to ask it for the additional output, rather than having it by default\n“There is no single, standardized statement of the Unix philosophy, but perhaps the simplest description would be: \"Write programs that are small, simple and transparent. Write them so that they do only one thing, but do it well and can work together with other programs.\" That is, the philosophy centers around the concepts of smallness, simplicity, modularity, craftsmanship, transparency, economy, diversity, portability, flexibility and extensibility.”\n“This philosophy has been fundamental to the the fact that Unix-like operating systems have been thriving for more than three decades, far longer than any other family of operating systems, and can be expected to see continued expansion of use in the years to come”\n“The rule of silence is one of the oldest and most persistent design rules of such operating systems. As intuitive as this rule might seem to experienced users of such systems, it is frequently ignored by the developers of other types of operating systems and application programs for them. The result is often distraction, annoyance and frustration for users.”\n“There are several very good reasons for the rule of silence: (1) One is to avoid cluttering the user's mind with information that might not be necessary or might not even be desired. That is, unnecessary information can be a distraction. Moreover, unnecessary messages generated by some operating systems and application programs are sometimes poorly worded, and can cause confusion or needless worry on the part of users.”\nNo news is good news. When there is bad news, error messages should be descriptive, and ideally tell the user what they might do about the error.\n“A third reason is that command line programs (i.e., all-text mode programs) on Unix-like operating systems are designed to work together with pipes, i.e., the output from one program becomes the input of another program. This is a major feature of such systems, and it accounts for much of their power and flexibility. Consequently, it is important to have only the truly important information included in the output of each program, and thus in the input of the next program.”\nHave you ever had to try to strip out useless output so you could feed that data into another program?\n“The rule of silence originally applied to command line programs, because all programs were originally command line programs. However, it is just as applicable to GUI (graphical user interfaces) programs. That is, unnecessary and annoying information should be avoided regardless of the type of user interface.”\n“A example is the useless and annoying dialog boxes (i.e., small windows) that pop up on the display screen with with surprising frequency on some operating systems and programs. These dialog boxes contain some obvious, cryptic or unnecessary message and require the user to click on them in order to close them and proceed with work. This is an interruption of concentration and a waste of time for most users. Such dialog boxes should be employed only in situations in which some unexpected result might occur or to protect important data.”\nIt goes on to make an analogy about Public Address systems. If too many unimportant messages, like advertisements, are sent over the PA system, people will start to ignore them, and miss the important announcements.\n***\n\n\nThe Tao of tmux\n\n\nAn interesting article floated across my news feed a few weeks back. It’s what essentially boils down to a book called the “Tao of tmux”, which immediately piqued my interest.\nMy story may be similar to many of yours. I was initially raised on using screen, and screen only for my terminal session and multiplexing needs.\nSince then I’ve only had a passing interest in tmux, but its always been one of those utilities I felt was worthy of investing some more time into. (Especially when seeing some of the neat setups some of my peers have with it)\nNeedless to say, this article has been bookmarked, and I’ve started digesting some of it, but thought it would be good to share with anybody else who finds them-self in a similar situation.\nThe book starts off well, explaining in the simplest terms possible what Tmux really is, by comparing and contrasting it to something we are all familiar with, GUIS!\nHelpfully they also include a chart which explains some of the terms we will be using frequently when discussing tmux (https://leanpub.com/the-tao-of-tmux/read#leanpub-auto-window-manager-for-the-terminal) \nOne of the things the author does recommend is also making sure you are up to speed on your Terminal knowledge.\n\n\n\nBefore getting into tmux, a few fundamentals of the command line should be reviewed. Often, we’re so used to using these out of street smarts and muscle memory a great deal of us never see the relation of where these tools stand next to each other.\n\nSeasoned developers are familiar with zsh, Bash, iTerm2, konsole, /dev/tty, shell scripting, and so on. If you use tmux, you’ll be around these all the time, regardless of whether you’re in a GUI on a local machine or SSH’ing into a remote server.\n\nIf you want to learn more about how processes and TTY’s work at the kernel level (data structures and all) the book The Design and Implementation of the FreeBSD Operating System (2nd Edition) by Marshall Kirk McKusick is nice. In particular, Chapter 4, Process Management and Section 8.6, Terminal Handling. The TTY demystified by Linus Åkesson (available online) dives into the TTY and is a good read as well.\n\n\n\nWe had to get that shout-out of Kirk’s book in here ;)\nFrom here the boot/article takes us on a whirlwind journey of Sessions, Windows, Panes and more. Every control- command is covered, information on how to customize your statusbar, tips, tricks and the like. There’s far more here than we can cover in a single segment, but you are highly encouraged to bookmark this one and start your own adventure into the world of tmux.\n***\n\n\nSDF Celebrates 30 years of service in 2017\n\n\nHackerNews thread on SDF \n“Super Dimension Fortress (SDF, also known as freeshell.org) is a non-profit public access UNIX shell provider on the Internet. It has been in continual operation since 1987 as a non-profit social club. The name is derived from the Japanese anime series The Super Dimension Fortress Macross; the original SDF server was a BBS for anime fans[1]. From its BBS roots, which have been well documented as part of the BBS: The Documentary project, SDF has grown into a feature-rich provider serving members around the world.”\nA public access UNIX system, it was many people’s first access to a UNIX shell.\nIn the 90s, Virtual Machines were rare, the software to run them usually cost a lot of money and no one had very much memory to try to run two operating systems at the same time.\nSo for many people, these type of shell accounts were the only way they could access UNIX without having to replace the OS on their only computer\nThis is how I first started with UNIX, eventually moving to paying for access to bigger machines, and then buying my own servers and renting out shell accounts to host IRC servers and channel protection bots.\n“On June 16th, 1987 Ted Uhlemann (handle: charmin, later iczer) connected his Apple ][e's 300 baud modem to the phone line his mother had just given him for his birthday. He had published the number the night before on as many BBSes around the Dallas Ft. Worth area that he could and he waited for the first caller. He had a copy of Magic Micro BBS which was written in Applesoft BASIC and he named the BBS \"SDF-1\" after his favorite Japanimation series ROBOTECH (Macross). He hoped to draw users who were interested in anime, industrial music and the Church of the Subgenius.”\nI too started out in the world of BBSes before I had access to the internet. My parents got my a dedicated phone line for my birthday, so I wouldn’t tie up their line all the time. I quickly ended up running my own BBS, the Sudden Death BBS (Renegade on MS DOS)\nI credit this early experience for my discovery of a passion for Systems Administration, that lead me to my current career\n“Slowly, SDF has grown over all these years, never forgetting our past and unlike many sites on the internet, we actually have a past. Some people today may come here and see us as outdated and \"retro\". But if you get involved, you'll see it is quite alive with new ideas and a platform for opportunity to try many new things. The machines are often refreshed, the quotas are gone, the disk space is expanding as are the features (and user driven features at that) and our cabinets have plenty of space for expansion here in the USA and in Europe (Germany).”\n“Think about ways you'd like to celebrate SDF's 30th and join us on the 'bboard' to discuss what we could do. I realize many of you have likely moved on yourselves, but I just wanted you to know we're still here and we'll keep doing new and exciting things with a foundation in the UNIX shell.”\n***\n\n\nGetting Minecraft to Run on NetBSD\n\n\nOne thing that doesn’t come up often on BSDNow is the idea of gaming. I realize most of us are server folks, or perhaps don’t play games (The PC is for work, use your fancy-smanzy PS4 and get off my lawn you kids)\nToday I thought it would be fun to highlight this post over at Reddit talking about running MineCraft on NetBSD\nNow I realize this may not be news to some of you, but perhaps it is to others. For the record my kids have been playing Minecraft on PC-BSD / TrueOS for years. It's the primary reason they are more often booted into that instead of Windows. (Funny story behind that - Got sick of all the 3rd party mods, which more often than not came helpfully bundled with viruses and malware)\nOn NetBSD the process looks a bit different than on FreeBSD. First up, you’ll need to enable Linux Emulation and install Oracle JRE (Not OpenJDK, that path leads to sadness here)\nThe guide will then walk us through the process of fetching the Linux runtime packages, extracting and then enabling bits such as ‘procfs’ that is required to run the Linux binaries. \nOnce that's done, minecraft is only a simple “oracle8-jre /path/to/minecraft.jar” command away from starting up, and you’ll be “crafting” in no time. (Does anybody even play survival anymore?)\n***\n\n\nBeastie Bits\n\n\nUNIX on the Computer Chronicals  \nFreeBSD: Atheros AR9380 and later, maximum UDP TX goes from 250mbit to 355mbit.  \nCapsicumizing traceroute with casper  \n\n\n\n\nFeedback/Questions\n\n\n Jason - TarSnap on Windows \n Mike - OpenRC \u0026amp; DO \n Anonymous - Old Machines \n Matt - Iocage \n Hjalti - Rclone \u0026amp; FreeNAS \n\n\n","content_html":"\u003cp\u003eThis week on BSD Now, we will be discussing a wide variety of topics including Routers, Run-Controls, the “Rule” of silence and some\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/5ouvmp/ports_no_longer_build_on_eol_freebsd_versions/\" rel=\"nofollow\"\u003ePorts no longer build on EOL FreeBSD versions\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD ports tree has been updated to automatically fail if you try to compile ports on EOL versions of FreeBSD (any version of 9.x or earlier, 10.0 - 10.2, or 11 from before 11.0)\u003c/li\u003e\n\u003cli\u003eThis is to prevent shooting yourself in the food, as the compatibility code for those older OSes has been removed now that they are no longer supported.\u003c/li\u003e\n\u003cli\u003eIf you use pkg, you will also run into problems on old releases. Packages are always built on the oldest supported release in a branch. Until recently, this meant packages for 10.1, 10.2, and 10.3 were compiled on 10.1. Now that 10.1 and 10.2 are EOL, packages for 10.x are compiled on 10.3.\u003c/li\u003e\n\u003cli\u003eThis matters because 10.3 supports the new openat() and various other *at() functions used by capsicum. Now that pkg and packages are built on a version that supports this new feature, they will not run on systems that do not support it. So pkg will exit with an error as soon as it tries to open a file.\u003c/li\u003e\n\u003cli\u003eYou can work around this temporarily by using the pkg-static command, but you should upgrade to a supported release immediately.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/blog/improving-trueos-openrc/\" rel=\"nofollow\"\u003eImproving TrueOS: OpenRC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith TrueOS moving to a rolling-release model, we’ve decided to be a bit more proactive in sharing news about new features that are landing. \u003c/li\u003e\n\u003cli\u003eThis week we’ve posted an article talking about the transition to OpenRC\u003c/li\u003e\n\u003cli\u003eIn past episodes you’ve heard me mention OpenRC, but hopefully today we can help answer any of those lingering questions you may still have about it\u003c/li\u003e\n\u003cli\u003eThe first thing always asked, is “What is OpenRC?”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenRC is a dependency-based init system working with the system provided init program. It is used with several Linux distributions, including Gentoo and Alpine Linux. However, OpenRC was created by the NetBSD developer Roy Marples in one of those interesting intersections of Linux and BSD development. OpenRC’s development history, portability, and 2-clause BSD license make its integration into TrueOS an easy decision.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow that we know a bit about what it is, how does it behave differently than traditional RC?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTrueOS now uses OpenRC to manage all system services, as opposed to FreeBSD’s RC. Instead of using rc.d for base system rc scripts, OpenRC uses init.d. Also, every service in OpenRC has its own user configuration file, located in /etc/conf.d/ for the base system and /usr/local/etc.conf.d/ for ports. Finally, OpenRC uses runlevels, as opposed to the FreeBSD single- or multi- user modes. You can view the services and their runlevels by typing $ rc-update show -v in a CLI. Also, TrueOS integrates OpenRC service management into SysAdm with the Service Manager tool\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eOne of the prime benefits of OpenRC is much faster boot-times, which is important in a portable world of laptops (and desktops as well). But service monitoring and crash detection are also important parts of what make OpenRC a substantial upgrade for TrueOS.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLastly people have asked us about migration, what is done, what isn’t? As of now almost all FreeBSD base system services have been migrated over. In addition most desktop-facing services required to run Lumina and the like are also ported. We are still going through the ports tree and converting legacy rc.d scripts to init.d, but the process takes time. Several new folks have begun contributing OpenRC scripts and we hope to have all the roughly 1k ports converted over this year. \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.70/\" rel=\"nofollow\"\u003eBSDRP Releases 1.70  \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new release of the BSD Router Project\u003c/li\u003e\n\u003cli\u003eThis distro is designed to replace high end routers, like those from Cisco and Juniper, with FreeBSD running on regular off-the-shelf server.\u003c/li\u003e\n\u003cli\u003eHighlights:\n\n\u003cul\u003e\n\u003cli\u003eUpgraded to FreeBSD 11.0-STABLE r312663 (skip 11.0 for massive performance improvement)\u003c/li\u003e\n\u003cli\u003eRe-Added: netmap-fwd (\u003ca href=\"https://github.com/Netgate/netmap-fwd\" rel=\"nofollow\"\u003ehttps://github.com/Netgate/netmap-fwd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd FIBsync patch to netmap-fwd from Zollner Robert \u003cwolfit_ro@yahoo.com\u003e\u003c/li\u003e\n\u003cli\u003enetmap pkt-gen supports IPv6, thanks to Andrey V. Elsukov (\u003ca href=\"mailto:ae@freebsd.org\" rel=\"nofollow\"\u003eae@freebsd.org\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebird 1.6.3 (add BGP Large communities support)\u003c/li\u003e\n\u003cli\u003eOpenVPN 2.4.0 (adds the high speed AEAD GCM cipher)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAll of the other packages have also been upgraded\u003c/li\u003e\n\u003cli\u003eA lot of great work has been done on BSDRP, and it has also generated a lot of great benchmarks and testing that have resulted in performance increases and improved understanding of how FreeBSD networking scales across different CPU types and speeds\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/7b1aa074fcd99442a1345fb8a695b62d01d9c7fd\" rel=\"nofollow\"\u003eDragonFlyBSD gets UEFI support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis commit adds support for UEFI to the Dragonfly Installer, allowing new systems to be installed to boot from UEFI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/9d53bd00e9be53d6b893afd79111370ee0c053b0\" rel=\"nofollow\"\u003eThis script\u003c/a\u003e provides a way to build a HAMMER filesystem that works with UEFI\u003c/li\u003e\n\u003cli\u003eThere is also a \u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/d195d5099328849c500d4a1b94d6915d3c72c71e\" rel=\"nofollow\"\u003eUEFI man page\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5fa778d7b36ab0981ff9dcbd96c71ebf653a6a19\" rel=\"nofollow\"\u003einstall media\u003c/a\u003e has also been updated to support booting from either UEFI or MBR, in the same way that the FreeBSD images work\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.linfo.org/rule_of_silence.html\" rel=\"nofollow\"\u003eThe Rule of Silence\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The rule of silence, also referred to as the silence is golden rule, is an important part of the Unix philosophy that states that when a program has nothing surprising, interesting or useful to say, it should say nothing. It means that well-behaved programs should treat their users\u0026#39; attention and concentration as being valuable and thus perform their tasks as unobtrusively as possible. That is, silence in itself is a virtue.”\u003c/li\u003e\n\u003cli\u003eThis doesn’t mean a program cannot be verbose, it just means you have to ask it for the additional output, rather than having it by default\u003c/li\u003e\n\u003cli\u003e“There is no single, standardized statement of the Unix philosophy, but perhaps the simplest description would be: \u0026quot;Write programs that are small, simple and transparent. Write them so that they do only one thing, but do it well and can work together with other programs.\u0026quot; That is, the philosophy centers around the concepts of smallness, simplicity, modularity, craftsmanship, transparency, economy, diversity, portability, flexibility and extensibility.”\u003c/li\u003e\n\u003cli\u003e“This philosophy has been fundamental to the the fact that Unix-like operating systems have been thriving for more than three decades, far longer than any other family of operating systems, and can be expected to see continued expansion of use in the years to come”\u003c/li\u003e\n\u003cli\u003e“The rule of silence is one of the oldest and most persistent design rules of such operating systems. As intuitive as this rule might seem to experienced users of such systems, it is frequently ignored by the developers of other types of operating systems and application programs for them. The result is often distraction, annoyance and frustration for users.”\u003c/li\u003e\n\u003cli\u003e“There are several very good reasons for the rule of silence: (1) One is to avoid cluttering the user\u0026#39;s mind with information that might not be necessary or might not even be desired. That is, unnecessary information can be a distraction. Moreover, unnecessary messages generated by some operating systems and application programs are sometimes poorly worded, and can cause confusion or needless worry on the part of users.”\u003c/li\u003e\n\u003cli\u003eNo news is good news. When there is bad news, error messages should be descriptive, and ideally tell the user what they might do about the error.\u003c/li\u003e\n\u003cli\u003e“A third reason is that command line programs (i.e., all-text mode programs) on Unix-like operating systems are designed to work together with pipes, i.e., the output from one program becomes the input of another program. This is a major feature of such systems, and it accounts for much of their power and flexibility. Consequently, it is important to have only the truly important information included in the output of each program, and thus in the input of the next program.”\u003c/li\u003e\n\u003cli\u003eHave you ever had to try to strip out useless output so you could feed that data into another program?\u003c/li\u003e\n\u003cli\u003e“The rule of silence originally applied to command line programs, because all programs were originally command line programs. However, it is just as applicable to GUI (graphical user interfaces) programs. That is, unnecessary and annoying information should be avoided regardless of the type of user interface.”\u003c/li\u003e\n\u003cli\u003e“A example is the useless and annoying dialog boxes (i.e., small windows) that pop up on the display screen with with surprising frequency on some operating systems and programs. These dialog boxes contain some obvious, cryptic or unnecessary message and require the user to click on them in order to close them and proceed with work. This is an interruption of concentration and a waste of time for most users. Such dialog boxes should be employed only in situations in which some unexpected result might occur or to protect important data.”\u003c/li\u003e\n\u003cli\u003eIt goes on to make an analogy about Public Address systems. If too many unimportant messages, like advertisements, are sent over the PA system, people will start to ignore them, and miss the important announcements.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://leanpub.com/the-tao-of-tmux/read\" rel=\"nofollow\"\u003eThe Tao of tmux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting article floated across my news feed a few weeks back. It’s what essentially boils down to a book called the “Tao of tmux”, which immediately piqued my interest.\u003c/li\u003e\n\u003cli\u003eMy story may be similar to many of yours. I was initially raised on using screen, and screen only for my terminal session and multiplexing needs.\u003c/li\u003e\n\u003cli\u003eSince then I’ve only had a passing interest in tmux, but its always been one of those utilities I felt was worthy of investing some more time into. (Especially when seeing some of the neat setups some of my peers have with it)\u003c/li\u003e\n\u003cli\u003eNeedless to say, this article has been bookmarked, and I’ve started digesting some of it, but thought it would be good to share with anybody else who finds them-self in a similar situation.\u003c/li\u003e\n\u003cli\u003eThe book starts off well, explaining in the simplest terms possible what Tmux really is, by comparing and contrasting it to something we are all familiar with, GUIS!\u003c/li\u003e\n\u003cli\u003eHelpfully they also include a chart which explains some of the terms we will be using frequently when discussing tmux (\u003ca href=\"https://leanpub.com/the-tao-of-tmux/read#leanpub-auto-window-manager-for-the-terminal\" rel=\"nofollow\"\u003ehttps://leanpub.com/the-tao-of-tmux/read#leanpub-auto-window-manager-for-the-terminal\u003c/a\u003e) \u003c/li\u003e\n\u003cli\u003eOne of the things the author does recommend is also making sure you are up to speed on your Terminal knowledge.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eBefore getting into tmux, a few fundamentals of the command line should be reviewed. Often, we’re so used to using these out of street smarts and muscle memory a great deal of us never see the relation of where these tools stand next to each other.\u003c/p\u003e\n\n\u003cp\u003eSeasoned developers are familiar with zsh, Bash, iTerm2, konsole, /dev/tty, shell scripting, and so on. If you use tmux, you’ll be around these all the time, regardless of whether you’re in a GUI on a local machine or SSH’ing into a remote server.\u003c/p\u003e\n\n\u003cp\u003eIf you want to learn more about how processes and TTY’s work at the kernel level (data structures and all) the book The Design and Implementation of the FreeBSD Operating System (2nd Edition) by Marshall Kirk McKusick is nice. In particular, Chapter 4, Process Management and Section 8.6, Terminal Handling. The TTY demystified by Linus Åkesson (available online) dives into the TTY and is a good read as well.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe had to get that shout-out of Kirk’s book in here ;)\u003c/li\u003e\n\u003cli\u003eFrom here the boot/article takes us on a whirlwind journey of Sessions, Windows, Panes and more. Every control-\u003cX\u003e command is covered, information on how to customize your statusbar, tips, tricks and the like. There’s far more here than we can cover in a single segment, but you are highly encouraged to bookmark this one and start your own adventure into the world of tmux.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sdf.org/\" rel=\"nofollow\"\u003eSDF Celebrates 30 years of service in 2017\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://news.ycombinator.com/item?id=13453774\" rel=\"nofollow\"\u003eHackerNews thread on SDF \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e“Super Dimension Fortress (SDF, also known as freeshell.org) is a non-profit public access UNIX shell provider on the Internet. It has been in continual operation since 1987 as a non-profit social club. The name is derived from the Japanese anime series The Super Dimension Fortress Macross; the original SDF server was a BBS for anime fans[1]. From its BBS roots, which have been well documented as part of the BBS: The Documentary project, SDF has grown into a feature-rich provider serving members around the world.”\u003c/li\u003e\n\u003cli\u003eA public access UNIX system, it was many people’s first access to a UNIX shell.\u003c/li\u003e\n\u003cli\u003eIn the 90s, Virtual Machines were rare, the software to run them usually cost a lot of money and no one had very much memory to try to run two operating systems at the same time.\u003c/li\u003e\n\u003cli\u003eSo for many people, these type of shell accounts were the only way they could access UNIX without having to replace the OS on their only computer\u003c/li\u003e\n\u003cli\u003eThis is how I first started with UNIX, eventually moving to paying for access to bigger machines, and then buying my own servers and renting out shell accounts to host IRC servers and channel protection bots.\u003c/li\u003e\n\u003cli\u003e“On June 16th, 1987 Ted Uhlemann (handle: charmin, later iczer) connected his Apple ][e\u0026#39;s 300 baud modem to the phone line his mother had just given him for his birthday. He had published the number the night before on as many BBSes around the Dallas Ft. Worth area that he could and he waited for the first caller. He had a copy of Magic Micro BBS which was written in Applesoft BASIC and he named the BBS \u0026quot;SDF-1\u0026quot; after his favorite Japanimation series ROBOTECH (Macross). He hoped to draw users who were interested in anime, industrial music and the Church of the Subgenius.”\u003c/li\u003e\n\u003cli\u003eI too started out in the world of BBSes before I had access to the internet. My parents got my a dedicated phone line for my birthday, so I wouldn’t tie up their line all the time. I quickly ended up running my own BBS, the Sudden Death BBS (\u003ca href=\"https://en.wikipedia.org/wiki/Renegade_(BBS)\" rel=\"nofollow\"\u003eRenegade\u003c/a\u003e on MS DOS)\u003c/li\u003e\n\u003cli\u003eI credit this early experience for my discovery of a passion for Systems Administration, that lead me to my current career\u003c/li\u003e\n\u003cli\u003e“Slowly, SDF has grown over all these years, never forgetting our past and unlike many sites on the internet, we actually have a past. Some people today may come here and see us as outdated and \u0026quot;retro\u0026quot;. But if you get involved, you\u0026#39;ll see it is quite alive with new ideas and a platform for opportunity to try many new things. The machines are often refreshed, the quotas are gone, the disk space is expanding as are the features (and user driven features at that) and our cabinets have plenty of space for expansion here in the USA and in Europe (Germany).”\u003c/li\u003e\n\u003cli\u003e“Think about ways you\u0026#39;d like to celebrate SDF\u0026#39;s 30th and join us on the \u0026#39;bboard\u0026#39; to discuss what we could do. I realize many of you have likely moved on yourselves, but I just wanted you to know we\u0026#39;re still here and we\u0026#39;ll keep doing new and exciting things with a foundation in the UNIX shell.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/NetBSD/comments/5mtsy1/getting_minecraft_to_run_on_netbsd/\" rel=\"nofollow\"\u003eGetting Minecraft to Run on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne thing that doesn’t come up often on BSDNow is the idea of gaming. I realize most of us are server folks, or perhaps don’t play games (The PC is for work, use your fancy-smanzy PS4 and get off my lawn you kids)\u003c/li\u003e\n\u003cli\u003eToday I thought it would be fun to highlight this post over at Reddit talking about running MineCraft on NetBSD\u003c/li\u003e\n\u003cli\u003eNow I realize this may not be news to some of you, but perhaps it is to others. For the record my kids have been playing Minecraft on PC-BSD / TrueOS for years. It\u0026#39;s the primary reason they are more often booted into that instead of Windows. (Funny story behind that - Got sick of all the 3rd party mods, which more often than not came helpfully bundled with viruses and malware)\u003c/li\u003e\n\u003cli\u003eOn NetBSD the process looks a bit different than on FreeBSD. First up, you’ll need to enable Linux Emulation and install Oracle JRE (Not OpenJDK, that path leads to sadness here)\u003c/li\u003e\n\u003cli\u003eThe guide will then walk us through the process of fetching the Linux runtime packages, extracting and then enabling bits such as ‘procfs’ that is required to run the Linux binaries. \u003c/li\u003e\n\u003cli\u003eOnce that\u0026#39;s done, minecraft is only a simple “oracle8-jre /path/to/minecraft.jar” command away from starting up, and you’ll be “crafting” in no time. (Does anybody even play survival anymore?)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://youtu.be/g7P16mYDIJw\" rel=\"nofollow\"\u003eUNIX on the Computer Chronicals \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/erikarn/status/823298416939659264\" rel=\"nofollow\"\u003eFreeBSD: Atheros AR9380 and later, maximum UDP TX goes from 250mbit to 355mbit. \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://reviews.freebsd.org/D9303\" rel=\"nofollow\"\u003eCapsicumizing traceroute with casper \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Sr1BTzVN\" rel=\"nofollow\"\u003e Jason - TarSnap on Windows\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/zpHyhHQG\" rel=\"nofollow\"\u003e Mike - OpenRC \u0026amp; DO\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/YnjkrDmk\" rel=\"nofollow\"\u003e Anonymous - Old Machines\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/pBUXtFak\" rel=\"nofollow\"\u003e Matt - Iocage\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/zNkK3epM\" rel=\"nofollow\"\u003e Hjalti - Rclone \u0026amp; FreeNAS\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"This week on BSD Now, we will be discussing a wide variety of topics including Routers, Run-Controls, the “Rule” of silence and some","date_published":"2017-01-25T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/432eecad-cec1-4297-a8eb-87d5b5b088fd.mp3","mime_type":"audio/mpeg","size_in_bytes":57001684,"duration_in_seconds":4750}]},{"id":"5a206fe8-bd5f-49b2-9eb2-31a50cafedc3","title":"177: Getting Pi on my Wifi","url":"https://www.bsdnow.tv/177","content_text":"This week on BSDNow, we’ve got Wifi galore, a new iocage and some RPi3 news and guides to share. Stay tuned for your place to B...SD!\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nWiFi: 11n hostap mode added to athn(4) driver, testers wanted\n\n\n“OpenBSD as WiFi access points look set to be making a comeback in the near future”\n“Stefan Sperling added 802.11n hostap mode, with full support initially for the Atheros chips supported by the athn(4) driver.”\n “Hostap performance is not perfect yet but should be no worse than 11a/b/g modes in the same environment.”\n“For Linux clients a fix for WME params is needed which I also posted to tech@”\n“This diff does not modify the known-broken and disabled ar9003 code, apart from making sure it still builds.”\n“I'm looking for both tests and OKs.”\nThere has also been a flurry of work  in FreeBSD on the ath10k driver, which supports 802.11ac\nLike this one and this one\n\n\n\n\nThe long-awaited iocage update has landed\n\n\nWe’ve hinted at the new things happening behind the scenes with iocage, and this last week the code has made its first public debut. \nSo what’s changed you may ask. The biggest is that iocage has undergone a complete overhaul, moving from its original shell-base to python.\nThe story behind that is that the author (Brandon) works at iXsystems, and the plan is to move away from the legacy warden-based jail management which was also shell-based.\nThis new python re-write will allow it to integrate into FreeNAS (and other projects) better by exposing an API for all jail management tasks. Thats right, no more ugly CLI output parsing just to wrangle jail options either at creation or runtime. \nBut what about users who just run iocage manually from the CLI? No worries, the new iocage is almost identical to the original CLI usage, making the switch over very simple.\nJust to re-cap, lets look at the new features list:\n\n\n“FEATURES:\n\n\nEase of use\nRapid jail creation within seconds\nAutomatic package installation\nVirtual networking stacks (vnet)\nShared IP based jails (non vnet)\nTransparent ZFS snapshot management\nExport and import\n“\nThe new iocage is available now via ports and packages under sysutils/py-iocage, give it a spin and be sure to report issues back to the developer(s).\n***\n\n\nReading DHT11 temperature sensors on a Raspberry Pi under FreeBSD \n\n\n“DHT-11 is a very cheap temperature/humidity sensor which is commonly used in the IoT devices. It is not very accurate, so for the accurate measurement i would recommend to use DHT21 instead. Anyway, i had DHT-11 in my tool box, so decided to start with it. DHT-11 using very simple 1 wire protocol – host is turning on chip by sending 18ms low signal to the data output and then reading 40 bytes of data.”\n“To read data from the chip it should be connected to the power (5v) and gpio pin. I used pin 2 as VCC, 6 as GND and 11 as GPIO”\n“There is no support for this device out of the box on FreeBSD. I found some sample code on the github, see lex/freebsd-gpio-dht11 repository. This code was a good starting point, but soon i found 2 issues with it:\n\n\nResults are very unreliable, probably due to gpio decoding algorithm.\n\nChecksum is not validated, so sometime values are bogus.\n“Initially i was thinking to fix this myself, but later found kernel module for this purpose, 1 wire over gpio. This module contains DHT11 kernel driver (gpio_sw) which implements DHT-11 protocol in the kernel space and exporting /dev/sw0 for the userland. Driver compiles on FreeBSD11/ARM without any changes. Use make install to install the driver.”\nThe articles goes into how to install and configure the driver, including a set of devfs rules to allow non-root users to read from the sensor\n“Final goal was to add this sensor to the domoticz software. It is using LUA scripting to extend it functionality, e.g. to obtain data from non-supported or non standard devices. So, i decided to read /dev/sw0 from the LUA.”\nThey ran into some trouble with LUA trying to read too much data at once, and had to work around it\nIn the end, they got the results and were able to use them in the monitoring tool\n***\n\n\nTor-ified Home Network using HardenedBSD and a RPi3\n\n\nShawn from HardendBSD has posted an article up on GitHub talking about his deployment of a new Tor relay on a RPi3\nThis particular method was attractive, since it allows running a Relay, but without it being on a machine which may have personal data, such as SSH keys, files, etc\nWhile his setup is done on HardendBSD, the same applies to a traditional FreeBSD setup as well. \nFirst up, is the list of things needed for this project:\n\n\nRaspberry Pi 3 Model B Rev 1.2 (aka, RPI3)\nSerial console cable for the RPI3\nBelkin F4U047 USB Ethernet Dongle\nInsignia NS-CR2021 USB 2.0 SD/MMC Memory Card Reader\n32GB SanDisk Ultra PLUS MicroSDHC\nA separate system, running FreeBSD or HardenedBSD\nHardenedBSD clang 4.0.0 image for the RPI3\nAn external drive to be formatted\nA MicroUSB cable to power the RPI3\nTwo network cables\nOptional: Edimax N150 EW-7811Un Wireless USB\nBasic knowledge of vi\n\n\nAfter getting HBSD running on the RPi3 and serial connection established, he then takes us through the process of installing and enabling the various services needed. (Don’t forget to growfs your sdcard first!)\nNow the tricky part is that some of the packages needed to be compiled from ports, which is somewhat time-consuming on a RPi. He strongly recommends not compiling on the sdcard (it sounds like personal experience has taught him well) and to use iscsi or some external USB drive. \nWith the compiling done, our package / software setup is nearly complete. Next up is firewalling the box, which he helpfully provides a full PF config setup that we can copy-n-paste here.\nThe last bits will be enabling the torrc configuration knobs, which if you follow his example again, will result in a tor public relay, and a local transparent proxy for you.\nBonus! Shawn helpfully provides DHCPD configurations, and even Wireless AP configurations, if you want to setup your RPi3 to proxy for devices that connect to \nit.\n***\n\n\nNews Roundup\n\nUnix Admin. Horror Story Summary, version 1.0\n\n\nA great collection of stories, many of which will ring true with our viewers\nThe very first one, is about a user changing root’s shell to /usr/local/bin/tcsh but forgetting to make it executable, resulting in not being able to login as root.\nI too have run into this issue, in a slightly different way. I had tcsh as my user shell (back before tcsh was in base), and after a major OS upgrade, but before I had a chance to recompile all of my ports. Now I couldn’t ssh in to the remote machine in order to recompile my shell. Now I always use a shell included in the base system, and test it before rebooting after an upgrade.\n“Our operations group, a VMS group but trying to learn UNIX, was assigned account administration. They were cleaning up a few non-used accounts like they do on VMS - backup and purge. When they came across the account \"sccs\", which had never been accessed, away it went. The \"deleteuser\" utility from DEC asks if you would like to delete all the files in the account. Seems reasonable, huh? Well, the home directory for \"sccs\" is \"/\". Enough said :-(“\n“I was working on a line printer spooler, which lived in /etc.  I wanted to remove it, and so issued the command \"rm /etc/lpspl.\"  There was only one problem.  Out of habit, I typed \"passwd\" after \"/etc/\" and removed the password file.  Oops.”\nI’ve done things like this as well. Finger memory can be dangerous\n“I was happily churning along developing something on a Sun workstation, and was getting a number of annoying permission denieds from trying to write into a directory heirarchy that I didn't own.  Getting tired of that, I decided to set the permissions on that subtree to 777 while I was working, so I wouldn't have to worry about it.  Someone had recently told me that rather than using plain \"su\", it was good to use \"su -\", but the implications had not yet sunk in.  (You can probably see where this is going already, but I'll go to the bitter end.)  Anyway, I cd'd to where I wanted to be, the top of my subtree, and did su -.  Then I did chmod -R 777.  I then started to wonder why it was taking so damn long when there were only about 45 files in 20 directories under where I (thought) I was.  Well, needless to say, su - simulates a real login, and had put me into root's home directory, /, so I was proceeding to set file permissions for the whole system to wide open. I aborted it before it finished, realizing that something was wrong, but this took quite a while to straighten out.”\nWhere is a ZFS snapshot when you need it?\n***\n\n\nHow individual contributors get stuck\n\n\nAn interesting post looking at the common causes of people getting stuck when trying to create or contribute new code\n\n\nBrainstorming/architecture: “I must have thought through all edge cases of all parts of everything before I can begin this project”\nResearching possible solutions forever (often accompanied by desire to do a “bakeoff” where they build prototypes in different platforms/languages/etc)\nRefactoring: “this code could be cleaner and everything would be just so much easier if we cleaned this up… and this up… and…”\nHelping other people instead of doing their assigned tasks (this one isn’t a bad thing in an open source community)\nWorking on side projects instead of the main project (it is your time, it is up to you how to spend it)\nExcessive testing (rare)\nExcessive automation (rare)\nFinish the last 10–20% of a project\nStart a project completely from scratch\nDo project planning (You need me to write what now? A roadmap?) (this is why FreeBSD has devsummits, some things you just need to whiteboard)\nWork with unfamiliar code/libraries/systems\nWork with other teams (please don’t make me go sit with data engineering!!)\nTalk to other people\nAsk for help (far beyond the point they realized they were stuck and needed help)\nDeal with surprises or unexpected setbacks\nDeal with vendors/external partners\nSay no, because they can’t seem to just say no (instead of saying no they just go into avoidance mode, or worse, always say yes)\n\n“Noticing how people get stuck is a super power, and one that many great tech leads (and yes, managers) rely on to get big things done. When you know how people get stuck, you can plan your projects to rely on people for their strengths and provide them help or even completely side-step their weaknesses. You know who is good to ask for which kinds of help, and who hates that particular challenge just as much as you do.”\n“The secret is that all of us get stuck and sidetracked sometimes. There’s actually nothing particularly “bad” about this. Knowing the ways that you get hung up is good because you can choose to either a) get over the fears that are sticking you (lack of knowledge, skills, or confidence), b) avoid such tasks as much as possible, and/or c) be aware of your habits and use extra diligence when faced with tackling these areas.”\n***\n\n\nMake Docs!\n\n\n“MkDocs is a fast, simple and downright gorgeous static site generator that's geared towards building project documentation. Documentation source files are written in Markdown, and configured with a single YAML configuration file.”\n“MkDocs builds completely static HTML sites that you can host on GitHub pages, Amazon S3, or anywhere else you choose”\nIt is an easy to install python package\nIt includes a server mode that auto-refreshes the page as you write the docs, making it easy to preview your work before you post it online\nEverything needs docs, and writing docs should be as simple as possible, so that more of them will get written\nGo write some docs!\n***\n\n\nExperimental FreeNAS 11/12 builds\n\n\nWe know there’s a lot of FreeNAS users who listen to BSDNow, so I felt it was important to share this little tidbit.\nI’ve posted something to the forums last night which includes links to brand-new spins of FreeNAS 9.10 based upon FreeBSD 11/stable and 12/current. \nThese builds are updated nightly via our Jenkins infrastructure and hopefully will provide a new playground for technical folks and developers to experiment with FreeBSD features in their FreeNAS environment, long before they make it into a -STABLE release. \nAs usual, the notes of caution do apply, these are nightlies, and as such bugs will abound. Do NOT use these with your production data, unless you are crazy, or just want an excuse to test your backup strategy\nIf you do run these builds, of course feedback is welcome via the usual channels, such as the bug tracker. \nThe hope is that by testing FreeBSD code earlier, we can vet and determine what is safe / ready to go into mainline FreeNAS sooner rather than later.\n***\n\n\nBeastie Bits\n\n\nAn Explainer on Unix’s Most Notorious Code Comment \nturn your network inside out with one pf.conf trick\nA story of if_get(9)\nApple re-affirms its commitment to LLVM/Clang  \npython 3k17\n2017 presentation proposals \nNetBSD 7.1_RC1 available\n#define FS_UFS2_MAGIC 0x19540119 (Happy Birthday to Kirk McKusick tomorrow)\n***\n\n\nFeedback/Questions\n\n\n J - LetsEncrypt \n Mike - OpenRC \n Timothy - ZFS Horror \n Troels \n Jason - Disk Label \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we’ve got Wifi galore, a new iocage and some RPi3 news and guides to share. Stay tuned for your place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20170109213803\" rel=\"nofollow\"\u003eWiFi: 11n hostap mode added to athn(4) driver, testers wanted\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“OpenBSD as WiFi access points look set to be making a comeback in the near future”\u003c/li\u003e\n\u003cli\u003e“Stefan Sperling added 802.11n hostap mode, with full support initially for the Atheros chips supported by the athn(4) driver.”\u003c/li\u003e\n\u003cli\u003e “Hostap performance is not perfect yet but should be no worse than 11a/b/g modes in the same environment.”\u003c/li\u003e\n\u003cli\u003e“For Linux clients a fix for WME params is needed which I also posted to tech@”\u003c/li\u003e\n\u003cli\u003e“This diff does not modify the known-broken and disabled ar9003 code, apart from making sure it still builds.”\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e“I\u0026#39;m looking for both tests and OKs.”\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThere has also been a \u003ca href=\"http://svnweb.freebsd.org/base/head/sys/net80211/?view=log\" rel=\"nofollow\"\u003eflurry of work\u003c/a\u003e  in FreeBSD on the ath10k driver, which supports 802.11ac\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLike \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=310147\" rel=\"nofollow\"\u003ethis one\u003c/a\u003e and \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=311579\" rel=\"nofollow\"\u003ethis one\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/iocage/iocage\" rel=\"nofollow\"\u003eThe long-awaited iocage update has landed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve hinted at the new things happening behind the scenes with iocage, and this last week the code has made its first public debut. \u003c/li\u003e\n\u003cli\u003eSo what’s changed you may ask. The biggest is that iocage has undergone a complete overhaul, moving from its original shell-base to python.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eThe story behind that is that the author (Brandon) works at iXsystems, and the plan is to move away from the legacy warden-based jail management which was also shell-based.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eThis new python re-write will allow it to integrate into FreeNAS (and other projects) better by exposing an API for all jail management tasks. Thats right, no more ugly CLI output parsing just to wrangle jail options either at creation or runtime. \u003c/li\u003e\n\u003cli\u003eBut what about users who just run iocage manually from the CLI? No worries, the new iocage is almost identical to the original CLI usage, making the switch over very simple.\u003c/li\u003e\n\u003cli\u003eJust to re-cap, lets look at the new features list:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e“FEATURES:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEase of use\u003c/li\u003e\n\u003cli\u003eRapid jail creation within seconds\u003c/li\u003e\n\u003cli\u003eAutomatic package installation\u003c/li\u003e\n\u003cli\u003eVirtual networking stacks (vnet)\u003c/li\u003e\n\u003cli\u003eShared IP based jails (non vnet)\u003c/li\u003e\n\u003cli\u003eTransparent ZFS snapshot management\u003c/li\u003e\n\u003cli\u003eExport and import\n“\u003c/li\u003e\n\u003cli\u003eThe new iocage is available now via ports and packages under sysutils/py-iocage, give it a spin and be sure to report issues back to the developer(s).\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://smallhacks.wordpress.com/2017/01/14/reading-dht11-temperature-sensor-on-raspberry-pi-under-freebsd/\" rel=\"nofollow\"\u003eReading DHT11 temperature sensors on a Raspberry Pi under FreeBSD \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“DHT-11 is a very cheap temperature/humidity sensor which is commonly used in the IoT devices. It is not very accurate, so for the accurate measurement i would recommend to use DHT21 instead. Anyway, i had DHT-11 in my tool box, so decided to start with it. DHT-11 using very simple 1 wire protocol – host is turning on chip by sending 18ms low signal to the data output and then reading 40 bytes of data.”\u003c/li\u003e\n\u003cli\u003e“To read data from the chip it should be connected to the power (5v) and gpio pin. I used pin 2 as VCC, 6 as GND and 11 as GPIO”\u003c/li\u003e\n\u003cli\u003e“There is no support for this device out of the box on FreeBSD. I found some sample code on the github, see \u003ca href=\"https://github.com/lex/freebsd-gpio-dht11\" rel=\"nofollow\"\u003elex/freebsd-gpio-dht11\u003c/a\u003e repository. This code was a good starting point, but soon i found 2 issues with it:\n\n\u003cul\u003e\n\u003cli\u003eResults are very unreliable, probably due to gpio decoding algorithm.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eChecksum is not validated, so sometime values are bogus.\u003c/li\u003e\n\u003cli\u003e“Initially i was thinking to fix this myself, but later found kernel module for this purpose, \u003ca href=\"http://www.my-tour.ru/FreeBSD/1-wire_over_gpio/\" rel=\"nofollow\"\u003e1 wire over gpio\u003c/a\u003e. This module contains DHT11 kernel driver (gpio_sw) which implements DHT-11 protocol in the kernel space and exporting /dev/sw0 for the userland. Driver compiles on FreeBSD11/ARM without any changes. Use make install to install the driver.”\u003c/li\u003e\n\u003cli\u003eThe articles goes into how to install and configure the driver, including a set of devfs rules to allow non-root users to read from the sensor\u003c/li\u003e\n\u003cli\u003e“Final goal was to add this sensor to the domoticz software. It is using LUA scripting to extend it functionality, e.g. to obtain data from non-supported or non standard devices. So, i decided to read /dev/sw0 from the LUA.”\u003c/li\u003e\n\u003cli\u003eThey ran into some trouble with LUA trying to read too much data at once, and had to work around it\u003c/li\u003e\n\u003cli\u003eIn the end, they got the results and were able to use them in the monitoring tool\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/lattera/articles/blob/master/infosec/tor/2017-01-14_torified_home/article.md\" rel=\"nofollow\"\u003eTor-ified Home Network using HardenedBSD and a RPi3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eShawn from HardendBSD has posted an article up on GitHub talking about his deployment of a new Tor relay on a RPi3\u003c/li\u003e\n\u003cli\u003eThis particular method was attractive, since it allows running a Relay, but without it being on a machine which may have personal data, such as SSH keys, files, etc\u003c/li\u003e\n\u003cli\u003eWhile his setup is done on HardendBSD, the same applies to a traditional FreeBSD setup as well. \u003c/li\u003e\n\u003cli\u003eFirst up, is the list of things needed for this project:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eRaspberry Pi 3 Model B Rev 1.2 (aka, RPI3)\u003cbr\u003e\nSerial console cable for the RPI3\u003cbr\u003e\nBelkin F4U047 USB Ethernet Dongle\u003cbr\u003e\nInsignia NS-CR2021 USB 2.0 SD/MMC Memory Card Reader\u003cbr\u003e\n32GB SanDisk Ultra PLUS MicroSDHC\u003cbr\u003e\nA separate system, running FreeBSD or HardenedBSD\u003cbr\u003e\nHardenedBSD clang 4.0.0 image for the RPI3\u003cbr\u003e\nAn external drive to be formatted\u003cbr\u003e\nA MicroUSB cable to power the RPI3\u003cbr\u003e\nTwo network cables\u003cbr\u003e\nOptional: Edimax N150 EW-7811Un Wireless USB\u003cbr\u003e\nBasic knowledge of vi\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter getting HBSD running on the RPi3 and serial connection established, he then takes us through the process of installing and enabling the various services needed. (Don’t forget to growfs your sdcard first!)\u003c/li\u003e\n\u003cli\u003eNow the tricky part is that some of the packages needed to be compiled from ports, which is somewhat time-consuming on a RPi. He strongly recommends not compiling on the sdcard (it sounds like personal experience has taught him well) and to use iscsi or some external USB drive. \u003c/li\u003e\n\u003cli\u003eWith the compiling done, our package / software setup is nearly complete. Next up is firewalling the box, which he helpfully provides a full PF config setup that we can copy-n-paste here.\u003c/li\u003e\n\u003cli\u003eThe last bits will be enabling the torrc configuration knobs, which if you follow his example again, will result in a tor public relay, and a local transparent proxy for you.\u003c/li\u003e\n\u003cli\u003eBonus! Shawn helpfully provides DHCPD configurations, and even Wireless AP configurations, if you want to setup your RPi3 to proxy for devices that connect to \nit.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www-uxsup.csx.cam.ac.uk/misc/horror.txt\" rel=\"nofollow\"\u003eUnix Admin. Horror Story Summary, version 1.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA great collection of stories, many of which will ring true with our viewers\u003c/li\u003e\n\u003cli\u003eThe very first one, is about a user changing root’s shell to /usr/local/bin/tcsh but forgetting to make it executable, resulting in not being able to login as root.\u003c/li\u003e\n\u003cli\u003eI too have run into this issue, in a slightly different way. I had tcsh as my user shell (back before tcsh was in base), and after a major OS upgrade, but before I had a chance to recompile all of my ports. Now I couldn’t ssh in to the remote machine in order to recompile my shell. Now I always use a shell included in the base system, and test it before rebooting after an upgrade.\u003c/li\u003e\n\u003cli\u003e“Our operations group, a VMS group but trying to learn UNIX, was assigned account administration. They were cleaning up a few non-used accounts like they do on VMS - backup and purge. When they came across the account \u0026quot;sccs\u0026quot;, which had never been accessed, away it went. The \u0026quot;deleteuser\u0026quot; utility from DEC asks if you would like to delete all the files in the account. Seems reasonable, huh? Well, the home directory for \u0026quot;sccs\u0026quot; is \u0026quot;/\u0026quot;. Enough said :-(“\u003c/li\u003e\n\u003cli\u003e“I was working on a line printer spooler, which lived in /etc.  I wanted to remove it, and so issued the command \u0026quot;rm /etc/lpspl.\u0026quot;  There was only one problem.  Out of habit, I typed \u0026quot;passwd\u0026quot; after \u0026quot;/etc/\u0026quot; and removed the password file.  Oops.”\u003c/li\u003e\n\u003cli\u003eI’ve done things like this as well. Finger memory can be dangerous\u003c/li\u003e\n\u003cli\u003e“I was happily churning along developing something on a Sun workstation, and was getting a number of annoying permission denieds from trying to write into a directory heirarchy that I didn\u0026#39;t own.  Getting tired of that, I decided to set the permissions on that subtree to 777 while I was working, so I wouldn\u0026#39;t have to worry about it.  Someone had recently told me that rather than using plain \u0026quot;su\u0026quot;, it was good to use \u0026quot;su -\u0026quot;, but the implications had not yet sunk in.  (You can probably see where this is going already, but I\u0026#39;ll go to the bitter end.)  Anyway, I cd\u0026#39;d to where I wanted to be, the top of my subtree, and did su -.  Then I did chmod -R 777.  I then started to wonder why it was taking so damn long when there were only about 45 files in 20 directories under where I (thought) I was.  Well, needless to say, su - simulates a real login, and had put me into root\u0026#39;s home directory, /, so I was proceeding to set file permissions for the whole system to wide open. I aborted it before it finished, realizing that something was wrong, but this took quite a while to straighten out.”\u003c/li\u003e\n\u003cli\u003eWhere is a ZFS snapshot when you need it?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://medium.com/@skamille/how-do-individual-contributors-get-stuck-63102ba43516\" rel=\"nofollow\"\u003eHow individual contributors get stuck\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting post looking at the common causes of people getting stuck when trying to create or contribute new code\n\n\u003cul\u003e\n\u003cli\u003eBrainstorming/architecture: “I must have thought through all edge cases of all parts of everything before I can begin this project”\u003c/li\u003e\n\u003cli\u003eResearching possible solutions forever (often accompanied by desire to do a “bakeoff” where they build prototypes in different platforms/languages/etc)\u003c/li\u003e\n\u003cli\u003eRefactoring: “this code could be cleaner and everything would be just so much easier if we cleaned this up… and this up… and…”\u003c/li\u003e\n\u003cli\u003eHelping other people instead of doing their assigned tasks (this one isn’t a bad thing in an open source community)\u003c/li\u003e\n\u003cli\u003eWorking on side projects instead of the main project (it is your time, it is up to you how to spend it)\u003c/li\u003e\n\u003cli\u003eExcessive testing (rare)\u003c/li\u003e\n\u003cli\u003eExcessive automation (rare)\u003c/li\u003e\n\u003cli\u003eFinish the last 10–20% of a project\u003c/li\u003e\n\u003cli\u003eStart a project completely from scratch\u003c/li\u003e\n\u003cli\u003eDo project planning (You need me to write what now? A roadmap?) (this is why FreeBSD has devsummits, some things you just need to whiteboard)\u003c/li\u003e\n\u003cli\u003eWork with unfamiliar code/libraries/systems\u003c/li\u003e\n\u003cli\u003eWork with other teams (please don’t make me go sit with data engineering!!)\u003c/li\u003e\n\u003cli\u003eTalk to other people\u003c/li\u003e\n\u003cli\u003eAsk for help (far beyond the point they realized they were stuck and needed help)\u003c/li\u003e\n\u003cli\u003eDeal with surprises or unexpected setbacks\u003c/li\u003e\n\u003cli\u003eDeal with vendors/external partners\u003c/li\u003e\n\u003cli\u003eSay no, because they can’t seem to just say no (instead of saying no they just go into avoidance mode, or worse, always say yes)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e“Noticing how people get stuck is a super power, and one that many great tech leads (and yes, managers) rely on to get big things done. When you know how people get stuck, you can plan your projects to rely on people for their strengths and provide them help or even completely side-step their weaknesses. You know who is good to ask for which kinds of help, and who hates that particular challenge just as much as you do.”\u003c/li\u003e\n\u003cli\u003e“The secret is that all of us get stuck and sidetracked sometimes. There’s actually nothing particularly “bad” about this. Knowing the ways that you get hung up is good because you can choose to either a) get over the fears that are sticking you (lack of knowledge, skills, or confidence), b) avoid such tasks as much as possible, and/or c) be aware of your habits and use extra diligence when faced with tackling these areas.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.mkdocs.org/\" rel=\"nofollow\"\u003eMake Docs!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“MkDocs is a fast, simple and downright gorgeous static site generator that\u0026#39;s geared towards building project documentation. Documentation source files are written in Markdown, and configured with a single YAML configuration file.”\u003c/li\u003e\n\u003cli\u003e“MkDocs builds completely static HTML sites that you can host on GitHub pages, Amazon S3, or anywhere else you choose”\u003c/li\u003e\n\u003cli\u003eIt is an easy to install python package\u003c/li\u003e\n\u003cli\u003eIt includes a server mode that auto-refreshes the page as you write the docs, making it easy to preview your work before you post it online\u003c/li\u003e\n\u003cli\u003eEverything needs docs, and writing docs should be as simple as possible, so that more of them will get written\u003c/li\u003e\n\u003cli\u003eGo write some docs!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.freenas.org/index.php?threads/new-freenas-9-10-with-freebsd-11-12-for-testing.49696/#post-341941\" rel=\"nofollow\"\u003eExperimental FreeNAS 11/12 builds\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe know there’s a lot of FreeNAS users who listen to BSDNow, so I felt it was important to share this little tidbit.\u003c/li\u003e\n\u003cli\u003eI’ve posted something to the forums last night which includes links to brand-new spins of FreeNAS 9.10 based upon FreeBSD 11/stable and 12/current. \u003c/li\u003e\n\u003cli\u003eThese builds are updated nightly via our Jenkins infrastructure and hopefully will provide a new playground for technical folks and developers to experiment with FreeBSD features in their FreeNAS environment, long before they make it into a -STABLE release. \u003c/li\u003e\n\u003cli\u003eAs usual, the notes of caution do apply, these are nightlies, and as such bugs will abound. Do NOT use these with your production data, unless you are crazy, or just want an excuse to test your backup strategy\u003c/li\u003e\n\u003cli\u003eIf you do run these builds, of course feedback is welcome via the usual channels, such as the bug tracker. \u003c/li\u003e\n\u003cli\u003eThe hope is that by testing FreeBSD code earlier, we can vet and determine what is safe / ready to go into mainline FreeNAS sooner rather than later.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://thenewstack.io/not-expected-understand-explainer/\" rel=\"nofollow\"\u003eAn Explainer on Unix’s Most Notorious Code Comment\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/turn-your-network-inside-out-with-one-pfconf-trick\" rel=\"nofollow\"\u003eturn your network inside out with one pf.conf trick\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.grenadille.net/post/2017/01/13/A-story-of-if_get%289%29\" rel=\"nofollow\"\u003eA story of if_get(9)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.llvm.org/pipermail/llvm-dev/2017-January/108953.html\" rel=\"nofollow\"\u003eApple re-affirms its commitment to LLVM/Clang \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/python-3k17\" rel=\"nofollow\"\u003epython 3k17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2848\" rel=\"nofollow\"\u003e2017 presentation proposals\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-announce/2017/01/09/msg000259.html\" rel=\"nofollow\"\u003eNetBSD 7.1_RC1 available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e#define FS_UFS2_MAGIC 0x19540119 (Happy Birthday to Kirk McKusick tomorrow)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/nnQ9ZgyN\" rel=\"nofollow\"\u003e J - LetsEncrypt\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/EZ4tRiVb\" rel=\"nofollow\"\u003e Mike - OpenRC\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ZqDFTsnR\" rel=\"nofollow\"\u003e Timothy - ZFS Horror\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/dhZEnREM\" rel=\"nofollow\"\u003e Troels\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/q4F95S6h\" rel=\"nofollow\"\u003e Jason - Disk Label\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we’ve got Wifi galore, a new iocage and some RPi3 news and guides to share. Stay tuned for your place to B...SD!","date_published":"2017-01-18T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5a206fe8-bd5f-49b2-9eb2-31a50cafedc3.mp3","mime_type":"audio/mpeg","size_in_bytes":56667604,"duration_in_seconds":4722}]},{"id":"5b103268-94e0-4140-8458-0c79f17e135e","title":"176: Linking your world","url":"https://www.bsdnow.tv/176","content_text":"Another exciting week on BSDNow, we are queued up with LLVM / Linking news, a look at NetBSD’s scheduler,\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\ntitle=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nFreeBSD Kernel and World, and many Ports, can now be linked with lld\n\n\n“With this change applied I can link the entirety of the FreeBSD/amd64 base system (userland world and kernel) with LLD.”\n“Rafael's done an initial experimental Poudriere FreeBSD package build with lld head, and found almost 20K out of 26K ports built successfully. I'm now looking at getting CI running to test this on an ongoing basis. But, I think we're at the point where an experimental build makes sense.”\nSuch testing will become much easier once llvm 4.0 is imported into -current\n“I suggest that during development we collect patches in a local git repo -- for example, I've started here for my Poudriere run https://github.com/emaste/freebsd-ports/commits/ports-lld” \n“It now looks like libtool is responsible for the majority of my failed / skipped ports. Unless we really think we'll add \"not GNU\" and other hacks to lld we're going to have to address libtool limitations upstream and in the FreeBSD tree. I did look into libtool a few weeks ago, but unfortunately haven't yet managed to produce a patch suitable for sending upstream.”\nIf you are interested in LLVM/Clang/LLD/LLDB etc, check out: A Tourist’s Guide to the LLVM Source Code  \n***\n\n\nDocumenting NetBSD's scheduler tweaks\n\n\nA followup to our previous coverage of improvements to the scheduler in NetBSD\n“NetBSD's scheduler was recently changed to better distribute load of long-running processes on multiple CPUs. So far, the associated sysctl tweaks were not documented, and this was changed now, documenting the kern.sched sysctls.”\nkern.sched.cacheht_time (dynamic): Cache hotness time in which a LWP is kept on one particular CPU and not moved to another CPU. This reduces the overhead of flushing and reloading caches.  Defaults to 3ms.  Needs to be given in ``hz'' units, see mstohz(9).\nkern.sched.balance_period (dynamic): Interval at which the CPU queues are checked for re-balancing.  Defaults to 300ms.\nkern.sched.min_catch (dynamic): Minimum count of migratable (runable) threads for catching (stealing) from another CPU.  Defaults to 1 but can be increased to decrease chance of thread migration between CPUs.\nIt is important to have good documentation for these tunables, so that users can understand what it is they are adjusting\n***\n\n\nFreeBSD Network Gateway on EdgeRouter Lite\n\n\n“EdgeRouter Lite is a great device to run at the edge of a home network. It becomes even better when it's running FreeBSD. This guide documents how to setup such a gateway. There are accompanying git repos to somewhat automate the process as well.”\n“Colin Percival has written a great blog post on the subject, titled FreeBSD on EdgeRouter Lite - no serial port required . In it he provides and describes a shell script to build a bootable image of FreeBSD to be run on ERL, available from GitHub in the freebsd-ERL-build  repo. I have built a Vagrant-based workflow to automate the building of the drive image. It's available on GitHub in the freebsd-edgerouterlite-ansible  repo. It uses the build script Percival wrote.”\n“Once you've built the disk image it's time to write it to a USB drive. There are two options: overwrite the original drive in the ERL or buy a new drive. I tried the second option first and wrote to a new Sandrive Ultra Fit 32GB USB 3.0 Flash Drive (SDCZ43-032G-GAM46). It did not work and I later found on some blog that those drives do not work. I have not tried another third party drive since.”\nThe tutorial covers all of the steps, and the configuration files, including rc.conf, IP configuration, DHCP (and v6), pf, and DNS (unbound)\n“I'm pretty happy with ERL and FreeBSD. There is great community documentation on how to configure all the pieces of software that make a FreeBSD-based home network gateway possible. I can tweak things as needed and upgrade when newer versions become available.”\n“My plan on upgrading the base OS is to get a third party USB drive that works, write a newer FreeBSD image to it, and replace the drive in the ERL enclosure. This way I can keep a bunch of drives in rotation. Upgrades to newer builds or reverts to last known good version are as easy as swapping USB drives.”\nAlthough something more nanobsd style with 2 partitions on the one drive might be easier.\n“Configuration with Ansible means I don't have to manually do things again and again. As the configs change they'll be tracked in git so I get version control as well. ERL is simply a great piece of network hardware. I'm tempted to try Ubiquiti's WiFi products instead of a mixture of DD-WRT and OpenWRT devices I have now. But that is for another day and perhaps another blog post.”\n***\n\n\nA highly portable build system targeting modern UNIX systems\n\n\nAn exciting new/old project is up on GitHub that we wanted to bring your attention to.\nBSD Owl is a highly portable build-system based around BSD Make that supports a variety of popular (and not so popular) languages, such as:\n\n\nC programs, compiled for several targets\nC libraries, static and shared, compiled for several targets\nShell scripts\nPython scripts\nOCaml programs\nOCaml libraries, with ocamldoc documentation\nOCaml plugins\nTeX documents, prepared for several printing devices\nMETAPOST figures, with output as PDF, PS, SVG or PNG, either as part of a TeX document or as standalone documents\n\nWhat about features you may ask? Well BSD Owl has plenty of those to go around:\n\n\nSupport of compilation profiles\nSupport of the parallel mode (at the directory level)\nSupport of separate trees for sources and objects\nSupport of architecture-dependant compilation options\nSupport GNU autoconf\nProduction of GPG-signed tarballs\nDeveloper subshell, empowered with project-specific scripts\nLiterate programming using noweb\nPreprocessing with m4\n\nAs far as platform support goes, BSD Owl is tested on OSX / Debian Jesse and FreeBSD \u0026gt; 9. Future support for OpenBSD and NetBSD is planned, once they update their respective BSD Make binaries to more modern versions\n\n\n\n\nNews Roundup\n\nfind -delete in OpenBSD. Thanks to tedu@ OpenBSD will have this very handy flag to in the future.\n\n\nOpenBSD’s find(1) utility will now support the -delete operation\n“This option is not posix (not like that's stopped find accumulating a dozen extensions), but it is in gnu and freebsd (for 20 years). it's also somewhat popular among sysadmins and blogs, etc. and perhaps most importantly, it nicely solves one of the more troublesome caveats of find (which the man page actually covers twice because it's so common and easy to screw up). So I think it makes a good addition.”\nThe actual code was borrowed from FreeBSD\nUsing the -delete option is much more performant than forking rm once for each file, and safer because there is no risk of mangling path names\nIf you encounter a system without a -delete option, your best bet is to use the -print0 option of find, which will print each filename terminated by a null byte, and pipe that into xargs -0 rm\nThis avoids any ambiguity caused by files with spaces in the names\n***\n\n\nNew version of the Lumina desktop released\n\n\nJust in time to kickoff 2017 we have a new release of Lumina Desktop (1.2.0)\nSome of the notable changes include fixes to make it easier to port to other platforms, and some features:\nNew Panel Plugins:\n\n\n“audioplayer” (panel version of the desktop plugin with the same name): Allows the user to load/play audio files directly through the desktop itself.\n“jsonmenu” (panel version of the menu plugin with the same name): Allows an external utility/script to be used to generate a menu/contents on demand.\n\nNew Menu Plugins:\n\n\n“lockdesktop”: Menu option for instantly locking the desktop session.\n\nNew Utilities:\n\n\nlumina-archiver: This is a pure Qt5 front-end to the “tar” utility for managing/creating archives. This can also use the dd utility to burn a “*.img” file to a USB device for booting.“\n\nLooks like the news already made its rounds to a few different sites, with Phoronix and Softpedia picking it up as well\nPhoronix\nSoftpedia \nTrueOS users running the latest updates are already on the pre-release version of 1.2.1, so nothing has to be done there to get the latest and greatest.\n\n\n\n\ndd is not a disk writing tool\n\n\n“If you’ve ever used dd, you’ve probably used it to read or write disk images:”\n\u0026gt; # Write myfile.iso to a USB drive\n\u0026gt; dd if=myfile.iso of=/dev/sdb bs=1M\n“Usage of dd in this context is so pervasive that it’s being hailed as the magic gatekeeper of raw devices. Want to read from a raw device? Use dd. Want to write to a raw device? Use dd. This belief can make simple tasks complicated. How do you combine dd with gzip? How do you use pv if the source is raw device? How do you dd over ssh?”\n“The fact of the matter is, dd is not a disk writing tool. Neither “d” is for “disk”, “drive” or “device”. It does not support “low level” reading or writing. It has no special dominion over any kind of device whatsoever.”\nThen a number of alternatives are discussed\n“However, this does not mean that dd is useless! The reason why people started using it in the first place is that it does exactly what it’s told, no more and no less. If an alias specifies -a, cp might try to create a new block device rather than a copy of the file data. If using gzip without redirection, it may try to be helpful and skip the file for not being regular. Neither of them will write out a reassuring status during or after a copy.”\n“dd, meanwhile, has one job*: copy data from one place to another. It doesn’t care about files, safeguards or user convenience. It will not try to second guess your intent, based on trailing slashes or types of files. When this is no longer a convenience, like when combining it with other tools that already read and write files, one should not feel guilty for leaving dd out entirely.”\n“dd is the swiss army knife of the open, read, write and seek syscalls. It’s unique in its ability to issue seeks and reads of specific lengths, which enables a whole world of shell scripts that have no business being shell scripts. Want to simulate a lseek+execve? Use dd! Want to open a file with O_SYNC? Use dd! Want to read groups of three byte pixels from a PPM file? Use dd!”\n“It’s a flexible, unique and useful tool, and I love it. My only issue is that, far too often, this great tool is being relegated to and inappropriately hailed for its most generic and least interesting capability: simply copying a file from start to finish.”\n“dd actually has two jobs: Convert and Copy. Legend has it that the intended name, “cc”, was taken by the C compiler, so the letters were shifted by one to give “dd”. This is also why we ended up with a Window system called X.”\ndd countdown \n***\n\n\nBhyve setup for tcp testing \n\n\nFreeBSD Developer Hiren Panchasara writes about his setup to use bhyve to test changes to the TCP stack in FreeBSD\n“Here is how I test simple FreeBSD tcp changes with dummynet on bhyve. I’ve already wrote down how I do dummynet so I’ll focus on bhyve part.”\n“A few months back when I started looking into improving FreeBSD TCP’s response to packet loss, I looked around for traffic simulators which can do deterministic packet drop for me.”\n“I had used dummynet(4) before so I thought of using it but the problem is that it only provided probabilistic drops. You can specify dropping 10% of the total packets”\nSo he wrote a quick hack, hopefully he’ll polish it up and get it committed\n“Setup: I’ll create 3 bhyve guests: client, router and server” \n“Both client and server need their routing tables setup correctly so that they can reach each other. The Dummynet node is the router / traffic shaping node here. We need to enable forwarding between interfaces: sysctl net.inet.ip.forwarding=1”\n“We need to setup links (called ‘pipes’) and their parameters on dummynet node”\n“For simulations, I run a lighttpd web-server on the server which serves different sized objects and I request them via curl or wget from the client. I have tcpdump running on any/all of four interfaces involved to observe traffic and I can see specified packets getting dropped by dummynet. sysctl net.inet.ip.dummynet.io_pkt_drop is incremented with each packet that dummynet drops.”\n“Here, 192.* addresses are for ssh and 10.* are for guests to be able to communicate within themselves.”\nCreate 2 tap interfaces for each end point, and 3 from the router. One each for SSH/control, and the others for the test flows. Then create 3 bridges, the first includes all of the control tap interfaces, and your hosts’ real interface. This allows the guests to reach the internet to download packages etc. The other two bridges form the connections between the three VMs\nThe creation and configuration of the VMs is documented in detail\nI used a setup very similar to this for teaching the basics of how TCP works when I was teaching at a local community college\n***\n\n\nBeastie Bits\n\n\nPlan9 on Bhyve\nGet your name in the relayd book \nTed Unangst’s 2016 Computer Reviews  \nBryan Cantrill on Developer On Fire podcast  \n2016 in review: pf/ipfw's impact on forwarding performance over time, on 8 core Atom  \n#Wayland Weston with X and EGL clients, running on #FreeBSD in VBox with new scfb backend. More coming soon!  \n\n\n\n\nFeedback/Questions\n\n\n Eddy - TRIM Partitioning \n Matt - Why FreeBSD? \n Shawn - ZFS Horror? \n Andrew - Bootloaders \n\n\nGELIBoot Paper \nFreeBSD Architecture Handbook\n\n Bryan - ZFS Error \n***\n","content_html":"\u003cp\u003eAnother exciting week on BSDNow, we are queued up with LLVM / Linking news, a look at NetBSD’s scheduler,\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and \u003cbr\u003e\nStorage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" \u003cbr\u003e\ntitle=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://llvm.org/bugs/show_bug.cgi?id=23214#c40\" rel=\"nofollow\"\u003eFreeBSD Kernel and World, and many Ports, can now be linked with lld\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“With this change applied I can link the entirety of the FreeBSD/amd64 base system (userland world and kernel) with LLD.”\u003c/li\u003e\n\u003cli\u003e“Rafael\u0026#39;s done an initial experimental Poudriere FreeBSD package build with lld head, and found almost 20K out of 26K ports built successfully. I\u0026#39;m now looking at getting CI running to test this on an ongoing basis. But, I think we\u0026#39;re at the point where an experimental build makes sense.”\u003c/li\u003e\n\u003cli\u003eSuch testing will become much easier once llvm 4.0 is imported into -current\u003c/li\u003e\n\u003cli\u003e“I suggest that during development we collect patches in a local git repo -- for example, I\u0026#39;ve started here for my Poudriere run \u003ca href=\"https://github.com/emaste/freebsd-ports/commits/ports-lld%E2%80%9D\" rel=\"nofollow\"\u003ehttps://github.com/emaste/freebsd-ports/commits/ports-lld”\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e“It now looks like libtool is responsible for the majority of my failed / skipped ports. Unless we really think we\u0026#39;ll add \u0026quot;not GNU\u0026quot; and other hacks to lld we\u0026#39;re going to have to address libtool limitations upstream and in the FreeBSD tree. I did look into libtool a few weeks ago, but unfortunately haven\u0026#39;t yet managed to produce a patch suitable for sending upstream.”\u003c/li\u003e\n\u003cli\u003eIf you are interested in LLVM/Clang/LLD/LLDB etc, check out: \u003ca href=\"http://blog.regehr.org/archives/1453\" rel=\"nofollow\"\u003eA Tourist’s Guide to the LLVM Source Code \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20170109_2108.html\" rel=\"nofollow\"\u003eDocumenting NetBSD\u0026#39;s scheduler tweaks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA followup to our previous coverage of improvements to the scheduler in NetBSD\u003c/li\u003e\n\u003cli\u003e“NetBSD\u0026#39;s scheduler was recently changed to better distribute load of long-running processes on multiple CPUs. So far, the associated sysctl tweaks were not documented, and this was changed now, documenting the kern.sched sysctls.”\u003c/li\u003e\n\u003cli\u003ekern.sched.cacheht_time (dynamic): Cache hotness time in which a LWP is kept on one particular CPU and not moved to another CPU. This reduces the overhead of flushing and reloading caches.  Defaults to 3ms.  Needs to be given in ``hz\u0026#39;\u0026#39; units, see mstohz(9).\u003c/li\u003e\n\u003cli\u003ekern.sched.balance_period (dynamic): Interval at which the CPU queues are checked for re-balancing.  Defaults to 300ms.\u003c/li\u003e\n\u003cli\u003ekern.sched.min_catch (dynamic): Minimum count of migratable (runable) threads for catching (stealing) from another CPU.  Defaults to 1 but can be increased to decrease chance of thread migration between CPUs.\u003c/li\u003e\n\u003cli\u003eIt is important to have good documentation for these tunables, so that users can understand what it is they are adjusting\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://codeghar.com/blog/freebsd-network-gateway-on-edgerouter-lite.html\" rel=\"nofollow\"\u003eFreeBSD Network Gateway on EdgeRouter Lite\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“EdgeRouter Lite is a great device to run at the edge of a home network. It becomes even better when it\u0026#39;s running FreeBSD. This guide documents how to setup such a gateway. There are accompanying git repos to somewhat automate the process as well.”\u003c/li\u003e\n\u003cli\u003e“Colin Percival has written a great blog post on the subject, titled \u003ca href=\"http://www.daemonology.net/blog/2016-01-10-FreeBSD-EdgeRouter-Lite.html\" rel=\"nofollow\"\u003eFreeBSD on EdgeRouter Lite - no serial port required\u003c/a\u003e . In it he provides and describes a shell script to build a bootable image of FreeBSD to be run on ERL, available from GitHub in the \u003ca href=\"https://github.com/cperciva/freebsd-ERL-build/\" rel=\"nofollow\"\u003efreebsd-ERL-build\u003c/a\u003e  repo. I have built a Vagrant-based workflow to automate the building of the drive image. It\u0026#39;s available on GitHub in the \u003ca href=\"https://github.com/hamzasheikh/freebsd-edgerouterlite-ansible\" rel=\"nofollow\"\u003efreebsd-edgerouterlite-ansible\u003c/a\u003e  repo. It uses the build script Percival wrote.”\u003c/li\u003e\n\u003cli\u003e“Once you\u0026#39;ve built the disk image it\u0026#39;s time to write it to a USB drive. There are two options: overwrite the original drive in the ERL or buy a new drive. I tried the second option first and wrote to a new Sandrive Ultra Fit 32GB USB 3.0 Flash Drive (SDCZ43-032G-GAM46). It did not work and I later found on some blog that those drives do not work. I have not tried another third party drive since.”\u003c/li\u003e\n\u003cli\u003eThe tutorial covers all of the steps, and the configuration files, including rc.conf, IP configuration, DHCP (and v6), pf, and DNS (unbound)\u003c/li\u003e\n\u003cli\u003e“I\u0026#39;m pretty happy with ERL and FreeBSD. There is great community documentation on how to configure all the pieces of software that make a FreeBSD-based home network gateway possible. I can tweak things as needed and upgrade when newer versions become available.”\u003c/li\u003e\n\u003cli\u003e“My plan on upgrading the base OS is to get a third party USB drive that works, write a newer FreeBSD image to it, and replace the drive in the ERL enclosure. This way I can keep a bunch of drives in rotation. Upgrades to newer builds or reverts to last known good version are as easy as swapping USB drives.”\u003c/li\u003e\n\u003cli\u003eAlthough something more nanobsd style with 2 partitions on the one drive might be easier.\u003c/li\u003e\n\u003cli\u003e“Configuration with Ansible means I don\u0026#39;t have to manually do things again and again. As the configs change they\u0026#39;ll be tracked in git so I get version control as well. ERL is simply a great piece of network hardware. I\u0026#39;m tempted to try Ubiquiti\u0026#39;s WiFi products instead of a mixture of DD-WRT and OpenWRT devices I have now. But that is for another day and perhaps another blog post.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/michipili/bsdowl\" rel=\"nofollow\"\u003eA highly portable build system targeting modern UNIX systems\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn exciting new/old project is up on GitHub that we wanted to bring your attention to.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eBSD Owl is a highly portable build-system based around BSD Make that supports a variety of popular (and not so popular) languages, such as:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eC programs, compiled for several targets\u003c/li\u003e\n\u003cli\u003eC libraries, static and shared, compiled for several targets\u003c/li\u003e\n\u003cli\u003eShell scripts\u003c/li\u003e\n\u003cli\u003ePython scripts\u003c/li\u003e\n\u003cli\u003eOCaml programs\u003c/li\u003e\n\u003cli\u003eOCaml libraries, with ocamldoc documentation\u003c/li\u003e\n\u003cli\u003eOCaml plugins\u003c/li\u003e\n\u003cli\u003eTeX documents, prepared for several printing devices\u003c/li\u003e\n\u003cli\u003eMETAPOST figures, with output as PDF, PS, SVG or PNG, either as part of a TeX document or as standalone documents\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWhat about features you may ask? Well BSD Owl has plenty of those to go around:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSupport of compilation profiles\u003c/li\u003e\n\u003cli\u003eSupport of the parallel mode (at the directory level)\u003c/li\u003e\n\u003cli\u003eSupport of separate trees for sources and objects\u003c/li\u003e\n\u003cli\u003eSupport of architecture-dependant compilation options\u003c/li\u003e\n\u003cli\u003eSupport GNU autoconf\u003c/li\u003e\n\u003cli\u003eProduction of GPG-signed tarballs\u003c/li\u003e\n\u003cli\u003eDeveloper subshell, empowered with project-specific scripts\u003c/li\u003e\n\u003cli\u003eLiterate programming using noweb\u003c/li\u003e\n\u003cli\u003ePreprocessing with m4\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAs far as platform support goes, BSD Owl is tested on OSX / Debian Jesse and FreeBSD \u0026gt; 9. Future support for OpenBSD and NetBSD is planned, once they update their respective BSD Make binaries to more modern versions\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=148342051832692\u0026w=2\" rel=\"nofollow\"\u003efind -delete in OpenBSD. Thanks to tedu@ OpenBSD will have this very handy flag to in the future.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD’s find(1) utility will now support the -delete operation\u003c/li\u003e\n\u003cli\u003e“This option is not posix (not like that\u0026#39;s stopped find accumulating a dozen extensions), but it is in gnu and freebsd (for 20 years). it\u0026#39;s also somewhat popular among sysadmins and blogs, etc. and perhaps most importantly, it nicely solves one of the more troublesome caveats of find (which the man page actually covers twice because it\u0026#39;s so common and easy to screw up). So I think it makes a good addition.”\u003c/li\u003e\n\u003cli\u003eThe actual code was borrowed from FreeBSD\u003c/li\u003e\n\u003cli\u003eUsing the -delete option is much more performant than forking rm once for each file, and safer because there is no risk of mangling path names\u003c/li\u003e\n\u003cli\u003eIf you encounter a system without a -delete option, your best bet is to use the -print0 option of find, which will print each filename terminated by a null byte, and pipe that into xargs -0 rm\u003c/li\u003e\n\u003cli\u003eThis avoids any ambiguity caused by files with spaces in the names\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/version-1-2-0-released/\" rel=\"nofollow\"\u003eNew version of the Lumina desktop released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJust in time to kickoff 2017 we have a new release of Lumina Desktop (1.2.0)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSome of the notable changes include fixes to make it easier to port to other platforms, and some features:\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNew Panel Plugins:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e“audioplayer” (panel version of the desktop plugin with the same name): Allows the user to load/play audio files directly through the desktop itself.\u003c/li\u003e\n\u003cli\u003e“jsonmenu” (panel version of the menu plugin with the same name): Allows an external utility/script to be used to generate a menu/contents on demand.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNew Menu Plugins:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e“lockdesktop”: Menu option for instantly locking the desktop session.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNew Utilities:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elumina-archiver\u003c/code\u003e: This is a pure Qt5 front-end to the “tar” utility for managing/creating archives. This can also use the \u003ccode\u003edd\u003c/code\u003e utility to burn a “*.img” file to a USB device for booting.“\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLooks like the news already made its rounds to a few different sites, with Phoronix and Softpedia picking it up as well\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.phoronix.com/scan.php?page=news_item\u0026px=Lumina-1.2-Released\" rel=\"nofollow\"\u003ePhoronix\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://news.softpedia.com/news/lumina-1-2-desktop-environments-launches-for-trueos-with-various-enhancements-511495.shtml\" rel=\"nofollow\"\u003eSoftpedia \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eTrueOS users running the latest updates are already on the pre-release version of 1.2.1, so nothing has to be done there to get the latest and greatest.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.vidarholen.net/contents/blog/?p=479\" rel=\"nofollow\"\u003edd is not a disk writing tool\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“If you’ve ever used dd, you’ve probably used it to read or write disk images:”\n\u0026gt; # Write myfile.iso to a USB drive\n\u0026gt; dd if=myfile.iso of=/dev/sdb bs=1M\u003c/li\u003e\n\u003cli\u003e“Usage of dd in this context is so pervasive that it’s being hailed as the magic gatekeeper of raw devices. Want to read from a raw device? Use dd. Want to write to a raw device? Use dd. This belief can make simple tasks complicated. How do you combine dd with gzip? How do you use pv if the source is raw device? How do you dd over ssh?”\u003c/li\u003e\n\u003cli\u003e“The fact of the matter is, dd is not a disk writing tool. Neither “d” is for “disk”, “drive” or “device”. It does not support “low level” reading or writing. It has no special dominion over any kind of device whatsoever.”\u003c/li\u003e\n\u003cli\u003eThen a number of alternatives are discussed\u003c/li\u003e\n\u003cli\u003e“However, this does not mean that dd is useless! The reason why people started using it in the first place is that it does exactly what it’s told, no more and no less. If an alias specifies -a, cp might try to create a new block device rather than a copy of the file data. If using gzip without redirection, it may try to be helpful and skip the file for not being regular. Neither of them will write out a reassuring status during or after a copy.”\u003c/li\u003e\n\u003cli\u003e“dd, meanwhile, has one job*: copy data from one place to another. It doesn’t care about files, safeguards or user convenience. It will not try to second guess your intent, based on trailing slashes or types of files. When this is no longer a convenience, like when combining it with other tools that already read and write files, one should not feel guilty for leaving dd out entirely.”\u003c/li\u003e\n\u003cli\u003e“dd is the swiss army knife of the open, read, write and seek syscalls. It’s unique in its ability to issue seeks and reads of specific lengths, which enables a whole world of shell scripts that have no business being shell scripts. Want to simulate a lseek+execve? Use dd! Want to open a file with O_SYNC? Use dd! Want to read groups of three byte pixels from a PPM file? Use dd!”\u003c/li\u003e\n\u003cli\u003e“It’s a flexible, unique and useful tool, and I love it. My only issue is that, far too often, this great tool is being relegated to and inappropriately hailed for its most generic and least interesting capability: simply copying a file from start to finish.”\u003c/li\u003e\n\u003cli\u003e“dd actually has two jobs: Convert and Copy. Legend has it that the intended name, “cc”, was taken by the C compiler, so the letters were shifted by one to give “dd”. This is also why we ended up with a Window system called X.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://eriknstr.github.io/utils/dd-countdown.htm\" rel=\"nofollow\"\u003edd countdown\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.strugglingcoder.info/index.php/bhyve-setup-for-tcp-testing/\" rel=\"nofollow\"\u003eBhyve setup for tcp testing \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD Developer Hiren Panchasara writes about his setup to use bhyve to test changes to the TCP stack in FreeBSD\u003c/li\u003e\n\u003cli\u003e“Here is how I test simple FreeBSD tcp changes with dummynet on bhyve. I’ve already wrote down \u003ca href=\"https://www.strugglingcoder.info/index.php/drop-a-packet/\" rel=\"nofollow\"\u003ehow I do dummynet\u003c/a\u003e so I’ll focus on bhyve part.”\u003c/li\u003e\n\u003cli\u003e“A few months back when I started looking into improving FreeBSD TCP’s response to packet loss, I looked around for traffic simulators which can do deterministic packet drop for me.”\u003c/li\u003e\n\u003cli\u003e“I had used dummynet(4) before so I thought of using it but the problem is that it only provided probabilistic drops. You can specify dropping 10% of the total packets”\u003c/li\u003e\n\u003cli\u003eSo he wrote a quick hack, hopefully he’ll polish it up and get it committed\u003c/li\u003e\n\u003cli\u003e“Setup: I’ll create 3 bhyve guests: client, router and server” \u003c/li\u003e\n\u003cli\u003e“Both client and server need their routing tables setup correctly so that they can reach each other. The Dummynet node is the router / traffic shaping node here. We need to enable forwarding between interfaces: sysctl net.inet.ip.forwarding=1”\u003c/li\u003e\n\u003cli\u003e“We need to setup links (called ‘pipes’) and their parameters on dummynet node”\u003c/li\u003e\n\u003cli\u003e“For simulations, I run a lighttpd web-server on the server which serves different sized objects and I request them via curl or wget from the client. I have tcpdump running on any/all of four interfaces involved to observe traffic and I can see specified packets getting dropped by dummynet. sysctl net.inet.ip.dummynet.io_pkt_drop is incremented with each packet that dummynet drops.”\u003c/li\u003e\n\u003cli\u003e“Here, 192.* addresses are for ssh and 10.* are for guests to be able to communicate within themselves.”\u003c/li\u003e\n\u003cli\u003eCreate 2 tap interfaces for each end point, and 3 from the router. One each for SSH/control, and the others for the test flows. Then create 3 bridges, the first includes all of the control tap interfaces, and your hosts’ real interface. This allows the guests to reach the internet to download packages etc. The other two bridges form the connections between the three VMs\u003c/li\u003e\n\u003cli\u003eThe creation and configuration of the VMs is documented in detail\u003c/li\u003e\n\u003cli\u003eI used a setup very similar to this for teaching the basics of how TCP works when I was teaching at a local community college\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/pr1ntf/status/817895393824382976\" rel=\"nofollow\"\u003ePlan9 on Bhyve\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2832\" rel=\"nofollow\"\u003eGet your name in the relayd book\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/2016-computer-review\" rel=\"nofollow\"\u003eTed Unangst’s 2016 Computer Reviews \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://developeronfire.com/episode-198-bryan-cantrill-persistence-and-action\" rel=\"nofollow\"\u003eBryan Cantrill on Developer On Fire podcast \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://dev.bsdrp.net/benchs/2016.SM5018A-FTN4-Chelsio.png\" rel=\"nofollow\"\u003e2016 in review: pf/ipfw\u0026#39;s impact on forwarding performance over time, on 8 core Atom \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/johalun/status/819039940914778112\" rel=\"nofollow\"\u003e#Wayland Weston with X and EGL clients, running on #FreeBSD in VBox with new scfb backend. More coming soon! \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/A0LSipCj\" rel=\"nofollow\"\u003e Eddy - TRIM Partitioning\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/UE1k4Q99\" rel=\"nofollow\"\u003e Matt - Why FreeBSD?\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/TjTkqHA4\" rel=\"nofollow\"\u003e Shawn - ZFS Horror?\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Baxd6Pjy\" rel=\"nofollow\"\u003e Andrew - Bootloaders\u003c/a\u003e \n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://allanjude.com/talks/AsiaBSDCon2016_geliboot_pdf1a.pdf\" rel=\"nofollow\"\u003eGELIBoot Paper \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/boot.html\" rel=\"nofollow\"\u003eFreeBSD Architecture Handbook\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/NygwchFD\" rel=\"nofollow\"\u003e Bryan - ZFS Error\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Another exciting week on BSDNow, we are queued up with LLVM / Linking news, a look at NetBSD’s scheduler,","date_published":"2017-01-11T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5b103268-94e0-4140-8458-0c79f17e135e.mp3","mime_type":"audio/mpeg","size_in_bytes":66539956,"duration_in_seconds":5544}]},{"id":"4c57b68b-aac0-41b5-b068-d8172ea3bfb7","title":"175: How the Dtrace saved Christmas","url":"https://www.bsdnow.tv/175","content_text":"This week on BSDNow, we’ve got all sorts of post-holiday goodies to share. New OpenSSL APIs, Dtrace, OpenBSD\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenSSL 1.1 API migration path, or the lack thereof\n\n\nAs many of you will already be aware, the OpenSSL 1.1.0 release intentionally introduced significant API changes from the previous release. In summary, a large number of data structures that were previously publically visible have been made opaque, with accessor functions being added in order to get and set some of the fields within these now opaque structs. It is worth noting that the use of opaque data structures is generally beneficial for libraries, since changes can be made to these data structures without breaking the ABI. As such, the overall direction of these changes is largely reasonable.\n\nHowever, while API change is generally necessary for progression, in this case it would appear that there is NO transition plan and a complete disregard for the impact that these changes would have on the overall open source ecosystem.\n\nSo far it seems that the only approach is to place the migration burden onto each and every software project that uses OpenSSL, pushing significant code changes to each project that migrates to OpenSSL 1.1, while maintaining compatibility with the previous API. This is forcing each project to provide their own backwards compatibility shims, which is practically guaranteeing that there will be a proliferation of variable quality implementations; it is almost a certainty that some of these will contain bugs, potentially introducing security issues or memory leaks.\n\n\n\nI think this will be a bigger issue for other operating systems that do not have the flexibility of the ports tree to deliver a newer version of OpenSSL. If a project switches from the old API to the new API, and the OS only provides the older branch of OpenSSL, how can the application work?\nOf course, this leaves the issue, if application A wants OpenSSL 1.0, and application B only works with OpenSSL 1.1, how does that work?\n\n\n\nDue to a number of factors, software projects that make use of OpenSSL cannot simply migrate to the 1.1 API and drop support for the 1.0 API - in most cases they will need to continue to support both. Firstly, I am not aware of any platform that has shipped a production release with OpenSSL 1.1 - any software that supported OpenSSL 1.1 only, would effectively be unusable on every platform for the time being. Secondly, the OpenSSL 1.0.2 release is supported until the 31st of December 2019, while OpenSSL 1.1.0 is only supported until the 31st of August 2018 - any LTS style release is clearly going to consider shipping with 1.0.2 as a result.\n\nPlatforms that are attempting to ship with OpenSSL 1.1 are already encountering significant challenges - for example, Debian currently has 257 packages (out of 518) that do not build against OpenSSL 1.1. There are also hidden gotchas for situations where different libraries are linked against different OpenSSL versions and then share OpenSSL data structures between them - many of these problems will be difficult to detect since they only fail at runtime.\n\n\n\nIt will be interesting to see what happens with OpenSSL, and LibreSSL\nHopefully, most projects will decide to switch to the cleaner APIs provided by s2n or libtls, although they do not provide the entire functionality of the OpenSSL API.\nHacker News comments\n***\n\n\nexfiltration via receive timing\n\n\nAnother similar way to create a backchannel but without transmitting anything is to introduce delays in the receiver and measure throughput as observed by the sender. All we need is a protocol with transmission control. Hmmm. Actually, it’s easier (and more reliable) to code this up using a plain pipe, but the same principle applies to networked transmissions.\n\nFor every digit we want to “send” back, we sleep a few seconds, then drain the pipe. We don’t care about the data, although if this were a video file or an OS update, we could probably do something useful with it.\n\nContinuously fill the pipe with junk data. If (when) we block, calculate the difference between before and after. This is a our secret backchannel data. (The reader and writer use different buffer sizes because on OpenBSD at least, a writer will stay blocked even after a read depending on the space that opens up. Even simple demos have real world considerations.)\n\nIn this simple example, the secret data (argv) is shared by the processes, but we can see that the writer isn’t printing them from its own address space. Nevertheless, it works.\n\nTime to add random delays and buffering to firewalls? Probably not.\n\n\n\nAn interesting thought experiment that shows just how many ways there are to covertly convey a message\n***\n\n\nOpenBSD Desktop in about 30 Minutes\n\n\nOver at hackernews we have a very non-verbose, but handy guide to getting to a OpenBSD desktop in about 30 minutes!\nFirst, the guide will assume you’ve already installed OpenBSD 6.0, so you’ll need to at least be at the shell prompt of your freshly installed system to begin.\nWith that, now its time to do some tuning. Editing some resource limits in login.conf will be our initial task, upping some datasize tunables to 2GB\nNext up, we will edit some of the default “doas” settings to something a bit more workable for desktop computing\nAnother handy trick, editing your .profile to have your PKG_PATH variables set automatically will make\nOne thing some folks may overlook, but disabling atime can speed disk performance (which you probably don’t care about atime on your desktop anyway), so this guide will show you what knobs to tweak in /etc/fstab to do so\nAfter some final WPA / Wifi configuration, we then drop to “mere mortal” mode and begin our package installations. In this particular guide, he will be setting up Lumina Desktop (Which yes, it is on OpenBSD)\nA few small tweaks later for xscreensaver and your xinitrc file, then you are ready to run “startx” and begin your desktop session!\nAll in all, great guide which if you are fast can probably be done in even less than 30 minutes and will result in a rock-solid OpenBSD desktop rocking Lumina none-the-less.\n***\n\n\nHow DTrace saved Christmas\n\n\nAdam Leventhal, one of the co-creators of DTrace, wrote up this post about how he uses DTrace at home, to save Christmas\n\n\n\nI had been procrastinating making the family holiday card. It was a combination of having a lot on my plate and dreading the formulation of our annual note recapping the year; there were some great moments, but I’m glad I don’t have to do 2016 again. It was just before midnight and either I’d make the card that night or leave an empty space on our friends’ refrigerators.\n\n\n\nAdobe Illustrator had other ideas: “Unable to set maximum number of files to be opened”\n\n\n\nI’m not the first person to hit this. The problem seems to have existed since CS6 was released in 2016. None of the solutions were working for me, and — inspired by Sara Mauskopf’s excellent post — I was rapidly running out of the time bounds for the project. Enough; I’d just DTrace it.\n\nA colleague scoffed the other day, “I mean, how often do you actually use DTrace?” In his mind DTrace was for big systems, critical system, when dollars and lives were at stake. My reply: I use DTrace every day. I can’t imagine developing software without DTrace, and I use it when my laptop (not infrequently) does something inexplicable (I’m forever grateful to the Apple team that ported it to Mac OS X)\n\nIllustrator is failing on setrlimit(2) and blowing up as result. Let’s confirm that it is in fact returning -1:$ sudo dtrace -n 'syscall::setrlimit:return/execname == \"Adobe Illustrato\"/{ printf(\"%d %d\", arg1, errno); }'\n   dtrace: description 'syscall::setrlimit:return' matched 1 probe\n   CPU     ID                    FUNCTION:NAME\n     0    532                 setrlimit:return -1 1\n\nThere it is. And setrlimit(2) is failing with errno 1 which is EPERM (value too high for non-root user). I already tuned up the files limit pretty high. Let’s confirm that it is in fact setting the files limit and check the value to which it’s being set. To write this script I looked at the documentation for setrlimit(2) (hooray for man pages!) to determine that the position of the resource parameter (arg0) and the type of the value parameter (struct rlimit). I needed the DTrace copyin() subroutine to grab the structure from the process’s address space:\n$ sudo dtrace -n 'syscall::setrlimit:entry/execname == \"Adobe Illustrato\"/{ this-\u0026gt;r = *(struct rlimit *)copyin(arg1, sizeof (struct rlimit)); printf(\"%x %x %x\", arg0, this-\u0026gt;r.rlim_cur, this-\u0026gt;r.rlim_max);  }'\n\ndtrace: description 'syscall::setrlimit:entry' matched 1 probe\n   CPU     ID                FUNCTION:NAME\n     0    531              setrlimit:entry 1008 2800 7fffffffffffffff\nLooking through /usr/include/sys/resource.h we can see that 1008 corresponds to the number of files (RLIMIT_NOFILE | \n_RLIMIT_POSIX_FLAG)\n\nThe quickest solution was to use DTrace again to whack a smaller number into that struct rlimit. Easy:\n$ sudo dtrace -w -n 'syscall::setrlimit:entry/execname == \"Adobe Illustrato\"/{ this-\u0026gt;i = (rlim_t *)alloca(sizeof (rlim_t)); *this-\u0026gt;i = 10000; copyout(this-\u0026gt;i, arg1 + sizeof (rlim_t), sizeof (rlim_t)); }'\n\ndtrace: description 'syscall::setrlimit:entry' matched 1 probe\n   dtrace: could not enable tracing: Permission denied\n\nOh right. Thank you SIP (System Integrity Protection). This is a new laptop (at least a new motherboard due to some bizarre issue) which probably contributed to Illustrator not working when once it did. Because it’s new I haven’t yet disabled the part of SIP that prevents you from using DTrace on the kernel or in destructive mode (e.g. copyout()). It’s easy enough to disable, but I’m reboot-phobic — I hate having to restart my terminals — so I went to plan B: lldb\n\n\nAfter using DTrace to get the address of the setrlimit function, Adam used lldb to change the result before it got back to the application:\n(lldb) break set -n _init\nBreakpoint 1: 47 locations.\n(lldb) run\n…\n(lldb) di -s 0x1006e5b72 -c 1\n0x1006e5b72: callq  0x1011628e0     ; symbol stub for: setrlimit\n(lldb) memory write 0x1006e5b72 0x31 0xc0 0x90 0x90 0x90\n(lldb) di -s 0x1006e5b72 -c 4\n0x1006e5b72: xorl   %eax, %eax\n0x1006e5b74: nop\n0x1006e5b75: nop\n0x1006e5b76: nop\n\n\nNext I just did a process detach and got on with making that holiday card…\n\nDTrace was designed for solving hard problems on critical systems, but the need to understand how systems behave exists in development and on consumer systems. Just because you didn’t write a program doesn’t mean you can’t fix it.\n\n\n\n\nNews Roundup\n\nSay my Blog's name!\n\n\nBrian Everly over at functionally paranoid has a treat for us today. Let us give you a moment to get the tin-foil hats on… Ok, done? Let’s begin!\nHe starts off with a look at physical security. He begins by listing your options:\n\n\n\nBIOS passwords – Not something I’m typically impressed with.  Most can be avoided by opening up the machine, closing a jumper and powering it up to reset the NVRAM to factory defaults.  I don’t even bother with them.\nFull disk encryption – This one really rings my bell in a positive way.  If you can kill power to the box (either because the bad actor has to physically steal it and they aren’t carrying around a pile of car batteries and an inverter or because you can interrupt power to it some other way), then the disk will be encrypted.  The other beauty of this is that if a drive fails (and they all do eventually) you don’t have to have any privacy concerns about chucking it into an electronics recycler (or if you are a bad, bad person, into a landfill) because that data is effectively gibberish without the key (or without a long time to brute force it).\nTwo factor auth for logins – I like this one as well.  I’m not a fan of biometrics because if your fingerprint is compromised (yes, it can happen – read about the department of defense background checks that were extracted by a bad agent – they included fingerprint images) you can’t exactly send off for a new finger.  Things like the YubiKey are pretty slick.  They require that you have the physical hardware key as well as the password so unless the bad actor lifted your physical key, they would have a much harder time with physical access to your hardware.\n\n\nOut of those options, Brian mentions that he uses disk encryption and yubi-key for all his secure network systems.\nNext up is network segmentation, in this case the first thing to do is change your admin password for any ISP supplied modem \n/ router. He goes on to scare us of javascript attacks being used not against your local machine, but instead non WAN exposed router admin interface. Scary Stuff!\nFor added security, naturally he firewalls the router by plugging in the LAN port to a OpenBSD box which does the 2nd layer of firewall / router protection.\nWhat about privacy and browsing? Here’s some more of his tips:\n\n\n\nI use Unbound as my DNS resolver on my local network (with all UDP port 53 traffic redirected to it by pf so I don’t have to configure anything on the clients) and then forward the traffic to DNSCrypt Proxy, caching the results in Unbound.  I notice ZERO performance penalty for this and it greatly enhances privacy.  This combination of Unbound and DNSCrypt Proxy works very well together.  You can even have redundancy by having multiple upstream resolvers running on different ports (basically run the DNSCrypt Proxy daemon multiple times pointing to different public resolvers).\n\nI also use Firefox exclusively for my web browsing.  By leveraging the tips on this page, you can lock it down to do a great job of privacy protection.  The fact that your laptop’s battery drain rate can be used to fingerprint your browser completely trips me out but hey – that’s the world we live in.’\n\n\n\nWhat about the cloud you may ask? Well Brian has a nice solution for that as well:\n\n\n\nI recently decided I would try to live a cloud-free life and I’ll give you a bit of a synopsis on it.  I discovered a wonderful Open Source project called FreeNAS.  What this little gem does is allow you to install a FreeBSD/zfs file server appliance on amd64 hardware and have a slick administrative web interface for managing it.  I picked up a nice SuperMicro motherboard and chassis that has 4 hot swap drive bays (and two internal bays that I used to mirror the boot volume on) and am rocking the zfs lifestyle!  (Thanks Alan Jude!)\n\nOne of the nicest features of the FreeNAS is that it provides the ability to leverage the FreeBSD jail functionality in an easy to use way.  It also has plugins but the security on those is a bit sketchy (old versions of libraries, etc.) so I decided to roll my own.  I created two jails – one to run OwnCloud (yeah, I know about NextCloud and might switch at some point) and the other to run a full SMTP/IMAP email server stack.  I used Lets Encrypt to generate the SSL certificates and made sure I hit an A on SSLLabs before I did anything else.\n\n\n\nHis post then goes in to talk about Backups and IoT devices, something else you need to consider in this truely paranoid world we are forced to live in. We even get a nice shout-out near the end!\n\n\n\nEnter TarSnap – a company that advertises itself as “Online Backups for the Truly Paranoid”.  It brings a tear to my eye – a kindred spirit!  :-)  Thanks again to Alan Jude and Kris Moore from the BSD Now podcast for turning me onto this company.  It has a very easy command syntax (yes, it isn’t a GUI tool – suck it up buttercup, you wanted to learn the shell didn’t you?) and even allows you to compile the thing from source if you want to.”\n\n\n\nWe’ve only covered some of the highlights here, but you really should take a few moments of your time today and read this top to bottom. Lots of good tips here, already thinking how I can secure my home network better.\n\n\n\n\nThe open source book: “Producing Open Source Software”\n\n\n“How to Run a Successful Free Software Project” by Karl Fogel\n9 chapters and over 200 pages of content, plus many appendices\nSome interesting topics include:\n\n\nChoosing a good name\nversion control\nbug tracking\ncreating developer guidelines\nsetting up communications channels\nchoosing a license (although this guide leans heavily towards the GPL)\nsetting the tone of the project\njoining or creating a Non-Profit Organization\nthe economics of open source\nrelease engineering, packaging, nightly builds, etc\nhow to deal with forks\n\nA lot of good information packaged into this ebook\nThis work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License\n***\n\n\nDTrace Flamegraphs for node.js on FreeBSD \n\n\nOne of the coolest tools built on top of DTrace is flamegraphs\nThey are a very accurate, and visual way to see where a program is spending its time, which can tell you why it is slow, or where it could be improved. Further enhancements include off-cpu flame graphs, which tell you when the program is doing nothing, which can also be very useful\n\u0026gt; Recently BSD UNIXes are being acknowledged by the application development community as an interesting operating system to deploy to. This is not surprising given that FreeBSD had jails, the original container system, about 17 years ago and a lot of network focused businesses such as netflix see it as the best way to deliver content. This developer interest has led to hosting providers supporting FreeBSD. e.g. Amazon, Azure, Joyent and you can get a 2 months free instance at Digital Ocean.\n\n\n\nDTrace is another vital feature for anyone who has had to deal with production issues and has been in FreeBSD since version 9. As of FreeBSD 11 the operating system now contains some great work by Fedor Indutny so you can profile node applications and create flamegraphs of node.js processes without any additional runtime flags or restarting of processes.\n\n\n\nThis is one of the most important things about DTrace. Many applications include some debugging functionality, but they require that you stop the application, and start it again in debugging mode. Some even require that you recompile the application in debugging mode.\nBeing able to attach DTrace to an application, while it is under load, while the problem is actively happening, can be critical to figuring out what is going on.\nIn order to configure your FreeBSD instance to utilize this feature make the following changes to the configuration of the server.\n\n\nLoad the DTrace module at boot\nIncrease some DTrace limits\nInstall node with the optional DTrace feature compiled in\nFollow the generic node.js flamegraph tutorial\n\u0026gt; I hope you find this article useful. The ability to look at a runtime in this manor has saved me twice this year and I hope it will save you in the future too. My next post on freeBSD and node.js will be looking at some scenarios on utilising the ZFS features.\n\nAlso check out Brendan Gregg’s ACM Queue Article “The Flame Graph: This visualization of software execution is a new necessity for performance profiling and debugging”\n\n\n\n\nSSHGuard 2.0 Call for Testing\n\n\nSSHGuard is a tool for monitoring brute force attempts and blocking them\nIt has been a favourite of mine for a while because it runs as a pipe from syslogd, rather than reading the log files from the disk\n\n\n\nA lot of work to get SSHGuard working with new log sources (journalctl, macOS log) and backends (firewalld, ipset) has happened in 2.0. The new version also uses a configuration file.\n\nMost importantly, SSHGuard has been split into several processes piped into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be sandboxed in its default configuration (without pid file, whitelist, blacklisting) and has not been tested sandboxed in other configurations.\n\n\n\nBreaking the processes up so that the sensitive bits can be sandboxes is very nice to see\n***\n\n\nBeastie Bits\n\n\npjd’s 2007 paper from AsiaBSDCon: “Porting the ZFS file system to the FreeBSD operating system” \nA Message From the FreeBSD Foundation \nRemembering Roger Faulkner, Unix Champion and A few HN comments (including Bryan Cantrill) \n\n\n\n\nFeedback/Questions\n\n\n Peter - TrueOS Network \n Chris - Remote Desktop \n Goetz - Geli on Serial \n Joe - BGP \n Alejandro - BSD Router \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we’ve got all sorts of post-holiday goodies to share. New OpenSSL APIs, Dtrace, OpenBSD\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.mail-archive.com/tech@openbsd.org/msg36437.html\" rel=\"nofollow\"\u003eOpenSSL 1.1 API migration path, or the lack thereof\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs many of you will already be aware, the OpenSSL 1.1.0 release intentionally introduced significant API changes from the previous release. In summary, a large number of data structures that were previously publically visible have been made opaque, with accessor functions being added in order to get and set some of the fields within these now opaque structs. It is worth noting that the use of opaque data structures is generally beneficial for libraries, since changes can be made to these data structures without breaking the ABI. As such, the overall direction of these changes is largely reasonable.\u003c/p\u003e\n\n\u003cp\u003eHowever, while API change is generally necessary for progression, in this case it would appear that there is NO transition plan and a complete disregard for the impact that these changes would have on the overall open source ecosystem.\u003c/p\u003e\n\n\u003cp\u003eSo far it seems that the only approach is to place the migration burden onto each and every software project that uses OpenSSL, pushing significant code changes to each project that migrates to OpenSSL 1.1, while maintaining compatibility with the previous API. This is forcing each project to provide their own backwards compatibility shims, which is practically guaranteeing that there will be a proliferation of variable quality implementations; it is almost a certainty that some of these will contain bugs, potentially introducing security issues or memory leaks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI think this will be a bigger issue for other operating systems that do not have the flexibility of the ports tree to deliver a newer version of OpenSSL. If a project switches from the old API to the new API, and the OS only provides the older branch of OpenSSL, how can the application work?\u003c/li\u003e\n\u003cli\u003eOf course, this leaves the issue, if application A wants OpenSSL 1.0, and application B only works with OpenSSL 1.1, how does that work?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDue to a number of factors, software projects that make use of OpenSSL cannot simply migrate to the 1.1 API and drop support for the 1.0 API - in most cases they will need to continue to support both. Firstly, I am not aware of any platform that has shipped a production release with OpenSSL 1.1 - any software that supported OpenSSL 1.1 only, would effectively be unusable on every platform for the time being. Secondly, the OpenSSL 1.0.2 release is supported until the 31st of December 2019, while OpenSSL 1.1.0 is only supported until the 31st of August 2018 - any LTS style release is clearly going to consider shipping with 1.0.2 as a result.\u003c/p\u003e\n\n\u003cp\u003ePlatforms that are attempting to ship with OpenSSL 1.1 are already encountering significant challenges - for example, Debian currently has 257 packages (out of 518) that do not build against OpenSSL 1.1. There are also hidden gotchas for situations where different libraries are linked against different OpenSSL versions and then share OpenSSL data structures between them - many of these problems will be difficult to detect since they only fail at runtime.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt will be interesting to see what happens with OpenSSL, and LibreSSL\u003c/li\u003e\n\u003cli\u003eHopefully, most projects will decide to switch to the cleaner APIs provided by s2n or libtls, although they do not provide the entire functionality of the OpenSSL API.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://news.ycombinator.com/item?id=13284648\" rel=\"nofollow\"\u003eHacker News comments\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/exfiltration-via-receive-timing\" rel=\"nofollow\"\u003eexfiltration via receive timing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAnother similar way to create a backchannel but without transmitting anything is to introduce delays in the receiver and measure throughput as observed by the sender. All we need is a protocol with transmission control. Hmmm. Actually, it’s easier (and more reliable) to code this up using a plain pipe, but the same principle applies to networked transmissions.\u003c/p\u003e\n\n\u003cp\u003eFor every digit we want to “send” back, we sleep a few seconds, then drain the pipe. We don’t care about the data, although if this were a video file or an OS update, we could probably do something useful with it.\u003c/p\u003e\n\n\u003cp\u003eContinuously fill the pipe with junk data. If (when) we block, calculate the difference between before and after. This is a our secret backchannel data. (The reader and writer use different buffer sizes because on OpenBSD at least, a writer will stay blocked even after a read depending on the space that opens up. Even simple demos have real world considerations.)\u003c/p\u003e\n\n\u003cp\u003eIn this simple example, the secret data (argv) is shared by the processes, but we can see that the writer isn’t printing them from its own address space. Nevertheless, it works.\u003c/p\u003e\n\n\u003cp\u003eTime to add random delays and buffering to firewalls? Probably not.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting thought experiment that shows just how many ways there are to covertly convey a message\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://news.ycombinator.com/item?id=13223351\" rel=\"nofollow\"\u003eOpenBSD Desktop in about 30 Minutes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver at hackernews we have a very non-verbose, but handy guide to getting to a OpenBSD desktop in about 30 minutes!\u003c/li\u003e\n\u003cli\u003eFirst, the guide will assume you’ve already installed OpenBSD 6.0, so you’ll need to at least be at the shell prompt of your freshly installed system to begin.\u003c/li\u003e\n\u003cli\u003eWith that, now its time to do some tuning. Editing some resource limits in login.conf will be our initial task, upping some datasize tunables to 2GB\u003c/li\u003e\n\u003cli\u003eNext up, we will edit some of the default “doas” settings to something a bit more workable for desktop computing\u003c/li\u003e\n\u003cli\u003eAnother handy trick, editing your .profile to have your PKG_PATH variables set automatically will make\u003c/li\u003e\n\u003cli\u003eOne thing some folks may overlook, but disabling atime can speed disk performance (which you probably don’t care about atime on your desktop anyway), so this guide will show you what knobs to tweak in /etc/fstab to do so\u003c/li\u003e\n\u003cli\u003eAfter some final WPA / Wifi configuration, we then drop to “mere mortal” mode and begin our package installations. In this particular guide, he will be setting up Lumina Desktop (Which yes, it is on OpenBSD)\u003c/li\u003e\n\u003cli\u003eA few small tweaks later for xscreensaver and your xinitrc file, then you are ready to run “startx” and begin your desktop session!\u003c/li\u003e\n\u003cli\u003eAll in all, great guide which if you are fast can probably be done in even less than 30 minutes and will result in a rock-solid OpenBSD desktop rocking Lumina none-the-less.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hackernoon.com/dtrace-at-home-145ba773371e\" rel=\"nofollow\"\u003eHow DTrace saved Christmas\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdam Leventhal, one of the co-creators of DTrace, wrote up this post about how he uses DTrace at home, to save Christmas\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI had been procrastinating making the family holiday card. It was a combination of having a lot on my plate and dreading the formulation of our annual note recapping the year; there were some great moments, but I’m glad I don’t have to do 2016 again. It was just before midnight and either I’d make the card that night or leave an empty space on our friends’ refrigerators.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdobe Illustrator had other ideas: “Unable to set maximum number of files to be opened”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’m not the first person to hit this. The problem seems to have existed since CS6 was released in 2016. None of the solutions were working for me, and — inspired by \u003ca href=\"https://medium.com/startup-grind/how-to-start-a-company-with-no-free-time-b70fbe7b918a#.uujdblxc6\" rel=\"nofollow\"\u003eSara Mauskopf’s excellent post\u003c/a\u003e — I was rapidly running out of the time bounds for the project. Enough; I’d just DTrace it.\u003c/p\u003e\n\n\u003cp\u003eA colleague scoffed the other day, “I mean, how often do you actually use DTrace?” In his mind DTrace was for big systems, critical system, when dollars and lives were at stake. My reply: I use DTrace every day. I can’t imagine developing software without DTrace, and I use it when my laptop (not infrequently) does something inexplicable (I’m forever grateful to the Apple team that ported it to Mac OS X)\u003c/p\u003e\n\n\u003cp\u003eIllustrator is failing on setrlimit(2) and blowing up as result. Let’s confirm that it is in fact returning -1:$ sudo dtrace -n \u0026#39;syscall::setrlimit:return/execname == \u0026quot;Adobe Illustrato\u0026quot;/{ printf(\u0026quot;%d %d\u0026quot;, arg1, errno); }\u0026#39;\u003cbr\u003e\n   dtrace: description \u0026#39;syscall::setrlimit:return\u0026#39; matched 1 probe\u003cbr\u003e\n   CPU     ID                    FUNCTION:NAME\u003cbr\u003e\n     0    532                 setrlimit:return -1 1\u003c/p\u003e\n\n\u003cp\u003eThere it is. And setrlimit(2) is failing with errno 1 which is EPERM (value too high for non-root user). I already tuned up the files limit pretty high. Let’s confirm that it is in fact setting the files limit and check the value to which it’s being set. To write this script I looked at the documentation for setrlimit(2) (hooray for man pages!) to determine that the position of the resource parameter (arg0) and the type of the value parameter (struct rlimit). I needed the DTrace copyin() subroutine to grab the structure from the process’s address space:\u003cbr\u003e\n$ sudo dtrace -n \u0026#39;syscall::setrlimit:entry/execname == \u0026quot;Adobe Illustrato\u0026quot;/{ this-\u0026gt;r = *(struct rlimit *)copyin(arg1, sizeof (struct rlimit)); printf(\u0026quot;%x %x %x\u0026quot;, arg0, this-\u0026gt;r.rlim_cur, this-\u0026gt;r.rlim_max);  }\u0026#39;\u003c/p\u003e\n\n\u003cp\u003edtrace: description \u0026#39;syscall::setrlimit:entry\u0026#39; matched 1 probe\u003cbr\u003e\n   CPU     ID                FUNCTION:NAME\u003cbr\u003e\n     0    531              setrlimit:entry 1008 2800 7fffffffffffffff\u003cbr\u003e\nLooking through /usr/include/sys/resource.h we can see that 1008 corresponds to the number of files (RLIMIT_NOFILE | \u003cbr\u003e\n_RLIMIT_POSIX_FLAG)\u003c/p\u003e\n\n\u003cp\u003eThe quickest solution was to use DTrace again to whack a smaller number into that struct rlimit. Easy:\u003cbr\u003e\n$ sudo dtrace -w -n \u0026#39;syscall::setrlimit:entry/execname == \u0026quot;Adobe Illustrato\u0026quot;/{ this-\u0026gt;i = (rlim_t *)alloca(sizeof (rlim_t)); *this-\u0026gt;i = 10000; copyout(this-\u0026gt;i, arg1 + sizeof (rlim_t), sizeof (rlim_t)); }\u0026#39;\u003c/p\u003e\n\n\u003cp\u003edtrace: description \u0026#39;syscall::setrlimit:entry\u0026#39; matched 1 probe\u003cbr\u003e\n   dtrace: could not enable tracing: Permission denied\u003c/p\u003e\n\n\u003cp\u003eOh right. Thank you SIP (System Integrity Protection). This is a new laptop (at least a new motherboard due to some bizarre issue) which probably contributed to Illustrator not working when once it did. Because it’s new I haven’t yet disabled the part of SIP that prevents you from using DTrace on the kernel or in destructive mode (e.g. copyout()). It’s easy enough to disable, but I’m reboot-phobic — I hate having to restart my terminals — so I went to plan B: lldb\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter using DTrace to get the address of the setrlimit function, Adam used lldb to change the result before it got back to the application:\n(lldb) break set -n _init\nBreakpoint 1: 47 locations.\n(lldb) run\n…\n(lldb) di -s 0x1006e5b72 -c 1\n0x1006e5b72: callq  0x1011628e0     ; symbol stub for: setrlimit\n(lldb) memory write 0x1006e5b72 0x31 0xc0 0x90 0x90 0x90\n(lldb) di -s 0x1006e5b72 -c 4\n0x1006e5b72: xorl   %eax, %eax\n0x1006e5b74: nop\n0x1006e5b75: nop\n0x1006e5b76: nop\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eNext I just did a process detach and got on with making that holiday card…\u003c/p\u003e\n\n\u003cp\u003eDTrace was designed for solving hard problems on critical systems, but the need to understand how systems behave exists in development and on consumer systems. Just because you didn’t write a program doesn’t mean you can’t fix it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2016/12/22/say-my-blogs-name/\" rel=\"nofollow\"\u003eSay my Blog\u0026#39;s name!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBrian Everly over at functionally paranoid has a treat for us today. Let us give you a moment to get the tin-foil hats on… Ok, done? Let’s begin!\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHe starts off with a look at physical security. He begins by listing your options:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003col\u003e\n\u003cli\u003eBIOS passwords – Not something I’m typically impressed with.  Most can be avoided by opening up the machine, closing a jumper and powering it up to reset the NVRAM to factory defaults.  I don’t even bother with them.\u003c/li\u003e\n\u003cli\u003eFull disk encryption – This one really rings my bell in a positive way.  If you can kill power to the box (either because the bad actor has to physically steal it and they aren’t carrying around a pile of car batteries and an inverter or because you can interrupt power to it some other way), then the disk will be encrypted.  The other beauty of this is that if a drive fails (and they all do eventually) you don’t have to have any privacy concerns about chucking it into an electronics recycler (or if you are a bad, bad person, into a landfill) because that data is effectively gibberish without the key (or without a long time to brute force it).\u003c/li\u003e\n\u003cli\u003eTwo factor auth for logins – I like this one as well.  I’m not a fan of biometrics because if your fingerprint is compromised (yes, it can happen – \u003ca href=\"https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/\" rel=\"nofollow\"\u003eread\u003c/a\u003e about the department of defense background checks that were extracted by a bad agent – they included fingerprint images) you can’t exactly send off for a new finger.  Things like the \u003ca href=\"https://www.yubico.com/\" rel=\"nofollow\"\u003eYubiKey\u003c/a\u003e are pretty slick.  They require that you have the physical hardware key as well as the password so unless the bad actor lifted your physical key, they would have a much harder time with physical access to your hardware.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOut of those options, Brian mentions that he uses disk encryption and yubi-key for all his secure network systems.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNext up is network segmentation, in this case the first thing to do is change your admin password for any ISP supplied modem \u003cbr\u003e\n/ router. He goes on to scare us of javascript attacks being used not against your local machine, but instead non WAN exposed router admin interface. Scary Stuff!\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFor added security, naturally he firewalls the router by plugging in the LAN port to a OpenBSD box which does the 2nd layer of firewall / router protection.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWhat about privacy and browsing? Here’s some more of his tips:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI use Unbound as my DNS resolver on my local network (with all UDP port 53 traffic redirected to it by pf so I don’t have to configure anything on the clients) and then forward the traffic to DNSCrypt Proxy, caching the results in Unbound.  I notice ZERO performance penalty for this and it greatly enhances privacy.  This combination of Unbound and DNSCrypt Proxy works very well together.  You can even have redundancy by having multiple upstream resolvers running on different ports (basically run the DNSCrypt Proxy daemon multiple times pointing to different public resolvers).\u003c/p\u003e\n\n\u003cp\u003eI also use Firefox exclusively for my web browsing.  By leveraging the tips on \u003ca href=\"https://www.privacytools.io/\" rel=\"nofollow\"\u003ethis page\u003c/a\u003e, you can lock it down to do a great job of privacy protection.  The fact that your laptop’s battery drain rate can be used to fingerprint your browser completely trips me out but hey – that’s the world we live in.’\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat about the cloud you may ask? Well Brian has a nice solution for that as well:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI recently decided I would try to live a cloud-free life and I’ll give you a bit of a synopsis on it.  I discovered a wonderful Open Source project called \u003ca href=\"http://www.freenas.org/\" rel=\"nofollow\"\u003eFreeNAS\u003c/a\u003e.  What this little gem does is allow you to install a FreeBSD/zfs file server appliance on amd64 hardware and have a slick administrative web interface for managing it.  I picked up a nice SuperMicro motherboard and chassis that has 4 hot swap drive bays (and two internal bays that I used to mirror the boot volume on) and am rocking the zfs lifestyle!  (Thanks Alan Jude!)\u003c/p\u003e\n\n\u003cp\u003eOne of the nicest features of the FreeNAS is that it provides the ability to leverage the FreeBSD jail functionality in an easy to use way.  It also has plugins but the security on those is a bit sketchy (old versions of libraries, etc.) so I decided to roll my own.  I created two jails – one to run OwnCloud (yeah, I know about NextCloud and might switch at some point) and the other to run a full SMTP/IMAP email server stack.  I used \u003ca href=\"https://letsencrypt.org/\" rel=\"nofollow\"\u003eLets Encrypt\u003c/a\u003e to generate the SSL certificates and made sure I hit an A on \u003ca href=\"https://www.ssllabs.com/\" rel=\"nofollow\"\u003eSSLLabs\u003c/a\u003e before I did anything else.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHis post then goes in to talk about Backups and IoT devices, something else you need to consider in this truely paranoid world we are forced to live in. We even get a nice shout-out near the end!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEnter \u003ca href=\"http://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarSnap\u003c/a\u003e – a company that advertises itself as “Online Backups for the Truly Paranoid”.  It brings a tear to my eye – a kindred spirit!  :-)  Thanks again to Alan Jude and Kris Moore from the \u003ca href=\"http://www.bsdnow.tv/\" rel=\"nofollow\"\u003eBSD Now podcast\u003c/a\u003e for turning me onto this company.  It has a very easy command syntax (yes, it isn’t a GUI tool – suck it up buttercup, you wanted to learn the shell didn’t you?) and even allows you to compile the thing from source if you want to.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve only covered some of the highlights here, but you really should take a few moments of your time today and read this top to bottom. Lots of good tips here, already thinking how I can secure my home network better.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://producingoss.com/en/producingoss.pdf\" rel=\"nofollow\"\u003eThe open source book: “Producing Open Source Software”\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“How to Run a Successful Free Software Project” by Karl Fogel\u003c/li\u003e\n\u003cli\u003e9 chapters and over 200 pages of content, plus many appendices\u003c/li\u003e\n\u003cli\u003eSome interesting topics include:\n\n\u003cul\u003e\n\u003cli\u003eChoosing a good name\u003c/li\u003e\n\u003cli\u003eversion control\u003c/li\u003e\n\u003cli\u003ebug tracking\u003c/li\u003e\n\u003cli\u003ecreating developer guidelines\u003c/li\u003e\n\u003cli\u003esetting up communications channels\u003c/li\u003e\n\u003cli\u003echoosing a license (although this guide leans heavily towards the GPL)\u003c/li\u003e\n\u003cli\u003esetting the tone of the project\u003c/li\u003e\n\u003cli\u003ejoining or creating a Non-Profit Organization\u003c/li\u003e\n\u003cli\u003ethe economics of open source\u003c/li\u003e\n\u003cli\u003erelease engineering, packaging, nightly builds, etc\u003c/li\u003e\n\u003cli\u003ehow to deal with forks\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eA lot of good information packaged into this ebook\u003c/li\u003e\n\u003cli\u003eThis work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.venshare.com/dtrace-flamegraphs-for-freebsd-and-node-js-2/\" rel=\"nofollow\"\u003eDTrace Flamegraphs for node.js on FreeBSD \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the coolest tools built on top of DTrace is flamegraphs\u003c/li\u003e\n\u003cli\u003eThey are a very accurate, and visual way to see where a program is spending its time, which can tell you why it is slow, or where it could be improved. Further enhancements include off-cpu flame graphs, which tell you when the program is doing nothing, which can also be very useful\n\u0026gt; Recently BSD UNIXes are being acknowledged by the application development community as an interesting operating system to deploy to. This is not surprising given that FreeBSD had jails, the original container system, about 17 years ago and a lot of network focused businesses such as netflix see it as the best way to deliver content. This developer interest has led to hosting providers supporting FreeBSD. e.g. Amazon, Azure, Joyent and you can get a 2 months free instance at Digital Ocean.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDTrace is another vital feature for anyone who has had to deal with production issues and has been in FreeBSD since version 9. As of FreeBSD 11 the operating system now contains some great work by Fedor Indutny so you can profile node applications and create flamegraphs of node.js processes without any additional runtime flags or restarting of processes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is one of the most important things about DTrace. Many applications include some debugging functionality, but they require that you stop the application, and start it again in debugging mode. Some even require that you recompile the application in debugging mode.\u003c/li\u003e\n\u003cli\u003eBeing able to attach DTrace to an application, while it is under load, while the problem is actively happening, can be critical to figuring out what is going on.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIn order to configure your FreeBSD instance to utilize this feature make the following changes to the configuration of the server.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eLoad the DTrace module at boot\u003c/li\u003e\n\u003cli\u003eIncrease some DTrace limits\u003c/li\u003e\n\u003cli\u003eInstall node with the optional DTrace feature compiled in\u003c/li\u003e\n\u003cli\u003eFollow the generic \u003ca href=\"https://nodejs.org/en/blog/uncategorized/profiling-node-js/\" rel=\"nofollow\"\u003enode.js flamegraph tutorial\u003c/a\u003e\n\u0026gt; I hope you find this article useful. The ability to look at a runtime in this manor has saved me twice this year and I hope it will save you in the future too. My next post on freeBSD and node.js will be looking at some scenarios on utilising the ZFS features.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAlso check out Brendan Gregg’s \u003ca href=\"http://queue.acm.org/detail.cfm?id=2927301\" rel=\"nofollow\"\u003eACM Queue Article\u003c/a\u003e “The Flame Graph: This visualization of software execution is a new necessity for performance profiling and debugging”\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sourceforge.net/p/sshguard/mailman/message/35580961/\" rel=\"nofollow\"\u003eSSHGuard 2.0 Call for Testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSSHGuard is a tool for monitoring brute force attempts and blocking them\u003c/li\u003e\n\u003cli\u003eIt has been a favourite of mine for a while because it runs as a pipe from syslogd, rather than reading the log files from the disk\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA lot of work to get SSHGuard working with new log sources (journalctl, macOS log) and backends (firewalld, ipset) has happened in 2.0. The new version also uses a configuration file.\u003c/p\u003e\n\n\u003cp\u003eMost importantly, SSHGuard has been split into several processes piped into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be sandboxed in its default configuration (without pid file, whitelist, blacklisting) and has not been tested sandboxed in other configurations.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBreaking the processes up so that the sensitive bits can be sandboxes is very nice to see\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://2007.asiabsdcon.org/papers/P16-paper.pdf\" rel=\"nofollow\"\u003epjd’s 2007 paper from AsiaBSDCon: “Porting the ZFS file system to the FreeBSD operating system”\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://vimeo.com/user60888329\" rel=\"nofollow\"\u003eA Message From the FreeBSD Foundation\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://thenewstack.io/remembering-roger-faulkner/\" rel=\"nofollow\"\u003eRemembering Roger Faulkner, Unix Champion\u003c/a\u003e and \u003ca href=\"https://news.ycombinator.com/item?id=13293596\" rel=\"nofollow\"\u003eA few HN comments (including Bryan Cantrill)\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/QtyJeHMk\" rel=\"nofollow\"\u003e Peter - TrueOS Network\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ru726VTV\" rel=\"nofollow\"\u003e Chris - Remote Desktop\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/LQZPgF5g\" rel=\"nofollow\"\u003e Goetz - Geli on Serial\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/jFeL8zKX\" rel=\"nofollow\"\u003e Joe - BGP\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Xq9cbmfn\" rel=\"nofollow\"\u003e Alejandro - BSD Router\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we’ve got all sorts of post-holiday goodies to share. New OpenSSL APIs, Dtrace, OpenBSD","date_published":"2017-01-04T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4c57b68b-aac0-41b5-b068-d8172ea3bfb7.mp3","mime_type":"audio/mpeg","size_in_bytes":70191796,"duration_in_seconds":5849}]},{"id":"129f9ebc-cd7f-4fc5-b50f-51b8d71f7504","title":"174: 2016 Highlights","url":"https://www.bsdnow.tv/174","content_text":"A look back at 2016\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\ntitle=\"Tarsnap\"\u0026gt;\n\n\n\nLinksZFS in the trenches \n| BSD Now 123\nhref=\"http://www.jupiterbroadcasting.com/99991/one-small-step-for-drm-one-giant-leap-for-bsd-bsd-now-143/\"\u0026gt;One small step for \nDRM, one giant leap for BSD | BSD Now 143\nhref=\"http://www.jupiterbroadcasting.com/101501/the-laporte-has-landed-bsd-now-152/\"\u0026gt;The Laporte has landed! | BSD Now \n152Ham, Radio \u0026amp; Pie, Oh \nMy! | BSD Now 158The \nFoundation of NetBSD | BSD Now 162\nhref=\"http://www.jupiterbroadcasting.com/103871/return-of-the-cantrill-bsd-now-163/\"\u0026gt;Return of the Cantrill | BSD Now 163\n\n","content_html":"\u003cp\u003eA look back at 2016\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and \u003cbr\u003e\nStorage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" \u003cbr\u003e\ntitle=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ch3\u003eLinks\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"http://www.jupiterbroadcasting.com/92416/zfs-in-the-trenches-bsd-now-123/\"\u003eZFS in the trenches \u003cbr\u003e\n| BSD Now 123\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.jupiterbroadcasting.com/99991/one-small-step-for-drm-one-giant-leap-for-bsd-bsd-now-143/\"\u003eOne small step for \u003cbr\u003e\nDRM, one giant leap for BSD | BSD Now 143\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.jupiterbroadcasting.com/101501/the-laporte-has-landed-bsd-now-152/\"\u003eThe Laporte has landed! | BSD Now \u003cbr\u003e\n152\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"http://www.jupiterbroadcasting.com/102941/ham-radio-pie-oh-my-bsd-now-158/\"\u003eHam, Radio \u0026amp; Pie, Oh \u003cbr\u003e\nMy! | BSD Now 158\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"http://www.jupiterbroadcasting.com/103626/the-foundation-of-netbsd-bsd-now-162/\"\u003eThe \u003cbr\u003e\nFoundation of NetBSD | BSD Now 162\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.jupiterbroadcasting.com/103871/return-of-the-cantrill-bsd-now-163/\"\u003eReturn of the Cantrill | BSD Now 163\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e","summary":"A look back at 2016","date_published":"2016-12-29T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/129f9ebc-cd7f-4fc5-b50f-51b8d71f7504.mp3","mime_type":"audio/mpeg","size_in_bytes":84274708,"duration_in_seconds":10534}]},{"id":"2a58c833-1f45-4da6-a9b8-fe475b5f00ea","title":"173: Carry on my Wayland son","url":"https://www.bsdnow.tv/173","content_text":"This week on the show, we’ve got some great stories to bring you, a look at the odder side of UNIX history\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\ntitle=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nsyspatch in testing state\n\n\nAntoine Jacoutot ajacoutot@ openbsd has posted a call for testing for OpenBSD’s new syspatch tool\n“syspatch(8), a \"binary\" patch system for -release is now ready for early testing. This does not use binary diffing to update the system, but regular signed tarballs containing the updated files (ala installer).”\n“I would appreciate feedback on the tool. But please send it directly to me, there's no need to pollute the list. This is obviously WIP and the tool may or may not change in drastic ways.”\n“These test binary patches are not endorsed by the OpenBSD project and should not be trusted, I am only providing them to get early feedback on the tool. If all goes as planned, I am hoping that syspatch will make it into the 6.1 release; but for it to happen, I need to know how it breaks your systems :-)”\nInstructions\nIf you test it, report back and let us know how it went\n***\n\n\nWeston working\n\n\nOver the past few years we’ve had some user-interest in the state of Wayland / Weston on FreeBSD. In the past day or so, Johannes Lundberg has sent in a progress report to the FreeBSD mailing lists.\nWithout further ADO:\n\n\n\nWe had some progress with Wayland that we'd like to share.\n\nWayland (v1.12.0)\n  Working\n\nWeston (v1.12.0)\n  Working (Porting WIP)\n\nWeston-clients (installed with wayland/weston port)\n  Working\n\nXWayland (run X11 apps in Wayland compositor)\n  Works (maximized window only) if started manually but not when\n  launching X11 app from Weston.  Most likely problem with Weston IPC.\n\nSway (i3-compatible Wayland compositor)\n  Working\n\nSDL20 (Wayland backend)\n  games/stonesoup-sdl briefly tested.\n  https://twitter.com/johalun/status/811334203358867456\n\nGDM (with Wayland)\n  Halted - depends on logind.\n\nGTK3\n  gtk3-demo runs fine on Weston (might have to set GDK_BACKEND=wayland\nfirst.\n  GTK3 apps working (gedit, gnumeric, xfce4-terminal tested, xfce desktop\n(4.12) does not yet support GTK3)“\n\n\n\nJohannes goes on to give instructions on how / where you can fetch their WiP and do your own testing. At the moment you’ll need Matt Macy’s newer Intel video work, as well as their ports tree which includes all the necessary software bits.\nBefore anybody asks, yes we are watching this for TrueOS!\n***\n\n\nWhere the rubber meets the road (part two)\n\n\nContinuing with our story from Brian Everly from a week ago, we have an update today on the process to dual-boot OpenBSD with Arch Linux.\nAs we last left off, Arch was up and running on the laptop, but some quirks in the hardware meant OpenBSD would take a bit longer. \nWith those issues resolved and the HD seen again, the next issue that reared its head was OpenBSD not seeing the partition tables on the disk. After much frustration, it was time to nuke and pave, starting with OpenBSD first this time.\nAfter a successful GPT partitioning and install of OpenBSD, he went back to installing Arch, and then the story got more interesting. \n\n\n\n“I installed Arch as I detailed in my last post; however, when I fired up gdisk I got a weird error message:\n\n“Warning! Disk size is smaller than the main header indicates! Loading secondary header from the last sector of the disk! You should use ‘v’ to verify disk integrity, and perhaps options on the expert’s menu to repair the disk.”\n\nImmediately after this, I saw a second warning:\n\n“Caution: Invalid backup GPT header, but valid main header; regenerating backup header from main header.”\n\nAnd, not to be outdone, there was a third:\n\n“Warning! Main and backup partition tables differ! Use the ‘c’ and ‘e’ options on the recovery \u0026amp; transformation menu to examine the two tables.”\n\nFinally (not kidding), there was a fourth:\n\n“Warning! One or more CRCs don’t match. You should repair the disk!”\n\nGiven all of that, I thought to myself, “This is probably why I couldn’t see the disk properly when I partitioned it under Linux on the OpenBSD side.  I’ll let it repair things and I should be good to go.”  I then followed the recommendation and repaired things, using the primary GPT table to recreate the backup one.  I then installed Arch and figured I was good to go.“\n\n\n\nAfter confirming through several additional re-installs that the behavior was reproducible, he then decided to go full on crazy,and partition with MBR. That in and of itself was a challenge, since as he mentions, not many people dual-boot OpenBSD with Linux on MBR, especially using luks and lvm!\nIf you want to see the details on how that was done, check it out.\nThe story ends in success though! And better yet:\n\n\n\n“Now that I have everything working, I’ll restore my config and data to Arch, configure OpenBSD the way I like it and get moving.  I’ll take some time and drop a note on the tech@ mailing list for OpenBSD to see if they can figure out what the GPT problem was I was running into.  Hopefully it will make that part of the code stronger to get an edge-case bug report like this.”\n\n\n\nTake note here, if you run into issues like this with any OS, be sure to document in detail what happened so developers can explore solutions to the issue. \n***\n\n\nFreeBSD and ZFS as a time capsule for OS X \n\n\nDo you have any Apple users in your life? Perhaps you run FreeBSD for ZFS somewhere else in the house or office. Well today we have a blog post from Mark Felder which shows how you can use FreeBSD as a time-capsule for your OSX systems.\nThe setup is quite simple, to get started you’ll need packages for netatalk3 and avahi-app for service discovery.\nNext up will be your AFP configuration. He helpfully provides a nice example that you should be able to just cut-n-paste. Be sure to check the hosts allow lines and adjust to fit your network. Also of note will be the backup location and valid users to adjust.\nA little easier should be the avahi setup, which can be a straight copy-n-paste from the site, which will perform the service advertisements.\nThe final piece is just enabling specific services in /etc/rc.conf and either starting them by hand, or rebooting. At this point your OSX systems should be able to discover the new time-capsule provider on the network and DTRT.\n***\n\n\nNews Roundup\n\nnetbenches - FreeBSD network forwarding performance benchmark results\n\n\nOlivier Cochard-Labbé, original creator of FreeNAS, and leader of the BSD Router Project, has a github repo of network benchmarks\nThere are many interesting results, and all of the scripts, documentation, and configuration files to run the tests yourself\nIPSec Performance on an Atom C2558, 12-head vs IPSec Performance Branch  \nCompared to: Xeon L5630 2.13GHz  \nand IPSec with Authentication  \nI look forward to seeing tests on even more hardware, as people with access to different configurations try out these benchmarks\n***\n\n\nA tcpdump Tutorial and Primer with Examples\n\n\nMost users will be familiar with the basics of using tcpdump, but this tutorial/primer is likely to fill in a lot of blanks, and advance many users understanding of tcpdump\n“tcpdump is the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Wireshark, but I believe this to usually be a mistake.”\ntcpdump is an important tool for any system or network administrator, it is not just for security. It is often the best way to figure out why the network is not behaving as expected.\n“In a discipline so dependent on a true understanding of concepts vs. rote learning, it’s important to stay fluent in the underlying mechanics of the TCP/IP suite. A thorough grasp of these protocols allows one to troubleshoot at a level far beyond the average analyst, but mastery of the protocols is only possible through continued exposure to them.”\nNot just that, but TCP/IP is a very interesting protocol, considering how little it has changed in its 40+ year history\n“First off, I like to add a few options to the tcpdump command itself, depending on what I’m looking at. The first of these is -n, which requests that names are not resolved, resulting in the IPs themselves always being displayed. The second is -X, which displays both hex and ascii content within the packet.”\n“It’s also important to note that tcpdump only takes the first 96 bytes of data from a packet by default. If you would like to look at more, add the -s number option to the mix, where number is the number of bytes you want to capture. I recommend using 0 (zero) for a snaplength, which gets everything.”\nThe page has a nice table of the most useful options\nIt also has a great primer on doing basic filtering\nIf you are relatively new to using tcpdump, I highly recommend you spend a few minutes reading through this article\n***\n\n\nHow Unix made it to the top\n\n\nDoug McIlroy gives us a nice background post on how “Unix made it to the top”\nIt’s fairly short / concise, so I felt it would be good to read in its entirety. \n\n\n\n“It has often been told how the Bell Labs law department became the first non-research department to use Unix, displacing a newly acquired stand-alone word-processing system that fell short of the department's hopes because it couldn't number the lines on patent applications, as USPTO required. When Joe Ossanna heard of this, he told them about roff and promised to give it line-numbering capability the next day. They tried it and were hooked. Patent secretaries became remote members of the fellowship of the Unix lab. In due time the law department got its own machine.\n\nLess well known is how Unix made it into the head office of AT\u0026amp;T. It seems that the CEO, Charlie Brown, did not like to be seen wearing glasses when he read speeches. Somehow his PR assistant learned of the CAT phototypesetter in the Unix lab and asked whether it might be possible to use it to produce scripts in large type. Of course it was. As connections to the top never hurt, the CEO's office was welcomed as another ouside user. The cost--occasionally having to develop film for the final copy of a speech--was not onerous.\n\nHaving teethed on speeches, the head office realized that Unix could also be useful for things that didn't need phototypesetting. Other documents began to accumulate in their directory. By the time we became aware of it, the hoard came to include minutes of AT\u0026amp;T board meetings. It didn't seem like a very good idea for us to be keeping records from the inner sanctum of the corporation on a computer where most everybody had super-user privileges. A call to the PR guy convinced him of the wisdom of keeping such things on their own premises. And so the CEO's office bought a Unix system.\n\nJust as one hears of cars chosen for their cupholders, so were theseusers converted to Unix for trivial reasons: line numbers and vanity.“\n\n\n\n\nOdd Comments and Strange Doings in Unix\n\n\nEverybody loves easter-eggs, and today we have some fun odd ones from the history throughout UNIX told by Dennis Ritchie.\nFirst up, was a fun one where the “mv” command could sometimes print the following “values of b may give rise to dom!”\n\n\n\n\n“Like most of the messages recorded in these compilations, this one was produced in some situation that we considered unlikely or as result of abuse; the details don't matter. I'm recording why the phrase was selected.\n\nThe very first use of Unix in the \"real business\" of Bell Labs was to type and produce patent applications, and for a while in the early 1970s we had three typists busily typing away in the grotty lab on the sixth floor. One day someone came in and observed on the paper sticking out of one of the Teletypes, displayed in magnificent isolation, this ominous phrase:    values of b may give rise to dom!\n\nIt was of course obvious that the typist had interrupted a printout (generating the \"!\" from the ed editor) and moved up the paper, and that the context must have been something like \"varying values of beta may give rise to domain wall movement\" or some other fragment of a physically plausible patent application.But the phrase itself was just so striking! Utterly meaningless, but it looks like what... a warning? What is \"dom?\"\n\nAt the same time, we were experimenting with text-to-voice software by Doug McIlroy and others, and of course the phrase was tried out with it. For whatever reason, its rendition of \"give rise to dom!\" accented the last word in a way that emphasized the phonetic similarity between \"doom\" and the first syllable of \"dominance.\" It pronounced \"beta\" in the British style, \"beeta.\" The entire occurrence became a small, shared treasure.The phrase had to be recorded somewhere, and it was, in the v6 source. Most likely it was Bob Morris who did the deed, but it could just as easily have been Ken. I hope that your browser reproduces the b as a Greek beta.“\n\n\n\nNext up is one you might have heard before: \n\n\n\n/* You are not expected to understand this */\u0026gt; Every now and then on Usenet or elsewhere I run across a reference to a certain comment in the source code of the Sixth \nEdition Unix operating system.\n\nI've even been given two sweatshirts that quote it.\n\nMost probably just heard about it, but those who saw it in the flesh either had Sixth Edition Unix (ca. 1975) or read the annotated version of this system by John Lions (which was republished in 1996: ISBN 1-57298-013-7, Peer-to-Peer Communications).It's often quoted as a slur on the quantity or quality of the comments in the Bell Labs research releases of Unix. Not an unfair observation in general, I fear, but in this case unjustified. \n\nSo we tried to explain what was going on. \"You are not expected to understand this\" was intended as a remark in the spirit of \"This won't be on the exam,\" rather than as an impudent challenge. \n\n\n\nThere’s a few other interesting stories as well, if the odd/fun side of UNIX history at all interests you, I would recommend checking it out.\n\n\n\n\nBeastie Bits\n\n\nWith patches in review the #FreeBSD base system builds 100% reproducibly\nBSDCan 2017 Call for Participation\nioCell 2.0 released  \nwho even calls link_ntoa?\nBooting Androidx86 under bhyve\n\n\n\n\nFeedback/Questions\n\n\n Chris - VNET \n Brian - Package Base \n Wim - TrueOS Desktop All-n-one \n Daniel - Long Boots \n Bryan - ZFS / FreeNAS \n Bryan - FreeNAS Security \n***\n","content_html":"\u003cp\u003eThis week on the show, we’ve got some great stories to bring you, a look at the odder side of UNIX history\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and \u003cbr\u003e\nStorage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" \u003cbr\u003e\ntitle=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=148058309126053\u0026w=2\" rel=\"nofollow\"\u003esyspatch in testing state\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAntoine Jacoutot ajacoutot@ openbsd has posted a call for testing for OpenBSD’s new syspatch tool\u003c/li\u003e\n\u003cli\u003e“syspatch(8), a \u0026quot;binary\u0026quot; patch system for -release is now ready for early testing. This does not use binary diffing to update the system, but regular signed tarballs containing the updated files (ala installer).”\u003c/li\u003e\n\u003cli\u003e“I would appreciate feedback on the tool. But please send it directly to \u003cem\u003eme\u003c/em\u003e, there\u0026#39;s no need to pollute the list. This is obviously WIP and the tool may or may not change in drastic ways.”\u003c/li\u003e\n\u003cli\u003e“These test binary patches are \u003cem\u003enot\u003c/em\u003e endorsed by the OpenBSD project and should not be trusted, I am only providing them to get early feedback on the tool. If all goes as planned, I am hoping that syspatch will make it into the 6.1 release; but for it to happen, I need to know how it breaks your systems :-)”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://syspatch.openbsd.org/pub/OpenBSD/6.0/syspatch/amd64/README.txt\" rel=\"nofollow\"\u003eInstructions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf you test it, report back and let us know how it went\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2016-December/064198.html\" rel=\"nofollow\"\u003eWeston working\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver the past few years we’ve had some user-interest in the state of Wayland / Weston on FreeBSD. In the past day or so, Johannes Lundberg has sent in a progress report to the FreeBSD mailing lists.\u003c/li\u003e\n\u003cli\u003eWithout further ADO:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe had some progress with Wayland that we\u0026#39;d like to share.\u003c/p\u003e\n\n\u003cp\u003eWayland (v1.12.0)\u003cbr\u003e\n  Working\u003c/p\u003e\n\n\u003cp\u003eWeston (v1.12.0)\u003cbr\u003e\n  Working (Porting WIP)\u003c/p\u003e\n\n\u003cp\u003eWeston-clients (installed with wayland/weston port)\u003cbr\u003e\n  Working\u003c/p\u003e\n\n\u003cp\u003eXWayland (run X11 apps in Wayland compositor)\u003cbr\u003e\n  Works (maximized window only) if started manually but not when\u003cbr\u003e\n  launching X11 app from Weston.  Most likely problem with Weston IPC.\u003c/p\u003e\n\n\u003cp\u003eSway (i3-compatible Wayland compositor)\u003cbr\u003e\n  Working\u003c/p\u003e\n\n\u003cp\u003eSDL20 (Wayland backend)\u003cbr\u003e\n  games/stonesoup-sdl briefly tested.\u003cbr\u003e\n  \u003ca href=\"https://twitter.com/johalun/status/811334203358867456\" rel=\"nofollow\"\u003ehttps://twitter.com/johalun/status/811334203358867456\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eGDM (with Wayland)\u003cbr\u003e\n  Halted - depends on logind.\u003c/p\u003e\n\n\u003cp\u003eGTK3\u003cbr\u003e\n  gtk3-demo runs fine on Weston (might have to set GDK_BACKEND=wayland\u003cbr\u003e\nfirst.\u003cbr\u003e\n  GTK3 apps working (gedit, gnumeric, xfce4-terminal tested, xfce desktop\u003cbr\u003e\n(4.12) does not yet support GTK3)“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eJohannes goes on to give instructions on how / where you can fetch their WiP and do your own testing. At the moment you’ll need Matt Macy’s newer Intel video work, as well as their ports tree which includes all the necessary software bits.\u003c/li\u003e\n\u003cli\u003eBefore anybody asks, yes we are watching this for TrueOS!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2016/12/15/where-the-rubber-meets-the-road-part-two/\" rel=\"nofollow\"\u003eWhere the rubber meets the road (part two)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eContinuing with our story from Brian Everly from a week ago, we have an update today on the process to dual-boot OpenBSD with Arch Linux.\u003c/li\u003e\n\u003cli\u003eAs we last left off, Arch was up and running on the laptop, but some quirks in the hardware meant OpenBSD would take a bit longer. \u003c/li\u003e\n\u003cli\u003eWith those issues resolved and the HD seen again, the next issue that reared its head was OpenBSD not seeing the partition tables on the disk. After much frustration, it was time to nuke and pave, starting with OpenBSD first this time.\u003c/li\u003e\n\u003cli\u003eAfter a successful GPT partitioning and install of OpenBSD, he went back to installing Arch, and then the story got more interesting. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“I installed Arch as I detailed in my last post; however, when I fired up gdisk I got a weird error message:\u003c/p\u003e\n\n\u003cp\u003e“Warning! Disk size is smaller than the main header indicates! Loading secondary header from the last sector of the disk! You should use ‘v’ to verify disk integrity, and perhaps options on the expert’s menu to repair the disk.”\u003c/p\u003e\n\n\u003cp\u003eImmediately after this, I saw a second warning:\u003c/p\u003e\n\n\u003cp\u003e“Caution: Invalid backup GPT header, but valid main header; regenerating backup header from main header.”\u003c/p\u003e\n\n\u003cp\u003eAnd, not to be outdone, there was a third:\u003c/p\u003e\n\n\u003cp\u003e“Warning! Main and backup partition tables differ! Use the ‘c’ and ‘e’ options on the recovery \u0026amp; transformation menu to examine the two tables.”\u003c/p\u003e\n\n\u003cp\u003eFinally (not kidding), there was a fourth:\u003c/p\u003e\n\n\u003cp\u003e“Warning! One or more CRCs don’t match. You should repair the disk!”\u003c/p\u003e\n\n\u003cp\u003eGiven all of that, I thought to myself, “This is probably why I couldn’t see the disk properly when I partitioned it under Linux on the OpenBSD side.  I’ll let it repair things and I should be good to go.”  I then followed the recommendation and repaired things, using the primary GPT table to recreate the backup one.  I then installed Arch and figured I was good to go.“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter confirming through several additional re-installs that the behavior was reproducible, he then decided to go full on crazy,and partition with MBR. That in and of itself was a challenge, since as he mentions, not many people dual-boot OpenBSD with Linux on MBR, especially using luks and lvm!\u003c/li\u003e\n\u003cli\u003eIf you want to see the details on how that was done, check it out.\u003c/li\u003e\n\u003cli\u003eThe story ends in success though! And better yet:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Now that I have everything working, I’ll restore my config and data to Arch, configure OpenBSD the way I like it and get moving.  I’ll take some time and drop a note on the tech@ mailing list for OpenBSD to see if they can figure out what the GPT problem was I was running into.  Hopefully it will make that part of the code stronger to get an edge-case bug report like this.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTake note here, if you run into issues like this with any OS, be sure to document in detail what happened so developers can explore solutions to the issue. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.feld.me/posts/2016/12/using-freebsd-as-a-time-capsule-for-osx/\" rel=\"nofollow\"\u003eFreeBSD and ZFS as a time capsule for OS X \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDo you have any Apple users in your life? Perhaps you run FreeBSD for ZFS somewhere else in the house or office. Well today we have a blog post from Mark Felder which shows how you can use FreeBSD as a time-capsule for your OSX systems.\u003c/li\u003e\n\u003cli\u003eThe setup is quite simple, to get started you’ll need packages for netatalk3 and avahi-app for service discovery.\u003c/li\u003e\n\u003cli\u003eNext up will be your AFP configuration. He helpfully provides a nice example that you should be able to just cut-n-paste. Be sure to check the hosts allow lines and adjust to fit your network. Also of note will be the backup location and valid users to adjust.\u003c/li\u003e\n\u003cli\u003eA little easier should be the avahi setup, which can be a straight copy-n-paste from the site, which will perform the service advertisements.\u003c/li\u003e\n\u003cli\u003eThe final piece is just enabling specific services in /etc/rc.conf and either starting them by hand, or rebooting. At this point your OSX systems should be able to discover the new time-capsule provider on the network and DTRT.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/ocochard/netbenches\" rel=\"nofollow\"\u003enetbenches - FreeBSD network forwarding performance benchmark results\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOlivier Cochard-Labbé, original creator of FreeNAS, and leader of the BSD Router Project, has a github repo of network benchmarks\u003c/li\u003e\n\u003cli\u003eThere are many interesting results, and all of the scripts, documentation, and configuration files to run the tests yourself\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocochard/netbenches/tree/master/Atom_C2558_4Cores-Intel_i350/ipsec/results/fbsd12.projects-ipsec.equilibrium\" rel=\"nofollow\"\u003eIPSec Performance on an Atom C2558, 12-head vs IPSec Performance Branch \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eCompared to: \u003ca href=\"https://github.com/ocochard/netbenches/tree/2f3bb1b3c51e454736f1fcc650c3328071834f8d/Xeon_L5630-4Cores-Intel_82599EB/ipsec/results/fbsd11.0\" rel=\"nofollow\"\u003eXeon L5630 2.13GHz \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eand \u003ca href=\"https://github.com/ocochard/netbenches/tree/305235114ba8a3748ad9681c629333f87f82613a/Atom_C2558_4Cores-Intel_i350/ipsec.ah/results/fbsd12.projects-ipsec.equilibrium\" rel=\"nofollow\"\u003eIPSec with Authentication \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eI look forward to seeing tests on even more hardware, as people with access to different configurations try out these benchmarks\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://danielmiessler.com/study/tcpdump/\" rel=\"nofollow\"\u003eA tcpdump Tutorial and Primer with Examples\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMost users will be familiar with the basics of using tcpdump, but this tutorial/primer is likely to fill in a lot of blanks, and advance many users understanding of tcpdump\u003c/li\u003e\n\u003cli\u003e“tcpdump is the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Wireshark, but I believe this to usually be a mistake.”\u003c/li\u003e\n\u003cli\u003etcpdump is an important tool for any system or network administrator, it is not just for security. It is often the best way to figure out why the network is not behaving as expected.\u003c/li\u003e\n\u003cli\u003e“In a discipline so dependent on a true understanding of concepts vs. rote learning, it’s important to stay fluent in the underlying mechanics of the TCP/IP suite. A thorough grasp of these protocols allows one to troubleshoot at a level far beyond the average analyst, but mastery of the protocols is only possible through continued exposure to them.”\u003c/li\u003e\n\u003cli\u003eNot just that, but TCP/IP is a very interesting protocol, considering how little it has changed in its 40+ year history\u003c/li\u003e\n\u003cli\u003e“First off, I like to add a few options to the tcpdump command itself, depending on what I’m looking at. The first of these is -n, which requests that names are not resolved, resulting in the IPs themselves always being displayed. The second is -X, which displays both hex and ascii content within the packet.”\u003c/li\u003e\n\u003cli\u003e“It’s also important to note that tcpdump only takes the first 96 bytes of data from a packet by default. If you would like to look at more, add the -s number option to the mix, where number is the number of bytes you want to capture. I recommend using 0 (zero) for a snaplength, which gets everything.”\u003c/li\u003e\n\u003cli\u003eThe page has a nice table of the most useful options\u003c/li\u003e\n\u003cli\u003eIt also has a great primer on doing basic filtering\u003c/li\u003e\n\u003cli\u003eIf you are relatively new to using tcpdump, I highly recommend you spend a few minutes reading through this article\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://minnie.tuhs.org/pipermail/tuhs/2016-December/007519.html\" rel=\"nofollow\"\u003eHow Unix made it to the top\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDoug McIlroy gives us a nice background post on how “Unix made it to the top”\u003c/li\u003e\n\u003cli\u003eIt’s fairly short / concise, so I felt it would be good to read in its entirety. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“It has often been told how the Bell Labs law department became the first non-research department to use Unix, displacing a newly acquired stand-alone word-processing system that fell short of the department\u0026#39;s hopes because it couldn\u0026#39;t number the lines on patent applications, as USPTO required. When Joe Ossanna heard of this, he told them about roff and promised to give it line-numbering capability the next day. They tried it and were hooked. Patent secretaries became remote members of the fellowship of the Unix lab. In due time the law department got its own machine.\u003c/p\u003e\n\n\u003cp\u003eLess well known is how Unix made it into the head office of AT\u0026amp;T. It seems that the CEO, Charlie Brown, did not like to be seen wearing glasses when he read speeches. Somehow his PR assistant learned of the CAT phototypesetter in the Unix lab and asked whether it might be possible to use it to produce scripts in large type. Of course it was. As connections to the top never hurt, the CEO\u0026#39;s office was welcomed as another ouside user. The cost--occasionally having to develop film for the final copy of a speech--was not onerous.\u003c/p\u003e\n\n\u003cp\u003eHaving teethed on speeches, the head office realized that Unix could also be useful for things that didn\u0026#39;t need phototypesetting. Other documents began to accumulate in their directory. By the time we became aware of it, the hoard came to include minutes of AT\u0026amp;T board meetings. It didn\u0026#39;t seem like a very good idea for us to be keeping records from the inner sanctum of the corporation on a computer where most everybody had super-user privileges. A call to the PR guy convinced him of the wisdom of keeping such things on their own premises. And so the CEO\u0026#39;s office bought a Unix system.\u003c/p\u003e\n\n\u003cp\u003eJust as one hears of cars chosen for their cupholders, so were theseusers converted to Unix for trivial reasons: line numbers and vanity.“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://orkinos.cmpe.boun.edu.tr/%7Ekosar/odd.html\" rel=\"nofollow\"\u003eOdd Comments and Strange Doings in Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEverybody loves easter-eggs, and today we have some fun odd ones from the history throughout UNIX told by Dennis Ritchie.\u003c/li\u003e\n\u003cli\u003eFirst up, was a fun one where the “mv” command could sometimes print the following “values of b may give rise to dom!”\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Like most of the messages recorded in these compilations, this one was produced in some situation that we considered unlikely or as result of abuse; the details don\u0026#39;t matter. I\u0026#39;m recording why the phrase was selected.\u003c/p\u003e\n\n\u003cp\u003eThe very first use of Unix in the \u0026quot;real business\u0026quot; of Bell Labs was to type and produce patent applications, and for a while in the early 1970s we had three typists busily typing away in the grotty lab on the sixth floor. One day someone came in and observed on the paper sticking out of one of the Teletypes, displayed in magnificent isolation, this ominous phrase:    values of b may give rise to dom!\u003c/p\u003e\n\n\u003cp\u003eIt was of course obvious that the typist had interrupted a printout (generating the \u0026quot;!\u0026quot; from the ed editor) and moved up the paper, and that the context must have been something like \u0026quot;varying values of beta may give rise to domain wall movement\u0026quot; or some other fragment of a physically plausible patent application.But the phrase itself was just so striking! Utterly meaningless, but it looks like what... a warning? What is \u0026quot;dom?\u0026quot;\u003c/p\u003e\n\n\u003cp\u003eAt the same time, we were experimenting with text-to-voice software by Doug McIlroy and others, and of course the phrase was tried out with it. For whatever reason, its rendition of \u0026quot;give rise to dom!\u0026quot; accented the last word in a way that emphasized the phonetic similarity between \u0026quot;doom\u0026quot; and the first syllable of \u0026quot;dominance.\u0026quot; It pronounced \u0026quot;beta\u0026quot; in the British style, \u0026quot;beeta.\u0026quot; The entire occurrence became a small, shared treasure.The phrase had to be recorded somewhere, and it was, in the v6 source. Most likely it was Bob Morris who did the deed, but it could just as easily have been Ken. I hope that your browser reproduces the b as a Greek beta.“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext up is one you might have heard before: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e/* You are not expected to understand this */\u0026gt; Every now and then on Usenet or elsewhere I run across a reference to a certain comment in the source code of the Sixth \u003cbr\u003e\nEdition Unix operating system.\u003c/p\u003e\n\n\u003cp\u003eI\u0026#39;ve even been given two sweatshirts that quote it.\u003c/p\u003e\n\n\u003cp\u003eMost probably just heard about it, but those who saw it in the flesh either had Sixth Edition Unix (ca. 1975) or read the annotated version of this system by John Lions (which was republished in 1996: ISBN 1-57298-013-7, Peer-to-Peer Communications).It\u0026#39;s often quoted as a slur on the quantity or quality of the comments in the Bell Labs research releases of Unix. Not an unfair observation in general, I fear, but in this case unjustified. \u003c/p\u003e\n\n\u003cp\u003eSo we tried to explain what was going on. \u0026quot;You are not expected to understand this\u0026quot; was intended as a remark in the spirit of \u0026quot;This won\u0026#39;t be on the exam,\u0026quot; rather than as an impudent challenge. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere’s a few other interesting stories as well, if the odd/fun side of UNIX history at all interests you, I would recommend checking it out.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/ed_maste/status/811289279611682816\" rel=\"nofollow\"\u003eWith patches in review the #FreeBSD base system builds 100% reproducibly\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/news-and-events/call-for-papers/bsdcan-2017/\" rel=\"nofollow\"\u003eBSDCan 2017 Call for Participation\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/bartekrutkowski/iocell/releases\" rel=\"nofollow\"\u003eioCell 2.0 released \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/who-even-calls-link-ntoa\" rel=\"nofollow\"\u003ewho even calls link_ntoa?\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/pr1ntf/status/809528845673996288\" rel=\"nofollow\"\u003eBooting Androidx86 under bhyve\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/016BfvU9\" rel=\"nofollow\"\u003e Chris - VNET\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/8JJeHuRT\" rel=\"nofollow\"\u003e Brian - Package Base\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/VC0DPQUF\" rel=\"nofollow\"\u003e Wim - TrueOS Desktop All-n-one\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/q7pFu7pR\" rel=\"nofollow\"\u003e Daniel - Long Boots\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/xgUnbzr7\" rel=\"nofollow\"\u003e Bryan - ZFS / FreeNAS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/qqCvVTLB\" rel=\"nofollow\"\u003e Bryan - FreeNAS Security\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we’ve got some great stories to bring you, a look at the odder side of UNIX history","date_published":"2016-12-21T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2a58c833-1f45-4da6-a9b8-fe475b5f00ea.mp3","mime_type":"audio/mpeg","size_in_bytes":53736628,"duration_in_seconds":4478}]},{"id":"7b623fbf-836c-4ffe-964a-39163d4439b2","title":"172: A tale of BSD from yore","url":"https://www.bsdnow.tv/172","content_text":"This week on BSDNow, we have a very special guest joining us to tell us a tale of the early days in BSD history. That plus some new OpenSSH goodness, shell scripting utilities and much more. Stay tuned for your place to B...SD!\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\n\n\n\nHeadlines\n\nCall For Testing: OpenSSH 7.4 \n\n\nGetting ready to head into the holidays for for the end of 2016 means some of us will have spare time on our hands. What a perfect time to get some call for testing work done!\nDamien Miller has issued a public CFT for the upcoming OpenSSH 7.4 release, which considering how much we all rely on SSH I would expect will get some eager volunteers for testing.\nWhat are some of the potential breakers?\n\n\n\n“* This release removes server support for the SSH v.1 protocol.\n\n\nssh(1): Remove 3des-cbc from the client's default proposal. 64-bit\nblock ciphers are not safe in 2016 and we don't want to wait until\nattacks like SWEET32 are extended to SSH. As 3des-cbc was the\nonly mandatory cipher in the SSH RFCs, this may cause problems\nconnecting to older devices using the default configuration,\nbut it's highly likely that such devices already need explicit\nconfiguration for key exchange and hostkey algorithms already\nanyway.\nsshd(8): Remove support for pre-authentication compression.\nDoing compression early in the protocol probably seemed reasonable\nin the 1990s, but today it's clearly a bad idea in terms of both\ncryptography (cf. multiple compression oracle attacks in TLS) and\nattack surface. Pre-auth compression support has been disabled by\ndefault for \u0026gt;10 years. Support remains in the client.\nssh-agent will refuse to load PKCS#11 modules outside a whitelist\nof trusted paths by default. The path whitelist may be specified\nat run-time.\nsshd(8): When a forced-command appears in both a certificate and\nan authorized keys/principals command= restriction, sshd will now\nrefuse to accept the certificate unless they are identical.\nThe previous (documented) behaviour of having the certificate\nforced-command override the other could be a bit confusing and\nerror-prone.\nsshd(8): Remove the UseLogin configuration directive and support\nfor having /bin/login manage login sessions.“\n\n\n\n\nWhat about new features? 7.4 has some of those to wake you up also:\n\n\n\n“* ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the\n   version in PuTTY by Simon Tatham. This allows a multiplexing\n   client to communicate with the master process using a subset of\n   the SSH packet and channels protocol over a Unix-domain socket,\n   with the main process acting as a proxy that translates channel\n   IDs, etc.  This allows multiplexing mode to run on systems that\n   lack file- descriptor passing (used by current multiplexing\n   code) and potentially, in conjunction with Unix-domain socket\n   forwarding, with the client and multiplexing master process on\n   different machines. Multiplexing proxy mode may be invoked using\n   \"ssh -O proxy ...\"\n\n\nsshd(8): Add a sshd_config DisableForwaring option that disables\nX11, agent, TCP, tunnel and Unix domain socket forwarding, as well\nas anything else we might implement in the future. Like the\n'restrict' authorized_keys flag, this is intended to be a simple\nand future-proof way of restricting an account.\nsshd(8), ssh(1): Support the \"curve25519-sha256\" key exchange\nmethod. This is identical to the currently-support method named\n\"curve25519-sha256@libssh.org\".\nsshd(8): Improve handling of SIGHUP by checking to see if sshd is\nalready daemonised at startup and skipping the call to daemon(3)\nif it is. This ensures that a SIGHUP restart of sshd(8) will\nretain the same process-ID as the initial execution. sshd(8) will\nalso now unlink the PidFile prior to SIGHUP restart and re-create\nit after a successful restart, rather than leaving a stale file in\nthe case of a configuration error. bz#2641\nsshd(8): Allow ClientAliveInterval and ClientAliveCountMax\ndirectives to appear in sshd_config Match blocks.\nsshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match\nthose supported by AuthorizedKeysCommand (key, key type,\nfingerprint, etc.) and a few more to provide access to the\ncontents of the certificate being offered.\nAdded regression tests for string matching, address matching and\nstring sanitisation functions.\nImproved the key exchange fuzzer harness.“\n\n\n\n\nGet those tests done and be sure to send feedback, both positive and negative.\n***\n\n\nHow My Printer Caused Excessive Syscalls \u0026amp; UDP Traffic\n\n\n“3,000 syscalls a second, on an idle machine? That doesn’t seem right. I just booted this machine. The only processes running are those required to boot the SmartOS Global Zone, which is minimal.”\n\nThis is a story from 2014, about debugging a machine that was being slowed down by excessive syscalls and UDP traffic. It is also an excellent walkthrough of the basics of DTrace\n\n“Well, at least I have DTrace. I can use this one-liner to figure out what syscalls are being made across the entire system.”\n\ndtrace -n 'syscall:::entry { @[probefunc,probename] = count(); }'\n\n“Wow! That is a lot of lwp_sigmask calls. Now that I know what is being called, it’s time to find out who is doing the calling? I’ll use another one-liner to show me the most common user stacks invoking lwp_sigmask.”\n\ndtrace -n 'syscall::lwp_sigmask:entry { @[ustack()] = count(); }'\n\n“Okay, so this mdnsd code is causing all the trouble. What is the distribution of syscalls for the mdnsd program?”\n\ndtrace -n 'syscall:::entry /execname == \"mdnsd\"/ { @[probefunc] = count(); } tick-1s { exit(0); }'\n\n“Lots of signal masking and polling. What the hell! Why is it doing this? What is mdnsd anyways? Is there a man page? Googling for mdns reveals that it is used for resolving host names in small networks, like my home network. It uses UDP, and requires zero configuration. Nothing obvious to explain why it’s flipping out. I feel helpless. I turn to the only thing I can trust, the code.”\n\n“Woah boy, this is some messy looking code. This would not pass illumos cstyle checks. Turns out this is code from Darwin—the kernel of OSX.”\n\n“Hmmm…an idea pops into my computer animal brain. I wonder…I wonder if my MacBook is also experiencing abnormal syscall rates? Nooo, that can’t be it. Why would both my SmartOS server and MacBook both have the same problem? There is no good technical reason to link these two. But, then again, I’m dealing with computers here, and I’ve seen a lot of strange things over the years—I switch to my laptop.”\n\nsudo dtrace -n 'syscall::: { @[execname] = count(); } tick-1s { exit(0); }'\n\nSame thing, except mdns is called discoverd on OS X\n\n“I ask my friend Steve Vinoski to run the same DTrace one-liner on his OSX machines. He has both Yosemite and the older Mountain Lion. But, to my dismay, neither of his machines are exhibiting high syscall rates. My search continues.”\n\n“Not sure what to do next, I open the OSX Activity Monitor. In desperation I click on the Network tab.”\n\n“ HOLE—E—SHIT! Two-Hundred-and-Seventy Million packets received by discoveryd. Obviously, I need to stop looking at code and start looking at my network. I hop back onto my SmartOS machine and check network interface statistics.”\n\n“Whatever is causing all this, it is sending about 200 packets a second. At this point, the only thing left to do is actually inspect some of these incoming packets. I run snoop(1M) to collect events on the e1000g0 interface, stopping at about 600 events. Then I view the first 15.”\n\n“ A constant stream of mDNS packets arriving from IP 10.0.1.8. I know that this IP is not any of my computers. The only devices left are my iPhone, AppleTV, and Canon printer. Wait a minute! The printer! Two days earlier I heard some beeping noises…”\n\n“I own a Canon PIXMA MG6120 printer. It has a touch interface with a small LCD at the top, used to set various options. Since it sits next to my desk I sometimes lay things on top of it like a book or maybe a plate after I’m done eating. If I lay things in the wrong place it will activate the touch interface and cause repeated pressing. Each press makes a beeping noise. If the object lays there long enough the printer locks up and I have to reboot it. Just such events occurred two days earlier.”\n\n“I fire up dladm again to monitor incoming packets in realtime. Then I turn to the printer. I move all the crap off of it: two books, an empty plate, and the title for my Suzuki SV650 that I’ve been meaning to sell for the last year. I try to use the touch screen on top of the printer. It’s locked up, as expected. I cut power to the printer and whip my head back to my terminal.”\n\nNo more packet storm\n\n“Giddy, I run DTrace again to count syscalls.”\n\n“I’m not sure whether to laugh or cry. I laugh, because, LOL computers. There’s some new dumb shit you deal with everyday, better to roll with the punches and laugh. You live longer that way. At least I got to flex my DTrace muscles a bit. In fact, I felt a bit like Brendan Gregg when he was debugging why OSX was dropping keystrokes.”\n\n“I didn’t bother to root cause why my printer turned into a UDP machine gun. I don’t intend to either. I have better things to do, and if rebooting solves the problem then I’m happy. Besides, I had to get back to what I was trying to do six hours before I started debugging this damn thing.”\n\nThere you go. The Internet of Terror has already been on your LAN for years.\n\n\n\n\nMaking Getaddrinfo Concurrent in Python on Mac OS and BSD\n\n\nWe have a very fun blog post today to pass along originally authored by “A. Jesse Jiryu Davis”. Specifically the tale of one man’s quest to unify the Getaddrinfo in Python with Mac OS and BSD.\nTo give you a small taste of this tale, let us pass along just the introduction\n\n\n\n“Tell us about the time you made DNS resolution concurrent in Python on Mac and BSD.   No, no, you do not want to hear that story, my friends. It is nothing but old lore and #ifdefs.\n\nBut you made Python more scalable. The saga of Steve Jobs was sung to you by a mysterious wizard with a fanciful nickname! Tell us!\n\nGather round, then. I will tell you how I unearthed a lost secret, unbound Python from old shackles, and banished an ancient and horrible Mutex Troll. Let us begin at the beginning.“\n\n\n\nIs your interest piqued? It should be. I’m not sure we could do this blog post justice trying to read it aloud here, but definetly recommend if you want to see how he managed to get this bit of code working cross platform. (And it’s highly entertaining as well)\n\n\n\n“A long time ago, in the 1980s, a coven of Berkeley sorcerers crafted an operating system. They named it after themselves: the Berkeley Software Distribution, or BSD. For generations they nurtured it, growing it and adding features. One night, they conjured a powerful function that could resolve hostnames to IPv4 or IPv6 addresses. It was called getaddrinfo. The function was mighty, but in years to come it would grow dangerous, for the sorcerers had not made getaddrinfo thread-safe.”\n\n“As ages passed, BSD spawned many offspring. There were FreeBSD, OpenBSD, NetBSD, and in time, Mac OS X. Each made its copy of getaddrinfo thread safe, at different times and different ways. Some operating systems retained scribes who recorded these events in the annals. Some did not.”\n\n\n\nThe story continues as our hero battles the Mutex Troll and quests for ancient knowledge\n\n\n\n“Apple engineers are not like you and me — they are a shy and secretive folk. They publish only what code they must from Darwin. Their comings and goings are recorded in no bug tracker, their works in no changelog. To learn their secrets, one must delve deep.”\n\n“There is a tiny coven of NYC BSD users who meet at the tavern called Stone Creek, near my dwelling. They are aged and fierce, but I made the Sign of the Trident and supplicated them humbly for advice, and they were kindly to me.”\n\n\n\nSpoiler: “Without a word, the mercenary troll shouldered its axe and trudged off in search of other patrons on other platforms. Never again would it hold hostage the worthy smiths forging Python code on BSD.”\n***\n\n\nUsing release(7) to create FreeBSD images for OpenStack \n\n\nFollowing a recent episode where we covered a walk through on how to create FreeBSD guest OpenStack images, we wondered if it would be possible to integrate this process into the FreeBSD release(7) process, so they images could be generated consistently and automatically\nBeing the awesome audience that you are, one of you responded by doing exactly that\n\n\n\n“During a recent BSDNow podcast, Allan and Kris mentioned that it would be nice to have a tutorial on how to create a FreeBSD image for OpenStack using the official release(7) tools. With that, it came to me that: #1 I do have access to an OpenStack environment and #2 I am interested in having FreeBSD as a guest image in my environment. Looks like I was up for the challenge.”\n\n“Previously, I’ve had success running FreeBSD 11.0-RELEASE on OpenStack but more could/should be done. For instance, as suggested by Allan,  wouldn’t be nice to deploy the latest code from FreeBSD ? Running -STABLE or even -CURRENT ? Yes, it would. Also, wouldn’t it be nice to customize these images for a specific need? I’d say ‘Yes’ for that as well.”\n\n“After some research I found that the current openstack.conf file, located at /usr/src/release/tools/ could use some extra tweaks to get where I wanted. I’ve created and attached that to a bugzilla on the same topic. You can read about that here.”\n\n\n\nSteps:\n\n\nFetch the FreeBSD source code and extract it under /usr/src\nOnce the code is in place, follow the regular process of build(7) and perform a make buildworld buildkernel\nChange into the release directory (/usr/src/release) and perform a make cloudware\nmake cloudware-release WITH_CLOUDWARE=yes CLOUDWARE=OPENSTACK VMIMAGE=2G\n\n\n\n\n“That’s it! This will generate a qcow2 image with 1.4G in size and a raw image of 2G. The entire process uses the release(7) toolchain to generate the image and should work with newer versions of FreeBSD.”\n\n\nThe patch has already been committed to FreeBSD  \n***\n\n\n\nInterview - Rod Grimes - rgrimes@freebsd.org\n\n\nWant to help fund the development of GPU Passthru? Visit bhyve.org\n***\n\n\nNews Roundup\n\nConfiguring the FreeBSD automounter\n\n\nEver had to configure the FreeBSD auto-mounting daemon? Today we have a blog post that walks us through a few of the configuration knobs you have at your disposal.\nFirst up, Tom shows us his /etc/fstab file, and the various UFS partitions he has setup with the ‘noauto’ flag so they are not mounted at system boot.\nHis amd.conf file is pretty basic, with just options enabled to restart mounts, and unmount on exit.\nWhere most users will most likely want to pay attention is in the crafting of an amd.map file\nWithin this file, we have the various command-foo which performs mounts and unmounts of targeted disks / file-systems on demand.\nPay special attention to all the special chars, since those all matter and a stray or missing ; could be a source of failure.\nLastly a few knobs in rc.conf will enable the various services and a reboot should confirm the functionality.\n***\n\n\nl2k16 hackathon report: LibreSSL manuals now in mdoc(7)\n\n\nHackathon report by Ingo Schwarze\n\n\n\n“Back in the spring two years ago, Kristaps Dzonsons started the pod2mdoc(1) conversion utility, and less than a month later, the LibreSSL project began. During the general summer hackathon in the same year, g2k14, Anthony Bentley started using pod2mdoc(1) for converting LibreSSL manuals to mdoc(7).”\n\n“Back then, doing so still was a pain, because pod2mdoc(1) was still full of bugs and had gaping holes in functionality. For example, Anthony was forced to basically translate the SYNOPSIS sections by hand, and to fix up .Fn and .Xr in the body by hand as well. All the same, he speedily finished all of libssl, and in the autumn of the same year, he mustered the courage to commit his work.”\n\n“Near the end of the following winter, i improved the pod2mdoc(1) tool to actually become convenient in practice and started work on libcrypto, converting about 50 out of the about 190 manuals. Max Fillinger also helped a bit, converting a handful of pages, but i fear i tarried too much checking and committing his work, so he quickly gave up on the task. After that, almost nothing happened for a full year.”\n\n“Now i was finally fed up with the messy situation and decided to put an end to it. So i went to Toulouse and finished the conversion of the remaining 130 manual pages in libcrypto, such that you can now view the documentation of all functions”\n\n\n\n\nInteractive Terminal Utility: smenu\n\n\nOk, I’ve made no secret of my love for shell scripting. Well today we have a new (somewhat new to us) tool to bring your way.\nHave you ever needed to deal with large lists of data, perhaps as the result of a long specially crafted pipe?\nWhat if you need to select a specific value from a range and then continue processing?\nEnter ‘smenu’ which can help make your scripting life easier.\n\n\n\n“smenu is a selection filter just like sed is an editing filter.\n\nThis simple tool reads words from the standard input, presents them in a cool interactive window after the current line on the terminal and writes the selected word, if any, on the standard output.\n\nAfter having unsuccessfully searched the NET for what I wanted, I decided to try to write my own.\n\nI have tried hard to made its usage as simple as possible. It should work, even when using an old vt100 terminal and is UTF-8 aware.“\n\n\n\nWhat this means, is in your interactive scripts, you can much easier present the user with a cursor driven menu to select from a range of possible choices. (Without needing to craft a bunch of dialog flags)\nTake a look, and hopefully you’ll be able to find creative uses for your shell scripts in the future.\n***\n\n\nUbuntu still isn't free software\n\n\n“Any redistribution of modified versions of Ubuntu must be approved, certified or provided by Canonical if you are going to associate it with the Trademarks. Otherwise you must remove and replace the Trademarks and will need to recompile the source code to create your own binaries. This does not affect your rights under any open source licence applicable to any of the components of Ubuntu. If you need us to approve, certify or provide modified versions for redistribution you will require a licence agreement from Canonical, for which you may be required to pay. For further information, please contact us”\n\n“Mark Shuttleworth just blogged about their stance against unofficial Ubuntu images. The assertion is that a cloud hoster is providing unofficial and modified Ubuntu images, and that these images are meaningfully different from upstream Ubuntu in terms of their functionality and security. Users are attempting to make use of these images, are finding that they don't work properly and are assuming that Ubuntu is a shoddy product. This is an entirely legitimate concern, and if Canonical are acting to reduce user confusion then they should be commended for that.”\n\n“The appropriate means to handle this kind of issue is trademark law. If someone claims that something is Ubuntu when it isn't, that's probably an infringement of the trademark and it's entirely reasonable for the trademark owner to take action to protect the value associated with their trademark. But Canonical's IP policy goes much further than that - it can be interpreted as meaning[1] that you can't distribute works based on Ubuntu without paying Canonical for the privilege, even if you call it something other than Ubuntu. [1]: And by \"interpreted as meaning\" I mean that's what it says and Canonical refuse to say otherwise”\n\n“If you ask a copyright holder if you can give a copy of their work to someone else (assuming it doesn't infringe trademark law), and they say no or insist you need an additional contract, it's not free software. If they insist that you recompile source code before you can give copies to someone else, it's not free software. Asking that you remove trademarks that would otherwise infringe trademark law is fine, but if you can't use their trademarks in non-infringing ways, that's still not free software.”\n\n“Canonical's IP policy continues to impose restrictions on all of these things, and therefore Ubuntu is not free software.”\n\n\n\n\nBeastie Bits\n\n\nOPNsense 16.7.10 released\nOpenBSD Foundation Welcomes First Iridium Donor: Smartisan\nJan Koum donates $500,000 to FreeBSD \nThe Soviet Russia, BSD makes you\n\n\n\n\nFeedback/Questions\n\n\n Jason - Value \n Hamza - Shell Scripting \n\n\nBlog link\n\n Dave - Migrating to FreeBSD \n Dan - Which BSD? \n Zach - AMD Video \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we have a very special guest joining us to tell us a tale of the early days in BSD history. That plus some new OpenSSH goodness, shell scripting utilities and much more. Stay tuned for your place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openssh-unix-dev\u0026m=148167688911316\u0026w=2\" rel=\"nofollow\"\u003eCall For Testing: OpenSSH 7.4 \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGetting ready to head into the holidays for for the end of 2016 means some of us will have spare time on our hands. What a perfect time to get some call for testing work done!\u003c/li\u003e\n\u003cli\u003eDamien Miller has issued a public CFT for the upcoming OpenSSH 7.4 release, which considering how much we all rely on SSH I would expect will get some eager volunteers for testing.\u003c/li\u003e\n\u003cli\u003eWhat are some of the potential breakers?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“* This release removes server support for the SSH v.1 protocol.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003essh(1): Remove 3des-cbc from the client\u0026#39;s default proposal. 64-bit\u003cbr\u003e\nblock ciphers are not safe in 2016 and we don\u0026#39;t want to wait until\u003cbr\u003e\nattacks like SWEET32 are extended to SSH. As 3des-cbc was the\u003cbr\u003e\nonly mandatory cipher in the SSH RFCs, this may cause problems\u003cbr\u003e\nconnecting to older devices using the default configuration,\u003cbr\u003e\nbut it\u0026#39;s highly likely that such devices already need explicit\u003cbr\u003e\nconfiguration for key exchange and hostkey algorithms already\u003cbr\u003e\nanyway.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esshd(8): Remove support for pre-authentication compression.\u003cbr\u003e\nDoing compression early in the protocol probably seemed reasonable\u003cbr\u003e\nin the 1990s, but today it\u0026#39;s clearly a bad idea in terms of both\u003cbr\u003e\ncryptography (cf. multiple compression oracle attacks in TLS) and\u003cbr\u003e\nattack surface. Pre-auth compression support has been disabled by\u003cbr\u003e\ndefault for \u0026gt;10 years. Support remains in the client.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003essh-agent will refuse to load PKCS#11 modules outside a whitelist\u003cbr\u003e\nof trusted paths by default. The path whitelist may be specified\u003cbr\u003e\nat run-time.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esshd(8): When a forced-command appears in both a certificate and\u003cbr\u003e\nan authorized keys/principals command= restriction, sshd will now\u003cbr\u003e\nrefuse to accept the certificate unless they are identical.\u003cbr\u003e\nThe previous (documented) behaviour of having the certificate\u003cbr\u003e\nforced-command override the other could be a bit confusing and\u003cbr\u003e\nerror-prone.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esshd(8): Remove the UseLogin configuration directive and support\u003cbr\u003e\nfor having /bin/login manage login sessions.“\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat about new features? 7.4 has some of those to wake you up also:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“* ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the\u003cbr\u003e\n   version in PuTTY by Simon Tatham. This allows a multiplexing\u003cbr\u003e\n   client to communicate with the master process using a subset of\u003cbr\u003e\n   the SSH packet and channels protocol over a Unix-domain socket,\u003cbr\u003e\n   with the main process acting as a proxy that translates channel\u003cbr\u003e\n   IDs, etc.  This allows multiplexing mode to run on systems that\u003cbr\u003e\n   lack file- descriptor passing (used by current multiplexing\u003cbr\u003e\n   code) and potentially, in conjunction with Unix-domain socket\u003cbr\u003e\n   forwarding, with the client and multiplexing master process on\u003cbr\u003e\n   different machines. Multiplexing proxy mode may be invoked using\u003cbr\u003e\n   \u0026quot;ssh -O proxy ...\u0026quot;\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003esshd(8): Add a sshd_config DisableForwaring option that disables\u003cbr\u003e\nX11, agent, TCP, tunnel and Unix domain socket forwarding, as well\u003cbr\u003e\nas anything else we might implement in the future. Like the\u003cbr\u003e\n\u0026#39;restrict\u0026#39; authorized_keys flag, this is intended to be a simple\u003cbr\u003e\nand future-proof way of restricting an account.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esshd(8), ssh(1): Support the \u0026quot;curve25519-sha256\u0026quot; key exchange\u003cbr\u003e\nmethod. This is identical to the currently-support method named\u003cbr\u003e\n\u0026quot;\u003ca href=\"mailto:curve25519-sha256@libssh.org\" rel=\"nofollow\"\u003ecurve25519-sha256@libssh.org\u003c/a\u003e\u0026quot;.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esshd(8): Improve handling of SIGHUP by checking to see if sshd is\u003cbr\u003e\nalready daemonised at startup and skipping the call to daemon(3)\u003cbr\u003e\nif it is. This ensures that a SIGHUP restart of sshd(8) will\u003cbr\u003e\nretain the same process-ID as the initial execution. sshd(8) will\u003cbr\u003e\nalso now unlink the PidFile prior to SIGHUP restart and re-create\u003cbr\u003e\nit after a successful restart, rather than leaving a stale file in\u003cbr\u003e\nthe case of a configuration error. bz#2641\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esshd(8): Allow ClientAliveInterval and ClientAliveCountMax\u003cbr\u003e\ndirectives to appear in sshd_config Match blocks.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003esshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match\u003cbr\u003e\nthose supported by AuthorizedKeysCommand (key, key type,\u003cbr\u003e\nfingerprint, etc.) and a few more to provide access to the\u003cbr\u003e\ncontents of the certificate being offered.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAdded regression tests for string matching, address matching and\u003cbr\u003e\nstring sanitisation functions.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eImproved the key exchange fuzzer harness.“\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGet those tests done and be sure to send feedback, both positive and negative.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://zinascii.com/2014/how-my-printer-caused-excessive-syscalls.html\" rel=\"nofollow\"\u003eHow My Printer Caused Excessive Syscalls \u0026amp; UDP Traffic\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“3,000 syscalls a second, on an idle machine? That doesn’t seem right. I just booted this machine. The only processes running are those required to boot the SmartOS Global Zone, which is minimal.”\u003c/p\u003e\n\n\u003cp\u003eThis is a story from 2014, about debugging a machine that was being slowed down by excessive syscalls and UDP traffic. It is also an excellent walkthrough of the basics of DTrace\u003c/p\u003e\n\n\u003cp\u003e“Well, at least I have DTrace. I can use this one-liner to figure out what syscalls are being made across the entire system.”\u003c/p\u003e\n\n\u003cp\u003edtrace -n \u0026#39;syscall:::entry { @[probefunc,probename] = count(); }\u0026#39;\u003c/p\u003e\n\n\u003cp\u003e“Wow! That is a lot of lwp_sigmask calls. Now that I know what is being called, it’s time to find out who is doing the calling? I’ll use another one-liner to show me the most common user stacks invoking lwp_sigmask.”\u003c/p\u003e\n\n\u003cp\u003edtrace -n \u0026#39;syscall::lwp_sigmask:entry { @[ustack()] = count(); }\u0026#39;\u003c/p\u003e\n\n\u003cp\u003e“Okay, so this mdnsd code is causing all the trouble. What is the distribution of syscalls for the mdnsd program?”\u003c/p\u003e\n\n\u003cp\u003edtrace -n \u0026#39;syscall:::entry /execname == \u0026quot;mdnsd\u0026quot;/ { @[probefunc] = count(); } tick-1s { exit(0); }\u0026#39;\u003c/p\u003e\n\n\u003cp\u003e“Lots of signal masking and polling. What the hell! Why is it doing this? What is mdnsd anyways? Is there a man page? Googling for mdns reveals that it is used for resolving host names in small networks, like my home network. It uses UDP, and requires zero configuration. Nothing obvious to explain why it’s flipping out. I feel helpless. I turn to the only thing I can trust, the code.”\u003c/p\u003e\n\n\u003cp\u003e“Woah boy, this is some messy looking code. This would not pass illumos cstyle checks. Turns out this is code from Darwin—the kernel of OSX.”\u003c/p\u003e\n\n\u003cp\u003e“Hmmm…an idea pops into my computer animal brain. I wonder…I wonder if my MacBook is also experiencing abnormal syscall rates? Nooo, that can’t be it. Why would both my SmartOS server and MacBook both have the same problem? There is no good technical reason to link these two. But, then again, I’m dealing with computers here, and I’ve seen a lot of strange things over the years—I switch to my laptop.”\u003c/p\u003e\n\n\u003cp\u003esudo dtrace -n \u0026#39;syscall::: { @[execname] = count(); } tick-1s { exit(0); }\u0026#39;\u003c/p\u003e\n\n\u003cp\u003eSame thing, except mdns is called discoverd on OS X\u003c/p\u003e\n\n\u003cp\u003e“I ask my friend Steve Vinoski to run the same DTrace one-liner on his OSX machines. He has both Yosemite and the older Mountain Lion. But, to my dismay, neither of his machines are exhibiting high syscall rates. My search continues.”\u003c/p\u003e\n\n\u003cp\u003e“Not sure what to do next, I open the OSX Activity Monitor. In desperation I click on the Network tab.”\u003c/p\u003e\n\n\u003cp\u003e“ HOLE—E—SHIT! Two-Hundred-and-Seventy Million packets received by discoveryd. Obviously, I need to stop looking at code and start looking at my network. I hop back onto my SmartOS machine and check network interface statistics.”\u003c/p\u003e\n\n\u003cp\u003e“Whatever is causing all this, it is sending about 200 packets a second. At this point, the only thing left to do is actually inspect some of these incoming packets. I run snoop(1M) to collect events on the e1000g0 interface, stopping at about 600 events. Then I view the first 15.”\u003c/p\u003e\n\n\u003cp\u003e“ A constant stream of mDNS packets arriving from IP 10.0.1.8. I know that this IP is not any of my computers. The only devices left are my iPhone, AppleTV, and Canon printer. Wait a minute! The printer! Two days earlier I heard some beeping noises…”\u003c/p\u003e\n\n\u003cp\u003e“I own a Canon PIXMA MG6120 printer. It has a touch interface with a small LCD at the top, used to set various options. Since it sits next to my desk I sometimes lay things on top of it like a book or maybe a plate after I’m done eating. If I lay things in the wrong place it will activate the touch interface and cause repeated pressing. Each press makes a beeping noise. If the object lays there long enough the printer locks up and I have to reboot it. Just such events occurred two days earlier.”\u003c/p\u003e\n\n\u003cp\u003e“I fire up dladm again to monitor incoming packets in realtime. Then I turn to the printer. I move all the crap off of it: two books, an empty plate, and the title for my Suzuki SV650 that I’ve been meaning to sell for the last year. I try to use the touch screen on top of the printer. It’s locked up, as expected. I cut power to the printer and whip my head back to my terminal.”\u003c/p\u003e\n\n\u003cp\u003eNo more packet storm\u003c/p\u003e\n\n\u003cp\u003e“Giddy, I run DTrace again to count syscalls.”\u003c/p\u003e\n\n\u003cp\u003e“I’m not sure whether to laugh or cry. I laugh, because, LOL computers. There’s some new dumb shit you deal with everyday, better to roll with the punches and laugh. You live longer that way. At least I got to flex my DTrace muscles a bit. In fact, I felt a bit like Brendan Gregg when he was debugging why OSX was dropping keystrokes.”\u003c/p\u003e\n\n\u003cp\u003e“I didn’t bother to root cause why my printer turned into a UDP machine gun. I don’t intend to either. I have better things to do, and if rebooting solves the problem then I’m happy. Besides, I had to get back to what I was trying to do six hours before I started debugging this damn thing.”\u003c/p\u003e\n\n\u003cp\u003eThere you go. The Internet of Terror has already been on your LAN for years.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://emptysqua.re/blog/getaddrinfo-cpython-mac-and-bsd/\" rel=\"nofollow\"\u003eMaking Getaddrinfo Concurrent in Python on Mac OS and BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a very fun blog post today to pass along originally authored by “A. Jesse Jiryu Davis”. Specifically the tale of one man’s quest to unify the Getaddrinfo in Python with Mac OS and BSD.\u003c/li\u003e\n\u003cli\u003eTo give you a small taste of this tale, let us pass along just the introduction\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Tell us about the time you made DNS resolution concurrent in Python on Mac and BSD.   No, no, you do not want to hear that story, my friends. It is nothing but old lore and #ifdefs.\u003c/p\u003e\n\n\u003cp\u003eBut you made Python more scalable. The saga of Steve Jobs was sung to you by a mysterious wizard with a fanciful nickname! Tell us!\u003c/p\u003e\n\n\u003cp\u003eGather round, then. I will tell you how I unearthed a lost secret, unbound Python from old shackles, and banished an ancient and horrible Mutex Troll. Let us begin at the beginning.“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIs your interest piqued? It should be. I’m not sure we could do this blog post justice trying to read it aloud here, but definetly recommend if you want to see how he managed to get this bit of code working cross platform. (And it’s highly entertaining as well)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“A long time ago, in the 1980s, a coven of Berkeley sorcerers crafted an operating system. They named it after themselves: the Berkeley Software Distribution, or BSD. For generations they nurtured it, growing it and adding features. One night, they conjured a powerful function that could resolve hostnames to IPv4 or IPv6 addresses. It was called getaddrinfo. The function was mighty, but in years to come it would grow dangerous, for the sorcerers had not made getaddrinfo thread-safe.”\u003c/p\u003e\n\n\u003cp\u003e“As ages passed, BSD spawned many offspring. There were FreeBSD, OpenBSD, NetBSD, and in time, Mac OS X. Each made its copy of getaddrinfo thread safe, at different times and different ways. Some operating systems retained scribes who recorded these events in the annals. Some did not.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe story continues as our hero battles the Mutex Troll and quests for ancient knowledge\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Apple engineers are not like you and me — they are a shy and secretive folk. They publish only what code they must from Darwin. Their comings and goings are recorded in no bug tracker, their works in no changelog. To learn their secrets, one must delve deep.”\u003c/p\u003e\n\n\u003cp\u003e“There is a tiny coven of NYC BSD users who meet at the tavern called Stone Creek, near my dwelling. They are aged and fierce, but I made the Sign of the Trident and supplicated them humbly for advice, and they were kindly to me.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpoiler: “Without a word, the mercenary troll shouldered its axe and trudged off in search of other patrons on other platforms. Never again would it hold hostage the worthy smiths forging Python code on BSD.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://diegocasati.com/2016/12/13/using-release7-to-create-freebsd-images-for-openstack-yes-you-can-do-it/\" rel=\"nofollow\"\u003eUsing release(7) to create FreeBSD images for OpenStack \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollowing a recent episode where we covered a walk through on how to create FreeBSD guest OpenStack images, we wondered if it would be possible to integrate this process into the FreeBSD release(7) process, so they images could be generated consistently and automatically\u003c/li\u003e\n\u003cli\u003eBeing the awesome audience that you are, one of you responded by doing exactly that\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“During a recent BSDNow podcast, Allan and Kris mentioned that it would be nice to have a tutorial on how to create a FreeBSD image for OpenStack using the official release(7) tools. With that, it came to me that: #1 I do have access to an OpenStack environment and #2 I am interested in having FreeBSD as a guest image in my environment. Looks like I was up for the challenge.”\u003c/p\u003e\n\n\u003cp\u003e“Previously, I’ve had success running FreeBSD 11.0-RELEASE on OpenStack but more could/should be done. For instance, as suggested by Allan,  wouldn’t be nice to deploy the latest code from FreeBSD ? Running -STABLE or even -CURRENT ? Yes, it would. Also, wouldn’t it be nice to customize these images for a specific need? I’d say ‘Yes’ for that as well.”\u003c/p\u003e\n\n\u003cp\u003e“After some research I found that the current openstack.conf file, located at /usr/src/release/tools/ could use some extra tweaks to get where I wanted. I’ve created and attached that to a bugzilla on the same topic. You can read about that \u003ca href=\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213396\" rel=\"nofollow\"\u003ehere\u003c/a\u003e.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSteps:\n\n\u003cul\u003e\n\u003cli\u003eFetch the FreeBSD source code and extract it under /usr/src\u003c/li\u003e\n\u003cli\u003eOnce the code is in place, follow the regular process of build(7) and perform a \u003ccode\u003emake buildworld buildkernel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange into the release directory (/usr/src/release) and perform a make cloudware\u003c/li\u003e\n\u003cli\u003emake cloudware-release WITH_CLOUDWARE=yes CLOUDWARE=OPENSTACK VMIMAGE=2G\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“That’s it! This will generate a qcow2 image with 1.4G in size and a raw image of 2G. The entire process uses the release(7) toolchain to generate the image and should work with newer versions of FreeBSD.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe patch has already been \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=310047\" rel=\"nofollow\"\u003ecommitted to FreeBSD \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eInterview - Rod Grimes - \u003ca href=\"mailto:rgrimes@freebsd.org\" rel=\"nofollow\"\u003ergrimes@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eWant to help fund the development of GPU Passthru? \u003ca href=\"http://bhyve.org/\" rel=\"nofollow\"\u003eVisit bhyve.org\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.khubla.com/freebsd/configuring-the-freebsd-automounter\" rel=\"nofollow\"\u003eConfiguring the FreeBSD automounter\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEver had to configure the FreeBSD auto-mounting daemon? Today we have a blog post that walks us through a few of the configuration knobs you have at your disposal.\u003c/li\u003e\n\u003cli\u003eFirst up, Tom shows us his /etc/fstab file, and the various UFS partitions he has setup with the ‘noauto’ flag so they are not mounted at system boot.\u003c/li\u003e\n\u003cli\u003eHis amd.conf file is pretty basic, with just options enabled to restart mounts, and unmount on exit.\u003c/li\u003e\n\u003cli\u003eWhere most users will most likely want to pay attention is in the crafting of an amd.map file\u003c/li\u003e\n\u003cli\u003eWithin this file, we have the various command-foo which performs mounts and unmounts of targeted disks / file-systems on demand.\u003c/li\u003e\n\u003cli\u003ePay special attention to all the special chars, since those all matter and a stray or missing ; could be a source of failure.\u003c/li\u003e\n\u003cli\u003eLastly a few knobs in rc.conf will enable the various services and a reboot should confirm the functionality.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20161114174451\" rel=\"nofollow\"\u003el2k16 hackathon report: LibreSSL manuals now in mdoc(7)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHackathon report by Ingo Schwarze\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Back in the spring two years ago, Kristaps Dzonsons started the pod2mdoc(1) conversion utility, and less than a month later, the LibreSSL project began. During the general summer hackathon in the same year, g2k14, Anthony Bentley started using pod2mdoc(1) for converting LibreSSL manuals to mdoc(7).”\u003c/p\u003e\n\n\u003cp\u003e“Back then, doing so still was a pain, because pod2mdoc(1) was still full of bugs and had gaping holes in functionality. For example, Anthony was forced to basically translate the SYNOPSIS sections by hand, and to fix up .Fn and .Xr in the body by hand as well. All the same, he speedily finished all of libssl, and in the autumn of the same year, he mustered the courage to commit his work.”\u003c/p\u003e\n\n\u003cp\u003e“Near the end of the following winter, i improved the pod2mdoc(1) tool to actually become convenient in practice and started work on libcrypto, converting about 50 out of the about 190 manuals. Max Fillinger also helped a bit, converting a handful of pages, but i fear i tarried too much checking and committing his work, so he quickly gave up on the task. After that, almost nothing happened for a full year.”\u003c/p\u003e\n\n\u003cp\u003e“Now i was finally fed up with the messy situation and decided to put an end to it. So i went to Toulouse and finished the conversion of the remaining 130 manual pages in libcrypto, such that you can now view the documentation of all functions”\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/p-gen/smenu\" rel=\"nofollow\"\u003eInteractive Terminal Utility: smenu\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOk, I’ve made no secret of my love for shell scripting. Well today we have a new (somewhat new to us) tool to bring your way.\u003c/li\u003e\n\u003cli\u003eHave you ever needed to deal with large lists of data, perhaps as the result of a long specially crafted pipe?\u003c/li\u003e\n\u003cli\u003eWhat if you need to select a specific value from a range and then continue processing?\u003c/li\u003e\n\u003cli\u003eEnter ‘smenu’ which can help make your scripting life easier.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“smenu is a selection filter just like sed is an editing filter.\u003c/p\u003e\n\n\u003cp\u003eThis simple tool reads words from the standard input, presents them in a cool interactive window after the current line on the terminal and writes the selected word, if any, on the standard output.\u003c/p\u003e\n\n\u003cp\u003eAfter having unsuccessfully searched the NET for what I wanted, I decided to try to write my own.\u003c/p\u003e\n\n\u003cp\u003eI have tried hard to made its usage as simple as possible. It should work, even when using an old vt100 terminal and is UTF-8 aware.“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat this means, is in your interactive scripts, you can much easier present the user with a cursor driven menu to select from a range of possible choices. (Without needing to craft a bunch of dialog flags)\u003c/li\u003e\n\u003cli\u003eTake a look, and hopefully you’ll be able to find creative uses for your shell scripts in the future.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mjg59.dreamwidth.org/45939.html\" rel=\"nofollow\"\u003eUbuntu still isn\u0026#39;t free software\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Any redistribution of modified versions of Ubuntu must be approved, certified or provided by Canonical if you are going to associate it with the Trademarks. Otherwise you must remove and replace the Trademarks and will need to recompile the source code to create your own binaries. This does not affect your rights under any open source licence applicable to any of the components of Ubuntu. If you need us to approve, certify or provide modified versions for redistribution you will require a licence agreement from Canonical, for which you may be required to pay. For further information, please contact us”\u003c/p\u003e\n\n\u003cp\u003e“Mark Shuttleworth \u003ca href=\"http://insights.ubuntu.com/2016/12/01/taking-a-stand-against-unstable-risky-unofficial-ubuntu-images/\" rel=\"nofollow\"\u003ejust blogged\u003c/a\u003e about their stance against unofficial Ubuntu images. The assertion is that a cloud hoster is providing unofficial and modified Ubuntu images, and that these images are meaningfully different from upstream Ubuntu in terms of their functionality and security. Users are attempting to make use of these images, are finding that they don\u0026#39;t work properly and are assuming that Ubuntu is a shoddy product. This is an entirely legitimate concern, and if Canonical are acting to reduce user confusion then they should be commended for that.”\u003c/p\u003e\n\n\u003cp\u003e“The appropriate means to handle this kind of issue is trademark law. If someone claims that something is Ubuntu when it isn\u0026#39;t, that\u0026#39;s probably an infringement of the trademark and it\u0026#39;s entirely reasonable for the trademark owner to take action to protect the value associated with their trademark. But Canonical\u0026#39;s IP policy goes much further than that - it can be interpreted as meaning[1] that you can\u0026#39;t distribute works based on Ubuntu without paying Canonical for the privilege, even if you call it something other than Ubuntu. [1]: And by \u0026quot;interpreted as meaning\u0026quot; I mean that\u0026#39;s what it says and Canonical refuse to say otherwise”\u003c/p\u003e\n\n\u003cp\u003e“If you ask a copyright holder if you can give a copy of their work to someone else (assuming it doesn\u0026#39;t infringe trademark law), and they say no or insist you need an additional contract, it\u0026#39;s not free software. If they insist that you recompile source code before you can give copies to someone else, it\u0026#39;s not free software. Asking that you remove trademarks that would otherwise infringe trademark law is fine, but if you can\u0026#39;t use their trademarks in non-infringing ways, that\u0026#39;s still not free software.”\u003c/p\u003e\n\n\u003cp\u003e“Canonical\u0026#39;s IP policy continues to impose restrictions on all of these things, and therefore Ubuntu is not free software.”\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://opnsense.org/opnsense-16-7-10-released/\" rel=\"nofollow\"\u003eOPNsense 16.7.10 released\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20161123193708\u0026mode=expanded\u0026count=8\" rel=\"nofollow\"\u003eOpenBSD Foundation Welcomes First Iridium Donor: Smartisan\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/foundation-announces-new-uranium-donor/\" rel=\"nofollow\"\u003eJan Koum donates $500,000 to FreeBSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://en.wikipedia.org/wiki/DEMOS\" rel=\"nofollow\"\u003eThe Soviet Russia, BSD makes you\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/gRN4Lzy8\" rel=\"nofollow\"\u003e Jason - Value\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/GZYjRmSR\" rel=\"nofollow\"\u003e Hamza - Shell Scripting\u003c/a\u003e \n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://aikchar.me/blog/unix-shell-programming-lessons-learned.html\" rel=\"nofollow\"\u003eBlog link\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/hEBu3Drp\" rel=\"nofollow\"\u003e Dave - Migrating to FreeBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/1HpKqCSt\" rel=\"nofollow\"\u003e Dan - Which BSD?\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/4Aj5ebns\" rel=\"nofollow\"\u003e Zach - AMD Video\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we have a very special guest joining us to tell us a tale of the early days in BSD history. That plus some new OpenSSH goodness, shell scripting utilities and much more. Stay tuned for your place to B...SD!","date_published":"2016-12-14T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7b623fbf-836c-4ffe-964a-39163d4439b2.mp3","mime_type":"audio/mpeg","size_in_bytes":64918516,"duration_in_seconds":5409}]},{"id":"a62aa20a-ad86-4e21-b547-cd53c38c6b46","title":"171: The APU - BSD Style!","url":"https://www.bsdnow.tv/171","content_text":"Today on the show, we’ve got a look at running OpenBSD on a APU, some BSD in your Android, managing your own FreeBSD cloud service with ansible and much more. Keep it turned on your place to B...SD!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD on PC Engines APU2\n\n\nA detailed walkthrough of building an OpenBSD firewall on a PC Engines APU2\nIt starts with a breakdown of the parts that were purchases, totally around $200\nThen the reader is walked through configuring the serial console, flashing the ROM, and updating the BIOS\nThe next step is actually creating a custom OpenBSD install image, and pre-configuring its serial console. Starting with OpenBSD 6.0, this step is done automatically by the installer\nInstallation:\n\n\nPower off the APU2\nInsert the bootable OpenBSD installer USB flash drive to one of the USB slots on the APU2\nPower on the APU2, press F10 to get to the boot menu, and choose to boot from USB (usually option number 1)\nAt the boot\u0026gt; prompt, remember the serial console settings (see above)\nAlso at the boot\u0026gt; prompt, press Enter to start the installer\nFollow the installation instructions\n\n\n\n\nThe driver used for wireless networking is athn(4). It might not work properly out of the box. Once OpenBSD is installed, run fw_update with no arguments. It will figure out which firmware updates are required and will download and install them. When it finishes, reboot.\n\n\n\n\nWhere the rubber meets the road… (part one)\n\n\nA user describes their adventures installing OpenBSD and Arch Linux on a new Lenovo X1 Carbon (4th gen, skylake)\nThey also detail why they moved away from their beloved Macbook, which while long, does describe a journey away from Apple that we’ve heard elsewhere.\nThe journey begins with getting a new Windows laptop, shrinking the partition and creating space for a triple-boot install, of Windows / Arch / OpenBSD\nBrian then details how he setup the partitioning and performed the initial Arch installation, getting it tuned to his specifications.\nNext up was OpenBSD though, and that went sideways initially due to a new NVMe drive that wasn’t fully supported (yet)\nThe article is split into two parts (we will bring you the next installment at a future date), but he leaves us with the plan of attack to build a custom OpenBSD kernel with corrected PCI device identifiers.\nWe wish Brian luck, and look forward to the “rest of the story” soon.\n***\n\n\nHowto setup a FreeBSD jail server using iocage and ansible.\n\n\nSetting up a FreeBSD jail server can be a daunting task. However when a guide comes along which shows you how to do that, including not exposing a single (non-jailed) port to the outside world, you know we had a take a closer look.\nThis guide comes to us from GitHub, courtesy of Joerg Fielder. \nThe project goals seem notable:\nAnsible playbook that creates a FreeBSD server which hosts multiple jails.\n\n\nTravis is used to run/test the playbook.\nNo service on the host is exposed externally.\nAll external connections terminate within a jail.\nRoles can be reused using Ansible Galaxy.\nCombine any of those roles to create FreeBSD server, which perfectly suits you.\n\nTo get started, you’ll need a machine with Ansible, Vagrant and VirtualBox, and your credentials to AWS if you want it to automatically create / destroy EC2 instances.\nThere’s already an impressive list of Anisible roles created for you to start with:\n\n\nfreebsd-build-server - Creates a FreeBSD poudriere build server\nfreebsd-jail-host - FreeBSD Jail host\nfreebsd-jailed - Provides a jail\nfreebsd-jailed-nginx - Provides a jailed nginx server\nfreebsd-jailed-php-fpm - Creates a php-fpm pool and a ZFS dataset which is used as web root by php-fpm\nfreebsd-jailed-sftp - Installs a SFTP server\nfreebsd-jailed-sshd - Provides a jailed sshd server.\nfreebsd-jailed-syslogd - Provides a jailed syslogd\nfreebsd-jailed-btsync - Provides a jailed btsync instance server\nfreebsd-jailed-joomla - Installs Joomla\nfreebsd-jailed-mariadb - Provides a jailed MariaDB server\nfreebsd-jailed-wordpress - Provides a jailed Wordpress server.\n\nSince the machines have to be customized before starting, he mentions that cloud-init is used to do the following:\nactivate pf firewall\nadd a pass all keep state rule to pf to keep track of connection states, which in turn allows you to reload the pf service without losing the connection\ninstall the following packages:\n\n\nsudo\nbash\npython27\n\nallow passwordless sudo for user ec2-user\n“\nFrom there it is pretty straight-forward, just a couple commands to spin up the VM’s either locally on your VirtualBox host, or in the cloud with AWS. Internally the VM’s are auto-configured with iocage to create jails, where all your actual services run.\nA neat project, check it out today if you want a shake-n-bake type cloud + jail solution.\n\n\n\n\nColin Percival's bsdiff helps reduce Android apk bandwidth usage by 6 petabytes per day\n\n\nA post on the official Android-Developers blog, talks about how they used bsdiff (and bspatch) to reduce the size of Android application updates by 65%\nbsdiff was developed by FreeBSD’s Colin Percival\n\n\n\nEarlier this year, we announced that we started using the bsdiff algorithm (by Colin Percival). Using bsdiff, we were able to reduce the size of app updates on average by 47% compared to the full APK size.\n\n\n\nThis post is actually about the second generation of the code.\n\n\n\nToday, we're excited to share a new approach that goes further — File-by-File patching. App Updates using File-by-File patching are, on average, 65% smaller than the full app, and in some cases more than 90% smaller.\nAndroid apps are packaged as APKs, which are ZIP files with special conventions. Most of the content within the ZIP files (and APKs) is compressed using a technology called Deflate. Deflate is really good at compressing data but it has a drawback: it makes identifying changes in the original (uncompressed) content really hard. Even a tiny change to the original content (like changing one word in a book) can make the compressed output of deflate look completely different. Describing the differences between the original content is easy, but describing the differences between the compressed content is so hard that it leads to inefficient patches.\n\n\n\nSo in the second generation of the code, they use bsdiff on each individual file, then package that, rather than diffing the original and new archives\nbsdiff is used in a great many other places, including shrinking the updates for the Firefox and Chrome browsers\nYou can find out more about bsdiff here: http://www.daemonology.net/bsdiff/\n\n\n\nA far more sophisticated algorithm, which typically provides roughly 20% smaller patches, is described in my doctoral thesis.\n\n\n\nConsidering the gains, it is interesting that no one has implemented Colin’s more sophisticated algorithm\nColin had an interesting observation last night: “I just realized that bandwidth savings due to bsdiff are now roughly equal to what the total internet traffic was when I wrote it in 2003.”\n***\n\n\nNews Roundup\n\nDistrowatch does an in-depth review of NAS4Free\n\n\nJesse Smith over at DistroWatch has done a pretty in-depth review of Nas4Free.\nThe review starts with mentioning that NAS4Free works on 3 platforms, ARM/i386/AMD64 and for the purposes of this review he would be using AMD64 builds.\nAfter going through the initial install (doing typical disk management operations, such as GPT/MBR, etc) he was ready to begin using the product.\nOne concern originally observed was that the initial boot seemed rather slow. Investigation revealed this was due to it loading the entire OS image into memory, and the first (long) disk read did take some time, but once loaded was super responsive.\nThe next steps involved doing the initial configuration, which meant creating a new ZFS storage pool. After this process was done, he did find one puzzling UI option called “VM” which indicated it can be linked to VirtualBox in some way, but the Docs didn’t reveal its secrets of usage.\nAdditionally covered were some of the various “Access” methods, including traditional UNIX permissions, AD and LDAP, and then various Sharing services which are typical to a NAS, Such as NFS / Samba and others.\nOne neat feature was the built-in file-browser via the web-interface, which allows you another method of getting at your data when sometimes NFS / Samba or WebDav aren’t enough.\nJesse gives us a nice round-up conclusion as well\n\n\n\nMost of the NAS operating systems I have used in the past were built around useful features. Some focused on making storage easy to set up and manage, others focused on services, such as making files available over multiple protocols or managing torrents. Some strive to be very easy to set up. NAS4Free does pretty well in each of the above categories. It may not be the easiest platform to set up, but it's probably a close second. It may not have the prettiest interface for managing settings, but it is quite easy to navigate. NAS4Free may not have the most add-on services and access protocols, but I suspect there are more than enough of both for most people.\n\nWhere NAS4Free does better than most other solutions I have looked at is security. I don't think the project's website or documentation particularly focuses on security as a feature, but there are plenty of little security features that I liked. NAS4Free makes it very easy to lock the text console, which is good because we do not all keep our NAS boxes behind locked doors. The system is fairly easy to upgrade and appears to publish regular security updates in the form of new firmware. NAS4Free makes it fairly easy to set up user accounts, handle permissions and manage home directories. It's also pretty straight forward to switch from HTTP to HTTPS and to block people not on the local network from accessing the NAS's web interface.\n\nAll in all, I like NAS4Free. It's a good, general purpose NAS operating system. While I did not feel the project did anything really amazing in any one category, nor did I run into any serious issues. The NAS ran as expected, was fairly straight forward to set up and easy to manage. This strikes me as an especially good platform for home or small business users who want an easy set up, some basic security and a solid collection of features.\n\n\n\n\nBrowsix: Unix in the browser tab\n\n\nBrowsix is a research project from the PLASMA lab at the University of Massachusetts, Amherst.\nThe goal: Run C, C++, Go and Node.js programs as processes in browsers, including LaTeX, GNU Make, Go HTTP servers, and POSIX shell scripts.\n“Processes are built on top of Web Workers, letting applications run in parallel and spawn subprocesses. System calls include fork, spawn, exec, and wait.”\n\n\n\nPipes are supported with pipe(2) enabling developers to compose processes into pipelines.\n\nSockets include support for TCP socket servers and clients, making it possible to run applications like databases and HTTP servers together with their clients in the browser.\n\n\n\n Browsix comprises two core parts:\n\n\nA kernel written in TypeScript that makes core Unix features (including pipes, concurrent processes, signals, sockets, and a shared file system) available to web applications.\nExtended JavaScript runtimes for C, C++, Go, and Node.js that support running programs written in these languages as processes in the browser.\n\nThis seems like an interesting project, although I am not sure how it would be used as more than a toy\n***\n\n\nBook Review: PAM Mastery\n\n\nnixCraft does a book review of Michael W. Lucas’ “Pam Mastery”\n\n\n\nLinux, FreeBSD, and Unix-like systems are multi-user and need some way of authenticating individual users. Back in the old days, this was done in different ways. You need to change each Unix application to use different authentication scheme.\n\n\n\nBefore PAM, if you wanted to use an SQL database to authenticate users, you had to write specific support for that into each of your applications. Same for LDAP, etc.\n\n\n\nSo Open Group lead to the development of PAM for the Unix-like system. Today Linux, FreeBSD, MacOS X and many other Unix-like systems are configured to use a centralized authentication mechanism called Pluggable Authentication Modules (PAM). The book “PAM Mastery” deals with the black magic of PAM.\n\n\n\nOf course, each OS chose to implement PAM a little bit differently\n\n\n\nThe book starts with the basic concepts about PAM and authentication. You learn about Multi-Factor Authentication and why use PAM instead of changing each program to authenticate the user. The author went into great details about why PAM is useful for developers and sysadmin for several reasons. The examples cover CentOS Linux (RHEL and clones), Debian Linux, and FreeBSD Unix system.\n\nI like the way the author described PAM Configuration Files and Common Modules that covers everyday scenarios for the sysadmin. PAM configuration file format and PAM Module Interfaces are discussed in easy to understand language. Control flags in PAM can be very confusing for new sysadmins. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module.\n\nThere is also a chapter about using one-time passwords (Google Authenticator) for your application.\n\nThe final chapter is all about enforcing good password policies for users and apps using PAM.\n\nThe sysadmin would find this book useful as it covers a common authentication scheme that can be used with a wide variety of applications on Unix. You will master PAM topics and take control over authentication for your organization IT infrastructure. If you are Linux or Unix sysadmin, I would highly recommend this book. Once again Michael W Lucas nailed it. The only book you may need for PAM deployment.\n\n\n\nget “PAM Mastery” \n***\n\n\nReflections on Trusting Trust - Ken Thompson, co-author of UNIX\n\n\nKen Thompson's \"cc hack\" - Presented in the journal, Communication of the ACM, Vol. 27, No. 8, August 1984, in a paper entitled \"Reflections on Trusting Trust\", Ken Thompson, co-author of UNIX, recounted a story of how he created a version of the C compiler that, when presented with the source code for the \"login\" program, would automatically compile in a backdoor to allow him entry to the system. This is only half the story, though. In order to hide this trojan horse, Ken also added to this version of \"cc\" the ability to recognize if it was recompiling itself to make sure that the newly compiled C compiler contained both the \"login\" backdoor, and the code to insert both trojans into a newly compiled C compiler. In this way, the source code for the C compiler would never show that these trojans existed.\n\n\n\nThe article starts off by talking about a content to write a program that produces its own source code as output. Or rather, a C program, that writes a C program, that produces its own source code as output.\n\n\n\nThe C compiler is written in C. What I am about to describe is one of many \"chicken and egg\" problems that arise when compilers are written in their own language. In this case, I will use a specific example from the C compiler.\n\nSuppose we wish to alter the C compiler to include the sequence \"\\v\" to represent the vertical tab character. The extension to Figure 2 is obvious and is presented in Figure 3. We then recompile the C compiler, but we get a diagnostic. Obviously, since the binary version of the compiler does not know about \"\\v,\" the source is not legal C. We must \"train\" the compiler. After it \"knows\" what \"\\v\" means, then our new change will become legal C. We look up on an ASCII chart that a vertical tab is decimal 11. We alter our source to look like Figure 4. Now the old compiler accepts the new source. We install the resulting binary as the new official C compiler and now we can write the portable version the way we had it in Figure 3.\n\nThe actual bug I planted in the compiler would match code in the UNIX \"login\" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user. Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions.\n\nNext “simply add a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.\n\nSo now there is a trojan’d version of cc. If you compile a clean version of cc, using the bad cc, you will get a bad cc. If you use the bad cc to compile the login program, it will have a backdoor. The source code for both backdoors no longer exists on the system. You can audit the source code of cc and login all you want, they are trustworthy.\n\nThe compiler you use to compile your new compiler, is the untrustworthy bit, but you have no way to know it is untrustworthy, and no way to make a new compiler, without using the bad compiler.\n\nThe moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.\n\nAcknowledgment: I first read of the possibility of such a Trojan horse in an Air Force critique of the security of an early implementation of Multics. I can- not find a more specific reference to this document. I would appreciate it if anyone who can supply this reference would let me know.\n\n\n\n\nBeastie Bits\n\n\nCustom made Beastie Stockings\nMigrating ZFS from mirrored pool to raidz1 pool\nOpenBSD and you \nWatson.org FreeBSD and Linux cross reference  \nOpenGrok \nFreeBSD SA-16:37: libc -- A 26+ year old bug found in BSD’s libc, all BSDs likely affected -- A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions.\nHardenedBSD issues correction for libc patch  -- original patch improperly calculates how many bytes are remaining in the buffer.\n\n\n\nFrom December the 27th until the 30th there the 33rd Chaos Communication Congress[0] is going to take place in Hamburg, Germany. Think of it as the yearly gathering of the european hackerscene and their overseas friends. I am one of the persons organizing the \"BSD assembly\" as a gathering place for BSD enthusiasts and waving the flag amidst the all the other projects / communities.\n\n\n\n\nFeedback/Questions\n\n\n Chris - IPFW + Wifi \n Jason - bhyve pci \n Al - pf errors \n Zach - Xorg settings \n Bart - Wireless Support \n***\n","content_html":"\u003cp\u003eToday on the show, we’ve got a look at running OpenBSD on a APU, some BSD in your Android, managing your own FreeBSD cloud service with ansible and much more. Keep it turned on your place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/elad/openbsd-apu2\" rel=\"nofollow\"\u003eOpenBSD on PC Engines APU2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA detailed walkthrough of building an OpenBSD firewall on a PC Engines APU2\u003c/li\u003e\n\u003cli\u003eIt starts with a breakdown of the parts that were purchases, totally around $200\u003c/li\u003e\n\u003cli\u003eThen the reader is walked through configuring the serial console, flashing the ROM, and updating the BIOS\u003c/li\u003e\n\u003cli\u003eThe next step is actually creating a custom OpenBSD install image, and pre-configuring its serial console. Starting with OpenBSD 6.0, this step is done automatically by the installer\u003c/li\u003e\n\u003cli\u003eInstallation:\n\n\u003cul\u003e\n\u003cli\u003ePower off the APU2\u003c/li\u003e\n\u003cli\u003eInsert the bootable OpenBSD installer USB flash drive to one of the USB slots on the APU2\u003c/li\u003e\n\u003cli\u003ePower on the APU2, press F10 to get to the boot menu, and choose to boot from USB (usually option number 1)\u003c/li\u003e\n\u003cli\u003eAt the boot\u0026gt; prompt, remember the serial console settings (see above)\u003c/li\u003e\n\u003cli\u003eAlso at the boot\u0026gt; prompt, press Enter to start the installer\u003c/li\u003e\n\u003cli\u003eFollow the installation instructions\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe driver used for wireless networking is athn(4). It might not work properly out of the box. Once OpenBSD is installed, run fw_update with no arguments. It will figure out which firmware updates are required and will download and install them. When it finishes, reboot.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2016/11/29/where-the-rubber-meets-the-road-part-one/\" rel=\"nofollow\"\u003eWhere the rubber meets the road… (part one)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA user describes their adventures installing OpenBSD and Arch Linux on a new Lenovo X1 Carbon (4th gen, skylake)\u003c/li\u003e\n\u003cli\u003eThey also detail why they moved away from their beloved Macbook, which while long, does describe a journey away from Apple that we’ve heard elsewhere.\u003c/li\u003e\n\u003cli\u003eThe journey begins with getting a new Windows laptop, shrinking the partition and creating space for a triple-boot install, of Windows / Arch / OpenBSD\u003c/li\u003e\n\u003cli\u003eBrian then details how he setup the partitioning and performed the initial Arch installation, getting it tuned to his specifications.\u003c/li\u003e\n\u003cli\u003eNext up was OpenBSD though, and that went sideways initially due to a new NVMe drive that wasn’t fully supported (yet)\u003c/li\u003e\n\u003cli\u003eThe article is split into two parts (we will bring you the next installment at a future date), but he leaves us with the plan of attack to build a custom OpenBSD kernel with corrected PCI device identifiers.\u003c/li\u003e\n\u003cli\u003eWe wish Brian luck, and look forward to the “rest of the story” soon.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/JoergFiedler/freebsd-ansible-demo\" rel=\"nofollow\"\u003eHowto setup a FreeBSD jail server using iocage and ansible.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSetting up a FreeBSD jail server can be a daunting task. However when a guide comes along which shows you how to do that, including not exposing a single (non-jailed) port to the outside world, you know we had a take a closer look.\u003c/li\u003e\n\u003cli\u003eThis guide comes to us from GitHub, courtesy of Joerg Fielder. \u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe project goals seem notable:\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAnsible playbook that creates a FreeBSD server which hosts multiple jails.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTravis is used to run/test the playbook.\u003c/li\u003e\n\u003cli\u003eNo service on the host is exposed externally.\u003c/li\u003e\n\u003cli\u003eAll external connections terminate within a jail.\u003c/li\u003e\n\u003cli\u003eRoles can be reused using Ansible Galaxy.\u003c/li\u003e\n\u003cli\u003eCombine any of those roles to create FreeBSD server, which perfectly suits you.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eTo get started, you’ll need a machine with Ansible, Vagrant and VirtualBox, and your credentials to AWS if you want it to automatically create / destroy EC2 instances.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThere’s already an impressive list of Anisible roles created for you to start with:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003efreebsd-build-server - Creates a FreeBSD poudriere build server\u003c/li\u003e\n\u003cli\u003efreebsd-jail-host - FreeBSD Jail host\u003c/li\u003e\n\u003cli\u003efreebsd-jailed - Provides a jail\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-nginx - Provides a jailed nginx server\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-php-fpm - Creates a php-fpm pool and a ZFS dataset which is used as web root by php-fpm\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-sftp - Installs a SFTP server\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-sshd - Provides a jailed sshd server.\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-syslogd - Provides a jailed syslogd\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-btsync - Provides a jailed btsync instance server\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-joomla - Installs Joomla\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-mariadb - Provides a jailed MariaDB server\u003c/li\u003e\n\u003cli\u003efreebsd-jailed-wordpress - Provides a jailed Wordpress server.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSince the machines have to be customized before starting, he mentions that cloud-init is used to do the following:\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eactivate pf firewall\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eadd a pass all keep state rule to pf to keep track of connection states, which in turn allows you to reload the pf service without losing the connection\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003einstall the following packages:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003esudo\u003c/li\u003e\n\u003cli\u003ebash\u003c/li\u003e\n\u003cli\u003epython27\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eallow passwordless sudo for user ec2-user\u003cbr\u003e\n“\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFrom there it is pretty straight-forward, just a couple commands to spin up the VM’s either locally on your VirtualBox host, or in the cloud with AWS. Internally the VM’s are auto-configured with iocage to create jails, where all your actual services run.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA neat project, check it out today if you want a shake-n-bake type cloud + jail solution.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://android-developers.blogspot.ca/2016/12/saving-data-reducing-the-size-of-app-updates-by-65-percent.html\" rel=\"nofollow\"\u003eColin Percival\u0026#39;s bsdiff helps reduce Android apk bandwidth usage by 6 petabytes per day\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA post on the official Android-Developers blog, talks about how they used bsdiff (and bspatch) to reduce the size of Android application updates by 65%\u003c/li\u003e\n\u003cli\u003ebsdiff was developed by FreeBSD’s Colin Percival\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eEarlier this year, we announced that we started using the bsdiff algorithm (by Colin Percival). Using bsdiff, we were able to reduce the size of app updates on average by 47% compared to the full APK size.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis post is actually about the second generation of the code.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday, we\u0026#39;re excited to share a new approach that goes further — File-by-File patching. App Updates using File-by-File patching are, on average, 65% smaller than the full app, and in some cases more than 90% smaller.\u003cbr\u003e\nAndroid apps are packaged as APKs, which are ZIP files with special conventions. Most of the content within the ZIP files (and APKs) is compressed using a technology called Deflate. Deflate is really good at compressing data but it has a drawback: it makes identifying changes in the original (uncompressed) content really hard. Even a tiny change to the original content (like changing one word in a book) can make the compressed output of deflate look completely different. Describing the differences between the original content is easy, but describing the differences between the compressed content is so hard that it leads to inefficient patches.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo in the second generation of the code, they use bsdiff on each individual file, then package that, rather than diffing the original and new archives\u003c/li\u003e\n\u003cli\u003ebsdiff is used in a great many other places, including shrinking the updates for the Firefox and Chrome browsers\u003c/li\u003e\n\u003cli\u003eYou can find out more about bsdiff here: \u003ca href=\"http://www.daemonology.net/bsdiff/\" rel=\"nofollow\"\u003ehttp://www.daemonology.net/bsdiff/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eA far more sophisticated algorithm, which typically provides roughly 20% smaller patches, is described in my \u003ca href=\"http://www.daemonology.net/papers/thesis.pdf\" rel=\"nofollow\"\u003edoctoral thesis\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eConsidering the gains, it is interesting that no one has implemented Colin’s more sophisticated algorithm\u003c/li\u003e\n\u003cli\u003eColin had an \u003ca href=\"https://twitter.com/cperciva/status/806426180379230208\" rel=\"nofollow\"\u003einteresting observation\u003c/a\u003e last night: “I just realized that bandwidth savings due to bsdiff are now roughly equal to what the \u003cem\u003etotal internet traffic\u003c/em\u003e was when I wrote it in 2003.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20161114#nas4free\" rel=\"nofollow\"\u003eDistrowatch does an in-depth review of NAS4Free\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJesse Smith over at DistroWatch has done a pretty in-depth review of Nas4Free.\u003c/li\u003e\n\u003cli\u003eThe review starts with mentioning that NAS4Free works on 3 platforms, ARM/i386/AMD64 and for the purposes of this review he would be using AMD64 builds.\u003c/li\u003e\n\u003cli\u003eAfter going through the initial install (doing typical disk management operations, such as GPT/MBR, etc) he was ready to begin using the product.\u003c/li\u003e\n\u003cli\u003eOne concern originally observed was that the initial boot seemed rather slow. Investigation revealed this was due to it loading the entire OS image into memory, and the first (long) disk read did take some time, but once loaded was super responsive.\u003c/li\u003e\n\u003cli\u003eThe next steps involved doing the initial configuration, which meant creating a new ZFS storage pool. After this process was done, he did find one puzzling UI option called “VM” which indicated it can be linked to VirtualBox in some way, but the Docs didn’t reveal its secrets of usage.\u003c/li\u003e\n\u003cli\u003eAdditionally covered were some of the various “Access” methods, including traditional UNIX permissions, AD and LDAP, and then various Sharing services which are typical to a NAS, Such as NFS / Samba and others.\u003c/li\u003e\n\u003cli\u003eOne neat feature was the built-in file-browser via the web-interface, which allows you another method of getting at your data when sometimes NFS / Samba or WebDav aren’t enough.\u003c/li\u003e\n\u003cli\u003eJesse gives us a nice round-up conclusion as well\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMost of the NAS operating systems I have used in the past were built around useful features. Some focused on making storage easy to set up and manage, others focused on services, such as making files available over multiple protocols or managing torrents. Some strive to be very easy to set up. NAS4Free does pretty well in each of the above categories. It may not be the easiest platform to set up, but it\u0026#39;s probably a close second. It may not have the prettiest interface for managing settings, but it is quite easy to navigate. NAS4Free may not have the most add-on services and access protocols, but I suspect there are more than enough of both for most people.\u003c/p\u003e\n\n\u003cp\u003eWhere NAS4Free does better than most other solutions I have looked at is security. I don\u0026#39;t think the project\u0026#39;s website or documentation particularly focuses on security as a feature, but there are plenty of little security features that I liked. NAS4Free makes it very easy to lock the text console, which is good because we do not all keep our NAS boxes behind locked doors. The system is fairly easy to upgrade and appears to publish regular security updates in the form of new firmware. NAS4Free makes it fairly easy to set up user accounts, handle permissions and manage home directories. It\u0026#39;s also pretty straight forward to switch from HTTP to HTTPS and to block people not on the local network from accessing the NAS\u0026#39;s web interface.\u003c/p\u003e\n\n\u003cp\u003eAll in all, I like NAS4Free. It\u0026#39;s a good, general purpose NAS operating system. While I did not feel the project did anything really amazing in any one category, nor did I run into any serious issues. The NAS ran as expected, was fairly straight forward to set up and easy to manage. This strikes me as an especially good platform for home or small business users who want an easy set up, some basic security and a solid collection of features.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://browsix.org/\" rel=\"nofollow\"\u003eBrowsix: Unix in the browser tab\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBrowsix is a research project from the PLASMA lab at the University of Massachusetts, Amherst.\u003c/li\u003e\n\u003cli\u003eThe goal: Run C, C++, Go and Node.js programs as processes in browsers, including LaTeX, GNU Make, Go HTTP servers, and POSIX shell scripts.\u003c/li\u003e\n\u003cli\u003e“Processes are built on top of Web Workers, letting applications run in parallel and spawn subprocesses. System calls include fork, spawn, exec, and wait.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePipes are supported with pipe(2) enabling developers to compose processes into pipelines.\u003c/p\u003e\n\n\u003cp\u003eSockets include support for TCP socket servers and clients, making it possible to run applications like databases and HTTP servers together with their clients in the browser.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e Browsix comprises two core parts:\n\n\u003cul\u003e\n\u003cli\u003eA kernel written in TypeScript that makes core Unix features (including pipes, concurrent processes, signals, sockets, and a shared file system) available to web applications.\u003c/li\u003e\n\u003cli\u003eExtended JavaScript runtimes for C, C++, Go, and Node.js that support running programs written in these languages as processes in the browser.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThis seems like an interesting project, although I am not sure how it would be used as more than a toy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cyberciti.biz/reviews/book-review-pam-mastery/\" rel=\"nofollow\"\u003eBook Review: PAM Mastery\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003enixCraft does a book review of Michael W. Lucas’ “Pam Mastery”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLinux, FreeBSD, and Unix-like systems are multi-user and need some way of authenticating individual users. Back in the old days, this was done in different ways. You need to change each Unix application to use different authentication scheme.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eBefore PAM, if you wanted to use an SQL database to authenticate users, you had to write specific support for that into each of your applications. Same for LDAP, etc.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSo Open Group lead to the development of PAM for the Unix-like system. Today Linux, FreeBSD, MacOS X and many other Unix-like systems are configured to use a centralized authentication mechanism called Pluggable Authentication Modules (PAM). The book “PAM Mastery” deals with the black magic of PAM.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOf course, each OS chose to implement PAM a little bit differently\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe book starts with the basic concepts about PAM and authentication. You learn about Multi-Factor Authentication and why use PAM instead of changing each program to authenticate the user. The author went into great details about why PAM is useful for developers and sysadmin for several reasons. The examples cover CentOS Linux (RHEL and clones), Debian Linux, and FreeBSD Unix system.\u003c/p\u003e\n\n\u003cp\u003eI like the way the author described PAM Configuration Files and Common Modules that covers everyday scenarios for the sysadmin. PAM configuration file format and PAM Module Interfaces are discussed in easy to understand language. Control flags in PAM can be very confusing for new sysadmins. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module.\u003c/p\u003e\n\n\u003cp\u003eThere is also a chapter about using one-time passwords (Google Authenticator) for your application.\u003c/p\u003e\n\n\u003cp\u003eThe final chapter is all about enforcing good password policies for users and apps using PAM.\u003c/p\u003e\n\n\u003cp\u003eThe sysadmin would find this book useful as it covers a common authentication scheme that can be used with a wide variety of applications on Unix. You will master PAM topics and take control over authentication for your organization IT infrastructure. If you are Linux or Unix sysadmin, I would highly recommend this book. Once again Michael W Lucas nailed it. The only book you may need for PAM deployment.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.michaelwlucas.com/tools/pam\" rel=\"nofollow\"\u003eget “PAM Mastery” \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.win.tue.nl/%7Eaeb/linux/hh/thompson/trust.html\" rel=\"nofollow\"\u003eReflections on Trusting Trust - Ken Thompson, co-author of UNIX\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eKen Thompson\u0026#39;s \u0026quot;cc hack\u0026quot; - Presented in the journal, Communication of the ACM, Vol. 27, No. 8, August 1984, in a paper entitled \u0026quot;Reflections on Trusting Trust\u0026quot;, Ken Thompson, co-author of UNIX, recounted a story of how he created a version of the C compiler that, when presented with the source code for the \u0026quot;login\u0026quot; program, would automatically compile in a backdoor to allow him entry to the system. This is only half the story, though. In order to hide this trojan horse, Ken also added to this version of \u0026quot;cc\u0026quot; the ability to recognize if it was recompiling itself to make sure that the newly compiled C compiler contained both the \u0026quot;login\u0026quot; backdoor, and the code to insert both trojans into a newly compiled C compiler. In this way, the source code for the C compiler would never show that these trojans existed.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article starts off by talking about a content to write a program that produces its own source code as output. Or rather, a C program, that writes a C program, that produces its own source code as output.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe C compiler is written in C. What I am about to describe is one of many \u0026quot;chicken and egg\u0026quot; problems that arise when compilers are written in their own language. In this case, I will use a specific example from the C compiler.\u003c/p\u003e\n\n\u003cp\u003eSuppose we wish to alter the C compiler to include the sequence \u0026quot;\\v\u0026quot; to represent the vertical tab character. The extension to Figure 2 is obvious and is presented in Figure 3. We then recompile the C compiler, but we get a diagnostic. Obviously, since the binary version of the compiler does not know about \u0026quot;\\v,\u0026quot; the source is not legal C. We must \u0026quot;train\u0026quot; the compiler. After it \u0026quot;knows\u0026quot; what \u0026quot;\\v\u0026quot; means, then our new change will become legal C. We look up on an ASCII chart that a vertical tab is decimal 11. We alter our source to look like Figure 4. Now the old compiler accepts the new source. We install the resulting binary as the new official C compiler and now we can write the portable version the way we had it in Figure 3.\u003c/p\u003e\n\n\u003cp\u003eThe actual bug I planted in the compiler would match code in the UNIX \u0026quot;login\u0026quot; command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user. Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions.\u003c/p\u003e\n\n\u003cp\u003eNext “simply add a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.\u003c/p\u003e\n\n\u003cp\u003eSo now there is a trojan’d version of cc. If you compile a clean version of cc, using the bad cc, you will get a bad cc. If you use the bad cc to compile the login program, it will have a backdoor. The source code for both backdoors no longer exists on the system. You can audit the source code of cc and login all you want, they are trustworthy.\u003c/p\u003e\n\n\u003cp\u003eThe compiler you use to compile your new compiler, is the untrustworthy bit, but you have no way to know it is untrustworthy, and no way to make a new compiler, without using the bad compiler.\u003c/p\u003e\n\n\u003cp\u003eThe moral is obvious. You can\u0026#39;t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.\u003c/p\u003e\n\n\u003cp\u003eAcknowledgment: I first read of the possibility of such a Trojan horse in an Air Force critique of the security of an early implementation of Multics. I can- not find a more specific reference to this document. I would appreciate it if anyone who can supply this reference would let me know.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.etsy.com/listing/496638945/freebsd-beastie-christmas-stocking\" rel=\"nofollow\"\u003eCustom made Beastie Stockings\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://ximalas.info/2016/12/06/migrating-zfs-from-mirrored-pool-to-raidz1-pool/\" rel=\"nofollow\"\u003eMigrating ZFS from mirrored pool to raidz1 pool\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://home.nuug.no/%7Epeter/blug2016/\" rel=\"nofollow\"\u003eOpenBSD and you\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://fxr.watson.org/\" rel=\"nofollow\"\u003eWatson.org FreeBSD and Linux cross reference \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://bxr.su/\" rel=\"nofollow\"\u003eOpenGrok\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc\" rel=\"nofollow\"\u003eFreeBSD SA-16:37: libc\u003c/a\u003e -- A 26+ year old bug found in BSD’s libc, all BSDs likely affected -- A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/HardenedBSD/hardenedBSD/commit/fb823297fbced336b6beeeb624e2dc65b67aa0eb\" rel=\"nofollow\"\u003eHardenedBSD issues correction for libc patch \u003c/a\u003e -- original patch improperly calculates how many bytes are remaining in the buffer.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFrom December the 27th until the 30th there the 33rd Chaos Communication Congress[0] is going to take place in Hamburg, Germany. Think of it as the yearly gathering of the european hackerscene and their overseas friends. I am one of the persons organizing the \u0026quot;\u003ca href=\"https://events.ccc.de/congress/2016/wiki/Assembly:BSD\" rel=\"nofollow\"\u003eBSD assembly\u003c/a\u003e\u0026quot; as a gathering place for BSD enthusiasts and waving the flag amidst the all the other projects / communities.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/WRiuW6nn\" rel=\"nofollow\"\u003e Chris - IPFW + Wifi\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/JgerqZZP\" rel=\"nofollow\"\u003e Jason - bhyve pci\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/3XY5MVca\" rel=\"nofollow\"\u003e Al - pf errors\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Kty0qYXM\" rel=\"nofollow\"\u003e Zach - Xorg settings\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/m3D81GBW\" rel=\"nofollow\"\u003e Bart - Wireless Support\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Today on the show, we’ve got a look at running OpenBSD on a APU, some BSD in your Android, managing your own FreeBSD cloud service with ansible and much more. Keep it turned on your place to B...SD!","date_published":"2016-12-07T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a62aa20a-ad86-4e21-b547-cd53c38c6b46.mp3","mime_type":"audio/mpeg","size_in_bytes":62802580,"duration_in_seconds":5233}]},{"id":"1eecd778-12f6-4789-a729-294313b152c8","title":"170: Sandboxing Cohabitation","url":"https://www.bsdnow.tv/170","content_text":"This week on the show, we’ve got some new info on the talks from EuroBSDCon, a look at sharing a single ZFS pool between Linux and BSD, Sandboxing and much more! Stay tuned for your place to B...SD!\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\n\n\n\nHeadlines\n\nEuroBSDcon 2016 Presentation Slides\n\n\nDue to circumstances beyond the control of the organizers of EuroBSDCon, there were not recordings of the talks given at the event.\nHowever, they have collected the slide decks from each of the speakers and assembled them on this page for you\nAlso, we have some stuff from MeetBSD already:\nYoutube Playlist  \nNot all of the sessions are posted yet, but the rest should appear shortly\nMeetBSD 2016 Trip Report: Domagoj Stolfa \n***\n\n\nCohabiting FreeBSD and Gentoo Linux on a Common ZFS Volume\n\n\nEric McCorkle, who has contributed ZFS support to the FreeBSD EFI boot-loader code has posted an in-depth look at how he’s setup dual-boot with FreeBSD and Gentoo on the same ZFS volume.\nHe starts by giving us some background on how the layout is done. First up, GRUB is used as the boot-loader, allowing boot of both Linux and BSD\nThe next non-typical thing was using /etc/fstab to manage mount-points, instead of the typical ‘zfs mount’ usage, (apart from /home datasets)\ndata/home is mounted to /home, with all of its child datasets using the ZFS mountpoint system\ndata/freebsd and its child datasets house the FreeBSD system, and all have their mountpoints set to legacy\ndata/gentoo and its child datasets house the Gentoo system, and have their mountpoints set to legacy as well\nSo, how did he set this up? He helpfully provides an overview of the steps:\n\n\nUse the FreeBSD installer to create the GPT and ZFS pool\nInstall and configure FreeBSD, with the native FreeBSD boot loader\nBoot into FreeBSD, create the Gentoo Linux datasets, install GRUB\nBoot into the Gentoo Linux installer, install Gentoo\nBoot into Gentoo, finish any configuration tasks\n\nThe rest of the article walks us through the individual commands that make up each of those steps, as well as how to craft a GRUB config file capable of booting both systems.\nPersonally, since we are using EFI, I would have installed rEFInd, and chain-loaded each systems EFI boot code from there, allowing the use of the BSD loader, but to each their own!\n\n\n\n\nHardenedBSD introduces Safestack into base\n\n\nHardenedBSD has integrated SafeStack into its base system and ports tree\nSafeStack is part of the Code Pointer Integrity (CPI) project within clang.\n“SafeStack is an instrumentation pass that protects programs against attacks based on stack buffer overflows, without introducing any measurable performance overhead. It works by separating the program stack into two distinct regions: the safe stack and the unsafe stack. The safe stack stores return addresses, register spills, and local variables that are always accessed in a safe way, while the unsafe stack stores everything else. This separation ensures that buffer overflows on the unsafe stack cannot be used to overwrite anything on the safe stack.”\n“As of 28 November 2016, with clang 3.9.0, SafeStack only supports being applied to applications and not shared libraries. Multiple patches have been submitted to clang by third parties to add support for shared libraries.”\nSafeStack is only enabled on AMD64\n***\n\n\npledge(2)… or, how I learned to love web application sandboxing\n\n\nWe’ve talked about OpenBSD’s sandboxing mechanism pledge() in the past, but today we have a great article by Kristaps Dzonsons, about how he grew to love it for Web Sandboxing.\n+First up, he gives us his opening argument that should make most of you sit up and listen:\n\n\n\nI use application-level sandboxing a lot because I make mistakes a lot;                 and when writing web applications, the price of making mistakes is very dear.             \n\nIn the early 2000s, that meant using systrace(4) on OpenBSD and NetBSD.  Then it was seccomp(2) (followed by libseccomp(3)) on Linux.     Then there was capsicum(4) on FreeBSD and sandbox_init(3) on Mac OS X.                         \n\nAll of these systems are invoked differently; and for the most part, whenever it came     time to interface with one of them, I longed for sweet release from the nightmare.         Please, try reading seccomp(2). To the end. Aligning web application logic and security policy would require an arduous (and usually trial-and-error or worse, copy-and-paste) process. If there was any process at all — if the burden of writing a policy didn't cause me to abandon sandboxing at the start.                         \n\nAnd then there was pledge(2).                         \n\nThis document is about pledge(2) and why you should use it and love it. “\n\n\n+Not convinced yet? Maybe you should take his challenge:\n\n\nLet's play a drinking game.     The challenge is to stay out of the hospital.             \n\n1.Navigate to seccomp(2).                             \n\n\nRead it to the end.\nDrink every time you don't understand.\n\n\nFor capsicum(4), the    challenge is no less difficult.     To see these in action, navigate no further than OpenSSH, which interfaces with these sandboxes: sandbox-seccomp-filter.c or sandbox-capsicum.c.     (For a history lesson, you can even see sandbox-systrace.c.)         Keep in mind that these do little more than restrict resources to open descriptors and the     usual necessities of memory, signals, timing, etc. Keep that in mind and be horrified.     “\n\n\n\nNow Kristaps has his theory on why these are so difficult (NS..), but perhaps there is a better way. He makes the case that pledge() sits right in that sweet-spot, being powerful enough to be useful, but easy enough to implement that developers might actually use it.\nAll in all, a nice read, check it out! Would love to hear other developer success stories using pledge() as well.\n***\n\n\nNews Roundup\n\nUnix history repository, now on GitHub\n\n\nOS News has an interesting tidbit on their site today, about the entire commit history of Unix now being available online, starting all the way back in 1970 and bringing us forward to today. \nFrom the README\n\n\n\nThe history and evolution of the Unix operating system is made available as a revision management repository, covering the period from its inception in 1970 as a 2.5 thousand line kernel and 26 commands, to 2016 as a widely-used 27 million line system. The 1.1GB repository contains about half a million commits and more than two thousand merges. The repository employs Git system for its storage and is hosted on GitHub. It has been created by synthesizing with custom software 24 snapshots of systems developed at Bell Labs, the University of California at Berkeley, and the 386BSD team, two legacy repositories, and the modern repository of the open source FreeBSD system. In total, about one thousand individual contributors are identified, the early ones through primary research. The data set can be used for empirical research in software engineering, information systems, and software archaeology.\n\n\n\nThis is a fascinating find, especially will be of value to students and historians who wish to look back in time to see how UNIX evolved, and in this repo ultimately turned into modern FreeBSD.\n***\n\n\nYandex commits improvements to FreeBSD network stack \n\n\n“Rework ip_tryforward() to use FIB4 KPI.”\nThis commit brings some code from the experimental routing branch into head\nAs you can see from the graphs, it offers some sizable improvements in forwarding and firewalled packets per second\ncommit  \n***\n\n\nThe brief history of Unix socket multiplexing – select(2) system call\n\n\nEver wondered about the details of socket multiplexing, aka the history of select(2)?\nWell Marek today gives a treat, with a quick look back at the history that made today’s modern multiplexing possible.\nFirst, his article starts the way all good ones do, presenting the problem in silent-movie form:\n\n\n\nIn mid-1960's time sharing was still a recent invention. Compared to a previous paradigm - batch-processing - time sharing was truly revolutionary. It greatly reduced the time wasted between writing a program and getting its result. Batch-processing meant hours and hours of waiting often to only see a program error. See this film to better understand the problems of 1960's programmers: \"The trials and tribulations of batch processing\".\n\n\n\nEnter the wild world of the 1970’s, and we’ve now reached the birth of UNIX which tried to solve the batch processing problem with time-sharing.\n\n\n\nThese days when a program was executed, it could \"stall\" (block) only on a couple of things1:\n\n\nwait for CPU\nwait for disk I/O\nwait for user input (waiting for a shell command) or console (printing data too fast)“\n\n\n\n\nJump forward another dozen years or so, and the world changes yet again:\n\n\n\nThis all changed in 1983 with the release of 4.2BSD. This revision introduced an early implementation of a TCP/IP stack and most importantly - the BSD Sockets API.Although today we take the BSD sockets API for granted, it wasn't obvious it was the right API. STREAMS were a competing API design on System V Revision 3.\n\n\n\nComing in along with the sockets API was the select(2) call, which our very own Kirk McKusick gives us some background on:\n\n\n\nSelect was introduced to allow applications to multiplex their I/O.\n\nConsider a simple application like a remote login. It has descriptors for reading from and writing to the terminal and a descriptor for the (bidirectional) socket. It needs to read from the terminal keyboard and write those characters to the socket. It also needs to read from the socket and write to the terminal. Reading from a descriptor that has nothing queued causes the application to block until data arrives. The application does not know whether to read from the terminal or the socket and if it guesses wrong will incorrectly block. So select was added to let it find out which descriptor had data ready to read. If neither, select blocks until data arrives on one descriptor and then awakens telling which descriptor has data to read.\n\n[...] Non-blocking was added at the same time as select. But using non-blocking when reading descriptors does not work well. Do you go into an infinite loop trying to read each of your input descriptors? If not, do you pause after each pass and if so for how long to remain responsive to input? Select is just far more efficient.\n\n\nSelect also lets you create a single inetd daemon rather than having to have a separate daemon for every service.\n\n\nThe article then wraps up with an interesting conclusion:\n\u0026gt; CSP = Communicating sequential processes\n\n\n\nIn this discussion I was afraid to phrase the core question. Were Unix processes intended to be CSP-style processes? Are file descriptors a CSP-derived \"channels\"? Is select equivalent to ALT statement?\n\nI think: no. Even if there are design similarities, they are accidental. The file-descriptor abstractions were developed well before the original CSP paper.\n\nIt seems that an operating socket API's evolved totally disconnected from the userspace CSP-alike programming paradigms. It's a pity though. It would be interesting to see an operating system coherent with the programming paradigms of the user land programs.\n\n\n\nA long (but good) read, and worth your time if you are interested in the history how modern multiplexing came to be.\n***\n\n\nHow to start CLion on FreeBSD?\n\n\nCLion (pronounced \"sea lion\") is a cross-platform C and C++ IDE\nBy default, the Linux version comes bundled with some binaries, which obviously won’t work with the native FreeBSD build\nRather than using Linux emulation, you can replace these components with native versions\n\n\npkg install openjdk8 cmake gdb\nEdit clion-2016.3/bin/idea.properties and change run.processes.with.pty=false\nStart CLion and open Settings | Build, Execution, Deployment | Toolchains\nSpecify CMake path: /usr/local/bin/cmake and GDB path: /usr/local/bin/gdb\n\nWithout a replacement for fsnotifier, you will get a warning that the IDE may be slow to detect changes to files on disk\nBut, someone has already written a version of fsnotifier that works on FreeBSD and OpenBSD\nfsnotifier for OpenBSD and FreeBSD -- The fsnotifier is used by IntelliJ for detecting file changes. This version supports FreeBSD and OpenBSD via libinotify and is a replacement for the bundled Linux-only version coming with the IntelliJ IDEA Community Edition.\n***\n\n\nBeastie Bits\n\n\nTrueOS Pico – FreeBSD ARM/RPi Thin Clients \nA Puppet package provider for FreeBSD's PkgNG package manager.\nNotes from November London *BSD meetup \nSemiBug meeting on Dec 20th\n\n\n\n\nFeedback/Questions\n\n\n Erno - SSH without password \n Jonathan - Magical ZFS \n George - TrueOS \n Mohammad - Jails IP \n Gibheer - BEs \n***\n","content_html":"\u003cp\u003eThis week on the show, we’ve got some new info on the talks from EuroBSDCon, a look at sharing a single ZFS pool between Linux and BSD, Sandboxing and much more! Stay tuned for your place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2016.eurobsdcon.org/PresentationSlides/\" rel=\"nofollow\"\u003eEuroBSDcon 2016 Presentation Slides\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDue to circumstances beyond the control of the organizers of EuroBSDCon, there were not recordings of the talks given at the event.\u003c/li\u003e\n\u003cli\u003eHowever, they have collected the slide decks from each of the speakers and assembled them on this page for you\u003c/li\u003e\n\u003cli\u003eAlso, we have some stuff from MeetBSD already:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLb87fdKUIo8TAMC2HJLZ7H54edD2BeGWv\" rel=\"nofollow\"\u003eYoutube Playlist \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eNot all of the sessions are posted yet, but the rest should appear shortly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/meetbsd-2016-trip-report-domagoj-stolfa/\" rel=\"nofollow\"\u003eMeetBSD 2016 Trip Report: Domagoj Stolfa\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ericmccorkleblog.wordpress.com/2016/11/15/cohabiting-freebsd-and-gentoo-linux-on-a-common-zfs-volume/\" rel=\"nofollow\"\u003eCohabiting FreeBSD and Gentoo Linux on a Common ZFS Volume\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEric McCorkle, who has contributed ZFS support to the FreeBSD EFI boot-loader code has posted an in-depth look at how he’s setup dual-boot with FreeBSD and Gentoo on the same ZFS volume.\u003c/li\u003e\n\u003cli\u003eHe starts by giving us some background on how the layout is done. First up, GRUB is used as the boot-loader, allowing boot of both Linux and BSD\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe next non-typical thing was using /etc/fstab to manage mount-points, instead of the typical ‘zfs mount’ usage, (apart from /home datasets)\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003edata/home is mounted to /home, with all of its child datasets using the ZFS mountpoint system\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003edata/freebsd and its child datasets house the FreeBSD system, and all have their mountpoints set to legacy\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003edata/gentoo and its child datasets house the Gentoo system, and have their mountpoints set to legacy as well\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSo, how did he set this up? He helpfully provides an overview of the steps:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eUse the FreeBSD installer to create the GPT and ZFS pool\u003c/li\u003e\n\u003cli\u003eInstall and configure FreeBSD, with the native FreeBSD boot loader\u003c/li\u003e\n\u003cli\u003eBoot into FreeBSD, create the Gentoo Linux datasets, install GRUB\u003c/li\u003e\n\u003cli\u003eBoot into the Gentoo Linux installer, install Gentoo\u003c/li\u003e\n\u003cli\u003eBoot into Gentoo, finish any configuration tasks\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe rest of the article walks us through the individual commands that make up each of those steps, as well as how to craft a GRUB config file capable of booting both systems.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003ePersonally, since we are using EFI, I would have installed rEFInd, and chain-loaded each systems EFI boot code from there, allowing the use of the BSD loader, but to each their own!\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2016-11-27/introducing-safestack\" rel=\"nofollow\"\u003eHardenedBSD introduces Safestack into base\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHardenedBSD has integrated SafeStack into its base system and ports tree\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://clang.llvm.org/docs/SafeStack.html\" rel=\"nofollow\"\u003eSafeStack\u003c/a\u003e is part of the Code Pointer Integrity (CPI) project within clang.\u003c/li\u003e\n\u003cli\u003e“SafeStack is an instrumentation pass that protects programs against attacks based on stack buffer overflows, without introducing any measurable performance overhead. It works by separating the program stack into two distinct regions: the safe stack and the unsafe stack. The safe stack stores return addresses, register spills, and local variables that are always accessed in a safe way, while the unsafe stack stores everything else. This separation ensures that buffer overflows on the unsafe stack cannot be used to overwrite anything on the safe stack.”\u003c/li\u003e\n\u003cli\u003e“As of 28 November 2016, with clang 3.9.0, SafeStack only supports being applied to applications and not shared libraries. Multiple patches have been submitted to clang by third parties to add support for shared libraries.”\u003c/li\u003e\n\u003cli\u003eSafeStack is only enabled on AMD64\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://learnbchs.org/pledge.html\" rel=\"nofollow\"\u003epledge(2)… or, how I learned to love web application sandboxing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve talked about OpenBSD’s sandboxing mechanism pledge() in the past, but today we have a great article by Kristaps Dzonsons, about how he grew to love it for Web Sandboxing.\n+First up, he gives us his opening argument that should make most of you sit up and listen:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI use application-level sandboxing a lot because I make mistakes a lot;                 and when writing web applications, the price of making mistakes is very dear.             \u003c/p\u003e\n\n\u003cp\u003eIn the early 2000s, that meant using systrace(4) on OpenBSD and NetBSD.  Then it was seccomp(2) (followed by libseccomp(3)) on Linux.     Then there was capsicum(4) on FreeBSD and sandbox_init(3) on Mac OS X.                         \u003c/p\u003e\n\n\u003cp\u003eAll of these systems are invoked differently; and for the most part, whenever it came     time to interface with one of them, I longed for sweet release from the nightmare.         Please, try reading seccomp(2). To the end. Aligning web application logic and security policy would require an arduous (and usually trial-and-error or worse, copy-and-paste) process. If there was any process at all — if the burden of writing a policy didn\u0026#39;t cause me to abandon sandboxing at the start.                         \u003c/p\u003e\n\n\u003cp\u003eAnd then there was pledge(2).                         \u003c/p\u003e\n\n\u003cp\u003eThis document is about pledge(2) and why you should use it and love it. “\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e+Not convinced yet? Maybe you should take his challenge:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eLet\u0026#39;s play a drinking game.     The challenge is to stay out of the hospital.             \u003c/p\u003e\n\n\u003cp\u003e1.Navigate to seccomp(2).                             \u003c/p\u003e\n\n\u003col\u003e\n\u003cli\u003eRead it to the end.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eDrink every time you don\u0026#39;t understand.\u003cbr\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\n\u003cp\u003eFor capsicum(4), the    challenge is no less difficult.     To see these in action, navigate no further than OpenSSH, which interfaces with these sandboxes: sandbox-seccomp-filter.c or sandbox-capsicum.c.     (For a history lesson, you can even see sandbox-systrace.c.)         Keep in mind that these do little more than restrict resources to open descriptors and the     usual necessities of memory, signals, timing, etc. Keep that in mind and be horrified.     “\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow Kristaps has his theory on why these are so difficult (NS..), but perhaps there is a better way. He makes the case that pledge() sits right in that sweet-spot, being powerful enough to be useful, but easy enough to implement that developers might actually use it.\u003c/li\u003e\n\u003cli\u003eAll in all, a nice read, check it out! Would love to hear other developer success stories using pledge() as well.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.osnews.com/story/29513/Unix_history_repository_now_on_GitHub\" rel=\"nofollow\"\u003eUnix history repository, now on GitHub\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eOS News has an interesting tidbit on their site today, about the entire commit history of Unix now being available online, starting all the way back in 1970 and bringing us forward to today. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFrom the README\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe history and evolution of the Unix operating system is made available as a revision management repository, covering the period from its inception in 1970 as a 2.5 thousand line kernel and 26 commands, to 2016 as a widely-used 27 million line system. The 1.1GB repository contains about half a million commits and more than two thousand merges. The repository employs Git system for its storage and is hosted on GitHub. It has been created by synthesizing with custom software 24 snapshots of systems developed at Bell Labs, the University of California at Berkeley, and the 386BSD team, two legacy repositories, and the modern repository of the open source FreeBSD system. In total, about one thousand individual contributors are identified, the early ones through primary research. The data set can be used for empirical research in software engineering, information systems, and software archaeology.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a fascinating find, especially will be of value to students and historians who wish to look back in time to see how UNIX evolved, and in this repo ultimately turned into modern FreeBSD.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://reviews.freebsd.org/D8526\" rel=\"nofollow\"\u003eYandex commits improvements to FreeBSD network stack \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Rework ip_tryforward() to use FIB4 KPI.”\u003c/li\u003e\n\u003cli\u003eThis commit brings some code from the experimental routing branch into head\u003c/li\u003e\n\u003cli\u003eAs you can see from the graphs, it offers some sizable improvements in forwarding and firewalled packets per second\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=309257\" rel=\"nofollow\"\u003ecommit \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://idea.popcount.org/2016-11-01-a-brief-history-of-select2/\" rel=\"nofollow\"\u003eThe brief history of Unix socket multiplexing – select(2) system call\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEver wondered about the details of socket multiplexing, aka the history of select(2)?\u003c/li\u003e\n\u003cli\u003eWell Marek today gives a treat, with a quick look back at the history that made today’s modern multiplexing possible.\u003c/li\u003e\n\u003cli\u003eFirst, his article starts the way all good ones do, presenting the problem in silent-movie form:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn mid-1960\u0026#39;s time sharing was still a recent invention. Compared to a previous paradigm - batch-processing - time sharing was truly revolutionary. It greatly reduced the time wasted between writing a program and getting its result. Batch-processing meant hours and hours of waiting often to only see a program error. See this film to better understand the problems of 1960\u0026#39;s programmers: \u0026quot;The trials and tribulations of batch processing\u0026quot;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eEnter the wild world of the 1970’s, and we’ve now reached the birth of UNIX which tried to solve the batch processing problem with time-sharing.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThese days when a program was executed, it could \u0026quot;stall\u0026quot; (block) only on a couple of things1:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ewait for CPU\u003c/li\u003e\n\u003cli\u003ewait for disk I/O\u003c/li\u003e\n\u003cli\u003ewait for user input (waiting for a shell command) or console (printing data too fast)“\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eJump forward another dozen years or so, and the world changes yet again:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis all changed in 1983 with the release of 4.2BSD. This revision introduced an early implementation of a TCP/IP stack and most importantly - the BSD Sockets API.Although today we take the BSD sockets API for granted, it wasn\u0026#39;t obvious it was the right API. STREAMS were a competing API design on System V Revision 3.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eComing in along with the sockets API was the select(2) call, which our very own Kirk McKusick gives us some background on:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSelect was introduced to allow applications to multiplex their I/O.\u003c/p\u003e\n\n\u003cp\u003eConsider a simple application like a remote login. It has descriptors for reading from and writing to the terminal and a descriptor for the (bidirectional) socket. It needs to read from the terminal keyboard and write those characters to the socket. It also needs to read from the socket and write to the terminal. Reading from a descriptor that has nothing queued causes the application to block until data arrives. The application does not know whether to read from the terminal or the socket and if it guesses wrong will incorrectly block. So select was added to let it find out which descriptor had data ready to read. If neither, select blocks until data arrives on one descriptor and then awakens telling which descriptor has data to read.\u003c/p\u003e\n\n\u003cp\u003e[...] Non-blocking was added at the same time as select. But using non-blocking when reading descriptors does not work well. Do you go into an infinite loop trying to read each of your input descriptors? If not, do you pause after each pass and if so for how long to remain responsive to input? Select is just far more efficient.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003eSelect also lets you create a single inetd daemon rather than having to have a separate daemon for every service.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article then wraps up with an interesting conclusion:\n\u0026gt; CSP = Communicating sequential processes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn this discussion I was afraid to phrase the core question. Were Unix processes intended to be CSP-style processes? Are file descriptors a CSP-derived \u0026quot;channels\u0026quot;? Is select equivalent to ALT statement?\u003c/p\u003e\n\n\u003cp\u003eI think: no. Even if there are design similarities, they are accidental. The file-descriptor abstractions were developed well before the original CSP paper.\u003c/p\u003e\n\n\u003cp\u003eIt seems that an operating socket API\u0026#39;s evolved totally disconnected from the userspace CSP-alike programming paradigms. It\u0026#39;s a pity though. It would be interesting to see an operating system coherent with the programming paradigms of the user land programs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA long (but good) read, and worth your time if you are interested in the history how modern multiplexing came to be.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://intellij-support.jetbrains.com/hc/en-us/articles/206525024-How-to-start-CLion-on-FreeBSD\" rel=\"nofollow\"\u003eHow to start CLion on FreeBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCLion (pronounced \u0026quot;sea lion\u0026quot;) is a cross-platform C and C++ IDE\u003c/li\u003e\n\u003cli\u003eBy default, the Linux version comes bundled with some binaries, which obviously won’t work with the native FreeBSD build\u003c/li\u003e\n\u003cli\u003eRather than using Linux emulation, you can replace these components with native versions\n\n\u003cul\u003e\n\u003cli\u003epkg install openjdk8 cmake gdb\u003c/li\u003e\n\u003cli\u003eEdit clion-2016.3/bin/idea.properties and change run.processes.with.pty=false\u003c/li\u003e\n\u003cli\u003eStart CLion and open Settings | Build, Execution, Deployment | Toolchains\u003c/li\u003e\n\u003cli\u003eSpecify CMake path: /usr/local/bin/cmake and GDB path: /usr/local/bin/gdb\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWithout a replacement for fsnotifier, you will get a warning that the IDE may be slow to detect changes to files on disk\u003c/li\u003e\n\u003cli\u003eBut, someone has already written a version of fsnotifier that works on FreeBSD and OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/idea4bsd/fsnotifier\" rel=\"nofollow\"\u003efsnotifier for OpenBSD and FreeBSD\u003c/a\u003e -- The fsnotifier is used by IntelliJ for detecting file changes. This version supports FreeBSD and OpenBSD via libinotify and is a replacement for the bundled Linux-only version coming with the IntelliJ IDEA Community Edition.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.trueos.org/trueos-pico/\" rel=\"nofollow\"\u003eTrueOS Pico – FreeBSD ARM/RPi Thin Clients\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/xaque208/puppet-pkgng\" rel=\"nofollow\"\u003eA Puppet package provider for FreeBSD\u0026#39;s PkgNG package manager.\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2016-November/014059.html\" rel=\"nofollow\"\u003eNotes from November London *BSD meetup\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/semibug/2016-November/000131.html\" rel=\"nofollow\"\u003eSemiBug meeting on Dec 20th\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/SMvxur9v\" rel=\"nofollow\"\u003e Erno - SSH without password\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/5ETL7nmj\" rel=\"nofollow\"\u003e Jonathan - Magical ZFS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/tSVvaV9e\" rel=\"nofollow\"\u003e George - TrueOS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/T8nUexd1\" rel=\"nofollow\"\u003e Mohammad - Jails IP\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/YssXXp70\" rel=\"nofollow\"\u003e Gibheer - BEs\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we’ve got some new info on the talks from EuroBSDCon, a look at sharing a single ZFS pool between Linux and BSD, Sandboxing and much more! Stay tuned for your place to B...SD!","date_published":"2016-11-30T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1eecd778-12f6-4789-a729-294313b152c8.mp3","mime_type":"audio/mpeg","size_in_bytes":55016500,"duration_in_seconds":4584}]},{"id":"4898747c-2845-49b3-9de1-94f72798e48c","title":"169: Scheduling your NetBSD","url":"https://www.bsdnow.tv/169","content_text":"On today’s episode, we are loaded and ready to go. Lots of OpenBSD news, a look at LetsEncrypt usage, the NetBSD scheduler (oh my) and much more. Keep it tuned to your place to B...SD!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nProduction ready\n\n\nTed Unangst brings us a piece on what it means to be Production Ready\nHe tells the story of a project he worked on that picked a framework that was “production ready”\nThey tested time zones, and it all seemed to work\nThey tested the unicode support in english and various european languages, and it was all good\nThey sent some emails with it, and it just worked\nThe framework said “Production Ready” on the tin, and it passed all the tests. What is the worst that could happen?\n\n\n\nNow, we built our product on top of this. Some of the bugs were caught internally. Others were discovered by customers, who were of course a little dismayed. Like, how could you possibly ship this? Indeed. We were doing testing, quite a bit really, but when every possible edge case has a bug, it’s hard to find them all.\n\n\n\nA customer from Arizona, which does not observe Daylight Saving Time, crashed the app\nSome less common unicode characters caused a buffer overflow\nThe email system did not properly escape a period on its own line, truncating the email\n“Egregious performance because of a naive N2 algorithm for growing a buffer.”\n“Egregious performance on some platforms due to using the wrong threading primitives.”\n“Bizarre database connection bugs for some queries that I can’t at all explain.”\n“In short, everything was “works for me” quality. But is that really production quality?”\n“There are some obvious contenders for the title of today’s most “production ready” software, but it’s a more general phenomenon. People who have success don’t know what they don’t know, what they didn’t test, what unused features will crash and burn.”\n\n\n\n\nUsing Let's Encrypt within FreeBSD.org\n\n\nI decided to give Let's Encrypt certificates a shot on my personal web servers earlier this year after a disaster with StartSSL. I'd like to share what I've learned.\n\nThe biggest gotcha is that people tend to develop bad habits when they only have to deal with certificates once a year or so. The beginning part of the process is manual and the deployment of certificates somehow never quite gets automated, or things get left out.\n\nThat all changes with Let's Encrypt certificates. Instead of 1-5 year lifetime certificates the Let's Encrypt certificates are only valid for 90 days. Most people will be wanting to renew every 60-80 days. This forces the issue - you really need to automate and make it robust.\n\nThe Let's Encrypt folks provide tools to do this for you for the common cases. You run it on the actual machine, it manages the certificates and adjusts the server configuration files for you. Their goal is to provide a baseline shake-n-bake solution. I was not willing to give that level of control to a third party tool for my own servers - and it was absolutely out of the question for for the FreeBSD.org cluster.\n\nI should probably mention that we do things on the FreeBSD.org cluster that many people would find a bit strange. The biggest problem that we have to deal with is that the traditional model of a firewall/bastion between \"us\" and \"them\" does not apply. We design for the assumption that hostile users are already on the \"inside\" of the network. The cluster is spread over 8 distinct sites with naked internet and no vpn between them. There is actually very little trust between the systems in this network - eg: ssh is for people only - no headless users can ssh. There are no passwords. Sudo can't be used. The command and control systems use signing. We don't trust anything by IPv4/IPv6 address because we have to assume MITM is a thing. And so on. In general, things are constructed to be trigger / polling / pull based.\n\nThe downside is that this makes automation and integration of Let's Encrypt clients interesting. If server configuration files can't be modified; and replicated web infrastructure is literally read-only (via jails/nullfs); and DNS zone files are static; and headless users can't ssh and therefore cannot do commits, how do you do the verification tokens in an automated fashion? Interesting, indeed.\n\nWe wanted to be able to use certificates on things like ldap and smtp servers. You can't do http file verification on those so we had to use dns validation of domains.\n\n\n\nFirst, a signing request is generated, and the acme-challenge is returned\nPeter’s post then walks through how the script adds the required TXT record to prove control of the domain, regenerates the zone file, DNSSEC signs it, and waits for it to be published, then continues the letsencrypt process.\nLetsencrypt then issues the actual certificate\n\n\n\nWe export the fullchain files into a publication location. There is another jail that can read the fullchain certificates via nullfs and they are published with our non-secrets update mechanism\n\nSince we are using DNSSEC, here is a good opportunity to maintain signed TLSA fingerprints. The catch with TLSA record updates is managing the update event horizon. You are supposed to have both fingerprints listed across the update cycle. We use 'TLSA 3 1 1' records to avoid issues with propagation delays for now. TLSA 3 0 1 changes with every renewal, while 3 1 1 only changes when you generate a new private key.\n\nThe majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. I found out the hard way.\n\n\n\nThere is a great deal more detail in the blog post, I recommend you check it out\n\n\n\n\nLearning more about the NetBSD scheduler (... than I wanted to know)\n\n\nPart 1\nPart 2\nPart 3\n\n\n\nToday I had a need to do some number crunching using a home-brewn C program. In order to do some manual load balancing, I was firing up some Amazon AWS instances (which is Xen) with NetBSD 7.0. In this case, the system was assigned two CPUs I started two instances of my program, with the intent to have each one use one CPU. Which is not what happened! Here is what I observed, and how I fixed things for now.\n\n\n~~\nload averages:  2.14,  2.08,  1.83;               up 0+00:45:56        18:01:32\n27 processes: 4 runnable, 21 sleeping, 2 on CPU\nCPU0 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle\nCPU1 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle\nMemory: 119M Act, 7940K Exec, 101M File, 3546M Free\n~~\n\n~~\nPID USERNAME PRI NICE   SIZE   RES STATE    TIME   WCPU CPU COMMAND\n2791 root   25  0  8816K  964K RUN/0    16:10 54.20% 54.20% myprog\n2845 root   26  0  8816K  964K RUN/0    17:10 47.90% 47.90% myprog\n~~\n\n\nI expected something like WCPU and CPU being around 100%, assuming that each process was bound to its own CPU. The values I actually saw (and listed above) suggested that both programs were fighting for the same CPU. Huh?! NetBSD allows to create \"processor sets\", assign CPU(s) to them and then assign processes to the processor sets. Let's have a look!\n\n\n~~\n  # psrset -c\n    1\n  # psrset -b 0 2791\n  # psrset -b 1 2845\n   load averages:  2.02,  2.05,  1.94;               up 0+00:59:32        18:15:08\n    27 processes: 1 runnable, 24 sleeping, 2 on CPU\n    CPU0 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle\n    CPU1 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle\n    Memory: 119M Act, 7940K Exec, 101M File, 3546M Free\n\n  PID USERNAME PRI NICE   SIZE   RES STATE      TIME   WCPU    CPU COMMAND\n 2845 root      25    0  8816K  964K CPU/1     26:14   100%   100% myprog\n 2791 root      25    0  8816K  964K RUN/0     25:40   100%   100% myprog\n\n\n~~\n\n\nThings are as expected now, with each program being bound to its own CPU. Now why this didn't happen by default is left as an exercise to the reader.\n\nI had another look at this today, and was able to reproduce the behaviour using VMWare Fusion with two CPU cores on both NetBSD 7.0_STABLE as well as -current\n\nThe one hint that I got so far was from Michael van Elst that there may be a rouding error in sched_balance(). Looking at the code, there is not much room for a rounding error. But I am not familiar enough (at all) with the code, so I cannot judge if crucial bits are dropped here, or how that function fits in the whole puzzle.\n\nPondering on the \"rounding error\", I've setup both VMs with 4 CPUs, and the behaviour shown there is that load is distributed to about 3 and a half CPU - three CPUs under full load, and one not reaching 100%. There's definitely something fishy in there.\n\nWith multiple CPUs, each CPU has a queue of processes that are either \"on the CPU\" (running) or waiting to be serviced (run) on that CPU. Those processes count as \"migratable\" in runqueue_t. Every now and then, the system checks all its run queues to see if a CPU is idle, and can thus \"steal\" (migrate) processes from a busy CPU. This is done in sched_balance().\n\nSuch \"stealing\" (migration) has the positive effect that the process doesn't have to wait for getting serviced on the CPU it's currently waiting on. On the other side, migrating the process has effects on CPU's data and instruction caches, so switching CPUs shouldn't be taken too easy.\n\nAll in all, I'd say the patch is a good step forward from the current situation, which does not properly distribute pure CPU hogs, at all.\n\n\n\n\nBuilding Cost-Effective 100-Gbps Firewalls for HPC with FreeBSD\n\n\nThe continuous growth of the NASA Center for Climate Simulation (NCCS) requires providing high-performance security tools and enhancing the network capacity. In order to support the requirements of emerging services, including the Advanced Data Analytics Platform (ADAPT) private cloud, the NCCS security team has proposed an architecture to provide extremely cost-effective 100-gigabit-per-second (Gbps) firewalls.\n\nThe aim of this project is to create a commodity-based platform that can process enough packets per second (pps) to sustain a 100-Gbps workload within the NCCS computational environment. The test domain consists of several existing systems within the NCCS, including switches (Dell S4084), routers (Dell R530s), servers (Dell R420s, and C6100s), and host card adapters (10-Gbps Mellanox ConnectX2 and Intel 8259 x Ethernet cards).\n\nPrevious NCCS work testing the FreeBSD operating system for high-performance routing reached a maximum of 4 million pps. Building on this work, we are comparing FreeBSD-11.0 and FreeBSD-Current along with implementing the netmap-fwd Application Programming Interface (API) and tuning the 10-gigabit Ethernet cards. We used the tools iperf3, nuttcp, and netperf to monitor the performance of the maximum bandwidth through the cards. Additional testing has involved enabling the Common Address Redundancy Protocol (CARP) to achieve an active/active architecture.\n\nThe tests have shown that at the optimally tuned and configured FreeBSD system, it is possible to create a system that can manage the huge amounts of pps needed to create a 100-Gbps firewall with commodity components.\n\n\n\nSome interesting findings: \n\n\nFreeBSD was able to send more pps as a client than Centos 6.\nNetmap-fwd increased the pps rate significantly.\nThe choice of network card can have a significant impact on pps, tuning, and netmap support.\n\n\n\n\nFurther tests will continue verifying the above results with even more capable systems-such as 40-gigabit and 100-gigabit Ethernet cards-to achieve even higher performance. In addition to hardware improvements, updates to the network capabilities in the FreeBSD-Current version will be closely monitored and applied as appropriate. The final result will be a reference architecture with representative hardware and software that will enable the NCCS to build, deploy, and efficiently maintain extremely cost-effective 100-Gbps firewalls.\n\nNetflix has already managed to saturate a 100 Gbps interface using only a single CPU Socket (rather than a dual socket server). Forwarding/routing is a bit different, but it is definitely on track to get there. Using a small number of commodity servers to firewall 100 Gbps of traffic just takes some careful planning and load balancing. Soon it will be possible using a single host.\n\n\n\n\nNews Roundup\n\niocell - A FreeBSD jail manager.\n\n\nAnother jail manager has arrived on the scene, iocell, which begins life as a fork of the “classic” iocage.\nDue to its shared heritage, it offers much of the same functionality and flags as iocage users will be familiar with.\nFor those who aren’t up to speed with either products, some of those features include: \n\n\nTemplates, clones, basejails, fully independent jails\nEase of use\nZero configuration files\nRapid thin provisioning within seconds\nAutomatic package installation\nVirtual networking stacks (vnet)\nShared IP based jails (non vnet)\nResource limits (CPU, MEMORY, DISK I/O, etc.)\nFilesystem quotas and reservations\nDedicated ZFS datasets inside jails\nTransparent ZFS snapshot management\nBinary updates\nDifferential jail packaging\nExport and import\nAnd many more!\n\nThe program makes extensive use of ZFS for performing jail operations, so a zpool will be required (But doesn’t have to be your boot-pool)\nIt still looks “very” fresh, even using original iocage filenames in the repo, so a safe guess is that you’ll be able to switch between iocage and iocell with relative ease.\n\n\n\n\nFail2ban on OpenBSD 6.0\n\n\nWe’ve used Fail2Ban in PC-BSD before, due to it’s ability to detect and block brute force attempts against a variety of services, including SSH, mail, and others. It even can work to detect jail brute force attempts, blocking IPs on the hosts firewall. \nHowever what about OpenBSD users? Well, Gordon Turner comes to the rescue today with a great writeup on deploying Fail2Ban specifically for that platform.\nNow, Fail2Ban is a python program, so you’ll need to pkg install Python first, then he provides instructions on how to manually grab the F2B sources and install on OpenBSD.\nHelpfully Gordon gives us some handy links to scripts and modifications to get F2B running via RC as well, which is a bit different since F2B has both a server and client that must run together.\nWith the installation bits out of the way, we get to next hit the “fun” stuff, which comes in the way of SSH brute force detection.\nNaturally we will be configuring F2B to use “pf” to do our actual blocking, but the examples shown give us full control over the knobs used to detect, and then ultimately call ‘pfctl’ to do our heavy lifting.\nThe last bits of the article give us a runthrough on how to “prime” pf with the correct block tables and performing basic administrative tasks to control F2B in production.\nA great article, and if you run an OpenBSD box exposed to the internet, you may want to bookmark this one.\n\n\n\n\nopenbsd changes of note\n\n\nContinuing with our OpenBSD news for the week, we have a new blog post by TedU, which gives us a bunch of notes on the things which have changed over there as of late:\nSome of the notables include:\n\n\nmcl2k2 pools and the em conversion. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They’re two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that’s 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less.\nFreeType 2.7 is prettier than ever. \nvmm for i386. Improve security. vmm is still running with a phenomenal set of privileges, but perhaps some cross-VM attacks may be limited. On the other side of the world, hyperv support is getting better. \nRemove setlocale. setlocale was sprinkled all throughout the code base many years ago, even though it did nothing, in anticipation of a day when it would do something. We’ve since decided that day will never come, and so many setlocale calls can go. \nsyspatch is coming. Lots of commits actually. Despite the name, it’s more like a system update, since it replaces entire binaries. Then again, replacing a few binaries in a system is like patching small parts of the whole. A syspatch update will be smaller than an entire release. \nThere’s a new build system. It kind of works like before, but a lot of the details have changed to support less root. Actually, it’d be accurate to say the whole build privilege system has been flipped. Start as root, which drops down to the build user to do the heavy lifting, instead of starting as a user that can elevate to root at any time. This no longer requires the build user to be pseudo-root; in fact, the goal is that the build user can’t elevate. \n\nThere’s several other items on this list, take a look for more details, and he also helpfully provides commit-links if you want to see more about any of these topics.\n\n\n\n\nIt came from Bell Labs\n\n\nA little late for a halloween episode, we have “It came from Bell Labs”, a fascinating article talking about the successor to UNIX, Plan9\n\n\n\nThere was once an operating system that was intended to be the successor to Unix. Plan 9 From Bell Labs was its name, and playing with it for five minutes is like visiting an alternate dimension where computers are done differently. It was so ahead of its time that it would be considered cutting edge, even today. Find out the weird and woolly history to Plan Nine’s inception and eventual consignment as a footnote of operating systems today.\n\n\n\nSo, if you’ve never heard of Plan 9, how did it exactly differ from the UNIX we know and love today?\n\n\n\nHere’s just a few of the key features under Plan 9’s hood + 9P – The distributed file system protocol. Everything runs through this, there is no escaping it. Since everything runs on top of 9P, that makes everything running on a Plan 9 box distributed as well. This means, for example, you can import /dev/audio from another machine on the network to use its sound card when your own machine doesn’t have one. + ndb – The namespace server. In conjunction with 9P, it bosses all the programs around and forces them to comply to the Plan 9 way. + Instead of Unix sockets, all the networking just runs through 9P. Thus, everything from ethernet packets to network cards are all just one more kind of file. + While Unicode is implemented ad-hoc in other systems, it’s baked into Plan 9 from the first int main(). In fact, even users who don’t like Plan 9 have to admit that the character encoding support, together with the beautiful built-in rio font, makes every other operating system look primitive. + The system’s own internal programs are built to be a rounded set of user tools from the ground up. So, for instance, it comes with its own editor, acme, built to be its own weird morphing thing that plays nice with the 9P protocol.\n\n\n\nSounds neat, but how did it work in the real world?\n\n\n\nThe result was a mixture of both breathtaking efficiency and alienating other-worldliness. Trying out the system is like a visit to an alternate reality where time-traveling gremlins changed how computers are made and used. You can execute anycommand anywhere just by typing its name and middle-clicking on it, even in the middle of reading a file. You can type out your blog post in the middle of a man page and save it right there. Screenshots are made by pointing /dev/screen to a file. When you execute a program in a terminal, the terminal morphs into the program you launched instead of running in the background. The window manager, rio, can be invoked within rio to create an instance of itself running inside itself. You can just keep going like that, until, like Inception, you get lost in which layer you’re in. Get used to running Plan 9 long enough, and you will find yourself horribly ill-adapted for dealing with the normal world.\n\nWhile system administrators can’t stop praising it, the average home user won’t see much benefit unless they happen to run about eight desktop machines scattered all over. But to quote legendary hacker tribal bard Eric S. Raymond: “…Plan 9 failed simply because it fell short of being a compelling enough improvement on Unix to displace its ancestor.”\n\n\n\nA fascinating article, worth your time to read it through, even though we’ve pulled some of the best bits here. Nice look at the alternative dimension that could have been.\n\n\n\n\nBeastie Bits\n\n\ninks -- Basically Reddit or Hacker News, but without the disagreeable trolls and military industrial complex shills downvoting everything to hide the truth\n“PAM is Un-American” talk now online\nReddit advertising of “PAM Mastery”\nMeetBSD 2016 Report by Michael Dexter\nVarious CBSD Tutorials\n\n\n\n\nFeedback/Questions\n\n\nDylan - Kaltura Alt\nScott - ZFS in Low-Mem\nJ - Mixing Ports / Pkgs \nTrenton - Dtract \u0026amp; PC-BSD\nIvan - ZFS Backups\n\n\n\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eOn today’s episode, we are loaded and ready to go. Lots of OpenBSD news, a look at LetsEncrypt usage, the NetBSD scheduler (oh my) and much more. Keep it tuned to your place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/production-ready\" rel=\"nofollow\"\u003eProduction ready\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst brings us a piece on what it means to be Production Ready\u003c/li\u003e\n\u003cli\u003eHe tells the story of a project he worked on that picked a framework that was “production ready”\u003c/li\u003e\n\u003cli\u003eThey tested time zones, and it all seemed to work\u003c/li\u003e\n\u003cli\u003eThey tested the unicode support in english and various european languages, and it was all good\u003c/li\u003e\n\u003cli\u003eThey sent some emails with it, and it just worked\u003c/li\u003e\n\u003cli\u003eThe framework said “Production Ready” on the tin, and it passed all the tests. What is the worst that could happen?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNow, we built our product on top of this. Some of the bugs were caught internally. Others were discovered by customers, who were of course a little dismayed. Like, how could you possibly ship this? Indeed. We were doing testing, quite a bit really, but when every possible edge case has a bug, it’s hard to find them all.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA customer from Arizona, which does not observe Daylight Saving Time, crashed the app\u003c/li\u003e\n\u003cli\u003eSome less common unicode characters caused a buffer overflow\u003c/li\u003e\n\u003cli\u003eThe email system did not properly escape a period on its own line, truncating the email\u003c/li\u003e\n\u003cli\u003e“Egregious performance because of a naive N\u003csup\u003e2\u003c/sup\u003e algorithm for growing a buffer.”\u003c/li\u003e\n\u003cli\u003e“Egregious performance on some platforms due to using the wrong threading primitives.”\u003c/li\u003e\n\u003cli\u003e“Bizarre database connection bugs for some queries that I can’t at all explain.”\u003c/li\u003e\n\u003cli\u003e“In short, everything was “works for me” quality. But is that really production quality?”\u003c/li\u003e\n\u003cli\u003e“There are some obvious contenders for the title of today’s most “production ready” software, but it’s a more general phenomenon. People who have success don’t know what they don’t know, what they didn’t test, what unused features will crash and burn.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.crashed.org/letsencrypt-in-freebsd-org/\" rel=\"nofollow\"\u003eUsing Let\u0026#39;s Encrypt within FreeBSD.org\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI decided to give Let\u0026#39;s Encrypt certificates a shot on my personal web servers earlier this year after a disaster with StartSSL. I\u0026#39;d like to share what I\u0026#39;ve learned.\u003c/p\u003e\n\n\u003cp\u003eThe biggest gotcha is that people tend to develop bad habits when they only have to deal with certificates once a year or so. The beginning part of the process is manual and the deployment of certificates somehow never quite gets automated, or things get left out.\u003c/p\u003e\n\n\u003cp\u003eThat all changes with Let\u0026#39;s Encrypt certificates. Instead of 1-5 year lifetime certificates the Let\u0026#39;s Encrypt certificates are only valid for 90 days. Most people will be wanting to renew every 60-80 days. This forces the issue - you really need to automate and make it robust.\u003c/p\u003e\n\n\u003cp\u003eThe Let\u0026#39;s Encrypt folks provide tools to do this for you for the common cases. You run it on the actual machine, it manages the certificates and adjusts the server configuration files for you. Their goal is to provide a baseline shake-n-bake solution. I was not willing to give that level of control to a third party tool for my own servers - and it was absolutely out of the question for for the FreeBSD.org cluster.\u003c/p\u003e\n\n\u003cp\u003eI should probably mention that we do things on the FreeBSD.org cluster that many people would find a bit strange. The biggest problem that we have to deal with is that the traditional model of a firewall/bastion between \u0026quot;us\u0026quot; and \u0026quot;them\u0026quot; does not apply. We design for the assumption that hostile users are already on the \u0026quot;inside\u0026quot; of the network. The cluster is spread over 8 distinct sites with naked internet and no vpn between them. There is actually very little trust between the systems in this network - eg: ssh is for people only - no headless users can ssh. There are no passwords. Sudo can\u0026#39;t be used. The command and control systems use signing. We don\u0026#39;t trust anything by IPv4/IPv6 address because we have to assume MITM is a thing. And so on. In general, things are constructed to be trigger / polling / pull based.\u003c/p\u003e\n\n\u003cp\u003eThe downside is that this makes automation and integration of Let\u0026#39;s Encrypt clients interesting. If server configuration files can\u0026#39;t be modified; and replicated web infrastructure is literally read-only (via jails/nullfs); and DNS zone files are static; and headless users can\u0026#39;t ssh and therefore cannot do commits, how do you do the verification tokens in an automated fashion? Interesting, indeed.\u003c/p\u003e\n\n\u003cp\u003eWe wanted to be able to use certificates on things like ldap and smtp servers. You can\u0026#39;t do http file verification on those so we had to use dns validation of domains.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirst, a signing request is generated, and the acme-challenge is returned\u003c/li\u003e\n\u003cli\u003ePeter’s post then walks through how the script adds the required TXT record to prove control of the domain, regenerates the zone file, DNSSEC signs it, and waits for it to be published, then continues the letsencrypt process.\u003c/li\u003e\n\u003cli\u003eLetsencrypt then issues the actual certificate\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe export the fullchain files into a publication location. There is another jail that can read the fullchain certificates via nullfs and they are published with our non-secrets update mechanism\u003c/p\u003e\n\n\u003cp\u003eSince we are using DNSSEC, here is a good opportunity to maintain signed TLSA fingerprints. The catch with TLSA record updates is managing the update event horizon. You are supposed to have both fingerprints listed across the update cycle. We use \u0026#39;TLSA 3 1 1\u0026#39; records to avoid issues with propagation delays for now. TLSA 3 0 1 changes with every renewal, while 3 1 1 only changes when you generate a new private key.\u003c/p\u003e\n\n\u003cp\u003eThe majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. I found out the hard way.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is a great deal more detail in the blog post, I recommend you check it out\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eLearning more about the NetBSD scheduler (... than I wanted to know)\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20161105_1754.html\" rel=\"nofollow\"\u003ePart 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20161109_0059.html\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20161113_0122.html\" rel=\"nofollow\"\u003ePart 3\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eToday I had a need to do some number crunching using a home-brewn C program. In order to do some manual load balancing, I was firing up some Amazon AWS instances (which is Xen) with NetBSD 7.0. In this case, the system was assigned two CPUs I started two instances of my program, with the intent to have each one use one CPU. Which is not what happened! Here is what I observed, and how I fixed things for now.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e~~\u003cbr\u003e\nload averages:  2.14,  2.08,  1.83;               up 0+00:45:56        18:01:32\u003cbr\u003e\n27 processes: 4 runnable, 21 sleeping, 2 on CPU\u003cbr\u003e\nCPU0 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle\u003cbr\u003e\nCPU1 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle\u003cbr\u003e\nMemory: 119M Act, 7940K Exec, 101M File, 3546M Free\u003cbr\u003e\n~~\u003c/p\u003e\n\n\u003cp\u003e~~\u003cbr\u003e\nPID USERNAME PRI NICE   SIZE   RES STATE    TIME   WCPU CPU COMMAND\u003cbr\u003e\n2791 root   25  0  8816K  964K RUN/0    16:10 54.20% 54.20% myprog\u003cbr\u003e\n2845 root   26  0  8816K  964K RUN/0    17:10 47.90% 47.90% myprog\u003cbr\u003e\n~~\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI expected something like WCPU and CPU being around 100%, assuming that each process was bound to its own CPU. The values I actually saw (and listed above) suggested that both programs were fighting for the same CPU. Huh?! NetBSD allows to create \u0026quot;processor sets\u0026quot;, assign CPU(s) to them and then assign processes to the processor sets. Let\u0026#39;s have a look!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e~~\u003cbr\u003e\n  # psrset -c\u003cbr\u003e\n    1\u003cbr\u003e\n  # psrset -b 0 2791\u003cbr\u003e\n  # psrset -b 1 2845\u003cbr\u003e\n   load averages:  2.02,  2.05,  1.94;               up 0+00:59:32        18:15:08\u003cbr\u003e\n    27 processes: 1 runnable, 24 sleeping, 2 on CPU\u003cbr\u003e\n    CPU0 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle\u003cbr\u003e\n    CPU1 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle\u003cbr\u003e\n    Memory: 119M Act, 7940K Exec, 101M File, 3546M Free\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode\u003e  PID USERNAME PRI NICE   SIZE   RES STATE      TIME   WCPU    CPU COMMAND\n 2845 root      25    0  8816K  964K CPU/1     26:14   100%   100% myprog\n 2791 root      25    0  8816K  964K RUN/0     25:40   100%   100% myprog\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003e~~\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThings are as expected now, with each program being bound to its own CPU. Now why this didn\u0026#39;t happen by default is left as an exercise to the reader.\u003c/p\u003e\n\n\u003cp\u003eI had another look at this today, and was able to reproduce the behaviour using VMWare Fusion with two CPU cores on both NetBSD 7.0_STABLE as well as -current\u003c/p\u003e\n\n\u003cp\u003eThe one hint that I got so far was from Michael van Elst that there may be a rouding error in sched_balance(). Looking at the code, there is not much room for a rounding error. But I am not familiar enough (at all) with the code, so I cannot judge if crucial bits are dropped here, or how that function fits in the whole puzzle.\u003c/p\u003e\n\n\u003cp\u003ePondering on the \u0026quot;rounding error\u0026quot;, I\u0026#39;ve setup both VMs with 4 CPUs, and the behaviour shown there is that load is distributed to about 3 and a half CPU - three CPUs under full load, and one not reaching 100%. There\u0026#39;s definitely something fishy in there.\u003c/p\u003e\n\n\u003cp\u003eWith multiple CPUs, each CPU has a queue of processes that are either \u0026quot;on the CPU\u0026quot; (running) or waiting to be serviced (run) on that CPU. Those processes count as \u0026quot;migratable\u0026quot; in runqueue_t. Every now and then, the system checks all its run queues to see if a CPU is idle, and can thus \u0026quot;steal\u0026quot; (migrate) processes from a busy CPU. This is done in sched_balance().\u003c/p\u003e\n\n\u003cp\u003eSuch \u0026quot;stealing\u0026quot; (migration) has the positive effect that the process doesn\u0026#39;t have to wait for getting serviced on the CPU it\u0026#39;s currently waiting on. On the other side, migrating the process has effects on CPU\u0026#39;s data and instruction caches, so switching CPUs shouldn\u0026#39;t be taken too easy.\u003c/p\u003e\n\n\u003cp\u003eAll in all, I\u0026#39;d say the patch is a good step forward from the current situation, which does not properly distribute pure CPU hogs, at all.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.nas.nasa.gov/SC16/demos/demo9.html\" rel=\"nofollow\"\u003eBuilding Cost-Effective 100-Gbps Firewalls for HPC with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe continuous growth of the NASA Center for Climate Simulation (NCCS) requires providing high-performance security tools and enhancing the network capacity. In order to support the requirements of emerging services, including the Advanced Data Analytics Platform (ADAPT) private cloud, the NCCS security team has proposed an architecture to provide extremely cost-effective 100-gigabit-per-second (Gbps) firewalls.\u003c/p\u003e\n\n\u003cp\u003eThe aim of this project is to create a commodity-based platform that can process enough packets per second (pps) to sustain a 100-Gbps workload within the NCCS computational environment. The test domain consists of several existing systems within the NCCS, including switches (Dell S4084), routers (Dell R530s), servers (Dell R420s, and C6100s), and host card adapters (10-Gbps Mellanox ConnectX2 and Intel 8259 x Ethernet cards).\u003c/p\u003e\n\n\u003cp\u003ePrevious NCCS work testing the FreeBSD operating system for high-performance routing reached a maximum of 4 million pps. Building on this work, we are comparing FreeBSD-11.0 and FreeBSD-Current along with implementing the netmap-fwd Application Programming Interface (API) and tuning the 10-gigabit Ethernet cards. We used the tools iperf3, nuttcp, and netperf to monitor the performance of the maximum bandwidth through the cards. Additional testing has involved enabling the Common Address Redundancy Protocol (CARP) to achieve an active/active architecture.\u003c/p\u003e\n\n\u003cp\u003eThe tests have shown that at the optimally tuned and configured FreeBSD system, it is possible to create a system that can manage the huge amounts of pps needed to create a 100-Gbps firewall with commodity components.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome interesting findings: \n\n\u003cul\u003e\n\u003cli\u003eFreeBSD was able to send more pps as a client than Centos 6.\u003c/li\u003e\n\u003cli\u003eNetmap-fwd increased the pps rate significantly.\u003c/li\u003e\n\u003cli\u003eThe choice of network card can have a significant impact on pps, tuning, and netmap support.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFurther tests will continue verifying the above results with even more capable systems-such as 40-gigabit and 100-gigabit Ethernet cards-to achieve even higher performance. In addition to hardware improvements, updates to the network capabilities in the FreeBSD-Current version will be closely monitored and applied as appropriate. The final result will be a reference architecture with representative hardware and software that will enable the NCCS to build, deploy, and efficiently maintain extremely cost-effective 100-Gbps firewalls.\u003c/p\u003e\n\n\u003cp\u003eNetflix has already managed to saturate a 100 Gbps interface using only a single CPU Socket (rather than a dual socket server). Forwarding/routing is a bit different, but it is definitely on track to get there. Using a small number of commodity servers to firewall 100 Gbps of traffic just takes some careful planning and load balancing. Soon it will be possible using a single host.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/bartekrutkowski/iocell\" rel=\"nofollow\"\u003eiocell - A FreeBSD jail manager.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother jail manager has arrived on the scene, iocell, which begins life as a fork of the “classic” iocage.\u003c/li\u003e\n\u003cli\u003eDue to its shared heritage, it offers much of the same functionality and flags as iocage users will be familiar with.\u003c/li\u003e\n\u003cli\u003eFor those who aren’t up to speed with either products, some of those features include: \n\n\u003cul\u003e\n\u003cli\u003eTemplates, clones, basejails, fully independent jails\u003c/li\u003e\n\u003cli\u003eEase of use\u003c/li\u003e\n\u003cli\u003eZero configuration files\u003c/li\u003e\n\u003cli\u003eRapid thin provisioning within seconds\u003c/li\u003e\n\u003cli\u003eAutomatic package installation\u003c/li\u003e\n\u003cli\u003eVirtual networking stacks (vnet)\u003c/li\u003e\n\u003cli\u003eShared IP based jails (non vnet)\u003c/li\u003e\n\u003cli\u003eResource limits (CPU, MEMORY, DISK I/O, etc.)\u003c/li\u003e\n\u003cli\u003eFilesystem quotas and reservations\u003c/li\u003e\n\u003cli\u003eDedicated ZFS datasets inside jails\u003c/li\u003e\n\u003cli\u003eTransparent ZFS snapshot management\u003c/li\u003e\n\u003cli\u003eBinary updates\u003c/li\u003e\n\u003cli\u003eDifferential jail packaging\u003c/li\u003e\n\u003cli\u003eExport and import\u003c/li\u003e\n\u003cli\u003eAnd many more!\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe program makes extensive use of ZFS for performing jail operations, so a zpool will be required (But doesn’t have to be your boot-pool)\u003c/li\u003e\n\u003cli\u003eIt still looks “very” fresh, even using original iocage filenames in the repo, so a safe guess is that you’ll be able to switch between iocage and iocell with relative ease.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.gordonturner.ca/2016/11/20/fail2ban-on-openbsd-6-0/\" rel=\"nofollow\"\u003eFail2ban on OpenBSD 6.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve used Fail2Ban in PC-BSD before, due to it’s ability to detect and block brute force attempts against a variety of services, including SSH, mail, and others. It even can work to detect jail brute force attempts, blocking IPs on the hosts firewall. \u003c/li\u003e\n\u003cli\u003eHowever what about OpenBSD users? Well, Gordon Turner comes to the rescue today with a great writeup on deploying Fail2Ban specifically for that platform.\u003c/li\u003e\n\u003cli\u003eNow, Fail2Ban is a python program, so you’ll need to pkg install Python first, then he provides instructions on how to manually grab the F2B sources and install on OpenBSD.\u003c/li\u003e\n\u003cli\u003eHelpfully Gordon gives us some handy links to scripts and modifications to get F2B running via RC as well, which is a bit different since F2B has both a server and client that must run together.\u003c/li\u003e\n\u003cli\u003eWith the installation bits out of the way, we get to next hit the “fun” stuff, which comes in the way of SSH brute force detection.\u003c/li\u003e\n\u003cli\u003eNaturally we will be configuring F2B to use “pf” to do our actual blocking, but the examples shown give us full control over the knobs used to detect, and then ultimately call ‘pfctl’ to do our heavy lifting.\u003c/li\u003e\n\u003cli\u003eThe last bits of the article give us a runthrough on how to “prime” pf with the correct block tables and performing basic administrative tasks to control F2B in production.\u003c/li\u003e\n\u003cli\u003eA great article, and if you run an OpenBSD box exposed to the internet, you may want to bookmark this one.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/openbsd-changes-of-note\" rel=\"nofollow\"\u003eopenbsd changes of note\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eContinuing with our OpenBSD news for the week, we have a new blog post by TedU, which gives us a bunch of notes on the things which have changed over there as of late:\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSome of the notables include:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003emcl2k2 pools\u003c/em\u003e and the \u003cem\u003eem conversion\u003c/em\u003e. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They’re two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that’s 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cem\u003eFreeType 2.7 is prettier than ever\u003c/em\u003e. \u003c/li\u003e\n\u003cli\u003e\u003cem\u003evmm for i386\u003c/em\u003e. \u003cem\u003eImprove security\u003c/em\u003e. vmm is still running with a phenomenal set of privileges, but perhaps some cross-VM attacks may be limited. On the other side of the world, \u003cem\u003ehyperv support is getting better\u003c/em\u003e. \u003c/li\u003e\n\u003cli\u003e\u003cem\u003eRemove setlocale\u003c/em\u003e. setlocale was sprinkled all throughout the code base many years ago, even though it did nothing, in anticipation of a day when it would do something. We’ve since decided that day will never come, and so many setlocale calls can go. \u003c/li\u003e\n\u003cli\u003e\u003cem\u003esyspatch is coming\u003c/em\u003e. Lots of commits actually. Despite the name, it’s more like a system update, since it replaces entire binaries. Then again, replacing a few binaries in a system is like patching small parts of the whole. A syspatch update will be smaller than an entire release. \u003c/li\u003e\n\u003cli\u003e\u003cem\u003eThere’s a new build system\u003c/em\u003e. It kind of works like before, but a lot of the details have changed to support less root. Actually, it’d be accurate to say the whole build privilege system has been flipped. Start as root, which drops down to the build user to do the heavy lifting, instead of starting as a user that can elevate to root at any time. This no longer requires the build user to be pseudo-root; in fact, the goal is that the build user can’t elevate. \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThere’s several other items on this list, take a look for more details, and he also helpfully provides commit-links if you want to see more about any of these topics.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://media.bemyapp.com/came-bell-labs/#\" rel=\"nofollow\"\u003eIt came from Bell Labs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA little late for a halloween episode, we have “It came from Bell Labs”, a fascinating article talking about the successor to UNIX, Plan9\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThere was once an operating system that was intended to be the successor to Unix. Plan 9 From Bell Labs was its name, and playing with it for five minutes is like visiting an alternate dimension where computers are done differently. It was so ahead of its time that it would be considered cutting edge, even today. Find out the weird and woolly history to Plan Nine’s inception and eventual consignment as a footnote of operating systems today.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo, if you’ve never heard of Plan 9, how did it exactly differ from the UNIX we know and love today?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eHere’s just a few of the key features under Plan 9’s hood + 9P – The distributed file system protocol. Everything runs through this, there is no escaping it. Since everything runs on top of 9P, that makes everything running on a Plan 9 box distributed as well. This means, for example, you can import /dev/audio from another machine on the network to use its sound card when your own machine doesn’t have one. + ndb – The namespace server. In conjunction with 9P, it bosses all the programs around and forces them to comply to the Plan 9 way. + Instead of Unix sockets, all the networking just runs through 9P. Thus, everything from ethernet packets to network cards are all just one more kind of file. + While Unicode is implemented ad-hoc in other systems, it’s baked into Plan 9 from the first int main(). In fact, even users who don’t like Plan 9 have to admit that the character encoding support, together with the beautiful built-in rio font, makes every other operating system look primitive. + The system’s own internal programs are built to be a rounded set of user tools from the ground up. So, for instance, it comes with its own editor, acme, built to be its own weird morphing thing that plays nice with the 9P protocol.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSounds neat, but how did it work in the real world?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe result was a mixture of both breathtaking efficiency and alienating other-worldliness. Trying out the system is like a visit to an alternate reality where time-traveling gremlins changed how computers are made and used. You can execute anycommand anywhere just by typing its name and middle-clicking on it, even in the middle of reading a file. You can type out your blog post in the middle of a man page and save it right there. Screenshots are made by pointing /dev/screen to a file. When you execute a program in a terminal, the terminal morphs into the program you launched instead of running in the background. The window manager, rio, can be invoked within rio to create an instance of itself running inside itself. You can just keep going like that, until, like Inception, you get lost in which layer you’re in. Get used to running Plan 9 long enough, and you will find yourself horribly ill-adapted for dealing with the normal world.\u003c/p\u003e\n\n\u003cp\u003eWhile system administrators can’t stop praising it, the average home user won’t see much benefit unless they happen to run about eight desktop machines scattered all over. But to quote legendary hacker tribal bard Eric S. Raymond: “…Plan 9 failed simply because it fell short of being a compelling enough improvement on Unix to displace its ancestor.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA fascinating article, worth your time to read it through, even though we’ve pulled some of the best bits here. Nice look at the alternative dimension that could have been.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/inks\" rel=\"nofollow\"\u003einks -- Basically Reddit or Hacker News, but without the disagreeable trolls and military industrial complex shills downvoting everything to hide the truth\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://youtu.be/Mc2p6sx2s7k\" rel=\"nofollow\"\u003e“PAM is Un-American” talk now online\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2818\" rel=\"nofollow\"\u003eReddit advertising of “PAM Mastery”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/meetbsd-2016-report-michael-dexter/\" rel=\"nofollow\"\u003eMeetBSD 2016 Report by Michael Dexter\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.bsdstore.ru/en/tutorial.html\" rel=\"nofollow\"\u003eVarious CBSD Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/6B96pVcm\" rel=\"nofollow\"\u003eDylan - Kaltura Alt\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Hrp8qwkP\" rel=\"nofollow\"\u003eScott - ZFS in Low-Mem\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/85q4Q3Xx\" rel=\"nofollow\"\u003eJ - Mixing Ports / Pkgs\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/RFKY0ERs\" rel=\"nofollow\"\u003eTrenton - Dtract \u0026amp; PC-BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/31uqW6vW\" rel=\"nofollow\"\u003eIvan - ZFS Backups\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003cul\u003e\n\u003cli\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"On today’s episode, we are loaded and ready to go. Lots of OpenBSD news, a look at LetsEncrypt usage, the NetBSD scheduler (oh my) and much more. Keep it tuned to your place to B...SD!","date_published":"2016-11-23T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4898747c-2845-49b3-9de1-94f72798e48c.mp3","mime_type":"audio/mpeg","size_in_bytes":63095476,"duration_in_seconds":5257}]},{"id":"776e1141-a95a-47ca-b5cd-308ad59d32f9","title":"168: The Post Show Show","url":"https://www.bsdnow.tv/168","content_text":"This week on BSDNow. Allan and I are back from MeetBSD! A good time was had by all, lots to discuss, so let’s jump right into it on your place to B...SD!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBuild a FreeBSD 11.0-release Openstack Image with bsd-cloudinit\n\n\nWe are going to prepare a FreeBSD image for Openstack deployment. We do this by creating a FreeBSD 11.0-RELEASE instance, installing it and converting it using bsd-cloudinit. We'll use the CloudVPS public Openstack cloud for this. Create an account there and install the Openstack command line tools, like nova, cinder and glance.\n\nA FreeBSD image with Cloud Init will automatically resize the disk to the size of the flavor and it will add your SSH key right at boot. You can use Cloud Config to execute a script at first boot, for example, to bootstrap your system into Puppet or Ansible. If you use Ansible to manage OpenStack instances you can integrate it without manually logging in or doing anything manually.\n\nSince FreeBSD 10.2-RELEASE there is an rc script which, when the file /firstboot exists, expands the root filesystem to the full disk. While bsd-cloudinit does this as well, if you don't need the whole cloudinit stack, (when you use a static ssh key for example), you can touch that file to make sure the disk is expanded at the first boot\n\n\n\nA detailed tutorial that shows how to create customized cloud images using the FreeBSD install media\nThere is also the option of using the FreeBSD release tools to build custom cloud images in a more headless fashion\nSomeone should make a tutorial out of that\n***\n\n\niXsystems Announces TrueOS Launch\n\n\nAs loyal listeners to this show, you’ve no doubt heard by now that we are in the middle of undergoing a shift in moving PC-BSD -\u0026gt; TrueOS.\nLast week during MeetBSD this was made “official” with iX issuing our press release and I was able to give a talk detailing many of the reasons and things going on with this change.\nThe talk should be available online here soon(ish), but for a quick recap:\nTrueOS is moving to a rolling-release model based on FreeBSD -CURRENT\nLumina has become the default desktop for TrueOS\nLibreSSL is enabled top to bottom\nWe are in the middle of working on conversion to OpenRC for run-control replacement\nThe TrueOS pico was announced, which is our “Thin-Client” solution, right now allowing you to use a TrueOS server pared with a RPI2 device. \n***\n\n\nRunning FreeBSD 11 on Raspberry Pi\n\n\nThis article covers some of the changes you will notice if you upgrade your RPI to FreeBSD 11.0\nIt covers some of the changes to WiFi in 11.0\nPro Tip: you can get a list of WiFi devices by doing: sysctl net.wlan.devices\nThere are official binary packages for ARM with 11.0, so you can just ‘pkg install’ your favourite apps\nMany of the LEDs are exposed via the /dev/led/ interface, which you can just echo 0 or 1 to, or use morse(6) to send a message\ngpioctl can be used to control the various GPIO pins\nThe post also covers how to setup the real-time clock on the Raspberry Pi\nThere is also limited support for adjusting the CPU frequency of the Pi\nThere are also tips on configuring a one-wire temperature sensor\n***\n\n\nvoid-zones-tools for FreeBSD\n\n\nAdblock has been in the news a bit recently, with some of the more popular browser plugins now accepting brib...contributions to permit specific ads through.\nWell today the ad-blockers strike back. We have a great tutorial up on GitHub which demonstrates one of the useful features of using Unbound in FreeBSD to do your own ad-blocking with void-zones.\nSpecifically, void-zones are a way to return NXDOMAIN when DNS requests are made to known malicious or spam sites.\nUsing void-zones-tools software will make managing this easy, by being able to pull in known lists of sites to block from several 3rd party curators.\nWhen coupled with our past tutorials on setting up your own FreeBSD router, this may become very useful for a lot of folks who want to do ad-blocking ad at a lower level, allowing it to filter smart-phones or any other devices on a network.\n***\n\n\nNews Roundup\n\nBSD Socket API Revamp\n\n\nMartin Sustrik has started a draft RFC to revamp the BSD Sockets API:\n\n\n\nThe progress in the area of network protocols is distinctively lagging behind.  While every hobbyist new to the art of programming writes and publishes their small JavaScript libraries, there's no such thing going on with network protocols.  Indeed, it looks like the field of network protocols is dominated by big companies and academia, just like programming as a whole used to be before the advent of personal computers.\n\nthe API proposed in this document doesn't try to virtualize all possible aspects of all possible protocols and provide a single set of functions to deal with all of them.  Instead, it acknowledges how varied the protocol landscape is and how much the requirements for individual protocols differ.  Therefore, it lets each protocol define its own API and asks only for bare minimum of standardised behaviour needed to implement protocol composability.\n\nAs a consequence, the new API is much more lightweight and flexible than BSD socket API and allows to decompose today's monolithic protocol monsters into small single-purpose microprotocols that can be easily combined together to achieve desired functionality.\n\n\n\nThe idea behind the new design is to allow the software author to define their own protocols via a generic interface, and easily stack them on top of the existing network protocols, be they the basic protocols like TCP/IP, or a layer 7 protocol like HTTP\n   Example of creating a stack of four protocols:\n~~\n   int s1 = tcp_connect(\"192.168.0.111:5555\");\n   int s2 = foo_start(s1, arg1, arg2, arg3);\n   int s3 = bar_start(s2);\n   int s4 = baz_start(s3, arg4, arg5);\n~~\nIt also allows applying generic transformations to the protocols:\n~~\n   int tcps = tcp_connect(\"192.168.0.111:80\");\n   /* Websockets is a connected protocol. /\n   int ws = websock_connect(tcps);\n   uint16_t compression_algoritm;\n   mrecv(ws, \u0026amp;compression_algorithm, 2, -1);\n   / Compression socket is unconnected. /\n   int cs = compress_start(ws, compression_algorithm);\n~~\n**\n\n\nUpdated version of re(4) for DragonflyBSD\n\n\nSephe over at the Dragonfly project has issued a CFT for a newer version of the “re” driver\nFor those who don’t know, that is for Realtek nics, specifically his updates add features:\n\n\n\nI have made an updated version of re(4), which leverages Realtek driver's chip/PHY reset/initialization code.  I hope it can resolve all kinds of weirdness we encountered on this chip so far.\n\n\n\nTesters, you know what to do! Give this a whirl and let him know if you run into any new issues, or better yet, give feedback if it fixes some long-standing problems you’ve run into in the past.\n***\n\n\nHackathon reports from OpenBSD’s B2K16\n\n\nb2k16 hackathon report: Jeremy Evans on ports cleaning, progress on postgres, nginx, ruby and more\nb2k16 hackathon report: Landry Breuil on various ports progress\nb2k16 hackathon report: Antoine Jacoutot on GNOME's path forward, various ports progress\nWe have a trio of hackathon reports from OpenBSD’s B2K16 (Recently held in Budapest)\nFirst up - Jeremy Evans give us his rundown which starts with sweeping some of the cruft out of the barn:\n\n\n\nI started off b2k16 by channeling tedu@, and removing a lot of ports, including lang/ruby/2.0, lang/io, convertors/ruby-json, databases/dbic++, databases/ruby-swift, databases/ruby-jdbc-*, x11/ruby-profiligacy, and mail/ruby-mailfactory.\n\n\n\nAfter that, he talks about improvements made to postgres, nginx and ruby ports, fixing things such as pg_upgrade support, breaking nginx down into sub-packages and a major ruby update to about 50% of the packages.\nNext up - Landry Breuil tells us about his trip, which also started with some major ports pruning, including some stale XFCE bits and drupal6. \nOne of the things he mentions is the Tor browser:\n\n\n\nFound finally some time again to review properly the pending port for Tor Browser, even if i don't like the way it is developed (600+ patches against upstream firefox-esr !? even if relationship is improving..) nor will endorse its use, i feel that the time that was spent on porting it and updating it and maintaining it shouldn't be lost, and it should get commited - there are only some portswise minor tweaks to fix. Had a bit of discussions about that with other porters... \n\n\n\nLastly, Antoine Jacoutot gives us a smaller update on his work:\n\n\n\nFirst task of this hackathon was for Jasper and I to upgrade to GNOME 3.22.1 (version 3.22.2 hit the ports tree since). As usual I already updated the core libraries a few days before so that we could start with a nice set of fully updated packages. It ended up being the fastest GNOME update ever, it all went very smoothly. We're still debating the future of GNOME on OpenBSD though. More and more features require systemd interfaces and without a replacement it may not make sense to keep it around. Implementing these interfaces requires time which Jasper and I don't really have these days... Anyway, we'll see.\n\n\n\nAll-n-all, a good trip it sounds like with some much needed hacking taking place. Good to see the cruft getting cleaned up, along with some new exciting ports landing.\n***\n\n\nJuly to September 2016 Status Report\n\n\nThe latest FreeBSD quarterly status report is out\nIt includes the induction of the new Core team, and reports from all of the other teams, including Release Engineering, Port Manager, and the FreeBSD Foundation\nSome other highlights:\nCapsicum Update\n\n\nThe Graphics Stack on FreeBSD\nUsing lld, the LLVM Linker, to Link FreeBSD\nVirtualBox Shared Folders Filesystem\n\nevdev support (better mouse, keyboard, and multi-touch support)\n\n\nZFS Code Sync with Latest OpenZFS/Illumos\n\n\nThe ARC now mostly stores compressed data, the same as is stored on disk, decompressing them on demand.\nThe L2ARC now stores the same (compressed) data as the ARC without recompression, and its RAM usage was further reduced.\nThe largest size of indirect block possible has been increased from 16KB to 128KB, and speculative prefetching of indirect blocks is now performed.\n\n\nImproved ordering of space allocation.\nThe SHA-512t256 and Skein hashing algorithms are now supported.\n***\n\n\nBeastie Bits\n\n\nHow to Host Your Own Private GitHub with Gogs\nNvidia Adds Telemetry To Latest Drivers\nKnoxBUG Upcoming Meeting \n\n\n\n\nFeedback/Questions\n\n\n William - Show Music \n Ray - Mounting a Cell Phone \n Ron - TrueOS + Radeon  (Follow-up - He used nvidia card)\n Kurt - ZFS Migration \n Matt Dillon (Yes that Matt Dillon) - vkernels \n***\n","content_html":"\u003cp\u003eThis week on BSDNow. Allan and I are back from MeetBSD! A good time was had by all, lots to discuss, so let’s jump right into it on your place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://raymii.org/s/tutorials/FreeBSD_11.0-release_Openstack_Image.html\" rel=\"nofollow\"\u003eBuild a FreeBSD 11.0-release Openstack Image with bsd-cloudinit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWe are going to prepare a FreeBSD image for Openstack deployment. We do this by creating a FreeBSD 11.0-RELEASE instance, installing it and converting it using bsd-cloudinit. We\u0026#39;ll use the CloudVPS public Openstack cloud for this. Create an account there and install the Openstack command line tools, like nova, cinder and glance.\u003c/p\u003e\n\n\u003cp\u003eA FreeBSD image with Cloud Init will automatically resize the disk to the size of the flavor and it will add your SSH key right at boot. You can use Cloud Config to execute a script at first boot, for example, to bootstrap your system into Puppet or Ansible. If you use Ansible to manage OpenStack instances you can integrate it without manually logging in or doing anything manually.\u003c/p\u003e\n\n\u003cp\u003eSince FreeBSD 10.2-RELEASE there is an rc script which, when the file /firstboot exists, expands the root filesystem to the full disk. While bsd-cloudinit does this as well, if you don\u0026#39;t need the whole cloudinit stack, (when you use a static ssh key for example), you can touch that file to make sure the disk is expanded at the first boot\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA detailed tutorial that shows how to create customized cloud images using the FreeBSD install media\u003c/li\u003e\n\u003cli\u003eThere is also the option of using the FreeBSD release tools to build custom cloud images in a more headless fashion\u003c/li\u003e\n\u003cli\u003eSomeone should make a tutorial out of that\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ixsystems.com/blog/ixsystems-announces-trueos-launch/\" rel=\"nofollow\"\u003eiXsystems Announces TrueOS Launch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs loyal listeners to this show, you’ve no doubt heard by now that we are in the middle of undergoing a shift in moving PC-BSD -\u0026gt; TrueOS.\u003c/li\u003e\n\u003cli\u003eLast week during MeetBSD this was made “official” with iX issuing our press release and I was able to give a talk detailing many of the reasons and things going on with this change.\u003c/li\u003e\n\u003cli\u003eThe talk should be available online here soon(ish), but for a quick recap:\u003c/li\u003e\n\u003cli\u003eTrueOS is moving to a rolling-release model based on FreeBSD -CURRENT\u003c/li\u003e\n\u003cli\u003eLumina has become the default desktop for TrueOS\u003c/li\u003e\n\u003cli\u003eLibreSSL is enabled top to bottom\u003c/li\u003e\n\u003cli\u003eWe are in the middle of working on conversion to OpenRC for run-control replacement\u003c/li\u003e\n\u003cli\u003eThe TrueOS pico was announced, which is our “Thin-Client” solution, right now allowing you to use a TrueOS server pared with a RPI2 device. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://vzaigrin.wordpress.com/2016/10/16/running-freebsd-11-on-raspberry-pi/\" rel=\"nofollow\"\u003eRunning FreeBSD 11 on Raspberry Pi\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis article covers some of the changes you will notice if you upgrade your RPI to FreeBSD 11.0\u003c/li\u003e\n\u003cli\u003eIt covers some of the changes to WiFi in 11.0\u003c/li\u003e\n\u003cli\u003ePro Tip: you can get a list of WiFi devices by doing: sysctl net.wlan.devices\u003c/li\u003e\n\u003cli\u003eThere are official binary packages for ARM with 11.0, so you can just ‘pkg install’ your favourite apps\u003c/li\u003e\n\u003cli\u003eMany of the LEDs are exposed via the /dev/led/\u003cname\u003e interface, which you can just echo 0 or 1 to, or use morse(6) to send a message\u003c/li\u003e\n\u003cli\u003egpioctl can be used to control the various GPIO pins\u003c/li\u003e\n\u003cli\u003eThe post also covers how to setup the real-time clock on the Raspberry Pi\u003c/li\u003e\n\u003cli\u003eThere is also limited support for adjusting the CPU frequency of the Pi\u003c/li\u003e\n\u003cli\u003eThere are also tips on configuring a one-wire temperature sensor\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/cyclaero/void-zones-tools\" rel=\"nofollow\"\u003evoid-zones-tools for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdblock has been in the news a bit recently, with some of the more popular browser plugins now accepting brib\u003csup\u003e...contributions\u003c/sup\u003e to permit specific ads through.\u003c/li\u003e\n\u003cli\u003eWell today the ad-blockers strike back. We have a great tutorial up on GitHub which demonstrates one of the useful features of using Unbound in FreeBSD to do your own ad-blocking with void-zones.\u003c/li\u003e\n\u003cli\u003eSpecifically, void-zones are a way to return NXDOMAIN when DNS requests are made to known malicious or spam sites.\u003c/li\u003e\n\u003cli\u003eUsing void-zones-tools software will make managing this easy, by being able to pull in known lists of sites to block from several 3rd party curators.\u003c/li\u003e\n\u003cli\u003eWhen coupled with our past tutorials on setting up your own FreeBSD router, this may become very useful for a lot of folks who want to do ad-blocking ad at a lower level, allowing it to filter smart-phones or any other devices on a network.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://raw.githubusercontent.com/sustrik/dsock/master/rfc/sock-api-revamp-01.txt\" rel=\"nofollow\"\u003eBSD Socket API Revamp\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMartin Sustrik has started a draft RFC to revamp the BSD Sockets API:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe progress in the area of network protocols is distinctively lagging behind.  While every hobbyist new to the art of programming writes and publishes their small JavaScript libraries, there\u0026#39;s no such thing going on with network protocols.  Indeed, it looks like the field of network protocols is dominated by big companies and academia, just like programming as a whole used to be before the advent of personal computers.\u003c/p\u003e\n\n\u003cp\u003ethe API proposed in this document doesn\u0026#39;t try to virtualize all possible aspects of all possible protocols and provide a single set of functions to deal with all of them.  Instead, it acknowledges how varied the protocol landscape is and how much the requirements for individual protocols differ.  Therefore, it lets each protocol define its own API and asks only for bare minimum of standardised behaviour needed to implement protocol composability.\u003c/p\u003e\n\n\u003cp\u003eAs a consequence, the new API is much more lightweight and flexible than BSD socket API and allows to decompose today\u0026#39;s monolithic protocol monsters into small single-purpose microprotocols that can be easily combined together to achieve desired functionality.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe idea behind the new design is to allow the software author to define their own protocols via a generic interface, and easily stack them on top of the existing network protocols, be they the basic protocols like TCP/IP, or a layer 7 protocol like HTTP\u003c/li\u003e\n\u003cli\u003e   Example of creating a stack of four protocols:\n~~\n   int s1 = tcp_connect(\u0026quot;192.168.0.111:5555\u0026quot;);\n   int s2 = foo_start(s1, arg1, arg2, arg3);\n   int s3 = bar_start(s2);\n   int s4 = baz_start(s3, arg4, arg5);\n~~\u003c/li\u003e\n\u003cli\u003eIt also allows applying generic transformations to the protocols:\n~~\n   int tcps = tcp_connect(\u0026quot;192.168.0.111:80\u0026quot;);\n   /* Websockets is a connected protocol. \u003cem\u003e/\n   int ws = websock_connect(tcps);\n   uint16_t compression_algoritm;\n   mrecv(ws, \u0026amp;compression_algorithm, 2, -1);\n   /\u003c/em\u003e Compression socket is unconnected. \u003cem\u003e/\n   int cs = compress_start(ws, compression_algorithm);\n~~\n*\u003c/em\u003e*\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-November/313140.html\" rel=\"nofollow\"\u003eUpdated version of re(4) for DragonflyBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSephe over at the Dragonfly project has issued a CFT for a newer version of the “re” driver\u003c/li\u003e\n\u003cli\u003eFor those who don’t know, that is for Realtek nics, specifically his updates add features:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have made an updated version of re(4), which leverages Realtek driver\u0026#39;s chip/PHY reset/initialization code.  I hope it can resolve all kinds of weirdness we encountered on this chip so far.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eTesters, you know what to do! Give this a whirl and let him know if you run into any new issues, or better yet, give feedback if it fixes some long-standing problems you’ve run into in the past.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eHackathon reports from OpenBSD’s B2K16\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20161112112023\" rel=\"nofollow\"\u003eb2k16 hackathon report: Jeremy Evans on ports cleaning, progress on postgres, nginx, ruby and more\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20161112095902\" rel=\"nofollow\"\u003eb2k16 hackathon report: Landry Breuil on various ports progress\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20161109030623\" rel=\"nofollow\"\u003eb2k16 hackathon report: Antoine Jacoutot on GNOME\u0026#39;s path forward, various ports progress\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWe have a trio of hackathon reports from OpenBSD’s B2K16 (Recently held in Budapest)\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFirst up - Jeremy Evans give us his rundown which starts with sweeping some of the cruft out of the barn:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI started off b2k16 by channeling tedu@, and removing a lot of ports, including lang/ruby/2.0, lang/io, convertors/ruby-json, databases/dbic++, databases/ruby-swift, databases/ruby-jdbc-*, x11/ruby-profiligacy, and mail/ruby-mailfactory.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter that, he talks about improvements made to postgres, nginx and ruby ports, fixing things such as pg_upgrade support, breaking nginx down into sub-packages and a major ruby update to about 50% of the packages.\u003c/li\u003e\n\u003cli\u003eNext up - Landry Breuil tells us about his trip, which also started with some major ports pruning, including some stale XFCE bits and drupal6. \u003c/li\u003e\n\u003cli\u003eOne of the things he mentions is the Tor browser:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFound finally some time again to review properly the pending port for Tor Browser, even if i don\u0026#39;t like the way it is developed (600+ patches against upstream firefox-esr !? even if relationship is improving..) nor will endorse its use, i feel that the time that was spent on porting it and updating it and maintaining it shouldn\u0026#39;t be lost, and it should get commited - there are only some portswise minor tweaks to fix. Had a bit of discussions about that with other porters... \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eLastly, Antoine Jacoutot gives us a smaller update on his work:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst task of this hackathon was for Jasper and I to upgrade to GNOME 3.22.1 (version 3.22.2 hit the ports tree since). As usual I already updated the core libraries a few days before so that we could start with a nice set of fully updated packages. It ended up being the fastest GNOME update ever, it all went very smoothly. We\u0026#39;re still debating the future of GNOME on OpenBSD though. More and more features require systemd interfaces and without a replacement it may not make sense to keep it around. Implementing these interfaces requires time which Jasper and I don\u0026#39;t really have these days... Anyway, we\u0026#39;ll see.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAll-n-all, a good trip it sounds like with some much needed hacking taking place. Good to see the cruft getting cleaned up, along with some new exciting ports landing.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2016-07-2016-09.html\" rel=\"nofollow\"\u003eJuly to September 2016 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe latest FreeBSD quarterly status report is out\u003c/li\u003e\n\u003cli\u003eIt includes the induction of the new Core team, and reports from all of the other teams, including Release Engineering, Port Manager, and the FreeBSD Foundation\u003c/li\u003e\n\u003cli\u003eSome other highlights:\u003c/li\u003e\n\u003cli\u003eCapsicum Update\n\n\u003cul\u003e\n\u003cli\u003eThe Graphics Stack on FreeBSD\u003c/li\u003e\n\u003cli\u003eUsing lld, the LLVM Linker, to Link FreeBSD\u003c/li\u003e\n\u003cli\u003eVirtualBox Shared Folders Filesystem\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eevdev support (better mouse, keyboard, and multi-touch support)\n\n\u003cul\u003e\n\u003cli\u003eZFS Code Sync with Latest OpenZFS/Illumos\n\n\u003cul\u003e\n\u003cli\u003eThe ARC now mostly stores compressed data, the same as is stored on disk, decompressing them on demand.\u003c/li\u003e\n\u003cli\u003eThe L2ARC now stores the same (compressed) data as the ARC without recompression, and its RAM usage was further reduced.\u003c/li\u003e\n\u003cli\u003eThe largest size of indirect block possible has been increased from 16KB to 128KB, and speculative prefetching of indirect blocks is now performed.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eImproved ordering of space allocation.\u003c/li\u003e\n\u003cli\u003eThe SHA-512t256 and Skein hashing algorithms are now supported.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.cs.cmu.edu/afs/cs/user/predragp/www/git.html\" rel=\"nofollow\"\u003eHow to Host Your Own Private GitHub with Gogs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://yro.slashdot.org/story/16/11/07/1427257/nvidia-adds-telemetry-to-latest-drivers\" rel=\"nofollow\"\u003eNvidia Adds Telemetry To Latest Drivers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://knoxbug.org/2016-11-29\" rel=\"nofollow\"\u003eKnoxBUG Upcoming Meeting\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/skvEgkLK\" rel=\"nofollow\"\u003e William - Show Music\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/nMDeSFGM\" rel=\"nofollow\"\u003e Ray - Mounting a Cell Phone\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/p5bC1jKU\" rel=\"nofollow\"\u003e Ron - TrueOS + Radeon\u003c/a\u003e  (Follow-up - He used nvidia card)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ud9vEK2C\" rel=\"nofollow\"\u003e Kurt - ZFS Migration\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/VPQfsUks\" rel=\"nofollow\"\u003e Matt Dillon (Yes that Matt Dillon) - vkernels\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow. Allan and I are back from MeetBSD! A good time was had by all, lots to discuss, so let’s jump right into it on your place to B...SD!","date_published":"2016-11-16T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/776e1141-a95a-47ca-b5cd-308ad59d32f9.mp3","mime_type":"audio/mpeg","size_in_bytes":60620116,"duration_in_seconds":5051}]},{"id":"ebe3203d-b267-46aa-84af-9a1a3f861c02","title":"167: Playing the Long Game","url":"https://www.bsdnow.tv/167","content_text":"This week on BSDNow, Allan \u0026amp; Kris are out at MeetBSD, but we never forget our loyal listeners. We have a great interview Allan did with Scott Long of Netflix \u0026amp; FreeBSD fame, as well as your questions on the place to B...SD!\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\n\n\n\nInterview - Scott Long - scottl@freebsd.org\n\n\nFreeBSD \u0026amp; Netflix\n***\n\n\nFeedback/Questions\n\n\nZack - USB Config \nJens - VMs, Jails and Containers \nRanko - Tarsnap Keys \nAlex - OpenBSD in Hyper-V \nCurt - Discussion Segment \n\n\n","content_html":"\u003cp\u003eThis week on BSDNow, Allan \u0026amp; Kris are out at MeetBSD, but we never forget our loyal listeners. We have a great interview Allan did with Scott Long of Netflix \u0026amp; FreeBSD fame, as well as your questions on the place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Scott Long - \u003ca href=\"mailto:scottl@freebsd.org\" rel=\"nofollow\"\u003escottl@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD \u0026amp; Netflix\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/u77LE0Md\" rel=\"nofollow\"\u003eZack - USB Config\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/8KwDK6ay\" rel=\"nofollow\"\u003eJens - VMs, Jails and Containers\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Kie3EcjN\" rel=\"nofollow\"\u003eRanko - Tarsnap Keys\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/nRJQ7UPZ\" rel=\"nofollow\"\u003eAlex - OpenBSD in Hyper-V\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ndx25pQA\" rel=\"nofollow\"\u003eCurt - Discussion Segment\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"This week on BSDNow, Allan \u0026 Kris are out at MeetBSD, but we never forget our loyal listeners. We have a great interview Allan did with Scott Long of Netflix \u0026 FreeBSD fame, as well as your questions on the place to B...SD!","date_published":"2016-11-09T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ebe3203d-b267-46aa-84af-9a1a3f861c02.mp3","mime_type":"audio/mpeg","size_in_bytes":34410964,"duration_in_seconds":2867}]},{"id":"13a56673-8f9c-4198-9f01-4f28143ec2f9","title":"166: Pass that UNIX Pipe","url":"https://www.bsdnow.tv/166","content_text":"This week on the show, we’re loaded up with great stories ranging from System call fuzzing, a history of UNIX Pipes, speeding up MySQL imports and more. Stay tuned, BSDNow is coming your way right now.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nSystem call fuzzing of OpenBSD amd64 using TriforceAFL (i.e. AFL and QEMU)\n\n\nThe NCCGroup did a series of fuzz testing against the OpenBSD syscall interface, during which they found a number of vulnerabilities, we covered this back in the early summer\nWhat we didn’t notice, is that they also made the tools they used available.\nA combination of AFL (American Fuzzy Lop), QEMU, OpenBSD’s FlashRD image generation tool, and the “Triforce” driver\nThe other requirement is “a Linux box as host to run the fuzzer (other fuzzer hosts may work as well, we've only run TriforceAFL from a Linux host, specifically Debian/Ubuntu”\nIt would be interesting to see if someone could get this to run from a BSD host\nIt would also be interesting to run the same tests against the other BSDs\n***\n\n\nOn the Early History and Impact of Unix: the Introduction of Pipes\n\n\nPipes are something we just take for granted today, but there was a time before pipes (How did anything get done?)\nRonda Hauben writes up a great look back at the beginning of UNIX, and specifically at how pipes were born:\n\n\n\nOne of the important developments in Unix was the introduction of pipes. Pipes had been suggested by McIlroy during the early days of creating Unix. Ritchie explains how \"the idea, explained one afternoon on a blackboard, intrigued us but failed to ignite any immediate action. There were several objections to the idea as put....What a failure of imagination,\" he admits.(35) McIlroy concurs, describing how the initial effort to add pipes to Unix occurred about the same time in 1969 that Ritchie, Thompson and Canaday were outlining ideas for a file system. \"That was when,\" he writes, \"the simple pipeline as a way to combine programs, with data notationally propagating along a chain of (not necessarily concurrent) filters was articulated.\"(36) However, pipes weren't implemented in Unix until 1972. \n\n\n\nWe also have a great quote from McIlroy on the day pipes were first introduced:\n\n\n\nOpen Systems! Our Systems! How well those who were there remember the pipe-festooned garret where Unix took form. The excitement of creation drew people to work there amidst the whine of the computer's cool- ing fans, even though almost the same computer ac- cess, could be had from one's office or from home. Those raw quarters saw a procession of memorable events. The advent of software pipes precipitated a day-long orgy of one-liners....As people reveled in the power of functional composition in the large, which is even today unavailable to users of other systems.\n\n\n\nThe paper goes on to talk about the invention of other important tools, such as “grep”, “diff” and more. Well worth your time if you want a glimpse into the history of UNIX\n***\n\n\nSpeeding up MySQL Import on FreeBSD\n\n\nMark Felder writes a blog post explaining how to speed up MySQL bulk data imports\n“I was recently tasked with rebuilding a readonly slave database server which only slaves a couple of the available databases. The backup/dump is straightforward and fast, but the restore was being excruciatingly slow. I didn't want to wait a week for this thing to finish, so I had to compile a list of optimizations that would speed up the process. This is the best way to do it on FreeBSD, assuming you're working with InnoDB. Additional optimizations may be required if you're using a different database engine.”\n“Please note this is assuming no other databases are running on this MySQL instance. Some of these are rather dangerous and you wouldn't want to put other live data at risk.”\nMost of the changes are meant to be temporary, used on a new server to import a dump of the database, then the settings are to be turned off.\nSpecifically:\n\n\nsync_binlog = 0\ninnodb_flush_log_at_trx_commit = 0\ninnodb-doublewrite = 0\n\nHe also prepends the following but of SQL before importing the data:\n\n\nset sql_log_bin=0; set autocommit=0; set unique_checks=0; set foreign_key_checks=0;\n\nYou can also help yourself if your MySQL database lives on ZFS\n\n\nzfs set recordsize=16k pool/var/db/mysql\nzfs set redundant_metadata=most pool/var/db/mysql\n\nRemember, this tuning is ONLY for the initial import, leaving these settings on long term risks losing 5-10 seconds of your data if the server reboots unexpectedly\n\n\nzfs set sync=disabled pool/var/db/mysql\nzfs set logbias=throughput pool/var/db/mysql\n***\n\n\n\nPostgreSQL and FreeBSD Quick Start\n\n\nThere’s lots of databases to choose from, but Postgres always has a special place on FreeBSD. Today we have a look at a ‘getting started’ guide for those taking the plunge and using it for the first time.\nNaturally getting started will look familiar to many, a couple simple “pkg” and “sysrc” commands later, and you’ll be set.\nAfter starting the service (With the “service” command) you’ll be ready to start setting up your postgres instance.\nNext up you’ll need to create your initial user/password combo, and a database with access granted to this particular user.\nIf you plan to enable remote access to this DB server, you’ll need to make some adjustments to one of the .conf files, allowing other IP’s to connect. (If you are hosting something on the same system, this may not be needed)\nNow yous should be good to go! Enjoy using your brand new Postgres database. If this is your first rodeo, maybe start with something easy, like Apache or Nginx + Wordpress to try it out.\n***\n\n\nNews Roundup\n\nOpenBSD vmm hypervisor test drive\n\n\nAs we asked for a week or two ago, someone has taken OpenBSD’s vmm for a test drive, and made a video of it\nThe command line interface for vmm, vmctl, looks quite easy to use. It takes an approach much closer to some of the bhyve management frameworks, rather than bhyve’s rather confusing set of switches\nIt also has a config file, the format of which looks very similar to what I designed for bhyveucl, and my first effort to integrate a config file into bhyve itself.\nThe video also looks at accessing the console, configuring the networking, and doing an OpenBSD install in a fresh VM\nCurrently vmm only supports running OpenBSD VMs\n***\n\n\nFreeBSD Foundation October 2016 Update\n\n\nWow, November is already upon us with the Holidays just around the corner. Before things get lost in the noise we wanted to highlight this update from the FreeBSD foundation.\nBefore getting into the stories, they helpfully provide a list of upcoming conferences for this fall/winter, which includes a couple of USENIX gatherings, and the Developer Summit / MeetBSD next week.\n+The foundation gives us a quick hardware update initially, discussing some of the new ThunderX Cavium servers which are deployed (ARMv8 64Bit) and yes I’m drooling a bit. They also mention that work is ongoing for the RPi3 platform and PINE64.\nGNN also has an article reprinted from the FreeBSD journal, talking about the achievement of making it to 11.0 over the span of 23 years now. Of course he mentions that the foundation is open to all, and welcomes donations to continue to keep up this tradition of good work being done.\nDeb Goodkin gives us an update on the “Grace Hopper” convention that took place in Houston TX several weeks back. Roughly 14k women in Tech attended, which is a great turnout, and FreeBSD was well represented there.\nNext we have a call to potential speakers, don’t forget that there are plenty of places you can help present about FreeBSD, not just at *BSD centered conferences, but the SCALES of the world as well.\nWe wrap up with a look at EuroBSDCon 2016, quite a nice writeup, again brought to us by Deb at the foundation, and includes a list of some of those recognized for their contributions to FreeBSD.\n***\n\n\nAdhokku – a toy PaaS powered by FreeBSD jails and Ansible\n\n\nDescribed as a toy Platform-as-a-Service, Adhokku is an ansible based automated jail creation framework\nBased on the concept of Dokku, a single-host open source PaaS for Linux powered by Docker\n\n\n\nWhen you deploy an application using Adhokku, Adhokku creates a new jail on the remote host and provisions it from a fixed clean state using the instructions in the Jailfile in your Git repository. All jails sit behind a reverse proxy that directs traffic to one of them based on the domain name or the IP address in the HTTP request. When a new jail has been provisioned for an application, Adhokku seamlessly reconfigures the reverse proxy to send traffic to it instead of the one currently active for that application.\n\nThe following instructions show how to get Adhokku and an example application running in a VM on your development machine using Vagrant. This process should require no FreeBSD-specific knowledge, through modifying the Jailfile to customize the application may.\n\n\n\nThis seems like an interesting project, and it is good to see people developing workflows so users familiar with docker etc, can easily use BSD instead\n***\n\n\nInstalling OpenBSD 6.0 on your laptop is really hard (not)\n\n\nOpenBSD on a laptop? Difficult? Not hardly.\nWe have a great walkthrough by Keith Burnett, which demonstrates just how easy it can be to get up and running with an XFCE desktop from a fresh OpenBSD installation.\nFor those curious,this was all done with a Thinkpad X60 and 120GB SSD and OpenBSD 6.0.\nHe doesn’t really cover the install process itself, that is well covered by the link to the OpenBSD FAQ pages.\nOnce the system is up and running though, we start with the most important portion, getting working internet access (Via wifi)\nReally just a few ‘ifconfig’ commands later and we are in business.\nStep 2 was getting the package configuration going. (I’ve never understood why this is still a thing, but no fret, its easy enough to do)\nWith package repos available, now you can grab the binaries for XFCE and friends with just a few simple “pkg_add” commands\nSteps 4-6 are some specific bits to enable XFCE services, and some handy things such as setting doas permissions to get USB mounting working (For graphical mount/unmount)\nLastly, keeping the system updated is important, so we have a nice tutorial on how to do that as well, using a handy “openup” script, which takes some of the guesswork out of it.\nBonus! Steps for doing FDE as also included, which isn’t for everyone, but you may want it\n***\n\n\nBeastie Bits\n\n\nPi-top with RPi-3 and FreeBSD HEAD\nNetBSD 7.0.2 released\nDragonflyBSD - git: kernel - Fix mmcsd read/write issues\nA char device which implements an Enigma machine (FreeBSD \u0026amp; Linux)\n***\n\n\nFeedback/Questions\n\n\n Matt - System Monitoring \n Tony - LLVM License \n Ben - Thanks \n David - Write Cache  \n Charles - Fonts \n***\n","content_html":"\u003cp\u003eThis week on the show, we’re loaded up with great stories ranging from System call fuzzing, a history of UNIX Pipes, speeding up MySQL imports and more. Stay tuned, BSDNow is coming your way right now.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/nccgroup/TriforceOpenBSDFuzzer\" rel=\"nofollow\"\u003eSystem call fuzzing of OpenBSD amd64 using TriforceAFL (i.e. AFL and QEMU)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe NCCGroup did a series of fuzz testing against the OpenBSD syscall interface, during which they found a number of vulnerabilities, we covered this back in the early summer\u003c/li\u003e\n\u003cli\u003eWhat we didn’t notice, is that they also made the tools they used available.\u003c/li\u003e\n\u003cli\u003eA combination of AFL (American Fuzzy Lop), QEMU, OpenBSD’s FlashRD image generation tool, and the “Triforce” driver\u003c/li\u003e\n\u003cli\u003eThe other requirement is “a Linux box as host to run the fuzzer (other fuzzer hosts may work as well, we\u0026#39;ve only run TriforceAFL from a Linux host, specifically Debian/Ubuntu”\u003c/li\u003e\n\u003cli\u003eIt would be interesting to see if someone could get this to run from a BSD host\u003c/li\u003e\n\u003cli\u003eIt would also be interesting to run the same tests against the other BSDs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://people.fas.harvard.edu/%7Elib113/reference/unix/unix2.html\" rel=\"nofollow\"\u003eOn the Early History and Impact of Unix: the Introduction of Pipes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePipes are something we just take for granted today, but there was a time before pipes (How did anything get done?)\u003c/li\u003e\n\u003cli\u003eRonda Hauben writes up a great look back at the beginning of UNIX, and specifically at how pipes were born:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOne of the important developments in Unix was the introduction of pipes. Pipes had been suggested by McIlroy during the early days of creating Unix. Ritchie explains how \u0026quot;the idea, explained one afternoon on a blackboard, intrigued us but failed to ignite any immediate action. There were several objections to the idea as put....What a failure of imagination,\u0026quot; he admits.(35) McIlroy concurs, describing how the initial effort to add pipes to Unix occurred about the same time in 1969 that Ritchie, Thompson and Canaday were outlining ideas for a file system. \u0026quot;That was when,\u0026quot; he writes, \u0026quot;the simple pipeline as a way to combine programs, with data notationally propagating along a chain of (not necessarily concurrent) filters was articulated.\u0026quot;(36) However, pipes weren\u0026#39;t implemented in Unix until 1972. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe also have a great quote from McIlroy on the day pipes were first introduced:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpen Systems! Our Systems! How well those who were there remember the pipe-festooned garret where Unix took form. The excitement of creation drew people to work there amidst the whine of the computer\u0026#39;s cool- ing fans, even though almost the same computer ac- cess, could be had from one\u0026#39;s office or from home. Those raw quarters saw a procession of memorable events. The advent of software pipes precipitated a day-long orgy of one-liners....As people reveled in the power of functional composition in the large, which is even today unavailable to users of other systems.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe paper goes on to talk about the invention of other important tools, such as “grep”, “diff” and more. Well worth your time if you want a glimpse into the history of UNIX\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.feld.me/posts/2016/09/speeding-up-mysql-import-on-freebsd/\" rel=\"nofollow\"\u003eSpeeding up MySQL Import on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMark Felder writes a blog post explaining how to speed up MySQL bulk data imports\u003c/li\u003e\n\u003cli\u003e“I was recently tasked with rebuilding a readonly slave database server which only slaves a couple of the available databases. The backup/dump is straightforward and fast, but the restore was being excruciatingly slow. I didn\u0026#39;t want to wait a week for this thing to finish, so I had to compile a list of optimizations that would speed up the process. This is the best way to do it on FreeBSD, assuming you\u0026#39;re working with InnoDB. Additional optimizations may be required if you\u0026#39;re using a different database engine.”\u003c/li\u003e\n\u003cli\u003e“Please note this is assuming no other databases are running on this MySQL instance. Some of these are rather dangerous and you wouldn\u0026#39;t want to put other live data at risk.”\u003c/li\u003e\n\u003cli\u003eMost of the changes are meant to be temporary, used on a new server to import a dump of the database, then the settings are to be turned off.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSpecifically:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003esync_binlog = 0\u003c/li\u003e\n\u003cli\u003einnodb_flush_log_at_trx_commit = 0\u003c/li\u003e\n\u003cli\u003einnodb-doublewrite = 0\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHe also prepends the following but of SQL before importing the data:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eset sql_log_bin=0; set autocommit=0; set unique_checks=0; set foreign_key_checks=0;\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eYou can also help yourself if your MySQL database lives on ZFS\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ezfs set recordsize=16k pool/var/db/mysql\u003c/li\u003e\n\u003cli\u003ezfs set redundant_metadata=most pool/var/db/mysql\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eRemember, this tuning is ONLY for the initial import, leaving these settings on long term risks losing 5-10 seconds of your data if the server reboots unexpectedly\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ezfs set sync=disabled pool/var/db/mysql\u003c/li\u003e\n\u003cli\u003ezfs set logbias=throughput pool/var/db/mysql\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cwharton.com/blog/2016/10/postgresql-and-freebsd-quick-start/\" rel=\"nofollow\"\u003ePostgreSQL and FreeBSD Quick Start\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere’s lots of databases to choose from, but Postgres always has a special place on FreeBSD. Today we have a look at a ‘getting started’ guide for those taking the plunge and using it for the first time.\u003c/li\u003e\n\u003cli\u003eNaturally getting started will look familiar to many, a couple simple “pkg” and “sysrc” commands later, and you’ll be set.\u003c/li\u003e\n\u003cli\u003eAfter starting the service (With the “service” command) you’ll be ready to start setting up your postgres instance.\u003c/li\u003e\n\u003cli\u003eNext up you’ll need to create your initial user/password combo, and a database with access granted to this particular user.\u003c/li\u003e\n\u003cli\u003eIf you plan to enable remote access to this DB server, you’ll need to make some adjustments to one of the .conf files, allowing other IP’s to connect. (If you are hosting something on the same system, this may not be needed)\u003c/li\u003e\n\u003cli\u003eNow yous should be good to go! Enjoy using your brand new Postgres database. If this is your first rodeo, maybe start with something easy, like Apache or Nginx + Wordpress to try it out.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=KE_7E1pXy5c\" rel=\"nofollow\"\u003eOpenBSD vmm hypervisor test drive\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs we asked for a week or two ago, someone has taken OpenBSD’s vmm for a test drive, and made a video of it\u003c/li\u003e\n\u003cli\u003eThe command line interface for vmm, vmctl, looks quite easy to use. It takes an approach much closer to some of the bhyve management frameworks, rather than bhyve’s rather confusing set of switches\u003c/li\u003e\n\u003cli\u003eIt also has a config file, the format of which looks very similar to what I designed for bhyveucl, and my first effort to integrate a config file into bhyve itself.\u003c/li\u003e\n\u003cli\u003eThe video also looks at accessing the console, configuring the networking, and doing an OpenBSD install in a fresh VM\u003c/li\u003e\n\u003cli\u003eCurrently vmm only supports running OpenBSD VMs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/wp-content/uploads/2016/10/FreeBSD-Foundation-October-2016-Update.pdf\" rel=\"nofollow\"\u003eFreeBSD Foundation October 2016 Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWow, November is already upon us with the Holidays just around the corner. Before things get lost in the noise we wanted to highlight this update from the FreeBSD foundation.\u003c/li\u003e\n\u003cli\u003eBefore getting into the stories, they helpfully provide a list of upcoming conferences for this fall/winter, which includes a couple of USENIX gatherings, and the Developer Summit / MeetBSD next week.\n+The foundation gives us a quick hardware update initially, discussing some of the new ThunderX Cavium servers which are deployed (ARMv8 64Bit) and yes I’m drooling a bit. They also mention that work is ongoing for the RPi3 platform and PINE64.\u003c/li\u003e\n\u003cli\u003eGNN also has an article reprinted from the FreeBSD journal, talking about the achievement of making it to 11.0 over the span of 23 years now. Of course he mentions that the foundation is open to all, and welcomes donations to continue to keep up this tradition of good work being done.\u003c/li\u003e\n\u003cli\u003eDeb Goodkin gives us an update on the “Grace Hopper” convention that took place in Houston TX several weeks back. Roughly 14k women in Tech attended, which is a great turnout, and FreeBSD was well represented there.\u003c/li\u003e\n\u003cli\u003eNext we have a call to potential speakers, don’t forget that there are plenty of places you can help present about FreeBSD, not just at *BSD centered conferences, but the SCALES of the world as well.\u003c/li\u003e\n\u003cli\u003eWe wrap up with a look at EuroBSDCon 2016, quite a nice writeup, again brought to us by Deb at the foundation, and includes a list of some of those recognized for their contributions to FreeBSD.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/adhokku/adhokku\" rel=\"nofollow\"\u003eAdhokku – a toy PaaS powered by FreeBSD jails and Ansible\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDescribed as a toy Platform-as-a-Service, Adhokku is an ansible based automated jail creation framework\u003c/li\u003e\n\u003cli\u003eBased on the concept of Dokku, a single-host open source PaaS for Linux powered by Docker\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eWhen you deploy an application using Adhokku, Adhokku creates a new jail on the remote host and provisions it from a fixed clean state using the instructions in the Jailfile in your Git repository. All jails sit behind a reverse proxy that directs traffic to one of them based on the domain name or the IP address in the HTTP request. When a new jail has been provisioned for an application, Adhokku seamlessly reconfigures the reverse proxy to send traffic to it instead of the one currently active for that application.\u003c/p\u003e\n\n\u003cp\u003eThe following instructions show how to get Adhokku and an example application running in a VM on your development machine using Vagrant. This process should require no FreeBSD-specific knowledge, through modifying the Jailfile to customize the application may.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis seems like an interesting project, and it is good to see people developing workflows so users familiar with docker etc, can easily use BSD instead\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sohcahtoa.org.uk/openbsd.html\" rel=\"nofollow\"\u003eInstalling OpenBSD 6.0 on your laptop is really hard (not)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD on a laptop? Difficult? Not hardly.\u003c/li\u003e\n\u003cli\u003eWe have a great walkthrough by Keith Burnett, which demonstrates just how easy it can be to get up and running with an XFCE desktop from a fresh OpenBSD installation.\u003c/li\u003e\n\u003cli\u003eFor those curious,this was all done with a Thinkpad X60 and 120GB SSD and OpenBSD 6.0.\u003c/li\u003e\n\u003cli\u003eHe doesn’t really cover the install process itself, that is well covered by the link to the OpenBSD FAQ pages.\u003c/li\u003e\n\u003cli\u003eOnce the system is up and running though, we start with the most important portion, getting working internet access (Via wifi)\u003c/li\u003e\n\u003cli\u003eReally just a few ‘ifconfig’ commands later and we are in business.\u003c/li\u003e\n\u003cli\u003eStep 2 was getting the package configuration going. (I’ve never understood why this is still a thing, but no fret, its easy enough to do)\u003c/li\u003e\n\u003cli\u003eWith package repos available, now you can grab the binaries for XFCE and friends with just a few simple “pkg_add” commands\u003c/li\u003e\n\u003cli\u003eSteps 4-6 are some specific bits to enable XFCE services, and some handy things such as setting doas permissions to get USB mounting working (For graphical mount/unmount)\u003c/li\u003e\n\u003cli\u003eLastly, keeping the system updated is important, so we have a nice tutorial on how to do that as well, using a handy “openup” script, which takes some of the guesswork out of it.\u003c/li\u003e\n\u003cli\u003eBonus! Steps for doing FDE as also included, which isn’t for everyone, but you may want it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/gvnn3/status/791475373380804608\" rel=\"nofollow\"\u003ePi-top with RPi-3 and FreeBSD HEAD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/netbsd_7_0_1_released1\" rel=\"nofollow\"\u003eNetBSD 7.0.2 released\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-October/624851.html\" rel=\"nofollow\"\u003eDragonflyBSD - git: kernel - Fix mmcsd read/write issues\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rafael-santiago/dev-enigma\" rel=\"nofollow\"\u003eA char device which implements an Enigma machine (FreeBSD \u0026amp; Linux)\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ayzvCuaq\" rel=\"nofollow\"\u003e Matt - System Monitoring\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/r5axPSE7\" rel=\"nofollow\"\u003e Tony - LLVM License\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/MNxCvUtX\" rel=\"nofollow\"\u003e Ben - Thanks\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/RswFASqW\" rel=\"nofollow\"\u003e David - Write Cache \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/e317a32f\" rel=\"nofollow\"\u003e Charles - Fonts\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we’re loaded up with great stories ranging from System call fuzzing, a history of UNIX Pipes, speeding up MySQL imports and more. Stay tuned, BSDNow is coming your way right now.","date_published":"2016-11-02T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/13a56673-8f9c-4198-9f01-4f28143ec2f9.mp3","mime_type":"audio/mpeg","size_in_bytes":39795412,"duration_in_seconds":3316}]},{"id":"9091a6e8-1975-46fa-b095-2894d40db0bb","title":"165: Vote4BSD","url":"https://www.bsdnow.tv/165","content_text":"This week on BSDNow, we’ve got voting news for you (No not that election), a closer look at\n\nThis episode was brought to you by\n\n\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nARIN 38 involvement, vote!\n\n\nIsaac (.Ike) Levy, one of our interview guests from earlier this year, is running for a seat on the 15 person ARIN Advisory Council\nHis goal is to represent the entire *BSD community at this important body that makes decisions about how IP addresses are allocated and managed\nBiographies and statements for all of the candidates are available here\nThe election ends Friday October 28th\nIf elected, Ike will be looking for input from the community\n***\n\n\nLibreSSL not just available but default (DragonFlyBSD)\n\n\nDragonFly has become the latest BSD to join the growing LibreSSL family. As mentioned a few weeks back, they were in the process of wiring it up as a replacement for OpenSSL.\nWith this latest commit, you can now build the entire base and OpenSSL isn’t built at all.\nCongrats, and hopefully more BSDs (and Linux) jump on the bandwagon Compat_43 is gone\nRiP 4.3 Compat support.. Well for DragonFly anyway.\nThis commit finally puts out to pasture the 4.3 support, which has been disabled by default in DragonFly for almost 5 years now. \nThis is a nice cleanup of their tree, removing more than a thousand lines of code and some of the old cruft still lingering from 4.3.\n***\n\n\nCreate your first FreeBSD kernel module\n\n\nThis is an interesting tutorial from Abdelhadi Khiati, who is currently a master's student in AI and robotics\n\n\n\nI have been lucky enough to participate in Google Summer of Code with the FreeBSD foundation. I was amazed by the community surrounding it which was noob friendly and very helpful (Thank you FreeBSD \u0026lt;3)\n\nI wanted to make a starting tutorial for people to write a simple module for kernel before diving inside more complicated kernel shizzle\n\nThe kernel module that we will be working on is a simple event handler for the kernel. It will be composed of 2 parts, the event handling function, and the module declaration\n\nThe module event handler is a function that handles different events for the module. Like the module being loaded, unloaded or on system shutdown\n\nNow that we have the events handling function ready. We need to declare the moduledata_t to be able to use it inside DECLARE_MODULE macro and load it into the kernel. It has the module name and a pointer to the event handling function\n\nLastly, we need to declare the module using the DECLARE_MODULE macro. Which has the following structure:\n\n\n~~\nDECLARE_MODULE(name, moduledata_t data, sub, order);\n~~\n\n\nname: The module name that will be used in the SYSINIT() call to identify the module.\ndata: The moduledata_t structure that we already presented.\nsub : Since we are using a driver here so the value will be SI_SUB_DRIVERS this argument specify the type of system startup interface.\norder : Represents the order of initialization within the subsystem, we will us the SI_ORDER_MIDDLE value here.\n\n\n\nTo compile the previous file you need to use a Makefile as following:\n~~\nKMOD=hello\nSRCS=module.c\n.include\n~~\nWe look forward to a future post where more functionality is added to the kernel module\n\n\n\n\nInstalling Windows 10 Under the bhyve Hypervisor.\n\n\nLooking for your Bhyve fix? If so, then Trent (Of iohyve fame) has a nice blog post today with a detailed look at how to get Windows 10 up and running in bhyve.\nFirst up, Trent gives us a nice look back at how far we’ve come in only a single year. Just a year ago, initial support for UEFI was landing, there was no VNC option, leaving us to only serial console goodness. Fast-forward to today and Windows 10 + Bhyve + Vnc is a go.\nHe immediately jumps us into the good stuff, talking about what you’ll need to follow along. His tutorial was written on 12-CURRENT, but running 11.0-RELEASE should work as well.\nOf course, he does mention that before starting on this quest, make sure to read the bhyve handbook, specifically check that your CPU is supported. If you are running something without the correct Vt extensions, then your journey will end prematurely in sadness.\nNext up is some of the prep work needed to get your box ready to run VM’s. Loading the kernel module, creating “tap” devices for networking and such are detailed.\nIf you are lazy (like me) then you’ll want to copy-n-paste his handy scripts which automate this process for you.\nWith the system prepped, we get to the good stuff. You’ll need to install the bhyve-firmware package (which enables UEFI booting) and get your handy Windows 10 ISO.\nFrom here Trent has helpfully again provided us with handy scripts to both do the bhyve startup, as well as enabling VNC support over a SSH tunnel.\nAt this point you are good to go, fire up your VNC client and you should be greeted with the typical Windows “Press any key to boot from CD” message. No, he doesn’t provide instructions on how to install / Use / Like Windows, but we’ll leave that up to you.\n***\n\n\nNews Roundup\n\nLumina version 1.1.0 Released\n\n\nA new version of Lumina has just landed! 1.1.0 brings with it some important fixes, as well as new utilities that make your desktop computing easier than ever.\nFirst up, all i18n files have been re-worked, instead of needing to install another package, they are included with the build when WITH_I18N is set.\nA handy new “start-lumina-desktop” command has been added, which makes it easy to get lumina running from your Login Manager or even manually in .xinitrc or the like.\nA bunch of internals related to how it tracks installed Applications and start-menu entries has been re-worked, fixing some memory issues and speeding things up.\nThe default “Insight” file-manager has been given an overhaul, which includes some new features like “git” support.\nA new Qt5 “lumina-calculator” has also joined the family, which means not needing to use kcalc or xcalc on TrueOS anymore.\nA nice “TrueOS” specific option has also landed. Specifically now when System Updates are waiting to install at shutdown, Lumina will detect and prompt if you want to install or skip the update. Handy when on the road, or if you don’t have the time to wait for an update to complete.\n***\n\n\nOpenBGPD Large Communities support in –current\n\n\nA blog post from OpenBSD’s Peter Hessler:\n\n\n\nOn Friday, I committed support for Large Communities to OpenBGPD. This is a draft-RFC that I am pretty excited about.\n\nBack in the early days of The Internet, when routers rode dinosaurs to work and nerds weren't cool, we wanted to signal to our network neighbours certain information about routes. To be fair, we still do. But, back then everyone had 16 bit ASNs, so there was a simple concept called 'communities'. This was a 32bit opaque value, that was traditionally split into two 16bit values. Conveniently, we were able to encode an \"us\" and a \"them\", and perform actions based on what our neighbours told us.\n\nBut, 16bits is pretty limiting. There could only be ~65'000 possible networks on The Internet total? Eeek. So, we created 32bit ASNs. 4 billion networks is seen as a quite reasonable limitation. However, you can't really encode a 32bit \"us\" and a 32bit \"them\" value into 32bits of total space. Something called \"Extended Communities\" was invented, but it tries to solve everything except the case of a 32bit ASN signalling to another 32bit ASN.\n\nEnter Large Communities. This is 3 32bit values. The first one is the \"owner\" of the namespace. Normally, you would put in your own ASN, or the ASN that you wish to signal. The second two 32bit values are opaque and only have meaning from the originating operator, but normally people will use \"myasn\":\"verb\":\"noun\" Or \"myasn\":\"noun\":\"verb\". Either way, it fits very nicely.\n\nHaving previously ran a 32bit ASN, it became quickly obvious the lack of suitable communities was a critical problem. It was even the way to request an \"old style\" 16bit ASN from RIPE, \"I need to use communities\". Even the ability to say \"do this to that ASN\" was ugly, since you couldn't really communicate who the community was supposed to matter to. Clearly, we The Internet Community screwed up by not addressing this need earlier.\n\nOpenBGPD in OpenBSD -current has support for Large Communities, and this will be available in the 6.1 release and later. This was based partially on a patch from Job Snijders, thanks!\n\n\n\n\nFirst look at the renewed CTL High Availability implementation in FreeBSD\n\n\nFollowing up on a previous post about making a high availability dual head storage controller, the new post looks at using FreeBSD’s CTL HA implementation, and FreeBSD 11.0 to do that:\n\n\n\nThis enhancement looks extremely important for the BeaST storage system as implementation of high available native ALUA in FreeBSD can potentially replace the BeaST arbitration mechanism (“Arbitrator”), which is completely described in the papers on the BeaST project page\n\nALUA in storage world terminology means Asymmetric Logical Unit Assignment. In simple words this set of technologies allows a host to access any LUN via both controllers of a storage system\n\nAs I still do not have any real hardware drive-enclosures, we will use Oracle Virtual Box and iSCSI protocol. I have already deployed this environment for the BeaST development, so we can use the similar, yet more simplified template for the renewed CTL HA testing purpose.\n\n\n\nIf anyone has access to hardware of this nature (a storage shelf with 2 heads connected to it), that they could lend the author to help validate the design on real hardware, that would be most helpful.\n\u0026gt; We will run two storage controllers (ctrl-a, ctrl-b) and a host (cln-1). A virtual SAS drive (da0) of 256 MB is configured as “shareable” in Virtual Media Manager and simultaneously connected with both storage controllers\nThe basic settings are applied to both controllers\nOne interesting setting is:\n\n\nkern.cam.ctl.ha_role – configures default role for the node. So ctrl-a is set as 0 (primary node), ctrl-b – 1 (secondary node). The role also can be specified on per-LUN basis which allows to distribute LUNs over both controllers evenly.\nNote, kern.cam.ctl.ha_id and kern.cam.ctl.ha_mode are read-only parameters and must be set only via the /boot/loader.conf file.\n\nOnce kern.cam.ctl.ha_peer is set, and the peers connect to each other, the log messages should reflect this:\n\n\nCTL: HA link status changed from 0 to 1\nCTL: HA link status changed from 1 to 2\n\n\n\n\nThe link states can be: 0 – not configured, 1 – configured but not established and 2 – established\n\n\n\nThen ctld is configured to export /dev/da0 on each of the controllers\nThen the client is booted, and uses iscsid to connect to each of the exposed targets\n\n\n\nsysctl kern.iscsi.fail_on_disconnection=1 on the client is needed to drop connection with one of the controllers in case of its failure\n\nAs we know that da0 and da1 on the client are the same drive, we can put them under multipathing control: gmultipath create -A HA /dev/da0 /dev/da1\n\n\n\nThe document them shows a file being copied continuously to simulate load. Because the multipath is configured in ‘active/active’ mode, the traffic is split between the two controllers\nThen the secondary controller is turned off, and iscsi disconnects that path, and gmultipath adapts and sends all of the traffic over the primary path.\nWhen the secondary node is brought back up, but the primary is taken down, traffic stops\nThe console on the client is filled with errors: “Logical unit not accessible, asymmetric access state transition”\nThe ctl(4) man page explains: \n\u0026gt; If there is no primary node (both nodes are secondary, or secondary node has no connection to primary one), secondary node(s) report Transitioning state.\n\u0026gt; Therefore, it looks like a “normal” behavior of CTL HA cluster in a case of disaster and loss of the primary node. It also means that a very lucky administrator can restore the failed primary controller before timeouts are elapsed.\nIf the primary is down, the secondary needs to be promoted by some other process (CARP maybe?): sysctl kern.cam.ctl.ha_role=0\nThen traffic follows again\nThis is a very interesting look at this new feature, and I hope to see more about it in the future\n***\n\n\nIs SPF Simply Too Hard for Application Developers?\n\n\nPeter Hansteen asks an interesting question:\n\n\n\nThe Sender Policy Framework (SPF) is unloved by some, because it conflicts with some long-established SMTP email use cases. But is it also just too hard to understand and to use correctly for application developers?\n\n\n\nHe tells a story about trying to file his Norwegian taxes, and running into a bug\n\n\n\nThen in August 2016, I tried to report a bug via the contact form at Altinn.no, the main tax authorities web site.\n\nThe report in itself was fairly trivial: The SMS alert I had just received about an invoice for taxes due contained one date, which turned out to be my birth date rather than the invoice due date. Not a major issue, but potentially confusing to the recipient until you actually log in and download the invoice as PDF and read the actual due date and other specifics.\n\nThe next time I checked my mail at bsdly.net, I found this bounce:\n\nsupport@altinn.no: SMTP error from remote mail server after RCPT TO:: host mx.isp.as2116.net [193.75.104.7]: 550 5.7.23 SPF validation failed    \n\nwhich means that somebody, somewhere tried to send a message to support@altinn.no, but the message could not be delivered because the sending machine did not match the published SPF data for the sender domain.\n\nWhat happened is actually quite clear even from the part quoted above: the host mx.isp.as2116.net [193.75.104.7] tried to deliver mail on my behalf (I received the bounce, remember), and since I have no agreement for mail delivery with the owners and operators of that host, it is not in bsdly.net's SPF record either, and the delivery fails.\n\n\n\nAfter having a bunch of other problems, he finally gets a message back from the tax authority support staff:\n\n\n\nIt looks like you have Sender Policy Framework (SPF) enabled on your mailserver, It is a known weakness of our contact form that mailervers with SPF are not supported.\n\nThe obvious answer should be, as you will agree if you're still reading: The form's developer should place the user's email address in the Reply-To: field, and send the message as its own, valid local user. That would solve the problem.\n\nYes, I'm well aware that SPF also breaks traditional forwarding of the type generally used by mailing lists and a few other use cases. Just how afraid should we be when those same developers come to do battle with the followup specifications such as DKIM and (shudder) the full DMARC specification?\n\n\n\n\nBeastie Bits\n\n\nLooking for a very part-time SysAdmin\nIf anyone wants to build the latest nodejs on OpenBSD...\nIBM considers donating Power8 servers to OpenBSD\nInstall and configure DNS server in FreeBSD\nbhyve vulnerability in FreeBSD 11.0  \n\n\n\n\nFeedback/Questions\n\n\n Larry - Pkg Issue \n Larry - Followup  \n Jason - TrueOS \n Matias - ZFS HALP! \n Robroy - User/Group \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we’ve got voting news for you (No not \u003cem\u003ethat\u003c/em\u003e election), a closer look at\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise \u003cbr\u003e\nServers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the \u003cbr\u003e\nTruly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2016-October/016878.html\" rel=\"nofollow\"\u003eARIN 38 involvement, vote!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIsaac (.Ike) Levy, one of our interview guests from earlier this year, is running for a seat on the 15 person ARIN Advisory Council\u003c/li\u003e\n\u003cli\u003eHis goal is to represent the entire *BSD community at this important body that makes decisions about how IP addresses are allocated and managed\u003c/li\u003e\n\u003cli\u003eBiographies and statements for all of the candidates are \u003ca href=\"https://www.arin.net/participate/elections/candidate_bios.pdf\" rel=\"nofollow\"\u003eavailable here\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe election ends Friday October 28th\u003c/li\u003e\n\u003cli\u003eIf elected, Ike will be looking for input from the community\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2016/10/19/18794.html\" rel=\"nofollow\"\u003eLibreSSL not just available but default (DragonFlyBSD)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly has become the latest BSD to join the growing LibreSSL family. As mentioned a few weeks back, they were in the process of wiring it up as a replacement for OpenSSL.\u003c/li\u003e\n\u003cli\u003eWith this latest commit, you can now build the entire base and OpenSSL isn’t built at all.\u003c/li\u003e\n\u003cli\u003eCongrats, and hopefully more BSDs (and Linux) jump on the bandwagon \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-October/624734.html\" rel=\"nofollow\"\u003eCompat_43 is gone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRiP 4.3 Compat support.. Well for DragonFly anyway.\u003c/li\u003e\n\u003cli\u003eThis commit finally puts out to pasture the 4.3 support, which has been disabled by default in DragonFly for almost 5 years now. \u003c/li\u003e\n\u003cli\u003eThis is a nice cleanup of their tree, removing more than a thousand lines of code and some of the old cruft still lingering from 4.3.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://meltmes.kiloreux.me/create-your-first-freebsd-kernel-module/\" rel=\"nofollow\"\u003eCreate your first FreeBSD kernel module\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is an interesting tutorial from Abdelhadi Khiati, who is currently a master\u0026#39;s student in AI and robotics\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have been lucky enough to participate in Google Summer of Code with the FreeBSD foundation. I was amazed by the community surrounding it which was noob friendly and very helpful (Thank you FreeBSD \u0026lt;3)\u003c/p\u003e\n\n\u003cp\u003eI wanted to make a starting tutorial for people to write a simple module for kernel before diving inside more complicated kernel shizzle\u003c/p\u003e\n\n\u003cp\u003eThe kernel module that we will be working on is a simple event handler for the kernel. It will be composed of 2 parts, the event handling function, and the module declaration\u003c/p\u003e\n\n\u003cp\u003eThe module event handler is a function that handles different events for the module. Like the module being loaded, unloaded or on system shutdown\u003c/p\u003e\n\n\u003cp\u003eNow that we have the events handling function ready. We need to declare the moduledata_t to be able to use it inside DECLARE_MODULE macro and load it into the kernel. It has the module name and a pointer to the event handling function\u003c/p\u003e\n\n\u003cp\u003eLastly, we need to declare the module using the DECLARE_MODULE macro. Which has the following structure:\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cp\u003e~~\u003cbr\u003e\nDECLARE_MODULE(name, moduledata_t data, sub, order);\u003cbr\u003e\n~~\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ename: The module name that will be used in the SYSINIT() call to identify the module.\u003cbr\u003e\ndata: The moduledata_t structure that we already presented.\u003cbr\u003e\nsub : Since we are using a driver here so the value will be SI_SUB_DRIVERS this argument specify the type of system startup interface.\u003cbr\u003e\norder : Represents the order of initialization within the subsystem, we will us the SI_ORDER_MIDDLE value here.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eTo compile the previous file you need to use a Makefile as following:\u003cbr\u003e\n~~\u003cbr\u003e\nKMOD=hello\u003cbr\u003e\nSRCS=module.c\u003cbr\u003e\n.include\u003cbsd.kmod.mk\u003e\u003cbr\u003e\n~~\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWe look forward to a future post where more functionality is added to the kernel module\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pr1ntf.xyz/windows10.html\" rel=\"nofollow\"\u003eInstalling Windows 10 Under the bhyve Hypervisor.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for your Bhyve fix? If so, then Trent (Of iohyve fame) has a nice blog post today with a detailed look at how to get Windows 10 up and running in bhyve.\u003c/li\u003e\n\u003cli\u003eFirst up, Trent gives us a nice look back at how far we’ve come in only a single year. Just a year ago, initial support for UEFI was landing, there was no VNC option, leaving us to only serial console goodness. Fast-forward to today and Windows 10 + Bhyve + Vnc is a go.\u003c/li\u003e\n\u003cli\u003eHe immediately jumps us into the good stuff, talking about what you’ll need to follow along. His tutorial was written on 12-CURRENT, but running 11.0-RELEASE should work as well.\u003c/li\u003e\n\u003cli\u003eOf course, he does mention that before starting on this quest, make sure to read the bhyve handbook, specifically check that your CPU is supported. If you are running something without the correct Vt extensions, then your journey will end prematurely in sadness.\u003c/li\u003e\n\u003cli\u003eNext up is some of the prep work needed to get your box ready to run VM’s. Loading the kernel module, creating “tap” devices for networking and such are detailed.\u003c/li\u003e\n\u003cli\u003eIf you are lazy (like me) then you’ll want to copy-n-paste his handy scripts which automate this process for you.\u003c/li\u003e\n\u003cli\u003eWith the system prepped, we get to the good stuff. You’ll need to install the bhyve-firmware package (which enables UEFI booting) and get your handy Windows 10 ISO.\u003c/li\u003e\n\u003cli\u003eFrom here Trent has helpfully again provided us with handy scripts to both do the bhyve startup, as well as enabling VNC support over a SSH tunnel.\u003c/li\u003e\n\u003cli\u003eAt this point you are good to go, fire up your VNC client and you should be greeted with the typical Windows “Press any key to boot from CD” message. No, he doesn’t provide instructions on how to install / Use / Like Windows, but we’ll leave that up to you.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/version-1-1-0-released/\" rel=\"nofollow\"\u003eLumina version 1.1.0 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new version of Lumina has just landed! 1.1.0 brings with it some important fixes, as well as new utilities that make your desktop computing easier than ever.\u003c/li\u003e\n\u003cli\u003eFirst up, all i18n files have been re-worked, instead of needing to install another package, they are included with the build when WITH_I18N is set.\u003c/li\u003e\n\u003cli\u003eA handy new “start-lumina-desktop” command has been added, which makes it easy to get lumina running from your Login Manager or even manually in .xinitrc or the like.\u003c/li\u003e\n\u003cli\u003eA bunch of internals related to how it tracks installed Applications and start-menu entries has been re-worked, fixing some memory issues and speeding things up.\u003c/li\u003e\n\u003cli\u003eThe default “Insight” file-manager has been given an overhaul, which includes some new features like “git” support.\u003c/li\u003e\n\u003cli\u003eA new Qt5 “lumina-calculator” has also joined the family, which means not needing to use kcalc or xcalc on TrueOS anymore.\u003c/li\u003e\n\u003cli\u003eA nice “TrueOS” specific option has also landed. Specifically now when System Updates are waiting to install at shutdown, Lumina will detect and prompt if you want to install or skip the update. Handy when on the road, or if you don’t have the time to wait for an update to complete.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bad.network/openbgpd-large-communities.html\" rel=\"nofollow\"\u003eOpenBGPD Large Communities support in –current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA blog post from OpenBSD’s Peter Hessler:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOn Friday, I committed support for Large Communities to OpenBGPD. This is a draft-RFC that I am pretty excited about.\u003c/p\u003e\n\n\u003cp\u003eBack in the early days of The Internet, when routers rode dinosaurs to work and nerds weren\u0026#39;t cool, we wanted to signal to our network neighbours certain information about routes. To be fair, we still do. But, back then everyone had 16 bit ASNs, so there was a simple concept called \u0026#39;communities\u0026#39;. This was a 32bit opaque value, that was traditionally split into two 16bit values. Conveniently, we were able to encode an \u0026quot;us\u0026quot; and a \u0026quot;them\u0026quot;, and perform actions based on what our neighbours told us.\u003c/p\u003e\n\n\u003cp\u003eBut, 16bits is pretty limiting. There could only be ~65\u0026#39;000 possible networks on The Internet total? Eeek. So, we created 32bit ASNs. 4 billion networks is seen as a quite reasonable limitation. However, you can\u0026#39;t really encode a 32bit \u0026quot;us\u0026quot; and a 32bit \u0026quot;them\u0026quot; value into 32bits of total space. Something called \u0026quot;Extended Communities\u0026quot; was invented, but it tries to solve everything except the case of a 32bit ASN signalling to another 32bit ASN.\u003c/p\u003e\n\n\u003cp\u003eEnter Large Communities. This is 3 32bit values. The first one is the \u0026quot;owner\u0026quot; of the namespace. Normally, you would put in your own ASN, or the ASN that you wish to signal. The second two 32bit values are opaque and only have meaning from the originating operator, but normally people will use \u0026quot;myasn\u0026quot;:\u0026quot;verb\u0026quot;:\u0026quot;noun\u0026quot; Or \u0026quot;myasn\u0026quot;:\u0026quot;noun\u0026quot;:\u0026quot;verb\u0026quot;. Either way, it fits very nicely.\u003c/p\u003e\n\n\u003cp\u003eHaving previously ran a 32bit ASN, it became quickly obvious the lack of suitable communities was a critical problem. It was even the way to request an \u0026quot;old style\u0026quot; 16bit ASN from RIPE, \u0026quot;I need to use communities\u0026quot;. Even the ability to say \u0026quot;do this to that ASN\u0026quot; was ugly, since you couldn\u0026#39;t really communicate who the community was supposed to matter to. Clearly, we The Internet Community screwed up by not addressing this need earlier.\u003c/p\u003e\n\n\u003cp\u003eOpenBGPD in OpenBSD -current has support for Large Communities, and this will be available in the 6.1 release and later. This was based partially on a patch from Job Snijders, thanks!\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mezzantrop.files.wordpress.com/2016/10/first-look-at-the-renewed-ctl-high-availability-implementation-in-freebsd-v1-1.pdf\" rel=\"nofollow\"\u003eFirst look at the renewed CTL High Availability implementation in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollowing up on a previous post about making a high availability dual head storage controller, the new post looks at using FreeBSD’s CTL HA implementation, and FreeBSD 11.0 to do that:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThis enhancement looks extremely important for the BeaST storage system as implementation of high available native ALUA in FreeBSD can potentially replace the BeaST arbitration mechanism (“Arbitrator”), which is completely described in the papers on the BeaST project page\u003c/p\u003e\n\n\u003cp\u003eALUA in storage world terminology means Asymmetric Logical Unit Assignment. In simple words this set of technologies allows a host to access any LUN via both controllers of a storage system\u003c/p\u003e\n\n\u003cp\u003eAs I still do not have any real hardware drive-enclosures, we will use Oracle Virtual Box and iSCSI protocol. I have already deployed this environment for the BeaST development, so we can use the similar, yet more simplified template for the renewed CTL HA testing purpose.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf anyone has access to hardware of this nature (a storage shelf with 2 heads connected to it), that they could lend the author to help validate the design on real hardware, that would be most helpful.\n\u0026gt; We will run two storage controllers (ctrl-a, ctrl-b) and a host (cln-1). A virtual SAS drive (da0) of 256 MB is configured as “shareable” in Virtual Media Manager and simultaneously connected with both storage controllers\u003c/li\u003e\n\u003cli\u003eThe basic settings are applied to both controllers\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOne interesting setting is:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ekern.cam.ctl.ha_role – configures default role for the node. So ctrl-a is set as 0 (primary node), ctrl-b – 1 (secondary node). The role also can be specified on per-LUN basis which allows to distribute LUNs over both controllers evenly.\u003cbr\u003e\nNote, kern.cam.ctl.ha_id and kern.cam.ctl.ha_mode are read-only parameters and must be set only via the /boot/loader.conf file.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOnce kern.cam.ctl.ha_peer is set, and the peers connect to each other, the log messages should reflect this:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCTL: HA link status changed from 0 to 1\u003c/li\u003e\n\u003cli\u003eCTL: HA link status changed from 1 to 2\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe link states can be: 0 – not configured, 1 – configured but not established and 2 – established\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThen ctld is configured to export /dev/da0 on each of the controllers\u003c/li\u003e\n\u003cli\u003eThen the client is booted, and uses iscsid to connect to each of the exposed targets\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003esysctl kern.iscsi.fail_on_disconnection=1 on the client is needed to drop connection with one of the controllers in case of its failure\u003c/p\u003e\n\n\u003cp\u003eAs we know that da0 and da1 on the client are the same drive, we can put them under multipathing control: gmultipath create -A HA /dev/da0 /dev/da1\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe document them shows a file being copied continuously to simulate load. Because the multipath is configured in ‘active/active’ mode, the traffic is split between the two controllers\u003c/li\u003e\n\u003cli\u003eThen the secondary controller is turned off, and iscsi disconnects that path, and gmultipath adapts and sends all of the traffic over the primary path.\u003c/li\u003e\n\u003cli\u003eWhen the secondary node is brought back up, but the primary is taken down, traffic stops\u003c/li\u003e\n\u003cli\u003eThe console on the client is filled with errors: “Logical unit not accessible, asymmetric access state transition”\u003c/li\u003e\n\u003cli\u003eThe ctl(4) man page explains: \n\u0026gt; If there is no primary node (both nodes are secondary, or secondary node has no connection to primary one), secondary node(s) report Transitioning state.\n\u0026gt; Therefore, it looks like a “normal” behavior of CTL HA cluster in a case of disaster and loss of the primary node. It also means that a very lucky administrator can restore the failed primary controller before timeouts are elapsed.\u003c/li\u003e\n\u003cli\u003eIf the primary is down, the secondary needs to be promoted by some other process (CARP maybe?): sysctl kern.cam.ctl.ha_role=0\u003c/li\u003e\n\u003cli\u003eThen traffic follows again\u003c/li\u003e\n\u003cli\u003eThis is a very interesting look at this new feature, and I hope to see more about it in the future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2016/10/is-spf-simply-too-hard-for-application.html\" rel=\"nofollow\"\u003eIs SPF Simply Too Hard for Application Developers?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeter Hansteen asks an interesting question:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Sender Policy Framework (SPF) is unloved by some, because it conflicts with some long-established SMTP email use cases. But is it also just too hard to understand and to use correctly for application developers?\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe tells a story about trying to file his Norwegian taxes, and running into a bug\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThen in August 2016, I tried to report a bug via the contact form at Altinn.no, the main tax authorities web site.\u003c/p\u003e\n\n\u003cp\u003eThe report in itself was fairly trivial: The SMS alert I had just received about an invoice for taxes due contained one date, which turned out to be my birth date rather than the invoice due date. Not a major issue, but potentially confusing to the recipient until you actually log in and download the invoice as PDF and read the actual due date and other specifics.\u003c/p\u003e\n\n\u003cp\u003eThe next time I checked my mail at bsdly.net, I found this bounce:\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"mailto:support@altinn.no\" rel=\"nofollow\"\u003esupport@altinn.no\u003c/a\u003e: SMTP error from remote mail server after RCPT TO:: host mx.isp.as2116.net [193.75.104.7]: 550 5.7.23 SPF validation failed    \u003c/p\u003e\n\n\u003cp\u003ewhich means that somebody, somewhere tried to send a message to \u003ca href=\"mailto:support@altinn.no\" rel=\"nofollow\"\u003esupport@altinn.no\u003c/a\u003e, but the message could not be delivered because the sending machine did not match the published SPF data for the sender domain.\u003c/p\u003e\n\n\u003cp\u003eWhat happened is actually quite clear even from the part quoted above: the host mx.isp.as2116.net [193.75.104.7] tried to deliver mail on my behalf (I received the bounce, remember), and since I have no agreement for mail delivery with the owners and operators of that host, it is not in bsdly.net\u0026#39;s SPF record either, and the delivery fails.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter having a bunch of other problems, he finally gets a message back from the tax authority support staff:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt looks like you have Sender Policy Framework (SPF) enabled on your mailserver, It is a known weakness of our contact form that mailervers with SPF are not supported.\u003c/p\u003e\n\n\u003cp\u003eThe obvious answer should be, as you will agree if you\u0026#39;re still reading: The form\u0026#39;s developer should place the user\u0026#39;s email address in the Reply-To: field, and send the message as its own, valid local user. That would solve the problem.\u003c/p\u003e\n\n\u003cp\u003eYes, I\u0026#39;m well aware that SPF also breaks traditional forwarding of the type generally used by mailing lists and a few other use cases. Just how afraid should we be when those same developers come to do battle with the followup specifications such as DKIM and (shudder) the full DMARC specification?\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-jobs/2016-October/000930.html\" rel=\"nofollow\"\u003eLooking for a very part-time SysAdmin\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/qb1t/status/789610796380598272\" rel=\"nofollow\"\u003eIf anyone wants to build the latest nodejs on OpenBSD...\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=147680858507662\u0026w=2\" rel=\"nofollow\"\u003eIBM considers donating Power8 servers to OpenBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://galaxy.ansible.com/vbotka/freebsd-dns/\" rel=\"nofollow\"\u003eInstall and configure DNS server in FreeBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc\" rel=\"nofollow\"\u003ebhyve vulnerability in FreeBSD 11.0 \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/8hwDVQjL\" rel=\"nofollow\"\u003e Larry - Pkg Issue\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/3nswwk90\" rel=\"nofollow\"\u003e Larry - Followup \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/pjfYWdXs\" rel=\"nofollow\"\u003e Jason - TrueOS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/2tAmR5Wz\" rel=\"nofollow\"\u003e Matias - ZFS HALP!\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/7vWvUr8K\" rel=\"nofollow\"\u003e Robroy - User/Group\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we’ve got voting news for you (No not *that* election), a closer look at","date_published":"2016-10-26T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9091a6e8-1975-46fa-b095-2894d40db0bb.mp3","mime_type":"audio/mpeg","size_in_bytes":52474324,"duration_in_seconds":4372}]},{"id":"485bcb56-a447-4684-8af7-a5b0285230af","title":"164: Virtualized COW / PI?","url":"https://www.bsdnow.tv/164","content_text":"This week on the show, we’ve got all sorts of goodies to discuss. Starting with, vmm, vkernels, raspberry pi and much more! Some iX folks are visiting from out of\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nvmm enabled \n\n\nVMM, the OpenBSD hypervisor, has been imported into current\nIt has similar hardware requirements to bhyve, a Intel Nehalem or newer CPU with the hardware virtualization features enabled in the BIOS\nAMD support has not been started yet\nOpenBSD is the only supported guest\nIt would be interesting to hear from viewers that have tried it, and hear how it does, and what still needs more work\n***\n\n\nvkernels go COW\n\n\nThe DragonflyBSD feature, vkernels, has gained a new Copy-On-Write functionality\nDisk images can now be mounted RO or RW, but changes will not be written back to the image file\nThis allows multiple vkernels to share the same disk image\n“Note that when the vkernel operates on an image in this mode, modifications will eat up system memory and swap, so the user should be cognizant of the use-case.  Still, the flexibility of being able to mount the image R+W should not be underestimated.”\nThis is another feature we’d love to hear from viewers that have tried it out.\n***\n\n\nBasic support for the RPI3 has landed in FreeBSD-CURRENT\n\n\nThe long awaited bits to allow FreeBSD to boot on the Raspberry Pi 3 have landed\nThere is still a bit of work to be done, some of the as mentioned in Oleksandr’s blog post:\nRaspberry Pi support in HEAD \n\n\n\n“Raspberry Pi 3 limited support was committed to HEAD. Most of drivers should work with upstream dtb, RNG requires attention because callout mode seems to be broken and there is no IRQ in upstream device tree file. SMP is work in progress. There are some compatibility issue with VCHIQ driver due to some assumptions that are true only for ARM platform. “\n\n\n\nThis is exciting work. No HDMI support (yet), so if you plan on trying this out make sure you have your USB-\u0026gt;Serial adapter cables ready to go.\nFull Instructions to get started with your RPI 3 can be found on the FreeBSD Wiki\nRelatively soon, I imagine there will be a RaspBSD build for the RPI3 to make it easier to get started\nEventually there will be official FreeBSD images as well\n***\n\n\nOpenBSD switches softraid crypto from PKCS5 PBKDF2 to bcrypt PBKDF.\n\n\nAfter the discussion a few weeks ago when a user wrote a tool to brute force their forgotten OpenBSD Full Disk Encryption password (from a password list of possible variations of their password), it was discovered that OpenBSD defaulted to using just 8192 iterations of PKCSv5 for the key derivation function with a SHA1-HMAC\nThe number of iterations can be manually controlled by the user when creating the softraid volume\nBy comparison, FreeBSDs GELI full disk encryption used a benchmark to pick a number of iterations that would take more than 2 seconds to complete, generally resulting in a number of iterations over 1 million on most modern hardware. The algorithm is based on a SHA512-HMAC\nHowever, inefficiency in the implementation of PKCSv5 in GELI resulted in the implementation being 50% slower than some other implementations, meaning the effective security was only about 1 second per attempt, rather than the intended 2 seconds. The improved PKCSv5 implementation is out for review currently.\nThis commit to OpenBSD changes the default key derivation function to be based on bcrypt and a SHA512-HMAC instead.\nOpenBSD also now uses a benchmark to pick a number of of iterations that will take approximately 1 second per attempt\n“One weakness of PBKDF2 is that while its number of iterations can be adjusted to make it take an arbitrarily large amount of computing time, it can be implemented with a small circuit and very little RAM, which makes brute-force attacks using application-specific integrated circuits or graphics processing units relatively cheap. The bcrypt key derivation function requires a larger amount of RAM (but still not tunable separately, i. e. fixed for a given amount of CPU time) and is slightly stronger against such attacks, while the more modern scrypt key derivation function can use arbitrarily large amounts of memory and is therefore more resistant to ASIC and GPU attacks.”\nThe upgrade to the bcrypt, which has proven to be quite resistant to cracking by GPUs is a significant enhancement to OpenBSDs encrypted softraid feature\n***\n\n\nInterview - Josh Paetzel - email@email / @bsdunix4ever\n\n\nMeetBSD\nZFS Panel\nFreeNAS - graceful network reload\nPxeboot\n***\n\n\nNews Roundup\n\nEC2's most dangerous feature\n\n\nColin Percival, FreeBSD’s unofficial EC2 maintainer, has published a blog post about “EC2's most dangerous feature”\n“As a FreeBSD developer — and someone who writes in C — I believe strongly in the idea of \"tools, not policy\". If you want to shoot yourself in the foot, I'll help you deliver the bullet to your foot as efficiently and reliably as possible. UNIX has always been built around the idea that systems administrators are better equipped to figure out what they want than the developers of the OS, and it's almost impossible to prevent foot-shooting without also limiting useful functionality. The most powerful tools are inevitably dangerous, and often the best solution is to simply ensure that they come with sufficient warning labels attached; but occasionally I see tools which not only lack important warning labels, but are also designed in a way which makes them far more dangerous than necessary. Such a case is IAM Roles for Amazon EC2.”\n“A review for readers unfamiliar with this feature: Amazon IAM (Identity and Access Management) is a service which allows for the creation of access credentials which are limited in scope; for example, you can have keys which can read objects from Amazon S3 but cannot write any objects. IAM Roles for EC2 are a mechanism for automatically creating such credentials and distributing them to EC2 instances; you specify a policy and launch an EC2 instance with that Role attached, and magic happens making time-limited credentials available via the EC2 instance metadata. This simplifies the task of creating and distributing credentials and is very convenient; I use it in my FreeBSD AMI Builder AMI, for example. Despite being convenient, there are two rather scary problems with this feature which severely limit the situations where I'd recommend using it.”\n“The first problem is one of configuration: The language used to specify IAM Policies is not sufficient to allow for EC2 instances to be properly limited in their powers. For example, suppose you want to allow EC2 instances to create, attach, detach, and delete Elastic Block Store volumes automatically — useful if you want to have filesystems automatically scaling up and down depending on the amount of data which they contain. The obvious way to do this is would be to \"tag\" the volumes belonging to an EC2 instance and provide a Role which can only act on volumes tagged to the instance where the Role was provided; while the second part of this (limiting actions to tagged volumes) seems to be possible, there is no way to require specific API call parameters on all permitted CreateVolume calls, as would be necessary to require that a tag is applied to any new volumes being created by the instance.”\n“As problematic as the configuration is, a far larger problem with IAM Roles for Amazon EC2 is access control — or, to be more precise, the lack thereof. As I mentioned earlier, IAM Role credentials are exposed to EC2 instances via the EC2 instance metadata system: In other words, they're available from http://169.254.169.254/. (I presume that the \"EC2ws\" HTTP server which responds is running in another Xen domain on the same physical hardware, but that implementation detail is unimportant.) This makes the credentials easy for programs to obtain... unfortunately, too easy for programs to obtain. UNIX is designed as a multi-user operating system, with multiple users and groups and permission flags and often even more sophisticated ACLs — but there are very few systems which control the ability to make outgoing HTTP requests. We write software which relies on privilege separation to reduce the likelihood that a bug will result in a full system compromise; but if a process which is running as user nobody and chrooted into /var/empty is still able to fetch AWS keys which can read every one of the objects you have stored in S3, do you really have any meaningful privilege separation? To borrow a phrase from Ted Unangst, the way that IAM Roles expose credentials to EC2 instances makes them a very effective exploit mitigation mitigation technique.”\n“To make it worse, exposing credentials — and other metadata, for that matter — via HTTP is completely unnecessary. EC2 runs on Xen, which already has a perfectly good key-value data store for conveying metadata between the host and guest instances. It would be absolutely trivial for Amazon to place EC2 metadata, including IAM credentials, into XenStore; and almost as trivial for EC2 instances to expose XenStore as a filesystem to which standard UNIX permissions could be applied, providing IAM Role credentials with the full range of access control functionality which UNIX affords to files stored on disk. Of course, there is a lot of code out there which relies on fetching EC2 instance metadata over HTTP, and trivial or not it would still take time to write code for pushing EC2 metadata into XenStore and exposing it via a filesystem inside instances; so even if someone at AWS reads this blog post and immediately says \"hey, we should fix this\", I'm sure we'll be stuck with the problems in IAM Roles for years to come.”\n“So consider this a warning label: IAM Roles for EC2 may seem like a gun which you can use to efficiently and reliably shoot yourself in the foot; but in fact it's more like a gun which is difficult to aim and might be fired by someone on the other side of the room snapping his fingers. Handle with care!”\n***\n\n\nOpen-source storage that doesn't suck? Our man tries to break TrueNAS\n\n\nThe storage reviewer over at TheRegister got their hands on a TrueNAS and gave it a try\n“Data storage is difficult, and ZFS-based storage doubly so. There's a lot of money to be made if you can do storage right, so it's uncommon to see a storage company with an open-source model deliver storage that doesn't suck.”\n“To become TrueNAS, FreeNAS's code is feature-frozen and tested rigorously. Bleeding-edge development continues with FreeNAS, and FreeNAS comes with far fewer guarantees than does TrueNAS.”\n“iXsystems provided a Z20 hybrid storage array. The Z20 is a dual-controller, SAS-based, high-availability, hybrid storage array. The testing unit came with a 2x 10GbE NIC per controller and retails around US$24k. The unit shipped with 10x 300GB 10k RPM magnetic hard drives, an 8GB ZIL SSD and a 200GB L2ARC SSD. 50GiB of RAM was dedicated to the ARC by the system's autotune feature.”\nThe review tests the performance of the TrueNAS, which they found acceptable for spinning rust, but they also tested the HA features\nWhile the look of the UI didn’t impress them, the functionality and built in help did\n“The UI contains truly excellent mouseover tooltips that provide detailed information and rationale for almost every setting. An experienced sysadmin will be able to navigate the TrueNAS UI with ease. An experienced storage admin who knows what all the terms mean won't have to refer to a wiki or the more traditional help manual, but the same can't be said for the uninitiated.”\n“After a lot of testing, I'd trust my data to the TrueNAS. I am convinced that it will ensure the availability of my data to within any reasonable test, and do so as a high availability solution. That's more than I can say for a lot of storage out there.”\n“iXsystems produce a storage array that is decent enough to entice away some existing users of the likes of EMC, NetApp, Dell or HP. Honestly, that's not something I thought possible going into this review. It's a nice surprise.”\n***\n\n\nOpenBSD now officially on GitHub\n\n\nGot a couple of new OpenBSD items to bring to your attention today.\nFirst up, for those who didn’t know, OpenBSD development has (always?) taken place in CVS, similar to NetBSD and previously FreeBSD. \nHowever today, Git fans can rejoice, since there is now an “official” read-only github mirror of their sources for public consumption.\nSince this is read-only, I will assume (unless told otherwise) that pull-requests and whatnot aren’t taken. But this will come in handy for the “git-enabled” among us who need an easier way to checkout OpenBSD sources.\nThere is also not yet a guarantee about the stability of the exporter. If you base a fork on the github branch, and something goes wrong with the exporter, the data may be reexported with different hashes, making it difficult to rebase your fork.\n\n\nHow to install LibertyBSD or OpenBSD on a libreboot system\n\n\nFor the second part of our OpenBSD stories, we have a pretty detailed document posted over at LibreBoot.org with details on how to boot-strap OpenBSD (Or LibertyBSD) using their open-source bios replacement.\nWe’ve covered blog posts and other tidbits about this process in the past, but this seems to be the definitive version  (so far)  to reference.\nSome of the niceties include instructions on getting the USB image formatted not just on OpenBSD, but also FreeBSD, Linux and NetBSD.\nInstructions on how to boot without full-disk-encryption are provided, with a mention that so far Libreboot + Grub does not support FDE (yet). I would imagine somebody will need to port over the openBSD FDE crypto support to GRUB, as was done with GELI at some point.\nLastly some instructions on how to configure grub, and troubleshoot if something goes wrong will help round-out this story. Give it a whirl, let us know if you run into issues.\nEditorial Aside - Personally I find the libreboot stuff fascinating. It really is one of the last areas that we don’t have full control of our systems with open-source. With the growth of EFI, it seems we rely on a closed-source binary / mini-OS of sorts just to boot our Open Source solutions, which needs to be addressed. Hats off to the LibreBoot folks for taking on this important challenge.\n***\n\n\nFreeNAS 9.10 – LAGG \u0026amp; VLAN Overview\n\n\nA video tutorial on FreeNAS’s official YouTube Channel\nCovers the advanced networking features, Link Aggregation and VLANs\nCovers what the features do, and in the case of LAGG, how each of the modes work and when you might want to use it\n***\n\n\nBeastie Bits\n\n\nRemote BSD Developer Position is up for grabs\nIsilon is hiring for a FreeBSD Security position \nGoogle has ported the Networked real-time multi-player BSD game\nA bunch of OpenBSD Tips\nThe last OpenBSD 6.0 Limited Edition CD has sold\nDan spots George Neville-Neil on TV at the Airport  \ngnn on CNN \nSoloBSD releases v 6.0 built upon OpenBSD\nUpcoming KnoxBug looks at PacBSD - Oct 25th \n\n\n\n\nFeedback/Questions\n\n\n Morgan - Ports and Packages \n Mat - ZFS Memory \n Thomas - FreeBSD Path Length \n Cy - OpenBSD and NetHogs \n Lars - Editors \n***\n","content_html":"\u003cp\u003eThis week on the show, we’ve got all sorts of goodies to discuss. Starting with, vmm, vkernels, raspberry pi and much more! Some iX folks are visiting from out of\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20161012092516\u0026mode=flat\u0026count=15\" rel=\"nofollow\"\u003evmm enabled \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVMM, the OpenBSD hypervisor, has been imported into current\u003c/li\u003e\n\u003cli\u003eIt has similar hardware requirements to bhyve, a Intel Nehalem or newer CPU with the hardware virtualization features enabled in the BIOS\u003c/li\u003e\n\u003cli\u003eAMD support has not been started yet\u003c/li\u003e\n\u003cli\u003eOpenBSD is the only supported guest\u003c/li\u003e\n\u003cli\u003eIt would be interesting to hear from viewers that have tried it, and hear how it does, and what still needs more work\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-October/624675.html\" rel=\"nofollow\"\u003evkernels go COW\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe DragonflyBSD feature, vkernels, has gained a new Copy-On-Write functionality\u003c/li\u003e\n\u003cli\u003eDisk images can now be mounted RO or RW, but changes will not be written back to the image file\u003c/li\u003e\n\u003cli\u003eThis allows multiple vkernels to share the same disk image\u003c/li\u003e\n\u003cli\u003e“Note that when the vkernel operates on an image in this mode, modifications will eat up system memory and swap, so the user should be cognizant of the use-case.  Still, the flexibility of being able to mount the image R+W should not be underestimated.”\u003c/li\u003e\n\u003cli\u003eThis is another feature we’d love to hear from viewers that have tried it out.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/arm64/rpi3\" rel=\"nofollow\"\u003eBasic support for the RPI3 has landed in FreeBSD-CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe long awaited bits to allow FreeBSD to boot on the Raspberry Pi 3 have landed\u003c/li\u003e\n\u003cli\u003eThere is still a bit of work to be done, some of the as mentioned in Oleksandr’s blog post:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://kernelnomicon.org/?p=690\" rel=\"nofollow\"\u003eRaspberry Pi support in HEAD\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Raspberry Pi 3 limited support was committed to HEAD. Most of drivers should work with upstream dtb, RNG requires attention because callout mode seems to be broken and there is no IRQ in upstream device tree file. SMP is work in progress. There are some compatibility issue with VCHIQ driver due to some assumptions that are true only for ARM platform. “\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is exciting work. No HDMI support (yet), so if you plan on trying this out make sure you have your USB-\u0026gt;Serial adapter cables ready to go.\u003c/li\u003e\n\u003cli\u003eFull Instructions to get started with your RPI 3 can be found on the \u003ca href=\"https://wiki.freebsd.org/arm64/rpi3\" rel=\"nofollow\"\u003eFreeBSD Wiki\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelatively soon, I imagine there will be a RaspBSD build for the RPI3 to make it easier to get started\u003c/li\u003e\n\u003cli\u003eEventually there will be official FreeBSD images as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/openbsd/src/commit/2ba69c71e92471fe05f305bfa35aeac543ebec1f\" rel=\"nofollow\"\u003eOpenBSD switches softraid crypto from PKCS5 PBKDF2 to bcrypt PBKDF.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter the discussion a few weeks ago when a user wrote a tool to brute force their forgotten OpenBSD Full Disk Encryption password (from a password list of possible variations of their password), it was discovered that OpenBSD defaulted to using just 8192 iterations of PKCSv5 for the key derivation function with a SHA1-HMAC\u003c/li\u003e\n\u003cli\u003eThe number of iterations can be manually controlled by the user when creating the softraid volume\u003c/li\u003e\n\u003cli\u003eBy comparison, FreeBSDs GELI full disk encryption used a benchmark to pick a number of iterations that would take more than 2 seconds to complete, generally resulting in a number of iterations over 1 million on most modern hardware. The algorithm is based on a SHA512-HMAC\u003c/li\u003e\n\u003cli\u003eHowever, inefficiency in the implementation of PKCSv5 in GELI resulted in the implementation being 50% slower than some other implementations, meaning the effective security was only about 1 second per attempt, rather than the intended 2 seconds. The improved PKCSv5 implementation is out for review currently.\u003c/li\u003e\n\u003cli\u003eThis commit to OpenBSD changes the default key derivation function to be based on bcrypt and a SHA512-HMAC instead.\u003c/li\u003e\n\u003cli\u003eOpenBSD also now uses a benchmark to pick a number of of iterations that will take approximately 1 second per attempt\u003c/li\u003e\n\u003cli\u003e“One weakness of PBKDF2 is that while its number of iterations can be adjusted to make it take an arbitrarily large amount of computing time, it can be implemented with a small circuit and very little RAM, which makes brute-force attacks using application-specific integrated circuits or graphics processing units relatively cheap. The bcrypt key derivation function requires a larger amount of RAM (but still not tunable separately, i. e. fixed for a given amount of CPU time) and is slightly stronger against such attacks, while the more modern scrypt key derivation function can use arbitrarily large amounts of memory and is therefore more resistant to ASIC and GPU attacks.”\u003c/li\u003e\n\u003cli\u003eThe upgrade to the bcrypt, which has proven to be quite resistant to cracking by GPUs is a significant enhancement to OpenBSDs encrypted softraid feature\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Josh Paetzel - \u003ca href=\"mailto:email@email\" rel=\"nofollow\"\u003eemail@email\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdunix4ever\" rel=\"nofollow\"\u003e@bsdunix4ever\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eMeetBSD\u003c/li\u003e\n\u003cli\u003eZFS Panel\u003c/li\u003e\n\u003cli\u003eFreeNAS - graceful network reload\u003c/li\u003e\n\u003cli\u003ePxeboot\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2016-10-09-EC2s-most-dangerous-feature.html\" rel=\"nofollow\"\u003eEC2\u0026#39;s most dangerous feature\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin Percival, FreeBSD’s unofficial EC2 maintainer, has published a blog post about “EC2\u0026#39;s most dangerous feature”\u003c/li\u003e\n\u003cli\u003e“As a FreeBSD developer — and someone who writes in C — I believe strongly in the idea of \u0026quot;tools, not policy\u0026quot;. If you want to shoot yourself in the foot, I\u0026#39;ll help you deliver the bullet to your foot as efficiently and reliably as possible. UNIX has always been built around the idea that systems administrators are better equipped to figure out what they want than the developers of the OS, and it\u0026#39;s almost impossible to prevent foot-shooting without also limiting useful functionality. The most powerful tools are inevitably dangerous, and often the best solution is to simply ensure that they come with sufficient warning labels attached; but occasionally I see tools which not only lack important warning labels, but are also designed in a way which makes them far more dangerous than necessary. Such a case is IAM Roles for Amazon EC2.”\u003c/li\u003e\n\u003cli\u003e“A review for readers unfamiliar with this feature: Amazon IAM (Identity and Access Management) is a service which allows for the creation of access credentials which are limited in scope; for example, you can have keys which can read objects from Amazon S3 but cannot write any objects. IAM Roles for EC2 are a mechanism for automatically creating such credentials and distributing them to EC2 instances; you specify a policy and launch an EC2 instance with that Role attached, and magic happens making time-limited credentials available via the EC2 instance metadata. This simplifies the task of creating and distributing credentials and is very convenient; I use it in my FreeBSD AMI Builder AMI, for example. Despite being convenient, there are two rather scary problems with this feature which severely limit the situations where I\u0026#39;d recommend using it.”\u003c/li\u003e\n\u003cli\u003e“The first problem is one of configuration: The language used to specify IAM Policies is not sufficient to allow for EC2 instances to be properly limited in their powers. For example, suppose you want to allow EC2 instances to create, attach, detach, and delete Elastic Block Store volumes automatically — useful if you want to have filesystems automatically scaling up and down depending on the amount of data which they contain. The obvious way to do this is would be to \u0026quot;tag\u0026quot; the volumes belonging to an EC2 instance and provide a Role which can only act on volumes tagged to the instance where the Role was provided; while the second part of this (limiting actions to tagged volumes) seems to be possible, there is no way to require specific API call parameters on all permitted CreateVolume calls, as would be necessary to require that a tag is applied to any new volumes being created by the instance.”\u003c/li\u003e\n\u003cli\u003e“As problematic as the configuration is, a far larger problem with IAM Roles for Amazon EC2 is access control — or, to be more precise, the lack thereof. As I mentioned earlier, IAM Role credentials are exposed to EC2 instances via the EC2 instance metadata system: In other words, they\u0026#39;re available from \u003ca href=\"http://169.254.169.254/\" rel=\"nofollow\"\u003ehttp://169.254.169.254/\u003c/a\u003e. (I presume that the \u0026quot;EC2ws\u0026quot; HTTP server which responds is running in another Xen domain on the same physical hardware, but that implementation detail is unimportant.) This makes the credentials easy for programs to obtain... unfortunately, too easy for programs to obtain. UNIX is designed as a multi-user operating system, with multiple users and groups and permission flags and often even more sophisticated ACLs — but there are very few systems which control the ability to make outgoing HTTP requests. We write software which relies on privilege separation to reduce the likelihood that a bug will result in a full system compromise; but if a process which is running as user nobody and chrooted into /var/empty is still able to fetch AWS keys which can read every one of the objects you have stored in S3, do you really have any meaningful privilege separation? To borrow a phrase from Ted Unangst, the way that IAM Roles expose credentials to EC2 instances makes them a very effective exploit mitigation mitigation technique.”\u003c/li\u003e\n\u003cli\u003e“To make it worse, exposing credentials — and other metadata, for that matter — via HTTP is completely unnecessary. EC2 runs on Xen, which already has a perfectly good key-value data store for conveying metadata between the host and guest instances. It would be absolutely trivial for Amazon to place EC2 metadata, including IAM credentials, into XenStore; and almost as trivial for EC2 instances to expose XenStore as a filesystem to which standard UNIX permissions could be applied, providing IAM Role credentials with the full range of access control functionality which UNIX affords to files stored on disk. Of course, there is a lot of code out there which relies on fetching EC2 instance metadata over HTTP, and trivial or not it would still take time to write code for pushing EC2 metadata into XenStore and exposing it via a filesystem inside instances; so even if someone at AWS reads this blog post and immediately says \u0026quot;hey, we should fix this\u0026quot;, I\u0026#39;m sure we\u0026#39;ll be stuck with the problems in IAM Roles for years to come.”\u003c/li\u003e\n\u003cli\u003e“So consider this a warning label: IAM Roles for EC2 may seem like a gun which you can use to efficiently and reliably shoot yourself in the foot; but in fact it\u0026#39;s more like a gun which is difficult to aim and might be fired by someone on the other side of the room snapping his fingers. Handle with care!”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.theregister.co.uk/2016/10/18/truenas_review/\" rel=\"nofollow\"\u003eOpen-source storage that doesn\u0026#39;t suck? Our man tries to break TrueNAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe storage reviewer over at TheRegister got their hands on a TrueNAS and gave it a try\u003c/li\u003e\n\u003cli\u003e“Data storage is difficult, and ZFS-based storage doubly so. There\u0026#39;s a lot of money to be made if you can do storage right, so it\u0026#39;s uncommon to see a storage company with an open-source model deliver storage that doesn\u0026#39;t suck.”\u003c/li\u003e\n\u003cli\u003e“To become TrueNAS, FreeNAS\u0026#39;s code is feature-frozen and tested rigorously. Bleeding-edge development continues with FreeNAS, and FreeNAS comes with far fewer guarantees than does TrueNAS.”\u003c/li\u003e\n\u003cli\u003e“iXsystems provided a Z20 hybrid storage array. The Z20 is a dual-controller, SAS-based, high-availability, hybrid storage array. The testing unit came with a 2x 10GbE NIC per controller and retails around US$24k. The unit shipped with 10x 300GB 10k RPM magnetic hard drives, an 8GB ZIL SSD and a 200GB L2ARC SSD. 50GiB of RAM was dedicated to the ARC by the system\u0026#39;s autotune feature.”\u003c/li\u003e\n\u003cli\u003eThe review tests the performance of the TrueNAS, which they found acceptable for spinning rust, but they also tested the HA features\u003c/li\u003e\n\u003cli\u003eWhile the look of the UI didn’t impress them, the functionality and built in help did\u003c/li\u003e\n\u003cli\u003e“The UI contains truly excellent mouseover tooltips that provide detailed information and rationale for almost every setting. An experienced sysadmin will be able to navigate the TrueNAS UI with ease. An experienced storage admin who knows what all the terms mean won\u0026#39;t have to refer to a wiki or the more traditional help manual, but the same can\u0026#39;t be said for the uninitiated.”\u003c/li\u003e\n\u003cli\u003e“After a lot of testing, I\u0026#39;d trust my data to the TrueNAS. I am convinced that it will ensure the availability of my data to within any reasonable test, and do so as a high availability solution. That\u0026#39;s more than I can say for a lot of storage out there.”\u003c/li\u003e\n\u003cli\u003e“iXsystems produce a storage array that is decent enough to entice away some existing users of the likes of EMC, NetApp, Dell or HP. Honestly, that\u0026#39;s not something I thought possible going into this review. It\u0026#39;s a nice surprise.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/openbsd\" rel=\"nofollow\"\u003eOpenBSD now officially on GitHub\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGot a couple of new OpenBSD items to bring to your attention today.\u003c/li\u003e\n\u003cli\u003eFirst up, for those who didn’t know, OpenBSD development has (always?) taken place in CVS, similar to NetBSD and previously FreeBSD. \u003c/li\u003e\n\u003cli\u003eHowever today, Git fans can rejoice, since there is now an “official” read-only github mirror of their sources for public consumption.\u003c/li\u003e\n\u003cli\u003eSince this is read-only, I will assume (unless told otherwise) that pull-requests and whatnot aren’t taken. But this will come in handy for the “git-enabled” among us who need an easier way to checkout OpenBSD sources.\u003c/li\u003e\n\u003cli\u003eThere is also not yet a guarantee about the stability of the exporter. If you base a fork on the github branch, and something goes wrong with the exporter, the data may be reexported with different hashes, making it difficult to rebase your fork.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://libreboot.org/docs/bsd/openbsd.html\" rel=\"nofollow\"\u003eHow to install LibertyBSD or OpenBSD on a libreboot system\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor the second part of our OpenBSD stories, we have a pretty detailed document posted over at LibreBoot.org with details on how to boot-strap OpenBSD (Or LibertyBSD) using their open-source bios replacement.\u003c/li\u003e\n\u003cli\u003eWe’ve covered blog posts and other tidbits about this process in the past, but this seems to be the definitive version  (so far)  to reference.\u003c/li\u003e\n\u003cli\u003eSome of the niceties include instructions on getting the USB image formatted not just on OpenBSD, but also FreeBSD, Linux and NetBSD.\u003c/li\u003e\n\u003cli\u003eInstructions on how to boot without full-disk-encryption are provided, with a mention that so far Libreboot + Grub does not support FDE (yet). I would imagine somebody will need to port over the openBSD FDE crypto support to GRUB, as was done with GELI at some point.\u003c/li\u003e\n\u003cli\u003eLastly some instructions on how to configure grub, and troubleshoot if something goes wrong will help round-out this story. Give it a whirl, let us know if you run into issues.\u003c/li\u003e\n\u003cli\u003eEditorial Aside - Personally I find the libreboot stuff fascinating. It really is one of the last areas that we don’t have full control of our systems with open-source. With the growth of EFI, it seems we rely on a closed-source binary / mini-OS of sorts just to boot our Open Source solutions, which needs to be addressed. Hats off to the LibreBoot folks for taking on this important challenge.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=wqSH_uQSArQ\" rel=\"nofollow\"\u003eFreeNAS 9.10 – LAGG \u0026amp; VLAN Overview\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA video tutorial on FreeNAS’s official YouTube Channel\u003c/li\u003e\n\u003cli\u003eCovers the advanced networking features, Link Aggregation and VLANs\u003c/li\u003e\n\u003cli\u003eCovers what the features do, and in the case of LAGG, how each of the modes work and when you might want to use it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.cybercoders.com/bsd-developer-remote-job-305206\" rel=\"nofollow\"\u003eRemote BSD Developer Position is up for grabs\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/jeamland/status/785965716717441024\" rel=\"nofollow\"\u003eIsilon is hiring for a FreeBSD Security position \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/google/web-bsd-hunt\" rel=\"nofollow\"\u003eGoogle has ported the Networked real-time multi-player BSD game\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.vincentdelft.be\" rel=\"nofollow\"\u003eA bunch of OpenBSD Tips\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.ebay.com/itm/-/332000602939\" rel=\"nofollow\"\u003eThe last OpenBSD 6.0 Limited Edition CD has sold\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/DLangille/status/788477000876892162\" rel=\"nofollow\"\u003eDan spots George Neville-Neil on TV at the Airport \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=h7zlxgtBA6o\" rel=\"nofollow\"\u003egnn on CNN\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://solobsd.blogspot.com/2016/10/release-solobsd-60-openbsd-edition.html\" rel=\"nofollow\"\u003eSoloBSD releases v 6.0 built upon OpenBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://knoxbug.org/content/2016-10-25\" rel=\"nofollow\"\u003eUpcoming KnoxBug looks at PacBSD - Oct 25th\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Kr9ykKTu\" rel=\"nofollow\"\u003e Morgan - Ports and Packages\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/EwpTpp6D\" rel=\"nofollow\"\u003e Mat - ZFS Memory\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/HYMPtfjz\" rel=\"nofollow\"\u003e Thomas - FreeBSD Path Length\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/vGxZHMWE\" rel=\"nofollow\"\u003e Cy - OpenBSD and NetHogs\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/5FMz116T\" rel=\"nofollow\"\u003e Lars - Editors\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we’ve got all sorts of goodies to discuss. Starting with, vmm, vkernels, raspberry pi and much more! Some iX folks are visiting from out of","date_published":"2016-10-19T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/485bcb56-a447-4684-8af7-a5b0285230af.mp3","mime_type":"audio/mpeg","size_in_bytes":72447988,"duration_in_seconds":6037}]},{"id":"da2fb252-95f1-407c-a537-6124802c6003","title":"163: Return of the Cantrill","url":"https://www.bsdnow.tv/163","content_text":"The wait is over, 11.0 of FreeBSD has (officially) launched. We’ll have coverage of this, plus a couple looks back at UNIX history, and a crowd-favorite guest today.\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nFreeBSD 11.0-RELEASE Now Available\n\n\nFreeBSD 11.0-RELEASE is now officially out.\nA last minute reroll to pickup OpenSSL updates and a number of other security fixes meant the release was a little behind schedule, and shipped as 11.0-RELEASE-p1, but the release is better for it\nImproved support for 802.11n and various wifi drivers\nSupport for the AArch64 (arm64) architecture has been added.\nNative graphics support has been added to the bhyve(8) hypervisor.\nA new flag, “onifconsole” has been added to /etc/ttys. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off.\nThe xz(1) utility has been updated to support multi-threaded compression.\nA number of kernel panics related to VNET have been fixed\nThe IMAGACT_BINMISC kernel configuration option has been enabled by default, which enables application execution through emulators, such as QEMU via binmiscctl(8).\nThe GENERIC kernel configuration has been updated to include the IPSEC option by default.\nThe kern.osrelease and kern.osreldate are now configurable jail(8) parameters\nA new sysctl(8), kern.racct.enable, has been added, which when set to a non-zero value allows using rctl(8) with the GENERIC kernel. A new kernel configuration option, RACCT_DISABLED has also been added.\nThe minimum (arc_min) and maximum (arc_max) values for the ZFS adaptive replacement cache can be modified at runtime.\nChanges to watch out for:\n\n\nOpenSSH DSA key generation has been disabled by default. It is important to update OpenSSH keys prior to upgrading. Additionally, Protocol 1 support has been removed.\nBy default, the ifconfig(8) utility will set the default regulatory domain to FCC on wireless interfaces. As a result, newly created wireless interfaces with default settings will have less chance to violate country-specific regulations.\nAn issue was discovered with Amazon® EC2™ images which would cause the virtual machine to hang during boot when upgrading from previous FreeBSD versions. New EC2™ installations are not affected, but existing installations running earlier releases are advised to wait until the issue is resolved in an Errata Notice before upgrading. An Errata Notice to address this is planned following the release.\n***\n\n\n\nprocess listing consistency\n\n\nTed Unangst asks: how consistent is the output of ps(1)?\nIf processes are starting and exiting constantly, and you run ps(1), is the output guaranteed to reflect that exact moment in time, or might it include some processes that have gone away before ps(1) exited, and include some processes that did not exist when ps(1) was started?\nTed provides a little example chicken/egg program to try to create such an inconsistency, so you can test out your OS\nOn OpenBSD ps(1) was switched away from the reading kernel memory directly, and instead uses the KERN_PROC_ALL sysctl\n\n\n\nThus sysctl can iterate over the entire process list, copying out information to ps(1), without blocking. If we prevent processes from forking or exiting during this time, we get a consistent snapshot. The snapshot may be stale, but it will never show us a viewpoint that never happened.\n\n\n\nSo, OpenBSD will always be consistent, or will it?\n\n\n\nIs there a way to trick ps on OpenBSD? Not everything is consistent. There’s a separate sysctl, KERN_PROC_ARGV, that reads the command line arguments for a process, but it only works on one process at a time. Processes can modify their own argv at any time.\n\n\n\nA second test program changes the process title of both the chicken and the egg, and if you run ps(1), you can get back a result that never actually happened.\nThe argv of the first program is read by ps(1), and in the meantime, it changes to a different value. The second program also changes its value, so now when ps(1) reads it, it sees the new value, not the original value from when ps(1) was started.\nSo the output is not that consistent, but is it worth the effort to try to make it so?\n\n\n\n\nDragonFlyBSD - if_iwm - Add basic powermanagement support via ifconfig wlan0 powersave\n\n\nWiFi can often be one of the biggest drains on your laptop battery, so anything we can do to improve the situation should be embraced. \nImre Vadász over at the DragonFly project has done that, porting over a new set of power management support from Linux to the if_iwm driver. \n\n\n\nif_iwm - Add basic powermanagement support via ifconfig wlan0 powersave.\n\n\nThe DEVICE_POWER_FLAGS_CAM_MSK flag was removed in the upstream iwlwifi in Linux commit ceef91c89480dd18bb3ac51e91280a233d0ca41f.\nAdd sc_ps_disabled flag to struct iwm_softc, which corresponds to mvm-\u0026gt;ps_disabled in struct iwl_mvm in Linux iwlwifi.\nAdds a hw.iwm.power_scheme tunable which corresponds to the power_scheme module parameter in Linux iwlwifi. Set this to 1 for completely disabling power management, 2 (default) for balanced powermanagement, and 3 for lowerpower mode (which does dtim period skipping).\n\n\nImports the constants.h file from iwlwifi as if_iwm_constants.h.\nThis doesn't allow changing the powermanagement setting while connected,\nalso one can only choose between enabled and disabled powersaving with\nifconfig (so switching between balanced and low-power mode requires\nrebooting to change the tunable).\nAfter any changes to powermanagement (i.e. \"ifconfig wlan0 powersave\" to\nenable powermanagement, or \"ifconfig wlan0 -powersave\" for disabling\npowermanagement), one has to disconnect and reconnect to the accespoint\nfor the change to take effect.“\n\n\n\n\n\nGood stuff! These positive changes need to happen more often and sooner, so we can all eek out every drop of power from our respective laptops.\n***\n\n\nHelping out an Internet Friend…Dual boot OpenBSD \n\n\nDual-booting OpenBSD and Linux, via UEFI. A year ago we wouldn’t be discussing this, but today we have an article where somebody has done exactly that.\nThis Journey was undertaken by Brian Everly (Indiana Bug), partly due to a friend who wanted to dual-boot his laptop which already has an existing UEFI install on it.\nAs a proof of concept, he began by replicating the setup in VMware with UEFI\nHe started by throwing Ubuntu into the VM, with some special attention paid to partitioning to ensure enough room left-over for OpenBSD later.\n\n\n\nI created a 64MB EFI partition at the front of the disk. Next, I created a 20GB primary partition at the beginning of the space, mounted as the root (/) filesystem.\n\nI then added a 4096MB swap partition for Ubuntu. Finally, I used the rest of the free space to create a Reserved BIOS Boot Area FAT32 partition that was not associated with a mount point – this is where I will be installing OpenBSD.\n\n\n\nWith that done, he wrapped up the Ubuntu installation and then turned over to to the OpenBSD side. Some manual partitioning was required to install to the “Reserved FAT32” partition.\n\n\n\nI mashed through the defaults in the OpenBSD installer until I got to the disk partitioning.  Since I told VMWare to make my hard drive an IDE one, I knew I was playing around with wd0 and not sd0 (my USB key).  I dumped into fdisk by selecting to (E)dit the partition scheme and saw my setup from Linux.  First was the EFI partition (I am guessing I’ll have to copy my bootx64.efi file to that at some point), second was the Linux etx4 partition, third was my Linux swap partition and fourth was a weird looking one that is the “Reserved BIOS Boot” partition.  That’s the one I’ll fiddle with.\n\nIssuing the command “edit 3” allowed me to fiddle with that partition #3 (remember, we start counting at zero).  I set it’s type to “A6” (OpenBSD) and then took the defaults with the exception of naming it “OpenBSD”.  A quick “write” followed by a “quit” allowed me to update my new partition and get back to the installer.\n\n\n\nOnce the installation was wrapped up (OpenBSD helpfully already created the /boot/EFI partition with the correct EFI loader installed) he was able to reboot and select between the two systems at the UEFI bios screen.\nFor kicks, he lastly went into Ubuntu and grabbed refind. Installing refind provided a fancy graphical selector between the two systems without too much trouble.\nNext step will be to replicate this process on his friend’s laptop. Wishing you luck with that journey!\n\n\n\n\nInterview - Bryan Cantrill - email@email / @twitter\n\n\nCTO of Joyent\n***\n\n\nNews Roundup\n\nAfter 22 Years, 386BSD Gets An Update\n\n\nSlashdot brings us an interesting mention this week, specifically that after 22 years, we now have an update to 386BSD.\n\n\n\n386BSD was last released back in 1994 with a series of articles in Dr. Dobb's Journal -- but then developers for this BSD-based operating system started migrating to both FreeBSD and NetBSD. An anonymous Slashdot reader writes: The last known public release was version 0.1. Until Wednesday, when Lynne Jolitz, one of the co-authors of 386BSD, released the source code to version 1.0 as well as 2.0 on Github.\n\n386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds's math emulation code in the source code of 386BSD. To quote Linus: \"If 386BSD had been available when I started on Linux, Linux would probably never had happened.”\n\nThough it was designed for Intel 80386 microprocessors, there's already instructions for launching it on the hosted hardware virtualization service Qemu.\n\n\n\nThere you have it! Go grab the new hotness that is 386BSD and run it in 2016! Or perhaps you want FreeBSD 11, but to each their own.\n***\n\n\nProgress of the OpenBSD Limited Edition Signed CD set\n\n\nAn update from a story last week! We mentioned the “very” limited edition OpenBSD 6.0 signed CD sets that had gone up for Auction on Ebay. (With proceeds to support for Foundation)\nAs of today, here’s where we stand:\n\n\nCD set #1 (Sep 29th + 5 days) sold for $4200\nCD set #2 (Oct 4th + 3 days) sold for $3000\nCD set #3 (Oct 8th + 3 days) sold for $817\nCD set #4 (Oct 11th + 3 days) is currently up for bidding\n\nThere you have it! The 4th set is almost wrapped up bidding, and the 5th and last set is not far behind. Be sure to grab your piece of BSD history before its gone!\n\n\n\n\nPROTOTYPE FreeBSD Jail/ZFS based implementation of the Application Container Specification\n\n\n“Jetpack is an experimental and incomplete implementation of the App Container Specification for FreeBSD. It uses jails as isolation mechanism, and ZFS for layered storage.”\n“This document uses some language used in Rocket, the reference implementation of the App Container Specification. While the documentation will be expanded in the future, currently you need to be familiar at least with Rocket's README to understand everything.”\n\n\nA standard with multiple implementations, that allow substitution of components, such as FreeBSD Jails instead of docker/lxc etc, and ZFS instead of overlayfs etc, is very exciting\n***\n\n\n\nMicrosoft’s Forgotten Unix-based Operating System\n\n\nDo you remember the good old days. You know, when Microsoft was the driving force behind UNIX? Wait, what did you say you may be thinking? It’s true, and lets sit back and let FossBytes tell us a tale of what once was reality.\nThe story begins sometime in the late 70’s:\n\n\n\nTurning back the pages to the late 1970’s, Microsoft entered into an agreement with AT\u0026amp;T Corporation to license Unix from AT\u0026amp;T. While the company didn’t sell the OS to public, it licensed it to other OEM vendors like Intel, SCO, and Tandy.\n\nAs Microsoft had to face legal trouble due to “Unix” name, the company renamed it and came up with its own Unix distribution. So, AT\u0026amp;T licensed Unix to Redmond that was passed on to other OEMs as Xenix.\n\nIt’s interesting to recall a time when Microsoft enabled people to run Unix — an operating system originally designed for large and multiuser systems — on a microcomputer. Even though it came first, Unix was probably more powerful than MS-DOS.\n\n\n\nSo whatever happened to this microsoft-flavored UNIX you may ask? Sadly it was ditched for DOS due to $REASONS:\n\n\n\nIn early 1980’s, IBM was looking for an OS to power its PC. As IBM didn’t want to maintain any ties with the recently split AT\u0026amp;T, Xenix was automatically rejected. To fulfill, the tech giant’s demand, Microsoft bought 86-DOS from Seattle Computer Products and managed to convince IBM to use it in their systems.\n\nSlowly, Microsoft started losing interest in Xenix and traded the full rights of Xenix with SCO, a Xenix partner company. The company filed bankruptcy in 2007 before taking the Xenix legacy to the 21st century in the form of Open Server, previously known as SCO Unix and SCO Open Desktop.\n\n\n\nAn interesting chapter in UNIX history to be sure, and funny enough may come full-circle someday with Microsoft beginning to show interest in UNIX and BSD once again.\n***\n\n\nBeastie Bits\n\n\nOhio LinuxFest 2016 wrap-up\nLearn X in Y minutes Where X=zfs\nAdd touchscreen support for the official 7\" RPi touch display  \n64-bit U-Boot on Raspberry Pi 3 \nSNIA SDC 2016 Recap: Michael Dexter\nOpenZFS: Stronger than ever \nAccurate, Traceable, and Verifiable Time Synchronization for World Financial Markets \nON HOLY WARS AND A PLEA FOR PEACE \n\n\n\n\nFeedback/Questions\n\n\n Morgan - Zero-Filling an VM \n Charlie - ZFS Bit-Rot \n Matias - TrueOS / Launchd \n Dale - DO Feedback \n James - DO / FreeBSD Locks? \n***\n","content_html":"\u003cp\u003eThe wait is over, 11.0 of FreeBSD has (officially) launched. We’ll have coverage of this, plus a couple looks back at UNIX history, and a crowd-favorite guest today.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2016-October/001760.html\" rel=\"nofollow\"\u003eFreeBSD 11.0-RELEASE Now Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 11.0-RELEASE is now officially out.\u003c/li\u003e\n\u003cli\u003eA last minute reroll to pickup OpenSSL updates and a number of other security fixes meant the release was a little behind schedule, and shipped as 11.0-RELEASE-p1, but the release is better for it\u003c/li\u003e\n\u003cli\u003eImproved support for 802.11n and various wifi drivers\u003c/li\u003e\n\u003cli\u003eSupport for the AArch64 (arm64) architecture has been added.\u003c/li\u003e\n\u003cli\u003eNative graphics support has been added to the bhyve(8) hypervisor.\u003c/li\u003e\n\u003cli\u003eA new flag, “onifconsole” has been added to /etc/ttys. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off.\u003c/li\u003e\n\u003cli\u003eThe xz(1) utility has been updated to support multi-threaded compression.\u003c/li\u003e\n\u003cli\u003eA number of kernel panics related to VNET have been fixed\u003c/li\u003e\n\u003cli\u003eThe IMAGACT_BINMISC kernel configuration option has been enabled by default, which enables application execution through emulators, such as QEMU via binmiscctl(8).\u003c/li\u003e\n\u003cli\u003eThe GENERIC kernel configuration has been updated to include the IPSEC option by default.\u003c/li\u003e\n\u003cli\u003eThe kern.osrelease and kern.osreldate are now configurable jail(8) parameters\u003c/li\u003e\n\u003cli\u003eA new sysctl(8), kern.racct.enable, has been added, which when set to a non-zero value allows using rctl(8) with the GENERIC kernel. A new kernel configuration option, RACCT_DISABLED has also been added.\u003c/li\u003e\n\u003cli\u003eThe minimum (arc_min) and maximum (arc_max) values for the ZFS adaptive replacement cache can be modified at runtime.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eChanges to watch out for\u003c/strong\u003e:\n\n\u003cul\u003e\n\u003cli\u003eOpenSSH DSA key generation has been disabled by default. It is important to update OpenSSH keys prior to upgrading. Additionally, Protocol 1 support has been removed.\u003c/li\u003e\n\u003cli\u003eBy default, the ifconfig(8) utility will set the default regulatory domain to FCC on wireless interfaces. As a result, newly created wireless interfaces with default settings will have less chance to violate country-specific regulations.\u003c/li\u003e\n\u003cli\u003eAn issue was discovered with Amazon® EC2™ images which would cause the virtual machine to hang during boot when upgrading from previous FreeBSD versions. New EC2™ installations are not affected, but existing installations running earlier releases are advised to wait until the issue is resolved in an Errata Notice before upgrading. An Errata Notice to address this is planned following the release.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/process-listing-consistency\" rel=\"nofollow\"\u003eprocess listing consistency\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst asks: how consistent is the output of ps(1)?\u003c/li\u003e\n\u003cli\u003eIf processes are starting and exiting constantly, and you run ps(1), is the output guaranteed to reflect that exact moment in time, or might it include some processes that have gone away before ps(1) exited, and include some processes that did not exist when ps(1) was started?\u003c/li\u003e\n\u003cli\u003eTed provides a little example chicken/egg program to try to create such an inconsistency, so you can test out your OS\u003c/li\u003e\n\u003cli\u003eOn OpenBSD ps(1) was switched away from the reading kernel memory directly, and instead uses the KERN_PROC_ALL sysctl\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThus sysctl can iterate over the entire process list, copying out information to ps(1), without blocking. If we prevent processes from forking or exiting during this time, we get a consistent snapshot. The snapshot may be stale, but it will never show us a viewpoint that never happened.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo, OpenBSD will always be consistent, or will it?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIs there a way to trick ps on OpenBSD? Not everything is consistent. There’s a separate sysctl, KERN_PROC_ARGV, that reads the command line arguments for a process, but it only works on one process at a time. Processes can modify their own argv at any time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eA second test program changes the process title of both the chicken and the egg, and if you run ps(1), you can get back a result that never actually happened.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe argv of the first program is read by ps(1), and in the meantime, it changes to a different value. The second program also changes its value, so now when ps(1) reads it, it sees the new value, not the original value from when ps(1) was started.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSo the output is not that consistent, but is it worth the effort to try to make it so?\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-October/624673.html\" rel=\"nofollow\"\u003eDragonFlyBSD - if_iwm - Add basic powermanagement support via ifconfig wlan0 powersave\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWiFi can often be one of the biggest drains on your laptop battery, so anything we can do to improve the situation should be embraced. \u003c/li\u003e\n\u003cli\u003eImre Vadász over at the DragonFly project has done that, porting over a new set of power management support from Linux to the if_iwm driver. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eif_iwm - Add basic powermanagement support via ifconfig wlan0 powersave.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThe DEVICE_POWER_FLAGS_CAM_MSK flag was removed in the upstream iwlwifi in Linux commit ceef91c89480dd18bb3ac51e91280a233d0ca41f.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAdd sc_ps_disabled flag to struct iwm_softc, which corresponds to mvm-\u0026gt;ps_disabled in struct iwl_mvm in Linux iwlwifi.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAdds a hw.iwm.power_scheme tunable which corresponds to the power_scheme module parameter in Linux iwlwifi. Set this to 1 for completely disabling power management, 2 (default) for balanced powermanagement, and 3 for lowerpower mode (which does dtim period skipping).\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eImports the constants.h file from iwlwifi as if_iwm_constants.h.\u003c/li\u003e\n\u003cli\u003eThis doesn\u0026#39;t allow changing the powermanagement setting while connected,\nalso one can only choose between enabled and disabled powersaving with\nifconfig (so switching between balanced and low-power mode requires\nrebooting to change the tunable).\u003c/li\u003e\n\u003cli\u003eAfter any changes to powermanagement (i.e. \u0026quot;ifconfig wlan0 powersave\u0026quot; to\nenable powermanagement, or \u0026quot;ifconfig wlan0 -powersave\u0026quot; for disabling\npowermanagement), one has to disconnect and reconnect to the accespoint\nfor the change to take effect.“\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eGood stuff! These positive changes need to happen more often and sooner, so we can all eek out every drop of power from our respective laptops.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://functionallyparanoid.com/2016/10/03/helping-out-an-internet-friend/\" rel=\"nofollow\"\u003eHelping out an Internet Friend…Dual boot OpenBSD \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDual-booting OpenBSD and Linux, via UEFI. A year ago we wouldn’t be discussing this, but today we have an article where somebody has done exactly that.\u003c/li\u003e\n\u003cli\u003eThis Journey was undertaken by Brian Everly (Indiana Bug), partly due to a friend who wanted to dual-boot his laptop which already has an existing UEFI install on it.\u003c/li\u003e\n\u003cli\u003eAs a proof of concept, he began by replicating the setup in VMware with UEFI\u003c/li\u003e\n\u003cli\u003eHe started by throwing Ubuntu into the VM, with some special attention paid to partitioning to ensure enough room left-over for OpenBSD later.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI created a 64MB EFI partition at the front of the disk. Next, I created a 20GB primary partition at the beginning of the space, mounted as the root (/) filesystem.\u003c/p\u003e\n\n\u003cp\u003eI then added a 4096MB swap partition for Ubuntu. Finally, I used the rest of the free space to create a Reserved BIOS Boot Area FAT32 partition that was not associated with a mount point – this is where I will be installing OpenBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith that done, he wrapped up the Ubuntu installation and then turned over to to the OpenBSD side. Some manual partitioning was required to install to the “Reserved FAT32” partition.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI mashed through the defaults in the OpenBSD installer until I got to the disk partitioning.  Since I told VMWare to make my hard drive an IDE one, I knew I was playing around with wd0 and not sd0 (my USB key).  I dumped into fdisk by selecting to (E)dit the partition scheme and saw my setup from Linux.  First was the EFI partition (I am guessing I’ll have to copy my bootx64.efi file to that at some point), second was the Linux etx4 partition, third was my Linux swap partition and fourth was a weird looking one that is the “Reserved BIOS Boot” partition.  That’s the one I’ll fiddle with.\u003c/p\u003e\n\n\u003cp\u003eIssuing the command “edit 3” allowed me to fiddle with that partition #3 (remember, we start counting at zero).  I set it’s type to “A6” (OpenBSD) and then took the defaults with the exception of naming it “OpenBSD”.  A quick “write” followed by a “quit” allowed me to update my new partition and get back to the installer.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOnce the installation was wrapped up (OpenBSD helpfully already created the /boot/EFI partition with the correct EFI loader installed) he was able to reboot and select between the two systems at the UEFI bios screen.\u003c/li\u003e\n\u003cli\u003eFor kicks, he lastly went into Ubuntu and grabbed refind. Installing refind provided a fancy graphical selector between the two systems without too much trouble.\u003c/li\u003e\n\u003cli\u003eNext step will be to replicate this process on his friend’s laptop. Wishing you luck with that journey!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Bryan Cantrill - \u003ca href=\"mailto:email@email\" rel=\"nofollow\"\u003eemail@email\u003c/a\u003e / \u003ca href=\"https://twitter.com/user\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eCTO of Joyent\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsd.slashdot.org/story/16/10/09/0230203/after-22-years-386bsd-gets-an-update\" rel=\"nofollow\"\u003eAfter 22 Years, 386BSD Gets An Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSlashdot brings us an interesting mention this week, specifically that after 22 years, we now have an update to 386BSD.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e386BSD was last released back in 1994 with a series of articles in Dr. Dobb\u0026#39;s Journal -- but then developers for this BSD-based operating system started migrating to both FreeBSD and NetBSD. An anonymous Slashdot reader writes: The last known public release was version 0.1. Until Wednesday, when Lynne Jolitz, one of the co-authors of 386BSD, released the source code to version 1.0 as well as 2.0 on Github.\u003c/p\u003e\n\n\u003cp\u003e386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds\u0026#39;s math emulation code in the source code of 386BSD. To quote Linus: \u0026quot;If 386BSD had been available when I started on Linux, Linux would probably never had happened.”\u003c/p\u003e\n\n\u003cp\u003eThough it was designed for Intel 80386 microprocessors, there\u0026#39;s already instructions for launching it on the hosted hardware virtualization service Qemu.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere you have it! Go grab the new hotness that is 386BSD and run it in 2016! Or perhaps you want FreeBSD 11, but to each their own.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160929230557\u0026mode=expanded\" rel=\"nofollow\"\u003eProgress of the OpenBSD Limited Edition Signed CD set\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn update from a story last week! We mentioned the “very” limited edition OpenBSD 6.0 signed CD sets that had gone up for Auction on Ebay. (With proceeds to support for Foundation)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAs of today, here’s where we stand:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCD set #1 (Sep 29th + 5 days) \u003ca href=\"http://www.ebay.com/itm/-/331985953783\" rel=\"nofollow\"\u003esold for $4200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCD set #2 (Oct 4th + 3 days) \u003ca href=\"http://www.ebay.com/itm/-/331990536246\" rel=\"nofollow\"\u003esold for $3000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCD set #3 (Oct 8th + 3 days) \u003ca href=\"http://www.ebay.com/itm/-/331994217419\" rel=\"nofollow\"\u003esold for $817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCD set #4 (Oct 11th + 3 days) is \u003ca href=\"http://www.ebay.com/itm/-/331997031152\" rel=\"nofollow\"\u003ecurrently up for bidding\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThere you have it! The 4th set is almost wrapped up bidding, and the 5th and last set is not far behind. Be sure to grab your piece of BSD history before its gone!\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/3ofcoins/jetpack\" rel=\"nofollow\"\u003e\u003cstrong\u003ePROTOTYPE\u003c/strong\u003e FreeBSD Jail/ZFS based implementation of the Application Container Specification\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Jetpack is an experimental and incomplete implementation of the App Container Specification for FreeBSD. It uses jails as isolation mechanism, and ZFS for layered storage.”\u003cbr\u003e\n“This document uses some language used in Rocket, the reference implementation of the App Container Specification. While the documentation will be expanded in the future, currently you need to be familiar at least with Rocket\u0026#39;s README to understand everything.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA standard with multiple implementations, that allow substitution of components, such as FreeBSD Jails instead of docker/lxc etc, and ZFS instead of overlayfs etc, is very exciting\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fossbytes.com/xenix-history-microsoft-unix-operating-system/\" rel=\"nofollow\"\u003eMicrosoft’s Forgotten Unix-based Operating System\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDo you remember the good old days. You know, when Microsoft was the driving force behind UNIX? Wait, what did you say you may be thinking? It’s true, and lets sit back and let FossBytes tell us a tale of what once was reality.\u003c/li\u003e\n\u003cli\u003eThe story begins sometime in the late 70’s:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eTurning back the pages to the late 1970’s, Microsoft entered into an agreement with AT\u0026amp;T Corporation to license Unix from AT\u0026amp;T. While the company didn’t sell the OS to public, it licensed it to other OEM vendors like Intel, SCO, and Tandy.\u003c/p\u003e\n\n\u003cp\u003eAs Microsoft had to face legal trouble due to “Unix” name, the company renamed it and came up with its own Unix distribution. So, AT\u0026amp;T licensed Unix to Redmond that was passed on to other OEMs as Xenix.\u003c/p\u003e\n\n\u003cp\u003eIt’s interesting to recall a time when Microsoft enabled people to run Unix — an operating system originally designed for large and multiuser systems — on a microcomputer. Even though it came first, Unix was probably more powerful than MS-DOS.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo whatever happened to this microsoft-flavored UNIX you may ask? Sadly it was ditched for DOS due to $REASONS:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn early 1980’s, IBM was looking for an OS to power its PC. As IBM didn’t want to maintain any ties with the recently split AT\u0026amp;T, Xenix was automatically rejected. To fulfill, the tech giant’s demand, Microsoft bought 86-DOS from Seattle Computer Products and managed to convince IBM to use it in their systems.\u003c/p\u003e\n\n\u003cp\u003eSlowly, Microsoft started losing interest in Xenix and traded the full rights of Xenix with SCO, a Xenix partner company. The company filed bankruptcy in 2007 before taking the Xenix legacy to the 21st century in the form of Open Server, previously known as SCO Unix and SCO Open Desktop.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting chapter in UNIX history to be sure, and funny enough may come full-circle someday with Microsoft beginning to show interest in UNIX and BSD once again.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2791\" rel=\"nofollow\"\u003eOhio LinuxFest 2016 wrap-up\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://learnxinyminutes.com/docs/zfs/\" rel=\"nofollow\"\u003eLearn X in Y minutes Where X=zfs\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=306430\" rel=\"nofollow\"\u003eAdd touchscreen support for the official 7\u0026quot; RPi touch display \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://kernelnomicon.org/?p=682\" rel=\"nofollow\"\u003e64-bit U-Boot on Raspberry Pi 3 \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.ixsystems.com/blog/snia-sdc-2016-recap-michael-dexter/\" rel=\"nofollow\"\u003eSNIA SDC 2016 Recap: Michael Dexter\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.ixsystems.com/blog/openzfs-devsummit-2016/\" rel=\"nofollow\"\u003eOpenZFS: Stronger than ever\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://nvlpubs.nist.gov/nistpubs/jres/121/jres.121.023.pdf\" rel=\"nofollow\"\u003eAccurate, Traceable, and Verifiable Time Synchronization for World Financial Markets\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.ietf.org/rfc/ien/ien137.txt\" rel=\"nofollow\"\u003eON HOLY WARS AND A PLEA FOR PEACE\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/CYcqmW7P\" rel=\"nofollow\"\u003e Morgan - Zero-Filling an VM\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/12mNW57h\" rel=\"nofollow\"\u003e Charlie - ZFS Bit-Rot\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/NfYWt2cu\" rel=\"nofollow\"\u003e Matias - TrueOS / Launchd\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/UvKh2WcF\" rel=\"nofollow\"\u003e Dale - DO Feedback\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/0cdMc88U\" rel=\"nofollow\"\u003e James - DO / FreeBSD Locks?\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The wait is over, 11.0 of FreeBSD has (officially) launched. We’ll have coverage of this, plus a couple looks back at UNIX history, and a crowd-favorite guest today.","date_published":"2016-10-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/da2fb252-95f1-407c-a537-6124802c6003.mp3","mime_type":"audio/mpeg","size_in_bytes":94687348,"duration_in_seconds":7890}]},{"id":"bb8662b1-5fa2-4df9-b2bc-c4caa37567b3","title":"162: The Foundation of NetBSD","url":"https://www.bsdnow.tv/162","content_text":"This week on the show, we’ll be talking to Petra about the NetBSD foundation, about how they operate and assist NetBSD behind the scenes. That plus lots of news\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nWhat is new on EC2 for FreeBSD 11.0-RELEASE\n\n\n“FreeBSD 11.0-RELEASE is just around the corner, and it will be bringing a long list of new features and improvements — far too many for me to list here. I think there are \nsome improvements in FreeBSD 11.0 which are particularly noteworthy for EC2 users.”\n“First, the EC2 Console Screenshot functionality now works with FreeBSD. This provides a \"VGA\" output as opposed to the traditional \"serial port\" which EC2 has exposed as \n\"console output\" for the past decade, and is useful largely because the \"VGA\" output becomes available immediately whereas the \"serial port\" output can lag by several minutes. This \nimprovement is a simple configuration change — older releases didn't waste time writing to a non-serial console because it didn't go anywhere until Amazon added support on their \nside — and can be enabled on older FreeBSD releases by changing the line console=\"comconsole\" to boot_multicons=\"YES\" in /boot/loader.conf.”\n“The second notable change is support for EC2 \"Enhanced Networking\" using Intel 82599 hardware; on the C3, C4, R3, I2, D2, and M4 (excluding m4.16xlarge) families, this \nprovides increased network throughput and reduced latency and jitter, since it allows FreeBSD to talk directly to the networking hardware rather than via a Xen paravirtual interface. \nGetting this working took much longer than I had hoped, but the final problem turned out not to be in FreeBSD at all — we were tickling an interrupt-routing bug in a version of \nXen used in EC2. Unfortunately FreeBSD does not yet have support for the new \"Elastic Network Adapter\" enhanced networking used in P2 and X1 instance families and the m4.16xlarge \ninstance type; I'm hoping that we'll have a driver for that before FreeBSD 11.1 arrives.”\n“The third notable change is an improvement in EC2 disk throughput. This comes thanks to enabling indirect segment I/Os in FreeBSD's blkfront driver; while the support was \npresent in 10.3, I had it turned off by default due to performance anomalies on some EC2 instances. (Those EC2 performance problems have been resolved, and disk I/O performance in \nEC2 on FreeBSD 10.3 can now be safely improved by removing the line hw.xbd.xbd_enable_indirect=\"0\" from /boot/loader.conf.)”\n“Finally, FreeBSD now supports all 128 CPUs in the x1.32xlarge instance type. This improvement comes thanks to two changes: The FreeBSD default kernel was modified in 2014 to \nsupport up to 256 CPUs (up from 64), but that resulted in a (fixed-size) section of preallocated memory being exhausted early in the boot process on systems with 92 or more CPUs; a \nfew months ago I changed that value to tune automatically so that FreeBSD can now boot and not immediately panic with an out-of-the-box setup on such large systems.”\n“I think FreeBSD/EC2 users will be very happy with FreeBSD 11.0-RELEASE; but I'd like to end with an important reminder: No matter what you might see on FTP servers, in EC2, or \navailable via freebsd-update, the new release has not been released until you see a GPG-signed email from the release engineer. This is not just a theoretical point: In my time as a \nFreeBSD developer I've seen multiple instances of last-minute release re-rolls happening due to problems being discovered very late, so the fact that you can see bits doesn't \nnecessarily mean that they are ready to be downloaded. I hope you're looking forward to 11.0-RELEASE, but please be patient.”\n***\n\n\nUpgrading Amazon EC2 instance from 10.3 to 11.0-PRERELEASE results in hang at boot \n\n\nAs if to underscore that last point, a last minute bug was found on sunday night\nA user reported that they used freebsd-update to upgrade an EC2 instance from 10.3 to 11.0 and it started hanging during boot\nAfter some quick investigation by Colin, the problem was reproduced\nSince I had done a lot of work in the loader recently, I helped Colin build a version of the loader with a lot of the debugging enabled, and some more added to try to isolate where \nin the loader the freeze was happening\nColin and I worked late into the night, but eventually found the read from disk that was causing the hang\nUnlike most of the other reads, that were going into the heap, this read was into a very low memory address, right near the 640kb border. This initially distracted us from the real \ncause of the problem\nWith more debugging added, it was determined that the problem was in the GELIBoot code, when reading the last sector of each partition to determine if it is encrypted. In cases \nwhere the partition is not 4k aligned, and butts up against the end of the disk, the formula used could result in a read past the end of the disk\nThe formula rounds the last sector byte address down to the nearest factor of 4096, then reads 4096 bytes. Then that buffer is examined to determine if the partition is encrypted. \nIf it is a 512b sector drive, the metadata will be in the last 512 bytes of that 4096 byte buffer.\nHowever, if the partition is not 4k aligned, the rounding will produce a value that is less than 4096 bytes from the end of the disk, and attempting to read 4096 bytes, will read \npast the end of the disk\nNormally this isn’t that big of a problem, the BIOS will just return an error. The loader will retry up to three times, then give up and move on, continuing to boot normally.\nSome BIOSes are buggy, and will initiate their own retries, and the combination might result in a stall of up to 30 seconds for each attempt to read past the end of the disk\nBut it seems that Amazon EC2 instances, (and possibly other virtual instances), will just hang in this case.\nThis bug has existed for 6 months, but was not caught because almost all installations are 4k aligned thanks to changes made to the installer over the last few years, and most \nhardware continues to boot with no sign of a problem\nEven the EC2 snapshot images of 11.0 do not have the problem, as they use a newer disk layout that is 4k aligned by default now. The problem only seems to happen when older disk \nimages are upgraded\nThe fix has been committed and will be merged the the branches over the next few days\nAn Errata notice will be issues, and the fix will be available via freebsd-update\nIt is recommended that EC2 users, and anyone who wants to be especially cautious, wait until this errata notice goes out before attempting to upgrade from FreeBSD 10.3 to 11.0\nYou can determine if your partitions are 4k aligned by running ‘gpart show’. If there is free space after your last partition, you won’t have any issues.\n***\n\n\nOpenBSD 6.0 Limited Edition CD set (signed by developers)\n\nThe first one went for .$4,200.00 \n\n\nLooking for your piece of OpenBSD history? At the recent g2k16 hackathon in Cambridge UK, 40 OpenBSD developers put pen to paper and signed 5 copies of the new 6.0 release.\nEach of these will be auctioned off on ebay, with the proceeds to benefit the OpenBSD foundation.\nThe first auction has already ended, and CD set went for a whopping $4200!\nThe next set only has 2 days left, and currently stands at $3000! (http://www.ebay.com/itm/-/331990536246) \nGet your bids in soon, these are VERY unique, the odds of getting the same 40 developers in a room together and signing a new .0 release may make this a once-in-a-lifetime \nopportunity.\nAdditionally, if you are just starting your OpenBSD collection, here’s a nice image to make you envious: A nice collection of OpenBSD CD Sets \n***\n\n\n[What typing D really does on Unix\n\n](https://utcc.utoronto.ca/~cks/space/blog/unix/TypingEOFEffects)\n\n\nHow often have you used a D to generate an EOF? Do you really know what that does?\nChris Siebenmann has posted a look at this on his blog, which might not be what you think\n\n\n\n“Typing D causes the tty driver to immediately finish a read().”\n\n\n\nHe continues on:\n\n\n\nNormally doing a read() from a terminal is line-buffered inside the tty driver; your program only wakes up when the tty driver sees the newline, at which point you get back the full \nline. (Note that this buffering is distinct from anything that your language's IO system may be doing.)\n\nTyping D causes the tty driver to stop waiting for a newline and immediately return from the read() with however much of the line has been accumulated to date. If you haven't \ntyped anything on the line yet, there is nothing accumulated and the read() will return 0 bytes, which is conveniently the signal for end of file. If you have typed something the \nprogram will get it; because it doesn't have a trailing newline, the program's own line-buffering may take over and keep read()ing to get the rest of the line.\n\n(Other programs will immediately process the partial line with no buffering; cat is one example of this.)\n\nOnce you've typed D on a partial line, that portion of the line is immutable because it's already been given to the program. Most Unixes won't let you backspace over such partial \nlines; effectively they become output, not input.\n\n(Note that modern shells are not good examples of this, because they don't do line-buffered input; to support command line editing, they switch terminal input into an uninterpreted \nmode. So they get the raw D and can do whatever they want with it, and they can let you edit as much of the pending line as they want.)\n\n\n\nFascinating stuff, and interesting to see behind the curtain at exactly what’s going on with your programs buffering and tty driver interaction.\n\n\n\n\nInterview - Petra Zeidler - spz@netbsd.org\n\n\nNetBSD Foundation\n***\n\n\nNews Roundup\n\nRunning FreeBSD in Travis-CI Thanks to KQEmu\n\n\nTravis-CI is the most popular testing framework on Github, but it doesn’t support any of the BSDs\nThis didn’t discourage Even Rouault, who managed to run FreeBSD in KQEMU on the Linux instances provided by Travis-CI\n“Travis-CI has a free offer for software having public repository at GitHub. Travis-CI provides cloud instances running Linux or Mac OS X. To increase portability tests of \nGDAL, I wondered if it was somehow possible to run another operating system with Travis-CI, for example FreeBSD. A search lead me to this \nquestion in their bug tracker but the outcome seems to be that it is not possible, nor in their medium or long term plans.”\n“One idea that came quickly to mind was to use the QEMU machine emulator that can simulate full machines, of several hardware architectures.”\nThey found an existing image of FreeBSD 9.2 and configured the Travis job to download it and fire it up in QEMU.\n“Here we go: ./configure \u0026amp;\u0026amp; make ! That works, but 50 minutes later (the maximum length of a Travis-CI job), our job is killed with perhaps only 10% of the GDAL code base being \ncompiled. The reason is that we used the pure software emulation mode of QEMU that involves on-the-fly disassembling of the code to be run and re-assembling.”\nTravis-CI runs in Google Compute Engine, which does not allow nested virtualization, so hardware virtualization is not an option to speed up QEMU\n“Here comes the time for good old memories and a bit of software archeology. QEMU was started by Fabrice Bellard. If you didn't know his name yet, F. Bellard created FFMPEG and \nQEMU, holds a world record for the number of decimals of Pi computed on a COTS PC, has ported QEMU in JavaScript to run the Linux kernel in your browser, devised BPG, a new \ncompression based on HEVC, etc....”\n“At the time where his interest was focused on QEMU, he created KQemu, a kernel module (for Linux, Windows, FreeBSD hosts), that could significantly enhance QEMU performance \nwhen the guest and hosts are x86/x86_64 and does not require (nor use) hardware virtualization instructions.”\n“Running it on Travis-CI was successful too, with the compilation being done in 20 minutes, so probably half of the speed of bare metal, which is good enough.”\n“I could also have potentially tried VirtualBox because, as mentioned above, it supports software virtualization with acceleration. But that is only for 32 bit guests (and I \ndidn't find a ready-made FreeBSD 32bit image that you can directly ssh into). For 64 bit guests, VirtualBox require hardware virtualization to be available in the host. To the best \nof my knowledge, KQemu is (was) the only solution to enable acceleration of 64 bit guests without hardware requirements.”\nIt will be interesting to see if enough people do this hack, maybe Travis-CI will consider properly supporting FreeBSD\n***\n\n\nOpenBSD EuroBSDcon 2016 Papers are online\n\n\nSlides from the OpenBSD talks at EuroBSDCon are online now\n\n\nLandry Breuil, Building packages on exotic architectures\nPeter Hessler, Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSD\nIngo Schwarze, Why and how you ought to keep multibyte character support simple (roff/mm/gpresent source \ncode)\nStefan Sperling, OpenBSD meets 802.11n\nAntoine Jacoutot, OpenBSD rc.d(8)\nMarc Espie, Retrofitting privsep into dpb and pkg_add\nMartin Pieuchot, Embracing the BSD routing table\n\nI am working to build a similar website for the FreeBSD project, but there is still a lot of work to do\nI also managed to find the slides from the keynotes:\nOpening Keynote: George Neville-Neil: Looking Backwards: The coming decades of BSD \nClosing Keynote: Gert Döring: Internet Attacks, Self-Governance, and the Consequences \n***\n\n\nVirtualBox Shared Folders on FreeBSD: progress report\n\n\nIn the past month or so, VirtualBox in the FreeBSD ports tree got bumped to version 5, which while bringing new features, did cause a regression in Shared Folders.\nFreeBSD developer gonzo@ (Oleksandr Tymoshenko) has been tackling this issue in recent days and provides us with a look behind the curtain at the challenges involved.\nSpecifically he started by implementing the various needed VOPs: “lookup, access, readdir, read, getattr, readlink, remove, rmdir, symlink, close, create, open, write.”\nHe then continues with details about how complete this is:\n\n\n““Kind of implemented” means that I was able to mount directory, traverse it, read file, calculate md5 sums and compare with host’s md5sum, create/remove directories, \nunzip zip file, etc but I doubt it would survive stress-test. Locking is all wrong at the moment and read/write VOPs allocate buffers for every operation.”\n\n\nThe bigger issue faced is with the rename VOP though:\n\n\n\nI hit a roadblock with rename VOP: it involves some non-trivial locking logic and also there is a problem with cached paths. VBox hypervisor operates on full paths so we cache them \nin vboxfs nodes, but if one of parent directories is renamed, all cached names should be modified accordingly. I am going to tackle these two problems once I have long enough stretch \nof time time sit and concentrate on task.\n\n\nWe wish him luck in getting those issues solved. I know quite a few of our users rely on shared folders as well.\n***\n\n\n\nFreeBSD News Issue #1\n\n\nIssue #1 of FreeBSD News, from summer of 1997\nContains an article by Yahoo! co-founder David Filo about their early use of FreeBSD, on 100mhz Pentium machines with 64MB of ram\nJava Development Kit 1.0.2 ported to FreeBSD\nWhat is FreeBSD?\nRunning the world’s busiest FTP site (cdrom.com) on FreeBSD\nXi Graphics announces the release of CDE Business Desktop, the first and only integrated desktop for FreeBSD, on AcceleratedX, a fully supported commercial grade X display server\nGet FreeBSD 2.2.2 Today!\n***\n\n\nBeastie Bits\n\n\nCall for testing: newly MPSAFE nvme(4) \nThinking about starting a BUG in Indianapolis, IN USA\nThe cost of forsaking C: Why students still need to learn C  \nOpenBSD (U)EFI bootloader howto \nMichael Lucas sets his eyes on OpenBSD's web stack for his next book \nLibreSSL 2.5.0 released\nOPNsense 16.7.5 released\n\n\n\n\nFeedback/Questions\n\n\n Jonas - ZFS on DO  \n Ricardo - OpenBSD Encrypted Disk \n WiskerTickle - Storage Benchmark  \n Phil - Thanks \n Luis - Misc Questions \n***\n","content_html":"\u003cp\u003eThis week on the show, we’ll be talking to Petra about the NetBSD foundation, about how they operate and assist NetBSD behind the scenes. That plus lots of news\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2016-10-03-FreeBSD-EC2-11-0-RELEASE.html\" rel=\"nofollow\"\u003eWhat is new on EC2 for FreeBSD 11.0-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“FreeBSD 11.0-RELEASE is just around the corner, and it will be bringing a long list of new features and improvements — far too many for me to list here. I think there are \nsome improvements in FreeBSD 11.0 which are particularly noteworthy for EC2 users.”\u003c/li\u003e\n\u003cli\u003e“First, the EC2 Console Screenshot functionality now works with FreeBSD. This provides a \u0026quot;VGA\u0026quot; output as opposed to the traditional \u0026quot;serial port\u0026quot; which EC2 has exposed as \n\u0026quot;console output\u0026quot; for the past decade, and is useful largely because the \u0026quot;VGA\u0026quot; output becomes available immediately whereas the \u0026quot;serial port\u0026quot; output can lag by several minutes. This \nimprovement is a simple configuration change — older releases didn\u0026#39;t waste time writing to a non-serial console because it didn\u0026#39;t go anywhere until Amazon added support on their \nside — and can be enabled on older FreeBSD releases by changing the line console=\u0026quot;comconsole\u0026quot; to boot_multicons=\u0026quot;YES\u0026quot; in /boot/loader.conf.”\u003c/li\u003e\n\u003cli\u003e“The second notable change is support for EC2 \u0026quot;Enhanced Networking\u0026quot; using Intel 82599 hardware; on the C3, C4, R3, I2, D2, and M4 (excluding m4.16xlarge) families, this \nprovides increased network throughput and reduced latency and jitter, since it allows FreeBSD to talk directly to the networking hardware rather than via a Xen paravirtual interface. \nGetting this working took much longer than I had hoped, but the final problem turned out not to be in FreeBSD at all — we were tickling an interrupt-routing bug in a version of \nXen used in EC2. Unfortunately FreeBSD does not yet have support for the new \u0026quot;Elastic Network Adapter\u0026quot; enhanced networking used in P2 and X1 instance families and the m4.16xlarge \ninstance type; I\u0026#39;m hoping that we\u0026#39;ll have a driver for that before FreeBSD 11.1 arrives.”\u003c/li\u003e\n\u003cli\u003e“The third notable change is an improvement in EC2 disk throughput. This comes thanks to enabling indirect segment I/Os in FreeBSD\u0026#39;s blkfront driver; while the support was \npresent in 10.3, I had it turned off by default due to performance anomalies on some EC2 instances. (Those EC2 performance problems have been resolved, and disk I/O performance in \nEC2 on FreeBSD 10.3 can now be safely improved by removing the line hw.xbd.xbd_enable_indirect=\u0026quot;0\u0026quot; from /boot/loader.conf.)”\u003c/li\u003e\n\u003cli\u003e“Finally, FreeBSD now supports all 128 CPUs in the x1.32xlarge instance type. This improvement comes thanks to two changes: The FreeBSD default kernel was modified in 2014 to \nsupport up to 256 CPUs (up from 64), but that resulted in a (fixed-size) section of preallocated memory being exhausted early in the boot process on systems with 92 or more CPUs; a \nfew months ago I changed that value to tune automatically so that FreeBSD can now boot and not immediately panic with an out-of-the-box setup on such large systems.”\u003c/li\u003e\n\u003cli\u003e“I think FreeBSD/EC2 users will be very happy with FreeBSD 11.0-RELEASE; but I\u0026#39;d like to end with an important reminder: No matter what you might see on FTP servers, in EC2, or \navailable via freebsd-update, the new release has not been released until you see a GPG-signed email from the release engineer. This is not just a theoretical point: In my time as a \nFreeBSD developer I\u0026#39;ve seen multiple instances of last-minute release re-rolls happening due to problems being discovered very late, so the fact that you can see bits doesn\u0026#39;t \nnecessarily mean that they are ready to be downloaded. I hope you\u0026#39;re looking forward to 11.0-RELEASE, but please be patient.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213196\" rel=\"nofollow\"\u003eUpgrading Amazon EC2 instance from 10.3 to 11.0-PRERELEASE results in hang at boot \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs if to underscore that last point, a last minute bug was found on sunday night\u003c/li\u003e\n\u003cli\u003eA user reported that they used freebsd-update to upgrade an EC2 instance from 10.3 to 11.0 and it started hanging during boot\u003c/li\u003e\n\u003cli\u003eAfter some quick investigation by Colin, the problem was reproduced\u003c/li\u003e\n\u003cli\u003eSince I had done a lot of work in the loader recently, I helped Colin build a version of the loader with a lot of the debugging enabled, and some more added to try to isolate where \nin the loader the freeze was happening\u003c/li\u003e\n\u003cli\u003eColin and I worked late into the night, but eventually found the read from disk that was causing the hang\u003c/li\u003e\n\u003cli\u003eUnlike most of the other reads, that were going into the heap, this read was into a very low memory address, right near the 640kb border. This initially distracted us from the real \ncause of the problem\u003c/li\u003e\n\u003cli\u003eWith more debugging added, it was determined that the problem was in the GELIBoot code, when reading the last sector of each partition to determine if it is encrypted. In cases \nwhere the partition is not 4k aligned, and butts up against the end of the disk, the formula used could result in a read past the end of the disk\u003c/li\u003e\n\u003cli\u003eThe formula rounds the last sector byte address down to the nearest factor of 4096, then reads 4096 bytes. Then that buffer is examined to determine if the partition is encrypted. \nIf it is a 512b sector drive, the metadata will be in the last 512 bytes of that 4096 byte buffer.\u003c/li\u003e\n\u003cli\u003eHowever, if the partition is not 4k aligned, the rounding will produce a value that is less than 4096 bytes from the end of the disk, and attempting to read 4096 bytes, will read \npast the end of the disk\u003c/li\u003e\n\u003cli\u003eNormally this isn’t that big of a problem, the BIOS will just return an error. The loader will retry up to three times, then give up and move on, continuing to boot normally.\u003c/li\u003e\n\u003cli\u003eSome BIOSes are buggy, and will initiate their own retries, and the combination might result in a stall of up to 30 seconds for each attempt to read past the end of the disk\u003c/li\u003e\n\u003cli\u003eBut it seems that Amazon EC2 instances, (and possibly other virtual instances), will just hang in this case.\u003c/li\u003e\n\u003cli\u003eThis bug has existed for 6 months, but was not caught because almost all installations are 4k aligned thanks to changes made to the installer over the last few years, and most \nhardware continues to boot with no sign of a problem\u003c/li\u003e\n\u003cli\u003eEven the EC2 snapshot images of 11.0 do not have the problem, as they use a newer disk layout that is 4k aligned by default now. The problem only seems to happen when older disk \nimages are upgraded\u003c/li\u003e\n\u003cli\u003eThe fix has been committed and will be merged the the branches over the next few days\u003c/li\u003e\n\u003cli\u003eAn Errata notice will be issues, and the fix will be available via freebsd-update\u003c/li\u003e\n\u003cli\u003eIt is recommended that EC2 users, and anyone who wants to be especially cautious, wait until this errata notice goes out before attempting to upgrade from FreeBSD 10.3 to 11.0\u003c/li\u003e\n\u003cli\u003eYou can determine if your partitions are 4k aligned by running ‘gpart show’. If there is free space after your last partition, you won’t have any issues.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160929230557\u0026mode=expanded\" rel=\"nofollow\"\u003eOpenBSD 6.0 Limited Edition CD set (signed by developers)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ebay.com/itm/-/331985953783\" rel=\"nofollow\"\u003eThe first one went for .$4,200.00\u003c/a\u003e \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for your piece of OpenBSD history? At the recent g2k16 hackathon in Cambridge UK, 40 OpenBSD developers put pen to paper and signed 5 copies of the new 6.0 release.\u003c/li\u003e\n\u003cli\u003eEach of these will be auctioned off on ebay, with the proceeds to benefit the OpenBSD foundation.\u003c/li\u003e\n\u003cli\u003eThe first auction has already ended, and CD set went for a whopping $4200!\u003c/li\u003e\n\u003cli\u003eThe next set only has 2 days left, and currently stands at $3000! (\u003ca href=\"http://www.ebay.com/itm/-/331990536246\" rel=\"nofollow\"\u003ehttp://www.ebay.com/itm/-/331990536246\u003c/a\u003e) \u003c/li\u003e\n\u003cli\u003eGet your bids in soon, these are VERY unique, the odds of getting the same 40 developers in a room together and signing a new .0 release may make this a once-in-a-lifetime \nopportunity.\u003c/li\u003e\n\u003cli\u003eAdditionally, if you are just starting your OpenBSD collection, here’s a nice image to make you envious: \u003ca href=\"http://i.imgur.com/OrE0Gsa.png\" rel=\"nofollow\"\u003eA nice collection of OpenBSD CD Sets\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e[What typing \u003csup\u003eD\u003c/sup\u003e really does on Unix\u003c/h3\u003e\n\n\u003cp\u003e](\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/TypingEOFEffects\" rel=\"nofollow\"\u003ehttps://utcc.utoronto.ca/~cks/space/blog/unix/TypingEOFEffects\u003c/a\u003e)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eHow often have you used a \u003csup\u003eD\u003c/sup\u003e to generate an EOF? Do you really know what that does?\u003c/li\u003e\n\u003cli\u003eChris Siebenmann has posted a look at this on his blog, which might not be what you think\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Typing \u003csup\u003eD\u003c/sup\u003e causes the tty driver to immediately finish a read().”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe continues on:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNormally doing a read() from a terminal is line-buffered inside the tty driver; your program only wakes up when the tty driver sees the newline, at which point you get back the full \u003cbr\u003e\nline. (Note that this buffering is distinct from anything that your language\u0026#39;s IO system may be doing.)\u003c/p\u003e\n\n\u003cp\u003eTyping \u003csup\u003eD\u003c/sup\u003e causes the tty driver to stop waiting for a newline and immediately return from the read() with however much of the line has been accumulated to date. If you haven\u0026#39;t \u003cbr\u003e\ntyped anything on the line yet, there is nothing accumulated and the read() will return 0 bytes, which is conveniently the signal for end of file. If you have typed something the \u003cbr\u003e\nprogram will get it; because it doesn\u0026#39;t have a trailing newline, the program\u0026#39;s own line-buffering may take over and keep read()ing to get the rest of the line.\u003c/p\u003e\n\n\u003cp\u003e(Other programs will immediately process the partial line with no buffering; cat is one example of this.)\u003c/p\u003e\n\n\u003cp\u003eOnce you\u0026#39;ve typed \u003csup\u003eD\u003c/sup\u003e on a partial line, that portion of the line is immutable because it\u0026#39;s already been given to the program. Most Unixes won\u0026#39;t let you backspace over such partial \u003cbr\u003e\nlines; effectively they become output, not input.\u003c/p\u003e\n\n\u003cp\u003e(Note that modern shells are not good examples of this, because they don\u0026#39;t do line-buffered input; to support command line editing, they switch terminal input into an uninterpreted \u003cbr\u003e\nmode. So they get the raw \u003csup\u003eD\u003c/sup\u003e and can do whatever they want with it, and they can let you edit as much of the pending line as they want.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFascinating stuff, and interesting to see behind the curtain at exactly what’s going on with your programs buffering and tty driver interaction.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Petra Zeidler - \u003ca href=\"mailto:spz@netbsd.org\" rel=\"nofollow\"\u003espz@netbsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD Foundation\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://erouault.blogspot.com/2016/09/running-freebsd-in-travis-ci.html\" rel=\"nofollow\"\u003eRunning FreeBSD in Travis-CI Thanks to KQEmu\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTravis-CI is the most popular testing framework on Github, but it doesn’t support any of the BSDs\u003c/li\u003e\n\u003cli\u003eThis didn’t discourage Even Rouault, who managed to run FreeBSD in KQEMU on the Linux instances provided by Travis-CI\u003c/li\u003e\n\u003cli\u003e“Travis-CI has a free offer for software having public repository at GitHub. Travis-CI provides cloud instances running Linux or Mac OS X. To increase portability tests of \nGDAL, I wondered if it was somehow possible to run another operating system with Travis-CI, for example FreeBSD. A search lead me to this \n\u003ca href=\"https://github.com/travis-ci/travis-ci/issues/1818\" rel=\"nofollow\"\u003equestion\u003c/a\u003e in their bug tracker but the outcome seems to be that it is not possible, nor in their medium or long term plans.”\u003c/li\u003e\n\u003cli\u003e“One idea that came quickly to mind was to use the QEMU machine emulator that can simulate full machines, of several hardware architectures.”\u003c/li\u003e\n\u003cli\u003eThey found an existing image of FreeBSD 9.2 and configured the Travis job to download it and fire it up in QEMU.\u003c/li\u003e\n\u003cli\u003e“Here we go: ./configure \u0026amp;\u0026amp; make ! That works, but 50 minutes later (the maximum length of a Travis-CI job), our job is killed with perhaps only 10% of the GDAL code base being \ncompiled. The reason is that we used the pure software emulation mode of QEMU that involves on-the-fly disassembling of the code to be run and re-assembling.”\u003c/li\u003e\n\u003cli\u003eTravis-CI runs in Google Compute Engine, which does not allow nested virtualization, so hardware virtualization is not an option to speed up QEMU\u003c/li\u003e\n\u003cli\u003e“Here comes the time for good old memories and a bit of software archeology. QEMU was started by Fabrice Bellard. If you didn\u0026#39;t know his name yet, F. Bellard created FFMPEG and \nQEMU, holds a world record for the number of decimals of Pi computed on a COTS PC, has ported QEMU in JavaScript to run the Linux kernel in your browser, devised BPG, a new \ncompression based on HEVC, etc....”\u003c/li\u003e\n\u003cli\u003e“At the time where his interest was focused on QEMU, he created KQemu, a kernel module (for Linux, Windows, FreeBSD hosts), that could significantly enhance QEMU performance \nwhen the guest and hosts are x86/x86_64 and does not require (nor use) hardware virtualization instructions.”\u003c/li\u003e\n\u003cli\u003e“Running it on Travis-CI was successful too, with the compilation being done in 20 minutes, so probably half of the speed of bare metal, which is good enough.”\u003c/li\u003e\n\u003cli\u003e“I could also have potentially tried VirtualBox because, as mentioned above, it supports software virtualization with acceleration. But that is only for 32 bit guests (and I \ndidn\u0026#39;t find a ready-made FreeBSD 32bit image that you can directly ssh into). For 64 bit guests, VirtualBox require hardware virtualization to be available in the host. To the best \nof my knowledge, KQemu is (was) the only solution to enable acceleration of 64 bit guests without hardware requirements.”\u003c/li\u003e\n\u003cli\u003eIt will be interesting to see if enough people do this hack, maybe Travis-CI will consider properly supporting FreeBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openbsd.org/events.html\" rel=\"nofollow\"\u003eOpenBSD EuroBSDcon 2016 Papers are online\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSlides from the OpenBSD talks at EuroBSDCon are online now\n\n\u003cul\u003e\n\u003cli\u003eLandry Breuil, \u003ca href=\"https://rhaalovely.net/%7Elandry/eurobsdcon2016/\" rel=\"nofollow\"\u003eBuilding packages on exotic architectures\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePeter Hessler, \u003ca href=\"https://www.openbsd.org/papers/eurobsdcon2016-bfd.pdf\" rel=\"nofollow\"\u003eBidirectional Forwarding Detection (BFD) implementation and support in OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIngo Schwarze, \u003ca href=\"https://www.openbsd.org/papers/eurobsdcon2016-utf8.pdf\" rel=\"nofollow\"\u003eWhy and how you ought to keep multibyte character support simple\u003c/a\u003e (roff/mm/gpresent \u003ca href=\"https://www.openbsd.org/papers/eurobsdcon2016-utf8.roff\" rel=\"nofollow\"\u003esource \ncode\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStefan Sperling, \u003ca href=\"https://www.openbsd.org/papers/eurobsdcon2016-openbsd-11n.pdf\" rel=\"nofollow\"\u003eOpenBSD meets 802.11n\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAntoine Jacoutot, \u003ca href=\"https://www.bsdfrog.org/pub/events/openbsd-rcd-EuroBSDcon2016.pdf\" rel=\"nofollow\"\u003eOpenBSD rc.d(8)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMarc Espie, \u003ca href=\"https://www.openbsd.org/papers/eurobsdcon2016-privsep.pdf\" rel=\"nofollow\"\u003eRetrofitting privsep into dpb and pkg_add\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMartin Pieuchot, \u003ca href=\"https://www.openbsd.org/papers/eurobsdcon2016-embracingbsdrt.pdf\" rel=\"nofollow\"\u003eEmbracing the BSD routing table\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eI am working to build a similar website for the FreeBSD project, but there is still a lot of work to do\u003c/li\u003e\n\u003cli\u003eI also managed to find the slides from the keynotes:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://papers.freebsd.org/2016/EuroBSDCon/LookingBackwards.pdf\" rel=\"nofollow\"\u003eOpening Keynote: George Neville-Neil: Looking Backwards: The coming decades of BSD \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.monobsd.com/files/16_ddos_and_consequences.pptx\" rel=\"nofollow\"\u003eClosing Keynote: Gert Döring: Internet Attacks, Self-Governance, and the Consequences \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kernelnomicon.org/?p=650\" rel=\"nofollow\"\u003eVirtualBox Shared Folders on FreeBSD: progress report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the past month or so, VirtualBox in the FreeBSD ports tree got bumped to version 5, which while bringing new features, did cause a regression in Shared Folders.\u003c/li\u003e\n\u003cli\u003eFreeBSD developer gonzo@ (Oleksandr Tymoshenko) has been tackling this issue in recent days and provides us with a look behind the curtain at the challenges involved.\u003c/li\u003e\n\u003cli\u003eSpecifically he started by implementing the various needed VOPs: “lookup, access, readdir, read, getattr, readlink, remove, rmdir, symlink, close, create, open, write.”\u003c/li\u003e\n\u003cli\u003eHe then continues with details about how complete this is:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e““Kind of implemented” means that I was able to mount directory, traverse it, read file, calculate md5 sums and compare with host’s md5sum, create/remove directories, \u003cbr\u003e\nunzip zip file, etc but I doubt it would survive stress-test. Locking is all wrong at the moment and read/write VOPs allocate buffers for every operation.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe bigger issue faced is with the rename VOP though:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI hit a roadblock with rename VOP: it involves some non-trivial locking logic and also there is a problem with cached paths. VBox hypervisor operates on full paths so we cache them \u003cbr\u003e\nin vboxfs nodes, but if one of parent directories is renamed, all cached names should be modified accordingly. I am going to tackle these two problems once I have long enough stretch \u003cbr\u003e\nof time time sit and concentrate on task.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe wish him luck in getting those issues solved. I know quite a few of our users rely on shared folders as well.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://support.rossw.net/FreeBSD-Issue1.pdf\" rel=\"nofollow\"\u003eFreeBSD News Issue #1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIssue #1 of FreeBSD News, from summer of 1997\u003c/li\u003e\n\u003cli\u003eContains an article by Yahoo! co-founder David Filo about their early use of FreeBSD, on 100mhz Pentium machines with 64MB of ram\u003c/li\u003e\n\u003cli\u003eJava Development Kit 1.0.2 ported to FreeBSD\u003c/li\u003e\n\u003cli\u003eWhat is FreeBSD?\u003c/li\u003e\n\u003cli\u003eRunning the world’s busiest FTP site (cdrom.com) on FreeBSD\u003c/li\u003e\n\u003cli\u003eXi Graphics announces the release of CDE Business Desktop, the first and only integrated desktop for FreeBSD, on AcceleratedX, a fully supported commercial grade X display server\u003c/li\u003e\n\u003cli\u003eGet FreeBSD 2.2.2 Today!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/current-users/2016/09/21/msg030183.html\" rel=\"nofollow\"\u003eCall for testing: newly MPSAFE nvme(4)\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-September/313061.html\" rel=\"nofollow\"\u003eThinking about starting a BUG in Indianapolis, IN USA\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://medium.com/bradfield-cs/the-cost-of-forsaking-c-113986438784#.o2m5gv8y7\" rel=\"nofollow\"\u003eThe cost of forsaking C: Why students still need to learn C \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://blog.jasper.la/openbsd-uefi-bootloader-howto/\" rel=\"nofollow\"\u003eOpenBSD (U)EFI bootloader howto\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2780\" rel=\"nofollow\"\u003eMichael Lucas sets his eyes on OpenBSD\u0026#39;s web stack for his next book\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.0-relnotes.txt\" rel=\"nofollow\"\u003eLibreSSL 2.5.0 released\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://opnsense.org/opnsense-16-7-5-released/\" rel=\"nofollow\"\u003eOPNsense 16.7.5 released\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/XeJhK0AJ\" rel=\"nofollow\"\u003e Jonas - ZFS on DO \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Z9JRjcvb\" rel=\"nofollow\"\u003e Ricardo - OpenBSD Encrypted Disk\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/XAD0UevP\" rel=\"nofollow\"\u003e WiskerTickle - Storage Benchmark \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/N52JhYru\" rel=\"nofollow\"\u003e Phil - Thanks\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/57qS0wrx\" rel=\"nofollow\"\u003e Luis - Misc Questions\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we’ll be talking to Petra about the NetBSD foundation, about how they operate and assist NetBSD behind the scenes. That plus lots of news","date_published":"2016-10-05T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bb8662b1-5fa2-4df9-b2bc-c4caa37567b3.mp3","mime_type":"audio/mpeg","size_in_bytes":76463572,"duration_in_seconds":6371}]},{"id":"36da27b4-412f-4eac-9d44-5ffb73ed18a4","title":"161: The BSD Bromance","url":"https://www.bsdnow.tv/161","content_text":"This week on BSDNow, we’re going to be hearing about Allan’s trip to EuroBSDCon, plus an Interview about “Bro on BSD”! Stay tuned, for your place to\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nEuroBSDCon 2016 Wrapup\n\n\nOllivier Robert’s Photos from EuroBSDCon  \nGet your BSDNow die-cut stickers \n\n\nNetBSD for newbies - Develop your own Power PC\n\n\nWe don’t get to feature too many stories on NetBSD being deployed as a Power PC (Not PowerPC, you know, a Powerful “PC”), so we jumped at this one.\nSpecifically it starts off with some of the pre-req’s that you’ll need to get started, such as NetBSD 7.0.1 / amd64, along with some information about which wireless nics you may be using. (NetBSD like other BSD’s will give a driver based device name for network interfaces)\nFrom there, instructions on how to write your WPA_supplicant config are provided, in order for us to fetch the NetBSD sources and convert to their -STABLE branch.\nAfter doing a CVS checkout of the sources, he then provides a walkthrough of doing a kernel compile / install, however it mentions changing the config, but doesn’t provide an example of what options were changed. Perhaps to remove drivers we don’t need?\nAt this point the rest of the “desktop” setup is pretty straight forward. Some packages are added such as openbox, lxappearance, firefox, etc.\nTo get working sound, firefox requires pulseaudio, which in turn needs dbus, so instructions on getting that service up and running are provided as well.\nWhen it’s all said and done, you’ll end up with your shiny new NetBSD -STABLE desktop (or laptop), bragging rights achieved!\n***\n\n\nMore about OpenSMTPD 6.0.0\n\n\nOpenSMTPd 6.0.0 has just been released “and it's quite different from former releases.”\n“Unlike most of our releases, it comes out with almost no new feature.”, “Turns out most of the changes are not visible.”\nChangelog:\n\n\nnew fork+reexec model so each process has its own randomized memory space\nlogging format has been reworked\na \"multi-line response\" bug in the LMTP delivery backend has been fixed\nconnections concurrency limits have been bumped\nartificial delaying in remote sessions have been reduced\ndhparams option has been removed\ndhe option has been added, supporting auto and legacy modes\n smtp engine has been simplified\nvarious cosmetic changes, code cleanup and documentation improvement\n\n“The OpenSMTPD bootstrap process was quite simple: Upon executation, the parent process would read configuration, build a memory representation of it and would then create a bunch of socketpair() before fork()-ing all of its child processes.”\nThe problem is that this does not take advantage of the new address randomization feature. Each child will have the same memory layout, copied from the parent process\n“So deraadt@ suggested that if OpenSMTPD would not just fork() children but instead fork() them and reexecute the smtpd binary, then each of the children would have its own randomized memory space.”\n“The idea itself is neat, however not so trivial to implement because when we reexec the whole \"inherit configuration and descriptors\" part goes away. It's not just fork and exec, it's fork and exec and figure a way for the parent to pass back all the information and descriptors back to the new post-fork instance so it is the new instance that allocates memory and decides where the information goes.”\n***\n\n\nUpgrade a FreeBSD 10.3 Installation with ZFS on Root and Full Disk Encryption to 11.0\n\n\nWhile FreeBSD 11.0 is not out yet, Joseph Mingrone has helped me work out and test the instructions for upgrading a FreeBSD 10.3 ZFS on full disk encryption setup (bootpool + zpool) to the new GELIBoot feature, which does not require any unencrypted partitions, just the 128kb bootcode\nNote: Do not upgrade to FreeBSD 11.0 yet. While some images have landed on the FTP server, they do not contain the final openssl fix and are going to be recreated.\nCurrently, GELIBoot does not support key files, so the first step is to reencrypt the master key with only a passphrase.\nNext, to avoid GELIBoot picking up encrypted partitions that it does not support, or partitions you do not want decrypted at boot, only partitions with the GELIBoot flag are decrypted, so set the flag on your root partition\nThen, move the loader, kernel, and other files into /boot on the root filesystem, instead of them living on the bootpool. This allows the kernel to be versioned with boot environments, and is the main purpose of this work\nThen, install the newer gptzfsboot, as this is required to support GELIBoot\nThe old 2gb bootpool partition is then purposely mislabeled as freebsd-vinum, so it is not picked up by the boot blocks. Later, if the upgrade is successful, this partition can be deleted, and used as addition swap or something\nIn order to boot correctly, you want all boot environments to have the ‘canmount’ ZFS property set to ‘noauto’\nThank you to Joseph for taking the time to prod me for the information required to write this up, and for testing it and finding all of the issues \n***\n\n\nInterview - Michael Shirk - mshirk@daemon-security.com / @shirkdog\n\n\nRunning Bro on BSD\n***\n\n\nNews Roundup\n\nFreeBSD based distro for virtual hosting platform and appliance\n\n\nAn interesting new FreeBSD-based project as shown up online, called “ClonOS”, which bills itself as a “free open-source FreeBSD-based platform for virtual environments creation and management”\nIt looks to be leveraging an impressive list of technologies, including Bhyve, Xen, Jails and CBSD / Puppet for management tasks.\nAmong its list of features:\n\n\nZFS features support;\nVM cloning, export, import\nEthernet SoftSwitch for separated networking\njails for lightweight container\nVNC terminal for VM/containers\nTemplates for VM/containers\nConfiguration management/helpers\nMulti-node operation\n\nMulti-Node? Color me intrigued! \nRight now it appears to be under heavy development, but we’ll reach out to the developer to see if we can get an interview lined up at some point!\n\n\n\n\nThe Raspberry PI Platform and The Challenges of Developing FreeBSD\n\n\nBSDMag recently did an interview with FreeBSD developer Olesandr Rybalko!\nOleksandr lives in the Ukraine, and while you may not have heard of him, he has worked on some cool projects for FreeBSD including the new “vt” console driver (Which a lot of people are using now), and ARM/MIPS support.\nThe interview covers some of the work he’s done to get the PI support working with FreeBSD:\n\n\n\nI think, my main help here was a USB OTG driver, which I wrote before for another device (Ralink RT3052), then port it to R-Pi. But it was rewritten by Hans Peter Selasky. I do not know so much about USB as Hans knows.\n\nAnother useful part of my help is Xorg support. I did a simple Xorg video driver which uses framebuffer exported by virtual terminal subsystem. That is help to many guys to start use RPi as a simple desktop system.\n\n\n\nHe was also asked the question “Why would FreeBSD be good fit for ARM?”\n\n\n\nFreeBSD is very powerful as a network server. All modern network features in one box, with very fast processing.\n\nAnother good side of FreeBSD is modularity. It is not required to write code to use some driver that was already written for another system, you can just define it in configuration files (kernel config, kernel hints, FDT). So if you want build a nice, R-Pi based, home server – use FreeBSD. If you want to play with devices attached to R-Pi’s GPIO – use FreeBSD.\n\n\n\nHe also discusses his work on the ZRouter project, which is a very light-weight platform for tiny routers / embedded devices. But lastly the RPI comes up again, specifically asking him how interested individuals can get involved. Specifically the wiki.freebsd.org is a great reference point for those intested in getting started with FreeBSD on embedded. The warm community is also a plus!\n\n\n\n\nTrying out the FreeBSD powered TrueOS\n\n\nThe folks over at Phoronix have done an early look at the new TrueOS desktop images and given some of their thoughts. \nFirst up he gives props to the installer, noting that:\n\n\n\nThe TrueOS desktop installer is basically the same as from the PC-BSD days, just re-branded. Still one of the easiest BSD graphical installers I've dealt with and makes it a breeze for setting up a FreeBSD-on-ZFS system by default. \n\n\n\nAfter that they took it for a minimal spin, and thing mostly seem to be working. He mentions some of the default apps (Such as qupzilla and trojita) aren’t their favorite, but Lumina has come quite a ways for 1.0, despite a few rough edges still. (We are in the process of changing those default e-mail / browser apps)\nLastly the article mentions that it’s time to do a more full BSD round-up to see the state of installation of them, which we happen to have next!\n\n\nTrying out 8 BSDs on a modern PC\n\n\nFirst up was TrueOS again, which no major changes there, easy install and done.\nFrom there he tries out DragonFlyBSD, which he mentions that while the installer isn’t as easy, it is still one of his favorite BSD’s, working with all the hardware they’ve thrown at it.\nNext up was GhostBSD, which also has an Easy-To-Use graphical installer similar to TrueOS that made it quick to get loaded and up to the Mate desktop.\nAlso tested was FreeBSD 11.0-RC2, which he mentions was easy to installed, and once done then ‘pkg’ could be used to easily get the setup he wanted setup.\nTurning over to page two we get to the naughty list of BSD’s he had troubles with.\nFirst up was OpenBSD which he tried 6.0. After installation and first boot, the display kept ‘disappearing’ which meant he couldn’t get IP information to try SSH’ing into the box. Perhaps a display driver error?\nNetBSD 7 was up next, where the installer couldn’t get past a root device prompt. Most likely trouble finding the install media, which was the same story with MightnightBSD as well.\nAlso tested was “PacBSD” (Formerly ArchBSD) which he did manage to get installed, but not after major fighting with the process. After the process he ran into some issues getting packages up and running, but mentions it may have been bad timing due to them moving to a new server at the time.\n***\n\n\nIllumOS imports a modified FreeBSD boot loader to replace grub 0.97\n\n\nToomas Soome’s work to port the FreeBSD boot loader to IllumOS has been merged into illumos-gate, the upstream repository for all IllumOS distributions\nToomas’ work has also resulted in a number of commits to FreeBSD, and code sharing in both directions\nToomas helped me a lot with the building of the ZFS boot environment listing menu, even though on IllumOS they use a configuration file to list the BEs, rather than interrogating the live zpool like we do in FreeBSD\nToomas’ work to improve msdosfs and the block cache to speed up booting IllumOS also greatly helped FreeBSD\nThis work means IllumOS can now boot from a RAID-Z (the old grub they used could not), and if the work Toomas has done on FreeBSD is any indication, support for almost all other zpool features is also on the way\nThis work also sets IllumOS on a path to eventually having UEFI boot as well\nIt is good to see this work happening, FreeBSD technology being reused elsewhere, but also the improvements being made for IllumOS are coming back to FreeBSD, often landing upstream first, to make merging them into IllumOS easier.\nThe mailing list post describes how to convert existing systems away from grub, as well as how to opt to remain on grub for a while longer.\nGrub 0.97 is expected to be removed from IllumOS within a year.\n***\n\n\nBeastie Bits\n\n\nA demo of booting CentOS and Windows 10 in FreeBSD Bhyve through VNC headless\nThis year’s anemic output\n“PAM Mastery” ebook now out\nHow-to Install OpenBSD 6.0 plus XFCE desktop and basic applications\n***\n\n\nFeedback/Questions\n\n\n Piotr - LibreBoot  \n Alan - FreeBSD and PC-BSD \n Eduardo - Newcomers \n Greg - ZFS ACL’s \n Brian - Laptop Recs \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we’re going to be hearing about Allan’s trip to EuroBSDCon, plus an Interview about “Bro on BSD”! Stay tuned, for your place to\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eEuroBSDCon 2016 Wrapup\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://assets.keltia.net/photos/EuroBSDCon-2016/\" rel=\"nofollow\"\u003eOllivier Robert’s Photos from EuroBSDCon \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.jupiterbroadcasting.com/stickers/\" rel=\"nofollow\"\u003eGet your BSDNow die-cut stickers\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://discusscomputerx.blogspot.com/2016/09/netbsd-for-noobies-your-power-laptop.html\" rel=\"nofollow\"\u003eNetBSD for newbies - Develop your own Power PC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe don’t get to feature too many stories on NetBSD being deployed as a Power PC (Not PowerPC, you know, a Powerful “PC”), so we jumped at this one.\u003c/li\u003e\n\u003cli\u003eSpecifically it starts off with some of the pre-req’s that you’ll need to get started, such as NetBSD 7.0.1 / amd64, along with some information about which wireless nics you may be using. (NetBSD like other BSD’s will give a driver based device name for network interfaces)\u003c/li\u003e\n\u003cli\u003eFrom there, instructions on how to write your WPA_supplicant config are provided, in order for us to fetch the NetBSD sources and convert to their -STABLE branch.\u003c/li\u003e\n\u003cli\u003eAfter doing a CVS checkout of the sources, he then provides a walkthrough of doing a kernel compile / install, however it mentions changing the config, but doesn’t provide an example of what options were changed. Perhaps to remove drivers we don’t need?\u003c/li\u003e\n\u003cli\u003eAt this point the rest of the “desktop” setup is pretty straight forward. Some packages are added such as openbox, lxappearance, firefox, etc.\u003c/li\u003e\n\u003cli\u003eTo get working sound, firefox requires pulseaudio, which in turn needs dbus, so instructions on getting that service up and running are provided as well.\u003c/li\u003e\n\u003cli\u003eWhen it’s all said and done, you’ll end up with your shiny new NetBSD -STABLE desktop (or laptop), bragging rights achieved!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.poolp.org/tech/posts/2016/09/12/opensmtpd-6-0-0-released/\" rel=\"nofollow\"\u003eMore about OpenSMTPD 6.0.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenSMTPd 6.0.0 has just been released “and it\u0026#39;s quite different from former releases.”\u003c/li\u003e\n\u003cli\u003e“Unlike most of our releases, it comes out with almost no new feature.”, “Turns out most of the changes are not visible.”\u003c/li\u003e\n\u003cli\u003eChangelog:\n\n\u003cul\u003e\n\u003cli\u003enew fork+reexec model so each process has its own randomized memory space\u003c/li\u003e\n\u003cli\u003elogging format has been reworked\u003c/li\u003e\n\u003cli\u003ea \u0026quot;multi-line response\u0026quot; bug in the LMTP delivery backend has been fixed\u003c/li\u003e\n\u003cli\u003econnections concurrency limits have been bumped\u003c/li\u003e\n\u003cli\u003eartificial delaying in remote sessions have been reduced\u003c/li\u003e\n\u003cli\u003edhparams option has been removed\u003c/li\u003e\n\u003cli\u003edhe option has been added, supporting auto and legacy modes\u003c/li\u003e\n\u003cli\u003e smtp engine has been simplified\u003c/li\u003e\n\u003cli\u003evarious cosmetic changes, code cleanup and documentation improvement\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e“The OpenSMTPD bootstrap process was quite simple: Upon executation, the parent process would read configuration, build a memory representation of it and would then create a bunch of socketpair() before fork()-ing all of its child processes.”\u003c/li\u003e\n\u003cli\u003eThe problem is that this does not take advantage of the new address randomization feature. Each child will have the same memory layout, copied from the parent process\u003c/li\u003e\n\u003cli\u003e“So deraadt@ suggested that if OpenSMTPD would not just fork() children but instead fork() them and reexecute the smtpd binary, then each of the children would have its own randomized memory space.”\u003c/li\u003e\n\u003cli\u003e“The idea itself is neat, however not so trivial to implement because when we reexec the whole \u0026quot;inherit configuration and descriptors\u0026quot; part goes away. It\u0026#39;s not just fork and exec, it\u0026#39;s fork and exec and figure a way for the parent to pass back all the information and descriptors back to the new post-fork instance so it is the new instance that allocates memory and decides where the information goes.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ftfl.ca/blog/2016-09-17-zfs-fde-one-pool-conversion.html\" rel=\"nofollow\"\u003eUpgrade a FreeBSD 10.3 Installation with ZFS on Root and Full Disk Encryption to 11.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile FreeBSD 11.0 is not out yet, Joseph Mingrone has helped me work out and test the instructions for upgrading a FreeBSD 10.3 ZFS on full disk encryption setup (bootpool + zpool) to the new GELIBoot feature, which does not require any unencrypted partitions, just the 128kb bootcode\u003c/li\u003e\n\u003cli\u003eNote: Do not upgrade to FreeBSD 11.0 yet. While some images have landed on the FTP server, they do not contain the final openssl fix and are going to be recreated.\u003c/li\u003e\n\u003cli\u003eCurrently, GELIBoot does not support key files, so the first step is to reencrypt the master key with only a passphrase.\u003c/li\u003e\n\u003cli\u003eNext, to avoid GELIBoot picking up encrypted partitions that it does not support, or partitions you do not want decrypted at boot, only partitions with the GELIBoot flag are decrypted, so set the flag on your root partition\u003c/li\u003e\n\u003cli\u003eThen, move the loader, kernel, and other files into /boot on the root filesystem, instead of them living on the bootpool. This allows the kernel to be versioned with boot environments, and is the main purpose of this work\u003c/li\u003e\n\u003cli\u003eThen, install the newer gptzfsboot, as this is required to support GELIBoot\u003c/li\u003e\n\u003cli\u003eThe old 2gb bootpool partition is then purposely mislabeled as freebsd-vinum, so it is not picked up by the boot blocks. Later, if the upgrade is successful, this partition can be deleted, and used as addition swap or something\u003c/li\u003e\n\u003cli\u003eIn order to boot correctly, you want all boot environments to have the ‘canmount’ ZFS property set to ‘noauto’\u003c/li\u003e\n\u003cli\u003eThank you to Joseph for taking the time to prod me for the information required to write this up, and for testing it and finding all of the issues \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Michael Shirk - \u003ca href=\"mailto:mshirk@daemon-security.com\" rel=\"nofollow\"\u003emshirk@daemon-security.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/shirkdog\" rel=\"nofollow\"\u003e@shirkdog\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eRunning Bro on BSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://clonos.tekroutine.com/\" rel=\"nofollow\"\u003eFreeBSD based distro for virtual hosting platform and appliance\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting new FreeBSD-based project as shown up online, called “ClonOS”, which bills itself as a “free open-source FreeBSD-based platform for virtual environments creation and management”\u003c/li\u003e\n\u003cli\u003eIt looks to be leveraging an impressive list of technologies, including Bhyve, Xen, Jails and CBSD / Puppet for management tasks.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAmong its list of features:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS features support;\u003c/li\u003e\n\u003cli\u003eVM cloning, export, import\u003c/li\u003e\n\u003cli\u003eEthernet SoftSwitch for separated networking\u003c/li\u003e\n\u003cli\u003ejails for lightweight container\u003c/li\u003e\n\u003cli\u003eVNC terminal for VM/containers\u003c/li\u003e\n\u003cli\u003eTemplates for VM/containers\u003c/li\u003e\n\u003cli\u003eConfiguration management/helpers\u003c/li\u003e\n\u003cli\u003eMulti-node operation\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eMulti-Node? Color me intrigued! \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eRight now it appears to be under heavy development, but we’ll reach out to the developer to see if we can get an interview lined up at some point!\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/oleksandr_rybalko/\" rel=\"nofollow\"\u003eThe Raspberry PI Platform and The Challenges of Developing FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDMag recently did an interview with FreeBSD developer Olesandr Rybalko!\u003c/li\u003e\n\u003cli\u003eOleksandr lives in the Ukraine, and while you may not have heard of him, he has worked on some cool projects for FreeBSD including the new “vt” console driver (Which a lot of people are using now), and ARM/MIPS support.\u003c/li\u003e\n\u003cli\u003eThe interview covers some of the work he’s done to get the PI support working with FreeBSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI think, my main help here was a USB OTG driver, which I wrote before for another device (Ralink RT3052), then port it to R-Pi. But it was rewritten by Hans Peter Selasky. I do not know so much about USB as Hans knows.\u003c/p\u003e\n\n\u003cp\u003eAnother useful part of my help is Xorg support. I did a simple Xorg video driver which uses framebuffer exported by virtual terminal subsystem. That is help to many guys to start use RPi as a simple desktop system.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe was also asked the question “Why would FreeBSD be good fit for ARM?”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD is very powerful as a network server. All modern network features in one box, with very fast processing.\u003c/p\u003e\n\n\u003cp\u003eAnother good side of FreeBSD is modularity. It is not required to write code to use some driver that was already written for another system, you can just define it in configuration files (kernel config, kernel hints, FDT). So if you want build a nice, R-Pi based, home server – use FreeBSD. If you want to play with devices attached to R-Pi’s GPIO – use FreeBSD.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe also discusses his work on the ZRouter project, which is a very light-weight platform for tiny routers / embedded devices. But lastly the RPI comes up again, specifically asking him how interested individuals can get involved. Specifically the wiki.freebsd.org is a great reference point for those intested in getting started with FreeBSD on embedded. The warm community is also a plus!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.phoronix.com/scan.php?page=news_item\u0026px=TrueOS-First-Spin\" rel=\"nofollow\"\u003eTrying out the FreeBSD powered TrueOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe folks over at Phoronix have done an early look at the new TrueOS desktop images and given some of their thoughts. \u003c/li\u003e\n\u003cli\u003eFirst up he gives props to the installer, noting that:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe TrueOS desktop installer is basically the same as from the PC-BSD days, just re-branded. Still one of the easiest BSD graphical installers I\u0026#39;ve dealt with and makes it a breeze for setting up a FreeBSD-on-ZFS system by default. \u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter that they took it for a minimal spin, and thing mostly seem to be working. He mentions some of the default apps (Such as qupzilla and trojita) aren’t their favorite, but Lumina has come quite a ways for 1.0, despite a few rough edges still. (We are in the process of changing those default e-mail / browser apps)\u003c/li\u003e\n\u003cli\u003eLastly the article mentions that it’s time to do a more full BSD round-up to see the state of installation of them, which we happen to have next!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.phoronix.com/scan.php?page=article\u0026item=trying-8-bsds\u0026num=1\" rel=\"nofollow\"\u003eTrying out 8 BSDs on a modern PC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirst up was TrueOS again, which no major changes there, easy install and done.\u003c/li\u003e\n\u003cli\u003eFrom there he tries out DragonFlyBSD, which he mentions that while the installer isn’t as easy, it is still one of his favorite BSD’s, working with all the hardware they’ve thrown at it.\u003c/li\u003e\n\u003cli\u003eNext up was GhostBSD, which also has an Easy-To-Use graphical installer similar to TrueOS that made it quick to get loaded and up to the Mate desktop.\u003c/li\u003e\n\u003cli\u003eAlso tested was FreeBSD 11.0-RC2, which he mentions was easy to installed, and once done then ‘pkg’ could be used to easily get the setup he wanted setup.\u003c/li\u003e\n\u003cli\u003eTurning over to page two we get to the naughty list of BSD’s he had troubles with.\u003c/li\u003e\n\u003cli\u003eFirst up was OpenBSD which he tried 6.0. After installation and first boot, the display kept ‘disappearing’ which meant he couldn’t get IP information to try SSH’ing into the box. Perhaps a display driver error?\u003c/li\u003e\n\u003cli\u003eNetBSD 7 was up next, where the installer couldn’t get past a root device prompt. Most likely trouble finding the install media, which was the same story with MightnightBSD as well.\u003c/li\u003e\n\u003cli\u003eAlso tested was “PacBSD” (Formerly ArchBSD) which he did manage to get installed, but not after major fighting with the process. After the process he ran into some issues getting packages up and running, but mentions it may have been bad timing due to them moving to a new server at the time.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.listbox.com/member/archive/182181/2016/09/sort/time_rev/page/1/entry/0:1/20160923124232:B7978ED4-81AC-11E6-A6DA-02E3F010038B/\" rel=\"nofollow\"\u003eIllumOS imports a modified FreeBSD boot loader to replace grub 0.97\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eToomas Soome’s work to port the FreeBSD boot loader to IllumOS has been merged into illumos-gate, the upstream repository for all IllumOS distributions\u003c/li\u003e\n\u003cli\u003eToomas’ work has also resulted in a number of commits to FreeBSD, and code sharing in both directions\u003c/li\u003e\n\u003cli\u003eToomas helped me a lot with the building of the ZFS boot environment listing menu, even though on IllumOS they use a configuration file to list the BEs, rather than interrogating the live zpool like we do in FreeBSD\u003c/li\u003e\n\u003cli\u003eToomas’ work to improve msdosfs and the block cache to speed up booting IllumOS also greatly helped FreeBSD\u003c/li\u003e\n\u003cli\u003eThis work means IllumOS can now boot from a RAID-Z (the old grub they used could not), and if the work Toomas has done on FreeBSD is any indication, support for almost all other zpool features is also on the way\u003c/li\u003e\n\u003cli\u003eThis work also sets IllumOS on a path to eventually having UEFI boot as well\u003c/li\u003e\n\u003cli\u003eIt is good to see this work happening, FreeBSD technology being reused elsewhere, but also the improvements being made for IllumOS are coming back to FreeBSD, often landing upstream first, to make merging them into IllumOS easier.\u003c/li\u003e\n\u003cli\u003eThe mailing list post describes how to convert existing systems away from grub, as well as how to opt to remain on grub for a while longer.\u003c/li\u003e\n\u003cli\u003eGrub 0.97 is expected to be removed from IllumOS within a year.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=8YQQfXqtyaA\" rel=\"nofollow\"\u003eA demo of booting CentOS and Windows 10 in FreeBSD Bhyve through VNC headless\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2762\" rel=\"nofollow\"\u003eThis year’s anemic output\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2771\" rel=\"nofollow\"\u003e“PAM Mastery” ebook now out\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=oC5D9fenQBs\" rel=\"nofollow\"\u003eHow-to Install OpenBSD 6.0 plus XFCE desktop and basic applications\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/yniniNpV\" rel=\"nofollow\"\u003e Piotr - LibreBoot \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/dCNX0yF7\" rel=\"nofollow\"\u003e Alan - FreeBSD and PC-BSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/LndNeAYb\" rel=\"nofollow\"\u003e Eduardo - Newcomers\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/F0y6L6NK\" rel=\"nofollow\"\u003e Greg - ZFS ACL’s\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/sqMPJGMM\" rel=\"nofollow\"\u003e Brian - Laptop Recs\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we’re going to be hearing about Allan’s trip to EuroBSDCon, plus an Interview about “Bro on BSD”! Stay tuned, for your place to","date_published":"2016-09-28T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/36da27b4-412f-4eac-9d44-5ffb73ed18a4.mp3","mime_type":"audio/mpeg","size_in_bytes":72823828,"duration_in_seconds":6068}]},{"id":"37c0aa7b-2dd0-4ec8-b6d5-7f21831c73a6","title":"160: EuroBSD-Dreamin","url":"https://www.bsdnow.tv/160","content_text":"This week on BSDNow, Allan is currently at EuroBSDCon! However due to the magic of video (or time travel), you still get a new episode. (You’re Welcome!). Stay tuned\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nPerformance Improvements for FreeBSD Kernel Debugging\n\n\n“We previously explored FreeBSD userspace coredumps. Backtrace’s debugging platform supports FreeBSD kernel coredumps too, and their traces share many features. They are constructed somewhat differently, and in the process of adding support for them, we found a way to improve performance for automated programs accessing them.”\n“A kernel core is typically only generated in exceptional circumstances. Unlike userspace processes, kernel routines cannot fault without sacrificing the machine’s availability. This means things like page faults and illegal instructions inside the kernel stop the machine, instead of just one process. At that point, in most cases, it is only usable enough to inspect its state in a debugger, or to generate a core file.”\nNo one likes it when this happens. This is why backtrace.io is focused on being able to figure out why it is happening\n“A FreeBSD kernel core file can be formatted in several different ways. This depends on which type of dump was performed. Full core dumps are ELF files, similar in structure to userspace core files. However, as RAM size grew, this became more difficult to manage. In 2006, FreeBSD introduced minidumps, which are much smaller without making the core file useless. This has been the default dump type since FreeBSD 6.0.”\nThe article goes into detail on the minidump format, and some basic debugging techniques\n“Libkvm will first determine whether the virtual address lies within the kernel or direct maps. If it lies in the kernel map, libkvm will consult the page table pages to discover the corresponding physical address. If it lies in the direct map, it can simply mask off the direct map base address. If neither of these applies, the address is illegal. This process is encapsulated by va_to_pa, or “virtual address to physical address”. Once the physical address is determined, libkvm consults the core file’s bitmap to figure out where in the core file it is located.”\n“minidumps include a sparse bitmap indicating the pages that are included. These pages are dumped sequentially in the last section. Because they are sparse in a not entirely predictable way, figuring the offset into the dump for a particular physical address cannot be reduced to a trivial formula.”\nThe article goes into detail about how lookups against this map are slow, and how they were improved\n“For typical manual debugger use, the impact of this change isn’t noticeable, which is probably why the hash table implementation has been in use for 10 years. However, for any automated debugging process, the extra latency adds up quickly.”\n“On a sample 8GB kernel core file (generated on a 128GB server), crashinfo improves from 44 seconds to 9 seconds, and uses 30% less memory”\n“Backtrace began shipping a version of this performance improvement in ptrace in February 2016. This enables us to also offer significantly faster tracing of FreeBSD kernel cores to customers running current and older releases of FreeBSD. On July 17, 2016, our work improving libkvm scaling was committed to FreeBSD/head. It will ship with FreeBSD 12.0.”\n***\n\n\nOpenBSD gunzip pipeline tightening\n\n\nOpenBSD has rethought the way they handle package signing\nChanging from: 1/ fetch data -\u0026gt; 2/ uncompress it -\u0026gt; 3/ check signature -\u0026gt; 4/ process data\nTo: 1/ fetch data -\u0026gt; 2/ check signature -\u0026gt; 3/ uncompress -\u0026gt; 4/ process data\n“The solution is to move the signature outside of the gzip header”\n“Now, Since step 1/ is privsep, as long as step 2 is airtight, 3/ and 4/are no longer vulnerable”\nGuidelines:\n\n\nsmall, self-contained code to parse simple gzip headers\nsignify-style  signature in the gzip comment. Contains checksums of 64K blocks of the compressed archive\ndon't even think about passing the original gzip header through\nuse as a pipeline step: does not need to download full archive to use it, and never ever pass any data to the gunzip part before it's been verified.\n\n“Note that afaik we haven't had any hole in our gunzipping process. Well… waiting for an accident to happen is not how we do things.  Hopefully, this should prevent future mishaps.”\n***\n\n\nOpenVPN On FreeBSD 10.3\n\n\n“While trying to setup OpenVPN, I noticed there was no up-to-date information with correct instructions. OpenVPN uses EasyRSA to setup keys, it has recently been changed in version 3. As a result of this, the old steps to configure OpenVPN are no longer correct. I went through the process of setting up a VPN using OpenVPN on FreeBSD 10.3.”\nI know FreeBSD developer Adrian Chadd complained about this exact problem when he was trying to setup a VPN before attending DEFCON\nThe tutorial walks through the basic steps:\n\n\nInstall the needed software\nConfigure EasyRSA\nCreate a CA\nGenerate keys and DH params\nOpenVPN Server Config\nOpenVPN Client Config\nStarting the daemon\n\nIt even finishes off with bonus instructions on Port Forwarding, Firewalls, and Dynamic DNS\n***\n\n\nlsop\n\n\nLSOP is the tool a bunch of users have been asking for\n“a FreeBSD utility to list all processes running with outdated binaries or shared libraries”\nHow does it work? “lsop iterates over all running processes and looks through memory-mapped files with read + execute access; then it checks if those files are still available or have been modified/deleted.”\nHow would you use it? After installing an system update (that doesn’t require a reboot to update the kernel), or upgrade your packages, you still need to know which daemons need to be restarted to use the patched libraries and binaries\nThis tool gives you that list\nThanks to Bogdan Boyadzhiev for writing this much needed tool\n***\n\n\nNews Roundup\n\nOpenBSD 2016 Fundraising Campaign\n\n\nThe OpenBSD fund-raising campaign has given us a status update on the state of 2016.\nThey start by giving us a re-cap of previous years:\n“2015 was a good year for the foundation financially, with one platinum, one gold, four silver and 3 bronze donors providing half of our total donations. 680 individuals making smaller contributions provided the other half. While the total was down significantly after 2014’s blockbuster year, we again exceeded our goal.”\nAs of Sept 5th, they were at approx $115k out of a total goal of 250k. \nIf you are an OpenBSD user, remember to contribute before the end of the year. Small amounts help, and the money of course goes to great causes such as hackathons and running the OpenBSD infrastructure.\n\n\n\n\nUpdate firewall Bad Countries\n\n\nNetwork and Systems admins know, sometimes when all else fails you need to break out the HUGE ban-hammer. In this case sometimes entire countries get put on the excrement list until the attacks stop.\nWe have a handy GitHub project today, which will assist you in doing exactly that, enter update-fw-BC. (Update firewall by country)\nThis perl script may be your savior when dealing with instances that require major brute force. It specifically works with IPFW, PF and IPTABLES, which will allow it to run across a variety of BSD’s or even Linux.\nIt will ingest a list of IP’s that you feed it (perhaps from another tool such as sshguard) and determine what block the IP belongs to, and match according to country. \nDetailed setup instructions for the various firewalls are included, and some instructions for FreeBSD, although using it on OpenBSD or other $BSD should also be easy to adapt.\n***\n\n\nMore utilities via moreutils\n\n\nIn most BSDs, the “core” set of utilities and commands are just part of the base system, but on Linux, they are usually provided by the “coreutils” package.\nHowever, on Linux and now FreeBSD, there is a “moreutils” package, that provides a number of interesting additional basic utilities, including:\n\n\nchronic: Run a task via crontab, and only generate output if the task fails\ncombine: binary AND two text files together, only displaying lines that are in both files\nerrno: look up the text description of a specific error number\nifdata: parse out specific information from ifconfig\nifne: if-not-empty, only run a command if the output of the pipe is not blank\nisutf8: determine if a file or stdin contains utf8\nlckdo: execute a command with a lock held, to prevent a second copy from spawning\nmispipe: return the exit code of the first command in a pipe chain, rather than the last\nparallel: run multiple jobs at once\npee: tee standard input to multiple pipes\nsponge: write standard input to a file, allows you to overwrite a file in place: sort file | sponge file\nts: add a timestamp to each line of standard input\nvidir: edit a directory in vi, great for bulk renames\nvipe: insert vi into a pipe, edit the content before it is passed to the next command\nzrun: uncompress the arguments before passing them. Like gzless and friends, but for any command\n\nJust goes to show the power of the original UNIX philosophy, chaining together a bunch of small useful tools to do really powerful things\n***\n\n\nOpenBSD: SNI support added to libtls, httpd in –current\n\n\nlibtls, LibreSSL’s improved API to replace the OpenSSL standard, now has a set of functions to implement SNI (Server Name Indication) \nUntil a few years ago, each different SSL/TLS enabled website required a unique IP address, because typical HTTP Virtual Hosting (differentiating which content to serve based on the Host header in the HTTP request), didn’t work because the request was encrypted.\nFinally the TLS standard was updated to include the hostname of the site the user is requesting in the TLS handshake, so the server can return the corresponding certificate, and multiple TLS enabled websites can be hosted on a single IP address\nThe new API includes the ability to provide additional keypairs (via tls_config_add_keypair_{file,mem}())\nAnd allow the server to determine what servername the client requested viatls_conn_servername()\nThis is much easier to use, and therefore safer and less error prone, than the OpenSSL API\nThe libtls API is used in a number of OpenBSD tools, including the httpd\n***\n\n\nBeastie Bits\n\n\nShawn Webb of HardenedBSD joins the OPNSense Core Team \nHow to install 2.11 BSD on a (simulated) PDP11\nOpenBSD Puffy needlepoint pixelart\nPulseAudio has been removed from dports (DragonFly BSD) \npfSense 2.4 pre-alpha available for testing, based on FreeBSD 11.0 \nCall for Testing - Bhyve HDA Sound Emulation  \n***\n\n\nFeedback/Questions\n\n\n Matthew - ZFS Hole Birth \n Hunter - systemd-mount  \n Anonymous - Cool’n’quiet \n Nathan - Datacenter  \n Chuck - OpenBSD w/DO \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, Allan is currently at EuroBSDCon! However due to the magic of video (or time travel), you still get a new episode. (You’re Welcome!). Stay tuned\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://backtrace.io/blog/blog/2016/08/25/improving-freebsd-kernel-debugging/\" rel=\"nofollow\"\u003ePerformance Improvements for FreeBSD Kernel Debugging\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“We previously \u003ca href=\"http://backtrace.io/blog/blog/2015/10/03/whats-a-coredump\" rel=\"nofollow\"\u003eexplored FreeBSD userspace coredumps\u003c/a\u003e. Backtrace’s debugging platform supports FreeBSD kernel coredumps too, and their traces share many features. They are constructed somewhat differently, and in the process of adding support for them, we found a way to improve performance for automated programs accessing them.”\u003c/li\u003e\n\u003cli\u003e“A kernel core is typically only generated in exceptional circumstances. Unlike userspace processes, kernel routines cannot fault without sacrificing the machine’s availability. This means things like page faults and illegal instructions inside the kernel stop the machine, instead of just one process. At that point, in most cases, it is only usable enough to inspect its state in a debugger, or to generate a core file.”\u003c/li\u003e\n\u003cli\u003eNo one likes it when this happens. This is why backtrace.io is focused on being able to figure out why it is happening\u003c/li\u003e\n\u003cli\u003e“A FreeBSD kernel core file can be formatted in several different ways. This depends on which type of dump was performed. Full core dumps are ELF files, similar in structure to userspace core files. However, as RAM size grew, this became more difficult to manage. In 2006, FreeBSD introduced minidumps, which are much smaller without making the core file useless. This has been the default dump type since FreeBSD 6.0.”\u003c/li\u003e\n\u003cli\u003eThe article goes into detail on the minidump format, and some basic debugging techniques\u003c/li\u003e\n\u003cli\u003e“Libkvm will first determine whether the virtual address lies within the kernel or direct maps. If it lies in the kernel map, libkvm will consult the page table pages to discover the corresponding physical address. If it lies in the direct map, it can simply mask off the direct map base address. If neither of these applies, the address is illegal. This process is encapsulated by va_to_pa, or “virtual address to physical address”. Once the physical address is determined, libkvm consults the core file’s bitmap to figure out where in the core file it is located.”\u003c/li\u003e\n\u003cli\u003e“minidumps include a sparse bitmap indicating the pages that are included. These pages are dumped sequentially in the last section. Because they are sparse in a not entirely predictable way, figuring the offset into the dump for a particular physical address cannot be reduced to a trivial formula.”\u003c/li\u003e\n\u003cli\u003eThe article goes into detail about how lookups against this map are slow, and how they were improved\u003c/li\u003e\n\u003cli\u003e“For typical manual debugger use, the impact of this change isn’t noticeable, which is probably why the hash table implementation has been in use for 10 years. However, for any automated debugging process, the extra latency adds up quickly.”\u003c/li\u003e\n\u003cli\u003e“On a sample 8GB kernel core file (generated on a 128GB server), crashinfo improves from 44 seconds to 9 seconds, and uses 30% less memory”\u003c/li\u003e\n\u003cli\u003e“Backtrace began shipping a version of this performance improvement in ptrace in February 2016. This enables us to also offer significantly faster tracing of FreeBSD kernel cores to customers running current and older releases of FreeBSD. On July 17, 2016, our work improving libkvm scaling was committed to FreeBSD/head. It will ship with FreeBSD 12.0.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.mail-archive.com/tech@openbsd.org/msg34035.html\" rel=\"nofollow\"\u003eOpenBSD gunzip pipeline tightening\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has rethought the way they handle package signing\u003c/li\u003e\n\u003cli\u003eChanging from: 1/ fetch data -\u0026gt; 2/ uncompress it -\u0026gt; 3/ check signature -\u0026gt; 4/ process data\u003c/li\u003e\n\u003cli\u003eTo: 1/ fetch data -\u0026gt; 2/ check signature -\u0026gt; 3/ uncompress -\u0026gt; 4/ process data\u003c/li\u003e\n\u003cli\u003e“The solution is to move the signature outside of the gzip header”\u003c/li\u003e\n\u003cli\u003e“Now, Since step 1/ is privsep, as long as step 2 is airtight, 3/ and 4/are no longer vulnerable”\u003c/li\u003e\n\u003cli\u003eGuidelines:\n\n\u003cul\u003e\n\u003cli\u003esmall, self-contained code to parse simple gzip headers\u003c/li\u003e\n\u003cli\u003esignify-style  signature in the gzip comment. Contains checksums of 64K blocks of the compressed archive\u003c/li\u003e\n\u003cli\u003edon\u0026#39;t even think about passing the original gzip header through\u003c/li\u003e\n\u003cli\u003euse as a pipeline step: does not need to download full archive to use it, and never ever pass any data to the gunzip part before it\u0026#39;s been verified.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e“Note that afaik we haven\u0026#39;t had any hole in our gunzipping process. Well… waiting for an accident to happen is not how we do things.  Hopefully, this should prevent future mishaps.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ramsdenj.com/2016/07/25/openvpn-on-freebsd-10_3.html\" rel=\"nofollow\"\u003eOpenVPN On FreeBSD 10.3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“While trying to setup OpenVPN, I noticed there was no up-to-date information with correct instructions. OpenVPN uses EasyRSA to setup keys, it has recently been changed in version 3. As a result of this, the old steps to configure OpenVPN are no longer correct. I went through the process of setting up a VPN using OpenVPN on FreeBSD 10.3.”\u003c/li\u003e\n\u003cli\u003eI know FreeBSD developer Adrian Chadd complained about this exact problem when he was trying to setup a VPN before attending DEFCON\u003c/li\u003e\n\u003cli\u003eThe tutorial walks through the basic steps:\n\n\u003cul\u003e\n\u003cli\u003eInstall the needed software\u003c/li\u003e\n\u003cli\u003eConfigure EasyRSA\u003c/li\u003e\n\u003cli\u003eCreate a CA\u003c/li\u003e\n\u003cli\u003eGenerate keys and DH params\u003c/li\u003e\n\u003cli\u003eOpenVPN Server Config\u003c/li\u003e\n\u003cli\u003eOpenVPN Client Config\u003c/li\u003e\n\u003cli\u003eStarting the daemon\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eIt even finishes off with bonus instructions on Port Forwarding, Firewalls, and Dynamic DNS\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/606u/lsop\" rel=\"nofollow\"\u003elsop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLSOP is the tool a bunch of users have been asking for\u003c/li\u003e\n\u003cli\u003e“a FreeBSD utility to list all processes running with outdated binaries or shared libraries”\u003c/li\u003e\n\u003cli\u003eHow does it work? “lsop iterates over all running processes and looks through memory-mapped files with read + execute access; then it checks if those files are still available or have been modified/deleted.”\u003c/li\u003e\n\u003cli\u003eHow would you use it? After installing an system update (that doesn’t require a reboot to update the kernel), or upgrade your packages, you still need to know which daemons need to be restarted to use the patched libraries and binaries\u003c/li\u003e\n\u003cli\u003eThis tool gives you that list\u003c/li\u003e\n\u003cli\u003eThanks to Bogdan Boyadzhiev for writing this much needed tool\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsdfoundation.org/campaign2016.html\" rel=\"nofollow\"\u003eOpenBSD 2016 Fundraising Campaign\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenBSD fund-raising campaign has given us a status update on the state of 2016.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThey start by giving us a re-cap of previous years:\u003cbr\u003e\n“2015 was a good year for the foundation financially, with one platinum, one gold, four silver and 3 bronze donors providing half of our total donations. 680 individuals making smaller contributions provided the other half. While the total was down significantly after 2014’s blockbuster year, we again exceeded our goal.”\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAs of Sept 5th, they were at approx $115k out of a total goal of 250k. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIf you are an OpenBSD user, remember to contribute before the end of the year. Small amounts help, and the money of course goes to great causes such as hackathons and running the OpenBSD infrastructure.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/KaiLoi/update-fw-BC\" rel=\"nofollow\"\u003eUpdate firewall Bad Countries\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetwork and Systems admins know, sometimes when all else fails you need to break out the HUGE ban-hammer. In this case sometimes entire countries get put on the excrement list until the attacks stop.\u003c/li\u003e\n\u003cli\u003eWe have a handy GitHub project today, which will assist you in doing exactly that, enter update-fw-BC. (Update firewall by country)\u003c/li\u003e\n\u003cli\u003eThis perl script may be your savior when dealing with instances that require major brute force. It specifically works with IPFW, PF and IPTABLES, which will allow it to run across a variety of BSD’s or even Linux.\u003c/li\u003e\n\u003cli\u003eIt will ingest a list of IP’s that you feed it (perhaps from another tool such as sshguard) and determine what block the IP belongs to, and match according to country. \u003c/li\u003e\n\u003cli\u003eDetailed setup instructions for the various firewalls are included, and some instructions for FreeBSD, although using it on OpenBSD or other $BSD should also be easy to adapt.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20160822#tips\" rel=\"nofollow\"\u003eMore utilities via moreutils\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn most BSDs, the “core” set of utilities and commands are just part of the base system, but on Linux, they are usually provided by the “coreutils” package.\u003c/li\u003e\n\u003cli\u003eHowever, on Linux and now FreeBSD, there is a “moreutils” package, that provides a number of interesting additional basic utilities, including:\n\n\u003cul\u003e\n\u003cli\u003echronic: Run a task via crontab, and only generate output if the task fails\u003c/li\u003e\n\u003cli\u003ecombine: binary AND two text files together, only displaying lines that are in both files\u003c/li\u003e\n\u003cli\u003eerrno: look up the text description of a specific error number\u003c/li\u003e\n\u003cli\u003eifdata: parse out specific information from ifconfig\u003c/li\u003e\n\u003cli\u003eifne: if-not-empty, only run a command if the output of the pipe is not blank\u003c/li\u003e\n\u003cli\u003eisutf8: determine if a file or stdin contains utf8\u003c/li\u003e\n\u003cli\u003elckdo: execute a command with a lock held, to prevent a second copy from spawning\u003c/li\u003e\n\u003cli\u003emispipe: return the exit code of the first command in a pipe chain, rather than the last\u003c/li\u003e\n\u003cli\u003eparallel: run multiple jobs at once\u003c/li\u003e\n\u003cli\u003epee: tee standard input to multiple pipes\u003c/li\u003e\n\u003cli\u003esponge: write standard input to a file, allows you to overwrite a file in place: sort file | sponge file\u003c/li\u003e\n\u003cli\u003ets: add a timestamp to each line of standard input\u003c/li\u003e\n\u003cli\u003evidir: edit a directory in vi, great for bulk renames\u003c/li\u003e\n\u003cli\u003evipe: insert vi into a pipe, edit the content before it is passed to the next command\u003c/li\u003e\n\u003cli\u003ezrun: uncompress the arguments before passing them. Like gzless and friends, but for any command\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eJust goes to show the power of the original UNIX philosophy, chaining together a bunch of small useful tools to do really powerful things\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160823100144\" rel=\"nofollow\"\u003eOpenBSD: SNI support added to libtls, httpd in –current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003elibtls, LibreSSL’s improved API to replace the OpenSSL standard, now has a set of functions to implement SNI (Server Name Indication) \u003c/li\u003e\n\u003cli\u003eUntil a few years ago, each different SSL/TLS enabled website required a unique IP address, because typical HTTP Virtual Hosting (differentiating which content to serve based on the Host header in the HTTP request), didn’t work because the request was encrypted.\u003c/li\u003e\n\u003cli\u003eFinally the TLS standard was updated to include the hostname of the site the user is requesting in the TLS handshake, so the server can return the corresponding certificate, and multiple TLS enabled websites can be hosted on a single IP address\u003c/li\u003e\n\u003cli\u003eThe new API includes the ability to provide additional keypairs (via tls_config_add_keypair_{file,mem}())\u003c/li\u003e\n\u003cli\u003eAnd allow the server to determine what servername the client requested viatls_conn_servername()\u003c/li\u003e\n\u003cli\u003eThis is much easier to use, and therefore safer and less error prone, than the OpenSSL API\u003c/li\u003e\n\u003cli\u003eThe libtls API is used in a number of OpenBSD tools, including the httpd\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://opnsense.org/new-core-team-member/\" rel=\"nofollow\"\u003eShawn Webb of HardenedBSD joins the OPNSense Core Team\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://vak.ru/doku.php/proj/pdp11/211bsd\" rel=\"nofollow\"\u003eHow to install 2.11 BSD on a (simulated) PDP11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nemessica.tintagel.pl/blog/OpenBSD-Puffy/\" rel=\"nofollow\"\u003eOpenBSD Puffy needlepoint pixelart\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-August/313010.html\" rel=\"nofollow\"\u003ePulseAudio has been removed from dports (DragonFly BSD)\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.pfsense.org/?p=2118\" rel=\"nofollow\"\u003epfSense 2.4 pre-alpha available for testing, based on FreeBSD 11.0 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2016-September/004700.html\" rel=\"nofollow\"\u003eCall for Testing - Bhyve HDA Sound Emulation \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/CrZiDAF0\" rel=\"nofollow\"\u003e Matthew - ZFS Hole Birth\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/GztjY4wz\" rel=\"nofollow\"\u003e Hunter - systemd-mount \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/gG4j4RCi\" rel=\"nofollow\"\u003e Anonymous - Cool’n’quiet\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/9XgPzMM9\" rel=\"nofollow\"\u003e Nathan - Datacenter \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/FM2xYcxh\" rel=\"nofollow\"\u003e Chuck - OpenBSD w/DO\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, Allan is currently at EuroBSDCon! However due to the magic of video (or time travel), you still get a new episode. (You’re Welcome!). Stay tuned","date_published":"2016-09-21T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/37c0aa7b-2dd0-4ec8-b6d5-7f21831c73a6.mp3","mime_type":"audio/mpeg","size_in_bytes":35557780,"duration_in_seconds":2963}]},{"id":"f3978698-0f12-4129-b880-c3190272bd36","title":"159: Net Scaling Privacy (Flix Style)","url":"https://www.bsdnow.tv/159","content_text":"This week on BSDNow! We’ve got Netflix + FreeBSD news to discuss, always a crowd pleaser, that plus EuroBSDCon is just around the corner. Stick around for your place\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nProtecting Netflix Viewing Privacy at Scale, with FreeBSD\n\n\nThis blog post from Netflix tells the story of how Netflix developed in-kernel TLS to speed up delivery of video via HTTPS\n\n\n\nSince the beginning of the Open Connect program we have significantly increased the efficiency of our OCAs - from delivering 8 Gbps of throughput from a single server in 2012 to over 90 Gbps from a single server in 2016. We contribute to this effort on the software side by optimizing every aspect of the software for our unique use case - in particular, focusing on the open source FreeBSD operating system and the NGINX web server that run on the OCAs.\n\nIn the modern internet world, we have to focus not only on efficiency, but also security. There are many state-of-the-art security mechanisms in place at Netflix, including Transport Level Security (TLS) encryption of customer information, search queries, and other confidential data. We have always relied on pre-encoded Digital Rights Management (DRM) to secure our video streams. Over the past year, we’ve begun to use Secure HTTP (HTTP over TLS or HTTPS) to encrypt the transport of the video content as well. This helps protect member privacy, particularly when the network is insecure - ensuring that our members are safe from eavesdropping by anyone who might want to record their viewing habits.\n\nThe goal is to ensure that your government, ISP, and wifi sniffing neighbour cannot tell which Netflix videos you are watching\n\nNetflix Open Connect serves over 125 million hours of content per day, all around the world. Given our scale, adding the overhead of TLS encryption calculations to our video stream transport had the potential to greatly reduce the efficiency of our global infrastructure.\n\nWe evaluated available and applicable ciphers and decided to primarily use the Advanced Encryption Standard (AES) cipher in Galois/Counter Mode (GCM), available starting in TLS 1.2. We chose AES-GCM over the Cipher Block Chaining (CBC) method, which comes at a higher computational cost. The AES-GCM cipher algorithm encrypts and authenticates the message simultaneously - as opposed to AES-CBC, which requires an additional pass over the data to generate keyed-hash message authentication code (HMAC). CBC can still be used as a fallback for clients that cannot support the preferred method.\n\nAll revisions of Open Connect Appliances also have Intel CPUs that support AES-NI, the extension to the x86 instruction set designed to improve encryption and decryption performance. We needed to determine the best implementation of AES-GCM with the AES-NI instruction set, so we investigated alternatives to OpenSSL, including BoringSSL and the Intel Intelligent Storage Acceleration Library (ISA-L).\n\nNetflix and NGINX had previously worked together to improve our HTTP client request and response time via the use of sendfile calls to perform a zero-copy data flow from storage (HDD or SSD) to network socket, keeping the data in the kernel memory address space and relieving some of the CPU burden. The Netflix team specifically added the ability to make the sendfile calls asynchronous - further reducing the data path and enabling more simultaneous connections. However, TLS functionality, which requires the data to be passed to the application layer, was incompatible with the sendfile approach.\n\nTo retain the benefits of the sendfile model while adding TLS functionality, we designed a hybrid TLS scheme whereby session management stays in the application space, but the bulk encryption is inserted into the sendfile data pipeline in the kernel. This extends sendfile to support encrypting data for TLS/SSL connections.\n\nWe tested the BoringSSL and ISA-L AES-GCM implementations with our sendfile improvements against a baseline of OpenSSL (with no sendfile changes), under typical Netflix traffic conditions on three different OCA hardware types. Our changes in both the BoringSSL and ISA-L test situations significantly increased both CPU utilization and bandwidth over baseline - increasing performance by up to 30%, depending on the OCA hardware version. We chose the ISA-L cipher implementation, which had slightly better results. With these improvements in place, we can continue the process of adding TLS to our video streams for clients that support it, without suffering prohibitive performance hits.\n\n\n\nIf you would like more detail, check out the papers from AsiaBSDCon 2015 and the updated one from 2016 \n***\n\n\nOpenBSD on HP Stream 7\n\n\nRecent events have rocked the mobile computing world to its core. OpenBSD retired the zaurus port, leaving users in desperate need of a new device. And not long before that, Microsoft released the Anniversary Update to Windows 10, but with free space requirements such that it’s nigh impossible to install on cheap 32GB eMMC equipped devices such as the HP Stream series, leaving users searching for a new lightweight operating system. With necessity as both mother and father, the scene is set for a truly epic pairing. OpenBSD on the HP Stream 7.\n\nThe HP Stream line is a series of budget computers in a couple form factors. The Stream 11 is a fairly typical netbook. However, the Stream 7 and 8 are tablets. They look like cheap Android devices, but inside the case, they’re real boys, er PCs, with Intel Atom CPUs.\n\nTo install OpenBSD on such a device, we need a few parts. Obviously, the tablet itself. There’s a dearth of ports on these things, but there is a micro USB port. Attaching anything useful requires an OTG “on the go” cable that creates a type A port. Attaching more than one useful thing requires a mini hub. And completing the install requires one each USB stick, keyboard, and network adapter.\n\nFirst, we need to prep the machine to boot from USB. Actually, before doing anything, make sure you have a full charge. It’s going to be battery only from here on out. Plug everything in. Flash drive, keyboard, and network into the hub, hub into the OTG cable, cable into the port on top of the Stream.\n\nTurn on the machine while holding the volume down button. This launches a mini menu from which we can enter the BIOS. There’s a little on screen keyboard in the corner, so this can be done even without a keyboard attached, but the USB keyboard should work. We need to change two settings in the boot section. First, turn off secure boot. Second, switch boot order to prefer USB. Save and exit. The first reboot reveals a confirmation screen checking that we really want to disable secure boot. We must enter a PIN and press enter. Enter the PIN shown on the screen and press enter. And we are go.\n\n\n\nThen boot up OpenBSD from the USB drive\nTed then works there a number of kernel panics and device driver issues, but after disabling ACPI and IntelDRM, the device boots OpenBSD.\n\n\n\nOf course, there’s no X at this point. And definitely no touch screen. And no internal networking. However, by keeping our USB hub attached, we can drive the console and access the network. At least until the battery is depleted, even if we have no way of knowing how long that will be since we disabled all the ACPI devices, which also means no suspend or resume.\n\n\n\nWith some xorg.conf hacking, he did get Xorg working\n***\n\n\nDragonflyBSD steps towards base LibreSSL\n\n\nProject: DragonFlyBSD / Switch base to use private LibreSSL libraries\nDragonFly BSD adopts uses of LibreSSL\nThe number of projects beginning to switch over to LibreSSL is growing and it appears we can now throw DragonFly into that camp.\nFollowing something that sounds vaguely familiar (Allan!) DFLY is now creating “private” LibreSSL libraries which are only linked against by base system binaries.\nFor the moment OpenSSL is still built, primarily so that various ports and 3rd party apps can continue to function as before.\nA NO_OPENSSL option has also been added, but doesn’t really do much (yet), since it’ll still build and install headers / libraries even if set.\n***\n\n\nOpenBSD g2k16 Hackathon\n\n\ng2k16 Hackathon Report: Antoine Jacoutot on Binary Patches \ng2k16 Hackathon Report: Matthieu Herrb on xenodm \ng2k16 Hackathon Report: Vincent Gross on iked(8), armv7 and sys/netinet[6] \ng2k16 Hackathon Report: Florian Obser on httpd, networking, acme-client, and more \ng2k16 Hackathon Report: Jasper Lievisse Adriaanse on ddb(4) and more \ng2k16 Hackathon Report: Christian Weisgerber on gettext progress, RTC work, removing kernel cruft \ng2k16 Hackathon Report: Brent Cook on Chromebooks, crypto, and more \ng2k16 Hackathon Report: Ted Unangst on doas, signify, code removal \ng2k16 Hackathon Report: Marc Espie on package signing evolution \ng2k16 Hackathon Report: Adam Wolk on ports, wireless drivers and more \ng2k16 Hackathon Report: Mike Larkin on vmm + vmd progress \n***\n\n\nNews Roundup\n\nOpenBSD (with encrypted softraid) on the Chromebook Pixel\n\n\nLooking for a Laptop to make your OpenBSD road-warrior? If so, we have a great blog tutorial on getting OpenBSD setup on the Chromebook Pixel with encrypted softraid!\nAuthor Joshua Stein gives us a very verbose look at how to install and dial-in the laptop perfectly. But first for those wondering about the hardware in the pixel:\n\n\n\nThe Chromebook Pixel LS (2015) has an Intel Core i7 processor (Broadwell) at 2.4Ghz, 16Gb of RAM, a 2560x1700 400-nit IPS screen (239ppi), and Intel 802.11ac wireless. It has a Kingston 64Gib flash chip, of which about 54Gib can be used by OpenBSD when dual-booting with a 1Gb Chrome OS partition.\n\n\n\nDue to this being a chromebook with seaBIOS, some manual key-press trickery will be required to initially get the OpenBSD Installer up and running.\nFrom here you’ll want to pay special close attention to the disk partitioning. In particular Joshua will show us how to shrink the existing encrypted /home that ChromeOS uses, keeping the dual-boot intact. This will become important if you ever plan on updating the device.\nFrom here, we move back to a more traditional setup, but with the added bonus of doing a soft-raid setup.\nBut the fun isn’t over yet! If you want to make OpenBSD the default boot, that’ll require cracking the lid on the device and removing a special pink write-protect screw. And of course if you want to remove the default splash-screen image, Joshua has you covered as well, although some flashrom magic will be required.\nAt this point you are nearly done. Final details on enabling specific bits of hardware are discussed. Most things work, apart from Audio and Bluetooth as of right now.\n***\n\n\ndoas mastery\n\n\n“doas” mastery - Paging MWL!\nOur buddy Ted Unangst has written up a great ‘mastery’ guide of the doas command, which can come in handy if you are among the un-initiated in doas land.\n\n\n\nUNIX systems have two classes of user, the super user and regular users. The super user is super, and everybody else is not. This concentration of power keeps things simple, but also means that often too much power is granted. Usually we only need super user powers to perform one task. We would rather not have such power all the time. Think of the responsibility that would entail! Like the sudo command, doas allows for subdivision of super user privileges, granting them only for specific tasks.\n\n\n\nHe starts with the basic doas.conf setup, which starts with an empty config file\nThe doas config is much like a pf ruleset, the default is to block everything\n\u0026gt; We add the root rule second because doas evaluates rules in a last match manner. root is in the wheel group, so the first rule will match, and then we need to override that with a second rule. Remember to always start with general rules, then make them more specific.\n***\n\n\niXsystems\n\n\niXsystems to host MeetBSD \n\n\n\n\nFreeBSD Foundation Welcomes New Board Members\n\n\nNew Board Members \nThe FreeBSD Foundation has added two new board members\nInterview with Kylie Liang\nKylie will focus on representing FreeBSD at conferences and businesses in China\n\n\n\nI live in China. There, I can act as a bridge between Chinese companies and the FreeBSD community to help drive FreeBSD adoption. Through my leadership role in the FreeBSD Foundation, I will help promote FreeBSD in China and also represent the Foundation at conferences and events in my region.\n\n\n\nKylie leads the team the ensures FreeBSD runs well on Hyper-V and Azure, including providing commercial support for customers who run FreeBSD or FreeBSD based appliances on the Azure Cloud\n\n\n\nI joined Microsoft and started to lead the project called FreeBSD Integration Service to get FreeBSD running well on Hyper-V and Azure. To promote our work and to understand the FreeBSD ecosystem, I started to participate in FreeBSD events where I was inspired by this technical community.\n\n\n\nInterview with Philip Paeps \nPhilip started with FreeBSD in the early 2000s and got his commit bit in 2004\n\n\n\nThe patches I submitted to make ACPI and input devices work on that laptop led to a src commit bit in 2004. While I haven’t worked on ACPI or input devices since, I have been contributing to different areas of the kernel. Taking up maintainership of some ports I cared about also got me a ports commit bit after some time.\n\n\n\nPhilip will continue to help run EuroBSDCon, but is also spreading the word about FreeBSD in India and Africa\n\n\n\nPrimarily, I think I can be useful! I attend (and organize) a number of conferences around the world every year, particularly in regions that have a mostly “stealthy” FreeBSD community. While I clearly don’t need to be on the FreeBSD Foundation board to advocate for FreeBSD, joining as a director will provide an additional asset when working in areas of the world where organizational affiliations are meaningful.\n\n\n\nPhilip has also developed network drivers and various other bits and pieces, and has extensive experience working with and for hardware vendors and appliance vendors\n\n\n\nDespite intending to eventually contribute their code to the FreeBSD Project as open source, many hardware vendors still find it very difficult to engage directly with the FreeBSD development community. The Foundation helps bridge that gap and helps facilitate collaboration between commercial vendors and the FreeBSD community.\n\nI hope to make FreeBSD more visible in regions of the world where it is historically under-represented. I expect I will be attending even more conferences and getting myself invited to even more organizations.\n\n\n\n\nmore, less, and a story of typical Unix fossilization\n\n\nChris Siebenmann from the University of Toronto digs into the history of the difference between ‘less’ and ‘more’\n\n\n\nIn the beginning, by which we mean V7, Unix didn't have a pager at all. That was okay; Unix wasn't very visual in those days, partly because it was still sort of the era of the hard copy terminal. Then along came Berkeley and BSD. People at Berkeley were into CRT terminals, and so BSD Unix gave us things like vi and the first pager program, more (which showed up quite early, in 3BSD, although this isn't as early as vi, which appears in 2BSD). Calling a pager more is a little bit odd but it's a Unix type of name and from the beginning more prompted you with '--More--' at the bottom of the screen.\n\nAll of the Unix vendors that based their work on BSD Unix (like Sun and DEC) naturally shipped versions of more along with the rest of the BSD programs, and so more spread around the BSD side of things. However, more was by no means the best pager ever; as you might expect, it was actually a bit primitive and lacking in features. So fairly early on Mark Nudelman wrote a pager with somewhat more features and it wound up being called less as somewhat of a joke.\n\nIn a sane world, Unix vendors would have either replaced their version of more with the clearly superior less or at least updated their version of more to the 4.3 BSD version. Maybe less wouldn't have replaced more immediately, but certainly over say the next five years, when it kept on being better and most people kept preferring it when they had a choice.”\n\n\n“This entire history has led to a series of vaguely absurd outcomes on various modern Unixes. On Solaris derivatives more is of course the traditional version with source code that can probably trace itself all the way back to 3BSD, carefully updated to SUS compliance. Solaris would never dream of changing what more is, not even if the replacement is better. Why, it might disturb someone.\n\n\nOddly, FreeBSD has done the most sensible thing; they've outright replaced more with less. There is a /usr/bin/more but it's the same binary as less and as you can see the more manpage is just the less manpage. OpenBSD has done the same thing but has a specific manpage for more instead of just giving you the less manpage.\n\nSo, now you can see why I say that less is more, or more, or both, at several levels. less is certainly more than more, and sometimes less literally is more (or rather more is less, to put it the right way around).\n\n\n\n\nBeastie Bits\n\n\nPC-BSD listed in the top 8 'best' alternatives to Windows 10 \nCreating a quick DNS server with a Rapsberry Pi2 and FreeBSD 11.0-RC1 \nDual Boot OpenBSD and Linux + UEFI \nDesktopBSD 2.0 various versions available (Gnome, Lumina, KDE, LXDE) \nFreeBSD gets new ZFS features including: Compressed ARC  and ZFS Allocation Throttle  \nOne Floppy NetBSD Distribution\nA Compendium of BUGs \n\n\n\n\nFeedback/Questions\n\n\n Galahad - OpenBSD X setup \n Tang - Subtitles \n Ivan - Zpool Options \n Brad - Replication Issue \n MJ - HBA \n***\n","content_html":"\u003cp\u003eThis week on BSDNow! We’ve got Netflix + FreeBSD news to discuss, always a crowd pleaser, that plus EuroBSDCon is just around the corner. Stick around for your place\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://techblog.netflix.com/search/label/FreeBSD\" rel=\"nofollow\"\u003eProtecting Netflix Viewing Privacy at Scale, with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis blog post from Netflix tells the story of how Netflix developed in-kernel TLS to speed up delivery of video via HTTPS\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince the beginning of the Open Connect program we have significantly increased the efficiency of our OCAs - from delivering 8 Gbps of throughput from a single server in 2012 to over 90 Gbps from a single server in 2016. We contribute to this effort on the software side by optimizing every aspect of the software for our unique use case - in particular, focusing on the open source FreeBSD operating system and the NGINX web server that run on the OCAs.\u003c/p\u003e\n\n\u003cp\u003eIn the modern internet world, we have to focus not only on efficiency, but also security. There are many state-of-the-art security mechanisms in place at Netflix, including Transport Level Security (TLS) encryption of customer information, search queries, and other confidential data. We have always relied on pre-encoded Digital Rights Management (DRM) to secure our video streams. Over the past year, we’ve begun to use Secure HTTP (HTTP over TLS or HTTPS) to encrypt the transport of the video content as well. This helps protect member privacy, particularly when the network is insecure - ensuring that our members are safe from eavesdropping by anyone who might want to record their viewing habits.\u003c/p\u003e\n\n\u003cp\u003eThe goal is to ensure that your government, ISP, and wifi sniffing neighbour cannot tell which Netflix videos you are watching\u003c/p\u003e\n\n\u003cp\u003eNetflix Open Connect serves over 125 million hours of content per day, all around the world. Given our scale, adding the overhead of TLS encryption calculations to our video stream transport had the potential to greatly reduce the efficiency of our global infrastructure.\u003c/p\u003e\n\n\u003cp\u003eWe evaluated available and applicable ciphers and decided to primarily use the Advanced Encryption Standard (AES) cipher in Galois/Counter Mode (GCM), available starting in TLS 1.2. We chose AES-GCM over the Cipher Block Chaining (CBC) method, which comes at a higher computational cost. The AES-GCM cipher algorithm encrypts and authenticates the message simultaneously - as opposed to AES-CBC, which requires an additional pass over the data to generate keyed-hash message authentication code (HMAC). CBC can still be used as a fallback for clients that cannot support the preferred method.\u003c/p\u003e\n\n\u003cp\u003eAll revisions of Open Connect Appliances also have Intel CPUs that support AES-NI, the extension to the x86 instruction set designed to improve encryption and decryption performance. We needed to determine the best implementation of AES-GCM with the AES-NI instruction set, so we investigated alternatives to OpenSSL, including BoringSSL and the Intel Intelligent Storage Acceleration Library (ISA-L).\u003c/p\u003e\n\n\u003cp\u003eNetflix and NGINX had previously worked together to improve our HTTP client request and response time via the use of sendfile calls to perform a zero-copy data flow from storage (HDD or SSD) to network socket, keeping the data in the kernel memory address space and relieving some of the CPU burden. The Netflix team specifically added the ability to make the sendfile calls asynchronous - further reducing the data path and enabling more simultaneous connections. However, TLS functionality, which requires the data to be passed to the application layer, was incompatible with the sendfile approach.\u003c/p\u003e\n\n\u003cp\u003eTo retain the benefits of the sendfile model while adding TLS functionality, we designed a hybrid TLS scheme whereby session management stays in the application space, but the bulk encryption is inserted into the sendfile data pipeline in the kernel. This extends sendfile to support encrypting data for TLS/SSL connections.\u003c/p\u003e\n\n\u003cp\u003eWe tested the BoringSSL and ISA-L AES-GCM implementations with our sendfile improvements against a baseline of OpenSSL (with no sendfile changes), under typical Netflix traffic conditions on three different OCA hardware types. Our changes in both the BoringSSL and ISA-L test situations significantly increased both CPU utilization and bandwidth over baseline - increasing performance by up to 30%, depending on the OCA hardware version. We chose the ISA-L cipher implementation, which had slightly better results. With these improvements in place, we can continue the process of adding TLS to our video streams for clients that support it, without suffering prohibitive performance hits.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you would like more detail, check out the papers from \u003ca href=\"https://people.freebsd.org/%7Errs/asiabsd_2015_tls.pdf\" rel=\"nofollow\"\u003eAsiaBSDCon 2015\u003c/a\u003e and the \u003ca href=\"https://people.freebsd.org/%7Errs/asiabsd_tls_improved.pdf\" rel=\"nofollow\"\u003eupdated one from 2016\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/OpenBSD-on-HP-Stream-7\" rel=\"nofollow\"\u003eOpenBSD on HP Stream 7\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRecent events have rocked the mobile computing world to its core. OpenBSD retired the zaurus port, leaving users in desperate need of a new device. And not long before that, Microsoft released the Anniversary Update to Windows 10, but with free space requirements such that it’s nigh impossible to install on cheap 32GB eMMC equipped devices such as the HP Stream series, leaving users searching for a new lightweight operating system. With necessity as both mother and father, the scene is set for a truly epic pairing. OpenBSD on the HP Stream 7.\u003c/p\u003e\n\n\u003cp\u003eThe HP Stream line is a series of budget computers in a couple form factors. The Stream 11 is a fairly typical netbook. However, the Stream 7 and 8 are tablets. They look like cheap Android devices, but inside the case, they’re real boys, er PCs, with Intel Atom CPUs.\u003c/p\u003e\n\n\u003cp\u003eTo install OpenBSD on such a device, we need a few parts. Obviously, the tablet itself. There’s a dearth of ports on these things, but there is a micro USB port. Attaching anything useful requires an OTG “on the go” cable that creates a type A port. Attaching more than one useful thing requires a mini hub. And completing the install requires one each USB stick, keyboard, and network adapter.\u003c/p\u003e\n\n\u003cp\u003eFirst, we need to prep the machine to boot from USB. Actually, before doing anything, make sure you have a full charge. It’s going to be battery only from here on out. Plug everything in. Flash drive, keyboard, and network into the hub, hub into the OTG cable, cable into the port on top of the Stream.\u003c/p\u003e\n\n\u003cp\u003eTurn on the machine while holding the volume down button. This launches a mini menu from which we can enter the BIOS. There’s a little on screen keyboard in the corner, so this can be done even without a keyboard attached, but the USB keyboard should work. We need to change two settings in the boot section. First, turn off secure boot. Second, switch boot order to prefer USB. Save and exit. The first reboot reveals a confirmation screen checking that we really want to disable secure boot. We must enter a PIN and press enter. Enter the PIN shown on the screen and press enter. And we are go.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThen boot up OpenBSD from the USB drive\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eTed then works there a number of kernel panics and device driver issues, but after disabling ACPI and IntelDRM, the device boots OpenBSD.\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOf course, there’s no X at this point. And definitely no touch screen. And no internal networking. However, by keeping our USB hub attached, we can drive the console and access the network. At least until the battery is depleted, even if we have no way of knowing how long that will be since we disabled all the ACPI devices, which also means no suspend or resume.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith some xorg.conf hacking, he did get Xorg working\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-September/624493.html\" rel=\"nofollow\"\u003eDragonflyBSD steps towards base LibreSSL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://freshbsd.org/commit/dfbsd/304ca408000cd34559ef5319b4b5a6766d6eb35b\" rel=\"nofollow\"\u003eProject: DragonFlyBSD / Switch base to use private LibreSSL libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160911231651\" rel=\"nofollow\"\u003eDragonFly BSD adopts uses of LibreSSL\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of projects beginning to switch over to LibreSSL is growing and it appears we can now throw DragonFly into that camp.\u003c/li\u003e\n\u003cli\u003eFollowing something that sounds vaguely familiar (Allan!) DFLY is now creating “private” LibreSSL libraries which are only linked against by base system binaries.\u003c/li\u003e\n\u003cli\u003eFor the moment OpenSSL is \u003cem\u003estill\u003c/em\u003e built, primarily so that various ports and 3rd party apps can continue to function as before.\u003c/li\u003e\n\u003cli\u003eA NO_OPENSSL option has also been added, but doesn’t really do much (yet), since it’ll still build and install headers / libraries even if set.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eOpenBSD g2k16 Hackathon\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160911012316\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Antoine Jacoutot on Binary Patches\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160911231712\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Matthieu Herrb on xenodm\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160911000337\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Vincent Gross on iked(8), armv7 and sys/netinet[6]\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160911000052\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Florian Obser on httpd, networking, acme-client, and more\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160909012520\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Jasper Lievisse Adriaanse on ddb(4) and more\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160908002430\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Christian Weisgerber on gettext progress, RTC work, removing kernel cruft\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160907131655\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Brent Cook on Chromebooks, crypto, and more\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160906230610\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Ted Unangst on doas, signify, code removal\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160905235911\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Marc Espie on package signing evolution\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160906004915\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Adam Wolk on ports, wireless drivers and more\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160905134009\u0026mode=expanded\" rel=\"nofollow\"\u003eg2k16 Hackathon Report: Mike Larkin on vmm + vmd progress\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/notaweblog/2016/08/26/openbsd_chromebook/\" rel=\"nofollow\"\u003eOpenBSD (with encrypted softraid) on the Chromebook Pixel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for a Laptop to make your OpenBSD road-warrior? If so, we have a great blog tutorial on getting OpenBSD setup on the Chromebook Pixel with encrypted softraid!\u003c/li\u003e\n\u003cli\u003eAuthor Joshua Stein gives us a very verbose look at how to install and dial-in the laptop perfectly. But first for those wondering about the hardware in the pixel:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe Chromebook Pixel LS (2015) has an Intel Core i7 processor (Broadwell) at 2.4Ghz, 16Gb of RAM, a 2560x1700 400-nit IPS screen (239ppi), and Intel 802.11ac wireless. It has a Kingston 64Gib flash chip, of which about 54Gib can be used by OpenBSD when dual-booting with a 1Gb Chrome OS partition.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eDue to this being a chromebook with seaBIOS, some manual key-press trickery will be required to initially get the OpenBSD Installer up and running.\u003c/li\u003e\n\u003cli\u003eFrom here you’ll want to pay special close attention to the disk partitioning. In particular Joshua will show us how to shrink the existing encrypted /home that ChromeOS uses, keeping the dual-boot intact. This will become important if you ever plan on updating the device.\u003c/li\u003e\n\u003cli\u003eFrom here, we move back to a more traditional setup, but with the added bonus of doing a soft-raid setup.\u003c/li\u003e\n\u003cli\u003eBut the fun isn’t over yet! If you want to make OpenBSD the default boot, that’ll require cracking the lid on the device and removing a special pink write-protect screw. And of course if you want to remove the default splash-screen image, Joshua has you covered as well, although some flashrom magic will be required.\u003c/li\u003e\n\u003cli\u003eAt this point you are nearly done. Final details on enabling specific bits of hardware are discussed. Most things work, apart from Audio and Bluetooth as of right now.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/doas-mastery\" rel=\"nofollow\"\u003edoas mastery\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“doas” mastery - Paging MWL!\u003c/li\u003e\n\u003cli\u003eOur buddy Ted Unangst has written up a great ‘mastery’ guide of the doas command, which can come in handy if you are among the un-initiated in doas land.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eUNIX systems have two classes of user, the super user and regular users. The super user is super, and everybody else is not. This concentration of power keeps things simple, but also means that often too much power is granted. Usually we only need super user powers to perform one task. We would rather not have such power all the time. Think of the responsibility that would entail! Like the sudo command, doas allows for subdivision of super user privileges, granting them only for specific tasks.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe starts with the basic doas.conf setup, which starts with an empty config file\u003c/li\u003e\n\u003cli\u003eThe doas config is much like a pf ruleset, the default is to block everything\n\u0026gt; We add the root rule second because doas evaluates rules in a last match manner. root is in the wheel group, so the first rule will match, and then we need to override that with a second rule. Remember to always start with general rules, then make them more specific.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eiXsystems\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/ixsystems-host-meetbsd-california-2016-uc-berkeley/\" rel=\"nofollow\"\u003eiXsystems to host MeetBSD\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eFreeBSD Foundation Welcomes New Board Members\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/freebsd-foundation-welcomes-new-board-members/\" rel=\"nofollow\"\u003eNew Board Members\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThe FreeBSD Foundation has added two new board members\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/new-board-member-interview-kylie-liang/\" rel=\"nofollow\"\u003eInterview with Kylie Liang\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKylie will focus on representing FreeBSD at conferences and businesses in China\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI live in China. There, I can act as a bridge between Chinese companies and the FreeBSD community to help drive FreeBSD adoption. Through my leadership role in the FreeBSD Foundation, I will help promote FreeBSD in China and also represent the Foundation at conferences and events in my region.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eKylie leads the team the ensures FreeBSD runs well on Hyper-V and Azure, including providing commercial support for customers who run FreeBSD or FreeBSD based appliances on the Azure Cloud\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI joined Microsoft and started to lead the project called FreeBSD Integration Service to get FreeBSD running well on Hyper-V and Azure. To promote our work and to understand the FreeBSD ecosystem, I started to participate in FreeBSD events where I was inspired by this technical community.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/new-board-member-interview-philip-paeps/\" rel=\"nofollow\"\u003eInterview with Philip Paeps\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003ePhilip started with FreeBSD in the early 2000s and got his commit bit in 2004\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe patches I submitted to make ACPI and input devices work on that laptop led to a src commit bit in 2004. While I haven’t worked on ACPI or input devices since, I have been contributing to different areas of the kernel. Taking up maintainership of some ports I cared about also got me a ports commit bit after some time.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhilip will continue to help run EuroBSDCon, but is also spreading the word about FreeBSD in India and Africa\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003ePrimarily, I think I can be useful! I attend (and organize) a number of conferences around the world every year, particularly in regions that have a mostly “stealthy” FreeBSD community. While I clearly don’t need to be on the FreeBSD Foundation board to advocate for FreeBSD, joining as a director will provide an additional asset when working in areas of the world where organizational affiliations are meaningful.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003ePhilip has also developed network drivers and various other bits and pieces, and has extensive experience working with and for hardware vendors and appliance vendors\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDespite intending to eventually contribute their code to the FreeBSD Project as open source, many hardware vendors still find it very difficult to engage directly with the FreeBSD development community. The Foundation helps bridge that gap and helps facilitate collaboration between commercial vendors and the FreeBSD community.\u003c/p\u003e\n\n\u003cp\u003eI hope to make FreeBSD more visible in regions of the world where it is historically under-represented. I expect I will be attending even more conferences and getting myself invited to even more organizations.\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/MoreAndUnixFossilization\" rel=\"nofollow\"\u003emore, less, and a story of typical Unix fossilization\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eChris Siebenmann from the University of Toronto digs into the history of the difference between ‘less’ and ‘more’\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIn the beginning, by which we mean V7, Unix didn\u0026#39;t have a pager at all. That was okay; Unix wasn\u0026#39;t very visual in those days, partly because it was still sort of the era of the hard copy terminal. Then along came Berkeley and BSD. People at Berkeley were into CRT terminals, and so BSD Unix gave us things like vi and the first pager program, more (which showed up quite early, in 3BSD, although this isn\u0026#39;t as early as vi, which appears in 2BSD). Calling a pager more is a little bit odd but it\u0026#39;s a Unix type of name and from the beginning more prompted you with \u0026#39;--More--\u0026#39; at the bottom of the screen.\u003c/p\u003e\n\n\u003cp\u003eAll of the Unix vendors that based their work on BSD Unix (like Sun and DEC) naturally shipped versions of more along with the rest of the BSD programs, and so more spread around the BSD side of things. However, more was by no means the best pager ever; as you might expect, it was actually a bit primitive and lacking in features. So fairly early on Mark Nudelman wrote a pager with somewhat more features and it wound up being called less as somewhat of a joke.\u003c/p\u003e\n\n\u003cp\u003eIn a sane world, Unix vendors would have either replaced their version of more with the clearly superior less or at least updated their version of more to the 4.3 BSD version. Maybe less wouldn\u0026#39;t have replaced more immediately, but certainly over say the next five years, when it kept on being better and most people kept preferring it when they had a choice.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e“This entire history has led to a series of vaguely absurd outcomes on various modern Unixes. On Solaris derivatives more is of course the traditional version with source code that can probably trace itself all the way back to 3BSD, carefully updated to SUS compliance. Solaris would never dream of changing what more is, not even if the replacement is better. Why, it might disturb someone.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eOddly, FreeBSD has done the most sensible thing; they\u0026#39;ve outright replaced more with less. There is a /usr/bin/more but it\u0026#39;s the same binary as less and as you can see the more manpage is just the less manpage. OpenBSD has done the same thing but has a specific manpage for more instead of just giving you the less manpage.\u003c/p\u003e\n\n\u003cp\u003eSo, now you can see why I say that less is more, or more, or both, at several levels. less is certainly more than more, and sometimes less literally is more (or rather more is less, to put it the right way around).\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.computerworlduk.com/galleries/operating-systems/-free-alternatives-windows-10-3639433/\" rel=\"nofollow\"\u003ePC-BSD listed in the top 8 \u0026#39;best\u0026#39; alternatives to Windows 10\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://bsdimp.blogspot.co.uk/2016/08/creating-quick-dns-server-with.html\" rel=\"nofollow\"\u003eCreating a quick DNS server with a Rapsberry Pi2 and FreeBSD 11.0-RC1\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://bsdlaptops.wordpress.com/2016/03/07/vaio-pro-11-part-2/\" rel=\"nofollow\"\u003eDual Boot OpenBSD and Linux + UEFI\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://desktopbsd.boards.net/board/10/announcements\" rel=\"nofollow\"\u003eDesktopBSD 2.0 various versions available (Gnome, Lumina, KDE, LXDE)\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFreeBSD gets new ZFS features including: \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=305323\" rel=\"nofollow\"\u003eCompressed ARC \u003c/a\u003e and \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=305331\" rel=\"nofollow\"\u003eZFS Allocation Throttle \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/user340/fdgw2\" rel=\"nofollow\"\u003eOne Floppy NetBSD Distribution\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/q5sys/BUGtracker\" rel=\"nofollow\"\u003eA Compendium of BUGs\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/b7W6NHqs\" rel=\"nofollow\"\u003e Galahad - OpenBSD X setup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/P4MUs3Pa\" rel=\"nofollow\"\u003e Tang - Subtitles\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/LQ8yTp0G\" rel=\"nofollow\"\u003e Ivan - Zpool Options\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/XTK5gXMU\" rel=\"nofollow\"\u003e Brad - Replication Issue\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/TdYTMSj9\" rel=\"nofollow\"\u003e MJ - HBA\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow! We’ve got Netflix + FreeBSD news to discuss, always a crowd pleaser, that plus EuroBSDCon is just around the corner. Stick around for your place","date_published":"2016-09-14T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f3978698-0f12-4129-b880-c3190272bd36.mp3","mime_type":"audio/mpeg","size_in_bytes":51808468,"duration_in_seconds":4317}]},{"id":"c0efd5d0-7ebb-4b12-822e-c3b63ad78e1f","title":"158: Ham, Radio and Pie (oh my)","url":"https://www.bsdnow.tv/158","content_text":"This week on BSDNow, we’ll be talking to Diane Bruce about using it for Ham Radio Enthusiasts, the RPi3 and much more! That plus all the latest news from the week,\n\nThis episode was brought to you by\n\n\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\n\n\n\nHeadlines\n\nPC-BSD is now TrueOS\n\n\nIf you’ve been watching this show the past few months, I’ve been dropping little hints about the upcoming rename of PC-BSD -\u0026gt; TrueOS. We’ve made that more official finally, and are asking folks to test out the software before a wider announcement this fall.\nFor those wondering about the name change, it’s been something discussed over the past few years at different times. With us beginning to move more aggressively with changes for 11.0 (and eventually 12-CURRENT), the time seemed right to have a fresh start, using it as a spring-board to introduce all the changes in both software, and development / release model.\nI’ll be discussing more about this shift in a talk at MeetBSD2016 (Another reason for you to go), but here’s some of the highlights.\nNo longer tied to specific FreeBSD point-releases, TrueOS will instead follow a rolling-release model based upon FreeBSD -CURRENT.\nSpecial tooling and features (Such as boot-environments) make this a feasible option that we didn’t have as easily in the early days of PC-BSD.\nIn addition, TrueOS builds some things different from vanilla FreeBSD. Specifically Matt Macy’s DRM and Linux Compat work, LibreSSL directly in base, built from External Toolchain (No clang in base system package) and much more. \nNew tools have have replaced, and are in the process of replacing the legacy PC-BSD control panel as well, which allows remote operation, either via Qt GUI, or WebSockets / REST API’s. \nI’ll be talking about more as things unfold, but for now please feel free to test and let us have feedback while we push towards a more stable release.\n***\n\n\nThe Voicemail Scammers Never Got Past Our OpenBSD Greylisting\n\n\nPeter Hansteen (That grumpy BSD guy) gives us an interesting look at how their OpenBSD grey-listing prevented spam from ever making it to their inbox.\nSpecifically it looks like it occurred during Aug 23rd and 24th, with a particularly nasty ransomware payload destined to play havoc with Windows systems.\nPeter then walks us through their three-server mail setup, and how spamd is run in greylisting mode on each.\nThe results? Nothing short of perfection:\n   \u0026gt; “From those sources we can see that there were a total of 386 hosts that attempted delivery, to a total of 396 host and target email pairs (annotated here in a .csv file \nwith geographic origin according to whois). The interesting part came when I started looking at the mail server logs to see how many had reached the content filtering or had even been passed on in the direction of users' mailboxes. There were none. The number of messages purportedly from voicemail@ in any of the domains we handle that made it even to the content filtering stage was 0. Zero. Not a single one made it through even to content filtering.”\nNot bad at all! Looks like spam-trap addresses + grey-listing is the way to go for stopping this kind of foolishness. Checkout Peter’s blog post for more details, but perhaps this will encourage you to setup a similar-type system for your business.\n***\n\n\nFreeBSD on a tiny system; what’s missing\n\n\nAdrian Chadd talks about some of the bits that are missing to make FreeBSD truly useful on small embedded devices\nSome of this stuff can be done now, but requires more work than it should\n“The first is a lack of real service management. FreeBSD doesn't have a service management daemon - the framework assumes that daemons implement their own background and monitoring. It would be much nicer if init or something similar to init could manage services and start/restart them where appropriate.”\nOf course, on a system with 32mb of memory, such a service manager would need to be very light weight\n“maybe I want to only start telnetd or dropbear/sshd whenever a connection comes in. But I'd also like to be able to add services for monitoring, such as dnsmasq and hostapd.”\ntelnetd and sshd can be run from inetd, but often depend on special support from the daemon\n“The next is a lack of suitable syslog daemon. Yes, I'd like to be able to log some messages locally - even if it's only a couple hundred kilobytes of messages. I'd also like to be able to push messages to a remote service. Unfortunately the FreeBSD syslog daemon doesn't do log rotation or maximum log file sizes itself - it's done by \"newsyslog\" which runs out of cron. This isn't any good for real embedded systems with limited storage.”\nSyslog leaves much to be desired, especially in its configuration syntax, and filtering capabilities. Having it be able to detect with log files have grown beyond a reasonable size and fire off newsyslog would be very interesting\n“Then yes, there's a lack of a cron service. It'd be nice to have that integrated into the service management framework so things could be easily added/removed. I may just use cron, but that means cron is also always running which adds memory footprint (~1.3 megabytes) for something that is almost never actually active. When you have 32MB of RAM, that's quite a bit of wasted memory.”\nSystems have come back full circle, to where 32MB and 64MB are amounts of memory people expect to work with, while other people still want the system to perform well with 32 or 64 GB of memory\nIt will be interesting to see how this balancing act plays out, trying to make the same codebase useful for extremely small and extremely large systems at the same time, while also running it on your middle of the road laptop.\n***\n\n\nSo I lost my OpenBSD FDE password \n\n\n“The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase.”\nSo they started a little project\nGoal: “We need to extract enough info from the encrypted disk and rebuild enough of the decryption algorithm to be able to rapidly try many passphrases.”\nThe post walks through how they reverse engineered the encryption system from the source code and a hexdump of a small encrypted memory disk\n“Now that we know how to extract the data and how to try passphrases against it, it will be trivial to write a bruteforce tool to recover the part of passphrase I forgot.”\nSo, rather than having to try every possible passphrase, they only had to try fuzzing around the known keyword that was their passphrase.\n“UPDATE: I found it! After fixing a bug or two in the brute force tool and almost losing hope, it found the right combination of forgotten word and (Italian) misspelling.”\nThis work lead to the author recommending that OpenBSD consider strengthening the key derivation algorithm used in its FDE.\nRather than using a fixed number of rounds (8000 currently), do a small benchmark and determine how much work can be done in a reasonable amount of time\nThis is what FreeBSD’s GELI FDE does, targeting ‘over 2 million microseconds’ of work. On my desktop i5-3570 this results in 974842 rounds. The number will likely not be the same twice because of minor variations in how long it will take in microseconds.\n***\n\n\nInterview - Diane Bruce - db@freebsd.org  / @Dianora_1\n\nHam Radio, RPi3 and more!\n\n\n\nNews Roundup\n\nSee Me (Michael W. Lucas) in 2016\n\n\nLooking for a chance to interact with author Michael W Lucas in meat-space? (That sounds wrong)\nIf so, he has posted a list of the up-coming conferences he’ll be speaking at, starting with Ohio LinuxFest Oct 7-8, where he’ll be giving an introduction to ZFS talk.\nNov 8th, he’ll also be at MUG (Michigan User Group) giving a PAM talk.\nSadly, no MeetBSD for Michael this year [moment of silence], but if you are able to make it to one of the aforementioned gatherings, be sure to bring your books for autographs. We promise he doesn’t bite. Much.\n***\n\n\nIt’s hard work printing nothing\n\n\n“It all starts with a bug report to LibreSSL that the openssl tool crashes when it tries to print NULL. This bug doesn’t manifest on OpenBSD because libc will convert NULL strings to ”(null)” when printing. However, this behavior is not required, and as observed, it’s not universal. When snprintf silently accepts NULL, that simply leads to propagating the error.”\n“There’s an argument to be made that silly error messages are better than crashing browsers, but stacking layers of sand seems like a poor means of building robust software in the long term.”\n“As soon as development for the next release of OpenBSD restarted, some developers began testing a patch that would remove this crutch from printf.”\nIf you’d like to help with this work, see our call for volunteers from 2 weeks ago: opportunity to help: %s audit in mandoc \nOf course, immediately things started to complain. The configure script for talloc does a number of checks (check out the additional interesting observations by TedU here)\n“The test checking that our snprintf function conforms to the C99 standard actually contains, at a minimum, 3 deviations from the standard. It should say “Checking for non-conformant vsnprintf”.”\n“Of course, we’re dealing with NULL pointers, so all bets are off, but I wonder what people who expect printf NULL to work expect out of strlen? Does it return 0? Does it crash?”\nSo, talloc decides that the system printf is no good, and it should use its own bundled implementation\n“After all the configure testing, eventually the build will fail, because somebody forgot to actually add the replacement object file to the Makefile.”\n“If the replacement function has never been used, that’s hardly reassuring that it is actually better tested than the version we have in libc.”\n***\n\n\nRevisiting WX with OpenBSD 6.0\n\n\nOpenBSD 6.0 includes enforcement of WX in user-land\nThis prevents an application from being able to map a page of memory with both Write and Execute permissions (protecting mmap(2))\nOnce mapped a page of memory should not be able to have permissions escalated (protecting mprotect(2))\nOpenBSD 6.0 enforces the strict WX definition, and not the PaX/grsec “once write never execute” type of policy\n***\n\n\nOpenBSD imports a letsencrypt client into the base system\n\n\nWe’ve mentioned letskencrypt before (A native C version of the letsencrypt client, developed by Kristaps).\nLooks like it’s undergoing a name-change to “acme-client” and has made it’s way into OpenBSD’s base system!\nThis should ensure first-class support for management of Let’s Encrypt certificates, here’s hoping the portable version continues to thrive as well.\nCongrats to Kristaps!\n***\n\n\nBeastie Bits\n\n\nOpenBSD: Release Songs 6.0: \"Goodbye\" -- no more CD releases \nFreeBSD 101 Hacks\nLibreSSL enabled by default in HardenedBSD\nDragonflyBSD removes last bits of 32-bit Linux emulation and has no plans to implement 64-bit linux emulation\nOpenBSD has sent 32bit sparc to the great bitbucket in the sky\nFront Range BSD User Group September Meeting\nKnoxBug TrueOS Wrap-up \n\n\nFeedback/Questions\n\n\n Cody - TrueOS Questions  \n John - FreeNAS Backups \n Herminio - PowerPC + OpenBSD  \n Dennis - pmake vs bmake \n Al - Upgrade conflicts \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we’ll be talking to Diane Bruce about using it for Ham Radio Enthusiasts, the RPi3 and much more! That plus all the latest news from the week,\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.trueos.org/2016/09/01/pc-bsd-evolves-into-trueos/\" rel=\"nofollow\"\u003ePC-BSD is now TrueOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you’ve been watching this show the past few months, I’ve been dropping little hints about the upcoming rename of PC-BSD -\u0026gt; TrueOS. We’ve made that more official finally, and are asking folks to test out the software before a wider announcement this fall.\u003c/li\u003e\n\u003cli\u003eFor those wondering about the name change, it’s been something discussed over the past few years at different times. With us beginning to move more aggressively with changes for 11.0 (and eventually 12-CURRENT), the time seemed right to have a fresh start, using it as a spring-board to introduce all the changes in both software, and development / release model.\u003c/li\u003e\n\u003cli\u003eI’ll be discussing more about this shift in a talk at MeetBSD2016 (Another reason for you to go), but here’s some of the highlights.\u003c/li\u003e\n\u003cli\u003eNo longer tied to specific FreeBSD point-releases, TrueOS will instead follow a rolling-release model based upon FreeBSD -CURRENT.\u003c/li\u003e\n\u003cli\u003eSpecial tooling and features (Such as boot-environments) make this a feasible option that we didn’t have as easily in the early days of PC-BSD.\u003c/li\u003e\n\u003cli\u003eIn addition, TrueOS builds some things different from vanilla FreeBSD. Specifically Matt Macy’s DRM and Linux Compat work, LibreSSL directly in base, built from External Toolchain (No clang in base system package) and much more. \u003c/li\u003e\n\u003cli\u003eNew tools have have replaced, and are in the process of replacing the legacy PC-BSD control panel as well, which allows remote operation, either via Qt GUI, or WebSockets / REST API’s. \u003c/li\u003e\n\u003cli\u003eI’ll be talking about more as things unfold, but for now please feel free to test and let us have feedback while we push towards a more stable release.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html\" rel=\"nofollow\"\u003eThe Voicemail Scammers Never Got Past Our OpenBSD Greylisting\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeter Hansteen (That grumpy BSD guy) gives us an interesting look at how their OpenBSD grey-listing prevented spam from ever making it to their inbox.\u003c/li\u003e\n\u003cli\u003eSpecifically it looks like it occurred during Aug 23rd and 24th, with a particularly nasty ransomware payload destined to play havoc with Windows systems.\u003c/li\u003e\n\u003cli\u003ePeter then walks us through their three-server mail setup, and how spamd is run in greylisting mode on each.\u003c/li\u003e\n\u003cli\u003eThe results? Nothing short of perfection:\n   \u0026gt; “From those sources we can see that there were a total of 386 hosts that attempted delivery, to a total of 396 host and target email pairs (annotated here in a .csv file \nwith geographic origin according to whois). The interesting part came when I started looking at the mail server logs to see how many had reached the content filtering or had even been passed on in the direction of users\u0026#39; mailboxes. There were none. The number of messages purportedly from voicemail@ in any of the domains we handle that made it even to the content filtering stage was 0. Zero. Not a single one made it through even to content filtering.”\u003c/li\u003e\n\u003cli\u003eNot bad at all! Looks like spam-trap addresses + grey-listing is the way to go for stopping this kind of foolishness. Checkout Peter’s blog post for more details, but perhaps this will encourage you to setup a similar-type system for your business.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2016/08/freebsd-on-tiny-system-whats-missing.html\" rel=\"nofollow\"\u003eFreeBSD on a tiny system; what’s missing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd talks about some of the bits that are missing to make FreeBSD truly useful on small embedded devices\u003c/li\u003e\n\u003cli\u003eSome of this stuff can be done now, but requires more work than it should\u003c/li\u003e\n\u003cli\u003e“The first is a lack of real service management. FreeBSD doesn\u0026#39;t have a service management daemon - the framework assumes that daemons implement their own background and monitoring. It would be much nicer if init or something similar to init could manage services and start/restart them where appropriate.”\u003c/li\u003e\n\u003cli\u003eOf course, on a system with 32mb of memory, such a service manager would need to be very light weight\u003c/li\u003e\n\u003cli\u003e“maybe I want to only start telnetd or dropbear/sshd whenever a connection comes in. But I\u0026#39;d also like to be able to add services for monitoring, such as dnsmasq and hostapd.”\u003c/li\u003e\n\u003cli\u003etelnetd and sshd can be run from inetd, but often depend on special support from the daemon\u003c/li\u003e\n\u003cli\u003e“The next is a lack of suitable syslog daemon. Yes, I\u0026#39;d like to be able to log some messages locally - even if it\u0026#39;s only a couple hundred kilobytes of messages. I\u0026#39;d also like to be able to push messages to a remote service. Unfortunately the FreeBSD syslog daemon doesn\u0026#39;t do log rotation or maximum log file sizes itself - it\u0026#39;s done by \u0026quot;newsyslog\u0026quot; which runs out of cron. This isn\u0026#39;t any good for real embedded systems with limited storage.”\u003c/li\u003e\n\u003cli\u003eSyslog leaves much to be desired, especially in its configuration syntax, and filtering capabilities. Having it be able to detect with log files have grown beyond a reasonable size and fire off newsyslog would be very interesting\u003c/li\u003e\n\u003cli\u003e“Then yes, there\u0026#39;s a lack of a cron service. It\u0026#39;d be nice to have that integrated into the service management framework so things could be easily added/removed. I may just use cron, but that means cron is also always running which adds memory footprint (~1.3 megabytes) for something that is almost never actually active. When you have 32MB of RAM, that\u0026#39;s quite a bit of wasted memory.”\u003c/li\u003e\n\u003cli\u003eSystems have come back full circle, to where 32MB and 64MB are amounts of memory people expect to work with, while other people still want the system to perform well with 32 or 64 GB of memory\u003c/li\u003e\n\u003cli\u003eIt will be interesting to see how this balancing act plays out, trying to make the same codebase useful for extremely small and extremely large systems at the same time, while also running it on your middle of the road laptop.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.filippo.io/so-i-lost-my-openbsd-fde-password/\" rel=\"nofollow\"\u003eSo I lost my OpenBSD FDE password \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase.”\u003c/li\u003e\n\u003cli\u003eSo they started a little project\u003c/li\u003e\n\u003cli\u003eGoal: “We need to extract enough info from the encrypted disk and rebuild enough of the decryption algorithm to be able to rapidly try many passphrases.”\u003c/li\u003e\n\u003cli\u003eThe post walks through how they reverse engineered the encryption system from the source code and a hexdump of a small encrypted memory disk\u003c/li\u003e\n\u003cli\u003e“Now that we know how to extract the data and how to try passphrases against it, it will be trivial to write a bruteforce tool to recover the part of passphrase I forgot.”\u003c/li\u003e\n\u003cli\u003eSo, rather than having to try every possible passphrase, they only had to try fuzzing around the known keyword that was their passphrase.\u003c/li\u003e\n\u003cli\u003e“UPDATE: I found it! After fixing a bug or two in the brute force tool and almost losing hope, it found the right combination of forgotten word and (Italian) misspelling.”\u003c/li\u003e\n\u003cli\u003eThis work lead to the author recommending that OpenBSD consider \u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=147316661717410\u0026w=2\" rel=\"nofollow\"\u003estrengthening the key derivation algorithm\u003c/a\u003e used in its FDE.\u003c/li\u003e\n\u003cli\u003eRather than using a fixed number of rounds (8000 currently), do a small benchmark and determine how much work can be done in a reasonable amount of time\u003c/li\u003e\n\u003cli\u003eThis is what FreeBSD’s GELI FDE does, targeting ‘over 2 million microseconds’ of work. On my desktop i5-3570 this results in 974842 rounds. The number will likely not be the same twice because of minor variations in how long it will take in microseconds.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Diane Bruce - \u003ca href=\"mailto:db@freebsd.org\" rel=\"nofollow\"\u003edb@freebsd.org\u003c/a\u003e  / \u003ca href=\"https://twitter.com/Dianora_1\" rel=\"nofollow\"\u003e@Dianora_1\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eHam Radio, RPi3 and more!\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2739\" rel=\"nofollow\"\u003eSee Me \u003csub\u003e\u003csup\u003e(Michael W. Lucas)\u003c/sup\u003e\u003c/sub\u003e in 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for a chance to interact with author Michael W Lucas in meat-space? (That sounds wrong)\u003c/li\u003e\n\u003cli\u003eIf so, he has posted a list of the up-coming conferences he’ll be speaking at, starting with Ohio LinuxFest Oct 7-8, where he’ll be giving an introduction to ZFS talk.\u003c/li\u003e\n\u003cli\u003eNov 8th, he’ll also be at MUG (Michigan User Group) giving a PAM talk.\u003c/li\u003e\n\u003cli\u003eSadly, no MeetBSD for Michael this year [moment of silence], but if you are able to make it to one of the aforementioned gatherings, be sure to bring your books for autographs. We promise he doesn’t bite. Much.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/its-hard-work-printing-nothing\" rel=\"nofollow\"\u003eIt’s hard work printing nothing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“It all starts with a bug report to LibreSSL that the openssl tool crashes when it tries to print NULL. This bug doesn’t manifest on OpenBSD because libc will convert NULL strings to ”(null)” when printing. However, this behavior is not required, and as observed, it’s not universal. When snprintf silently accepts NULL, that simply leads to propagating the error.”\u003c/li\u003e\n\u003cli\u003e“There’s an argument to be made that silly error messages are better than crashing browsers, but stacking layers of sand seems like a poor means of building robust software in the long term.”\u003c/li\u003e\n\u003cli\u003e“As soon as development for the next release of OpenBSD restarted, some developers began testing a patch that would remove this crutch from printf.”\u003c/li\u003e\n\u003cli\u003eIf you’d like to help with this work, see our call for volunteers from 2 weeks ago: \u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=147059272201219\u0026w=2\" rel=\"nofollow\"\u003eopportunity to help: %s audit in mandoc \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOf course, immediately things started to complain. The configure script for talloc does a number of checks (check out the additional interesting observations by TedU here)\u003c/li\u003e\n\u003cli\u003e“The test checking that our snprintf function conforms to the C99 standard actually contains, at a minimum, 3 deviations from the standard. It should say “Checking for non-conformant vsnprintf”.”\u003c/li\u003e\n\u003cli\u003e“Of course, we’re dealing with NULL pointers, so all bets are off, but I wonder what people who expect printf NULL to work expect out of strlen? Does it return 0? Does it crash?”\u003c/li\u003e\n\u003cli\u003eSo, talloc decides that the system printf is no good, and it should use its own bundled implementation\u003c/li\u003e\n\u003cli\u003e“After all the configure testing, eventually the build will fail, because somebody forgot to actually add the replacement object file to the Makefile.”\u003c/li\u003e\n\u003cli\u003e“If the replacement function has never been used, that’s hardly reassuring that it is actually better tested than the version we have in libc.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.acumensecurity.net/revisiting-wx-with-openbsd-6-0/\" rel=\"nofollow\"\u003eRevisiting W\u003csup\u003eX\u003c/sup\u003e with OpenBSD 6.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD 6.0 includes enforcement of W\u003csup\u003eX\u003c/sup\u003e in user-land\u003c/li\u003e\n\u003cli\u003eThis prevents an application from being able to map a page of memory with both Write and Execute permissions (protecting mmap(2))\u003c/li\u003e\n\u003cli\u003eOnce mapped a page of memory should not be able to have permissions escalated (protecting mprotect(2))\u003c/li\u003e\n\u003cli\u003eOpenBSD 6.0 enforces the strict W\u003csup\u003eX\u003c/sup\u003e definition, and not the PaX/grsec “once write never execute” type of policy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160901060733\" rel=\"nofollow\"\u003eOpenBSD imports a letsencrypt client into the base system\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve mentioned letskencrypt before (A native C version of the letsencrypt client, developed by Kristaps).\u003c/li\u003e\n\u003cli\u003eLooks like it’s undergoing a name-change to “acme-client” and has made it’s way into OpenBSD’s base system!\u003c/li\u003e\n\u003cli\u003eThis should ensure first-class support for management of Let’s Encrypt certificates, here’s hoping the portable version continues to thrive as well.\u003c/li\u003e\n\u003cli\u003eCongrats to Kristaps!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.openbsd.org/lyrics.html#60f\" rel=\"nofollow\"\u003eOpenBSD: Release Songs 6.0: \u0026quot;Goodbye\u0026quot; -- no more CD releases\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://nanxiao.gitbooks.io/freebsd-101-hacks/content/\" rel=\"nofollow\"\u003eFreeBSD 101 Hacks\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2016-08-20/libressl-enabled-default\" rel=\"nofollow\"\u003eLibreSSL enabled by default in HardenedBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-August/624241.html\" rel=\"nofollow\"\u003eDragonflyBSD removes last bits of 32-bit Linux emulation and has no plans to implement 64-bit linux emulation\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/phessler/status/771277693090467840\" rel=\"nofollow\"\u003eOpenBSD has sent 32bit sparc to the great bitbucket in the sky\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://slexy.org/view/s2hm4HBkb2\" rel=\"nofollow\"\u003eFront Range BSD User Group September Meeting\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://knoxbug.org/content/going-with-the-flow\" rel=\"nofollow\"\u003eKnoxBug TrueOS Wrap-up\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/mVK8G1Vr\" rel=\"nofollow\"\u003e Cody - TrueOS Questions \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/xsUNUfCS\" rel=\"nofollow\"\u003e John - FreeNAS Backups\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/nHkWuNkm\" rel=\"nofollow\"\u003e Herminio - PowerPC + OpenBSD \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/NAh7r6Ed\" rel=\"nofollow\"\u003e Dennis - pmake vs bmake\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/8HaK7yJ6\" rel=\"nofollow\"\u003e Al - Upgrade conflicts\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we’ll be talking to Diane Bruce about using it for Ham Radio Enthusiasts, the RPi3 and much more! That plus all the latest news from the week,","date_published":"2016-09-07T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c0efd5d0-7ebb-4b12-822e-c3b63ad78e1f.mp3","mime_type":"audio/mpeg","size_in_bytes":78828052,"duration_in_seconds":6568}]},{"id":"b05374fc-d22e-4b78-9784-6e23162191ef","title":"157: ZFS, The “Universal” File-system","url":"https://www.bsdnow.tv/157","content_text":"This week on BSDNow, we have an interview with Richard Yao, who will be telling us about the experience and challenges of porting ZFS to Linux. That plus the latest news and feedback is coming your way, on your place\n\nThis episode was brought to you by\n\n\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\n/\u0026gt;\n\n\n\nHeadlines\n\nRegistration for MeetBSD 2016 is now Open \n\n\n“Beastie’s coming home!” This year, MeetBSD will be held at UC Berkeley’s Clark Kerr Campus\nNovember 11th and 12th, preceded by a two day FreeBSD Vendor/Dev Summit (Nov 9th and 10th)\n\n\n\nMeetBSD can be traced back to its humble roots as a local workshop for BSD developers and users, hosted annually in Poland since 2004. Since then, MeetBSD’s popularity has spread, and it’s now widely recognized as its own conference with participants from all over the world.\n\n\n\nThe US version runs every two years in California since 2008, and now trades off with the east coast vBSDCon which runs on the odd years.\n“MeetBSD 2016 uses a mixed unConference format featuring both scheduled talks and community-driven events such as birds-of-a-feather meetings, lightning talks, hackable presentations, stump the chumps, and speed geeking sessions. Speakers are to be determined – stay tuned for more information!”\nRegister before September 30th, and get $30 off\nKris and I will be there, along with lots of other FreeBSD Developers, Vendors, and Users.\nMeetBSD’s unconference style does a very good job of mingling users with developers and is one of my favourite conferences.\n***\n\n\nDual Booting FreeBSD and Windows UEFI\n\n\nLooking to install FreeBSD alongside Windows 10? What happens if that that system is pre-installed and UEFI? Well you could run TrueOS, but if that isn’t your bag and you want vanilla FreeBSD we have you covered this week!\nOver on Kevin Bowling’s blog, we have a detailed article showing exactly how to do that.\nFirst up, as prep you’ll need to go into the Windows disk manager and shrink your existing NTFS partition.\nYou’ll need to next boot FreeBSD 11 or later.\nFrom there the walkthrough takes us through disk partitioning using gpart, and setup of ZFS into a boot-environment friendly layout.\nOnce you get through the typical FreeBSD setup / extraction, the tutorial gives us a nice bonus, showing how to setup “rEFInd” for a graphical boot-menu. \nA great walkthrough, and hopefully it encourages others to try out dual-booting “EFI-style”.\n***\n\n\nZFS High-Availability NAS\n\n\nInterested in a DiY HA ZFS NAS? Edmund White (ewwhite on github) has posted a very detailed look at how he has custom-rolled his own Linux + ZFS + HA setup.\nMost of the concepts are already ones used in various other HA products, but it is interesting and informative to see a public detailed look at how ZFS and HA works.\nIn particular this setup require some very specific hardware, such as dual-port SAS drives, so you will have to pre-plan according.\nThe only bummer is this is a ZFS on Linux setup. Maybe this can serve as the guide / inspiration for somebody in our community to do their own FreeBSD + HA + ZFS setup and blog about it in similar detail.\n***\n\n\nFirst public release of chyves - version 0.1.0\n\n\nAs bhyve continues to mature we are seeing tooling evolve around it. Enter ‘chyves’ which started life as a fork of iohyve.\nWe are looking to do an interview with the author in the near future, but we still want to bring you some of the new features / changes in this evolution of bhyve management.\nFirst up, nearly every function from iohyve has either been re-written in part or full.\nAmong the new features, a full logging system (master and per-vm logs), multiple pool configurations, properties stored outside of ZFS (for speed) and self-upgrading. (Will that work with pkg’d version?)\nIn addition to the above features, the website has a large chart showing the original ‘iohyve’ commands, and how that usage has changed moving to chyves. \nGive it a spin, let the author know of issues!\n***\n\n\nInterview - Richard Yao - ryao@gentoo.org\n\nSr. Kernel Engineer at ClusterHQ - Major Contributor to ZFS on Linux\n\n\n\nNews Roundup\n\nZFS Deadlock: 'Directory of Death'\n\n\nA user reports that when they try to install npm (the Node.js package manager), their system deadlocks\nIt turns out, this was also hitting the FreeBSD package building machines\nPR 209158  \nThe problem was a race condition in the way renames are handled in the FreeBSD VFS vs how ZFS does them internally\nThis bug has existed since the original import of ZFS, but some other change caused it to happen much more frequently\n“ZFS POSIX Layer is originally written for Solaris VFS which is very different from FreeBSD VFS.  Most importantly many things that FreeBSD VFS manages on behalf of all filesystems are implemented in ZPL in a different Way. Thus, ZPL contains code that is redundant on FreeBSD or duplicates VFS functionality or, in the worst cases, badly interacts / interferes with VFS.”\n“The most prominent problem is a deadlock caused by the lock order reversal of vnode locks that may happen with concurrent zfs_rename() and lookup(). The deadlock is a result of zfs_rename() not observing the vnode locking contract expected by VFS.”\nThe fixes have been merged to the 10.x and 11.x branches\n***\n\n\nNew BSD Magazine out (2016-07)\n\n\nArticles include: Implementing in-memory cache in the BeaST architecture, Docker Cleanup, FreeNAS Getting Started Guide, and starting at the very beginning with open source\nThe August issue is also out \nThis issue features two articles about MINIX 3, continues the FreeNAS getting started guide, Optimizes the in-memory cache for the BeaST architecture, and talks about fixing failed ports for Hardened and LibreBSD\nWe hope to have an interview with the creator of the BeaST architecture in the coming weeks\n***\n\n\nDragonflyBSD and UEFI\n\n\nWe’ve featured a few stories and walkthroughs about using UEFI to dual-boot BSD, and now its Dragonfly BSD’s turn.\nDave McFarlane writes into the DF mailing lists, telling us about the specific steps taken to get UEFI installed and boot-strapped on his system.\nIf you’ve done a FreeBSD manual UEFI install, the process looks very similar, but you will end up manually running ‘gpt’ to create partitions, installing dist files, and eventually installing boot1.efi into the FAT EFI partition.\nDave also ran into an issue with resulted in no /etc/fstab being present, and helpfully includes what his system needed to fully boot hammer properly.\nSomebody should document this fully for DFLY, since I would expect to become more commonplace as commodity hardware is shipped with UEFI on by default.\n***\n\n\nNetflix and Fill \n\n\nThe Netflix team has produced a technical blog post describing how their OpenConnect appliances work\nFirst the content is received from the content provider, and the Netflix content team makes it ready for deployment, by transcoding the various bitrates, packaging the subtitles, etc.\nThe finished files are then pushed to Amazon S3 storage\n“We deploy the majority of our updates proactively during configured fill windows. An important difference between our OpenConnect CDN and other commercial CDNs is the concept of proactive caching. Because we can predict with high accuracy what our members will watch and what time of day they will watch it, we can make use of non-peak bandwidth to download most of the content updates to the OCAs in our network during these configurable time windows. By reducing disk reads (content serving) while we are performing disk writes (adding new content to the OCAs), we are able to optimize our disk efficiency by avoiding read/write contention. The predictability of off-peak traffic patterns helps with this optimization, but we still only have a finite amount of time every day to get our content pre-positioned to where it needs to be before our traffic starts to ramp up and we want to make all of the OCA capacity available for content serving.”\nThe OCA may actually contain more than one copy of the same video, because each disk in the OCA is independent, storing the same video on two different disks will provide twice the available read bandwidth\nNormally the filesystem cache would obviate the need for this, but the Netflix OCA has so much storage, and not a lot of memory, and the requests from users are offset enough that the cache is useless\n“OCAs communicate at regular intervals with the control plane services, requesting (among other things) a manifest file that contains the list of titles they should be storing and serving to members. If there is a delta between the list of titles in the manifest and what they are currently storing, each OCA will send a request, during its configured fill window, that includes a list of the new or updated titles that it needs. The response from the control plane in AWS is a ranked list of potential download locations, aka fill sources, for each title.”\n“It would be inefficient, in terms of both time and cost, to distribute a title directly from S3 to all of our OCAs, so we use a tiered approach. The goal is to ensure that the title is passed from one part of our network to another using the most efficient route possible.”\nThe article then goes on to explain how they calculate the least cost filling source\n“Now that Netflix operates in 190 countries and we have thousands of appliances embedded within many ISP networks around the world, we are even more obsessed with making sure that our OCAs get the latest content as quickly as possible while continuing to minimize bandwidth cost to our ISP partners.”\n***\n\n\nBeastie Bits:\n\n\nCover reveal for “PAM Mastery”\nLibertyBSD 5.9 is out - looking for mirrors\nUnix for Poets\n\n\nFeedback/Questions\n\n\n Chuck / Ingo - Get Involved \n Oskar - Thanks \n Alex - SMF \n Raymond - RPI3 \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we have an interview with Richard Yao, who will be telling us about the experience and challenges of porting ZFS to Linux. That plus the latest news and feedback is coming your way, on your place\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" \u003cbr\u003e\n/\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.meetbsd.com/\" rel=\"nofollow\"\u003eRegistration for MeetBSD 2016 is now Open \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Beastie’s coming home!” This year, MeetBSD will be held at UC Berkeley’s Clark Kerr Campus\u003c/li\u003e\n\u003cli\u003eNovember 11th and 12th, preceded by a two day FreeBSD Vendor/Dev Summit (Nov 9th and 10th)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eMeetBSD can be traced back to its humble roots as a local workshop for BSD developers and users, hosted annually in Poland since 2004. Since then, MeetBSD’s popularity has spread, and it’s now widely recognized as its own conference with participants from all over the world.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe US version runs every two years in California since 2008, and now trades off with the east coast vBSDCon which runs on the odd years.\u003c/li\u003e\n\u003cli\u003e“MeetBSD 2016 uses a mixed unConference format featuring both scheduled talks and community-driven events such as birds-of-a-feather meetings, lightning talks, hackable presentations, stump the chumps, and speed geeking sessions. Speakers are to be determined – stay tuned for more information!”\u003c/li\u003e\n\u003cli\u003eRegister before September 30th, and get $30 off\u003c/li\u003e\n\u003cli\u003eKris and I will be there, along with lots of other FreeBSD Developers, Vendors, and Users.\u003c/li\u003e\n\u003cli\u003eMeetBSD’s unconference style does a very good job of mingling users with developers and is one of my favourite conferences.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://kev009.com/wp/2016/07/freebsd-uefi-root-on-zfs-and-windows-dual-boot/\" rel=\"nofollow\"\u003eDual Booting FreeBSD and Windows UEFI\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking to install FreeBSD alongside Windows 10? What happens if that that system is pre-installed and UEFI? Well you could run TrueOS, but if that isn’t your bag and you want vanilla FreeBSD we have you covered this week!\u003c/li\u003e\n\u003cli\u003eOver on Kevin Bowling’s blog, we have a detailed article showing exactly how to do that.\u003c/li\u003e\n\u003cli\u003eFirst up, as prep you’ll need to go into the Windows disk manager and shrink your existing NTFS partition.\u003c/li\u003e\n\u003cli\u003eYou’ll need to next boot FreeBSD 11 or later.\u003c/li\u003e\n\u003cli\u003eFrom there the walkthrough takes us through disk partitioning using gpart, and setup of ZFS into a boot-environment friendly layout.\u003c/li\u003e\n\u003cli\u003eOnce you get through the typical FreeBSD setup / extraction, the tutorial gives us a nice bonus, showing how to setup “rEFInd” for a graphical boot-menu. \u003c/li\u003e\n\u003cli\u003eA great walkthrough, and hopefully it encourages others to try out dual-booting “EFI-style”.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/ewwhite/zfs-ha/wiki\" rel=\"nofollow\"\u003eZFS High-Availability NAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eInterested in a DiY HA ZFS NAS? Edmund White (ewwhite on github) has posted a very detailed look at how he has custom-rolled his own Linux + ZFS + HA setup.\u003c/li\u003e\n\u003cli\u003eMost of the concepts are already ones used in various other HA products, but it is interesting and informative to see a public detailed look at how ZFS and HA works.\u003c/li\u003e\n\u003cli\u003eIn particular this setup require some very specific hardware, such as dual-port SAS drives, so you will have to pre-plan according.\u003c/li\u003e\n\u003cli\u003eThe only bummer is this is a ZFS on Linux setup. Maybe this can serve as the guide / inspiration for somebody in our community to do their own FreeBSD + HA + ZFS setup and blog about it in similar detail.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://chyves.org/\" rel=\"nofollow\"\u003eFirst public release of chyves - version 0.1.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs bhyve continues to mature we are seeing tooling evolve around it. Enter ‘chyves’ which started life as a fork of iohyve.\u003c/li\u003e\n\u003cli\u003eWe are looking to do an interview with the author in the near future, but we still want to bring you some of the new features / changes in this evolution of bhyve management.\u003c/li\u003e\n\u003cli\u003eFirst up, nearly every function from iohyve has either been re-written in part or full.\u003c/li\u003e\n\u003cli\u003eAmong the new features, a full logging system (master and per-vm logs), multiple pool configurations, properties stored outside of ZFS (for speed) and self-upgrading. (Will that work with pkg’d version?)\u003c/li\u003e\n\u003cli\u003eIn addition to the above features, the website has a large chart showing the original ‘iohyve’ commands, and how that usage has changed moving to chyves. \u003c/li\u003e\n\u003cli\u003eGive it a spin, let the author know of issues!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Richard Yao - \u003ca href=\"mailto:ryao@gentoo.org\" rel=\"nofollow\"\u003eryao@gentoo.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eSr. Kernel Engineer at ClusterHQ - Major Contributor to ZFS on Linux\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.freebsd.org/pipermail/freebsd-hackers/2016-July/049740.html\" rel=\"nofollow\"\u003eZFS Deadlock: \u0026#39;Directory of Death\u0026#39;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA user reports that when they try to install npm (the Node.js package manager), their system deadlocks\u003c/li\u003e\n\u003cli\u003eIt turns out, this was also hitting the FreeBSD package building machines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209158\" rel=\"nofollow\"\u003ePR 209158 \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThe problem was a race condition in the way renames are handled in the FreeBSD VFS vs how ZFS does them internally\u003c/li\u003e\n\u003cli\u003eThis bug has existed since the original import of ZFS, but some other change caused it to happen much more frequently\u003c/li\u003e\n\u003cli\u003e“ZFS POSIX Layer is originally written for Solaris VFS which is very different from FreeBSD VFS.  Most importantly many things that FreeBSD VFS manages on behalf of all filesystems are implemented in ZPL in a different Way. Thus, ZPL contains code that is redundant on FreeBSD or duplicates VFS functionality or, in the worst cases, badly interacts / interferes with VFS.”\u003c/li\u003e\n\u003cli\u003e“The most prominent problem is a deadlock caused by the lock order reversal of vnode locks that may happen with concurrent zfs_rename() and lookup(). The deadlock is a result of zfs_rename() not observing the vnode locking contract expected by VFS.”\u003c/li\u003e\n\u003cli\u003eThe fixes have been merged to the 10.x and 11.x branches\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/download/implementing-memory-cache-beast-architecture/\" rel=\"nofollow\"\u003eNew BSD Magazine out (2016-07)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eArticles include: Implementing in-memory cache in the BeaST architecture, Docker Cleanup, FreeNAS Getting Started Guide, and starting at the very beginning with open source\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/download/minix-3-free-open-source-operating-system-highly-reliable-flexible-secure/\" rel=\"nofollow\"\u003eThe August issue is also out \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis issue features two articles about MINIX 3, continues the FreeNAS getting started guide, Optimizes the in-memory cache for the BeaST architecture, and talks about fixing failed ports for Hardened and LibreBSD\u003c/li\u003e\n\u003cli\u003eWe hope to have an interview with the creator of the BeaST architecture in the coming weeks\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-July/270796.html\" rel=\"nofollow\"\u003eDragonflyBSD and UEFI\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve featured a few stories and walkthroughs about using UEFI to dual-boot BSD, and now its Dragonfly BSD’s turn.\u003c/li\u003e\n\u003cli\u003eDave McFarlane writes into the DF mailing lists, telling us about the specific steps taken to get UEFI installed and boot-strapped on his system.\u003c/li\u003e\n\u003cli\u003eIf you’ve done a FreeBSD manual UEFI install, the process looks very similar, but you will end up manually running ‘gpt’ to create partitions, installing dist files, and eventually installing boot1.efi into the FAT EFI partition.\u003c/li\u003e\n\u003cli\u003eDave also ran into an issue with resulted in no /etc/fstab being present, and helpfully includes what his system needed to fully boot hammer properly.\u003c/li\u003e\n\u003cli\u003eSomebody should document this fully for DFLY, since I would expect to become more commonplace as commodity hardware is shipped with UEFI on by default.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://techblog.netflix.com/2016/08/netflix-and-fill.html\" rel=\"nofollow\"\u003eNetflix and Fill \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Netflix team has produced a technical blog post describing how their OpenConnect appliances work\u003c/li\u003e\n\u003cli\u003eFirst the content is received from the content provider, and the Netflix content team makes it ready for deployment, by transcoding the various bitrates, packaging the subtitles, etc.\u003c/li\u003e\n\u003cli\u003eThe finished files are then pushed to Amazon S3 storage\u003c/li\u003e\n\u003cli\u003e“We deploy the majority of our updates proactively during configured fill windows. An important difference between our OpenConnect CDN and other commercial CDNs is the concept of proactive caching. Because we can predict with high accuracy what our members will watch and what time of day they will watch it, we can make use of non-peak bandwidth to download most of the content updates to the OCAs in our network during these configurable time windows. By reducing disk reads (content serving) while we are performing disk writes (adding new content to the OCAs), we are able to optimize our disk efficiency by avoiding read/write contention. The predictability of off-peak traffic patterns helps with this optimization, but we still only have a finite amount of time every day to get our content pre-positioned to where it needs to be before our traffic starts to ramp up and we want to make all of the OCA capacity available for content serving.”\u003c/li\u003e\n\u003cli\u003eThe OCA may actually contain more than one copy of the same video, because each disk in the OCA is independent, storing the same video on two different disks will provide twice the available read bandwidth\u003c/li\u003e\n\u003cli\u003eNormally the filesystem cache would obviate the need for this, but the Netflix OCA has so much storage, and not a lot of memory, and the requests from users are offset enough that the cache is useless\u003c/li\u003e\n\u003cli\u003e“OCAs communicate at regular intervals with the control plane services, requesting (among other things) a manifest file that contains the list of titles they should be storing and serving to members. If there is a delta between the list of titles in the manifest and what they are currently storing, each OCA will send a request, during its configured fill window, that includes a list of the new or updated titles that it needs. The response from the control plane in AWS is a ranked list of potential download locations, aka fill sources, for each title.”\u003c/li\u003e\n\u003cli\u003e“It would be inefficient, in terms of both time and cost, to distribute a title directly from S3 to all of our OCAs, so we use a tiered approach. The goal is to ensure that the title is passed from one part of our network to another using the most efficient route possible.”\u003c/li\u003e\n\u003cli\u003eThe article then goes on to explain how they calculate the least cost filling source\u003c/li\u003e\n\u003cli\u003e“Now that Netflix operates in 190 countries and we have thousands of appliances embedded within many ISP networks around the world, we are even more obsessed with making sure that our OCAs get the latest content as quickly as possible while continuing to minimize bandwidth cost to our ISP partners.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits:\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2734\" rel=\"nofollow\"\u003eCover reveal for “PAM Mastery”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://libertybsd.net/download.html\" rel=\"nofollow\"\u003eLibertyBSD 5.9 is out - looking for mirrors\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://web.stanford.edu/class/cs124/lec/124-UnixForPoets.pdf\" rel=\"nofollow\"\u003eUnix for Poets\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ksq0rfph\" rel=\"nofollow\"\u003e Chuck / Ingo - Get Involved\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/YqzcHEMg\" rel=\"nofollow\"\u003e Oskar - Thanks\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/WvdVZbYc\" rel=\"nofollow\"\u003e Alex - SMF\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/JPWgzSGv\" rel=\"nofollow\"\u003e Raymond - RPI3\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we have an interview with Richard Yao, who will be telling us about the experience and challenges of porting ZFS to Linux. That plus the latest news and feedback is coming your way, on your place","date_published":"2016-08-31T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b05374fc-d22e-4b78-9784-6e23162191ef.mp3","mime_type":"audio/mpeg","size_in_bytes":59546452,"duration_in_seconds":4962}]},{"id":"b9e388cd-9daa-4d62-9422-394e403bc03e","title":"156: The Fresh BSD experience","url":"https://www.bsdnow.tv/156","content_text":"This week on BSDNow, Allan is back from his UK trip and we’ll get to hear his thoughts on the developer summit. That plus all the\n\nThis episode was brought to you by\n\n\n/\u0026gt;\n\n\n\nHeadlines\n\nFreeBSD 11.0-RC1 Available\n\n\nFreeBSD is marching onwards to 11.0, and with it the first RC1 was released. In addition to the usual amd64 architectures, you may want to give it \na whirl on your various ARM boards as well, as it includes images for the following systems:\n\n\n11.0-RC1 amd64 GENERIC\n11.0-RC1 i386 GENERIC\n11.0-RC1 powerpc GENERIC\n11.0-RC1 powerpc64 GENERIC64\n11.0-RC1 sparc64 GENERIC\n11.0-RC1 armv6 BANANAPI\n11.0-RC1 armv6 BEAGLEBONE\n11.0-RC1 armv6 CUBIEBOARD\n11.0-RC1 armv6 CUBIEBOARD2\n11.0-RC1 armv6 CUBOX-HUMMINGBOARD\n11.0-RC1 armv6 GUMSTIX\n11.0-RC1 armv6 RPI-B\n11.0-RC1 armv6 RPI2\n11.0-RC1 armv6 PANDABOARD\n11.0-RC1 armv6 WANDBOARD\n11.0-RC1 aarch64 GENERIC\n\nFor those wondering the list of changes between this and BETA4, we have that as well:\n\n\nA NULL pointer dereference in IPSEC has been fixed.\nSupport for SSH Protocol 1 has been removed.\nOpenSSH DSA keys have been disabled by default.  Users upgrading from\nprior FreeBSD versions are urged to update their SSH keys to RSA or\nECDSA keys before upgrading to 11.0-RC1.\nPCI-e hotplug on bridges with power controllers has been disabled.\nA loader tunable (hw.pci.enable_pcie_hp) to disable PCI-e HotPlug has\nbeen added.\nA VESA panic on suspend has been fixed.\nGoogle Compute Engine image publication has been fixed.\nAn AES-ICM heap corruption typo bug has been fixed.\nA regression in pf.conf while parsing the 'interval' keyword has been\nfixed.\nA ZFS/VFS deadlock has been fixed.\n\nRC2 is delayed while some issues are sorted out \nRC2 is looming large, but was pushed back a few days while the following bugs are sorted out:\n\n\nIssue with IPv6 UDP traffic being sent from wrong MAC address\nLayer2 violation with IPv6\n***\n\n\n\nOpenBSD just added initial support for the RaspberryPi 2 and 3 devices\n\n\nIt’s a good time to be an ARM and BSD enthusiast. In addition to all the ARM images in FreeBSD 11.0, we also have word that initial support for RPi2 and RPi3 has started to land in OpenBSD.\nMark Kettenis has posted the following with his Commit:\n\n\n\nInitial support for Raspberry Pi 2/3.  All the hard work done by patrick@, I just cleaned things up a bit.  Any bugs introduced in that process are entirely mine.\n\nThis doesn't work yet.  But when it does, you'll need recent firmware from the Raspberry Pi Foundation git repository at:\n\nhttps://github.com/raspberrypi/firmware\n\nThe device tree for the Raspberry Pi is somewhat in flux as bits and pieces to support the Raspberry Pi 2 and 3 are committed to the mainline Linux kernel.“\n\n\nExciting news! We will of course keep you informed as to when we have images to play with. Running OpenBSD / PF on a RPi does sound intriguing.\n***\n\n\n\ndrm-4.8-rc2 tagged in drm-next\n\n\nRemember when FreeBSD lagged so far behind in Graphics support? Well, those days are rapidly coming to an end.\nMatt Macy has posted an update to the FreeBSD X11 list with news of his DRM branch being caught up all the way to Linux 4.8-RC2 now.\nThis is a huge accomplishment, with Matt commenting:\n\n\n\nAs of this moment sys/dev/drm in the drm-next tree is sync with https://github.com/torvalds/linux drivers/gpu/drm (albeit only for the subset of drivers that FreeBSD supports -  i915, radeon, and amdgpu). I feel this is a bit of a milestone as it means that it is possible that in the future graphics support on FreeBSD could proceed in lockstep with Linux.\n\n\n\nFor those who want to try out the latest support, you can build from his branch at the following GitHub location: (https://github.com/FreeBSDDesktop/freebsd-base-graphics) \nOr, if compiling isn’t your thing, TrueOS (The re-branded PC-BSD) will be releasing the a new ISO based upon his update to Linux 4.7 in the coming days, with 4.8-RC2 to follow in the next week or two.\n***\n\n\nInstalling FreeBSD for Raspberry Pi\n\n\nPeople have been running FreeBSD on various RPi devices for a while now, however there are still a lot of people who probably need a hand to get boot-strapped on their RPi system.\nThe FreeBSD foundation has put together a nice tutorial which walks even the most novice user through getting FreeBSD up and running.\nIn particular this could become a good way for students or other FreeBSD newcomers to try out the OS on a relatively low-cost platform outside of a VM.\nThe tutorial starts of with a check-list of the specific items you’ll need to get started, for RPi 1 (a/b) or RPi 2 hardware.\nFrom there, instructions on how to get the downloaded images onto a sdcard are provided, including Mac and Windows image burning details.\nWith this done, it’s really only a matter of plugging in your device to be presented with your new RPi + FreeBSD system. The most important details (the default username/password) at also provided, so don’t skim too quickly.\n***\n\n\nInterview - Drew Gurkowski\n\n\nFoundation Intern: First time FreeBSD User and Writing Tutorials\n***\n\n\nNews Roundup\n\nFreeBSD’s ipfw gets a NAT64 implementation \n\n\nA new feature has been added to FreeBSD’s native firewall, ipfw2\nThe new loadable module implements stateless and stateful NAT64\n“Stateless translation is appropriate when a NAT64 translator is used in front of IPv4-only servers to allow them to be reached by remote IPv6-only clients.”\nWith this setup, you map specific IPv6 addresses to the corresponding IPv4 address, allowing IPv4 only servers to be reachable on the v6 network.\n“Stateful translation is suitable for deployment at the client side or at the service provider, allowing IPv6-only client hosts to reach remote IPv4-only nodes.”\nThis configuration allows many IPv6 only clients to reach the “legacy” internet. The FreeBSD cluster has been waiting for this feature for \na while, because they have limited IP addresses, but many service jails that require access to services like GitHub that are not IPv6 enabled.\nThe work was sponsored by Yandex, the Russian search engine and long time FreeBSD user\nExample configurations for both types are included in the commit message\nIf you would find this feature useful, please take the time to set it up and document the steps and contribute that to the FreeBSD Handbook.\n***\n\n\nUpdate on using LLVM's lld linker in the FreeBSD base system\n\n\nEd Maste has written a lengthy update on the progress being made towards using LLVM’s lld linker as a replacement for GNU’s ‘ld’.\nEd starts off by giving us some of the potential benefits of using lld vs the 2.17.50 ‘ld’ version FreeBSD currently uses:\n\n\nAArch64 (arm64) support\nLink Time Optimization (LTO)\nNew ABI support\nOther linker optimization\nMuch faster link times\nMaintained code base\n\nEd also gives us an update on several of the major blockers:\n\n\n\nSince the last update in March several lld developers have implemented much of the missing functionality. The main blockers were symbol version support and expression evaluation in the linker script expression parser. Both are now nearly complete“\n\n\n\nA detailed plan was also articulated in respect to switching over:\n\n\n\nUpdate lld along with the Clang/LLVM 3.9 update that dim@ is working on.\nAdd the bmake build infrastructure, installing as /usr/bin/ld.lld on the same architectures that use Clang (amd64, arm, arm64, i386). I don't think there's a need for a WITH_LLD src.conf knob, but will add one if desired.\nUpdate lld again (most likely to a snapshot from upstream SVN) once it is able to link an unmodified FreeBSD kernel.\nModify the boot loader and kernel builds to avoid using features not implemented by lld.\nIntroduce a WITH_LLD_AS_LD knob to have /usr/bin/ld be a ld.lld hardlink instead of /usr/bin/ld.bfd.\nRequest ports exp-runs and issue a call for testing with 3rd party software. Fix issues found during this process.\nSwitch /usr/bin/ld to ld.lld by default in head for the Clang-using architectures. Add a WITHOUT_LLD_AS_LD knob to switch back to GNU ld.\n***\n\n\nHow to install FreeBSD with ZFS filesystem on DigitalOcean\n\n\nI know we’ve mentioned using FreeBSD + ZFS on digital ocean in the past, but today we have a nice HowTo by Kaspars Mickevics (fxlv) on GitHub.\nBefore getting started, kaspars mentions some pre-reqs. First up  he recommends starting with a Minimum of 2GB of RAM. (The $20/mo droplet). This is to ensure you have plenty of cushion to avoid running out of memory during the process. It is possible to use ZFS with less, but depending on your desired workload this does make sense.\nFrom there, checking out “mfsBSD” is discussed, along with details on how to make it suitable for a DO installation. (Mostly just disabling DHCP for the network device) For good measure ‘pkg-static’ is also included.\nWith that done, using mfsBSD you will create a tar file, which is then extracted on top of the running system.\nAfter rebooting, you will be able to run “bsdinstall” and proceed to installing / formatting your disk with ZFS as normal.\nA good tutorial, something I may need to do here in the near future.\n\n\n\n\nUser manages to get OpenBSD and FreeBSD working with Libreboot\n\n\nIn a short drive-by post to the Libreboot mailing list Piotr Kubaj gives a quick notice that he managed to get OpenBSD and FreeBSD both booting.\n\u0026gt; I know GNU people don't like BSD, so let me make it quick :)\n\u0026gt; \n\u0026gt; \n\u0026gt; I've succeeded in booting FreeBSD 11.0-RC1 using txt mode on my X200\n\u0026gt; with the newest Libreboot.\n\u0026gt; \n\u0026gt; To get installer to boot, I used:\n\u0026gt; kfreebsd (usb0,gpt3)/boot/kernel/kernel\n\u0026gt; set FreeBSD.vfs.mountfrom=ufs:/dev/da1p3\n\u0026gt; boot\n\u0026gt; \n\u0026gt; I didn't try to install yet.\n\u0026gt;\nThe trick looks relatively simple (looks like GRUB), manually loading the kernel with ‘kfreebsd’ and then setting the vfs.root.mountfrom \nvariable to find the USB stick.\nIn an update he also mentions booting OpenBSD with ‘kopenbsd’ instead of ‘kfreebsd’ (again GRUB syntax)\nNow somebody will need to test installation of the system (he didn’t) and see what other issues may crop up in running BSD on a free BIOS.\n***\n\n\nBeastie Bits:\n\n\nThe ACPICA (ACPI Component Architecture) coding language AML now in DragonFly BSD \nRelease announcement for 4.3BSD Tahoe from 1988  \n\n\nFeedback/Questions\n\n\n Mike - Jail Uptime \n Greg - Router Hardware \n Kristof writes in \n Ty - Updates and Logs \n Benjamin - MTA Bug  \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, Allan is back from his UK trip and we’ll get to hear his thoughts on the developer summit. That plus all the\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" \u003cbr\u003e\n/\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for \u003cbr\u003e\nDevelopers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly \u003cbr\u003e\nParanoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2016-August/085277.html\" rel=\"nofollow\"\u003eFreeBSD 11.0-RC1 Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eFreeBSD is marching onwards to 11.0, and with it the first RC1 was released. In addition to the usual amd64 architectures, you may want to give it \u003cbr\u003e\na whirl on your various ARM boards as well, as it includes images for the following systems:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e11.0-RC1 amd64 GENERIC\u003c/li\u003e\n\u003cli\u003e11.0-RC1 i386 GENERIC\u003c/li\u003e\n\u003cli\u003e11.0-RC1 powerpc GENERIC\u003c/li\u003e\n\u003cli\u003e11.0-RC1 powerpc64 GENERIC64\u003c/li\u003e\n\u003cli\u003e11.0-RC1 sparc64 GENERIC\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 BANANAPI\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 BEAGLEBONE\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 CUBIEBOARD\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 CUBIEBOARD2\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 CUBOX-HUMMINGBOARD\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 GUMSTIX\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 RPI-B\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 RPI2\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 PANDABOARD\u003c/li\u003e\n\u003cli\u003e11.0-RC1 armv6 WANDBOARD\u003c/li\u003e\n\u003cli\u003e11.0-RC1 aarch64 GENERIC\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFor those wondering the list of changes between this and BETA4, we have that as well:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eA NULL pointer dereference in IPSEC has been fixed.\u003c/li\u003e\n\u003cli\u003eSupport for SSH Protocol 1 has been removed.\u003c/li\u003e\n\u003cli\u003eOpenSSH DSA keys have been disabled by default.  Users upgrading from\nprior FreeBSD versions are urged to update their SSH keys to RSA or\nECDSA keys before upgrading to 11.0-RC1.\u003c/li\u003e\n\u003cli\u003ePCI-e hotplug on bridges with power controllers has been disabled.\u003c/li\u003e\n\u003cli\u003eA loader tunable (hw.pci.enable_pcie_hp) to disable PCI-e HotPlug has\nbeen added.\u003c/li\u003e\n\u003cli\u003eA VESA panic on suspend has been fixed.\u003c/li\u003e\n\u003cli\u003eGoogle Compute Engine image publication has been fixed.\u003c/li\u003e\n\u003cli\u003eAn AES-ICM heap corruption typo bug has been fixed.\u003c/li\u003e\n\u003cli\u003eA regression in pf.conf while parsing the \u0026#39;interval\u0026#39; keyword has been\nfixed.\u003c/li\u003e\n\u003cli\u003eA ZFS/VFS deadlock has been fixed.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2016-August/085323.html\" rel=\"nofollow\"\u003eRC2 is delayed while some issues are sorted out \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eRC2 is looming large, but was pushed back a few days while the following bugs are sorted out:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIssue with IPv6 UDP traffic being sent from wrong MAC address\u003c/li\u003e\n\u003cli\u003eLayer2 violation with IPv6\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=147059203101111\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD just added initial support for the RaspberryPi 2 and 3 devices\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s a good time to be an ARM and BSD enthusiast. In addition to all the ARM images in FreeBSD 11.0, we also have word that initial support for RPi2 and RPi3 has started to land in OpenBSD.\u003c/li\u003e\n\u003cli\u003eMark Kettenis has posted the following with his Commit:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eInitial support for Raspberry Pi 2/3.  All the hard work done by patrick@, I just cleaned things up a bit.  Any bugs introduced in that process are entirely mine.\u003c/p\u003e\n\n\u003cp\u003eThis doesn\u0026#39;t work yet.  But when it does, you\u0026#39;ll need recent firmware from the Raspberry Pi Foundation git repository at:\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/raspberrypi/firmware\" rel=\"nofollow\"\u003ehttps://github.com/raspberrypi/firmware\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eThe device tree for the Raspberry Pi is somewhat in flux as bits and pieces to support the Raspberry Pi 2 and 3 are committed to the mainline Linux kernel.“\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eExciting news! We will of course keep you informed as to when we have images to play with. Running OpenBSD / PF on a RPi does sound intriguing.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-x11/2016-August/017840.html\" rel=\"nofollow\"\u003edrm-4.8-rc2 tagged in drm-next\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRemember when FreeBSD lagged so far behind in Graphics support? Well, those days are rapidly coming to an end.\u003c/li\u003e\n\u003cli\u003eMatt Macy has posted an update to the FreeBSD X11 list with news of his DRM branch being caught up all the way to Linux 4.8-RC2 now.\u003c/li\u003e\n\u003cli\u003eThis is a huge accomplishment, with Matt commenting:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eAs of this moment sys/dev/drm in the drm-next tree is sync with \u003ca href=\"https://github.com/torvalds/linux\" rel=\"nofollow\"\u003ehttps://github.com/torvalds/linux\u003c/a\u003e drivers/gpu/drm (albeit only for the subset of drivers that FreeBSD supports -  i915, radeon, and amdgpu). I feel this is a bit of a milestone as it means that it is possible that in the future graphics support on FreeBSD could proceed in lockstep with Linux.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor those who want to try out the latest support, you can build from his branch at the following GitHub location: (\u003ca href=\"https://github.com/FreeBSDDesktop/freebsd-base-graphics\" rel=\"nofollow\"\u003ehttps://github.com/FreeBSDDesktop/freebsd-base-graphics\u003c/a\u003e) \u003c/li\u003e\n\u003cli\u003eOr, if compiling isn’t your thing, TrueOS (The re-branded PC-BSD) will be releasing the a new ISO based upon his update to Linux 4.7 in the coming days, with 4.8-RC2 to follow in the next week or two.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/freebsd/how-to-guides/installing-freebsd-for-raspberry-pi/\" rel=\"nofollow\"\u003eInstalling FreeBSD for Raspberry Pi\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeople have been running FreeBSD on various RPi devices for a while now, however there are still a lot of people who probably need a hand to get boot-strapped on their RPi system.\u003c/li\u003e\n\u003cli\u003eThe FreeBSD foundation has put together a nice tutorial which walks even the most novice user through getting FreeBSD up and running.\u003c/li\u003e\n\u003cli\u003eIn particular this could become a good way for students or other FreeBSD newcomers to try out the OS on a relatively low-cost platform outside of a VM.\u003c/li\u003e\n\u003cli\u003eThe tutorial starts of with a check-list of the specific items you’ll need to get started, for RPi 1 (a/b) or RPi 2 hardware.\u003c/li\u003e\n\u003cli\u003eFrom there, instructions on how to get the downloaded images onto a sdcard are provided, including Mac and Windows image burning details.\u003c/li\u003e\n\u003cli\u003eWith this done, it’s really only a matter of plugging in your device to be presented with your new RPi + FreeBSD system. The most important details (the default username/password) at also provided, so don’t skim too quickly.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Drew Gurkowski\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eFoundation Intern: First time FreeBSD User and Writing Tutorials\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=304046\" rel=\"nofollow\"\u003eFreeBSD’s ipfw gets a NAT64 implementation \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new feature has been added to FreeBSD’s native firewall, ipfw2\u003c/li\u003e\n\u003cli\u003eThe new loadable module implements stateless and stateful NAT64\u003c/li\u003e\n\u003cli\u003e“Stateless translation is appropriate when a NAT64 translator is used in front of IPv4-only servers to allow them to be reached by remote IPv6-only clients.”\u003c/li\u003e\n\u003cli\u003eWith this setup, you map specific IPv6 addresses to the corresponding IPv4 address, allowing IPv4 only servers to be reachable on the v6 network.\u003c/li\u003e\n\u003cli\u003e“Stateful translation is suitable for deployment at the client side or at the service provider, allowing IPv6-only client hosts to reach remote IPv4-only nodes.”\u003c/li\u003e\n\u003cli\u003eThis configuration allows many IPv6 only clients to reach the “legacy” internet. The FreeBSD cluster has been waiting for this feature for \na while, because they have limited IP addresses, but many service jails that require access to services like GitHub that are not IPv6 enabled.\u003c/li\u003e\n\u003cli\u003eThe work was sponsored by Yandex, the Russian search engine and long time FreeBSD user\u003c/li\u003e\n\u003cli\u003eExample configurations for both types are included in the commit message\u003c/li\u003e\n\u003cli\u003eIf you would find this feature useful, please take the time to set it up and document the steps and contribute that to the FreeBSD Handbook.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-toolchain/2016-August/002240.html\" rel=\"nofollow\"\u003eUpdate on using LLVM\u0026#39;s lld linker in the FreeBSD base system\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEd Maste has written a lengthy update on the progress being made towards using LLVM’s lld linker as a replacement for GNU’s ‘ld’.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eEd starts off by giving us some of the potential benefits of using lld vs the 2.17.50 ‘ld’ version FreeBSD currently uses:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAArch64 (arm64) support\u003c/li\u003e\n\u003cli\u003eLink Time Optimization (LTO)\u003c/li\u003e\n\u003cli\u003eNew ABI support\u003c/li\u003e\n\u003cli\u003eOther linker optimization\u003c/li\u003e\n\u003cli\u003eMuch faster link times\u003c/li\u003e\n\u003cli\u003eMaintained code base\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eEd also gives us an update on several of the major blockers:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eSince the last update in March several lld developers have implemented much of the missing functionality. The main blockers were symbol version support and expression evaluation in the linker script expression parser. Both are now nearly complete“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA detailed plan was also articulated in respect to switching over:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003col\u003e\n\u003cli\u003eUpdate lld along with the Clang/LLVM 3.9 update that dim@ is working on.\u003c/li\u003e\n\u003cli\u003eAdd the bmake build infrastructure, installing as /usr/bin/ld.lld on the same architectures that use Clang (amd64, arm, arm64, i386). I don\u0026#39;t think there\u0026#39;s a need for a WITH_LLD src.conf knob, but will add one if desired.\u003c/li\u003e\n\u003cli\u003eUpdate lld again (most likely to a snapshot from upstream SVN) once it is able to link an unmodified FreeBSD kernel.\u003c/li\u003e\n\u003cli\u003eModify the boot loader and kernel builds to avoid using features not implemented by lld.\u003c/li\u003e\n\u003cli\u003eIntroduce a WITH_LLD_AS_LD knob to have /usr/bin/ld be a ld.lld hardlink instead of /usr/bin/ld.bfd.\u003c/li\u003e\n\u003cli\u003eRequest ports exp-runs and issue a call for testing with 3rd party software. Fix issues found during this process.\u003c/li\u003e\n\u003cli\u003eSwitch /usr/bin/ld to ld.lld by default in head for the Clang-using architectures. Add a WITHOUT_LLD_AS_LD knob to switch back to GNU ld.\n***\u003c/li\u003e\n\u003c/ol\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/fxlv/docs/blob/master/freebsd/freebsd-with-zfs-digitalocean.md\" rel=\"nofollow\"\u003eHow to install FreeBSD with ZFS filesystem on DigitalOcean\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eI know we’ve mentioned using FreeBSD + ZFS on digital ocean in the past, but today we have a nice HowTo by Kaspars Mickevics (fxlv) on GitHub.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eBefore getting started, kaspars mentions some pre-reqs. First up  he recommends starting with a Minimum of 2GB of RAM. (The $20/mo droplet). This is to ensure you have plenty of cushion to avoid running out of memory during the process. It is possible to use ZFS with less, but depending on your desired workload this does make sense.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eFrom there, checking out “mfsBSD” is discussed, along with details on how to make it suitable for a DO installation. (Mostly just disabling DHCP for the network device) For good measure ‘pkg-static’ is also included.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWith that done, using mfsBSD you will create a tar file, which is then extracted on top of the running system.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAfter rebooting, you will be able to run “bsdinstall” and proceed to installing / formatting your disk with ZFS as normal.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA good tutorial, something I may need to do here in the near future.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.nongnu.org/archive/html/libreboot/2016-08/msg00058.html\" rel=\"nofollow\"\u003eUser manages to get OpenBSD and FreeBSD working with Libreboot\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn a short drive-by post to the Libreboot mailing list Piotr Kubaj gives a quick notice that he managed to get OpenBSD and FreeBSD both booting.\n\u0026gt; I know GNU people don\u0026#39;t like BSD, so let me make it quick :)\n\u0026gt; \n\u0026gt; \n\u0026gt; I\u0026#39;ve succeeded in booting FreeBSD 11.0-RC1 using txt mode on my X200\n\u0026gt; with the newest Libreboot.\n\u0026gt; \n\u0026gt; To get installer to boot, I used:\n\u0026gt; kfreebsd (usb0,gpt3)/boot/kernel/kernel\n\u0026gt; set FreeBSD.vfs.mountfrom=ufs:/dev/da1p3\n\u0026gt; boot\n\u0026gt; \n\u0026gt; I didn\u0026#39;t try to install yet.\n\u0026gt;\u003c/li\u003e\n\u003cli\u003eThe trick looks relatively simple (looks like GRUB), manually loading the kernel with ‘kfreebsd’ and then setting the vfs.root.mountfrom \nvariable to find the USB stick.\u003c/li\u003e\n\u003cli\u003eIn an update he also mentions booting OpenBSD with ‘kopenbsd’ instead of ‘kfreebsd’ (again GRUB syntax)\u003c/li\u003e\n\u003cli\u003eNow somebody will need to test installation of the system (he didn’t) and see what other issues may crop up in running BSD on a free BIOS.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits:\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-July/624192.html\" rel=\"nofollow\"\u003eThe ACPICA (ACPI Component Architecture) coding language AML now in DragonFly BSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://groups.google.com/forum/#!topic/comp.sys.tahoe/50ManvdM1-s\" rel=\"nofollow\"\u003eRelease announcement for 4.3BSD Tahoe from 1988 \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/FLpybL6D\" rel=\"nofollow\"\u003e Mike - Jail Uptime\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/RGuayhB3\" rel=\"nofollow\"\u003e Greg - Router Hardware\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/NT4zmHiG\" rel=\"nofollow\"\u003e Kristof writes in\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/CtetZdFg\" rel=\"nofollow\"\u003e Ty - Updates and Logs\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Qq3VbQG2\" rel=\"nofollow\"\u003e Benjamin - MTA Bug \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, Allan is back from his UK trip and we’ll get to hear his thoughts on the developer summit. That plus all the","date_published":"2016-08-24T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b9e388cd-9daa-4d62-9422-394e403bc03e.mp3","mime_type":"audio/mpeg","size_in_bytes":63828148,"duration_in_seconds":5319}]},{"id":"fba64561-1dc0-4be9-8f98-99ed69324e02","title":"155: Cabling up FreeBSD","url":"https://www.bsdnow.tv/155","content_text":"This week on BSDNow, Allen is away in the UK (For BSDCam), but we still have a full episode for you! Don’t miss our interview with\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMy two year journey to becoming an OS Developer \n\n\nA blog post by Ryan Zezeski about how he ended doing OS Development instead of working on application\nWe have featured his posts before, including The illumos SYSCALL Handler\n\n\n\nIt started in the summer of 2014: I had just left Basho after 3.5 years of working on Riak, when I decided I wanted to become an OS developer. I purchased Solaris Internals, cloned illumos-gate, fired up cscope, and got to work. I hardly knew any C, x86 might as well have been Brainfuck, and, frankly, I knew shit about operating systems. But I was determined.\nI’ve always learned best by beating my head against something until it makes sense. I’m not a fast learner; I’m persistent. What others have in ability I make up for in effort. And when it comes to OS internals it’s all about work ethic. The more you look, the more you realize it’s just another program. The main difference being: it’s the program all the other programs run on.\nMy strategy: to pick something, anything, that looked interesting, and write a post describing how it works. I wrote several of these posts in 2014 and 2015. More important, it put me in touch with Roger Faulkner: the creator of truss(1), the Solaris process model, and the real /proc filesystem. At the time I didn’t like my interaction with Roger. He explained, in what I would later find out to be his typical gruff manner, that I was wrong; so I concluded he is a prick. But over the years I realized that I was being a brat—he was trying to teach me something and I let my ego get in the way. I’ve come to view that interaction as a blessing. I interacted with one of the greats, a mentor of my mentor’s mentor (a Great Great Mentor).\nA couple of weeks later something even more surreal happened, at illumos Day 2014. Bryan Cantrill was the last speaker of the day. One of my mentors and someone I admire greatly. He was there to regale us with the story of Joyent’s resurrection of lx-branded zones: Linux system call emulation on top of the illumos kernel. But before he would do that he decided to speak about me! I couldn’t believe it. I was so overwhelmed that I don’t remember most of what he said. I was too busy flipping shit—Bryan Cantrill is on stage, in front of other kernel developers I look up to, saying my name. I was in a dream. It turns out, unknown to me at the time, that he wrote the POSIX queue code for both Solaris and QNX, which I wrote about. He compared me to the great expository technical writers Elliott Organick and Richard Stevens. And it was at this moment that I knew I could do this: I could become an OS developer.\nNever underestimate the effect kind words can have on someone that looks up to you.\n\n\n\nThere is a lot more to the story, and it is definitely worth the read\nThe story then goes on to talk about his recent run in with Bryan Cantrill\n\u0026gt; A week from now my two year journey to become an OS developer comes to an end; and a new chapter begins. I don’t know what specific things I’m going to work on, but I’m sure it will push me to the limit. I look forward to the challenge.\n***\n\n\nVersion 1.0 of the Lumina Desktop released\n\n\nAfter 4 years of development, Lumina Desktop has now hit version 1.0!\nThis release brings with it a slew of new features and support:\n\n\n\n\nCompletely customizable interface! Rather than having to learn how to use a new layout, change the desktop to suit you instead!\nSimple shortcuts for any application! The “favorites” system makes it easy to find and launch applications at any time.\nExtremely lightweight! Allows applications to utilize more of your system hardware and revitalizes older systems!\nMultiple-monitor support! Each monitor is treated as an independent entity – making it great for presentation systems which use a temporary monitor or for workstations which utilize an array of monitors for various tasks.\n\n\n\n\nWhile originally developed on PC-BSD, it already has been ported to a variety of different platforms, including OpenBSD, DragonFly, NetBSD, Debian and Gentoo\nLumina has become the defacto desktop environment for TrueOS (Formerly PC-BSD), and looks like will provide a solid framework to continue growing desktop features.\n***\n\n\nn2k16 hackathon report: Ken Westerback on dhclient, bridges, routing and more\n\n\nNext up, we have a report from Ken Westerback talking about the recent OpenBSD hackathon in Prague\nHe starts by telling us about the work in bpf:\n\n\n\nFirst order of business, stsp@'s weird setup involving bridges and multiple dhclient clients. A bit of bpf(4) programming to restrict dhclient to handling ethernet packets unicast to its interface worked. Cool. Unfortunately it turned out some lazy dhcp servers always use ethernet broadcasts just because some lesser, non-OpenBSD clients ignore unicast packets until they have configured IP. Classic chicken and egg. So this was backed out just before 6.0. Sigh.\n\n\n\nNext up, he talks about an idea he had on the flight over, specifically with regard to how DHCP leases are stored, and how keeping the SSID information with them could speed up re-connection times, by only trying leases for current SSID’s connected. After a day or so of hacking, it was working! However for $REASONS it was shelved for post 6.0, bummer! \n He then discusses an on-going project with Peter Hessler on passing along relevant PIDs in response to routing messages generated by kernel from ioctl events. This is something they’ve been hacking at, in order to allow dhclient to recognize its own routing messages. Sounds like they are both still works-in-progress.\nHowever, Ken did get something in for 6.0:\n\n\n\nDiving back into dhclient code I discovered that in situations where multiple offers were received the unused offers were not being declined and discarded. Despite a clear comment saying that's what was being done! Thus dhclient might gradually use up more and more memory. And possibly be retrying offers that should have been discarded. The fix for this did make 6.0! Yay!\n\n\n\n\nIn Memoriam Roger Faulkner \n\n\nUSENIX has re-released Roger Faulkner’s original paper on /proc as a free download\nThe UNIX community recently lost one of its original pioneers, Roger Faulkner, whom one commenter described as “The godfather of post-AT\u0026amp;T UNIX”\nIn his memory, the USENIX group as re-released his original paper on the /proc file-system from 1991.\nRoger worked in many area’s of UNIX, however the process file system /proc was his special baby.\n“/proc began as a debugger interface superseding ptrace(2) but has evolved into a general interface to the process model.”\nThe original /proc only had a file for each process, not a directory. \"Data may be transferred from or to any valid locations in the process's address space by applying lseek(2) to position the file at the virtual address of interest followed by read(2) or write(2).\"\nProcesses could be controlled using IOCTLs on the file\nAs the USENIX article states:\n\n\nRoger believed that terrible things were sometimes required to create beautiful abstractions, and his trailblazing work on /proc embodies this burden: the innards may be delicate and nasty (\"vile,\" as Roger might say in his distinguished Carolinian accent)—but the resulting abstractions are breathtaking in their power, scope and robustness.\n\nRIP Roger, and thanks for the wonderful UNIX legacy you’ve left us all.\n\n\n\n\nInterview - Myke Geiger - myke@servernorth.net / @mWare\n\n\nUsing FreeBSD at a DSL/Cable ISP\n***\n\n\nNews Roundup\n\nNew options in bsdinstall - some sysctls and date/time settings\n\n\nbsdinstall in FreeBSD 11.0 will feature a number of new menus.\nThe first, well allow you to set the date and time. Often on computers that have been in storage, or some embedded type devices that have no RTC, the date will be wildly wrong, and ntpd will refuse to run until the date is correctly set. This feature makes it easy to enter the date and time using dialog(1)\nThe second menu, inspired by the existing ‘services’ menu, offers a number of ‘hardening’ options\nThis menu allows users to easily enable a number of security features, including:\n\n\nHide processes running as other users/groups\nDisable reading the kernel message buffer and debugging processes for unprivileged users\nRandomize the PID of newly created processes\nEnable the stack guard\nErase /tmp at boot\nDisable remote syslog\nDisable sendmail\n\nAll of these options are off by default, so that an install done with the installer will be the same as an install from source, or an upgrade.\nA number of these options are candidates to become on-by-default in the future, so the hope is that this menu will get more users to test these features and find any negative interactions with applications or general use, so they can be fixed.\n***\n\n\nRawrite32: the NetBSD image writing tool\n\n\nMartin of the NetBSD project has released a new version of his USB imaging tool, rawrite32\nFor those who’ve not used this tool before, it is a Windows Application that allows writing NetBSD images directly to USB media (other other disk media)\nThis update brings with it support for writing .xz file, and binary signing\nThis may come in handy for writing other OS images to memory sticks as well, especially for those locked into a windows environment who need to \nswitch.\n***\n\n\nZFS-Snap-Diff -- A pretty interface for viewing what changed after a ZFS snapshot \n\n\nThere are lots of nice little utilities to help create and maintain your ZFS snapshots. However today we have something unique to look at, ‘zfs-snap-diff’.\nWhat makes it unique, is that it ships with a built-in golang / angularjs GUI for snapshot management\nIt looks very powerful, including a built-in diff utility, so you can even see the changes in text-files, in addition to downloading files, restoring old versions and more.\nIts nice to see so many ZFS utilities starting to take off, and evolve file-management further.\n***\n\n\nDtrace Conf 2016 Event Videos\n\n\nThe videos from Dtrace.conf 2016 have been posted\nSome highlights:\n\n\nUseful DTrace Intro\nCTF Everywhere\nDistributed DTrace\nDTrace for Apps\nDTrace json() subroutine\nImplementing (or not) fds[] in FreeBSD\nOpenDTrace\nDTrace performance improvements with always-on instrumentation\nD Syntactic Sugar\nDTrace and Go, DTrace and Postgres\n\ndtrace.conf(16) wrap-up by Bryan Cantrill \n\n\n\nOnce again, it was an eclectic mix of technologists — and once again, the day got kicked off with me providing an introduction to dtrace.conf and its history. (Just to save you the time filling out your Cantrill Presentation Bingo Card: you can find me punching myself at 16:19, me offering unsolicited personal medical history at 20:11, and me getting trolled by unikernels at 38:25.)\n\n\n\nThe next DTrace.conf isn’t until 2020\n***\n\n\nBeastie Bits\n\n\nThe BSD Daemon features in Mexican candy packaging \nRemove PG_ZERO and zeroidle (page-zeroing) entirely\nOpenBSD: Release Songs: 6.0: \"Black Hat\"\nOpenBSD Gaming Resource \nLibreSSL 2.4.2 and 2.3.7 Released \n\n\nFeedback/Questions\n\n\n Pedja - Bhyve GUI  \n Tim - Jail Management \n Don - X260  \n David - Updates \n Ghislain - Jail Management \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, Allen is away in the UK (For BSDCam), but we still have a full episode for you! Don’t miss our interview with\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://zinascii.com/2016/going-to-joyent.html\" rel=\"nofollow\"\u003eMy two year journey to becoming an OS Developer \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA blog post by Ryan Zezeski about how he ended doing OS Development instead of working on application\u003c/li\u003e\n\u003cli\u003eWe have featured his posts before, including \u003ca href=\"http://zinascii.com/2016/the-illumos-syscall-handler.html\" rel=\"nofollow\"\u003eThe illumos SYSCALL Handler\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIt started in the summer of 2014: I had just left Basho after 3.5 years of working on Riak, when I decided I wanted to become an OS developer. I purchased Solaris Internals, cloned illumos-gate, fired up cscope, and got to work. I hardly knew any C, x86 might as well have been Brainfuck, and, frankly, I knew shit about operating systems. But I was determined.\u003cbr\u003e\nI’ve always learned best by beating my head against something until it makes sense. I’m not a fast learner; I’m persistent. What others have in ability I make up for in effort. And when it comes to OS internals it’s all about work ethic. The more you look, the more you realize it’s just another program. The main difference being: it’s the program all the other programs run on.\u003cbr\u003e\nMy strategy: to pick something, anything, that looked interesting, and write a post describing how it works. I wrote several of these posts in 2014 and 2015. More important, it put me in touch with Roger Faulkner: the creator of truss(1), the Solaris process model, and the real /proc filesystem. At the time I didn’t like my interaction with Roger. He explained, in what I would later find out to be his typical gruff manner, that I was wrong; so I concluded he is a prick. But over the years I realized that I was being a brat—he was trying to teach me something and I let my ego get in the way. I’ve come to view that interaction as a blessing. I interacted with one of the greats, a mentor of my mentor’s mentor (a Great Great Mentor).\u003cbr\u003e\nA couple of weeks later something even more surreal happened, at illumos Day 2014. Bryan Cantrill was the last speaker of the day. One of my mentors and someone I admire greatly. He was there to regale us with the story of Joyent’s resurrection of lx-branded zones: Linux system call emulation on top of the illumos kernel. But before he would do that he decided to speak about me! I couldn’t believe it. I was so overwhelmed that I don’t remember most of what he said. I was too busy flipping shit—Bryan Cantrill is on stage, in front of other kernel developers I look up to, saying my name. I was in a dream. It turns out, unknown to me at the time, that he wrote the POSIX queue code for both Solaris and QNX, which I wrote about. He compared me to the great expository technical writers Elliott Organick and Richard Stevens. And it was at this moment that I knew I could do this: I could become an OS developer.\u003cbr\u003e\nNever underestimate the effect kind words can have on someone that looks up to you.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere is a lot more to the story, and it is definitely worth the read\u003c/li\u003e\n\u003cli\u003eThe story then goes on to talk about his recent run in with Bryan Cantrill\n\u0026gt; A week from now my two year journey to become an OS developer comes to an end; and a new chapter begins. I don’t know what specific things I’m going to work on, but I’m sure it will push me to the limit. I look forward to the challenge.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lumina-desktop.org/version-1-0-0-released/\" rel=\"nofollow\"\u003eVersion 1.0 of the Lumina Desktop released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter 4 years of development, Lumina Desktop has now hit version 1.0!\u003c/li\u003e\n\u003cli\u003eThis release brings with it a slew of new features and support:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eCompletely customizable interface! Rather than having to learn how to use a new layout, change the desktop to suit you instead!\u003c/li\u003e\n\u003cli\u003eSimple shortcuts for any application! The “favorites” system makes it easy to find and launch applications at any time.\u003c/li\u003e\n\u003cli\u003eExtremely lightweight! Allows applications to utilize more of your system hardware and revitalizes older systems!\u003c/li\u003e\n\u003cli\u003eMultiple-monitor support! Each monitor is treated as an independent entity – making it great for presentation systems which use a temporary monitor or for workstations which utilize an array of monitors for various tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile originally developed on PC-BSD, it already has been ported to a variety of different platforms, including OpenBSD, DragonFly, NetBSD, Debian and Gentoo\u003c/li\u003e\n\u003cli\u003eLumina has become the defacto desktop environment for TrueOS (Formerly PC-BSD), and looks like will provide a solid framework to continue growing desktop features.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160804200232\" rel=\"nofollow\"\u003en2k16 hackathon report: Ken Westerback on dhclient, bridges, routing and more\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext up, we have a report from Ken Westerback talking about the recent OpenBSD hackathon in Prague\u003c/li\u003e\n\u003cli\u003eHe starts by telling us about the work in bpf:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst order of business, stsp@\u0026#39;s weird setup involving bridges and multiple dhclient clients. A bit of bpf(4) programming to restrict dhclient to handling ethernet packets unicast to its interface worked. Cool. Unfortunately it turned out some lazy dhcp servers always use ethernet broadcasts just because some lesser, non-OpenBSD clients ignore unicast packets until they have configured IP. Classic chicken and egg. So this was backed out just before 6.0. Sigh.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext up, he talks about an idea he had on the flight over, specifically with regard to how DHCP leases are stored, and how keeping the SSID information with them could speed up re-connection times, by only trying leases for current SSID’s connected. After a day or so of hacking, it was working! However for $REASONS it was shelved for post 6.0, bummer! \u003c/li\u003e\n\u003cli\u003e He then discusses an on-going project with Peter Hessler on passing along relevant PIDs in response to routing messages generated by kernel from ioctl events. This is something they’ve been hacking at, in order to allow dhclient to recognize its own routing messages. Sounds like they are both still works-in-progress.\u003c/li\u003e\n\u003cli\u003eHowever, Ken did get something in for 6.0:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eDiving back into dhclient code I discovered that in situations where multiple offers were received the unused offers were not being declined and discarded. Despite a clear comment saying that\u0026#39;s what was being done! Thus dhclient might gradually use up more and more memory. And possibly be retrying offers that should have been discarded. The fix for this did make 6.0! Yay!\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.usenix.org/memoriam-roger-faulkner\" rel=\"nofollow\"\u003eIn Memoriam Roger Faulkner \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUSENIX has re-released Roger Faulkner’s original paper on /proc as a free download\u003c/li\u003e\n\u003cli\u003eThe UNIX community recently lost one of its original pioneers, Roger Faulkner, whom one commenter described as “The godfather of post-AT\u0026amp;T UNIX”\u003c/li\u003e\n\u003cli\u003eIn his memory, the USENIX group as re-released his original paper on the /proc file-system from 1991.\u003c/li\u003e\n\u003cli\u003eRoger worked in many area’s of UNIX, however the process file system /proc was his special baby.\u003c/li\u003e\n\u003cli\u003e“/proc began as a debugger interface superseding ptrace(2) but has evolved into a general interface to the process model.”\u003c/li\u003e\n\u003cli\u003eThe original /proc only had a file for each process, not a directory. \u0026quot;Data may be transferred from or to any valid locations in the process\u0026#39;s address space by applying lseek(2) to position the file at the virtual address of interest followed by read(2) or write(2).\u0026quot;\u003c/li\u003e\n\u003cli\u003eProcesses could be controlled using IOCTLs on the file\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAs the USENIX article states:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eRoger believed that terrible things were sometimes required to create beautiful abstractions, and his trailblazing work on /proc embodies this burden: the innards may be delicate and nasty (\u0026quot;vile,\u0026quot; as Roger might say in his distinguished Carolinian accent)—but the resulting abstractions are breathtaking in their power, scope and robustness.\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eRIP Roger, and thanks for the wonderful UNIX legacy you’ve left us all.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Myke Geiger - \u003ca href=\"mailto:myke@servernorth.net\" rel=\"nofollow\"\u003emyke@servernorth.net\u003c/a\u003e / \u003ca href=\"https://twitter.com/mWare\" rel=\"nofollow\"\u003e@mWare\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsing FreeBSD at a DSL/Cable ISP\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/4vxnw3/new_options_in_bsdinstall_some_sysctls_and/\" rel=\"nofollow\"\u003eNew options in bsdinstall - some sysctls and date/time settings\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ebsdinstall in FreeBSD 11.0 will feature a number of new menus.\u003c/li\u003e\n\u003cli\u003eThe first, well allow you to set the date and time. Often on computers that have been in storage, or some embedded type devices that have no RTC, the date will be wildly wrong, and ntpd will refuse to run until the date is correctly set. This feature makes it easy to enter the date and time using dialog(1)\u003c/li\u003e\n\u003cli\u003eThe second menu, inspired by the existing ‘services’ menu, offers a number of ‘hardening’ options\u003c/li\u003e\n\u003cli\u003eThis menu allows users to easily enable a number of security features, including:\n\n\u003cul\u003e\n\u003cli\u003eHide processes running as other users/groups\u003c/li\u003e\n\u003cli\u003eDisable reading the kernel message buffer and debugging processes for unprivileged users\u003c/li\u003e\n\u003cli\u003eRandomize the PID of newly created processes\u003c/li\u003e\n\u003cli\u003eEnable the stack guard\u003c/li\u003e\n\u003cli\u003eErase /tmp at boot\u003c/li\u003e\n\u003cli\u003eDisable remote syslog\u003c/li\u003e\n\u003cli\u003eDisable sendmail\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAll of these options are off by default, so that an install done with the installer will be the same as an install from source, or an upgrade.\u003c/li\u003e\n\u003cli\u003eA number of these options are candidates to become on-by-default in the future, so the hope is that this menu will get more users to test these features and find any negative interactions with applications or general use, so they can be fixed.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netbsd.org/%7Emartin/rawrite32/\" rel=\"nofollow\"\u003eRawrite32: the NetBSD image writing tool\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMartin of the NetBSD project has released a new version of his USB imaging tool, rawrite32\u003c/li\u003e\n\u003cli\u003eFor those who’ve not used this tool before, it is a Windows Application that allows writing NetBSD images directly to USB media (other other disk media)\u003c/li\u003e\n\u003cli\u003eThis update brings with it support for writing .xz file, and binary signing\u003c/li\u003e\n\u003cli\u003eThis may come in handy for writing other OS images to memory sticks as well, especially for those locked into a windows environment who need to \nswitch.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/j-keck/zfs-snap-diff\" rel=\"nofollow\"\u003eZFS-Snap-Diff -- A pretty interface for viewing what changed after a ZFS snapshot \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere are lots of nice little utilities to help create and maintain your ZFS snapshots. However today we have something unique to look at, ‘zfs-snap-diff’.\u003c/li\u003e\n\u003cli\u003eWhat makes it unique, is that it ships with a built-in golang / angularjs GUI for snapshot management\u003c/li\u003e\n\u003cli\u003eIt looks very powerful, including a built-in diff utility, so you can even see the changes in text-files, in addition to downloading files, restoring old versions and more.\u003c/li\u003e\n\u003cli\u003eIts nice to see so many ZFS utilities starting to take off, and evolve file-management further.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.joyent.com/about/events/2016/dtrace-conf\" rel=\"nofollow\"\u003eDtrace Conf 2016 Event Videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe videos from Dtrace.conf 2016 have been posted\u003c/li\u003e\n\u003cli\u003eSome highlights:\n\n\u003cul\u003e\n\u003cli\u003eUseful DTrace Intro\u003c/li\u003e\n\u003cli\u003eCTF Everywhere\u003c/li\u003e\n\u003cli\u003eDistributed DTrace\u003c/li\u003e\n\u003cli\u003eDTrace for Apps\u003c/li\u003e\n\u003cli\u003eDTrace json() subroutine\u003c/li\u003e\n\u003cli\u003eImplementing (or not) fds[] in FreeBSD\u003c/li\u003e\n\u003cli\u003eOpenDTrace\u003c/li\u003e\n\u003cli\u003eDTrace performance improvements with always-on instrumentation\u003c/li\u003e\n\u003cli\u003eD Syntactic Sugar\u003c/li\u003e\n\u003cli\u003eDTrace and Go, DTrace and Postgres\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.joyent.com/blog/dtrace-conf-16-wrap-up\" rel=\"nofollow\"\u003edtrace.conf(16) wrap-up by Bryan Cantrill\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOnce again, it was an eclectic mix of technologists — and once again, the day got kicked off with me providing an introduction to dtrace.conf and its history. (Just to save you the time filling out your Cantrill Presentation Bingo Card: you can find me punching myself at 16:19, me offering unsolicited personal medical history at 20:11, and me getting trolled by unikernels at 38:25.)\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe next DTrace.conf isn’t until 2020\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.reddit.com/r/BSD/comments/4vngmw/the_bsd_daemon_feature_in_mexican_candy_packaging/\" rel=\"nofollow\"\u003eThe BSD Daemon features in Mexican candy packaging\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-August/624202.html\" rel=\"nofollow\"\u003eRemove PG_ZERO and zeroidle (page-zeroing) entirely\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.openbsd.org/lyrics.html#60b\" rel=\"nofollow\"\u003eOpenBSD: Release Songs: 6.0: \u0026quot;Black Hat\u0026quot;\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://satterly.neocities.org/openbsd_games.html\" rel=\"nofollow\"\u003eOpenBSD Gaming Resource\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://bsdsec.net/articles/libressl-2-4-2-and-2-3-7-released\" rel=\"nofollow\"\u003eLibreSSL 2.4.2 and 2.3.7 Released\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/LJcJmNsR\" rel=\"nofollow\"\u003e Pedja - Bhyve GUI \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/259x94Rh\" rel=\"nofollow\"\u003e Tim - Jail Management\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/A86yHnzz\" rel=\"nofollow\"\u003e Don - X260 \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/wjtcuVSA\" rel=\"nofollow\"\u003e David - Updates\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/DgH9G7p5\" rel=\"nofollow\"\u003e Ghislain - Jail Management\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, Allen is away in the UK (For BSDCam), but we still have a full episode for you! Don’t miss our interview with","date_published":"2016-08-17T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fba64561-1dc0-4be9-8f98-99ed69324e02.mp3","mime_type":"audio/mpeg","size_in_bytes":84693460,"duration_in_seconds":7057}]},{"id":"0bae832b-aaaf-4862-8850-b4797b8350f8","title":"154: Myths, Pi’s \u0026 Features, oh my!","url":"https://www.bsdnow.tv/154","content_text":"This week on BSDNow, we are taking a look at a few different tutorials, including running your very own RPi web-server. (Come-on, you\n\nThis episode was brought to you by\n\n\n/\u0026gt;\n\n\n\nHeadlines\n\nbroken features aren't used\n\n\nThis post from TedU talks about the difficulty of removing features from an operating system\n“One of the difficulties in removing a feature is identifying all the potential users. A feature here could be a program bundled with an operating system, or a command line option, or maybe just a function in a library. If we remove a feature, users that depend on it will be sad. Unfortunately, absence of evidence is not evidence of absence. I’ve never heard of anybody running ls -p but it’s not impossible that somebody does.”\n“The reasons why we want to remove an existing feature can vary. Sometimes it’s old code that interferes with maintenance. Sometimes a nearly complete rewrite can improve performance. In other cases, the feature in question is really more of a misfeature. It may have security implications, where the existence of the feature can be used to facilitate the exploitation of other vulnerabilities, and removing the feature will help mitigate the exploit.”\n“There’s no general test that can be used, but there is one test that works in many cases. Test that the feature works. If the feature doesn’t work, that’s compelling evidence that nobody is using it, because nobody can be using it. You don’t need to fix it. You can just remove it.”\nHe makes some interesting comments about exhaustive unit tests and the push to keep everything working all the time. If you never break anything to see if someone complains, how do you know if it is still being used?\n***\n\n\nA Raspberry Pi FreeBSD Web Server\n\n\nLooking at a super-low power solution to host some webpages? If so, we have the tutorial for you.\nSpecifically a walkthrough of getting FreeBSD up on a Pi, and setting up nginx, OpenNTPD, LibreSSL and friends. \nThe walkthrough starts with grabbing a FreeBSD 11 snapshot for arm64 and doing the initial setup process to get to a bootable FreeBSD system.\nIf you are an extreme noob, not to fear. The tutorial walks you through setting up usernames, timezones, even a larger /tmp directory on your new MiniBSD setup.\nThe tedious part comes to play during the setup of packages. The author walks us through setting up LibreSSL and various other packages via ports (Since LibreSSL isn’t the default in FreeBSD). This will take some time to compile on your humble RPi device. (Go make a sandwich, walk the dog, fix the gutters, etc)\nWhen it’s all said and done, you’ll end up with a secure little web-server that you’ve configured all by yourself! (Wondering what the word-press performance would be like on that box)\n***\n\n\nUber switches from PostgreSQL back to MySQL \n\n\nWe often hear success stories of people switching to PostgreSQL and getting huge performance gains, but this stories is the reverse\nUber’s engineering team has switched back to MySQL, because for their specific workload and design, MySQL’s innodb has better performance\nOf course, it is not just vanilla MySQL, but “Schemaless”, a sharding system that sits on top of MySQL\nThe article goes into detail about the on-disk format used by Postgres, and the specific shortcomings that Uber encountered\nUber admits that all of its testing was against the older PostgreSQL 9.2, but one of their complaints is about having difficulty upgrading\n“We started out with Postgres 9.1 and successfully completed the upgrade process to move to Postgres 9.2. However, the process took so many hours that we couldn’t afford to do the process again. By the time Postgres 9.3 came out, Uber’s growth increased our dataset substantially, so the upgrade would have been even lengthier. For this reason, our legacy Postgres instances run Postgres 9.2 to this day, even though the current Postgres GA release is 9.5.”\nThere is a followup, from the Postgres side\n“Why we lost Uber as a user”  \nThis thread goes into detail about the specific types of problematic queries that Uber was using\n“The Uber guy is right that InnoDB handles this better as long as you don't touch the primary key (primary key updates in InnoDB are really bad)”\n“This is a common problem case we don't have an answer for yet.”\nThe thread then goes on to discuss possibly supporting a “pluggable heap storage layer”, to allow different workloads to use different on-disk formats for best performance\n***\n\n\nGetting started with GhostBSD and FreeBSD\n\n\nPart 1 \nPart 2 \nPart 3 \nPart 4 \nIn what may be our first GhostBSD tutorial, we have a nice walkthrough on the initial getting started with it.\nFor those who don’t know, GhostBSD provides a nice XFCE or Mate desktop out of box, and still supports 32bit installs for those who want to keep that older hardware running.\nThe walkthough takes us through the process of grabbing GhostBSD images and getting the installer up and running via bootable USB stick.\nOnce booted, the graphical installer is straight-forward and short, allowing you to get the bits on disk as quickly as possible. (The actual installation took around 45 Minutes on an old Toshiba NB520)\nThe author then takes us on a tour of some of GhostBSD’s out-of-box bundled applications (Along with XFCE) and how it compares to similar Linux setups.\nLastly covered is the setup of Wireless (The manual way with WPA supplicant, since the GUI tool appeared to not work in this particular case)\nAll in all a good walkthrough, especially if you’ve not seen GhostBSD in action before, the screenshots are very informative!\n***\n\n\nNews Roundup\n\nSteam on FreeBSD 11-CURRENT\n\n\nSteam on FreeBSD. Yes, we’ve heard of setups using WINE, but what about running the Linux binaries natively?\nWell you are in luck. We have a github project that details getting the Linux native client up and running on a FreeBSD 11-CURRENT system.\nThis github project is rather mysterious, with only the instructions to download a pre-packaged steam.txz file, extract and run the provided install.sh script.\nCurious I inspected some of the scripts, the installer.sh is fairly straight-forward, but does some ‘non-standard’ freebsd things, like fetching packages and extracting specific files/libaries into a new /compat/ubuntu directory. \nAfter that, it goes through a huge list of debian/ubuntu packages, also throwing them into the aforementioned ubuntu directory.\nAt runtime, the wrapper script ensures that various linux compat file-systems are mounted in the correct location, then proceeds to run steam with some LD_LIBRARY_FLAGS set from the users .local/share/steam directory.\nA tad scary if honest, however it is a neat PoC to see Steam working on FreeBSD. Hopefully somebody can turn this into a more traditional package which can be easily removed / cleaned up afterwards.\n***\n\n\nHow to run Enlightenment on OpenBSD\n\n\nAre you an enlightenment fan? Be honest, we know there are quite a few of you out there!\nIf so, we have a tutorial for you today, which talks about how to run E on OpenBSD.\nThe process is pretty easy, but some steps might be overlooked if you are new to OpenBSD or don’t know how to tune / compile things on your own.\nIt starts out with adjusting some sysctl’s for better tuning that works on an E based desktop.\nNext is installing from package some pre-reqs that will enable us to build E from source.\nAfter that, we need to download and install EFL from github, and the autogen / gmake commands are helpfully provided for you.\nLastly the same is done for E itself, and TADA, E is installed and ready to go on your OpenBSD system. If you do this right, should only take 5-10 minutes to be up and running.\n***\n\n\nMyths about FreeBSD\n\n\nOver on the FreeBSD wiki, we have a new “Myths” page which we’ve never highlighted on the show before. \nFirst up, and one I’ve very familiar with, is the usual “FreeBSD is only for Servers and not Desktops”, along with a good rebuttal about what it does offer and mention of projects such as PC-BSD which do it also.\nAnother prevalent one is the “FreeBSD has a closed development model”, which is easily refuted:\n\n\n\nFreeBSD has over 400 developers around the world who have commit access to the repository. Many of these are willing to commit patches from third parties. If you want to get an idea of the number of patches that have been committed on behalf of other developers, then search for 'Submitted by' in the commit logs. At the time of writing, this is just under twenty thousand, or about ten percent of all commits. After having a few patches accepted, regular contributors are usually encouraged to apply for commit access.\n\n\n\nAnother one that we are still hearing (Although it is less and less now) was the common “FreeBSD makes me compile everything from source”. Listeners of this show will know that pkg has pretty much made this irrelevant in recent years. However the option to compile yourself from source still exists, but most users won’t find this ever necessary.\nA good list, with many more items on it than we’ve mentioned here. Take a look, you might find something there you’ve heard in the wild, or maybe even thought yourself at one point!\n\n\n\n\nFreeBSD Area51 testing repo, KDE 5 \n\n\nThis github GIST from Steve Wills provides the instructions to enable the FreeBSD xorg teams unofficial ‘Area51’ testing repo on your machine\nThis gives you access to the new KDE 5\nUsers should obviously be careful testing early-access software, but bug reports are very welcome, and important to getting KDE 5 working well under FreeBSD\n***\n\n\nBeastie Bits\n\n\nNetBSD Machines at Open Source Conference 2016 Kyoto \nHow to install htop on pfSense \nThe first ever patch for #Chromium on #NetBSD has been committed!\nCharmBug - Adventures in Hardened BSD - August 24th 2016 \n\n\nFeedback/Questions\n\n\n Emanual - GoTTY  \n Joe - Disable Device  \n Allen - ZFS Send/Recv \n Mica - Adobe Replacements \n Robroy - RAID \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we are taking a look at a few different tutorials, including running your very own RPi web-server. (Come-on, you\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" \u003cbr\u003e\n/\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for \u003cbr\u003e\nDevelopers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly \u003cbr\u003e\nParanoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/broken-features-arent-used\" rel=\"nofollow\"\u003ebroken features aren\u0026#39;t used\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis post from TedU talks about the difficulty of removing features from an operating system\u003c/li\u003e\n\u003cli\u003e“One of the difficulties in removing a feature is identifying all the potential users. A feature here could be a program bundled with an operating system, or a command line option, or maybe just a function in a library. If we remove a feature, users that depend on it will be sad. Unfortunately, absence of evidence is not evidence of absence. I’ve never heard of anybody running ls -p but it’s not impossible that somebody does.”\u003c/li\u003e\n\u003cli\u003e“The reasons why we want to remove an existing feature can vary. Sometimes it’s old code that interferes with maintenance. Sometimes a nearly complete rewrite can improve performance. In other cases, the feature in question is really more of a misfeature. It may have security implications, where the existence of the feature can be used to facilitate the exploitation of other vulnerabilities, and removing the feature will help mitigate the exploit.”\u003c/li\u003e\n\u003cli\u003e“There’s no general test that can be used, but there is one test that works in many cases. Test that the feature works. If the feature doesn’t work, that’s compelling evidence that nobody is using it, because nobody can be using it. You don’t need to fix it. You can just remove it.”\u003c/li\u003e\n\u003cli\u003eHe makes some interesting comments about exhaustive unit tests and the push to keep everything working all the time. If you never break anything to see if someone complains, how do you know if it is still being used?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://devio.us/%7Espacemonkey/raspberry_pi_freebsd_web_server_howto.html\" rel=\"nofollow\"\u003eA Raspberry Pi FreeBSD Web Server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking at a super-low power solution to host some webpages? If so, we have the tutorial for you.\u003c/li\u003e\n\u003cli\u003eSpecifically a walkthrough of getting FreeBSD up on a Pi, and setting up nginx, OpenNTPD, LibreSSL and friends. \u003c/li\u003e\n\u003cli\u003eThe walkthrough starts with grabbing a FreeBSD 11 snapshot for arm64 and doing the initial setup process to get to a bootable FreeBSD system.\u003c/li\u003e\n\u003cli\u003eIf you are an extreme noob, not to fear. The tutorial walks you through setting up usernames, timezones, even a larger /tmp directory on your new MiniBSD setup.\u003c/li\u003e\n\u003cli\u003eThe tedious part comes to play during the setup of packages. The author walks us through setting up LibreSSL and various other packages via ports (Since LibreSSL isn’t the default in FreeBSD). This will take some time to compile on your humble RPi device. (Go make a sandwich, walk the dog, fix the gutters, etc)\u003c/li\u003e\n\u003cli\u003eWhen it’s all said and done, you’ll end up with a secure little web-server that you’ve configured all by yourself! (Wondering what the word-press performance would be like on that box)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://eng.uber.com/mysql-migration/\" rel=\"nofollow\"\u003eUber switches from PostgreSQL back to MySQL \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe often hear success stories of people switching to PostgreSQL and getting huge performance gains, but this stories is the reverse\u003c/li\u003e\n\u003cli\u003eUber’s engineering team has switched back to MySQL, because for their specific workload and design, MySQL’s innodb has better performance\u003c/li\u003e\n\u003cli\u003eOf course, it is not just vanilla MySQL, but “Schemaless”, a sharding system that sits on top of MySQL\u003c/li\u003e\n\u003cli\u003eThe article goes into detail about the on-disk format used by Postgres, and the specific shortcomings that Uber encountered\u003c/li\u003e\n\u003cli\u003eUber admits that all of its testing was against the older PostgreSQL 9.2, but one of their complaints is about having difficulty upgrading\u003c/li\u003e\n\u003cli\u003e“We started out with Postgres 9.1 and successfully completed the upgrade process to move to Postgres 9.2. However, the process took so many hours that we couldn’t afford to do the process again. By the time Postgres 9.3 came out, Uber’s growth increased our dataset substantially, so the upgrade would have been even lengthier. For this reason, our legacy Postgres instances run Postgres 9.2 to this day, even though the current Postgres GA release is 9.5.”\u003c/li\u003e\n\u003cli\u003eThere is a followup, from the Postgres side\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.postgresql.org/message-id/5797D5A1.5030009%40agliodbs.com\" rel=\"nofollow\"\u003e“Why we lost Uber as a user” \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThis thread goes into detail about the specific types of problematic queries that Uber was using\u003c/li\u003e\n\u003cli\u003e“The Uber guy is right that InnoDB handles this better as long as you don\u0026#39;t touch the primary key (primary key updates in InnoDB are really bad)”\u003c/li\u003e\n\u003cli\u003e“This is a common problem case we don\u0026#39;t have an answer for yet.”\u003c/li\u003e\n\u003cli\u003eThe thread then goes on to discuss possibly supporting a “pluggable heap storage layer”, to allow different workloads to use different on-disk formats for best performance\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eGetting started with GhostBSD and FreeBSD\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://unsolicitedbutoffered.blogspot.com/2016/07/getting-started-with-ghostbsd-and.html\" rel=\"nofollow\"\u003ePart 1\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://unsolicitedbutoffered.blogspot.com/2016/07/getting-started-with-ghostbsd-and_31.html\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://unsolicitedbutoffered.blogspot.com/2016/08/getting-started-with-ghostbsd-and.html\" rel=\"nofollow\"\u003ePart 3\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://unsolicitedbutoffered.blogspot.com/2016/08/getting-started-with-ghostbsd-and_2.html\" rel=\"nofollow\"\u003ePart 4\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eIn what may be our first GhostBSD tutorial, we have a nice walkthrough on the initial getting started with it.\u003c/li\u003e\n\u003cli\u003eFor those who don’t know, GhostBSD provides a nice XFCE or Mate desktop out of box, and still supports 32bit installs for those who want to keep that older hardware running.\u003c/li\u003e\n\u003cli\u003eThe walkthough takes us through the process of grabbing GhostBSD images and getting the installer up and running via bootable USB stick.\u003c/li\u003e\n\u003cli\u003eOnce booted, the graphical installer is straight-forward and short, allowing you to get the bits on disk as quickly as possible. (The actual installation took around 45 Minutes on an old Toshiba NB520)\u003c/li\u003e\n\u003cli\u003eThe author then takes us on a tour of some of GhostBSD’s out-of-box bundled applications (Along with XFCE) and how it compares to similar Linux setups.\u003c/li\u003e\n\u003cli\u003eLastly covered is the setup of Wireless (The manual way with WPA supplicant, since the GUI tool appeared to not work in this particular case)\u003c/li\u003e\n\u003cli\u003eAll in all a good walkthrough, especially if you’ve not seen GhostBSD in action before, the screenshots are very informative!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/SteamOnFreeBSD/SteamOnFreeBSD\" rel=\"nofollow\"\u003eSteam on FreeBSD 11-CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSteam on FreeBSD. Yes, we’ve heard of setups using WINE, but what about running the Linux binaries natively?\u003c/li\u003e\n\u003cli\u003eWell you are in luck. We have a github project that details getting the Linux native client up and running on a FreeBSD 11-CURRENT system.\u003c/li\u003e\n\u003cli\u003eThis github project is rather mysterious, with only the instructions to download a pre-packaged steam.txz file, extract and run the provided install.sh script.\u003c/li\u003e\n\u003cli\u003eCurious I inspected some of the scripts, the installer.sh is fairly straight-forward, but does some ‘non-standard’ freebsd things, like fetching packages and extracting specific files/libaries into a new /compat/ubuntu directory. \u003c/li\u003e\n\u003cli\u003eAfter that, it goes through a huge list of debian/ubuntu packages, also throwing them into the aforementioned ubuntu directory.\u003c/li\u003e\n\u003cli\u003eAt runtime, the wrapper script ensures that various linux compat file-systems are mounted in the correct location, then proceeds to run steam with some LD_LIBRARY_FLAGS set from the users .local/share/steam directory.\u003c/li\u003e\n\u003cli\u003eA tad scary if honest, however it is a neat PoC to see Steam working on FreeBSD. Hopefully somebody can turn this into a more traditional package which can be easily removed / cleaned up afterwards.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://enform.haxlab.org/\" rel=\"nofollow\"\u003eHow to run Enlightenment on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAre you an enlightenment fan? Be honest, we know there are quite a few of you out there!\u003c/li\u003e\n\u003cli\u003eIf so, we have a tutorial for you today, which talks about how to run E on OpenBSD.\u003c/li\u003e\n\u003cli\u003eThe process is pretty easy, but some steps might be overlooked if you are new to OpenBSD or don’t know how to tune / compile things on your own.\u003c/li\u003e\n\u003cli\u003eIt starts out with adjusting some sysctl’s for better tuning that works on an E based desktop.\u003c/li\u003e\n\u003cli\u003eNext is installing from package some pre-reqs that will enable us to build E from source.\u003c/li\u003e\n\u003cli\u003eAfter that, we need to download and install EFL from github, and the autogen / gmake commands are helpfully provided for you.\u003c/li\u003e\n\u003cli\u003eLastly the same is done for E itself, and TADA, E is installed and ready to go on your OpenBSD system. If you do this right, should only take 5-10 minutes to be up and running.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/Myths\" rel=\"nofollow\"\u003eMyths about FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver on the FreeBSD wiki, we have a new “Myths” page which we’ve never highlighted on the show before. \u003c/li\u003e\n\u003cli\u003eFirst up, and one I’ve very familiar with, is the usual “FreeBSD is only for Servers and not Desktops”, along with a good rebuttal about what it does offer and mention of projects such as PC-BSD which do it also.\u003c/li\u003e\n\u003cli\u003eAnother prevalent one is the “FreeBSD has a closed development model”, which is easily refuted:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFreeBSD has over 400 developers around the world who have commit access to the repository. Many of these are willing to commit patches from third parties. If you want to get an idea of the number of patches that have been committed on behalf of other developers, then search for \u0026#39;Submitted by\u0026#39; in the commit logs. At the time of writing, this is just under twenty thousand, or about ten percent of all commits. After having a few patches accepted, regular contributors are usually encouraged to apply for commit access.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eAnother one that we are still hearing (Although it is less and less now) was the common “FreeBSD makes me compile everything from source”. Listeners of this show will know that pkg has pretty much made this irrelevant in recent years. However the option to compile yourself from source still exists, but most users won’t find this ever necessary.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eA good list, with many more items on it than we’ve mentioned here. Take a look, you might find something there you’ve heard in the wild, or maybe even thought yourself at one point!\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gist.github.com/swills/8a9a9f8a529256f134830c2a1476db0c\" rel=\"nofollow\"\u003eFreeBSD Area51 testing repo, KDE 5 \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis github GIST from Steve Wills provides the instructions to enable the FreeBSD xorg teams unofficial ‘Area51’ testing repo on your machine\u003c/li\u003e\n\u003cli\u003eThis gives you access to the new KDE 5\u003c/li\u003e\n\u003cli\u003eUsers should obviously be careful testing early-access software, but bug reports are very welcome, and important to getting KDE 5 working well under FreeBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2016/08/01/msg000712.html\" rel=\"nofollow\"\u003eNetBSD Machines at Open Source Conference 2016 Kyoto\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.cyberciti.biz/faq/pfsense-install-htop-using-pkg-command/\" rel=\"nofollow\"\u003eHow to install htop on pfSense\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/krytarowski/status/759909139300491265\" rel=\"nofollow\"\u003eThe first ever patch for #Chromium on #NetBSD has been committed!\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.meetup.com/CharmBUG/events/232474857/\" rel=\"nofollow\"\u003eCharmBug - Adventures in Hardened BSD - August 24th 2016\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/q24sNcNY\" rel=\"nofollow\"\u003e Emanual - GoTTY \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/iTkmpVr9\" rel=\"nofollow\"\u003e Joe - Disable Device \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/bPHEP4Ya\" rel=\"nofollow\"\u003e Allen - ZFS Send/Recv\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/L0ttuNx3\" rel=\"nofollow\"\u003e Mica - Adobe Replacements\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Dr92CGCU\" rel=\"nofollow\"\u003e Robroy - RAID\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we are taking a look at a few different tutorials, including running your very own RPi web-server. (Come-on, you","date_published":"2016-08-10T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0bae832b-aaaf-4862-8850-b4797b8350f8.mp3","mime_type":"audio/mpeg","size_in_bytes":35808916,"duration_in_seconds":2984}]},{"id":"a08dade0-6b9f-4b0c-8dbf-390f1d1a05c0","title":"153: Big int trouble","url":"https://www.bsdnow.tv/153","content_text":"This week on BSDNow, we have a variety of news to discuss, covering quite the spectrum of BSD. (Including a new DragonFly release!).\n\nThis episode was brought to you by\n\n\n/\u0026gt;\n\n\n\nHeadlines\n\nmy int is too big\n\n\n“The NCC Group report describes the bugs, but not the history of the code.”\n“Several of them, as reported by NCC, involved similar integer truncation issues. Actually, they involved very similar modern 64 bit code meeting classic 32 bit code”\n“The thrsleep system call is a part of the kernel code that supports threads. As the name implies, it gives userland a measure of control over scheduling and lets a thread sleep until something happens. As such, it takes a timeout in the form of a timespec. The kernel, however, internally implements time keeping using ticks (there are HZ, 100, ticks per second). The tsleep function (t is for timed) takes an int number of ticks and performs basic validation by checking that it’s not negative. A negative timeout would indicate that the caller has miscalculated. The kernel panics so you can fix the bug, instead of stalling forever.”\n“The trouble therefore is when userland is allowed to specify a timeout that could be negative. The existing code made an attempt to handle various tricks by converting the timespec to a ticks value stored as a 64 bit long long which was checked against INT_MAX before passing to sleep. Any value over INT_MAX would be truncated, so we can’t allow that. Instead, we saturate the value to INT_MAX. Unfortunately, this check didn’t account for the possibility that the tick conversion from the timespec could also overflow and result in a negative value.”\nThen there is the description of the kqueue flaw:\n“Every kqueue keeps a list of all the attached events it’s watching for. A simple array is used to store file events, indexed by fd.”\n“This array is scaled to accommodate the largest fd that needs to be stored. This would obviously cause trouble, consuming too much memory, if the identifier were not validated first. Which is exactly what kqueue tries to do. The fd_getfile function checks that the identifier is a file that the process has open. One wrinkle. fd_getfile takes an int argument but ident is a uintptr_t, possibly 64 bits. An ident of 232 + 2 will look like a valid file descriptor, but then cause the array to be resized to gargantuan proportions.”\n“Again, the fix is pretty simple. We must check that the ident is bounded by INT_MAX before calling fd_getfile. This bug likely would have been exploitable beyond a panic, but the array allocation was changed to use mallocarray instead of multiplying arguments by hand, thus preventing another overflow.”\nThen there is a description of the anonymous mmap flaw, and the “secret magic” __MAP_NOFAULT flag\n***\n\n\nFreeBSD Quarterly Status Report Q2 2016\n\n\nIt’s time for another round of FreeBSD Quarterly Status Reports!\nIn this edition, we have status updates from the various teams, including IRC/Bugs/RE/Ports/Core and Foundation\nWe also have updates on some specific projects, including  from Konstantin on the on-going work for his implementation of ASLR, including the new ‘proccontrol’ command which provides the following:\n\u0026gt; “The proccontrol(1) utility was written to manage and query ASLR enforcement on a per-process basis. It is required for analyzing ASLR failures in specific programs. This utility leverages the procctl(2) interface which was added to the previous version of the patch, with some bug fixes.”\nNext are updates on porting CEPH to FreeBSD, the ongoing work to improve EFI+GELI (touched on last week) and more robust Mutexes. \nAdditionally we have an update from Matt Macy and the Xorg team discussing the current work to update FreeBSD’s graphic stack:\n\u0026gt; “All Intel GPUs up to and including the unreleased Kaby Lake     are supported. The xf86-video-intel driver will be updated soon. Updating this driver requires updating Xorg, which in turn is blocked on Nvidia updates.”\nThe kernel also got some feature status updates, including on the new Allwinner SoC support, an update on FreeBSD in Hyper-V and VIMAGE \nIn addition to a quick update on the arm64 architecture (It’s getting there, RPi3 is almost a thing), we also have a slew of port updates, including support for GitLab in ports, updates on GNOME / KDE and some additional Intel-specific networking tools.\n***\n\n\nVulnerabilities discovered in freebsd-update and portsnap\n\n\nThere are two vulnerabilities discovered in freebsd-update and portsnap, where an attacker could place files in the portsnap directory and they would be used without being subject to having their checksum verified (but this requires root access), and the second where a man-in-the-middle attacker could guess the name of a file you will fetch by exploiting the time-gap between when you download the initial snapshot, and when you fetch the updated files.\nThere are a number of vulnerabilities that were discovered in libarchive/tar as well\nThere is also an issue with bspatch. A security advisory for bspatch has already been released, as this vulnerabilities was also discovered by the Chromium team, which uses this same code. The patch discussed in this mailing list thread is larger, but secteam@ believes at least one of the additional checks introduced is incorrect and may prevent a valid patch from being applied. The smaller patch was pushed out first, to solve the main attack vector, while the larger patch is investigated. Automated fuzz testing is underway. Great care is being taken fixing bspatch, as if it is broken installing future updates becomes much more difficult\nsecteam@ and core@ would like to emphasize that the FreeBSD project takes these issue very seriously and are working on it\n\u0026gt;  “As a general rule, secteam@ does not announce vulnerabilities for which we don't have patches, but we concede that we should have considered making an exception in this case”\nWork is underway to re-architect freebsd-update and portsnap to do signature verification on all files before they are passed to libarchive/tar, to help protect users from any future vulnerabilities in libarchive.\nHowever, this requires changes to the metadata format to provide these additional signatures, and backwards compatibilities must be preserved, so people can update to the newer versions to get these additional security features \nThere is also discussion of using HTTPS for delivery of the files, but certificate verification and trust are always an issue. FreeBSD does not distribute a certificate trust store by default.\nThere will be more on this in the coming days.\n***\n\n\nOpenSSH 7.3 Released\n\n\nOpenSSH 7.3 has landed! \nPrimarily a bug-fix release, the release notes do mention the pending deprecation of some more legacy Crypto in the future, including denying all RSA keys \u0026lt; 1024bit, and removal of SSHv1 support. (Already disabled via compile option)\nOn the bug side, there was a security issue addressed in sshd:\n\n\n“sshd(8): Mitigate a potential denial-of-service attack against the system's crypt(3) function via sshd(8). An attacker could send very long passwords that would cause excessive CPU use in crypt(3). sshd(8) now refuses to accept password authentication requests of length greater than 1024 characters”\n\nAlso a timing issue was resolved in regard to password auth, which could possibly allow an attacker to discern between valid/invalid account names.\nOn the feature side, we have the new ProxyJump option (-J flag) which allows you to do simplified indirection through various SSH jump hosts.\nVarious bugs were fixed, and some compile failures resolved in the portable version to auto-disable some ciphers not supported by OpenSSL.\n\n\n\n\nNews Roundup\n\nOpenBSD Ports - Integrating Third Party Applications [pdf]\n\n\nA talk from Josh Grosse, presented at SEMIBUG (South-East Michigan BSD Users Group), about OpenBSD Ports\nIt opens by explaining the separation of the ‘base system’ from ‘packages’, as is common in most all BSDs\nIt explains the contents of OpenBSD package tar file, which contain some metadata files (+CONTENTS and +DESC) and then the actual package files\nThe talk goes on to explain the different branches (-release, -stable, and -current), and warn users that there are no official -stable packages from the project\nThen it goes on into the development model, including what new contributors should expect\nThen it walks through the entire process of creating a port and getting it contributed\n***\n\n\nNetBSD removes last RWX page in amd64 kernel\n\n\nNetBSD has purged the last holdout RWX page on the amd64 platform\n\u0026gt; “Use UVM_PROT_ALL only if UVM_KMF_EXEC is given as argument. Otherwise, if UVM_KMF_PAGEABLE is also given as argument, only the VA is allocated and UVM waits for the page to fault before kentering it. When kentering it, it will use the UVM_PROT_ flag that was passed to uvm_map; which means that it will kenter it as RWX. With this change, the number of RWX pages in the amd64 kernel reaches strictly zero.”\nBreak out the party favors! Hopefully any last stragglers in any of the other BSD’s gets retired soon as well.\n***\n\n\nDragonFly BSD 4.6 launches with home-grown support for NVMe Controllers\n\n\nSoftpedia picked up on the release of DragonFlyBSD 4.6, specifically about their new home-grown NVMe driver. \n\u0026gt; “We now have a NVMe driver (PCIe SSDs). It currently must be kldloaded with nvme_load=\"YES\" in /boot/loader.conf. The driver uses all concurrency features offered by the chip and will distribute queues and interrupts across multiple CPUs to maximize performance. It has been tested up to around 1.05M IOPS @4K, and roughly 6.5 GBytes/sec @32K (random read from urandom-filled partition, physio, many threads), with the 2xE5-2620v4 (xeon) test server 78% idle in the IOPS test and 72% idle on the bandwidth test. In other words, we maxed out the three NVMe devices we had plugged in and the system still had plenty of suds left over. Please note that a machine's ability to boot from an NVMe device depends on the BIOS, and not DragonFly. Most BIOSes cannot boot from NVMe devices and those that can probably only do it through UEFI. Info on device state is available with the new utility nvmectl.“\nIn addition to this improved support, 4.6 also brings in the improved graphics support, matching what is in Linux 4.4 and support for Broadwell/Skylake.\nSMP also got some love:\n\u0026gt; “SMP performance was already very good. As part of the NVMe driver work we revamped the buffer cache subsystem and a number of other I/O related paths, further reducing lock contention and IPI signalling overheads. We also put topology-aware cpu cache localization into the kernel memory allocator (primarily helps multi-socket systems and systems with high core counts). The network subsystem also continues to receive significant improvement, with modest machine configurations now capable of handling upwards of 580K conns/sec.“\n+Full Release Notes \n***\n\n\nThe powerd++ daemon monitors the system load and adjusts the CPU clock accordingly and is a drop-in replacement for FreeBSD's native powerd(8).\n\n\nAs mentioned in our EuroBSDCon 2016 rundown, Dominic Fandrey will be giving a presentation about his powerd replacement, powerd++\nThe source code is already available on github, and is in ports\nThe major difference is the newer design handle many-core systems much better. The original powerd was written at a time when most laptops only had a single core, and maybe a hyperthread.\nThe new design decides which CPU frequency to use by looking at the busiest core, rather than the average across the cores, resulting in a more meaningful result. It also supports averaging over a longer period of time, to avoid jumping to a higher frequency to quickly\npowerd++ also avoids ‘slewing’ the cpu frequency, ratching it up and down one step at a time, and instead jumps directly to the target frequency.\nOften times, you will use less battery by jumping to maximum frequency, finishing the work, and going back to a low power state, than trying to do that work over a longer period of time in low power mode\n***\n\n\nBeastie Bits\n\nHyper-V: Unmapped I/O improves userland direct disk performance by 35% ~ 135% \n\nOne does not simply remove FreeBSD \n\nA new BSD Podcast \"BSD Synergy\" has started\n\nKnoxBug - Next Meeting - Aug 30th  \n\n\n\nFeedback/Questions\n\n\n Daniel - Root/Wheel \n Joe - IPV6 Frag \n Paul - ChicagoBug \n Chris - SSH BruteBlock \n Todd - Jails  \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we have a variety of news to discuss, covering quite the spectrum of BSD. (Including a new DragonFly release!).\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" \u003cbr\u003e\n/\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for \u003cbr\u003e\nDevelopers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly \u003cbr\u003e\nParanoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/my-int-is-too-big\" rel=\"nofollow\"\u003emy int is too big\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The \u003ca href=\"http://marc.info/?l=oss-security\u0026m=146853062403622\u0026w=2\" rel=\"nofollow\"\u003eNCC Group report\u003c/a\u003e describes the bugs, but not the history of the code.”\u003c/li\u003e\n\u003cli\u003e“Several of them, as reported by NCC, involved similar integer truncation issues. Actually, they involved very similar modern 64 bit code meeting classic 32 bit code”\u003c/li\u003e\n\u003cli\u003e“The thrsleep system call is a part of the kernel code that supports threads. As the name implies, it gives userland a measure of control over scheduling and lets a thread sleep until something happens. As such, it takes a timeout in the form of a timespec. The kernel, however, internally implements time keeping using ticks (there are HZ, 100, ticks per second). The tsleep function (t is for timed) takes an int number of ticks and performs basic validation by checking that it’s not negative. A negative timeout would indicate that the caller has miscalculated. The kernel panics so you can fix the bug, instead of stalling forever.”\u003c/li\u003e\n\u003cli\u003e“The trouble therefore is when userland is allowed to specify a timeout that could be negative. The existing code made an attempt to handle various tricks by converting the timespec to a ticks value stored as a 64 bit long long which was checked against INT_MAX before passing to sleep. Any value over INT_MAX would be truncated, so we can’t allow that. Instead, we saturate the value to INT_MAX. Unfortunately, this check didn’t account for the possibility that the tick conversion from the timespec could also overflow and result in a negative value.”\u003c/li\u003e\n\u003cli\u003eThen there is the description of the kqueue flaw:\u003c/li\u003e\n\u003cli\u003e“Every kqueue keeps a list of all the attached events it’s watching for. A simple array is used to store file events, indexed by fd.”\u003c/li\u003e\n\u003cli\u003e“This array is scaled to accommodate the largest fd that needs to be stored. This would obviously cause trouble, consuming too much memory, if the identifier were not validated first. Which is exactly what kqueue tries to do. The fd_getfile function checks that the identifier is a file that the process has open. One wrinkle. fd_getfile takes an int argument but ident is a uintptr_t, possibly 64 bits. An ident of 2\u003csup\u003e32\u003c/sup\u003e + 2 will look like a valid file descriptor, but then cause the array to be resized to gargantuan proportions.”\u003c/li\u003e\n\u003cli\u003e“Again, the fix is pretty simple. We must check that the ident is bounded by INT_MAX before calling fd_getfile. This bug likely would have been exploitable beyond a panic, but the array allocation was changed to use mallocarray instead of multiplying arguments by hand, thus preventing another overflow.”\u003c/li\u003e\n\u003cli\u003eThen there is a description of the anonymous mmap flaw, and the “secret magic” __MAP_NOFAULT flag\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2016-04-2016-06.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report Q2 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s time for another round of FreeBSD Quarterly Status Reports!\u003c/li\u003e\n\u003cli\u003eIn this edition, we have status updates from the various teams, including IRC/Bugs/RE/Ports/Core and Foundation\u003c/li\u003e\n\u003cli\u003eWe also have updates on some specific projects, including  from Konstantin on the on-going work for his implementation of ASLR, including the new ‘proccontrol’ command which provides the following:\n\u0026gt; “The proccontrol(1) utility was written to manage and query ASLR enforcement on a per-process basis. It is required for analyzing ASLR failures in specific programs. This utility leverages the procctl(2) interface which was added to the previous version of the patch, with some bug fixes.”\u003c/li\u003e\n\u003cli\u003eNext are updates on porting CEPH to FreeBSD, the ongoing work to improve EFI+GELI (touched on last week) and more robust Mutexes. \u003c/li\u003e\n\u003cli\u003eAdditionally we have an update from Matt Macy and the Xorg team discussing the current work to update FreeBSD’s graphic stack:\n\u0026gt; “All Intel GPUs up to and including the unreleased Kaby Lake     are supported. The xf86-video-intel driver will be updated soon. Updating this driver requires updating Xorg, which in turn is blocked on Nvidia updates.”\u003c/li\u003e\n\u003cli\u003eThe kernel also got some feature status updates, including on the new Allwinner SoC support, an update on FreeBSD in Hyper-V and VIMAGE \u003c/li\u003e\n\u003cli\u003eIn addition to a quick update on the arm64 architecture (It’s getting there, RPi3 is almost a thing), we also have a slew of port updates, including support for GitLab in ports, updates on GNOME / KDE and some additional Intel-specific networking tools.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security/2016-July/009016.html\" rel=\"nofollow\"\u003eVulnerabilities discovered in freebsd-update and portsnap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere are two vulnerabilities discovered in freebsd-update and portsnap, where an attacker could place files in the portsnap directory and they would be used without being subject to having their checksum verified (but this requires root access), and the second where a man-in-the-middle attacker could guess the name of a file you will fetch by exploiting the time-gap between when you download the initial snapshot, and when you fetch the updated files.\u003c/li\u003e\n\u003cli\u003eThere are a number of vulnerabilities that were discovered in libarchive/tar as well\u003c/li\u003e\n\u003cli\u003eThere is also an issue with bspatch. A security advisory for bspatch has already been released, as this vulnerabilities was also discovered by the Chromium team, which uses this same code. The patch discussed in this mailing list thread is larger, but secteam@ believes at least one of the additional checks introduced is incorrect and may prevent a valid patch from being applied. The smaller patch was pushed out first, to solve the main attack vector, while the larger patch is investigated. Automated fuzz testing is underway. Great care is being taken fixing bspatch, as if it is broken installing future updates becomes much more difficult\u003c/li\u003e\n\u003cli\u003esecteam@ and core@ would like to emphasize that the FreeBSD project takes these issue very seriously and are working on it\n\u0026gt;  “As a general rule, secteam@ does not announce vulnerabilities for which we don\u0026#39;t have patches, but we concede that we should have considered making an exception in this case”\u003c/li\u003e\n\u003cli\u003eWork is underway to re-architect freebsd-update and portsnap to do signature verification on all files before they are passed to libarchive/tar, to help protect users from any future vulnerabilities in libarchive.\u003c/li\u003e\n\u003cli\u003eHowever, this requires changes to the metadata format to provide these additional signatures, and backwards compatibilities must be preserved, so people can update to the newer versions to get these additional security features \u003c/li\u003e\n\u003cli\u003eThere is also discussion of using HTTPS for delivery of the files, but certificate verification and trust are always an issue. FreeBSD does not distribute a certificate trust store by default.\u003c/li\u003e\n\u003cli\u003eThere will be more on this in the coming days.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openssh.com/txt/release-7.3\" rel=\"nofollow\"\u003eOpenSSH 7.3 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenSSH 7.3 has landed! \u003c/li\u003e\n\u003cli\u003ePrimarily a bug-fix release, the release notes do mention the pending deprecation of some more legacy Crypto in the future, including denying all RSA keys \u0026lt; 1024bit, and removal of SSHv1 support. (Already disabled via compile option)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOn the bug side, there was a security issue addressed in sshd:\u003c/p\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“sshd(8): Mitigate a potential denial-of-service attack against the system\u0026#39;s crypt(3) function via sshd(8). An attacker could send very long passwords that would cause excessive CPU use in crypt(3). sshd(8) now refuses to accept password authentication requests of length greater than 1024 characters”\u003c/p\u003e\n\u003c/blockquote\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAlso a timing issue was resolved in regard to password auth, which could possibly allow an attacker to discern between valid/invalid account names.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOn the feature side, we have the new ProxyJump option (-J flag) which allows you to do simplified indirection through various SSH jump hosts.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eVarious bugs were fixed, and some compile failures resolved in the portable version to auto-disable some ciphers not supported by OpenSSL.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://jggimi.homeip.net/semibug.pdf\" rel=\"nofollow\"\u003eOpenBSD Ports - Integrating Third Party Applications [pdf]\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA talk from Josh Grosse, presented at SEMIBUG (South-East Michigan BSD Users Group), about OpenBSD Ports\u003c/li\u003e\n\u003cli\u003eIt opens by explaining the separation of the ‘base system’ from ‘packages’, as is common in most all BSDs\u003c/li\u003e\n\u003cli\u003eIt explains the contents of OpenBSD package tar file, which contain some metadata files (+CONTENTS and +DESC) and then the actual package files\u003c/li\u003e\n\u003cli\u003eThe talk goes on to explain the different branches (-release, -stable, and -current), and warn users that there are no official -stable packages from the project\u003c/li\u003e\n\u003cli\u003eThen it goes on into the development model, including what new contributors should expect\u003c/li\u003e\n\u003cli\u003eThen it walks through the entire process of creating a port and getting it contributed\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2016/07/27/msg076413.html\" rel=\"nofollow\"\u003eNetBSD removes last RWX page in amd64 kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD has purged the last holdout RWX page on the amd64 platform\n\u0026gt; “Use UVM_PROT_ALL only if UVM_KMF_EXEC is given as argument. Otherwise, if UVM_KMF_PAGEABLE is also given as argument, only the VA is allocated and UVM waits for the page to fault before kentering it. When kentering it, it will use the UVM_PROT_ flag that was passed to uvm_map; which means that it will kenter it as RWX. With this change, the number of RWX pages in the amd64 kernel reaches strictly zero.”\u003c/li\u003e\n\u003cli\u003eBreak out the party favors! Hopefully any last stragglers in any of the other BSD’s gets retired soon as well.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://linux.softpedia.com/blog/dragonfly-bsd-4-6-0-launches-with-home-grown-support-for-nvme-controllers-506908.shtml\" rel=\"nofollow\"\u003eDragonFly BSD 4.6 launches with home-grown support for NVMe Controllers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSoftpedia picked up on the release of DragonFlyBSD 4.6, specifically about their new home-grown NVMe driver. \n\u0026gt; “We now have a NVMe driver (PCIe SSDs). It currently must be kldloaded with nvme_load=\u0026quot;YES\u0026quot; in /boot/loader.conf. The driver uses all concurrency features offered by the chip and will distribute queues and interrupts across multiple CPUs to maximize performance. It has been tested up to around 1.05M IOPS @4K, and roughly 6.5 GBytes/sec @32K (random read from urandom-filled partition, physio, many threads), with the 2xE5-2620v4 (xeon) test server 78% idle in the IOPS test and 72% idle on the bandwidth test. In other words, we maxed out the three NVMe devices we had plugged in and the system still had plenty of suds left over. Please note that a machine\u0026#39;s ability to boot from an NVMe device depends on the BIOS, and not DragonFly. Most BIOSes cannot boot from NVMe devices and those that can probably only do it through UEFI. Info on device state is available with the new utility nvmectl.“\u003c/li\u003e\n\u003cli\u003eIn addition to this improved support, 4.6 also brings in the improved graphics support, matching what is in Linux 4.4 and support for Broadwell/Skylake.\u003c/li\u003e\n\u003cli\u003eSMP also got some love:\n\u0026gt; “SMP performance was already very good. As part of the NVMe driver work we revamped the buffer cache subsystem and a number of other I/O related paths, further reducing lock contention and IPI signalling overheads. We also put topology-aware cpu cache localization into the kernel memory allocator (primarily helps multi-socket systems and systems with high core counts). The network subsystem also continues to receive significant improvement, with modest machine configurations now capable of handling upwards of 580K conns/sec.“\n+\u003ca href=\"https://www.dragonflybsd.org/release46/\" rel=\"nofollow\"\u003eFull Release Notes\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freshports.org/sysutils/powerdxx/\" rel=\"nofollow\"\u003eThe powerd++ daemon monitors the system load and adjusts the CPU clock accordingly and is a drop-in replacement for FreeBSD\u0026#39;s native powerd(8).\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs mentioned in our EuroBSDCon 2016 rundown, Dominic Fandrey will be giving a presentation about his powerd replacement, powerd++\u003c/li\u003e\n\u003cli\u003eThe source code is already available on github, and is in ports\u003c/li\u003e\n\u003cli\u003eThe major difference is the newer design handle many-core systems much better. The original powerd was written at a time when most laptops only had a single core, and maybe a hyperthread.\u003c/li\u003e\n\u003cli\u003eThe new design decides which CPU frequency to use by looking at the busiest core, rather than the average across the cores, resulting in a more meaningful result. It also supports averaging over a longer period of time, to avoid jumping to a higher frequency to quickly\u003c/li\u003e\n\u003cli\u003epowerd++ also avoids ‘slewing’ the cpu frequency, ratching it up and down one step at a time, and instead jumps directly to the target frequency.\u003c/li\u003e\n\u003cli\u003eOften times, you will use less battery by jumping to maximum frequency, finishing the work, and going back to a low power state, than trying to do that work over a longer period of time in low power mode\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=303474\" rel=\"nofollow\"\u003eHyper-V: Unmapped I/O improves userland direct disk performance by 35% ~ 135%\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://imgur.com/a/gjGoq\" rel=\"nofollow\"\u003eOne does not simply remove FreeBSD\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.youtube.com/channel/UCBua6yMtJ6W5ExYSREnS3UQ\" rel=\"nofollow\"\u003eA new BSD Podcast \u0026quot;BSD Synergy\u0026quot; has started\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://knoxbug.org/content/2016-08-30\" rel=\"nofollow\"\u003eKnoxBug - Next Meeting - Aug 30th \u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/8sMyKm6c\" rel=\"nofollow\"\u003e Daniel - Root/Wheel\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/r5Y0gbxf\" rel=\"nofollow\"\u003e Joe - IPV6 Frag\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/iVYPYcVs\" rel=\"nofollow\"\u003e Paul - ChicagoBug\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/597m9gHa\" rel=\"nofollow\"\u003e Chris - SSH BruteBlock\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/xjbKwSaz\" rel=\"nofollow\"\u003e Todd - Jails \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we have a variety of news to discuss, covering quite the spectrum of BSD. (Including a new DragonFly release!).","date_published":"2016-08-03T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a08dade0-6b9f-4b0c-8dbf-390f1d1a05c0.mp3","mime_type":"audio/mpeg","size_in_bytes":55789780,"duration_in_seconds":4649}]},{"id":"b946bdcd-f9d8-4480-995a-0eb2cb5e1b77","title":"152: The Laporte has landed!","url":"https://www.bsdnow.tv/152","content_text":"This week on BSDNow, we have some big breaking news about another major switcher to FreeBSD, plus early information about the pending\n\nThis episode was brought to you by\n\n\n/\u0026gt;\n\n\n\nHeadlines\n\nLeo Laporte tries FreeBSD\n\n\nLeo Laporte, formerly of TechTV, and now of TWiT.tv, is switching to FreeBSD\n“The latest debacle over the \"forced\" upgrade to Windows 10 and Apple's increasingly locked-in ecosystem has got me thinking. Do I really need to use a proprietary operating system to get work done? And while I'm at it, do I need to use commercial cloud services to store my data?”\nA sometimes Linux user since the mid 90s, Leo talks about his motivations:\n“But as time went by, even Ubuntu began to seem too commercial to me”\n“So now for the grand experiment. Is it possible, I wonder, to do everything I need to do on an even more venerable, more robust system: a true UNIX OS, FreeBSD? Here are my requirements”\nBrowsing\nEmail with PGP signing and encryption\nCoding - I'm a hobbyist programmer requiring support for lisp/scheme/racket, rust, and python (and maybe forth and clojure and meteor and whatever else is cool and new)\nWriting\nA password vault. I currently use Lastpass because it syncs with mobile but eventually I'll need to find a FOSS replacement for that, too\nPhoto editing - this is the toughest to replace. I love Photoshop and Lightroom. Can I get by with, say, GIMP and Darktable?\nI do all of those things on my PCBSD machine all the time\n“I love Linux and will continue to use it on my laptops, but for my main workhorse desktop I think FreeBSD will be a better choice. I also look forward to learning and administering a true UNIX system.”\nHe got a nice SuperMicro based workstation, with an Intel Xeon E3-1275v5 and an NVIDIA GeForce GTX 960 GPU\nI have a server with one of those Skylake E3s, it is very nice\n“450Mbps Wireless N Dual Band PCI-e Adapter w/ 3x 2dBi Antennas (Yes, sad to say, unless I rewire my house I'll have to use Wi-Fi with this beast. I'll probably rewire my house.)”\nHe plans to have a 4x 1TB ZFS pool, plus a second pool backed by a 512 GB NVMe m.2 for the OS\n“And I'll continue to chronicle my journey into the land of FOSS here when The Beast arrives. But in the meantime, please excuse me, I've got some reading to do.”\nLeo went so far as to slap a “Power By FreeBSD” sticker  on the back of his new Tesla\n***\n\n\nOpenBSD 6.0 to be released on Sept 1st, 2016\n\n\nOpenBSD 6.0 Tenative Released Notes\nOpenBSD 6.0 is just around the corner, currently slated for Sept 1st and brings with it a whole slew of exciting new features\nFirst up, and let’s get this right out of the way.. VAX support has been dropped!! Oh no!\nHowever to make up for this devastating loss, armv7 has been added to this release.\nThe tentative release notes are very complete and marks 6.0 as quite an exciting release\nOpenBSD 6.0 Pre-orders up \n\n\nOpenBSD 6.0 tightens security by losing Linux compatibility\n\n\nIn related news, infoworld picked up on the pending removal of Linux compat from OpenBSD 6.0.\nTouted as a security feature, you will soon be unable to run legacy linux binaries on OpenBSD. This has both positives and negatives depending upon your use case. Ironically we’re excitedly awaiting improved Linux Compat support in FreeBSD, to allow running some various closed-source applications. (Netflix DRM, Steam, Skype to name a few)\n***\n\n\nEuroBSDCon 2016 Schedule released\n\n\nEuroBSDCon 2016 Tutorial Schedule released \nEuroBSDCon has announced the list of talks and tutorials for September 22nd-25th’s conference!\nGeorge Neville Neil (Who we’ve interviewed in the past) is giving the keynote about “The Coming Decades of BSD”\n***\n\n\nNews Roundup\n\nBlast from the past\n\n\nNo interview again this week, we’re working on getting some people lined up.\nThe Leo Laporte story brought these old gem from TechTV into my youtube playlist:\nMatt Olander and Murrey Stokey explain FreeBSD on TechTV \nMatt Olander and Brooks Davis explain building a cluster with FreeBSD on TechTV \nFreeBSD vs Linux Part 1\nFreeBSD vs Linux Part 2\n***\n\n\nRunning FreeBSD on the LibreM \n\n\nEric McCorkle (Who has worked on the EFI loader for a while now) has written an update on his efforts to get FreeBSD working properly on the LibreM 13 laptop.\nSince April the work seems to be progressing nicely\n\n\nMatt Macy’s i915 graphics patch works well on the Librem 13, and I personally made sure that the suspend/resume support works.  The patch is very stable on the Librem, and I’ve only had one kernel panic the entire time testing it.\nThe HDMI output Just Works™ with the i915 driver.  Even better, it works for both X11 and console modes.\nFull support for the Atheros 9462 card has been merged in.  I’ve had some occasional issues, but it works for the most part.\nThe vesa weirdness is obviated by i915 support, but it was resolved by using the scfb driver.\n\nSome of the outstanding issues still being worked on are support for Synaptics on this particular touchpad, as well as hotkey support for the keyboard, and brightness controls.\nIn addition Eric is still working on the EFI + Geli support, with the eventual goal of getting EFI secure-boot working out of box as well.\n\n\n\n\nMore OpenBSD syscall fuzzing\n\n\nNCC Group’s Project Triforce continues its work of fuzzing OpenBSD\nThis time they have found a flaw that allows any user to panic the kernel\nAttempting to read from the tmpfs_vfsops sysctl tree will panic the system: “attempt to execute user address 0x0 in supervisor mode”\nThis is actually a “good” thing…\n“Impact: Any user can panic the kernel by using the sysctl call.  If a user can manage to map a page at address zero, they may be able to gain kernel code execution and escalate privileges”\nOpenBSD’s default configuration prevents mapping a page at address zero, so the code execution is prevented\nSo while a panic is a bad outcome, it is a lot better than it could have been\n***\n\n\nRoot privilege escalation on NetBSD\n\n\nThis post described a root privilege escalation in NetBSD\nmail.local is a utility included in the base system for delivering mail to other users on the same system, rather than invoking a mail client and going through the mail server.\nThe mail.local utility contains a ‘time of check / time of use’ vulnerability. This means that it checks if a file or permission is valid, and then later accesses that file. If an attacker can change that file between the time when it is checked, and the time when it is used, they may be able to exploit the system by evading the check\nThis is exactly what happens in this case\nmail.local appends a message to the indicated user’s mailbox\nIt first checks if the target user already has an existing mailbox file. If the file exists, but is a link, mail.local exits with an error (to prevent exploits)\nIf the file does not exist, it is created\nThe message is then appended to the file\nIf the file needed to be created, it is chown’d to the owner of the mailbox\nThis is where the problem lies, if mail.local checks and does not find the mailbox, but an attacker then creates a link from the target mailbox to some other file\nmail.local then appends to that file instead, thinking it is creating the new mailbox\nThen, mail.local chown’s the target file to the user the attacker was trying to send mail to\nThe article explains how this could be used to replace /etc/master.passwd etc, but opts for an easier proof of concept, replacing /usr/bin/atrun, which is run as root every 5 minutes from crontab with a script that will copy the shell to /tmp and mark it setuid\nThe attacker can then run that shell out of /tmp, and be root\nNetBSD fixed the vulnerability by changing the code flow, separating the cases for opening an existing file from creating a new file.\nIn the case where an existing file is opened, the code then verifies that the file that was opened has the same inode number and is on the same device, as the file that was checked earlier, to ensure it was not a link\n***\n\n\nFreeBSD Heap vulnerability in bspatch\n\n\nAn important vuln has been found and fixed in FreeBSD this past week, specifically relating to the ‘bspatch’ utility.\n“Upstream's bspatch.c implementation doesn't check for negative values on the number of bytes to read from the \"diff\" and \"extra\" streams, allowing an attacker controlling the patch file to write at arbitrary locations in the heap.”\nThis could result in a crash, or running arbitrary code as the user running bspatch. (Often root)\n“bspatch's main loop reads three numbers from the \"control\" stream in the patch: X, Y and Z. The first two are the number of bytes to read from \"diff\" and \"extra\" (and thus only non-negative), while the third one could be positive or negative and moves the oldpos pointer on the source image. These 3 values are 64bits signed ints (encoded somehow on the file) that are later passed the function that reads from the streams, but those values are not verified to be non-negative.”\n“Chrome[OS] has four different implementations of this program, all derived from the same original code by Colin Percival.”\nChromium Issue Tracker \nPatch your systems now!\n***\n\n\nBeastie Bits:\n\n\nIf you're a BUG member or Organizer, please contact BSD Now \nTedU writes about some interesting localizations to gcc in openbsd, and why they are there  \nList of Products based on FreeBSD -- Help complete the list \nVirtualbox v5 hits the FreeBSD Ports tree \nSkull Canyon NUC booting FreeBSD 11.0-BETA2 \n2016 BSDCan Trip Report : Trent Thompson \nAugust London BSD Meetup \n\n\n\n\nFeedback/Questions\n\n\n Michael Open-Source Alts \n Herminio - AP Troubles \n Jake - Plasma \n Morgan - Clean DO Droplets \nChris - Auditd \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we have some big breaking news about another major switcher to FreeBSD, plus early information about the pending\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" \u003cbr\u003e\n/\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for \u003cbr\u003e\nDevelopers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly \u003cbr\u003e\nParanoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.leolaporte.com/blog/a-grand-experiment\" rel=\"nofollow\"\u003eLeo Laporte tries FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLeo Laporte, formerly of TechTV, and now of TWiT.tv, is switching to FreeBSD\u003c/li\u003e\n\u003cli\u003e“The latest debacle over the \u0026quot;forced\u0026quot; upgrade to Windows 10 and Apple\u0026#39;s increasingly locked-in ecosystem has got me thinking. Do I really need to use a proprietary operating system to get work done? And while I\u0026#39;m at it, do I need to use commercial cloud services to store my data?”\u003c/li\u003e\n\u003cli\u003eA sometimes Linux user since the mid 90s, Leo talks about his motivations:\u003c/li\u003e\n\u003cli\u003e“But as time went by, even Ubuntu began to seem too commercial to me”\u003c/li\u003e\n\u003cli\u003e“So now for the grand experiment. Is it possible, I wonder, to do everything I need to do on an even more venerable, more robust system: a true UNIX OS, FreeBSD? Here are my requirements”\u003c/li\u003e\n\u003cli\u003eBrowsing\u003c/li\u003e\n\u003cli\u003eEmail with PGP signing and encryption\u003c/li\u003e\n\u003cli\u003eCoding - I\u0026#39;m a hobbyist programmer requiring support for lisp/scheme/racket, rust, and python (and maybe forth and clojure and meteor and whatever else is cool and new)\u003c/li\u003e\n\u003cli\u003eWriting\u003c/li\u003e\n\u003cli\u003eA password vault. I currently use Lastpass because it syncs with mobile but eventually I\u0026#39;ll need to find a FOSS replacement for that, too\u003c/li\u003e\n\u003cli\u003ePhoto editing - this is the toughest to replace. I love Photoshop and Lightroom. Can I get by with, say, GIMP and Darktable?\u003c/li\u003e\n\u003cli\u003eI do all of those things on my PCBSD machine all the time\u003c/li\u003e\n\u003cli\u003e“I love Linux and will continue to use it on my laptops, but for my main workhorse desktop I think FreeBSD will be a better choice. I also look forward to learning and administering a true UNIX system.”\u003c/li\u003e\n\u003cli\u003eHe got a nice SuperMicro based workstation, with an Intel Xeon E3-1275v5 and an NVIDIA GeForce GTX 960 GPU\u003c/li\u003e\n\u003cli\u003eI have a server with one of those Skylake E3s, it is very nice\u003c/li\u003e\n\u003cli\u003e“450Mbps Wireless N Dual Band PCI-e Adapter w/ 3x 2dBi Antennas (Yes, sad to say, unless I rewire my house I\u0026#39;ll have to use Wi-Fi with this beast. I\u0026#39;ll probably rewire my house.)”\u003c/li\u003e\n\u003cli\u003eHe plans to have a 4x 1TB ZFS pool, plus a second pool backed by a 512 GB NVMe m.2 for the OS\u003c/li\u003e\n\u003cli\u003e“And I\u0026#39;ll continue to chronicle my journey into the land of FOSS here when The Beast arrives. But in the meantime, please excuse me, I\u0026#39;ve got some reading to do.”\u003c/li\u003e\n\u003cli\u003eLeo went so far as to \u003ca href=\"https://youtu.be/vNVst_rxxm0?t=270\" rel=\"nofollow\"\u003eslap a “Power By FreeBSD” sticker \u003c/a\u003e on the back of his new Tesla\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160725100831\" rel=\"nofollow\"\u003eOpenBSD 6.0 to be released on Sept 1st, 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/60.html\" rel=\"nofollow\"\u003eOpenBSD 6.0 Tenative Released Notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOpenBSD 6.0 is just around the corner, currently slated for Sept 1st and brings with it a whole slew of exciting new features\u003c/li\u003e\n\u003cli\u003eFirst up, and let’s get this right out of the way.. VAX support has been dropped!! Oh no!\u003c/li\u003e\n\u003cli\u003eHowever to make up for this devastating loss, armv7 has been added to this release.\u003c/li\u003e\n\u003cli\u003eThe tentative release notes are very complete and marks 6.0 as quite an exciting release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160726230851\" rel=\"nofollow\"\u003eOpenBSD 6.0 Pre-orders up\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.infoworld.com/article/3099038/open-source-tools/openbsd-60-tightens-security-by-losing-linux-compatibility.html\" rel=\"nofollow\"\u003eOpenBSD 6.0 tightens security by losing Linux compatibility\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn related news, infoworld picked up on the pending removal of Linux compat from OpenBSD 6.0.\u003c/li\u003e\n\u003cli\u003eTouted as a security feature, you will soon be unable to run legacy linux binaries on OpenBSD. This has both positives and negatives depending upon your use case. Ironically we’re excitedly awaiting improved Linux Compat support in FreeBSD, to allow running some various closed-source applications. (Netflix DRM, Steam, Skype to name a few)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2016.eurobsdcon.org/talks-schedule/\" rel=\"nofollow\"\u003eEuroBSDCon 2016 Schedule released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://2016.eurobsdcon.org/tutorials/\" rel=\"nofollow\"\u003eEuroBSDCon 2016 Tutorial Schedule released\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eEuroBSDCon has announced the list of talks and tutorials for September 22nd-25th’s conference!\u003c/li\u003e\n\u003cli\u003eGeorge Neville Neil (Who we’ve interviewed in the past) is giving the keynote about “The Coming Decades of BSD”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003eBlast from the past\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNo interview again this week, we’re working on getting some people lined up.\u003c/li\u003e\n\u003cli\u003eThe Leo Laporte story brought these old gem from TechTV into my youtube playlist:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=d0UsXwRvaIg\" rel=\"nofollow\"\u003eMatt Olander and Murrey Stokey explain FreeBSD on TechTV \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=bAsYz5pVwyc\" rel=\"nofollow\"\u003eMatt Olander and Brooks Davis explain building a cluster with FreeBSD on TechTV \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=91igg2UX7o8\" rel=\"nofollow\"\u003eFreeBSD vs Linux Part 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=oU88fQkwfws\" rel=\"nofollow\"\u003eFreeBSD vs Linux Part 2\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ericmccorkleblog.wordpress.com/2016/07/16/freebsd-librem-update/\" rel=\"nofollow\"\u003eRunning FreeBSD on the LibreM \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEric McCorkle (Who has worked on the EFI loader for a while now) has written an update on his efforts to get FreeBSD working properly on the LibreM 13 laptop.\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSince April the work seems to be progressing nicely\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eMatt Macy’s i915 graphics patch works well on the Librem 13, and I personally made sure that the suspend/resume support works.  The patch is very stable on the Librem, and I’ve only had one kernel panic the entire time testing it.\u003c/li\u003e\n\u003cli\u003eThe HDMI output Just Works™ with the i915 driver.  Even better, it works for both X11 and console modes.\u003c/li\u003e\n\u003cli\u003eFull support for the Atheros 9462 card has been merged in.  I’ve had some occasional issues, but it works for the most part.\u003c/li\u003e\n\u003cli\u003eThe vesa weirdness is obviated by i915 support, but it was resolved by using the scfb driver.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSome of the outstanding issues still being worked on are support for Synaptics on this particular touchpad, as well as hotkey support for the keyboard, and brightness controls.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIn addition Eric is still working on the EFI + Geli support, with the eventual goal of getting EFI secure-boot working out of box as well.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://seclists.org/oss-sec/2016/q3/157\" rel=\"nofollow\"\u003eMore OpenBSD syscall fuzzing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNCC Group’s Project Triforce continues its work of fuzzing OpenBSD\u003c/li\u003e\n\u003cli\u003eThis time they have found a flaw that allows any user to panic the kernel\u003c/li\u003e\n\u003cli\u003eAttempting to read from the tmpfs_vfsops sysctl tree will panic the system: “attempt to execute user address 0x0 in supervisor mode”\u003c/li\u003e\n\u003cli\u003eThis is actually a “good” thing…\u003c/li\u003e\n\u003cli\u003e“Impact: Any user can panic the kernel by using the sysctl call.  If a user can manage to map a page at address zero, they may be able to gain kernel code execution and escalate privileges”\u003c/li\u003e\n\u003cli\u003eOpenBSD’s default configuration prevents mapping a page at address zero, so the code execution is prevented\u003c/li\u003e\n\u003cli\u003eSo while a panic is a bad outcome, it is a lot better than it could have been\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://akat1.pl/?id=2\" rel=\"nofollow\"\u003eRoot privilege escalation on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis post described a root privilege escalation in NetBSD\u003c/li\u003e\n\u003cli\u003email.local is a utility included in the base system for delivering mail to other users on the same system, rather than invoking a mail client and going through the mail server.\u003c/li\u003e\n\u003cli\u003eThe mail.local utility contains a ‘time of check / time of use’ vulnerability. This means that it checks if a file or permission is valid, and then later accesses that file. If an attacker can change that file between the time when it is checked, and the time when it is used, they may be able to exploit the system by evading the check\u003c/li\u003e\n\u003cli\u003eThis is exactly what happens in this case\u003c/li\u003e\n\u003cli\u003email.local appends a message to the indicated user’s mailbox\u003c/li\u003e\n\u003cli\u003eIt first checks if the target user already has an existing mailbox file. If the file exists, but is a link, mail.local exits with an error (to prevent exploits)\u003c/li\u003e\n\u003cli\u003eIf the file does not exist, it is created\u003c/li\u003e\n\u003cli\u003eThe message is then appended to the file\u003c/li\u003e\n\u003cli\u003eIf the file needed to be created, it is chown’d to the owner of the mailbox\u003c/li\u003e\n\u003cli\u003eThis is where the problem lies, if mail.local checks and does not find the mailbox, but an attacker then creates a link from the target mailbox to some other file\u003c/li\u003e\n\u003cli\u003email.local then appends to that file instead, thinking it is creating the new mailbox\u003c/li\u003e\n\u003cli\u003eThen, mail.local chown’s the target file to the user the attacker was trying to send mail to\u003c/li\u003e\n\u003cli\u003eThe article explains how this could be used to replace /etc/master.passwd etc, but opts for an easier proof of concept, replacing /usr/bin/atrun, which is run as root every 5 minutes from crontab with a script that will copy the shell to /tmp and mark it setuid\u003c/li\u003e\n\u003cli\u003eThe attacker can then run that shell out of /tmp, and be root\u003c/li\u003e\n\u003cli\u003eNetBSD fixed the vulnerability by changing the code flow, separating the cases for opening an existing file from creating a new file.\u003c/li\u003e\n\u003cli\u003eIn the case where an existing file is opened, the code then verifies that the file that was opened has the same inode number and is on the same device, as the file that was checked earlier, to ensure it was not a link\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:25.bspatch.asc\" rel=\"nofollow\"\u003eFreeBSD Heap vulnerability in bspatch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn important vuln has been found and fixed in FreeBSD this past week, specifically relating to the ‘bspatch’ utility.\u003c/li\u003e\n\u003cli\u003e“Upstream\u0026#39;s bspatch.c implementation doesn\u0026#39;t check for negative values on the number of bytes to read from the \u0026quot;diff\u0026quot; and \u0026quot;extra\u0026quot; streams, allowing an attacker controlling the patch file to write at arbitrary locations in the heap.”\u003c/li\u003e\n\u003cli\u003eThis could result in a crash, or running arbitrary code as the user running bspatch. (Often root)\u003c/li\u003e\n\u003cli\u003e“bspatch\u0026#39;s main loop reads three numbers from the \u0026quot;control\u0026quot; stream in the patch: X, Y and Z. The first two are the number of bytes to read from \u0026quot;diff\u0026quot; and \u0026quot;extra\u0026quot; (and thus only non-negative), while the third one could be positive or negative and moves the oldpos pointer on the source image. These 3 values are 64bits signed ints (encoded somehow on the file) that are later passed the function that reads from the streams, but those values are not verified to be non-negative.”\u003c/li\u003e\n\u003cli\u003e“Chrome[OS] has four different implementations of this program, all derived from the same original code by Colin Percival.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bugs.chromium.org/p/chromium/issues/detail?id=372525\" rel=\"nofollow\"\u003eChromium Issue Tracker \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch your systems now!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits:\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/q5sys/status/758087886927388673\" rel=\"nofollow\"\u003eIf you\u0026#39;re a BUG member or Organizer, please contact BSD Now\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/one-reason-to-hate-openbsd\" rel=\"nofollow\"\u003eTedU writes about some interesting localizations to gcc in openbsd, and why they are there \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://en.wikipedia.org/wiki/List_of_products_based_on_FreeBSD\" rel=\"nofollow\"\u003eList of Products based on FreeBSD -- Help complete the list \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.freshports.org/emulators/virtualbox-ose/\" rel=\"nofollow\"\u003eVirtualbox v5 hits the FreeBSD Ports tree\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://gist.github.com/gonzopancho/b71be467f45594822131f4816d6cb718\" rel=\"nofollow\"\u003eSkull Canyon NUC booting FreeBSD 11.0-BETA2\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/2016-bsdcan-trip-report-trent-thompson/\" rel=\"nofollow\"\u003e2016 BSDCan Trip Report : Trent Thompson\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/regional-london/2016/07/25/msg000542.html\" rel=\"nofollow\"\u003eAugust London BSD Meetup\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/eiWbDXTd\" rel=\"nofollow\"\u003e Michael Open-Source Alts\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/w9aCDBut\" rel=\"nofollow\"\u003e Herminio - AP Troubles\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/d15QpVFw\" rel=\"nofollow\"\u003e Jake - Plasma\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Wj1P7jq8\" rel=\"nofollow\"\u003e Morgan - Clean DO Droplets\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/U9PYEH6K\" rel=\"nofollow\"\u003eChris - Auditd\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we have some big breaking news about another major switcher to FreeBSD, plus early information about the pending","date_published":"2016-07-27T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b946bdcd-f9d8-4480-995a-0eb2cb5e1b77.mp3","mime_type":"audio/mpeg","size_in_bytes":51561940,"duration_in_seconds":4296}]},{"id":"a6d4cae2-dede-4e13-bab3-af1ea6a03992","title":"151: Fuzzy Auditing","url":"https://www.bsdnow.tv/151","content_text":"This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved\n\nThis episode was brought to you by\n\n\n/\u0026gt;\n\n\n\nHeadlines\n\nMultiple Bugs in OpenBSD Kernel\n\n\nIts patch Wednesday! (OR last Thursday if you were watching the mailing lists)\nJesse Hertz and Tim Newsham (part of the NCC Group calling themselves project Triforce) have been working with the OpenBSD team to fix some newly discovered bugs in the kernel using fuzzing.\nSpecifically they were able to track down several potential methods to corrupt memory or panic the kernel:\n\n\nmmap_panic: Malicious calls to mmap() can trigger an allocation panic or trigger memory corruption.\nkevent_panic: Any user can panic the kernel with the kevent system call.\nthrsleep_panic: Any user can panic the kernel with the __thrsleep system Call.\nthrsigdivert_panic: Any user can panic the kernel with the __thrsigdivert system call.\nufs_getdents_panic: Any user can panic the kernel with the getdents system call.\nmount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when mounting a tmpfs filesystem.\nunmount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when unmounting a filesystem.\ntmpfs_mknod_panic: Root can panic kernel with mknod on a tmpfs filesystem.\n\nThis was a great find, and we have a link to more of the results, if you would like to explore them in more detail.\nNCC Group OpenBSD Kernel fuzzing results \nWould like to see more work like this done in all of the BSDs\n***\n\n\nRunning CockroachDB in a FreeBSD Jail\n\n\nThe developers behind CockroachDB have written up a nice walkthrough of getting their software to run inside FreeBSD jails.\n\n\n\n“Manually encapsulating CockroachDB using Linux cgroups is no easy task, which is why tools like Docker exist in the first place. By comparison, running server processes natively in FreeBSD jails is straightforward and robust.”\n\n\n\nThe walkthrough begins with compiling CockroachDB straight from source (A port is pending), which is pretty easy relying upon bash / git / gmake and GO.\nWith the compile finished, the next step will be mounting linprocfs, although that may be going away in the future:\n\n\n\n“(Note: Linux compatibility files / packages / libraries are not needed further. CockroachDB uses Linux’s procfs to inspect system properties via gosigar. If/when gosigar evolves to read FreeBSD properties natively, CockroachDB will not need linprocfs any more.)”\n\n\n\nWith the initial setup complete, the walkthrough then takes us through the process of creating the rc.d script (Which should be included with the port) and ultimately setting up ezjail and deploying CockroachDB within. \nWith the word getting out about jails and their functionality, we hope to see more projects also provide walkthroughs and FreeBSD support natively. Kudos to the CockroachDB team!\n***\n\n\nUsermount bugs\n\n\nkern.usermount, (vfs.usermount on FreeBSD) is a sysctl that can be enabled to allow an unprivileged user to mount filesystems. It is very useful for allowing non-root users to mount a USB stick or other external media.\nIt is not without its dangers though:\n\u0026gt; “kern.usermount=1 is unsafe for everyone, since it allows any non-pledged program to call the mount/umount system calls.  There is no way any user can be expected to keep their system safe / reliable with this feature. Ignore setting to =1, and after release we'll delete the sysctl entirely.”\nIn OpenBSD 6.0 and forward, the setting will no longer work, and root privileges will be required to mount a filesystem\nIf there is a bug in the filesystem driver, the user could potentially exploit that and root the system\n\u0026gt; “In addition to the patched bugs, several panics were discovered by NCC that can be triggered by root or users with the usermount option set. These bugs are not getting patched because we believe they are only the tip of the iceberg. The mount system call exposes too much code to userland to be considered secure”\nThis is a very pragmatic way of dealing with these issues, as it is not really possible to be sure that EVERY bug has been fixed, and that this feature is no longer an exploit vector\nusermount being removed from OpenBSD \nI use this facility in FreeBSD extensively, combined with ZFS permission delegation, to allow non-root users to create and mount new ZFS datasets, and to do replication without requiring any root access\nThere are some safety belts, for instance: the user must own the directory that the new filesystem will be mounted to, so they can’t mount to /etc and replace the password file with their own\n***\n\n\nLet's Encrypt client from BSD in C\n\n\nFile this one under the category of “It’s about time!”, but Kristaps (Who we’ve interviewed in the past) has released some new software for interacting with letsencrypt.\nThe header for the project site sums it up nicely:\n\n\n\n“Be up-front about security: OpenSSL is known to have issues, you can't trust what comes down the pipe, and your private key's integrity is a hard requirement. Not a situation where you can be careless. letskencrypt is a client for Let's Encrypt users, but one designed for security. No Python. No Ruby. No Bash.A straightforward, open source     implementation in C that isolates each step of the sequence.”\n\n\n\nWhat specifically does it isolate you ask? Right now it is broken down into 6 steps:\n\n\nread and parse an account and domain private key\nauthenticate with the Let's Encrypt server\nauthorise each domain listed for the certificate\nsubmit the X509 request\nreceive and serialise the signed X509 certificate\nrequest, receive, and serialise the certificate chain from the issuer\n\n\nI don’t know about all of you, but I’m going to be switching over one of my systems this weekend.\n***\n\n\nNews Roundup\n\nVideos from the FOSDEM BSD Dev room are now online\n\n\nThe videos from the BSD Dev room at FOSDEM have been stealthily posted online at some point since last I checked\nThe videos are individually linked from the talks on the Schedule  \nThe talk pages also include the slides, which can help you to follow along\n***\n\n\nFreeBSD on Jetson TK1\n\n\nThe nVidia Jetson TK1 is a medium sized ARM device that is a big more than your standard Raspberry Pi\nThe device has:\n\n\nNVIDIA 4-Plus-1™ Quad-Core ARM® Cortex™-A15 CPU (2.3 GHz)\nNVIDIA Kepler GPU with 192 CUDA Cores\n2 GB DDR3L x16 Memory with 64-bit Width\n16 GB 4.51 eMMC Memory\n1 Half Mini-PCIE Slot\n1 Full-Size SD/MMC Connector\n1 Full-Size HDMI Port\n1 USB 2.0 Port, Micro AB\n1 USB 3.0 Port, A\n1 RS232 Serial Port\n1 ALC5639 Realtek Audio Codec with Mic In and Line Out\n1 RTL8111GS Realtek GigE LAN\n1 SATA Data Port\nSPI 4 MByte Boot Flash\n\nThe following signals are available through an expansion port:\n\n\nDP/LVDS\nTouch SPI 1x4 + 1x1 CSI-2\nGPIOs\nUART\nHSIC\ni2c\n\nThe device costs $192 USD from nVidia or Amazon\nOleksandr Tymoshenko (gonzo@freebsd.org) has a post describing what it takes to get FreeBSD running on the Jetson TK1\n\u0026gt; “First of all – my TK1 didn’t have U-Boot. Type of bootloader depends on the version of Linux4Tegra TK1 comes with. Mine had L4T R19, with some kind of “not u-boot” bootloader.”\nThey tried using the provided tool, compiled on FreeBSD since it uses libusb, but it gave an error. Falling back to trying from Ubuntu, they got the same error.\nThey then flashed the TK1 with newer firmware, and suddenly, uboot is available.\nThe post then walks through pxe booting FreeBSD on the TK1\nThe guide then walks through replacing the UBoot with a version compatible with UBLDR, for more features\nWe’ll have to wait for another post to get FreeBSD burned onto the device, but at this point, you can reliably boot it without any user interaction\nI have one of these devices, so I am very interested in this work\n***\n\n\nWhy we use OpenBSD at VidiGaurd\n\n\nVidiGuard (Which makes autonomous drone solutions for security monitoring) has posted an interesting write-up on why they use OpenBSD.\nSpecifically they start by mentioning while they are in business to provide physical security, they just as equally value their data security, especially their customer data.\nThey name 4 specific features that matter to them, starting with Uncompromising Quality and Security:\n\n\n\n“Over the past 20 years, OpenBSD’s focus on uncompromising quality and code correctness has yielded an operating system second-to-none. Code auditing and review is core to the project’s development process. The team’s focus on security includes integrated cryptography, new security mitigation techniques, and an optional-security-is-no-security stance, making it arguably the most secure operating system available today. This approach pays off in the form of only a few security updates for a given release, compared to other operating systems that might release a handful of updates every week.”\n\n\n\nHigh praise indeed! They also mention the sane-defaults, documentation and last but not least, the license as also winning factors in making OpenBSD their operating system of choice.\nThanks to VidiGuard for publically detailing the use of BSD, and we hope to see other business follow suit!\n***\n\n\n\"You can (and should) slow down and learn how things work\" – Interview with Dru Lavigne\n\n\nIf you’ve been around the BSD community for any length of time, you no doubt have heard of Dru Lavigne (Or perhaps own one of her books!)\nShe was recently interviewed by Luca Ferrari for BSD Magazine and you may find it a fascinating read.\nThe 2nd question asked sounded a lot like our opener to an interview (How did you get into BSD)\n\n\n\n“ In the mid 90s, I went back to school to learn network and system administration. As graduation grew near and I started looking for a work, I noticed that all the interesting jobs wanted Unix skills. Wanting to increase my skills, and not having any money, I did an Internet search for “Free Unix”. The first hit was freebsd.org. I went to the website and started reading the Handbook and thought “I can do this”. Since I only had access to one computer and wanted to ramp up my skills quickly, I printed out the installation and networking chapters of the Handbook. I replaced the current operating system with FreeBSD and forced myself to learn how to do everything I needed to do on that computer in FreeBSD. It was a painful (and scary) few weeks as I figured out how to transition the family’s workflow to FreeBSD, but it was also exhilarating to learn that “yes, I can do this!.  Since then, I’ve had the opportunity to try out or administer the other BSDs, several Linux distros, SCO, and Solaris. I found that the layout, logic, and release engineering process of the BSDs makes the most sense to me and I’m happiest when on a BSD system.”\n\n\n\nWhen asked, Dru also had a good response to what challenges potential new UNIX or BSD users may face:\n\n\n\n“Students who haven’t been exposed to open source before are used to thinking of technology in terms of a purchasable brand consisting of “black boxes” that are supposed to “just work”, without having to think about how they work. You can (and should) slow down and learn how things work. It can be a mind shift to learn that the freedom to use and change how something works does exist, and isn’t considered stealing. And that learning how something works, while hard, can be fun. BSD culture, in particular, is well suited for those who have the time and temperament to dive into how things work. With over 40 years of freely available source and commit messages, you can dive as deep as you want into learning how things came to be, how they evolved over the years, how they work now, and how they can be improved. There is a diverse range of stuff to choose from: from user tools to networking to memory management to hardware drivers to security mechanisms and so on. There is also a culture of sharing and learning and encouragement for users who demonstrate that they have done their homework and have their own ideas to contribute.”\n\n\n\nThe interview is quite long, and Dru provides fantastic insights into more aspects of BSD in general. Well worth your time to read!\n***\n\n\nBeastie Bits:\n\n\nEd Maste is seeking testing 'without_gpl_dtc' \n“PAM Mastery” tech reviewers wanted\nOPNsense 16.7 RC2\nJupyter Notebook for bootstrapping Arduino on FreeBSD \nThe Design and Implementation of the Anykernel and Rump Kernels (second edition) \nComplete desktop synchronisation with Unison and FreeBSD jails (xjails) \n\n\n\n\nFeedback/Questions\n\n\n Eric - List most popular files \n Robroy - ZFS Write Cache \n Luis - FreeNAS HW Setup \n Emett - Python Followup \n Peter - Multicast + Jails \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" \u003cbr\u003e\n/\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for \u003cbr\u003e\nDevelopers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly \u003cbr\u003e\nParanoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=oss-security\u0026m=146853062403622\u0026w=2\" rel=\"nofollow\"\u003eMultiple Bugs in OpenBSD Kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIts patch Wednesday! (OR last Thursday if you were watching the mailing lists)\u003c/li\u003e\n\u003cli\u003eJesse Hertz and Tim Newsham (part of the NCC Group calling themselves project Triforce) have been working with the OpenBSD team to fix some newly discovered bugs in the kernel using fuzzing.\u003c/li\u003e\n\u003cli\u003eSpecifically they were able to track down several potential methods to corrupt memory or panic the kernel:\n\n\u003cul\u003e\n\u003cli\u003emmap_panic: Malicious calls to mmap() can trigger an allocation panic or trigger memory corruption.\u003c/li\u003e\n\u003cli\u003ekevent_panic: Any user can panic the kernel with the kevent system call.\u003c/li\u003e\n\u003cli\u003ethrsleep_panic: Any user can panic the kernel with the __thrsleep system Call.\u003c/li\u003e\n\u003cli\u003ethrsigdivert_panic: Any user can panic the kernel with the __thrsigdivert system call.\u003c/li\u003e\n\u003cli\u003eufs_getdents_panic: Any user can panic the kernel with the getdents system call.\u003c/li\u003e\n\u003cli\u003emount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when mounting a tmpfs filesystem.\u003c/li\u003e\n\u003cli\u003eunmount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when unmounting a filesystem.\u003c/li\u003e\n\u003cli\u003etmpfs_mknod_panic: Root can panic kernel with mknod on a tmpfs filesystem.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThis was a great find, and we have a link to more of the results, if you would like to explore them in more detail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.openwall.com/lists/oss-security/2016/07/14/5\" rel=\"nofollow\"\u003eNCC Group OpenBSD Kernel fuzzing results\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eWould like to see more work like this done in all of the BSDs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.cockroachlabs.com/blog/critters-in-a-jar-running-cockroachdb-in-a-freebsd-jail/\" rel=\"nofollow\"\u003eRunning CockroachDB in a FreeBSD Jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe developers behind CockroachDB have written up a nice walkthrough of getting their software to run inside FreeBSD jails.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Manually encapsulating CockroachDB using Linux cgroups is no easy task, which is why tools like Docker exist in the first place. By comparison, running server processes natively in FreeBSD jails is straightforward and robust.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe walkthrough begins with compiling CockroachDB straight from source (A port is pending), which is pretty easy relying upon bash / git / gmake and GO.\u003c/li\u003e\n\u003cli\u003eWith the compile finished, the next step will be mounting linprocfs, although that may be going away in the future:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“(Note: Linux compatibility files / packages / libraries are not needed further. CockroachDB uses Linux’s procfs to inspect system properties via gosigar. If/when gosigar evolves to read FreeBSD properties natively, CockroachDB will not need linprocfs any more.)”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith the initial setup complete, the walkthrough then takes us through the process of creating the rc.d script (Which should be included with the port) and ultimately setting up ezjail and deploying CockroachDB within. \u003c/li\u003e\n\u003cli\u003eWith the word getting out about jails and their functionality, we hope to see more projects also provide walkthroughs and FreeBSD support natively. Kudos to the CockroachDB team!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-announce\u0026m=146854517406640\u0026w=2\" rel=\"nofollow\"\u003eUsermount bugs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ekern.usermount, (vfs.usermount on FreeBSD) is a sysctl that can be enabled to allow an unprivileged user to mount filesystems. It is very useful for allowing non-root users to mount a USB stick or other external media.\u003c/li\u003e\n\u003cli\u003eIt is not without its dangers though:\n\u0026gt; “kern.usermount=1 is unsafe for everyone, since it allows any non-pledged program to call the mount/umount system calls.  There is no way any user can be expected to keep their system safe / reliable with this feature. Ignore setting to =1, and after release we\u0026#39;ll delete the sysctl entirely.”\u003c/li\u003e\n\u003cli\u003eIn OpenBSD 6.0 and forward, the setting will no longer work, and root privileges will be required to mount a filesystem\u003c/li\u003e\n\u003cli\u003eIf there is a bug in the filesystem driver, the user could potentially exploit that and root the system\n\u0026gt; “In addition to the patched bugs, several panics were discovered by NCC that can be triggered by root or users with the usermount option set. These bugs are not getting patched because we believe they are only the tip of the iceberg. The mount system call exposes too much code to userland to be considered secure”\u003c/li\u003e\n\u003cli\u003eThis is a very pragmatic way of dealing with these issues, as it is not really possible to be sure that EVERY bug has been fixed, and that this feature is no longer an exploit vector\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160715125022\" rel=\"nofollow\"\u003eusermount being removed from OpenBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eI use this facility in FreeBSD extensively, combined with ZFS permission delegation, to allow non-root users to create and mount new ZFS datasets, and to do replication without requiring any root access\u003c/li\u003e\n\u003cli\u003eThere are some safety belts, for instance: the user must own the directory that the new filesystem will be mounted to, so they can’t mount to /etc and replace the password file with their own\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kristaps.bsd.lv/letskencrypt/\" rel=\"nofollow\"\u003eLet\u0026#39;s Encrypt client from BSD in C\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFile this one under the category of “It’s about time!”, but Kristaps (Who we’ve interviewed in the past) has released some new software for interacting with letsencrypt.\u003c/li\u003e\n\u003cli\u003eThe header for the project site sums it up nicely:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Be up-front about security: OpenSSL is known to have issues, you can\u0026#39;t trust what comes down the pipe, and your private key\u0026#39;s integrity is a hard requirement. Not a situation where you can be careless. letskencrypt is a client for Let\u0026#39;s Encrypt users, but one designed for security. No Python. No Ruby. No Bash.A straightforward, open source     implementation in C that isolates each step of the sequence.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat specifically does it isolate you ask? Right now it is broken down into 6 steps:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eread and parse an account and domain private key\u003cbr\u003e\nauthenticate with the Let\u0026#39;s Encrypt server\u003cbr\u003e\nauthorise each domain listed for the certificate\u003cbr\u003e\nsubmit the X509 request\u003cbr\u003e\nreceive and serialise the signed X509 certificate\u003cbr\u003e\nrequest, receive, and serialise the certificate chain from the issuer\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eI don’t know about all of you, but I’m going to be switching over one of my systems this weekend.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://video.fosdem.org/2016/k4601/\" rel=\"nofollow\"\u003eVideos from the FOSDEM BSD Dev room are now online\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe videos from the BSD Dev room at FOSDEM have been stealthily posted online at some point since last I checked\u003c/li\u003e\n\u003cli\u003eThe videos are individually linked from the talks on the \u003ca href=\"https://archive.fosdem.org/2016/schedule/track/bsd/\" rel=\"nofollow\"\u003eSchedule \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThe talk pages also include the slides, which can help you to follow along\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://kernelnomicon.org/?p=628\" rel=\"nofollow\"\u003eFreeBSD on Jetson TK1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe nVidia Jetson TK1 is a medium sized ARM device that is a big more than your standard Raspberry Pi\u003c/li\u003e\n\u003cli\u003eThe device has:\n\n\u003cul\u003e\n\u003cli\u003eNVIDIA 4-Plus-1™ Quad-Core ARM® Cortex™-A15 CPU (2.3 GHz)\u003c/li\u003e\n\u003cli\u003eNVIDIA Kepler GPU with 192 CUDA Cores\u003c/li\u003e\n\u003cli\u003e2 GB DDR3L x16 Memory with 64-bit Width\u003c/li\u003e\n\u003cli\u003e16 GB 4.51 eMMC Memory\u003c/li\u003e\n\u003cli\u003e1 Half Mini-PCIE Slot\u003c/li\u003e\n\u003cli\u003e1 Full-Size SD/MMC Connector\u003c/li\u003e\n\u003cli\u003e1 Full-Size HDMI Port\u003c/li\u003e\n\u003cli\u003e1 USB 2.0 Port, Micro AB\u003c/li\u003e\n\u003cli\u003e1 USB 3.0 Port, A\u003c/li\u003e\n\u003cli\u003e1 RS232 Serial Port\u003c/li\u003e\n\u003cli\u003e1 ALC5639 Realtek Audio Codec with Mic In and Line Out\u003c/li\u003e\n\u003cli\u003e1 RTL8111GS Realtek GigE LAN\u003c/li\u003e\n\u003cli\u003e1 SATA Data Port\u003c/li\u003e\n\u003cli\u003eSPI 4 MByte Boot Flash\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe following signals are available through an expansion port:\n\n\u003cul\u003e\n\u003cli\u003eDP/LVDS\u003c/li\u003e\n\u003cli\u003eTouch SPI 1x4 + 1x1 CSI-2\u003c/li\u003e\n\u003cli\u003eGPIOs\u003c/li\u003e\n\u003cli\u003eUART\u003c/li\u003e\n\u003cli\u003eHSIC\u003c/li\u003e\n\u003cli\u003ei2c\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe device costs $192 USD from nVidia or Amazon\u003c/li\u003e\n\u003cli\u003eOleksandr Tymoshenko (\u003ca href=\"mailto:gonzo@freebsd.org\" rel=\"nofollow\"\u003egonzo@freebsd.org\u003c/a\u003e) has a post describing what it takes to get FreeBSD running on the Jetson TK1\n\u0026gt; “First of all – my TK1 didn’t have U-Boot. Type of bootloader depends on the version of Linux4Tegra TK1 comes with. Mine had L4T R19, with some kind of “not u-boot” bootloader.”\u003c/li\u003e\n\u003cli\u003eThey tried using the provided tool, compiled on FreeBSD since it uses libusb, but it gave an error. Falling back to trying from Ubuntu, they got the same error.\u003c/li\u003e\n\u003cli\u003eThey then flashed the TK1 with newer firmware, and suddenly, uboot is available.\u003c/li\u003e\n\u003cli\u003eThe post then walks through pxe booting FreeBSD on the TK1\u003c/li\u003e\n\u003cli\u003eThe guide then walks through replacing the UBoot with a version compatible with UBLDR, for more features\u003c/li\u003e\n\u003cli\u003eWe’ll have to wait for another post to get FreeBSD burned onto the device, but at this point, you can reliably boot it without any user interaction\u003c/li\u003e\n\u003cli\u003eI have one of these devices, so I am very interested in this work\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.vidiguard.com/why-we-use-openbsd-at-vidiguard-4521f217b2b7#.9r86v742v\" rel=\"nofollow\"\u003eWhy we use OpenBSD at VidiGaurd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVidiGuard (Which makes autonomous drone solutions for security monitoring) has posted an interesting write-up on why they use OpenBSD.\u003c/li\u003e\n\u003cli\u003eSpecifically they start by mentioning while they are in business to provide physical security, they just as equally value their data security, especially their customer data.\u003c/li\u003e\n\u003cli\u003eThey name 4 specific features that matter to them, starting with Uncompromising Quality and Security:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Over the past 20 years, OpenBSD’s focus on uncompromising quality and code correctness has yielded an operating system second-to-none. Code auditing and review is core to the project’s development process. The team’s focus on security includes integrated cryptography, new security mitigation techniques, and an optional-security-is-no-security stance, making it arguably the most secure operating system available today. This approach pays off in the form of only a few security updates for a given release, compared to other operating systems that might release a handful of updates every week.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eHigh praise indeed! They also mention the sane-defaults, documentation and last but not least, the license as also winning factors in making OpenBSD their operating system of choice.\u003c/li\u003e\n\u003cli\u003eThanks to VidiGuard for publically detailing the use of BSD, and we hope to see other business follow suit!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/dru_lavigne/\" rel=\"nofollow\"\u003e\u0026quot;You can (and should) slow down and learn how things work\u0026quot; – Interview with Dru Lavigne\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you’ve been around the BSD community for any length of time, you no doubt have heard of Dru Lavigne (Or perhaps own one of her books!)\u003c/li\u003e\n\u003cli\u003eShe was recently interviewed by Luca Ferrari for BSD Magazine and you may find it a fascinating read.\u003c/li\u003e\n\u003cli\u003eThe 2nd question asked sounded a lot like our opener to an interview (How did you get into BSD)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“ In the mid 90s, I went back to school to learn network and system administration. As graduation grew near and I started looking for a work, I noticed that all the interesting jobs wanted Unix skills. Wanting to increase my skills, and not having any money, I did an Internet search for “Free Unix”. The first hit was freebsd.org. I went to the website and started reading the Handbook and thought “I can do this”. Since I only had access to one computer and wanted to ramp up my skills quickly, I printed out the installation and networking chapters of the Handbook. I replaced the current operating system with FreeBSD and forced myself to learn how to do everything I needed to do on that computer in FreeBSD. It was a painful (and scary) few weeks as I figured out how to transition the family’s workflow to FreeBSD, but it was also exhilarating to learn that “yes, I can do this!.  Since then, I’ve had the opportunity to try out or administer the other BSDs, several Linux distros, SCO, and Solaris. I found that the layout, logic, and release engineering process of the BSDs makes the most sense to me and I’m happiest when on a BSD system.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhen asked, Dru also had a good response to what challenges potential new UNIX or BSD users may face:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Students who haven’t been exposed to open source before are used to thinking of technology in terms of a purchasable brand consisting of “black boxes” that are supposed to “just work”, without having to think about how they work. You can (and should) slow down and learn how things work. It can be a mind shift to learn that the freedom to use and change how something works does exist, and isn’t considered stealing. And that learning how something works, while hard, can be fun. BSD culture, in particular, is well suited for those who have the time and temperament to dive into how things work. With over 40 years of freely available source and commit messages, you can dive as deep as you want into learning how things came to be, how they evolved over the years, how they work now, and how they can be improved. There is a diverse range of stuff to choose from: from user tools to networking to memory management to hardware drivers to security mechanisms and so on. There is also a culture of sharing and learning and encouragement for users who demonstrate that they have done their homework and have their own ideas to contribute.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe interview is quite long, and Dru provides fantastic insights into more aspects of BSD in general. Well worth your time to read!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits:\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/ed_maste/status/755474764479672321\" rel=\"nofollow\"\u003eEd Maste is seeking testing \u0026#39;without_gpl_dtc\u0026#39;\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2717\" rel=\"nofollow\"\u003e“PAM Mastery” tech reviewers wanted\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://opnsense.org/opnsense-16-7-rc2-released/\" rel=\"nofollow\"\u003eOPNsense 16.7 RC2\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://nbviewer.jupyter.org/github/DadAtH-me/Projects/blob/master/arduino-on-nix.ipynb\" rel=\"nofollow\"\u003eJupyter Notebook for bootstrapping Arduino on FreeBSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.fixup.fi/misc/rumpkernel-book/\" rel=\"nofollow\"\u003eThe Design and Implementation of the Anykernel and Rump Kernels (second edition)\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/kbs1/freebsd-synced-xjails\" rel=\"nofollow\"\u003eComplete desktop synchronisation with Unison and FreeBSD jails (xjails)\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/S7u0VeVi\" rel=\"nofollow\"\u003e Eric - List most popular files\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/81Zmj0cX\" rel=\"nofollow\"\u003e Robroy - ZFS Write Cache\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/SfeKR7v2\" rel=\"nofollow\"\u003e Luis - FreeNAS HW Setup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/wy4ar0YH\" rel=\"nofollow\"\u003e Emett - Python Followup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/zd2QAu25\" rel=\"nofollow\"\u003e Peter - Multicast + Jails\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved","date_published":"2016-07-20T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a6d4cae2-dede-4e13-bab3-af1ea6a03992.mp3","mime_type":"audio/mpeg","size_in_bytes":50343700,"duration_in_seconds":4195}]},{"id":"00b6ee02-f104-4624-9691-b5333683a5ed","title":"150: Sprinkle a little BSD into your life.","url":"https://www.bsdnow.tv/150","content_text":"Today on the show, we are going to be talking to Jim Brown (of BSD Cert Fame) about his home-brew sprinkler system… Wait for it…\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nDistrowatch reviews OpenBSD and PCBSD's live upgrade method\n\n\nUpgrading… The bane of any sysadmin! Distrowatch has recently done a write-up on the in-place upgrading of various distros / BSDs including PC-BSD and OpenBSD.\nLets look first at the PC-BSD attempt, which was done going from 9.2 -\u0026gt; 10. \n\n\n\n“I soon found trying to upgrade either the base system or pkg would fail. The update manager did not provide details as to what had gone wrong and so I decided to attempt a manual upgrade by following the FreeBSD Handbook as I had when performing a live upgrade of FreeBSD back in May. At first the manual process seemed to work, downloading the necessary patches for FreeBSD 10 and getting me to resolve conflicts between my existing configuration files and the new versions. Part way through, we are asked to reboot and then continue the upgrade process using the freebsd-update command utility. PC-BSD failed to reboot and, in fact, the boot loader no longer found any operating systems to run.”\n\n\n\nOuch! I’m not sure on the particular commands used, but to lose the boot-loader indicates something went horribly wrong. There is good news in this though. After the pain experienced in the 9.X upgrade process, 11.0 has been vastly improved to help fix this going forward. The updater is also self-updating, which means future changes to tools such as package can be accounted for in previously released versions.\nMoving on to OpenBSD, Jesse had much better luck:\n\u0026gt; “The documentation provided explains how to upgrade OpenBSD 5.8 to version 5.9 step-by-step and the instructions worked exactly as laid out. Upgrading requires two reboots, one to initiate the upgrade process and one to boot into the new version of OpenBSD. Upgrading the base operating system took approximately ten minutes, including the two reboots. Upgrading the third-party packages took another minute or two. The only quirk I ran into was that I had to manually update my repository mirror information to gain access to the new packages available for OpenBSD 5.9. If this step is not done, then the pkg_add package manager will continue to pull in packages from the old repository we set up for OpenBSD 5.8. “\nA good read, and they covered some Linux distros such as Mint and OpenMandriva as well, if you want to find out how they fared.\n***\n\n\nA curated list of awesome DTrace books, articles, videos, tools and resources\n\n\nThe website awesome-dtrace.com compiles a list of resources, including books, articles, videos, tools, and other resources, to help you get the most out of DTrace\nThe list of books includes 2 open source books that are available on the web, and of course Brendan Gregg’s official DTrace book\nThere are also cheat sheets, one-liner collections, and a set of DTrace war stories\nA breakdown of different PID providers and the userspace statically defined tracepoints\nThe videos from DTrace.conf 2008, 2012, and soon 2016\nAnd links to the tools to start using DTrace with your favourite programming language, including Erlang, Node.JS, Perl, PHP, Python, or Ruby\nThere are also DTrace setups for MySQL/MariaDB, and PostreSQL\nJoyent has even written a mod_usdt DTrace module for the Apache web server\nThis seems like a really good resource, and with the efforts of the new OpenDTrace project, to modernize the dtracetoolkit and make it more useful across the different supported operating systems, there has never been a better time to start learning DTrace\n***\n\n\nInstalling OpenBSD using a serial console with no external monitor\n\n\nHave you found yourself needing to install OpenBSD from USB, but with a twist, as in no external monitor? Well somebody has and asked the question on stackexchange.\nThe answer provided is quite well explained, but in a nut-shell the process involves downloading the USB image and making some tweaks before copying it to the physical media.\nSpecifically with a couple of well-placed echo’s into boot.conf, the serial-port can be enabled and ready for use:\n\n\n\necho \"stty com0 115200\" \u0026gt; /mnt/etc/boot.conf\n echo \"set tty com0\" \u0026gt;\u0026gt; /mnt/etc/boot.conf\n\n\nAfter that, simply boot the box and you are ready to access the serial console and drive the installation as normal! #bsdhacks\n***\n\n\n\nGSoC 2016 Reports: Split debug symbols for pkgsrc builds\n\n\nThe NetBSD blog provides a status report on one of the GSoC projects that is nearing its midterm evaluation\nThe project to split debugging data into separate pkgsrc packages, so that users can install the debugging symbols if they need them to debug a failing application\nThe report is very detailed, and includes “A quick introduction to ELF and how debug information are stored/stripped off”\nIt walks through the process of writing a simple example application, compiling it, and dealing with the debug data\nIt includes a number of very useful diagrams, and a summary of what changes needed to be make to the pkgsrc makefile infrastructure\nWith this as a recipe, someone should be able to do something quite similar for FreeBSD’s ports tree\n***\n\n\niXsystems\n\n\niXsystems’ TrueNAS Firmware Update Delivers Compelling Performance, Replication, and Graphing Improvements \n***\n\n\nInterview - Jim Brown - jpb@jimby.name\n\nFreeBSD+BBB Sprinkler System\n\n\n\nNews Roundup\n\nFrom the past : A Research Unix Reader\n\n\nA paper by by Douglas McIlroy\n“Selected pages from the nine research editions of the UNIX® Programmer’s Manual illustrate the development of the system”\n“Accompanying commentary recounts some of the needs, events, and individual contributions that shaped this evolution.”\nInteresting insight into the evolution of the origin UNIX operating system\n***\n\n\nEvolution of C programming practices – Unix 1973–2015\n\n\nFrom the author of the recent post we covered, “20 years of NetBSD code bloat”, comes a new post\n“I found a recent paper that also looks at how the BSD code base has evolved, but from a very different perspective compared to my code-size investigation.”\nThe paper \"The Evolution of C Programming Practices: A Study of the Unix Operating System 1973–2015\" investigates coding style, and tests seven hypotheses by looking at metrics (line length, number of volatile in the source code, etc.) in 66 releases of Unix from 1973 to 2014. The hypotheses are:\n\u0026gt; + Programming practices reflect technology affordances (e.g. developers may be more liberal with screen space when using high resolution displays)\n\u0026gt; + Modularity increases with code size\n\u0026gt; + New language features are increasingly used to saturation point\n\u0026gt; + Programmers trust the compiler for register allocation\n\u0026gt; + Code formatting practices converge to a common standard\n\u0026gt; + Software complexity evolution follows self correction feedback mechanisms\n\u0026gt; + Code readability increases\nand the result is that they seem to be true, as interpreted through the metrics.\n\u0026gt; “The data points for the releases have somewhat random dates. One issue is that the paper use each release's mean file date (the average of the files' last modification time) instead of the release date (that is why the graphs stop at November 2010, even though FreeBSD 10 was released in 2014). The idea is that this better reflects the age of the code base, but this has the effect of compressing some of the data points (especially the clustering around 1993-1994), and it makes the spline fitting even more suspect.”\n\u0026gt; “One other problem is that the original data used by the researchers seems to have incorrect timestamps. For example, 4.3BSD Net/1 was released in 1989, but is listed as 1993-12-25 in the paper. The same is true for at least the Net/2 release too, which was released in 1991, but the paper list it as 1993-07-02.”\n***\n\n\n[old release pictures]\n\n\nopenbsd 2.1 - 5.9, straight from theo's bookshelf. \nSpeaking of old releases, our Producer JT picked up this gem at Southeast Linuxfest this year \nNoah Axon shares a scan of his NetBSD 1.4 disc \nJan van den broek shares a pic of his FreeBSD 2.2.5 set \n***\n\n\nFreeBSD: Just in Time\n\n\nAnother BSDMag goodie this week, we have a small article written by Jonathan Garrido  which details their experience switching to FreeBSD for a NTP server.\nThe article is short, but a good read:\n\u0026gt; “A Few years ago we had a time problem. Suddenly our linux NTP server, for a reason that I still do not know, started to fail giving us a lot of issues within all the equipment and services within our network. After a quick and brief meeting with management, I found out that there was not sufficient budget left for a fancy and well-suited appliance. So, with no time (literally) and no money to spend, I decided to give it a try and utilized a homemade open source solution, and the operating system of choice was FreeBSD 10.0.”\n\n\n\n“Now, let’s pause for a second. You may be thinking, why in the world is this guy doing this, when he has never installed a BSD machine in his life? The answer is very simple; here, in the Dominican Republic, in the heart of the Caribbean, FreeBSD has a very good reputation when it comes to reliability and security. In fact, there is some collective thought within the sysadmin community that says something like: “If you want to deal only once with a service, install it over FreeBSD.””\n\n\n\nJonathan then goes through some of the steps taken to initial deploy NTP services, but with that out of the way, he has a great summary:\n\u0026gt; “Fascinated with the whole experience, we migrate one of our internal dns servers to a second FreeBSD machine and at the moment of this writing we are testing haproxy, an open source load-balancing proxy into a another server with the same OS.\n\u0026gt; After all this, no time issues have been reported in the past 2 years, so at least for my environment, FreeBSD came just in time.“\n***\n\n\nBeastie Bits\n\n\nMiniBSD laptop computer \nThe state of LibreSSL in FreeBSD \nJustin Sherrill is looking for someone willing to run a Go builder with DragonflyBSD\nTiny Unix tools for Windows \nOpenBSD's doas added to the FreeBSD Ports Tree \nubuntuBSD 16.04 to feature a combo of BusyBox and OpenRC, no systemd \nSyncast Podcast 4 : Curl, libcurl and the future of the web, with Daniel Stenberg \n\n\n\n\nFeedback/Questions\n\n\n Harri - Using beadm / zfssnap  \n Jonathan - bhyve vs Proxmox  \n Mohammad - Bhyve gfx passthrough \n Jeremy - Shapshots and more Snapshots \n Ron - Microphone \n***\n","content_html":"\u003cp\u003eToday on the show, we are going to be talking to Jim Brown (of BSD Cert Fame) about his home-brew sprinkler system… Wait for it…\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://distrowatch.com/weekly.php?issue=20160620#upgrade\" rel=\"nofollow\"\u003eDistrowatch reviews OpenBSD and PCBSD\u0026#39;s live upgrade method\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpgrading… The bane of any sysadmin! Distrowatch has recently done a write-up on the in-place upgrading of various distros / BSDs including PC-BSD and OpenBSD.\u003c/li\u003e\n\u003cli\u003eLets look first at the PC-BSD attempt, which was done going from 9.2 -\u0026gt; 10. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“I soon found trying to upgrade either the base system or pkg would fail. The update manager did not provide details as to what had gone wrong and so I decided to attempt a manual upgrade by following the FreeBSD Handbook as I had when performing a live upgrade of FreeBSD back in May. At first the manual process seemed to work, downloading the necessary patches for FreeBSD 10 and getting me to resolve conflicts between my existing configuration files and the new versions. Part way through, we are asked to reboot and then continue the upgrade process using the freebsd-update command utility. PC-BSD failed to reboot and, in fact, the boot loader no longer found any operating systems to run.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eOuch! I’m not sure on the particular commands used, but to lose the boot-loader indicates something went horribly wrong. There is good news in this though. After the pain experienced in the 9.X upgrade process, 11.0 has been vastly improved to help fix this going forward. The updater is also self-updating, which means future changes to tools such as package can be accounted for in previously released versions.\u003c/li\u003e\n\u003cli\u003eMoving on to OpenBSD, Jesse had much better luck:\n\u0026gt; “The documentation provided explains how to upgrade OpenBSD 5.8 to version 5.9 step-by-step and the instructions worked exactly as laid out. Upgrading requires two reboots, one to initiate the upgrade process and one to boot into the new version of OpenBSD. Upgrading the base operating system took approximately ten minutes, including the two reboots. Upgrading the third-party packages took another minute or two. The only quirk I ran into was that I had to manually update my repository mirror information to gain access to the new packages available for OpenBSD 5.9. If this step is not done, then the pkg_add package manager will continue to pull in packages from the old repository we set up for OpenBSD 5.8. “\u003c/li\u003e\n\u003cli\u003eA good read, and they covered some Linux distros such as Mint and OpenMandriva as well, if you want to find out how they fared.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://awesome-dtrace.com/\" rel=\"nofollow\"\u003eA curated list of awesome DTrace books, articles, videos, tools and resources\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe website awesome-dtrace.com compiles a list of resources, including books, articles, videos, tools, and other resources, to help you get the most out of DTrace\u003c/li\u003e\n\u003cli\u003eThe list of books includes 2 open source books that are available on the web, and of course Brendan Gregg’s official DTrace book\u003c/li\u003e\n\u003cli\u003eThere are also cheat sheets, one-liner collections, and a set of DTrace war stories\u003c/li\u003e\n\u003cli\u003eA breakdown of different PID providers and the userspace statically defined tracepoints\u003c/li\u003e\n\u003cli\u003eThe videos from DTrace.conf 2008, 2012, and soon 2016\u003c/li\u003e\n\u003cli\u003eAnd links to the tools to start using DTrace with your favourite programming language, including Erlang, Node.JS, Perl, PHP, Python, or Ruby\u003c/li\u003e\n\u003cli\u003eThere are also DTrace setups for MySQL/MariaDB, and PostreSQL\u003c/li\u003e\n\u003cli\u003eJoyent has even written a mod_usdt DTrace module for the Apache web server\u003c/li\u003e\n\u003cli\u003eThis seems like a really good resource, and with the efforts of the new OpenDTrace project, to modernize the dtracetoolkit and make it more useful across the different supported operating systems, there has never been a better time to start learning DTrace\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://unix.stackexchange.com/questions/292891/how-can-i-install-openbsd-using-the-serial-console-without-external-monitor-wi\" rel=\"nofollow\"\u003eInstalling OpenBSD using a serial console with no external monitor\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHave you found yourself needing to install OpenBSD from USB, but with a twist, as in no external monitor? Well somebody has and asked the question on stackexchange.\u003c/li\u003e\n\u003cli\u003eThe answer provided is quite well explained, but in a nut-shell the process involves downloading the USB image and making some tweaks before copying it to the physical media.\u003c/li\u003e\n\u003cli\u003eSpecifically with a couple of well-placed echo’s into boot.conf, the serial-port can be enabled and ready for use:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eecho \u0026quot;stty com0 115200\u0026quot; \u0026gt; /mnt/etc/boot.conf\u003cbr\u003e\n echo \u0026quot;set tty com0\u0026quot; \u0026gt;\u0026gt; /mnt/etc/boot.conf\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter that, simply boot the box and you are ready to access the serial console and drive the installation as normal! #bsdhacks\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/gsoc_2016_reports_split_debug\" rel=\"nofollow\"\u003eGSoC 2016 Reports: Split debug symbols for pkgsrc builds\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe NetBSD blog provides a status report on one of the GSoC projects that is nearing its midterm evaluation\u003c/li\u003e\n\u003cli\u003eThe project to split debugging data into separate pkgsrc packages, so that users can install the debugging symbols if they need them to debug a failing application\u003c/li\u003e\n\u003cli\u003eThe report is very detailed, and includes “A quick introduction to ELF and how debug information are stored/stripped off”\u003c/li\u003e\n\u003cli\u003eIt walks through the process of writing a simple example application, compiling it, and dealing with the debug data\u003c/li\u003e\n\u003cli\u003eIt includes a number of very useful diagrams, and a summary of what changes needed to be make to the pkgsrc makefile infrastructure\u003c/li\u003e\n\u003cli\u003eWith this as a recipe, someone should be able to do something quite similar for FreeBSD’s ports tree\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/ixsystems-truenas-firmware-update-delivers-compelling-performance-replication-graphing-improvements/\" rel=\"nofollow\"\u003eiXsystems’ TrueNAS Firmware Update Delivers Compelling Performance, Replication, and Graphing Improvements\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jim Brown - \u003ca href=\"mailto:jpb@jimby.name\" rel=\"nofollow\"\u003ejpb@jimby.name\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD+BBB Sprinkler System\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.cs.dartmouth.edu/%7Edoug/reader.pdf\" rel=\"nofollow\"\u003eFrom the past : A Research Unix Reader\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA paper by by Douglas McIlroy\u003c/li\u003e\n\u003cli\u003e“Selected pages from the nine research editions of the UNIX® Programmer’s Manual illustrate the development of the system”\u003c/li\u003e\n\u003cli\u003e“Accompanying commentary recounts some of the needs, events, and individual contributions that shaped this evolution.”\u003c/li\u003e\n\u003cli\u003eInteresting insight into the evolution of the origin UNIX operating system\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://kristerw.blogspot.com/2016/06/evolution-of-c-programming-practices.html\" rel=\"nofollow\"\u003eEvolution of C programming practices – Unix 1973–2015\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the author of the recent post we covered, “20 years of NetBSD code bloat”, comes a new post\u003c/li\u003e\n\u003cli\u003e“I found a recent paper that also looks at how the BSD code base has evolved, but from a very different perspective compared to my code-size investigation.”\u003c/li\u003e\n\u003cli\u003eThe paper \u0026quot;The Evolution of C Programming Practices: A Study of the Unix Operating System 1973–2015\u0026quot; investigates coding style, and tests seven hypotheses by looking at metrics (line length, number of volatile in the source code, etc.) in 66 releases of Unix from 1973 to 2014. The hypotheses are:\n\u0026gt; + Programming practices reflect technology affordances (e.g. developers may be more liberal with screen space when using high resolution displays)\n\u0026gt; + Modularity increases with code size\n\u0026gt; + New language features are increasingly used to saturation point\n\u0026gt; + Programmers trust the compiler for register allocation\n\u0026gt; + Code formatting practices converge to a common standard\n\u0026gt; + Software complexity evolution follows self correction feedback mechanisms\n\u0026gt; + Code readability increases\u003c/li\u003e\n\u003cli\u003eand the result is that they seem to be true, as interpreted through the metrics.\n\u0026gt; “The data points for the releases have somewhat random dates. One issue is that the paper use each release\u0026#39;s mean file date (the average of the files\u0026#39; last modification time) instead of the release date (that is why the graphs stop at November 2010, even though FreeBSD 10 was released in 2014). The idea is that this better reflects the age of the code base, but this has the effect of compressing some of the data points (especially the clustering around 1993-1994), and it makes the spline fitting even more suspect.”\n\u0026gt; “One other problem is that the original data used by the researchers seems to have incorrect timestamps. For example, 4.3BSD Net/1 was released in 1989, but is listed as 1993-12-25 in the paper. The same is true for at least the Net/2 release too, which was released in 1991, but the paper list it as 1993-07-02.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e[old release pictures]\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/blakkheim/status/747540167112671232\" rel=\"nofollow\"\u003eopenbsd 2.1 - 5.9, straight from theo\u0026#39;s bookshelf.\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/q5sys/status/748003859012984837\" rel=\"nofollow\"\u003eSpeaking of old releases, our Producer JT picked up this gem at Southeast Linuxfest this year\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://plus.google.com/+NoahAxon/posts/VsiQhUn3tHb\" rel=\"nofollow\"\u003eNoah Axon shares a scan of his NetBSD 1.4 disc\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://plus.google.com/101232368324501316985/posts/4QsaJE2KxXh\" rel=\"nofollow\"\u003eJan van den broek shares a pic of his FreeBSD 2.2.5 set\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/just_in_time/\" rel=\"nofollow\"\u003eFreeBSD: Just in Time\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother BSDMag goodie this week, we have a small article written by Jonathan Garrido  which details their experience switching to FreeBSD for a NTP server.\u003c/li\u003e\n\u003cli\u003eThe article is short, but a good read:\n\u0026gt; “A Few years ago we had a time problem. Suddenly our linux NTP server, for a reason that I still do not know, started to fail giving us a lot of issues within all the equipment and services within our network. After a quick and brief meeting with management, I found out that there was not sufficient budget left for a fancy and well-suited appliance. So, with no time (literally) and no money to spend, I decided to give it a try and utilized a homemade open source solution, and the operating system of choice was FreeBSD 10.0.”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Now, let’s pause for a second. You may be thinking, why in the world is this guy doing this, when he has never installed a BSD machine in his life? The answer is very simple; here, in the Dominican Republic, in the heart of the Caribbean, FreeBSD has a very good reputation when it comes to reliability and security. In fact, there is some collective thought within the sysadmin community that says something like: “If you want to deal only once with a service, install it over FreeBSD.””\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eJonathan then goes through some of the steps taken to initial deploy NTP services, but with that out of the way, he has a great summary:\n\u0026gt; “Fascinated with the whole experience, we migrate one of our internal dns servers to a second FreeBSD machine and at the moment of this writing we are testing haproxy, an open source load-balancing proxy into a another server with the same OS.\n\u0026gt; After all this, no time issues have been reported in the past 2 years, so at least for my environment, FreeBSD came just in time.“\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://hackaday.io/project/643-minibsd-laptop-computer\" rel=\"nofollow\"\u003eMiniBSD laptop computer\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attilagyorffy.com/2016/07/02/the-state-of-libressl-in-freebsd/\" rel=\"nofollow\"\u003eThe state of LibreSSL in FreeBSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2016/07/01/18372.html\" rel=\"nofollow\"\u003eJustin Sherrill is looking for someone willing to run a Go builder with DragonflyBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://tinyapps.org/blog/windows/201606040700_tiny_unix_tools_windows.html\" rel=\"nofollow\"\u003eTiny Unix tools for Windows\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.freshports.org/security/doas/\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s doas added to the FreeBSD Ports Tree\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://linux.softpedia.com/blog/ubuntubsd-16-04-will-feature-a-combination-of-busybox-and-openrc-but-no-systemd-505463.shtml\" rel=\"nofollow\"\u003eubuntuBSD 16.04 to feature a combo of BusyBox and OpenRC, no systemd\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://podcast.sysca.st/podcast/4-curl-libcurl-future-web-daniel-stenberg/\" rel=\"nofollow\"\u003eSyncast Podcast 4 : Curl, libcurl and the future of the web, with Daniel Stenberg\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/qKeCd63F\" rel=\"nofollow\"\u003e Harri - Using beadm / zfssnap \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/EhXDwbWQ\" rel=\"nofollow\"\u003e Jonathan - bhyve vs Proxmox \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ZCNk4Bga\" rel=\"nofollow\"\u003e Mohammad - Bhyve gfx passthrough\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/xp7nzEYa\" rel=\"nofollow\"\u003e Jeremy - Shapshots and more Snapshots\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/H2xr53CR\" rel=\"nofollow\"\u003e Ron - Microphone\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Today on the show, we are going to be talking to Jim Brown (of BSD Cert Fame) about his home-brew sprinkler system… Wait for it…","date_published":"2016-07-13T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/00b6ee02-f104-4624-9691-b5333683a5ed.mp3","mime_type":"audio/mpeg","size_in_bytes":58734580,"duration_in_seconds":4894}]},{"id":"24138cd0-e03d-4871-a6b5-6c78f13bd631","title":"149: The bhyve has been disturbed, and a wild Dexter appears!","url":"https://www.bsdnow.tv/149","content_text":"Today on the show, we are going to be chatting with Michael Dexter about a variety of topics, but of course including bhyve! That plus\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nNetBSD Introduction\n\n\nWe start off today’s episode with a great new NetBSD article!\nSiju Oommen George has written an article for BSDMag, which provides a great overview of NetBSD’s beginnings and what it is today.\nOf course you can’t start an article about NetBSD without mentioning where the name came from:\n\n\n“The four founders of the NetBSD project, Chris Demetriou, Theo de Raadt, Adam Glass, and Charles Hannum, felt that a more open development model would benefit the project: one centered on portable, clean and correct code. They aimed to produce a unified, multi-platform, production-quality, BSD-based operating system. The name “NetBSD” was suggested by de Raadt, based on the importance and growth of networks, such as the Internet at that time, the distributed and collaborative nature of its development.”\n\n\nFrom there NetBSD has expanded, and keeping in line with its motto “Of course it runs NetBSD” it has grown to over 57 hardware platforms, including “IA-32, Alpha, PowerPC,SPARC, Raspberry pi 2, SPARC64 and Zaurus”\nFrom there topics such as pkgsrc, SMP, embedded and of course virtualization are all covered, which gives the reader a good overview of what to expect in the modern NetBSD today.\nLastly, in addition to mentioning some of the vendors using NetBSD in a variety of ways, including Point-Of-Sale systems, routers and thin-clients, you may not have known about the research teams which deploy NetBSD:\n\n\n\nNASA Lewis Research Center – Satellite Networks and Architectures Branch use NetBSD almost exclusively in their investigation of TCP for use in satellite networks.\nKAME project – A research group for implementing IPv6, IPsec and other recent TCP/IP related technologies into BSD UNIX kernels, under BSD license.\nNEC Europe Ltd. established the Network Laboratories in Heidelberg, Germany in 1997, as NEC’s third research facility in Europe. The Heidelberg labs focus on software-oriented research and development for the next generation Internet.\nSAMS-II Project – Space Acceleration Measurement System II. NASA will be measuring the microgravity environment on the International Space Station using a distributed system, consisting of NetBSD.“\n\n\n\n\nMy condolences, you’re now the maintainer of a popular open source project\n\n\nA presentation from a Wordpress conference, about what it is like to be the maintainer of a popular open source project\nThe presentation covers the basics:\nOpen Source is more than just the license, it is about community and involvement\nThe difference between Maintainers and Contributors\nIt covers some of the reasons people do not open up their code, and other common problems people run into:\n\n\n“I'm embarrassed by my code” (Hint: so is everyone else, post it anyway, it is the best way to learn)\n“I'm discouraged that I can't finish releases on time”\n“I'm overwhelmed by the PR backlog”\n“I'm frustrated when issues turn into flamewars”\n“I'm overcommitted on my open source involvement”\n“I feel all alone”\n\nEach of those points is met with advice and possible solutions\nSo, there you have it. Open up your code, or join an existing project and help maintain it\n***\n\n\nFreeBSD Committer Allan Jude Discusses the Advantages of FreeBSD and His Role in Keeping Millions of Servers Running\n\n\n An interesting twist on our normal news-stories today, we have an article featuring our very own Allan Jude, talking about why FreeBSD and the advantages of working on an open-source project.\n\n\n\n“When Allan started his own company hosting websites for video streaming, FreeBSD was the only operating system he had previously used with other hosts. Based on his experience and comfort with it, he trusted the system with the future of his budding business.A decade later, the former-SysAdmin went to a conference focused on the open-source operating system, where he ran into some of the folks on its documentation team. “They inspired me,” he told our team in a recent chat. He began writing documentation but soon wanted to contribute improvements beyond the docs.Today, Allan sits as a FreeBSD Project Committer. It’s rare that you get to chat with someone involved with a massive-scale open-source project like this — rare and awesome.”\n\n\n\nFrom there Allan goes into some of the reasons “Why” FreeBSD, starting with Code Organization being well-maintained and documented:\n\n\n\n“The FreeBSD Project functions like an extremely well-organized world all its own. Allan explained the environment: “There’s a documentation page that explains how the file system’s laid out and everything has a place and it always goes in that place.””\n\n\nIn addition, Allan gives us some insight into his work to bring Boot-Environments to the loader, and other reasons why FreeBSD “just makes sense”\nIn summary Allan wraps it up quite nicely:\n\n\n“An important take-away is that you don’t have to be a major developer with tons of experience to make a difference in the project,” Allan said — and the difference that devs like Allan are making is incredible. If you too want to submit the commit that contributes to the project relied on by millions of web servers, there are plenty of ways to get involved!\n\nWe’re especially talking to SysAdmins here, as Allan noted that they are the main users of FreeBSD. “Having more SysAdmins involved in the actual build of the system means we can offer the tools they’re looking for — designed the way a SysAdmin would want them designed, not necessarily the way a developer would think makes the most sense”\n\n\n\n\nA guide to saving electricity and time with poudriere and bhyve\n\n\n“This article goes over running poudriere to built packages for a Raspberry Pi with the interesting twist of running it both as a bhyve guest and then switching to running on bare metal via Fiber Channel via ctld by sharing the same ZFS volume.”\n“Firstly, poudriere can build packages for different architectures such as ARM. This can save hours of build time compared to building ports from said ARM device.”\n“Secondly, let’s say a person has an always-on device (NAS) running FreeBSD. To save power, this device has a CPU with a low clock-rate and low core count. This low clock-rate and core count is great for saving power but terrible for processor intensive application such as poudriere. Let’s say a person also has another physical server with fast processors and a high CPU count but draws nearly twice the power and a fan noise to match.”\n“To get the best of both worlds, the goal is to build the packages on the fast physical server, power it down, and then start the same ZFS volume in a bhyve environment to serve packages from the always-on device.”\nThe tutorial walks through setting up ‘ahost’, the always on machine, ‘fhost’ the fast but noisy build machine, and a raspberry pi\nIt also includes creating a zvol, configuring iSCSI over fibre channel and exporting the zvol, booting an iSCSI volume in bhyve, plus installing and setting up poudriere\nThis it configures booting over fibre channel, and cross-building armv6 (raspberry pi) packages on the fast build machine\nThen the fast machine is shut down, and the zvol is booted in bhyve on the NAS\nEverything you need to know to make a hybrid physical/virtual machine\nThe same setup could also work to run the same bhyve VM from either ahost or fhost\nbhyve does not yet support live migration, but when it does, having common network storage like the zvol will be an important part of that\n***\n\n\nInterview - Michael Dexter - editor@callfortesting.org / @michaeldexter\n\n\nThe RoloDexter\n***\n\n\niXSystems\n\n\nChildren's Minnesota Star Studio Chooses iXsystems' TrueNAS Storage \n***\n\n\nNews Roundup\n\nFreeBSD Foundation June 2016 Update\n\n\nThe FreeBSD Foundation’s June newsletter is out\nMake sure you submit the FreeBSD Community Survey by July 7th:\nIn addition to the opening message from the executive director of the foundation, the update includes details to sponsored work on the FreeBSD VM system, reports from a number of conferences the Foundation attended, including BSDCan\nThe results of the foundation's yearly board meeting\nPeople the foundation recognized for their contributions to FreeBSD at BSDCan\nAnd an introduction to their new “Getting Started with FreeBSD” project\n***\n\n\n[How-To] Building the FreeBSD OS from scratch\n\n\nA tutorial over at the All-NetTools.com forums that walks through building FreeBSD from scratch\nI am not sure why anyone would want to build Xorg from source, but you can\nIt covers everything in quite a bit of detail, from the installation process through adding Xorg and a window manager from source\nIt also includes tweaking some device node permissions for easier operation as a non-root user, and configuring the firewall\n***\n\n\nWindow Systems Should Be Transparent + Rob Pike of AT\u0026amp;T Labs writes about why Window Systems should be transparent\n\n\nThis is an old paper (undated, but I think from the late 80s), but may contain some timeless insights\n“UNIX window systems are unsatisfactory. Because they are cumbersome and complicated, they are unsuitable companions for an operating system that is appreciated for its technical elegance”\n“A good interface should clarify the view, not obscure it”\n“Mux is one window system that is popular and therefore worth studying as an example of good design. (It is not commercially important because it runs only on obsolete hardware.) This paper uses mux as a case study to illustrate some principles that can help keep a user interface simple, comfortable, and unobtrusive. When designing their products, the purveyors of commercial window systems should keep these principles in mind.”\nThere are not many commercial window systems anymore, but “open source” was not really a big thing when this paper was written\n***\n\n\nRoger Faulkner, of Solaris fame passed away \n\n\n“RIP Roger Faulkner: creator of the One and True /proc, slayer of the M-to-N threading model -- and the godfather of post-AT\u0026amp;T Unix”\n@bcantrill: Another great Roger Faulkner story  \nThe story of how pgrep -w saved a monitor -- if not a life \n@bcantrill: With Roger Faulkner, Tim led an engineering coup inside Sun that saved Solaris circa 2.5 \n***\n\n\nBeastie Bits:\n\n\nDeveloper Ed Maste is requesting information from those who are users of libvgl. \nHEADS UP: DragonFly 4.5 world reneeds rebuilding \nChris Buechler is leaving the pfSense project, the entire community thanks you for your many years of service  \nGhostBSD 10.3-BETA1 now available \nDragonFlyBSD adds nvmectl \nOPNsense 16.1.18 released \nbhyve_graphics hit CURRENT \n\n\n\n\nBUG Update\n\n\nFreeBSD Central Twitter account looking for a new owner  \nNYCBUG meeting : Meet the Smallest BSDs: RetroBSD and LiteBSD, Brian Callahan \nNYCBUG install fest @ HOPE \nSemiBUG is looking for presentations for September and beyond \nCaleb Cooper is giving a talk on Crytpo at KnoxBUG on July 26th \n\n\n\n\nFeedback/Questions\n\n\n Leif - ZFS xfer  \n Zach - Python3 \n Dave - Versioning \n David - Encrypted Disk Images \n Eli - TLF in all the wrong places \n***\n","content_html":"\u003cp\u003eToday on the show, we are going to be chatting with Michael Dexter about a variety of topics, but of course including bhyve! That plus\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/netbsd_intr/\" rel=\"nofollow\"\u003eNetBSD Introduction\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe start off today’s episode with a great new NetBSD article!\u003c/li\u003e\n\u003cli\u003eSiju Oommen George has written an article for BSDMag, which provides a great overview of NetBSD’s beginnings and what it is today.\u003c/li\u003e\n\u003cli\u003eOf course you can’t start an article about NetBSD without mentioning where the name came from:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e“The four founders of the NetBSD project, Chris Demetriou, Theo de Raadt, Adam Glass, and Charles Hannum, felt that a more open development model would benefit the project: one centered on portable, clean and correct code. They aimed to produce a unified, multi-platform, production-quality, BSD-based operating system. The name “NetBSD” was suggested by de Raadt, based on the importance and growth of networks, such as the Internet at that time, the distributed and collaborative nature of its development.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom there NetBSD has expanded, and keeping in line with its motto “Of course it runs NetBSD” it has grown to over 57 hardware platforms, including “IA-32, Alpha, PowerPC,SPARC, Raspberry pi 2, SPARC64 and Zaurus”\u003c/li\u003e\n\u003cli\u003eFrom there topics such as pkgsrc, SMP, embedded and of course virtualization are all covered, which gives the reader a good overview of what to expect in the modern NetBSD today.\u003c/li\u003e\n\u003cli\u003eLastly, in addition to mentioning some of the vendors using NetBSD in a variety of ways, including Point-Of-Sale systems, routers and thin-clients, you may not have known about the research teams which deploy NetBSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eNASA Lewis Research Center – Satellite Networks and Architectures Branch use NetBSD almost exclusively in their investigation of TCP for use in satellite networks.\u003cbr\u003e\nKAME project – A research group for implementing IPv6, IPsec and other recent TCP/IP related technologies into BSD UNIX kernels, under BSD license.\u003cbr\u003e\nNEC Europe Ltd. established the Network Laboratories in Heidelberg, Germany in 1997, as NEC’s third research facility in Europe. The Heidelberg labs focus on software-oriented research and development for the next generation Internet.\u003cbr\u003e\nSAMS-II Project – Space Acceleration Measurement System II. NASA will be measuring the microgravity environment on the International Space Station using a distributed system, consisting of NetBSD.“\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://runcommand.io/2016/06/26/my-condolences-youre-now-the-maintainer-of-a-popular-open-source-project/\" rel=\"nofollow\"\u003eMy condolences, you’re now the maintainer of a popular open source project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA presentation from a Wordpress conference, about what it is like to be the maintainer of a popular open source project\u003c/li\u003e\n\u003cli\u003eThe presentation covers the basics:\u003c/li\u003e\n\u003cli\u003eOpen Source is more than just the license, it is about community and involvement\u003c/li\u003e\n\u003cli\u003eThe difference between Maintainers and Contributors\u003c/li\u003e\n\u003cli\u003eIt covers some of the reasons people do not open up their code, and other common problems people run into:\n\n\u003cul\u003e\n\u003cli\u003e“I\u0026#39;m embarrassed by my code” (Hint: so is everyone else, post it anyway, it is the best way to learn)\u003c/li\u003e\n\u003cli\u003e“I\u0026#39;m discouraged that I can\u0026#39;t finish releases on time”\u003c/li\u003e\n\u003cli\u003e“I\u0026#39;m overwhelmed by the PR backlog”\u003c/li\u003e\n\u003cli\u003e“I\u0026#39;m frustrated when issues turn into flamewars”\u003c/li\u003e\n\u003cli\u003e“I\u0026#39;m overcommitted on my open source involvement”\u003c/li\u003e\n\u003cli\u003e“I feel all alone”\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eEach of those points is met with advice and possible solutions\u003c/li\u003e\n\u003cli\u003eSo, there you have it. Open up your code, or join an existing project and help maintain it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.hostingadvice.com/blog/freebsd-project-under-the-hood/\" rel=\"nofollow\"\u003eFreeBSD Committer Allan Jude Discusses the Advantages of FreeBSD and His Role in Keeping Millions of Servers Running\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e An interesting twist on our normal news-stories today, we have an article featuring our very own Allan Jude, talking about why FreeBSD and the advantages of working on an open-source project.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“When Allan started his own company hosting websites for video streaming, FreeBSD was the only operating system he had previously used with other hosts. Based on his experience and comfort with it, he trusted the system with the future of his budding business.A decade later, the former-SysAdmin went to a conference focused on the open-source operating system, where he ran into some of the folks on its documentation team. “They inspired me,” he told our team in a recent chat. He began writing documentation but soon wanted to contribute improvements beyond the docs.Today, Allan sits as a FreeBSD Project Committer. It’s rare that you get to chat with someone involved with a massive-scale open-source project like this — rare and awesome.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom there Allan goes into some of the reasons “Why” FreeBSD, starting with Code Organization being well-maintained and documented:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“The FreeBSD Project functions like an extremely well-organized world all its own. Allan explained the environment: “There’s a documentation page that explains how the file system’s laid out and everything has a place and it always goes in that place.””\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn addition, Allan gives us some insight into his work to bring Boot-Environments to the loader, and other reasons why FreeBSD “just makes sense”\u003c/li\u003e\n\u003cli\u003eIn summary Allan wraps it up quite nicely:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e“An important take-away is that you don’t have to be a major developer with tons of experience to make a difference in the project,” Allan said — and the difference that devs like Allan are making is incredible. If you too want to submit the commit that contributes to the project relied on by millions of web servers, there are plenty of ways to get involved!\u003c/p\u003e\n\n\u003cp\u003eWe’re especially talking to SysAdmins here, as Allan noted that they are the main users of FreeBSD. “Having more SysAdmins involved in the actual build of the system means we can offer the tools they’re looking for — designed the way a SysAdmin would want them designed, not necessarily the way a developer would think makes the most sense”\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/07/03/poudriere-in-bhyve-and-bare-metal.html\" rel=\"nofollow\"\u003eA guide to saving electricity and time with poudriere and bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“This article goes over running poudriere to built packages for a Raspberry Pi with the interesting twist of running it both as a bhyve guest and then switching to running on bare metal via Fiber Channel via ctld by sharing the same ZFS volume.”\u003c/li\u003e\n\u003cli\u003e“Firstly, poudriere can build packages for different architectures such as ARM. This can save hours of build time compared to building ports from said ARM device.”\u003c/li\u003e\n\u003cli\u003e“Secondly, let’s say a person has an always-on device (NAS) running FreeBSD. To save power, this device has a CPU with a low clock-rate and low core count. This low clock-rate and core count is great for saving power but terrible for processor intensive application such as poudriere. Let’s say a person also has another physical server with fast processors and a high CPU count but draws nearly twice the power and a fan noise to match.”\u003c/li\u003e\n\u003cli\u003e“To get the best of both worlds, the goal is to build the packages on the fast physical server, power it down, and then start the same ZFS volume in a bhyve environment to serve packages from the always-on device.”\u003c/li\u003e\n\u003cli\u003eThe tutorial walks through setting up ‘ahost’, the always on machine, ‘fhost’ the fast but noisy build machine, and a raspberry pi\u003c/li\u003e\n\u003cli\u003eIt also includes creating a zvol, configuring iSCSI over fibre channel and exporting the zvol, booting an iSCSI volume in bhyve, plus installing and setting up poudriere\u003c/li\u003e\n\u003cli\u003eThis it configures booting over fibre channel, and cross-building armv6 (raspberry pi) packages on the fast build machine\u003c/li\u003e\n\u003cli\u003eThen the fast machine is shut down, and the zvol is booted in bhyve on the NAS\u003c/li\u003e\n\u003cli\u003eEverything you need to know to make a hybrid physical/virtual machine\u003c/li\u003e\n\u003cli\u003eThe same setup could also work to run the same bhyve VM from either ahost or fhost\u003c/li\u003e\n\u003cli\u003ebhyve does not yet support live migration, but when it does, having common network storage like the zvol will be an important part of that\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Michael Dexter - \u003ca href=\"mailto:editor@callfortesting.org\" rel=\"nofollow\"\u003eeditor@callfortesting.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/michaeldexter\" rel=\"nofollow\"\u003e@michaeldexter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe RoloDexter\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eiXSystems\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=FFbdQ_05e-0\" rel=\"nofollow\"\u003eChildren\u0026#39;s Minnesota Star Studio Chooses iXsystems\u0026#39; TrueNAS Storage\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/wp-content/uploads/2016/06/FreeBSD-Foundation-June-2016-Update.pdf\" rel=\"nofollow\"\u003eFreeBSD Foundation June 2016 Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD Foundation’s June newsletter is out\u003c/li\u003e\n\u003cli\u003eMake sure you submit the \u003ca href=\"https://www.surveymonkey.com/r/freebsd2016\" rel=\"nofollow\"\u003eFreeBSD Community Survey\u003c/a\u003e by July 7th:\u003c/li\u003e\n\u003cli\u003eIn addition to the opening message from the executive director of the foundation, the update includes details to sponsored work on the FreeBSD VM system, reports from a number of conferences the Foundation attended, including BSDCan\u003c/li\u003e\n\u003cli\u003eThe results of the foundation\u0026#39;s yearly board meeting\u003c/li\u003e\n\u003cli\u003ePeople the foundation recognized for their contributions to FreeBSD at BSDCan\u003c/li\u003e\n\u003cli\u003eAnd an introduction to their new “Getting Started with FreeBSD” project\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.all-nettools.com/forum/showthread.php?34422-Building-the-FreeBSD-OS-from-scratch\" rel=\"nofollow\"\u003e[How-To] Building the FreeBSD OS from scratch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA tutorial over at the All-NetTools.com forums that walks through building FreeBSD from scratch\u003c/li\u003e\n\u003cli\u003eI am not sure why anyone would want to build Xorg from source, but you can\u003c/li\u003e\n\u003cli\u003eIt covers everything in quite a bit of detail, from the installation process through adding Xorg and a window manager from source\u003c/li\u003e\n\u003cli\u003eIt also includes tweaking some device node permissions for easier operation as a non-root user, and configuring the firewall\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://doc.cat-v.org/bell_labs/transparent_wsys/\" rel=\"nofollow\"\u003eWindow Systems Should Be Transparent\u003c/a\u003e + Rob Pike of AT\u0026amp;T Labs writes about why Window Systems should be transparent\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is an old paper (undated, but I think from the late 80s), but may contain some timeless insights\u003c/li\u003e\n\u003cli\u003e“UNIX window systems are unsatisfactory. Because they are cumbersome and complicated, they are unsuitable companions for an operating system that is appreciated for its technical elegance”\u003c/li\u003e\n\u003cli\u003e“A good interface should clarify the view, not obscure it”\u003c/li\u003e\n\u003cli\u003e“Mux is one window system that is popular and therefore worth studying as an example of good design. (It is not commercially important because it runs only on obsolete hardware.) This paper uses mux as a case study to illustrate some principles that can help keep a user interface simple, comfortable, and unobtrusive. When designing their products, the purveyors of commercial window systems should keep these principles in mind.”\u003c/li\u003e\n\u003cli\u003eThere are not many commercial window systems anymore, but “open source” was not really a big thing when this paper was written\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://permalink.gmane.org/gmane.comp.standards.posix.austin.general/12877\" rel=\"nofollow\"\u003eRoger Faulkner, of Solaris fame passed away \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“RIP Roger Faulkner: creator of the One and True /proc, slayer of the M-to-N threading model -- and the godfather of post-AT\u0026amp;T Unix”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/bcantrill/status/750442169807171584\" rel=\"nofollow\"\u003e@bcantrill: Another great Roger Faulkner story \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://news.ycombinator.com/item?id=4306515\" rel=\"nofollow\"\u003eThe story of how pgrep -w saved a monitor -- if not a life\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/bcantrill/status/750442169807171584\" rel=\"nofollow\"\u003e@bcantrill: With Roger Faulkner, Tim led an engineering coup inside Sun that saved Solaris circa 2.5\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits:\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2016-June/084843.html\" rel=\"nofollow\"\u003eDeveloper Ed Maste is requesting information from those who are users of libvgl.\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-June/249748.html\" rel=\"nofollow\"\u003eHEADS UP: DragonFly 4.5 world reneeds rebuilding\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://blog.pfsense.org/?p=2095\" rel=\"nofollow\"\u003eChris Buechler is leaving the pfSense project, the entire community thanks you for your many years of service \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://ghostbsd.org/10.3_BETA1\" rel=\"nofollow\"\u003eGhostBSD 10.3-BETA1 now available\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-June/500671.html\" rel=\"nofollow\"\u003eDragonFlyBSD adds nvmectl\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://opnsense.org/opnsense-16-1-18-released/\" rel=\"nofollow\"\u003eOPNsense 16.1.18 released\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=302332\" rel=\"nofollow\"\u003ebhyve_graphics hit CURRENT\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBUG Update\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/freebsdcentral/status/750053703420350465\" rel=\"nofollow\"\u003eFreeBSD Central Twitter account looking for a new owner\u003c/a\u003e  \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2016-July/016732.html\" rel=\"nofollow\"\u003eNYCBUG meeting : Meet the Smallest BSDs: RetroBSD and LiteBSD, Brian Callahan\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2016-June/016694.html\" rel=\"nofollow\"\u003eNYCBUG install fest @ HOPE\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/semibug/2016-June/000107.html\" rel=\"nofollow\"\u003eSemiBUG is looking for presentations for September and beyond\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://knoxbug.org/content/2016-07-26\" rel=\"nofollow\"\u003eCaleb Cooper is giving a talk on Crytpo at KnoxBUG on July 26th\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/vvASr64P\" rel=\"nofollow\"\u003e Leif - ZFS xfer \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/SznQHq7n\" rel=\"nofollow\"\u003e Zach - Python3\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/qkpjKEr0\" rel=\"nofollow\"\u003e Dave - Versioning\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/yr7BUmv2\" rel=\"nofollow\"\u003e David - Encrypted Disk Images\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/xby81NvC\" rel=\"nofollow\"\u003e Eli - TLF in all the wrong places\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Today on the show, we are going to be chatting with Michael Dexter about a variety of topics, but of course including bhyve! That plus","date_published":"2016-07-06T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/24138cd0-e03d-4871-a6b5-6c78f13bd631.mp3","mime_type":"audio/mpeg","size_in_bytes":84439828,"duration_in_seconds":8443}]},{"id":"47c069f8-5392-4497-a727-c0cb0b4eb050","title":"148: The place to B...A Robot!","url":"https://www.bsdnow.tv/148","content_text":"This week on the show, Allan and I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u0026gt;\n\n\n\nHeadlines\n\nFreeBSD Core Team Election\n\n\nCore.9 has been elected, and will officially take over from Core.8 on Wednesday, 6 July 2016\nMany thanks to the outgoing members of the core team for their service over the last 2 years\n214 out of 325 eligible voters (65.8%) cast their votes in an election counting 14 candidates.\nThe top nine candidates are, in descending order of votes received:\n   180    84.1%    Ed Maste (incumbent)\n   176    82.2%    George V. Neville-Neil (incumbent)\n   171    79.9%    Baptiste Daroussin (incumbent)\n   168    78.5%    John Baldwin\n   166    77.6%    Hiroki Sato (incumbent)\n   147    68.7%    Allan Jude\n   132    61.7%    Kris Moore\n   121    56.5%    Benedict Reuschling\n   108    50.5%    Benno Rice\nThere was no tie for ninth.\nBSDNow and the entire community would also like to extend their thanks to all those who stood for election to the core team\nNext week’s core meeting will encompass the members of Core.8 and Core.9, as responsibility for any outstanding items will be passed from outgoing members of core to the new incoming members\n***\n\n\nWhy I run OpenBSD\n\n\nThis week we have a good article / blog post talking about why the posted has moved to OpenBSD from Linux. \n\n\n\n“One thing I learned during my travels between OSs: consistency is everything.\n\nMost operating systems seem to, at least, keep a consistent interface between themselves and binaries / applications. They do this by keeping consistent APIs (Application Programming Interfaces) and ABIs (Application Binary Interfaces). If you take a binary from a really old version of Linux and run or build it on a brand-spanking new install of Linux, it will likely Just Work™. This is great for applications and developers of applications. Vendors can build binaries for distribution and worry less about their product working when it gets out in the wild (sure this binary built in 2016 will run on RedHat AS2.1!!).“\n\n\n\nThe author then goes through another important part of the consistency argument, with what he calls “UPI” or “User Program Interfaces”. In other words, while the ABI may be stable, what about the end-user tooling that the user directly has to interact with on a daily basis?\n\n\n\n“This inconsistency seems to have come to be when Linux started getting wireless support. For some reason someone (vendors, maybe?) decided that ifconfig wasn’t a good place to let users interact with their wireless device. Maybe they felt their device was special? Maybe there were technical reasons? The bottom line is, someone decided to create a new utility to manage a wireless device… and then another one came along… pretty soon there was iwconfig(8), iw(8), ifconfig(8), some funky thing that let windows drivers interface with Linux.. and one called ip(8) I am sure there are others I am forgetting, but I prefer to forget. I have moved onto greener pastures and the knowledge of these programs no longer serves me.”\n\n\n\nThe article then goes through the rundown of how he evaluated the various BSD’s and ultimately settled on OpenBSD:\n\n\n\n“OpenBSD won the showdown. It was the most complete, simple, and coherent system. The documentation was thorough, the code was easy to follow \nand understand.\nIt had one command to configure all of the network interfaces!\nI didn’t have wireless, but I was able to find a cheap USB adapter that worked by simply running man -k wireless and reading about the USB \nentries.\nIt didn’t have some of the applications I use regularly, so I started reading about ports (intuitively, via man ports!).”\n\n\n\n\nThe ultimate NetBSD Router\n\n\n“So yesterday I spent the day setting up a new firewall at home here, based off of this BSD Now tutorial. Having set up a couple of OpenBSD routers before, either based on old laptops, bulky old power-sucking desktops or completely over-specced machines like the Intel NUC, I wanted to get some kind of BSD onto a low-powered ARM board and use that instead.”\n“I've had a couple of Cubietrucks lying around for a while now, I've used them in a couple of art installations, running Debian and Pure Data, but over all they've been a bit disappointing. It's more the manufacturer's fault but they require blobs for the graphics and audio, which Debian won't allow, so as a multimedia board they're dud for video, and only passable for audio work with a usb sound card. So they've been collecting dust.”\n“Only thing missing is a second NIC, luckily I had an Apple USB-\u0026gt;Ethernet dongle lying around, which when I bought it was the cheapest thing I could find on eBay that OpenBSD definitely supported. There, and on NetBSD, it's supported by the axe(4) driver. USB 2.0 works fine for me as I live in Australia and my ISP can only give me 30Mbps, so this should do for the forseeable future.”\n\n\nThe article then walks through installing and configuring NetBSD\nConfiguration includes: pf, unbound, and dhcpd\n“This project has been really fun, I started with basically no experience with NetBSD and have finished with a really useful, low-powered and robust appliance. It's a testament to the simplicity of the NetBSD system, and the BSD design principles in general, that such a novice as myself could figure this out. The NetBSD project has easily the most polished experience on Allwinner ARM boards, even Debian doesn't make it this easy. It's been a joy running the system, it has the bits I love from OpenBSD; ksh(1), tmux(1), an http daemon in base and of course, pf(4). This is mixed with some of the pragmatism I see in FreeBSD; a willingness to accept blobs if that really is the only way to boot, or get audio, or a video console.”\n***\n\n\n\nbhyve-Bootable Boot Environments\n\n\nWe have a lengthy article also today from our friend Michael Dexter, who asks the basic question “What if multibooting and OS upgrades weren't horrible?”\nNo doubt if you’ve been a frequent listener to this show, you’ve heard Allan or Myself talking about ZFS Boot Environments, and how they can “change your life”.\nWell today Michael goes further into detail on how the BE’s work, and how they can be leveraged to do neat things, like installing other versions of an operating system from the original running system.\n\n\n\n“If you are reading this, you have probably used a personal computer with a BSD or GNU/Linux operating system and at some point attempted to multiboot between multiple operating systems on the same computer. This goal is typically attempted with complex disk partitioning and a BSD or GNU/Linux boot loader like LILO or GRUB, plus several hours of frustrating experimentation and perhaps data loss. While exotic OS experimentation has driven my virtualization work since the late 1990s, there are very pragmatic reasons for multibooting the same OS on the same hardware, notable for updates and failback to \"known good\" versions. To its credit, FreeBSD has long had various strategies including the NanoBSD embedded system framework with primary and secondary root partitions, plus the nextboot(8) utility for selecting the \"next\" kernel with various boot parameters. Get everything set correctly and you can multiboot \"with impunity\".\n\n“That's a good start, and over time we have seen ZFS \"boot environments\" be used by PC-BSD and FreeNAS to allow for system updates that allow one to fall back to previous versions should something go wrong. Hats off to these efforts but they exist in essentially purpose-built appliance environments. I have long sensed that there is more fun to be had here and a wonderful thing happened with FreeBSD 10.3 and 11.0: Allan Jude added a boot environment menu to the FreeBSD loader”\n\n\n\nFrom here Michael takes us through the mechanical bits of actually creating a new ZFS dataset (BE) and performing a fresh FreeBSD 10.3 installation into this new boot-environment. \nThe twist comes at the end, where he next sets up the BE to be a root NFS for booting in bhyve! This is interesting and gives you a way to test booting into your new environment via a VM, before rebooting the host directly into it.\n***\n\n\nInterview - Edicarla Andrade \u0026amp; Vinícius Zavam - @egypcio\n\n\nBSD-Powered Robots\n\n\n\n\nNews Roundup\n\nTomohiro Kasumi explains what “@@” means, in the context of the Hammer filesystem\n\n\nA post from the Dragonfly users’ mailing list about what the @@ construct means in the Hammer filesystem\n“@@ represents the existence of a PFS which is logically separated pseudo filesystem space within HAMMER's B-Tree”\n“HAMMER only has 1 large B-Tree per filesystem (not per PFS), so all the PFS exist within that single B-Tree. PFS are separated by localization parameter which is one of the B-Tree keys used to lookup the tree.”\nEach substring in \"@@-1:00001\" means:\n\n\n\"@@\" means it's a PFS or snapshot.\n\"-1\" means it's a master.\n\":\" is just a separator.\n\"00001\" means it's PFS#1, where PFS#0 is the default PFS created on newfs. There is no \"00000\" because that's what's mounted on /HAMMER. PFS# is used for localization parameter.\n\n“Localization parameter has the highest priority when inserting or looking up B-Tree elements, so fs elements that belong to the same PFS# tend to be localized (clustered) within the B-Tree”\nThere is also a note about how snapshots are named: \"@@0x00...\"\nA user points out that having : in the path can confuse some applications, such as in the case of adding the current directory or a relative path to the $PATH environment variable, which is a colon delimited list of paths\nThis seems quite a bit more confusing that the datasets created by ZFS, but they might have other useful properties\n***\n\n\nFreeBSD 11.0 nearing RC1\n\n\nWe’ve all been eagerly awaiting the pending release of FreeBSD 11.0, and the schedule has now been updated!\nThe first release candidate is slated for July 29th!\nIf all goes well (and we stick to schedule) there will be another RC2 and possible RC3 release, before 11.0 officially drops near the end of August.\nStart playing with those builds folks, be sure to send your feedback to the team to make this the best .0 release ever!\n***\n\n\nTensorFlow on FreeBSD\n\n\nNext we have a blog post about the experience of a “new” FreeBSD user trying to deploy some non-ported software to his new system.\nSpecifically he was interested in running TensorFlow, but not doing a port himself, because in his words: \n\n\n\n“First, I apologize for not supplying a port archive myself. After reading the FreeBSD handbook for creating a port, it's too complex of a task for me right now. I've only been using FreeBSD for two weeks. I would also not like to waste anyone's time giving them a terrible port archive and mess up their system.”\n\n\n\nFirst of all, good ports are often born out of bad ports! Don’t let the porting framework daunt you, give it a go, since that's the only way you are going to learn how to write “good” ports over time. The porters-handbook is a good first place to start, plus the community usually is very helpful in providing feedback.\nHe then walks us through the changes made to the TensorFlow code (starting with the assumption that OSX was a good “flavor” to begin porting from) and ultimately compiling. \nThis ends up with the creation of a pip package which works!\nA good tutorial, and also very similar to what goes on in the porting process. With this write-up perhaps somebody will take up creating a port of it… hint hint!\n***\n\n\nNetBSD: A New Beginning?\n\n\nWe don’t get enough NetBSD news at times, but this post by James Deagle talks about his adventure with NetBSD 7.0 and making it his “new beginning”\n\n\n\n“After a few months of traipsing around the worlds of SunOS and Linux, I'm back to NetBSD for what I hope will be a lengthy return engagement. And while I'm enamored of NetBSD for all the previously-mentioned reasons, I'm already thinking ahead to some problems to solve, some of which have also been mentioned before.”\n\n\n\nHe then goes through and lists some of the small nits he’s still running into during the daily workflow\nYouTube audio - Specifically he mentions that no audio is playing, but wonders if Flash plays some part. (Ideally you’re not using Flash though, in which case you need to check the audio backend FF is using. Try PulseAudio since it seems the best supported. If pulse is already enabled, install ‘pavucontrol’ to make sure audio is playing to the correct sound device)\nSlow gaming performance (TuxKart and Celestia) - Check DRI / Xorg? Or is it CPU bound?\nLastly some unspecified Wireless issues, which typically end up being driver related. (Or use another chipset)\n\n\n\n\nBeastie Bits\n\n\nReproducible NetBSD?  77.7% of the way there \nCreate FreeBSD virtual machine using qemu. Run the VM using xhyve. \nFreeBSD PowerPC 32bit pkg repository (unofficial). ~19,500 packages, more to come \nNetBSD machines at Open Source Conference 2016 Gunma \nAdam Leventhal (of ZFS and DTrace) does an analysis of APFS  \nSemiBug June meeting summary \nKnoxBug Meeting\n\n\n\n\nFeedback/Questions\n\n\n Andrew - iocage  \n Florian - Arm + GitHub \n Clint - Synth \n Leonardo - Translations \n Zachary - Moving things to VMs \n***\n","content_html":"\u003cp\u003eThis week on the show, Allan and I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and \u003cbr\u003e\nStorage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/administration.html#t-core\" rel=\"nofollow\"\u003eFreeBSD Core Team Election\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCore.9 has been elected, and will officially take over from Core.8 on Wednesday, 6 July 2016\u003c/li\u003e\n\u003cli\u003eMany thanks to the outgoing members of the core team for their service over the last 2 years\u003c/li\u003e\n\u003cli\u003e214 out of 325 eligible voters (65.8%) cast their votes in an election counting 14 candidates.\u003c/li\u003e\n\u003cli\u003eThe top nine candidates are, in descending order of votes received:\u003c/li\u003e\n\u003cli\u003e   180    84.1%    Ed Maste (incumbent)\u003c/li\u003e\n\u003cli\u003e   176    82.2%    George V. Neville-Neil (incumbent)\u003c/li\u003e\n\u003cli\u003e   171    79.9%    Baptiste Daroussin (incumbent)\u003c/li\u003e\n\u003cli\u003e   168    78.5%    John Baldwin\u003c/li\u003e\n\u003cli\u003e   166    77.6%    Hiroki Sato (incumbent)\u003c/li\u003e\n\u003cli\u003e   147    68.7%    Allan Jude\u003c/li\u003e\n\u003cli\u003e   132    61.7%    Kris Moore\u003c/li\u003e\n\u003cli\u003e   121    56.5%    Benedict Reuschling\u003c/li\u003e\n\u003cli\u003e   108    50.5%    Benno Rice\u003c/li\u003e\n\u003cli\u003eThere was no tie for ninth.\u003c/li\u003e\n\u003cli\u003eBSDNow and the entire community would also like to extend their thanks to all those who stood for election to the core team\u003c/li\u003e\n\u003cli\u003eNext week’s core meeting will encompass the members of Core.8 and Core.9, as responsibility for any outstanding items will be passed from outgoing members of core to the new incoming members\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://deftly.net/posts/2016-05-31-why-i-run-openbsd.html\" rel=\"nofollow\"\u003eWhy I run OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis week we have a good article / blog post talking about why the posted has moved to OpenBSD from Linux. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“One thing I learned during my travels between OSs: consistency is everything.\u003c/p\u003e\n\n\u003cp\u003eMost operating systems seem to, at least, keep a consistent interface between themselves and binaries / applications. They do this by keeping consistent APIs (Application Programming Interfaces) and ABIs (Application Binary Interfaces). If you take a binary from a really old version of Linux and run or build it on a brand-spanking new install of Linux, it will likely Just Work™. This is great for applications and developers of applications. Vendors can build binaries for distribution and worry less about their product working when it gets out in the wild (sure this binary built in 2016 will run on RedHat AS2.1!!).“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author then goes through another important part of the consistency argument, with what he calls “UPI” or “User Program Interfaces”. In other words, while the ABI may be stable, what about the end-user tooling that the user directly has to interact with on a daily basis?\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“This inconsistency seems to have come to be when Linux started getting wireless support. For some reason someone (vendors, maybe?) decided that ifconfig wasn’t a good place to let users interact with their wireless device. Maybe they felt their device was special? Maybe there were technical reasons? The bottom line is, someone decided to create a new utility to manage a wireless device… and then another one came along… pretty soon there was iwconfig(8), iw(8), ifconfig(8), some funky thing that let windows drivers interface with Linux.. and one called ip(8) I am sure there are others I am forgetting, but I prefer to forget. I have moved onto greener pastures and the knowledge of these programs no longer serves me.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article then goes through the rundown of how he evaluated the various BSD’s and ultimately settled on OpenBSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“OpenBSD won the showdown. It was the most complete, simple, and coherent system. The documentation was thorough, the code was easy to follow \u003cbr\u003e\nand understand.\u003cbr\u003e\nIt had one command to configure all of the network interfaces!\u003cbr\u003e\nI didn’t have wireless, but I was able to find a cheap USB adapter that worked by simply running man -k wireless and reading about the USB \u003cbr\u003e\nentries.\u003cbr\u003e\nIt didn’t have some of the applications I use regularly, so I started reading about ports (intuitively, via man ports!).”\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.tbrodel.me/2016/#netbsd-router\" rel=\"nofollow\"\u003eThe ultimate NetBSD Router\u003c/a\u003e\u003c/h3\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“So yesterday I spent the day setting up a new firewall at home here, based off of this BSD Now tutorial. Having set up a couple of OpenBSD routers before, either based on old laptops, bulky old power-sucking desktops or completely over-specced machines like the Intel NUC, I wanted to get some kind of BSD onto a low-powered ARM board and use that instead.”\u003cbr\u003e\n“I\u0026#39;ve had a couple of Cubietrucks lying around for a while now, I\u0026#39;ve used them in a couple of art installations, running Debian and Pure Data, but over all they\u0026#39;ve been a bit disappointing. It\u0026#39;s more the manufacturer\u0026#39;s fault but they require blobs for the graphics and audio, which Debian won\u0026#39;t allow, so as a multimedia board they\u0026#39;re dud for video, and only passable for audio work with a usb sound card. So they\u0026#39;ve been collecting dust.”\u003cbr\u003e\n“Only thing missing is a second NIC, luckily I had an Apple USB-\u0026gt;Ethernet dongle lying around, which when I bought it was the cheapest thing I could find on eBay that OpenBSD definitely supported. There, and on NetBSD, it\u0026#39;s supported by the axe(4) driver. USB 2.0 works fine for me as I live in Australia and my ISP can only give me 30Mbps, so this should do for the forseeable future.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article then walks through installing and configuring NetBSD\u003c/li\u003e\n\u003cli\u003eConfiguration includes: pf, unbound, and dhcpd\n“This project has been really fun, I started with basically no experience with NetBSD and have finished with a really useful, low-powered and robust appliance. It\u0026#39;s a testament to the simplicity of the NetBSD system, and the BSD design principles in general, that such a novice as myself could figure this out. The NetBSD project has easily the most polished experience on Allwinner ARM boards, even Debian doesn\u0026#39;t make it this easy. It\u0026#39;s been a joy running the system, it has the bits I love from OpenBSD; ksh(1), tmux(1), an http daemon in base and of course, pf(4). This is mixed with some of the pragmatism I see in FreeBSD; a willingness to accept blobs if that really is the only way to boot, or get audio, or a video console.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://callfortesting.org/bhyve-boot-environments/\" rel=\"nofollow\"\u003ebhyve-Bootable Boot Environments\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a lengthy article also today from our friend Michael Dexter, who asks the basic question “What if multibooting and OS upgrades weren\u0026#39;t horrible?”\u003c/li\u003e\n\u003cli\u003eNo doubt if you’ve been a frequent listener to this show, you’ve heard Allan or Myself talking about ZFS Boot Environments, and how they can “change your life”.\u003c/li\u003e\n\u003cli\u003eWell today Michael goes further into detail on how the BE’s work, and how they can be leveraged to do neat things, like installing other versions of an operating system from the original running system.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“If you are reading this, you have probably used a personal computer with a BSD or GNU/Linux operating system and at some point attempted to multiboot between multiple operating systems on the same computer. This goal is typically attempted with complex disk partitioning and a BSD or GNU/Linux boot loader like LILO or GRUB, plus several hours of frustrating experimentation and perhaps data loss. While exotic OS experimentation has driven my virtualization work since the late 1990s, there are very pragmatic reasons for multibooting the same OS on the same hardware, notable for updates and failback to \u0026quot;known good\u0026quot; versions. To its credit, FreeBSD has long had various strategies including the NanoBSD embedded system framework with primary and secondary root partitions, plus the nextboot(8) utility for selecting the \u0026quot;next\u0026quot; kernel with various boot parameters. Get everything set correctly and you can multiboot \u0026quot;with impunity\u0026quot;.\u003c/p\u003e\n\n\u003cp\u003e“That\u0026#39;s a good start, and over time we have seen ZFS \u0026quot;boot environments\u0026quot; be used by PC-BSD and FreeNAS to allow for system updates that allow one to fall back to previous versions should something go wrong. Hats off to these efforts but they exist in essentially purpose-built appliance environments. I have long sensed that there is more fun to be had here and a wonderful thing happened with FreeBSD 10.3 and 11.0: Allan Jude added a boot environment menu to the FreeBSD loader”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom here Michael takes us through the mechanical bits of actually creating a new ZFS dataset (BE) and performing a fresh FreeBSD 10.3 installation into this new boot-environment. \u003c/li\u003e\n\u003cli\u003eThe twist comes at the end, where he next sets up the BE to be a root NFS for booting in bhyve! This is interesting and gives you a way to test booting into your new environment via a VM, before rebooting the host directly into it.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Edicarla Andrade \u0026amp; Vinícius Zavam - \u003ca href=\"https://twitter.com/egypcio\" rel=\"nofollow\"\u003e@egypcio\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD-Powered Robots\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-June/249717.html\" rel=\"nofollow\"\u003eTomohiro Kasumi explains what “@@” means, in the context of the Hammer filesystem\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA post from the Dragonfly users’ mailing list about what the @@ construct means in the Hammer filesystem\u003c/li\u003e\n\u003cli\u003e“@@ represents the existence of a PFS which is logically separated pseudo filesystem space within HAMMER\u0026#39;s B-Tree”\u003c/li\u003e\n\u003cli\u003e“HAMMER only has 1 large B-Tree per filesystem (not per PFS), so all the PFS exist within that single B-Tree. PFS are separated by localization parameter which is one of the B-Tree keys used to lookup the tree.”\u003c/li\u003e\n\u003cli\u003eEach substring in \u0026quot;@@-1:00001\u0026quot; means:\n\n\u003col\u003e\n\u003cli\u003e\u0026quot;@@\u0026quot; means it\u0026#39;s a PFS or snapshot.\u003c/li\u003e\n\u003cli\u003e\u0026quot;-1\u0026quot; means it\u0026#39;s a master.\u003c/li\u003e\n\u003cli\u003e\u0026quot;:\u0026quot; is just a separator.\u003c/li\u003e\n\u003cli\u003e\u0026quot;00001\u0026quot; means it\u0026#39;s PFS#1, where PFS#0 is the default PFS created on newfs. There is no \u0026quot;00000\u0026quot; because that\u0026#39;s what\u0026#39;s mounted on /HAMMER. PFS# is used for localization parameter.\u003c/li\u003e\n\u003c/ol\u003e\u003c/li\u003e\n\u003cli\u003e“Localization parameter has the highest priority when inserting or looking up B-Tree elements, so fs elements that belong to the same PFS# tend to be localized (clustered) within the B-Tree”\u003c/li\u003e\n\u003cli\u003eThere is also a note about how snapshots are named: \u0026quot;@@0x00...\u0026quot;\u003c/li\u003e\n\u003cli\u003eA user points out that having : in the path can confuse some applications, such as in the case of adding the current directory or a relative path to the $PATH environment variable, which is a colon delimited list of paths\u003c/li\u003e\n\u003cli\u003eThis seems quite a bit more confusing that the datasets created by ZFS, but they might have other useful properties\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/11.0R/schedule.html\" rel=\"nofollow\"\u003eFreeBSD 11.0 nearing RC1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve all been eagerly awaiting the pending release of FreeBSD 11.0, and the schedule has now been updated!\u003c/li\u003e\n\u003cli\u003eThe first release candidate is slated for July 29th!\u003c/li\u003e\n\u003cli\u003eIf all goes well (and we stick to schedule) there will be another RC2 and possible RC3 release, before 11.0 officially drops near the end of August.\u003c/li\u003e\n\u003cli\u003eStart playing with those builds folks, be sure to send your feedback to the team to make this the best .0 release ever!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ecc-comp.blogspot.com/2016/06/tensorflow-on-freebsd.html\" rel=\"nofollow\"\u003eTensorFlow on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext we have a blog post about the experience of a “new” FreeBSD user trying to deploy some non-ported software to his new system.\u003c/li\u003e\n\u003cli\u003eSpecifically he was interested in running TensorFlow, but not doing a port himself, because in his words: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“First, I apologize for not supplying a port archive myself. After reading the FreeBSD handbook for creating a port, it\u0026#39;s too complex of a task for me right now. I\u0026#39;ve only been using FreeBSD for two weeks. I would also not like to waste anyone\u0026#39;s time giving them a terrible port archive and mess up their system.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirst of all, good ports are often born out of bad ports! Don’t let the porting framework daunt you, give it a go, since that\u0026#39;s the only way you are going to learn how to write “good” ports over time. The porters-handbook is a good first place to start, plus the community usually is very helpful in providing feedback.\u003c/li\u003e\n\u003cli\u003eHe then walks us through the changes made to the TensorFlow code (starting with the assumption that OSX was a good “flavor” to begin porting from) and ultimately compiling. \u003c/li\u003e\n\u003cli\u003eThis ends up with the creation of a pip package which works!\u003c/li\u003e\n\u003cli\u003eA good tutorial, and also very similar to what goes on in the porting process. With this write-up perhaps somebody will take up creating a port of it… hint hint!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://jamesdeagle.blogspot.ca/2016/06/netbsd-new-beginning.html\" rel=\"nofollow\"\u003eNetBSD: A New Beginning?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe don’t get enough NetBSD news at times, but this post by James Deagle talks about his adventure with NetBSD 7.0 and making it his “new beginning”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“After a few months of traipsing around the worlds of SunOS and Linux, I\u0026#39;m back to NetBSD for what I hope will be a lengthy return engagement. And while I\u0026#39;m enamored of NetBSD for all the previously-mentioned reasons, I\u0026#39;m already thinking ahead to some problems to solve, some of which have also been mentioned before.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eHe then goes through and lists some of the small nits he’s still running into during the daily workflow\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eYouTube audio - Specifically he mentions that no audio is playing, but wonders if Flash plays some part. (Ideally you’re not using Flash though, in which case you need to check the audio backend FF is using. Try PulseAudio since it seems the best supported. If pulse is already enabled, install ‘pavucontrol’ to make sure audio is playing to the correct sound device)\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSlow gaming performance (TuxKart and Celestia) - Check DRI / Xorg? Or is it CPU bound?\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eLastly some unspecified Wireless issues, which typically end up being driver related. (Or use another chipset)\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://reproducible.debian.net/netbsd/netbsd.html\" rel=\"nofollow\"\u003eReproducible NetBSD?  77.7% of the way there\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://gist.github.com/zg/38a3afa112ddf7de4912aafc249ec82f\" rel=\"nofollow\"\u003eCreate FreeBSD virtual machine using qemu. Run the VM using xhyve.\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://joshcummings.net/pub/FreeBSD\" rel=\"nofollow\"\u003eFreeBSD PowerPC 32bit pkg repository (unofficial). ~19,500 packages, more to come\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2016/05/16/msg000706.html\" rel=\"nofollow\"\u003eNetBSD machines at Open Source Conference 2016 Gunma\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/\" rel=\"nofollow\"\u003eAdam Leventhal (of ZFS and DTrace) does an analysis of APFS \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/semibug/2016-June/000106.html\" rel=\"nofollow\"\u003eSemiBug June meeting summary\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://knoxbug.org/content/2016-07-26\" rel=\"nofollow\"\u003eKnoxBug Meeting\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/nuYTzaG6\" rel=\"nofollow\"\u003e Andrew - iocage \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/PzY68hNS\" rel=\"nofollow\"\u003e Florian - Arm + GitHub\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/JESGZjLu\" rel=\"nofollow\"\u003e Clint - Synth\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/b4LAiPs4\" rel=\"nofollow\"\u003e Leonardo - Translations\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/VRc8fvBk\" rel=\"nofollow\"\u003e Zachary - Moving things to VMs\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, Allan and I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive","date_published":"2016-06-29T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/47c069f8-5392-4497-a727-c0cb0b4eb050.mp3","mime_type":"audio/mpeg","size_in_bytes":75272404,"duration_in_seconds":6272}]},{"id":"5d5709eb-d443-4e84-bf66-b521e3b7c5eb","title":"147: Release all the things!","url":"https://www.bsdnow.tv/147","content_text":"On this episode of BSDNow, we will be talking to Glen Barber and Peter Wemm of the FreeBSD RE and Cluster Admin teams! That plus our\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u0026gt;\n\n\n\nHeadlines\n\n2016 FreeBSD Community Survey\n\n\nWe often get comments from our listeners, “I’m not a developer, how can I help out”?\nWell today is your chance to do something. The FreeBSD Foundation has its 2016 Community Survey online, where they are asking for feedback from \nyou!\nI just did the survey, it’ll take you about 5 minutes, but gives you a chance to provide valuable feedback to the foundation about things that \nare important to you.\nBe sure to answer in as much detail as possible and the foundation will review and use this feedback for its operations going forward.\n***\n\n\nART, OpenBSDs new routing table, single thread performances\n\n\nOpenBSD has changed the way routes are looked up in the kernel as part of their path to an SMP networking stack\nThe “Allotment Routing Table” (ART) is a performance tradeoff, where more memory is used to store the routing table, in exchange for faster \nlookups\nWith this new arrangement, a full BGP routing table will grow from 130MB to 180MB of memory\n“ART is a free multibit trie based routing table. To keep it simple, it can be seen as using more memory for fewer CPU cycles. In other words, \nwe get a faster lookup by wasting memory. The original paper presents some performance comparisons between \ntwo ART configurations and the BSD Radix. But how does this apply to OpenBSD?”\n“I asked Hrvoje Popovski to run his packet forwarding test on his Xeon box (E5-2620 v2 @ 2.10GHz, 2400.34 MHz) with ix(4) (82599) interfaces. \nThe test setup consist of three machines with the OpenBSD box in the middle”\n“The simulations have been performed with an OpenBSD -current from June 9th. The machine is configured with pf(4) disabled in order to force a \nsingle route lookup for every IPv4 packet. Based on the result of the lookup the kernel decide if it should forward, deliver or drop the packet”\n***\n\n\nBSDCan 2016 Playlist\n\n\nThe complete set of videos from BSDCan is online and ready to be consumed\nRemember the good-ole days where we would wait months (or years) to get videos posted from conferences?\nWell, who are we kidding, some conferences STILL do that, but we can’t count BSDCan among them. \nOnly two weeks out from this years exciting BSDCan, and all the videos have now landed on YouTube.\nGranted, this is no substitute for actually being at the conference, but even if you attended you probably missed quite a few of the talks.\nThere are no videos of the hallway track, which is the best part of the conference\nExcept the dinner discussion of course.\nand don’t forget the hacker lounge\n***\n\n\nShould you be scared of Unix signals?\n\n\nDo you know much about UNIX Signals?\nAre you afraid of their complexity? \nDo you know there are signals other than SIGKILL?\nThis article talks about the practical implications of signals from a programming perspective\nThe things you need to consider when dealing with signals\nBasically, you register a “signal handler”, the function that will be run when a signal arrives\nAs you program is running, if a signal arrives, your program will be interrupted. Its current state will be saved and any system calls in progress \nwill return EINTR (Error, Interrupted), then your signal handler will be run.\nOnce the signal handler is complete, the state of your application will be restored, and execution will resume\nAs long as your program properly handles this interruption, and errors that might result from it (getting EINTR from a read() call, instead of the \ndata you expected), then everything should be fine.\nOf course, you need to be careful what you do inside your signal handler, as if you modify any variables or state in your application, it might be \nvery confused when it resumes.\n***\n\n\nInterview - Glen and Peter-\n\n\n\nNews Roundup\n\nUnik - The Unikernel Compilation and Deployment Platform (uses NetBSD's Rump)\n\n\nWe’ve talked a bit about NetBSD’s RUMP (unikernel) in the past, including articles on how to deploy services using it.\nNow we have an interesting project which makes the process super-easy, and dare-we-say almost “Docker-Like?”\nThe Unik project has a fairly complete walkthrough right on their GitHub project page, including details on installation and creating your own \nunikernel containers. \nIn addition, it provides instructions on boot-strapping your own Go/Node.js/Python/Java applications, and supports out of Box VCenter / AWS / Qemu \n/ VirtualBox providers.\n***\n\n\nPkgSrc 50th Release Highlights\n\n\npkgsrc is celebrating its 50th release, and to highlight this, they have posted a series of interviews from people who have been active in the \nproject\npkgsrc 50th release interviews - Jonathan Perkin\npkgsrc 50th release interviews - Ryo ONODERA\npkgsrc 50th release interviews - Joerg Sonnenberg \npkgsrc 50th release interviews - Sevan Janiyan \n***\n\n\nMigrating to FreeBSD from Solaris 11\n\n\nPart 2 \nPart 3 \nPart 4 \nPart 5 \n***\n\n\nHow to chroot www/firefox on NetBSD\n\n\nLooking for a jail-like method of running FireFox on NetBSD? (Or possibly other BSDs?)\nWe have a github repo with details on how to setup and run FireFox using a chroot using a “webuser” account for safety. \nThink of this as a jail alternative, may be useful on systems with no jail support.\nOf interest is the method used to do X forwarding. It uses Xorg TCP listen option (which is often off by default for security reasons). Perhaps SSH \nX forwarding would be a better alternative. (Or nullfs mounts of /tmp)\n***\n\n\nBeastie Bits\n\n\nTredly - V1 Release Candidate\nCall for Testing - ypldap testing against OpenLDAP and Microsoft Active \nDirectory \nBSD Magazine, June 2016 Out Now\nHammer2 - Add xxhash to H2 and throw in debug stuff for performance \ntesting \nchyves pre-announcement \n***\n\n\nFeedback/Questions\n\n\n Michael - Versioning  \n Michael - Removing Encryption  \n Bostjan - PC-BSD Questions \n Fong - ZFS Rollback  \n Jochen - Docker on FBSD \n***\n","content_html":"\u003cp\u003eOn this episode of BSDNow, we will be talking to Glen Barber and Peter Wemm of the FreeBSD RE and Cluster Admin teams! That plus our\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and \u003cbr\u003e\nStorage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.surveymonkey.com/r/freebsd2016\" rel=\"nofollow\"\u003e2016 FreeBSD Community Survey\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe often get comments from our listeners, “I’m not a developer, how can I help out”?\u003c/li\u003e\n\u003cli\u003eWell today is your chance to do something. The FreeBSD Foundation has its 2016 Community Survey online, where they are asking for feedback from \nyou!\u003c/li\u003e\n\u003cli\u003eI just did the survey, it’ll take you about 5 minutes, but gives you a chance to provide valuable feedback to the foundation about things that \nare important to you.\u003c/li\u003e\n\u003cli\u003eBe sure to answer in as much detail as possible and the foundation will review and use this feedback for its operations going forward.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.grenadille.net/post/2016/06/17/ART-single-thread-performances\" rel=\"nofollow\"\u003eART, OpenBSDs new routing table, single thread performances\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has changed the way routes are looked up in the kernel as part of their path to an SMP networking stack\u003c/li\u003e\n\u003cli\u003eThe “Allotment Routing Table” (ART) is a performance tradeoff, where more memory is used to store the routing table, in exchange for faster \nlookups\u003c/li\u003e\n\u003cli\u003eWith this new arrangement, a full BGP routing table will grow from 130MB to 180MB of memory\u003c/li\u003e\n\u003cli\u003e“ART is a free multibit trie based routing table. To keep it simple, it can be seen as using more memory for fewer CPU cycles. In other words, \nwe get a faster lookup by wasting memory. The \u003ca href=\"http://www.hariguchi.org/art/art.pdf\" rel=\"nofollow\"\u003eoriginal paper\u003c/a\u003e presents some performance comparisons between \ntwo ART configurations and the BSD Radix. But how does this apply to OpenBSD?”\u003c/li\u003e\n\u003cli\u003e“I asked Hrvoje Popovski to run his packet forwarding test on his Xeon box (E5-2620 v2 @ 2.10GHz, 2400.34 MHz) with ix(4) (82599) interfaces. \nThe test setup consist of three machines with the OpenBSD box in the middle”\u003c/li\u003e\n\u003cli\u003e“The simulations have been performed with an OpenBSD -current from June 9th. The machine is configured with pf(4) disabled in order to force a \nsingle route lookup for every IPv4 packet. Based on the result of the lookup the kernel decide if it should forward, deliver or drop the packet”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLeF8ZihVdpFfoEV67dBSrKfA8ifpUr6qC\" rel=\"nofollow\"\u003eBSDCan 2016 Playlist\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe complete set of videos from BSDCan is online and ready to be consumed\u003c/li\u003e\n\u003cli\u003eRemember the good-ole days where we would wait months (or years) to get videos posted from conferences?\u003c/li\u003e\n\u003cli\u003eWell, who are we kidding, some conferences STILL do that, but we can’t count BSDCan among them. \u003c/li\u003e\n\u003cli\u003eOnly two weeks out from this years exciting BSDCan, and \u003cem\u003eall\u003c/em\u003e the videos have now landed on YouTube.\u003c/li\u003e\n\u003cli\u003eGranted, this is no substitute for actually being at the conference, but even if you attended you probably missed quite a few of the talks.\u003c/li\u003e\n\u003cli\u003eThere are no videos of the hallway track, which is the best part of the conference\u003c/li\u003e\n\u003cli\u003eExcept the dinner discussion of course.\u003c/li\u003e\n\u003cli\u003eand don’t forget the hacker lounge\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://jvns.ca/blog/2016/06/13/should-you-be-scared-of-signals/\" rel=\"nofollow\"\u003eShould you be scared of Unix signals?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDo you know much about UNIX Signals?\u003c/li\u003e\n\u003cli\u003eAre you afraid of their complexity? \u003c/li\u003e\n\u003cli\u003eDo you know there are signals other than SIGKILL?\u003c/li\u003e\n\u003cli\u003eThis article talks about the practical implications of signals from a programming perspective\u003c/li\u003e\n\u003cli\u003eThe things you need to consider when dealing with signals\u003c/li\u003e\n\u003cli\u003eBasically, you register a “signal handler”, the function that will be run when a signal arrives\u003c/li\u003e\n\u003cli\u003eAs you program is running, if a signal arrives, your program will be interrupted. Its current state will be saved and any system calls in progress \nwill return EINTR (Error, Interrupted), then your signal handler will be run.\u003c/li\u003e\n\u003cli\u003eOnce the signal handler is complete, the state of your application will be restored, and execution will resume\u003c/li\u003e\n\u003cli\u003eAs long as your program properly handles this interruption, and errors that might result from it (getting EINTR from a read() call, instead of the \ndata you expected), then everything should be fine.\u003c/li\u003e\n\u003cli\u003eOf course, you need to be careful what you do inside your signal handler, as if you modify any variables or state in your application, it might be \nvery confused when it resumes.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Glen and Peter-\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/emc-advanced-dev/unik\" rel=\"nofollow\"\u003eUnik - The Unikernel Compilation and Deployment Platform (uses NetBSD\u0026#39;s Rump)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve talked a bit about NetBSD’s RUMP (unikernel) in the past, including articles on how to deploy services using it.\u003c/li\u003e\n\u003cli\u003eNow we have an interesting project which makes the process super-easy, and dare-we-say almost “Docker-Like?”\u003c/li\u003e\n\u003cli\u003eThe Unik project has a fairly complete walkthrough right on their GitHub project page, including details on installation and creating your own \nunikernel containers. \u003c/li\u003e\n\u003cli\u003eIn addition, it provides instructions on boot-strapping your own Go/Node.js/Python/Java applications, and supports out of Box VCenter / AWS / Qemu \n/ VirtualBox providers.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"\" rel=\"nofollow\"\u003ePkgSrc 50th Release Highlights\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003epkgsrc is celebrating its 50th release, and to highlight this, they have posted a series of interviews from people who have been active in the \nproject\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interviews_jonathan\" rel=\"nofollow\"\u003epkgsrc 50th release interviews - Jonathan Perkin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interviews_ryo\" rel=\"nofollow\"\u003epkgsrc 50th release interviews - Ryo ONODERA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interview_with\" rel=\"nofollow\"\u003epkgsrc 50th release interviews - Joerg Sonnenberg\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interviews_sevan\" rel=\"nofollow\"\u003epkgsrc 50th release interviews - Sevan Janiyan\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/02/28/migration-to-freebsd-part1.html\" rel=\"nofollow\"\u003eMigrating to FreeBSD from Solaris 11\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/03/12/migration-to-freebsd-part2.html\" rel=\"nofollow\"\u003ePart 2\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/03/19/migration-to-freebsd-part3.html\" rel=\"nofollow\"\u003ePart 3\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/03/26/migration-to-freebsd-part4.html\" rel=\"nofollow\"\u003ePart 4\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/04/03/migration-to-freebsd-part5.html\" rel=\"nofollow\"\u003ePart 5\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/alnsn/localpkgsrc/tree/master/firefox-chroot\" rel=\"nofollow\"\u003eHow to chroot www/firefox on NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for a jail-like method of running FireFox on NetBSD? (Or possibly other BSDs?)\u003c/li\u003e\n\u003cli\u003eWe have a github repo with details on how to setup and run FireFox using a chroot using a “webuser” account for safety. \u003c/li\u003e\n\u003cli\u003eThink of this as a jail alternative, may be useful on systems with no jail support.\u003c/li\u003e\n\u003cli\u003eOf interest is the method used to do X forwarding. It uses Xorg TCP listen option (which is often off by default for security reasons). Perhaps SSH \nX forwarding would be a better alternative. (Or nullfs mounts of /tmp)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tredly/tredly/releases/tag/v1.0.0-rc.1\" rel=\"nofollow\"\u003eTredly - V1 Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.freebsd.org/pipermail/freebsd-current/2016-June/061775.html\" rel=\"nofollow\"\u003eCall for Testing - ypldap testing against OpenLDAP and Microsoft Active \nDirectory\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bsdmag.org/\" rel=\"nofollow\"\u003eBSD Magazine, June 2016 Out Now\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-June/500610.html\" rel=\"nofollow\"\u003eHammer2 - Add xxhash to H2 and throw in debug stuff for performance \ntesting\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/06/14/chyves-project-preannouncement.html\" rel=\"nofollow\"\u003echyves pre-announcement\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/1hpGrmuL\" rel=\"nofollow\"\u003e Michael - Versioning \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/2PkrMGGx\" rel=\"nofollow\"\u003e Michael - Removing Encryption \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/q5VdmNxG\" rel=\"nofollow\"\u003e Bostjan - PC-BSD Questions\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/2aedLV7d\" rel=\"nofollow\"\u003e Fong - ZFS Rollback \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/dneVZkXc\" rel=\"nofollow\"\u003e Jochen - Docker on FBSD\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On this episode of BSDNow, we will be talking to Glen Barber and Peter Wemm of the FreeBSD RE and Cluster Admin teams! That plus our","date_published":"2016-06-22T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5d5709eb-d443-4e84-bf66-b521e3b7c5eb.mp3","mime_type":"audio/mpeg","size_in_bytes":72186484,"duration_in_seconds":6015}]},{"id":"65789003-28e4-49f2-83a2-80f129d71d0d","title":"146: Music to Beastie’s ears","url":"https://www.bsdnow.tv/146","content_text":"Kris is on vacation this week, so allan flies solo, provides a recap of BSDCan \u0026amp; cover's a boatload of news including Microsoft\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan Recap and Live Stream Videos\n\n\nOpenBSD BSDCan 2016 papers now available\nAllan’s slides  and Paper \nMichael W Lucas presents Allan with a gift \n“FreeBSD Mastery: Advanced ZedFS” \nHighlighted Tweets:\n\n\nGroff Arrives at BSDCan \nFreeBSD Foundation recognizes the contributions of Bryan Drewery, Rod Grimes, Warren Block, \u0026amp; Gleb Smirnoff \nA moment of silence and shots in memory in Benjamin Perrault @creepingfur \n@gvnn3 sells the FreeBSD Foundation shirt off of his back for Charity \nMichael W. Lucas asks Matt Ahrens how to pronounce ZFS, “You can pronounce ZFS however you like, but if you pronounce it 'reiserfs', people might be confused.” \nSysadmin T-Shirt \nFreeBSD Dev Summit ran out of room on the chalkboards listing accomplishments of 11.0 \nList of things people have or want for FreeBSD 12 \nMatt Ahrens signing Allan’s ZFS book \nFreeBSD’s new marketing strategy \nCharity Auction: systemd whoopie cushion \nEmbarass OpenBSD’s @HenningBrauer by donating $10 to charity for a selfie with him wearing a Linux t-shirt \n@GroffTheBSDGoat changes handlers, from @HenningBrauer to @GavinAtkinson \n\nDay 1 Video \nDay 2 Video \nAllan’s GELIBoot talk (day 2) \n***\n\n\nMedia Coverage of Microsoft + FreeBSD story\n\n\nMicrosoft has released their own custom image of FreeBSD 10.3 for the Azure Cloud\n“This means that not only can you quickly bring-up a FreeBSD VM in Azure, but also that in the event you need technical support, Microsoft support engineers can assist.”\n“Microsoft is the publisher of the FreeBSD image in the marketplace rather than the FreeBSD Foundation. The FreeBSD Foundation is supported by donations from the FreeBSD community, including companies that build their solutions on FreeBSD. They are not a solution provider or an ISV with a support organization but rather rely on a very active community that support one another. In order to ensure our customers have an enterprise SLA for their FreeBSD VMs running in Azure, we took on the work of building, testing, releasing and maintaining the image in order to remove that burden from the Foundation. We will continue to partner closely with the Foundation as we make further investments in FreeBSD on Hyper-V and in Azure.”\n\"It's quite a significant milestone for FreeBSD community and for Microsoft to publish a supported FreeBSD image on Azure Marketplace. We really appreciate Microsoft's commitment and investment in FreeBSD project\". - Justin T. Gibbs, President of FreeBSD Foundation\nMicrosoft took a FreeBSD 10.3-RELEASE image and added additional patches, most of which they have upstreamed but that were too late for the regular 10.3 release cycle.\nRather than requiring users to use a snapshot of the stable/10 branch, which would complicate the user experience, and complicate the job of the Microsoft support engineers, they created their own “certified” release\nThis allows Microsoft to selectively deploy errata fixes to the image as well\nIt is not clear how this affects update mechanisms like freebsd-update(8)\nThe Register \nThe Inquirer \nInfoworld \nThe Hacker News \nWindows Report \nWindows Club \n***\n\n\nSelect works poorly\n\n\n“At the bottom of the OpenBSD man page for select is a little note. “Internally to the kernel, select() and pselect() work poorly if multiple processes wait on the same file descriptor.” There’s a similar warning in the poll man page. Where does this warning come from and what does it mean?”\nTed found that at first glance, OpenBSD’s select() appears to be quite bad:\n“whenever some data gets written, we call wakeup(\u0026amp;selwait);. Based on what we’ve seen so far, one can conclude that this is likely to be inefficient. Every time any socket has some data available, we wake up every selecting process in the system. Works poorly indeed.”\nAfter further investigation, it turns out to not be quite as bad\nWhen the select() is first setup, the PID of the process that cares about the FD is recorded in the selinfo struct\nIf a second process runs select() on the same FD, the SI_COLL (Select Collision) flag is set on the selinfo struct\nWhen selwakeup() is called, if SI_COLL is set, all select()ing processes are woken up, and the sysctl kern.nselcoll is incremented. If the flag is not set, and only a single PID is waiting for activity on that FD, only that process is woken up\n“This is not an intractable problem. kevent avoids it entirely. Other implementations may too. But practically, does it need to be solved? My laptop says it’s happened 43 times. A server with substantially more uptime says 0. Doesn’t seem so bad.”\n***\n\n\nInterview - Hans Petter Selasky - hps@freebsd.org / @twitter\n\n\nDesigning FreeBSD’s USB drivers, hooking up a piano to FreeBSD \u0026amp; more!\n***\n\n\nNews Roundup\n\n\nTimeline of libexpat random vulnerability\nDo you use FreeBSD as web server? Why or why not?\n20 years of NetBSD code Bloat\nHP Chromebook 13 now booting OpenBSD\nUNIX for Poets \nComparing live version upgrade methods\nMy life with FreeBSD on a Thinkpad X220\n\n\n","content_html":"\u003cp\u003eKris is on vacation this week, so allan flies solo, provides a recap of BSDCan \u0026amp; cover\u0026#39;s a boatload of news including Microsoft\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdcan.org/2016/\" rel=\"nofollow\"\u003eBSDCan Recap and Live Stream Videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.openbsd.org/papers\" rel=\"nofollow\"\u003eOpenBSD BSDCan 2016 papers now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://allanjude.com/bsd/BSDCan2016_-_GELIBoot.pdf\" rel=\"nofollow\"\u003eAllan’s slides \u003c/a\u003e \u003ca href=\"http://allanjude.com/bsd/AsiaBSDCon2016_geliboot_pdf1a.pdf\" rel=\"nofollow\"\u003eand Paper \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=LFgxAHkrSTg\" rel=\"nofollow\"\u003eMichael W Lucas presents Allan with a gift \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2698\" rel=\"nofollow\"\u003e“FreeBSD Mastery: Advanced ZedFS” \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHighlighted Tweets:\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/Keltounet/status/740344735194320896\" rel=\"nofollow\"\u003eGroff Arrives at BSDCan \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/freebsdfndation/status/742456950676393984\" rel=\"nofollow\"\u003eFreeBSD Foundation recognizes the contributions of Bryan Drewery, Rod Grimes, Warren Block, \u0026amp; Gleb Smirnoff \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/__briancallahan/status/741854476340858880\" rel=\"nofollow\"\u003eA moment of silence and shots in memory in Benjamin Perrault @creepingfur \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/Keltounet/status/741763867471155201\" rel=\"nofollow\"\u003e@gvnn3 sells the FreeBSD Foundation shirt off of his back for Charity \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/cperciva/status/741375414967410688\" rel=\"nofollow\"\u003eMichael W. Lucas asks Matt Ahrens how to pronounce ZFS, “You can pronounce ZFS however you like, but if you pronounce it \u0026#39;reiserfs\u0026#39;, people might be confused.” \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/BSDCan/status/741420633007874050\" rel=\"nofollow\"\u003eSysadmin T-Shirt \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/SeanChittenden/status/740904105388978176\" rel=\"nofollow\"\u003eFreeBSD Dev Summit ran out of room on the chalkboards listing accomplishments of 11.0 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/Keltounet/status/740928627471159296\" rel=\"nofollow\"\u003eList of things people have or want for FreeBSD 12 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/kprovst/status/741322268480049152?cn=bWVudGlvbg%3D%3D\u0026refsrc=email\" rel=\"nofollow\"\u003eMatt Ahrens signing Allan’s ZFS book \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/cperciva/status/741707948469157889\" rel=\"nofollow\"\u003eFreeBSD’s new marketing strategy \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/HippyWizard/status/741768670704066560\" rel=\"nofollow\"\u003eCharity Auction: systemd whoopie cushion \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/juliefriday/status/741948048788586496\" rel=\"nofollow\"\u003eEmbarass OpenBSD’s @HenningBrauer by donating $10 to charity for a selfie with him wearing a Linux t-shirt \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/GroffTheBSDGoat/status/742415390798716928\" rel=\"nofollow\"\u003e@GroffTheBSDGoat changes handlers, from @HenningBrauer to @GavinAtkinson \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=AOidjSS7Hsg\" rel=\"nofollow\"\u003eDay 1 Video \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=z7pDnBO5wSM\" rel=\"nofollow\"\u003eDay 2 Video \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=z7pDnBO5wSM\u0026feature=youtu.be\u0026list=PLeF8ZihVdpFfoEV67dBSrKfA8ifpUr6qC\u0026t=4440\" rel=\"nofollow\"\u003eAllan’s GELIBoot talk (day 2) \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://azure.microsoft.com/en-us/blog/freebsd-now-available-in-azure-marketplace/\" rel=\"nofollow\"\u003eMedia Coverage of Microsoft + FreeBSD story\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMicrosoft has released their own custom image of FreeBSD 10.3 for the Azure Cloud\u003c/li\u003e\n\u003cli\u003e“This means that not only can you quickly bring-up a FreeBSD VM in Azure, but also that in the event you need technical support, Microsoft support engineers can assist.”\u003c/li\u003e\n\u003cli\u003e“Microsoft is the publisher of the FreeBSD image in the marketplace rather than the FreeBSD Foundation. The FreeBSD Foundation is supported by donations from the FreeBSD community, including companies that build their solutions on FreeBSD. They are not a solution provider or an ISV with a support organization but rather rely on a very active community that support one another. In order to ensure our customers have an enterprise SLA for their FreeBSD VMs running in Azure, we took on the work of building, testing, releasing and maintaining the image in order to remove that burden from the Foundation. We will continue to partner closely with the Foundation as we make further investments in FreeBSD on Hyper-V and in Azure.”\u003c/li\u003e\n\u003cli\u003e\u0026quot;It\u0026#39;s quite a significant milestone for FreeBSD community and for Microsoft to publish a supported FreeBSD image on Azure Marketplace. We really appreciate Microsoft\u0026#39;s commitment and investment in FreeBSD project\u0026quot;. - Justin T. Gibbs, President of FreeBSD Foundation\u003c/li\u003e\n\u003cli\u003eMicrosoft took a FreeBSD 10.3-RELEASE image and added additional patches, most of which they have upstreamed but that were too late for the regular 10.3 release cycle.\u003c/li\u003e\n\u003cli\u003eRather than requiring users to use a snapshot of the stable/10 branch, which would complicate the user experience, and complicate the job of the Microsoft support engineers, they created their own “certified” release\u003c/li\u003e\n\u003cli\u003eThis allows Microsoft to selectively deploy errata fixes to the image as well\u003c/li\u003e\n\u003cli\u003eIt is not clear how this affects update mechanisms like freebsd-update(8)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.theregister.co.uk/2016/06/09/microsoft_freebsd/\" rel=\"nofollow\"\u003eThe Register \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.theinquirer.net/inquirer/news/2461070/microsoft-creates-own-distribution-of-freebsd-for-azure-developers\" rel=\"nofollow\"\u003eThe Inquirer \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.infoworld.com/article/3082090/open-source-tools/is-microsoft-publishing-its-own-freebsd-yes-and-no.html\" rel=\"nofollow\"\u003eInfoworld \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://thehackernews.com/2016/06/microsoft-azure-freebsd.html\" rel=\"nofollow\"\u003eThe Hacker News \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://windowsreport.com/microsoft-freebsd-10-3-ready-made-vm-image-azure/\" rel=\"nofollow\"\u003eWindows Report \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://news.thewindowsclub.com/microsoft-freebsd-operating-system-84375/\" rel=\"nofollow\"\u003eWindows Club \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/select-works-poorly\" rel=\"nofollow\"\u003eSelect works poorly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“At the bottom of the OpenBSD man page for select is a little note. “Internally to the kernel, select() and pselect() work poorly if multiple processes wait on the same file descriptor.” There’s a similar warning in the poll man page. Where does this warning come from and what does it mean?”\u003c/li\u003e\n\u003cli\u003eTed found that at first glance, OpenBSD’s select() appears to be quite bad:\u003c/li\u003e\n\u003cli\u003e“whenever some data gets written, we call wakeup(\u0026amp;selwait);. Based on what we’ve seen so far, one can conclude that this is likely to be inefficient. Every time any socket has some data available, we wake up every selecting process in the system. Works poorly indeed.”\u003c/li\u003e\n\u003cli\u003eAfter further investigation, it turns out to not be quite as bad\u003c/li\u003e\n\u003cli\u003eWhen the select() is first setup, the PID of the process that cares about the FD is recorded in the selinfo struct\u003c/li\u003e\n\u003cli\u003eIf a second process runs select() on the same FD, the SI_COLL (Select Collision) flag is set on the selinfo struct\u003c/li\u003e\n\u003cli\u003eWhen selwakeup() is called, if SI_COLL is set, all select()ing processes are woken up, and the sysctl kern.nselcoll is incremented. If the flag is not set, and only a single PID is waiting for activity on that FD, only that process is woken up\u003c/li\u003e\n\u003cli\u003e“This is not an intractable problem. kevent avoids it entirely. Other implementations may too. But practically, does it need to be solved? My laptop says it’s happened 43 times. A server with substantially more uptime says 0. Doesn’t seem so bad.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Hans Petter Selasky - \u003ca href=\"mailto:hps@freebsd.org\" rel=\"nofollow\"\u003ehps@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/user\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDesigning FreeBSD’s USB drivers, hooking up a piano to FreeBSD \u0026amp; more!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/timeline-of-libexpat-random-vulnerability\" rel=\"nofollow\"\u003eTimeline of libexpat random vulnerability\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://news.ycombinator.com/item?id=11804565\" rel=\"nofollow\"\u003eDo you use FreeBSD as web server? Why or why not?\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://kristerw.blogspot.sg/2016/05/20-years-of-netbsd-code-bloat.html\" rel=\"nofollow\"\u003e20 years of NetBSD code Bloat\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://jcs.org/statuses/2016/06/08/740606952149942272/\" rel=\"nofollow\"\u003eHP Chromebook 13 now booting OpenBSD\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://web.stanford.edu/class/cs124/lec/124-UnixForPoets.pdf\" rel=\"nofollow\"\u003eUNIX for Poets \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20160530#upgrades\" rel=\"nofollow\"\u003eComparing live version upgrade methods\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.reddit.com/r/BSD/comments/4n3flx/my_life_with_freebsd_on_a_thinkpad_x220/\" rel=\"nofollow\"\u003eMy life with FreeBSD on a Thinkpad X220\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"Kris is on vacation this week, so allan flies solo, provides a recap of BSDCan \u0026 cover's a boatload of news including Microsoft","date_published":"2016-06-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/65789003-28e4-49f2-83a2-80f129d71d0d.mp3","mime_type":"audio/mpeg","size_in_bytes":46132564,"duration_in_seconds":3844}]},{"id":"95c07cb8-0807-4cdc-bd2f-80c2a089f669","title":"145: At the Core of it all","url":"https://www.bsdnow.tv/145","content_text":"It’s BSDCan time! Allan and I are both enjoying what is sure to be a super-busy week, but don’t think we’ve forgotten about\n\nThis episode was brought to you by\n\n\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u0026gt;\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u0026gt;\n\n\n\nInterview - Benno Rice - benno@freebsd.org / @jeamland\n\n\nManager, OS \u0026amp; Networking at EMC Isilon\nEmily Dunham: Community Automation \n\n\n\n\niXsystems\n\n\n1U Rackmount Server - 4 Bay Hot-Swap SAS/SATA Drive Bays 400W Redundant Power Supply  -  Single Socket Embedded CPU (48 cores) - 8 DIMM Slots with \n16GB DIMMs for a total of 128GB RAM – Dual Gigabit LAN, Dual 10GbE SFP+ and 1 x 40Gb QSFP+ port, (1) PCI-E Expansion Slots + IPMI Dedicated LAN - \nCavium ThunderX ARM CN8890 48 Core ThunderX CPU - 2.5GHz per core\nSystem has 128GB RAM, 4 x 2TB SATA HDD, Additional Intel i350 (2 x 1GbE) \n\n\n\n\nBeastie Bits\n\n\nfile considered harmful\nAn open source talk on ZFS. “Intro to ZFS” as a set of open source slides for the community to build on, and to reuse. Go give this talk at your local conference.  \nARMv7 now has a bootloader \nSHA256/512 speed improvements in FreeBSD 11 \npkgsrc 50th release interviews - Joerg Sonnenberg\nDFly versus PC-BSD on a Laptop \nFreeBSD ifconfig can print subnet masks in CIDR or dotted-quad, finally  \n\n\n\n\nFeedback/Questions\n\n\n Eli - Getting rid of ports?\n Morgan - Best way to admin jails?\n Simon - Use existing pkgs in poudriere\n Pete - Lots of Q’s\n Van - Made the switch \n***\n","content_html":"\u003cp\u003eIt’s BSDCan time! Allan and I are both enjoying what is sure to be a super-busy week, but don’t think we’ve forgotten about\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and \u003cbr\u003e\nStorage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" \u003cbr\u003e\nalt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Benno Rice - \u003ca href=\"mailto:benno@freebsd.org\" rel=\"nofollow\"\u003ebenno@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/jeamland\" rel=\"nofollow\"\u003e@jeamland\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eManager, OS \u0026amp; Networking at EMC Isilon\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=dIageYT0Vgg\" rel=\"nofollow\"\u003eEmily Dunham: Community Automation \u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e1U Rackmount Server - 4 Bay Hot-Swap SAS/SATA Drive Bays 400W Redundant Power Supply  -  Single Socket Embedded CPU (48 cores) - 8 DIMM Slots with \u003cbr\u003e\n16GB DIMMs for a total of 128GB RAM – Dual Gigabit LAN, Dual 10GbE SFP+ and 1 x 40Gb QSFP+ port, (1) PCI-E Expansion Slots + IPMI Dedicated LAN - \u003cbr\u003e\nCavium ThunderX ARM CN8890 48 Core ThunderX CPU - 2.5GHz per core\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSystem has 128GB RAM, 4 x 2TB SATA HDD, Additional Intel i350 (2 x 1GbE) \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/file-considered-harmful\" rel=\"nofollow\"\u003efile considered harmful\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/problame/talkintrozfs2016\" rel=\"nofollow\"\u003eAn open source talk on ZFS. “Intro to ZFS” as a set of open source slides for the community to build on, and to reuse. Go give this talk at your local conference. \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160529145411\" rel=\"nofollow\"\u003eARMv7 now has a bootloader\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=300966\" rel=\"nofollow\"\u003eSHA256/512 speed improvements in FreeBSD 11 \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interview_with\" rel=\"nofollow\"\u003epkgsrc 50th release interviews - Joerg Sonnenberg\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-May/249636.html\" rel=\"nofollow\"\u003eDFly versus PC-BSD on a Laptop\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=301059\" rel=\"nofollow\"\u003eFreeBSD ifconfig can print subnet masks in CIDR or dotted-quad, finally \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/4Y6VYSyN\" rel=\"nofollow\"\u003e Eli - Getting rid of ports?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/w8hsMtbc\" rel=\"nofollow\"\u003e Morgan - Best way to admin jails?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/mqSJk0pP\" rel=\"nofollow\"\u003e Simon - Use existing pkgs in poudriere\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/1M7HLAXs\" rel=\"nofollow\"\u003e Pete - Lots of Q’s\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/NTVBvtC5\" rel=\"nofollow\"\u003e Van - Made the switch\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It’s BSDCan time! Allan and I are both enjoying what is sure to be a super-busy week, but don’t think we’ve forgotten about","date_published":"2016-06-08T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/95c07cb8-0807-4cdc-bd2f-80c2a089f669.mp3","mime_type":"audio/mpeg","size_in_bytes":51492820,"duration_in_seconds":4291}]},{"id":"88258e16-7914-442e-9f73-ae58b6a26468","title":"144: The PF life","url":"https://www.bsdnow.tv/144","content_text":"It’s only one-week away from BSDCan, both Allan and I are excited to meet some of you in person! However, the show keeps on\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\ndotSecurity 2016 - Theo de Raadt - Privilege Separation and Pledge\n\n\nVideo \nSlides \nInterested in Privilege Separation and security in general? If so, then you are in for a treat, we have both the video and slides from Theo de Raadt at dotSecurity 2016.\nSpecifically the the talk starts off looking at Pledge (no copyright issues with the pictures I hope??) and how their NTP daemon uses it.\nAfter going through some internals, Theo reveals that around 10% of programs “pledged” so far were found to be trying to do actions outside of their security scope.\nOn the future-work side, they mention going back and looking at OpenSSH privilege separation next, as well as working with other OS’s that may want pledge support.\n***\n\n\nbhyve now supports UEFI GOP\n\n\nThe log awaited UEFI GOP (Graphics Output Protocol) features has landed in bhyve\nThis provides emulated graphics via an internal VNC server, allowing users to have full graphical access to the guest OS\nThis allows installation of Windows guests without needing to create a modified ISO with an unattended installation script\nThe code has not actually landed in FreeBSD head yet, but has been committed to a project branch\nFollowing a few simple commands, you can compile the new bhyve binary on your -CURRENT system and get started right away\nThis feature is expected to be included in the upcoming FreeBSD 11.0\nThis commit drop also brings with it:\n\n\nXHCI -- an emulated usb tablet device that provides exact mouse positioning in supported OSs\nPS2 mouse for fallback if the guest does not support XHCI (Windows 7)\nPS2 keyboard\n\n“The code has been tested with Windows 7/8/8.1/10 and Server 2k12/2k16, Ubuntu 15.10, and FreeBSD 10.3/11-CURRENT”\n“For VNC clients, TightVNC, TigherVNC, and RealVNC (aka VNC Viewer) have been tested on various hosts. The OSX VNC client is known not to work.”\nThe VNC server supports an optional ‘wait’ parameter, that causes the VM to not actually boot until the VNC client connects, allowing you to interrupt the boot process if need be\nRelated user blog post \nSVN commit\n***\n\n\nzfsd lands in FreeBSD HEAD, in time for 11.0-RELEASE\n\n\nzfsd has been committed to FreeBSD -CURRENT in time to be included in FreeBSD 11.0\nzfsd is the missing piece required to make ‘hot spares’ work properly in FreeBSD ZFS\n“zfsd attempts to resolve ZFS faults that the kernel can't resolve by itself. It listens to devctl(4) events, which is how the kernel notifies of events such as I/O errors and disk removals.  Zfsd attempts to resolve these faults by activating or deactivating hotspares and onlining offline vdevs.”\n“The administrator never interacts with zfsd directly.  Instead, he controls its behavior indirectly through zpool configuration.  There are two ways to influence zfsd: assigning hotspares and setting pool properties.  Currently, only the autoreplace property has any effect.  See zpool(8) for details.”\nSo, what example does it do?\nDevice Removal: “When a leaf vdev disappears, zfsd will activate any available hotspare.”\nDevice Arrival: “When a new GEOM device appears, zfsd will attempt to read its ZFS label, if any.  If it matches a previously removed vdev on an active pool, zfsd will online it.  Once resilvering completes, any active hotspare will detach automatically.”\nSo if you disconnect a drive, then reconnect it, it will automatically be brought back online. Since ZFS is smart, the resilver will only have to copy data that has changed since the device went offline.\n“If the new device has no ZFS label but its physical path matches the physical path of a previously removed vdev on an active pool, and that pool has the autoreplace property set, then zfsd will replace the missing vdev with the newly arrived device.  Once resilvering completes, any active hotspare will detach automatically.”\nIf the new drive is in the same slot in your hot swap array as a failed device, it will be used as a replacement immediately.\nvdev degrade or fault events: “If a vdev becomes degraded or faulted, zfsd will activate any available hotspare. If a leaf vdev generates more than 50 I/O errors in a 60 second period, then zfsd will mark that vdev as FAULTED.  zfs(4) will no longer issue any I/Os to it.  zfsd will activate \na hotspare if one is available.” Same for checksum errors.\nSo if zfsd detects a drive is going bad, it brings the hotspare online before it is too late\nSpare addition: “If the system administrator adds a hotspare to a pool that is already degraded, zfsd will activate the spare.”\nResilver complete: “zfsd will detach any hotspare once a permanent replacement finishes resilvering.”\nPhysical path change: “If the physical path of an existing disk changes, zfsd will attempt to replace any missing disk with the same physical path, if its pool's autoreplace property is set.”\nIn general, this tool means less reliance on the system administrator to keep the pool healthy\n***\n\n\nWX now mandatory in OpenBSD\n\n\nWe’ve talked a bit about WX in the past. (Refresher: Memory being writable and executable at once)\nWell, this major security no-no is no-more on OpenBSD. Theo has committed a change which now prevents violations of this policy:\n\n\n\n“WX violations are no longer permitted by default.  A kernel log message is generated, and mprotect/mmap return ENOTSUP.  If the sysctl(8) flag kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump creation.”\n\n\n\nThere are a few cases where you may still need WX, which Theo points out can be enabled on a file-system basis.\n\n\n\n“WX violating programs can be permitted on a ffs/nfs filesystem-basis, using the \"wxallowed\" mount option.  One day far in the future upstream software developers will understand that WX violations are a tremendously risky practice and that style of programming will be banished outright.  Until then, we recommend most users need to use the wxallowed option on their /usr/local filesystem.  At least your other filesystems don't permit such programs.”\n\n\n\nThis is a great ability to grow, since now users can begin doing auditing of programs that violate this principle and making noise to upstream.\n***\n\n\nInterview - Kristof Provost - kp@freebsd.org @kprovst\n\n\npf improvements on FreeBSD\n***\n\n\nNews Roundup\n\nGELI Support for the EFI Loader \n\n\nWe’ve had Allan’s work to bring GELI support to the GPT / BIOS / ZFS loader for a while now, but the missing piece has been support for EFI.\nNo longer, Eric McCorkle has posted a blog entry (with relevant github links) introducing us to his work to bring GELI encryption support to EFI.\nFirst the bad-news. This won’t make it into 11.0. (Maybe PC-BSD, TBD)\nNext he explains why this is more than just a new feature, but a re-factor of the EFI boot code:\n\n\n\nI have already written extensively about my EFI refactoring here.  The reason for undertaking this effort, however, was driven by GELI support.  Early in my work on this, I had implemented a non-EFI “providers” framework in boot1 in order to support the notion of disk partitions that may contain sub-partitions.\n\n\n\nThis was deeply unsatisfying to me for several reasons:\n\n\nIt implemented a lot of the same functionality that exists in the EFI framework.\nIt involved implementing a GPT partition driver to deal with partition tables inside GELI partitions (GPT detection and support is guaranteed by the EFI spec).\nThe interface between the EFI framework and the custom “providers” framework was awkward.\nThe driver was completely boot1-specific, and exporting it to something like GRUB probably involved a total rewrite.\nImplementing it within loader was going to involve a lot of code duplication.\nThere was no obvious was to pass keys between boot1, loader, and the kernel.\n\nWith the issues known, Eric seems pleased with the results of the conversion so far:\n\n\nThe GELI driver can be extracted from the FreeBSD codebase without too much trouble.\nWhile I was unable to go all the way to the EFI driver model, the only blocker is the bcache code, and once that is resolved, we can have hotplug support in the boot loader!\nThe boot1 and loader codebases are now sharing all the backend drivers, and boot1 has been reduced to one very small source file.\n\nAn interesting read, looking forward to playing with EFI more in the future!\n***\n\n\nFaces of FreeBSD 2016: Michael W. Lucas\n\n\nOn this edition of “Faces of FreeBSD”, Michael W Lucas tells the story of how he got started with FreeBSD\nAfter an amusing re-telling of his childhood (The words “Purina Monkey Chow” were mentioned), he then tells us how he got into BSD.\nHis being thrown into the project may sound familiar to many: \n\n\n\nI came in at 11 PM one night and was told “The DNS administrator just got walked out the door. You’re the new lead DNS administrator. Make those servers work. Good luck.”\n\n\n\nFrom there (because he wanted more sleep), he began ripping out the systems that had been failing and waking him up at night. Good-bye UnixWare, Good-bye Solaris, hello BSD!\nA very amusing read, check it out!\n***\n\n\nHigh Availability with PostgreSQL on FreeBSD\n\n\nA talk by Sean Chittenden, who we interviewed previously on episode Episode 95 \nExplains how to setup Multi Data Center High Availability for PostgreSQL using consul\nGoes into how consul works, how it does the election, the gossip protocol, etc\nThe HA setup uses DNS Failover, and the pros and cons of that approach are discussed\nThen he walks through the implementation details, and example configuration\n***\n\n\nNew FreeBSD i915 testing images\n\n\nStill need users to test the Linux Kernel 4.6 DRM update to FreeBSD’s graphics stack\nDownload the test image and write it to a USB stick and boot from it\nIt will not modify your installed system, it runs entirely off of the USB drive\nAllows you to test the updated drivers without having to install the development branch on your device\n you can tell them that ATI/AMD support will be coming shortly\n and that stability has been steadily improving\n and that I'll do another announcement as soon as I've had a chance to test the newest Xorg bits\n***\n\n\nBeastie Bits\n\n\nComfortable on the CLI: Series Part 1\nFreeBSD Booting on the Netgate uFW, a smaller-than-a-raspberry-pi dual port firewall \nPicture of uFW \nuFW OpenSSL Benchmarks\n***\n","content_html":"\u003cp\u003eIt’s only one-week away from BSDCan, both Allan and I are excited to meet some of you in person! However, the show keeps on\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dotsecurity.io/\" rel=\"nofollow\"\u003edotSecurity 2016 - Theo de Raadt - Privilege Separation and Pledge\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=a_EYdzGyNWs\" rel=\"nofollow\"\u003eVideo\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.openbsd.org/papers/dot2016.pdf\" rel=\"nofollow\"\u003eSlides\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eInterested in Privilege Separation and security in general? If so, then you are in for a treat, we have both the video and slides from Theo de Raadt at dotSecurity 2016.\u003c/li\u003e\n\u003cli\u003eSpecifically the the talk starts off looking at Pledge (no copyright issues with the pictures I hope??) and how their NTP daemon uses it.\u003c/li\u003e\n\u003cli\u003eAfter going through some internals, Theo reveals that around 10% of programs “pledged” so far were found to be trying to do actions outside of their security scope.\u003c/li\u003e\n\u003cli\u003eOn the future-work side, they mention going back and looking at OpenSSH privilege separation next, as well as working with other OS’s that may want pledge support.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2016-May/004471.html\" rel=\"nofollow\"\u003ebhyve now supports UEFI GOP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe log awaited UEFI GOP (\u003ca href=\"https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#GOP\" rel=\"nofollow\"\u003eGraphics Output Protocol\u003c/a\u003e) features has landed in bhyve\u003c/li\u003e\n\u003cli\u003eThis provides emulated graphics via an internal VNC server, allowing users to have full graphical access to the guest OS\u003c/li\u003e\n\u003cli\u003eThis allows installation of Windows guests without needing to create a modified ISO with an unattended installation script\u003c/li\u003e\n\u003cli\u003eThe code has not actually landed in FreeBSD head yet, but has been committed to a project branch\u003c/li\u003e\n\u003cli\u003eFollowing a few simple commands, you can compile the new bhyve binary on your -CURRENT system and get started right away\u003c/li\u003e\n\u003cli\u003eThis feature is expected to be included in the upcoming FreeBSD 11.0\u003c/li\u003e\n\u003cli\u003eThis commit drop also brings with it:\n\n\u003cul\u003e\n\u003cli\u003eXHCI -- an emulated usb tablet device that provides exact mouse positioning in supported OSs\u003c/li\u003e\n\u003cli\u003ePS2 mouse for fallback if the guest does not support XHCI (Windows 7)\u003c/li\u003e\n\u003cli\u003ePS2 keyboard\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e“The code has been tested with Windows 7/8/8.1/10 and Server 2k12/2k16, Ubuntu 15.10, and FreeBSD 10.3/11-CURRENT”\u003c/li\u003e\n\u003cli\u003e“For VNC clients, TightVNC, TigherVNC, and RealVNC (aka VNC Viewer) have been tested on various hosts. The OSX VNC client is known not to work.”\u003c/li\u003e\n\u003cli\u003eThe VNC server supports an optional ‘wait’ parameter, that causes the VM to not actually boot until the VNC client connects, allowing you to interrupt the boot process if need be\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://justinholcomb.me/blog/2016/05/28/bhyve-uefi-gop-support.html\" rel=\"nofollow\"\u003eRelated user blog post \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=300829\" rel=\"nofollow\"\u003eSVN commit\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=300906\" rel=\"nofollow\"\u003ezfsd lands in FreeBSD HEAD, in time for 11.0-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ezfsd has been committed to FreeBSD -CURRENT in time to be included in FreeBSD 11.0\u003c/li\u003e\n\u003cli\u003ezfsd is the missing piece required to make ‘hot spares’ work properly in FreeBSD ZFS\u003c/li\u003e\n\u003cli\u003e“zfsd attempts to resolve ZFS faults that the kernel can\u0026#39;t resolve by itself. It listens to devctl(4) events, which is how the kernel notifies of events such as I/O errors and disk removals.  Zfsd attempts to resolve these faults by activating or deactivating hotspares and onlining offline vdevs.”\u003c/li\u003e\n\u003cli\u003e“The administrator never interacts with zfsd directly.  Instead, he controls its behavior indirectly through zpool configuration.  There are two ways to influence zfsd: assigning hotspares and setting pool properties.  Currently, only the \u003cem\u003eautoreplace\u003c/em\u003e property has any effect.  See zpool(8) for details.”\u003c/li\u003e\n\u003cli\u003eSo, what example does it do?\u003c/li\u003e\n\u003cli\u003eDevice Removal: “When a leaf vdev disappears, zfsd will activate any available hotspare.”\u003c/li\u003e\n\u003cli\u003eDevice Arrival: “When a new GEOM device appears, zfsd will attempt to read its ZFS label, if any.  If it matches a previously removed vdev on an active pool, zfsd will online it.  Once resilvering completes, any active hotspare will detach automatically.”\u003c/li\u003e\n\u003cli\u003eSo if you disconnect a drive, then reconnect it, it will automatically be brought back online. Since ZFS is smart, the resilver will only have to copy data that has changed since the device went offline.\u003c/li\u003e\n\u003cli\u003e“If the new device has no ZFS label but its physical path matches the physical path of a previously removed vdev on an active pool, and that pool has the autoreplace property set, then zfsd will replace the missing vdev with the newly arrived device.  Once resilvering completes, any active hotspare will detach automatically.”\u003c/li\u003e\n\u003cli\u003eIf the new drive is in the same slot in your hot swap array as a failed device, it will be used as a replacement immediately.\u003c/li\u003e\n\u003cli\u003evdev degrade or fault events: “If a vdev becomes degraded or faulted, zfsd will activate any available hotspare. If a leaf vdev generates more than 50 I/O errors in a 60 second period, then zfsd will mark that vdev as FAULTED.  zfs(4) will no longer issue any I/Os to it.  zfsd will activate \na hotspare if one is available.” Same for checksum errors.\u003c/li\u003e\n\u003cli\u003eSo if zfsd detects a drive is going bad, it brings the hotspare online before it is too late\u003c/li\u003e\n\u003cli\u003eSpare addition: “If the system administrator adds a hotspare to a pool that is already degraded, zfsd will activate the spare.”\u003c/li\u003e\n\u003cli\u003eResilver complete: “zfsd will detach any hotspare once a permanent replacement finishes resilvering.”\u003c/li\u003e\n\u003cli\u003ePhysical path change: “If the physical path of an existing disk changes, zfsd will attempt to replace any missing disk with the same physical path, if its pool\u0026#39;s autoreplace property is set.”\u003c/li\u003e\n\u003cli\u003eIn general, this tool means less reliance on the system administrator to keep the pool healthy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160527203200\" rel=\"nofollow\"\u003eW\u003csup\u003eX\u003c/sup\u003e now mandatory in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve talked a bit about W\u003csup\u003eX\u003c/sup\u003e in the past. (Refresher: Memory being writable and executable at once)\u003c/li\u003e\n\u003cli\u003eWell, this major security no-no is no-more on OpenBSD. Theo has committed a change which now prevents violations of this policy:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“W\u003csup\u003eX\u003c/sup\u003e violations are no longer permitted by default.  A kernel log message is generated, and mprotect/mmap return ENOTSUP.  If the sysctl(8) flag kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump creation.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere are a few cases where you may still need W\u003csup\u003eX,\u003c/sup\u003e which Theo points out can be enabled on a file-system basis.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“W\u003csup\u003eX\u003c/sup\u003e violating programs can be permitted on a ffs/nfs filesystem-basis, using the \u0026quot;wxallowed\u0026quot; mount option.  One day far in the future upstream software developers will understand that W\u003csup\u003eX\u003c/sup\u003e violations are a tremendously risky practice and that style of programming will be banished outright.  Until then, we recommend most users need to use the wxallowed option on their /usr/local filesystem.  At least your other filesystems don\u0026#39;t permit such programs.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a great ability to grow, since now users can begin doing auditing of programs that violate this principle and making noise to upstream.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Kristof Provost - \u003ca href=\"mailto:kp@freebsd.org\" rel=\"nofollow\"\u003ekp@freebsd.org\u003c/a\u003e \u003ca href=\"https://twitter.com/kprovst\" rel=\"nofollow\"\u003e@kprovst\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003epf improvements on FreeBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ericmccorkleblog.wordpress.com/2016/05/28/freebsd-geli-support/\" rel=\"nofollow\"\u003eGELI Support for the EFI Loader \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve had Allan’s work to bring GELI support to the GPT / BIOS / ZFS loader for a while now, but the missing piece has been support for EFI.\u003c/li\u003e\n\u003cli\u003eNo longer, Eric McCorkle has posted a blog entry (with relevant github links) introducing us to his work to bring GELI encryption support to EFI.\u003c/li\u003e\n\u003cli\u003eFirst the bad-news. This won’t make it into 11.0. (Maybe PC-BSD, TBD)\u003c/li\u003e\n\u003cli\u003eNext he explains why this is more than just a new feature, but a re-factor of the EFI boot code:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI have already written extensively about my EFI refactoring here.  The reason for undertaking this effort, however, was driven by GELI support.  Early in my work on this, I had implemented a non-EFI “providers” framework in boot1 in order to support the notion of disk partitions that may contain sub-partitions.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis was deeply unsatisfying to me for several reasons:\n\n\u003cul\u003e\n\u003cli\u003eIt implemented a lot of the same functionality that exists in the EFI framework.\u003c/li\u003e\n\u003cli\u003eIt involved implementing a GPT partition driver to deal with partition tables inside GELI partitions (GPT detection and support is guaranteed by the EFI spec).\u003c/li\u003e\n\u003cli\u003eThe interface between the EFI framework and the custom “providers” framework was awkward.\u003c/li\u003e\n\u003cli\u003eThe driver was completely boot1-specific, and exporting it to something like GRUB probably involved a total rewrite.\u003c/li\u003e\n\u003cli\u003eImplementing it within loader was going to involve a lot of code duplication.\u003c/li\u003e\n\u003cli\u003eThere was no obvious was to pass keys between boot1, loader, and the kernel.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWith the issues known, Eric seems pleased with the results of the conversion so far:\n\n\u003cul\u003e\n\u003cli\u003eThe GELI driver can be extracted from the FreeBSD codebase without too much trouble.\u003c/li\u003e\n\u003cli\u003eWhile I was unable to go all the way to the EFI driver model, the only blocker is the bcache code, and once that is resolved, we can have hotplug support in the boot loader!\u003c/li\u003e\n\u003cli\u003eThe boot1 and loader codebases are now sharing all the backend drivers, and boot1 has been reduced to one very small source file.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAn interesting read, looking forward to playing with EFI more in the future!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/faces-of-freebsd-2016-michael-lucas/\" rel=\"nofollow\"\u003eFaces of FreeBSD 2016: Michael W. Lucas\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOn this edition of “Faces of FreeBSD”, Michael W Lucas tells the story of how he got started with FreeBSD\u003c/li\u003e\n\u003cli\u003eAfter an amusing re-telling of his childhood (The words “Purina Monkey Chow” were mentioned), he then tells us how he got into BSD.\u003c/li\u003e\n\u003cli\u003eHis being thrown into the project may sound familiar to many: \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI came in at 11 PM one night and was told “The DNS administrator just got walked out the door. You’re the new lead DNS administrator. Make those servers work. Good luck.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom there (because he wanted more sleep), he began ripping out the systems that had been failing and waking him up at night. Good-bye UnixWare, Good-bye Solaris, hello BSD!\u003c/li\u003e\n\u003cli\u003eA very amusing read, check it out!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=ugct9-Mm7Ls\" rel=\"nofollow\"\u003eHigh Availability with PostgreSQL on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA talk by Sean Chittenden, who we interviewed previously on episode \u003ca href=\"http://www.bsdnow.tv/episodes/2015_06_24-bitrot_group_therapy\" rel=\"nofollow\"\u003eEpisode 95 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplains how to setup Multi Data Center High Availability for PostgreSQL using consul\u003c/li\u003e\n\u003cli\u003eGoes into how consul works, how it does the election, the gossip protocol, etc\u003c/li\u003e\n\u003cli\u003eThe HA setup uses DNS Failover, and the pros and cons of that approach are discussed\u003c/li\u003e\n\u003cli\u003eThen he walks through the implementation details, and example configuration\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsddesktop.com/images/\" rel=\"nofollow\"\u003eNew FreeBSD i915 testing images\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eStill need users to test the Linux Kernel 4.6 DRM update to FreeBSD’s graphics stack\u003c/li\u003e\n\u003cli\u003eDownload the test image and write it to a USB stick and boot from it\u003c/li\u003e\n\u003cli\u003eIt will not modify your installed system, it runs entirely off of the USB drive\u003c/li\u003e\n\u003cli\u003eAllows you to test the updated drivers without having to install the development branch on your device\u003c/li\u003e\n\u003cli\u003e\u003cmmacy\u003e you can tell them that ATI/AMD support will be coming shortly\u003c/li\u003e\n\u003cli\u003e\u003cmmacy\u003e and that stability has been steadily improving\u003c/li\u003e\n\u003cli\u003e\u003cmmacy\u003e and that I\u0026#39;ll do another announcement as soon as I\u0026#39;ve had a chance to test the newest Xorg bits\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.cotcli.com/post/The-Very-Basics/\" rel=\"nofollow\"\u003eComfortable on the CLI: Series Part 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/gonzopancho/8e7df7a826e9a2949b36ed2a9d30312e\" rel=\"nofollow\"\u003eFreeBSD Booting on the Netgate uFW, a smaller-than-a-raspberry-pi dual port firewall\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/gonzopancho/status/737874921435594753\" rel=\"nofollow\"\u003ePicture of uFW\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gist.github.com/gonzopancho/8f20b50487a4f7de56e99448866a147d\" rel=\"nofollow\"\u003euFW OpenSSL Benchmarks\u003c/a\u003e\u003cbr\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It’s only one-week away from BSDCan, both Allan and I are excited to meet some of you in person! However, the show keeps on","date_published":"2016-06-01T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/88258e16-7914-442e-9f73-ae58b6a26468.mp3","mime_type":"audio/mpeg","size_in_bytes":46038964,"duration_in_seconds":3836}]},{"id":"de687a92-fb4a-4af8-92f5-a8e5aeee2999","title":"143: One small step for DRM, one giant leap for BSD","url":"https://www.bsdnow.tv/143","content_text":"This week on BSDNow, we have an interview with Matthew Macy, who has some exciting news to share with us regarding the state of graphics\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nHow the number of states affects pf’s performance of FreeBSD\n\n\n Our friend Olivier of FreeNAS and BSDRP fame has an interesting blog post this week detailing his unique issue with finding a firewall that can handle upwards of 4 million state table entries.\nHe begins in the article with benchmarking the defaults, since without that we don’t have a framework to compare the later results.  All done on his  Netgate RCC-VE 4860 (4 cores ATOM C2558, 8GB RAM) under FreeBSD 10.3.\n“We notice a little performance impact when we reach the default 10K state table limit: From 413Kpps with 128 states in-used, it lower to 372Kpps.”\nWith the initial benchmarks done and graphed, he then starts the tuning process by adjusting the “net.pf.states_hashsize”sysctl, and then playing with the number of states for the firewall to keep.\n“For the next bench, the number of flow will be fixed for generating 9800 pf state entries, but I will try different value of pf.states_hashsize until the maximum allowed on my 8GB RAM server (still with the default max states of 10k):”\nThen he cranks it up to 4 million states\n“There is only 12% performance penalty between pf 128 pf states and 4 million pf states.”\n“With 10M state, pf performance lower to 362Kpps: Still only 12% lower performance than with only 128 states”\nHe then looks at what this does of pfsync, the protocol to sync the state table between two redundant pf firewalls\nConclusions:\n\n\nThere need to be a linear relationship between the pf hard-limit of states and the pf.states_hashsize; RAM needed for pf.states_hashsize = pf.states_hashsize * 80 Byte and pf.states_hashsize should be a power of 2 (from the manual page); Even small hardware can manage large number of sessions (it's a matter of RAM),  but under too lot's of pressure pfsync will suffer.\n\n\n\nIntroducing the BCHS Stack = BSD, C, httpd, SQLite\n\n\nPronounced Beaches\n“It's a hipster-free, open source software stack for web applications”\n“Don't just write C. Write portable and secure C.”\n“Get to know your security tools. OpenBSD has systrace(4) and pledge(2). FreeBSD has capsicum(4).”\n“Statically scan your binary with LLVM” and “Run your application under valgrind”\n“Don't forget: BSD is a community of professionals. Go to conferences (EuroBSDCon, AsiaBSDCon, BSDCan, etc.)”\nThis seems like a really interesting project, we’ll have to get Kristaps Dzonsons back on the show to talk about it\n***\n\n\nInstalling OpenBSD's httpd server, MariaDB, PHP 5.6 on OpenBSD 5.9\n\n\nLooking to deploy your next web-stack on OpenBSD 5.9? If so this next article from rootbsd.net is for you.\nSpecifically it will walk you through the process of getting OpenBSD’s own httpd server up and running, followed by MariaDB and PHP 5.6.\nMost of the setup is pretty straight-forward, the httpd syntax may be different to you, if this is your first time trying it out.\nOnce the various packages are installed / configured, the rest of the tutorial will be easy, walking you through the standard hello world PHP script, and enabling the services to run at reboot.\nA good article for those wanting to start hosting PHP/DB content (wordpress anyone?) on your OpenBSD system.\n***\n\n\nThe infrastructure behind Varnish \n\n\nDogfooding. It’s a term you hear often in the software community, which essentially means to “Run your own stuff”. Today we have an article by PKH over at varnish-cache, talking about what that means to them.\nSpecifically, they recently went through a website upgrade, which will enable them to run more of their own stuff. \nHe has a great quote on what OS they use:“So, dogfood: Obviously FreeBSD. Apart from the obvious reason that I wrote a lot of FreeBSD and can get world-class support by bugging my buddies about it, there are two equally serious reasons for the Varnish Project to run on FreeBSD: Dogfood and jails.Varnish Cache is not “software for Linux”, it is software for any competent UNIX-like operating system, and FreeBSD is our primary “keep us honest about this” platform.“\nHe then goes through the process of explaining how they would setup a new Varnish-cache website, or upgrade it. \nAll together a great read, and if you are one of the admin-types, you really should pay attention to how they build from the ground up. Some valuable knowledge here which every admin should try to replicate.\nI can not reiterate the value of having your config files in a private source control repo strongly enough\nThe biggest take-away is: “And by doing it this way, I know it will work next time also.”\n***\n\n\nInterview - Matt Macy - mmacy@nextbsd.orgGraphics Stack Update\n\n\n\nNews Roundup\n\nFollowup on packaging base with pkg(8)\n\n\nIn spite of the heroic last minute effort by a team of contributors, pkg’d base will not be ready in time for FreeBSD 11.0\nThere are just too many issues that were discovered during testing\nThe plan is to continue using freebsd-update in the meantime, and introduce a pkg based upgrade mechanism in FreeBSD 11.1\nWith the new support model for the FreeBSD 11 branch, 11.1 may come sooner than with previous major releases\n***\n\n\nFreeBSD Core Election\n\n\nIt is time once again for the FreeBSD Core Election\nApplication period begins: Wednesday, 18 May 2016 at 18:00:00 UTC\nApplication period ends: Wednesday, 25 May 2016 at 18:00:00 UTC\nVoting begins: Wednesday, 25 May 2016 at 18:00:00 UTC\nVoting ends: Wednesday, 22 June 2016 at 18:00:00 UTC\nResults announced Wednesday, 29 June 2016\nNew core team takes office: Wednesday, 6 July 2016\nAs of the time I was writing these notes, 3 hours before the application deadline, the candidates are:\nAllan Jude: Filling in the potholes\nMarcelo Araujo: We are not vampires, but we need new blood.\nBaptiste Daroussin (incumbent): Keep on improving\nBenedict Reuschling: Learn and Teach\nBenno Rice: Revitalising The Community\nDevin Teske: Here to help\nEd Maste (incumbent): FreeBSD is people\nGeorge V. Neville-Neil (incumbent): There is much to do…\nHiroki Sato (incumbent): Keep up with our good community and technical strength\nJohn Baldwin: Ready to work\nJuli Mallett: Caring for community.\nKris Moore: User-Focused\nMathieu Arnold: Someone ask for fresh blood ?\nOllivier Robert: Caring for the project and you, its developers\nThe deadline for applications is around the time we finish recording the live show\nWe welcome any of the candidates to schedule an interview in the next few weeks. We will make an attempt to hunt many of them down at BSDCan as well.\n***\n\n\nWayland/Weston with XWayland works on DragonFly\n\n\nWe haven’t talked a lot about Wayland on BSD recently (or much at all), but today we have a post from Peter to the dragonfly mailing list, detailing his experience with it.\nSpecifically he talks about getting XWayland working, which provides the compat bits for native X applications to run on WayLand displays.\nSo far on the working list of apps:\n“gtk3:\n\n\ngedit\nnautilus\nevince\n\n\n\nxfce4:\n\n\nxfce4-terminal\natril\n\n\nfirefox\nspyder\nscilab”\nA pretty impressive list, although he said “chrome” failed with a seg-fault\nThis is something I’m personally interested in. Now with the newer DRM bits landing in FreeBSD, perhaps it’s time for some further looking into Wayland.\n***\n\n\n\nBroadcom WiFi driver update\n\n\nIn this blog post Adrian Chadd talks about his recent work on the bwn(4) driver for Broadcom WiFi chips\nThis work has added support for a number of older 802.11g chips, including the one from 2009-era Macbooks\nWork is ongoing, and the hope is to add 802.11n and 5ghz support as well\nAdrian is mentoring a number of developers working on embedded or wifi related things, to try to increase the projects bandwidth in those areas\nIf you are interested in driver development, or wifi internals, the blog post has lots of interesting details and covers the story of Adrian’s recent adventures in bringing the drivers up\n***\n\n\nBeastie Bits\n\nThe Design of the NetBSD I/O Subsystems (2002)\n\nZFS, BTRFS, XFS, EXT4 and LVM with KVM – a storage performance comparison \n\nSwift added to FreeBSD Ports\n\nmisc@openbsd: 'NSA addition to ifconfig'\n\nPapers We Love: Memory by the Slab: The Tale of Bonwick's Slab Allocator  \n\n\n\nFeedback/Questions\n\n\n Lars - Poudriere \n Warren - .NET \n Eddy - Sys Init \n Tim - ZFS Resources \n Morgan - Ports and Kernel \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we have an interview with Matthew Macy, who has some exciting news to share with us regarding the state of graphics\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.cochard.me/2016/05/playing-with-freebsd-packet-filter.html\" rel=\"nofollow\"\u003eHow the number of states affects pf’s performance of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e Our friend Olivier of FreeNAS and BSDRP fame has an interesting blog post this week detailing his unique issue with finding a firewall that can handle upwards of 4 million state table entries.\u003c/li\u003e\n\u003cli\u003eHe begins in the article with benchmarking the defaults, since without that we don’t have a framework to compare the later results.  All done on his  Netgate RCC-VE 4860 (4 cores ATOM C2558, 8GB RAM) under FreeBSD 10.3.\u003c/li\u003e\n\u003cli\u003e“We notice a little performance impact when we reach the default 10K state table limit: From 413Kpps with 128 states in-used, it lower to 372Kpps.”\u003c/li\u003e\n\u003cli\u003eWith the initial benchmarks done and graphed, he then starts the tuning process by adjusting the “net.pf.states_hashsize”sysctl, and then playing with the number of states for the firewall to keep.\u003c/li\u003e\n\u003cli\u003e“For the next bench, the number of flow will be fixed for generating 9800 pf state entries, but I will try different value of pf.states_hashsize until the maximum allowed on my 8GB RAM server (still with the default max states of 10k):”\u003c/li\u003e\n\u003cli\u003eThen he cranks it up to 4 million states\u003c/li\u003e\n\u003cli\u003e“There is only 12% performance penalty between pf 128 pf states and 4 million pf states.”\u003c/li\u003e\n\u003cli\u003e“With 10M state, pf performance lower to 362Kpps: Still only 12% lower performance than with only 128 states”\u003c/li\u003e\n\u003cli\u003eHe then looks at what this does of pfsync, the protocol to sync the state table between two redundant pf firewalls\u003c/li\u003e\n\u003cli\u003eConclusions:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThere need to be a linear relationship between the pf hard-limit of states and the pf.states_hashsize; RAM needed for pf.states_hashsize = pf.states_hashsize * 80 Byte and pf.states_hashsize should be a power of 2 (from the manual page); Even small hardware can manage large number of sessions (it\u0026#39;s a matter of RAM),  but under too lot\u0026#39;s of pressure pfsync will suffer.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.learnbchs.org/\" rel=\"nofollow\"\u003eIntroducing the BCHS Stack = BSD, C, httpd, SQLite\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePronounced Beaches\u003c/li\u003e\n\u003cli\u003e“It\u0026#39;s a hipster-free, open source software stack for web applications”\u003c/li\u003e\n\u003cli\u003e“Don\u0026#39;t just write C. Write portable and secure C.”\u003c/li\u003e\n\u003cli\u003e“Get to know your security tools. OpenBSD has systrace(4) and pledge(2). FreeBSD has capsicum(4).”\u003c/li\u003e\n\u003cli\u003e“Statically scan your binary with LLVM” and “Run your application under valgrind”\u003c/li\u003e\n\u003cli\u003e“Don\u0026#39;t forget: BSD is a community of professionals. Go to conferences (EuroBSDCon, AsiaBSDCon, BSDCan, etc.)”\u003c/li\u003e\n\u003cli\u003eThis seems like a really interesting project, we’ll have to get Kristaps Dzonsons back on the show to talk about it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.rootbsd.net/kb/339/Installing-OpenBSDandsharp039s-httpd-server-MariaDB-PHP-56-on-OpenBSD-59.html\" rel=\"nofollow\"\u003eInstalling OpenBSD\u0026#39;s httpd server, MariaDB, PHP 5.6 on OpenBSD 5.9\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking to deploy your next web-stack on OpenBSD 5.9? If so this next article from rootbsd.net is for you.\u003c/li\u003e\n\u003cli\u003eSpecifically it will walk you through the process of getting OpenBSD’s own httpd server up and running, followed by MariaDB and PHP 5.6.\u003c/li\u003e\n\u003cli\u003eMost of the setup is pretty straight-forward, the httpd syntax may be different to you, if this is your first time trying it out.\u003c/li\u003e\n\u003cli\u003eOnce the various packages are installed / configured, the rest of the tutorial will be easy, walking you through the standard hello world PHP script, and enabling the services to run at reboot.\u003c/li\u003e\n\u003cli\u003eA good article for those wanting to start hosting PHP/DB content (wordpress anyone?) on your OpenBSD system.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.varnish-cache.org/news/20160425_website.html\" rel=\"nofollow\"\u003eThe infrastructure behind Varnish \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDogfooding. It’s a term you hear often in the software community, which essentially means to “Run your own stuff”. Today we have an article by PKH over at varnish-cache, talking about what that means to them.\u003c/li\u003e\n\u003cli\u003eSpecifically, they recently went through a website upgrade, which will enable them to run more of their own stuff. \u003c/li\u003e\n\u003cli\u003eHe has a great quote on what OS they use:“So, dogfood: Obviously FreeBSD. Apart from the obvious reason that I wrote a lot of FreeBSD and can get world-class support by bugging my buddies about it, there are two equally serious reasons for the Varnish Project to run on FreeBSD: Dogfood and jails.Varnish Cache is not “software for Linux”, it is software for any competent UNIX-like operating system, and FreeBSD is our primary “keep us honest about this” platform.“\u003c/li\u003e\n\u003cli\u003eHe then goes through the process of explaining how they would setup a new Varnish-cache website, or upgrade it. \u003c/li\u003e\n\u003cli\u003eAll together a great read, and if you are one of the admin-types, you really should pay attention to how they build from the ground up. Some valuable knowledge here which every admin should try to replicate.\u003c/li\u003e\n\u003cli\u003eI can not reiterate the value of having your config files in a private source control repo strongly enough\u003c/li\u003e\n\u003cli\u003eThe biggest take-away is: “And by doing it this way, I know it will work next time also.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Matt Macy - \u003ca href=\"mailto:mmacy@nextbsd.org\" rel=\"nofollow\"\u003emmacy@nextbsd.org\u003c/a\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-x11/2016-May/017560.html\" rel=\"nofollow\"\u003eGraphics Stack Update\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pkgbase/2016-May/000238.html\" rel=\"nofollow\"\u003eFollowup on packaging base with pkg(8)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn spite of the heroic last minute effort by a team of contributors, pkg’d base will not be ready in time for FreeBSD 11.0\u003c/li\u003e\n\u003cli\u003eThere are just too many issues that were discovered during testing\u003c/li\u003e\n\u003cli\u003eThe plan is to continue using freebsd-update in the meantime, and introduce a pkg based upgrade mechanism in FreeBSD 11.1\u003c/li\u003e\n\u003cli\u003eWith the new support model for the FreeBSD 11 branch, 11.1 may come sooner than with previous major releases\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/internal/bylaws.html\" rel=\"nofollow\"\u003eFreeBSD Core Election\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt is time once again for the FreeBSD Core Election\u003c/li\u003e\n\u003cli\u003eApplication period begins: Wednesday, 18 May 2016 at 18:00:00 UTC\u003c/li\u003e\n\u003cli\u003eApplication period ends: Wednesday, 25 May 2016 at 18:00:00 UTC\u003c/li\u003e\n\u003cli\u003eVoting begins: Wednesday, 25 May 2016 at 18:00:00 UTC\u003c/li\u003e\n\u003cli\u003eVoting ends: Wednesday, 22 June 2016 at 18:00:00 UTC\u003c/li\u003e\n\u003cli\u003eResults announced Wednesday, 29 June 2016\u003c/li\u003e\n\u003cli\u003eNew core team takes office: Wednesday, 6 July 2016\u003c/li\u003e\n\u003cli\u003eAs of the time I was writing these notes, 3 hours before the application deadline, the candidates are:\u003c/li\u003e\n\u003cli\u003eAllan Jude: Filling in the potholes\u003c/li\u003e\n\u003cli\u003eMarcelo Araujo: We are not vampires, but we need new blood.\u003c/li\u003e\n\u003cli\u003eBaptiste Daroussin (incumbent): Keep on improving\u003c/li\u003e\n\u003cli\u003eBenedict Reuschling: Learn and Teach\u003c/li\u003e\n\u003cli\u003eBenno Rice: Revitalising The Community\u003c/li\u003e\n\u003cli\u003eDevin Teske: Here to help\u003c/li\u003e\n\u003cli\u003eEd Maste (incumbent): FreeBSD is people\u003c/li\u003e\n\u003cli\u003eGeorge V. Neville-Neil (incumbent): There is much to do…\u003c/li\u003e\n\u003cli\u003eHiroki Sato (incumbent): Keep up with our good community and technical strength\u003c/li\u003e\n\u003cli\u003eJohn Baldwin: Ready to work\u003c/li\u003e\n\u003cli\u003eJuli Mallett: Caring for community.\u003c/li\u003e\n\u003cli\u003eKris Moore: User-Focused\u003c/li\u003e\n\u003cli\u003eMathieu Arnold: Someone ask for fresh blood ?\u003c/li\u003e\n\u003cli\u003eOllivier Robert: Caring for the project and you, its developers\u003c/li\u003e\n\u003cli\u003eThe deadline for applications is around the time we finish recording the live show\u003c/li\u003e\n\u003cli\u003eWe welcome any of the candidates to schedule an interview in the next few weeks. We will make an attempt to hunt many of them down at BSDCan as well.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-May/249620.html\" rel=\"nofollow\"\u003eWayland/Weston with XWayland works on DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe haven’t talked a lot about Wayland on BSD recently (or much at all), but today we have a post from Peter to the dragonfly mailing list, detailing his experience with it.\u003c/li\u003e\n\u003cli\u003eSpecifically he talks about getting XWayland working, which provides the compat bits for native X applications to run on WayLand displays.\u003c/li\u003e\n\u003cli\u003eSo far on the working list of apps:\n“gtk3:\n\n\u003cul\u003e\n\u003cli\u003egedit\u003c/li\u003e\n\u003cli\u003enautilus\u003c/li\u003e\n\u003cli\u003eevince\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003exfce4:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003exfce4-terminal\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eatril\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003efirefox\u003c/li\u003e\n\u003cli\u003espyder\u003c/li\u003e\n\u003cli\u003escilab”\u003c/li\u003e\n\u003cli\u003eA pretty impressive list, although he said “chrome” failed with a seg-fault\u003c/li\u003e\n\u003cli\u003eThis is something I’m personally interested in. Now with the newer DRM bits landing in FreeBSD, perhaps it’s time for some further looking into Wayland.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.ca/2016/05/updating-broadcom-softmac-driver-bwn-or.html\" rel=\"nofollow\"\u003eBroadcom WiFi driver update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this blog post Adrian Chadd talks about his recent work on the bwn(4) driver for Broadcom WiFi chips\u003c/li\u003e\n\u003cli\u003eThis work has added support for a number of older 802.11g chips, including the one from 2009-era Macbooks\u003c/li\u003e\n\u003cli\u003eWork is ongoing, and the hope is to add 802.11n and 5ghz support as well\u003c/li\u003e\n\u003cli\u003eAdrian is mentoring a number of developers working on embedded or wifi related things, to try to increase the projects bandwidth in those areas\u003c/li\u003e\n\u003cli\u003eIf you are interested in driver development, or wifi internals, the blog post has lots of interesting details and covers the story of Adrian’s recent adventures in bringing the drivers up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://arxiv.org/abs/1605.05810\" rel=\"nofollow\"\u003eThe Design of the NetBSD I/O Subsystems (2002)\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ilsistemista.net/index.php/virtualization/47-zfs-btrfs-xfs-ext4-and-lvm-with-kvm-a-storage-performance-comparison.html?print=true\" rel=\"nofollow\"\u003eZFS, BTRFS, XFS, EXT4 and LVM with KVM – a storage performance comparison\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.freshports.org/lang/swift/\" rel=\"nofollow\"\u003eSwift added to FreeBSD Ports\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=146391388912602\u0026w=2\" rel=\"nofollow\"\u003emisc@openbsd: \u0026#39;NSA addition to ifconfig\u0026#39;\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://paperswelove.org/2015/video/ryan-zezeski-memory-by-the-slab/\" rel=\"nofollow\"\u003ePapers We Love: Memory by the Slab: The Tale of Bonwick\u0026#39;s Slab Allocator \u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/HRRyfxev\" rel=\"nofollow\"\u003e Lars - Poudriere\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/fESV1egk\" rel=\"nofollow\"\u003e Warren - .NET\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/kQecpA1X\" rel=\"nofollow\"\u003e Eddy - Sys Init\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/5096cGXr\" rel=\"nofollow\"\u003e Tim - ZFS Resources\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/rYr1CDcV\" rel=\"nofollow\"\u003e Morgan - Ports and Kernel\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we have an interview with Matthew Macy, who has some exciting news to share with us regarding the state of graphics","date_published":"2016-05-25T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/de687a92-fb4a-4af8-92f5-a8e5aeee2999.mp3","mime_type":"audio/mpeg","size_in_bytes":86056564,"duration_in_seconds":7171}]},{"id":"0a4f8b9a-8fcf-431a-9247-afadb21893c0","title":"142: Diving for BSD Perls","url":"https://www.bsdnow.tv/142","content_text":"This week on the show, we have all the latest news and stories! Plus an interview with BSD developer Alfred Perlstein, that you\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nThe May issus of BSDMag is now out\n\n\nGhostBSD\nReusing OpenBSD's arc4random in multi-threaded user space programs\nSecuring VPN's with GRE / Strongswan\nInstalling XFCE 4.12 on NetBSD 7\nInterview with Fernando Rodriguez, the co-founder of KeepCoding\n***\n\n\nA rundown of the FPT_WX_EXT.1 security reqiurement for General Purpose Operating Systems by the NSA\n\n\nNIST/NSA Validation Scheme Report \nThe SFR or Security Functional Requirement requires that; \"The OS shall prevent allocation of any memory region with both write and execute permissions except for [assignment: list of exceptions].\"\nWhile nearly all operating systems currently support the use of the NX bit, or the equivalent on processors such as SPARC and ARM, and will correctly mark the stack as non-executable, the fact remains that this in and of itself is deemed insufficient by NIST and NSA.\nOpenBSD 5.8, FreeBSD, Solaris, RHEL, and most other Linux distro have failed.\nHardenedBSD passes all three tests out of the box.\nNetBSD will do so with a single sysctl tweak. Since they are using the PaX model, anything else using PaX, such as a grsecurity-enabled Linux distribution pass these assurance activities as well.\nOpenBSD 5.9 does not allow memory mapping due to WX being enforced by the kernel, however the kernel will panic if there are any attempts to create such mappings.\n***\n\n\nDistroWatch reviews new features in FreeBSD 10.3\n\n\nDistroWatch did a review of FreeBSD 10.3\nThey ran into a few problems, but hopefully those can be fixed\nAn issue with beadm setting the canmount property incorrectly causing the ZFS BE menu to not work as expected should be resolved in the next version, thanks to a patch from kmoore\nThe limitations of the Linux 64 support are what they are, CentOS 6 is still fairly popular with enterprise software, but hopefully some folks are interested in working on bringing the syscall emulation forward\nIn a third issue, the reviewer seemed to have issues SSHing from inside the jail. This likely has to do with how they got a console in the jail. I remember having problems with this in the past, something about a secure console.\n***\n\n\nBSD Unix: Power to the people, from the code\n\n\nSalon.com has a very long article, chronicling much of the history behind BSD UNIX.\nIt starts with detailing the humble origins of BSD, starting with Bill Joy in the mid-70’s, and then goes through details on how it rapidly grew, and the influence that the University of Berkeley had on open-source. \n\n\n\n“But too much focus on Joy, a favorite target for business magazine hagiography, obscures the larger picture. Berkeley’s most important contribution was not software; it was the way Berkeley created software. At Berkeley, a small core group — never more than four people at any one time — coordinated the contributions of an ever-growing network of far-flung, mostly volunteer programmers into progressive releases of steadily improving software. In so doing, they codified a template for what is now referred to as the “open-source software development methodology.” Put more simply, the Berkeley hackers set up a system for creating free software.”\n\n\n\nThe article goes on to talk about some of the back and forth between Linux and BSD, and why Linux has captured more of the market in recent years, but BSD is far from throwing in the towel.\n\n\n\n“BSD patriots argue that the battle is far from over, that BSD is technically superior and will therefore win in the end. That’s for the future to determine. What’s indisputable is BSD’s contribution in the past. Even if, by 1975, Berkeley’s Free Speech Movement was a relic belonging to a fast-fading generation, on the fourth floor of Evans Hall, where Joy shared an office, the free-software movement was just beginning.”\n\n\n\nAn excellent article (If a bit long), but well worth your time to understand the origins of what we consider modern day BSD, and how the University of Berkley helped shape it.\n***\n\n\niXsystems\n\n\n#ServerEnvy: It's over 10,000 Terabytes! \n***\n\n\nInterview - Alfred Perlstein - alfred@freebsd.org / @splbio\n\n\nUsing BSD for projects\n***\n\n\nNews Roundup\n\n.NET framework ported to NetBSD\n\n\nThis pull request adds basic support for the .NET framework on NetBSD 7.x amd64\nIt includes documentation on how to get the .NET framework installed\nIt uses pkgsrc to bootstrap the required tools\npkgsrc-wip is used to get the actual .NET framework, as porting is still in progress\nThe .NET Core-CLR is now available for: FreeBSD, Linux, NetBSD, and OS X\n***\n\n\nOpenBSD SROP mitigation – call for testing\n\n\nA new technique for exploiting flaws in applications and operating systems has been developed, called SROP\n“we describe Sigreturn Oriented Programming (SROP), a novel technique for exploits and   backdoors in UNIX-like systems. Like return-oriented programming (ROP), sigreturn  oriented  programming  constructs  what  is  known  as a  ‘weird  machine’  that  can  be  programmed  by  attackers  to change  the  behavior  of  a  process.  To  program  the  machine, attackers  set  up  fake  signal  frames  and  initiate  returns  from signals that the kernel never really delivered. This is possible, because  UNIX  stores  signal  frames  on  the  process’  stack.”\n“Sigreturn oriented programming is interesting for attackers, OS  developers  and  academics.  For  attackers,  the  technique is  very  versatile,  with  pre-conditions  that  are  different  from those  of  existing  exploitation  techniques  like  ROP.  Moreover, unlike  ROP,  sigreturn  oriented  programming  programs  are portable. For OS developers, the technique presents a problem that has been present in one of the two main operating system families  from  its  inception,  while  the  fixes  (which  we  also present)  are  non-trivial.  From  a  more  academic  viewpoint,  it is  also  interesting  because  we  show  that  sigreturn  oriented programming  is  Turing  complete.”\nPaper describing SROP  \nOpenBSD has developed a mitigation against SROP\n“Utilizing a trick from kbind(2), the kernel now only accepts signal returns from the PC address of the sigreturn(2) syscall in the signal trampoline.  Since the signal trampoline page is randomized placed per process, it is only known by directly returning from a signal handler.”\n“As well, the sigcontext provided to sigreturn(2) now contains a magic cookie constructed from a per-process cookie XOR'd against the address of the signal context.”\nThis is just a draft of the patch, not yet considered production quality\n***\n\n\nRunning Tor in a NetBSD rump unikernel\n\n\nWe’ve talked about “rump” kernels before, and also Tor pretty frequently, but this new github project combines the two!\nSpecifically, this set of Makefile and scripts will prep a system to run Tor via the Unikernel through Qemu.\nThe script mainly describes how to do the initial setup on Linux, using iptables, but could easily be adapted to a BSD if somebody wants to do so. (Send them a pull request with the instructions!)\nAll in all, this is a fascinating way to run a Tor node or relay, in the most minimal operating environment possible.\n***\n\n\nAn update on SSH protocol 1 (\"we're most of the way towards fully deprecating SSH protocol 1\"\n\n\nDamien Miller has given us an update on the status of the “SSH protocol 1”, and the current plans to deprecate it in an upcoming version of openssh.\n\n\n\n“We've had this old protocol in various stages of deprecation for almost 10 years and it has been compile-time disabled for about a year.\nDownstream vendors, to their credit, have included this change in recent OS releases by shipping OpenSSH packages that disable protocol 1 by default and/or offering separate, non-default packages to enable it.\n\nThis seems to have proceeded far more smoothly than even my most optimistic hopes, so this gives us greater confidence that we can complete the removal of protocol 1 soon. We want to do this partly to hasten the demise of this cryptographic trainwreck, but also because doing so removes a lot of legacy code from OpenSSH that inflates our attack surface. Having it gone will make our jobs quite a bit easier as we maintain and refactor.”\n\n\n\nThe current time-line looks like removing server-size protocol 1 support this August after OpenSSH 7.4 is released, leaving client-side disabled.\nThen a year from now (June 2017) all protocol 1 code will be removed.\n\n\n\n\nBeastie Bits\n\n\nLast day to get your BSDNow Shirts! Order now, wear at BSDCan! \nMove local government (Austin TX) from Microsoft Windows (incl. Office) to Linux and/or PC-BSD \nPlan9 boot camp is back... and already at capacity. Another opportunity may come in September \nSmaller is better - building an openbsd based router \nBaby Unix \nSecurity Update for FreeBSD \u0026amp; Another security update for FreeBSD \n\n\n\n\nFeedback/Questions\n\n\n Eric - The iX experience \n Mike - Building Ports \n David - ZFS Backups \n James - BSD VPS \n Rich - ZFS Followup \n***\n","content_html":"\u003cp\u003eThis week on the show, we have all the latest news and stories! Plus an interview with BSD developer Alfred Perlstein, that you\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/download/reusing_openbsd/\" rel=\"nofollow\"\u003eThe May issus of BSDMag is now out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGhostBSD\u003c/li\u003e\n\u003cli\u003eReusing OpenBSD\u0026#39;s arc4random in multi-threaded user space programs\u003c/li\u003e\n\u003cli\u003eSecuring VPN\u0026#39;s with GRE / Strongswan\u003c/li\u003e\n\u003cli\u003eInstalling XFCE 4.12 on NetBSD 7\u003c/li\u003e\n\u003cli\u003eInterview with Fernando Rodriguez, the co-founder of KeepCoding\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.acumensecurity.net/fpt_wx_ext-1-a-rundown/\" rel=\"nofollow\"\u003eA rundown of the FPT_W\u003csup\u003eX_EXT.1\u003c/sup\u003e security reqiurement for General Purpose Operating Systems by the NSA\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.commoncriteriaportal.org/files/ppfiles/pp_os_v4.1-vr.pdf\" rel=\"nofollow\"\u003eNIST/NSA Validation Scheme Report\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThe SFR or Security Functional Requirement requires that; \u0026quot;The OS shall prevent allocation of any memory region with both write and execute permissions except for [assignment: list of exceptions].\u0026quot;\u003c/li\u003e\n\u003cli\u003eWhile nearly all operating systems currently support the use of the NX bit, or the equivalent on processors such as SPARC and ARM, and will correctly mark the stack as non-executable, the fact remains that this in and of itself is deemed insufficient by NIST and NSA.\u003c/li\u003e\n\u003cli\u003eOpenBSD 5.8, FreeBSD, Solaris, RHEL, and most other Linux distro have failed.\u003c/li\u003e\n\u003cli\u003eHardenedBSD passes all three tests out of the box.\u003c/li\u003e\n\u003cli\u003eNetBSD will do so with a single sysctl tweak. Since they are using the PaX model, anything else using PaX, such as a grsecurity-enabled Linux distribution pass these assurance activities as well.\u003c/li\u003e\n\u003cli\u003eOpenBSD 5.9 does not allow memory mapping due to W\u003csup\u003eX\u003c/sup\u003e being enforced by the kernel, however the kernel will panic if there are any attempts to create such mappings.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://distrowatch.com/weekly.php?issue=20160516#freebsd\" rel=\"nofollow\"\u003eDistroWatch reviews new features in FreeBSD 10.3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDistroWatch did a review of FreeBSD 10.3\u003c/li\u003e\n\u003cli\u003eThey ran into a few problems, but hopefully those can be fixed\u003c/li\u003e\n\u003cli\u003eAn issue with beadm setting the canmount property incorrectly causing the ZFS BE menu to not work as expected should be resolved in the next version, thanks to a patch from kmoore\u003c/li\u003e\n\u003cli\u003eThe limitations of the Linux 64 support are what they are, CentOS 6 is still fairly popular with enterprise software, but hopefully some folks are interested in working on bringing the syscall emulation forward\u003c/li\u003e\n\u003cli\u003eIn a third issue, the reviewer seemed to have issues SSHing from inside the jail. This likely has to do with how they got a console in the jail. I remember having problems with this in the past, something about a secure console.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.salon.com/2000/05/16/chapter_2_part_one/\" rel=\"nofollow\"\u003eBSD Unix: Power to the people, from the code\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSalon.com has a very long article, chronicling much of the history behind BSD UNIX.\u003c/li\u003e\n\u003cli\u003eIt starts with detailing the humble origins of BSD, starting with Bill Joy in the mid-70’s, and then goes through details on how it rapidly grew, and the influence that the University of Berkeley had on open-source. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“But too much focus on Joy, a favorite target for business magazine hagiography, obscures the larger picture. Berkeley’s most important contribution was not software; it was the way Berkeley created software. At Berkeley, a small core group — never more than four people at any one time — coordinated the contributions of an ever-growing network of far-flung, mostly volunteer programmers into progressive releases of steadily improving software. In so doing, they codified a template for what is now referred to as the “open-source software development methodology.” Put more simply, the Berkeley hackers set up a system for creating free software.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article goes on to talk about some of the back and forth between Linux and BSD, and why Linux has captured more of the market in recent years, but BSD is far from throwing in the towel.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“BSD patriots argue that the battle is far from over, that BSD is technically superior and will therefore win in the end. That’s for the future to determine. What’s indisputable is BSD’s contribution in the past. Even if, by 1975, Berkeley’s Free Speech Movement was a relic belonging to a fast-fading generation, on the fourth floor of Evans Hall, where Joy shared an office, the free-software movement was just beginning.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn excellent article (If a bit long), but well worth your time to understand the origins of what we consider modern day BSD, and how the University of Berkley helped shape it.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ixsystems.com\" rel=\"nofollow\"\u003eiXsystems\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/serverenvy-10000-terabytes/\" rel=\"nofollow\"\u003e#ServerEnvy: It\u0026#39;s over 10,000 Terabytes!\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Alfred Perlstein - \u003ca href=\"mailto:alfred@freebsd.org\" rel=\"nofollow\"\u003ealfred@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/splbio\" rel=\"nofollow\"\u003e@splbio\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsing BSD for projects\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/dotnet/coreclr/pull/4504/files\" rel=\"nofollow\"\u003e.NET framework ported to NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis pull request adds basic support for the .NET framework on NetBSD 7.x amd64\u003c/li\u003e\n\u003cli\u003eIt includes documentation on how to get the .NET framework installed\u003c/li\u003e\n\u003cli\u003eIt uses pkgsrc to bootstrap the required tools\u003c/li\u003e\n\u003cli\u003epkgsrc-wip is used to get the actual .NET framework, as porting is still in progress\u003c/li\u003e\n\u003cli\u003eThe .NET Core-CLR is now available for: FreeBSD, Linux, NetBSD, and OS X\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=146281531025185\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD SROP mitigation – call for testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new technique for exploiting flaws in applications and operating systems has been developed, called SROP\u003c/li\u003e\n\u003cli\u003e“we describe Sigreturn Oriented Programming (SROP), a novel technique for exploits and   backdoors in UNIX-like systems. Like return-oriented programming (ROP), sigreturn  oriented  programming  constructs  what  is  known  as a  ‘weird  machine’  that  can  be  programmed  by  attackers  to change  the  behavior  of  a  process.  To  program  the  machine, attackers  set  up  fake  signal  frames  and  initiate  returns  from signals that the kernel never really delivered. This is possible, because  UNIX  stores  signal  frames  on  the  process’  stack.”\u003c/li\u003e\n\u003cli\u003e“Sigreturn oriented programming is interesting for attackers, OS  developers  and  academics.  For  attackers,  the  technique is  very  versatile,  with  pre-conditions  that  are  different  from those  of  existing  exploitation  techniques  like  ROP.  Moreover, unlike  ROP,  sigreturn  oriented  programming  programs  are portable. For OS developers, the technique presents a problem that has been present in one of the two main operating system families  from  its  inception,  while  the  fixes  (which  we  also present)  are  non-trivial.  From  a  more  academic  viewpoint,  it is  also  interesting  because  we  show  that  sigreturn  oriented programming  is  Turing  complete.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.cs.vu.nl/%7Eherbertb/papers/srop_sp14.pdf\" rel=\"nofollow\"\u003ePaper describing SROP \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eOpenBSD has developed a mitigation against SROP\u003c/li\u003e\n\u003cli\u003e“Utilizing a trick from kbind(2), the kernel now only accepts signal returns from the PC address of the sigreturn(2) syscall in the signal trampoline.  Since the signal trampoline page is randomized placed per process, it is only known by directly returning from a signal handler.”\u003c/li\u003e\n\u003cli\u003e“As well, the sigcontext provided to sigreturn(2) now contains a magic cookie constructed from a per-process cookie XOR\u0026#39;d against the address of the signal context.”\u003c/li\u003e\n\u003cli\u003eThis is just a draft of the patch, not yet considered production quality\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/supradix/rumprun-packages/tree/33d9cc3a65a39e32b4bc8034c151a5d7e0b89f66/tor\" rel=\"nofollow\"\u003eRunning Tor in a NetBSD rump unikernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve talked about “rump” kernels before, and also Tor pretty frequently, but this new github project combines the two!\u003c/li\u003e\n\u003cli\u003eSpecifically, this set of Makefile and scripts will prep a system to run Tor via the Unikernel through Qemu.\u003c/li\u003e\n\u003cli\u003eThe script mainly describes how to do the initial setup on Linux, using iptables, but could easily be adapted to a BSD if somebody wants to do so. (Send them a pull request with the instructions!)\u003c/li\u003e\n\u003cli\u003eAll in all, this is a fascinating way to run a Tor node or relay, in the most minimal operating environment possible.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-May/035069.html\" rel=\"nofollow\"\u003eAn update on SSH protocol 1 (\u0026quot;we\u0026#39;re most of the way towards fully deprecating SSH protocol 1\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDamien Miller has given us an update on the status of the “SSH protocol 1”, and the current plans to deprecate it in an upcoming version of openssh.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“We\u0026#39;ve had this old protocol in various stages of deprecation for almost 10 years and it has been compile-time disabled for about a year.\u003cbr\u003e\nDownstream vendors, to their credit, have included this change in recent OS releases by shipping OpenSSH packages that disable protocol 1 by default and/or offering separate, non-default packages to enable it.\u003c/p\u003e\n\n\u003cp\u003eThis seems to have proceeded far more smoothly than even my most optimistic hopes, so this gives us greater confidence that we can complete the removal of protocol 1 soon. We want to do this partly to hasten the demise of this cryptographic trainwreck, but also because doing so removes a lot of legacy code from OpenSSH that inflates our attack surface. Having it gone will make our jobs quite a bit easier as we maintain and refactor.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eThe current time-line looks like removing server-size protocol 1 support this August after OpenSSH 7.4 is released, leaving client-side disabled.\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThen a year from now (June 2017) all protocol 1 code will be removed.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://teespring.com/bsdnow\" rel=\"nofollow\"\u003eLast day to get your BSDNow Shirts! Order now, wear at BSDCan!\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/atxhack4change/2016-project-proposals/issues/15\" rel=\"nofollow\"\u003eMove local government (Austin TX) from Microsoft Windows (incl. Office) to Linux and/or PC-BSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2016-May/016642.html\" rel=\"nofollow\"\u003ePlan9 boot camp is back... and already at capacity. Another opportunity may come in September\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://functionallyparanoid.com/2016/04/22/smaller-is-better/\" rel=\"nofollow\"\u003eSmaller is better - building an openbsd based router\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://i.redditmedia.com/KAjSscL9XOUdpIEWBQF1qi3QMr7zWgeETzQM6m3B4mY.jpg?w=1024\u0026s=e8c08a7d4c4cea0256adb69b1e7c1887\" rel=\"nofollow\"\u003eBaby Unix\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc\" rel=\"nofollow\"\u003eSecurity Update for FreeBSD\u003c/a\u003e \u0026amp; \u003ca href=\"https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc\" rel=\"nofollow\"\u003eAnother security update for FreeBSD\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ZknTuKGv\" rel=\"nofollow\"\u003e Eric - The iX experience\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/M760ZmHQ\" rel=\"nofollow\"\u003e Mike - Building Ports\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Pi0AFghV\" rel=\"nofollow\"\u003e David - ZFS Backups\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/EQ7envez\" rel=\"nofollow\"\u003e James - BSD VPS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/p0HPDisH\" rel=\"nofollow\"\u003e Rich - ZFS Followup\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we have all the latest news and stories! Plus an interview with BSD developer Alfred Perlstein, that you","date_published":"2016-05-18T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0a4f8b9a-8fcf-431a-9247-afadb21893c0.mp3","mime_type":"audio/mpeg","size_in_bytes":69742804,"duration_in_seconds":5811}]},{"id":"ce14c795-4c84-4fcb-962e-611036c7abfa","title":"141: BSD Likes Ike!","url":"https://www.bsdnow.tv/141","content_text":"This week on the show, we have all the latest news and stories! Plus we’ll be hearing more about OpnSense from the man himself, Ike!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nRegarding Embargoes\n\n\nOur buddy TedU has a great thought piece today on the idea of “embargoes” for security advisories. \nThis all stemmed from a recent incident with LibreSSL patches from embargoed OpenSSL vulns, that accidentally got committed too early. \nTed makes a pretty good case on the difficulties of having embargos, and maybe the reason there shouldn’t be. Couple of quotes to give you a taste:\n\n\n\n“There are several difficulties maintaining embargoes. Keeping secrets is against human nature. I don’t want to be the one who leaks, but if I see something that looks like the secret is out, it’s a relief to be able to speak freely. There is a bias towards recognizing such signs where they may not really exist. (Exacerbated by broad embargoes where some parts leak but other parts don’t. It’s actually very hard to tell what’s not publicly known when you know everything.)\n\nThe most thorough embargo and release timeline reconstruction is the heartbleed timeline. It’s another great case study. Who exactly decided who were the haves and have nots? Was it determined by who needed to know or who you needed to know? Eventually the dam started to crack.”\n\n“When Cloudflare brags that they get advance notice of vulnerabilities, attracting more customers, and therefore requiring even more early access, how are smaller players to compete? What happens if you’re not big enough to prenotify?\n\nSometimes vulnerabilities are announced unplanned. Zero day cyber missiles are part of our reality, which means end users don’t really have the luxury of only patching on Tuesday. They need to apply patches when they appear. If applying patches at inconvenient times is a problem, make it not a problem. Not really a gripe about embargoes per se, but the scheduled timing of coordinated release at the end of the embargo is catering to a problem that shouldn’t exist.”\n\n\n\nI will admit that CloudFlare bragging around Heartbleed was upsetting\nThe biggest issue here is the difficulty with coordinating so many open source projects, which are often done by volunteers, in different countries and time zones\nThe other issue is determining when the secret is “out of the bag”\n***\n\n\nMAJOR ABI BREAK: csu, ld.so, libc, libpthread update\n\n\nOpenBSD warns those following the -current (development) branch to be careful as they upgrade because of a major ABI break that will result in applications not working\n“Handling of single-threaded programs is now closer to multi-threaded, with ld.so and libc.a doing thread information base (TIB) allocation. Threaded programs from before the 2016/03/19 csu and ld.so update will no longer run. An updated ld.so must be built and installed before running make build.”\nA special note for those on PowerPC: “PowerPC has been updated to offset the TIB from the hardware register. As a result, all threaded programs are broken until they have been rebuilt with the new libc and libpthread. perl must be built after building the libraries and before building the rest of base.”\n“The definitions of environ and __progname for dynamically linked programs have been moved from the C startup code to ld.so(1). An updated ld.so must be built and installed before running make build.”\nThe link provides instructions on how to update your system properly\n***\n\n\nHow to install FreeBSD 10.3 on VMWare Workstation 12 Pro\n\n\nThis tutorial starts at the very basics, running through the FreeBSD installer\nBut then it goes on to configuring the machine specifically for VMWare\nAfter the system has been booted, the tutorial walks through installing the VMWare tools\nThen networking is configured in both VMWare and FreeBSD\nA small hack is required to make the VMWare tools startup script wait until the network is up\nA very nice tutorial for people using VMWare\nI am working on a patch to bsdinstall to ensure that the swap partition is put before the main partition, so it can more easily be resized if you later decide you need more space in your VM\nthe camcontrol reprobe subcommand has been added ,\n“This makes it possible to manually force updating capacity data after the disk got resized. Without it it might be necessary to reboot before FreeBSD notices updated disk size under eg VMWare.”\n***\n\n\nBSD Router project releases v1.59\n\n\nWe’ve talked about the BSD Router project a bit in the past, but today we have a brand new release to bring to you. \nFor those who don’t remember, the BSDrp is a router aimed at replacing more of your big-commercial type systems.\nFirst up in the new hotness, we have it based upon recently released FreeBSD 10.3!\nIn addition, there is a new package: New package: mlvpn (aggregated network links in order to benefit from the bandwidth of multiple links)\nOther packages have gotten a bump with this release as well: \n\n\nbsnmp-ucd to 0.4.2\ndma to 0.11\ndmidecode to 3.0\nexabgp to 3.4.15\niperf3 to 3.1.2\nmonit to 5.17\nmpd5 to 5.8\nopenvpn to 2.3.10\npython to 2.7.11\nquagga to 1.0.20160315\nstrongswan to 5.4.0\n\nWhat are you waiting for? Amd64 and i386 images are ready for you to download now. \n\n\n\n\nInterview - Isaac (.Ike) Levy -\n\n\nSee Ike again at SEMIBug in Troy, Michigan on May 17th \n***\n\n\nNews Roundup\n\nTredly - Prebuilt containers on FreeBSD\n\n\nDiscussion regarding its GPLv3 licensing\nA new “container” solution called “Trendly” has started making some news around various tech sites.\nIn particular, this new project uses FreeBSD as its base OS and jail functionality in the backend.\nTheir solution seems based around the idea of shipping containers as manifests, such as lists of packages to install and configuration knobs. \nThe project is still rather new, and we’ll be keeping an eye on it for the future.\nOne notable change already though, it was (for some reason) released under GPLv3. Understandably this caused quite a ruckus with various folks in the community, since it’s built specifically on BSD. Since this, the code has been re-licensed as MIT, which is far more in the spirit of a traditional BSD license. \n***\n\n\nNVMe driver added to NetBSD - ported from OpenBSD\n\n\nNetBSD has gained support for Non-Volatile Memory Express, the new standard for PCIe attached Flash Memory\nThe change of interface from SATA to NVMe offers a number of advantages, mostly, it doesn’t require the device to pretend to be a spinning disk\nOne of the biggest advantages is that it supports completing multiple operations at once, with the Intel hardware I have tested, 63 I/Os can happen concurrently, so a very large queue depth is required to keep the device busy. The 64th I/O channel is reserved for administrative commands, to keep them from being delayed by the large queue depth\nThe device I tested could read at 3800 MB/s, and write 1700MB/s, something that wouldn’t be possible with a normal SSD\nIt is interesting that NetBSD took the NVMe support from OpenBSD, whereas the FreeBSD implementation was contributed directly by Intel\nThis may have to do with that fact that OpenBSD’s device model is closer to that of NetBSD\nCommit Log  \n***\n\n\nNew BSDNow T-Shirts\n\n\nBy popular demand, we have created a more subtle BSDNow shirt\nFeaturing only the smallish BSDNow logo over the left breast\nAvailable in a number of styles (T-Shirt, Women’s T-Shirt, Long Sleeve, and Hoodie) as well as a number of colours: Black, Blue, Grey, and White\nThe hope is that enough orders come though so we can get them shipped in and your sweaty little hands in time for BSDCan. (I’ll be wearing mine, will you B...SD?)\nIf you still want one of our now-famous “The Usual BSD’s” t-shirts, you can also indicate your interest here, and once 10 or more shirts are ordered, a reprint will happen automatically \n***\n\n\nPC-BSD 11-CURRENT with Package Base\n\n\nLooking for a way to play with the new FreeBSD base package system?\nThis month’s PC-BSD -CURRENT image now used packages for base system installation, and is asking for testers to help find bugs.\nKnown issues so far: \n\n\nsetuid binaries (Fix in works)\nMissing tzone files\nDistrib packages\n\nIf all that doesn’t scare you away, then give it a whirl! Upgrades for previous APRIL images are now online also.\n***\n\n\nBeastieBits\n\n\nHardenedBSD + LibreSSL \nMichael Dexter's talk at LFNW 2016 is the 2nd highest youtube views from this years conference \nWhy OpenBSD is important to me \nStudy of nginx-1.9.12 performance/latency on DragonFlyBSD-g67a73 \nRunning FreeBSD / OpenBSD / NetBSD as a virtualised guest on Online.net \nThe interesting story of how IllumOS syscalls work  \nThe BeaST is the FreeBSD based dual-controller reliable storage system concept with aim to implement ZFS and in-memory cache. \nFrancois Tigeot updates the drm/i915 driver to match what’s in Linux kernel 4.3 \nFreeBSD is working on the update to Linux Kernel 4.6, we may finally get ahead of Dragonfly!  \n\n\n\n\nFeedback/Questions\n\n\n Oskar - Torrent Jail \n Shane - ZFS Delete \n Adam - Zimbra Port \n Ray - PC-BSD - FrameBuffer \n Richard - ZFS Backups \n***\n","content_html":"\u003cp\u003eThis week on the show, we have all the latest news and stories! Plus we’ll be hearing more about OpnSense from the man himself, Ike!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/regarding-embargoes\" rel=\"nofollow\"\u003eRegarding Embargoes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy TedU has a great thought piece today on the idea of “embargoes” for security advisories. \u003c/li\u003e\n\u003cli\u003eThis all stemmed from a recent incident with LibreSSL patches from embargoed OpenSSL vulns, that accidentally got committed too early. \u003c/li\u003e\n\u003cli\u003eTed makes a pretty good case on the difficulties of having embargos, and maybe the reason there shouldn’t be. Couple of quotes to give you a taste:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“There are several difficulties maintaining embargoes. Keeping secrets is against human nature. I don’t want to be the one who leaks, but if I see something that looks like the secret is out, it’s a relief to be able to speak freely. There is a bias towards recognizing such signs where they may not really exist. (Exacerbated by broad embargoes where some parts leak but other parts don’t. It’s actually very hard to tell what’s not publicly known when you know everything.)\u003c/p\u003e\n\n\u003cp\u003eThe most thorough embargo and release timeline reconstruction is the heartbleed timeline. It’s another great case study. Who exactly decided who were the haves and have nots? Was it determined by who needed to know or who you needed to know? Eventually the dam started to crack.”\u003c/p\u003e\n\n\u003cp\u003e“When Cloudflare brags that they get advance notice of vulnerabilities, attracting more customers, and therefore requiring even more early access, how are smaller players to compete? What happens if you’re not big enough to prenotify?\u003c/p\u003e\n\n\u003cp\u003eSometimes vulnerabilities are announced unplanned. Zero day cyber missiles are part of our reality, which means end users don’t really have the luxury of only patching on Tuesday. They need to apply patches when they appear. If applying patches at inconvenient times is a problem, make it not a problem. Not really a gripe about embargoes per se, but the scheduled timing of coordinated release at the end of the embargo is catering to a problem that shouldn’t exist.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eI will admit that CloudFlare bragging around Heartbleed was upsetting\u003c/li\u003e\n\u003cli\u003eThe biggest issue here is the difficulty with coordinating so many open source projects, which are often done by volunteers, in different countries and time zones\u003c/li\u003e\n\u003cli\u003eThe other issue is determining when the secret is “out of the bag”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/faq/current.html#r20160507\" rel=\"nofollow\"\u003eMAJOR ABI BREAK: csu, ld.so, libc, libpthread update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD warns those following the -current (development) branch to be careful as they upgrade because of a major ABI break that will result in applications not working\u003c/li\u003e\n\u003cli\u003e“Handling of single-threaded programs is now closer to multi-threaded, with ld.so and libc.a doing thread information base (TIB) allocation. Threaded programs from before the 2016/03/19 csu and ld.so update will no longer run. An updated ld.so must be built and installed before running make build.”\u003c/li\u003e\n\u003cli\u003eA special note for those on PowerPC: “PowerPC has been updated to offset the TIB from the hardware register. As a result, all threaded programs are broken until they have been rebuilt with the new libc and libpthread. perl must be built after building the libraries and before building the rest of base.”\u003c/li\u003e\n\u003cli\u003e“The definitions of environ and __progname for dynamically linked programs have been moved from the C startup code to ld.so(1). An updated ld.so must be built and installed before running make build.”\u003c/li\u003e\n\u003cli\u003eThe link provides instructions on how to update your system properly\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://random-notes-of-a-sysadmin.blogspot.be/2016/04/howto-install-freebsd-103-on-vmware.html\" rel=\"nofollow\"\u003eHow to install FreeBSD 10.3 on VMWare Workstation 12 Pro\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis tutorial starts at the very basics, running through the FreeBSD installer\u003c/li\u003e\n\u003cli\u003eBut then it goes on to configuring the machine specifically for VMWare\u003c/li\u003e\n\u003cli\u003eAfter the system has been booted, the tutorial walks through installing the VMWare tools\u003c/li\u003e\n\u003cli\u003eThen networking is configured in both VMWare and FreeBSD\u003c/li\u003e\n\u003cli\u003eA small hack is required to make the VMWare tools startup script wait until the network is up\u003c/li\u003e\n\u003cli\u003eA very nice tutorial for people using VMWare\u003c/li\u003e\n\u003cli\u003eI am working on a patch to bsdinstall to ensure that the swap partition is put before the main partition, so it can more easily be resized if you later decide you need more space in your VM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=299371\" rel=\"nofollow\"\u003ethe camcontrol reprobe subcommand has been added \u003c/a\u003e,\u003c/li\u003e\n\u003cli\u003e“This makes it possible to manually force updating capacity data after the disk got resized. Without it it might be necessary to reboot before FreeBSD notices updated disk size under eg VMWare.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.59/\" rel=\"nofollow\"\u003eBSD Router project releases v1.59\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve talked about the BSD Router project a bit in the past, but today we have a brand new release to bring to you. \u003c/li\u003e\n\u003cli\u003eFor those who don’t remember, the BSDrp is a router aimed at replacing more of your big-commercial type systems.\u003c/li\u003e\n\u003cli\u003eFirst up in the new hotness, we have it based upon recently released FreeBSD 10.3!\u003c/li\u003e\n\u003cli\u003eIn addition, there is a new package: New package: mlvpn (aggregated network links in order to benefit from the bandwidth of multiple links)\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOther packages have gotten a bump with this release as well: \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ebsnmp-ucd to 0.4.2\u003c/li\u003e\n\u003cli\u003edma to 0.11\u003c/li\u003e\n\u003cli\u003edmidecode to 3.0\u003c/li\u003e\n\u003cli\u003eexabgp to 3.4.15\u003c/li\u003e\n\u003cli\u003eiperf3 to 3.1.2\u003c/li\u003e\n\u003cli\u003emonit to 5.17\u003c/li\u003e\n\u003cli\u003empd5 to 5.8\u003c/li\u003e\n\u003cli\u003eopenvpn to 2.3.10\u003c/li\u003e\n\u003cli\u003epython to 2.7.11\u003c/li\u003e\n\u003cli\u003equagga to 1.0.20160315\u003c/li\u003e\n\u003cli\u003estrongswan to 5.4.0\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWhat are you waiting for? Amd64 and i386 images are ready for you to download now. \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Isaac (.Ike) Levy -\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://semibug.org/\" rel=\"nofollow\"\u003eSee Ike again at SEMIBug in Troy, Michigan on May 17th\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/tredly/\" rel=\"nofollow\"\u003eTredly - Prebuilt containers on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/4gggw8/introducing_tredly_containers_for_unix_freebsd/\" rel=\"nofollow\"\u003eDiscussion regarding its GPLv3 licensing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA new “container” solution called “Trendly” has started making some news around various tech sites.\u003c/li\u003e\n\u003cli\u003eIn particular, this new project uses FreeBSD as its base OS and jail functionality in the backend.\u003c/li\u003e\n\u003cli\u003eTheir solution seems based around the idea of shipping containers as manifests, such as lists of packages to install and configuration knobs. \u003c/li\u003e\n\u003cli\u003eThe project is still rather new, and we’ll be keeping an eye on it for the future.\u003c/li\u003e\n\u003cli\u003eOne notable change already though, it was (for some reason) released under GPLv3. Understandably this caused quite a ruckus with various folks in the community, since it’s built specifically on BSD. Since this, the code has been re-licensed as MIT, which is far more in the spirit of a traditional BSD license. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netbsd.org/changes/changes-8.0.html#nvme%284%29\" rel=\"nofollow\"\u003eNVMe driver added to NetBSD - ported from OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD has gained support for Non-Volatile Memory Express, the new standard for PCIe attached Flash Memory\u003c/li\u003e\n\u003cli\u003eThe change of interface from SATA to NVMe offers a number of advantages, mostly, it doesn’t require the device to pretend to be a spinning disk\u003c/li\u003e\n\u003cli\u003eOne of the biggest advantages is that it supports completing multiple operations at once, with the Intel hardware I have tested, 63 I/Os can happen concurrently, so a very large queue depth is required to keep the device busy. The 64th I/O channel is reserved for administrative commands, to keep them from being delayed by the large queue depth\u003c/li\u003e\n\u003cli\u003eThe device I tested could read at 3800 MB/s, and write 1700MB/s, something that wouldn’t be possible with a normal SSD\u003c/li\u003e\n\u003cli\u003eIt is interesting that NetBSD took the NVMe support from OpenBSD, whereas the FreeBSD implementation was contributed directly by Intel\u003c/li\u003e\n\u003cli\u003eThis may have to do with that fact that OpenBSD’s device model is closer to that of NetBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2016/05/01/msg074367.html\" rel=\"nofollow\"\u003eCommit Log \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://teespring.com/bsdnow\" rel=\"nofollow\"\u003eNew BSDNow T-Shirts\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBy popular demand, we have created a more subtle BSDNow shirt\u003c/li\u003e\n\u003cli\u003eFeaturing only the smallish BSDNow logo over the left breast\u003c/li\u003e\n\u003cli\u003eAvailable in a number of styles (T-Shirt, Women’s T-Shirt, Long Sleeve, and Hoodie) as well as a number of colours: Black, Blue, Grey, and White\u003c/li\u003e\n\u003cli\u003eThe hope is that enough orders come though so we can get them shipped in and your sweaty little hands in time for BSDCan. (I’ll be wearing mine, will you B...SD?)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://teespring.com/bsd105\" rel=\"nofollow\"\u003eIf you still want one of our now-famous “The Usual BSD’s” t-shirts, you can also indicate your interest here, and once 10 or more shirts are ordered, a reprint will happen automatically\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.pcbsd.org/pipermail/testing/2016-May/010616.html\" rel=\"nofollow\"\u003ePC-BSD 11-CURRENT with Package Base\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for a way to play with the new FreeBSD base package system?\u003c/li\u003e\n\u003cli\u003eThis month’s PC-BSD -CURRENT image now used packages for base system installation, and is asking for testers to help find bugs.\u003c/li\u003e\n\u003cli\u003eKnown issues so far: \n\n\u003cul\u003e\n\u003cli\u003esetuid binaries (Fix in works)\u003c/li\u003e\n\u003cli\u003eMissing tzone files\u003c/li\u003e\n\u003cli\u003eDistrib packages\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eIf all that doesn’t scare you away, then give it a whirl! Upgrades for previous APRIL images are now online also.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastieBits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2016-05-05/libressl-hardenedbsd-base\" rel=\"nofollow\"\u003eHardenedBSD + LibreSSL\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=6k1Mf0c6YW8\" rel=\"nofollow\"\u003eMichael Dexter\u0026#39;s talk at LFNW 2016 is the 2nd highest youtube views from this years conference\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://ggr.com/why-openbsd-is-important-to-me.html\" rel=\"nofollow\"\u003eWhy OpenBSD is important to me\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-May/249581.html\" rel=\"nofollow\"\u003eStudy of nginx-1.9.12 performance/latency on DragonFlyBSD-g67a73\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.geeklan.co.uk/?p=2109\" rel=\"nofollow\"\u003eRunning FreeBSD / OpenBSD / NetBSD as a virtualised guest on Online.net\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://zinascii.com/2016/the-illumos-syscall-handler.html\" rel=\"nofollow\"\u003eThe interesting story of how IllumOS syscalls work \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://mezzantrop.wordpress.com/portfolio/the-beast/\" rel=\"nofollow\"\u003eThe BeaST is the FreeBSD based dual-controller reliable storage system concept with aim to implement ZFS and in-memory cache.\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-May/500352.html\" rel=\"nofollow\"\u003eFrancois Tigeot updates the drm/i915 driver to match what’s in Linux kernel 4.3\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/ed_maste/status/730450314889924608\" rel=\"nofollow\"\u003eFreeBSD is working on the update to Linux Kernel 4.6, we may finally get ahead of Dragonfly! \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/RT7tVtQ7\" rel=\"nofollow\"\u003e Oskar - Torrent Jail\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/VkpMeims\" rel=\"nofollow\"\u003e Shane - ZFS Delete\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/MmQ00Sv1\" rel=\"nofollow\"\u003e Adam - Zimbra Port\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/Xx9TkX7A\" rel=\"nofollow\"\u003e Ray - PC-BSD - FrameBuffer\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ncYxqpg3\" rel=\"nofollow\"\u003e Richard - ZFS Backups\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we have all the latest news and stories! Plus we’ll be hearing more about OpnSense from the man himself, Ike!","date_published":"2016-05-11T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ce14c795-4c84-4fcb-962e-611036c7abfa.mp3","mime_type":"audio/mpeg","size_in_bytes":72815476,"duration_in_seconds":6067}]},{"id":"2f09a59d-90ec-4052-a4ef-e41c1eaac3be","title":"140: Tracing it back to BSD","url":"https://www.bsdnow.tv/140","content_text":"This week on BSDNow, Allan is back in down from Europe! We’ll get to hear some of his wrap-up and get caught up on the latest BSD\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD Quarterly Report\n\n\nThis quarterly status report starts with a rather interesting introduction by Warren Block\nASLR\nPorting CEPH to FreeBSD\nRCTL I/O Rate Limiting\nThe Graphics Stack on FreeBSD (Haswell is in, work is progressing on the next update)\nCAM I/O Scheduler\nNFS Server updates, working around the 16 group limit, and implementing pNFS, allowing NFS to scale beyond a single server\nStatic Analysis of the FreeBSD Kernel with PVS Studio\nPCI-express HotPlug\nGitLab Port committed!\nWITH_FAST_DEPEND and other improvements to the FreeBSD build system\nLots of other interesting stuff\n***\n\n\nA Prog By Any Other Name\n\n\nTed Unangst looks at what goes into the name of a program\n“Sometimes two similar programs are really the same program with two names. For example, grep and egrep are two commands that perform very similar functions and are therefore implemented as a single program. Running ls -i and observing the inode number of each file will reveal that there is only one file. Calling the program egrep is a shorthand for -E and does the same thing.”\nSo BSD provides __progname in libc, so a program can tell what its name is\nBut, what if it has more than one name?\n“In fact, every program has three names: its name in the filesystem, the name it has been invoked with, and whatever it believes its own name to be.”\nOf course it is not that easy. \n“there’s another set of choices for each name, the full path and the basename”\n“It’s even possible on some systems for argv[0] to be NULL.”\nHe then goes on to rename doas (the OpenBSD light replacement for sudo) to banana and discuss what happens\n“On that note, another possible bug is to realize that syslog by default uses progname. A user may be able to evade log monitoring by invoking doas with a different name. (Just fixed.)”\nAnother interesting article from our friend Ted\n***\n\n\nFreeBSD and NetBSD   Google Summer of Code projects have been announced\n\n\nSome FreeBSD highlights:\n\n\nAdd SCSI passthrough to CTL (share an optical drive via iSCSI)\nAdd USB target mode driver based on CTL (share a USB device via iSCSI)\nAPI to link created /dev entries to sysctl nodes\nImplement Ethernet Ring Protection Switching (ERPS)\nHD Audio device model in userspace for bhyve\n\nSome NetBSD highlights:\n\n\nImplement Ext4fs support in ReadOnly mode\nNPF and blacklistd web interface\nPort U-Boot so it can be compiled on NetBSD\nSplit debug symbols for pkgsrc builds\n***\n\n\n\nlibressl - more vague priomises\n\n\nWe haven’t had a Ted U article on the show as of late, however this week we get several! In his next entry “LibreSSL, more vague promises”\nHe then goes into some detail on what has happened with LibreSSL in the past while, as well as future plans going forward. \n“With an eye to the future, what new promises can we make? Some time ago I joked that we only promised to make a better TLS implementation, not a better TLS. Remains true, but fortunately there are people working on that, too. TLS 1.3 support is on the short term watchlist. The good news is we may be ahead of the game, having already removed compression. How much more work can there be?”\n“LibreSSL integrated the draft chacha20-poly1305 construction from BoringSSL. The IETF has since standardized a slightly different version because if it were the same it wouldn’t be different. Support for standard variant, and the beginning of deprecation for the existing code, should be landing very shortly. Incidentally, some people got bent out of shape because shipping chacha20 meant exposing non IANA approved numbers to Internet. No promises that won’t happen again.”\n***\n\n\nInterview - Samy Al Bahra - @0xF390\n\n\nBacktrace\n***\n\n\nNews Roundup\n\nsystrace(1) is removed for OpenBSD 6.0\n\n\nOpenBSD has removed systrace, an older mechanism for limiting what syscalls an application can make\nIt is mostly replaced by the pledge() system\nOpenBSD was the first implementation, most others have been unmaintained for some time\nThe last reported Linux version was for kernel 2.6.1\nNetBSD removed systrace in 2007\n***\n\n\npfSense Video Series: Comprehensive Guide To pfSense 2.3\n\n\nA series of videos (11 so far), about pfSense\nCovers Why you would use it, how to pick your hardware, and installation\nThen the series covers some networking basics, to make sure you are up to speed before configuring your pfSense\nThen a comprehensive tour of the WebUI\nThen goes on to cover graphing, backing up and restoring configuration\nThere are also videos on running DHCP, NTP, and DNS servers\n***\n\n\nDuckDuckGo announces its 2016 FOSS Donations \n\n\nThe theme is “raising the standard of trust online”\nSupported projects include:\nOpenBSD Foundation announces DuckDuckGo as a Gold Sponsor\nthe Freedom of the Press Foundation for SecureDrop\nthe Freenet Project\nthe CrypTech Project\nthe Tor Project\nFight for the Future for Save Security\nOpen Source Technology Improvement Fund for VeraCrypt (based on TrueCrypt)\nRiseup Labs for LEAP (LEAP Encryption Access Project)\nGPGTools for GPGMail\n***\n\n\nLarry the BSD Guy hangs up his hat at FOSS Force\n\n\nAfter 15 years, Larry the BSD Guy has decided to hang it up, and walk into the sunset! (Figuratively of course)\nAfter wrapping up coverage of recent LinuxFest NorthWest (Which he didn’t attend), Larry has decided it’s time for a change and is giving up his column over at FOSS Force, as well as stepping away from all things technical. \nHis last write-up is a good one, and he has some nice plugs for both Dru Lavigne and Michael Dexter of the BSD community. \nHe will be missed, but we wish him all the luck with the future! He also puts out the plug that FOSS Force will be needing a new columnist in the near future, so if you are interested please let them know!\n***\n\n\nBeastie Bits\n\n\nIf you sponsored “FreeBSD Mastery: Advanced ZFS”, check your mail box  \npkg-1.7.0 is an order of magnitude slower than pkg-1.6.4 -- Caused by a problem not in pkg\nLinuxFest Northwest 2016 Recap \nDru Lavigne's 'Doc like an Egyption' talk from LFNW \nMichael Dexters' 'Switching to BSD from Linux' talk from LFNW \nMichael Dexters' 'Secrets to enduring user groups' talk from LFNW \nJanuary issue of Freebsd Journal online for free\nGhost BSD releases 10.3 Alpha1 for testing \nEuroBSDcon 2016 - Call for Papers - Dealine: May 8th\nKnoxBUG Initial Meeting \nPhotos, slides, and videos from the Open Source Data Center Conference \n*** \n\n\nFeedback/Questions\n\n\n Mohammad - Replication \n John - Rolling new packages \nClint - Unicast \n Bill - GhostBSD \n Charles - BSD Videos \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, Allan is back in down from Europe! We’ll get to hear some of his wrap-up and get caught up on the latest BSD\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freebsd.org/news/status/report-2016-01-2016-03.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis quarterly status report starts with a rather interesting introduction by Warren Block\u003c/li\u003e\n\u003cli\u003eASLR\u003c/li\u003e\n\u003cli\u003ePorting CEPH to FreeBSD\u003c/li\u003e\n\u003cli\u003eRCTL I/O Rate Limiting\u003c/li\u003e\n\u003cli\u003eThe Graphics Stack on FreeBSD (Haswell is in, work is progressing on the next update)\u003c/li\u003e\n\u003cli\u003eCAM I/O Scheduler\u003c/li\u003e\n\u003cli\u003eNFS Server updates, working around the 16 group limit, and implementing pNFS, allowing NFS to scale beyond a single server\u003c/li\u003e\n\u003cli\u003eStatic Analysis of the FreeBSD Kernel with PVS Studio\u003c/li\u003e\n\u003cli\u003ePCI-express HotPlug\u003c/li\u003e\n\u003cli\u003eGitLab Port committed!\u003c/li\u003e\n\u003cli\u003eWITH_FAST_DEPEND and other improvements to the FreeBSD build system\u003c/li\u003e\n\u003cli\u003eLots of other interesting stuff\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/a-prog-by-any-other-name\" rel=\"nofollow\"\u003eA Prog By Any Other Name\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst looks at what goes into the name of a program\u003c/li\u003e\n\u003cli\u003e“Sometimes two similar programs are really the same program with two names. For example, grep and egrep are two commands that perform very similar functions and are therefore implemented as a single program. Running ls -i and observing the inode number of each file will reveal that there is only one file. Calling the program egrep is a shorthand for -E and does the same thing.”\u003c/li\u003e\n\u003cli\u003eSo BSD provides __progname in libc, so a program can tell what its name is\u003c/li\u003e\n\u003cli\u003eBut, what if it has more than one name?\u003c/li\u003e\n\u003cli\u003e“In fact, every program has three names: its name in the filesystem, the name it has been invoked with, and whatever it believes its own name to be.”\u003c/li\u003e\n\u003cli\u003eOf course it is not that easy. \u003c/li\u003e\n\u003cli\u003e“there’s another set of choices for each name, the full path and the basename”\u003c/li\u003e\n\u003cli\u003e“It’s even possible on some systems for argv[0] to be NULL.”\u003c/li\u003e\n\u003cli\u003eHe then goes on to rename doas (the OpenBSD light replacement for sudo) to banana and discuss what happens\u003c/li\u003e\n\u003cli\u003e“On that note, another possible bug is to realize that syslog by default uses progname. A user may be able to evade log monitoring by invoking doas with a different name. (Just fixed.)”\u003c/li\u003e\n\u003cli\u003eAnother interesting article from our friend Ted\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://summerofcode.withgoogle.com/organizations/4892834293350400/\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e and \u003ca href=\"https://summerofcode.withgoogle.com/organizations/6246531984261120/\" rel=\"nofollow\"\u003eNetBSD\u003c/a\u003e   Google Summer of Code projects have been announced\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome FreeBSD highlights:\n\n\u003cul\u003e\n\u003cli\u003eAdd SCSI passthrough to CTL (share an optical drive via iSCSI)\u003c/li\u003e\n\u003cli\u003eAdd USB target mode driver based on CTL (share a USB device via iSCSI)\u003c/li\u003e\n\u003cli\u003eAPI to link created /dev entries to sysctl nodes\u003c/li\u003e\n\u003cli\u003eImplement Ethernet Ring Protection Switching (ERPS)\u003c/li\u003e\n\u003cli\u003eHD Audio device model in userspace for bhyve\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eSome NetBSD highlights:\n\n\u003cul\u003e\n\u003cli\u003eImplement Ext4fs support in ReadOnly mode\u003c/li\u003e\n\u003cli\u003eNPF and blacklistd web interface\u003c/li\u003e\n\u003cli\u003ePort U-Boot so it can be compiled on NetBSD\u003c/li\u003e\n\u003cli\u003eSplit debug symbols for pkgsrc builds\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/libressl-more-vague-promises\" rel=\"nofollow\"\u003elibressl - more vague priomises\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe haven’t had a Ted U article on the show as of late, however this week we get several! In his next entry “LibreSSL, more vague promises”\u003c/li\u003e\n\u003cli\u003eHe then goes into some detail on what has happened with LibreSSL in the past while, as well as future plans going forward. \u003c/li\u003e\n\u003cli\u003e“With an eye to the future, what new promises can we make? Some time ago I joked that we only promised to make a better TLS implementation, not a better TLS. Remains true, but fortunately there are people working on that, too. TLS 1.3 support is on the short term watchlist. The good news is we may be ahead of the game, having already removed compression. How much more work can there be?”\u003c/li\u003e\n\u003cli\u003e“LibreSSL integrated the draft chacha20-poly1305 construction from BoringSSL. The IETF has since standardized a slightly different version because if it were the same it wouldn’t be different. Support for standard variant, and the beginning of deprecation for the existing code, should be landing very shortly. Incidentally, some people got bent out of shape because shipping chacha20 meant exposing non IANA approved numbers to Internet. No promises that won’t happen again.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Samy Al Bahra - \u003ca href=\"https://twitter.com/0xF390\" rel=\"nofollow\"\u003e@0xF390\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBacktrace\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=146161167911029\u0026w=2\" rel=\"nofollow\"\u003esystrace(1) is removed for OpenBSD 6.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has removed systrace, an older mechanism for limiting what syscalls an application can make\u003c/li\u003e\n\u003cli\u003eIt is mostly replaced by the pledge() system\u003c/li\u003e\n\u003cli\u003eOpenBSD was the first implementation, most others have been unmaintained for some time\u003c/li\u003e\n\u003cli\u003eThe last reported Linux version was for kernel 2.6.1\u003c/li\u003e\n\u003cli\u003eNetBSD removed systrace in 2007\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLE726R7YUJTePGvo0Zga2juUBxxFTH4Bk\" rel=\"nofollow\"\u003epfSense Video Series: Comprehensive Guide To pfSense 2.3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA series of videos (11 so far), about pfSense\u003c/li\u003e\n\u003cli\u003eCovers Why you would use it, how to pick your hardware, and installation\u003c/li\u003e\n\u003cli\u003eThen the series covers some networking basics, to make sure you are up to speed before configuring your pfSense\u003c/li\u003e\n\u003cli\u003eThen a comprehensive tour of the WebUI\u003c/li\u003e\n\u003cli\u003eThen goes on to cover graphing, backing up and restoring configuration\u003c/li\u003e\n\u003cli\u003eThere are also videos on running DHCP, NTP, and DNS servers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://duck.co/blog/post/303/2016-foss-donations-announcement\" rel=\"nofollow\"\u003eDuckDuckGo announces its 2016 FOSS Donations \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe theme is “raising the standard of trust online”\u003c/li\u003e\n\u003cli\u003eSupported projects include:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160503085227\u0026mode=expanded\" rel=\"nofollow\"\u003eOpenBSD Foundation announces DuckDuckGo as a Gold Sponsor\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe Freedom of the Press Foundation for SecureDrop\u003c/li\u003e\n\u003cli\u003ethe Freenet Project\u003c/li\u003e\n\u003cli\u003ethe CrypTech Project\u003c/li\u003e\n\u003cli\u003ethe Tor Project\u003c/li\u003e\n\u003cli\u003eFight for the Future for Save Security\u003c/li\u003e\n\u003cli\u003eOpen Source Technology Improvement Fund for VeraCrypt (based on TrueCrypt)\u003c/li\u003e\n\u003cli\u003eRiseup Labs for LEAP (LEAP Encryption Access Project)\u003c/li\u003e\n\u003cli\u003eGPGTools for GPGMail\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://fossforce.com/2016/04/bsd-linuxfest-northwest/\" rel=\"nofollow\"\u003eLarry the BSD Guy hangs up his hat at FOSS Force\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter 15 years, Larry the BSD Guy has decided to hang it up, and walk into the sunset! (Figuratively of course)\u003c/li\u003e\n\u003cli\u003eAfter wrapping up coverage of recent LinuxFest NorthWest (Which he didn’t attend), Larry has decided it’s time for a change and is giving up his column over at FOSS Force, as well as stepping away from all things technical. \u003c/li\u003e\n\u003cli\u003eHis last write-up is a good one, and he has some nice plugs for both Dru Lavigne and Michael Dexter of the BSD community. \u003c/li\u003e\n\u003cli\u003eHe will be missed, but we wish him all the luck with the future! He also puts out the plug that FOSS Force will be needing a new columnist in the near future, so if you are interested please let them know!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2648\" rel=\"nofollow\"\u003eIf you sponsored “FreeBSD Mastery: Advanced ZFS”, check your mail box \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=freebsd-ports\u0026m=146001143408868\u0026w=2\" rel=\"nofollow\"\u003epkg-1.7.0 is an order of magnitude slower than pkg-1.6.4\u003c/a\u003e -- Caused by a problem not in pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/blog/linuxfest-northwest-2016/\" rel=\"nofollow\"\u003eLinuxFest Northwest 2016 Recap\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.linuxfestnorthwest.org/2016/sessions/doc-egyptian\" rel=\"nofollow\"\u003eDru Lavigne\u0026#39;s \u0026#39;Doc like an Egyption\u0026#39; talk from LFNW\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.linuxfestnorthwest.org/2016/sessions/devil-details-switching-bsd-linux\" rel=\"nofollow\"\u003eMichael Dexters\u0026#39; \u0026#39;Switching to BSD from Linux\u0026#39; talk from LFNW\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.linuxfestnorthwest.org/2016/sessions/20-year-and-counting-secrets-enduring-user-groups\" rel=\"nofollow\"\u003eMichael Dexters\u0026#39; \u0026#39;Secrets to enduring user groups\u0026#39; talk from LFNW\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdfoundation.org/journal/\" rel=\"nofollow\"\u003eJanuary issue of Freebsd Journal online for free\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://ghostbsd.org/10.3_alpha1\" rel=\"nofollow\"\u003eGhost BSD releases 10.3 Alpha1 for testing\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsdnews.com/2016/04/15/eurobsdcon-2016-call-for-papers/\" rel=\"nofollow\"\u003eEuroBSDcon 2016 - Call for Papers - Dealine: May 8th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.knoxbug.org/content/knoxbug-maiden-voyage\" rel=\"nofollow\"\u003eKnoxBUG Initial Meeting\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.netways.de/en/events_trainings/osdc/archive/osdc2016/\" rel=\"nofollow\"\u003ePhotos, slides, and videos from the Open Source Data Center Conference \u003c/a\u003e\n*** \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/KDnyWf6Y\" rel=\"nofollow\"\u003e Mohammad - Replication\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/mAbRwbEF\" rel=\"nofollow\"\u003e John - Rolling new packages\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/BNa6pyir\" rel=\"nofollow\"\u003eClint - Unicast\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/KDjS2Hxa\" rel=\"nofollow\"\u003e Bill - GhostBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ABUUtzWM\" rel=\"nofollow\"\u003e Charles - BSD Videos\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, Allan is back in down from Europe! We’ll get to hear some of his wrap-up and get caught up on the latest BSD","date_published":"2016-05-04T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2f09a59d-90ec-4052-a4ef-e41c1eaac3be.mp3","mime_type":"audio/mpeg","size_in_bytes":65543188,"duration_in_seconds":5461}]},{"id":"5aeb1bdc-48f8-4b0b-b1e6-2bce2bd11ffc","title":"139: Cheri-picking BSD","url":"https://www.bsdnow.tv/139","content_text":"This week, Allan is out of town, but since when has that ever stopped us from bringing you a new episode of BSDNow? We have news,\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nUnix's file durability problem\n\n\nAnother article by Chris Siebenmann from the University of Toronto\nThis time, the issue was a lost comment on his Python based blog which uses files on disk rather than a database\nAfter an unexpected restart of the system, a recently posted comment no longer existed\nThe post goes on to investigate what the ‘right way’ to ensure file durability is\nThe answer, as you might expect, is “it depends…”\nNormally, fsync() should work, but it seems with ext4 and some other file systems, you must also fsync() the directory where the file was created, or it might not be possible to find the file after a crash\nDo you need to fsync() the parent of that directory too? Then what is fdatasync() for? What about just calling sync()?\n“One issue is that unlike many other Unix API issues, it's impossible to test to see if you got it all correct and complete. If your steps are incomplete, you don't get any errors; your data is just silently sometimes at risk. Even with a test setup to create system crashes or abrupt power loss (which VMs make much easier), you need uncommon instrumentation to know things like if your OS actually issued disk flushes or just did normal buffered writes. And straightforward testing can't tell you if what you're doing will work all the time, because what is required varies by Unix, kernel version, and the specific filesystem involved.”\nSecond post by author: How I'm trying to do durable disk writes \nAdditional Discussion on Hacker News \nThe discussion on HN also gets into AIO and other more complicated facilities, but even those seem to be vague about when your data is actually safe\nAt least ZFS ensures you never get half of your new data, and half of your old data.\n***\n\n\nBuild a FreeBSD 10.3-release Openstack Image with bsd-cloudinit\n\n\nAre you using FreeBSD and OpenStack or would you like to be? We next have a great tutorial which explains the ins-and-outs of doing exactly that.\nRemy van Elst brings us a great walkthrough on his site on how to get started, and hint it involves just a few ‘pip’ commands. \nAfter getting the initial Python tools bootstrapped, next he shows us how to save our OpenStack settings in a sourceable shell command, which comes in handy before doing admin on a instance.\nNext the ‘glance’ and ‘cinder’ tools are used to upload the target OS ISO file and then create a volume for it to install onto.\nNext the VM is started and some specific steps are outlined on getting FreeBSD 10.3 installed into the instance. It includes some helpful hints as how to fix a mountroot error, if you installed to ada0, but need to mount via vtdb0 instead now. \nAfter the installation is finished, the prep for ‘cloudinit’ is done, and the resulting image is compressed and made ready for deployment. \nWe’ve kinda stepped through some of the more gory steps here, but if OpenStack is something you work with, this tutorial should be at the top of your “must read” list.\n***\n\n\nUndeadly and HTTPS\n\n\nUndeadly, the OpenBSD journal, is thinking of moving to HTTPS only\nIn order to do this, they would like some help rewriting part of the site\nCurrently, when you login to post comments, this is done over HTTPS, but to an stunnel instance running a custom script that gives you a cookie, and sends you back to the non-HTTPS site\nThey would like to better integrate the authentication system, and otherwise improve the code for the site\nThere is some pushback as well, questioning whether it makes sense to block users who are unable to use HTTPS for one reason or another\nI think it makes sense to have the site default to HTTPS, but, maybe HTTPS only doesn’t make sense. There is nothing private on the site, other than the authentication system which is optional, not required to post a comment.\nThere is also some discussion about the code for the site, including the fact that when the code was released, the salt for the password database was included\nThis is not actually a security problem, but the discussion may be interesting to some viewers\n***\n\n\nFreeBSD Journal March/April Edition \n\n\nThe next issue of the FreeBSD Journal is here, and this time it is about Teaching with Operating Systems\nIn addition to the usual columns, including: svn update, the ports report, a conference report from FOSDEM, a meetup report from PortsCamp Taipei, A book review of \"The Algorithm Design Manual\", and the Events Calendar; there are a set of feature articles about teaching\nTeaching with FreeBSD through Tracing, Analysis, and Experimentation\nCHERI: Building a foundation for secure, trusted computing bases\nA brief history of Fast Filesystems\nThere is also an interview with Gleb Smirnoff, a member of the Core team, release engineering, and the deputy security officer, as well as a senior software developer at Netflix\nGet the latest issue from your favourite mobile store, or the “Desktop Edition” directly in your browser from the FreeBSD Foundation’s website\n***\n\n\nInterview - Brooks Davis - brooks@FreeBSD.org / @brooksdavis\n\n\nCHERI and Capabilities\n***\n\n\nTrueNAS Three-Peats!!!\n\n\n\nNews Roundup\n\nUbuntuBSD Is Looking To Become An Official Ubuntu Flavor\n\n\nYou may recall a few weeks back that we were a bit surprised by the UbuntuBSD project and its longevity / goals.\nHowever the project seems to be pushing forward, with news on softpedia.com that they are now seeking to become an ‘official’ Ubuntu Flavor. \nThey’ve already released a forth beta, so it seems the project currently has some developers pushing it forward:\n\n\n\n\"I would like to contribute all my work to Ubuntu Community and, if you think it is worthy, make ubuntuBSD an official Ubuntu project like Xubuntu or Edubuntu,\" said Jon Boden. \"If you're interested, please let me know how would you like me to proceed.\"\n\n\n\n\nIt's Just Bits\n\n\nWe have next an interesting blog post talking about the idea that “It’s just all bits!”\nThe author then takes us down the idea of no matter how old or mysterious the code may be, in the end it is ending up as bits arranged a certain way.\nThen the article transitions and takes us through the idea that old bits, and bits that have grown too large should often be good candidates for replacement by “simpler” bits, using OpenBSD as an example. \n\n\n\n“The OpenBSD community exemplifies this in many ways by taking existing solutions and simplifying them. Processing man pages is as old as Unix, and even in the 21st century OpenBSD has taken the time to rewrite the existing solution to be simpler and safer. It's just bits that need to be turned into other bits. Similarly, OpenBSD has introduced doas as an alternative to sudo. While not replacing sudo entirely, doas makes the 99.99% case of what people use sudo for easier and safer. They are just bits that need to be authenticated. “\n\n\n\nAll in all, a good read, and it reinforces the point that nothing is really truly “finished”. As computing advances and new technologies / practices are made available, sometimes it makes a lot of sense to go back and re-write things in order to simplify the complexity that has snuck in over time.\n***\n\n\nDisk IO limiting is coming to FreeBSD\n\n\nA much requested feature for both Jails and VM’s on FreeBSD has just landed with experimental support in -HEAD, Disk IO limiting!\nThe Commit message states as follows:\n\n\n\n“Add four new RCTL resources - readbps, readiops, writebps and writeiops,\n for limiting disk (actually filesystem) IO.\n\nNote that in some cases these limits are not quite precise. It's ok,\n as long as it's within some reasonable bounds.\n\nTesting - and review of the code, in particular the VFS and VM parts - is\n very welcome.”\n\n\n\nWell, what are you waiting for? This is a fantastic new feature which I’m sure will get incorporated into other tools for controlling jails and VM’s down the road.\nIf you give it a spin, be sure to report back bugs so they can get quashed in time for 11.\n***\n\n\nBeastieBits\n\n\nPC-BSD 10.3 Is the Last in the Series, PC-BSD 11.0 Arrives Later This Year\nASLR now on by default in NetBSD amd64\nDaniel Bilik's fix for hangs on Baytrail \nDon’t forget about PGCon 2016 \nGet your paper in for EuroBSDCon 2016, deadline is May 8th \n\n\n\n\nFeedback/Questions\n\n\n John - Destroy all Dataset \n Thomas - Misc Questions \n Ben - ZFS Copy\n Bryson - SysV IPC \n Drin - IPSEC  \n***\n","content_html":"\u003cp\u003eThis week, Allan is out of town, but since when has that ever stopped us from bringing you a new episode of BSDNow? We have news,\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/FileSyncProblem\" rel=\"nofollow\"\u003eUnix\u0026#39;s file durability problem\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother article by Chris Siebenmann from the University of Toronto\u003c/li\u003e\n\u003cli\u003eThis time, the issue was a lost comment on his Python based blog which uses files on disk rather than a database\u003c/li\u003e\n\u003cli\u003eAfter an unexpected restart of the system, a recently posted comment no longer existed\u003c/li\u003e\n\u003cli\u003eThe post goes on to investigate what the ‘right way’ to ensure file durability is\u003c/li\u003e\n\u003cli\u003eThe answer, as you might expect, is “it depends…”\u003c/li\u003e\n\u003cli\u003eNormally, fsync() should work, but it seems with ext4 and some other file systems, you must also fsync() the directory where the file was created, or it might not be possible to find the file after a crash\u003c/li\u003e\n\u003cli\u003eDo you need to fsync() the parent of that directory too? Then what is fdatasync() for? What about just calling sync()?\u003c/li\u003e\n\u003cli\u003e“One issue is that unlike many other Unix API issues, it\u0026#39;s impossible to test to see if you got it all correct and complete. If your steps are incomplete, you don\u0026#39;t get any errors; your data is just silently sometimes at risk. Even with a test setup to create system crashes or abrupt power loss (which VMs make much easier), you need uncommon instrumentation to know things like if your OS actually issued disk flushes or just did normal buffered writes. And straightforward testing can\u0026#39;t tell you if what you\u0026#39;re doing will work all the time, because what is required varies by Unix, kernel version, and the specific filesystem involved.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/python/HowISyncDataDWiki\" rel=\"nofollow\"\u003eSecond post by author: How I\u0026#39;m trying to do durable disk writes \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://news.ycombinator.com/item?id=11511269\" rel=\"nofollow\"\u003eAdditional Discussion on Hacker News\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThe discussion on HN also gets into AIO and other more complicated facilities, but even those seem to be vague about when your data is actually safe\u003c/li\u003e\n\u003cli\u003eAt least ZFS ensures you never get half of your new data, and half of your old data.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://raymii.org/s/tutorials/FreeBSD_10.3-release_Openstack_Image.html\" rel=\"nofollow\"\u003eBuild a FreeBSD 10.3-release Openstack Image with bsd-cloudinit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAre you using FreeBSD and OpenStack or would you like to be? We next have a great tutorial which explains the ins-and-outs of doing exactly that.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eRemy van Elst brings us a great walkthrough on his site on how to get started, and hint it involves just a few ‘pip’ commands. \u003c/li\u003e\n\u003cli\u003eAfter getting the initial Python tools bootstrapped, next he shows us how to save our OpenStack settings in a sourceable shell command, which comes in handy before doing admin on a instance.\u003c/li\u003e\n\u003cli\u003eNext the ‘glance’ and ‘cinder’ tools are used to upload the target OS ISO file and then create a volume for it to install onto.\u003c/li\u003e\n\u003cli\u003eNext the VM is started and some specific steps are outlined on getting FreeBSD 10.3 installed into the instance. It includes some helpful hints as how to fix a mountroot error, if you installed to ada0, but need to mount via vtdb0 instead now. \u003c/li\u003e\n\u003cli\u003eAfter the installation is finished, the prep for ‘cloudinit’ is done, and the resulting image is compressed and made ready for deployment. \u003c/li\u003e\n\u003cli\u003eWe’ve kinda stepped through some of the more gory steps here, but if OpenStack is something you work with, this tutorial should be at the top of your “must read” list.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160411201504\" rel=\"nofollow\"\u003eUndeadly and HTTPS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUndeadly, the OpenBSD journal, is thinking of moving to HTTPS only\u003c/li\u003e\n\u003cli\u003eIn order to do this, they would like some help rewriting part of the site\u003c/li\u003e\n\u003cli\u003eCurrently, when you login to post comments, this is done over HTTPS, but to an stunnel instance running a custom script that gives you a cookie, and sends you back to the non-HTTPS site\u003c/li\u003e\n\u003cli\u003eThey would like to better integrate the authentication system, and otherwise improve the code for the site\u003c/li\u003e\n\u003cli\u003eThere is some pushback as well, questioning whether it makes sense to block users who are unable to use HTTPS for one reason or another\u003c/li\u003e\n\u003cli\u003eI think it makes sense to have the site default to HTTPS, but, maybe HTTPS only doesn’t make sense. There is nothing private on the site, other than the authentication system which is optional, not required to post a comment.\u003c/li\u003e\n\u003cli\u003eThere is also some discussion about the code for the site, including the fact that when the code was released, the salt for the password database was included\u003c/li\u003e\n\u003cli\u003eThis is not actually a security problem, but the discussion may be interesting to some viewers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/journal/browser-based-edition/\" rel=\"nofollow\"\u003eFreeBSD Journal March/April Edition \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe next issue of the FreeBSD Journal is here, and this time it is about Teaching with Operating Systems\u003c/li\u003e\n\u003cli\u003eIn addition to the usual columns, including: svn update, the ports report, a conference report from FOSDEM, a meetup report from PortsCamp Taipei, A book review of \u0026quot;The Algorithm Design Manual\u0026quot;, and the Events Calendar; there are a set of feature articles about teaching\u003c/li\u003e\n\u003cli\u003eTeaching with FreeBSD through Tracing, Analysis, and Experimentation\u003c/li\u003e\n\u003cli\u003eCHERI: Building a foundation for secure, trusted computing bases\u003c/li\u003e\n\u003cli\u003eA brief history of Fast Filesystems\u003c/li\u003e\n\u003cli\u003eThere is also an interview with Gleb Smirnoff, a member of the Core team, release engineering, and the deputy security officer, as well as a senior software developer at Netflix\u003c/li\u003e\n\u003cli\u003eGet the latest issue from your favourite mobile store, or the “Desktop Edition” directly in your browser from the FreeBSD Foundation’s website\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Brooks Davis - \u003ca href=\"mailto:brooks@FreeBSD.org\" rel=\"nofollow\"\u003ebrooks@FreeBSD.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/brooksdavis\" rel=\"nofollow\"\u003e@brooksdavis\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eCHERI and Capabilities\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ixsystems.com/blog/truenas-three-peats/\" rel=\"nofollow\"\u003eTrueNAS Three-Peats!!!\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://linux.softpedia.com/blog/ubuntubsd-is-looking-to-become-an-official-ubuntu-flavor-502746.shtml\" rel=\"nofollow\"\u003eUbuntuBSD Is Looking To Become An Official Ubuntu Flavor\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou may recall a few weeks back that we were a bit surprised by the UbuntuBSD project and its longevity / goals.\u003c/li\u003e\n\u003cli\u003eHowever the project seems to be pushing forward, with news on softpedia.com that they are now seeking to become an ‘official’ Ubuntu Flavor. \u003c/li\u003e\n\u003cli\u003eThey’ve already released a forth beta, so it seems the project currently has some developers pushing it forward:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;I would like to contribute all my work to Ubuntu Community and, if you think it is worthy, make ubuntuBSD an official Ubuntu project like Xubuntu or Edubuntu,\u0026quot; said Jon Boden. \u0026quot;If you\u0026#39;re interested, please let me know how would you like me to proceed.\u0026quot;\u003c/p\u003e\n\n\u003chr\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.appliedcompscilab.com/its_just_bits/index.html\" rel=\"nofollow\"\u003eIt\u0026#39;s Just Bits\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have next an interesting blog post talking about the idea that “It’s just all bits!”\u003c/li\u003e\n\u003cli\u003eThe author then takes us down the idea of no matter how old or mysterious the code may be, in the end it is ending up as bits arranged a certain way.\u003c/li\u003e\n\u003cli\u003eThen the article transitions and takes us through the idea that old bits, and bits that have grown too large should often be good candidates for replacement by “simpler” bits, using OpenBSD as an example. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“The OpenBSD community exemplifies this in many ways by taking existing solutions and simplifying them. Processing man pages is as old as Unix, and even in the 21st century OpenBSD has taken the time to rewrite the existing solution to be simpler and safer. It\u0026#39;s just bits that need to be turned into other bits. Similarly, OpenBSD has introduced doas as an alternative to sudo. While not replacing sudo entirely, doas makes the 99.99% case of what people use sudo for easier and safer. They are just bits that need to be authenticated. “\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAll in all, a good read, and it reinforces the point that nothing is really truly “finished”. As computing advances and new technologies / practices are made available, sometimes it makes a lot of sense to go back and re-write things in order to simplify the complexity that has snuck in over time.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2016-April/084288.html\" rel=\"nofollow\"\u003eDisk IO limiting is coming to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eA much requested feature for both Jails and VM’s on FreeBSD has just landed with experimental support in -HEAD, Disk IO limiting!\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe Commit message states as follows:\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“Add four new RCTL resources - readbps, readiops, writebps and writeiops,\u003cbr\u003e\n for limiting disk (actually filesystem) IO.\u003c/p\u003e\n\n\u003cp\u003eNote that in some cases these limits are not quite precise. It\u0026#39;s ok,\u003cbr\u003e\n as long as it\u0026#39;s within some reasonable bounds.\u003c/p\u003e\n\n\u003cp\u003eTesting - and review of the code, in particular the VFS and VM parts - is\u003cbr\u003e\n very welcome.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eWell, what are you waiting for? This is a fantastic new feature which I’m sure will get incorporated into other tools for controlling jails and VM’s down the road.\u003c/li\u003e\n\u003cli\u003eIf you give it a spin, be sure to report back bugs so they can get quashed in time for 11.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastieBits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://news.softpedia.com/news/pc-bsd-10-3-is-the-last-in-the-series-pc-bsd-11-0-arrives-later-this-year-502570.shtml\" rel=\"nofollow\"\u003ePC-BSD 10.3 Is the Last in the Series, PC-BSD 11.0 Arrives Later This Year\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2016/04/10/msg073939.html\" rel=\"nofollow\"\u003eASLR now on by default in NetBSD amd64\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-April/228682.html\" rel=\"nofollow\"\u003eDaniel Bilik\u0026#39;s fix for hangs on Baytrail\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.pgcon.org/2016/\" rel=\"nofollow\"\u003eDon’t forget about PGCon 2016\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://2016.eurobsdcon.org/call-for-papers/\" rel=\"nofollow\"\u003eGet your paper in for EuroBSDCon 2016, deadline is May 8th\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/QdGWn0TW\" rel=\"nofollow\"\u003e John - Destroy all Dataset\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/43YkwBjP\" rel=\"nofollow\"\u003e Thomas - Misc Questions\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/gdi3pswe\" rel=\"nofollow\"\u003e Ben - ZFS Copy\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/E9n938D1\" rel=\"nofollow\"\u003e Bryson - SysV IPC\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/bgGTmbDG\" rel=\"nofollow\"\u003e Drin - IPSEC \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, Allan is out of town, but since when has that ever stopped us from bringing you a new episode of BSDNow? We have news,","date_published":"2016-04-27T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5aeb1bdc-48f8-4b0b-b1e6-2bce2bd11ffc.mp3","mime_type":"audio/mpeg","size_in_bytes":50138068,"duration_in_seconds":4178}]},{"id":"76132fe6-471f-4b50-bf70-f6fdf784b561","title":"138: Rushing into BSD","url":"https://www.bsdnow.tv/138","content_text":"This week on the show, we will be talking to Benedict Reushling about his role with the FreeBSD foundation and the journey that took him\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nHardenedBSD introduces full PIE support\n\n\nPIE base for amd64 and i386\nOnly nine applications are not compiled as PIEs\nTested PIE base on several amd64 systems, both virtualized and bare metal\nHoped to be to enabled it for ARM64 before or during BSDCan.\nShawn will be bringing ten Raspberry Pi 3 devices (which are ARM64) with to BSDCan, eight of which will be given out to lucky individuals. “We want the BSD community to hack on them and get ARM64/Aarch64 fully functional on them.”\n***\n\n\nLessons learned from 30 years of MINIX\n\n\nEat your own dog food.\nBy not relying on idiosyncratic features of the hardware, one makes porting to new platforms much easier.\nThe Internet is like an elephant; it never forgets.\nWhen standards exist (such as ANSI Standard C) stick to them.\nEven after you have adopted a strategy, you should nevertheless reexamine it from time to time.\nKeep focused on your real goal, Einstein was right: Things should be as simple as possible but not simpler.\n***\n\n\npfSense 2.3 released\n\n\nRewrite of the webGUI utilizing Bootstrap\nTLS v1.0 disabled for the GUI\nMoved to a FreeBSD 10.3-RELEASE base\nPHP Upgraded to 5.6\nThe \"Full Backup\" feature has been deprecated\nClosed 760 total tickets of which 137 are fixed bugs\nKnown Regressions\nOpenVPN topology change\nIP aliases with CARP IP parent lose their parent interface association post-upgrade\nIPsec IPComp does not work.\nIGMP Proxy does not work with VLAN interfaces.\nMany other updates and changes\n***\n\n\nOPNsense 16.1.10 released\n\n\nopenvpn: revive windows installer binaries\nsystem: improved config history and backup pages layout\nsystem: increased backup count default from 30 to 60\nsystem: /var /tmp MFS awareness for crash dumps added\ntrust: add “IP security IKE intermediate” to server key usage\nfirmware: moved reboot, halt and defaults pages to new home\nlanguages: updates to Russian, French, German and Japanese\nMany other updates and changes\n***\n\n\nInterview - Benedict Reuschling - bcr@freebsd.org\n\n\nFreeBSD Foundation in Europe\n***\n\n\nNews Roundup\n\nWrite opinionated workarounds\n\n\nColin Percival has written a great blog post this past week, specifically talking about his policy of writing “opinionated workarounds”.\nThe idea came about due to his working on multi-platform software, and the frustrations of dealing with POSIX violations\nThe crux of the post is how he deals with these workarounds. Specifically by only applying them to the particular system in which it was required. And doing so loudly. \nThis has some important benefits. First, it doesn’t potentially expose other systems to bugs / security flaws when a workaround doesn’t \n“work” on a system for which it wasn’t designed. Secondly it’s important to complain. Loudly. This lets the user know that they are running on a system that doesn’t adhere to POSIX compliance, and maybe even get the attention of a developer who could remedy the situation.\n***\n\n\nPrivilege escalation in calendar(1)\n\n\nFile this one under “Ouch that hurts” a new security vuln has been posted, this time against NetBSD’s ‘calendar’ command.\nSpecifically it looks like some of the daily scripts uses the ‘-a’ flag, which requires super-user privs in order to process all users calendar files and mail the results.\nHowever the bug occurred because the calendar command didn’t drop priv properly before executing external commands (whoops!)\nTo workaround you can set run_calendar=NO in the daily.conf file, or apply the fixed binary from upstream.\n***\n\n\nPGCon 2016\n\n\nPGCon 2016 is now only 4 weeks away\nThe conference will be held at the University of Ottawa (same venue as BSDCan) from May 17th to 20th\nTutorials: 17-18 May 2016 (Tue \u0026amp; Wed)\nTalks: 19-20 May 2016 (Thu-Fri)\nWednesday is a developer unconference.\nSaturday is a user unconference.\n“PGCon is an annual conference for users and developers of PostgreSQL, a leading relational database, which just happens to be open source. PGCon is the place to meet, discuss, build relationships, learn valuable insights, and generally chat about the work you are doing with PostgreSQL. If you want to learn why so many people are moving to PostgreSQL, PGCon will be the place to find out why. Whether you are a casual user or you've been working with PostgreSQL for years, PGCon will have something for you.”\nNew to PGSQL? Just a user? Long time developers? This conference has something for you. A great lineup of talks, plus unconference days focused on both users and developers\n***\n\n\nCfP EuroBSDCon 2016\n\n\nThe call for papers has been issued for EuroBSDCon 2016 in Belgrade, Serbia\nThe conference will be held from the 22nd to 25th of September, 2016\nThe deadline for talk submissions is: Sunday the 8th of May, 2016\nSubmit your talk or tutorial proposal before it is too late\n***\n\n\nBeastie Bits\n\n\n“FreeBSD Mastery: Advanced ZFS” has officially been released  \nSupport of OpenBSD pledge(2) in programming Languages \npkgsrcCon 2016 -Call for Presentations\nChristos Zoulas talks about blacklistd \nPenguicon 2016 Lucas Track Schedule \n\n\n\n\nFeedback/Questions\n\n\n Peter - NVME \n Jeremy - Wireless Gear \n Ted - Rpi2 Packages - Cross Building Wiki \n Geoff - Jail Failover \n Zach - Graphical Bhyve? \n***\n","content_html":"\u003cp\u003eThis week on the show, we will be talking to Benedict Reushling about his role with the FreeBSD foundation and the journey that took him\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2016-04-15/introducing-full-pie-support\" rel=\"nofollow\"\u003eHardenedBSD introduces full PIE support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePIE base for amd64 and i386\u003c/li\u003e\n\u003cli\u003eOnly nine applications are not compiled as PIEs\u003c/li\u003e\n\u003cli\u003eTested PIE base on several amd64 systems, both virtualized and bare metal\u003c/li\u003e\n\u003cli\u003eHoped to be to enabled it for ARM64 before or during BSDCan.\u003c/li\u003e\n\u003cli\u003eShawn will be bringing ten Raspberry Pi 3 devices (which are ARM64) with to BSDCan, eight of which will be given out to lucky individuals. “We want the BSD community to hack on them and get ARM64/Aarch64 fully functional on them.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://m.cacm.acm.org/magazines/2016/3/198874-lessons-learned-from-30-years-of-minix/fulltext\" rel=\"nofollow\"\u003eLessons learned from 30 years of MINIX\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEat your own dog food.\u003c/li\u003e\n\u003cli\u003eBy not relying on idiosyncratic features of the hardware, one makes porting to new platforms much easier.\u003c/li\u003e\n\u003cli\u003eThe Internet is like an elephant; it never forgets.\u003c/li\u003e\n\u003cli\u003eWhen standards exist (such as ANSI Standard C) stick to them.\u003c/li\u003e\n\u003cli\u003eEven after you have adopted a strategy, you should nevertheless reexamine it from time to time.\u003c/li\u003e\n\u003cli\u003eKeep focused on your real goal, Einstein was right: Things should be as simple as possible but not simpler.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=2008\" rel=\"nofollow\"\u003epfSense 2.3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRewrite of the webGUI utilizing Bootstrap\u003c/li\u003e\n\u003cli\u003eTLS v1.0 disabled for the GUI\u003c/li\u003e\n\u003cli\u003eMoved to a FreeBSD 10.3-RELEASE base\u003c/li\u003e\n\u003cli\u003ePHP Upgraded to 5.6\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;Full Backup\u0026quot; feature has been deprecated\u003c/li\u003e\n\u003cli\u003eClosed 760 total tickets of which 137 are fixed bugs\u003c/li\u003e\n\u003cli\u003eKnown Regressions\u003c/li\u003e\n\u003cli\u003eOpenVPN topology change\u003c/li\u003e\n\u003cli\u003eIP aliases with CARP IP parent lose their parent interface association post-upgrade\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eIPsec IPComp does not work.\u003c/li\u003e\n\u003cli\u003eIGMP Proxy does not work with VLAN interfaces.\u003c/li\u003e\n\u003cli\u003eMany other updates and changes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-16-1-10-released/\" rel=\"nofollow\"\u003eOPNsense 16.1.10 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eopenvpn: revive windows installer binaries\u003c/li\u003e\n\u003cli\u003esystem: improved config history and backup pages layout\u003c/li\u003e\n\u003cli\u003esystem: increased backup count default from 30 to 60\u003c/li\u003e\n\u003cli\u003esystem: /var /tmp MFS awareness for crash dumps added\u003c/li\u003e\n\u003cli\u003etrust: add “IP security IKE intermediate” to server key usage\u003c/li\u003e\n\u003cli\u003efirmware: moved reboot, halt and defaults pages to new home\u003c/li\u003e\n\u003cli\u003elanguages: updates to Russian, French, German and Japanese\u003c/li\u003e\n\u003cli\u003eMany other updates and changes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Benedict Reuschling - \u003ca href=\"mailto:bcr@freebsd.org\" rel=\"nofollow\"\u003ebcr@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD Foundation in Europe\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2016-04-11-write-opinionated-workarounds.html\" rel=\"nofollow\"\u003eWrite opinionated workarounds\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin Percival has written a great blog post this past week, specifically talking about his policy of writing “opinionated workarounds”.\u003c/li\u003e\n\u003cli\u003eThe idea came about due to his working on multi-platform software, and the frustrations of dealing with POSIX violations\u003c/li\u003e\n\u003cli\u003eThe crux of the post is how he deals with these workarounds. Specifically by \u003cem\u003eonly\u003c/em\u003e applying them to the particular system in which it was required. And doing so loudly. \u003c/li\u003e\n\u003cli\u003eThis has some important benefits. First, it doesn’t potentially expose other systems to bugs / security flaws when a workaround doesn’t \n“work” on a system for which it wasn’t designed. Secondly it’s important to complain. Loudly. This lets the user know that they are running on a system that doesn’t adhere to POSIX compliance, and maybe even get the attention of a developer who could remedy the situation.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-003.txt.asc\" rel=\"nofollow\"\u003ePrivilege escalation in calendar(1)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFile this one under “Ouch that hurts” a new security vuln has been posted, this time against NetBSD’s ‘calendar’ command.\u003c/li\u003e\n\u003cli\u003eSpecifically it looks like some of the daily scripts uses the ‘-a’ flag, which requires super-user privs in order to process all users calendar files and mail the results.\u003c/li\u003e\n\u003cli\u003eHowever the bug occurred because the calendar command didn’t drop priv properly before executing external commands (whoops!)\u003c/li\u003e\n\u003cli\u003eTo workaround you can set run_calendar=NO in the daily.conf file, or apply the fixed binary from upstream.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.pgcon.org/2016/\" rel=\"nofollow\"\u003ePGCon 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePGCon 2016 is now only 4 weeks away\u003c/li\u003e\n\u003cli\u003eThe conference will be held at the University of Ottawa (same venue as BSDCan) from May 17th to 20th\u003c/li\u003e\n\u003cli\u003eTutorials: 17-18 May 2016 (Tue \u0026amp; Wed)\u003c/li\u003e\n\u003cli\u003eTalks: 19-20 May 2016 (Thu-Fri)\u003c/li\u003e\n\u003cli\u003eWednesday is a developer unconference.\u003c/li\u003e\n\u003cli\u003eSaturday is a user unconference.\u003c/li\u003e\n\u003cli\u003e“PGCon is an annual conference for users and developers of PostgreSQL, a leading relational database, which just happens to be open source. PGCon is the place to meet, discuss, build relationships, learn valuable insights, and generally chat about the work you are doing with PostgreSQL. If you want to learn why so many people are moving to PostgreSQL, PGCon will be the place to find out why. Whether you are a casual user or you\u0026#39;ve been working with PostgreSQL for years, PGCon will have something for you.”\u003c/li\u003e\n\u003cli\u003eNew to PGSQL? Just a user? Long time developers? This conference has something for you. \u003ca href=\"https://www.pgcon.org/2016/schedule/events.en.html\" rel=\"nofollow\"\u003eA great lineup of talks\u003c/a\u003e, plus unconference days focused on both users and developers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2016.eurobsdcon.org/call-for-papers/\" rel=\"nofollow\"\u003eCfP EuroBSDCon 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe call for papers has been issued for EuroBSDCon 2016 in Belgrade, Serbia\u003c/li\u003e\n\u003cli\u003eThe conference will be held from the 22nd to 25th of September, 2016\u003c/li\u003e\n\u003cli\u003eThe deadline for talk submissions is: Sunday the 8th of May, 2016\u003c/li\u003e\n\u003cli\u003eSubmit your talk or tutorial proposal before it is too late\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.michaelwlucas.com/nonfiction/fmaz\" rel=\"nofollow\"\u003e“FreeBSD Mastery: Advanced ZFS” has officially been released \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://gist.github.com/ligurio/f6114bd1df371047dd80ea9b8a55c104\" rel=\"nofollow\"\u003eSupport of OpenBSD pledge(2) in programming Languages\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://daemonforums.org/showthread.php?t=9781\" rel=\"nofollow\"\u003epkgsrcCon 2016 -Call for Presentations\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/talks_about_blacklistd\" rel=\"nofollow\"\u003eChristos Zoulas talks about blacklistd\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2617\" rel=\"nofollow\"\u003ePenguicon 2016 Lucas Track Schedule\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/HiiDpGcT\" rel=\"nofollow\"\u003e Peter - NVME\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/L5XeVS1H\" rel=\"nofollow\"\u003e Jeremy - Wireless Gear\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/yrCEnkWt\" rel=\"nofollow\"\u003e Ted - Rpi2 Packages\u003c/a\u003e - \u003ca href=\"https://wiki.freebsd.org/FreeBSD/arm/crossbuild\" rel=\"nofollow\"\u003eCross Building Wiki\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/pYFC1vdQ\" rel=\"nofollow\"\u003e Geoff - Jail Failover\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/WEgN0ZVw\" rel=\"nofollow\"\u003e Zach - Graphical Bhyve?\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we will be talking to Benedict Reushling about his role with the FreeBSD foundation and the journey that took him","date_published":"2016-04-20T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/76132fe6-471f-4b50-bf70-f6fdf784b561.mp3","mime_type":"audio/mpeg","size_in_bytes":69487348,"duration_in_seconds":5790}]},{"id":"9d4cd10e-3ef9-4849-8a3d-de5a4dfc4542","title":"137: FreeNAS Mini XL","url":"https://www.bsdnow.tv/137","content_text":"This week on BSD Now, I’m out of town for the week, but we have a special unboxing video to share with you, that you won’t want to miss. That, plus the latest BSD news, is coming your way right now!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nExample of a FreeBSD bug hunting session by a simple user\n\n\nDon’t be fooled, Olivier Cochard-Labbé is a bit more than just a FreeBSD user\nOriginal founder of the FreeNAS project many years ago, and currently leads the BSD Router Project (designed as a replacement for “Big Iron” routers like Cisco’s etc)\nHowever, he is not actually a committer on any of the BSD projects, and is mostly focused on networking, rather than development, so it is fair to call him a user\nHe walks us through a bug hunting session that started when he updated his wireless router\n“My wireless-router configuration was complex: it involves routing, wireless in hostap mode, ipfw, snort, bridge, openvpn, etc.”\nProvides helpful advice on writing problem reports to developers, including trying to reproduce your issue with as minimal a setup as possible. This both reduces the amount of setup a developer has to do to try to recreate your issue, and can often make it more obvious where the problem actually lies\nAs you might expect, the more he researched the problem, the more questions he had\nThe journey goes through the kernel debugger, learning dtrace, and reading some source code\nIn the end it seems the problem is that the bridge interface marks itself as down if none of the interfaces are in an ‘UP’ state. The wireless interface was in the unknown state, and was actually up, but when the wired interface was disconnected, this caused the bridge to mark it self as down.\n***\n\n\nHow-to Install OpenBSD 5.9 plus XFCE desktop and basic applications\n\n\nNow this is the way to do videos. Over at the RibaLinux blogspot site, we have a great video showing how to setup and install OpenBSD 5.9 with XFCE and basic desktop applications.\nAlong with the video tutorial, another nicety is the commands-used script, so you can see exactly how the setup was done, without having to pause/rewind the video to keep up. How to install PC-BSD 10.3 \nIn addition to the OpenBSD 5.9 setup video, they just published a PC-BSD 10.3 installation video as well, check it out!\n***\n\n\nFreeBSD on xhyve tutorial\n\n\nOriginally only able to boot linux, xhyve, a “sort of” port of bhyve to OS X, can now run FreeBSD\nThis tutorial makes it much easier, providing a script\nThere are a few small command line flag differences from bhyve on FreeBSD\nThe tutorial also covers sharing a directory between the guest and the host, resizing and growing the disk for the guest, and converting a QEMU image to be run under xhyve\n***\n\n\nHow to Configure SSHguard With IPFW Firewall On FreeBSD\n\n\nIt’s been a while, but UNIXMen has dropped on us another FreeBSD tutorial, this time on how to setup IPFW and ‘sshguard’ to protect your system.\nIn this tutorial they first lay down the rationale for picking IPFW as the firewall, but the reasons mainly boil down to IPFW being developed primarily on FreeBSD, and as such isn’t lagging behind when it comes to features / support.\nInterestingly enough, they also go the route of adding their own /usr/local/etc/rc.firewall script which will be used to specify TCP/UDP ports to open through IPFW via the rc.conf file\nOnce that setup is complete (which you can just copy-n-paste) they then move onto ‘sshguard’ setup.\nSpecifically you’ll need to be sure to install the correct port/pkg, sshguard-ipfw in order to work in this setup, although sshguard-pf and friends are available also.\nThe article mentions that the name ‘sshguard’ can also be misleading, since it can be used to detect brute force attempts into a number of services.\nFrom there a bunch of configuration is thrown at you, which will allow you to start making the most out of sshguard’s potential, well worth your read if you are using IPFW, or even PF and want to get the basics down of using sshguard properly.\n***\n\n\nFreeNAS Mini XL Video Unboxing\n\n\n\nBeastie Bits\n\nAmazon lists FreeBSD as 'Other Linux' \n\nsbin/hammer: Make hammer commands print root volume path \n\nsbin/hammer: Print volume list after volume-add|del \n\nFront cover reveal for the upcoming 'FreeBSD Mastery: Advanced ZFS\" book \n\nIf you don’t already have one, get your FreeBSD Pillow \n\n\n\nFeedback/Questions\n\n\n Daniel - SysVIPC\n Shane - OpenToonz \n***\n","content_html":"\u003cp\u003eThis week on BSD Now, I’m out of town for the week, but we have a special unboxing video to share with you, that you won’t want to miss. That, plus the latest BSD news, is coming your way right now!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.cochard.me/2016/01/example-of-freebsd-bug-hunting-session.html\" rel=\"nofollow\"\u003eExample of a FreeBSD bug hunting session by a simple user\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDon’t be fooled, Olivier Cochard-Labbé is a bit more than just a FreeBSD user\u003c/li\u003e\n\u003cli\u003eOriginal founder of the FreeNAS project many years ago, and currently leads the BSD Router Project (designed as a replacement for “Big Iron” routers like Cisco’s etc)\u003c/li\u003e\n\u003cli\u003eHowever, he is not actually a committer on any of the BSD projects, and is mostly focused on networking, rather than development, so it is fair to call him a user\u003c/li\u003e\n\u003cli\u003eHe walks us through a bug hunting session that started when he updated his wireless router\u003c/li\u003e\n\u003cli\u003e“My wireless-router configuration was complex: it involves routing, wireless in hostap mode, ipfw, snort, bridge, openvpn, etc.”\u003c/li\u003e\n\u003cli\u003eProvides helpful advice on writing problem reports to developers, including trying to reproduce your issue with as minimal a setup as possible. This both reduces the amount of setup a developer has to do to try to recreate your issue, and can often make it more obvious where the problem actually lies\u003c/li\u003e\n\u003cli\u003eAs you might expect, the more he researched the problem, the more questions he had\u003c/li\u003e\n\u003cli\u003eThe journey goes through the kernel debugger, learning dtrace, and reading some source code\u003c/li\u003e\n\u003cli\u003eIn the end it seems the problem is that the bridge interface marks itself as down if none of the interfaces are in an ‘UP’ state. The wireless interface was in the unknown state, and was actually up, but when the wired interface was disconnected, this caused the bridge to mark it self as down.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ribalinux.blogspot.com/2016/04/how-to-install-openbsd-59-plus-xfce.html\" rel=\"nofollow\"\u003eHow-to Install OpenBSD 5.9 plus XFCE desktop and basic applications\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow this is the way to do videos. Over at the RibaLinux blogspot site, we have a great video showing how to setup and install OpenBSD 5.9 with XFCE and basic desktop applications.\u003c/li\u003e\n\u003cli\u003eAlong with the video tutorial, another nicety is the commands-used script, so you can see exactly how the setup was done, without having to pause/rewind the video to keep up. \u003ca href=\"http://ribalinux.blogspot.com/2016/04/how-to-install-pc-bsd-103.html\" rel=\"nofollow\"\u003eHow to install PC-BSD 10.3\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eIn addition to the OpenBSD 5.9 setup video, they just published a PC-BSD 10.3 installation video as well, check it out!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gist.github.com/tanb/f8fefa22332edc7a641d\" rel=\"nofollow\"\u003eFreeBSD on xhyve tutorial\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOriginally only able to boot linux, xhyve, a “sort of” port of bhyve to OS X, can now run FreeBSD\u003c/li\u003e\n\u003cli\u003eThis tutorial makes it much easier, providing a script\u003c/li\u003e\n\u003cli\u003eThere are a few small command line flag differences from bhyve on FreeBSD\u003c/li\u003e\n\u003cli\u003eThe tutorial also covers sharing a directory between the guest and the host, resizing and growing the disk for the guest, and converting a QEMU image to be run under xhyve\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.unixmen.com/configure-sshguard-ipfw-firewall-freebsd\" rel=\"nofollow\"\u003eHow to Configure SSHguard With IPFW Firewall On FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s been a while, but UNIXMen has dropped on us another FreeBSD tutorial, this time on how to setup IPFW and ‘sshguard’ to protect your system.\u003c/li\u003e\n\u003cli\u003eIn this tutorial they first lay down the rationale for picking IPFW as the firewall, but the reasons mainly boil down to IPFW being developed primarily on FreeBSD, and as such isn’t lagging behind when it comes to features / support.\u003c/li\u003e\n\u003cli\u003eInterestingly enough, they also go the route of adding their own /usr/local/etc/rc.firewall script which will be used to specify TCP/UDP ports to open through IPFW via the rc.conf file\u003c/li\u003e\n\u003cli\u003eOnce that setup is complete (which you can just copy-n-paste) they then move onto ‘sshguard’ setup.\u003c/li\u003e\n\u003cli\u003eSpecifically you’ll need to be sure to install the correct port/pkg, sshguard-ipfw in order to work in this setup, although sshguard-pf and friends are available also.\u003c/li\u003e\n\u003cli\u003eThe article mentions that the name ‘sshguard’ can also be misleading, since it can be used to detect brute force attempts into a number of services.\u003c/li\u003e\n\u003cli\u003eFrom there a bunch of configuration is thrown at you, which will allow you to start making the most out of sshguard’s potential, well worth your read if you are using IPFW, or even PF and want to get the basics down of using sshguard properly.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFreeNAS Mini XL Video Unboxing\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://i.imgur.com/NJ7lpso.png\" rel=\"nofollow\"\u003eAmazon lists FreeBSD as \u0026#39;Other Linux\u0026#39;\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-April/459667.html\" rel=\"nofollow\"\u003esbin/hammer: Make hammer commands print root volume path\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-April/459674.html\" rel=\"nofollow\"\u003esbin/hammer: Print volume list after volume-add|del\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://twitter.com/mwlauthor/status/716328414072872960\" rel=\"nofollow\"\u003eFront cover reveal for the upcoming \u0026#39;FreeBSD Mastery: Advanced ZFS\u0026quot; book\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003eIf you don’t already have one, get your \u003ca href=\"http://linuxpillow.blogspot.com/2016/03/world-backup-day.html\" rel=\"nofollow\"\u003eFreeBSD Pillow\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/raw/JBbMj87t\" rel=\"nofollow\"\u003e Daniel - SysVIPC\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/raw/54ngYVEN\" rel=\"nofollow\"\u003e Shane - OpenToonz\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSD Now, I’m out of town for the week, but we have a special unboxing video to share with you, that you won’t want to miss. That, plus the latest BSD news, is coming your way right now!","date_published":"2016-04-13T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9d4cd10e-3ef9-4849-8a3d-de5a4dfc4542.mp3","mime_type":"audio/mpeg","size_in_bytes":28774228,"duration_in_seconds":2397}]},{"id":"719cbcc9-9b74-4129-9a35-bef5f499f3b9","title":"136: This is GNN","url":"https://www.bsdnow.tv/136","content_text":"This week on the show, we will be interviewing GNN of the FreeBSD project to talk about the new TeachBSD initiative. That plus the latest BSD headlines, all coming your way right now!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 10.3-RELEASE Announcement \n\n\nFreeBSD 10.3 has landed, with extended support until April 30, 2018\nThis is likely to be the last extended support release, as starting with 11, the new support model will encourage upgrading to the latest minor version by ending support for the previous minor version approximately 2 months after each point release. The Major version / stable branch will still be supported for the same 5 year term. This will allow the FreeBSD project to move forward more quickly, while still providing the same level of long term support\nThe UEFI boot loader is much improved, and now supports booting root-on-ZFS, and the beastie menu\nThe beastie menu itself has been updated with support for ZFS Boot Environments\nThe CAM Target Layer (CTL) now supports High Availability, allowing the construction of much more advanced storage systems\nThe 64bit Linux Emulation Layer was backported\nReroot support was added, allowing the system to boot off of a minimal image, such as a mfsroot and then reload all of userland from a different root file system (such as iSCSI, NFS, etc)\nThe version of xz(1) has been updated to support multi-threaded compression\nsesutil(8) has been introduced, making it easier to manage large storage nodes\nVarious ZFS updates\nAs usual, a huge number of driver updates are also included\n***\n\n\nHow to use OpenBSD with Libreboot: detailed instructions \n\n\nThis tutorial covers installing OpenBSD on a Thinkpad X200 using Libreboot, a replacement for the traditional BIOS/firmware that comes from the manufacturer\n“Since 5.9, OpenBSD supports EFI boot mode, which means that it also have had to support framebuffer out of the box, so lack of proprietary VGA BIOS blob is no longer a problem and you can boot it with unmodified Libreboot binary release 20150518.”\n“In order to install OpenBSD on such a machine you will need someadditional preparations, since regular install59.fs won't work because bsd.rd doesn't have a framebuffer console.”\nA few extra steps are required to get it going, but they are outlined in the post\nThis may be very interesting to those who prefer not to depend on binary blobs\n***\n\n\nLinking the FreeBSD base system with lld -- status update\n\n\nThe FreeBSD Foundation’s Ed Maste provides an update on the LLVM mailing list about the progress of replacing the GNU linker with the lld in the FreeBSD base system\n“I'm pleased to report that I can now build a runnable FreeBSD system using lld as the linker (for buildworld), with a few workarounds and work-in-progress patches. I have not yet extensively tested the result but it is possible to login to the resulting system, and basic sanity tests I've tried are successful. Note that the kernel is still linked with ld.bfd.”\nOutstanding Issues\n\n\nSymbol version support (PR 23231). FreeBSD uses symbol versioning for backwards compatibility\nLinker script expression support (PR 26731). The FreeBSD kernel linker scripts contain expressions not currently supported by lld\nLibrary search paths. GNU LD automatically searches /lib, and lld does not\nthe -N flag makes the text and data sections RW and does not page-align data.\nIt is used by boot loader components.\nThe -dc flag assigns space to common symbols when producing relocatable output (-r). It is used by the /rescue build, which is a single binary assembled from a collection of individual tools (sh, ls, fsck, ...)\n-Y adds a path to the default library search path. It is used by the lib32 build, which provides i386 builds of the system libraries for compatibility with i386 applications.\n\nWith the ongoing work, it might be possible for FreeBSD 11 to use lld by default, although it might be best to wait to throw that particular switch\n***\n\n\nYour favorite billion user company using BSD just flipped on encryption for all their users -- and it took 15 Engineers to do it\n\n\nWith the help of Moxie Marlinspike’s Open Whisper Systems, WhatsApp has integrated the ‘Signal’ encryption system for all messages, class, pictures, and videos sent between individuals or groups\nIt uses public key cryptography, very similar to GPG, but with automated public key servers\nIt also includes a system of QR codes to verify the identity of individuals in person, so you can be sure the person you are talking to is actually the person you met with\nWhatsApp runs their billion user network, using FreeBSD, with only about 50 engineers\nOnly 15 of those engineers we needed to work on the project that has now deployed complete end-to-end encryption across the entire network\nThe Wired article is very detailed and well worth the read\n***\n\n\nInterview - George Neville-Neil - gnn@freebsd.org / @gvnn3\n\nTeaching BSD with Tracing\n\n\n\nNews Roundup\n\nFaces of FreeBSD 2016: Scott Long\n\n\nIt’s been awhile since we’ve had a new entry into the “Faces of FreeBSD” series, but due to popular demand it’s back!\nThis installment features developer Scott Long, who currently works at NetFlix, previously at Yahoo and Adaptec.\nScott got a very early start into BSD, first discovering i386BSD 0.1 on a FTP server at Berkeley, back at 1992. From there on it’s been a journey, following along with FreeBSD since version 1.0 in 1993.\nSo what stuff can we blame Scott for? In his own words:\n\n\n\nI’ve been a source committer since 2000. I got my start by taking over maintainership of the Adaptec ‘aac’ RAID driver. From 2002-2006 I was the Release Engineer and was responsible for the 5.x and 6.x releases. Though the early 5.x releases were not great, they were necessary stepping stones to the success of FreeBSD 6.x and beyond. I’m exceptionally proud of my role in helping FreeBSD move forward during that time.\n\nI authored and maintained the ‘mfi’ and ‘mps’ storage drivers, the ‘udf’ filesystem driver, and several smaller sound and USB drivers. I’ve maintained, or at least touched, most of the storage device drivers in the system to some extent, and I implemented medium-grained locking on the CAM storage stack. Recently I’ve been working on overall system scalability and performance.\n\n\n\n\nASCII Flow\n\n\nA website that lets to draw and share ASCII diagrams\nGreat for network layout maps, rack diagrams, protocol analysis etc\nUse it in your presentations and slides\nSample \n***\n\n\nSystem Under Test: FreeBSD\n\n\nPart of a series looking at testing across a number of projects\nOutlines the testing framework of FreeBSD\nProvides a mini-tutorial on how to run the tests\nThere are some other tests that are now covered, but this is due to a lack of documentation on the fact that the tests exist, and how to run them\nThere is much ongoing work in this area\n***\n\n\nWorst April Fools Joke EVER!\n\n\nWhile a bad April Fool’s joke, it also shows some common misconceptions\nThe FreeBSD Foundation does not own the source repository, it is only the care taken of the trademark, and other things that require a single legal entity\nOpenBSD and NetBSD are not ‘sub brands’ of FreeBSD\nBash was not ported to Windows, but rather Windows gained a system similar to FreeBSD’s linux_compat\nIt would be nice to have ZFS on Windows\n***\n\n\nBeastie Bits\n\n\nCredit where credit's due... \nM:Tier's OpenBSD packages and binpatches updated for 5.9\nNYC BUG Meeting (2016-04-06) - Debugging with LLVM, John Wolfe\nNeed to create extremely high traffic loads? kq_sendrecv is worth checking out \nIf you're in the Maryland region, CharmBug has a meetup next week \nHow to get a desktop on DragonFly \nLinux vs BSD Development Models  \n\n\nFeedback/Question\n\n\n Paulo - ZFS Setup \n Jonathan - Installation  \n Andrew - Career / School \n\n\n","content_html":"\u003cp\u003eThis week on the show, we will be interviewing GNN of the FreeBSD project to talk about the new TeachBSD initiative. That plus the latest BSD headlines, all coming your way right now!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/10.3R/announce.html\" rel=\"nofollow\"\u003eFreeBSD 10.3-RELEASE Announcement \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 10.3 has landed, with extended support until April 30, 2018\u003c/li\u003e\n\u003cli\u003eThis is likely to be the last extended support release, as starting with 11, the new support model will encourage upgrading to the latest minor version by ending support for the previous minor version approximately 2 months after each point release. The Major version / stable branch will still be supported for the same 5 year term. This will allow the FreeBSD project to move forward more quickly, while still providing the same level of long term support\u003c/li\u003e\n\u003cli\u003eThe UEFI boot loader is much improved, and now supports booting root-on-ZFS, and the beastie menu\u003c/li\u003e\n\u003cli\u003eThe beastie menu itself has been updated with support for ZFS Boot Environments\u003c/li\u003e\n\u003cli\u003eThe CAM Target Layer (CTL) now supports High Availability, allowing the construction of much more advanced storage systems\u003c/li\u003e\n\u003cli\u003eThe 64bit Linux Emulation Layer was backported\u003c/li\u003e\n\u003cli\u003eReroot support was added, allowing the system to boot off of a minimal image, such as a mfsroot and then reload all of userland from a different root file system (such as iSCSI, NFS, etc)\u003c/li\u003e\n\u003cli\u003eThe version of xz(1) has been updated to support multi-threaded compression\u003c/li\u003e\n\u003cli\u003esesutil(8) has been introduced, making it easier to manage large storage nodes\u003c/li\u003e\n\u003cli\u003eVarious ZFS updates\u003c/li\u003e\n\u003cli\u003eAs usual, a huge number of driver updates are also included\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.nongnu.org/archive/html/libreboot/2016-04/msg00010.html\" rel=\"nofollow\"\u003eHow to use OpenBSD with Libreboot: detailed instructions \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis tutorial covers installing OpenBSD on a Thinkpad X200 using Libreboot, a replacement for the traditional BIOS/firmware that comes from the manufacturer\u003c/li\u003e\n\u003cli\u003e“Since 5.9, OpenBSD supports EFI boot mode, which means that it also have had to support framebuffer out of the box, so lack of proprietary VGA BIOS blob is no longer a problem and you can boot it with unmodified Libreboot binary release 20150518.”\u003c/li\u003e\n\u003cli\u003e“In order to install OpenBSD on such a machine you will need someadditional preparations, since regular install59.fs won\u0026#39;t work because bsd.rd doesn\u0026#39;t have a framebuffer console.”\u003c/li\u003e\n\u003cli\u003eA few extra steps are required to get it going, but they are outlined in the post\u003c/li\u003e\n\u003cli\u003eThis may be very interesting to those who prefer not to depend on binary blobs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.llvm.org/pipermail/llvm-dev/2016-March/096449.html\" rel=\"nofollow\"\u003eLinking the FreeBSD base system with lld -- status update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD Foundation’s Ed Maste provides an update on the LLVM mailing list about the progress of replacing the GNU linker with the lld in the FreeBSD base system\u003c/li\u003e\n\u003cli\u003e“I\u0026#39;m pleased to report that I can now build a runnable FreeBSD system using lld as the linker (for buildworld), with a few workarounds and work-in-progress patches. I have not yet extensively tested the result but it is possible to login to the resulting system, and basic sanity tests I\u0026#39;ve tried are successful. Note that the kernel is still linked with ld.bfd.”\u003c/li\u003e\n\u003cli\u003eOutstanding Issues\n\n\u003cul\u003e\n\u003cli\u003eSymbol version support (PR 23231). FreeBSD uses symbol versioning for backwards compatibility\u003c/li\u003e\n\u003cli\u003eLinker script expression support (PR 26731). The FreeBSD kernel linker scripts contain expressions not currently supported by lld\u003c/li\u003e\n\u003cli\u003eLibrary search paths. GNU LD automatically searches /lib, and lld does not\u003c/li\u003e\n\u003cli\u003ethe -N flag makes the text and data sections RW and does not page-align data.\nIt is used by boot loader components.\u003c/li\u003e\n\u003cli\u003eThe -dc flag assigns space to common symbols when producing relocatable output (-r). It is used by the /rescue build, which is a single binary assembled from a collection of individual tools (sh, ls, fsck, ...)\u003c/li\u003e\n\u003cli\u003e-Y adds a path to the default library search path. It is used by the lib32 build, which provides i386 builds of the system libraries for compatibility with i386 applications.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eWith the ongoing work, it might be possible for FreeBSD 11 to use lld by default, although it might be best to wait to throw that particular switch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.wired.com/2016/04/forget-apple-vs-fbi-whatsapp-just-switched-encryption-billion-people/\" rel=\"nofollow\"\u003eYour favorite billion user company using BSD just flipped on encryption for all their users -- and it took 15 Engineers to do it\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith the help of Moxie Marlinspike’s Open Whisper Systems, WhatsApp has integrated the ‘Signal’ encryption system for all messages, class, pictures, and videos sent between individuals or groups\u003c/li\u003e\n\u003cli\u003eIt uses public key cryptography, very similar to GPG, but with automated public key servers\u003c/li\u003e\n\u003cli\u003eIt also includes a system of QR codes to verify the identity of individuals in person, so you can be sure the person you are talking to is actually the person you met with\u003c/li\u003e\n\u003cli\u003eWhatsApp runs their billion user network, using FreeBSD, with only about 50 engineers\u003c/li\u003e\n\u003cli\u003eOnly 15 of those engineers we needed to work on the project that has now deployed complete end-to-end encryption across the entire network\u003c/li\u003e\n\u003cli\u003eThe Wired article is very detailed and well worth the read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - George Neville-Neil - \u003ca href=\"mailto:gnn@freebsd.org\" rel=\"nofollow\"\u003egnn@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/gvnn3\" rel=\"nofollow\"\u003e@gvnn3\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eTeaching BSD with Tracing\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/faces-of-freebsd-2016-scott-long/\" rel=\"nofollow\"\u003eFaces of FreeBSD 2016: Scott Long\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s been awhile since we’ve had a new entry into the “Faces of FreeBSD” series, but due to popular demand it’s back!\u003c/li\u003e\n\u003cli\u003eThis installment features developer Scott Long, who currently works at NetFlix, previously at Yahoo and Adaptec.\u003c/li\u003e\n\u003cli\u003eScott got a very early start into BSD, first discovering i386BSD 0.1 on a FTP server at Berkeley, back at 1992. From there on it’s been a journey, following along with FreeBSD since version 1.0 in 1993.\u003c/li\u003e\n\u003cli\u003eSo what stuff can we blame Scott for? In his own words:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eI’ve been a source committer since 2000. I got my start by taking over maintainership of the Adaptec ‘aac’ RAID driver. From 2002-2006 I was the Release Engineer and was responsible for the 5.x and 6.x releases. Though the early 5.x releases were not great, they were necessary stepping stones to the success of FreeBSD 6.x and beyond. I’m exceptionally proud of my role in helping FreeBSD move forward during that time.\u003c/p\u003e\n\n\u003cp\u003eI authored and maintained the ‘mfi’ and ‘mps’ storage drivers, the ‘udf’ filesystem driver, and several smaller sound and USB drivers. I’ve maintained, or at least touched, most of the storage device drivers in the system to some extent, and I implemented medium-grained locking on the CAM storage stack. Recently I’ve been working on overall system scalability and performance.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://asciiflow.com/\" rel=\"nofollow\"\u003eASCII Flow\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA website that lets to draw and share ASCII diagrams\u003c/li\u003e\n\u003cli\u003eGreat for network layout maps, rack diagrams, protocol analysis etc\u003c/li\u003e\n\u003cli\u003eUse it in your presentations and slides\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://drive.google.com/open?id=0BynxTTJrNUOKeWxCVm1ERExrNkU\" rel=\"nofollow\"\u003eSample \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lowlevelbits.org/system-under-test-freebsd/\" rel=\"nofollow\"\u003eSystem Under Test: FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePart of a series looking at testing across a number of projects\u003c/li\u003e\n\u003cli\u003eOutlines the testing framework of FreeBSD\u003c/li\u003e\n\u003cli\u003eProvides a mini-tutorial on how to run the tests\u003c/li\u003e\n\u003cli\u003eThere are some other tests that are now covered, but this is due to a lack of documentation on the fact that the tests exist, and how to run them\u003c/li\u003e\n\u003cli\u003eThere is much ongoing work in this area\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.rhyous.com/2016/04/01/microsoft-announces-it-is-acquiring-freebsd-for-300-million/\" rel=\"nofollow\"\u003eWorst April Fools Joke EVER!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile a bad April Fool’s joke, it also shows some common misconceptions\u003c/li\u003e\n\u003cli\u003eThe FreeBSD Foundation does not own the source repository, it is only the care taken of the trademark, and other things that require a single legal entity\u003c/li\u003e\n\u003cli\u003eOpenBSD and NetBSD are not ‘sub brands’ of FreeBSD\u003c/li\u003e\n\u003cli\u003eBash was not ported to Windows, but rather Windows gained a system similar to FreeBSD’s linux_compat\u003c/li\u003e\n\u003cli\u003eIt would be nice to have ZFS on Windows\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://forums.freebsd.org/threads/55642/\" rel=\"nofollow\"\u003eCredit where credit\u0026#39;s due...\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://stable.mtier.org/\" rel=\"nofollow\"\u003eM:Tier\u0026#39;s OpenBSD packages and binpatches updated for 5.9\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.nycbug.org/index.cgi\" rel=\"nofollow\"\u003eNYC BUG Meeting (2016-04-06) - Debugging with LLVM, John Wolfe\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-March/459651.html\" rel=\"nofollow\"\u003eNeed to create extremely high traffic loads? kq_sendrecv is worth checking out\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.meetup.com/CharmBUG/events/230048300/\" rel=\"nofollow\"\u003eIf you\u0026#39;re in the Maryland region, CharmBug has a meetup next week\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.dragonflybsd.org/docs/how_to_get_to_the_desktop/\" rel=\"nofollow\"\u003eHow to get a desktop on DragonFly\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/q5sys/status/717509675630084096\" rel=\"nofollow\"\u003eLinux vs BSD Development Models \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Question\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/raw/GrM0jKZK\" rel=\"nofollow\"\u003e Paulo - ZFS Setup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/raw/13KCkhMU\" rel=\"nofollow\"\u003e Jonathan - Installation \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/wsx90L2m\" rel=\"nofollow\"\u003e Andrew - Career / School\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"This week on the show, we will be interviewing GNN of the FreeBSD project to talk about the new TeachBSD initiative. That plus the latest BSD headlines, all coming your way right now!","date_published":"2016-04-06T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/719cbcc9-9b74-4129-9a35-bef5f499f3b9.mp3","mime_type":"audio/mpeg","size_in_bytes":69077236,"duration_in_seconds":5756}]},{"id":"8a5f5b3a-051c-4322-a49a-e3f61cf57381","title":"135: Speciality MWL","url":"https://www.bsdnow.tv/135","content_text":"This week on the show, we interview author Michael W Lucas to discuss his new book in the FreeBSD\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD 5.9 Released early\n\n\nFinished ahead of schedule! OpenBSD 5.9 has officially landed\nWe’ve been covering some of the ongoing changes as they landed in the tree, but with the official release it’s time to bring you the final list of the new hotness which landed.\nFirst up:\n\n\nPledge - Over 70%! Of the userland utilities have been converted to use it, and the best part, you probably didn’t even notice\nUEFI - Laptops which are pre-locked down to boot UEFI only can now be installed and used - GPT support has also been greatly improved\n‘Less’ was replaced with a fork from Illumos, and has been further improved\nXen DomU support - OpenBSD now plays nice in the cloud\nX11 - Broadwell and Bay Trail are now supported\nInitial work on making the network stack better support SMP has been added, this is still ongoing, but things are starting to happen\n802.11N! Specifically for the iwn/iwm drivers\nIn addition to support for UTF-8, most other locales have been ripped out, leaving only C and UTF-8 left standing in the wake\nAll and all, sounds like a solid new release with plenty of new goodies to play with. Go grab a copy now!\n***\n\n\n\nNew routing table code (ART) enabled in -current\n\n\nWhile OpenBSD 5.9 just landed, we also have some interesting work landing right now in -CURRENT as well. Specifically the new routing table code (ART) has landed:\n\n\n\n“I just enabled ART in -current, it will be the default routing table backend in the next snapshots.\nThe plan is to squash the possible regressions with this new routing table backend then when we're confident enough, take its route lookup out of the KERNEL_LOCK(). Yes, this is one of the big steps for our network SMP improvements.\nIn order to make progress, we need your help to make sure this new backend works well on your setup. So please, go download the next snapshot and report back.\nIf you encounter any routing table regression, please make sure that you cannot reproduce it with your old kernel and include the output of # route -n show\nfor the 2 kernels as well as the dmesg in your report.\nI know that simple dhclient(8) based setups work with ART, so please do not flood us too much. It's always great to know that things work, but it's also hard to keep focus ;)\nThank your very much for your support!”\n\n\nThere you have it folks! If 5.9 is already too stale for you, time to move over to -CURRENT and give the new routing tables a whirl.\n***\n\n\n\nfractal cells - FreeBSD-based All-In-One solution for software development startups\n\n\nFractal Cells is a suite that transforms a stock FreeBSD installation into an instant “Startup Software Development Platform”\nIt Integrates ZFS, PostgreSQL, OpenSMTPD, NGINX, OpenVPN, Redmine, Jenkins, Zabbix, Gitlab, and Ansible, all under OpenLDAP common authentication\nThe suite is available under the 2-clause BSD license\nProvides all of the tools and infrastructure to build your application, including code review, issue tracking, continuous integration, and monitoring\nAn interesting way to make it easier for people to start building new applications and startups on top of FreeBSD\n***\n\n\nLinuxSecrets publishes guide on installing FreeBSD ezJail\n\n\nCovers all of the steps of setting up ezjail on FreeBSD\nIncludes the instructions for updating the version of the OS in the jail\nIn a number of places the tutorial uses:\n\u0026gt; cat \u0026lt;\u0026lt; EOF \u0026gt;\u0026gt; /etc/rc.conf \u0026gt; setting=”value”\nInstead, use: sysrc setting=”value”\nIt is safer, and easier to type\nWhen you create the jail, if you specify an IP address, it is expected that this IP address is already setup on the host machine\nIf instead you specify: ‘em0|192.168.1.105’ (where em0 is your network interface), the IP address will be added as an alias when the jail starts, and removed from the host when the jail is stopped\nYou can also comma separate a list of addresses to have multiple IPs (possibly on different interfaces) in the jail\nAlthough recently posted, this appears as if it might be an update to a previous tutorial, as there are a few old references that have not been updated (pkg_add, rc.d/ezjail.sh), while the start of the article clearly covers pkg(8)\n***\n\n\nInterview - Michael W. Lucas - mwlucas@michaelwlucas.com /\n\n@mwlauthor\n\n\nNew Book: “FreeBSD Mastery: Specialty Filesystems”\n\n\n\n\nNews Roundup\n\nNetBSD on Dreamcast\n\n\nAhh the dreamcast, so much promise. So much potential. If you are still holding onto your beloved dreamcast hoping that someday Sega will re-enter the console market… Then give it up now!\nIn the meantime, you can now do something more interesting with that box taking up space in the closet. We have a link to a GitHub repo where a user has uploaded his curses-based slide-show for the upcoming Fort-Wayne, Indiana meetup.\nAside from the novelty of using a curses-based slide setup, the presenter will also be displaying them from his beloved dreamcast, which “of course” runs NetBSD 7\nThe slide source code is available, which you too can view / compile and find out details of getting NetBSD boot-strapped on the DC.\n***\n\n\nOPNsense 16.1.7 Released\n\n\ncaptive portal: add session timeout to status info\nfirewall: fix non-report of errors when filter reload errors couldn’t be parsed\nproxy: adjust category visibility as not all of them were shown before\nfirmware: fix an overzealous upgrade run when the package tool only changes options\nfirmware: fixed the binary upgrade patch from 15.7.x in FreeBSD’s package tool\nsystem: removed NTP settings from general settings\naccess: let only root access status.php as it leaks too much info\ndevelopment: remove the automount features\ndevelopment: addition of “opnsense-stable” package on our way to nightly builds\ndevelopment: opnsense-update can now install locally available base and kernel sets\n***\n\n\n“FreeBSD Mastery: Advanced ZFS” in tech review\n\n\nMost of the tech review is finished\nIt was very interesting to hear from many ZFS experts that they learned something from reading the review copy of the book, I was not expecting this\nMany minor corrections and clarifications have been integrated\nThe book is now being copy edited\n***\n\n\nWhy OpenBSD?\n\n\nFrederic Cambus gives us a nice perspective piece today on what his particular reasons are for choosing OpenBSD.\nFrederic is no stranger to UNIX-Like systems, having used them for 20 years now. In particular starting on Slackware back in ‘96 and moving to FreeBSD from 2000-2005 (around the 4.x series)\nHis adventure into OpenBSD began sometime after 2005 (specific time unknown), but a bunch of things left a very good impression on him throughout the years.\nFirst, was the ease of installation, with its very minimalistic layout, which was one of the fastest installs he had ever done.\nSecond was the extensive documentation, which extends beyond just manpages, but into other forms of documentation, such as presentations and papers as well.\nHe makes the point about an “ecosystem of quality” that surrounds OpenBSD:\n\n\n\nOpenBSD is an ecosystem of quality. This is the result of a culture of code auditing, reviewing, and a rigorous development process where each commit hitting the tree must be approved by other developers. It has a slower evolution pace and a more carefully planned development model which leads to better code quality overall. Its well deserved reputation of being an ultra secure operating system is the byproduct of a no compromise attitude valuing simplicity, correctness, and most importantly proactivity. OpenBSD also deletes code, a lot of code. Everyone should know that removing code and keeping the codebase modern is probably as important as adding new one. Quoting Saint-Exupery: \"It seems that perfection is attained not when there is nothing more to add, but when there is nothing more to remove\".\n\n\n\nThe article then covers security mechanisms, as well as the defaults which are turned specifically with an eye towards security.\nAll-in-all a good perspective piece about the reasons why OpenBSD is the right choice for Frederic, worth your time to read up on it if you want to learn more about OpenBSD’s differences.\n***\n\n\nBeastieBits\n\n\nCall for 2016Q1 quarterly status reports\nFreeBSD Mastery: Advanced ZFS” sponsorships ending soon\nShawn Webb from HardenedBSD talking about giving away RPi3’s at BSDCan and hacking on them to get FreeBSD working\nxterm(1) now UTF-8 by default\nCall For Artists: New Icon Theme\nHappy 23rd Birthday, src!\n\n\n\n\nFeedback/Questions\n\n\n Alison - Readahead and Wayland\n Kenny - Gear\n Ben - IPFW2/3\n Brad - ZFS Writeback\n Simon - BSD Toonz\n***\n","content_html":"\u003cp\u003eThis week on the show, we interview author Michael W Lucas to discuss his new book in the FreeBSD\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca title=\"iXsystems\" href=\"http://www.ixsystems.com/bsdnow\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca title=\"DigitalOcean\" href=\"http://www.digitalocean.com/\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca title=\"Tarsnap\" href=\"http://www.tarsnap.com/bsdnow\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160329181346\u0026mode=expanded\" rel=\"nofollow\"\u003eOpenBSD 5.9 Released early\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFinished ahead of schedule! OpenBSD 5.9 has officially landed\u003c/li\u003e\n\u003cli\u003eWe’ve been covering some of the ongoing changes as they landed in the tree, but with the official release it’s time to bring you the final list of the new hotness which landed.\u003c/li\u003e\n\u003cli\u003eFirst up:\n\n\u003cul\u003e\n\u003cli\u003ePledge - Over 70%! Of the userland utilities have been converted to use it, and the best part, you probably didn’t even notice\u003c/li\u003e\n\u003cli\u003eUEFI - Laptops which are pre-locked down to boot UEFI only can now be installed and used - GPT support has also been greatly improved\u003c/li\u003e\n\u003cli\u003e‘Less’ was replaced with a fork from Illumos, and has been further improved\u003c/li\u003e\n\u003cli\u003eXen DomU support - OpenBSD now plays nice in the cloud\u003c/li\u003e\n\u003cli\u003eX11 - Broadwell and Bay Trail are now supported\u003c/li\u003e\n\u003cli\u003eInitial work on making the network stack better support SMP has been added, this is still ongoing, but things are starting to happen\u003c/li\u003e\n\u003cli\u003e802.11N! Specifically for the iwn/iwm drivers\u003c/li\u003e\n\u003cli\u003eIn addition to support for UTF-8, most other locales have been ripped out, leaving only C and UTF-8 left standing in the wake\u003c/li\u003e\n\u003cli\u003eAll and all, sounds like a solid new release with plenty of new goodies to play with. Go grab a copy now!\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160324093944\" rel=\"nofollow\"\u003eNew routing table code (ART) enabled in -current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile OpenBSD 5.9 just landed, we also have some interesting work landing right now in -CURRENT as well. Specifically the new routing table code (ART) has landed:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“I just enabled ART in -current, it will be the default routing table backend in the next snapshots.\u003cbr\u003e\nThe plan is to squash the possible regressions with this new routing table backend then when we\u0026#39;re confident enough, take its route lookup out of the KERNEL_LOCK(). Yes, this is one of the big steps for our network SMP improvements.\u003cbr\u003e\nIn order to make progress, we need your help to make sure this new backend works well on your setup. So please, go download the next snapshot and report back.\u003cbr\u003e\nIf you encounter any routing table regression, please make sure that you cannot reproduce it with your old kernel and include the output of # route -n show\u003cbr\u003e\nfor the 2 kernels as well as the dmesg in your report.\u003cbr\u003e\nI know that simple dhclient(8) based setups work with ART, so please do not flood us too much. It\u0026#39;s always great to know that things work, but it\u0026#39;s also hard to keep focus ;)\u003cbr\u003e\nThank your very much for your support!”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere you have it folks! If 5.9 is already too stale for you, time to move over to -CURRENT and give the new routing tables a whirl.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.freebsd.org/threads/55561/\" rel=\"nofollow\"\u003efractal cells - FreeBSD-based All-In-One solution for software development startups\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFractal Cells is a suite that transforms a stock FreeBSD installation into an instant “Startup Software Development Platform”\u003c/li\u003e\n\u003cli\u003eIt Integrates ZFS, PostgreSQL, OpenSMTPD, NGINX, OpenVPN, Redmine, Jenkins, Zabbix, Gitlab, and Ansible, all under OpenLDAP common authentication\u003c/li\u003e\n\u003cli\u003eThe suite is available under the 2-clause BSD license\u003c/li\u003e\n\u003cli\u003eProvides all of the tools and infrastructure to build your application, including code review, issue tracking, continuous integration, and monitoring\u003c/li\u003e\n\u003cli\u003eAn interesting way to make it easier for people to start building new applications and startups on top of FreeBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.linuxsecrets.com/blog/51freebsd/2016/02/29/1726-installing\" rel=\"nofollow\"\u003eLinuxSecrets publishes guide on installing FreeBSD ezJail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCovers all of the steps of setting up ezjail on FreeBSD\u003c/li\u003e\n\u003cli\u003eIncludes the instructions for updating the version of the OS in the jail\u003c/li\u003e\n\u003cli\u003eIn a number of places the tutorial uses:\u003cbr\u003e\n\u0026gt; cat \u0026lt;\u0026lt; EOF \u0026gt;\u0026gt; /etc/rc.conf \u0026gt; setting=”value”\u003c/li\u003e\n\u003cli\u003eInstead, use: sysrc setting=”value”\u003c/li\u003e\n\u003cli\u003eIt is safer, and easier to type\u003c/li\u003e\n\u003cli\u003eWhen you create the jail, if you specify an IP address, it is expected that this IP address is already setup on the host machine\u003c/li\u003e\n\u003cli\u003eIf instead you specify: ‘em0|192.168.1.105’ (where em0 is your network interface), the IP address will be added as an alias when the jail starts, and removed from the host when the jail is stopped\u003c/li\u003e\n\u003cli\u003eYou can also comma separate a list of addresses to have multiple IPs (possibly on different interfaces) in the jail\u003c/li\u003e\n\u003cli\u003eAlthough recently posted, this appears as if it might be an update to a previous tutorial, as there are a few old references that have not been updated (pkg_add, rc.d/ezjail.sh), while the start of the article clearly covers pkg(8)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Michael W. Lucas - \u003ca href=\"mailto:mwlucas@michaelwlucas.com\" rel=\"nofollow\"\u003emwlucas@michaelwlucas.com\u003c/a\u003e /\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://twitter.com/mwlauthor\" rel=\"nofollow\"\u003e@mwlauthor\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew Book: “FreeBSD Mastery: Specialty Filesystems”\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/fwbug/dreamcast-slides\" rel=\"nofollow\"\u003eNetBSD on Dreamcast\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAhh the dreamcast, so much promise. So much potential. If you are still holding onto your beloved dreamcast hoping that someday Sega will re-enter the console market… Then give it up now!\u003c/li\u003e\n\u003cli\u003eIn the meantime, you can now do something more interesting with that box taking up space in the closet. We have a link to a GitHub repo where a user has uploaded his curses-based slide-show for the upcoming Fort-Wayne, Indiana meetup.\u003c/li\u003e\n\u003cli\u003eAside from the novelty of using a curses-based slide setup, the presenter will also be displaying them from his beloved dreamcast, which “of course” runs NetBSD 7\u003c/li\u003e\n\u003cli\u003eThe slide source code is available, which you too can view / compile and find out details of getting NetBSD boot-strapped on the DC.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-16-1-7-released/\" rel=\"nofollow\"\u003eOPNsense 16.1.7 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ecaptive portal: add session timeout to status info\u003c/li\u003e\n\u003cli\u003efirewall: fix non-report of errors when filter reload errors couldn’t be parsed\u003c/li\u003e\n\u003cli\u003eproxy: adjust category visibility as not all of them were shown before\u003c/li\u003e\n\u003cli\u003efirmware: fix an overzealous upgrade run when the package tool only changes options\u003c/li\u003e\n\u003cli\u003efirmware: fixed the binary upgrade patch from 15.7.x in FreeBSD’s package tool\u003c/li\u003e\n\u003cli\u003esystem: removed NTP settings from general settings\u003c/li\u003e\n\u003cli\u003eaccess: let only root access status.php as it leaks too much info\u003c/li\u003e\n\u003cli\u003edevelopment: remove the automount features\u003c/li\u003e\n\u003cli\u003edevelopment: addition of “opnsense-stable” package on our way to nightly builds\u003c/li\u003e\n\u003cli\u003edevelopment: opnsense-update can now install locally available base and kernel sets\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2570\" rel=\"nofollow\"\u003e“FreeBSD Mastery: Advanced ZFS” in tech review\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMost of the tech review is finished\u003c/li\u003e\n\u003cli\u003eIt was very interesting to hear from many ZFS experts that they learned something from reading the review copy of the book, I was not expecting this\u003c/li\u003e\n\u003cli\u003eMany minor corrections and clarifications have been integrated\u003c/li\u003e\n\u003cli\u003eThe book is now being copy edited\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.cambus.net/why-openbsd/\" rel=\"nofollow\"\u003eWhy OpenBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrederic Cambus gives us a nice perspective piece today on what his particular reasons are for choosing OpenBSD.\u003c/li\u003e\n\u003cli\u003eFrederic is no stranger to UNIX-Like systems, having used them for 20 years now. In particular starting on Slackware back in ‘96 and moving to FreeBSD from 2000-2005 (around the 4.x series)\u003c/li\u003e\n\u003cli\u003eHis adventure into OpenBSD began sometime after 2005 (specific time unknown), but a bunch of things left a very good impression on him throughout the years.\u003c/li\u003e\n\u003cli\u003eFirst, was the ease of installation, with its very minimalistic layout, which was one of the fastest installs he had ever done.\u003c/li\u003e\n\u003cli\u003eSecond was the extensive documentation, which extends beyond just manpages, but into other forms of documentation, such as presentations and papers as well.\u003c/li\u003e\n\u003cli\u003eHe makes the point about an “ecosystem of quality” that surrounds OpenBSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eOpenBSD is an ecosystem of quality. This is the result of a culture of code auditing, reviewing, and a rigorous development process where each commit hitting the tree must be approved by other developers. It has a slower evolution pace and a more carefully planned development model which leads to better code quality overall. Its well deserved reputation of being an ultra secure operating system is the byproduct of a no compromise attitude valuing simplicity, correctness, and most importantly proactivity. OpenBSD also deletes code, a lot of code. Everyone should know that removing code and keeping the codebase modern is probably as important as adding new one. Quoting Saint-Exupery: \u0026quot;It seems that perfection is attained not when there is nothing more to add, but when there is nothing more to remove\u0026quot;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe article then covers security mechanisms, as well as the defaults which are turned specifically with an eye towards security.\u003c/li\u003e\n\u003cli\u003eAll-in-all a good perspective piece about the reasons why OpenBSD is the right choice for Frederic, worth your time to read up on it if you want to learn more about OpenBSD’s differences.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastieBits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://docs.freebsd.org/cgi/getmsg.cgi?fetch=9011+0+current/freebsd-hackers\" rel=\"nofollow\"\u003eCall for 2016Q1 quarterly status reports\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2593\" rel=\"nofollow\"\u003eFreeBSD Mastery: Advanced ZFS” sponsorships ending soon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.freebsd.org/cgi/getmsg.cgi?fetch=250105+0+archive/2016/freebsd-arm/20160306.freebsd-arm\" rel=\"nofollow\"\u003eShawn Webb from HardenedBSD talking about giving away RPi3’s at BSDCan and hacking on them to get FreeBSD working\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160308204011\" rel=\"nofollow\"\u003exterm(1) now UTF-8 by default\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.pcbsd.org/2016/03/call-for-artists-new-icon-theme/\" rel=\"nofollow\"\u003eCall For Artists: New Icon Theme\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/happy_23rd_birthday_src\" rel=\"nofollow\"\u003eHappy 23rd Birthday, src!\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2oqRuXCYW\" rel=\"nofollow\"\u003e Alison - Readahead and Wayland\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2sQ8MxNPh\" rel=\"nofollow\"\u003e Kenny - Gear\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20SRvXPZA\" rel=\"nofollow\"\u003e Ben - IPFW2/3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s207mV2Ph1\" rel=\"nofollow\"\u003e Brad - ZFS Writeback\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s202loSWdf\" rel=\"nofollow\"\u003e Simon - BSD Toonz\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we interview author Michael W Lucas to discuss his new book in the FreeBSD","date_published":"2016-03-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8a5f5b3a-051c-4322-a49a-e3f61cf57381.mp3","mime_type":"audio/mpeg","size_in_bytes":72669172,"duration_in_seconds":6055}]},{"id":"af2a0241-5911-434f-8fe1-6dd556b074ae","title":"134: Marking up the Ports tree","url":"https://www.bsdnow.tv/134","content_text":"This week on the show, Allan and I have gotten a bit more sleep since AsiaBSDCon, which is excellent since there is a LOT of news to cover. That plus our interview with Ports SecTeam member Mark Felder. So keep it\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeNAS 9.10 Released\n\n\nOS:\n\n\nThe base OS version for FreeNAS 9.10 is now FreeBSD 10.3-RC3, bringing in a huge number of OS-related bug fixes, performance improvements and new features.\n+Directory Services:\nYou can now connect to large AD domains with cache disabled.\n+Reporting:\nAdd the ability to send collectd data to a remote graphite server.\n+Hardware Support:\nAdded Support for Intel I219-V \u0026amp; I219-LM Gigabit Ethernet Chipset\nAdded Support for Intel Skylake architecture\nImproved support for USB devices (like network adapters)\nUSB 3.0 devices now supported.\n+Filesharing:\nSamba (SMB filesharing) updated from version 4.1 to 4.3.4\nAdded GUI feature to allow nfsv3-like ownership when using nfsv4\nVarious bug fixes related to FreeBSD 10.\n+Ports:\nFreeBSD ports updated to follow the FreeBSD 2016Q1 branch.\n+Jails:\nFreeBSD Jails now default to a FreeBSD 10.3-RC2 based template.\nOld jails, or systems on which jails have been installed, will still default to the previous FreeBSD 9.3 based template. Only those machinesusing jails for the first time (or deleting and recreating their jails dataset) will use the new template.\n+bhyve:\n++In the upcoming 10 release, the CLI will offer full support for managing virtual machines and containers. Until then, the iohyve command is bundled as a stop-gap solution to provide basic VM management support -\n***\n\n\n\nUbuntu BSD's first Beta Release\n\n\nUnder the category of “Where did this come from?”, we have a first beta release of Ubuntu BSD.\nSpecifically it is Ubuntu, respun to use the FreeBSD kernel and ZFS natively.\nFrom looking at the minimal information up on sourceforge, we gather that is has a nice text-based installer, which supports ZFS configuration and iSCSI volume creation setups.\nAside from that, it includes the XFCE desktop out of box, but claims to be suitable for both desktops and servers alike right now.\nWe will keep an eye on this, if anybody listening has already tested it out, maybe drop us a line on your thoughts of how this mash-up works out.\n***\n\n\nFreeBSD - a lesson in poor defaults\n\n\nFormer BSD producer, and now OpenBSD developer, TJ, writes a post detailing the defaults he changes in a fresh FreeBSD installation\nMaybe some of these should be the defaults\nWhile others are definitely a personal preference, or are not as security related as they seem\nA few of these, while valid criticisms, but some are done for a reason\nSpecifically, the OpenSSH changes.\nSo, you’re a user, you install FreeBSD 10.0, and it comes with OpenSSH version X, which has some specific defaults\nAs guaranteed by the FreeBSD Project, you will have a nice smooth upgrade path to any version in the 10.x branch\nJust because OpenSSH has released version Y, doesn’t mean that the upgrade can suddenly remove support for DSA keys, or re-adding support for AES-CBC (which is not really weak, and which can be hardware accelerated, unlikely most of the replacements)\n“FreeBSD is the team trying to increase the risk.” Is incorrect, they are trying to reduce the impact on the end user\nSpecifically, a user upgrading from 10.x to 10.3, should not end up locked out of their SSH server, or otherwise confronted by unexpected errors or slowdowns because of upstream changes\nI will note again, (and again), that the NONE cipher can NOT allow a user to “shoot themselves in the foot”, encryption is still used during the login phase, it is just disabled for the file transfer phase. The NONE cipher will refuse to work for an interactive session.\nWhile the post states that the NONE cipher doesn’t improve performance that much, it infact does\nIn my own testing, chacha20-poly1305 1.3 gbps, aes128-gcm (fastest) 5.0 gbps, NONE cipher 6.3 gbps\nThat means that the NONE cipher is an hour faster to transfer 10 TB over the LAN.\nThe article suggests just removing sendmail with no replacement. Not sure how they expect users to deliver mail, or the daily/weekly reports\nPorts can be compiled as a regular user. Only the install phase requires root\nfor ntpd, it is not clear that there is an acceptable replacement yet, but I will not that it is off by default\nIn the sysctl section, I am not sure I see how enabling tcp blackhole actually increases security at all\nI am not sure that linking to every security advisory in openssl since 2001 is actually useful\nEncrypted swap is an option in bsdinstall now, but I am not sure it is really that important\nFreeBSD now uses the Fortuna PRNG, upgraded to replace the older Yarrow, not vanilla RC4.\n“The resistance from the security team to phase out legacy options makes mewonder if they should be called a compatibility team instead.”\nI do not think this is the choice of the security team, it is the ABI guarantee that the project makes. The stable/10 branch will always have the same ABI, and a program or driver compiled against it will work with any version on that branch\nThe security team doesn’t really have a choice in the matter. Switching the version of OpenSSL used in FreeBSD 9.x would likely break a large number of applications the user has installed\nSomething may need to be done differently, since it doesn’t look like any version of OpenSSL, (or OpenSSH), will be supported for 5 years ever again\n***\n\n\nZFS Raidz Performance, Capacity and Integrity\n\n\nAn updated version of an article comparing the performance of various ZFS vdev configurations\nThe settings users in the test may not reflect your workload\nIf you are benchmarking ZFS, consider using multiple files across different datasets, and not making all of the writes synchronous\nAlso, it is advisable to run more than 3 runs of each test\nComparing the numbers from the 12 and 24 disk tests, it is surprising to see that the 12 mirror sets did not outperform the other configurations. In the 12 drive tests, the 6 mirror sets had about the same read performance as the other configurations, it is not clear why the performance with more disks is worse, or why it is no longer in line with the other configurations\nMore investigation of this would be required\nThere are obviously so other bottlenecks, as 5x SSDs in RAID-Z1 performed the same as 17x SSDs in RAID-Z1\nInteresting results none the less\n***\n\n\niXSystems\n\n\nFreeNAS Mini Review \n\n\nInterview - Mark Felder - feld@freebsd.org / @feldpos\n\n\nPorts, Ports and more Ports\n\n\nDigitalOcean\n\n\nDigital Ocean's guide to setting up an OpenVPN server \n\n\nNews Roundup\n\nAsiaBSDCon OpenBSD Papers \n\n\nUndeadly.org has compiled a handy list of the various OpenBSD talks / papers that were offered a few weeks ago at AsiaBSDCon 2016.\n\n\nAntoine Jacoutot (ajacoutot@) - OpenBSD rc.d(8) (slides | paper)\nHenning Brauer (henning@) - Running an ISP on OpenBSD (slides)\nMike Belopuhov (mikeb@) - Implementation of Xen PVHVM drivers in OpenBSD (slides | paper)\nMike Belopuhov (mikeb@) - OpenBSD project status update (slides)\nMike Larkin (mlarkin@) - OpenBSD vmm Update (slides)\nReyk Floeter (reyk@) - OpenBSD vmd Update (slides) \n\n\nEach talk provides slides, and some the papers as well. Also included is the update to ‘vmm’ discussed at bhyveCon, which will be of interest to virtualization enthusiasts.\n***\n\n\nBitcoin Devs could learn a lot from BSD\n\n\nAn interesting article this week, comparing two projects that at first glance may not be entirely related, namely BitCoin and BSD.\nThe article first details some of the woes currently plaguing the BitCoin development community, such as toxic community feedback to changes and stakeholders with vested financial interests being unable to work towards a common development purpose.\nThis leads into the crux or the article, about what BitCoin devs could learn from BSD:\n\n\n\nFirst and foremost, the way code is developed needs change to stop the current negative trend in Bitcoin. The FreeBSD project has a rigid internal hierarchy of people with write access to their codebase, which the various Bitcoin implementations also have, but BSD does this in a way that is very open to fresh eyes on their code, allowing parallel problem solving without the petty infighting we see in Bitcoin. Anyone can propose a commit publicly to the code, make it publicly available, and democratically decide which change ends up in the codebase. FreeBSD has a tiny number of core developers compared to the size of their codebase, but at any point, they have a huge community advancing their project without hard forks popping up at every small disagreement. Brian Armstrong commented recently on this flaw with Bitcoin development, particularly with the Core Devs:\n\n“Being high IQ is not enough for a team to succeed. You need to make reasonable tradeoffs, collaborate, be welcoming, communicate, and be easy to work with. Any team that doesn’t have this will be unable to attract top talent and will struggle long term. In my opinion, perhaps the biggest risk in Bitcoin right now is, ironically, one of the things which has helped it the most in the past: the Bitcoin Core developers.”\n\n\n\nA good summary of the culture that could be adopted is summed up as follows:\n\n\n\nThe other thing Bitcoin devs could learn from is the BSD community’s adoption of the Unix Design philosophy. Primarily “Worse is Better,” The rule of Diversity, and Do One Thing and Do It Well. “Worse is Better” emphasizes using extant functional solutions rather than making more complex ones, even if they would be more robust. The Rule of Diversity stresses flexibility of the program being developed, allowing for modification and different implementations without breaking. Do one Thing and Do it well is a mantra of the BSD and Unix Communities that stresses modularity and progress over “perfect” solutions. Each of these elements help to make BSD a wildly successful open source project with a healthy development community and lots of inter-cooperation between the different BSD systems. While this is the opposite of what we see with Bitcoin at present, the situation is salvageable provided changes like this are made, especially by Core Developers.\n\n\n\nAll in all, a well written and interesting take on the FreeBSD/BSD project. We hope the BitCoin devs can take something useful from it down the road.\n***\n\n\nFreeBSD cross-compiling with gcc and poudriere\n\n\nCross-Compiling, always a challenge, has gotten easier using poudriere and qemu in recent years.\nHowever this blog post details some of the particular issues still being face when trying to compile some certain ports for ARM (I.E. rPi) that don’t play nicely with FreeBSD’s default CLANG compiler.\nThe writer (Ben Slack) takes us through some of the work-arounds he uses to build some troublesome ports, namely lsof and libatomic_ops. \nNote this is not just an issue with cross compile, the above mentioned ports also don’t build with clang on the Pi directly. \nAfter doing the initial poudriere/qemu cross-compile setup, he then shows us the minor tweaks to adjust which compiler builds specific ports, and how he triggers the builds using poudriere.\nWith the actual Makefile adjustment being so minor, one wonders if this shouldn’t just be committed upstream, with some if (ARM) - USE_GCC=yes type conditional. \n***\n\n\nNvidia releases new Beta graphics driver for FreeBSD\n\n\nAdded support for the following GPUs: GeForce 920MX \u0026amp; GeForce 930MX\nAdded support for the Vulkan API version 1.0.\nFixed a bug that could cause incorrect frame rate reporting on Quadro Sync configurations with multiple GPUs.\nAdded a new RandR property, CscMatrix, which specifies a 3x4 color-space conversion matrix.\nImproved handling of the X gamma ramp on GF119 and newer GPUs. On these GPUs, the RandR gamma ramp is always 1024 entries and now applies to the cursor and VDPAU or workstation overlays in addition to the X root window.\nFixes for bugs and added several other EGL extensions\n***\n\n\nBeastie Bits\n\n\nNew TN Bug started \nDragonFlyBSD Network/TCP Performance's gets a bump\nFreeBSD Foundation introduces a new website and logo\nOur producer made these based on the new logo:\n\n\nhttp://q5sys.sh/2016/03/a-new-freebsd-foundation-logo-means-its-time-for-some-new-wallpapers/\nhttp://q5sys.sh/2016/03/pc-bsd-and-lumina-desktop-wallpapers/\nhttps://github.com/pcbsd/lumina/commit/60314f46247b7ad6e877af503b3814b0be170da8 \n\nIPv6 errata for 5.7/5.8, pledge errata for 5.9\nSponsoring “PAM Mastery”\nA visualization of FreeBSD commits on GitHub for 2015\nThe VAX platform is no more\n\n\n\n\nFeedback/Questions\n\n\n Hunter - Utils for Blind \n Chris - ZFS Quotas \n Anonymous - Tun, Tap and Me! \n Andrew - Navigating the BSDs \n Brent - Wifi on BSD \n***\n","content_html":"\u003cp\u003eThis week on the show, Allan and I have gotten a bit more sleep since AsiaBSDCon, which is excellent since there is a LOT of news to cover. That plus our interview with Ports SecTeam member Mark Felder. So keep it\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.freenas.org/pipermail/freenas-announce/2016-March/000028.html\" rel=\"nofollow\"\u003eFreeNAS 9.10 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOS:\n\n\u003cul\u003e\n\u003cli\u003eThe base OS version for FreeNAS 9.10 is now FreeBSD 10.3-RC3, bringing in a huge number of OS-related bug fixes, performance improvements and new features.\n+Directory Services:\u003c/li\u003e\n\u003cli\u003eYou can now connect to large AD domains with cache disabled.\n+Reporting:\u003c/li\u003e\n\u003cli\u003eAdd the ability to send collectd data to a remote graphite server.\n+Hardware Support:\u003c/li\u003e\n\u003cli\u003eAdded Support for Intel I219-V \u0026amp; I219-LM Gigabit Ethernet Chipset\u003c/li\u003e\n\u003cli\u003eAdded Support for Intel Skylake architecture\u003c/li\u003e\n\u003cli\u003eImproved support for USB devices (like network adapters)\u003c/li\u003e\n\u003cli\u003eUSB 3.0 devices now supported.\n+Filesharing:\u003c/li\u003e\n\u003cli\u003eSamba (SMB filesharing) updated from version 4.1 to 4.3.4\u003c/li\u003e\n\u003cli\u003eAdded GUI feature to allow nfsv3-like ownership when using nfsv4\u003c/li\u003e\n\u003cli\u003eVarious bug fixes related to FreeBSD 10.\n+Ports:\u003c/li\u003e\n\u003cli\u003eFreeBSD ports updated to follow the FreeBSD 2016Q1 branch.\n+Jails:\u003c/li\u003e\n\u003cli\u003eFreeBSD Jails now default to a FreeBSD 10.3-RC2 based template.\u003c/li\u003e\n\u003cli\u003eOld jails, or systems on which jails have been installed, will still default to the previous FreeBSD 9.3 based template. Only those machinesusing jails for the first time (or deleting and recreating their jails dataset) will use the new template.\n+bhyve:\n++In the upcoming 10 release, the CLI will offer full support for managing virtual machines and containers. Until then, the iohyve command is bundled as a stop-gap solution to provide basic VM management support -\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sourceforge.net/projects/ubuntubsd/\" rel=\"nofollow\"\u003eUbuntu BSD\u0026#39;s first Beta Release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUnder the category of “Where did this come from?”, we have a first beta release of Ubuntu BSD.\u003c/li\u003e\n\u003cli\u003eSpecifically it is Ubuntu, respun to use the FreeBSD kernel and ZFS natively.\u003c/li\u003e\n\u003cli\u003eFrom looking at the minimal information up on sourceforge, we gather that is has a nice text-based installer, which supports ZFS configuration and iSCSI volume creation setups.\u003c/li\u003e\n\u003cli\u003eAside from that, it includes the XFCE desktop out of box, but claims to be suitable for both desktops and servers alike right now.\u003c/li\u003e\n\u003cli\u003eWe will keep an eye on this, if anybody listening has already tested it out, maybe drop us a line on your thoughts of how this mash-up works out.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://vez.mrsk.me/freebsd-defaults.txt\" rel=\"nofollow\"\u003eFreeBSD - a lesson in poor defaults\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFormer BSD producer, and now OpenBSD developer, TJ, writes a post detailing the defaults he changes in a fresh FreeBSD installation\u003c/li\u003e\n\u003cli\u003eMaybe some of these should be the defaults\u003c/li\u003e\n\u003cli\u003eWhile others are definitely a personal preference, or are not as security related as they seem\u003c/li\u003e\n\u003cli\u003eA few of these, while valid criticisms, but some are done for a reason\u003c/li\u003e\n\u003cli\u003eSpecifically, the OpenSSH changes.\u003c/li\u003e\n\u003cli\u003eSo, you’re a user, you install FreeBSD 10.0, and it comes with OpenSSH version X, which has some specific defaults\u003c/li\u003e\n\u003cli\u003eAs guaranteed by the FreeBSD Project, you will have a nice smooth upgrade path to any version in the 10.x branch\u003c/li\u003e\n\u003cli\u003eJust because OpenSSH has released version Y, doesn’t mean that the upgrade can suddenly remove support for DSA keys, or re-adding support for AES-CBC (which is not really weak, and which can be hardware accelerated, unlikely most of the replacements)\u003c/li\u003e\n\u003cli\u003e“FreeBSD is the team trying to increase the risk.” Is incorrect, they are trying to reduce the impact on the end user\u003c/li\u003e\n\u003cli\u003eSpecifically, a user upgrading from 10.x to 10.3, should not end up locked out of their SSH server, or otherwise confronted by unexpected errors or slowdowns because of upstream changes\u003c/li\u003e\n\u003cli\u003eI will note again, (and again), that the NONE cipher can NOT allow a user to “shoot themselves in the foot”, encryption is still used during the login phase, it is just disabled for the file transfer phase. The NONE cipher will refuse to work for an interactive session.\u003c/li\u003e\n\u003cli\u003eWhile the post states that the NONE cipher doesn’t improve performance that much, it infact does\u003c/li\u003e\n\u003cli\u003eIn my own testing, chacha20-poly1305 1.3 gbps, aes128-gcm (fastest) 5.0 gbps, NONE cipher 6.3 gbps\u003c/li\u003e\n\u003cli\u003eThat means that the NONE cipher is an hour faster to transfer 10 TB over the LAN.\u003c/li\u003e\n\u003cli\u003eThe article suggests just removing sendmail with no replacement. Not sure how they expect users to deliver mail, or the daily/weekly reports\u003c/li\u003e\n\u003cli\u003ePorts can be compiled as a regular user. Only the install phase requires root\u003c/li\u003e\n\u003cli\u003efor ntpd, it is not clear that there is an acceptable replacement yet, but I will not that it is off by default\u003c/li\u003e\n\u003cli\u003eIn the sysctl section, I am not sure I see how enabling tcp blackhole actually increases security at all\u003c/li\u003e\n\u003cli\u003eI am not sure that linking to every security advisory in openssl since 2001 is actually useful\u003c/li\u003e\n\u003cli\u003eEncrypted swap is an option in bsdinstall now, but I am not sure it is really that important\u003c/li\u003e\n\u003cli\u003eFreeBSD now uses the Fortuna PRNG, upgraded to replace the older Yarrow, not vanilla RC4.\u003c/li\u003e\n\u003cli\u003e“The resistance from the security team to phase out legacy options makes mewonder if they should be called a compatibility team instead.”\u003c/li\u003e\n\u003cli\u003eI do not think this is the choice of the security team, it is the ABI guarantee that the project makes. The stable/10 branch will always have the same ABI, and a program or driver compiled against it will work with any version on that branch\u003c/li\u003e\n\u003cli\u003eThe security team doesn’t really have a choice in the matter. Switching the version of OpenSSL used in FreeBSD 9.x would likely break a large number of applications the user has installed\u003c/li\u003e\n\u003cli\u003eSomething may need to be done differently, since it doesn’t look like any version of OpenSSL, (or OpenSSH), will be supported for 5 years ever again\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://calomel.org/zfs_raid_speed_capacity.html\" rel=\"nofollow\"\u003eZFS Raidz Performance, Capacity and Integrity\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn updated version of an article comparing the performance of various ZFS vdev configurations\u003c/li\u003e\n\u003cli\u003eThe settings users in the test may not reflect your workload\u003c/li\u003e\n\u003cli\u003eIf you are benchmarking ZFS, consider using multiple files across different datasets, and not making all of the writes synchronous\u003c/li\u003e\n\u003cli\u003eAlso, it is advisable to run more than 3 runs of each test\u003c/li\u003e\n\u003cli\u003eComparing the numbers from the 12 and 24 disk tests, it is surprising to see that the 12 mirror sets did not outperform the other configurations. In the 12 drive tests, the 6 mirror sets had about the same read performance as the other configurations, it is not clear why the performance with more disks is worse, or why it is no longer in line with the other configurations\u003c/li\u003e\n\u003cli\u003eMore investigation of this would be required\u003c/li\u003e\n\u003cli\u003eThere are obviously so other bottlenecks, as 5x SSDs in RAID-Z1 performed the same as 17x SSDs in RAID-Z1\u003c/li\u003e\n\u003cli\u003eInteresting results none the less\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXSystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.nasanda.com/2016/03/ixsystems-freenas-mini-nas-device-reviewed/\" rel=\"nofollow\"\u003eFreeNAS Mini Review\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Mark Felder - \u003ca href=\"mailto:feld@freebsd.org\" rel=\"nofollow\"\u003efeld@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/feldpos\" rel=\"nofollow\"\u003e@feldpos\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePorts, Ports and more Ports\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eDigitalOcean\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.digitalocean.com/community/tutorials/how-to-configure-and-connect-to-a-private-openvpn-server-on-freebsd-10-1\" rel=\"nofollow\"\u003eDigital Ocean\u0026#39;s guide to setting up an OpenVPN server\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160316153158\u0026mode=flat\u0026count=0\" rel=\"nofollow\"\u003eAsiaBSDCon OpenBSD Papers\u003c/a\u003e \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eUndeadly.org has compiled a handy list of the various OpenBSD talks / papers that were offered a few weeks ago at AsiaBSDCon 2016.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAntoine Jacoutot (ajacoutot@) - OpenBSD rc.d(8) (slides | paper)\u003cbr\u003e\nHenning Brauer (henning@) - Running an ISP on OpenBSD (slides)\u003cbr\u003e\nMike Belopuhov (mikeb@) - Implementation of Xen PVHVM drivers in OpenBSD (slides | paper)\u003cbr\u003e\nMike Belopuhov (mikeb@) - OpenBSD project status update (slides)\u003cbr\u003e\nMike Larkin (mlarkin@) - OpenBSD vmm Update (slides)\u003cbr\u003e\nReyk Floeter (reyk@) - OpenBSD vmd Update (slides) \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eEach talk provides slides, and some the papers as well. Also included is the update to ‘vmm’ discussed at bhyveCon, which will be of interest to virtualization enthusiasts.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bitcoinist.net/bitcoin-devs-could-learn-a-lot-from-bsd/\" rel=\"nofollow\"\u003eBitcoin Devs could learn a lot from BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interesting article this week, comparing two projects that at first glance may not be entirely related, namely BitCoin and BSD.\u003c/li\u003e\n\u003cli\u003eThe article first details some of the woes currently plaguing the BitCoin development community, such as toxic community feedback to changes and stakeholders with vested financial interests being unable to work towards a common development purpose.\u003c/li\u003e\n\u003cli\u003eThis leads into the crux or the article, about what BitCoin devs could learn from BSD:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eFirst and foremost, the way code is developed needs change to stop the current negative trend in Bitcoin. The FreeBSD project has a rigid internal hierarchy of people with write access to their codebase, which the various Bitcoin implementations also have, but BSD does this in a way that is very open to fresh eyes on their code, allowing parallel problem solving without the petty infighting we see in Bitcoin. Anyone can propose a commit publicly to the code, make it publicly available, and democratically decide which change ends up in the codebase. FreeBSD has a tiny number of core developers compared to the size of their codebase, but at any point, they have a huge community advancing their project without hard forks popping up at every small disagreement. Brian Armstrong commented recently on this flaw with Bitcoin development, particularly with the Core Devs:\u003c/p\u003e\n\n\u003cp\u003e“Being high IQ is not enough for a team to succeed. You need to make reasonable tradeoffs, collaborate, be welcoming, communicate, and be easy to work with. Any team that doesn’t have this will be unable to attract top talent and will struggle long term. In my opinion, perhaps the biggest risk in Bitcoin right now is, ironically, one of the things which has helped it the most in the past: the Bitcoin Core developers.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eA good summary of the culture that could be adopted is summed up as follows:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eThe other thing Bitcoin devs could learn from is the BSD community’s adoption of the Unix Design philosophy. Primarily “Worse is Better,” The rule of Diversity, and Do One Thing and Do It Well. “Worse is Better” emphasizes using extant functional solutions rather than making more complex ones, even if they would be more robust. The Rule of Diversity stresses flexibility of the program being developed, allowing for modification and different implementations without breaking. Do one Thing and Do it well is a mantra of the BSD and Unix Communities that stresses modularity and progress over “perfect” solutions. Each of these elements help to make BSD a wildly successful open source project with a healthy development community and lots of inter-cooperation between the different BSD systems. While this is the opposite of what we see with Bitcoin at present, the situation is salvageable provided changes like this are made, especially by Core Developers.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eAll in all, a well written and interesting take on the FreeBSD/BSD project. We hope the BitCoin devs can take something useful from it down the road.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ben.eficium.net/2016/03/freebsd-cross-compiling-with-gcc.html\" rel=\"nofollow\"\u003eFreeBSD cross-compiling with gcc and poudriere\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCross-Compiling, always a challenge, has gotten easier using poudriere and qemu in recent years.\u003c/li\u003e\n\u003cli\u003eHowever this blog post details some of the particular issues still being face when trying to compile some certain ports for ARM (I.E. rPi) that don’t play nicely with FreeBSD’s default CLANG compiler.\u003c/li\u003e\n\u003cli\u003eThe writer (Ben Slack) takes us through some of the work-arounds he uses to build some troublesome ports, namely lsof and libatomic_ops. \u003c/li\u003e\n\u003cli\u003eNote this is not just an issue with cross compile, the above mentioned ports also don’t build with clang on the Pi directly. \u003c/li\u003e\n\u003cli\u003eAfter doing the initial poudriere/qemu cross-compile setup, he then shows us the minor tweaks to adjust which compiler builds specific ports, and how he triggers the builds using poudriere.\u003c/li\u003e\n\u003cli\u003eWith the actual Makefile adjustment being so minor, one wonders if this shouldn’t just be committed upstream, with some if (ARM) - USE_GCC=yes type conditional. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://devtalk.nvidia.com/default/topic/925607/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-364-12-beta-/\" rel=\"nofollow\"\u003eNvidia releases new Beta graphics driver for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdded support for the following GPUs: GeForce 920MX \u0026amp; GeForce 930MX\u003c/li\u003e\n\u003cli\u003eAdded support for the Vulkan API version 1.0.\u003c/li\u003e\n\u003cli\u003eFixed a bug that could cause incorrect frame rate reporting on Quadro Sync configurations with multiple GPUs.\u003c/li\u003e\n\u003cli\u003eAdded a new RandR property, CscMatrix, which specifies a 3x4 color-space conversion matrix.\u003c/li\u003e\n\u003cli\u003eImproved handling of the X gamma ramp on GF119 and newer GPUs. On these GPUs, the RandR gamma ramp is always 1024 entries and now applies to the cursor and VDPAU or workstation overlays in addition to the X root window.\u003c/li\u003e\n\u003cli\u003eFixes for bugs and added several other EGL extensions\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://knoxbug.org/\" rel=\"nofollow\"\u003eNew TN Bug started\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4a43469a10cef8c17553c342aab9d73611ea7bc8?utm_source=anzwix\" rel=\"nofollow\"\u003eDragonFlyBSD Network/TCP Performance\u0026#39;s gets a bump\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/blog/introducing-a-new-look-for-the-foundation/\" rel=\"nofollow\"\u003eFreeBSD Foundation introduces a new website and logo\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eOur producer made these based on the new logo:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://q5sys.sh/2016/03/a-new-freebsd-foundation-logo-means-its-time-for-some-new-wallpapers/\" rel=\"nofollow\"\u003ehttp://q5sys.sh/2016/03/a-new-freebsd-foundation-logo-means-its-time-for-some-new-wallpapers/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://q5sys.sh/2016/03/pc-bsd-and-lumina-desktop-wallpapers/\" rel=\"nofollow\"\u003ehttp://q5sys.sh/2016/03/pc-bsd-and-lumina-desktop-wallpapers/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pcbsd/lumina/commit/60314f46247b7ad6e877af503b3814b0be170da8\" rel=\"nofollow\"\u003ehttps://github.com/pcbsd/lumina/commit/60314f46247b7ad6e877af503b3814b0be170da8\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160316190937\u0026mode=flat\" rel=\"nofollow\"\u003eIPv6 errata for 5.7/5.8, pledge errata for 5.9\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2577\" rel=\"nofollow\"\u003eSponsoring “PAM Mastery”\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://rocketgraph.com/s/v89jBkKN4e-\" rel=\"nofollow\"\u003eA visualization of FreeBSD commits on GitHub for 2015\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160309192510\" rel=\"nofollow\"\u003eThe VAX platform is no more\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20KPYDOsq\" rel=\"nofollow\"\u003e Hunter - Utils for Blind\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2EHdI3z3L\" rel=\"nofollow\"\u003e Chris - ZFS Quotas\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Nx1VSiU\" rel=\"nofollow\"\u003e Anonymous - Tun, Tap and Me!\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ZKK2DZTL\" rel=\"nofollow\"\u003e Andrew - Navigating the BSDs\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20duO29mN\" rel=\"nofollow\"\u003e Brent - Wifi on BSD\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, Allan and I have gotten a bit more sleep since AsiaBSDCon, which is excellent since there is a LOT of news to cover. That plus our interview with Ports SecTeam member Mark Felder. So keep it","date_published":"2016-03-24T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/af2a0241-5911-434f-8fe1-6dd556b074ae.mp3","mime_type":"audio/mpeg","size_in_bytes":90344596,"duration_in_seconds":7528}]},{"id":"4673def9-dead-4353-b97b-9b557eef899a","title":"133: The Tokyo Debrief","url":"https://www.bsdnow.tv/133","content_text":"This week on BSDNow, Allan and I are back from AsiaBSDCon and we have an interview with Brad Davis about the new “Packaging Base” call-for-testing. We’ll be sharing our thoughts and stories on how the week\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nAsiaBSDCon 2016 - Wrap-up\n\nFreeBSD gets Haswell graphics support in time for 11.0-RELEASE\n\n\nThe moment that many have been waiting for has finally arrived, support for Haswell graphics has been committed to FreeBSD -CURRENT\nThe brings the DRM/i915 code up to date with Linux kernel 3.8.13\nWork has already started on updating to Linux kernel 3.9\nIt is hoped that subsequent updates will be much easier, and much faster\nIt does not appear to require setting the i915.preliminary_hw_support loader tunable\n***\n\n\nOpenBSD vmm/vmd Update\n\n\nFor the third year running, bhyvecon was held last week, during the lead up to AsiaBSDCon\nBhyvecon has expanded, and now covers all virtualization on BSDs\nThere were presentations on bhyve, Xen Dom0 on FreeBSD, Xen DomU for OpenBSD, and OpenBSD’s vmm\nOpenBSD vmm started at the Brisbane 2015 hackathon in Australia\nWork continued through the summer and fall thanks to funding by the OpenBSD Foundation\nThe presentation answered some outstanding questions, such as, why not just port bhyve?\nInitial focus is OpenBSD on OpenBSD\nLoader currently supports FreeBSD and NetBSD as well\nAfter the initial commits, other developers joined in to help with the work\nReyk reworked the vmd and vmctl commands, to provide a better user interface\nFuture plans:\n\n\nNested VMX\ni386 support\nAMD SVM support\nFilesystem passthru\nLive migration (with ZFS like command syntax)\n\nOther developers are working on related projects:\n\n\nqemu interface: Allow qemu to be accelerated by the vmm backend, while providing emulated hardware, for legacy systems\nKVM interface: Make vmm look like KVM, so existing tools like openstack “just work”\n***\n\n\n\nInterview - Brad Davis - brd@freebsd.org / @so14k\n\n\nPackaging Base\n\n\nNews Roundup\n\nPackaging the base system with pkg(8)\n\n\nThe official call for testing for FreeBSD’s pkg(8)’d base is out\nUsers are requested to checkout the release-pkg branch, and build it as normal (buildworld, buildkernel)\nInstead of installworld, run: make packages\nThis will produce a pkg repo in the /usr/obj directory\nThe post to the mailing list includes an example pkg repo config file to point to those packages\nRun: pkg update -r FreeBSD-base\nThis will read the metadata from the new repository\nThen run: pkg install -g 'FreeBSD-*'\nThis will find all packages that start with ‘FreeBSD-’ and install them\nIn the future, there will be meta packages, so you can just install FreeBSD-base and it will pull in other packages are dependencies\nCurrently, there are a large number of packages (over 700), because each shared library is packaged separately, and almost all optional features are in a separate package\nThe number of packages is also increased because there are separate -debug, -profiling, etc versions of each package\nNew features are being added to pkg(8) to mark important system components, like libc, as ‘vital’, so they cannot be deleted accidently\nHowever, in the case of using pkg(8)’d base to create a jail, the administrator should be able to delete the entire base system\nClassic conundrum: “UNIX does not stop you doing something stupid, as that would also stop you doing something clever”\nWork is still ongoing\nAt AsiaBSDCon, after the interview was recorded, bapt@ and brd@ had a whiteboarding session and have come up with how they expect to handle the kernel package, to ensure there is a /boot/kernel.old for you to fall back to incase the newly installer kernel does not work correctly.\n***\n\n\nFreeBSD 10.3-RC2 Now Available\n\n\nThe second release candidate for FreeBSD 10.3 is now available for testing\nNotable changes include:\n\n\nImport an upstream fix for ‘zfs send -i’ to avoid data corruption in specific instances\nBoot loaders and kernel have been taught to handle ELF sections of type SHT_AMD64_UNWIND. This does not really apply to FreeBSD 10.3, but is required for 11.0, so will make upgrades easier\nVarious mkdb commands (/etc/services, /etc/login.conf, etc) commands now use fsync() instead of opening the files as O_SYNC, greatly increasing the speed of the database generation\n\nFrom the earlier BETA3, the VFS improvements that were causing ZFS hangs, and the new ‘tryforward’ routing code, have been reverted\nWork is ongoing to fix these issues for FreeBSD 11.0\nThere are two open issues:\n\n\nA fix for OpenSSH CVE-2016-3115 has not be included yet\nthe re-addition of AES-CBC ciphers to the default server proposal list. AES-CBC was removed as part of the update to OpenSSH version 7.1p2, but the plan is to re-add it, specifically for lightweight clients who rely on hardware crypto offload to have acceptable SSH performance\n\nPlease go out and test\n***\n\n\nOPNsense 16.1.6 released\n\n\nA new point-release of OPNsense has dropped, and apart from the usual security updates, some new features have been included\n\n\n\n\nfirmware: bootstrap utility can now directly install e.g. the development version\ndhcp: all GUI pages have been reworked for a polished look and feel\nproxy: added category-based remote file support if compressed file contains multiple files\nproxy: added ICAP support (contributed by Fabian Franz)\nproxy: hook up the transparent FTP proxy\nproxy: add intercept on IPv6 for FTP and HTTP proxy options\nlogging: syslog facilities, like services, are now fully pluggable\nvpn: stripped an invalid PPTP server configuration from the standard configuration\nvpn: converted to pluggable syslog, menu and ACL\ndyndns: all GUI pages have been reworked for a polished look and feel\ndyndns: widget now shows IPv6 entries too\ndns forwarder: all GUI pages have been reworked for a polished look and feel\ndns resolver: all GUI pages have been reworked for a polished look and feel\ndns resolver: rewrote the dhcp lease registration hooks\ndns resolver: allow parallel operation on non-standard port when dns forwarder is running as well\nfirewall: hide outbound nat rule input for \"interface address\" option and toggle bitmask correctly\ninterfaces: fix problem when VLAN tags weren't generated properly\ninterfaces: improve interface capability reconfigure\nipsec: fix service restart behaviour from GUI\ncaptive portal: add missing chain in certificate generation\nconfigd: improve recovery and reload behaviour\nload balancer: reordered menu entries for clarity\nntp: reordered menu entries for clarity\ntraffic shaper: fix mismatch for direction + dual interfaces setup\nlanguages: updated German and French\n\n\n\n\n\nCall for testing - ASLR patch\n\n\nA patch that provides a first pass implementation of basic ASLR (Address Space Layout Randomization) for FreeBSD has been posted to the mailing list\n“Stack gap, WX, shared page randomization, KASLR and other techniques are explicitly out of scope of this work.”\n“ASLR is enabled on per-ABI basis, and currently it is only enabled on native i386 and amd64 (including compat 32bit) ABIs.  I expect to test and enable ASLR for armv6 and arm64 as well, later”\n“Thanks to Oliver Pinter and Shawn Webb of the HardenedBSD project for pursuing ASLR for FreeBSD.  Although this work is not based on theirs, it was inspired by their efforts.”\n***\n\n\nFeedback/Questions\n\n\n Daniel - OpenZFS \n Florian - JBODS \n Hunter - SSL on DO \n Ben - Backups \n Damian - Bug’in Me! \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, Allan and I are back from AsiaBSDCon and we have an interview with Brad Davis about the new “Packaging Base” call-for-testing. We’ll be sharing our thoughts and stories on how the week\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eAsiaBSDCon 2016 - Wrap-up\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/296548\" rel=\"nofollow\"\u003eFreeBSD gets Haswell graphics support in time for 11.0-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe moment that many have been waiting for has finally arrived, support for Haswell graphics has been committed to FreeBSD -CURRENT\u003c/li\u003e\n\u003cli\u003eThe brings the DRM/i915 code up to date with Linux kernel 3.8.13\u003c/li\u003e\n\u003cli\u003eWork has already started on updating to Linux kernel 3.9\u003c/li\u003e\n\u003cli\u003eIt is hoped that subsequent updates will be much easier, and much faster\u003c/li\u003e\n\u003cli\u003eIt does not appear to require setting the i915.preliminary_hw_support loader tunable\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bhyvecon.org/bhyvecon2016-Mike.pdf\" rel=\"nofollow\"\u003eOpenBSD vmm/vmd Update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor the third year running, bhyvecon was held last week, during the lead up to AsiaBSDCon\u003c/li\u003e\n\u003cli\u003eBhyvecon has expanded, and now covers all virtualization on BSDs\u003c/li\u003e\n\u003cli\u003eThere were presentations on bhyve, Xen Dom0 on FreeBSD, Xen DomU for OpenBSD, and OpenBSD’s vmm\u003c/li\u003e\n\u003cli\u003eOpenBSD vmm started at the Brisbane 2015 hackathon in Australia\u003c/li\u003e\n\u003cli\u003eWork continued through the summer and fall thanks to funding by the OpenBSD Foundation\u003c/li\u003e\n\u003cli\u003eThe presentation answered some outstanding questions, such as, why not just port bhyve?\u003c/li\u003e\n\u003cli\u003eInitial focus is OpenBSD on OpenBSD\u003c/li\u003e\n\u003cli\u003eLoader currently supports FreeBSD and NetBSD as well\u003c/li\u003e\n\u003cli\u003eAfter the initial commits, other developers joined in to help with the work\u003c/li\u003e\n\u003cli\u003eReyk reworked the vmd and vmctl commands, to provide a better user interface\u003c/li\u003e\n\u003cli\u003eFuture plans:\n\n\u003cul\u003e\n\u003cli\u003eNested VMX\u003c/li\u003e\n\u003cli\u003ei386 support\u003c/li\u003e\n\u003cli\u003eAMD SVM support\u003c/li\u003e\n\u003cli\u003eFilesystem passthru\u003c/li\u003e\n\u003cli\u003eLive migration (with ZFS like command syntax)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eOther developers are working on related projects:\n\n\u003cul\u003e\n\u003cli\u003eqemu interface: Allow qemu to be accelerated by the vmm backend, while providing emulated hardware, for legacy systems\u003c/li\u003e\n\u003cli\u003eKVM interface: Make vmm look like KVM, so existing tools like openstack “just work”\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Brad Davis - \u003ca href=\"mailto:brd@freebsd.org\" rel=\"nofollow\"\u003ebrd@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/so14k\" rel=\"nofollow\"\u003e@so14k\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePackaging Base\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pkgbase/2016-March/000032.html\" rel=\"nofollow\"\u003ePackaging the base system with pkg(8)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe official call for testing for FreeBSD’s pkg(8)’d base is out\u003c/li\u003e\n\u003cli\u003eUsers are requested to checkout the release-pkg branch, and build it as normal (buildworld, buildkernel)\u003c/li\u003e\n\u003cli\u003eInstead of installworld, run: make packages\u003c/li\u003e\n\u003cli\u003eThis will produce a pkg repo in the /usr/obj directory\u003c/li\u003e\n\u003cli\u003eThe post to the mailing list includes an example pkg repo config file to point to those packages\u003c/li\u003e\n\u003cli\u003eRun: pkg update -r FreeBSD-base\u003c/li\u003e\n\u003cli\u003eThis will read the metadata from the new repository\u003c/li\u003e\n\u003cli\u003eThen run: pkg install -g \u0026#39;FreeBSD-*\u0026#39;\u003c/li\u003e\n\u003cli\u003eThis will find all packages that start with ‘FreeBSD-’ and install them\u003c/li\u003e\n\u003cli\u003eIn the future, there will be meta packages, so you can just install FreeBSD-base and it will pull in other packages are dependencies\u003c/li\u003e\n\u003cli\u003eCurrently, there are a large number of packages (over 700), because each shared library is packaged separately, and almost all optional features are in a separate package\u003c/li\u003e\n\u003cli\u003eThe number of packages is also increased because there are separate -debug, -profiling, etc versions of each package\u003c/li\u003e\n\u003cli\u003eNew features are being added to pkg(8) to mark important system components, like libc, as ‘vital’, so they cannot be deleted accidently\u003c/li\u003e\n\u003cli\u003eHowever, in the case of using pkg(8)’d base to create a jail, the administrator should be able to delete the entire base system\u003c/li\u003e\n\u003cli\u003eClassic conundrum: “UNIX does not stop you doing something stupid, as that would also stop you doing something clever”\u003c/li\u003e\n\u003cli\u003eWork is still ongoing\u003c/li\u003e\n\u003cli\u003eAt AsiaBSDCon, after the interview was recorded, bapt@ and brd@ had a whiteboarding session and have come up with how they expect to handle the kernel package, to ensure there is a /boot/kernel.old for you to fall back to incase the newly installer kernel does not work correctly.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2016-March/084384.html\" rel=\"nofollow\"\u003eFreeBSD 10.3-RC2 Now Available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe second release candidate for FreeBSD 10.3 is now available for testing\u003c/li\u003e\n\u003cli\u003eNotable changes include:\n\n\u003cul\u003e\n\u003cli\u003eImport an upstream fix for ‘zfs send -i’ to avoid data corruption in specific instances\u003c/li\u003e\n\u003cli\u003eBoot loaders and kernel have been taught to handle ELF sections of type SHT_AMD64_UNWIND. This does not really apply to FreeBSD 10.3, but is required for 11.0, so will make upgrades easier\u003c/li\u003e\n\u003cli\u003eVarious mkdb commands (/etc/services, /etc/login.conf, etc) commands now use fsync() instead of opening the files as O_SYNC, greatly increasing the speed of the database generation\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eFrom the earlier BETA3, the VFS improvements that were causing ZFS hangs, and the new ‘tryforward’ routing code, have been reverted\u003c/li\u003e\n\u003cli\u003eWork is ongoing to fix these issues for FreeBSD 11.0\u003c/li\u003e\n\u003cli\u003eThere are two open issues:\n\n\u003cul\u003e\n\u003cli\u003eA fix for OpenSSH CVE-2016-3115 has not be included yet\u003c/li\u003e\n\u003cli\u003ethe re-addition of AES-CBC ciphers to the default server proposal list. AES-CBC was removed as part of the update to OpenSSH version 7.1p2, but the plan is to re-add it, specifically for lightweight clients who rely on hardware crypto offload to have acceptable SSH performance\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003ePlease go out and test\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=2378.0\" rel=\"nofollow\"\u003eOPNsense 16.1.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new point-release of OPNsense has dropped, and apart from the usual security updates, some new features have been included\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003efirmware: bootstrap utility can now directly install e.g. the development version\u003c/li\u003e\n\u003cli\u003edhcp: all GUI pages have been reworked for a polished look and feel\u003c/li\u003e\n\u003cli\u003eproxy: added category-based remote file support if compressed file contains multiple files\u003c/li\u003e\n\u003cli\u003eproxy: added ICAP support (contributed by Fabian Franz)\u003c/li\u003e\n\u003cli\u003eproxy: hook up the transparent FTP proxy\u003c/li\u003e\n\u003cli\u003eproxy: add intercept on IPv6 for FTP and HTTP proxy options\u003c/li\u003e\n\u003cli\u003elogging: syslog facilities, like services, are now fully pluggable\u003c/li\u003e\n\u003cli\u003evpn: stripped an invalid PPTP server configuration from the standard configuration\u003c/li\u003e\n\u003cli\u003evpn: converted to pluggable syslog, menu and ACL\u003c/li\u003e\n\u003cli\u003edyndns: all GUI pages have been reworked for a polished look and feel\u003c/li\u003e\n\u003cli\u003edyndns: widget now shows IPv6 entries too\u003c/li\u003e\n\u003cli\u003edns forwarder: all GUI pages have been reworked for a polished look and feel\u003c/li\u003e\n\u003cli\u003edns resolver: all GUI pages have been reworked for a polished look and feel\u003c/li\u003e\n\u003cli\u003edns resolver: rewrote the dhcp lease registration hooks\u003c/li\u003e\n\u003cli\u003edns resolver: allow parallel operation on non-standard port when dns forwarder is running as well\u003c/li\u003e\n\u003cli\u003efirewall: hide outbound nat rule input for \u0026quot;interface address\u0026quot; option and toggle bitmask correctly\u003c/li\u003e\n\u003cli\u003einterfaces: fix problem when VLAN tags weren\u0026#39;t generated properly\u003c/li\u003e\n\u003cli\u003einterfaces: improve interface capability reconfigure\u003c/li\u003e\n\u003cli\u003eipsec: fix service restart behaviour from GUI\u003c/li\u003e\n\u003cli\u003ecaptive portal: add missing chain in certificate generation\u003c/li\u003e\n\u003cli\u003econfigd: improve recovery and reload behaviour\u003c/li\u003e\n\u003cli\u003eload balancer: reordered menu entries for clarity\u003c/li\u003e\n\u003cli\u003entp: reordered menu entries for clarity\u003c/li\u003e\n\u003cli\u003etraffic shaper: fix mismatch for direction + dual interfaces setup\u003c/li\u003e\n\u003cli\u003elanguages: updated German and French\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-arch/2016-March/017719.html\" rel=\"nofollow\"\u003eCall for testing - ASLR patch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA patch that provides a first pass implementation of basic ASLR (Address Space Layout Randomization) for FreeBSD has been posted to the mailing list\u003c/li\u003e\n\u003cli\u003e“Stack gap, W\u003csup\u003eX,\u003c/sup\u003e shared page randomization, KASLR and other techniques are explicitly out of scope of this work.”\u003c/li\u003e\n\u003cli\u003e“ASLR is enabled on per-ABI basis, and currently it is only enabled on native i386 and amd64 (including compat 32bit) ABIs.  I expect to test and enable ASLR for armv6 and arm64 as well, later”\u003c/li\u003e\n\u003cli\u003e“Thanks to Oliver Pinter and Shawn Webb of the HardenedBSD project for pursuing ASLR for FreeBSD.  Although this work is not based on theirs, it was inspired by their efforts.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Z81SPq3\" rel=\"nofollow\"\u003e Daniel - OpenZFS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2be4zDkG6\" rel=\"nofollow\"\u003e Florian - JBODS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2o0MijCFy\" rel=\"nofollow\"\u003e Hunter - SSL on DO\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2fXlOwdU7\" rel=\"nofollow\"\u003e Ben - Backups\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2weBPb8sx\" rel=\"nofollow\"\u003e Damian - Bug’in Me!\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, Allan and I are back from AsiaBSDCon and we have an interview with Brad Davis about the new “Packaging Base” call-for-testing. We’ll be sharing our thoughts and stories on how the week","date_published":"2016-03-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4673def9-dead-4353-b97b-9b557eef899a.mp3","mime_type":"audio/mpeg","size_in_bytes":55224148,"duration_in_seconds":4602}]},{"id":"f3d59dae-8eeb-40fd-8450-504566ad449e","title":"132: Scaling up with BSD","url":"https://www.bsdnow.tv/132","content_text":"This week, Allan and I are away at AsiaBSDCon! (If you aren’t there, you are missing out). We will be back with a live episode next week. However, we’ve been asked for Allan to tell us about ScaleEngine’s\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Allan Jude - allanjude@freebsd.org / @allanjude\n\n\nSpotlight on ScaleEngine\n***\n\n\nBeastie Bits\n\n\nNetBSD on an RPi Zero \nDragonFly tips for printing with CUPS \nFighting fraudulent networks using secure connections (SSL) blacklisting with OPNsense. Blocks known-bad certificates as listed at abuse.ch \n \nFix for running NetBSD/amd64 7.0 on kvm based virtual machines \nMichael W. Lucas’s new book, FreeBSD Mastery: Specialty Filesystems is now escaping \nThe Penguicon Lucas Tech Track \nFreeBSD based nginx/ffmpeg camera recording and live streaming \nCFT: New Jenkins Builder for FreeNAS / PC-BSD \nStatus Update: PC-BSD’s SysAdm Server\nStatus Update: PC-BSD’s SysAdm Client UI \n\n\n","content_html":"\u003cp\u003eThis week, Allan and I are away at AsiaBSDCon! (If you aren’t there, you are missing out). We will be back with a live episode next week. However, we’ve been asked for Allan to tell us about ScaleEngine’s\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Allan Jude - \u003ca href=\"mailto:allanjude@freebsd.org\" rel=\"nofollow\"\u003eallanjude@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/allanjude\" rel=\"nofollow\"\u003e@allanjude\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpotlight on ScaleEngine\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/ebijun/NetBSD/blob/master/dmesg/earmv6hf/RPI0\" rel=\"nofollow\"\u003eNetBSD on an RPi Zero\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-February/228608.html\" rel=\"nofollow\"\u003eDragonFly tips for printing with CUPS\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://opnsense.org/fighting-fraudulent-networks-using-secure-connections-ssl-with-opnsense/\" rel=\"nofollow\"\u003eFighting fraudulent networks using secure connections (SSL) blacklisting with OPNsense. Blocks known-bad certificates as listed at abuse.ch \u003cbr\u003e\n\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://imil.net/blog/2016/01/29/netbsdamd64-7-0-kvm/\" rel=\"nofollow\"\u003eFix for running NetBSD/amd64 7.0 on kvm based virtual machines\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2537\" rel=\"nofollow\"\u003eMichael W. Lucas’s new book, FreeBSD Mastery: Specialty Filesystems is now escaping\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2534\" rel=\"nofollow\"\u003eThe Penguicon Lucas Tech Track\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.unixmen.com/freebsd-nginx-ffmpeg-camera-recording-and-live-streaming/\" rel=\"nofollow\"\u003eFreeBSD based nginx/ffmpeg camera recording and live streaming\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/iXsystems/ixbuild/\" rel=\"nofollow\"\u003eCFT: New Jenkins Builder for FreeNAS / PC-BSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/pcbsd/sysadm/\" rel=\"nofollow\"\u003eStatus Update: PC-BSD’s SysAdm Server\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/pcbsd/sysadm-ui-qt\" rel=\"nofollow\"\u003eStatus Update: PC-BSD’s SysAdm Client UI\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"This week, Allan and I are away at AsiaBSDCon! (If you aren’t there, you are missing out). We will be back with a live episode next week. However, we’ve been asked for Allan to tell us about ScaleEngine’s","date_published":"2016-03-08T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f3d59dae-8eeb-40fd-8450-504566ad449e.mp3","mime_type":"audio/mpeg","size_in_bytes":46636852,"duration_in_seconds":3886}]},{"id":"f302f270-36ec-4244-b701-fb8213e2f134","title":"131: BSD behind the chalkboard","url":"https://www.bsdnow.tv/131","content_text":"This week on the show, we have an interview with Jamie\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan 2016 List of Talks\n\n\nWe are all looking forward to BSDCan\nMake sure you arrive in time for the Goat BoF, the evening of Tuesday June 7th at the Royal Oak, just up the street from the university residence\nThere will also be a ZFS BoF during lunch of one of the conference days, be sure to grab your lunch and bring it to the BoF room\nAlso, don’t forget to get signed up for the various DevSummits taking place at BSDCan. \n***\n\n\nWhat does Load Average really mean\n\n\nChris Siebenmann, a sysadmin at the University of Toronto, does some comparison of what “Load Average” means on different unix systems, including Solaris/IllumOS, FreeBSD, NetBSD, OpenBSD, and Linux\nIt seems that no two OSes use the same definition, so comparing load averages is impossible\nOn FreeBSD, where I/O does not affect load average, you can divide the load average by the number of CPU cores to be able to compare across machines with different core counts\n***\n\n\nGPL violations related to combining ZFS and Linux\n\n\nAs we mentioned in last week’s episode, Ubuntu was preparing to release their next version with native ZFS support. + As expected, the Software Freedom Conservancy has issued a statement detailing the legal argument why they believe this is a violation of the GPL license for the Linux kernel.\nIt’s a pretty long and complete article, but we wanted to bring you the summary of the whole, and encourage you to read the rest, since it’s good to be knowledgeable about the various open-source projects and their license conditions.\n\n\n\n“We are sympathetic to Canonical's frustration in this desire to easily support more features for their users. However, as set out below, we have concluded that their distribution of zfs.ko violates the GPL. We have written this statement to answer, from the point of view of many key Linux copyright holders, the community questions that we've seen on this matter. Specifically, we provide our detailed analysis of the incompatibility between CDDLv1 and GPLv2 — and its potential impact on the trajectory of free software development — below. \n\nHowever, our conclusion is simple: Conservancy and the Linux copyright holders in the GPL Compliance Project for Linux Developers believe that distribution of ZFS binaries is a GPL violation and infringes Linux's copyright. We are also concerned that it may infringe Oracle's copyrights in ZFS. As such, we again ask Oracle to respect community norms against license proliferation and simply relicense its copyrights in ZFS under a GPLv2-compatible license.”\n\n\n\nThe Software Freedom Law Center’s take on the issue \nLinux SCSI subsystem Maintainer, James Bottomley, asks “where is the harm”\nFreeBSD and ZFS  \n***\n\n\nDragonFly i915 reaches Linux 4.2 \n\n\nThe port of the Intel i915 DRM/KMS Linux driver to DragonFlyBSD has been updated to match Linux kernel 4.2\nVarious improvements and better support for new hardware are included\nOne big difference, is that DragonFlyBSD will not require the binary firmware blob that Linux does\nFrançois Tigeot explains: \"starting from Linux 4.2, a separate firmware blob is required to save and restore the state of display engines in some low-power modes. These low-power modes have been forcibly disabled in the DragonFly version of this driver in order to keep it blob-free.\"\nObviously this will have some disadvantage, but as those modes were never available on DragonFlyBSD before, users are not likely to miss them\n***\n\n\nInterview - Jamie McParland - mcparlandj@newberg.k12.or.us / @nsdjamie\n\n\nFreeBSD behind the chalkboard\n***\n\n\niXsystems\n\n\nMy New IXSystems Mail Server\n\n\nNews Roundup\n\nInstalling ELK on FreeBSD, Tutorial Part 1\n\n\nAre you an ELK user, or interested in becoming one? If so, Gruppo Utenti has a nice blog post / tutorial on how to get started with it on FreeBSD.\nMaybe you haven’t heard of ELK, but its not the ELK in ports, specifically in this case he is referring to “ElasticSearch/Logstash/Kibana” as a stack.\nGetting started is relatively simply, first we install a few ports/packages:\n\n\ntextproc/elasticsearch\nsysutils/logstash\ntextproc/kibana43\nwww/nginx\n\nAfter enabling the various services for those (hint: sysrc may be easier), he then takes us through the configuration of ElasticSearch and LogStash. For the most part they are fairly straightforward, but you can always copy and paste his example config files as a template.\nFollow up to Installing ELK on FreeBSD \nJumping directly into the next blog entry, he then takes us through the “K” part of ELK, specifically setting up Kibana, and exposing it via nginx publically. \nAt this point most of the CLI work is finished, and we have a great walkthrough of doing the Kibana configuration via their UI. We are still awaiting the final entry to the series, where the setup of ElastAlert will be detailed, and we will bring that to your attention when it lands. \n***\n\n\nFrom 1989: An Empirical Study of the Reliablity of Unix Utilities\n\n\nA paper from 1989 on the results of fuzz testing various unix utilities across a range of available unix operating systems\nVery interesting results, it is interesting to look back at before the start of the modern BSD projects\nNew problems are still being found in utilities using similar testing methodologies, like afl (American Fuzzy lop)\n***\n\n\nGoogle Summer of Code\n\n\nBoth \nFreeBSD\nand \nNetBSD\nAre running 2016 Google Summer of Code projects.\nStudents can start submitting proposals on March 14th.\nIn the meantime, if you have any ideas, please post them to the \nSummer Of Code Ideas Page  on the FreeBSD wiki\nStudents can start looking at the list now and try to find mentors to get a jump start on their project.\n***\n\n\nHigh Availablity Sync for ipfw3 in Dragonfly\n\n\nSimilar to pfsync, this new protocol allows firewall dynamic rules (state) to be synchronized between two firewalls that are working together in HA with CARP\nDoes not yet sync NAT state, it seems libalias will need some modernization first\nApparently it will be relatively easy to port to FreeBSD\nThis is one of the only features ipfw lacks when compared to pf\n***\n\n\nBeastie Bits\n\n\nFreeBSD 10.3-BETA3 Now Available \nLibreSSL isnt affected by the OpenSSL DROWN attack \nNetBSD machines at the Open Source Conference 2016 in Toyko \nOpenBSD removes Linux Emulation\nTime is an illusion - George Neville-Neil\nOpenSSH 7.2 Released \n\n\nFeedback/Questions\n\n\n Shane - IPSEC \n Darrall - 14TB Zpool \n Pedja - ZFS setup \n***\n","content_html":"\u003cp\u003eThis week on the show, we have an interview with Jamie\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdcan.org/2016/list-of-talks.txt\" rel=\"nofollow\"\u003eBSDCan 2016 List of Talks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe are all looking forward to BSDCan\u003c/li\u003e\n\u003cli\u003eMake sure you arrive in time for the Goat BoF, the evening of Tuesday June 7th at the Royal Oak, just up the street from the university residence\u003c/li\u003e\n\u003cli\u003eThere will also be a ZFS BoF during lunch of one of the conference days, be sure to grab your lunch and bring it to the BoF room\u003c/li\u003e\n\u003cli\u003eAlso, don’t forget to get signed up for the various DevSummits taking place at BSDCan. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://utcc.utoronto.ca/%7Ecks/space/blog/unix/ManyLoadAveragesOfUnix\" rel=\"nofollow\"\u003eWhat does Load Average really mean\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eChris Siebenmann, a sysadmin at the University of Toronto, does some comparison of what “Load Average” means on different unix systems, including Solaris/IllumOS, FreeBSD, NetBSD, OpenBSD, and Linux\u003c/li\u003e\n\u003cli\u003eIt seems that no two OSes use the same definition, so comparing load averages is impossible\u003c/li\u003e\n\u003cli\u003eOn FreeBSD, where I/O does not affect load average, you can divide the load average by the number of CPU cores to be able to compare across machines with different core counts\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/\" rel=\"nofollow\"\u003eGPL violations related to combining ZFS and Linux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs we mentioned in last week’s episode, Ubuntu was preparing to release their next version with native ZFS support. + As expected, the Software Freedom Conservancy has issued a statement detailing the legal argument why they believe this is a violation of the GPL license for the Linux kernel.\u003c/li\u003e\n\u003cli\u003eIt’s a pretty long and complete article, but we wanted to bring you the summary of the whole, and encourage you to read the rest, since it’s good to be knowledgeable about the various open-source projects and their license conditions.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“We are sympathetic to Canonical\u0026#39;s frustration in this desire to easily support more features for their users. However, as set out below, we have concluded that their distribution of zfs.ko violates the GPL. We have written this statement to answer, from the point of view of many key Linux copyright holders, the community questions that we\u0026#39;ve seen on this matter. Specifically, we provide our detailed analysis of the incompatibility between CDDLv1 and GPLv2 — and its potential impact on the trajectory of free software development — below. \u003c/p\u003e\n\n\u003cp\u003eHowever, our conclusion is simple: Conservancy and the Linux copyright holders in the GPL Compliance Project for Linux Developers believe that distribution of ZFS binaries is a GPL violation and infringes Linux\u0026#39;s copyright. We are also concerned that it may infringe Oracle\u0026#39;s copyrights in ZFS. As such, we again ask Oracle to respect community norms against license proliferation and simply relicense its copyrights in ZFS under a GPLv2-compatible license.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://softwarefreedom.org/resources/2016/linux-kernel-cddl.html\" rel=\"nofollow\"\u003eThe Software Freedom Law Center’s take on the issue \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.hansenpartnership.com/are-gplv2-and-cddl-incompatible/\" rel=\"nofollow\"\u003eLinux SCSI subsystem Maintainer, James Bottomley, asks “where is the harm”\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://freebsdfoundation.blogspot.ca/2016/02/freebsd-and-zfs.html\" rel=\"nofollow\"\u003eFreeBSD and ZFS \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.phoronix.com/scan.php?page=news_item\u0026px=DragonFlyBSD-i915-4.2\" rel=\"nofollow\"\u003eDragonFly i915 reaches Linux 4.2 \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe port of the Intel i915 DRM/KMS Linux driver to DragonFlyBSD has been updated to match Linux kernel 4.2\u003c/li\u003e\n\u003cli\u003eVarious improvements and better support for new hardware are included\u003c/li\u003e\n\u003cli\u003eOne big difference, is that DragonFlyBSD will not require the binary firmware blob that Linux does\u003c/li\u003e\n\u003cli\u003eFrançois Tigeot explains: \u0026quot;starting from Linux 4.2, a separate firmware blob is required to save and restore the state of display engines in some low-power modes. These low-power modes have been forcibly disabled in the DragonFly version of this driver in order to keep it blob-free.\u0026quot;\u003c/li\u003e\n\u003cli\u003eObviously this will have some disadvantage, but as those modes were never available on DragonFlyBSD before, users are not likely to miss them\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jamie McParland - \u003ca href=\"mailto:mcparlandj@newberg.k12.or.us\" rel=\"nofollow\"\u003emcparlandj@newberg.k12.or.us\u003c/a\u003e / \u003ca href=\"https://twitter.com/nsdjamie\" rel=\"nofollow\"\u003e@nsdjamie\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD behind the chalkboard\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.reddit.com/r/LinuxActionShow/comments/48c9nt/my_new_ixsystems_mail_server/\" rel=\"nofollow\"\u003eMy New IXSystems Mail Server\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.gufi.org/2016/02/15/elk-first-part/\" rel=\"nofollow\"\u003eInstalling ELK on FreeBSD, Tutorial Part 1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAre you an ELK user, or interested in becoming one? If so, Gruppo Utenti has a nice blog post / tutorial on how to get started with it on FreeBSD.\u003c/li\u003e\n\u003cli\u003eMaybe you haven’t heard of ELK, but its not the ELK in ports, specifically in this case he is referring to “ElasticSearch/Logstash/Kibana” as a stack.\u003c/li\u003e\n\u003cli\u003eGetting started is relatively simply, first we install a few ports/packages:\n\n\u003cul\u003e\n\u003cli\u003etextproc/elasticsearch\u003c/li\u003e\n\u003cli\u003esysutils/logstash\u003c/li\u003e\n\u003cli\u003etextproc/kibana43\u003c/li\u003e\n\u003cli\u003ewww/nginx\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAfter enabling the various services for those (hint: sysrc may be easier), he then takes us through the configuration of ElasticSearch and LogStash. For the most part they are fairly straightforward, but you can always copy and paste his example config files as a template.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blog.gufi.org/2016/02/23/elk-second-part/\" rel=\"nofollow\"\u003eFollow up to Installing ELK on FreeBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eJumping directly into the next blog entry, he then takes us through the “K” part of ELK, specifically setting up Kibana, and exposing it via nginx publically. \u003c/li\u003e\n\u003cli\u003eAt this point most of the CLI work is finished, and we have a great walkthrough of doing the Kibana configuration via their UI. We are still awaiting the final entry to the series, where the setup of ElastAlert will be detailed, and we will bring that to your attention when it lands. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz.pdf\" rel=\"nofollow\"\u003eFrom 1989: An Empirical Study of the Reliablity of Unix Utilities\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA paper from 1989 on the results of fuzz testing various unix utilities across a range of available unix operating systems\u003c/li\u003e\n\u003cli\u003eVery interesting results, it is interesting to look back at before the start of the modern BSD projects\u003c/li\u003e\n\u003cli\u003eNew problems are still being found in utilities using similar testing methodologies, like afl (American Fuzzy lop)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eGoogle Summer of Code\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBoth \n\u003ca href=\"https://summerofcode.withgoogle.com/organizations/4892834293350400/\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eand \n\u003ca href=\"https://summerofcode.withgoogle.com/organizations/6246531984261120/\" rel=\"nofollow\"\u003eNetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAre running 2016 Google Summer of Code projects.\u003c/li\u003e\n\u003cli\u003eStudents can start submitting proposals on March 14th.\u003c/li\u003e\n\u003cli\u003eIn the meantime, if you have any ideas, please post them to the \n\u003ca href=\"https://wiki.freebsd.org/SummerOfCodeIdeas\" rel=\"nofollow\"\u003eSummer Of Code Ideas Page \u003c/a\u003e on the FreeBSD wiki\u003c/li\u003e\n\u003cli\u003eStudents can start looking at the list now and try to find mentors to get a jump start on their project.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-February/459424.html\" rel=\"nofollow\"\u003eHigh Availablity Sync for ipfw3 in Dragonfly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSimilar to pfsync, this new protocol allows firewall dynamic rules (state) to be synchronized between two firewalls that are working together in HA with CARP\u003c/li\u003e\n\u003cli\u003eDoes not yet sync NAT state, it seems libalias will need some modernization first\u003c/li\u003e\n\u003cli\u003eApparently it will be relatively easy to port to FreeBSD\u003c/li\u003e\n\u003cli\u003eThis is one of the only features ipfw lacks when compared to pf\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2016-February/084238.html\" rel=\"nofollow\"\u003eFreeBSD 10.3-BETA3 Now Available\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160301141941\u0026mode=expanded\" rel=\"nofollow\"\u003eLibreSSL isnt affected by the OpenSSL DROWN attack\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2016/02/29/msg000703.html\" rel=\"nofollow\"\u003eNetBSD machines at the Open Source Conference 2016 in Toyko\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://marc.info/?l=openbsd-ports-cvs\u0026m=145650279825695\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD removes Linux Emulation\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://queue.acm.org/detail.cfm?id=2878574\" rel=\"nofollow\"\u003eTime is an illusion - George Neville-Neil\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.openssh.com/txt/release-7.2\" rel=\"nofollow\"\u003eOpenSSH 7.2 Released\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2qCKWWKv0\" rel=\"nofollow\"\u003e Shane - IPSEC\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20CP3ty5P\" rel=\"nofollow\"\u003e Darrall - 14TB Zpool\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2qp7K9KBG\" rel=\"nofollow\"\u003e Pedja - ZFS setup\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we have an interview with Jamie","date_published":"2016-03-02T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f302f270-36ec-4244-b701-fb8213e2f134.mp3","mime_type":"audio/mpeg","size_in_bytes":72833908,"duration_in_seconds":6069}]},{"id":"361b50a5-0039-4457-a81d-8501d6d3e588","title":"130: Store all the Things | BSD Now 130","url":"https://www.bsdnow.tv/130","content_text":"This week on BSDNow, Allan is back from the Storage Summit in Silicon Valley! We are going to get his thoughts on how the conference went, plus bring you the latest ZFS info discussed. That plus the usual BSD news is\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD website operators urged to fix mind-alteringly bad bug\n\n\nWe start off a bit light-hearted this week, with the important, breaking news that finally a long-standing OpenBSD bug has been addressed for the HTTP daemon.\nSpecifically? It changes the default 404 page fonts away from Comic Sans, to a bit more crowd-pleasing alternative:\n\n\n“For some reason the httpd status pages (e.g. 404) use the Comic Sans typeface. This patch removes comic sans and sets the typeface to the default sans-serif typeface of the client.\n“This lowers the number of people contacting website maintainers with typeface complaints bordering on harassment”.\n\nOperators running HTTPD are highly encouraged to update their systems to the latest code, right now……... No seriously, we are waiting for you. Get it done now and then we’ll continue with the show.\n\n\n\n\nRegistration for AsiaBSDCon 2016 is now open + Talk Schedule\n\n\nAfter a few delays, the registration for AsiaBSDCon has now opened!\nThe conference starts in less than two weeks! now, so be sure to get signed up ASAP.\nIn addition the schedule has been posted, and here’s some of the highlights of this year’s conference.\nIn addition to FreeBSD and NetBSD dev summits on the first two days, we have some excellent tutorials being given this year by Kirk, Gnn, Dru and more! (https://2016.asiabsdcon.org/program.html.en) \nThe regular paper talks also have lots of good ones this year, including this crazy encrypted boot loader one given by our very own Allan Jude!\n***\n\n\nOPENBSD ON AWS : AN UNEXPECTED JOURNEY\n\n\nWe have a blog post from Antoine Jacoutot, talking about the process of getting OpenBSD up and running in AWS\nIt starts with his process of creating an AMI from scratch, which ended up not being that bad:\n\n\ncreate and loopback-mount a raw image containing a UFS filesystem extract the OpenBSD base sets (which are just regular tarballs) and kernel enable console output (so that one could “aws ec2 get-console-output”)\ninstall the boot loader on the image then use the ec2 tools to import the RAW image to S3, convert it into a volume (ec2-import-volume) which we can snapshot (ec2-create-snapshot) and create an AMI from (ec2-register)\n\nThe blog post also has a link to a script which automates this process, so don’t be daunted if you didn’t quite follow all of that. \nThanks to the recently landed DomU support, the final pieces of the puzzle fell into place, allowing OpenBSD to function as a proper guest (with networking!)\nNext it details the process of injecting a public SSH key into the instances for instant remote access. \nAn ec2-init.sh script was created (also on github) which does the following:\n\n\nsetting the hostname\ninstalling the provided SSH public key to /root/.ssh/authorized_keys\nexecuting user-data (if it starts with a shebang)\ndisplaying the host SSH fingerprints on the console (to match cloud-init)\n\nWith that done, OpenBSD is pretty much AWS ready! He then gives a brief walkthrough of setting up nginx for new users, but if you’ve already done this before then the instance is ready for you to hacking on.\n\n\n\n\nStart thinking of ideas for things with FreeBSD for Google's 2016 Summer of Code\n\n\nStudents and Developers, listen up! It’s time to start thinking about GSoC again, and FreeBSD is looking to update its project ideas page.\nThere’s some good ones on the list, plus ones that should be pruned (such as GELI boot), but now is the time to start adding new ones before we get too deep into the process.\nThis goes for the other BSD’s as well, start thinking about your proposals, or if you are developer, which projects would be a good fit for mentoring.\n(Improving the Linux Compat layer is one I think should be done!)\nGuide to getting started with kernel hacking \nOne of the things that’s been asked frequently is how to contribute towards the efforts to bring updated DRM / X drivers to the FreeBSD kernel. \nJean-Sébastien Pédron has started a great guide on the Wiki which details how to get started with the porting effort, and that developers need not be afraid of helping.\n***\n\n\nStorage Summit Roundup\n\n\nEarlier this week a number of developers from FreeBSD, as well as various vendors that use FreeBSD, or provide products used with FreeBSD met for a Storage Summit, to discuss the \nfuture of these technologies\nThe summit was co-located with the USENIX FAST (Filesystems And Storage Technologies) conference\nThe summit was sponsored by the FreeBSD Foundation and FlightAware\nAfter a short introduction, the event opened with a Networking Synergy panel\nThe focus of this panel was to see if there were techniques and lessons learned in improving the networking stack over the last 10 years that could be applied to improving the storage stack\nA lot of time was spent discussing issues like multi-queue support, CPU scheduling, and ways to modernize the stack\nCAM Scheduling \u0026amp; Locking Revamp\n\n\nNo notes posted\n\nUser Space Storage Stack\n\n\nOne of the user space storage stacks discussed was Diskmap\nLike netmap, but for disks (diskmap)\nKernel bypass for accessing disks\nIlias Marinos, who is working on diskmap at Cambridge University, described diskmap to the group\n\nA design discussion then followed in which the memory management was covered as that's an issue for any sort of \"IO\" map system\n\n\nAction Items:\n\nDiscuss with Luigi the idea of code merges\nNeed a reset path API\nKernel buffer mapping for reliability\nSupport for other interfaces (SATA/SCSI)\nGEOM layer adaptation\nAdapting to New Storage Technologies \n\n\nThis working group was led by Adrian Palmer, from Seagate\nSMR\nPersistent Memory\nSession 1: Device Identification and the structural requirements\n\n\nAgenda: We'll look over the Identification nuances and what needs to change to support the structure. Support for IO order guarantees, forward-write only requirements, new commands and topology. Dig into CAM and GEOM layers. Solutions should be fast and have as few code paths as possible\nResults: Small audience. We talked about zoned characteristics, and how it can be used in various workloads, projected to be implemented in years\n\nSession 2: Information dissemination and consumption\n\n\nAgenda: Where and how will information from the report_zones command be gathered, stored, combined and used. This will include userspace storage and multi-volume management. Will CAM store this data, or will GEOM? How frequently will this need to be queried/updated/verified from the drive?\nResults: Merged with ZFS working group to discuss SMR. Came up with idea that could be implemented as circular buffer zone type. Began to discuss solutions among developers\n\n\nZFS \n\n\nDuring the first session we discussed how to improve dedup support\n    + A dedup throttle or cap was discussed. When the size of the DDT grows beyond this size, new entries would not be deduped.\n\n\nAn alternative to this was also discussed, where when the DDT reached the cap size, it would remove a random entry with only a single reference from the DDT to make room for the new entry. When a block is going to be freed, if it is not found in the DDT, it is assumed to have only 1 reference, and removed.\nThere was also discussion of replacing the DDT with an in-memory hash table and a “log” of increment/decrement operations, that is periodically compacted. The hash table is recreated from the log at pool import time. This would reduce the in-memory footprint of the DDT, as well as speed up all write operations as adding an entry to the dedup log will be less expensive than updating the DDT.\nThere was also discussion of using dedicated device(s) for the DDT, either using the DDT on SSD work by Nexenta, or the Metadata Classes work by Intel\n\nThe first session also discussed Secure Delete and related things\n\n\nThe desire for an implementation of TRIM that uses the “secure erase” functionality provided by some disks was expressed\nOverwriting sectors with patterns of garbage may be insufficient because SSDs may internally remap where a specific LBA physically resides\nThe possibility of using something like the “eager zero” feature to periodically write zeros over all free blocks in the pool to erase any lingering data fragments\nProblems with the FreeBSD TRIM implementation were discussed, as well as looking at ways to implement the new ZFS TRIM implementation on FreeBSD\nABD (ARC Buf Data) was discussed, a new design that lessens the requirement for contiguous memory. Only a small area of contiguous blocks is reserved at boot, and compressed ARC blocks are constructed of scatter-gather lists of individual pages\n\nThe second session combined with the SMR group and talked about SMR support in ZFS\n\n\nLater in the second session ZFS Encryption was also discussed, mostly with a focus on what the use cases are\n\nThe third session combined all of the groups for an overview of upcoming ZFS features including device removal and channel programs\nThere was also a request for code review, for mostly finished projects like Persistent L2ARC, Writeback cache, and Large dnode support\n\nHallway Track\n\n\nZFS / VFS Interaction\nAdrian Palmer has been a FreeBSD hobbyist since FreeBSD 7, and I think I managed to convince him to start contributing\n***\n\n\n\nNews Roundup\n\nOne Week with NetBSD 7.0: Back to Unix basics\n\n\nThe author of this blog series is sending a week using NetBSD 7.0, following a previous series on Solaris 10\n“This is actually familiar territory, as I've been using BSD variants almost exclusively since 2006. My recent SunOS explorations were triggered last summer by OpenBSD having choked on my current laptop's NVIDIA card, and from what I could see at the time, FreeBSD had the same problem, although I now know NVIDIA drivers exist for that system. The thing that keeps me from going all-in with FreeBSD 10.x, however, is the fact that Firefox crashes and leaves \"core dump\" messages in its wake, and I'm just not a Chrome kinda guy.”\n“For those with a catholic taste in Unix, NetBSD is a keg party at the Vatican. If you're an absolute Unix beginner, or have been living on Ubuntu-based Linux distros for too long, then you may feel stranded at first by NetBSD's sparseness. You'll find yourself staring into the abyss and seeing only a blinking cursor staring back. If you have the presence of mind to type startx, you'll be greeted by twm, a window manager offering little more than an xterm window with the same blinking cursor until you learn how to configure the .twmrc file to include whatever applications you want or need in the right-click menu.”\n“As for NetBSD itself, I can't think of any major productivity applications that can't be installed, and most multimedia stuff works fine.”\nIssues the author hopes to sort out in later posts:\n\n\nAudio playback (youtube videos in Firefox)\nWireless\nFlash\nDigital Camera SD Card readability, video playback\nAudacity\nA “fancy” desktop like Gnome 2, KDE, or xfce\n\nIn a follow-up post, the author got LibreOffice installed and sorted out the audio issues they were having\nIn a later follow-up XFCE is up and running as well\n***\n\n\nZFS is for Containers in Ubuntu 16.04\n\n\nAs you may have heard, Ubuntu 16.04 will include ZFS -- baked directly into Ubuntu -- supported by Canonical\n“ZFS one of the most beloved features of Solaris, universally coveted by every Linux sysadmin with a Solaris background.  To our delight, we're happy to make to OpenZFS available on every Ubuntu system.”\nWhat does “supported by Canonical” mean?\n“You'll find zfs.ko automatically built and installed on your Ubuntu systems.  No more DKMS-built modules”\n“The user space zfsutils-linux package will be included in Ubuntu Main, with security updates provided by Canonical”\nThe article then provides a quick tutorial for setting up Linux Containers (LXC) backed by ZFS\nIn the example, ZFS is backed by a file on the existing disk, not by a real disk, and with no redundancy\nHowever, the setup script seems to support using real block devices\nThe Software Freedom Conservancy is expected to issue a statement detailing their opinion on the legalities and licensing issues of bundling ZFS with Linux.\n***\n\n\nPolling is a Hack: Server Sent Events (EventSource) with gevent, Flask, nginx, and FreeBSD\n\n\nA tutorial on setting up ‘Server-Sent Events’, also know as EventSource in javascript, to notify website clients of new data, rather than having the javascript constantly poll for new data.\nThe setup uses FreeBSD, nginx, gevent, Python, and the Flask framework\nThe tutorial walks through setting a basic Python application using the Flask framework\nThen setting up the client side in Javascript\nThen for the server side setup, it covers installing and configuring nginx, and py-supervisor on FreeBSD\nThe tutorial also includes links to additional resources and examples, including how to rate limit the Flash application\n***\n\n\nWhy FreeBSD?\n\n\nAn excellent article written by Hamza Sheikh, discussing why FreeBSD is now his clear choice for learning UNIX.\nThe article is pretty well written and lengthy, but has some great parts which we wanted to share with you:\n\n\nThere were many rough edges in the Linux world and some of them exist even today. Choosing the right distribution (distro) for the task at hand is always the first and most difficult decision to make. While this is a strength of the Linux community it is also its weakness. This is exacerbated with the toxic infighting within the community in the last few years.\n\nA herd of voices believes it is their right to bring down a distro community because it is not like their distro of choice. Forking upstream projects has somehow become taboo. Hurling abuse in mailing lists is acceptable. Helping new users is limited to lambasting their distro of choice. Creating conspiracy theories over software decisions is the way to go. Copyleft zealots roam social media declaring non-copyleft free software heretic abominations. It all boils down to an ecosystem soured by the presence of maniacs who have the loudest voices and they seem to be everywhere you turn.\n\nWhere is the engineering among all this noise? Btrfs - baking for a long time - is still nowhere near ZFS in stability or feature parity. systemd is an insatiable entity that feeds on every idea in sight and just devours indiscriminately. Wayland was promised years ago and its time has yet to arrive. Containers are represented by Docker that neither securely contains applications nor makes them easy to manage in production. Firewalling is dithering between firewalld, nftables, etc. SystemTap cannot match DTrace.\n\nIn the same time span what do various BSDs offer? pf, CARP, ZFS, Hammer, OpenSSH, jails, pkgsrc, (software) ports, DTrace, hardware portability; just to name a few. Few would deny that BSDs have delivered great engineering with free software licenses to the entire world. To me they appear to be better flag bearers of free software with engineering to back it.\n\n\nHe then goes through some of the various BSD’s and the specifics on why FreeBSD was the logical choice for his situation. But at the end has a great summary on the community as a whole:\n\n\nFinally - and maybe repeating myself here - I have nothing but praise for the community. Be it BSD Now, mailing lists, Reddit, Twitter, LFNW, or SeaGL, people have encouraged me, answered my questions, and filed bugs for me. I have been welcomed and made a part of the community with open arms. These reasons are (good) enough for me to use FreeBSD and contribute to it.\n\n\n\nBeastieBits\n\nOPNsense 16.1.3 released\n\nCopies of \"FreeBSD Mastery: Specialty Filesystems\" seen in the wild \n\npfsense training available in Europe \n\nLiteBSD now has 50 ports in its ports tree \n\nPorts tree locked for OpenBSD 5.9\n\n“FreeBSD Filesystem Fun” at March semibug\n\nEvent #46 — Embedded Platforms (BSD, OpenWRT, Plan 9 \u0026amp; Inferno) \n\n\n\nFeedback/Questions\n\n\nFrank - ZFS RAM? \nDavid - ARM Porting \n Johnny - Lumina Default? \n Adam - PC-BSD Install and Q’s \n Jeremy - Video Card Q \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, Allan is back from the Storage Summit in Silicon Valley! We are going to get his thoughts on how the conference went, plus bring you the latest ZFS info discussed. That plus the usual BSD news is\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.theregister.co.uk/2016/02/21/openbsd_website_operator_patch_now_for_the_sake_of_your_sanity/?mt=1456206806399\" rel=\"nofollow\"\u003eOpenBSD website operators urged to fix mind-alteringly bad bug\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe start off a bit light-hearted this week, with the important, breaking news that \u003cem\u003efinally\u003c/em\u003e a long-standing OpenBSD bug has been addressed for the HTTP daemon.\u003c/li\u003e\n\u003cli\u003eSpecifically? It changes the default 404 page fonts away from Comic Sans, to a bit more crowd-pleasing alternative:\n\n\u003cul\u003e\n\u003cli\u003e“For some reason the httpd status pages (e.g. 404) use the Comic Sans typeface. This patch removes comic sans and sets the typeface to the default sans-serif typeface of the client.\u003c/li\u003e\n\u003cli\u003e“This lowers the number of people contacting website maintainers with typeface complaints bordering on harassment”.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eOperators running HTTPD are highly encouraged to update their systems to the latest code, right now……... No seriously, we are waiting for you. Get it done now and then we’ll continue with the show.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2016.asiabsdcon.org/registration/?lang=en\" rel=\"nofollow\"\u003eRegistration for AsiaBSDCon 2016 is now open + Talk Schedule\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a few delays, the registration for AsiaBSDCon has now opened!\u003c/li\u003e\n\u003cli\u003eThe conference starts in less than two weeks! now, so be sure to get signed up ASAP.\u003c/li\u003e\n\u003cli\u003eIn addition the schedule has been posted, and here’s some of the highlights of this year’s conference.\u003c/li\u003e\n\u003cli\u003eIn addition to FreeBSD and NetBSD dev summits on the first two days, we have some excellent tutorials being given this year by Kirk, Gnn, Dru and more! (\u003ca href=\"https://2016.asiabsdcon.org/program.html.en\" rel=\"nofollow\"\u003ehttps://2016.asiabsdcon.org/program.html.en\u003c/a\u003e) \u003c/li\u003e\n\u003cli\u003eThe regular paper talks also have lots of good ones this year, including this crazy encrypted boot loader one given by our very own Allan Jude!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.d2-si.fr/2016/02/15/openbsd-on-aws/?hn\" rel=\"nofollow\"\u003eOPENBSD ON AWS : AN UNEXPECTED JOURNEY\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a blog post from Antoine Jacoutot, talking about the process of getting OpenBSD up and running in AWS\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIt starts with his process of creating an AMI from scratch, which ended up not being that bad:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003ecreate and loopback-mount a raw image containing a UFS filesystem extract the OpenBSD base sets (which are just regular tarballs) and kernel enable console output (so that one could “aws ec2 get-console-output”)\u003c/li\u003e\n\u003cli\u003einstall the boot loader on the image then use the ec2 tools to import the RAW image to S3, convert it into a volume (ec2-import-volume) which we can snapshot (ec2-create-snapshot) and create an AMI from (ec2-register)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe blog post also has a link to a script which automates this process, so don’t be daunted if you didn’t quite follow all of that. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThanks to the recently landed DomU support, the final pieces of the puzzle fell into place, allowing OpenBSD to function as a proper guest (with networking!)\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eNext it details the process of injecting a public SSH key into the instances for instant remote access. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eAn ec2-init.sh script was created (also on github) which does the following:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003esetting the hostname\u003c/li\u003e\n\u003cli\u003einstalling the provided SSH public key to /root/.ssh/authorized_keys\u003c/li\u003e\n\u003cli\u003eexecuting user-data (if it starts with a shebang)\u003c/li\u003e\n\u003cli\u003edisplaying the host SSH fingerprints on the console (to match cloud-init)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eWith that done, OpenBSD is pretty much AWS ready! He then gives a brief walkthrough of setting up nginx for new users, but if you’ve already done this before then the instance is ready for you to hacking on.\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/SummerOfCodeIdeas\" rel=\"nofollow\"\u003eStart thinking of ideas for things with FreeBSD for Google\u0026#39;s 2016 Summer of Code\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eStudents and Developers, listen up! It’s time to start thinking about GSoC again, and FreeBSD is looking to update its project ideas page.\u003c/li\u003e\n\u003cli\u003eThere’s some good ones on the list, plus ones that should be pruned (such as GELI boot), but now is the time to start adding new ones before we get too deep into the process.\u003c/li\u003e\n\u003cli\u003eThis goes for the other BSD’s as well, start thinking about your proposals, or if you are developer, which projects would be a good fit for mentoring.\u003c/li\u003e\n\u003cli\u003e(Improving the Linux Compat layer is one I think should be done!)\n\u003ca href=\"https://wiki.freebsd.org/Graphics/Getting%20started%20with%20kernel%20projects\" rel=\"nofollow\"\u003eGuide to getting started with kernel hacking\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eOne of the things that’s been asked frequently is how to contribute towards the efforts to bring updated DRM / X drivers to the FreeBSD kernel. \u003c/li\u003e\n\u003cli\u003eJean-Sébastien Pédron has started a great guide on the Wiki which details how to get started with the porting effort, and that developers need not be afraid of helping.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eStorage Summit Roundup\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEarlier this week a number of developers from FreeBSD, as well as various vendors that use FreeBSD, or provide products used with FreeBSD met for a \u003ca href=\"https://wiki.freebsd.org/201602StorageSummit\" rel=\"nofollow\"\u003eStorage Summit\u003c/a\u003e, to discuss the \nfuture of these technologies\u003c/li\u003e\n\u003cli\u003eThe summit was co-located with the USENIX FAST (Filesystems And Storage Technologies) conference\u003c/li\u003e\n\u003cli\u003eThe summit was sponsored by the FreeBSD Foundation and FlightAware\u003c/li\u003e\n\u003cli\u003eAfter a short introduction, the event opened with a Networking Synergy panel\u003c/li\u003e\n\u003cli\u003eThe focus of this panel was to see if there were techniques and lessons learned in improving the networking stack over the last 10 years that could be applied to improving the storage stack\u003c/li\u003e\n\u003cli\u003eA lot of time was spent discussing issues like multi-queue support, CPU scheduling, and ways to modernize the stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/201602StorageSummit/CAM\" rel=\"nofollow\"\u003eCAM Scheduling \u0026amp; Locking Revamp\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eNo notes posted\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/201602StorageSummit/UserSpace\" rel=\"nofollow\"\u003eUser Space Storage Stack\u003c/a\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the user space storage stacks discussed was Diskmap\u003c/li\u003e\n\u003cli\u003eLike netmap, but for disks (diskmap)\u003c/li\u003e\n\u003cli\u003eKernel bypass for accessing disks\u003c/li\u003e\n\u003cli\u003eIlias Marinos, who is working on diskmap at Cambridge University, described diskmap to the group\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eA design discussion then followed in which the memory management was covered as that\u0026#39;s an issue for any sort of \u0026quot;IO\u0026quot; map system\n\n\u003cul\u003e\n\u003cli\u003eAction Items:\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDiscuss with Luigi the idea of code merges\u003c/li\u003e\n\u003cli\u003eNeed a reset path API\u003c/li\u003e\n\u003cli\u003eKernel buffer mapping for reliability\u003c/li\u003e\n\u003cli\u003eSupport for other interfaces (SATA/SCSI)\u003c/li\u003e\n\u003cli\u003eGEOM layer adaptation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/201602StorageSummit/NewStorageTechnologies\" rel=\"nofollow\"\u003eAdapting to New Storage Technologies\u003c/a\u003e \n\n\u003cul\u003e\n\u003cli\u003eThis working group was led by Adrian Palmer, from Seagate\u003c/li\u003e\n\u003cli\u003eSMR\u003c/li\u003e\n\u003cli\u003ePersistent Memory\u003c/li\u003e\n\u003cli\u003eSession 1: Device Identification and the structural requirements\n\n\u003cul\u003e\n\u003cli\u003eAgenda: We\u0026#39;ll look over the Identification nuances and what needs to change to support the structure. Support for IO order guarantees, forward-write only requirements, new commands and topology. Dig into CAM and GEOM layers. Solutions should be fast and have as few code paths as possible\u003c/li\u003e\n\u003cli\u003eResults: Small audience. We talked about zoned characteristics, and how it can be used in various workloads, projected to be implemented in years\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eSession 2: Information dissemination and consumption\n\n\u003cul\u003e\n\u003cli\u003eAgenda: Where and how will information from the report_zones command be gathered, stored, combined and used. This will include userspace storage and multi-volume management. Will CAM store this data, or will GEOM? How frequently will this need to be queried/updated/verified from the drive?\u003c/li\u003e\n\u003cli\u003eResults: Merged with ZFS working group to discuss SMR. Came up with idea that could be implemented as circular buffer zone type. Began to discuss solutions among developers\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/201602StorageSummit/ZFS\" rel=\"nofollow\"\u003eZFS\u003c/a\u003e \n\n\u003cul\u003e\n\u003cli\u003eDuring the first session we discussed how to improve dedup support\n    + A dedup throttle or cap was discussed. When the size of the DDT grows beyond this size, new entries would not be deduped.\n\n\u003cul\u003e\n\u003cli\u003eAn alternative to this was also discussed, where when the DDT reached the cap size, it would remove a random entry with only a single reference from the DDT to make room for the new entry. When a block is going to be freed, if it is not found in the DDT, it is assumed to have only 1 reference, and removed.\u003c/li\u003e\n\u003cli\u003eThere was also discussion of replacing the DDT with an in-memory hash table and a “log” of increment/decrement operations, that is periodically compacted. The hash table is recreated from the log at pool import time. This would reduce the in-memory footprint of the DDT, as well as speed up all write operations as adding an entry to the dedup log will be less expensive than updating the DDT.\u003c/li\u003e\n\u003cli\u003eThere was also discussion of using dedicated device(s) for the DDT, either using the DDT on SSD work by Nexenta, or the Metadata Classes work by Intel\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe first session also discussed Secure Delete and related things\n\n\u003cul\u003e\n\u003cli\u003eThe desire for an implementation of TRIM that uses the “secure erase” functionality provided by some disks was expressed\u003c/li\u003e\n\u003cli\u003eOverwriting sectors with patterns of garbage may be insufficient because SSDs may internally remap where a specific LBA physically resides\u003c/li\u003e\n\u003cli\u003eThe possibility of using something like the “eager zero” feature to periodically write zeros over all free blocks in the pool to erase any lingering data fragments\u003c/li\u003e\n\u003cli\u003eProblems with the FreeBSD TRIM implementation were discussed, as well as looking at ways to implement the new ZFS TRIM implementation on FreeBSD\u003c/li\u003e\n\u003cli\u003eABD (ARC Buf Data) was discussed, a new design that lessens the requirement for contiguous memory. Only a small area of contiguous blocks is reserved at boot, and compressed ARC blocks are constructed of scatter-gather lists of individual pages\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe second session combined with the SMR group and talked about SMR support in ZFS\n\n\u003cul\u003e\n\u003cli\u003eLater in the second session ZFS Encryption was also discussed, mostly with a focus on what the use cases are\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe third session combined all of the groups for an overview of upcoming ZFS features including device removal and channel programs\u003c/li\u003e\n\u003cli\u003eThere was also a request for code review, for mostly finished projects like Persistent L2ARC, Writeback cache, and Large dnode support\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eHallway Track\n\n\u003cul\u003e\n\u003cli\u003eZFS / VFS Interaction\u003c/li\u003e\n\u003cli\u003eAdrian Palmer has been a FreeBSD hobbyist since FreeBSD 7, and I think I managed to convince him to start contributing\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://jamesdeagle.blogspot.com/2016/02/one-week-with-netbsd-70-back-to-unix.html\" rel=\"nofollow\"\u003eOne Week with NetBSD 7.0: Back to Unix basics\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author of this blog series is sending a week using NetBSD 7.0, following a previous series on Solaris 10\u003c/li\u003e\n\u003cli\u003e“This is actually familiar territory, as I\u0026#39;ve been using BSD variants almost exclusively since 2006. My recent SunOS explorations were triggered last summer by OpenBSD having choked on my current laptop\u0026#39;s NVIDIA card, and from what I could see at the time, FreeBSD had the same problem, although I now know NVIDIA drivers exist for that system. The thing that keeps me from going all-in with FreeBSD 10.x, however, is the fact that Firefox crashes and leaves \u0026quot;core dump\u0026quot; messages in its wake, and I\u0026#39;m just not a Chrome kinda guy.”\u003c/li\u003e\n\u003cli\u003e“For those with a catholic taste in Unix, NetBSD is a keg party at the Vatican. If you\u0026#39;re an absolute Unix beginner, or have been living on Ubuntu-based Linux distros for too long, then you may feel stranded at first by NetBSD\u0026#39;s sparseness. You\u0026#39;ll find yourself staring into the abyss and seeing only a blinking cursor staring back. If you have the presence of mind to type startx, you\u0026#39;ll be greeted by twm, a window manager offering little more than an xterm window with the same blinking cursor until you learn how to configure the .twmrc file to include whatever applications you want or need in the right-click menu.”\u003c/li\u003e\n\u003cli\u003e“As for NetBSD itself, I can\u0026#39;t think of any major productivity applications that can\u0026#39;t be installed, and most multimedia stuff works fine.”\u003c/li\u003e\n\u003cli\u003eIssues the author hopes to sort out in later posts:\n\n\u003cul\u003e\n\u003cli\u003eAudio playback (youtube videos in Firefox)\u003c/li\u003e\n\u003cli\u003eWireless\u003c/li\u003e\n\u003cli\u003eFlash\u003c/li\u003e\n\u003cli\u003eDigital Camera SD Card readability, video playback\u003c/li\u003e\n\u003cli\u003eAudacity\u003c/li\u003e\n\u003cli\u003eA “fancy” desktop like Gnome 2, KDE, or xfce\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eIn a \u003ca href=\"http://jamesdeagle.blogspot.com/2016/02/one-week-with-netbsd-70-libreoffice.html\" rel=\"nofollow\"\u003efollow-up post\u003c/a\u003e, the author got LibreOffice installed and sorted out the audio issues they were having\u003c/li\u003e\n\u003cli\u003eIn a \u003ca href=\"http://jamesdeagle.blogspot.com/2016/02/one-week-with-netbsd-70-mixed-review-of.html\" rel=\"nofollow\"\u003elater follow-up\u003c/a\u003e XFCE is up and running as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.dustinkirkland.com/2016/02/zfs-is-fs-for-containers-in-ubuntu-1604.html\" rel=\"nofollow\"\u003eZFS is for Containers in Ubuntu 16.04\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs you may have heard, Ubuntu 16.04 will include ZFS -- baked directly into Ubuntu -- supported by Canonical\u003c/li\u003e\n\u003cli\u003e“ZFS one of the most beloved features of Solaris, universally coveted by every Linux sysadmin with a Solaris background.  To our delight, we\u0026#39;re happy to make to OpenZFS available on every Ubuntu system.”\u003c/li\u003e\n\u003cli\u003eWhat does “supported by Canonical” mean?\u003c/li\u003e\n\u003cli\u003e“You\u0026#39;ll find zfs.ko automatically built and installed on your Ubuntu systems.  No more DKMS-built modules”\u003c/li\u003e\n\u003cli\u003e“The user space zfsutils-linux package will be included in Ubuntu Main, with security updates provided by Canonical”\u003c/li\u003e\n\u003cli\u003eThe article then provides a quick tutorial for setting up Linux Containers (LXC) backed by ZFS\u003c/li\u003e\n\u003cli\u003eIn the example, ZFS is backed by a file on the existing disk, not by a real disk, and with no redundancy\u003c/li\u003e\n\u003cli\u003eHowever, the setup script seems to support using real block devices\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"https://sfconservancy.org/\" rel=\"nofollow\"\u003eSoftware Freedom Conservancy\u003c/a\u003e is expected to issue a statement detailing their opinion on the legalities and licensing issues of bundling ZFS with Linux.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hypatia.software/2016/01/29/polling-is-a-hack-server-sent-events-eventsource-with-gevent-flask-nginx-and-freebsd/\" rel=\"nofollow\"\u003ePolling is a Hack: Server Sent Events (EventSource) with gevent, Flask, nginx, and FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA tutorial on setting up ‘Server-Sent Events’, also know as EventSource in javascript, to notify website clients of new data, rather than having the javascript constantly poll for new data.\u003c/li\u003e\n\u003cli\u003eThe setup uses FreeBSD, nginx, gevent, Python, and the Flask framework\u003c/li\u003e\n\u003cli\u003eThe tutorial walks through setting a basic Python application using the Flask framework\u003c/li\u003e\n\u003cli\u003eThen setting up the client side in Javascript\u003c/li\u003e\n\u003cli\u003eThen for the server side setup, it covers installing and configuring nginx, and py-supervisor on FreeBSD\u003c/li\u003e\n\u003cli\u003eThe tutorial also includes links to additional resources and examples, including how to rate limit the Flash application\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.aikchar.me/blog/why-freebsd.html\" rel=\"nofollow\"\u003eWhy FreeBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn excellent article written by Hamza Sheikh, discussing why FreeBSD is now his clear choice for learning UNIX.\u003c/li\u003e\n\u003cli\u003eThe article is pretty well written and lengthy, but has some great parts which we wanted to share with you:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThere were many rough edges in the Linux world and some of them exist even today. Choosing the right distribution (distro) for the task at hand is always the first and most difficult decision to make. While this is a strength of the Linux community it is also its weakness. This is exacerbated with the toxic infighting within the community in the last few years.\u003c/p\u003e\n\n\u003cp\u003eA herd of voices believes it is their right to bring down a distro community because it is not like their distro of choice. Forking upstream projects has somehow become taboo. Hurling abuse in mailing lists is acceptable. Helping new users is limited to lambasting their distro of choice. Creating conspiracy theories over software decisions is the way to go. Copyleft zealots roam social media declaring non-copyleft free software heretic abominations. It all boils down to an ecosystem soured by the presence of maniacs who have the loudest voices and they seem to be everywhere you turn.\u003c/p\u003e\n\n\u003cp\u003eWhere is the engineering among all this noise? Btrfs - baking for a long time - is still nowhere near ZFS in stability or feature parity. systemd is an insatiable entity that feeds on every idea in sight and just devours indiscriminately. Wayland was promised years ago and its time has yet to arrive. Containers are represented by Docker that neither securely contains applications nor makes them easy to manage in production. Firewalling is dithering between firewalld, nftables, etc. SystemTap cannot match DTrace.\u003c/p\u003e\n\n\u003cp\u003eIn the same time span what do various BSDs offer? pf, CARP, ZFS, Hammer, OpenSSH, jails, pkgsrc, (software) ports, DTrace, hardware portability; just to name a few. Few would deny that BSDs have delivered great engineering with free software licenses to the entire world. To me they appear to be better flag bearers of free software with engineering to back it.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe then goes through some of the various BSD’s and the specifics on why FreeBSD was the logical choice for his situation. But at the end has a great summary on the community as a whole:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eFinally - and maybe repeating myself here - I have nothing but praise for the community. Be it BSD Now, mailing lists, Reddit, Twitter, LFNW, or SeaGL, people have encouraged me, answered my questions, and filed bugs for me. I have been welcomed and made a part of the community with open arms. These reasons are (good) enough for me to use FreeBSD and contribute to it.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eBeastieBits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://opnsense.org/opnsense-16-1-3-released/\" rel=\"nofollow\"\u003eOPNsense 16.1.3 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://twitter.com/Savagedlight/status/700001944547491842\" rel=\"nofollow\"\u003eCopies of \u0026quot;FreeBSD Mastery: Specialty Filesystems\u0026quot; seen in the wild\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.netgate.com/training/\" rel=\"nofollow\"\u003epfsense training available in Europe\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/ibara/LiteBSD-Ports\" rel=\"nofollow\"\u003eLiteBSD now has 50 ports in its ports tree\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://marc.info/?l=openbsd-ports\u0026m=145615281431064\u0026w=2\" rel=\"nofollow\"\u003ePorts tree locked for OpenBSD 5.9\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2556\" rel=\"nofollow\"\u003e“FreeBSD Filesystem Fun” at March semibug\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://oshug.org/event/46\" rel=\"nofollow\"\u003eEvent #46 — Embedded Platforms (BSD, OpenWRT, Plan 9 \u0026amp; Inferno)\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eFeedback/Questions\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21lcCKrSB\" rel=\"nofollow\"\u003eFrank - ZFS RAM?\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s204lxjvlq\" rel=\"nofollow\"\u003eDavid - ARM Porting\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2xMiSNLYn\" rel=\"nofollow\"\u003e Johnny - Lumina Default?\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s214gJbLwD\" rel=\"nofollow\"\u003e Adam - PC-BSD Install and Q’s\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20UNyzEeh\" rel=\"nofollow\"\u003e Jeremy - Video Card Q\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, Allan is back from the Storage Summit in Silicon Valley! We are going to get his thoughts on how the conference went, plus bring you the latest ZFS info discussed. That plus the usual BSD news is","date_published":"2016-02-24T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/361b50a5-0039-4457-a81d-8501d6d3e588.mp3","mime_type":"audio/mpeg","size_in_bytes":93656020,"duration_in_seconds":7804}]},{"id":"22b2e499-6a84-4015-bb28-fa3a78fb831b","title":"129: Synthesize all the Things!","url":"https://www.bsdnow.tv/129","content_text":"Coming up this week, we will be talking to John Marino about his work on the ports-mgmt utility “Synth” and the cross-pollination between DragonFly and FreeBSD. That plus the latest news and your email here on\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nglibc and the BSDs \n\n\nYou have likely already heard about CVE-2015-7547 \n“A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, \npotentially, execute code with the permissions of the user running the library.”\n“Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”\nMore details from Google’s Online Security team blog  \n“Naturally, people have started asking whether FreeBSD is affected. The FreeBSD Security Officer has not yet released an official statement, but in the meantime, here is a brief look at the issue as far as FreeBSD is concerned.”\n“First of all: neither FreeBSD itself nor native FreeBSD applications are affected. While the resolver in FreeBSD’s libc and GNU libc share a common parentage, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”\nThe same most likely applies to the other BSDs\n“However, Linux applications running under emulation on a FreeBSD system use the GNU libc and are therefore vulnerable unless patched.”\nA patch to update emulation/linux_base-c6 has been prepared and should be committed soon\nRunning ‘pkg audit’ will list any known vulnerable packages installed on your system\n“The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.”\n“If you already have your own resolvers, you can configure them to avoid sending UDP responses larger than 2048 bytes. If the response does not fit in 2048 bytes, the server will send a truncated response, and the client should retry using TCP. While a similar bug exists in the code path for TCP requests, I believe that it can only be exploited by a malicious resolver, and interposing your own resolver will protect affected Linux systems and applications.”\nDag-Erling’s blog post also includes instructions and configuration examples for locking down your resolver, or setting up your own resolver if you don’t have one already\n***\n\n\nOpenBSD Foundation - 2016 Fundraising Campaign\n\n\nThe OpenBSD foundation has announced their 2016 fundraising campaign, and set the goal of raising $250k for the year. \nWhile they mention that fundraising for 2015 didn’t hit 2014’s blockbuster numbers, it still exceeded the goal set, with an almost equal mix of corporate and community donors. \n\n\n‘Our goal for 2016 is to increase the amount of support we offer for development, without compromising our regular support for the projects. We would like to:\n Plan and support more developer events (hackathons), and allow for more developers to attend these events.\n Continue to improve the project infrastructure.\n Fund more dedicated developer time for targeted development of specific projects.‘\n\n\nTo give you an idea of how much OpenBSD technology is used around the world, they broke it down this way:\n\n\nIf $10 were given for every installation of OpenBSD in the last year from the master site (ignoring the mirrors) we would be at our goal.\nIf $2 were given for every download of the OpenSSH source code in the last year from the master site (ignoring the mirrors) we would be at our goal.\nIf a penny was donated for every pf or OpenSSH installed with a mainstream operating system or phone in the last year we would be at our goal.\n\n\n\nGetting Started with ION-DTN 3.4.0 on FreeBSD\n\n\n“The Interplanetary Overlay Network (ION) software distribution is an implementation of Delay-Tolerant Networking (DTN) architecture as described in Internet RFC 4838, suitable for use in spacecraft”\nThis tutorial covers setting up ION 3.4.0 on FreeBSD\nThe tutorial starts by downloading the ION software, and installing the relevant build tools\nThe instructions allow ION to be installed system-wide, or for a specific user\nThe each host is configured\nThen pings are traded between the hosts to ensure everything works\nThen a web page is served over the interplanetary network\nSadly I don’t have any hosts on other planets to test with.\nThe tutorial also includes a troubleshooting guide\n***\n\n\nOpen Storage Issue – New BSD Mag is Out!\n\n\nThe next issue of BSDMag (The Open Storage Issue) just landed which features an interview with Matt Olander of iXsystems. \nDuring the interview, Matt talks about the culture of support for open-source down at iX,  not only FreeNAS and PC-BSD, but the FreeBSD foundation, Slackware and more. \nHe also gets to extol the virtues of the open-source development model itself, why it tends to lead to better code overall. \nIn addition to the lead interview with Matt, this issue also features some other great interviews with Open Source storage vendors, and even some ZFS howto’s about setting up your ZIL devive\n***\n\n\nInterview - John Marino - marino@freebsd.org\n\n\n\nFreeNAS with FreeBSD as its base helped save taxpayers $36,000 for a small public school district \n\n\n\nNews Roundup\n\nGetting Started With Tor Hidden Services on FreeBSD\n\n\nEver wondered how to setup and use a Tor hidden service? We have a walkthrough posted over on github.io which details how to do that on a FreeBSD -CURRENT system.\nThe basics are pretty simple, installing security/tor is the first step (although, he is using portmaster, you may wish to just ‘pkg install security/tor’)\nThe walkthrough provides an example server hosting just the date/time on port 8080, which you can use as an example and to verify it works, before serving anything real.\nOnce a local server is ready to serve something, the Tor setup is pretty quick, basically just two lines of config in torrc:\n\n\nHiddenServiceDir /usr/home/tor/hidden_service/\n\nHiddenServicePort 80 127.0.0.1:8080\n\n\nAfter starting the service, the walkthrough will show you how to get the new hostname for this hidden service and verify its functionality. \n\n\n\n\nZFS Remote Mirrors for Home Use\n\n\nA recently updated tutorial on remotely mirroring your ZFS files\nUsing a spare old computer, or a SBC like a Raspberry Pi, and an (external) hard drive\nIt covers installing and configuring FreeBSD for both sides of the remote replication\nThe new appendix covers the creation of a Raspberry Pi image, although a prebuilt one is also provided\nThe setup uses GELI to ensure the data is encrypted at-rest\nUpdating and maintaining both systems is covered in detail\nThe article is very detailed, and covers pretty much every aspect of the setup, including suggestions on where to physically locate the remote system, and configuration tips to reduce the chance that local intervention will be required\nMost importantly, it covers the disaster recovery steps. How to get your files back when bad things happen\n***\n\n\nLumina Desktop 0.8.8 Released\n\n\nPC-BSD’s very own Lumina desktop has issued a new release, 0.8.8\nNotable in this release is support for NetBSD out of box, improvements to the start menu, and ability to change monitor resolutions in the X configuration tool. (Also the desktop font colors look better!)\n0.8.8 is now available in PC-BSD via pkg, and FreeBSD ports/pkg system as well.\nLumina Desktop aims for v1.0 in July 2016 \nWe also have a blog post from Larry over at FossForce, highlighting that 1.0 of Lumina is still targeted for July(ish)\n***\n\n\nNetBSD on Google's Compute Engine\n\n\nA NetBSD developer has gotten NetBSD running on Google Compute Engine, a service somewhat similar to Amazon’s EC2, and Microsoft’s Azure\nSupport is still being worked on, but I imagine it will land in NetBSD before too long\nNetBSD on GCE dmesg  \nOpenBSD on GCE  \nFreeBSD on GCE  \n***\n\n\nBeastieBits\n\nhtop 2.0 released - an interactive process viewer for Unix (including FreeBSD and OpenBSD) \n\nFull set of binary packages for 7.0 released for ARM v6 and v7 (hf) \n\nDragonFly 4.4.2 released \n\nLibertyBSD 5.8 has been released \n\nBroadwell systems may want to take advantage of the patch by Imre Vadasz \n\nFinding the hard-to-spot bugs in FreeBSD  \n\n\n\nFeedback/Questions\n\n\nJohnny - The Daily Show \n Randy - Let it BSD \n Miguel - NullFS  \n Jaek - PC-BSD Hardware \n***\n","content_html":"\u003cp\u003eComing up this week, we will be talking to John Marino about his work on the ports-mgmt utility “Synth” and the cross-pollination between DragonFly and FreeBSD. That plus the latest news and your email here on\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.des.no/2016/02/freebsd-and-cve-2015-7547/\" rel=\"nofollow\"\u003eglibc and the BSDs \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou have likely already heard about \u003ca href=\"https://access.redhat.com/security/cve/cve-2015-7547\" rel=\"nofollow\"\u003eCVE-2015-7547 \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e“A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, \npotentially, execute code with the permissions of the user running the library.”\u003c/li\u003e\n\u003cli\u003e“Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://googleonlinesecurity.blogspot.ca/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\" rel=\"nofollow\"\u003eMore details from Google’s Online Security team blog \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e“Naturally, people have started asking whether FreeBSD is affected. The FreeBSD Security Officer has not yet released an official statement, but in the meantime, here is a brief look at the issue as far as FreeBSD is concerned.”\u003c/li\u003e\n\u003cli\u003e“First of all: neither FreeBSD itself nor native FreeBSD applications are affected. While the resolver in FreeBSD’s libc and GNU libc share a common parentage, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”\u003c/li\u003e\n\u003cli\u003eThe same most likely applies to the other BSDs\u003c/li\u003e\n\u003cli\u003e“However, Linux applications running under emulation on a FreeBSD system use the GNU libc and are therefore vulnerable unless patched.”\u003c/li\u003e\n\u003cli\u003eA patch to update emulation/linux_base-c6 has been prepared and should be committed soon\u003c/li\u003e\n\u003cli\u003eRunning ‘pkg audit’ will list any known vulnerable packages installed on your system\u003c/li\u003e\n\u003cli\u003e“The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.”\u003c/li\u003e\n\u003cli\u003e“If you already have your own resolvers, you can configure them to avoid sending UDP responses larger than 2048 bytes. If the response does not fit in 2048 bytes, the server will send a truncated response, and the client should retry using TCP. While a similar bug exists in the code path for TCP requests, I believe that it can only be exploited by a malicious resolver, and interposing your own resolver will protect affected Linux systems and applications.”\u003c/li\u003e\n\u003cli\u003eDag-Erling’s blog post also includes instructions and configuration examples for locking down your resolver, or setting up your own resolver if you don’t have one already\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsdfoundation.org/campaign2016.html\" rel=\"nofollow\"\u003eOpenBSD Foundation - 2016 Fundraising Campaign\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenBSD foundation has announced their 2016 fundraising campaign, and set the goal of raising $250k for the year. \u003c/li\u003e\n\u003cli\u003eWhile they mention that fundraising for 2015 didn’t hit 2014’s blockbuster numbers, it still exceeded the goal set, with an almost equal mix of corporate and community donors. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e‘Our goal for 2016 is to increase the amount of support we offer for development, without compromising our regular support for the projects. We would like to:\u003cbr\u003e\n Plan and support more developer events (hackathons), and allow for more developers to attend these events.\u003cbr\u003e\n Continue to improve the project infrastructure.\u003cbr\u003e\n Fund more dedicated developer time for targeted development of specific projects.‘\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo give you an idea of how much OpenBSD technology is used around the world, they broke it down this way:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eIf $10 were given for every installation of OpenBSD in the last year from the master site (ignoring the mirrors) we would be at our goal.\u003cbr\u003e\nIf $2 were given for every download of the OpenSSH source code in the last year from the master site (ignoring the mirrors) we would be at our goal.\u003cbr\u003e\nIf a penny was donated for every pf or OpenSSH installed with a mainstream operating system or phone in the last year we would be at our goal.\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sgeos.github.io/freebsd/ion/dtn/2016/02/07/getting-started-with-ion-dtn-3-4-0-on-freebsd.html\" rel=\"nofollow\"\u003eGetting Started with ION-DTN 3.4.0 on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The Interplanetary Overlay Network (ION) software distribution is an implementation of Delay-Tolerant Networking (DTN) architecture as described in Internet RFC 4838, suitable for use in spacecraft”\u003c/li\u003e\n\u003cli\u003eThis tutorial covers setting up ION 3.4.0 on FreeBSD\u003c/li\u003e\n\u003cli\u003eThe tutorial starts by downloading the ION software, and installing the relevant build tools\u003c/li\u003e\n\u003cli\u003eThe instructions allow ION to be installed system-wide, or for a specific user\u003c/li\u003e\n\u003cli\u003eThe each host is configured\u003c/li\u003e\n\u003cli\u003eThen pings are traded between the hosts to ensure everything works\u003c/li\u003e\n\u003cli\u003eThen a web page is served over the interplanetary network\u003c/li\u003e\n\u003cli\u003eSadly I don’t have any hosts on other planets to test with.\u003c/li\u003e\n\u003cli\u003eThe tutorial also includes a troubleshooting guide\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bsdmag.org/download/open_storage/\" rel=\"nofollow\"\u003eOpen Storage Issue – New BSD Mag is Out!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe next issue of BSDMag (The Open Storage Issue) just landed which features an interview with Matt Olander of iXsystems. \u003c/li\u003e\n\u003cli\u003eDuring the interview, Matt talks about the culture of support for open-source down at iX,  not only FreeNAS and PC-BSD, but the FreeBSD foundation, Slackware and more. \u003c/li\u003e\n\u003cli\u003eHe also gets to extol the virtues of the open-source development model itself, why it tends to lead to better code overall. \u003c/li\u003e\n\u003cli\u003eIn addition to the lead interview with Matt, this issue also features some other great interviews with Open Source storage vendors, and even some ZFS howto’s about setting up your ZIL devive\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - John Marino - \u003ca href=\"mailto:marino@freebsd.org\" rel=\"nofollow\"\u003emarino@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.ixsystems.com/whats-new/2016/02/11/january-missioncomplete-best-story/\" rel=\"nofollow\"\u003eFreeNAS with FreeBSD as its base helped save taxpayers $36,000 for a small public school district\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://sgeos.github.io/tor/freebsd/nc/curl/2016/02/06/getting-started-with-tor-hidden-services-on-freebsd.html\" rel=\"nofollow\"\u003eGetting Started With Tor Hidden Services on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEver wondered how to setup and use a Tor hidden service? We have a walkthrough posted over on github.io which details how to do that on a FreeBSD -CURRENT system.\u003c/li\u003e\n\u003cli\u003eThe basics are pretty simple, installing security/tor is the first step (although, he is using portmaster, you may wish to just ‘pkg install security/tor’)\u003c/li\u003e\n\u003cli\u003eThe walkthrough provides an example server hosting just the date/time on port 8080, which you can use as an example and to verify it works, before serving anything real.\u003c/li\u003e\n\u003cli\u003eOnce a local server is ready to serve something, the Tor setup is pretty quick, basically just two lines of config in torrc:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eHiddenServiceDir /usr/home/tor/hidden_service/\u003c/p\u003e\n\n\u003cp\u003eHiddenServicePort 80 127.0.0.1:8080\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter starting the service, the walkthrough will show you how to get the new hostname for this hidden service and verify its functionality. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/hughobrien/zfs-remote-mirror\" rel=\"nofollow\"\u003eZFS Remote Mirrors for Home Use\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA recently updated tutorial on remotely mirroring your ZFS files\u003c/li\u003e\n\u003cli\u003eUsing a spare old computer, or a SBC like a Raspberry Pi, and an (external) hard drive\u003c/li\u003e\n\u003cli\u003eIt covers installing and configuring FreeBSD for both sides of the remote replication\u003c/li\u003e\n\u003cli\u003eThe new appendix covers the creation of a Raspberry Pi image, although a prebuilt one is also provided\u003c/li\u003e\n\u003cli\u003eThe setup uses GELI to ensure the data is encrypted at-rest\u003c/li\u003e\n\u003cli\u003eUpdating and maintaining both systems is covered in detail\u003c/li\u003e\n\u003cli\u003eThe article is very detailed, and covers pretty much every aspect of the setup, including suggestions on where to physically locate the remote system, and configuration tips to reduce the chance that local intervention will be required\u003c/li\u003e\n\u003cli\u003eMost importantly, it covers the disaster recovery steps. How to get your files back when bad things happen\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lumina-desktop.org/lumina-desktop-0-8-8-released/\" rel=\"nofollow\"\u003eLumina Desktop 0.8.8 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePC-BSD’s very own Lumina desktop has issued a new release, 0.8.8\u003c/li\u003e\n\u003cli\u003eNotable in this release is support for NetBSD out of box, improvements to the start menu, and ability to change monitor resolutions in the X configuration tool. (Also the desktop font colors look better!)\u003c/li\u003e\n\u003cli\u003e0.8.8 is now available in PC-BSD via pkg, and FreeBSD ports/pkg system as well.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://fossforce.com/2016/02/lumina-desktop-getting-ready-freebsd-11-0/\" rel=\"nofollow\"\u003eLumina Desktop aims for v1.0 in July 2016\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eWe also have a blog post from Larry over at FossForce, highlighting that 1.0 of Lumina is still targeted for July(ish)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20160213_1951.html\" rel=\"nofollow\"\u003eNetBSD on Google\u0026#39;s Compute Engine\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA NetBSD developer has gotten NetBSD running on Google Compute Engine, a service somewhat similar to Amazon’s EC2, and Microsoft’s Azure\u003c/li\u003e\n\u003cli\u003eSupport is still being worked on, but I imagine it will land in NetBSD before too long\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://dmesgd.nycbug.org/index.cgi?action=dmesgd\u0026do=view\u0026id=2900\" rel=\"nofollow\"\u003eNetBSD on GCE dmesg \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=138610199311393\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD on GCE \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/swills/FreeBSD-gcloud\" rel=\"nofollow\"\u003eFreeBSD on GCE \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastieBits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://hisham.hm/htop/\" rel=\"nofollow\"\u003ehtop 2.0 released - an interactive process viewer for Unix (including FreeBSD and OpenBSD)\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/port-arm/2016/01/31/msg003648.html\" rel=\"nofollow\"\u003eFull set of binary packages for 7.0 released for ARM v6 and v7 (hf)\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.dragonflybsd.org/release44/\" rel=\"nofollow\"\u003eDragonFly 4.4.2 released\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://libertybsd.net/\" rel=\"nofollow\"\u003eLibertyBSD 5.8 has been released\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-January/459239.html\" rel=\"nofollow\"\u003eBroadwell systems may want to take advantage of the patch by Imre Vadasz\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.viva64.com/en/b/0377/\" rel=\"nofollow\"\u003eFinding the hard-to-spot bugs in FreeBSD \u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21dwzoXRn\" rel=\"nofollow\"\u003eJohnny - The Daily Show\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Hmmu5pUr\" rel=\"nofollow\"\u003e Randy - Let it BSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20tOLsHHj\" rel=\"nofollow\"\u003e Miguel - NullFS \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2N9wQ1n5X\" rel=\"nofollow\"\u003e Jaek - PC-BSD Hardware\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we will be talking to John Marino about his work on the ports-mgmt utility “Synth” and the cross-pollination between DragonFly and FreeBSD. That plus the latest news and your email here on","date_published":"2016-02-17T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/22b2e499-6a84-4015-bb28-fa3a78fb831b.mp3","mime_type":"audio/mpeg","size_in_bytes":74414164,"duration_in_seconds":6201}]},{"id":"562ad286-1548-407d-b0d4-4c26b3d1a69f","title":"128: The State of BSD","url":"https://www.bsdnow.tv/128","content_text":"This week on BSDNow, we interview Nick Wolff about how FreeBSD is used across the State of Ohio and some of the specific technology used. That, plus the latest news is coming your way right now on BSDNow, the place to\n\nThis episode was brought to you by\n\n\ntitle=\"DigitalOcean\"\u0026gt;\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u0026gt;\n\n\n\nHeadlines\n\nDoc like an Egyptian: Managing project documentation with Sphinx\n\n\nIn case you didn’t make it out to SCALE a few weeks back, we have a great interview with Dru Lavigne over at OpenSource.com which goes over her talk on “Doc like an Egyptian”. \nIn particular she discusses the challenges of running a wiki for documentation for PC-BSD and FreeNAS which prompted the shift to using Sphinx instead.\n\n\n\n“While the main purpose of a wiki is to invite user contributions and to provide a low barrier to entry, very few people come to write documentation (however, every spambot on the planet will quickly find your wiki, which creates its own set of maintenance issues).\n\nWikis are designed for separate, one-ish page infobytes, such as how-tos. They really aren't designed to provide navigation in a Table of Contents or to provide a flow of Chapters, though you can hack your pages to provide navigational elements to match the document's flow. This gets more difficult as the document increases in size—our guides tend to be 300+ pages. It becomes a nightmare as you try to provide versioned copies of each of those pages so that the user is finding and reading the right page for their version of software.\n\nWhile wiki translation extensions are available, how to configure them is not well documented, their use is slow and clunky, and translated pages only increase the number of available pages, getting you back to the problems in the previous bullet. This is a big deal for projects that have a global audience.\n\nWhile output-generation wiki extensions are available (for example, to convert your wiki pages to HTML or PDF), how to configure them is not well documented, and they provide very little control for the layout of the generated format. This is a big deal for projects that need to make their documentation available in multiple formats.“\n\n\n\nShe then discusses some of the hurdles of migration from the Wiki to Sphinx, and follows up with some of the differences using Sphinx you should be aware of for any documentation project.\n\n\n\n“While Sphinx is easy to learn, it does have its quirks. For example, it does not support stacked tags. This means, for example, you can not bold italic a phrase using tags—to achieve that requires a CSS workaround. And, while Sphinx does have extensive documentation, a lot of it assumes you already know what you are doing. When you don't, it can be difficult to find an example that does what you are trying to achieve.\n\nSphinx is well suited for projects with an existing repository—say, on github—a build infrastructure, and contributors who are comfortable with using text editors and committing to the repo (or creating, say, git pull requests).“\n\n\n\n\nInitial FreeBSD RISC-V Architecture Port Committed.\n\n\nTouching on a story we mentioned a few weeks back, we have a blog post from from Annie over at the FreeBSD foundation talking about the details behind the initial support for RISC-V.\nTo start us off, you may be wondering what is RISC-V and what makes it special?RISC-V is an exciting new open-source Instruction-Set Architecture (ISA) developed at the University of California at Berkeley, which is seeing increasing interest in the embedded systems and hardware-software research communities.\nCurrently the improvements allows booting FreeBSD in the Spike simulator, from the university of Berkeley, with enough reliability to do various things, such as SSH, shell, mail, etc.\nThe next steps include getting multi-core support working, and getting  it working in simulations of Cambridge’s open-source LowRISC System-on-Chip functioning, and ready for early hardware.\nBoth ports and packages are expected to land in the coming days, so if you love hacking on branch new architectures, this may be your time to jump in.\n***\n\n\nFreeBSD Bhyve hypervisor supporting Windows UEFI guests \n\n\nIf you have not been following bhyve lately, you’re in for a treat when FreeBSD 10.3 ships in the coming weeks\nbhyve now supports UEFI and CSM booting, in addition to its existing FreeBSD userboot loader, and grub-bhyve port\nThe EFI support allows Windows guests to be run on FreeBSD\nDue to the lack of graphics, this requires making a custom .iso to do an ‘Unattended Install’ of Windows, but this is easily done just editing and including a .xml file\nThe bootrom can now allocate memory\nAdded some SATA command emulations (no-op)\nIncreased the number of virtio-blk indirect descriptors\nAdded a Firmware guest query interface\nAdd -l option to specify userboot path\nFreeBSD Bhyve Hypervisor Running Windows Server 2012 R2 Standard \nIn related news, TidalScale officially released their product today  \nTidalScale is a commercial product based on bhyve that allows multiple physical machines to be combined into a single massive virtual machine, with the combined processor power, memory, disk I/O, and network capacity of all of the machines\n***\n\n\nFreeBSD TACACS+ GNS3 and Cisco 3700 Router\n\n\n“TACACS+ – (Terminal Access Controller Access Control System plus) — is a session protocol developed by Cisco.”\nThis tutorial covers configuring FreeBSD and the tac_plus4 port to act as an authentication, authorization, and accounting server for Cisco routers\nThe configuration of FreeBSD, the software, and the router are covered\nIt also includes how to set the FreeBSD server up as a VM on windows, and bridge it to the network\nI am sure there are some network administrators out there that would appreciate this\n***\n\n\nInterview - Nick Wolff - darkfiberiru@gmail.com / @darkfiberiru\n\n\n\nNews Roundup\n\nPapers We Love Presents : Bryan Cantrill on Jails \u0026amp; Solaris Zones\n\n\nThe folks over at NYCBug point us to “Papers We Love”, a New York based meetup group where past papers are presented. They have a talk scheduled for tomorrow (Feb 11th) with Bryan Cantrill discussing Jails and Solaris Zones\nThe talk starts at 7PM at the Tumblr building, located between 5th and Park Ave South on 21st street\n“We're crazy excited to have Bryan Cantrill, CTO of Joyent, formerly of Sun Microsystems, presenting on Jails: Confining the omnipotent root. \nby Poul-Henning Kamp and Robert Watson and Solaris Zones: Operating System Support for Consolidating Commercial Workloads by Dan Price and Andy Tucker!”\nThe abstract posted gives us a sneak peak of what to expect, first covering jails as a method to “partition” the operating system environment, but maintaining the UNIX “root” model.\nNext it looks like he will compare and contrast with the Solaris Zones functionality, which creates virtualized application execution environments, within the single OS instance.\nSounds like a fantastic talk, hopefully somebody remembers to record and post it for us to enjoy later!\nThere will not be a live stream, but a video of the event should appear online after it has been edited\n***\n\n\nFreeBSD Storage Summit\n\n\nThe FreeBSD Foundation will be hosting a Storage Summit, co-located at the USENIX FAST (Filesystems And Storage Technology) conference\nDevelopers and Vendors are invited to work on storage related issues\nThis summit will be a hackathon focused event, rather than a discussion focused devsummit\nAfter setup and introductions, the summit will start with a “Networking Synergies Panel”, to discuss networking as it relates to storage\nAfter a short break, the attendees will break up into a number of working groups focused on solving actual problems\nThe current working groups include:\nCAM Scheduling \u0026amp; Locking, led by Justin Gibbs: “Updating CAM queuing/scheduling and locking models to minimize cross-cpu contention and support multi-queue controllers”\nZFS, led by Matt Ahrens: topics will include enabling the new cryptographic hashes supported by OpenZFS on FreeBSD, Interaction with the kernel memory subsystem, and other upcoming features.\nUser Space Storage Stack, led by George Neville-Neil\nThis event offers a unique opportunity for developers and vendors from the storage industry to meet at an event they will likely already be attending\n***\n\n\nTor Browser 5.5 for OpenBSD/amd64 -current is completed\n\n\n“The Tor BSD Diversity Project (TDP) is proud to announce the release of Tor Browser (TB) version 5.5 for OpenBSD. Please note that this version of TB remains in development mode, and is not meant to ensure strong privacy, anonymity or security.”\n“TDP (https://torbsd.github.io) is an effort to extend the use of the BSD Unixes into the Tor ecosystem, from the desktop to the network. TDP is focused on diversifying the Tor network, with TB being the flagship project. \nAdditional efforts are made to increase the number of *BSD relays on the Tor network among other sub-projects”\nHelp test the new browser bundle, or help diversify the Tor network\n***\n\n\n“FreeBSD Mastery: Advanced ZFS” Table of Contents\n\n\nWe brought you the news about sponsoring the Advanced ZFS book that MWL is working on, now Michael has given us the tentative chapter layout of the (sure to be a classic) tome coming from him and Allan.\n\n\n0: Introduction\n1: Boot Environments\n2: Delegation and Jails\n3: Sharing\n4: Replication\n5: zvols\n6: Advanced Hardware\n7: Caches\n8: Performance\n9: Tuning\n10: ZFS Potpourri\n\nIn addition to the tease about the upcoming book, michael has asked the community for assistance in coming up with the cover art for it as well. \nIn particular it should probably be in-line with his previous works, with a parody of some other classic art-work. \nIf you have something, go tweet out to him at @mwlauthor\n\n\n\n\nBeastie Bits\n\n\nOnline registration for AsiaBSDCon 2016 now open SOON\nBhyveCon 2016 \nNYC*BUG shell-fu talk slides\nPossible regression in DragonFly i915 graphics on older Core2Duos  \nVideos from FOSDEM 2016. BSD dev room was k4601 \n\n\n\n\nFeedback/Questions\n\n\n Andrew - SMART Tests \n JT - Secure File Delete \n Jordan - Migrate \n Lars - Pros and Cons of VM \n Alex - IPSEC \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we interview Nick Wolff about how FreeBSD is used across the State of Ohio and some of the specific technology used. That, plus the latest news is coming your way right now on BSDNow, the place to\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" \u003cbr\u003e\ntitle=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opensource.com/business/16/1/scale-14x-interview-dru-lavigne\" rel=\"nofollow\"\u003eDoc like an Egyptian: Managing project documentation with Sphinx\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn case you didn’t make it out to SCALE a few weeks back, we have a great interview with Dru Lavigne over at OpenSource.com which goes over her talk on “Doc like an Egyptian”. \u003c/li\u003e\n\u003cli\u003eIn particular she discusses the challenges of running a wiki for documentation for PC-BSD and FreeNAS which prompted the shift to using Sphinx instead.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“While the main purpose of a wiki is to invite user contributions and to provide a low barrier to entry, very few people come to write documentation (however, every spambot on the planet will quickly find your wiki, which creates its own set of maintenance issues).\u003c/p\u003e\n\n\u003cp\u003eWikis are designed for separate, one-ish page infobytes, such as how-tos. They really aren\u0026#39;t designed to provide navigation in a Table of Contents or to provide a flow of Chapters, though you can hack your pages to provide navigational elements to match the document\u0026#39;s flow. This gets more difficult as the document increases in size—our guides tend to be 300+ pages. It becomes a nightmare as you try to provide versioned copies of each of those pages so that the user is finding and reading the right page for their version of software.\u003c/p\u003e\n\n\u003cp\u003eWhile wiki translation extensions are available, how to configure them is not well documented, their use is slow and clunky, and translated pages only increase the number of available pages, getting you back to the problems in the previous bullet. This is a big deal for projects that have a global audience.\u003c/p\u003e\n\n\u003cp\u003eWhile output-generation wiki extensions are available (for example, to convert your wiki pages to HTML or PDF), how to configure them is not well documented, and they provide very little control for the layout of the generated format. This is a big deal for projects that need to make their documentation available in multiple formats.“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003cul\u003e\n\u003cli\u003eShe then discusses some of the hurdles of migration from the Wiki to Sphinx, and follows up with some of the differences using Sphinx you should be aware of for any documentation project.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003e“While Sphinx is easy to learn, it does have its quirks. For example, it does not support stacked tags. This means, for example, you can not bold italic a phrase using tags—to achieve that requires a CSS workaround. And, while Sphinx does have extensive documentation, a lot of it assumes you already know what you are doing. When you don\u0026#39;t, it can be difficult to find an example that does what you are trying to achieve.\u003c/p\u003e\n\n\u003cp\u003eSphinx is well suited for projects with an existing repository—say, on github—a build infrastructure, and contributors who are comfortable with using text editors and committing to the repo (or creating, say, git pull requests).“\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2016/02/initial-freebsd-risc-v-architecture.html\" rel=\"nofollow\"\u003eInitial FreeBSD RISC-V Architecture Port Committed.\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTouching on a story we mentioned a few weeks back, we have a blog post from from Annie over at the FreeBSD foundation talking about the details behind the initial support for RISC-V.\u003c/li\u003e\n\u003cli\u003eTo start us off, you may be wondering what is RISC-V and what makes it special?RISC-V is an exciting new open-source Instruction-Set Architecture (ISA) developed at the University of California at Berkeley, which is seeing increasing interest in the embedded systems and hardware-software research communities.\u003c/li\u003e\n\u003cli\u003eCurrently the improvements allows booting FreeBSD in the Spike simulator, from the university of Berkeley, with enough reliability to do various things, such as SSH, shell, mail, etc.\u003c/li\u003e\n\u003cli\u003eThe next steps include getting multi-core support working, and getting  it working in simulations of Cambridge’s open-source LowRISC System-on-Chip functioning, and ready for early hardware.\u003c/li\u003e\n\u003cli\u003eBoth ports and packages are expected to land in the coming days, so if you love hacking on branch new architectures, this may be your time to jump in.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=295124\" rel=\"nofollow\"\u003eFreeBSD Bhyve hypervisor supporting Windows UEFI guests \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you have not been following bhyve lately, you’re in for a treat when FreeBSD 10.3 ships in the coming weeks\u003c/li\u003e\n\u003cli\u003ebhyve now supports UEFI and CSM booting, in addition to its existing FreeBSD userboot loader, and grub-bhyve port\u003c/li\u003e\n\u003cli\u003eThe EFI support allows Windows guests to be run on FreeBSD\u003c/li\u003e\n\u003cli\u003eDue to the lack of graphics, this requires making a custom .iso to do an ‘Unattended Install’ of Windows, but this is easily done just editing and including a .xml file\u003c/li\u003e\n\u003cli\u003eThe bootrom can now allocate memory\u003c/li\u003e\n\u003cli\u003eAdded some SATA command emulations (no-op)\u003c/li\u003e\n\u003cli\u003eIncreased the number of virtio-blk indirect descriptors\u003c/li\u003e\n\u003cli\u003eAdded a Firmware guest query interface\u003c/li\u003e\n\u003cli\u003eAdd -l option to specify userboot path\n\u003ca href=\"https://jameslodge.com/freebsd-bhyve-hypervisor-running-windows-server-2012-r2-standard/\" rel=\"nofollow\"\u003eFreeBSD Bhyve Hypervisor Running Windows Server 2012 R2 Standard\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eIn related news, \u003ca href=\"http://www.prnewswire.com/news-releases/tidalscale-releases-its-system-scaling-hyperkernel-300216105.html\" rel=\"nofollow\"\u003eTidalScale officially released their product today \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eTidalScale is a commercial product based on bhyve that allows multiple physical machines to be combined into a single massive virtual machine, with the combined processor power, memory, disk I/O, and network capacity of all of the machines\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.unixmen.com/freebsd-tacacs-gns3-and-cisco-3700-router/\" rel=\"nofollow\"\u003eFreeBSD TACACS+ GNS3 and Cisco 3700 Router\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“TACACS+ – (Terminal Access Controller Access Control System plus) — is a session protocol developed by Cisco.”\u003c/li\u003e\n\u003cli\u003eThis tutorial covers configuring FreeBSD and the tac_plus4 port to act as an authentication, authorization, and accounting server for Cisco routers\u003c/li\u003e\n\u003cli\u003eThe configuration of FreeBSD, the software, and the router are covered\u003c/li\u003e\n\u003cli\u003eIt also includes how to set the FreeBSD server up as a VM on windows, and bridge it to the network\u003c/li\u003e\n\u003cli\u003eI am sure there are some network administrators out there that would appreciate this\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Nick Wolff - \u003ca href=\"mailto:darkfiberiru@gmail.com\" rel=\"nofollow\"\u003edarkfiberiru@gmail.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/darkfiberiru\" rel=\"nofollow\"\u003e@darkfiberiru\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2016-February/016495.html\" rel=\"nofollow\"\u003ePapers We Love Presents : Bryan Cantrill on Jails \u0026amp; Solaris Zones\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe folks over at NYCBug point us to “Papers We Love”, a New York based meetup group where past papers are presented. They have a talk scheduled for tomorrow (Feb 11th) with Bryan Cantrill discussing Jails and Solaris Zones\u003c/li\u003e\n\u003cli\u003eThe talk starts at 7PM at the Tumblr building, located between 5th and Park Ave South on 21st street\u003c/li\u003e\n\u003cli\u003e“We\u0026#39;re \u003cstrong\u003ecrazy\u003c/strong\u003e excited to have Bryan Cantrill, CTO of Joyent, formerly of Sun Microsystems, presenting on \u003ca href=\"https://us-east.manta.joyent.com/bcantrill/public/ppwl-cantrill-jails.pdf\" rel=\"nofollow\"\u003eJails: Confining the omnipotent root\u003c/a\u003e. \nby Poul-Henning Kamp and Robert Watson and \u003ca href=\"https://us-east.manta.joyent.com/bcantrill/public/ppwl-cantrill-zones.pdf\" rel=\"nofollow\"\u003eSolaris Zones: Operating System Support for Consolidating Commercial Workloads\u003c/a\u003e by Dan Price and Andy Tucker!”\u003c/li\u003e\n\u003cli\u003eThe abstract posted gives us a sneak peak of what to expect, first covering jails as a method to “partition” the operating system environment, but maintaining the UNIX “root” model.\u003c/li\u003e\n\u003cli\u003eNext it looks like he will compare and contrast with the Solaris Zones functionality, which creates virtualized application execution environments, within the single OS instance.\u003c/li\u003e\n\u003cli\u003eSounds like a fantastic talk, hopefully somebody remembers to record and post it for us to enjoy later!\u003c/li\u003e\n\u003cli\u003eThere will not be a live stream, but a video of the event should appear online after it has been edited\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/201602StorageSummit\" rel=\"nofollow\"\u003eFreeBSD Storage Summit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD Foundation will be hosting a Storage Summit, co-located at the USENIX FAST (Filesystems And Storage Technology) conference\u003c/li\u003e\n\u003cli\u003eDevelopers and Vendors are invited to work on storage related issues\u003c/li\u003e\n\u003cli\u003eThis summit will be a hackathon focused event, rather than a discussion focused devsummit\u003c/li\u003e\n\u003cli\u003eAfter setup and introductions, the summit will start with a “Networking Synergies Panel”, to discuss networking as it relates to storage\u003c/li\u003e\n\u003cli\u003eAfter a short break, the attendees will break up into a number of working groups focused on solving actual problems\u003c/li\u003e\n\u003cli\u003eThe current working groups include:\u003c/li\u003e\n\u003cli\u003eCAM Scheduling \u0026amp; Locking, led by Justin Gibbs: “Updating CAM queuing/scheduling and locking models to minimize cross-cpu contention and support multi-queue controllers”\u003c/li\u003e\n\u003cli\u003eZFS, led by Matt Ahrens: topics will include enabling the new cryptographic hashes supported by OpenZFS on FreeBSD, Interaction with the kernel memory subsystem, and other upcoming features.\u003c/li\u003e\n\u003cli\u003eUser Space Storage Stack, led by George Neville-Neil\u003c/li\u003e\n\u003cli\u003eThis event offers a unique opportunity for developers and vendors from the storage industry to meet at an event they will likely already be attending\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2016-February/016514.html\" rel=\"nofollow\"\u003eTor Browser 5.5 for OpenBSD/amd64 -current is completed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The Tor BSD Diversity Project (TDP) is proud to announce the release of Tor Browser (TB) version 5.5 for OpenBSD. Please note that this version of TB remains in development mode, and is not meant to ensure strong privacy, anonymity or security.”\u003c/li\u003e\n\u003cli\u003e“TDP (\u003ca href=\"https://torbsd.github.io\" rel=\"nofollow\"\u003ehttps://torbsd.github.io\u003c/a\u003e) is an effort to extend the use of the BSD Unixes into the Tor ecosystem, from the desktop to the network. TDP is focused on diversifying the Tor network, with TB being the flagship project. \nAdditional efforts are made to increase the number of *BSD relays on the Tor network among other sub-projects”\u003c/li\u003e\n\u003cli\u003eHelp test the new browser bundle, or help diversify the Tor network\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2548\" rel=\"nofollow\"\u003e“FreeBSD Mastery: Advanced ZFS” Table of Contents\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003eWe brought you the news about sponsoring the Advanced ZFS book that MWL is working on, now Michael has given us the tentative chapter layout of the (sure to be a classic) tome coming from him and Allan.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e0: Introduction\u003c/li\u003e\n\u003cli\u003e1: Boot Environments\u003c/li\u003e\n\u003cli\u003e2: Delegation and Jails\u003c/li\u003e\n\u003cli\u003e3: Sharing\u003c/li\u003e\n\u003cli\u003e4: Replication\u003c/li\u003e\n\u003cli\u003e5: zvols\u003c/li\u003e\n\u003cli\u003e6: Advanced Hardware\u003c/li\u003e\n\u003cli\u003e7: Caches\u003c/li\u003e\n\u003cli\u003e8: Performance\u003c/li\u003e\n\u003cli\u003e9: Tuning\u003c/li\u003e\n\u003cli\u003e10: ZFS Potpourri\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIn addition to the tease about the upcoming book, michael has asked the community for assistance in coming up with the cover art for it as well. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIn particular it should probably be in-line with his previous works, with a parody of some other classic art-work. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eIf you have something, go tweet out to him at @mwlauthor\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://2016.asiabsdcon.org/index.html.en\" rel=\"nofollow\"\u003eOnline registration for AsiaBSDCon 2016 now open \u003cem\u003eSOON\u003c/em\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://bhyvecon.org/\" rel=\"nofollow\"\u003eBhyveCon 2016\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.nycbug.org/index.cgi?action=view\u0026id=10640\" rel=\"nofollow\"\u003eNYC*BUG shell-fu talk slides\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-February/228597.html\" rel=\"nofollow\"\u003ePossible regression in DragonFly i915 graphics on older Core2Duos \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://video.fosdem.org/2016/\" rel=\"nofollow\"\u003eVideos from FOSDEM 2016. BSD dev room was k4601\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2F39XEu9w\" rel=\"nofollow\"\u003e Andrew - SMART Tests\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20kk6lzc9\" rel=\"nofollow\"\u003e JT - Secure File Delete\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21zjZ0ci8\" rel=\"nofollow\"\u003e Jordan - Migrate\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Hqbt0Uq8\" rel=\"nofollow\"\u003e Lars - Pros and Cons of VM\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2HnO1hxSO\" rel=\"nofollow\"\u003e Alex - IPSEC\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we interview Nick Wolff about how FreeBSD is used across the State of Ohio and some of the specific technology used. That, plus the latest news is coming your way right now on BSDNow, the place to","date_published":"2016-02-10T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/562ad286-1548-407d-b0d4-4c26b3d1a69f.mp3","mime_type":"audio/mpeg","size_in_bytes":64978420,"duration_in_seconds":5414}]},{"id":"f7ba1724-995a-465c-8528-7b593b402bfe","title":"127: DNS, Black Holes \u0026 Willem","url":"https://www.bsdnow.tv/127","content_text":"Today on the show, we welcome Allan back from FOSSDEM, and enjoy an interview with Willem about DNS and MTU Black Holes. That plus all the weeks news, keep it turned here to BSD\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD Quarterly Status Report\n\n\nIt is that time of year again, reviewing the progress of the FreeBSD project over the last quarter of 2015\nThere are a huge number of projects that have recently been completed or that are planned to finish in time for FreeBSD 10.3 or 11.0\nThis is just a sample of the of the items that stood out most to us:\nA number of new teams have been created, and existing teams report in. The Issue Triage, bugmeister, jenkins, IPv6 advocacy, and wiki-admin teams are all mentioned in the status report\nProgress is reported on the i915 project to update the Intel graphics drivers\nIn the storage subsystem: RCTL I/O rate limiting, Warner Losh’s CAM I/O Scheduler is progressing, Mellanox iSCSI Extensions for RDMA (iSER) was added, Chelsio iSCSI offload drivers, Mellanox 100 gbit/s drivers\nIn Security: Encrypted crash dumps, OpenBSM updates, and a status report on HardenedBSD\nFor embedded: Support for Ralink/Mediatek MIPS devices, Raspberry Pi Video Code packages, touch screen support for RPI and BBB, new port to the Marvell Armada38x, and the work on arm64 and RISC-V\nkib@ rewrote the out-of-memory handler, specifically to perform better in situations where a system does not have swap. Was tested on systems ranging from 32 MB of memory, to 512 GB\nVarious improvements to the tool chain, build system, and nanobsd\nIt was nice to see a bunch of reports from ports committers\nAn overview of the different proposed init replacements, with a report on each\n***\n\n\nFirst timer’s guide to FOSS conferences \n\n\nThis post provides a lot of good information for those considering going to their first conference\nThe very first item says the most: “Conference talks are great because they teach you new skills or give you ideas. However, what conference talks are really for is giving you additional topics of conversation to chat with your fellow conference goers with. Hanging out after a talk ends to chat with the speaker is a great way to connect with speakers or fellow attendees that are passionate about a particular subject.”\nThe hallway track is the best part of the conference. I’ve ended up missing as much as 2/3rds of a conference, and still found it to be a very valuable conference, sometimes more so than if I attend a talk in every slot\nIt is important to remember that missing a talk is not the end of the world, that discussion in the hallway may be much more valuable. Most of the talks end up on youtube anyway. The point of the conference is being in the same place as the other people at the conference, the talks are just a means to get us all there.\nThere is even a lot of good advice for people with social anxiety, and those like Allan who do not partake in alcohol\nKnow the conference perks and the resources available to you. The author of the post commented on twitter about originally being unaware of the resources that some conferences provide for speakers, but also of discounts for students, and travel grants from Google and others like the FreeBSD Foundation\nThere are also tips about swag, including watching out for booth wranglers (not common at BSD events, but many larger conferences have booths where your personal information can be exchanged for swag), as well as advice for following up with the people you meet at conferences.\nLastly, it provides thoughts on avoiding “Project Passion Explosion“, or what I call “overcharging your BSD battery”, where after hearing about the interesting stuff other people are doing, or about the things other need, you try to do everything at once, and burn yourself out\nI know for myself, there are at least 10 projects I would love to work on, but I need to balance my free time, my work schedule, the FreeBSD release schedule, and which items might be better for someone else to work on.\n***\n\n\nFreeBSD 10.1 based WiFi Captive Portal\n\n\nCaptive portals, the bane of many a traveler’s existence, however a necessary evil in the era of war-driving and other potentially nefarious uses of “free-wifi”. \nThis week we have an article from the folks at “unixmen”, showing (in great detail) how they setup a FreeBSD 10.1 based captive portal, and yes those are manual MySQL commands.\nFirst up is a diagram showing the layout of their new portal system, using multiple APs for different floors of the apartment / hotel?\nThe walkthrough assumes you have Apache/MySQL and PHP already installed, so you’ll need to prep those bits beforehand.\nSome Apache configuration is up next, which re-directs all port 80 requests over to 443/SSL and the captive portal web-login\nAt this point we have to install “pear” from ports or packages and begin to do the database setup which is fairly typical if you done any SQL before, such as create user / database / table, etc.\nWith the database finished, the article provides a nice and clean rc.conf which enables all the necessary services.\nNext up is the firewall configuration, which is using IPFW, specifically DUMMYNET/IPALIAS/IPDIVERT and friends. The article does mention to compile a new minimal kernel with these features, if you plan on doing so they I would recommend starting off with that. \nThe article then continues, with setting up DHCP server, SUDO and the PHP file creation that will act as the interface between the client and mysql/firewall rules. \nWhen it’s all said and done, you end up with a nice web-interface for clients, plus a bonus Admin interface to manage creating and removing users. \nFor convenience at the very end is a link to all the files / configurations used, so grab that and avoid some of the copy-n-paste\n***\n\n\nSailor, a 'wannabe' portable container system {their own words!}\n\n\nIn the world of docker / jails / VMs, containers are all the rage right now, and now we can introduce “Sailor” to this mix\nA unique thing about this new solution, is that its based upon chroot/pkgin, and available on NetBSD / OSX and CentOS\nSince it is not using “jail” or other security mechanism, they to give us this cavet “Note that sailor's goal is not to provide bullet-proof security, chroot is definitely not a trustable isolator; instead, sailor is a really convenient way of trying / testing an environment without compromising your workstation filesystem.”\nCreating a new “ship” is relatively straight-forward, a simple shell define file can supply most of the relevant information. Nginx for example is only a few lines: https://github.com/NetBSDfr/sailor/blob/master/examples/nginx.conf \nIn addition to the basic pkg configuration, it also provides methods to do rw/ro mounts into the chroot, as well as IP aliases and copying of specific host binaries into the container\n***\n\n\nInterview - Willem Toorop - willem@nlnetlabs.nl / @WillemToorop\n\n\nGetDNS\nvBSDCon 2015 Talk\n***\n\n\nNews Roundup\n\nA Quarter Century of Unix\n\n\nAn oldie, but goodie, the book “A Quarter Century of UNIX” is now available for free download via PDF format. \nThis provides an invaluable look into the history of UNIX, which of course we wouldn’t have BSD without. \nThere is also a print version still available via Amazon (link at the above URL also). If you find the book useful, consider buying a copy, since a % still goes to the original author\n***\n\n\nBjoern Zeeb has been awarded grant to finalize VIMAGE fixes \n\n\n“Bjoern Zeeb has been awarded a project grant to finalize and integrate the work done to make the VIMAGE network stack virtualization infrastructure production ready.”\nVIMAGE is the network virtualization kernel component that can be used to give jails their own network interfaces, so they can have their own firewalls, be assign addresses via DHCP, etc.\nCurrently, a number of bugs prevent this feature from being enabled by default, or used in production\nThe main areas of focus for the work are: network stack teardown, interface ordering, locking, and addressing the remaining memory leaks at teardown\nThe work is expected to be completed by the end of March and to be included in FreeBSD 11.0\n***\n\n\nBuilding a smtpd Mail Server on OpenBSD\n\n\nThe OpenSMTPd FAQ has been updated with a new walkthrough of a complete installation\nFollowing this guide, the resulting installation will:\nAccepting mails for multiple domains and virtual users\nAllowing virtual users to authenticate and send mails\nApplying anti-spam and anti-virus filters on mails\nProviding IMAP access for the virtual users\nProviding log statistics\nIt covers setting up the new filter system, configuring TLS, creating the domain and user tables, configuring spamassassin and clamav, and setting up dovecot\nThere is even a crontab to send you weekly stats on what your email server is doing\n***\n\n\nIntroduction to the FreeBSD Open Source Operating System LiveLessons\n\n\nDr. Kirk McKusick has been one of the foremost authorities on FreeBSD for some time now, as co-author of the D\u0026amp;I of FreeBSD (along with George Neville-Neil and Robert Watson) and teaching numerous classes on the same. (Another good reason to come to a *BSD conference)\nAs part of the Addison-Wesley Professional / LiveLessons series, he has made a 10+ hour video lecture you can now purchase to take his class from the comfort of your own home/couch/office/etc\nAspiring FreeBSD developers, kernel developers, Application Developers and other interested individuals should really consider this invaluable resource in their learning.\n\n\nThe video starts with an introduction to the FreeBSD community and explains how it differs from the Linux ecosystem. The video then goes on to provide a firm background in the FreeBSD kernel. The POSIX kernel interfaces are used as examples where they are defined. Where they are not defined, the FreeBSD interfaces are described.\nThe video covers basic kernel services, locking, process structure, scheduling, signal handling, jails, and virtual and physical memory management.\nThe kernel I/O structure is described showing how I/O is multiplexed and the virtual filesystem interface is used to support multiple filesystems.\nDevices are described showing disk management and their auto-configuration.\nThe organization and implementation of the fast filesystem is described concluding with a discussion of how to maintain consistency in the face of hardware or software failures.\nThe video includes an overview of the ZFS filesystem and covers the socket-based network architecture, layering and routing issues.\nThe presentations emphasize code organization, data structure navigation, and algorithms.\n\nNormally the video will set you back $299, but right now you can pick it up for $239 (USD). We can’t recommend this enough, but also don’t forget to try and make it out to BSDCan or MeetBSD, where you can usually talk to Dr. McKusick in person.\n***\n\n\nBeastieBits\n\n\nFaces of FreeBSD: Sean Bruno  \nSupport Michael W. Lucas writing BSD books, and get your name in the credits  \nbhyve windows support merged to stable/10 branch, will be included in FreeBSD 10.3 \nFreeBSD Outsells Windows by almost 2-1 \nA rant about the whois protocol \nKris Moore talks about Jails and system management on BSDTalk \nFOSDEM 2016: Slides from the 5 years of IllumOS talk  \nA tweet from the first day of FOSDEM showed only 1 FreeBSD machine. Many of the FreeBSD developers were at a devsummit offsite that day, and more users arrived for the BSD dev room which was on the Sunday  \n\n\n\n\nFeedback/Questions\n\n\n Antonio - ZFS Book Formatting \n Simon - ZFS Corruption? \n Christian - rm -rOOOPSSS \n Phillipp - ZFS Send/Recv \n***\n","content_html":"\u003cp\u003eToday on the show, we welcome Allan back from FOSSDEM, and enjoy an interview with Willem about DNS and MTU Black Holes. That plus all the weeks news, keep it turned here to BSD\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2015-10-2015-12.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt is that time of year again, reviewing the progress of the FreeBSD project over the last quarter of 2015\u003c/li\u003e\n\u003cli\u003eThere are a huge number of projects that have recently been completed or that are planned to finish in time for FreeBSD 10.3 or 11.0\u003c/li\u003e\n\u003cli\u003eThis is just a sample of the of the items that stood out most to us:\u003c/li\u003e\n\u003cli\u003eA number of new teams have been created, and existing teams report in. The Issue Triage, bugmeister, jenkins, IPv6 advocacy, and wiki-admin teams are all mentioned in the status report\u003c/li\u003e\n\u003cli\u003eProgress is reported on the i915 project to update the Intel graphics drivers\u003c/li\u003e\n\u003cli\u003eIn the storage subsystem: RCTL I/O rate limiting, Warner Losh’s CAM I/O Scheduler is progressing, Mellanox iSCSI Extensions for RDMA (iSER) was added, Chelsio iSCSI offload drivers, Mellanox 100 gbit/s drivers\u003c/li\u003e\n\u003cli\u003eIn Security: Encrypted crash dumps, OpenBSM updates, and a status report on HardenedBSD\u003c/li\u003e\n\u003cli\u003eFor embedded: Support for Ralink/Mediatek MIPS devices, Raspberry Pi Video Code packages, touch screen support for RPI and BBB, new port to the Marvell Armada38x, and the work on arm64 and RISC-V\u003c/li\u003e\n\u003cli\u003ekib@ rewrote the out-of-memory handler, specifically to perform better in situations where a system does not have swap. Was tested on systems ranging from 32 MB of memory, to 512 GB\u003c/li\u003e\n\u003cli\u003eVarious improvements to the tool chain, build system, and nanobsd\u003c/li\u003e\n\u003cli\u003eIt was nice to see a bunch of reports from ports committers\u003c/li\u003e\n\u003cli\u003eAn overview of the different proposed init replacements, with a report on each\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sarah.thesharps.us/2016/02/02/first-timers-guide-to-foss-conferences/\" rel=\"nofollow\"\u003eFirst timer’s guide to FOSS conferences \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis post provides a lot of good information for those considering going to their first conference\u003c/li\u003e\n\u003cli\u003eThe very first item says the most: “Conference talks are great because they teach you new skills or give you ideas. However, what conference talks are really for is giving you additional topics of conversation to chat with your fellow conference goers with. Hanging out after a talk ends to chat with the speaker is a great way to connect with speakers or fellow attendees that are passionate about a particular subject.”\u003c/li\u003e\n\u003cli\u003eThe hallway track is the best part of the conference. I’ve ended up missing as much as 2/3rds of a conference, and still found it to be a very valuable conference, sometimes more so than if I attend a talk in every slot\u003c/li\u003e\n\u003cli\u003eIt is important to remember that missing a talk is not the end of the world, that discussion in the hallway may be much more valuable. Most of the talks end up on youtube anyway. The point of the conference is being in the same place as the other people at the conference, the talks are just a means to get us all there.\u003c/li\u003e\n\u003cli\u003eThere is even a lot of good advice for people with social anxiety, and those like Allan who do not partake in alcohol\u003c/li\u003e\n\u003cli\u003eKnow the conference perks and the resources available to you. The author of the post commented on twitter about originally being unaware of the resources that some conferences provide for speakers, but also of discounts for students, and travel grants from Google and others like the FreeBSD Foundation\u003c/li\u003e\n\u003cli\u003eThere are also tips about swag, including watching out for booth wranglers (not common at BSD events, but many larger conferences have booths where your personal information can be exchanged for swag), as well as advice for following up with the people you meet at conferences.\u003c/li\u003e\n\u003cli\u003eLastly, it provides thoughts on avoiding “Project Passion Explosion“, or what I call “overcharging your BSD battery”, where after hearing about the interesting stuff other people are doing, or about the things other need, you try to do everything at once, and burn yourself out\u003c/li\u003e\n\u003cli\u003eI know for myself, there are at least 10 projects I would love to work on, but I need to balance my free time, my work schedule, the FreeBSD release schedule, and which items might be better for someone else to work on.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.unixmen.com/freebsd-10-1-x64-wifi-captive-portal/\" rel=\"nofollow\"\u003eFreeBSD 10.1 based WiFi Captive Portal\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCaptive portals, the bane of many a traveler’s existence, however a necessary evil in the era of war-driving and other potentially nefarious uses of “free-wifi”. \u003c/li\u003e\n\u003cli\u003eThis week we have an article from the folks at “unixmen”, showing (in great detail) how they setup a FreeBSD 10.1 based captive portal, and yes those are manual MySQL commands.\u003c/li\u003e\n\u003cli\u003eFirst up is a diagram showing the layout of their new portal system, using multiple APs for different floors of the apartment / hotel?\u003c/li\u003e\n\u003cli\u003eThe walkthrough assumes you have Apache/MySQL and PHP already installed, so you’ll need to prep those bits beforehand.\u003c/li\u003e\n\u003cli\u003eSome Apache configuration is up next, which re-directs all port 80 requests over to 443/SSL and the captive portal web-login\u003c/li\u003e\n\u003cli\u003eAt this point we have to install “pear” from ports or packages and begin to do the database setup which is fairly typical if you done any SQL before, such as create user / database / table, etc.\u003c/li\u003e\n\u003cli\u003eWith the database finished, the article provides a nice and clean rc.conf which enables all the necessary services.\u003c/li\u003e\n\u003cli\u003eNext up is the firewall configuration, which is using IPFW, specifically DUMMYNET/IPALIAS/IPDIVERT and friends. The article does mention to compile a new minimal kernel with these features, if you plan on doing so they I would recommend starting off with that. \u003c/li\u003e\n\u003cli\u003eThe article then continues, with setting up DHCP server, SUDO and the PHP file creation that will act as the interface between the client and mysql/firewall rules. \u003c/li\u003e\n\u003cli\u003eWhen it’s all said and done, you end up with a nice web-interface for clients, plus a bonus Admin interface to manage creating and removing users. \u003c/li\u003e\n\u003cli\u003eFor convenience at the very end is a link to all the files / configurations used, so grab that and avoid some of the copy-n-paste\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/NetBSDfr/sailor\" rel=\"nofollow\"\u003eSailor, a \u0026#39;wannabe\u0026#39; portable container system {their own words!}\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the world of docker / jails / VMs, containers are all the rage right now, and now we can introduce “Sailor” to this mix\u003c/li\u003e\n\u003cli\u003eA unique thing about this new solution, is that its based upon chroot/pkgin, and available on NetBSD / OSX and CentOS\u003c/li\u003e\n\u003cli\u003eSince it is not using “jail” or other security mechanism, they to give us this cavet “Note that sailor\u0026#39;s goal is not to provide bullet-proof security, chroot is definitely not a trustable isolator; instead, sailor is a really convenient way of trying / testing an environment without compromising your workstation filesystem.”\u003c/li\u003e\n\u003cli\u003eCreating a new “ship” is relatively straight-forward, a simple shell define file can supply most of the relevant information. Nginx for example is only a few lines: \u003ca href=\"https://github.com/NetBSDfr/sailor/blob/master/examples/nginx.conf\" rel=\"nofollow\"\u003ehttps://github.com/NetBSDfr/sailor/blob/master/examples/nginx.conf\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eIn addition to the basic pkg configuration, it also provides methods to do rw/ro mounts into the chroot, as well as IP aliases and copying of specific host binaries into the container\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Willem Toorop - \u003ca href=\"mailto:willem@nlnetlabs.nl\" rel=\"nofollow\"\u003ewillem@nlnetlabs.nl\u003c/a\u003e / \u003ca href=\"https://twitter.com/WillemToorop\" rel=\"nofollow\"\u003e@WillemToorop\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eGetDNS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=73M7h56Dsas\" rel=\"nofollow\"\u003evBSDCon 2015 Talk\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://wiki.tuhs.org/doku.php?id=publications:quarter_century_of_unix\" rel=\"nofollow\"\u003eA Quarter Century of Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn oldie, but goodie, the book “A Quarter Century of UNIX” is now available for free download via PDF format. \u003c/li\u003e\n\u003cli\u003eThis provides an invaluable look into the history of UNIX, which of course we wouldn’t have BSD without. \u003c/li\u003e\n\u003cli\u003eThere is also a print version still available via Amazon (link at the above URL also). If you find the book useful, consider buying a copy, since a % still goes to the original author\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2016janupdate.pdf\" rel=\"nofollow\"\u003eBjoern Zeeb has been awarded grant to finalize VIMAGE fixes \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Bjoern Zeeb has been awarded a project grant to finalize and integrate the work done to make the VIMAGE network stack virtualization infrastructure production ready.”\u003c/li\u003e\n\u003cli\u003eVIMAGE is the network virtualization kernel component that can be used to give jails their own network interfaces, so they can have their own firewalls, be assign addresses via DHCP, etc.\u003c/li\u003e\n\u003cli\u003eCurrently, a number of bugs prevent this feature from being enabled by default, or used in production\u003c/li\u003e\n\u003cli\u003eThe main areas of focus for the work are: network stack teardown, interface ordering, locking, and addressing the remaining memory leaks at teardown\u003c/li\u003e\n\u003cli\u003eThe work is expected to be completed by the end of March and to be included in FreeBSD 11.0\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/opensmtpd/faq/example1.html\" rel=\"nofollow\"\u003eBuilding a smtpd Mail Server on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenSMTPd FAQ has been updated with a new walkthrough of a complete installation\u003c/li\u003e\n\u003cli\u003eFollowing this guide, the resulting installation will:\u003c/li\u003e\n\u003cli\u003eAccepting mails for multiple domains and virtual users\u003c/li\u003e\n\u003cli\u003eAllowing virtual users to authenticate and send mails\u003c/li\u003e\n\u003cli\u003eApplying anti-spam and anti-virus filters on mails\u003c/li\u003e\n\u003cli\u003eProviding IMAP access for the virtual users\u003c/li\u003e\n\u003cli\u003eProviding log statistics\u003c/li\u003e\n\u003cli\u003eIt covers setting up the new filter system, configuring TLS, creating the domain and user tables, configuring spamassassin and clamav, and setting up dovecot\u003c/li\u003e\n\u003cli\u003eThere is even a crontab to send you weekly stats on what your email server is doing\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.informit.com/store/introduction-to-the-freebsd-open-source-operating-system-9780134305868\" rel=\"nofollow\"\u003eIntroduction to the FreeBSD Open Source Operating System LiveLessons\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDr. Kirk McKusick has been one of the foremost authorities on FreeBSD for some time now, as co-author of the D\u0026amp;I of FreeBSD (along with George Neville-Neil and Robert Watson) and teaching numerous classes on the same. (Another good reason to come to a *BSD conference)\u003c/li\u003e\n\u003cli\u003eAs part of the Addison-Wesley Professional / LiveLessons series, he has made a 10+ hour video lecture you can now purchase to take his class from the comfort of your own home/couch/office/etc\u003c/li\u003e\n\u003cli\u003eAspiring FreeBSD developers, kernel developers, Application Developers and other interested individuals should really consider this invaluable resource in their learning.\n\n\u003cul\u003e\n\u003cli\u003eThe video starts with an introduction to the FreeBSD community and explains how it differs from the Linux ecosystem. The video then goes on to provide a firm background in the FreeBSD kernel. The POSIX kernel interfaces are used as examples where they are defined. Where they are not defined, the FreeBSD interfaces are described.\u003c/li\u003e\n\u003cli\u003eThe video covers basic kernel services, locking, process structure, scheduling, signal handling, jails, and virtual and physical memory management.\u003c/li\u003e\n\u003cli\u003eThe kernel I/O structure is described showing how I/O is multiplexed and the virtual filesystem interface is used to support multiple filesystems.\u003c/li\u003e\n\u003cli\u003eDevices are described showing disk management and their auto-configuration.\u003c/li\u003e\n\u003cli\u003eThe organization and implementation of the fast filesystem is described concluding with a discussion of how to maintain consistency in the face of hardware or software failures.\u003c/li\u003e\n\u003cli\u003eThe video includes an overview of the ZFS filesystem and covers the socket-based network architecture, layering and routing issues.\u003c/li\u003e\n\u003cli\u003eThe presentations emphasize code organization, data structure navigation, and algorithms.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eNormally the video will set you back $299, but right now you can pick it up for $239 (USD). We can’t recommend this enough, but also don’t forget to try and make it out to BSDCan or MeetBSD, where you can usually talk to Dr. McKusick in person.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastieBits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://freebsdfoundation.blogspot.ca/2016/01/faces-of-freebsd-2016-sean-bruno.html\" rel=\"nofollow\"\u003eFaces of FreeBSD: Sean Bruno \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2539\" rel=\"nofollow\"\u003eSupport Michael W. Lucas writing BSD books, and get your name in the credits \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=295124\" rel=\"nofollow\"\u003ebhyve windows support merged to stable/10 branch, will be included in FreeBSD 10.3 \u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://arstechnica.com/gaming/2016/01/ea-lets-slip-lifetime-xbox-one-and-ps4-consoles-sales/\" rel=\"nofollow\"\u003eFreeBSD Outsells Windows by almost 2-1\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://fanf.livejournal.com/140505.html\" rel=\"nofollow\"\u003eA rant about the whois protocol\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2016/01/bsdtalk261-jails-and-system-management.html\" rel=\"nofollow\"\u003eKris Moore talks about Jails and system management on BSDTalk\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://fosdem.org/2016/schedule/event/illumos_overview/attachments/audio/873/export/events/attachments/illumos_overview/audio/873/FOSDEM_2016.pdf\" rel=\"nofollow\"\u003eFOSDEM 2016: Slides from the 5 years of IllumOS talk \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/pvaneynd/status/693813132649697281\" rel=\"nofollow\"\u003eA tweet from the first day of FOSDEM showed only 1 FreeBSD machine. Many of the FreeBSD developers were at a devsummit offsite that day, and more users arrived for the BSD dev room which was on the Sunday \u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/ZWNHgqHQ\" rel=\"nofollow\"\u003e Antonio - ZFS Book Formatting\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/XW97YSQK\" rel=\"nofollow\"\u003e Simon - ZFS Corruption?\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/W7TwWwtE\" rel=\"nofollow\"\u003e Christian - rm -r\u003csup\u003e\u003csup\u003e\u003csup\u003eOOOPSSS\u003c/sup\u003e\u003c/sup\u003e\u003c/sup\u003e\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/zA2ewPuF\" rel=\"nofollow\"\u003e Phillipp - ZFS Send/Recv\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Today on the show, we welcome Allan back from FOSSDEM, and enjoy an interview with Willem about DNS and MTU Black Holes. That plus all the weeks news, keep it turned here to BSD","date_published":"2016-02-03T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f7ba1724-995a-465c-8528-7b593b402bfe.mp3","mime_type":"audio/mpeg","size_in_bytes":93318196,"duration_in_seconds":7776}]},{"id":"38a81f5a-d2f7-40c2-a625-0c36792766d7","title":"126: Illuminating the future on PC-BSD","url":"https://www.bsdnow.tv/126","content_text":"This week on BSDNow, we are going to be talking to Ken Moore about the Lumina desktop environment, where it stands now \u0026amp; looking ahead. Then Allan turns the tables \u0026amp; interviews both Kris \u0026amp; Ken about new ongoings in PC-BSD land. Stay tuned, lots of exciting show is coming your way right now on BSDNow, the place to B...SD!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nLinuxvoice reviews six NAS designed OSes and states that FreeNAS has the largest amount of features\n\n\nThe review compares the features of: FreeNAS, NAS4Free, Open Media Vault, Openfiler Community Edition, EasyNAS, and Turnkey Linux File Server\n“Many NAS solutions can do a lot more than just back up and restore files – you can extend them with plugins to do a variety of tasks. Some enable you to stream media to computers and others devices. Others can hook up with apps and services and allow them to use the NAS for storing and retrieving data”\nOpen Media Vault: 4/5, “A feature-rich NAS distro that’s easy to deploy and manage”. Many plugins, good UI\nTurnkey Linux File Server: 2/5, “A no-fuss distro that’ll set up a fully functional file sharing server in no time”. No RAID, LVM must be down manually\nOpenfiler Community Edition: 1/5, “There is a target segment for Openfiler, but we can’t spot it”. In the middle of rebasing on CentOS, lacking documentation, confusing UI\nEasyNAS: 3/5, “A simple NAS distro that balances the availability of features with reasonable assumptions”. Major updates require reinstall, lacks advanced features and advanced protocols\nFreeNAS: 3/5, “FreeNAS The most feature-rich NAS distribution requires some getting used to”. Best documentation, best snapshot management, most plugins, jailed plugins, most enterprise features\nNAS4Free: 3/5, “NAS4Free An advanced NAS distro that’s designed for advanced users”, additional flexibility with disk layout (partition the first disk to install the OS there, use remaining space for data storage)\n“If we had to award this group test to the distro with the biggest number of features then the top two challengers would have been FreeNAS and its protegée NAS4Free. While both of these solutions pitch themselves to users outside the corporate environment, they’d simply be overkill for most home users. Furthermore, their FreeBSD base and the ZFS filesystem, while a boon to enterprise users, virtually makes them alien technology to the average Linux household.”\nIt is not clear why they gave NAS4Free and FreeNAS the same score when they wrote a list of reasons why FreeNAS was better.\nIt seems the goal of their rundown was to find the best Linux NAS, not the best NAS.\n***\n\n\nFreeBSD based Snort IPS\n\n\nUnixMen.com provides a new tutorial on setting up Snort, the IPS (Intrusion Prevention system) on FreeBSD\nInstall Apache, PHP, and MySQL, then Snort\nDownload the latest Snort rules from the official website\nDisable the Packet Filter on the USB interfaces to avoid issues with Snort\nInstall oinkmaster and barnyard2, and configure them\nThen install the Snorby WEB interface, which will give you a nice overview of the data generated by the IPS\nThen install SnortSAM, and connect it to ipfw\nNow when Snort detects a potential intrusion, it will be displayed in Snorby, and automatically blocked with IPFW\n***\n\n\nOpensource.com features two BSD developers as examples of how open source can help your career\n\n\n“When contributing to open source projects and communities, one of the many benefits is that you can improve your tech skills. In this article, hear from three contributors on how their open source helped them get a job or improved their career.”\nAlexander Yurchenko, an OpenBSD developer who now works at Yandex says: “Participating in such a project yields colossal experience. A good, large open source project has everything that is typically required from a developer at job interviews: good planning, good coding, use of versioning systems and bug trackers, peer reviews, teamwork, and such. So, after stewing in such an environment for a year or two, you have a good opportunity to grow to a senior developer level.”\n“That is, in fact, what happened to me. I was hired as a senior developer without having any formal work experience on my service record. After the first week, my probation period was reduced from three months to zero.”\nWhile you may not have “formal work experience”, you do have a body of work, a (code/documentation/etc) portfolio, you can point to\nHaving spent a year working somewhere may say something about you, but showing some code you wrote that other people use every day, is usually more valuable\nAlexander Polyakov, a DragonFly contributor, worked on updating support for other languages and on ACPI.\n“I even made some money in the process—a customer found me via git log. He wanted to use DragonFlyBSD in production and needed better ACPI support and some RAID driver or something.”\n“In a nutshell, contributing to various open source projects is how you gain great experience. Don't be afraid to send in bad code (happens to the best of us), keep calm (while being scolded for sending in that bad code), and choose projects you are really interested in. Then you'll both gain experience and have fun while you doing it.”\nKirill Gorkunov talks about his experience with turning open source into a career: “For a few years, I've been fixing the code, sending patches, getting scolded for bad code and complimented for good code. That experience was priceless. And you can be sure that as soon as you get good at it, job offers will follow. This is, in fact, how I met the kernel developers working on OpenVZ. Together, we decided to continue working on the OpenVZ kernel and related stuff as well”\nWhen you contribute to open source, you end up being the person who wrote “Foo”, and this can often turn into work, when someone wants to build something with “Foo”, or like “Foo”\nThis same point was focus of a panel the FreeBSD Foundation organized at the womENcourage conference in Sweden last year: Open Source as a Career Path\n\n***\n\n\nFreeBSD, LibreSSL and LetsEncrypt oh my!\n\n\nOver on the FreeBSD Wiki, Bernard Spil (whom we’ve interviewed before) has started a walkthrough talking about how he uses LibreSSL and LetsEncrypt, without using the heavy python client\nThe article provides detailed instructions on prepping the system and automating the process of updating the SSL certificates\nIf you’ve used the “official” letsencrypt client in the past, you’ll note some differences in his method, which keeps all the ‘acme-challenge’ files in a single-directory, which is aliased into domains. \nUsing this method also drops the requirement to run the letsencrypt auth as root, and allows you to run it as the unprivileged “letsencrypt” user instead. \nHe mentions that the bash/zsh scripts used may be added to ports at some point as well\n***\n\n\nInterview - Ken Moore \u0026amp; Kris Moore - ken@pcbsd.org / @pcbsdkris\n\n\nPC-BSD’s new SysAdm Project and Lumina Update\n***\n\n\nNews Roundup\n\nDragonFly Intel i915 support to match what’s in the Linux 4.1 kernel\n\n\nIn DragonFly’s ongoing quest for DRM awesomeness, they have now merged changes to bring them up to Linux 4.1 kernel features. \nSome of the notables include that “Valleyview” support is greatly improved, and not considered preliminary anymore\nSkylake got some support improvements as well, including runtime power management, and that turbo and sleep states should be functional. \nSome great improvements to power usage have been added, such as setting GPU frequencies to hardware minimum and enabling of DRRS (Dynamic Refresh Rate Switching) being enabled by default\nThey’ve even begun importing some of the prelim work for Broxton, the upcoming Atom SOC\n***\n\n\nFreeNAS Home Server Build\n\n\nWe have a nice article to share with you this week by John Ramsden, which walks us through his home-brew FreeNAS server setup.\nAs is typical with most home users, he will be using the system to both serve media, and as a backup target for other systems.\nHis hardware setup is pretty impressive for a home-brew, made up of the following:\n\n\nFractal Design Node 804 Chassis\nSupermicro X10SL7-F Motherboard\nXeon E3-1231 v3 CPU\n4x Samsung DDR3 1.35v-1600 M391B1G73QH0 RAM\n2x 32GB SATA III SMC DOM Boot Drive\nSeaSonic G-550 Power Supply\nCyberpower CP1500PFCLCD 1500VA 900W PFC UPS\n6x Western Digital 6TB Red HDD\n2 x ENERMAX T.B. Silence UCTB12P Case Fan\n3x Noctua NF-P14s redux-1200 Case Fan\n\nThe SATA DOM was neat to see in use, in his case in a mirror\nHe then walks us through his burn-in process, which involved memory testing for 46 hours, and then disk testing with the smartctl long tests. \nThere is even details on how the fan thresholds were set up, which may be of use to other DiY’ers out there. \nThe SATA DOM was neat to see in use, in his case in a mirror\nHe then walks us through his burn-in process, which involved memory testing for 46 hours, and then disk testing with the smartctl long tests. \nThere is even details on how the fan thresholds were set up, which may be of use to other DiY’ers out there. \n\n\n\n\nclaviger manages your SSH authorized_keys files for you\n\n\nAn application to manage your SSH authorized_keys files for you\nMake a list of your keys (laptop, desktop, work)\nThen a list of your ssh accounts\nList which keys should be present, and which should be absent\nOptional setting to keep all “other” keys, such as those added by other users\nOptional list of specific “other” keys to allow (does not add them, but does not remove them if they are present)\nYou say say ‘server2 like server1’, and it will inherit all of the settings from that server\nThere is a “default” server, that all others inherit\n***\n\n\nFreeBSD 9.2 x64 OpenVPN AD authentication with crypt\n\n\nA few days back unixmen.com posted a nice tutorial walkthrough of a OpenVPN setup on FreeBSD 9.2 using Active Directory for auth\nIn this particular setup, FreeBSD is running the gateway / OpenVPN server, the client desktops are running Windows 7 and domain controller on Windows 2008\nThe setup on FreeBSD pretty straightforward, thanks to the openvpn-auth-ldap port. (Unknown why they didn’t use the package)\nIn addition to showing the details on how configuration was done on BSD, what makes this walkthrough nice is the addition of so many screenshots of how the windows configuration was done. \nPart of the walkthrough will also detail how they created their .ovpn files for importing on the OpenVPN clients. \n***\n\n\nBeastie Bits\n\ndtrace included by default in NetBSD \n\nFOSDEM16 is approaching, get ready to follow the BSD devroom \n\nCall for testing: Concurrent: malloc(3) calls (to speed up Firefox)\n\n\"With the PV drivers in -CURRENT, it is now possible to run OpenBSD within AWS.\" \n\nPC-BSD Handbook in Spanish \n\n\n\nFeedback/Questions\n\n\n Clint - ZIL on Partition \n Federico - LibreSSL and DMA \n Ghislain - FreeBSD vs Linux vs Illumos \n Cary - ZFS - Caching - Replication \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we are going to be talking to Ken Moore about the Lumina desktop environment, where it stands now \u0026amp; looking ahead. Then Allan turns the tables \u0026amp; interviews both Kris \u0026amp; Ken about new ongoings in PC-BSD land. Stay tuned, lots of exciting show is coming your way right now on BSDNow, the place to B...SD!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.linuxvoice.com/group-test-nas-distros/\" rel=\"nofollow\"\u003eLinuxvoice reviews six NAS designed OSes and states that FreeNAS has the largest amount of features\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe review compares the features of: FreeNAS, NAS4Free, Open Media Vault, Openfiler Community Edition, EasyNAS, and Turnkey Linux File Server\u003c/li\u003e\n\u003cli\u003e“Many NAS solutions can do a lot more than just back up and restore files – you can extend them with plugins to do a variety of tasks. Some enable you to stream media to computers and others devices. Others can hook up with apps and services and allow them to use the NAS for storing and retrieving data”\u003c/li\u003e\n\u003cli\u003eOpen Media Vault: 4/5, “A feature-rich NAS distro that’s easy to deploy and manage”. Many plugins, good UI\u003c/li\u003e\n\u003cli\u003eTurnkey Linux File Server: 2/5, “A no-fuss distro that’ll set up a fully functional file sharing server in no time”. No RAID, LVM must be down manually\u003c/li\u003e\n\u003cli\u003eOpenfiler Community Edition: 1/5, “There is a target segment for Openfiler, but we can’t spot it”. In the middle of rebasing on CentOS, lacking documentation, confusing UI\u003c/li\u003e\n\u003cli\u003eEasyNAS: 3/5, “A simple NAS distro that balances the availability of features with reasonable assumptions”. Major updates require reinstall, lacks advanced features and advanced protocols\u003c/li\u003e\n\u003cli\u003eFreeNAS: 3/5, “FreeNAS The most feature-rich NAS distribution requires some getting used to”. Best documentation, best snapshot management, most plugins, jailed plugins, most enterprise features\u003c/li\u003e\n\u003cli\u003eNAS4Free: 3/5, “NAS4Free An advanced NAS distro that’s designed for advanced users”, additional flexibility with disk layout (partition the first disk to install the OS there, use remaining space for data storage)\u003c/li\u003e\n\u003cli\u003e“If we had to award this group test to the distro with the biggest number of features then the top two challengers would have been FreeNAS and its protegée NAS4Free. While both of these solutions pitch themselves to users outside the corporate environment, they’d simply be overkill for most home users. Furthermore, their FreeBSD base and the ZFS filesystem, while a boon to enterprise users, virtually makes them alien technology to the average Linux household.”\u003c/li\u003e\n\u003cli\u003eIt is not clear why they gave NAS4Free and FreeNAS the same score when they wrote a list of reasons why FreeNAS was better.\u003c/li\u003e\n\u003cli\u003eIt seems the goal of their rundown was to find the best Linux NAS, not the best NAS.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.unixmen.com/freebsd-snort-ips/\" rel=\"nofollow\"\u003eFreeBSD based Snort IPS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUnixMen.com provides a new tutorial on setting up Snort, the IPS (Intrusion Prevention system) on FreeBSD\u003c/li\u003e\n\u003cli\u003eInstall Apache, PHP, and MySQL, then Snort\u003c/li\u003e\n\u003cli\u003eDownload the latest Snort rules from the official website\u003c/li\u003e\n\u003cli\u003eDisable the Packet Filter on the USB interfaces to avoid issues with Snort\u003c/li\u003e\n\u003cli\u003eInstall oinkmaster and barnyard2, and configure them\u003c/li\u003e\n\u003cli\u003eThen install the Snorby WEB interface, which will give you a nice overview of the data generated by the IPS\u003c/li\u003e\n\u003cli\u003eThen install SnortSAM, and connect it to ipfw\u003c/li\u003e\n\u003cli\u003eNow when Snort detects a potential intrusion, it will be displayed in Snorby, and automatically blocked with IPFW\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opensource.com/life/16/1/3-new-open-source-contributors-share-their-experiences\" rel=\"nofollow\"\u003eOpensource.com features two BSD developers as examples of how open source can help your career\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“When contributing to open source projects and communities, one of the many benefits is that you can improve your tech skills. In this article, hear from three contributors on how their open source helped them get a job or improved their career.”\u003c/li\u003e\n\u003cli\u003eAlexander Yurchenko, an OpenBSD developer who now works at Yandex says: “Participating in such a project yields colossal experience. A good, large open source project has everything that is typically required from a developer at job interviews: good planning, good coding, use of versioning systems and bug trackers, peer reviews, teamwork, and such. So, after stewing in such an environment for a year or two, you have a good opportunity to grow to a senior developer level.”\u003c/li\u003e\n\u003cli\u003e“That is, in fact, what happened to me. I was hired as a senior developer without having any formal work experience on my service record. After the first week, my probation period was reduced from three months to zero.”\u003c/li\u003e\n\u003cli\u003eWhile you may not have “formal work experience”, you do have a body of work, a (code/documentation/etc) portfolio, you can point to\u003c/li\u003e\n\u003cli\u003eHaving spent a year working somewhere may say something about you, but showing some code you wrote that other people use every day, is usually more valuable\u003c/li\u003e\n\u003cli\u003eAlexander Polyakov, a DragonFly contributor, worked on updating support for other languages and on ACPI.\u003c/li\u003e\n\u003cli\u003e“I even made some money in the process—a customer found me via git log. He wanted to use DragonFlyBSD in production and needed better ACPI support and some RAID driver or something.”\u003c/li\u003e\n\u003cli\u003e“In a nutshell, contributing to various open source projects is how you gain great experience. Don\u0026#39;t be afraid to send in bad code (happens to the best of us), keep calm (while being scolded for sending in that bad code), and choose projects you are really interested in. Then you\u0026#39;ll both gain experience and have fun while you doing it.”\u003c/li\u003e\n\u003cli\u003eKirill Gorkunov talks about his experience with turning open source into a career: “For a few years, I\u0026#39;ve been fixing the code, sending patches, getting scolded for bad code and complimented for good code. That experience was priceless. And you can be sure that as soon as you get good at it, job offers will follow. This is, in fact, how I met the kernel developers working on OpenVZ. Together, we decided to continue working on the OpenVZ kernel and related stuff as well”\u003c/li\u003e\n\u003cli\u003eWhen you contribute to open source, you end up being the person who wrote “Foo”, and this can often turn into work, when someone wants to build something with “Foo”, or like “Foo”\u003c/li\u003e\n\u003cli\u003eThis same point was focus of a panel the FreeBSD Foundation organized at the womENcourage conference in Sweden last year: \u003ca href=\"https://www.youtube.com/watch?v=p7PW1E3IJvY\" rel=\"nofollow\"\u003eOpen Source as a Career Path\n\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/BernardSpil/LetsEncrypt\" rel=\"nofollow\"\u003eFreeBSD, LibreSSL and LetsEncrypt oh my!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver on the FreeBSD Wiki, Bernard Spil (whom we’ve interviewed before) has started a walkthrough talking about how he uses LibreSSL and LetsEncrypt, without using the heavy python client\u003c/li\u003e\n\u003cli\u003eThe article provides detailed instructions on prepping the system and automating the process of updating the SSL certificates\u003c/li\u003e\n\u003cli\u003eIf you’ve used the “official” letsencrypt client in the past, you’ll note some differences in his method, which keeps all the ‘acme-challenge’ files in a single-directory, which is aliased into domains. \u003c/li\u003e\n\u003cli\u003eUsing this method also drops the requirement to run the letsencrypt auth as root, and allows you to run it as the unprivileged “letsencrypt” user instead. \u003c/li\u003e\n\u003cli\u003eHe mentions that the bash/zsh scripts used may be added to ports at some point as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ken Moore \u0026amp; Kris Moore - \u003ca href=\"mailto:ken@pcbsd.org\" rel=\"nofollow\"\u003eken@pcbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/pcbsdkris\" rel=\"nofollow\"\u003e@pcbsdkris\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003ePC-BSD’s new SysAdm Project and Lumina Update\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2016-January/459241.html\" rel=\"nofollow\"\u003eDragonFly Intel i915 support to match what’s in the Linux 4.1 kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn DragonFly’s ongoing quest for DRM awesomeness, they have now merged changes to bring them up to Linux 4.1 kernel features. \u003c/li\u003e\n\u003cli\u003eSome of the notables include that “Valleyview” support is greatly improved, and not considered preliminary anymore\u003c/li\u003e\n\u003cli\u003eSkylake got some support improvements as well, including runtime power management, and that turbo and sleep states should be functional. \u003c/li\u003e\n\u003cli\u003eSome great improvements to power usage have been added, such as setting GPU frequencies to hardware minimum and enabling of DRRS (Dynamic Refresh Rate Switching) being enabled by default\u003c/li\u003e\n\u003cli\u003eThey’ve even begun importing some of the prelim work for Broxton, the upcoming Atom SOC\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ramsdenj.github.io/server/2016/01/01/FreeNAS-Server-Build.html\" rel=\"nofollow\"\u003eFreeNAS Home Server Build\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a nice article to share with you this week by John Ramsden, which walks us through his home-brew FreeNAS server setup.\u003c/li\u003e\n\u003cli\u003eAs is typical with most home users, he will be using the system to both serve media, and as a backup target for other systems.\u003c/li\u003e\n\u003cli\u003eHis hardware setup is pretty impressive for a home-brew, made up of the following:\n\n\u003cul\u003e\n\u003cli\u003eFractal Design Node 804 Chassis\u003c/li\u003e\n\u003cli\u003eSupermicro X10SL7-F Motherboard\u003c/li\u003e\n\u003cli\u003eXeon E3-1231 v3 CPU\u003c/li\u003e\n\u003cli\u003e4x Samsung DDR3 1.35v-1600 M391B1G73QH0 RAM\u003c/li\u003e\n\u003cli\u003e2x 32GB SATA III SMC DOM Boot Drive\u003c/li\u003e\n\u003cli\u003eSeaSonic G-550 Power Supply\u003c/li\u003e\n\u003cli\u003eCyberpower CP1500PFCLCD 1500VA 900W PFC UPS\u003c/li\u003e\n\u003cli\u003e6x Western Digital 6TB Red HDD\u003c/li\u003e\n\u003cli\u003e2 x ENERMAX T.B. Silence UCTB12P Case Fan\u003c/li\u003e\n\u003cli\u003e3x Noctua NF-P14s redux-1200 Case Fan\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe SATA DOM was neat to see in use, in his case in a mirror\u003c/li\u003e\n\u003cli\u003eHe then walks us through his burn-in process, which involved memory testing for 46 hours, and then disk testing with the smartctl long tests. \u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThere is even details on how the fan thresholds were set up, which may be of use to other DiY’ers out there. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThe SATA DOM was neat to see in use, in his case in a mirror\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eHe then walks us through his burn-in process, which involved memory testing for 46 hours, and then disk testing with the smartctl long tests. \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eThere is even details on how the fan thresholds were set up, which may be of use to other DiY’ers out there. \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/bwesterb/claviger\" rel=\"nofollow\"\u003eclaviger manages your SSH authorized_keys files for you\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn application to manage your SSH authorized_keys files for you\u003c/li\u003e\n\u003cli\u003eMake a list of your keys (laptop, desktop, work)\u003c/li\u003e\n\u003cli\u003eThen a list of your ssh accounts\u003c/li\u003e\n\u003cli\u003eList which keys should be present, and which should be absent\u003c/li\u003e\n\u003cli\u003eOptional setting to keep all “other” keys, such as those added by other users\u003c/li\u003e\n\u003cli\u003eOptional list of specific “other” keys to allow (does not add them, but does not remove them if they are present)\u003c/li\u003e\n\u003cli\u003eYou say say ‘server2 like server1’, and it will inherit all of the settings from that server\u003c/li\u003e\n\u003cli\u003eThere is a “default” server, that all others inherit\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.unixmen.com/openvpn-ad-authentication-with-crypt/\" rel=\"nofollow\"\u003eFreeBSD 9.2 x64 OpenVPN AD authentication with crypt\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA few days back unixmen.com posted a nice tutorial walkthrough of a OpenVPN setup on FreeBSD 9.2 using Active Directory for auth\u003c/li\u003e\n\u003cli\u003eIn this particular setup, FreeBSD is running the gateway / OpenVPN server, the client desktops are running Windows 7 and domain controller on Windows 2008\u003c/li\u003e\n\u003cli\u003eThe setup on FreeBSD pretty straightforward, thanks to the openvpn-auth-ldap port. (Unknown why they didn’t use the package)\u003c/li\u003e\n\u003cli\u003eIn addition to showing the details on how configuration was done on BSD, what makes this walkthrough nice is the addition of so many screenshots of how the windows configuration was done. \u003c/li\u003e\n\u003cli\u003ePart of the walkthrough will also detail how they created their .ovpn files for importing on the OpenVPN clients. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.own.mk.diff?r1=1.883\u0026r2=1.884\u0026only_with_tag=MAIN\u0026f=h\" rel=\"nofollow\"\u003edtrace included by default in NetBSD\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://fosdem.org/2016/schedule/track/bsd/\" rel=\"nofollow\"\u003eFOSDEM16 is approaching, get ready to follow the BSD devroom\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160123165549\" rel=\"nofollow\"\u003eCall for testing: Concurrent: malloc(3) calls (to speed up Firefox)\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://daemonforums.org/showthread.php?p=57767\" rel=\"nofollow\"\u003e\u0026quot;With the PV drivers in -CURRENT, it is now possible to run OpenBSD within AWS.\u0026quot;\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.pcbsd.org/doc-archive/10.2/html-es/pcbsd.html\" rel=\"nofollow\"\u003ePC-BSD Handbook in Spanish\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/WLpHzz3F\" rel=\"nofollow\"\u003e Clint - ZIL on Partition\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/1QFZU2Bz\" rel=\"nofollow\"\u003e Federico - LibreSSL and DMA\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/aesVaKG4\" rel=\"nofollow\"\u003e Ghislain - FreeBSD vs Linux vs Illumos\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/x4DRHP0i\" rel=\"nofollow\"\u003e Cary - ZFS - Caching - Replication\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we are going to be talking to Ken Moore about the Lumina desktop environment, where it stands now \u0026 looking ahead. Then Allan turns the tables \u0026 interviews both Kris \u0026 Ken about new ongoings in PC-BSD land. Stay tuned, lots of exciting show is coming your way right now on BSDNow, the place to B...SD!","date_published":"2016-01-27T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/38a81f5a-d2f7-40c2-a625-0c36792766d7.mp3","mime_type":"audio/mpeg","size_in_bytes":78139732,"duration_in_seconds":6511}]},{"id":"089fc2b7-be76-41de-bbf3-016592d78ef5","title":"125: DevSummits, Core and the Baldwin","url":"https://www.bsdnow.tv/125","content_text":"This week on the show, we will be talking to FreeBSD developer and former core-team member John Baldwin about a variety of topics, including running a DevSummit, everything you needed or wanted to know. Coming up right now on BSDNow, the place to B...SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD server retired after almost 19 years\n\n\nWe’ve heard stories about this kind of thing before, that box that often sits under-appreciated, but refuses to die. Well the UK register has picked up on a story of a FreeBSD server finally being retired after almost 19 years of dedicated service.\n\n\n“In its day, it was a reasonable machine - 200MHz Pentium, 32MB RAM, 4GB SCSI-2 drive,” Ross writes. “And up until recently, it was doing its job fine.” Of late, however the “hard drive finally started throwing errors, it was time to retire it before it gave up the ghost!” The drive's a Seagate, for those of you looking to avoid drives that can't deliver more than 19 years of error-free operations.\n\n\nThis system in particular had been running FreeBSD 2.2.1 over the years. Why not upgrade you ask? Ross has an answer for that:\n\n\n“It was heavily firewalled and only very specific services were visible to anyone, and most only visible to our directly connected customers,” Ross told Vulture South. “By the time it was probably due for a review, things had moved so far that all the original code was so tightly bound to the operating system itself, that later versions of the OS would have (and ultimately, did) require substantial rework. While it was running and not showing any signs of stress, it was simply expedient to leave sleeping dogs lie.”\n\n\nAll in all, an amazing story of the longevity of a system and its operating system. Do you have a server with a similar or even greater uptime? Let us know so we can try and top this story.\n***\n\n\nRoundup of all the BSDs\n\n\nThe magazine LinuxVoice recently did a group test of a variety of “BSD Distros”.\nIncluded in their review were Free/Open/Net/Dragon/Ghost/PC\nIt starts with a pretty good overview of BSD in general, its starts and the various projects / forks that spawned from it, such as FreeNAS / Junos / Playstation / PFSense / etc\nThe review starts with a look at OpenBSD, and the consensus reached is that it is good, but does require a bit more manual work to run as a desktop. (Most of the review focuses on desktop usage). It ends up with a solid ⅘ stars though. \nNext it moves into GhostBSD, discusses it being a “Live” distro, which can optionally be installed to disk. It loses a few points for lacking a graphical package management utility, and some bugs during the installation, but still earns a respectable ⅗ stars.\nDragonfly gets the next spin and gets praise for its very-up to date video driver support and availability of the HAMMER filesystem. It also lands at ⅗ stars, partly due to the reviewer having to use the command-line for management. (Notice a trend here?)\nNetBSD is up next, and gets special mention for being one of the only “distros” that doesn’t do frequent releases. However that doesn’t mean you can’t have updated packages, since the review mentions pkgsrc and pkg as both available to customize your desktop. The reviewer was slightly haunted by having to edit files in /etc by hand to do wireless, but still gives NetBSD a ⅗ overall. \nLast up are FreeBSD and PC-BSD, which get a different sort of head-to-head review. FreeBSD goes first, with mention that the text-install is fairly straight-forward and most configuration will require being done by hand. However the reviewer must be getting use to the command-line at this point, because he mentions:\n\n\n“This might sound cumbersome, but is actually pretty straightforward and at the end produces a finely tuned aerodynamic system that does exactly what you want it to do and nothing else.”\n\n\nHe does mention that FreeBSD is the ultimate DIY system, even to the point of not having the package management tools provided out of box. \nPC-BSD ultimately gets a lot of love in this review, again with it being focused on desktop usage this follows. Particularly popular are all the various tools written to make PC-BSD easier to use, such as Life-Preserver, Warden, the graphical installer and more. (slight mistake though, Life-Preserver does not use rsync to backup to FreeNAS, it does ZFS replication)\nIn the end he rates FreeBSD ⅘ and PC-BSD a whopping 5/5 for this roundup. \nWhile reviews may be subjective to the particular use-case being evaluated for, it is still nice to see BSD getting some press and more interest from the Linux community in general. \n***\n\n\nOpenBSD Laptops\n\n\nOur buddy Ted Unangst has posted a nice “planning ahead” guide for those thinking of new laptops for 2016 and the upcoming OpenBSD 5.9\nHe starts by giving us a status update on several of the key driver components that will be in 5.9 release“5.9 will be the first release to support the graphics on Broadwell CPUs. This is anything that looks like i5-5xxx. There are a few minor quirks, but generally it works well. There’s no support for the new Skylake models, however. They’ll probably work with the VESA driver but minus suspend/resume/acceleration (just as 5.8 did with Broadwell).”\nHe then goes on to mention that the IWM driver works well with most of the revisions (7260, 7265, and 3160) that ship with broadwell based laptops, however the newer skylake series ships with the 8260, which is NOT yet supported.\nHe then goes on to list some of the more common makes and models to look for, starting with the broadwell based X1 carbons which work really well (Kris gives +++), but make sure its not the newer skylake model just yet.\nThe macbook gets a mention, but probably should be avoided due to broadcom wifi\nThe Dell XPS he mentions as a good choice for a powerful (portable) desktops\n***\n\n\nSignificant changes from NetBSD 7.0 to 8.0\n\n\nUpdated to GCC 4.8.5\nImported dhcpcd and replaced rtsol and rtsold\ngpt(8) utility gained the ability to resize partitions and disks, as well as change the type of a partition\nOpenSSH 7.1 and OpenSSL 1.0.1q\nFTP client got support for SNI for https\nImported dtrace from FreeBSD\nAdd syscall support\nAdd lockstat support\n***\n\n\nInterview - John Baldwin - jhb@freebsd.org / @BSDHokie\n\nFreeBSD Kernel Debugging\n\n\n\nNews Roundup\n\nDragonfly Mail Agent spreads to FreeBSD and NetBSD\n\n\nDMA, the Dragonfly Mail Agent is now available not only in Dragonfly’s dports, but also FreeBSD ports, and NetBSD pkgsrc\n“dma is a small Mail Transport Agent (MTA), designed for home and office use.  It accepts mails from locally installed Mail User Agents (MUA) and delivers the mails either locally or to a remote destination.  Remote delivery includes several features like TLS/SSL support and SMTP authentication. dma is not intended as a replacement for real, big MTAs like sendmail(8) or postfix(1).  Consequently, dma does not listen on port 25 for incoming connections.”\nThere was a project looking at importing DMA into the FreeBSD base system to replace sendmail, I wonder of the port signals that some of the blockers have been fixed\n***\n\n\nZFS UEFI Support has landed!\n\n\nOriginally started by Eric McCorkle\nPicked up by Steven Hartland\nIncluding modularizing the existing UFS boot code, and adding ZFS boot code\nGeneral improvements to the EFI loader including using more of libstand instead of containing its own implementations of many common functions\nThanks to work by Toomas Soome, there is now a Beastie Menu as part of the EFI loader, similar to the regular loader\nAs soon as this was committed, I added a few lines to it to connect the ZFS BE Menu to it, thanks to all of the above, without whom my work wouldn’t be usable\nIt should be relatively easy to hook my GELI boot stuff in as a module, and possibly just stack the UFS and ZFS modules on top of it\nI might try to redesign the non-EFI boot code to use a similar design instead of what I have now\n***\n\n\nHow three BSD OSes compare to ten Linux Distros\n\n\nAfter benchmarking 10 of the latest Linux distros, Phoronix took to benchmarking 3 of the big BSDs\nDragonFlyBSD 4.4.1 - The latest DragonFly release with GCC 5.2.1 and the HAMMER file-system.\nOpenBSD 5.8 - OpenBSD 5.8 with GCC 4.2.1 as the default compiler and FFS file-system.\nPC-BSD 10.2 - Derived off FreeBSD 10.2, the defaults were the Clang 3.4.1 compiler and ZFS file-system.\nIn the SQLite test, PCBSD+ZFS won out over all of the Linux distros, including those that were also using ZFS\nIn the first compile benchmark, PCBSD came second only to Intel’s Linux distro, Clear Linux. OpenBSD can last, although it is not clear if the benchmark was just comparing the system compiler, which would be unfair to OpenBSD\nIn Disk transaction performance, against ZFS won the day, with PCBSD edging out the Linux distros. OpenBSD’s older ffs was hurt by the lack of soft updates, and DragonFly’s Hammer did not perform well. Although in an fsync() heavy test, safety is more important that speed\nAs with all benchmarks, these obviously need to be taken with a grain of salt\nIn some of them you can clearly see that the ‘winner’ has a much higher standard error, suggesting that the numbers are quite variable\n***\n\n\nOPNSense 15.7.24 Released\n\n\nWe are just barely into the new year and OPNSense has dropped a new release on us to play with. \nThis new version, 15.7.24 brings a bunch of notable changes, which includes improvements to the firewall UI and a plugin management section of the firmware page. Additionally better signature verification using PKG’s internal verification mechanisms was added for kernel and world updates.\nThe announcement contains the full rundown of changes, including the suricata, openvpn and ntp got package bumps as well. \n***\n\n\nBeastie Bits\n\nA FreeBSD 10 Desktop How-to (A bit old, but still one of the most complete walkthroughs of a desktop FreeBSD setup from scratch)\n\nBSD and Scale 14\n\nXen support enabled in OpenBSD -current\n\n\n\nFeedback/Questions\n\n\n Matt - Zil Sizes \n Drin - IPSEC \n John - ZFS + UEFI \n Jake - ZFS Cluster SAN \n Phillip - Media Server \n***\n","content_html":"\u003cp\u003eThis week on the show, we will be talking to FreeBSD developer and former core-team member John Baldwin about a variety of topics, including running a DevSummit, everything you needed or wanted to know. Coming up right now on BSDNow, the place to B...SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.theregister.co.uk/2016/01/14/server_retired_after_18_years_and_ten_months_beat_that_readers/\" rel=\"nofollow\"\u003eFreeBSD server retired after almost 19 years\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe’ve heard stories about this kind of thing before, that box that often sits under-appreciated, but refuses to die. Well the UK register has picked up on a story of a FreeBSD server finally being retired after almost 19 years of dedicated service.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e“In its day, it was a reasonable machine - 200MHz Pentium, 32MB RAM, 4GB SCSI-2 drive,” Ross writes. “And up until recently, it was doing its job fine.” Of late, however the “hard drive finally started throwing errors, it was time to retire it before it gave up the ghost!” The drive\u0026#39;s a Seagate, for those of you looking to avoid drives that can\u0026#39;t deliver more than 19 years of error-free operations.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis system in particular had been running FreeBSD 2.2.1 over the years. Why not upgrade you ask? Ross has an answer for that:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e“It was heavily firewalled and only very specific services were visible to anyone, and most only visible to our directly connected customers,” Ross told Vulture South. “By the time it was probably due for a review, things had moved so far that all the original code was so tightly bound to the operating system itself, that later versions of the OS would have (and ultimately, did) require substantial rework. While it was running and not showing any signs of stress, it was simply expedient to leave sleeping dogs lie.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eAll in all, an amazing story of the longevity of a system and its operating system. Do you have a server with a similar or even greater uptime? Let us know so we can try and top this story.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.linuxvoice.com/group-test-bsd-distros/\" rel=\"nofollow\"\u003eRoundup of all the BSDs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe magazine LinuxVoice recently did a group test of a variety of “BSD Distros”.\u003c/li\u003e\n\u003cli\u003eIncluded in their review were Free/Open/Net/Dragon/Ghost/PC\u003c/li\u003e\n\u003cli\u003eIt starts with a pretty good overview of BSD in general, its starts and the various projects / forks that spawned from it, such as FreeNAS / Junos / Playstation / PFSense / etc\u003c/li\u003e\n\u003cli\u003eThe review starts with a look at OpenBSD, and the consensus reached is that it is good, but does require a bit more manual work to run as a desktop. (Most of the review focuses on desktop usage). It ends up with a solid ⅘ stars though. \u003c/li\u003e\n\u003cli\u003eNext it moves into GhostBSD, discusses it being a “Live” distro, which can optionally be installed to disk. It loses a few points for lacking a graphical package management utility, and some bugs during the installation, but still earns a respectable ⅗ stars.\u003c/li\u003e\n\u003cli\u003eDragonfly gets the next spin and gets praise for its very-up to date video driver support and availability of the HAMMER filesystem. It also lands at ⅗ stars, partly due to the reviewer having to use the command-line for management. (Notice a trend here?)\u003c/li\u003e\n\u003cli\u003eNetBSD is up next, and gets special mention for being one of the only “distros” that doesn’t do frequent releases. However that doesn’t mean you can’t have updated packages, since the review mentions pkgsrc and pkg as both available to customize your desktop. The reviewer was slightly haunted by having to edit files in /etc by hand to do wireless, but still gives NetBSD a ⅗ overall. \u003c/li\u003e\n\u003cli\u003eLast up are FreeBSD and PC-BSD, which get a different sort of head-to-head review. FreeBSD goes first, with mention that the text-install is fairly straight-forward and most configuration will require being done by hand. However the reviewer must be getting use to the command-line at this point, because he mentions:\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e“This might sound cumbersome, but is actually pretty straightforward and at the end produces a finely tuned aerodynamic system that does exactly what you want it to do and nothing else.”\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eHe does mention that FreeBSD is the ultimate DIY system, even to the point of not having the package management tools provided out of box. \u003c/li\u003e\n\u003cli\u003ePC-BSD ultimately gets a lot of love in this review, again with it being focused on desktop usage this follows. Particularly popular are all the various tools written to make PC-BSD easier to use, such as Life-Preserver, Warden, the graphical installer and more. (slight mistake though, Life-Preserver does not use rsync to backup to FreeNAS, it does ZFS replication)\u003c/li\u003e\n\u003cli\u003eIn the end he rates FreeBSD ⅘ and PC-BSD a whopping 5/5 for this roundup. \u003c/li\u003e\n\u003cli\u003eWhile reviews may be subjective to the particular use-case being evaluated for, it is still nice to see BSD getting some press and more interest from the Linux community in general. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/openbsd-laptops\" rel=\"nofollow\"\u003eOpenBSD Laptops\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy Ted Unangst has posted a nice “planning ahead” guide for those thinking of new laptops for 2016 and the upcoming OpenBSD 5.9\u003c/li\u003e\n\u003cli\u003eHe starts by giving us a status update on several of the key driver components that will be in 5.9 release“5.9 will be the first release to support the graphics on Broadwell CPUs. This is anything that looks like i5-5xxx. There are a few minor quirks, but generally it works well. There’s no support for the new Skylake models, however. They’ll probably work with the VESA driver but minus suspend/resume/acceleration (just as 5.8 did with Broadwell).”\u003c/li\u003e\n\u003cli\u003eHe then goes on to mention that the IWM driver works well with most of the revisions (7260, 7265, and 3160) that ship with broadwell based laptops, however the newer skylake series ships with the 8260, which is NOT yet supported.\u003c/li\u003e\n\u003cli\u003eHe then goes on to list some of the more common makes and models to look for, starting with the broadwell based X1 carbons which work really well (Kris gives +++), but make sure its not the newer skylake model just yet.\u003c/li\u003e\n\u003cli\u003eThe macbook gets a mention, but probably should be avoided due to broadcom wifi\u003c/li\u003e\n\u003cli\u003eThe Dell XPS he mentions as a good choice for a powerful (portable) desktops\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netbsd.org/changes/changes-8.0.html\" rel=\"nofollow\"\u003eSignificant changes from NetBSD 7.0 to 8.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpdated to GCC 4.8.5\u003c/li\u003e\n\u003cli\u003eImported dhcpcd and replaced rtsol and rtsold\u003c/li\u003e\n\u003cli\u003egpt(8) utility gained the ability to resize partitions and disks, as well as change the type of a partition\u003c/li\u003e\n\u003cli\u003eOpenSSH 7.1 and OpenSSL 1.0.1q\u003c/li\u003e\n\u003cli\u003eFTP client got support for SNI for https\u003c/li\u003e\n\u003cli\u003eImported dtrace from FreeBSD\u003c/li\u003e\n\u003cli\u003eAdd syscall support\u003c/li\u003e\n\u003cli\u003eAdd lockstat support\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - John Baldwin - \u003ca href=\"mailto:jhb@freebsd.org\" rel=\"nofollow\"\u003ejhb@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/BSDHokie\" rel=\"nofollow\"\u003e@BSDHokie\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD Kernel Debugging\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2016/01/18/17508.html\" rel=\"nofollow\"\u003eDragonfly Mail Agent spreads to FreeBSD and NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDMA, the Dragonfly Mail Agent is now available not only in Dragonfly’s dports, but also FreeBSD ports, and NetBSD pkgsrc\u003c/li\u003e\n\u003cli\u003e“dma is a small Mail Transport Agent (MTA), designed for home and office use.  It accepts mails from locally installed Mail User Agents (MUA) and delivers the mails either locally or to a remote destination.  Remote delivery includes several features like TLS/SSL support and SMTP authentication. dma is not intended as a replacement for real, big MTAs like sendmail(8) or postfix(1).  Consequently, dma does not listen on port 25 for incoming connections.”\u003c/li\u003e\n\u003cli\u003eThere was a project looking at importing DMA into the FreeBSD base system to replace sendmail, I wonder of the port signals that some of the blockers have been fixed\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=294068\" rel=\"nofollow\"\u003eZFS UEFI Support has landed!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOriginally started by Eric McCorkle\u003c/li\u003e\n\u003cli\u003ePicked up by Steven Hartland\u003c/li\u003e\n\u003cli\u003eIncluding modularizing the existing UFS boot code, and adding ZFS boot code\u003c/li\u003e\n\u003cli\u003eGeneral improvements to the EFI loader including using more of libstand instead of containing its own implementations of many common functions\u003c/li\u003e\n\u003cli\u003eThanks to work by Toomas Soome, there is now a Beastie Menu as part of the EFI loader, similar to the regular loader\u003c/li\u003e\n\u003cli\u003eAs soon as this was committed, I added a few lines to it to connect the ZFS BE Menu to it, thanks to all of the above, without whom my work wouldn’t be usable\u003c/li\u003e\n\u003cli\u003eIt should be relatively easy to hook my GELI boot stuff in as a module, and possibly just stack the UFS and ZFS modules on top of it\u003c/li\u003e\n\u003cli\u003eI might try to redesign the non-EFI boot code to use a similar design instead of what I have now\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.phoronix.com/scan.php?page=article\u0026item=3bsd-10linux\" rel=\"nofollow\"\u003eHow three BSD OSes compare to ten Linux Distros\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter benchmarking 10 of the latest Linux distros, Phoronix took to benchmarking 3 of the big BSDs\u003c/li\u003e\n\u003cli\u003eDragonFlyBSD 4.4.1 - The latest DragonFly release with GCC 5.2.1 and the HAMMER file-system.\u003c/li\u003e\n\u003cli\u003eOpenBSD 5.8 - OpenBSD 5.8 with GCC 4.2.1 as the default compiler and FFS file-system.\u003c/li\u003e\n\u003cli\u003ePC-BSD 10.2 - Derived off FreeBSD 10.2, the defaults were the Clang 3.4.1 compiler and ZFS file-system.\u003c/li\u003e\n\u003cli\u003eIn the SQLite test, PCBSD+ZFS won out over all of the Linux distros, including those that were also using ZFS\u003c/li\u003e\n\u003cli\u003eIn the first compile benchmark, PCBSD came second only to Intel’s Linux distro, Clear Linux. OpenBSD can last, although it is not clear if the benchmark was just comparing the system compiler, which would be unfair to OpenBSD\u003c/li\u003e\n\u003cli\u003eIn Disk transaction performance, against ZFS won the day, with PCBSD edging out the Linux distros. OpenBSD’s older ffs was hurt by the lack of soft updates, and DragonFly’s Hammer did not perform well. Although in an fsync() heavy test, safety is more important that speed\u003c/li\u003e\n\u003cli\u003eAs with all benchmarks, these obviously need to be taken with a grain of salt\u003c/li\u003e\n\u003cli\u003eIn some of them you can clearly see that the ‘winner’ has a much higher standard error, suggesting that the numbers are quite variable\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-15-7-24-released/\" rel=\"nofollow\"\u003eOPNSense 15.7.24 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe are just barely into the new year and OPNSense has dropped a new release on us to play with. \u003c/li\u003e\n\u003cli\u003eThis new version, 15.7.24 brings a bunch of notable changes, which includes improvements to the firewall UI and a plugin management section of the firmware page. Additionally better signature verification using PKG’s internal verification mechanisms was added for kernel and world updates.\u003c/li\u003e\n\u003cli\u003eThe announcement contains the full rundown of changes, including the suricata, openvpn and ntp got package bumps as well. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://cooltrainer.org/a-freebsd-desktop-howto/\" rel=\"nofollow\"\u003eA FreeBSD 10 Desktop How-to\u003c/a\u003e (A bit old, but still one of the most complete walkthroughs of a desktop FreeBSD setup from scratch)\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://fossforce.com/2016/01/bsd-ready-scale-14x/\" rel=\"nofollow\"\u003eBSD and Scale 14\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160114113445\u0026mode=expanded\" rel=\"nofollow\"\u003eXen support enabled in OpenBSD -current\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20a0mLaAv\" rel=\"nofollow\"\u003e Matt - Zil Sizes\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21qpiTF8h\" rel=\"nofollow\"\u003e Drin - IPSEC\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2HCq0r0aD\" rel=\"nofollow\"\u003e John - ZFS + UEFI\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2VORfyqlS\" rel=\"nofollow\"\u003e Jake - ZFS Cluster SAN\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20ycRhUkM\" rel=\"nofollow\"\u003e Phillip - Media Server\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we will be talking to FreeBSD developer and former core-team member John Baldwin about a variety of topics, including running a DevSummit, everything you needed or wanted to know. Coming up right now on BSDNow, the place to B...SD.","date_published":"2016-01-20T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/089fc2b7-be76-41de-bbf3-016592d78ef5.mp3","mime_type":"audio/mpeg","size_in_bytes":96359764,"duration_in_seconds":8029}]},{"id":"91c6faea-62a9-4334-b732-cab3cb55ba35","title":"124: Get your engine(x) started!","url":"https://www.bsdnow.tv/124","content_text":"This week on the show, we have a very full news roster to rundown, plus an oldie, but goodie with Igor of the nginx project. That plus all your questions and feedback,\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSDJournal!\n***\n\n\nFreeNAS Logo Design Contest\n\nRules and Requirements\n\n\n\nFor those of you curious about Kris' new lighting here are the links to what he is using.\n\n\nSoftbox Light Diffuser\nFull Spectrum 5500K CFL Bulb\n***\n\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nClearing the air \n\n\nA number of you have written in the past few weeks asking why Allan and I didn’t talk about one of the biggest stories to make headlines last week. \nBoth of us are quite aware of the details surrounding the incidents between former FreeBSD developers “freebsdgirl” and “xmj”, however the news was still ongoing and we didn’t feel it right to discuss until some of the facts had time to shake out and a more clear (and calm) discussion could be had. \nHowever, without getting into all the gory details here’s some of the key points that we want to highlight for our listeners. We each have our own thoughts on this.\n\n\nKris:\n\n\nThe FreeBSD that I know has been VERY open and inclusive to all who want to contribute. The saying “Shut up and code” is there for a reason. We’ve seen developers of all types, different race / gender / creed, and the one thing we all have in common is the love for BSD.\nThis particular incident has been linked to FreeBSD, which isn’t exactly a fair association, since the project and other members of community were not directly involved. What started out as a disagreement (over something non-BSD related) turned into an ugly slugfest all across social media and (briefly) on a BSD chatroom.\nIn this case after reviewing lots of the facts, I think both sides were WAY out of line, and hope they recognize that. \nThere has been slamming of the core team and foundation in social media, as somehow the delay / silence is an admission of wrong-doing. Nothing could be further from the truth. These are serious people doing a serious job, and much like BSD they would rather take the time to do it right instead of just going off on social media and making things worse. (Plus they all are volunteers who are spread across many different time-zones)\nAlso, if you hear rumors of incidents of harassment, remember that without details all those will ever be is rumors. Obviously those in the project would take any incident like that seriously, but without coming forward and sharing the details it’s impossible to take any action or make changes for the better.\n\n\nAllan:\n\n\nThe FreeBSD community is the best group of people I have ever worked with, but that doesn’t mean that it is immune to the same problems that every other group of people faces. As much as all of us wish it didn’t, harassment and other ill-behavior does happen, and must be dealt with\nThe FreeBSD Core team has previously sanctioned committers and revoked commit bits for things that happened entirely offline and outside of the FreeBSD community. Part of being a committer is representing the project in everything that you do, so anything you do that reflects badly upon the project is grounds for your removal\nThere was something written about this in the project documentation somewhere (that I can not find for the live of me), specifically about the prestige that comes with (or used to) an @freebsd.org account, and how new members of the community need to keep that in mind as they work to earn, and keep, a commit bit\nIn this specific situation, I am not sure what core did exactly, we’ll have to wait for their report to find out, but I am not sure what more they could have done.\n“Individual members of core have the power to temporarily suspend commit privileges until core as a whole has the chance to review the issue. Only a 2/3 majority of core has the authority to suspend commit privileges for longer than a week or to remove them permanently. Core's “special powers” only kick in when it acts as a group, not on an individual basis. As individuals, the core team members are all committers first and core second”\nSo, an individual member of core can revoke the commit bit of someone who is reported to have acted in a manner not conducive with the rules, but I don’t know how that would have made a difference in this case.\nThe only point from Randi’s list of 10 things the project should change that I do not think is possible is #6. As stated in the “Committers' Big List of Rules” that I quoted earlier, the core team can only take action after they have had time for everyone to review and discuss a matter, and then vote on it.\nThe core team is made up of 9 people with other responsibilities and commitments. Further, they are currently spread across 6 different countries, and 6 different times zones (even the countries and time zones do not line up).\nWe eagerly await Cores report on this matter, and more importantly, Core and the Foundation's work to come up with a better framework and response policy to deal with such situations in the future.\nThe important thing is to ensure that incident reports are properly handled, so that those reporting issues feel safe in doing so\nWhile we hope there is never another incident of harassment in the FreeBSD community, the realities of the world we live in mean we need to be ready to deal with it\n***\n\n\nDan Langille discussing his rig\n\n\nPictures of Dan Langille's Home Lab \nEver read FreeBSD Diary? How about used FreshPorts or FreshSource? Gone to BSDCan? If so you may be interested in seeing exactly where those sites are served from.\nDan Langille posts to reddit with information about his home lab, with the obligatory pictures to back it up\nAs most good home racks do, this one starts at Home Depot and ends up with a variety of systems and hardware living on it. \nAll in all an impressive rig and nice job wiring\n(I wonder what that ASUS RT‑N66U is doing, if it’s running FreeBSD or just an access point??)\nReminder: Get your BSDCan talk proposal submitted before the deadline, January 19th\n***\n\n\nPre-5.9 pledge(2) update\n\n\nTheo gives us a status update on pledge() for pre OpenBSD 5.9“For the next upcoming release, we will disable the 'paths' argument.Reasoning: We have been very busy making as much of the tree set thepromises right in applications, and building a few new promises aswell.  We simply don't have enough time to review the kernel code andmake sure it is bug-free.  We'll use the next 6 months developmentcycle to decide on paths, and then re-audit the tree to use theinterface where it is suitable.\nThe base tree (/bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/games)contains 652 ELF binaries. 451 use pledge.  201 do not. Approximately47 do not need or cannot use pledge.  Leaving 154 we could potentiallypledge in the future.  Most of those are not very important.  Thereare a few hot spots, but most of what people use has been handled wellby the team.“\n\n\nChromium: now with OpenBSD pledge(2) \n\n\nIn addition to the pledge news, we also have a story about the Chromium browser being converted to use pledge on OpenBSD.“The renderer, gpu, plugin and utility processes are now using pledge(2)Unfortunately the GPU process only requires an rpath pledge because ofMesa trying to parse two configuration files, /etc/drirc and ${HOME}/.drircSo currently the GPU process will use an rpath pledge in the nextweek or so so that people can test, but this situation has to beresolved because it is not acceptable that a mostly unused configurationfile is being parsed from a library and that stops us from using lesspledges and thus disallowing the GPU process to have read accessto the filesystem ... like your ssh keys.”\nUPDATE: the rpath pledge has been removed.\n***\n\n\niXsystems\n\n\nhttps://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/\n\n\n\n\nInterview - Igor Sysoev - igor@sysoev.ru / @isysoev\n\nNGINX and FreeBSD\n\n\n\nNews Roundup\n\nFreeBSD on EdgeRouter Lite - no serial port required\n\n\nA few years back there was a neat story on how to setup FreeBSD on the EdgeRouter-Lite\nThis last week we get to revisit this, as Colin Percival posts a script, and a very detailed walkthrough of using it to generate your own custom image which does NOT require hooking up a serial cable.\nCurrently the script only works on -CURRENT, but may work later for 10.3\nThe script is pretty complete, does the buildworld and creation of a USB image for you. It also does a basic firewall configuration and even growfs for expanding to the full-size of your USB media.\nUsing the ‘firstboot’ keyword, an rc.d script does all the initial configuration allowing you access to the system\nIf you have one, or are looking at switching to a FreeBSD based router, do yourself a favor and take a look at this article. \n***\n\n\nJohn Marino reaches out to the community for testing of Synth, a new custom package repo builder\n\n\nA hybrid of poudriere and portmaster/portupgrade\nUses your regular ports tree and your running system, but built builds packages faster, the poudriere way\nRequires no setup, no downloading or building reference versions of the OS, no checking out yet another copy of the ports tree\nIn the future may have support for using binary packages for dependencies, build only the apps you actually want to customize\nLooks very promising\n***\n\n\nOpenBSD malloc finds use-after-free in Android OS \n\n\nScore one for OpenBSD’s rigorous security and attention to detail. We have an interesting commit / comment from Android\nIt looks like this particular mistake was found in the uncrypt routines, in particular the using of a variable memory which had already gone out of scope. \nThrough the usage of OpenBSD’s malloc junk filling feature, the developers were able to identify and correct the issue.\nMaybe there is a case to be made that this be used more widely, especially during testing?\n***\n\n\nNetflix's async sendfile now in FreeBSD-current\n\n\nWe have some slides presented by Gleb Smirnoff at last years FreeBSD storage summit, talking about changes to sendfile made by Netflix. \nIt starts off with a bit of history, showing the misery of life without sendfile(2) back in FreeBSD 1.0, specifically the ftpd daemon.\nThen in 1997 that all changed, HP-UX 11.00 grew the sendfile function, and FreeBSD 3.0 / Linux 2.2 added it in ‘98\nThe slides then go into other details, on how the first implementations would map the userland cycle into the kernel. Then in 2004 the SF_NODISKIO flag was added, followed by changes in 2006 and 2013 to using sbspace() bytes and sending shared memory descriptor data respectively. \nThe idea is that instead of the web server waiting for the send to complete, it calls sendfile then goes about its other work, then it gets a notification when the work is done, and finishes up any of the request handling, like logging how many bytes were sent\nThe new sendfile implementation took the maximum load of an older netflix box from 25 gigabits/sec to 35 gigabits/sec\nSeparately, Netflix has also done work on implementing a TLS version of sendfile(), to streamline the process of sending encrypted data\nThere is still a todo list, including making sendfile() play nice with ZFS. Currently files sent via sendfile from ZFS are stored in memory twice, once in the ARC, and once in the buffer cache that sendfile uses\n***\n\n\nBeastie Bits\n\n\nUnix Timeline of how Unix versions have evolved \nnetmap support now in bhyve in FreeBSD -Current\nMcCabe complexity and Dragonfly BSD \nBourne Basic - a BASIC interpreter implemented (painfully) in pure Bourne shell \nNixOS on FreeBSD \nTurning an ordinary OpenBSD system into a router\nnvidia releases beta 361.16 driver for FreeBSD \n\n\nFeedback/Questions\n\n\n Bryson - SmartOS / KVM / ZFS \n Samba 1969 \n DO / VPN / PF \n Unstable VM  / Update\n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv\n\n\n","content_html":"\u003cp\u003eThis week on the show, we have a very full news roster to rundown, plus an oldie, but goodie with Igor of the nginx project. That plus all your questions and feedback,\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSDJournal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/freenas-logo-contest/\" rel=\"nofollow\"\u003eFreeNAS Logo Design Contest\u003c/a\u003e\u003c/h4\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/\" rel=\"nofollow\"\u003eRules and Requirements\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch4\u003eFor those of you curious about Kris\u0026#39; new lighting here are the links to what he is using.\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://smile.amazon.com/gp/product/B00OTG6474?psc=1\u0026redirect=true\u0026ref_=oh_aui_detailpage_o01_s00\u0026pldnSite=1\" rel=\"nofollow\"\u003eSoftbox Light Diffuser\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://smile.amazon.com/gp/product/B00198U6U6?psc=1\u0026redirect=true\u0026ref_=oh_aui_detailpage_o06_s00\" rel=\"nofollow\"\u003eFull Spectrum 5500K CFL Bulb\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.randi.io/2015/12/31/the-developer-formerly-known-as-freebsdgirl/\" rel=\"nofollow\"\u003eClearing the air \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA number of you have written in the past few weeks asking why Allan and I didn’t talk about one of the biggest stories to make headlines last week. \u003c/li\u003e\n\u003cli\u003eBoth of us are quite aware of the details surrounding the incidents between former FreeBSD developers “freebsdgirl” and “xmj”, however the news was still ongoing and we didn’t feel it right to discuss until some of the facts had time to shake out and a more clear (and calm) discussion could be had. \u003c/li\u003e\n\u003cli\u003eHowever, without getting into all the gory details here’s some of the key points that we want to highlight for our listeners. We each have our own thoughts on this.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eKris:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD that I know has been VERY open and inclusive to all who want to contribute. The saying “Shut up and code” is there for a reason. We’ve seen developers of all types, different race / gender / creed, and the one thing we all have in common is the love for BSD.\u003c/li\u003e\n\u003cli\u003eThis particular incident has been linked to FreeBSD, which isn’t exactly a fair association, since the project and other members of community were not directly involved. What started out as a disagreement (over something non-BSD related) turned into an ugly slugfest all across social media and (briefly) on a BSD chatroom.\u003c/li\u003e\n\u003cli\u003eIn this case after reviewing lots of the facts, I think both sides were WAY out of line, and hope they recognize that. \u003c/li\u003e\n\u003cli\u003eThere has been slamming of the core team and foundation in social media, as somehow the delay / silence is an admission of wrong-doing. Nothing could be further from the truth. These are serious people doing a serious job, and much like BSD they would rather take the time to do it right instead of just going off on social media and making things worse. (Plus they all are volunteers who are spread across many different time-zones)\u003c/li\u003e\n\u003cli\u003eAlso, if you hear rumors of incidents of harassment, remember that without details all those will ever be is rumors. Obviously those in the project would take any incident like that seriously, but without coming forward and sharing the details it’s impossible to take any action or make changes for the better.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAllan:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD community is the best group of people I have ever worked with, but that doesn’t mean that it is immune to the same problems that every other group of people faces. As much as all of us wish it didn’t, harassment and other ill-behavior does happen, and must be dealt with\u003c/li\u003e\n\u003cli\u003eThe FreeBSD Core team has previously sanctioned committers and revoked commit bits for things that happened entirely offline and outside of the FreeBSD community. Part of being a committer is representing the project in everything that you do, so anything you do that reflects badly upon the project is grounds for your removal\u003c/li\u003e\n\u003cli\u003eThere was something written about this in the project documentation somewhere (that I can not find for the live of me), specifically about the prestige that comes with (or used to) an @freebsd.org account, and how new members of the community need to keep that in mind as they work to earn, and keep, a commit bit\u003c/li\u003e\n\u003cli\u003eIn this specific situation, I am not sure what core did exactly, we’ll have to wait for their report to find out, but I am not sure what more they could have done.\u003c/li\u003e\n\u003cli\u003e“Individual members of core have the power to temporarily suspend commit privileges until core as a whole has the chance to review the issue. Only a 2/3 majority of core has the authority to suspend commit privileges for longer than a week or to remove them permanently. Core\u0026#39;s “special powers” only kick in when it acts as a group, not on an individual basis. As individuals, the core team members are all committers first and core second”\u003c/li\u003e\n\u003cli\u003eSo, an individual member of core can revoke the commit bit of someone who is reported to have acted in a manner not conducive with the rules, but I don’t know how that would have made a difference in this case.\u003c/li\u003e\n\u003cli\u003eThe only point from Randi’s list of 10 things the project should change that I do not think is possible is #6. As stated in the “Committers\u0026#39; Big List of Rules” that I quoted earlier, the core team can only take action after they have had time for everyone to review and discuss a matter, and then vote on it.\u003c/li\u003e\n\u003cli\u003eThe core team is made up of 9 people with other responsibilities and commitments. Further, they are currently spread across 6 different countries, and 6 different times zones (even the countries and time zones do not line up).\u003c/li\u003e\n\u003cli\u003eWe eagerly await Cores report on this matter, and more importantly, Core and the Foundation\u0026#39;s work to come up with a better framework and response policy to deal with such situations in the future.\u003c/li\u003e\n\u003cli\u003eThe important thing is to ensure that incident reports are properly handled, so that those reporting issues feel safe in doing so\u003c/li\u003e\n\u003cli\u003eWhile we hope there is never another incident of harassment in the FreeBSD community, the realities of the world we live in mean we need to be ready to deal with it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/homelab/comments/3zv64t/the_home_lab_9_servers_about_98tb_working_url/\" rel=\"nofollow\"\u003eDan Langille discussing his rig\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://imgur.com/gallery/nuBBD\" rel=\"nofollow\"\u003ePictures of Dan Langille\u0026#39;s Home Lab\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eEver read FreeBSD Diary? How about used FreshPorts or FreshSource? Gone to BSDCan? If so you may be interested in seeing exactly where those sites are served from.\u003c/li\u003e\n\u003cli\u003eDan Langille posts to reddit with information about his home lab, with the obligatory pictures to back it up\u003c/li\u003e\n\u003cli\u003eAs most good home racks do, this one starts at Home Depot and ends up with a variety of systems and hardware living on it. \u003c/li\u003e\n\u003cli\u003eAll in all an impressive rig and nice job wiring\u003c/li\u003e\n\u003cli\u003e(I wonder what that ASUS RT‑N66U is doing, if it’s running FreeBSD or just an access point??)\u003c/li\u003e\n\u003cli\u003eReminder: Get your BSDCan talk proposal submitted before the deadline, January 19th\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160107174436\" rel=\"nofollow\"\u003ePre-5.9 pledge(2) update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTheo gives us a status update on pledge() for pre OpenBSD 5.9“For the next upcoming release, we will disable the \u0026#39;paths\u0026#39; argument.Reasoning: We have been very busy making as much of the tree set thepromises right in applications, and building a few new promises aswell.  We simply don\u0026#39;t have enough time to review the kernel code andmake sure it is bug-free.  We\u0026#39;ll use the next 6 months developmentcycle to decide on paths, and then re-audit the tree to use theinterface where it is suitable.\nThe base tree (/bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/games)contains 652 ELF binaries. 451 use pledge.  201 do not. Approximately47 do not need or cannot use pledge.  Leaving 154 we could potentiallypledge in the future.  Most of those are not very important.  Thereare a few hot spots, but most of what people use has been handled wellby the team.“\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20160107075227\" rel=\"nofollow\"\u003eChromium: now with OpenBSD pledge(2)\u003c/a\u003e \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn addition to the pledge news, we also have a story about the Chromium browser being converted to use pledge on OpenBSD.“The renderer, gpu, plugin and utility processes are now using pledge(2)Unfortunately the GPU process only requires an rpath pledge because ofMesa trying to parse two configuration files, /etc/drirc and ${HOME}/.drircSo currently the GPU process will use an rpath pledge in the nextweek or so so that people can test, but this situation has to beresolved because it is not acceptable that a mostly unused configurationfile is being parsed from a library and that stops us from using lesspledges and thus disallowing the GPU process to have read accessto the filesystem ... like your ssh keys.”\nUPDATE: the rpath pledge has been removed.\u003cbr\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/\" rel=\"nofollow\"\u003ehttps://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Igor Sysoev - \u003ca href=\"mailto:igor@sysoev.ru\" rel=\"nofollow\"\u003eigor@sysoev.ru\u003c/a\u003e / \u003ca href=\"https://twitter.com/isysoev\" rel=\"nofollow\"\u003e@isysoev\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eNGINX and FreeBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2016-01-10-FreeBSD-EdgeRouter-Lite.html\" rel=\"nofollow\"\u003eFreeBSD on EdgeRouter Lite - no serial port required\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA few years back there was a neat story on how to setup FreeBSD on the EdgeRouter-Lite\u003c/li\u003e\n\u003cli\u003eThis last week we get to revisit this, as Colin Percival posts a script, and a very detailed walkthrough of using it to generate your own custom image which does NOT require hooking up a serial cable.\u003c/li\u003e\n\u003cli\u003eCurrently the script only works on -CURRENT, but may work later for 10.3\u003c/li\u003e\n\u003cli\u003eThe script is pretty complete, does the buildworld and creation of a USB image for you. It also does a basic firewall configuration and even growfs for expanding to the full-size of your USB media.\u003c/li\u003e\n\u003cli\u003eUsing the ‘firstboot’ keyword, an rc.d script does all the initial configuration allowing you access to the system\u003c/li\u003e\n\u003cli\u003eIf you have one, or are looking at switching to a FreeBSD based router, do yourself a favor and take a look at this article. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2016-January/228540.html\" rel=\"nofollow\"\u003eJohn Marino reaches out to the community for testing of Synth, a new custom package repo builder\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA hybrid of poudriere and portmaster/portupgrade\u003c/li\u003e\n\u003cli\u003eUses your regular ports tree and your running system, but built builds packages faster, the poudriere way\u003c/li\u003e\n\u003cli\u003eRequires no setup, no downloading or building reference versions of the OS, no checking out yet another copy of the ports tree\u003c/li\u003e\n\u003cli\u003eIn the future may have support for using binary packages for dependencies, build only the apps you actually want to customize\u003c/li\u003e\n\u003cli\u003eLooks very promising\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://android-review.googlesource.com/#/c/196090/\" rel=\"nofollow\"\u003eOpenBSD malloc finds use-after-free in Android OS \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eScore one for OpenBSD’s rigorous security and attention to detail. We have an interesting commit / comment from Android\u003c/li\u003e\n\u003cli\u003eIt looks like this particular mistake was found in the uncrypt routines, in particular the using of a variable memory which had already gone out of scope. \u003c/li\u003e\n\u003cli\u003eThrough the usage of OpenBSD’s malloc junk filling feature, the developers were able to identify and correct the issue.\u003c/li\u003e\n\u003cli\u003eMaybe there is a case to be made that this be used more widely, especially during testing?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.slideshare.net/facepalmtarbz2/new-sendfile-in-english\" rel=\"nofollow\"\u003eNetflix\u0026#39;s async sendfile now in FreeBSD-current\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have some slides presented by Gleb Smirnoff at last years FreeBSD storage summit, talking about changes to sendfile made by Netflix. \u003c/li\u003e\n\u003cli\u003eIt starts off with a bit of history, showing the misery of life without sendfile(2) back in FreeBSD 1.0, specifically the ftpd daemon.\u003c/li\u003e\n\u003cli\u003eThen in 1997 that all changed, HP-UX 11.00 grew the sendfile function, and FreeBSD 3.0 / Linux 2.2 added it in ‘98\u003c/li\u003e\n\u003cli\u003eThe slides then go into other details, on how the first implementations would map the userland cycle into the kernel. Then in 2004 the SF_NODISKIO flag was added, followed by changes in 2006 and 2013 to using sbspace() bytes and sending shared memory descriptor data respectively. \u003c/li\u003e\n\u003cli\u003eThe idea is that instead of the web server waiting for the send to complete, it calls sendfile then goes about its other work, then it gets a notification when the work is done, and finishes up any of the request handling, like logging how many bytes were sent\u003c/li\u003e\n\u003cli\u003eThe new sendfile implementation took the maximum load of an older netflix box from 25 gigabits/sec to 35 gigabits/sec\u003c/li\u003e\n\u003cli\u003eSeparately, Netflix has also done work on implementing a TLS version of sendfile(), to streamline the process of sending encrypted data\u003c/li\u003e\n\u003cli\u003eThere is still a todo list, including making sendfile() play nice with ZFS. Currently files sent via sendfile from ZFS are stored in memory twice, once in the ARC, and once in the buffer cache that sendfile uses\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.levenez.com/unix/\" rel=\"nofollow\"\u003eUnix Timeline of how Unix versions have evolved\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=293459\" rel=\"nofollow\"\u003enetmap support now in bhyve in FreeBSD -Current\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.dragonflydigest.com/2016/01/12/17478.html\" rel=\"nofollow\"\u003eMcCabe complexity and Dragonfly BSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://gist.github.com/cander/2785819\" rel=\"nofollow\"\u003eBourne Basic - a BASIC interpreter implemented (painfully) in pure Bourne shell\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/NixOS/nixpkgs/pull/10816#issuecomment-169298385\" rel=\"nofollow\"\u003eNixOS on FreeBSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.openbsd.org/faq/pf/example1.html\" rel=\"nofollow\"\u003eTurning an ordinary OpenBSD system into a router\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://devtalk.nvidia.com/default/topic/908423/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-361-16-beta-/\" rel=\"nofollow\"\u003envidia releases beta 361.16 driver for FreeBSD\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2BLZeBrSK\" rel=\"nofollow\"\u003e Bryson - SmartOS / KVM / ZFS\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2OQIxkZst\" rel=\"nofollow\"\u003e Samba 1969\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s206j2ekTZ\" rel=\"nofollow\"\u003e DO / VPN / PF\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://slexy.org/view/s20kyrKSH9\" rel=\"nofollow\"\u003e Unstable VM  / Update\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we have a very full news roster to rundown, plus an oldie, but goodie with Igor of the nginx project. That plus all your questions and feedback,","date_published":"2016-01-13T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/91c6faea-62a9-4334-b732-cab3cb55ba35.mp3","mime_type":"audio/mpeg","size_in_bytes":54317524,"duration_in_seconds":4526}]},{"id":"f2ccc8f8-3740-4e85-995f-cdf83d7f795f","title":"123: ZFS in the trenches","url":"https://www.bsdnow.tv/123","content_text":"This week on BSDNow, we will be talking shop with Josh Paetzel of FreeNAS fame, hearing about his best do’s and do-nots of using ZFS in production. Also, a quick\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD \nJournal!\n***\n\n\nFreeNAS Logo Design Contest\n\nRules and Requirements\n\n\n\nFor those of you curious about Kris' new lighting here are the links to what he is using.\n\n\nSoftbox Light Diffuser\nFull Spectrum 5500K CFL Bulb\n***\n\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nA Brief look back at 2015\n\n\nAs we start the show this week, we begin with a brief look back at BSD in 2015, brought to us by Larry at FOSS force.\nAside from his issue with tap-to-click on the touchpad, his PC-BSD experience has been pretty good. (Larry, if you hear this, jump on #pcbsd on FreeNode and we will lend a hand)\nHe mentions that this really isn’t his first time running BSD, apparently back in ye-olden days he got NetBSD up and running on a PowerBook G3, until an update brought that experience to abrupt ending. \nHe gives a shout-out to the FreeBSD Foundation as being a great go-to source for wrapup on the previous year in FreeBSD land, while also mentioning the great 4.4 release of DragonFly, and some of the variants, such as RetroBSD and LiteBSD\nHe leaves us with a tease for 2016 that work is ongoing on Twitter to port over Mopidy, a python based extensible music server\n***\n\n\nA look forward at BSD events throughout 2016\n\n\nAfter a quick look back at 2015, now its time to start planning your 2016 schedule. The BSDEvents site has a calendar of all the upcoming conferences / shows where BSD will have a presence this year. \nThere are quite a few items on the agenda, including non BSD specific conferences, such as SCALE / Fosdem and more.\nTake a look and see, you may be able to find something close your location where you can come hang out with other BSD developers.\n(or better yet), if a linux conference is coming to your town, think about submitting a BSD talk!\nAdditionally, if getting BSD Certification is something on your 2016 resolutions, you can often take the test at one of these shows, avoiding the need to travel to a testing center. \n***\n\n\nThe 'Hidden' Cost of Using ZFS for Your Home NAS\n\n\nAn article was recently posted that seems to be trying to dissuade people from using ZFS for their home NAS\nIt points out what experienced users already know, but many newcomers are not strictly aware of: Expanding a ZFS pool is not always as straightforward as you think it should be\nZFS was designed to be expanded, and it handled this very well\nHowever, a ZFS pool is made up of VDEVs, and it is these VDEVs that provide the redundancy. RAID-Z VDEVs cannot be changed once they are created. You can replace each disk individually, and the VDEV will grow to its new larger size, but you cannot add additional disks to a RAID-Z VDEV\nAt this point, your option is to add an additional VDEV, although best practises dictate that the new VDEV should use an equal number of disks, to avoid uneven performance\nSo, if you started with a 6 disk RAID-Z2, having to add 6 more disks to grow the pool does seem excessive\nFor the best flexibility, use mirrors. If you had used 6 disks as 3 mirrors of 2 disks each, you could then just add 2 more disks at a time. The downside is that using 2TB disks, you’d only have 6TB of usable space, versus the 8TB you would get from those disks in a RAID-Z2\nThis is the trade-off, mirrors give you better performance and flexibility, but less space efficiency\nIt is important to note that the diagrams in this article make it appear as if all parity information is stored on specific drives. In ZFS parity is spread across all drives. Often times, the data written to the drive is not of a size that can evenly be split across all drives, so the data actually ends up looking like this\nThe errors as I see it in the original article are:\n\n\nIt notes that the hidden cost of ZFS is that if you add a second RAID-Z VDEV, you will have a whole second set of parity drives. While this is a cost, it is the cost of making sure your data is safe. If you had an array with more than 12 drives, it is likely that you would to be able to withstand the failure of the larger number of drives\nThe article does not consider the resilver time. If you did create a configuration with a very wide RAID-Z stripe, the failure of a disk would leave the pool degraded for a much longer time, leaving your pool at risk for that longer period.\nThe article does not consider performance. Two RAID-Z2 VDEVs of 6 disks each will give much better performance than a single VDEV of 10 or 12 disks, especially when it comes to IOPS.\n***\n\n\n\nZFS Boot Enviroments now availble in the FreeBSD bootloader\n\n\nIt’s been in phabricator for a while (and PC-BSD), but the support for Boot-Environments has now landed upstream in -CURRENT\nThis work was helped by cross-project collaboration when an IllumOS Developer, Toomas Soome, started porting the FreeBSD loader to IllumOS to replace GRUB there\nThis gives Beastie menu the ability to look at the ZFS disk, and dynamically list boot-environments that it finds. (Much nicer than GRUB, which required a pre-written configuration file)\nThis work was extended further, when Toomas Soome also ported the Beastie Menu to the UEFI loader which is now enabled by default for UEFI\nAll of these changes are scheduled to be merged back in time for FreeBSD 10.3 as well.\nThere is also a patch being worked on to support booting from ZFS in UEFI \nThis is exciting times for doing neat things with ZFS on root, these plus Allans forthcoming GELI support will negate the necessity for GRUB on PC-BSD for example (Kris is very happy)\n***\n\n\nInterview - Josh Paetzel - email@email / @bsdunix4ever\n\n\nZFS Support\n***\n\n\nNews Roundup\n\nRetroBSD being tested on ESP32\n\n\nMore hardware news for RetroBSD and LiteBSD\nI don’t know much about this hardware, but there is a lot of discussion in the forum threads about it\nNot sure what you are supposed to accomplish with only 400kb of ram\nLITEBSD Brings 4.4BSD to PIC32\nIt is interesting to see these super-small boards with only 512kb of memory, but will crypto offload support\nIt is also interesting to see talk of 140mbps WiFi, can the processor actually handle that much traffic?\nBSD Unix-like OS is Resurrected for Embedded IoT Market\nRelated to the above stories, we also have an article about BSD making a resurgence on various Internet of things devices, which mentions both RetroBSD and LiteBSD\nThe article mentions that this is an exciting development for embedded vars who now have an alternative licensed open-source OS to potentially use\n***\n\n\nHardenedBSD’s new Binary Updater\n\n\nIt looks like there is now another way to update your FreeBSD(hardened) system\nThe post by Shawn Web, details how the new updater will work in future releases of HBSD\n Right now it looks fairly straight-forward, creating both the base.txz and kernel.txz, along with some data for etcupdate\nIt includes a nice option for the kernel name in the update, allowing different kernels to be installed / updated at will\nEverything is cryptographically signed and verified using the base system openssl\nThe build system is fairly simple, only requiring “sh/git/openssl” to create the binary updates\nPlanned features also include updating of jails, and ZFS boot-environments\n***\n\n\nSometimes, processors need (BSD) love too\n\n\nWe have a blog post from Brian Everly, talking about his long journey into legacy processors and the plans for the future to work on better supporting them on OpenBSD ports\nHe begins with the story of his UNIX journey to today, and why this fostered his love for many of these old (and not so old) architectures, such as Sparc64, PPC32, i386.\nThis journey ended up with the purchase of some legacy hardware (ebay is your friend), and the creation of a database listing the major port blockers on each platform\nThis is the great kind of thing folks can do to step up and help a project, even as a weekend hobby it’s great to run some hardware and help test / fix up issues that other developers maybe don’t interact with as much anymore. \n***\n\n\nBeastie Bits\n\nThe standard MWL disclaimer\n\nPC-BSD 11.0-CURRENTJAN2016 Available \n\nNetBSD pkgsrc-2015Q3 statistics\n\nNetBSD pkgsrc-2015Q4 released\n\nFirst Reproducible builds conference in Athens\n\nThe creator of the original ThinkPad design passes away \n\n\n\nFeedback/Questions\n\n\n Andrew - High Contrast \n John - FreeNAS followup \n Giorgio - Custom Install \n Don - ZFS Slowdowns \n Fred - Dual Boot PC-BSD/Linux \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we will be talking shop with Josh Paetzel of FreeNAS fame, hearing about his best do’s and do-nots of using ZFS in production. Also, a quick\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD \nJournal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/freenas-logo-contest/\" rel=\"nofollow\"\u003eFreeNAS Logo Design Contest\u003c/a\u003e\u003c/h4\u003e\n\n\u003cp\u003e\u003ca href=\"https://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/\" rel=\"nofollow\"\u003eRules and Requirements\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch4\u003eFor those of you curious about Kris\u0026#39; new lighting here are the links to what he is using.\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://smile.amazon.com/gp/product/B00OTG6474?psc=1\u0026redirect=true\u0026ref_=oh_aui_detailpage_o01_s00\u0026pldnSite=1\" rel=\"nofollow\"\u003eSoftbox Light Diffuser\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://smile.amazon.com/gp/product/B00198U6U6?psc=1\u0026redirect=true\u0026ref_=oh_aui_detailpage_o06_s00\" rel=\"nofollow\"\u003eFull Spectrum 5500K CFL Bulb\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://fossforce.com/2015/12/bsd-brief-look-back-2015/\" rel=\"nofollow\"\u003eA Brief look back at 2015\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs we start the show this week, we begin with a brief look back at BSD in 2015, brought to us by Larry at FOSS force.\u003c/li\u003e\n\u003cli\u003eAside from his issue with tap-to-click on the touchpad, his PC-BSD experience has been pretty good. (Larry, if you hear this, jump on #pcbsd on FreeNode and we will lend a hand)\u003c/li\u003e\n\u003cli\u003eHe mentions that this \u003cem\u003ereally\u003c/em\u003e isn’t his first time running BSD, apparently back in ye-olden days he got NetBSD up and running on a PowerBook G3, until an update brought that experience to abrupt ending. \u003c/li\u003e\n\u003cli\u003eHe gives a shout-out to the FreeBSD Foundation as being a great go-to source for wrapup on the previous year in FreeBSD land, while also mentioning the great 4.4 release of DragonFly, and some of the variants, such as RetroBSD and LiteBSD\u003c/li\u003e\n\u003cli\u003eHe leaves us with a tease for 2016 that work is ongoing on Twitter to port over Mopidy, a python based extensible music server\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdevents.org/scheduler/\" rel=\"nofollow\"\u003eA look forward at BSD events throughout 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a quick look back at 2015, now its time to start planning your 2016 schedule. The BSDEvents site has a calendar of all the upcoming conferences / shows where BSD will have a presence this year. \u003c/li\u003e\n\u003cli\u003eThere are quite a few items on the agenda, including non BSD specific conferences, such as SCALE / Fosdem and more.\u003c/li\u003e\n\u003cli\u003eTake a look and see, you may be able to find something close your location where you can come hang out with other BSD developers.\u003c/li\u003e\n\u003cli\u003e(or better yet), if a linux conference is coming to your town, think about submitting a BSD talk!\u003c/li\u003e\n\u003cli\u003eAdditionally, if getting BSD Certification is something on your 2016 resolutions, you can often take the test at one of these shows, avoiding the need to travel to a testing center. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://louwrentius.com/the-hidden-cost-of-using-zfs-for-your-home-nas.html\" rel=\"nofollow\"\u003eThe \u0026#39;Hidden\u0026#39; Cost of Using ZFS for Your Home NAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn article was recently posted that seems to be trying to dissuade people from using ZFS for their home NAS\u003c/li\u003e\n\u003cli\u003eIt points out what experienced users already know, but many newcomers are not strictly aware of: Expanding a ZFS pool is not always as straightforward as you think it should be\u003c/li\u003e\n\u003cli\u003eZFS was designed to be expanded, and it handled this very well\u003c/li\u003e\n\u003cli\u003eHowever, a ZFS pool is made up of VDEVs, and it is these VDEVs that provide the redundancy. RAID-Z VDEVs cannot be changed once they are created. You can replace each disk individually, and the VDEV will grow to its new larger size, but you cannot add additional disks to a RAID-Z VDEV\u003c/li\u003e\n\u003cli\u003eAt this point, your option is to add an additional VDEV, although best practises dictate that the new VDEV should use an equal number of disks, to avoid uneven performance\u003c/li\u003e\n\u003cli\u003eSo, if you started with a 6 disk RAID-Z2, having to add 6 more disks to grow the pool does seem excessive\u003c/li\u003e\n\u003cli\u003eFor the best flexibility, use mirrors. If you had used 6 disks as 3 mirrors of 2 disks each, you could then just add 2 more disks at a time. The downside is that using 2TB disks, you’d only have 6TB of usable space, versus the 8TB you would get from those disks in a RAID-Z2\u003c/li\u003e\n\u003cli\u003eThis is the trade-off, mirrors give you better performance and flexibility, but less space efficiency\u003c/li\u003e\n\u003cli\u003eIt is important to note that the diagrams in this article make it appear as if all parity information is stored on specific drives. In ZFS parity is spread across all drives. Often times, the data written to the drive is not of a size that can evenly be split across all drives, so the data actually ends up \u003ca href=\"http://blog.delphix.com/matt/files/2014/06/RAIDZ.png\" rel=\"nofollow\"\u003elooking like this\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe errors as I see it in the original article are:\n\n\u003cul\u003e\n\u003cli\u003eIt notes that the hidden cost of ZFS is that if you add a second RAID-Z VDEV, you will have a whole second set of parity drives. While this is a cost, it is the cost of making sure your data is safe. If you had an array with more than 12 drives, it is likely that you would to be able to withstand the failure of the larger number of drives\u003c/li\u003e\n\u003cli\u003eThe article does not consider the resilver time. If you did create a configuration with a very wide RAID-Z stripe, the failure of a disk would leave the pool degraded for a much longer time, leaving your pool at risk for that longer period.\u003c/li\u003e\n\u003cli\u003eThe article does not consider performance. Two RAID-Z2 VDEVs of 6 disks each will give much better performance than a single VDEV of 10 or 12 disks, especially when it comes to IOPS.\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=293001\" rel=\"nofollow\"\u003eZFS Boot Enviroments now availble in the FreeBSD bootloader\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s been in phabricator for a while (and PC-BSD), but the support for Boot-Environments has now landed upstream in -CURRENT\u003c/li\u003e\n\u003cli\u003eThis work was helped by cross-project collaboration when an IllumOS Developer, Toomas Soome, started porting the FreeBSD loader to IllumOS to replace GRUB there\u003c/li\u003e\n\u003cli\u003eThis gives Beastie menu the ability to look at the ZFS disk, and dynamically list boot-environments that it finds. (Much nicer than GRUB, which required a pre-written configuration file)\u003c/li\u003e\n\u003cli\u003eThis work was extended further, when Toomas Soome also ported the \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=293233\" rel=\"nofollow\"\u003eBeastie Menu to the UEFI loader\u003c/a\u003e which is now \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=293234\" rel=\"nofollow\"\u003eenabled by default for UEFI\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAll of these changes are scheduled to be merged back in time for FreeBSD 10.3 as well.\u003c/li\u003e\n\u003cli\u003eThere is also a patch being worked on to \u003ca href=\"https://reviews.freebsd.org/D4515\" rel=\"nofollow\"\u003esupport booting from ZFS in UEFI\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eThis is exciting times for doing neat things with ZFS on root, these plus Allans forthcoming \u003ca href=\"https://reviews.freebsd.org/D4593\" rel=\"nofollow\"\u003eGELI support\u003c/a\u003e will negate the necessity for GRUB on PC-BSD for example (Kris is very happy)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Josh Paetzel - \u003ca href=\"mailto:email@email\" rel=\"nofollow\"\u003eemail@email\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdunix4ever\" rel=\"nofollow\"\u003e@bsdunix4ever\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eZFS Support\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://retrobsd.org/viewtopic.php?f=1\u0026t=37470\" rel=\"nofollow\"\u003eRetroBSD being tested on ESP32\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore hardware news for RetroBSD and LiteBSD\u003c/li\u003e\n\u003cli\u003eI don’t know much about this hardware, but there is a lot of discussion in the forum threads about it\u003c/li\u003e\n\u003cli\u003eNot sure what you are supposed to accomplish with only 400kb of ram\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hackaday.com/2016/01/04/litebsd-brings-4-4bsd-to-pic32/\" rel=\"nofollow\"\u003eLITEBSD Brings 4.4BSD to PIC32\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt is interesting to see these super-small boards with only 512kb of memory, but will crypto offload support\u003c/li\u003e\n\u003cli\u003eIt is also interesting to see talk of 140mbps WiFi, can the processor actually handle that much traffic?\n\u003ca href=\"http://thevarguy.com/open-source-application-software-companies/bsd-unix-os-resurrected-embedded-iot-market\" rel=\"nofollow\"\u003eBSD Unix-like OS is Resurrected for Embedded IoT Market\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelated to the above stories, we also have an article about BSD making a resurgence on various Internet of things devices, which mentions both RetroBSD and LiteBSD\u003c/li\u003e\n\u003cli\u003eThe article mentions that this is an exciting development for embedded vars who now have an alternative licensed open-source OS to potentially use\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2015-12-31/introducing-hardenedbsds-new-binary-updater\" rel=\"nofollow\"\u003eHardenedBSD’s new Binary Updater\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt looks like there is now another way to update your FreeBSD(hardened) system\u003c/li\u003e\n\u003cli\u003eThe post by Shawn Web, details how the new updater will work in future releases of HBSD\u003c/li\u003e\n\u003cli\u003e Right now it looks fairly straight-forward, creating both the base.txz and kernel.txz, along with some data for etcupdate\u003c/li\u003e\n\u003cli\u003eIt includes a nice option for the kernel name in the update, allowing different kernels to be installed / updated at will\u003c/li\u003e\n\u003cli\u003eEverything is cryptographically signed and verified using the base system openssl\u003c/li\u003e\n\u003cli\u003eThe build system is fairly simple, only requiring “sh/git/openssl” to create the binary updates\u003c/li\u003e\n\u003cli\u003ePlanned features also include updating of jails, and ZFS boot-environments\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://functionallyparanoid.com/2016/01/02/sometimes-processors-need-love-too/\" rel=\"nofollow\"\u003eSometimes, processors need (BSD) love too\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a blog post from Brian Everly, talking about his long journey into legacy processors and the plans for the future to work on better supporting them on OpenBSD ports\u003c/li\u003e\n\u003cli\u003eHe begins with the story of his UNIX journey to today, and why this fostered his love for many of these old (and not so old) architectures, such as Sparc64, PPC32, i386.\u003c/li\u003e\n\u003cli\u003eThis journey ended up with the purchase of some legacy hardware (ebay is your friend), and the creation of a database listing the major port blockers on each platform\u003c/li\u003e\n\u003cli\u003eThis is the great kind of thing folks can do to step up and help a project, even as a weekend hobby it’s great to run some hardware and help test / fix up issues that other developers maybe don’t interact with as much anymore. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2510\" rel=\"nofollow\"\u003eThe standard MWL disclaimer\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.pcbsd.org/pipermail/testing/2016-January/010350.html\" rel=\"nofollow\"\u003ePC-BSD 11.0-CURRENTJAN2016 Available\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/tech-pkg/2015/12/28/msg016193.html\" rel=\"nofollow\"\u003eNetBSD pkgsrc-2015Q3 statistics\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/tech-pkg/2016/01/01/msg016213.html\" rel=\"nofollow\"\u003eNetBSD pkgsrc-2015Q4 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/reproducible_builds_conference_in_athens\" rel=\"nofollow\"\u003eFirst Reproducible builds conference in Athens\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.theregister.co.uk/2016/01/06/thinkpad_designer_obituary\" rel=\"nofollow\"\u003eThe creator of the original ThinkPad design passes away \u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s213iCKLwn\" rel=\"nofollow\"\u003e Andrew - High Contrast\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21ClGePLP\" rel=\"nofollow\"\u003e John - FreeNAS followup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21527pkO1\" rel=\"nofollow\"\u003e Giorgio - Custom Install\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2jOlCsjkU\" rel=\"nofollow\"\u003e Don - ZFS Slowdowns\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21uaB0FDU\" rel=\"nofollow\"\u003e Fred - Dual Boot PC-BSD/Linux\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we will be talking shop with Josh Paetzel of FreeNAS fame, hearing about his best do’s and do-nots of using ZFS in production. Also, a quick","date_published":"2016-01-06T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f2ccc8f8-3740-4e85-995f-cdf83d7f795f.mp3","mime_type":"audio/mpeg","size_in_bytes":87151828,"duration_in_seconds":7262}]},{"id":"a7a3ccc1-f728-4364-b18d-f351af30438b","title":"122: The BSD Black Box","url":"https://www.bsdnow.tv/122","content_text":"This week on the show, we will be interviewing Alex Rosenberg, to\n\nThis episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nLife with an OpenBSD Laptop: A UNIX-lover's tale of migrating away from the Mac. The Good, The Bad, The Ugly\n\n\nOpenBSD user Isaac (.ike) Levy details his switch from a Mac to an OpenBSD laptop\nHe covers a bit about selecting hardware and dealing with wifi\nTalks about binary packages and system upgrades\nTalks about power management, suspend/resume, battery life\nShow screenshots of some of his favourite window managers\nBrowsers and email clients are also discussed\nThings he found missing in OpenBSD:\n\n\nA journaling file system, every unclean shutdown means a full fsck(1)\nUTF-8/unicode was not everywhere\nSyncing pictures and contacts to his phone\nDrawing tools\n***\n\n\n\nDragonFlyBSD matches its Intel kernel graphics driver against Linux 4.0\n\n\nThe DragonFlyBSD DRM stack continues to rapidly advance, now bringing in support from Linux 4.0!\nSome of the notable features:\nBasic Skylake support\n\n\nPanel Self-Refresh (PSR) now supported on Valleyview and Cherryview\nPreparations for atomic display updates\nPerformance improvements on various GPU families, including Cherryview, Broadwell and Haswell\nGPU frequencies are now kept at a minimum of 450MHz when possible on Haswell and Broadwell, ensuring a minimum experience level for various types of workloads\nImproved reset support for gen3/4 GPUs, which should fix some OpenGL crashes on Core 2 and pre-2012 Atom machine\nBetter sound/graphics driver synchronization for audio over hdmi support\nAs usual, small bugfixes and stability improvements here and there\n***\n\n\n\nA BSD Wish List for 2016\n\n\nLarry over at Foss Force brings us his wish list for BSD support in 2016. \nSince he has converted most of his daily desktop usage to PC-BSD, he is specifically wanting support for some desktop applications. Namely Google hangouts and Spotify. \nThis is something which has come up periodically among the PC-BSD community. At the moment most users are dual-booting or using alternatives, like WebRTC. However the Google Hangouts plugin is available for Linux, and perhaps this will encourage some developers to see if we can get it running with the newer Linux stack on -CURRENT. \nSpotify also has a native Linux version, which may need testing on FreeBSD - CURRENT. It may be closer now, and should be updated on the Wanted Ports Page\nhttps://wiki.freebsd.org/WantedPorts \n***\n\n\nHard Float API coming soon by default to armv6\n\n\nWarner Losh talks about upcoming changes to armv6 on FreeBSD \n“All the CPUs that FreeBSD supports have hard floating point in them. We've supported hard float for quite some time in the FreeBSD kernel. However, by default, we still use a soft-float ABI.”\nFirst, “A new armv6hf (architecture) was created, but that caused some issues with some ports, and the meaning of 'soft float' sadly was ambiguous between the soft-float ABI, and the soft-float libraries that implement floating point when there's no hardware FPU”\n“Over the spring and summer, I fixed ld.so so that it  can load both soft ABI and hard ABI libraries on the same system, depending on markings in the binaries themselves. Soft float ABI and hard float ABI binaries have different flags in the ELF headers, so it is relatively straightforward to know which is which.”\n“So, in the coming days, I'll commit the first set of changes to move to armv6 as a hard float ABI by default. The kernel doesn't care: it can execute both. The new ld.so will allow you to transition through this change by allowing old, compat soft ABI libraries to co-exist on the system with new hard ABI libraries. This change alone isn't enough, but it will be good to get it out into circulation.”\n“armv6hf will be removed before FreeBSD 11”\nA LIBSOFT will be created, similar in concept to the LIB32 available on AMD64\n***\n\n\nInterview - Alex Rosenberg - alexr@leftfield.org / @alexr\n\n\nFormer Manager of Platform Architecture at Sony\n***\n\n\nBeastie Bits\n\n\nTuesday, Dec 20, 2005 was the release date of the very first bsdtalkpodcast\nPatch: Server side support for TCP FastOpen  \nLearn to tame OpenBSD quickly\nHardware Accerated iSCSI lands in FreeBSD  \nSettings for full HD resolution on DragonFlyBSD under QEMU/KVM, thanks to reddit user Chapo_Rouge\nPatch: An IllumOS developer has been porting the FreeBSD boot loader to replace their old version of GRUB. In doing so, he has also made improvements to the block caching in the boot loader  \nA FreeBSD user working at Microsoft talks about Microsoft’s shift to Open Source  \nBSDCG Exam Session at FOSDEM'16\nSchedule for the BSD devroom at FOSDEM'16\nOpenBSD snapshots are now 5.9\nNotes on making BSD grep faster  \nIntel’s Platform Application Engineering (PAE) group within the Networking Division (ND) is looking for a Network Software Engineer \nDid you watch Die Hard at Christmas? Get the Die Hard FreeBSD boot screen: install this file in /boot and set loader_logo=\"tribute\" in /boot/loader.conf  \n\n\n\n\nFeedback/Questions\n\n\n Jeremy - ZFS without root \n Dan - Getting PC-BSD Media\n Chris - VMs and FreeBSD \n Ben - Haswell and IRC \n\n\nInstructions for trying the Haswell patch\n\n Matt - Donation to foundation \n***\n","content_html":"\u003cp\u003eThis week on the show, we will be interviewing Alex Rosenberg, to\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.nycbug.org/event/10356/openbsd_laptop_nycbug_2015.pdf\" rel=\"nofollow\"\u003eLife with an OpenBSD Laptop: A UNIX-lover\u0026#39;s tale of migrating away from the Mac. The Good, The Bad, The Ugly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD user Isaac (.ike) Levy details his switch from a Mac to an OpenBSD laptop\u003c/li\u003e\n\u003cli\u003eHe covers a bit about selecting hardware and dealing with wifi\u003c/li\u003e\n\u003cli\u003eTalks about binary packages and system upgrades\u003c/li\u003e\n\u003cli\u003eTalks about power management, suspend/resume, battery life\u003c/li\u003e\n\u003cli\u003eShow screenshots of some of his favourite window managers\u003c/li\u003e\n\u003cli\u003eBrowsers and email clients are also discussed\u003c/li\u003e\n\u003cli\u003eThings he found missing in OpenBSD:\n\n\u003cul\u003e\n\u003cli\u003eA journaling file system, every unclean shutdown means a full fsck(1)\u003c/li\u003e\n\u003cli\u003eUTF-8/unicode was not everywhere\u003c/li\u003e\n\u003cli\u003eSyncing pictures and contacts to his phone\u003c/li\u003e\n\u003cli\u003eDrawing tools\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-December/459067.html\" rel=\"nofollow\"\u003eDragonFlyBSD matches its Intel kernel graphics driver against Linux 4.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe DragonFlyBSD DRM stack continues to rapidly advance, now bringing in support from Linux 4.0!\u003c/li\u003e\n\u003cli\u003eSome of the notable features:\u003c/li\u003e\n\u003cli\u003eBasic Skylake support\u003cbr\u003e\n\n\u003cul\u003e\n\u003cli\u003ePanel Self-Refresh (PSR) now supported on Valleyview and Cherryview\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003ePreparations for atomic display updates\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003ePerformance improvements on various GPU families, including Cherryview, Broadwell and Haswell\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eGPU frequencies are now kept at a minimum of 450MHz when possible on Haswell and Broadwell, ensuring a minimum experience level for various types of workloads\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eImproved reset support for gen3/4 GPUs, which should fix some OpenGL crashes on Core 2 and pre-2012 Atom machine\u003c/li\u003e\n\u003cli\u003eBetter sound/graphics driver synchronization for audio over hdmi support\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eAs usual, small bugfixes and stability improvements here and there\n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://fossforce.com/2015/12/bsd-wish-list-2016/\" rel=\"nofollow\"\u003eA BSD Wish List for 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLarry over at Foss Force brings us his wish list for BSD support in 2016. \u003c/li\u003e\n\u003cli\u003eSince he has converted most of his daily desktop usage to PC-BSD, he is specifically wanting support for some desktop applications. Namely Google hangouts and Spotify. \u003c/li\u003e\n\u003cli\u003eThis is something which has come up periodically among the PC-BSD community. At the moment most users are dual-booting or using alternatives, like WebRTC. However the Google Hangouts plugin is available for Linux, and perhaps this will encourage some developers to see if we can get it running with the newer Linux stack on -CURRENT. \u003c/li\u003e\n\u003cli\u003eSpotify also has a native Linux version, which may need testing on FreeBSD - CURRENT. It may be closer now, and should be updated on the Wanted Ports Page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/WantedPorts\" rel=\"nofollow\"\u003ehttps://wiki.freebsd.org/WantedPorts\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdimp.blogspot.com/2015/12/hard-float-api-coming-soon-by-default.html\" rel=\"nofollow\"\u003eHard Float API coming soon by default to armv6\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWarner Losh talks about upcoming changes to armv6 on FreeBSD \u003c/li\u003e\n\u003cli\u003e“All the CPUs that FreeBSD supports have hard floating point in them. We\u0026#39;ve supported hard float for quite some time in the FreeBSD kernel. However, by default, we still use a soft-float ABI.”\u003c/li\u003e\n\u003cli\u003eFirst, “A new armv6hf (architecture) was created, but that caused some issues with some ports, and the meaning of \u0026#39;soft float\u0026#39; sadly was ambiguous between the soft-float ABI, and the soft-float libraries that implement floating point when there\u0026#39;s no hardware FPU”\u003c/li\u003e\n\u003cli\u003e“Over the spring and summer, I fixed ld.so so that it  can load both soft ABI and hard ABI libraries on the same system, depending on markings in the binaries themselves. Soft float ABI and hard float ABI binaries have different flags in the ELF headers, so it is relatively straightforward to know which is which.”\u003c/li\u003e\n\u003cli\u003e“So, in the coming days, I\u0026#39;ll commit the first set of changes to move to armv6 as a hard float ABI by default. The kernel doesn\u0026#39;t care: it can execute both. The new ld.so will allow you to transition through this change by allowing old, compat soft ABI libraries to co-exist on the system with new hard ABI libraries. This change alone isn\u0026#39;t enough, but it will be good to get it out into circulation.”\u003c/li\u003e\n\u003cli\u003e“armv6hf will be removed before FreeBSD 11”\u003c/li\u003e\n\u003cli\u003eA LIBSOFT will be created, similar in concept to the LIB32 available on AMD64\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Alex Rosenberg - \u003ca href=\"mailto:alexr@leftfield.org\" rel=\"nofollow\"\u003ealexr@leftfield.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/alexr\" rel=\"nofollow\"\u003e@alexr\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eFormer Manager of Platform Architecture at Sony\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2005/12/bsdtalk001-intro-to-bsd.html\" rel=\"nofollow\"\u003eTuesday, Dec 20, 2005 was the release date of the very first bsdtalkpodcast\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://reviews.freebsd.org/D4350\" rel=\"nofollow\"\u003ePatch: Server side support for TCP FastOpen \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://www.openbsdjumpstart.org/\" rel=\"nofollow\"\u003eLearn to tame OpenBSD quickly\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=292740\" rel=\"nofollow\"\u003eHardware Accerated iSCSI lands in FreeBSD \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.reddit.com/r/dragonflybsd/comments/3x4n7u/psa_1920x1080_on_dragonflybsd_44_under_qemukvm/\" rel=\"nofollow\"\u003eSettings for full HD resolution on DragonFlyBSD under QEMU/KVM, thanks to reddit user Chapo_Rouge\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://reviews.freebsd.org/D4713\" rel=\"nofollow\"\u003ePatch: An IllumOS developer has been porting the FreeBSD boot loader to replace their old version of GRUB. In doing so, he has also made improvements to the block caching in the boot loader \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blog.teleri.net/open-microsoft/\" rel=\"nofollow\"\u003eA FreeBSD user working at Microsoft talks about Microsoft’s shift to Open Source \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://fosdem.org/2016/schedule/event/cert_bsdcg/\" rel=\"nofollow\"\u003eBSDCG Exam Session at FOSDEM\u0026#39;16\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://fosdem.org/2016/schedule/track/bsd/\" rel=\"nofollow\"\u003eSchedule for the BSD devroom at FOSDEM\u0026#39;16\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=145055446007162\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD snapshots are now 5.9\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://blog.erratasec.com/2015/12/some-notes-on-fast-grep.html#.VoQKD1JSRhx\" rel=\"nofollow\"\u003eNotes on making BSD grep faster \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www-ssl.intel.com/content/www/us/en/jobs/job-search/js2.html?job=782165\u0026src=ML-12080\" rel=\"nofollow\"\u003eIntel’s Platform Application Engineering (PAE) group within the Networking Division (ND) is looking for a Network Software Engineer\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://locheil.shxd.cx/logo-tribute.4th\" rel=\"nofollow\"\u003eDid you watch Die Hard at Christmas? Get the Die Hard FreeBSD boot screen: install this file in /boot and set loader_logo=\u0026quot;tribute\u0026quot; in /boot/loader.conf \u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20CTqtEan\" rel=\"nofollow\"\u003e Jeremy - ZFS without root\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20sNPoDm5\" rel=\"nofollow\"\u003e Dan - Getting PC-BSD Media\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2hjsVgGBK\" rel=\"nofollow\"\u003e Chris - VMs and FreeBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21pwYOTHi\" rel=\"nofollow\"\u003e Ben - Haswell and IRC\u003c/a\u003e \n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/Graphics/Update%20i915%20GPU%20driver%20to%20Linux%203.8\" rel=\"nofollow\"\u003eInstructions for trying the Haswell patch\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20vifHCyc\" rel=\"nofollow\"\u003e Matt - Donation to foundation\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we will be interviewing Alex Rosenberg, to","date_published":"2015-12-30T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a7a3ccc1-f728-4364-b18d-f351af30438b.mp3","mime_type":"audio/mpeg","size_in_bytes":86202628,"duration_in_seconds":8620}]},{"id":"5b75bf88-8fe1-4fb0-a9c3-b66fb7e3fe1e","title":"121: All your hyves are belong to us","url":"https://www.bsdnow.tv/121","content_text":"This week on the show, we are going to be talking to Trent Thompson,\n\nThis episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nReview: Guarding the gates with OpenBSD 5.8\n\n\nJesse Smith over at DistroWatch treats us this week to a nice review of OpenBSD 5.8, which may be a good introduction for the uninitiated to learn more+ He first walks through some of the various highlights of 5.8, and spends time introducing the reader to a number of the projects that originate from OpenBSD, such as LibreSSL, OpenSSH, doas, the new “file” implementation and WX support on i386. \nThe article then walks through his impressions of performing a fresh install of 5.8, and then getting up and running in X. \nHe mentions that you may want to check the installation defaults, since on his 8GB VM disk, it didn’t leave enough room for packages on the /usr partition. \nIt also includes a nice heads-up for new users about using the pkg_add command, and where / how you can set the initial repository mirror address. \nThe “doas” command was also praised:“I found I very much appreciated the doas command, its documentation and configuration file. The doas configuration file is much easier to read than sudo's and the available options are well explained. The doas command allowed me to assign root access to a user given the proper password and doas worked as advertised.”\nA glowing summary as well:“OpenBSD may be very secure, but I think what sets the operating system apart are its documentation and clean system design. It is so easy to find things and understand the configuration of an OpenBSD system. The file system is organized in a clean and orderly manner. It always takes me a while to get accustomed to using OpenBSD, as for me it is a rare occurrence, but once I get settled in I like how straight forward everything is. I can usually find and configure anything on the system without referring to external documents or searching for answers on-line and that is quite an accomplishment for an operating system where virtually everything is done from the command line. “\n***\n\n\nOpenBSD Hackathon Reports\n\n\nAlexander Bluhm: multiprocessor networking  \n“The next step, we are currently working on, is to remove the big kernel lock from forwarding and routing. mpi@ has been doing this for a long time, but some corner cases were still left. I have written a regression test for handling ARP packets to show that all cases including proxy ARP are still working. Another thing that may happen with lock-free routing is that the interface is destroyed on one CPU while another CPU is working with a route to that interface. We finally got this resolved. The code that destroys the interface has to wait until all routes don't use this interface anymore. I moved the sleep before the destruction of the interface is started, so that the routes can always operate on a completely valid interface structure.”\nVincent Gross: ifa_ifwithaddr()  \nVincent worked on the function that finds the interface with the specified address, which is used to tell if the machine is the intended recipient of an incoming packet. A number of corner cases existed with broadcast addresses, especially if two interfaces were in the same subnet. This code was moved to the new in_broadcast()\nKen Westerback: fdisk, installbot, and dhclient \nReyk Floeter: Hosting a hackathon, vmd, vmctl  \n“When I heard that Martin Pieuchot (mpi@) was looking for a place to hold another mini-hackathon for three to four people to work on multiprocessor (MP) enhancements of the network stack, I offered to come to our work place in Hannover, Northern Germany. We have space, gear, fast Internet and it is easy to reach for the involved people. Little did I know that it would quickly turn into n2k15, a network hackathon with 20 attendees from all over the world”\n“If you ever hosted such an event or a party for many guests, you will know the dilemma of the host: you’re constantly concerned about your guests enjoying it, you have to take care about many trivial things, other things will break, and you get little to no time to attend or even enjoy it yourself. Fortunately, I had very experienced and welcomed guests: only one vintage table and a vase broke – the table can be fixed – and I even found some time for hacking myself.”\nMartin Pieuchot: MP networking  \n“ We found two kind of MP bugs! There are MP bugs that you fix without even understanding them, and there are MP bugs that you understand but can't fix”\nStefan Sperling: initial 802.11n support  \n***\n\n\nHacking the PS4\n\n\nAs a followup to the story last week about the PS4 being “jailbroken”, we have a link to further information about how far this project has come along\nThis article also provides some great background information about whats running under the hood of your PS4, including FreeBSD 9, Mono VM and WebKit, with WebKit being the primary point of entry to jailbreak the box. \nOne particular point of interest, was the revelation that early firmware versions did not include ASLR, but it appears ASLR was added sometime around firmware 1.70. (Wonder if they used HardenedBSD’s implementation), and how they can bypass it entirely. “Luckily for us, we aren't limited to just writing static ROP chains. We can use JavaScript to read the modules table, which will tell us the base addresses of all loaded modules. Using these bases, we can then calculate the addresses of all our gadgets before we trigger ROP execution, bypassing ASLR.“\nThe article also mentions that they can prove that jails are used in some fashion, and provides examples of how they can browse the file system and dump a module list.\nThe kernel exploit in question is SA-15:21 from August of this year. The jailbreaking appears to be against an older version of PS4 firmware that did not include this patch\n***\n\n\nNokia and ARM leading the charge to implement better TCP/IP as part of the 5G standard \n\n\n“Many believe that a critical success factor for 5G will be a fully revamped TCP/IP stack, optimized for the massively varied use cases of the next mobile generation, for cloud services, and for virtualization and software-defined networking (SDN). This is the goal of the new OpenFastPath (OFP) Foundation, founded by Nokia Networks, ARM and industrial IT services player Enea. This aims to create an open source TCP/IP stack which can accelerate the move towards SDN in carrier and enterprise networks. Other sign-ups include AMD, Cavium, Freescale, Hewlett Packard Enterprise and the ARM-associated open source initiative, Linaro.”\n“The new fast-path TCP/IP stack will be based on the open source FreeBSD operating system”\nThe general idea is to have a fast, open source, user space networking stack, based on the FreeBSD stack\nwith an “optimised callback-based zero-copy socket API” to keep packet processing in user-space as far as possible\nIt will be interesting to see a little bit more FreeBSD getting into every mobile and cloud based device.\n***\n\n\nInterview - Trent Thompson - [trentnthompson@gmail.com](trentnthompson@gmail.com) / @pr1ntf\n\n\niohyve\n***\n\n\nNews Roundup\n\nFirst cut of the FreeBSD modularized TCP stack \n\n\nFreeBSD now has more than one TCP stack, and better yet, you can use more than one at once\nEach socket pcb is associated with a stack, and it is possible to select a non-default stack with a socket option, so you can make a specific application use an experimental stack, while still defaulting to the known-good stack\nThis should lead to a lot of interesting development and testing, without the level of risk usually associated with modifying the TCP stack\nThe first new module available is ‘fastpath’, which may relate to the Nokia story earlier in the show\nThere are also plans to support changing TCP stacks after establish a session, which might land as early as January\n***\n\n\nFaces of FreeBSD : Erin Clark\n\n\nIn this edition of “Faces of FreeBSD” the FreeBSD foundation gives us an introduction to Erin Clark, of our very own iXsystems!\nHer journey to the BSD family may sound similar to a lot of ours. She first began using Linux / Slackware in the early 2000’s, but in 2009 a friend introduced her to FreeBSD and the rest, as they say, is history. \n“I use FreeBSD because it is very solid and secure and has a great selection of open source software that can be used with it from the ports collection.  I have always appreciated FreeBSD’s networking stack because it makes a great router or network appliance.  FreeBSD’s use of the ZFS file system is also very nice - ZFS snapshots definitely saved me a few times.  I also like that FreeBSD is very well documented; almost everything you need to know about working with FreeBSD can be found in the FreeBSD Handbook.”\nOriginally a sys admin at iXsystems, where she helped managed PC-BSD desktops among others, now she works on the FreeNAS project as a developer for the CLI interface functionality. \n***\n\n\nNew Olimex board runs Unix\n\n\nLooking for some small / embedded gear to mess around with? The Olimex folks have a new Pic32 system now available which runs “RetroBSD”\n“The current target is Microchip PIC32 microcontroller with 128 kbytes of RAM and 512 kbytes of Flash. PIC32 processor has MIPS M4K architecture, executable data memory and flexible RAM partitioning between user and kernel modes.”\nRetroBSD isn’t something we’ve covered extensively here on BSDNow, so to bring you up to speed, it is a port of 2.11 BSD\nTheir website lists the following features of this 2.11 refresh:“\nSmall resource requirements. RetroBSD needs only 128 kbytes of RAM to be up and running user applications.\nMemory protection. Kernel memory is fully protected from user application using hardware mechanisms.\nOpen functionality. Usually, user application is fixed in Flash memory - but in case of RetroBSD, any number of applications could be placed into SD card, and run as required.\nReal multitasking. Standard POSIX API is implemented (fork, exec, wait4 etc).\nDevelopment system on-board. It is possible to have C compiler in the system, and to recompile the user application (or the whole operating system) when needed.“\nFor those looking into BSD history, or wanting something small and exotic to play with this may fit the bill nicely. \n***\n\n\nOpenSource.com reviews PCBSD \n\n\nJoshua over at opensource.com writes up a review of PC-BSD (10.2 we assume)\nSome of the highlights mentioned, include the easy to use graphical installer, but he does mention we should update the sorting of languages. (Good idea!)\nAlong with including nice screenshots, it also covers the availability of various DE’s / WM’s, and talks a fair amount about the AppCafe and Control Panel utilities. \n“Thanks to being featured on PC-BSD's desktop, the PC-BSD Handbook is easily located by even the most novice user. There is no need to search through the system's installed applications for a manual, or relying solely on the help documentation for individual components. While not comprehensive, PC-BSD's handbook does a good job as striking a balance between concise and thorough. It contains enough information to help and provides detailed instructions for the topics it covers, but it avoids providing so much information that it overwhelms”\n***\n\n\nBeastieBits\n\nGandi introduces support for FreeBSD on their IaaS platform, with both ZFS and UFS based images available  \n\nFunny commit message from the Linux kernel  \n\nFreeBSD Journal, Nov/Dec 2015  \n\n\n\nFeedback/Questions\n\n\n Zafer - NetBSD on DO \n Richard - FreeNAS Replication \n Winston - Android ADP \n Alex - Multiple Domains \n Randy - Getting Involved \n Craig - zprezto \n***\n","content_html":"\u003cp\u003eThis week on the show, we are going to be talking to Trent Thompson,\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://distrowatch.com/weekly.php?issue=20151207#openbsd\" rel=\"nofollow\"\u003eReview: Guarding the gates with OpenBSD 5.8\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJesse Smith over at DistroWatch treats us this week to a nice review of OpenBSD 5.8, which may be a good introduction for the uninitiated to learn more+ He first walks through some of the various highlights of 5.8, and spends time introducing the reader to a number of the projects that originate from OpenBSD, such as LibreSSL, OpenSSH, doas, the new “file” implementation and W\u003csup\u003eX\u003c/sup\u003e support on i386. \u003c/li\u003e\n\u003cli\u003eThe article then walks through his impressions of performing a fresh install of 5.8, and then getting up and running in X. \u003c/li\u003e\n\u003cli\u003eHe mentions that you may want to check the installation defaults, since on his 8GB VM disk, it didn’t leave enough room for packages on the /usr partition. \u003c/li\u003e\n\u003cli\u003eIt also includes a nice heads-up for new users about using the pkg_add command, and where / how you can set the initial repository mirror address. \u003c/li\u003e\n\u003cli\u003eThe “doas” command was also praised:“I found I very much appreciated the doas command, its documentation and configuration file. The doas configuration file is much easier to read than sudo\u0026#39;s and the available options are well explained. The doas command allowed me to assign root access to a user given the proper password and doas worked as advertised.”\u003c/li\u003e\n\u003cli\u003eA glowing summary as well:“OpenBSD may be very secure, but I think what sets the operating system apart are its documentation and clean system design. It is so easy to find things and understand the configuration of an OpenBSD system. The file system is organized in a clean and orderly manner. It always takes me a while to get accustomed to using OpenBSD, as for me it is a rare occurrence, but once I get settled in I like how straight forward everything is. I can usually find and configure anything on the system without referring to external documents or searching for answers on-line and that is quite an accomplishment for an operating system where virtually everything is done from the command line. “\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eOpenBSD Hackathon Reports\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151212192918\" rel=\"nofollow\"\u003eAlexander Bluhm: multiprocessor networking \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e“The next step, we are currently working on, is to remove the big kernel lock from forwarding and routing. mpi@ has been doing this for a long time, but some corner cases were still left. I have written a regression test for handling ARP packets to show that all cases including proxy ARP are still working. Another thing that may happen with lock-free routing is that the interface is destroyed on one CPU while another CPU is working with a route to that interface. We finally got this resolved. The code that destroys the interface has to wait until all routes don\u0026#39;t use this interface anymore. I moved the sleep before the destruction of the interface is started, so that the routes can always operate on a completely valid interface structure.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151215150708\" rel=\"nofollow\"\u003eVincent Gross: ifa_ifwithaddr() \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eVincent worked on the function that finds the interface with the specified address, which is used to tell if the machine is the intended recipient of an incoming packet. A number of corner cases existed with broadcast addresses, especially if two interfaces were in the same subnet. This code was moved to the new in_broadcast()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151216192843\" rel=\"nofollow\"\u003eKen Westerback: fdisk, installbot, and dhclient\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151217134417\" rel=\"nofollow\"\u003eReyk Floeter: Hosting a hackathon, vmd, vmctl \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e“When I heard that Martin Pieuchot (mpi@) was looking for a place to hold another mini-hackathon for three to four people to work on multiprocessor (MP) enhancements of the network stack, I offered to come to our work place in Hannover, Northern Germany. We have space, gear, fast Internet and it is easy to reach for the involved people. Little did I know that it would quickly turn into n2k15, a network hackathon with 20 attendees from all over the world”\u003c/li\u003e\n\u003cli\u003e“If you ever hosted such an event or a party for many guests, you will know the dilemma of the host: you’re constantly concerned about your guests enjoying it, you have to take care about many trivial things, other things will break, and you get little to no time to attend or even enjoy it yourself. Fortunately, I had very experienced and welcomed guests: only one vintage table and a vase broke – the table can be fixed – and I even found some time for hacking myself.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151218175010\" rel=\"nofollow\"\u003eMartin Pieuchot: MP networking \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e“ We found two kind of MP bugs! There are MP bugs that you fix without even understanding them, and there are MP bugs that you understand but can\u0026#39;t fix”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151219160501\" rel=\"nofollow\"\u003eStefan Sperling: initial 802.11n support \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://cturt.github.io/ps4.html\" rel=\"nofollow\"\u003eHacking the PS4\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs a followup to the story last week about the PS4 being “jailbroken”, we have a link to further information about how far this project has come along\u003c/li\u003e\n\u003cli\u003eThis article also provides some great background information about whats running under the hood of your PS4, including FreeBSD 9, Mono VM and WebKit, with WebKit being the primary point of entry to jailbreak the box. \u003c/li\u003e\n\u003cli\u003eOne particular point of interest, was the revelation that early firmware versions did not include ASLR, but it appears ASLR was added sometime around firmware 1.70. (Wonder if they used HardenedBSD’s implementation), and how they can bypass it entirely. “Luckily for us, we aren\u0026#39;t limited to just writing static ROP chains. We can use JavaScript to read the modules table, which will tell us the base addresses of all loaded modules. Using these bases, we can then calculate the addresses of all our gadgets before we trigger ROP execution, bypassing ASLR.“\u003c/li\u003e\n\u003cli\u003eThe article also mentions that they can prove that jails are used in some fashion, and provides examples of how they can browse the file system and dump a module list.\u003c/li\u003e\n\u003cli\u003eThe kernel exploit in question is \u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc\" rel=\"nofollow\"\u003eSA-15:21\u003c/a\u003e from August of this year. The jailbreaking appears to be against an older version of PS4 firmware that did not include this patch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.theregister.co.uk/2015/12/14/nokia_and_arm_bid_reinvent_tcpip_stack_5g/?page=1\" rel=\"nofollow\"\u003eNokia and ARM leading the charge to implement better TCP/IP as part of the 5G standard \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Many believe that a critical success factor for 5G will be a fully revamped TCP/IP stack, optimized for the massively varied use cases of the next mobile generation, for cloud services, and for virtualization and software-defined networking (SDN). This is the goal of the new OpenFastPath (OFP) Foundation, founded by Nokia Networks, ARM and industrial IT services player Enea. This aims to create an open source TCP/IP stack which can accelerate the move towards SDN in carrier and enterprise networks. Other sign-ups include AMD, Cavium, Freescale, Hewlett Packard Enterprise and the ARM-associated open source initiative, Linaro.”\u003c/li\u003e\n\u003cli\u003e“The new fast-path TCP/IP stack will be based on the open source FreeBSD operating system”\u003c/li\u003e\n\u003cli\u003eThe general idea is to have a fast, open source, user space networking stack, based on the FreeBSD stack\u003c/li\u003e\n\u003cli\u003ewith an “optimised callback-based zero-copy socket API” to keep packet processing in user-space as far as possible\u003c/li\u003e\n\u003cli\u003eIt will be interesting to see a little bit more FreeBSD getting into every mobile and cloud based device.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Trent Thompson - [\u003ca href=\"mailto:trentnthompson@gmail.com\" rel=\"nofollow\"\u003etrentnthompson@gmail.com\u003c/a\u003e](\u003ca href=\"mailto:trentnthompson@gmail.com\" rel=\"nofollow\"\u003etrentnthompson@gmail.com\u003c/a\u003e) / \u003ca href=\"https://twitter.com/pr1ntf\" rel=\"nofollow\"\u003e@pr1ntf\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pr1ntf/iohyve\" rel=\"nofollow\"\u003eiohyve\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=292309\" rel=\"nofollow\"\u003eFirst cut of the FreeBSD modularized TCP stack \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD now has more than one TCP stack, and better yet, you can use more than one at once\u003c/li\u003e\n\u003cli\u003eEach socket pcb is associated with a stack, and it is possible to select a non-default stack with a socket option, so you can make a specific application use an experimental stack, while still defaulting to the known-good stack\u003c/li\u003e\n\u003cli\u003eThis should lead to a lot of interesting development and testing, without the level of risk usually associated with modifying the TCP stack\u003c/li\u003e\n\u003cli\u003eThe first new module available is ‘fastpath’, which may relate to the Nokia story earlier in the show\u003c/li\u003e\n\u003cli\u003eThere are also plans to support changing TCP stacks after establish a session, which might land as early as January\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/12/faces-of-freebsd-2015-erin-clark.html\" rel=\"nofollow\"\u003eFaces of FreeBSD : Erin Clark\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this edition of “Faces of FreeBSD” the FreeBSD foundation gives us an introduction to Erin Clark, of our very own iXsystems!\u003c/li\u003e\n\u003cli\u003eHer journey to the BSD family may sound similar to a lot of ours. She first began using Linux / Slackware in the early 2000’s, but in 2009 a friend introduced her to FreeBSD and the rest, as they say, is history. \u003c/li\u003e\n\u003cli\u003e“I use FreeBSD because it is very solid and secure and has a great selection of open source software that can be used with it from the ports collection.  I have always appreciated FreeBSD’s networking stack because it makes a great router or network appliance.  FreeBSD’s use of the ZFS file system is also very nice - ZFS snapshots definitely saved me a few times.  I also like that FreeBSD is very well documented; almost everything you need to know about working with FreeBSD can be found in the FreeBSD Handbook.”\u003c/li\u003e\n\u003cli\u003eOriginally a sys admin at iXsystems, where she helped managed PC-BSD desktops among others, now she works on the FreeNAS project as a developer for the CLI interface functionality. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://olimex.wordpress.com/2015/12/16/new-product-in-stock-pic32-retrobsd-open-source-hardware-board-running-unix-like-retrobsd-os/\" rel=\"nofollow\"\u003eNew Olimex board runs Unix\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for some small / embedded gear to mess around with? The Olimex folks have a new Pic32 system now available which runs “RetroBSD”\u003c/li\u003e\n\u003cli\u003e“The current target is Microchip PIC32 microcontroller with 128 kbytes of RAM and 512 kbytes of Flash. PIC32 processor has MIPS M4K architecture, executable data memory and flexible RAM partitioning between user and kernel modes.”\u003c/li\u003e\n\u003cli\u003eRetroBSD isn’t something we’ve covered extensively here on BSDNow, so to bring you up to speed, it is a port of 2.11 BSD\u003c/li\u003e\n\u003cli\u003eTheir website lists the following features of this 2.11 refresh:“\u003c/li\u003e\n\u003cli\u003eSmall resource requirements. RetroBSD needs only 128 kbytes of RAM to be up and running user applications.\u003c/li\u003e\n\u003cli\u003eMemory protection. Kernel memory is fully protected from user application using hardware mechanisms.\u003c/li\u003e\n\u003cli\u003eOpen functionality. Usually, user application is fixed in Flash memory - but in case of RetroBSD, any number of applications could be placed into SD card, and run as required.\u003c/li\u003e\n\u003cli\u003eReal multitasking. Standard POSIX API is implemented (fork, exec, wait4 etc).\u003c/li\u003e\n\u003cli\u003eDevelopment system on-board. It is possible to have C compiler in the system, and to recompile the user application (or the whole operating system) when needed.“\u003c/li\u003e\n\u003cli\u003eFor those looking into BSD history, or wanting something small and exotic to play with this may fit the bill nicely. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opensource.com/life/15/12/bsd-desktop-user-review-pc-bsd\" rel=\"nofollow\"\u003eOpenSource.com reviews PCBSD \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJoshua over at opensource.com writes up a review of PC-BSD (10.2 we assume)\u003c/li\u003e\n\u003cli\u003eSome of the highlights mentioned, include the easy to use graphical installer, but he does mention we should update the sorting of languages. (Good idea!)\u003c/li\u003e\n\u003cli\u003eAlong with including nice screenshots, it also covers the availability of various DE’s / WM’s, and talks a fair amount about the AppCafe and Control Panel utilities. \u003c/li\u003e\n\u003cli\u003e“Thanks to being featured on PC-BSD\u0026#39;s desktop, the PC-BSD Handbook is easily located by even the most novice user. There is no need to search through the system\u0026#39;s installed applications for a manual, or relying solely on the help documentation for individual components. While not comprehensive, PC-BSD\u0026#39;s handbook does a good job as striking a balance between concise and thorough. It contains enough information to help and provides detailed instructions for the topics it covers, but it avoids providing so much information that it overwhelms”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastieBits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.gandi.net/news/en/2015-12-23/6473-introducing_freebsd_and_trimming_down_the_official_image_list/\" rel=\"nofollow\"\u003eGandi introduces support for FreeBSD on their IaaS platform, with both ZFS and UFS based images available \u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f076ef44a44d02ed91543f820c14c2c7dff53716\" rel=\"nofollow\"\u003eFunny commit message from the Linux kernel \u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/journal/vol2_no6\" rel=\"nofollow\"\u003eFreeBSD Journal, Nov/Dec 2015 \u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2MPhvSFja\" rel=\"nofollow\"\u003e Zafer - NetBSD on DO\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2hhJktjRu\" rel=\"nofollow\"\u003e Richard - FreeNAS Replication\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2VK83ILlK\" rel=\"nofollow\"\u003e Winston - Android ADP\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20UVY8Bs5\" rel=\"nofollow\"\u003e Alex - Multiple Domains\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Cb076tu\" rel=\"nofollow\"\u003e Randy - Getting Involved\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2HNQ2aB42\" rel=\"nofollow\"\u003e Craig - zprezto\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we are going to be talking to Trent Thompson,","date_published":"2015-12-23T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5b75bf88-8fe1-4fb0-a9c3-b66fb7e3fe1e.mp3","mime_type":"audio/mpeg","size_in_bytes":70514932,"duration_in_seconds":5876}]},{"id":"9fdf3957-250a-492b-8a41-e65e8d732656","title":"120: I’m talking about the man in the middle","url":"https://www.bsdnow.tv/120","content_text":"This week on BSDNow, we are going to be talking to Pawel about how his\n\nThis episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nNote the recent passing of 2 members of the BSD community\n\n\nJuergen Lock / Nox \nBenjamin Perrault / creepingfur Memories from Michael Dexter  \nAdditional Memories  \n\n\nBenjamin and Allan at Ben’s local bar  \nBenjamin treated Allan and Michael Dexter to their first ever Bermese food  \nBenjamin enjoying the hallway track at EuroBSDCon 2015  \n***\n\n\n\nNGINX as Reverse Proxy for Apache on FreeBSD 10.2\n\n\nA tutorial on setting up NGINX as a reverse proxy for Apache\nSometimes your users or application require some feature of Apache, that cannot be easily replicated in NGINX, like .htaccess files or a custom apache module\nIn addition, because the default worker model in Apache does not accept new work until it is finished sending the request, a user with a slow connection can tie down that worker for a long time\nWith NGINX as a reverse proxy, it will receive the data from the Apache worker over localhost, freeing that worker to answer the next request, while NGINX takes care of sending the data to the user\nThe tutorial walks through the setup, which is very easy on modern FreeBSD\nOne could also add mod_rpaf2 to the Apache, to securely pass through the users’ real IP address for use by Apache’s logging and the PHP scripts\n***\n\n\nFreeBSD and FreeNAS in Business by Randy Westlund\n\n\nThe story of how a Tent \u0026amp; Awning company switched from managing orders with paper, to a computerized system backed by a FreeNAS\n“At first, I looked at off-the-shelf solutions. I found a number of cloud services that were like Dropbox, but with some generic management stuff layered on top. Not only did these all feel like a poor solution, they were very expensive. If the provider were to go out of business, what would happen to my dad’s company?”\n“Fortunately, sourcing the hardware and setting up the OS was the easiest part; I talked to iXsystems. I ordered a FreeNAS Mini and a nice workstation tower”\n“I have r2d2 (the tower, which hosts the database) replicating ZFS snapshots to c3po (the FreeNAS mini), and the data is backed up off-site regularly. This data is absolutely mission-critical, so I can’t take any risks. I’m glad I have ZFS on my side.”\n“I replaced Dropbox with Samba on c3po, and the Windows machines in the office now store important data on the NAS, rather than their local drives.”\n“I also replaced their router with an APU board running pfSense and replaced their PPTP VPN with OpenVPN and certificate authorization.”\n“FreeBSD (in three different incarnations) helped me focus on improving the company’s workflow without spending much time on the OS. And now there’s an awning company that is, in a very real sense, powered by FreeBSD.”\n***\n\n\nTutorial, Windows running under bhyve\n\n\nWith the recent passing of the world’s foremost expert on running Windows under bhyve on FreeBSD, this tutorial will help you get up to speed\n“The secret sauce to getting Windows running under bhyve is the new UEFI support. This is pretty great news, because when you utilize UEFI in bhyve, you don't have to load the operating system in bhyveload or grub-bhyve first.”\nThe author works on iohyve, and wanted to migrate away from VirtualBox, the only thing stopping that was support for Windows Guests\niohyve now has support for managing Windows VMs\nThe tutorial uses a script to extract the Windows Server 2008 ISO and set up AutoUnattend.xml to handle the installation of Windows, including setting the default administrator password, this is required because there is no graphical console yet\nThe AutoUnattended setup also includes setting the IP address, laying out the partitions, and configuring the serial console\nA second script is then used to make a new ISO with the modifications\nThe user is directed to fetch the UEFI firmware and some other bits\nThen iohyve is used to create the Windows VM\nThe first boot uses the newly created ISO to install Windows Server 2008\nSubsequent boots start Windows directly from the virtual disk\nRemote Desktop is enabled, so the user can manage the Windows Server graphically, using FreeRDP or a Windows client\niohyve can then be used to take snapshots of the machine, and clone it\n***\n\n\nBSD Router Project has released 1.58\n\n\nThe BSD Router project has announced the release of version 1.58 with some notable new features\nUpdate to FreeBSD 10.2-RELEASE-p8\nDisabled some Chelsio Nic features not used by a router\nAdded new easy installation helper option, use with “system install ”\nAdded the debugging symbols for userland\nIncludes the iperf package, and flashrom package, which allows updating system BIOS on supported boxes\nIMPORTANT: Corrects an important UFS label bug introduced on 1.57. If you are running 1.57, you will need to fetch their fixlabel.sh script before upgrading to 1.58\n***\n\n\nOPNsense 15.7.22 Released\n\n\nAn update to OPNsense has landed this week which includes the important updates to OpenSSL 1.0.2e and LibreSSL 2.2.5\nA long-standing annoying bug with filter reload timeouts has finally been identified and sorted out as well, allowing the functionality to run quickly and “glitch free” again. \nSome newer ports for curl (7.46), squid (3.5.12) and lighttpd (1.4.38) have also been thrown in for good measure\nSome other minor UI fixes have also been included as well\nWith the holidays coming up, if you are still running a consumer router, this may be a good time to convert over to a OPNsense or PFsense box and get yourself ready for the new year. \n***\n\n\niXsystems\n\n\niXSystems releases vCenter Web Client Plug-in for TrueNAS \n\n\nInterview - Pawel Jakub Dawidek - pjd@FreeBSD.org\n\n\n\nNews Roundup\n\nDeveloper claims the PS4 has been jail-broken\n\n\nWhile not exactly a well-kept secret, the PS4’s proprietary “OrbOS” is FreeBSD based. \nUsing this knowledge and a Kernel exploit, developer CTurt (https://twitter.com/CTurtE/) claims he was able jailbreak a WebKit process and gain access to the system. \nHe has posted a small tease to GitHub, detailing some of the information gleaned from the exploit, such as PID list and root FS dump\nAs such with these kinds of jailbreaks, he already requested that users stop sending him requests about game piracy, but the ability to hack on / run homebrew apps on the PS4 seems intriguing\n***\n\n\nSepherosa Ziehau is looking for testers if you have a em(4), emx(4), or igb(4) Intel device\n\n\nDragonFly Testers wanted! Sephe has posted a request for users of the em(4), emx(4) and igb(4) intel drivers to test his latest branch and report back results\nHe mentions that he has tested the models 82571, 82574 and 82573 (em/emx); 82575, 82576, 82580 and i350 specifically, so if you have something different, I’m sure he would be much appreciative of the help. \nIt looks like the em(4) driver has been updated to 7.5.2, and igb(4) 2.4.3, and adds support for the I219-LM and I219-V NICS.\n***\n\n\nOpenBSD Xen Support\n\n\nFiled under the “Ohh, look what’s coming soon” section, it appears that patches are starting to surface for OpenBSD Xen DOMU support. \nFor those who aren’t up on their Xen terminology, DomU is the unprivileged domain (I.E. Guest mode)\nRight now the patch exists at the link above, and adds a new (commented out) device to the GENERIC kernel, but this gives Xen users something new to watch for updates to. \n***\n\n\nThinkpad Backlit Keyboard support being worked on\n\n\nAnother reason why Lenovo / ThinkPads are some of the best laptops currently to use with BSD, the kettenis over at the OpenBSD project has committed a patch to enable support for the “ThinkLight”\nFor those who don’t know, this is the little light that helps illuminate the laptop’s keyboard under low-light situations. \nWhile the initial patch only supports the “real-deal” ThinkLight, he does mention that support will be added soon for the others on ThinkPads\nNo sysctl’s to fiddle with, this works directly with the ACPI / keyboard function keys directly, nice!\n***\n\n\nDeadline is approaching for Submissions of Tutorial Proposals for AsiaBSDCon 2016\n\nCall for Papers for BSDCAN 2016 now open \n\n\nThe next two major BSD conferences both have their CFP up right now. First up is AsiaBSDCon in Tokyo from March 10th-13th, followed by BSDCan in Ottawa, June 8th-11th.\nIf you are working on anything interesting in the BSD community, this is a good way to get the word out about your project, plus the conference pays for Hotel / Travel. \nIf you can make it to both, DO SO, you won’t regret it. Both Allan and Kris will be attending and we would look forward to meeting you. \n***\n\n\niohyve lands in ports\n\n(http://www.freshports.org/sysutils/iohyve/)\n\n\nSomething we’ve mentioned in passing has taken its first steps in becoming reality for users! “iohyve” has now landed in the FreeBSD ports tree\nWhile it shares a similar name to “iocage” its not directly related, different developers and such. However it does share a very similar syntax and some principles of ZFS usage\nThe current version is 0.7, but it already has a rather large feature set\nAmong the current features are ISO Management, resource management, snapshot support (via ZFS), and support for OpenBSD, NetBSD and Linux (Using grub-bhyve port)\n***\n\n\nBeastieBits\n\nhammer mount is forced noatime by default\n\nShow your support for FreeBSD \n\nOpenBSD running in an Amazon EC2 t2.micro \n\nNetBSD's 2015Q4 Package freeze is coming\n\n‘Screenshots from Developers’ that we covered previously from 2002, updated for 2015  \n\n\n\nFeedback/Questions (slexy was down when I made these, I only did 3, since the last is really long, save rest for next week)\n\n\n Mark - BSD laptops \n Jamie - zxfer \n Anonymous - Long Story \n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we are going to be talking to Pawel about how his\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eNote the recent passing of 2 members of the BSD community\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/contrib-develinmemoriam.html\" rel=\"nofollow\"\u003eJuergen Lock / Nox\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/michaeldexter/status/676290499389485057\" rel=\"nofollow\"\u003eBenjamin Perrault / creepingfur\u003c/a\u003e \u003ca href=\"http://pastebin.com/4BQ5uVsT\" rel=\"nofollow\"\u003eMemories from Michael Dexter \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.filis.org/rip_ben.txt\" rel=\"nofollow\"\u003eAdditional Memories \u003c/a\u003e \n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.allanjude.com/bsd/bp/IMG_20151101_161727-auto.jpg\" rel=\"nofollow\"\u003eBenjamin and Allan at Ben’s local bar \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.allanjude.com/bsd/bp/IMG_20151101_191344-auto.jpg\" rel=\"nofollow\"\u003eBenjamin treated Allan and Michael Dexter to their first ever Bermese food \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.allanjude.com/bsd/bp/IMG_20151003_105457-auto.jpg\" rel=\"nofollow\"\u003eBenjamin enjoying the hallway track at EuroBSDCon 2015 \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://linoxide.com/linux-how-to/install-nginx-reverse-proxy-apache-freebsd-10-2/\" rel=\"nofollow\"\u003eNGINX as Reverse Proxy for Apache on FreeBSD 10.2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA tutorial on setting up NGINX as a reverse proxy for Apache\u003c/li\u003e\n\u003cli\u003eSometimes your users or application require some feature of Apache, that cannot be easily replicated in NGINX, like .htaccess files or a custom apache module\u003c/li\u003e\n\u003cli\u003eIn addition, because the default worker model in Apache does not accept new work until it is finished sending the request, a user with a slow connection can tie down that worker for a long time\u003c/li\u003e\n\u003cli\u003eWith NGINX as a reverse proxy, it will receive the data from the Apache worker over localhost, freeing that worker to answer the next request, while NGINX takes care of sending the data to the user\u003c/li\u003e\n\u003cli\u003eThe tutorial walks through the setup, which is very easy on modern FreeBSD\u003c/li\u003e\n\u003cli\u003eOne could also add mod_rpaf2 to the Apache, to securely pass through the users’ real IP address for use by Apache’s logging and the PHP scripts\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/freebsd_freenas/\" rel=\"nofollow\"\u003eFreeBSD and FreeNAS in Business by Randy Westlund\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe story of how a Tent \u0026amp; Awning company switched from managing orders with paper, to a computerized system backed by a FreeNAS\u003c/li\u003e\n\u003cli\u003e“At first, I looked at off-the-shelf solutions. I found a number of cloud services that were like Dropbox, but with some generic management stuff layered on top. Not only did these all feel like a poor solution, they were very expensive. If the provider were to go out of business, what would happen to my dad’s company?”\u003c/li\u003e\n\u003cli\u003e“Fortunately, sourcing the hardware and setting up the OS was the easiest part; I talked to iXsystems. I ordered a FreeNAS Mini and a nice workstation tower”\u003c/li\u003e\n\u003cli\u003e“I have r2d2 (the tower, which hosts the database) replicating ZFS snapshots to c3po (the FreeNAS mini), and the data is backed up off-site regularly. This data is absolutely mission-critical, so I can’t take any risks. I’m glad I have ZFS on my side.”\u003c/li\u003e\n\u003cli\u003e“I replaced Dropbox with Samba on c3po, and the Windows machines in the office now store important data on the NAS, rather than their local drives.”\u003c/li\u003e\n\u003cli\u003e“I also replaced their router with an APU board running pfSense and replaced their PPTP VPN with OpenVPN and certificate authorization.”\u003c/li\u003e\n\u003cli\u003e“FreeBSD (in three different incarnations) helped me focus on improving the company’s workflow without spending much time on the OS. And now there’s an awning company that is, in a very real sense, powered by FreeBSD.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pr1ntf.xyz/windowsunderbhyve.html\" rel=\"nofollow\"\u003eTutorial, Windows running under bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith the recent passing of the world’s foremost expert on running Windows under bhyve on FreeBSD, this tutorial will help you get up to speed\u003c/li\u003e\n\u003cli\u003e“The secret sauce to getting Windows running under bhyve is the new UEFI support. This is pretty great news, because when you utilize UEFI in bhyve, you don\u0026#39;t have to load the operating system in bhyveload or grub-bhyve first.”\u003c/li\u003e\n\u003cli\u003eThe author works on iohyve, and wanted to migrate away from VirtualBox, the only thing stopping that was support for Windows Guests\u003c/li\u003e\n\u003cli\u003eiohyve now has support for managing Windows VMs\u003c/li\u003e\n\u003cli\u003eThe tutorial uses a script to extract the Windows Server 2008 ISO and set up AutoUnattend.xml to handle the installation of Windows, including setting the default administrator password, this is required because there is no graphical console yet\u003c/li\u003e\n\u003cli\u003eThe AutoUnattended setup also includes setting the IP address, laying out the partitions, and configuring the serial console\u003c/li\u003e\n\u003cli\u003eA second script is then used to make a new ISO with the modifications\u003c/li\u003e\n\u003cli\u003eThe user is directed to fetch the UEFI firmware and some other bits\u003c/li\u003e\n\u003cli\u003eThen iohyve is used to create the Windows VM\u003c/li\u003e\n\u003cli\u003eThe first boot uses the newly created ISO to install Windows Server 2008\u003c/li\u003e\n\u003cli\u003eSubsequent boots start Windows directly from the virtual disk\u003c/li\u003e\n\u003cli\u003eRemote Desktop is enabled, so the user can manage the Windows Server graphically, using FreeRDP or a Windows client\u003c/li\u003e\n\u003cli\u003eiohyve can then be used to take snapshots of the machine, and clone it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.58/\" rel=\"nofollow\"\u003eBSD Router Project has released 1.58\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe BSD Router project has announced the release of version 1.58 with some notable new features\u003c/li\u003e\n\u003cli\u003eUpdate to FreeBSD 10.2-RELEASE-p8\u003c/li\u003e\n\u003cli\u003eDisabled some Chelsio Nic features not used by a router\u003c/li\u003e\n\u003cli\u003eAdded new easy installation helper option, use with “system install \u003cdisk\u003e”\u003c/li\u003e\n\u003cli\u003eAdded the debugging symbols for userland\u003c/li\u003e\n\u003cli\u003eIncludes the iperf package, and flashrom package, which allows updating system BIOS on supported boxes\u003c/li\u003e\n\u003cli\u003eIMPORTANT: Corrects an important UFS label bug introduced on 1.57. If you are running 1.57, you will need to fetch their fixlabel.sh script before upgrading to 1.58\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-15-7-22-released/\" rel=\"nofollow\"\u003eOPNsense 15.7.22 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn update to OPNsense has landed this week which includes the important updates to OpenSSL 1.0.2e and LibreSSL 2.2.5\u003c/li\u003e\n\u003cli\u003eA long-standing annoying bug with filter reload timeouts has finally been identified and sorted out as well, allowing the functionality to run quickly and “glitch free” again. \u003c/li\u003e\n\u003cli\u003eSome newer ports for curl (7.46), squid (3.5.12) and lighttpd (1.4.38) have also been thrown in for good measure\u003c/li\u003e\n\u003cli\u003eSome other minor UI fixes have also been included as well\u003c/li\u003e\n\u003cli\u003eWith the holidays coming up, if you are still running a consumer router, this may be a good time to convert over to a OPNsense or PFsense box and get yourself ready for the new year. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/whats-new/2015/12/vcenter-web-client-plug-in-for-truenas-now-available/\" rel=\"nofollow\"\u003eiXSystems releases vCenter Web Client Plug-in for TrueNAS\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Pawel Jakub Dawidek - \u003ca href=\"mailto:pjd@FreeBSD.org\" rel=\"nofollow\"\u003epjd@FreeBSD.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.networkworld.com/article/3014714/security/developer-claims-ps4-officially-jailbroken.html\" rel=\"nofollow\"\u003eDeveloper claims the PS4 has been jail-broken\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile not exactly a well-kept secret, the PS4’s proprietary “OrbOS” is FreeBSD based. \u003c/li\u003e\n\u003cli\u003eUsing this knowledge and a Kernel exploit, developer CTurt (\u003ca href=\"https://twitter.com/CTurtE/\" rel=\"nofollow\"\u003ehttps://twitter.com/CTurtE/\u003c/a\u003e) claims he was able jailbreak a WebKit process and gain access to the system. \u003c/li\u003e\n\u003cli\u003eHe has posted a small tease to GitHub, detailing some of the information gleaned from the exploit, such as PID list and root FS dump\u003c/li\u003e\n\u003cli\u003eAs such with these kinds of jailbreaks, he already requested that users stop sending him requests about game piracy, but the ability to hack on / run homebrew apps on the PS4 seems intriguing\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-December/228461.html\" rel=\"nofollow\"\u003eSepherosa Ziehau is looking for testers if you have a em(4), emx(4), or igb(4) Intel device\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly Testers wanted! Sephe has posted a request for users of the em(4), emx(4) and igb(4) intel drivers to test his latest branch and report back results\u003c/li\u003e\n\u003cli\u003eHe mentions that he has tested the models 82571, 82574 and 82573 (em/emx); 82575, 82576, 82580 and i350 specifically, so if you have something different, I’m sure he would be much appreciative of the help. \u003c/li\u003e\n\u003cli\u003eIt looks like the em(4) driver has been updated to 7.5.2, and igb(4) 2.4.3, and adds support for the I219-LM and I219-V NICS.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=144933933119525\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD Xen Support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFiled under the “Ohh, look what’s coming soon” section, it appears that patches are starting to surface for OpenBSD Xen DOMU support. \u003c/li\u003e\n\u003cli\u003eFor those who aren’t up on their Xen terminology, DomU is the unprivileged domain (I.E. Guest mode)\u003c/li\u003e\n\u003cli\u003eRight now the patch exists at the link above, and adds a new (commented out) device to the GENERIC kernel, but this gives Xen users something new to watch for updates to. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/openbsd/b355449caa22e7bb6c460f7a647874836ef604f0\" rel=\"nofollow\"\u003eThinkpad Backlit Keyboard support being worked on\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother reason why Lenovo / ThinkPads are some of the best laptops currently to use with BSD, the kettenis over at the OpenBSD project has committed a patch to enable support for the “ThinkLight”\u003c/li\u003e\n\u003cli\u003eFor those who don’t know, this is the little light that helps illuminate the laptop’s keyboard under low-light situations. \u003c/li\u003e\n\u003cli\u003eWhile the initial patch only supports the “real-deal” ThinkLight, he does mention that support will be added soon for the others on ThinkPads\u003c/li\u003e\n\u003cli\u003eNo sysctl’s to fiddle with, this works directly with the ACPI / keyboard function keys directly, nice!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2016.asiabsdcon.org/cfp.html\" rel=\"nofollow\"\u003eDeadline is approaching for Submissions of Tutorial Proposals for AsiaBSDCon 2016\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.bsdcan.org/2016/papers.php\" rel=\"nofollow\"\u003eCall for Papers for BSDCAN 2016 now open\u003c/a\u003e \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe next two major BSD conferences both have their CFP up right now. First up is AsiaBSDCon in Tokyo from March 10th-13th, followed by BSDCan in Ottawa, June 8th-11th.\u003c/li\u003e\n\u003cli\u003eIf you are working on anything interesting in the BSD community, this is a good way to get the word out about your project, plus the conference pays for Hotel / Travel. \u003c/li\u003e\n\u003cli\u003eIf you can make it to both, DO SO, you won’t regret it. Both Allan and Kris will be attending and we would look forward to meeting you. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/pr1ntf/iohyve\" rel=\"nofollow\"\u003eiohyve lands in ports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003e(\u003ca href=\"http://www.freshports.org/sysutils/iohyve/\" rel=\"nofollow\"\u003ehttp://www.freshports.org/sysutils/iohyve/\u003c/a\u003e)\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSomething we’ve mentioned in passing has taken its first steps in becoming reality for users! “iohyve” has now landed in the FreeBSD ports tree\u003c/li\u003e\n\u003cli\u003eWhile it shares a similar name to “iocage” its not directly related, different developers and such. However it does share a very similar syntax and some principles of ZFS usage\u003c/li\u003e\n\u003cli\u003eThe current version is 0.7, but it already has a rather large feature set\u003c/li\u003e\n\u003cli\u003eAmong the current features are ISO Management, resource management, snapshot support (via ZFS), and support for OpenBSD, NetBSD and Linux (Using grub-bhyve port)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastieBits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-November/228445.html\" rel=\"nofollow\"\u003ehammer mount is forced noatime by default\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/12/show-your-support-for-freebsd.html\" rel=\"nofollow\"\u003eShow your support for FreeBSD\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://gist.github.com/reyk/e23fde95354d4bc35a40\" rel=\"nofollow\"\u003eOpenBSD running in an Amazon EC2 t2.micro\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/tech-pkg/2015/12/05/msg016059.html\" rel=\"nofollow\"\u003eNetBSD\u0026#39;s 2015Q4 Package freeze is coming\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://anders.unix.se/2015/12/10/screenshots-from-developers--2002-vs.-2015/\" rel=\"nofollow\"\u003e‘Screenshots from Developers’ that we covered previously from 2002, updated for 2015 \u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions (slexy was down when I made these, I only did 3, since the last is really long, save rest for next week)\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/g0DnFG95\" rel=\"nofollow\"\u003e Mark - BSD laptops\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/BNCmDgTe\" rel=\"nofollow\"\u003e Jamie - zxfer\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pastebin.com/iw0dXZ9P\" rel=\"nofollow\"\u003e Anonymous - Long Story\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we are going to be talking to Pawel about how his","date_published":"2015-12-16T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9fdf3957-250a-492b-8a41-e65e8d732656.mp3","mime_type":"audio/mpeg","size_in_bytes":83930260,"duration_in_seconds":6994}]},{"id":"37b89eb3-cafc-4d08-916c-024e11347e21","title":"119: There be Dragons, BSD Dragons anyway","url":"https://www.bsdnow.tv/119","content_text":"This week on BSDNow - It’s getting close to christmas and the\n\nThis episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nn2k15 hackathon reports\n\n\ntedu@ worked on rebound, malloc hardening, removing legacy code\n“I don't usually get too involved with the network stack, but sometimes you find yourself at a network hackathon and have to go with the flow. With many developers working in the same area, it can be hard to find an appropriate project, but fortunately there are a few dusty corners in networking land that can be swept up without too much disturbance to others.”\n“IPv6 is the future of networking. IPv6 has also been the future of networking for 20 years. As a result, a number of features have been proposed, implemented, then obsoleted, but the corresponding code never quite gets deleted. The IPsec stack has followed a somewhat similar trajectory”\n“I read through various networking headers in search of features that would normally be exposed to userland, but were instead guarded by ifdef _KERNEL. This identified a number of options for setsockopt() that had been officially retired from the API, but the kernel code retained to provide ABI compatibility during a transition period. That transition occurred more than a decade ago. Binary programs from that era no longer run for many other reasons, and so we can delete support. It's only a small improvement, but it gradually reduces the amount of code that needs to be reviewed when making larger more important changes”\nIfconfig txpower got similar treatment, as no modern WiFi driver supports it\nSupport for Ethernet Trailers, RFC 893, enabled zero copy networking on a VAX with 512 byte hardware pages, the feature was removed even before OpenBSD was founded, but the ifconfig option was still in place\nAlexandr Nedvedicky (sashan@) worked on MP-Safe PF \n“I'd like to thank Reyk for hackroom and showing us a Christmas market. It was also my pleasure to meet Mr. Henning in person. Speaking of Henning, let's switch to PF hacking.”\n“mpi@ came with patch (sent to priv. list only currently), which adds a new lock for PF. It's called PF big lock. The big PF lock essentially establishes a safe playground for PF hackers. The lock currently covers all pf_test() function. The pf_test() function parts will be gradually unlocked as the work will progress.\nTo make PF big lock safe few more details must be sorted out. The first of them is to avoid recursive calls to pf_test(). The pf_test() could get entered recursively, when packet hits block rule with return-* action. This is no longer the case as ip*_send() functions got introduced (committed change has been discussed privately). Packets sent on behalf of kernel are dispatched using softnet task queue now. We still have to sort out pf_route*() functions. The other thing we need to sort out with respect to PF big lock is reference counting for statekey, which gets attached to mbuf. Patch has been sent to hackers, waiting for OK too. The plan is to commit reference counting sometimes next year after CVS will be unlocked. There is one more patch at tech@ waiting for OK. It brings OpenBSD and Solaris PF closer to each other by one tiny little step.”\n***\n\n\nACM Queue: Challenges of Memory Management on Modern NUMA System\n\n\n“Modern server-class systems are typically built as several multicore chips put together in a single system. Each chip has a local DRAM (dynamic random-access memory) module; together they are referred to as a node. Nodes are connected via a high-speed interconnect, and the system is fully coherent. This means that, transparently to the programmer, a core can issue requests to its node's local memory as well as to the memories of other nodes. The key distinction is that remote requests will take longer, because they are subject to longer wire delays and may have to jump several hops as they traverse the interconnect. The latency of memory-access times is hence non-uniform, because it depends on where the request originates and where it is destined to go. Such systems are referred to as NUMA (non-uniform memory access).”\nSo, depending what core a program is running on, it will have different throughput and latency to specific banks of memory. Therefore, it is usually optimal to try to allocate memory from the bank of ram connected to the CPU that the program is running on, and to keep that program running on that same CPU, rather than moving it around\nThere are a number of different NUMA strategies, including:\nFixed, memory is always allocated from a specific bank of memory\nFirst Touch, which means that memory is allocated from the bank connected to the CPU that the application is running on when it requests the memory, which can increase performance if the application remains on that same CPU, and the load is balanced optimally\nRound Robin or Interleave, where memory is allocated evenly, each allocation coming from the next bank of memory so that all banks are used. This method can provide more uniform performance, because it ensures that all memory accesses have the same change to be local vs remote. If even performance is required, this method can be better than something more focused on locality, but that might fail and result in remote access\nAutoNUMA, A kernel task routinely iterates through the allocated memory of each process and tallies the number of memory pages on each node for that process. It also clears the present bit on the pages, which will force the CPU to stop and enter the page-fault handler when the page is next accessed. In the page-fault handler it records which node and thread is trying to access the page before setting the present bit and allowing execution to continue. Pages that are accessed from remote nodes are put into a queue to be migrated to that node. After a page has already been migrated once, though, future migrations require two recorded accesses from a remote node, which is designed to prevent excessive migrations (known as page bouncing).\nThe paper also introduces a new strategy:\nCarrefour is a memory-placement algorithm for NUMA systems that focuses on traffic management: placing memory so as to minimize congestion on interconnect links or memory controllers. Trying to strike a balance between locality, and ensuring that the interconnect between a specific pair of CPUs does not become congested, which can make remote accesses even slower\nCarrefour uses three primary techniques:\nMemory collocation, Moving memory to a different node so that accesses will likely be local.\nReplication, Copying memory to several nodes so that threads from each node can access it locally (useful for read-only and read-mostly data).\nInterleaving, Moving memory such that it is distributed evenly among all nodes.\nFreeBSD is slowly gaining NUMA capabilities, and currently supports: fixed, round-robin, first-touch. Additionally, it also supports fixed-rr, and first-touch-rr, where if the memory allocation fails, because the fixed domain or first-touch domain is full, it falls back to round-robin.\nFor more information, see numa(4) and numa_setaffinity(2) on 11-CURRENT\n***\n\n\nIs that Linux? No it is PC-BSD\n\n\nLarry Cafiero continues to make some news about his switch to PC-BSD from Linux. This time in an blog post titled “Is that Linux? No, its PC-BSD” he describes an experience out and about where he was asked what is running on his laptop, and was unable for the first time in 9 years to answer, it’s Linux. \nThe blog then goes on to mention his experience up to now running PC-BSD, how the learning curve was fairly easy coming from a Linux background. \nHe mentions that he has noticed an uptick in performance on the system, no specific benchmarks but this “Linux was fast enough on this machine. But in street racing parlance, with PC-BSD I’m burning rubber in all four gears.”\nThe only major nits he mentions is having trouble getting a font to switch in FireFox, and not knowing how to enable GRUB quiet mode. (I’ll have to add a knob back for that)\n***\n\n\nDual booting OS X and OpenBSD with full disk encryption\n\n\nNew GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs\nThis tutorial walks the read through the steps of installing OpenBSD side-by-side with Mac OS X\nFirst the HFS+ partition is shrunk to make room for a new OpenBSD partition\nThen the OpenBSD installer is run, and the available free space is setup as an encrypted softraid \nThe OpenBSD installer will add itself to the EFI partition\nRename the boot loader installed by OpenBSD and replace it with rEFInd, so you will get a boot menu allowing you to select between OpenBSD and OS X\n***\n\n\nInterview - Paul Goyette - pgoyette@netbsd.org\n\n\nNetBSD Testing and Modularity\n***\n\n\niXsystems\n\n\niXsystems Wins Press and Industry Analyst Accolades in Best in Biz Awards 2015\n***\n\n\nNews Roundup\n\nHOWTO: L2TP/IPSec with OpenBSD\n\n\n*BSD contributor Sevan Janiyan provides an update on setting up a road-warrior VPN\nThis first article walks through setting up the OpenBSD server side, and followup articles will cover configuring various client systems to connect to it\nThe previous tutorial on this configuration is from 2012, and things have improved greatly since then, and is much easier to set up now\nThe tutorial includes PF rules, npppd configuration, and how to enable isakmpd and ipsec\nL2TP/IPSec is chosen because most operating systems, including Windows, OS X, iOS, and Android, include a native L2TP client, rather than requiring some additional software to be installed\n***\n\n\nDragonFly 4.4 Released\n\n\nDragonFly BSD has made its 4.4 release official this week!\nA lot of big changes, but some of the highlights\n\n\nRadeon / i915 DRM support for up to Linux Kernel 3.18\nProper collation support for named locales, shared back to FreeBSD 11-CURRENT\nRegex Support using TRE “As a consequence of the locale upgrades, the original regex library had to be forced into POSIX (single-byte) mode always. The support for multi-byte characters just wasn't there. ” …. “TRE is faster, more capable, and supports multibyte characters, so it's a nice addition to this release.”\nOther noteworthy, iwm(4) driver, CPU power-saving improvements, import ipfw from FreeBSD (named ipfw3)\n\nAn interesting tidbit is switching to the Gold linker \n***\n\n\nGuide to install Ajenti on Nginx with SSL on FreeBSD 10.2\n\n\nLooking for a webmin-like interface to control your FreeBSD box? Enter Ajenti, and today we have a walkthrough posted on how to get it setup on a FreeBSD 10.2 system.\nThe walkthrough is mostly straightforward, you’ll need a FreeBSD box with root, and will need to install several packages / ports initially. \nBecause there is no native package (yet), it guides you through using python’s PIP installer to fetch and get Ajenti running. \nThe author links to some pre-built rc.d scripts and other helpful config files on GitHub, which will further assist in the process of making it run on FreeBSD.\nAjenti by itself may not be the best to serve publically, so it also provides instructions on how to protect the connection by serving it through nginx / SSL, a must-have if you plan on using this over unsecure networks. \n***\n\n\nBSDCan 2016 CFP is up!\n\n\nBSDCan is the biggest North American BSD conference, and my personal favourite\nThe call for papers is now out, and I would like to see more first-time submitters this year\nIf you do anything interesting with or on a BSD, please write a proposal\nAre the machines you run BSD on bigger or smaller than what most people have? Tell us about it\nAre you running a big farm that does something interesting?\nIs your university research using BSD?\nDo you have an idea for a great new subsystem or utility?\nHave you suffered through some horrible ordeal? Make sure the rest of us know the best way out when it happens to us.\nDid you build a radar that runs NetBSD? A telescope controlled by FreeBSD?\nHave you run an ISP at the north pole using Jails?\nDo you run a usergroup and have tips to share?\nHave you combined the features and tools of a BSD in a new and interesting way?\nDon’t have a talk to give? Teach a tutorial!\nThe conference will arrange your air travel and hotel, and you’ll get to spend a few great days with the best community on earth\nMichael W. Lucas’s post about the 2015 proposals and rejections \n***\n\n\nBeastie Bits\n\n\nOpenBSD's lightweight web server now in FreeBSD's ports tree \nStephen Bourne's NYCBUG talk is online\nLooking for owner to FreeBSDWiki \nHOWTO: OpenBSD Mail Server  \nA new magic getopt library\nPXE boot OpenBSD from OpenWRT \nSupporting the OpenBSD project\n\n\n\n\nFeedback/Questions\n\n\n Zachary - FreeBSD Jails \n Robert - Iocage help! \n Kjell - Server Management \n Brian - NAS Setup \n Mike - Radius Followup \n Laszlo - Best Stocking Ever \n***\n","content_html":"\u003cp\u003eThis week on BSDNow - It’s getting close to christmas and the\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151208172029\" rel=\"nofollow\"\u003en2k15 hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003etedu@ worked on rebound, malloc hardening, removing legacy code\u003c/li\u003e\n\u003cli\u003e“I don\u0026#39;t usually get too involved with the network stack, but sometimes you find yourself at a network hackathon and have to go with the flow. With many developers working in the same area, it can be hard to find an appropriate project, but fortunately there are a few dusty corners in networking land that can be swept up without too much disturbance to others.”\u003c/li\u003e\n\u003cli\u003e“IPv6 is the future of networking. IPv6 has also been the future of networking for 20 years. As a result, a number of features have been proposed, implemented, then obsoleted, but the corresponding code never quite gets deleted. The IPsec stack has followed a somewhat similar trajectory”\u003c/li\u003e\n\u003cli\u003e“I read through various networking headers in search of features that would normally be exposed to userland, but were instead guarded by ifdef _KERNEL. This identified a number of options for setsockopt() that had been officially retired from the API, but the kernel code retained to provide ABI compatibility during a transition period. That transition occurred more than a decade ago. Binary programs from that era no longer run for many other reasons, and so we can delete support. It\u0026#39;s only a small improvement, but it gradually reduces the amount of code that needs to be reviewed when making larger more important changes”\u003c/li\u003e\n\u003cli\u003eIfconfig txpower got similar treatment, as no modern WiFi driver supports it\u003c/li\u003e\n\u003cli\u003eSupport for Ethernet Trailers, \u003ca href=\"https://tools.ietf.org/html/rfc893\" rel=\"nofollow\"\u003eRFC 893\u003c/a\u003e, enabled zero copy networking on a VAX with 512 byte hardware pages, the feature was removed even before OpenBSD was founded, but the ifconfig option was still in place\u003c/li\u003e\n\u003cli\u003eAlexandr Nedvedicky (sashan@) worked on \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151207143819\" rel=\"nofollow\"\u003eMP-Safe PF\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e“I\u0026#39;d like to thank Reyk for hackroom and showing us a Christmas market. It was also my pleasure to meet Mr. Henning in person. Speaking of Henning, let\u0026#39;s switch to PF hacking.”\u003c/li\u003e\n\u003cli\u003e“mpi@ came with patch (sent to priv. list only currently), which adds a new lock for PF. It\u0026#39;s called PF big lock. The big PF lock essentially establishes a safe playground for PF hackers. The lock currently covers all pf_test() function. The pf_test() function parts will be gradually unlocked as the work will progress.\u003c/li\u003e\n\u003cli\u003eTo make PF big lock safe few more details must be sorted out. The first of them is to avoid recursive calls to pf_test(). The pf_test() could get entered recursively, when packet hits block rule with return-* action. This is no longer the case as ip*_send() functions got introduced (committed change has been discussed privately). Packets sent on behalf of kernel are dispatched using softnet task queue now. We still have to sort out pf_route*() functions. The other thing we need to sort out with respect to PF big lock is reference counting for statekey, which gets attached to mbuf. Patch has been sent to hackers, waiting for OK too. The plan is to commit reference counting sometimes next year after CVS will be unlocked. There is one more patch at tech@ waiting for OK. It brings OpenBSD and Solaris PF closer to each other by one tiny little step.”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://queue.acm.org/detail.cfm?id=2852078\" rel=\"nofollow\"\u003eACM Queue: Challenges of Memory Management on Modern NUMA System\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“Modern server-class systems are typically built as several multicore chips put together in a single system. Each chip has a local DRAM (dynamic random-access memory) module; together they are referred to as a node. Nodes are connected via a high-speed interconnect, and the system is fully coherent. This means that, transparently to the programmer, a core can issue requests to its node\u0026#39;s local memory as well as to the memories of other nodes. The key distinction is that remote requests will take longer, because they are subject to longer wire delays and may have to jump several hops as they traverse the interconnect. The latency of memory-access times is hence non-uniform, because it depends on where the request originates and where it is destined to go. Such systems are referred to as NUMA (non-uniform memory access).”\u003c/li\u003e\n\u003cli\u003eSo, depending what core a program is running on, it will have different throughput and latency to specific banks of memory. Therefore, it is usually optimal to try to allocate memory from the bank of ram connected to the CPU that the program is running on, and to keep that program running on that same CPU, rather than moving it around\u003c/li\u003e\n\u003cli\u003eThere are a number of different NUMA strategies, including:\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFixed\u003c/strong\u003e, memory is always allocated from a specific bank of memory\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFirst Touch\u003c/strong\u003e, which means that memory is allocated from the bank connected to the CPU that the application is running on when it requests the memory, which can increase performance if the application remains on that same CPU, and the load is balanced optimally\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRound Robin\u003c/strong\u003e or \u003cstrong\u003eInterleave\u003c/strong\u003e, where memory is allocated evenly, each allocation coming from the next bank of memory so that all banks are used. This method can provide more uniform performance, because it ensures that all memory accesses have the same change to be local vs remote. If even performance is required, this method can be better than something more focused on locality, but that might fail and result in remote access\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAutoNUMA\u003c/strong\u003e, A kernel task routinely iterates through the allocated memory of each process and tallies the number of memory pages on each node for that process. It also clears the present bit on the pages, which will force the CPU to stop and enter the page-fault handler when the page is next accessed. In the page-fault handler it records which node and thread is trying to access the page before setting the present bit and allowing execution to continue. Pages that are accessed from remote nodes are put into a queue to be migrated to that node. After a page has already been migrated once, though, future migrations require two recorded accesses from a remote node, which is designed to prevent excessive migrations (known as page bouncing).\u003c/li\u003e\n\u003cli\u003eThe paper also introduces a new strategy:\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCarrefour\u003c/strong\u003e is a memory-placement algorithm for NUMA systems that focuses on traffic management: placing memory so as to minimize congestion on interconnect links or memory controllers. Trying to strike a balance between locality, and ensuring that the interconnect between a specific pair of CPUs does not become congested, which can make remote accesses even slower\u003c/li\u003e\n\u003cli\u003eCarrefour uses three primary techniques:\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMemory collocation\u003c/strong\u003e, Moving memory to a different node so that accesses will likely be local.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReplication\u003c/strong\u003e, Copying memory to several nodes so that threads from each node can access it locally (useful for read-only and read-mostly data).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInterleaving\u003c/strong\u003e, Moving memory such that it is distributed evenly among all nodes.\u003c/li\u003e\n\u003cli\u003eFreeBSD is slowly gaining NUMA capabilities, and currently supports: fixed, round-robin, first-touch. Additionally, it also supports fixed-rr, and first-touch-rr, where if the memory allocation fails, because the fixed domain or first-touch domain is full, it falls back to round-robin.\u003c/li\u003e\n\u003cli\u003eFor more information, see numa(4) and numa_setaffinity(2) on 11-CURRENT\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://fossforce.com/2015/12/linux-no-pc-bsd/\" rel=\"nofollow\"\u003eIs that Linux? No it is PC-BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLarry Cafiero continues to make some news about his switch to PC-BSD from Linux. This time in an blog post titled “Is that Linux? No, its PC-BSD” he describes an experience out and about where he was asked what is running on his laptop, and was unable for the first time in 9 years to answer, it’s Linux. \u003c/li\u003e\n\u003cli\u003eThe blog then goes on to mention his experience up to now running PC-BSD, how the learning curve was fairly easy coming from a Linux background. \u003c/li\u003e\n\u003cli\u003eHe mentions that he has noticed an uptick in performance on the system, no specific benchmarks but this “Linux was fast enough on this machine. But in street racing parlance, with PC-BSD I’m burning rubber in all four gears.”\u003c/li\u003e\n\u003cli\u003eThe only major nits he mentions is having trouble getting a font to switch in FireFox, and not knowing how to enable GRUB quiet mode. (I’ll have to add a knob back for that)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gist.github.com/jcs/5573685\" rel=\"nofollow\"\u003eDual booting OS X and OpenBSD with full disk encryption\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs\u003c/li\u003e\n\u003cli\u003eThis tutorial walks the read through the steps of installing OpenBSD side-by-side with Mac OS X\u003c/li\u003e\n\u003cli\u003eFirst the HFS+ partition is shrunk to make room for a new OpenBSD partition\u003c/li\u003e\n\u003cli\u003eThen the OpenBSD installer is run, and the available free space is setup as an encrypted softraid \u003c/li\u003e\n\u003cli\u003eThe OpenBSD installer will add itself to the EFI partition\u003c/li\u003e\n\u003cli\u003eRename the boot loader installed by OpenBSD and replace it with rEFInd, so you will get a boot menu allowing you to select between OpenBSD and OS X\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Paul Goyette - \u003ca href=\"mailto:pgoyette@netbsd.org\" rel=\"nofollow\"\u003epgoyette@netbsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD Testing and Modularity\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.virtual-strategy.com/2015/12/08/ixsystems-wins-press-and-industry-analyst-accolades-best-biz-awards-2015\" rel=\"nofollow\"\u003eiXsystems Wins Press and Industry Analyst Accolades in Best in Biz Awards 2015\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.geeklan.co.uk/?p=2019\" rel=\"nofollow\"\u003eHOWTO: L2TP/IPSec with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e*BSD contributor Sevan Janiyan provides an update on setting up a road-warrior VPN\u003c/li\u003e\n\u003cli\u003eThis first article walks through setting up the OpenBSD server side, and followup articles will cover configuring various client systems to connect to it\u003c/li\u003e\n\u003cli\u003eThe previous tutorial on this configuration is from 2012, and things have improved greatly since then, and is much easier to set up now\u003c/li\u003e\n\u003cli\u003eThe tutorial includes PF rules, npppd configuration, and how to enable isakmpd and ipsec\u003c/li\u003e\n\u003cli\u003eL2TP/IPSec is chosen because most operating systems, including Windows, OS X, iOS, and Android, include a native L2TP client, rather than requiring some additional software to be installed\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/release44/\" rel=\"nofollow\"\u003eDragonFly 4.4 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly BSD has made its 4.4 release official this week!\u003c/li\u003e\n\u003cli\u003eA lot of big changes, but some of the highlights\n\n\u003cul\u003e\n\u003cli\u003eRadeon / i915 DRM support for up to Linux Kernel 3.18\u003c/li\u003e\n\u003cli\u003eProper collation support for named locales, shared back to FreeBSD 11-CURRENT\u003c/li\u003e\n\u003cli\u003eRegex Support using TRE “As a consequence of the locale upgrades, the original regex library had to be forced into POSIX (single-byte) mode always. The support for multi-byte characters just wasn\u0026#39;t there. ” …. “TRE is faster, more capable, and supports multibyte characters, so it\u0026#39;s a nice addition to this release.”\u003c/li\u003e\n\u003cli\u003eOther noteworthy, iwm(4) driver, CPU power-saving improvements, import ipfw from FreeBSD (named ipfw3)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eAn interesting tidbit is \u003ca href=\"http://bsd.slashdot.org/story/15/12/04/2351241/dragonflybsd-44-switches-to-the-gold-linker-by-default\" rel=\"nofollow\"\u003eswitching to the Gold linker\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://linoxide.com/linux-how-to/install-ajenti-nginx-ssl-freebsd-10-2/\" rel=\"nofollow\"\u003eGuide to install Ajenti on Nginx with SSL on FreeBSD 10.2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for a webmin-like interface to control your FreeBSD box? Enter Ajenti, and today we have a walkthrough posted on how to get it setup on a FreeBSD 10.2 system.\u003c/li\u003e\n\u003cli\u003eThe walkthrough is mostly straightforward, you’ll need a FreeBSD box with root, and will need to install several packages / ports initially. \u003c/li\u003e\n\u003cli\u003eBecause there is no native package (yet), it guides you through using python’s PIP installer to fetch and get Ajenti running. \u003c/li\u003e\n\u003cli\u003eThe author links to some pre-built rc.d scripts and other helpful config files on GitHub, which will further assist in the process of making it run on FreeBSD.\u003c/li\u003e\n\u003cli\u003eAjenti by itself may not be the best to serve publically, so it also provides instructions on how to protect the connection by serving it through nginx / SSL, a must-have if you plan on using this over unsecure networks. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdcan.org/2016/papers.php\" rel=\"nofollow\"\u003eBSDCan 2016 CFP is up!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDCan is the biggest North American BSD conference, and my personal favourite\u003c/li\u003e\n\u003cli\u003eThe call for papers is now out, and I would like to see more first-time submitters this year\u003c/li\u003e\n\u003cli\u003eIf you do anything interesting with or on a BSD, please write a proposal\u003c/li\u003e\n\u003cli\u003eAre the machines you run BSD on bigger or smaller than what most people have? Tell us about it\u003c/li\u003e\n\u003cli\u003eAre you running a big farm that does something interesting?\u003c/li\u003e\n\u003cli\u003eIs your university research using BSD?\u003c/li\u003e\n\u003cli\u003eDo you have an idea for a great new subsystem or utility?\u003c/li\u003e\n\u003cli\u003eHave you suffered through some horrible ordeal? Make sure the rest of us know the best way out when it happens to us.\u003c/li\u003e\n\u003cli\u003eDid you build a radar that runs NetBSD? A telescope controlled by FreeBSD?\u003c/li\u003e\n\u003cli\u003eHave you run an ISP at the north pole using Jails?\u003c/li\u003e\n\u003cli\u003eDo you run a usergroup and have tips to share?\u003c/li\u003e\n\u003cli\u003eHave you combined the features and tools of a BSD in a new and interesting way?\u003c/li\u003e\n\u003cli\u003eDon’t have a talk to give? Teach a tutorial!\u003c/li\u003e\n\u003cli\u003eThe conference will arrange your air travel and hotel, and you’ll get to spend a few great days with the best community on earth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2325\" rel=\"nofollow\"\u003eMichael W. Lucas’s post about the 2015 proposals and rejections \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.freshports.org/www/obhttpd/\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s lightweight web server now in FreeBSD\u0026#39;s ports tree\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=FI_bZhV7wpI\" rel=\"nofollow\"\u003eStephen Bourne\u0026#39;s NYCBUG talk is online\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://freebsdwiki.net/index.php/Main_Page\" rel=\"nofollow\"\u003eLooking for owner to FreeBSDWiki\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://frozen-geek.net/openbsd-email-server-1/\" rel=\"nofollow\"\u003eHOWTO: OpenBSD Mail Server \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.daemonology.net/blog/2015-12-06-magic-getopt.html\" rel=\"nofollow\"\u003eA new magic getopt library\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://uggedal.com/journal/pxe-boot-openbsd-from-openwrt/\" rel=\"nofollow\"\u003ePXE boot OpenBSD from OpenWRT\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://permalink.gmane.org/gmane.os.openbsd.misc/227054\" rel=\"nofollow\"\u003eSupporting the OpenBSD project\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20pbRLRRz\" rel=\"nofollow\"\u003e Zachary - FreeBSD Jails\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2jGy34fy2\" rel=\"nofollow\"\u003e Robert - Iocage help!\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Ht8JfpL\" rel=\"nofollow\"\u003e Kjell - Server Management\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2GYtvd7hU\" rel=\"nofollow\"\u003e Brian - NAS Setup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21EVs6aUg\" rel=\"nofollow\"\u003e Mike - Radius Followup\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s205zZiJCv\" rel=\"nofollow\"\u003e Laszlo - Best Stocking Ever\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow - It’s getting close to christmas and the","date_published":"2015-12-09T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/37b89eb3-cafc-4d08-916c-024e11347e21.mp3","mime_type":"audio/mpeg","size_in_bytes":72811156,"duration_in_seconds":6067}]},{"id":"f6f6236e-2e69-406f-879c-67f05cf5e490","title":"118: BSD is go for Launch","url":"https://www.bsdnow.tv/118","content_text":"Coming up on BSDNow - We know init systems have been all the rage\n\nThis episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nInterview with Renato Westphal\n\n\nAn interview with Brazilian OpenBSD developer Renato Westphal\nHe describes how he first got into OpenBSD, working on a University-Industry partnership program and looking to deploy LDP (Label Distribution Protocol) for MPLS.\nHe ported OpenBSDs ldpd(8) to Linux, but then contributed his bug fixes and improvements back to OpenBSD\nWhen asked if he was motivated to replace closed-source router implementations with OpenBSD: “Well, I don't administer any network, I work full time as a programmer. I have some friends however that succeeded replacing closed vendor solutions with OpenBSD boxes and that for sure motivates me to keep doing what I'm doing. My biggest motivation, however, is the challenge of resolving complex problems writing trivially simple code that is both secure and efficient.”\nThey also go on to discuss some of the interesting features of EIGRP, and developing eigrpd(8)\nWhat do you think is missing from routing in OpenBSD: “Implementing new features and protocols while they are in their draft stage in IETF. I'd like to see OpenBSD as the reference platform for the development of new routing and networking technologies in general”\n***\n\n\nLet’s Encrypt on a FreeBSD NGINX reverse proxy\n\n\nWe have a neat guide/story today on how to setup the “Let’s Encrypt” certificates on a FreeBSD / nginx reverse proxy\nBackstory: For those who don’t know, “Let’s Encrypt” (https://letsencrypt.org) is a new Certificate Authority, which will allow you to create free and automated certificates.\nThey have been in closed beta for several months now, and will be opening to a public beta Dec 3rd (tomorrow)\nThis guide is particularly timely, since by the time most of you are watching this episode, the public beta will be up and running.\nMost of the instructions are fairly straight-forward. She starts by installing the lets-encrypt package from ports/pkg and modifying her nginx with a ‘catch-all’ vhost that re-directs traffic to the https versions of a site.\nWith that done, the certificate creation is just a few commands to get started, in which she shows creating a cert for multiple domains\nAs a bonus! She includes a nice renewal script which can be run from cron. It will monitor the certs daily, and renew it when it’s 14 days from expiring, or throw an error for somebody to look at.\n***\n\n\nMike Larkins OpenBSD vmm subsystem now in tree\n\n\nAn openBSD native hypervisor has taken another step closer to reality, with Mike Larkin pushing the initial bits of “vmm” into the base kernel/world\nHe mentions in the commit message that it still needs a lot of work, and as such is disabled by default. \nHowever for the adventurous among you, it can be turned on and tested\nRight now there is no BIOS, and as such it can only be used to boot other OpenBSD instances, although he mentions other BSD’s could be supported fairly quickly (He did a 1 hour port to bootstrap NetBSD)\nNo big documentation expected for this release, since there is so much ongoing churn. Take a look at the man page for details on getting started. \n***\n\n\nThe story of how Yahoo switched to FreeBSD\n\n\nYahoo originally started running on SunOS, but quickly found it not able to cope with the high frequency of HTTP requests\n“Having spend many frustrating hours trying to install other PC OS's, I was a bit skeptical. I had no intention of spending three days trying to install yet another one. To my surprise I went to the FreeBSD Web site, downloaded the floppy boot image, booted a PC with the created floppy, answered a few install questions, and a few minutes later FreeBSD was installing over the Net. The real surprise was when I came back later to a fully configured system that actually worked.”\n“If anything had gone wrong with that install it would likely been the end of that trial. Luckily for us that it was the easiest and most painless OS installs I had ever experienced.”\nJust that easily, Yahoo might never have ended up on FreeBSD\n“A couple of days later we added a FreeBSD box to our cluster of Web servers. Not only did it out-perform the rest of our machines, but it was more stable.”\nFrom my understanding of stories told over dinner, Yahoo had a few very important perl scripts, and they tended to crash on Linux, but kept running without issue on FreeBSD\nRelated hackernews thread \n***\n\n\niXsystems\n\n\niXsystem's recap of LISA 2015 \n***\n\n\nInterview - Mark Heily - mark@heily.com / @MarkHeily\n\n\nrelaunchd\n***\n\n\nNews Roundup\n\nInline Intrusion Prevision System is an upcoming OPNSense Feature\n\n\nThe next OPNSense release, 16.1 is around the corner and today we have a sneak peek at their new Inline Intrusion Prevention system\nSuricata working with Netmap 2.1 enabled version, which allows Deep Packet Inspection of traffic. Such as looking at each packet individually and only blocking specific ones. They use the example of blocking Warcraft (oh noes!)\nEnabling this feature is just a simple mouse-click away, and various default rules are included as part of the Emerging Threats Community rules. \n***\n\n\nMatthew Dillion working on Hardlinks in Hammer2\n\n\nWe have an interesting commit from Matthew Dillon for Hammer2, specifically targeted at hard-links\nThe backstory he gives us: “The H2 design has had a long-standing problem of losing track of hardlinks when intermediate directories are renamed, breaking the  common-parent-directory design for the inode target.”\nThe implemented fix was one which instead places the hardlink target in the first common parent directory, which is marked with “xlink” via chflag\nIf no parent directory is marked “xlink”, it will fall-through instead to the root of the mount\nThey also modified their installworld to set “/” /usr/,/var/,/home/ as “xlink” flagged\nThis prevents moving hard-links across these directories, but is similar to dealing with multiple partitions / datasets already.\n***\n\n\nJapan's NetBSD User Group showed off some NetBSD machines at the 2015 Tokushima Open Source Conference\n\n\nIt’s been a little while since we’ve shown off a bunch of odd devices running NetBSD, but we have an update from the 2015 Tokushima Open Source Conference.\nThis time around, we have pictures of the booth, as well as a variety of oddities such as:\nODroid-C1 / Sharp X68030\nSharp NetWalker\nSharp WZero3 (Cell phone)\nGive them a look, this time around they have nice cards pictured which details the hardware being used (in english none the less!)\n***\n\n\nOne of the three OpenBSD users Blog Post by Adam Wolk\n\n\nAn OpenBSD user comments on a recent interaction with the syncthing project (a dropbox like alternative)\nThe application has an auto-update feature (which doesn’t mix well with package systems in the first place), but it doesn’t work on OpenBSD because there is no /proc/curproc/file to determine the filename of the executable. This is a trivially easy task, but when the bug was reported, syncthings response was “Maybe one of the three OpenBSD users feel strongly enough about this to propose a patch. :D”\nPart of the issue is that many users (especially the type that would run OpenBSD) opt out of reporting metrics, so OpenBSD is under-represented in the metrics the project developers are basing their decisions on\nMaybe someone can post a patch to solve the problem. While FreeBSD can provide a linux procfs, it would be better to use a more portable way to get the location of the process binary\n***\n\n\nBeastieBits\n\n\nDragonFly BSD 4.4 RC branch created \nHOWTO: NFS booting bhyve \nDragonFly BSD is looking for a 4.4 RC image by the end of November\nSupport for Atheros QCA953x \"Honeybee\" has been added to FreeBSD \nTop updated in DragonflyBSD to allow the 'c' command \nFreeBSD textbook makes appearance on the 6pm news in the Netherlands 12:49 \nSemiBug gives a recap of its Inaugural meeting and its plans for future meetups \n***\n\n\nFeedback/Questions\n\n\n Adam - GELI on USB \n Noble - Radius on FreeBSD \n Jim - Backporting Wifi Code \n Mohammad - Zombies! \n Miguel - ScaleEngine BTS \n***\n","content_html":"\u003cp\u003eComing up on BSDNow - We know init systems have been all the rage\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151123113224\u0026mode=expanded\" rel=\"nofollow\"\u003eInterview with Renato Westphal\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn interview with Brazilian OpenBSD developer Renato Westphal\u003c/li\u003e\n\u003cli\u003eHe describes how he first got into OpenBSD, working on a University-Industry partnership program and looking to deploy LDP (Label Distribution Protocol) for MPLS.\u003c/li\u003e\n\u003cli\u003eHe ported OpenBSDs ldpd(8) to Linux, but then contributed his bug fixes and improvements back to OpenBSD\u003c/li\u003e\n\u003cli\u003eWhen asked if he was motivated to replace closed-source router implementations with OpenBSD: “Well, I don\u0026#39;t administer any network, I work full time as a programmer. I have some friends however that succeeded replacing closed vendor solutions with OpenBSD boxes and that for sure motivates me to keep doing what I\u0026#39;m doing. My biggest motivation, however, is the challenge of resolving complex problems writing trivially simple code that is both secure and efficient.”\u003c/li\u003e\n\u003cli\u003eThey also go on to discuss some of the interesting features of EIGRP, and developing eigrpd(8)\u003c/li\u003e\n\u003cli\u003eWhat do you think is missing from routing in OpenBSD: “Implementing new features and protocols while they are in their draft stage in IETF. I\u0026#39;d like to see OpenBSD as the reference platform for the development of new routing and networking technologies in general”\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://savagedlight.me/2015/11/24/lets-encrypt-on-a-freebsd-nginx-reverse-proxy/\" rel=\"nofollow\"\u003eLet’s Encrypt on a FreeBSD NGINX reverse proxy\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a neat guide/story today on how to setup the “Let’s Encrypt” certificates on a FreeBSD / nginx reverse proxy\u003c/li\u003e\n\u003cli\u003eBackstory: For those who don’t know, “Let’s Encrypt” (\u003ca href=\"https://letsencrypt.org\" rel=\"nofollow\"\u003ehttps://letsencrypt.org\u003c/a\u003e) is a new Certificate Authority, which will allow you to create free and automated certificates.\u003c/li\u003e\n\u003cli\u003eThey have been in closed beta for several months now, and will be opening to a public beta Dec 3rd (tomorrow)\u003c/li\u003e\n\u003cli\u003eThis guide is particularly timely, since by the time most of you are watching this episode, the public beta will be up and running.\u003c/li\u003e\n\u003cli\u003eMost of the instructions are fairly straight-forward. She starts by installing the lets-encrypt package from ports/pkg and modifying her nginx with a ‘catch-all’ vhost that re-directs traffic to the https versions of a site.\u003c/li\u003e\n\u003cli\u003eWith that done, the certificate creation is just a few commands to get started, in which she shows creating a cert for multiple domains\u003c/li\u003e\n\u003cli\u003eAs a bonus! She includes a nice renewal script which can be run from cron. It will monitor the certs daily, and renew it when it’s 14 days from expiring, or throw an error for somebody to look at.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=144822644214614\u0026w=2\" rel=\"nofollow\"\u003eMike Larkins OpenBSD vmm subsystem now in tree\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn openBSD native hypervisor has taken another step closer to reality, with Mike Larkin pushing the initial bits of “vmm” into the base kernel/world\u003c/li\u003e\n\u003cli\u003eHe mentions in the commit message that it still needs a lot of work, and as such is disabled by default. \u003c/li\u003e\n\u003cli\u003eHowever for the adventurous among you, it can be turned on and tested\u003c/li\u003e\n\u003cli\u003eRight now there is no BIOS, and as such it can only be used to boot other OpenBSD instances, although he mentions other BSD’s could be supported fairly quickly (He did a 1 hour port to bootstrap NetBSD)\u003c/li\u003e\n\u003cli\u003eNo big documentation expected for this release, since there is so much ongoing churn. Take a look at the man page for details on getting started. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://zer0.org/daemons/yahoobsd.html\" rel=\"nofollow\"\u003eThe story of how Yahoo switched to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYahoo originally started running on SunOS, but quickly found it not able to cope with the high frequency of HTTP requests\u003c/li\u003e\n\u003cli\u003e“Having spend many frustrating hours trying to install other PC OS\u0026#39;s, I was a bit skeptical. I had no intention of spending three days trying to install yet another one. To my surprise I went to the FreeBSD Web site, downloaded the floppy boot image, booted a PC with the created floppy, answered a few install questions, and a few minutes later FreeBSD was installing over the Net. The real surprise was when I came back later to a fully configured system that actually worked.”\u003c/li\u003e\n\u003cli\u003e“If anything had gone wrong with that install it would likely been the end of that trial. Luckily for us that it was the easiest and most painless OS installs I had ever experienced.”\u003c/li\u003e\n\u003cli\u003eJust that easily, Yahoo might never have ended up on FreeBSD\u003c/li\u003e\n\u003cli\u003e“A couple of days later we added a FreeBSD box to our cluster of Web servers. Not only did it out-perform the rest of our machines, but it was more stable.”\u003c/li\u003e\n\u003cli\u003eFrom my understanding of stories told over dinner, Yahoo had a few very important perl scripts, and they tended to crash on Linux, but kept running without issue on FreeBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://news.ycombinator.com/item?id=10558288\" rel=\"nofollow\"\u003eRelated hackernews thread\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/whats-new/lisa-2015/\" rel=\"nofollow\"\u003eiXsystem\u0026#39;s recap of LISA 2015\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Mark Heily - \u003ca href=\"mailto:mark@heily.com\" rel=\"nofollow\"\u003emark@heily.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/MarkHeily\" rel=\"nofollow\"\u003e@MarkHeily\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mheily/relaunchd\" rel=\"nofollow\"\u003erelaunchd\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/inline-intrusion-prevention/\" rel=\"nofollow\"\u003eInline Intrusion Prevision System is an upcoming OPNSense Feature\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe next OPNSense release, 16.1 is around the corner and today we have a sneak peek at their new Inline Intrusion Prevention system\u003c/li\u003e\n\u003cli\u003eSuricata working with Netmap 2.1 enabled version, which allows Deep Packet Inspection of traffic. Such as looking at each packet individually and only blocking specific ones. They use the example of blocking Warcraft (oh noes!)\u003c/li\u003e\n\u003cli\u003eEnabling this feature is just a simple mouse-click away, and various default rules are included as part of the Emerging Threats Community rules. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-November/458763.html\" rel=\"nofollow\"\u003eMatthew Dillion working on Hardlinks in Hammer2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have an interesting commit from Matthew Dillon for Hammer2, specifically targeted at hard-links\u003c/li\u003e\n\u003cli\u003eThe backstory he gives us: “The H2 design has had a long-standing problem of losing track of hardlinks when intermediate directories are renamed, breaking the  common-parent-directory design for the inode target.”\u003c/li\u003e\n\u003cli\u003eThe implemented fix was one which instead places the hardlink target in the first common parent directory, which is marked with “xlink” via chflag\u003c/li\u003e\n\u003cli\u003eIf no parent directory is marked “xlink”, it will fall-through instead to the root of the mount\u003c/li\u003e\n\u003cli\u003eThey also modified their installworld to set “/\u003cem\u003e” /usr/\u003c/em\u003e,/var/\u003cem\u003e,/home/\u003c/em\u003e as “xlink” flagged\u003c/li\u003e\n\u003cli\u003eThis prevents moving hard-links across these directories, but is similar to dealing with multiple partitions / datasets already.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2015-November/016403.html\" rel=\"nofollow\"\u003eJapan\u0026#39;s NetBSD User Group showed off some NetBSD machines at the 2015 Tokushima Open Source Conference\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt’s been a little while since we’ve shown off a bunch of odd devices running NetBSD, but we have an update from the 2015 Tokushima Open Source Conference.\u003c/li\u003e\n\u003cli\u003eThis time around, we have pictures of the booth, as well as a variety of oddities such as:\u003c/li\u003e\n\u003cli\u003eODroid-C1 / Sharp X68030\u003c/li\u003e\n\u003cli\u003eSharp NetWalker\u003c/li\u003e\n\u003cli\u003eSharp WZero3 (Cell phone)\u003c/li\u003e\n\u003cli\u003eGive them a look, this time around they have nice cards pictured which details the hardware being used (in english none the less!)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.tintagel.pl/2015/11/22/one-of-the-three-openbsd-users.html\" rel=\"nofollow\"\u003eOne of the three OpenBSD users Blog Post by Adam Wolk\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn OpenBSD user comments on a recent interaction with the syncthing project (a dropbox like alternative)\u003c/li\u003e\n\u003cli\u003eThe application has an auto-update feature (which doesn’t mix well with package systems in the first place), but it doesn’t work on OpenBSD because there is no /proc/curproc/file to determine the filename of the executable. This is a trivially easy task, but when the bug was reported, syncthings response was “Maybe one of the \u003ca href=\"https://data.syncthing.net/#metrics\" rel=\"nofollow\"\u003ethree\u003c/a\u003e OpenBSD users feel strongly enough about this to propose a patch. :D”\u003c/li\u003e\n\u003cli\u003ePart of the issue is that many users (especially the type that would run OpenBSD) opt out of reporting metrics, so OpenBSD is under-represented in the metrics the project developers are basing their decisions on\u003c/li\u003e\n\u003cli\u003eMaybe someone can post a patch to solve the problem. While FreeBSD can provide a linux procfs, it would be better to use a more portable way to get the location of the process binary\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastieBits\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-November/458818.html\" rel=\"nofollow\"\u003eDragonFly BSD 4.4 RC branch created\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://oshogbo.vexillium.org/blog/39/\" rel=\"nofollow\"\u003eHOWTO: NFS booting bhyve\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/kernel/2015-November/175040.html\" rel=\"nofollow\"\u003eDragonFly BSD is looking for a 4.4 RC image by the end of November\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=290910\" rel=\"nofollow\"\u003eSupport for Atheros QCA953x \u0026quot;Honeybee\u0026quot; has been added to FreeBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-November/458692.html\" rel=\"nofollow\"\u003eTop updated in DragonflyBSD to allow the \u0026#39;c\u0026#39; command\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.npo.nl/nos-journaal/30-11-2015/POW_00941854\" rel=\"nofollow\"\u003eFreeBSD textbook makes appearance on the 6pm news in the Netherlands 12:49\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2495\" rel=\"nofollow\"\u003eSemiBug gives a recap of its Inaugural meeting and its plans for future meetups\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s204HRCPdR\" rel=\"nofollow\"\u003e Adam - GELI on USB\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21q2WWisr\" rel=\"nofollow\"\u003e Noble - Radius on FreeBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21L59OGyF\" rel=\"nofollow\"\u003e Jim - Backporting Wifi Code\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20nWwzTGS\" rel=\"nofollow\"\u003e Mohammad - Zombies!\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s201Kpd4GX\" rel=\"nofollow\"\u003e Miguel - ScaleEngine BTS\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up on BSDNow - We know init systems have been all the rage","date_published":"2015-12-02T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f6f6236e-2e69-406f-879c-67f05cf5e490.mp3","mime_type":"audio/mpeg","size_in_bytes":66828532,"duration_in_seconds":5569}]},{"id":"729727f1-dbfe-4631-ab85-62cded2f6ef6","title":"117: The Cantrill Strikes Back: ...","url":"https://www.bsdnow.tv/117","content_text":"This episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or \niXsystems hardware, and you could win monthly prizes, and have your story featured \nin the FreeBSD Journal!\n***\n\n\nHeadlines\n\nWhy did I choose the DragonFlyBSD Operating System by Siju George\n\n\nWe have a new article this week by Siju George posted over at BSDMag, talking about his reasons for using DragonFlyBSD in production. \nHe ran through periods of using both Free/OpenBSD, but different reasons led him away from each. Specifically problems doing port upgrades on FreeBSD, and the time required to do fsck / raid parity checks on OpenBSD. \nDuring his research, he had heard about the HAMMER file-system, but didn’t know of anybody running it in production. After some mailing list conversions, and pointers from Matthew Dillon, he took the plunge and switched. \nNow he has fallen in love with the operating system, some of the key strengths he notes at:\nRolling-Release model, which can be upgraded every few weeks or whenever he has the time\n\n\nNo time-consuming fsck after a unclean shutdown\nNo RAID parity checks while still having redundancy\nAble to add volumes to HAMMER on the fly\n\nHe also mentions looking forward to HAMMER2, and its potential for easy clustering support, along with eventual CARP implementation so he can run two systems on the same IP. \n***\n\n\nThe Devil \u0026amp; BSD - Larry Cafiero\n\n\nA story that has been making the rounds on social media is by Larry Cafiero, on his reasons for deciding to switch from Linux over to the BSD side of things.\nWhile most of the reasons are over the conflicts surrounding behavior by Linux leaders towards those in the community, he does mention that he has converted his main workstation over to PC-BSD. \nAccording to Larry, “With a couple of hours of adding backup files and tweaking (augmented by a variety of “oh, look” moments which could easily make me the ADHD Foundation Poster Boy), it looks exactly like my personally modified Korora 22 Xfce which graced the machine earlier. “\nHe also gave a great compliment to the quality of the docs / applications in PC-BSD: “In addition, you have to like a operating system which gives you a book — in this case, the PC-BSD Handbook — which should be the gold standard of documentation. It’s enviable, as in, “man, I wish I had written that.” Also programs like AppCafe provide a plethora of FOSS software, so there’s no shortage of programs. Side by side, there’s nothing on the Linux side of things that is lacking on the BSD side of things.”\nRegardless the initial reason for the switch, we are glad to have him and any other switchers join us on the BSD side of FOSS.\n***\n\n\nNew resource for BSD-schoolin’\n\n\n“The initial repository contains all of the material for the practitioner and masters style courses as well as a PDF for the teaching guide.  All of the material is licensed under a BSD doc team license, also visible in the repo and on the github site.”\n“we expect all other work, including the extension of the practitioner course to 5 days, and the adaptation of the graduate course to undergraduates will be in the github repo”\n“Our goal now is to recruit a small number of universities to partner with us to teach this material.  We will keep you posted on our progress.”\nWe are working on getting an interview lined up to talk more about this project\nIf I somehow find the time, I am try to contribute towards a sysadmin course similar to what I used to teach at an Arts\u0026amp;Tech College here in Canada\n***\n\n\nA Few thoughts on OpenBSD 5.8\n\n\nA user details their thoughts, reactions, and concerns after upgrading to OpenBSD 5.8\nAmong the changes: \nsudo was removed and replaced as doas. The user decided to make the switch, but ran into a bug with line continuation (\\ to escape newline to continue a long line)\nThe removal of TCP Wrappers support from ssh - this caused a number of rules in hosts.allow to no longer be respected. \nThe FreeBSD port of openssh-portable has a patch to readd TCP wrappers because many people find it useful, including myself, when the ssh is in a jail and cannot run a firewall\nThe removal of the pf_rules= rc.conf variable. “I used to just put the default pf.conf rules file in place with each release and upgrade, and keep my changes in a pf.conf.local file that was specified in the pf_rules variable. The effect was that from the period after the upgrade until I noticed the change, my systems were using the default rules and thus more exposed than they were supposed to be”\nThis is what is often called a “POLA Violation”, Policy of Least Astonishment. When deciding what the system should do after some change or new feature is introduced, it should be the thing that will be the least “surprising” to the user. Having your firewall rules suddenly not apply, is surprising.\n“A minor annoying change that was made in 5.8 was putting the file /var/unbound/db/root.key into /etc/changelist, so that the file gets checked daily by the security script. The issue with this is that if you are actually using unbound with DNSSEC, this file changes daily, though only in the comments”\nIt is very helpful to see a list of feedback like this after a release, so that the next release can be better\nI would be interested in seeing similar feedback for the other BSDs\n***\n\n\nInterview - Bryan Cantrill - @bcantrill\n\nLinux Interface Rants\n\n\n\nNews Roundup\n\nFreeBSD AMI building AMI - Colin’s Corner\n\n\nColin Percival (Of TarSnap Fame) has brought us a new article this week on how to create your own custom EC2 AMI builds.\nThis new tool and instructions allows the creation of AMI files, without needing to go through the hassle of doing a fresh FreeBSD release build each time.\nEssentially it works similar to Colin’s previous “de-penguinator” utility, by running a FreeBSD in a memory instance, allowing the disk to be unmounted and prepped for becoming an AMI.\nThe hope  is that this new work allows easier creation of a new variety of “customized” FreeBSD instances, for end users to download and deploy at will. \n***\n\n\nPeter Hessler on OpenBSD / OpenBGPd\n\n\nLast week a new video landed of Peter Hessler giving us a status update on OpenBSD tech, and OpenBGPd specifically\nOf interest, he notes that LibreSSL is being used in iOS / OSX, and of course PF is used all over, Apple, BSD, Solaris and even a Windows port!\nOpenNTPD gets a mention as well, still ZERO CVEs for the lifetime of the project\nOn the OpenBGPd side, it is considered production ready, so no reason to hold back deployment\nVery “feature-complete”, able to handle Edge Router, Route server, Multi-RIB. Slew of optional features like route reflector, looking glass, mrt dumps, mpls / mpls vpn. \nBugs fixed, crashers, memory constraints and performance has been improved\nFiltering Performance, in example provided, importing 561K rules / 60K prefixes, went from 35 minutes down to 30 seconds. \n***\n\n\nOnion Omega Updates\n\n\nI have a newer kernel config that will be committed soon that hooks up the system LED, and the three LEDs on the expansion dock via /dev/led\nI also have the I2C interface working to talk to the Relay and Servo expansions\nI have not determined the exact protocol for the Servo expansions, but the relay expansion is fairly simple to operate\nInstructions have been added to the wiki\nI have managed to use the GPIO to toggle external LEDs and to read the value from a switch\nI have also used the Servo PWM controller to dim an LED and control the speed of a PWM computer case fan\nMy plan is to operate a 32x32 multi colour LED matrix from the device for an interactive christmas display\n***\n\n\nFreeBSD Mastery: ZFS Book review\n\n\nBook can be purchased here\nor from the list of vendors including directly from the author here \n***\n\n\nBeastie Bits\n\nComputer History Museum is looking for Bell Labs UNIX \n\nACM Queue Portrait: Robert Watson  \n\nVideo Collection about BSD History, put together by FreeBSDNews\n\nMinix announces its 2016 conference \n\nChris Henschen from fP Technologies' talk about BSD is now online\n\nMike Larkin and Theo de Raadt's talks from Hackfest this year in Quebec are online \n\nFreeBSD on a BeagleBoneBlack with a Touchscreen Display\n\nDan Langille will be talking at CINLUG\n\nFeedback/Questions\n\n\nJohn - Rpi2 and BSD \nRoger - Win10 + FreeBSD \n Anonymous - Sharing Socket \n Brad - Scrub Repaired \n Kelly - Automated Provisioning \n***\n","content_html":"\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or \niXsystems hardware, and you could win monthly prizes, and have your story featured \nin the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/siju_george/\" rel=\"nofollow\"\u003eWhy did I choose the DragonFlyBSD Operating System by Siju George\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a new article this week by Siju George posted over at BSDMag, talking about his reasons for using DragonFlyBSD in production. \u003c/li\u003e\n\u003cli\u003eHe ran through periods of using both Free/OpenBSD, but different reasons led him away from each. Specifically problems doing port upgrades on FreeBSD, and the time required to do fsck / raid parity checks on OpenBSD. \u003c/li\u003e\n\u003cli\u003eDuring his research, he had heard about the HAMMER file-system, but didn’t know of anybody running it in production. After some mailing list conversions, and pointers from Matthew Dillon, he took the plunge and switched. \u003c/li\u003e\n\u003cli\u003eNow he has fallen in love with the operating system, some of the key strengths he notes at:\u003c/li\u003e\n\u003cli\u003eRolling-Release model, which can be upgraded every few weeks or whenever he has the time\n\n\u003cul\u003e\n\u003cli\u003eNo time-consuming fsck after a unclean shutdown\u003c/li\u003e\n\u003cli\u003eNo RAID parity checks while still having redundancy\u003c/li\u003e\n\u003cli\u003eAble to add volumes to HAMMER on the fly\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eHe also mentions looking forward to HAMMER2, and its potential for easy clustering support, along with eventual CARP implementation so he can run two systems on the same IP. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://fossforce.com/2015/11/devil-bsd-leaving-linux-behind/\" rel=\"nofollow\"\u003eThe Devil \u0026amp; BSD - Larry Cafiero\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA story that has been making the rounds on social media is by Larry Cafiero, on his reasons for deciding to switch from Linux over to the BSD side of things.\u003c/li\u003e\n\u003cli\u003eWhile most of the reasons are over the conflicts surrounding behavior by Linux leaders towards those in the community, he does mention that he has converted his main workstation over to PC-BSD. \u003c/li\u003e\n\u003cli\u003eAccording to Larry, “With a couple of hours of adding backup files and tweaking (augmented by a variety of “oh, look” moments which could easily make me the ADHD Foundation Poster Boy), it looks exactly like my personally modified Korora 22 Xfce which graced the machine earlier. “\u003c/li\u003e\n\u003cli\u003eHe also gave a great compliment to the quality of the docs / applications in PC-BSD: “In addition, you have to like a operating system which gives you a book — in this case, the PC-BSD Handbook — which should be the gold standard of documentation. It’s enviable, as in, “man, I wish I had written that.” Also programs like AppCafe provide a plethora of FOSS software, so there’s no shortage of programs. Side by side, there’s nothing on the Linux side of things that is lacking on the BSD side of things.”\u003c/li\u003e\n\u003cli\u003eRegardless the initial reason for the switch, we are glad to have him and any other switchers join us on the BSD side of FOSS.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://teachbsd.org/\" rel=\"nofollow\"\u003eNew resource for BSD-schoolin’\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e“The \u003ca href=\"https://github.com/teachbsd/course\" rel=\"nofollow\"\u003einitial repository\u003c/a\u003e contains all of the material for the practitioner and masters style courses as well as a PDF for the teaching guide.  All of the material is licensed under a BSD doc team license, also visible in the repo and on the github site.”\u003c/li\u003e\n\u003cli\u003e“we expect all other work, including the extension of the practitioner course to 5 days, and the adaptation of the graduate course to undergraduates will be in the github repo”\u003c/li\u003e\n\u003cli\u003e“Our goal now is to recruit a small number of universities to partner with us to teach this material.  We will keep you posted on our progress.”\u003c/li\u003e\n\u003cli\u003eWe are working on getting an interview lined up to talk more about this project\u003c/li\u003e\n\u003cli\u003eIf I somehow find the time, I am try to contribute towards a sysadmin course similar to what I used to teach at an Arts\u0026amp;Tech College here in Canada\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lippard.blogspot.co.uk/2015/11/a-few-thoughts-on-openbsd-58.html\" rel=\"nofollow\"\u003eA Few thoughts on OpenBSD 5.8\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA user details their thoughts, reactions, and concerns after upgrading to OpenBSD 5.8\u003c/li\u003e\n\u003cli\u003eAmong the changes: \u003c/li\u003e\n\u003cli\u003esudo was removed and replaced as doas. The user decided to make the switch, but ran into a bug with line continuation (\\ to escape newline to continue a long line)\u003c/li\u003e\n\u003cli\u003eThe removal of TCP Wrappers support from ssh - this caused a number of rules in hosts.allow to no longer be respected. \u003c/li\u003e\n\u003cli\u003eThe FreeBSD port of openssh-portable has a patch to readd TCP wrappers because many people find it useful, including myself, when the ssh is in a jail and cannot run a firewall\u003c/li\u003e\n\u003cli\u003eThe removal of the pf_rules= rc.conf variable. “I used to just put the default pf.conf rules file in place with each release and upgrade, and keep my changes in a pf.conf.local file that was specified in the pf_rules variable. The effect was that from the period after the upgrade until I noticed the change, my systems were using the default rules and thus more exposed than they were supposed to be”\u003c/li\u003e\n\u003cli\u003eThis is what is often called a “POLA Violation”, Policy of Least Astonishment. When deciding what the system should do after some change or new feature is introduced, it should be the thing that will be the least “surprising” to the user. Having your firewall rules suddenly not apply, is surprising.\u003c/li\u003e\n\u003cli\u003e“A minor annoying change that was made in 5.8 was putting the file /var/unbound/db/root.key into /etc/changelist, so that the file gets checked daily by the security script. The issue with this is that if you are actually using unbound with DNSSEC, this file changes daily, though only in the comments”\u003c/li\u003e\n\u003cli\u003eIt is very helpful to see a list of feedback like this after a release, so that the next release can be better\u003c/li\u003e\n\u003cli\u003eI would be interested in seeing similar feedback for the other BSDs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Bryan Cantrill - \u003ca href=\"https://twitter.com/bcantrill\" rel=\"nofollow\"\u003e@bcantrill\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eLinux Interface Rants\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2015-11-21-FreeBSD-AMI-builder-AMI.html\" rel=\"nofollow\"\u003eFreeBSD AMI building AMI - Colin’s Corner\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin Percival (Of TarSnap Fame) has brought us a new article this week on how to create your own custom EC2 AMI builds.\u003c/li\u003e\n\u003cli\u003eThis new tool and instructions allows the creation of AMI files, without needing to go through the hassle of doing a fresh FreeBSD release build each time.\u003c/li\u003e\n\u003cli\u003eEssentially it works similar to Colin’s previous “de-penguinator” utility, by running a FreeBSD in a memory instance, allowing the disk to be unmounted and prepped for becoming an AMI.\u003c/li\u003e\n\u003cli\u003eThe hope  is that this new work allows easier creation of a new variety of “customized” FreeBSD instances, for end users to download and deploy at will. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ripe71.ripe.net/archives/video/1200/\" rel=\"nofollow\"\u003ePeter Hessler on OpenBSD / OpenBGPd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLast week a new video landed of Peter Hessler giving us a status update on OpenBSD tech, and OpenBGPd specifically\u003c/li\u003e\n\u003cli\u003eOf interest, he notes that LibreSSL is being used in iOS / OSX, and of course PF is used all over, Apple, BSD, Solaris and even a Windows port!\u003c/li\u003e\n\u003cli\u003eOpenNTPD gets a mention as well, still ZERO CVEs for the lifetime of the project\u003c/li\u003e\n\u003cli\u003eOn the OpenBGPd side, it is considered production ready, so no reason to hold back deployment\u003c/li\u003e\n\u003cli\u003eVery “feature-complete”, able to handle Edge Router, Route server, Multi-RIB. Slew of optional features like route reflector, looking glass, mrt dumps, mpls / mpls vpn. \u003c/li\u003e\n\u003cli\u003eBugs fixed, crashers, memory constraints and performance has been improved\u003c/li\u003e\n\u003cli\u003eFiltering Performance, in example provided, importing 561K rules / 60K prefixes, went from 35 minutes down to 30 seconds. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/freebsd/freebsd-wifi-build/wiki/Onion-Omega\" rel=\"nofollow\"\u003eOnion Omega Updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eI have a newer kernel config that will be committed soon that hooks up the system LED, and the three LEDs on the expansion dock via /dev/led\u003c/li\u003e\n\u003cli\u003eI also have the I2C interface working to talk to the Relay and Servo expansions\u003c/li\u003e\n\u003cli\u003eI have not determined the exact protocol for the Servo expansions, but the relay expansion is fairly simple to operate\u003c/li\u003e\n\u003cli\u003eInstructions have been added to the wiki\u003c/li\u003e\n\u003cli\u003eI have managed to use the GPIO to toggle external LEDs and to read the value from a switch\u003c/li\u003e\n\u003cli\u003eI have also used the Servo PWM controller to dim an LED and control the speed of a PWM computer case fan\u003c/li\u003e\n\u003cli\u003eMy plan is to operate a 32x32 multi colour LED matrix from the device for an interactive christmas display\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.cyberciti.biz/datacenter/book-review-freebsd-mastery-zfs/\" rel=\"nofollow\"\u003eFreeBSD Mastery: ZFS Book review\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBook can be \u003ca href=\"http://smile.amazon.com/FreeBSD-Mastery-ZFS-7/dp/0692452354/\" rel=\"nofollow\"\u003epurchased here\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eor \u003ca href=\"http://www.zfsbook.com/\" rel=\"nofollow\"\u003efrom the list of vendors including directly from the author here\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.computerhistory.org/artifactdonation/\" rel=\"nofollow\"\u003eComputer History Museum is looking for Bell Labs UNIX\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://youtu.be/rA_5Cz99z28\" rel=\"nofollow\"\u003eACM Queue Portrait: Robert Watson \u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsdnews.com/2015/11/12/bsd-videos/\" rel=\"nofollow\"\u003eVideo Collection about BSD History, put together by FreeBSDNews\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.minix3.org/conference/2016/\" rel=\"nofollow\"\u003eMinix announces its 2016 conference\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2015/10/bsdtalk258-chris-henschen-from-fp.html\" rel=\"nofollow\"\u003eChris Henschen from fP Technologies\u0026#39; talk about BSD is now online\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151123161651\u0026mode=expanded\" rel=\"nofollow\"\u003eMike Larkin and Theo de Raadt\u0026#39;s talks from Hackfest this year in Quebec are online\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://kernelnomicon.org/?p=534\" rel=\"nofollow\"\u003eFreeBSD on a BeagleBoneBlack with a Touchscreen Display\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.cinlug.org/meetings/2015/December\" rel=\"nofollow\"\u003eDan Langille will be talking at CINLUG\u003c/a\u003e\u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Gm06eC0Y\" rel=\"nofollow\"\u003eJohn - Rpi2 and BSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Kf2FG84H\" rel=\"nofollow\"\u003eRoger - Win10 + FreeBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21bOG5UhS\" rel=\"nofollow\"\u003e Anonymous - Sharing Socket\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20bKjCNXW\" rel=\"nofollow\"\u003e Brad - Scrub Repaired\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2qb07BC2G\" rel=\"nofollow\"\u003e Kelly - Automated Provisioning\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"","date_published":"2015-11-24T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/729727f1-dbfe-4631-ab85-62cded2f6ef6.mp3","mime_type":"audio/mpeg","size_in_bytes":96142900,"duration_in_seconds":8011}]},{"id":"ae6271fa-c8be-4fb6-9e87-d13ea9fccf1a","title":"116: Arcing ZFS","url":"https://www.bsdnow.tv/116","content_text":"This episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n\n\n\n\nHeadlines\n\nHow to create new binary packages in the Ports system on OpenBSD\n\n\nCreating a port is often a great first step you can take to get involved in your favorite BSD of choice, and (often) doesn’t require any actual programming to do so.\nIn this article we have a great walkthrough for users on creating a new ported application, and eventually binary package, on OpenBSD\nAs mentioned in the tutorial, a good starting place is always an existing port, which can you use as a template for your new creation. Tip: Try to pick something similar, I.E. python for a python app, Qt for Qt, etc.\nThis tutorial will first walk you through the process of creating your Makefile and related description about the new port. \nOnce you’ve created the initial Makefile, there are a bunch of new “make” targets you can begin to run to try building your port, everything from “make fetch” to “make makesum” and “make package”. Using these tests you can verify that your port is correct and results in the installable package/app you wanted.\n***\n\n\nStatus update on pledge(2)\n\n\nOpenBSD has been working very aggressively to convert much of their base system applications to using pledge(2) “Formerly Tame(2))\nTheo has provided a great status update on where that stands as of right now and the numbers look like the following:\nOut of 600 ELF binaries, 368 of them have been updated to utilize pledge(2) in some manner\nThis is quite a few, and includes everything from openssl, ping, sftp, grep, gzip and much more\nThere are still a number of “pledge-able” commands waiting for conversion, such as login, sysctl, nfsd, ssh and others.\nHe also mentions that there does exist some subset of commands which aren’t viable pledge(2) candidates, such as simple things like “true”, or commands like reboot/mount or even perl itself. \n***\n\n\nFreeBSD booting on the Onion Omega\n\n\nTiny $19 MIPS SoC ($25 with dock that provides built in mini-USB Serial interface, power supply, LED lights, GPIO expansion, USB port, etc)\nA number of pluggable ‘expansions’ are available, including:\n\n\nArduino Dock (connect the Omega device to your existing Arduino components)\nBlue Tooth Lower Energy\n10/100 Ethernet Port\nRelay expansion (2 relays each, can stack up to 8 expansions to control 16 relays)\nServo expansion (control up to 16 PWM servos, like robotic arms or camera mounts)\nOLED expansion (1\" monochrome 128x64 OLED display)\nThermal Printer Kit (includes all wiring and other components)\n\nThe device is the product of a successful Kick Starter campaign from March of this year\nSpecs:\nAtheros AR9330 rev1 400MHZ MIPS 24K\n64MB DDR2 400MHz\n16MB Flash \n802.11b/g/n 150Mbps Atheros Wifi + 100mbps Atheros Wired Ethernet\n18 GPIO Pins\nUSB Controller\nUsing the freebsd-wifi-build tool, I was able to build a new firmware for the device based on a profile for a similar device based on the same Atheros chip. I hope to have time to validate some of the settings and get them posted up into the wiki and get the kernel configuration committed to FreeBSD in the next week or two\nIt is an interesting device compared to the TP-Link WDR3600’s we did at BSDCan, as it has twice as much flash, leaving more room for the system image, but only half as much ram, and a slower CPU\n***\n\n\nSSH Performance testing\n\n\nThere has been a discussion  about the value of upkeeping the HPN (High Performance Networking) patch to OpenSSH in the base system of FreeBSD\nAs part of this, I did some fresh benchmarks on my pair of new high end servers\nThe remaining part to be done is testing different levels of latency\nBy tweaking the socket buffer sizes, I was able to saturate the full 10 gigabit with netcat, iperf, etc\nFrom the tests that have been done so far, it doesn’t look like even the NONE cipher can reach that level of performance because of the MAC (Message Authentication Code)\nIt does appear that some of the auto-tuning in HPN is not worked as expected\nExplicitly setting -oTcpRcvBuf=7168 (KB) is enough to saturate a gigabit with 50ms RTT (round trip time)\n***\n\n\niXsystems\n\n\niX gives an overview of FreeBSD at SeaGl 2015 \nOn the FreeNAS Blog, Michael Dexter explains the ZFS Intent Log and SLOG  \n\n\nInterview - George Wilson - wilzun@gmail.com / @zfsdude\n\n\nOpenZFS and Delphix\n***\n\n\nNews Roundup\n\nNicholas Marriott has replaced the aging version of less(1) in OpenBSD\n\n\nSometimes less isn’t more, it’s just less\nIn this story, we have news that the old version of less(1) in OpenBSD has now been ripped out in favor of the more modern fork from illumos founder Garrett D’Amore.\nIn addition to being a “more” modern version, it also includes far “less” of the portability code, uses terminfo, replacing termcap and is more POSIX compliant. \n***\n\n\nFreeBSD gets initial support for advanced SMR drives \n\n\nKenneth D. Merry ken@freebsd.org has developed initial support for Host Managed, and Host Aware Shingled Magnetic Recording drives in FreeBSD, available as a patch against both -current and 10-stable\n“This includes support for Host Managed, Host Aware and Drive Managed SMRdrives that are either SCSI (ZBC) or ATA (ZAC) attached via a SAScontroller.  This does not include support for SMR ATA drives attached viaan ATA controller.  Also, I have not yet figured out how to properly detecta Host Managed ATA drive, so this code won't do that.”\nSMR drives have overlapping tracks, because the read head can be much smaller than the write head\nThe drawback to this approach is that writes to the disk must take place in 256 MB “zones” that must be written from the beginning\nNew features in the patch:\nA new 'camcontrol zone' command that allows displaying and managing drive zones via SCSI/ATA passthrough.\n\n\nA new zonectl(8) utility that uses the new DIOCZONECMD ioctl to display and manage zones via the da(4) (and later ada(4)) driver.\nChanges to diskinfo -v to display the zone mode of a drive.\nA new disk zone API, sys/sys/disk_zone.h.\nA new bio type, BIO_ZONE, and modifications to GEOM to support it.  This new bio will allow filesystems to query zone support in a drive and manage zoned drives.\n\nExtensive modifications to the da(4) driver to handle probing SCSI and SATA behind SAS SMR drives.\n\n\nAdditional CAM CDB building functions for zone commands.\n\n“We (Spectra Logic) are working on ZFS changes that will use this CAM and GEOM infrastructure to make ZFS play well with SMR drives.  Those changes aren't yet done.”\nIt is good to see active development in this area, especially from experts in archival storage\nA second patch is also offered, that improves the pass(4) passthrough interface for disks, and introduces a new camdd(8) command, a version of dd that uses the pass(4) interface, kqueue, and separate reader/writer threads for improved performance\nHe also presents a feature wishlist that includes some interesting benchmarking features, including a ‘sink’ mode, where reads from the device are just thrown away, rather than having to write then to /dev/null\n***\n\n\nInitial implemtnation of 802.11n now in iwm(4)\n\n\nOpenBSD laptop users rejoice! 802.11n has landed!\nInitially only for the iwm(4) driver, support is planned for other devices in the future\nIncludes support for all the required (non-optional) bits to make 802.11N functional\nAdds a new 11n mode to ifmedia, and MCS (modulation coding scheme) that sits alongside the ieee80211_rateset structure. \nNo support for MIMO / SGI (Short Guard Interval) or 40 MHz wide-channels, but perhaps we will see those in a future update.\nThey are asking users for testing against a wide variety of any/all APs!\n***\n\n\nFreebsd adds support for Bluetooth LE Security Management\n\n\nFreeBSD + BlueTooth, not something we discuss a lot about, but it is still under active development.\nThe most recently added features come from Takanori Watanabe, and adds new LE Security Management. \nSpecifically, it enables support for BLE Security Manager Protocol(SMP), and enables a userland tool to wait for the underlying HCI connection to be encrypted.\n***\n\n\nBuilding OpnSense on HardenedBSD\n\n\nLooking for a way to further Harden your router? We have a tutorial from the HardenedBSD developer, Shawn Webb, about how to build OpnSense on HBSD 10-STABLE.\nYou’ll need to first be running HBSD 10-STABLE somewhere, in this article he is using bhyve for the builder VM.\nThe build process itself is mostly pretty straight-forward, but there are a number of different repos that all have to be checked out, so pay attention to which goes where. \n+In this example he does a targeted build for a Netgate RCC-VE-4860, but you can pick your particular build. \n***\n\n\nBeastie Bits\n\n1 BTC bounty for chromium bug!\n\nDesktopBSD 2.0 M1 released\n\nBy implementing asynchronous pru_attach for UDP, Sepherosa Ziehau has increased connect rate by around 15K connections per second\n\nStephen Bourne, known for the Bourne Shell, will be giving a talk at NYCBUG this week \n\nTor Browser 5.0.3 for OpenBSD released\n\n\nThe Tor BSD Diversity Project aim to\n\n\nIncrease the number of Tor relays running BSDs. We envision this happening by increasing the total number of relays, with the addition of more BSD users running relays;\nMake the Tor Browser available under BSD operating systems using native packaging mechanisms. Our first target is OpenBSD;\nEngage the broader BSD community about the Tor anonymity network and the place that BSD Unix should occupy in the privacy community at large.\n\n\n\nScreenshots from Unix People circa 2002 \n\nFeedback/Questions\n\n\nDominik - Bhyve Setup\n John - beadm + GELI \n Darrall - ZFS + RAID = Problems\n Hamza - Which shell?\n Amenia - FreeBSD routing\n***\n","content_html":"\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://functionallyparanoid.com/2015/11/06/where-do-binary-packages-come-from/\" rel=\"nofollow\"\u003eHow to create new binary packages in the Ports system on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCreating a port is often a great first step you can take to get involved in your favorite BSD of choice, and (often) doesn’t require any actual programming to do so.\u003c/li\u003e\n\u003cli\u003eIn this article we have a great walkthrough for users on creating a new ported application, and eventually binary package, on OpenBSD\u003c/li\u003e\n\u003cli\u003eAs mentioned in the tutorial, a good starting place is always an existing port, which can you use as a template for your new creation. Tip: Try to pick something similar, I.E. python for a python app, Qt for Qt, etc.\u003c/li\u003e\n\u003cli\u003eThis tutorial will first walk you through the process of creating your Makefile and related description about the new port. \u003c/li\u003e\n\u003cli\u003eOnce you’ve created the initial Makefile, there are a bunch of new “make” targets you can begin to run to try building your port, everything from “make fetch” to “make makesum” and “make package”. Using these tests you can verify that your port is correct and results in the installable package/app you wanted.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151116152318\" rel=\"nofollow\"\u003eStatus update on pledge(2)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has been working very aggressively to convert much of their base system applications to using pledge(2) “Formerly Tame(2))\u003c/li\u003e\n\u003cli\u003eTheo has provided a great status update on where that stands as of right now and the numbers look like the following:\u003c/li\u003e\n\u003cli\u003eOut of 600 ELF binaries, 368 of them have been updated to utilize pledge(2) in some manner\u003c/li\u003e\n\u003cli\u003eThis is quite a few, and includes everything from openssl, ping, sftp, grep, gzip and much more\u003c/li\u003e\n\u003cli\u003eThere are still a number of “pledge-able” commands waiting for conversion, such as login, sysctl, nfsd, ssh and others.\u003c/li\u003e\n\u003cli\u003eHe also mentions that there does exist some subset of commands which aren’t viable pledge(2) candidates, such as simple things like “true”, or commands like reboot/mount or even perl itself. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://onion.io/omega/\" rel=\"nofollow\"\u003eFreeBSD booting on the Onion Omega\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTiny $19 MIPS SoC ($25 with dock that provides built in mini-USB Serial interface, power supply, LED lights, GPIO expansion, USB port, etc)\u003c/li\u003e\n\u003cli\u003eA number of pluggable ‘expansions’ are available, including:\n\n\u003cul\u003e\n\u003cli\u003eArduino Dock (connect the Omega device to your existing Arduino components)\u003c/li\u003e\n\u003cli\u003eBlue Tooth Lower Energy\u003c/li\u003e\n\u003cli\u003e10/100 Ethernet Port\u003c/li\u003e\n\u003cli\u003eRelay expansion (2 relays each, can stack up to 8 expansions to control 16 relays)\u003c/li\u003e\n\u003cli\u003eServo expansion (control up to 16 PWM servos, like robotic arms or camera mounts)\u003c/li\u003e\n\u003cli\u003eOLED expansion (1\u0026quot; monochrome 128x64 OLED display)\u003c/li\u003e\n\u003cli\u003eThermal Printer Kit (includes all wiring and other components)\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe device is the product of a successful \u003ca href=\"https://www.kickstarter.com/projects/onion/onion-omega-invention-platform-for-the-internet-of/description\" rel=\"nofollow\"\u003eKick Starter campaign\u003c/a\u003e from March of this year\u003c/li\u003e\n\u003cli\u003eSpecs:\u003c/li\u003e\n\u003cli\u003eAtheros AR9330 rev1 400MHZ MIPS 24K\u003c/li\u003e\n\u003cli\u003e64MB DDR2 400MHz\u003c/li\u003e\n\u003cli\u003e16MB Flash \u003c/li\u003e\n\u003cli\u003e802.11b/g/n 150Mbps Atheros Wifi + 100mbps Atheros Wired Ethernet\u003c/li\u003e\n\u003cli\u003e18 GPIO Pins\u003c/li\u003e\n\u003cli\u003eUSB Controller\u003c/li\u003e\n\u003cli\u003eUsing the \u003ca href=\"https://github.com/freebsd/freebsd-wifi-build/wiki\" rel=\"nofollow\"\u003efreebsd-wifi-build\u003c/a\u003e tool, I was able to build a new firmware for the device based on a profile for a similar device based on the same Atheros chip. I hope to have time to validate some of the settings and get them posted up into the wiki and get the kernel configuration committed to FreeBSD in the next week or two\u003c/li\u003e\n\u003cli\u003eIt is an interesting device compared to the TP-Link WDR3600’s we did at BSDCan, as it has twice as much flash, leaving more room for the system image, but only half as much ram, and a slower CPU\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/SSHPerf\" rel=\"nofollow\"\u003eSSH Performance testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere has \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058244.html\" rel=\"nofollow\"\u003ebeen a discussion\u003c/a\u003e  about the value of upkeeping the HPN (High Performance Networking) patch to OpenSSH in the base system of FreeBSD\u003c/li\u003e\n\u003cli\u003eAs part of this, I did some fresh benchmarks on my pair of new high end servers\u003c/li\u003e\n\u003cli\u003eThe remaining part to be done is testing different levels of latency\u003c/li\u003e\n\u003cli\u003eBy tweaking the socket buffer sizes, I was able to saturate the full 10 gigabit with netcat, iperf, etc\u003c/li\u003e\n\u003cli\u003eFrom the tests that have been done so far, it doesn’t look like even the NONE cipher can reach that level of performance because of the MAC (Message Authentication Code)\u003c/li\u003e\n\u003cli\u003eIt does appear that some of the auto-tuning in HPN is not worked as expected\u003c/li\u003e\n\u003cli\u003eExplicitly setting -oTcpRcvBuf=7168 (KB) is enough to saturate a gigabit with 50ms RTT (round trip time)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/whats-new/seagl-2015/\" rel=\"nofollow\"\u003eiX gives an overview of FreeBSD at SeaGl 2015\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.freenas.org/whats-new/2015/11/zfs-zil-and-slog-demystified.html\" rel=\"nofollow\"\u003eOn the FreeNAS Blog, Michael Dexter explains the ZFS Intent Log and SLOG \u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - George Wilson - \u003ca href=\"mailto:wilzun@gmail.com\" rel=\"nofollow\"\u003ewilzun@gmail.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/zfsdude\" rel=\"nofollow\"\u003e@zfsdude\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenZFS and Delphix\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151105223808\" rel=\"nofollow\"\u003eNicholas Marriott has replaced the aging version of less(1) in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSometimes less isn’t more, it’s just less\u003c/li\u003e\n\u003cli\u003eIn this story, we have news that the old version of less(1) in OpenBSD has now been ripped out in favor of the more modern fork from illumos founder Garrett D’Amore.\u003c/li\u003e\n\u003cli\u003eIn addition to being a “more” modern version, it also includes far “less” of the portability code, uses terminfo, replacing termcap and is more POSIX compliant. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058522.html\" rel=\"nofollow\"\u003eFreeBSD gets initial support for advanced SMR drives \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eKenneth D. Merry \u003ca href=\"mailto:ken@freebsd.org\" rel=\"nofollow\"\u003eken@freebsd.org\u003c/a\u003e has developed initial support for Host Managed, and Host Aware Shingled Magnetic Recording drives in FreeBSD, available as a patch against both -current and 10-stable\u003c/li\u003e\n\u003cli\u003e“This includes support for Host Managed, Host Aware and Drive Managed SMRdrives that are either SCSI (ZBC) or ATA (ZAC) attached via a SAScontroller.  This does not include support for SMR ATA drives attached viaan ATA controller.  Also, I have not yet figured out how to properly detecta Host Managed ATA drive, so this code won\u0026#39;t do that.”\u003c/li\u003e\n\u003cli\u003eSMR drives have overlapping tracks, because the read head can be much smaller than the write head\u003c/li\u003e\n\u003cli\u003eThe drawback to this approach is that writes to the disk must take place in 256 MB “zones” that must be written from the beginning\u003c/li\u003e\n\u003cli\u003eNew features in the patch:\u003c/li\u003e\n\u003cli\u003eA new \u0026#39;camcontrol zone\u0026#39; command that allows displaying and managing drive zones via SCSI/ATA passthrough.\n\n\u003cul\u003e\n\u003cli\u003eA new zonectl(8) utility that uses the new DIOCZONECMD ioctl to display and manage zones via the da(4) (and later ada(4)) driver.\u003c/li\u003e\n\u003cli\u003eChanges to diskinfo -v to display the zone mode of a drive.\u003c/li\u003e\n\u003cli\u003eA new disk zone API, sys/sys/disk_zone.h.\u003c/li\u003e\n\u003cli\u003eA new bio type, BIO_ZONE, and modifications to GEOM to support it.  This new bio will allow filesystems to query zone support in a drive and manage zoned drives.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eExtensive modifications to the da(4) driver to handle probing SCSI and SATA behind SAS SMR drives.\n\n\u003cul\u003e\n\u003cli\u003eAdditional CAM CDB building functions for zone commands.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003e“We (Spectra Logic) are working on ZFS changes that will use this CAM and GEOM infrastructure to make ZFS play well with SMR drives.  Those changes aren\u0026#39;t yet done.”\u003c/li\u003e\n\u003cli\u003eIt is good to see active development in this area, especially from experts in archival storage\u003c/li\u003e\n\u003cli\u003eA \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058521.html\" rel=\"nofollow\"\u003esecond patch\u003c/a\u003e is also offered, that improves the pass(4) passthrough interface for disks, and introduces a new camdd(8) command, a version of dd that uses the pass(4) interface, kqueue, and separate reader/writer threads for improved performance\u003c/li\u003e\n\u003cli\u003eHe also presents a feature wishlist that includes some interesting benchmarking features, including a ‘sink’ mode, where reads from the device are just thrown away, rather than having to write then to /dev/null\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151112212739\" rel=\"nofollow\"\u003eInitial implemtnation of 802.11n now in iwm(4)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD laptop users rejoice! 802.11n has landed!\u003c/li\u003e\n\u003cli\u003eInitially only for the iwm(4) driver, support is planned for other devices in the future\u003c/li\u003e\n\u003cli\u003eIncludes support for all the required (non-optional) bits to make 802.11N functional\u003c/li\u003e\n\u003cli\u003eAdds a new 11n mode to ifmedia, and MCS (modulation coding scheme) that sits alongside the ieee80211_rateset structure. \u003c/li\u003e\n\u003cli\u003eNo support for MIMO / SGI (Short Guard Interval) or 40 MHz wide-channels, but perhaps we will see those in a future update.\u003c/li\u003e\n\u003cli\u003eThey are asking users for testing against a wide variety of any/all APs!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=290038\" rel=\"nofollow\"\u003eFreebsd adds support for Bluetooth LE Security Management\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD + BlueTooth, not something we discuss a lot about, but it is still under active development.\u003c/li\u003e\n\u003cli\u003eThe most recently added features come from Takanori Watanabe, and adds new LE Security Management. \u003c/li\u003e\n\u003cli\u003eSpecifically, it enables support for BLE Security Manager Protocol(SMP), and enables a userland tool to wait for the underlying HCI connection to be encrypted.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://0xfeedface.org/2015/11/07/hbsd-opnsense.html\" rel=\"nofollow\"\u003eBuilding OpnSense on HardenedBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooking for a way to further Harden your router? We have a tutorial from the HardenedBSD developer, Shawn Webb, about how to build OpnSense on HBSD 10-STABLE.\u003c/li\u003e\n\u003cli\u003eYou’ll need to first be running HBSD 10-STABLE somewhere, in this article he is using bhyve for the builder VM.\u003c/li\u003e\n\u003cli\u003eThe build process itself is mostly pretty straight-forward, but there are a number of different repos that all have to be checked out, so pay attention to which goes where. \n+In this example he does a targeted build for a Netgate RCC-VE-4860, but you can pick your particular build. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/gliaskos/freebsd-chromium/issues/40\" rel=\"nofollow\"\u003e1 BTC bounty for chromium bug!\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.desktopbsd.net/forums/threads/desktopbsd-2-0-m1-released.806/\" rel=\"nofollow\"\u003eDesktopBSD 2.0 M1 released\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-October/458500.html\" rel=\"nofollow\"\u003eBy implementing asynchronous pru_attach for UDP, Sepherosa Ziehau has increased connect rate by around 15K connections per second\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2015-October/016384.html\" rel=\"nofollow\"\u003eStephen Bourne, known for the Bourne Shell, will be giving a talk at NYCBUG this week\u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2015-October/016390.html\" rel=\"nofollow\"\u003eTor Browser 5.0.3 for OpenBSD released\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://torbsd.github.io/\" rel=\"nofollow\"\u003eThe Tor BSD Diversity Project\u003c/a\u003e aim to\n\n\u003cul\u003e\n\u003cli\u003eIncrease the number of Tor relays running BSDs. We envision this happening by increasing the total number of relays, with the addition of more BSD users running relays;\u003c/li\u003e\n\u003cli\u003eMake the Tor Browser available under BSD operating systems using native packaging mechanisms. Our first target is OpenBSD;\u003c/li\u003e\n\u003cli\u003eEngage the broader BSD community about the Tor anonymity network and the place that BSD Unix should occupy in the privacy community at large.\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\u003ca href=\"https://anders.unix.se/2015/10/28/screenshots-from-developers--unix-people-2002/\" rel=\"nofollow\"\u003eScreenshots from Unix People circa 2002\u003c/a\u003e \u003c/p\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21xTyirkO\" rel=\"nofollow\"\u003eDominik - Bhyve Setup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2YVi7ULlJ\" rel=\"nofollow\"\u003e John - beadm + GELI \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20lRTaZSy\" rel=\"nofollow\"\u003e Darrall - ZFS + RAID = Problems\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2omNWdTBU\" rel=\"nofollow\"\u003e Hamza - Which shell?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Y8bPbnm\" rel=\"nofollow\"\u003e Amenia - FreeBSD routing\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we are going to be talking to George Wilson AKA","date_published":"2015-11-18T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ae6271fa-c8be-4fb6-9e87-d13ea9fccf1a.mp3","mime_type":"audio/mpeg","size_in_bytes":84798292,"duration_in_seconds":7066}]},{"id":"b30ad3ce-cbcf-4d14-8d50-f41bd6f0b74a","title":"115: Controlling the Transmissions","url":"https://www.bsdnow.tv/115","content_text":"Controlling the Transmissions\n\nThis episode was brought to you by\n\n\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nFreeBSD 2015 Vendor Dev Summit\n\n\n\nFreeBSD Quarterly Status Report - Third Quarter 2015\n\n\nWe have a fresh quarterly status report from the FreeBSD project. Once again it almost merits an entire show, but we will try to hit all the highlights. \nBhyve - Porting of the Intel edk2 UEFI firmware, allowing Windows in headless mode, and Illumos support. Also porting to ARM has begun!\nImproved Support for Acer C720 ChromeBooks\nHigh Availability Clustering in CTL (Cam Target Layer)\nRoot Remounting (Similar to pivot_root in Linux). This work allows using “reboot -r” to do a fast-reboot, with a partial shutdown, kill all processes, and re-mount rootfs and boot. Especially useful for booting from mfs or similar then transitioning to iscsi or some other backing storage\nOpenCL Support in Mesa, as well as kernel progress on the i915 driver\nImproved support for UEFI FrameBuffer on a bunch of recent MacBook Pro and other Macs, in addition to improvements to “vt” framebuffer driver for high resolution displays. \nZFS support for UEFI Boot (Needs testing, but used in PC-BSD for a couple months now), and importing new features from IllumOS (resumable send, receive prefetch, replication checksumming, 50% less ram required for L2ARC, better prefetch)\nDTrace SDT probes added to TCP code, to replace the old TCPDEBUG kernel option. Recompiling the kernel is no longer required to debug TCP, just use DTrace\nOngoing work to bring us a native port/package of GitLab\n***\n\n\nMeteor, the popular javascript web application framework has been forked to run on FreeBSD, OpenBSD and NetBSD - FreeBSD testers requested\n\n\nWe have a public call for testing for FreeBSD users of Meteor by Tom Freudenberg\nThe included link includes all the details on how to currently get meteor boot-strapped on your box and bring up the server\nSo far the reports are positive, many users reporting that it is running on their 10.2 systems / jails just fine. \nJust a day ago the original porter mentioned that OpenBSD is ready to go for testing using the prepared dev bundle. \n***\n\n\nMike Larkin work continues on an native OpenBSD hypervisor, which he has announced is now booting\n\n\nSpeaking of OpenBSD, we have an update from Mike Larkin about the status of the OpenBSD native hypervisor vmm(4). \nHis twitter post included the output from a successful VM bootup of OpenBSD 5.8-current, all the way to multi-user\nWhile the code hasn’t been committed (yet) we will keep you informed when it lands so you too can begin playing with it. \n***\n\n\nThis is how I like open source\n\n\nA blog post by FreeBSD Core Team member, and one of the lead developers of pkg, Baptiste Daroussin\nOne project he has been working on is string collation\nGarrett d'Amore (of IllumOS) implemented unicode string collation while working for Nexenta and made it BSD license\nJohn Marino (from Dragonfly) imported the work done on Illumos into Dragonfly, while he was doing that he decided, it was probably a good idea to rework how locales are handled\nHe discovered that Edwin Groothuis (from FreeBSD) had long ago started a project to simplify locales handling on FreeBSD\nHe extended the tools written by Edwin and has been able to update Dragonfly to the latest (v27 so far) unicode definitions\nJohn Marino has worked with Bapt many times on various projects (including bringing pkg and ports to Dragonfly)\nBapt decided it was time that FreeBSD got proper string collation support as well, and worked with John to import the support to FreeBSD\nBapt spotted a couple of bugs and worked with John on fixing them: issues with eucJP encoding, issues with Russian encoding (John did most of the work on tracking down and fixing the bugs), Bapt also converted localedef (the tool to generate the locales) into using BSD license only code (original version used the CDDL libavl library which I modified to use tree(3)), fixed issues. I also took the locale generation from Edwin (extended by John)\nThis work resulted in a nice flow of patches going from Dragonfly to FreeBSD and from FreeBSD to Dragonfly.\nAnd now Garrett is interested in grabbing back our patches into Illumos!\nThe result of this collaboration is that now 3 OS share the same implementation for collation support! This is very good because when one discovers a bug the 3 of them benefit the fix!\nThe biggest win here is that this was a lot of work, and not an area that many people are interested in working on, so it was especially important to share the work rather than reimplement it separately.\n***\n\n\nInterview - Hiren Panchasara - hiren@freebsd.org / @hirenpanchasara\n\n\nImproving TCP\n***\n\n\niXsystems\n\n\nMissonComplete winners\n***\n\n\nNews Roundup\n\nLibreSSL 2.3.1 released\n\n\nLibreSSl keeps on chugging, the latest release has landed, 2.3.1, which is the second snapshot based upon the OpenBSD 5.9 development branch.\nCurrently they are targeting a stable ABI/API sometime around March 2016 for the 2.3.X series.\nIncluded in this update are ASN. 1 cleanups and some compliance fixes for RFC5280\nSwitched internally to time_t, with a check that the host OS supports 64bit time_t\nVarious TLS fixes, including the ability to check cert validity times with tls_peer_cert_not{before|after}\nFixed a reported memory leak in OBJ_obj2txt\n***\n\n\nGuide for Installing Ghost w/ Nginx on FreeBSD\n\n\nA nice walkthrough for the week, we’ve found an article about how to install the Ghost blogging platform on FreeBSD 10.2. \nFor those who don’t know, Ghost is a MIT licensed blogging tool, started in 2012 by a former WordPress UI developer and is entirely coded in Node.js\nWhile a port for FreeBSD does not yet exist (somebody get on that please), this tutorial can walk you through the process of getting it deployed manually\nMost of the requirements are simple, www/node, www/npm and sqlite3. \nWith those installed, most of the steps are simply creating the username / home for ghost, and some “npm” setup. \nThe walkthrough even includes a handy rc.d script, making the possibility of a port seem much more likely\n***\n\n\nAdrian Chadd on 'Why attention to detail matters when you're a kernel developer\n\n\nAdrian was correctly trolled in the FreeBSD embedded IRC chatroom and started looking at why the bridging performance in MIPS boards was so bad\n120-150 mbit/sec is not really enough anymore\nUsing previous MIPS24k support as a starting point, Adrian managed to get HWPMC (Hardware Performance Monitoring Counters) working on MIPS74k\nUsing the data collected from the performance counters Adrian was able to figure out that packets were being copied in order to meet alignment requirements of the NIC and the FreeBSD networking stack. It turns out this is no longer a requirement for most modern Atheros NICs, so the workaround could be removed\nNow performance was 180 mbit/sec\nNext, on the receive side, only the TCP stack requires strict alignment, the ethernet stack does not, so offset the start point by 2 bytes so that TCP ends up aligned, and problem solved. Or not, no performance difference...\nThe problem appeared to be busdma, Ian Lepore had recently made improves in this area on armv6 and helpfully ported these over to MIPS\nNow 420 mbit/sec. Getting better, but not as fast as Linux\nAfter some further investigation, a missing ‘sync’ operation was added, and the memory caching was changed from writethrough to writeback\nThings were so fast now, that the descriptor ring was being run through the ring so quickly as to hit the next descriptor that is still being setup. The first was to mark the first descriptor of a multi-descriptor packet as ‘empty’ until the entire chain was setup, so it would not be processed before the latter bits were done being added to the ring.\nSo now MIPS can bridge at 720 mbit/sec, and route 320 mbit/sec\nAdrian wants to improve the routing speed and get it caught up to the bridging speed, but as always, free time is scarce.\n***\n\n\nSwitching from OS X to FreeBSD\n\n\nThe story of a user who had used OS X since its beta, but 10.9 and 10.10, became more and more dissatisfied\nThey found they were spending too much time fighting with the system, rather than getting work done\nThey cover the new workstation they bought, and the process of getting FreeBSD going on it, including why they chose FreeBSD rather than PCBSD\nAlso covered it setting up a Lenovo X220 laptop\nThey setup the i3wm and mutt\nThe blog is very detailed and goes so far as to share a github repo of dotfiles and configuration files to ease the transition from OS X.\n***\n\n\nBeastieBits\n\nThe Stack behind Netflix's scaling\n\n\n\nThe Amiga port of NetBSD now has xorg support\n\n\n\nNetBSD has announced EOL for v5.x to be November 9th\n\n\n\nRetroArch ports allow playing PlayStation, Sega, Atari, etc., games on FreeBSD\n\nOpenBSD booting on a 75mhz Cyrex system with 32MB RAM\n\n\n\nMatthew Green reports Nouveau Nvidia can support GL with his latest commit\n\n\n\nReleases!\n\nOPNsense releases 15.7.18\n\npfSense releases 2.2.5\n\n\n\nFeedback/Questions\n\n\n Eric\n Andrew\n Joseph\n Sean\n Dustin\n***\n\n\nFor those of you curious about Kris' new lighting here are the links to what he is using.\n\n\nSoftbox Light Diffuser\nFull Spectrum 5500K CFL Bulb\n***\n","content_html":"\u003cp\u003eControlling the Transmissions\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/201511VendorDevSummit\" rel=\"nofollow\"\u003eFreeBSD 2015 Vendor Dev Summit\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2015-07-2015-09.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report - Third Quarter 2015\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a fresh quarterly status report from the FreeBSD project. Once again it almost merits an entire show, but we will try to hit all the highlights. \u003c/li\u003e\n\u003cli\u003eBhyve - Porting of the Intel edk2 UEFI firmware, allowing Windows in headless mode, and Illumos support. Also porting to ARM has begun!\u003c/li\u003e\n\u003cli\u003eImproved Support for Acer C720 ChromeBooks\u003c/li\u003e\n\u003cli\u003eHigh Availability Clustering in CTL (Cam Target Layer)\u003c/li\u003e\n\u003cli\u003eRoot Remounting (Similar to pivot_root in Linux). This work allows using “reboot -r” to do a fast-reboot, with a partial shutdown, kill all processes, and re-mount rootfs and boot. Especially useful for booting from mfs or similar then transitioning to iscsi or some other backing storage\u003c/li\u003e\n\u003cli\u003eOpenCL Support in Mesa, as well as kernel progress on the i915 driver\u003c/li\u003e\n\u003cli\u003eImproved support for UEFI FrameBuffer on a bunch of recent MacBook Pro and other Macs, in addition to improvements to “vt” framebuffer driver for high resolution displays. \u003c/li\u003e\n\u003cli\u003eZFS support for UEFI Boot (Needs testing, but used in PC-BSD for a couple months now), and importing new features from IllumOS (resumable send, receive prefetch, replication checksumming, 50% less ram required for L2ARC, better prefetch)\u003c/li\u003e\n\u003cli\u003eDTrace SDT probes added to TCP code, to replace the old TCPDEBUG kernel option. Recompiling the kernel is no longer required to debug TCP, just use DTrace\u003c/li\u003e\n\u003cli\u003eOngoing work to bring us a native port/package of GitLab\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.meteor.com/t/freebsd-testers-please/12919/10\" rel=\"nofollow\"\u003eMeteor, the popular javascript web application framework has been forked to run on FreeBSD, OpenBSD and NetBSD - FreeBSD testers requested\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a public call for testing for FreeBSD users of Meteor by Tom Freudenberg\u003c/li\u003e\n\u003cli\u003eThe included link includes all the details on how to currently get meteor boot-strapped on your box and bring up the server\u003c/li\u003e\n\u003cli\u003eSo far the reports are positive, many users reporting that it is running on their 10.2 systems / jails just fine. \u003c/li\u003e\n\u003cli\u003eJust a day ago the original porter mentioned that OpenBSD is ready to go for testing using the prepared dev bundle. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151101223132\" rel=\"nofollow\"\u003eMike Larkin work continues on an native OpenBSD hypervisor, which he has announced is now booting\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpeaking of OpenBSD, we have an update from Mike Larkin about the status of the OpenBSD native hypervisor vmm(4). \u003c/li\u003e\n\u003cli\u003eHis twitter post included the output from a successful VM bootup of OpenBSD 5.8-current, all the way to multi-user\u003c/li\u003e\n\u003cli\u003eWhile the code hasn’t been committed (yet) we will keep you informed when it lands so you too can begin playing with it. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.etoilebsd.net/post/This_is_how_I_like_opensource\" rel=\"nofollow\"\u003eThis is how I like open source\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA blog post by FreeBSD Core Team member, and one of the lead developers of pkg, Baptiste Daroussin\u003c/li\u003e\n\u003cli\u003eOne project he has been working on is string collation\u003c/li\u003e\n\u003cli\u003eGarrett d\u0026#39;Amore (of IllumOS) implemented unicode string collation while working for Nexenta and made it BSD license\u003c/li\u003e\n\u003cli\u003eJohn Marino (from Dragonfly) imported the work done on Illumos into Dragonfly, while he was doing that he decided, it was probably a good idea to rework how locales are handled\u003c/li\u003e\n\u003cli\u003eHe discovered that Edwin Groothuis (from FreeBSD) had long ago started a project to simplify locales handling on FreeBSD\u003c/li\u003e\n\u003cli\u003eHe extended the tools written by Edwin and has been able to update Dragonfly to the latest (v27 so far) unicode definitions\u003c/li\u003e\n\u003cli\u003eJohn Marino has worked with Bapt many times on various projects (including bringing pkg and ports to Dragonfly)\u003c/li\u003e\n\u003cli\u003eBapt decided it was time that FreeBSD got proper string collation support as well, and worked with John to import the support to FreeBSD\u003c/li\u003e\n\u003cli\u003eBapt spotted a couple of bugs and worked with John on fixing them: issues with eucJP encoding, issues with Russian encoding (John did most of the work on tracking down and fixing the bugs), Bapt also converted localedef (the tool to generate the locales) into using BSD license only code (original version used the CDDL libavl library which I modified to use tree(3)), fixed issues. I also took the locale generation from Edwin (extended by John)\u003c/li\u003e\n\u003cli\u003eThis work resulted in a nice flow of patches going from Dragonfly to FreeBSD and from FreeBSD to Dragonfly.\u003c/li\u003e\n\u003cli\u003eAnd now Garrett is interested in grabbing back our patches into Illumos!\u003c/li\u003e\n\u003cli\u003eThe result of this collaboration is that now 3 OS share the same implementation for collation support! This is very good because when one discovers a bug the 3 of them benefit the fix!\u003c/li\u003e\n\u003cli\u003eThe biggest win here is that this was a lot of work, and not an area that many people are interested in working on, so it was especially important to share the work rather than reimplement it separately.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Hiren Panchasara - \u003ca href=\"mailto:hiren@freebsd.org\" rel=\"nofollow\"\u003ehiren@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/hirenpanchasara\" rel=\"nofollow\"\u003e@hirenpanchasara\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eImproving TCP\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eiXsystems\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ixsystems.com/whats-new/october-missioncomplete-winners/\" rel=\"nofollow\"\u003eMissonComplete winners\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt\" rel=\"nofollow\"\u003eLibreSSL 2.3.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLibreSSl keeps on chugging, the latest release has landed, 2.3.1, which is the second snapshot based upon the OpenBSD 5.9 development branch.\u003c/li\u003e\n\u003cli\u003eCurrently they are targeting a stable ABI/API sometime around March 2016 for the 2.3.X series.\u003c/li\u003e\n\u003cli\u003eIncluded in this update are ASN. 1 cleanups and some compliance fixes for RFC5280\u003c/li\u003e\n\u003cli\u003eSwitched internally to time_t, with a check that the host OS supports 64bit time_t\u003c/li\u003e\n\u003cli\u003eVarious TLS fixes, including the ability to check cert validity times with tls_peer_cert_not{before|after}\u003c/li\u003e\n\u003cli\u003eFixed a reported memory leak in OBJ_obj2txt\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://linoxide.com/linux-how-to/install-ghost-nginx-freebsd-10-2/\" rel=\"nofollow\"\u003eGuide for Installing Ghost w/ Nginx on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA nice walkthrough for the week, we’ve found an article about how to install the Ghost blogging platform on FreeBSD 10.2. \u003c/li\u003e\n\u003cli\u003eFor those who don’t know, Ghost is a MIT licensed blogging tool, started in 2012 by a former WordPress UI developer and is entirely coded in Node.js\u003c/li\u003e\n\u003cli\u003eWhile a port for FreeBSD does not yet exist (somebody get on that please), this tutorial can walk you through the process of getting it deployed manually\u003c/li\u003e\n\u003cli\u003eMost of the requirements are simple, www/node, www/npm and sqlite3. \u003c/li\u003e\n\u003cli\u003eWith those installed, most of the steps are simply creating the username / home for ghost, and some “npm” setup. \u003c/li\u003e\n\u003cli\u003eThe walkthrough even includes a handy rc.d script, making the possibility of a port seem much more likely\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2015/10/fixing-up-qca9558-performance-on.html\" rel=\"nofollow\"\u003eAdrian Chadd on \u0026#39;Why attention to detail matters when you\u0026#39;re a kernel developer\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian was correctly trolled in the FreeBSD embedded IRC chatroom and started looking at why the bridging performance in MIPS boards was so bad\u003c/li\u003e\n\u003cli\u003e120-150 mbit/sec is not really enough anymore\u003c/li\u003e\n\u003cli\u003eUsing previous MIPS24k support as a starting point, Adrian managed to get HWPMC (Hardware Performance Monitoring Counters) working on MIPS74k\u003c/li\u003e\n\u003cli\u003eUsing the data collected from the performance counters Adrian was able to figure out that packets were being copied in order to meet alignment requirements of the NIC and the FreeBSD networking stack. It turns out this is no longer a requirement for most modern Atheros NICs, so the workaround could be removed\u003c/li\u003e\n\u003cli\u003eNow performance was 180 mbit/sec\u003c/li\u003e\n\u003cli\u003eNext, on the receive side, only the TCP stack requires strict alignment, the ethernet stack does not, so offset the start point by 2 bytes so that TCP ends up aligned, and problem solved. Or not, no performance difference...\u003c/li\u003e\n\u003cli\u003eThe problem appeared to be busdma, Ian Lepore had recently made improves in this area on armv6 and helpfully ported these over to MIPS\u003c/li\u003e\n\u003cli\u003eNow 420 mbit/sec. Getting better, but not as fast as Linux\u003c/li\u003e\n\u003cli\u003eAfter some further investigation, a missing ‘sync’ operation was added, and the memory caching was changed from writethrough to writeback\u003c/li\u003e\n\u003cli\u003eThings were so fast now, that the descriptor ring was being run through the ring so quickly as to hit the next descriptor that is still being setup. The first was to mark the first descriptor of a multi-descriptor packet as ‘empty’ until the entire chain was setup, so it would not be processed before the latter bits were done being added to the ring.\u003c/li\u003e\n\u003cli\u003eSo now MIPS can bridge at 720 mbit/sec, and route 320 mbit/sec\u003c/li\u003e\n\u003cli\u003eAdrian wants to improve the routing speed and get it caught up to the bridging speed, but as always, free time is scarce.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mirrorshades.net/post/132753032310\" rel=\"nofollow\"\u003eSwitching from OS X to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe story of a user who had used OS X since its beta, but 10.9 and 10.10, became more and more dissatisfied\u003c/li\u003e\n\u003cli\u003eThey found they were spending too much time fighting with the system, rather than getting work done\u003c/li\u003e\n\u003cli\u003eThey cover the new workstation they bought, and the process of getting FreeBSD going on it, including why they chose FreeBSD rather than PCBSD\u003c/li\u003e\n\u003cli\u003eAlso covered it setting up a Lenovo X220 laptop\u003c/li\u003e\n\u003cli\u003eThey setup the i3wm and mutt\u003c/li\u003e\n\u003cli\u003eThe blog is very detailed and goes so far as to share a github repo of dotfiles and configuration files to ease the transition from OS X.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eBeastieBits\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.scalescale.com/the-stack-behind-netflix-scaling/\" rel=\"nofollow\"\u003eThe Stack behind Netflix\u0026#39;s scaling\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/source-changes/2015/11/04/msg069873.html\" rel=\"nofollow\"\u003eThe Amiga port of NetBSD now has xorg support\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.netbsd.org/tnf/entry/end_of_life_for_netbsd\" rel=\"nofollow\"\u003eNetBSD has announced EOL for v5.x to be November 9th\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058266.html\" rel=\"nofollow\"\u003eRetroArch ports allow playing PlayStation, Sega, Atari, etc., games on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"http://gfycat.com/InnocentSneakyEwe\" rel=\"nofollow\"\u003eOpenBSD booting on a 75mhz Cyrex system with 32MB RAM\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2015/10/29/msg069729.html\" rel=\"nofollow\"\u003eMatthew Green reports Nouveau Nvidia can support GL with his latest commit\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eReleases!\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://opnsense.org/opnsense-15-7-18-released/\" rel=\"nofollow\"\u003eOPNsense releases 15.7.18\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://blog.pfsense.org/?p=1925\" rel=\"nofollow\"\u003epfSense releases 2.2.5\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ogdURldm\" rel=\"nofollow\"\u003e Eric\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s22bK2LZLm\" rel=\"nofollow\"\u003e Andrew\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2to6ZpBTc\" rel=\"nofollow\"\u003e Joseph\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2oLU0KM7Y\" rel=\"nofollow\"\u003e Sean\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21k6oKvle\" rel=\"nofollow\"\u003e Dustin\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eFor those of you curious about Kris\u0026#39; new lighting here are the links to what he is using.\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://smile.amazon.com/gp/product/B00OTG6474?psc=1\u0026redirect=true\u0026ref_=oh_aui_detailpage_o01_s00\u0026pldnSite=1\" rel=\"nofollow\"\u003eSoftbox Light Diffuser\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://smile.amazon.com/gp/product/B00198U6U6?psc=1\u0026redirect=true\u0026ref_=oh_aui_detailpage_o06_s00\" rel=\"nofollow\"\u003eFull Spectrum 5500K CFL Bulb\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Controlling the Transmissions","date_published":"2015-11-11T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b30ad3ce-cbcf-4d14-8d50-f41bd6f0b74a.mp3","mime_type":"audio/mpeg","size_in_bytes":68483380,"duration_in_seconds":5706}]},{"id":"c2648e61-e485-4213-a0de-d1afa10c713f","title":"114: BSD-Schooling","url":"https://www.bsdnow.tv/114","content_text":"This week, Allan is out of town at another Developer Summit, but we have a great episode coming\n\nThis episode was brought to you by\n\n\nalt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u0026gt;\ntitle=\"DigitalOcean\"\u0026gt;\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u0026gt;\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nWhatsApp founder, on how it got so HUGE\n\n\nWired has interviewed WhatsApp co-founder Brian Acton, about the infrastructure behind WhatsApp\nWhatsApp manages 900 million users with a team of 50, while Twitter needs around 4,000 employees to manage 300 million users.\n“FreeBSD has a nicely tuned network stack and extremely good reliability. We find managing FreeBSD installations to be quite straightforward.”\n“Linux is a beast of complexity. FreeBSD has the advantage of being a single distribution with an extraordinarily good ports collection.”\n“To us, it has been an advantage as we have had very few problems that have occurred at the OS level. With Linux, you tend to have to wrangle more and you want to avoid that if you can.”\n“FreeBSD happened because both Jan and I have experience with FreeBSD from Yahoo!.”\nAdditional Coverage  \n***\n\n\nUser feedback in the SystemD vs BSD init\n\n\nWe have a very detailed blog post this week from Randy Westlund, about his experiences on Linux and BSD, contrasting the init systems.\nWhat he finds is that while, it does make some things easier, such as writing a service file once, and having it run everywhere, the tradeoff comes in the complexity and lack of transparency. \nAnother area of concern was the reproducibility of boots, how in his examples on servers, there can often be times when services start in different orders, to save a few moments of boot-time.\nHis take on the simplicity of BSD’s startup scripts is that they are very easy to hack on and monitor, while not introducing the feature creep we have seen in sysd. \nIt will be interesting to see NextBSD / LaunchD and how it compares in the future!\n***\n\n\nLearn to embrace open source, or get buried\n\n\nAt the recent “All Things Open” conference, opensource.com interviewed Jim Salter\nHe describes how he first got started using FreeBSD to host his personal website\nHe then goes on to talk about starting FreeBSDWiki.net and what its goals were\nThe interview then talks about using Open Source at solve customers’ problems at his consulting firm\nFinally, the talks about his presentation at AllThingsOpen: Move Over, Rsync \n about switching to ZFS replication\n***\n\n\nHP’s CTO Urges businesses to avoid permissive licenses \n\n\nMartin Fink went on a rant about the negative effects of license proliferation\nWhile I agree that having too many new licenses is confusing and adds difficulty, I didn’t agree with his closing point\n“He then ended the session with an extended appeal to move the open-source software industry away from permissive licenses like Apache 2.0 and toward copyleft licenses like the GPL”\n“The Apache 2.0 license is currently the most widely used \"permissive\" license. But the thing that developers overlook when adopting it, he said, is that by using Apache they are also making a choice about how much work they will have to put into building any sort of community around the project. If you look at Apache-licensed projects, he noted, \"you'll find that they are very top-heavy with 'governance' structures.\" Technical committees, working groups, and various boards, he said, are needed to make such projects function. But if you look at copyleft projects, he added, you find that those structures simply are not needed.”\nThere are plenty of smaller permissively licensed projects that do not have this sort of structure, infact, most of this structure comes from being an Apache run project, rather than from using the Apache or any other permissive license\nLuckily, he goes on to state that the “OpenSwitch code is released under the Apache 2.0 license, he said, because the other partner companies viewed that as a requirement.”\n“HP wanted to get networking companies and hardware suppliers on board. In order to get all of the legal departments at all of the partners to sign on to the project, he said, HP was forced to go with a permissive license”\nHopefully the trend towards permissive licenses continues\nAdditionally, in a separate LWN post:\nRMS Says: “I am not saying that competitors to a GNU package are unjust or bad -- that isn't necessarily so. The pertinent point is that they are competitors. The goal of the GNU Project is for GNU to win the competition. Each GNU package is a part of the GNU system, and should contribute to the success of the GNU Project. Thus, each GNU package should encourage people to run other GNU packages rather than their competitors -- even competitors which are free software.”  \nNever thought I’d see RMS espousing vendor lock-in\n***\n\n\nInterview - Brian Callahan - bcallah@devio.us / @twitter\n\n\nThe BSDs in Education\n***\n\n\nNews Roundup\n\nDigital Libraries in Africa making use of DragonflyBSD and HAMMER\n\n\nIn the international development context, we have an interesting post from Michael Wilson of the PeerCorps Trust Fund.\nThey are using DragonFlyBSD and FreeBSD to support the Tanzanian Digital Library Initiative in very resource-limited settings.\nThey cite among the most important reasons for using BSD as the availability and quality of the documentation, as well as the robustness of the filesystems, both ZFS and HAMMER.\nTheir website is now online over at (http://www.tandli.com/) , check it out to see exactly how BSD is being used in the field\n***\n\n\nnetflix hits \u0026gt; 65gbps from a single freebsd box\n\n\nA single socket server, with a high end Xeon E5 processor and a dual ported Chelsio T580 (2x 40 Gbps ports) set a netflix record pushing over 65 Gbps of traffic from a single machine\nThe videos were being pushed from SSDs and some new high end NVMe devices\nThe previous record at Netflix was 52 Gbps from a single machine, but only with very experimental settings. The current work is under much more typical settings\nBy the end of that night, traffic surged to over 70 Gbps\nOnly about 10-15% of that traffic was encrypted with the in-kernel TLS engine that Netflix has been working on with John-Mark Gurney\nIt was reported that the machine was only using about 65% cpu, and had plenty of head room\nIf I remember the discussion correctly, there were about 60,000 streams running off the machine\n***\n\n\nLumina Desktop 0.8.7 has been released\n\n\nA very large update has landed for PC-BSD’s Lumina desktop\nA brand new “Start” menu has been added, which enables quick launch of favorite apps, pinning to desktop / favorites and more.\nDesktop icons have been overhauled, with better font support, and a new Grid system for placement of icons.\nSupport for other BSD’s such as DragonFly has been improved, along with TONS of internal changes to functionality and backends.\nAlmost too many things to list here, but the link above will have full details, along with screenshots.\n***\n\n\nA LiveUSB for NetBSD has been released by Jibbed\n\n\nAfter a three year absence, the Jibbed project has come back with a Live USB image for NetBSD!\nThe image contains NetBSD 7.0, and is fully R/W, allowing you to run the entire system from a single USB drive.\nImages are available for 8Gb and 4Gb sticks (64bit and 32bit respectively), along with VirtualBox images as well\nFor those wanting X, it includes both X and TWM, although ‘pkgin’ is available, so you can quickly add other desktops to the image\n***\n\n\nBeastie Bits\n\n\nAfter recent discussions of revisiting WX support in Mozilla Firefox, David Coppa has flipped the switch to enable it for OpenBSD users running -current.\nUsing the vt(4) driver to change console resolution \nThe FreeBSD Foundation gives a great final overview of the Grace Hopper Conference\nA dialog about Compilers in the (BSD) base system\nOne upping their 48-core work from July, The Semihalf team shows off their the 96-core SMP support for FreeBSD on Cavium ThunderX (ARMv8 architecture\n\n\nNYC Bug's November meeting will be featuring a talk by Stephen R. Bourne\n\nNew not-just-BSD postcast, hosted by two OpenBSD devs Brandon Mercer and Joshua Stein\n\n\n\nFeedback/Questions\n\n\n Stefan  \n Zach  \n Jake  \n Corey  \n Robroy  \n\n\nSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \nfeedback@bsdnow.tv\n","content_html":"\u003cp\u003eThis week, Allan is out of town at another Developer Summit, but we have a great episode coming\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" \u003cbr\u003e\nalt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" \u003cbr\u003e\ntitle=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, \u003cbr\u003e\nBuilt for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.wired.com/2015/10/whatsapps-co-founder-on-how-the-iconoclastic-app-got-huge/\" rel=\"nofollow\"\u003eWhatsApp founder, on how it got so HUGE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWired has interviewed WhatsApp co-founder Brian Acton, about the infrastructure behind WhatsApp\u003c/li\u003e\n\u003cli\u003eWhatsApp manages 900 million users with a team of 50, while Twitter needs around 4,000 employees to manage 300 million users.\u003c/li\u003e\n\u003cli\u003e“FreeBSD has a nicely tuned network stack and extremely good reliability. We find managing FreeBSD installations to be quite straightforward.”\u003c/li\u003e\n\u003cli\u003e“Linux is a beast of complexity. FreeBSD has the advantage of being a single distribution with an extraordinarily good ports collection.”\u003c/li\u003e\n\u003cli\u003e“To us, it has been an advantage as we have had very few problems that have occurred at the OS level. With Linux, you tend to have to wrangle more and you want to avoid that if you can.”\u003c/li\u003e\n\u003cli\u003e“FreeBSD happened because both Jan and I have experience with FreeBSD from Yahoo!.”\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://uk.businessinsider.com/whatsapp-built-using-erlang-and-freebsd-2015-10\" rel=\"nofollow\"\u003eAdditional Coverage \u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.textplain.net/blog/2015/problems-with-systemd-and-why-i-like-bsd-init/\" rel=\"nofollow\"\u003eUser feedback in the SystemD vs BSD init\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a very detailed blog post this week from Randy Westlund, about his experiences on Linux and BSD, contrasting the init systems.\u003c/li\u003e\n\u003cli\u003eWhat he finds is that while, it does make some things easier, such as writing a service file once, and having it run everywhere, the tradeoff comes in the complexity and lack of transparency. \u003c/li\u003e\n\u003cli\u003eAnother area of concern was the reproducibility of boots, how in his examples on servers, there can often be times when services start in different orders, to save a few moments of boot-time.\u003c/li\u003e\n\u003cli\u003eHis take on the simplicity of BSD’s startup scripts is that they are very easy to hack on and monitor, while not introducing the feature creep we have seen in sysd. \u003c/li\u003e\n\u003cli\u003eIt will be interesting to see NextBSD / LaunchD and how it compares in the future!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://opensource.com/business/15/10/ato-interview-jim-salter\" rel=\"nofollow\"\u003eLearn to embrace open source, or get buried\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAt the recent “All Things Open” conference, opensource.com interviewed Jim Salter\u003c/li\u003e\n\u003cli\u003eHe describes how he first got started using FreeBSD to host his personal website\u003c/li\u003e\n\u003cli\u003eHe then goes on to talk about starting FreeBSDWiki.net and what its goals were\u003c/li\u003e\n\u003cli\u003eThe interview then talks about using Open Source at solve customers’ problems at his consulting firm\u003c/li\u003e\n\u003cli\u003eFinally, the talks about his presentation at AllThingsOpen: \u003ca href=\"http://allthingsopen.org/talks/move-over-rsync/\" rel=\"nofollow\"\u003eMove Over, Rsync \n\u003c/a\u003e about switching to ZFS replication\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lwn.net/Articles/660428/\" rel=\"nofollow\"\u003eHP’s CTO Urges businesses to avoid permissive licenses \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMartin Fink went on a rant about the negative effects of license proliferation\u003c/li\u003e\n\u003cli\u003eWhile I agree that having too many new licenses is confusing and adds difficulty, I didn’t agree with his closing point\u003c/li\u003e\n\u003cli\u003e“He then ended the session with an extended appeal to move the open-source software industry away from permissive licenses like Apache 2.0 and toward copyleft licenses like the GPL”\u003c/li\u003e\n\u003cli\u003e“The Apache 2.0 license is currently the most widely used \u0026quot;permissive\u0026quot; license. But the thing that developers overlook when adopting it, he said, is that by using Apache they are also making a choice about how much work they will have to put into building any sort of community around the project. If you look at Apache-licensed projects, he noted, \u0026quot;you\u0026#39;ll find that they are very top-heavy with \u0026#39;governance\u0026#39; structures.\u0026quot; Technical committees, working groups, and various boards, he said, are needed to make such projects function. But if you look at copyleft projects, he added, you find that those structures simply are not needed.”\u003c/li\u003e\n\u003cli\u003eThere are plenty of smaller permissively licensed projects that do not have this sort of structure, infact, most of this structure comes from being an Apache run project, rather than from using the Apache or any other permissive license\u003c/li\u003e\n\u003cli\u003eLuckily, he goes on to state that the “OpenSwitch code is released under the Apache 2.0 license, he said, because the other partner companies viewed that as a requirement.”\u003c/li\u003e\n\u003cli\u003e“HP wanted to get networking companies and hardware suppliers on board. In order to get all of the legal departments at all of the partners to sign on to the project, he said, HP was forced to go with a permissive license”\u003c/li\u003e\n\u003cli\u003eHopefully the trend towards permissive licenses continues\u003c/li\u003e\n\u003cli\u003eAdditionally, in a separate LWN post:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lwn.net/Articles/659757/\" rel=\"nofollow\"\u003eRMS Says: “I am not saying that competitors to a GNU package are unjust or bad -- that isn\u0026#39;t necessarily so. The pertinent point is that they are \u003cem\u003ecompetitors\u003c/em\u003e. The goal of the GNU Project is for GNU to win the competition. Each GNU package is a part of the GNU system, and should contribute to the success of the GNU Project. Thus, each GNU package should encourage people to run other GNU packages rather than their competitors -- even competitors which are free software.” \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eNever thought I’d see RMS espousing vendor lock-in\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Brian Callahan - \u003ca href=\"mailto:bcallah@devio.us\" rel=\"nofollow\"\u003ebcallah@devio.us\u003c/a\u003e / \u003ca href=\"https://twitter.com/__briancallahan\" rel=\"nofollow\"\u003e@twitter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe BSDs in Education\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-October/228403.html\" rel=\"nofollow\"\u003eDigital Libraries in Africa making use of DragonflyBSD and HAMMER\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the international development context, we have an interesting post from Michael Wilson of the PeerCorps Trust Fund.\u003c/li\u003e\n\u003cli\u003eThey are using DragonFlyBSD and FreeBSD to support the Tanzanian Digital Library Initiative in very resource-limited settings.\u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eThey cite among the most important reasons for using BSD as the availability and quality of the documentation, as well as the robustness of the filesystems, both ZFS and HAMMER.\u003c/li\u003e\n\u003cli\u003eTheir website is now online over at (\u003ca href=\"http://www.tandli.com/\" rel=\"nofollow\"\u003ehttp://www.tandli.com/\u003c/a\u003e) , check it out to see exactly how BSD is being used in the field\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/ed_maste/status/655120086248763396\" rel=\"nofollow\"\u003enetflix hits \u0026gt; 65gbps from a single freebsd box\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA single socket server, with a high end Xeon E5 processor and a dual ported Chelsio T580 (2x 40 Gbps ports) set a netflix record pushing over 65 Gbps of traffic from a single machine\u003c/li\u003e\n\u003cli\u003eThe videos were being pushed from SSDs and some new high end NVMe devices\u003c/li\u003e\n\u003cli\u003eThe previous record at Netflix was 52 Gbps from a single machine, but only with very experimental settings. The current work is under much more typical settings\u003c/li\u003e\n\u003cli\u003eBy the end of that night, traffic surged to over 70 Gbps\u003c/li\u003e\n\u003cli\u003eOnly about 10-15% of that traffic was encrypted with the in-kernel TLS engine that Netflix has been working on with John-Mark Gurney\u003c/li\u003e\n\u003cli\u003eIt was reported that the machine was only using about 65% cpu, and had plenty of head room\u003c/li\u003e\n\u003cli\u003eIf I remember the discussion correctly, there were about 60,000 streams running off the machine\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lumina-desktop.org/lumina-desktop-0-8-7-released/\" rel=\"nofollow\"\u003eLumina Desktop 0.8.7 has been released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA very large update has landed for PC-BSD’s Lumina desktop\u003c/li\u003e\n\u003cli\u003eA brand new “Start” menu has been added, which enables quick launch of favorite apps, pinning to desktop / favorites and more.\u003c/li\u003e\n\u003cli\u003eDesktop icons have been overhauled, with better font support, and a new Grid system for placement of icons.\u003c/li\u003e\n\u003cli\u003eSupport for other BSD’s such as DragonFly has been improved, along with TONS of internal changes to functionality and backends.\u003c/li\u003e\n\u003cli\u003eAlmost too many things to list here, but the link above will have full details, along with screenshots.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.jibbed.org/\" rel=\"nofollow\"\u003eA LiveUSB for NetBSD has been released by Jibbed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a three year absence, the Jibbed project has come back with a Live USB image for NetBSD!\u003c/li\u003e\n\u003cli\u003eThe image contains NetBSD 7.0, and is fully R/W, allowing you to run the entire system from a single USB drive.\u003c/li\u003e\n\u003cli\u003eImages are available for 8Gb and 4Gb sticks (64bit and 32bit respectively), along with VirtualBox images as well\u003c/li\u003e\n\u003cli\u003eFor those wanting X, it includes both X and TWM, although ‘pkgin’ is available, so you can quickly add other desktops to the image\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie Bits\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151021191401\u0026mode=expanded\" rel=\"nofollow\"\u003eAfter recent discussions of revisiting W\u003csup\u003eX\u003c/sup\u003e support in Mozilla Firefox, David Coppa has flipped the switch to enable it for OpenBSD users running -current.\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://lme.postach.io/post/changing-console-resolution-in-freebsd-10-with-vt-4\" rel=\"nofollow\"\u003eUsing the vt(4) driver to change console resolution\u003c/a\u003e \u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/10/conference-recap-grace-hopper.html\" rel=\"nofollow\"\u003eThe FreeBSD Foundation gives a great final overview of the Grace Hopper Conference\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://medium.com/@jmmv/compilers-in-the-bsd-base-system-1c4515a18c49\" rel=\"nofollow\"\u003eA dialog about Compilers in the (BSD) base system\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=1q5aDEt18mw\" rel=\"nofollow\"\u003eOne upping their 48-core work from July, The Semihalf team shows off their the 96-core SMP support for FreeBSD on Cavium ThunderX (ARMv8 architecture\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/talk/2015-October/016384.html\" rel=\"nofollow\"\u003eNYC Bug\u0026#39;s November meeting will be featuring a talk by Stephen R. Bourne\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch3\u003e\u003ca href=\"http://garbage.fm/\" rel=\"nofollow\"\u003eNew not-just-BSD postcast, hosted by two OpenBSD devs Brandon Mercer and Joshua Stein\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21wjbhCJ4\" rel=\"nofollow\"\u003e Stefan \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21TbKS5t0\" rel=\"nofollow\"\u003e Zach \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20AkO1i1R\" rel=\"nofollow\"\u003e Jake \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2nrUMatU5\" rel=\"nofollow\"\u003e Corey \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003cp\u003e\u003ca href=\"http://slexy.org/view/s2pZsC7arX\" rel=\"nofollow\"\u003e Robroy \u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\u003c/li\u003e\n\u003cli\u003e\u003cp\u003eSend questions, comments, show ideas/topics, or stories you want mentioned on the show to \u003cbr\u003e\n\u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003efeedback@bsdnow.tv\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, Allan is out of town at another Developer Summit, but we have a great episode coming","date_published":"2015-11-04T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c2648e61-e485-4213-a0de-d1afa10c713f.mp3","mime_type":"audio/mpeg","size_in_bytes":64337620,"duration_in_seconds":5361}]},{"id":"894b07bf-05ec-4da1-aeb5-9850cfdd6880","title":"113: What’s Next for BSD?","url":"https://www.bsdnow.tv/113","content_text":"Coming up on this week’s episode, we have an interview\n\nThis episode was brought to you by\n\n\nsrc=\"/images/1.png\" alt=\"iXsystems - Enterprise \nServers and Storage for Open Source\" /\u0026gt;\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud \nHosting, Built for Developers\" /\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups \nfor the Truly Paranoid\" /\u0026gt;\n\niX Systems Mission Complete\n\n\nSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\n\n\nHeadlines\n\nOpenBSD 5.8 is released on the 20th birthday of the OpenBSD project\n\n\n5.8 has landed, and just in time for the 20th birthday of OpenBSD, Oct 18th\nA long list of changes can be found on the release announcement, but here’s a small scattering of them\nDrivers for new hardware, such as:\n\n\nrtwn = Realtek RTL8188CE wifi\nhpb = HyperTransport bridge in IBM CPC945\nImproved sensor support for upd driver (USB power devices)\nJumbo frame support on re driver, using RTL8168C/D/E/F/G and RTL8411\n\nUpdated to installer, improve autoinstall, and questions about SSH setup\nSudo in base has been replace with “doas”, sudo moved to package tree\nNew file(1) command with sandboxing and priv separation\nThe tame(2) API WiP\nImprovements to the httpd(8) daemon, such as support for lua pattern matching redirections\nBugfixes and the security updates to OpenSMTPD 5.4.4\nLibreSSL security fixes, removed SSLv3 support from openssl(1) (Still working on nuking SSLv3 from all ports)\nAnd much more, too much to mention here, read the notes for all the gory details!\n\n\n\n\nOpenBSD Developer Interviews\n\n\nTo go along with the 20th birthday, we have a whole slew of new interviews brought to us by the beastie.pl team. English and Polish are both provided, so be sure not to miss these!\n\n\nDmitrij D. Czarkoff\nVadim Zhukov\nMarc Espie\nBryan Steele \nIngo Schwarze\nGilles Chehade \n\n\n\n\n\nJean-Sébastien Pédron has submitted a call for testing out the neIntel i915 driver\n\n\nA very eagerly awaited feature, Haswell GPU support has begun the testing process\nThe main developer, Jean-Sébastien Pédron dumbbell@freebsd.org  looking for users to test the patch, both those that have older supported cards (Sandybridge, Ivybridge) that are currently working, and users with Haswell devices that have, until now, not been supported\nIncluded is a link to the Wiki with instructions on how to enable debugging, and grab the updated branch of FreeBSD with the graphical improvements. Jean-Sébastien is calling for testers to send results both good and bad over to the freebsd-x11 mailing lists\nFor those who want an “out of box solution” the next PC-BSD 11.0-CURRENT November images will include these changes as well\n\n\n\n\nHow to install FreeBSD on a Raspberry Pi 2\n\n\nWe have a nice walkthrough this week on how to install FreeBSD, both \n10 or 11-CURRENT on a RPi 2!\nThe walkthrough shows us how to use OSX to copy the image to SD card, \nthen booting.\nIn this case, we have him using a USB to serial cable to capture \noutput with screen\nThis is a pretty quick way for users sitting on a RPi2 to get up and \nrunning with FreeBSD \n\n\n\n\nInterview - Jordan Hubbard - jkh@ixsystems.com\n\nNextBSD | NextBSD Github\n\n\n\nBeastie Bits\n\nOpenBSD's Source Tree turned 20 on October 18th\n\nGhostBSD working on Graphical ZFS Configuration Utility\n\nEuroBSDcon 2014 videos finally online\n\nPostdoctoral research position at Memorial University is open\n\nNetBSD Security Advisory: TCP LAST_ACK memory exhaustion, reported by NetFlix and Juniper  \n\nDesktopBSD making a comeback? \n\n\n\nFeedback/Questions\n\n\n Steve  \n Ben  \n Frank  \n Tyler \n\n\n","content_html":"\u003cp\u003eComing up on this week’s episode, we have an interview\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/1.png\" alt=\"iXsystems - Enterprise \u003cbr\u003e\nServers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud \u003cbr\u003e\nHosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups \u003cbr\u003e\nfor the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003ch4\u003e\u003ca href=\"https://www.ixsystems.com/missioncomplete/\" rel=\"nofollow\"\u003eiX Systems Mission Complete\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eSubmit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdsec.net/articles/openbsd-5-8-released\" rel=\"nofollow\"\u003eOpenBSD 5.8 is released on the 20th birthday of the OpenBSD project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e5.8 has landed, and just in time for the 20th birthday of OpenBSD, Oct 18th\u003c/li\u003e\n\u003cli\u003eA long list of changes can be found on the release announcement, but here’s a small scattering of them\u003c/li\u003e\n\u003cli\u003eDrivers for new hardware, such as:\n\n\u003cul\u003e\n\u003cli\u003ertwn = Realtek RTL8188CE wifi\u003c/li\u003e\n\u003cli\u003ehpb = HyperTransport bridge in IBM CPC945\u003c/li\u003e\n\u003cli\u003eImproved sensor support for upd driver (USB power devices)\u003c/li\u003e\n\u003cli\u003eJumbo frame support on re driver, using RTL8168C/D/E/F/G and RTL8411\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eUpdated to installer, improve autoinstall, and questions about SSH setup\u003c/li\u003e\n\u003cli\u003eSudo in base has been replace with “doas”, sudo moved to package tree\u003c/li\u003e\n\u003cli\u003eNew file(1) command with sandboxing and priv separation\u003c/li\u003e\n\u003cli\u003eThe tame(2) API WiP\u003c/li\u003e\n\u003cli\u003eImprovements to the httpd(8) daemon, such as support for lua pattern matching redirections\u003c/li\u003e\n\u003cli\u003eBugfixes and the security updates to OpenSMTPD 5.4.4\u003c/li\u003e\n\u003cli\u003eLibreSSL security fixes, removed SSLv3 support from openssl(1) (Still working on nuking SSLv3 from all ports)\u003c/li\u003e\n\u003cli\u003eAnd much more, too much to mention here, read the notes for all the gory details!\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eOpenBSD Developer Interviews\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eTo go along with the 20th birthday, we have a whole slew of new interviews brought to us by the beastie.pl team. English and Polish are both provided, so be sure not to miss these!\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://beastie.pl/deweloperzy-openbsd-dmitrij-d-czarkoff/\" rel=\"nofollow\"\u003eDmitrij D. Czarkoff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://beastie.pl/deweloperzy-openbsd-vadim-zhukov/\" rel=\"nofollow\"\u003eVadim Zhukov\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://beastie.pl/deweloperzy-openbsd-marc-espie/\" rel=\"nofollow\"\u003eMarc Espie\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://beastie.pl/deweloperzy-openbsd-bryan-steele/\" rel=\"nofollow\"\u003eBryan Steele\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://beastie.pl/deweloperzy-openbsd-ingo-schwarze/\" rel=\"nofollow\"\u003eIngo Schwarze\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://beastie.pl/deweloperzy-openbsd-gilles-chehade/\" rel=\"nofollow\"\u003eGilles Chehade\u003c/a\u003e \u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.freebsd.org/pipermail/freebsd-x11/2015-October/016758.html\" rel=\"nofollow\"\u003eJean-Sébastien Pédron has submitted a call for testing out the neIntel i915 driver\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA very eagerly awaited feature, Haswell GPU support has begun the testing process\u003c/li\u003e\n\u003cli\u003eThe main developer, Jean-Sébastien Pédron \u003ca href=\"mailto:dumbbell@freebsd.org\" rel=\"nofollow\"\u003edumbbell@freebsd.org\u003c/a\u003e  looking for users to test the patch, both those that have older supported cards (Sandybridge, Ivybridge) that are currently working, and users with Haswell devices that have, until now, not been supported\u003c/li\u003e\n\u003cli\u003eIncluded is a link to the Wiki with instructions on how to enable debugging, and grab the updated branch of FreeBSD with the graphical improvements. Jean-Sébastien is calling for testers to send results both good and bad over to the freebsd-x11 mailing lists\u003c/li\u003e\n\u003cli\u003eFor those who want an “out of box solution” the next PC-BSD 11.0-CURRENT November images will include these changes as well\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.cyberciti.biz/faq/how-to-install-freebsd-on-raspberry-pi-2-model-b/\" rel=\"nofollow\"\u003eHow to install FreeBSD on a Raspberry Pi 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe have a nice walkthrough this week on how to install FreeBSD, both \n10 or 11-CURRENT on a RPi 2!\u003c/li\u003e\n\u003cli\u003eThe walkthrough shows us how to use OSX to copy the image to SD card, \nthen booting.\u003c/li\u003e\n\u003cli\u003eIn this case, we have him using a USB to serial cable to capture \noutput with screen\u003c/li\u003e\n\u003cli\u003eThis is a pretty quick way for users sitting on a RPi2 to get up and \nrunning with FreeBSD \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Jordan Hubbard - \u003ca href=\"mailto:email@email\" rel=\"nofollow\"\u003ejkh@ixsystems.com\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.nextbsd.org/\" rel=\"nofollow\"\u003eNextBSD\u003c/a\u003e | \u003ca href=\"https://github.com/NextBSD/NextBSD\" rel=\"nofollow\"\u003eNextBSD Github\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eBeastie Bits\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://marc.info/?l=openbsd-misc\u0026m=144515087006177\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s Source Tree turned 20 on October 18th\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://plus.google.com/+GhostbsdOrg/posts/JoNZzrKrhtB\" rel=\"nofollow\"\u003eGhostBSD working on Graphical ZFS Configuration Utility\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.youtube.com/channel/UCz6C-szau90f9Vn07A6W2aA/videos\" rel=\"nofollow\"\u003eEuroBSDcon 2014 videos finally online\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.mun.ca/postdoc/tc-postdoc-2015.pdf\" rel=\"nofollow\"\u003ePostdoctoral research position at Memorial University is open\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc\" rel=\"nofollow\"\u003eNetBSD Security Advisory: TCP LAST_ACK memory exhaustion, reported by NetFlix and Juniper \u003c/a\u003e \u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.desktopbsd.net/forums/threads/desktopbsd-2-0-roadmap.798/\" rel=\"nofollow\"\u003eDesktopBSD making a comeback?\u003c/a\u003e \u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20PllfFXt\" rel=\"nofollow\"\u003e Steve \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21jJm1lFN\" rel=\"nofollow\"\u003e Ben \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20TsrN3uq\" rel=\"nofollow\"\u003e Frank \u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20AydOevW\" rel=\"nofollow\"\u003e Tyler \u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e","summary":"Coming up on this week’s episode, we have an interview","date_published":"2015-10-28T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/894b07bf-05ec-4da1-aeb5-9850cfdd6880.mp3","mime_type":"audio/mpeg","size_in_bytes":83640388,"duration_in_seconds":8364}]},{"id":"c85e2b31-1e84-4751-8348-25bcba47d013","title":"112: Tracing the source","url":"https://www.bsdnow.tv/112","content_text":"This week Allan is away at a ZFS conference, so it seems\n\nThis episode was brought to you by\n\n\nsrc=\"/images/1.png\" alt=\"iXsystems - Enterprise \nServers and Storage for Open Source\" /\u0026gt;\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u0026gt;\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud \nHosting, Built for Developers\" /\u0026gt;\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u0026gt;\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups \nfor the Truly Paranoid\" /\u0026gt;\n\n\n\nHeadlines\n\npfsense - 2.3 alpha snapshots available\n\n\npfsense 2.3 Features and Changes\nThe entire front end has been re-written\nUpgrade of base OS to FreeBSD 10-STABLE\nThe PPTP server component has been removed,\nPBIs have been replaced with pkg\nPHP upgraded to 5.6\nThe web interface has been converted to Bootstrap\n***\n\n\nBSDMag October 2015 out\n\n\nA Look at the New PC-BSD 10.2 - Kris Moore\nBasis Of The Lumina Desktop Environment 18 - Ken Moore\nA Secure Webserver on FreeBSD with Hiawatha - David Carlier\nDefeating CryptoLocker Attacks with ZFS - Michael Dexter\nEmerging Technology Has Increasingly Been a Force for Both Good and \nEvil - Rob Somerville\nInterviews with: Dru Lavigne, Luca Ferrari, Oleksandr Rybalko\n***\n\n\nOpnSense 15.7.14 Released\n\n\nAnother update to OpnSense has landed!\nSome of the notable takeaways this time are that it isn’t a \nsecurity update\nMajor rework of the firewall rules sections including, rules, \nschedules, virtual ip, nat and aliases pages\nLatest BIND and Squid packages\nImproved configuration management, including fixes to importing an old \nconfig file. New location for configuration history / backups. \n***\n\n\nOpenBSD in Toyota Highlander\n\n\nImages\nWhile looking through the ‘Software Information’ screen of a Toyota Highlander, Chad Dougherty of the ACM found a bunch of OpenBSD copyright notices\nAt least one of which I recognize as OpenCrypto, because of the comment about “transforms”\nIt is likely that the vehicle is running QNX, which contains various bits of BSD\nQNX: Third Party License Terms List version 2.17\nSome highlights\n\n\nRobert N. M. Watson (FreeBSD)\nTrustedBSD Project (FreeBSD)\nNetBSD Foundation\nNASA Ames Research Center (NetBSD)\nDamien Miller (OpenBSD)\nTheo de Raadt (OpenBSD)\nSony Computer Science Laboratories Inc.\nBob Beck (OpenBSD)\nChristos Zoulas (NetBSD)\nMarkus Friedl (OpenBSD)\nHenning Brauer (OpenBSD)\nNetwork Associates Technology, Inc. (FreeBSD)\n100s of others\n\nOpenSSH seems to be included\nIt also seems to contain tcpdump for some reason\n\n\n\n\nInterview - Adam Leventhal -\n\nadam.leventhal@delphix.com / \n@ahl\nZFS and DTrace\n\n\n\nBeastie-Bits\n\nisboot, an iSCSI boot driver for FreeBSD 9 and 10\n\ntame() is now called pledge() \nInterview with NetBSD developer Leoardo \nTaccari\n\nFuguita releases LiveCD based on OpenBSD 5.8\n\nDtrace toolkit gets an update and imported into NetBSD\n\nAn older article about how to do failover / load-balancing in pfsense\n\n\n\nFeedback/Questions\n\n\n Michael writes in\n Possniffer writes in\n Erno writes in\n***\n","content_html":"\u003cp\u003eThis week Allan is away at a ZFS conference, so it seems\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/1.png\" alt=\"iXsystems - Enterprise \u003cbr\u003e\nServers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud \u003cbr\u003e\nHosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca \u003cbr\u003e\nhref=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg \u003cbr\u003e\nsrc=\"/images/3.png\" alt=\"Tarsnap - Online Backups \u003cbr\u003e\nfor the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1854\" rel=\"nofollow\"\u003epfsense - 2.3 alpha snapshots available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes\" rel=\"nofollow\"\u003epfsense 2.3 Features and Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe entire front end has been re-written\u003c/li\u003e\n\u003cli\u003eUpgrade of base OS to FreeBSD 10-STABLE\u003c/li\u003e\n\u003cli\u003eThe PPTP server component has been removed,\u003c/li\u003e\n\u003cli\u003ePBIs have been replaced with pkg\u003c/li\u003e\n\u003cli\u003ePHP upgraded to 5.6\u003c/li\u003e\n\u003cli\u003eThe web interface has been converted to Bootstrap\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/download/bsd-09-2015/\" rel=\"nofollow\"\u003eBSDMag October 2015 out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Look at the New PC-BSD 10.2 - Kris Moore\u003c/li\u003e\n\u003cli\u003eBasis Of The Lumina Desktop Environment 18 - Ken Moore\u003c/li\u003e\n\u003cli\u003eA Secure Webserver on FreeBSD with Hiawatha - David Carlier\u003c/li\u003e\n\u003cli\u003eDefeating CryptoLocker Attacks with ZFS - Michael Dexter\u003c/li\u003e\n\u003cli\u003eEmerging Technology Has Increasingly Been a Force for Both Good and \nEvil - Rob Somerville\u003c/li\u003e\n\u003cli\u003eInterviews with: Dru Lavigne, Luca Ferrari, Oleksandr Rybalko\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-15-7-14-released/\" rel=\"nofollow\"\u003eOpnSense 15.7.14 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother update to OpnSense has landed!\u003c/li\u003e\n\u003cli\u003eSome of the notable takeaways this time are that it isn’t a \nsecurity update\u003c/li\u003e\n\u003cli\u003eMajor rework of the firewall rules sections including, rules, \nschedules, virtual ip, nat and aliases pages\u003c/li\u003e\n\u003cli\u003eLatest BIND and Squid packages\u003c/li\u003e\n\u003cli\u003eImproved configuration management, including fixes to importing an old \nconfig file. New location for configuration history / backups. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=144327954931983\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD in Toyota Highlander\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://imgur.com/a/SMVdp\" rel=\"nofollow\"\u003eImages\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhile looking through the ‘Software Information’ screen of a Toyota Highlander, Chad Dougherty of the ACM found a bunch of OpenBSD copyright notices\u003c/li\u003e\n\u003cli\u003eAt least one of which I recognize as OpenCrypto, because of the comment about “transforms”\u003c/li\u003e\n\u003cli\u003eIt is likely that the vehicle is running QNX, which contains various bits of BSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://support7.qnx.com/download/download/25111/TPLTL.v2.17.Jul23-13.pdf\" rel=\"nofollow\"\u003eQNX: Third Party License Terms List version 2.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSome highlights\n\n\u003cul\u003e\n\u003cli\u003eRobert N. M. Watson (FreeBSD)\u003c/li\u003e\n\u003cli\u003eTrustedBSD Project (FreeBSD)\u003c/li\u003e\n\u003cli\u003eNetBSD Foundation\u003c/li\u003e\n\u003cli\u003eNASA Ames Research Center (NetBSD)\u003c/li\u003e\n\u003cli\u003eDamien Miller (OpenBSD)\u003c/li\u003e\n\u003cli\u003eTheo de Raadt (OpenBSD)\u003c/li\u003e\n\u003cli\u003eSony Computer Science Laboratories Inc.\u003c/li\u003e\n\u003cli\u003eBob Beck (OpenBSD)\u003c/li\u003e\n\u003cli\u003eChristos Zoulas (NetBSD)\u003c/li\u003e\n\u003cli\u003eMarkus Friedl (OpenBSD)\u003c/li\u003e\n\u003cli\u003eHenning Brauer (OpenBSD)\u003c/li\u003e\n\u003cli\u003eNetwork Associates Technology, Inc. (FreeBSD)\u003c/li\u003e\n\u003cli\u003e100s of others\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eOpenSSH seems to be included\u003c/li\u003e\n\u003cli\u003eIt also seems to contain tcpdump for some reason\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Adam Leventhal -\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"mailto:adam.leventhal@delphix.com\" rel=\"nofollow\"\u003eadam.leventhal@delphix.com\u003c/a\u003e / \u003cbr\u003e\n\u003ca href=\"https://twitter.com/ahl\" rel=\"nofollow\"\u003e@ahl\u003c/a\u003e\u003cbr\u003e\nZFS and DTrace\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch3\u003eBeastie-Bits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-September/057572.html\" rel=\"nofollow\"\u003eisboot, an iSCSI boot driver for FreeBSD 9 and 10\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=144469071208559\u0026w=2\" rel=\"nofollow\"\u003etame() is now called pledge() \u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"http://beastie.pl/deweloperzy-netbsd-7-0-leonardo-taccari/\" rel=\"nofollow\"\u003eInterview with NetBSD developer Leoardo \u003cbr\u003e\nTaccari\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://fuguita.org/index.php?FuguIta\" rel=\"nofollow\"\u003eFuguita releases LiveCD based on OpenBSD 5.8\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2015/09/30/msg069173.html\" rel=\"nofollow\"\u003eDtrace toolkit gets an update and imported into NetBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.tecmint.com/how-to-setup-failover-and-load-balancing-in-pfsense/\" rel=\"nofollow\"\u003eAn older article about how to do failover / load-balancing in pfsense\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s217HyOZ9U\" rel=\"nofollow\"\u003e Michael writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2YODjppwX\" rel=\"nofollow\"\u003e Possniffer writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21xltQ6jd\" rel=\"nofollow\"\u003e Erno writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week Allan is away at a ZFS conference, so it seems","date_published":"2015-10-21T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c85e2b31-1e84-4751-8348-25bcba47d013.mp3","mime_type":"audio/mpeg","size_in_bytes":42396340,"duration_in_seconds":3533}]},{"id":"f858706f-01c9-4fa1-bca3-07c9fd71554b","title":"111: Xenocratic Oath","url":"https://www.bsdnow.tv/111","content_text":"Coming up on this weeks episode, we have BSD news, tidbits and articles out the wazoo to share. Also, be sure to stick around for our interview with Brandon Mercer as he tells us about OpenBSD being used in the healthcare industry.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nNetBSD 7.0 Release Announcement\n\n\nDRM/KMS support brings accelerated graphics to x86 systems using modern Intel and Radeon devices (Linux 3.15)\nMultiprocessor ARM support.\nSupport for many new ARM boards, including the Raspberry Pi 2 and BeagleBone Black\nMajor NPF improvements:\n\n\nBPF with just-in-time (JIT) compilation by default\nsupport for dynamic rules\n\nsupport for static (stateless) NAT\nsupport for IPv6-to-IPv6 Network Prefix Translation (NPTv6) as per RFC 6296\nsupport for CDB based tables (uses perfect hashing and guarantees lock-free O(1) lookups)\nMultiprocessor support in the USB subsystem.\nGPT support in sysinst via the extended partitioning menu.\nLua kernel scripting\nGCC 4.8.4, which brings support for C++11\nExperimental support for SSD TRIM in wd(4) and FFS\ntetris(6): Add colours and a 'down' key, defaulting to 'n'. It moves the block down a line, if it fits. \n***\n\n\nCloudFlare develops interesting new netmap feature \n\n\nNormally, when Netmap is enabled on an interface, the kernel is bypassed and all of the packets go to the Netmap consumers\nCloudFlare has developed a feature that allows all but one of the RX queues to remain connected to the kernel, and only a single queue be passed to Netmap\nThe change is a simple modification to the nm_open API, allowing the application to open only a specific queue of the NIC, rather than the entire thing\nThe RSS or other hashing must be modified to not direct traffic to this queue\nThen specific flows are directed to the netmap application for matching traffic\nFor example under Linux:\nethtool -X eth3 weight 1 1 1 1 0 1 1 1 1 1\nethtool -K eth3 lro off gro off\nethtool -N eth3 flow-type udp4 dst-port 53 action 4\nDirects all name server traffic to NIC queue number 4\nCurrently there is no tool like ethtool to accomplish this same under FreeBSD\nI wonder if the flows could be identified more specifically using something like ipfw-netmap\n***\n\n\nBuilding your own OpenBSD based Mail server!\n\n\npart 2 \npart 3\nThe UK Register gives us a great writeup on getting your own mail server setup specifically on OpenBSD 5.7\nIn this article they used a MiniPC the Acer Revo One RL85, which is a decently priced little box for a mail server \nWhile a bit lengthy in 3 parts, it does provide a good walkthrough of getting OpenBSD setup, PostFix and DoveCot configured and working. In the final installment it also provides details on spam filtering and antivirus scanning. \n\n\nGetting started with the UEFI bootloader on OpenBSD\n\n\nIf you've been listening over the past few weeks, you've heard about OpenBSD.s new UEFI boot-loader. We now have a blog post with detailed instructions on how to get setup with this on your own system.\nThe initial setup is pretty straightforward, and should only take a few minutes at most. In involves the usual fdisk commands to create a FAT EFI partition, and placing the bootx64.efi file in the correct location.\nAs a bonus, we even get instructions on how to enable the frame-buffer driver on systems without native Intel video support (ThinkPad x250 in this example)\n***\n\n\nRecipe for building a 10Mpps FreeBSD based router\n\n\nOlivier, (of FreeNAS and BSD Router Project fame) treats us this week to a neat blog post about building your own high-performance 10Mpps FreeBSD router\nAs he first mentions, the hardware required will need to be beefy, no $200 miniPC here. In his setup he uses a 8 core Intel Xeon E5-2650, along with a Quad port 10 Gigabit Chelsio TS540-CR.\nHe mentions that this doesn't work quite on stock FreeBSD yet, you will need to pull code in from the projects/routing  which fixes an issue with scaling on cores, in this case he is shrinking the NIC queues down to 4 from 8.\nIf you don't feel like doing the compiles yourself, he also includes links to experimental BSDRouter project images which he used to do the benchmarks\nBonus! Nice graphic of the benchmarks from enabling IPFW or PF and what that does to the performance. \n***\n\n\nInterview - Brandon Mercer - bmercer@openbsd.org / @knowmercymod\n\nOpenBSD in Healthcare\n\n\nSorry about the audio quality degradation. The last 7 or 8 minutes of the interview had to be cut, a problem with the software that captures the audio from skype and adds it to our compositor. My local monitor is analogue and did not experience the issue, so I was unaware of the issue during the recording\n***\n\n\nNews Roundup\n\nNvidia releases new beta FreeBSD driver along with new kernel module\n\n\nIncludes a new kernel module, nvidia-modeset.ko\nWhile this module does NOT have any user-settable features, it works with the existing nvidia.ko to provide kernel-mode setting (KMS) used by the integrated DRM within the kernel. \nThe beta adds support for 805A and 960A nvidia cards\nAlso fixes a memory leak and some regressions\n***\n\n\nMidnightBSD 0.7-RELEASE\n\n\nWe missed this while away at Euro and elsewhere, but MidnightBSD (A desktop-focused FreeBSD 6.1 Fork) has come out with a new 0.7 release\nThis release primarily focuses on stability, but also includes important security fixes as well. \nIt cherry-picks updates to a variety of FreeBSD base-system updates, and some important ZFS features, such as TRIM and LZ4 compression\nTheir custom .mports. system has also gotten a slew of updates, with almost 2000 packages now available, including a WiP of Gnome3. It also brings support for starting / stopping services automatically at pkg install or removal. \nThey note that this will most likely be the last i386 release, joining the club of other projects that are going 64bit only. \n***\n\n\n\"Open Source as a Career Path\"\n\n\nThe FreeBSD Project held a panel discussion of why Open Source makes a good career path at the ACM.s womENcourage conference in Uppsala, Sweden, the weekend before EuroBSDCon\nThe Panel was lead by Dru Lavigne, and consisted of Deb Goodkin, Benedict Reuschling, Dan Langille, and myself\nWe attempted to provide a cross section of experiences, including women in the field, the academic side, the community side, and the business side\nDuring the question period, Dan gave a great answer to the question of .Why do open source projects still use old technologies like mailing lists and IRC.\nThe day before, the FreeBSD Foundation also had a booth at the career fair. We were the only open source project that attended. Other exhibitors included: Cisco, Facebook, Intel, Google, and Oracle.\nThe following day, Dan also gave a workshop on how to contribute to an open source project\n***\n\n\nBeastie-Bits\n\nNetBSD 2015PkgSrc Freeze\n\nSupport for 802.11N for RealTek USB in FreeBSD\n\nWayland ported to DragonFlyBSD \n\nOpenSMTPd developer debriefs on audit report \n\nFreeBSD fixes issue with pf under Xen with TSO. Errata coming soon \n\nXinuos funds the HardenedBSD project \n\n\n\nFeedback/Questions\n\n\n Evan\n Darin writes in\n Jochen writes in\n***\n","content_html":"\u003cp\u003eComing up on this weeks episode, we have BSD news, tidbits and articles out the wazoo to share. Also, be sure to stick around for our interview with Brandon Mercer as he tells us about OpenBSD being used in the healthcare industry.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.netbsd.org/releases/formal-7/NetBSD-7.0.html\" rel=\"nofollow\"\u003eNetBSD 7.0 Release Announcement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDRM/KMS support brings accelerated graphics to x86 systems using modern Intel and Radeon devices (Linux 3.15)\u003c/li\u003e\n\u003cli\u003eMultiprocessor ARM support.\u003c/li\u003e\n\u003cli\u003eSupport for many new ARM boards, including the Raspberry Pi 2 and BeagleBone Black\u003c/li\u003e\n\u003cli\u003eMajor NPF improvements:\n\n\u003cul\u003e\n\u003cli\u003eBPF with just-in-time (JIT) compilation by default\u003c/li\u003e\n\u003cli\u003esupport for dynamic rules\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003esupport for static (stateless) NAT\u003c/li\u003e\n\u003cli\u003esupport for IPv6-to-IPv6 Network Prefix Translation (NPTv6) as per RFC 6296\u003c/li\u003e\n\u003cli\u003esupport for CDB based tables (uses perfect hashing and guarantees lock-free O(1) lookups)\u003c/li\u003e\n\u003cli\u003eMultiprocessor support in the USB subsystem.\u003c/li\u003e\n\u003cli\u003eGPT support in sysinst via the extended partitioning menu.\u003c/li\u003e\n\u003cli\u003eLua kernel scripting\u003c/li\u003e\n\u003cli\u003eGCC 4.8.4, which brings support for C++11\u003c/li\u003e\n\u003cli\u003eExperimental support for SSD TRIM in wd(4) and FFS\u003c/li\u003e\n\u003cli\u003etetris(6): Add colours and a \u0026#39;down\u0026#39; key, defaulting to \u0026#39;n\u0026#39;. It moves the block down a line, if it fits. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/\" rel=\"nofollow\"\u003eCloudFlare develops interesting new netmap feature \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNormally, when Netmap is enabled on an interface, the kernel is bypassed and all of the packets go to the Netmap consumers\u003c/li\u003e\n\u003cli\u003eCloudFlare has developed a feature that allows all but one of the RX queues to remain connected to the kernel, and only a single queue be passed to Netmap\u003c/li\u003e\n\u003cli\u003eThe change is a simple modification to the nm_open API, allowing the application to open only a specific queue of the NIC, rather than the entire thing\u003c/li\u003e\n\u003cli\u003eThe RSS or other hashing must be modified to not direct traffic to this queue\u003c/li\u003e\n\u003cli\u003eThen specific flows are directed to the netmap application for matching traffic\u003c/li\u003e\n\u003cli\u003eFor example under Linux:\u003c/li\u003e\n\u003cli\u003eethtool -X eth3 weight 1 1 1 1 0 1 1 1 1 1\u003c/li\u003e\n\u003cli\u003eethtool -K eth3 lro off gro off\u003c/li\u003e\n\u003cli\u003eethtool -N eth3 flow-type udp4 dst-port 53 action 4\u003c/li\u003e\n\u003cli\u003eDirects all name server traffic to NIC queue number 4\u003c/li\u003e\n\u003cli\u003eCurrently there is no tool like ethtool to accomplish this same under FreeBSD\u003c/li\u003e\n\u003cli\u003eI wonder if the flows could be identified more specifically using something like ipfw-netmap\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.theregister.co.uk/2015/09/12/feature_last_post_build_mail_server/?mt=1442858572214\" rel=\"nofollow\"\u003eBuilding your own OpenBSD based Mail server!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.theregister.co.uk/2015/09/19/feature_last_post_build_mailserver_part_2/\" rel=\"nofollow\"\u003epart 2\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.theregister.co.uk/2015/09/26/feature_last_post_build_mailserver_part_3/\" rel=\"nofollow\"\u003epart 3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe UK Register gives us a great writeup on getting your own mail server setup specifically on OpenBSD 5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.theregister.co.uk/2015/07/24/review_acer_revo_one_rl85_/\" rel=\"nofollow\"\u003eIn this article they used a MiniPC the Acer Revo One RL85, which is a decently priced little box for a mail server \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhile a bit lengthy in 3 parts, it does provide a good walkthrough of getting OpenBSD setup, PostFix and DoveCot configured and working. In the final installment it also provides details on spam filtering and antivirus scanning. \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.jasper.la/openbsd-uefi-bootloader-howto/\" rel=\"nofollow\"\u003eGetting started with the UEFI bootloader on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve been listening over the past few weeks, you\u0026#39;ve heard about OpenBSD.s new UEFI boot-loader. We now have a blog post with detailed instructions on how to get setup with this on your own system.\u003c/li\u003e\n\u003cli\u003eThe initial setup is pretty straightforward, and should only take a few minutes at most. In involves the usual fdisk commands to create a FAT EFI partition, and placing the bootx64.efi file in the correct location.\u003c/li\u003e\n\u003cli\u003eAs a bonus, we even get instructions on how to enable the frame-buffer driver on systems without native Intel video support (ThinkPad x250 in this example)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.cochard.me/2015/09/receipt-for-building-10mpps-freebsd.html\" rel=\"nofollow\"\u003eRecipe for building a 10Mpps FreeBSD based router\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOlivier, (of FreeNAS and BSD Router Project fame) treats us this week to a neat blog post about building your own high-performance 10Mpps FreeBSD router\u003c/li\u003e\n\u003cli\u003eAs he first mentions, the hardware required will need to be beefy, no $200 miniPC here. In his setup he uses a 8 core Intel Xeon E5-2650, along with a Quad port 10 Gigabit Chelsio TS540-CR.\u003c/li\u003e\n\u003cli\u003eHe mentions that this doesn\u0026#39;t work quite on stock FreeBSD yet, you will need to pull code in from the \u003ca href=\"https://svnweb.freebsd.org/base/projects/routing/\" rel=\"nofollow\"\u003eprojects/routing \u003c/a\u003e which fixes an issue with scaling on cores, in this case he is shrinking the NIC queues down to 4 from 8.\u003c/li\u003e\n\u003cli\u003eIf you don\u0026#39;t feel like doing the compiles yourself, he also includes links to experimental BSDRouter project images which he used to do the benchmarks\u003c/li\u003e\n\u003cli\u003eBonus! Nice graphic of the benchmarks from enabling IPFW or PF and what that does to the performance. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Brandon Mercer - \u003ca href=\"mailto:bmercer@openbsd.org\" rel=\"nofollow\"\u003ebmercer@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/knowmercymod\" rel=\"nofollow\"\u003e@knowmercymod\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD in Healthcare\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eSorry about the audio quality degradation. The last 7 or 8 minutes of the interview had to be cut, a problem with the software that captures the audio from skype and adds it to our compositor. My local monitor is analogue and did not experience the issue, so I was unaware of the issue during the recording\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://devtalk.nvidia.com/default/topic/884727/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-358-09-beta-/\" rel=\"nofollow\"\u003eNvidia releases new beta FreeBSD driver along with new kernel module\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIncludes a new kernel module, nvidia-modeset.ko\u003c/li\u003e\n\u003cli\u003eWhile this module does NOT have any user-settable features, it works with the existing nvidia.ko to provide kernel-mode setting (KMS) used by the integrated DRM within the kernel. \u003c/li\u003e\n\u003cli\u003eThe beta adds support for 805A and 960A nvidia cards\u003c/li\u003e\n\u003cli\u003eAlso fixes a memory leak and some regressions\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.midnightbsd.org/pipermail/midnightbsd-users/Week-of-Mon-20150914/003462.html\" rel=\"nofollow\"\u003eMidnightBSD 0.7-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe missed this while away at Euro and elsewhere, but MidnightBSD (A desktop-focused FreeBSD 6.1 Fork) has come out with a new 0.7 release\u003c/li\u003e\n\u003cli\u003eThis release primarily focuses on stability, but also includes important security fixes as well. \u003c/li\u003e\n\u003cli\u003eIt cherry-picks updates to a variety of FreeBSD base-system updates, and some important ZFS features, such as TRIM and LZ4 compression\u003c/li\u003e\n\u003cli\u003eTheir custom .mports. system has also gotten a slew of updates, with almost 2000 packages now available, including a WiP of Gnome3. It also brings support for starting / stopping services automatically at pkg install or removal. \u003c/li\u003e\n\u003cli\u003eThey note that this will most likely be the last i386 release, joining the club of other projects that are going 64bit only. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://media.medfarm.uu.se/play/video/5400\" rel=\"nofollow\"\u003e\u0026quot;Open Source as a Career Path\u0026quot;\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD Project held a \u003ca href=\"http://www.cb.uu.se/%7Ekristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG\" rel=\"nofollow\"\u003epanel discussion\u003c/a\u003e of why Open Source makes a good career path at the ACM.s womENcourage conference in Uppsala, Sweden, the weekend before EuroBSDCon\u003c/li\u003e\n\u003cli\u003eThe Panel was lead by Dru Lavigne, and consisted of Deb Goodkin, Benedict Reuschling, Dan Langille, and myself\u003c/li\u003e\n\u003cli\u003eWe attempted to provide a cross section of experiences, including women in the field, the academic side, the community side, and the business side\u003c/li\u003e\n\u003cli\u003eDuring the question period, Dan gave a \u003ca href=\"https://gist.github.com/dlangille/e262bccdea08b89b5360\" rel=\"nofollow\"\u003egreat answer\u003c/a\u003e to the question of .Why do open source projects still use old technologies like mailing lists and IRC.\u003c/li\u003e\n\u003cli\u003eThe day before, the FreeBSD Foundation also had a booth at the career fair. We were the only open source project that attended. Other exhibitors included: Cisco, Facebook, Intel, Google, and Oracle.\u003c/li\u003e\n\u003cli\u003eThe following day, Dan also \u003ca href=\"http://www.cb.uu.se/%7Ekristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG\" rel=\"nofollow\"\u003egave a workshop\u003c/a\u003e on how to contribute to an open source project\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eBeastie-Bits\u003c/h3\u003e\n\n\u003cp\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2015/09/12/msg022186.html\" rel=\"nofollow\"\u003eNetBSD 2015PkgSrc Freeze\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/freebsd/freebsd/commits/master/sys/dev/usb/wlan/if_rsu.c\" rel=\"nofollow\"\u003eSupport for 802.11N for RealTek USB in FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/DragonFlyBSD/DeltaPorts/pull/123\" rel=\"nofollow\"\u003eWayland ported to DragonFlyBSD \u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151013161745\" rel=\"nofollow\"\u003eOpenSMTPd developer debriefs on audit report \u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=289316\" rel=\"nofollow\"\u003eFreeBSD fixes issue with pf under Xen with TSO. Errata coming soon \u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"http://slexy.org/view/s2EBjrxQ9M\" rel=\"nofollow\"\u003eXinuos funds the HardenedBSD project \u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21PMmNFIs\" rel=\"nofollow\"\u003e Evan\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20qH07ox0\" rel=\"nofollow\"\u003e Darin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2d0SFmRlD\" rel=\"nofollow\"\u003e Jochen writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up on this weeks episode, we have BSD news, tidbits and articles out the wazoo to share. Also, be sure to stick around for our interview with Brandon Mercer as he tells us about OpenBSD being used in the healthcare industry.","date_published":"2015-10-14T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f858706f-01c9-4fa1-bca3-07c9fd71554b.mp3","mime_type":"audio/mpeg","size_in_bytes":44653396,"duration_in_seconds":3721}]},{"id":"42636b74-791c-44c4-b313-75b8ace4844b","title":"110: - Firmware Fights","url":"https://www.bsdnow.tv/110","content_text":"This week on BSDNow, we get to hear all of Allans post EuroBSDCon wrap-up and a great interview with Benno Rice from Isilon. We got to discuss some of the pain of doing major forklift upgrades, and why your business should track -CURRENT.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDCon Videos\n\n\nEuroBSDCon has started posting videos of the talks online already.\nThe videos posted online are archives of the live stream, so some of the videos contain multiple talks\nDue to a technical complication, some videos only have 1 channel of audio\nEuroBSDCon Talk Schedule\nRed Room Videos\nYellow Room Videos\nBlue Room Videos\nPhotos of the conference courtersy of Ollivier Robert\n***\n\n\nA series of OpenSMTPd patches fix multiple vulnerabilities\n\n\nQualys recently published an audit of the OpenSNMPd source code\nThe fixes for these vulnerabilities were released as 5.7.2\nAfter its release, two additional vulnerabilities were found. One, in the portable version, newer code that was added after the audit started\nAll users are strongly encouraged to upgrade to 5.7.3\nOpenBSD users should apply the latest errata or upgrade to the newest snapshot\n***\n\n\nFreeBSD updates in -CURRENT\n\n\nLooks like Xen header support has been bumped in FreeBSD from 4.2 -\u0026gt; 4.6\nIt also enables support for ARM\nUpdate to Clang / LLVM  to 3.7.0\nhttp://llvm.org/releases/3.7.0/docs/ReleaseNotes.html\nZFS gets FRU (field replaceable unit) tracking\nOpenCL makes it way into the ports tree\nbhyve has grown UEFI support, plus a CSM module\nbhyve can now boot Windows \nCurrently there is still only a serial console, so the post includes an unattended install .xml file and instructions on how to repack the ISO. Once Windows is installed, you can RDP into the machine\nbhyve can also now run IllumOS \n***\n\n\nOpenBSD Initial Support for Broadwell Graphics\n\n\nOpenBSD joins DragonFly now with initial support for broadwell GPUs landing in their development branch\nThis brings Open up to Linux 3.14.52 DRM, and Mark Kettenis mentions that it isn.t perfect yet, and may cause some issues with older hardware, although no major regressions yet\n***\n\n\nOpenBSD Slides for TAME and libTLS APIs\n\n\nThe first set of slides are from a talk Theo de Raadt gave in Croatia, they describe the history and impetus for tame\nTheo specifically avoids comparisons to other sandboxing techniques like capsicum and seccomp, because he is not impartial\ntame() itself is only about 1200 lines of code\nSandboxing the file(1) command with systrace: 300 lines of code, with tame: 4 lines\nTheo makes the point that .optional security. is irrelevant. If a mitigation feature has a knob to turn it off, some program will break and advise users to turn the feature off. Eventually, no one uses the feature, and it dies\nThis has lead to OpenBSD.s policy: .Once working, these features cannot be disabled. Application bugs must be fixed.\nThe second talk is by Bob Beck, about LibreSSL\nwhen LibreSSL was forked from OpenSSL 1.0.1g, it contained 388,000 lines of C code\n30 days in LibreSSL, they had deleted 90,000 lines of C\nOpenSSL 1.0.2d has 432,000 lines of C (728k total), and OpenSSL Current has 411,000 lines of C (over 1 million total)\nLibreSSL today, contains 297,000 lines of C (511k total)\nNone of the high risk CVEs against OpenSSL (there have been 5) have affected LibreSSL. It turns out removing old code and unneeded features is good for security.\nThe talk focuses on libtls, an alternative to the OpenSSL API, designed to be easier to use and less error prone\nIn the libtls api, if -1 is returned, it is always an error. In OpenSSL, it might not be an error, needs additional code to check errno\nIn OpenBSD: ftp, nc, ntpd, httpd, spamd, syslog have been converted to the new API\nThe OpenBSD Foundation is looking for donations in order to sponsor 2-3 developers to spend 6 months dedicated to LibreSSL\n***\n\n\nInterview - Benno Rice - benno@FreeBSD.org / @jeamland\n\nIsilon and building products on top of FreeBSD\n\n\n\nNews Roundup\n\nReLaunchd\n\n\nThis past week we got a heads up about another init/launchd replacement, this time .Relaunchd.\nThe goals of this project appear to be keeping launchd functionality, while being portable enough to run on FreeBSD / Linux, etc. \nIt also has aspirations of being .container-aware. with support for jailed services, ala-docker, as well as cluster awareness. \nWritten in ruby :(, it also maintains that it wishes to NOT take over PID1 or replace the initial system boot scripts, but extend / leverage them in new ways. \n***\n\n\nStatic Intrusion Detection in NetBSD\n\n\nAlistar Crooks has committed a new .sid. utility to NetBSD, which allows intrusion detection by comparing the file-system contents to a database of known good values\nThe utility can compare the entire root file system of a modest NetBSD machine in about 15 seconds\nThe following parameters of each file can be checked: atime, block count, ctime, file type, flags, group, inode, link target, mtime, number of links, permissions, size, user, crc32c checksum, sha256 checksum, sha512 checksum\nA JSON report is issued at the end, for any detected variances\n***\n\n\nLibreSSL 2.3.0 in PC-BSD\n\n\nIf you.re running PC-BSD 10.2-EDGE or October's -CURRENT image, LibreSSL 2.3.0 is now a thing\nThanks to the hard work of Bernard Spil and others, we have merged in the latest LibreSSL which actually removes SSL support in favor of TLS\nQuite a number of bugs have been fixed, as well as patches brought over from OpenBSD to fix numerous ports.\nAllan has started a patchset that sets the OpenSSL in base to \"private\"\nThis hides the library so that applications and ports cannot find it, so only tools in the base system, like fetch, will be able to use it. This makes OpenSSL no longer part of the base system ABI, meaning the version can be upgraded without breaking the stable ABI promise. This feature may be important in the future as OpenSSL versions now have EoL dates, that may be sooner than the EoL on the FreeBSD stable branches.\n***\n\n\nPC-BSD and boot-environments without GRUB\n\n\nIn this month.s -CURRENT image of PC-BSD, we began the process of moving back from the GRUB boot-loader, in favor of FreeBSD.s\nA couple of patches have been included, which enables boot-environment support via the 4th menus (Thanks Allan) and support for booting ZFS on root via UEFI\n\"beadm\" has also been updated to seamlessly support both boot-loaders\nNo full-disk encryption support yet (hopefully soon), but GRUB is still available on installer for those who need it\n***\n\n\nImport of IWM wireless to DragonFly\n\n\nMatthew Dillon has recently imported the newer if_iwm driver from FreeBSD -\u0026gt; DragonFly\nAcross the internet, users with newer Intel chipsets rejoiced!\nCoupled with the latest Broadwell DRM improvements, DragonFly sounds very ready for the latest laptop chipsets\nAlso, looks like progress is being made on i386 removal\n***\n\n\nFeedback/Questions\n\n\nDan writes in about PCBSD\nMatt writes in about ZFS\nAnonymous writes in about problems booting\n***\n","content_html":"\u003cp\u003eThis week on BSDNow, we get to hear all of Allans post EuroBSDCon wrap-up and a great interview with Benno Rice from Isilon. We got to discuss some of the pain of doing major forklift upgrades, and why your business should track -CURRENT.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003eEuroBSDCon Videos\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEuroBSDCon has started posting videos of the talks online already.\u003c/li\u003e\n\u003cli\u003eThe videos posted online are archives of the live stream, so some of the videos contain multiple talks\u003c/li\u003e\n\u003cli\u003eDue to a technical complication, some videos only have 1 channel of audio\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://2015.eurobsdcon.org/talks-and-schedule/talk-schedule/\" rel=\"nofollow\"\u003eEuroBSDCon Talk Schedule\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/channel/UCBPvcqZrNuKZuP1LQhlCp-A\" rel=\"nofollow\"\u003eRed Room Videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/channel/UCJk8Kls9LT-Txu-Jhv7csfw\" rel=\"nofollow\"\u003eYellow Room Videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/channel/UC-3DOxIOI5oHXE1H57g3FzQ\" rel=\"nofollow\"\u003eBlue Room Videos\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://assets.keltia.net/photos/EuroBSDCon-2015/\" rel=\"nofollow\"\u003ePhotos of the conference courtersy of Ollivier Robert\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20151005200020\" rel=\"nofollow\"\u003eA series of OpenSMTPd patches fix multiple vulnerabilities\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eQualys recently published an \u003ca href=\"https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt\" rel=\"nofollow\"\u003eaudit of the OpenSNMPd source code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe fixes for these vulnerabilities were released as 5.7.2\u003c/li\u003e\n\u003cli\u003eAfter its release, two \u003ca href=\"http://www.openwall.com/lists/oss-security/2015/10/04/2\" rel=\"nofollow\"\u003eadditional vulnerabilities\u003c/a\u003e were found. One, in the portable version, newer code that was added after the audit started\u003c/li\u003e\n\u003cli\u003eAll users are strongly encouraged to upgrade to 5.7.3\u003c/li\u003e\n\u003cli\u003eOpenBSD users should apply the latest errata or upgrade to the newest snapshot\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=288917\" rel=\"nofollow\"\u003eFreeBSD updates in -CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooks like Xen header support has been bumped in FreeBSD from 4.2 -\u0026gt; 4.6\u003c/li\u003e\n\u003cli\u003eIt also enables support for ARM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-October/057691.html\" rel=\"nofollow\"\u003eUpdate to Clang / LLVM  to 3.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://llvm.org/releases/3.7.0/docs/ReleaseNotes.html\" rel=\"nofollow\"\u003ehttp://llvm.org/releases/3.7.0/docs/ReleaseNotes.html\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=287745\" rel=\"nofollow\"\u003eZFS gets FRU (field replaceable unit) tracking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=397198\" rel=\"nofollow\"\u003eOpenCL makes it way into the ports tree\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebhyve has grown UEFI support, plus a CSM module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2015-October/003832.html\" rel=\"nofollow\"\u003ebhyve can now boot Windows \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCurrently there is still only a serial console, so the post includes an unattended install .xml file and instructions on how to repack the ISO. Once Windows is installed, you can RDP into the machine\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2015-October/003833.html\" rel=\"nofollow\"\u003ebhyve can also now run IllumOS \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=144304997800589\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD Initial Support for Broadwell Graphics\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD joins DragonFly now with initial support for broadwell GPUs landing in their development branch\u003c/li\u003e\n\u003cli\u003eThis brings Open up to Linux 3.14.52 DRM, and Mark Kettenis mentions that it isn.t perfect yet, and may cause some issues with older hardware, although no major regressions yet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eOpenBSD Slides for \u003ca href=\"http://www.openbsd.org/papers/tame-fsec2015/\" rel=\"nofollow\"\u003eTAME\u003c/a\u003e and \u003ca href=\"http://www.openbsd.org/papers/libtls-fsec-2015/\" rel=\"nofollow\"\u003elibTLS APIs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe first set of slides are from a talk Theo de Raadt gave in Croatia, they describe the history and impetus for tame\u003c/li\u003e\n\u003cli\u003eTheo specifically avoids comparisons to other sandboxing techniques like capsicum and seccomp, because he is not impartial\u003c/li\u003e\n\u003cli\u003etame() itself is only about 1200 lines of code\u003c/li\u003e\n\u003cli\u003eSandboxing the file(1) command with systrace: 300 lines of code, with tame: 4 lines\u003c/li\u003e\n\u003cli\u003eTheo makes the point that .optional security. is irrelevant. If a mitigation feature has a knob to turn it off, some program will break and advise users to turn the feature off. Eventually, no one uses the feature, and it dies\u003c/li\u003e\n\u003cli\u003eThis has lead to OpenBSD.s policy: .Once working, these features cannot be disabled. Application bugs must be fixed.\u003c/li\u003e\n\u003cli\u003eThe second talk is by Bob Beck, about LibreSSL\u003c/li\u003e\n\u003cli\u003ewhen LibreSSL was forked from OpenSSL 1.0.1g, it contained 388,000 lines of C code\u003c/li\u003e\n\u003cli\u003e30 days in LibreSSL, they had deleted 90,000 lines of C\u003c/li\u003e\n\u003cli\u003eOpenSSL 1.0.2d has 432,000 lines of C (728k total), and OpenSSL Current has 411,000 lines of C (over 1 million total)\u003c/li\u003e\n\u003cli\u003eLibreSSL today, contains 297,000 lines of C (511k total)\u003c/li\u003e\n\u003cli\u003eNone of the high risk CVEs against OpenSSL (there have been 5) have affected LibreSSL. It turns out removing old code and unneeded features is good for security.\u003c/li\u003e\n\u003cli\u003eThe talk focuses on libtls, an alternative to the OpenSSL API, designed to be easier to use and less error prone\u003c/li\u003e\n\u003cli\u003eIn the libtls api, if -1 is returned, it is always an error. In OpenSSL, it might not be an error, needs additional code to check errno\u003c/li\u003e\n\u003cli\u003eIn OpenBSD: ftp, nc, ntpd, httpd, spamd, syslog have been converted to the new API\u003c/li\u003e\n\u003cli\u003eThe OpenBSD Foundation is looking for donations in order to sponsor 2-3 developers to spend 6 months dedicated to LibreSSL\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Benno Rice - \u003ca href=\"mailto:benno@FreeBSD.org\" rel=\"nofollow\"\u003ebenno@FreeBSD.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/jeamland\" rel=\"nofollow\"\u003e@jeamland\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eIsilon and building products on top of FreeBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/mheily/relaunchd/blob/master/doc/rationale.txt\" rel=\"nofollow\"\u003eReLaunchd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis past week we got a heads up about another init/launchd replacement, this time .Relaunchd.\u003c/li\u003e\n\u003cli\u003eThe goals of this project appear to be keeping launchd functionality, while being portable enough to run on FreeBSD / Linux, etc. \u003c/li\u003e\n\u003cli\u003eIt also has aspirations of being .container-aware. with support for jailed services, ala-docker, as well as cluster awareness. \u003c/li\u003e\n\u003cli\u003eWritten in ruby :(, it also maintains that it wishes to NOT take over PID1 or replace the initial system boot scripts, but extend / leverage them in new ways. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/source-changes/2015/09/24/msg069028.html\" rel=\"nofollow\"\u003eStatic Intrusion Detection in NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlistar Crooks has committed a new .sid. utility to NetBSD, which allows intrusion detection by comparing the file-system contents to a database of known good values\u003c/li\u003e\n\u003cli\u003eThe utility can compare the entire root file system of a modest NetBSD machine in about 15 seconds\u003c/li\u003e\n\u003cli\u003eThe following parameters of each file can be checked: atime, block count, ctime, file type, flags, group, inode, link target, mtime, number of links, permissions, size, user, crc32c checksum, sha256 checksum, sha512 checksum\u003c/li\u003e\n\u003cli\u003eA JSON report is issued at the end, for any detected variances\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eLibreSSL 2.3.0 in PC-BSD\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you.re running PC-BSD 10.2-EDGE or October\u0026#39;s -CURRENT image, LibreSSL 2.3.0 is now a thing\u003c/li\u003e\n\u003cli\u003eThanks to the hard work of Bernard Spil and others, we have merged in the latest LibreSSL which actually removes SSL support in favor of TLS\u003c/li\u003e\n\u003cli\u003eQuite a number of bugs have been fixed, as well as patches brought over from OpenBSD to fix numerous ports.\u003c/li\u003e\n\u003cli\u003eAllan has started a patchset that sets the \u003ca href=\"http://allanjude.com/bsd/privatessl_2015-10-07.patch\" rel=\"nofollow\"\u003eOpenSSL in base to \u0026quot;private\u0026quot;\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis hides the library so that applications and ports cannot find it, so only tools in the base system, like fetch, will be able to use it. This makes OpenSSL no longer part of the base system ABI, meaning the version can be upgraded without breaking the stable ABI promise. This feature may be important in the future as OpenSSL versions now have EoL dates, that may be sooner than the EoL on the FreeBSD stable branches.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.pcbsd.org/pipermail/testing/2015-October/010173.html\" rel=\"nofollow\"\u003ePC-BSD and boot-environments without GRUB\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this month.s -CURRENT image of PC-BSD, we began the process of moving back from the GRUB boot-loader, in favor of FreeBSD.s\u003c/li\u003e\n\u003cli\u003eA couple of patches have been included, which enables boot-environment support via the 4th menus (Thanks Allan) and support for booting ZFS on root via UEFI\u003c/li\u003e\n\u003cli\u003e\u0026quot;beadm\u0026quot; has also been updated to seamlessly support both boot-loaders\u003c/li\u003e\n\u003cli\u003eNo full-disk encryption support yet (hopefully soon), but GRUB is still available on installer for those who need it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/24a8d46a22f9106b0c1466c41ba73460d7d22262\" rel=\"nofollow\"\u003eImport of IWM wireless to DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMatthew Dillon has recently imported the newer if_iwm driver from FreeBSD -\u0026gt; DragonFly\u003c/li\u003e\n\u003cli\u003eAcross the internet, users with newer Intel chipsets rejoiced!\u003c/li\u003e\n\u003cli\u003eCoupled with the latest Broadwell DRM improvements, DragonFly sounds very ready for the latest laptop chipsets\u003c/li\u003e\n\u003cli\u003eAlso, looks like progress is being made on \u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/cf37dc2040cea9f384bd7d3dcaf24014f441b8a6\" rel=\"nofollow\"\u003ei386 removal\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s27ZeOiM4t\" rel=\"nofollow\"\u003eDan writes in about PCBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s219J3ebx5\" rel=\"nofollow\"\u003eMatt writes in about ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21uuMAmZb\" rel=\"nofollow\"\u003eAnonymous writes in about problems booting\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSDNow, we get to hear all of Allans post EuroBSDCon wrap-up and a great interview with Benno Rice from Isilon. We got to discuss some of the pain of doing major forklift upgrades, and why your business should track -CURRENT.","date_published":"2015-10-07T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/42636b74-791c-44c4-b313-75b8ace4844b.mp3","mime_type":"audio/mpeg","size_in_bytes":69718036,"duration_in_seconds":5809}]},{"id":"a2df1fdd-3669-4b6c-8bad-03ee4f1716d1","title":"109: Impish BSD","url":"https://www.bsdnow.tv/109","content_text":"This week, we have a great interview with Warner Losh of the FreeBSD project! We will be discussing everything from automatic kernel module loading, IO scheduling and of course NanoBSD.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Warner Losh - [imp@bsdimp.com](imp@bsdimp.com) / @bsdimp\n\nSSD performance and driver auto-loader\n\n","content_html":"\u003cp\u003eThis week, we have a great interview with Warner Losh of the FreeBSD project! We will be discussing everything from automatic kernel module loading, IO scheduling and of course NanoBSD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Warner Losh - [\u003ca href=\"mailto:imp@bsdimp.com\" rel=\"nofollow\"\u003eimp@bsdimp.com\u003c/a\u003e](\u003ca href=\"mailto:imp@bsdimp.com\" rel=\"nofollow\"\u003eimp@bsdimp.com\u003c/a\u003e) / \u003ca href=\"https://twitter.com/bsdimp\" rel=\"nofollow\"\u003e@bsdimp\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eSSD performance and driver auto-loader\u003c/p\u003e\n\n\u003chr\u003e","summary":"This week, we have a great interview with Warner Losh of the FreeBSD project! We will be discussing everything from automatic kernel module loading, IO scheduling and of course NanoBSD.","date_published":"2015-09-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a2df1fdd-3669-4b6c-8bad-03ee4f1716d1.mp3","mime_type":"audio/mpeg","size_in_bytes":39751060,"duration_in_seconds":3312}]},{"id":"a3075d6e-f3f6-46a7-9c4f-402d380237db","title":"108: ServeUp BSD","url":"https://www.bsdnow.tv/108","content_text":"This week on the show, Allan is heading to Sweden, but we have a great interview with Andrew Pantyukhin to bring you. We will be discussing everything from contributions to FreeBSD, which technologies worked best in the datacenter, config management and more.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nAllan is away this week, traveling to Sweden for the ACM womENcourage conference followed by EuroBSDCon, but we have an excellent interview for you, so sit back and enjoy the show. Allan will be back on October 5th, so we look forward to bringing you a live show, with all the details about EuroBSD and more!\n\nInterview - Andrew Pantyukhin - infofarmer@gmail.com / @infofarmer\n\nBuilding products with FreeBSD\n\n","content_html":"\u003cp\u003eThis week on the show, Allan is heading to Sweden, but we have a great interview with Andrew Pantyukhin to bring you. We will be discussing everything from contributions to FreeBSD, which technologies worked best in the datacenter, config management and more.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003cp\u003eAllan is away this week, traveling to Sweden for the ACM womENcourage conference followed by EuroBSDCon, but we have an excellent interview for you, so sit back and enjoy the show. Allan will be back on October 5th, so we look forward to bringing you a live show, with all the details about EuroBSD and more!\u003c/p\u003e\n\n\u003ch2\u003eInterview - Andrew Pantyukhin - \u003ca href=\"mailto:infofarmer@gmail.com\" rel=\"nofollow\"\u003einfofarmer@gmail.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/infofarmer\" rel=\"nofollow\"\u003e@infofarmer\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBuilding products with FreeBSD\u003c/p\u003e\n\n\u003chr\u003e","summary":"This week on the show, Allan is heading to Sweden, but we have a great interview with Andrew Pantyukhin to bring you. We will be discussing everything from contributions to FreeBSD, which technologies worked best in the datacenter, config management and more.","date_published":"2015-09-23T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a3075d6e-f3f6-46a7-9c4f-402d380237db.mp3","mime_type":"audio/mpeg","size_in_bytes":56182612,"duration_in_seconds":4681}]},{"id":"5bead015-3333-45fa-bfba-838f2d3a8801","title":"107: In their midst","url":"https://www.bsdnow.tv/107","content_text":"This week, we are going to be talking with Aaron Poffenberger, who has much to share about his first-hand experience in infiltrating Linux conferences with BSD-goodness.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nAlexander Motin implements CTL High Availability\n\n\nCTL HA allows two .head. nodes to be connected to the same set of disks, safely\nAn HA storage appliance usually consists of 2 totally separate servers, connected to a shared set of disks in separate JBOD sleds\nThe problem with this setup is that if both machines try to use the disks at the same time, bad things will happen\nWith CTL HA, the two nodes can communicate, in this case over a special TCP protocol, to coordinate and make sure they do not step on each others toes, allowing safe operation\nThe CTL HA implementation in FreeBSD can operate in the following four modes:\nActive/Unavailable -- without interlink between nodes\n\n\nActive/Standby -- with the second node handling only basic LUN discovery and\nreservation, synchronizing with the first node through the interlink\nActive/Active -- with both nodes processing commands and accessing the\nbacking storage, synchronizing with the first node through the interlink\nActive/Proxy -- with second node working as proxy, transferring all\ncommands to the first node for execution through the interlink\n\nThe custom TCP protocol has no authentication, so it should never be enabled on public interfaces\nDoc Update\n***\n\n\nPanel Self-Refresh support lands in DragonFlyBSD\n\n\nIn what seems almost weekly improvements being made to the Xorg stack for DragonFly, we now have Panel Self-Refresh landing, thanks to Imre Vadász\nUnderstanding Panel Self-Refresh and More about Panel Self-Refresh\nIn a nutshell, the above articles talks about how in the case of static images on the screen, power-savings can be obtained by refreshing static images from display memory (frame-buffer), disabling the video processing of the CPU/GPU and associated pipeline during the process. \nAnd just for good measure, Imre also committed some further Intel driver cleanup, reducing the diff with Linux 3.17\n***\n\n\nIntroducing Sluice, a new ZFS snapshot management tool\n\n\nA new ZFS snapshot management tool written in Python and modeled after Apple.s Time Machine\nSimple command line interface\nNo configuration files, settings are stored as ZFS user properties\nIncludes simple remote replication support\nCan operate on remote systems with the zfs://user@host/path@snapname url schema\nFuture feature list includes .import. command to moved files from non-ZFS storage to ZFS and create a snapshot, and .export. to do the inverse\nThanks to Dan for tipping us about this new project\n***\n\n\nWhy WhatsApp only needs 50 engineers for 900 million users\n\n\nWired has a good write-up on the behind-the-scenes work taking place at WhatsApp\nWhile the article mentions FreeBSD, it spends the bulk of its discussion about Erlang and using its scalable concurrency and deployment of new code to running processes. \nFB messenger uses Haskell to accomplish much the same thing, while Google and Mozilla are currently trying to bring the same level of flexibility to Go and Rust respectively. \nvideo\nThanks to Ed for submitting this news item\n***\n\n\nInterview - Aaron Poffenberger - email@email / @akpoff\n\nBSD in a strange place\n\n\nKM: Go ahead and tell us about yourself and how did you first get involved with BSD?\nAJ: You.ve presented recently at Texas Linux Fest, both on FreeBSD and FreeNAS. What specifically prompted you to do that?\nKM: What would you say are the main selling points when presenting BSD to Linux users and admins? \nAJ: On the flip side of this topic, in what areas to do you think we could improve BSD to present better to Linux users?\nKM: What would you specifically recommend to other BSD users or fans who may also want to help present or teach about BSD? Any things specifically to avoid?\nAJ: What is the typical depth of knowledge you encounter when presenting BSD to a mostly Linux crowd? Any surprises when doing so?\nKM: Since you have done this before, are you mainly writing your own material or borrowing from other talks that have been done on BSD? Do you think there.s a place for some collaboration, maybe having a repository of materials that can be used for other BSD presenters at their local linux conference / LUG?\nAJ: Since you are primarily an OpenBSD user have you thought about doing any talks related to it? Is OpenBSD something on the radar of the typical Linux conference-goer?\nKM: Is there anything else you would like to mention before we wrap up?\n***\n\n\nNews Roundup\n\nGhostBSD 10.1 released \n\n\nGhostBSD has given us a new release, this time it also includes XFCE as an alternative to the MATE desktop\nThe installer has been updated to allow using GRUB, BSD loader, or none at all\nIt also includes the new OctoPKG manager, which proves a Qt driven front-end to pkgng\nThanks to Shawn for submitting this\n***\n\n\nMoving to FreeBSD\n\n\nIn this blog post, Randy Westlund takes us through his journey of moving from Gentoo over to FreeBSD\nInspired in part due to Systemd, he first spent some time on Wikipedia reading about BSD before taking the plunge to grab FreeBSD and give it a whirl in a VM.\n\"My first impression was that installation was super easy. Installing Gentoo is done manually and can be a \"fun\" weekend adventure if you're not sure what you're doing. I can spin up a new FreeBSD VM in five minutes.\"\n\"There's a man page for everything! And they're well-written! Gentoo has the best documentation of any Linux distro I've used, but FreeBSD is on another level. With a copy of the FreeBSD Handbook and the system man pages, I can actually get things done without tabbing over to Google every five minutes.\"\nHe goes on to mention everything from Init system, Jails, Security, Community and License, a well-rounded article. \nAlso gives a nice shout-out to PC-BSD as an even easier way to get started on a FreeBSD journey, thanks!\nShout out to Matt for tipping us to this blog post\n***\n\n\nOpenBSD Enables GPT by default \n\n\nLooks like OpenBSD has taken the plunge and enabled GPT by default now\nKen Westerback does us the honors, by removing the kernel option for GPT\nUsers on -CURRENT should give this a whirl, and of course report issues back upstream\nCredit to Jona for writing in about this one\n***\n\n\nDISCUSSION: Are reproducible builds worth-while?\n\n\nIn this weeks article / rant, Ted takes on the notion of reproducible builds being the end-all be-all for security. \nWhat about compiler backdoors?\nThis does not prevent shellshock, or other bugs in the code itself\nPersonally, I.m all in favor, another .Trust but verify. mechanism of the distributed binaries, plus it makes it handy to do source builds and not end up with various checksum changes where no code actually changed. \n***\n\n\nFeedback/Questions\n\n\nDavid writes in\nPossnfiffer writes in\nDaniel writes in\n***\n","content_html":"\u003cp\u003eThis week, we are going to be talking with Aaron Poffenberger, who has much to share about his first-hand experience in infiltrating Linux conferences with BSD-goodness.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/changeset/base/r287621\" rel=\"nofollow\"\u003eAlexander Motin implements CTL High Availability\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCTL HA allows two .head. nodes to be connected to the same set of disks, safely\u003c/li\u003e\n\u003cli\u003eAn HA storage appliance usually consists of 2 totally separate servers, connected to a shared set of disks in separate JBOD sleds\u003c/li\u003e\n\u003cli\u003eThe problem with this setup is that if both machines try to use the disks at the same time, bad things will happen\u003c/li\u003e\n\u003cli\u003eWith CTL HA, the two nodes can communicate, in this case over a special TCP protocol, to coordinate and make sure they do not step on each others toes, allowing safe operation\u003c/li\u003e\n\u003cli\u003eThe CTL HA implementation in FreeBSD can operate in the following four modes:\u003c/li\u003e\n\u003cli\u003eActive/Unavailable -- without interlink between nodes\n\n\u003cul\u003e\n\u003cli\u003eActive/Standby -- with the second node handling only basic LUN discovery and\nreservation, synchronizing with the first node through the interlink\u003c/li\u003e\n\u003cli\u003eActive/Active -- with both nodes processing commands and accessing the\nbacking storage, synchronizing with the first node through the interlink\u003c/li\u003e\n\u003cli\u003eActive/Proxy -- with second node working as proxy, transferring all\ncommands to the first node for execution through the interlink\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eThe custom TCP protocol has no authentication, so it should never be enabled on public interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=287707\" rel=\"nofollow\"\u003eDoc Update\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/d13e957b0d66a395b3736c43f18972c282bbd58a\" rel=\"nofollow\"\u003ePanel Self-Refresh support lands in DragonFlyBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn what seems almost weekly improvements being made to the Xorg stack for DragonFly, we now have Panel Self-Refresh landing, thanks to Imre Vadász\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.anandtech.com/show/7208/understanding-panel-self-refresh\" rel=\"nofollow\"\u003eUnderstanding Panel Self-Refresh\u003c/a\u003e and \u003ca href=\"http://www.hardwaresecrets.com/introducing-the-panel-self-refresh-technology/\" rel=\"nofollow\"\u003eMore about Panel Self-Refresh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn a nutshell, the above articles talks about how in the case of static images on the screen, power-savings can be obtained by refreshing static images from display memory (frame-buffer), disabling the video processing of the CPU/GPU and associated pipeline during the process. \u003c/li\u003e\n\u003cli\u003eAnd just for good measure, Imre also committed some further Intel driver cleanup, \u003ca href=\"http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/6b231eab9db5ef4d4dc3816487d8e3d48941e0e2\" rel=\"nofollow\"\u003ereducing the diff with Linux 3.17\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://bitbucket.org/stevedrake/sluice\" rel=\"nofollow\"\u003eIntroducing Sluice, a new ZFS snapshot management tool\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new ZFS snapshot management tool written in Python and modeled after Apple.s Time Machine\u003c/li\u003e\n\u003cli\u003eSimple command line interface\u003c/li\u003e\n\u003cli\u003eNo configuration files, settings are stored as ZFS user properties\u003c/li\u003e\n\u003cli\u003eIncludes simple remote replication support\u003c/li\u003e\n\u003cli\u003eCan operate on remote systems with the zfs://user@host/path@snapname url schema\u003c/li\u003e\n\u003cli\u003eFuture feature list includes .import. command to moved files from non-ZFS storage to ZFS and create a snapshot, and .export. to do the inverse\u003c/li\u003e\n\u003cli\u003eThanks to Dan for tipping us about this new project\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.wired.com/2015/09/whatsapp-serves-900-million-users-50-engineers/\" rel=\"nofollow\"\u003eWhy WhatsApp only needs 50 engineers for 900 million users\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWired has a good write-up on the behind-the-scenes work taking place at WhatsApp\u003c/li\u003e\n\u003cli\u003eWhile the article mentions FreeBSD, it spends the bulk of its discussion about Erlang and using its scalable concurrency and deployment of new code to running processes. \u003c/li\u003e\n\u003cli\u003eFB messenger uses Haskell to accomplish much the same thing, while Google and Mozilla are currently trying to bring the same level of flexibility to Go and Rust respectively. \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=57Ch2j8U0lk\" rel=\"nofollow\"\u003evideo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThanks to Ed for submitting this news item\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Aaron Poffenberger - \u003ca href=\"mailto:akp@hypernote.com\" rel=\"nofollow\"\u003eemail@email\u003c/a\u003e / \u003ca href=\"https://twitter.com/akpoff\" rel=\"nofollow\"\u003e@akpoff\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD in a strange place\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eKM: Go ahead and tell us about yourself and how did you first get involved with BSD?\u003c/li\u003e\n\u003cli\u003eAJ: You.ve presented recently at Texas Linux Fest, both on FreeBSD and FreeNAS. What specifically prompted you to do that?\u003c/li\u003e\n\u003cli\u003eKM: What would you say are the main selling points when presenting BSD to Linux users and admins? \u003c/li\u003e\n\u003cli\u003eAJ: On the flip side of this topic, in what areas to do you think we could improve BSD to present better to Linux users?\u003c/li\u003e\n\u003cli\u003eKM: What would you specifically recommend to other BSD users or fans who may also want to help present or teach about BSD? Any things specifically to avoid?\u003c/li\u003e\n\u003cli\u003eAJ: What is the typical depth of knowledge you encounter when presenting BSD to a mostly Linux crowd? Any surprises when doing so?\u003c/li\u003e\n\u003cli\u003eKM: Since you have done this before, are you mainly writing your own material or borrowing from other talks that have been done on BSD? Do you think there.s a place for some collaboration, maybe having a repository of materials that can be used for other BSD presenters at their local linux conference / LUG?\u003c/li\u003e\n\u003cli\u003eAJ: Since you are primarily an OpenBSD user have you thought about doing any talks related to it? Is OpenBSD something on the radar of the typical Linux conference-goer?\u003c/li\u003e\n\u003cli\u003eKM: Is there anything else you would like to mention before we wrap up?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ghostbsd.org/10.1_release_eve\" rel=\"nofollow\"\u003eGhostBSD 10.1 released \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGhostBSD has given us a new release, this time it also includes XFCE as an alternative to the MATE desktop\u003c/li\u003e\n\u003cli\u003eThe installer has been updated to allow using GRUB, BSD loader, or none at all\u003c/li\u003e\n\u003cli\u003eIt also includes the new OctoPKG manager, which proves a Qt driven front-end to pkgng\u003c/li\u003e\n\u003cli\u003eThanks to Shawn for submitting this\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.textplain.net/blog/2015/moving-to-freebsd/\" rel=\"nofollow\"\u003eMoving to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this blog post, Randy Westlund takes us through his journey of moving from Gentoo over to FreeBSD\u003c/li\u003e\n\u003cli\u003eInspired in part due to Systemd, he first spent some time on Wikipedia reading about BSD before taking the plunge to grab FreeBSD and give it a whirl in a VM.\u003c/li\u003e\n\u003cli\u003e\u0026quot;My first impression was that installation was super easy. Installing Gentoo is done manually and can be a \u0026quot;fun\u0026quot; weekend adventure if you\u0026#39;re not sure what you\u0026#39;re doing. I can spin up a new FreeBSD VM in five minutes.\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u0026quot;There\u0026#39;s a man page for everything! And they\u0026#39;re well-written! Gentoo has the best documentation of any Linux distro I\u0026#39;ve used, but FreeBSD is on another level. With a copy of the FreeBSD Handbook and the system man pages, I can actually get things done without tabbing over to Google every five minutes.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe goes on to mention everything from Init system, Jails, Security, Community and License, a well-rounded article. \u003c/li\u003e\n\u003cli\u003eAlso gives a nice shout-out to PC-BSD as an even easier way to get started on a FreeBSD journey, thanks!\u003c/li\u003e\n\u003cli\u003eShout out to Matt for tipping us to this blog post\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=144190275908215\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD Enables GPT by default \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLooks like OpenBSD has taken the plunge and enabled GPT by default now\u003c/li\u003e\n\u003cli\u003eKen Westerback does us the honors, by removing the kernel option for GPT\u003c/li\u003e\n\u003cli\u003eUsers on -CURRENT should give this a whirl, and of course report issues back upstream\u003c/li\u003e\n\u003cli\u003eCredit to Jona for writing in about this one\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/reproducible-builds-are-a-waste-of-time\" rel=\"nofollow\"\u003eDISCUSSION: Are reproducible builds worth-while?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this weeks article / rant, Ted takes on the notion of reproducible builds being the end-all be-all for security. \u003c/li\u003e\n\u003cli\u003eWhat about compiler backdoors?\u003c/li\u003e\n\u003cli\u003eThis does not prevent shellshock, or other bugs in the code itself\u003c/li\u003e\n\u003cli\u003ePersonally, I.m all in favor, another .Trust but verify. mechanism of the distributed binaries, plus it makes it handy to do source builds and not end up with various checksum changes where no code actually changed. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Q7XjxNH\" rel=\"nofollow\"\u003eDavid writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2QtE6XzJK\" rel=\"nofollow\"\u003ePossnfiffer writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20uloOljw\" rel=\"nofollow\"\u003eDaniel writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, we are going to be talking with Aaron Poffenberger, who has much to share about his first-hand experience in infiltrating Linux conferences with BSD-goodness.","date_published":"2015-09-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5bead015-3333-45fa-bfba-838f2d3a8801.mp3","mime_type":"audio/mpeg","size_in_bytes":62196052,"duration_in_seconds":5182}]},{"id":"56f32661-ba43-4458-8d3b-9ef39c55be8c","title":"106: Multipath TCP","url":"https://www.bsdnow.tv/106","content_text":"This week, we have Nigel Williams here to bring us all sorts of info about Multipath TCP, what it is, how it works and the ongoing effort to bring it into FreeBSD. All that and of course the latest BSD news coming your way, right now!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBacking out changes doesn.t always pinpoint the problem \n\n\nPeter Wemm brings us a fascinating look at debugging an issue which occurred on the FreeBSD build cluster recently. \nBottom line? Backing out something isn.t necessarily the fix, rather it should be apart of the diagnostic process\nIn this particular case, a change to some mmap() functionality ended up exposing a bug in the kernel.s page fault handler which existed since (wait for it.) 1997!\nAs Peter mentions at the bottom of the Article, this bug had been showing up for years, but was sporadic and often written off as a networking hiccup. \n***\n\n\nBSD Router Project benchmarks new routing changes to FreeBSD \n\n\nA project branch of FreeBSD -CURRENT has been created with a number of optimizations to the routing code\nAlexander V. Chernikov (melifaro@).s routing branch \nThe net result is an almost doubling of peak performance in packets per second\nPerformance scales well with the number of NIC queues (2 queues is 88% faster than 1 queue, 3 is 270% faster). Unlike the previous code, when the number of queues hits 4, performance is down by only 10%, instead of being cut nearly in half\nOther Benchmark Results, and the tools to do your own tests \n***\n\n\nWhen is SSL not SSL?\n\n\nOur buddy Ted has a good write-up on a weird situation related to licensing of stunnel and LibreSSL\nThe problem exists due to stunnel being released with a different license, that is technically incompatible with the GPL, as well as linking against non-OpenSSL versions. \nThe author has also decided to create specific named exceptions when the *SSL lib is part of the base operating system, but does not personally consider LibreSSL as a valid linking target on its own\nTed points out that the LibreSSL team considers LibreSSL == OpenSSL, so this may be a moot concern\n***\n\n\nUpdate on systembsd \n\n\nWe.ve mentioned the GSoC project to create a SystemD shim in OpenBSD before. Now we have the slides from Ian Sutton talking about this project. \nAs a refresher, this project is to take DBUS and create daemons emulating various systemd components, such as hostnamed, localed, timedated, and friends. \nWritten from scratch in C, it was mainly created in the hopes of becoming a port, allowing Gnome and related tools to function on OpenBSD. \nThis is a good read, especially for current or aspiring porters who want to bring over newer versions of applications which now depend upon SystemD. \n***\n\n\nInterview - Nigel Williams - [njwilliams@swin.edu.au](njwilliams@swin.edu.au)\n\nMultipath TCP\n\n\n\nNews Roundup\n\nOpenBSD UEFI boot loader\n\n\nWe.ve mentioned the ongoing work to bring UEFI booting to OpenBSD and it looks like this has now landed in the tree\nThe .fdisk. utility has also been updated with a new -b flag, when used  with .-i. will create the special EFI system partition on amd64/i386 . (http://marc.info/?l=openbsd-cvs\u0026amp;m=144139348416071\u0026amp;w=2)\nSome twitter benchmarks \n***\n\n\nFreeBSD Journal, July/August issue \n\n\nThe latest issue of the FreeBSD Journal has arrived\nAs always, the Journal opens with a letter from the FreeBSD Foundation \nFeature Articles:\nGroupon's Deal on FreeBSD -- How to drive adoption of FreeBSD at your organization, and lessons learned in retraining Linux sysadmins\nFreeBSD: The Isilon Experience -- Mistakes not to make when basing a product on FreeBSD. TL;DR: track head\nReflections on FreeBSD.org: Packages -- A status update on where we are with binary packages, what issues have been overcome, and which still remain\nInside the Foundation -- An overview of some of the things you might not be aware that the FreeBSD Foundation is doing to support the project and attract the next generation of committers\nIncludes a book review of .The Practise of System and Network Administration.\nAs usual, various other reports are included: The Ports Report, SVN Update, A conference report, a report from the Essen hackathon, and the Event Calendar\n***\n\n\nBuilding ARMv6 packages on FreeBSD, the easy way \n\n\nPreviously we have discussed how to build ARMv6 packages on FreeBSD\nWe also interviewed Sean Bruno about his work in this area\nThankfully, over time this process has been simplified, and no longer requires a lot of manual configuration, or fussing with the .image activator.\nNow, you can just build packages for your Raspberry Pi or similar device, just as simply as you would build for x86, it just takes longer to build.\n***\n\n\nNew PC-BSD Release Schedule\n\n\nThe PC-BSD Team has announce an updated release schedule for beyond 10.2\nThis schedule follows more closely the FreeBSD schedules, with major releases only occurring when FreeBSD does the next point update, or major version bump. \nPC-BSD.s source tree has been split into master(current) and stable as well\nPRODUCTION / EDGE packages will be built from stable, with PRODUCTION updated monthly now. The -CURRENT monthly images will contain the master source builds. \n***\n\n\nFeedback/Questions\n\n\nJoris writes in\n Anonymous \n Darin \n***\n","content_html":"\u003cp\u003eThis week, we have Nigel Williams here to bring us all sorts of info about Multipath TCP, what it is, how it works and the ongoing effort to bring it into FreeBSD. All that and of course the latest BSD news coming your way, right now!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.crashed.org/dont-backout/\" rel=\"nofollow\"\u003eBacking out changes doesn.t always pinpoint the problem \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeter Wemm brings us a fascinating look at debugging an issue which occurred on the FreeBSD build cluster recently. \u003c/li\u003e\n\u003cli\u003eBottom line? Backing out something isn.t necessarily the fix, rather it should be apart of the diagnostic process\u003c/li\u003e\n\u003cli\u003eIn this particular case, a change to some mmap() functionality ended up exposing a bug in the kernel.s page fault handler which existed since (wait for it.) 1997!\u003c/li\u003e\n\u003cli\u003eAs Peter mentions at the bottom of the Article, this bug had been showing up for years, but was sporadic and often written off as a networking hiccup. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/ocochard/netbenchs/blob/master/Xeon_E5-2650-8Cores-Chelsio_T540-CR/nXxq10g/results/fbsd11-melifaro.r287531/README.md\" rel=\"nofollow\"\u003eBSD Router Project benchmarks new routing changes to FreeBSD \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA project branch of FreeBSD -CURRENT has been created with a number of optimizations to the routing code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/base/projects/routing/?view=log\" rel=\"nofollow\"\u003eAlexander V. Chernikov (melifaro@).s routing branch \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe net result is an almost doubling of peak performance in packets per second\u003c/li\u003e\n\u003cli\u003ePerformance scales well with the number of NIC queues (2 queues is 88% faster than 1 queue, 3 is 270% faster). Unlike the previous code, when the number of queues hits 4, performance is down by only 10%, instead of being cut nearly in half\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocochard/netbenchs\" rel=\"nofollow\"\u003eOther Benchmark Results, and the tools to do your own tests \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/the-peculiar-libretunnel-situation\" rel=\"nofollow\"\u003eWhen is SSL not SSL?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy Ted has a good write-up on a weird situation related to licensing of stunnel and LibreSSL\u003c/li\u003e\n\u003cli\u003eThe problem exists due to stunnel being released with a different license, that is technically incompatible with the GPL, as well as linking against non-OpenSSL versions. \u003c/li\u003e\n\u003cli\u003eThe author has also decided to create specific named exceptions when the *SSL lib is part of the base operating system, but does not personally consider LibreSSL as a valid linking target on its own\u003c/li\u003e\n\u003cli\u003eTed points out that the LibreSSL team considers LibreSSL == OpenSSL, so this may be a moot concern\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://darknedgy.net/files/systembsd.pdf\" rel=\"nofollow\"\u003eUpdate on systembsd \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe.ve mentioned the GSoC project to create a SystemD shim in OpenBSD before. Now we have the slides from Ian Sutton talking about this project. \u003c/li\u003e\n\u003cli\u003eAs a refresher, this project is to take DBUS and create daemons emulating various systemd components, such as hostnamed, localed, timedated, and friends. \u003c/li\u003e\n\u003cli\u003eWritten from scratch in C, it was mainly created in the hopes of becoming a port, allowing Gnome and related tools to function on OpenBSD. \u003c/li\u003e\n\u003cli\u003eThis is a good read, especially for current or aspiring porters who want to bring over newer versions of applications which now depend upon SystemD. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Nigel Williams - [\u003ca href=\"mailto:njwilliams@swin.edu.au\" rel=\"nofollow\"\u003enjwilliams@swin.edu.au\u003c/a\u003e](\u003ca href=\"mailto:njwilliams@swin.edu.au\" rel=\"nofollow\"\u003enjwilliams@swin.edu.au\u003c/a\u003e)\u003c/h2\u003e\n\n\u003cp\u003eMultipath TCP\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=144115942223734\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD UEFI boot loader\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe.ve mentioned the ongoing work to bring UEFI booting to OpenBSD and it looks like this has now landed in the tree\u003c/li\u003e\n\u003cli\u003eThe .fdisk. utility has also been updated with a new -b flag, when used  with .-i. will create the special EFI system partition on amd64/i386 . (\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=144139348416071\u0026w=2\" rel=\"nofollow\"\u003ehttp://marc.info/?l=openbsd-cvs\u0026amp;m=144139348416071\u0026amp;w=2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/mherrb/status/641004331035193344\" rel=\"nofollow\"\u003eSome twitter benchmarks \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/journal/vol2_no4/\" rel=\"nofollow\"\u003eFreeBSD Journal, July/August issue \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe latest issue of the FreeBSD Journal has arrived\u003c/li\u003e\n\u003cli\u003eAs always, the Journal opens with a letter from the FreeBSD Foundation \u003c/li\u003e\n\u003cli\u003eFeature Articles:\u003c/li\u003e\n\u003cli\u003eGroupon\u0026#39;s Deal on FreeBSD -- How to drive adoption of FreeBSD at your organization, and lessons learned in retraining Linux sysadmins\u003c/li\u003e\n\u003cli\u003eFreeBSD: The Isilon Experience -- Mistakes not to make when basing a product on FreeBSD. TL;DR: track head\u003c/li\u003e\n\u003cli\u003eReflections on FreeBSD.org: Packages -- A status update on where we are with binary packages, what issues have been overcome, and which still remain\u003c/li\u003e\n\u003cli\u003eInside the Foundation -- An overview of some of the things you might not be aware that the FreeBSD Foundation is doing to support the project and attract the next generation of committers\u003c/li\u003e\n\u003cli\u003eIncludes a book review of .The Practise of System and Network Administration.\u003c/li\u003e\n\u003cli\u003eAs usual, various other reports are included: The Ports Report, SVN Update, A conference report, a report from the Essen hackathon, and the Event Calendar\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/brd/2015/08/25/building-arm-packages-with-poudriere-the-simple-way/\" rel=\"nofollow\"\u003eBuilding ARMv6 packages on FreeBSD, the easy way \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePreviously we have discussed how to build ARMv6 packages on FreeBSD\u003c/li\u003e\n\u003cli\u003eWe also interviewed Sean Bruno about his work in this area\u003c/li\u003e\n\u003cli\u003eThankfully, over time this process has been simplified, and no longer requires a lot of manual configuration, or fussing with the .image activator.\u003c/li\u003e\n\u003cli\u003eNow, you can just build packages for your Raspberry Pi or similar device, just as simply as you would build for x86, it just takes longer to build.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/09/new-release-schedule-for-pc-bsd/\" rel=\"nofollow\"\u003eNew PC-BSD Release Schedule\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe PC-BSD Team has announce an updated release schedule for beyond 10.2\u003c/li\u003e\n\u003cli\u003eThis schedule follows more closely the FreeBSD schedules, with major releases only occurring when FreeBSD does the next point update, or major version bump. \u003c/li\u003e\n\u003cli\u003ePC-BSD.s source tree has been split into master(current) and stable as well\u003c/li\u003e\n\u003cli\u003ePRODUCTION / EDGE packages will be built from stable, with PRODUCTION updated monthly now. The -CURRENT monthly images will contain the master source builds. \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21cguSv7E\" rel=\"nofollow\"\u003eJoris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s217A5NNGg\" rel=\"nofollow\"\u003e Anonymous \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20HyiqJV0\" rel=\"nofollow\"\u003e Darin \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, we have Nigel Williams here to bring us all sorts of info about Multipath TCP, what it is, how it works and the ongoing effort to bring it into FreeBSD. All that and of course the latest BSD news coming your way, right now!","date_published":"2015-09-09T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/56f32661-ba43-4458-8d3b-9ef39c55be8c.mp3","mime_type":"audio/mpeg","size_in_bytes":48462196,"duration_in_seconds":4038}]},{"id":"09c955b0-1ecf-440f-9aa9-80dc2fb05a49","title":"105: Virginia BSD Assembly","url":"https://www.bsdnow.tv/105","content_text":"It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD hypervisor coming soon\n\n\nOur buddy Mike Larkin never rests, and he posted some very tight-lipped console output on Twitter recently\nFrom what little he revealed at the time, it appeared to be a new hypervisor (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled \"vmm\"\nLater on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is\nOriginally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation\nOne thing to note: this isn't just a port of something like Xen or Bhyve; it's all-new code, and Mike explains why he chose to go that route\nHe also answered some basic questions about the requirements, when it'll be available, what OSes it can run, what's left to do, how to get involved and so on\n***\n\n\nWhy FreeBSD should not adopt launchd\n\n\nLast week we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD\nOne of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we've learned)\nIn this article, the author talks about why he thinks this is a bad idea\nHe doesn't oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail\nThe post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities\nReddit had quite a bit to say about this one, some in agreement and some not\n***\n\n\nDragonFly graphics improvements\n\n\nThe DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack\nThis latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs\nYou should also see some power management improvements, longer battery life and various other bug fixes\nIf you're running DragonFly, especially on a laptop, you'll want to get this stuff on your machine quick - big improvements all around\n***\n\n\nOpenBSD tames the userland\n\n\nLast week we mentioned OpenBSD's tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are\nTheo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools\nIt's still a work-in-progress version; there's still more to be added (including the file path whitelist stuff)\nSome classic utilities are even being reworked to make taming them easier - the \"w\" command, for example\nThe diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)\nMore discussion can be found on HN, as one might expect\nIf you're a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release\n***\n\n\nInterview - Scott Courtney - vbsdcon@verisign.com / @verisign\n\nvBSDCon 2015\n\n\n\nNews Roundup\n\nOPNsense, beyond the fork\n\n\nWe first heard about OPNsense back in January, and they've since released nearly 40 versions, spanning over 5,000 commits\nThis is their first big status update, covering some of the things that've happened since the project was born\nThere's been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything\n***\n\n\nLibreSSL nukes SSLv3\n\n\nWith their latest release, LibreSSL began to turn off SSLv3 support, starting with the \"openssl\" command\nAt the time, SSLv3 wasn't disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)\nThey've now flipped the switch, and the process of complete removal has started\nFrom the Undeadly summary, \"This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!\"\nWith this change and a few more to follow shortly, Libre*SSL* won't actually support SSL anymore - time to rename it \"LibreTLS\"\n***\n\n\nFreeBSD MPTCP updated\n\n\nFor anyone unaware, Multipath TCP is \"an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy.\"\nThere's been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated\nIncluding in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements\nSome big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start\n***\n\n\nUEFI and GPT in OpenBSD\n\n\nThere hasn't been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently\nSome support for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review\nThis comes along with a number of other commits related to GPT, much of which is being refactored and slowly reintroduced\nCurrently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should \"just work\" with GPT (once everything's in)\nThe UEFI bootloader support has been committed, so stay tuned for more updates as further progress is made\n***\n\n\nFeedback/Questions\n\n\nJohn writes in\nMason writes in\nEarl writes in\n***\n","content_html":"\u003cp\u003eIt\u0026#39;s already our two-year anniversary! This time on the show, we\u0026#39;ll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year\u0026#39;s vBSDCon. What\u0026#39;s it have to offer in an already-crowded BSD conference space? We\u0026#39;ll find out.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=144104398132541\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD hypervisor coming soon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy Mike Larkin never rests, and he posted some very tight-lipped \u003ca href=\"http://pastebin.com/raw.php?i=F2Qbgdde\" rel=\"nofollow\"\u003econsole output\u003c/a\u003e on Twitter recently\u003c/li\u003e\n\u003cli\u003eFrom what little he revealed \u003ca href=\"https://twitter.com/mlarkin2012/status/638265767864070144\" rel=\"nofollow\"\u003eat the time\u003c/a\u003e, it appeared to be a new \u003ca href=\"https://en.wikipedia.org/wiki/Hypervisor\" rel=\"nofollow\"\u003ehypervisor\u003c/a\u003e (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled \u0026quot;vmm\u0026quot;\u003c/li\u003e\n\u003cli\u003eLater on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is\u003c/li\u003e\n\u003cli\u003eOriginally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation\u003c/li\u003e\n\u003cli\u003eOne thing to note: this \u003cstrong\u003eisn\u0026#39;t\u003c/strong\u003e just a port of something like Xen or Bhyve; it\u0026#39;s all-new code, and Mike explains why he chose to go that route\u003c/li\u003e\n\u003cli\u003eHe also answered some basic questions about the requirements, when it\u0026#39;ll be available, what OSes it can run, what\u0026#39;s left to do, how to get involved and so on\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.darknedgy.net/technology/2015/08/26/0/\" rel=\"nofollow\"\u003eWhy FreeBSD should not adopt launchd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2015_08_26-beverly_hills_25519\" rel=\"nofollow\"\u003eLast week\u003c/a\u003e we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD\u003c/li\u003e\n\u003cli\u003eOne of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we\u0026#39;ve learned)\u003c/li\u003e\n\u003cli\u003eIn this article, the author talks about why he thinks this is a bad idea\u003c/li\u003e\n\u003cli\u003eHe doesn\u0026#39;t oppose the integration into FreeBSD-\u003cem\u003ederived\u003c/em\u003e projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail\u003c/li\u003e\n\u003cli\u003eThe post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities\u003c/li\u003e\n\u003cli\u003eReddit had \u003ca href=\"https://www.reddit.com/r/BSD/comments/3ilhpk\" rel=\"nofollow\"\u003equite a bit\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/freebsd/comments/3ilj4i\" rel=\"nofollow\"\u003eto say\u003c/a\u003e about this one, some in agreement and some not\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-August/458108.html\" rel=\"nofollow\"\u003eDragonFly graphics improvements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack\u003c/li\u003e\n\u003cli\u003eThis latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs\u003c/li\u003e\n\u003cli\u003eYou should also see some power management improvements, longer battery life and various other bug fixes\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re running DragonFly, especially on a laptop, you\u0026#39;ll want to get this stuff on your machine quick - big improvements all around\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=144070638327053\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD tames the userland\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLast week we mentioned OpenBSD\u0026#39;s tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are\u003c/li\u003e\n\u003cli\u003eTheo posted a \u003cem\u003emega diff\u003c/em\u003e of nearly 100 smaller diffs, adding tame support to many areas of the userland tools\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s still a work-in-progress version; there\u0026#39;s still more to be added (including the file path whitelist stuff)\u003c/li\u003e\n\u003cli\u003eSome classic utilities are even being reworked to make taming them easier - \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144103945031253\u0026w=2\" rel=\"nofollow\"\u003ethe \u0026quot;w\u0026quot; command\u003c/a\u003e, for example\u003c/li\u003e\n\u003cli\u003eThe diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)\u003c/li\u003e\n\u003cli\u003eMore discussion can be found \u003ca href=\"https://news.ycombinator.com/item?id=10135901\" rel=\"nofollow\"\u003eon HN\u003c/a\u003e, as one might expect\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Scott Courtney - \u003ca href=\"mailto:vbsdcon@verisign.com\" rel=\"nofollow\"\u003evbsdcon@verisign.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/verisign\" rel=\"nofollow\"\u003e@verisign\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://vbsdcon.com/\" rel=\"nofollow\"\u003evBSDCon\u003c/a\u003e 2015\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opnsense.org/opnsense-beyond-the-fork\" rel=\"nofollow\"\u003eOPNsense, beyond the fork\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe first \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach\" rel=\"nofollow\"\u003eheard about\u003c/a\u003e OPNsense back in January, and they\u0026#39;ve since released nearly \u003cstrong\u003e40\u003c/strong\u003e versions, spanning over \u003cstrong\u003e5,000\u003c/strong\u003e commits\u003c/li\u003e\n\u003cli\u003eThis is their first big status update, covering some of the things that\u0026#39;ve happened since the project was born\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150827112006\" rel=\"nofollow\"\u003eLibreSSL nukes SSLv3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith their latest release, LibreSSL began to turn off \u003ca href=\"http://disablessl3.com\" rel=\"nofollow\"\u003eSSLv3\u003c/a\u003e support, starting with the \u0026quot;openssl\u0026quot; command\u003c/li\u003e\n\u003cli\u003eAt the time, SSLv3 wasn\u0026#39;t disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve now flipped the switch, and the process of complete removal has started\u003c/li\u003e\n\u003cli\u003eFrom the Undeadly summary, \u0026quot;This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!\u0026quot;\u003c/li\u003e\n\u003cli\u003eWith this change and a few more to follow shortly, Libre*SSL* won\u0026#39;t actually \u003cem\u003esupport SSL\u003c/em\u003e anymore - time to rename it \u0026quot;LibreTLS\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://caia.swin.edu.au/urp/newtcp/mptcp/tools/v05/mptcp-readme-v0.5.txt\" rel=\"nofollow\"\u003eFreeBSD MPTCP updated\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor anyone unaware, \u003ca href=\"https://en.wikipedia.org/wiki/Multipath_TCP\" rel=\"nofollow\"\u003eMultipath TCP\u003c/a\u003e is \u0026quot;an ongoing effort of the Internet Engineering Task Force\u0026#39;s (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated\u003c/li\u003e\n\u003cli\u003eIncluding in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements\u003c/li\u003e\n\u003cli\u003eSome big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144092912907778\u0026w=2\" rel=\"nofollow\"\u003eUEFI and GPT in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere hasn\u0026#39;t been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently\u003c/li\u003e\n\u003cli\u003eSome \u003ca href=\"https://github.com/yasuoka/openbsd-uefi\" rel=\"nofollow\"\u003esupport\u003c/a\u003e for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review\u003c/li\u003e\n\u003cli\u003eThis comes along with a \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143732984925140\u0026w=2\" rel=\"nofollow\"\u003enumber\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144088136200753\u0026w=2\" rel=\"nofollow\"\u003eof\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144046793225230\u0026w=2\" rel=\"nofollow\"\u003eother\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144045760723039\u0026w=2\" rel=\"nofollow\"\u003ecommits\u003c/a\u003e related to GPT, much of which is being refactored and slowly reintroduced\u003c/li\u003e\n\u003cli\u003eCurrently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should \u0026quot;just work\u0026quot; with GPT (once everything\u0026#39;s in)\u003c/li\u003e\n\u003cli\u003eThe UEFI bootloader support \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144115942223734\u0026w=2\" rel=\"nofollow\"\u003ehas been committed\u003c/a\u003e, so stay tuned for \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150902074526\u0026mode=flat\" rel=\"nofollow\"\u003emore updates\u003c/a\u003e as \u003ca href=\"https://twitter.com/kotatsu_mi/status/638909417761562624\" rel=\"nofollow\"\u003efurther\u003c/a\u003e \u003ca href=\"https://twitter.com/yojiro/status/638189353601097728\" rel=\"nofollow\"\u003eprogress\u003c/a\u003e is made\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2sIWfb3Qh\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Ybrx00KI\" rel=\"nofollow\"\u003eMason writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20FpmR7ZW\" rel=\"nofollow\"\u003eEarl writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out.","date_published":"2015-09-02T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/09c955b0-1ecf-440f-9aa9-80dc2fb05a49.mp3","mime_type":"audio/mpeg","size_in_bytes":47635924,"duration_in_seconds":3969}]},{"id":"0bc0c068-36fe-429f-b7f4-38ac01fb7f19","title":"104: Beverly Hills 25519","url":"https://www.bsdnow.tv/104","content_text":"Coming up this week on the show, we'll be talking with Damien Miller of the OpenSSH team. Their 7.0 release has some major changes, including phasing out older crypto and changing one of the defaults that might surprise you.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEdgeRouter Lite, meet OpenBSD\n\n\nThe ERL, much like the Raspberry Pi and a bunch of other cheap boards, is getting more and more popular as more things get ported to run on it \nWe've covered installing NetBSD and FreeBSD on them before, but OpenBSD has gotten a lot better support for them as well now (including the onboard storage in 5.8)\nTed Unangst got a hold of one recently and kindly wrote up some notes about installing and using OpenBSD on it\nHe covers doing a network install, getting the (slightly strange) bootloader working with u-boot and some final notes about the hardware\nMore discussion can be found on Hacker News and various other places\nOne thing to note about these devices: because of their MIPS64 processor, they'll have weaker ASLR than X86 CPUs (and no WX at all)\n***\n\n\nDesign and Implementation of the FreeBSD Operating System interview\n\n\nFor those who don't know, the \"Design and Implementation of the FreeBSD Operating System\" is a semi-recently-revived technical reference book for FreeBSD development\nInfoQ has a review of the book up for anyone who might be interested, but they also have an interview the authors\n\"The book takes an approach to FreeBSD from inside out, starting with kernel services, then moving to process and memory management, I/O and devices, filesystems, IPC and network protocols, and finally system startup and shutdown. The book provides dense, technical information in a clear way, with lots of pseudo-code, diagrams, and tables to illustrate the main points.\"\nAside from detailing a few of the chapters, the interview covers who the book's target audience is, some history of the project, long-term support, some of the newer features and some general OS development topics\n***\n\n\nPath list parameter in OpenBSD tame\n\n\nWe've mentioned OpenBSD's relatively new \"tame\" subsystem a couple times before: it's an easy-to-implement \"self-containment\" framework, allowing programs to have a reduced feature set mode with even less privileges\nOne of the early concerns from users of other process containment tools was that tame was too broad in the way it separated disk access - you could either read/write files or not, nothing in between\nNow there's the option to create a whitelist of specific files and directories that your binary is allowed to access, giving a much finer-grained set of controls to developers\nThe next step is to add tame restraints to the OpenBSD userland utilities, which should probably be done by 5.9\nMore discussion can be found on Reddit and Hacker News\n***\n\n\nFreeBSD \u0026amp; PC-BSD 10.2-RELEASE\n\n\nThe FreeBSD team has released the second minor version bump to the 10.x branch, including all the fixes from 10-STABLE since 10.1 came out\nThe Linux compatibility layer has been updated to support CentOS 6, rather than the much older Fedora Core base used previously, and the DRM graphics code has been updated to match Linux 3.8.13\nNew installations (and newly-upgraded systems) will use the quarterly binary package set, rather than the rolling release model that most people are used to\nA VXLAN driver was added, allowing you to create virtual LANs by encapsulating the ethernet frame in a UDP packet\nThe bhyve codebase is much newer, enabling support for AMD CPUs with SVM and AMD-V extensions\nARM and ARM64 code saw some fixes and improvements, including SMP support on a few specific boards and support for a few new boards\nThe bootloader now supports entering your GELI passphrase before loading the kernel in full disk encryption setups\nIn addition to assorted userland fixes and driver improvements, various third party tools in the base system were updated: resolvconf, ISC NTPd, netcat, file, unbound, OpenSSL, sendmail\nCheck the full release notes for the rest of the details and changes\nPC-BSD also followed with their 10.2-RELEASE, sporting a few more additional features\n***\n\n\nInterview - Damien Miller - djm@openbsd.org / @damienmiller\n\nOpenSSH: phasing out broken crypto, default cipher changes\n\n\n\nNews Roundup\n\nNetBSD at Open Source Conference Shimane\n\n\nWe weren't the only ones away at conferences last week - the Japanese NetBSD guys are always raiding one event or another\nThis time they had NetBSD running on some Sony NWS devices (MIPS-based)\nJavaStations were also on display - something we haven't ever seen before (made between 1996-2000)\n***\n\n\nBAFUG videos\n\n\nThe Bay Area FreeBSD users group has been uploading some videos of their recent meetings\nDevin Teske hosts the first one, discussing adding GELI support to the bootloader, including some video demonstrations of how it works\nShortly after beginning, Adrian Chadd takes over the conversation and they discuss various problems (and solutions) related to the bootloader - for example, how can we type encryption passwords with non-US keyboard layouts\nIn a second video, Jordan Hubbard and Kip Macy introduce \"NeXTBSD aka FreeBSD X\"\nIn it, they discuss their ideas of merging more Mac OS X features into FreeBSD (launchd to replace the init system, some APIs, etc)\nPeople should record presentations at their BSD users groups and send them to us\n***\n\n\nL2TP over IPSEC on OpenBSD\n\n\nIf you've got an OpenBSD box and some Mac OS X clients that need secure communications, surprise: they can work together pretty well\nUsing only the base tools in both operating systems, you can build a nice IPSEC setup for tunneling all your traffic\nThis guide specifically covers L2TP, using npppd and pre-shared keys\nServer setup, client setup, firewall configuration and routing-related settings are all covered in detail\n***\n\n\nReliable bare metal with TrueOS\n\n\nImagine a server version of PC-BSD with some useful utilities preinstalled - that's basically TrueOS\nThis article walks you through setting up a FreeBSD -CURRENT server (using TrueOS) to create a pretty solid backup solution\nMost importantly, he also covers how to keep everything redundant and deal with hard drives failing\nThe author chose to go with the -CURRENT branch because of the delay between regular releases, and newer features not making their way to users as fast as he'd like\nAnother factor is that there are no binary snapshots of FreeBSD -CURRENT that can be easily used for in-place upgrades, but with TrueOS (and some other BSDs) there are\n***\n\n\nKernel WX on i386\n\n\nWe mentioned some big WX kernel changes in OpenBSD a while back, but the work was mainly for x86_64 CPU architecture (which makes sense; that's what most people run now)\nMike Larkin is back again, and isn't leaving the people with older hardware out, committing similar kernel work into the i386 platform now as well\nCheck out our interview with Mike for some more background info on memory protections like WX\n***\n\n\nFeedback/Questions\n\n\nMarkus writes in\nSean writes in\nTheo writes in\n***\n","content_html":"\u003cp\u003eComing up this week on the show, we\u0026#39;ll be talking with Damien Miller of the OpenSSH team. Their 7.0 release has some major changes, including phasing out older crypto and changing one of the defaults that might surprise you.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/OpenBSD-on-ERL\" rel=\"nofollow\"\u003eEdgeRouter Lite, meet OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ERL, much like the Raspberry Pi and a bunch of other cheap boards, is getting more and more popular as more things get ported to run on it \u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve covered installing NetBSD and FreeBSD on them before, but OpenBSD has gotten a lot better support for them as well now (including the onboard storage in 5.8)\u003c/li\u003e\n\u003cli\u003eTed Unangst got a hold of one recently and kindly wrote up some notes about installing and using OpenBSD on it\u003c/li\u003e\n\u003cli\u003eHe covers doing a network install, getting the (slightly strange) bootloader working with u-boot and some final notes about the hardware\u003c/li\u003e\n\u003cli\u003eMore discussion can be found \u003ca href=\"https://news.ycombinator.com/item?id=10079210\" rel=\"nofollow\"\u003eon Hacker News\u003c/a\u003e and \u003ca href=\"https://www.reddit.com/r/openbsd/comments/3hgf2c\" rel=\"nofollow\"\u003evarious\u003c/a\u003e \u003ca href=\"https://www.marc.info/?t=143974140500001\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003eother\u003c/a\u003e \u003ca href=\"https://lobste.rs/s/acz9bu/openbsd_on_edgerouter_lite\" rel=\"nofollow\"\u003eplaces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOne thing to \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=143991822827285\u0026w=2\" rel=\"nofollow\"\u003enote\u003c/a\u003e about these devices: because of their MIPS64 processor, they\u0026#39;ll have weaker ASLR than X86 CPUs (and no W\u003csup\u003eX\u003c/sup\u003e at all)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.infoq.com/articles/freebsd-design-implementation-review\" rel=\"nofollow\"\u003eDesign and Implementation of the FreeBSD Operating System interview\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor those who don\u0026#39;t know, the \u0026quot;Design and Implementation of the FreeBSD Operating System\u0026quot; is a semi-recently-revived technical reference book for FreeBSD development\u003c/li\u003e\n\u003cli\u003eInfoQ has a review of the book up for anyone who might be interested, but they also have an interview the authors\u003c/li\u003e\n\u003cli\u003e\u0026quot;The book takes an approach to FreeBSD from inside out, starting with kernel services, then moving to process and memory management, I/O and devices, filesystems, IPC and network protocols, and finally system startup and shutdown. The book provides dense, technical information in a clear way, with lots of pseudo-code, diagrams, and tables to illustrate the main points.\u0026quot;\u003c/li\u003e\n\u003cli\u003eAside from detailing a few of the chapters, the interview covers who the book\u0026#39;s target audience is, some history of the project, long-term support, some of the newer features and some general OS development topics\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144027474117290\u0026w=2\" rel=\"nofollow\"\u003ePath list parameter in OpenBSD tame\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve mentioned OpenBSD\u0026#39;s relatively new \u0026quot;\u003ca href=\"https://marc.info/?l=openbsd-tech\u0026m=143725996614627\u0026w=2\" rel=\"nofollow\"\u003etame\u003c/a\u003e\u0026quot; subsystem a couple times before: it\u0026#39;s an easy-to-implement \u0026quot;self-containment\u0026quot; framework, allowing programs to have a reduced feature set mode with even less privileges\u003c/li\u003e\n\u003cli\u003eOne of the early concerns from users of other process containment tools was that tame was too broad in the way it separated disk access - you could either read/write files or not, nothing in between\u003c/li\u003e\n\u003cli\u003eNow there\u0026#39;s the option to create a whitelist of specific files and directories that your binary is allowed to access, giving a much finer-grained set of controls to developers\u003c/li\u003e\n\u003cli\u003eThe next step is to add tame restraints to the OpenBSD userland utilities, which should probably be done by 5.9\u003c/li\u003e\n\u003cli\u003eMore discussion can be found \u003ca href=\"https://www.reddit.com/r/openbsd/comments/3i2lk7\" rel=\"nofollow\"\u003eon Reddit\u003c/a\u003e \u003ca href=\"https://news.ycombinator.com/item?id=10104886\" rel=\"nofollow\"\u003eand Hacker News\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/10.2R/announce.html\" rel=\"nofollow\"\u003eFreeBSD \u0026amp; PC-BSD 10.2-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD team has released the second minor version bump to the 10.x branch, including all the fixes from 10-STABLE since 10.1 came out\u003c/li\u003e\n\u003cli\u003eThe Linux compatibility layer has been updated to support CentOS 6, rather than the much older Fedora Core base used previously, and the DRM graphics code has been updated to match Linux 3.8.13\u003c/li\u003e\n\u003cli\u003eNew installations (and newly-upgraded systems) will use the quarterly binary package set, rather than the rolling release model that most people are used to\u003c/li\u003e\n\u003cli\u003eA VXLAN driver was added, allowing you to create virtual LANs by encapsulating the ethernet frame in a UDP packet\u003c/li\u003e\n\u003cli\u003eThe bhyve codebase is much newer, enabling support for AMD CPUs with SVM and AMD-V extensions\u003c/li\u003e\n\u003cli\u003eARM and ARM64 code saw some fixes and improvements, including SMP support on a few specific boards and support for a few new boards\u003c/li\u003e\n\u003cli\u003eThe bootloader now supports entering your GELI passphrase before loading the kernel in full disk encryption setups\u003c/li\u003e\n\u003cli\u003eIn addition to assorted userland fixes and driver improvements, various third party tools in the base system were updated: resolvconf, ISC NTPd, netcat, file, unbound, OpenSSL, sendmail\u003c/li\u003e\n\u003cli\u003eCheck the \u003ca href=\"https://www.freebsd.org/releases/10.2R/relnotes.html\" rel=\"nofollow\"\u003efull release notes\u003c/a\u003e for the rest of the details and changes\u003c/li\u003e\n\u003cli\u003ePC-BSD also followed with \u003ca href=\"http://blog.pcbsd.org/2015/08/pc-bsd-10-2-release-now-available\" rel=\"nofollow\"\u003etheir 10.2-RELEASE\u003c/a\u003e, sporting a few more additional features\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Damien Miller - \u003ca href=\"mailto:djm@openbsd.org\" rel=\"nofollow\"\u003edjm@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/damienmiller\" rel=\"nofollow\"\u003e@damienmiller\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenSSH: phasing out broken crypto, default cipher changes\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/08/22/msg000692.html\" rel=\"nofollow\"\u003eNetBSD at Open Source Conference Shimane\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe weren\u0026#39;t the only ones away at conferences last week - the Japanese NetBSD guys are always raiding one event or another\u003c/li\u003e\n\u003cli\u003eThis time they had NetBSD running on some Sony NWS devices (MIPS-based)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://en.wikipedia.org/wiki/JavaStation\" rel=\"nofollow\"\u003eJavaStations\u003c/a\u003e were also on display - something we haven\u0026#39;t ever seen before (made between 1996-2000)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=-XF20nitI90\" rel=\"nofollow\"\u003eBAFUG videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Bay Area FreeBSD users group has been uploading some videos of their recent meetings\u003c/li\u003e\n\u003cli\u003eDevin Teske hosts the first one, discussing adding GELI support to the bootloader, including some video demonstrations of how it works\u003c/li\u003e\n\u003cli\u003eShortly after beginning, Adrian Chadd takes over the conversation and they discuss various problems (and solutions) related to the bootloader - for example, how can we type encryption passwords with non-US keyboard layouts\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"https://www.youtube.com/watch?v=49sPYHh473U\" rel=\"nofollow\"\u003ea second video\u003c/a\u003e, Jordan Hubbard and Kip Macy introduce \u0026quot;NeXTBSD aka FreeBSD X\u0026quot;\u003c/li\u003e\n\u003cli\u003eIn it, they discuss their ideas of merging more Mac OS X features into FreeBSD (launchd to replace the init system, some APIs, etc)\u003c/li\u003e\n\u003cli\u003ePeople should record presentations at their BSD users groups and send them to us\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://frankgroeneveld.nl/2015/08/16/configuring-l2tp-over-ipsec-on-openbsd-for-mac-os-x-clients\" rel=\"nofollow\"\u003eL2TP over IPSEC on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve got an OpenBSD box and some Mac OS X clients that need secure communications, surprise: they can work together pretty well\u003c/li\u003e\n\u003cli\u003eUsing only the base tools in both operating systems, you can build a nice IPSEC setup for tunneling all your traffic\u003c/li\u003e\n\u003cli\u003eThis guide specifically covers L2TP, using npppd and pre-shared keys\u003c/li\u003e\n\u003cli\u003eServer setup, client setup, firewall configuration and routing-related settings are all covered in detail\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tubsta.com/2015/08/reliable-bare-metal-server-using-trueosfreebsd\" rel=\"nofollow\"\u003eReliable bare metal with TrueOS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eImagine a server version of PC-BSD with some useful utilities preinstalled - that\u0026#39;s basically TrueOS\u003c/li\u003e\n\u003cli\u003eThis article walks you through setting up a FreeBSD -CURRENT server (using TrueOS) to create a pretty solid backup solution\u003c/li\u003e\n\u003cli\u003eMost importantly, he also covers how to keep everything redundant and deal with hard drives failing\u003c/li\u003e\n\u003cli\u003eThe author chose to go with the -CURRENT branch because of the delay between regular releases, and newer features not making their way to users as fast as he\u0026#39;d like\u003c/li\u003e\n\u003cli\u003eAnother factor is that there are no binary snapshots of FreeBSD -CURRENT that can be easily used for in-place upgrades, but with TrueOS (and some other BSDs) there are\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=144047868127049\u0026w=2\" rel=\"nofollow\"\u003eKernel W\u003csup\u003eX\u003c/sup\u003e on i386\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned some big W\u003csup\u003eX\u003c/sup\u003e kernel changes in OpenBSD \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142120787308107\u0026w=2\" rel=\"nofollow\"\u003ea while back\u003c/a\u003e, but the work was mainly for x86_64 CPU architecture (which makes sense; that\u0026#39;s what most people run now)\u003c/li\u003e\n\u003cli\u003eMike Larkin is back again, and isn\u0026#39;t leaving the people with older hardware out, committing similar kernel work into the i386 platform now as well\u003c/li\u003e\n\u003cli\u003eCheck out \u003ca href=\"http://www.bsdnow.tv/episodes/2015_05_13-exclusive_disjunction\" rel=\"nofollow\"\u003eour interview with Mike\u003c/a\u003e for some more background info on memory protections like W\u003csup\u003eX\u003c/sup\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2iGoeYMyb\" rel=\"nofollow\"\u003eMarkus writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21bIFfmUS\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Hjm8Tsa\" rel=\"nofollow\"\u003eTheo writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week on the show, we'll be talking with Damien Miller of the OpenSSH team. Their 7.0 release has some major changes, including phasing out older crypto and changing one of the defaults that might surprise you.","date_published":"2015-08-26T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0bc0c068-36fe-429f-b7f4-38ac01fb7f19.mp3","mime_type":"audio/mpeg","size_in_bytes":58136116,"duration_in_seconds":4844}]},{"id":"227b2929-398f-4d82-b29d-80981ddcc4d7","title":"103: Ubuntu Slaughters Kittens","url":"https://www.bsdnow.tv/103","content_text":"Allan's away at BSDCam this week, but we've still got an exciting episode for you. We sat down with Bryan Cantrill, CTO of Joyent, to talk about a wide variety of topics: dtrace, ZFS, pkgsrc, containers and much more. This is easily our longest interview to date!\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Bryan Cantrill - bryan@joyent.com / @bcantrill\n\nBSD and Solaris history, illumos, dtrace, Joyent, pkgsrc, various topics (and rants)\n\n\n\nFeedback/Questions\n\n\nRandy writes in\nJared writes in\nSteve writes in\n***\n","content_html":"\u003cp\u003eAllan\u0026#39;s away at BSDCam this week, but we\u0026#39;ve still got an exciting episode for you. We sat down with Bryan Cantrill, CTO of Joyent, to talk about a wide variety of topics: dtrace, ZFS, pkgsrc, containers and much more. This is easily our longest interview to date!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Bryan Cantrill - \u003ca href=\"mailto:bryan@joyent.com\" rel=\"nofollow\"\u003ebryan@joyent.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/bcantrill\" rel=\"nofollow\"\u003e@bcantrill\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD and Solaris history, illumos, dtrace, Joyent, pkgsrc, various topics (and rants)\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2b6dA7fAr\" rel=\"nofollow\"\u003eRandy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2vABMHiok\" rel=\"nofollow\"\u003eJared writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2194ADVUL\" rel=\"nofollow\"\u003eSteve writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Allan's away at BSDCam this week, but we've still got an exciting episode for you. We sat down with Bryan Cantrill, CTO of Joyent, to talk about a wide variety of topics: dtrace, ZFS, pkgsrc, containers and much more. This is easily our longest interview to date!","date_published":"2015-08-19T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/227b2929-398f-4d82-b29d-80981ddcc4d7.mp3","mime_type":"audio/mpeg","size_in_bytes":86734228,"duration_in_seconds":7227}]},{"id":"e0de53ca-3dcf-4df7-a556-faa52c7788a7","title":"102: May Contain ZFS","url":"https://www.bsdnow.tv/102","content_text":"This week on the show, we'll be talking with Peter Toth. He's got a jail management system called \"iocage\" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD on Olimex RT5350F-OLinuXino\n\n\nIf you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it)\nIt's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM\nThis blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment\nIn part two of the series, he talks about the GPIO and how you can configure it\nPart three is still in the works, so check the site later on for further progress and info\n***\n\n\nThe modern OpenBSD home router\n\n\nIn a new series of blog posts, one guy takes you through the process of building an OpenBSD-based gateway for his home network\n\"It’s no secret that most consumer routers ship with software that’s flaky at best, and prohibitively insecure at worst\"\nArmed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless\nThis guide also covers PPP and IPv6, in case you have those requirements\nIn a similar but unrelated series, another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge\nHe also has a separate post for setting up an IPSEC VPN on the router\n***\n\n\nNetBSD at Open Source Conference 2015 Kansai\n\n\nThe Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference\nThey had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event\nLast time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k\nThey had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it\nAnd what conference would be complete without an LED-powered towel\n***\n\n\nOpenSSH 7.0 released\n\n\nThe OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code\nSSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled\nThe syntax for permitting root logins has been changed, and is now called \"prohibit-password\" instead of \"without-password\" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now\nIf you're using an older configuration file, the \"without-password\" option still works, so no change is required\nYou can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications\nVarious bug fixes and documentation improvements are also included\nAside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users\nIn the next release, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled\n***\n\n\nInterview - Peter Toth - peter.toth198@gmail.com / @pannonp\n\nContainment with iocage\n\n\n\nNews Roundup\n\nMore c2k15 reports\n\n\nA few more hackathon reports from c2k15 in Calgary are still slowly trickling in\nAlexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things)\nHe also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging\nRenato Westphal sent in a report of his very first hackathon\nHe finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network\nPhilip Guenther also wrote in, getting some very technical and low-level stuff done at the hackathon\nHis report opens with \"First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking.\" - not exactly beginner stuff\nThere were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well\n***\n\n\nFreeBSD jails, the hard way\n\n\nAs you learned from our interview this week, there's quite a selection of tools available to manage your jails\nThis article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf\nUnlike with iocage, ZFS isn't actually a requirement for this method\nIf you are using it, though, you can make use of snapshots for making template jails\n***\n\n\nOpenSSH hardware tokens\n\n\nWe've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client and server?\nThis blog post will show you how to use a hardware token as a second authentication factor, for the \"something you know, something you have\" security model\nIt takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd\nMost of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too\n***\n\n\nLibreSSL 2.2.2 released\n\n\nThe LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes\nAt the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more\nSSLv3 support was removed from the \"openssl\" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely\nVarious other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc\nIt'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well\n***\n\n\nFeedback/Questions\n\n\nJames writes in\nStuart writes in\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ll be talking with Peter Toth. He\u0026#39;s got a jail management system called \u0026quot;iocage\u0026quot; that\u0026#39;s been getting pretty popular recently. Have we finally found a replacement for ezjail? We\u0026#39;ll see how it stacks up.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bidouilliste.com/blog/2015/07/22/FreeBSD-on-Olimex-RT5350F-OLinuXino\" rel=\"nofollow\"\u003eFreeBSD on Olimex RT5350F-OLinuXino\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you haven\u0026#39;t heard of the RT5350F-OLinuXino-EVB, you\u0026#39;re not alone (actually, we probably couldn\u0026#39;t even remember the name if we did know about it)\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM\u003c/li\u003e\n\u003cli\u003eThis blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"https://www.bidouilliste.com/blog/2015/07/24/FreeBSD-on-Olimex-RT5350F-OLinuXino-Part-2\" rel=\"nofollow\"\u003epart two of the series\u003c/a\u003e, he talks about the GPIO and how you can configure it\u003c/li\u003e\n\u003cli\u003ePart three is still in the works, so check the site later on for further progress and info\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.azabani.com/2015/08/06/modern-openbsd-home-router.html\" rel=\"nofollow\"\u003eThe modern OpenBSD home router\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn a new series of blog posts, one guy takes you through the process of building an \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eOpenBSD-based gateway\u003c/a\u003e for his home network\u003c/li\u003e\n\u003cli\u003e\u0026quot;It’s no secret that most consumer routers ship with software that’s flaky at best, and prohibitively insecure at worst\u0026quot;\u003c/li\u003e\n\u003cli\u003eArmed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless\u003c/li\u003e\n\u003cli\u003eThis guide also covers PPP and IPv6, in case you have those requirements\u003c/li\u003e\n\u003cli\u003eIn a \u003ca href=\"http://jaytongarnett.blogspot.com/2015/07/openbsd-router-bt-home-hub-5-replacement.html\" rel=\"nofollow\"\u003esimilar but unrelated series\u003c/a\u003e, another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge\u003c/li\u003e\n\u003cli\u003eHe also has \u003ca href=\"http://jaytongarnett.blogspot.com/2015/08/openbsd-l2tpipsec-vpn-works-with.html\" rel=\"nofollow\"\u003ea separate post\u003c/a\u003e for setting up an IPSEC VPN on the router\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/08/10/msg000691.html\" rel=\"nofollow\"\u003eNetBSD at Open Source Conference 2015 Kansai\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference\u003c/li\u003e\n\u003cli\u003eThey had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event\u003c/li\u003e\n\u003cli\u003eLast time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k\u003c/li\u003e\n\u003cli\u003eThey had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it\u003c/li\u003e\n\u003cli\u003eAnd what conference would be complete without an LED-powered towel\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034289.html\" rel=\"nofollow\"\u003eOpenSSH 7.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code\u003c/li\u003e\n\u003cli\u003eSSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled\u003c/li\u003e\n\u003cli\u003eThe syntax for permitting root logins has been changed, and is now called \u0026quot;prohibit-password\u0026quot; instead of \u0026quot;without-password\u0026quot; (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re using an older configuration file, the \u0026quot;without-password\u0026quot; option still works, so no change is required\u003c/li\u003e\n\u003cli\u003eYou can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications\u003c/li\u003e\n\u003cli\u003eVarious bug fixes and documentation improvements are also included\u003c/li\u003e\n\u003cli\u003eAside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users\u003c/li\u003e\n\u003cli\u003eIn the \u003cem\u003enext release\u003c/em\u003e, even more deprecation is planned: RSA keys will be refused if they\u0026#39;re under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Peter Toth - \u003ca href=\"mailto:peter.toth198@gmail.com\" rel=\"nofollow\"\u003epeter.toth198@gmail.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/pannonp\" rel=\"nofollow\"\u003e@pannonp\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eContainment with \u003ca href=\"https://github.com/iocage/iocage\" rel=\"nofollow\"\u003eiocage\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150809105132\" rel=\"nofollow\"\u003eMore c2k15 reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA few more hackathon reports from c2k15 in Calgary are still slowly trickling in\u003c/li\u003e\n\u003cli\u003eAlexander Bluhm\u0026#39;s up first, and he continued improving OpenBSD\u0026#39;s regression test suite (this ensures that no changes accidentally break existing things)\u003c/li\u003e\n\u003cli\u003eHe also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging\u003c/li\u003e\n\u003cli\u003eRenato Westphal \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150811171006\" rel=\"nofollow\"\u003esent in a report\u003c/a\u003e of his very first hackathon\u003c/li\u003e\n\u003cli\u003eHe finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network\u003c/li\u003e\n\u003cli\u003ePhilip Guenther \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150809165912\" rel=\"nofollow\"\u003ealso wrote in\u003c/a\u003e, getting some very technical and low-level stuff done at the hackathon\u003c/li\u003e\n\u003cli\u003eHis report opens with \u0026quot;First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking.\u0026quot; - not exactly beginner stuff\u003c/li\u003e\n\u003cli\u003eThere were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://clinta.github.io/freebsd-jails-the-hard-way\" rel=\"nofollow\"\u003eFreeBSD jails, the hard way\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs you learned from our interview this week, there\u0026#39;s quite a selection of tools available to manage your jails\u003c/li\u003e\n\u003cli\u003eThis article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf\u003c/li\u003e\n\u003cli\u003eUnlike with iocage, ZFS isn\u0026#39;t actually a requirement for this method\u003c/li\u003e\n\u003cli\u003eIf you are using it, though, you can make use of snapshots for making template jails\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tancsa.com/mdtblog/?p=73\" rel=\"nofollow\"\u003eOpenSSH hardware tokens\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client \u003cem\u003eand\u003c/em\u003e server?\u003c/li\u003e\n\u003cli\u003eThis blog post will show you how to use a hardware token as a second authentication factor, for the \u0026quot;something you know, something you have\u0026quot; security model\u003c/li\u003e\n\u003cli\u003eIt takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd\u003c/li\u003e\n\u003cli\u003eMost of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt\" rel=\"nofollow\"\u003eLibreSSL 2.2.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes\u003c/li\u003e\n\u003cli\u003eAt the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don\u0026#39;t want in a crypto tool...) and much more\u003c/li\u003e\n\u003cli\u003eSSLv3 support was removed from the \u0026quot;openssl\u0026quot; command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it\u0026#39;ll be removed completely\u003c/li\u003e\n\u003cli\u003eVarious other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll be in 5.8 (due out earlier than usual) and it\u0026#39;s in the FreeBSD ports tree as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s216lrsVVd\" rel=\"nofollow\"\u003eJames writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20uGUHWLr\" rel=\"nofollow\"\u003eStuart writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we'll be talking with Peter Toth. He's got a jail management system called \"iocage\" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up.","date_published":"2015-08-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e0de53ca-3dcf-4df7-a556-faa52c7788a7.mp3","mime_type":"audio/mpeg","size_in_bytes":48985492,"duration_in_seconds":4082}]},{"id":"b0fef23d-9748-4e29-9419-eb23bd948f84","title":"101: I'll Fix Everything","url":"https://www.bsdnow.tv/101","content_text":"Coming up this week, we'll be talking with Adrian Chadd about an infamous reddit thread he made. With a title like \"what would you like to see in FreeBSD?\" and hundreds of responses, well, we've got a lot to cover...\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD, from distribution to project\n\n\nTed Unangst has yet another interesting blog post up, this time covering a bit of BSD history and some different phases OpenBSD has been through\nIt's the third part of his ongoing series of posts about OpenBSD removing large bits of code in favor of smaller replacements\nIn the earliest days, OpenBSD collected and maintained code from lots of other projects (Apache, lynx, perl..)\nAfter importing new updates every release cycle, they eventually hit a transitional phase - things were updated, but nothing new was imported\nWhen the need arose, instead of importing a known tool to do the job, homemade replacements (OpenNTPD, OpenBGPD, etc) were slowly developed\nIn more recent times, a lot of the imported code has been completely removed in favor of the homegrown daemons\nMore discussion on HN and reddit\n***\n\n\nRemote ZFS mirrors, the hard way\n\n\nBackups to \"the cloud\" have become a hot topic in recent years, but most of them require trade-offs between convenience and security\nYou have to trust (some of) the providers not to snoop on your data, but even the ones who allow you to locally encrypt files aren't without some compromise\nAs the author puts it: \"We don't need live synchronisation, cloud scaling, SLAs, NSAs, terms of service, lock-ins, buy-outs, up-sells, shut-downs, DoSs, fail whales, pay-us-or-we'll-deletes, or any of the noise that comes with using someone else's infrastructure.\"\nThis guide walks you through setting up a FreeBSD server with ZFS to do secure offsite backups yourself\nThe end result is an automatic system for incremental backups that's backed (pun intended) by ZFS\nIf you're serious about keeping your important data safe and sound, you'll want to give this one a read - lots of detailed instructions\n***\n\n\nVarious DragonFlyBSD updates\n\n\nThe DragonFly guys have been quite busy this week, making an assortment of improvements throughout the tree\nIntel ValleyView graphics support was finally committed to the main repository\nWhile on the topic of graphics, they've also issued a call for testing for a DRM update (matching Linux 3.16's and including some more Broadwell fixes)\nTheir base GCC compiler is also now upgraded to version 5.2\nIf your hardware supports it, DragonFly will now use an accelerated console by default\n***\n\n\nQuakeCon runs on OpenBSD\n\n\nQuakeCon, everyone's favorite event full of rocket launchers, recently gave a mini-tour of their network setup\nFor such a crazy network, unsurprisingly, they seem to be big fans of OpenBSD and PF\nIn this video interview, one of the sysadmins discusses why he chose OpenBSD, what he likes about it, different packet queueing systems, how their firewalls and servers are laid out and much more\nHe also talks about why they went with vanilla PF, writing their ruleset from the ground up rather than relying on a prebuilt solution\nThere's also some general networking talk about nginx, reverse proxies, caching, fiber links and all that good stuff\nFollow-up questions can be asked in this reddit thread\nThe host doesn't seem to be that familiar with the topics at hand, mentioning \"OpenPF\" multiple times among other things, so our listeners should get a kick out of it\n***\n\n\nInterview - Adrian Chadd - adrian@freebsd.org / @erikarn\n\nRethinking ways to improve FreeBSD\n\n\n\nNews Roundup\n\nCII contributes to OpenBSD\n\n\nIf you recall back to when we talked to the OpenBSD foundation, one of the things Ken mentioned was the Core Infrastructure Initiative\nIn a nutshell, it's an organization of security experts that helps facilitate (with money, in most cases) the advancement of the more critical open source components of the internet\nThe group is organized by the Linux foundation, and gets its multi-million dollar backing from various big companies in the technology space (and donations from volunteers) \nTo ensure that OpenBSD and its related projects (OpenSSH, LibreSSL and PF likely being the main ones here) remain healthy, they've just made a large donation to the foundation - this makes them the first \"platinum\" level donor as well\nWhile the exact amount wasn't disclosed, it was somewhere between $50,000 and $100,000\nThe donation comes less than a month after Microsoft's big donation, so it's good to see these large organizations helping out important open source projects that we depend on every day\n***\n\n\nAnother BSDCan report\n\n\nThe FreeBSD foundation is still getting trip reports from BSDCan, and this one comes from Mark Linimon\nIn his report, he mainly covers the devsummit and some discussion with the portmgr team\nOne notable change for the upcoming 10.2 release is that the default binary repository is now the quarterly branch - Mark talks a bit about this as well\nHe also gives his thoughts on using QEMU for cross-compiling packages and network performance testing\n***\n\n\nLumina 0.8.6 released\n\n\nThe PC-BSD team has released another version of Lumina, their BSD-licensed desktop environment\nThis is mainly a bugfix and performance improvement release, rather than one with lots of new features\nThe on-screen display widget should be much faster now, and the configuration now allows for easier selection of default applications (which browser, which terminal, etc)\nLots of non-English translation updates and assorted fixes are included as well\nIf you haven't given it a try yet, or maybe you're looking for a new window manager, Lumina runs on all the BSDs\n***\n\n\nMore c2k15 hackathon reports\n\n\nEven more reports from OpenBSD's latest hackathon are starting to pour in\nThe first one is from Alexandr Nedvedicky, one of their brand new developers (the guy from Oracle)\nHe talks about his experience going to a hackathon for the first time, and lays out some of the plans for integrating their (very large) SMP PF patch into OpenBSD\nSecond up is Andrew Fresh, who went without any specific plans, but still ended up getting some UTF8 work done\nOn the topic of ARMv7, \"I did enjoy being there when things weren't working so [Brandon Mercer] could futilely try to explain the problem to me (I wasn't much help with kernel memory layouts). Fortunately others overheard and provided words of encouragement and some help which was one of my favorite parts of attending this hackathon.\"\nFlorian Obser sent in a report that includes a little bit of everything: setting up the hackathon's network, relayd and httpd work, bidirectional forwarding detection, airplane stories and even lots of food\nPaul Irofti wrote in as well about his activities, which were mainly focused on the Octeon CPU architecture\nHe wrote a new driver for the onboard flash of a DSR-500 machine, which was built following the Common Flash Interface specification\nThis means that, going forward, OpenBSD will have out-of-the-box support for any flash memory device (often the case for MIPS and ARM-based embedded devices)\n***\n\n\nFeedback/Questions\n\n\nHamza writes in\nFlorian writes in\nDominik writes in\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be talking with Adrian Chadd about an infamous reddit thread he made. With a title like \u0026quot;what would you like to see in FreeBSD?\u0026quot; and hundreds of responses, well, we\u0026#39;ve got a lot to cover...\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/from-distribution-to-project\" rel=\"nofollow\"\u003eOpenBSD, from distribution to project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst has yet another interesting blog post up, this time covering a bit of BSD history and some different phases OpenBSD has been through\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s the third part of his \u003ca href=\"http://www.openbsd.org/papers/pruning.html\" rel=\"nofollow\"\u003eongoing\u003c/a\u003e \u003ca href=\"http://www.tedunangst.com/flak/post/out-with-the-old-in-with-the-less\" rel=\"nofollow\"\u003eseries\u003c/a\u003e of posts about OpenBSD removing large bits of code in favor of smaller replacements\u003c/li\u003e\n\u003cli\u003eIn the earliest days, OpenBSD collected and maintained code from lots of other projects (Apache, lynx, perl..)\u003c/li\u003e\n\u003cli\u003eAfter importing new updates every release cycle, they eventually hit a transitional phase - things were updated, but nothing new was imported\u003c/li\u003e\n\u003cli\u003eWhen the need arose, instead of importing a known tool to do the job, homemade replacements (OpenNTPD, OpenBGPD, etc) were slowly developed\u003c/li\u003e\n\u003cli\u003eIn more recent times, a lot of the imported code has been completely removed in favor of the homegrown daemons\u003c/li\u003e\n\u003cli\u003eMore discussion \u003ca href=\"https://news.ycombinator.com/item?id=9980373\" rel=\"nofollow\"\u003eon HN\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/openbsd/comments/3f9o19/from_distribution_to_project/\" rel=\"nofollow\"\u003eand reddit\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/hughobrien/zfs-remote-mirror\" rel=\"nofollow\"\u003eRemote ZFS mirrors, the hard way\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBackups to \u0026quot;the cloud\u0026quot; have become a hot topic in recent years, but most of them require trade-offs between convenience and security\u003c/li\u003e\n\u003cli\u003eYou have to trust (some of) the providers not to snoop on your data, but even the ones who allow you to locally encrypt files aren\u0026#39;t without some compromise\u003c/li\u003e\n\u003cli\u003eAs the author puts it: \u0026quot;We don\u0026#39;t need live synchronisation, cloud scaling, SLAs, NSAs, terms of service, lock-ins, buy-outs, up-sells, shut-downs, DoSs, fail whales, pay-us-or-we\u0026#39;ll-deletes, or any of the noise that comes with using someone else\u0026#39;s infrastructure.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis guide walks you through setting up a FreeBSD server with ZFS to do secure offsite backups yourself\u003c/li\u003e\n\u003cli\u003eThe end result is an automatic system for incremental backups that\u0026#39;s backed (pun intended) by ZFS\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re serious about keeping your important data safe and sound, you\u0026#39;ll want to give this one a read - lots of detailed instructions\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-July/419064.html\" rel=\"nofollow\"\u003eVarious DragonFlyBSD updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe DragonFly guys have been quite busy this week, making an assortment of improvements throughout the tree\u003c/li\u003e\n\u003cli\u003eIntel ValleyView graphics support was finally committed to the main repository\u003c/li\u003e\n\u003cli\u003eWhile on the topic of graphics, they\u0026#39;ve also issued \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-July/207923.html\" rel=\"nofollow\"\u003ea call for testing\u003c/a\u003e for a DRM update (matching Linux 3.16\u0026#39;s and including some more Broadwell fixes)\u003c/li\u003e\n\u003cli\u003eTheir base GCC compiler is also now \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-July/419045.html\" rel=\"nofollow\"\u003eupgraded to version 5.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf your hardware supports it, DragonFly will now \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-July/419070.html\" rel=\"nofollow\"\u003euse an accelerated console by default\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://youtu.be/mOv62lBdlXU?t=292\" rel=\"nofollow\"\u003eQuakeCon runs on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://en.wikipedia.org/wiki/QuakeCon\" rel=\"nofollow\"\u003eQuakeCon\u003c/a\u003e, everyone\u0026#39;s favorite event full of rocket launchers, recently gave a mini-tour of their network setup\u003c/li\u003e\n\u003cli\u003eFor such a crazy network, unsurprisingly, they seem to be big fans of OpenBSD and PF\u003c/li\u003e\n\u003cli\u003eIn this video interview, one of the sysadmins discusses why he chose OpenBSD, what he likes about it, different packet queueing systems, how their firewalls and servers are laid out and much more\u003c/li\u003e\n\u003cli\u003eHe also talks about why they went with vanilla PF, writing their ruleset from the ground up rather than relying on a prebuilt solution\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also some general networking talk about nginx, reverse proxies, caching, fiber links and all that good stuff\u003c/li\u003e\n\u003cli\u003eFollow-up questions can be asked in \u003ca href=\"https://www.reddit.com/r/BSD/comments/3f43fh/bsd_runs_quakecon/\" rel=\"nofollow\"\u003ethis reddit thread\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe host doesn\u0026#39;t seem to be that familiar with the topics at hand, mentioning \u0026quot;OpenPF\u0026quot; multiple times among other things, so our listeners should get a kick out of it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Adrian Chadd - \u003ca href=\"mailto:adrian@freebsd.org\" rel=\"nofollow\"\u003eadrian@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/erikarn\" rel=\"nofollow\"\u003e@erikarn\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eRethinking \u003ca href=\"https://www.reddit.com/r/freebsd/comments/3d80vt\" rel=\"nofollow\"\u003eways to improve FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150804161939\" rel=\"nofollow\"\u003eCII contributes to OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you recall back to \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2\" rel=\"nofollow\"\u003ewhen we talked to the OpenBSD foundation\u003c/a\u003e, one of the things Ken mentioned was the \u003ca href=\"https://www.coreinfrastructure.org\" rel=\"nofollow\"\u003eCore Infrastructure Initiative\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"https://www.coreinfrastructure.org/faq\" rel=\"nofollow\"\u003ea nutshell\u003c/a\u003e, it\u0026#39;s an organization of security experts that helps facilitate (with money, in most cases) the advancement of the more critical open source components of the internet\u003c/li\u003e\n\u003cli\u003eThe group is organized by the Linux foundation, and gets its multi-million dollar backing from various big companies in the technology space (and donations from volunteers) \u003c/li\u003e\n\u003cli\u003eTo ensure that OpenBSD and its related projects (OpenSSH, LibreSSL and PF likely being the main ones here) remain healthy, they\u0026#39;ve just made a large donation to the foundation - this makes them \u003ca href=\"http://www.openbsdfoundation.org/contributors.html\" rel=\"nofollow\"\u003ethe first\u003c/a\u003e \u0026quot;platinum\u0026quot; level donor as well\u003c/li\u003e\n\u003cli\u003eWhile the exact amount wasn\u0026#39;t disclosed, it was somewhere between $50,000 and $100,000\u003c/li\u003e\n\u003cli\u003eThe donation comes less than a month after \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150708134520\" rel=\"nofollow\"\u003eMicrosoft\u0026#39;s big donation\u003c/a\u003e, so it\u0026#39;s good to see these large organizations helping out important open source projects that we depend on every day\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/07/bsdcan-2015-trip-report-mark-linimon.html\" rel=\"nofollow\"\u003eAnother BSDCan report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation is still getting trip reports from BSDCan, and this one comes from Mark Linimon\u003c/li\u003e\n\u003cli\u003eIn his report, he mainly covers the devsummit and some discussion with the portmgr team\u003c/li\u003e\n\u003cli\u003eOne notable change for the upcoming 10.2 release is that the default binary repository is now the quarterly branch - Mark talks a bit about this as well\u003c/li\u003e\n\u003cli\u003eHe also gives his thoughts on using \u003ca href=\"http://www.bsdnow.tv/episodes/2015_03_04-just_add_qemu\" rel=\"nofollow\"\u003eQEMU for cross-compiling packages\u003c/a\u003e and network performance testing\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/08/lumina-desktop-0-8-6-released/\" rel=\"nofollow\"\u003eLumina 0.8.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe PC-BSD team has released another version of \u003ca href=\"http://www.lumina-desktop.org/\" rel=\"nofollow\"\u003eLumina\u003c/a\u003e, their BSD-licensed desktop environment\u003c/li\u003e\n\u003cli\u003eThis is mainly a bugfix and performance improvement release, rather than one with lots of new features\u003c/li\u003e\n\u003cli\u003eThe on-screen display widget should be much faster now, and the configuration now allows for easier selection of default applications (which browser, which terminal, etc)\u003c/li\u003e\n\u003cli\u003eLots of non-English translation updates and assorted fixes are included as well\u003c/li\u003e\n\u003cli\u003eIf you haven\u0026#39;t given it a try yet, or maybe you\u0026#39;re looking for a new window manager, Lumina runs on all the BSDs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150730180506\" rel=\"nofollow\"\u003eMore c2k15 hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEven more reports from OpenBSD\u0026#39;s latest hackathon are starting to pour in\u003c/li\u003e\n\u003cli\u003eThe first one is from Alexandr Nedvedicky, one of their brand new developers (the guy from Oracle)\u003c/li\u003e\n\u003cli\u003eHe talks about his experience going to a hackathon for the first time, and lays out some of the plans for integrating their (very large) SMP PF patch into OpenBSD\u003c/li\u003e\n\u003cli\u003eSecond up \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150731191156\u0026mode=flat\" rel=\"nofollow\"\u003eis Andrew Fresh\u003c/a\u003e, who went without any specific plans, but still ended up getting some UTF8 work done\u003c/li\u003e\n\u003cli\u003eOn the topic of ARMv7, \u0026quot;I did enjoy being there when things weren\u0026#39;t working so [Brandon Mercer] could futilely try to explain the problem to me (I wasn\u0026#39;t much help with kernel memory layouts). Fortunately others overheard and provided words of encouragement and some help which was one of my favorite parts of attending this hackathon.\u0026quot;\u003c/li\u003e\n\u003cli\u003eFlorian Obser sent in a report that includes \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150805151453\" rel=\"nofollow\"\u003ea little bit of everything\u003c/a\u003e: setting up the hackathon\u0026#39;s network, relayd and httpd work, bidirectional forwarding detection, airplane stories and even lots of food\u003c/li\u003e\n\u003cli\u003ePaul Irofti \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150801100002\u0026mode=flat\" rel=\"nofollow\"\u003ewrote in as well\u003c/a\u003e about his activities, which were mainly focused on the Octeon CPU architecture\u003c/li\u003e\n\u003cli\u003eHe wrote a new driver for the onboard flash of a DSR-500 machine, which was built following the Common Flash Interface specification\u003c/li\u003e\n\u003cli\u003eThis means that, going forward, OpenBSD will have out-of-the-box support for any flash memory device (often the case for MIPS and ARM-based embedded devices)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s205kqTEIj\" rel=\"nofollow\"\u003eHamza writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ogIP6cEf\" rel=\"nofollow\"\u003eFlorian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s214xE9ulK\" rel=\"nofollow\"\u003eDominik writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be talking with Adrian Chadd about an infamous reddit thread he made. With a title like \"what would you like to see in FreeBSD?\" and hundreds of responses, well, we've got a lot to cover...","date_published":"2015-08-05T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b0fef23d-9748-4e29-9419-eb23bd948f84.mp3","mime_type":"audio/mpeg","size_in_bytes":67071892,"duration_in_seconds":5589}]},{"id":"06d71c41-6630-4fa3-8cd3-46e35a9a535c","title":"100: Straight from the Src","url":"https://www.bsdnow.tv/100","content_text":"We've finally reached a hundred episodes, and this week we'll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it!\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nRemote DoS in the TCP stack\n\n\nA pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections\nWhile in the LAST_ACK state, which is one of the final stages of a connection's lifetime, the connection can get stuck and hang there indefinitely\nThis problem has a slightly confusing history that involves different fixes at different points in time from different people\nJuniper originally discovered the bug and announced a fix for their proprietary networking gear on June 8th\nOn June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch, but did not issue a security notice or MFC the fix back to the -stable branches\nOn July 13th, two weeks later, OpenBSD fixed the issue in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found\nImmediately afterwards, they merged it back to -stable and issued an errata notice for 5.7 and 5.6\nOn July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix and issued a security notice for the problem (which didn't include the first fix)\nAfter the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way\nNetBSD confirmed they were vulnerable too, and applied another completely different fix to -current on July 24th, but haven't released a security notice yet\nDragonFly is also investigating the issue now to see if they're affected as well\n***\n\n\nc2k15 hackathon reports\n\n\nReports from OpenBSD's latest hackathon, held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these)\nThe first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event\nHe writes, \"Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say, in ksh, to the definition of the \"command\" built-in command - and had to step through dozens of false positives with the less '/' and 'n' search keys before you finally found the actual definition?\"\nWith mandoc's new internal jump targets, this is a problem of the past now\nJasper also sent in a report, doing his usual work with Puppet (and specifically \"Facter,\" a tool used by Puppet to gather various bits of system information)\nAside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an \"-i\" flag for sed (hooray!)\nAntoine Jacoutot gave a report on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services)\nIt now has an \"ls\" subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this \"the poor man's service monitoring tool\")\nHe also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example)\nHis list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades\nFoundation director Ken Westerback was also there, getting some disk-related and laptop work done\nHe cleaned up and committed the 4k sector softraid code that he'd been working on, as well as fixing some trackpad issues\nStefan Sperling, OpenBSD's token \"wireless guy,\" had a lot to say about the hackathon and what he did there (and even sent in his write-up before he got home)\nHe taught tcpdump about some new things, including 802.11n metadata beacons (there's a lot more specific detail about this one in the report)\nBringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work\nOne quote from Stefan's report that a lot of people seem to be talking about: \"Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We'll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year.\"\nJeremy Evans wrote in to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem\nWhile he's mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon\nRafael Zalamena, who got commit access at the event, gives his very first report on his networking-related hackathon activities\nWith Rafael's diffs and help from a couple other developers, OpenBSD now has support for VPLS\nJonathan Gray got a lot done in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code\nAs he's become somewhat known for, Jonathan was also busy running three things in the background: clang's fuzzer, cppcheck and AFL (looking for any potential crashes to fix)\nMartin Pieuchot gave an write-up on his experience: \"I always though that hackathons were the best place to write code, but what's even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that's what I did.\"\nHe laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack\nUnfortunately, most of Martin's secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle\nWe're still eagerly awaiting a report from one of OpenBSD's newest developers, Alexandr Nedvedicky (the Oracle guy who's working on SMP PF and some other PF fixes)\nOpenBSD 5.8's \"beta\" status was recently reverted, with the message \"take that as a hint,\" so that may mean more big changes are still to come...\n***\n\n\nFreeBSD quarterly status report\n\n\nFreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far\nIt's broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others\nStarting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just \"svn.freebsd.org\") are now using GeoGNS with official SSL certs and general redundancy was increased\nIn the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages\nThe core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon\nWork also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012)\nThe report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support\nMultipath TCP was also a hot topic, and there's a brief summary of the current status on that patch (it will be available publicly soon)\nZFSguru, a project we haven't talked about a lot, also gets some attention in the report - version 0.3 is set to be completed in early August\nPCIe hotplug support is also mentioned, though it's still in the development stages (basic hot-swap functions are working though)\nThe official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling\nVarious other small updates on specific areas of ports (KDE, XFCE, X11...) are also included in the report\nDocumentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot\nMany other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more\n***\n\n\nThe OpenSSH bug that wasn't\n\n\nThere's been a lot of discussion about a supposed flaw in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even)\nThere's no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections\nFreeBSD in its default configuration, with PAM and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem - not upstream OpenSSH, nor any of the other BSDs, and not even the majority of Linux distros\nIf you disable all forms of authentication except public keys, like you're supposed to, then this is also not a big deal for FreeBSD systems\nRealistically speaking, it's more of a PAM bug than anything else\nOpenSSH added an additional check for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update)\n***\n\n\nInterview - Sebastian Wiedenroth - wiedi@netbsd.org / @wied0r\n\npkgsrc and pkgsrcCon\n\n\n\nNews Roundup\n\nNow served by OpenBSD\n\n\nWe've mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it\nThe use case for the author was for a webserver, so he decided to try out the httpd in base\nConfiguration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting\nTLS 1.2 by default, strong ciphers with LibreSSL and HSTS combined give you a pretty secure web server\n***\n\n\nFreeBSD laptop playbooks\n\n\nA new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named \"freebsd-laptops\"\nIt's based on ansible, and uses the playbook format for automatic set up and configuration\nRight now, it's only working on a single Lenovo laptop, but the plan is to add instructions for many more models\nCheck the Github page for instructions on how to get started, and maybe get involved if you're running FreeBSD on a laptop\n***\n\n\nNetBSD on the NVIDIA Jetson TK1\n\n\nIf you've never heard of the Jetson TK1, we can go ahead and spoil the secret here: NetBSD runs on it\nAs for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE\nThis blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything)\nYou can even run X11 on it, pretty sweet\n***\n\n\nDragonFly power mangement options\n\n\nDragonFly developer Sepherosa, who we've had on the show, has been doing some ACPI work over there\nIn this email, he presents some of DragonFly's different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well\nHe also did some testing with each of them and gave his findings about power saving\nIf you've been thinking about running DragonFly on a laptop, this would be a good one to read\n***\n\n\nOpenBSD router under FreeBSD bhyve\n\n\nIf one BSD just isn't enough for you, and you've only got one machine, why not run two at once\nThis article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it\nIf you've been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware\nThe author also includes a little bit of history on how he got into both operating systems\nThere are lots of mixed opinions about virtualizing core network components, so we'll leave it up to you to do your research\nOf course, the next logical step is to put that bhyve host under Xen on NetBSD...\n***\n\n\nFeedback/Questions\n\n\nKevin writes in\nLogan writes in\nPeter writes in\nRandy writes in\n***\n","content_html":"\u003cp\u003eWe\u0026#39;ve finally reached a hundred episodes, and this week we\u0026#39;ll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it!\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.team-cymru.org/2015/07/another-day-another-patch/\" rel=\"nofollow\"\u003eRemote DoS in the TCP stack\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing \u003cem\u003eremote\u003c/em\u003e attackers to exhaust the resources of a system with nothing more than TCP connections\u003c/li\u003e\n\u003cli\u003eWhile in the LAST_ACK state, which is one of the final stages of a connection\u0026#39;s lifetime, the connection can get stuck and hang there indefinitely\u003c/li\u003e\n\u003cli\u003eThis problem has a slightly confusing history that involves different fixes at different points in time from different people\u003c/li\u003e\n\u003cli\u003eJuniper originally discovered the bug and \u003ca href=\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10686\" rel=\"nofollow\"\u003eannounced a fix\u003c/a\u003e for their proprietary networking gear on June 8th\u003c/li\u003e\n\u003cli\u003eOn June 29th, FreeBSD caught wind of it and fixed the bug \u003ca href=\"https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch\u0026r1=284941\u0026r2=284940\u0026pathrev=284941\" rel=\"nofollow\"\u003ein their -current branch\u003c/a\u003e, but did not issue a security notice or MFC the fix back to the -stable branches\u003c/li\u003e\n\u003cli\u003eOn July 13th, two weeks later, OpenBSD \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143682919807388\u0026w=2\" rel=\"nofollow\"\u003efixed the issue\u003c/a\u003e in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found\u003c/li\u003e\n\u003cli\u003eImmediately afterwards, they merged it back to -stable and issued \u003ca href=\"http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig\" rel=\"nofollow\"\u003ean errata notice\u003c/a\u003e for 5.7 and 5.6\u003c/li\u003e\n\u003cli\u003eOn July 21st, three weeks after their original fix, FreeBSD committed \u003ca href=\"https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch\u0026r1=285777\u0026r2=285776\u0026pathrev=285777\" rel=\"nofollow\"\u003eyet another slightly different fix\u003c/a\u003e and issued \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html\" rel=\"nofollow\"\u003ea security notice\u003c/a\u003e for the problem (which didn\u0026#39;t include the first fix)\u003c/li\u003e\n\u003cli\u003eAfter the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way\u003c/li\u003e\n\u003cli\u003eNetBSD confirmed they were vulnerable too, and \u003ca href=\"http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_output.c.diff?r1=1.183\u0026r2=1.184\u0026only_with_tag=MAIN\" rel=\"nofollow\"\u003eapplied another completely different fix\u003c/a\u003e to -current on July 24th, but haven\u0026#39;t released a security notice yet\u003c/li\u003e\n\u003cli\u003eDragonFly is also investigating the issue now to see if they\u0026#39;re affected as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150721180312\u0026mode=flat\" rel=\"nofollow\"\u003ec2k15 hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eReports from OpenBSD\u0026#39;s latest \u003ca href=\"http://www.openbsd.org/hackathons.html\" rel=\"nofollow\"\u003ehackathon\u003c/a\u003e, held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these)\u003c/li\u003e\n\u003cli\u003eThe first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event\u003c/li\u003e\n\u003cli\u003eHe writes, \u0026quot;Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say, in ksh, to the definition of the \u0026quot;command\u0026quot; built-in command - and had to step through dozens of false positives with the less \u0026#39;/\u0026#39; and \u0026#39;n\u0026#39; search keys before you finally found the actual definition?\u0026quot;\u003c/li\u003e\n\u003cli\u003eWith mandoc\u0026#39;s new internal jump targets, this is a problem of the past now\u003c/li\u003e\n\u003cli\u003eJasper \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150723124332\u0026mode=flat\" rel=\"nofollow\"\u003ealso sent in a report\u003c/a\u003e, doing his usual work with Puppet (and specifically \u0026quot;Facter,\u0026quot; a tool used by Puppet to gather various bits of system information)\u003c/li\u003e\n\u003cli\u003eAside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an \u0026quot;-i\u0026quot; flag for sed (hooray!)\u003c/li\u003e\n\u003cli\u003eAntoine Jacoutot \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150722205349\u0026mode=flat\" rel=\"nofollow\"\u003egave a report\u003c/a\u003e on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services)\u003c/li\u003e\n\u003cli\u003eIt now has an \u0026quot;ls\u0026quot; subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this \u0026quot;the poor man\u0026#39;s service monitoring tool\u0026quot;)\u003c/li\u003e\n\u003cli\u003eHe also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example)\u003c/li\u003e\n\u003cli\u003eHis list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades\u003c/li\u003e\n\u003cli\u003eFoundation director Ken Westerback \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150722105658\u0026mode=flat\" rel=\"nofollow\"\u003ewas also there\u003c/a\u003e, getting some disk-related and laptop work done\u003c/li\u003e\n\u003cli\u003eHe cleaned up and committed the 4k sector softraid code that he\u0026#39;d been working on, as well as fixing some trackpad issues\u003c/li\u003e\n\u003cli\u003eStefan Sperling, OpenBSD\u0026#39;s token \u0026quot;wireless guy,\u0026quot; had \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150722182236\u0026mode=flat\" rel=\"nofollow\"\u003ea lot to say\u003c/a\u003e about the hackathon and what he did there (and even sent in his write-up before he got home)\u003c/li\u003e\n\u003cli\u003eHe taught tcpdump about some new things, including 802.11n metadata beacons (there\u0026#39;s a lot more specific detail about this one in the report)\u003c/li\u003e\n\u003cli\u003eBringing \u003cem\u003ea bag full of USB wireless devices\u003c/em\u003e with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work\u003c/li\u003e\n\u003cli\u003eOne quote from Stefan\u0026#39;s report that a lot of people seem to be talking about: \u0026quot;Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We\u0026#39;ll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year.\u0026quot;\u003c/li\u003e\n\u003cli\u003eJeremy Evans \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150725180527\u0026mode=flat\" rel=\"nofollow\"\u003ewrote in\u003c/a\u003e to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem\u003c/li\u003e\n\u003cli\u003eWhile he\u0026#39;s mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon\u003c/li\u003e\n\u003cli\u003eRafael Zalamena, who got commit access at the event, \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150725183439\u0026mode=flat\" rel=\"nofollow\"\u003egives his very first report\u003c/a\u003e on his networking-related hackathon activities\u003c/li\u003e\n\u003cli\u003eWith Rafael\u0026#39;s diffs and help from a couple other developers, OpenBSD now has support for \u003ca href=\"https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service\" rel=\"nofollow\"\u003eVPLS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJonathan Gray \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150728184743\u0026mode=flat\" rel=\"nofollow\"\u003egot a lot done\u003c/a\u003e in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code\u003c/li\u003e\n\u003cli\u003eAs he\u0026#39;s become somewhat known for, Jonathan was also busy running three things in the background: clang\u0026#39;s fuzzer, cppcheck and AFL (looking for any potential crashes to fix)\u003c/li\u003e\n\u003cli\u003eMartin Pieuchot \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150724183210\u0026mode=flat\" rel=\"nofollow\"\u003egave an write-up\u003c/a\u003e on his experience: \u0026quot;I always though that hackathons were the best place to write code, but what\u0026#39;s even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that\u0026#39;s what I did.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack\u003c/li\u003e\n\u003cli\u003eUnfortunately, most of Martin\u0026#39;s secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;re still eagerly awaiting a report from one of OpenBSD\u0026#39;s \u003ca href=\"https://twitter.com/phessler/status/623291827878137856\" rel=\"nofollow\"\u003enewest developers\u003c/a\u003e, Alexandr Nedvedicky (the Oracle guy who\u0026#39;s working on SMP PF and some other PF fixes)\u003c/li\u003e\n\u003cli\u003eOpenBSD 5.8\u0026#39;s \u0026quot;beta\u0026quot; status was recently \u003cstrong\u003ereverted\u003c/strong\u003e, with the message \u0026quot;\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143766883514831\u0026w=2\" rel=\"nofollow\"\u003etake that as a hint\u003c/a\u003e,\u0026quot; so that may mean more big changes are still to come...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2015-04-2015-06.html\" rel=\"nofollow\"\u003eFreeBSD quarterly status report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others\u003c/li\u003e\n\u003cli\u003eStarting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just \u0026quot;svn.freebsd.org\u0026quot;) are now using GeoGNS with official SSL certs and general redundancy was increased\u003c/li\u003e\n\u003cli\u003eIn the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages\u003c/li\u003e\n\u003cli\u003eThe core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon\u003c/li\u003e\n\u003cli\u003eWork also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012)\u003c/li\u003e\n\u003cli\u003eThe report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support\u003c/li\u003e\n\u003cli\u003eMultipath TCP was also a hot topic, and there\u0026#39;s a brief summary of the current status on that patch (it will be available publicly soon)\u003c/li\u003e\n\u003cli\u003eZFSguru, a project we haven\u0026#39;t talked about a lot, also gets some attention in the report - version 0.3 is set to be completed in early August\u003c/li\u003e\n\u003cli\u003ePCIe hotplug support is also mentioned, though it\u0026#39;s still in the development stages (basic hot-swap functions are working though)\u003c/li\u003e\n\u003cli\u003eThe official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling\u003c/li\u003e\n\u003cli\u003eVarious other small updates on specific areas of ports (KDE, XFCE, X11...) are also included in the report\u003c/li\u003e\n\u003cli\u003eDocumentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot\u003c/li\u003e\n\u003cli\u003eMany other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2015/07/the-openssh-bug-that-wasnt.html\" rel=\"nofollow\"\u003eThe OpenSSH bug that wasn\u0026#39;t\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere\u0026#39;s been a lot of \u003ca href=\"https://www.marc.info/?t=143766048000005\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003ediscussion\u003c/a\u003e about \u003ca href=\"https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/\" rel=\"nofollow\"\u003ea supposed flaw\u003c/a\u003e in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even)\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s no actual \u003cem\u003eexploit\u003c/em\u003e to speak of; this bug would only help someone get more bruteforce tries in with a \u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-July/034209.html\" rel=\"nofollow\"\u003efewer number of connections\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeBSD in its default configuration, with \u003ca href=\"https://en.wikipedia.org/wiki/Pluggable_authentication_module\" rel=\"nofollow\"\u003ePAM\u003c/a\u003e and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem - \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=143767296016252\u0026w=2\" rel=\"nofollow\"\u003enot upstream OpenSSH\u003c/a\u003e, nor any of the other BSDs, and not even the majority of Linux distros\u003c/li\u003e\n\u003cli\u003eIf you disable all forms of authentication except public keys, \u003ca href=\"https://stribika.github.io/2015/01/04/secure-secure-shell.html\" rel=\"nofollow\"\u003elike you\u0026#39;re supposed to\u003c/a\u003e, then this is also not a big deal for FreeBSD systems\u003c/li\u003e\n\u003cli\u003eRealistically speaking, it\u0026#39;s more of \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=143782167322500\u0026w=2\" rel=\"nofollow\"\u003ea PAM bug\u003c/a\u003e than anything else\u003c/li\u003e\n\u003cli\u003eOpenSSH \u003ca href=\"https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab\" rel=\"nofollow\"\u003eadded an additional check\u003c/a\u003e for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-July/000248.html\" rel=\"nofollow\"\u003erun freebsd-update\u003c/a\u003e)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Sebastian Wiedenroth - \u003ca href=\"mailto:wiedi@netbsd.org\" rel=\"nofollow\"\u003ewiedi@netbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/wied0r\" rel=\"nofollow\"\u003e@wied0r\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://en.wikipedia.org/wiki/Pkgsrc\" rel=\"nofollow\"\u003epkgsrc\u003c/a\u003e and \u003ca href=\"http://pkgsrc.org/pkgsrcCon/\" rel=\"nofollow\"\u003epkgsrcCon\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://tribaal.io/this-now-served-by-openbsd.html\" rel=\"nofollow\"\u003eNow served by OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it\u003c/li\u003e\n\u003cli\u003eThe use case for the author was for a webserver, so he decided to try out the httpd in base\u003c/li\u003e\n\u003cli\u003eConfiguration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting\u003c/li\u003e\n\u003cli\u003eTLS 1.2 by default, strong ciphers with LibreSSL and \u003ca href=\"https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\" rel=\"nofollow\"\u003eHSTS\u003c/a\u003e combined give you a pretty secure web server\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/sean-/freebsd-laptops\" rel=\"nofollow\"\u003eFreeBSD laptop playbooks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named \u0026quot;freebsd-laptops\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s based on ansible, and uses the playbook format for automatic set up and configuration\u003c/li\u003e\n\u003cli\u003eRight now, it\u0026#39;s only working on a single Lenovo laptop, but the plan is to add instructions for many more models\u003c/li\u003e\n\u003cli\u003eCheck the Github page for instructions on how to get started, and maybe get involved if you\u0026#39;re running FreeBSD on a laptop\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_on_the_nvidia_jetson\" rel=\"nofollow\"\u003eNetBSD on the NVIDIA Jetson TK1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve never heard of the \u003ca href=\"https://developer.nvidia.com/jetson-tk1\" rel=\"nofollow\"\u003eJetson TK1\u003c/a\u003e, we can go ahead and spoil the secret here: NetBSD runs on it\u003c/li\u003e\n\u003cli\u003eAs for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE\u003c/li\u003e\n\u003cli\u003eThis blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything)\u003c/li\u003e\n\u003cli\u003eYou can even run X11 on it, pretty sweet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-July/207911.html\" rel=\"nofollow\"\u003eDragonFly power mangement options\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly developer Sepherosa, who we\u0026#39;ve had on the show, has been doing some ACPI work over there\u003c/li\u003e\n\u003cli\u003eIn this email, he presents some of DragonFly\u0026#39;s different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well\u003c/li\u003e\n\u003cli\u003eHe also did some testing with each of them and gave his findings about power saving\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been thinking about running DragonFly on a laptop, this would be a good one to read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.quernus.co.uk/2015/07/27/openbsd-as-freebsd-router/\" rel=\"nofollow\"\u003eOpenBSD router under FreeBSD bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf one BSD just isn\u0026#39;t enough for you, and you\u0026#39;ve only got one machine, why not run two at once\u003c/li\u003e\n\u003cli\u003eThis article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware\u003c/li\u003e\n\u003cli\u003eThe author also includes a little bit of history on how he got into both operating systems\u003c/li\u003e\n\u003cli\u003eThere are lots of mixed opinions about virtualizing core network components, so we\u0026#39;ll leave it up to you to do your research\u003c/li\u003e\n\u003cli\u003eOf course, the next logical step is to put that bhyve host under Xen on NetBSD...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2yPVV5Wyp\" rel=\"nofollow\"\u003eKevin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21zcz9rut\" rel=\"nofollow\"\u003eLogan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21CRmiPwK\" rel=\"nofollow\"\u003ePeter writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s211zfIXff\" rel=\"nofollow\"\u003eRandy writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We've finally reached a hundred episodes, and this week we'll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it!","date_published":"2015-07-29T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/06d71c41-6630-4fa3-8cd3-46e35a9a535c.mp3","mime_type":"audio/mpeg","size_in_bytes":53030452,"duration_in_seconds":4419}]},{"id":"c234f2ea-9f17-4c25-bd28-db41586b32de","title":"99: BSD Gnow","url":"https://www.bsdnow.tv/99","content_text":"This week we'll be talking with Ryan Lortie and Baptiste Daroussin about GNOME on BSD. Upstream development is finally treating the BSDs as a first class citizen, so we'll hear about how the recent porting efforts have been since.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD presents tame\n\n\nTheo de Raadt sent out an email detailing OpenBSD's new \"tame\" subsystem, written by Nicholas Marriott and himself, for restricting what processes can and can't do\nWhen using tame, programs will switch to a \"restricted-service operating mode,\" limiting them to only the things they actually need to do\nAs for the background: \"Generally there are two models of operation. The first model requires a major rewrite of application software for effective use (ie. capsicum). The other model in common use lacks granularity, and allows or denies an operation throughout the entire lifetime of a process. As a result, they lack differentiation between program 'initialization' versus 'main servicing loop.' systrace had the same problem. My observation is that programs need a large variety of calls during initialization, but few in their main loops.\"\nSome initial categories of operation include: computation, memory management, read-write operations on file descriptors, opening of files and, of course, networking\nRestrictions can also be stacked further into the lifespan of the process, but removed abilities can never be regained (obviously)\nAnything that tries to access resources outside of its in-place limits gets terminated with a SIGKILL or, optionally, a SIGABRT (which can produce useful core dumps for investigation)\nAlso included are 29 examples of userland programs that get additional protection with very minimal changes to the source - only 2 or 3 lines needing changed in the case of binaries like cat, ps, dmesg, etc.\nThis is an initial work-in-progress version of tame, so there may be more improvements or further control options added before it hits a release (very specific access policies can sometimes backfire, however)\nThe man page, also included in the mail, provides some specifics about how to integrate tame properly into your code (which, by design, was made very easy to do - making it simple means third party programs are more likely to actually use it)\nKernel bits are in the tree now, with userland changes starting to trickle in too\nCombined with a myriad of memory protections, tight privilege separation and (above all else) good coding practices, tame should further harden the OpenBSD security fortress\nFurther discussion can be found in the usual places you'd expect\n***\n\n\nUsing Docker on FreeBSD\n\n\nWith the experimental Docker port landing in FreeBSD a few weeks ago, some initial docs are starting to show up\nThis docker is \"the real thing,\" and isn’t using a virtual machine as the backend - as such, it has some limitations\nThe FreeBSD wiki has a page detailing how it works in general, as well as more info about those limitations\nWhen running Linux containers, it will only work as well as the Linux ABI compat layer for your version of FreeBSD (11.0, or -CURRENT when we're recording this, is where all the action is for 64bit support)\nFor users on 10.X, there's also a FreeBSD container available, which allows you to use Docker as a fancy jail manager (it uses the jail subsystem internally)\nGive it a try, let us know how you find it to be compared to other solutions\n***\n\n\nOpenBSD imports doas, removes sudo\n\n\nOpenBSD has included the ubiquitous \"sudo\" utility for many years now, and the current maintainer of sudo (Todd C. Miller) is also a long-time OpenBSD dev\nThe version included in the base system was much smaller than the latest current version used elsewhere, but was based on older code\nSome internal discussion lead to the decision that sudo should probably be moved to ports now, where it can be updated easily and offer all the extra features that were missing in base (LDAP and whatnot)\nTed Unangst conjured up with a rewritten utility to replace it in the base system, dubbed \"do as,\" with the aim of being more simple and compact\nThere were concerns that sudo was too big and too complicated, and a quick 'n' dirty check reveals that doas is around 350 lines of code, while sudo is around 10,000 - which would you rather have as a setuid root binary?\nAfter the initial import, a number of developers began reviewing and improving various bits here and there\nYou can check out the code now if you're interested\nCommand usage and config syntax seem pretty straightforward\nMore discussion on HN\n***\n\n\nWhat would you like to see in FreeBSD\n\n\nAdrian Chadd started a reddit thread about areas in which FreeBSD could be improved, asking the community what they'd like to see\nThere are over 200 comments that span a wide range of topics, so we'll just cover a few of the more popular requests - check the very long thread if you're interested in more\nThe top comment says things don't \"just work,\" citing failover link aggregation of LACP laggs, PPPoE issues, disorganized jail configuration options, unclear CARP configuration and userland dtrace being unstable\nAnother common one was that there are three firewalls in the base system, with ipfilter and pf being kinda dead now - should they be removed, and more focus put into ipfw?\nVideo drivers also came up frequently, with users hoping for better OpenGL support and support for newer graphics cards from Intel and AMD - similar comments were made about wireless chipsets as well\nSome other replies included more clarity with pkgng output, paying more attention to security issues, updating PF to match the one in OpenBSD, improved laptop support, a graphical installer, LibreSSL in base, more focus on embedded MIPS devices, binary packages with different config options, steam support and lots more\nAt least one user suggested better \"marketing\" for FreeBSD, with more advocacy and (hopefully) more business adoption\nThat one really applies to all the BSDs, and regular users (that's you listening to this) can help make it happen for whichever ones you use right now\nMaybe Adrian can singlehandedly do all the work and make all the users happy\n***\n\n\nInterview - Ryan Lortie \u0026amp; Baptiste Daroussin\n\nPorting the latest GNOME code to FreeBSD\n\n\n\nNews Roundup\n\nIntroducing resflash\n\n\nIf you haven't heard of resflash before, it's \"a tool for building OpenBSD images for embedded and cloud environments in a programmatic, reproducible way\"\nOne of the major benefits to images like this is the read-only filesystem, so there's no possibility of filesystem corruption if power is lost\nThere's an optional read-write partition as well, used for any persistent changes you want to make\nYou can check out the source code on Github or read the main site for more info\n***\n\n\nJails with iocage\n\n\nThere are a growing number of FreeBSD jail management utilities: ezjail, cbsd, warden and a few others\nAfter looking at all the different choices, the author of this blog post eventually settled on iocage for the job\nThe post walks you through the basic configuration and usage of iocage for creating managing jails\nIf you've been unhappy with ezjail or some of the others, iocage might be worth giving a try instead (it also has really good ZFS integration)\n***\n\n\nDragonFly GPU improvements\n\n\nDragonFlyBSD continues to up their graphics game, this time with Intel's ValleyView series of CPUs\nThese GPUs are primarily used in the newer Atom CPUs and offer much better performance than the older ones\nA git branch was created to hold the fixes for now while the last remaining bugs get fixed\nFully-accelerated Broadwell support and an update to newer DRM code are also available in the git branch, and will be merged to the main tree after some testing\n***\n\n\nBranchless development\n\n\nTed Unangst has a new blog post up, talking about software branches and the effects of having (or not having) them\nHe covers integrating and merging code, and the versioning problems that can happen with multiple people contributing at once\n\"For an open source project, branching is counter intuitively antisocial. For instance, I usually tell people I’m running OpenBSD, but that’s kind of a lie. I’m actually running teduBSD, which is like OpenBSD but has some changes to make it even better. Of course, you can’t have teduBSD because I’m selfish. I’m also lazy, and only inclined to make my changes work for me, not everyone else.\"\nThe solution, according to him, is bringing all the code the developers are using closer together\nOne big benefit is that WIP code gets tested much faster (and bugs get fixed early on)\n***\n\n\nFeedback/Questions\n\n\nMatthew writes in\nChris writes in\nAnonymous writes in\nBill writes in\n***\n","content_html":"\u003cp\u003eThis week we\u0026#39;ll be talking with Ryan Lortie and Baptiste Daroussin about GNOME on BSD. Upstream development is finally treating the BSDs as a first class citizen, so we\u0026#39;ll hear about how the recent porting efforts have been since.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143725996614627\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD presents tame\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTheo de Raadt sent out an email detailing OpenBSD\u0026#39;s new \u0026quot;tame\u0026quot; subsystem, written by Nicholas Marriott and himself, for restricting what processes can and can\u0026#39;t do\u003c/li\u003e\n\u003cli\u003eWhen using tame, programs will switch to a \u0026quot;restricted-service operating mode,\u0026quot; limiting them to only the things they actually need to do\u003c/li\u003e\n\u003cli\u003eAs for the background: \u0026quot;Generally there are two models of operation. The first model requires a major rewrite of application software for effective use (ie. capsicum). The other model in common use lacks granularity, and allows or denies an operation throughout the entire lifetime of a process. As a result, they lack differentiation between program \u0026#39;initialization\u0026#39; versus \u0026#39;main servicing loop.\u0026#39; systrace had the same problem. My observation is that programs need a large variety of calls during initialization, but few in their main loops.\u0026quot;\u003c/li\u003e\n\u003cli\u003eSome initial categories of operation include: computation, memory management, read-write operations on file descriptors, opening of files and, of course, networking\u003c/li\u003e\n\u003cli\u003eRestrictions can also be stacked further into the lifespan of the process, but removed abilities can never be regained (obviously)\u003c/li\u003e\n\u003cli\u003eAnything that tries to access resources outside of its in-place limits gets terminated with a SIGKILL or, optionally, a SIGABRT (which can produce useful core dumps for investigation)\u003c/li\u003e\n\u003cli\u003eAlso included are 29 examples of userland programs that get additional protection with very minimal changes to the source - only 2 or 3 lines needing changed in the case of binaries like cat, ps, dmesg, etc.\u003c/li\u003e\n\u003cli\u003eThis is an initial work-in-progress version of tame, so there may be more improvements or \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143740834710502\u0026w=2\" rel=\"nofollow\"\u003efurther\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143741052411159\u0026w=2\" rel=\"nofollow\"\u003econtrol\u003c/a\u003e options added before it hits a release (very specific access policies can \u003ca href=\"https://forums.grsecurity.net/viewtopic.php?f=7\u0026t=2522\" rel=\"nofollow\"\u003esometimes backfire\u003c/a\u003e, however)\u003c/li\u003e\n\u003cli\u003eThe man page, also included in the mail, provides some specifics about how to integrate tame properly into your code (which, by design, was made very easy to do - making it simple means third party programs are more likely to \u003cem\u003eactually use it\u003c/em\u003e)\u003c/li\u003e\n\u003cli\u003eKernel bits are \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143727335416513\u0026w=2\" rel=\"nofollow\"\u003ein the tree now\u003c/a\u003e, with userland changes starting to trickle in too\u003c/li\u003e\n\u003cli\u003eCombined with a \u003ca href=\"http://www.bsdnow.tv/episodes/2015_05_13-exclusive_disjunction\" rel=\"nofollow\"\u003emyriad of memory protections\u003c/a\u003e, tight privilege separation and (above \u003ca href=\"https://en.wikipedia.org/wiki/OpenBSD_security_features\" rel=\"nofollow\"\u003eall else\u003c/a\u003e) good coding practices, tame should further harden the OpenBSD security fortress\u003c/li\u003e\n\u003cli\u003eFurther \u003ca href=\"https://news.ycombinator.com/item?id=9928221\" rel=\"nofollow\"\u003ediscussion\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/programming/comments/3dsr0t\" rel=\"nofollow\"\u003ecan\u003c/a\u003e \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150719000800\u0026mode=flat\" rel=\"nofollow\"\u003ebe\u003c/a\u003e \u003ca href=\"https://news.ycombinator.com/item?id=9909429\" rel=\"nofollow\"\u003efound\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/linux/comments/3ds66o\" rel=\"nofollow\"\u003ein\u003c/a\u003e \u003ca href=\"https://lobste.rs/s/tbbtfs\" rel=\"nofollow\"\u003ethe\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/openbsd/comments/3ds64c\" rel=\"nofollow\"\u003eusual\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/BSD/comments/3ds681\" rel=\"nofollow\"\u003eplaces\u003c/a\u003e you\u0026#39;d expect\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/Docker\" rel=\"nofollow\"\u003eUsing Docker on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith the experimental Docker port landing in FreeBSD a few weeks ago, some initial docs are starting to show up\u003c/li\u003e\n\u003cli\u003eThis docker is \u0026quot;the real thing,\u0026quot; and isn’t using a virtual machine as the backend - as such, it has some limitations\u003c/li\u003e\n\u003cli\u003eThe FreeBSD wiki has a page detailing how it works in general, as well as more info about those limitations\u003c/li\u003e\n\u003cli\u003eWhen running Linux containers, it will only work as well as the Linux ABI compat layer for your version of FreeBSD (11.0, or -CURRENT when we\u0026#39;re recording this, is where all the action is for 64bit support)\u003c/li\u003e\n\u003cli\u003eFor users on 10.X, there\u0026#39;s also a FreeBSD container available, which allows you to use Docker as a fancy jail manager (it uses the jail subsystem internally)\u003c/li\u003e\n\u003cli\u003eGive it a try, let us know how you find it to be compared to other solutions\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/doas\" rel=\"nofollow\"\u003eOpenBSD imports doas, removes sudo\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has included the ubiquitous \u0026quot;sudo\u0026quot; utility for many years now, and the current maintainer of sudo (Todd C. Miller) is also a long-time OpenBSD dev\u003c/li\u003e\n\u003cli\u003eThe version included in the base system was much smaller than the latest current version used elsewhere, but was based on older code\u003c/li\u003e\n\u003cli\u003eSome internal discussion lead to the decision that sudo should probably be moved to ports now, where it can be updated easily and offer all the extra features that were missing in base (LDAP and whatnot)\u003c/li\u003e\n\u003cli\u003eTed Unangst conjured up with a rewritten utility to replace it in the base system, dubbed \u0026quot;do as,\u0026quot; with the aim of being more simple and compact\u003c/li\u003e\n\u003cli\u003eThere were concerns that sudo was too big and too complicated, and a quick \u0026#39;n\u0026#39; dirty check reveals that doas is around 350 lines of code, while sudo is around 10,000 - which would you rather have as a setuid root binary?\u003c/li\u003e\n\u003cli\u003eAfter the initial import, a number of developers began reviewing and improving various bits here and there\u003c/li\u003e\n\u003cli\u003eYou can \u003ca href=\"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/\" rel=\"nofollow\"\u003echeck out the code\u003c/a\u003e now if you\u0026#39;re interested\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1\" rel=\"nofollow\"\u003eCommand usage\u003c/a\u003e and \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.conf.5\" rel=\"nofollow\"\u003econfig syntax\u003c/a\u003e seem pretty straightforward\u003c/li\u003e\n\u003cli\u003eMore \u003ca href=\"https://news.ycombinator.com/item?id=9914693\" rel=\"nofollow\"\u003ediscussion\u003c/a\u003e on HN\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/3d80vt/what_would_you_like_to_see_in_freebsd/\" rel=\"nofollow\"\u003eWhat would you like to see in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd started a reddit thread about areas in which FreeBSD could be improved, asking the community what they\u0026#39;d like to see\u003c/li\u003e\n\u003cli\u003eThere are over \u003cstrong\u003e200\u003c/strong\u003e comments that span a wide range of topics, so we\u0026#39;ll just cover a few of the more popular requests - check the very long thread if you\u0026#39;re interested in more\u003c/li\u003e\n\u003cli\u003eThe top comment says things don\u0026#39;t \u0026quot;just work,\u0026quot; citing failover link aggregation of LACP laggs, PPPoE issues, disorganized jail configuration options, unclear CARP configuration and userland dtrace being unstable\u003c/li\u003e\n\u003cli\u003eAnother common one was that there are \u003cem\u003ethree\u003c/em\u003e firewalls in the base system, with ipfilter and pf being kinda dead now - should they be removed, and more focus put into ipfw?\u003c/li\u003e\n\u003cli\u003eVideo drivers also came up frequently, with users hoping for better OpenGL support and support for newer graphics cards from Intel and AMD - similar comments were made about wireless chipsets as well\u003c/li\u003e\n\u003cli\u003eSome other replies included more clarity with pkgng output, paying more attention to security issues, updating PF to match the one in OpenBSD, improved laptop support, a graphical installer, LibreSSL in base, more focus on embedded MIPS devices, binary packages with different config options, steam support and lots more\u003c/li\u003e\n\u003cli\u003eAt least one user suggested better \u0026quot;marketing\u0026quot; for FreeBSD, with more advocacy and (hopefully) more business adoption\u003c/li\u003e\n\u003cli\u003eThat one really applies to all the BSDs, and regular users (that\u0026#39;s you listening to this) can help make it happen for whichever ones you use \u003cem\u003eright now\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eMaybe Adrian can singlehandedly do all the work and make all the users happy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ryan Lortie \u0026amp; Baptiste Daroussin\u003c/h2\u003e\n\n\u003cp\u003ePorting the latest GNOME code to FreeBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://stable.rcesoftware.com/resflash/\" rel=\"nofollow\"\u003eIntroducing resflash\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you haven\u0026#39;t heard of resflash before, it\u0026#39;s \u0026quot;a tool for building OpenBSD images for embedded and cloud environments in a programmatic, reproducible way\u0026quot;\u003c/li\u003e\n\u003cli\u003eOne of the major benefits to images like this is the read-only filesystem, so there\u0026#39;s no possibility of filesystem corruption if power is lost\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s an optional read-write partition as well, used for any persistent changes you want to make\u003c/li\u003e\n\u003cli\u003eYou can check out the source code \u003ca href=\"https://github.com/bconway/resflash\" rel=\"nofollow\"\u003eon Github\u003c/a\u003e or read the main site for more info\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pid1.com/posts/post10.html\" rel=\"nofollow\"\u003eJails with iocage\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere are a growing number of FreeBSD jail management utilities: ezjail, cbsd, warden and a few others\u003c/li\u003e\n\u003cli\u003eAfter looking at all the different choices, the author of this blog post eventually settled on \u003ca href=\"https://github.com/iocage/iocage\" rel=\"nofollow\"\u003eiocage\u003c/a\u003e for the job\u003c/li\u003e\n\u003cli\u003eThe post walks you through the basic configuration and usage of iocage for creating managing jails\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been unhappy with ezjail or some of the others, iocage might be worth giving a try instead (it also has really good ZFS integration)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-July/207892.html\" rel=\"nofollow\"\u003eDragonFly GPU improvements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFlyBSD continues to up their graphics game, this time with Intel\u0026#39;s ValleyView series of CPUs\u003c/li\u003e\n\u003cli\u003eThese GPUs are primarily used in the newer Atom CPUs and offer much better performance than the older ones\u003c/li\u003e\n\u003cli\u003eA git branch was created to hold the fixes for now while the last remaining bugs get fixed\u003c/li\u003e\n\u003cli\u003eFully-accelerated Broadwell support and an update to newer DRM code are also available in the git branch, and will be merged to the main tree after some testing\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/branchless-development\" rel=\"nofollow\"\u003eBranchless development\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst has a new blog post up, talking about software branches and the effects of having (or not having) them\u003c/li\u003e\n\u003cli\u003eHe covers integrating and merging code, and the versioning problems that can happen with multiple people contributing at once\u003c/li\u003e\n\u003cli\u003e\u0026quot;For an open source project, branching is counter intuitively antisocial. For instance, I usually tell people I’m running OpenBSD, but that’s kind of a lie. I’m actually running teduBSD, which is like OpenBSD but has some changes to make it even better. Of course, you can’t have teduBSD because I’m selfish. I’m also lazy, and only inclined to make my changes work for me, not everyone else.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe solution, according to him, is bringing all the code the developers are using closer together\u003c/li\u003e\n\u003cli\u003eOne big benefit is that WIP code gets tested much faster (and bugs get fixed early on)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21yQtBCCK\" rel=\"nofollow\"\u003eMatthew writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21oFA80kY\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2JYvTlJlm\" rel=\"nofollow\"\u003eAnonymous writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21LXvk53z\" rel=\"nofollow\"\u003eBill writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we'll be talking with Ryan Lortie and Baptiste Daroussin about GNOME on BSD. Upstream development is finally treating the BSDs as a first class citizen, so we'll hear about how the recent porting efforts have been since.","date_published":"2015-07-22T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c234f2ea-9f17-4c25-bd28-db41586b32de.mp3","mime_type":"audio/mpeg","size_in_bytes":57071380,"duration_in_seconds":4755}]},{"id":"ed9812b6-0041-42fd-804b-8cf3e5bba0fc","title":"98: Our Code is Your Code","url":"https://www.bsdnow.tv/98","content_text":"Coming up this time on the show, we'll be talking with the CTO of Xinuos, David Meyer, about their adoption of FreeBSD. We also discuss the BSD license model for businesses and the benefits of contributing changes back.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEnabling FreeBSD on AArch64\n\n\nOne of the things the FreeBSD foundation has been dumping money into lately is ARM64 support, but we haven't heard too much about it - this article should change that\nSince it's on a mainstream ARM site, the article begins with a bit of FreeBSD history, leading up to the current work on ARM64\nThere's also a summary of some of the ARM work done at this year's BSDCan, including details about running it on the Cavium ThunderX platform (which has 48 cores)\nAs of just a couple months ago, dtrace is even working on this new architecture\nCome 11.0-RELEASE, the plan is for ARM64 to get the same \"tier 1\" treatment as X86, which would imply binary updates for base and ports - something Raspberry Pi users often complain about not having\n***\n\n\nOpenBSD's tcpdump detailed\n\n\nMost people are probably familiar with tcpdump, a very useful packet sniffing and capturing utility that's included in all the main BSD base systems\nThis video guide is specifically about the version in OpenBSD, which has gone through some major changes (it's pretty much a fork with no version number anymore)\nUnlike on the other platforms, OpenBSD's tcpdump will always run in a chroot as an unprivileged user - this has saved it from a number of high-profile exploits\nIt also has support for the \"pf.os\" system, allowing you to filter out operating system fingerprints in the packet captures\nThere's also PF (and pflog) integration, letting you see which line in your ruleset triggered a specific match\nBeing able to run tcpdump directly on your router is pretty awesome for troubleshooting\n***\n\n\nMore FreeBSD foundation at BSDCan\n\n\nThe FreeBSD foundation has another round of trip reports from this year's BSDCan\nFirst up is Kamil Czekirda, who gives a good summary of some of the devsummit, FreeBSD-related presentations, some tutorials, getting freebsd-update bugs fixed and of course eating cake\nA second post from Christian Brueffer, who cleverly planned ahead to avoid jetlag, details how he got some things done during the FreeBSD devsummit\nTheir third report is from our buddy Warren Block, who (unsurprisingly) worked on a lot of documentation-related things, including getting more people involved with writing them\nIn true doc team style, his report is the most well-written of the bunch, including lots of links and a clear separation of topics (doc lounge, contributing to the wiki, presentations...)\nFinally, the fourth one comes to us from Shonali Balakrishna, who also gives an outline of some of the talks\n\"Not only does a BSD conference have way too many very smart people in one room, but also some of the nicest.\"\n***\n\n\nDragonFly on the Chromebook C720\n\n\nIf you've got one of the Chromebook laptops and weren't happy with the included OS, DragonFlyBSD might be worth a go\nThis article is a \"mini-report\" on how DragonFly functions on the device as a desktop, and \nWhile the 2GB of RAM proved to be a bit limiting, most of the hardware is well-supported\nDragonFly's wiki has a full guide on getting set up on one of these devices as well\n***\n\n\nInterview - David Meyer - info@xinuos.com / @xinuos\n\nXinuos, BSD license model vs. others, community interaction\n\n\n\nNews Roundup\n\nIntroducing LiteBSD\n\n\nWe definitely don't talk about 4.4BSD a lot on the show\nLiteBSD is \"a variant of [the] 4.4BSD operating system adapted for microcontrollers\"\nIf you've got really, really old hardware (or are working in the embedded space) then this might be an interesting hobby project to look info\n***\n\n\nHardenedBSD announces ASLR completion\n\n\nHardenedBSD, now officially a full-on fork of FreeBSD, has declared their ASLR patchset to be complete\nThe latest and last addition to the work was VDSO (Virtual Dynamic Shared Object) randomization, which is now configurable with a sysctl\nThis post gives a summary of the six main features they've added since the beginning\nOnly a few small things are left to do - man page cleanups, possibly shared object load order improvements\n***\n\n\nUnlock the reaper\n\n\nIn the ongoing quest to make more of OpenBSD SMP-friendly, a new patch was posted that unlocks the reaper in the kernel\nWhen there's a zombie process causing a resource leak, it's the reaper's job to deallocate their resources (and yes we're still talking about computers, not horror movies)\nInitial testing has yielded positive results and no regressions\nThey're looking for testers, so you can install a -current snapshot and get it automatically\nAn updated version of the patch is coming soon too\nA hackathon is going on right now, so you can expect more SMP improvements in the near future\n***\n\n\nThe importance of mentoring\n\n\nAdrian Chadd has a blog post up about mentoring new users, and it tells the story of how he originally got into FreeBSD\nHe tells the story of, at age 11, meeting someone else who knew about making crystal sets that became his role model\nEventually we get to his first FreeBSD 1.1 installation (which he temporarily abandoned for Linux, since it didn't have a color \"ls\" command) and how he started using the OS\nNowadays, there's a formal mentoring system in FreeBSD\nWhile he talks about FreeBSD in the post, a lot of the concepts apply to all the BSDs (or even just life in general)\n***\n\n\nFeedback/Questions\n\n\nSean writes in\nHerminio writes in\nStuart writes in\nRichard writes in\n***\n","content_html":"\u003cp\u003eComing up this time on the show, we\u0026#39;ll be talking with the CTO of Xinuos, David Meyer, about their adoption of FreeBSD. We also discuss the BSD license model for businesses and the benefits of contributing changes back.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://community.arm.com/groups/processors/blog/2015/07/07/enabling-freebsd-on-aarch64\" rel=\"nofollow\"\u003eEnabling FreeBSD on AArch64\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the things the FreeBSD foundation has been dumping money into lately is ARM64 support, but we haven\u0026#39;t heard too much about it - this article should change that\u003c/li\u003e\n\u003cli\u003eSince it\u0026#39;s on a mainstream ARM site, the article begins with a bit of FreeBSD history, leading up to the current work on ARM64\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a summary of some of the ARM work done at this year\u0026#39;s BSDCan, including details about running it on the Cavium ThunderX platform (which has 48 cores)\u003c/li\u003e\n\u003cli\u003eAs of just a couple months ago, dtrace is even working on this new architecture\u003c/li\u003e\n\u003cli\u003eCome 11.0-RELEASE, the plan is for ARM64 to get the same \u0026quot;tier 1\u0026quot; treatment as X86, which would imply binary updates for base and ports - something Raspberry Pi users often complain about not having\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=8kR-tW1kyDc#t=8\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s tcpdump detailed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMost people are probably familiar with \u003ca href=\"https://en.wikipedia.org/wiki/Tcpdump\" rel=\"nofollow\"\u003etcpdump\u003c/a\u003e, a very useful packet sniffing and capturing utility that\u0026#39;s included in all the main BSD base systems\u003c/li\u003e\n\u003cli\u003eThis video guide is specifically about the version in OpenBSD, which has gone through some major changes (it\u0026#39;s pretty much a fork with no version number anymore)\u003c/li\u003e\n\u003cli\u003eUnlike on the other platforms, OpenBSD\u0026#39;s tcpdump will always run in a chroot as an unprivileged user - this has saved it from a number of high-profile exploits\u003c/li\u003e\n\u003cli\u003eIt also has support for the \u0026quot;pf.os\u0026quot; system, allowing you to filter out operating system fingerprints in the packet captures\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also PF (and pflog) integration, letting you see which line in your ruleset triggered a specific match\u003c/li\u003e\n\u003cli\u003eBeing able to run tcpdump directly \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eon your router\u003c/a\u003e is pretty awesome for troubleshooting\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/07/bsdcan-2015-trip-report-kamil-czekirda.html\" rel=\"nofollow\"\u003eMore FreeBSD foundation at BSDCan\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has another round of trip reports from this year\u0026#39;s BSDCan\u003c/li\u003e\n\u003cli\u003eFirst up is Kamil Czekirda, who gives a good summary of some of the devsummit, FreeBSD-related presentations, some tutorials, getting freebsd-update bugs fixed and of course eating cake\u003c/li\u003e\n\u003cli\u003eA \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/07/bsdcan-2015-trip-report-christian.html\" rel=\"nofollow\"\u003esecond post\u003c/a\u003e from Christian Brueffer, who cleverly planned ahead to avoid jetlag, details how he got some things done during the FreeBSD devsummit\u003c/li\u003e\n\u003cli\u003eTheir \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/07/bsdcan-2015-trip-report-warren-block.html\" rel=\"nofollow\"\u003ethird report\u003c/a\u003e is from our buddy Warren Block, who (unsurprisingly) worked on a lot of documentation-related things, including getting more people involved with writing them\u003c/li\u003e\n\u003cli\u003eIn true doc team style, his report is the most well-written of the bunch, including lots of links and a clear separation of topics (doc lounge, contributing to the wiki, presentations...)\u003c/li\u003e\n\u003cli\u003eFinally, the \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/07/bsdcan-2015-trip-report-shonali.html\" rel=\"nofollow\"\u003efourth one\u003c/a\u003e comes to us from Shonali Balakrishna, who also gives an outline of some of the talks\u003c/li\u003e\n\u003cli\u003e\u0026quot;Not only does a BSD conference have way too many very smart people in one room, but also some of the nicest.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2015/07/08/16391.html\" rel=\"nofollow\"\u003eDragonFly on the Chromebook C720\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve got one of the Chromebook laptops and weren\u0026#39;t happy with the included OS, DragonFlyBSD might be worth a go\u003c/li\u003e\n\u003cli\u003eThis article is a \u0026quot;mini-report\u0026quot; on how DragonFly functions on the device as a desktop, and \u003c/li\u003e\n\u003cli\u003eWhile the 2GB of RAM proved to be a bit limiting, most of the hardware is well-supported\u003c/li\u003e\n\u003cli\u003eDragonFly\u0026#39;s wiki has \u003ca href=\"http://www.dragonflybsd.org/docs/newhandbook/ConfigChromebook/\" rel=\"nofollow\"\u003ea full guide\u003c/a\u003e on getting set up on one of these devices as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - David Meyer - \u003ca href=\"mailto:info@xinuos.com\" rel=\"nofollow\"\u003einfo@xinuos.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/xinuos\" rel=\"nofollow\"\u003e@xinuos\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eXinuos, BSD license model vs. others, community interaction\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/sergev/LiteBSD\" rel=\"nofollow\"\u003eIntroducing LiteBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe definitely don\u0026#39;t talk about 4.4BSD a lot on the show\u003c/li\u003e\n\u003cli\u003eLiteBSD is \u0026quot;a variant of [the] 4.4BSD operating system adapted for microcontrollers\u0026quot;\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve got really, really old hardware (or are working in the embedded space) then this might be an interesting hobby project to look info\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hardenedbsd.org/article/shawn-webb/2015-07-06/announcing-aslr-completion\" rel=\"nofollow\"\u003eHardenedBSD announces ASLR completion\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHardenedBSD, now officially \u003ca href=\"http://hardenedbsd.org/content/about\" rel=\"nofollow\"\u003ea full-on fork of FreeBSD\u003c/a\u003e, has declared their ASLR patchset to be complete\u003c/li\u003e\n\u003cli\u003eThe latest and last addition to the work was VDSO (Virtual Dynamic Shared Object) randomization, which is now configurable with a sysctl\u003c/li\u003e\n\u003cli\u003eThis post gives a summary of the six main features they\u0026#39;ve added since \u003ca href=\"http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover\" rel=\"nofollow\"\u003ethe beginning\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly a few small things are left to do - man page cleanups, possibly shared object load order improvements\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143636371501474\u0026w=2\" rel=\"nofollow\"\u003eUnlock the reaper\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn the ongoing quest to make more of OpenBSD SMP-friendly, a new patch was posted that unlocks the reaper in the kernel\u003c/li\u003e\n\u003cli\u003eWhen there\u0026#39;s a \u003ca href=\"https://en.wikipedia.org/wiki/Zombie_process\" rel=\"nofollow\"\u003ezombie process\u003c/a\u003e causing a resource leak, it\u0026#39;s the \u003ca href=\"https://en.wikipedia.org/wiki/Wait_%28system_call%29\" rel=\"nofollow\"\u003ereaper\u0026#39;s job\u003c/a\u003e to deallocate their resources (and yes we\u0026#39;re still talking about computers, not horror movies)\u003c/li\u003e\n\u003cli\u003eInitial testing has yielded \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143642748717836\u0026w=2\" rel=\"nofollow\"\u003epositive\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143639356810690\u0026w=2\" rel=\"nofollow\"\u003eresults\u003c/a\u003e and \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143638955809675\u0026w=2\" rel=\"nofollow\"\u003eno regressions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re looking for testers, so you can install a -current snapshot and get it automatically\u003c/li\u003e\n\u003cli\u003eAn updated version of the patch is \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143643025118637\u0026w=2\" rel=\"nofollow\"\u003ecoming soon\u003c/a\u003e too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.openbsd.org/images/hackathons/c2k15-s.gif\" rel=\"nofollow\"\u003eA hackathon\u003c/a\u003e is going on \u003cem\u003eright now\u003c/em\u003e, so you can expect more SMP improvements in the near future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2015/07/the-importance-of-mentoring-or-how-i.html\" rel=\"nofollow\"\u003eThe importance of mentoring\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd has a blog post up about mentoring new users, and it tells the story of how he originally got into FreeBSD\u003c/li\u003e\n\u003cli\u003eHe tells the story of, at age 11, meeting someone else who knew about making crystal sets that became his role model\u003c/li\u003e\n\u003cli\u003eEventually we get to his first FreeBSD 1.1 installation (which he temporarily abandoned for Linux, since it didn\u0026#39;t have a color \u0026quot;ls\u0026quot; command) and how he started using the OS\u003c/li\u003e\n\u003cli\u003eNowadays, there\u0026#39;s a formal mentoring system in FreeBSD\u003c/li\u003e\n\u003cli\u003eWhile he talks about FreeBSD in the post, a lot of the concepts apply to all the BSDs (or even just life in general)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s29LpvIxDD\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21I1MZsDl\" rel=\"nofollow\"\u003eHerminio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20kk3ilM6\" rel=\"nofollow\"\u003eStuart writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2pL5xA80B\" rel=\"nofollow\"\u003eRichard writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this time on the show, we'll be talking with the CTO of Xinuos, David Meyer, about their adoption of FreeBSD. We also discuss the BSD license model for businesses and the benefits of contributing changes back.","date_published":"2015-07-15T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ed9812b6-0041-42fd-804b-8cf3e5bba0fc.mp3","mime_type":"audio/mpeg","size_in_bytes":53150260,"duration_in_seconds":4429}]},{"id":"8ae01f5e-8be5-4cbc-bb95-094f2d536681","title":"97: Big Network, SmallWall","url":"https://www.bsdnow.tv/97","content_text":"Coming up this time on the show, we'll be chatting with Lee Sharp. He's recently revived the m0n0wall codebase, now known as SmallWall, and we'll find out what the future holds for this new addition to the BSD family. Answers to your emails and all this week's news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan and pkgsrcCon videos\n\n\nEven more BSDCan 2015 videos are slowly but surely making their way to the internet\nNigel Williams, Multipath TCP for FreeBSD\nStephen Bourne, Early days of Unix and design of sh\nJohn Criswell, Protecting FreeBSD with Secure Virtual Architecture\nShany Michaely, Expanding RDMA capability over Ethernet in FreeBSD\nJohn-Mark Gurney, Adding AES-ICM and AES-GCM to OpenCrypto\nSevan Janiyan, Adventures in building open source software\nAnd finally, the BSDCan 2015 closing\nSome videos from this year's pkgsrcCon are also starting to appear online\nSevan Janiyan, A year of pkgsrc 2014 - 2015\nPierre Pronchery, pkgsrc meets pkg-ng\nJonathan Perkin, pkgsrc at Joyent\nJörg Sonnenberger, pkg_install script framework\nBenny Siegert, New Features in BulkTracker\nThis is the first time we've ever seen recordings from the conference - hopefully they continue this trend\n***\n\n\nOPNsense 15.7 released\n\n\nThe OPNsense team has released version 15.7, almost exactly six months after their initial debut\nIn addition to pulling in the latest security fixes from upstream FreeBSD, 15.7 also includes new integration of an intrusion detection system (and new GUI for it) as well as new blacklisting options for the proxy server\nTaking a note from upstream PF's playbook, ALTQ traffic shaping support has finally been retired as of this release (it was deprecated from OpenBSD a few years ago, and the code was completely removed just over a year ago)\nThe LibreSSL flavor has been promoted to production-ready, and users can easily migrate over from OpenSSL via the GUI - switching between the two is simple; no commitment needed\nVarious third party ports have also been bumped up to their latest versions to keep things fresh, and there's the usual round of bug fixes included\nShortly afterwards, 15.7.1 was released with a few more small fixes\n***\n\n\nNetBSD at Open Source Conference 2015 Okinawa\n\n\nIf you liked last week's episode then you'll probably know what to expect with this one\nThe NetBSD users group of Japan hit another open source conference, this time in Okinawa\nThis time, they had a few interesting NetBSD machines on display that we didn't get to see in the interview last week\nWe'd love to see something like this in North America or Europe too - anyone up for installing BSD on some interesting devices and showing them off at a Linux con?\n***\n\n\nOpenBSD BGP and VRFs\n\n\n\"VRFs, or in OpenBSD rdomains, are a simple, yet powerful (and sometimes confusing) topic\"\nThis article aims to explain both BGP and rdomains, using network diagrams, for some network isolation goodness\nWith multiple rdomains, it's also possible to have two upstream internet connections, but lock different groups of your internal network to just one of them\nThe idea of a \"guest network\" can greatly benefit from this separation as well, even allowing for the same IP ranges to be used without issues\nCombining rdomains with the BGP protocol allows for some very selective and precise blocking/passing of traffic between networks, which is also covered in detail here\nThe BSDCan talk on rdomains expands on the subject a bit more if you haven't seen it, as well as a few related posts\n***\n\n\nInterview - Lee Sharp - lee@smallwall.org\n\nSmallWall, a continuation of m0n0wall\n\n\n\nNews Roundup\n\nSolaris adopts more BSD goodies\n\n\nWe mentioned a while back that Oracle developers have begun porting a current version of OpenBSD's PF firewall to their next version, even contributing back patches for SMP and other bug fixes\nThey recently published an article about PF, talking about what's different about it on their platform compared to others - not especially useful for BSD users, but interesting to read if you like firewalls\nDarren Moffat, who was part of originally getting an SSH implementation into Solaris, has a second blog post up about their \"SunSSH\" fork\nGoing forward, their next version is going to offer a completely vanilla OpenSSH option as well, with the plan being to phase out SunSSH after that\nThe article talks a bit about the history of getting SSH into the OS, forking the code and also lists some of the differences between the two\nIn a third blog post, they talk about a new system call they're borrowing from OpenBSD, getentropy(2), as well as the addition of arc4random to their libc\nWith an up-to-date and SMP-capable PF, ZFS with native encryption, jail-like Zones, unaltered OpenSSH and secure entropy calls… is Solaris becoming better than us?\nLook forward to the upcoming \"Solaris Now\" podcast (not really)\n***\n\n\nEuroBSDCon 2015 talks and tutorials\n\n\nThis year's EuroBSDCon is set to be held in Sweden at the beginning of October, and the preliminary list of accepted presentations has been published\nThe list looks pretty well-balanced between the different BSDs, something Paul would be happy to see if he was still with us\nIt even includes an interesting DragonFly talk and a couple talks from NetBSD developers, in addition to plenty of FreeBSD and OpenBSD of course\nThere are also a few tutorials planned for the event, some you've probably seen already and some you haven't\nRegistration for the event will be opening very soon (likely this week or next)\n***\n\n\nUsing ZFS replication to improve offsite backups\n\n\nIf you take backups seriously, you're probably using ZFS and probably keeping an offsite copy of the data\nThis article covers doing just that, but with a focus on making use of the replication capability\nIt'll walk you through taking a snapshot of your pool and then replicating it to another remote system, using \"zfs send\" and SSH - this has the benefit of only transferring the files that have changed since the last time you did it\nSteps are also taken to allow a regular user to take and manage snapshots, so you don't need to be root for the SSH transfer\nData integrity is a long process - filesystem-level checksums, resistance to hardware failure, ECC memory, multiple copies in different locations... they all play a role in keeping your files secure; don't skip out on any of them\nOne thing the author didn't mention in his post: having an offline copy of the data, ideally sealed in a safe place, is also important\n***\n\n\nBlock encryption in OpenBSD\n\n\nWe've covered ways to do fully-encrypted installations of OpenBSD (and FreeBSD) before, but that requires dedicating a whole drive or partition to the sensitive data\nThis blog post takes you through the process of creating encrypted containers in OpenBSD, à la TrueCrypt - that is, a file-backed virtual device with an encrypted filesystem\nIt goes through creating a file that looks like random data, pointing vnconfig at it, setting up the crypto and finally using it as a fake storage device\nThe encrypted container method offers the advantage of being a bit more portable across installations than other ways\n***\n\n\nDocker hits FreeBSD ports\n\n\nThe inevitable has happened, and an early FreeBSD port of docker is finally here \nSome details and directions are available to read if you'd like to give it a try, as well as a list of which features work and which don't\nThere was also some Hacker News discussion on the topic\n***\n\n\nMicrosoft donates to OpenSSH\n\n\nWe've talked about big businesses using BSD and contributing back before, even mentioning a few other large public donations - now it's Microsoft's turn\nWith their recent decision to integrate OpenSSH into an upcoming Windows release, Microsoft has donated a large sum of money to the OpenBSD foundation, making them a gold-level sponsor\nThey've also posted some contract work offers on the OpenSSH mailing list, and say that their changes will be upstreamed if appropriate - we're always glad to see this\n***\n\n\nFeedback/Questions\n\n\nJoe writes in\nMike writes in\nRandy writes in\nTony writes in\nKevin writes in\n***\n","content_html":"\u003cp\u003eComing up this time on the show, we\u0026#39;ll be chatting with Lee Sharp. He\u0026#39;s recently revived the m0n0wall codebase, now known as SmallWall, and we\u0026#39;ll find out what the future holds for this new addition to the BSD family. Answers to your emails and all this week\u0026#39;s news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/channel/UCAEx6zhR2sD2pAGKezasAjA/videos\" rel=\"nofollow\"\u003eBSDCan and pkgsrcCon videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEven more BSDCan 2015 videos are slowly but surely making their way to the internet\u003c/li\u003e\n\u003cli\u003eNigel Williams, \u003ca href=\"https://www.youtube.com/watch?v=P3vB_FWtyIs\" rel=\"nofollow\"\u003eMultipath TCP for FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStephen Bourne, \u003ca href=\"https://www.youtube.com/watch?v=2kEJoWfobpA\" rel=\"nofollow\"\u003eEarly days of Unix and design of sh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohn Criswell, \u003ca href=\"https://www.youtube.com/watch?v=hRIC_aF_u24\" rel=\"nofollow\"\u003eProtecting FreeBSD with Secure Virtual Architecture\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShany Michaely, \u003ca href=\"https://www.youtube.com/watch?v=stsaeKvF3no\" rel=\"nofollow\"\u003eExpanding RDMA capability over Ethernet in FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohn-Mark Gurney, \u003ca href=\"https://www.youtube.com/watch?v=JaufZ7yCrLU\" rel=\"nofollow\"\u003eAdding AES-ICM and AES-GCM to OpenCrypto\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSevan Janiyan, \u003ca href=\"https://www.youtube.com/watch?v=-HMXyzybgdM\" rel=\"nofollow\"\u003eAdventures in building\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=Xof-uKnQ6cY\" rel=\"nofollow\"\u003eopen source software\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnd finally, \u003ca href=\"https://www.youtube.com/watch?v=Ynm0bGnYdfY\" rel=\"nofollow\"\u003ethe BSDCan 2015 closing\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSome \u003ca href=\"https://vimeo.com/channels/pkgsrccon/videos\" rel=\"nofollow\"\u003evideos\u003c/a\u003e from this year\u0026#39;s \u003ca href=\"http://pkgsrc.org/pkgsrcCon/2015/\" rel=\"nofollow\"\u003epkgsrcCon\u003c/a\u003e are also starting to appear online\u003c/li\u003e\n\u003cli\u003eSevan Janiyan, \u003ca href=\"https://vimeo.com/channels/pkgsrccon/132767946\" rel=\"nofollow\"\u003eA year of pkgsrc 2014 - 2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePierre Pronchery, \u003ca href=\"https://vimeo.com/channels/pkgsrccon/132766052\" rel=\"nofollow\"\u003epkgsrc meets pkg-ng\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJonathan Perkin, \u003ca href=\"https://vimeo.com/channels/pkgsrccon/132760863\" rel=\"nofollow\"\u003epkgsrc at Joyent\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJörg Sonnenberger, \u003ca href=\"https://vimeo.com/channels/pkgsrccon/132757658\" rel=\"nofollow\"\u003epkg_install script framework\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBenny Siegert, \u003ca href=\"https://vimeo.com/channels/pkgsrccon/132751897\" rel=\"nofollow\"\u003eNew Features in BulkTracker\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis is the first time we\u0026#39;ve ever seen recordings from the conference - hopefully they continue this trend\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=839.0\" rel=\"nofollow\"\u003eOPNsense 15.7 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OPNsense team has released version 15.7, almost exactly six months after \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach\" rel=\"nofollow\"\u003etheir initial debut\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn addition to pulling in the latest security fixes from upstream FreeBSD, 15.7 also includes new integration of an intrusion detection system (and new GUI for it) as well as new blacklisting options for the proxy server\u003c/li\u003e\n\u003cli\u003eTaking a note from upstream PF\u0026#39;s playbook, ALTQ traffic shaping support has finally been retired as of this release (it was deprecated from OpenBSD a few years ago, and the code was \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140419151959\" rel=\"nofollow\"\u003ecompletely removed\u003c/a\u003e just over a year ago)\u003c/li\u003e\n\u003cli\u003eThe LibreSSL flavor has been promoted to production-ready, and users can easily migrate over from OpenSSL via the GUI - switching between the two is simple; no commitment needed\u003c/li\u003e\n\u003cli\u003eVarious third party ports have also been bumped up to their latest versions to keep things fresh, and there\u0026#39;s the usual round of bug fixes included\u003c/li\u003e\n\u003cli\u003eShortly afterwards, \u003ca href=\"https://forum.opnsense.org/index.php?topic=915.0\" rel=\"nofollow\"\u003e15.7.1\u003c/a\u003e was released with a few more small fixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/07/04/msg000688.html\" rel=\"nofollow\"\u003eNetBSD at Open Source Conference 2015 Okinawa\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you liked \u003ca href=\"http://www.bsdnow.tv/episodes/2015_07_01-lost_technology\" rel=\"nofollow\"\u003elast week\u0026#39;s episode\u003c/a\u003e then you\u0026#39;ll probably know what to expect with this one\u003c/li\u003e\n\u003cli\u003eThe NetBSD users group of Japan hit another open source conference, this time in Okinawa\u003c/li\u003e\n\u003cli\u003eThis time, they had a few interesting NetBSD machines on display that we didn\u0026#39;t get to see in the interview last week\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;d love to see something like this in North America or Europe too - anyone up for installing BSD on some interesting devices and showing them off at a Linux con?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://firstyear.id.au/entry/21\" rel=\"nofollow\"\u003eOpenBSD BGP and VRFs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;\u003ca href=\"https://en.wikipedia.org/wiki/Virtual_routing_and_forwarding\" rel=\"nofollow\"\u003eVRFs\u003c/a\u003e, or in OpenBSD rdomains, are a simple, yet powerful (and sometimes confusing) topic\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis article aims to explain both BGP and rdomains, using network diagrams, for some network isolation goodness\u003c/li\u003e\n\u003cli\u003eWith multiple rdomains, it\u0026#39;s also possible to have two upstream internet connections, but lock different groups of your internal network to just one of them\u003c/li\u003e\n\u003cli\u003eThe idea of a \u0026quot;guest network\u0026quot; can greatly benefit from this separation as well, even allowing for the same IP ranges to be used without issues\u003c/li\u003e\n\u003cli\u003eCombining rdomains with the BGP protocol allows for some very selective and precise blocking/passing of traffic between networks, which is also covered in detail here\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"https://www.youtube.com/watch?v=BizrC8Zr-YY\" rel=\"nofollow\"\u003eBSDCan talk on rdomains\u003c/a\u003e expands on the subject a bit more if you haven\u0026#39;t seen it, as well as a few \u003ca href=\"https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/\" rel=\"nofollow\"\u003erelated\u003c/a\u003e \u003ca href=\"http://cybermashup.com/2013/05/21/complex-routing-with-openbsd/\" rel=\"nofollow\"\u003eposts\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Lee Sharp - \u003ca href=\"mailto:lee@smallwall.org\" rel=\"nofollow\"\u003elee@smallwall.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://smallwall.org\" rel=\"nofollow\"\u003eSmallWall\u003c/a\u003e, a continuation of m0n0wall\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blogs.oracle.com/solarisfw/entry/pf_for_solaris\" rel=\"nofollow\"\u003eSolaris adopts more BSD goodies\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned a while back that Oracle developers have begun porting a current version of OpenBSD\u0026#39;s PF firewall to their next version, even contributing back patches for SMP and other bug fixes\u003c/li\u003e\n\u003cli\u003eThey recently published an article about PF, talking about what\u0026#39;s different about it on their platform compared to others - not especially useful for BSD users, but interesting to read if you like firewalls\u003c/li\u003e\n\u003cli\u003eDarren Moffat, who was part of originally getting an SSH implementation into Solaris, has a \u003ca href=\"https://blogs.oracle.com/darren/entry/openssh_in_solaris_11_3\" rel=\"nofollow\"\u003esecond blog post\u003c/a\u003e up about their \u0026quot;SunSSH\u0026quot; fork\u003c/li\u003e\n\u003cli\u003eGoing forward, their next version is going to offer a completely vanilla OpenSSH option as well, with the plan being to phase out SunSSH after that\u003c/li\u003e\n\u003cli\u003eThe article talks a bit about the history of getting SSH into the OS, forking the code and also lists some of the differences between the two\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"https://blogs.oracle.com/darren/entry/solaris_new_system_calls_getentropy\" rel=\"nofollow\"\u003ea third blog post\u003c/a\u003e, they talk about a new system call they\u0026#39;re borrowing from OpenBSD, \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2\" rel=\"nofollow\"\u003egetentropy(2)\u003c/a\u003e, as well as the addition of \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/arc4random.3\" rel=\"nofollow\"\u003earc4random\u003c/a\u003e to their libc\u003c/li\u003e\n\u003cli\u003eWith an up-to-date and SMP-capable PF, ZFS with native encryption, jail-like Zones, unaltered OpenSSH and secure entropy calls… is Solaris becoming \u003cem\u003ebetter than us\u003c/em\u003e?\u003c/li\u003e\n\u003cli\u003eLook forward to the upcoming \u0026quot;Solaris Now\u0026quot; podcast \u003csub\u003e(not really)\u003c/sub\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2015.eurobsdcon.org/talks/\" rel=\"nofollow\"\u003eEuroBSDCon 2015 talks and tutorials\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s EuroBSDCon is set to be held in Sweden at the beginning of October, and the preliminary list of accepted presentations has been published\u003c/li\u003e\n\u003cli\u003eThe list looks pretty well-balanced between the different BSDs, something Paul would be happy to see if he was still with us\u003c/li\u003e\n\u003cli\u003eIt even includes an interesting DragonFly talk and a couple talks from NetBSD developers, in addition to plenty of FreeBSD and OpenBSD of course\u003c/li\u003e\n\u003cli\u003eThere are also \u003ca href=\"https://2015.eurobsdcon.org/tutorials/\" rel=\"nofollow\"\u003ea few tutorials\u003c/a\u003e planned for the event, some you\u0026#39;ve probably seen already and some you haven\u0026#39;t\u003c/li\u003e\n\u003cli\u003eRegistration for the event will be opening very soon (likely this week or next)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.iceflatline.com/2015/07/using-zfs-replication-features-in-freebsd-to-improve-my-offsite-backups/\" rel=\"nofollow\"\u003eUsing ZFS replication to improve offsite backups\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you take backups seriously, you\u0026#39;re probably using ZFS and probably keeping an offsite copy of the data\u003c/li\u003e\n\u003cli\u003eThis article covers doing just that, but with a focus on making use of the replication capability\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll walk you through taking a snapshot of your pool and then replicating it to another remote system, using \u0026quot;zfs send\u0026quot; and SSH - this has the benefit of only transferring the files that have changed since the last time you did it\u003c/li\u003e\n\u003cli\u003eSteps are also taken to allow a regular user to take and manage snapshots, so you don\u0026#39;t need to be root for the SSH transfer\u003c/li\u003e\n\u003cli\u003eData integrity is a long process - filesystem-level checksums, resistance to hardware failure, ECC memory, multiple copies in different locations... they all play a role in keeping your files secure; don\u0026#39;t skip out on any of them\u003c/li\u003e\n\u003cli\u003eOne thing the author didn\u0026#39;t mention in his post: having an \u003cstrong\u003eoffline\u003c/strong\u003e copy of the data, ideally sealed in a safe place, is also important\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://anadoxin.org/blog/blog/20150705/block-encryption-in-openbsd/\" rel=\"nofollow\"\u003eBlock encryption in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve \u003ca href=\"http://www.bsdnow.tv/tutorials/fde\" rel=\"nofollow\"\u003ecovered\u003c/a\u003e ways to do fully-encrypted installations of OpenBSD (and FreeBSD) before, but that requires dedicating a whole drive or partition to the sensitive data\u003c/li\u003e\n\u003cli\u003eThis blog post takes you through the process of creating encrypted \u003cem\u003econtainers\u003c/em\u003e in OpenBSD, à la TrueCrypt - that is, a file-backed virtual device with an encrypted filesystem\u003c/li\u003e\n\u003cli\u003eIt goes through creating a file that looks like random data, pointing \u003cstrong\u003evnconfig\u003c/strong\u003e at it, setting up the crypto and finally using it as a fake storage device\u003c/li\u003e\n\u003cli\u003eThe encrypted container method offers the advantage of being a bit more portable across installations than other ways\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=391421\" rel=\"nofollow\"\u003eDocker hits FreeBSD ports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe inevitable has happened, and an early FreeBSD port of docker is finally here \u003c/li\u003e\n\u003cli\u003eSome \u003ca href=\"https://github.com/kvasdopil/docker/blob/freebsd-compat/FREEBSD-PORTING.md\" rel=\"nofollow\"\u003edetails and directions\u003c/a\u003e are available to read if you\u0026#39;d like to give it a try, as well as a list of which features work and which don\u0026#39;t\u003c/li\u003e\n\u003cli\u003eThere was also some \u003ca href=\"https://news.ycombinator.com/item?id=9840025\" rel=\"nofollow\"\u003eHacker News discussion\u003c/a\u003e on the topic\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150708134520\u0026mode=flat\" rel=\"nofollow\"\u003eMicrosoft donates to OpenSSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked about big businesses using BSD and contributing back before, even mentioning a few other large public donations - now it\u0026#39;s Microsoft\u0026#39;s turn\u003c/li\u003e\n\u003cli\u003eWith their recent decision to integrate OpenSSH into an upcoming Windows release, Microsoft has donated a large sum of money to the OpenBSD foundation, making them a gold-level sponsor\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve also posted some contract work offers on the OpenSSH mailing list, and say that their changes will be upstreamed if appropriate - we\u0026#39;re always glad to see this\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2NqbhwOoH\" rel=\"nofollow\"\u003eJoe writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2T3NEia98\" rel=\"nofollow\"\u003eMike writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20RlTK6Ha\" rel=\"nofollow\"\u003eRandy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2rjCd0bGX\" rel=\"nofollow\"\u003eTony writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21PfSIyG5\" rel=\"nofollow\"\u003eKevin writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this time on the show, we'll be chatting with Lee Sharp. He's recently revived the m0n0wall codebase, now known as SmallWall, and we'll find out what the future holds for this new addition to the BSD family. Answers to your emails and all this week's news, on BSD Now - the place to B.. SD.","date_published":"2015-07-08T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8ae01f5e-8be5-4cbc-bb95-094f2d536681.mp3","mime_type":"audio/mpeg","size_in_bytes":56408980,"duration_in_seconds":4700}]},{"id":"a1813e16-466a-4617-9bb0-24dbdc1cb5f2","title":"96: Lost Technology","url":"https://www.bsdnow.tv/96","content_text":"Coming up this week, we'll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He'll tell us what makes these old (and often forgotten) machines so interesting. As usual, we've also got answers to your emails and all this week's news on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOut with the old, in with the less\n\n\nOur friend Ted Unangst has a new article up, talking about \"various OpenBSD replacements and reductions\"\n\"Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs.\"\nIn the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure\nIt starts off with a lesser-known SCSI driver that \"tried to do too much\" being replaced with three separate drivers\n\"Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver.\"\nIn contrast to that example, he goes on to cite mandoc as taking a very non \"unixy\" direction, but at the same time being smaller and simpler than all the tools it replaced\nThe next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)\nHe also talks about the rewritten \"file\" utility: \"Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it.\"\nFinally, sudo in OpenBSD's base system is moving to ports soon, and the article briefly describes a new tool that may or may not replace it, called \"doas\"\nThere's also a nice wrap-up of all the examples at the end, and the \"Pruning and Polishing\" talk is good complementary reading material\n***\n\n\nMore OpenZFS and BSDCan videos\n\n\nWe mentioned last week that some of the videos from the second OpenZFS conference in Europe were being uploaded - here's some more\nMatt Ahrens did a Q\u0026amp;A session and talked about ZFS send and receive, as well as giving an overview of OpenZFS\nGeorge Wilson talked about a performance retrospective\nToshiba, Syneto and HGST also gave some talks about their companies and how they're using ZFS\nAs for BSDCan, more of their BSD presentations have been uploaded too...\nRyan Stone, PCI SR-IOV on FreeBSD\nGeorge Neville-Neil, Measure Twice, Code Once\nKris Moore, Unifying jail and package management for PC-BSD, FreeNAS and FreeBSD\nWarner Losh, I/O Scheduling in CAM\nKirk McKusick, An Introduction to the Implementation of ZFS\nMidori Kato, Extensions to FreeBSD Datacenter TCP for Incremental Deployment Support\nBaptiste Daroussin, Packaging FreeBSD's base system\nMatt Ahrens, New OpenZFS features supporting remote replication\nEd Schouten, CloudABI Cloud computing meets fine-grained capabilities\nThe audio of Ingo Schwarze's talk \"mandoc: becoming the main BSD manual toolbox\" got messed up, but there's an alternate recording here, and the slides are here\n***\n\n\nSMP steroids for PF\n\n\nAn Oracle employee that's been porting OpenBSD's PF to an upcoming Solaris release has sent in an interesting patch for review\nAttached to the mail was what may be the beginnings of making native PF SMP-aware\nBefore you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind - this is just one piece of the puzzle\nThe initial response has been quite positive though, with some back and forth between developers and the submitter\nFor now, let's be patient and see what happens\n***\n\n\nDragonFly 4.2.0 released\n\n\nDragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes\ni915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release\nSendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there's a wiki page about configuring it\nThey've also switched the default compiler to GCC 5, though why they've gone in that direction instead of embracing Clang is a mystery\nThe announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools\nWork is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement\nThere was also some hacker news discussion you can check out, as well as upgrade instructions\n***\n\n\nOpenSMTPD 5.7.1 released\n\n\nThe OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently\nCrypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default\nThe long-awaited filter API is now enabled by default, though still considered slightly experimental\nDocumentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)\nMany more small additions and bugfixes were made, so check the changelog for the full list\nStarting with 5.7.1, releases are now cryptographically signed to ensure integrity\nThis release has gone through some major stress testing to ensure stability - Gilles regularly asks their Twitter followers to flood a test server with thousands of emails per second, even offering prizes to whoever can DDoS them the hardest\nOpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately\nLet's all encourage Kris to stop procrastinating on switching from Postfix\n***\n\n\nInterview - Jun Ebihara (蛯原純) - jun@netbsd.org / @ebijun\n\nLesser-known CPU architectures, embedded NetBSD devices\n\n\n\nNews Roundup\n\nFreeBSD foundation at BSDCan\n\n\nThe FreeBSD foundation has posted a few BSDCan summaries on their blog\nThe first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: \"Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people.\"\nHe got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily\nTheir second trip report is from Ahmed Kamal, who flew in all the way from Egypt\nA bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum's about MINIX and NetBSD\nThere are also two more wrap-ups from Zbigniew Bodek and Vsevolod Stakhov, so you've got plenty to read\n***\n\n\nOpenBSD from a veteran Linux user perspective\n\n\nIn a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time\n\"For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an 'old-school' Linux admin, and I've felt out of place with the latest changes on the system administration.\"\nThe post is a collection of his thoughts about what's different between Linux and BSD, what surprised him as a beginner - admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags\nOne of the things that surprised him (in a positive way) was the documentation: \"OpenBSD's man pages are so nice that RTFMing somebody on the internet is not condescending but selfless.\"\nHe also goes through some of the basics, installing and updating software, following different branches\nIt concludes with \"If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern.\"\n***\n\n\nFreeBSD on the desktop, am I crazy\n\n\nSimilar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up - this time about FreeBSD on the desktop\nHe begins with a bit of forewarning for potential Linux switchers: \"It certainly wasn't an easy journey, and I'm tempted to say do not try this at home to anybody who isn't going to leverage any of FreeBSD's strong points. Definitely don't try FreeBSD on the desktop if you haven't used it on servers or virtual machines before. It's got less in common with Linux than you might think.\"\nWith that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd\nThe rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash\nAlso worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well\nIn the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too\n***\n\n\nOpenIKED and Cisco CSR 1000v IPSEC\n\n\nThis article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED\nWhat kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud\nThere are lots of details (and example configuration files) for using IKEv2 and OpenBSD's built-in IKE daemon\nIt also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that's afraid to try them… don't be\n***\n\n\nHardenedBSD improves stack randomization\n\n\nThe HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area\nIn their initial implementation, the stack randomization was a random gap - this update makes the base address randomized as well\nThey're now stacking the new on top of the old as well, with the goal being even more entropy\nThis change triggered an ABI and API incompatibility, so their major version has been bumped\n***\n\n\nOpenSSH 6.9 released\n\n\nThe OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes\nThere are a couple new things though - the \"AuthorizedKeysCommand\" config option now takes custom arguments\nOne very notable change is that the default cipher has changed as of this release\nThe traditional pairing of AES128 in counter mode with MD5 HMAC has been replaced by the ever-trendy ChaCha20-Poly1305 combo\nTheir next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to \"no\" by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they're under 1024 bits\nMany small bugs fixes and improvements were also made, so check the announcement for everything else\nThe native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon\n***\n\n\nFeedback/Questions\n\n\nBrad writes in\nMason writes in\nJochen writes in\nSimon writes in\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He\u0026#39;ll tell us what makes these old (and often forgotten) machines so interesting. As usual, we\u0026#39;ve also got answers to your emails and all this week\u0026#39;s news on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/out-with-the-old-in-with-the-less\" rel=\"nofollow\"\u003eOut with the old, in with the less\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend Ted Unangst has a new article up, talking about \u0026quot;various OpenBSD replacements and reductions\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u0026quot;Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIn the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure\u003c/li\u003e\n\u003cli\u003eIt starts off with a lesser-known SCSI driver that \u0026quot;tried to do too much\u0026quot; being replaced with three separate drivers\u003c/li\u003e\n\u003cli\u003e\u0026quot;Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIn contrast to that example, he goes on to cite mandoc as taking a very non \u0026quot;unixy\u0026quot; direction, but at the same time being smaller and simpler than all the tools it replaced\u003c/li\u003e\n\u003cli\u003eThe next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)\u003c/li\u003e\n\u003cli\u003eHe also talks about the rewritten \u0026quot;file\u0026quot; utility: \u0026quot;Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it.\u0026quot;\u003c/li\u003e\n\u003cli\u003eFinally, sudo in OpenBSD\u0026#39;s base system is moving to ports soon, and the article briefly describes a new tool that \u003ca href=\"https://marc.info/?l=openbsd-ports\u0026m=143481227122523\u0026w=2\" rel=\"nofollow\"\u003emay or may not replace it\u003c/a\u003e, called \u0026quot;doas\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a nice wrap-up of all the examples at the end, and the \u0026quot;\u003ca href=\"http://www.openbsd.org/papers/pruning.html\" rel=\"nofollow\"\u003ePruning and Polishing\u003c/a\u003e\u0026quot; talk is good complementary reading material\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow/videos\" rel=\"nofollow\"\u003eMore OpenZFS and BSDCan videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned \u003ca href=\"http://www.bsdnow.tv/episodes/2015_06_24-bitrot_group_therapy\" rel=\"nofollow\"\u003elast week\u003c/a\u003e that some of the videos from the second OpenZFS conference in Europe were being uploaded - here\u0026#39;s some more\u003c/li\u003e\n\u003cli\u003eMatt Ahrens did \u003ca href=\"https://www.youtube.com/watch?v=I6fXZ_6OT5c\" rel=\"nofollow\"\u003ea Q\u0026amp;A session\u003c/a\u003e and talked about ZFS \u003ca href=\"https://www.youtube.com/watch?v=iY44jPMvxog\" rel=\"nofollow\"\u003esend and receive\u003c/a\u003e, as well as giving an \u003ca href=\"https://www.youtube.com/watch?v=RQlMDmnty80\" rel=\"nofollow\"\u003eoverview of OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeorge Wilson talked about a \u003ca href=\"https://www.youtube.com/watch?v=KBI6rRGUv4E\" rel=\"nofollow\"\u003eperformance retrospective\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=sSi47-k78IM\" rel=\"nofollow\"\u003eToshiba\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=Hhje5KEF5cE\" rel=\"nofollow\"\u003eSyneto\u003c/a\u003e and \u003ca href=\"https://www.youtube.com/watch?v=aKgxXipss8k\" rel=\"nofollow\"\u003eHGST\u003c/a\u003e also gave some talks about their companies and how they\u0026#39;re using ZFS\u003c/li\u003e\n\u003cli\u003eAs for BSDCan, more of their BSD presentations have been uploaded too...\u003c/li\u003e\n\u003cli\u003eRyan Stone, \u003ca href=\"https://www.youtube.com/watch?v=INeMd-i5jzM\" rel=\"nofollow\"\u003ePCI SR-IOV on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeorge Neville-Neil, \u003ca href=\"https://www.youtube.com/watch?v=LE4wMsP7zeA\" rel=\"nofollow\"\u003eMeasure Twice, Code Once\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKris Moore, \u003ca href=\"https://www.youtube.com/watch?v=qNYXqpJiFN0\" rel=\"nofollow\"\u003eUnifying jail and package management for PC-BSD, FreeNAS and FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarner Losh, \u003ca href=\"https://www.youtube.com/watch?v=3WqOLolj5EU\" rel=\"nofollow\"\u003eI/O Scheduling in CAM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKirk McKusick, \u003ca href=\"https://www.youtube.com/watch?v=l-RCLgLxuSc\" rel=\"nofollow\"\u003eAn Introduction to the Implementation of ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMidori Kato, \u003ca href=\"https://www.youtube.com/watch?v=zZXvjhWcg_4\" rel=\"nofollow\"\u003eExtensions to FreeBSD Datacenter TCP for Incremental Deployment Support\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBaptiste Daroussin, \u003ca href=\"https://www.youtube.com/watch?v=Br6izhH5P1I\" rel=\"nofollow\"\u003ePackaging FreeBSD\u0026#39;s\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=v7px6ktoDAI\" rel=\"nofollow\"\u003ebase system\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatt Ahrens, \u003ca href=\"https://www.youtube.com/watch?v=UOX7WDAjqso\" rel=\"nofollow\"\u003eNew OpenZFS features supporting remote replication\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEd Schouten, \u003ca href=\"https://www.youtube.com/watch?v=SVdF84x1EdA\" rel=\"nofollow\"\u003eCloudABI Cloud computing meets fine-grained capabilities\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe audio of Ingo Schwarze\u0026#39;s talk \u0026quot;mandoc: becoming the main BSD manual toolbox\u0026quot; got messed up, but there\u0026#39;s an alternate recording \u003ca href=\"http://www.bsdcan.org/2015/audio/mandoc.mp3\" rel=\"nofollow\"\u003ehere\u003c/a\u003e, and the slides are \u003ca href=\"http://www.openbsd.org/papers/bsdcan15-mandoc.pdf\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143526329006942\u0026w=2\" rel=\"nofollow\"\u003eSMP steroids for PF\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn Oracle employee that\u0026#39;s been porting OpenBSD\u0026#39;s PF to an upcoming Solaris release has sent in an interesting patch for review\u003c/li\u003e\n\u003cli\u003eAttached to the mail was what may be the beginnings of making native PF SMP-aware\u003c/li\u003e\n\u003cli\u003eBefore you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind - this is just one piece of the puzzle\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143532243322281\u0026w=2\" rel=\"nofollow\"\u003einitial response\u003c/a\u003e has been quite positive though, with some \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143532963824548\u0026w=2\" rel=\"nofollow\"\u003eback and forth\u003c/a\u003e between developers and the submitter\u003c/li\u003e\n\u003cli\u003eFor now, let\u0026#39;s be patient and see what happens\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/release42/\" rel=\"nofollow\"\u003eDragonFly 4.2.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes\u003c/li\u003e\n\u003cli\u003ei915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release\u003c/li\u003e\n\u003cli\u003eSendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there\u0026#39;s \u003ca href=\"http://www.dragonflybsd.com/docs/docs/newhandbook/mta/\" rel=\"nofollow\"\u003ea wiki page\u003c/a\u003e about configuring it\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve also switched the default compiler to GCC 5, though why they\u0026#39;ve gone in that direction instead of embracing Clang is a mystery\u003c/li\u003e\n\u003cli\u003eThe announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools\u003c/li\u003e\n\u003cli\u003eWork is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement\u003c/li\u003e\n\u003cli\u003eThere was also some \u003ca href=\"https://news.ycombinator.com/item?id=9797932\" rel=\"nofollow\"\u003ehacker news discussion\u003c/a\u003e you can check out, as well as \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-June/207801.html\" rel=\"nofollow\"\u003eupgrade instructions\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://opensmtpd.org/announces/release-5.7.1.txt\" rel=\"nofollow\"\u003eOpenSMTPD 5.7.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently\u003c/li\u003e\n\u003cli\u003eCrypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default\u003c/li\u003e\n\u003cli\u003eThe long-awaited filter API is now enabled by default, though still considered slightly experimental\u003c/li\u003e\n\u003cli\u003eDocumentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)\u003c/li\u003e\n\u003cli\u003eMany more small additions and bugfixes were made, so check the changelog for the full list\u003c/li\u003e\n\u003cli\u003eStarting with 5.7.1, releases are now \u003ca href=\"https://twitter.com/OpenSMTPD/status/613257722574839808\" rel=\"nofollow\"\u003ecryptographically\u003c/a\u003e \u003ca href=\"https://www.opensmtpd.org/archives/opensmtpd-5.7.1.sum.sig\" rel=\"nofollow\"\u003esigned\u003c/a\u003e to ensure integrity\u003c/li\u003e\n\u003cli\u003eThis release has gone through some major stress testing to ensure stability - Gilles regularly asks their Twitter followers to \u003ca href=\"https://twitter.com/OpenSMTPD/status/608399272447471616\" rel=\"nofollow\"\u003eflood a test server\u003c/a\u003e with thousands of emails per second, even \u003ca href=\"https://twitter.com/OpenSMTPD/status/608235180839567360\" rel=\"nofollow\"\u003eoffering prizes\u003c/a\u003e to whoever can DDoS them the hardest\u003c/li\u003e\n\u003cli\u003eOpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately\u003c/li\u003e\n\u003cli\u003eLet\u0026#39;s all \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003eencourage\u003c/a\u003e Kris to stop procrastinating on switching from Postfix\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jun Ebihara (蛯原純) - \u003ca href=\"mailto:jun@netbsd.org\" rel=\"nofollow\"\u003ejun@netbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/ebijun\" rel=\"nofollow\"\u003e@ebijun\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eLesser-known CPU architectures, embedded NetBSD devices\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-steven-douglas.html\" rel=\"nofollow\"\u003eFreeBSD foundation at BSDCan\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has posted a few BSDCan summaries on their blog\u003c/li\u003e\n\u003cli\u003eThe first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: \u0026quot;Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily\u003c/li\u003e\n\u003cli\u003eTheir \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-ahmed-kamal.html\" rel=\"nofollow\"\u003esecond\u003c/a\u003e trip report is from Ahmed Kamal, who flew in all the way from Egypt\u003c/li\u003e\n\u003cli\u003eA bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum\u0026#39;s about MINIX and NetBSD\u003c/li\u003e\n\u003cli\u003eThere are also two more wrap-ups from \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-zbigniew-bodek.html\" rel=\"nofollow\"\u003eZbigniew Bodek\u003c/a\u003e and \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-vsevolod-stakhov.html\" rel=\"nofollow\"\u003eVsevolod Stakhov\u003c/a\u003e, so you\u0026#39;ve got plenty to read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html\" rel=\"nofollow\"\u003eOpenBSD from a veteran Linux user perspective\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time\u003c/li\u003e\n\u003cli\u003e\u0026quot;For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an \u0026#39;old-school\u0026#39; Linux admin, and I\u0026#39;ve felt out of place with the latest changes on the system administration.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe post is a collection of his thoughts about what\u0026#39;s different between Linux and BSD, what surprised him as a beginner - admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags\u003c/li\u003e\n\u003cli\u003eOne of the things that surprised him (in a positive way) was the documentation: \u0026quot;OpenBSD\u0026#39;s man pages are so nice that RTFMing somebody on the internet is not condescending but selfless.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe also goes through some of the basics, installing and updating software, following different branches\u003c/li\u003e\n\u003cli\u003eIt concludes with \u0026quot;If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sysconfig.org.uk/freebsd-on-the-desktop-am-i-crazy.html\" rel=\"nofollow\"\u003eFreeBSD on the desktop, am I crazy\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSimilar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up - this time about FreeBSD on the desktop\u003c/li\u003e\n\u003cli\u003eHe begins with a bit of forewarning for potential Linux switchers: \u0026quot;It certainly wasn\u0026#39;t an easy journey, and I\u0026#39;m tempted to say do not try this at home to anybody who isn\u0026#39;t going to leverage any of FreeBSD\u0026#39;s strong points. Definitely don\u0026#39;t try FreeBSD on the desktop if you haven\u0026#39;t used it on servers or virtual machines before. It\u0026#39;s got less in common with Linux than you might think.\u0026quot;\u003c/li\u003e\n\u003cli\u003eWith that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd\u003c/li\u003e\n\u003cli\u003eThe rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash\u003c/li\u003e\n\u003cli\u003eAlso worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well\u003c/li\u003e\n\u003cli\u003eIn the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netflask.net/ipsec-ikev2-cisco-csr1000v-openiked/\" rel=\"nofollow\"\u003eOpenIKED and Cisco CSR 1000v IPSEC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED\u003c/li\u003e\n\u003cli\u003eWhat kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud\u003c/li\u003e\n\u003cli\u003eThere are lots of details (and example configuration files) for using IKEv2 and OpenBSD\u0026#39;s built-in IKE daemon\u003c/li\u003e\n\u003cli\u003eIt also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that\u0026#39;s afraid to try them… don\u0026#39;t be\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/HardenedBSD/hardenedBSD/commit/bd5cecb4dc7947a5e214fc100834399b4bffdee8\" rel=\"nofollow\"\u003eHardenedBSD improves stack randomization\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area\u003c/li\u003e\n\u003cli\u003eIn their initial implementation, the stack randomization was a random gap - this update makes the base address randomized as well\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re now stacking the new on top of the old as well, with the goal being even more entropy\u003c/li\u003e\n\u003cli\u003eThis change triggered an ABI and API incompatibility, so their major version has been bumped\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-announce/2015-July/000121.html\" rel=\"nofollow\"\u003eOpenSSH 6.9 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes\u003c/li\u003e\n\u003cli\u003eThere are a couple new things though - the \u0026quot;AuthorizedKeysCommand\u0026quot; config option now takes custom arguments\u003c/li\u003e\n\u003cli\u003eOne very notable change is that \u003cstrong\u003ethe default cipher has changed\u003c/strong\u003e as of this release\u003c/li\u003e\n\u003cli\u003eThe traditional pairing of AES128 in counter mode with MD5 HMAC has been \u003cem\u003ereplaced\u003c/em\u003e by the ever-trendy ChaCha20-Poly1305 combo\u003c/li\u003e\n\u003cli\u003eTheir next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to \u0026quot;no\u0026quot; by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they\u0026#39;re under 1024 bits\u003c/li\u003e\n\u003cli\u003eMany small bugs fixes and improvements were also made, so check the announcement for everything else\u003c/li\u003e\n\u003cli\u003eThe native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Ws6Y2rZy\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21GvZ5xbs\" rel=\"nofollow\"\u003eMason writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s209TrPK4e\" rel=\"nofollow\"\u003eJochen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21TQjUjxv\" rel=\"nofollow\"\u003eSimon writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He'll tell us what makes these old (and often forgotten) machines so interesting. As usual, we've also got answers to your emails and all this week's news on BSD Now - the place to B.. SD.","date_published":"2015-07-01T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a1813e16-466a-4617-9bb0-24dbdc1cb5f2.mp3","mime_type":"audio/mpeg","size_in_bytes":52701844,"duration_in_seconds":4391}]},{"id":"e712bc93-a45f-45ce-9d3a-e58ee627200c","title":"95: Bitrot Group Therapy","url":"https://www.bsdnow.tv/95","content_text":"This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMore BSDCan 2015 videos\n\n\nAlmost as if we said it would happen last week, more BSD-related presentation videos have been uploaded\nAlexander Motin, Feature-rich and fast SCSI target with CTL and ZFS\nDaichi Goto, FreeBSD for High Density Servers\nKen Moore, Lumina-DE\nKevin Bowling, FreeBSD Operations at Limelight Networks\nMaciej Pasternacki, Jetpack, a container runtime for FreeBSD\nRay Percival, Networking with OpenBSD in a virtualized environment\nReyk Floeter, Introducing OpenBSD's new httpd\nStill more to come, hopefully\n***\n\n\nOpenBSD httpd rewrite support\n\n\nOne of the most-requested features of OpenBSD's new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite support\nThere were concerns about regex code being too complicated and potentially allowing another attack surface, so that was out\nInstead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindings\nIn the mailing list post, he shows an example of how to use it for redirects and provides the diff if you'd like to give it a try now\nIt's since been committed to -current, so you can try it out with a snapshot too\n***\n\n\nSSH 2FA on FreeBSD\n\n\nWe've discussed different ways to lock down SSH access to your BSD boxes before - use keys instead of passwords, whitelist IPs, or even use two-factor authentication\nThis article serves as a sort of \"roundup\" on different methods to set up two-factor authentication on FreeBSD\nIt touches on key pairs with a server-side password, google authenticator and a few other variations\nWhile the article is focused on FreeBSD, a lot of it can be easily applied to the others too\nOpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems\n***\n\n\nNetBSD 7.0-RC1 released\n\n\nNetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (11 months ago)\nSome of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1\nThey're looking for as much testing as possible, so give it a try and report your findings to the release engineering team\n***\n\n\nInterview - Sean Chittenden - seanc@freebsd.org / @seanchittenden\n\nFreeBSD at Groupon, ZFS\n\n\n\nNews Roundup\n\nOpenSMTPD and Dovecot\n\n\nWe've covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the last\nThis blog post about it has something not mentioned before: virtual domains and virtual users\nThis means you can easily have \"user1@domain.com\" and \"user2@otherdomain.com\" both go to a local user on the box (or a different third address)\nIt also covers SSL certificates, blocking spam and setting up IMAP access, the usual\nNow might also be a good time to test out OpenSMTPD 5.7.1-rc1, which we'll cover in more detail when it's released...\n***\n\n\nOctoPkg, a QT frontend to pkgng\n\n\nA PC-BSD user has begun porting over a graphical package management utility from Arch linux called Octopi\nObviously, it needed to be rewritten to use FreeBSD's pkg system instead of pacman\nThere are some basic instructions on how to get it built and running on the github page\nAfter some testing, it'll likely make its way to the FreeBSD ports tree\nTools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over\n***\n\n\nAFL vs. mandoc, a quantitative analysis\n\n\nIngo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFL\nIt's meant to be accompanying material to his BSDCan talk, which already covered nine topics\nmandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying input\nThe article breaks down the 45 different bugs that were found, based on their root cause\nIf you're interested in secure coding practices, this'll be a great one to read\n***\n\n\nOpenZFS conference videos\n\n\nVideos from the second OpenZFS conference have just started to show up\nThe first talk is by, you guessed it, Matt Ahrens\nIn it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked on\nThere are also videos from Nexenta and HGST, talking about how they use and contribute to OpenZFS\n***\n\n\nFeedback/Questions\n\n\nBryson writes in\nKevin writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be talking some ZFS with Sean Chittenden. He\u0026#39;s been using it on FreeBSD at Groupon, and has some interesting stories about how it\u0026#39;s saved his data. Answers to your emails and all of this week\u0026#39;s headlines, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2015/schedule/\" rel=\"nofollow\"\u003eMore BSDCan 2015 videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlmost as if we said it would happen last week, more BSD-related presentation videos have been uploaded\u003c/li\u003e\n\u003cli\u003eAlexander Motin, \u003ca href=\"https://www.youtube.com/watch?v=lBE4BfxVDQc\" rel=\"nofollow\"\u003eFeature-rich and fast SCSI target with CTL and ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDaichi Goto, \u003ca href=\"https://www.youtube.com/watch?v=r2BoQ70bwK4\" rel=\"nofollow\"\u003eFreeBSD for High Density Servers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKen Moore, \u003ca href=\"https://www.youtube.com/watch?v=Qh_YK9y4_Os\" rel=\"nofollow\"\u003eLumina-DE\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKevin Bowling, \u003ca href=\"https://www.youtube.com/watch?v=4l2rlRjkGhk\" rel=\"nofollow\"\u003eFreeBSD Operations at\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=K1-ZyiY5z48\" rel=\"nofollow\"\u003eLimelight Networks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMaciej Pasternacki, \u003ca href=\"https://www.youtube.com/watch?v=8phbsAhJ-9w\" rel=\"nofollow\"\u003eJetpack, a container\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=kJ74mgkzLxc\" rel=\"nofollow\"\u003eruntime for FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRay Percival, \u003ca href=\"https://www.youtube.com/watch?v=gx5FILdSp2w\" rel=\"nofollow\"\u003eNetworking with OpenBSD in a virtualized environment\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReyk Floeter, \u003ca href=\"https://www.youtube.com/watch?v=DV1-EfdIp8I\" rel=\"nofollow\"\u003eIntroducing OpenBSD\u0026#39;s\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=_v0lI6qDWFs\" rel=\"nofollow\"\u003enew httpd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStill more to come, hopefully\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143480475721221\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD httpd rewrite support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the most-requested features of OpenBSD\u0026#39;s new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite support\u003c/li\u003e\n\u003cli\u003eThere were concerns about regex code being too complicated and potentially allowing another attack surface, so that was out\u003c/li\u003e\n\u003cli\u003eInstead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindings\u003c/li\u003e\n\u003cli\u003eIn the mailing list post, he shows an example of how to use it for redirects and provides \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143489473103114\u0026w=2\" rel=\"nofollow\"\u003ethe diff\u003c/a\u003e if you\u0026#39;d like to give it a try now\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s since \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143507301715409\u0026w=2\" rel=\"nofollow\"\u003ebeen committed\u003c/a\u003e to -current, so you can try it out with a snapshot too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sysconfig.org.uk/two-factor-authentication-with-ssh.html\" rel=\"nofollow\"\u003eSSH 2FA on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve discussed different ways to lock down SSH access to your BSD boxes before - use keys instead of passwords, whitelist IPs, or even use two-factor authentication\u003c/li\u003e\n\u003cli\u003eThis article serves as a sort of \u0026quot;roundup\u0026quot; on different methods to set up two-factor authentication on FreeBSD\u003c/li\u003e\n\u003cli\u003eIt touches on key pairs with a server-side password, google authenticator and a few other variations\u003c/li\u003e\n\u003cli\u003eWhile the article is focused on FreeBSD, a lot of it can be easily applied to the others too\u003c/li\u003e\n\u003cli\u003eOpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_7_0_rc1_binaries\" rel=\"nofollow\"\u003eNetBSD 7.0-RC1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (\u003ca href=\"http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv\" rel=\"nofollow\"\u003e11 months ago\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSome of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re looking for as much testing as possible, so give it a try and report your findings to the release engineering team\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Sean Chittenden - \u003ca href=\"mailto:seanc@freebsd.org\" rel=\"nofollow\"\u003eseanc@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/seanchittenden\" rel=\"nofollow\"\u003e@seanchittenden\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD at Groupon, ZFS\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tumfatig.net/20150620/opensmtpd-and-dovecot-on-openbsd-5-7/\" rel=\"nofollow\"\u003eOpenSMTPD and Dovecot\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the last\u003c/li\u003e\n\u003cli\u003eThis blog post about it has something not mentioned before: virtual domains and virtual users\u003c/li\u003e\n\u003cli\u003eThis means you can easily have \u0026quot;\u003ca href=\"mailto:user1@domain.com\" rel=\"nofollow\"\u003euser1@domain.com\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"mailto:user2@otherdomain.com\" rel=\"nofollow\"\u003euser2@otherdomain.com\u003c/a\u003e\u0026quot; both go to a local user on the box (or a different third address)\u003c/li\u003e\n\u003cli\u003eIt also covers SSL certificates, blocking spam and setting up IMAP access, the usual\u003c/li\u003e\n\u003cli\u003eNow might also be a good time to test out OpenSMTPD \u003ca href=\"https://www.mail-archive.com/misc@opensmtpd.org/msg02177.html\" rel=\"nofollow\"\u003e5.7.1-rc1\u003c/a\u003e, which we\u0026#39;ll cover in more detail when it\u0026#39;s released...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/aarnt/octopkg\" rel=\"nofollow\"\u003eOctoPkg, a QT frontend to pkgng\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA PC-BSD user has begun porting over a graphical package management utility from Arch linux called \u003ca href=\"https://octopiproject.wordpress.com/about/\" rel=\"nofollow\"\u003eOctopi\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eObviously, it needed to be rewritten to use FreeBSD\u0026#39;s pkg system instead of pacman\u003c/li\u003e\n\u003cli\u003eThere are some basic instructions on how to get it built and running on the github page\u003c/li\u003e\n\u003cli\u003eAfter some testing, it\u0026#39;ll likely make its way to the FreeBSD ports tree\u003c/li\u003e\n\u003cli\u003eTools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150619071929\" rel=\"nofollow\"\u003eAFL vs. mandoc, a quantitative analysis\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIngo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFL\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s meant to be accompanying material to his BSDCan talk, which already covered nine topics\u003c/li\u003e\n\u003cli\u003emandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying input\u003c/li\u003e\n\u003cli\u003eThe article breaks down the 45 different bugs that were found, based on their root cause\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in secure coding practices, this\u0026#39;ll be a great one to read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/playlist?list=PLaUVvul17xScvtic0SPoks2MlQleyejks\" rel=\"nofollow\"\u003eOpenZFS conference videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVideos from the second OpenZFS conference have just started to show up\u003c/li\u003e\n\u003cli\u003eThe first talk is by, you guessed it, Matt Ahrens\u003c/li\u003e\n\u003cli\u003eIn it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked on\u003c/li\u003e\n\u003cli\u003eThere are also videos \u003ca href=\"https://www.youtube.com/watch?v=5ciV4z7WWmo\" rel=\"nofollow\"\u003efrom Nexenta\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=a2lnMxMUxyc\" rel=\"nofollow\"\u003eand HGST\u003c/a\u003e, talking about how they use and contribute to OpenZFS\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2FqJfmeK3\" rel=\"nofollow\"\u003eBryson writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20erRHahQ\" rel=\"nofollow\"\u003eKevin writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.","date_published":"2015-06-24T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e712bc93-a45f-45ce-9d3a-e58ee627200c.mp3","mime_type":"audio/mpeg","size_in_bytes":54443956,"duration_in_seconds":4536}]},{"id":"62d29419-94fa-4252-89a9-581546c7e61d","title":"94: Builder's Insurance","url":"https://www.bsdnow.tv/94","content_text":"This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan 2015 videos\n\n\nBSDCan just ended last week, but some of the BSD-related presentation videos are already online\nAllan Jude, UCL for FreeBSD\nAndrew Cagney, What happens when a dwarf and a daemon start dancing by the light of the silvery moon?\nAndy Tanenbaum, A reimplementation of NetBSD using a MicroKernel\nBrooks Davis, CheriBSD: A research fork of FreeBSD\nGiuseppe Lettieri, Even faster VM networking with virtual passthrough\nJoseph Mingrone, Molecular Evolution, Genomic Analysis and FreeBSD\nOlivier Cochard-Labbe, Large-scale plug\u0026amp;play x86 network appliance deployment over Internet\nPeter Hessler, Using routing domains / routing tables in a production network\nRyan Lortie, a stitch in time: jhbuild\nTed Unangst, signify: Securing OpenBSD From Us To You\nMany more still to come...\n***\n\n\nDocumenting my BSD experience\n\n\nIncreasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try\n\"That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in.\"\nIn this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks\nThe first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)\nYou get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into\nHe's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon\nHis second post explores replacing the firewall on his self-described \"over complicated home network\" with an OpenBSD box\nAfter going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing\nAll the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand\nGetting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve\n***\n\n\nPC-BSD tries HardenedBSD builds\n\n\nThe PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated\nThey're not the first major FreeBSD-based project to offer an alternate build - OPNsense did that a few weeks ago - but this might open the door for more projects to give it a try as well\nWith Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't have\nTime will tell if more projects and products like FreeNAS might be interested too\n***\n\n\nC-states in OpenBSD\n\n\nPeople who run BSD on their notebooks, you'll want to pay attention to this one\nOpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power mode\nAccording to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life\nIf you're running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings\n***\n\n\nNetBSD at Open Source Conference 2015 Hokkaido\n\n\nThe Japanese NetBSD users group never sleeps, and they've hit yet another open source conference\nAs is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)\nWe'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms\n***\n\n\nInterview - Marc Espie - espie@openbsd.org / @espie_openbsd\n\nRecent improvements to OpenBSD's dpb tool\n\n\n\nNews Roundup\n\nIntroducing xhyve, bhyve on OS X\n\n\nWe've talked about FreeBSD's \"bhyve\" hypervisor a lot on the show, and now it's been ported to another OS\nAs the name \"xhyve\" might imply, it's a port of bhyve to Mac OS X \nCurrently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future\nIt runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer\nThere are also a few examples on how to use it\n***\n\n\n4K displays on DragonFlyBSD\n\n\nIf you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fine\nMatthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas\nSome GUI applications might look weird on such a huge resolution, \nHDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience\n***\n\n\nSandboxing port daemons on OpenBSD\n\n\nWe talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatment\nThis blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn't chroot by default\nIt goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it\nWith a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots\n***\n\n\nSmallWall 1.8.2 released\n\n\nSmallWall is a relatively new BSD-based project that we've never covered before\nIt's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits\nThey've just released the first official version, so you can give it a try now\nIf you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks...\n***\n\n\nFeedback/Questions\n\n\nDavid writes in\nBrian writes in\nDan writes in\nJoel writes in\nSteve writes in\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ll be chatting with Marc Espie. He\u0026#39;s recently added some additional security measures to dpb, OpenBSD\u0026#39;s package building tool, and we\u0026#39;ll find out why they\u0026#39;re so important. We\u0026#39;ve also got all this week\u0026#39;s news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2015/schedule/\" rel=\"nofollow\"\u003eBSDCan 2015 videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDCan just ended last week, but some of the BSD-related presentation videos are already online\u003c/li\u003e\n\u003cli\u003eAllan Jude, \u003ca href=\"https://www.youtube.com/watch?v=8l6bhKIDecg\" rel=\"nofollow\"\u003eUCL for FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAndrew Cagney, \u003ca href=\"https://www.youtube.com/watch?v=XDIcD4LR5HE\" rel=\"nofollow\"\u003eWhat happens when a dwarf and a daemon start dancing by the light of the silvery moon?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAndy Tanenbaum, \u003ca href=\"https://www.youtube.com/watch?v=0pebP891V0c\" rel=\"nofollow\"\u003eA reimplementation of NetBSD\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=Bu1JuwVfYTc\" rel=\"nofollow\"\u003eusing a MicroKernel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBrooks Davis, \u003ca href=\"https://www.youtube.com/watch?v=DwCg-51vFAs\" rel=\"nofollow\"\u003eCheriBSD: A research fork of FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGiuseppe Lettieri, \u003ca href=\"https://www.youtube.com/watch?v=Lo6wDCapo4k\" rel=\"nofollow\"\u003eEven faster VM networking with virtual passthrough\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJoseph Mingrone, \u003ca href=\"https://www.youtube.com/watch?v=K2pnf1YcMTY\" rel=\"nofollow\"\u003eMolecular Evolution, Genomic Analysis and FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOlivier Cochard-Labbe, \u003ca href=\"https://www.youtube.com/watch?v=6jhSvdnu4k0\" rel=\"nofollow\"\u003eLarge-scale plug\u0026amp;play x86 network appliance deployment over Internet\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePeter Hessler, \u003ca href=\"https://www.youtube.com/watch?v=BizrC8Zr-YY\" rel=\"nofollow\"\u003eUsing routing domains / routing tables in a production network\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRyan Lortie, \u003ca href=\"https://www.youtube.com/watch?v=YSVFnM3_2Ik\" rel=\"nofollow\"\u003ea stitch in time: jhbuild\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTed Unangst, \u003ca href=\"https://www.youtube.com/watch?v=9R5s3l-0wh0\" rel=\"nofollow\"\u003esignify: Securing OpenBSD From Us To You\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMany more still to come...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pid1.com/posts/post1.html\" rel=\"nofollow\"\u003eDocumenting my BSD experience\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIncreasingly common scenario: a long-time Linux user (since the mid-90s) decides it\u0026#39;s finally time to give BSD a try\u003c/li\u003e\n\u003cli\u003e\u0026quot;That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIn this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks\u003c/li\u003e\n\u003cli\u003eThe first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you\u0026#39;re into that)\u003c/li\u003e\n\u003cli\u003eYou get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon\u003c/li\u003e\n\u003cli\u003eHis \u003ca href=\"http://pid1.com/posts/post2.html\" rel=\"nofollow\"\u003esecond post\u003c/a\u003e explores replacing the firewall on his self-described \u0026quot;over complicated home network\u0026quot; with an OpenBSD box\u003c/li\u003e\n\u003cli\u003eAfter going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing\u003c/li\u003e\n\u003cli\u003eAll the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand\u003c/li\u003e\n\u003cli\u003eGetting to hear experiences like this are very important - they show areas where all the BSD developers\u0026#39; hard work has paid off, but can also let us know where we need to improve\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/pcbsd/hardenedBSD-stable\" rel=\"nofollow\"\u003ePC-BSD tries HardenedBSD builds\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re not the first major FreeBSD-based project to offer an alternate build - OPNsense \u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2015-05-08/hardenedbsd-teams-opnsense\" rel=\"nofollow\"\u003edid that\u003c/a\u003e a few weeks ago - but this might open the door for more projects to give it a try as well\u003c/li\u003e\n\u003cli\u003eWith Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won\u0026#39;t have\u003c/li\u003e\n\u003cli\u003eTime will tell if more projects and products like FreeNAS might be interested too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143423172522625\u0026w=2\" rel=\"nofollow\"\u003eC-states in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeople who run BSD on their notebooks, you\u0026#39;ll want to pay attention to this one\u003c/li\u003e\n\u003cli\u003eOpenBSD has recently committed some ACPI improvements for \u003ca href=\"http://www.hardwaresecrets.com/article/Everything-You-Need-to-Know-About-the-CPU-C-States-Power-Saving-Modes/611\" rel=\"nofollow\"\u003edeep C-states\u003c/a\u003e, enabling the processor to enter a low-power mode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/StevenUniq/status/610586711358316545\" rel=\"nofollow\"\u003eAccording\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=143430996602802\u0026w=2\" rel=\"nofollow\"\u003eto a\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=143429914700826\u0026w=2\" rel=\"nofollow\"\u003efew users\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=143425943026225\u0026w=2\" rel=\"nofollow\"\u003eso far\u003c/a\u003e, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re running OpenBSD -current on a laptop, try out the latest snapshot and \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=143423391222952\u0026w=2\" rel=\"nofollow\"\u003ereport back\u003c/a\u003e with your findings\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/06/13/msg000687.html\" rel=\"nofollow\"\u003eNetBSD at Open Source Conference 2015 Hokkaido\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Japanese NetBSD users group never sleeps, and they\u0026#39;ve hit yet another open source conference\u003c/li\u003e\n\u003cli\u003eAs is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Marc Espie - \u003ca href=\"mailto:espie@openbsd.org\" rel=\"nofollow\"\u003eespie@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/espie_openbsd\" rel=\"nofollow\"\u003e@espie_openbsd\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-ports\u0026m=143051151521627\u0026w=2\" rel=\"nofollow\"\u003eRecent\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-ports\u0026m=143151777209226\u0026w=2\" rel=\"nofollow\"\u003eimprovements\u003c/a\u003e to OpenBSD\u0026#39;s \u003ca href=\"http://www.bsdnow.tv/tutorials/dpb\" rel=\"nofollow\"\u003edpb\u003c/a\u003e tool\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/mist64/xhyve/blob/master/README.md\" rel=\"nofollow\"\u003eIntroducing xhyve, bhyve on OS X\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked about FreeBSD\u0026#39;s \u0026quot;bhyve\u0026quot; hypervisor a lot on the show, and now it\u0026#39;s been ported to another OS\u003c/li\u003e\n\u003cli\u003eAs the name \u0026quot;xhyve\u0026quot; might imply, it\u0026#39;s a port of bhyve to Mac OS X \u003c/li\u003e\n\u003cli\u003eCurrently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future\u003c/li\u003e\n\u003cli\u003eIt runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer\u003c/li\u003e\n\u003cli\u003eThere are also \u003ca href=\"http://www.pagetable.com/?p=831\" rel=\"nofollow\"\u003ea few examples\u003c/a\u003e on how to use it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/docs/newhandbook/docs/newhandbook/4KDisplays/\" rel=\"nofollow\"\u003e4K displays on DragonFlyBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you\u0026#39;ll be pleased to know that 4K displays work just fine\u003c/li\u003e\n\u003cli\u003eMatthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas\u003c/li\u003e\n\u003cli\u003eSome GUI applications might look weird on such a huge resolution, \u003c/li\u003e\n\u003cli\u003eHDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://coderinaworldofcode.blogspot.com/2015/06/chrooting-mumble-server-on-openbsd.html\" rel=\"nofollow\"\u003eSandboxing port daemons on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD\u0026#39;s base as chrooted by default - things from ports or packages don\u0026#39;t always get the same treatment\u003c/li\u003e\n\u003cli\u003eThis blog post uses a mumble server as an example, but you can apply it to \u003cem\u003eany\u003c/em\u003e service from ports that doesn\u0026#39;t chroot by default\u003c/li\u003e\n\u003cli\u003eIt goes through the process of manually building a sandbox with all the libraries you\u0026#39;ll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it\u003c/li\u003e\n\u003cli\u003eWith a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://smallwall.freeforums.net/thread/44/version-1-8-2-released\" rel=\"nofollow\"\u003eSmallWall 1.8.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSmallWall is a relatively new BSD-based project that we\u0026#39;ve never covered before\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve just released \u003ca href=\"http://www.smallwall.org/download.html\" rel=\"nofollow\"\u003ethe first official version\u003c/a\u003e, so you can give it a try now\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21gRTNnk7\" rel=\"nofollow\"\u003eDavid writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2DdiMvELg\" rel=\"nofollow\"\u003eBrian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2h4ZS6SMd\" rel=\"nofollow\"\u003eDan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20kA1jeXY\" rel=\"nofollow\"\u003eJoel writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2wJ9HP1bs\" rel=\"nofollow\"\u003eSteve writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.","date_published":"2015-06-17T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/62d29419-94fa-4252-89a9-581546c7e61d.mp3","mime_type":"audio/mpeg","size_in_bytes":61384180,"duration_in_seconds":5115}]},{"id":"68a32090-b775-42f2-a1e5-50b8189800fa","title":"93: Stacked in Our Favor","url":"https://www.bsdnow.tv/93","content_text":"We're at BSDCan this week, but fear not! We've got a great interview with Sepherosa Ziehau, a DragonFly developer, about their network stack. After that, we'll be discussing different methods of containment and privilege separation. Assuming no polar bears eat us, we'll be back next week with more BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Sepherosa Ziehau - sephe@dragonflybsd.org\n\nFeatures of DragonFlyBSD's network stack\n\n\n\nDiscussion\n\nComparing containment methods and privilege separation\n\n\nchroot, jails, systrace, capsicum, filesystem permissions, separating users\n***\n\n\nFeedback/Questions\n\n\nBrad writes in\nAnonymous writes in\nBenjamin writes in\nJeroen writes in\n***\n","content_html":"\u003cp\u003eWe\u0026#39;re at BSDCan this week, but fear not! We\u0026#39;ve got a great interview with Sepherosa Ziehau, a DragonFly developer, about their network stack. After that, we\u0026#39;ll be discussing different methods of containment and privilege separation. Assuming no polar bears eat us, we\u0026#39;ll be back next week with more BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Sepherosa Ziehau - \u003ca href=\"mailto:sephe@dragonflybsd.org\" rel=\"nofollow\"\u003esephe@dragonflybsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFeatures of DragonFlyBSD\u0026#39;s network stack\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eDiscussion\u003c/h2\u003e\n\n\u003ch3\u003eComparing containment methods and privilege separation\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003echroot, jails, systrace, capsicum, filesystem permissions, separating users\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2GjCsGPef\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21jj3QgTj\" rel=\"nofollow\"\u003eAnonymous writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2irrhYfPT\" rel=\"nofollow\"\u003eBenjamin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21gtuqXAe\" rel=\"nofollow\"\u003eJeroen writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We're at BSDCan this week, but fear not! We've got a great interview with Sepherosa Ziehau, a DragonFly developer, about their network stack. After that, we'll be discussing different methods of containment and privilege separation. Assuming no polar bears eat us, we'll be back next week with more BSD Now - the place to B.. SD.","date_published":"2015-06-10T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/68a32090-b775-42f2-a1e5-50b8189800fa.mp3","mime_type":"audio/mpeg","size_in_bytes":49138996,"duration_in_seconds":4094}]},{"id":"9d0d8811-2914-45e0-a34f-9638d2c4e761","title":"92: BSD After Midnight","url":"https://www.bsdnow.tv/92","content_text":"Coming up this week, we'll be chatting with Lucas Holt, founder of MidnightBSD. It's a slightly lesser-known fork of FreeBSD, with a focus on easy desktop use. We'll find out what's different about it and why it was created. Answers to your emails and all this week's news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nZocker, it's like docker on FreeBSD\n\n\nContainment is always a hot topic, and docker has gotten a lot of hype in Linux land in the last couple years - they're working on native FreeBSD support at the moment\nThis blog post is about a docker-like script, mainly for ease-of-use, that uses only jails and ZFS in the base system\nIn total, it's 1,500 lines of shell script\nThe post goes through the process of using the tool, showing off all the subcommands and explaining the configuration\nIn contrast to something like ezjail, Zocker utilizes the jail.conf system in the 10.x branch\n***\n\n\nPatrol Read in OpenBSD\n\n\nOpenBSD has recently imported some new code to support the Patrol Read function of some RAID controllers\nIn a nutshell, Patrol Read is a function that lets you check the health of your drives in the background, similar to a zpool \"scrub\" operation\nThe goal is to protect file integrity by detecting drive failures before they can damage your data\nIt detects bad blocks and prevents silent data corruption, while marking any bad sectors it finds\n***\n\n\nHAMMER 2 improvements\n\n\nDragonFly BSD has been working on the second generation HAMMER FS\nIt now uses LZ4 compression by default, which we've been big fans of in ZFS\nThey've also switched to a faster CRC algorithm, further improving HAMMER's performance, especially when using iSCSI\n***\n\n\nFreeBSD foundation May update\n\n\nThe FreeBSD foundation has published another update newsletter, detailing some of the things they've been up to lately\nIn it, you'll find some development status updates: notably more ARM64 work and the addition of 64 bit Linux emulation\nSome improvements were also made to FreeBSD's release building process for non-X86 architectures\nThere's also an AsiaBSDCon recap that covers some of the presentations and the dev events\nThey also have an accompanying blog post where Glen Barber talks about more sysadmin and clusteradm work at NYI\n***\n\n\nInterview - Lucas Holt - questions@midnightbsd.org / @midnightbsd\n\nMidnightBSD\n\n\n\nNews Roundup\n\nThe launchd on train is never coming\n\n\nReplacement of init systems has been quite controversial in the last few years\nFortunately, the BSDs have avoided most of that conflict thus far, but there have been a few efforts made to port launchd from OS X\nThis blog post details the author's opinion on why he thinks we're never going to have launchd in any of the BSDs\nEmail us your thoughts on the matter\n***\n\n\nNative SSH comes to… Windows\n\n\nIn what may be the first (and last) mention of Microsoft on BSD Now...\nThey've just recently announced that PowerShell will get native SSH support in the near future\nIt's not based on the commercial SSH either, it's the same one from OpenBSD that we already use everywhere\nUp until now, interacting between BSD and Windows has required something like PuTTY, WinSCP, FileZilla or Cygwin - most of which are based on really outdated versions\nThe announcement also promises that they'll be working with the OpenSSH community, so we'll see how many Microsoft-submitted patches make it upstream (or how many donations they make)\n***\n\n\nMoving to FreeBSD\n\n\nThis blog post describes a long-time Linux user's first BSD switching experience\nThe author first talks about his Linux journey, eventually coming to love the more customization-friendly systems, but the journey ended with systemd\nAfter doing a bit of research, he gave FreeBSD a try and ended up liking it - the rest of the post mostly covers why that is\nHe also plans to write about his experience with other BSDs, and is writing some tutorials too - we'll check in with him again later on\n***\n\n\nFeedback/Questions\n\n\nAdam writes in\nDan writes in\nIvan writes in\nJosh writes in\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be chatting with Lucas Holt, founder of MidnightBSD. It\u0026#39;s a slightly lesser-known fork of FreeBSD, with a focus on easy desktop use. We\u0026#39;ll find out what\u0026#39;s different about it and why it was created. Answers to your emails and all this week\u0026#39;s news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://toni.yweb.fi/2015/05/zocker-diy-docker-on-freebsd.html\" rel=\"nofollow\"\u003eZocker, it\u0026#39;s like docker on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eContainment is always a hot topic, and docker has gotten a lot of hype in Linux land in the last couple years - they\u0026#39;re working on native FreeBSD support at the moment\u003c/li\u003e\n\u003cli\u003eThis blog post is about a docker-\u003cem\u003elike\u003c/em\u003e script, mainly for ease-of-use, that uses only jails and ZFS in the base system\u003c/li\u003e\n\u003cli\u003eIn total, it\u0026#39;s \u003ca href=\"https://github.com/toddnni/zocker\" rel=\"nofollow\"\u003e1,500 lines of shell script\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe post goes through the process of using the tool, showing off all the subcommands and explaining the configuration\u003c/li\u003e\n\u003cli\u003eIn contrast to something like ezjail, Zocker utilizes the jail.conf system in the 10.x branch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143285964216970\u0026w=4\" rel=\"nofollow\"\u003ePatrol Read in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has recently imported some new code to support the \u003ca href=\"http://www.intel.com/support/motherboards/server/sb/CS-028742.htm\" rel=\"nofollow\"\u003ePatrol Read\u003c/a\u003e function of some RAID controllers\u003c/li\u003e\n\u003cli\u003eIn a nutshell, Patrol Read is a function that lets you check the health of your drives in the background, similar to a zpool \u0026quot;scrub\u0026quot; operation\u003c/li\u003e\n\u003cli\u003eThe goal is to protect file integrity by detecting drive failures before they can damage your data\u003c/li\u003e\n\u003cli\u003eIt detects bad blocks and prevents silent data corruption, while marking any bad sectors it finds\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-May/418653.html\" rel=\"nofollow\"\u003eHAMMER 2 improvements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly BSD has been working on the second generation HAMMER FS\u003c/li\u003e\n\u003cli\u003eIt now uses LZ4 compression by default, which we\u0026#39;ve been big fans of in ZFS\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve also switched to a \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-May/418652.html\" rel=\"nofollow\"\u003efaster CRC\u003c/a\u003e algorithm, further improving HAMMER\u0026#39;s performance, \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-May/418651.html\" rel=\"nofollow\"\u003eespecially\u003c/a\u003e when using iSCSI\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2015mayupdate.pdf\" rel=\"nofollow\"\u003eFreeBSD foundation May update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has published another update newsletter, detailing some of the things they\u0026#39;ve been up to lately\u003c/li\u003e\n\u003cli\u003eIn it, you\u0026#39;ll find some development status updates: notably more ARM64 work and the addition of 64 bit Linux emulation\u003c/li\u003e\n\u003cli\u003eSome improvements were also made to FreeBSD\u0026#39;s release building process for non-X86 architectures\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also an AsiaBSDCon recap that covers some of the presentations and the dev events\u003c/li\u003e\n\u003cli\u003eThey also have an accompanying \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/05/another-data-center-site-visit-nyi.html\" rel=\"nofollow\"\u003eblog post\u003c/a\u003e where Glen Barber talks about more sysadmin and clusteradm work at NYI\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Lucas Holt - \u003ca href=\"mailto:questions@midnightbsd.org\" rel=\"nofollow\"\u003equestions@midnightbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/midnightbsd\" rel=\"nofollow\"\u003e@midnightbsd\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eMidnightBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/launchd-on-bsd.html\" rel=\"nofollow\"\u003eThe launchd on train is never coming\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eReplacement of init systems has been quite controversial in the last few years\u003c/li\u003e\n\u003cli\u003eFortunately, the BSDs have avoided most of that conflict thus far, but there have been a few efforts made to port \u003ca href=\"https://en.wikipedia.org/wiki/Launchd\" rel=\"nofollow\"\u003elaunchd from OS X\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis blog post details the author\u0026#39;s opinion on why he thinks we\u0026#39;re never going to have launchd in any of the BSDs\u003c/li\u003e\n\u003cli\u003eEmail us your thoughts on the matter\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.msdn.com/b/looking_forward_microsoft__support_for_secure_shell_ssh1/archive/2015/06/02/managing-looking-forward-microsoft-support-for-secure-shell-ssh.aspx\" rel=\"nofollow\"\u003eNative SSH comes to… Windows\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn what may be the first (and last) mention of Microsoft on BSD Now...\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve just recently announced that PowerShell will get native SSH support in the near future\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s not based on the commercial SSH either, it\u0026#39;s the same one from OpenBSD that we already use everywhere\u003c/li\u003e\n\u003cli\u003eUp until now, interacting between BSD and Windows has required something like PuTTY, WinSCP, FileZilla or Cygwin - most of which are based on really outdated versions\u003c/li\u003e\n\u003cli\u003eThe announcement also promises that they\u0026#39;ll be working with the OpenSSH community, so we\u0026#39;ll see how many Microsoft-submitted patches make it upstream (or how many \u003ca href=\"http://www.openbsdfoundation.org/index.html\" rel=\"nofollow\"\u003edonations\u003c/a\u003e they make)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.textplain.net/blog/2015/moving-to-freebsd/\" rel=\"nofollow\"\u003eMoving to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis blog post describes a long-time Linux user\u0026#39;s first BSD switching experience\u003c/li\u003e\n\u003cli\u003eThe author first talks about his Linux journey, eventually coming to love the more customization-friendly systems, but the journey ended with systemd\u003c/li\u003e\n\u003cli\u003eAfter doing a bit of research, he gave FreeBSD a try and ended up liking it - the rest of the post mostly covers why that is\u003c/li\u003e\n\u003cli\u003eHe also plans to write about his experience with other BSDs, and is writing some tutorials too - we\u0026#39;ll check in with him again later on\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s29hS2cI05\" rel=\"nofollow\"\u003eAdam writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20VRZYBsw\" rel=\"nofollow\"\u003eDan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20bumJ5u9\" rel=\"nofollow\"\u003eIvan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21BU6Pnka\" rel=\"nofollow\"\u003eJosh writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be chatting with Lucas Holt, founder of MidnightBSD. It's a slightly lesser-known fork of FreeBSD, with a focus on easy desktop use. We'll find out what's different about it and why it was created. Answers to your emails and all this week's news, on BSD Now - the place to B.. SD.","date_published":"2015-06-03T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9d0d8811-2914-45e0-a34f-9638d2c4e761.mp3","mime_type":"audio/mpeg","size_in_bytes":48412372,"duration_in_seconds":4034}]},{"id":"fb5f8b6c-3786-48ec-b8ed-0e2d4d62f539","title":"91: Vox Populi","url":"https://www.bsdnow.tv/91","content_text":"This week on the show, we've got something pretty different. We went to a Linux convention and asked various people if they've ever tried BSD and what they know about it. Stay tuned for that, all this week's news and, of course, answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nLUKS in OpenBSD\n\n\nLast week, we were surprised to find out that DragonFlyBSD has support for dm-crypt, sometimes referred to as LUKS (Linux Unified Key Setup)\nIt looks like they might not be the only BSD with support for it for much longer, as OpenBSD is currently reviewing a patch for it as well\nLUKS would presumably be an additional option in OpenBSD's softraid system, which already provides native disk encryption\nSupport hasn't been officially committed yet, it's still going through testing, but the code is there if you want to try it out and report your findings\nIf enabled, this might pave the way for the first (semi-)cross platform encryption scheme since the demise of TrueCrypt (and maybe other BSDs will get it too in time)\n***\n\n\nFreeBSD gets 64bit Linux emulation\n\n\nFor those who might be unfamiliar, FreeBSD has an emulation layer to run Linux-only binaries (as rare as they may be)\nThe most common use case is for desktop users, enabling them to run proprietary applications like Adobe Flash or Skype\nSimilar systems can also be found in NetBSD and OpenBSD (though disabled by default on the latter)\nHowever, until now, it's only supported binaries compiled for the i386 architecture\nThis new update, already committed to -CURRENT, will open some new possibilities that weren't previously possible\nMeanwhile, HardenedBSD considers removing the emulation layer entirely\n***\n\n\nBSD at Open Source Conference 2015 Nagoya\n\n\nWe've covered the Japanese NetBSD users group setting up lots of machines at various conferences in the past, but now they're expanding\nTheir latest report includes many of the NetBSD things you'd expect, but also a couple OpenBSD machines\nSome of the NetBSD ones included a Power Mac G4, SHARP NetWalker, Cubieboard2 and the not-so-foreign Raspberry Pi\nOne new addition of interest is the OMRON LUNA88k, running the luna88k port of OpenBSD\nThere was even an old cell phone running Windows games on NetBSD\nCheck the mailing list post for some links to all of the nice pictures\n***\n\n\nLLVM introduces OpenMP support\n\n\nOne of the things that has kept some people in the GCC camp is the lack of OpenMP support in LLVM\nAccording to the blog post, it \"enables Clang users to harness full power of modern multi-core processors with vector units\"\nWith Clang being the default in FreeBSD, Bitrig and OS X, and with some other BSDs exploring the option of switching, the need for this potential speed boost was definitely there\nThis could also open some doors for more BSD in the area of high performance computing, putting an end to the current Linux monopoly\n***\n\n\nInterview - Eric, FSF, John, Jose, Kris and Stewart\n\nVarious \"man on the street\" style mini-interviews\n\n\n\nNews Roundup\n\nBSD-licensed gettext replacement\n\n\nIf you've ever installed ports on any of the BSDs, you've probably had GNU's gettext pulled in as a dependency\nWikipedia says \"gettext is an internationalization and localization (i18n) system commonly used for writing multilingual programs on Unix-like computer operating systems\"\nA new BSD-licensed rewrite has begun, with the initial version being for NetBSD (but it's likely to be portable)\nIf you've got some coding skills, get involved with the project - the more freely-licensed replacements, the better\n***\n\n\nUnix history git repo\n\n\nA git repository was recently created to show off some Unix source code history\nThe repository contains 659 thousand commits and 2306 merges\nYou can see early 386BSD commits all the way up to some of the more modern FreeBSD code\nIf you want to browse through the giant codebase, it can be a great history lesson\n***\n\n\nPCBSD 10.1.2 and Lumina updates\n\n\nWe mentioned 10.1.1 being released last week (and all the cool features a couple weeks before) but now 10.1.2 is out\nThis minor update contained a few hotfixes: RAID-Z installation, cache and log devices and the text-only installer in UEFI mode\nThere's also a new post on the PCBSD blog about Lumina, answering some frequently asked questions and giving a general status update\n***\n\n\nFeedback/Questions\n\n\nJake writes in\nVan writes in\nAnonymous writes in\nDominik writes in (text answer)\nChris writes in\n***\n\n\nMailing List Gold\n\n\nDeath by chocolate\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ve got something pretty different. We went to a Linux convention and asked various people if they\u0026#39;ve ever tried BSD and what they know about it. Stay tuned for that, all this week\u0026#39;s news and, of course, answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=143247114716771\u0026w=2\" rel=\"nofollow\"\u003eLUKS in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLast week, we were surprised to find out that DragonFlyBSD \u003ca href=\"http://leaf.dragonflybsd.org/cgi/web-man?command=cryptsetup\u0026section=8\" rel=\"nofollow\"\u003ehas support\u003c/a\u003e for \u003ca href=\"https://en.wikipedia.org/wiki/Dm-crypt\" rel=\"nofollow\"\u003edm-crypt\u003c/a\u003e, sometimes referred to as LUKS (\u003ca href=\"https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup\" rel=\"nofollow\"\u003eLinux Unified Key Setup\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIt looks like they might not be the only BSD with support for it for much longer, as OpenBSD is currently reviewing a patch for it as well\u003c/li\u003e\n\u003cli\u003eLUKS would presumably be an additional option in OpenBSD\u0026#39;s \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4\" rel=\"nofollow\"\u003esoftraid\u003c/a\u003e system, which already provides native disk encryption\u003c/li\u003e\n\u003cli\u003eSupport hasn\u0026#39;t been officially committed yet, it\u0026#39;s still going through testing, but the code is there if you want to try it out and report your findings\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIf enabled\u003c/strong\u003e, this might pave the way for the first (semi-)cross platform encryption scheme since the demise of TrueCrypt (and maybe other BSDs will get it too in time)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2015-May/072255.html\" rel=\"nofollow\"\u003eFreeBSD gets 64bit Linux emulation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor those who might be unfamiliar, FreeBSD has an \u003ca href=\"https://www.freebsd.org/doc/handbook/linuxemu.html\" rel=\"nofollow\"\u003eemulation layer\u003c/a\u003e to run Linux-only binaries (as rare as they may be)\u003c/li\u003e\n\u003cli\u003eThe most common use case is for desktop users, enabling them to run proprietary applications like Adobe Flash or Skype\u003c/li\u003e\n\u003cli\u003eSimilar systems can also be found \u003ca href=\"https://www.netbsd.org/docs/guide/en/chap-linux.html\" rel=\"nofollow\"\u003ein NetBSD\u003c/a\u003e \u003ca href=\"http://www.openbsd.org/faq/faq9.html#Interact\" rel=\"nofollow\"\u003eand OpenBSD\u003c/a\u003e (though disabled by default on the latter)\u003c/li\u003e\n\u003cli\u003eHowever, until now, it\u0026#39;s only supported binaries compiled for the i386 architecture\u003c/li\u003e\n\u003cli\u003eThis new update, already committed to -CURRENT, will open some new possibilities that weren\u0026#39;t previously possible\u003c/li\u003e\n\u003cli\u003eMeanwhile, HardenedBSD considers \u003ca href=\"https://hardenedbsd.org/content/poll-linuxulator-removal\" rel=\"nofollow\"\u003eremoving the emulation layer\u003c/a\u003e entirely\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/05/23/msg000686.html\" rel=\"nofollow\"\u003eBSD at Open Source Conference 2015 Nagoya\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve covered the Japanese NetBSD users group setting up lots of machines at various conferences in the past, but now they\u0026#39;re expanding\u003c/li\u003e\n\u003cli\u003eTheir latest report includes many of the NetBSD things you\u0026#39;d expect, but also a couple OpenBSD machines\u003c/li\u003e\n\u003cli\u003eSome of the NetBSD ones included a Power Mac G4, SHARP NetWalker, Cubieboard2 and the not-so-foreign Raspberry Pi\u003c/li\u003e\n\u003cli\u003eOne new addition of interest is the OMRON LUNA88k, running the \u003ca href=\"http://www.openbsd.org/luna88k.html\" rel=\"nofollow\"\u003eluna88k\u003c/a\u003e port of OpenBSD\u003c/li\u003e\n\u003cli\u003eThere was even an old cell phone \u003ca href=\"https://twitter.com/tsutsuii/status/601458973338775553\" rel=\"nofollow\"\u003erunning Windows games\u003c/a\u003e on NetBSD\u003c/li\u003e\n\u003cli\u003eCheck the mailing list post for \u003ca href=\"https://pbs.twimg.com/media/CFrSmztWEAAS2uE.jpg\" rel=\"nofollow\"\u003esome\u003c/a\u003e \u003ca href=\"http://image.movapic.com/pic/m_201505230541335560130d49213.jpeg\" rel=\"nofollow\"\u003elinks\u003c/a\u003e \u003ca href=\"http://image.movapic.com/pic/m_2015052305145455600ccea723a.jpeg\" rel=\"nofollow\"\u003eto\u003c/a\u003e \u003ca href=\"https://pbs.twimg.com/media/CFjPv9_UEAA8iEx.jpg:large\" rel=\"nofollow\"\u003eall\u003c/a\u003e \u003ca href=\"https://pbs.twimg.com/media/CD4k6ZUUMAA0tEM.jpg\" rel=\"nofollow\"\u003eof\u003c/a\u003e \u003ca href=\"https://pbs.twimg.com/media/CFqn1GXUsAAFuro.jpg\" rel=\"nofollow\"\u003ethe\u003c/a\u003e \u003ca href=\"https://pbs.twimg.com/media/CFdIS2IUkAAZvjc.jpg\" rel=\"nofollow\"\u003enice\u003c/a\u003e \u003ca href=\"https://pbs.twimg.com/media/CFf5mToUIAAFrRU.jpg\" rel=\"nofollow\"\u003epictures\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.llvm.org/2015/05/openmp-support_22.html\" rel=\"nofollow\"\u003eLLVM introduces OpenMP support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the things that has kept some people in the GCC camp is the lack of \u003ca href=\"https://en.wikipedia.org/wiki/OpenMP\" rel=\"nofollow\"\u003eOpenMP\u003c/a\u003e support in LLVM\u003c/li\u003e\n\u003cli\u003eAccording to the blog post, it \u0026quot;enables Clang users to harness full power of modern multi-core processors with vector units\u0026quot;\u003c/li\u003e\n\u003cli\u003eWith Clang being the default in FreeBSD, Bitrig and OS X, and with some other BSDs exploring the option of switching, the need for this potential speed boost was definitely there\u003c/li\u003e\n\u003cli\u003eThis could also open some doors for more BSD in the area of high performance computing, putting an end to the current Linux monopoly\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Eric, FSF, John, Jose, Kris and Stewart\u003c/h2\u003e\n\n\u003cp\u003eVarious \u0026quot;man on the street\u0026quot; style mini-interviews\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gitlab.com/worr/libintl/blob/master/src/usr.bin/gettext/gettext.c\" rel=\"nofollow\"\u003eBSD-licensed gettext replacement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve ever installed ports on any of the BSDs, you\u0026#39;ve probably had GNU\u0026#39;s gettext pulled in as a dependency\u003c/li\u003e\n\u003cli\u003eWikipedia says \u0026quot;gettext is an internationalization and localization (i18n) system commonly used for writing multilingual programs on Unix-like computer operating systems\u0026quot;\u003c/li\u003e\n\u003cli\u003eA new BSD-licensed rewrite has begun, with the initial version being for NetBSD (but it\u0026#39;s likely to be portable)\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve got some coding skills, get involved with the project - the more freely-licensed replacements, the better\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/dspinellis/unix-history-repo\" rel=\"nofollow\"\u003eUnix history git repo\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA git repository was recently created to show off some Unix source code history\u003c/li\u003e\n\u003cli\u003eThe repository contains 659 thousand commits and 2306 merges\u003c/li\u003e\n\u003cli\u003eYou can see early 386BSD commits all the way up to some of the more modern FreeBSD code\u003c/li\u003e\n\u003cli\u003eIf you want to browse through the \u003cem\u003egiant\u003c/em\u003e codebase, it can be a great history lesson\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/05/hotfix-release-to-10-1-2-now-available/\" rel=\"nofollow\"\u003ePCBSD 10.1.2 and Lumina updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned 10.1.1 being released last week (and all the cool features a couple weeks before) but now 10.1.2 is out\u003c/li\u003e\n\u003cli\u003eThis minor update contained a few hotfixes: RAID-Z installation, cache and log devices and the text-only installer in UEFI mode\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a \u003ca href=\"http://blog.pcbsd.org/2015/05/lumina-desktop-status-updatefaq/\" rel=\"nofollow\"\u003enew post\u003c/a\u003e on the PCBSD blog about Lumina, answering some frequently asked questions and giving a general status update\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s25h4Biwzq\" rel=\"nofollow\"\u003eJake writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2AF0bGmL6\" rel=\"nofollow\"\u003eVan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Ie1USFD\" rel=\"nofollow\"\u003eAnonymous writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20vBtoKqL\" rel=\"nofollow\"\u003eDominik writes in\u003c/a\u003e (\u003ca href=\"http://slexy.org/view/s20RjbIT5v\" rel=\"nofollow\"\u003etext answer\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20USR3WzT\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-May/033945.html\" rel=\"nofollow\"\u003eDeath by chocolate\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we've got something pretty different. We went to a Linux convention and asked various people if they've ever tried BSD and what they know about it. Stay tuned for that, all this week's news and, of course, answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2015-05-27T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fb5f8b6c-3786-48ec-b8ed-0e2d4d62f539.mp3","mime_type":"audio/mpeg","size_in_bytes":52090996,"duration_in_seconds":4340}]},{"id":"5faad566-284e-4d62-b377-5144cf232cdb","title":"90: ZFS Armistice","url":"https://www.bsdnow.tv/90","content_text":"This time on the show, we'll be chatting with Jed Reynolds about ZFS. He's been using it extensively on a certain other OS, and we can both learn a bit about the other side's implementation. Answers to your questions and all this week's news, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nPlaying with sandboxing\n\n\nSandboxing and privilege separation are popular topics these days - they're the goal of the new \"shill\" scripting language, they're used heavily throughout OpenBSD, and they're gaining traction with the capsicum framework\nThis blog post explores capsicum in FreeBSD, some of its history and where it's used in the base system\nThey also include some code samples so you can verify that capsicum is actually denying the program access to certain system calls\nCheck our interview about capsicum from a while back if you haven't seen it already\n***\n\n\nOpenNTPD on by default\n\n\nOpenBSD has enabled ntpd by default in the installer, rather than prompting the user if they want to turn it on\nIn nearly every case, you're going to want to have your clock synced via NTP\nWith the HTTPS constraints feature also enabled by default, this should keep the time checked and accurate, even against spoofing attacks\nLots of problems can be traced back to the time on one system or another being wrong, so this will also eliminate some of those cases\nFor those who might be curious, they're using the \"pool.ntp.org\" cluster of addresses and google for HTTPS constraints (but these can be easily changed)\n***\n\n\nFreeBSD workshop in Landshut\n\n\nWe mentioned a BSD installfest happening in Germany a few weeks back, and the organizer wrote in with a review of the event\nThe installfest instead became a \"FreeBSD workshop\" session, introducing curious new users to some of the flagship features of the OS\nThey covered when to use UFS or ZFS, firewall options, the release/stable/current branches and finally how to automate installations with Ansible\nIf you're in south Germany and want to give similar introduction talks or Q\u0026amp;A sessions about the other BSDs, get in touch\nWe'll hear more from him about how it went in the feedback section today\n***\n\n\nSwap encryption in DragonFly\n\n\nDoing full disk encryption is very important, but something that people sometimes overlook is encrypting their swap\nThis can actually be more important than the contents of your disks, especially if an unencrypted password or key hits your swap (as it can be recovered quite easily)\nDragonFlyBSD has added a new experimental option to automatically encrypt your swap partition in fstab\nThere was another way to do it previously, but this is a lot easier\nYou can achieve similar results in FreeBSD by adding \".eli\" to the end of the swap device in fstab, there are a few steps to do it in NetBSD and swap in OpenBSD is encrypted by default\nA one-time key will be created and then destroyed in each case, making recovery of the plaintext nearly impossible\n***\n\n\nInterview - Jed Reynolds - jed@bitratchet.com / @jed_reynolds\n\nComparing ZFS on Linux and FreeBSD\n\n\n\nNews Roundup\n\nUSB thermometer on OpenBSD\n\n\nSo maybe you've got BSD on your server or router, maybe NetBSD on a toaster, but have you ever used a thermometer with one?\nThis blog post introduces the RDing TEMPer Gold USB thermometer, a small device that can tell the room temperature, and how to get it working on OpenBSD\nWouldn't you know it, OpenBSD has a native \"ugold\" driver to support it with the sensors framework\nHow useful such a device would be is another story though\n***\n\n\nNAS4Free now on ARM\n\n\nWe talk a lot about hardware for network-attached storage devices on the show, but ARM doesn't come up a lot\nThat might be changing soon, as NAS4Free has just released some ARM builds\nThese new (somewhat experimental) images are based on FreeBSD 11-CURRENT\nIncluded in the announcement is a list of fully-supported and partially-supported hardware that they've tested it with\nIf anyone has experience with running a NAS on slightly exotic hardware, write in to us\n***\n\n\npkgsrcCon 2015 CFP and info\n\n\nThis year's pkgsrcCon will be in Berlin, Germany on July 4th and 5th\nThey're looking for talk proposals and ideas for things you'd like to see\nIf you or your company uses pkgsrc, or if you're just interested in NetBSD in general, it would be a good event to check out\n***\n\n\nBSDTalk episode 253\n\n\nBSDTalk has released another new episode\nIn it, he interviews George Neville-Neil about the 2nd edition of \"The Design and Implementation of the FreeBSD Operating System\"\nThey discuss what's new since the last edition, who the book's target audience is and a lot more\nWe're up to 90 episodes now, slowly catching up to Will...\n***\n\n\nFeedback/Questions\n\n\nDominik writes in\nBrad writes in\nCorvin writes in\nJames writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be chatting with Jed Reynolds about ZFS. He\u0026#39;s been using it extensively on a certain other OS, and we can both learn a bit about the other side\u0026#39;s implementation. Answers to your questions and all this week\u0026#39;s news, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.conviso.com.br/2015/05/playing-with-sandbox-analysis-of_13.html\" rel=\"nofollow\"\u003ePlaying with sandboxing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSandboxing and privilege separation are popular topics these days - they\u0026#39;re the goal of the new \u0026quot;shill\u0026quot; scripting language, they\u0026#39;re used heavily throughout OpenBSD, and they\u0026#39;re gaining traction with the capsicum framework\u003c/li\u003e\n\u003cli\u003eThis blog post explores capsicum in FreeBSD, some of its history and where it\u0026#39;s used in the base system\u003c/li\u003e\n\u003cli\u003eThey also include some code samples so you can verify that capsicum is actually denying the program access to certain system calls\u003c/li\u003e\n\u003cli\u003eCheck our \u003ca href=\"http://www.bsdnow.tv/episodes/2014_05_28-the_friendly_sandbox\" rel=\"nofollow\"\u003einterview about capsicum\u003c/a\u003e from a while back if you haven\u0026#39;t seen it already\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143195693612629\u0026w=4\" rel=\"nofollow\"\u003eOpenNTPD on by default\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has enabled \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_11-time_for_a_change\" rel=\"nofollow\"\u003entpd\u003c/a\u003e by default in the installer, rather than prompting the user if they want to turn it on\u003c/li\u003e\n\u003cli\u003eIn nearly every case, you\u0026#39;re going to want to have your clock synced via NTP\u003c/li\u003e\n\u003cli\u003eWith the HTTPS constraints feature also enabled by default, this should keep the time checked and accurate, even against spoofing attacks\u003c/li\u003e\n\u003cli\u003eLots of problems can be traced back to the time on one system or another being wrong, so this will also eliminate some of those cases\u003c/li\u003e\n\u003cli\u003eFor those who might be \u003ca href=\"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/ntpd.conf\" rel=\"nofollow\"\u003ecurious\u003c/a\u003e, they\u0026#39;re using the \u0026quot;\u003ca href=\"http://www.pool.ntp.org/en/\" rel=\"nofollow\"\u003epool.ntp.org\u003c/a\u003e\u0026quot; cluster of addresses and google for HTTPS constraints (but these can be \u003ca href=\"http://www.bsdnow.tv/tutorials/ntpd\" rel=\"nofollow\"\u003eeasily changed\u003c/a\u003e)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.banym.de/freebsd/review-first-freebsd-workshop-in-landshut-on-15-may-2015\" rel=\"nofollow\"\u003eFreeBSD workshop in Landshut\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned a BSD installfest happening in Germany a few weeks back, and the organizer wrote in with a review of the event\u003c/li\u003e\n\u003cli\u003eThe installfest instead became a \u0026quot;FreeBSD workshop\u0026quot; session, introducing curious new users to some of the flagship features of the OS\u003c/li\u003e\n\u003cli\u003eThey covered when to use UFS or ZFS, firewall options, the release/stable/current branches and finally how to automate installations with Ansible\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re in south Germany and want to give similar introduction talks or Q\u0026amp;A sessions about the other BSDs, get in touch\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll hear more from him about how it went in the feedback section today\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-May/207690.html\" rel=\"nofollow\"\u003eSwap encryption in DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDoing \u003ca href=\"http://www.bsdnow.tv/tutorials/fde\" rel=\"nofollow\"\u003efull disk encryption\u003c/a\u003e is very important, but something that people sometimes overlook is encrypting their swap\u003c/li\u003e\n\u003cli\u003eThis can actually be \u003cem\u003emore\u003c/em\u003e important than the contents of your disks, especially if an unencrypted password or key hits your swap (as it can be recovered quite easily)\u003c/li\u003e\n\u003cli\u003eDragonFlyBSD has added a new experimental option to automatically encrypt your swap partition in fstab\u003c/li\u003e\n\u003cli\u003eThere was \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-May/207691.html\" rel=\"nofollow\"\u003eanother way\u003c/a\u003e to do it previously, but this is a lot easier\u003c/li\u003e\n\u003cli\u003eYou can achieve similar results in FreeBSD by adding \u0026quot;.eli\u0026quot; to the end of the swap device in fstab, there are \u003ca href=\"https://www.netbsd.org/docs/misc/#cgd-swap\" rel=\"nofollow\"\u003ea few steps\u003c/a\u003e to do it in NetBSD and swap in OpenBSD is encrypted by default\u003c/li\u003e\n\u003cli\u003eA one-time key will be created and then destroyed in each case, making recovery of the plaintext nearly impossible\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jed Reynolds - \u003ca href=\"mailto:jed@bitratchet.com\" rel=\"nofollow\"\u003ejed@bitratchet.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/jed_reynolds\" rel=\"nofollow\"\u003e@jed_reynolds\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eComparing ZFS on Linux and FreeBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.cambus.net/rding-temper-gold-usb-thermometer-on-openbsd/\" rel=\"nofollow\"\u003eUSB thermometer on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo maybe you\u0026#39;ve got BSD on your server or router, maybe NetBSD on a toaster, but have you ever used a thermometer with one?\u003c/li\u003e\n\u003cli\u003eThis blog post introduces the RDing TEMPer Gold USB thermometer, a small device that can tell the room temperature, and how to get it working on OpenBSD\u003c/li\u003e\n\u003cli\u003eWouldn\u0026#39;t you know it, OpenBSD has a native \u0026quot;\u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ugold.4\" rel=\"nofollow\"\u003eugold\u003c/a\u003e\u0026quot; driver to support it with the sensors framework\u003c/li\u003e\n\u003cli\u003eHow useful such a device would be is another story though\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sourceforge.net/projects/nas4free/files/NAS4Free-ARM/10.1.0.2.1511/\" rel=\"nofollow\"\u003eNAS4Free now on ARM\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe talk a lot about hardware for network-attached storage devices on the show, but ARM doesn\u0026#39;t come up a lot\u003c/li\u003e\n\u003cli\u003eThat might be changing soon, as NAS4Free has just released some ARM builds\u003c/li\u003e\n\u003cli\u003eThese new (somewhat experimental) images are based on FreeBSD 11-CURRENT\u003c/li\u003e\n\u003cli\u003eIncluded in the announcement is a list of fully-supported and partially-supported hardware that they\u0026#39;ve tested it with\u003c/li\u003e\n\u003cli\u003eIf anyone has experience with running a NAS on slightly exotic hardware, write in to us\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pkgsrc.pub/pkgsrcCon/2015/\" rel=\"nofollow\"\u003epkgsrcCon 2015 CFP and info\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s pkgsrcCon will be in Berlin, Germany \u003ca href=\"https://mail-index.netbsd.org/pkgsrc-users/2015/05/16/msg021560.html\" rel=\"nofollow\"\u003eon July 4th and 5th\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re looking for talk proposals and ideas for things you\u0026#39;d like to see\u003c/li\u003e\n\u003cli\u003eIf you or your company uses pkgsrc, or if you\u0026#39;re just interested in NetBSD in general, it would be a good event to check out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2015/05/bsdtalk253-george-neville-neil.html\" rel=\"nofollow\"\u003eBSDTalk episode 253\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDTalk has released another new episode\u003c/li\u003e\n\u003cli\u003eIn it, he interviews George Neville-Neil about the 2nd edition of \u0026quot;The Design and Implementation of the FreeBSD Operating System\u0026quot;\u003c/li\u003e\n\u003cli\u003eThey discuss what\u0026#39;s new since the last edition, who the book\u0026#39;s target audience is and a lot more\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;re up to 90 episodes now, slowly catching up to Will...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2SWlyuOeb\" rel=\"nofollow\"\u003eDominik writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s216z44lDU\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2djtX0dSE\" rel=\"nofollow\"\u003eCorvin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21XM4hPRh\" rel=\"nofollow\"\u003eJames writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be chatting with Jed Reynolds about ZFS. He's been using it extensively on a certain other OS, and we can both learn a bit about the other side's implementation. Answers to your questions and all this week's news, coming up on BSD Now - the place to B.. SD.","date_published":"2015-05-20T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5faad566-284e-4d62-b377-5144cf232cdb.mp3","mime_type":"audio/mpeg","size_in_bytes":52647700,"duration_in_seconds":4387}]},{"id":"e47f088b-2b32-4187-92cd-0f4be4f1426e","title":"89: Exclusive Disjunction","url":"https://www.bsdnow.tv/89","content_text":"This week on the show, we'll be talking to Mike Larkin about various memory protections in OpenBSD. We'll cover recent WX improvements, SSP, ASLR, PIE and all kinds of acronyms! We've also got a bunch of news and answers to your questions, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenSMTPD for the whole family\n\n\nSetting up a BSD mail server is something a lot of us are probably familiar with doing, at least for our own accounts\nThis article talks about configuring a home mail server too, but even for the other people you live with\nAfter convincing his wife to use their BSD-based Owncloud server for backups, the author talks about moving her over to his brand new OpenSMTPD server too\nIf you've ever run a mail server and had to deal with greylisting, you'll appreciate the struggle he went through\nIn the end, BGP-based list distribution saved the day, and his family is being served well by a BSD box\n***\n\n\nNetBSD on the Edgerouter Lite\n\n\nWe've talked a lot about building your own BSD-based router on the show, but not many of the devices we mention are in the same price range as consumer devices\nThe EdgeRouter Lite, a small MIPS-powered machine, is starting to become popular (and is a bit cheaper)\nA NetBSD developer has been hacking on it, and documents the steps to get a working install in this blog post\nThe process is fairly simple, and you can cross-compile your own installation image on any CPU architecture (even from another BSD!)\nOpenBSD and FreeBSD also have some support for these devices\n***\n\n\nBitrig at NYC*BUG\n\n\nThe New York City BSD users group has semi-regular meetings with presentations, and this time the speaker was John Vernaleo\nJohn discussed Bitrig, an OpenBSD fork that we've talked about a couple times on the show\nHe talks about what they've been up to lately, why they're doing what they're doing, difference in supported platforms\nPorts and packages between the two projects are almost exactly the same, but he covers the differences in the base systems, how (some) patches get shared between the two and finally some development model differences\n***\n\n\nOPNsense, meet HardenedBSD\n\n\nSpeaking of forks, two FreeBSD-based forked projects we've mentioned on the show, HardenedBSD and OPNsense, have decided to join forces\nBackporting their changes to the 10-STABLE branch, HardenedBSD hopes to introduce some of their security additions to the OPNsense codebase\nPaired up with LibreSSL, this combination should offer a good solution for anyone wanting a BSD-based firewall with an easy web interface\nWe'll cover more news on the collaboration as it comes out\n***\n\n\nInterview - Mike Larkin - mlarkin@openbsd.org / @mlarkin2012\n\nMemory protections in OpenBSD: WX, ASLR, PIE, SSP\n\n\n\nNews Roundup\n\nA closer look at FreeBSD\n\n\nThe week wouldn't be complete without at least one BSD article making it to a mainstream tech site\nThis time, it's a high-level overview of FreeBSD, some of its features and where it's used\nBeing that it's an overview article on a more mainstream site, you won't find anything too technical - it covers some BSD history, stability, ZFS, LLVM and Clang, ports and packages, jails and the licensing\nIf you have any BSD-curious Linux friends, this might be a good one to send to them\n***\n\n\nLinksys NSLU2 and NetBSD\n\n\nThe Linksys NSLU2 is a proprietary network-attached storage device introduced back in 2004\n\"About 2 months ago I set a goal to run some kind of BSD on the spare Linksys NSLU2 I had. This was driven mostly by curiosity, after listening to a few BSDNow episodes and becoming a regular listener [...]\"\nAfter doing some research, the author of this post discovered that he could cross-compile NetBSD for the device straight from his Linux box\nIf you've got one of these old devices kicking around, check out this write-up and get some BSD action on there\n***\n\n\nOpenBSD disklabel templates\n\n\nWe've covered OpenBSD's \"autoinstall\" feature for unattended installations in the past, but one area where it didn't offer a lot of customization was with the disk layout\nWith a few recent changes, there are now a series of templates you can use for a completely customized partition scheme\nThis article takes you through the process of configuring an autoinstall answer file and adding the new section for disklabel\nCombine this new feature with our -stable iso tutorial, and you could deploy completely patched and customized images en masse pretty easily\n***\n\n\nFreeBSD native ARM builds\n\n\nFreeBSD -CURRENT builds for the ARM CPU architecture can now be built natively, without utilities that aren't part of base\nSome of the older board-specific kernel configuration files have been replaced, and now the \"IMC6\" target is used\nThis goes along with what we read in the most recent quarterly status report - ARM is starting to get treated as a first class citizen\n***\n\n\nFeedback/Questions\n\n\nSean writes in\nRon writes in\nCharles writes in\nBostjan writes in\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ll be talking to Mike Larkin about various memory protections in OpenBSD. We\u0026#39;ll cover recent W\u003csup\u003eX\u003c/sup\u003e improvements, SSP, ASLR, PIE and all kinds of acronyms! We\u0026#39;ve also got a bunch of news and answers to your questions, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://homing-on-code.blogspot.com/2015/05/accept-from-any-for-any-relay-via.html\" rel=\"nofollow\"\u003eOpenSMTPD for the whole family\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSetting up a BSD mail server is something a lot of us are probably familiar with doing, at least for our own accounts\u003c/li\u003e\n\u003cli\u003eThis article talks about configuring a home mail server too, but even for the other people you live with\u003c/li\u003e\n\u003cli\u003eAfter convincing his wife to use their BSD-based Owncloud server for backups, the author talks about moving her over to his brand new OpenSMTPD server too\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve ever run a mail server and had to deal with greylisting, you\u0026#39;ll appreciate the struggle he went through\u003c/li\u003e\n\u003cli\u003eIn the end, BGP-based list distribution saved the day, and his family is being served well by a BSD box\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/hands_on_experience_with_edgerouter\" rel=\"nofollow\"\u003eNetBSD on the Edgerouter Lite\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked a lot about building your own BSD-based router on the show, but not many of the devices we mention are in the same price range as consumer devices\u003c/li\u003e\n\u003cli\u003eThe EdgeRouter Lite, a small MIPS-powered machine, is starting to become popular (and is a bit cheaper)\u003c/li\u003e\n\u003cli\u003eA NetBSD developer has been hacking on it, and documents the steps to get a working install in this blog post\u003c/li\u003e\n\u003cli\u003eThe process is fairly simple, and you can \u003ca href=\"http://www.bsdnow.tv/tutorials/current-nbsd\" rel=\"nofollow\"\u003ecross-compile\u003c/a\u003e your own installation image on any CPU architecture (even from another BSD!)\u003c/li\u003e\n\u003cli\u003eOpenBSD and FreeBSD also have \u003ca href=\"http://www.openbsd.org/octeon.html\" rel=\"nofollow\"\u003esome\u003c/a\u003e \u003ca href=\"http://rtfm.net/FreeBSD/ERL/\" rel=\"nofollow\"\u003esupport\u003c/a\u003e for these devices\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=h4FhgBdYSUU\" rel=\"nofollow\"\u003eBitrig at NYC*BUG\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe New York City BSD users group has semi-regular meetings with presentations, and this time the speaker was John Vernaleo\u003c/li\u003e\n\u003cli\u003eJohn discussed \u003ca href=\"http://www.bsdnow.tv/episodes/2014_12_10-must_be_rigged\" rel=\"nofollow\"\u003eBitrig\u003c/a\u003e, an OpenBSD fork that we\u0026#39;ve talked about a couple times on the show\u003c/li\u003e\n\u003cli\u003eHe talks about what they\u0026#39;ve been up to lately, why they\u0026#39;re doing what they\u0026#39;re doing, difference in supported platforms\u003c/li\u003e\n\u003cli\u003ePorts and packages between the two projects are almost exactly the same, but he covers the differences in the base systems, how (some) patches get shared between the two and finally some development model differences\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://hardenedbsd.org/article/shawn-webb/2015-05-08/hardenedbsd-teams-opnsense\" rel=\"nofollow\"\u003eOPNsense, meet HardenedBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpeaking of forks, two FreeBSD-based forked projects we\u0026#39;ve mentioned on the show, \u003ca href=\"http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover\" rel=\"nofollow\"\u003eHardenedBSD\u003c/a\u003e and \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach\" rel=\"nofollow\"\u003eOPNsense\u003c/a\u003e, have decided to join forces\u003c/li\u003e\n\u003cli\u003eBackporting their changes to the 10-STABLE branch, HardenedBSD hopes to introduce some of their security additions to the OPNsense codebase\u003c/li\u003e\n\u003cli\u003ePaired up with LibreSSL, this combination should offer a good solution for anyone wanting a BSD-based firewall with an easy web interface\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll cover more news on the collaboration as it comes out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Mike Larkin - \u003ca href=\"mailto:mlarkin@openbsd.org\" rel=\"nofollow\"\u003emlarkin@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/mlarkin2012\" rel=\"nofollow\"\u003e@mlarkin2012\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eMemory protections in OpenBSD: \u003ca href=\"https://en.wikipedia.org/wiki/W%5EX\" rel=\"nofollow\"\u003eW\u003csup\u003eX\u003c/sup\u003e\u003c/a\u003e, \u003ca href=\"https://en.wikipedia.org/wiki/Address_space_layout_randomization\" rel=\"nofollow\"\u003eASLR\u003c/a\u003e, \u003ca href=\"https://en.wikipedia.org/wiki/Position-independent_code\" rel=\"nofollow\"\u003ePIE\u003c/a\u003e, \u003ca href=\"https://en.wikipedia.org/wiki/Buffer_overflow_protection\" rel=\"nofollow\"\u003eSSP\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.techopedia.com/2/31035/software/a-closer-look-at-freebsd\" rel=\"nofollow\"\u003eA closer look at FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe week wouldn\u0026#39;t be complete without at least one BSD article making it to a mainstream tech site\u003c/li\u003e\n\u003cli\u003eThis time, it\u0026#39;s a high-level overview of FreeBSD, some of its features and where it\u0026#39;s used\u003c/li\u003e\n\u003cli\u003eBeing that it\u0026#39;s an overview article on a more mainstream site, you won\u0026#39;t find anything too technical - it covers some BSD history, stability, ZFS, LLVM and Clang, ports and packages, jails and the licensing\u003c/li\u003e\n\u003cli\u003eIf you have any BSD-curious Linux friends, this might be a good one to send to them\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ramblingfoo.blogspot.com/2015/05/linksys-nslu2-adventures-into-netbsd.html\" rel=\"nofollow\"\u003eLinksys NSLU2 and NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Linksys NSLU2 is a proprietary network-attached storage device introduced back in 2004\u003c/li\u003e\n\u003cli\u003e\u0026quot;About 2 months ago I set a goal to run some kind of BSD on the spare Linksys NSLU2 I had. This was driven mostly by curiosity, after listening to a few BSDNow episodes and becoming a regular listener [...]\u0026quot;\u003c/li\u003e\n\u003cli\u003eAfter doing some research, the author of this post discovered that he could cross-compile NetBSD for the device straight from his Linux box\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve got one of these old devices kicking around, check out this write-up and get some BSD action on there\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.jeffreyforman.net/2015/05/09/from-0-to-an-openbsd-install-with-no-hands-and-a-custom-disk-layou\" rel=\"nofollow\"\u003eOpenBSD disklabel templates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve covered OpenBSD\u0026#39;s \u0026quot;autoinstall\u0026quot; feature for unattended installations in the past, but one area where it didn\u0026#39;t offer a lot of customization was with the disk layout\u003c/li\u003e\n\u003cli\u003eWith a few \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150505123418\" rel=\"nofollow\"\u003erecent changes\u003c/a\u003e, there are now a series of templates you can use for a completely customized partition scheme\u003c/li\u003e\n\u003cli\u003eThis article takes you through the process of configuring an autoinstall answer file and adding the new section for disklabel\u003c/li\u003e\n\u003cli\u003eCombine this new feature with our \u003ca href=\"http://www.bsdnow.tv/tutorials/stable-iso\" rel=\"nofollow\"\u003e-stable iso tutorial\u003c/a\u003e, and you could deploy completely patched and customized images en masse pretty easily\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=282693\" rel=\"nofollow\"\u003eFreeBSD native ARM builds\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD -CURRENT builds for the ARM CPU architecture can now be built natively, without utilities that aren\u0026#39;t part of base\u003c/li\u003e\n\u003cli\u003eSome of the older board-specific kernel configuration files have been replaced, and now the \u0026quot;IMC6\u0026quot; target is used\u003c/li\u003e\n\u003cli\u003eThis goes along with what we read in the most recent quarterly status report - ARM is starting to get treated as a first class citizen\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2088U2OjO\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s29ZKhQKOz\" rel=\"nofollow\"\u003eRon writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2NCVHEKt1\" rel=\"nofollow\"\u003eCharles writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2mGRoKo5G\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we'll be talking to Mike Larkin about various memory protections in OpenBSD. We'll cover recent W^X improvements, SSP, ASLR, PIE and all kinds of acronyms! We've also got a bunch of news and answers to your questions, coming up on BSD Now - the place to B.. SD.","date_published":"2015-05-13T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e47f088b-2b32-4187-92cd-0f4be4f1426e.mp3","mime_type":"audio/mpeg","size_in_bytes":45530932,"duration_in_seconds":3794}]},{"id":"26ef6d0e-ea2a-4032-88ee-121e1b2be033","title":"88: Below the Clouds","url":"https://www.bsdnow.tv/88","content_text":"This time on the show, we'll be talking with Ed Schouten about CloudABI. It's a new application binary interface with a strong focus on isolation and restricted capabilities. As always, all this week's BSD news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD quarterly status report\n\n\nThe FreeBSD team has posted a report of the activities that went on between January and March of this year\nAs usual, it's broken down into separate reports from the various teams in the project (ports, kernel, virtualization, etc)\nThe ports team continuing battling the flood of PRs, closing quite a lot of them and boasting nearly 7,000 commits this quarter\nThe core team and cluster admins dealt with the accidental deletion of the Bugzilla database, and are making plans for an improved backup strategy within the project going forward\nFreeBSD's future release support model was also finalized and published in February, which should be a big improvement for both users and the release team\nSome topics are still being discussed internally, mainly MFCing ZFS ARC responsiveness patches to the 10 branch and deciding whether to maintain or abandon C89 support in the kernel code\nLots of activity is happening in bhyve, some of which we've covered recently, and a number of improvements were made this quarter\nClang, LLVM and LLDB have been updated to the 3.6.0 branch in -CURRENT\nWork to get FreeBSD booting natively on the POWER8 CPU architecture is also still in progress, but it does boot in KVM for the time being\nThe project to replace forth in the bootloader with lua is in its final stages, and can be used on x86 already\nASLR work is still being done by the HardenedBSD guys, and their next aim is position-independent executable\nThe report also touches on multipath TCP support, the new automounter, opaque ifnet, pkgng updates, secureboot (which should be in 10.2-RELEASE), GNOME and KDE on FreeBSD, PCIe hotplugging, nested kernel support and more\nAlso of note: work is going on to make ARM a Tier 1 platform in the upcoming 11.0-RELEASE (and support for more ARM boards is still being added, including ARM64)\n***\n\n\nOpenBSD 5.7 released\n\n\nOpenBSD has formally released another new version, complete with the giant changelog we've come to expect\nIn the hardware department, 5.7 features many driver improvements and fixes, as well as support for some new things: USB 3.0 controllers, newer Intel and Atheros wireless cards and some additional 10gbit NICs\nIf you're using one of the Soekris boards, there's even a new driver to manipulate the GPIO and LEDs on them - this has some fun possibilities\nSome new security improvements include: SipHash being sprinkled in some areas to protect hashing functions, big WX improvements in the kernel space, static PIE on all architectures, deterministic \"random\" functions being replaced with strong randomness, and support for remote logging over TLS\nThe entire source tree has also been audited to use reallocarray, which unintentionally saved OpenBSD's libc from being vulnerable to earlier attacks affecting other BSDs' implementations\nBeing that it's OpenBSD, a number of things have also been removed from the base system: procfs, sendmail, SSLv3 support and loadable kernel modules are all gone now (not to mention the continuing massacre of dead code in LibreSSL)\nSome people seem to be surprised about the removal of loadable modules, but almost nothing utilized them in OpenBSD, so it was really just removing old code that no one used anymore - very different from FreeBSD or Linux in this regard, where kernel modules are used pretty heavily\nBIND and nginx have been taken out, so you'll need to either use the versions in ports or switch to Unbound and the in-base HTTP daemon\nSpeaking of httpd, it's gotten a number of new features, and has had time to grow and mature since its initial debut - if you've been considering trying it out, now would be a great time to do so\nThis release also includes the latest OpenSSH (with stronger fingerprint types and host key rotation), OpenNTPD (with the HTTPS constraints feature), OpenSMTPD, LibreSSL and mandoc\nCheck the errata page for any post-release fixes, and the upgrade guide for specific instructions on updating from 5.6\nGroundwork has also been laid for some major SMP scalability improvements - look forward to those in future releases\nThere's a song and artwork to go along with the release as always, and CDs should be arriving within a few days - we'll show some pictures next week\nConsider picking one up to support the project (and it's the only way to get puffy stickers)\nFor those of you paying close attention, the banner image for this release just might remind you of a certain special episode of BSD Now...\n***\n\n\nTor-BSD diversity project\n\n\nWe've talked about Tor on the show a few times, and specifically about getting more of the network on BSD (Linux has an overwhelming majority right now)\nA new initiative has started to do just that, called the Tor-BSD diversity project\n\"Monocultures in nature are dangerous, as vulnerabilities are held in common across a broad spectrum. Diversity means single vulnerabilities are less likely to harm the entire ecosystem. [...] A single kernel vulnerability in GNU/Linux that impacting Tor relays could be devastating. We want to see a stronger Tor network, and we believe one critical ingredient for that is operating system diversity.\"\nIn addition to encouraging people to put up more relays, they're also continuing work on porting the Tor Browser Bundle to BSD, so more desktop users can have easy access to online privacy\nThere's an additional progress report for that part specifically, and it looks like most of the work is done now\nEngaging the broader BSD community about Tor and fixing up the official documentation are also both on their todo list \nIf you've been considering running a node to help out, there's always our handy tutorial on getting set up\n***\n\n\nPC-BSD 10.1.2-RC1 released\n\n\nIf you want a sneak peek at the upcoming PC-BSD 10.1.2, the first release candidate is now available to grab\nThis quarterly update includes a number of new features, improvements and even some additional utilities\nPersonaCrypt is one of them - it's a new tool for easily migrating encrypted home directories between systems\nA new \"stealth mode\" option allows for a one-time login, using a blank home directory that gets wiped after use\nSimilarly, a new \"Tor mode\" allows for easy tunneling of all your traffic through the Tor network\nIPFW is now the default firewall, offering improved VIMAGE capabilities\nThe life preserver backup tool now allows for bare-metal restores via the install CD\nISC's NTP daemon has been replaced with OpenNTPD, and OpenSSL has been replaced with LibreSSL\nIt also includes the latest Lumina desktop, and there's another post dedicated to that\nBinary packages have also been updated to fresh versions from the ports tree\nMore details, including upgrade instructions, can be found in the linked blog post\n***\n\n\nInterview - Ed Schouten - ed@freebsd.org / @edschouten\n\nCloudABI\n\n\n\nNews Roundup\n\nOpen Household Router Contraption\n\n\nThis article introduces OpenHRC, the \"Open Household Router Contraption\"\nIn short, it's a set of bootstrapping scripts to turn a vanilla OpenBSD install into a feature-rich gateway device\nIt also makes use of Ansible playbooks for configuration, allowing for a more \"mass deployment\" type of setup\nEverything is configured via a simple text file, and you end up with a local NTP server, DHCP server, firewall (obviously) and local caching DNS resolver - it even does DNSSEC validation\nAll the code is open source and on Github, so you can read through what's actually being changed and put in place\nThere's also a video guide to the entire process, if you're more of a visual person\n***\n\n\nOPNsense 15.1.10 released\n\n\nSpeaking of BSD routers, if you're looking for a \"prebuilt and ready to go\" option, OPNsense has just released a new version\n15.1.10 drops some of the legacy patches they inherited from pfSense, aiming to stay closer to the mainline FreeBSD source code\nGoing along with this theme, they've redone how they do ports, and are now kept totally in sync with the regular ports tree\nTheir binary packages are now signed using the fingerprint-style method, various GUI menus have been rewritten and a number of other bugs were fixed\nNanoBSD-based images are also available now, so you can try it out on hardware with constrained resources as well\nVersion 15.1.10.1 was released shortly thereafter, including a hotfix for VLANs\n***\n\n\nIBM Workpad Z50 and NetBSD\n\n\nBefore the infamous netbook fad came and went, IBM had a handheld PDA device that looked pretty much the same\nBack in 1999, they released the Workpad Z50 with Windows CE, sporting a 131MHz MIPS CPU, 16MB of RAM and a 640x480 display\nYou can probably tell where this is going... the article is about installing NetBSD it\n\"What prevents me from taking my pristine Workpad z50 to the local electronics recycling  facility is NetBSD. With a little effort it is possible to install recent versions of NetBSD on the Workpad z50 and even have XWindows running\"\nThe author got pkgsrc up and running on it too, and cleverly used distcc to offload the compiling jobs to something a bit more modern\nHe's also got a couple videos of the bootup process and running Xorg (neither of which we'd call \"speedy\" by any stretch of the imagination)\n***\n\n\nFreeBSD from the trenches\n\n\nThe FreeBSD foundation has a new blog post up in their \"from the trenches\" series, detailing FreeBSD in some real-world use cases\nIn this installment, Glen Barber talks about how he sets up all his laptops with ZFS and GELI\nWhile the installer allows for an automatic ZFS layout, Glen notes that it's not a one-size-fits-all thing, and goes through doing everything manually\nEach command is explained, and he walks you through the process of doing an encrypted installation on your root zpool\n***\n\n\nBroadwell in DragonFly\n\n\nDragonFlyBSD has officially won the race to get an Intel Broadwell graphics driver\nTheir i915 driver has been brought up to speed with Linux 3.14's, adding not only Broadwell support, but many other bugfixes for other cards too\nIt's planned for commit to the main tree very soon, but you can test it out with a git branch for the time being\n***\n\n\nFeedback/Questions\n\n\nBostjan writes in\nHunter writes in\nHrishi writes in\nClint writes in\nSergei writes in\n***\n\n\nMailing List Gold\n\n\nHow did you guess\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be talking with Ed Schouten about CloudABI. It\u0026#39;s a new application binary interface with a strong focus on isolation and restricted capabilities. As always, all this week\u0026#39;s BSD news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2015-01-2015-03.html\" rel=\"nofollow\"\u003eFreeBSD quarterly status report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD team has posted a report of the activities that went on between January and March of this year\u003c/li\u003e\n\u003cli\u003eAs usual, it\u0026#39;s broken down into separate reports from the various teams in the project (ports, kernel, virtualization, etc)\u003c/li\u003e\n\u003cli\u003eThe ports team continuing battling the flood of PRs, closing quite a lot of them and boasting nearly 7,000 commits this quarter\u003c/li\u003e\n\u003cli\u003eThe core team and cluster admins dealt with the accidental deletion of the Bugzilla database, and are making plans for an improved backup strategy within the project going forward\u003c/li\u003e\n\u003cli\u003eFreeBSD\u0026#39;s future release support model was also finalized and published in February, which should be a big improvement for both users and the release team\u003c/li\u003e\n\u003cli\u003eSome topics are still being discussed internally, mainly MFCing ZFS ARC responsiveness patches to the 10 branch and deciding whether to maintain or abandon C89 support in the kernel code\u003c/li\u003e\n\u003cli\u003eLots of activity is happening in bhyve, some of which we\u0026#39;ve covered \u003ca href=\"http://www.bsdnow.tv/episodes/2015_04_29-on_the_list\" rel=\"nofollow\"\u003erecently\u003c/a\u003e, and a number of improvements were made this quarter\u003c/li\u003e\n\u003cli\u003eClang, LLVM and LLDB have been updated to the 3.6.0 branch in -CURRENT\u003c/li\u003e\n\u003cli\u003eWork to get FreeBSD booting natively on the POWER8 CPU architecture is also still in progress, but it does boot in KVM for the time being\u003c/li\u003e\n\u003cli\u003eThe project to replace forth in the bootloader with lua is in its final stages, and can be used on x86 already\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover\" rel=\"nofollow\"\u003eASLR work\u003c/a\u003e is still being done by the HardenedBSD guys, and their next aim is position-independent executable\u003c/li\u003e\n\u003cli\u003eThe report also touches on multipath TCP support, the new automounter, opaque ifnet, pkgng updates, secureboot (which should be in 10.2-RELEASE), GNOME and KDE on FreeBSD, PCIe hotplugging, nested kernel support and more\u003c/li\u003e\n\u003cli\u003eAlso of note: work is going on to make ARM a Tier 1 platform in the upcoming 11.0-RELEASE (and support for more ARM boards is still being added, including ARM64)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/57.html\" rel=\"nofollow\"\u003eOpenBSD 5.7 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has formally released another new version, complete with the giant changelog we\u0026#39;ve come to expect\u003c/li\u003e\n\u003cli\u003eIn the hardware department, 5.7 features many driver improvements and fixes, as well as support for some new things: USB 3.0 controllers, newer Intel and Atheros wireless cards and some additional 10gbit NICs\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re using one of the Soekris boards, there\u0026#39;s even \u003ca href=\"http://bodgitandscarper.co.uk/openbsd/further-soekris-net6501-improvements-for-openbsd/\" rel=\"nofollow\"\u003ea new driver\u003c/a\u003e to manipulate the GPIO and LEDs on them - this has some fun possibilities\u003c/li\u003e\n\u003cli\u003eSome new security improvements include: \u003ca href=\"https://en.wikipedia.org/wiki/SipHash\" rel=\"nofollow\"\u003eSipHash\u003c/a\u003e being sprinkled in some areas to protect hashing functions, big \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142120787308107\u0026w=2\" rel=\"nofollow\"\u003eW\u003csup\u003eX\u003c/sup\u003e improvements\u003c/a\u003e in the kernel space, \u003ca href=\"http://www.bsdnow.tv/episodes/2015_04_15-pie_in_the_sky\" rel=\"nofollow\"\u003estatic PIE\u003c/a\u003e on all architectures, deterministic \u0026quot;random\u0026quot; functions \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141807224826859\u0026w=2\" rel=\"nofollow\"\u003ebeing replaced\u003c/a\u003e with strong randomness, and support for remote logging over TLS\u003c/li\u003e\n\u003cli\u003eThe entire source tree has also been audited to use \u003ca href=\"http://lteo.net/blog/2014/10/28/reallocarray-in-openbsd-integer-overflow-detection-for-free/\" rel=\"nofollow\"\u003ereallocarray\u003c/a\u003e, which unintentionally \u003ca href=\"https://splone.com/blog/2015/3/11/integer-overflow-prevention-in-c\" rel=\"nofollow\"\u003esaved\u003c/a\u003e OpenBSD\u0026#39;s libc from being vulnerable to \u003ca href=\"https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/\" rel=\"nofollow\"\u003eearlier attacks\u003c/a\u003e affecting other BSDs\u0026#39; implementations\u003c/li\u003e\n\u003cli\u003eBeing that it\u0026#39;s OpenBSD, a number of things have also been \u003cem\u003eremoved\u003c/em\u003e from the base system: procfs, sendmail, SSLv3 support and loadable kernel modules are all gone now (not to mention the continuing massacre of dead code in LibreSSL)\u003c/li\u003e\n\u003cli\u003eSome people seem to be surprised about the removal of loadable modules, but almost nothing utilized them in OpenBSD, so it was really just removing old code that no one used anymore - very different from FreeBSD or Linux in this regard, where kernel modules are used pretty heavily\u003c/li\u003e\n\u003cli\u003eBIND and nginx have been taken out, so you\u0026#39;ll need to either use the versions in ports or switch to Unbound and the in-base HTTP daemon\u003c/li\u003e\n\u003cli\u003eSpeaking of httpd, it\u0026#39;s gotten a number of \u003ca href=\"http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf\" rel=\"nofollow\"\u003enew\u003c/a\u003e \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/httpd.conf.5\" rel=\"nofollow\"\u003efeatures\u003c/a\u003e, and has had time to grow and mature since its initial debut - if you\u0026#39;ve been considering trying it out, now would be a great time to do so\u003c/li\u003e\n\u003cli\u003eThis release also includes the latest OpenSSH (with stronger fingerprint types and host key rotation), OpenNTPD (with the HTTPS constraints feature), OpenSMTPD, LibreSSL and \u003ca href=\"http://www.bsdnow.tv/episodes/2014_11_12-a_mans_man\" rel=\"nofollow\"\u003emandoc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck the \u003ca href=\"http://www.openbsd.org/errata57.html\" rel=\"nofollow\"\u003eerrata page\u003c/a\u003e for any post-release fixes, and the \u003ca href=\"http://www.openbsd.org/faq/upgrade57.html\" rel=\"nofollow\"\u003eupgrade guide\u003c/a\u003e for specific instructions on updating from 5.6\u003c/li\u003e\n\u003cli\u003eGroundwork has also been laid for some major SMP scalability improvements - look forward to those in future releases\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a \u003ca href=\"http://www.openbsd.org/lyrics.html#57\" rel=\"nofollow\"\u003esong and artwork\u003c/a\u003e to go along with the release as always, and CDs should be arriving within a few days - we\u0026#39;ll show some pictures next week\u003c/li\u003e\n\u003cli\u003eConsider \u003ca href=\"https://www.openbsdstore.com\" rel=\"nofollow\"\u003epicking one up\u003c/a\u003e to support the project (and it\u0026#39;s the only way to get puffy stickers)\u003c/li\u003e\n\u003cli\u003eFor those of you paying close attention, the \u003ca href=\"http://www.openbsd.org/images/puffy57.gif\" rel=\"nofollow\"\u003ebanner image\u003c/a\u003e for this release just might remind you of a \u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_03-its_hammer_time\" rel=\"nofollow\"\u003ecertain special episode\u003c/a\u003e of BSD Now...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://torbsd.github.io/\" rel=\"nofollow\"\u003eTor-BSD diversity project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked about Tor on the show a few times, and specifically about getting more of the network on BSD (Linux has an overwhelming majority right now)\u003c/li\u003e\n\u003cli\u003eA new initiative has started to do just that, called the Tor-BSD diversity project\u003c/li\u003e\n\u003cli\u003e\u0026quot;Monocultures in nature are dangerous, as vulnerabilities are held in common across a broad spectrum. Diversity means single vulnerabilities are less likely to harm the entire ecosystem. [...] A single kernel vulnerability in GNU/Linux that impacting Tor relays could be devastating. We want to see a stronger Tor network, and we believe one critical ingredient for that is operating system diversity.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIn addition to encouraging people to put up more relays, they\u0026#39;re also continuing work on porting the Tor Browser Bundle to BSD, so more desktop users can have easy access to online privacy\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s an additional \u003ca href=\"http://trac.haqistan.net/blog/tor-browser-ports-progress\" rel=\"nofollow\"\u003eprogress report\u003c/a\u003e for that part specifically, and it looks like most of the work is done now\u003c/li\u003e\n\u003cli\u003eEngaging the broader BSD community about Tor and fixing up the official documentation are also both on their todo list \u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been considering running a node to help out, there\u0026#39;s always \u003ca href=\"http://www.bsdnow.tv/tutorials/tor\" rel=\"nofollow\"\u003eour handy tutorial\u003c/a\u003e on getting set up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/05/pc-bsd-10-1-2-rc1-now-available/\" rel=\"nofollow\"\u003ePC-BSD 10.1.2-RC1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you want a sneak peek at the upcoming PC-BSD 10.1.2, the first release candidate is now available to grab\u003c/li\u003e\n\u003cli\u003eThis quarterly update includes a number of new features, improvements and even some additional utilities\u003c/li\u003e\n\u003cli\u003ePersonaCrypt is one of them - it\u0026#39;s a new tool for easily migrating encrypted home directories between systems\u003c/li\u003e\n\u003cli\u003eA new \u0026quot;stealth mode\u0026quot; option allows for a one-time login, using a blank home directory that gets wiped after use\u003c/li\u003e\n\u003cli\u003eSimilarly, a new \u0026quot;Tor mode\u0026quot; allows for easy tunneling of all your traffic through the Tor network\u003c/li\u003e\n\u003cli\u003eIPFW is now the default firewall, offering improved VIMAGE capabilities\u003c/li\u003e\n\u003cli\u003eThe life preserver backup tool now allows for bare-metal restores via the install CD\u003c/li\u003e\n\u003cli\u003eISC\u0026#39;s NTP daemon has been replaced with \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_11-time_for_a_change\" rel=\"nofollow\"\u003eOpenNTPD\u003c/a\u003e, and OpenSSL has been replaced with \u003ca href=\"http://www.bsdnow.tv/episodes/2015_03_25-ssl_in_the_wild\" rel=\"nofollow\"\u003eLibreSSL\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt also includes the latest \u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_10-luminary_environment\" rel=\"nofollow\"\u003eLumina\u003c/a\u003e desktop, and there\u0026#39;s another \u003ca href=\"http://blog.pcbsd.org/2015/05/pc-bsd-10-1-2-rc1-lumina-desktop-0-8-4-released/\" rel=\"nofollow\"\u003epost dedicated to that\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBinary packages have also been updated to fresh versions from the ports tree\u003c/li\u003e\n\u003cli\u003eMore details, including upgrade instructions, can be found in the linked blog post\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ed Schouten - \u003ca href=\"mailto:ed@freebsd.org\" rel=\"nofollow\"\u003eed@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/edschouten\" rel=\"nofollow\"\u003e@edschouten\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.bsdcan.org/2015/schedule/track/Security/524.en.html\" rel=\"nofollow\"\u003eCloudABI\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://code.saghul.net/index.php/2015/05/01/announcing-the-open-household-router-contraption/\" rel=\"nofollow\"\u003eOpen Household Router Contraption\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis article introduces OpenHRC, the \u0026quot;Open Household Router Contraption\u0026quot;\u003c/li\u003e\n\u003cli\u003eIn short, it\u0026#39;s a set of bootstrapping scripts to turn a vanilla OpenBSD install into a feature-rich gateway device\u003c/li\u003e\n\u003cli\u003eIt also makes use of Ansible playbooks for configuration, allowing for a more \u0026quot;mass deployment\u0026quot; type of setup\u003c/li\u003e\n\u003cli\u003eEverything is configured via a simple text file, and you end up with a local NTP server, DHCP server, firewall (obviously) and local caching DNS resolver - it even does DNSSEC validation\u003c/li\u003e\n\u003cli\u003eAll the code is open source \u003ca href=\"https://github.com/ioc32/openhrc\" rel=\"nofollow\"\u003eand on Github\u003c/a\u003e, so you can read through what\u0026#39;s actually being changed and put in place\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a \u003ca href=\"https://www.youtube.com/watch?v=LZeKDM5jc90\" rel=\"nofollow\"\u003evideo guide\u003c/a\u003e to the entire process, if you\u0026#39;re more of a visual person\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=365.0\" rel=\"nofollow\"\u003eOPNsense 15.1.10 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpeaking of BSD routers, if you\u0026#39;re looking for a \u0026quot;prebuilt and ready to go\u0026quot; option, OPNsense has just released a new version\u003c/li\u003e\n\u003cli\u003e15.1.10 drops some of the legacy patches they inherited from pfSense, aiming to stay closer to the mainline FreeBSD source code\u003c/li\u003e\n\u003cli\u003eGoing along with this theme, they\u0026#39;ve redone how they do ports, and are now kept totally in sync with the regular ports tree\u003c/li\u003e\n\u003cli\u003eTheir binary packages are now signed using the fingerprint-style method, various GUI menus have been rewritten and a number of other bugs were fixed\u003c/li\u003e\n\u003cli\u003eNanoBSD-based images are also available now, so you can try it out on hardware with constrained resources as well\u003c/li\u003e\n\u003cli\u003eVersion \u003ca href=\"https://twitter.com/opnsense/status/596009164746432512\" rel=\"nofollow\"\u003e15.1.10.1\u003c/a\u003e was released shortly thereafter, including a hotfix for VLANs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.ibm.com/developerworks/community/blogs/hpcgoulash/entry/ibm_workpad_z50_netbsd_an_interesting_combination1?lang=en\" rel=\"nofollow\"\u003eIBM Workpad Z50 and NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBefore the infamous netbook fad came and went, IBM had a handheld PDA device that looked pretty much the same\u003c/li\u003e\n\u003cli\u003eBack in 1999, they released \u003ca href=\"http://www.hpcfactor.com/reviews/hardware/ibm/workpad-z50/\" rel=\"nofollow\"\u003ethe Workpad Z50\u003c/a\u003e with Windows CE, sporting a 131MHz MIPS CPU, 16MB of RAM and a 640x480 display\u003c/li\u003e\n\u003cli\u003eYou can probably tell where this is going... the article is about installing NetBSD it\u003c/li\u003e\n\u003cli\u003e\u0026quot;What prevents me from taking my pristine Workpad z50 to the local electronics recycling  facility is NetBSD. With a little effort it is possible to install recent versions of NetBSD on the Workpad z50 and even have XWindows running\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe author got pkgsrc up and running on it too, and cleverly used distcc to offload the compiling jobs to something a bit more modern\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s also got a \u003ca href=\"https://www.youtube.com/watch?v=hSLVnSZKB9I\" rel=\"nofollow\"\u003ecouple\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=mIA-NWEHLM4\" rel=\"nofollow\"\u003evideos\u003c/a\u003e of the bootup process and running Xorg (neither of which we\u0026#39;d call \u0026quot;speedy\u0026quot; by any stretch of the imagination)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/04/from-trenches-tips-tricks-edition.html\" rel=\"nofollow\"\u003eFreeBSD from the trenches\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has a new blog post up in their \u0026quot;from the trenches\u0026quot; series, detailing FreeBSD in some real-world use cases\u003c/li\u003e\n\u003cli\u003eIn this installment, Glen Barber talks about how he sets up all his laptops with ZFS and GELI\u003c/li\u003e\n\u003cli\u003eWhile the installer allows for an automatic ZFS layout, Glen notes that it\u0026#39;s not a one-size-fits-all thing, and goes through doing everything manually\u003c/li\u003e\n\u003cli\u003eEach command is explained, and he walks you through the process of doing \u003ca href=\"http://www.bsdnow.tv/tutorials/fde\" rel=\"nofollow\"\u003ean encrypted installation\u003c/a\u003e on your root zpool\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-May/207671.html\" rel=\"nofollow\"\u003eBroadwell in DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFlyBSD has officially won the race to get an Intel Broadwell graphics driver\u003c/li\u003e\n\u003cli\u003eTheir i915 driver has been brought up to speed with Linux 3.14\u0026#39;s, adding not only Broadwell support, but many other bugfixes for other cards too\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s planned for commit to the main tree very soon, but you can test it out with a git branch for the time being\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s216QQcHyX\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21hGSk3c0\" rel=\"nofollow\"\u003eHunter writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20JwPw9Je\" rel=\"nofollow\"\u003eHrishi writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2x1GYr7y6\" rel=\"nofollow\"\u003eClint writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2swXxr2PX\" rel=\"nofollow\"\u003eSergei writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-advocacy/2015-May/004541.html\" rel=\"nofollow\"\u003eHow did you guess\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be talking with Ed Schouten about CloudABI. It's a new application binary interface with a strong focus on isolation and restricted capabilities. As always, all this week's BSD news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2015-05-06T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/26ef6d0e-ea2a-4032-88ee-121e1b2be033.mp3","mime_type":"audio/mpeg","size_in_bytes":67680724,"duration_in_seconds":5640}]},{"id":"56f4b27b-9384-4cb9-9877-d825f62815a7","title":"87: On the List","url":"https://www.bsdnow.tv/87","content_text":"Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nNew PAE support in OpenBSD\n\n\nOpenBSD has just added Physical Address Extention support to the i386 architecture, but it's probably not what you'd think of when you hear the term\nIn most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that\nInstead, this change specifically allows the system to use the No-eXecute Bit of the processor for the userland, further hardening the in-place memory protections\nOther operating systems enable the CPU feature without doing anything to the page table entries, so they do get the available memory expansion, but don't get the potential security benefit\nAs we discussed in a previous episode, the AMD64 platform already saw some major WX kernel and userland improvements - the i386 kernel reworking will begin shortly\nNot all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of WX that was already there\nThe AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8\n***\n\n\nBooting Windows in bhyve\n\n\nWork on FreeBSD's bhyve continues, and a big addition is on the way\nThus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, no Windows\nThis is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter\nGraphics emulation is still in the works; this image was taken by booting headless and using RDP\nA lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan)\nNot a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out\nAre you more interested in bhyve or Xen on FreeBSD? Email us your thoughts\n***\n\n\nMidnightBSD 0.6 released\n\n\nMidnightBSD is a smaller project we've not covered a lot on the show before\nIt's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use\nThey also have their own, smaller version of FreeBSD ports, called \"mports\"\nIf you're already using it, this new version is mainly a security and bugfix release\nIt syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions\nYou can check their site for more information about the project\nWe're trying to get the lead developer to come on for an interview, but haven't heard anything back yet\n***\n\n\nOpenBSD rewrites the file utility\n\n\nWe're all probably familiar with the traditional file command - it's been around since the 1970s\nFor anyone who doesn't know, it's used to determine what type of file something actually is\nThis tool doesn't see a lot of development these days, and it's had its share of security issues as well\nSome of those security issues remain unfixed in various BSDs even today, despite being publicly known for a while\nIt's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it\nWhen you think about it, file was technically designed to be used on untrusted files\nOpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny\nThis new version will, by default, run as an unprivileged user with no shell, and in a systrace sandbox, strictly limiting what system calls can be made\nWith these two things combined, it should drastically reduce the damage a malicious file could potentially do\nIan Darwin, the original author of the utility, saw the commit and replied, in what may be a moment in BSD history to remember\nIt'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version\nCoincidentally, the lead developer and current maintainer of file just happens to be our guest today…\n***\n\n\nInterview - Christos Zoulas - christos@netbsd.org\n\nblacklistd and NetBSD advocacy\n\n\n\nNews Roundup\n\nGSoC-accepted BSD projects\n\n\nThe Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list\nFreeBSD's list includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. memory compression and deduplication\nOpenBSD's list includes: asynchronous USB transfer submission from userland, ARM SD/MMC \u0026amp; controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... porting HAMMER FS to OpenBSD\nWe'll be sure to keep you up to date on developments from both projects\nHopefully the other BSDs will make the cut too next year\n***\n\n\nFreeBSD on the Gumstix Duovero\n\n\nIf you're not familiar with the Gumstix Duovero, it's an dual core ARM-based computer-on-module\nThey actually look more like a stick of RAM than a mini-computer\nThis article shows you how to build a FreeBSD -CURRENT image to run on them, using crochet-freebsd\nIf anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us\n***\n\n\nEU study recommends OpenBSD\n\n\nA recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools\nThis is especially important, in all countries, after the mass surveillance documents came out \n\"[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts.\"\nThe report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on\nAlongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: \"Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways\"\nReddit, Undeadly and Hacker News also had some discussion, particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with Voxer and M:Tier before\n***\n\n\nFreeBSD workflow with Git\n\n\nIf you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too\nThis mailing list post talks about interacting between the official source repository and the Git mirror\nThis makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved\n***\n\n\nFeedback/Questions\n\n\nSean writes in\nBryan writes in\nSean writes in\nCharles writes in\n***\n","content_html":"\u003cp\u003eComing up this time on the show, we\u0026#39;ll be speaking with Christos Zoulas, a NetBSD security officer. He\u0026#39;s got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We\u0026#39;ve also got answers to your emails and all this week\u0026#39;s news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142990524317070\u0026w=2\" rel=\"nofollow\"\u003eNew PAE support in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has just added \u003ca href=\"https://en.wikipedia.org/wiki/Physical_Address_Extension\" rel=\"nofollow\"\u003ePhysical Address Extention\u003c/a\u003e support to the i386 architecture, but it\u0026#39;s probably not what you\u0026#39;d think of when you hear the term\u003c/li\u003e\n\u003cli\u003eIn most operating systems, PAE\u0026#39;s main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn\u0026#39;t for that\u003c/li\u003e\n\u003cli\u003eInstead, this change specifically allows the system to use the \u003ca href=\"https://en.wikipedia.org/wiki/NX_bit#OpenBSD\" rel=\"nofollow\"\u003eNo-eXecute Bit\u003c/a\u003e of the processor for the userland, further hardening the in-place memory protections\u003c/li\u003e\n\u003cli\u003eOther operating systems enable the CPU feature without doing anything to the \u003ca href=\"https://en.wikipedia.org/wiki/Page_table#Role_of_the_page_table\" rel=\"nofollow\"\u003epage table entries\u003c/a\u003e, so they \u003cstrong\u003edo get\u003c/strong\u003e the available memory expansion, but \u003cstrong\u003edon\u0026#39;t get\u003c/strong\u003e the potential security benefit\u003c/li\u003e\n\u003cli\u003eAs we discussed in a \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach\" rel=\"nofollow\"\u003eprevious episode\u003c/a\u003e, the AMD64 platform already saw some major W\u003csup\u003eX\u003c/sup\u003e kernel \u003cstrong\u003eand\u003c/strong\u003e userland improvements - the i386 kernel reworking will begin shortly\u003c/li\u003e\n\u003cli\u003eNot all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W\u003csup\u003eX\u003c/sup\u003e that was already there\u003c/li\u003e\n\u003cli\u003eThe AMD64 improvements will be in 5.7, due out in just a couple days as of when we\u0026#39;re recording this, but the i386 improvements will likely be in 5.8\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://twitter.com/nahannisys/status/591733319357730816\" rel=\"nofollow\"\u003eBooting Windows in bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWork on FreeBSD\u0026#39;s \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind\" rel=\"nofollow\"\u003ebhyve\u003c/a\u003e continues, and a big addition is on the way\u003c/li\u003e\n\u003cli\u003eThus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, \u003cem\u003eno Windows\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eThis is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter\u003c/li\u003e\n\u003cli\u003eGraphics emulation is still in the works; this image was taken by booting headless and using RDP\u003c/li\u003e\n\u003cli\u003eA lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan)\u003c/li\u003e\n\u003cli\u003eNot a lot of details on the matter currently, but we\u0026#39;ll be sure to bring you more info as it comes out\u003c/li\u003e\n\u003cli\u003eAre you more interested in bhyve or Xen on FreeBSD? Email us your thoughts\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.midnightbsd.org/notes/\" rel=\"nofollow\"\u003eMidnightBSD 0.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMidnightBSD is a smaller project we\u0026#39;ve not covered a lot on the show before\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use\u003c/li\u003e\n\u003cli\u003eThey also have their own, smaller version of FreeBSD ports, called \u0026quot;mports\u0026quot;\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re already using it, this new version is mainly a security and bugfix release\u003c/li\u003e\n\u003cli\u003eIt syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions\u003c/li\u003e\n\u003cli\u003eYou can check \u003ca href=\"http://www.midnightbsd.org/about/\" rel=\"nofollow\"\u003etheir site\u003c/a\u003e for more information about the project\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;re trying to get the lead developer to come on for an interview, but haven\u0026#39;t heard anything back yet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142989267412968\u0026w=4\" rel=\"nofollow\"\u003eOpenBSD rewrites the file utility\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;re all probably familiar with the traditional \u003ca href=\"https://en.wikipedia.org/wiki/File_%28command%29\" rel=\"nofollow\"\u003efile\u003c/a\u003e command - it\u0026#39;s been around \u003ca href=\"http://darwinsys.com/file/\" rel=\"nofollow\"\u003esince the 1970s\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor anyone who doesn\u0026#39;t know, it\u0026#39;s used to determine what type of file something actually is\u003c/li\u003e\n\u003cli\u003eThis tool doesn\u0026#39;t see a lot of development these days, and it\u0026#39;s had its share of security issues as well\u003c/li\u003e\n\u003cli\u003eSome of those security issues \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141857001403570\u0026w=2\" rel=\"nofollow\"\u003eremain\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=freebsd-security\u0026m=142980545021888\u0026w=2\" rel=\"nofollow\"\u003eunfixed\u003c/a\u003e in various BSDs \u003cstrong\u003eeven today\u003c/strong\u003e, despite being publicly known for a while\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it\u003c/li\u003e\n\u003cli\u003eWhen you think about it, file was technically \u003cem\u003edesigned\u003c/em\u003e to be used on untrusted files\u003c/li\u003e\n\u003cli\u003eOpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny\u003c/li\u003e\n\u003cli\u003eThis new version will, by default, run \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143014212727213\u0026w=2\" rel=\"nofollow\"\u003eas an unprivileged user\u003c/a\u003e with no shell, and in a \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=143014276127454\u0026w=2\" rel=\"nofollow\"\u003esystrace sandbox\u003c/a\u003e, strictly limiting what system calls can be made\u003c/li\u003e\n\u003cli\u003eWith these two things combined, it should drastically reduce the damage a malicious file could potentially do\u003c/li\u003e\n\u003cli\u003eIan Darwin, the original author of the utility, \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142989483913635\u0026w=4\" rel=\"nofollow\"\u003esaw the commit and replied\u003c/a\u003e, in what may be a moment in BSD history to remember\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone\u0026#39;s already thrown together an unofficial portable version\u003c/li\u003e\n\u003cli\u003eCoincidentally, the lead developer and current maintainer of file just happens to be our guest today…\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Christos Zoulas - \u003ca href=\"mailto:christos@netbsd.org\" rel=\"nofollow\"\u003echristos@netbsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=0UKCAsezF3Q\" rel=\"nofollow\"\u003eblacklistd\u003c/a\u003e and NetBSD advocacy\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.google-melange.com/gsoc/projects/list/google/gsoc2015\" rel=\"nofollow\"\u003eGSoC-accepted BSD projects\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list\u003c/li\u003e\n\u003cli\u003eFreeBSD\u0026#39;s \u003ca href=\"https://wiki.freebsd.org/SummerOfCode2015Projects\" rel=\"nofollow\"\u003elist\u003c/a\u003e includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. \u003cstrong\u003ememory compression and deduplication\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eOpenBSD\u0026#39;s \u003ca href=\"http://www.openbsdfoundation.org/gsoc2015.html\" rel=\"nofollow\"\u003elist\u003c/a\u003e includes: asynchronous USB transfer submission from userland, ARM SD/MMC \u0026amp; controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... \u003cstrong\u003eporting HAMMER FS to OpenBSD\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll be sure to keep you up to date on developments from both projects\u003c/li\u003e\n\u003cli\u003eHopefully the other BSDs will make the cut too next year\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.jumpnowtek.com/gumstix-freebsd/FreeBSD-Duovero-build-workstation-setup.html\" rel=\"nofollow\"\u003eFreeBSD on the Gumstix Duovero\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;re not familiar with the Gumstix Duovero, it\u0026#39;s an dual core ARM-based \u003ca href=\"https://store.gumstix.com/index.php/coms/duovero-coms.html\" rel=\"nofollow\"\u003ecomputer-on-module\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThey actually look more like a stick of RAM than a mini-computer\u003c/li\u003e\n\u003cli\u003eThis article shows you how to build a FreeBSD -CURRENT image to run on them, using \u003ca href=\"https://github.com/freebsd/crochet\" rel=\"nofollow\"\u003ecrochet-freebsd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D\" rel=\"nofollow\"\u003eEU study recommends OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools\u003c/li\u003e\n\u003cli\u003eThis is especially important, in all countries, after the mass surveillance documents came out \u003c/li\u003e\n\u003cli\u003e\u0026quot;[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on\u003c/li\u003e\n\u003cli\u003eAlongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: \u0026quot;Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways\u0026quot;\u003c/li\u003e\n\u003cli\u003eReddit, Undeadly and Hacker News also \u003ca href=\"https://www.reddit.com/r/programming/comments/340xh3/eu_study_recommends_use_of_openbsd_for_its/\" rel=\"nofollow\"\u003ehad\u003c/a\u003e \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150427093546\" rel=\"nofollow\"\u003esome\u003c/a\u003e \u003ca href=\"https://news.ycombinator.com/item?id=9445831\" rel=\"nofollow\"\u003ediscussion\u003c/a\u003e, particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we\u0026#39;ve discussed with \u003ca href=\"http://www.bsdnow.tv/episodes/2014_10_08-behind_the_masq\" rel=\"nofollow\"\u003eVoxer\u003c/a\u003e and \u003ca href=\"http://www.bsdnow.tv/episodes/2015_04_22-business_as_usual\" rel=\"nofollow\"\u003eM:Tier\u003c/a\u003e before\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055551.html\" rel=\"nofollow\"\u003eFreeBSD workflow with Git\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;re interested in contributing to FreeBSD, but aren\u0026#39;t a big fan of SVN, they have a Github mirror too\u003c/li\u003e\n\u003cli\u003eThis mailing list post talks about interacting \u003ca href=\"https://wiki.freebsd.org/GitWorkflow/GitSvn\" rel=\"nofollow\"\u003ebetween\u003c/a\u003e the official source repository and the Git mirror\u003c/li\u003e\n\u003cli\u003eThis makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2vjh3ogvG\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20GMcWvKE\" rel=\"nofollow\"\u003eBryan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21M1imT3d\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s25ScxQSwb\" rel=\"nofollow\"\u003eCharles writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD.","date_published":"2015-04-29T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/56f4b27b-9384-4cb9-9877-d825f62815a7.mp3","mime_type":"audio/mpeg","size_in_bytes":58344340,"duration_in_seconds":4862}]},{"id":"299268e7-d000-4377-8a05-1d0b89b36c5c","title":"86: Business as Usual","url":"https://www.bsdnow.tv/86","content_text":"Coming up this time on the show, we'll be chatting with Antoine Jacoutot about how M:Tier uses BSD in their business. After that, we'll be discussing the different release models across the BSDs, and which style we like the most. As always, answers to your emails and all the latest news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOptimizing TLS for high bandwidth applications\n\n\nNetflix has released a report on some of their recent activities, pushing lots of traffic through TLS on FreeBSD\nTLS has traditionally had too much overhead for the levels of bandwidth they're using, so this pdf outlines some of their strategy in optimizing it\nThe sendfile() syscall (which nginx uses) isn't available when data is encrypted in userland\nTo get around this, Netflix is proposing to add TLS support to the FreeBSD kernel\nHaving encrypted movie streams would be pretty neat\n***\n\n\nCrypto in unexpected places\n\n\nOpenBSD is somewhat known for its integrated cryptography, right down to strong randomness in every place you could imagine (process IDs, TCP initial sequence numbers, etc)\nOne place you might not expect crypto to be used (or even needed) is in the \"ping\" utility, right? Well, think again \nDavid Gwynne recently committed a change that adds MAC to the ping timestamp payload\nBy default, it'll be filled with a ChaCha stream instead of an unvarying payload, and David says \"this lets us have some confidence that the timestamp hasn't been damaged or tampered with in transit\"\nNot only is this a security feature, but it should also help detect dodgy or malfunctioning network equipment going forward\nMaybe we can look forward to a cryptographically secure \"echo\" command next...\n***\n\n\nBroadwell in DragonFly\n\n\nThe DragonFlyBSD guys have started a new page on their wiki to discuss Broadwell hardware and its current status\nMatt Dillon, the project lead, recently bought some hardware with this chipset, and lays out what works and what doesn't work\nThe two main show-stoppers right now are the graphics and wireless, but they have someone who's already making progress with the GPU support\nWireless support will likely have to wait until FreeBSD gets it, then they'll port it back over\nNone of the BSDs currently have full Broadwell support, so stay tuned for further updates\n***\n\n\nDIY NAS software roundup\n\n\nIn this blog post, the author compares a few different software solutions for a network attached storage device\nHe puts FreeNAS, one of our favorites, up against a number of opponents - both BSD and Linux-based\nNAS4Free gets an honorable mention as well, particularly for its lower hardware requirements and sleek interface\nIf you've been thinking about putting together a NAS, but aren't quite comfortable enough to set it up by yourself yet, this article should give you a good view of the current big names\nSome competition is always good, gotta keep those guys on their toes\n***\n\n\nInterview - Antoine Jacoutot - ajacoutot@openbsd.org / @ajacoutot\n\nOpenBSD at M:Tier, business adoption of BSD, various topics\n\n\n\nNews Roundup\n\nOpenBSD on DigitalOcean\n\n\nWhen DigitalOcean rolled out initial support for FreeBSD, it was a great step in the right direction - we hoped that all the other BSDs would soon follow\nThis is not yet the case, but a blog article here has details on how you can install OpenBSD (and likely the others too) on your VPS\nUsing a -current snapshot and some swapfile trickery, it's possible to image an OpenBSD ramdisk installer onto an unmounted portion of the virtual disk\nAfter doing so, you just boot from their web UI-based console and can perform a standard installation \nYou will have to pay special attention to some details of the disk layout, but this article takes you through the entire process step by step\n***\n\n\nInitial ARM64 support lands in FreeBSD\n\n\nThe ARM64 architecture, sometimes called ARMv8 or AArch64, is a new generation of CPUs that will mostly be in embedded devices\nFreeBSD has just gotten support for this platform in the -CURRENT branch\nPreviously, it was only the beginnings of the kernel and enough bits to boot in QEMU - now a full build is possible\nWork should now start happening in the main source code tree, and hopefully they'll have full support in a branch soon\n***\n\n\nScripting with least privilege\n\n\nA new scripting language with a focus on privilege separation and running with only what's absolutely needed has been popular in the headlines lately\nShell scripts are used everywhere today: startup scripts, orchestration scripts for mass deployment, configuring and compiling software, etc.\nShill aims to answer the questions \"how do we limit the authority of scripts\" and \"how do we determine what authority is necessary\" by including a declarative security policy that's checked and enforced by the language runtime\nIf used on FreeBSD, Shill will use Capsicum for sandboxing\nYou can find some more of the technical information in their documentation pdf or watch their USENIX presentation video\nHacker News also had some discussion on the topic\n***\n\n\nOpenBSD first impressions\n\n\nA brand new BSD user has started documenting his experience through a series of blog posts\nFormerly a Linux guy, he's tried out FreeBSD and OpenBSD so far, and is currently working on an OpenBSD desktop\nThe first post goes into why he chose BSD at all, why he's switching away from Linux, how the initial transition has been, what you'll need to relearn and what he's got planned going forward\nHe's only been using OpenBSD for a few days as of the time this was written - we don't usually get to hear from people this early in on their BSD journey, so it offers a unique perspective\n***\n\n\nPCBSD and 4K oh my!\n\n\nYesterday, Kris got ahold of some 4K monitor hardware to test PC-BSD out\nThe short of it - It works great!\nMinor tweaks being made to some of the PC-BSD defaults to better accommodate 4K out of box\nThis particular model monitor ships with DisplayPort set to 1.1 mode only, switching it to 1.2 mode enables 60Hz properly\n***\n\n\nFeedback/Questions\n\n\nDarin writes in\nMitch writes in\n***\n\n\nDiscussion\n\nComparison of BSD release cycles\n\n\nFreeBSD, OpenBSD, NetBSD and DragonFlyBSD\n***\n","content_html":"\u003cp\u003eComing up this time on the show, we\u0026#39;ll be chatting with Antoine Jacoutot about how M:Tier uses BSD in their business. After that, we\u0026#39;ll be discussing the different release models across the BSDs, and which style we like the most. As always, answers to your emails and all the latest news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://people.freebsd.org/%7Errs/asiabsd_2015_tls.pdf\" rel=\"nofollow\"\u003eOptimizing TLS for high bandwidth applications\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetflix has released a report on some of their recent activities, pushing lots of traffic through TLS on FreeBSD\u003c/li\u003e\n\u003cli\u003eTLS has traditionally had too much overhead for the levels of bandwidth they\u0026#39;re using, so this pdf outlines some of their strategy in optimizing it\u003c/li\u003e\n\u003cli\u003eThe sendfile() syscall (which nginx uses) isn\u0026#39;t available when data is encrypted in userland\u003c/li\u003e\n\u003cli\u003eTo get around this, Netflix is proposing to add TLS support to the FreeBSD \u003cstrong\u003ekernel\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eHaving encrypted movie streams would be pretty neat\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142944822223482\u0026w=2\" rel=\"nofollow\"\u003eCrypto in unexpected places\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD is somewhat known for its integrated cryptography, right down to strong randomness in every place you could imagine (process IDs, TCP initial sequence numbers, etc)\u003c/li\u003e\n\u003cli\u003eOne place you might not expect crypto to be used (or even needed) is in the \u0026quot;ping\u0026quot; utility, right? Well, think again \u003c/li\u003e\n\u003cli\u003eDavid Gwynne recently \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142944754923359\u0026w=2\" rel=\"nofollow\"\u003ecommitted\u003c/a\u003e a change that adds \u003ca href=\"https://en.wikipedia.org/wiki/Message_authentication_code\" rel=\"nofollow\"\u003eMAC\u003c/a\u003e to the ping timestamp payload\u003c/li\u003e\n\u003cli\u003eBy default, it\u0026#39;ll be filled with a ChaCha stream instead of an unvarying payload, and David says \u0026quot;this lets us have some confidence that the timestamp hasn\u0026#39;t been damaged or tampered with in transit\u0026quot;\u003c/li\u003e\n\u003cli\u003eNot only is this a security feature, but it should also help detect dodgy or malfunctioning network equipment going forward\u003c/li\u003e\n\u003cli\u003eMaybe we can look forward to a cryptographically secure \u0026quot;echo\u0026quot; command next...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/docs/newhandbook/docs/newhandbook/BroadwellBoxes/\" rel=\"nofollow\"\u003eBroadwell in DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe DragonFlyBSD guys have started a new page on their wiki to discuss Broadwell hardware and its current status\u003c/li\u003e\n\u003cli\u003eMatt Dillon, the project lead, recently bought some hardware with this chipset, and lays out what works and what doesn\u0026#39;t work\u003c/li\u003e\n\u003cli\u003eThe two main show-stoppers right now are the graphics and wireless, but they have someone who\u0026#39;s already making progress with the GPU support\u003c/li\u003e\n\u003cli\u003eWireless support will likely have to wait until FreeBSD gets it, then they\u0026#39;ll port it back over\u003c/li\u003e\n\u003cli\u003eNone of the BSDs currently have full Broadwell support, so stay tuned for further updates\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.brianmoses.net/2015/04/diy-nas-software-roundup.html\" rel=\"nofollow\"\u003eDIY NAS software roundup\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this blog post, the author compares a few different software solutions for a network attached storage device\u003c/li\u003e\n\u003cli\u003eHe puts FreeNAS, one of our favorites, up against a number of opponents - both BSD and Linux-based\u003c/li\u003e\n\u003cli\u003eNAS4Free gets an honorable mention as well, particularly for its lower hardware requirements and sleek interface\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been thinking about putting together a NAS, but aren\u0026#39;t quite comfortable enough to set it up by yourself yet, this article should give you a good view of the current big names\u003c/li\u003e\n\u003cli\u003eSome competition is always good, gotta keep those guys on their toes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Antoine Jacoutot - \u003ca href=\"mailto:ajacoutot@openbsd.org\" rel=\"nofollow\"\u003eajacoutot@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/ajacoutot\" rel=\"nofollow\"\u003e@ajacoutot\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD at \u003ca href=\"http://www.mtier.org/about-us/\" rel=\"nofollow\"\u003eM:Tier\u003c/a\u003e, business adoption of BSD, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tubsta.com/2015/04/openbsd-on-digital-ocean/\" rel=\"nofollow\"\u003eOpenBSD on DigitalOcean\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhen DigitalOcean rolled out initial support for FreeBSD, it was a great step in the right direction - we hoped that all the other BSDs would soon follow\u003c/li\u003e\n\u003cli\u003eThis is not yet the case, but a blog article here has details on how you can install OpenBSD (and likely the others too) on your VPS\u003c/li\u003e\n\u003cli\u003eUsing a -current snapshot and some swapfile trickery, it\u0026#39;s possible to image an OpenBSD ramdisk installer onto an unmounted portion of the virtual disk\u003c/li\u003e\n\u003cli\u003eAfter doing so, you just boot from their web UI-based console and can perform a standard installation \u003c/li\u003e\n\u003cli\u003eYou will have to pay special attention to some details of the disk layout, but this article takes you through the entire process step by step\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=281494\" rel=\"nofollow\"\u003eInitial ARM64 support lands in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ARM64 architecture, sometimes called \u003ca href=\"https://wiki.freebsd.org/arm64\" rel=\"nofollow\"\u003eARMv8 or AArch64\u003c/a\u003e, is a new generation of CPUs that will mostly be in embedded devices\u003c/li\u003e\n\u003cli\u003eFreeBSD has just gotten support for this platform in the -CURRENT branch\u003c/li\u003e\n\u003cli\u003ePreviously, it was only the beginnings of the kernel and enough bits to boot in QEMU - now \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-testing/2015-April/000918.html\" rel=\"nofollow\"\u003ea full build\u003c/a\u003e is possible\u003c/li\u003e\n\u003cli\u003eWork should now start happening in the main source code tree, and hopefully they\u0026#39;ll have full support in a branch soon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://shill.seas.harvard.edu/\" rel=\"nofollow\"\u003eScripting with least privilege\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new scripting language with a focus on privilege separation and running with only what\u0026#39;s absolutely needed has been popular in the headlines lately\u003c/li\u003e\n\u003cli\u003eShell scripts are used everywhere today: startup scripts, orchestration scripts for mass deployment, configuring and compiling software, etc.\u003c/li\u003e\n\u003cli\u003eShill aims to answer the questions \u0026quot;how do we limit the authority of scripts\u0026quot; and \u0026quot;how do we determine what authority is necessary\u0026quot; by including a declarative security policy that\u0026#39;s checked and enforced by the language runtime\u003c/li\u003e\n\u003cli\u003eIf used on FreeBSD, Shill will use Capsicum for sandboxing\u003c/li\u003e\n\u003cli\u003eYou can find some more of the technical information in their \u003ca href=\"http://shill.seas.harvard.edu/shill-osdi-2014.pdf\" rel=\"nofollow\"\u003edocumentation pdf\u003c/a\u003e or watch their \u003ca href=\"https://2459d6dc103cb5933875-c0245c5c937c5dedcca3f1764ecc9b2f.ssl.cf2.rackcdn.com/osdi14/moore.mp4\" rel=\"nofollow\"\u003eUSENIX presentation\u003c/a\u003e video\u003c/li\u003e\n\u003cli\u003eHacker News also \u003ca href=\"https://news.ycombinator.com/item?id=9328277\" rel=\"nofollow\"\u003ehad some discussion\u003c/a\u003e on the topic\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.greduan.com/2015-04-19-mstobfi.html\" rel=\"nofollow\"\u003eOpenBSD first impressions\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA brand new BSD user has started documenting his experience through a series of blog posts\u003c/li\u003e\n\u003cli\u003eFormerly a Linux guy, he\u0026#39;s tried out FreeBSD and OpenBSD so far, and is currently working on an OpenBSD desktop\u003c/li\u003e\n\u003cli\u003eThe first post goes into why he chose BSD at all, why he\u0026#39;s switching away from Linux, how the initial transition has been, what you\u0026#39;ll need to relearn and what he\u0026#39;s got planned going forward\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s only been using OpenBSD for a few days as of the time this was written - we don\u0026#39;t usually get to hear from people this early in on their BSD journey, so it offers a unique perspective\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/04/pc-bsd-and-4k-oh-my/\" rel=\"nofollow\"\u003ePCBSD and 4K oh my!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYesterday, Kris got ahold of some 4K monitor hardware to test PC-BSD out\u003c/li\u003e\n\u003cli\u003eThe short of it - It works great!\u003c/li\u003e\n\u003cli\u003eMinor tweaks being made to some of the PC-BSD defaults to better accommodate 4K out of box\u003c/li\u003e\n\u003cli\u003eThis particular model monitor ships with DisplayPort set to 1.1 mode only, switching it to 1.2 mode enables 60Hz properly\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21kFuvAFs\" rel=\"nofollow\"\u003eDarin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2nf4o9p4E\" rel=\"nofollow\"\u003eMitch writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eDiscussion\u003c/h2\u003e\n\n\u003ch3\u003eComparison of BSD release cycles\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/introduction.html#idp55486416\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e, \u003ca href=\"http://www.openbsd.org/faq/faq5.html#Flavors\" rel=\"nofollow\"\u003eOpenBSD\u003c/a\u003e, \u003ca href=\"https://www.netbsd.org/releases/release-map.html\" rel=\"nofollow\"\u003eNetBSD\u003c/a\u003e and \u003ca href=\"https://www.dragonflybsd.org/releases/\" rel=\"nofollow\"\u003eDragonFlyBSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this time on the show, we'll be chatting with Antoine Jacoutot about how M:Tier uses BSD in their business. After that, we'll be discussing the different release models across the BSDs, and which style we like the most. As always, answers to your emails and all the latest news, on BSD Now - the place to B.. SD.","date_published":"2015-04-22T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/299268e7-d000-4377-8a05-1d0b89b36c5c.mp3","mime_type":"audio/mpeg","size_in_bytes":75048916,"duration_in_seconds":6254}]},{"id":"7b947cd6-04e4-4210-a3a1-3f80d96ccc79","title":"85: PIE in the Sky","url":"https://www.bsdnow.tv/85","content_text":"This time on the show, we'll be talking with Pascal Stumpf about static PIE in the upcoming OpenBSD release. He'll tell us what types of attacks it prevents, and why it's such a big deal. We've also got answers to questions from you in the audience and all this week's news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nSolaris' networking future is with OpenBSD\n\n\nA curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists\nIt was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF\nFor anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues\nWhat's more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting\nThis blog post goes through some of the backstory of the two firewalls\nPF is in a lot of places - other BSDs, Mac OS X and iOS - but there are plenty of other OpenBSD-developed technologies end up ported to other projects too\n\"Many of the world's largest corporations and government agencies are heavy Solaris users, meaning that even if you're neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD's PF for their filtering needs, we will all be benefiting even more from the OpenBSD project's emphasis on correctness, quality and security\"\nYou're welcome, Oracle\n***\n\n\nBAFUG discussion videos\n\n\nThe Bay Area FreeBSD users group has been uploading some videos from their recent meetings\nSean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)\nCraig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework\nLastly, Kip Macy gave a talk titled \"network stack changes, user-level FreeBSD\"\nThe main two subjects there are some network stack changes, and how to get more people contributing, but there's also open discussion about a variety of FreeBSD topics\nIf you're close to the Bay Area in California, be sure to check out their group and attend a meeting sometime\n***\n\n\nMore than just a makefile\n\n\nIf you're not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux\nThis blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs\nAs it turns out, the ports system really isn't that different from a binary package manager - they are what's used to create binary packages, after all\nThe author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream\nAfter that, he shows you how to get your new port tested, if you're interesting in doing some porting yourself, and getting involved with the rest of the community\nThis post is very long and there's a lot more to it, so check it out (and more discussion on Hacker News)\n***\n\n\nSecuring your home fences\n\n\nHopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now\nWe hear from a lot of users who want to set up some kind of BSD-based firewall, but don't hear back from them after they've done it.. until now\nIn this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board\nHe notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration\nThe post covers all the hardware you'll need, getting the OS installed to a flash drive or SD card and going through the whole process\nFinally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up\nIf you don't have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)\nWe love super-detailed guides like this, so everyone should write more and send them to us immediately\n***\n\n\nInterview - Pascal Stumpf - pascal@openbsd.org\n\nStatic PIE in OpenBSD\n\n\n\nNews Roundup\n\nLLVM's new libFuzzer\n\n\nWe've discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility\nIt looks like LLVM is going to have their own fuzzing tool too now\nThe Clang and LLVM guys are no strangers to this type of code testing, but decided to \"close the loop\" and start fuzzing parts of LLVM (including Clang) using LLVM itself\nWith Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future\n***\n\n\nHardenedBSD upgrades secadm\n\n\nThe HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support\nWe covered both the secadm tool and integriforce in previous episodes, but the short version is that it's a way to prevent files from being altered (even as root)\nTheir integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now\n***\n\n\nRAID5 returns to OpenBSD\n\n\nOpenBSD's softraid subsystem, somewhat similar to FreeBSD's GEOM, has had experimental RAID5 support for a while\nHowever, it was exactly that - experimental - and required a recompile to enable\nWith some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds\nNow it's on by default, and there's a call for testing being put out, so grab a snapshot and put the code through its paces\nThe bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the \"do you want to enable DUIDs?\" question entirely\n***\n\n\npkgng 1.5.0 released\n\n\nGoing back to what we talked about last week, the final version of pkgng 1.5.0 is out\nThe \"provides\" and \"requires\" support is finally in a regular release\nA new \"-r\" switch will allow for direct installation to a chroot or alternate root directory\nMemory usage should be much better now, and some general code speed-ups were added\nThis version also introduces support for Mac OS X, NetBSD and EdgeBSD - it'll be interesting to see if anything comes of that\nMany more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt)\n***\n\n\np2k15 hackathon reports\n\n\nThere was another OpenBSD hackathon that just finished up in the UK - this time it was mainly for ports work\nAs usual, the developers sent in reports of some of the things they got done at the event\nLandry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit\nStefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn't provide any hardware documentation, as well as updating some of the games in ports\nKen Westerback also sent in a report, but decided to be a rebel and not work on ports at all - he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier\n***\n\n\nFeedback/Questions\n\n\nShaun writes in\nHrishi writes in\nRandy writes in\nZach writes in\nBen writes in\n***\n\n\nMailing List Gold\n\n\nGstreamer hates us\nAt least he's honest\nI find myself in a situation\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be talking with Pascal Stumpf about static PIE in the upcoming OpenBSD release. He\u0026#39;ll tell us what types of attacks it prevents, and why it\u0026#39;s such a big deal. We\u0026#39;ve also got answers to questions from you in the audience and all this week\u0026#39;s news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2015/04/solaris-admins-for-glimpse-of-your.html\" rel=\"nofollow\"\u003eSolaris\u0026#39; networking future is with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA curious patch from someone with an Oracle email address was \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142822852613581\u0026w=2\" rel=\"nofollow\"\u003erecently sent in\u003c/a\u003e to one of the OpenBSD mailing lists\u003c/li\u003e\n\u003cli\u003eIt was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the \u003cstrong\u003ecurrent\u003c/strong\u003e version of PF\u003c/li\u003e\n\u003cli\u003eFor anyone unfamiliar with the history of PF, it was actually made \u003cem\u003eas a replacement for\u003c/em\u003e IPFilter in OpenBSD, due to some licensing issues\u003c/li\u003e\n\u003cli\u003eWhat\u0026#39;s more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting\u003c/li\u003e\n\u003cli\u003eThis blog post goes through some of the backstory of the two firewalls\u003c/li\u003e\n\u003cli\u003ePF is in a lot of places - other BSDs, Mac OS X and iOS - but there are plenty of other OpenBSD-developed technologies end up ported to other projects too\u003c/li\u003e\n\u003cli\u003e\u0026quot;Many of the world\u0026#39;s largest corporations and government agencies are heavy Solaris users, meaning that even if you\u0026#39;re neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD\u0026#39;s PF for their filtering needs, we will all be benefiting even more from the OpenBSD project\u0026#39;s emphasis on correctness, quality and security\u0026quot;\u003c/li\u003e\n\u003cli\u003eYou\u0026#39;re welcome, Oracle\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=Cb--h-iOQEM#t=15\" rel=\"nofollow\"\u003eBAFUG discussion videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Bay Area FreeBSD users group has been uploading some videos from their recent meetings\u003c/li\u003e\n\u003cli\u003eSean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)\u003c/li\u003e\n\u003cli\u003eCraig Rodrigues also gave \u003ca href=\"https://www.youtube.com/watch?v=kPs8Dni_g3M#t=15\" rel=\"nofollow\"\u003ea talk\u003c/a\u003e about Kyua and the FreeBSD testing framework\u003c/li\u003e\n\u003cli\u003eLastly, Kip Macy gave \u003ca href=\"https://www.youtube.com/watch?v=Q13WtuqbZ7E#t=15\" rel=\"nofollow\"\u003ea talk\u003c/a\u003e titled \u0026quot;network stack changes, user-level FreeBSD\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe main two subjects there are some network stack changes, and how to get more people contributing, but there\u0026#39;s also open discussion about a variety of FreeBSD topics\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re close to the Bay Area in California, be sure to check out their group and attend a meeting sometime\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://homing-on-code.blogspot.com/2015/04/ports-are-more-than-just-makefile.html\" rel=\"nofollow\"\u003eMore than just a makefile\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;re not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux\u003c/li\u003e\n\u003cli\u003eThis blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs\u003c/li\u003e\n\u003cli\u003eAs it turns out, the ports system really isn\u0026#39;t that different from a binary package manager - they are what\u0026#39;s \u003cem\u003eused\u003c/em\u003e to create binary packages, after all\u003c/li\u003e\n\u003cli\u003eThe author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream\u003c/li\u003e\n\u003cli\u003eAfter that, he shows you how to get your new port tested, if you\u0026#39;re interesting in doing some porting yourself, and getting involved with the rest of the community\u003c/li\u003e\n\u003cli\u003eThis post is very long and there\u0026#39;s a lot more to it, so check it out (and more discussion \u003ca href=\"https://news.ycombinator.com/item?id=9360827\" rel=\"nofollow\"\u003eon Hacker News\u003c/a\u003e)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.scip.ch/en/?labs.20150409\" rel=\"nofollow\"\u003eSecuring your home fences\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHopefully all our listeners have realized that trusting your network(s) to a consumer router is a \u003ca href=\"http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/\" rel=\"nofollow\"\u003ebad\u003c/a\u003e \u003ca href=\"https://threatpost.com/12-million-home-routers-vulnerable-to-takeover/109970\" rel=\"nofollow\"\u003eidea\u003c/a\u003e by now\u003c/li\u003e\n\u003cli\u003eWe hear from a lot of users who want to set up some kind of BSD-based firewall, but don\u0026#39;t hear back from them after they\u0026#39;ve done it.. until now\u003c/li\u003e\n\u003cli\u003eIn this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines \u003ca href=\"http://www.pcengines.ch/apu1d4.htm\" rel=\"nofollow\"\u003eAPU board\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHe notes that you have a lot of options software-wise, including vanilla \u003ca href=\"http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e, \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eOpenBSD\u003c/a\u003e or even Linux, but decided to go with OPNsense because of the easy interface and configuration\u003c/li\u003e\n\u003cli\u003eThe post covers all the hardware you\u0026#39;ll need, getting the OS installed to a flash drive or SD card and going through the whole process\u003c/li\u003e\n\u003cli\u003eFinally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up\u003c/li\u003e\n\u003cli\u003eIf you don\u0026#39;t have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)\u003c/li\u003e\n\u003cli\u003eWe love super-detailed guides like this, so everyone should write more and send them to us immediately\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Pascal Stumpf - \u003ca href=\"mailto:pascal@openbsd.org\" rel=\"nofollow\"\u003epascal@openbsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eStatic PIE in OpenBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.llvm.org/2015/04/fuzz-all-clangs.html\" rel=\"nofollow\"\u003eLLVM\u0026#39;s new libFuzzer\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility\u003c/li\u003e\n\u003cli\u003eIt looks like LLVM is going to have their own fuzzing tool too now\u003c/li\u003e\n\u003cli\u003eThe Clang and LLVM guys are no strangers to this type of code testing, but decided to \u0026quot;close the loop\u0026quot; and start fuzzing parts of LLVM (including Clang) using LLVM itself\u003c/li\u003e\n\u003cli\u003eWith Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hardenedbsd.org/article/shawn-webb/2015-04-14/introducing-secadm-02\" rel=\"nofollow\"\u003eHardenedBSD upgrades secadm\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support\u003c/li\u003e\n\u003cli\u003eWe covered both the secadm tool and integriforce in previous episodes, but the short version is that it\u0026#39;s a way to prevent files from being altered (even as root)\u003c/li\u003e\n\u003cli\u003eTheir integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142877132517229\u0026w=2\" rel=\"nofollow\"\u003eRAID5 returns to OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD\u0026#39;s \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4\" rel=\"nofollow\"\u003esoftraid\u003c/a\u003e subsystem, somewhat similar to FreeBSD\u0026#39;s GEOM, has had experimental RAID5 support for a while\u003c/li\u003e\n\u003cli\u003eHowever, it was exactly that - experimental - and required a recompile to enable\u003c/li\u003e\n\u003cli\u003eWith some work from recent hackathons, the \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142876943116907\u0026w=2\" rel=\"nofollow\"\u003efinal piece\u003c/a\u003e was added to enable resuming partial array rebuilds\u003c/li\u003e\n\u003cli\u003eNow it\u0026#39;s \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142877026917030\u0026w=2\" rel=\"nofollow\"\u003eon by default\u003c/a\u003e, and there\u0026#39;s a call for testing being put out, so grab a snapshot and put the code through its paces\u003c/li\u003e\n\u003cli\u003eThe bioctl softraid command also \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142877223817406\u0026w=2\" rel=\"nofollow\"\u003enow supports\u003c/a\u003e DUIDs during pseudo-device detachment, possibly paving the way for the installer to \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142643313416298\u0026w=2\" rel=\"nofollow\"\u003edrop\u003c/a\u003e the \u0026quot;do you want to enable DUIDs?\u0026quot; question entirely\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055463.html\" rel=\"nofollow\"\u003epkgng 1.5.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGoing back to what we \u003ca href=\"http://www.bsdnow.tv/episodes/2015_04_08-pkg_remove_freebsd-update\" rel=\"nofollow\"\u003etalked about last week\u003c/a\u003e, the final version of pkgng 1.5.0 is out\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;provides\u0026quot; and \u0026quot;requires\u0026quot; support is finally in a regular release\u003c/li\u003e\n\u003cli\u003eA new \u0026quot;-r\u0026quot; switch will allow for direct installation to a chroot or alternate root directory\u003c/li\u003e\n\u003cli\u003eMemory usage should be much better now, and some general code speed-ups were added\u003c/li\u003e\n\u003cli\u003eThis version also introduces support for Mac OS X, NetBSD and EdgeBSD - it\u0026#39;ll be interesting to see if anything comes of that\u003c/li\u003e\n\u003cli\u003eMany more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150411160247\" rel=\"nofollow\"\u003ep2k15 hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was another OpenBSD hackathon that just finished up in the UK - this time it was mainly for ports work\u003c/li\u003e\n\u003cli\u003eAs usual, the developers sent in reports of some of the things they got done at the event\u003c/li\u003e\n\u003cli\u003eLandry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit\u003c/li\u003e\n\u003cli\u003eStefan Sperling \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150414064710\" rel=\"nofollow\"\u003ewrote in\u003c/a\u003e, detailing his work with wireless chipsets, specifically when the vendor doesn\u0026#39;t provide any hardware documentation, as well as updating some of the games in ports\u003c/li\u003e\n\u003cli\u003eKen Westerback \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150413163333\" rel=\"nofollow\"\u003ealso sent in a report\u003c/a\u003e, but decided to be a rebel and not work on ports at all - he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2iNBo2swq\" rel=\"nofollow\"\u003eShaun writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s202BRLwrd\" rel=\"nofollow\"\u003eHrishi writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2KT7M35uY\" rel=\"nofollow\"\u003eRandy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Q5lOoxzl\" rel=\"nofollow\"\u003eZach writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ynDjuzVi\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-ports\u0026m=142884995931428\u0026w=2\" rel=\"nofollow\"\u003eGstreamer hates us\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.torproject.org/pipermail/tor-relays/2015-April/006765.html\" rel=\"nofollow\"\u003eAt least he\u0026#39;s honest\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055390.html\" rel=\"nofollow\"\u003eI find myself in a situation\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be talking with Pascal Stumpf about static PIE in the upcoming OpenBSD release. He'll tell us what types of attacks it prevents, and why it's such a big deal. We've also got answers to questions from you in the audience and all this week's news, on BSD Now - the place to B.. SD.","date_published":"2015-04-15T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7b947cd6-04e4-4210-a3a1-3f80d96ccc79.mp3","mime_type":"audio/mpeg","size_in_bytes":58114516,"duration_in_seconds":4842}]},{"id":"88c9bd14-b1bf-4d45-96b6-9af12b44d40b","title":"84: pkg remove freebsd-update","url":"https://www.bsdnow.tv/84","content_text":"On this week's mini-episode, we'll be talking with Baptiste Daroussin about packaging the FreeBSD base system with pkgng. Is this the best way going forward, or are we getting dangerously close to being Linux-like? We'll find out, and also get to a couple of your emails while we're at it, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nXen dom0 in FreeBSD 11-CURRENT\n\n\nFreeBSD has just gotten dom0 support for the Xen hypervisor, something NetBSD has had for a while now\nThe ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base\nIt's currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we'll likely see it when 11.0 comes out\nHow will this affect interest in Bhyve?\n***\n\n\nA tale of two educational moments\n\n\nHere we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project\nIt's split into two stories: one that could've gone better, and one that went really well\nFor the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies\nExperience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours - but wasn't so encouraging about getting it committed\nIn the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user's workflow considerably with just a few tips\nThe lesson to take away from this is that we can all help out to encourage and assist new users - everyone was a newbie once\n***\n\n\nWhat's coming in NetBSD 7\n\n\nWe first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn't been released and there hasn't been much public info about it\nThis blog post outlines some of the bigger features that we can expect to see when it actually does come out\nTheir total platform count is now over 70, so you'd be hard-pressed to find something that it doesn't run on\nThere have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards)\nMany ARM boards now have full SMP support\nClang has also finally made its way into the base system, something we're glad to see, and it should be able to build the base OS on i386, AMD64 and ARM - other architectures are still a WIP\nIn the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc\nNetBSD's in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0\nLooking to the future, NetBSD hopes to integrate a stable ZFS implementation later on\n***\n\n\nOpenZFS office hours\n\n\nWe mentioned a couple weeks back that the OpenZFS office hours series was starting back up\nThey've just uploaded the recording of their most recent freeform discussion, with Justin Gibbs being the main presenter\nIn it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more\n***\n\n\nInterview - Baptiste Daroussin - bapt@freebsd.org\n\nPackaging the FreeBSD base system with pkgng\n\n\n\nDiscussion\n\nPackaging the FreeBSD base system with pkgng (follow-up)\n\n\n\nFeedback/Questions\n\n\nJeff writes in\nAnonymous writes in\nAlex writes in\nJoris writes in\n***\n\n\nMailing List Gold\n\n\nok feedback@\n***\n","content_html":"\u003cp\u003eOn this week\u0026#39;s mini-episode, we\u0026#39;ll be talking with Baptiste Daroussin about packaging the FreeBSD base system with pkgng. Is this the best way going forward, or are we getting dangerously close to being Linux-like? We\u0026#39;ll find out, and also get to a couple of your emails while we\u0026#39;re at it, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=382965\" rel=\"nofollow\"\u003eXen dom0 in FreeBSD 11-CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD has just gotten \u003ca href=\"http://wiki.xen.org/wiki/Dom0\" rel=\"nofollow\"\u003edom0\u003c/a\u003e support for the Xen hypervisor, something \u003ca href=\"http://wiki.netbsd.org/ports/xen/howto/#netbsd-dom0\" rel=\"nofollow\"\u003eNetBSD has had\u003c/a\u003e for a while now\u003c/li\u003e\n\u003cli\u003eThe ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we\u0026#39;ll likely see it when 11.0 comes out\u003c/li\u003e\n\u003cli\u003eHow will this affect interest in Bhyve?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.anthrobsd.net/044.html\" rel=\"nofollow\"\u003eA tale of two educational moments\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s split into two stories: one that could\u0026#39;ve gone better, and one that went really well\u003c/li\u003e\n\u003cli\u003eFor the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies\u003c/li\u003e\n\u003cli\u003eExperience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours - but wasn\u0026#39;t so encouraging about getting it committed\u003c/li\u003e\n\u003cli\u003eIn the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user\u0026#39;s workflow considerably with just a few tips\u003c/li\u003e\n\u003cli\u003eThe lesson to take away from this is that we can all help out to encourage and assist new users - everyone was a newbie once\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://saveosx.org/NetBSD7/\" rel=\"nofollow\"\u003eWhat\u0026#39;s coming in NetBSD 7\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn\u0026#39;t been released and there hasn\u0026#39;t been much public info about it\u003c/li\u003e\n\u003cli\u003eThis blog post outlines some of the bigger features that we can expect to see when it actually does come out\u003c/li\u003e\n\u003cli\u003eTheir total platform count is now over 70, so you\u0026#39;d be hard-pressed to find something that it doesn\u0026#39;t run on\u003c/li\u003e\n\u003cli\u003eThere have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards)\u003c/li\u003e\n\u003cli\u003eMany ARM boards now have full SMP support\u003c/li\u003e\n\u003cli\u003eClang has also finally made its way into the base system, something we\u0026#39;re glad to see, and it should be able to build the base OS on i386, AMD64 and ARM - other architectures are still a WIP\u003c/li\u003e\n\u003cli\u003eIn the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc\u003c/li\u003e\n\u003cli\u003eNetBSD\u0026#39;s in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0\u003c/li\u003e\n\u003cli\u003eLooking to the future, NetBSD hopes to integrate a stable ZFS implementation later on\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=mS4bfbEq46I\" rel=\"nofollow\"\u003eOpenZFS office hours\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned a couple weeks back that the OpenZFS office hours series was starting back up\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve just uploaded the recording of their most recent freeform discussion, with \u003ca href=\"http://www.bsdnow.tv/episodes/2015_03_11-the_pcbsd_tour_ii\" rel=\"nofollow\"\u003eJustin Gibbs\u003c/a\u003e being the main presenter\u003c/li\u003e\n\u003cli\u003eIn it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Baptiste Daroussin - \u003ca href=\"mailto:bapt@freebsd.org\" rel=\"nofollow\"\u003ebapt@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003ePackaging the FreeBSD base system with pkgng\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eDiscussion\u003c/h2\u003e\n\n\u003ch3\u003ePackaging the FreeBSD base system with pkgng (follow-up)\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20AWp6Av1\" rel=\"nofollow\"\u003eJeff writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20QiFcdh8\" rel=\"nofollow\"\u003eAnonymous writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2YzZlswaB\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Mx9TopQ\" rel=\"nofollow\"\u003eJoris writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-ports\u0026m=142679136422432\u0026w=2\" rel=\"nofollow\"\u003eok feedback@\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On this week's mini-episode, we'll be talking with Baptiste Daroussin about packaging the FreeBSD base system with pkgng. Is this the best way going forward, or are we getting dangerously close to being Linux-like? We'll find out, and also get to a couple of your emails while we're at it, on BSD Now - the place to B.. SD.","date_published":"2015-04-08T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/88c9bd14-b1bf-4d45-96b6-9af12b44d40b.mp3","mime_type":"audio/mpeg","size_in_bytes":53948308,"duration_in_seconds":4495}]},{"id":"6b7846ec-2bb1-475f-aead-9fa2dd2d70ef","title":"83: woN DSB","url":"https://www.bsdnow.tv/83","content_text":"Coming up this week on the show, we'll be talking to Kamila Součková, a Google intern. She's been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week's news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMajor changes coming in PCBSD 11\n\n\nThe PCBSD team has announced that version 11.0 will have some more pretty big changes (as they've been known to do lately with NTP daemons and firewalls)\nSwitching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users\nTo solve this, they've ported over Linux's iptables, giving users a much more straightforward configuration\nWhile ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward\nSince the FreeBSD kernel doesn't support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough\nPeople often complain about PCBSD's huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager\nTo reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy\nAs we've mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its \"life preserver\" utility, making it simple to manage multiple snapshots too\nTo test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users' files - hope you had that stuff backed up\n***\n\n\nNetBSD and FreeBSD join forces\n\n\nThe BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from\nWhat's more, none of them have any specific areas they focus on or anything like that (they're all basically the same)\nThat situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to FretBSD\nWithin a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server\nAs UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load\nWith FretBSD, your toaster can now run ZFS, so you'll never need to worry about the bread becoming silently corrupted again\n***\n\n\nPuffy in the cloud\n\n\nIf you've ever wanted to set up a backup server, especially for family members or someone who's not as technology-savvy, you've probably realized there are a lot of options\nThis post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon\nDoing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc\nHe also mentions our pf tutorial being helpful in blocking script kiddies from hammering the box\nBe sure to encourage your less-technical friends to always back up their important data\n***\n\n\nNetBSD at AsiaBSDCon\n\n\nSome NetBSD developers have put together a report of what they did at the most recent event in Tokyo\nIt includes a wrap-up of the event, as well as a list of presentations that NetBSD developers gave\nHave you ever wanted even more pictures of NetBSD running on lots of devices? There's a never-ending supply, apparently\nAt the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded pictures of all of them\nThere's also a video of an OMRON LUNA-II running the luna68k port\n***\n\n\nInterview - Kamila Součková - kamila@ksp.sk / @anotherkamila\n\nBSD conferences, Google Summer of Code, various topics\n\n\n\nNews Roundup\n\nFreeBSD foundation March update\n\n\nThe FreeBSD foundation has published their March update for fundraising and sponsored projects\nIn the document, you'll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update\nThey also mention our interview with the foundation president - be sure to check it out if you haven't\n***\n\n\nInside OpenBSD's new httpd\n\n\nBSD news continues to dominate mainstream tech news sites… well not really, but they talk about it once in a while\nThe SD Times is featuring an article about OpenBSD's in-house HTTP server, after seeing Reyk's AsiaBSDCon presentation about it (which he's giving at BSDCan this year, too)\nIn this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter\nSince the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in\nThe post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy)\n***\n\n\nUsing poudriere without OpenSSL\n\n\nLast week we talked about using LibreSSL in FreeBSD for all your ports\nOne of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to\nThis blog post shows how to completely strip OpenSSL out of the poudriere build jails, something that's a lot more difficult than you'd think\nIf you're a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly\n***\n\n\nHAMMER and GPT in OpenBSD\n\n\nSomeone, presumably a Google Summer of Code student, wrote in to the lists about his HAMMER FS porting proposal\nHe outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)\nThere's no word yet on if it will be accepted, but it's an interesting idea to explore, especially when you consider that HAMMER really only has one developer\nIn more disk-related news, Ken Westerback has been committing quite a lot of GPT-related fixes recently\nFull GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone's guess\n***\n\n\nFeedback/Questions\n\n\nMorgan writes in\nDustin writes in\nStan writes in\nMica writes in\n***\n\n\nMailing List Gold\n\n\nDevelopers in freefall\nXorg thieves pt. 1\nXorg thieves pt. 2\n***\n","content_html":"\u003cp\u003eComing up this week on the show, we\u0026#39;ll be talking to Kamila Součková, a Google intern. She\u0026#39;s been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week\u0026#39;s news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/04/huge-announcement-for-pc-bsd/\" rel=\"nofollow\"\u003eMajor changes coming in PCBSD 11\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe PCBSD team has announced that version 11.0 will have some more pretty big changes (as they\u0026#39;ve been known to do lately with NTP daemons and firewalls)\u003c/li\u003e\n\u003cli\u003eSwitching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users\u003c/li\u003e\n\u003cli\u003eTo solve this, they\u0026#39;ve ported over Linux\u0026#39;s iptables, giving users a much more \u003ca href=\"http://dpaste.com/2F1KM6T.txt\" rel=\"nofollow\"\u003estraightforward configuration\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhile ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward\u003c/li\u003e\n\u003cli\u003eSince the FreeBSD kernel doesn\u0026#39;t support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough\u003c/li\u003e\n\u003cli\u003ePeople often complain about PCBSD\u0026#39;s huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager\u003c/li\u003e\n\u003cli\u003eTo reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy\u003c/li\u003e\n\u003cli\u003eAs we\u0026#39;ve mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its \u0026quot;life preserver\u0026quot; utility, making it simple to manage multiple snapshots too\u003c/li\u003e\n\u003cli\u003eTo test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users\u0026#39; files - hope you had that stuff backed up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freebsddiary.org/fretbsd.php\" rel=\"nofollow\"\u003eNetBSD and FreeBSD join forces\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from\u003c/li\u003e\n\u003cli\u003eWhat\u0026#39;s more, none of them have any specific areas they focus on or anything like that (they\u0026#39;re all basically the same)\u003c/li\u003e\n\u003cli\u003eThat situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to \u003cstrong\u003eFretBSD\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eWithin a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server\u003c/li\u003e\n\u003cli\u003eAs UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load\u003c/li\u003e\n\u003cli\u003eWith FretBSD, your toaster can now run ZFS, so you\u0026#39;ll never need to worry about the bread becoming silently corrupted again\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://homing-on-code.blogspot.com/2015/03/puffy-in-cloud.html\" rel=\"nofollow\"\u003ePuffy in the cloud\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve ever wanted to set up a backup server, especially for family members or someone who\u0026#39;s not as technology-savvy, you\u0026#39;ve probably realized there are a lot of options\u003c/li\u003e\n\u003cli\u003eThis post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon\u003c/li\u003e\n\u003cli\u003eDoing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc\u003c/li\u003e\n\u003cli\u003eHe also mentions \u003ca href=\"http://www.bsdnow.tv/tutorials/pf\" rel=\"nofollow\"\u003eour pf tutorial\u003c/a\u003e being helpful in blocking script kiddies from hammering the box\u003c/li\u003e\n\u003cli\u003eBe sure to encourage your less-technical friends to always back up their important data\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/asiabsdcon_2015\" rel=\"nofollow\"\u003eNetBSD at AsiaBSDCon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome NetBSD developers have put together a report of what they did at the most recent event in Tokyo\u003c/li\u003e\n\u003cli\u003eIt includes a wrap-up of the event, as well as a \u003ca href=\"https://www.netbsd.org/gallery/presentations/#asiabsdcon2015\" rel=\"nofollow\"\u003elist of presentations\u003c/a\u003e that NetBSD developers gave\u003c/li\u003e\n\u003cli\u003eHave you ever wanted even more pictures of NetBSD running on lots of devices? There\u0026#39;s a never-ending supply, apparently\u003c/li\u003e\n\u003cli\u003eAt the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded \u003ca href=\"http://www.ki.nu/%7Emakoto/p15/20150315/\" rel=\"nofollow\"\u003epictures of all of them\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also \u003ca href=\"https://www.youtube.com/watch?v=K1y9cdmLFjw\" rel=\"nofollow\"\u003ea video\u003c/a\u003e of an OMRON LUNA-II running the luna68k port\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Kamila Součková - \u003ca href=\"mailto:kamila@ksp.sk\" rel=\"nofollow\"\u003ekamila@ksp.sk\u003c/a\u003e / \u003ca href=\"https://twitter.com/anotherkamila\" rel=\"nofollow\"\u003e@anotherkamila\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD conferences, Google Summer of Code, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2015marchupdate.pdf\" rel=\"nofollow\"\u003eFreeBSD foundation March update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has published their March update for fundraising and sponsored projects\u003c/li\u003e\n\u003cli\u003eIn the document, you\u0026#39;ll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update\u003c/li\u003e\n\u003cli\u003eThey also mention \u003ca href=\"http://www.bsdnow.tv/episodes/2015_03_11-the_pcbsd_tour_ii\" rel=\"nofollow\"\u003eour interview with the foundation president\u003c/a\u003e - be sure to check it out if you haven\u0026#39;t\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sdtimes.com/inside-openbsds-new-httpd-web-server/\" rel=\"nofollow\"\u003eInside OpenBSD\u0026#39;s new httpd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD news continues to \u003cstrong\u003edominate\u003c/strong\u003e mainstream tech news sites… well \u003cem\u003enot really\u003c/em\u003e, but they talk about it once in a while\u003c/li\u003e\n\u003cli\u003eThe SD Times is featuring an article about OpenBSD\u0026#39;s in-house HTTP server, after seeing Reyk\u0026#39;s \u003ca href=\"http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf\" rel=\"nofollow\"\u003eAsiaBSDCon presentation\u003c/a\u003e about it (which he\u0026#39;s giving at BSDCan this year, too)\u003c/li\u003e\n\u003cli\u003eIn this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter\u003c/li\u003e\n\u003cli\u003eSince the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in\u003c/li\u003e\n\u003cli\u003eThe post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdxbsdx.blogspot.com/2015/04/build-packages-in-poudriere-without.html\" rel=\"nofollow\"\u003eUsing poudriere without OpenSSL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLast week we \u003ca href=\"http://www.bsdnow.tv/episodes/2015_03_25-ssl_in_the_wild\" rel=\"nofollow\"\u003etalked about\u003c/a\u003e using LibreSSL in FreeBSD for all your ports\u003c/li\u003e\n\u003cli\u003eOne of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to\u003c/li\u003e\n\u003cli\u003eThis blog post shows how to completely strip OpenSSL out of the \u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003epoudriere\u003c/a\u003e build jails, something that\u0026#39;s a lot more difficult than you\u0026#39;d think\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142755452428573\u0026w=2\" rel=\"nofollow\"\u003eHAMMER and GPT in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSomeone, presumably a Google Summer of Code student, wrote in to the lists about his \u003ca href=\"http://www.bsdnow.tv/tutorials/hammer\" rel=\"nofollow\"\u003eHAMMER FS\u003c/a\u003e porting proposal\u003c/li\u003e\n\u003cli\u003eHe outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s no word yet on if it will be accepted, but it\u0026#39;s an interesting idea to explore, especially when you consider that HAMMER really only has one developer\u003c/li\u003e\n\u003cli\u003eIn more disk-related news, \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2\" rel=\"nofollow\"\u003eKen Westerback\u003c/a\u003e has been committing quite a lot of \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026w=2\u0026r=1\u0026s=gpt\u0026q=b\" rel=\"nofollow\"\u003eGPT-related fixes\u003c/a\u003e recently\u003c/li\u003e\n\u003cli\u003eFull GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone\u0026#39;s guess\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20e30p4qf\" rel=\"nofollow\"\u003eMorgan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20clKByMP\" rel=\"nofollow\"\u003eDustin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20aBlmaT5\" rel=\"nofollow\"\u003eStan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ufFrZY9y\" rel=\"nofollow\"\u003eMica writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055281.html\" rel=\"nofollow\"\u003eDevelopers in freefall\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142786808725483\u0026w=4\" rel=\"nofollow\"\u003eXorg thieves pt. 1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142790740405547\u0026w=4\" rel=\"nofollow\"\u003eXorg thieves pt. 2\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week on the show, we'll be talking to Kamila Součková, a Google intern. She's been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week's news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2015-04-01T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6b7846ec-2bb1-475f-aead-9fa2dd2d70ef.mp3","mime_type":"audio/mpeg","size_in_bytes":46578388,"duration_in_seconds":3881}]},{"id":"530c2987-381d-4c49-bfb9-b78872dd2e03","title":"82: SSL in the Wild","url":"https://www.bsdnow.tv/82","content_text":"Coming up this week, we'll be chatting with Bernard Spil about wider adoption of LibreSSL in other communities. He's been doing a lot of work with FreeBSD ports specifically, but also working with upstream projects. As usual, all this weeks news and answers to your questions, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDCon 2015 call for papers\n\n\nThe call for papers has been announced for the next EuroBSDCon, which is set to be held in Sweden this year\nAccording to their site, the call for presentation proposals period will start on Monday the 23rd of March until Friday the 17th of April\nIf giving a full talk isn't your thing, there's also a call for tutorials - if you're comfortable teaching other people about something BSD-related, this could be a great thing too\nYou're not limited to one proposal - several speakers gave multiple in 2014 - so don't hesitate if you've got more than one thing you'd like to talk about\nWe'd like to see a more balanced conference schedule than BSDCan's having this year, but that requires effort on both sides - if you're doing anything cool with any BSD, we'd encourage you submit a proposal (or two)\nCheck the announcement for all the specific details and requirements\nIf your talk gets accepted, the conference even pays for your travel expenses\n***\n\n\nMaking security sausage\n\n\nTed Unangst has a new blog post up, detailing his experiences with some recent security patches both in and out of OpenBSD\n\"Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!\"\nThe post first takes us through a few OpenBSD errata patches, explaining how some can get fixed very quickly, but others are more complicated and need a bit more review\nIt also covers security in upstream codebases, and how upstream projects sometimes treat security issues as any other bug\nFollowing that, it leads to the topic of FreeType - and a much more complicated problem with backporting patches between versions\nThe recent OpenSSL vulnerabilities were also mentioned, with an interesting story to go along with them\nJust 45 minutes before the agreed-upon announcement, OpenBSD devs found a problem with the patch OpenSSL planned to release - it had to be redone at the last minute\nIt was because of this that FreeBSD actually had to release a security update to their security update\nHe concludes with \"My number one wish would be that every project provide small patches for security issues. Dropping enormous feature releases along with a note 'oh, and some security too' creates downstream mayhem.\"\n***\n\n\nRunning FreeBSD on the server, a sysadmin speaks\n\n\nMore BSD content is appearing on mainstream technology sites, and, more importantly, BSD Now is being mentioned\nITWire recently did an interview with Allan about running FreeBSD on servers (possibly to go with their earlier interview with Kris about desktop usage)\nThey discuss some of the advantages BSD brings to the table for sysadmins that might be used to Linux or some other UNIX flavor\nIt also covers specific features like jails, ZFS, long-term support, automating tasks and even… what to name your computers\nIf you've been considering switching your servers over from Linux to FreeBSD, but maybe wanted to hear some first-hand experience, this is the article for you\n***\n\n\nNetBSD ported to Hardkernel ODROID-C1\n\n\nIn their never-ending quest to run on every new board that comes out, NetBSD has been ported to the Hardkernel ODROID-C1\nThis one features a quad-core ARMv7 CPU at 1.5GHz, has a gig of ram and gigabit ethernet... all for just $35\nThere's a special kernel config file for this board's hardware, available in both -current and the upcoming 7.0\nMore info can be found on their wiki page\nAfter this was written, basic framebuffer console support was also committed, allowing a developer to run XFCE on the device\n***\n\n\nInterview - Bernard Spil - brnrd@freebsd.org / @sp1l\n\nLibreSSL adoption in FreeBSD ports and the wider software ecosystem\n\n\n\nNews Roundup\n\nMonitoring pf logs with Gource\n\n\nIf you're using pf on any of the BSDs, maybe you've gotten bored of grepping logs and want to do something more fancy\nThis article will show you how to get set up with Gource for a cinematic-like experience\nIf you've never heard of Gource, it's \"an OpenGL-based 3D visualization tool intended for visualizing activity on source control repositories\"\nWhen you put all the tools together, you can end up with some pretty eye-catching animations of your firewall traffic\nOne of our listeners wrote in to say that he set this up and, almost immediately, noticed his girlfriend's phone had been compromised - graphical representations of traffic could be useful for detecting suspicious network activity\n***\n\n\npkgng 1.5.0 alpha1 released\n\n\nThe development version of pkgng was updated to 1.4.99.14, or 1.5.0 alpha1\nThis update introduces support for provides/requires, something that we've been wanting for a long time\nIt will also now print which package is the reason for direct dependency change\nAnother interesting addition is the \"pkg -r\" switch, allowing cross installation of packages\nRemember this isn't the stable version, so maybe don't upgrade to it just yet on any production systems\nDragonFly will also likely pick up this update once it's marked stable\n***\n\n\nWelcome to OpenBSD\n\n\nWe mentioned last week that our listener Brian was giving a talk in the Troy, New York area\nThe slides from that talk are now online, and they've been generating quite a bit of discussion online\nIt's simply titled \"Welcome to OpenBSD\" and gives the reader an introduction to the OS (and how easy it is to get involved with contributing)\nTopics include a quick history of the project, who the developers are and what they do, some proactive security techniques and finally how to get involved\nAs you may know, NetBSD has almost 60 supported platforms and their slogan is \"of course it runs NetBSD\" - Brian says, with 17 platforms over 13 CPU architectures, \"it probably runs OpenBSD\"\nNo matter which BSD you might be interested in, these slides are a great read, especially for any beginners looking to get their feet wet\nTry to guess which font he used...\n***\n\n\nBSDTalk episode 252\n\n\nAnd somehow Brian has snuck himself into another news item this week\nHe makes an appearance in the latest episode of BSD Talk, where he chats with Will about running a BSD-based shell provider\nIf that sounds familiar, it's probably because we did the same thing, albeit with a different member of their team\nIn this interview, they discuss what a shell provider does, hardware requirements and how to weed out the spammers in favor of real people\nThey also talk a bit about the community aspect of a shared server, as opposed to just running a virtual machine by yourself\n***\n\n\nFeedback/Questions\n\n\nChristian writes in\nStefan writes in\nPossnfiffer writes in\nRuudsch writes in\nShane writes in\n***\n\n\nMailing List Gold\n\n\nAccidental support\nLarry's tears\nThe boy who sailed with BSD\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be chatting with Bernard Spil about wider adoption of LibreSSL in other communities. He\u0026#39;s been doing a lot of work with FreeBSD ports specifically, but also working with upstream projects. As usual, all this weeks news and answers to your questions, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://2015.eurobsdcon.org/call-for-papers/\" rel=\"nofollow\"\u003eEuroBSDCon 2015 call for papers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe call for papers has been announced for the next \u003ca href=\"http://www.bsdnow.tv/episodes/2014_12_03-conference-connoisseur\" rel=\"nofollow\"\u003eEuroBSDCon\u003c/a\u003e, which is set to be held in Sweden this year\u003c/li\u003e\n\u003cli\u003eAccording to their site, the call for presentation proposals period will start on Monday the 23rd of March until Friday the 17th of April\u003c/li\u003e\n\u003cli\u003eIf giving a full talk isn\u0026#39;t your thing, there\u0026#39;s also a call for tutorials - if you\u0026#39;re comfortable teaching other people about something BSD-related, this could be a great thing too\u003c/li\u003e\n\u003cli\u003eYou\u0026#39;re not limited to one proposal - several speakers gave multiple in 2014 - so don\u0026#39;t hesitate if you\u0026#39;ve got more than one thing you\u0026#39;d like to talk about\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;d like to see a more balanced conference schedule than BSDCan\u0026#39;s having this year, but that requires effort on both sides - if you\u0026#39;re doing \u003cem\u003eanything\u003c/em\u003e cool with \u003cem\u003eany\u003c/em\u003e BSD, we\u0026#39;d encourage you submit a proposal (or two)\u003c/li\u003e\n\u003cli\u003eCheck the announcement for all the specific details and requirements\u003c/li\u003e\n\u003cli\u003eIf your talk gets accepted, the conference even pays for your travel expenses\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/making-security-sausage\" rel=\"nofollow\"\u003eMaking security sausage\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e has a new blog post up, detailing his experiences with some recent security patches both in and out of OpenBSD\u003c/li\u003e\n\u003cli\u003e\u0026quot;Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe post first takes us through a few OpenBSD errata patches, explaining how some can get fixed very quickly, but others are more complicated and need a bit more review\u003c/li\u003e\n\u003cli\u003eIt also covers security in upstream codebases, and how upstream projects sometimes treat security issues as any other bug\u003c/li\u003e\n\u003cli\u003eFollowing that, it leads to the topic of FreeType - and a much more complicated problem with backporting patches between versions\u003c/li\u003e\n\u003cli\u003eThe recent OpenSSL vulnerabilities were also mentioned, with an interesting story to go along with them\u003c/li\u003e\n\u003cli\u003eJust 45 minutes before the agreed-upon announcement, OpenBSD devs found a problem with the patch OpenSSL planned to release - it had to be redone at the last minute\u003c/li\u003e\n\u003cli\u003eIt was because of this that FreeBSD actually had to release \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-March/000237.html\" rel=\"nofollow\"\u003ea security update to their security update\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHe concludes with \u0026quot;My number one wish would be that every project provide small patches for security issues. Dropping enormous feature releases along with a note \u0026#39;oh, and some security too\u0026#39; creates downstream mayhem.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.itwire.com/business-it-news/open-source/67420-running-freebsd-on-the-server-a-sysadmin-speaks\" rel=\"nofollow\"\u003eRunning FreeBSD on the server, a sysadmin speaks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore BSD content is appearing on mainstream technology sites, and, \u003cstrong\u003emore importantly\u003c/strong\u003e, BSD Now is being mentioned\u003c/li\u003e\n\u003cli\u003eITWire recently did an interview with Allan about running FreeBSD on servers (possibly to go with their earlier interview with Kris about desktop usage)\u003c/li\u003e\n\u003cli\u003eThey discuss some of the advantages BSD brings to the table for sysadmins that might be used to Linux or some other UNIX flavor\u003c/li\u003e\n\u003cli\u003eIt also covers specific features like jails, ZFS, long-term support, automating tasks and even… what to name your computers\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been considering switching your servers over from Linux to FreeBSD, but maybe wanted to hear some first-hand experience, this is the article for you\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_ported_to_hardkernel_odroid\" rel=\"nofollow\"\u003eNetBSD ported to Hardkernel ODROID-C1\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn their never-ending quest to run on every new board that comes out, NetBSD has been ported to the \u003ca href=\"http://www.hardkernel.com/main/products/prdt_info.php?g_code=G141578608433\" rel=\"nofollow\"\u003eHardkernel ODROID-C1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis one features a quad-core ARMv7 CPU at 1.5GHz, has a gig of ram and gigabit ethernet... all for just $35\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a special kernel config file for this board\u0026#39;s hardware, available in both -current and the upcoming 7.0\u003c/li\u003e\n\u003cli\u003eMore info can be found on \u003ca href=\"https://wiki.netbsd.org/ports/evbarm/odroid-c1/\" rel=\"nofollow\"\u003etheir wiki page\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAfter this was written, basic framebuffer console support was \u003ca href=\"http://mail-index.netbsd.org/source-changes/2015/03/21/msg064156.html\" rel=\"nofollow\"\u003ealso committed\u003c/a\u003e, allowing a developer to \u003ca href=\"https://pbs.twimg.com/media/CAqU5CnWEAAEhH2.png:large\" rel=\"nofollow\"\u003erun XFCE\u003c/a\u003e on the device\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Bernard Spil - \u003ca href=\"mailto:brnrd@freebsd.org\" rel=\"nofollow\"\u003ebrnrd@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/sp1l\" rel=\"nofollow\"\u003e@sp1l\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eLibreSSL adoption \u003ca href=\"https://wiki.freebsd.org/LibreSSL\" rel=\"nofollow\"\u003ein FreeBSD ports\u003c/a\u003e and the wider software ecosystem\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.echothrust.com/blogs/monitoring-pf-logs-gource\" rel=\"nofollow\"\u003eMonitoring pf logs with Gource\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;re \u003ca href=\"http://www.bsdnow.tv/tutorials/pf\" rel=\"nofollow\"\u003eusing pf\u003c/a\u003e on any of the BSDs, maybe you\u0026#39;ve gotten bored of grepping logs and want to do something more fancy\u003c/li\u003e\n\u003cli\u003eThis article will show you how to get set up with Gource for a cinematic-like experience\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve never heard of Gource, it\u0026#39;s \u0026quot;an OpenGL-based 3D visualization tool intended for visualizing activity on source control repositories\u0026quot;\u003c/li\u003e\n\u003cli\u003eWhen you put all the tools together, you can end up with some pretty eye-catching animations of your firewall traffic\u003c/li\u003e\n\u003cli\u003eOne of our listeners wrote in to say that he set this up and, almost immediately, noticed his girlfriend\u0026#39;s phone had been compromised - graphical representations of traffic could be useful for detecting suspicious network activity\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=381573\" rel=\"nofollow\"\u003epkgng 1.5.0 alpha1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe development version of pkgng was updated to 1.4.99.14, or 1.5.0 alpha1\u003c/li\u003e\n\u003cli\u003eThis update introduces support for provides/requires, something that we\u0026#39;ve been wanting for a long time\u003c/li\u003e\n\u003cli\u003eIt will also now print which package is the reason for direct dependency change\u003c/li\u003e\n\u003cli\u003eAnother interesting addition is the \u0026quot;pkg -r\u0026quot; switch, allowing cross installation of packages\u003c/li\u003e\n\u003cli\u003eRemember this isn\u0026#39;t the stable version, so maybe don\u0026#39;t upgrade to it just yet on any production systems\u003c/li\u003e\n\u003cli\u003eDragonFly will also likely pick up this update once it\u0026#39;s marked stable\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://devio.us/%7Ebcallah/rcos2015.pdf\" rel=\"nofollow\"\u003eWelcome to OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned last week that our listener Brian was giving a talk in the Troy, New York area\u003c/li\u003e\n\u003cli\u003eThe slides from that talk are now online, and they\u0026#39;ve been generating quite a bit of \u003ca href=\"https://news.ycombinator.com/item?id=9240533\" rel=\"nofollow\"\u003ediscussion\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/openbsd/comments/2ztokc/welcome_to_openbsd/\" rel=\"nofollow\"\u003eonline\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s simply titled \u0026quot;Welcome to OpenBSD\u0026quot; and gives the reader an introduction to the OS (and how easy it is to get involved with contributing)\u003c/li\u003e\n\u003cli\u003eTopics include a quick history of the project, who the developers are and what they do, some proactive security techniques and finally how to get involved\u003c/li\u003e\n\u003cli\u003eAs you may know, NetBSD has almost 60 \u003ca href=\"https://www.netbsd.org/ports/\" rel=\"nofollow\"\u003esupported platforms\u003c/a\u003e and their slogan is \u0026quot;\u003cem\u003eof course\u003c/em\u003e it runs NetBSD\u0026quot; - Brian says, with \u003ca href=\"http://www.openbsd.org/plat.html\" rel=\"nofollow\"\u003e17 platforms\u003c/a\u003e over 13 CPU architectures, \u0026quot;it \u003cem\u003eprobably\u003c/em\u003e runs OpenBSD\u0026quot;\u003c/li\u003e\n\u003cli\u003eNo matter which BSD you might be interested in, these slides are a great read, especially for any beginners looking to get their feet wet\u003c/li\u003e\n\u003cli\u003eTry to guess which font he used...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2015/03/bsdtalk252-devious-with-brian-callahan.html\" rel=\"nofollow\"\u003eBSDTalk episode 252\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnd somehow Brian has snuck himself into \u003cem\u003eanother\u003c/em\u003e news item this week\u003c/li\u003e\n\u003cli\u003eHe makes an appearance in the latest episode of \u003ca href=\"http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk\" rel=\"nofollow\"\u003eBSD Talk\u003c/a\u003e, where he chats with Will about running a BSD-based shell provider\u003c/li\u003e\n\u003cli\u003eIf that sounds familiar, it\u0026#39;s probably because \u003ca href=\"http://www.bsdnow.tv/episodes/2014_06_18-devious_methods\" rel=\"nofollow\"\u003ewe did the same thing\u003c/a\u003e, albeit with a different member of their team\u003c/li\u003e\n\u003cli\u003eIn this interview, they discuss what a shell provider does, hardware requirements and how to weed out the spammers in favor of real people\u003c/li\u003e\n\u003cli\u003eThey also talk a bit about the community aspect of a shared server, as opposed to just running a virtual machine by yourself\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2O81pixhq\" rel=\"nofollow\"\u003eChristian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2dhr2WfVc\" rel=\"nofollow\"\u003eStefan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Kisq2EqT\" rel=\"nofollow\"\u003ePossnfiffer writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Xr0e5YAJ\" rel=\"nofollow\"\u003eRuudsch writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Xz7BNoJE\" rel=\"nofollow\"\u003eShane writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2015-March/069679.html\" rel=\"nofollow\"\u003eAccidental support\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142686812913221\u0026w=2\" rel=\"nofollow\"\u003eLarry\u0026#39;s tears\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hardware/2015-March/007625.html\" rel=\"nofollow\"\u003eThe boy who sailed with BSD\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be chatting with Bernard Spil about wider adoption of LibreSSL in other communities. He's been doing a lot of work with FreeBSD ports specifically, but also working with upstream projects. As usual, all this weeks news and answers to your questions, on BSD Now - the place to B.. SD.","date_published":"2015-03-25T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/530c2987-381d-4c49-bfb9-b78872dd2e03.mp3","mime_type":"audio/mpeg","size_in_bytes":63405364,"duration_in_seconds":5283}]},{"id":"a8a11e67-acad-44db-b8d9-840c53f401f9","title":"81: Puffy in a Box","url":"https://www.bsdnow.tv/81","content_text":"We're back from AsiaBSDCon! This week on the show, we'll be talking to Lawrence Teo about how Calyptix uses OpenBSD in their line of commercial routers. They're getting BSD in the hands of Windows admins who don't even realize it. We also have all this week's news and answer to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nUsing OpenBGPD to distribute pf table updates\n\n\nFor those not familiar, OpenBGPD is a daemon for the Border Gateway Protocol - a way for routers on the internet to discover and exchange routes to different addresses\nThis post, inspired by a talk about using BGP to distribute spam lists, details how to use the protocol to distribute some other useful lists and information\nIt begins with \"One of the challenges faced when managing our OpenBSD firewalls is the distribution of IPs to pf tables without manually modifying /etc/pf.conf on each of the firewalls every time. This task becomes quite tedious, specifically when you want to distribute different types of changes to different systems (eg administrative IPs to a firewall and spammer IPs to a mail server), or if you need to distribute real time blacklists to a large number of systems.\"\nIf you manage a lot of BSD boxes, this might be an interesting alternative to some of the other ways to distribute configuration files\nOpenBGPD is part of the OpenBSD base system, but there's also an unofficial port to FreeBSD and a \"work in progress\" pkgsrc version\n***\n\n\nMounting removable media with autofs\n\n\nThe FreeBSD foundation has a new article in the \"FreeBSD from the trenches\" series, this time about the sponsored autofs tool\nIt's written by one of the autofs developers, and he details his work on creating and using the utility\n\"The purpose of autofs(5) is to mount filesystems on access, in a way that's transparent to the application. In other words, filesystems get mounted when they are first accessed, and then unmounted after some time passes.\"\nHe talks about all the components that need to work together for smooth operation, how to configure it and how to enable it by default for removable drives\nIt ends with a real-world example of something we're all probably familiar with: plugging in USB drives and watching the magic happen\nThere's also some more advanced bonus material on GEOM classes and all the more technical details\n***\n\n\nThe Tor Browser on BSD\n\n\nThe Tor Project has provided a \"browser bundle\" for a long time, which is more or less a repackaged Firefox with many security and privacy-related settings preconfigured and some patches applied to the source\nJust tunneling your browser through a transparent Tor proxy is not safe enough - many things can lead to passive fingerprinting or, even worse, anonymity being completely lost \nIt has, however, only been released for Windows, OS X and Linux - no BSD version\n\"[...] we are pushing back against an emerging monoculture, and this is always a healthy thing. Monocultures are dangerous for many reasons, most importantly to themselves.\"\nSome work has begun to get a working port on BSD going, and this document tells about the process and how it all got started\nIf you've got porting skills, or are interested in online privacy, any help would be appreciated of course (see the post for details on getting involved)\n***\n\n\nOpenSSH 6.8 released\n\n\nContinuing their \"tick tock\" pattern of releases alternating between new features and bugfixes, the OpenSSH team has released 6.8 - it's a major upgrade, focused on new features (we like those better of course)\nMost of the codebase has gone through refactoring, making it easier for regression tests and improving the general readability\nThis release adds support for SHA256-hashed, base64-encoded host key fingerprints, as well as making that the default - a big step up from the previously hex-encoded MD5 fingerprints\nExperimental host key rotation support also makes it debut, allowing for easy in-place upgrading of old keys to newer (or refreshed) keys\nYou can now require multiple, different public keys to be verified for a user to authenticate (useful if you're extra paranoid or don't have 100% confidence in any single key type)\nThe native version will be in OpenBSD 5.7, and the portable version should hit a ports tree near you soon\nSpeaking of the portable version, it now has a configure option to build without OpenSSL or LibreSSL, but doing so limits you to Ed25519 key types and ChaCha20 and AES-CTR ciphers\n***\n\n\nNetBSD at AsiaBSDCon\n\n\nThe NetBSD guys already have a wrap-up of the recent event, complete with all the pictures and weird devices you'd expect\nIt covers their BoF session, the six NetBSD-related presentations and finally their \"work in progress\" session\nThere was a grand total of 34 different NetBSD gadgets on display at the event\n***\n\n\nInterview - Lawrence Teo - lteo@openbsd.org / @lteo\n\nOpenBSD at Calyptix\n\n\n\nNews Roundup\n\nHardenedBSD introduces Integriforce\n\n\nA little bit of background on this one first: NetBSD has something called veriexec, used for checking file integrity at the kernel level\nBy doing it at the kernel level, similar to securelevels, it offers some level of protection even when the root account is compromised\nHardenedBSD has introduced a similar mechanism into their \"secadm\" utility\nYou can list binaries in the config file that you want to be protected from changes, then specify whether those can't be run at all, or if they just print a warning\nThey're looking for some more extensive testing of this new feature\n***\n\n\nMore s2k15 hackathon reports\n\n\nA couple more Australian hackathon reports have poured in since the last time\nThe first comes from Jonathan Gray, who's done a lot of graphics-related work in OpenBSD recently\nHe worked on getting some newer \"Southern Islands\" and \"Graphics Core Next\" AMD GPUs working, as well as some OpenGL and DRM-related things\nAlso on his todo list was to continue hitting various parts of the tree with American Fuzzy Lop, which ended up fixing a few crashes in mandoc\nTed Unangst also sent in a report to detail what he hacked on at the event\nWith a strong focus on improving SMP scalability, he tackled the virtual memory layer\nHis goal was to speed up some syscalls that are used heavily during code compilation, much of which will probably end up in 5.8\nAll the trip reports are much more detailed than our short summaries, so give them a read if you're interested in all the technicalities\n***\n\n\nDragonFly 4.0.4 and IPFW3\n\n\nDragonFly BSD has put out a small point release to the 4.x branch, 4.0.4\nIt includes a minor list of fixes, some of which include a HAMMER FS history fix, removing the no-longer-needed \"new xorg\" and \"with kms\" variables and a few LAGG fixes\nThere was also a bug in the installer that prevented the rescue image from being installed correctly, which also gets fixed in this version\nShortly after it was released, their new IPFW2 firewall was added to the tree and subsequently renamed to IPFW3 (since it's technically the third revision)\n***\n\n\nNetBSD gets Raspberry Pi 2 support\n\n\nNetBSD has announced initial support for the second revision of the ever-popular Raspberry Pi board\nThere are -current snapshots available for download, and multiprocessor support is also on the way\nThe NetBSD wiki page about the Raspberry Pi also has some more information and an installation guide\nThe usual Hacker News discussion on the subject\nIf anyone has one of these little boards, let us know - maybe write up a blog post about your experience with BSD on it\n***\n\n\nOpenIKED as a VPN gateway\n\n\nIn our first discussion segment, we talked about a few different ways to tunnel your traffic\nWhile we've done full tutorials on things like SSH tunnels, OpenVPN and Tor, we haven't talked a whole lot about OpenBSD's IPSEC suite\nThis article should help fill that gap - it walks you through the complete IKED setup\nFrom creating the public key infrastructure to configuring the firewall to configuring both the VPN server and client, this guide's got it all\n***\n\n\nFeedback/Questions\n\n\nGary writes in\nRobert writes in\nJoris writes in\nMike writes in\nAnders writes in\n***\n\n\nMailing List Gold\n\n\nCan you hear me now\nHe must be GNU here\nI've seen some...\n***\n","content_html":"\u003cp\u003eWe\u0026#39;re back from AsiaBSDCon! This week on the show, we\u0026#39;ll be talking to Lawrence Teo about how Calyptix uses OpenBSD in their line of commercial routers. They\u0026#39;re getting BSD in the hands of Windows admins who don\u0026#39;t even realize it. We also have all this week\u0026#39;s news and answer to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.echothrust.com/blogs/using-openbgpd-distribute-pf-table-updates-your-servers\" rel=\"nofollow\"\u003eUsing OpenBGPD to distribute pf table updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor those not familiar, \u003ca href=\"https://en.wikipedia.org/wiki/OpenBGPD\" rel=\"nofollow\"\u003eOpenBGPD\u003c/a\u003e is a daemon for the \u003ca href=\"https://en.wikipedia.org/wiki/Border_Gateway_Protocol\" rel=\"nofollow\"\u003eBorder Gateway Protocol\u003c/a\u003e - a way for routers on the internet to discover and exchange routes to different addresses\u003c/li\u003e\n\u003cli\u003eThis post, inspired by \u003ca href=\"https://www.youtube.com/watch?v=Vet0eQB00X0\" rel=\"nofollow\"\u003ea talk about using BGP to distribute spam lists\u003c/a\u003e, details how to use the protocol to distribute some other useful lists and information\u003c/li\u003e\n\u003cli\u003eIt begins with \u0026quot;One of the challenges faced when managing our OpenBSD firewalls is the distribution of IPs to pf tables without manually modifying /etc/pf.conf on each of the firewalls every time. This task becomes quite tedious, specifically when you want to distribute different types of changes to different systems (eg administrative IPs to a firewall and spammer IPs to a mail server), or if you need to distribute real time blacklists to a large number of systems.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIf you manage a lot of BSD boxes, this might be an interesting alternative to some of the other ways to distribute configuration files\u003c/li\u003e\n\u003cli\u003eOpenBGPD is part of the OpenBSD base system, but there\u0026#39;s also an unofficial port \u003ca href=\"https://www.freshports.org/net/openbgpd/\" rel=\"nofollow\"\u003eto FreeBSD\u003c/a\u003e and a \u0026quot;work in progress\u0026quot; \u003ca href=\"http://pkgsrc.se/wip/openbgpd\" rel=\"nofollow\"\u003epkgsrc version\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/03/freebsd-from-trenches-using-autofs5-to_13.html\" rel=\"nofollow\"\u003eMounting removable media with autofs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has a new article in the \u0026quot;FreeBSD from the trenches\u0026quot; series, this time about the sponsored \u003ca href=\"https://www.freebsd.org/cgi/man.cgi?query=autofs\u0026sektion=5\" rel=\"nofollow\"\u003eautofs\u003c/a\u003e tool\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s written by one of the autofs developers, and he details his work on creating and using the utility\u003c/li\u003e\n\u003cli\u003e\u0026quot;The purpose of autofs(5) is to mount filesystems on access, in a way that\u0026#39;s transparent to the application. In other words, filesystems get mounted when they are first accessed, and then unmounted after some time passes.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe talks about all the components that need to work together for smooth operation, how to configure it and how to enable it by default for removable drives\u003c/li\u003e\n\u003cli\u003eIt ends with a real-world example of something we\u0026#39;re all probably familiar with: plugging in USB drives and watching the magic happen\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also some more advanced bonus material on GEOM classes and all the more technical details\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://trac.haqistan.net/blog/adventures-ports-tor-browser\" rel=\"nofollow\"\u003eThe Tor Browser on BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Tor Project has provided a \u0026quot;\u003ca href=\"https://www.torproject.org/projects/torbrowser/design/\" rel=\"nofollow\"\u003ebrowser bundle\u003c/a\u003e\u0026quot; for a long time, which is more or less a repackaged Firefox with many security and privacy-related settings preconfigured and some patches applied to the source\u003c/li\u003e\n\u003cli\u003eJust tunneling your browser through a transparent Tor proxy is not safe enough - many things can lead to passive fingerprinting or, even worse, anonymity being completely lost \u003c/li\u003e\n\u003cli\u003eIt has, however, only been released for Windows, OS X and Linux - no BSD version\u003c/li\u003e\n\u003cli\u003e\u0026quot;[...] we are pushing back against an emerging monoculture, and this is always a healthy thing. Monocultures are dangerous for many reasons, most importantly to themselves.\u0026quot;\u003c/li\u003e\n\u003cli\u003eSome work has begun to get a working port on BSD going, and this document tells about the process and how it all got started\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve got porting skills, or are interested in online privacy, any help would be appreciated of course (see the post for details on getting involved)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-March/033686.html\" rel=\"nofollow\"\u003eOpenSSH 6.8 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eContinuing their \u0026quot;tick tock\u0026quot; pattern of releases alternating between new features and bugfixes, the OpenSSH team has released 6.8 - it\u0026#39;s a major upgrade, focused on new features (we like those better of course)\u003c/li\u003e\n\u003cli\u003eMost of the codebase has gone through refactoring, making it easier for regression tests and improving the general readability\u003c/li\u003e\n\u003cli\u003eThis release adds support for SHA256-hashed, base64-encoded host key fingerprints, as well as making that the default - a big step up from the previously hex-encoded MD5 fingerprints\u003c/li\u003e\n\u003cli\u003eExperimental host key rotation support also makes it debut, allowing for easy in-place upgrading of old keys to newer (or refreshed) keys\u003c/li\u003e\n\u003cli\u003eYou can now require multiple, different public keys to be verified for a user to authenticate (useful if you\u0026#39;re extra paranoid or don\u0026#39;t have 100% confidence in any single key type)\u003c/li\u003e\n\u003cli\u003eThe native version will be in OpenBSD 5.7, and the portable version should hit a ports tree near you soon\u003c/li\u003e\n\u003cli\u003eSpeaking of the portable version, it now has a configure option to build without OpenSSL or LibreSSL, but doing so limits you to Ed25519 key types and ChaCha20 and AES-CTR ciphers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/03/15/msg000682.html\" rel=\"nofollow\"\u003eNetBSD at AsiaBSDCon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe NetBSD guys already have a wrap-up of the recent event, complete with all the pictures and weird devices you\u0026#39;d expect\u003c/li\u003e\n\u003cli\u003eIt covers their BoF session, the six NetBSD-related presentations and finally their \u0026quot;work in progress\u0026quot; session\u003c/li\u003e\n\u003cli\u003eThere was a grand total of \u003ca href=\"https://docs.google.com/spreadsheets/d/14q6zJK5PjlMoSeBV5HBiEik5LkqlrcrbSxPoxVKKlec/edit#gid=0\" rel=\"nofollow\"\u003e34 different NetBSD gadgets\u003c/a\u003e on display at the event\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Lawrence Teo - \u003ca href=\"mailto:lteo@openbsd.org\" rel=\"nofollow\"\u003elteo@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/lteo\" rel=\"nofollow\"\u003e@lteo\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD \u003ca href=\"http://www.nycbsdcon.org/2010/presentations/lteo-nycbsdcon2010.pdf\" rel=\"nofollow\"\u003eat Calyptix\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hardenedbsd.org/article/shawn-webb/2015-03-11/call-testing-secadm-integriforce\" rel=\"nofollow\"\u003eHardenedBSD introduces Integriforce\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA little bit of background on this one first: NetBSD has something called \u003ca href=\"https://www.netbsd.org/docs/guide/en/chap-veriexec.html\" rel=\"nofollow\"\u003everiexec\u003c/a\u003e, used for \u003ca href=\"http://wiki.netbsd.org/guide/veriexec/\" rel=\"nofollow\"\u003echecking file integrity\u003c/a\u003e at the kernel level\u003c/li\u003e\n\u003cli\u003eBy doing it at the kernel level, similar to \u003ca href=\"https://en.wikipedia.org/wiki/Securelevel\" rel=\"nofollow\"\u003esecurelevels\u003c/a\u003e, it offers some level of protection even when the root account is compromised\u003c/li\u003e\n\u003cli\u003eHardenedBSD has introduced a similar mechanism into their \u0026quot;secadm\u0026quot; utility\u003c/li\u003e\n\u003cli\u003eYou can list binaries in the config file that you want to be protected from changes, then specify whether those \u003ca href=\"http://i.imgur.com/wHp2eAN.png\" rel=\"nofollow\"\u003ecan\u0026#39;t be run\u003c/a\u003e at all, or if they just print a warning\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re looking for some more extensive testing of this new feature\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150305100712\u0026mode=flat\" rel=\"nofollow\"\u003eMore s2k15 hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA couple more Australian hackathon reports have poured in since the last time\u003c/li\u003e\n\u003cli\u003eThe first comes from Jonathan Gray, who\u0026#39;s done a lot of graphics-related work in OpenBSD recently\u003c/li\u003e\n\u003cli\u003eHe worked on getting some newer \u0026quot;Southern Islands\u0026quot; and \u0026quot;Graphics Core Next\u0026quot; AMD GPUs working, as well as some OpenGL and DRM-related things\u003c/li\u003e\n\u003cli\u003eAlso on his todo list was to continue hitting various parts of the tree with American Fuzzy Lop, which ended up fixing a few crashes in \u003ca href=\"http://www.bsdnow.tv/episodes/2014_11_12-a_mans_man\" rel=\"nofollow\"\u003emandoc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTed Unangst also \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150307165135\u0026mode=flat\" rel=\"nofollow\"\u003esent in a report\u003c/a\u003e to detail what he hacked on at the event\u003c/li\u003e\n\u003cli\u003eWith a strong focus on improving SMP scalability, he tackled the virtual memory layer\u003c/li\u003e\n\u003cli\u003eHis goal was to speed up some syscalls that are used heavily during code compilation, much of which will probably end up in 5.8\u003c/li\u003e\n\u003cli\u003eAll the trip reports are \u003cstrong\u003emuch\u003c/strong\u003e more detailed than our short summaries, so give them a read if you\u0026#39;re interested in all the technicalities\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2015/03/10/15733.html\" rel=\"nofollow\"\u003eDragonFly 4.0.4 and IPFW3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly BSD has put out a small point release to the 4.x branch, 4.0.4\u003c/li\u003e\n\u003cli\u003eIt includes a minor \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-March/418098.html\" rel=\"nofollow\"\u003elist of fixes\u003c/a\u003e, some of which include a HAMMER FS history fix, removing the no-longer-needed \u0026quot;new xorg\u0026quot; and \u0026quot;with kms\u0026quot; variables and a few LAGG fixes\u003c/li\u003e\n\u003cli\u003eThere was also a bug in the installer that prevented the rescue image from being installed correctly, which also gets fixed in this version\u003c/li\u003e\n\u003cli\u003eShortly after it was released, their new IPFW2 firewall was \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-March/418133.html\" rel=\"nofollow\"\u003eadded to the tree\u003c/a\u003e and subsequently renamed to \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2015-March/418160.html\" rel=\"nofollow\"\u003eIPFW3\u003c/a\u003e (since it\u0026#39;s technically the third revision)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/raspberry_pi_2_support_added\" rel=\"nofollow\"\u003eNetBSD gets Raspberry Pi 2 support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD has announced initial support for the \u003ca href=\"http://www.raspberrypi.org/products/raspberry-pi-2-model-b/\" rel=\"nofollow\"\u003esecond revision\u003c/a\u003e of the ever-popular Raspberry Pi board\u003c/li\u003e\n\u003cli\u003eThere are -current snapshots available for download, and multiprocessor support is also on the way\u003c/li\u003e\n\u003cli\u003eThe NetBSD wiki page about the Raspberry Pi also has some \u003ca href=\"https://wiki.netbsd.org/ports/evbarm/raspberry_pi/\" rel=\"nofollow\"\u003emore information\u003c/a\u003e and an installation guide\u003c/li\u003e\n\u003cli\u003eThe usual \u003ca href=\"https://news.ycombinator.com/item?id=9172100\" rel=\"nofollow\"\u003eHacker News discussion\u003c/a\u003e on the subject\u003c/li\u003e\n\u003cli\u003eIf anyone has one of these little boards, let us know - maybe write up a blog post about your experience with BSD on it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://puffysecurity.com/wiki/openikedoffshore.html\" rel=\"nofollow\"\u003eOpenIKED as a VPN gateway\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn our first discussion segment, we talked about a few different ways to tunnel your traffic\u003c/li\u003e\n\u003cli\u003eWhile we\u0026#39;ve done full tutorials on things like \u003ca href=\"http://www.bsdnow.tv/tutorials/stunnel\" rel=\"nofollow\"\u003eSSH tunnels\u003c/a\u003e, \u003ca href=\"http://www.bsdnow.tv/tutorials/openvpn\" rel=\"nofollow\"\u003eOpenVPN\u003c/a\u003e and \u003ca href=\"http://www.bsdnow.tv/tutorials/tor\" rel=\"nofollow\"\u003eTor\u003c/a\u003e, we haven\u0026#39;t talked a whole lot about OpenBSD\u0026#39;s IPSEC suite\u003c/li\u003e\n\u003cli\u003eThis article should help fill that gap - it walks you through the complete IKED setup\u003c/li\u003e\n\u003cli\u003eFrom creating the public key infrastructure to configuring the firewall to configuring both the VPN server and client, this guide\u0026#39;s got it all\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21G9TWALE\" rel=\"nofollow\"\u003eGary writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s206aZrxOi\" rel=\"nofollow\"\u003eRobert writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s28Um5R7LG\" rel=\"nofollow\"\u003eJoris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2yAJsl1Es\" rel=\"nofollow\"\u003eMike writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21dMAE55M\" rel=\"nofollow\"\u003eAnders writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=142577632205484\u0026w=2\" rel=\"nofollow\"\u003eCan you hear me now\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2015-March/047207.html\" rel=\"nofollow\"\u003eHe must be GNU here\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142593175408756\u0026w=2\" rel=\"nofollow\"\u003eI\u0026#39;ve seen some...\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We're back from AsiaBSDCon! This week on the show, we'll be talking to Lawrence Teo about how Calyptix uses OpenBSD in their line of commercial routers. They're getting BSD in the hands of Windows admins who don't even realize it. We also have all this week's news and answer to your emails, on BSD Now - the place to B.. SD.","date_published":"2015-03-18T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a8a11e67-acad-44db-b8d9-840c53f401f9.mp3","mime_type":"audio/mpeg","size_in_bytes":62032180,"duration_in_seconds":5169}]},{"id":"42370236-9013-44ce-882f-6e1b829bbca8","title":"80: The PC-BSD Tour II","url":"https://www.bsdnow.tv/80","content_text":"We're away at AsiaBSDCon this week, but we've still got a packed episode for you. First up is a sequel to the \"PC-BSD tour\" segment from a while back, highlighting how ZFS boot environments work. After that, Justin Gibbs joins us to talk about the FreeBSD foundation's 15th anniversary. We'll return next week with a normal episode of BSD Now - which is of course, the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nSpecial segment\n\nDemystifying Boot Environments in PC-BSD\n\n\n\nInterview - Justin Gibbs - gibbs@freebsd.org / @freebsdfndation\n\nThe FreeBSD foundation's 15th anniversary\n\n\n\nDiscussion\n\nThe story of PC-BSD\n\n","content_html":"\u003cp\u003eWe\u0026#39;re away at AsiaBSDCon this week, but we\u0026#39;ve still got a packed episode for you. First up is a sequel to the \u0026quot;PC-BSD tour\u0026quot; segment from a while back, highlighting how ZFS boot environments work. After that, Justin Gibbs joins us to talk about the FreeBSD foundation\u0026#39;s 15th anniversary. We\u0026#39;ll return next week with a normal episode of BSD Now - which is of course, the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eSpecial segment\u003c/h2\u003e\n\n\u003cp\u003eDemystifying Boot Environments in PC-BSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Justin Gibbs - \u003ca href=\"mailto:gibbs@freebsd.org\" rel=\"nofollow\"\u003egibbs@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/freebsdfndation\" rel=\"nofollow\"\u003e@freebsdfndation\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe FreeBSD foundation\u0026#39;s 15th anniversary\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eDiscussion\u003c/h2\u003e\n\n\u003cp\u003eThe story of PC-BSD\u003c/p\u003e\n\n\u003chr\u003e","summary":"We're away at AsiaBSDCon this week, but we've still got a packed episode for you. First up is a sequel to the \"PC-BSD tour\" segment from a while back, highlighting how ZFS boot environments work. After that, Justin Gibbs joins us to talk about the FreeBSD foundation's 15th anniversary. We'll return next week with a normal episode of BSD Now - which is of course, the place to B.. SD.","date_published":"2015-03-11T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/42370236-9013-44ce-882f-6e1b829bbca8.mp3","mime_type":"audio/mpeg","size_in_bytes":57728596,"duration_in_seconds":4810}]},{"id":"cb3fc5ef-1795-4d76-8b42-56a205255a03","title":"79: Just Add QEMU","url":"https://www.bsdnow.tv/79","content_text":"Coming up this time on the show, we'll be talking to Sean Bruno. He's been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We've also got answers to viewer-submitted questions and all this week's news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nAsiaBSDCon 2015 schedule\n\n\nAlmost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up\nThis year's conference will be between 12-15 March at the Tokyo University of Science in Japan\nThe first and second days are for tutorials, as well as the developer summit and vendor summit\nDays four and five are the main event with the presentations, which Kris and Allan both made the cut for once again\nNot counting the ones that have yet to be revealed (as of the day we're recording this), there will be thirty-six different talks in all - four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD\nSummaries of all the presentations are on the timetable page if you scroll down a bit\n***\n\n\nFreeBSD foundation updates and more\n\n\nThe FreeBSD foundation has posted a number of things this week, the first of which is their February 2015 status update\nIt provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform\nThere's a FOSDEM recap and another update of their fundraising goal for 2015\nThey also have two new blog posts: a trip report from SCALE13x and a featured \"FreeBSD in the trenches\" article about how a small typo caused a lot of ZFS chaos in the cluster\n\"Then panic ensued.  The machine didn't panic -- I did.\"\n***\n\n\nOpenBSD improves browser security\n\n\nNo matter what OS you run on your desktop, the most likely entry point for an exploit these days is almost certainly the web browser\nTed Unangst writes in to the OpenBSD misc list to introduce a new project he's working on, simply titled \"improving browser security\"\nHe gives some background on the WX memory protection in the base system, but also mentions that some applications in ports don't adhere to it\nFor it to be enforced globally instead of just recommended, at least one browser (or specifically, one JIT engine) needs to be fixed to use it\n\"A system that is 'all WX except where it's not' is the same as a system that's not WX. We've worked hard to provide a secure foundation for programs; we'd like to see them take advantage of it.\"\nThe work is being supported by the OpenBSD foundation, and we'll keep you updated on this undertaking as more news about it is released\nThere's also some discussion on Hacker News and Undeadly about it\n***\n\n\nNetBSD at Open Source Conference 2015 Tokyo\n\n\nThe Japanese NetBSD users group has once again invaded a conference, this time in Tokyo\nThere's even a spreadsheet of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around)\nIf you just can't get enough strange devices running BSD, check the mailing list post for lots of pictures\nTheir next target is, as you might guess, AsiaBSDCon 2015 - maybe we'll run into them\n***\n\n\nInterview - Sean Bruno - sbruno@freebsd.org / @franknbeans\n\nCross-compiling packages with poudriere and QEMU\n\n\n\nNews Roundup\n\nThe Crypto Bone\n\n\nThe Crypto Bone is a new device that's aimed at making encryption and secure communications easier and more accessible\nUnder the hood, it's actually just a Beaglebone board, running stock OpenBSD with a few extra packages\nIt includes a web interface for configuring keys and secure tunnels\nThe source code is freely available for anyone interested in hacking on it (or auditing the crypto), and there's a technical overview of how everything works on their site\nIf you don't want to teach your mom how to use PGP, buy her one of these(?)\n***\n\n\nBSD in the 2015 Google Summer of Code\n\n\nFor those who don't know, GSoC is a way for students to get paid to work on a coding project for an open source organization\nGood news: both FreeBSD and OpenBSD were accepted for the 2015 event\nFreeBSD has a wiki page of ideas for people to work on\nOpenBSD also has an ideas page where you can see some of the initial things that might be interesting\nIf you're a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it\nWho knows, you may even end up on the show if you work on a cool project\nGSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you'd like to hack on\n***\n\n\npfSense 2.3 roadmap\n\n\nThe pfSense team has posted a new blog entry, detailing some of their plans for future versions\nPPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions\nPBIs are scheduled to be replaced with native pkgng packages\nVersion 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely\nTheir ultimate goal is for pfSense to be a package you can install atop of a regular FreeBSD install, rather than a repackaged distribution\n***\n\n\nPCBSD 10.1.2 security features\n\n\nPCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post\nA new \"personacrypt\" utility is introduced, which allows for easy encryption and management of external drives for your home directory\nGoing along with this, it also has a \"stealth mode\" that allows for one-time temporary home directories (but it doesn't self-destruct, don't worry)\nThe LibreSSL integration also continues, and now packages will be built with it by default\nIf you're using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update\nThey've also been working on introducing some new options to enable tunneling your traffic through Tor\nThere will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week\nA small disclaimer: remember that many things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity\nLook forward to Kris wearing a Tor shirt in future episodes\n***\n\n\nFeedback/Questions\n\n\nAntonio writes in\nChris writes in\nVan writes in\nStu writes in\n***\n\n\nMailing List Gold\n\n\nH\nPay up, mister Free\nHeritage protected\nBlind leading the blind\nWhat are the chances\n***\n","content_html":"\u003cp\u003eComing up this time on the show, we\u0026#39;ll be talking to Sean Bruno. He\u0026#39;s been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We\u0026#39;ve also got answers to viewer-submitted questions and all this week\u0026#39;s news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2015.asiabsdcon.org/timetable.html.en\" rel=\"nofollow\"\u003eAsiaBSDCon 2015 schedule\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlmost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up\u003c/li\u003e\n\u003cli\u003eThis year\u0026#39;s conference will be between 12-15 March at the Tokyo University of Science in Japan\u003c/li\u003e\n\u003cli\u003eThe first and second days are for tutorials, as well as the developer summit and vendor summit\u003c/li\u003e\n\u003cli\u003eDays four and five are the main event with the presentations, which Kris and Allan both made the cut for once again\u003c/li\u003e\n\u003cli\u003eNot counting the ones that have yet to be revealed (as of the day we\u0026#39;re recording this), there will be thirty-six different talks in all - four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD\u003c/li\u003e\n\u003cli\u003eSummaries of all the presentations are on the timetable page if you scroll down a bit\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2015febupdate.pdf\" rel=\"nofollow\"\u003eFreeBSD foundation updates and more\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_04-from_the_foundation_1\" rel=\"nofollow\"\u003eFreeBSD foundation\u003c/a\u003e has posted a number of things this week, the first of which is their February 2015 status update\u003c/li\u003e\n\u003cli\u003eIt provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a FOSDEM recap and another update of their fundraising goal for 2015\u003c/li\u003e\n\u003cli\u003eThey also have two new blog posts: \u003ca href=\"http://freebsdfoundation.blogspot.com/2015/02/scale-13x-trip-report-michael-dexter.html\" rel=\"nofollow\"\u003ea trip report from SCALE13x\u003c/a\u003e and a featured \u0026quot;\u003ca href=\"http://freebsdfoundation.blogspot.com/2015/02/freebsd-from-trenches-zfs-and-how-to.html\" rel=\"nofollow\"\u003eFreeBSD in the trenches\u003c/a\u003e\u0026quot; article about how a small typo caused a lot of ZFS chaos in the cluster\u003c/li\u003e\n\u003cli\u003e\u0026quot;Then panic ensued.  The machine didn\u0026#39;t panic -- I did.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=142523501726732\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD improves browser security\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNo matter what OS you run on your desktop, the most likely entry point for an exploit these days is \u003cem\u003ealmost certainly\u003c/em\u003e the web browser\u003c/li\u003e\n\u003cli\u003eTed Unangst writes in to the OpenBSD misc list to introduce a new project he\u0026#39;s working on, simply titled \u0026quot;improving browser security\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe gives some background on the \u003ca href=\"https://en.wikipedia.org/wiki/W%5EX\" rel=\"nofollow\"\u003eW\u003csup\u003eX\u003c/sup\u003e memory protection\u003c/a\u003e in the base system, but also mentions that some applications in ports don\u0026#39;t adhere to it\u003c/li\u003e\n\u003cli\u003eFor it to be enforced globally instead of just recommended, at least one browser (or specifically, one \u003ca href=\"https://en.wikipedia.org/wiki/Just-in-time_compilation\" rel=\"nofollow\"\u003eJIT\u003c/a\u003e engine) needs to be fixed to use it\u003c/li\u003e\n\u003cli\u003e\u0026quot;A system that is \u0026#39;all W\u003csup\u003eX\u003c/sup\u003e except where it\u0026#39;s not\u0026#39; is the same as a system that\u0026#39;s not W\u003csup\u003eX.\u003c/sup\u003e We\u0026#39;ve worked hard to provide a secure foundation for programs; we\u0026#39;d like to see them take advantage of it.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe work is being supported by the \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2\" rel=\"nofollow\"\u003eOpenBSD foundation\u003c/a\u003e, and we\u0026#39;ll keep you updated on this undertaking as more news about it is released\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also some discussion \u003ca href=\"https://news.ycombinator.com/item?id=9128360\" rel=\"nofollow\"\u003eon Hacker News\u003c/a\u003e \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150303075848\u0026mode=expanded\" rel=\"nofollow\"\u003eand Undeadly\u003c/a\u003e about it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/02/28/msg000680.html\" rel=\"nofollow\"\u003eNetBSD at Open Source Conference 2015 Tokyo\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Japanese NetBSD users group has once again invaded a conference, this time in Tokyo\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s even a \u003ca href=\"https://docs.google.com/spreadsheets/d/1DTJbESfnOUgOiVkFG8vsrxTq6oCGRpf8PkRcMkhWYWQ/edit#gid=0\" rel=\"nofollow\"\u003espreadsheet\u003c/a\u003e of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around)\u003c/li\u003e\n\u003cli\u003eIf you just can\u0026#39;t get enough strange devices running BSD, check the mailing list post for lots of pictures\u003c/li\u003e\n\u003cli\u003eTheir next target is, as you might guess, AsiaBSDCon 2015 - maybe we\u0026#39;ll run into them\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Sean Bruno - \u003ca href=\"mailto:sbruno@freebsd.org\" rel=\"nofollow\"\u003esbruno@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/franknbeans\" rel=\"nofollow\"\u003e@franknbeans\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eCross-compiling packages with \u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003epoudriere\u003c/a\u003e and QEMU\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://crypto-bone.com/what.html\" rel=\"nofollow\"\u003eThe Crypto Bone\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Crypto Bone is a new \u003ca href=\"http://www.crypto-bone.com/\" rel=\"nofollow\"\u003edevice\u003c/a\u003e that\u0026#39;s aimed at making encryption and secure communications \u003ca href=\"http://crypto-bone.com/cbb-usersview.html\" rel=\"nofollow\"\u003eeasier\u003c/a\u003e and more accessible\u003c/li\u003e\n\u003cli\u003eUnder the hood, it\u0026#39;s actually just a \u003ca href=\"http://beagleboard.org/bone\" rel=\"nofollow\"\u003eBeaglebone\u003c/a\u003e board, running stock OpenBSD with a few extra packages\u003c/li\u003e\n\u003cli\u003eIt includes a \u003ca href=\"http://crypto-bone.com/release/root/var/www/apache/html/\" rel=\"nofollow\"\u003eweb interface\u003c/a\u003e for configuring keys and secure tunnels\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://crypto-bone.com/release/root/\" rel=\"nofollow\"\u003esource code\u003c/a\u003e is freely available for anyone interested in hacking on it (or auditing the crypto), and there\u0026#39;s \u003ca href=\"http://crypto-bone.com/cbb-technicalview.html\" rel=\"nofollow\"\u003ea technical overview\u003c/a\u003e of how everything works on their site\u003c/li\u003e\n\u003cli\u003eIf you don\u0026#39;t want to teach your mom how to use PGP, buy her one of these(?)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/about_page\" rel=\"nofollow\"\u003eBSD in the 2015 Google Summer of Code\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor those who don\u0026#39;t know, GSoC is a way for students to get paid to work on a coding project for an open source organization\u003c/li\u003e\n\u003cli\u003eGood news: both FreeBSD and OpenBSD were \u003ca href=\"https://www.google-melange.com/gsoc/org/list/public/google/gsoc2015\" rel=\"nofollow\"\u003eaccepted\u003c/a\u003e for the 2015 event\u003c/li\u003e\n\u003cli\u003eFreeBSD has \u003ca href=\"https://wiki.freebsd.org/SummerOfCodeIdeas\" rel=\"nofollow\"\u003ea wiki page\u003c/a\u003e of ideas for people to work on\u003c/li\u003e\n\u003cli\u003eOpenBSD also has \u003ca href=\"http://www.openbsdfoundation.org/gsoc2015.html\" rel=\"nofollow\"\u003ean ideas page\u003c/a\u003e where you can see some of the initial things that might be interesting\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it\u003c/li\u003e\n\u003cli\u003eWho knows, you may even \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_07-system_disaster\" rel=\"nofollow\"\u003eend up on the show\u003c/a\u003e if you work on a cool project\u003c/li\u003e\n\u003cli\u003eGSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you\u0026#39;d like to hack on\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1588\" rel=\"nofollow\"\u003epfSense 2.3 roadmap\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe pfSense team has posted a new blog entry, detailing some of their plans for future versions\u003c/li\u003e\n\u003cli\u003ePPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions\u003c/li\u003e\n\u003cli\u003ePBIs are scheduled to be replaced with native pkgng packages\u003c/li\u003e\n\u003cli\u003eVersion 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely\u003c/li\u003e\n\u003cli\u003eTheir ultimate goal is for pfSense to be a package you can install atop of a regular FreeBSD install, rather than a repackaged distribution\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/03/a-look-at-the-upcoming-features-for-10-1-2/\" rel=\"nofollow\"\u003ePCBSD 10.1.2 security features\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post\u003c/li\u003e\n\u003cli\u003eA new \u0026quot;personacrypt\u0026quot; utility is introduced, which allows for easy encryption and management of external drives for your home directory\u003c/li\u003e\n\u003cli\u003eGoing along with this, it also has a \u0026quot;stealth mode\u0026quot; that allows for one-time temporary home directories (but it doesn\u0026#39;t self-destruct, don\u0026#39;t worry)\u003c/li\u003e\n\u003cli\u003eThe LibreSSL integration also continues, and now packages will be built with it by default\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve also been working on introducing some new options to enable tunneling your traffic through Tor\u003c/li\u003e\n\u003cli\u003eThere will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week\u003c/li\u003e\n\u003cli\u003eA small disclaimer: remember that \u003cstrong\u003emany\u003c/strong\u003e things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity\u003c/li\u003e\n\u003cli\u003eLook forward to Kris wearing a \u003ca href=\"https://www.torproject.org/getinvolved/tshirt.html\" rel=\"nofollow\"\u003eTor shirt\u003c/a\u003e in future episodes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ofBPRT5n\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s26LsYcoJF\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s28Rho0jvL\" rel=\"nofollow\"\u003eVan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21AkGbniU\" rel=\"nofollow\"\u003eStu writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2015-February/098183.html\" rel=\"nofollow\"\u003eH\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-chat/2015-February/007024.html\" rel=\"nofollow\"\u003ePay up, mister Free\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.mail-archive.com/tech%40openbsd.org/msg22663.html\" rel=\"nofollow\"\u003eHeritage protected\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-questions/2015-February/264466.html\" rel=\"nofollow\"\u003eBlind leading the blind\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2015-February/068682.html\" rel=\"nofollow\"\u003eWhat are the chances\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this time on the show, we'll be talking to Sean Bruno. He's been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We've also got answers to viewer-submitted questions and all this week's news, on BSD Now - the place to B.. SD.","date_published":"2015-03-04T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cb3fc5ef-1795-4d76-8b42-56a205255a03.mp3","mime_type":"audio/mpeg","size_in_bytes":60830644,"duration_in_seconds":5069}]},{"id":"6999608e-fe27-4efa-96b0-eb1e928acf0a","title":"78: From the Foundation (Part 2)","url":"https://www.bsdnow.tv/78","content_text":"This week we continue our two-part series on the activities of various BSD foundations. Ken Westerback joins us today to talk all about the OpenBSD foundation and what it is they do. We've also got answers to your emails and all the latest news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan 2015 schedule\n\n\nThe list of presentations for the upcoming BSDCan conference has been posted, and the time schedule should be up shortly as well\nJust a reminder: it's going to be held on June 12th and 13th at the University of Ottawa in Canada\nThis year's conference will have a massive fifty talks, split up between four tracks instead of three (but unfortunately a person can only be in one place at a time)\nBoth Allan and Kris had at least one presentation accepted, and Allan will also be leading a few  \"birds of a feather\" gatherings\nIn total, there will be three NetBSD talks, five OpenBSD talks, eight BSD-neutral talks, thirty-five FreeBSD talks and no DragonFly talks\nThat's not the ideal balance we'd hope for, but BSDCan says they'll try to improve that next year\nThose numbers are based on the speaker's background, or any past presentations, for the few whose actual topic wasn't made obvious from the title (so there may be a small margin of error)\nMichael Lucas (who's on the BSDCan board) wrote up a blog post about the proposals and rejections this year\nIf you can't make it this year, don't worry, we'll be sure to announce the recordings when they're made available\nWe also interviewed Dan Langille about the conference and what to expect this year, so check that out too\n***\n\n\nSSL interception with relayd\n\n\nThere was a lot of commotion recently about superfish, a way that Lenovo was intercepting HTTPS traffic and injecting advertisements\nIf you're running relayd, you can mimic this evil setup on your own networks (just for testing of course…)\nReyk Floeter, the guy who wrote relayd, came up a blog post about how to do just that\nIt starts off with some backstory and some of the things relayd is capable of\nrelayd can run as an SSL server to terminate SSL connections and forward them as plain TCP and, conversely, run as an SSL client to terminal plain TCP connections and tunnel them through SSL\nWhen you combine these two, you end up with possibilities to filter between SSL connections, effectively creating a MITM scenario\nThe post is very long, with lots of details and some sample config files - the whole nine yards\n***\n\n\nOPNsense 15.1.6.1 released\n\n\nThe OPNsense team has released yet another version in rapid succession, but this one has some big changes\nIt's now based on FreeBSD 10.1, with all the latest security patches and driver updates (as well as some in-house patches)\nThis version also features a new tool for easily upgrading between versions, simply called \"opnsense-update\" (similar to freebsd-update)\nIt also includes security fixes for BIND and PHP, as well as some other assorted bug fixes\nThe installation images have been laid out in a clean way: standard CD and USB images that default to VGA, as well as USB images that default to a console output (for things like Soekris and PCEngines APU boards that only have serial ports)\nWith the news of m0n0wall shutting down last week, they've also released bare minimum hardware specifications required to run OPNsense on embedded devices\nEncouraged by last week's mention of PCBSD trying to cut ties with OpenSSL, OPNsense is also now providing experimental images built against LibreSSL for testing (and have instructions on how to switch over without reinstalling)\n***\n\n\nOpenBSD on a Minnowboard Max\n\n\nWhat would our show be without at least one story about someone installing BSD on a weird device\nFor once, it's actually not NetBSD…\nThis article is about the minnowboard max, a very small X86-based motherboard that looks vaguely similar to a Raspberry Pi\nIt's using an Atom CPU instead of ARM, so overall application compatibility should be a bit better (and it even has AES-NI, so crypto performance will be much better than a normal Atom)\nThe author describes his entirely solid-state setup, noting that there's virtually no noise, no concern about hard drives dying and very reasonable power usage\nYou'll find instructions on how to get OpenBSD installed and going throughout the rest of the article\nHave a look at the spec sheet if you're interested, they make for cool little BSD boxes\n***\n\n\nNetmap for 40gbit NICs in FreeBSD\n\n\nLuigi Rizzo posted an announcement to the -current mailing list, detailing some of the work he's just committed\nThe ixl(4) driver, that's one for the X1710 40-gigabit card, now has netmap support\nIt's currently in 11-CURRENT, but he says it works in 10-STABLE and will be committed there too\nThis should make for some serious packet-pushing power\nIf you have any network hardware like this, he would appreciate testing for the new code\n***\n\n\nInterview - Ken Westerback - directors@openbsdfoundation.org\n\nThe OpenBSD foundation's activities\n\n\n\nNews Roundup\n\ns2k15 hackathon report: dhclient/dhcpd/fdisk\n\n\nThe second trip report from the recent OpenBSD hackathon has been published, from the very same guy we just talked to\nKen was also busy, getting a few networking-related things fixed and improved in the base system\nHe wrote a few new small additions for dhclient and beefed up the privsep security, as well as some fixes for tcpdump and dhcpd\nThe fdisk tool also got worked on a bit, enabling OpenBSD to properly wipe GPT tables on a previously-formatted disk so you can do a normal install on it\nThere's apparently plans for \"dhclientng\" - presumably a big improvement (rewrite?) of dhclient\n***\n\n\nFreeBSD beginner video series\n\n\nA new series of videos has started on YouTube, aimed at helping total beginners learn about FreeBSD\nWe usually assume that people who watch the show are already familiar with basic concepts, but they'd be a great introduction to any of your friends that are looking to get started with BSD and need a helping hand\nSo far, he's covered how to get FreeBSD, an introduction to installing in VirtualBox, a simple installation or a more in-depth manual installation, navigating the filesystem, basic ssh use, managing users and groups and finally some basic editing with vi and a few other topics\nEveryone's gotta start somewhere and, with a little bit of initial direction, today's newbies could be tomorrow's developers\nIt should be an ongoing series with more topics to come\n***\n\n\nNetBSD tests: zero unexpected failures\n\n\nThe NetBSD guys have a new blog post up about their testing suite for all the CPU architectures\nThey've finally gotten the number of \"expected\" failures down to zero on a few select architectures\nResults are published on a special release engineering page, so you can have a look if you're interested\nThe rest of the post links to the \"top performers\" (ones with less than ten failure) in the -current branch\n***\n\n\nPCBSD switches to IPFW\n\n\nThe PCBSD crew continues their recent series of switching between major competing features\nThis time, they've switched the default firewall away from PF to FreeBSD's native IPFW firewall\nLook forward to Kris wearing a \"keep calm and use IPFW\" shir- wait\n***\n\n\nFeedback/Questions\n\n\nSean writes in\nDan writes in\nFlorian writes in\nSean writes in\nChris writes in\n***\n\n\nMailing List Gold\n\n\nVCS flamebait\nHidden agenda\n***\n","content_html":"\u003cp\u003eThis week we continue our two-part series on the activities of various BSD foundations. Ken Westerback joins us today to talk all about the OpenBSD foundation and what it is they do. We\u0026#39;ve also got answers to your emails and all the latest news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2015/schedule/\" rel=\"nofollow\"\u003eBSDCan 2015 schedule\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe list of presentations for the upcoming BSDCan conference has been posted, and the time schedule should be up shortly as well\u003c/li\u003e\n\u003cli\u003eJust a reminder: it\u0026#39;s going to be held on June 12th and 13th at the University of Ottawa in Canada\u003c/li\u003e\n\u003cli\u003eThis year\u0026#39;s conference will have a massive \u003cstrong\u003efifty\u003c/strong\u003e talks, split up between four tracks instead of three (but unfortunately a person can only be in one place at a time)\u003c/li\u003e\n\u003cli\u003eBoth Allan and Kris had at least one presentation accepted, and Allan will also be leading a few  \u0026quot;birds of a feather\u0026quot; gatherings\u003c/li\u003e\n\u003cli\u003eIn total, there will be three NetBSD talks, five OpenBSD talks, eight BSD-neutral talks, thirty-five FreeBSD talks and no DragonFly talks\u003c/li\u003e\n\u003cli\u003eThat\u0026#39;s not the \u003ca href=\"https://twitter.com/bsdcan/status/570394627158773760\" rel=\"nofollow\"\u003eideal balance\u003c/a\u003e we\u0026#39;d hope for, but \u003ca href=\"https://twitter.com/bsdcan/status/570398181864972288\" rel=\"nofollow\"\u003eBSDCan says\u003c/a\u003e they\u0026#39;ll try to improve that next year\u003c/li\u003e\n\u003cli\u003eThose numbers are based on the speaker\u0026#39;s background, or any past presentations, for the few whose actual topic wasn\u0026#39;t made obvious from the title (so there may be a small margin of error)\u003c/li\u003e\n\u003cli\u003eMichael Lucas (who\u0026#39;s on the BSDCan board) wrote up \u003ca href=\"http://blather.michaelwlucas.com/archives/2325\" rel=\"nofollow\"\u003ea blog post\u003c/a\u003e about the proposals and rejections this year\u003c/li\u003e\n\u003cli\u003eIf you can\u0026#39;t make it this year, don\u0026#39;t worry, we\u0026#39;ll be sure to announce the recordings when they\u0026#39;re made available\u003c/li\u003e\n\u003cli\u003eWe also \u003ca href=\"http://www.bsdnow.tv/episodes/2014_12_31-daemons_in_the_north\" rel=\"nofollow\"\u003einterviewed Dan Langille\u003c/a\u003e about the conference and what to expect this year, so check that out too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.reykfloeter.com/post/41814177050/relayd-ssl-interception\" rel=\"nofollow\"\u003eSSL interception with relayd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was a lot of commotion recently about \u003ca href=\"http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/\" rel=\"nofollow\"\u003esuperfish\u003c/a\u003e, a way that Lenovo was intercepting HTTPS traffic and injecting advertisements\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re running \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8\" rel=\"nofollow\"\u003erelayd\u003c/a\u003e, you can mimic this \u003cem\u003eevil\u003c/em\u003e setup on your own networks (just for testing of course…)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_03-its_hammer_time\" rel=\"nofollow\"\u003eReyk Floeter\u003c/a\u003e, the guy who wrote relayd, came up a blog post about how to do \u003ca href=\"https://gist.github.com/reyk/4b42858d1eab3825f9bc#file-relayd-superfish-conf\" rel=\"nofollow\"\u003ejust that\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt starts off with some backstory and some of the things relayd is capable of\u003c/li\u003e\n\u003cli\u003erelayd can run as an SSL server to terminate SSL connections and forward them as plain TCP and, conversely, run as an SSL client to terminal plain TCP connections and tunnel them through SSL\u003c/li\u003e\n\u003cli\u003eWhen you combine these two, you end up with possibilities to filter between SSL connections, effectively creating a MITM scenario\u003c/li\u003e\n\u003cli\u003eThe post is very long, with lots of \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=135887624714548\u0026w=2\" rel=\"nofollow\"\u003edetails\u003c/a\u003e and some sample config files - the whole nine yards\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=77.0\" rel=\"nofollow\"\u003eOPNsense 15.1.6.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OPNsense team has released yet another version in rapid succession, but this one has some big changes\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s now based on FreeBSD 10.1, with all the latest security patches and driver updates (as well as some in-house patches)\u003c/li\u003e\n\u003cli\u003eThis version also features a new tool for easily upgrading between versions, simply called \u0026quot;opnsense-update\u0026quot; (similar to freebsd-update)\u003c/li\u003e\n\u003cli\u003eIt also includes \u003cstrong\u003esecurity\u003c/strong\u003e fixes \u003ca href=\"https://kb.isc.org/article/AA-01235\" rel=\"nofollow\"\u003efor BIND\u003c/a\u003e \u003ca href=\"http://php.net/ChangeLog-5.php#5.6.6\" rel=\"nofollow\"\u003eand PHP\u003c/a\u003e, as well as some other assorted bug fixes\u003c/li\u003e\n\u003cli\u003eThe installation images have been laid out in a clean way: standard CD and USB images that default to VGA, as well as USB images that default to a console output (for things like Soekris and PCEngines APU boards that only have serial ports)\u003c/li\u003e\n\u003cli\u003eWith the news of m0n0wall shutting down last week, they\u0026#39;ve also released bare minimum hardware specifications required to run OPNsense on embedded devices\u003c/li\u003e\n\u003cli\u003eEncouraged by last week\u0026#39;s mention of PCBSD trying to cut ties with OpenSSL, OPNsense is also now providing experimental \u003ca href=\"https://forum.opnsense.org/index.php?topic=78.0\" rel=\"nofollow\"\u003eimages built against LibreSSL\u003c/a\u003e for testing (and have instructions on how to switch over without reinstalling)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.countersiege.com/2015/02/22/minnowboard_max_openbsd.html\" rel=\"nofollow\"\u003eOpenBSD on a Minnowboard Max\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhat would our show be without at least one story about someone installing BSD on a weird device\u003c/li\u003e\n\u003cli\u003eFor once, it\u0026#39;s actually not NetBSD…\u003c/li\u003e\n\u003cli\u003eThis article is about the \u003ca href=\"http://www.minnowboard.org/meet-minnowboard-max/\" rel=\"nofollow\"\u003eminnowboard max\u003c/a\u003e, a very small X86-based motherboard that looks vaguely similar to a Raspberry Pi\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s using an Atom CPU instead of ARM, so overall application compatibility should be a bit better (and it even has AES-NI, so crypto performance will be much better than a normal Atom)\u003c/li\u003e\n\u003cli\u003eThe author describes his entirely solid-state setup, noting that there\u0026#39;s virtually no noise, no concern about hard drives dying and very reasonable power usage\u003c/li\u003e\n\u003cli\u003eYou\u0026#39;ll find instructions on how to get OpenBSD installed and going throughout the rest of the article\u003c/li\u003e\n\u003cli\u003eHave a look at the spec sheet if you\u0026#39;re interested, they make for cool little BSD boxes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054717.html\" rel=\"nofollow\"\u003eNetmap for 40gbit NICs in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLuigi Rizzo posted an announcement to the -current mailing list, detailing some of the work he\u0026#39;s just committed\u003c/li\u003e\n\u003cli\u003eThe ixl(4) driver, that\u0026#39;s one for the X1710 40-gigabit card, now has netmap support\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s currently in 11-CURRENT, but he says it works in 10-STABLE and will be committed there too\u003c/li\u003e\n\u003cli\u003eThis should make for some serious packet-pushing power\u003c/li\u003e\n\u003cli\u003eIf you have any network hardware like this, he would appreciate testing for the new code\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ken Westerback - \u003ca href=\"mailto:directors@openbsdfoundation.org\" rel=\"nofollow\"\u003edirectors@openbsdfoundation.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.openbsdfoundation.org/donations.html\" rel=\"nofollow\"\u003eThe OpenBSD foundation\u003c/a\u003e\u0026#39;s activities\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150221222235\" rel=\"nofollow\"\u003es2k15 hackathon report: dhclient/dhcpd/fdisk\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe second trip report from the recent OpenBSD hackathon has been published, from the very same guy we just talked to\u003c/li\u003e\n\u003cli\u003eKen was also busy, getting a few networking-related things fixed and improved in the base system\u003c/li\u003e\n\u003cli\u003eHe wrote a few new small additions for dhclient and beefed up the privsep security, as well as some fixes for tcpdump and dhcpd\u003c/li\u003e\n\u003cli\u003eThe fdisk tool also got worked on a bit, enabling OpenBSD to properly wipe GPT tables on a previously-formatted disk so you can do a normal install on it\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s apparently plans for \u0026quot;dhclientng\u0026quot; - presumably a big improvement (rewrite?) of dhclient\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/user/bsdtutorial/videos\" rel=\"nofollow\"\u003eFreeBSD beginner video series\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new series of videos has started on YouTube, aimed at helping total beginners learn about FreeBSD\u003c/li\u003e\n\u003cli\u003eWe usually assume that people who watch the show are already familiar with basic concepts, but they\u0026#39;d be a great introduction to any of your friends that are looking to get started with BSD and need a helping hand\u003c/li\u003e\n\u003cli\u003eSo far, he\u0026#39;s covered \u003ca href=\"https://www.youtube.com/watch?v=D26rOHkI-iE\" rel=\"nofollow\"\u003ehow to get FreeBSD\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=PCyYW19bPDU\" rel=\"nofollow\"\u003ean introduction to installing in VirtualBox\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=HCE89kObutA\" rel=\"nofollow\"\u003ea simple installation\u003c/a\u003e or a more in-depth \u003ca href=\"https://www.youtube.com/watch?v=OwqCjz9Fgao\" rel=\"nofollow\"\u003emanual installation\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=6YJhdOGjN50\" rel=\"nofollow\"\u003enavigating the filesystem\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=Yl5Bg2qz21I\" rel=\"nofollow\"\u003ebasic ssh use\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=ioB73i7QUjI\" rel=\"nofollow\"\u003emanaging users and groups\u003c/a\u003e and finally some \u003ca href=\"https://www.youtube.com/watch?v=VxxbO-gt9FA\" rel=\"nofollow\"\u003ebasic editing\u003c/a\u003e \u003ca href=\"https://www.youtube.com/watch?v=16FNtCj-uS4\" rel=\"nofollow\"\u003ewith vi\u003c/a\u003e and a few other topics\u003c/li\u003e\n\u003cli\u003eEveryone\u0026#39;s gotta start somewhere and, with a little bit of initial direction, today\u0026#39;s newbies could be tomorrow\u0026#39;s developers\u003c/li\u003e\n\u003cli\u003eIt should be an ongoing series with more topics to come\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/regular_test_runs_down_to\" rel=\"nofollow\"\u003eNetBSD tests: zero unexpected failures\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe NetBSD guys have a new blog post up about their \u003ca href=\"http://wiki.netbsd.org/tutorials/atf/\" rel=\"nofollow\"\u003etesting suite\u003c/a\u003e for all the CPU architectures\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve finally gotten the number of \u0026quot;expected\u0026quot; failures down to zero on a few select architectures\u003c/li\u003e\n\u003cli\u003eResults are \u003ca href=\"http://releng.netbsd.org/test-results.html\" rel=\"nofollow\"\u003epublished\u003c/a\u003e on a special release engineering page, so you can have a look if you\u0026#39;re interested\u003c/li\u003e\n\u003cli\u003eThe rest of the post links to the \u0026quot;top performers\u0026quot; (ones with less than ten failure) in the -current branch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/pcbsd/pcbsd/commit/b80f78d8a5d002396c28ac0e5fd6f69699beaace\" rel=\"nofollow\"\u003ePCBSD switches to IPFW\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe PCBSD crew continues their recent series of switching between major competing features\u003c/li\u003e\n\u003cli\u003eThis time, they\u0026#39;ve switched the default firewall away from PF to FreeBSD\u0026#39;s native IPFW firewall\u003c/li\u003e\n\u003cli\u003eLook forward to Kris wearing a \u0026quot;keep calm and use IPFW\u0026quot; shir- wait\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21U6Ln6wC\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Kp0xdfIb\" rel=\"nofollow\"\u003eDan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s216DcA8DP\" rel=\"nofollow\"\u003eFlorian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s271iJjqtQ\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21zerHI9P\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=142454205416445\u0026w=2\" rel=\"nofollow\"\u003eVCS flamebait\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-gnome/2015-February/031561.html\" rel=\"nofollow\"\u003eHidden agenda\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we continue our two-part series on the activities of various BSD foundations. Ken Westerback joins us today to talk all about the OpenBSD foundation and what it is they do. We've also got answers to your emails and all the latest news, on BSD Now - the place to B.. SD.","date_published":"2015-02-25T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6999608e-fe27-4efa-96b0-eb1e928acf0a.mp3","mime_type":"audio/mpeg","size_in_bytes":50146996,"duration_in_seconds":4178}]},{"id":"7f831a01-7c9e-48e5-8400-717e0198fc07","title":"77: Noah's L2ARC","url":"https://www.bsdnow.tv/77","content_text":"This week on the show, we'll be chatting with Alex Reece and Matt Ahrens about what's new in the world of OpenZFS. After that, we're starting a new tutorial series on submitting your first patch. All the latest BSD news and answers to your emails, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nRevisiting FreeBSD after 20 years\n\n\nWith comments like \"has Linux lost its way?\" floating around, a Debian developer was prompted to revisit FreeBSD after nearly two decades\nThis blog post goes through his experiences trying out a modern BSD variant, and includes the good, the bad and the ugly - not just praise this time\nHe loves ZFS and the beadm tool, and finds the FreeBSD implementation to be much more stable than ZoL\nOn the topic of jails, he summarizes: \"Linux has tried so hard to get this right, and fallen on its face so many times, a person just wants to take pity sometimes. We’ve had linux-vserver, openvz, lxc, and still none of them match what FreeBSD jails have done for a long time.\"\nThe post also goes through the \"just plain different\" aspects of a complete OS vs. a distribution of various things pieced together\nFinally, he includes some things he wasn't so happy about: subpar laptop support, virtualization being a bit behind, a myriad of complaints about pkgng and a few other things\nThere was some decent discussion on Hacker News about this article too, with counterpoints from both sides\n***\n\n\ns2k15 hackathon report: network stack SMP\n\n\nThe first trip report from the recent OpenBSD hackathon in Australia has finally been submitted\nOne of the themes of this hackathon was SMP (symmetric multiprocessing) improvement, and Martin Pieuchot did some hacking on the network stack\nIf you're not familiar with him, he gave a presentation at EuroBSDCon last year, titled Taming OpenBSD Network Stack Dragons\nTeaming up with David Gwynne, they worked on getting some bits of the networking code out of the big lock\nHopefully more trip reports will be sent in during the coming weeks\nMost of the big code changes should probably appear after the 5.7-release testing period\n***\n\n\nFrom BIND to NSD and Unbound\n\n\nIf you've been running a DNS server on any of the BSDs, you've probably noticed a semi-recent trend: BIND being replaced with Unbound\nBIND was ripped out in FreeBSD 10.0 and will be gone in OpenBSD 5.7, but both systems include Unbound now as an alternative\nOpenBSD goes a step further, also including NSD in the base system, whereas you'll need to install that from ports on FreeBSD\nInstead of one daemon doing everything like BIND tried to do, this new setup splits the authoritative nameserver and the caching resolver into two separate daemons \nThis post takes you through the transitional phase of going from a single BIND setup to a combination of NSD and Unbound\nAll in all, everyone wins here, as there will be a lot less security advisories in both BSDs because of it...\n***\n\n\nm0n0wall calls it quits\n\n\nThe original, classic BSD firewall distribution m0n0wall has finally decided to close up shop\nFor those unfamiliar, m0n0wall was a FreeBSD-based firewall project that put a lot of focus on embedded devices: running from a CF card, CD, USB drive or even a floppy disk\nIt started over twelve years ago, which is pretty amazing when you consider that's around half of FreeBSD itself's lifespan\nThe project was probably a lot of people's first encounter with BSD in any form\nIf you were a m0n0wall user, fear not, you've got plenty of choices for a potential replacement: doing it yourself with something like FreeBSD or OpenBSD, or going the premade route with something like pfSense, OPNsense or the BSD Router Project\nThe founder's announcement includes these closing words: \"m0n0wall has served as the seed for several other well known open source projects, like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense, aims to continue the open source spirit of m0n0wall while updating the technology to be ready for the future. In my view, it is the perfect way to bring the m0n0wall idea into 2015, and I encourage all current m0n0wall users to check out OPNsense and contribute if they can.\"\nWhile m0n0wall didn't get a lot of on-air mention, surely a lot of our listeners will remember it fondly\n***\n\n\nInterview - Alex Reece \u0026amp; Matt Ahrens - alex@delphix.com \u0026amp; matt@delphix.com / @openzfs\n\nWhat's new in OpenZFS\n\n\n\nTutorial\n\nMaking your first patch (OpenBSD)\n\n\n\nNews Roundup\n\nOverlaying remote LANs with OpenBSD's VXLAN\n\n\nHave you ever wanted to \"merge\" multiple remote LANs? OpenBSD's vxlan(4) is exactly what you need\nThis article talks about using it to connect two virtualized infrastructures on different ESXi servers\nIt gives a bit of networking background first, in case you're not quite up to speed on all this stuff\nThis tool opens up a lot of very cool possibilities, even possibly doing a \"remote\" LAN party\nBe sure to check the AsiaBSDCon talk about VXLANs if you haven't already\n***\n\n\n2020, year of the PCBSD desktop\n\n\nHere we have a blog post about BSD on the desktop, straight from a KDE developer\nHe predicts that PCBSD is going to take off before the year 2020, possibly even overtaking Linux's desktop market share (small as it may be)\nWith PCBSD making a preconfigured FreeBSD desktop a reality, and the new KMS work, the author is impressed with how far BSD has come as a viable desktop option\nZFS and easy-to-use boot environments top the list of things he says differentiate the BSD desktop experience from the Linux one\nThere was also some discussion on Slashdot that might be worth reading\n***\n\n\nOpenSSH host key rotation, redux\n\n\nWe mentioned the new OpenSSH host key rotation and other goodies in a previous episode, but things have changed a little bit since then\ndjm says \"almost immediately after smugly declaring 'mission accomplished', the bug reports started rolling in.\"\nThere were some initial complaints from developers about the new options, and a serious bug shortly thereafter\nAfter going back to the drawing board, he refactored some of the new code (and API) and added some more regression tests\nMost importantly, the bigger big fix was described as: \"a malicious server (say, \"host-a\") could advertise the public key of another server (say, \"host-b\"). Then, when the client subsequently connects back to host-a, instead of answering the connection as usual itself, host-a could proxy the connection to host-b. This would cause the user to connect to host-b when they think they are connecting to host-a, which is a violation of the authentication the host key is supposed to provide.\"\nNone of this code has been in a formal OpenSSH release just yet, but hopefully it will soon\n***\n\n\nPCBSD tries out LibreSSL\n\n\nPCBSD users may soon be seeing a lot less security problems because of two recent changes\nAfter switching over to OpenNTPD last week, PCBSD decides to give the portable LibreSSL a try too\nNote that this is only for the packages built from ports, not the base system unfortunately\nThey're not the first ones to do this - OPNsense has been experimenting with replacing OpenSSL in their ports tree for a little while now, and of course all of OpenBSD's ports are built against it\nA good number of patches are still not committed in vanilla FreeBSD ports, so they had to borrow some from Bugzilla\nLook forward to Kris wearing a \"keep calm and abandon OpenSSL\" shirt in the near future\n***\n\n\nFeedback/Questions\n\n\nBenjamin writes in\nMike writes in\nBrad writes in\n***\n\n\nMailing List Gold\n\n\nDebian Dejavu\nPackage gone missing\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ll be chatting with Alex Reece and Matt Ahrens about what\u0026#39;s new in the world of OpenZFS. After that, we\u0026#39;re starting a new tutorial series on submitting your first patch. All the latest BSD news and answers to your emails, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://changelog.complete.org/archives/9317-has-linux-lost-its-way-comments-prompt-a-debian-developer-to-revisit-freebsd-after-20-years\" rel=\"nofollow\"\u003eRevisiting FreeBSD after 20 years\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith comments like \u0026quot;has Linux lost its way?\u0026quot; floating around, a Debian developer was prompted to revisit FreeBSD after nearly two decades\u003c/li\u003e\n\u003cli\u003eThis blog post goes through his experiences trying out a modern BSD variant, and includes the good, the bad and the ugly - not just praise this time\u003c/li\u003e\n\u003cli\u003eHe loves ZFS and the beadm tool, and finds the FreeBSD implementation to be much more stable than ZoL\u003c/li\u003e\n\u003cli\u003eOn the topic of jails, he summarizes: \u0026quot;Linux has tried so hard to get this right, and fallen on its face so many times, a person just wants to take pity sometimes. We’ve had linux-vserver, openvz, lxc, and still none of them match what FreeBSD jails have done for a long time.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe post also goes through the \u0026quot;just plain different\u0026quot; aspects of a complete OS vs. a distribution of various things pieced together\u003c/li\u003e\n\u003cli\u003eFinally, he includes some things he wasn\u0026#39;t so happy about: subpar laptop support, virtualization being a bit behind, a \u003cem\u003emyriad\u003c/em\u003e of complaints about pkgng and a few other things\u003c/li\u003e\n\u003cli\u003eThere was some \u003ca href=\"https://news.ycombinator.com/item?id=9063216\" rel=\"nofollow\"\u003edecent discussion\u003c/a\u003e on Hacker News about this article too, with counterpoints from both sides\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20150218085759\" rel=\"nofollow\"\u003es2k15 hackathon report: network stack SMP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe first trip report from the recent OpenBSD hackathon in Australia has finally been submitted\u003c/li\u003e\n\u003cli\u003eOne of the themes of this hackathon was SMP (symmetric multiprocessing) improvement, and Martin Pieuchot did some hacking on the network stack\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re not familiar with him, he gave a \u003ca href=\"http://www.openbsd.org/papers/tamingdragons.pdf\" rel=\"nofollow\"\u003epresentation\u003c/a\u003e at EuroBSDCon last year, titled \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/03.Saturday/03.Taming%20OpenBSD%20Network%20Stack%20Dragons%20-%20Martin%20Pieuchot.mp4\" rel=\"nofollow\"\u003eTaming OpenBSD Network Stack Dragons\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTeaming up with David Gwynne, they worked on getting some bits of the networking code out of the \u003ca href=\"https://en.wikipedia.org/wiki/Giant_lock\" rel=\"nofollow\"\u003ebig lock\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHopefully more trip reports will be sent in during the coming weeks\u003c/li\u003e\n\u003cli\u003eMost of the big code changes should probably appear after the 5.7-release testing period\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tumfatig.net/20150215/bind-nsd-unbound-openbsd-5-6/\" rel=\"nofollow\"\u003eFrom BIND to NSD and Unbound\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve been running a DNS server on any of the BSDs, you\u0026#39;ve probably noticed a semi-recent trend: BIND being replaced with Unbound\u003c/li\u003e\n\u003cli\u003eBIND was ripped out in FreeBSD 10.0 and will be gone in OpenBSD 5.7, but both systems include Unbound now as an alternative\u003c/li\u003e\n\u003cli\u003eOpenBSD goes a step further, also including NSD in the base system, whereas you\u0026#39;ll need to install that from ports on FreeBSD\u003c/li\u003e\n\u003cli\u003eInstead of one daemon doing everything like BIND tried to do, this new setup splits the authoritative nameserver and the caching resolver into two separate daemons \u003c/li\u003e\n\u003cli\u003eThis post takes you through the transitional phase of going from a single BIND setup to a combination of NSD and Unbound\u003c/li\u003e\n\u003cli\u003eAll in all, everyone wins here, as there will be a lot less security advisories in both BSDs because of it...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://m0n0.ch/wall/end_announcement.php\" rel=\"nofollow\"\u003em0n0wall calls it quits\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe original, classic BSD firewall distribution \u003ca href=\"https://en.wikipedia.org/wiki/M0n0wall\" rel=\"nofollow\"\u003em0n0wall\u003c/a\u003e has finally decided to close up shop\u003c/li\u003e\n\u003cli\u003eFor those unfamiliar, m0n0wall was a FreeBSD-based firewall project that put a lot of focus on embedded devices: running from a CF card, CD, USB drive or \u003cstrong\u003eeven a floppy disk\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eIt started over twelve years ago, which is pretty amazing when you consider that\u0026#39;s around half of FreeBSD itself\u0026#39;s lifespan\u003c/li\u003e\n\u003cli\u003eThe project was probably a lot of people\u0026#39;s first encounter with BSD in any form\u003c/li\u003e\n\u003cli\u003eIf you were a m0n0wall user, fear not, you\u0026#39;ve got \u003cem\u003eplenty\u003c/em\u003e of choices for a potential replacement: doing it yourself with something like \u003ca href=\"http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e or \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eOpenBSD\u003c/a\u003e, or going the premade route with something like \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense\" rel=\"nofollow\"\u003epfSense\u003c/a\u003e, \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach\" rel=\"nofollow\"\u003eOPNsense\u003c/a\u003e or the \u003ca href=\"http://www.bsdnow.tv/episodes/2014_10_22-dont_buy_a_router\" rel=\"nofollow\"\u003eBSD Router Project\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe founder\u0026#39;s announcement includes these closing words: \u0026quot;m0n0wall has served as the seed for several other well known open source projects, like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense, aims to continue the open source spirit of m0n0wall while updating the technology to be ready for the future. In my view, it is the perfect way to bring the m0n0wall idea into 2015, and I encourage all current m0n0wall users to check out OPNsense and contribute if they can.\u0026quot;\u003c/li\u003e\n\u003cli\u003eWhile m0n0wall didn\u0026#39;t get a lot of on-air mention, surely a lot of our listeners will remember it fondly\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Alex Reece \u0026amp; Matt Ahrens - \u003ca href=\"mailto:alex@delphix.com\" rel=\"nofollow\"\u003ealex@delphix.com\u003c/a\u003e \u0026amp; \u003ca href=\"mailto:matt@delphix.com\" rel=\"nofollow\"\u003ematt@delphix.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/openzfs\" rel=\"nofollow\"\u003e@openzfs\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eWhat\u0026#39;s new in OpenZFS\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/patching-obsd\" rel=\"nofollow\"\u003eMaking your first patch (OpenBSD)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.echothrust.com/blogs/using-openbsd-and-vxlan-overlay-remote-lans\" rel=\"nofollow\"\u003eOverlaying remote LANs with OpenBSD\u0026#39;s VXLAN\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHave you ever wanted to \u0026quot;merge\u0026quot; multiple remote LANs? OpenBSD\u0026#39;s \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/vxlan.4\" rel=\"nofollow\"\u003evxlan(4)\u003c/a\u003e is exactly what you need\u003c/li\u003e\n\u003cli\u003eThis article talks about using it to connect two virtualized infrastructures on different ESXi servers\u003c/li\u003e\n\u003cli\u003eIt gives a bit of networking background first, in case you\u0026#39;re not quite up to speed on all this stuff\u003c/li\u003e\n\u003cli\u003eThis tool opens up a lot of very cool possibilities, even possibly doing a \u0026quot;remote\u0026quot; LAN party\u003c/li\u003e\n\u003cli\u003eBe sure to check the \u003ca href=\"https://www.youtube.com/watch?v=ufeEP_hzFN0\" rel=\"nofollow\"\u003eAsiaBSDCon talk\u003c/a\u003e about VXLANs if you haven\u0026#39;t already\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lukewolf.blogspot.com/2015/02/a-prediction-2020-year-of-pc-bsd-on.html\" rel=\"nofollow\"\u003e2020, year of the PCBSD desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere we have a blog post about BSD on the desktop, straight from a KDE developer\u003c/li\u003e\n\u003cli\u003eHe predicts that PCBSD is going to take off before the year 2020, possibly even overtaking Linux\u0026#39;s desktop market share (small as it may be)\u003c/li\u003e\n\u003cli\u003eWith PCBSD making a preconfigured FreeBSD desktop a reality, and the new KMS work, the author is impressed with how far BSD has come as a viable desktop option\u003c/li\u003e\n\u003cli\u003eZFS and easy-to-use boot environments top the list of things he says differentiate the BSD desktop experience from the Linux one\u003c/li\u003e\n\u003cli\u003eThere was also some \u003ca href=\"http://bsd.slashdot.org/story/15/02/16/2355236/pc-bsd-set-for-serious-growth\" rel=\"nofollow\"\u003ediscussion on Slashdot\u003c/a\u003e that might be worth reading\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.djm.net.au/2015/02/hostkey-rotation-redux.html\" rel=\"nofollow\"\u003eOpenSSH host key rotation, redux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned the new OpenSSH host key rotation and other goodies in \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_04-from_the_foundation_1\" rel=\"nofollow\"\u003ea previous episode\u003c/a\u003e, but things have changed a little bit since then\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003edjm\u003c/a\u003e says \u0026quot;almost immediately after smugly declaring \u0026#39;mission accomplished\u0026#39;, the bug reports started rolling in.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere were some initial complaints from developers about the new options, and a serious bug shortly thereafter\u003c/li\u003e\n\u003cli\u003eAfter going back to the drawing board, he refactored some of the new code (and API) and added some more regression tests\u003c/li\u003e\n\u003cli\u003eMost importantly, the bigger big fix was described as: \u0026quot;a malicious server (say, \u0026quot;host-a\u0026quot;) could advertise the public key of another server (say, \u0026quot;host-b\u0026quot;). Then, when the client subsequently connects back to host-a, instead of answering the connection as usual itself, host-a could proxy the connection to host-b. This would cause the user to connect to host-b when they think they are connecting to host-a, which is a violation of the authentication the host key is supposed to provide.\u0026quot;\u003c/li\u003e\n\u003cli\u003eNone of this code has been in a formal OpenSSH release just yet, but hopefully it will soon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/pcbsd/pcbsd/commit/6ede13117dcee1272d7a7060b16818506874286e\" rel=\"nofollow\"\u003ePCBSD tries out LibreSSL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePCBSD users may soon be seeing a lot less security problems because of two recent changes\u003c/li\u003e\n\u003cli\u003eAfter switching over to OpenNTPD \u003ca href=\"http://www.bsdnow.tv/episodes/2015_02_11-time_for_a_change\" rel=\"nofollow\"\u003elast week\u003c/a\u003e, PCBSD decides to give the \u003ca href=\"http://www.bsdnow.tv/episodes/2014_07_30-liberating_ssl\" rel=\"nofollow\"\u003eportable LibreSSL\u003c/a\u003e a try too\u003c/li\u003e\n\u003cli\u003eNote that this is only for the packages built from ports, not the base system unfortunately\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re not the first ones to do this - OPNsense has been experimenting with replacing OpenSSL in their ports tree for a little while now, and of course all of OpenBSD\u0026#39;s ports are built against it\u003c/li\u003e\n\u003cli\u003eA good \u003ca href=\"https://github.com/pcbsd/freebsd-ports/commit/2eee669f4d6ab9a641162ecda29b62ab921438eb\" rel=\"nofollow\"\u003enumber of patches\u003c/a\u003e are still not committed in vanilla FreeBSD ports, so they had to borrow some from Bugzilla\u003c/li\u003e\n\u003cli\u003eLook forward to Kris wearing a \u0026quot;\u003ca href=\"https://www.openbsdstore.com/cgi-bin/live/ecommerce.pl?site=shop_openbsdeurope_com\u0026state=item\u0026dept_id=01\u0026sub_dept_id=01\u0026product_id=TSHIRTOSSL\" rel=\"nofollow\"\u003ekeep calm and abandon OpenSSL\u003c/a\u003e\u0026quot; shirt in the near future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s28nyJ5omV\" rel=\"nofollow\"\u003eBenjamin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2wYUmUmh0\" rel=\"nofollow\"\u003eMike writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2BAKAQvMt\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2015-February/068405.html\" rel=\"nofollow\"\u003eDebian\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054580.html\" rel=\"nofollow\"\u003eDejavu\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-February/207475.html\" rel=\"nofollow\"\u003ePackage gone missing\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we'll be chatting with Alex Reece and Matt Ahrens about what's new in the world of OpenZFS. After that, we're starting a new tutorial series on submitting your first patch. All the latest BSD news and answers to your emails, coming up on BSD Now - the place to B.. SD.","date_published":"2015-02-18T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/7f831a01-7c9e-48e5-8400-717e0198fc07.mp3","mime_type":"audio/mpeg","size_in_bytes":62093524,"duration_in_seconds":5174}]},{"id":"b872a625-f3d6-477b-b162-fd4248aef998","title":"76: Time for a Change","url":"https://www.bsdnow.tv/76","content_text":"This week, we'll be talking to Henning Brauer about OpenNTPD and its recently revived portable version. After that, we'll be discussing different ways to securely tunnel your traffic: specifically OpenVPN, IPSEC, SSH and Tor. All that and the latest news, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nStrange timer bug in FreeBSD 11\n\n\nPeter Wemm wrote in to the FreeBSD -CURRENT mailing list with an interesting observation\nRunning the latest development code in the infrastructure, the clock would stop keeping time after 24 days of uptime\nThis meant things like cron and sleep would break, TCP/IP wouldn't time out or resend packets, a lot of things would break\nA workaround until it was fixed was to reboot every 24 days, but this is BSD we're talking about - uptime is our game\nAn initial proposal was adding a CFLAG to the build options which makes makes signed arithmetic wrap\nPeter disagreed and gave some background, offering a different patch to fix the issue and detect it early if it happens again\nUltimately, the problem was traced back to an issue with a recent clang import\nIt only affected -CURRENT, not -RELEASE or -STABLE, but was definitely a bizarre bug to track down\n***\n\n\nAn OpenBSD mail server\n\n\nThere's been a recent influx of blog posts about building a BSD mail server for some reason\nIn this fancy series of posts, the author sets up OpenSMTPD in its native OpenBSD home, whereas previous posts have been aimed at FreeBSD and Linux\nIn addition to the usual steps, this one also covers DKIMproxy, ClamAV for scanning attachments, Dovecot for IMAP and also multiple choices of spam filtering: spamd or SpamAssassin\nIt also shows you how to set up Roundcube for building a web interface, using the new in-base httpd\nThat means this is more of a \"complete solution\" - right down to what the end users see\nThe series is split up into categories so it's very easy to follow along step-by-step\n***\n\n\nHow DragonFlyBSD uses git\n\n\nDragonFlyBSD, along with PCBSD and EdgeBSD, uses git as its version control system for the system source code\nIn a series of posts, Matthew Dillon (the project lead) details their internal setup\nThey're using vanilla git over ssh, with the developers' accounts set to git-only (no shell access)\nThe maintainers of the server are the only ones with shell access available\nHe also details how a cron job syncs from the master to a public box that anyone can check out code from\nIt would be interesting to hear about how other BSD projects manage their master source repository\n***\n\n\nWhy not try PCBSD?\n\n\nITwire, another more mainstream tech site, published a recent article about switching to PCBSD\nThey interview a guy named Kris that we've never heard of before\nIn the article, they touch on how easy it can potentially be for Linux users looking to switch over to the BSD side - lots of applications are exactly the same\n\"With the growing adoption of systemd, dissatisfaction with Linux has reached proportions not seen in recent years, to the extent that people have started talking of switching to FreeBSD.\"\nIf you have some friends who complain to you about systemd all the time, this might be a good article to show them\n***\n\n\nInterview - Henning Brauer - henning@openbsd.org / @henningbrauer\n\nOpenNTPD and its portable variant\n\n\n\nNews Roundup\n\nAuthenticated time in OpenNTPD\n\n\nWe recorded that interview with Henning just a few days ago, and it looks like part of it may be outdated already\nWhile at the hackathon, some developers came up with an alternate way to get authenticated NTP responses\nYou can now add an HTTPS URL to your ntpd.conf in addition to the time server pool\nOpenNTPD will query it (over TLS, with CA verification) and look at the date sent in the HTTPS header\nIt's not intended to be a direct time source, just a constraint to keep things within reason\nIf you receive regular NTP packets that are way off from the TLS packet, those will be discarded and the server(s) marked as invalid\nHenning and Theo also weigh in to give some of the backstory on the idea\nLots more detail can be found in Reyk's email explaining the new feature (and it's optional of course)\n***\n\n\nNetBSD at Open Source Conference 2015 Oita and Hamanako\n\n\nIt's been a while since we've featured one of these trip reports, but the Japanese NetBSD users group is still doing them\nThis time the conferences were in Oita and Hamanako, Japan\nMachines running NetBSD included the CubieBoard2 Allwinner A20, Raspberry Pi and Banana Pi, Sharp NetWalker and a couple Zaurus devices\nAs always, they took lots of pictures from the event of NetBSD on all these weird machines\n***\n\n\nPoudriere in a jail\n\n\nA common question we get about our poudriere tutorial is \"how do I run it in a jail?\" - this blog post is about exactly that\nIt takes you through the networking setup, zpool setup, nginx setup, making the jail and finally poking the right holes in the jail to allow poudriere to work its magic\n***\n\n\nBruteblock, another way to stop bruteforce\n\n\nWe've mentioned a few different ways to stop ssh bruteforce attempts in the past: fail2ban, denyhosts, or even just with pf's built-in rate limiting\nBruteblock is a similar tool, but it's not just for ssh logins - it can do a number of other services\nIt can also work directly with IPFW, which is a plus if you're using that as your firewall\nAdd a few lines to your syslog.conf and bruteblock will get executed automatically\nThe rest of the article takes you through the different settings you can configure for blocking\n***\n\n\nNew iwm(4) driver and cross-polination\n\n\nThe OpenBSD guys recently imported a new \"iwm\" driver for newer Intel 7260 wireless cards (commonly found in Thinkpads)\nNetBSD wasted no time in porting it over, giving a bit of interesting backstory\nAccording to Antti Kantee, \"it was created for OpenBSD by writing and porting a NetBSD driver which was developed in a rump kernel in Linux userspace\"\nBoth projects would appreciate further testing if you have the hardware and can provide useful bug reports\nMaybe FreeBSD and DragonFly will port it over too, or come up with something that's partially based on the code\n***\n\n\nPCBSD current images\n\n\nThe first PCBSD -CURRENT images should be available this weekend\nThis image will be tagged 11.0-CURRENTFEB2015, with planned monthly updates\nFor the more adventurous this will allow testing both FreeBSD and PCBSD bleeding edge\n***\n\n\nFeedback/Questions\n\n\nAntonio writes in\nRichard writes in\nCharlie writes in\nBen writes in\n***\n\n\nMailing List Gold\n\n\nA systematic effort\nGCC's lunch\nHopes and dreams\n***\n\n\nDiscussion\n\nComparison of ways to securely tunnel your traffic\n\n\nOpenVPN, OpenBSD IKED, FreeBSD IPSEC, OpenSSH, Tor\n***\n","content_html":"\u003cp\u003eThis week, we\u0026#39;ll be talking to Henning Brauer about OpenNTPD and its recently revived portable version. After that, we\u0026#39;ll be discussing different ways to securely tunnel your traffic: specifically OpenVPN, IPSEC, SSH and Tor. All that and the latest news, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054295.html\" rel=\"nofollow\"\u003eStrange timer bug in FreeBSD 11\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_24-beastly_infrastructure\" rel=\"nofollow\"\u003ePeter Wemm\u003c/a\u003e wrote in to the FreeBSD -CURRENT mailing list with an interesting observation\u003c/li\u003e\n\u003cli\u003eRunning the latest development code in the infrastructure, the clock would stop keeping time after 24 days of uptime\u003c/li\u003e\n\u003cli\u003eThis meant things like cron and sleep would break, TCP/IP wouldn\u0026#39;t time out or resend packets, a lot of things would break\u003c/li\u003e\n\u003cli\u003eA workaround until it was fixed was to reboot every 24 days, but this is BSD we\u0026#39;re talking about - uptime is our game\u003c/li\u003e\n\u003cli\u003eAn initial proposal was adding a CFLAG to the build options which makes makes signed arithmetic wrap\u003c/li\u003e\n\u003cli\u003ePeter disagreed and \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054320.html\" rel=\"nofollow\"\u003egave some background\u003c/a\u003e, offering a different patch to \u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2015-February/067827.html\" rel=\"nofollow\"\u003efix\u003c/a\u003e the issue and \u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2015-February/067828.html\" rel=\"nofollow\"\u003edetect it early\u003c/a\u003e if it happens again\u003c/li\u003e\n\u003cli\u003eUltimately, the problem was traced back to an issue with a recent clang import\u003c/li\u003e\n\u003cli\u003eIt only affected -CURRENT, not -RELEASE or -STABLE, but was definitely a bizarre bug to track down\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://technoquarter.blogspot.com/p/series.html\" rel=\"nofollow\"\u003eAn OpenBSD mail server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere\u0026#39;s been a recent influx of blog posts about building a BSD mail server for some reason\u003c/li\u003e\n\u003cli\u003eIn this fancy series of posts, the author sets up OpenSMTPD in its native OpenBSD home, whereas previous posts have been aimed at FreeBSD and Linux\u003c/li\u003e\n\u003cli\u003eIn addition to the usual steps, this one also covers DKIMproxy, ClamAV for scanning attachments, Dovecot for IMAP and also multiple choices of spam filtering: spamd or SpamAssassin\u003c/li\u003e\n\u003cli\u003eIt also shows you how to set up Roundcube for building a web interface, using the new in-base httpd\u003c/li\u003e\n\u003cli\u003eThat means this is more of a \u0026quot;complete solution\u0026quot; - right down to what the end users see\u003c/li\u003e\n\u003cli\u003eThe series is split up into categories so it\u0026#39;s very easy to follow along step-by-step\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-January/207421.html\" rel=\"nofollow\"\u003eHow DragonFlyBSD uses git\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFlyBSD, along with PCBSD and EdgeBSD, uses git as its version control system for the system source code\u003c/li\u003e\n\u003cli\u003eIn a \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-January/207422.html\" rel=\"nofollow\"\u003eseries\u003c/a\u003e of \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2015-January/207424.html\" rel=\"nofollow\"\u003eposts\u003c/a\u003e, Matthew Dillon (the project lead) details their internal setup\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re using vanilla git over ssh, with the developers\u0026#39; accounts set to git-only (no shell access)\u003c/li\u003e\n\u003cli\u003eThe maintainers of the server are the only ones with shell access available\u003c/li\u003e\n\u003cli\u003eHe also details how a cron job syncs from the master to a public box that anyone can check out code from\u003c/li\u003e\n\u003cli\u003eIt would be interesting to hear about how other BSD projects manage their master source repository\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.itwire.com/business-it-news/open-source/66900-fed-up-with-systemd-and-linux?-why-not-try-pc-bsd\" rel=\"nofollow\"\u003eWhy not try PCBSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eITwire, another more mainstream tech site, published a recent article about switching to PCBSD\u003c/li\u003e\n\u003cli\u003eThey interview a guy named Kris that we\u0026#39;ve never heard of before\u003c/li\u003e\n\u003cli\u003eIn the article, they touch on how easy it can potentially be for Linux users looking to switch over to the BSD side - lots of applications are exactly the same\u003c/li\u003e\n\u003cli\u003e\u0026quot;With the growing adoption of systemd, dissatisfaction with Linux has reached proportions not seen in recent years, to the extent that people have started talking of switching to FreeBSD.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIf you have some friends who complain to you about systemd all the time, this might be a good article to show them\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Henning Brauer - \u003ca href=\"mailto:henning@openbsd.org\" rel=\"nofollow\"\u003ehenning@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/henningbrauer\" rel=\"nofollow\"\u003e@henningbrauer\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://openntpd.org/\" rel=\"nofollow\"\u003eOpenNTPD\u003c/a\u003e and its portable variant\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142356166731390\u0026w=2\" rel=\"nofollow\"\u003eAuthenticated time in OpenNTPD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe recorded that interview with Henning just a few days ago, and it looks like part of it may be outdated \u003cem\u003ealready\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eWhile at the hackathon, some developers came up with an \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142355043928397\u0026w=2\" rel=\"nofollow\"\u003ealternate way\u003c/a\u003e to get authenticated NTP responses\u003c/li\u003e\n\u003cli\u003eYou can now add an HTTPS URL to your ntpd.conf in addition to the time server pool\u003c/li\u003e\n\u003cli\u003eOpenNTPD will query it (over TLS, with CA verification) and look at the date sent in the HTTPS header\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s not intended to be a direct time source, just a constraint to keep things within reason\u003c/li\u003e\n\u003cli\u003eIf you receive regular NTP packets that are way off from the TLS packet, those will be discarded and the server(s) marked as invalid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142363215730069\u0026w=2\" rel=\"nofollow\"\u003eHenning\u003c/a\u003e and \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142363400330522\u0026w=2\" rel=\"nofollow\"\u003eTheo\u003c/a\u003e also weigh in to give some of the backstory on the idea\u003c/li\u003e\n\u003cli\u003eLots more detail can be found in Reyk\u0026#39;s email explaining the new feature (and it\u0026#39;s optional of course)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/02/08/msg000678.html\" rel=\"nofollow\"\u003eNetBSD at Open Source Conference 2015 Oita and Hamanako\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt\u0026#39;s been a while since we\u0026#39;ve featured one of these trip reports, but the Japanese NetBSD users group is still doing them\u003c/li\u003e\n\u003cli\u003eThis time the conferences were in Oita \u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2015/02/11/msg000679.html\" rel=\"nofollow\"\u003eand Hamanako\u003c/a\u003e, Japan\u003c/li\u003e\n\u003cli\u003eMachines running NetBSD included the CubieBoard2 Allwinner A20, Raspberry Pi and Banana Pi, Sharp NetWalker and a couple Zaurus devices\u003c/li\u003e\n\u003cli\u003eAs always, they took lots of pictures from the event of NetBSD on all these weird machines\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tobeannounced.org/2015/02/poudriere-in-a-jail/\" rel=\"nofollow\"\u003ePoudriere in a jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA common question we get about our \u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003epoudriere tutorial\u003c/a\u003e is \u0026quot;how do I run it in a jail?\u0026quot; - this blog post is about exactly that\u003c/li\u003e\n\u003cli\u003eIt takes you through the networking setup, zpool setup, nginx setup, making the jail and finally poking the right holes in the jail to allow poudriere to work its magic\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://easyos.net/articles/bsd/freebsd/bruteblock_protection_against_bruteforce_attacks_in_ssh\" rel=\"nofollow\"\u003eBruteblock, another way to stop bruteforce\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve mentioned a few different ways to stop ssh bruteforce attempts in the past: fail2ban, denyhosts, or even just with pf\u0026#39;s built-in rate limiting\u003c/li\u003e\n\u003cli\u003eBruteblock is a similar tool, but it\u0026#39;s not just for ssh logins - it can do a number of other services\u003c/li\u003e\n\u003cli\u003eIt can also work directly with IPFW, which is a plus if you\u0026#39;re using that as your firewall\u003c/li\u003e\n\u003cli\u003eAdd a few lines to your syslog.conf and bruteblock will get executed automatically\u003c/li\u003e\n\u003cli\u003eThe rest of the article takes you through the different settings you can configure for blocking\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142325218626853\u0026w=2\" rel=\"nofollow\"\u003eNew iwm(4) driver and cross-polination\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenBSD guys recently imported a new \u0026quot;iwm\u0026quot; driver for newer Intel 7260 wireless cards (commonly found in Thinkpads)\u003c/li\u003e\n\u003cli\u003eNetBSD wasted no time in \u003ca href=\"https://mail-index.netbsd.org/source-changes/2015/02/07/msg062979.html\" rel=\"nofollow\"\u003eporting it over\u003c/a\u003e, giving a bit of interesting backstory\u003c/li\u003e\n\u003cli\u003eAccording to \u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction\" rel=\"nofollow\"\u003eAntti Kantee\u003c/a\u003e, \u0026quot;it was created for OpenBSD by writing and porting a NetBSD driver which was developed in a rump kernel in Linux userspace\u0026quot;\u003c/li\u003e\n\u003cli\u003eBoth projects would appreciate further testing if you have the hardware and can provide useful bug reports\u003c/li\u003e\n\u003cli\u003eMaybe FreeBSD and DragonFly will port it over too, or come up with something that\u0026#39;s partially based on the code\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/02/pc-bsd-11-0-current-images-now-available/\" rel=\"nofollow\"\u003ePCBSD current images\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe first PCBSD -CURRENT images should be available this weekend\u003c/li\u003e\n\u003cli\u003eThis image will be tagged 11.0-CURRENTFEB2015, with planned monthly updates\u003c/li\u003e\n\u003cli\u003eFor the more adventurous this will allow testing both FreeBSD and PCBSD bleeding edge\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2E4NbJwzs\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2FkxcSYKy\" rel=\"nofollow\"\u003eRichard writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s217EgA1JC\" rel=\"nofollow\"\u003eCharlie writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21vlCbGDt\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.gnu.org/archive/html/emacs-devel/2015-02/msg00360.html\" rel=\"nofollow\"\u003eA systematic effort\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.gnu.org/archive/html/emacs-devel/2015-02/msg00457.html\" rel=\"nofollow\"\u003eGCC\u0026#39;s lunch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=142331891908776\u0026w=2\" rel=\"nofollow\"\u003eHopes and dreams\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eDiscussion\u003c/h2\u003e\n\n\u003ch3\u003eComparison of ways to securely tunnel your traffic\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://openvpn.net/index.php/open-source.html\" rel=\"nofollow\"\u003eOpenVPN\u003c/a\u003e, \u003ca href=\"http://www.openiked.org/\" rel=\"nofollow\"\u003eOpenBSD IKED\u003c/a\u003e, \u003ca href=\"https://www.freebsd.org/doc/handbook/ipsec.html\" rel=\"nofollow\"\u003eFreeBSD IPSEC\u003c/a\u003e, \u003ca href=\"http://www.openssh.com/\" rel=\"nofollow\"\u003eOpenSSH\u003c/a\u003e, \u003ca href=\"https://www.torproject.org/\" rel=\"nofollow\"\u003eTor\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, we'll be talking to Henning Brauer about OpenNTPD and its recently revived portable version. After that, we'll be discussing different ways to securely tunnel your traffic: specifically OpenVPN, IPSEC, SSH and Tor. All that and the latest news, coming up on BSD Now - the place to B.. SD.","date_published":"2015-02-11T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b872a625-f3d6-477b-b162-fd4248aef998.mp3","mime_type":"audio/mpeg","size_in_bytes":64285204,"duration_in_seconds":5357}]},{"id":"34bf4647-35b0-4919-9b96-c12799506f14","title":"75: From the Foundation (Part 1)","url":"https://www.bsdnow.tv/75","content_text":"This week on the show, we'll be starting a two-part series detailing the activities of various BSD foundations. Ed Maste from the FreeBSD foundation will be joining us this time, and we'll talk about what all they've been up to lately. All this week's news and answers to viewer-submitted questions, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nKey rotation in OpenSSH 6.8\n\n\nDamien Miller posted a new blog entry about one of the features in the upcoming OpenSSH 6.8\nTimes changes, key types change, problems are found with old algorithms and we switch to new ones\nIn OpenSSH (and the SSH protocol) however, there hasn't been an easy way to rotate host keys... until now\nWith this change, when you connect to a server, it will log all the server's public keys in your known_hosts file, instead of just the first one used during the key exchange\nKeys that are in your known_hosts file but not on the server will get automatically removed\nThis fixes the problem of old servers still authenticating with ancient DSA or small RSA keys, as well as providing a way for the server to rotate keys every so often\nThere are some instructions in the blog post for how you'll be able to rotate host keys and eventually phase out the older ones - it's really simple\nThere are a lot of big changes coming in OpenSSH 6.8, so we'll be sure to cover them all when it's released\n***\n\n\nNetBSD Banana Pi images\n\n\nWe've talked about the Banana Pi a bit before - it's a small ARM board that's comparable to the popular Raspberry Pi\nSome NetBSD -current images were posted on the mailing list, so now you can get some BSD action on one of these little devices\nThere are even a set of prebuilt pkgsrc packages, so you won't have to compile everything initially\nThe email includes some steps to get everything working and an overview of what comes with the image\nAlso check the wiki page for some related boards and further instructions on getting set up\nOn a related note, NetBSD also recently got GPU acceleration working for the Raspberry Pi (which is a first for their ARM port)\n***\n\n\nLibreSSL shirts and other BSD goodies\n\n\nIf you've been keeping up with the LibreSSL saga and want a shirt to show your support, they're finally available to buy online\nThere are two versions, either \"keep calm and use LibreSSL\" or the slightly more snarky \"keep calm and abandon OpenSSL\"\nWhile on the topic, we thought it would be good to make people aware of shirts for other BSD projects too\nYou can get some FreeBSD, PCBSD and FreeNAS stuff from the FreeBSD mall site\nOpenBSD recently launched their new store, but the selection is still a bit limited right now\nNetBSD has a couple places where you can buy shirts and other apparel with the flag logo on it\nWe couldn't find any DragonFlyBSD shirts unfortunately, which is a shame since their logo is pretty cool\nProfits from the sale of the gear go back to the projects, so pick up some swag and support your BSD of choice (and of course wear them at any Linux events you happen to go to)\n***\n\n\nOPNsense 15.1.4 released\n\n\nThe OPNsense guys have been hard at work since we spoke to them, fixing lots of bugs and keeping everything up to date\nA number of versions have come out since then, with 15.1.4 being the latest (assuming they haven't updated it again by the time this airs)\nThis version includes the latest round of FreeBSD kernel security patches, as well as minor SSL and GUI fixes\nThey're doing a great job of getting upstream fixes pushed out to users quickly, a very welcome change\nA developer has also posted an interesting write-up titled \"Development Workflow in OPNsense\"\nIf any of our listeners are trying OPNsense as their gateway firewall, let us know how you like it\n***\n\n\nInterview - Ed Maste - board@freebsdfoundation.org\n\nThe FreeBSD foundation's activities\n\n\n\nNews Roundup\n\nRolling with OpenBSD snapshots\n\n\nOne of the cool things about the -current branch of OpenBSD is that it doesn't require any compiling\nThere are signed binary snapshots being continuously re-rolled and posted on the FTP sites for every architecture\nThis provides an easy method to get onboard with the latest features, and you can also easily upgrade between them without reformatting or rebuilding\nThis blog post will walk you through the process of using snapshots to stay on the bleeding edge of OpenBSD goodness\nAfter using -current for seven weeks, the author comes to the conclusion that it's not as unstable as people might think\nHe's now helping test out patches and new ports since he's running the same code as the developers\n***\n\n\nSigning pkgsrc packages\n\n\nAs of the time this show airs, the official pkgsrc packages aren't cryptographically signed\nSomeone from Joyent has been working on that, since they'd like to sign their pkgsrc packages for SmartOS\nUsing GNUPG pulled in a lot of dependencies, and they're trying to keep the bootstrapping process minimal\nInstead, they're using netpgpverify, a fork of NetBSD's netpgp utility\nMaybe someday this will become the official way to sign packages in NetBSD?\n***\n\n\nFreeBSD support model changes\n\n\nStarting with 11.0-RELEASE, which won't be for a few months probably, FreeBSD releases are going to have a different support model\nThe plan is to move \"from a point release-based support model to a set of releases from a branch with a guaranteed support lifetime\"\nThere will now be a five-year lifespan for each major release, regardless of how many minor point releases it gets\nThis new model should reduce the turnaround time for errata and security patches, since there will be a lot less work involved to build and verify them\nLots more detail can be found in the mailing list post, including some important changes to the -STABLE branch, so give it a read\n***\n\n\nOpenSMTPD, Dovecot and SpamAssassin\n\n\nWe've been talking about setting up your own BSD-based mail server on the last couple episodes\nHere we have another post from a user setting up OpenSMTPD, including Dovecot for IMAP and SpamAssassin for spam filtering\nA lot of people regularly ask the developers how to combine OpenSMTPD with spam filtering, and this post should finally reveal the dark secrets\nIn addition, it also covers SSL certificates, PKI and setting up MX records - some things that previous posts have lacked\nJust be sure to replace those \"apt-get\" commands and \"eth0\" interface names with something a bit more sane…\nIn related news, OpenSMTPD has got some interesting new features coming soon\nThey're also planning to switch to LibreSSL by default for the portable version\n***\n\n\nFreeBSD 10 on the Thinkpad T400\n\n\nBSD laptop articles are becoming popular it seems - this one is about FreeBSD on a T400\nLike most of the ones we've mentioned before, it shows you how to get a BSD desktop set up with all the little tweaks you might not think to do\nThis one differs in that it takes a more minimal approach to graphics: instead of a full-featured environment like XFCE or KDE, it uses the i3 tiling window manager\nIf you're a commandline junkie that basically just uses X11 to run more than one terminal at once, this might be an ideal setup for you\nThe post also includes some bits about the DRM and KMS in the 10.x branch, as well as vt\n***\n\n\nPC-BSD 10.1.1 Released\n\n\nAutomatic background updater now in\nShiny new Qt5 utils\nOVA files for VM’s\nFull disk encryption with GELI v7\n***\n\n\nFeedback/Questions\n\n\nCamio writes in\nSha'ul writes in\nJohn writes in\nSean writes in (TJ's lengthy reply)\nChristopher writes in\n***\n\n\nMailing List Gold\n\n\nSpecial Instructions\nPretending to be a VT220\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ll be starting a two-part series detailing the activities of various BSD foundations. Ed Maste from the FreeBSD foundation will be joining us this time, and we\u0026#39;ll talk about what all they\u0026#39;ve been up to lately. All this week\u0026#39;s news and answers to viewer-submitted questions, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.djm.net.au/2015/02/key-rotation-in-openssh-68.html\" rel=\"nofollow\"\u003eKey rotation in OpenSSH 6.8\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003eDamien Miller\u003c/a\u003e posted a new blog entry about one of the features in the upcoming OpenSSH 6.8\u003c/li\u003e\n\u003cli\u003eTimes changes, key types change, problems are found with old algorithms and we switch to new ones\u003c/li\u003e\n\u003cli\u003eIn OpenSSH (and the SSH protocol) however, there hasn\u0026#39;t been an easy way to rotate host keys... until now\u003c/li\u003e\n\u003cli\u003eWith this change, when you connect to a server, it will log \u003cem\u003eall\u003c/em\u003e the server\u0026#39;s public keys in your known_hosts file, instead of just the first one used during the key exchange\u003c/li\u003e\n\u003cli\u003eKeys that are in your known_hosts file but not on the server will get automatically removed\u003c/li\u003e\n\u003cli\u003eThis fixes the problem of old servers still authenticating with ancient DSA or small RSA keys, as well as providing a way for the server to rotate keys every so often\u003c/li\u003e\n\u003cli\u003eThere are some instructions in the blog post for how you\u0026#39;ll be able to rotate host keys and eventually phase out the older ones - it\u0026#39;s really simple\u003c/li\u003e\n\u003cli\u003eThere are a lot of big changes coming in OpenSSH 6.8, so we\u0026#39;ll be sure to cover them all when it\u0026#39;s released\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/port-arm/2015/01/30/msg002809.html\" rel=\"nofollow\"\u003eNetBSD Banana Pi images\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked about the \u003ca href=\"http://www.bananapi.org/p/product.html\" rel=\"nofollow\"\u003eBanana Pi\u003c/a\u003e a bit before - it\u0026#39;s a small ARM board that\u0026#39;s comparable to the popular Raspberry Pi\u003c/li\u003e\n\u003cli\u003eSome NetBSD -current images were posted on the mailing list, so now you can get some BSD action on one of these little devices\u003c/li\u003e\n\u003cli\u003eThere are even a set of prebuilt pkgsrc packages, so you won\u0026#39;t have to compile everything initially\u003c/li\u003e\n\u003cli\u003eThe email includes some steps to get everything working and an overview of what comes with the image\u003c/li\u003e\n\u003cli\u003eAlso check \u003ca href=\"https://wiki.netbsd.org/ports/evbarm/allwinner/\" rel=\"nofollow\"\u003ethe wiki page\u003c/a\u003e for some related boards and further instructions on getting set up\u003c/li\u003e\n\u003cli\u003eOn a related note, NetBSD also recently \u003ca href=\"https://blog.netbsd.org/tnf/entry/raspberry_pi_gpu_acceleration_in\" rel=\"nofollow\"\u003egot GPU acceleration working\u003c/a\u003e for the Raspberry Pi (which is a first for their ARM port)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=142255048510669\u0026w=2\" rel=\"nofollow\"\u003eLibreSSL shirts and other BSD goodies\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve been keeping up with the LibreSSL saga and want a shirt to show your support, they\u0026#39;re finally available to buy online\u003c/li\u003e\n\u003cli\u003eThere are two versions, either \u0026quot;\u003ca href=\"https://shop.openbsdeurope.com/images/shop_openbsdeurope_com/products/large/TSHIRTLSSL.jpg\" rel=\"nofollow\"\u003ekeep calm and use LibreSSL\u003c/a\u003e\u0026quot; or the slightly more snarky \u0026quot;\u003ca href=\"https://shop.openbsdeurope.com/images/shop_openbsdeurope_com/products/large/TSHIRTOSSL.jpg\" rel=\"nofollow\"\u003ekeep calm and abandon OpenSSL\u003c/a\u003e\u0026quot;\u003c/li\u003e\n\u003cli\u003eWhile on the topic, we thought it would be good to make people aware of shirts for other BSD projects too\u003c/li\u003e\n\u003cli\u003eYou can get some FreeBSD, \u003ca href=\"https://www.freebsdmall.com/cgi-bin/fm/scan/fi=prod_bsd/se=pc-bsd\" rel=\"nofollow\"\u003ePCBSD\u003c/a\u003e and FreeNAS \u003ca href=\"https://www.freebsdmall.com/cgi-bin/fm/scan/fi=prod_bsd/se=shirts\" rel=\"nofollow\"\u003estuff\u003c/a\u003e from the \u003ca href=\"https://www.freebsdmall.com/cgi-bin/fm/scan/fi=prod_bsd/se=tshirt\" rel=\"nofollow\"\u003eFreeBSD mall site\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOpenBSD recently launched their \u003ca href=\"https://www.openbsdstore.com\" rel=\"nofollow\"\u003enew store\u003c/a\u003e, but the selection is still a bit limited right now\u003c/li\u003e\n\u003cli\u003eNetBSD has a \u003ca href=\"https://www.netbsd.org/gallery/devotionalia.html#cafepress\" rel=\"nofollow\"\u003ecouple places\u003c/a\u003e where you can buy shirts and other apparel with the flag logo on it\u003c/li\u003e\n\u003cli\u003eWe couldn\u0026#39;t find any DragonFlyBSD shirts unfortunately, which is a shame since \u003ca href=\"http://www.dragonflybsd.org/images/small_logo.png\" rel=\"nofollow\"\u003etheir logo\u003c/a\u003e is pretty cool\u003c/li\u003e\n\u003cli\u003eProfits from the sale of the gear go back to the projects, so pick up some swag and support your BSD of choice (and of course wear them at any Linux events you happen to go to)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forum.opnsense.org/index.php?topic=35.0\" rel=\"nofollow\"\u003eOPNsense 15.1.4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OPNsense guys have been hard at work since \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach\" rel=\"nofollow\"\u003ewe spoke to them\u003c/a\u003e, fixing lots of bugs and keeping everything up to date\u003c/li\u003e\n\u003cli\u003eA number of versions have come out since then, with 15.1.4 being the latest (assuming they haven\u0026#39;t updated it \u003cstrong\u003eagain\u003c/strong\u003e by the time this airs)\u003c/li\u003e\n\u003cli\u003eThis version includes the latest round of FreeBSD kernel security patches, as well as minor SSL and GUI fixes\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re doing a great job of getting upstream fixes pushed out to users quickly, a very welcome change\u003c/li\u003e\n\u003cli\u003eA developer has also posted an interesting write-up titled \u0026quot;\u003ca href=\"http://lastsummer.de/development-workflow-in-opnsense/\" rel=\"nofollow\"\u003eDevelopment Workflow in OPNsense\u003c/a\u003e\u0026quot;\u003c/li\u003e\n\u003cli\u003eIf any of our listeners are trying OPNsense as their gateway firewall, let us know how you like it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ed Maste - \u003ca href=\"mailto:board@freebsdfoundation.org\" rel=\"nofollow\"\u003eboard@freebsdfoundation.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.freebsdfoundation.org/donate\" rel=\"nofollow\"\u003eThe FreeBSD foundation\u003c/a\u003e\u0026#39;s activities\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://homing-on-code.blogspot.com/2015/02/rolling-with-snapshots.html\" rel=\"nofollow\"\u003eRolling with OpenBSD snapshots\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the cool things about the -current branch of OpenBSD is that it doesn\u0026#39;t require any compiling\u003c/li\u003e\n\u003cli\u003eThere are signed binary snapshots being continuously re-rolled and posted on the FTP sites for every architecture\u003c/li\u003e\n\u003cli\u003eThis provides an easy method to get onboard with the latest features, and you can also easily upgrade between them without reformatting or rebuilding\u003c/li\u003e\n\u003cli\u003eThis blog post will walk you through the process of using snapshots to stay on the bleeding edge of OpenBSD goodness\u003c/li\u003e\n\u003cli\u003eAfter using -current for seven weeks, the author comes to the conclusion that it\u0026#39;s not as unstable as people might think\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s now helping test out patches and new ports since he\u0026#39;s running the same code as the developers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/tech-pkg/2015/02/02/msg014224.html\" rel=\"nofollow\"\u003eSigning pkgsrc packages\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs of the time this show airs, the official \u003ca href=\"http://www.bsdnow.tv/tutorials/pkgsrc\" rel=\"nofollow\"\u003epkgsrc\u003c/a\u003e packages aren\u0026#39;t cryptographically signed\u003c/li\u003e\n\u003cli\u003eSomeone from Joyent has been working on that, since they\u0026#39;d like to sign their pkgsrc packages for SmartOS\u003c/li\u003e\n\u003cli\u003eUsing GNUPG pulled in a lot of dependencies, and they\u0026#39;re trying to keep the bootstrapping process minimal\u003c/li\u003e\n\u003cli\u003eInstead, they\u0026#39;re using netpgpverify, a fork of NetBSD\u0026#39;s \u003ca href=\"https://en.wikipedia.org/wiki/Netpgp\" rel=\"nofollow\"\u003enetpgp\u003c/a\u003e utility\u003c/li\u003e\n\u003cli\u003eMaybe someday this will become the official way to sign packages in NetBSD?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html\" rel=\"nofollow\"\u003eFreeBSD support model changes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eStarting with 11.0-RELEASE, which won\u0026#39;t be for a few months probably, FreeBSD releases are going to have a different support model\u003c/li\u003e\n\u003cli\u003eThe plan is to move \u0026quot;from a point release-based support model to a set of releases from a branch with a guaranteed support lifetime\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere will now be a five-year lifespan for each major release, regardless of how many minor point releases it gets\u003c/li\u003e\n\u003cli\u003eThis new model should reduce the turnaround time for errata and security patches, since there will be a lot less work involved to build and verify them\u003c/li\u003e\n\u003cli\u003eLots more detail can be found in the mailing list post, including some important changes to the -STABLE branch, so give it a read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://guillaumevincent.com/2015/01/31/OpenSMTPD-Dovecot-SpamAssassin.html\" rel=\"nofollow\"\u003eOpenSMTPD, Dovecot and SpamAssassin\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve been talking about setting up your own BSD-based mail server on the last couple episodes\u003c/li\u003e\n\u003cli\u003eHere we have another post from a user setting up OpenSMTPD, including Dovecot for IMAP and SpamAssassin for spam filtering\u003c/li\u003e\n\u003cli\u003eA \u003cstrong\u003elot\u003c/strong\u003e of people \u003ca href=\"http://permalink.gmane.org/gmane.mail.opensmtpd.general/2265\" rel=\"nofollow\"\u003eregularly ask the developers\u003c/a\u003e how to combine OpenSMTPD with spam filtering, and this post should finally reveal the dark secrets\u003c/li\u003e\n\u003cli\u003eIn addition, it also covers SSL certificates, PKI and setting up MX records - some things that previous posts have lacked\u003c/li\u003e\n\u003cli\u003eJust be sure to replace those \u0026quot;apt-get\u0026quot; commands and \u0026quot;eth0\u0026quot; interface names with something a bit more sane…\u003c/li\u003e\n\u003cli\u003eIn related news, OpenSMTPD has got some interesting new features \u003ca href=\"http://article.gmane.org/gmane.mail.opensmtpd.general/2272\" rel=\"nofollow\"\u003ecoming soon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re also planning to \u003ca href=\"https://github.com/OpenSMTPD/OpenSMTPD/issues/534\" rel=\"nofollow\"\u003eswitch to LibreSSL by default\u003c/a\u003e for the portable version\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lastsummer.de/freebsd-desktop-on-the-t400/\" rel=\"nofollow\"\u003eFreeBSD 10 on the Thinkpad T400\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD laptop articles are becoming popular it seems - this one is about FreeBSD on a T400\u003c/li\u003e\n\u003cli\u003eLike most of the ones we\u0026#39;ve mentioned before, it shows you how to get a BSD desktop set up with all the little tweaks you might not think to do\u003c/li\u003e\n\u003cli\u003eThis one differs in that it takes a more minimal approach to graphics: instead of a full-featured environment like XFCE or KDE, it uses the i3 tiling window manager\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re a commandline junkie that basically just uses X11 to run more than one terminal at once, this might be an ideal setup for you\u003c/li\u003e\n\u003cli\u003eThe post also includes some bits about the DRM and KMS in the 10.x branch, as well as vt\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/02/1810/\" rel=\"nofollow\"\u003ePC-BSD 10.1.1 Released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAutomatic background updater now in\u003c/li\u003e\n\u003cli\u003eShiny new Qt5 utils\u003c/li\u003e\n\u003cli\u003eOVA files for VM’s\u003c/li\u003e\n\u003cli\u003eFull disk encryption with GELI v7\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2MsjllAyU\" rel=\"nofollow\"\u003eCamio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20eYELsAg\" rel=\"nofollow\"\u003eSha\u0026#39;ul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Y2GN1az\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20ARVQ1T6\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e (\u003ca href=\"http://slexy.org/view/s212XezEYt\" rel=\"nofollow\"\u003eTJ\u0026#39;s lengthy reply\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2DRgEv4j8\" rel=\"nofollow\"\u003eChristopher writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-questions/2015-February/264010.html\" rel=\"nofollow\"\u003eSpecial Instructions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-users/2015/01/19/msg015669.html\" rel=\"nofollow\"\u003ePretending to be a VT220\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we'll be starting a two-part series detailing the activities of various BSD foundations. Ed Maste from the FreeBSD foundation will be joining us this time, and we'll talk about what all they've been up to lately. All this week's news and answers to viewer-submitted questions, coming up on BSD Now - the place to B.. SD.","date_published":"2015-02-04T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/34bf4647-35b0-4919-9b96-c12799506f14.mp3","mime_type":"audio/mpeg","size_in_bytes":61549780,"duration_in_seconds":5129}]},{"id":"6e3c9361-afc5-4f27-b2de-a33a6ac82db5","title":"74: That Sly MINIX","url":"https://www.bsdnow.tv/74","content_text":"Coming up this week, we've got something a little bit different for you. We'll be talking with Andrew Tanenbaum, the creator of MINIX. They've recently imported parts of NetBSD into their OS, and we'll find out how and why that came about. As always, all the latest news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nThe missing EuroBSDCon videos\n\n\nSome of the missing videos from EuroBSDCon 2014 we mentioned before have mysteriously appeared\nJordan Hubbard, FreeBSD, looking forward to another 10 years\nLourival Viera Neto, NPF scripting with Lua\nKris Moore, Snapshots, replication and boot environments\nAndy Tanenbaum, A reimplementation of NetBSD based on a microkernel\nKirk McKusick, An introduction to FreeBSD's implementation of ZFS\nEmannuel Dreyfus, FUSE and beyond, bridging filesystems\nJohn-Mark Gurney, Optimizing GELI performance\nUnfortunately, there are still about six talks missing… and no ETA\n***\n\n\nFreeBSD on a MacBook Pro (or two)\n\n\nWe've got a couple posts about running FreeBSD on a MacBook Pro this week\nIn the first one, the author talks a bit about trying to run Linux on his laptop for quite a while, going back and forth between it and something that Just Works™\nEventually he came full circle, and the focus on using only GUI tools got in the way, instead of making things easier\nHe works on a lot of FreeBSD-related software, so switching to it for a desktop seems to be the obvious next step\nHe's still not quite to that point yet, but documents his experiments with BSD as a desktop\nThe second article also documents an ex-Linux user switching over to BSD for their desktop\nIt also covers power management, bluetooth and trackpad setup\nOn the topic of Gentoo, \"Underneath the beautiful and easy-to-use Portage system lies the same glibc, the same turmoil over a switch to a less-than-ideal init system, and the same kernel-level bugs that bring my productivity down\"\nCheck out both articles if you've been considering running FreeBSD on a MacBook\n***\n\n\nRemote logging over TLS\n\n\nIn most of the BSDs, syslogd has been able to remotely send logs to another server for a long time\nThat feature can be very useful, especially for forensics purposes - it's much harder for an attacker to hide their activities if the logs aren't on the same server\nThe problem is, of course, that it's sent in cleartext, unless you tunnel it over SSH or use some kind of third party wrapper\nWith a few recent commits, OpenBSD's syslogd now supports sending logs over TLS natively, including X509 certificate verification\nBy default, syslogd runs as an unprivileged user in a chroot on OpenBSD, so there were some initial concerns about certificate verification - how does that user access the CA chain outside of the chroot?\nThat problem was also conquered, by loading the CA chain directly from memory, so the entire process can be run in the chroot without issue\nSome of the privsep verifcation code even made its way into LibreSSL right afterwards\nIf you haven't set up remote logging before, now might be an interesting time to try it out\n***\n\n\nFreeBSD, not a Linux distro\n\n\nGeorge Neville-Neil gave a presentation recently, titled \"FreeBSD: not a Linux distro\"\nIt's meant to be an introduction to new users that might've heard about FreeBSD, but aren't familiar with any BSD history\nHe goes through some of that history, and talks about what FreeBSD is and why you might want to use it over other options\nThere's even an interesting \"thirty years in three minutes\" segment\nIt's not just a history lesson though, he talks about some of the current features and even some new things coming in the next version(s)\nWe also learn about filesystems, jails, capsicum, clang, dtrace and the various big companies using FreeBSD in their products\nThis might be a good video to show your friends or potential employer if you're looking to introduce FreeBSD to them \n***\n\n\nLong-term support considered harmful\n\n\nThere was recently a pretty horrible bug in GNU's libc (BSDs aren't affected, don't worry)\nAside from the severity of the actual problem, the fix was delayed for quite a long time, leaving people vulnerable\nTed Unangst writes a post about how this idea of long-term support could actually be harmful in the long run, and compares it to how OpenBSD does things\nOpenBSD releases a new version every six months, and only the two most recent releases get support and security fixes\nHe describes this as both a good thing and a bad thing: all the bugs in the ecosystem get flushed out within a year, but it forces people to stay (relatively) up-to-date\n\"Upgrades only get harder and more painful (and more fragile) the longer one goes between them. More changes, more damage. Frequent upgrades amortize the cost and ensure that regressions are caught early.\"\nThere was also some discussion about the article you can check out\n***\n\n\nInterview - Andrew Tanenbaum - info@minix3.org / @minix3\n\nMINIX's integration of NetBSD\n\n\n\nNews Roundup\n\nUsing AFL on OpenBSD\n\n\nWe've talked about American Fuzzy Lop a bit on a previous episode, and how some OpenBSD devs are using it to catch and fix new bugs\nUndeadly has a cool guide on how you can get started with fuzzing\nIt's a little on the advanced side, but if you're interested in programming or diagnosing crashes, it'll be a really interesting article to read\nLots of recent CVEs in other open source projects are attributed to fuzzing - it's a great way to stress test your software\n***\n\n\nLumina 0.8.1 released\n\n\nA new version of Lumina, the BSD-licensed desktop environment from PCBSD, has been released\nThis update includes some new plugins, lots of bugfixes and even \"quality-of-life improvements\"\nThere's a new audio player desktop plugin, a button to easily minimize all windows at once and some cool new customization options\nYou can get it in PCBSD's edge repo or install it through regular ports (on FreeBSD, OpenBSD or DragonFly!)\nIf you haven't seen our episode about Lumina, where we interview the developer and show you a tour of its features, gotta go watch it\n***\n\n\nMy first OpenBSD port\n\n\nThe author of the \"Code Rot \u0026amp; Why I Chose OpenBSD\" article has a new post up, this time about ports\nHe recently made his first port and got it into the tree, so he talks about the whole process from start to finish\nAfter learning some of the basics and becoming comfortable running -current, he noticed there wasn't a port for the \"Otter\" web browser\nAt that point he did what you're supposed to do in that situation, and started working on it himself\nOpenBSD has a great porter's handbook that he referenced throughout the process\nLong story short, his browser of choice is in the official ports collection and now he's the maintainer (and gets to deal with any bug reports, of course)\nIf some software you use isn't available for whatever BSD you're using, you could be the one to make it happen\n***\n\n\nHow to slide with DragonFly\n\n\nDragonFly BSD has a new HAMMER FS utility called \"Slider\"\nIt's used to easily browse through file history and undelete files - imagine something like a commandline version of Apple's Time Machine\nThey have a pretty comprehensive guide on how to use it on their wiki page\nIf you're using HAMMER FS, this is a really handy tool to have, check it out\n***\n\n\nOpenSMTPD with Dovecot and Salt\n\n\nWe recently had a feedback question about which mail servers you can use on BSD - Postfix, Exim and OpenSMTPD being the big three\nThis blog post details how to set up OpenSMTPD, including Dovecot for IMAP and Salt for quick and easy deployment\nIntrigued by it becoming the default MTA in OpenBSD, the author decided to give it a try after being a long-time Postfix fan\n\"Small, fast, stable, and very easy to customize, no more ugly m4 macros to deal with\"\nCheck it out if you've been thinking about configuring your first mail server on any of the BSDs\n***\n\n\nFeedback/Questions\n\n\nChristopher writes in (handbook section)\nMark writes in\nKevin writes in\nStefano writes in\nMatthew writes in\n***\n\n\nMailing List Gold\n\n\nNot that interested actually\nThis guy again\nYep, this is the place\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ve got something a little bit different for you. We\u0026#39;ll be talking with Andrew Tanenbaum, the creator of MINIX. They\u0026#39;ve recently imported parts of NetBSD into their OS, and we\u0026#39;ll find out how and why that came about. As always, all the latest news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2014.eurobsdcon.org/\" rel=\"nofollow\"\u003eThe missing EuroBSDCon videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome of the missing videos from EuroBSDCon 2014 \u003ca href=\"http://www.bsdnow.tv/episodes/2014_11_19-rump_kernels_revisited\" rel=\"nofollow\"\u003ewe mentioned before\u003c/a\u003e have mysteriously appeared\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_27-bridging_the_gap\" rel=\"nofollow\"\u003eJordan Hubbard\u003c/a\u003e, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/01.Keynote%20-%20FreeBSD:%20looking%20forward%20to%20another%2010%20years%20-%20Jordan%20Hubbard.mp4\" rel=\"nofollow\"\u003eFreeBSD, looking forward to another 10 years\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLourival Viera Neto, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/06.NFS%20scripting%20with%20Lua%20-%20Lourival%20Viera%20Neto.mp4\" rel=\"nofollow\"\u003eNPF scripting with Lua\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKris Moore, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/02.Snapshots,%20replication%20and%20boot%20environments%20-%20Kris%20Moore.mp4\" rel=\"nofollow\"\u003eSnapshots, replication and boot environments\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAndy Tanenbaum, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/07.A%20reimplementation%20of%20NetBSD%20based%20on%20a%20microkernel%20-%20Andy%20Tanenbaum.mp4\" rel=\"nofollow\"\u003eA reimplementation of NetBSD based on a microkernel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013-10-02_stacks_of_cache\" rel=\"nofollow\"\u003eKirk McKusick\u003c/a\u003e, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/03.An%20introduction%20to%20the%20implementation%20of%20ZFS%20-%20Kirk%20McKusick.mp4\" rel=\"nofollow\"\u003eAn introduction to FreeBSD\u0026#39;s implementation of ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmannuel Dreyfus, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/05.FUSE%20and%20beyond:%20bridging%20filesystems%20-%20Emannuel%20Dreyfus.mp4\" rel=\"nofollow\"\u003eFUSE and beyond, bridging filesystems\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_10_29-ipsecond_wind\" rel=\"nofollow\"\u003eJohn-Mark Gurney\u003c/a\u003e, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/04.Optimizing%20GELI%20performance%20-%20John-Mark%20Gurney.mp4\" rel=\"nofollow\"\u003eOptimizing GELI performance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUnfortunately, there are still about six talks missing… and no ETA\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://gist.github.com/mpasternacki/974e29d1e3865e940c53\" rel=\"nofollow\"\u003eFreeBSD on a MacBook Pro (or two)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve got a couple posts about running FreeBSD on a MacBook Pro this week\u003c/li\u003e\n\u003cli\u003eIn the first one, the author talks a bit about trying to run Linux on his laptop for quite a while, going back and forth between it and something that Just Works™\u003c/li\u003e\n\u003cli\u003eEventually he came full circle, and the focus on using only GUI tools got in the way, instead of making things easier\u003c/li\u003e\n\u003cli\u003eHe works on a lot of FreeBSD-related software, so switching to it for a desktop seems to be the obvious next step\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s still not quite to that point yet, but documents his experiments with BSD as a desktop\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://blog.foxkit.us/2015/01/freebsd-on-apple-macbook-pro-13-late.html\" rel=\"nofollow\"\u003esecond article\u003c/a\u003e also documents an ex-Linux user switching over to BSD for their desktop\u003c/li\u003e\n\u003cli\u003eIt \u003ca href=\"http://blog.foxkit.us/2015/01/freebsd-on-apple-macbook-pro-82-now.html\" rel=\"nofollow\"\u003ealso covers\u003c/a\u003e power management, bluetooth and trackpad setup\u003c/li\u003e\n\u003cli\u003eOn the topic of Gentoo, \u0026quot;Underneath the beautiful and easy-to-use Portage system lies the same glibc, the same turmoil over a switch to a less-than-ideal init system, and the same kernel-level bugs that bring my productivity down\u0026quot;\u003c/li\u003e\n\u003cli\u003eCheck out both articles if you\u0026#39;ve been considering running FreeBSD on a MacBook\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142136923124184\u0026w=2\" rel=\"nofollow\"\u003eRemote logging over TLS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn most of the BSDs, syslogd has been able to remotely send logs to another server for a long time\u003c/li\u003e\n\u003cli\u003eThat feature can be very useful, especially for forensics purposes - it\u0026#39;s much harder for an attacker to hide their activities if the logs aren\u0026#39;t on the same server\u003c/li\u003e\n\u003cli\u003eThe problem is, of course, that it\u0026#39;s \u003ca href=\"https://en.wikipedia.org/wiki/Syslog#Protocol\" rel=\"nofollow\"\u003esent in cleartext\u003c/a\u003e, unless you tunnel it over SSH or use some kind of third party wrapper\u003c/li\u003e\n\u003cli\u003eWith a few \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142160989610410\u0026w=2\" rel=\"nofollow\"\u003erecent commits\u003c/a\u003e, OpenBSD\u0026#39;s syslogd now supports sending logs over TLS natively, including X509 certificate verification\u003c/li\u003e\n\u003cli\u003eBy default, syslogd runs as an unprivileged user in a chroot on OpenBSD, so there were some initial concerns about certificate verification - how does that user access the CA chain \u003cem\u003eoutside\u003c/em\u003e of the chroot?\u003c/li\u003e\n\u003cli\u003eThat problem \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142188450524692\u0026w=2\" rel=\"nofollow\"\u003ewas also conquered\u003c/a\u003e, by loading the CA chain \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142191799331938\u0026w=2\" rel=\"nofollow\"\u003edirectly from memory\u003c/a\u003e, so the entire process \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142191819131993\u0026w=2\" rel=\"nofollow\"\u003ecan be run in the chroot\u003c/a\u003e without issue\u003c/li\u003e\n\u003cli\u003eSome of the privsep verifcation code even \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142191878632141\u0026w=2\" rel=\"nofollow\"\u003emade its way into\u003c/a\u003e LibreSSL right afterwards\u003c/li\u003e\n\u003cli\u003eIf you haven\u0026#39;t set up remote logging before, now might be an interesting time to try it out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=wwbO4eTieQY\" rel=\"nofollow\"\u003eFreeBSD, not a Linux distro\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGeorge Neville-Neil gave a presentation recently, titled \u0026quot;FreeBSD: not a Linux distro\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s meant to be an introduction to new users that might\u0026#39;ve heard about FreeBSD, but aren\u0026#39;t familiar with any BSD history\u003c/li\u003e\n\u003cli\u003eHe goes through some of that history, and talks about what FreeBSD is and why you might want to use it over other options\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s even an interesting \u0026quot;thirty years in three minutes\u0026quot; segment\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s not just a history lesson though, he talks about some of the current features and even some new things coming in the next version(s)\u003c/li\u003e\n\u003cli\u003eWe also learn about filesystems, jails, capsicum, clang, dtrace and the various big companies using FreeBSD in their products\u003c/li\u003e\n\u003cli\u003eThis might be a good video to show your friends or potential employer if you\u0026#39;re looking to introduce FreeBSD to them \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/long-term-support-considered-harmful\" rel=\"nofollow\"\u003eLong-term support considered harmful\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was recently a \u003ca href=\"https://www.marc.info/?l=bugtraq\u0026m=142237866420639\u0026w=2\" rel=\"nofollow\"\u003epretty horrible bug\u003c/a\u003e in GNU\u0026#39;s libc (BSDs aren\u0026#39;t affected, don\u0026#39;t worry)\u003c/li\u003e\n\u003cli\u003eAside from the severity of the actual problem, the fix was \u003ca href=\"https://code.google.com/p/chromium/issues/detail?id=364511\" rel=\"nofollow\"\u003edelayed\u003c/a\u003e for quite a long time, leaving people vulnerable\u003c/li\u003e\n\u003cli\u003eTed Unangst writes a post about how this \u003ca href=\"https://plus.google.com/u/0/+ArtoPekkanen/posts/88jk5ggXYts?cfem=1\" rel=\"nofollow\"\u003eidea of long-term support\u003c/a\u003e could actually be harmful in the long run, and compares it to how OpenBSD does things\u003c/li\u003e\n\u003cli\u003eOpenBSD releases a new version every six months, and only the two most recent releases get support and security fixes\u003c/li\u003e\n\u003cli\u003eHe describes this as both a good thing and a bad thing: all the bugs in the ecosystem get flushed out within a year, but it forces people to stay (relatively) up-to-date\u003c/li\u003e\n\u003cli\u003e\u0026quot;Upgrades only get harder and more painful (and more fragile) the longer one goes between them. More changes, more damage. Frequent upgrades amortize the cost and ensure that regressions are caught early.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere was also \u003ca href=\"https://lobste.rs/s/a4iijx/long_term_support_considered_harmful\" rel=\"nofollow\"\u003esome\u003c/a\u003e \u003ca href=\"https://news.ycombinator.com/item?id=8954737\" rel=\"nofollow\"\u003ediscussion\u003c/a\u003e about the article you can check out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Andrew Tanenbaum - \u003ca href=\"mailto:info@minix3.org\" rel=\"nofollow\"\u003einfo@minix3.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/minix3\" rel=\"nofollow\"\u003e@minix3\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eMINIX\u0026#39;s integration of NetBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.undeadly.org/cgi?action=article\u0026sid=20150121093259\" rel=\"nofollow\"\u003eUsing AFL on OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked about \u003ca href=\"http://lcamtuf.coredump.cx/afl/\" rel=\"nofollow\"\u003eAmerican Fuzzy Lop\u003c/a\u003e a bit on a previous episode, and how some OpenBSD devs \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026w=2\u0026r=1\u0026s=afl\u0026q=b\" rel=\"nofollow\"\u003eare using it\u003c/a\u003e to catch and fix new bugs\u003c/li\u003e\n\u003cli\u003eUndeadly has a cool guide on how you can get started with fuzzing\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a little on the advanced side, but if you\u0026#39;re interested in programming or diagnosing crashes, it\u0026#39;ll be a really interesting article to read\u003c/li\u003e\n\u003cli\u003eLots of recent CVEs in other open source projects are attributed to fuzzing - it\u0026#39;s a great way to stress test your software\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/01/lumina-desktop-0-8-1-released/\" rel=\"nofollow\"\u003eLumina 0.8.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new version of Lumina, the BSD-licensed desktop environment from PCBSD, has been released\u003c/li\u003e\n\u003cli\u003eThis update includes some new plugins, lots of bugfixes and even \u0026quot;quality-of-life improvements\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a new audio player desktop plugin, a button to easily minimize all windows at once and some cool new customization options\u003c/li\u003e\n\u003cli\u003eYou can get it in PCBSD\u0026#39;s edge repo or install it through regular ports (on FreeBSD, OpenBSD \u003cem\u003eor\u003c/em\u003e DragonFly!)\u003c/li\u003e\n\u003cli\u003eIf you haven\u0026#39;t seen our episode about Lumina, where we interview the developer and show you a tour of its features, \u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_10-luminary_environment\" rel=\"nofollow\"\u003egotta go watch it\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://homing-on-code.blogspot.com/2015/01/my-first-openbsd-port.html\" rel=\"nofollow\"\u003eMy first OpenBSD port\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author of the \u0026quot;Code Rot \u0026amp; Why I Chose OpenBSD\u0026quot; article has a new post up, this time about ports\u003c/li\u003e\n\u003cli\u003eHe recently made his first port and got it into the tree, so he talks about the whole process from start to finish\u003c/li\u003e\n\u003cli\u003eAfter learning some of the basics and becoming comfortable running -current, he noticed there wasn\u0026#39;t a port for the \u0026quot;Otter\u0026quot; web browser\u003c/li\u003e\n\u003cli\u003eAt that point he did what you\u0026#39;re \u003cem\u003esupposed to do\u003c/em\u003e in that situation, and started working on it himself\u003c/li\u003e\n\u003cli\u003eOpenBSD has a great \u003ca href=\"http://www.openbsd.org/faq/ports/\" rel=\"nofollow\"\u003eporter\u0026#39;s handbook\u003c/a\u003e that he referenced throughout the process\u003c/li\u003e\n\u003cli\u003eLong story short, his browser of choice is in the official ports collection and now he\u0026#39;s the maintainer (and gets to deal with any bug reports, of course)\u003c/li\u003e\n\u003cli\u003eIf some software you use isn\u0026#39;t available for whatever BSD you\u0026#39;re using, you could be the one to make it happen\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/docs/docs/howtos/howtoslide/\" rel=\"nofollow\"\u003eHow to slide with DragonFly\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFly BSD has a new HAMMER FS utility called \u0026quot;Slider\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s used to easily browse through file history and undelete files - imagine something like a commandline version of Apple\u0026#39;s Time Machine\u003c/li\u003e\n\u003cli\u003eThey have a pretty comprehensive guide on how to use it on their wiki page\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re using HAMMER FS, this is a really handy tool to have, check it out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.al-shami.net/2015/01/howto-small-mail-server-with-salt-dovecot-and-opensmtpd/\" rel=\"nofollow\"\u003eOpenSMTPD with Dovecot and Salt\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe recently had a feedback question about which mail servers you can use on BSD - Postfix, Exim and OpenSMTPD being the big three\u003c/li\u003e\n\u003cli\u003eThis blog post details how to set up OpenSMTPD, including Dovecot for IMAP and Salt for quick and easy deployment\u003c/li\u003e\n\u003cli\u003eIntrigued by it becoming the default MTA in OpenBSD, the author decided to give it a try after being a long-time Postfix fan\u003c/li\u003e\n\u003cli\u003e\u0026quot;Small, fast, stable, and very easy to customize, no more ugly m4 macros to deal with\u0026quot;\u003c/li\u003e\n\u003cli\u003eCheck it out if you\u0026#39;ve been thinking about configuring your first mail server on any of the BSDs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20q2fSfEO\" rel=\"nofollow\"\u003eChristopher writes in\u003c/a\u003e (\u003ca href=\"https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html#jails-ezjail-update-os\" rel=\"nofollow\"\u003ehandbook section\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2zGvAczeN\" rel=\"nofollow\"\u003eMark writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Dn2Tey8\" rel=\"nofollow\"\u003eKevin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s215nxxrtF\" rel=\"nofollow\"\u003eStefano writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20cwezc9l\" rel=\"nofollow\"\u003eMatthew writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=142194821910087\u0026w=2\" rel=\"nofollow\"\u003eNot that interested actually\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-jail/2015-January/002742.html\" rel=\"nofollow\"\u003eThis guy again\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-doc/2015-January/024888.html\" rel=\"nofollow\"\u003eYep, this is the place\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we've got something a little bit different for you. We'll be talking with Andrew Tanenbaum, the creator of MINIX. They've recently imported parts of NetBSD into their OS, and we'll find out how and why that came about. As always, all the latest news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2015-01-28T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6e3c9361-afc5-4f27-b2de-a33a6ac82db5.mp3","mime_type":"audio/mpeg","size_in_bytes":54813172,"duration_in_seconds":4567}]},{"id":"bca95163-7c0b-4440-902b-594ea8c61554","title":"73: Pipe Dreams","url":"https://www.bsdnow.tv/73","content_text":"This week on the show we'll be chatting with David Maxwell, a former NetBSD security officer. He's got an interesting project called Pipecut that takes a whole new approach to the commandline. We've also got answers to viewer-submitted questions and all this week's headlines, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD quarterly status report\n\n\nThe FreeBSD team has posted an updated on some of their activities between October and December of 2014\nThey put a big focus on compatibility with other systems: the Linux emulation layer, bhyve, WINE and Xen all got some nice improvements\nAs always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure\nThe release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs\nFreeBSD's forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)\nGit was promoted from beta to an officially-supported version control system (Kris is happy)\nThe core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints\nOther notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more \"cloud\" services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements\nCheck out the full report for all the details that we didn't cover\n***\n\n\nOpenBSD package signature audit\n\n\n\"Linux Audit\" is a website focused on auditing and hardening systems, as well as educating people about securing their boxes\nThey recently did an article about OpenBSD, specifically their ports and package system and signing infrastructure\nThe author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed\nPackage signature formats and public key distribution methods are also touched on\nAfter some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future\nIf you haven't seen our episode about signify with Ted Unangst, that would be a great one to check out after reading this\n***\n\n\nReplacing a Linux router with BSD\n\n\nThere was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one\nThe poster begins with \"I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs.\"\nA lot of people were quick to recommend OPNsense and pfSense, being that they're very easy to administer (requiring basically no BSD knowledge at all)\nOther commenters suggested a more hands-on approach, setting one up yourself with FreeBSD or OpenBSD\nIf you've been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through\nUnfortunately, a lot of the comments are just Linux users bickering about systemd, so you'll have to wade through some of that to get to the good information\n***\n\n\nLibreSSL in FreeBSD and OPNsense\n\n\nA FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)\nThe reasoning being that updates in base tend to lag behind, whereas the port can be updated for security very quickly\nOPNsense developers are looking into  switching away from OpenSSL to LibreSSL's portable version, for both their ports and base system, which would be a pretty huge differentiator for their project\nSome ports still need fixing to be compatible though, particularly a few python-related ones\nIf you're a FreeBSD ports person, get involved and help squash some of the last remaining bugs\nA lot of the work has already been done in OpenBSD's ports tree - some patches just need to be adopted\nMore and more upstream projects are incorporating LibreSSL patches in their code - let your favorite software vendor know that you're using it\n***\n\n\nInterview - David Maxwell - david@netbsd.org / @david_w_maxwell\n\nPipecut, text processing, commandline wizardry\n\n\n\nNews Roundup\n\nJetpack, a new jail container system\n\n\nA new project was launched to adapt FreeBSD jails to the \"app container specification\"\nWhile still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker\nIt's a similar project to iocage or bsdploy, which we haven't talked a whole lot about\nThere was also some discussion about it on Hacker News\n***\n\n\nSeparating base and package binaries\n\n\nAll of the main BSDs make a strong separation between the base system and third party software\nThis is in contrast to Linux where there's no real concept of a \"base system\" - more recently, some distros have even merged all the binaries into a single directory\nA user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies\nRead the comments for the full explanation, but having things separated really helps keep things organized\n***\n\n\nUpdated i915kms driver for FreeBSD\n\n\nThis update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward\nIt doesn't introduce Haswell support just yet, but was required before the Haswell bits can be added\n***\n\n\nYear of the OpenBSD desktop\n\n\nHere we have an article about using OpenBSD as a daily driver for regular desktop usage\nThe author says he \"ran fifty thousand different distributions, never being satisfied\"\nAfter dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook\nHe also used FreeBSD between versions 7 and 9, finding a \"a mostly harmonious environment,\" but regressions lead him to give up on desktop *nix once again\nStarting with 2015, he's back and is using OpenBSD on a Thinkpad x201\nThe rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup\nHe apparently used our desktop tutorial - thanks for watching!\n***\n\n\nUnattended FreeBSD installation\n\n\nA new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE\nHis goal was to have a setup similar to Redhat's \"kickstart\" or OpenBSD's autoinstall\nThe article shows you how to set up DHCP and TFTP, with no NFS share setup required\nHe also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you\n***\n\n\nFeedback/Questions\n\n\nRobert writes in\nSean writes in\nl33tname writes in\nCharlie writes in\nEric writes in\n***\n\n\nMailing List Gold\n\n\nClowning around\nBetter than succeeding in this case\n***\n","content_html":"\u003cp\u003eThis week on the show we\u0026#39;ll be chatting with David Maxwell, a former NetBSD security officer. He\u0026#39;s got an interesting project called Pipecut that takes a whole new approach to the commandline. We\u0026#39;ve also got answers to viewer-submitted questions and all this week\u0026#39;s headlines, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/1.png\" alt=\"iXsystems - Enterprise Servers and Storage for Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.digitalocean.com/\" title=\"DigitalOcean\"\u003e\u003cimg src=\"/images/2.png\" alt=\"DigitalOcean - Simple Cloud Hosting, Built for Developers\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/3.png\" alt=\"Tarsnap - Online Backups for the Truly Paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2014-10-2014-12.html\" rel=\"nofollow\"\u003eFreeBSD quarterly status report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD team has posted an updated on some of their activities between October and December of 2014\u003c/li\u003e\n\u003cli\u003eThey put a big focus on compatibility with other systems: the Linux emulation layer, \u003ca href=\"http://www.bsdnow.tv/tutorials/bhyve\" rel=\"nofollow\"\u003ebhyve\u003c/a\u003e, WINE and Xen all got some nice improvements\u003c/li\u003e\n\u003cli\u003eAs always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure\u003c/li\u003e\n\u003cli\u003eThe release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs\u003c/li\u003e\n\u003cli\u003eFreeBSD\u0026#39;s forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)\u003c/li\u003e\n\u003cli\u003eGit was promoted from beta to an officially-supported version control system (Kris is happy)\u003c/li\u003e\n\u003cli\u003eThe core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints\u003c/li\u003e\n\u003cli\u003eOther notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more \u0026quot;cloud\u0026quot; services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements\u003c/li\u003e\n\u003cli\u003eCheck out the full report for all the details that we didn\u0026#39;t cover\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://linux-audit.com/vulnerabilities-and-digital-signatures-for-openbsd-software-packages/\" rel=\"nofollow\"\u003eOpenBSD package signature audit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Linux Audit\u0026quot; is a website focused on auditing and hardening systems, as well as educating people about securing their boxes\u003c/li\u003e\n\u003cli\u003eThey recently did an article about OpenBSD, specifically their \u003ca href=\"http://www.bsdnow.tv/tutorials/ports-obsd\" rel=\"nofollow\"\u003eports and package system\u003c/a\u003e and signing infrastructure\u003c/li\u003e\n\u003cli\u003eThe author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed\u003c/li\u003e\n\u003cli\u003ePackage signature formats and public key distribution methods are also touched on\u003c/li\u003e\n\u003cli\u003eAfter some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future\u003c/li\u003e\n\u003cli\u003eIf you haven\u0026#39;t seen \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eour episode about signify\u003c/a\u003e with Ted Unangst, that would be a great one to check out after reading this\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ask.slashdot.org/story/15/01/15/1547209/ask-slashdot-migrating-a-router-from-linux-to-bsd\" rel=\"nofollow\"\u003eReplacing a Linux router with BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one\u003c/li\u003e\n\u003cli\u003eThe poster begins with \u0026quot;I\u0026#39;m in the camp that doesn\u0026#39;t trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I\u0026#39;d run Windows NT, not Linux. So I\u0026#39;ve decided to migrate my homebrew router/firewall/samba server to one of the BSDs.\u0026quot;\u003c/li\u003e\n\u003cli\u003eA lot of people were quick to recommend \u003ca href=\"http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach\" rel=\"nofollow\"\u003eOPNsense\u003c/a\u003e and pfSense, being that they\u0026#39;re very easy to administer (requiring basically no BSD knowledge at all)\u003c/li\u003e\n\u003cli\u003eOther commenters suggested a more hands-on approach, setting one up yourself with \u003ca href=\"http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e or \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eOpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through\u003c/li\u003e\n\u003cli\u003eUnfortunately, a lot of the comments are just Linux users bickering about systemd, so you\u0026#39;ll have to wade through some of that to get to the good information\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdxbsdx.blogspot.com/2015/01/switching-to-openssl-from-ports-in.html\" rel=\"nofollow\"\u003eLibreSSL in FreeBSD and OPNsense\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)\u003c/li\u003e\n\u003cli\u003eThe reasoning being that updates in base \u003ca href=\"http://www.openbsd.org/papers/eurobsdcon2014-libressl.html\" rel=\"nofollow\"\u003etend to lag behind\u003c/a\u003e, whereas the port can be updated for security very quickly\u003c/li\u003e\n\u003cli\u003eOPNsense developers are \u003ca href=\"https://twitter.com/fitchitis/status/555625679614521345\" rel=\"nofollow\"\u003elooking into\u003c/a\u003e  \u003ca href=\"http://forum.opnsense.org/index.php?topic=21.0\" rel=\"nofollow\"\u003eswitching away\u003c/a\u003e from OpenSSL to \u003ca href=\"http://www.bsdnow.tv/episodes/2014_07_30-liberating_ssl\" rel=\"nofollow\"\u003eLibreSSL\u0026#39;s portable version\u003c/a\u003e, for both their ports and base system, which would be a pretty huge differentiator for their project\u003c/li\u003e\n\u003cli\u003eSome ports \u003ca href=\"https://bugs.freebsd.org/bugzilla/buglist.cgi?order=Importance\u0026query_format=advanced\u0026short_desc=libressl\u0026short_desc_type=allwordssubstr\" rel=\"nofollow\"\u003estill need fixing\u003c/a\u003e to be compatible though, particularly \u003ca href=\"https://github.com/opnsense/ports/commit/c15af648e9d5fcecf0ae666292e8f41c08979057\" rel=\"nofollow\"\u003ea few\u003c/a\u003e \u003ca href=\"https://github.com/pyca/cryptography/issues/928\" rel=\"nofollow\"\u003epython-related\u003c/a\u003e ones\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re a FreeBSD ports person, get involved and help squash some of the last remaining bugs\u003c/li\u003e\n\u003cli\u003eA lot of the work has already been done \u003ca href=\"http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/\" rel=\"nofollow\"\u003ein OpenBSD\u0026#39;s ports tree\u003c/a\u003e - some patches just need to be adopted\u003c/li\u003e\n\u003cli\u003eMore and more upstream projects are incorporating LibreSSL patches in their code - let your favorite software vendor know that you\u0026#39;re using it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - David Maxwell - \u003ca href=\"mailto:david@netbsd.org\" rel=\"nofollow\"\u003edavid@netbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/david_w_maxwell\" rel=\"nofollow\"\u003e@david_w_maxwell\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=CZHEZHK4jRc\" rel=\"nofollow\"\u003ePipecut\u003c/a\u003e, text processing, commandline wizardry\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/3ofcoins/jetpack\" rel=\"nofollow\"\u003eJetpack, a new jail container system\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new project was launched to adapt FreeBSD jails to the \u0026quot;app container specification\u0026quot;\u003c/li\u003e\n\u003cli\u003eWhile still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a similar project to \u003ca href=\"https://github.com/pannon/iocage\" rel=\"nofollow\"\u003eiocage\u003c/a\u003e or \u003ca href=\"https://github.com/ployground/bsdploy\" rel=\"nofollow\"\u003ebsdploy\u003c/a\u003e, which we haven\u0026#39;t talked a whole lot about\u003c/li\u003e\n\u003cli\u003eThere was also \u003ca href=\"https://news.ycombinator.com/item?id=8893630\" rel=\"nofollow\"\u003esome discussion\u003c/a\u003e about it on Hacker News\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/BSD/comments/2szofc\" rel=\"nofollow\"\u003eSeparating base and package binaries\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAll of the main BSDs make a strong separation between the base system and third party software\u003c/li\u003e\n\u003cli\u003eThis is in contrast to Linux where there\u0026#39;s no real concept of a \u0026quot;base system\u0026quot; - more recently, some distros have even merged all the binaries into a single directory\u003c/li\u003e\n\u003cli\u003eA user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies\u003c/li\u003e\n\u003cli\u003eRead the comments for the full explanation, but having things separated really helps keep things organized\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=277487\" rel=\"nofollow\"\u003eUpdated i915kms driver for FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward\u003c/li\u003e\n\u003cli\u003eIt doesn\u0026#39;t introduce Haswell support just yet, but was required before the Haswell bits can be added\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://zacbrown.org/2015/01/18/openbsd-as-a-desktop/\" rel=\"nofollow\"\u003eYear of the OpenBSD desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere we have an article about using OpenBSD as a daily driver for regular desktop usage\u003c/li\u003e\n\u003cli\u003eThe author says he \u0026quot;ran fifty thousand different distributions, never being satisfied\u0026quot;\u003c/li\u003e\n\u003cli\u003eAfter dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook\u003c/li\u003e\n\u003cli\u003eHe also used FreeBSD between versions 7 and 9, finding a \u0026quot;a mostly harmonious environment,\u0026quot; but regressions lead him to give up on desktop *nix once again\u003c/li\u003e\n\u003cli\u003eStarting with 2015, he\u0026#39;s back and is using OpenBSD on a Thinkpad x201\u003c/li\u003e\n\u003cli\u003eThe rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup\u003c/li\u003e\n\u003cli\u003eHe apparently used \u003ca href=\"http://www.bsdnow.tv/tutorials/the-desktop-obsd\" rel=\"nofollow\"\u003eour desktop tutorial\u003c/a\u003e - thanks for watching!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://louwrentius.com/freebsd-101-unattended-install-over-pxe-http-no-nfs.html\" rel=\"nofollow\"\u003eUnattended FreeBSD installation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE\u003c/li\u003e\n\u003cli\u003eHis goal was to have a setup similar to Redhat\u0026#39;s \u0026quot;kickstart\u0026quot; or \u003ca href=\"http://www.bsdnow.tv/tutorials/autoinstall\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s autoinstall\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe article shows you how to set up DHCP and TFTP, with no NFS share setup required\u003c/li\u003e\n\u003cli\u003eHe also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20UsZjN4h\" rel=\"nofollow\"\u003eRobert writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s219cMQz3U\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2EkzMUMyb\" rel=\"nofollow\"\u003el33tname writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2nq6L6H1n\" rel=\"nofollow\"\u003eCharlie writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21EGqUYLd\" rel=\"nofollow\"\u003eEric writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=142159202606668\u0026w=2\" rel=\"nofollow\"\u003eClowning around\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2015-January/097734.html\" rel=\"nofollow\"\u003eBetter than succeeding in this case\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show we'll be chatting with David Maxwell, a former NetBSD security officer. He's got an interesting project called Pipecut that takes a whole new approach to the commandline. We've also got answers to viewer-submitted questions and all this week's headlines, on BSD Now - the place to B.. SD.","date_published":"2015-01-21T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bca95163-7c0b-4440-902b-594ea8c61554.mp3","mime_type":"audio/mpeg","size_in_bytes":65969428,"duration_in_seconds":5497}]},{"id":"efe89103-4a81-4974-89f3-cb650975dace","title":"72: Common *Sense Approach","url":"https://www.bsdnow.tv/72","content_text":"This week on the show, we'll be talking to Jos Schellevis about OPNsense, a new firewall project that was forked from pfSense. We'll learn some of the backstory and see what they've got planned for the future. We've also got all this week's news and answers to all your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBe your own VPN provider with OpenBSD\n\n\nWe've covered how to build a BSD-based gateway that tunnels all your traffic through a VPN in the past - but what if you don't trust any VPN company?\nIt's easy for anyone to say \"of course we don't run a modified version of OpenVPN that logs all your traffic... what are you talking about?\"\nThe VPN provider might also be slow to apply security patches, putting you and the rest of the users at risk\nWith this guide, you'll be able to cut out the middleman and create your own VPN, using OpenBSD\nIt covers topics such as protecting your server, securing DNS lookups, configuring the firewall properly, general security practices and of course actually setting up the VPN\n***\n\n\nFreeBSD vs Gentoo comparison\n\n\nPeople coming over from Linux will sometimes compare FreeBSD to Gentoo, mostly because of the ports-like portage system for installing software\nThis article takes that notion and goes much more in-depth, with lots more comparisons between the two systems\nThe author mentions that the installers are very different, ports and portage have many subtle differences and a few other things\nIf you're a curious Gentoo user considering FreeBSD, this might be a good article to check out to learn a bit more\n***\n\n\nKernel WX in OpenBSD\n\n\nWX, \"Write XOR Execute,\" is a security feature of OpenBSD with a rather strange-looking name\nIt's meant to be an exploit mitigation technique, disallowing pages in the address space of a process to be both writable and executable at the same time\nThis helps prevent some types of buffer overflows: code injected into it won't execute, but will crash the program (quite obviously the lesser of the two evils)\nThrough some recent work, OpenBSD's kernel now has no part of the address space without this feature - whereas it was only enabled in the userland previously\nDoing this incorrectly in the kernel could lead to far worse consequences, and is a lot harder to debug, so this is a pretty huge accomplishment that's been in the works for a while\nMore technical details can be found in some recent CVS commits\n***\n\n\nBuilding an IPFW-based router\n\n\nWe've covered building routers with PF many times before, but what about IPFW?\nA certain host of a certain podcast decided it was finally time to replace his disappointing consumer router with something BSD-based\nIn this blog post, Kris details his experience building and configuring a new router for his home, using IPFW as the firewall\nHe covers in-kernel NAT and NATD, installing a DHCP server from packages and even touches on NAT reflection a bit\nIf you're an IPFW fan and are thinking about putting together a new router, give this post a read\n***\n\n\nInterview - Jos Schellevis - project@opnsense.org / @opnsense\n\nThe birth of OPNsense\n\n\n\nNews Roundup\n\nOn profiling HTTP\n\n\nAdrian Chadd, who we've had on the show before, has been doing some more ultra-high performance testing\nFaced with the problem of how to generate a massive amount of HTTP traffic, he looked into the current state of benchmarking tools\nAccording to him, it's \"not very pretty\"\nHe decided to work on a new tool to benchmark huge amounts of web traffic, and the rest of this post describes the whole process\nYou can check out his new code on Github right now\n***\n\n\nUsing divert(4) to reduce attacks\n\n\nWe talked about using divert(4) with PF last week, and this post is a good follow-up to that introduction (though unrelated to that series)\nIt talks about how you can use divert, combined with some blacklists, to reduce attacks on whatever public services you're running\nPF has good built-in rate limiting for abusive IPs that hit rapidly, but when they attack slowly over a longer period of time, that won't work\nThe Composite Blocking List is a public DNS blocklist, operated alongside Spamhaus, that contains many IPs known to be malicious\nConsider setting this up to reduce the attack spam in your logs if you run public services\n***\n\n\nChaCha20 patchset for GELI\n\n\nA user has posted a patch to the freebsd-hackers list that adds ChaCha support to GELI, the disk encryption system\nThere are also some benchmarks that look pretty good in terms of performance\nCurrently, GELI defaults to AES in XTS mode with a few tweakable options (but also supports Blowfish, Camellia and Triple DES)\nThere's some discussion going on about whether a stream cipher is suitable or not for disk encryption though, so this might not be a match made in heaven just yet\n***\n\n\nPCBSD update system enhancements\n\n\nThe PCBSD update utility has gotten an update itself, now supporting automatic upgrades\nYou can choose what parts of your system you want to let it automatically handle (packages, security updates)\nThe update system uses ZFS and Boot Environments for safe updating and bypasses some dubious pkgng functionality\nThere's also a new graphical frontend available for it\n***\n\n\nFeedback/Questions\n\n\nMat writes in\nChris writes in\nAndy writes in\nBeau writes in \nKutay writes in\n***\n\n\nMailing List Gold\n\n\nWait, a real one?\nWhat's that glowing...\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ll be talking to Jos Schellevis about OPNsense, a new firewall project that was forked from pfSense. We\u0026#39;ll learn some of the backstory and see what they\u0026#39;ve got planned for the future. We\u0026#39;ve also got all this week\u0026#39;s news and answers to all your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://networkfilter.blogspot.com/2015/01/be-your-own-vpn-provider-with-openbsd.html\" rel=\"nofollow\"\u003eBe your own VPN provider with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve covered how to build a BSD-based gateway that tunnels all your traffic through a VPN in the past - but what if you don\u0026#39;t trust any VPN company?\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s easy for anyone to say \u0026quot;of course we don\u0026#39;t run a modified version of OpenVPN that logs all your traffic... what are you talking about?\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe VPN provider might also be slow to apply security patches, putting you and the rest of the users at risk\u003c/li\u003e\n\u003cli\u003eWith this guide, you\u0026#39;ll be able to cut out the middleman and create your own VPN, using OpenBSD\u003c/li\u003e\n\u003cli\u003eIt covers topics such as protecting your server, securing DNS lookups, configuring the firewall properly, general security practices and of course actually setting up the VPN\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.iwillfolo.com/2015/01/comparison-gentoo-vs-freebsd-tweak-tweak-little-star/\" rel=\"nofollow\"\u003eFreeBSD vs Gentoo comparison\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeople coming over from Linux will sometimes compare FreeBSD to Gentoo, mostly because of the ports-like portage system for installing software\u003c/li\u003e\n\u003cli\u003eThis article takes that notion and goes much more in-depth, with lots more comparisons between the two systems\u003c/li\u003e\n\u003cli\u003eThe author mentions that the installers are very different, ports and portage have many subtle differences and a few other things\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re a curious Gentoo user considering FreeBSD, this might be a good article to check out to learn a bit more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=142120787308107\u0026w=2\" rel=\"nofollow\"\u003eKernel W\u003csup\u003eX\u003c/sup\u003e in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eW\u003csup\u003eX,\u003c/sup\u003e \u0026quot;\u003ca href=\"https://en.wikipedia.org/wiki/W%5EX\" rel=\"nofollow\"\u003eWrite XOR Execute\u003c/a\u003e,\u0026quot; is a security feature of OpenBSD with a rather strange-looking name\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s meant to be an exploit mitigation technique, disallowing pages in the address space of a process to be both writable and executable at the same time\u003c/li\u003e\n\u003cli\u003eThis helps prevent some types of buffer overflows: code injected into it \u003cem\u003ewon\u0026#39;t\u003c/em\u003e execute, but \u003cem\u003ewill\u003c/em\u003e crash the program (quite obviously the lesser of the two evils)\u003c/li\u003e\n\u003cli\u003eThrough some recent work, OpenBSD\u0026#39;s kernel now has no part of the address space without this feature - whereas it was only enabled in the userland \u003ca href=\"http://www.openbsd.org/papers/ru13-deraadt/\" rel=\"nofollow\"\u003epreviously\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoing this incorrectly in the kernel could lead to \u003cstrong\u003efar worse\u003c/strong\u003e consequences, and is a lot harder to debug, so this is a pretty huge accomplishment that\u0026#39;s been in the works for a while\u003c/li\u003e\n\u003cli\u003eMore technical details can be found in some \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141917924602780\u0026w=2\" rel=\"nofollow\"\u003erecent CVS commits\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/\" rel=\"nofollow\"\u003eBuilding an IPFW-based router\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve covered building \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003erouters with PF\u003c/a\u003e many times before, but what about \u003ca href=\"https://www.freebsd.org/doc/handbook/firewalls-ipfw.html\" rel=\"nofollow\"\u003eIPFW\u003c/a\u003e?\u003c/li\u003e\n\u003cli\u003eA certain host of a certain podcast decided it was finally time to replace his \u003ca href=\"https://github.com/jduck/asus-cmd\" rel=\"nofollow\"\u003edisappointing\u003c/a\u003e consumer router with something BSD-based\u003c/li\u003e\n\u003cli\u003eIn this blog post, Kris details his experience building and configuring a new router for his home, using IPFW as the firewall\u003c/li\u003e\n\u003cli\u003eHe covers in-kernel NAT and NATD, installing a DHCP server from packages and even touches on NAT reflection a bit\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re an IPFW fan and are thinking about putting together a new router, give this post a read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jos Schellevis - \u003ca href=\"mailto:project@opnsense.org\" rel=\"nofollow\"\u003eproject@opnsense.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/opnsense\" rel=\"nofollow\"\u003e@opnsense\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe birth of \u003ca href=\"http://opnsense.org\" rel=\"nofollow\"\u003eOPNsense\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2015/01/on-profiling-http-or-god-damnit-people.html\" rel=\"nofollow\"\u003eOn profiling HTTP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd, who \u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_17-the_promised_wlan\" rel=\"nofollow\"\u003ewe\u0026#39;ve had on the show before\u003c/a\u003e, has been doing some more ultra-high performance testing\u003c/li\u003e\n\u003cli\u003eFaced with the problem of how to generate a massive amount of HTTP traffic, he looked into the current state of benchmarking tools\u003c/li\u003e\n\u003cli\u003eAccording to him, it\u0026#39;s \u0026quot;not very pretty\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe decided to work on a new tool to benchmark huge amounts of web traffic, and the rest of this post describes the whole process\u003c/li\u003e\n\u003cli\u003eYou can check out his new code \u003ca href=\"https://github.com/erikarn/libevhtp-http/\" rel=\"nofollow\"\u003eon Github\u003c/a\u003e right now\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://daemonforums.org/showthread.php?s=db0dd79ca26eb645eadd2d8abd267cae\u0026t=8846\" rel=\"nofollow\"\u003eUsing divert(4) to reduce attacks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe talked about using \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/divert.4\" rel=\"nofollow\"\u003edivert(4)\u003c/a\u003e with PF last week, and this post is a good follow-up to that introduction (though unrelated to that series)\u003c/li\u003e\n\u003cli\u003eIt talks about how you can use divert, combined with some blacklists, to reduce attacks on whatever public services you\u0026#39;re running\u003c/li\u003e\n\u003cli\u003ePF has good built-in rate limiting for abusive IPs that hit rapidly, but when they attack slowly over a longer period of time, that won\u0026#39;t work\u003c/li\u003e\n\u003cli\u003eThe Composite Blocking List is a public DNS blocklist, operated alongside Spamhaus, that contains many IPs known to be malicious\u003c/li\u003e\n\u003cli\u003eConsider setting this up to reduce the attack spam in your logs if you run public services\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046814.html\" rel=\"nofollow\"\u003eChaCha20 patchset for GELI\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA user has posted a patch to the freebsd-hackers list that adds ChaCha support to GELI, the \u003ca href=\"http://www.bsdnow.tv/tutorials/fde\" rel=\"nofollow\"\u003edisk encryption\u003c/a\u003e system\u003c/li\u003e\n\u003cli\u003eThere are also some benchmarks that look pretty good in terms of performance\u003c/li\u003e\n\u003cli\u003eCurrently, GELI defaults to AES \u003ca href=\"https://en.wikipedia.org/wiki/Disk_encryption_theory#XEX-based_tweaked-codebook_mode_with_ciphertext_stealing_.28XTS.29\" rel=\"nofollow\"\u003ein XTS mode\u003c/a\u003e with a few tweakable options (but also supports Blowfish, Camellia and Triple DES)\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046824.html\" rel=\"nofollow\"\u003esome discussion\u003c/a\u003e going on about whether a \u003ca href=\"https://en.wikipedia.org/wiki/Stream_cipher\" rel=\"nofollow\"\u003estream cipher\u003c/a\u003e is \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046834.html\" rel=\"nofollow\"\u003esuitable or not\u003c/a\u003e for disk encryption though, so this might not be a match made in heaven just yet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2015/01/new-update-gui-for-pc-bsd-automatic-updates/\" rel=\"nofollow\"\u003ePCBSD update system enhancements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe PCBSD update utility has gotten an update itself, now supporting automatic upgrades\u003c/li\u003e\n\u003cli\u003eYou can choose what parts of your system you want to let it automatically handle (packages, security updates)\u003c/li\u003e\n\u003cli\u003eThe update system uses ZFS and Boot Environments for safe updating and bypasses some dubious pkgng functionality\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a new graphical frontend available for it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2XJhAsffU\" rel=\"nofollow\"\u003eMat writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20qnSHujZ\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21O0MShqi\" rel=\"nofollow\"\u003eAndy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2LutVQOXN\" rel=\"nofollow\"\u003eBeau writes in\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Esexdrc\" rel=\"nofollow\"\u003eKutay writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.mail-archive.com/advocacy@openbsd.org/msg02249.html\" rel=\"nofollow\"\u003eWait, a real one?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=142125454022458\u0026w=2\" rel=\"nofollow\"\u003eWhat\u0026#39;s that glowing...\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we'll be talking to Jos Schellevis about OPNsense, a new firewall project that was forked from pfSense. We'll learn some of the backstory and see what they've got planned for the future. We've also got all this week's news and answers to all your emails, on BSD Now - the place to B.. SD.","date_published":"2015-01-14T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/efe89103-4a81-4974-89f3-cb650975dace.mp3","mime_type":"audio/mpeg","size_in_bytes":57654580,"duration_in_seconds":4804}]},{"id":"b9b0efcb-197e-4dfc-a239-5ae487a72e51","title":"71: System Disaster","url":"https://www.bsdnow.tv/71","content_text":"This time on the show, we'll be talking to Ian Sutton about his new BSD compatibility wrappers for various systemd dependencies. Don't worry, systemd is not being ported to BSD! We're still safe! We've also got all the week's news and answers to your emails, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nIntroducing OPNsense, a pfSense fork\n\n\nOPNsense is a new BSD-based firewall project that was recently started, forked from the pfSense codebase\nEven though it's just been announced, they already have a formal release based on FreeBSD 10 (pfSense's latest stable release is based on 8.3)\nThe core team includes a well-known DragonFlyBSD developer\nYou can check out their code on Github now, or download an image and try it out - let us know if you do and what you think about it\nThey also have a nice wiki and some instructions on getting started for new users\nWe plan on having them on the show next week to learn a bit more about how the project got started and why you might want to use it - stay tuned\n***\n\n\nCode rot and why I chose OpenBSD\n\n\nHere we have a blog post about rotting codebases - a core banking system in this example\nThe author tells the story of how his last days spent at the job were mostly removing old, dead code from a giant project\nHe goes on to compare it to OpenSSL and the hearbleed disaster, from which LibreSSL was born\nInstead of just bikeshedding like the rest of the internet, OpenBSD \"silently started putting the beast into shape\" as he puts it\nThe article continues on to mention OpenBSD's code review process, and how it catches any bugs so we don't have more heartbleeds\n\"In OpenBSD you are encouraged to run current and the whole team tries its best to make current as stable as it can. You know why? They eat their own dog food. That's so simple yet so amazing that it blows my mind. Developers actually run OpenBSD on their machines daily.\"\nIt's a very long and detailed story about how the author has gotten more involved with BSD, learned from the mailing lists and even started contributing back - he says \"In summary, I'm learning more than ever - computing is fun again\"\nLook for the phrase \"Getting Started\" in the blog post for a nice little gem\n***\n\n\nZFS vs HAMMER FS\n\n\nOne of the topics we've seen come up from time to time is how FreeBSD's ZFS and DragonFly's HAMMER FS compare to each other\nThey both have a lot of features that traditional filesystems lack\nA forum thread was opened for discussion about them both and what they're typically used for\nIt compares resource requirements, ideal hardware and pros/cons of each\nHopefully someone will do another new comparison when HAMMER 2 is finished\nThis is not to be confused with the other \"hammer\" filesystem\n***\n\n\nPortable OpenNTPD revived\n\n\nWith ISC's NTPd having so many security vulnerabilities recently, people need an alternative NTP daemon\nOpenBSD has developed OpenNTPD since 2004, but the portable version for other operating systems hasn't been actively maintained in a few years\nThe older version still works fine, and is in FreeBSD ports and NetBSD pkgsrc, but it would be nice to have some of the newer features and fixes from the native version\nBrent Cook, who we've had on the show before to talk about LibreSSL, decided it was time to fix this\nWhile looking through the code, he also found some fixes for the native version as well\nYou can grab it from Github now, or just wait for the updated release to hit the repos of your OS of choice\n***\n\n\nInterview - Ian Sutton - ian@kremlin.cc\n\nBSD replacements for systemd dependencies\n\n\n\nNews Roundup\n\npkgng adds OS X support\n\n\nFreeBSD's next-gen package manager has just added support for Mac OS X\nWhy would you want that? Well.. we don't really know, but it's cool\nThe author of the patch may have some insight about what his goal is though\nThis could open up the door for a cross-platform pkgng solution, similar to NetBSD's pkgsrc\nThere's also the possibility of pkgng being used as a packaging format for MacPorts in the future\nWhile we're on the topic of pkgng, you can also watch bapt's latest presentation about it from ruBSD 2014 - \"four years of pkg\"\n***\n\n\nSecure secure shell\n\n\nAlmost everyone watching BSD Now probably uses OpenSSH and has set up a server at one point or another\nThis guide provides a list of best practices beyond the typical \"disable root login and use keys\" advice you'll often hear\nIt specifically goes in-depth with server and client configuration with the best key types, KEX methods and encryption ciphers to use\nThere are also good explanations for all the choices, based both on history and probability\nMinimal backwards compatibility is kept, but most of the old and insecure stuff gets disabled\nWe've also got a handy chart to show which SSH implementations support which ciphers, in case you need to support Windows users or people who use weird clients\n***\n\n\nDissecting OpenBSD's divert(4)\n\n\nPF has a cool feature that not a lot of people seem to know about: divert\nIt lets you send packets to userspace, allowing you to inspect them a lot easier\nThis blog post, the first in a series, details all the cool things you can do with divert and how to use it\nA very common example is with intrusion detection systems like Snort\n***\n\n\nScreen recording on FreeBSD\n\n\nThis is a neat article about a topic we don't cover very often: making video content on BSD\nIn the post, you'll learn how to make screencasts with FreeBSD, using kdenlive and ffmpeg\nThere are also notes about getting a USB microphone working, so you can do commentary on whatever you're showing\nIt also includes lots of details and helpful screenshots throughout the process\nYou should make cool screencasts and send them to us\n***\n\n\nFeedback/Questions\n\n\nCamio writes in\nezpzy writes in\nEmett writes in\nBen writes in\nLaszlo writes in\n***\n\n\nMailing List Gold\n\n\nProtocol X97\nMy thoughts echoed\nVulnerability sample\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be talking to Ian Sutton about his new BSD compatibility wrappers for various systemd dependencies. Don\u0026#39;t worry, systemd is not being ported to BSD! We\u0026#39;re still safe! We\u0026#39;ve also got all the week\u0026#39;s news and answers to your emails, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://opnsense.org/\" rel=\"nofollow\"\u003eIntroducing OPNsense, a pfSense fork\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOPNsense is a new BSD-based firewall project that was \u003ca href=\"http://www.prnewswire.com/news-releases/deciso-launches-opnsense-a-new-open-source-firewall-initiative-287334371.html\" rel=\"nofollow\"\u003erecently started\u003c/a\u003e, forked from the pfSense codebase\u003c/li\u003e\n\u003cli\u003eEven though it\u0026#39;s just been announced, they already have a formal release based on FreeBSD 10 (pfSense\u0026#39;s latest stable release is based on 8.3)\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://opnsense.org/about/about-opnsense/#opnsense-core-team\" rel=\"nofollow\"\u003ecore team\u003c/a\u003e includes a well-known DragonFlyBSD developer\u003c/li\u003e\n\u003cli\u003eYou can check out their code \u003ca href=\"https://github.com/opnsense\" rel=\"nofollow\"\u003eon Github\u003c/a\u003e now, or download an image and try it out - \u003ca href=\"mailto:feedback@bsdnow.tv\" rel=\"nofollow\"\u003elet us know\u003c/a\u003e if you do and what you think about it\u003c/li\u003e\n\u003cli\u003eThey also have a nice wiki and some \u003ca href=\"http://wiki.opnsense.org/index.php/Manual:Installation_and_Initial_Configuration\" rel=\"nofollow\"\u003einstructions on getting started\u003c/a\u003e for new users\u003c/li\u003e\n\u003cli\u003eWe plan on having them on the show \u003cstrong\u003enext week\u003c/strong\u003e to learn a bit more about how the project got started and why you might want to use it - stay tuned\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://homing-on-code.blogspot.com/2015/01/code-rot-openbsd.html\" rel=\"nofollow\"\u003eCode rot and why I chose OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere we have a blog post about rotting codebases - a core banking system in this example\u003c/li\u003e\n\u003cli\u003eThe author tells the story of how his last days spent at the job were mostly removing old, dead code from a giant project\u003c/li\u003e\n\u003cli\u003eHe goes on to compare it to OpenSSL and the hearbleed disaster, from which LibreSSL was born\u003c/li\u003e\n\u003cli\u003eInstead of just bikeshedding like the rest of the internet, OpenBSD \u0026quot;silently started putting the beast into shape\u0026quot; as he puts it\u003c/li\u003e\n\u003cli\u003eThe article continues on to mention OpenBSD\u0026#39;s code review process, and how it catches any bugs so we don\u0026#39;t have more heartbleeds\u003c/li\u003e\n\u003cli\u003e\u0026quot;In OpenBSD you are encouraged to run current and the whole team tries its best to make current as stable as it can. You know why? They eat their own dog food. That\u0026#39;s so simple yet so amazing that it blows my mind. Developers actually run OpenBSD on their machines daily.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a very long and detailed story about how the author has gotten more involved with BSD, learned from the mailing lists and even started contributing back - he says \u0026quot;In summary, I\u0026#39;m learning more than ever - computing is fun again\u0026quot;\u003c/li\u003e\n\u003cli\u003eLook for the phrase \u0026quot;Getting Started\u0026quot; in the blog post for a nice little gem\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.freebsd.org/threads/zfs-vs-hammer.49789/\" rel=\"nofollow\"\u003eZFS vs HAMMER FS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the topics we\u0026#39;ve seen come up from time to time is how \u003ca href=\"http://www.bsdnow.tv/tutorials/zfs\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s ZFS\u003c/a\u003e and \u003ca href=\"http://www.bsdnow.tv/tutorials/hammer\" rel=\"nofollow\"\u003eDragonFly\u0026#39;s HAMMER FS\u003c/a\u003e compare to each other\u003c/li\u003e\n\u003cli\u003eThey both have a lot of features that traditional filesystems lack\u003c/li\u003e\n\u003cli\u003eA forum thread was opened for discussion about them both and what they\u0026#39;re typically used for\u003c/li\u003e\n\u003cli\u003eIt compares resource requirements, ideal hardware and pros/cons of each\u003c/li\u003e\n\u003cli\u003eHopefully someone will do another new comparison when HAMMER 2 is finished\u003c/li\u003e\n\u003cli\u003eThis is not to be confused with the \u003ca href=\"https://www.youtube.com/watch?v=HBXlVl5Ll6k\" rel=\"nofollow\"\u003eother \u0026quot;hammer\u0026quot; filesystem\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.mail-archive.com/tech@openbsd.org/msg21886.html\" rel=\"nofollow\"\u003ePortable OpenNTPD revived\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith ISC\u0026#39;s NTPd having so many security vulnerabilities recently, people need an alternative \u003ca href=\"http://www.bsdnow.tv/tutorials/ntpd\" rel=\"nofollow\"\u003eNTP daemon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOpenBSD has developed \u003ca href=\"http://openntpd.org/\" rel=\"nofollow\"\u003eOpenNTPD\u003c/a\u003e since 2004, but the portable version for other operating systems hasn\u0026#39;t been actively maintained in a few years\u003c/li\u003e\n\u003cli\u003eThe older version still works fine, and is in FreeBSD ports and NetBSD pkgsrc, but it would be nice to have some of the newer features and fixes from the native version\u003c/li\u003e\n\u003cli\u003eBrent Cook, who we\u0026#39;ve \u003ca href=\"http://www.bsdnow.tv/episodes/2014_07_30-liberating_ssl\" rel=\"nofollow\"\u003ehad on the show before\u003c/a\u003e to talk about LibreSSL, decided it was time to fix this\u003c/li\u003e\n\u003cli\u003eWhile looking through the code, he also found \u003ca href=\"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/?sortby=date#dirlist\" rel=\"nofollow\"\u003esome fixes\u003c/a\u003e for the native version as well\u003c/li\u003e\n\u003cli\u003eYou can grab it from \u003ca href=\"https://github.com/openntpd-portable/openntpd-portable\" rel=\"nofollow\"\u003eGithub\u003c/a\u003e now, or just wait for \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2015-January/097400.html\" rel=\"nofollow\"\u003ethe updated release\u003c/a\u003e to hit the repos of your OS of choice\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ian Sutton - \u003ca href=\"mailto:ian@kremlin.cc\" rel=\"nofollow\"\u003eian@kremlin.cc\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary\" rel=\"nofollow\"\u003eBSD replacements\u003c/a\u003e for \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140915064856\" rel=\"nofollow\"\u003esystemd dependencies\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/freebsd/pkg/pull/1113\" rel=\"nofollow\"\u003epkgng adds OS X support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD\u0026#39;s next-gen \u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003epackage manager\u003c/a\u003e has just added support for Mac OS X\u003c/li\u003e\n\u003cli\u003eWhy would you want that? Well.. we don\u0026#39;t really know, but it\u0026#39;s cool\u003c/li\u003e\n\u003cli\u003eThe author of the patch \u003ca href=\"https://github.com/freebsd/pkg/pull/1113#issuecomment-68063964\" rel=\"nofollow\"\u003emay have some insight\u003c/a\u003e about what his goal is though\u003c/li\u003e\n\u003cli\u003eThis could open up the door for a cross-platform pkgng solution, similar to NetBSD\u0026#39;s pkgsrc\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also the possibility of pkgng being used as a packaging format for MacPorts in the future\u003c/li\u003e\n\u003cli\u003eWhile we\u0026#39;re on the topic of pkgng, you can also watch \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_01-eclipsing_binaries\" rel=\"nofollow\"\u003ebapt\u003c/a\u003e\u0026#39;s latest presentation about it from ruBSD 2014 - \u0026quot;\u003ca href=\"http://is.gd/4AvUwt\" rel=\"nofollow\"\u003efour years of pkg\u003c/a\u003e\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://stribika.github.io/2015/01/04/secure-secure-shell.html\" rel=\"nofollow\"\u003eSecure secure shell\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlmost everyone watching BSD Now probably \u003ca href=\"http://www.bsdnow.tv/tutorials/ssh-tmux\" rel=\"nofollow\"\u003euses OpenSSH\u003c/a\u003e and has set up a server at one point or another\u003c/li\u003e\n\u003cli\u003eThis guide provides a list of best practices beyond the typical \u0026quot;disable root login and use keys\u0026quot; advice you\u0026#39;ll often hear\u003c/li\u003e\n\u003cli\u003eIt specifically goes in-depth with server and client configuration with the best key types, KEX methods and encryption ciphers to use\u003c/li\u003e\n\u003cli\u003eThere are also good explanations for all the choices, based both on history and probability\u003c/li\u003e\n\u003cli\u003eMinimal backwards compatibility is kept, but most of the old and insecure stuff gets disabled\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve also got \u003ca href=\"http://ssh-comparison.quendi.de/comparison.html\" rel=\"nofollow\"\u003ea handy chart\u003c/a\u003e to show which SSH implementations support which ciphers, in case you need to support Windows users or people who use weird clients\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lteo.net/blog/2015/01/06/dissecting-openbsds-divert-4-part-1-introduction/\" rel=\"nofollow\"\u003eDissecting OpenBSD\u0026#39;s divert(4)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePF has a cool feature that not a lot of people seem to know about: divert\u003c/li\u003e\n\u003cli\u003eIt lets you send packets to userspace, allowing you to inspect them a lot easier\u003c/li\u003e\n\u003cli\u003eThis blog post, the first in a series, details all the cool things you can do with divert and how to use it\u003c/li\u003e\n\u003cli\u003eA very common example is with intrusion detection systems like Snort\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.banym.de/freebsd/create-a-screen-recording-on-freebsd-with-kdenlive-and-external-usb-mic\" rel=\"nofollow\"\u003eScreen recording on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a neat article about a topic we don\u0026#39;t cover very often: making video content on BSD\u003c/li\u003e\n\u003cli\u003eIn the post, you\u0026#39;ll learn how to make screencasts with FreeBSD, using kdenlive and ffmpeg\u003c/li\u003e\n\u003cli\u003eThere are also notes about getting a USB microphone working, so you can do commentary on whatever you\u0026#39;re showing\u003c/li\u003e\n\u003cli\u003eIt also includes lots of details and helpful screenshots throughout the process\u003c/li\u003e\n\u003cli\u003eYou should make cool screencasts and send them to us\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Zx0ktmb\" rel=\"nofollow\"\u003eCamio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2vVR5Orhh\" rel=\"nofollow\"\u003eezpzy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Ahb5Lxa\" rel=\"nofollow\"\u003eEmett writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20oJmveN6\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2cTayMxPk\" rel=\"nofollow\"\u003eLaszlo writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-questions/2015-January/263441.html\" rel=\"nofollow\"\u003eProtocol X97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141159429123859\u0026w=2\" rel=\"nofollow\"\u003eMy thoughts echoed\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.openwall.com/lists/oss-security/2015/01/04/10\" rel=\"nofollow\"\u003eVulnerability sample\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be talking to Ian Sutton about his new BSD compatibility wrappers for various systemd dependencies. Don't worry, systemd is not being ported to BSD! We're still safe! We've also got all the week's news and answers to your emails, coming up on BSD Now - the place to B.. SD.","date_published":"2015-01-07T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b9b0efcb-197e-4dfc-a239-5ae487a72e51.mp3","mime_type":"audio/mpeg","size_in_bytes":48002836,"duration_in_seconds":4000}]},{"id":"55684d1a-97da-439b-a037-b02c8d49de70","title":"70: Daemons in the North","url":"https://www.bsdnow.tv/70","content_text":"It's our last episode of 2014, and we'll be chatting with Dan Langille about the upcoming BSDCan conference. We'll find out what's planned and what sorts of presentations they're looking for. As usual, answers to viewer-submitted questions and all the week's news, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMore conference presentation videos\n\n\nSome more of the presentation videos from AsiaBSDCon are appearing online\nMasanobu Saitoh, Developing CPE Routers Based on NetBSD\nReyk Floeter, VXLAN and Cloud-based Networking with OpenBSD\nJos Jansen, Adapting OS X to the enterprise\nPierre Pronchery \u0026amp; Guillaume Lasmayous, Carve your NetBSD \u0026lt;!-- skip to 5:06 for henning trolling --\u0026gt;\nColin Percival, Everything you need to know about cryptography in 1 hour (not from AsiaBSDCon)\nThe \"bsdconferences\" YouTube channel has quite a lot of interesting older BSD talks too - you may want to go back and watch them if you haven't already\n***\n\n\nOpenBSD PIE enhancements\n\n\nASLR and PIE are great security features that OpenBSD has had enabled by default for a long time, in both the base system and ports, but they have one inherent problem\nThey only work with dynamic libraries and binaries, so if you have any static binaries, they don't get the same treatment\nFor example, the default shells (and many other things in /bin and /sbin) are statically linked\nIn the case of the static ones, you can always predict the memory layout, which is very bad and sort of defeats the whole purpose\nWith this and a few related commits, OpenBSD fixes this by introducing static self-relocation\nMore and more CPU architectures are being tested and getting support too; this isn't just for amd64 and i386 - VAX users can rest easy\nIt'll be available in 5.7 in May, or you can use a -current snapshot if you want to get a slice of the action now\n***\n\n\nFreeBSD foundation semi-annual newsletter\n\n\nThe FreeBSD foundation publishes a huge newsletter twice a year, detailing their funded projects and some community activities\nAs always, it starts with a letter from the president of the foundation - this time it's about encouraging students and new developers to get involved\nThe article also has a fundraising update with a list of sponsored projects, and they note that the donations meter has changed from dollars to number of donors (since they exceeded the goal already)\nYou can read summaries of all the BSD conferences of 2014 and see a list of upcoming ones next year too\nThere are also sections about the FreeBSD Journal's progress, a new staff member and a testimonial from NetApp\nIt's a very long report, so dedicate some time to read all the way through it\nThis year was pretty great for BSD: both the FreeBSD and OpenBSD foundations exceeded their goals and the NetBSD foundation came really close too\nAs we go into 2015, consider donating to whichever BSD you use, it really can make a difference\n***\n\n\nModernizing OpenSSH fingerprints\n\n\nWhen you connect to a server for the first time, you'll get what's called a fingerprint of the host's public key - this is used to verify that you're actually talking to the same server you intended to\nUp until now, the key fingerprints have been an MD5 hash, displayed as hex\nThis can be problematic, especially for larger key types like RSA that give lots of wiggle room for collisions, as an attacker could generate a fake host key that gives the same MD5 string as the one you wanted to connect to\nThis new change replaces the default MD5 and hex with a base64-encoded SHA256 fingerprint\nYou can add a \"FingerprintHash\" line in your ssh_config to force using only the new type\nThere's also a new option to require users to authenticate with more than one public key, so you can really lock down login access to your servers - also useful if you're not 100% confident in any single key type\nThe new options should be in the upcoming 6.8 release\n***\n\n\nInterview - Dan Langille - info@bsdcan.org / @bsdcan\n\nPlans for the BSDCan 2015 conference\n\n\n\nNews Roundup\n\nIntroducing ntimed, a new NTP daemon\n\n\nAs we've mentioned before in our tutorials, there are two main daemons for the Network Time Protocol - ISC's NTPd and OpenBSD's OpenNTPD\nWith all the recent security problems with ISC's NTPd, Poul-Henning Kamp has been working on a third NTP daemon\nIt's called \"ntimed\" and you can try out a preview version of it right now - it's in FreeBSD ports or on Github\nPHK also has a few blog entries about the project, including status updates\n***\n\n\nOpenBSD-maintained projects list\n\n\nThere was recently a read on the misc mailing list asking about different projects started by OpenBSD developers\nThe initial list had marks for which software had portable versions to other operating systems (OpenSSH being the most popular example)\nA developer compiled a new list from all of the replies to that thread into a nice organized webpage\nMost people are only familiar with things like OpenSSH, OpenSMTPD, OpenNTPD and more recently LibreSSL, but there are quite a lot more\nThis page also serves as a good history lesson for BSD in general: FreeBSD and others have ported some things over, while a couple OpenBSD tools were born from forks of FreeBSD tools (mergemaster, pkg tools, portscout)\n***\n\n\nMonitoring network traffic with FreeBSD\n\n\nIf you've ever been curious about monitoring network traffic on your FreeBSD boxes, this forum post may be exactly the thing for you\nIt'll show you how to combine the Netflow, NfDump and NfSen suite of tools to get some pretty detailed network stats (and of course put them into a fancy webpage)\nThis is especially useful for finding out what was going on at a certain point in time, for example if you had a traffic spike\n***\n\n\nTrapping spammers with spamd\n\n\nThis is a blog post about OpenBSD's spamd - a spam email deferral daemon - and how to use it for your mail\nIt gives some background on the greylisting approach to spam, rather than just a typical host blacklist\n\"Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will \"temporarily reject\" any email from a sender it does not recognize. If the sender re-attempts mail delivery at a later time, the sender may be allowed to continue the mail delivery conversation.\"\nThe post also shows how to combine it with PF and other tools for a pretty fancy mail setup\nYou can find spamd in the OpenBSD base system, or use it with FreeBSD or NetBSD via ports and pkgsrc\nYou might also want to go back and listen to BSDTalk episode 68, where Will talks to Bob Beck about spamd\n***\n\n\nFeedback/Questions\n\n\nSean writes in\nBrandon writes in\nAnders writes in\nDavid writes in\nKyle writes in\n***\n\n\nMailing List Gold\n\n\nNTP code comparison - 192870 vs. 2898\nNICs have feelings too\nJust think about it\n***\n","content_html":"\u003cp\u003eIt\u0026#39;s our last episode of 2014, and we\u0026#39;ll be chatting with Dan Langille about the upcoming BSDCan conference. We\u0026#39;ll find out what\u0026#39;s planned and what sorts of presentations they\u0026#39;re looking for. As usual, answers to viewer-submitted questions and all the week\u0026#39;s news, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2014.asiabsdcon.org/timetable.html.en\" rel=\"nofollow\"\u003eMore conference presentation videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome more of the presentation videos from AsiaBSDCon are appearing online\u003c/li\u003e\n\u003cli\u003eMasanobu Saitoh, \u003ca href=\"https://www.youtube.com/watch?v=ApruZrU5fVs\" rel=\"nofollow\"\u003eDeveloping CPE Routers Based on NetBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_03-its_hammer_time\" rel=\"nofollow\"\u003eReyk Floeter\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=ufeEP_hzFN0\" rel=\"nofollow\"\u003eVXLAN and Cloud-based Networking with OpenBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJos Jansen, \u003ca href=\"https://www.youtube.com/watch?v=gOPfRQgTjNo\" rel=\"nofollow\"\u003eAdapting OS X to the enterprise\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_01-edgy_bsd_users\" rel=\"nofollow\"\u003ePierre Pronchery\u003c/a\u003e \u0026amp; Guillaume Lasmayous, \u003ca href=\"https://www.youtube.com/watch?v=vh-TjLUj6os\" rel=\"nofollow\"\u003eCarve your NetBSD\u003c/a\u003e \u0026lt;!-- skip to 5:06 for henning trolling --\u0026gt;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_22-tendresse_for_ten\" rel=\"nofollow\"\u003eColin Percival\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=jzY3m5Kv7Y8\" rel=\"nofollow\"\u003eEverything you need to know about cryptography in 1 hour\u003c/a\u003e (not from AsiaBSDCon)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;bsdconferences\u0026quot; YouTube channel has quite a lot of interesting \u003ca href=\"https://www.youtube.com/user/bsdconferences/videos?sort=da\u0026view=0\u0026flow=grid\" rel=\"nofollow\"\u003eolder BSD talks\u003c/a\u003e too - you may want to go back and watch them if you haven\u0026#39;t already\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141922027318727\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD PIE enhancements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://en.wikipedia.org/wiki/Address_space_layout_randomization\" rel=\"nofollow\"\u003eASLR\u003c/a\u003e and \u003ca href=\"https://en.wikipedia.org/wiki/Position-independent_executable\" rel=\"nofollow\"\u003ePIE\u003c/a\u003e are great security features that OpenBSD has had enabled by default for a long time, in both the base system and ports, but they have one inherent problem\u003c/li\u003e\n\u003cli\u003eThey only work with \u003cem\u003edynamic\u003c/em\u003e libraries and binaries, so if you have any static binaries, they don\u0026#39;t get the same treatment\u003c/li\u003e\n\u003cli\u003eFor example, the default shells (and many other things in /bin and /sbin) are statically linked\u003c/li\u003e\n\u003cli\u003eIn the case of the static ones, you can always predict the memory layout, which is very bad and sort of \u003ca href=\"https://en.wikipedia.org/wiki/Return-oriented_programming\" rel=\"nofollow\"\u003edefeats the whole purpose\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWith this and a few \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141927571832106\u0026w=2\" rel=\"nofollow\"\u003erelated commits\u003c/a\u003e, OpenBSD fixes this by introducing \u003cstrong\u003estatic self-relocation\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eMore and more CPU architectures are being tested and getting support too; this isn\u0026#39;t just for amd64 and i386 - VAX users can rest easy\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll be available in 5.7 in May, or you can use a \u003ca href=\"http://www.openbsd.org/faq/faq5.html#BldBinary\" rel=\"nofollow\"\u003e-current snapshot\u003c/a\u003e if you want to get a \u003cem\u003eslice\u003c/em\u003e of the action now\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2014dec-newsletter.html\" rel=\"nofollow\"\u003eFreeBSD foundation semi-annual newsletter\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation publishes a huge newsletter twice a year, detailing their funded projects and some community activities\u003c/li\u003e\n\u003cli\u003eAs always, it starts with a letter from the president of the foundation - this time it\u0026#39;s about encouraging students and new developers to get involved\u003c/li\u003e\n\u003cli\u003eThe article also has a fundraising update with a list of sponsored projects, and they note that the donations meter has changed from dollars to number of donors (since they exceeded the goal already)\u003c/li\u003e\n\u003cli\u003eYou can read summaries of all the BSD conferences of 2014 and see a list of upcoming ones next year too\u003c/li\u003e\n\u003cli\u003eThere are also sections about the \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003eFreeBSD Journal\u003c/a\u003e\u0026#39;s progress, a new staff member and a testimonial from NetApp\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a very long report, so dedicate some time to read all the way through it\u003c/li\u003e\n\u003cli\u003eThis year was pretty great for BSD: both the FreeBSD and OpenBSD foundations exceeded their goals and the NetBSD foundation came really close too\u003c/li\u003e\n\u003cli\u003eAs we go into 2015, consider donating to \u003ca href=\"https://www.freebsdfoundation.org/donate\" rel=\"nofollow\"\u003ewhichever\u003c/a\u003e \u003ca href=\"http://www.openbsdfoundation.org/donations.html\" rel=\"nofollow\"\u003eBSD\u003c/a\u003e \u003ca href=\"https://www.netbsd.org/donations/\" rel=\"nofollow\"\u003eyou\u003c/a\u003e \u003ca href=\"http://www.dragonflybsd.org/donations/\" rel=\"nofollow\"\u003euse\u003c/a\u003e, it really can make a difference\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141920089614758\u0026w=4\" rel=\"nofollow\"\u003eModernizing OpenSSH fingerprints\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhen you connect to a server for the first time, you\u0026#39;ll get what\u0026#39;s called a fingerprint of the host\u0026#39;s public key - this is used to verify that you\u0026#39;re actually talking to the same server you intended to\u003c/li\u003e\n\u003cli\u003eUp until now, the key fingerprints have been an MD5 hash, displayed as hex\u003c/li\u003e\n\u003cli\u003eThis \u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-November/033117.html\" rel=\"nofollow\"\u003ecan be problematic\u003c/a\u003e, especially for larger key types like RSA that give lots of wiggle room for collisions, as an attacker could generate a fake host key that gives the same MD5 string as the one you wanted to connect to\u003c/li\u003e\n\u003cli\u003eThis new change replaces the default MD5 and hex with a base64-encoded SHA256 fingerprint\u003c/li\u003e\n\u003cli\u003eYou can add a \u0026quot;FingerprintHash\u0026quot; line in your ssh_config to force using only the new type\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141923470520906\u0026w=2\" rel=\"nofollow\"\u003enew option\u003c/a\u003e to require users to authenticate with \u003cstrong\u003emore than one\u003c/strong\u003e public key, so you can really lock down login access to your servers - also useful if you\u0026#39;re not 100% confident in any single key type\u003c/li\u003e\n\u003cli\u003eThe new options should be in the upcoming 6.8 release\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Dan Langille - \u003ca href=\"mailto:info@bsdcan.org\" rel=\"nofollow\"\u003einfo@bsdcan.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdcan\" rel=\"nofollow\"\u003e@bsdcan\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003ePlans for the BSDCan 2015 conference\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/bsdphk/Ntimed\" rel=\"nofollow\"\u003eIntroducing ntimed, a new NTP daemon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs we\u0026#39;ve mentioned before in \u003ca href=\"http://www.bsdnow.tv/tutorials/ntpd\" rel=\"nofollow\"\u003eour tutorials\u003c/a\u003e, there are two main daemons for the Network Time Protocol - ISC\u0026#39;s NTPd and OpenBSD\u0026#39;s OpenNTPD\u003c/li\u003e\n\u003cli\u003eWith all the recent security problems with ISC\u0026#39;s NTPd, \u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_16-go_directly_to_jail\" rel=\"nofollow\"\u003ePoul-Henning Kamp\u003c/a\u003e has been working on a third NTP daemon\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s called \u0026quot;ntimed\u0026quot; and you can try out a preview version of it right now - it\u0026#39;s \u003ca href=\"https://www.freshports.org/net/ntimed/\" rel=\"nofollow\"\u003ein FreeBSD ports\u003c/a\u003e or on Github\u003c/li\u003e\n\u003cli\u003ePHK also has a few \u003ca href=\"http://phk.freebsd.dk/time/\" rel=\"nofollow\"\u003eblog entries\u003c/a\u003e about the project, including status updates\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mdocml.bsd.lv/openbsd_projects.html\" rel=\"nofollow\"\u003eOpenBSD-maintained projects list\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was recently a read on the \u003ca href=\"https://www.marc.info/?t=141961588200003\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003emisc mailing list\u003c/a\u003e asking about different projects started by OpenBSD developers\u003c/li\u003e\n\u003cli\u003eThe initial list had marks for which software had portable versions to other operating systems (OpenSSH being the most popular example)\u003c/li\u003e\n\u003cli\u003eA developer compiled a new list from all of the replies to that thread into a nice organized webpage\u003c/li\u003e\n\u003cli\u003eMost people are only familiar with things like OpenSSH, OpenSMTPD, OpenNTPD and more recently LibreSSL, but there are quite a lot more\u003c/li\u003e\n\u003cli\u003eThis page also serves as a good history lesson for BSD in general: FreeBSD and others have ported some things over, while a couple OpenBSD tools were born from forks of FreeBSD tools (mergemaster, pkg tools, portscout)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.freebsd.org/threads/howto-monitor-network-traffic-with-netflow-nfdump-nfsen-on-freebsd.49724/\" rel=\"nofollow\"\u003eMonitoring network traffic with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve ever been curious about monitoring network traffic on your FreeBSD boxes, this forum post may be exactly the thing for you\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll show you how to combine the Netflow, NfDump and NfSen suite of tools to get some pretty detailed network stats (and of course put them into a fancy webpage)\u003c/li\u003e\n\u003cli\u003eThis is especially useful for finding out what was going on at a certain point in time, for example if you had a traffic spike\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.protoc.org/blog/2014/12/22/trapping-spammers-with-the-openbsd-spam-deferral-daemon\" rel=\"nofollow\"\u003eTrapping spammers with spamd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a blog post about OpenBSD\u0026#39;s \u003ca href=\"https://en.wikipedia.org/wiki/Spamd\" rel=\"nofollow\"\u003espamd\u003c/a\u003e - a spam email deferral daemon - and how to use it for your mail\u003c/li\u003e\n\u003cli\u003eIt gives some background on the greylisting approach to spam, rather than just a typical host blacklist\u003c/li\u003e\n\u003cli\u003e\u0026quot;Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will \u0026quot;temporarily reject\u0026quot; any email from a sender it does not recognize. If the sender re-attempts mail delivery at a later time, the sender may be allowed to continue the mail delivery conversation.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe post also shows how to combine it with PF and other tools for a pretty fancy mail setup\u003c/li\u003e\n\u003cli\u003eYou can find spamd in the OpenBSD \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/spamd.8\" rel=\"nofollow\"\u003ebase system\u003c/a\u003e, or use it \u003ca href=\"https://www.freshports.org/mail/spamd\" rel=\"nofollow\"\u003ewith FreeBSD\u003c/a\u003e \u003ca href=\"http://pkgsrc.se/mail/spamd\" rel=\"nofollow\"\u003eor NetBSD\u003c/a\u003e via ports and pkgsrc\u003c/li\u003e\n\u003cli\u003eYou might also want to go back and listen to \u003ca href=\"https://archive.org/details/bsdtalk068\" rel=\"nofollow\"\u003eBSDTalk episode 68\u003c/a\u003e, where Will talks to Bob Beck about spamd\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20rUK9XVJ\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20nfzIuT2\" rel=\"nofollow\"\u003eBrandon writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20wCBhFLO\" rel=\"nofollow\"\u003eAnders writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20xGrBIyl\" rel=\"nofollow\"\u003eDavid writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2QHRaiZJW\" rel=\"nofollow\"\u003eKyle writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141903858708123\u0026w=2\" rel=\"nofollow\"\u003eNTP code comparison\u003c/a\u003e - \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141905854411370\u0026w=2\" rel=\"nofollow\"\u003e192870 vs. 2898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2014-December/046741.html\" rel=\"nofollow\"\u003eNICs have feelings too\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-ports\u0026m=141998130824977\u0026w=2\" rel=\"nofollow\"\u003eJust think about it\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It's our last episode of 2014, and we'll be chatting with Dan Langille about the upcoming BSDCan conference. We'll find out what's planned and what sorts of presentations they're looking for. As usual, answers to viewer-submitted questions and all the week's news, coming up on BSD Now - the place to B.. SD.","date_published":"2014-12-31T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/55684d1a-97da-439b-a037-b02c8d49de70.mp3","mime_type":"audio/mpeg","size_in_bytes":60663316,"duration_in_seconds":5055}]},{"id":"0b26db6f-81d9-4338-b84d-c843b9a8b49a","title":"69: Under the Ports Tree","url":"https://www.bsdnow.tv/69","content_text":"It's a special holiday episode! We asked you guys in the audience to send in the tale of how you first got into BSD, and we're going to share those with everyone today. We'll also be playing two bonus mini-interviews, so get comfy by the fire and listen to some BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nSpecial segment\n\nHow our viewers got into BSD\n\n\nJason's story (text)\nbsdx's story (text)\nDavid's story (text)\nBrad's story (text)\nReese's story (video)\nBryan's story (video)\nPete's story (text)\nAnders' story (text)\nGuillermo's story (text)\nJonathan's story (text)\nAdam's story (text)\nChris' story (text)\nTigersharke's story (text)\nRoller and Kandie's stories (text)\nUwe's story (text)\nPascal's story (text) and (image)\n***\n\n\nInterview - Erwin Lansing - erwin@freebsd.org\n\nBSD in Europe, getting people involved\n\n\n\nInterview - Cristina Vintila - @cristina_crow\n\nBSD conferences\n\n","content_html":"\u003cp\u003eIt\u0026#39;s a special holiday episode! We asked you guys in the audience to send in the tale of how you first got into BSD, and we\u0026#39;re going to share those with everyone today. We\u0026#39;ll also be playing two bonus mini-interviews, so get comfy by the fire and listen to some BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eSpecial segment\u003c/h2\u003e\n\n\u003ch3\u003eHow our viewers got into BSD\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJason\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s207hi9pTo\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebsdx\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s20cmh0anD\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDavid\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s21r4AL53g\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBrad\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s2OqEie53V\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReese\u0026#39;s story (video)\u003c/li\u003e\n\u003cli\u003eBryan\u0026#39;s story (video)\u003c/li\u003e\n\u003cli\u003ePete\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s2ve2kfgW7\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAnders\u0026#39; story (\u003ca href=\"http://slexy.org/view/s20eL5EYMv\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGuillermo\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s20KRuIaks\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJonathan\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s20IFqrc7O\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdam\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s2FnnJH9zs\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChris\u0026#39; story (\u003ca href=\"http://slexy.org/view/s21GazXKH2\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTigersharke\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s2iJdLoxzZ\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRoller and Kandie\u0026#39;s stories (\u003ca href=\"http://slexy.org/view/s203RsddHG\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUwe\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s2gmB5VaS3\" rel=\"nofollow\"\u003etext\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePascal\u0026#39;s story (\u003ca href=\"http://slexy.org/view/s2PWntJ7Tc\" rel=\"nofollow\"\u003etext\u003c/a\u003e) and (\u003ca href=\"https://i.imgur.com/ekXbDvb.jpg\" rel=\"nofollow\"\u003eimage\u003c/a\u003e)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Erwin Lansing - \u003ca href=\"mailto:erwin@freebsd.org\" rel=\"nofollow\"\u003eerwin@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD in Europe, getting people involved\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Cristina Vintila - \u003ca href=\"https://twitter.com/cristina_crow\" rel=\"nofollow\"\u003e@cristina_crow\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD conferences\u003c/p\u003e\n\n\u003chr\u003e","summary":"It's a special holiday episode! We asked you guys in the audience to send in the tale of how you first got into BSD, and we're going to share those with everyone today. We'll also be playing two bonus mini-interviews, so get comfy by the fire and listen to some BSD Now - the place to B.. SD.","date_published":"2014-12-24T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0b26db6f-81d9-4338-b84d-c843b9a8b49a.mp3","mime_type":"audio/mpeg","size_in_bytes":52238740,"duration_in_seconds":4353}]},{"id":"d06324f4-7dc5-4b8f-9618-666fe480b68d","title":"68: Just the Essentials","url":"https://www.bsdnow.tv/68","content_text":"Coming up this week, we'll be talking with Michael Lucas about his newest BSD book, \"FreeBSD Mastery: Storage Essentials.\" It's got lots of great information about the disk subsystems, GEOM, filesystems, you name it. We've also got the usual round of news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMore BSD conference videos\n\n\nWe mentioned it a few times, but the \"New Directions in Operating Systems\" conference was held in November in the UK\nThe presentations videos are now online, with a few BSD-related talks of interest\nAntti Kantee, Rump kernels and why / how we got here\nFranco Fichtner, An introduction to userland networking\nRobert Watson, New ideas about old OS security\nLots of other interesting, but non-BSD-related, talks were also presented, so check the full list if you're interested in operating systems in general\nThe 2014 AsiaBSDCon videos are also slowly being uploaded (better late than never)\nKirk McKusick, An Overview of Security in the FreeBSD Kernel\nMatthew Ahrens, OpenZFS ensures the continued excellence of ZFS\nEric Allman, Bambi Meets Godzilla: They Elope - Open Source Meets the Commercial World\nScott Long, Modifying the FreeBSD kernel Netflix streaming servers\nDru Lavigne, ZFS for the Masses\nKris Moore, Snapshots, Replication, and Boot Environments\nDavid Chisnall, The Future of LLVM in the FreeBSD Toolchain\nLuba Tang, Bold, fast optimizing linker for BSD\nJohn Hixson, Introduction to FreeNAS development\nZbigniew Bodek, Transparent Superpages for FreeBSD on ARM\nMichael Dexter, Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite\nPeter Grehan, Nested Paging in Bhyve\nMartin Matuška, Deploying FreeBSD systems with Foreman and mfsBSD\nJames Brown, Analysys of BSD Associate Exam Results\nMindaugas Rasiukevicius, NPF - progress and perspective\nLuigi Rizzo, Netmap as a core networking technology\nMichael W. Lucas, Sudo: You're Doing it Wrong (not from a BSD conference, but still good)\nThey should make for some great material to watch during the holidays\n***\n\n\nOpenBSD vs FreeBSD security features\n\n\nFrom the author of both the OpenBSD and FreeBSD secure gateway articles we've featured in the past comes a new entry about security\nThe article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD\nIt covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more\nThis is definitely one of the most in-depth and complete articles we've seen in a while - the author seems to have done his homework\nIf you're looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques - be sure to read the whole thing\nThere are also some good comments on DaemonForums and lobste.rs that you may want to read \n***\n\n\nThe password? You changed it, right?\n\n\nPeter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he's seen recently\nHe apparently reads his auth logs when he gets bored at an airport\nThis new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use\nMore than 700 IPs have tried to get into Peter's BSD boxes using these names in combination with weak passwords\nLots more details, including the lists of passwords and IPs, can be found in the full article\nIf you're using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don't have a \"d-link\" user anyway)\n***\n\n\nGet started with FreeBSD, an intro for Linux users\n\n\nAnother new BSD article on a mainstream technology news site - seems we're getting popular\nThis article is written for Linux users who may be considering switching over to BSD and wondering what it's all about\nIt details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way\n\"Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like\"\n**\n\n\nInterview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor\n\nFreeBSD Mastery: Storage Essentials\n\n\n\nNews Roundup\n\nOpenSMTPD status update\n\n\nThe OpenSMTPD guys, particularly Gilles, have posted an update on what they've been up to lately\nAs of 5.6, it's become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7\nEmail is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they've had to deal with\nThere's also another post that goes into detail on their upcoming filtering API - a feature many have requested\nThe API is still being developed, but you can test it out now if you know what you're doing - full details in the article\nOpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out\n***\n\n\nOpenCrypto changes in FreeBSD\n\n\nA little while back, we talked to John-Mark Gurney about updating FreeBSD's OpenCrypto framework, specifically for IPSEC\nSome of that work has just landed in the -CURRENT branch, and the commit has a bit of details\nThe ICM and GCM modes of AES were added, and both include support for AESNI\nThere's a new port - \"nist-kat\" - that can be used to test the new modes of operation\nSome things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages\nCode was also borrowed from both OpenBSD and NetBSD to make this possible\n***\n\n\nFirst thoughts on OpenBSD's httpd\n\n\nHere we have a blog post from a user of OpenBSD's new homegrown web server that made its debut in 5.6\nThe author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot\nHe also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up\nBe sure to check our interview with Reyk about the new httpd if you're curious on how it got started\nAlso, if you're running the version that came with 5.6, there's a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7\n***\n\n\nSteam on PCBSD\n\n\nOne of the most common questions people who want to use BSD as a desktop ask us is \"can I run games?\" or \"can I use steam?\"\nSteam through the Linux emulation layer (in FreeBSD) may be possible soon, but it's already possible to use it with WINE\nThis video shows how to get Steam set up on PCBSD using the Windows version\nThere are also some instructions in the video description to look over\nA second video details getting streaming set up\n***\n\n\nFeedback/Questions\n\n\nCharlie writes in\nSean writes in\nPredrag writes in\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be talking with Michael Lucas about his newest BSD book, \u0026quot;FreeBSD Mastery: Storage Essentials.\u0026quot; It\u0026#39;s got lots of great information about the disk subsystems, GEOM, filesystems, you name it. We\u0026#39;ve also got the usual round of news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/channel/UCLy8AikPZfWEmzWxUec69PA/videos\" rel=\"nofollow\"\u003eMore BSD conference videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned it a few times, but the \u0026quot;New Directions in Operating Systems\u0026quot; conference was held in November in the UK\u003c/li\u003e\n\u003cli\u003eThe presentations videos are now online, with a few BSD-related talks of interest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction\" rel=\"nofollow\"\u003eAntti Kantee\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=GoB73cVyScI\" rel=\"nofollow\"\u003eRump kernels and why / how we got here\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFranco Fichtner, \u003ca href=\"https://www.youtube.com/watch?v=WiMNuGTRgbA\" rel=\"nofollow\"\u003eAn introduction to userland networking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_08_13-vpn_my_dear_watson\" rel=\"nofollow\"\u003eRobert Watson\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=60elN996rtg\" rel=\"nofollow\"\u003eNew ideas about old OS security\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLots of other interesting, but non-BSD-related, talks were also presented, so check the \u003ca href=\"https://www.youtube.com/playlist?list=PLmRrx948XMnEUlzKOCYn3AzT8OAInP_5M\" rel=\"nofollow\"\u003efull list\u003c/a\u003e if you\u0026#39;re interested in operating systems in general\u003c/li\u003e\n\u003cli\u003eThe 2014 AsiaBSDCon videos are also slowly being uploaded (better late than never)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013-10-02_stacks_of_cache\" rel=\"nofollow\"\u003eKirk McKusick\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=E04LxKiu79I\" rel=\"nofollow\"\u003eAn Overview of Security in the FreeBSD Kernel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods\" rel=\"nofollow\"\u003eMatthew Ahrens\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=8T9Rh-46jhI\" rel=\"nofollow\"\u003eOpenZFS ensures the continued excellence of ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEric Allman, \u003ca href=\"https://www.youtube.com/watch?v=o2dmreSy76Q\" rel=\"nofollow\"\u003eBambi Meets Godzilla: They Elope - Open Source Meets the Commercial World\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_25-the_gift_of_giving\" rel=\"nofollow\"\u003eScott Long\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=4sZZN8Szh14\" rel=\"nofollow\"\u003eModifying the FreeBSD kernel Netflix streaming servers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_09-pxe_dust\" rel=\"nofollow\"\u003eDru Lavigne\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=z5apZFFvx4k\" rel=\"nofollow\"\u003eZFS for the Masses\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKris Moore, \u003ca href=\"https://www.youtube.com/watch?v=w-0PlAVSg5U\" rel=\"nofollow\"\u003eSnapshots, Replication, and Boot Environments\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_05_07-lets_get_raid\" rel=\"nofollow\"\u003eDavid Chisnall\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=NLqDAclXMMU\" rel=\"nofollow\"\u003eThe Future of LLVM in the FreeBSD Toolchain\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLuba Tang, \u003ca href=\"https://www.youtube.com/watch?v=fWgbBUPMsVw\" rel=\"nofollow\"\u003eBold, fast optimizing linker for BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_23-its_gonna_get_nasty\" rel=\"nofollow\"\u003eJohn Hixson\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=iwF82aep-l8\" rel=\"nofollow\"\u003eIntroduction to FreeNAS development\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZbigniew Bodek, \u003ca href=\"https://www.youtube.com/watch?v=2KLXcyLZ_RE\" rel=\"nofollow\"\u003eTransparent Superpages for FreeBSD on ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael Dexter, \u003ca href=\"https://www.youtube.com/watch?v=rjNg1eQ7uAk\" rel=\"nofollow\"\u003eVisualizing Unix: Graphing bhyve, ZFS and PF with Graphite\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind\" rel=\"nofollow\"\u003ePeter Grehan\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=wptkUxJSNMY\" rel=\"nofollow\"\u003eNested Paging in Bhyve\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMartin Matuška, \u003ca href=\"https://www.youtube.com/watch?v=nb8jB5x0OX4\" rel=\"nofollow\"\u003eDeploying FreeBSD systems with Foreman and mfsBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_16-certified_package_delivery\" rel=\"nofollow\"\u003eJames Brown\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=6eKMLuzsTbY\" rel=\"nofollow\"\u003eAnalysys of BSD Associate Exam Results\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMindaugas Rasiukevicius, \u003ca href=\"https://www.youtube.com/watch?v=cgBh0iC9WhM\" rel=\"nofollow\"\u003eNPF - progress and perspective\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLuigi Rizzo, \u003ca href=\"https://www.youtube.com/watch?v=nW8iHgOL9y4\" rel=\"nofollow\"\u003eNetmap as a core networking technology\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMichael W. Lucas\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=o0purspHg-o\" rel=\"nofollow\"\u003eSudo: You\u0026#39;re Doing it Wrong\u003c/a\u003e (not from a BSD conference, but still good)\u003c/li\u003e\n\u003cli\u003eThey should make for some great material to watch during the holidays\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://networkfilter.blogspot.com/2014/12/security-openbsd-vs-freebsd.html\" rel=\"nofollow\"\u003eOpenBSD vs FreeBSD security features\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFrom the author of both the OpenBSD and FreeBSD secure gateway articles we\u0026#39;ve featured in the past comes a new entry about security\u003c/li\u003e\n\u003cli\u003eThe article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD\u003c/li\u003e\n\u003cli\u003eIt covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and \u003cstrong\u003emuch more\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eThis is definitely one of the most in-depth and complete articles we\u0026#39;ve seen in a while - the author seems to have done his homework\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques - be sure to read the whole thing\u003c/li\u003e\n\u003cli\u003eThere are also \u003ca href=\"http://daemonforums.org/showthread.php?s=16fd0771d929aff294b252924b414f2c\u0026t=8823\" rel=\"nofollow\"\u003esome good comments\u003c/a\u003e on DaemonForums \u003ca href=\"https://lobste.rs/s/e3s9xr/security_openbsd_vs_freebsd\" rel=\"nofollow\"\u003eand lobste.rs\u003c/a\u003e that you may want to read \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2014/12/the-password-you-changed-it-right.html\" rel=\"nofollow\"\u003eThe password? You changed it, right?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall\" rel=\"nofollow\"\u003ePeter Hansteen\u003c/a\u003e has a new blog post up, detailing some weird SSH bruteforcing he\u0026#39;s seen recently\u003c/li\u003e\n\u003cli\u003eHe apparently reads his auth logs when he gets bored at an airport\u003c/li\u003e\n\u003cli\u003eThis new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use\u003c/li\u003e\n\u003cli\u003eMore than 700 IPs have tried to get into Peter\u0026#39;s BSD boxes using these names in combination with weak passwords\u003c/li\u003e\n\u003cli\u003eLots more details, including the lists of passwords and IPs, can be found in the full article\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eusing a BSD router\u003c/a\u003e, things like this can be easily prevented with PF or fail2ban (and you probably don\u0026#39;t have a \u0026quot;d-link\u0026quot; user anyway)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.infoworld.com/article/2858288/unix/intro-to-freebsd-for-linux-users.html\" rel=\"nofollow\"\u003eGet started with FreeBSD, an intro for Linux users\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother new BSD article on a mainstream technology news site - seems we\u0026#39;re getting popular\u003c/li\u003e\n\u003cli\u003eThis article is written for Linux users who may be considering switching over to BSD and wondering what it\u0026#39;s all about\u003c/li\u003e\n\u003cli\u003eIt details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way\u003c/li\u003e\n\u003cli\u003e\u0026quot;Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other \u003cem\u003eBSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like\u0026quot;\n*\u003c/em\u003e*\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Michael W. Lucas - \u003ca href=\"mailto:mwlucas@michaelwlucas.com\" rel=\"nofollow\"\u003emwlucas@michaelwlucas.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/mwlauthor\" rel=\"nofollow\"\u003e@mwlauthor\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.tiltedwindmillpress.com/?product=freebsd-mastery-storage-essentials\" rel=\"nofollow\"\u003eFreeBSD Mastery: Storage Essentials\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://poolp.org/0xa86e/Some-OpenSMTPD-overview,-part-3\" rel=\"nofollow\"\u003eOpenSMTPD status update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"http://www.bsdnow.tv/episodes/2013-09-18_mx_with_ttx\" rel=\"nofollow\"\u003eOpenSMTPD guys\u003c/a\u003e, particularly Gilles, have posted an update on what they\u0026#39;ve been up to lately\u003c/li\u003e\n\u003cli\u003eAs of 5.6, it\u0026#39;s become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7\u003c/li\u003e\n\u003cli\u003eEmail is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they\u0026#39;ve had to deal with\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also \u003ca href=\"https://poolp.org/0xa871/The-state-of-filters\" rel=\"nofollow\"\u003eanother post\u003c/a\u003e that goes into detail on their upcoming filtering API - a feature \u003cstrong\u003emany\u003c/strong\u003e have requested\u003c/li\u003e\n\u003cli\u003eThe API is still being developed, but you can test it out now if you know what you\u0026#39;re doing - full details in the article\u003c/li\u003e\n\u003cli\u003eOpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2014-December/065806.html\" rel=\"nofollow\"\u003eOpenCrypto changes in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA little while back, \u003ca href=\"http://www.bsdnow.tv/episodes/2014_10_29-ipsecond_wind\" rel=\"nofollow\"\u003ewe talked to John-Mark Gurney\u003c/a\u003e about updating FreeBSD\u0026#39;s OpenCrypto framework, specifically for IPSEC\u003c/li\u003e\n\u003cli\u003eSome of that work has just landed in the -CURRENT branch, and the commit has a bit of details\u003c/li\u003e\n\u003cli\u003eThe ICM and GCM modes of AES were added, and both include support for AESNI\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a new port - \u0026quot;nist-kat\u0026quot; - that can be used to test the new modes of operation\u003c/li\u003e\n\u003cli\u003eSome things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages\u003c/li\u003e\n\u003cli\u003eCode was also borrowed from both OpenBSD and NetBSD to make this possible\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.protoc.org/blog/2014/11/23/first-thoughts-on-the-new-openbsd-httpd-server/\" rel=\"nofollow\"\u003eFirst thoughts on OpenBSD\u0026#39;s httpd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere we have a blog post from a user of OpenBSD\u0026#39;s new homegrown web server that made its debut in 5.6\u003c/li\u003e\n\u003cli\u003eThe author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot\u003c/li\u003e\n\u003cli\u003eHe also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up\u003c/li\u003e\n\u003cli\u003eBe sure to check \u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_03-its_hammer_time\" rel=\"nofollow\"\u003eour interview with Reyk\u003c/a\u003e about the new httpd if you\u0026#39;re curious on how it got started\u003c/li\u003e\n\u003cli\u003eAlso, if you\u0026#39;re running the version that came with 5.6, there\u0026#39;s \u003ca href=\"http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig\" rel=\"nofollow\"\u003ea huge patch\u003c/a\u003e you can apply to get a lot of the features and fixes from -current without waiting for 5.7\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=B04EuZ9hpAI\" rel=\"nofollow\"\u003eSteam on PCBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the most common questions people who want to use BSD as a desktop ask us is \u0026quot;can I run games?\u0026quot; or \u0026quot;can I use steam?\u0026quot;\u003c/li\u003e\n\u003cli\u003eSteam through the Linux emulation layer (in FreeBSD) may be possible soon, but it\u0026#39;s already possible to use it with WINE\u003c/li\u003e\n\u003cli\u003eThis video shows how to get Steam set up on PCBSD using the Windows version\u003c/li\u003e\n\u003cli\u003eThere are also some instructions in the video description to look over\u003c/li\u003e\n\u003cli\u003eA \u003ca href=\"https://www.youtube.com/watch?v=BJ88B8aWdk0\" rel=\"nofollow\"\u003esecond video\u003c/a\u003e details getting streaming set up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2JgqXcw4i\" rel=\"nofollow\"\u003eCharlie writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2WormjMCs\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20UmdFrbj\" rel=\"nofollow\"\u003ePredrag writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be talking with Michael Lucas about his newest BSD book, \"FreeBSD Mastery: Storage Essentials.\" It's got lots of great information about the disk subsystems, GEOM, filesystems, you name it. We've also got the usual round of news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2014-12-17T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d06324f4-7dc5-4b8f-9618-666fe480b68d.mp3","mime_type":"audio/mpeg","size_in_bytes":62609620,"duration_in_seconds":5217}]},{"id":"5e135afe-0a75-46d6-b995-ae5d3ca228ba","title":"67: Must Be Rigged","url":"https://www.bsdnow.tv/67","content_text":"Coming up this week on the show, we've got an interview with Patrick Wildt, one of the developers of Bitrig. We'll find out all the details of their OpenBSD fork, what makes it different and what their plans are going forward. We've also got all the week's news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBitrig 1.0 released\n\n\nIf you haven't heard of it, Bitrig is a fork of OpenBSD that started a couple years ago\nAccording to their FAQ, some of their goals include: only supporting modern hardware and a limited set of CPU architectures, replacing nearly all GNU tools in base with BSD versions and having better virtualization support\nThey've finally announced their first official release, 1.0\nThis release introduces support for Clang 3.4, replacing the old GCC, along with libc++ replacing the GNU version\nIt also includes filesystem journaling, support for GPT and - most importantly - a hacker-style console with green text on black background\nOne of the developers answered some questions about it on Hacker News too\n***\n\n\nIs it time to try BSD?\n\n\nHere we get a little peek into the Linux world - more and more people are considering switching\nOn a more mainstream tech news site, they have an article about people switching away from Linux and to BSD\nPeople are starting to get even more suspicious of systemd, and lots of drama in the Linux world is leading a whole new group of potential users over to the BSD side\nThis article explores some pros and cons of switching, and features opinions of various users\n***\n\n\nPoudriere 3.1 released\n\n\nOne of the first things we ever covered on the show was poudriere, a tool with a funny name that's used to build binary packages from FreeBSD ports\nIt's come a long way since then, and bdrewery and bapt have just announced a new major version\nThis new release features a redesigned web interface to check on the status of your packages\nThere are lots of new bulk building options to preserve packages even if some fail to compile - this makes maintaining a production repo much easier\nIt also introduces a useful new \"pkgclean\" subcommand to clean out your repository of packages that aren't needed anymore, and poudriere keeps it cleaner by default as well now\nCheck the full release notes for all the additions and bug fixes\n***\n\n\nFirewalling with OpenBSD's pf and pfsync\n\n\nA talk by David Gwynne from an Australian conference was uploaded, with the subject matter being pf and pfsync\nHe uses pf to manage 60 internal networks with a single firewall\nThe talk gives some background on how pf originally came to be and some OpenBSD 101 for the uninitiated\nIt also touches on different rulesets, use cases, configuration syntax, placing limits on connections, ospf, authpf, segregating VLANs, synproxy handling and a lot more\nThe second half of the presentation focuses on pfsync and carp for failover and redundancy\nWith two BSD boxes running pfsync, you can actually patch your kernel and still stay connected to IRC\n***\n\n\nInterview - Patrick Wildt - patrick@bitrig.org / @bitrig\n\nThe initial release of Bitrig\n\n\n\nNews Roundup\n\nInfrastructural enhancements at NYI\n\n\nThe FreeBSD foundation put up a new blog post detailing some hardware improvements they've recently done\nTheir eastern US colocation is hosted at New York Internet, and is used for FTP mirrors, pkgng mirrors, and also as a place for developers to test things\nThere've been fourteen machines purchased since July, and now FreeBSD boasts a total of sixty-eight physical boxes there\nThis blog post goes into detail about how those servers are used and details some of the network topology\n***\n\n\nThe long tail of MD5\n\n\nOur friend Ted Unangst is on a quest to replace all instances of MD5 in OpenBSD's tree with something more modern\nIn this blog post, he goes through some of the different areas where MD5 still lives, and discovers how easy (or impossible) it would be to replace\nThrough some recent commits, OpenBSD now uses SHA512 in some places that you might not expect\nSome other places require a bit more care… \n***\n\n\nDragonFly cheat sheet\n\n\nIf you've been thinking of trying out DragonFlyBSD lately, this might make the transition a bit easier\nA user-created \"cheat sheet\" on the website lists some common answers to beginner questions\nThe page features a walkthrough of the installer, some shell tips and workarounds for various issues\nAt the end, it also has some things that new users can get involved with to help out\n***\n\n\nExperiences with an OpenBSD laptop\n\n\nA lot of people seem to be interested in trying out some form of BSD on their laptop, and this article details just that\nThe author got interested in OpenBSD mostly because of the security focus and the fact that it's not Linux\nIn this blog post, he goes through the steps of researching, installing, configuring, upgrading and finally actually using it on his Thinkpad\nHe even gives us a mention as a good place to learn more about BSD, thanks!\n***\n\n\nPC-BSD Updates\n\n\nA call for testing of a new update system has gone out\nConversion to Qt5 for utils has taken place\n***\n\n\nFeedback/Questions\n\n\nChris writes in\nAJ writes in\nDan writes in\nJeff writes in\n***\n\n\nMailing List Gold\n\n\nOver 440% faster\nThe PF conundrum (edit: Allan misspoke about PF performance during this segment, apologies.)\nViolating bad standards\napt-get rid of systemd\n***\n","content_html":"\u003cp\u003eComing up this week on the show, we\u0026#39;ve got an interview with Patrick Wildt, one of the developers of Bitrig. We\u0026#39;ll find out all the details of their OpenBSD fork, what makes it different and what their plans are going forward. We\u0026#39;ve also got all the week\u0026#39;s news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://article.gmane.org/gmane.os.bitrig.devel/6\" rel=\"nofollow\"\u003eBitrig 1.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you haven\u0026#39;t heard of it, \u003ca href=\"https://www.bitrig.org/\" rel=\"nofollow\"\u003eBitrig\u003c/a\u003e is a fork of OpenBSD that started a couple years ago\u003c/li\u003e\n\u003cli\u003eAccording to \u003ca href=\"https://github.com/bitrig/bitrig/wiki/Faq\" rel=\"nofollow\"\u003etheir FAQ\u003c/a\u003e, some of their goals include: only supporting modern hardware and a limited set of CPU architectures, replacing nearly all GNU tools in base with BSD versions and having better virtualization support\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve finally announced their first official release, 1.0\u003c/li\u003e\n\u003cli\u003eThis release introduces support for Clang 3.4, replacing the old GCC, along with libc++ replacing the GNU version\u003c/li\u003e\n\u003cli\u003eIt also includes filesystem journaling, support for GPT and - most importantly - a hacker-style console with green text on black background\u003c/li\u003e\n\u003cli\u003eOne of the developers \u003ca href=\"https://news.ycombinator.com/item?id=8701936\" rel=\"nofollow\"\u003eanswered some questions\u003c/a\u003e about it on Hacker News too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.technewsworld.com/story/81424.html\" rel=\"nofollow\"\u003eIs it time to try BSD?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere we get a little peek into the Linux world - more and more people are considering switching\u003c/li\u003e\n\u003cli\u003eOn a more mainstream tech news site, they have an article about people switching away from Linux and to BSD\u003c/li\u003e\n\u003cli\u003ePeople are starting to get even more suspicious of systemd, and lots of drama in the Linux world is leading a whole new group of potential users over to the BSD side\u003c/li\u003e\n\u003cli\u003eThis article explores some pros and cons of switching, and features opinions of various users\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/freebsd/poudriere/wiki/release_notes_31\" rel=\"nofollow\"\u003ePoudriere 3.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the first things we ever covered on the show was \u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003epoudriere\u003c/a\u003e, a tool with a funny name that\u0026#39;s used to build binary packages from FreeBSD ports\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s come a long way since then, and \u003ca href=\"http://www.bsdnow.tv/episodes/2014_07_16-network_iodometry\" rel=\"nofollow\"\u003ebdrewery\u003c/a\u003e and \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_01-eclipsing_binaries\" rel=\"nofollow\"\u003ebapt\u003c/a\u003e have just announced a new major version\u003c/li\u003e\n\u003cli\u003eThis new release features a redesigned web interface to check on the status of your packages\u003c/li\u003e\n\u003cli\u003eThere are lots of new bulk building options to preserve packages even if some fail to compile - this makes maintaining a production repo much easier\u003c/li\u003e\n\u003cli\u003eIt also introduces a useful new \u0026quot;pkgclean\u0026quot; subcommand to clean out your repository of packages that aren\u0026#39;t needed anymore, and poudriere keeps it cleaner by default as well now\u003c/li\u003e\n\u003cli\u003eCheck the full release notes for all the additions and bug fixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=mN5E2EYJnrw\" rel=\"nofollow\"\u003eFirewalling with OpenBSD\u0026#39;s pf and pfsync\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA talk by David Gwynne from an Australian conference was uploaded, with the subject matter being pf and pfsync\u003c/li\u003e\n\u003cli\u003eHe uses pf to manage 60 internal networks with a single firewall\u003c/li\u003e\n\u003cli\u003eThe talk gives some background on how pf originally came to be and some OpenBSD 101 for the uninitiated\u003c/li\u003e\n\u003cli\u003eIt also touches on different rulesets, use cases, configuration syntax, placing limits on connections, ospf, authpf, segregating VLANs, synproxy handling and a lot more\u003c/li\u003e\n\u003cli\u003eThe second half of the presentation focuses on pfsync and carp for failover and redundancy\u003c/li\u003e\n\u003cli\u003eWith two BSD boxes running pfsync, you can actually \u003cem\u003epatch your kernel and still stay connected to IRC\u003c/em\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Patrick Wildt - \u003ca href=\"mailto:patrick@bitrig.org\" rel=\"nofollow\"\u003epatrick@bitrig.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bitrig\" rel=\"nofollow\"\u003e@bitrig\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe initial release of Bitrig\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/12/the-freebsd-cluster-infrastructural.html\" rel=\"nofollow\"\u003eInfrastructural enhancements at NYI\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation put up a new blog post detailing some hardware improvements they\u0026#39;ve recently done\u003c/li\u003e\n\u003cli\u003eTheir eastern US colocation is hosted at New York Internet, and is used for FTP mirrors, pkgng mirrors, and also as a place for developers to test things\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;ve been fourteen machines purchased since July, and now FreeBSD boasts a total of sixty-eight physical boxes there\u003c/li\u003e\n\u003cli\u003eThis blog post goes into detail about how those servers are used and details some of the network topology\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/the-long-tail-of-MD5\" rel=\"nofollow\"\u003eThe long tail of MD5\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend Ted Unangst is on a quest to replace all instances of MD5 in OpenBSD\u0026#39;s tree with something more modern\u003c/li\u003e\n\u003cli\u003eIn this blog post, he goes through some of the different areas where MD5 still lives, and discovers how easy (or impossible) it would be to replace\u003c/li\u003e\n\u003cli\u003eThrough some recent commits, OpenBSD now uses SHA512 in some places that you might not expect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141763065223567\u0026w=4\" rel=\"nofollow\"\u003eSome other places\u003c/a\u003e require a bit more care… \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/varialus/\" rel=\"nofollow\"\u003eDragonFly cheat sheet\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve been thinking of trying out DragonFlyBSD lately, this might make the transition a bit easier\u003c/li\u003e\n\u003cli\u003eA user-created \u0026quot;cheat sheet\u0026quot; on the website lists some common answers to beginner questions\u003c/li\u003e\n\u003cli\u003eThe page features a walkthrough of the installer, some shell tips and workarounds for various issues\u003c/li\u003e\n\u003cli\u003eAt the end, it also has some things that new users can get involved with to help out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://alxjsn.com/unix/openbsd-laptop/\" rel=\"nofollow\"\u003eExperiences with an OpenBSD laptop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA lot of people seem to be interested in trying out some form of BSD on their laptop, and this article details just that\u003c/li\u003e\n\u003cli\u003eThe author got interested in OpenBSD mostly because of the security focus and the fact that it\u0026#39;s \u003cem\u003enot\u003c/em\u003e Linux\u003c/li\u003e\n\u003cli\u003eIn this blog post, he goes through the steps of researching, installing, configuring, upgrading and finally actually using it on his Thinkpad\u003c/li\u003e\n\u003cli\u003eHe even gives us a mention as a good place to learn more about BSD, thanks!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.pcbsd.org/pipermail/testing/2014-December/009638.html\" rel=\"nofollow\"\u003ePC-BSD Updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA call for testing of a new update system has gone out\u003c/li\u003e\n\u003cli\u003eConversion to Qt5 for utils has taken place\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ihSmjpLu\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20JXhXS6o\" rel=\"nofollow\"\u003eAJ writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21hfeWB2K\" rel=\"nofollow\"\u003eDan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2k6SmuDGB\" rel=\"nofollow\"\u003eJeff writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141775233603723\u0026w=2\" rel=\"nofollow\"\u003eOver 440% faster\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pf/2014-December/007528.html\" rel=\"nofollow\"\u003eThe\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pf/2014-December/007529.html\" rel=\"nofollow\"\u003ePF\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pf/2014-December/007543.html\" rel=\"nofollow\"\u003econundrum\u003c/a\u003e (\u003cstrong\u003eedit:\u003c/strong\u003e Allan misspoke about PF performance during this segment, apologies.)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141807513728073\u0026w=4\" rel=\"nofollow\"\u003eViolating\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141807224826859\u0026w=2\" rel=\"nofollow\"\u003ebad standards\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=141798194330985\u0026w=2\" rel=\"nofollow\"\u003eapt-get rid of systemd\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week on the show, we've got an interview with Patrick Wildt, one of the developers of Bitrig. We'll find out all the details of their OpenBSD fork, what makes it different and what their plans are going forward. We've also got all the week's news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2014-12-10T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/5e135afe-0a75-46d6-b995-ae5d3ca228ba.mp3","mime_type":"audio/mpeg","size_in_bytes":58310356,"duration_in_seconds":4859}]},{"id":"e76cf015-25d3-4a75-89c3-629d1f6d9a87","title":"66: Conference Connoisseur","url":"https://www.bsdnow.tv/66","content_text":"This week on the show, we'll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We've also got answers to all your emails and the latest news, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMore BSD presentation videos\n\n\nThe MeetBSD video uploading spree continues with a few more talks, maybe this'll be the last batch\nCorey Vixie, Web Apps in Embedded BSD\nAllan Jude, UCL config\nKip Macy, iflib\nWhile we're on the topic of conferences, AsiaBSDCon's CFP was extended by one week\nThis year's ruBSD will be on December 13th in Moscow\nAlso, the BSDCan call for papers is out, and the event will be in June next year\nLastly, according to Rick Miller, \"A potential vBSDcon 2015 event is being explored though a decision has yet to be made.\"\n***\n\n\nBSD-powered digital library in Africa\n\n\nYou probably haven't heard much about Nzega, Tanzania, but it's an East African country without much internet access\nWith physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school\nThey now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)\nThe school's workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it\n***\n\n\npfSense 2.2 status update\n\n\nWith lots of people asking when the 2.2 release will be done, some pfSense developers decided to provide a status update\n2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc\nAll these things have taken more time than previously expected\nThe post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release\n***\n\n\nRecommended hardware threads\n\n\nA few threads on caught our attention this week, all about hardware recommendations for BSD setups\nIn the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS\nEveryone gave some good recommendations for low power, Atom-based systems\nThe second thread started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread\nFor a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the third and fourth threads confirming this\nIf you're thinking about building your first BSD box - server, router, NAS, whatever - these might be some good links to read\n***\n\n\nInterview - Paul Schenkeveld - freebsd@psconsult.nl\n\nRunning a BSD conference\n\n\n\nNews Roundup\n\nFrom Linux to FreeBSD - for reals\n\n\nAnother Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)\nAfter being a Linux guy for 20(!) years, he's ready to switch his systems over, and is looking for some helpful guides to transition\nIn the comments, a lot of new switchers offer some advice and reading material\nIf any of the listeners have some things that were helpful along your switching journey, maybe send 'em this guy's way\n***\n\n\nRunning FreeBSD as a Xen Dom0\n\n\nContinuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor\nThis wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it\nXen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)\nThe wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet\n***\n\n\nHardenedBSD updates and changes\n\n\na.out is the old executable format for Unix\nThe name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968\nFreeBSD, on which HardenedBSD is based, switched away from a.out in version 3.0\nA restriction against NULL mapping was introduced in FreeBSD 7 and enabled by default in FreeBSD 8\nHowever, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited\nHardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’\nPackage building update: more consistent repo, no more i386 packages \n***\n\n\nFeedback/Questions\n\n\nBoris writes in\nAlex writes in (edit: adding \"tinker panic 0\" to the ntp.conf will disable the sanity check)\nChris writes in\nRobert writes in\nJake writes in\n***\n\n\nMailing List Gold\n\n\nReal world authpf use\nThe great perl event of 2014\n***\n","content_html":"\u003cp\u003eThis week on the show, we\u0026#39;ll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We\u0026#39;ve also got answers to all your emails and the latest news, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.meetbsd.com/\" rel=\"nofollow\"\u003eMore BSD presentation videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe MeetBSD video uploading spree continues with a few more talks, maybe this\u0026#39;ll be the last batch\u003c/li\u003e\n\u003cli\u003eCorey Vixie, \u003ca href=\"https://www.youtube.com/watch?v=Pbks12Mqpp8\" rel=\"nofollow\"\u003eWeb Apps in Embedded BSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllan Jude, \u003ca href=\"https://www.youtube.com/watch?v=TjP86iWsEzQ\" rel=\"nofollow\"\u003eUCL config\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKip Macy, \u003ca href=\"https://www.youtube.com/watch?v=P4FRPKj7F80\" rel=\"nofollow\"\u003eiflib\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhile we\u0026#39;re on the topic of conferences, AsiaBSDCon\u0026#39;s CFP was \u003ca href=\"https://twitter.com/asiabsdcon/status/538352055245492226\" rel=\"nofollow\"\u003eextended\u003c/a\u003e by one week\u003c/li\u003e\n\u003cli\u003eThis year\u0026#39;s \u003ca href=\"https://events.yandex.ru/events/yagosti/rubsd14/\" rel=\"nofollow\"\u003eruBSD\u003c/a\u003e will be on December 13th in Moscow\u003c/li\u003e\n\u003cli\u003eAlso, the \u003ca href=\"http://lists.bsdcan.org/pipermail/bsdcan-announce/2014-December/000135.html\" rel=\"nofollow\"\u003eBSDCan call for papers\u003c/a\u003e is out, and the event will be in June next year\u003c/li\u003e\n\u003cli\u003eLastly, according to Rick Miller, \u0026quot;A potential vBSDcon 2015 event is being explored though a decision has yet to be made.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://peercorpsglobal.org/nzegas-digital-library-becomes-a-reality/\" rel=\"nofollow\"\u003eBSD-powered digital library in Africa\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYou probably haven\u0026#39;t heard much about Nzega, Tanzania, but it\u0026#39;s an East African country without much internet access\u003c/li\u003e\n\u003cli\u003eWith physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school\u003c/li\u003e\n\u003cli\u003eThey now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)\u003c/li\u003e\n\u003cli\u003eThe school\u0026#39;s workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1486\" rel=\"nofollow\"\u003epfSense 2.2 status update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith lots of people asking when the 2.2 release will be done, some pfSense developers decided to provide a status update\u003c/li\u003e\n\u003cli\u003e2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc\u003c/li\u003e\n\u003cli\u003eAll these things have taken more time than previously expected\u003c/li\u003e\n\u003cli\u003eThe post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/BSD/comments/2n8wrg/bsd_on_mini_itx/\" rel=\"nofollow\"\u003eRecommended hardware threads\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA few threads on caught our attention this week, all about hardware recommendations for BSD setups\u003c/li\u003e\n\u003cli\u003eIn the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS\u003c/li\u003e\n\u003cli\u003eEveryone gave some good recommendations for low power, Atom-based systems\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"https://www.marc.info/?t=141694918800006\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003esecond thread\u003c/a\u003e started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread\u003c/li\u003e\n\u003cli\u003eFor a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the \u003ca href=\"https://www.reddit.com/r/homelab/comments/24m6tj/\" rel=\"nofollow\"\u003ethird\u003c/a\u003e and \u003ca href=\"https://www.reddit.com/r/PFSENSE/comments/2nblgp/\" rel=\"nofollow\"\u003efourth\u003c/a\u003e threads confirming this\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re thinking about building your first BSD box - server, router, NAS, whatever - these might be some good links to read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Paul Schenkeveld - \u003ca href=\"mailto:freebsd@psconsult.nl\" rel=\"nofollow\"\u003efreebsd@psconsult.nl\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eRunning a BSD conference\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/2nqa60/\" rel=\"nofollow\"\u003eFrom Linux to FreeBSD - for reals\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)\u003c/li\u003e\n\u003cli\u003eAfter being a Linux guy for 20(!) years, he\u0026#39;s ready to switch his systems over, and is looking for some helpful guides to transition\u003c/li\u003e\n\u003cli\u003eIn the comments, a lot of new switchers offer some advice and reading material\u003c/li\u003e\n\u003cli\u003eIf any of the listeners have some things that were helpful along your switching journey, maybe send \u0026#39;em this guy\u0026#39;s way\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://wiki.xenproject.org/wiki/FreeBSD_Dom0\" rel=\"nofollow\"\u003eRunning FreeBSD as a Xen Dom0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eContinuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor\u003c/li\u003e\n\u003cli\u003eThis wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it\u003c/li\u003e\n\u003cli\u003eXen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)\u003c/li\u003e\n\u003cli\u003eThe wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hardenedbsd.org/article/shawn-webb/2014-11-18/aout-and-null-mapping-support-removal\" rel=\"nofollow\"\u003eHardenedBSD updates and changes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ea.out is the old executable format for Unix\u003c/li\u003e\n\u003cli\u003eThe name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968\u003c/li\u003e\n\u003cli\u003eFreeBSD, on which HardenedBSD is based, switched away from a.out in version 3.0\u003c/li\u003e\n\u003cli\u003eA restriction against NULL mapping was introduced in \u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-EN-09:05.null.asc\" rel=\"nofollow\"\u003eFreeBSD 7\u003c/a\u003e and enabled by default in FreeBSD 8\u003c/li\u003e\n\u003cli\u003eHowever, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited\u003c/li\u003e\n\u003cli\u003eHardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’\u003c/li\u003e\n\u003cli\u003ePackage building update: \u003ca href=\"http://hardenedbsd.org/article/shawn-webb/2014-11-30/package-building-infrastructure-maintenance\" rel=\"nofollow\"\u003emore consistent repo, no more i386 packages \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2kVPKICqj\" rel=\"nofollow\"\u003eBoris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Fic4dZC\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e (\u003cb\u003eedit:\u003c/b\u003e adding \u0026quot;tinker panic 0\u0026quot; to the ntp.conf will disable the sanity check)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2zk1Tvfe9\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s22alvJ4mu\" rel=\"nofollow\"\u003eRobert writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s203YMc2zL\" rel=\"nofollow\"\u003eJake writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?t=141711266800001\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003eReal world authpf use\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://svnweb.freebsd.org/ports/head/UPDATING?r1=373564\u0026r2=373563\u0026pathrev=373564\" rel=\"nofollow\"\u003eThe\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2014-November/096788.html\" rel=\"nofollow\"\u003egreat\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2014-November/096799.html\" rel=\"nofollow\"\u003eperl\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-perl/2014-November/010146.html\" rel=\"nofollow\"\u003eevent\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-perl/2014-November/010149.html\" rel=\"nofollow\"\u003eof\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-perl/2014-November/010167.html\" rel=\"nofollow\"\u003e2014\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we'll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We've also got answers to all your emails and the latest news, coming up on BSD Now - the place to B.. SD.","date_published":"2014-12-03T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e76cf015-25d3-4a75-89c3-629d1f6d9a87.mp3","mime_type":"audio/mpeg","size_in_bytes":59426068,"duration_in_seconds":4952}]},{"id":"c905fcf9-ebc6-4a15-8d34-631dc9742cea","title":"65: 8,000,000 Mogofoo-ops","url":"https://www.bsdnow.tv/65","content_text":"Coming up on the show this week, we've got an interview with Brendan Gregg of Netflix. He's got a lot to say about performance tuning and benchmarks, and even some pretty funny stories about how people have done them incorrectly. As always, this week's news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEven more BSD presentation videos\n\n\nMore videos from this year's MeetBSD and OpenZFS devsummit were uploaded since last week\nRobert Ryan, At the Heart of the Digital Economy\nFreeNAS \u0026amp; ZFS, The Indestructible Duo - Except for the Hard Drives\nRichard Yao, libzfs_core and ioctl stabilization\nOpenZFS, Company lightning talks\nOpenZFS, Hackathon Presentation and Awards\nPavel Zakharov, Fast File Cloning\nRick Reed, Half a billion unsuspecting FreeBSD users\nAlex Reece \u0026amp; Matt Ahrens, Device Removal\nChris Side, Channel Programs\nDavid Maxwell, The Unix command pipeline\nBe sure to check out the giant list of videos from last week's episode if you haven't seen them already\n***\n\n\nNetBSD on a Cobalt Qube 2\n\n\nThe Cobalt Qube was a very expensive networking appliance around 2000\nIn 2014, you can apparently get one of these MIPS-based machines for about forty bucks\nThis blog post details getting NetBSD installed and set up on the rare relic of our networking past\nIf you're an old-time fan of RISC or MIPS CPUs, this'll be a treat for you\nLots of great pictures of the hardware too\n***\n\n\nOpenBSD vs. AFL\n\n\nIn their never-ending security audit, some OpenBSD developers have been hitting various parts of the tree with a fuzzer\nIf you're not familiar, fuzzing is a semi-automated way to test programs for crashes and potential security problems\nThe program being subjected to torture gets all sorts of random and invalid input, in the hopes of uncovering overflows and other bugs\nAmerican Fuzzy Lop, in particular, has provided some interesting results across various open source projects recently\nSo far, it's fixed some NULL pointer dereferences in OpenSSH, various crashes in tcpdump and mandoc and a few other things\nAFL has an impressive list of CVEs (vulnerabilities) that it's helped developers discover and fix\nIt also made its way into OpenBSD ports, FreeBSD ports and NetBSD's pkgsrc very recently, so you can try it out for yourself\n***\n\n\nGNOME 3 hits the FreeBSD ports tree\n\n\nWhile you've been able to run GNOME 3 on PC-BSD and OpenBSD for a while, it hasn't actually hit the FreeBSD ports tree.. until now\nNow you can play with GNOME 3 and all its goodies (as well as Cinnamon 2.2, which this also brings in) on vanilla FreeBSD\nBe sure to check the commit message and /usr/ports/UPDATING if you're upgrading from GNOME 2\nYou might also want to go back and listen to our interview with Joe Marcus Clark about GNOME's portability\n***\n\n\nInterview - Brendan Gregg - bgregg@netflix.com / @brendangregg\n\nPerformance tuning, benchmarks, debugging\n\n\n\nNews Roundup\n\nDragonFlyBSD 4.0 released\n\n\nA new major version of DragonFly, 4.0.1, was just recently announced\nThis version includes support for Haswell GPUs, lots of SMP improvements (including some in PF) and support for up to 256 CPUs\nIt's also the first release to drop support for i386, so it joins PCBSD in the 64 bit-only club\nCheck the release notes for all the details, including networking and kernel improvements, as well as some crypto changes\n***\n\n\nCan we talk about FreeBSD vs Linux\n\n\nHackernews had a recent thread about discussing Linux vs BSD, and the trolls stayed away for once\nRather than rehashing why one is \"better\" than the other, it was focused on explaining some of the differences between ecosystems and communities\nIf you're one of the many people who watch our show just out of curiosity about the BSD world, this might be a good thread to read\nSomeone in the comments even gave bsdnow.tv a mention as a good resource to learn, thanks guy\n***\n\n\nOpenBSD IPSEC tunnel guide\n\n\nIf you've ever wanted to connect two networks with OpenBSD gateways, this is the article for you\nIt shows how to set up an IPSEC tunnel between destinations, how to lock it down and how to access all the machines on the other network just like they were on your LAN\nThe article also explains some of the basics of IPSEC if you're not familiar with all the terminology, so this isn't just for experts\nThough the article itself is a few years old, it mostly still applies to the latest stuff today\nAll the tools used are in the OpenBSD base system, so that's pretty handy too\n***\n\n\nDragonFly starts work on IPFW2\n\n\nDragonFlyBSD, much like FreeBSD, comes with more than one firewall you can use\nNow it looks like you're going to have yet another choice, as someone is working on a fork of IPFW (which is actually already in its second version, so it should be \"IPFW3\")\nNot a whole lot is known yet; it's still in heavy development, but there's a brief roadmap page with some planned additions\nThe guy who's working on this has already agreed to come on the show for an interview, but we're going to give him a chance to get some more work done first\nExpect that sometime next year, once he's made some progress\n***\n\n\nFeedback/Questions\n\n\nMichael writes in\nSamael writes in\nSteven writes in\nRemy writes in\nMichael writes in\n***\n","content_html":"\u003cp\u003eComing up on the show this week, we\u0026#39;ve got an interview with Brendan Gregg of Netflix. He\u0026#39;s got a lot to say about performance tuning and benchmarks, and even some pretty funny stories about how people have done them incorrectly. As always, this week\u0026#39;s news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.meetbsd.com/\" rel=\"nofollow\"\u003eEven more BSD presentation videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore videos from this year\u0026#39;s MeetBSD and OpenZFS devsummit were uploaded since last week\u003c/li\u003e\n\u003cli\u003eRobert Ryan, \u003ca href=\"https://www.youtube.com/watch?v=Rc9k1xEepWU\" rel=\"nofollow\"\u003eAt the Heart of the Digital Economy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeNAS \u0026amp; ZFS, The Indestructible Duo - \u003ca href=\"https://www.youtube.com/watch?v=d1C6DELK7fc\" rel=\"nofollow\"\u003eExcept for the Hard Drives\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRichard Yao, \u003ca href=\"https://www.youtube.com/watch?v=PIC0dwLRBZU\" rel=\"nofollow\"\u003elibzfs_core and ioctl stabilization\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOpenZFS, \u003ca href=\"https://www.youtube.com/watch?v=LmbI7F7XTTc\" rel=\"nofollow\"\u003eCompany lightning talks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOpenZFS, \u003ca href=\"https://www.youtube.com/watch?v=gPbVPwScMGk\" rel=\"nofollow\"\u003eHackathon Presentation and Awards\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePavel Zakharov, \u003ca href=\"https://www.youtube.com/watch?v=_lGOAZFXra8\" rel=\"nofollow\"\u003eFast File Cloning\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRick Reed, \u003ca href=\"https://www.youtube.com/watch?v=TneLO5TdW_M\" rel=\"nofollow\"\u003eHalf a billion unsuspecting FreeBSD users\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlex Reece \u0026amp; Matt Ahrens, \u003ca href=\"https://www.youtube.com/watch?v=Xs6MsJ9kKKE\" rel=\"nofollow\"\u003eDevice Removal\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChris Side, \u003ca href=\"https://www.youtube.com/watch?v=RMTxyqcomPA\" rel=\"nofollow\"\u003eChannel Programs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDavid Maxwell, \u003ca href=\"https://www.youtube.com/watch?v=CZHEZHK4jRc\" rel=\"nofollow\"\u003eThe Unix command pipeline\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBe sure to check out the \u003cstrong\u003egiant list of videos\u003c/strong\u003e from \u003ca href=\"http://www.bsdnow.tv/episodes/2014_11_19-rump_kernels_revisited\" rel=\"nofollow\"\u003elast week\u0026#39;s episode\u003c/a\u003e if you haven\u0026#39;t seen them already\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.jarredcapellman.com/2014/3/9/NetBSD-and-a-Cobalt-Qube-2\" rel=\"nofollow\"\u003eNetBSD on a Cobalt Qube 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Cobalt Qube was a very expensive networking appliance around 2000\u003c/li\u003e\n\u003cli\u003eIn 2014, you can apparently get one of these MIPS-based machines for about forty bucks\u003c/li\u003e\n\u003cli\u003eThis blog post details getting NetBSD installed and set up on the rare relic of our networking past\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re an old-time fan of RISC or MIPS CPUs, this\u0026#39;ll be a treat for you\u003c/li\u003e\n\u003cli\u003eLots of great pictures of the hardware too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026w=2\u0026r=1\u0026s=afl\u0026q=b\" rel=\"nofollow\"\u003eOpenBSD vs. AFL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn their never-ending security audit, some OpenBSD developers have been \u003ca href=\"https://twitter.com/damienmiller/status/534156368391831552\" rel=\"nofollow\"\u003ehitting various parts of the tree\u003c/a\u003e with a fuzzer\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re not familiar, \u003ca href=\"https://en.wikipedia.org/wiki/Fuzz_testing\" rel=\"nofollow\"\u003efuzzing\u003c/a\u003e is a semi-automated way to test programs for crashes and potential security problems\u003c/li\u003e\n\u003cli\u003eThe program being subjected to torture gets all sorts of random and invalid input, in the hopes of uncovering overflows and other bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lcamtuf.coredump.cx/afl/\" rel=\"nofollow\"\u003eAmerican Fuzzy Lop\u003c/a\u003e, in particular, has provided some interesting results across various open source projects recently\u003c/li\u003e\n\u003cli\u003eSo far, it\u0026#39;s fixed some NULL pointer dereferences in OpenSSH, various crashes in tcpdump and \u003ca href=\"http://www.bsdnow.tv/episodes/2014_11_12-a_mans_man\" rel=\"nofollow\"\u003emandoc\u003c/a\u003e and \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141646270127039\u0026w=2\" rel=\"nofollow\"\u003ea few other things\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAFL has an impressive list of CVEs (vulnerabilities) that it\u0026#39;s helped developers discover and fix\u003c/li\u003e\n\u003cli\u003eIt also made its way into OpenBSD ports, FreeBSD ports and NetBSD\u0026#39;s pkgsrc very recently, so you can try it out for yourself\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=372768\" rel=\"nofollow\"\u003eGNOME 3 hits the FreeBSD ports tree\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile you\u0026#39;ve been able to run GNOME 3 on PC-BSD and OpenBSD for a while, it hasn\u0026#39;t actually hit the FreeBSD ports tree.. until now\u003c/li\u003e\n\u003cli\u003eNow you can play with GNOME 3 and all its goodies (as well as Cinnamon 2.2, which this also brings in) on vanilla FreeBSD\u003c/li\u003e\n\u003cli\u003eBe sure to check the commit message and \u003ca href=\"http://www.bsdnow.tv/tutorials/ports\" rel=\"nofollow\"\u003e/usr/ports/UPDATING\u003c/a\u003e if you\u0026#39;re upgrading from GNOME 2\u003c/li\u003e\n\u003cli\u003eYou might also want to go back and listen to \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_26-port_authority\" rel=\"nofollow\"\u003eour interview\u003c/a\u003e with Joe Marcus Clark about GNOME\u0026#39;s portability\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Brendan Gregg - \u003ca href=\"mailto:bgregg@netflix.com\" rel=\"nofollow\"\u003ebgregg@netflix.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/brendangregg\" rel=\"nofollow\"\u003e@brendangregg\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003ePerformance tuning, benchmarks, debugging\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/release40/\" rel=\"nofollow\"\u003eDragonFlyBSD 4.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new major version of DragonFly, 4.0.1, was just recently announced\u003c/li\u003e\n\u003cli\u003eThis version includes support for Haswell GPUs, lots of SMP improvements (including some in PF) and support for up to 256 CPUs\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s also the first release to drop support for i386, so it joins PCBSD in the 64 bit-only club\u003c/li\u003e\n\u003cli\u003eCheck the release notes for all the details, including networking and kernel improvements, as well as some crypto changes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://news.ycombinator.com/item?id=8645443\" rel=\"nofollow\"\u003eCan we talk about FreeBSD vs Linux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHackernews had a recent thread about discussing Linux vs BSD, and the trolls stayed away for once\u003c/li\u003e\n\u003cli\u003eRather than rehashing why one is \u0026quot;better\u0026quot; than the other, it was focused on explaining some of the differences between ecosystems and communities\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re one of the many people who watch our show just out of curiosity about the BSD world, this might be a good thread to read\u003c/li\u003e\n\u003cli\u003eSomeone in the comments even gave bsdnow.tv a mention as a good resource to learn, thanks guy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.packetmischief.ca/openbsd-ipsec-tunnel-guide/\" rel=\"nofollow\"\u003eOpenBSD IPSEC tunnel guide\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve ever wanted to connect two networks with OpenBSD gateways, this is the article for you\u003c/li\u003e\n\u003cli\u003eIt shows how to set up an IPSEC tunnel between destinations, how to lock it down and how to access all the machines on the other network just like they were on your LAN\u003c/li\u003e\n\u003cli\u003eThe article also explains some of the basics of IPSEC if you\u0026#39;re not familiar with all the terminology, so this isn\u0026#39;t just for experts\u003c/li\u003e\n\u003cli\u003eThough the article itself is a few years old, it mostly still applies to the latest stuff today\u003c/li\u003e\n\u003cli\u003eAll the tools used are in the OpenBSD base system, so that\u0026#39;s pretty handy too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/docs/ipfw2/\" rel=\"nofollow\"\u003eDragonFly starts work on IPFW2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonFlyBSD, much like FreeBSD, comes with more than one firewall you can use\u003c/li\u003e\n\u003cli\u003eNow it looks like you\u0026#39;re going to have yet another choice, as someone is working on a fork of IPFW (which is actually already in its second version, so it should be \u0026quot;IPFW3\u0026quot;)\u003c/li\u003e\n\u003cli\u003eNot a whole lot is known yet; it\u0026#39;s still in heavy development, but there\u0026#39;s a brief \u003ca href=\"http://www.dragonflybsd.org/docs/ipfw2/#index6h1\" rel=\"nofollow\"\u003eroadmap\u003c/a\u003e page with some planned additions\u003c/li\u003e\n\u003cli\u003eThe guy who\u0026#39;s working on this has already agreed to come on the show for an interview, but we\u0026#39;re going to give him a chance to get some more work done first\u003c/li\u003e\n\u003cli\u003eExpect that sometime next year, once he\u0026#39;s made some progress\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2NYgVifXN\" rel=\"nofollow\"\u003eMichael writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21X02saI3\" rel=\"nofollow\"\u003eSamael writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Dj7zImH\" rel=\"nofollow\"\u003eSteven writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s218lXg38C\" rel=\"nofollow\"\u003eRemy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20SEuKlaH\" rel=\"nofollow\"\u003eMichael writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up on the show this week, we've got an interview with Brendan Gregg of Netflix. He's got a lot to say about performance tuning and benchmarks, and even some pretty funny stories about how people have done them incorrectly. As always, this week's news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2014-11-26T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c905fcf9-ebc6-4a15-8d34-631dc9742cea.mp3","mime_type":"audio/mpeg","size_in_bytes":66537364,"duration_in_seconds":5544}]},{"id":"b5100d19-f472-4a18-93f7-72e1494ce394","title":"64: Rump Kernels Revisited","url":"https://www.bsdnow.tv/64","content_text":"This time on the show, we'll be talking with Justin Cormack about NetBSD rump kernels. We'll learn how to run them on other operating systems, what's planned for the future and a lot more. As always, answers to viewer-submitted questions and all the news for the week, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDCon 2014 talks and tutorials\n\n\nThe 2014 EuroBSDCon videos have been online for over a month, but unannounced - keep in mind these links may be temporary (but we'll mention their new location in a future show and fix the show notes if that's the case)\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nArun Thomas, BSD ARM Kernel Internals\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nTed Unangst, Developing Software in a Hostile Environment\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nMartin Pieuchot, Taming OpenBSD Network Stack Dragons\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nHenning Brauer, OpenBGPD turns 10 years\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nClaudio Jeker, vscsi and iscsid iSCSI initiator the OpenBSD way\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nPaul Irofti, Making OpenBSD Useful on the Octeon Network Gear\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nBaptiste Daroussin, Cross Building the FreeBSD ports tree\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nBoris Astardzhiev, Smartcom’s control plane software, a customized version of FreeBSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nMichał Dubiel, OpenStack and OpenContrail for FreeBSD platform\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nMartin Husemann \u0026amp; Joerg Sonnenberger, Tool-chaining the Hydra, the ongoing quest for modern toolchains in NetBSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nTaylor R Campbell, The entropic principle: /dev/u?random and NetBSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nDag-Erling Smørgrav, Securing sensitive \u0026amp; restricted data\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nPeter Hansteen, Building The Network You Need With PF\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nStefan Sperling, Subversion for FreeBSD developers\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nPeter Hansteen, Transition to OpenBSD 5.6\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nIngo Schwarze, Let’s make manuals more useful\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nFrancois Tigeot, Improving DragonFly’s performance with PostgreSQL\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nJustin Cormack, Running Applications on the NetBSD Rump Kernel\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nPierre Pronchery, EdgeBSD, a year later\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nPeter Hessler, Using routing domains or tables in a production network\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nSean Bruno, QEMU user mode on FreeBSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nKristaps Dzonsons, Bugs Ex Ante\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nYann Sionneau, Porting NetBSD to the LatticeMico32 open source CPU\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nAlexander Nasonov, JIT Code Generator for NetBSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nMasao Uebayashi, Porting Valgrind to NetBSD and OpenBSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nMarc Espie, parallel make, working with legacy code\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nFrancois Tigeot, Porting the drm-kms graphic drivers to DragonFly\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nThe following talks (from the Vitosha track room) are all currently missing:\nJordan Hubbard, FreeBSD, Looking forward to another 10 years (but we have another recording)\nTheo de Raadt, Randomness, how arc4random has grown since 1998 (but we have another recording)\nKris Moore, Snapshots, Replication, and Boot-Environments\nKirk McKusick, An Introduction to the Implementation of ZFS\nJohn-Mark Gurney, Optimizing GELI Performance\nEmmanuel Dreyfus, FUSE and beyond, bridging filesystems\nLourival Vieira Neto, NPF scripting with Lua\nAndy Tanenbaum, A Reimplementation of NetBSD Based on a Microkernel\nStefano Garzarella, Software segmentation offloading for FreeBSD\nTed Unangst, LibreSSL\nShawn Webb, Introducing ASLR In FreeBSD\nEd Maste, The LLDB Debugger in FreeBSD\nPhilip Guenther, Secure lazy binding\n***\n\n\nOpenBSD adopts SipHash\n\n\nEven more DJB crypto somehow finds its way into OpenBSD's base system\nThis time it's SipHash, a family of pseudorandom functions that's resistant to hash bucket flooding attacks while still providing good performance\nAfter an initial import and some clever early usage, a few developers agreed that it would be better to use it in a lot more places\nIt will now be used in the filesystem, and the plan is to utilize it to protect all kernel hash functions\nSome other places that Bernstein's work can be found in OpenBSD include the ChaCha20-Poly1305 authenticated stream cipher and Curve25519 KEX used in SSH, ChaCha20 used in the RNG, and Ed25519 keys used in signify and SSH\n***\n\n\nFreeBSD 10.1-RELEASE\n\n\nFreeBSD's release engineering team likes to troll us by uploading new versions just a few hours after we finish recording an episode\nThe first maintenance update for the 10.x branch is out, improving upon a lot of things found in 10.0-RELEASE\nThe vt driver was merged from -CURRENT and can now be enabled with a loader.conf switch (and can even be used on a PlayStation 3)\nBhyve has gotten quite a lot of fixes and improvements from its initial debut in 10.0, including boot support for ZFS\nLots of new ARM hardware is supported now, including SMP support for most of them\nA new kernel selection menu was added to the loader, so you can switch between newer and older kernels at boot time\n10.1 is the first to support UEFI booting on amd64, which also has serial console support now\nLots of third party software (OpenSSH, OpenSSL, Unbound..) and drivers have gotten updates to newer versions\nIt's a worthy update from 10.0, or a good time to try the 10.x branch if you were avoiding the first .0 release, so grab an ISO or upgrade today\nCheck the detailed release notes for more information on all the changes\nAlso take a look at some of the known problems to see if you'll be affected by any of them\nPC-BSD was also updated accordingly with some of their own unique features and changes\n***\n\n\narc4random - Randomization for All Occasions\n\n\nTheo de Raadt gave an updated version of his EuroBSDCon presentation at Hackfest 2014 in Quebec\nThe presentation is mainly about OpenBSD's arc4random function, and outlines the overall poor state of randomization in the 90s and how it has evolved in OpenBSD over time\nIt begins with some interesting history on OpenBSD and how it became a security-focused OS - in 1996, their syslogd got broken into and \"suddenly we became interested in security\"\nThe talk also touches on how low-level changes can shake up the software ecosystem and third party packages that everyone uses\nThere's some funny history on the name of the function (being called arc4random despite not using RC4 anymore) and an overall status update on various platforms' usage of it\nVery detailed and informative presentation, and the slides can be found here\nA great quote from the beginning: \"We consider ourselves a community of (probably rather strange) people who work on software specifically for the purpose of trying to make it better. We take a 'whole-systems' approach: trying to change everything in the ecosystem that's under our control, trying to see if we can make it better. We gain a lot of strength by being able to throw backwards compatibility out the window. So that means that we're able to do research and the minute that we decide that something isn't right, we'll design an alternative for it and push it in. And if it ends up breaking everybody's machines from the previous stage to the next stage, that's fine because we'll end up in a happier place.\"\n***\n\n\nInterview - Justin Cormack - justin@netbsd.org / @justincormack\n\nNetBSD on Xen, rump kernels, various topics\n\n\n\nNews Roundup\n\nThe FreeBSD foundation's biggest donation\n\n\nThe FreeBSD foundation has a new blog post about the largest donation they've ever gotten\nFrom the CEO of WhatsApp comes a whopping one million dollars in a single donation\nIt also has some comments from the donor about why they use BSD and why it's important to give back\nBe sure to donate to the foundation of whatever BSD you use when you can - every little bit helps, especially for OpenBSD, NetBSD and DragonFly who don't have huge companies supporting them regularly like FreeBSD does\n***\n\n\nOpenZFS Dev Summit 2014 videos\n\n\nVideos from the recent OpenZFS developer summit are being uploaded, with speakers from different represented platforms and companies\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nMatt Ahrens, opening keynote\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nRaphael Carvalho, Platform Overview: ZFS on OSv\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nBrian Behlendorf, Platform Overview: ZFS on Linux\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nPrakash Surya, Platform Overview: illumos\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nXin Li, Platform Overview: FreeBSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nAll platforms, Group Q\u0026amp;A Session\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nDave Pacheco, Manta\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nSaso Kiselkov, Compression\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nGeorge Wilson, Performance\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nTim Feldman, Host-Aware SMR\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nPavel Zakharov, Fast File Cloning\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nThe audio is pretty poor on all of them unfortunately\n***\n\n\nBSDTalk 248\n\n\nOur friend Will Backman is still busy getting BSD interviews as well\nThis time he sits down with Matthew Dillon, the lead developer of DragonFly BSD\nWe've never had Dillon on the show, so you'll definitely want to give this one a listen\nThey mainly discuss all the big changes coming in DragonFly's upcoming 4.0 release\n***\n\n\nMeetBSD 2014 videos\n\n\nThe presentations from this year's MeetBSD conference are starting to appear online as well\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nKirk McKusick, A Narrative History of BSD\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nJordan Hubbard, FreeBSD: The Next 10 Years\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nBrendan Gregg, Performance Analysis\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it _^ --\u0026gt;\nThe slides can be found here \n***\n\n\nFeedback/Questions\n\n\nDominik writes in\nSteven writes in\nFlorian writes in\nRichard writes in\nKevin writes in\n***\n\n\nMailing List Gold\n\n\nContributing without code\nCompression isn't a CRIME\nSecuring web browsers\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be talking with Justin Cormack about NetBSD rump kernels. We\u0026#39;ll learn how to run them on other operating systems, what\u0026#39;s planned for the future and a lot more. As always, answers to viewer-submitted questions and all the news for the week, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2014.eurobsdcon.org/talks-and-schedule/\" rel=\"nofollow\"\u003eEuroBSDCon 2014 talks and tutorials\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe 2014 EuroBSDCon videos have been online for over a month, but unannounced - keep in mind these links may be temporary (but we\u0026#39;ll mention their new location in a future show and fix the show notes if that\u0026#39;s the case)\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eArun Thomas, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/03.Saturday/01.BSD-ARM%20Kernel%20Internals%20-%20Arun%20Thomas.mp4\" rel=\"nofollow\"\u003eBSD ARM Kernel Internals\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eTed Unangst, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/03.Saturday/02.Developing%20Software%20in%20a%20Hostile%20Environment%20-%20Ted%20Unangst.mp4\" rel=\"nofollow\"\u003eDeveloping Software in a Hostile Environment\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eMartin Pieuchot, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/03.Saturday/03.Taming%20OpenBSD%20Network%20Stack%20Dragons%20-%20Martin%20Pieuchot.mp4\" rel=\"nofollow\"\u003eTaming OpenBSD Network Stack Dragons\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eHenning Brauer, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/03.Saturday/04.OpenBGPD%20turns%2010%20years%20-%20%20Henning%20Brauer.mp4\" rel=\"nofollow\"\u003eOpenBGPD turns 10 years\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eClaudio Jeker, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/03.Saturday/05.vscsi(4)%20and%20iscsid%20-%20iSCSI%20initiator%20the%20OpenBSD%20way%20-%20Claudio%20Jeker.mp4\" rel=\"nofollow\"\u003evscsi and iscsid iSCSI initiator the OpenBSD way\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003ePaul Irofti, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/03.Saturday/06.Making%20OpenBSD%20Useful%20on%20the%20Octeon%20Network%20Gear%20-%20Paul%20Irofti.mp4\" rel=\"nofollow\"\u003eMaking OpenBSD Useful on the Octeon Network Gear\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eBaptiste Daroussin, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/04.Sunday/01.Cross%20Building%20the%20FreeBSD%20ports%20tree%20-%20Baptiste%20Daroussin.mp4\" rel=\"nofollow\"\u003eCross Building the FreeBSD ports tree\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eBoris Astardzhiev, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/04.Sunday/02.Smartcom%e2%80%99s%20control%20plane%20software,%20a%20customized%20version%20of%20FreeBSD%20-%20Boris%20Astardzhiev.mp4\" rel=\"nofollow\"\u003eSmartcom’s control plane software, a customized version of FreeBSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eMichał Dubiel, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/04.Sunday/03.OpenStack%20and%20OpenContrail%20for%20FreeBSD%20platform%20-%20Micha%c5%82%20Dubiel.mp4\" rel=\"nofollow\"\u003eOpenStack and OpenContrail for FreeBSD platform\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eMartin Husemann \u0026amp; Joerg Sonnenberger, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/04.Sunday/04.(Tool-)chaining%20the%20Hydra%20The%20ongoing%20quest%20for%20modern%20toolchains%20in%20NetBSD%20-%20Martin%20Huseman%20\u0026%20Joerg%20Sonnenberger.mp4\" rel=\"nofollow\"\u003eTool-chaining the Hydra, the ongoing quest for modern toolchains in NetBSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eTaylor R Campbell, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/04.Sunday/05.The%20entropic%20principle:%20dev-u%3frandom%20and%20NetBSD%20-%20Taylor%20R%20Campbell.mp4\" rel=\"nofollow\"\u003eThe entropic principle: /dev/u?random and NetBSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eDag-Erling Smørgrav, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Rodopi/04.Sunday/06.Securing%20sensitive%20\u0026%20restricted%20data%20-%20Dag-Erling%20Sm%c3%b8rgrav.mp4\" rel=\"nofollow\"\u003eSecuring sensitive \u0026amp; restricted data\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003ePeter Hansteen, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/01.Thursday/01.Building%20The%20Network%20You%20Need%20With%20PF%20-%20Peter%20Hansteen.mp4\" rel=\"nofollow\"\u003eBuilding The Network You Need\u003c/a\u003e \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/01.Thursday/02.Building%20The%20Network%20You%20Need%20With%20PF%20-%20Peter%20Hansteen.mp4\" rel=\"nofollow\"\u003eWith PF\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eStefan Sperling, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/01.Thursday/03.Subversion%20for%20FreeBSD%20developers%20-%20Stefan%20Sperling.mp4\" rel=\"nofollow\"\u003eSubversion for FreeBSD developers\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003ePeter Hansteen, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/02.Friday/01.Transition%20to%20OpenBSD%205.6%20-%20Peter%20Hansteen.mp4\" rel=\"nofollow\"\u003eTransition to\u003c/a\u003e \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/02.Friday/02.Transition%20to%20OpenBSD%205.6%20-%20Peter%20Hansteen.mp4\" rel=\"nofollow\"\u003eOpenBSD 5.6\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eIngo Schwarze, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/02.Friday/03.Let%e2%80%99s%20make%20manuals%20more%20useful%20-%20Ingo%20Schwarze.mp4\" rel=\"nofollow\"\u003eLet’s make manuals\u003c/a\u003e \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/02.Friday/04.Let%e2%80%99s%20make%20manuals%20more%20useful%20-%20Ingo%20Schwarze.mp4\" rel=\"nofollow\"\u003emore useful\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eFrancois Tigeot, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/03.Saturday/01.Improving%20DragonFly%e2%80%99s%20performance%20with%20PostgreSQL%20-%20Francois%20Tigeot.mp4\" rel=\"nofollow\"\u003eImproving DragonFly’s performance with PostgreSQL\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eJustin Cormack, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/03.Saturday/02.Running%20Applications%20on%20the%20NetBSD%20Rump%20Kernel%20-%20Justin%20Cormack.mp4\" rel=\"nofollow\"\u003eRunning Applications on the NetBSD Rump Kernel\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003ePierre Pronchery, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/03.Saturday/04.EdgeBSD,%20a%20year%20later%20-%20%20Pierre%20Pronchery.mp4\" rel=\"nofollow\"\u003eEdgeBSD, a year later\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003ePeter Hessler, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/03.Saturday/05.Using%20routing%20domains%20or%20tables%20in%20a%20production%20network%20-%20%20Peter%20Hessler.mp4\" rel=\"nofollow\"\u003eUsing routing domains or tables in a production network\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eSean Bruno, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/03.Saturday/06.QEMU%20user%20mode%20on%20FreeBSD%20-%20%20Sean%20Bruno.mp4\" rel=\"nofollow\"\u003eQEMU user mode on FreeBSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eKristaps Dzonsons, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/04.Sunday/01.Bugs%20Ex%20Ante%20-%20Kristaps%20Dzonsons.mp4\" rel=\"nofollow\"\u003eBugs Ex Ante\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eYann Sionneau, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/04.Sunday/02.Porting%20NetBSD%20to%20the%20LatticeMico32%20open%20source%20CPU%20-%20Yann%20Sionneau.mp4\" rel=\"nofollow\"\u003ePorting NetBSD to the LatticeMico32 open source CPU\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eAlexander Nasonov, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/04.Sunday/03.JIT%20Code%20Generator%20for%20NetBSD%20-%20Alexander%20Nasonov.mp4\" rel=\"nofollow\"\u003eJIT Code Generator for NetBSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eMasao Uebayashi, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/04.Sunday/04.Porting%20Valgrind%20to%20NetBSD%20and%20OpenBSD%20-%20Masao%20Uebayashi.mp4\" rel=\"nofollow\"\u003ePorting Valgrind to NetBSD and OpenBSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eMarc Espie, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/04.Sunday/05.parallel%20make:%20working%20with%20legacy%20code%20-%20Marc%20Espie.mp4\" rel=\"nofollow\"\u003eparallel make, working with legacy code\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eFrancois Tigeot, \u003ca href=\"https://va.ludost.net/files/eurobsdcon/2014/Pirin/04.Sunday/06.Porting%20the%20drm-kms%20graphic%20drivers%20to%20DragonFly%20-%20Francois%20Tigeot.mp4\" rel=\"nofollow\"\u003ePorting the drm-kms graphic drivers to DragonFly\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eThe following talks (from the Vitosha track room) are all currently missing:\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eJordan Hubbard, FreeBSD, Looking forward to another 10 years (but we have another recording)\u003c/li\u003e\n\u003cli\u003eTheo de Raadt, Randomness, how arc4random has grown since 1998 (but we have another recording)\u003c/li\u003e\n\u003cli\u003eKris Moore, Snapshots, Replication, and Boot-Environments\u003c/li\u003e\n\u003cli\u003eKirk McKusick, An Introduction to the Implementation of ZFS\u003c/li\u003e\n\u003cli\u003eJohn-Mark Gurney, Optimizing GELI Performance\u003c/li\u003e\n\u003cli\u003eEmmanuel Dreyfus, FUSE and beyond, bridging filesystems\u003c/li\u003e\n\u003cli\u003eLourival Vieira Neto, NPF scripting with Lua\u003c/li\u003e\n\u003cli\u003eAndy Tanenbaum, A Reimplementation of NetBSD Based on a Microkernel\u003c/li\u003e\n\u003cli\u003eStefano Garzarella, Software segmentation offloading for FreeBSD\u003c/li\u003e\n\u003cli\u003eTed Unangst, LibreSSL\u003c/li\u003e\n\u003cli\u003eShawn Webb, Introducing ASLR In FreeBSD\u003c/li\u003e\n\u003cli\u003eEd Maste, The LLDB Debugger in FreeBSD\u003c/li\u003e\n\u003cli\u003ePhilip Guenther, Secure lazy binding\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141614801713457\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD adopts SipHash\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEven more DJB crypto somehow finds its way into OpenBSD\u0026#39;s base system\u003c/li\u003e\n\u003cli\u003eThis time it\u0026#39;s \u003ca href=\"https://131002.net/siphash/\" rel=\"nofollow\"\u003eSipHash\u003c/a\u003e, a family of pseudorandom functions that\u0026#39;s resistant to hash bucket flooding attacks while still providing good performance\u003c/li\u003e\n\u003cli\u003eAfter an \u003ca href=\"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/crypto/siphash.c?rev=1.1\u0026content-type=text/x-cvsweb-markup\" rel=\"nofollow\"\u003einitial import\u003c/a\u003e and some \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141604896822253\u0026w=2\" rel=\"nofollow\"\u003eclever early usage\u003c/a\u003e, a few developers agreed that it would be better to use it in a lot more places\u003c/li\u003e\n\u003cli\u003eIt will now be used in the filesystem, and the plan is to utilize it to protect \u003cstrong\u003eall kernel hash functions\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSome \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003eother places\u003c/a\u003e that Bernstein\u0026#39;s work can be found in OpenBSD include the ChaCha20-Poly1305 authenticated stream cipher and Curve25519 KEX used in SSH, ChaCha20 used in the RNG, and Ed25519 keys used in \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003esignify\u003c/a\u003e and SSH\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/10.1R/announce.html\" rel=\"nofollow\"\u003eFreeBSD 10.1-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD\u0026#39;s \u003ca href=\"http://www.bsdnow.tv/episodes/2013-09-11_engineering_powder_kegs\" rel=\"nofollow\"\u003erelease engineering team\u003c/a\u003e likes to troll us by uploading new versions just a few hours after we finish recording an episode\u003c/li\u003e\n\u003cli\u003eThe first maintenance update for the 10.x branch is out, improving upon a lot of things found in 10.0-RELEASE\u003c/li\u003e\n\u003cli\u003eThe vt driver was merged from -CURRENT and can now be enabled with a loader.conf switch (and can even be used on a PlayStation 3)\u003c/li\u003e\n\u003cli\u003eBhyve has gotten quite a lot of fixes and improvements from its initial debut in 10.0, including boot support for ZFS\u003c/li\u003e\n\u003cli\u003eLots of new ARM hardware is supported now, including SMP support for most of them\u003c/li\u003e\n\u003cli\u003eA new kernel selection menu was added to the loader, so you can switch between newer and older kernels at boot time\u003c/li\u003e\n\u003cli\u003e10.1 is the first to support UEFI booting on amd64, which also has serial console support now\u003c/li\u003e\n\u003cli\u003eLots of third party software (OpenSSH, OpenSSL, Unbound..) and drivers have gotten updates to newer versions\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a worthy update from 10.0, or a good time to try the 10.x branch if you were avoiding the first .0 release, so \u003ca href=\"http://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.1/\" rel=\"nofollow\"\u003egrab an ISO\u003c/a\u003e or \u003ca href=\"https://www.freebsd.org/cgi/man.cgi?query=freebsd-update\" rel=\"nofollow\"\u003eupgrade\u003c/a\u003e today\u003c/li\u003e\n\u003cli\u003eCheck the \u003ca href=\"https://www.freebsd.org/releases/10.1R/relnotes.html\" rel=\"nofollow\"\u003edetailed release notes\u003c/a\u003e for more information on all the changes\u003c/li\u003e\n\u003cli\u003eAlso take a look at some of the \u003ca href=\"https://www.freebsd.org/releases/10.1R/errata.html#open-issues\" rel=\"nofollow\"\u003eknown problems\u003c/a\u003e to see \u003ca href=\"https://forums.freebsd.org/threads/segmentation-fault-while-upgrading-from-10-0-release-to-10-1-release.48977/\" rel=\"nofollow\"\u003eif\u003c/a\u003e \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2014-October/080599.html\" rel=\"nofollow\"\u003eyou\u0026#39;ll\u003c/a\u003e \u003ca href=\"https://forums.freebsd.org/threads/10-0-10-1-diocaddrule-operation-not-supported-by-device.49016/\" rel=\"nofollow\"\u003ebe\u003c/a\u003e \u003ca href=\"https://www.reddit.com/r/freebsd/comments/2mmzzy/101release_restart_problems_anyone/\" rel=\"nofollow\"\u003eaffected\u003c/a\u003e by any of them\u003c/li\u003e\n\u003cli\u003ePC-BSD was also \u003ca href=\"http://wiki.pcbsd.org/index.php/What%27s_New/10.1\" rel=\"nofollow\"\u003eupdated accordingly\u003c/a\u003e with some of their own unique features and changes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=aWmLWx8ut20\" rel=\"nofollow\"\u003earc4random - Randomization for All Occasions\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTheo de Raadt gave an updated version of his EuroBSDCon presentation at Hackfest 2014 in Quebec\u003c/li\u003e\n\u003cli\u003eThe presentation is mainly about OpenBSD\u0026#39;s arc4random function, and outlines the overall poor state of randomization in the 90s and how it has evolved in OpenBSD over time\u003c/li\u003e\n\u003cli\u003eIt begins with some interesting history on OpenBSD and how it became a security-focused OS - in 1996, their syslogd got broken into and \u0026quot;suddenly we became interested in security\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe talk also touches on how low-level changes can shake up the software ecosystem and third party packages that everyone uses\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s some funny history on the name of the function (being called arc4random despite not using RC4 anymore) and an overall status update on various platforms\u0026#39; usage of it\u003c/li\u003e\n\u003cli\u003eVery detailed and informative presentation, and the slides can be found \u003ca href=\"http://www.openbsd.org/papers/hackfest2014-arc4random/index.html\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA great quote from the beginning: \u0026quot;We consider ourselves a community of (probably rather strange) people who work on software specifically for the purpose of trying to make it better. We take a \u0026#39;whole-systems\u0026#39; approach: trying to change everything in the ecosystem that\u0026#39;s under our control, trying to see if we can make it better. We gain a lot of strength by being able to throw backwards compatibility out the window. So that means that we\u0026#39;re able to do research and the minute that we decide that something isn\u0026#39;t right, we\u0026#39;ll design an alternative for it and push it in. And if it ends up breaking everybody\u0026#39;s machines from the previous stage to the next stage, that\u0026#39;s fine because we\u0026#39;ll end up in a happier place.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Justin Cormack - \u003ca href=\"mailto:justin@netbsd.org\" rel=\"nofollow\"\u003ejustin@netbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/justincormack\" rel=\"nofollow\"\u003e@justincormack\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eNetBSD on Xen, rump kernels, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/11/freebsd-foundation-announces-generous.html\" rel=\"nofollow\"\u003eThe FreeBSD foundation\u0026#39;s biggest donation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has a new blog post about the largest donation they\u0026#39;ve ever gotten\u003c/li\u003e\n\u003cli\u003eFrom the CEO of WhatsApp comes a whopping one million dollars in a single donation\u003c/li\u003e\n\u003cli\u003eIt also has some comments from the donor about why they use BSD and why it\u0026#39;s important to give back\u003c/li\u003e\n\u003cli\u003eBe sure to donate to the foundation of whatever BSD you use when you can - every little bit helps, especially for \u003ca href=\"http://www.openbsd.org/donations.html\" rel=\"nofollow\"\u003eOpenBSD\u003c/a\u003e, \u003ca href=\"https://www.netbsd.org/donations/\" rel=\"nofollow\"\u003eNetBSD\u003c/a\u003e and \u003ca href=\"http://www.dragonflybsd.org/donations/\" rel=\"nofollow\"\u003eDragonFly\u003c/a\u003e who don\u0026#39;t have huge companies supporting them regularly like FreeBSD does\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://open-zfs.org/wiki/OpenZFS_Developer_Summit\" rel=\"nofollow\"\u003eOpenZFS Dev Summit 2014 videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVideos from the recent OpenZFS developer summit are being uploaded, with speakers from different represented platforms and companies\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods\" rel=\"nofollow\"\u003eMatt Ahrens\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=XnTzbisLYzg\" rel=\"nofollow\"\u003eopening keynote\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eRaphael Carvalho, \u003ca href=\"https://www.youtube.com/watch?v=TJLOBLSRoHE\" rel=\"nofollow\"\u003ePlatform Overview: ZFS on OSv\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eBrian Behlendorf, \u003ca href=\"https://www.youtube.com/watch?v=_MVOpMNV7LY\" rel=\"nofollow\"\u003ePlatform Overview: ZFS on Linux\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003ePrakash Surya, \u003ca href=\"https://www.youtube.com/watch?v=UtlGt3ag0o0\" rel=\"nofollow\"\u003ePlatform Overview: illumos\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eXin Li, \u003ca href=\"https://www.youtube.com/watch?v=xO0x5_3A1X4\" rel=\"nofollow\"\u003ePlatform Overview: FreeBSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eAll platforms, \u003ca href=\"https://www.youtube.com/watch?v=t4UlT0RmSCc\" rel=\"nofollow\"\u003eGroup Q\u0026amp;A Session\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eDave Pacheco, \u003ca href=\"https://www.youtube.com/watch?v=BEoCMpdB8WU\" rel=\"nofollow\"\u003eManta\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eSaso Kiselkov, \u003ca href=\"https://www.youtube.com/watch?v=TZF92taa_us\" rel=\"nofollow\"\u003eCompression\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_04-zettabytes_for_days\" rel=\"nofollow\"\u003eGeorge Wilson\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=deJc0EMKrM4\" rel=\"nofollow\"\u003ePerformance\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eTim Feldman, \u003ca href=\"https://www.youtube.com/watch?v=b1yqjV8qemU\" rel=\"nofollow\"\u003eHost-Aware SMR\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003ePavel Zakharov, \u003ca href=\"https://www.youtube.com/watch?v=-4c4gsLi1LI\" rel=\"nofollow\"\u003eFast File Cloning\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eThe audio is \u003ca href=\"https://twitter.com/OpenZFS/status/534005125853888512\" rel=\"nofollow\"\u003epretty poor\u003c/a\u003e on all of them unfortunately\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2014/11/bsdtalk248-dragonflybsd-with-matthew.html\" rel=\"nofollow\"\u003eBSDTalk 248\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend Will Backman is still busy getting BSD interviews as well\u003c/li\u003e\n\u003cli\u003eThis time he sits down with Matthew Dillon, the lead developer of DragonFly BSD\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve never had Dillon on the show, so you\u0026#39;ll definitely want to give this one a listen\u003c/li\u003e\n\u003cli\u003eThey mainly discuss all the big changes coming in DragonFly\u0026#39;s upcoming 4.0 release\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.meetbsd.com/\" rel=\"nofollow\"\u003eMeetBSD 2014 videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe presentations from this year\u0026#39;s MeetBSD conference are starting to appear online as well\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013-10-02_stacks_of_cache\" rel=\"nofollow\"\u003eKirk McKusick\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=DEEr6dT-4uQ\" rel=\"nofollow\"\u003eA Narrative History of BSD\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_27-bridging_the_gap\" rel=\"nofollow\"\u003eJordan Hubbard\u003c/a\u003e, \u003ca href=\"https://www.youtube.com/watch?v=Mri66Uz6-8Y\" rel=\"nofollow\"\u003eFreeBSD: The Next 10 Years\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eBrendan Gregg, \u003ca href=\"https://www.youtube.com/watch?v=uvKMptfXtdo\" rel=\"nofollow\"\u003ePerformance Analysis\u003c/a\u003e\n\u0026lt;!-- i wonder if freebsdnews will rip our html again and repost it \u003csup\u003e_^\u003c/sup\u003e --\u0026gt;\u003c/li\u003e\n\u003cli\u003eThe slides can be found \u003ca href=\"https://www.meetbsd.com/agenda/\" rel=\"nofollow\"\u003ehere\u003c/a\u003e \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20PXjp55N\" rel=\"nofollow\"\u003eDominik writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2LwEYT3bA\" rel=\"nofollow\"\u003eSteven writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ubK8vQVt\" rel=\"nofollow\"\u003eFlorian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s216Eq8nFG\" rel=\"nofollow\"\u003eRichard writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21D2ugDUy\" rel=\"nofollow\"\u003eKevin writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?t=141600819500004\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003eContributing without code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-November/033176.html\" rel=\"nofollow\"\u003eCompression isn\u0026#39;t a CRIME\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?t=141616714600001\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003eSecuring web browsers\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be talking with Justin Cormack about NetBSD rump kernels. We'll learn how to run them on other operating systems, what's planned for the future and a lot more. As always, answers to viewer-submitted questions and all the news for the week, on BSD Now - the place to B.. SD.","date_published":"2014-11-19T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b5100d19-f472-4a18-93f7-72e1494ce394.mp3","mime_type":"audio/mpeg","size_in_bytes":81755572,"duration_in_seconds":6812}]},{"id":"0dbe70cc-bfdd-4af8-b67f-a5d1e85b7115","title":"63: A Man's man(1)","url":"https://www.bsdnow.tv/63","content_text":"This time on the show, we've got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week's news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nUpdates to FreeBSD's random(4)\n\n\nFreeBSD's random device, which presents itself as \"/dev/random\" to users, has gotten a fairly major overhaul in -CURRENT\nThe CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna\nYarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)\nPluggable modules can now be written to add more sources of entropy\nThese changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9\n***\n\n\nOpenBSD Tor relays and network diversity\n\n\nWe've talked about getting more BSD-based Tor nodes a few times in previous episodes\nThe \"tor-relays\" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes\nWith the security features and attention to detail, it makes for an excellent dedicated Tor box\nMore and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large\nA few users are even saying they'll convert their Linux nodes to OpenBSD to help out\nCheck the archive for the full conversation, and maybe run a node yourself on any of the BSDs\nThe Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it\n***\n\n\nSSP now default for FreeBSD ports\n\n\nSSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces\nIt's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)\nThis will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates\nIf you were using the temporary \"new Xorg\" or SSP package repositories instead of the default ones, you need to switch back over\nNetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago\nNext time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed\n***\n\n\nBuilding an OpenBSD firewall and router\n\n\nWhile we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side\nThe OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris\nMost agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community\nThey also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.\nThrough the comments, we also find out that QuakeCon runs OpenBSD on their network\nHopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already\n***\n\n\nInterview - Kristaps Džonsons - kristaps@bsd.lv\n\nMandoc, historical man pages, various topics\n\n\n\nTutorial\n\nThrottling bandwidth with PF\n\n\n\nNews Roundup\n\nNetBSD at Kansai Open Forum 2014\n\n\nJapanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything\nFrom a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all\nAs always, you can find lots of pictures in the trip report\n***\n\n\nGetting to know your portmgr lurkers\n\n\nThe lovable \"getting to know your portmgr\" series makes its triumphant return\nThis time around, they interview Alex, one of the portmgr lurkers that joined just this month\n\"How would you describe yourself?\" \"Too lazy.\"\nAnother post includes a short interview with Emanuel, another new lurker\nWe discussed the portmgr lurkers initiative with Steve Wills a while back\n***\n\n\nNetBSD's ARM port gets SMP\n\n\nThe ARM port of NetBSD now has SMP support, allowing more than one CPU to be used\nThis blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X\nNetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released\nThere are also a few nice pictures in the article\n***\n\n\nA high performance mid-range NAS\n\n\nThis blog post is about FreeNAS and optimizing iSCSI performance\nIt talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance\nThere are some nice graphs and lots of detail if you're interested in tweaking some of your own settings\nThey conclude \"there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload\"\n***\n\n\nFeedback/Questions\n\n\nHeto writes in\nBrad writes in\nTyler writes in\nTim writes in\nBrad writes in\n***\n\n\nMailing List Gold\n\n\nSuspicious contributions\nLa puissance du fromage\nNothing unusual here\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ve got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week\u0026#39;s news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=273872\" rel=\"nofollow\"\u003eUpdates to FreeBSD\u0026#39;s random(4)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD\u0026#39;s random device, which presents itself as \u0026quot;/dev/random\u0026quot; to \u003ca href=\"https://news.ycombinator.com/item?id=8550457\" rel=\"nofollow\"\u003eusers\u003c/a\u003e, has gotten a fairly major overhaul in -CURRENT\u003c/li\u003e\n\u003cli\u003eThe CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna\u003c/li\u003e\n\u003cli\u003eYarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)\u003c/li\u003e\n\u003cli\u003ePluggable modules can now be written to add more sources of entropy\u003c/li\u003e\n\u003cli\u003eThese changes are expected to make it in 11.0-RELEASE, but there hasn\u0026#39;t been any mention of MFCing them to 10 or 9\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.torproject.org/pipermail/tor-relays/2014-November/005661.html\" rel=\"nofollow\"\u003eOpenBSD Tor relays and network diversity\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve talked about getting \u003ca href=\"http://lists.nycbug.org/mailman/listinfo/tor-bsd\" rel=\"nofollow\"\u003emore BSD-based Tor nodes\u003c/a\u003e a few times in previous episodes\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;tor-relays\u0026quot; mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes\u003c/li\u003e\n\u003cli\u003eWith the security features and attention to detail, it makes for an excellent dedicated Tor box\u003c/li\u003e\n\u003cli\u003eMore and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large\u003c/li\u003e\n\u003cli\u003eA few users are even saying they\u0026#39;ll \u003cem\u003econvert their Linux nodes\u003c/em\u003e to OpenBSD to help out\u003c/li\u003e\n\u003cli\u003eCheck the archive for the full conversation, and maybe \u003ca href=\"http://www.bsdnow.tv/tutorials/tor\" rel=\"nofollow\"\u003erun a node yourself\u003c/a\u003e on any of the BSDs\u003c/li\u003e\n\u003cli\u003eThe Tor wiki page on OpenBSD is pretty \u003ca href=\"https://lists.torproject.org/pipermail/tor-dev/2014-November/007715.html\" rel=\"nofollow\"\u003eout of date\u003c/a\u003e (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2014-November/096344.html\" rel=\"nofollow\"\u003eSSP now default for FreeBSD ports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSSP, or \u003ca href=\"https://en.wikipedia.org/wiki/Buffer_overflow_protection\" rel=\"nofollow\"\u003eStack Smashing Protection\u003c/a\u003e, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s now enabled by default in FreeBSD\u0026#39;s ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)\u003c/li\u003e\n\u003cli\u003eThis will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates\u003c/li\u003e\n\u003cli\u003eIf you were using the temporary \u0026quot;new Xorg\u0026quot; or SSP package repositories instead of the default ones, you need to switch back over\u003c/li\u003e\n\u003cli\u003eNetBSD made this the default on i386 and amd64 \u003ca href=\"https://www.netbsd.org/releases/formal-6/NetBSD-6.0.html\" rel=\"nofollow\"\u003etwo years ago\u003c/a\u003e and OpenBSD made this the default on all architectures \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=103881967909595\u0026w=2\" rel=\"nofollow\"\u003etwelve years ago\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNext time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/BSD/comments/2ld0yw/building_an_openbsd_firewall_and_router/\" rel=\"nofollow\"\u003eBuilding an OpenBSD firewall and router\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile we\u0026#39;ve discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side\u003c/li\u003e\n\u003cli\u003eThe OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris\u003c/li\u003e\n\u003cli\u003eMost agree that, if it\u0026#39;s for a business especially, it\u0026#39;s worth the extra money to go with something that\u0026#39;s well known in the BSD community\u003c/li\u003e\n\u003cli\u003eThey also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.\u003c/li\u003e\n\u003cli\u003eThrough the comments, we also find out that \u003cstrong\u003eQuakeCon runs OpenBSD\u003c/strong\u003e on their network\u003c/li\u003e\n\u003cli\u003eHopefully most of our listeners are running some kind of BSD as their gateway - \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003etry it out\u003c/a\u003e if you haven\u0026#39;t already\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Kristaps Džonsons - \u003ca href=\"mailto:kristaps@bsd.lv\" rel=\"nofollow\"\u003ekristaps@bsd.lv\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eMandoc, historical man pages, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router#queues\" rel=\"nofollow\"\u003eThrottling bandwidth with PF\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2014/11/08/msg000672.html\" rel=\"nofollow\"\u003eNetBSD at Kansai Open Forum 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJapanese NetBSD users invade yet another conference, demonstrating that they \u003cstrong\u003ecan and will\u003c/strong\u003e install NetBSD \u003cem\u003eon everything\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eFrom a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all\u003c/li\u003e\n\u003cli\u003eAs always, you can find lots of pictures in the trip report\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2014/11/04/getting-to-know-your-portmgr-lurker-ak/\" rel=\"nofollow\"\u003eGetting to know your portmgr lurkers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe lovable \u0026quot;getting to know your portmgr\u0026quot; series makes its triumphant return\u003c/li\u003e\n\u003cli\u003eThis time around, they interview Alex, one of the portmgr lurkers that joined just this month\u003c/li\u003e\n\u003cli\u003e\u0026quot;How would you describe yourself?\u0026quot; \u0026quot;Too lazy.\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2014/11/08/getting-to-know-your-portmgr-lurker-ehaupt/\" rel=\"nofollow\"\u003eAnother post\u003c/a\u003e includes a short interview with Emanuel, another new lurker\u003c/li\u003e\n\u003cli\u003eWe discussed the portmgr lurkers initiative with Steve Wills \u003ca href=\"http://www.bsdnow.tv/episodes/2014_10_01-the_daemons_apprentice\" rel=\"nofollow\"\u003ea while back\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/working_arm_multiprocessor_support\" rel=\"nofollow\"\u003eNetBSD\u0026#39;s ARM port gets SMP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ARM port of NetBSD now has SMP support, allowing more than one CPU to be used\u003c/li\u003e\n\u003cli\u003eThis blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X\u003c/li\u003e\n\u003cli\u003eNetBSD\u0026#39;s release team is working on getting these changes into the 7 branch before 7.0 is released\u003c/li\u003e\n\u003cli\u003eThere are also a few nice pictures in the article\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pivotallabs.com/high-performing-mid-range-nas-server-part-2-performance-tuning-iscsi/\" rel=\"nofollow\"\u003eA high performance mid-range NAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis blog post is about FreeNAS and optimizing iSCSI performance\u003c/li\u003e\n\u003cli\u003eIt talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance\u003c/li\u003e\n\u003cli\u003eThere are some nice graphs and lots of detail if you\u0026#39;re interested in tweaking some of your own settings\u003c/li\u003e\n\u003cli\u003eThey conclude \u0026quot;there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2xGCUj8mC\" rel=\"nofollow\"\u003eHeto writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2SJ8xppDJ\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Ktl6BMk\" rel=\"nofollow\"\u003eTyler writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2AsrxU0ZQ\" rel=\"nofollow\"\u003eTim writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21yn0xLv2\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?t=141379917200003\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003eSuspicious contributions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141538800019451\u0026w=2\" rel=\"nofollow\"\u003eLa puissance du fromage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/tech-ports/2002/07/05/0000.html\" rel=\"nofollow\"\u003eNothing unusual here\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we've got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week's news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now - the place to B.. SD.","date_published":"2014-11-12T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0dbe70cc-bfdd-4af8-b67f-a5d1e85b7115.mp3","mime_type":"audio/mpeg","size_in_bytes":70356244,"duration_in_seconds":5863}]},{"id":"1a099eb3-3c03-4d49-ba89-e6381381718d","title":"62: Gift from the Sun","url":"https://www.bsdnow.tv/62","content_text":"We're away at MeetBSD this week, but we've still got a great show for you. We'll be joined by Pawel Dawidek, who's done quite a lot of things in FreeBSD over the years, including the initial ZFS port. We'll get to hear how that came about, what he's up to now and a whole lot more. We'll be back next week with a normal episode of BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Pawel Jakub Dawidek - pjd@freebsd.org\n\nPorting ZFS, GEOM, GELI, Capsicum, various topics\n\n","content_html":"\u003cp\u003eWe\u0026#39;re away at MeetBSD this week, but we\u0026#39;ve still got a great show for you. We\u0026#39;ll be joined by Pawel Dawidek, who\u0026#39;s done quite a lot of things in FreeBSD over the years, including the initial ZFS port. We\u0026#39;ll get to hear how that came about, what he\u0026#39;s up to now and a whole lot more. We\u0026#39;ll be back next week with a normal episode of BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Pawel Jakub Dawidek - \u003ca href=\"mailto:pjd@freebsd.org\" rel=\"nofollow\"\u003epjd@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003ePorting ZFS, GEOM, GELI, Capsicum, various topics\u003c/p\u003e\n\n\u003chr\u003e","summary":"We're away at MeetBSD this week, but we've still got a great show for you. We'll be joined by Pawel Dawidek, who's done quite a lot of things in FreeBSD over the years, including the initial ZFS port. We'll get to hear how that came about, what he's up to now and a whole lot more. We'll be back next week with a normal episode of BSD Now - the place to B.. SD.","date_published":"2014-11-05T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1a099eb3-3c03-4d49-ba89-e6381381718d.mp3","mime_type":"audio/mpeg","size_in_bytes":24585844,"duration_in_seconds":2048}]},{"id":"a0bfab13-8167-4b68-b1de-74122013593a","title":"61: IPSECond Wind","url":"https://www.bsdnow.tv/61","content_text":"This week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD's IPSEC stack. We'll learn what he's adding, what needed to be fixed and how we'll benefit from the changes. As always, answers to your emails and all of this week's news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSD panel at Phoenix LUG\n\n\nThe Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD\nIt had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience\nThey covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy\nIt was a good \"real world\" example of things potential switchers are curious to know about\nThey closed by concluding that more diversity is always better, and even if you've got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea\n***\n\n\nBook of PF signed copy auction\n\n\nPeter Hansteen (who we've had on the show) is auctioning off the first signed copy of the new Book of PF\nAll the profits from the sale will go to the OpenBSD Foundation\nThe updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD's versions (which still use ALTQ, among other differences)\nIf you're interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf - and the money will also go to a good cause\nMichael Lucas has challenged Peter to raise more for the foundation than his last book selling - let's see who wins\nPause the episode, go bid on it and then come back!\n***\n\n\nFreeBSD Foundation goes to EuroBSDCon\n\n\nSome people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report\nThey also sponsored four other developers to go\nThe foundation was there \"to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD\"\nThey also have a second report from Kamil Czekirda\nA total of $2000 was raised at the conference\n***\n\n\nOpenBSD 5.6 released\n\n\nNote: we're doing this story a couple days early - it's actually being released on November 1st (this Saturday), but we have next week off and didn't want to let this one slip through the cracks - it may be out by the time you're watching this\nContinuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6\nIt includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features\n5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it\nYou can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial for that)\nALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed\nThis will serve as a \"transitional\" release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd and from BIND to Unbound\nSendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions\nAs always, 5.6 comes with its own song and artwork - the theme this time was obviously LibreSSL\nBe sure to check the full changelog (it's huge) and pick up a CD or tshirt to support their efforts\nIf you don't already have the public key releases are signed with, getting a physical CD is a good \"out of bounds\" way to obtain it safely\nHere are some cool images of the set\nAfter you do your installation or upgrade, don't forget to head over to the errata page and apply any patches listed there\n***\n\n\nInterview - John-Mark Gurney - jmg@freebsd.org / @encthenet\n\nUpdating FreeBSD's IPSEC stack\n\n\n\nNews Roundup\n\nClang in DragonFly BSD\n\n\nAs we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang almost exclusively on i386/amd64\nSome DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly\nWe'd love to see more BSDs switch to Clang/LLVM eventually, it's a lot more modern than the old GCC most are using\n***\n\n\nreallocarray(): integer overflow detection for free\n\n\nOne of the less obvious features in OpenBSD 5.6 is a new libc function: \"reallocarray()\"\nIt's a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost\nTheo and a few other developers have already started a mass audit of the entire source tree, replacing many instances with this new feature\nOpenBSD's explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too\n***\n\n\nSwitching from Linux blog\n\n\nA listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux\nAfter over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome)\nSo far, he's put up a few posts about his initial thoughts, some documentation he's going through and his experiments so far\nIt'll be an ongoing series, so we may check back in with him again later on\n***\n\n\nOwncloud in a FreeNAS jail\n\n\nOne of the most common emails we get is about running Owncloud in FreeNAS\nNow, finally, someone made a video on how to do just that, and it's even jailed\nA member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend\nIf you're looking for an easy way to back up and sync your files, this might be worth a watch\n***\n\n\nFeedback/Questions\n\n\nErnõ writes in\nDavid writes in\nKamil writes in\nTorsten writes in\nDominik writes in\n***\n\n\nMailing List Gold\n\n\nThat's not our IP\nIs this thing on?\n***\n","content_html":"\u003cp\u003eThis week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD\u0026#39;s IPSEC stack. We\u0026#39;ll learn what he\u0026#39;s adding, what needed to be fixed and how we\u0026#39;ll benefit from the changes. As always, answers to your emails and all of this week\u0026#39;s news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=3AOF7fm-TJ0\" rel=\"nofollow\"\u003eBSD panel at Phoenix LUG\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD\u003c/li\u003e\n\u003cli\u003eIt had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience\u003c/li\u003e\n\u003cli\u003eThey covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy\u003c/li\u003e\n\u003cli\u003eIt was a good \u0026quot;real world\u0026quot; example of things potential switchers are curious to know about\u003c/li\u003e\n\u003cli\u003eThey closed by concluding that more diversity is always better, and even if you\u0026#39;ve got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2014/10/the-book-of-pf-3rd-edition-is-here.html\" rel=\"nofollow\"\u003eBook of PF signed copy auction\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeter Hansteen (who we\u0026#39;ve \u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall\" rel=\"nofollow\"\u003ehad on the show\u003c/a\u003e) is auctioning off the first signed copy of the new Book of PF\u003c/li\u003e\n\u003cli\u003eAll the profits from the sale will go to the \u003ca href=\"http://www.openbsd.org/donations.html\" rel=\"nofollow\"\u003eOpenBSD Foundation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD\u0026#39;s versions (which still use ALTQ, among other differences)\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf - and the money will also go to a good cause\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMichael Lucas\u003c/a\u003e has \u003ca href=\"https://www.marc.info/?l=openbsd-misc\u0026m=141429413908567\u0026w=2\" rel=\"nofollow\"\u003echallenged Peter\u003c/a\u003e to raise more for the foundation than his last book selling - let\u0026#39;s see who wins\u003c/li\u003e\n\u003cli\u003ePause the episode, \u003ca href=\"http://www.ebay.com/itm/321563281902\" rel=\"nofollow\"\u003ego bid on it\u003c/a\u003e and then come back!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/10/freebsd-foundation-goes-to-eurobsdcon.html\" rel=\"nofollow\"\u003eFreeBSD Foundation goes to EuroBSDCon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report\u003c/li\u003e\n\u003cli\u003eThey also sponsored four other developers to go\u003c/li\u003e\n\u003cli\u003eThe foundation was there \u0026quot;to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD\u0026quot;\u003c/li\u003e\n\u003cli\u003eThey also have \u003ca href=\"http://freebsdfoundation.blogspot.com/2014/10/eurobsdcon-trip-report-kamil-czekirda.html\" rel=\"nofollow\"\u003ea second report\u003c/a\u003e from Kamil Czekirda\u003c/li\u003e\n\u003cli\u003eA total of $2000 was raised at the conference\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/56.html\" rel=\"nofollow\"\u003eOpenBSD 5.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote\u003c/strong\u003e: we\u0026#39;re doing this story a couple days early - it\u0026#39;s actually being released on November 1st (this Saturday), but we have next week off and didn\u0026#39;t want to let this one slip through the cracks - it may be out by the time you\u0026#39;re watching this\u003c/li\u003e\n\u003cli\u003eContinuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6\u003c/li\u003e\n\u003cli\u003eIt includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features\u003c/li\u003e\n\u003cli\u003e5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it\u003c/li\u003e\n\u003cli\u003eYou can now hibernate your laptop when using a fully-encrypted filesystem (see \u003ca href=\"http://www.bsdnow.tv/tutorials/fde\" rel=\"nofollow\"\u003eour tutorial\u003c/a\u003e for that)\u003c/li\u003e\n\u003cli\u003eALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed\u003c/li\u003e\n\u003cli\u003eThis will serve as a \u0026quot;transitional\u0026quot; release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to \u003ca href=\"http://www.bsdnow.tv/episodes/2014_09_03-its_hammer_time\" rel=\"nofollow\"\u003ehttpd\u003c/a\u003e and from BIND to Unbound\u003c/li\u003e\n\u003cli\u003eSendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions\u003c/li\u003e\n\u003cli\u003eAs always, 5.6 comes with its own \u003ca href=\"http://www.openbsd.org/lyrics.html#56\" rel=\"nofollow\"\u003esong and artwork\u003c/a\u003e - the theme this time was obviously LibreSSL\u003c/li\u003e\n\u003cli\u003eBe sure to check the \u003ca href=\"http://www.openbsd.org/plus56.html\" rel=\"nofollow\"\u003efull changelog\u003c/a\u003e (\u003cem\u003eit\u0026#39;s huge\u003c/em\u003e) and pick up \u003ca href=\"http://www.openbsd.org/orders.html\" rel=\"nofollow\"\u003ea CD or tshirt\u003c/a\u003e to support their efforts\u003c/li\u003e\n\u003cli\u003eIf you don\u0026#39;t already have the public key releases are signed with, getting a physical CD is a good \u0026quot;out of bounds\u0026quot; way to obtain it safely\u003c/li\u003e\n\u003cli\u003eHere are some cool \u003ca href=\"https://imgur.com/a/5PtFe\" rel=\"nofollow\"\u003eimages of the set\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAfter you do your installation or \u003ca href=\"http://www.openbsd.org/faq/upgrade56.html\" rel=\"nofollow\"\u003eupgrade\u003c/a\u003e, don\u0026#39;t forget to head over to \u003ca href=\"http://www.openbsd.org/errata56.html\" rel=\"nofollow\"\u003ethe errata page\u003c/a\u003e and apply any patches listed there\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - John-Mark Gurney - \u003ca href=\"mailto:jmg@freebsd.org\" rel=\"nofollow\"\u003ejmg@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/encthenet\" rel=\"nofollow\"\u003e@encthenet\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eUpdating FreeBSD\u0026#39;s IPSEC stack\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.dragonflydigest.com/2014/10/22/14942.html\" rel=\"nofollow\"\u003eClang in DragonFly BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang almost exclusively on i386/amd64\u003c/li\u003e\n\u003cli\u003eSome DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;d love to see more BSDs switch to Clang/LLVM eventually, it\u0026#39;s a lot more modern than the old GCC most are using\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lteo.net/blog/2014/10/28/reallocarray-in-openbsd-integer-overflow-detection-for-free/\" rel=\"nofollow\"\u003ereallocarray(): integer overflow detection for free\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the less obvious features in OpenBSD 5.6 is a new libc function: \u0026quot;reallocarray()\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost\u003c/li\u003e\n\u003cli\u003eTheo and a few other developers have \u003ca href=\"https://secure.freshbsd.org/search?project=openbsd\u0026q=reallocarray\" rel=\"nofollow\"\u003ealready started\u003c/a\u003e a mass audit of the entire source tree, replacing many instances with this new feature\u003c/li\u003e\n\u003cli\u003eOpenBSD\u0026#39;s explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bothsidesofthence.tumblr.com/\" rel=\"nofollow\"\u003eSwitching from Linux blog\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux\u003c/li\u003e\n\u003cli\u003eAfter over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome)\u003c/li\u003e\n\u003cli\u003eSo far, he\u0026#39;s put up a few posts about his initial thoughts, some documentation he\u0026#39;s going through and his experiments so far\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll be an ongoing series, so we may check back in with him again later on\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=z6VQwOl4wE4\" rel=\"nofollow\"\u003eOwncloud in a FreeNAS jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the most common emails we get is about running Owncloud in FreeNAS\u003c/li\u003e\n\u003cli\u003eNow, finally, someone made a video on how to do just that, and it\u0026#39;s even jailed\u003c/li\u003e\n\u003cli\u003eA member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re looking for an easy way to back up and sync your files, this might be worth a watch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2XEsQdggZ\" rel=\"nofollow\"\u003eErnõ writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21EizH2aR\" rel=\"nofollow\"\u003eDavid writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s24SAJ5im6\" rel=\"nofollow\"\u003eKamil writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20ABZe0RD\" rel=\"nofollow\"\u003eTorsten writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s208jQs9c6\" rel=\"nofollow\"\u003eDominik writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://mail-index.netbsd.org/source-changes/2014/10/17/msg059564.html\" rel=\"nofollow\"\u003eThat\u0026#39;s not our IP\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-acpi/2014-June/008644.html\" rel=\"nofollow\"\u003eIs this thing on?\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD's IPSEC stack. We'll learn what he's adding, what needed to be fixed and how we'll benefit from the changes. As always, answers to your emails and all of this week's news, on BSD Now - the place to B.. SD.","date_published":"2014-10-29T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a0bfab13-8167-4b68-b1de-74122013593a.mp3","mime_type":"audio/mpeg","size_in_bytes":53960980,"duration_in_seconds":4496}]},{"id":"e61941d1-74ff-40d0-91f6-86ff864cf99b","title":"60: Don't Buy a Router","url":"https://www.bsdnow.tv/60","content_text":"This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSD Devroom CFP\n\n\nThis year's FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom\nThey've issued a call for papers on anything BSD-related, and we always love more presentations\nIf you're in the Belgium area or plan on going, submit a talk about something cool you're doing\nThere's also a mailing list and some more information in the original post\n***\n\n\nBhyve SVM code merge\n\n\nThe bhyve_svm code has been in the \"projects\" tree of FreeBSD, but is now ready for -CURRENT\nThis changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only\nAll the supported operating systems and utilities should work on both now\nOne thing to note: bhyve doesn't support PCI passthrough on AMD just yet\nThere may still be some issues though\n***\n\n\nNetBSD at Open Source Conference Tokyo\n\n\nThe Japanese NetBSD users group held a booth at another recent open source conference\nAs always, they were running NetBSD on everything you can imagine\nOne of the users reports back to the mailing list on their experience, providing lots of pictures and links\nHere's an interesting screenshot of NetBSD running various other BSDs in Xen\n***\n\n\nMore BSD switchers every day\n\n\nA decade-long Linux user is considering making the switch, and asks Reddit about the BSD community\nTired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect\nSo far, he's found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion\nThere's also another semi-related thread about another Linux user wanting to switch to BSD because of systemd and GNU people\nThere are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read\nMaybe the OPs should've just watched this show\n***\n\n\nInterview - Olivier Cochard-Labbé - olivier@cochard.me / @ocochardlabbe\n\nThe BSD Router Project\n\n\n\nNews Roundup\n\nFreeBSD -CURRENT on a T420\n\n\nThinkpads are quite popular with BSD developers and users\nMost of the hardware seems to be supported across the BSDs (especially wifi)\nThis article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI\nIf you've got a Thinkpad, or especially this specific one, have a look at some of the steps involved\n***\n\n\nFreeNAS on a Supermicro 5018A-MHN4\n\n\nMore and more people are migrating their NAS devices to BSD-based solutions\nIn this post, the author goes through setting up FreeNAS on some of his new hardware\nHis new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor\nThe rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures)\n***\n\n\nHardening procfs and linprocfs\n\n\nThere was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux\nThere exists a native procfs in FreeBSD, which was the target point of that exploit, but it's not used very often\nThe Linux emulation layer also supports its own linprocfs, which was affected as well\nThe HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs\nIf you want to learn more about ASLR and HardenedBSD, be sure to check out our interview with Shawn too\n***\n\n\npfSense monitoring with bandwidthd\n\n\nA lot of people run pfSense on their home network, and it's really useful to monitor the bandwidth usage\nThis article will walk you through setting up bandwidthd to do exactly that\nbandwidthd monitors based on the IP address, rather than per-interface\nIt can also build some cool HTML graphs, and we love those pfSense graphs\nHave a look at our bandwidth monitoring and testing tutorial for some more ideas\n***\n\n\nFeedback/Questions\n\n\nDave writes in\nChris writes in\nZeke writes in\nBostjan writes in\nPatrick writes in\n***\n\n\nMailing List Gold\n\n\nMore old bugs\nThe Right Font™ (see also)\n***\n","content_html":"\u003cp\u003eThis week on the show we\u0026#39;re joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We\u0026#39;ll be discussing what the BSD Router Project is, what it\u0026#39;s for and where it\u0026#39;s going. All this week\u0026#39;s headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.fosdem.org/pipermail/fosdem/2014-October/002038.html\" rel=\"nofollow\"\u003eBSD Devroom CFP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve issued a call for papers on anything BSD-related, and we always love more presentations\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re in the Belgium area or plan on going, submit a talk about something cool you\u0026#39;re doing\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also \u003ca href=\"https://lists.fosdem.org/listinfo/bsd-devroom\" rel=\"nofollow\"\u003ea mailing list\u003c/a\u003e and some more information in the original post\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002905.html\" rel=\"nofollow\"\u003eBhyve SVM code merge\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe bhyve_svm code has been in the \u0026quot;projects\u0026quot; tree of FreeBSD, but is \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=273375\" rel=\"nofollow\"\u003enow ready\u003c/a\u003e for -CURRENT\u003c/li\u003e\n\u003cli\u003eThis changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only\u003c/li\u003e\n\u003cli\u003eAll the supported operating systems and utilities should work on both now\u003c/li\u003e\n\u003cli\u003eOne thing to note: bhyve doesn\u0026#39;t support PCI passthrough on AMD just yet\u003c/li\u003e\n\u003cli\u003eThere may still be \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002935.html\" rel=\"nofollow\"\u003esome issues\u003c/a\u003e though\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://mail-index.netbsd.org/netbsd-advocacy/2014/10/20/msg000671.html\" rel=\"nofollow\"\u003eNetBSD at Open Source Conference Tokyo\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Japanese NetBSD users group held a booth at another recent open source conference\u003c/li\u003e\n\u003cli\u003eAs always, they were running NetBSD on everything you can imagine\u003c/li\u003e\n\u003cli\u003eOne of the users reports back to the mailing list on their experience, providing lots of pictures and links\u003c/li\u003e\n\u003cli\u003eHere\u0026#39;s an interesting \u003ca href=\"https://pbs.twimg.com/media/B0NnfcbCEAAmKIU.jpg:large\" rel=\"nofollow\"\u003escreenshot of NetBSD running various other BSDs in Xen\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/unix/comments/2il383/question_about_the_bsd_community_as_a_whole/\" rel=\"nofollow\"\u003eMore BSD switchers every day\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA decade-long Linux user is considering making the switch, and asks Reddit about the BSD community\u003c/li\u003e\n\u003cli\u003eTired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect\u003c/li\u003e\n\u003cli\u003eSo far, he\u0026#39;s found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also \u003ca href=\"https://www.reddit.com/r/BSD/comments/2jpxj9/question_about_the_current_state_of_freebsd/\" rel=\"nofollow\"\u003eanother semi-related thread\u003c/a\u003e about another Linux user wanting to switch to BSD because of systemd and GNU people\u003c/li\u003e\n\u003cli\u003eThere are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read\u003c/li\u003e\n\u003cli\u003eMaybe the OPs should\u0026#39;ve just watched this show\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Olivier Cochard-Labbé - \u003ca href=\"mailto:olivier@cochard.me\" rel=\"nofollow\"\u003eolivier@cochard.me\u003c/a\u003e / \u003ca href=\"https://twitter.com/ocochardlabbe\" rel=\"nofollow\"\u003e@ocochardlabbe\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe BSD Router Project\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.banym.de/freebsd/install-freebsd-11-on-thinkpad-t420\" rel=\"nofollow\"\u003eFreeBSD -CURRENT on a T420\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThinkpads are quite popular with BSD developers and users\u003c/li\u003e\n\u003cli\u003eMost of the hardware seems to be supported across the BSDs (especially wifi)\u003c/li\u003e\n\u003cli\u003eThis article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve got a Thinkpad, or especially this specific one, have a look at some of the steps involved\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.teckelworks.com/2014/10/building-a-freenas-server-with-a-supermicro-5018a-mhn4/\" rel=\"nofollow\"\u003eFreeNAS on a Supermicro 5018A-MHN4\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore and more people are migrating their NAS devices to BSD-based solutions\u003c/li\u003e\n\u003cli\u003eIn this post, the author goes through setting up FreeNAS on some of his new hardware\u003c/li\u003e\n\u003cli\u003eHis new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor\u003c/li\u003e\n\u003cli\u003eThe rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hardenedbsd.org/article/shawn-webb/2014-10-15/hardening-procfs-and-linprocfs\" rel=\"nofollow\"\u003eHardening procfs and linprocfs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux\u003c/li\u003e\n\u003cli\u003eThere exists a native procfs in FreeBSD, which was the target point of that exploit, but it\u0026#39;s not used very often\u003c/li\u003e\n\u003cli\u003eThe Linux emulation layer also supports its own linprocfs, which was affected as well\u003c/li\u003e\n\u003cli\u003eThe HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs\u003c/li\u003e\n\u003cli\u003eIf you want to learn more about ASLR and HardenedBSD, be sure to check out \u003ca href=\"http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover\" rel=\"nofollow\"\u003eour interview with Shawn\u003c/a\u003e too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pfsensesetup.com/bandwidth-monitoring-with-bandwidthd/\" rel=\"nofollow\"\u003epfSense monitoring with bandwidthd\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA lot of people run pfSense on their home network, and it\u0026#39;s really useful to monitor the bandwidth usage\u003c/li\u003e\n\u003cli\u003eThis article will walk you through setting up bandwidthd to do exactly that\u003c/li\u003e\n\u003cli\u003ebandwidthd monitors based on the IP address, rather than per-interface\u003c/li\u003e\n\u003cli\u003eIt can also build some cool HTML graphs, and we love those pfSense graphs\u003c/li\u003e\n\u003cli\u003eHave a look at our \u003ca href=\"http://www.bsdnow.tv/tutorials/vnstat-iperf\" rel=\"nofollow\"\u003ebandwidth monitoring and testing\u003c/a\u003e tutorial for some more ideas\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2b5ZZ5qCv\" rel=\"nofollow\"\u003eDave writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20aVvhv2d\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Vmwxy1QM\" rel=\"nofollow\"\u003eZeke writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2LB6MKoNT\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2xxB9uOuV\" rel=\"nofollow\"\u003ePatrick writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-tech\u0026m=141357595922692\u0026w=2\" rel=\"nofollow\"\u003eMore\u003c/a\u003e \u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141358124924479\u0026w=2\" rel=\"nofollow\"\u003eold bugs\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.marc.info/?l=openbsd-cvs\u0026m=141332534304117\u0026w=2\" rel=\"nofollow\"\u003eThe Right Font™\u003c/a\u003e (\u003ca href=\"https://twitter.com/blakkheim/status/522162864409546753\" rel=\"nofollow\"\u003esee also\u003c/a\u003e)\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD.","date_published":"2014-10-22T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e61941d1-74ff-40d0-91f6-86ff864cf99b.mp3","mime_type":"audio/mpeg","size_in_bytes":49443412,"duration_in_seconds":4120}]},{"id":"b1712d17-1c5f-4c0a-8722-3ad171336d67","title":"59: BSDって聞いたことある？","url":"https://www.bsdnow.tv/59","content_text":"This week on the show we'll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSD talks at XDC 2014\n\n\nThis year's Xorg conference featured a few BSD-related talks\nMatthieu Herrb, Status of the OpenBSD graphics stack\nMatthieu's talk details what's been done recently in Xenocara the OpenBSD kernel for graphics (slides here)\nJean-Sébastien Pédron, The status of the graphics stack on FreeBSD \nHis presentation gives a history of major changes and outlines the current overall status of graphics in FreeBSD (slides here)\nFrancois Tigeot, Porting DRM/KMS drivers to DragonFlyBSD\nFrancois' talk tells the story of how he ported some of the DRM and KMS kernel drivers to DragonFly (slides here)\n***\n\n\nFreeBSD Quarterly Status Report\n\n\nThe FreeBSD project has a report of their activities between July and September of this year\nLots of ARM work has been done, and a goal for 11.0 is tier one support for the platform\nThe release includes reports from the cluster admin team, release team, ports team, core team and much more, but we've already covered most of the items on the show\nIf you're interested in seeing what the FreeBSD community has been up to lately, check the full report - it's huge\n***\n\n\nMonitoring pfSense logs using ELK\n\n\nIf you're one of those people who loves the cool graphs and charts that pfSense can produce, this is the post for you\nELK (ElasticSearch, Logstash, Kibana) is a group of tools that let you collect, store, search and (most importantly) visualize logs\nIt works with lots of different things that output logs and can be sent to one central server for displaying\nThis post shows you how to set up pfSense to do remote logging to ELK and get some pretty awesome graphs\n***\n\n\nSome updates to IPFW\n\n\nEven though PF gets a lot of attention, a lot of FreeBSD people still love IPFW\nWhile mostly a dormant section of the source tree, some updates were recently committed to -CURRENT\nThe commit lists the user-visible changes, performance changes, ABI changes and internal changes\nIt should be merged back to -STABLE after a month or so of testing, and will probably end up in 10.2-RELEASE\nAlso check this blog post for some more information and fancy graphs\n***\n\n\nInterview - Hiroki Sato (佐藤広生) - hrs@freebsd.org / @hiroki_sato\n\nBSD in Japan, technology conferences, various topics\n\n\n\nNews Roundup\n\npfSense on Hyper-V\n\n\nIn case you didn't know, the latest pfSense snapshots support running on Hyper-V\nUnfortunately, the current stable release is based on an old, unsupported FreeBSD 8.x base, so you have to use the snapshots for now\nThe author of the post tells about his experience running pfSense and gives lots of links to read if you're interested in doing the same\nHe also praises pfSense above other Linux-based solutions for its IPv6 support and high quality code\n***\n\n\nOpenBSD as a daily driver\n\n\nA curious Reddit user posts to ask the community about using OpenBSD as an everyday desktop OS\nThe overall consensus is that it works great for that, stays out of your way and is quite reliable\nCaveats would include there being no Adobe Flash support (though others consider this a blessing..) and it requiring a more hands-on approach to updating\nIf you're considering running OpenBSD as a \"daily driver,\" check all the comments for more information and tips\n***\n\n\nGetting PF log statistics\n\n\nThe author of this post runs an OpenBSD box in front of all his VMs at his colocation, and details his experiences with firewall logs\nHe usually investigates any IPs of interest with whois, nslookup, etc. - but this gets repetitive quickly, so..\nHe sets out to find the best way to gather firewall log statistics\nAfter coming across a perl script to do this, he edited it a bit and is now a happy, lazy admin once again\nYou can try out his updated PF script here\n***\n\n\nFlashRD 1.7 released\n\n\nIn case anyone's not familiar, flashrd is a tool to create OpenBSD images for embedded hardware devices, executing from a virtualized environment\nThis new version is based on (the currently unreleased) OpenBSD 5.6, and automatically adapts to the number of CPUs you have for building\nIt also includes fixes for 4k drives and lots of various other improvements\nIf you're interested in learning more, take a look at some of the slides and audio from the main developer on the website\n***\n\n\nFeedback/Questions\n\n\nAntonio writes in\nDon writes in\nAndriy writes in\nRichard writes in\nRobert writes in\n***\n\n\nMailing List Gold\n\n\nSubtle trolling\nOld bugs with old fixes\nA pig reinstall\nStrange DOS-like environment\n***\n","content_html":"\u003cp\u003eThis week on the show we\u0026#39;ll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/channel/UCXlH5v1PkEhjzLFTUTm_U7g/videos\" rel=\"nofollow\"\u003eBSD talks at XDC 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s Xorg conference featured a few BSD-related talks\u003c/li\u003e\n\u003cli\u003eMatthieu Herrb, \u003ca href=\"https://www.youtube.com/watch?v=KopgD4nTtnA\" rel=\"nofollow\"\u003eStatus of the OpenBSD graphics stack\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatthieu\u0026#39;s talk details what\u0026#39;s been done recently in Xenocara the OpenBSD kernel for graphics (\u003ca href=\"http://www.openbsd.org/papers/xdc2014-xenocara.pdf\" rel=\"nofollow\"\u003eslides here\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJean-Sébastien Pédron, \u003ca href=\"https://www.youtube.com/watch?v=POmxFleN3Bc\" rel=\"nofollow\"\u003eThe status of the graphics stack on FreeBSD\u003c/a\u003e \u003c/li\u003e\n\u003cli\u003eHis presentation gives a history of major changes and outlines the current overall status of graphics in FreeBSD (\u003ca href=\"http://www.x.org/wiki/Events/XDC2014/XDC2014PedronFreeBSD/XDC-2014_FreeBSD.pdf\" rel=\"nofollow\"\u003eslides here\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFrancois Tigeot, \u003ca href=\"https://www.youtube.com/watch?v=NdM7_yPGFDk\" rel=\"nofollow\"\u003ePorting DRM/KMS drivers to DragonFlyBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFrancois\u0026#39; talk tells the story of how he ported some of the DRM and KMS kernel drivers to DragonFly (\u003ca href=\"http://www.x.org/wiki/Events/XDC2014/XDC2014TigeotDragonFlyBSD/XDC-2014_Porting_kms_drivers_to_DragonFly.pdf\" rel=\"nofollow\"\u003eslides here\u003c/a\u003e)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2014-07-2014-09.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD project has a report of their activities between July and September of this year\u003c/li\u003e\n\u003cli\u003eLots of ARM work has been done, and a goal for 11.0 is tier one support for the platform\u003c/li\u003e\n\u003cli\u003eThe release includes reports from the cluster admin team, release team, ports team, core team and much more, but we\u0026#39;ve already covered most of the items on the show\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in seeing what the FreeBSD community has been up to lately, check the full report - it\u0026#39;s huge\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/\" rel=\"nofollow\"\u003eMonitoring pfSense logs using ELK\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;re one of those people who loves the cool graphs and charts that pfSense can produce, this is the post for you\u003c/li\u003e\n\u003cli\u003eELK (ElasticSearch, Logstash, Kibana) is a group of tools that let you collect, store, search and (most importantly) visualize logs\u003c/li\u003e\n\u003cli\u003eIt works with lots of different things that output logs and can be sent to one central server for displaying\u003c/li\u003e\n\u003cli\u003eThis post shows you how to set up pfSense to do remote logging to ELK and get some pretty awesome graphs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=272840\" rel=\"nofollow\"\u003eSome updates to IPFW\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEven though PF gets a lot of attention, a lot of FreeBSD people still love IPFW\u003c/li\u003e\n\u003cli\u003eWhile mostly a dormant section of the source tree, some updates were recently committed to -CURRENT\u003c/li\u003e\n\u003cli\u003eThe commit lists the user-visible changes, performance changes, ABI changes and internal changes\u003c/li\u003e\n\u003cli\u003eIt should be merged back to -STABLE after a month or so of testing, and will probably end up in 10.2-RELEASE\u003c/li\u003e\n\u003cli\u003eAlso check \u003ca href=\"http://blog.cochard.me/2014/10/ipfw-improvement-on-freebsd-current.html\" rel=\"nofollow\"\u003ethis blog post\u003c/a\u003e for some more information and fancy graphs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Hiroki Sato (佐藤広生) - \u003ca href=\"mailto:hrs@freebsd.org\" rel=\"nofollow\"\u003ehrs@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/hiroki_sato\" rel=\"nofollow\"\u003e@hiroki_sato\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD in Japan, technology conferences, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://virtual-ops.de/?p=600\" rel=\"nofollow\"\u003epfSense on Hyper-V\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn case you didn\u0026#39;t know, the latest pfSense snapshots support running on Hyper-V\u003c/li\u003e\n\u003cli\u003eUnfortunately, the current stable release is based on an old, unsupported FreeBSD 8.x base, so you have to use the snapshots for now\u003c/li\u003e\n\u003cli\u003eThe author of the post tells about his experience running pfSense and gives lots of links to read if you\u0026#39;re interested in doing the same\u003c/li\u003e\n\u003cli\u003eHe also praises pfSense above other Linux-based solutions for its IPv6 support and high quality code\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/openbsd/comments/2isz24/openbsd_as_a_daily_driver/\" rel=\"nofollow\"\u003eOpenBSD as a daily driver\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA curious Reddit user posts to ask the community about using OpenBSD as an everyday desktop OS\u003c/li\u003e\n\u003cli\u003eThe overall consensus is that it works great for that, stays out of your way and is quite reliable\u003c/li\u003e\n\u003cli\u003eCaveats would include there being no Adobe Flash support (though others consider this a blessing..) and it requiring a more hands-on approach to updating\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re considering running OpenBSD as a \u0026quot;daily driver,\u0026quot; check all the comments for more information and tips\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://secure.ciscodude.net/2014/10/09/firewall-log-stats/\" rel=\"nofollow\"\u003eGetting PF log statistics\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author of this post runs an OpenBSD box in front of all his VMs at his colocation, and details his experiences with firewall logs\u003c/li\u003e\n\u003cli\u003eHe usually investigates any IPs of interest with whois, nslookup, etc. - but this gets repetitive quickly, so..\u003c/li\u003e\n\u003cli\u003eHe sets out to find the best way to gather firewall log statistics\u003c/li\u003e\n\u003cli\u003eAfter coming across \u003ca href=\"http://www.pantz.org/software/pf/pantzpfblockstats.html\" rel=\"nofollow\"\u003ea perl script\u003c/a\u003e to do this, he edited it a bit and is now a happy, lazy admin once again\u003c/li\u003e\n\u003cli\u003eYou can try out his updated PF script \u003ca href=\"https://github.com/tbaschak/Pantz-PFlog-Stats\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.nmedia.net/flashrd/\" rel=\"nofollow\"\u003eFlashRD 1.7 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn case anyone\u0026#39;s not familiar, flashrd is a tool to create OpenBSD images for embedded hardware devices, executing from a virtualized environment\u003c/li\u003e\n\u003cli\u003eThis new version is based on (the currently unreleased) OpenBSD 5.6, and automatically adapts to the number of CPUs you have for building\u003c/li\u003e\n\u003cli\u003eIt also includes fixes for 4k drives and lots of various other improvements\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in learning more, take a look at some of the slides and audio from the main developer on the website\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20XvSa4h0\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20lGUXW3d\" rel=\"nofollow\"\u003eDon writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2al5DFIO7\" rel=\"nofollow\"\u003eAndriy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s203QoFuWs\" rel=\"nofollow\"\u003eRichard writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s29WIplL6k\" rel=\"nofollow\"\u003eRobert writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eMailing List Gold\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=141271076115386\u0026w=2\" rel=\"nofollow\"\u003eSubtle trolling\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://marc.info/?l=openbsd-cvs\u0026m=141275713329601\u0026w=2\" rel=\"nofollow\"\u003eOld bugs with old fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports/2014-October/095906.html\" rel=\"nofollow\"\u003eA pig reinstall\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-doc/2014-October/024408.html\" rel=\"nofollow\"\u003eStrange DOS-like environment\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show we'll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now - the place to B.. SD.","date_published":"2014-10-15T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b1712d17-1c5f-4c0a-8722-3ad171336d67.mp3","mime_type":"audio/mpeg","size_in_bytes":57694324,"duration_in_seconds":4807}]},{"id":"987ec34a-a4f6-4c08-afa9-f39b542e05c5","title":"58: Behind the Masq","url":"https://www.bsdnow.tv/58","content_text":"Coming up this week on the show, we'll be talking to Matt Ranney and George Kola about how they use FreeBSD at Voxer, and how to get more companies to switch over. After that, we'll show you how to filter website ads at the gateway level, using DNSMasq. All this week's news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nNetBSD's EuroBSDCon report\n\n\nThis year's EuroBSDCon had the record number of NetBSD developers attending\nThe NetBSD guys had a small devsummit as well, and this blog post details some of their activities\nPierre Pronchery also talked about EdgeBSD there (also see our interview if you haven't already)\nHopefully this trend continues, and NetBSD starts to have even more of a presence at the conferences\n***\n\n\nUpcoming features in OpenBSD 5.6\n\n\nOpenBSD 5.6 is to be released in just under a month from now, and one of the developers wrote a blog post about some of the new features\nThe post is mostly a collection of various links, many of which we've discussed before\nIt'll be the first version with LibreSSL and many other cool things\nWe will, of course, have all the details on the day of release\nThere are some good comments on hacker news about 5.6 as well \n***\n\n\nFreeBSD ARMv8-based implementation\n\n\nThe FreeBSD foundation is sponsoring some work to port FreeBSD to the new ThunderX ARM CPU family\nWith the potential to have up to 48 cores, this type of CPU might make ARM-based servers a more appealing option\nCavium, the company involved with this deal, seems to have lots of BSD fans\nThis collaboration is expected to result in Tier 1 recognition of the ARMv8 architecture\n***\n\n\nUpdating orphaned OpenBSD ports\n\n\nWe discussed OpenBSD porting over portscout from FreeBSD a while back\nTheir ports team is making full use of it now, and they're also looking for people to help update some unmaintained ports\nA new subdomain, portroach.openbsd.org, will let you view all the ports information easily\nIf you're interested in learning to port software, or just want to help update a port you use, this is a good chance to get involved\n***\n\n\nInterview - Matt Ranney \u0026amp; George Kola - mjr@ranney.com \u0026amp; george.kola@voxer.com\n\nBSD at Voxer, companies switching from Linux, community interaction\n\n\n\nTutorial\n\nAdblocking with DNSMasq \u0026amp; Pixelserv\n\n\n\nNews Roundup\n\nGhostBSD 4.0 released\n\n\nThe 4.0 branch of GhostBSD has finally been released, based on FreeBSD 10\nWith it come all the big 10.0 changes: clang instead of gcc, pkgng by default, make replaced by bmake\nMate is now the default desktop, with different workstation styles to choose from\n***\n\n\nReports from PF about banned IPs\n\n\nIf you run any kind of public-facing server, you've probably seen your logs fill up with unwanted traffic\nThis is especially true if you run SSH on port 22, which the author of this post seems to\nA lot can be done with just PF and some brute force tables\nHe goes through some different options for blocking Chinese IPs and break-in attempts\nIt includes a useful script he wrote to get reports about the IPs being blocked via email\n***\n\n\nNetBSD 6.1.5 and 6.0.6 released\n\n\nThe 6.1 and 6.0 branches of NetBSD got some updates\nThey include a number of security and stability fixes - plenty of OpenSSL mentions\nVarious panics and other small bugs also got fixed\n***\n\n\nOpenSSH 6.7 released\n\n\nAfter a long delay, OpenSSH 6.7 has finally been released\nMajor internal refactoring has been done to make part of OpenSSH usable as a library\nSFTP transfers can now be resumed\nLots of bug fixes, a few more new features - check the release notes for all the details\nThis release disables some insecure ciphers by default, so keep that in mind if you connect with legacy clients that use Arcfour or CBC modes\n***\n\n\nFeedback/Questions\n\n\nAndriy writes in\nKarl writes in\nPossnfiffer writes in\nBrad writes in\nSolomon writes in\n***\n","content_html":"\u003cp\u003eComing up this week on the show, we\u0026#39;ll be talking to Matt Ranney and George Kola about how they use FreeBSD at Voxer, and how to get more companies to switch over. After that, we\u0026#39;ll show you how to filter website ads at the gateway level, using DNSMasq. All this week\u0026#39;s news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_developer_summit_at_eurobsdcon\" rel=\"nofollow\"\u003eNetBSD\u0026#39;s EuroBSDCon report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s EuroBSDCon had the record number of NetBSD developers attending\u003c/li\u003e\n\u003cli\u003eThe NetBSD guys had a small devsummit as well, and this blog post details some of their activities\u003c/li\u003e\n\u003cli\u003ePierre Pronchery also talked about EdgeBSD there (also see \u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_01-edgy_bsd_users\" rel=\"nofollow\"\u003eour interview\u003c/a\u003e if you haven\u0026#39;t already)\u003c/li\u003e\n\u003cli\u003eHopefully this trend continues, and NetBSD starts to have even more of a presence at the conferences\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lteo.net/blog/2014/10/01/a-sneak-peek-at-the-upcoming-openbsd-5-dot-6-release/\" rel=\"nofollow\"\u003eUpcoming features in OpenBSD 5.6\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD 5.6 is to be released in just under a month from now, and one of the developers wrote a blog post about some of the new features\u003c/li\u003e\n\u003cli\u003eThe post is mostly a collection of various links, many of which we\u0026#39;ve discussed before\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll be the first version with LibreSSL and many other cool things\u003c/li\u003e\n\u003cli\u003eWe will, of course, have all the details on the day of release\u003c/li\u003e\n\u003cli\u003eThere are some good \u003ca href=\"https://news.ycombinator.com/item?id=8413028\" rel=\"nofollow\"\u003ecomments\u003c/a\u003e on hacker news about 5.6 as well \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.prnewswire.com/news-releases/cavium-to-sponsor-freebsd-armv8-based-implementation-277724361.html\" rel=\"nofollow\"\u003eFreeBSD ARMv8-based implementation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation is sponsoring some work to port FreeBSD to the new ThunderX ARM CPU family\u003c/li\u003e\n\u003cli\u003eWith the potential to have up to 48 cores, this type of CPU might make ARM-based servers a more appealing option\u003c/li\u003e\n\u003cli\u003eCavium, the company involved with this deal, seems to have lots of BSD fans\u003c/li\u003e\n\u003cli\u003eThis collaboration is expected to result in Tier 1 recognition of the ARMv8 architecture\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://marc.info/?l=openbsd-ports\u0026m=141235737615585\u0026w=2\" rel=\"nofollow\"\u003eUpdating orphaned OpenBSD ports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe discussed OpenBSD porting over portscout from FreeBSD a while back\u003c/li\u003e\n\u003cli\u003eTheir ports team is making full use of it now, and they\u0026#39;re also looking for people to help update some unmaintained ports\u003c/li\u003e\n\u003cli\u003eA new subdomain, \u003ca href=\"http://portroach.openbsd.org/\" rel=\"nofollow\"\u003eportroach.openbsd.org\u003c/a\u003e, will let you view all the ports information easily\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in learning to port software, or just want to help update a port you use, this is a good chance to get involved\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Matt Ranney \u0026amp; George Kola - \u003ca href=\"mailto:mjr@ranney.com\" rel=\"nofollow\"\u003emjr@ranney.com\u003c/a\u003e \u0026amp; \u003ca href=\"mailto:george.kola@voxer.com\" rel=\"nofollow\"\u003egeorge.kola@voxer.com\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD at Voxer, companies switching from Linux, community interaction\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/dnsmasq\" rel=\"nofollow\"\u003eAdblocking with DNSMasq \u0026amp; Pixelserv\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ghostbsd.org/4.0-release\" rel=\"nofollow\"\u003eGhostBSD 4.0 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe 4.0 branch of GhostBSD has finally been released, based on FreeBSD 10\u003c/li\u003e\n\u003cli\u003eWith it come all the big 10.0 changes: clang instead of gcc, pkgng by default, make replaced by bmake\u003c/li\u003e\n\u003cli\u003eMate is now the default desktop, with different workstation styles to choose from\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ypnose.org/blog/2014/newbrute-pf.html\" rel=\"nofollow\"\u003eReports from PF about banned IPs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you run any kind of public-facing server, you\u0026#39;ve probably seen your logs fill up with unwanted traffic\u003c/li\u003e\n\u003cli\u003eThis is especially true if you run SSH on port 22, which the author of this post seems to\u003c/li\u003e\n\u003cli\u003eA lot can be done with just PF and some brute force tables\u003c/li\u003e\n\u003cli\u003eHe goes through some different options for blocking Chinese IPs and break-in attempts\u003c/li\u003e\n\u003cli\u003eIt includes a useful script he wrote to get reports about the IPs being blocked via email\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_6_1_5_and\" rel=\"nofollow\"\u003eNetBSD 6.1.5 and 6.0.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe 6.1 and 6.0 branches of NetBSD got some updates\u003c/li\u003e\n\u003cli\u003eThey include a number of security and stability fixes - plenty of OpenSSL mentions\u003c/li\u003e\n\u003cli\u003eVarious panics and other small bugs also got fixed\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-announce/2014-October/000119.html\" rel=\"nofollow\"\u003eOpenSSH 6.7 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a long delay, OpenSSH 6.7 has finally been released\u003c/li\u003e\n\u003cli\u003eMajor internal refactoring has been done to make part of OpenSSH usable as a library\u003c/li\u003e\n\u003cli\u003eSFTP transfers can now be resumed\u003c/li\u003e\n\u003cli\u003eLots of bug fixes, a few more new features - check the release notes for all the details\u003c/li\u003e\n\u003cli\u003eThis release disables some insecure ciphers by default, so keep that in mind if you connect with legacy clients that use Arcfour or CBC modes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s218tT9C7v\" rel=\"nofollow\"\u003eAndriy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2WY5R5e0l\" rel=\"nofollow\"\u003eKarl writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20z8MPBVw\" rel=\"nofollow\"\u003ePossnfiffer writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21h2Yx5al\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21xu9U0qt\" rel=\"nofollow\"\u003eSolomon writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week on the show, we'll be talking to Matt Ranney and George Kola about how they use FreeBSD at Voxer, and how to get more companies to switch over. After that, we'll show you how to filter website ads at the gateway level, using DNSMasq. All this week's news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2014-10-08T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/987ec34a-a4f6-4c08-afa9-f39b542e05c5.mp3","mime_type":"audio/mpeg","size_in_bytes":54646708,"duration_in_seconds":4553}]},{"id":"fe6cb8d4-b1ab-4260-a466-435ed66e003f","title":"57: The Daemon's Apprentice","url":"https://www.bsdnow.tv/57","content_text":"We're back from EuroBSDCon! This week we'll be talking with Steve Wills about mentoring new BSD developers. If you've ever considered becoming a developer or helping out, it's actually really easy to get involved. We've also got all the BSD news for the week and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nNetBSD at Hiroshima Open Source Conference\n\n\nNetBSD developers are hard at work, putting NetBSD on everything they can find\nAt a technology conference in Hiroshima, some developers brought their exotic machines to put on display\nAs usual, there are lots of pictures and a nice report from the conference\n***\n\n\nFreeBSD's Linux emulation overhaul\n\n\nFor a long time, FreeBSD's emulation layer has been based on an ancient Fedora 10 system\nIf you've ever needed to install Adobe Flash on BSD, you'll be stuck with all this extra junk\nWith some recent work, that's been replaced with a recent CentOS release\nThis opens up the door for newer versions of Skype to run on FreeBSD, and maybe even Steam someday\n***\n\n\npfSense 2.2-BETA\n\n\nBig changes are coming in pfSense land, with their upcoming 2.2 release\nWe talked to the developer a while back about future plans, and now they're finally out there\nThe 2.2 branch will be based on FreeBSD 10-STABLE (instead of 8.3) and include lots of performance fixes\nIt also includes some security updates, lots of package changes and updates and much more\nYou can check the full list of changes on their wiki\n***\n\n\nNetBSD on the Raspberry Pi\n\n\nThis article shows how you can install NetBSD on the ever-so-popular Raspberry Pi\nAs of right now, you'll need to use a -CURRENT snapshot to do it\nIt also shows how to grow the filesystem to fill up an SD card, some pkgsrc basics and how to get some initial things set up\nCan anyone find something that you can't install NetBSD on?\n***\n\n\nInterview - Steve Wills - swills@freebsd.org / @swills\n\nMentoring new BSD developers\n\n\n\nNews Roundup\n\nMidnightBSD 0.5 released\n\n\nWe don't hear a whole lot about MidnightBSD, but they've just released version 0.5\nIt's got a round of the latest FreeBSD security patches, driver updates and various small things\nMaybe one of their developers could come on the show sometime and tell us more about the project\n***\n\n\nBSD Router Project 1.52 released\n\n\nThe newest update for the BSD Router Project is out\nThis version is based on a snapshot of 10-STABLE that's very close to 10.1-RELEASE\nIt's mostly a bugfix release, but includes some small changes and package updates\n***\n\n\nConfiguring a DragonFly BSD desktop\n\n\nWe've done tutorials on how to set up a FreeBSD or OpenBSD desktop, but maybe you're more interested in DragonFly\nIn this post from Justin Sherrill, you'll learn some of the steps to do just that\nHe pulled out an old desktop machine, gave it a try and seems to be pleased with the results\nIt includes a few Xorg tips, and there are some comments about the possibility of making a GUI DragonFly installer\n***\n\n\nBuilding a mini-ITX pfSense box\n\n\nAnother week, another pfSense firewall build post\nThis time, the author is installing to a Jetway J7F2, a mini-ITX device with four LAN ports\nHe used to be a m0n0wall guy, but wanted to give the more modern pfSense a try\nLots of great pictures of the hardware, which we always love\n***\n\n\nFeedback/Questions\n\n\nDamian writes in\nJan writes in\nDale writes in\nJoe writes in\nBostjan writes in\n***\n","content_html":"\u003cp\u003eWe\u0026#39;re back from EuroBSDCon! This week we\u0026#39;ll be talking with Steve Wills about mentoring new BSD developers. If you\u0026#39;ve ever considered becoming a developer or helping out, it\u0026#39;s actually really easy to get involved. We\u0026#39;ve also got all the BSD news for the week and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2014/09/26/msg000669.html\" rel=\"nofollow\"\u003eNetBSD at Hiroshima Open Source Conference\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD developers are hard at work, putting NetBSD on everything they can find\u003c/li\u003e\n\u003cli\u003eAt a technology conference in Hiroshima, some developers brought their exotic machines to put on display\u003c/li\u003e\n\u003cli\u003eAs usual, there are lots of pictures and a nice report from the conference\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?limit_changes=0\u0026view=revision\u0026revision=368845\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s Linux emulation overhaul\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor a long time, FreeBSD\u0026#39;s emulation layer has been based on an ancient Fedora 10 system\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve ever needed to install Adobe Flash on BSD, you\u0026#39;ll be stuck with all this extra junk\u003c/li\u003e\n\u003cli\u003eWith some recent work, that\u0026#39;s been replaced with a recent CentOS release\u003c/li\u003e\n\u003cli\u003eThis opens up the door for newer versions of Skype to run on FreeBSD, and maybe even Steam someday\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1449\" rel=\"nofollow\"\u003epfSense 2.2-BETA\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBig changes are coming in pfSense land, with their upcoming 2.2 release\u003c/li\u003e\n\u003cli\u003eWe \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense\" rel=\"nofollow\"\u003etalked to the developer\u003c/a\u003e a while back about future plans, and now they\u0026#39;re finally out there\u003c/li\u003e\n\u003cli\u003eThe 2.2 branch will be based on FreeBSD 10-STABLE (instead of 8.3) and include lots of performance fixes\u003c/li\u003e\n\u003cli\u003eIt also includes some security updates, lots of package changes and updates and much more\u003c/li\u003e\n\u003cli\u003eYou can check the \u003ca href=\"https://doc.pfsense.org/index.php/2.2_New_Features_and_Changes\" rel=\"nofollow\"\u003efull list of changes\u003c/a\u003e on their wiki\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.cambus.net/netbsd-on-the-raspberry-pi/\" rel=\"nofollow\"\u003eNetBSD on the Raspberry Pi\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis article shows how you can install NetBSD on the ever-so-popular Raspberry Pi\u003c/li\u003e\n\u003cli\u003eAs of right now, you\u0026#39;ll need to use a -CURRENT snapshot to do it\u003c/li\u003e\n\u003cli\u003eIt also shows how to grow the filesystem to fill up an SD card, some pkgsrc basics and how to get some initial things set up\u003c/li\u003e\n\u003cli\u003eCan anyone find something that you can\u0026#39;t install NetBSD on?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Steve Wills - \u003ca href=\"mailto:swills@freebsd.org\" rel=\"nofollow\"\u003eswills@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/swills\" rel=\"nofollow\"\u003e@swills\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eMentoring new BSD developers\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.midnightbsd.org/notes/\" rel=\"nofollow\"\u003eMidnightBSD 0.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe don\u0026#39;t hear a whole lot about MidnightBSD, but they\u0026#39;ve just released version 0.5\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s got a round of the latest FreeBSD security patches, driver updates and various small things\u003c/li\u003e\n\u003cli\u003eMaybe one of their developers could come on the show sometime and tell us more about the project\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.52/\" rel=\"nofollow\"\u003eBSD Router Project 1.52 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe newest update for the BSD Router Project is out\u003c/li\u003e\n\u003cli\u003eThis version is based on a snapshot of 10-STABLE that\u0026#39;s very close to 10.1-RELEASE\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s mostly a bugfix release, but includes some small changes and package updates\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflydigest.com/2014/09/19/14751.html\" rel=\"nofollow\"\u003eConfiguring a DragonFly BSD desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve done tutorials on how to set up a FreeBSD or OpenBSD desktop, but maybe you\u0026#39;re more interested in DragonFly\u003c/li\u003e\n\u003cli\u003eIn this post from Justin Sherrill, you\u0026#39;ll learn some of the steps to do just that\u003c/li\u003e\n\u003cli\u003eHe pulled out an old desktop machine, gave it a try and seems to be pleased with the results\u003c/li\u003e\n\u003cli\u003eIt includes a few Xorg tips, and there are some comments about the possibility of making a GUI DragonFly installer\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pakitong.blogspot.com/2014/09/jetway-j7f2-four-lan-mini-itx-for.html\" rel=\"nofollow\"\u003eBuilding a mini-ITX pfSense box\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother week, another pfSense firewall build post\u003c/li\u003e\n\u003cli\u003eThis time, the author is installing to a Jetway J7F2, a mini-ITX device with four LAN ports\u003c/li\u003e\n\u003cli\u003eHe used to be a m0n0wall guy, but wanted to give the more modern pfSense a try\u003c/li\u003e\n\u003cli\u003eLots of great pictures of the hardware, which we always love\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2184TfOKD\" rel=\"nofollow\"\u003eDamian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20uAdTwLv\" rel=\"nofollow\"\u003eJan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20es52IgZ\" rel=\"nofollow\"\u003eDale writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2mjulpac6\" rel=\"nofollow\"\u003eJoe writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2BvNC8cgi\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We're back from EuroBSDCon! This week we'll be talking with Steve Wills about mentoring new BSD developers. If you've ever considered becoming a developer or helping out, it's actually really easy to get involved. We've also got all the BSD news for the week and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2014-10-01T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/fe6cb8d4-b1ab-4260-a466-435ed66e003f.mp3","mime_type":"audio/mpeg","size_in_bytes":65007508,"duration_in_seconds":5417}]},{"id":"ef260b07-d765-4154-9f4e-3fc616050361","title":"56: Beastly Infrastructure","url":"https://www.bsdnow.tv/56","content_text":"This week we're on the other side of the Atlantic, attending EuroBSDCon. For now, we've got an awesome interview with Peter Wemm about the FreeBSD web cluster and infrastructure. It's an inside look that you probably won't hear about anywhere else! We'll also get to a couple of your emails today, and be back next week with all the usual goodies, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Peter Wemm - peter@freebsd.org / @karinjiri\n\nThe FreeBSD web cluster and infrastructure\n\n\n\nFeedback/Questions\n\n\nTodd writes in\nBrandon writes in\n***\n","content_html":"\u003cp\u003eThis week we\u0026#39;re on the other side of the Atlantic, attending EuroBSDCon. For now, we\u0026#39;ve got an awesome interview with Peter Wemm about the FreeBSD web cluster and infrastructure. It\u0026#39;s an inside look that you probably won\u0026#39;t hear about anywhere else! We\u0026#39;ll also get to a couple of your emails today, and be back next week with all the usual goodies, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Peter Wemm - \u003ca href=\"mailto:peter@freebsd.org\" rel=\"nofollow\"\u003epeter@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/karinjiri\" rel=\"nofollow\"\u003e@karinjiri\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe FreeBSD web cluster and infrastructure\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2LRZu3hlI\" rel=\"nofollow\"\u003eTodd writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21JeoW1rn\" rel=\"nofollow\"\u003eBrandon writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we're on the other side of the Atlantic, attending EuroBSDCon. For now, we've got an awesome interview with Peter Wemm about the FreeBSD web cluster and infrastructure. It's an inside look that you probably won't hear about anywhere else! We'll also get to a couple of your emails today, and be back next week with all the usual goodies, on BSD Now - the place to B.. SD.","date_published":"2014-09-24T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ef260b07-d765-4154-9f4e-3fc616050361.mp3","mime_type":"audio/mpeg","size_in_bytes":41104084,"duration_in_seconds":3425}]},{"id":"138f743e-c056-4292-9d04-7a7022b34944","title":"55: The Promised WLAN","url":"https://www.bsdnow.tv/55","content_text":"Coming up this week, we'll be talking with Adrian Chadd about all things wireless, his experience with FreeBSD on various laptop hardware and a whole lot more. As usual, we've got the latest news and answers to all your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 10.1-BETA1 is out\n\n\nThe first maintenance update in the 10.x series of FreeBSD is on its way\nSince we can't see a changelog yet, the 10-STABLE release notes offer a glimpse at some of the new features and fixes that will be included in 10.1\nThe vt driver was merged from -CURRENT, lots of drivers were updated, lots of bugs were fixed and bhyve also got many improvements from 11\nInitial UEFI support, multithreaded softupdates for UFS and many more things were added\nYou can check the release schedule for the planned release dates\nDetails for the various forms of release media can be found in the announcement\n***\n\n\nRemote headless OpenBSD installation\n\n\nA lot of server providers only offer a limited number of operating systems to be easily installed on their boxes\nSometimes you'll get lucky and they'll offer FreeBSD, but it's much harder to find ones that natively support other BSDs\nThis article shows how you can use a Linux-based rescue system, a RAM disk and QEMU to install OpenBSD on the bare metal of a server, headlessly and remotely\nIt required a few specific steps you'll want to take note of, but is extremely useful for those pesky hosting providers\n***\n\n\nBuilding a firewall appliance with pfSense\n\n\nIn this article, we learn how to easily set up a gateway and wireless access point with pfSense on a Netgate ALIX2C3 APU\nAfter the author's modem died, he decided to look into a more do-it-yourself option with pf and a tiny router board\nThe hardware he used has gigabit ports and a BSD-compatible wireless card, as well as enough CPU power for a modest workload and a few services (OpenVPN, etc.)\nThere's a lot of great pictures of the hardware and detailed screenshots, definitely worth a look\n***\n\n\nReceive Side Scaling - UDP testing\n\n\nAdrian Chadd has been working on RSS (Receive Side Scaling) in FreeBSD, and gives an update on the progress\nHe's using some quad core boxes with 10 gigabit ethernet for the tests\nThe post gives lots of stats and results from his network benchmark, as well as some interesting workarounds he had to do\nHe also provides some system configuration options, sysctl knobs, etc. (if you want to try it out)\nAnd speaking of Adrian Chadd...\n***\n\n\nInterview - Adrian Chadd - adrian@freebsd.org / @erikarn\n\nBSD on laptops, wifi, drivers, various topics\n\n\n\nNews Roundup\n\nSendmail removed from OpenBSD\n\n\nMail server admins around the world are rejoicing, because sendmail is finally gone from OpenBSD\nWith OpenSMTPD being a part of the base system, sendmail became largely redundant and unneeded\nIf you've ever compared a \"sendmail.cf\" file to an \"smtpd.conf\" file... the different is as clear as night and day\n5.6 will serve as a transitional release, including both sendmail and OpenSMTPD, but 5.7 will be the first release without it\nIf you still need it for some reason, sendmail will live in ports from now on\nHopefully FreeBSD will follow suit sometime in the future as well, possibly including DragonFly's mail transfer agent in base (instead of an entire mail server)\n***\n\n\npfSense backups with pfmb\n\n\nWe've mentioned the need for a tool to back up pfSense configs a number of times on the show\nThis script, hosted on github, does pretty much exactly that\nIt can connect to one (or more!) pfSense installations and back up the configuration\nYou can roll back or replace failed hardware very easily with its restore function\nEverything is done over SSH, so it should be pretty secure\n***\n\n\nThe Design and Implementation of the FreeBSD Operating System\n\n\nWe mentioned when the pre orders were up, but now \"The Design and Implementation of the FreeBSD Operating System, 2nd edition\" seems to be shipping out\nIf you're interested in FreeBSD development, or learning about the operating system internals, this is a great book to buy\nWe've even had all three authors on the show before!\n***\n\n\nOpenBSD's systemd replacement updates\n\n\nWe mentioned last week that the news of OpenBSD creating systemd wrappers was getting mainstream attention\nOne of the developers writes in to Undeadly, detailing what's going on and what the overall status is\nHe also clears up any confusion about \"porting systemd to BSD\" (that's not what's going on) or his code ever ending up in base (it won't)\nThe top comment as of right now is a Linux user asking if his systemd wrappers can be ported back to Linux... poor guy\n***\n\n\nFeedback/Questions\n\n\nBrad writes in\nBen writes in\nMathieu writes in\nSteve writes in\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be talking with Adrian Chadd about all things wireless, his experience with FreeBSD on various laptop hardware and a whole lot more. As usual, we\u0026#39;ve got the latest news and answers to all your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/10.1/\" rel=\"nofollow\"\u003eFreeBSD 10.1-BETA1 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe first maintenance update in the 10.x series of FreeBSD is on its way\u003c/li\u003e\n\u003cli\u003eSince we can\u0026#39;t see a changelog yet, the 10-STABLE \u003ca href=\"https://www.freebsd.org/relnotes/10-STABLE/relnotes/article.html\" rel=\"nofollow\"\u003erelease notes\u003c/a\u003e offer a glimpse at some of the new features and fixes that will be included in 10.1\u003c/li\u003e\n\u003cli\u003eThe vt driver was merged from -CURRENT, lots of drivers were updated, lots of bugs were fixed and bhyve also got many improvements from 11\u003c/li\u003e\n\u003cli\u003eInitial UEFI support, multithreaded softupdates for UFS and many more things were added\u003c/li\u003e\n\u003cli\u003eYou can check the \u003ca href=\"https://www.freebsd.org/releases/10.1R/schedule.html\" rel=\"nofollow\"\u003erelease schedule\u003c/a\u003e for the planned release dates\u003c/li\u003e\n\u003cli\u003eDetails for the various forms of release media can be found in \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2014-September/080106.html\" rel=\"nofollow\"\u003ethe announcement\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://jcs.org/notaweblog/2014/09/12/remotely_installing_openbsd_on_a/\" rel=\"nofollow\"\u003eRemote headless OpenBSD installation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA lot of server providers only offer a limited number of operating systems to be easily installed on their boxes\u003c/li\u003e\n\u003cli\u003eSometimes you\u0026#39;ll get lucky and they\u0026#39;ll offer FreeBSD, but it\u0026#39;s much harder to find ones that natively support other BSDs\u003c/li\u003e\n\u003cli\u003eThis article shows how you can use a Linux-based rescue system, a RAM disk and QEMU to install OpenBSD on the bare metal of a server, headlessly and remotely\u003c/li\u003e\n\u003cli\u003eIt required a few specific steps you\u0026#39;ll want to take note of, but is \u003cstrong\u003eextremely useful\u003c/strong\u003e for those pesky hosting providers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.get-virtual.net/2014/09/16/build-firewall-appliance/\" rel=\"nofollow\"\u003eBuilding a firewall appliance with pfSense\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this article, we learn how to easily set up a gateway and wireless access point with pfSense on a Netgate \u003ca href=\"http://pcengines.ch/alix2c3.htm\" rel=\"nofollow\"\u003eALIX2C3 APU\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAfter the author\u0026#39;s modem died, he decided to look into a more do-it-yourself option with pf and a tiny router board\u003c/li\u003e\n\u003cli\u003eThe hardware he used has gigabit ports and a BSD-compatible wireless card, as well as enough CPU power for a modest workload and a few services (OpenVPN, etc.)\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a lot of \u003cem\u003egreat\u003c/em\u003e pictures of the hardware and detailed screenshots, definitely worth a look\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2014/09/receive-side-scaling-testing-udp.html\" rel=\"nofollow\"\u003eReceive Side Scaling - UDP testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd has been working on RSS (Receive Side Scaling) in FreeBSD, and gives an update on the progress\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s using some quad core boxes with 10 gigabit ethernet for the tests\u003c/li\u003e\n\u003cli\u003eThe post gives lots of stats and results from his network benchmark, as well as some interesting workarounds he had to do\u003c/li\u003e\n\u003cli\u003eHe also provides some system configuration options, sysctl knobs, etc. (if you want to try it out)\u003c/li\u003e\n\u003cli\u003eAnd speaking of Adrian Chadd...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Adrian Chadd - \u003ca href=\"mailto:adrian@freebsd.org\" rel=\"nofollow\"\u003eadrian@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/erikarn\" rel=\"nofollow\"\u003e@erikarn\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD on laptops, wifi, drivers, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140916084251\" rel=\"nofollow\"\u003eSendmail removed from OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMail server admins around the world \u003ca href=\"https://news.ycombinator.com/item?id=8324475\" rel=\"nofollow\"\u003eare rejoicing\u003c/a\u003e, because sendmail is \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=141081997917153\u0026w=2\" rel=\"nofollow\"\u003efinally gone\u003c/a\u003e from OpenBSD\u003c/li\u003e\n\u003cli\u003eWith OpenSMTPD being a part of the base system, sendmail became largely redundant and unneeded\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve ever compared a \u0026quot;sendmail.cf\u0026quot; file to an \u0026quot;smtpd.conf\u0026quot; file... the different is as clear as night and day\u003c/li\u003e\n\u003cli\u003e5.6 will serve as a transitional release, including both sendmail and OpenSMTPD, but 5.7 will be the first release without it\u003c/li\u003e\n\u003cli\u003eIf you still need it for some reason, sendmail will live in ports from now on\u003c/li\u003e\n\u003cli\u003eHopefully FreeBSD will follow suit sometime in the future as well, possibly including DragonFly\u0026#39;s mail transfer agent in base (instead of an entire mail server)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/zinkwazi/pfmb\" rel=\"nofollow\"\u003epfSense backups with pfmb\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve mentioned the need for a tool to back up pfSense configs a number of times on the show\u003c/li\u003e\n\u003cli\u003eThis script, hosted on github, does pretty much exactly that\u003c/li\u003e\n\u003cli\u003eIt can connect to one (or more!) pfSense installations and back up the configuration\u003c/li\u003e\n\u003cli\u003eYou can roll back or replace failed hardware very easily with its restore function\u003c/li\u003e\n\u003cli\u003eEverything is done over SSH, so it should be pretty secure\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.amazon.com/dp/0321968972/\" rel=\"nofollow\"\u003eThe Design and Implementation of the FreeBSD Operating System\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned when the pre orders were up, but now \u0026quot;The Design and Implementation of the FreeBSD Operating System, 2nd edition\u0026quot; seems to be shipping out\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in FreeBSD development, or learning about the operating system internals, this is a great book to buy\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve even had \u003ca href=\"http://www.bsdnow.tv/episodes/2013-10-02_stacks_of_cache\" rel=\"nofollow\"\u003eall\u003c/a\u003e \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003ethree\u003c/a\u003e \u003ca href=\"http://www.bsdnow.tv/episodes/2014_08_13-vpn_my_dear_watson\" rel=\"nofollow\"\u003eauthors\u003c/a\u003e on the show before!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140915064856\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s systemd replacement updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned last week that the news of OpenBSD creating systemd wrappers was getting mainstream attention\u003c/li\u003e\n\u003cli\u003eOne of the developers writes in to Undeadly, detailing what\u0026#39;s going on and what the overall status is\u003c/li\u003e\n\u003cli\u003eHe also clears up any confusion about \u0026quot;porting systemd to BSD\u0026quot; \u003cstrong\u003e(that\u0026#39;s not what\u0026#39;s going on)\u003c/strong\u003e or his code ever ending up in base \u003cstrong\u003e(it won\u0026#39;t)\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eThe top comment as of right now is a Linux user asking if his systemd wrappers can be ported back to Linux... poor guy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20jrx0nIf\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21hFUJ2ju\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21RgSzOv4\" rel=\"nofollow\"\u003eMathieu writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2P1mzalPh\" rel=\"nofollow\"\u003eSteve writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be talking with Adrian Chadd about all things wireless, his experience with FreeBSD on various laptop hardware and a whole lot more. As usual, we've got the latest news and answers to all your emails, on BSD Now - the place to B.. SD.","date_published":"2014-09-17T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/138f743e-c056-4292-9d04-7a7022b34944.mp3","mime_type":"audio/mpeg","size_in_bytes":57124948,"duration_in_seconds":4760}]},{"id":"c6ff3386-0834-4798-809e-dd4917c5bc7b","title":"54: Luminary Environment","url":"https://www.bsdnow.tv/54","content_text":"This week on the show, it's all about Lumina. We'll be giving you a visual walkthrough of the new BSD-exclusive desktop environment, as well as chatting with the main developer. There's also answers to your emails and all the latest news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nPortscout ported to OpenBSD\n\n\nPortscout is a popular utility used in the FreeBSD ports infrastructure\nIt lets port maintainers know when there's a new version of the upstream software available by automatically checking the distfile mirror\nNow OpenBSD porters can enjoy the same convenience, as it's been ported over\nYou can view the status online to see how it works and who maintains what\nThe developer who ported it is working to get all the current features working on OpenBSD, and added a few new features as well\nHe decided to fork and rename it a few days later\n***\n\n\nSysadmins and systemd refugees flocking to BSD\n\n\nWith all the drama in Linux land about the rapid changes to their init system, a lot of people are looking at BSD alternatives\nThis \"you got your Windows in my Linux\" article (and accompanying comments) give a nice glimpse into the minds of some of those switchers\nBoth server administrators and regular everyday users are switching away from Linux, as more and more distros give them no choice but to use systemd\nFortunately, the BSD communities are usually very welcoming of switchers - it's pretty nice on this side!\n***\n\n\nOpenBSD's versioning schemes\n\n\nTed Unangst explains the various versioning systems within OpenBSD, from the base to libraries to other included software\nIn contrast to FreeBSD's release cycle, OpenBSD isn't as concerned with breaking backwards compatibility (but only if it's needed to make progress)\nThis allows them to innovate and introduce new features a lot more easily, and get those features in a stable release that everyone uses\nHe also details the difference between branches, their errata system and lack of \"patch levels\" for security\nSome other things in OpenBSD don't have version numbers at all, like tmux\n\"Every release adds some new features, fixes some old bugs, probably adds a new bug or two, and, if I have anything to say about it, removes some old features.\"\n***\n\n\nVAXstation 4000 Model 90 booting NetBSD\n\n\nWe found a video of NetBSD booting on a 22 year old VAX workstation, circa 1992\nThis system has a monstrous 71 MHz CPU and 128MB of ECC RAM\nIt continues in part two, where we learn that it would've cost around $25,000 when it was released!\nThe uploader talks about his experiences getting NetBSD on it, what does and doesn't work, etc\nIt's interesting to see that such old hardware isn't necessarily obsolete just because newer things have come out since then (but maybe don't try to build world on it...)\n***\n\n\nInterview - Ken Moore - ken@pcbsd.org\n\nThe Lumina desktop environment\n\n\n\nSpecial segment\n\nLumina walkthrough\n\n\n\nNews Roundup\n\nSuricata for IDS on pfSense\n\n\nWhile most people are familiar with Snort as an intrusion detection system, Suricata is another choice\nThis guide goes through the steps of installing and configuring it on a public-facing pfSense box\nPart two details some of the configuration steps\nOne other cool thing about Suricata - it's compatible with Snort rules, so you can use the same updates\nThere's also another recent post about snort as well, if that's more your style\nIf you run pfSense (or any BSD) as an edge router for a lot of users, this might be worth looking into\n***\n\n\nOpenBSD's systemd API emulation project\n\n\nThis story was pretty popular in the mainstream news this week\nFor the Google Summer of Code, a student is writing emulation wrappers for some of systemd's functions\nThere was consideration from some Linux users to port over the finished emulation back to Linux, so they wouldn't have to run the full systemd\nOne particularly interesting Slashdot comment snippet: \"We are currently migrating a large number (much larger than planned after initial results) of systems from RHEL to BSD - a decision taken due to general unhappiness with RHEL6, but SystemD pushed us towards BSD rather than another Linux distro - and in some cases are seeing throughput gains of greater than 10% on what should be equivalent Linux and BSD server builds. The re-learning curve wasn't as steep as we expected, general system stability seems to be better too, and BSD's security reputation goes without saying.\"\nIt will NOT be in the base system - only in ports, and only installed as a dependency for things like newer GNOME that require such APIs\nIn the long run, BSD will still be safe from systemd's reign of terror, but will hopefully still be compatible with some third party packages like GNOME that insist on using it\n***\n\n\nGhostBSD 4 previewed\n\n\nThe GhostBSD project is moving along, slowly getting closer to the 4 release\nThis article shows some of the progress made, and includes lots of screenshots and interesting graphical frontends\nIf you're not too familiar with GhostBSD, we interviewed the lead developer a little while back\n***\n\n\nNetBSD on the Banana Pi\n\n\nThe Banana Pi is a tasty alternative to the Raspberry Pi, with similar hardware specs\nIn this blog post, a NetBSD developer details his experiences in getting NetBSD to run on it\nAfter studying how the prebuilt Linux image booted, he made some notes and started hacking\nEthernet, one of the few things not working, is being looked into and he's hoping to get it fully supported for the upcoming NetBSD 7.0\nThey're only about $65 as of the time we're recording this, so it might be a fun project to try\n***\n\n\nFeedback/Questions\n\n\nAntonio writes in\nGaregin writes in\nErno writes in\nBrandon writes in\n***\n","content_html":"\u003cp\u003eThis week on the show, it\u0026#39;s all about Lumina. We\u0026#39;ll be giving you a visual walkthrough of the new BSD-exclusive desktop environment, as well as chatting with the main developer. There\u0026#39;s also answers to your emails and all the latest news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.jasper.la/portscout-for-openbsd/\" rel=\"nofollow\"\u003ePortscout ported to OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePortscout is a popular utility used in the FreeBSD ports infrastructure\u003c/li\u003e\n\u003cli\u003eIt lets port maintainers know when there\u0026#39;s a new version of the upstream software available by automatically checking the distfile mirror\u003c/li\u003e\n\u003cli\u003eNow OpenBSD porters can enjoy the same convenience, as it\u0026#39;s been ported over\u003c/li\u003e\n\u003cli\u003eYou can view the status \u003ca href=\"http://portscout.jasper.la/\" rel=\"nofollow\"\u003eonline\u003c/a\u003e to see how it works and \u003ca href=\"http://portscout.jasper.la/index-total.html\" rel=\"nofollow\"\u003ewho maintains what\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe developer who ported it is working to get all the current features working on OpenBSD, and added a few new features as well\u003c/li\u003e\n\u003cli\u003eHe decided to \u003ca href=\"https://jasperla.github.io/portroach/\" rel=\"nofollow\"\u003efork and rename it\u003c/a\u003e a few days later\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.reddit.com/r/freebsd/comments/2fgb90/you_have_your_windows_in_my_linux_or_why_many/\" rel=\"nofollow\"\u003eSysadmins and systemd refugees flocking to BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith all the drama in Linux land about the rapid changes to their init system, a lot of people are looking at BSD alternatives\u003c/li\u003e\n\u003cli\u003eThis \u0026quot;\u003ca href=\"http://www.infoworld.com/d/data-center/you-have-your-windows-in-my-linux-249483\" rel=\"nofollow\"\u003eyou got your Windows in my Linux\u003c/a\u003e\u0026quot; article (and accompanying comments) give a nice glimpse into the minds of some of those switchers\u003c/li\u003e\n\u003cli\u003eBoth server administrators and regular everyday users are switching away from Linux, as more and more distros give them no choice but to use systemd\u003c/li\u003e\n\u003cli\u003eFortunately, the BSD communities are usually very welcoming of switchers - it\u0026#39;s pretty nice on this side!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/OpenBSD-version-numbers\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s versioning schemes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTed Unangst explains the various versioning systems within OpenBSD, from the base to libraries to other included software\u003c/li\u003e\n\u003cli\u003eIn contrast to FreeBSD\u0026#39;s release cycle, OpenBSD isn\u0026#39;t as concerned with breaking backwards compatibility (but only if it\u0026#39;s needed to make progress)\u003c/li\u003e\n\u003cli\u003eThis allows them to innovate and introduce new features a lot more easily, and get those features in a stable release that everyone uses\u003c/li\u003e\n\u003cli\u003eHe also details the difference between branches, their errata system and lack of \u0026quot;patch levels\u0026quot; for security\u003c/li\u003e\n\u003cli\u003eSome other things in OpenBSD don\u0026#39;t have version numbers at all, like tmux\u003c/li\u003e\n\u003cli\u003e\u0026quot;Every release adds some new features, fixes some old bugs, probably adds a new bug or two, and, if I have anything to say about it, removes some old features.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=zLsgFPaMPyg\" rel=\"nofollow\"\u003eVAXstation 4000 Model 90 booting NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe found a video of NetBSD booting on a 22 year old VAX workstation, circa 1992\u003c/li\u003e\n\u003cli\u003eThis system has a monstrous 71 MHz CPU and 128MB of ECC RAM\u003c/li\u003e\n\u003cli\u003eIt \u003ca href=\"https://www.youtube.com/watch?v=YKzDXKmn66U\" rel=\"nofollow\"\u003econtinues in part two\u003c/a\u003e, where we learn that it would\u0026#39;ve cost around $25,000 when it was released!\u003c/li\u003e\n\u003cli\u003eThe uploader talks about his experiences getting NetBSD on it, what does and doesn\u0026#39;t work, etc\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s interesting to see that such old hardware isn\u0026#39;t necessarily obsolete just because newer things have come out since then (but maybe don\u0026#39;t try to build world on it...)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ken Moore - \u003ca href=\"mailto:ken@pcbsd.org\" rel=\"nofollow\"\u003eken@pcbsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe Lumina desktop environment\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eSpecial segment\u003c/h2\u003e\n\n\u003ch3\u003eLumina walkthrough\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pfsensesetup.com/suricata-intrusion-detection-system-part-one\" rel=\"nofollow\"\u003eSuricata for IDS on pfSense\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile most people are familiar with Snort as an intrusion detection system, Suricata is another choice\u003c/li\u003e\n\u003cli\u003eThis guide goes through the steps of installing and configuring it on a public-facing pfSense box\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://pfsensesetup.com/suricata-intrusion-detection-system-part-two/\" rel=\"nofollow\"\u003ePart two\u003c/a\u003e details some of the configuration steps\u003c/li\u003e\n\u003cli\u003eOne other cool thing about Suricata - it\u0026#39;s compatible with Snort rules, so you can use the same updates\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also \u003ca href=\"http://www.allamericancomputerrepair.com/Blog/Post/29/Install-Snort-on-FreeBSD\" rel=\"nofollow\"\u003eanother recent post\u003c/a\u003e about snort as well, if that\u0026#39;s more your style\u003c/li\u003e\n\u003cli\u003eIf you run pfSense (or any BSD) as an edge router for a lot of users, this might be worth looking into\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsd.slashdot.org/story/14/09/08/0250207/gsoc-project-works-to-emulate-systemd-for-openbsd\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s systemd API emulation project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis story was pretty popular in the mainstream news this week\u003c/li\u003e\n\u003cli\u003eFor the Google Summer of Code, a student is writing emulation wrappers for some of \u003ca href=\"https://twitter.com/blakkheim/status/509092821773848577\" rel=\"nofollow\"\u003esystemd\u0026#39;s functions\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere was consideration from some Linux users to port over the finished emulation back to Linux, so they wouldn\u0026#39;t have to run the full systemd\u003c/li\u003e\n\u003cli\u003eOne particularly interesting Slashdot comment \u003ca href=\"http://bsd.slashdot.org/comments.pl?sid=5663319\u0026cid=47851361\" rel=\"nofollow\"\u003esnippet\u003c/a\u003e: \u0026quot;We are currently migrating a large number (much larger than planned after initial results) of systems from RHEL to BSD - a decision taken due to general unhappiness with RHEL6, but SystemD pushed us towards BSD rather than another Linux distro - and in some cases are seeing throughput gains of greater than 10% on what should be equivalent Linux and BSD server builds. The re-learning curve wasn\u0026#39;t as steep as we expected, general system stability seems to be better too, and BSD\u0026#39;s security reputation goes without saying.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt will NOT be in the base system - only in ports, and only installed as a dependency for things like \u003ca href=\"http://blogs.gnome.org/ovitters/2014/09/07/systemd-in-gnome-3-14-and-beyond/\" rel=\"nofollow\"\u003enewer GNOME\u003c/a\u003e that require such APIs\u003c/li\u003e\n\u003cli\u003eIn the long run, BSD will still be safe from systemd\u0026#39;s reign of terror, but will hopefully still be compatible with some third party packages like GNOME that insist on using it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.linuxbsdos.com/2014/05/19/preview-of-ghostbsd-4-0/\" rel=\"nofollow\"\u003eGhostBSD 4 previewed\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe GhostBSD project is moving along, slowly getting closer to the 4 release\u003c/li\u003e\n\u003cli\u003eThis article shows some of the progress made, and includes lots of screenshots and interesting graphical frontends\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re not too familiar with GhostBSD, we \u003ca href=\"http://www.bsdnow.tv/episodes/2014_03_12-ghost_of_partition\" rel=\"nofollow\"\u003einterviewed the lead developer\u003c/a\u003e a little while back\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://rizzoandself.blogspot.com/2014/09/netbsd-on-banana-pi.html\" rel=\"nofollow\"\u003eNetBSD on the Banana Pi\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Banana Pi is a tasty alternative to the Raspberry Pi, with similar hardware specs\u003c/li\u003e\n\u003cli\u003eIn this blog post, a NetBSD developer details his experiences in getting NetBSD to run on it\u003c/li\u003e\n\u003cli\u003eAfter studying how the prebuilt Linux image booted, he made some notes and started hacking\u003c/li\u003e\n\u003cli\u003eEthernet, one of the few things not working, is being looked into and he\u0026#39;s hoping to get it fully supported for the upcoming NetBSD 7.0\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re only about $65 as of the time we\u0026#39;re recording this, so it might be a fun project to try\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s28iKdBEbm\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Wfnv87h\" rel=\"nofollow\"\u003eGaregin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Fzryxhdz\" rel=\"nofollow\"\u003eErno writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ILcqdFfF\" rel=\"nofollow\"\u003eBrandon writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, it's all about Lumina. We'll be giving you a visual walkthrough of the new BSD-exclusive desktop environment, as well as chatting with the main developer. There's also answers to your emails and all the latest news, on BSD Now - the place to B.. SD.","date_published":"2014-09-10T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c6ff3386-0834-4798-809e-dd4917c5bc7b.mp3","mime_type":"audio/mpeg","size_in_bytes":56630740,"duration_in_seconds":4719}]},{"id":"ef498915-45f4-4dbb-87fc-4f8e9ee65342","title":"53: It's HAMMER Time","url":"https://www.bsdnow.tv/53","content_text":"It's our one year anniversary episode, and we'll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it's going. After that, we'll show you the ins and outs of DragonFly's HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD foundation's new IPSEC project\n\n\nThe FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code\nWith bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance\nThis new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD\nThe updated stack will also support AES-NI for hardware-based encryption speed ups\nIt's expected to be completed by the end of September, and will also be in pfSense 2.2\n***\n\n\nNetBSD at Shimane Open Source Conference 2014\n\n\nThe Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23\nOne of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary\nThey had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations\nSome visitors said that NetBSD had the most chaotic booth at the conference\n***\n\n\npfSense 2.1.5 released\n\n\nA new version of the pfSense 2.1 branch is out\nMostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched in -RELEASE after nearly a month)\nIt also includes many other bug fixes, check the blog post for the full list\n***\n\n\nSystems, Science and FreeBSD\n\n\nOur friend George Neville-Neil gave a presentation at Microsoft Research\nIt's mainly about using FreeBSD as a platform for research, inside and outside of universities\nThe talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more\n***\n\n\nInterview - Reyk Floeter - reyk@openbsd.org / @reykfloeter\n\nOpenBSD's HTTP daemon\n\n\n\nTutorial\n\nA crash course on HAMMER FS\n\n\n\nNews Roundup\n\nOpenBSD's rcctl tool usage\n\n\nOpenBSD recently got a new tool for managing /etc/rc.conf.local in -current\nSimilar to FreeBSD's \"sysrc\" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services\nThis blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services\nIt won't make it to 5.6, but will be in 5.7 (next May)\n***\n\n\npfSense mini-roundup\n\n\nWe found five interesting pfSense articles throughout the week and wanted to quickly mention them\nThe first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a \"smart\" DNS service\nThe second post talks about setting ip IPv6, in particular if Comcast is your ISP\nThe third one features pfSense on Softpedia, a more mainstream tech site\nThe fourth post describes how to filter HTTPS traffic with Squid and pfSense\nThe last article describes setting up a VPN using the \"tinc\" daemon and pfSense\nIt seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about\nThis pfSense HQ website seems to have lots of other cool pfSense items, check it out\n***\n\n\nOpenBSD's new buffer cache\n\n\nOpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems\nTed Unangst has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work\nInitial tests show positive results in terms of cache responsiveness\nCheck the post for all the fine details\n***\n\n\nBSDTalk episode 244\n\n\nAnother new BSDTalk is up and, this time around, Will Backman interviews Ken Moore, the developer of the new BSD desktop environment\nThey discuss the history of development, differences between it and other DEs, lots of topics\nIf you're more of a visual person, fear not, because...\nWe'll have Ken on next week, including a full \"virtual walkthrough\" of Lumina and its applications\n***\n\n\nFeedback/Questions\n\n\nGhislain writes in\nRaynold writes in\nVan writes in\nSean writes in\nStefan writes in\n***\n","content_html":"\u003cp\u003eIt\u0026#39;s our one year anniversary episode, and we\u0026#39;ll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it\u0026#39;s going. After that, we\u0026#39;ll show you the ins and outs of DragonFly\u0026#39;s HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/08/freebsd-foundation-announces-ipsec.html\" rel=\"nofollow\"\u003eFreeBSD foundation\u0026#39;s new IPSEC project\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code\u003c/li\u003e\n\u003cli\u003eWith bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance\u003c/li\u003e\n\u003cli\u003eThis new work will add AES-CTR and AES-GCM modes to FreeBSD\u0026#39;s implementation, borrowing some code from OpenBSD\u003c/li\u003e\n\u003cli\u003eThe updated stack will also support AES-NI for hardware-based encryption speed ups\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s expected to be completed by the end of September, and will also be in pfSense 2.2\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2014/08/31/msg000667.html\" rel=\"nofollow\"\u003eNetBSD at Shimane Open Source Conference 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23\u003c/li\u003e\n\u003cli\u003eOne of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary\u003c/li\u003e\n\u003cli\u003eThey had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations\u003c/li\u003e\n\u003cli\u003eSome visitors said that NetBSD had the most chaotic booth at the conference\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1401\" rel=\"nofollow\"\u003epfSense 2.1.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new version of the pfSense 2.1 branch is out\u003c/li\u003e\n\u003cli\u003eMostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security/2014-August/007875.html\" rel=\"nofollow\"\u003estill not patched\u003c/a\u003e in -RELEASE after nearly a month)\u003c/li\u003e\n\u003cli\u003eIt also includes many other bug fixes, check the blog post for the full list\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://msrvideo.vo.msecnd.net/rmcvideos/227133/dl/227133.mp4\" rel=\"nofollow\"\u003eSystems, Science and FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003eGeorge Neville-Neil\u003c/a\u003e gave a presentation at Microsoft Research\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s mainly about using FreeBSD as a platform for research, inside and outside of universities\u003c/li\u003e\n\u003cli\u003eThe talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Reyk Floeter - \u003ca href=\"mailto:reyk@openbsd.org\" rel=\"nofollow\"\u003ereyk@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/reykfloeter\" rel=\"nofollow\"\u003e@reykfloeter\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD\u0026#39;s HTTP daemon\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/hammer\" rel=\"nofollow\"\u003eA crash course on HAMMER FS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://brynet.biz.tm/article-rcctl.html\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s rcctl tool usage\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD recently \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140820090351\" rel=\"nofollow\"\u003egot a new tool\u003c/a\u003e for managing /etc/rc.conf.local in -current\u003c/li\u003e\n\u003cli\u003eSimilar to FreeBSD\u0026#39;s \u0026quot;sysrc\u0026quot; tool, it eliminates the need to manually edit rc.conf.local to enable or disable services\u003c/li\u003e\n\u003cli\u003eThis blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services\u003c/li\u003e\n\u003cli\u003eIt won\u0026#39;t make it to 5.6, but will be in 5.7 (next May)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mateh.id.au/2014/08/stream-netflix-chromecast-using-pfsense/\" rel=\"nofollow\"\u003epfSense mini-roundup\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe found five interesting pfSense articles throughout the week and wanted to quickly mention them\u003c/li\u003e\n\u003cli\u003eThe first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a \u0026quot;smart\u0026quot; DNS service\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://theosquest.com/2014/08/28/ipv6-with-comcast-and-pfsense/\" rel=\"nofollow\"\u003esecond post\u003c/a\u003e talks about setting ip IPv6, in particular if Comcast is your ISP\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://news.softpedia.com/news/PfSense-2-1-5-Is-Free-and-Powerful-FreeBSD-based-Firewall-Operating-System-457097.shtml\" rel=\"nofollow\"\u003ethird one\u003c/a\u003e features pfSense on Softpedia, a more mainstream tech site\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/\" rel=\"nofollow\"\u003efourth post\u003c/a\u003e describes how to filter HTTPS traffic with Squid and pfSense\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://pfsensesetup.com/vpn-tunneling-with-tinc/\" rel=\"nofollow\"\u003elast article\u003c/a\u003e describes setting up a VPN using the \u0026quot;\u003ca href=\"https://en.wikipedia.org/wiki/Tinc_%28protocol%29\" rel=\"nofollow\"\u003etinc\u003c/a\u003e\u0026quot; daemon and pfSense\u003c/li\u003e\n\u003cli\u003eIt seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it\u0026#39;s interesting to read about\u003c/li\u003e\n\u003cli\u003eThis pfSense HQ website seems to have lots of other cool pfSense items, check it out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/2Q-buffer-cache-algorithm\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s new buffer cache\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work\u003c/li\u003e\n\u003cli\u003eInitial tests show positive results in terms of cache responsiveness\u003c/li\u003e\n\u003cli\u003eCheck the post for all the fine details\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2014/08/bsdtalk244-lumina-desktop-environment.html\" rel=\"nofollow\"\u003eBSDTalk episode 244\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother new BSDTalk is up and, this time around, \u003ca href=\"http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk\" rel=\"nofollow\"\u003eWill Backman\u003c/a\u003e interviews Ken Moore, the developer of the new BSD desktop environment\u003c/li\u003e\n\u003cli\u003eThey discuss the history of development, differences between it and other DEs, lots of topics\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re more of a visual person, fear not, because...\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll have Ken on \u003cem\u003enext week\u003c/em\u003e, including a full \u0026quot;virtual walkthrough\u0026quot; of Lumina and its applications\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21G3KL6lv\" rel=\"nofollow\"\u003eGhislain writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21USZdk2D\" rel=\"nofollow\"\u003eRaynold writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2IWAfkDfX\" rel=\"nofollow\"\u003eVan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2OBhezoDV\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s22h9RhXUy\" rel=\"nofollow\"\u003eStefan writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It's our one year anniversary episode, and we'll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it's going. After that, we'll show you the ins and outs of DragonFly's HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD.","date_published":"2014-09-03T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ef498915-45f4-4dbb-87fc-4f8e9ee65342.mp3","mime_type":"audio/mpeg","size_in_bytes":56493652,"duration_in_seconds":4707}]},{"id":"67ad6e78-144e-4d1c-a713-49b54e5b679e","title":"52: Reverse Takeover","url":"https://www.bsdnow.tv/52","content_text":"Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD foundation August update\n\n\nThe foundation has published a new PDF detailing some of their recent activities\nIt includes project development updates, the 10.1-RELEASE schedule and some of its new features\nThere is also a short interview with Dru Lavigne in the \"voices from the community\" section\nIf you're into hardware, there's another section about some new FreeBSD server equipment\nIn closing, there's an update on funding too\n***\n\n\nNSD for an authoritative nameserver\n\n\nWith BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup\nThis article shows how to use NSD for an authoritative DNS nameserver\nIt's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)\nAll the instructions are presented very neatly, with all the little details included\nLess BIND means less vulnerabilities, everybody's happy\n***\n\n\nBIND and Nginx removed from OpenBSD\n\n\nWhile we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well\nThe base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)\nThey've also removed nginx from the base system, in favor of the new custom HTTP daemon\nBIND and Nginx are still available in ports if you don't want to switch\nWe're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on\nWith Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives\n***\n\n\nNetBSD demo videos\n\n\nA Japanese NetBSD developer has been uploading lots of interesting videos\nUnsurprisingly, they're all featuring NetBSD running on exotic and weird hardware\nMost of them are demoing sound or running a modern Twitter client on an ancient computer\nThey're from the same guy that did the conference wrap-up we mentioned recently\n***\n\n\nInterview - Shawn Webb - shawn.webb@hardenedbsd.org / @lattera\n\nAddress space layout randomization in FreeBSD\n\n\n\nTutorial\n\nReverse SSH tunneling\n\n\n\nNews Roundup\n\nPuppet master-agent installation on FreeBSD\n\n\nIf you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before\nThe author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own\nHe goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems\nThe rest of the post explains how to set up both the master and the agent configurations\n***\n\n\nMisc. pfSense items\n\n\nWe found a few miscellaneous pfSense articles this past week \nThe first one is about the hunt for the \"ultimate\" free open source firewall, where pfSense is obviously a strong contender\nThe second one shows how to log NAT firewall states (a good way to find out which family member has been torrenting!)\nIn the third, you can see how to automatically back up your configuration files\nThe fourth item shows how to set up PXE booting with pfSense, similar to one of our tutorials\n***\n\n\nTime Machine backups on ZFS\n\n\nIf you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive \"time capsule\"\nThis post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system\nWith a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive\nSurprisingly simple to do, recommended for anyone with Macs on their network\n***\n\n\nLumina desktop preview\n\n\nLumina, the BSD-exclusive desktop environment, seems to be coming along nicely\nThe main developer has posted an update on the PCBSD blog with some screenshots\nLots of new features have been added, many of which are documented in the post\nThere just might be a BSD Now episode about Lumina coming up.. (cough cough)\n***\n\n\nFeedback/Questions\n\n\nGary writes in\nCedric writes in\nCaldwell writes in\nCary writes in\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we\u0026#39;ll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2014augupdate.pdf\" rel=\"nofollow\"\u003eFreeBSD foundation August update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe foundation has published a new PDF detailing some of their recent activities\u003c/li\u003e\n\u003cli\u003eIt includes project development updates, the 10.1-RELEASE schedule and some of its new features\u003c/li\u003e\n\u003cli\u003eThere is also a short interview with \u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_09-pxe_dust\" rel=\"nofollow\"\u003eDru Lavigne\u003c/a\u003e in the \u0026quot;voices from the community\u0026quot; section\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re into hardware, there\u0026#39;s another section about some new FreeBSD server equipment\u003c/li\u003e\n\u003cli\u003eIn closing, there\u0026#39;s an update on funding too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.prado.it/2014/08/20/how-to-run-master-nsd-on-freebsd-10-0/\" rel=\"nofollow\"\u003eNSD for an authoritative nameserver\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup\u003c/li\u003e\n\u003cli\u003eThis article shows how to use NSD for an authoritative DNS nameserver\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)\u003c/li\u003e\n\u003cli\u003eAll the instructions are presented very neatly, with all the little details included\u003c/li\u003e\n\u003cli\u003eLess BIND means less vulnerabilities, everybody\u0026#39;s happy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=140873518514033\u0026w=2\" rel=\"nofollow\"\u003eBIND and Nginx removed from OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile we\u0026#39;re on the topic of DNS servers, BIND was finally removed from OpenBSD as well\u003c/li\u003e\n\u003cli\u003eThe base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve also \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=140908174910713\u0026w=2\" rel=\"nofollow\"\u003eremoved nginx\u003c/a\u003e from the base system, in favor of the new custom HTTP daemon\u003c/li\u003e\n\u003cli\u003eBIND and Nginx are still available in ports if you don\u0026#39;t want to switch\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;re hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on\u003c/li\u003e\n\u003cli\u003eWith Apache gone in the upcoming 5.6, It\u0026#39;s also likely that sendmail will be removed before 5.7 - hooray for modern alternatives\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/user/tsutsuii/videos\" rel=\"nofollow\"\u003eNetBSD demo videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Japanese NetBSD developer has been uploading lots of interesting videos\u003c/li\u003e\n\u003cli\u003eUnsurprisingly, they\u0026#39;re all featuring NetBSD running on exotic and weird hardware\u003c/li\u003e\n\u003cli\u003eMost of them are demoing sound or running a modern Twitter client on an ancient computer\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re from the same guy that did the conference wrap-up we mentioned recently\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Shawn Webb - \u003ca href=\"mailto:shawn.webb@hardenedbsd.org\" rel=\"nofollow\"\u003eshawn.webb@hardenedbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/lattera\" rel=\"nofollow\"\u003e@lattera\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eAddress space layout randomization \u003ca href=\"http://hardenedbsd.org/\" rel=\"nofollow\"\u003ein FreeBSD\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/reverse-ssh\" rel=\"nofollow\"\u003eReverse SSH tunneling\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://deuterion.net/puppet-master-agent-installation-on-freebsd/\" rel=\"nofollow\"\u003ePuppet master-agent installation on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve got a lot of BSD boxes under your control, or if you\u0026#39;re just lazy, you\u0026#39;ve probably looked into Puppet before\u003c/li\u003e\n\u003cli\u003eThe author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own\u003c/li\u003e\n\u003cli\u003eHe goes through some advantages of using this type of tool for deployments, even when you don\u0026#39;t have a huge number of systems\u003c/li\u003e\n\u003cli\u003eThe rest of the post explains how to set up both the master and the agent configurations\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.mondaiji.com/blog/other/it/10175-the-hunt-for-the-ultimate-free-open-source-firewall-distro\" rel=\"nofollow\"\u003eMisc. pfSense items\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe found a few miscellaneous pfSense articles this past week \u003c/li\u003e\n\u003cli\u003eThe first one is about the hunt for the \u0026quot;ultimate\u0026quot; free open source firewall, where pfSense is obviously a strong contender\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://willbradley.name/2014/08/20/logging-natfirewallstate-entries-in-pfsense/\" rel=\"nofollow\"\u003eThe second one\u003c/a\u003e shows how to log NAT firewall states (a good way to find out which family member has been torrenting!)\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/\" rel=\"nofollow\"\u003ethe third\u003c/a\u003e, you can see how to automatically back up your configuration files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://vidarw.wordpress.com/2014/07/09/network-boot-with-pfsense-and-tftpd32/\" rel=\"nofollow\"\u003eThe fourth item\u003c/a\u003e shows how to set up PXE booting with pfSense, similar to one of our tutorials\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.khubla.com/freebsd/timemachine-backups-on-freebsd-10\" rel=\"nofollow\"\u003eTime Machine backups on ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive \u0026quot;time capsule\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system\u003c/li\u003e\n\u003cli\u003eWith a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive\u003c/li\u003e\n\u003cli\u003eSurprisingly simple to do, recommended for anyone with Macs on their network\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/08/pc-bsd-10-0-3-preview-lumina-desktop/\" rel=\"nofollow\"\u003eLumina desktop preview\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLumina, the BSD-exclusive desktop environment, seems to be coming along nicely\u003c/li\u003e\n\u003cli\u003eThe main developer has posted an update on the PCBSD blog with some screenshots\u003c/li\u003e\n\u003cli\u003eLots of new features have been added, many of which are documented in the post\u003c/li\u003e\n\u003cli\u003eThere just might be a BSD Now episode about Lumina coming up.. (cough cough)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21eLBvf1l\" rel=\"nofollow\"\u003eGary writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20xqTKNrf\" rel=\"nofollow\"\u003eCedric writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21q428tPj\" rel=\"nofollow\"\u003eCaldwell writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2uVLhqCaO\" rel=\"nofollow\"\u003eCary writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.","date_published":"2014-08-27T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/67ad6e78-144e-4d1c-a713-49b54e5b679e.mp3","mime_type":"audio/mpeg","size_in_bytes":53663188,"duration_in_seconds":4471}]},{"id":"4502bfee-e803-4a0d-bdcc-fd4420b30bb1","title":"51: Engineering Nginx","url":"https://www.bsdnow.tv/51","content_text":"Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nPassword gropers take spamtrap bait\n\n\nOur friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post\nHe seems to have discovered another new weird phenomenon in his pop3 logs\n\"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia\"\nSomeone tried to log in to his service with an address that was known to be invalid\nThe rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose\n***\n\n\nInside the Atheros wifi chipset\n\n\nAdrian Chadd - sometimes known in the FreeBSD community as \"the wireless guy\" - gave a talk at the Defcon Wireless Village 2014\nHe covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development\nThere's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards\nVery technical talk; some parts might go over your head if you're not a driver developer\nThe raw video file is also available to download on archive.org\nAdrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things\n***\n\n\nTrip report and hackathon mini-roundup\n\n\nA few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted\nMark Linimon mentions some of the future plans for FreeBSD's release engineering and ports\nBapt also has a BSDCan report detailing his work on ports and packages\nAntoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout\nPeter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function\nChristian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure\n***\n\n\nDragonFly BSD 3.8.2 released\n\n\nAlthough it was already branched, the release media is now available for DragonFly 3.8.2\nThis is a minor update, mostly to fix the recent OpenSSL vulnerabilities\nIt also includes some various other small fixes\n***\n\n\nInterview - Eric Le Blan - info@xinuos.com\n\nXinuos' recent FreeBSD integration, BSD in the commercial server space\n\n\n\nTutorial\n\nBuilding a hardened, feature-rich webserver\n\n\n\nNews Roundup\n\nDefend your network and privacy, FreeBSD version\n\n\nBack in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial\nThis is a follow-up post, by the same author, about doing a similar thing with FreeBSD\nHe mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs\nThe rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.\n***\n\n\nDon't encrypt all the things\n\n\nAnother couple of interesting blog posts from Ted Unangst about encryption\nIt talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good\nAfter heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie\nHe also talks a bit about some PGP weaknesses and a possible future replacement\nHe also has another, similar post entitled \"in defense of opportunistic encryption\"\n***\n\n\nNew automounter lands in FreeBSD\n\n\nThe work on the new automounter has just landed in 11-CURRENT\nWith help from the FreeBSD Foundation, we'll have a new \"autofs\" kernel option\nCheck the SVN viewer online to read over the man pages if you're not running -CURRENT\nYou can also read a bit about it in the recent newsletter\n***\n\n\nOpenSSH 6.7 CFT\n\n\nIt's been a little while since the last OpenSSH release, but 6.7 is almost ready\nOur friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features\nIt includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released\nThis version also officially supports being built with LibreSSL now\nHelp test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system\n***\n\n\nFeedback/Questions\n\n\nDavid writes in\nLachlan writes in\nFrancis writes in\nFrank writes in\nSean writes in\n***\n","content_html":"\u003cp\u003eComing up on the show, we\u0026#39;ll be showing you how to set up a secure, SSL-only webserver. There\u0026#39;s also an interview with Eric Le Blan about community participation and FreeBSD\u0026#39;s role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2014/08/password-gropers-take-spamtrap-bait.html\" rel=\"nofollow\"\u003ePassword gropers take spamtrap bait\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend \u003ca href=\"http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall\" rel=\"nofollow\"\u003ePeter Hansteen\u003c/a\u003e, who keeps his eyes glued to his log files, has a new blog post\u003c/li\u003e\n\u003cli\u003eHe seems to have discovered another new weird phenomenon in his pop3 logs\u003c/li\u003e\n\u003cli\u003e\u0026quot;yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia\u0026quot;\u003c/li\u003e\n\u003cli\u003eSomeone tried to log in to his service with an address that was known to be invalid\u003c/li\u003e\n\u003cli\u003eThe rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=WOcYTqoSQ68\" rel=\"nofollow\"\u003eInside the Atheros wifi chipset\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdrian Chadd - sometimes known in the FreeBSD community as \u0026quot;the wireless guy\u0026quot; - gave a talk at the Defcon Wireless Village 2014\u003c/li\u003e\n\u003cli\u003eHe covers a lot of topics on wifi, specifically on Atheros chips and why they\u0026#39;re so popular for open source development\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards\u003c/li\u003e\n\u003cli\u003eVery technical talk; some parts might go over your head if you\u0026#39;re not a driver developer\u003c/li\u003e\n\u003cli\u003eThe raw video file is also available \u003ca href=\"https://archive.org/download/WirelessVillageAtDefCon22/20-Atheros.mp4\" rel=\"nofollow\"\u003eto download\u003c/a\u003e on archive.org\u003c/li\u003e\n\u003cli\u003eAdrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-mark-linimon.html\" rel=\"nofollow\"\u003eTrip report and hackathon mini-roundup\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted\u003c/li\u003e\n\u003cli\u003eMark Linimon mentions some of the future plans for FreeBSD\u0026#39;s release engineering and ports\u003c/li\u003e\n\u003cli\u003eBapt \u003ca href=\"http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-baptiste-daroussin.html\" rel=\"nofollow\"\u003ealso has a BSDCan report\u003c/a\u003e detailing his work on ports and packages\u003c/li\u003e\n\u003cli\u003eAntoine Jacoutot \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140812064946\" rel=\"nofollow\"\u003ewrites about\u003c/a\u003e his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout\u003c/li\u003e\n\u003cli\u003ePeter Hessler, a latecomer to the hackathon, \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140806125308\" rel=\"nofollow\"\u003edetails his experience\u003c/a\u003e too, hacking on the installer and built-in upgrade function\u003c/li\u003e\n\u003cli\u003eChristian Weisgerber \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140803122705\" rel=\"nofollow\"\u003etalks about\u003c/a\u003e starting some initial improvements of OpenBSD\u0026#39;s ports infrastructure\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2014-August/270573.html\" rel=\"nofollow\"\u003eDragonFly BSD 3.8.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlthough it was already branched, the release media is now available for DragonFly 3.8.2\u003c/li\u003e\n\u003cli\u003eThis is a minor update, mostly to fix the recent OpenSSL vulnerabilities\u003c/li\u003e\n\u003cli\u003eIt also includes some various other small fixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Eric Le Blan - \u003ca href=\"mailto:info@xinuos.com\" rel=\"nofollow\"\u003einfo@xinuos.com\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eXinuos\u0026#39; recent FreeBSD integration, BSD in the commercial server space\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/nginx\" rel=\"nofollow\"\u003eBuilding a hardened, feature-rich webserver\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://networkfilter.blogspot.com/2014/08/defend-your-network-and-privacy-vpn.html\" rel=\"nofollow\"\u003eDefend your network and privacy, FreeBSD version\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBack in \u003ca href=\"http://www.bsdnow.tv/episodes/2014_05_28-the_friendly_sandbox\" rel=\"nofollow\"\u003eepisode 39\u003c/a\u003e, we covered a blog post about creating an OpenBSD gateway - partly based on \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eour tutorial\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis is a follow-up post, by the same author, about doing a similar thing with FreeBSD\u003c/li\u003e\n\u003cli\u003eHe mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs\u003c/li\u003e\n\u003cli\u003eThe rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/dont-encrypt-all-the-things\" rel=\"nofollow\"\u003eDon\u0026#39;t encrypt all the things\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother couple of interesting blog posts from \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e about encryption\u003c/li\u003e\n\u003cli\u003eIt talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good\u003c/li\u003e\n\u003cli\u003eAfter heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie\u003c/li\u003e\n\u003cli\u003eHe also talks a bit about some PGP weaknesses and a possible future replacement\u003c/li\u003e\n\u003cli\u003eHe also has another, similar post entitled \u0026quot;\u003ca href=\"http://www.tedunangst.com/flak/post/in-defense-of-opportunistic-encryption\" rel=\"nofollow\"\u003ein defense of opportunistic encryption\u003c/a\u003e\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=270096\" rel=\"nofollow\"\u003eNew automounter lands in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe work on the new automounter has just landed in 11-CURRENT\u003c/li\u003e\n\u003cli\u003eWith help from the FreeBSD Foundation, we\u0026#39;ll have a new \u0026quot;autofs\u0026quot; kernel option\u003c/li\u003e\n\u003cli\u003eCheck the SVN viewer online to read over the man pages if you\u0026#39;re not running -CURRENT\u003c/li\u003e\n\u003cli\u003eYou can also read a bit about it in the \u003ca href=\"https://www.freebsdfoundation.org/press/2014jul-newsletter#Project3\" rel=\"nofollow\"\u003erecent newsletter\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032810.html\" rel=\"nofollow\"\u003eOpenSSH 6.7 CFT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt\u0026#39;s been a little while since the last OpenSSH release, but 6.7 is almost ready\u003c/li\u003e\n\u003cli\u003eOur friend \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003eDamien Miller\u003c/a\u003e issued a call for testing for the upcoming version, which includes a fair amount of new features\u003c/li\u003e\n\u003cli\u003eIt includes some old code removal, some new features and some internal reworkings - we\u0026#39;ll cover the full list in detail when it\u0026#39;s released\u003c/li\u003e\n\u003cli\u003eThis version also officially supports being built with LibreSSL now\u003c/li\u003e\n\u003cli\u003eHelp test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20yIP7VXa\" rel=\"nofollow\"\u003eDavid writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2DeeUjAn6\" rel=\"nofollow\"\u003eLachlan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s216imwEb0\" rel=\"nofollow\"\u003eFrancis writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2oc8vavWe\" rel=\"nofollow\"\u003eFrank writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20wL61sSr\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.","date_published":"2014-08-20T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4502bfee-e803-4a0d-bdcc-fd4420b30bb1.mp3","mime_type":"audio/mpeg","size_in_bytes":62975956,"duration_in_seconds":5247}]},{"id":"b0306dc5-ee87-4a03-aeea-9a89b915ff5e","title":"50: VPN, My Dear Watson","url":"https://www.bsdnow.tv/50","content_text":"It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMeetBSD 2014 is approaching\n\n\nThe MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California\nMeetBSD has an \"unconference\" format, which means there will be both planned talks and community events\nAll the extra details will be on their site soon\nIt also has hotels and various other bits of useful information - hopefully with more info on the talks to come\nOf course, EuroBSDCon is coming up before then\n***\n\n\nFirst experiences with OpenBSD\n\n\nA new blog post that leads off with \"tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before\"\nThe author read the famous \"BSD for Linux users\" series (that most of us have surely seen) and decided to give BSD a try\nHe details his different OS and distro history, concluding with how he \"eventually became annoyed at the poor quality of Linux userland software\"\nFrom there, it talks about how he used the OpenBSD USB image and got a fully-working system\nHe especially liked the simplicity of OpenBSD's \"hostname.if\" system for network configuration\nFinally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! \n***\n\n\nNetBSD rump kernels on bare metal (and Kansai OSC report)\n\n\nWhen you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right\nHowever, NetBSD's rump kernels - a very unique concept - make this process a lot easier\nThis blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week\nAlso have a look back at episode 8 for our interview about rump kernels and what exactly they do\nWhile on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight\n***\n\n\nOpenSSL and LibreSSL updates\n\n\nOpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)\nSecurity concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more\nLibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them\nWhichever version of whatever SSL you use, make sure it's patched for these issues\nDragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)\n***\n\n\nInterview - Robert Watson - rwatson@freebsd.org\n\nFreeBSD architecture, security research techniques, exploit mitigation\n\n\n\nTutorial\n\nProtecting traffic with a BSD-based VPN\n\n\n\nNews Roundup\n\nA FreeBSD-based CGit server\n\n\nIf you use git (like a certain host of this show) then you've probably considered setting up your own server\nThis article takes you through the process of setting up a jailed git server, complete with a fancy web frontend\nIt even shows you how to set up multiple repos with key-based user separation and other cool things\nThe author of the post is also a listener of the show, thanks for sending it in!\n***\n\n\nBackup devices for small businesses\n\n\nIn this article, different methods of data storage and backup are compared\nAfter weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer\nHe praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers\nIt also goes over some of the hardware specifics in the FreeNAS Mini\n***\n\n\nA new Xenocara interview\n\n\nAs a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara\nIf you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches\nIn this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing\nMatthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there\n***\n\n\nBuilding a high performance FreeBSD samba server\n\n\nIf you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?\nFreeBSD, ZFS and Samba obviously!\nThe master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients\nThis article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)\nIt doesn't even require the newest or best hardware with the right changes, pretty cool\n***\n\n\nFeedback/Questions\n\n\nAn interesting Reddit thread (or two)\nPB writes in\nSean writes in\nSteve writes in\nLachlan writes in\nJustin writes in\n***\n","content_html":"\u003cp\u003eIt\u0026#39;s our 50th episode, and we\u0026#39;re going to show you how to protect your internet traffic with a BSD-based VPN. We\u0026#39;ll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.ixsystems.com/whats-new/ixsystems-to-host-meetbsd-california-2014-at-western-digital-in-san-jose/\" rel=\"nofollow\"\u003eMeetBSD 2014 is approaching\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California\u003c/li\u003e\n\u003cli\u003eMeetBSD has an \u0026quot;unconference\u0026quot; format, which means there will be both planned talks and community events\u003c/li\u003e\n\u003cli\u003eAll the extra details will be on \u003ca href=\"https://www.meetbsd.com/\" rel=\"nofollow\"\u003etheir site\u003c/a\u003e soon\u003c/li\u003e\n\u003cli\u003eIt also has hotels and various other bits of useful information - hopefully with more info on the talks to come\u003c/li\u003e\n\u003cli\u003eOf course, EuroBSDCon is coming up before then\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.azabani.com/2014/08/09/first-experiences-with-openbsd.html\" rel=\"nofollow\"\u003eFirst experiences with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new blog post that leads off with \u0026quot;tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven\u0026#39;t tried before\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe author read the famous \u0026quot;\u003ca href=\"http://www.over-yonder.net/%7Efullermd/rants/bsd4linux/01\" rel=\"nofollow\"\u003eBSD for Linux users\u003c/a\u003e\u0026quot; series (that most of us have surely seen) and decided to give BSD a try\u003c/li\u003e\n\u003cli\u003eHe details his different OS and distro history, concluding with how he \u0026quot;eventually became annoyed at the poor quality of Linux userland software\u0026quot;\u003c/li\u003e\n\u003cli\u003eFrom there, it talks about how he used the OpenBSD USB image and got a fully-working system\u003c/li\u003e\n\u003cli\u003eHe especially liked the simplicity of OpenBSD\u0026#39;s \u0026quot;hostname.if\u0026quot; system for network configuration\u003c/li\u003e\n\u003cli\u003eFinally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/an_internet_ready_os_from\" rel=\"nofollow\"\u003eNetBSD rump kernels on bare metal (and Kansai OSC report)\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhen you\u0026#39;re developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right\u003c/li\u003e\n\u003cli\u003eHowever, NetBSD\u0026#39;s rump kernels - a very unique concept - make this process a lot easier\u003c/li\u003e\n\u003cli\u003eThis blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week\u003c/li\u003e\n\u003cli\u003eAlso have a look back at \u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction\" rel=\"nofollow\"\u003eepisode 8\u003c/a\u003e for our interview about rump kernels and what exactly they do\u003c/li\u003e\n\u003cli\u003eWhile on the topic of NetBSD, there were also a couple of \u003ca href=\"http://mail-index.netbsd.org/netbsd-advocacy/2014/08/09/msg000658.html\" rel=\"nofollow\"\u003every detailed reports\u003c/a\u003e (with lots of pictures!) of the various NetBSD-themed booths at the 2014 \u003ca href=\"http://d.hatena.ne.jp/mizuno-as/20140806/1407307913\" rel=\"nofollow\"\u003eKansai Open Source Conference\u003c/a\u003e that we wanted to highlight\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.openssl.org/news/secadv_20140806.txt\" rel=\"nofollow\"\u003eOpenSSL and LibreSSL updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)\u003c/li\u003e\n\u003cli\u003eSecurity concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=140752295222929\u0026w=2\" rel=\"nofollow\"\u003eLibreSSL released a new version\u003c/a\u003e to address most of the vulnerabilities, but wasn\u0026#39;t affected by some of them\u003c/li\u003e\n\u003cli\u003eWhichever version of whatever SSL you use, make sure it\u0026#39;s patched for these issues\u003c/li\u003e\n\u003cli\u003eDragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Robert Watson - \u003ca href=\"mailto:rwatson@freebsd.org\" rel=\"nofollow\"\u003erwatson@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD architecture, security research techniques, exploit mitigation\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/openvpn\" rel=\"nofollow\"\u003eProtecting traffic with a BSD-based VPN\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lechindianer.de/blog/2014/08/06/freebsd-cgit/\" rel=\"nofollow\"\u003eA FreeBSD-based CGit server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you use git (like a certain host of this show) then you\u0026#39;ve probably considered setting up your own server\u003c/li\u003e\n\u003cli\u003eThis article takes you through the process of setting up a jailed git server, complete with a fancy web frontend\u003c/li\u003e\n\u003cli\u003eIt even shows you how to set up multiple repos with key-based user separation and other cool things\u003c/li\u003e\n\u003cli\u003eThe author of the post is also a listener of the show, thanks for sending it in!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.smallbusinesscomputing.com/biztools/6-data-backup-devices-for-small-businesses.html\" rel=\"nofollow\"\u003eBackup devices for small businesses\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this article, different methods of data storage and backup are compared\u003c/li\u003e\n\u003cli\u003eAfter weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer\u003c/li\u003e\n\u003cli\u003eHe praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers\u003c/li\u003e\n\u003cli\u003eIt also goes over some of the hardware specifics in the FreeNAS Mini\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.bronevichok.ru/2014/08/06/testing-of-xorg.html\" rel=\"nofollow\"\u003eA new Xenocara interview\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs a follow up to last week\u0026#39;s OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re not familiar with Xenocara, it\u0026#39;s OpenBSD\u0026#39;s version of Xorg with some custom patches\u003c/li\u003e\n\u003cli\u003eIn this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing\u003c/li\u003e\n\u003cli\u003eMatthieu is both a developer of upstream Xorg and an OpenBSD developer, so it\u0026#39;s natural for him to do a lot of the maintainership work there\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://not.burntout.org/blog/high_performance_samba_server_on_freebsd/\" rel=\"nofollow\"\u003eBuilding a high performance FreeBSD samba server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what\u0026#39;s the best solution?\u003c/li\u003e\n\u003cli\u003eFreeBSD, ZFS and Samba obviously!\u003c/li\u003e\n\u003cli\u003eThe master image and related files clock in at over 20GB, and will be accessed at the same time by \u003cem\u003eall\u003c/em\u003e of those clients\u003c/li\u003e\n\u003cli\u003eThis article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)\u003c/li\u003e\n\u003cli\u003eIt doesn\u0026#39;t even require the newest or best hardware with the right changes, pretty cool\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.reddit.com/r/BSD/comments/2ctlt4/switched_from_arch_linux_to_openbsd_reference/\" rel=\"nofollow\"\u003eAn interesting Reddit thread\u003c/a\u003e (\u003ca href=\"http://www.reddit.com/r/BSD/comments/2dcig9/thinking_about_coming_to_bsd_from_arch\" rel=\"nofollow\"\u003eor two\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21t7L5bqO\" rel=\"nofollow\"\u003ePB writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20MFywDqZ\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Td6nq11J\" rel=\"nofollow\"\u003eSteve writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s215MlpJYV\" rel=\"nofollow\"\u003eLachlan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2N4JKkoKt\" rel=\"nofollow\"\u003eJustin writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.","date_published":"2014-08-13T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b0306dc5-ee87-4a03-aeea-9a89b915ff5e.mp3","mime_type":"audio/mpeg","size_in_bytes":62998996,"duration_in_seconds":5249}]},{"id":"ccc19842-ae62-43a9-8f82-44f3f281de42","title":"49: The PC-BSD Tour","url":"https://www.bsdnow.tv/49","content_text":"Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD foundation semi-annual newsletter\n\n\nThe FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation\n\"In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!\"\nIt talks about the FreeBSD journal as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT\nThe full list of funded projects is included, also with details in the financial reports\nThere are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon\n","content_html":"\u003cp\u003eComing up this week on the show, we\u0026#39;ve got something special for you! We\u0026#39;ll be giving you an in-depth look at all of the graphical PC-BSD utilities. That\u0026#39;s right, BSD doesn\u0026#39;t have to be commandline-only anymore! There\u0026#39;s also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2014jul-newsletter\" rel=\"nofollow\"\u003eFreeBSD foundation semi-annual newsletter\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation\u003c/li\u003e\n\u003cli\u003e\u0026quot;In fact after reading [the president\u0026#39;s] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt talks about the \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003eFreeBSD journal\u003c/a\u003e as being one of the most exciting things they\u0026#39;ve launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT\u003c/li\u003e\n\u003cli\u003eThe full list of funded projects is included, also with details in the financial reports\u003c/li\u003e\n\u003cli\u003eThere are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.","date_published":"2014-08-06T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ccc19842-ae62-43a9-8f82-44f3f281de42.mp3","mime_type":"audio/mpeg","size_in_bytes":59661652,"duration_in_seconds":4971}]},{"id":"e0c8ab6b-dd19-4778-8dc2-4b02bd2ae809","title":"48: Liberating SSL","url":"https://www.bsdnow.tv/48","content_text":"Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD quarterly status report\n\n\nFreeBSD has gotten quite a lot done this quarter\nChanges in the way release branches are supported - major releases will get at least five years over their lifespan\nA new automounter is in the works, hoping to replace amd (which has some issues)\nThe CAM target layer and RPC stack have gotten some major optimization and speed boosts\nWork on ZFSGuru continues, with a large status report specifically for that\nThe report also mentioned some new committers, both source and ports\nIt also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show\n\"Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period\"\n***\n\n\nA new OpenBSD HTTPD is born\n\n\nWork has begun on a new HTTP daemon in the OpenBSD base system\nA lot of people are asking \"why?\" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?\nInitial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)\nIt's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter\nThis has the added benefit of the usual, easy-to-understand syntax and privilege separation \nThere's a very brief man page online already\nIt supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs\nWill it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not)\n***\n\n\npkgng 1.3 announced\n\n\nThe newest version of FreeBSD's second generation package management system has been released, with lots of new features\nIt has a new \"real\" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)\nLots of the code has been sandboxed for extra security\nYou'll probably notice some new changes to the UI too, making things more user friendly\nA few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday\n***\n\n\nFreeBSD after-install security tasks\n\n\nA number of people have written in to ask us \"how do I secure my BSD box after I install it?\"\nWith this blog post, hopefully most of their questions will finally be answered in detail\nIt goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things\nNot only does it just list things to do, but the post also does a good job of explaining why you should do them\nMaybe we'll see some more posts in this series in the future\n***\n\n\nInterview - Brent Cook - bcook@openbsd.org / @busterbcook\n\nLibreSSL's portable version and development\n\n\n\nNews Roundup\n\nFreeBSD Mastery - Storage Essentials\n\n\nMWL's new book about the FreeBSD storage subsystems now has an early draft available\nEarly buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes\nTopics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance\nYou'll get access to the completed (e)book when it's done if you buy the early draft\nThe suggested price is $8\n***\n\n\nWhy BSD and not Linux?\n\n\nYet another thread comes up asking why you should choose BSD over Linux or vice-versa\nLots of good responses from users of the various BSDs\nDirectly ripping a quote: \"Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is \"GCC free\". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity.\"\nAnd \"Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS.\"\nSome other users share their switching experiences - worth a read\n***\n\n\nMore g2k14 hackathon reports\n\n\nFollowing up from last week's huge list of hackathon reports, we have a few more\nLandry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream\nAndrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl\nTed Unangst did his usual \"teduing\" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth\nLuckily we didn't have to cover 20 new ones this time!\n***\n\n\nBSDTalk episode 243\n\n\nThe newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team\nThe main topic of discussion is mandoc, which some users might not be familiar with\nmandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)\nWe'll catch up to you soon, Will!\n***\n\n\nFeedback/Questions\n\n\nThomas writes in\nStephen writes in\nSha'ul writes in\nFlorian writes in\nBob Beck writes in - and note the \"Caution\" section that was added to libressl.org\n***\n","content_html":"\u003cp\u003eComing up in this week\u0026#39;s episode, we\u0026#39;ll be talking with one of OpenBSD\u0026#39;s newest developers - Brent Cook - about the portable version of LibreSSL and how it\u0026#39;s developed. We\u0026#39;ve also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2014-04-2014-06.html\" rel=\"nofollow\"\u003eFreeBSD quarterly status report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD has gotten quite a lot done this quarter\u003c/li\u003e\n\u003cli\u003eChanges in the way release branches are supported - major releases will get at least five years over their lifespan\u003c/li\u003e\n\u003cli\u003eA new automounter is in the works, hoping to replace amd (which has some issues)\u003c/li\u003e\n\u003cli\u003eThe CAM target layer and RPC stack have gotten some major optimization and speed boosts\u003c/li\u003e\n\u003cli\u003eWork on ZFSGuru continues, with a large status report specifically for that\u003c/li\u003e\n\u003cli\u003eThe report also mentioned some new committers, both source and ports\u003c/li\u003e\n\u003cli\u003eIt also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we\u0026#39;ve already mentioned on the show\u003c/li\u003e\n\u003cli\u003e\u0026quot;Foundation-sponsored work resulted in \u003cstrong\u003e226 commits\u003c/strong\u003e to FreeBSD over the April to June period\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140724094043\" rel=\"nofollow\"\u003eA new OpenBSD HTTPD is born\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWork has begun on a new HTTP daemon in the OpenBSD base system\u003c/li\u003e\n\u003cli\u003eA lot of people are \u003ca href=\"http://www.reddit.com/r/BSD/comments/2b7azm/openbsd_gets_its_own_http_server/\" rel=\"nofollow\"\u003easking\u003c/a\u003e \u0026quot;why?\u0026quot; since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?\u003c/li\u003e\n\u003cli\u003eInitial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn\u0026#39;t trying to be a full-featured replacement)\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter\u003c/li\u003e\n\u003cli\u003eThis has the added benefit of the usual, easy-to-understand syntax and privilege separation \u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a very brief \u003ca href=\"http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8\" rel=\"nofollow\"\u003eman page\u003c/a\u003e online already\u003c/li\u003e\n\u003cli\u003eIt supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs\u003c/li\u003e\n\u003cli\u003eWill it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-July/000084.html\" rel=\"nofollow\"\u003epkgng 1.3 announced\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe newest version of FreeBSD\u0026#39;s second generation \u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003epackage management system\u003c/a\u003e has been released, with lots of new features\u003c/li\u003e\n\u003cli\u003eIt has a new \u0026quot;real\u0026quot; solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)\u003c/li\u003e\n\u003cli\u003eLots of the code has been sandboxed for extra security\u003c/li\u003e\n\u003cli\u003eYou\u0026#39;ll probably notice some new changes to the UI too, making things more user friendly\u003c/li\u003e\n\u003cli\u003eA few days later \u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026sortby=date\u0026revision=362996\" rel=\"nofollow\"\u003e1.3.1\u003c/a\u003e was released to fix a few small bugs, then \u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=363108\" rel=\"nofollow\"\u003e1.3.2\u003c/a\u003e shortly thereafter and \u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=363363\" rel=\"nofollow\"\u003e1.3.3\u003c/a\u003e yesterday\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://twisteddaemon.com/post/92921205276/freebsd-installed-your-next-five-moves-should-be\" rel=\"nofollow\"\u003eFreeBSD after-install security tasks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA number of people have written in to ask us \u0026quot;how do I secure my BSD box after I install it?\u0026quot;\u003c/li\u003e\n\u003cli\u003eWith this blog post, hopefully most of their questions will finally be answered in detail\u003c/li\u003e\n\u003cli\u003eIt goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things\u003c/li\u003e\n\u003cli\u003eNot only does it just list things to do, but the post also does a good job of explaining why you should do them\u003c/li\u003e\n\u003cli\u003eMaybe we\u0026#39;ll see some more posts in this series in the future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Brent Cook - \u003ca href=\"mailto:bcook@openbsd.org\" rel=\"nofollow\"\u003ebcook@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/busterbcook\" rel=\"nofollow\"\u003e@busterbcook\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eLibreSSL\u0026#39;s portable version and development\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.tiltedwindmillpress.com/?product=freebsd-mastery-storage-essentials\" rel=\"nofollow\"\u003eFreeBSD Mastery - Storage Essentials\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMWL\u003c/a\u003e\u0026#39;s new book about the FreeBSD storage subsystems now has an early draft available\u003c/li\u003e\n\u003cli\u003eEarly buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes\u003c/li\u003e\n\u003cli\u003eTopics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance\u003c/li\u003e\n\u003cli\u003eYou\u0026#39;ll get access to the completed (e)book when it\u0026#39;s done if you buy the early draft\u003c/li\u003e\n\u003cli\u003eThe suggested price is $8\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.reddit.com/r/BSD/comments/2buea5/why_bsd_and_not_linux_or_why_linux_and_not_bsd/\" rel=\"nofollow\"\u003eWhy BSD and not Linux?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYet another thread comes up asking why you should choose BSD over Linux or vice-versa\u003c/li\u003e\n\u003cli\u003eLots of good responses from users of the various BSDs\u003c/li\u003e\n\u003cli\u003eDirectly ripping a quote: \u0026quot;Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is \u0026quot;GCC free\u0026quot;. DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity.\u0026quot;\u003c/li\u003e\n\u003cli\u003eAnd \u0026quot;Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS.\u0026quot;\u003c/li\u003e\n\u003cli\u003eSome other users share their switching experiences - worth a read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140724161550\" rel=\"nofollow\"\u003eMore g2k14 hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFollowing up from last week\u0026#39;s \u003ca href=\"http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv\" rel=\"nofollow\"\u003ehuge list\u003c/a\u003e of hackathon reports, we have a few more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140724161550\" rel=\"nofollow\"\u003eLandry Breuil\u003c/a\u003e spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140728122850\" rel=\"nofollow\"\u003eAndrew Fresh\u003c/a\u003e enjoyed his first hackathon, pushing OpenBSD\u0026#39;s perl patches upstream and got tricked into rewriting the adduser utility in perl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140729070721\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e did his usual \u0026quot;teduing\u0026quot; (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth\u003c/li\u003e\n\u003cli\u003eLuckily we didn\u0026#39;t have to cover 20 new ones this time!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2014/07/mandoc-with-ingo-schwarze.html\" rel=\"nofollow\"\u003eBSDTalk episode 243\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe newest episode of \u003ca href=\"http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk\" rel=\"nofollow\"\u003eBSDTalk\u003c/a\u003e is out, featuring an interview with Ingo Schwarze of the OpenBSD team\u003c/li\u003e\n\u003cli\u003eThe main topic of discussion is mandoc, which some users might not be familiar with\u003c/li\u003e\n\u003cli\u003emandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it\u0026#39;s not built by default)\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll catch up to you soon, Will!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2xLRQytAZ\" rel=\"nofollow\"\u003eThomas writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21AYng20n\" rel=\"nofollow\"\u003eStephen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2DwLRdQDS\" rel=\"nofollow\"\u003eSha\u0026#39;ul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2E05L31BC\" rel=\"nofollow\"\u003eFlorian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Nmg3Jrk\" rel=\"nofollow\"\u003eBob Beck writes in\u003c/a\u003e - and note the \u0026quot;Caution\u0026quot; section that was added to \u003ca href=\"http://www.libressl.org/\" rel=\"nofollow\"\u003elibressl.org\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.","date_published":"2014-07-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e0c8ab6b-dd19-4778-8dc2-4b02bd2ae809.mp3","mime_type":"audio/mpeg","size_in_bytes":43106548,"duration_in_seconds":3592}]},{"id":"2c9f4e68-6474-41f9-ab80-bb40fbb76855","title":"47: DES Challenge IV","url":"https://www.bsdnow.tv/47","content_text":"Coming up this week on the show! We've got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like. The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\ng2k14 hackathon reports\n\n\nNearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon\nLots of work got done - in just the first two weeks of July, there were over 1000 commits to their CVS tree\nSome of the developers wrote in to document what they were up to at the event\nBob Beck planned to work on kernel stuff, but then \"LibreSSL happened\" and he spent most of his time working on that\nMiod Vallat also tells about his LibreSSL experiences\nBrent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!)\nHenning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)\nMartin Pieuchot fixed some bugs in the USB stack, softraid and misc other things\nMarc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency\nMartin Pelikan integrated read-only ext4 support\nVadim Zhukov did lots of ports work, including working on KDE4\nTheo de Raadt created a new, more secure system call, \"sendsyslog\" and did a lot of work with /etc, sysmerge and the rc scripts\nPaul Irofti worked on the USB stack, specifically for the Octeon platform\nSebastian Benoit worked on relayd filters and IPv6 code\nJasper Lievisse Adriaanse did work with puppet, packages and the bootloader\nJonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection\nStefan Sperling fixed a lot of issues with wireless drivers\nFlorian Obser did many things related to IPv6\nIngo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface\nKen Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives\nMatthieu Herrb worked on updating and modernizing parts of xenocara\n***\n\n\nFreeBSD pf discussion takes off\n\n\nConcerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the \"questions\" and \"current\" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)\nStraight from the SMP FreeBSD pf maintainer: \"no one right now [is actively developing pf on FreeBSD]\"\nSearching for documentation online for pf is troublesome because there are two incompatible syntaxes\nFreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating\nThere's also the issue of importing patches from pfSense, but most of those still haven't been done either\nLots of disagreement among developers vs. users...\nMany users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested\nHenning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions\nGleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as \"uncorroborated claims\" (but neither side has provided any public benchmarks)\nGleb had to abandon his work on FreeBSD's pf because funding ran out\n***\n\n\nLibreSSL progress update\n\n\nLibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago\nLots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list\nHowever, there has already been some drama... with Linux users\nThere was a problem with Linux's PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy\nThis \"problem\" doesn't affect OpenBSD's native implementation, only the portable version\nThe developers decide to weigh in to calm the misinformation and rage\nA fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now - remember to say thanks, guys\nTed Unangst has a really good post about the whole situation, definitely check it out\nAs a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it\n***\n\n\nPreparation for NetBSD 7\n\n\nThe release process for NetBSD 7.0 is finally underway\nThe netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September\nIf you run NetBSD, that'll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)\nThey're also looking for some help updating documentation and fixing any bugs that get reported\nAnother formal announcement will be made when the beta binaries are up\n***\n\n\nInterview - Dag-Erling Smørgrav - des@freebsd.org / @RealEvilDES\n\nThe role of the FreeBSD Security Officer, recent ports features, various topics\n\n\n\nNews Roundup\n\nBSDCan ports and packages WG\n\n\nBack at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages\nBapt talked about package building, poudriere and the systems the foundation funded for compiling packages\nThere's also some detail about the signing infrastructure and different mirrors\nPorts people and source people need to talk more often about ABI breakage\nThe post also includes information about pkg 1.3, the old pkg tools' EOL, the quarterly stable package sets and a lot more (it's a huge post!)\n***\n\n\nCross-compiling ports with QEMU and poudriere\n\n\nWith recent QEMU features, you can basically chroot into a completely different architecture\nThis article goes through the process of building ARMv6 packages on a normal X86 box\nNote though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now\nThe poudriere-devel port now has a \"qemu user\" option that will pull in all the requirements\nHopefully this will pave the way for official pkgng packages on those lesser-used architectures\n***\n\n\nCloning FreeBSD with ZFS send\n\n\nFor a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen\nThis post shows his entire process in creating a mirror machine, using ZFS for everything\nThe \"zfs send\" and \"zfs snapshot\" commands really come in handy for this\nHe does the whole thing from a live CD, pretty impressive\n***\n\n\nFreeBSD Overview series\n\n\nA new blog series we stumbled upon about a Linux user switching to BSD\nIn part one, he gives a little background on being \"done with Linux distros\" and documents his initial experience getting and installing FreeBSD 10\nHe was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels\nMost of what he was used to on Linux was already in the default FreeBSD (except bash...)\nPart two documents his experiences with pkgng and ports \n***\n\n\nFeedback/Questions\n\n\nBostjan writes in\nRick writes in\nClint writes in\nEsteban writes in\nBen writes in\nMatt sends in pictures of his FreeBSD CD collection\n***\n","content_html":"\u003cp\u003eComing up this week on the show! We\u0026#39;ve got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like. The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/hackathons.html\" rel=\"nofollow\"\u003eg2k14 hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon\u003c/li\u003e\n\u003cli\u003eLots of work got done - in just the first two weeks of July, there were \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026r=1\u0026b=201407\u0026w=2\" rel=\"nofollow\"\u003eover 1000 commits\u003c/a\u003e to their CVS tree\u003c/li\u003e\n\u003cli\u003eSome of the developers wrote in to document what they were up to at the event\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140713220618\" rel=\"nofollow\"\u003eBob Beck\u003c/a\u003e planned to work on kernel stuff, but then \u0026quot;LibreSSL happened\u0026quot; and he spent most of his time working on that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140718072312\" rel=\"nofollow\"\u003eMiod Vallat\u003c/a\u003e also tells about his LibreSSL experiences\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140718090456\" rel=\"nofollow\"\u003eBrent Cook\u003c/a\u003e, a new developer, worked mainly on the portable version of LibreSSL (and we\u0026#39;ll be interviewing him next week!)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140714094454\" rel=\"nofollow\"\u003eHenning Brauer\u003c/a\u003e worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140714191912\" rel=\"nofollow\"\u003eMartin Pieuchot\u003c/a\u003e fixed some bugs in the USB stack, softraid and misc other things\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140714202157\" rel=\"nofollow\"\u003eMarc Espie\u003c/a\u003e improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140715120259\" rel=\"nofollow\"\u003eMartin Pelikan\u003c/a\u003e integrated read-only ext4 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140715094848\" rel=\"nofollow\"\u003eVadim Zhukov\u003c/a\u003e did lots of ports work, including working on KDE4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140715212333\" rel=\"nofollow\"\u003eTheo de Raadt\u003c/a\u003e created a new, more secure system call, \u0026quot;sendsyslog\u0026quot; and did a lot of work with /etc, sysmerge and the rc scripts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140718134017\" rel=\"nofollow\"\u003ePaul Irofti\u003c/a\u003e worked on the USB stack, specifically for the Octeon platform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140719104939\" rel=\"nofollow\"\u003eSebastian Benoit\u003c/a\u003e worked on relayd filters and IPv6 code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140719134058\" rel=\"nofollow\"\u003eJasper Lievisse Adriaanse\u003c/a\u003e did work with puppet, packages and the bootloader\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140719082410\" rel=\"nofollow\"\u003eJonathan Gray\u003c/a\u003e imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140721125235\" rel=\"nofollow\"\u003eStefan Sperling\u003c/a\u003e fixed a lot of issues with wireless drivers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140721125020\" rel=\"nofollow\"\u003eFlorian Obser\u003c/a\u003e did many things related to IPv6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140721090411\" rel=\"nofollow\"\u003eIngo Schwarze\u003c/a\u003e worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140722071413\" rel=\"nofollow\"\u003eKen Westerback\u003c/a\u003e hacked on dhclient and dhcpd, and also got dump working on 4k sector drives\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140723142224\" rel=\"nofollow\"\u003eMatthieu Herrb\u003c/a\u003e worked on updating and modernizing parts of xenocara\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-questions/2014-July/259292.html\" rel=\"nofollow\"\u003eFreeBSD pf discussion takes off\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eConcerns from last week, about FreeBSD\u0026#39;s packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the \u0026quot;questions\u0026quot; and \u0026quot;current\u0026quot; mailing lists (unfortunately people didn\u0026#39;t always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)\u003c/li\u003e\n\u003cli\u003eStraight from the SMP FreeBSD pf maintainer: \u0026quot;no one right now [is actively developing pf on FreeBSD]\u0026quot;\u003c/li\u003e\n\u003cli\u003eSearching for documentation online for pf is troublesome because there are two incompatible syntaxes\u003c/li\u003e\n\u003cli\u003eFreeBSD\u0026#39;s pf man pages are lacking, and some of FreeBSD\u0026#39;s documentation still links to OpenBSD\u0026#39;s pages, which won\u0026#39;t work anymore - possibly turning away would-be BSD converts because it\u0026#39;s frustrating\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also the issue of importing patches from pfSense, but most of those still haven\u0026#39;t been done either\u003c/li\u003e\n\u003cli\u003eLots of disagreement among developers vs. users...\u003c/li\u003e\n\u003cli\u003eMany users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren\u0026#39;t interested\u003c/li\u003e\n\u003cli\u003eHenning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions\u003c/li\u003e\n\u003cli\u003eGleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning\u0026#39;s claims about OpenBSD\u0026#39;s improved speed as \u0026quot;uncorroborated claims\u0026quot; (but neither side has provided any public benchmarks)\u003c/li\u003e\n\u003cli\u003eGleb had to abandon his work on FreeBSD\u0026#39;s pf because funding ran out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://linux.slashdot.org/story/14/07/16/1950235/libressl-prng-vulnerability-patched\" rel=\"nofollow\"\u003eLibreSSL progress update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLibreSSL\u0026#39;s first few portable releases have come out and they\u0026#39;re making great progress, releasing 2.0.3 \u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=140599450206255\u0026w=2\" rel=\"nofollow\"\u003etwo days ago\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list\u003c/li\u003e\n\u003cli\u003eHowever, there has already been some drama... with Linux users\u003c/li\u003e\n\u003cli\u003eThere was a problem with Linux\u0026#39;s PRNG, and LibreSSL was \u003ca href=\"https://twitter.com/MiodVallat/status/489122763610021888\" rel=\"nofollow\"\u003eunforgiving\u003c/a\u003e of it, not making an effort to randomize something that could not provide real entropy\u003c/li\u003e\n\u003cli\u003eThis \u0026quot;problem\u0026quot; doesn\u0026#39;t affect OpenBSD\u0026#39;s native implementation, only the portable version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.securityweek.com/openbsd-downplays-prng-vulnerability-libressl\" rel=\"nofollow\"\u003eThe developers\u003c/a\u003e decide to \u003ca href=\"http://www.tedunangst.com/flak/post/wrapping-pids-for-fun-and-profit\" rel=\"nofollow\"\u003eweigh in\u003c/a\u003e to calm the misinformation and rage\u003c/li\u003e\n\u003cli\u003eA fix was added in 2.0.2, and Linux may even \u003ca href=\"http://thread.gmane.org/gmane.linux.kernel.cryptoapi/11666\" rel=\"nofollow\"\u003eget a new system call\u003c/a\u003e to handle this properly now - remember to say thanks, guys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e has a \u003ca href=\"http://www.tedunangst.com/flak/post/this-is-why-software-sucks\" rel=\"nofollow\"\u003ereally good post\u003c/a\u003e about the whole situation, definitely check it out\u003c/li\u003e\n\u003cli\u003eAs a follow-up from last week, bapt says they\u0026#39;re working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you\u0026#39;re a port maintainer, please test your ports against it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/current-users/2014/07/13/msg025234.html\" rel=\"nofollow\"\u003ePreparation for NetBSD 7\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe release process for NetBSD 7.0 is finally underway\u003c/li\u003e\n\u003cli\u003eThe netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September\u003c/li\u003e\n\u003cli\u003eIf you run NetBSD, that\u0026#39;ll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re also looking for some help updating documentation and fixing any bugs that get reported\u003c/li\u003e\n\u003cli\u003eAnother formal announcement will be made when the beta binaries are up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Dag-Erling Smørgrav - \u003ca href=\"mailto:des@freebsd.org\" rel=\"nofollow\"\u003edes@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/RealEvilDES\" rel=\"nofollow\"\u003e@RealEvilDES\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe role of the FreeBSD Security Officer, recent ports features, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2014/07/18/bsdcan-2014-ports-and-packages-wg/\" rel=\"nofollow\"\u003eBSDCan ports and packages WG\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBack at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages\u003c/li\u003e\n\u003cli\u003eBapt talked about package building, poudriere and the systems the foundation funded for compiling packages\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also some detail about the signing infrastructure and different mirrors\u003c/li\u003e\n\u003cli\u003ePorts people and source people need to talk more often about ABI breakage\u003c/li\u003e\n\u003cli\u003eThe post also includes information about pkg 1.3, the old pkg tools\u0026#39; EOL, the quarterly stable package sets and a lot more (it\u0026#39;s a huge post!)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.ignoranthack.me/?p=212\" rel=\"nofollow\"\u003eCross-compiling ports with QEMU and poudriere\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWith recent QEMU features, you can basically chroot into a completely different architecture\u003c/li\u003e\n\u003cli\u003eThis article goes through the process of building ARMv6 packages on a normal X86 box\u003c/li\u003e\n\u003cli\u003eNote though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now\u003c/li\u003e\n\u003cli\u003eThe poudriere-devel port now has a \u0026quot;qemu user\u0026quot; option that will pull in all the requirements\u003c/li\u003e\n\u003cli\u003eHopefully this will pave the way for official pkgng packages on those lesser-used architectures\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2108\" rel=\"nofollow\"\u003eCloning FreeBSD with ZFS send\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen\u003c/li\u003e\n\u003cli\u003eThis post shows his entire process in creating a mirror machine, using ZFS for everything\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;zfs send\u0026quot; and \u0026quot;zfs snapshot\u0026quot; commands really come in handy for this\u003c/li\u003e\n\u003cli\u003eHe does the whole thing from a live CD, pretty impressive\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://thiagoperrotta.wordpress.com/2014/07/20/here-be-dragons-freebsd-overview-part-i/\" rel=\"nofollow\"\u003eFreeBSD Overview series\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new blog series we stumbled upon about a Linux user switching to BSD\u003c/li\u003e\n\u003cli\u003eIn part one, he gives a little background on being \u0026quot;done with Linux distros\u0026quot; and documents his initial experience getting and installing FreeBSD 10\u003c/li\u003e\n\u003cli\u003eHe was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels\u003c/li\u003e\n\u003cli\u003eMost of what he was used to on Linux was already in the default FreeBSD (except bash...)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://thiagoperrotta.wordpress.com/2014/07/21/here-be-packages-freebsd-overview-part-ii/\" rel=\"nofollow\"\u003ePart two\u003c/a\u003e documents his experiences with pkgng and ports \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s214FYbOKL\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21cWLhzj4\" rel=\"nofollow\"\u003eRick writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21A4grtH0\" rel=\"nofollow\"\u003eClint writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s27fQHz8Se\" rel=\"nofollow\"\u003eEsteban writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21QscO4Cr\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://imgur.com/a/Ah444\" rel=\"nofollow\"\u003eMatt sends in pictures of his FreeBSD CD collection\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week on the show! We've got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like. The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD.","date_published":"2014-07-23T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/2c9f4e68-6474-41f9-ab80-bb40fbb76855.mp3","mime_type":"audio/mpeg","size_in_bytes":66811828,"duration_in_seconds":5567}]},{"id":"e23303c8-31f0-4706-817c-1618e08cd149","title":"46: Network Iodometry","url":"https://www.bsdnow.tv/46","content_text":"We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDCon 2014 registration open\n\n\nSeptember is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year\nRegistration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th\nTutorials, sessions, dev summits and everything else all have their own pricing as well\nRegistering between August 18th - September 12th will cost more for everything\nYou can register online here and check hotels in the area\nThe FreeBSD foundation is also accepting applications for travel grants\n***\n\n\nOpenBSD SMP PF update\n\n\nA couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded\nWith them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump\nIn a recent mailing list thread, Henning Brauer addresses some of the concerns\nThe short version is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless\nHe also says PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through\nThere's also been even more recent concern about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches\nWe reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us\n***\n\n\nIntroduction to NetBSD pkgsrc\n\n\nAn article from one of our listeners about how to create a new pkgsrc port or fix one that you need\nThe post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format\nIt also lists all the different bmake targets and their functions in relation to the porting process\nFinally, the post details the whole process of creating a new port\n***\n\n\nFreeBSD 9.3-RELEASE\n\n\nAfter three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday\nThe full list of changes is available, but it's mostly a smaller maintenance release\nLots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more\nIf you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon\nGood news, this will be the first release with PGP-signed checksums on the FTP mirrors - a very welcome change\nWith that out of the way, the 10.1-RELEASE schedule was posted\n***\n\n\nInterview - Bryan Drewery - bdrewery@freebsd.org / @bdrewery\n\nThe FreeBSD package building cluster, pkgng, ports, various topics\n\n\n\nTutorial\n\nTunneling traffic through DNS\n\n\n\nNews Roundup\n\nSSH two-factor authentication on FreeBSD\n\n\nWe've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website\nThis blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port\nUsing this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally\nIt's a really, really simple process once you have the port installed - full details on the page\n***\n\n\nDitch tape backup in favor of FreeNAS\n\n\nThe author of this post shares some of his horrible experiences with tape backups for a client\nHaving constant, daily errors and failed backups, he needed to find another solution\nWith 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS)\nThe rest of the article details his experiences with it and tells about his setup\n***\n\n\nNetBSD vs FreeBSD, desktop experiences\n\n\nA NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job\nBecoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver\n\"Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga.\"\nHe's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system \n***\n\n\nPCBSD not-so-weekly digest\n\n\nSpeaking of choices for a desktop system, it's the return of the PCBSD digest!\nWarden and PBI_add have gotten some interesting new features\nYou can now create jails \"on the fly\" when adding a new PBI to your application library\nBulk jail creation is also possible now, and it's really easy\nNew Jenkins integration, with public access to poudriere logs as well\nPkgNG 1.3.0.rc2 testing for EDGE users\n***\n\n\nFeedback/Questions\n\n\nJeff writes in - Sending Encrypted Backups over SSH + Sending ZFS snapshots via user\nBruce writes in\nRichard writes in\nJeff writes in - NYCBUG dmesg list\nSteve writes in\n***\n","content_html":"\u003cp\u003eWe\u0026#39;re back, and this week we\u0026#39;ll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2014.eurobsdcon.org/registration/\" rel=\"nofollow\"\u003eEuroBSDCon 2014 registration open\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSeptember is getting closer, and that means it\u0026#39;s time for EuroBSDCon - held in Bulgaria this year\u003c/li\u003e\n\u003cli\u003eRegistration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th\u003c/li\u003e\n\u003cli\u003eTutorials, sessions, dev summits and everything else all have their own pricing as well\u003c/li\u003e\n\u003cli\u003eRegistering between August 18th - September 12th will cost more for everything\u003c/li\u003e\n\u003cli\u003eYou can \u003ca href=\"http://registration.eurobsdcon.org/\" rel=\"nofollow\"\u003eregister online here\u003c/a\u003e and \u003ca href=\"http://2014.eurobsdcon.org/registration/travel-and-stay/hotels\" rel=\"nofollow\"\u003echeck hotels in the area\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe FreeBSD foundation is also \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001577.html\" rel=\"nofollow\"\u003eaccepting applications\u003c/a\u003e for travel grants\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?t=140440541000002\u0026r=1\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD SMP PF update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded\u003c/li\u003e\n\u003cli\u003eWith them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump\u003c/li\u003e\n\u003cli\u003eIn a recent mailing list thread, \u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_30-current_events\" rel=\"nofollow\"\u003eHenning Brauer\u003c/a\u003e addresses some of the concerns\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=140479174521071\u0026w=2\" rel=\"nofollow\"\u003eshort version\u003c/a\u003e is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless\u003c/li\u003e\n\u003cli\u003eHe \u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=140481012425889\u0026w=2\" rel=\"nofollow\"\u003ealso says\u003c/a\u003e PF on OpenBSD is over four times faster than FreeBSD\u0026#39;s old version, presumably due to those extra years of development it\u0026#39;s gone through\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also been \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pf/2014-July/thread.html\" rel=\"nofollow\"\u003eeven more recent concern\u003c/a\u003e about the uncertain future of FreeBSD\u0026#39;s PF, being mostly unmaintained since their SMP patches\u003c/li\u003e\n\u003cli\u003eWe reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://saveosx.org/pkgsrc-intro/\" rel=\"nofollow\"\u003eIntroduction to NetBSD pkgsrc\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn article from one of our listeners about how to create a new pkgsrc port or fix one that you need\u003c/li\u003e\n\u003cli\u003eThe post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format\u003c/li\u003e\n\u003cli\u003eIt also lists all the different bmake targets and their functions in relation to the porting process\u003c/li\u003e\n\u003cli\u003eFinally, the post details the whole process of creating a new port\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/9.3R/relnotes.html\" rel=\"nofollow\"\u003eFreeBSD 9.3-RELEASE\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter three RCs, FreeBSD 9.3 was scheduled to be finalized and announced \u003ca href=\"https://www.freebsd.org/releases/9.3R/schedule.html\" rel=\"nofollow\"\u003etoday\u003c/a\u003e but actually came out yesterday\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.freebsd.org/releases/9.3R/relnotes.html\" rel=\"nofollow\"\u003eThe full list of changes\u003c/a\u003e is available, but it\u0026#39;s mostly a smaller maintenance release\u003c/li\u003e\n\u003cli\u003eLots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more\u003c/li\u003e\n\u003cli\u003eIf you haven\u0026#39;t jumped to the 10.x branch yet (and there are a lot of people who haven\u0026#39;t!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon\u003c/li\u003e\n\u003cli\u003eGood news, this will be \u003ca href=\"https://twitter.com/evilgjb/status/485909719522222080\" rel=\"nofollow\"\u003ethe first release\u003c/a\u003e with PGP-signed checksums on the FTP mirrors - a very welcome change\u003c/li\u003e\n\u003cli\u003eWith that out of the way, the 10.1-RELEASE schedule \u003ca href=\"https://www.freebsd.org/releases/10.1R/schedule.html\" rel=\"nofollow\"\u003ewas posted\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Bryan Drewery - \u003ca href=\"mailto:bdrewery@freebsd.org\" rel=\"nofollow\"\u003ebdrewery@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bdrewery\" rel=\"nofollow\"\u003e@bdrewery\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe FreeBSD package building cluster, pkgng, ports, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/ssh-dns\" rel=\"nofollow\"\u003eTunneling traffic through DNS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.feld.me/posts/2014/07/ssh-two-factor-authentication-on-freebsd/\" rel=\"nofollow\"\u003eSSH two-factor authentication on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website\u003c/li\u003e\n\u003cli\u003eThis blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port\u003c/li\u003e\n\u003cli\u003eUsing this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a really, really simple process once you have the port installed - full details on the page\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.darvilleit.com/why-i-ditched-tape-backup-for-a-custom-made-freenas-backup/\" rel=\"nofollow\"\u003eDitch tape backup in favor of FreeNAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author of this post shares some of his horrible experiences with tape backups for a client\u003c/li\u003e\n\u003cli\u003eHaving constant, daily errors and failed backups, he needed to find another solution\u003c/li\u003e\n\u003cli\u003eWith 1TB of backups, tapes just weren\u0026#39;t a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS)\u003c/li\u003e\n\u003cli\u003eThe rest of the article details his experiences with it and tells about his setup\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://imil.net/wp/2014/07/02/back-to-2000-2005-freebsd-desktop-2/\" rel=\"nofollow\"\u003eNetBSD vs FreeBSD, desktop experiences\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job\u003c/li\u003e\n\u003cli\u003eBecoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver\u003c/li\u003e\n\u003cli\u003e\u0026quot;Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/07/pc-bsd-feature-digest-31-warden-cli-upgrade-irc-announcement/\" rel=\"nofollow\"\u003ePCBSD not-so-weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSpeaking of choices for a desktop system, it\u0026#39;s the return of the PCBSD digest!\u003c/li\u003e\n\u003cli\u003eWarden and PBI_add have gotten some interesting new features\u003c/li\u003e\n\u003cli\u003eYou can now create jails \u0026quot;on the fly\u0026quot; when adding a new PBI to your application library\u003c/li\u003e\n\u003cli\u003eBulk jail creation is also possible now, and it\u0026#39;s really easy\u003c/li\u003e\n\u003cli\u003eNew Jenkins integration, with public access to \u003ca href=\"http://builds.pcbsd.org\" rel=\"nofollow\"\u003epoudriere logs as well\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePkgNG 1.3.0.rc2 testing for EDGE users\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21D05MP0t\" rel=\"nofollow\"\u003eJeff writes in\u003c/a\u003e - \u003ca href=\"http://allanjude.com/zfs_handbook/zfs-zfs.html#zfs-send-ssh\" rel=\"nofollow\"\u003eSending Encrypted Backups over SSH\u003c/a\u003e + \u003ca href=\"http://wiki.pcbsd.org/index.php/Life_Preserver/10.0#Backing_Up_to_a_FreeNAS_System\" rel=\"nofollow\"\u003eSending ZFS snapshots via user\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2lzo1swzo\" rel=\"nofollow\"\u003eBruce writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20z841ean\" rel=\"nofollow\"\u003eRichard writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2QYc8BOAo\" rel=\"nofollow\"\u003eJeff writes in\u003c/a\u003e - \u003ca href=\"http://www.nycbug.org/index.cgi?action=dmesgd\" rel=\"nofollow\"\u003eNYCBUG dmesg list\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2V2e1m7S7\" rel=\"nofollow\"\u003eSteve writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.","date_published":"2014-07-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e23303c8-31f0-4706-817c-1618e08cd149.mp3","mime_type":"audio/mpeg","size_in_bytes":76226260,"duration_in_seconds":6352}]},{"id":"d53fb6f3-26c8-4311-86c5-a2034403b866","title":"45: ZFS War Stories","url":"https://www.bsdnow.tv/45","content_text":"This week Allan is at BSDCam in the UK, so we'll be back with a regular episode next week. For now though, here's an interview with Josh Paetzel about some crazy experiences he's had with ZFS.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Josh Paetzel - josh@ixsystems.com / @bsdunix4ever\n\nCrazy ZFS stories, network protocols, server hardware \n\n","content_html":"\u003cp\u003eThis week Allan is at BSDCam in the UK, so we\u0026#39;ll be back with a regular episode next week. For now though, here\u0026#39;s an interview with Josh Paetzel about some crazy experiences he\u0026#39;s had with ZFS.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Josh Paetzel - \u003ca href=\"mailto:josh@ixsystems.com\" rel=\"nofollow\"\u003ejosh@ixsystems.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdunix4ever\" rel=\"nofollow\"\u003e@bsdunix4ever\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eCrazy ZFS stories, network protocols, server hardware \u003c/p\u003e\n\n\u003chr\u003e","summary":"This week Allan is at BSDCam in the UK, so we'll be back with a regular episode next week. For now though, here's an interview with Josh Paetzel about some crazy experiences he's had with ZFS.","date_published":"2014-07-09T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d53fb6f3-26c8-4311-86c5-a2034403b866.mp3","mime_type":"audio/mpeg","size_in_bytes":33459412,"duration_in_seconds":2788}]},{"id":"cbf5ab1d-2355-4c2c-ade8-0e66250b204e","title":"44: Base ISO 100","url":"https://www.bsdnow.tv/44","content_text":"This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\npfSense 2.1.4 released\n\n\nThe pfSense team has released 2.1.4, shortly after 2.1.3 - it's mainly a security release\nIncluded within are eight security fixes, most of which are pfSense-specific\nOpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)\nIt also includes a large number of various other bug fixes\nUpdate all your routers!\n***\n\n\nDragonflyBSD's pf gets SMP\n\n\nWhile we're on the topic of pf...\nDragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas\nStemming from a user's complaint, Matthew Dillon did his own work on pf to make it SMP-aware\nAltering your configuration's ruleset can also help speed things up, he found\nWhen will OpenBSD, the source of pf, finally do the same?\n***\n\n\nChaCha usage and deployment\n\n\nA while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5\nThis article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20\nOpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it\nBoth Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not\nUnfortunately, this article has one mistake: FreeBSD does not use it - they still use the broken RC4 algorithm\n***\n\n\nBSDMag June 2014 issue\n\n\nThe monthly online BSD magazine releases their newest issue\nThis one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, \"saving time and headaches using the robot framework for testing,\" an interview and an article about the increasing number of security vulnerabilities\nThe free pdf file is available for download as always\n***\n\n\nInterview - Craig Rodrigues - rodrigc@freebsd.org\n\nFreeBSD's continuous testing infrastructure\n\n\n\nTutorial\n\nCreating pre-patched OpenBSD ISOs\n\n\n\nNews Roundup\n\nPreauthenticated decryption considered harmful\n\n\nResponding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures\nIn the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns\nWith signify, now everything is fully downloaded and verified before tar is even invoked\nThe pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post\nBe sure to also read the original post from Adam, lots of good information\n***\n\n\nFreeBSD 9.3-RC2 is out\n\n\nAs the -RELEASE inches closer, release candidate 2 is out and ready for testing\nSince the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things\nThe updated bsdconfig will use pkgng style packages now too\nA lesser known fact: there are also premade virtual machine images you can use too\n***\n\n\npkgsrcCon 2014 wrap-up\n\n\nIn what may be the first real pkgsrcCon article we've ever had!\nIncludes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event\nUnfortunately no recordings to be found...\n***\n\n\nPostgreSQL FreeBSD performance and scalability\n\n\nFreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales\nOn his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings\nLots of technical details if you're interested in getting the best performance out of your hardware\nIt also includes specific kernel options he used and the rest of the configuration\nIf you don't want to open the pdf file, you can use this link too\n***\n\n\nFeedback/Questions\n\n\nJames writes in\nKlemen writes in\nJohn writes in\nBrad writes in\nAdam writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we\u0026#39;ll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can\u0026#39;t wait! This week\u0026#39;s news and answers to all your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1377\" rel=\"nofollow\"\u003epfSense 2.1.4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense\" rel=\"nofollow\"\u003epfSense team\u003c/a\u003e has released 2.1.4, shortly after 2.1.3 - it\u0026#39;s mainly a security release\u003c/li\u003e\n\u003cli\u003eIncluded within are eight security fixes, most of which are pfSense-specific\u003c/li\u003e\n\u003cli\u003eOpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)\u003c/li\u003e\n\u003cli\u003eIt also includes a large number of various other bug fixes\u003c/li\u003e\n\u003cli\u003eUpdate all your routers!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2014-June/270300.html\" rel=\"nofollow\"\u003eDragonflyBSD\u0026#39;s pf gets SMP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWhile we\u0026#39;re on the topic of pf...\u003c/li\u003e\n\u003cli\u003eDragonfly patches their old[er than even FreeBSD\u0026#39;s] pf to support multithreading in many areas\u003c/li\u003e\n\u003cli\u003eStemming from \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2014-June/128664.html\" rel=\"nofollow\"\u003ea user\u0026#39;s complaint\u003c/a\u003e, Matthew Dillon did his own work on pf to make it SMP-aware\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2014-June/128671.html\" rel=\"nofollow\"\u003eAltering your configuration\u003c/a\u003e\u0026#39;s ruleset can also help speed things up, he found\u003c/li\u003e\n\u003cli\u003eWhen will OpenBSD, the source of pf, finally do the same?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ianix.com/pub/chacha-deployment.html\" rel=\"nofollow\"\u003eChaCha usage and deployment\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA while back, \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003ewe talked to djm\u003c/a\u003e about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5\u003c/li\u003e\n\u003cli\u003eThis article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20\u003c/li\u003e\n\u003cli\u003eOpenSSH offers it as a stream cipher now, OpenBSD uses it for it\u0026#39;s random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it\u003c/li\u003e\n\u003cli\u003eBoth Google\u0026#39;s fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not\u003c/li\u003e\n\u003cli\u003eUnfortunately, this article has one mistake: FreeBSD \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-bugs/2013-October/054018.html\" rel=\"nofollow\"\u003edoes not use it\u003c/a\u003e - they \u003cem\u003estill\u003c/em\u003e use the broken RC4 algorithm\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1864-tls-hardening-june-bsd-magazine-issue\" rel=\"nofollow\"\u003eBSDMag June 2014 issue\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe monthly online BSD magazine releases their newest issue\u003c/li\u003e\n\u003cli\u003eThis one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, \u0026quot;saving time and headaches using the robot framework for testing,\u0026quot; an interview and an article about the increasing number of security vulnerabilities\u003c/li\u003e\n\u003cli\u003eThe free pdf file is available for download as always\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Craig Rodrigues - \u003ca href=\"mailto:rodrigc@freebsd.org\" rel=\"nofollow\"\u003erodrigc@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD\u0026#39;s \u003ca href=\"https://wiki.freebsd.org/Jenkins\" rel=\"nofollow\"\u003econtinuous\u003c/a\u003e \u003ca href=\"https://docs.google.com/presentation/d/1yBiPxS1nKnVwRlAEsYeAOzYdpG5uzXTv1_7i7jwVCfU/edit#slide=id.p\" rel=\"nofollow\"\u003etesting\u003c/a\u003e \u003ca href=\"https://jenkins.freebsd.org/jenkins/\" rel=\"nofollow\"\u003einfrastructure\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/stable-iso\" rel=\"nofollow\"\u003eCreating pre-patched OpenBSD ISOs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/preauthenticated-decryption-considered-harmful\" rel=\"nofollow\"\u003ePreauthenticated decryption considered harmful\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eResponding to \u003ca href=\"https://www.imperialviolet.org/2014/06/27/streamingencryption.html\" rel=\"nofollow\"\u003ea post\u003c/a\u003e from Adam Langley, \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e talks a little more about how signify and pkg_add handle signatures\u003c/li\u003e\n\u003cli\u003eIn the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns\u003c/li\u003e\n\u003cli\u003eWith signify, now everything is fully downloaded and verified before tar is even invoked\u003c/li\u003e\n\u003cli\u003eThe pkg_add utility works a little bit differently, but it\u0026#39;s also been improved in this area - details in the post\u003c/li\u003e\n\u003cli\u003eBe sure to also read the original post from Adam, lots of good information\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/079092.html\" rel=\"nofollow\"\u003eFreeBSD 9.3-RC2 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs the -RELEASE inches closer, release candidate 2 is out and ready for testing\u003c/li\u003e\n\u003cli\u003eSince the last one, it\u0026#39;s got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things\u003c/li\u003e\n\u003cli\u003eThe updated bsdconfig will use pkgng style packages now too\u003c/li\u003e\n\u003cli\u003eA lesser known fact: there are also premade virtual machine images you can use too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://saveosx.org/pkgsrcCon/\" rel=\"nofollow\"\u003epkgsrcCon 2014 wrap-up\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn what may be the first real pkgsrcCon article we\u0026#39;ve ever had!\u003c/li\u003e\n\u003cli\u003eIncludes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event\u003c/li\u003e\n\u003cli\u003eUnfortunately no recordings to be found...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://kib.kiev.ua/kib/pgsql_perf.pdf\" rel=\"nofollow\"\u003ePostgreSQL FreeBSD performance and scalability\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales\u003c/li\u003e\n\u003cli\u003eOn his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings\u003c/li\u003e\n\u003cli\u003eLots of technical details if you\u0026#39;re interested in getting the best performance out of your hardware\u003c/li\u003e\n\u003cli\u003eIt also includes specific kernel options he used and the rest of the configuration\u003c/li\u003e\n\u003cli\u003eIf you don\u0026#39;t want to open the pdf file, you can \u003ca href=\"https://docs.google.com/viewer?url=https%3A%2F%2Fkib.kiev.ua%2Fkib%2Fpgsql_perf.pdf\" rel=\"nofollow\"\u003euse this link\u003c/a\u003e too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s24pFjUPe4\" rel=\"nofollow\"\u003eJames writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21OogIgTu\" rel=\"nofollow\"\u003eKlemen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21rLcemNN\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s203Qsx6CZ\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2eBj0FfSL\" rel=\"nofollow\"\u003eAdam writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD.","date_published":"2014-07-02T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cbf5ab1d-2355-4c2c-ade8-0e66250b204e.mp3","mime_type":"audio/mpeg","size_in_bytes":75659476,"duration_in_seconds":6304}]},{"id":"d4b10034-d20a-44a6-a918-a57335debcae","title":"43: Package Design","url":"https://www.bsdnow.tv/43","content_text":"It's a big show this week! We'll be interviewing Marc Espie about OpenBSD's package system and build cluster. Also, we've been asked many times \"how do I keep my BSD box up to date?\" Well, today's tutorial should finally answer that. Answers to all your emails and this week's headlines, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDCon 2014 talks and schedule\n\n\nThe talks and schedules for EuroBSDCon 2014 are finally revealed\nThe opening keynote is called \"FreeBSD, looking forward to another 10 years\" by jkh\nLots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great\nIt looks like Theo even has a talk, but the title isn't on the page... how mysterious\nThere are also days dedicated to some really interesting tutorials\nRegister now, the conference is on September 25-28th in Bulgaria\nIf you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen\nWhy aren't the videos up from last year yet? Will this year also not have any?\n***\n\n\nFreeNAS vs NAS4Free\n\n\nMore mainstream news covering BSD, this time with an article about different NAS solutions\nIn a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free\nBoth are based on FreeBSD and ZFS of course, but there are more differences than you might expect\nDiscusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project\n\"One is pleasantly functional; the other continues devolving during a journey of pain\" - uh oh, who's the loser?\n***\n\n\nQuality software costs money, heartbleed was free\n\n\nPHK writes an article for ACM Queue about open source software projects' funding efforts\nA lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc\nThe article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding\nThe latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them\nOn that subject, \"Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software\"\nConsider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive\n***\n\n\nGeoblock evasion with pf and OpenBSD rdomains\n\n\nGeoblocking is a way for websites to block visitors based on the location of their IP\nThis is a blog post about how to get around it, using pf and rdomains\nIt has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that...)\nIn this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia\nIt's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters\n***\n\n\nInterview - Marc Espie - espie@openbsd.org / @espie_openbsd\n\nOpenBSD's package system, building cluster, various topics\n\n\n\nTutorial\n\nKeeping your BSD up to date\n\n\n\nNews Roundup\n\nBoringSSL and LibReSSL\n\n\nYet another OpenSSL fork pops up, this time from Google, called BoringSSL\nAdam Langley has a blog post about it, why they did it and how they're going to maintain it\nYou can easily browse the source code\nTheo de Raadt also weighs in with how this effort relates to LibReSSL\nMore eyes on the code is good, and patches will be shared between the two projects\n***\n\n\nMore BSD Tor nodes wanted\n\n\nFriend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous\nOriginally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network\nIf one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc.\nThe EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year\nCheck out our Tor tutorial and help out the network, and promote BSD at the same time!\n***\n\n\nFreeBSD 10 OpenStack images\n\n\nOpenStack, to quote Wikipedia, is \"a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution.\"\nThe article goes into detail about creating a FreeBSD instant, installing and converting it for use with \"bsd-cloudinit\"\nThe author of the article is a regular listener and emailer of the show, hey!\n***\n\n\nBSDday 2014 call for papers\n\n\nBSD Day, a conference not so well-known, is going to be held August 9th in Argentina\nIt was created in 2008 and is the only BSD conference around that area\nThe \"call for papers\" was issued, so if you're around Argentina and use BSD, consider submitting a talk\nSysadmins, developers and regular users are, of course, all welcome to come to the event\n***\n\n\nFeedback/Questions\n\n\nMaruf writes in\nSolomon writes in\nSilas writes in\nBert writes in\n***\n","content_html":"\u003cp\u003eIt\u0026#39;s a big show this week! We\u0026#39;ll be interviewing Marc Espie about OpenBSD\u0026#39;s package system and build cluster. Also, we\u0026#39;ve been asked many times \u0026quot;how do I keep my BSD box up to date?\u0026quot; Well, today\u0026#39;s tutorial should finally answer that. Answers to all your emails and this week\u0026#39;s headlines, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2014.eurobsdcon.org/talks-and-schedule/\" rel=\"nofollow\"\u003eEuroBSDCon 2014 talks and schedule\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe talks and schedules for EuroBSDCon 2014 are finally revealed\u003c/li\u003e\n\u003cli\u003eThe opening keynote is called \u0026quot;FreeBSD, looking forward to another 10 years\u0026quot; by jkh\u003c/li\u003e\n\u003cli\u003eLots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great\u003c/li\u003e\n\u003cli\u003eIt looks like Theo even has a talk, but the title isn\u0026#39;t on the page... how mysterious\u003c/li\u003e\n\u003cli\u003eThere are also days dedicated to some really interesting tutorials\u003c/li\u003e\n\u003cli\u003eRegister now, the conference is on September 25-28th in Bulgaria\u003c/li\u003e\n\u003cli\u003eIf you see Allan and Kris walking towards you and you haven\u0026#39;t given us an interview yet... well you know what\u0026#39;s going to happen\u003c/li\u003e\n\u003cli\u003eWhy aren\u0026#39;t the videos up from last year yet? Will this year also not have any?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://arstechnica.com/information-technology/2014/06/the-ars-nas-distribution-shootout-freenas-vs-nas4free/\" rel=\"nofollow\"\u003eFreeNAS vs NAS4Free\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore mainstream news covering BSD, this time with an article about different NAS solutions\u003c/li\u003e\n\u003cli\u003eIn a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free\u003c/li\u003e\n\u003cli\u003eBoth are based on FreeBSD and ZFS of course, but there are more differences than you might expect\u003c/li\u003e\n\u003cli\u003eDiscusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project\u003c/li\u003e\n\u003cli\u003e\u0026quot;One is pleasantly functional; the other continues devolving during a journey of pain\u0026quot; - uh oh, who\u0026#39;s the loser?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://queue.acm.org/detail.cfm?id=2636165\" rel=\"nofollow\"\u003eQuality software costs money, heartbleed was free\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_16-go_directly_to_jail\" rel=\"nofollow\"\u003ePHK\u003c/a\u003e writes an article for ACM Queue about open source software projects\u0026#39; funding efforts\u003c/li\u003e\n\u003cli\u003eA lot of people don\u0026#39;t realize just how widespread open source software is - TVs, printers, gaming consoles, etc\u003c/li\u003e\n\u003cli\u003eThe article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish\u0026#39;s funding\u003c/li\u003e\n\u003cli\u003eThe latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them\u003c/li\u003e\n\u003cli\u003eOn that subject, \u0026quot;Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software\u0026quot;\u003c/li\u003e\n\u003cli\u003eConsider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://matt.bionicmessage.net/blog/2014/06/21/Advanced%20Geoblock%20evasion%20with%20OpenBSD%20pf%20and%20rdomain%27s\" rel=\"nofollow\"\u003eGeoblock evasion with pf and OpenBSD rdomains\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGeoblocking is a way for websites to block visitors based on the location of their IP\u003c/li\u003e\n\u003cli\u003eThis is a blog post about how to get around it, using pf and rdomains\u003c/li\u003e\n\u003cli\u003eIt has the advantage of not requiring any browser plugins or DNS settings on the users\u0026#39; computers, you just need to be running OpenBSD on your router (hmm, if only a website had \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003ea tutorial about that\u003c/a\u003e...)\u003c/li\u003e\n\u003cli\u003eIn this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s got all the details you need to set up a VPN-like system and bypass those pesky geographic filters\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Marc Espie - \u003ca href=\"mailto:espie@openbsd.org\" rel=\"nofollow\"\u003eespie@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/espie_openbsd\" rel=\"nofollow\"\u003e@espie_openbsd\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD\u0026#39;s package system, building cluster, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/upgrade\" rel=\"nofollow\"\u003eKeeping your BSD up to date\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.imperialviolet.org/2014/06/20/boringssl.html\" rel=\"nofollow\"\u003eBoringSSL and LibReSSL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYet another OpenSSL fork pops up, this time from Google, called BoringSSL\u003c/li\u003e\n\u003cli\u003eAdam Langley has a blog post about it, why they did it and how they\u0026#39;re going to maintain it\u003c/li\u003e\n\u003cli\u003eYou can easily browse \u003ca href=\"https://boringssl.googlesource.com/\" rel=\"nofollow\"\u003ethe source code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTheo de Raadt also \u003ca href=\"http://marc.info/?l=openbsd-tech\u0026m=140332790726752\u0026w=2\" rel=\"nofollow\"\u003eweighs in\u003c/a\u003e with how this effort relates to LibReSSL\u003c/li\u003e\n\u003cli\u003eMore eyes on the code is good, and patches will be shared between the two projects\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.nycbug.org/pipermail/tor-bsd/2014-June/000129.html\" rel=\"nofollow\"\u003eMore BSD Tor nodes wanted\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFriend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://lists.torproject.org/pipermail/tor-relays/2014-June/004699.html\" rel=\"nofollow\"\u003eOriginally discussed\u003c/a\u003e on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network\u003c/li\u003e\n\u003cli\u003eIf one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc.\u003c/li\u003e\n\u003cli\u003eThe EFF is also holding a \u003ca href=\"https://www.eff.org/torchallenge/\" rel=\"nofollow\"\u003eTor challenge\u003c/a\u003e for people to start up new relays and keep them online for over a year\u003c/li\u003e\n\u003cli\u003eCheck out our \u003ca href=\"http://www.bsdnow.tv/tutorials/tor\" rel=\"nofollow\"\u003eTor tutorial\u003c/a\u003e and help out the network, and promote BSD at the same time!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://raymii.org/s/tutorials/FreeBSD_10.0-release_Openstack_Image.html\" rel=\"nofollow\"\u003eFreeBSD 10 OpenStack images\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenStack, to quote Wikipedia, is \u0026quot;a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe article goes into detail about creating a FreeBSD instant, installing and converting it for use with \u0026quot;bsd-cloudinit\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe author of the article is a regular listener and emailer of the show, hey!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-advocacy/2014-June/004465.html\" rel=\"nofollow\"\u003eBSDday 2014 call for papers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD Day, a conference not so well-known, is going to be held August 9th in Argentina\u003c/li\u003e\n\u003cli\u003eIt was created in 2008 and is the only BSD conference around that area\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;call for papers\u0026quot; was issued, so if you\u0026#39;re around Argentina and use BSD, consider submitting a talk\u003c/li\u003e\n\u003cli\u003eSysadmins, developers and regular users are, of course, all welcome to come to the event\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20nTYO2w1\" rel=\"nofollow\"\u003eMaruf writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21cvV6mRP\" rel=\"nofollow\"\u003eSolomon writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2MK8sbea0\" rel=\"nofollow\"\u003eSilas writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Yz97YlzI\" rel=\"nofollow\"\u003eBert writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It's a big show this week! We'll be interviewing Marc Espie about OpenBSD's package system and build cluster. Also, we've been asked many times \"how do I keep my BSD box up to date?\" Well, today's tutorial should finally answer that. Answers to all your emails and this week's headlines, on BSD Now - the place to B.. SD.","date_published":"2014-06-25T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d4b10034-d20a-44a6-a918-a57335debcae.mp3","mime_type":"audio/mpeg","size_in_bytes":62389876,"duration_in_seconds":5199}]},{"id":"95dc548f-e688-476d-9fd7-8e78ff3cd16f","title":"42: Devious Methods","url":"https://www.bsdnow.tv/42","content_text":"Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nPIE and ASLR in FreeBSD update\n\n\nA status update for Shawn Webb's ASLR and PIE work for FreeBSD\nOne major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree\n\"FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support\"\nIf you're running -CURRENT, just add \"WITH_PIE=1\" to your /etc/src.conf and /etc/make.conf\nThe next step is working on the ASLR coding style and getting more developers to look through it\nShawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR\n***\n\n\nMisc. pfSense news\n\n\nCouple of pfSense news items this week, including some hardware news\nSomeone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once\nTo make that process faster, they're building a controllable power board (and include some cool pics)\nThere will be more info on that device a bit later on\nOn Friday, June 27th, there will be another video session (for paying customers only...) about virtualized firewalls\npfSense University, a new paid training course, was also announced\nA single two-day class costs $2000, ouch\n***\n\n\nZFS stripe width\n\n\nA new blog post from Matt Ahrens about ZFS stripe width\n\"The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice\"\nMatt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages\nHe covers best performance on random IOPS, best reliability, and best space efficiency use cases\nIt includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor\n***\n\n\nFreeBSD 9.3-BETA3 released\n\n\nThe third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release\nThis is expected to be the final BETA, next will come the RCs\nThere have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20)\nThe FreeBSD foundation has a blog post about it too\nThere's a list of changes between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits\n***\n\n\nInterview - Bryce Chidester - brycec@devio.us / @brycied00d\n\nRunning a BSD shell provider\n\n\n\nTutorial\n\nChaining SSH connections\n\n\n\nNews Roundup\n\nMy FreeBSD adventure\n\n\nA Slackware user from the \"linux questions\" forum decides to try out BSD, and documents his initial impressions and findings\nAfter ruling out PCBSD due to the demanding hardware requirements and NetBSD due to \"politics\" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on\nIn his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things\nSo far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux\nMight be an interesting, ongoing series we can follow up on later\n***\n\n\nEven more BSDCan trip reports\n\n\nBSDCan may be over until next year, but trip reports are still pouring in\nThis time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation\nHe's part of the \"Jenkins CI for FreeBSD\" group and went to BSDCan mostly for that\nNice long post about all of his experiences at the event, definitely worth a read\nHe even talks about... the food\n***\n\n\nFreeBSD disk partitioning\n\n\nFor his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification\nThis erupted into a very long discussion about fdisk vs gnop vs gpart\nSo you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post\nIt covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools\n***\n\n\nBSD Router Project version 1.51\n\n\nA new version of the BSD Router Project has been released, 1.51\nIt's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE\nIncludes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere\nCheck the sourceforge page for the complete list of changes\nBad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated\n***\n\n\nFeedback/Questions\n\n\nFongaboo writes in\nDavid writes in\nKristian writes in\n***\n","content_html":"\u003cp\u003eComing up this week, we\u0026#39;ll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.soldierx.com/news/Position-Independent-Executable-Support-Added-FreeBSD\" rel=\"nofollow\"\u003ePIE and ASLR in FreeBSD update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA status update for Shawn Webb\u0026#39;s ASLR and PIE work for FreeBSD\u003c/li\u003e\n\u003cli\u003eOne major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree\u003c/li\u003e\n\u003cli\u003e\u0026quot;FreeBSD has supported loading PIEs for a while now, but the applications in base weren\u0026#39;t compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support\u0026quot;\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re running -CURRENT, just add \u0026quot;WITH_PIE=1\u0026quot; to your /etc/src.conf and /etc/make.conf\u003c/li\u003e\n\u003cli\u003eThe next step is working on the ASLR coding style and getting more developers to look through it\u003c/li\u003e\n\u003cli\u003eShawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1347\" rel=\"nofollow\"\u003eMisc. pfSense news\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCouple of pfSense news items this week, including some hardware news\u003c/li\u003e\n\u003cli\u003eSomeone\u0026#39;s gotta test the pfSense hardware devices before they\u0026#39;re sold, which involves powering them all on at least once\u003c/li\u003e\n\u003cli\u003eTo make that process faster, they\u0026#39;re building a controllable power board (and include some cool pics)\u003c/li\u003e\n\u003cli\u003eThere will be more info on that device a bit later on\u003c/li\u003e\n\u003cli\u003eOn Friday, June 27th, there will be \u003ca href=\"https://blog.pfsense.org/?p=1367\" rel=\"nofollow\"\u003eanother video session\u003c/a\u003e (for paying customers only...) about virtualized firewalls\u003c/li\u003e\n\u003cli\u003epfSense \u003ca href=\"https://blog.pfsense.org/?p=1332\" rel=\"nofollow\"\u003eUniversity\u003c/a\u003e, a new paid training course, was also announced\u003c/li\u003e\n\u003cli\u003eA single two-day class costs $2000, ouch\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.delphix.com/matt/2014/06/06/zfs-stripe-width/\" rel=\"nofollow\"\u003eZFS stripe width\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new blog post from \u003ca href=\"http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods\" rel=\"nofollow\"\u003eMatt Ahrens\u003c/a\u003e about ZFS stripe width\u003c/li\u003e\n\u003cli\u003e\u0026quot;The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice\u0026quot;\u003c/li\u003e\n\u003cli\u003eMatt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages\u003c/li\u003e\n\u003cli\u003eHe covers best performance on random IOPS, best reliability, and best space efficiency use cases\u003c/li\u003e\n\u003cli\u003eIt includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels\u0026#39; overhead factor\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html\" rel=\"nofollow\"\u003eFreeBSD 9.3-BETA3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe third BETA in the 9.3 release cycle is out, we\u0026#39;re slowly getting closer to the release\u003c/li\u003e\n\u003cli\u003eThis is expected to be the final BETA, next will come the RCs\u003c/li\u003e\n\u003cli\u003eThere have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what\u0026#39;s in -CURRENT (but still isn\u0026#39;t using ChaCha20)\u003c/li\u003e\n\u003cli\u003eThe FreeBSD foundation has \u003ca href=\"http://freebsdfoundation.blogspot.com/2014/06/freebsd-93-beta3-now-available.html\" rel=\"nofollow\"\u003ea blog post\u003c/a\u003e about it too\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s \u003ca href=\"https://www.freebsd.org/relnotes/9-STABLE/relnotes/article.html\" rel=\"nofollow\"\u003ea list of changes\u003c/a\u003e between 9.2 and 9.3 as well, but we\u0026#39;ll be sure to cover it when the -RELEASE hits\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Bryce Chidester - \u003ca href=\"mailto:brycec@devio.us\" rel=\"nofollow\"\u003ebrycec@devio.us\u003c/a\u003e / \u003ca href=\"https://twitter.com/brycied00d\" rel=\"nofollow\"\u003e@brycied00d\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eRunning a BSD shell provider\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/ssh-chaining\" rel=\"nofollow\"\u003eChaining SSH connections\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.linuxquestions.org/questions/*bsd-17/my-freebsd-adventure-continued-4175508055/\" rel=\"nofollow\"\u003eMy FreeBSD adventure\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Slackware user from the \u0026quot;linux questions\u0026quot; forum decides to try out BSD, and documents his initial impressions and findings\u003c/li\u003e\n\u003cli\u003eAfter \u003ca href=\"https://www.linuxquestions.org/questions/*bsd-17/pc-bsd-10-0-is-now-available-4175493047/page2.html#post5142465\" rel=\"nofollow\"\u003eruling out\u003c/a\u003e PCBSD due to the demanding hardware requirements and NetBSD due to \u0026quot;politics\u0026quot; (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on\u003c/li\u003e\n\u003cli\u003eIn his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things\u003c/li\u003e\n\u003cli\u003eSo far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux\u003c/li\u003e\n\u003cli\u003eMight be an interesting, ongoing series we can follow up on later\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-li-wen-hsu.html\" rel=\"nofollow\"\u003eEven more BSDCan trip reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDCan may be over until next year, but trip reports are still pouring in\u003c/li\u003e\n\u003cli\u003eThis time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s part of the \u0026quot;Jenkins CI for FreeBSD\u0026quot; group and went to BSDCan mostly for that\u003c/li\u003e\n\u003cli\u003eNice long post about all of his experiences at the event, definitely worth a read\u003c/li\u003e\n\u003cli\u003eHe even talks about... the food\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2096\" rel=\"nofollow\"\u003eFreeBSD disk partitioning\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor his latest book series on FreeBSD\u0026#39;s GEOM system, MWL asked the hackers mailing list for some clarification\u003c/li\u003e\n\u003cli\u003eThis erupted into a very \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2014-June/045246.html\" rel=\"nofollow\"\u003elong discussion\u003c/a\u003e about fdisk vs gnop vs gpart\u003c/li\u003e\n\u003cli\u003eSo you don\u0026#39;t have to read the 500 mailing list posts, he\u0026#39;s summarized the findings in a blog post\u003c/li\u003e\n\u003cli\u003eIt covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.51\" rel=\"nofollow\"\u003eBSD Router Project version 1.51\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new version of the BSD Router Project has been released, 1.51\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s now based on FreeBSD 10-STABLE instead of 10.0-RELEASE\u003c/li\u003e\n\u003cli\u003eIncludes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere\u003c/li\u003e\n\u003cli\u003eCheck the sourceforge page for the complete list of changes\u003c/li\u003e\n\u003cli\u003eBad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21X4hl28g\" rel=\"nofollow\"\u003eFongaboo writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20DELplMw\" rel=\"nofollow\"\u003eDavid writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2tmazORRN\" rel=\"nofollow\"\u003eKristian writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD.","date_published":"2014-06-18T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/95dc548f-e688-476d-9fd7-8e78ff3cd16f.mp3","mime_type":"audio/mpeg","size_in_bytes":60629908,"duration_in_seconds":5052}]},{"id":"0017fbdd-17f8-464f-8bd5-94c6070bbd9a","title":"41: Commit This Bit","url":"https://www.bsdnow.tv/41","content_text":"This week in the big show, we'll be interviewing Benedict Reuschling of the FreeBSD documentation team, and he has a special surprise in store for Allan. As always, answers to your questions and all the latest news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD moves to Bugzilla\n\n\nHistorically, FreeBSD has used the old GNATS system for keeping track of bug reports\nAfter years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla\nIt offers a lot of advantages, is much more modern and actively maintained and \nThere's a new workflow chart for developers to illustrate the new way of doing things\nThe old \"send-pr\" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports)\nThis will hopefully make reporting bugs a lot less painful\n***\n\n\nDIY NAS: EconoNAS 2014\n\n\nWe previously covered this blog last year, but the 2014 edition is up\nMore of a hardware-focused article, the author details the parts he's using for a budget NAS\nDetails the motherboard, RAM, CPU, hard drives, case, etc\nWith a set goal of $500 max, he goes just over it - $550 for all the parts\nLots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions\n***\n\n\nDragonflyBSD 3.8 released\n\n\nJustin announced the availability of DragonflyBSD 3.8.0\nBinaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts\nIt includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions\nWork continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series\nSee the release page for more info and check the link for source-based upgrade instructions\n***\n\n\nOpenZFS European conference 2014\n\n\nThere was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure\nMatt Ahrens, Introduction\nMichael Alexander, FhGFS performance on ZFS\nAndriy Gapon, Testing ZFS on FreeBSD\nLuke Marsden, HybridCluster: ZFS in the cloud\nVadim Comănescu, Syneto: continuously delivering a ZFS-based OS\nChris George, DDRdrive ZIL accelerator: random write revelation\nGrenville Whelan, High-Availability\nPhil Harman, Harman Holistic\nMark Rees, Storiant and OpenZFS\nAndrew Holway, EraStor ZFS appliances\nDan Vâtca, Syneto and OpenZFS\nLuke Marsden, HybridCluster and OpenZFS\nMatt Ahrens, Delphix and OpenZFS\nCheck the link for slides and other goodies\n***\n\n\nInterview - Benedict Reuschling - bcr@freebsd.org\n\nBSD documentation, getting commit access, unix education, various topics\n\n\n\nNews Roundup\n\nGetting to know your portmgr, Steve Wills\n\n\n\"It is my pleasure to introduce Steve Wills, the newest member of the portmgr team\"\nswills is an all-round good guy, does a lot for ports (especially the ruby ports)\nIn this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more\nHe used to work for Red Hat, woah\n***\n\n\nBSDTalk episode 242\n\n\nThis time on BSDTalk, Will interviews Chris Buechler from pfSense\nTopics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes\nThey also touch on recent concerns in the pfSense community about their license change, that they may be \"going commercial\" and closing the source - so tune in to find out what their future plans are for all of that\n***\n\n\nTurn old PC hardware into a killer home server\n\n\nLots of us have old hardware lying around doing nothing but collecting dust\nWhy not turn that old box into a modern file server with FreeNAS and ZFS?\nThis article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc)\nMost of our users are already familiar with all of this stuff, nothing too advanced\nGood to see BSD getting some well-deserved attention on a big mainstream site\n***\n\n\nUnbloating the VAX install CD\n\n\nAfter a discussion on the VAX mailing list, something very important came to the attention of the developers...\nYou can't boot NetBSD on a VAX box with 16MB of RAM from the CD image\nThis blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller\nIn the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM...\n***\n\n\nFeedback/Questions\n\n\nThomas writes in\nReynold writes in\nBostjan writes in\nPaul writes in\nJohn writes in\n***\n","content_html":"\u003cp\u003eThis week in the big show, we\u0026#39;ll be interviewing Benedict Reuschling of the FreeBSD documentation team, and he has a special surprise in store for Allan. As always, answers to your questions and all the latest news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2014-June/001559.html\" rel=\"nofollow\"\u003eFreeBSD moves to Bugzilla\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHistorically, FreeBSD has used the old GNATS system for keeping track of bug reports\u003c/li\u003e\n\u003cli\u003eAfter years and years of wanting to switch, they\u0026#39;ve finally moved away from GNATS to Bugzilla\u003c/li\u003e\n\u003cli\u003eIt offers a lot of advantages, is much more modern and actively maintained and \u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a new \u003ca href=\"http://people.freebsd.org/%7Eeadler/bugrelocation/workflow.html\" rel=\"nofollow\"\u003eworkflow chart\u003c/a\u003e for developers to illustrate the new way of doing things\u003c/li\u003e\n\u003cli\u003eThe old \u0026quot;send-pr\u0026quot; command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports)\u003c/li\u003e\n\u003cli\u003eThis will hopefully make reporting bugs a lot less painful\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.brianmoses.net/2014/06/diy-nas-econonas-2014.html\" rel=\"nofollow\"\u003eDIY NAS: EconoNAS 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe previously covered this blog last year, but the 2014 edition is up\u003c/li\u003e\n\u003cli\u003eMore of a hardware-focused article, the author details the parts he\u0026#39;s using for a \u003cstrong\u003ebudget\u003c/strong\u003e NAS\u003c/li\u003e\n\u003cli\u003eDetails the motherboard, RAM, CPU, hard drives, case, etc\u003c/li\u003e\n\u003cli\u003eWith a set goal of $500 max, he goes just over it - $550 for all the parts\u003c/li\u003e\n\u003cli\u003eLots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2014/06/04/14122.html\" rel=\"nofollow\"\u003eDragonflyBSD 3.8 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug\" rel=\"nofollow\"\u003eJustin\u003c/a\u003e announced the availability of DragonflyBSD 3.8.0\u003c/li\u003e\n\u003cli\u003eBinaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts\u003c/li\u003e\n\u003cli\u003eIt includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions\u003c/li\u003e\n\u003cli\u003eWork continues on for the Intel graphics drivers, but it\u0026#39;s currently limited to the HD4000 and Ivy Bridge series\u003c/li\u003e\n\u003cli\u003eSee \u003ca href=\"http://www.dragonflybsd.org/release38/\" rel=\"nofollow\"\u003ethe release page\u003c/a\u003e for more info and check the link for source-based upgrade instructions\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.open-zfs.org/wiki/Publications#2014_OpenZFS_European_Conference\" rel=\"nofollow\"\u003eOpenZFS European conference 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThere was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure\u003c/li\u003e\n\u003cli\u003eMatt Ahrens, \u003ca href=\"http://www.youtube.com/watch?v=Mk1czZs6vkQ\" rel=\"nofollow\"\u003eIntroduction\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMichael Alexander, \u003ca href=\"http://www.youtube.com/watch?v=Ak1HB507-xY\" rel=\"nofollow\"\u003eFhGFS performance on ZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAndriy Gapon, \u003ca href=\"http://www.youtube.com/watch?v=oB-QDwVuBH4\" rel=\"nofollow\"\u003eTesting ZFS on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLuke Marsden, \u003ca href=\"http://www.youtube.com/watch?v=ISI9Ppj3kTo\" rel=\"nofollow\"\u003eHybridCluster: ZFS in the cloud\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVadim Comănescu, \u003ca href=\"http://www.youtube.com/watch?v=1xK94v0BedE\" rel=\"nofollow\"\u003eSyneto: continuously delivering a ZFS-based OS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChris George, \u003ca href=\"http://www.youtube.com/watch?v=ScNHjWBQYQ8\" rel=\"nofollow\"\u003eDDRdrive ZIL accelerator: random write revelation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGrenville Whelan, \u003ca href=\"http://www.youtube.com/watch?v=tiTYZykCeDo\" rel=\"nofollow\"\u003eHigh-Availability\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePhil Harman, \u003ca href=\"https://www.youtube.com/watch?v=ApjkrBVlPXk\" rel=\"nofollow\"\u003eHarman Holistic\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark Rees, \u003ca href=\"http://www.youtube.com/watch?v=41yl23EACns\" rel=\"nofollow\"\u003eStoriant and OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAndrew Holway, \u003ca href=\"http://www.youtube.com/watch?v=b4L0DRvKJxo\" rel=\"nofollow\"\u003eEraStor ZFS appliances\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDan Vâtca, \u003ca href=\"http://www.youtube.com/watch?v=pPOW8bwUXxo\" rel=\"nofollow\"\u003eSyneto and OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLuke Marsden, \u003ca href=\"http://www.youtube.com/watch?v=uSM1s1aWlZE\" rel=\"nofollow\"\u003eHybridCluster and OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatt Ahrens, \u003ca href=\"http://www.youtube.com/watch?v=UaRdzUOsieA\" rel=\"nofollow\"\u003eDelphix and OpenZFS\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck the link for slides and other goodies\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Benedict Reuschling - \u003ca href=\"mailto:bcr@freebsd.org\" rel=\"nofollow\"\u003ebcr@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD documentation, getting commit access, unix education, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2014/06/04/getting-to-know-your-portmgr-steve-wills/\" rel=\"nofollow\"\u003eGetting to know your portmgr, Steve Wills\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;It is my pleasure to introduce Steve Wills, the newest member of the portmgr team\u0026quot;\u003c/li\u003e\n\u003cli\u003eswills is an all-round good guy, does a lot for ports (especially the ruby ports)\u003c/li\u003e\n\u003cli\u003eIn this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more\u003c/li\u003e\n\u003cli\u003eHe used to work for Red Hat, woah\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2014/06/bsdtalk242-pfsense-with-chris-buechler.html\" rel=\"nofollow\"\u003eBSDTalk episode 242\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis time on BSDTalk, Will interviews \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense\" rel=\"nofollow\"\u003eChris Buechler\u003c/a\u003e from pfSense\u003c/li\u003e\n\u003cli\u003eTopics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes\u003c/li\u003e\n\u003cli\u003eThey also touch on recent concerns in the pfSense community about their license change, that they may be \u0026quot;going commercial\u0026quot; and closing the source - so tune in to find out what their future plans are for all of that\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.pcworld.com/article/2243748/turn-old-pc-hardware-into-a-killer-home-server-with-freenas.html\" rel=\"nofollow\"\u003eTurn old PC hardware into a killer home server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLots of us have old hardware lying around doing nothing but collecting dust\u003c/li\u003e\n\u003cli\u003eWhy not turn that old box into a modern file server with FreeNAS and ZFS?\u003c/li\u003e\n\u003cli\u003eThis article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc)\u003c/li\u003e\n\u003cli\u003eMost of our users are already familiar with all of this stuff, nothing too advanced\u003c/li\u003e\n\u003cli\u003eGood to see BSD getting some well-deserved attention on a big mainstream site\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/unbloating_the_vax_install_cd\" rel=\"nofollow\"\u003eUnbloating the VAX install CD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a discussion on the VAX mailing list, something very important came to the attention of the developers...\u003c/li\u003e\n\u003cli\u003eYou can\u0026#39;t boot NetBSD on a VAX box with 16MB of RAM from the CD image\u003c/li\u003e\n\u003cli\u003eThis blog post goes through the developer\u0026#39;s adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller\u003c/li\u003e\n\u003cli\u003eIn the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s211mNScBr\" rel=\"nofollow\"\u003eThomas writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21JA8BVmZ\" rel=\"nofollow\"\u003eReynold writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2kwS3ncTY\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2VgjXUfW9\" rel=\"nofollow\"\u003ePaul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s202AAQUXt\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week in the big show, we'll be interviewing Benedict Reuschling of the FreeBSD documentation team, and he has a special surprise in store for Allan. As always, answers to your questions and all the latest news, on BSD Now - the place to B.. SD.","date_published":"2014-06-11T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0017fbdd-17f8-464f-8bd5-94c6070bbd9a.mp3","mime_type":"audio/mpeg","size_in_bytes":48292564,"duration_in_seconds":4024}]},{"id":"f9c8a284-4fd9-4c5d-9137-77062c5814b4","title":"40: AirPorts \u0026 Packages","url":"https://www.bsdnow.tv/40","content_text":"On this week's episode, we'll be giving you an introductory guide on OpenBSD's ports and package system. There's also a pretty fly interview with Karl Lehenbauer, about how they use FreeBSD at FlightAware. Lots of interesting news and answers to all your emails, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan 2014 talks and reports, part 2\n\n\nMore presentations and trip reports are still being uploaded\nIngo Schwarze, New Trends in mandoc\nVsevolod Stakhov, The Architecture of the New Solver in pkg\n\nJulio Merino, The FreeBSD Test Suite\nZbigniew Bodek, Transparent Superpages for FreeBSD on ARM\nThere's also a trip report from Michael Dexter and another (very long and detailed) trip report from our friend Warren Block that even gives us some linkage, thanks!\n***\n\n\nBeyond security, getting to know OpenBSD's real purpose\n\n\nMichael W Lucas (who, we learn through this video, has been using BSD since 1986) gave a \"webcast\" last week, and the audio and slides are finally up\nIt clocks in at just over 30 minutes, managing to touch on a lot of OpenBSD topics\nSome of those topics include: what is OpenBSD and why you should care, the philosophy of the project, how it serves as a \"pressure cooker for ideas,\" briefly touches on GPL vs BSDL, their \"do it right or don't do it at all\" attitude, their stance on NDAs and blobs, recent LibreSSL development, some of the security functions that OpenBSD enabled before anyone else (and the ripple effect that had) and, of course, their disturbing preference for comic sans\nHere's a direct link to the slides\nGreat presentation if you'd like to learn a bit about OpenBSD, but also contains a bit of information that long-time users might not know too\n***\n\n\nFreeBSD vs Linux, a comprehensive comparison\n\n\nAnother blog post covering something people seem to be obsessed with - FreeBSD vs Linux\nThis one was worth mentioning because it's very thorough in regards to how things are done behind the scenes, not just the usual technical differences\nIt highlights the concept of a \"core team\" and their role vs \"contributors\" and \"committers\" (similar to a presentation Kirk McKusick did not long ago)\nWhile a lot of things will be the same on both platforms, you might still be asking \"which one is right for me?\" - this article weighs in with some points for both sides and different use cases\nPretty well-written and unbiased article that also mentions areas where Linux might be better, so don't hate us for linking it\n***\n\n\nExpand FreeNAS with plugins\n\n\nOne of the things people love the most about FreeNAS (other than ZFS) is their cool plugin framework\nWith these plugins, you can greatly expand the feature set of your NAS via third party programs\nThis page talks about a few of the more popular ones and how they can be used to improve your NAS or media box experience\nSome examples include setting up an OwnCloud server, Bacula for backups, Maraschino for managing a home theater PC, Plex Media Server for an easy to use video experience and a few more\nIt then goes into more detail about each of them, how to actually install plugins and then how to set them up\n***\n\n\nInterview - Karl Lehenbauer - karl@flightaware.com / @flightaware\n\nFreeBSD at FlightAware, BSD history, various topics\n\n\n\nTutorial\n\nPorts and packages in OpenBSD\n\n\n\nNews Roundup\n\nCode review culture meets FreeBSD\n\n\nIn most of the BSDs, changes need to be reviewed by more than one person before being committed to the tree\nThis article describes Phabricator, an open source code review system that we briefly mentioned last week\nInstructions for using it are on the wiki\nWhile not approved by the core team yet for anything official, it's in a testing phase and developers are encouraged to try it out and get their patches reviewed\nJust look at that fancy interface!!\n***\n\n\nUpcoming BSD books\n\n\nSneaky MWL somehow finds his way into both our headlines and the news roundup\nHe gives us an update on the next BSD books that he's planning to release\nThe plan is to release three (or so) books based on different aspects of FreeBSD's storage system(s) - GEOM, UFS, ZFS, etc.\nThis has the advantage of only requiring you to buy the one(s) you're specifically interested in\n\"When will they be released? When I'm done writing them. How much will they cost? Dunno.\"\nIt's not Absolute FreeBSD 3rd edition...\n***\n\n\nCARP failover and high availability on FreeBSD\n\n\nIf you're running a cluster or a group of servers, you should have some sort of failover in place\nBut the question comes up, \"how do you load balance the load balancers!?\"\nThis video goes through the process of giving more than one machine the same IP, how to set up CARP, securing it and demonstrates a node dying\nAlso mentions DNS-based load balancing as another option\n***\n\n\nPCBSD weekly digest\n\n\nThis time in PCBSD land, we're getting ready for the 10.0.2 release (ISOs here)\nAppCafe got a good number of fixes, and now shows 10 random highlighted applications\nEasyPBI added a \"bulk\" mode to create PBIs of an entire FreeBSD port category\nLumina, the new desktop environment, is still being worked on and got some bug fixes too\n***\n\n\nFeedback/Questions\n\n\nPaul writes in\nMatt writes in\nKjell writes in\nPaul writes in\nTom writes in\n***\n","content_html":"\u003cp\u003eOn this week\u0026#39;s episode, we\u0026#39;ll be giving you an introductory guide on OpenBSD\u0026#39;s ports and package system. There\u0026#39;s also a pretty fly interview with Karl Lehenbauer, about how they use FreeBSD at FlightAware. Lots of interesting news and answers to all your emails, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2014/schedule/\" rel=\"nofollow\"\u003eBSDCan 2014 talks and reports, part 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMore presentations and trip reports are still being uploaded\u003c/li\u003e\n\u003cli\u003eIngo Schwarze, \u003ca href=\"https://www.youtube.com/watch?v=oifYhwTaOuw\" rel=\"nofollow\"\u003eNew Trends in mandoc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVsevolod Stakhov, \u003ca href=\"https://www.youtube.com/watch?v=3SOKFz2UUQ4\" rel=\"nofollow\"\u003eThe Architecture of the New Solver in pkg\n\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJulio Merino, \u003ca href=\"https://www.youtube.com/watch?v=nf-bFeKaZsY\" rel=\"nofollow\"\u003eThe FreeBSD Test Suite\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZbigniew Bodek, \u003ca href=\"https://www.youtube.com/watch?v=s5iIKEHtbX8\" rel=\"nofollow\"\u003eTransparent Superpages for FreeBSD on ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a \u003ca href=\"http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-michael-dexter.html\" rel=\"nofollow\"\u003etrip report from Michael Dexter\u003c/a\u003e and another (very long and detailed) \u003ca href=\"http://freebsdfoundation.blogspot.com/2014/05/bsdcan-trip-report-warren-block.html\" rel=\"nofollow\"\u003etrip report\u003c/a\u003e from our friend \u003ca href=\"http://www.bsdnow.tv/episodes/2014_03_26-documentation_is_king\" rel=\"nofollow\"\u003eWarren Block\u003c/a\u003e that even gives us some linkage, thanks!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=JrFfrrY-yOo\" rel=\"nofollow\"\u003eBeyond security, getting to know OpenBSD\u0026#39;s real purpose\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMichael W Lucas\u003c/a\u003e (who, we learn through this video, has been using BSD since 1986) gave a \u0026quot;webcast\u0026quot; last week, and the audio and slides are finally up\u003c/li\u003e\n\u003cli\u003eIt clocks in at just over 30 minutes, managing to touch on a lot of OpenBSD topics\u003c/li\u003e\n\u003cli\u003eSome of those topics include: what is OpenBSD and why you should care, the philosophy of the project, how it serves as a \u0026quot;pressure cooker for ideas,\u0026quot; briefly touches on GPL vs BSDL, their \u0026quot;do it right or don\u0026#39;t do it at all\u0026quot; attitude, their stance on NDAs and blobs, recent LibreSSL development, some of the security functions that OpenBSD enabled before anyone else (and the ripple effect that had) and, of course, their disturbing preference for comic sans\u003c/li\u003e\n\u003cli\u003eHere\u0026#39;s a direct link to \u003ca href=\"https://wcc.on24.com/event/76/67/12/rt/1/documents/resourceList1400781110933/20140527_beyond_security_openbsd.pdf\" rel=\"nofollow\"\u003ethe slides\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGreat presentation if you\u0026#39;d like to learn a bit about OpenBSD, but also contains a bit of information that long-time users might not know too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://brioteam.com/linux-versus-freebsd-comprehensive-comparison\" rel=\"nofollow\"\u003eFreeBSD vs Linux, a comprehensive comparison\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother blog post covering something people seem to be obsessed with - FreeBSD vs Linux\u003c/li\u003e\n\u003cli\u003eThis one was worth mentioning because it\u0026#39;s very thorough in regards to how things are done behind the scenes, not just the usual technical differences\u003c/li\u003e\n\u003cli\u003eIt highlights the concept of a \u0026quot;core team\u0026quot; and their role vs \u0026quot;contributors\u0026quot; and \u0026quot;committers\u0026quot; (similar to a presentation Kirk McKusick did not long ago)\u003c/li\u003e\n\u003cli\u003eWhile a lot of things will be the same on both platforms, you might still be asking \u0026quot;which one is right for me?\u0026quot; - this article weighs in with some points for both sides and different use cases\u003c/li\u003e\n\u003cli\u003ePretty well-written and unbiased article that also mentions areas where Linux might be better, so don\u0026#39;t hate us for linking it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openlogic.com/wazi/bid/345617/Expand-FreeNAS-with-plugins\" rel=\"nofollow\"\u003eExpand FreeNAS with plugins\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOne of the things people love the most about FreeNAS (other than ZFS) is their cool plugin framework\u003c/li\u003e\n\u003cli\u003eWith these plugins, you can greatly expand the feature set of your NAS via third party programs\u003c/li\u003e\n\u003cli\u003eThis page talks about a few of the more popular ones and how they can be used to improve your NAS or media box experience\u003c/li\u003e\n\u003cli\u003eSome examples include setting up an OwnCloud server, Bacula for backups, Maraschino for managing a home theater PC, Plex Media Server for an easy to use video experience and a few more\u003c/li\u003e\n\u003cli\u003eIt then goes into more detail about each of them, how to actually install plugins and then how to set them up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Karl Lehenbauer - \u003ca href=\"mailto:karl@flightaware.com\" rel=\"nofollow\"\u003ekarl@flightaware.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/flightaware\" rel=\"nofollow\"\u003e@flightaware\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD at FlightAware, BSD history, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/ports-obsd\" rel=\"nofollow\"\u003ePorts and packages in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://julipedia.meroh.net/2014/05/code-review-culture-meets-freebsd.html\" rel=\"nofollow\"\u003eCode review culture meets FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn most of the BSDs, changes need to be reviewed by more than one person before being committed to the tree\u003c/li\u003e\n\u003cli\u003eThis article describes Phabricator, an open source code review system that we briefly mentioned last week\u003c/li\u003e\n\u003cli\u003eInstructions for using it are on \u003ca href=\"https://wiki.freebsd.org/CodeReview\" rel=\"nofollow\"\u003ethe wiki\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhile not approved by the core team yet for anything official, it\u0026#39;s in a testing phase and developers are encouraged to try it out and get their patches reviewed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://phabric.freebsd.org/\" rel=\"nofollow\"\u003eJust look at that fancy interface!!\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2088\" rel=\"nofollow\"\u003eUpcoming BSD books\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSneaky MWL somehow finds his way into both our headlines and the news roundup\u003c/li\u003e\n\u003cli\u003eHe gives us an update on the next BSD books that he\u0026#39;s planning to release\u003c/li\u003e\n\u003cli\u003eThe plan is to release three (or so) books based on different aspects of FreeBSD\u0026#39;s storage system(s) - GEOM, UFS, ZFS, etc.\u003c/li\u003e\n\u003cli\u003eThis has the advantage of only requiring you to buy the one(s) you\u0026#39;re specifically interested in\u003c/li\u003e\n\u003cli\u003e\u0026quot;When will they be released? When I\u0026#39;m done writing them. How much will they cost? Dunno.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s not Absolute FreeBSD 3rd edition...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=VjYb9mKB4jU\" rel=\"nofollow\"\u003eCARP failover and high availability on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;re running a cluster or a group of servers, you should have some sort of failover in place\u003c/li\u003e\n\u003cli\u003eBut the question comes up, \u0026quot;how do you load balance the load balancers!?\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis video goes through the process of giving more than one machine the same IP, how to set up CARP, securing it and demonstrates a node dying\u003c/li\u003e\n\u003cli\u003eAlso mentions DNS-based load balancing as another option\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/05/weekly-feature-digest-30/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis time in PCBSD land, we\u0026#39;re getting ready for the 10.0.2 release \u003ca href=\"http://download.pcbsd.org/iso/10.0-RELEASE/testing/amd64/\" rel=\"nofollow\"\u003e(ISOs here)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAppCafe got a good number of fixes, and now shows 10 random highlighted applications\u003c/li\u003e\n\u003cli\u003eEasyPBI added a \u0026quot;bulk\u0026quot; mode to create PBIs of an entire FreeBSD port category\u003c/li\u003e\n\u003cli\u003eLumina, the new desktop environment, is still being worked on and got some bug fixes too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s205iiKiWp\" rel=\"nofollow\"\u003ePaul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2060bkTNl\" rel=\"nofollow\"\u003eMatt writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2G7eMC6oP\" rel=\"nofollow\"\u003eKjell writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2REfzMFGK\" rel=\"nofollow\"\u003ePaul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21nvJtXY6\" rel=\"nofollow\"\u003eTom writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On this week's episode, we'll be giving you an introductory guide on OpenBSD's ports and package system. There's also a pretty fly interview with Karl Lehenbauer, about how they use FreeBSD at FlightAware. Lots of interesting news and answers to all your emails, on BSD Now - the place to B.. SD.","date_published":"2014-06-04T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f9c8a284-4fd9-4c5d-9137-77062c5814b4.mp3","mime_type":"audio/mpeg","size_in_bytes":52844692,"duration_in_seconds":4403}]},{"id":"4ae1b0f5-7c6f-486f-bdcf-c71ec415269c","title":"39: The Friendly Sandbox","url":"https://www.bsdnow.tv/39","content_text":"This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan 2014 talks and reports\n\n\nThe majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links\nKarl Lehenbauer's keynote (he's on next week's episode)\nMariusz Zaborski and Pawel Jakub Dawidek,\nCapsicum and Casper (relevant to today's interview)\nLuigi Rizzo,\nIn-kernel OpenvSwitch on FreeBSD\nDwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage\nWarner Losh, NAND Flash and FreeBSD\nSimon Gerraty, FreeBSD bmake and Meta Mode\nBob Beck, LibreSSL - The First 30 Days\nHenning Brauer, OpenBGPD Turns 10 Years Old\nArun Thomas, BSD ARM Kernel Internals\nPeter Hessler, Using BGP for Realtime Spam Lists\nPedro Giffuni, Features and Status of FreeBSD's Ext2 Implementation\n\nMatt Ahrens, OpenZFS Upcoming Features and Performance Enhancements\nDaichi Goto, Shellscripts and Commands\nBenno Rice, Keeping Current\nSean Bruno, MIPS Router Hacking\nJohn-Mark Gurney, Optimizing GELI Performance\nPatrick Kelsey, Userspace Networking with libuinet\nMassimiliano Stucchi, IPv6 Transitioning Mechanisms\nRoger Pau Monné, Taking the Red Pill\nShawn Webb, Introducing ASLR in FreeBSD\nThere's also a trip report from Peter Hessler and one from Julio Merino\nThe latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend)\n***\n\n\nDefend your network and privacy with a VPN and OpenBSD\n\n\nAfter all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back\nThis article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities\nThere are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used\nYou can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)\nIt also includes a few general privacy tips, recommended browser extensions, etc\nThe intro to the article is especially great, so give the whole thing a read\nHe mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you're watching!\n***\n\n\nYou should try FreeBSD\n\n\nIn this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that\nHe goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two\nPossibly the most useful part is how to address the question \"my server already works, why bother switching?\"\n\"Stackoverflow’s answers assume I have apt-get installed\"\nIt includes mention of the great documentation, stability, ports, improved security and much more\nA takeaway quote for would-be Linux switchers: \"I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before\"\n***\n\n\nOpenBSD and the little Mauritian contributor\n\n\nThis is a story about a guy from Mauritius named Logan, one of OpenBSD's newest developers\nBack in 2010, he started sending in patched for OpenBSD's \"mg\" editor, among other small things, and eventually added file transfer resume support for SFTP\nThe article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon\nIt really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem\nCongrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back\n***\n\n\nInterview - Jon Anderson - jonathan@freebsd.org\n\nCapsicum and Casperd\n\n\n\nTutorial\n\nEncrypting DNS lookups\n\n\n\nNews Roundup\n\nFreeBSD Journal, May 2014 issue\n\n\nThe newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle\nThis time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling\nPick up your (digital) copy at Amazon, Google Play or on iTunes and have a read\n***\n\n\nLibreSSL porting update\n\n\nSince the last LibreSSL post we covered, a couple unofficial \"portable\" versions have died off\nUnfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!\nThis post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example\nPlease wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good\n***\n\n\nBSDMag May 2014 issue is out\n\n\nThe usual monthly release from BSDMag, covering a variety of subjects\nThis time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things\nIt's a free PDF, go grab it\n***\n\n\nBSDTalk episode 241\n\n\nA new episode of BSDTalk is out, this time with Bob Beck\nHe talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more\nThe interview itself isn't about LibreSSL at all, but they do touch on it a bit too\nReally interesting stuff, covers a lot of different topics in a short amount of time\n***\n\n\nFeedback/Questions\n\n\nWe got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the vpnc package seems to be what we were looking for\nTim writes in\nAJ writes in\nPeter writes in\nThomas writes in\nMartin writes in\n***\n","content_html":"\u003cp\u003eThis time on the show we\u0026#39;ll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2014/schedule/\" rel=\"nofollow\"\u003eBSDCan 2014 talks and reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links\u003c/li\u003e\n\u003cli\u003eKarl Lehenbauer\u0026#39;s \u003ca href=\"https://www.youtube.com/watch?v=13LiyjnTGsQ\" rel=\"nofollow\"\u003ekeynote\u003c/a\u003e (he\u0026#39;s on next week\u0026#39;s episode)\u003c/li\u003e\n\u003cli\u003eMariusz Zaborski and Pawel Jakub Dawidek,\n\u003ca href=\"https://www.youtube.com/watch?v=0la06FHbdvg\" rel=\"nofollow\"\u003eCapsicum and Casper\u003c/a\u003e (relevant to today\u0026#39;s interview)\u003c/li\u003e\n\u003cli\u003eLuigi Rizzo,\n\u003ca href=\"https://www.youtube.com/watch?v=Lr5o1VQMtgA\" rel=\"nofollow\"\u003eIn-kernel OpenvSwitch on FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDwayne Hart, \u003ca href=\"https://www.youtube.com/watch?v=AVuF9eFeVWs\" rel=\"nofollow\"\u003eMigrating from Linux to FreeBSD for Backend Data Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarner Losh, \u003ca href=\"https://www.youtube.com/watch?v=lj0XAE6C6-k\" rel=\"nofollow\"\u003eNAND Flash and FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimon Gerraty, \u003ca href=\"https://www.youtube.com/watch?v=4s0UY0sg6vI\" rel=\"nofollow\"\u003eFreeBSD bmake and Meta Mode\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBob Beck, \u003ca href=\"https://www.youtube.com/watch?v=oM6S7FEUfkU\" rel=\"nofollow\"\u003eLibreSSL - The First 30 Days\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHenning Brauer, \u003ca href=\"https://www.youtube.com/watch?v=cP8AW111IKg\" rel=\"nofollow\"\u003eOpenBGPD Turns 10 Years Old\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eArun Thomas, \u003ca href=\"https://www.youtube.com/watch?v=ZAM7fqhGRr8\" rel=\"nofollow\"\u003eBSD ARM Kernel Internals\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePeter Hessler, \u003ca href=\"https://www.youtube.com/watch?v=i8UAVswpagA\" rel=\"nofollow\"\u003eUsing BGP for Realtime Spam Lists\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePedro Giffuni, \u003ca href=\"https://www.youtube.com/watch?v=HMeTxViulgo\" rel=\"nofollow\"\u003eFeatures and Status of FreeBSD\u0026#39;s Ext2 Implementation\n\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatt Ahrens, \u003ca href=\"https://www.youtube.com/watch?v=EjGqVdCOIhM\" rel=\"nofollow\"\u003eOpenZFS Upcoming Features and Performance Enhancements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDaichi Goto, \u003ca href=\"https://www.youtube.com/watch?v=MsRu0xIawaA\" rel=\"nofollow\"\u003eShellscripts and Commands\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBenno Rice, \u003ca href=\"https://www.youtube.com/watch?v=jZp-ciB6mAg\" rel=\"nofollow\"\u003eKeeping Current\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSean Bruno, \u003ca href=\"https://www.youtube.com/watch?v=LZjoFSfIv3k\" rel=\"nofollow\"\u003eMIPS Router Hacking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJohn-Mark Gurney, \u003ca href=\"https://www.youtube.com/watch?v=2qicD0tv_tI\" rel=\"nofollow\"\u003eOptimizing GELI Performance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatrick Kelsey, \u003ca href=\"https://www.youtube.com/watch?v=LhIx8q8_7YY\" rel=\"nofollow\"\u003eUserspace Networking with libuinet\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMassimiliano Stucchi, \u003ca href=\"https://www.youtube.com/watch?v=WZoQzUZKaeo\" rel=\"nofollow\"\u003eIPv6 Transitioning Mechanisms\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRoger Pau Monné, \u003ca href=\"https://www.youtube.com/watch?v=q6l9qtjlNXU\" rel=\"nofollow\"\u003eTaking the Red Pill\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShawn Webb, \u003ca href=\"https://www.youtube.com/watch?v=jo8ObzR1tKQ\" rel=\"nofollow\"\u003eIntroducing ASLR in FreeBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140519164127\" rel=\"nofollow\"\u003etrip report\u003c/a\u003e from Peter Hessler and \u003ca href=\"http://julipedia.meroh.net/2014/05/bsdcan-2014-summary.html\" rel=\"nofollow\"\u003eone from Julio Merino\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that\u0026#39;s a recurring trend)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://networkfilter.blogspot.com/2014/05/defend-your-network-and-privacy-vpn.html\" rel=\"nofollow\"\u003eDefend your network and privacy with a VPN and OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back\u003c/li\u003e\n\u003cli\u003eThis article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities\u003c/li\u003e\n\u003cli\u003eThere are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used\u003c/li\u003e\n\u003cli\u003eYou can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)\u003c/li\u003e\n\u003cli\u003eIt also includes a few general privacy tips, recommended browser extensions, etc\u003c/li\u003e\n\u003cli\u003eThe intro to the article is especially great, so give the whole thing a read\u003c/li\u003e\n\u003cli\u003eHe mentions our \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eOpenBSD router guide\u003c/a\u003e and other tutorials being a big help for this setup, so hello if you\u0026#39;re watching!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pascalj.com/article/you-should-try-freebsd/\" rel=\"nofollow\"\u003eYou should try FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this blog post, the author talks a bit about how some Linux people aren\u0026#39;t familiar with the BSDs and how we can take steps to change that\u003c/li\u003e\n\u003cli\u003eHe goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two\u003c/li\u003e\n\u003cli\u003ePossibly the most useful part is how to address the question \u0026quot;my server already works, why bother switching?\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u0026quot;Stackoverflow’s answers assume I have apt-get installed\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt includes mention of the great documentation, stability, ports, improved security and much more\u003c/li\u003e\n\u003cli\u003eA takeaway quote for would-be Linux switchers: \u0026quot;I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://hacklog.in/openbsd-and-the-little-mauritian-contributor/\" rel=\"nofollow\"\u003eOpenBSD and the little Mauritian contributor\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis is a story about a guy from \u003ca href=\"https://en.wikipedia.org/wiki/Mauritius\" rel=\"nofollow\"\u003eMauritius\u003c/a\u003e named Logan, one of OpenBSD\u0026#39;s newest developers\u003c/li\u003e\n\u003cli\u003eBack in 2010, he started sending in patched for OpenBSD\u0026#39;s \u0026quot;mg\u0026quot; editor, among other small things, and eventually added file transfer resume support for SFTP\u003c/li\u003e\n\u003cli\u003eThe article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon\u003c/li\u003e\n\u003cli\u003eIt really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem\u003c/li\u003e\n\u003cli\u003eCongrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jon Anderson - \u003ca href=\"mailto:jonathan@freebsd.org\" rel=\"nofollow\"\u003ejonathan@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eCapsicum and Casperd\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/dnscrypt\" rel=\"nofollow\"\u003eEncrypting DNS lookups\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://i.imgur.com/f0qg6Ss.jpg\" rel=\"nofollow\"\u003eFreeBSD Journal, May 2014 issue\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe newest issue of the \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003eFreeBSD Journal\u003c/a\u003e is out, following the bi-monthly release cycle\u003c/li\u003e\n\u003cli\u003eThis time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling\u003c/li\u003e\n\u003cli\u003ePick up your (digital) copy at Amazon, Google Play or on iTunes and have a read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://insanecoding.blogspot.com/2014/05/libressl-porting-update.html\" rel=\"nofollow\"\u003eLibreSSL porting update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSince the last LibreSSL post we covered, a couple unofficial \u0026quot;portable\u0026quot; versions have died off\u003c/li\u003e\n\u003cli\u003eUnfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!\u003c/li\u003e\n\u003cli\u003eThis post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example\u003c/li\u003e\n\u003cli\u003ePlease wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1862-meteorjs-on-freebsd-11-may-bsd-issue\" rel=\"nofollow\"\u003eBSDMag May 2014 issue is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe usual monthly release from BSDMag, covering a variety of subjects\u003c/li\u003e\n\u003cli\u003eThis time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a free PDF, go grab it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2014/05/bsdtalk241-bob-beck.html\" rel=\"nofollow\"\u003eBSDTalk episode 241\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new episode of \u003ca href=\"http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk\" rel=\"nofollow\"\u003eBSDTalk\u003c/a\u003e is out, this time with Bob Beck\u003c/li\u003e\n\u003cli\u003eHe talks about the OpenBSD foundation\u0026#39;s recent activities, his own work in the project, some stories about the hardware in Theo\u0026#39;s basement and a lot more\u003c/li\u003e\n\u003cli\u003eThe interview itself isn\u0026#39;t about LibreSSL at all, but they do touch on it a bit too\u003c/li\u003e\n\u003cli\u003eReally interesting stuff, covers a lot of different topics in a short amount of time\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe got a number of replies about last week\u0026#39;s VPN question, so thanks to everyone who sent in an email about it - the \u003ca href=\"https://www.freshports.org/security/vpnc/\" rel=\"nofollow\"\u003evpnc\u003c/a\u003e package seems to be what we were looking for\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20MK7bTyc\" rel=\"nofollow\"\u003eTim writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2OWREQdUA\" rel=\"nofollow\"\u003eAJ writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s202obAqbT\" rel=\"nofollow\"\u003ePeter writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21Kye2jAc\" rel=\"nofollow\"\u003eThomas writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2zqFVqwxN\" rel=\"nofollow\"\u003eMartin writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.","date_published":"2014-05-28T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4ae1b0f5-7c6f-486f-bdcf-c71ec415269c.mp3","mime_type":"audio/mpeg","size_in_bytes":45004756,"duration_in_seconds":3750}]},{"id":"01510b66-38e5-40ac-a282-9bff71cb55d9","title":"38: A BUG's Life","url":"https://www.bsdnow.tv/38","content_text":"We're back from BSDCan! This week on the show we'll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We'll get to hear their experiences of running one and maybe encourage some of you to start your own! After that, we've got a tutorial on the basics of NetBSD's package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 11 goals and discussion\n\n\nSomething that actually happened at BSDCan this year...\nDuring the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE\nSome of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support\nA large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more\nThere's also some notes from the devsummit virtualization session, mostly talking about bhyve\nLastly, he also provides some notes about ports and packages and where they're going\n***\n\n\nAn SSH honeypot with OpenBSD and Kippo\n\n\nEveryone loves messing with script kiddies, right?\nThis blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD\nIt includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely\nYou can use this to get new 0day exploits or find weaknesses in your systems\nOpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications\n***\n\n\nNetBSD foundation financial report\n\n\nThe NetBSD foundation has posted their 2013 financial report\nIt's a very \"no nonsense\" page, pretty much only the hard numbers\nIn 2013, they got $26,000 of income in donations\nThe rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else\nBe sure to donate to whichever BSDs you like and use!\n***\n\n\nBuilding a fully-encrypted NAS with OpenBSD\n\n\nUsually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing\nThis article takes a look at the OpenBSD side and explains how to build a NAS with security in mind\nThe NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected\nThe obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too\nThere's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up!\n***\n\n\nInterview - Brian Callahan \u0026amp; Aaron Bieber - admin@lists.nycbug.org \u0026amp; admin@cobug.org\n\nForming a local BSD Users Group\n\n\n\nTutorial\n\nThe basics of pkgsrc\n\n\n\nNews Roundup\n\nFreeBSD periodic mails vs. monitoring\n\n\nIf you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email\nThis page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them\nFrom bad SSH logins to Zabbix alerts, it all adds up quickly\nIt highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers\n***\n\n\nDoing cool stuff with OpenBSD routing domains\n\n\nA blog post from our viewer and regular emailer, Kjell-Aleksander!\nHe manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project\nThis is where OpenBSD routing domains and pf come in to save the day\nThe blog post goes through the process with all the network details you could ever dream of\nHe even named his networking equipment... after us\n***\n\n\nLibreSSL, the good and the bad\n\n\nWe're all probably familiar with OpenBSD's fork of OpenSSL at this point\nHowever, \"for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk\"\nThis article talks about some of the cryptographic development challenges involved with maintaining such a massive project\nYou need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled\nIt also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility\n***\n\n\nPCBSD weekly digest\n\n\nLots going on in PCBSD land this week, AppCafe has been redesigned\nThe PBI system is being replaced with pkgng, PBIs will be automatically converted once you update\nIn the more recent post, there's some further explanation of the PBI system and the reason for the transition\nIt's got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion\n***\n\n\nFeedback/Questions\n\n\nAntonio writes in\nDaniel writes in\nSean writes in\ntsyn writes in\nChris writes in\n***\n","content_html":"\u003cp\u003eWe\u0026#39;re back from BSDCan! This week on the show we\u0026#39;ll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We\u0026#39;ll get to hear their experiences of running one and maybe encourage some of you to start your own! After that, we\u0026#39;ve got a tutorial on the basics of NetBSD\u0026#39;s package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/2053\" rel=\"nofollow\"\u003eFreeBSD 11 goals and discussion\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSomething that actually happened at BSDCan this year...\u003c/li\u003e\n\u003cli\u003eDuring the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE\u003c/li\u003e\n\u003cli\u003eSome of MWL\u0026#39;s notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support\u003c/li\u003e\n\u003cli\u003eA large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also some notes from the \u003ca href=\"http://blather.michaelwlucas.com/archives/2060\" rel=\"nofollow\"\u003edevsummit virtualization session\u003c/a\u003e, mostly talking about bhyve\u003c/li\u003e\n\u003cli\u003eLastly, he also provides some notes about \u003ca href=\"http://blather.michaelwlucas.com/archives/2065\" rel=\"nofollow\"\u003eports and packages\u003c/a\u003e and where they\u0026#39;re going\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://securit.se/2014/05/how-to-install-kippo-ssh-honeypot-on-openbsd-5-5-with-chroot/\" rel=\"nofollow\"\u003eAn SSH honeypot with OpenBSD and Kippo\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEveryone loves messing with script kiddies, right?\u003c/li\u003e\n\u003cli\u003eThis blog post introduces \u003ca href=\"https://code.google.com/p/kippo/\" rel=\"nofollow\"\u003eKippo\u003c/a\u003e, an SSH honeypot tool, and how to use it in combination with OpenBSD\u003c/li\u003e\n\u003cli\u003eIt includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely\u003c/li\u003e\n\u003cli\u003eYou can use this to get new 0day exploits or find weaknesses in your systems\u003c/li\u003e\n\u003cli\u003eOpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.netbsd.org/foundation/reports/financial/2013.html\" rel=\"nofollow\"\u003eNetBSD foundation financial report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe NetBSD foundation has posted their 2013 financial report\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a very \u0026quot;no nonsense\u0026quot; page, pretty much only the hard numbers\u003c/li\u003e\n\u003cli\u003eIn 2013, they got $26,000 of income in donations\u003c/li\u003e\n\u003cli\u003eThe rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else\u003c/li\u003e\n\u003cli\u003eBe sure to donate to whichever BSDs you like and use!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.geektechnique.org/projectlab/796/how-to-build-a-fully-encrypted-nas-on-openbsd.html\" rel=\"nofollow\"\u003eBuilding a fully-encrypted NAS with OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you\u0026#39;re doing\u003c/li\u003e\n\u003cli\u003eThis article takes a look at the OpenBSD side and \u003ca href=\"http://www.geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto.html\" rel=\"nofollow\"\u003eexplains how\u003c/a\u003e to build a NAS with security in mind\u003c/li\u003e\n\u003cli\u003eThe NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected\u003c/li\u003e\n\u003cli\u003eThe obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people\u0026#39;s needs too\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Brian Callahan \u0026amp; Aaron Bieber - \u003ca href=\"mailto:admin@lists.nycbug.org\" rel=\"nofollow\"\u003eadmin@lists.nycbug.org\u003c/a\u003e \u0026amp; \u003ca href=\"mailto:admin@cobug.org\" rel=\"nofollow\"\u003eadmin@cobug.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eForming a local BSD Users Group\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/pkgsrc\" rel=\"nofollow\"\u003eThe basics of pkgsrc\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://deranfangvomende.wordpress.com/2014/05/11/freebsd-periodic-mails-vs-monitoring/\" rel=\"nofollow\"\u003eFreeBSD periodic mails vs. monitoring\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ve ever been an admin for a lot of FreeBSD boxes, you\u0026#39;ve probably noticed that you get a lot of email\u003c/li\u003e\n\u003cli\u003eThis page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them\u003c/li\u003e\n\u003cli\u003eFrom bad SSH logins to Zabbix alerts, it all adds up quickly\u003c/li\u003e\n\u003cli\u003eIt highlights the periodic.conf file and FreeBSD\u0026#39;s periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.skogsrud.net/?p=44\" rel=\"nofollow\"\u003eDoing cool stuff with OpenBSD routing domains\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA blog post from our viewer and regular emailer, Kjell-Aleksander!\u003c/li\u003e\n\u003cli\u003eHe manages some internally-routed IP ranges at his work, but didn\u0026#39;t want to have equipment for each separate project\u003c/li\u003e\n\u003cli\u003eThis is where OpenBSD routing domains and pf come in to save the day\u003c/li\u003e\n\u003cli\u003eThe blog post goes through the process with all the network details you could ever dream of\u003c/li\u003e\n\u003cli\u003eHe even \u003ca href=\"http://i.imgur.com/penYQFP.jpg\" rel=\"nofollow\"\u003enamed his networking equipment... after us\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://insanecoding.blogspot.com/2014/04/libressl-good-and-bad.html\" rel=\"nofollow\"\u003eLibreSSL, the good and the bad\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;re all probably familiar with OpenBSD\u0026#39;s fork of OpenSSL at this point\u003c/li\u003e\n\u003cli\u003eHowever, \u0026quot;for those of you that don\u0026#39;t know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis article talks about some of the cryptographic development challenges involved with maintaining such a massive project\u003c/li\u003e\n\u003cli\u003eYou need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled\u003c/li\u003e\n\u003cli\u003eIt also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/05/weekly-feature-digest-28-photos-of-the-new-appcafe-re-design/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLots going on in PCBSD land this week, AppCafe has been redesigned\u003c/li\u003e\n\u003cli\u003eThe PBI system is being replaced with pkgng, PBIs will be automatically converted once you update\u003c/li\u003e\n\u003cli\u003eIn the more \u003ca href=\"http://blog.pcbsd.org/2014/05/weekly-feature-digest-29-pbing/\" rel=\"nofollow\"\u003erecent post\u003c/a\u003e, there\u0026#39;s some further explanation of the PBI system and the reason for the transition\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2UbEhgjce\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21XU0y3JP\" rel=\"nofollow\"\u003eDaniel writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2QQtuawFl\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20XrT5Q8U\" rel=\"nofollow\"\u003etsyn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ayZ1nsdv\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We're back from BSDCan! This week on the show we'll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We'll get to hear their experiences of running one and maybe encourage some of you to start your own! After that, we've got a tutorial on the basics of NetBSD's package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now - the place to B.. SD.","date_published":"2014-05-21T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/01510b66-38e5-40ac-a282-9bff71cb55d9.mp3","mime_type":"audio/mpeg","size_in_bytes":63768244,"duration_in_seconds":5314}]},{"id":"3519165b-e16c-49e5-9148-ad92396b617e","title":"37: BSDCanned Goods","url":"https://www.bsdnow.tv/37","content_text":"This week we're at BSDCan, ganging up on people and forcing them to give us interviews. Assuming we don't get arrested for harassment, we'll be back next week with your regularly scheduled programming. For now, we've got some feedback emails to catch up on, as well as a prerecorded talk Matt Ahrens gave about ZFS. We'll be back to tell you all about the conference next week, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nPresentation - Matthew Ahrens - matt@mahrens.org / @mahrens1\n\nOpenZFS discussion\n\n\n\nFeedback/Questions\n\n\nRemy writes in\nDarin writes in\nSteve writes in\nPascal writes in\n***\n","content_html":"\u003cp\u003eThis week we\u0026#39;re at BSDCan, ganging up on people and forcing them to give us interviews. Assuming we don\u0026#39;t get arrested for harassment, we\u0026#39;ll be back next week with your regularly scheduled programming. For now, we\u0026#39;ve got some feedback emails to catch up on, as well as a prerecorded talk Matt Ahrens gave about ZFS. We\u0026#39;ll be back to tell you all about the conference next week, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003ePresentation - Matthew Ahrens - \u003ca href=\"mailto:matt@mahrens.org\" rel=\"nofollow\"\u003ematt@mahrens.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/mahrens1\" rel=\"nofollow\"\u003e@mahrens1\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenZFS discussion\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2kGZUlxjg\" rel=\"nofollow\"\u003eRemy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s23j9RHsIx\" rel=\"nofollow\"\u003eDarin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21dMlBAhM\" rel=\"nofollow\"\u003eSteve writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20IyvdSmR\" rel=\"nofollow\"\u003ePascal writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we're at BSDCan, ganging up on people and forcing them to give us interviews. Assuming we don't get arrested for harassment, we'll be back next week with your regularly scheduled programming. For now, we've got some feedback emails to catch up on, as well as a prerecorded talk Matt Ahrens gave about ZFS. We'll be back to tell you all about the conference next week, on BSD Now - the place to B.. SD.","date_published":"2014-05-14T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3519165b-e16c-49e5-9148-ad92396b617e.mp3","mime_type":"audio/mpeg","size_in_bytes":92116660,"duration_in_seconds":7676}]},{"id":"485b12e9-ea67-4bc6-9709-4b0e38a76184","title":"36: Let's Get RAID","url":"https://www.bsdnow.tv/36","content_text":"This week on the show we'll be showing you how to set up RAID arrays in both FreeBSD and OpenBSD. There's also an interview with David Chisnall - of the FreeBSD core team - about the switch to Clang and a lot more. As usual, we'll be dropping the latest news and answering your emails, so sit back and enjoy some BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD 5.5 released\n\n\nIf you ordered a CD set then you've probably had it for a little while already, but OpenBSD has formally announced the public release of 5.5\nThis is one of the biggest releases to date, with a very long list of changes and improvements\nSome of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes... and a lot more\nThe full list of changes is HUGE, be sure to read through it all if you're interested in the details\nIf you're doing an upgrade from 5.4 instead of a fresh install, pay careful attention to the upgrade guide as there are some very specific steps for this version\nAlso be sure to apply the errata patches on your new installations... especially those OpenSSL ones (some of which still aren't fixed in the other BSDs yet)\nOn the topic of errata patches, the project is now going to also send them out (signed) via the announce mailing list, a very welcome change\nCongrats to the whole team on this great release - 5.6 is going to be even more awesome with \"Libre\"SSL and lots of other stuff that's currently in development\n***\n\n\nFreeBSD foundation funding highlights\n\n\nThe FreeBSD foundation posts a new update on how they're spending the money that everyone donates\n\"As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we've done to help FreeBSD become the most innovative, reliable, and high-performance operation system\"\nDuring this spring, they want to highlight the new UEFI boot support and newcons\nThere's a lot of details about what exactly UEFI is and why we need it going forward\nFreeBSD has also needed some updates to its console to support UTF8 and wide characters\nHopefully this series will continue and we'll get to see what other work is being sponsored\n***\n\n\nOpenSSH without OpenSSL\n\n\nThe OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional\nSince it won't have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security\nThis version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES in counter mode and the new combination of the Chacha20 stream cipher with Poly1305 for packet integrity\nKey exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs\nNo support for RSA, DSA or ECDSA public keys - only Ed25519\nIt also includes a new buffer API and a set of wrappers to make it compatible with the existing API\nBelieve it or not, this was planned before all the heartbleed craziness\nMaybe someday soon we'll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc, would be really neat\n***\n\n\nBSDMag's April 2014 issue is out\n\n\nThe free monthly BSD magazine has got a new issue available for download\nThis time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online\nAnyone can contribute to the magazine, just send the editors an email about what you want to write\nNo Linux articles this time around, good\n***\n\n\nInterview - David Chisnall - theraven@freebsd.org\n\nThe LLVM/Clang switch, FreeBSD's core team, various topics\n\n\n\nTutorial\n\nRAID in FreeBSD and OpenBSD\n\n\n\nNews Roundup\n\nBSDTalk episode 240\n\n\nOur buddy Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest - mainly to talk about NTP and keeping reliable time\nTopics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round trip time, some of the recent NTP amplification attacks, the downsides to using UDP instead of TCP and... much more\nGNN also talks a little about the Precision Time Protocol and how it's different than NTP\nTwo people we've interviewed talking to each other, awesome\nIf you're interested in NTP, be sure to see our tutorial too\n***\n\n\nm2k14 trip reports\n\n\nWe've got a few more reports from the recent OpenBSD hackathon in Morocco\nThe first one is from Antoine Jacoutot (who is a key GNOME porter and gave us the screenshots for the OpenBSD desktop tutorial)\n\"Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 unprepared about what I was going to do\"\nHe got lots of work done with ports and pushing GNOME-related patches back up to the main project, then worked on fixing ports' compatibility with LibreSSL\nSpeaking of LibreSSL, there's an article all would-be portable version writers should probably read and take into consideration\nJasper Adriaanse also writes about what he got done over there\nHe cleaned up and fixed the puppet port to work better with OpenBSD\n***\n\n\nWhy you should use FreeBSD on your cloud VPS\n\n\nHere we have a blog post from Atlantic, a VPS and hosting provider, about 10 reasons for using FreeBSD\nStarts off with a little bit of BSD history for those who are unfamiliar with it and only know Linux and Windows\nThe 10 reasons are: community, stability, collaboration, ease of use, ports, security, ZFS, GEOM, sound and having lots of options\nThe post goes into detail about each of them and why FreeBSD makes a great choice for a VPS OS\n***\n\n\nPCBSD weekly digest\n\n\nBig changes coming in the way PCBSD manages software\nThe PBI system, AppCafe and related tools are all going to use pkgng now\nThe AppCafe will no longer be limited to PBIs, so much more software will be easily available from the ports tree\nNew rating system coming soon and much more\n***\n\n\nFeedback/Questions\n\n\nMartin writes in\nJohn writes in\nAlex writes in\nGoetz writes in\nJarrad writes in\n***\n","content_html":"\u003cp\u003eThis week on the show we\u0026#39;ll be showing you how to set up RAID arrays in both FreeBSD and OpenBSD. There\u0026#39;s also an interview with David Chisnall - of the FreeBSD core team - about the switch to Clang and a lot more. As usual, we\u0026#39;ll be dropping the latest news and answering your emails, so sit back and enjoy some BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise servers and storage for open source\" /\u003e\u003c/a\u003e\u003ca href=\"http://www.tarsnap.com/bsdnow\" title=\"Tarsnap\"\u003e\u003cimg src=\"/images/tarsnap1.png\" alt=\"Tarsnap - online backups for the truly paranoid\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/55.html\" rel=\"nofollow\"\u003eOpenBSD 5.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you \u003ca href=\"https://https.openbsd.org/cgi-bin/order\" rel=\"nofollow\"\u003eordered\u003c/a\u003e a \u003ca href=\"https://twitter.com/blakkheim/status/461909893813784576\" rel=\"nofollow\"\u003eCD set\u003c/a\u003e then you\u0026#39;ve probably had it for a little while already, but OpenBSD has formally announced the \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140501153339\" rel=\"nofollow\"\u003epublic release\u003c/a\u003e of 5.5\u003c/li\u003e\n\u003cli\u003eThis is one of the biggest releases to date, with a very long list of changes and improvements\u003c/li\u003e\n\u003cli\u003eSome of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes... and a lot more\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://www.openbsd.org/plus55.html\" rel=\"nofollow\"\u003efull list of changes\u003c/a\u003e is HUGE, be sure to read through it all if you\u0026#39;re interested in the details\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re doing an upgrade from 5.4 instead of a fresh install, pay careful attention to \u003ca href=\"http://www.openbsd.org/faq/upgrade55.html\" rel=\"nofollow\"\u003ethe upgrade guide\u003c/a\u003e as there are some very specific steps for this version\u003c/li\u003e\n\u003cli\u003eAlso be sure to apply the \u003ca href=\"http://www.openbsd.org/errata55.html\" rel=\"nofollow\"\u003eerrata patches\u003c/a\u003e on your new installations... especially those OpenSSL ones (some of which \u003ca href=\"http://marc.info/?l=oss-security\u0026m=139906348230995\u0026w=2\" rel=\"nofollow\"\u003estill aren\u0026#39;t fixed\u003c/a\u003e in the other BSDs yet)\u003c/li\u003e\n\u003cli\u003eOn the topic of errata patches, the project is now going to also send them out (\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140502103355\" rel=\"nofollow\"\u003esigned\u003c/a\u003e) via the \u003ca href=\"http://lists.openbsd.org/cgi-bin/mj_wwwusr?user=\u0026passw=\u0026func=lists-long-full\u0026extra=announce\" rel=\"nofollow\"\u003eannounce mailing list\u003c/a\u003e, a very welcome change\u003c/li\u003e\n\u003cli\u003eCongrats to the whole team on this great release - 5.6 is going to be even more awesome with \u0026quot;Libre\u0026quot;SSL and lots of other stuff that\u0026#39;s currently in development\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/04/freebsd-foundation-spring-fundraising_28.html\" rel=\"nofollow\"\u003eFreeBSD foundation funding highlights\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation posts a new update on how they\u0026#39;re spending the money that everyone donates\u003c/li\u003e\n\u003cli\u003e\u0026quot;As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we\u0026#39;ve done to help FreeBSD become the most innovative, reliable, and high-performance operation system\u0026quot;\u003c/li\u003e\n\u003cli\u003eDuring this spring, they want to highlight the new UEFI boot support \u003ca href=\"http://freebsdfoundation.blogspot.com/2014/05/freebsd-foundation-newcons-project.html\" rel=\"nofollow\"\u003eand newcons\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a lot of details about what exactly UEFI is and why we need it going forward\u003c/li\u003e\n\u003cli\u003eFreeBSD has also needed some updates to its console to support UTF8 and wide characters\u003c/li\u003e\n\u003cli\u003eHopefully this series will continue and we\u0026#39;ll get to see what other work is being sponsored\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=139879453001957\u0026w=2\" rel=\"nofollow\"\u003eOpenSSH without OpenSSL\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional\u003c/li\u003e\n\u003cli\u003eSince it won\u0026#39;t have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security\u003c/li\u003e\n\u003cli\u003eThis version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES in counter mode and the \u003ca href=\"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?rev=HEAD;content-type=text%2Fplain\" rel=\"nofollow\"\u003enew combination\u003c/a\u003e of the Chacha20 stream cipher with Poly1305 for packet integrity\u003c/li\u003e\n\u003cli\u003eKey exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs\u003c/li\u003e\n\u003cli\u003eNo support for RSA, DSA or ECDSA public keys - only Ed25519\u003c/li\u003e\n\u003cli\u003eIt also includes a \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=139883582313750\u0026w=2\" rel=\"nofollow\"\u003enew buffer API\u003c/a\u003e and a set of wrappers to make it compatible with the existing API\u003c/li\u003e\n\u003cli\u003eBelieve it or not, this was planned before all the heartbleed craziness\u003c/li\u003e\n\u003cli\u003eMaybe someday soon we\u0026#39;ll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc, would be really neat\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1861-free-pascal-on-bsd-april-bsd-issue\" rel=\"nofollow\"\u003eBSDMag\u0026#39;s April 2014 issue is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe free monthly BSD magazine has got a new issue available for download\u003c/li\u003e\n\u003cli\u003eThis time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online\u003c/li\u003e\n\u003cli\u003eAnyone can contribute to the magazine, just send the editors an email about what you want to write\u003c/li\u003e\n\u003cli\u003eNo Linux articles this time around, good\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - David Chisnall - \u003ca href=\"mailto:theraven@freebsd.org\" rel=\"nofollow\"\u003etheraven@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe LLVM/Clang switch, FreeBSD\u0026#39;s core team, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/raid\" rel=\"nofollow\"\u003eRAID in FreeBSD and OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdtalk.blogspot.com/2014/04/bsdtalk240-about-time-with-george.html\" rel=\"nofollow\"\u003eBSDTalk episode 240\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest - mainly to talk about NTP and keeping reliable time\u003c/li\u003e\n\u003cli\u003eTopics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round trip time, some of the recent NTP amplification attacks, the downsides to using UDP instead of TCP and... much more\u003c/li\u003e\n\u003cli\u003eGNN also talks a little about the \u003ca href=\"https://en.wikipedia.org/wiki/Precision_Time_Protocol\" rel=\"nofollow\"\u003ePrecision Time Protocol\u003c/a\u003e and how it\u0026#39;s different than NTP\u003c/li\u003e\n\u003cli\u003eTwo \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003epeople\u003c/a\u003e we\u0026#39;ve \u003ca href=\"http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk\" rel=\"nofollow\"\u003einterviewed\u003c/a\u003e talking to each other, awesome\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in NTP, be sure to see our \u003ca href=\"http://www.bsdnow.tv/tutorials/ntpd\" rel=\"nofollow\"\u003etutorial\u003c/a\u003e too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140502092427\" rel=\"nofollow\"\u003em2k14 trip reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve got a few more reports from the recent OpenBSD hackathon in Morocco\u003c/li\u003e\n\u003cli\u003eThe first one is from Antoine Jacoutot (who is a key GNOME porter and gave us the screenshots for the \u003ca href=\"http://www.bsdnow.tv/tutorials/the-desktop-obsd\" rel=\"nofollow\"\u003eOpenBSD desktop tutorial\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u0026quot;Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 unprepared about what I was going to do\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe got lots of work done with ports and pushing GNOME-related patches back up to the main project, then worked on fixing ports\u0026#39; compatibility with LibreSSL\u003c/li\u003e\n\u003cli\u003eSpeaking of LibreSSL, there\u0026#39;s \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140505062023\" rel=\"nofollow\"\u003ean article\u003c/a\u003e all would-be portable version writers should probably read and take into consideration\u003c/li\u003e\n\u003cli\u003eJasper Adriaanse \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140501185019\" rel=\"nofollow\"\u003ealso writes\u003c/a\u003e about what he got done over there\u003c/li\u003e\n\u003cli\u003eHe cleaned up and fixed the puppet port to work better with OpenBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.atlantic.net/blog/2014/04/08/freebsd-ssd-cloud-vps-hosting-10-reasons/\" rel=\"nofollow\"\u003eWhy you should use FreeBSD on your cloud VPS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHere we have a blog post from Atlantic, a VPS and hosting provider, about 10 reasons for using FreeBSD\u003c/li\u003e\n\u003cli\u003eStarts off with a little bit of BSD history for those who are unfamiliar with it and only know Linux and Windows\u003c/li\u003e\n\u003cli\u003eThe 10 reasons are: community, stability, collaboration, ease of use, ports, security, ZFS, GEOM, sound and having lots of options\u003c/li\u003e\n\u003cli\u003eThe post goes into detail about each of them and why FreeBSD makes a great choice for a VPS OS\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/05/weekly-feature-digest-27-software-system-redesign/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBig changes coming in the way PCBSD manages software\u003c/li\u003e\n\u003cli\u003eThe PBI system, AppCafe and related tools are all going to use pkgng now\u003c/li\u003e\n\u003cli\u003eThe AppCafe will no longer be limited to PBIs, so much more software will be easily available from the ports tree\u003c/li\u003e\n\u003cli\u003eNew rating system coming soon and much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21bk2oPuQ\" rel=\"nofollow\"\u003eMartin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2n9fx1Rpw\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2rBBKLA4u\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20JY6ZI71\" rel=\"nofollow\"\u003eGoetz writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20YV5Ohpa\" rel=\"nofollow\"\u003eJarrad writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show we'll be showing you how to set up RAID arrays in both FreeBSD and OpenBSD. There's also an interview with David Chisnall - of the FreeBSD core team - about the switch to Clang and a lot more. As usual, we'll be dropping the latest news and answering your emails, so sit back and enjoy some BSD Now - the place to B.. SD.","date_published":"2014-05-07T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/485b12e9-ea67-4bc6-9709-4b0e38a76184.mp3","mime_type":"audio/mpeg","size_in_bytes":65368948,"duration_in_seconds":5447}]},{"id":"203904d9-509c-4727-918f-d5e6a6276cf8","title":"35: Puffy Firewall","url":"https://www.bsdnow.tv/35","content_text":"We're back again! On this week's packed show, we've got one of the biggest tutorials we've done in a while. It's an in-depth look at PF, OpenBSD's firewall, with some practical examples and different use cases. We'll also be talking to Peter Hansteen about the new edition of \"The Book of PF.\" Of course, we've got news and answers to your emails too, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nALTQ removed from PF\n\n\nKicking off our big PF episode...\nThe classic packet queueing system, ALTQ, was recently removed from OpenBSD -current\nThere will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the \"queue\" keyword with \"oldqueue\" in your pf.conf\nAs of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping\nAfter more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem\nThis doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately.\n***\n\n\nFreeBSD Quarterly Status Report\n\n\nThe quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks\nSome highlights include the first \"stable\" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added\nWe've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team\nLOTS of details and LOTS of topics to cover, give it a read\n***\n\n\nOpenBSD's OpenSSL rewrite continues with m2k14\n\n\nA mini OpenBSD hackathon begins in Morocco, Africa\nYou can follow the changes in the -current CVS log, but a lot of work is mainly going towards the OpenSSL cleaning\nWe've got two trip reports so far, hopefully we'll have some more to show you in a future episode\nYou can see some of the more interesting quotes from the tear-down or see everything\nApparently they are going to call the fork \"LibreSSL\" ....\nWhat were the OpenSSL developers thinking? The RSA private key was used to seed the entropy!\nWe also got some mainstream news coverage and another post from Ted about the history of the fork\nDefinitely consider donating to the OpenBSD foundation, this fork will benefit all the other BSDs too\n***\n\n\nNetBSD 6.1.4 and 6.0.5 released\n\n\nNew updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes\nThe main update is - of course - the heartbleed vulnerability\nAlso includes fixes for other security issues and even a kernel panic... on Atari\nPatch your Ataris right now, this is serious business\n***\n\n\nInterview - Peter Hansteen - peter@bsdly.net / @pitrh\n\nThe Book of PF: 3rd edition\n\n\n\nTutorial\n\nBSD Firewalls: PF\n\n\n\nNews Roundup\n\nNew Xorg now the default in FreeBSD\n\n\nFor quite a while now, FreeBSD has had two versions of X11 in ports\nThe older, stable version was the default, but you could install a newer one by having \"WITH_NEW_XORG\" in /etc/make.conf\nThey've finally made the switch for 10-STABLE and 9-STABLE\nCheck this wiki page for more info\n***\n\n\nGSoC-accepted BSD projects\n\n\nThe Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned\nOpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon\nThe FreeBSD list was also posted\nTheirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more\nGood luck to all the students participating, hopefully they become full time BSD users\n***\n\n\nComplexity of FreeBSD VFS using ZFS as an example\n\n\nHybridCluster posted the second part of their VFS and ZFS series\nThis new post has lots of technical details once again, definitely worth reading if you're a ZFS guy\nOf course, also watch episode 24 for our interview with HybridCluster - they do really interesting stuff\n***\n\n\nPCBSD weekly digest\n\n\nPreload has been ported over, it's a daemon that prefetches applications\nPCBSD is developing their own desktop environment, Lumina (there's also an FAQ)\nIt's still in active development, but you can try it out by installing from ports\nWe'll be showing a live demo of it in a few weeks (when development settles down a bit)\nSome kid in Australia subjects his poor mother to being on camera while she tries out PCBSD and gives her impressions of it\n***\n","content_html":"\u003cp\u003eWe\u0026#39;re back again! On this week\u0026#39;s packed show, we\u0026#39;ve got one of the biggest tutorials we\u0026#39;ve done in a while. It\u0026#39;s an in-depth look at PF, OpenBSD\u0026#39;s firewall, with some practical examples and different use cases. We\u0026#39;ll also be talking to Peter Hansteen about the new edition of \u0026quot;The Book of PF.\u0026quot; Of course, we\u0026#39;ve got news and answers to your emails too, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140419151959\" rel=\"nofollow\"\u003eALTQ removed from PF\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eKicking off our big PF episode...\u003c/li\u003e\n\u003cli\u003eThe classic packet queueing system, ALTQ, was recently removed from OpenBSD -current\u003c/li\u003e\n\u003cli\u003eThere will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the \u0026quot;queue\u0026quot; keyword with \u0026quot;oldqueue\u0026quot; in your pf.conf\u003c/li\u003e\n\u003cli\u003eAs of 5.6, due about six months from now, you\u0026#39;ll have to change your ruleset to the new syntax if you\u0026#39;re using it for bandwidth shaping\u003c/li\u003e\n\u003cli\u003eAfter more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem\u003c/li\u003e\n\u003cli\u003eThis doesn\u0026#39;t affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2014-01-2014-03.html\" rel=\"nofollow\"\u003eFreeBSD Quarterly Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe quarterly status report from FreeBSD is out, detailing some of the project\u0026#39;s ongoing tasks\u003c/li\u003e\n\u003cli\u003eSome highlights include the first \u0026quot;stable\u0026quot; branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team\u003c/li\u003e\n\u003cli\u003eLOTS of details and LOTS of topics to cover, give it a read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140417184158\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s OpenSSL rewrite continues with m2k14\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA mini OpenBSD \u003ca href=\"http://www.openbsd.org/hackathons.html\" rel=\"nofollow\"\u003ehackathon\u003c/a\u003e begins in Morocco, Africa\u003c/li\u003e\n\u003cli\u003eYou can follow the changes in \u003ca href=\"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/\" rel=\"nofollow\"\u003ethe -current CVS log\u003c/a\u003e, but \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140418063443\" rel=\"nofollow\"\u003ea lot of work\u003c/a\u003e is mainly going towards the OpenSSL cleaning\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve got two \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140429121423\" rel=\"nofollow\"\u003etrip\u003c/a\u003e \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140425115340\" rel=\"nofollow\"\u003ereports\u003c/a\u003e so far, hopefully we\u0026#39;ll have some more to show you in a future episode\u003c/li\u003e\n\u003cli\u003eYou can see some of the \u003ca href=\"http://opensslrampage.org/\" rel=\"nofollow\"\u003emore interesting quotes\u003c/a\u003e from the tear-down or \u003ca href=\"http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf\" rel=\"nofollow\"\u003esee everything\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140423045847\" rel=\"nofollow\"\u003eApparently\u003c/a\u003e they are going to call the fork \u0026quot;\u003ca href=\"https://news.ycombinator.com/item?id=7623789\" rel=\"nofollow\"\u003eLibreSSL\u003c/a\u003e\u0026quot; ....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf\" rel=\"nofollow\"\u003eWhat were the OpenSSL developers thinking\u003c/a\u003e? The RSA private key was used to seed the entropy!\u003c/li\u003e\n\u003cli\u003eWe also got \u003ca href=\"http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/\" rel=\"nofollow\"\u003esome mainstream news coverage\u003c/a\u003e and \u003ca href=\"http://www.tedunangst.com/flak/post/origins-of-libressl\" rel=\"nofollow\"\u003eanother post from Ted\u003c/a\u003e about the history of the fork\u003c/li\u003e\n\u003cli\u003eDefinitely consider \u003ca href=\"http://www.openbsdfoundation.org/donations.html\" rel=\"nofollow\"\u003edonating to the OpenBSD foundation\u003c/a\u003e, this fork will benefit all the other BSDs too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_6_1_4_and\" rel=\"nofollow\"\u003eNetBSD 6.1.4 and 6.0.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes\u003c/li\u003e\n\u003cli\u003eThe main update is - of course - the heartbleed vulnerability\u003c/li\u003e\n\u003cli\u003eAlso includes fixes for other security issues and even a kernel panic... on Atari\u003c/li\u003e\n\u003cli\u003ePatch your Ataris right now, this is serious business\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Peter Hansteen - \u003ca href=\"mailto:peter@bsdly.net\" rel=\"nofollow\"\u003epeter@bsdly.net\u003c/a\u003e / \u003ca href=\"https://twitter.com/pitrh\" rel=\"nofollow\"\u003e@pitrh\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe Book of PF: 3rd edition\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/pf\" rel=\"nofollow\"\u003eBSD Firewalls: PF\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=351411\" rel=\"nofollow\"\u003eNew Xorg now the default in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor quite a while now, FreeBSD has had two versions of X11 in ports\u003c/li\u003e\n\u003cli\u003eThe older, stable version was the default, but you could install a newer one by having \u0026quot;WITH_NEW_XORG\u0026quot; in /etc/make.conf\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve finally made the switch for 10-STABLE and 9-STABLE\u003c/li\u003e\n\u003cli\u003eCheck \u003ca href=\"https://wiki.freebsd.org/Graphics\" rel=\"nofollow\"\u003ethis wiki page\u003c/a\u003e for more info\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.google-melange.com/gsoc/org2/google/gsoc2014/openbsdfoundation\" rel=\"nofollow\"\u003eGSoC-accepted BSD projects\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what\u0026#39;s planned\u003c/li\u003e\n\u003cli\u003eOpenBSD\u0026#39;s list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"https://www.google-melange.com/gsoc/org2/google/gsoc2014/freebsd\" rel=\"nofollow\"\u003eFreeBSD list\u003c/a\u003e was also posted\u003c/li\u003e\n\u003cli\u003eTheirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more\u003c/li\u003e\n\u003cli\u003eGood luck to all the students participating, hopefully they become full time BSD users\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.hybridcluster.com/blog/complexity-freebsd-vfs-using-zfs-example-part-2/\" rel=\"nofollow\"\u003eComplexity of FreeBSD VFS using ZFS as an example\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHybridCluster posted the second part of their VFS and ZFS series\u003c/li\u003e\n\u003cli\u003eThis new post has lots of technical details once again, definitely worth reading if you\u0026#39;re a ZFS guy\u003c/li\u003e\n\u003cli\u003eOf course, also watch \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_12-the_cluster_the_cloud\" rel=\"nofollow\"\u003eepisode 24\u003c/a\u003e for our interview with HybridCluster - they do really interesting stuff\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/04/weekly-feature-digest-26-the-lumina-project-and-preload/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePreload has been ported over, it\u0026#39;s a daemon that prefetches applications\u003c/li\u003e\n\u003cli\u003ePCBSD is developing their own desktop environment, Lumina (\u003ca href=\"http://blog.pcbsd.org/2014/04/quick-lumina-desktop-faq/\" rel=\"nofollow\"\u003ethere\u0026#39;s also an FAQ\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s still in active development, but you can try it out by installing from ports\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll be showing a live demo of it in a few weeks (when development settles down a bit)\u003c/li\u003e\n\u003cli\u003eSome kid in Australia \u003ca href=\"https://www.youtube.com/watch?v=ETxhbf3-z18\" rel=\"nofollow\"\u003esubjects his poor mother to being on camera\u003c/a\u003e while she tries out PCBSD and gives her impressions of it\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We're back again! On this week's packed show, we've got one of the biggest tutorials we've done in a while. It's an in-depth look at PF, OpenBSD's firewall, with some practical examples and different use cases. We'll also be talking to Peter Hansteen about the new edition of \"The Book of PF.\" Of course, we've got news and answers to your emails too, on BSD Now - the place to B.. SD.","date_published":"2014-04-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/203904d9-509c-4727-918f-d5e6a6276cf8.mp3","mime_type":"audio/mpeg","size_in_bytes":57157492,"duration_in_seconds":4763}]},{"id":"47904615-f374-468c-b27c-625dad704346","title":"34: It's Gonna Get NASty","url":"https://www.bsdnow.tv/34","content_text":"This week, Allan's at a conference so we've got a short episode for you. We sat down with John Hixson to discuss FreeNAS development and all their future plans. The show will be back next week with a normal episode.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - John Hixson - john@ixsystems.com / @bsdwhore\n\nFreeNAS development\n\n","content_html":"\u003cp\u003eThis week, Allan\u0026#39;s at a conference so we\u0026#39;ve got a short episode for you. We sat down with John Hixson to discuss FreeNAS development and all their future plans. The show will be back next week with a normal episode.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - John Hixson - \u003ca href=\"mailto:john@ixsystems.com\" rel=\"nofollow\"\u003ejohn@ixsystems.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdwhore\" rel=\"nofollow\"\u003e@bsdwhore\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeNAS development\u003c/p\u003e\n\n\u003chr\u003e","summary":"This week, Allan's at a conference so we've got a short episode for you. We sat down with John Hixson to discuss FreeNAS development and all their future plans. The show will be back next week with a normal episode.","date_published":"2014-04-23T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/47904615-f374-468c-b27c-625dad704346.mp3","mime_type":"audio/mpeg","size_in_bytes":16314196,"duration_in_seconds":1359}]},{"id":"f0c15113-8ade-464b-a89f-3398734256dc","title":"33: Certified Package Delivery","url":"https://www.bsdnow.tv/33","content_text":"This week, we sit down with Jim Brown from the BSD Certification group to talk about the BSD exams. Following that, we'll be showing you how to build OpenBSD binary packages in bulk, a la poudriere. There's a boatload of news and we've got answers to your questions, coming up on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nBSDCan schedule, speakers and talks\n\n\nThis year's BSDCan will kick off on May 14th in Ottawa\nThe list of speakers is also out\nAnd finally the talks everyone's looking forward to\nLots of great tutorials and talks, spanning a wide range of topics of interest\nBe sure to come by so you can and meet Allan and Kris in person and get BSDCan shirts\n***\n\n\nNYCBSDCon talks uploaded\n\n\nThe BSD TV YouTube channel has been uploading recordings from the 2014 NYCBSDCon\nJeff Rizzo's talk, \"Releasing NetBSD: So Many Targets, So Little Time\"\nDru Lavigne's talk, \"ZFS Management Tools in FreeNAS and PC-BSD\"\nScott Long's talk, \"Serving one third of the Internet via FreeBSD\"\nMichael W. Lucas' talk, \"BSD Breaking Barriers\"\n***\n\n\nFreeBSD Journal, issue 2\n\n\nThe bi-monthly FreeBSD journal's second issue is out\nTopics in this issue include pkg, poudriere, the PBI format, hwpmc and journaled soft-updates\nIn less than two months, they've already gotten over 1000 subscribers! It's available on Google Play, iTunes, Amazon, etc\n\"We are also working on a dynamic version of the magazine that can be read in many web browsers, including those that run on FreeBSD\"\nCheck our interview with GNN for more information about the journal\n***\n\n\nOpenSSL, more like OpenSS-Hell\n\n\nWe mentioned this huge OpenSSL bug last week during all the chaos, but the aftermath is just as messy\nThere's been a pretty vicious response from security experts all across the internet and in all of the BSD projects - and rightfully so\nWe finally have a timeline of events\nReactions from ISC, PCBSD, Tarsnap, the Tor project, FreeBSD, NetBSD, oss-sec, PHK, Varnish and Akamai\npfSense released a new version to fix it\nOpenBSD disabled heartbeat entirely and is very unforgiving of the IETF\nTed Unangst has two good write-ups about the issue and how horrible the OpenSSL codebase is\nA nice quote from one of the OpenBSD lists: \"Given how trivial one-liner fixes such as #2569 have remained unfixed for 2.5+ years, one can only assume that OpenSSL's bug tracker is only used to park bugs, not fix them\"\nSounds like someone else was having fun with the bug for a while too\nThere's also another OpenSSL bug that OpenBSD patched - it allows an attacker to inject data from one connection into another \nOpenBSD has also imported the most current version of OpenSSL and are ripping it apart from the inside out - we're seeing a fork in real time\n***\n\n\nInterview - Jim Brown - info@bsdcertification.org\n\nThe BSD Certification exams\n\n\n\nTutorial\n\nBuilding OpenBSD binary packages in bulk\n\n\n\nNews Roundup\n\nPortable signify\n\n\nBack in episode 23 we talked with Ted Unangst about the new \"signify\" tool in OpenBSD\nNow there's a (completely unofficial) portable version of it on github\nIf you want to verify your OpenBSD sets ahead of time on another OS, this tool should let you do it\nMaybe other BSD projects can adopt it as a replacement for gpg and incorporate it into their base systems\n***\n\n\nFoundation goals and updates\n\n\nThe OpenBSD foundation has reached their 2014 goal of $150,000\nYou can check their activities and goals to see where the money is going\nRemember that funding also goes to OpenSSH, which EVERY system uses and relies on everyday to protect their data\nThe FreeBSD foundation has kicked off their spring fundraising campaign\nThere's also a list of their activities and goals available to read through\nBe sure to support your favorite BSD, whichever one, so they can continue to make and improve great software that powers the whole internet\n***\n\n\nPCBSD weekly digest\n\n\nNew PBI runtime that fixes stability issues and decreases load times\n\"Update Center\" is getting a lot of development and improvements\nLots of misc. bug fixes and updates\n***\n\n\nFeedback/Questions\n\n\nThere's a reddit thread we wanted to highlight - a user wants to show his friend BSD and why it's great\nBrad writes in\nSha'ul writes in\niGibbs writes in\nMatt writes in\n***\n","content_html":"\u003cp\u003eThis week, we sit down with Jim Brown from the BSD Certification group to talk about the BSD exams. Following that, we\u0026#39;ll be showing you how to build OpenBSD binary packages in bulk, a la poudriere. There\u0026#39;s a boatload of news and we\u0026#39;ve got answers to your questions, coming up on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2014/schedule/\" rel=\"nofollow\"\u003eBSDCan schedule, speakers and talks\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s BSDCan will kick off on May 14th in Ottawa\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"https://www.bsdcan.org/2014/schedule/speakers.en.html\" rel=\"nofollow\"\u003elist of speakers\u003c/a\u003e is also out\u003c/li\u003e\n\u003cli\u003eAnd finally \u003ca href=\"https://www.bsdcan.org/2014/schedule/events.en.html\" rel=\"nofollow\"\u003ethe talks\u003c/a\u003e everyone\u0026#39;s looking forward to\u003c/li\u003e\n\u003cli\u003eLots of great tutorials and talks, spanning a wide range of topics of interest\u003c/li\u003e\n\u003cli\u003eBe sure to come by so you can and meet Allan and Kris in person \u003ca href=\"https://twitter.com/bsdcan/status/454990067552247808\" rel=\"nofollow\"\u003eand get BSDCan shirts\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=4bPduH6O7lI\" rel=\"nofollow\"\u003eNYCBSDCon talks uploaded\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe BSD TV YouTube channel has been uploading recordings from the 2014 NYCBSDCon\u003c/li\u003e\n\u003cli\u003eJeff Rizzo\u0026#39;s talk, \u0026quot;Releasing NetBSD: So Many Targets, So Little Time\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=DAmZ3cbfigA\" rel=\"nofollow\"\u003eDru Lavigne\u0026#39;s talk\u003c/a\u003e, \u0026quot;ZFS Management Tools in FreeNAS and PC-BSD\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=FL5U4wr86L4\" rel=\"nofollow\"\u003eScott Long\u0026#39;s talk\u003c/a\u003e, \u0026quot;Serving one third of the Internet via FreeBSD\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=buo5JlMnGPI\" rel=\"nofollow\"\u003eMichael W. Lucas\u0026#39; talk\u003c/a\u003e, \u0026quot;BSD Breaking Barriers\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/04/freebsd-journal-issue-2-is-now-available.html\" rel=\"nofollow\"\u003eFreeBSD Journal, issue 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe bi-monthly FreeBSD journal\u0026#39;s second issue is out\u003c/li\u003e\n\u003cli\u003eTopics in this issue include pkg, poudriere, the PBI format, hwpmc and journaled soft-updates\u003c/li\u003e\n\u003cli\u003eIn less than two months, they\u0026#39;ve already gotten over 1000 subscribers! It\u0026#39;s available on Google Play, iTunes, Amazon, etc\u003c/li\u003e\n\u003cli\u003e\u0026quot;We are also working on a dynamic version of the magazine that can be read in many web browsers, including those that run on FreeBSD\u0026quot;\u003c/li\u003e\n\u003cli\u003eCheck \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003eour interview with GNN\u003c/a\u003e for more information about the journal\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsd.slashdot.org/story/200567\" rel=\"nofollow\"\u003eOpenSSL, more like OpenSS-Hell\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned this huge OpenSSL bug last week during all the chaos, but the aftermath is just as messy\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s been a pretty vicious response from security experts all across the internet and in all of the BSD projects - and rightfully so\u003c/li\u003e\n\u003cli\u003eWe finally have \u003ca href=\"http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk.html\" rel=\"nofollow\"\u003ea timeline of events\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReactions from \u003ca href=\"https://isc.sans.edu/diary/Testing+for+Heartbleed/17933\" rel=\"nofollow\"\u003eISC\u003c/a\u003e, \u003ca href=\"http://blog.pcbsd.org/2014/04/openssl-security-update/\" rel=\"nofollow\"\u003ePCBSD\u003c/a\u003e, \u003ca href=\"http://www.daemonology.net/blog/2014-04-09-tarsnap-no-heartbleed-here.html\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e, the \u003ca href=\"https://lists.torproject.org/pipermail/tor-talk/2014-April/thread.html\" rel=\"nofollow\"\u003eTor\u003c/a\u003e \u003ca href=\"https://lists.torproject.org/pipermail/tor-relays/2014-April/thread.html\" rel=\"nofollow\"\u003eproject\u003c/a\u003e, \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security/2014-April/thread.html\" rel=\"nofollow\"\u003eFreeBSD\u003c/a\u003e, \u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-004.txt.asc\" rel=\"nofollow\"\u003eNetBSD\u003c/a\u003e, \u003ca href=\"http://seclists.org/oss-sec/2014/q2/index.html\" rel=\"nofollow\"\u003eoss-sec\u003c/a\u003e, \u003ca href=\"https://queue.acm.org/detail.cfm?id=2602816\" rel=\"nofollow\"\u003ePHK\u003c/a\u003e, \u003ca href=\"https://www.varnish-cache.org/docs/trunk/phk/dough.html\" rel=\"nofollow\"\u003eVarnish\u003c/a\u003e and \u003ca href=\"https://blogs.akamai.com/2014/04/heartbleed-update.html\" rel=\"nofollow\"\u003eAkamai\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense\" rel=\"nofollow\"\u003epfSense\u003c/a\u003e released \u003ca href=\"https://blog.pfsense.org/?p=1253\" rel=\"nofollow\"\u003ea new version to fix it\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOpenBSD \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=139715336230455\u0026w=2\" rel=\"nofollow\"\u003edisabled heartbeat entirely\u003c/a\u003e and is very \u003ca href=\"https://news.ycombinator.com/item?id=7568921\" rel=\"nofollow\"\u003eunforgiving of the IETF\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e has two \u003ca href=\"http://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf\" rel=\"nofollow\"\u003egood\u003c/a\u003e \u003ca href=\"http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse\" rel=\"nofollow\"\u003ewrite-ups\u003c/a\u003e about the issue and how horrible the OpenSSL codebase is\u003c/li\u003e\n\u003cli\u003eA nice quote from one of the OpenBSD lists: \u0026quot;Given how trivial one-liner fixes such as #2569 have remained unfixed for 2.5+ years, one can only assume that OpenSSL\u0026#39;s bug tracker is only used to park bugs, not fix them\u0026quot;\u003c/li\u003e\n\u003cli\u003eSounds like \u003ca href=\"http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html\" rel=\"nofollow\"\u003esomeone else\u003c/a\u003e was having fun with the bug for a while too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eThere\u0026#39;s also another OpenSSL bug\u003c/strong\u003e that \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=139732441810737\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD patched\u003c/a\u003e - it allows an attacker to \u003cstrong\u003einject data from one connection into another\u003c/strong\u003e \u003c/li\u003e\n\u003cli\u003eOpenBSD has also imported the most current version of OpenSSL and are ripping it apart from the inside out - we\u0026#39;re \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140415093252\" rel=\"nofollow\"\u003eseeing a fork\u003c/a\u003e in real time\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jim Brown - \u003ca href=\"mailto:info@bsdcertification.org\" rel=\"nofollow\"\u003einfo@bsdcertification.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe \u003ca href=\"http://bsdcertification.org/\" rel=\"nofollow\"\u003eBSD Certification\u003c/a\u003e exams\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/dpb\" rel=\"nofollow\"\u003eBuilding OpenBSD binary packages in bulk\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://github.com/aperezdc/signify\" rel=\"nofollow\"\u003ePortable signify\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBack in \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eepisode 23\u003c/a\u003e we talked with Ted Unangst about the new \u0026quot;signify\u0026quot; tool in OpenBSD\u003c/li\u003e\n\u003cli\u003eNow there\u0026#39;s a (completely unofficial) portable version of it on github\u003c/li\u003e\n\u003cli\u003eIf you want to verify your OpenBSD sets ahead of time on another OS, this tool should let you do it\u003c/li\u003e\n\u003cli\u003eMaybe other BSD projects can adopt it as a replacement for gpg and incorporate it into their base systems\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.mail-archive.com/misc@openbsd.org/msg128240.html\" rel=\"nofollow\"\u003eFoundation goals and updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenBSD foundation has reached their 2014 goal of $150,000\u003c/li\u003e\n\u003cli\u003eYou can check \u003ca href=\"http://www.openbsdfoundation.org/activities.html\" rel=\"nofollow\"\u003etheir activities and goals\u003c/a\u003e to see where the money is going\u003c/li\u003e\n\u003cli\u003eRemember that funding also goes to OpenSSH, which EVERY system uses and relies on everyday to protect their data\u003c/li\u003e\n\u003cli\u003eThe FreeBSD foundation has kicked off their \u003ca href=\"http://freebsdfoundation.blogspot.com/2014/04/freebsd-foundation-spring-fundraising.html\" rel=\"nofollow\"\u003espring fundraising\u003c/a\u003e campaign\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a list of their activities and goals available to read through\u003c/li\u003e\n\u003cli\u003eBe sure to support your favorite BSD, whichever one, so they can continue to make and improve great software that powers the whole internet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/04/pc-bsd-weekly-feature-digest-25/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew PBI runtime that fixes stability issues and decreases load times\u003c/li\u003e\n\u003cli\u003e\u0026quot;Update Center\u0026quot; is getting a lot of development and improvements\u003c/li\u003e\n\u003cli\u003eLots of misc. bug fixes and updates\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.reddit.com/r/BSD/comments/22y497/i_need_a_bit_of_help_showing_my_friends_bsd_and/\" rel=\"nofollow\"\u003eThere\u0026#39;s a reddit thread\u003c/a\u003e we wanted to highlight - a user wants to show his friend BSD and why it\u0026#39;s great\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Tso9a6v\" rel=\"nofollow\"\u003eBrad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21DfdV9yt\" rel=\"nofollow\"\u003eSha\u0026#39;ul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2di8XRt73\" rel=\"nofollow\"\u003eiGibbs writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20m2g8UgV\" rel=\"nofollow\"\u003eMatt writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, we sit down with Jim Brown from the BSD Certification group to talk about the BSD exams. Following that, we'll be showing you how to build OpenBSD binary packages in bulk, a la poudriere. There's a boatload of news and we've got answers to your questions, coming up on BSD Now - the place to B.. SD.","date_published":"2014-04-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/f0c15113-8ade-464b-a89f-3398734256dc.mp3","mime_type":"audio/mpeg","size_in_bytes":57837748,"duration_in_seconds":4819}]},{"id":"a909eddb-036d-451c-8d5a-e7b8e358239f","title":"32: PXE Dust","url":"https://www.bsdnow.tv/32","content_text":"This week on the big show we'll be showing off OpenBSD's new \"autoinstall\" feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now - it's the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD ASLR status update\n\n\nShawn Webb gives us a little update on his address space layout randomization work for FreeBSD\nHe's implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386)\nWork has also started on testing ASLR on ARM, using a Raspberry Pi\nHe's giving a presentation at BSDCan this year about his ASLR work\nWhile we're on the topic of BSDCan...\n***\n\n\nBSDCan tutorials, improving the experience\n\n\nPeter Hansteen writes a new blog post about his upcoming BSDCan tutorials\nThe tutorials are called \"Building the network you need with PF, the OpenBSD packet filter\" and \"Transitioning to OpenBSD 5.5\" - both scheduled to last three hours each\nHe's requesting anyone that'll be there to go ahead and contact him, telling him exactly what you'd like to learn\nThere's also a bit of background information about the tutorials and how he's looking to improve them\nIf you're interested in OpenBSD and going to BSDCan this year, hit him up\n***\n\n\npkgsrc-2014Q1 released\n\n\nThe new stable branch of pkgsrc packages has been built and is ready\nPython 3.3 is now a \"first class citizen\" in pkgsrc\n14255 packages for NetBSD-current/x86_64, 11233 binary packages built with clang for FreeBSD 10/x86_64\nThere's a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD - you could even use pkgsrc instead of pkgng or ports if you were so inclined\nThey're also looking into signing packages\n***\n\n\nOnly two holes in a heck of a long time, who cares?\n\n\nA particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list\nHe questions \"what's the big deal\" about OpenBSD's slogan being \"Only two remote holes in the default install, in a heck of a long time!\"\nLuckily, the community and Theo set the record straight about why you should care about this\nRunning insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features of OpenBSD\nIt spawned a discussion about ease of management and Linux's poor security record, definitely worth reading\n***\n\n\nInterview - Dru Lavigne - dru@freebsd.org / @bsdevents\n\nFreeBSD's documentation printing, documentation springs, various topics\n\n\n\nTutorial\n\nAutomatic, unattended OpenBSD installs with PXE\n\n\n\nNews Roundup\n\npfSense 2.1.1 released\n\n\nA new version of pfSense is released, mainly to fix some security issues\nTracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router\nThere are also some NIC driver updates and other things\nOf course if you want to learn more about pfSense, watch episode 25\n2.1.2 is already up for testing too\n***\n\n\nFreeBSD gets UEFI support\n\n\nIt looks like FreeBSD's battle with UEFI may be coming to a close?\nEd Maste committed a giant list of patches to enable UEFI support on x86_64\nLook through the list to see all the details and information\nThanks FreeBSD foundation!\n***\n\n\nIdeas for the next DragonflyBSD release\n\n\nMr. Dragonfly release engineer himself, Justin Sherrill posts some of his ideas for the upcoming release\nThey're aiming for late May for the next version\nIdeas include better support for running in a VM, pkgng fixes, documentation updates and PAM support\nGasp, they're even considering dropping i386\n***\n\n\nPCBSD weekly digest\n\n\nLots of new PBI updates for 10.0, new runtime implementation\nNew support for running 32 bit applications in PBI runtime\nNew default CD and DVD player, umplayer\nLatest GNOME 3 and Cinnamon merged, new edge package builds\n***\n\n\nFeedback/Questions\n\n\nRemy writes in\nJan writes in\nEddie writes in\nZen writes in\nSean writes in\n***\n","content_html":"\u003cp\u003eThis week on the big show we\u0026#39;ll be showing off OpenBSD\u0026#39;s new \u0026quot;autoinstall\u0026quot; feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now - it\u0026#39;s the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://0xfeedface.org/blog/lattera/2014-04-03/awesome-freebsd-aslr-progress\" rel=\"nofollow\"\u003eFreeBSD ASLR status update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eShawn Webb gives us a little update on his address space layout randomization work for FreeBSD\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386)\u003c/li\u003e\n\u003cli\u003eWork has also started on testing ASLR on ARM, using a Raspberry Pi\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s giving a presentation at BSDCan this year about his ASLR work\u003c/li\u003e\n\u003cli\u003eWhile we\u0026#39;re on the topic of BSDCan...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2014/04/bsdcan-tutorials-please-help-me-improve.html\" rel=\"nofollow\"\u003eBSDCan tutorials, improving the experience\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePeter Hansteen writes a new blog post about his upcoming BSDCan tutorials\u003c/li\u003e\n\u003cli\u003eThe tutorials are called \u0026quot;Building the network you need with PF, the OpenBSD packet filter\u0026quot; and \u0026quot;Transitioning to OpenBSD 5.5\u0026quot; - both scheduled to last three hours each\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s requesting anyone that\u0026#39;ll be there to go ahead and contact him, telling him exactly what you\u0026#39;d like to learn\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a bit of background information about the tutorials and how he\u0026#39;s looking to improve them\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re interested in OpenBSD and going to BSDCan this year, hit him up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/netbsd-announce/2014/04/04/msg000202.html\" rel=\"nofollow\"\u003epkgsrc-2014Q1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe new stable branch of pkgsrc packages has been built and is ready\u003c/li\u003e\n\u003cli\u003ePython 3.3 is now a \u0026quot;first class citizen\u0026quot; in pkgsrc\u003c/li\u003e\n\u003cli\u003e14255 packages for NetBSD-current/x86_64, 11233 binary packages built with clang for FreeBSD 10/x86_64\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD - you could even use pkgsrc instead of pkgng or ports if you were so inclined\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re also looking into \u003ca href=\"http://mail-index.netbsd.org/tech-pkg/2014/03/31/msg012873.html\" rel=\"nofollow\"\u003esigning packages\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.mail-archive.com/misc%40openbsd.org/index.html#127993\" rel=\"nofollow\"\u003eOnly two holes in a heck of a long time, who cares?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list\u003c/li\u003e\n\u003cli\u003eHe questions \u0026quot;what\u0026#39;s the big deal\u0026quot; about OpenBSD\u0026#39;s slogan being \u0026quot;Only two remote holes in the default install, in a heck of a long time!\u0026quot;\u003c/li\u003e\n\u003cli\u003eLuckily, the community and Theo \u003ca href=\"https://www.mail-archive.com/misc%40openbsd.org/msg128001.html\" rel=\"nofollow\"\u003eset the record straight\u003c/a\u003e about why you should care about this\u003c/li\u003e\n\u003cli\u003eRunning insecure applications on OpenBSD is actually \u003cstrong\u003emore\u003c/strong\u003e secure than running them on other systems, due to things like ASLR, PIE and all the \u003ca href=\"https://www.mail-archive.com/misc%40openbsd.org/msg127995.html\" rel=\"nofollow\"\u003esecurity features\u003c/a\u003e of OpenBSD\u003c/li\u003e\n\u003cli\u003eIt spawned a discussion about ease of management and Linux\u0026#39;s poor security record, definitely \u003ca href=\"https://www.mail-archive.com/misc%40openbsd.org/msg128073.html\" rel=\"nofollow\"\u003eworth reading\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Dru Lavigne - \u003ca href=\"mailto:dru@freebsd.org\" rel=\"nofollow\"\u003edru@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdevents\" rel=\"nofollow\"\u003e@bsdevents\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD\u0026#39;s documentation printing, documentation springs, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/autoinstall\" rel=\"nofollow\"\u003eAutomatic, unattended OpenBSD installs with PXE\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://doc.pfsense.org/index.php/2.1.1_New_Features_and_Changes\" rel=\"nofollow\"\u003epfSense 2.1.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new version of pfSense is released, mainly to fix some security issues\u003c/li\u003e\n\u003cli\u003eTracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router\u003c/li\u003e\n\u003cli\u003eThere are also some NIC driver updates \u003ca href=\"https://blog.pfsense.org/?p=1238\" rel=\"nofollow\"\u003eand other things\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOf course if you want to learn more about pfSense, watch \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense\" rel=\"nofollow\"\u003eepisode 25\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.2 is already up for testing too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=264095\" rel=\"nofollow\"\u003eFreeBSD gets UEFI support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt looks like FreeBSD\u0026#39;s battle with UEFI may be coming to a close?\u003c/li\u003e\n\u003cli\u003eEd Maste committed a giant list of patches to enable UEFI support on x86_64\u003c/li\u003e\n\u003cli\u003eLook through the list to see all the details and information\u003c/li\u003e\n\u003cli\u003eThanks FreeBSD foundation!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/kernel/2014-March/094909.html\" rel=\"nofollow\"\u003eIdeas for the next DragonflyBSD release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMr. Dragonfly release engineer himself, \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug\" rel=\"nofollow\"\u003eJustin Sherrill\u003c/a\u003e posts some of his ideas for the upcoming release\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re aiming for late May for the next version\u003c/li\u003e\n\u003cli\u003eIdeas include better support for running in a VM, pkgng fixes, documentation updates and PAM support\u003c/li\u003e\n\u003cli\u003eGasp, they\u0026#39;re even considering dropping i386\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/04/pc-bsd-weekly-feature-digest-24/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLots of new PBI updates for 10.0, new runtime implementation\u003c/li\u003e\n\u003cli\u003eNew support for running 32 bit applications in PBI runtime\u003c/li\u003e\n\u003cli\u003eNew default CD and DVD player, umplayer\u003c/li\u003e\n\u003cli\u003eLatest GNOME 3 and Cinnamon merged, new edge package builds\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s273oSezFs\" rel=\"nofollow\"\u003eRemy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2I3H1HsVb\" rel=\"nofollow\"\u003eJan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2wUTRowzU\" rel=\"nofollow\"\u003eEddie writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2RA0whmwz\" rel=\"nofollow\"\u003eZen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2pwE20Ov6\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the big show we'll be showing off OpenBSD's new \"autoinstall\" feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now - it's the place to B.. SD.","date_published":"2014-04-09T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a909eddb-036d-451c-8d5a-e7b8e358239f.mp3","mime_type":"audio/mpeg","size_in_bytes":55324948,"duration_in_seconds":4610}]},{"id":"00e67148-6432-475e-a473-fa50bef3a29d","title":"31: Edgy BSD Users","url":"https://www.bsdnow.tv/31","content_text":"This week we'll be talking to Richard Stallman about the upcoming GPLv4 and how it will protect our software from being stolen. After that, we'll show you how to recover from those pesky ZFS on Linux corruption issues, as well as some tips on how to explain to your boss that all the production boxes were compromised. Your questions and all the latest GNUs, on Linux Now - the place to Lin.. ux.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nPreorders for cool BSD stuff\n\n\nThe 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder\nWe talked to GNN briefly about it, but he and Kirk have apparently finally finished the book\n\"For many years, The Design and Implementation of the FreeBSD Operating System has been recognized as the most complete, up-to-date, and authoritative technical guide to FreeBSD's internal structure. Now, this definitive guide has been extensively updated to reflect all major FreeBSD improvements between Versions 5 and Versions 11\"\nOpenBSD 5.5 preorders are also up, so you can buy a CD set now\nYou can help support the project, and even get the -release of the OS before it's available publicly\n5.5 is a huge release with lots of big changes, so now is the right time to purchase one of these - tell Austin we sent you!\n***\n\n\npkgsrcCon 2014 CFP\n\n\nThis year's pkgsrcCon is in London, on June 21st and 22nd\nThere's a Call For Papers out now, so you can submit your talks\nAnything related to pkgsrc is fine, it's pretty informal\nDoes anyone in the audience know if the talks will be recorded? This con is relatively unknown\n***\n\n\nBSDMag issue for March 2014\n\n\nThe monthly BSD magazine releases its newest issue\nTopics this time include: deploying NetBSD using AWS EC2, creating a multi-purpose file server with NetBSD, DragonflyBSD as a backup server, more GIMP lessons, network analysis with wireshark and a general security article\nThe Linux article trend seems to continue... hmm\n***\n\n\nNon-ECC RAM in FreeNAS\n\n\nWe've gotten a few questions about ECC RAM with ZFS\nHere we've got a surprising blog post about why someone did not go with ECC RAM for his NAS build\nThe article mentions the benefits of ECC and admits it is a better choice in nearly all instances, but unfortunately it's not very widespread in consumer hardware motherboards and it's more expensive\nRegular RAM also has \"special\" issues with ZFS and pool corruption\nLong post, so check out the whole thing if you've been considering your memory options and weighing the benefits\n***\n\n\nInterview - Pierre Pronchery - khorben@edgebsd.org / @khorben\n\nEdgeBSD (slides)\n\n\n\nTutorial\n\nBuilding an OpenBSD desktop\n\n\n\nNews Roundup\n\nGetting to know your portmgr-lurkers\n\n\nThis week we get to hear from Frederic Culot, colut@\nOriginally an OpenBSD user from France, Frederic joined as a ports committer in 2010 and recently joined the portmgr lurkers team\n\"FreeBSD is also one of my sources of inspiration when it comes to how\norganizations behave and innovate, and I find it very interesting to compare FreeBSD with\nthe for-profit companies I work for\"\nWe get to find out a little bit about him, why he loves FreeBSD and what he does for the project\n***\n\n\nNetBSD on the Playstation 2\n\n\nWho doesn't want to run NetBSD on their old PS2?\nThe PS2 port of NetBSD was sadly removed in 2009, but it has been revived\nIt's using a slightly unusual MIPS CPU that didn't have much GCC support\nHopefully a bootable kernel will be available soon\n***\n\n\nThe FreeBSD Challenge update\n\n\nOur friend from the Linux Foundation continues his FreeBSD switching journey\nThis time he starts off by discovering virtual machines suck at keeping accurate time, and some ports weren't working because of his clock being way off\nAfter polling the IRC for help, he finally learns the difference between ntpdate and ntpd and both of their use cases\nMaybe he should've just read our NTP tutorial!\n***\n\n\nPCBSD weekly digest\n\n\nThe mount tray icon got lots of updates and fixes\nThe faulty distribution server has finally been tracked down and... destroyed\nNew language localization project is in progress\nMany many updates to ports and PBIs, new -STABLE builds\n***\n\n\nFeedback/Questions\n\n\nAntonio writes in\nPatrick writes in\nChris writes in\nRon writes in\nTyler writes in\n***\n","content_html":"\u003cp\u003eThis week we\u0026#39;ll be talking to Richard Stallman about the upcoming GPLv4 and how it will protect our software from being stolen. After that, we\u0026#39;ll show you how to recover from those pesky ZFS on Linux corruption issues, as well as some tips on how to explain to your boss that all the production boxes were compromised. Your questions and all the latest GNUs, on Linux Now - the place to Lin.. ux.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.amazon.com/gp/aw/d/0321968972/\" rel=\"nofollow\"\u003ePreorders for cool BSD stuff\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder\u003c/li\u003e\n\u003cli\u003eWe \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003etalked to GNN\u003c/a\u003e briefly about it, but he and \u003ca href=\"http://www.bsdnow.tv/episodes/2013-10-02_stacks_of_cache\" rel=\"nofollow\"\u003eKirk\u003c/a\u003e have apparently finally finished the book\u003c/li\u003e\n\u003cli\u003e\u0026quot;For many years, The Design and Implementation of the FreeBSD Operating System has been recognized as the most complete, up-to-date, and authoritative technical guide to FreeBSD\u0026#39;s internal structure. Now, this definitive guide has been extensively updated to reflect all major FreeBSD improvements between Versions 5 and Versions 11\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://https.openbsd.org/cgi-bin/order\" rel=\"nofollow\"\u003eOpenBSD 5.5 preorders\u003c/a\u003e are also up, so you can buy a CD set now\u003c/li\u003e\n\u003cli\u003eYou can help support the project, and even get the -release of the OS before it\u0026#39;s available publicly\u003c/li\u003e\n\u003cli\u003e5.5 is a huge release with lots of big changes, so now is the right time to purchase one of these - tell Austin we sent you!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2014/03/18/msg019424.html\" rel=\"nofollow\"\u003epkgsrcCon 2014 CFP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s pkgsrcCon is in London, on June 21st and 22nd\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a Call For Papers out now, so you can submit your talks\u003c/li\u003e\n\u003cli\u003eAnything related to pkgsrc is fine, it\u0026#39;s pretty informal\u003c/li\u003e\n\u003cli\u003eDoes anyone in the audience know if the talks will be recorded? This con is relatively unknown\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1860-deploying-netbsd-on-the-cloud-using-aws-ec2-march-bsd-issue\" rel=\"nofollow\"\u003eBSDMag issue for March 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe monthly BSD magazine releases its newest issue\u003c/li\u003e\n\u003cli\u003eTopics this time include: deploying NetBSD using AWS EC2, creating a multi-purpose file server with NetBSD, DragonflyBSD as a backup server, more GIMP lessons, network analysis with wireshark and a general security article\u003c/li\u003e\n\u003cli\u003eThe Linux article trend seems to continue... hmm\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.brianmoses.net/2014/03/why-i-chose-non-ecc-ram-for-my-freenas.html\" rel=\"nofollow\"\u003eNon-ECC RAM in FreeNAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve gotten a few questions about ECC RAM with ZFS\u003c/li\u003e\n\u003cli\u003eHere we\u0026#39;ve got a surprising blog post about why someone \u003cstrong\u003edid not\u003c/strong\u003e go with ECC RAM for his NAS build\u003c/li\u003e\n\u003cli\u003eThe article mentions the benefits of ECC and admits it is a better choice in nearly all instances, but unfortunately it\u0026#39;s not very widespread in consumer hardware motherboards and it\u0026#39;s more expensive\u003c/li\u003e\n\u003cli\u003eRegular RAM also has \u0026quot;special\u0026quot; issues with ZFS and pool corruption\u003c/li\u003e\n\u003cli\u003eLong post, so check out the whole thing if you\u0026#39;ve been considering your memory options and weighing the benefits\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Pierre Pronchery - \u003ca href=\"mailto:khorben@edgebsd.org\" rel=\"nofollow\"\u003ekhorben@edgebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/khorben\" rel=\"nofollow\"\u003e@khorben\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=_D_iaad5rPo\" rel=\"nofollow\"\u003eEdgeBSD\u003c/a\u003e (\u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/misc/khorben/asiabsdcon2014/\" rel=\"nofollow\"\u003eslides\u003c/a\u003e)\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/the-desktop-obsd\" rel=\"nofollow\"\u003eBuilding an OpenBSD desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2014/03/25/getting-to-know-your-portmgr-lurker-frederic-culot\" rel=\"nofollow\"\u003eGetting to know your portmgr-lurkers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis week we get to hear from Frederic Culot, colut@\u003c/li\u003e\n\u003cli\u003eOriginally an OpenBSD user from France, Frederic joined as a ports committer in 2010 and recently joined the portmgr lurkers team\u003c/li\u003e\n\u003cli\u003e\u0026quot;FreeBSD is also one of my sources of inspiration when it comes to how\norganizations behave and innovate, and I find it very interesting to compare FreeBSD with\nthe for-profit companies I work for\u0026quot;\u003c/li\u003e\n\u003cli\u003eWe get to find out a little bit about him, why he loves FreeBSD and what he does for the project\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/the_playstation2_port_is_back\" rel=\"nofollow\"\u003eNetBSD on the Playstation 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWho doesn\u0026#39;t want to run NetBSD on their old PS2?\u003c/li\u003e\n\u003cli\u003eThe PS2 port of NetBSD was sadly removed in 2009, but it has been revived\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s using a slightly unusual MIPS CPU that didn\u0026#39;t have much GCC support\u003c/li\u003e\n\u003cli\u003eHopefully a bootable kernel will be available soon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.thelinuxcauldron.com/2014/03/24/freebsd-challenge-day-22-30/\" rel=\"nofollow\"\u003eThe FreeBSD Challenge update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend from the Linux Foundation continues his FreeBSD switching journey\u003c/li\u003e\n\u003cli\u003eThis time he starts off by discovering virtual machines suck at keeping accurate time, and some ports weren\u0026#39;t working because of his clock being way off\u003c/li\u003e\n\u003cli\u003eAfter polling the IRC for help, he finally learns the difference between ntpdate and ntpd and both of their use cases\u003c/li\u003e\n\u003cli\u003eMaybe he should\u0026#39;ve just read our \u003ca href=\"http://www.bsdnow.tv/tutorials/ntpd\" rel=\"nofollow\"\u003eNTP tutorial\u003c/a\u003e!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/03/pc-bsd-weekly-feature-digest-23/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe mount tray icon got lots of updates and fixes\u003c/li\u003e\n\u003cli\u003eThe faulty distribution server has finally been tracked down and... destroyed\u003c/li\u003e\n\u003cli\u003eNew language localization project is in progress\u003c/li\u003e\n\u003cli\u003eMany many updates to ports and PBIs, new -STABLE builds\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s27d69qHJW\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21FhLCHbB\" rel=\"nofollow\"\u003ePatrick writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Hisk3Yw\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20rBZyTLC\" rel=\"nofollow\"\u003eRon writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2s4CxE4gd\" rel=\"nofollow\"\u003eTyler writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we'll be talking to Richard Stallman about the upcoming GPLv4 and how it will protect our software from being stolen. After that, we'll show you how to recover from those pesky ZFS on Linux corruption issues, as well as some tips on how to explain to your boss that all the production boxes were compromised. Your questions and all the latest GNUs, on Linux Now - the place to Lin.. ux.","date_published":"2014-04-01T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/00e67148-6432-475e-a473-fa50bef3a29d.mp3","mime_type":"audio/mpeg","size_in_bytes":49769716,"duration_in_seconds":4147}]},{"id":"ab836072-6c9b-4d13-9011-8d9ddf4294e7","title":"30: Documentation is King","url":"https://www.bsdnow.tv/30","content_text":"Finally hit 30 episodes! Today we'll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you've ever wondered about the scary world of mailing lists, today's tutorial will show you the basics of how to get help and contribute back. There's lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD on a Sun T5120\n\n\nOur buddy Ted Unangst got himself a cool Sun box\nOf course he had to write a post about installing and running OpenBSD on it\nThe post goes through some of the quirks and steps to go through in case you're interested in one of these fine SPARC machines\nHe's also got another post about OpenBSD on a Dell CS24-SC server\n***\n\n\nBhyvecon 2014 videos are up\n\n\nLike we mentioned last week, Bhyvecon was an almost-impromptu conference before AsiaBSDCon\nThe talks have apparently already been uploaded!\nSubjects include Bhyve's past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization\nLots more detail in the videos, so check 'em all out\n***\n\n\nBuilding a FreeBSD wireless access point\n\n\nWe've got a new blog post about creating a wireless access point with FreeBSD\nAfter all the recent news of consumer routers being pwned like candy, it's time for people to start building BSD routers\nThe author goes through a lot of the process of getting one set up using good ol' FreeBSD\nUsing hostapd, he's able to share his wireless card in hostap mode and offer DHCP to all the clients\nPlenty of config files and more messy details in the post\n***\n\n\nSwitching from Synology to FreeNAS\n\n\nThe author has been considering getting a NAS for quite a while and documents his research\nHe was faced with the compromise of convenience vs. flexibility - prebuilt or DIY\nAfter seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice\nThe post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give\n***\n\n\nInterview - Warren Block - wblock@freebsd.org\n\nFreeBSD's documentation project, igor, doceng\n\n\n\nTutorial\n\nThe world of BSD mailing lists\n\n\n\nNews Roundup\n\nHAMMER2 work and notes\n\n\nMatthew Dillon has posted some updated notes about the development of the new HAMMER version\nThe start of a cluster API was committed to the tree\nThere are also links to design document, a freemap design document, a changes list and a todo list\n***\n\n\nBSD Breaking Barriers\n\n\nOur friend MWL gave a talk at NYCBSDCon about BSD \"breaking barriers\"\n\"What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We'll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years.\"\nHe also has another upcoming talk, (or \"webcast\") called \"Beyond Security: Getting to Know OpenBSD's Real Purpose\"\n\"OpenBSD is frequently billed as a high-security operating system. That's true, but security isn't the OpenBSD Project's main goal. This webcast will introduce systems administrators to OpenBSD, explain the project's mission, and discuss the features and benefits.\"\nIt's on May 27th and will hopefully be recorded\n***\n\n\nFreeBSD in a chroot\n\n\nFinch, \"FreeBSD running IN a CHroot,\" is a new project\nIt's a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)\nAll the details and some interesting use cases are on the github page\nHe really needs to change the project name though\n***\n\n\nPCBSD weekly digest\n\n\nLots of bugfixes for PCBSD coming down the tubes\nLZ4 compression is now enabled by default on the whole pool\nThe latest 10-STABLE has been imported and builds are going\nAlso the latest GNOME and Cinnamon builds have been imported and much more\n***\n\n\nFeedback/Questions\n\n\nBostjan writes in (IRC suggests md5deep)\nDon writes in\nkaltheat writes in (We use R0DE Podcast microphones and Logitech C920 HD webcams)\nHarri writes in\n***\n","content_html":"\u003cp\u003eFinally hit 30 episodes! Today we\u0026#39;ll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you\u0026#39;ve ever wondered about the scary world of mailing lists, today\u0026#39;s tutorial will show you the basics of how to get help and contribute back. There\u0026#39;s lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120\" rel=\"nofollow\"\u003eOpenBSD on a Sun T5120\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e got himself a cool Sun box\u003c/li\u003e\n\u003cli\u003eOf course he had to write a post about installing and running OpenBSD on it\u003c/li\u003e\n\u003cli\u003eThe post goes through some of the quirks and steps to go through in case you\u0026#39;re interested in one of these fine SPARC machines\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s also got another post about OpenBSD on a \u003ca href=\"http://www.tedunangst.com/flak/post/Dell-CS24-SC-server\" rel=\"nofollow\"\u003eDell CS24-SC server\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/results?search_query=bhyvecon%20tokyo\u0026sm=3\" rel=\"nofollow\"\u003eBhyvecon 2014 videos are up\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLike we mentioned last week, \u003ca href=\"http://bhyvecon.org/\" rel=\"nofollow\"\u003eBhyvecon\u003c/a\u003e was an almost-impromptu conference before AsiaBSDCon\u003c/li\u003e\n\u003cli\u003eThe talks have apparently already been uploaded!\u003c/li\u003e\n\u003cli\u003eSubjects include Bhyve\u0026#39;s past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization\u003c/li\u003e\n\u003cli\u003eLots more detail in the videos, so check \u0026#39;em all out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.khubla.com/freebsd/building-my-own-wireless-point\" rel=\"nofollow\"\u003eBuilding a FreeBSD wireless access point\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve got a new blog post about creating a wireless access point with FreeBSD\u003c/li\u003e\n\u003cli\u003eAfter all the recent news of consumer routers being pwned like candy, it\u0026#39;s time for people to start building \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eBSD routers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe author goes through a lot of the process of getting one set up using good ol\u0026#39; FreeBSD\u003c/li\u003e\n\u003cli\u003eUsing hostapd, he\u0026#39;s able to share his wireless card in hostap mode and offer DHCP to all the clients\u003c/li\u003e\n\u003cli\u003ePlenty of config files and more messy details in the post\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.notquitemainstream.com/2014/03/15/why-im-switching-from-synology-to-freenas/\" rel=\"nofollow\"\u003eSwitching from Synology to FreeNAS\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author has been considering getting a NAS for quite a while and documents his research\u003c/li\u003e\n\u003cli\u003eHe was faced with the compromise of convenience vs. flexibility - prebuilt or DIY\u003c/li\u003e\n\u003cli\u003eAfter seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice\u003c/li\u003e\n\u003cli\u003eThe post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Warren Block - \u003ca href=\"mailto:wblock@freebsd.org\" rel=\"nofollow\"\u003ewblock@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD\u0026#39;s documentation project, igor, doceng\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/mailing-lists\" rel=\"nofollow\"\u003eThe world of BSD mailing lists\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2014/03/18/13651.html\" rel=\"nofollow\"\u003eHAMMER2 work and notes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMatthew Dillon has posted some updated notes about the development of the new HAMMER version\u003c/li\u003e\n\u003cli\u003eThe start of a cluster API was committed to the tree\u003c/li\u003e\n\u003cli\u003eThere are also links to design document, a freemap design document, a changes list and a todo list\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=buo5JlMnGPI\" rel=\"nofollow\"\u003eBSD Breaking Barriers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMWL\u003c/a\u003e gave a talk at NYCBSDCon about BSD \u0026quot;breaking barriers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u0026quot;What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We\u0026#39;ll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe also has another upcoming talk, (or \u0026quot;webcast\u0026quot;) called \u0026quot;\u003ca href=\"http://oreillynet.com/pub/e/3059\" rel=\"nofollow\"\u003eBeyond Security: Getting to Know OpenBSD\u0026#39;s Real Purpose\u003c/a\u003e\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u0026quot;OpenBSD is frequently billed as a high-security operating system. That\u0026#39;s true, but security isn\u0026#39;t the OpenBSD Project\u0026#39;s main goal. This webcast will introduce systems administrators to OpenBSD, explain the project\u0026#39;s mission, and discuss the features and benefits.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s on May 27th and will hopefully be recorded\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://dreamcat4.github.io/finch/\" rel=\"nofollow\"\u003eFreeBSD in a chroot\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFinch, \u0026quot;FreeBSD running IN a CHroot,\u0026quot; is a new project\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)\u003c/li\u003e\n\u003cli\u003eAll the details and some interesting use cases are on the github page\u003c/li\u003e\n\u003cli\u003eHe really needs to \u003ca href=\"https://www.freshports.org/net-im/finch\" rel=\"nofollow\"\u003echange the project name\u003c/a\u003e though\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/03/pc-bsd-weekly-feature-digest-22/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLots of bugfixes for PCBSD coming down the tubes\u003c/li\u003e\n\u003cli\u003eLZ4 compression is now enabled by default on the whole pool\u003c/li\u003e\n\u003cli\u003eThe latest 10-STABLE has been imported and builds are going\u003c/li\u003e\n\u003cli\u003eAlso the latest GNOME and Cinnamon builds have been imported and much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20SlvTcwd\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e (IRC suggests md5deep)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2PeMqXFid\" rel=\"nofollow\"\u003eDon writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21yii6KZe\" rel=\"nofollow\"\u003ekaltheat writes in\u003c/a\u003e (We use R0DE Podcast microphones and Logitech C920 HD webcams)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21SkX19Cp\" rel=\"nofollow\"\u003eHarri writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Finally hit 30 episodes! Today we'll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you've ever wondered about the scary world of mailing lists, today's tutorial will show you the basics of how to get help and contribute back. There's lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD.","date_published":"2014-03-26T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ab836072-6c9b-4d13-9011-8d9ddf4294e7.mp3","mime_type":"audio/mpeg","size_in_bytes":59694113,"duration_in_seconds":4974}]},{"id":"4af36dea-3dd3-4ac1-9ee9-a2e34dd54e3a","title":"29: P.E.F.S.","url":"https://www.bsdnow.tv/29","content_text":"We're back from AsiaBSDCon! This week we'll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we'll give you a step by step guide on how to actually use it. There's also the usual round of your questions and we've got a lot of news to catch up on, so stay tuned to BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nUsing OpenSSH Certificate Authentication\n\n\nSSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using\nThey're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that\nThere's the benefit of not needing a known_hosts file or authorized_users file anymore\nThe post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication\n***\n\n\nBack to FreeBSD, a new series\n\n\nSimilar to the \"FreeBSD Challenge\" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey\n\"So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10\"\nHe's starting off with PCBSD since it's easy to get working with dual graphics\nShould be a fun series to follow!\n***\n\n\nOpenBSD's recent experiments in package building\n\n\nIf you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb\nMarc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware\nThis article goes through some of his findings and plans for future versions that increase performance\nWe'll be showing a tutorial of dpb on the show in a few weeks\n***\n\n\nSecuring FreeBSD with 2FA\n\n\nSo maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?\nThis post walks us through the process of locking down an ssh server with 2FA\nWith just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections\n***\n\n\nInterview - Gleb Kurtsou - gleb.kurtsou@gmail.com\n\nPEFS (security audit results here)\n\n\n\nTutorial\n\nFilesystem-based encryption with PEFS\n\n\n\nNews Roundup\n\nBSDCan 2014 registration\n\n\nRegistration is finally open!\nThe prices are available along with a full list of presentations\nTutorial sessions for various topics as well\nYou have to go\n***\n\n\nBig changes for OpenBSD 5.6\n\n\nAlthough 5.5 was just frozen and the release process has started, 5.6 is already looking promising\nOpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3\nThey've also imported nginx into base a few years ago, but now have finally removed Apache\nSendmail is also no longer the default MTA, OpenSMTPD is the new default\nWill BIND be removed next? Maybe so\nThey've also discontinued the hp300, mvme68k and mvme88k ports\n***\n\n\nGetting to know your portmgr lurkers\n\n\nThe \"getting to know your portmgr\" series makes its return\nThis time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)\nHow he got into FreeBSD? He \"wanted a unix system that I could understand and that would not get bloated as time goes by\"\nMentions why he's still heavily involved with the project and lots more\n***\n\n\nPCBSD weekly digest\n\n\nWork has started to port Pulseaudio to PCBSD 10.0.1\nThere's a new \"pc-mixer\" utility being worked on for sound management as well\nNew PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more\nPCBSD 10.0.1 was released too\n***\n\n\nFeedback/Questions\n\n\nAlex writes in\nBen writes in\nNick writes in\nSami writes in\nChristopher writes in\n***\n","content_html":"\u003cp\u003eWe\u0026#39;re back from AsiaBSDCon! This week we\u0026#39;ll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we\u0026#39;ll give you a step by step guide on how to actually use it. There\u0026#39;s also the usual round of your questions and we\u0026#39;ve got a lot of news to catch up on, so stay tuned to BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://neocri.me/documentation/using-ssh-certificate-authentication/\" rel=\"nofollow\"\u003eUsing OpenSSH Certificate Authentication\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you\u0026#39;re using\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re not really that complex, there just isn\u0026#39;t a lot of documentation on how to use them - this post tries to solve that\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s the benefit of not needing a known_hosts file or authorized_users file anymore\u003c/li\u003e\n\u003cli\u003eThe post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.duckland.org/2014/03/back-to-freebsd-aka-day-1#more\" rel=\"nofollow\"\u003eBack to FreeBSD, a new series\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSimilar to the \u0026quot;FreeBSD Challenge\u0026quot; blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey\u003c/li\u003e\n\u003cli\u003e\u0026quot;So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s starting off with PCBSD since it\u0026#39;s easy to get working with dual graphics\u003c/li\u003e\n\u003cli\u003eShould be a fun series to follow!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140307130554\" rel=\"nofollow\"\u003eOpenBSD\u0026#39;s recent experiments in package building\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIf you\u0026#39;ll remember back to our \u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003epoudriere tutorial\u003c/a\u003e, it lets you build FreeBSD binary packages in bulk - OpenBSD\u0026#39;s version is called \u003ca href=\"http://www.bsdnow.tv/tutorials/dpb\" rel=\"nofollow\"\u003edpb\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMarc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware\u003c/li\u003e\n\u003cli\u003eThis article goes through some of his findings and plans for future versions that increase performance\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll be showing a tutorial of dpb on the show in a few weeks\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://jafdip.com/securing-freebsd-2fa-two-factor-authentication/\" rel=\"nofollow\"\u003eSecuring FreeBSD with 2FA\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo maybe you\u0026#39;ve set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?\u003c/li\u003e\n\u003cli\u003eThis post walks us through the process of locking down an \u003ca href=\"http://www.bsdnow.tv/tutorials/ssh-tmux\" rel=\"nofollow\"\u003essh server\u003c/a\u003e with 2FA\u003c/li\u003e\n\u003cli\u003eWith just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Gleb Kurtsou - \u003ca href=\"mailto:gleb.kurtsou@gmail.com\" rel=\"nofollow\"\u003egleb.kurtsou@gmail.com\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003ePEFS (security audit results \u003ca href=\"https://defuse.ca/audits/pefs.htm\" rel=\"nofollow\"\u003ehere\u003c/a\u003e)\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/pefs\" rel=\"nofollow\"\u003eFilesystem-based encryption with PEFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.bsdcan.org/2014/registration.php\" rel=\"nofollow\"\u003eBSDCan 2014 registration\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRegistration is finally open!\u003c/li\u003e\n\u003cli\u003eThe prices are available along with a full list of presentations\u003c/li\u003e\n\u003cli\u003eTutorial sessions for various topics as well\u003c/li\u003e\n\u003cli\u003eYou have to go\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140314080734\" rel=\"nofollow\"\u003eBig changes for OpenBSD 5.6\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAlthough 5.5 was just frozen and the release process has started, 5.6 is already looking promising\u003c/li\u003e\n\u003cli\u003eOpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve also imported nginx into base a few years ago, but now have finally removed Apache\u003c/li\u003e\n\u003cli\u003eSendmail is also no longer the default MTA, OpenSMTPD \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140313052817\" rel=\"nofollow\"\u003eis the new default\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWill BIND be removed next? \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=139492163427518\u0026w=2\" rel=\"nofollow\"\u003eMaybe so\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve also discontinued the hp300, mvme68k and mvme88k ports\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2014/03/11/getting-to-know-your-portmgr-lurker-alexy-dokuchaev/\" rel=\"nofollow\"\u003eGetting to know your portmgr lurkers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe \u0026quot;getting to know your portmgr\u0026quot; series makes its return\u003c/li\u003e\n\u003cli\u003eThis time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)\u003c/li\u003e\n\u003cli\u003eHow he got into FreeBSD? He \u0026quot;wanted a unix system that I could understand and that would not get bloated as time goes by\u0026quot;\u003c/li\u003e\n\u003cli\u003eMentions why he\u0026#39;s still heavily involved with the project and lots more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/03/pc-bsd-weekly-feature-digest-20/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWork has started to port Pulseaudio to PCBSD 10.0.1\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s a new \u0026quot;pc-mixer\u0026quot; utility being worked on for sound management as well\u003c/li\u003e\n\u003cli\u003eNew PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more\u003c/li\u003e\n\u003cli\u003ePCBSD 10.0.1 \u003ca href=\"http://blog.pcbsd.org/2014/03/pc-bsd-weekly-feature-digest-21-pcbsd-10-0-1-released/\" rel=\"nofollow\"\u003ewas released\u003c/a\u003e too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2QwjHkL2n\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2wLGlHF15\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21JsgRjMU\" rel=\"nofollow\"\u003eNick writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2UX4sYdHy\" rel=\"nofollow\"\u003eSami writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s26z60Qd6z\" rel=\"nofollow\"\u003eChristopher writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We're back from AsiaBSDCon! This week we'll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we'll give you a step by step guide on how to actually use it. There's also the usual round of your questions and we've got a lot of news to catch up on, so stay tuned to BSD Now - the place to B.. SD.","date_published":"2014-03-19T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4af36dea-3dd3-4ac1-9ee9-a2e34dd54e3a.mp3","mime_type":"audio/mpeg","size_in_bytes":82610606,"duration_in_seconds":6884}]},{"id":"dbf43567-8b44-4e0a-a98c-df78dddd551f","title":"28: Ghost of Partition","url":"https://www.bsdnow.tv/28","content_text":"This week we're at AsiaBSDCon, so it'll be a shorter episode. We've got an interview with Eric Turgeon, founder of the desktop-focused GhostBSD project. Haven't heard of GhostBSD? Well stay tuned then. There's also a really interesting tutorial on how to serially concatenate disks in NetBSD. We'll be back next week with a normal episode.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Eric Turgeon - ericturgeon@ghostbsd.org / @GhostBSD1\n\nGhostBSD\n\n\n\nTutorial\n\nSerially concatenating disks in NetBSD\n\n\n\nFeedback/Questions\n\n\nDave writes in\nShane writes in\nRob writes in\nPredrag writes in\n***\n","content_html":"\u003cp\u003eThis week we\u0026#39;re at AsiaBSDCon, so it\u0026#39;ll be a shorter episode. We\u0026#39;ve got an interview with Eric Turgeon, founder of the desktop-focused GhostBSD project. Haven\u0026#39;t heard of GhostBSD? Well stay tuned then. There\u0026#39;s also a really interesting tutorial on how to serially concatenate disks in NetBSD. We\u0026#39;ll be back next week with a normal episode.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Eric Turgeon - \u003ca href=\"mailto:ericturgeon@ghostbsd.org\" rel=\"nofollow\"\u003eericturgeon@ghostbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/GhostBSD1\" rel=\"nofollow\"\u003e@GhostBSD1\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eGhostBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/nbsd-disks\" rel=\"nofollow\"\u003eSerially concatenating disks in NetBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ff5BOdU0\" rel=\"nofollow\"\u003eDave writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2F6j5fVYH\" rel=\"nofollow\"\u003eShane writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2GHmy7tuS\" rel=\"nofollow\"\u003eRob writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2uM28feQe\" rel=\"nofollow\"\u003ePredrag writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we're at AsiaBSDCon, so it'll be a shorter episode. We've got an interview with Eric Turgeon, founder of the desktop-focused GhostBSD project. Haven't heard of GhostBSD? Well stay tuned then. There's also a really interesting tutorial on how to serially concatenate disks in NetBSD. We'll be back next week with a normal episode.","date_published":"2014-03-12T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/dbf43567-8b44-4e0a-a98c-df78dddd551f.mp3","mime_type":"audio/mpeg","size_in_bytes":24331945,"duration_in_seconds":2027}]},{"id":"9c2ed198-48a2-4ed6-988c-6d5ce1ed66c7","title":"27: BSD Now vs. BSDTalk","url":"https://www.bsdnow.tv/27","content_text":"The long-awaited meetup is finally happening on today's show. We're going to be interviewing the original BSD podcaster, Will Backman, to discuss what he's been up to and what the future of BSD advocacy looks like. After that, we'll be showing you how to track (and even cross-compile!) the -CURRENT branch of NetBSD. We've got answers to user-submitted questions and the latest news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD and OpenBSD in GSOC2014\n\n\nThe Google Summer of Code is a way to encourage students to write code for open source projects and make some money\nBoth FreeBSD and OpenBSD were accepted, and we'd love for anyone listening to check out their GSOC pages\nThe FreeBSD wiki has a list of things that they'd be interested in someone helping out with\nOpenBSD's want list was also posted\nDragonflyBSD and NetBSD were sadly not accepted this year\n***\n\n\nYes, you too can be an evil network overlord\n\n\nA new blog post about monitoring your network using only free tools\nOpenBSD is a great fit, and has all the stuff you need in the base system or via packages\nIt talks about the pflow pseudo-interface, its capabilities and relation to NetFlow (also goes well with pf)\nThere's also details about flowd and nfsen, more great tools to make network monitoring easy\nIf you're listening, Peter... stop ignoring our emails and come on the show! We know you're watching!\n***\n\n\nBSDMag's February issue is out\n\n\nThe theme is \"configuring basic services on OpenBSD 5.4\"\nThere's also an interview with Peter Hansteen (oh hey...)\nTopics also include locking down SSH, a GIMP lesson, user/group management, and...\nLinux and Solaris articles? Why??\n***\n\n\nChanges in bcrypt\n\n\nNot specific to any OS, but the OpenBSD team is updating their bcrypt implementation\nThere is a bug in bcrypt when hashing long passwords - other OSes need to update theirs too! (FreeBSD already has)\n\"The length is stored in an unsigned char type, which will overflow and wrap at 256. Although we consider the existence of affected hashes very rare, in order to differentiate hashes generated before and after the fix, we are introducing a new minor 'b'.\"\nAs long as you upgrade your OpenBSD system in order (without skipping versions) you should be ok going forward\nLots of specifics in the email, check the full thing\n***\n\n\nInterview - Will Backman - bitgeist@yahoo.com / @bsdtalk\n\nThe BSDTalk podcast, BSD advocacy, various topics\n\n\n\nTutorial\n\nTracking and cross-compiling -CURRENT (NetBSD)\n\n\n\nNews Roundup\n\nX11 no longer needs root\n\n\nXorg has long since required root privileges to run the main server\nWith recent work from the OpenBSD team, now everything (even KMS) can run as a regular user\nNow you can set the \"machdep.allowaperture\" sysctl to 0 and still use a GUI\n***\n\n\nOpenSSH 6.6 CFT\n\n\nShortly after the huge 6.5 release, we get a routine bugfix update\nTest it out on as many systems as you can\nCheck the mailing list for the full bug list\n***\n\n\nCreating an OpenBSD USB drive\n\n\nSince OpenBSD doesn't distribute any official USB images, here are some instructions on how to do it\nStep by step guide on how you can make your very own\nHowever, there's some recent emails that suggest official USB images may be coming soon... oh wait\n***\n\n\nPCBSD weekly digest\n\n\nNew PBI updates that allow separate ports from /usr/local\nYou need to rebuild pbi-manager if you want to try it out\nUpdates and changes to Life Preserver, App Cafe, PCDM\n***\n\n\nFeedback/Questions\n\n\nespressowar writes in\nAntonio writes in\nChristian writes in\nAdam writes in\nAlex writes in\n***\n","content_html":"\u003cp\u003eThe long-awaited meetup is finally happening on today\u0026#39;s show. We\u0026#39;re going to be interviewing the original BSD podcaster, Will Backman, to discuss what he\u0026#39;s been up to and what the future of BSD advocacy looks like. After that, we\u0026#39;ll be showing you how to track (and even cross-compile!) the -CURRENT branch of NetBSD. We\u0026#39;ve got answers to user-submitted questions and the latest news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://wiki.freebsd.org/SummerOfCode2014\" rel=\"nofollow\"\u003eFreeBSD and OpenBSD in GSOC2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Google Summer of Code is a way to encourage students to write code for open source projects and make some money\u003c/li\u003e\n\u003cli\u003eBoth FreeBSD and OpenBSD were accepted, and we\u0026#39;d love for anyone listening to check out their GSOC pages\u003c/li\u003e\n\u003cli\u003eThe FreeBSD wiki has a list of things that they\u0026#39;d be interested in someone helping out with\u003c/li\u003e\n\u003cli\u003eOpenBSD\u0026#39;s want list was \u003ca href=\"http://www.openbsdfoundation.org/gsoc2014.html\" rel=\"nofollow\"\u003ealso posted\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDragonflyBSD and NetBSD were sadly not accepted this year\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html\" rel=\"nofollow\"\u003eYes, you too can be an evil network overlord\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new blog post about monitoring your network using only free tools\u003c/li\u003e\n\u003cli\u003eOpenBSD is a great fit, and has all the stuff you need in the base system or via packages\u003c/li\u003e\n\u003cli\u003eIt talks about the pflow pseudo-interface, its capabilities and relation to NetFlow (also goes well with pf)\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also details about flowd and nfsen, more great tools to make network monitoring easy\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re listening, Peter... stop ignoring our emails and come on the show! We know you\u0026#39;re watching!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1858-openbsd-5-4-configure-openbsd-basic-services\" rel=\"nofollow\"\u003eBSDMag\u0026#39;s February issue is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe theme is \u0026quot;configuring basic services on OpenBSD 5.4\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also an interview with Peter Hansteen (oh hey...)\u003c/li\u003e\n\u003cli\u003eTopics also include locking down SSH, a GIMP lesson, user/group management, and...\u003c/li\u003e\n\u003cli\u003eLinux and Solaris articles? Why??\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=139320023202696\u0026w=2\" rel=\"nofollow\"\u003eChanges in bcrypt\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNot specific to any OS, but the OpenBSD team is updating their bcrypt implementation\u003c/li\u003e\n\u003cli\u003eThere is a bug in bcrypt when hashing long passwords - other OSes need to update theirs too! (FreeBSD already has)\u003c/li\u003e\n\u003cli\u003e\u0026quot;The length is stored in an unsigned char type, which will overflow and wrap at 256. Although we consider the existence of affected hashes very rare, in order to differentiate hashes generated before and after the fix, we are introducing a new minor \u0026#39;b\u0026#39;.\u0026quot;\u003c/li\u003e\n\u003cli\u003eAs long as you upgrade your OpenBSD system in order (without skipping versions) you should be ok going forward\u003c/li\u003e\n\u003cli\u003eLots of specifics in the email, check the full thing\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Will Backman - \u003ca href=\"mailto:bitgeist@yahoo.com\" rel=\"nofollow\"\u003ebitgeist@yahoo.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdtalk\" rel=\"nofollow\"\u003e@bsdtalk\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe BSDTalk podcast, BSD advocacy, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/current-nbsd\" rel=\"nofollow\"\u003eTracking and cross-compiling -CURRENT (NetBSD)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140223112426\" rel=\"nofollow\"\u003eX11 no longer needs root\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eXorg has long since required root privileges to run the main server\u003c/li\u003e\n\u003cli\u003eWith \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026;m=139245772023497\u0026w=2\" rel=\"nofollow\"\u003erecent work\u003c/a\u003e from the OpenBSD team, now everything (even KMS) can run as a regular user\u003c/li\u003e\n\u003cli\u003eNow you can set the \u0026quot;machdep.allowaperture\u0026quot; sysctl to 0 and still use a GUI\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-March/032259.html\" rel=\"nofollow\"\u003eOpenSSH 6.6 CFT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eShortly after the huge 6.5 release, we get a routine bugfix update\u003c/li\u003e\n\u003cli\u003eTest it out on as many systems as you can\u003c/li\u003e\n\u003cli\u003eCheck the mailing list for the full bug list\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140225072408\" rel=\"nofollow\"\u003eCreating an OpenBSD USB drive\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSince OpenBSD doesn\u0026#39;t distribute any official USB images, here are some instructions on how to do it\u003c/li\u003e\n\u003cli\u003eStep by step guide on how you can make your very own\u003c/li\u003e\n\u003cli\u003eHowever, there\u0026#39;s some \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140228231258\" rel=\"nofollow\"\u003erecent emails\u003c/a\u003e that suggest official USB images may be coming soon... \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=139377587526463\u0026w=2\" rel=\"nofollow\"\u003eoh wait\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/02/pc-bsd-weekly-feature-digest-19/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew PBI updates that allow separate ports from /usr/local\u003c/li\u003e\n\u003cli\u003eYou need to rebuild pbi-manager if you want to try it out\u003c/li\u003e\n\u003cli\u003eUpdates and changes to Life Preserver, App Cafe, PCDM\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2JpJ5EaZp\" rel=\"nofollow\"\u003eespressowar writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2QpPevJ3J\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2EZLxDfWh\" rel=\"nofollow\"\u003eChristian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21gEBZbmG\" rel=\"nofollow\"\u003eAdam writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2RnCO1p9c\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"The long-awaited meetup is finally happening on today's show. We're going to be interviewing the original BSD podcaster, Will Backman, to discuss what he's been up to and what the future of BSD advocacy looks like. After that, we'll be showing you how to track (and even cross-compile!) the -CURRENT branch of NetBSD. We've got answers to user-submitted questions and the latest news, on BSD Now - the place to B.. SD.","date_published":"2014-03-05T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9c2ed198-48a2-4ed6-988c-6d5ce1ed66c7.mp3","mime_type":"audio/mpeg","size_in_bytes":73930325,"duration_in_seconds":6160}]},{"id":"0e208963-5f59-446a-902e-9876d96c8f3f","title":"26: Port Authority","url":"https://www.bsdnow.tv/26","content_text":"On today's show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nTailoring OpenBSD for an old, strange computer\n\n\nThe author of this article had an OmniBook 800CT, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU\nObviously he had to install some kind of BSD on it!\nThis post goes through all his efforts of trimming down OpenBSD to work on such a limited device\nHe goes through the trial and error of \"compile, break it, rebuild, try again\"\nAfter cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working\n***\n\n\npkgsrcCon and BSDCan\n\n\npkgsrccon is \"a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure\"\nThis year it will be on June 21st and 22nd\nThe schedule is still being worked out, so if you want to give a talk, submit it\nBSDCan's schedule was also announced\nWe'll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more\nKris' presentation was accepted!\nTons of topics, look forward to the recorded versions of all of them hopefully!\n***\n\n\nTwo factor auth with pushover\n\n\nA new write-up from our friend Ted Unangst\nPushover is \"a web hook to smartphone push notification gateway\" - you sent a POST to a web server and it sends a code to your phone\nHis post goes through the steps of editing your login.conf and setting it all up to work\nNow you can get a two factor authenticated login for ssh!\n***\n\n\nThe status of GNOME 3 on BSD\n\n\nIt's no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems\nOpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use\nThis post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast\nA few recent posts from some GNOME developers show that they're finally working with the BSD guys to improve portability\nThe FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us - it's a beautiful thing\nThis goes right along with our interview today!\n***\n\n\nInterview - Joe Marcus Clark - marcus@freebsd.org\n\nThe life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics\n\n\n\nTutorial\n\nThe FreeBSD Ports Collection\n\n\n\nNews Roundup\n\nDragonflyBSD 3.8 goals and 3.6.1 release\n\n\nThe Dragonfly team is thinking about what should be in version 3.8\nOn their bug tracker, it lists some of the things they'd like to get done before then\nIn the meantime, 3.6.1 was released with lots of bugfixes\n***\n\n\nNYCBSDCon 2014 wrap-up piece\n\n\nWe've got a nice wrap-up titled \"NYCBSDCon 2014 Heats Up a Cold Winter Weekend\"\nThe author also interviews GNN about the conference\nThere's even a little \"beginner introduction\" to BSD segment\nIncludes a mention of the recently-launched journal and lots of pictures from the event\n***\n\n\nFreeBSD and Linux, a comparative analysis\n\n\nGNN in yet another story - he gave a presentation at the NYLUG about the differences between FreeBSD and Linux\nHe mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs \"distros,\" development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences\nServes as a good introduction you can show your Linux friends\n***\n\n\nPCBSD CFT and weekly digest\n\n\nUpgrade tools have gotten a major rewrite\nYou have to help test it, there is no choice! Read more here\nHow dare Kris be \"unimpressed with\" freebsd-update and pkgng!?\nVarious updates and fixes\n***\n\n\nFeedback/Questions\n\n\nJeffrey writes in\nShane writes in\nFerdinand writes in\nCurtis writes in\nClint writes in\nPeter writes in\n***\n","content_html":"\u003cp\u003eOn today\u0026#39;s show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://multixden.blogspot.com/2014/02/tailoring-openbsd-for-old-strange.html\" rel=\"nofollow\"\u003eTailoring OpenBSD for an old, strange computer\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe author of this article had an \u003ca href=\"http://hpmuseum.net/display_item.php?hw=233\" rel=\"nofollow\"\u003eOmniBook 800CT\u003c/a\u003e, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU\u003c/li\u003e\n\u003cli\u003eObviously he had to install some kind of BSD on it!\u003c/li\u003e\n\u003cli\u003eThis post goes through all his efforts of trimming down OpenBSD to work on such a limited device\u003c/li\u003e\n\u003cli\u003eHe goes through the trial and error of \u0026quot;compile, break it, rebuild, try again\u0026quot;\u003c/li\u003e\n\u003cli\u003eAfter cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.pkgsrc.org/pkgsrcCon/2014/\" rel=\"nofollow\"\u003epkgsrcCon and BSDCan\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003epkgsrccon is \u0026quot;a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis year it will be on June 21st and 22nd\u003c/li\u003e\n\u003cli\u003eThe \u003ca href=\"http://www.pkgsrc.org/pkgsrcCon/2014/schedule.html\" rel=\"nofollow\"\u003eschedule\u003c/a\u003e is still being worked out, so if you want to give a talk, submit it\u003c/li\u003e\n\u003cli\u003eBSDCan\u0026#39;s \u003ca href=\"https://www.bsdcan.org/2014/schedule/events.en.html\" rel=\"nofollow\"\u003eschedule\u003c/a\u003e was also announced\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more\u003c/li\u003e\n\u003cli\u003eKris\u0026#39; presentation was accepted!\u003c/li\u003e\n\u003cli\u003eTons of topics, look forward to the recorded versions of all of them hopefully!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/login-pushover\" rel=\"nofollow\"\u003eTwo factor auth with pushover\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new write-up from our friend \u003ca href=\"http://www.bsdnow.tv/episodes/2014_02_05-time_signatures\" rel=\"nofollow\"\u003eTed Unangst\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePushover is \u0026quot;a web hook to smartphone push notification gateway\u0026quot; - you sent a POST to a web server and it sends a code to your phone\u003c/li\u003e\n\u003cli\u003eHis post goes through the steps of editing your login.conf and setting it all up to work\u003c/li\u003e\n\u003cli\u003eNow you can get a two factor authenticated login for ssh!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140219085851\" rel=\"nofollow\"\u003eThe status of GNOME 3 on BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt\u0026#39;s no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems\u003c/li\u003e\n\u003cli\u003eOpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use\u003c/li\u003e\n\u003cli\u003eThis post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes \u003ca href=\"https://www.bsdfrog.org/tmp/undeadly-gnome.webm\" rel=\"nofollow\"\u003ea screencast\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA few \u003ca href=\"http://blogs.gnome.org/mclasen/2014/02/19/on-portability/\" rel=\"nofollow\"\u003erecent\u003c/a\u003e \u003ca href=\"http://blogs.gnome.org/desrt/2014/02/19/on-portability/\" rel=\"nofollow\"\u003eposts\u003c/a\u003e from some GNOME developers show that they\u0026#39;re finally working with the BSD guys to improve portability\u003c/li\u003e\n\u003cli\u003eThe FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us - it\u0026#39;s a beautiful thing\u003c/li\u003e\n\u003cli\u003eThis goes right along with our interview today!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Joe Marcus Clark - \u003ca href=\"mailto:marcus@freebsd.org\" rel=\"nofollow\"\u003emarcus@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/ports\" rel=\"nofollow\"\u003eThe FreeBSD Ports Collection\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bugs.dragonflybsd.org/versions/4\" rel=\"nofollow\"\u003eDragonflyBSD 3.8 goals and 3.6.1 release\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Dragonfly team is thinking about what should be in version 3.8\u003c/li\u003e\n\u003cli\u003eOn their bug tracker, it lists some of the things they\u0026#39;d like to get done before then\u003c/li\u003e\n\u003cli\u003eIn the meantime, \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2014-February/199294.html\" rel=\"nofollow\"\u003e3.6.1\u003c/a\u003e was released with lots of bugfixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.informit.com/blogs/blog.aspx?uk=NYCBSDCon-2014-Rocked-a-Cold-February-Weekend\" rel=\"nofollow\"\u003eNYCBSDCon 2014 wrap-up piece\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve got a nice wrap-up titled \u0026quot;NYCBSDCon 2014 Heats Up a Cold Winter Weekend\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe author also interviews \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates\" rel=\"nofollow\"\u003eGNN\u003c/a\u003e about the conference\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s even a little \u0026quot;beginner introduction\u0026quot; to BSD segment\u003c/li\u003e\n\u003cli\u003eIncludes a mention of the recently-launched journal and lots of pictures from the event\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?\u0026v=5mv_oKFzACM#t=418\" rel=\"nofollow\"\u003eFreeBSD and Linux, a comparative analysis\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGNN in yet another story - he gave a presentation at the NYLUG about the differences between FreeBSD and Linux\u003c/li\u003e\n\u003cli\u003eHe mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs \u0026quot;distros,\u0026quot; development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences\u003c/li\u003e\n\u003cli\u003eServes as a good introduction you can show your Linux friends\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/02/call-for-testers-new-major-upgrade-methodology/\" rel=\"nofollow\"\u003ePCBSD CFT and weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpgrade tools have gotten a major rewrite\u003c/li\u003e\n\u003cli\u003eYou have to help test it, there is no choice! Read more \u003ca href=\"http://blog.pcbsd.org/2014/02/pc-bsd-weekly-feature-digest-18/\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHow dare Kris be \u0026quot;unimpressed with\u0026quot; freebsd-update and pkgng!?\u003c/li\u003e\n\u003cli\u003eVarious updates and fixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s213KxUdVj\" rel=\"nofollow\"\u003eJeffrey writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20lwkjLVK\" rel=\"nofollow\"\u003eShane writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21DqJs77g\" rel=\"nofollow\"\u003eFerdinand writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20eXKEqJc\" rel=\"nofollow\"\u003eCurtis writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21XMVFuVu\" rel=\"nofollow\"\u003eClint writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Xk05MHe\" rel=\"nofollow\"\u003ePeter writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On today's show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now - the place to B.. SD.","date_published":"2014-02-26T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0e208963-5f59-446a-902e-9876d96c8f3f.mp3","mime_type":"audio/mpeg","size_in_bytes":65589845,"duration_in_seconds":5465}]},{"id":"dad040a2-8866-4876-88fb-43b036b3e691","title":"25: A Sixth pfSense","url":"https://www.bsdnow.tv/25","content_text":"We have a packed show for you this week! We'll sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We'll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nEuroBSDCon and AsiaBSDCon\n\n\nThis year, EuroBSDCon will be in September in Sofia, Bulgaria\nThey've got a call for papers up now, so everyone can submit the talks they want to present\nThere will also be a tutorial section of the conference\nAsiaBSDCon will be next month, in March!\nAll the info about the registration, tutorials, hotels, timetable and location have been posted\nCheck the link for all the details on the talks - if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers!\n***\n\n\nFreeBSD 10 on Ubiquiti EdgeRouter Lite\n\n\nThe Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU\nThis article goes through the process of installing and configuring FreeBSD on it to use as a home router\nLots of good pictures of the hardware and specific details needed to get you set up\nIt also includes the scripts to create your own images if you don't want to use the ones rolled by someone else\nFor such a cheap price, might be a really fun weekend project to replace your shitty consumer router\nOf course if you're more of an OpenBSD guy, you can always see our tutorial for that too\n***\n\n\nSigned pkgsrc package guide\n\n\nWe got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up\nIt shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)\nHe goes through the process of signing packages with a public key and how to verify the packages when you install them\nThe author also happens to be an EdgeBSD developer\n***\n\n\nBig batch of OpenBSD hackathon reports\n\n\nFive trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI\nIn the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things\nIn the third, jsg updated libdrm and mesa and did various work on xenocara\nIn the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead - but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he's done\nIn the fifth, claudio talks about some stuff he did for routing tables and misc. other things\n***\n\n\nInterview - Chris Buechler - cmb@pfsense.com / @cbuechler\n\npfSense\n\n\n\nTutorial\n\npfSense walkthrough\n\n\n\nNews Roundup\n\nFreeBSD challenge continues\n\n\nOur buddy from the Linux foundation continues his switching to BSD journey\nIn day 13, he covers some tips for new users, mentions trying things out in a VM first\nIn day 14, he starts setting up XFCE and X11, feels like he's starting over as a new Linux user learning the ropes again - concludes that ports are the way to go\nIn day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch\nIn day 16, he dives into the world of FreeBSD jails!\n***\n\n\nBSD books in 2014\n\n\nBSD books are some of the highest quality technical writings available, and MWL has written a good number of them\nIn this post, he details some of his plans for 2014\nIn includes at least one OpenBSD book, at least one FreeBSD book and...\nVery strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)\nCheck the link for all the details\n***\n\n\nHow to build FreeBSD/EC2 images\n\n\nOur friend Colin Percival details how to build EC2 images in a new blog post\nMost people just use the images he makes on their instances, but some people will want to make their own from scratch\nYou build a regular disk image and then turn it into an AMI\nIt requires a couple ports be installed on your system, but the whole process is pretty straightforward\n***\n\n\nPCBSD weekly digest\n\n\nThis time around we discuss how you can become a developer\nKris also details the length of supported releases\nExpect lots of new features in 10.1\n***\n\n\nFeedback/Questions\n\n\nSean writes in\nJake writes in\nNiclas writes in\nSteffan writes in\nAntonio writes in\nChris writes in\n***\n","content_html":"\u003cp\u003eWe have a packed show for you this week! We\u0026#39;ll sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We\u0026#39;ll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2014.eurobsdcon.org/calendar/call-for-papers/\" rel=\"nofollow\"\u003eEuroBSDCon and AsiaBSDCon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year, EuroBSDCon will be in September in Sofia, Bulgaria\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;ve got a call for papers up now, so everyone can submit the talks they want to present\u003c/li\u003e\n\u003cli\u003eThere will also be a tutorial section of the conference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://2014.asiabsdcon.org/timetable.html.en\" rel=\"nofollow\"\u003eAsiaBSDCon\u003c/a\u003e will be next month, in March!\u003c/li\u003e\n\u003cli\u003eAll the info about the registration, tutorials, hotels, timetable and location have been posted\u003c/li\u003e\n\u003cli\u003eCheck the link for all the details on the talks - if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://rtfm.net/FreeBSD/ERL/\" rel=\"nofollow\"\u003eFreeBSD 10 on Ubiquiti EdgeRouter Lite\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU\u003c/li\u003e\n\u003cli\u003eThis article goes through the process of installing and configuring FreeBSD on it to use as a home router\u003c/li\u003e\n\u003cli\u003eLots of good pictures of the hardware and specific details needed to get you set up\u003c/li\u003e\n\u003cli\u003eIt also includes the scripts to create your own images if you don\u0026#39;t want to use the ones rolled by someone else\u003c/li\u003e\n\u003cli\u003eFor such a cheap price, might be a really fun weekend project to replace your shitty consumer router\u003c/li\u003e\n\u003cli\u003eOf course if you\u0026#39;re more of an OpenBSD guy, you can always see \u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eour tutorial\u003c/a\u003e for that too\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.saveosx.org/signed-packages/\" rel=\"nofollow\"\u003eSigned pkgsrc package guide\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up\u003c/li\u003e\n\u003cli\u003eIt shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)\u003c/li\u003e\n\u003cli\u003eHe goes through the process of signing packages with a public key and how to verify the packages when you install them\u003c/li\u003e\n\u003cli\u003eThe author also happens to be an EdgeBSD developer\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140212083627\" rel=\"nofollow\"\u003eBig batch of OpenBSD hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFive trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140213065843\" rel=\"nofollow\"\u003ethe second\u003c/a\u003e, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140213173808\" rel=\"nofollow\"\u003ethe third\u003c/a\u003e, jsg updated libdrm and mesa and did various work on xenocara\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140214070023\" rel=\"nofollow\"\u003ethe fourth\u003c/a\u003e, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead - but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he\u0026#39;s done\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140214130039\" rel=\"nofollow\"\u003ethe fifth\u003c/a\u003e, claudio talks about some stuff he did for routing tables and misc. other things\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Chris Buechler - \u003ca href=\"mailto:cmb@pfsense.com\" rel=\"nofollow\"\u003ecmb@pfsense.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/cbuechler\" rel=\"nofollow\"\u003e@cbuechler\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003epfSense\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003epfSense walkthrough\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.thelinuxcauldron.com/2014/02/13/freebsd-challenge-day-13-30/\" rel=\"nofollow\"\u003eFreeBSD challenge continues\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy from the Linux foundation continues his switching to BSD journey\u003c/li\u003e\n\u003cli\u003eIn day 13, he covers some tips for new users, mentions trying things out in a VM first\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://www.thelinuxcauldron.com/2014/02/14/freebsd-challenge-day-14-30/\" rel=\"nofollow\"\u003eday 14\u003c/a\u003e, he starts setting up XFCE and X11, feels like he\u0026#39;s starting over as a new Linux user learning the ropes again - concludes that ports are the way to go\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://www.thelinuxcauldron.com/2014/02/14/freebsd-challenge-day-15-30/\" rel=\"nofollow\"\u003eday 15\u003c/a\u003e, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://www.thelinuxcauldron.com/2014/02/17/freebsd-challenge-day-16-30/\" rel=\"nofollow\"\u003eday 16\u003c/a\u003e, he dives into the world of \u003ca href=\"http://www.bsdnow.tv/tutorials/jails\" rel=\"nofollow\"\u003eFreeBSD jails\u003c/a\u003e!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/1962\" rel=\"nofollow\"\u003eBSD books in 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD books are some of the highest quality technical writings available, and MWL has written a good number of them\u003c/li\u003e\n\u003cli\u003eIn this post, he details some of his plans for 2014\u003c/li\u003e\n\u003cli\u003eIn includes at least one OpenBSD book, at least one FreeBSD book and...\u003c/li\u003e\n\u003cli\u003eVery strong possibility of Absolute FreeBSD 3rd edition (watch \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eour interview with him\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCheck the link for all the details\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2014-02-16-FreeBSD-EC2-build.html\" rel=\"nofollow\"\u003eHow to build FreeBSD/EC2 images\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur friend \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_22-tendresse_for_ten\" rel=\"nofollow\"\u003eColin Percival\u003c/a\u003e details how to build EC2 images in a new blog post\u003c/li\u003e\n\u003cli\u003eMost people just use the images he makes on their instances, but some people will want to make their own \u003ca href=\"https://svnweb.freebsd.org/base/user/cperciva/EC2-build/\" rel=\"nofollow\"\u003efrom scratch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou build a regular disk image and then turn it into an AMI\u003c/li\u003e\n\u003cli\u003eIt requires a couple ports be installed on your system, but the whole process is pretty straightforward\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/02/pc-bsd-weekly-feature-digest-17/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis time around we discuss how you can become a developer\u003c/li\u003e\n\u003cli\u003eKris also details the length of supported releases\u003c/li\u003e\n\u003cli\u003eExpect lots of new features in 10.1\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s216xJoCVG\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2gLrR3VVf\" rel=\"nofollow\"\u003eJake writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21gfG3Iho\" rel=\"nofollow\"\u003eNiclas writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2JNyw5BCn\" rel=\"nofollow\"\u003eSteffan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2kg3zoRfm\" rel=\"nofollow\"\u003eAntonio writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ZwSIfRjm\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We have a packed show for you this week! We'll sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We'll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now - the place to B.. SD.","date_published":"2014-02-19T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/dad040a2-8866-4876-88fb-43b036b3e691.mp3","mime_type":"audio/mpeg","size_in_bytes":48903556,"duration_in_seconds":4075}]},{"id":"4472f6f6-5fb3-4ee9-b20c-04e927cf1299","title":"24: The Cluster \u0026 The Cloud","url":"https://www.bsdnow.tv/24","content_text":"This week on BSD Now... a wrap-up from NYCBSDCon! We'll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it's BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 10 as a firewall\n\n\nBack in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead\nNow, with the release of 10.0, he's apparently changed his mind and switched back over\nIt mentions the SMP version of pf, general performance advantages and more modern features\nThe author is a regular listener of BSD Now, hi Joe!\n***\n\n\nNetwork Noise Reduction Using Free Tools\n\n\nReally long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD\nPeter Hansteen, author of the book of PF, goes through how he uses OpenBSD's spamd and other security features to combat spam and malware\nHe goes through his experiences with content filtering and disappointment with a certain proprietary vendor\nNot totally BSD-specific, lots of people can enjoy the article - lots of virus history as well\n***\n\n\nFreeBSD ASLR patches submitted\n\n\nSo far, FreeBSD hasn't had Address Space Layout Randomization\nASLR is a nice security feature, see wikipedia for more information\nWith a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course)\nWe might have Shawn on the show to talk about it, but he's also giving a presentation at BSDCan about his work with ASLR\n***\n\n\nOld-style pkg_ tools retired\n\n\nAt last the old pkg_add tools are being retired in FreeBSD\npkgng is a huge improvement, and now portmgr@ thinks it's time to cut the cord on the legacy toolset\nPorts aren't going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go\nAll pkg_ tools will be considered unsupported on September 1, 2014 - even on older branches\n***\n\n\nInterview - Luke Marsden - luke@hybridcluster.com / @lmarsden\n\nBSD at HybridCluster\n\n\n\nTutorial\n\nFilesharing with chrooted SFTP\n\n\n\nNews Roundup\n\nFreeBSD on OpenStack\n\n\nOpenStack is a cloud computing project\nIt consists of \"a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API.\"\nUntil now, there wasn't a good way to run a full BSD instance on OpenStack\nWith a project in the vein of Colin Percival's AWS startup scripts, now that's no longer the case! \n***\n\n\nFOSDEM BSD videos\n\n\nThis year's FOSDEM had seven BSD presentations\nThe videos are slowly being uploaded for your viewing pleasure\nNot all of the BSD ones are up yet, but by the time you're watching this they might be!\nCheck this directory for most of 'em\nThe BSD dev room was full, lots of interest in what's going on from the other communities\n***\n\n\nThe FreeBSD challenge finally returns!\n\n\nDue to prodding from a certain guy of a certain podcast, the \"FreeBSD Challenge\" series has finally resumed\nOur friend from the Linux foundation picks up with day 11 and day 12 on his switching from Linux journey\nThis time he outlines the upgrade process of going from 9 to 10, using freebsd-update\nThere's also some notes about different options for upgrading ports and some extra tips\n***\n\n\nPCBSD weekly digest\n\n\nAfter the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while\nDuring their \"fine tuning phase\" users are encouraged to submit any and all bugs via the trac system\nWarden got some fixes and the package manager got some updates as well\nHuge size reduction in PBI format\n***\n\n\nFeedback/Questions\n\n\nDerrick writes in\nSean writes in\nPatrick writes in\nPeter writes in\nSean writes in\n***\n","content_html":"\u003cp\u003eThis week on BSD Now... a wrap-up from NYCBSDCon! We\u0026#39;ll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it\u0026#39;s BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.pantz.org/software/pf/use_freebsd_10_as_a_pf_firewall.html\" rel=\"nofollow\"\u003eFreeBSD 10 as a firewall\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBack in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead\u003c/li\u003e\n\u003cli\u003eNow, with the release of 10.0, he\u0026#39;s apparently changed his mind and switched back over\u003c/li\u003e\n\u003cli\u003eIt mentions the SMP version of pf, general performance advantages and more modern features\u003c/li\u003e\n\u003cli\u003eThe author is a regular listener of BSD Now, hi Joe!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2014/02/effective-spam-and-malware.html\" rel=\"nofollow\"\u003eNetwork Noise Reduction Using Free Tools\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eReally long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD\u003c/li\u003e\n\u003cli\u003ePeter Hansteen, author of the book of PF, goes through how he uses OpenBSD\u0026#39;s spamd and other security features to combat spam and malware\u003c/li\u003e\n\u003cli\u003eHe goes through his experiences with content filtering and disappointment with a certain proprietary vendor\u003c/li\u003e\n\u003cli\u003eNot totally BSD-specific, lots of people can enjoy the article - lots of virus history as well\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://0xfeedface.org/blog/lattera/2014-02-02/freebsd-aslr-patch-submitted-upstream\" rel=\"nofollow\"\u003eFreeBSD ASLR patches submitted\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo far, FreeBSD hasn\u0026#39;t had Address Space Layout Randomization\u003c/li\u003e\n\u003cli\u003eASLR is a nice security feature, \u003ca href=\"https://en.wikipedia.org/wiki/Address_space_layout_randomization\" rel=\"nofollow\"\u003esee wikipedia\u003c/a\u003e for more information\u003c/li\u003e\n\u003cli\u003eWith a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course)\u003c/li\u003e\n\u003cli\u003eWe might have Shawn on the show to talk about it, but he\u0026#39;s also giving a presentation at BSDCan about his work with ASLR\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2014/02/03/time-to-bid-farewell-to-the-old-pkg_-tools/\" rel=\"nofollow\"\u003eOld-style pkg_ tools retired\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAt last the old pkg_add tools are being retired in FreeBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003epkgng\u003c/a\u003e is a huge improvement, and now portmgr@ thinks it\u0026#39;s time to cut the cord on the legacy toolset\u003c/li\u003e\n\u003cli\u003ePorts aren\u0026#39;t going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go\u003c/li\u003e\n\u003cli\u003eAll pkg_ tools will be considered unsupported on September 1, 2014 - even on older branches\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Luke Marsden - \u003ca href=\"mailto:luke@hybridcluster.com\" rel=\"nofollow\"\u003eluke@hybridcluster.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/lmarsden\" rel=\"nofollow\"\u003e@lmarsden\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBSD at HybridCluster\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/chroot-sftp\" rel=\"nofollow\"\u003eFilesharing with chrooted SFTP\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://pellaeon.github.io/bsd-cloudinit/\" rel=\"nofollow\"\u003eFreeBSD on OpenStack\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://en.wikipedia.org/wiki/OpenStack\" rel=\"nofollow\"\u003eOpenStack\u003c/a\u003e is a cloud computing project\u003c/li\u003e\n\u003cli\u003eIt consists of \u0026quot;a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API.\u0026quot;\u003c/li\u003e\n\u003cli\u003eUntil now, there wasn\u0026#39;t a good way to run a full BSD instance on OpenStack\u003c/li\u003e\n\u003cli\u003eWith a project in the vein of \u003ca href=\"http://www.bsdnow.tv/episodes/2014_01_22-tendresse_for_ten\" rel=\"nofollow\"\u003eColin Percival\u003c/a\u003e\u0026#39;s AWS startup scripts, now that\u0026#39;s no longer the case! \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://fosdem.org/2014/schedule/track/bsd/\" rel=\"nofollow\"\u003eFOSDEM BSD videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis year\u0026#39;s FOSDEM had seven BSD presentations\u003c/li\u003e\n\u003cli\u003eThe videos are \u003ca href=\"https://video.fosdem.org/2014/\" rel=\"nofollow\"\u003eslowly being uploaded\u003c/a\u003e for your viewing pleasure\u003c/li\u003e\n\u003cli\u003eNot all of the BSD ones are up yet, but by the time you\u0026#39;re watching this they might be!\u003c/li\u003e\n\u003cli\u003eCheck \u003ca href=\"https://video.fosdem.org/2014/AW1121/Saturday/\" rel=\"nofollow\"\u003ethis directory\u003c/a\u003e for most of \u0026#39;em\u003c/li\u003e\n\u003cli\u003eThe BSD dev room was full, lots of interest in what\u0026#39;s going on from the other communities\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.thelinuxcauldron.com/2014/02/05/freebsd-challenge-returns-day-11-30/\" rel=\"nofollow\"\u003eThe FreeBSD challenge finally returns!\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDue to prodding from a certain guy of a certain podcast, the \u0026quot;FreeBSD Challenge\u0026quot; series has finally resumed\u003c/li\u003e\n\u003cli\u003eOur friend from the Linux foundation picks up with \u003ca href=\"http://www.thelinuxcauldron.com/2014/02/05/freebsd-challenge-day-11-30/\" rel=\"nofollow\"\u003eday 11\u003c/a\u003e and \u003ca href=\"http://www.thelinuxcauldron.com/2014/02/09/freebsd-challenge-day-12-30/\" rel=\"nofollow\"\u003eday 12\u003c/a\u003e on his switching from Linux journey\u003c/li\u003e\n\u003cli\u003eThis time he outlines the upgrade process of going from 9 to 10, using freebsd-update\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also some notes about different options for upgrading ports and some extra tips\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/02/pc-bsd-weekly-feature-digest-16/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while\u003c/li\u003e\n\u003cli\u003eDuring their \u0026quot;fine tuning phase\u0026quot; users are encouraged to submit any and all bugs via the trac system\u003c/li\u003e\n\u003cli\u003eWarden got some fixes and the package manager got some updates as well\u003c/li\u003e\n\u003cli\u003eHuge size reduction in PBI format\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21nbJKYmb\" rel=\"nofollow\"\u003eDerrick writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2yhziVsBP\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20PuccWbo\" rel=\"nofollow\"\u003ePatrick writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s22PL0SbUO\" rel=\"nofollow\"\u003ePeter writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20dkbjuOK\" rel=\"nofollow\"\u003eSean writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on BSD Now... a wrap-up from NYCBSDCon! We'll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it's BSD Now - the place to B.. SD.","date_published":"2014-02-12T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4472f6f6-5fb3-4ee9-b20c-04e927cf1299.mp3","mime_type":"audio/mpeg","size_in_bytes":50214172,"duration_in_seconds":4184}]},{"id":"d9e9eb7a-e7aa-4029-8881-05cc5f75e8b6","title":"23: Time Signatures","url":"https://www.bsdnow.tv/23","content_text":"On this week's episode, we'll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we've got a tutorial on how to run your own NTP server. News, your feedback and even... the winner of our tutorial contest will be announced! So stay tuned to BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD foundation's 2013 fundraising results\n\n\nThe FreeBSD foundation finally counted all the money they made in 2013\n$768,562 from 1659 donors\nNice little blog post from the team with a giant beastie picture\n\"We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon.\"\nA special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook)\n***\n\n\nOpenSSH 6.5 released\n\n\nWe mentioned the CFT last week, and it's finally here!\nNew key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519 (now the default when both clients support it)\nEd25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA\nFunny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can't even attempt to login lol~\nNew bcrypt private key type, 500,000,000 times harder to brute force\nChacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one\nPortable version already in FreeBSD -CURRENT, and ports\nLots more bugfixes and features, see the full release note or our interview with Damien\nWork has already started on 6.6, which can be used without OpenSSL!\n***\n\n\nCrazed Ferrets in a Berkeley Shower\n\n\nIn 2000, MWL wrote an essay for linux.com about why he uses the BSD license: \"It’s actually stood up fairly well to the test of time, but it’s fourteen years old now.\"\nThis is basically an updated version about why he uses the BSD license, in response to recent comments from Richard Stallman\nVery nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL\nCheck out the full post if you're one of those people that gets into license arguments\nThe takeaway is \"BSD is about making the world a better place. For everyone.\"\n***\n\n\nOpenBSD on BeagleBone Black\n\n\nBeaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi\nA blog post about installing OpenBSD on a BBB from.. our guest for today!\nHe describes it as \"everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black\"\nIt goes through the whole process, details different storage options and some workarounds\nCould be a really fun weekend project if you're interested in small or embedded devices\n***\n\n\nInterview - Ted Unangst - tedu@openbsd.org / @tedunangst\n\nOpenBSD's signify infrastructure, ZFS on OpenBSD\n\n\n\nTutorial\n\nRunning an NTP server\n\n\n\nNews Roundup\n\nGetting started with FreeBSD\n\n\nA new video and blog series about starting out with FreeBSD\nThe author has been a fan since the 90s and has installed it on every server he's worked with\nHe mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users\nThe first video is the installation, then he goes on to packages and other topics - 4 videos so far\n***\n\n\nMore OpenBSD hackathon reports\n\n\nAs a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience\nHe arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work\nThis summary goes into detail about all the stuff he got done there\n***\n\n\nX11 in a jail\n\n\nWe've gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can!\nA new tunable option will let jails access /dev/kmem and similar device nodes\nAlong with a change to DRM, this allows full X11 in a jail\nBe sure to check out our jail tutorial and jailed VNC tutorial for ideas\n***\n\n\nPCBSD weekly digest\n\n\n10.0 \"Joule Edition\" finally released!\nAMD graphics are now officially supported\nGNOME3, MATE and Cinnamon desktops are available\nGrub updates and fixes\nPCBSD also got a mention in eweek\n***\n\n\nFeedback/Questions\n\n\nJustin writes in\nDaniel writes in\nMartin writes in\nAlex writes in - unofficial FreeBSD RPI Images\nJames writes in\nJohn writes in\n***\n","content_html":"\u003cp\u003eOn this week\u0026#39;s episode, we\u0026#39;ll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we\u0026#39;ve got a tutorial on how to run your own NTP server. News, your feedback and even... the winner of our tutorial contest will be announced! So stay tuned to BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2014/01/freebsd-foundation-announces-2013.html\" rel=\"nofollow\"\u003eFreeBSD foundation\u0026#39;s 2013 fundraising results\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation finally counted all the money they made in 2013\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e$768,562 from 1659 donors\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eNice little blog post from the team with a giant beastie picture\u003c/li\u003e\n\u003cli\u003e\u0026quot;We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon.\u0026quot;\u003c/li\u003e\n\u003cli\u003eA special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-January/032152.html\" rel=\"nofollow\"\u003eOpenSSH 6.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned the CFT last week, and it\u0026#39;s \u003ca href=\"https://news.ycombinator.com/item?id=7154925\" rel=\"nofollow\"\u003efinally here\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNew key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein\u0026#39;s Curve25519 (now the default when both clients support it)\u003c/li\u003e\n\u003cli\u003eEd25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA\u003c/li\u003e\n\u003cli\u003eFunny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes \u003ca href=\"http://slexy.org/view/s2rI13v8F4\" rel=\"nofollow\"\u003ecan\u0026#39;t even attempt to login\u003c/a\u003e lol~\u003c/li\u003e\n\u003cli\u003eNew bcrypt private key type, 500,000,000 times harder to brute force\u003c/li\u003e\n\u003cli\u003eChacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one\u003c/li\u003e\n\u003cli\u003ePortable version \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=261320\" rel=\"nofollow\"\u003ealready in\u003c/a\u003e FreeBSD -CURRENT, \u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026sortby=date\u0026revision=342618\" rel=\"nofollow\"\u003eand ports\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLots more bugfixes and features, see the full release note or \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003eour interview\u003c/a\u003e with Damien\u003c/li\u003e\n\u003cli\u003eWork has already started on 6.6, which \u003ca href=\"https://twitter.com/msfriedl/status/427902493176377344\" rel=\"nofollow\"\u003ecan be used without OpenSSL\u003c/a\u003e!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/1942\" rel=\"nofollow\"\u003eCrazed Ferrets in a Berkeley Shower\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn 2000, \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMWL\u003c/a\u003e wrote an essay for linux.com about why he uses the BSD license: \u0026quot;It’s actually stood up fairly well to the test of time, but it’s fourteen years old now.\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis is basically an updated version about why he uses the BSD license, in response to recent \u003ca href=\"http://gcc.gnu.org/ml/gcc/2014-01/msg00247.html\" rel=\"nofollow\"\u003ecomments from Richard Stallman\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVery nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL\u003c/li\u003e\n\u003cli\u003eCheck out the full post if you\u0026#39;re one of those people that gets into license arguments\u003c/li\u003e\n\u003cli\u003eThe takeaway is \u0026quot;BSD is about making the world a better place. For everyone.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black\" rel=\"nofollow\"\u003eOpenBSD on BeagleBone Black\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBeaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi\u003c/li\u003e\n\u003cli\u003eA blog post about installing OpenBSD on a BBB from.. our guest for today!\u003c/li\u003e\n\u003cli\u003eHe describes it as \u0026quot;everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black\u0026quot;\u003c/li\u003e\n\u003cli\u003eIt goes through the whole process, details different storage options and some workarounds\u003c/li\u003e\n\u003cli\u003eCould be a really fun weekend project if you\u0026#39;re interested in small or embedded devices\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Ted Unangst - \u003ca href=\"mailto:tedu@openbsd.org\" rel=\"nofollow\"\u003etedu@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/tedunangst\" rel=\"nofollow\"\u003e@tedunangst\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD\u0026#39;s \u003ca href=\"http://www.tedunangst.com/flak/post/signify\" rel=\"nofollow\"\u003esignify\u003c/a\u003e infrastructure, ZFS on OpenBSD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/ntpd\" rel=\"nofollow\"\u003eRunning an NTP server\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://smyck.net/2014/02/01/getting-started-with-freebsd/\" rel=\"nofollow\"\u003eGetting started with FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new video and blog series about starting out with FreeBSD\u003c/li\u003e\n\u003cli\u003eThe author has been a fan since the 90s and has installed it on every server he\u0026#39;s worked with\u003c/li\u003e\n\u003cli\u003eHe mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users\u003c/li\u003e\n\u003cli\u003eThe first video is the installation, then he goes on to packages and other topics - 4 videos so far\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140204080515\" rel=\"nofollow\"\u003eMore OpenBSD hackathon reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience\u003c/li\u003e\n\u003cli\u003eHe arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work\u003c/li\u003e\n\u003cli\u003eThis summary goes into detail about all the stuff he got done there\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=261266\" rel=\"nofollow\"\u003eX11 in a jail\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe\u0026#39;ve gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can!\u003c/li\u003e\n\u003cli\u003eA new tunable option will let jails access /dev/kmem and similar device nodes\u003c/li\u003e\n\u003cli\u003eAlong with a change to DRM, this allows full X11 in a jail\u003c/li\u003e\n\u003cli\u003eBe sure to check out our \u003ca href=\"http://www.bsdnow.tv/tutorials\" rel=\"nofollow\"\u003ejail tutorial and jailed VNC tutorial\u003c/a\u003e for ideas\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/01/whoami-im-pc-bsd-10-0-weekly-feature-digest-15/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e10.0 \u0026quot;Joule Edition\u0026quot; \u003ca href=\"http://blog.pcbsd.org/2014/01/pc-bsd-10-0-release-is-now-available/\" rel=\"nofollow\"\u003efinally released\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAMD graphics are now officially supported\u003c/li\u003e\n\u003cli\u003eGNOME3, MATE and Cinnamon desktops are available\u003c/li\u003e\n\u003cli\u003eGrub updates and fixes\u003c/li\u003e\n\u003cli\u003ePCBSD also \u003ca href=\"http://www.eweek.com/enterprise-apps/slideshows/freebsd-open-source-os-comes-to-the-pc-bsd-desktop.html\" rel=\"nofollow\"\u003egot a mention in eweek\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21VnbKZsH\" rel=\"nofollow\"\u003eJustin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2nD7RF6bo\" rel=\"nofollow\"\u003eDaniel writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2jwRrj7UV\" rel=\"nofollow\"\u003eMartin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s201koMD2c\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e - \u003ca href=\"http://people.freebsd.org/%7Egjb/RPI/\" rel=\"nofollow\"\u003eunofficial FreeBSD RPI Images\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2AntZmtRU\" rel=\"nofollow\"\u003eJames writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20bGjMsIQ\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On this week's episode, we'll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we've got a tutorial on how to run your own NTP server. News, your feedback and even... the winner of our tutorial contest will be announced! So stay tuned to BSD Now - the place to B.. SD.","date_published":"2014-02-05T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d9e9eb7a-e7aa-4029-8881-05cc5f75e8b6.mp3","mime_type":"audio/mpeg","size_in_bytes":54539109,"duration_in_seconds":4544}]},{"id":"e49b46fd-a367-451d-819a-544b35fc4f89","title":"22: Journaled News-Updates","url":"https://www.bsdnow.tv/22","content_text":"This time on the show, we'll be talking with George Neville-Neil about the brand new FreeBSD Journal and what it's all about. After that, we've got a tutorial on how to track the -stable and -current branches of OpenBSD. Answers to all your BSD questions and the latest headlines, only on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD quarterly status report\n\n\nGabor Pali sent out the October-December 2013 status report to get everyone up to date on what's going on\nThe report contains 37 entries and is very very long... various reports from all the different teams under the FreeBSD umbrella, probably too many to even list in the show notes\nLots of work going on in the ARM world, EC2/Xen and Google Compute Engine are also improving\nSecure boot support hopefully coming [by mid-year](www.itwire.com/business-it-news/open-source/62855-freebsd-to-support-secure-boot-by-mid-year)\nThere's quite a bit going on in the FreeBSD world, many projects happening at the same time\n***\n\n\nn2k14 OpenBSD Hackathon Report\n\n\nRecently, OpenBSD held one of their hackathons in New Zealand\n15 developers gathered there to sit in a room and write code for a few days\nPhilip Guenther brings back a nice report of the event\nIf you've been watching the -current CVS logs, you've seen the flood of commits just from this event alone\nFixes with threading, Linux compat, ACPI, and various other things - some will make it into 5.5 and others need more testing\nAnother report from Theo details his work\nUpdates to the random subsystem, some work-in-progress pf fixes, suspend/resume fixes and more signing stuff\n***\n\n\nFour new NetBSD releases\n\n\nNetBSD released versions 6.1.3, 6.0.4, 5.2.2 and 5.1.4\nThese updates include lots of bug fixes and some security updates, not focused on new features\nYou can upgrade depending on what branch you're currently on\nConfused about the different branches? See this graph.\n***\n\n\nThe future of open source ZFS development \n\n\nOn February 11, 2014, Matt Ahrens will be giving a presentation about ZFS\nThe talk will be about the future of ZFS and the open source development since Oracle closed the code\nIt's in San Jose, California - go if you can!\n***\n\n\nInterview - George Neville-Neil - gnn@freebsd.org / @gvnn3\n\nThe FreeBSD Journal\n\n\n\nTutorial\n\nTracking -STABLE and -CURRENT (OpenBSD)\n\n\n\nNews Roundup\n\npfSense news and 2.1.1 snapshots\n\n\npfSense has some snapshots available for the upcoming 2.1.1 release\nThey include FreeBSD security fixes as well as some other updates\nThere are recordings posted of some of the previous hangouts\nUnfortunately they're only for subscribers, so you'll have to wait until next month when we have Chris on the show to talk about pfSense!\n***\n\n\nFreeBSD on Google Compute Engine\n\n\nRecently we mentioned some posts about getting OpenBSD to run on GCE, here's the FreeBSD version\nNice big fat warning: \"The team has put together a best-effort posting that will get most, if not all, of you up and running. That being said, we need to remind you that FreeBSD is being supported on Google Compute Engine by the community. The instructions are being provided as-is and without warranty.\"\nTheir instructions are a little too Linuxy (assuming wget, etc.) for our taste, someone should probably get it updated!\nOther than that it's a pretty good set of instructions on how to get up and running\n***\n\n\nDragonfly ACPI update\n\n\nSascha Wildner committed some new ACPI code\nThere's also a \"heads up\" to update your BIOS if you experience problems\nCheck the mailing list post for all the details\n***\n\n\nPCBSD weekly digest\n\n\n10.0-RC4 users need to upgrade all their packages for 10.0-RC5\nPBIs needed to be rebuilt.. actually everything did\nHelp test GNOME 3 so we can get it in the official ports tree\nBy the way, I think Kris has an announcement - PCBSD 10.0 is out!\n***\n\n\nFeedback/Questions\n\n\nTony writes in\nJeff writes in\nRemy writes in\nNils writes in\nSolomon writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be talking with George Neville-Neil about the brand new FreeBSD Journal and what it\u0026#39;s all about. After that, we\u0026#39;ve got a tutorial on how to track the -stable and -current branches of OpenBSD. Answers to all your BSD questions and the latest headlines, only on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2014-January/077085.html\" rel=\"nofollow\"\u003eFreeBSD quarterly status report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGabor Pali sent out the October-December 2013 status report to get everyone up to date on what\u0026#39;s going on\u003c/li\u003e\n\u003cli\u003eThe report contains 37 entries and is very very long... various reports from all the different teams under the FreeBSD umbrella, probably too many to even list in the show notes\u003c/li\u003e\n\u003cli\u003eLots of work going on in the ARM world, EC2/Xen and Google Compute Engine are also improving\u003c/li\u003e\n\u003cli\u003eSecure boot support hopefully coming [by mid-year](\u003ca href=\"http://www.itwire.com/business-it-news/open-source/62855-freebsd-to-support-secure-boot-by-mid-year\" rel=\"nofollow\"\u003ewww.itwire.com/business-it-news/open-source/62855-freebsd-to-support-secure-boot-by-mid-year\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s quite a bit going on in the FreeBSD world, many projects happening at the same time\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140124142027\" rel=\"nofollow\"\u003en2k14 OpenBSD Hackathon Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRecently, OpenBSD held one of \u003ca href=\"http://www.openbsd.org/hackathons.html\" rel=\"nofollow\"\u003etheir hackathons\u003c/a\u003e in New Zealand\u003c/li\u003e\n\u003cli\u003e15 developers gathered there to sit in a room and write code for a few days\u003c/li\u003e\n\u003cli\u003ePhilip Guenther brings back a nice report of the event\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;ve been watching the -current CVS logs, you\u0026#39;ve seen the flood of commits just from this event alone\u003c/li\u003e\n\u003cli\u003eFixes with threading, Linux compat, ACPI, and various other things - some will make it into 5.5 and others need more testing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140127083112\" rel=\"nofollow\"\u003eAnother report from Theo\u003c/a\u003e details his work\u003c/li\u003e\n\u003cli\u003eUpdates to the random subsystem, some work-in-progress pf fixes, suspend/resume fixes and more signing stuff\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_6_1_3_netbsd\" rel=\"nofollow\"\u003eFour new NetBSD releases\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD released versions 6.1.3, 6.0.4, 5.2.2 and 5.1.4\u003c/li\u003e\n\u003cli\u003eThese updates include lots of bug fixes and some security updates, not focused on new features\u003c/li\u003e\n\u003cli\u003eYou can upgrade depending on what branch you\u0026#39;re currently on\u003c/li\u003e\n\u003cli\u003eConfused about the different branches? \u003ca href=\"https://www.netbsd.org/releases/release-map.html#graph1\" rel=\"nofollow\"\u003eSee this graph.\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sites.ieee.org/scv-cs/archives/openzfs-future-open-source-zfs-development\" rel=\"nofollow\"\u003eThe future of open source ZFS development \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOn February 11, 2014, Matt Ahrens will be giving a presentation about ZFS\u003c/li\u003e\n\u003cli\u003eThe talk will be about the future of ZFS and the open source development since Oracle closed the code\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s in San Jose, California - go if you can!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - George Neville-Neil - \u003ca href=\"mailto:gnn@freebsd.org\" rel=\"nofollow\"\u003egnn@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/gvnn3\" rel=\"nofollow\"\u003e@gvnn3\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://freebsdjournal.com/\" rel=\"nofollow\"\u003eThe FreeBSD Journal\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/stable-current-obsd\" rel=\"nofollow\"\u003eTracking -STABLE and -CURRENT (OpenBSD)\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://doc.pfsense.org/index.php/2.1.1_New_Features_and_Changes\" rel=\"nofollow\"\u003epfSense news and 2.1.1 snapshots\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003epfSense has some snapshots available for the upcoming 2.1.1 release\u003c/li\u003e\n\u003cli\u003eThey include FreeBSD security fixes as well as some other updates\u003c/li\u003e\n\u003cli\u003eThere are \u003ca href=\"https://blog.pfsense.org/?p=1198\" rel=\"nofollow\"\u003erecordings posted\u003c/a\u003e of some of the previous hangouts\u003c/li\u003e\n\u003cli\u003eUnfortunately they\u0026#39;re only for subscribers, so you\u0026#39;ll have to wait until next month when we have Chris on the show to talk about pfSense!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://groups.google.com/forum/#!msg/gce-discussion/YWoa3Aa_49U/FYAg9oiRlLUJ\" rel=\"nofollow\"\u003eFreeBSD on Google Compute Engine\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRecently we mentioned some posts about getting OpenBSD to run on GCE, here\u0026#39;s the FreeBSD version\u003c/li\u003e\n\u003cli\u003eNice big fat warning: \u0026quot;The team has put together a best-effort posting that will get most, if not all, of you up and running. That being said, we need to remind you that FreeBSD is being supported on Google Compute Engine by the community. The instructions are being provided as-is and without warranty.\u0026quot;\u003c/li\u003e\n\u003cli\u003eTheir instructions are a little too Linuxy (assuming wget, etc.) for our taste, someone should probably get it updated!\u003c/li\u003e\n\u003cli\u003eOther than that it\u0026#39;s a pretty good set of instructions on how to get up and running\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2014/01/22/13225.html\" rel=\"nofollow\"\u003eDragonfly ACPI update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSascha Wildner committed some \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2014-January/199071.html\" rel=\"nofollow\"\u003enew ACPI code\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a \u0026quot;heads up\u0026quot; to \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2014-January/090504.html\" rel=\"nofollow\"\u003eupdate your BIOS\u003c/a\u003e if you experience problems\u003c/li\u003e\n\u003cli\u003eCheck the mailing list post for all the details\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-6/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e10.0-RC4 users need to upgrade all their packages for 10.0-RC5\u003c/li\u003e\n\u003cli\u003ePBIs needed to be rebuilt.. actually everything did\u003c/li\u003e\n\u003cli\u003eHelp test GNOME 3 so we can get it in the official ports tree\u003c/li\u003e\n\u003cli\u003eBy the way, I think Kris has an announcement - PCBSD 10.0 is out!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21ZlfOdTt\" rel=\"nofollow\"\u003eTony writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2BFZ68Na5\" rel=\"nofollow\"\u003eJeff writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20epArsQI\" rel=\"nofollow\"\u003eRemy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s213CoNvLt\" rel=\"nofollow\"\u003eNils writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21XWnThNS\" rel=\"nofollow\"\u003eSolomon writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be talking with George Neville-Neil about the brand new FreeBSD Journal and what it's all about. After that, we've got a tutorial on how to track the -stable and -current branches of OpenBSD. Answers to all your BSD questions and the latest headlines, only on BSD Now - the place to B.. SD.","date_published":"2014-01-29T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e49b46fd-a367-451d-819a-544b35fc4f89.mp3","mime_type":"audio/mpeg","size_in_bytes":64949427,"duration_in_seconds":5412}]},{"id":"353e6a60-9bd0-494f-ac34-4337e3dfa734","title":"21: Tendresse for Ten","url":"https://www.bsdnow.tv/21","content_text":"This time on the show, we've got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE - yes it's finally here! We're gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we'll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We've got a round of your questions and the latest news, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD 10.0-RELEASE is out\n\n\nThe long awaited, giant release of FreeBSD is now official and ready to be downloaded\nOne of the biggest releases in FreeBSD history, with tons of new updates\nSome features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system... the list goes on and on\nStart up your freebsd-update or do a source-based upgrade\n***\n\n\nOpenSSH 6.5 CFT\n\n\nOur buddy Damien Miller announced a Call For Testing for OpenSSH 6.5\nHuge, huge release, focused on new features rather than bugfixes (but it includes those too)\nNew ciphers, new key formats, new config options, see the mailing list for all the details\nShould be in OpenBSD 5.5 in May, look forward to it - but also help test on other platforms!\n***\n\n\nDIY NAS story, FreeNAS 9.2.1-BETA\n\n\nAnother new blog post about FreeNAS!\nInstead of updating the older tutorials, the author started fresh and wrote a new one for 2014\n\"I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS\"\nReally long article with lots of nice details about his setup, why you might want a NAS, etc.\nSpeaking of FreeNAS, they released 9.2.1-BETA with lots of bugfixes\n***\n\n\nOpenBSD needed funding for electricity.. and they got it\n\n\nBriefly mentioned at the end of last week's show, but has blown up over the internet since\nOpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments\nThey needed about $20,000 to cover electric costs for the server rack in Theo's basement\nLots of positive reaction from the community helping out so far, and it appears they have reached their goal and got $100,000 in donations\nFrom Bob Beck: \"we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation\"\nThis is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large\n***\n\n\nInterview - Colin Percival - cperciva@freebsd.org / @cperciva\n\nFreeBSD on Amazon EC2, backups with Tarsnap, 10.0-RELEASE, various topics\n\n\n\nTutorial\n\nBandwidth monitoring and testing\n\n\n\nNews Roundup\n\npfSense talk at Tokyo FreeBSD Benkyoukai\n\n\nIsaac Levy will be presenting \"pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments\"\nHe's also going to be looking for help to translate the pfSense documentation into Japanese\nThe event is on February 17, 2014 if you're in the Tokyo area\n***\n\n\nm0n0wall 1.8.1 released\n\n\nFor those who don't know, m0n0wall is an older BSD-based firewall OS that's mostly focused on embedded applications\npfSense was forked from it in 2004, and has a lot more active development now\nThey switched to FreeBSD 8.4 for this new version\nFull list of updates in the changelog\nThis version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no!\n***\n\n\nAnsible and PF, plus NTP\n\n\nAnother blog post from our buddy Michael Lucas\nThere've been some NTP amplification attacks recently in the news\nThe post describes how he configured ntpd on a lot of servers without a lot of work\nHe leverages pf and ansible for the configuration\nOpenNTPD is, not surprisingly, unaffected - use it\n***\n\n\nruBSD videos online\n\n\nJust a quick followup from a few weeks ago\nTheo and Henning's talks from ruBSD are now available for download\nThere's also a nice interview with Theo\n***\n\n\nPCBSD weekly digest\n\n\n10.0-RC4 images are available\nWine PBI is now available for 10\n9.2 systems will now be able to upgrade to version 10 and keep their PBI library\n***\n\n\nFeedback/Questions\n\n\nSha'ul writes in\nKjell-Aleksander writes in\nMike writes in\nCharlie writes in (and gets a reply)\nKevin writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ve got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE - yes it\u0026#39;s finally here! We\u0026#39;re gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we\u0026#39;ll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We\u0026#39;ve got a round of your questions and the latest news, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/10.0R/announce.html\" rel=\"nofollow\"\u003eFreeBSD 10.0-RELEASE is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe long awaited, giant release of FreeBSD is now official and \u003ca href=\"http://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.0/\" rel=\"nofollow\"\u003eready to be downloaded\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOne of the biggest releases in FreeBSD history, with tons of new updates\u003c/li\u003e\n\u003cli\u003eSome features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system... \u003ca href=\"https://www.freebsd.org/releases/10.0R/relnotes.html\" rel=\"nofollow\"\u003ethe list goes on and on\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStart up your freebsd-update or do a source-based upgrade\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-January/031987.html\" rel=\"nofollow\"\u003eOpenSSH 6.5 CFT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003eDamien Miller\u003c/a\u003e announced a Call For Testing for OpenSSH 6.5\u003c/li\u003e\n\u003cli\u003eHuge, huge release, focused on new features rather than bugfixes (but it includes those too)\u003c/li\u003e\n\u003cli\u003eNew ciphers, new key formats, new config options, see the mailing list for all the details\u003c/li\u003e\n\u003cli\u003eShould be in OpenBSD 5.5 in May, look forward to it - but also help test on other platforms!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.brianmoses.net/2014/01/diy-nas-2014-edition.html\" rel=\"nofollow\"\u003eDIY NAS story, FreeNAS 9.2.1-BETA\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother new blog post about FreeNAS!\u003c/li\u003e\n\u003cli\u003eInstead of updating the older tutorials, the author started fresh and wrote a new one for 2014\u003c/li\u003e\n\u003cli\u003e\u0026quot;I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS\u0026quot;\u003c/li\u003e\n\u003cli\u003eReally long article with lots of nice details about his setup, why you might want a NAS, etc.\u003c/li\u003e\n\u003cli\u003eSpeaking of FreeNAS, they released \u003ca href=\"http://www.freenas.org/whats-new/2014/01/freenas-9-2-1-beta-now-ready-for-download.html\" rel=\"nofollow\"\u003e9.2.1-BETA\u003c/a\u003e with lots of bugfixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://news.ycombinator.com/item?id=7069889\" rel=\"nofollow\"\u003eOpenBSD needed funding for electricity.. and they got it\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBriefly mentioned at the end of last week\u0026#39;s show, but has blown up over the internet since\u003c/li\u003e\n\u003cli\u003eOpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments\u003c/li\u003e\n\u003cli\u003eThey needed about $20,000 to cover electric costs for the \u003ca href=\"http://www.openbsd.org/images/rack2009.jpg\" rel=\"nofollow\"\u003eserver rack in Theo\u0026#39;s basement\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLots of positive reaction from the community helping out so far, and it appears they have \u003ca href=\"http://www.openbsdfoundation.org/campaign2104.html\" rel=\"nofollow\"\u003ereached their goal\u003c/a\u003e and got $100,000 in donations\u003c/li\u003e\n\u003cli\u003eFrom Bob Beck: \u0026quot;we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation\u0026quot;\u003c/li\u003e\n\u003cli\u003eThis is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Colin Percival - \u003ca href=\"mailto:cperciva@freebsd.org\" rel=\"nofollow\"\u003ecperciva@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/cperciva\" rel=\"nofollow\"\u003e@cperciva\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD \u003ca href=\"http://www.daemonology.net/freebsd-on-ec2/\" rel=\"nofollow\"\u003eon Amazon EC2\u003c/a\u003e, backups with \u003ca href=\"https://www.tarsnap.com/\" rel=\"nofollow\"\u003eTarsnap\u003c/a\u003e, 10.0-RELEASE, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/vnstat-iperf\" rel=\"nofollow\"\u003eBandwidth monitoring and testing\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.pfsense.org/?p=1176\" rel=\"nofollow\"\u003epfSense talk at Tokyo FreeBSD Benkyoukai\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIsaac Levy will be presenting \u0026quot;pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s also going to be looking for help to translate the pfSense documentation into Japanese\u003c/li\u003e\n\u003cli\u003eThe event is on February 17, 2014 if you\u0026#39;re in the Tokyo area\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://m0n0.ch/wall/downloads.php\" rel=\"nofollow\"\u003em0n0wall 1.8.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor those who don\u0026#39;t know, m0n0wall is an older BSD-based firewall OS that\u0026#39;s mostly focused on embedded applications\u003c/li\u003e\n\u003cli\u003epfSense was forked from it in 2004, and has a lot more active development now\u003c/li\u003e\n\u003cli\u003eThey switched to FreeBSD 8.4 for this new version\u003c/li\u003e\n\u003cli\u003eFull list of updates in the changelog\u003c/li\u003e\n\u003cli\u003eThis version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/1933\" rel=\"nofollow\"\u003eAnsible and PF, plus NTP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother blog post from our buddy \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMichael Lucas\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;ve been some NTP amplification attacks \u003ca href=\"https://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc\" rel=\"nofollow\"\u003erecently\u003c/a\u003e in the news\u003c/li\u003e\n\u003cli\u003eThe post describes how he configured ntpd on a lot of servers without a lot of work\u003c/li\u003e\n\u003cli\u003eHe leverages pf and ansible for the configuration\u003c/li\u003e\n\u003cli\u003eOpenNTPD is, not surprisingly, unaffected - use it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140115054839\" rel=\"nofollow\"\u003eruBSD videos online\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJust a quick followup from a few weeks ago\u003c/li\u003e\n\u003cli\u003eTheo and Henning\u0026#39;s talks from ruBSD are now available for download\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s also a nice interview with Theo\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-5/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e10.0-RC4 images are available\u003c/li\u003e\n\u003cli\u003eWine PBI is now available for 10\u003c/li\u003e\n\u003cli\u003e9.2 systems will now be able to upgrade to version 10 and keep their PBI library\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2WQXwMASZ\" rel=\"nofollow\"\u003eSha\u0026#39;ul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2H0FURAtZ\" rel=\"nofollow\"\u003eKjell-Aleksander writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21eKKPgqh\" rel=\"nofollow\"\u003eMike writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21UMLnV0G\" rel=\"nofollow\"\u003eCharlie writes in (and gets a reply)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2SuazcfoR\" rel=\"nofollow\"\u003eKevin writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we've got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE - yes it's finally here! We're gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we'll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We've got a round of your questions and the latest news, on BSD Now - the place to B.. SD.","date_published":"2014-01-22T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/353e6a60-9bd0-494f-ac34-4337e3dfa734.mp3","mime_type":"audio/mpeg","size_in_bytes":77103576,"duration_in_seconds":6425}]},{"id":"6125c3d9-473a-4557-a429-423dffa36cbf","title":"20: Bhyve Mind","url":"https://www.bsdnow.tv/20","content_text":"It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nOpenBSD automatic installation\n\n\nA CFT (call for testing) was posted for OpenBSD's new automatic installer process\nUsing this new system, you can spin up fully-configured OpenBSD installs very quickly\nIt will answer all the questions for you and can put files into place and start services\nGreat for large deployments, help test it and report your findings\n***\n\n\nFreeNAS install guide and blog posts\n\n\nA multipart series on YouTube about installing FreeNAS\nIn part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware\nIn part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools\nHe pronounces gigabytes as jiggabytes and it's hilarious\nWe've also got an unrelated blog post about a very satisfied FreeNAS user who details his setup\nAs well as another blog post from our old pal Devin Teske about his recent foray into the FreeNAS development world\n***\n\n\nFreeBSD 10.0-RC5 is out\n\n\nAnother, unexpected RC is out for 10.0\nMinor fixes included, please help test and report any bugs\nYou can update via freebsd-update or from source\nHopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about\nIt's been tagged -RELEASE in SVN already too!\n***\n\n\nOpenBSD 5.5-beta is out\n\n\nTheo updated the branch status to 5.5-beta\nA list of changes\nHelp test and report any bugs you find\nLots of rapid development with signify (which we mentioned last week), the beta includes some \"test keys\"\nDoes that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon)\n***\n\n\nInterview - Neel Natu \u0026amp; Peter Grehan - neel@freebsd.org \u0026amp; grehan@freebsd.org\n\nBHyVe - the BSD hypervisor\n\n\n\nTutorial\n\nVirtualization with bhyve\n\n\n\nNews Roundup\n\nHostname canonicalisation in OpenSSH\n\n\nBlog post from our friend Damien Miller\nThis new feature allows clients to canonicalize unqualified domain names\nSSH will know if you typed \"ssh bsdnow\" you meant \"ssh bsdnow.tv\" with new config options\nThis will help clean up some ssh configs, especially if you have many hosts\nShould make it into OpenSSH 6.5, which is \"due really soon\"\n***\n\n\nDragonfly on a Chromebook\n\n\nSome work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook\nThese couple of posts detail some of the things he's got working so far\nChanges were needed to the boot process, trackpad and wifi drivers needed updating...\nAlso includes a guide written by Dillon on how to get yours working\n***\n\n\nSpider in a box\n\n\n\"Spiderinabox\" is a new OpenBSD-based project\nUsing a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X\nFirefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way\nThe developer is looking for testers on other operating systems!\n***\n\n\nPCBSD weekly digest\n\n\nPCBSD 10 has entered into the code freeze phase\nThey're focusing on fixing bugs now, rather than adding new features\nThe update system got a lot of improvements\nPBI load times reduced by up to 40%! what!!!\n***\n\n\nFeedback/Questions\n\n\nScott writes in\nChris writes in\nSW writes in\nOle writes in\nGertjan writes in\n***\n","content_html":"\u003cp\u003eIt\u0026#39;s our big 20th episode! We\u0026#39;re going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20140106055302\" rel=\"nofollow\"\u003eOpenBSD automatic installation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA CFT (call for testing) was posted for OpenBSD\u0026#39;s new automatic installer process\u003c/li\u003e\n\u003cli\u003eUsing this new system, you can spin up fully-configured OpenBSD installs very quickly\u003c/li\u003e\n\u003cli\u003eIt will answer all the questions for you and can put files into place and start services\u003c/li\u003e\n\u003cli\u003eGreat for large deployments, help test it and report your findings\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/channel/UCL09rVicvyZrqe-I2LP5Vyg/videos\" rel=\"nofollow\"\u003eFreeNAS install guide and blog posts\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA multipart series on YouTube about installing FreeNAS\u003c/li\u003e\n\u003cli\u003eIn part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware\u003c/li\u003e\n\u003cli\u003eIn part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools\u003c/li\u003e\n\u003cli\u003eHe pronounces gigabytes as jiggabytes and it\u0026#39;s hilarious\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve also got an \u003ca href=\"http://enoriver.net/index.php/2014/01/11/freenas-works-as-advertised/\" rel=\"nofollow\"\u003eunrelated blog post\u003c/a\u003e about a very satisfied FreeNAS user who details his setup\u003c/li\u003e\n\u003cli\u003eAs well as \u003ca href=\"http://devinteske.com/freenas-development/\" rel=\"nofollow\"\u003eanother blog post\u003c/a\u003e from our old pal \u003ca href=\"http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities\" rel=\"nofollow\"\u003eDevin Teske\u003c/a\u003e about his recent foray into the FreeNAS development world\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-stable/2014-January/076800.html\" rel=\"nofollow\"\u003eFreeBSD 10.0-RC5 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother, unexpected RC is out for 10.0\u003c/li\u003e\n\u003cli\u003eMinor fixes included, please help test and report any bugs\u003c/li\u003e\n\u003cli\u003eYou can update via freebsd-update or from source\u003c/li\u003e\n\u003cli\u003eHopefully this will be the last one before 10.0-RELEASE, which has tons of new features we\u0026#39;ll talk about\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s been \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=260664\" rel=\"nofollow\"\u003etagged -RELEASE\u003c/a\u003e in SVN already too!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=138952598914052\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD 5.5-beta is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTheo updated the branch status to 5.5-beta\u003c/li\u003e\n\u003cli\u003eA \u003ca href=\"http://www.openbsd.org/plus.html\" rel=\"nofollow\"\u003elist of changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://ftp.openbsd.org/pub/OpenBSD/snapshots/\" rel=\"nofollow\"\u003eHelp test\u003c/a\u003e and report any bugs you find\u003c/li\u003e\n\u003cli\u003eLots of rapid development with signify (which we mentioned last week), the beta includes some \u0026quot;test keys\u0026quot;\u003c/li\u003e\n\u003cli\u003eDoes that mean it\u0026#39;ll be part of the final release? We\u0026#39;ll find out in May.. or when we interview Ted (soon)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Neel Natu \u0026amp; Peter Grehan - \u003ca href=\"mailto:neel@freebsd.org\" rel=\"nofollow\"\u003eneel@freebsd.org\u003c/a\u003e \u0026amp; \u003ca href=\"mailto:grehan@freebsd.org\" rel=\"nofollow\"\u003egrehan@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eBHyVe - the BSD hypervisor\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/bhyve\" rel=\"nofollow\"\u003eVirtualization with bhyve\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html\" rel=\"nofollow\"\u003eHostname canonicalisation in OpenSSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBlog post from our friend \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003eDamien Miller\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis new feature allows clients to canonicalize unqualified domain names\u003c/li\u003e\n\u003cli\u003eSSH will know if you typed \u0026quot;ssh bsdnow\u0026quot; you meant \u0026quot;ssh bsdnow.tv\u0026quot; with new config options\u003c/li\u003e\n\u003cli\u003eThis will help clean up some ssh configs, especially if you have many hosts\u003c/li\u003e\n\u003cli\u003eShould make it into OpenSSH 6.5, which is \u0026quot;due really soon\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2014/01/07/13078.html\" rel=\"nofollow\"\u003eDragonfly on a Chromebook\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook\u003c/li\u003e\n\u003cli\u003eThese \u003ca href=\"http://www.shiningsilence.com/dbsdlog/2014/01/10/13132.html\" rel=\"nofollow\"\u003ecouple of posts\u003c/a\u003e detail some of the things he\u0026#39;s got working so far\u003c/li\u003e\n\u003cli\u003eChanges were needed to the boot process, trackpad and wifi drivers needed updating...\u003c/li\u003e\n\u003cli\u003eAlso includes a guide written by Dillon on how to get yours working\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://kazarka.com/index.php?section=spiderinabox\" rel=\"nofollow\"\u003eSpider in a box\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Spiderinabox\u0026quot; is a new OpenBSD-based project\u003c/li\u003e\n\u003cli\u003eUsing a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X\u003c/li\u003e\n\u003cli\u003eFirefox runs encapsulated in OpenBSD and doesn\u0026#39;t have access to OS X in any way\u003c/li\u003e\n\u003cli\u003eThe developer is looking for testers on other operating systems!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-3/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePCBSD 10 has entered into the code freeze phase\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re focusing on fixing bugs now, rather than adding new features\u003c/li\u003e\n\u003cli\u003eThe update system got a lot of improvements\u003c/li\u003e\n\u003cli\u003ePBI load times reduced by up to 40%! what!!!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s25zbSPtcm\" rel=\"nofollow\"\u003eScott writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2EarxbZz1\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2MWKxtWxF\" rel=\"nofollow\"\u003eSW writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20kzex2qm\" rel=\"nofollow\"\u003eOle writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2858Ph4o0\" rel=\"nofollow\"\u003eGertjan writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD.","date_published":"2014-01-15T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6125c3d9-473a-4557-a429-423dffa36cbf.mp3","mime_type":"audio/mpeg","size_in_bytes":60158675,"duration_in_seconds":5013}]},{"id":"6e52e1f8-72f4-4ef7-be58-b8d78ab97072","title":"19: The Installfest","url":"https://www.bsdnow.tv/19","content_text":"We've got some special treats for you this week on the show. It's the long-awaited \"installfest\" segment, where we go through the installer of each of the different BSDs. Of course we also have your feedback and the latest news as well... and... we even have our very first viewer contest! There's a lot to get to today on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFreeBSD's new testing infrastructure\n\n\nA new test suite was added to FreeBSD, with 3 powerful machines available\nBoth -CURRENT and stable/10 have got the test suite build infrastructure in place\nDesigned to help developers test and improve major scalability across huge amounts of CPUs and RAM\nMore details available here\nCould the iXsystems monster server be involved...?\n***\n\n\nOpenBSD gets signify\n\n\nAt long last, OpenBSD gets support for signed releases!\nFor \"the world's most secure OS\" it was very easy to MITM kernel patches, updates, installer isos, everything\nA commit to the -current tree reveals a new \"signify\" tool is currently being kicked around\nMore details in a blog post from the guy who committed it\nQuote: \"yeah, briefly, the plan is to sign sets and packages. that's still work in progress.\"\n***\n\n\nFaces of FreeBSD\n\n\nThis time they interview Isabell Long\nShe's a volunteer staff member on the freenode IRC network\nIn 2011, she participated in the Google Code-In contest and became involved with documentation\n\"The new committer mentoring process proved very useful and that, plus the accepting community of FreeBSD, are reasons why I stay involved.\"\n***\n\n\npkgsrc-2013Q4 branched\n\n\nThe quarterly pkgsrc branch from NetBSD is out\n13472 total packages for NetBSD-current/amd64 + 13049 binary packages built with clang!\nLots of numbers and stats in the announcement\npkgsrc works on quite a few different OSes, not just NetBSD\nSee our interview with Amitai Schlair for a bit about pkgsrc\n***\n\n\nOpenBSD on Google's Compute Engine\n\n\nGoogle Compute Engine is a \"cloud computing\" platform similar to EC2\nUnfortunately, they only offer poor choices for the OS (Debian and CentOS)\nRecently it's been announced that there is a custom OS option\nIt's using a WIP virtio-scsi driver, lots of things still need more work\nLots of technical and networking details about the struggles to get OpenBSD working on it\n***\n\n\nThe Installfest\n\nWe'll be showing you the installer of each of the main BSDs. As of the date this episode airs, we're using:\n\n\nFreeBSD 10.0\nOpenBSD 5.4\nNetBSD 6.1.2\nDragonflyBSD 3.6\nPCBSD 10.0\n***\n\n\nNews Roundup\n\nBuilding an OpenBSD wireless access point\n\n\nA neat write up we found around the internet about making an OpenBSD wifi router\nGoes through the process of PXE booting, installing base, using a serial console, setting up networking and wireless\nEven includes a puffy sticker on the Soekris box at the end, how cute\n***\n\n\nFreeBSD 4.X jails on 10.0\n\n\nBlog entry from our buddy Michael Lucas\nFor whatever reason (an \"in-house application\"), he needed to run a FreeBSD 4 jail in FreeBSD 10\nTalks about the options he had: porting software, virtualizing, dealing with slow old hardware\nHe goes through the whole process of making an ancient jail\nIt's \"an acceptable trade-off, if it means I don’t have to touch actual PHP code.\"\n***\n\n\nUnscrewed: a story about OpenBSD\n\n\nPretty long blog post about how a network admin used OpenBSD to save the day\nTo set the tone, \"It was 5am, and the network was down\"\nGreat war story about replacing expensive routers and networking equipment with cheaper hardware and BSD\nMentions a lot of the built in tools and how OpenBSD is great for routers and high security applications\n***\n\n\nPCBSD weekly digest\n\n\n10.0-RC3 is out and ready to be tested\nNew detection of ATI Hybrid Graphics, they're working on nVidia next\nRe-classifying Linux jails as unsupported / experimental\n***\n\n\nFeedback/Questions\n\n\nDaniel writes in\nErik writes in\nSW writes in\n[Bostjan writes in[(http://slexy.org/view/s20N9bfkum)\nSamuel writes in\n***\n","content_html":"\u003cp\u003eWe\u0026#39;ve got some special treats for you this week on the show. It\u0026#39;s the long-awaited \u0026quot;installfest\u0026quot; segment, where we go through the installer of each of the different BSDs. Of course we also have your feedback and the latest news as well... and... we even have our very first viewer contest! There\u0026#39;s a lot to get to today on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-hackers/2013-December/044009.html\" rel=\"nofollow\"\u003eFreeBSD\u0026#39;s new testing infrastructure\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA new test suite was added to FreeBSD, with 3 powerful machines available\u003c/li\u003e\n\u003cli\u003eBoth -CURRENT and stable/10 have got the test suite build infrastructure in place\u003c/li\u003e\n\u003cli\u003eDesigned to help developers test and improve major scalability across huge amounts of CPUs and RAM\u003c/li\u003e\n\u003cli\u003eMore details \u003ca href=\"http://julipedia.meroh.net/2013/12/introducing-freebsd-test-suite.html\" rel=\"nofollow\"\u003eavailable here\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCould the iXsystems monster server be involved...?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=138845902916897\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD gets signify\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAt long last, OpenBSD gets support for signed releases!\u003c/li\u003e\n\u003cli\u003eFor \u0026quot;the world\u0026#39;s most secure OS\u0026quot; it was very easy to MITM kernel patches, updates, installer isos, everything\u003c/li\u003e\n\u003cli\u003eA commit to the -current tree reveals a new \u0026quot;signify\u0026quot; tool is currently being kicked around\u003c/li\u003e\n\u003cli\u003eMore details in \u003ca href=\"http://www.tedunangst.com/flak/post/signify\" rel=\"nofollow\"\u003ea blog post\u003c/a\u003e from the guy who committed it\u003c/li\u003e\n\u003cli\u003eQuote: \u0026quot;yeah, briefly, the plan is to sign sets and packages. that\u0026#39;s still work in progress.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.ca/2013/12/faces-of-freebsd-isabell-long.html\" rel=\"nofollow\"\u003eFaces of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis time they interview Isabell Long\u003c/li\u003e\n\u003cli\u003eShe\u0026#39;s a volunteer staff member on the freenode IRC network\u003c/li\u003e\n\u003cli\u003eIn 2011, she participated in the Google Code-In contest and became involved with documentation\u003c/li\u003e\n\u003cli\u003e\u0026quot;The new committer mentoring process proved very useful and that, plus the accepting community of FreeBSD, are reasons why I stay involved.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2013/12/31/msg019107.html\" rel=\"nofollow\"\u003epkgsrc-2013Q4 branched\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe quarterly pkgsrc branch from NetBSD is out\u003c/li\u003e\n\u003cli\u003e13472 total packages for NetBSD-current/amd64 + 13049 binary packages built with clang!\u003c/li\u003e\n\u003cli\u003eLots of numbers and stats in the announcement\u003c/li\u003e\n\u003cli\u003epkgsrc works on quite a few different OSes, not just NetBSD\u003c/li\u003e\n\u003cli\u003eSee \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_20-collecting_shells\" rel=\"nofollow\"\u003eour interview\u003c/a\u003e with Amitai Schlair for a bit about pkgsrc\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=138610199311393\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD on Google\u0026#39;s Compute Engine\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGoogle Compute Engine is a \u0026quot;cloud computing\u0026quot; platform similar to EC2\u003c/li\u003e\n\u003cli\u003eUnfortunately, they only offer poor choices for the OS (Debian and CentOS)\u003c/li\u003e\n\u003cli\u003eRecently it\u0026#39;s been announced that there is a custom OS option\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s using a WIP virtio-scsi driver, lots of things still need more work\u003c/li\u003e\n\u003cli\u003eLots of technical and networking details about the struggles to get OpenBSD working on it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eThe Installfest\u003c/h2\u003e\n\n\u003cp\u003eWe\u0026#39;ll be showing you the installer of each of the main BSDs. As of the date this episode airs, we\u0026#39;re using:\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 10.0\u003c/li\u003e\n\u003cli\u003eOpenBSD 5.4\u003c/li\u003e\n\u003cli\u003eNetBSD 6.1.2\u003c/li\u003e\n\u003cli\u003eDragonflyBSD 3.6\u003c/li\u003e\n\u003cli\u003ePCBSD 10.0\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://ctors.net/2013/12/30/openbsd_wireless_access_point\" rel=\"nofollow\"\u003eBuilding an OpenBSD wireless access point\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA neat write up we found around the internet about making an OpenBSD wifi router\u003c/li\u003e\n\u003cli\u003eGoes through the process of PXE booting, installing base, using a serial console, setting up networking and wireless\u003c/li\u003e\n\u003cli\u003eEven includes a puffy sticker on the Soekris box at the end, how cute\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/1919\" rel=\"nofollow\"\u003eFreeBSD 4.X jails on 10.0\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBlog entry from our buddy \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop\" rel=\"nofollow\"\u003eMichael Lucas\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor whatever reason (an \u0026quot;in-house application\u0026quot;), he needed to run a FreeBSD 4 jail in FreeBSD 10\u003c/li\u003e\n\u003cli\u003eTalks about the options he had: porting software, virtualizing, dealing with slow old hardware\u003c/li\u003e\n\u003cli\u003eHe goes through the whole process of making an ancient jail\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s \u0026quot;an acceptable trade-off, if it means I don’t have to touch actual PHP code.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.skeptech.org/blog/2013/01/13/unscrewed-a-story-about-openbsd/\" rel=\"nofollow\"\u003eUnscrewed: a story about OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePretty long blog post about how a network admin used OpenBSD to save the day\u003c/li\u003e\n\u003cli\u003eTo set the tone, \u0026quot;It was 5am, and the network was down\u0026quot;\u003c/li\u003e\n\u003cli\u003eGreat war story about replacing expensive routers and networking equipment with cheaper hardware and BSD\u003c/li\u003e\n\u003cli\u003eMentions a lot of the built in tools and how OpenBSD is great for routers and high security applications\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-2/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e10.0-RC3 is out and ready to be tested\u003c/li\u003e\n\u003cli\u003eNew detection of ATI Hybrid Graphics, they\u0026#39;re working on nVidia next\u003c/li\u003e\n\u003cli\u003eRe-classifying Linux jails as unsupported / experimental\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2uns1hMml\" rel=\"nofollow\"\u003eDaniel writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2MeJNCCiu\" rel=\"nofollow\"\u003eErik writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21fBXkP2K\" rel=\"nofollow\"\u003eSW writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Bostjan writes in[(\u003ca href=\"http://slexy.org/view/s20N9bfkum\" rel=\"nofollow\"\u003ehttp://slexy.org/view/s20N9bfkum\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20FU9wUO5\" rel=\"nofollow\"\u003eSamuel writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We've got some special treats for you this week on the show. It's the long-awaited \"installfest\" segment, where we go through the installer of each of the different BSDs. Of course we also have your feedback and the latest news as well... and... we even have our very first viewer contest! There's a lot to get to today on BSD Now - the place to B.. SD.","date_published":"2014-01-08T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6e52e1f8-72f4-4ef7-be58-b8d78ab97072.mp3","mime_type":"audio/mpeg","size_in_bytes":58342747,"duration_in_seconds":4861}]},{"id":"96a80a26-313b-4891-a505-fa71245e4e84","title":"18: Eclipsing Binaries","url":"https://www.bsdnow.tv/18","content_text":"Put away the Christmas trees and update your ports trees! We're back with the first show of 2014, and we've got some catching up to do. This time on the show, we have an interview with Baptiste Daroussin about the future of FreeBSD binary packages. Following that, we'll be highlighting a cool script to do binary upgrades on OpenBSD. Lots of holiday news and listener feedback, on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nFaces of FreeBSD continues\n\n\nOur first one details Shteryana Shopova, the local organizer for EuroBSDCon 2014 in Sophia\nGives some information about how she got into BSD\n\"I installed FreeBSD on my laptop, alongside the Windows and Slackware Linux I was running on it at the time. Several months later I realized that apart from FreeBSD, I hadn't booted the other two operating systems in months. So I wiped them out.\"\nShe wrote bsnmpd and extended it with the help of a grant from the FreeBSD Foundation\nWe've also got one for Kevin Martin\nStarted off with a pinball website, ended up learning about FreeBSD from an ISP and starting his own hosting company\n\"FreeBSD has been an asset to our operations, and while we have branched out a bit, we still primarily use FreeBSD and promote it whenever possible.  FreeBSD is a terrific technology with a terrific community.\"\n***\n\n\nOpenPF?\n\n\nA blog post over at the Dragonfly digest\nWhat if we had some cross platform development of OpenBSD's firewall?\nSimilar to portable OpenSSH or OpenZFS, there could be a centrally-developed version with compatibility glue\nRight now FreeBSD 9's pf is old, FreeBSD 10's pf is old (but has the best performance of any implementation due to custom patches), NetBSD's pf is old (but they're working on a fork) and Dragonfly's pf is old\nFurther complicated by the fact that PF itself doesn’t have a version number, since it was designed to just be ‘the pf that came with OpenBSD 5.4’\nNot likely to happen any time soon, but it's good food for thought\n***\n\n\nYear of BSD on the server\n\n\nA good blog post about switching servers from Linux to BSD\n2014 is going to be the year of a lot of switching, due to FreeBSD 10's amazing new features\nThis author was particularly taken with pkgng and the more coherent layout of BSD systems\nSimilarly, there was also a recent reddit thread, \"Why did you choose BSD over Linux?\"\nBoth are excellent reads for Linux users that are thinking about making the switch, send 'em to your friends\n***\n\n\nGetting to know your portmgr\n\n\nThis time in the series they interview Bryan Drewery, a fairly new addition to the team\nHe started maintaining portupgrade and portmaster, and eventually ended up on the ports management team\nBelieve it or not, his wife actually had a lot to do with him getting into FreeBSD full-time\nLots of fun trivia and background about him\nSpeaking of portmgr, our interview for today is...\n***\n\n\nInterview - Baptiste Daroussin - bapt@freebsd.org\n\nThe future of FreeBSD's binary packages, ports' features, various topics\n\n\n\nNews Roundup\n\npfSense december hang out\n\n\nInterview/presentation from pfSense developer Chris Buechler with an accompanying blog post\n\"This is the first in what will be a monthly recurring series. Each month, we’ll have a how to tutorial on a specific topic or area of the system, and updates on development and other happenings with the project. We have several topics in mind, but also welcome community suggestions on topics\"\nSpeaking of pfSense, they recently opened an online store\nWe're planning on having a pfSense episode next month!\n***\n\n\nBSDMag December issue is out\n\n\nThe free monthly BSD magazine gets a new release for December\nTopics include CARP on FreeBSD, more BSD programming, \"unix basics for security professionals,\" some kernel introductions, using OpenBSD as a transparent proxy with relayd, GhostBSD overview and some stuff about SSH\n***\n\n\nOpenBSD gets tmpfs\n\n\nIn addition to the recently-added FUSE support, OpenBSD now has tmpfs\nTo get more testing, it was enabled by default in -current\nShould make its way into 5.5 if everything goes according to plan\nEnables lots of new possibilities, like our ccache and tmpfs guide\n***\n\n\nPCBSD weekly digests\n\n\nCatching up with all the work going on in PCBSD land..\n10.0-RC2 is now available\nThe big pkgng 1.2 problems seem to have been worked out\n***\n\n\nFeedback/Questions\n\n\nRemy writes in\nJason writes in\nRob writes in\nJohn writes in\nStuart writes in\n***\n","content_html":"\u003cp\u003ePut away the Christmas trees and update your ports trees! We\u0026#39;re back with the first show of 2014, and we\u0026#39;ve got some catching up to do. This time on the show, we have an interview with Baptiste Daroussin about the future of FreeBSD binary packages. Following that, we\u0026#39;ll be highlighting a cool script to do binary upgrades on OpenBSD. Lots of holiday news and listener feedback, on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/12/faces-of-freebsd-shteryana-shopova.html\" rel=\"nofollow\"\u003eFaces of FreeBSD continues\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur first one details Shteryana Shopova, the local organizer for EuroBSDCon 2014 in Sophia\u003c/li\u003e\n\u003cli\u003eGives some information about how she got into BSD\u003c/li\u003e\n\u003cli\u003e\u0026quot;I installed FreeBSD on my laptop, alongside the Windows and Slackware Linux I was running on it at the time. Several months later I realized that apart from FreeBSD, I hadn\u0026#39;t booted the other two operating systems in months. So I wiped them out.\u0026quot;\u003c/li\u003e\n\u003cli\u003eShe wrote bsnmpd and extended it with the help of a grant from the FreeBSD Foundation\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve also got one for \u003ca href=\"http://freebsdfoundation.blogspot.com/2013/12/faces-of-freebsd-kevin-martin.html\" rel=\"nofollow\"\u003eKevin Martin\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStarted off with a pinball website, ended up learning about FreeBSD from an ISP and starting his own hosting company\u003c/li\u003e\n\u003cli\u003e\u0026quot;FreeBSD has been an asset to our operations, and while we have branched out a bit, we still primarily use FreeBSD and promote it whenever possible.  FreeBSD is a terrific technology with a terrific community.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2013/12/19/13008.html\" rel=\"nofollow\"\u003eOpenPF?\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA blog post over at the \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug\" rel=\"nofollow\"\u003eDragonfly digest\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhat if we had some cross platform development of OpenBSD\u0026#39;s firewall?\u003c/li\u003e\n\u003cli\u003eSimilar to portable \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline\" rel=\"nofollow\"\u003eOpenSSH\u003c/a\u003e or \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_04-zettabytes_for_days\" rel=\"nofollow\"\u003eOpenZFS\u003c/a\u003e, there could be a centrally-developed version with compatibility glue\u003c/li\u003e\n\u003cli\u003eRight now FreeBSD 9\u0026#39;s pf is old, FreeBSD 10\u0026#39;s pf is old (but has the best performance of any implementation due to custom patches), NetBSD\u0026#39;s pf is old (but they\u0026#39;re working on a fork) and Dragonfly\u0026#39;s pf is old\u003c/li\u003e\n\u003cli\u003eFurther complicated by the fact that PF itself doesn’t have a version number, since it was designed to just be ‘the pf that came with OpenBSD 5.4’\u003c/li\u003e\n\u003cli\u003eNot likely to happen any time soon, but it\u0026#39;s good food for thought\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mxey.net/the-year-of-freebsd-on-the-server/\" rel=\"nofollow\"\u003eYear of BSD on the server\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA good blog post about switching servers from Linux to BSD\u003c/li\u003e\n\u003cli\u003e2014 is going to be the year of a lot of switching, due to FreeBSD 10\u0026#39;s amazing new features\u003c/li\u003e\n\u003cli\u003eThis author was particularly taken with \u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003epkgng\u003c/a\u003e and the more coherent layout of BSD systems\u003c/li\u003e\n\u003cli\u003eSimilarly, there was also a recent \u003ca href=\"http://www.reddit.com/r/BSD/comments/1tdrz1/why_did_you_choose_bsd_over_linux/\" rel=\"nofollow\"\u003ereddit thread\u003c/a\u003e, \u0026quot;Why did you choose BSD over Linux?\u0026quot;\u003c/li\u003e\n\u003cli\u003eBoth are excellent reads for Linux users that are thinking about making the switch, send \u0026#39;em to your friends\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/12/24/getting-to-know-your-portmgr-bryan-drewery/\" rel=\"nofollow\"\u003eGetting to know your portmgr\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis time in the series they interview Bryan Drewery, a fairly new addition to the team\u003c/li\u003e\n\u003cli\u003eHe started maintaining portupgrade and portmaster, and eventually ended up on the ports management team\u003c/li\u003e\n\u003cli\u003eBelieve it or not, his wife actually had a lot to do with him getting into FreeBSD full-time\u003c/li\u003e\n\u003cli\u003eLots of fun trivia and background about him\u003c/li\u003e\n\u003cli\u003eSpeaking of portmgr, our interview for today is...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Baptiste Daroussin - \u003ca href=\"mailto:bapt@freebsd.org\" rel=\"nofollow\"\u003ebapt@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe future of FreeBSD\u0026#39;s \u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003ebinary packages\u003c/a\u003e, ports\u0026#39; features, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=aD-2e9u3tug\" rel=\"nofollow\"\u003epfSense december hang out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eInterview/presentation from pfSense developer Chris Buechler with an \u003ca href=\"http://blog.pfsense.org/?p=1146\" rel=\"nofollow\"\u003eaccompanying blog post\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u0026quot;This is the first in what will be a monthly recurring series. Each month, we’ll have a how to tutorial on a specific topic or area of the system, and updates on development and other happenings with the project. We have several topics in mind, but also welcome community suggestions on topics\u0026quot;\u003c/li\u003e\n\u003cli\u003eSpeaking of pfSense, they recently opened an \u003ca href=\"http://blog.pfsense.org/?p=1156\" rel=\"nofollow\"\u003eonline store\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;re planning on having a pfSense episode next month!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1854-carp-on-freebsd-how-to-use-devd-to-take-action-on-kernel-events\" rel=\"nofollow\"\u003eBSDMag December issue is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe free monthly BSD magazine gets a new release for December\u003c/li\u003e\n\u003cli\u003eTopics include CARP on FreeBSD, more BSD programming, \u0026quot;unix basics for security professionals,\u0026quot; some kernel introductions, using OpenBSD as a transparent proxy with relayd, GhostBSD overview and some stuff about SSH\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20131217081921\" rel=\"nofollow\"\u003eOpenBSD gets tmpfs\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn addition to the recently-added FUSE support, OpenBSD now has tmpfs\u003c/li\u003e\n\u003cli\u003eTo get more testing, it was enabled by default in -current\u003c/li\u003e\n\u003cli\u003eShould make its way into 5.5 if everything goes according to plan\u003c/li\u003e\n\u003cli\u003eEnables lots of new possibilities, like our \u003ca href=\"http://www.bsdnow.tv/tutorials/ccache\" rel=\"nofollow\"\u003eccache and tmpfs guide\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2013/12/pc-bsd-weekly-feature-digest-122013/\" rel=\"nofollow\"\u003ePCBSD weekly digests\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCatching up with all the work going on in PCBSD land..\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blog.pcbsd.org/2013/12/weekly-feature-digest-122713/\" rel=\"nofollow\"\u003e10.0-RC2 is now available\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe big pkgng 1.2 problems seem to have been worked out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2UrUzlnf6\" rel=\"nofollow\"\u003eRemy writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2iqnywwKX\" rel=\"nofollow\"\u003eJason writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2IUcPySbh\" rel=\"nofollow\"\u003eRob writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21aYlbXz2\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21vrYSqU8\" rel=\"nofollow\"\u003eStuart writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"Put away the Christmas trees and update your ports trees! We're back with the first show of 2014, and we've got some catching up to do. This time on the show, we have an interview with Baptiste Daroussin about the future of FreeBSD binary packages. Following that, we'll be highlighting a cool script to do binary upgrades on OpenBSD. Lots of holiday news and listener feedback, on BSD Now - the place to B.. SD.","date_published":"2014-01-01T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/96a80a26-313b-4891-a505-fa71245e4e84.mp3","mime_type":"audio/mpeg","size_in_bytes":50662433,"duration_in_seconds":4221}]},{"id":"c51be78b-bd80-4b82-ac8c-4c8a6a8a1116","title":"17: The Gift of Giving","url":"https://www.bsdnow.tv/17","content_text":"Merry Christmas everyone! We're taking the holiday off and just have an interview for you today. We sat down with Scott Long to discuss using FreeBSD at Netflix and lots of other things. Next week we will return with the normal round of news and tutorials.\n\nThis episode was brought to you by\n\n\n\n\n\nInterview - Scott Long - scottl@freebsd.org\n\nFreeBSD at Netflix, OpenConnect, network performance, various topics\n\n","content_html":"\u003cp\u003eMerry Christmas everyone! We\u0026#39;re taking the holiday off and just have an interview for you today. We sat down with Scott Long to discuss using FreeBSD at Netflix and lots of other things. Next week we will return with the normal round of news and tutorials.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eInterview - Scott Long - \u003ca href=\"mailto:scottl@freebsd.org\" rel=\"nofollow\"\u003escottl@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD at Netflix, OpenConnect, network performance, various topics\u003c/p\u003e\n\n\u003chr\u003e","summary":"Merry Christmas everyone! We're taking the holiday off and just have an interview for you today. We sat down with Scott Long to discuss using FreeBSD at Netflix and lots of other things. Next week we will return with the normal round of news and tutorials.","date_published":"2013-12-25T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c51be78b-bd80-4b82-ac8c-4c8a6a8a1116.mp3","mime_type":"audio/mpeg","size_in_bytes":13521166,"duration_in_seconds":1126}]},{"id":"d9af27cf-c4ff-4572-b119-cbfd0e4167c8","title":"16: Cryptocrystalline","url":"https://www.bsdnow.tv/16","content_text":"This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nSecure communications with OpenBSD and OpenVPN\n\n\nStarting off today's theme of encryption...\nA new blog series about combining OpenBSD and OpenVPN to secure your internet traffic\nPart 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)\nPart 2 covers the initial setup of OpenVPN certificates and keys\nParts 3 and 4 are the OpenVPN server and client configuration\nPart 5 is some updates and closing remarks\n***\n\n\nFreeBSD Foundation Newsletter\n\n\nThe December 2013 semi-annual newsletter was sent out from the foundation\nIn the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored\nThe president's letter alone is worth the read, really amazing\nReally long, with lots of details and stories from the conferences and projects\n***\n\n\nUse of NetBSD with Marvell Kirkwood Processors\n\n\nArticle that gives a brief history of NetBSD and how to use it on an IP-Plug computer\nThe IP-Plug is a \"multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger).\"\nReally cool little NetBSD ARM project with lots of graphs, pictures and details\n***\n\n\nExperimenting with zero-copy network IO\n\n\nLong blog post from Adrian Chadd about zero-copy network IO on FreeBSD\nDiscusses the different OS' implementations and options\nHe's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there\nTons of details, check the full post\n***\n\n\nInterview - Damien Miller - djm@openbsd.org / @damienmiller\n\nCryptography in OpenBSD and OpenSSH\n\n\n\nTutorial\n\nFull disk encryption in FreeBSD \u0026amp; OpenBSD\n\n\n\nNews Roundup\n\nOpenZFS office hours\n\n\nOur buddy George Wilson sat down to take some ZFS questions from the community\nYou can see more info about it here\n***\n\n\nLicense summaries in pkgng\n\n\nA discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng\nSimilar to pkgsrc's \"ACCEPTABLE_LICENSES\" setting, pkgng could let the user decide which software licenses he wants to allow\nMaybe we could get a \"pkg licenses\" command to display the license of all installed packages\nOk bapt, do it\n***\n\n\nThe FreeBSD challenge continues\n\n\nChecking in with our buddy from the Linux foundation...\nThe switching from Linux to FreeBSD blog series continues for his month-long trial\nFollow up from last week: \"As a matter of fact, I did check out PC-BSD, and wanted the challenge.  Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding.\"\nSince we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more\n***\n\n\nPorts gets a stable branch\n\n\nFor the first time ever, FreeBSD's ports tree will have a maintained \"stable\" branch\nThis is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes\nAll commits to this branch require approval of portmgr, looks like it'll start in 2014Q1\n***\n\n\nFeedback/Questions\n\n\nJohn writes in\nSpencer writes in\nCampbell writes in\nSha'ul writes in\nClint writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you\u0026#39;re into data security, today\u0026#39;s the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://johnchapin.boostrot.net/blog/2013/12/07/secure-comms-with-openbsd-and-openvpn-part-1/\" rel=\"nofollow\"\u003eSecure communications with OpenBSD and OpenVPN\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eStarting off today\u0026#39;s theme of encryption...\u003c/li\u003e\n\u003cli\u003eA new blog series about combining OpenBSD and OpenVPN to secure your internet traffic\u003c/li\u003e\n\u003cli\u003ePart 1 covers installing OpenBSD with full disk encryption (which we\u0026#39;ll be doing later on in the show)\u003c/li\u003e\n\u003cli\u003ePart 2 covers the initial setup of OpenVPN certificates and keys\u003c/li\u003e\n\u003cli\u003eParts 3 and 4 are the OpenVPN server and client configuration\u003c/li\u003e\n\u003cli\u003ePart 5 is some updates and closing remarks\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsdfoundation.org/press/2013Dec-newsletter\" rel=\"nofollow\"\u003eFreeBSD Foundation Newsletter\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe December 2013 semi-annual newsletter was sent out from the foundation\u003c/li\u003e\n\u003cli\u003eIn the newsletter you will find the president\u0026#39;s letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored\u003c/li\u003e\n\u003cli\u003eThe president\u0026#39;s letter alone is worth the read, really amazing\u003c/li\u003e\n\u003cli\u003eReally long, with lots of details and stories from the conferences and projects\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://evertiq.com/design/33394\" rel=\"nofollow\"\u003eUse of NetBSD with Marvell Kirkwood Processors\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eArticle that gives a brief history of NetBSD and how to use it on an IP-Plug computer\u003c/li\u003e\n\u003cli\u003eThe IP-Plug is a \u0026quot;multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger).\u0026quot;\u003c/li\u003e\n\u003cli\u003eReally cool little NetBSD ARM project with lots of graphs, pictures and details\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://adrianchadd.blogspot.com/2013/12/experimenting-with-zero-copy-network-io.html\" rel=\"nofollow\"\u003eExperimenting with zero-copy network IO\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLong blog post from Adrian Chadd about zero-copy network IO on FreeBSD\u003c/li\u003e\n\u003cli\u003eDiscusses the different OS\u0026#39; implementations and options\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn\u0026#39;t stopping there\u003c/li\u003e\n\u003cli\u003eTons of details, check the full post\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Damien Miller - \u003ca href=\"mailto:djm@openbsd.org\" rel=\"nofollow\"\u003edjm@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/damienmiller\" rel=\"nofollow\"\u003e@damienmiller\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eCryptography in OpenBSD and OpenSSH\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/fde\" rel=\"nofollow\"\u003eFull disk encryption in FreeBSD \u0026amp; OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=wWmVW2R_uz8\" rel=\"nofollow\"\u003eOpenZFS office hours\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOur buddy \u003ca href=\"http://www.bsdnow.tv/episodes/2013_12_04-zettabytes_for_days\" rel=\"nofollow\"\u003eGeorge Wilson\u003c/a\u003e sat down to take some ZFS questions from the community\u003c/li\u003e\n\u003cli\u003eYou can see more info about it \u003ca href=\"http://open-zfs.org/wiki/OpenZFS_Office_Hours\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2013/12/09/12934.html\" rel=\"nofollow\"\u003eLicense summaries in pkgng\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA discussion between \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug\" rel=\"nofollow\"\u003eJustin Sherill\u003c/a\u003e and some NYCBUG guys about license frameworks in pkgng\u003c/li\u003e\n\u003cli\u003eSimilar to pkgsrc\u0026#39;s \u0026quot;ACCEPTABLE_LICENSES\u0026quot; setting, pkgng could let the user decide which software licenses he wants to allow\u003c/li\u003e\n\u003cli\u003eMaybe we could get a \u0026quot;pkg licenses\u0026quot; command to display the license of all installed packages\u003c/li\u003e\n\u003cli\u003eOk bapt, do it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://thelinuxcauldron.com/2013/12/08/freebsd-challenge/\" rel=\"nofollow\"\u003eThe FreeBSD challenge continues\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eChecking in with our buddy from the Linux foundation...\u003c/li\u003e\n\u003cli\u003eThe switching from Linux to FreeBSD blog series continues for his month-long trial\u003c/li\u003e\n\u003cli\u003eFollow up from last week: \u0026quot;As a matter of fact, I did check out PC-BSD, and wanted the challenge.  Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding.\u0026quot;\u003c/li\u003e\n\u003cli\u003eSince we last mentioned it, he\u0026#39;s decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=336615\" rel=\"nofollow\"\u003ePorts gets a stable branch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor the first time ever, FreeBSD\u0026#39;s ports tree will have a maintained \u0026quot;stable\u0026quot; branch\u003c/li\u003e\n\u003cli\u003eThis is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes\u003c/li\u003e\n\u003cli\u003eAll commits to this branch require approval of portmgr, looks like it\u0026#39;ll start in 2014Q1\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2iRV1tOzB\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21gAR5lgf\" rel=\"nofollow\"\u003eSpencer writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s203iOnFh1\" rel=\"nofollow\"\u003eCampbell writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2yUqj3vKW\" rel=\"nofollow\"\u003eSha\u0026#39;ul writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2egcTPBXH\" rel=\"nofollow\"\u003eClint writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.","date_published":"2013-12-18T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d9af27cf-c4ff-4572-b119-cbfd0e4167c8.mp3","mime_type":"audio/mpeg","size_in_bytes":79454910,"duration_in_seconds":6621}]},{"id":"cbf73b1a-fa1e-4acd-a1c4-ad96edb36916","title":"15: Kickin' NAS","url":"https://www.bsdnow.tv/15","content_text":"This time on the show, we'll be looking at the new version of FreeNAS, a BSD-based network attached storage solution, as well as talking to Josh Paetzel - one of the key developers of FreeNAS. Actually, he's on the FreeBSD release engineering team too, and does quite a lot for the project. We've got answers to your viewer-submitted questions and plenty of news to cover, so get ready for some BSD Now - the place to B.. SD.\n\nThis episode was brought to you by\n\n\n\n\n\nHeadlines\n\nMore faces of FreeBSD\n\n\nAnother installment of the FoF series\nThis time they talk with Reid Linnemann who works at Spectra Logic\nGives a history of all the different jobs he's done, all the programming languages he knows\nMentions how he first learned about FreeBSD, actually pretty similar to Kris' story\n\"I used the system to build and install ports, and explored, getting actively involved in the mailing lists and forums, studying, passing on my own limited knowledge to those who could benefit from it. I pursued my career in the open source software world, learning the differences in BSD and GNU licensing and the fragmented nature of Linux distributions, realizing the FreeBSD community was more mature and well distributed about industry, education, and research. Everything steered me towards working with and on FreeBSD.\"\nNow works on FreeBSD as his day job\nThe second one covers Brooks Davis\nFreeBSD committer since 2001 and core team member from 2006 through 2012\nHe's helped drive our transition from a GNU toolchain to a more modern LLVM-based toolchain\n\"One of the reasons I like FreeBSD is the community involved in the process of building a principled, technically-advanced operating system platform. Not only do we produce a great product, but we have fun doing it.\"\nLots more in the show notes\n***\n\n\nWe cannot trust Intel and Via’s chip-based crypto\n\n\nWe woke up to see FreeBSD on the front page of The Register, Ars Technica, Slashdot and Hacker News for their strong stance on security and respecting privacy\nAt the EuroBSDCon dev summit, there was some discussion about removing support for hardware-based random number generators.\nFreeBSD's /dev/random got some updates and, for 10.0, will no longer allow the use of Intel or VIA's hardware RNGs as the sole point of entropy\n\"It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more\"\n***\n\n\nOpenSMTPD 5.4.1 released\n\n\nThe OpenBSD developers came out with major a new version\nImproved config syntax (please check your smtpd.conf before upgrading)\nAdds support for TLS Perfect Forward Secrecy and custom CA certificate\nMTA, Queue and SMTP server improvements\nSNI support confirmed for the next version\nCheck the show notes for the full list of changes, pretty huge release\nWatch Episode 3 for an interview we did with the developers\n***\n\n\nMore getting to know your portmgr\n\n\nThe portmgr secretary, Thomas Abthorpe, interviews... himself!\nJoined as -secretary in March 2010, upgraded to full member in March 2011\nHis inspiration for using BSD is \"I wanted to run a webserver, and I wanted something free. I was going to use something linux, then met up with a former prof from university, and shared my story with him. He told me FreeBSD was the way to go.\"\nMentions how he loves that anyone can contribute and watch it \"go live\"\nThe second one covers Baptiste Daroussin\nThe reason for his nick, bapt, is \"Baptiste is too long to type\"\nThere's even a video of bapt joining the team!\n***\n\n\nInterview - Santa Clause - josh@ixsystems.com / @freenasteam\n\nFreeNAS 9.2.0\n\nNote: we originally scheduled the interview to be with Josh Paetzel, but Santa showed up instead.\n\n\n\nTutorial\n\nFreeNAS walkthrough\n\n\n\nNews Roundup\n\nIntroducing configinit\n\n\nCloudInit is \"a system originally written for Ubuntu which performs configuration of a system at boot-time based on user-data provided via EC2\"\nWasn't ideal for FreeBSD since it requires python and is designed around the concept of configuring a system by running commands (rather than editing configuration files)\nColin Percival came up with configinit, a FreeBSD alternative\nAlongside his new \"firstboot-pkgs\" port, it can spin up a webserver in 120 seconds from \"launch\" of the EC2 instance\nCheck the show notes for full blog post\n***\n\n\nOpenSSH support for Ed25519 and bcrypt keys\n\n\nNew Ed25519 key support (hostkeys and user identities) using the public domain ed25519 reference code\nSSH private keys were encrypted with a symmetric key that's just an MD5 of their password\nNow they'll be using bcrypt by default\nWe'll get more into this in next week's interview\n***\n\n\nThe FreeBSD challenge\n\n\nA member of the Linux foundation blogs about using FreeBSD\nGoes through all the beginner steps, has to \"unlearn\" some of his Linux ways\nOnly a few posts as of this time, but it's a continuing series that may be helpful for switchers\n***\n\n\nPCBSD weekly digest\n\n\nGNOME3, cinnamon and mate desktops are in the installer\nCompat layer updated to CentOS 6, enables newest Skype\nLooking for people to test printers and hplip\nContinuing work on grub, but the ability to switch between bootloaders is back\n***\n\n\nFeedback/Questions\n\n\nBostjan writes in\nJason writes in\nJohn writes in\nKjell-Aleksander writes in\nAlexy writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we\u0026#39;ll be looking at the new version of FreeNAS, a BSD-based network attached storage solution, as well as talking to Josh Paetzel - one of the key developers of FreeNAS. Actually, he\u0026#39;s on the FreeBSD release engineering team too, and does quite a lot for the project. We\u0026#39;ve got answers to your viewer-submitted questions and plenty of news to cover, so get ready for some BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eThis episode was brought to you by\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://www.ixsystems.com/bsdnow\" title=\"iXsystems\"\u003e\u003cimg src=\"/images/iXlogo2.png\" alt=\"iXsystems - Enterprise Servers and Storage For Open Source\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/12/faces-of-freebsd-reid-linnemann.html\" rel=\"nofollow\"\u003eMore faces of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAnother installment of the FoF series\u003c/li\u003e\n\u003cli\u003eThis time they talk with Reid Linnemann who works at Spectra Logic\u003c/li\u003e\n\u003cli\u003eGives a history of all the different jobs he\u0026#39;s done, all the programming languages he knows\u003c/li\u003e\n\u003cli\u003eMentions how he first learned about FreeBSD, actually pretty similar to Kris\u0026#39; story\u003c/li\u003e\n\u003cli\u003e\u0026quot;I used the system to build and install ports, and explored, getting actively involved in the mailing lists and forums, studying, passing on my own limited knowledge to those who could benefit from it. I pursued my career in the open source software world, learning the differences in BSD and GNU licensing and the fragmented nature of Linux distributions, realizing the FreeBSD community was more mature and well distributed about industry, education, and research. Everything steered me towards working with and on FreeBSD.\u0026quot;\u003c/li\u003e\n\u003cli\u003eNow works on FreeBSD as his day job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/12/faces-of-freebsd-brooks-davis.html\" rel=\"nofollow\"\u003eThe second one\u003c/a\u003e covers Brooks Davis\u003c/li\u003e\n\u003cli\u003eFreeBSD committer since 2001 and core team member from 2006 through 2012\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s helped drive our transition from a GNU toolchain to a more modern LLVM-based toolchain\u003c/li\u003e\n\u003cli\u003e\u0026quot;One of the reasons I like FreeBSD is the community involved in the process of building a principled, technically-advanced operating system platform. Not only do we produce a great product, but we have fun doing it.\u0026quot;\u003c/li\u003e\n\u003cli\u003eLots more in the show notes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2013-09-devsummit.html#Security\" rel=\"nofollow\"\u003eWe cannot trust Intel and Via’s chip-based crypto\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe woke up to see FreeBSD on the front page of \u003ca href=\"http://www.theregister.co.uk/2013/12/09/freebsd_abandoning_hardware_randomness/\" rel=\"nofollow\"\u003eThe Register\u003c/a\u003e, \u003ca href=\"http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say/\" rel=\"nofollow\"\u003eArs Technica\u003c/a\u003e, \u003ca href=\"http://it.slashdot.org/story/13/12/11/1919201/freebsd-developers-will-not-trust-chip-based-encryption\" rel=\"nofollow\"\u003eSlashdot\u003c/a\u003e and \u003ca href=\"https://news.ycombinator.com/item?id=6880474\" rel=\"nofollow\"\u003eHacker News\u003c/a\u003e for their strong stance on security and respecting privacy\u003c/li\u003e\n\u003cli\u003eAt the EuroBSDCon dev summit, there was some discussion about removing support for hardware-based random number generators.\u003c/li\u003e\n\u003cli\u003eFreeBSD\u0026#39;s /dev/random got some updates and, for 10.0, will no longer allow the use of Intel or VIA\u0026#39;s hardware RNGs as the sole point of entropy\u003c/li\u003e\n\u003cli\u003e\u0026quot;It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://article.gmane.org/gmane.mail.opensmtpd.general/1146\" rel=\"nofollow\"\u003eOpenSMTPD 5.4.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenBSD developers came out with major a new version\u003c/li\u003e\n\u003cli\u003eImproved config syntax (please check your smtpd.conf before upgrading)\u003c/li\u003e\n\u003cli\u003eAdds support for TLS Perfect Forward Secrecy and custom CA certificate\u003c/li\u003e\n\u003cli\u003eMTA, Queue and SMTP server improvements\u003c/li\u003e\n\u003cli\u003eSNI support confirmed for the next version\u003c/li\u003e\n\u003cli\u003eCheck the show notes for the full list of changes, pretty huge release\u003c/li\u003e\n\u003cli\u003eWatch \u003ca href=\"http://www.bsdnow.tv/episodes/2013-09-18_mx_with_ttx\" rel=\"nofollow\"\u003eEpisode 3\u003c/a\u003e for an interview we did with the developers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/12/02/getting-to-know-your-portmgr-thomas-abthorpe/\" rel=\"nofollow\"\u003eMore getting to know your portmgr\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe portmgr secretary, Thomas Abthorpe, interviews... himself!\u003c/li\u003e\n\u003cli\u003eJoined as -secretary in March 2010, upgraded to full member in March 2011\u003c/li\u003e\n\u003cli\u003eHis inspiration for using BSD is \u0026quot;I wanted to run a webserver, and I wanted something free. I was going to use something linux, then met up with a former prof from university, and shared my story with him. He told me FreeBSD was the way to go.\u0026quot;\u003c/li\u003e\n\u003cli\u003eMentions how he loves that anyone can contribute and watch it \u0026quot;go live\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/12/09/getting-to-know-your-portmgr-baptiste-daroussin/\" rel=\"nofollow\"\u003eThe second one\u003c/a\u003e covers Baptiste Daroussin\u003c/li\u003e\n\u003cli\u003eThe reason for his nick, bapt, is \u0026quot;Baptiste is too long to type\u0026quot;\u003c/li\u003e\n\u003cli\u003eThere\u0026#39;s even \u003ca href=\"https://www.youtube.com/watch?v=tZk__K8rqOg\" rel=\"nofollow\"\u003ea video\u003c/a\u003e of bapt joining the team!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Santa Clause - \u003ca href=\"mailto:josh@ixsystems.com\" rel=\"nofollow\"\u003ejosh@ixsystems.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/freenasteam\" rel=\"nofollow\"\u003e@freenasteam\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeNAS \u003ca href=\"http://www.freenas.org/whats-new/2013/12/freenas-9-2-0-rc-available.html\" rel=\"nofollow\"\u003e9.2.0\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eNote: we originally scheduled the interview to be with Josh Paetzel, but Santa showed up instead.\u003c/strong\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003eFreeNAS walkthrough\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.daemonology.net/blog/2013-12-09-FreeBSD-EC2-configinit.html\" rel=\"nofollow\"\u003eIntroducing configinit\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCloudInit is \u0026quot;a system originally written for Ubuntu which performs configuration of a system at boot-time based on user-data provided via EC2\u0026quot;\u003c/li\u003e\n\u003cli\u003eWasn\u0026#39;t ideal for FreeBSD since it requires python and is designed around the concept of configuring a system by running commands (rather than editing configuration files)\u003c/li\u003e\n\u003cli\u003eColin Percival came up with configinit, a FreeBSD alternative\u003c/li\u003e\n\u003cli\u003eAlongside his new \u0026quot;firstboot-pkgs\u0026quot; port, it can spin up a webserver in 120 seconds from \u0026quot;launch\u0026quot; of the EC2 instance\u003c/li\u003e\n\u003cli\u003eCheck the show notes for full blog post\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?rev=1.1;content-type=text%2Fx-cvsweb-markup\" rel=\"nofollow\"\u003eOpenSSH support for Ed25519 and bcrypt keys\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew Ed25519 key support (hostkeys and user identities) using the public domain ed25519 reference code\u003c/li\u003e\n\u003cli\u003eSSH private keys were encrypted with a symmetric key that\u0026#39;s just an MD5 of their password\u003c/li\u003e\n\u003cli\u003eNow they\u0026#39;ll be using bcrypt \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=138633721618361\u0026w=2\" rel=\"nofollow\"\u003eby default\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll get more into this in next week\u0026#39;s interview\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://thelinuxcauldron.com/2013/12/08/freebsd-challenge/\" rel=\"nofollow\"\u003eThe FreeBSD challenge\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA member of the Linux foundation blogs about using FreeBSD\u003c/li\u003e\n\u003cli\u003eGoes through all the beginner steps, has to \u0026quot;unlearn\u0026quot; some of his Linux ways\u003c/li\u003e\n\u003cli\u003eOnly a few posts as of this time, but it\u0026#39;s a continuing series that may be helpful for switchers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2013/12/pc-bsd-weekly-feature-digest-111513-2/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGNOME3, cinnamon and mate desktops are in the installer\u003c/li\u003e\n\u003cli\u003eCompat layer updated to CentOS 6, enables newest Skype\u003c/li\u003e\n\u003cli\u003eLooking for people to test printers and hplip\u003c/li\u003e\n\u003cli\u003eContinuing work on grub, but the ability to switch between bootloaders is back\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20k2gumbP\" rel=\"nofollow\"\u003eBostjan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2PM8tfKfe\" rel=\"nofollow\"\u003eJason writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2KgXIKqrJ\" rel=\"nofollow\"\u003eJohn writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20DLk8bac\" rel=\"nofollow\"\u003eKjell-Aleksander writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2nmmJHvgR\" rel=\"nofollow\"\u003eAlexy writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we'll be looking at the new version of FreeNAS, a BSD-based network attached storage solution, as well as talking to Josh Paetzel - one of the key developers of FreeNAS. Actually, he's on the FreeBSD release engineering team too, and does quite a lot for the project. We've got answers to your viewer-submitted questions and plenty of news to cover, so get ready for some BSD Now - the place to B.. SD.","date_published":"2013-12-11T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/cbf73b1a-fa1e-4acd-a1c4-ad96edb36916.mp3","mime_type":"audio/mpeg","size_in_bytes":77923925,"duration_in_seconds":6493}]},{"id":"8a946478-3ac7-4087-a433-ad139e4d7aa9","title":"14: Zettabytes for Days","url":"https://www.bsdnow.tv/14","content_text":"This week is the long-awaited episode you've been asking for! We'll be giving you a crash course on becoming a ZFS wizard, as well as having a chat with George Wilson about the OpenZFS project's recent developments. We have answers to your feedback emails and there are some great news items to get caught up on too, so stay tuned to BSD Now - the place to B.. SD.\n\nHeadlines\n\npkgng 1.2 released\n\n\nbapt and bdrewery from the portmgr team released pkgng 1.2 final\nNew features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new \"pkg config\" command, repo improvements, vuXML is now default, new fingerprint features and much more\nReally simple to upgrade, check our pkgng tutorial if you want some easy instructions\nIt's also made its way into Dragonfly\nSee the show notes for the full list of new features and fixes\n***\n\n\nChaCha20 and Poly1305 in OpenSSH\n\n\nDamien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305\nLong blog post explaining what these are and why we need them\nThis cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC\nRC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn't show the packet length in cleartext\nGreat explanation of the differences between EtM, MtE and EaM and their advantages\n\"Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly.\"\n***\n\n\nIs it time to dump Linux and move to BSD\n\n\nITworld did an article about switching from Linux to BSD\nThe author's interest was sparked from a review he was reading that said \"I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0\"\nThe whole article can be summed up with \"yes\" - ok, next story!\n***\n\n\nOpenZFS devsummit videos\n\n\nThe OpenZFS developer summit discussion and presentation videos are up\nPeople from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced\nQuestion and answer session from representatives of every OS - had a couple FreeBSD guys there including one from the foundation\nPresentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production\nTONS of video, about 6 hours' worth\nThis leads us into our interview, which is...\n***\n\n\nInterview - George Wilson - wilzun@gmail.com / @zfsdude\n\nOpenZFS\n\n\n\nTutorial\n\nA crash course on ZFS\n\n\n\nNews Roundup\n\nruBSD 2013 information\n\n\nThe ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia\nSpeakers include three OpenBSD developers, Theo de Raadt, Henning Brauer and Mike Belopuhov\nTheir talks are titled \"The bane of backwards compatibility,\" \"OpenBSD's pf: Design, Implementation and Future\" and \"OpenBSD: Where crypto is going?\"\nNo word on if there will be video recordings, but we'll let you know if that changes\n***\n\n\nDragonFly roadmap, post 3.6\n\n\nJohn Marino posted a possible roadmap for DragonFly, now that they're past the 3.6 release\nHe wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils)\nPlans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still\nBring in fixes and new stuff from FreeBSD 10\n***\n\n\nBSDCan 2014 CFP\n\n\nBSDCan 2014 will be held on May 16-17 in Ottawa, Canada\nThey're now accepting proposals for talks\nIf you are doing something interesting with a BSD operating system, please submit a proposal\nWe'll be getting lots of interviews there\n***\n\n\ncasperd added to -CURRENT\n\n\n\"It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted.\"\nLists some sysctls that can be controlled\n***\n\n\nZFS corruption bug fixed in -CURRENT\n\n\nJust a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded\n***\n\n\nFeedback/Questions\n\n\nChris writes in\nSW writes in\nJason writes in\nClint writes in\nChris writes in\n***\n","content_html":"\u003cp\u003eThis week is the long-awaited episode you\u0026#39;ve been asking for! We\u0026#39;ll be giving you a crash course on becoming a ZFS wizard, as well as having a chat with George Wilson about the OpenZFS project\u0026#39;s recent developments. We have answers to your feedback emails and there are some great news items to get caught up on too, so stay tuned to BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/ports?view=revision\u0026revision=334937\" rel=\"nofollow\"\u003epkgng 1.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ebapt and bdrewery from the portmgr team released pkgng 1.2 final\u003c/li\u003e\n\u003cli\u003eNew features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new \u0026quot;pkg config\u0026quot; command, repo improvements, vuXML is now default, new fingerprint features and much more\u003c/li\u003e\n\u003cli\u003eReally simple to upgrade, check our \u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003epkgng tutorial\u003c/a\u003e if you want some easy instructions\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s also made its way \u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2013-November/090339.html\" rel=\"nofollow\"\u003einto Dragonfly\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee the show notes for the full list of new features and fixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html\" rel=\"nofollow\"\u003eChaCha20 and Poly1305 in OpenSSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDamien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305\u003c/li\u003e\n\u003cli\u003eLong blog post explaining what these are and why we need them\u003c/li\u003e\n\u003cli\u003eThis cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC\u003c/li\u003e\n\u003cli\u003eRC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn\u0026#39;t show the packet length in cleartext\u003c/li\u003e\n\u003cli\u003eGreat explanation of the differences between EtM, MtE and EaM and their advantages\u003c/li\u003e\n\u003cli\u003e\u0026quot;Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.itworld.com/open-source/384383/should-you-switch-linux-bsd\" rel=\"nofollow\"\u003eIs it time to dump Linux and move to BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eITworld did an article about switching from Linux to BSD\u003c/li\u003e\n\u003cli\u003eThe author\u0026#39;s interest was sparked from a review he was reading that said \u0026quot;I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0\u0026quot;\u003c/li\u003e\n\u003cli\u003eThe whole article can be summed up with \u0026quot;yes\u0026quot; - ok, next story!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/user/deirdres/videos\" rel=\"nofollow\"\u003eOpenZFS devsummit videos\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OpenZFS \u003ca href=\"http://www.open-zfs.org/wiki/OpenZFS_Developer_Summit_2013\" rel=\"nofollow\"\u003edeveloper summit\u003c/a\u003e discussion and presentation videos are up\u003c/li\u003e\n\u003cli\u003ePeople from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced\u003c/li\u003e\n\u003cli\u003eQuestion and answer session from representatives of every OS - had a couple FreeBSD guys there including one from the foundation\u003c/li\u003e\n\u003cli\u003ePresentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production\u003c/li\u003e\n\u003cli\u003eTONS of video, about 6 hours\u0026#39; worth\u003c/li\u003e\n\u003cli\u003eThis leads us into our interview, which is...\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - George Wilson - \u003ca href=\"mailto:wilzun@gmail.com\" rel=\"nofollow\"\u003ewilzun@gmail.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/zfsdude\" rel=\"nofollow\"\u003e@zfsdude\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenZFS\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/zfs\" rel=\"nofollow\"\u003eA crash course on ZFS\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20131126113154\" rel=\"nofollow\"\u003eruBSD 2013 information\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia\u003c/li\u003e\n\u003cli\u003eSpeakers include three OpenBSD developers, \u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_09-doing_it_de_raadt_way\" rel=\"nofollow\"\u003eTheo de Raadt\u003c/a\u003e, \u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_30-current_events\" rel=\"nofollow\"\u003eHenning Brauer\u003c/a\u003e and Mike Belopuhov\u003c/li\u003e\n\u003cli\u003eTheir talks are titled \u0026quot;The bane of backwards compatibility,\u0026quot; \u0026quot;OpenBSD\u0026#39;s pf: Design, Implementation and Future\u0026quot; and \u0026quot;OpenBSD: Where crypto is going?\u0026quot;\u003c/li\u003e\n\u003cli\u003eNo word on if there will be video recordings, but we\u0026#39;ll let you know if that changes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2013/11/28/12874.html\" rel=\"nofollow\"\u003eDragonFly roadmap, post 3.6\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJohn Marino posted a possible roadmap for DragonFly, now that they\u0026#39;re past the 3.6 release\u003c/li\u003e\n\u003cli\u003eHe wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils)\u003c/li\u003e\n\u003cli\u003ePlans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still\u003c/li\u003e\n\u003cli\u003eBring in fixes and new stuff from FreeBSD 10\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.bsdcan.org/pipermail/bsdcan-announce/2013-December/000123.html\" rel=\"nofollow\"\u003eBSDCan 2014 CFP\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSDCan 2014 will be held on May 16-17 in Ottawa, Canada\u003c/li\u003e\n\u003cli\u003eThey\u0026#39;re now accepting proposals for talks\u003c/li\u003e\n\u003cli\u003eIf you are doing something interesting with a BSD operating system, please submit a proposal\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll be getting lots of interviews there\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=258838\" rel=\"nofollow\"\u003ecasperd added to -CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted.\u0026quot;\u003c/li\u003e\n\u003cli\u003eLists some sysctls that can be controlled\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=258704\" rel=\"nofollow\"\u003eZFS corruption bug fixed in -CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eJust a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2JDWKjs7l\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20BLqxTWD\" rel=\"nofollow\"\u003eSW writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2939tUOf5\" rel=\"nofollow\"\u003eJason writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21qKY6qIb\" rel=\"nofollow\"\u003eClint writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20LWlmhoK\" rel=\"nofollow\"\u003eChris writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week is the long-awaited episode you've been asking for! We'll be giving you a crash course on becoming a ZFS wizard, as well as having a chat with George Wilson about the OpenZFS project's recent developments. We have answers to your feedback emails and there are some great news items to get caught up on too, so stay tuned to BSD Now - the place to B.. SD.","date_published":"2013-12-04T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8a946478-3ac7-4087-a433-ad139e4d7aa9.mp3","mime_type":"audio/mpeg","size_in_bytes":56736843,"duration_in_seconds":4728}]},{"id":"bf19202c-3646-4560-bc01-29393b43dde4","title":"13: Bridging the Gap","url":"https://www.bsdnow.tv/13","content_text":"This week on the show, we sit down for an interview with Jordan Hubbard, one of the founders of the FreeBSD project - and the one who invented ports! Later in the show, we'll be showing you some new updates to the OpenBSD router tutorial from a couple weeks ago. We've also got news, your questions and even our first viewer-submitted video, right here on BSD Now.. the place to B.. SD.\n\nHeadlines\n\nGetting to know your portmgr\n\n\nIn this interview they talk to one of the \"Annoying Reminder Guys\" - Erwin Lansing, the second longest serving member of FreeBSD's portmgr (also vice-president of the FreeBSD Foundation)\nHe actually maintains the .dk ccTLD\nDescribes FreeBSD as \"the best well-hidden success story in operating systems, by now in the hands of more people than one can count and used by even more people, and not one of them knows it! It’s not only the best operating system currently around, but also the most supportive and inspiring community.\"\nIn the next one they speak with Martin Wilke (miwi@)\nThe usual, \"what inspires you about FreeBSD\" \"how did you get into it\" etc.\n***\n\n\nvBSDCon wrap-up compilation\n\n\nLots of write-ups about vBSDCon gathered in one place\nSome from OpenBSD guys\nSome from FreeBSD guys\nSome from RootBSD\nSome from iXsystems\nSome from Verisign\nAnd of course our own wrap-up chat in BSD Now Episode 009\n***\n\n\nFaces of FreeBSD\n\n\nThis week they talk to Gábor Páli from Hungary\nTalks about his past as a game programmer and how it got involved with FreeBSD\n\"I met János Háber, who admired the technical merits of FreeBSD and recommended it over the popular GNU/Linux distributions. I downloaded FreeBSD 4.3-RELEASE, found it reliable, consistent, easy to install, update and use.\"\nHe's been contributing since 2008 and does lots of work with Haskell in ports\nHe also organizes EuroBSDCon and is secretary of the FreeBSD Core Team\n***\n\n\nDragonfly 3.6 released\n\n\ndports now default instead of pkgsrc\nBig SMP scaling improvements\nExperimental i915 and KMS support\nSee our interview with Justin Sherrill if you want to hear (a lot) more about it - nearly an hour long\n***\n\n\nInterview - Jordan Hubbard - jkh@freebsd.org / @omgjkh\n\nFreeBSD's founding and future\n\n\n\nTutorial\n\nBuilding an OpenBSD router, part 2\n\n\nNote: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions.\n***\n\n\nNews Roundup\n\npfSense 2.1 on AWS EC2\n\n\nWe now have pfSense 2.1 available on Amazon’s Elastic Compute Cloud (EC2)\nIn keeping with the community spirit, they’re also offering a free \"public\" AMI\nCheck the FAQ and User Guide on their site for additional details\nInteresting possibilities with pfSense in the cloud\n***\n\n\nPuffy on the desktop\n\n\nDistrowatch, a primarily Linux-focused site, features an OpenBSD 5.4 review\nThey talk about using it on the desktop, how to set it up\nVery long write-up, curious Linux users should give it a read\nEnds with \"Most people will still see OpenBSD as an operating system for servers and firewalls, but OpenBSD can also be used in desktop environments if the user doesn't mind a little manual work. The payoff is a very light, responsive system that is unlikely to ever misbehave\"\n***\n\n\nTwo-factor authentication with SSH\n\n\nBlog post about using a yubikey with SSH public keys\nUses a combination of a OTP, BSDAuth and OpenBSD's login.conf, but it can be used with PAM on other systems as well\nAllows for two-factor authentication (a la gmail) in case your private key is compromised\nAnyone interested in an extra-hardened SSH server should give it a read\n***\n\n\nPCBSD weekly digest\n\n\n10.0 has approximately 400 PBIs for public consumption\nThey will be merging the GNOME3, MATE and Cinnamon desktops into the 10.0 ports tree - please help test them, this is pretty big news in and of itself!\nPCDM is coming along nicely, more bugs are getting fixed\nAdded ZFS dataset options to PCBSD’s new text installer front-end\n***\n\n\nFeedback/Questions\n\n\nBen writes in\nFlorian writes in\nZach writes in\nAddison writes in\nAdam writes in\nAdam's BSD Router Project tutorial can be downloaded here.\n***\n","content_html":"\u003cp\u003eThis week on the show, we sit down for an interview with Jordan Hubbard, one of the founders of the FreeBSD project - and the one who invented ports! Later in the show, we\u0026#39;ll be showing you some new updates to the OpenBSD router tutorial from a couple weeks ago. We\u0026#39;ve also got news, your questions and even our first viewer-submitted video, right here on BSD Now.. the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/11/18/getting-to-know-your-portmgr-erwin-lansing/\" rel=\"nofollow\"\u003eGetting to know your portmgr\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn this interview they talk to one of the \u0026quot;Annoying Reminder Guys\u0026quot; - Erwin Lansing, the second longest serving member of FreeBSD\u0026#39;s portmgr (also vice-president of the FreeBSD Foundation)\u003c/li\u003e\n\u003cli\u003eHe actually maintains the .dk ccTLD\u003c/li\u003e\n\u003cli\u003eDescribes FreeBSD as \u0026quot;the best well-hidden success story in operating systems, by now in the hands of more people than one can count and used by even more people, and not one of them knows it! It’s not only the best operating system currently around, but also the most supportive and inspiring community.\u0026quot;\u003c/li\u003e\n\u003cli\u003eIn \u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/11/25/getting-to-know-your-portmgr-martin-wilke/\" rel=\"nofollow\"\u003ethe next one\u003c/a\u003e they speak with Martin Wilke (miwi@)\u003c/li\u003e\n\u003cli\u003eThe usual, \u0026quot;what inspires you about FreeBSD\u0026quot; \u0026quot;how did you get into it\u0026quot; etc.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.hostileadmin.com/2013/11/20/vbsdcon-wrap-ups/\" rel=\"nofollow\"\u003evBSDCon wrap-up compilation\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLots of write-ups about vBSDCon gathered in one place\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20131121050402\" rel=\"nofollow\"\u003eSome from OpenBSD guys\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/11/vbsdcon-trip-report-john-mark-gurney.html\" rel=\"nofollow\"\u003eSome from FreeBSD guys\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.rootbsd.net/vbsdcon-2013-wrap-up/\" rel=\"nofollow\"\u003eSome from RootBSD\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.ixsystems.com/resources/ix/blog/vbsdcon-2013.html\" rel=\"nofollow\"\u003eSome from iXsystems\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blogs.verisigninc.com/blog/entry/builders_and_archaeologists\" rel=\"nofollow\"\u003eSome from Verisign\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnd of course our own wrap-up chat in \u003ca href=\"http://www.bsdnow.tv/episodes/2013_10_30-current_events\" rel=\"nofollow\"\u003eBSD Now Episode 009\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/11/faces-of-freebsd-each-week-we-are-going.html\" rel=\"nofollow\"\u003eFaces of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis week they talk to Gábor Páli from Hungary\u003c/li\u003e\n\u003cli\u003eTalks about his past as a game programmer and how it got involved with FreeBSD\u003c/li\u003e\n\u003cli\u003e\u0026quot;I met János Háber, who admired the technical merits of FreeBSD and recommended it over the popular GNU/Linux distributions. I downloaded FreeBSD 4.3-RELEASE, found it reliable, consistent, easy to install, update and use.\u0026quot;\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s been contributing since 2008 and does lots of work with Haskell in ports\u003c/li\u003e\n\u003cli\u003eHe also organizes EuroBSDCon and is secretary of the FreeBSD Core Team\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.dragonflybsd.org/release36/\" rel=\"nofollow\"\u003eDragonfly 3.6 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003edports now default instead of pkgsrc\u003c/li\u003e\n\u003cli\u003eBig SMP scaling improvements\u003c/li\u003e\n\u003cli\u003eExperimental i915 and KMS support\u003c/li\u003e\n\u003cli\u003eSee \u003ca href=\"http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug\" rel=\"nofollow\"\u003eour interview\u003c/a\u003e with Justin Sherrill if you want to hear (a lot) more about it - nearly an hour long\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Jordan Hubbard - \u003ca href=\"mailto:jkh@freebsd.org\" rel=\"nofollow\"\u003ejkh@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/omgjkh\" rel=\"nofollow\"\u003e@omgjkh\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD\u0026#39;s founding and future\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eBuilding an OpenBSD router, part 2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions.\u003c/strong\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pfsense.org/?p=1132\" rel=\"nofollow\"\u003epfSense 2.1 on AWS EC2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe now have pfSense 2.1 available on Amazon’s Elastic Compute Cloud (EC2)\u003c/li\u003e\n\u003cli\u003eIn keeping with the community spirit, they’re also offering a free \u0026quot;public\u0026quot; AMI\u003c/li\u003e\n\u003cli\u003eCheck the FAQ and User Guide on their site for additional details\u003c/li\u003e\n\u003cli\u003eInteresting possibilities with pfSense in the cloud\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://distrowatch.com/weekly.php?issue=20131118#feature\" rel=\"nofollow\"\u003ePuffy on the desktop\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDistrowatch, a primarily Linux-focused site, features an OpenBSD 5.4 review\u003c/li\u003e\n\u003cli\u003eThey talk about using it on the desktop, how to set it up\u003c/li\u003e\n\u003cli\u003eVery long write-up, curious Linux users should give it a read\u003c/li\u003e\n\u003cli\u003eEnds with \u0026quot;Most people will still see OpenBSD as an operating system for servers and firewalls, but OpenBSD can also be used in desktop environments if the user doesn\u0026#39;t mind a little manual work. The payoff is a very light, responsive system that is unlikely to ever misbehave\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://cmacr.ae/openbsd/security/networking/2013/11/25/ssh-yubi.html\" rel=\"nofollow\"\u003eTwo-factor authentication with SSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBlog post about using a yubikey with SSH public keys\u003c/li\u003e\n\u003cli\u003eUses a combination of a OTP, BSDAuth and OpenBSD\u0026#39;s login.conf, but it can be used with PAM on other systems as well\u003c/li\u003e\n\u003cli\u003eAllows for two-factor authentication (a la gmail) in case your private key is compromised\u003c/li\u003e\n\u003cli\u003eAnyone interested in an extra-hardened SSH server should give it a read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2013/11/weekly-feature-digest-112313/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e10.0 has approximately 400 PBIs for public consumption\u003c/li\u003e\n\u003cli\u003eThey will be merging the GNOME3, MATE and Cinnamon desktops into the 10.0 ports tree - please help test them, this is pretty big news in and of itself!\u003c/li\u003e\n\u003cli\u003ePCDM is coming along nicely, more bugs are getting fixed\u003c/li\u003e\n\u003cli\u003eAdded ZFS dataset options to PCBSD’s new text installer front-end\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ag1fA7Ug\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2TSIvZzVO\" rel=\"nofollow\"\u003eFlorian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20Po4soFF\" rel=\"nofollow\"\u003eZach writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20ntzqi9c\" rel=\"nofollow\"\u003eAddison writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2EYJjVKBk\" rel=\"nofollow\"\u003eAdam writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/redshirtlinux\" rel=\"nofollow\"\u003eAdam\u003c/a\u003e\u0026#39;s BSD Router Project tutorial can be downloaded \u003ca href=\"http://bsdnow.cdn.scaleengine.net/bsdrouterproject.m4v\" rel=\"nofollow\"\u003ehere\u003c/a\u003e.\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week on the show, we sit down for an interview with Jordan Hubbard, one of the founders of the FreeBSD project - and the one who invented ports! Later in the show, we'll be showing you some new updates to the OpenBSD router tutorial from a couple weeks ago. We've also got news, your questions and even our first viewer-submitted video, right here on BSD Now.. the place to B.. SD.","date_published":"2013-11-27T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bf19202c-3646-4560-bc01-29393b43dde4.mp3","mime_type":"audio/mpeg","size_in_bytes":49103236,"duration_in_seconds":4091}]},{"id":"8552d8d2-0590-4641-9780-81ca0dc91bd1","title":"12: Collecting SSHells","url":"https://www.bsdnow.tv/12","content_text":"This week we'll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD's future plans and much more. After that, if you've ever wondered what all this SSH stuff is about, today's tutorial has got you covered. We'll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now - the place to B.. SD.\n\nHeadlines\n\nFaces of FreeBSD\n\n\nThe FreeBSD foundation is publishing articles on different FreeBSD developers\nThis one is about Colin Percival (cperciva@), the ex-security officer\nTells the story of how he first found BSD, what he contributed back, how he eventually became the security officer\nRunning series with more to come\n***\n\n\nLots of BSD presentation videos uploaded\n\n\nEuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL's presentation video\nMost of us never get to see the dev summit talks since they're only for developers\nAsiaBSDCon 2013 videos also up finally\nList of AsiaBSDCon presentation topics here\nOur buddy Michael W Lucas gave an \"OpenBSD for Linux users\" talk at a Michigan Unix Users Group.\nHe says \"Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff\"\nReally informative presentation, pretty long, answers some common questions at the end\n***\n\n\nCall for Presentations: FOSDEM 2014 and NYCBSDCon 2014\n\n\nFOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium\nJust like in the last years, there will be both a BSD booth and a developer's room\nThe topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.\nIf you are in the area or want to go, check the show notes for details\nNYCBSDCon is also accepting papers.\nIt'll be in New York City at the beginning of February 2014\nIf anyone wants to give a talk at one of these conferences, go ahead and send in your stuff!\n***\n\n\nFreeBSD foundation's year-end fundraising campaign\n\n\nThe FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years\nAs of today they have raised about half a million dollars, but still have a while to go\nDonations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events\nThey are preparing the debut of a new online magazine, the FreeBSD Journal\nTypically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year\nMake your donation today over at freebsdfoundation.org, every little bit helps\nEveryone involved with BSD Now made a donation last year and will do so again this year\n***\n\n\nInterview - Amitai Schlair - schmonz@netbsd.org / @schmonz\n\nThe NetBSD Foundation, pkgsrc, future plans\n\n\n\nTutorial\n\nCombining SSH and tmux\n\n\nNote: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions.\n***\n\n\nNews Roundup\n\nPS4 released\n\n\nSony's Playstation 4 is finally released\nAs previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things\nLink in the show notes contains the full list of BSD software they're using\nAlways good to see BSD being so widespread\n***\n\n\nBSD Mag November issue\n\n\nFree monthly BSD magazine publishes another issue\nThis time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory \u0026amp; Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others\nPDF linked in the show notes\n***\n\n\npbulk builds made easy\n\n\nNetBSD's pbulk tool is similar to poudriere, but for pkgsrc\nWhile working on updating the documentation, a developer cleaned up quite a lot of code\nHe wrote a script that automates pbulk deployment and setup\nThe whole setup of a dedicated machine has been reduced to just three commands\n***\n\n\nPCBSD weekly digest\n\n\nOver 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe\nMany PC-BSD programs received some necessary bug fixes and updates\nSome include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM\n***\n\n\nFeedback/Questions\n\n\nPeter writes in\nKjell-Aleksander writes in\nJordan writes in\nChristian writes in\nentransic writes in\n***\n","content_html":"\u003cp\u003eThis week we\u0026#39;ll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD\u0026#39;s future plans and much more. After that, if you\u0026#39;ve ever wondered what all this SSH stuff is about, today\u0026#39;s tutorial has got you covered. We\u0026#39;ll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/11/faces-of-freebsd-colin-percival.html\" rel=\"nofollow\"\u003eFaces of FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation is publishing articles on different FreeBSD developers\u003c/li\u003e\n\u003cli\u003eThis one is about Colin Percival (cperciva@), the ex-security officer\u003c/li\u003e\n\u003cli\u003eTells the story of how he first found BSD, what he contributed back, how he eventually became the security officer\u003c/li\u003e\n\u003cli\u003eRunning series with more to come\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freebsdnews.net/2013/11/14/eurobsdcon-2013-devsummit-video-recordings/\" rel=\"nofollow\"\u003eLots of BSD presentation videos uploaded\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL\u0026#39;s presentation video\u003c/li\u003e\n\u003cli\u003eMost of us never get to see the dev summit talks since they\u0026#39;re only for developers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/user/bsdconferences\" rel=\"nofollow\"\u003eAsiaBSDCon 2013 videos also up\u003c/a\u003e finally\u003c/li\u003e\n\u003cli\u003eList of AsiaBSDCon presentation topics \u003ca href=\"http://2013.asiabsdcon.org/papers/index.html\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOur buddy Michael W Lucas gave an \u003ca href=\"http://blather.michaelwlucas.com/archives/1879\" rel=\"nofollow\"\u003e\u0026quot;OpenBSD for Linux users\u0026quot; talk\u003c/a\u003e at a Michigan Unix Users Group.\u003c/li\u003e\n\u003cli\u003eHe says \u0026quot;Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff\u0026quot;\u003c/li\u003e\n\u003cli\u003eReally informative presentation, pretty long, answers some common questions at the end\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/call_for_presentations_bsd_devroom\" rel=\"nofollow\"\u003eCall for Presentations: FOSDEM 2014 and NYCBSDCon 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium\u003c/li\u003e\n\u003cli\u003eJust like in the last years, there will be both a BSD booth and a developer\u0026#39;s room\u003c/li\u003e\n\u003cli\u003eThe topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.\u003c/li\u003e\n\u003cli\u003eIf you are in the area or want to go, check the show notes for details\u003c/li\u003e\n\u003cli\u003eNYCBSDCon \u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20131119053455\" rel=\"nofollow\"\u003eis also accepting papers\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;ll be in New York City at the beginning of February 2014\u003c/li\u003e\n\u003cli\u003eIf anyone wants to give a talk at one of these conferences, go ahead and send in your stuff!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-announce/2013-November/001511.html\" rel=\"nofollow\"\u003eFreeBSD foundation\u0026#39;s year-end fundraising campaign\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years\u003c/li\u003e\n\u003cli\u003eAs of today they have raised about half a million dollars, but still have a while to go\u003c/li\u003e\n\u003cli\u003eDonations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events\u003c/li\u003e\n\u003cli\u003eThey are preparing the debut of a new online magazine, the FreeBSD Journal\u003c/li\u003e\n\u003cli\u003eTypically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.freebsdfoundation.org/donate/\" rel=\"nofollow\"\u003eMake your donation today\u003c/a\u003e over at freebsdfoundation.org, every little bit helps\u003c/li\u003e\n\u003cli\u003eEveryone involved with BSD Now made a donation last year and will do so again this year\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Amitai Schlair - \u003ca href=\"mailto:schmonz@netbsd.org\" rel=\"nofollow\"\u003eschmonz@netbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/schmonz\" rel=\"nofollow\"\u003e@schmonz\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe NetBSD Foundation, pkgsrc, future plans\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/ssh-tmux\" rel=\"nofollow\"\u003eCombining SSH and tmux\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions.\u003c/strong\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.theregister.co.uk/2013/11/16/sony_playstation_4_kernel\" rel=\"nofollow\"\u003ePS4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSony\u0026#39;s Playstation 4 is finally released\u003c/li\u003e\n\u003cli\u003eAs previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things\u003c/li\u003e\n\u003cli\u003eLink in the show notes contains the \u003ca href=\"http://www.scei.co.jp/ps4-license/\" rel=\"nofollow\"\u003efull list of BSD software they\u0026#39;re using\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways good to see BSD being so widespread\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1853-hast-on-freebsd-how-to-make-storage-highly-availble-by-using-hast\" rel=\"nofollow\"\u003eBSD Mag November issue\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFree monthly BSD magazine publishes another issue\u003c/li\u003e\n\u003cli\u003eThis time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory \u0026amp; Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others\u003c/li\u003e\n\u003cli\u003ePDF linked in the show notes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2013/11/09/msg018881.html\" rel=\"nofollow\"\u003epbulk builds made easy\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD\u0026#39;s \u003ca href=\"https://www.netbsd.org/docs/pkgsrc/bulk.html\" rel=\"nofollow\"\u003epbulk tool\u003c/a\u003e is similar to \u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003epoudriere\u003c/a\u003e, but for pkgsrc\u003c/li\u003e\n\u003cli\u003eWhile working on updating the documentation, a developer cleaned up quite a lot of code\u003c/li\u003e\n\u003cli\u003eHe wrote a script that automates pbulk deployment and setup\u003c/li\u003e\n\u003cli\u003eThe whole setup of a dedicated machine has been reduced to just three commands\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2013/11/pc-bsd-weekly-feature-digest-111513/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe\u003c/li\u003e\n\u003cli\u003eMany PC-BSD programs received some necessary bug fixes and updates\u003c/li\u003e\n\u003cli\u003eSome include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21oh3vP7t\" rel=\"nofollow\"\u003ePeter writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21zfqcWMP\" rel=\"nofollow\"\u003eKjell-Aleksander writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2ZmW77Odb\" rel=\"nofollow\"\u003eJordan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2BZq7xiyo\" rel=\"nofollow\"\u003eChristian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21xrk0M4k\" rel=\"nofollow\"\u003eentransic writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week we'll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD's future plans and much more. After that, if you've ever wondered what all this SSH stuff is about, today's tutorial has got you covered. We'll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now - the place to B.. SD.","date_published":"2013-11-20T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/8552d8d2-0590-4641-9780-81ca0dc91bd1.mp3","mime_type":"audio/mpeg","size_in_bytes":49103236,"duration_in_seconds":4091}]},{"id":"43438bdb-8de0-4237-81e2-da2f448be5ef","title":"11: The Gateway Drug","url":"https://www.bsdnow.tv/11","content_text":"This time on the show, we sit down to chat with Justin Sherrill of the DragonflyBSD project about their new 3.6 release. Later on, we'll be showing you a huge tutorial that's been baking for over a month - how to build an OpenBSD router that'll destroy any consumer router on the market! There's lots of news to get caught up on as well, so sit back and enjoy some BSD Now - the place to B.. SD.\n\nHeadlines\n\nOpenSSH 6.4 released\n\n\nSecurity fixes in OpenSSH don't happen very often\n6.4 fixes a memory corruption problem, no new features\nIf exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.\nDisabling AES-GCM in the server configuration is a workaround\nOnly affects 6.2 and 6.3 if compiled against a newer OpenSSL (so FreeBSD 9's base OpenSSL is unaffected, for example)\nFull details here\n***\n\n\nGetting to know your portmgr-lurkers\n\n\nNext entry in portmgr interview series\nThis time they chat with Mathieu Arnold, one of the portmgr-lurkers we mentioned previously\nLots of questions ranging from why he uses BSD to what he had for breakfast\nAnother one was since released, with Antoine Brodin aka antoine@\n***\n\n\nFUSE in OpenBSD\n\n\nAs we glossed over last week, FUSE was recently added to OpenBSD\nNow the guys from the OpenBSD Journal have tracked down more information\nThis version is released under an ISC license\nShould be in OpenBSD 5.5, released a little less than 6 months from now\nWill finally enable things like SSHFS to work in OpenBSD\n***\n\n\nAutomated submission of kernel panic reports\n\n\nNew tool from Colin Percival\nSaves information about kernel panics and emails it to FreeBSD\nLets you review before sending so you can edit out any private info\nAutomatically encrypted before being sent\nFreeBSD never kernel panics so this won't get much use\n***\n\n\nInterview - Justin Sherrill - justin@dragonflybsd.org / @dragonflybsd\n\nDragonflyBSD 3.6 and the Dragonfly Digest\n\n\n\nTutorial\n\nBuilding an OpenBSD Router\n\n\n\nNews Roundup\n\nBSD router project 1.5 released\n\n\nNice timing for our router tutorial; TBRP is a FreeBSD distribution for installing on a router\nIt's an alternative to pfSense, but not nearly as well known or popular\nNew version is based on 9.2-RELEASE, includes lots of general updates and bugfixes\nFits on a 256MB Compact Flash/USB drive\n***\n\n\nCurve25519 now default key exchange\n\n\nWe mentioned in an earlier episode about a patch for curve25519\nNow it's become the default for key exchange\nWill probably make its way into OpenSSH 6.5, would've been in 6.4 if we didn't have that security vulnerability\nIt's interesting to see all these big changes in cryptography in OpenBSD lately\n***\n\n\nFreeBSD kernel selection in boot menu\n\n\nAdds a kernel selection menu to the beastie menu\nList of kernels is taken from 'kernels' in loader.conf as a space or comma separated list of names to display (up to 9)\nFrom our good buddy Devin Teske\n***\n\n\nPCBSD weekly digest\n\n\nPCDM has officially replaced GDM as the default login manager\nNew ISO build scripts (we got a sneak preview last week)\nLots of bug fixes\nSecond set of 10-STABLE ISOs available with new artwork and much more\n***\n\n\nTheo de Raadt speaking at MUUG\n\n\nTheo will be speaking at Manitoba UNIX User Group in Winnipeg\nOn Friday, Nov 15, 2013 at 5:30PM (see show notes for the address)\nIf you're watching the show live you have time to make plans, if you're watching the downloaded version it might be happening right now!\nNo agenda, but expect some OpenBSD discussion\n***\n\n\nFeedback/Questions\n\n\nDave writes in\nJames writes in\nAllen writes in\nChess writes in\nFrank writes in\n***\n","content_html":"\u003cp\u003eThis time on the show, we sit down to chat with Justin Sherrill of the DragonflyBSD project about their new 3.6 release. Later on, we\u0026#39;ll be showing you a huge tutorial that\u0026#39;s been baking for over a month - how to build an OpenBSD router that\u0026#39;ll destroy any consumer router on the market! There\u0026#39;s lots of news to get caught up on as well, so sit back and enjoy some BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://openssh.com/txt/release-6.4\" rel=\"nofollow\"\u003eOpenSSH 6.4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSecurity fixes in \u003ca href=\"http://openssh.com/\" rel=\"nofollow\"\u003eOpenSSH\u003c/a\u003e don\u0026#39;t happen very often\u003c/li\u003e\n\u003cli\u003e6.4 fixes a memory corruption problem, no new features\u003c/li\u003e\n\u003cli\u003eIf exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.\u003c/li\u003e\n\u003cli\u003eDisabling AES-GCM in the server configuration is a workaround\u003c/li\u003e\n\u003cli\u003eOnly affects 6.2 and 6.3 if compiled against a newer OpenSSL (so FreeBSD 9\u0026#39;s base OpenSSL is unaffected, for example)\u003c/li\u003e\n\u003cli\u003eFull details \u003ca href=\"http://www.openssh.com/txt/gcmrekey.adv\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/11/04/getting-to-know-your-portmgr-mathieu-arnold/\" rel=\"nofollow\"\u003eGetting to know your portmgr-lurkers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNext entry in portmgr interview series\u003c/li\u003e\n\u003cli\u003eThis time they chat with Mathieu Arnold, one of the portmgr-lurkers we mentioned previously\u003c/li\u003e\n\u003cli\u003eLots of questions ranging from why he uses BSD to what he had for breakfast\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/11/11/getting-to-know-your-portmgr-antoine-brodin/\" rel=\"nofollow\"\u003eAnother one\u003c/a\u003e was since released, with Antoine Brodin aka antoine@\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20131108082749\" rel=\"nofollow\"\u003eFUSE in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAs we glossed over last week, FUSE was recently added to OpenBSD\u003c/li\u003e\n\u003cli\u003eNow the guys from the OpenBSD Journal have tracked down more information\u003c/li\u003e\n\u003cli\u003eThis version is released under an ISC license\u003c/li\u003e\n\u003cli\u003eShould be in OpenBSD 5.5, released a little less than 6 months from now\u003c/li\u003e\n\u003cli\u003eWill finally enable things like SSHFS to work in OpenBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2013-November/046175.html\" rel=\"nofollow\"\u003eAutomated submission of kernel panic reports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew tool from Colin Percival\u003c/li\u003e\n\u003cli\u003eSaves information about kernel panics and emails it to FreeBSD\u003c/li\u003e\n\u003cli\u003eLets you review before sending so you can edit out any private info\u003c/li\u003e\n\u003cli\u003eAutomatically encrypted before being sent\u003c/li\u003e\n\u003cli\u003eFreeBSD never kernel panics so this won\u0026#39;t get much use\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Justin Sherrill - \u003ca href=\"mailto:justin@dragonflybsd.org\" rel=\"nofollow\"\u003ejustin@dragonflybsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/dragonflybsd\" rel=\"nofollow\"\u003e@dragonflybsd\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eDragonflyBSD 3.6 and the \u003ca href=\"http://www.shiningsilence.com/dbsdlog/\" rel=\"nofollow\"\u003eDragonfly Digest\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/openbsd-router\" rel=\"nofollow\"\u003eBuilding an OpenBSD Router\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.5/\" rel=\"nofollow\"\u003eBSD router project 1.5 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNice timing for our router tutorial; TBRP is a FreeBSD distribution for installing on a router\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s an alternative to pfSense, but not nearly as well known or popular\u003c/li\u003e\n\u003cli\u003eNew version is based on 9.2-RELEASE, includes lots of general updates and bugfixes\u003c/li\u003e\n\u003cli\u003eFits on a 256MB Compact Flash/USB drive\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/openbsd/5cfc11a2aa3696190b675b6e3e1da7e8ff28582e\" rel=\"nofollow\"\u003eCurve25519 now default key exchange\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWe mentioned in an earlier episode about a patch for \u003ca href=\"http://cr.yp.to/ecdh.html\" rel=\"nofollow\"\u003ecurve25519\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNow it\u0026#39;s become the default for key exchange\u003c/li\u003e\n\u003cli\u003eWill probably make its way into OpenSSH 6.5, would\u0026#39;ve been in 6.4 if we didn\u0026#39;t have that security vulnerability\u003c/li\u003e\n\u003cli\u003eIt\u0026#39;s interesting to see all these big changes in cryptography in OpenBSD lately\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=257650\" rel=\"nofollow\"\u003eFreeBSD kernel selection in boot menu\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdds a kernel selection menu to the beastie menu\u003c/li\u003e\n\u003cli\u003eList of kernels is taken from \u0026#39;kernels\u0026#39; in loader.conf as a space or comma separated list of names to display (up to 9)\u003c/li\u003e\n\u003cli\u003eFrom our good buddy \u003ca href=\"http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities\" rel=\"nofollow\"\u003eDevin Teske\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2013/11/pc-bsd-weekly-feature-digest-11813/\" rel=\"nofollow\"\u003ePCBSD weekly digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePCDM has officially replaced GDM as the default login manager\u003c/li\u003e\n\u003cli\u003eNew ISO build scripts (we got a sneak preview last week)\u003c/li\u003e\n\u003cli\u003eLots of bug fixes\u003c/li\u003e\n\u003cli\u003eSecond set of 10-STABLE ISOs available with new artwork and much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20131113074042\u0026mode=expanded\u0026count=0\" rel=\"nofollow\"\u003eTheo de Raadt speaking at MUUG\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eTheo will be speaking at Manitoba UNIX User Group in Winnipeg\u003c/li\u003e\n\u003cli\u003eOn Friday, Nov 15, 2013 at 5:30PM (see show notes for the address)\u003c/li\u003e\n\u003cli\u003eIf you\u0026#39;re watching the show live you have time to make plans, if you\u0026#39;re watching the downloaded version it might be happening right now!\u003c/li\u003e\n\u003cli\u003eNo agenda, but expect some OpenBSD discussion\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21YXhiLRB\" rel=\"nofollow\"\u003eDave writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s215EjcgdM\" rel=\"nofollow\"\u003eJames writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21mCP2ecL\" rel=\"nofollow\"\u003eAllen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s207ePFrna\" rel=\"nofollow\"\u003eChess writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20iVFXJve\" rel=\"nofollow\"\u003eFrank writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This time on the show, we sit down to chat with Justin Sherrill of the DragonflyBSD project about their new 3.6 release. Later on, we'll be showing you a huge tutorial that's been baking for over a month - how to build an OpenBSD router that'll destroy any consumer router on the market! There's lots of news to get caught up on as well, so sit back and enjoy some BSD Now - the place to B.. SD.","date_published":"2013-11-13T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/43438bdb-8de0-4237-81e2-da2f448be5ef.mp3","mime_type":"audio/mpeg","size_in_bytes":78628291,"duration_in_seconds":6552}]},{"id":"a10866db-0b5b-44c1-be14-ffc4022cd997","title":"10: Year of the BSD Desktop","url":"https://www.bsdnow.tv/10","content_text":"Headlines\n\nOpenBSD 5.4 released\n\n\nThe usual 6 month release cycle continues with 5.4\nPeople who bought the CD get the release very early, but now it's on the public FTP\nNew platforms \"octeon\" and \"beagle\"\nImproved Intel DRM, reworked checksumming for network protocols, ECDHE support in httpd, inetd no longer started by default, DHCP improvements, lots of new OpenSMTPD work, OpenSSH 6.3\nOver 7,800 ports available, comes with another new song and fun artwork, lots of new features - check out the full release notes\nA special thanks to Nick Holland and Bob Beck for their behind-the-scenes work\nExperimental FUSE support was enabled shortly after the release, so look forward to that in the future\n***\n\n\nFreeBSD pkgng repos are official\n\n\nBuilt weekly from a snapshot of the Ports Collection every Wednesday\nSigned packages coming soon with pkg 1.2\nAdded official public key to -STABLE and -CURRENT\nNew \"pkg+http\" protocol identifier for SRV records\nIf you need something more up to date or with custom options, it's easy to make your own with just the packages you want using our tutorial\nIf you need a guide on how to use pkgng itself, check our tutorial for that too!\nWhat does this mean for PCBSD repo users? Should they switch? Differences?\n***\n\n\nDragonflyBSD 3.6 branched\n\n\nSMP improvements and GCC changes are all in, so it's time to branch\nRelease planned for a little under 2 weeks from today\nFeatures will include i915 support, mdocml imported, crazy SMP improvements, dports being default\nWe're hoping to get someone from Dragonfly on the show next week to talk about the final release\n***\n\n\nFreeBSD portmgr lurkers\n\n\nOver the course of the next two years, volunteers from a group of ports committers will participate in portmgr activities\nAt four month intervals, two committers at a time will be brought in to work on various projects and learn the inner workings of the team\nThe first two -lurkers are Mathieu Arnold (mat@) and Antoine Brodin (antoine@).\n***\n\n\nInterview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor\n\nSudo Mastery\n\n\nVideo: DNSSec in 55 Minutes\n***\n\n\nTutorial\n\nConfiguring FreeBSD as a desktop system\n\n\n\nNews Roundup\n\nCapsicum in DragonflyBSD\n\n\nDragonfly has no security framework yet besides the traditional unix DAC model\nPort of Capsicum to Dragonfly has begun\nQuite a bit of technical detail in the show notes\n***\n\n\nNYCBSDCon 2014\n\n\nAfter a three year hiatus, NYCBSDCon is back on February 8, 2014\nTheme of \"The BSDs in Production\" this year\nHeld in New York City, more information to come as the time draws closer\n***\n\n\nFreeBSD newcons progress update\n\n\nThis project will provide a replacement for the legacy syscons system console\nNewcons provides a number of improvements, including better integration with graphics modes, and broader character set support\nMore details on the project can be found on the FreeBSD wiki\n***\n\n\nWeekly PCBSD feature digest\n\n\nPBI 10 format is about ready and they'll begin populating the 10.0 appcafe starting next week\nPCDM login manager is back and is ready to be tested\nNew PC-BSD Disk Manager Utility with lots of features\n***\n\n\nFeedback/Questions\n\n\nAlptekin writes in\n[Gertjan writes in[(http://slexy.org/view/s2k4C2Ryo9)\nKevin writes in\nKjell-Aleksander writes in\nMichael writes in\n***\n","content_html":"\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.openbsd.org/54.html\" rel=\"nofollow\"\u003eOpenBSD 5.4 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe usual 6 month release cycle continues with 5.4\u003c/li\u003e\n\u003cli\u003ePeople who bought the CD get the release very early, but now it\u0026#39;s on the public FTP\u003c/li\u003e\n\u003cli\u003eNew platforms \u0026quot;octeon\u0026quot; and \u0026quot;beagle\u0026quot;\u003c/li\u003e\n\u003cli\u003eImproved Intel DRM, reworked checksumming for network protocols, ECDHE support in httpd, inetd no longer started by default, DHCP improvements, lots of new OpenSMTPD work, OpenSSH 6.3\u003c/li\u003e\n\u003cli\u003eOver 7,800 ports available, comes with another new song and fun artwork, lots of new features - check out the full release notes\u003c/li\u003e\n\u003cli\u003eA special thanks to Nick Holland and Bob Beck for their behind-the-scenes work\u003c/li\u003e\n\u003cli\u003eExperimental FUSE support was enabled shortly after the release, so look forward to that in the future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-pkg/2013-October/000107.html\" rel=\"nofollow\"\u003eFreeBSD pkgng repos are official\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBuilt weekly from a snapshot of the Ports Collection every Wednesday\u003c/li\u003e\n\u003cli\u003eSigned packages coming soon with pkg 1.2\u003c/li\u003e\n\u003cli\u003eAdded official \u003ca href=\"http://freshbsd.org/commit/freebsd/r257150\" rel=\"nofollow\"\u003epublic key\u003c/a\u003e to -STABLE and -CURRENT\u003c/li\u003e\n\u003cli\u003eNew \u0026quot;pkg+http\u0026quot; \u003ca href=\"http://freshbsd.org/commit/freebsd/r257328\" rel=\"nofollow\"\u003eprotocol\u003c/a\u003e identifier for SRV records\u003c/li\u003e\n\u003cli\u003eIf you need something more up to date or with custom options, it\u0026#39;s easy to \u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003emake your own\u003c/a\u003e with just the packages you want using our tutorial\u003c/li\u003e\n\u003cli\u003eIf you need a guide on how to use pkgng itself, check \u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003eour tutorial\u003c/a\u003e for that too!\u003c/li\u003e\n\u003cli\u003eWhat does this mean for PCBSD repo users? Should they switch? Differences?\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/kernel/2013-October/063015.html\" rel=\"nofollow\"\u003eDragonflyBSD 3.6 branched\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSMP improvements and GCC changes are all in, so it\u0026#39;s time to branch\u003c/li\u003e\n\u003cli\u003eRelease planned for a little under 2 weeks from today\u003c/li\u003e\n\u003cli\u003eFeatures will include i915 support, mdocml imported, crazy SMP improvements, dports being default\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;re hoping to get someone from Dragonfly on the show next week to talk about the final release\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/11/01/portmgr-lurkers-pilot-project/\" rel=\"nofollow\"\u003eFreeBSD portmgr lurkers\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver the course of the next two years, volunteers from a group of ports committers will participate in portmgr activities\u003c/li\u003e\n\u003cli\u003eAt four month intervals, two committers at a time will be brought in to work on various projects and learn the inner workings of the team\u003c/li\u003e\n\u003cli\u003eThe first two -lurkers are Mathieu Arnold (mat@) and Antoine Brodin (antoine@).\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Michael W. Lucas - \u003ca href=\"mailto:mwlucas@michaelwlucas.com\" rel=\"nofollow\"\u003emwlucas@michaelwlucas.com\u003c/a\u003e / \u003ca href=\"https://twitter.com/mwlauthor\" rel=\"nofollow\"\u003e@mwlauthor\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/1852\" rel=\"nofollow\"\u003eSudo Mastery\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/1805\" rel=\"nofollow\"\u003eVideo: DNSSec in 55 Minutes\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/the-desktop\" rel=\"nofollow\"\u003eConfiguring FreeBSD as a desktop system\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/kernel/2013-October/063014.html\" rel=\"nofollow\"\u003eCapsicum in DragonflyBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eDragonfly has no security framework yet besides the traditional unix DAC model\u003c/li\u003e\n\u003cli\u003ePort of Capsicum to Dragonfly has begun\u003c/li\u003e\n\u003cli\u003eQuite a bit of technical detail in the show notes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.nycbsdcon.org/2014/\" rel=\"nofollow\"\u003eNYCBSDCon 2014\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a three year hiatus, NYCBSDCon is back on February 8, 2014\u003c/li\u003e\n\u003cli\u003eTheme of \u0026quot;The BSDs in Production\u0026quot; this year\u003c/li\u003e\n\u003cli\u003eHeld in New York City, more information to come as the time draws closer\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/11/newcons-system-console-project-update.html\" rel=\"nofollow\"\u003eFreeBSD newcons progress update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThis project will provide a replacement for the legacy syscons system console\u003c/li\u003e\n\u003cli\u003eNewcons provides a number of improvements, including better integration with graphics modes, and broader character set support\u003c/li\u003e\n\u003cli\u003eMore details on the project can be found on the \u003ca href=\"https://wiki.freebsd.org/Newcons\" rel=\"nofollow\"\u003eFreeBSD wiki\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2013/11/pc-bsd-weekly-feature-digest-11113/\" rel=\"nofollow\"\u003eWeekly PCBSD feature digest\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ePBI 10 format is about ready and they\u0026#39;ll begin populating the 10.0 appcafe starting next week\u003c/li\u003e\n\u003cli\u003ePCDM login manager is back and is ready to be tested\u003c/li\u003e\n\u003cli\u003eNew PC-BSD Disk Manager Utility with lots of features\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s208YfYZA9\" rel=\"nofollow\"\u003eAlptekin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Gertjan writes in[(\u003ca href=\"http://slexy.org/view/s2k4C2Ryo9\" rel=\"nofollow\"\u003ehttp://slexy.org/view/s2k4C2Ryo9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2172EyaRG\" rel=\"nofollow\"\u003eKevin writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2mP8ftX0U\" rel=\"nofollow\"\u003eKjell-Aleksander writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s203Z9VdKt\" rel=\"nofollow\"\u003eMichael writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"","date_published":"2013-11-06T08:00:00.000-05:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a10866db-0b5b-44c1-be14-ffc4022cd997.mp3","mime_type":"audio/mpeg","size_in_bytes":66895759,"duration_in_seconds":5574}]},{"id":"420fd848-dfd1-4700-8822-fe76aec1db5d","title":"9: CURRENT Events","url":"https://www.bsdnow.tv/9","content_text":"Headlines\n\nManaged services using FreeBSD\n\n\nNew York Internet, a huge ISP and service provider, details how they use FreeBSD\nMentions using BSD technologies: pf, pfsync, carp, haproxy, zfs, jails and more\nExplains FreeBSD's role in commercial workloads on a massive scale\nLots of cool graphs and info, check out the full write-up\n***\n\n\nOpenBSD boot support for keydisk-based crypto volumes\n\n\nSo far, only passphrase-based crypto volumes were bootable\nFull disk encryption with key disks required a non-crypto partition to load the kernel\nThe bootloader now scans all BIOS-visible disks for RAID partitions and automatically associates key disk partitions with their crypto volume\nNo need to re-create existing volumes. Moving the root partition onto the crypto disk and running \"installboot\" is all that's needed\n***\n\n\nMore Dragonfly SMP speedups\n\n\nMatthew Dillon has been committing lots of various SMP improvements\nUsing dports builds on a 48-processor machine as a test\nThe machine’s now building more than 1000 packages an hour\nSuper technical details in the show notes, check 'em out\n***\n\n\nGetting to know portmgr\n\n\nStart of an ongoing series profiling members of the FreeBSD Ports Management Team\nIn the first interview, they talk to longest serving member of the team, Joe Marcus Clarke\nIn the second, Bernhard Frölich (who's also the creator of redports.org)\nFuture segments will include the other members\nTopics include their inspiration for using FreeBSD, first time using it, lots of other interesting stuff\n***\n\n\nBSD Now at the top of iTunes\n\n\nBSD Now is on the front-and-center page of iTunes' technology podcast section\n***\n\n\nInterview - Henning Brauer - henning@openbsd.org / @henningbrauer\n\nOpenBSD's pf firewall, privilege separation, various topics\n\n\n\nTutorial\n\nTracking -STABLE and -CURRENT\n\n\n\nNews Roundup\n\nOpenBSD gets XBox360 controller support\n\n\nAdds support for Microsoft XBox 360 controller as a uhid\nWill make things easier for emulators in OpenBSD\nAre there people who regularly play games on BSD? Email us, might do a segment on it\n***\n\n\nPCBSD 10-STABLE ISOs available\n\n\nEarly cut of the new stable/10 branch, not recommended for everyone\nA pkgng repository is available, but is missing a number of packages\nAMD KMS, new text installer, UEFI loader support, much more\n***\n\n\nSwitching from Linux to BSD\n\n\nYet another Linux user switching to BSD makes a thread about it\nAsks the community what some differences and advantages are\nGood response from the community, worth reading if you're a Linux guy\n***\n\n\nUnattended OpenBSD installations\n\n\nUnattended installations possible using DHCP and a \"response\" file\nThe system gets an IP via DHCP, then fetches a config file with key=value pairs\nCan do automatic network setup, SSH, passwords, etc\nStill a work in progress\n***\n\n\nFeedback/Questions\n\n\nKjell-Aleksander writes in\nAlex writes in\nChad writes in\nJoshua writes in\nCraig writes in\nWe want to especially thank Chris for his huge feedback emails with lots of show ideas.\n***\n","content_html":"\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freebsdfoundation.org/press/Managed%20Services%20Using%20FreeBSD%20at%20NYI.pdf\" rel=\"nofollow\"\u003eManaged services using FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew York Internet, a huge ISP and service provider, details how they use FreeBSD\u003c/li\u003e\n\u003cli\u003eMentions using BSD technologies: pf, pfsync, carp, haproxy, zfs, jails and more\u003c/li\u003e\n\u003cli\u003eExplains FreeBSD\u0026#39;s role in commercial workloads on a massive scale\u003c/li\u003e\n\u003cli\u003eLots of cool graphs and info, check out the full write-up\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=138227554705375\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD boot support for keydisk-based crypto volumes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSo far, only passphrase-based crypto volumes were bootable\u003c/li\u003e\n\u003cli\u003eFull disk encryption with key disks required a non-crypto partition to load the kernel\u003c/li\u003e\n\u003cli\u003eThe bootloader now scans all BIOS-visible disks for RAID partitions and automatically associates key disk partitions with their crypto volume\u003c/li\u003e\n\u003cli\u003eNo need to re-create existing volumes. Moving the root partition onto the crypto disk and running \u0026quot;installboot\u0026quot; is all that\u0026#39;s needed\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.shiningsilence.com/dbsdlog/2013/10/24/12671.html\" rel=\"nofollow\"\u003eMore Dragonfly SMP speedups\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMatthew Dillon has been committing lots of various SMP improvements\u003c/li\u003e\n\u003cli\u003eUsing dports builds on a 48-processor machine as a test\u003c/li\u003e\n\u003cli\u003eThe machine’s now building more than 1000 packages an hour\u003c/li\u003e\n\u003cli\u003eSuper technical details in the show notes, check \u0026#39;em out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blogs.freebsdish.org/portmgr/2013/10/21/getting-to-know-your-portmgr-joe-marcus-clarke/\" rel=\"nofollow\"\u003eGetting to know portmgr\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eStart of an ongoing series profiling members of the FreeBSD Ports Management Team\u003c/li\u003e\n\u003cli\u003eIn the first interview, they talk to longest serving member of the team, Joe Marcus Clarke\u003c/li\u003e\n\u003cli\u003eIn the second, Bernhard Frölich (who\u0026#39;s also the creator of redports.org)\u003c/li\u003e\n\u003cli\u003eFuture segments will include the other members\u003c/li\u003e\n\u003cli\u003eTopics include their inspiration for using FreeBSD, first time using it, lots of other interesting stuff\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://i.imgur.com/lITf0xb.jpg\" rel=\"nofollow\"\u003eBSD Now at the top of iTunes\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD Now is on the front-and-center page of iTunes\u0026#39; technology podcast section\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Henning Brauer - \u003ca href=\"mailto:henning@openbsd.org\" rel=\"nofollow\"\u003ehenning@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/henningbrauer\" rel=\"nofollow\"\u003e@henningbrauer\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenBSD\u0026#39;s pf firewall, privilege separation, various topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/stable-current\" rel=\"nofollow\"\u003eTracking -STABLE and -CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=138267062532046\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD gets XBox360 controller support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdds support for Microsoft XBox 360 controller as a uhid\u003c/li\u003e\n\u003cli\u003eWill make things easier for emulators in OpenBSD\u003c/li\u003e\n\u003cli\u003eAre there people who regularly play games on BSD? Email us, might do a segment on it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.pcbsd.org/pipermail/announce/2013-October/000056.html\" rel=\"nofollow\"\u003ePCBSD 10-STABLE ISOs available\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEarly cut of the new stable/10 branch, not recommended for everyone\u003c/li\u003e\n\u003cli\u003eA pkgng repository is available, but is missing a number of packages\u003c/li\u003e\n\u003cli\u003eAMD KMS, new text installer, UEFI loader support, much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.reddit.com/r/BSD/comments/1otg6n/switching_from_linux_over_to_bsd/\" rel=\"nofollow\"\u003eSwitching from Linux to BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eYet another Linux user switching to BSD makes a thread about it\u003c/li\u003e\n\u003cli\u003eAsks the community what some differences and advantages are\u003c/li\u003e\n\u003cli\u003eGood response from the community, worth reading if you\u0026#39;re a Linux guy\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/openbsd/cacacb528f0d47778aed7630d07988314f952264\" rel=\"nofollow\"\u003eUnattended OpenBSD installations\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUnattended installations possible using DHCP and a \u0026quot;response\u0026quot; file\u003c/li\u003e\n\u003cli\u003eThe system gets an IP via DHCP, then fetches a config file with key=value pairs\u003c/li\u003e\n\u003cli\u003eCan do automatic network setup, SSH, passwords, etc\u003c/li\u003e\n\u003cli\u003eStill a work in progress\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21hxDpzjO\" rel=\"nofollow\"\u003eKjell-Aleksander writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21ibNDb5y\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20D6K2NUe\" rel=\"nofollow\"\u003eChad writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20UZLFHAg\" rel=\"nofollow\"\u003eJoshua writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20S15bbZ4\" rel=\"nofollow\"\u003eCraig writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe want to especially thank Chris for his huge feedback emails with lots of show ideas.\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"","date_published":"2013-10-30T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/420fd848-dfd1-4700-8822-fe76aec1db5d.mp3","mime_type":"audio/mpeg","size_in_bytes":54865117,"duration_in_seconds":4572}]},{"id":"4b29cded-9265-4fa3-8180-52a95c28ab3b","title":"8: A Brief Introduction","url":"https://www.bsdnow.tv/8","content_text":"This week, we chat with Antti Kantee from the NetBSD project about a crazy little thing called rump kernels. We'll also be showing you all the different cool things you can do with BSD and the Tor network, as well as discussing all the latest news. So sit back and enjoy BSD Now - the place to B.. SD.\n\nHeadlines\n\nFreeBSD July-September 2013 Status Report\n\n\nQuarterly FreeBSD status report is out with A LOT of updates, we'll cover a few of them\nHighlights include AES-NI Improvements for GELI, Capsicum development, Continuation of the Newcons Project, Download Manager Service for the Ports Collection, status updates from all the various FreeBSD teams, FreeBSD on EC2 news, updates to the CSPRNG, much more\nWe've covered some of these things already, but there's lots to read in the announcement\nSee full page for details on everything\n***\n\n\nDragonfly SMP contention update\n\n\nLots of work going in to reducing SMP contention in the next Dragonfly release\nAnything which forks and/or execs a lot will now run as close to optimally as it is possible to run on a multi-core box\nThe lead developer was using poudriere and noticed the performance difference, says this is \"a fairly major milestone for the project\"\nLots of technical details in the mailing list post, check it out\n***\n\n\nFreeBSD gets \"first boot\" rc.d scripts\n\n\nColin Percival added support for scripts that run on the first boot\nMight be desirable for embedded systems to automatically download and apply patches\nSimilarly, it can be used to invoke freebsd-update to patch your system on the first bootup\nCould also be used to download and run a script or install ports or packages\nAlready MFCed to 10-STABLE and 9-STABLE and added to ports\nLots of possibilities\n***\n\n\nNetBSD gets lua scripting in the kernel\n\n\nNetBSD gained support for the Lua scripting language in the kernel\nA luactl command was added to easily manipulate it\nIt will be interesting to see what can come out of this\nSpeaking of NetBSD kernels, that leads us into our interview!\n***\n\n\nInterview - Antti Kantee - pooka@netbsd.org / @anttikantee\n\nThe anykernel and rump kernels\nrump kernels in userspace, rump kernels + applications on Xen, fs-utils, rump kernel compiled to javascript\n\n\n\nTutorial\n\nRunning a Tor relay, bridge, exit or hidden service\n\n\n\nNews Roundup\n\nSecond PCBSD feature digest is out\n\n\nWeekly PCBSD digest is out to tell you about new features\nMentions switching over all bug reports to trac​.pcbsd​.org\nLife Preserver has finished development and is now being tested\nPCBSD 10.0 ISOs coming soon\n***\n\n\nOpenBSD imports VXLAN interface\n\n\nVXLAN is a virtual extensible local area network tunnel interface\nUDP-based tunneling protocol for overlaying virtualized layer 2 networks over layer 3 networks\n***\n\n\nOpenZFS Office Hours\n\n\nThe question and answer session with Matt has been uploaded\nCovers lots of topics ranging from cross-compatibility to performance improvements and trivia\nWe'll be trying to get Matt on for an interview sometime, already contacted him\n***\n\n\nBSDMag's October issue is out\n\n\nFree monthly BSD magazine releases another issue\nTopics include FreeBSD moving to SVN, a BSD programming intro, new PCBSD utilities, migrating from Linux to BSD and OpenBSD LTS updates (which we already covered!)\n***\n\n\nFeedback/Questions\n\n\nBen writes in\nBrian writes in\nToby writes in\nNoah writes in\n***\n","content_html":"\u003cp\u003eThis week, we chat with Antti Kantee from the NetBSD project about a crazy little thing called rump kernels. We\u0026#39;ll also be showing you all the different cool things you can do with BSD and the Tor network, as well as discussing all the latest news. So sit back and enjoy BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/news/status/report-2013-07-2013-09.html\" rel=\"nofollow\"\u003eFreeBSD July-September 2013 Status Report\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eQuarterly FreeBSD status report is out with A LOT of updates, we\u0026#39;ll cover a few of them\u003c/li\u003e\n\u003cli\u003eHighlights include AES-NI Improvements for GELI, Capsicum development, Continuation of the Newcons Project, Download Manager Service for the Ports Collection, status updates from all the various FreeBSD teams, FreeBSD on EC2 news, updates to the CSPRNG, much more\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ve covered some of these things already, but there\u0026#39;s lots to read in the announcement\u003c/li\u003e\n\u003cli\u003eSee full page for details on everything\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/users/2013-October/090181.html\" rel=\"nofollow\"\u003eDragonfly SMP contention update\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eLots of work going in to reducing SMP contention in the next Dragonfly release\u003c/li\u003e\n\u003cli\u003eAnything which forks and/or execs a lot will now run as close to optimally as it is possible to run on a multi-core box\u003c/li\u003e\n\u003cli\u003eThe lead developer was using poudriere and noticed the performance difference, says this is \u0026quot;a fairly major milestone for the project\u0026quot;\u003c/li\u003e\n\u003cli\u003eLots of technical details in the mailing list post, check it out\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026sortby=date\u0026revision=256775\" rel=\"nofollow\"\u003eFreeBSD gets \u0026quot;first boot\u0026quot; rc.d scripts\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eColin Percival added support for scripts that run on the first boot\u003c/li\u003e\n\u003cli\u003eMight be desirable for embedded systems to automatically download and apply patches\u003c/li\u003e\n\u003cli\u003eSimilarly, it can be used to invoke freebsd-update to patch your system on the first bootup\u003c/li\u003e\n\u003cli\u003eCould also be used to download and run a script or install ports or packages\u003c/li\u003e\n\u003cli\u003eAlready MFCed to 10-STABLE and 9-STABLE and added to ports\u003c/li\u003e\n\u003cli\u003eLots of possibilities\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2013/10/16/msg048283.html\" rel=\"nofollow\"\u003eNetBSD gets lua scripting in the kernel\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD gained support for the Lua scripting language in the kernel\u003c/li\u003e\n\u003cli\u003eA \u003ca href=\"http://mail-index.netbsd.org/source-changes/2013/10/16/msg048285.html\" rel=\"nofollow\"\u003eluactl\u003c/a\u003e command was added to easily manipulate it\u003c/li\u003e\n\u003cli\u003eIt will be interesting to see \u003ca href=\"https://archive.fosdem.org/2013/schedule/event/lua_in_the_netbsd_kernel/\" rel=\"nofollow\"\u003ewhat can come out of this\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpeaking of NetBSD kernels, that leads us into our interview!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Antti Kantee - \u003ca href=\"mailto:pooka@netbsd.org\" rel=\"nofollow\"\u003epooka@netbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/anttikantee\" rel=\"nofollow\"\u003e@anttikantee\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe anykernel and \u003ca href=\"http://www.netbsd.org/docs/rump/\" rel=\"nofollow\"\u003erump kernels\u003c/a\u003e\u003cbr\u003e\n\u003ca href=\"https://github.com/anttikantee/buildrump.sh\" rel=\"nofollow\"\u003erump kernels in userspace\u003c/a\u003e, \u003ca href=\"https://github.com/anttikantee/rumpuser-xen\" rel=\"nofollow\"\u003erump kernels + applications on Xen\u003c/a\u003e, \u003ca href=\"https://github.com/stacktic/fs-utils\" rel=\"nofollow\"\u003efs-utils\u003c/a\u003e, \u003ca href=\"http://ftp.netbsd.org/pub/NetBSD/misc/pooka/rump.js/\" rel=\"nofollow\"\u003erump kernel compiled to javascript\u003c/a\u003e\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/tor\" rel=\"nofollow\"\u003eRunning a Tor relay, bridge, exit or hidden service\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pcbsd.org/2013/10/pc-bsd-weekly-feature-digest-101813/\" rel=\"nofollow\"\u003eSecond PCBSD feature digest is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWeekly PCBSD digest is out to tell you about new features\u003c/li\u003e\n\u003cli\u003eMentions switching over all bug reports to trac​.pcbsd​.org\u003c/li\u003e\n\u003cli\u003eLife Preserver has finished development and is now being tested\u003c/li\u003e\n\u003cli\u003ePCBSD 10.0 ISOs coming soon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=138165902522412\u0026w=2\" rel=\"nofollow\"\u003eOpenBSD imports VXLAN interface\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVXLAN is a virtual extensible local area network tunnel interface\u003c/li\u003e\n\u003cli\u003eUDP-based tunneling protocol for overlaying virtualized layer 2 networks over layer 3 networks\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.youtube.com/watch?v=G2vIdPmsnTI\" rel=\"nofollow\"\u003eOpenZFS Office Hours\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"http://www.open-zfs.org/wiki/OpenZFS_Office_Hours\" rel=\"nofollow\"\u003equestion and answer\u003c/a\u003e session with Matt has been uploaded\u003c/li\u003e\n\u003cli\u003eCovers lots of topics ranging from cross-compatibility to performance improvements and trivia\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll be trying to get Matt on for an interview sometime, already contacted him\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1851-freebsd-programming-primer-how-to-configure-a-development-environment\" rel=\"nofollow\"\u003eBSDMag\u0026#39;s October issue is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFree monthly BSD magazine releases another issue\u003c/li\u003e\n\u003cli\u003eTopics include FreeBSD moving to SVN, a BSD programming intro, new PCBSD utilities, migrating from Linux to BSD and OpenBSD LTS updates (which we already covered!)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20MUQmfuD\" rel=\"nofollow\"\u003eBen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20oVdxaE5\" rel=\"nofollow\"\u003eBrian writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2GfQkSSDz\" rel=\"nofollow\"\u003eToby writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2IFpjbWVr\" rel=\"nofollow\"\u003eNoah writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"This week, we chat with Antti Kantee from the NetBSD project about a crazy little thing called rump kernels. We'll also be showing you all the different cool things you can do with BSD and the Tor network, as well as discussing all the latest news. So sit back and enjoy BSD Now - the place to B.. SD.","date_published":"2013-10-23T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4b29cded-9265-4fa3-8180-52a95c28ab3b.mp3","mime_type":"audio/mpeg","size_in_bytes":58383498,"duration_in_seconds":4865}]},{"id":"b20be9a5-d6fa-4bea-b061-2af18fa96cbd","title":"7: Go Directly to Jail(8)","url":"https://www.bsdnow.tv/7","content_text":"On this week's show, you'll be getting the full jail treatment. We'll show you how to create and deploy BSD jails, as well as chatting with Poul-Henning Kamp - the guy who actually invented them! There's lots of interesting news items to cover as well, so stay tuned to BSD Now - the place to B.. SD.\n\nHeadlines\n\nFreeBSD turns it up to 11\n\n\nThe -CURRENT branch is now known as 11\n10 has been branched to -STABLE\n10-BETA1 ISOs are available now\nWill be the next -RELEASE, probably next year\n***\n\n\nStopping the SSH bruteforce with BSD and pf\n\n\nThe Hail Mary Cloud is an SSH bruteforce botnet that takes a different approach\nWhile most botnets pound port 22 rapidly, THMB does it very slowly and passively\nThis makes prevention based on rate limiting more involved and complex\nNice long blog post about some potential solutions and what we've learned\n***\n\n\nZFS and GELI in bsdinstall coming soon\n\n\nThe man with the beard strikes again, new patch allows for ZFS-on-root installs\nSupports GELI for disk encryption\nMight be the push we need to make Michael W Lucas update his FreeBSD book\n***\n\n\nAsiaBSDCon 2014 announced\n\n\nWill be held in Tokyo, 13-16 March, 2014\nThe conference is for anyone developing, deploying and using systems based on FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, Darwin and Mac OS X\nCall for papers can be found here\n***\n\n\nInterview - Poul-Henning Kamp - phk@freebsd.org / @bsdphk\n\nFreeBSD beginnings, md5crypt, jails, varnish and his... telescope project?\n\n\n\nTutorial\n\nEverything you need to know about Jails\n\n\n\nNews Roundup\n\nNew pf queue system\n\n\nHenning Brauer committed the new kernel-side bandwidth shaping subsystem\nUses the HFSC algorithm behind the scenes\nALTQ to be retired \"in a release or two\" - everyone should migrate soon\n***\n\n\nDragonfly imports FreeBSD KMS driver\n\n\nHot on the trails of OpenBSD and later FreeBSD, Dragonfly gets AMD KMS\nPorted over from the FreeBSD port\n***\n\n\nGet paid to hack OpenSSH\n\n\nGoogle has announced they will pay up to $3113.70 for security patches to OpenSSH\nPatches can fix security or improve security\nIf you come up with something, send it to the OpenSSH guys\n***\n\n\nFeedback/Questions\n\n\nDarren writes in\nKjell-Aleksander writes in\nRyan writes in\nAlexander writes in\n***\n","content_html":"\u003cp\u003eOn this week\u0026#39;s show, you\u0026#39;ll be getting the full jail treatment. We\u0026#39;ll show you how to create and deploy BSD jails, as well as chatting with Poul-Henning Kamp - the guy who actually invented them! There\u0026#39;s lots of interesting news items to cover as well, so stay tuned to BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2013-October/052141.html\" rel=\"nofollow\"\u003eFreeBSD turns it up to 11\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe -CURRENT branch is now known as 11\u003c/li\u003e\n\u003cli\u003e10 has been branched to -STABLE\u003c/li\u003e\n\u003cli\u003e10-BETA1 ISOs are available now\u003c/li\u003e\n\u003cli\u003eWill be the next -RELEASE, probably next year\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html\" rel=\"nofollow\"\u003eStopping the SSH bruteforce with BSD and pf\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe Hail Mary Cloud is an SSH bruteforce botnet that takes a different approach\u003c/li\u003e\n\u003cli\u003eWhile most botnets pound port 22 rapidly, THMB does it very slowly and passively\u003c/li\u003e\n\u003cli\u003eThis makes prevention based on rate limiting more involved and complex\u003c/li\u003e\n\u003cli\u003eNice long blog post about some \u003ca href=\"http://home.nuug.no/%7Epeter/pf/en/bruteforce.html\" rel=\"nofollow\"\u003epotential solutions\u003c/a\u003e and what we\u0026#39;ve learned\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/freebsd/r256343/\" rel=\"nofollow\"\u003eZFS and GELI in bsdinstall coming soon\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe man \u003ca href=\"http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities\" rel=\"nofollow\"\u003ewith the beard\u003c/a\u003e strikes again, new patch allows for ZFS-on-root installs\u003c/li\u003e\n\u003cli\u003eSupports GELI for disk encryption\u003c/li\u003e\n\u003cli\u003eMight be the push we need to make Michael W Lucas \u003ca href=\"https://twitter.com/mwlauthor/status/389524644983611392\" rel=\"nofollow\"\u003eupdate\u003c/a\u003e his FreeBSD book\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://2014.asiabsdcon.org/\" rel=\"nofollow\"\u003eAsiaBSDCon 2014 announced\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eWill be held in Tokyo, 13-16 March, 2014\u003c/li\u003e\n\u003cli\u003eThe conference is for anyone developing, deploying and using systems based on FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, Darwin and Mac OS X\u003c/li\u003e\n\u003cli\u003eCall for papers can be found \u003ca href=\"http://2014.asiabsdcon.org/cfp.html\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Poul-Henning Kamp - \u003ca href=\"mailto:phk@freebsd.org\" rel=\"nofollow\"\u003ephk@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/bsdphk\" rel=\"nofollow\"\u003e@bsdphk\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD beginnings, md5crypt, jails, varnish and his... telescope project?\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/jails\" rel=\"nofollow\"\u003eEverything you need to know about Jails\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/openbsd/c4661054d1882026efca919b6cd9cf958a8698b4\" rel=\"nofollow\"\u003eNew pf queue system\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHenning Brauer committed the new kernel-side bandwidth shaping subsystem\u003c/li\u003e\n\u003cli\u003eUses the HFSC algorithm behind the scenes\u003c/li\u003e\n\u003cli\u003eALTQ to be retired \u0026quot;in a release or two\u0026quot; - everyone should migrate soon\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2013-October/198282.html\" rel=\"nofollow\"\u003eDragonfly imports FreeBSD KMS driver\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eHot on the trails of OpenBSD and later FreeBSD, Dragonfly gets AMD KMS\u003c/li\u003e\n\u003cli\u003ePorted over from the FreeBSD port\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-October/031695.html\" rel=\"nofollow\"\u003eGet paid to hack OpenSSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGoogle has announced they will pay up to $3113.70 for security patches to OpenSSH\u003c/li\u003e\n\u003cli\u003ePatches can fix security or improve security\u003c/li\u003e\n\u003cli\u003eIf you come up with something, send it to the OpenSSH guys\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s24RmwvEvE\" rel=\"nofollow\"\u003eDarren writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2wFcFk9Yz\" rel=\"nofollow\"\u003eKjell-Aleksander writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s23e920gNG\" rel=\"nofollow\"\u003eRyan writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2usxPqO9k\" rel=\"nofollow\"\u003eAlexander writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On this week's show, you'll be getting the full jail treatment. We'll show you how to create and deploy BSD jails, as well as chatting with Poul-Henning Kamp - the guy who actually invented them! There's lots of interesting news items to cover as well, so stay tuned to BSD Now - the place to B.. SD.","date_published":"2013-10-16T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b20be9a5-d6fa-4bea-b061-2af18fa96cbd.mp3","mime_type":"audio/mpeg","size_in_bytes":55318394,"duration_in_seconds":4609}]},{"id":"32b4c026-69c1-4e85-9a83-03baab7f0c83","title":"6: Doing It de Raadt Way","url":"https://www.bsdnow.tv/6","content_text":"On this week's episode we'll show you how to securely run graphical applications in a jail, we sit down and chat with OpenBSD founder Theo de Raadt and, as always, get you caught up on all the latest news. All that and more, this week on BSD Now - the place to B.. SD.\n\nHeadlines\n\nHAMMER2 GSOC improvements merged\n\n\nA student from the Google Summer of Code's patches were committed to upstream Dragonfly\nIt focuses mainly on compression and updating the I/O infrastructure to work with compression\nThe ability to boot from HAMMER2 volumes was also added\nCheck the show notes for a full list of additions and improvements\nWe'll have someone on the show to talk about HAMMER FS in the future\n***\n\n\nOSNews starts a \"BSD family\" segment\n\n\nAn OSNews reader decided to share some info about the BSDs\nHe's writing a three-part series covering FreeBSD, OpenBSD and NetBSD\nPretty good info for Linux switchers\n***\n\n\npkgsrc-2013Q3 branch announcement\n\n\npkgsrc is similar to the ports concept, but for 21 different OSes\nThe pkgsrc developers make a new release every three months.\n13184 total packages for AMD64\nIf there's any interest, we'll try to get a pkgsrc tutorial written in the future\n***\n\n\nPCBSD 9.2 released\n\n\nShortly after the official FreeBSD 9.2 release, PCBSD follows up\nHighlights include bootable ZFS boot environments, a rewritten life-preserver utility for backups, improved pkgng support, updated appcafe, major improvements to warden, a GUI pkgng management system, filesystem-based encryption for home directories and much more\n***\n\n\nInterview - Theo de Raadt - deraadt@openbsd.org\n\nThe OpenBSD project\n\n\n\nTutorial\n\nJailed VNC sessions\n\n\n\nNews Roundup\n\nCurve25519 patch for OpenSSH\n\n\nBecause of recent NSA news, someone implemented an alternative key exchange mechanism\nIt uses Curve25519 instead of the traditional Diffie-Hellman\nComes from the developer of libssh and is already implemented there\n***\n\n\nFreeBSD 10-ALPHA5 is out\n\n\nIncludes the big removal of BIND\nMore GNU stuff removed\nBhyve and XEN improvements\nSome LLVM fixes\n***\n\n\nM:Tier offering \"Long Time Support\" for OpenBSD ports\n\n\nStarting with 5.4, M:Tier will be offering a subscription for LTS support, in addition to their free 6 month version\nOpenBSD releases are only supported for 1 year normally (5.2 becomes unsupported when 5.4 comes out, etc.)\nThis model makes it easier to keep your ports patched for security in a corporate environment\n***\n\n\nOhio Linuxfest talks uploaded\n\n\nThe OLF 2013 talks have been uploaded\nIncludes Kirk Mckusick's keynote about building an open source community and Ken Moore's talk about lots of new PCBSD stuff\n***\n\n\nTheo's absence and other updates\n\n\nIn an uncharacteristic manner, Theo started a thread on misc@ instead of finishing it\nFor the last year, he's not been as involved in OpenBSD development\nHe's been busy with setting up an Internet Exchange in Calgary\nAlso mentions some troubles with an imposter Twitter account\n***\n\n\nFeedback/Questions\n\n\nKenneth writes in\nJason writes in\nAlex writes in\nHenson writes in\n***\n","content_html":"\u003cp\u003eOn this week\u0026#39;s episode we\u0026#39;ll show you how to securely run graphical applications in a jail, we sit down and chat with OpenBSD founder Theo de Raadt and, as always, get you caught up on all the latest news. All that and more, this week on BSD Now - the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2013-September/198111.html\" rel=\"nofollow\"\u003eHAMMER2 GSOC improvements merged\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA student from the Google Summer of Code\u0026#39;s patches were committed to upstream Dragonfly\u003c/li\u003e\n\u003cli\u003eIt focuses mainly on compression and updating the I/O infrastructure to work with compression\u003c/li\u003e\n\u003cli\u003eThe ability to \u003ca href=\"http://lists.dragonflybsd.org/pipermail/commits/2013-September/198166.html\" rel=\"nofollow\"\u003eboot from\u003c/a\u003e HAMMER2 volumes was also added\u003c/li\u003e\n\u003cli\u003eCheck the show notes for a full list of additions and improvements\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll have someone on the show to talk about HAMMER FS in the future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.osnews.com/story/27348/The_BSD_family_pt_1_FreeBSD_9_1\" rel=\"nofollow\"\u003eOSNews starts a \u0026quot;BSD family\u0026quot; segment\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn OSNews reader decided to share some info about the BSDs\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s writing a three-part series covering FreeBSD, OpenBSD and NetBSD\u003c/li\u003e\n\u003cli\u003ePretty good info for Linux switchers\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/tech-pkg/2013/10/04/msg012093.html\" rel=\"nofollow\"\u003epkgsrc-2013Q3 branch announcement\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003epkgsrc is similar to the ports concept, but for 21 different OSes\u003c/li\u003e\n\u003cli\u003eThe pkgsrc developers make a new release every three months.\u003c/li\u003e\n\u003cli\u003e13184 total packages for AMD64\u003c/li\u003e\n\u003cli\u003eIf there\u0026#39;s any interest, we\u0026#39;ll try to get a pkgsrc tutorial written in the future\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.pcbsd.org/pipermail/announce/2013-October/000055.html\" rel=\"nofollow\"\u003ePCBSD 9.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eShortly after the official FreeBSD 9.2 release, PCBSD follows up\u003c/li\u003e\n\u003cli\u003eHighlights include bootable ZFS boot environments, a rewritten life-preserver utility for backups, improved pkgng support, updated appcafe, major improvements to warden, a GUI pkgng management system, filesystem-based encryption for home directories and much more\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Theo de Raadt - \u003ca href=\"mailto:deraadt@openbsd.org\" rel=\"nofollow\"\u003ederaadt@openbsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eThe OpenBSD project\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/jailedvnc\" rel=\"nofollow\"\u003eJailed VNC sessions\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-September/031659.html\" rel=\"nofollow\"\u003eCurve25519 patch for OpenSSH\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBecause of recent NSA news, someone implemented an alternative key exchange mechanism\u003c/li\u003e\n\u003cli\u003eIt uses Curve25519 instead of the traditional Diffie-Hellman\u003c/li\u003e\n\u003cli\u003eComes from the developer of libssh and is already implemented there\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2013-October/045097.html\" rel=\"nofollow\"\u003eFreeBSD 10-ALPHA5 is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIncludes the big removal of BIND\u003c/li\u003e\n\u003cli\u003eMore GNU stuff removed\u003c/li\u003e\n\u003cli\u003eBhyve and XEN improvements\u003c/li\u003e\n\u003cli\u003eSome LLVM fixes\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.mtier.org/index.php/news/openbsd-ports-lt-support/\" rel=\"nofollow\"\u003eM:Tier offering \u0026quot;Long Time Support\u0026quot; for OpenBSD ports\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eStarting with 5.4, M:Tier will be offering a subscription for LTS support, in addition to their free 6 month version\u003c/li\u003e\n\u003cli\u003eOpenBSD releases are only supported for 1 year normally (5.2 becomes unsupported when 5.4 comes out, etc.)\u003c/li\u003e\n\u003cli\u003eThis model makes it easier to keep your ports patched for security in a corporate environment\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://ia801008.us.archive.org/7/items/OhioLinuxfest2013/\" rel=\"nofollow\"\u003eOhio Linuxfest talks uploaded\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe OLF 2013 talks have been uploaded\u003c/li\u003e\n\u003cli\u003eIncludes Kirk Mckusick\u0026#39;s keynote about building an open source community and Ken Moore\u0026#39;s talk about lots of new PCBSD stuff\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://marc.info/?l=openbsd-misc\u0026m=138110694921068\u0026w=2\" rel=\"nofollow\"\u003eTheo\u0026#39;s absence and other updates\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIn an uncharacteristic manner, Theo started a thread on misc@ instead of finishing it\u003c/li\u003e\n\u003cli\u003eFor the last year, he\u0026#39;s not been as involved in OpenBSD development\u003c/li\u003e\n\u003cli\u003eHe\u0026#39;s been busy with setting up an Internet Exchange in Calgary\u003c/li\u003e\n\u003cli\u003eAlso mentions some troubles with an imposter Twitter account\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s24yODHGaW\" rel=\"nofollow\"\u003eKenneth writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21SbqaOPi\" rel=\"nofollow\"\u003eJason writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2yY3vHoIo\" rel=\"nofollow\"\u003eAlex writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20fT5VHBC\" rel=\"nofollow\"\u003eHenson writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"On this week's episode we'll show you how to securely run graphical applications in a jail, we sit down and chat with OpenBSD founder Theo de Raadt and, as always, get you caught up on all the latest news. All that and more, this week on BSD Now - the place to B.. SD.","date_published":"2013-10-09T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/32b4c026-69c1-4e85-9a83-03baab7f0c83.mp3","mime_type":"audio/mpeg","size_in_bytes":37230897,"duration_in_seconds":3102}]},{"id":"37b947f2-c6fb-4610-a954-d66d2d770d98","title":"5: Stacks of Cache","url":"https://www.bsdnow.tv/5","content_text":"After returning from a successful EuroBSDCon in Malta, we're back to get you caught up on all the latest news! We've got stories, interviews and a special treat for OpenBSD fans later in the show. All that and more on this week's BSD Now, the place to B.. SD.\n\nHeadlines\n\nFreeBSD 9.2 released\n\n\nFreeBSD 9.2-RELEASE is finally out\nHighlights include ZFS TRIM and LZ4 support, virtio drivers, dtrace and OpenSSH updates as well as lots of driver improvements\nWill be supported until 2014-09-30\nGet out there and freebsd-update or buildworld!\n***\n\n\nFour new NetBSD releases\n\n\nNetBSD 5.2 and 5.1 branches get security and bugfix updates\nThe 6.1 and 6.0 branches were updated soon after, also with security updates and bug fixes\nCheck the show notes for the full changelog\n***\n\n\nBIND being replaced by unbound in FreeBSD\n\n\nMost FreeBSD users are familiar with BIND from the security notifications\nIt has has many vulnerabilities over the years, and we’ll finally be rid of it\nBeing replaced with unbound and ldns, everyone rejoices\nAs of September 24th, BIND is no longer built by default\nAs of September 30th, BIND was completely removed\nIncludes an easy to use script for local DNS\nOpenBSD also has unbound in base, but it's not built by default yet\n***\n\n\nDragonflyBSD future plans\n\n\nAn announcement was posted that details some possible plans for Dragonfly\ndports (their version of FreeBSD ports) will be switching to GCC 4.7\ni915 support is probably going to be in version 3.6\nWork is being done on HAMMER 2, but it won't make it to 3.6\n3.6 is also likely going to ditch pkgsrc as the default in favor of dports, due to a hugely positive reaction from the community\n***\n\n\nFreeBSD ports get Stack Protector support\n\n\nSome portsnap users noticed a massive sweep of every port being updated\nShortly after, stack protector support was announced by Bryan Drewery\nOnly works on i386 and AMD64 on FreeBSD 10 and AMD64 on 9\nHopefully will become the default, but needs to go through some testing and exp-runs\n***\n\n\nEuroBSDCon 2013 wrap-up chat\n\n\nBSD Now is back from EuroBSDCon with lots of stories\nWe picked up an OpenBSD 5.4 CD set at EuroBSDCon, before the official release\nWe'll give a little showcase of what's inside, they put a lot of effort into it\nComes with the OS, source code, stickers, music, cool other stuff\nConsider supporting the OpenBSD project\n***\n\n\nInterview - Marshall Kirk McKusick - mckusick@freebsd.org\n\nVarious topics\n\n\n\nTutorial\n\nFaster recompiles with ccache and tmpfs\n\n\n\nNews Roundup\n\nList of vBSDCon speakers posted\n\n\nRegistration will be open until October 23rd\nPresentations covering FreeBSD, OpenBSD, FreeNAS and others\n***\n\n\nXen PVHVM added to GENERIC\n\n\nIt's now possible to run FreeBSD 10 under Xen with the GENERIC kernel\nfreebsd-update will work now\nWith FreeBSD 10 ALPHA 4 just being released, should be interesting\nWe should call the new kernel \"XENERIC\"\n***\n\n\nDragonfly AMD KMS port\n\n\nA Dragonfly user has started porting the new FreeBSD AMD KMS driver\nStill a work in progress, asking for help from the community\n***\n\n\nNetBSD gets an nVidia driver\n\n\nNetBSD gets a preliminary nVidia driver\nSo far only supports the GeForce 2MX, so not a lot of use just yet\nNo acceleration yet, but it's a start\n***\n\n\nFreeBSD cracks the top 10 on DistroWatch\n\n\nOver the last year FreeBSD has steadily moved up the rankings from #18 to #10\nIncreasing from an average of 570 to 779 hits per day\nSurpassed CentOS, Puppy Linux and Slackware\n***\n\n\nFeedback/Questions\n\n\nCharlie writes in\nKjell-Aleksander writes in\nStefen writes in\nSichendra writes in\n***\n","content_html":"\u003cp\u003eAfter returning from a successful EuroBSDCon in Malta, we\u0026#39;re back to get you caught up on all the latest news! We\u0026#39;ve got stories, interviews and a special treat for OpenBSD fans later in the show. All that and more on this week\u0026#39;s BSD Now, the place to B.. SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://www.freebsd.org/releases/9.2R/relnotes.html\" rel=\"nofollow\"\u003eFreeBSD 9.2 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFreeBSD 9.2-RELEASE is finally out\u003c/li\u003e\n\u003cli\u003eHighlights include ZFS TRIM and LZ4 support, virtio drivers, dtrace and OpenSSH updates as well as lots of driver improvements\u003c/li\u003e\n\u003cli\u003eWill be supported until 2014-09-30\u003c/li\u003e\n\u003cli\u003eGet out there and freebsd-update or buildworld!\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_5_2_1_and\" rel=\"nofollow\"\u003eFour new NetBSD releases\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD 5.2 and 5.1 branches get security and bugfix updates\u003c/li\u003e\n\u003cli\u003eThe 6.1 and 6.0 branches were \u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_6_1_2_and\" rel=\"nofollow\"\u003eupdated soon after\u003c/a\u003e, also with security updates and bug fixes\u003c/li\u003e\n\u003cli\u003eCheck the show notes for the full changelog\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/freebsd/r255597\" rel=\"nofollow\"\u003eBIND being replaced by unbound in FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMost FreeBSD users are familiar with BIND from the security notifications\u003c/li\u003e\n\u003cli\u003eIt has has many vulnerabilities over the years, and \u003ca href=\"http://blog.des.no/2013/09/dns-in-freebsd-10/\" rel=\"nofollow\"\u003ewe’ll finally be rid of it\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBeing replaced with unbound and ldns, \u003ca href=\"http://blog.des.no/2013/09/dns-again-a-clarification/\" rel=\"nofollow\"\u003eeveryone rejoices\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAs of \u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=255850\" rel=\"nofollow\"\u003eSeptember 24th\u003c/a\u003e, BIND is no longer built by default\u003c/li\u003e\n\u003cli\u003eAs of \u003ca href=\"http://freshbsd.org/commit/freebsd/r255949\" rel=\"nofollow\"\u003eSeptember 30th\u003c/a\u003e, BIND was completely removed\u003c/li\u003e\n\u003cli\u003eIncludes an easy to use \u003ca href=\"http://freshbsd.org/commit/freebsd/r255809\" rel=\"nofollow\"\u003escript\u003c/a\u003e for local DNS\u003c/li\u003e\n\u003cli\u003eOpenBSD also has \u003ca href=\"http://marc.info/?l=openbsd-cvs\u0026m=137984954228414\u0026w=2\" rel=\"nofollow\"\u003eunbound in base\u003c/a\u003e, but it\u0026#39;s not built by default yet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/kernel/2013-September/062975.html\" rel=\"nofollow\"\u003eDragonflyBSD future plans\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAn announcement was posted that details some possible plans for Dragonfly\u003c/li\u003e\n\u003cli\u003edports (their version of FreeBSD ports) will be switching to GCC 4.7\u003c/li\u003e\n\u003cli\u003ei915 support is probably going to be in version 3.6\u003c/li\u003e\n\u003cli\u003eWork is being done on HAMMER 2, but it won\u0026#39;t make it to 3.6\u003c/li\u003e\n\u003cli\u003e3.6 is also likely going to ditch pkgsrc as the default in favor of dports, due to a hugely positive reaction from the community\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-ports-announce/2013-September/000066.html\" rel=\"nofollow\"\u003eFreeBSD ports get Stack Protector support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eSome portsnap users noticed a massive sweep of every port being updated\u003c/li\u003e\n\u003cli\u003eShortly after, \u003ca href=\"https://en.wikipedia.org/wiki/Buffer_overflow_protection\" rel=\"nofollow\"\u003estack protector\u003c/a\u003e support was announced by Bryan Drewery\u003c/li\u003e\n\u003cli\u003eOnly works on i386 and AMD64 on FreeBSD 10 and AMD64 on 9\u003c/li\u003e\n\u003cli\u003eHopefully will become the default, but needs to go through some testing and exp-runs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eEuroBSDCon 2013 wrap-up chat\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD Now is back from EuroBSDCon with lots of stories\u003c/li\u003e\n\u003cli\u003eWe picked up an OpenBSD 5.4 CD set at EuroBSDCon, before the official release\u003c/li\u003e\n\u003cli\u003eWe\u0026#39;ll give a little showcase of what\u0026#39;s inside, they put a lot of effort into it\u003c/li\u003e\n\u003cli\u003eComes with the OS, source code, stickers, music, cool other stuff\u003c/li\u003e\n\u003cli\u003eConsider \u003ca href=\"http://www.openbsd.org/orders.html\" rel=\"nofollow\"\u003esupporting the OpenBSD project\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Marshall Kirk McKusick - \u003ca href=\"mailto:mckusick@freebsd.org\" rel=\"nofollow\"\u003emckusick@freebsd.org\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eVarious topics\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/ccache\" rel=\"nofollow\"\u003eFaster recompiles with ccache and tmpfs\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.hostileadmin.com/2013/09/09/reminder-vbsdcon-registrations-are-open/\" rel=\"nofollow\"\u003eList of vBSDCon speakers posted\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eRegistration will be open until October 23rd\u003c/li\u003e\n\u003cli\u003ePresentations covering FreeBSD, OpenBSD, FreeNAS and others\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=255744\" rel=\"nofollow\"\u003eXen PVHVM added to GENERIC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eIt\u0026#39;s now possible to run FreeBSD 10 under Xen with the GENERIC kernel\u003c/li\u003e\n\u003cli\u003efreebsd-update will work now\u003c/li\u003e\n\u003cli\u003eWith FreeBSD 10 \u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-snapshots/2013-September/000045.html\" rel=\"nofollow\"\u003eALPHA 4\u003c/a\u003e just being released, should be interesting\u003c/li\u003e\n\u003cli\u003eWe should call the new kernel \u0026quot;XENERIC\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.dragonflybsd.org/pipermail/kernel/2013-September/062993.html\" rel=\"nofollow\"\u003eDragonfly AMD KMS port\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eA Dragonfly user has started porting the new FreeBSD AMD KMS driver\u003c/li\u003e\n\u003cli\u003eStill a work in progress, asking for help from the community\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2013/09/18/msg047712.html\" rel=\"nofollow\"\u003eNetBSD gets an nVidia driver\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNetBSD gets a preliminary nVidia driver\u003c/li\u003e\n\u003cli\u003eSo far only supports the GeForce 2MX, so not a lot of use just yet\u003c/li\u003e\n\u003cli\u003eNo acceleration yet, but it\u0026#39;s a start\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://distrowatch.com/dwres.php?resource=popularity\" rel=\"nofollow\"\u003eFreeBSD cracks the top 10 on DistroWatch\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOver the last year FreeBSD has steadily moved up the rankings from #18 to #10\u003c/li\u003e\n\u003cli\u003eIncreasing from an average of 570 to 779 hits per day\u003c/li\u003e\n\u003cli\u003eSurpassed CentOS, Puppy Linux and Slackware\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21jRKf7lp\" rel=\"nofollow\"\u003eCharlie writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2M0OKmxMK\" rel=\"nofollow\"\u003eKjell-Aleksander writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2YlVuhhUa\" rel=\"nofollow\"\u003eStefen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2P7KtE5x2\" rel=\"nofollow\"\u003eSichendra writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"After returning from a successful EuroBSDCon in Malta, we're back to get you caught up on all the latest news! We've got stories, interviews and a special treat for OpenBSD fans later in the show. All that and more on this week's BSD Now, the place to B.. SD.","date_published":"2013-10-02T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/37b947f2-c6fb-4610-a954-d66d2d770d98.mp3","mime_type":"audio/mpeg","size_in_bytes":45451631,"duration_in_seconds":3787}]},{"id":"52de4051-f863-4077-9119-ed4df77ee072","title":"4: Teskeing the Possibilities","url":"https://www.bsdnow.tv/4","content_text":"This week we’re at EuroBSDCon, so we’ve just got an interview for you today. BSD Now will be back next week with a normal episode and lots of stories from the conference. We’ll also try to get some more interviews there. For today, though, we talk to Devin Teske about his work with bsdinstall, bsdconfig and all the other interesting things he’s been up to lately.\n\nInterview - Devin Teske - dteske@freebsd.org / @devinteske\n\nbsdconfig, bsdinstall, sysrc and fdpv\n\n","content_html":"\u003cp\u003eThis week we’re at \u003ca href=\"http://2013.eurobsdcon.org/\" rel=\"nofollow\"\u003eEuroBSDCon\u003c/a\u003e, so we’ve just got an interview for you today. BSD Now will be back next week with a normal episode and lots of stories from the conference. We’ll also try to get some more interviews there. For today, though, we talk to Devin Teske about his work with bsdinstall, bsdconfig and all the other interesting things he’s been up to lately.\u003c/p\u003e\n\n\u003ch2\u003eInterview - Devin Teske - \u003ca href=\"mailto:dteske@freebsd.org\" rel=\"nofollow\"\u003edteske@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/devinteske\" rel=\"nofollow\"\u003e@devinteske\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003ebsdconfig, bsdinstall, sysrc and fdpv\u003c/p\u003e\n\n\u003chr\u003e","summary":"This week we’re at [EuroBSDCon](http://2013.eurobsdcon.org/), so we’ve just got an interview for you today. BSD Now will be back next week with a normal episode and lots of stories from the conference. We’ll also try to get some more interviews there. For today, though, we talk to Devin Teske about his work with bsdinstall, bsdconfig and all the other interesting things he’s been up to lately.","date_published":"2013-09-25T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/52de4051-f863-4077-9119-ed4df77ee072.mp3","mime_type":"audio/mpeg","size_in_bytes":26194893,"duration_in_seconds":2182}]},{"id":"92a7fcaa-903b-4966-886d-1b0b3cd62639","title":"3: MX with TTX","url":"https://www.bsdnow.tv/3","content_text":"We follow up last week's poudriere tutorial with a segment about using pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news. All that and more on BSD Now! The place to B... SD.\n\nHeadlines\n\npfSense 2.1-RELEASE is out\n\n\nNow based on FreeBSD 8.3\nLots of IPv6 features added\nSecurity updates, bug fixes, driver updates\nPBI package support\nWay too many updates to list, see the full list\n***\n\n\nNew kernel based iSCSI stack comes to FreeBSD\n\n\nBrief explanation of iSCSI\nThis work replaces the older userland iscsi target daemon and improves the in-kernel iscsi initiator\nTarget layer consists of:\nctld(8), a userspace daemon responsible for handling configuration, listening for incoming connections, etc, then handing off connections to the kernel after the iSCSI Login phase\niSCSI frontend to CAM Target Layer, which handles Full Feature phase. \nThe work is being sponsored by FreeBSD Foundation\nCommit here\n***\n\n\nMTier creates openup utility for OpenBSD\n\n\nMTier provides a number of things for the OpenBSD community\nFor example, regularly updated (for security) stable packages from their custom repo\nopenup is a utility to easily check for security updates in both base and packages\nIt uses the regular pkg tools, nothing custom-made\nCan be run from cron, but only emails the admin instead of automatically updating\n***\n\n\nOpenSSH in FreeBSD -CURRENT supports DNSSEC\n\n\nOpenSSH in base is now compiled with DNSSEC support\nIn this case the default setting for ‘VerifyHostKeyDNS' is yes\nOpenSSH will silently trust DNSSEC-signed SSHFP records\nIt is the secteam's opinion that this is better than teaching users to blindly hit “yes” each time they encounter a new key\n***\n\n\nInterview - Gilles Chehade \u0026amp; Eric Faurot - gilles@poolp.org / @poolpOrg \u0026amp; eric@openbsd.org / @opensmtpd\n\nOpenSMTPD\n\n\n\nTutorial\n\nBinary packages with pkgng\n\n\n\nNews Roundup\n\nNew progress with Newcons\n\n\nNewcons is a replacement console driver for FreeBSD\nSupports unicode, better graphics modes and bigger fonts\nProgress is being made, but it's not finished yet\n***\n\n\nrelayd gets PFS support\n\n\nrelayd is a load balancer for OpenBSD which does protocol layers 3, 4, and 7\nCurrently being ported to FreeBSD. There is a WIP port\nWorks by negotiating ECDHE (Elliptic curve Diffie-Hellman) between the remote site and relayd to enable TLS/SSL Perfect Forward Secrecy, even when the client does not support it\n***\n\n\nOpenZFS Launches\n\n\nSlides from LinuxCon \nWill feature ‘Office Hours' (Ask an Expert)\nGoal is to reduce the differences between various open source implementations of ZFS, both user facing and pure lines of code\n***\n\n\nFreeBSD 10-CURRENT becomes 10.0-ALPHA\n\n\nGlen Barber tagged the -CURRENT branch as 10.0-ALPHA\nIn preparation for 10.0-RELEASE, ALPHA2 as of 9/16\nEveryone was rushing to get their big commits in before 10-STABLE, which will be branched soon\n10 is gonna be HUGE\n***\n\n\nSeptember issue of BSD Mag\n\n\nBSD Mag is a monthly online magazine about the BSDs\nThis month's issue has some content written by Kris\nTopics include MidnightBSD live cds, server maintenance, turning a Mac Mini into a wireless access point with OpenBSD, server monitoring, FreeBSD programming, PEFS encryption and a brief introduction to ZFS\n***\n\n\nThe FreeBSD IRC channel is official\n\n\nFor many years, the FreeBSD freenode channel has been “unofficial” with a double-hash prefix\nFinally it has freenode's blessing and looks like a normal channel!\nThe old one will forward to the new one, so your IRC clients don't need updating\n***\n\n\nOpenSSH 6.3 released\n\n\nAfter a big delay, Damien Miller announced the release of 6.3\nMostly a bugfix release, with a few new features\nOf note, SFTP now supports resuming failed downloads via -a\n***\n\n\nFeedback/Questions\n\n\n[James writes in](http://slexy.org/view/s2wBbbSWGz]\n[Elias writes in](http://slexy.org/view/s2LMDF3PYx]\n[Gabor writes in](http://slexy.org/view/s2aCodo65X]\nPossibly the coolest feedback we've gotten thus far: Baptiste Daroussin, leader of the FreeBSD ports management team and author of poudriere and pkgng, has put up the BSD Now poudriere tutorial on the official documentation!\n***\n","content_html":"\u003cp\u003eWe follow up last week\u0026#39;s poudriere tutorial with a segment about using pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news. All that and more on BSD Now! The place to B... SD.\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blog.pfsense.org/?p=712\" rel=\"nofollow\"\u003epfSense 2.1-RELEASE is out\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNow based on FreeBSD 8.3\u003c/li\u003e\n\u003cli\u003eLots of IPv6 features added\u003c/li\u003e\n\u003cli\u003eSecurity updates, bug fixes, driver updates\u003c/li\u003e\n\u003cli\u003ePBI package support\u003c/li\u003e\n\u003cli\u003eWay too many updates to list, see \u003ca href=\"https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes\" rel=\"nofollow\"\u003ethe full list\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-current/2013-September/044237.html\" rel=\"nofollow\"\u003eNew kernel based iSCSI stack comes to FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBrief explanation of iSCSI\u003c/li\u003e\n\u003cli\u003eThis work replaces the older userland iscsi target daemon and improves the in-kernel iscsi initiator\u003c/li\u003e\n\u003cli\u003eTarget layer consists of:\u003c/li\u003e\n\u003cli\u003ectld(8), a userspace daemon responsible for handling configuration, listening for incoming connections, etc, then handing off connections to the kernel after the iSCSI Login phase\u003c/li\u003e\n\u003cli\u003eiSCSI frontend to CAM Target Layer, which handles Full Feature phase. \u003c/li\u003e\n\u003cli\u003eThe work is being sponsored by FreeBSD Foundation\u003c/li\u003e\n\u003cli\u003eCommit \u003ca href=\"http://freshbsd.org/commit/freebsd/r255570\" rel=\"nofollow\"\u003ehere\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.mtier.org/index.php/solutions/apps/openup/\" rel=\"nofollow\"\u003eMTier creates openup utility for OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMTier provides a number of things for the OpenBSD community\u003c/li\u003e\n\u003cli\u003eFor example, regularly updated (for security) stable packages from their custom repo\u003c/li\u003e\n\u003cli\u003eopenup is a utility to easily check for security updates in both base and packages\u003c/li\u003e\n\u003cli\u003eIt uses the regular pkg tools, nothing custom-made\u003c/li\u003e\n\u003cli\u003eCan be run from cron, but only emails the admin instead of automatically updating\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html\" rel=\"nofollow\"\u003eOpenSSH in FreeBSD -CURRENT supports DNSSEC\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOpenSSH in base is now compiled with DNSSEC support\u003c/li\u003e\n\u003cli\u003eIn this case the default setting for ‘VerifyHostKeyDNS\u0026#39; is yes\u003c/li\u003e\n\u003cli\u003eOpenSSH will silently trust DNSSEC-signed SSHFP records\u003c/li\u003e\n\u003cli\u003eIt is the secteam\u0026#39;s opinion that this is better than teaching users to blindly hit “yes” each time they encounter a new key\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Gilles Chehade \u0026amp; Eric Faurot - \u003ca href=\"mailto:gilles@poolp.org\" rel=\"nofollow\"\u003egilles@poolp.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/poolpOrg\" rel=\"nofollow\"\u003e@poolpOrg\u003c/a\u003e \u0026amp; \u003ca href=\"mailto:eric@openbsd.org\" rel=\"nofollow\"\u003eeric@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/opensmtpd\" rel=\"nofollow\"\u003e@opensmtpd\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOpenSMTPD\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/pkgng\" rel=\"nofollow\"\u003eBinary packages with pkgng\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://raybsd.blogspot.com/2013/08/newcons-beginning.html\" rel=\"nofollow\"\u003eNew progress with Newcons\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNewcons is a replacement console driver for FreeBSD\u003c/li\u003e\n\u003cli\u003eSupports unicode, better graphics modes and bigger fonts\u003c/li\u003e\n\u003cli\u003eProgress is being made, but it\u0026#39;s not finished yet\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/openbsd/7e7bd0a7f61ea0005b5c2f763364ff8dfce03fe2\" rel=\"nofollow\"\u003erelayd gets PFS support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003erelayd is a load balancer for OpenBSD which does protocol layers 3, 4, and 7\u003c/li\u003e\n\u003cli\u003eCurrently being ported to FreeBSD. There is \u003ca href=\"https://www.freshports.org/net/relayd/\" rel=\"nofollow\"\u003ea WIP port\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorks by negotiating ECDHE (Elliptic curve Diffie-Hellman) between the remote site and relayd to enable TLS/SSL Perfect Forward Secrecy, even when the client does not support it\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://open-zfs.org/wiki/Main_Page\" rel=\"nofollow\"\u003eOpenZFS Launches\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.slideshare.net/MatthewAhrens/open-zfs-linuxcon\" rel=\"nofollow\"\u003eSlides from LinuxCon \u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWill feature ‘Office Hours\u0026#39; (Ask an Expert)\u003c/li\u003e\n\u003cli\u003eGoal is to reduce the differences between various open source implementations of ZFS, both user facing and pure lines of code\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/freebsd/r255489\" rel=\"nofollow\"\u003eFreeBSD 10-CURRENT becomes 10.0-ALPHA\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGlen Barber tagged the -CURRENT branch as 10.0-ALPHA\u003c/li\u003e\n\u003cli\u003eIn preparation for 10.0-RELEASE, ALPHA2 as of 9/16\u003c/li\u003e\n\u003cli\u003eEveryone was rushing to get their big commits in before 10-STABLE, which will be branched soon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://wiki.freebsd.org/WhatsNew/FreeBSD10\" rel=\"nofollow\"\u003e10 is gonna be HUGE\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://bsdmag.org/magazine/1848-day-to-day-bsd-administration\" rel=\"nofollow\"\u003eSeptember issue of BSD Mag\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eBSD Mag is a monthly online magazine about the BSDs\u003c/li\u003e\n\u003cli\u003eThis month\u0026#39;s issue has some content written by Kris\u003c/li\u003e\n\u003cli\u003eTopics include MidnightBSD live cds, server maintenance, turning a Mac Mini into a wireless access point with OpenBSD, server monitoring, FreeBSD programming, PEFS encryption and a brief introduction to ZFS\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003eThe FreeBSD IRC channel is official\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFor many years, the FreeBSD freenode channel has been “unofficial” with a double-hash prefix\u003c/li\u003e\n\u003cli\u003eFinally it has freenode\u0026#39;s blessing and looks like a normal channel!\u003c/li\u003e\n\u003cli\u003eThe old one will forward to the new one, so your IRC clients don\u0026#39;t need updating\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-September/031638.html\" rel=\"nofollow\"\u003eOpenSSH 6.3 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAfter a big delay, Damien Miller announced the release of 6.3\u003c/li\u003e\n\u003cli\u003eMostly a bugfix release, with a few new features\u003c/li\u003e\n\u003cli\u003eOf note, SFTP now supports resuming failed downloads via -a\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e[James writes in](\u003ca href=\"http://slexy.org/view/s2wBbbSWGz\" rel=\"nofollow\"\u003ehttp://slexy.org/view/s2wBbbSWGz\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e[Elias writes in](\u003ca href=\"http://slexy.org/view/s2LMDF3PYx\" rel=\"nofollow\"\u003ehttp://slexy.org/view/s2LMDF3PYx\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e[Gabor writes in](\u003ca href=\"http://slexy.org/view/s2aCodo65X\" rel=\"nofollow\"\u003ehttp://slexy.org/view/s2aCodo65X\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003ePossibly the coolest feedback we\u0026#39;ve gotten thus far: Baptiste Daroussin, leader of the FreeBSD ports management team and author of poudriere and pkgng, has put up the BSD Now poudriere tutorial on the official documentation!\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We follow up last week's poudriere tutorial with a segment about using pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news. All that and more on BSD Now! The place to B... SD.","date_published":"2013-09-18T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/92a7fcaa-903b-4966-886d-1b0b3cd62639.mp3","mime_type":"audio/mpeg","size_in_bytes":44114371,"duration_in_seconds":3676}]},{"id":"1aad79cd-d915-4920-8acf-ffcba05725bb","title":"2: Engineering and Powder Kegs","url":"https://www.bsdnow.tv/2","content_text":"After a wildly successful debut episode, BSD Now is BACK to talk with Glen Barber from the FreeBSD Release team, show you how to build your own binary package repository and discuss the latest BSD news!\n\nHeadlines\n\n64bit time in OpenBSD\n\n\nMany operating systems face an upcoming challenge, similar to (but more complicated than) Y2K: Y2038. All of the BSDs and most other operating systems track time by counting the seconds since Jan 1st, 1970. In 2038 this value will reach the maximum value of a signed 32 bit integer. \nSimply changing to a 64 bit counter may not be the best solution, because there may still be 32 bit systems in use for embedded applications\nTheo will be giving the keynote at EuroBSDCon on the subject, explaining how OpenBSD has implemented the solution\nABI incompatibility. Updating to this kernel requires extra work or you won't be able to login: install a snapshot instead. Upgrading by source is for the insane only.\n\n\nAESNI pipelining gets a speed boost\n\n\nAES-NI is a new processor instruction available on modern Intel and AMD chips that provides hardware acceleration for AES encryption and decryption. This feature is especially useful for encrypted disks, because it removes most of the performance penalty traditionally associated with encryption\nThe new commit has the instructions pipelined, so there is no latency between the instructions\nUses SSE2 instructions for calculating XTS tweak factor for further increased performance\nGELI based disk encryption performance increased by 3x on capable CPUs\nShould affect PEFS and other AES backed encryption schemes as well\nFull disk encryption should be more or less transparent now\n***\n\n\nOpenBSD 5.4 Preorders\n\n\nEvery 6 months there is a new OpenBSD version\nThey include a fun song and nicely-packaged CD set\nThe proceeds from sale of these products is the primary funding of the OpenBSD project\nThe official ISOs will be uploaded on November 1st\n***\n\n\nGCC no longer built by default on FreeBSD -CURRENT\n\n\nOn platforms where clang is the default compiler, don't build gcc or libstdc++\nGCC is still enabled on PC98, because the PC98 bootloader requires GCC to build\nWhile the base FreeBSD system has been built by clang for a long time, this change also covers the ports tree\n***\n\n\nPatch to update Xorg and MESA on FreeBSD\n\n\nUpdates xorg drivers\nExpected to be committed in about 2 weeks\nAdds option to use devd instead of HAL for X configuration\nUpdates the MESA stack (9.1.6), libGL, DRI, etc\nEnables KMS for AMD/ATI cards\nMesa 9.2 is available with xorg-dev, OpenBSD has also recently upgraded to Mesa 9.2 for their stable version of Xorg\n***\n\n\nInterview - Glen Barber - gjb@freebsd.org / @evilgjb\n\nFreeBSD Release Engineering\n\n\n\nTutorial\n\nMaking your own binary repository\n\n\n\nThe Place to B...SD\n\niXsystems hosts FreeBSD Anniversary party \n\n\nCelebrating FreeBSD’s 20th anniversary\nSaturday, November 2nd at the DNA Lounge in San Francisco\nNotable FreeBSD figures will contribute words of wisdom on the past, present, and future of FreeBSD\n***\n\n\nNews Roundup\n\nNetBSD gets basic support for the cubieboard 1 \u0026amp; 2 \n\n\nVery preliminary support for cubieboard 1 \u0026amp; 2 based on the Allwinner A10 \u0026amp; A20 SoCs\nMany drivers are \"stubs with autoconf glue\"\nContributed by Matt Thomas\n***\n\n\nRayservers ditches Linux for BSD\n\n\nUsed them all, Windows, Mac, OpenBSD, Linux\nNeeded PF, ZFS, disk encryption, lots of networking features, better security\nIn Linux, \"The new cgroups based memory management ran out of memory - on a 256 GB RAM system whilst it was not using more than 40.\"\nBSD now protects the privacy of their email users\n***\n\n\nHPN for OpenSSH 6.2\n\n\nHigh Performance Networking is an SSH patchset to improve transfer speeds by removing the fixed window size and take better advantage of TCP\nMaintained as a patchset separate from OpenSSH\nFirst integrated into FreeBSD base as of 9.0\nUpdated to support 6.2 (available in the ports tree as security/openssh-portable)\nThe HPN patch set also includes threaded AES-CTR support to increase performance and take advantage of multiple CPU cores for encryption. In this latest patch, threaded AES-CTR now works in all situations (it failed in some specific situations previously). Expected performance increase is ~50%\nNONE cipher is now separate from the main patch set. The NONE cipher allows tools like scp and sftp to switch off the encryption for file transfers (when specifically told to do so) to keep encryption from bottlenecking performance and wasting CPU time\n***\n\n\nCall for testing: OpenSSH-6.3\n\n\nMostly a bugfix release\nSFTP now supports resuming partially-downloaded or uploaded transfers\nMore logging features\nSix weeks after the initial email, still no release. des@ is not pleased.\n***\n\n\npkgsrc gets signing support\n\n\npkgsrc is used on NetBSD, DragonflyBSD and other OSes\nComes from an EdgeBSD developer\nUses GPG for signing package files\nCurrently just a patch on github and in its infancy\nProvides a short howto\n***\n\n\nFreeBSD vs. Linux: 10 points of superiority \n\n\nNew FreeBSD user, ex-Linux user writes about his experience\nMentions consistency, documentation, security, filesystems, updates, jails, community\nReally long post, definitely worth a read\n***\n\n\nFeedback/Questions\n\n\nhoopla writes in\nJuergen writes in\nSam writes in\nFrank writes in\n***\n","content_html":"\u003cp\u003eAfter a wildly successful debut episode, BSD Now is BACK to talk with Glen Barber from the FreeBSD Release team, show you how to build your own binary package repository and discuss the latest BSD news!\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://undeadly.org/cgi?action=article\u0026sid=20130813072244\" rel=\"nofollow\"\u003e64bit time in OpenBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMany operating systems face an upcoming challenge, similar to (but more complicated than) Y2K: Y2038. All of the BSDs and most other operating systems track time by counting the seconds since Jan 1st, 1970. In 2038 this value will reach the maximum value of a signed 32 bit integer. \u003c/li\u003e\n\u003cli\u003eSimply changing to a 64 bit counter may not be the best solution, because there may still be 32 bit systems in use for embedded applications\u003c/li\u003e\n\u003cli\u003eTheo will be giving the keynote at EuroBSDCon on the subject, explaining how OpenBSD has implemented the solution\u003c/li\u003e\n\u003cli\u003eABI incompatibility. Updating to this kernel requires extra work or you won\u0026#39;t be able to login: install a snapshot instead. \u003ca href=\"http://www.openbsd.org/faq/current.html#20130813\" rel=\"nofollow\"\u003eUpgrading by source is for the insane only.\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/freebsd/r255187\" rel=\"nofollow\"\u003eAESNI pipelining gets a speed boost\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAES-NI is a new processor instruction available on modern Intel and AMD chips that provides hardware acceleration for AES encryption and decryption. This feature is especially useful for encrypted disks, because it removes most of the performance penalty traditionally associated with encryption\u003c/li\u003e\n\u003cli\u003eThe new commit has the instructions pipelined, so there is no latency between the instructions\u003c/li\u003e\n\u003cli\u003eUses SSE2 instructions for calculating XTS tweak factor for further increased performance\u003c/li\u003e\n\u003cli\u003eGELI based disk encryption performance increased by 3x on capable CPUs\u003c/li\u003e\n\u003cli\u003eShould affect PEFS and other AES backed encryption schemes as well\u003c/li\u003e\n\u003cli\u003eFull disk encryption should be more or less transparent now\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://openbsd.org/orders.html\" rel=\"nofollow\"\u003eOpenBSD 5.4 Preorders\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eEvery 6 months there is a new OpenBSD version\u003c/li\u003e\n\u003cli\u003eThey include a fun song and nicely-packaged CD set\u003c/li\u003e\n\u003cli\u003eThe proceeds from sale of these products is the primary funding of the OpenBSD project\u003c/li\u003e\n\u003cli\u003eThe official ISOs will be uploaded on November 1st\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=255321\" rel=\"nofollow\"\u003eGCC no longer built by default on FreeBSD -CURRENT\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eOn platforms where clang is the default compiler, don\u0026#39;t build gcc or libstdc++\u003c/li\u003e\n\u003cli\u003eGCC is still enabled on PC98, because the PC98 bootloader requires GCC to build\u003c/li\u003e\n\u003cli\u003eWhile the base FreeBSD system has been built by clang for a long time, this change also covers the ports tree\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://lists.freebsd.org/pipermail/freebsd-x11/2013-September/013599.html\" rel=\"nofollow\"\u003ePatch to update Xorg and MESA on FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUpdates xorg drivers\u003c/li\u003e\n\u003cli\u003eExpected to be committed in about 2 weeks\u003c/li\u003e\n\u003cli\u003eAdds option to use devd instead of HAL for X configuration\u003c/li\u003e\n\u003cli\u003eUpdates the MESA stack (9.1.6), libGL, DRI, etc\u003c/li\u003e\n\u003cli\u003eEnables KMS for AMD/ATI cards\u003c/li\u003e\n\u003cli\u003eMesa 9.2 is available with xorg-dev, OpenBSD has also recently upgraded to Mesa 9.2 for their stable version of Xorg\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Glen Barber - \u003ca href=\"mailto:gjb@freebsd.org\" rel=\"nofollow\"\u003egjb@freebsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/evilgjb\" rel=\"nofollow\"\u003e@evilgjb\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eFreeBSD Release Engineering\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/poudriere\" rel=\"nofollow\"\u003eMaking your own binary repository\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eThe Place to B...SD\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.ixsystems.com/resources/ix/news/ixsystems-to-once-again-host-freebsd-anniversary-celebration.html\" rel=\"nofollow\"\u003eiXsystems hosts FreeBSD Anniversary party \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCelebrating FreeBSD’s 20th anniversary\u003c/li\u003e\n\u003cli\u003eSaturday, November 2nd at the DNA Lounge in San Francisco\u003c/li\u003e\n\u003cli\u003eNotable FreeBSD figures will contribute words of wisdom on the past, present, and future of FreeBSD\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/source-changes/2013/09/04/msg047155.html\" rel=\"nofollow\"\u003eNetBSD gets basic support for the cubieboard 1 \u0026amp; 2 \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eVery preliminary support for cubieboard 1 \u0026amp; 2 based on the Allwinner A10 \u0026amp; A20 SoCs\u003c/li\u003e\n\u003cli\u003eMany drivers are \u0026quot;stubs with autoconf glue\u0026quot;\u003c/li\u003e\n\u003cli\u003eContributed by Matt Thomas\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://rayservers.com/blog/the-freebsd-daemon-is-off-to-do-battle-in-the-name-of-christ\" rel=\"nofollow\"\u003eRayservers ditches Linux for BSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eUsed them all, Windows, Mac, OpenBSD, Linux\u003c/li\u003e\n\u003cli\u003eNeeded PF, ZFS, disk encryption, lots of networking features, better security\u003c/li\u003e\n\u003cli\u003eIn Linux, \u0026quot;The new cgroups based memory management ran out of memory - on a 256 GB RAM system whilst it was not using more than 40.\u0026quot;\u003c/li\u003e\n\u003cli\u003eBSD now protects the privacy of their email users\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-August/031614.html\" rel=\"nofollow\"\u003eHPN for OpenSSH 6.2\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://www.psc.edu/index.php/hpn-ssh\" rel=\"nofollow\"\u003eHigh Performance Networking\u003c/a\u003e is an SSH patchset to improve transfer speeds by removing the fixed window size and take better advantage of TCP\u003c/li\u003e\n\u003cli\u003eMaintained as a patchset separate from OpenSSH\u003c/li\u003e\n\u003cli\u003eFirst integrated into FreeBSD base as of 9.0\u003c/li\u003e\n\u003cli\u003eUpdated to support 6.2 (available in the ports tree as security/openssh-portable)\u003c/li\u003e\n\u003cli\u003eThe HPN patch set also includes threaded AES-CTR support to increase performance and take advantage of multiple CPU cores for encryption. In this latest patch, threaded AES-CTR now works in all situations (it failed in some specific situations previously). Expected performance increase is ~50%\u003c/li\u003e\n\u003cli\u003eNONE cipher is now separate from the main patch set. The NONE cipher allows tools like scp and sftp to switch off the encryption for file transfers (when specifically told to do so) to keep encryption from bottlenecking performance and wasting CPU time\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-July/031550.html\" rel=\"nofollow\"\u003eCall for testing: OpenSSH-6.3\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMostly a bugfix release\u003c/li\u003e\n\u003cli\u003eSFTP now supports resuming partially-downloaded or uploaded transfers\u003c/li\u003e\n\u003cli\u003eMore logging features\u003c/li\u003e\n\u003cli\u003eSix weeks after the initial email, still no release. des@ is not pleased.\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://mail-index.netbsd.org/pkgsrc-users/2013/08/30/msg018511.html\" rel=\"nofollow\"\u003epkgsrc gets signing support\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003epkgsrc is used on NetBSD, DragonflyBSD and other OSes\u003c/li\u003e\n\u003cli\u003eComes from an EdgeBSD developer\u003c/li\u003e\n\u003cli\u003eUses GPG for signing package files\u003c/li\u003e\n\u003cli\u003eCurrently just a patch on github and in its infancy\u003c/li\u003e\n\u003cli\u003eProvides a short howto\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://forums.freebsd.org/showthread.php?t=41750\" rel=\"nofollow\"\u003eFreeBSD vs. Linux: 10 points of superiority \u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eNew FreeBSD user, ex-Linux user writes about his experience\u003c/li\u003e\n\u003cli\u003eMentions consistency, documentation, security, filesystems, updates, jails, community\u003c/li\u003e\n\u003cli\u003eReally long post, definitely worth a read\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eFeedback/Questions\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s21SpCcisW\" rel=\"nofollow\"\u003ehoopla writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s20vHY9qAK\" rel=\"nofollow\"\u003eJuergen writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s23uf4vzfQ\" rel=\"nofollow\"\u003eSam writes in\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://slexy.org/view/s2Y0qiXJan\" rel=\"nofollow\"\u003eFrank writes in\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"After a wildly successful debut episode, BSD Now is BACK to talk with Glen Barber from the FreeBSD Release team, show you how to build your own binary package repository and discuss the latest BSD news!","date_published":"2013-09-11T08:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/1aad79cd-d915-4920-8acf-ffcba05725bb.mp3","mime_type":"audio/mpeg","size_in_bytes":72648549,"duration_in_seconds":6054}]},{"id":"0684a07f-969f-4edf-b14b-601353ebdea4","title":"1: BGP \u0026 BSD","url":"https://www.bsdnow.tv/1","content_text":"We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists!\n\nHeadlines\n\nRadeon KMS commited\n\n\nCommitted by Jean-Sebastien Pedron\nBrings kernel mode setting to -CURRENT, will be in 10.0-RELEASE (ETA 12/2013)\n10-STABLE is expected to be branched in October, to begin the process of stabilizing development\nInitial testing shows it works well\nMay be merged to 9.X, but due to changes to the VM subsystem this will require a lot of work, and is currently not a priority for the Radeon KMS developer\nStill suffers from the syscons / KMS switcher issues, same as Intel video\nMore info: https://wiki.freebsd.org/AMD_GPU\n***\n\n\nVeriSign Embraces FreeBSD\n\n\n\"BSD is quite literally at the very core foundation of what makes the Internet work\"\nUsing BSD and Linux together provides reliability and diversity\nVerisign gives back to the community, runs vBSDCon\n\"You get comfortable with something because it works well for your particular purposes and can find a good community that you can interact with. That all rang true for us with FreeBSD.\"\n***\n\n\nfetch/libfetch get a makeover\n\n\nAdds support for SSL certificate verification\nRequires root ca bundle (security/root_ca_nss)\nStill missing TLS SNI support (Server Name Indication, allows name based virtual hosts over SSL) \n***\n\n\nFreeBSD Foundation Semi-Annual Newsletter\n\n\nThe FreeBSD Foundation took the 20th anniversary of FreeBSD as an opportunity to look at where the project is, and where it might want to go\nThe foundation sets out some basic goals that the project should strive towards:\n\n\nUnify User Experience\n\n\n“ensure that knowledge gained mastering one task translates to the next”\n“if we do pay attention to consistency, not only will FreeBSD be easier to use, it will be easier to learn”\n\nDesign for Human and Programmatic Use\n\n\n200 machines used to be considered a large deployment, with high density servers, blades, virtualization and the cloud, that is not so anymore\n“the tools we provide for status reporting, configuration, and control of FreeBSD just do not scale or fail to provide the desired user experience”\n“The FreeBSD of tomorrow needs to give programmability and human interaction equal weighting as requirements”\n\nEmbrace New Ways to Document FreeBSD\n\n\nMore ‘Getting Started’ sections in documentation\nLink to external How-Tos and other documentation\n“upgrade the cross-referencing and search tools built into FreeBSD, so FreeBSD, not an Internet search engine, is the best place to learn about FreeBSD”\n\n\nSpring Fundraising Campaign, April 17 - May 31, raised a total of $219,806 from 12 organizations and 365 individual donors. In the same period last year we raised a total of $23,422 from 2 organizations and 53 individuals\nFunds donated to the FreeBSD Foundation have been used on these projects recently:\nCapsicum security-component framework\nTransparent superpages support of the FreeBSD/ARM architecture\nExpanded and faster IPv6\nNative in-kernel iSCSI stack\nFive New TCP Congestion Control Algorithms\nDirect mapped I/O to avoid extra memory copies\nUnified Extensible Firmware Interface (UEFI) boot environment\nPorting FreeBSD to the Genesi Efika MX SmartBook laptop (ARM-based)\nNAND Flash filesystem and storage stack\nFunds were also used to sponsor a number of BSD focused conferences: BSDCan, EuroBSDCon, AsiaBSDCon, BSDDay, NYCBSDCon, vBSDCon, plus Vendor summits and Developer summits\nIt is important that the foundation receive donations from individuals, to maintain their tax exempt status in the USA. Even a donation of $5 helps make it clear that the FreeBSD Foundation is backed by a large community, not only a few vendors\nDonate Today \n***\n\n\nThe place to B...SD\n\nOhio Linuxfest, Sept. 13-15, 2013\n\n\nVery BSD friendly\nKirk McKusick giving the keynote\nBSD Certification on the 15th, all other stuff on the 14th\nMultiple BSD talks\n***\n\n\nLinuxCon, Sept. 16-18, 2013\n\n\nDru Lavigne and Kris Moore will be manning a FreeBSD booth\nNumber of talks of interest to BSD users, including ZFS coop\n\n\nEuroBSDCon, Sept. 26-29, 2013\n\n\nTutorials on the 26 \u0026amp; 27th (plus private FreeBSD DevSummit)\n43 talks spread over 3 tracks on the 28 \u0026amp; 29th\nKeynote by Theo de Raadt\nHosted in the picturesque St. Julians Area, Malta (Hilton Conference Centre)\n***\n\n\nInterview - Peter Hessler - phessler@openbsd.org / @phessler\n\nUsing BGP to distribute spam blacklists and whitelists\n\n\n\nTutorial\n\nUsing stunnel to hide your traffic from Deep Packet Inspection\n\n\n\nNews Roundup\n\nNetBSD 6.1.1 released\n\n\nFirst security/bug fix update of the NetBSD 6.1 release branch\nFixes 4 security vulnerabilities\nAdds 4 new sysctls to avoid IPv6 DoS attacks\nMisc. other updates\n***\n\n\nSudo Mastery\n\n\nMWL is a well-known author of many BSD books\nAlso does SSH, networking, DNSSEC, etc.\nNext book is about sudo, which comes from OpenBSD (did you know that?)\nAvailable for preorder now at a discounted price\n***\n\n\nDocumentation Infrastructure Enhancements\n\n\nGábor Kövesdán has completed a funded project to improve the infrastructure behind the documentation project\nWill upgrade documentation from DocBook 4.2 to DocBook 4.5 and at the same time migrate to proper XML tools.\nDSSSL is an old and dead standard, which will not evolve any more.\nDocBook 5.0 tree added\n***\n\n\nFreeBSD FIBs get new features\n\n\nFIBs (as discussed earlier in the interview) are Forward Information Bases (technical term for a routing table)\nThe FreeBSD kernel can be compiled to allow you to maintain multiple FIBs, creating separate routing tables for different processes or jails\nIn r254943 ps(1) is extended to support a new column ‘fib’, to display which routing table a process is using\n***\n\n\nFreeNAS 9.1.0 and 9.1.1 released\n\n\nMany improvements in nearly all areas, big upgrade\nBased on FreeBSD 9-STABLE, lots of new ZFS features\nCherry picked some features from 10-CURRENT\nNew volume manager and easy to use plugin management system\n9.1.1 released shortly thereafter to fix a few UI and plugin bugs\n***\n\n\nBSD licensed \"patch\" becomes default\n\n\nbsdpatch has become mature, does what GNU patch can do, but has a much better license\nApproved by portmgr@ for use in ports\nAdded WITH_GNU_PATCH build option for people who still need it\n***\n","content_html":"\u003cp\u003eWe kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists!\u003c/p\u003e\n\n\u003ch2\u003eHeadlines\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://lists.freebsd.org/pipermail/svn-src-head/2013-August/050931.html\" rel=\"nofollow\"\u003eRadeon KMS commited\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eCommitted by Jean-Sebastien Pedron\u003c/li\u003e\n\u003cli\u003eBrings kernel mode setting to -CURRENT, will be in 10.0-RELEASE (ETA 12/2013)\u003c/li\u003e\n\u003cli\u003e10-STABLE is expected to be branched in October, to begin the process of stabilizing development\u003c/li\u003e\n\u003cli\u003eInitial testing shows it works well\u003c/li\u003e\n\u003cli\u003eMay be merged to 9.X, but due to changes to the VM subsystem this will require a lot of work, and is currently not a priority for the Radeon KMS developer\u003c/li\u003e\n\u003cli\u003eStill suffers from the syscons / KMS switcher issues, same as Intel video\u003c/li\u003e\n\u003cli\u003eMore info: \u003ca href=\"https://wiki.freebsd.org/AMD_GPU\" rel=\"nofollow\"\u003ehttps://wiki.freebsd.org/AMD_GPU\u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.eweek.com/enterprise-apps/verisign-embraces-open-source-freebsd-for-diversity/\" rel=\"nofollow\"\u003eVeriSign Embraces FreeBSD\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u0026quot;BSD is quite literally at the very core foundation of what makes the Internet work\u0026quot;\u003c/li\u003e\n\u003cli\u003eUsing BSD and Linux together provides reliability and diversity\u003c/li\u003e\n\u003cli\u003eVerisign gives back to the community, runs vBSDCon\u003c/li\u003e\n\u003cli\u003e\u0026quot;You get comfortable with something because it works well for your particular purposes and can find a good community that you can interact with. That all rang true for us with FreeBSD.\u0026quot;\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/freebsd/r253680\" rel=\"nofollow\"\u003efetch/libfetch get a makeover\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eAdds support for SSL certificate verification\u003c/li\u003e\n\u003cli\u003eRequires root ca bundle (security/root_ca_nss)\u003c/li\u003e\n\u003cli\u003eStill missing TLS SNI support (Server Name Indication, allows name based virtual hosts over SSL) \n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.freebsdfoundation.org/press/2013Jul-newsletter\" rel=\"nofollow\"\u003eFreeBSD Foundation Semi-Annual Newsletter\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eThe FreeBSD Foundation took the 20th anniversary of FreeBSD as an opportunity to look at where the project is, and where it might want to go\u003c/li\u003e\n\u003cli\u003eThe foundation sets out some basic goals that the project should strive towards:\n\n\u003cul\u003e\n\u003cli\u003eUnify User Experience\n\n\u003cul\u003e\n\u003cli\u003e“ensure that knowledge gained mastering one task translates to the next”\u003c/li\u003e\n\u003cli\u003e“if we do pay attention to consistency, not only will FreeBSD be easier to use, it will be easier to learn”\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eDesign for Human and Programmatic Use\n\n\u003cul\u003e\n\u003cli\u003e200 machines used to be considered a large deployment, with high density servers, blades, virtualization and the cloud, that is not so anymore\u003c/li\u003e\n\u003cli\u003e“the tools we provide for status reporting, configuration, and control of FreeBSD just do not scale or fail to provide the desired user experience”\u003c/li\u003e\n\u003cli\u003e“The FreeBSD of tomorrow needs to give programmability and human interaction equal weighting as requirements”\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eEmbrace New Ways to Document FreeBSD\n\n\u003cul\u003e\n\u003cli\u003eMore ‘Getting Started’ sections in documentation\u003c/li\u003e\n\u003cli\u003eLink to external How-Tos and other documentation\u003c/li\u003e\n\u003cli\u003e“upgrade the cross-referencing and search tools built into FreeBSD, so FreeBSD, not an Internet search engine, is the best place to learn about FreeBSD”\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003c/li\u003e\n\u003cli\u003eSpring Fundraising Campaign, April 17 - May 31, raised a total of $219,806 from 12 organizations and 365 individual donors. In the same period last year we raised a total of $23,422 from 2 organizations and 53 individuals\u003c/li\u003e\n\u003cli\u003eFunds donated to the FreeBSD Foundation have been used on these projects recently:\u003c/li\u003e\n\u003cli\u003eCapsicum security-component framework\u003c/li\u003e\n\u003cli\u003eTransparent superpages support of the FreeBSD/ARM architecture\u003c/li\u003e\n\u003cli\u003eExpanded and faster IPv6\u003c/li\u003e\n\u003cli\u003eNative in-kernel iSCSI stack\u003c/li\u003e\n\u003cli\u003eFive New TCP Congestion Control Algorithms\u003c/li\u003e\n\u003cli\u003eDirect mapped I/O to avoid extra memory copies\u003c/li\u003e\n\u003cli\u003eUnified Extensible Firmware Interface (UEFI) boot environment\u003c/li\u003e\n\u003cli\u003ePorting FreeBSD to the Genesi Efika MX SmartBook laptop (ARM-based)\u003c/li\u003e\n\u003cli\u003eNAND Flash filesystem and storage stack\u003c/li\u003e\n\u003cli\u003eFunds were also used to sponsor a number of BSD focused conferences: BSDCan, EuroBSDCon, AsiaBSDCon, BSDDay, NYCBSDCon, vBSDCon, plus Vendor summits and Developer summits\u003c/li\u003e\n\u003cli\u003eIt is important that the foundation receive donations from individuals, to maintain their tax exempt status in the USA. Even a donation of $5 helps make it clear that the FreeBSD Foundation is backed by a large community, not only a few vendors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://www.freebsdfoundation.org/donate\" rel=\"nofollow\"\u003eDonate Today \u003c/a\u003e\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eThe place to B...SD\u003c/h2\u003e\n\n\u003ch4\u003e\u003ca href=\"http://ohiolinux.org/schedule\" rel=\"nofollow\"\u003eOhio Linuxfest, Sept. 13-15, 2013\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eVery BSD friendly\u003c/li\u003e\n\u003cli\u003eKirk McKusick giving the keynote\u003c/li\u003e\n\u003cli\u003eBSD Certification on the 15th, all other stuff on the 14th\u003c/li\u003e\n\u003cli\u003eMultiple BSD talks\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch4\u003e\u003ca href=\"http://events.linuxfoundation.org/events/linuxcon-north-america\" rel=\"nofollow\"\u003eLinuxCon, Sept. 16-18, 2013\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eDru Lavigne and Kris Moore will be manning a FreeBSD booth\u003c/li\u003e\n\u003cli\u003eNumber of talks of interest to BSD users, \u003ca href=\"http://linuxconcloudopenna2013.sched.org/event/b50b23f3ed3bd728fa0052b54021a2cc?iframe=yes\u0026w=900\u0026sidebar=yes\u0026bg=no\" rel=\"nofollow\"\u003eincluding ZFS coop\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch4\u003e\u003ca href=\"http://2013.eurobsdcon.org/eurobsdcon-2013/talks/\" rel=\"nofollow\"\u003eEuroBSDCon, Sept. 26-29, 2013\u003c/a\u003e\u003c/h4\u003e\n\n\u003cul\u003e\n\u003cli\u003eTutorials on the 26 \u0026amp; 27th (plus private FreeBSD DevSummit)\u003c/li\u003e\n\u003cli\u003e43 talks spread over 3 tracks on the 28 \u0026amp; 29th\u003c/li\u003e\n\u003cli\u003eKeynote by Theo de Raadt\u003c/li\u003e\n\u003cli\u003eHosted in the picturesque St. Julians Area, Malta (Hilton Conference Centre)\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2\u003eInterview - Peter Hessler - \u003ca href=\"mailto:phessler@openbsd.org\" rel=\"nofollow\"\u003ephessler@openbsd.org\u003c/a\u003e / \u003ca href=\"https://twitter.com/phessler\" rel=\"nofollow\"\u003e@phessler\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eUsing BGP to distribute spam blacklists and whitelists\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eTutorial\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.bsdnow.tv/tutorials/stunnel\" rel=\"nofollow\"\u003eUsing stunnel to hide your traffic from Deep Packet Inspection\u003c/a\u003e\u003c/h3\u003e\n\n\u003chr\u003e\n\n\u003ch2\u003eNews Roundup\u003c/h2\u003e\n\n\u003ch3\u003e\u003ca href=\"https://blog.netbsd.org/tnf/entry/netbsd_6_1_1_released\" rel=\"nofollow\"\u003eNetBSD 6.1.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFirst security/bug fix update of the NetBSD 6.1 release branch\u003c/li\u003e\n\u003cli\u003eFixes 4 security vulnerabilities\u003c/li\u003e\n\u003cli\u003eAdds 4 new sysctls to avoid IPv6 DoS attacks\u003c/li\u003e\n\u003cli\u003eMisc. other updates\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://blather.michaelwlucas.com/archives/1792\" rel=\"nofollow\"\u003eSudo Mastery\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMWL is a well-known author of many BSD books\u003c/li\u003e\n\u003cli\u003eAlso does SSH, networking, DNSSEC, etc.\u003c/li\u003e\n\u003cli\u003eNext book is about sudo, which comes from OpenBSD (did you know that?)\u003c/li\u003e\n\u003cli\u003eAvailable for preorder now at a discounted price\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freebsdfoundation.blogspot.com/2013/08/new-funded-project-documentation.html\" rel=\"nofollow\"\u003eDocumentation Infrastructure Enhancements\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eGábor Kövesdán has completed a funded project to improve the infrastructure behind the documentation project\u003c/li\u003e\n\u003cli\u003eWill upgrade documentation from DocBook 4.2 to DocBook 4.5 and at the same time migrate to proper XML tools.\u003c/li\u003e\n\u003cli\u003eDSSSL is an old and dead standard, which will not evolve any more.\u003c/li\u003e\n\u003cli\u003eDocBook 5.0 tree added\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"https://svnweb.freebsd.org/base?view=revision\u0026revision=254943\" rel=\"nofollow\"\u003eFreeBSD FIBs get new features\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eFIBs (as discussed earlier in the interview) are Forward Information Bases (technical term for a routing table)\u003c/li\u003e\n\u003cli\u003eThe FreeBSD kernel can be compiled to allow you to maintain multiple FIBs, creating separate routing tables for different processes or jails\u003c/li\u003e\n\u003cli\u003eIn r254943 ps(1) is extended to support a new column ‘fib’, to display which routing table a process is using\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://www.ixsystems.com/resources/ix/news/ixsystems-announces-revolutionary-freenas-910-release.html\" rel=\"nofollow\"\u003eFreeNAS 9.1.0 and 9.1.1 released\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003eMany improvements in nearly all areas, big upgrade\u003c/li\u003e\n\u003cli\u003eBased on FreeBSD 9-STABLE, lots of new ZFS features\u003c/li\u003e\n\u003cli\u003eCherry picked some features from 10-CURRENT\u003c/li\u003e\n\u003cli\u003eNew volume manager and easy to use plugin management system\u003c/li\u003e\n\u003cli\u003e9.1.1 released shortly thereafter to fix a few UI and plugin bugs\n***\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e\u003ca href=\"http://freshbsd.org/commit/freebsd/r253689\" rel=\"nofollow\"\u003eBSD licensed \u0026quot;patch\u0026quot; becomes default\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003ebsdpatch has become mature, does what GNU patch can do, but has a much better license\u003c/li\u003e\n\u003cli\u003eApproved by portmgr@ for use in ports\u003c/li\u003e\n\u003cli\u003eAdded WITH_GNU_PATCH build option for people who still need it\n***\u003c/li\u003e\n\u003c/ul\u003e","summary":"We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists!","date_published":"2013-09-04T00:00:00.000-04:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/0684a07f-969f-4edf-b14b-601353ebdea4.mp3","mime_type":"audio/mpeg","size_in_bytes":81975517,"duration_in_seconds":6831}]}]}